[TAS-250] (x3) [FEAT] Implement PK renewal and revocation. Bugfix for DS length computation.

* it was based on the HF field, which is not correct. It was discovered when the PK was P521 instead of P256 then the Padding size check was failing due to this.
* The solution is temporary:
** GNSS_Crypto: when reading the key, the type is inferred (only for OSSL for the moment)
** when PK comes through the satellites, the public key type is taken from the NPKT field.

src/core/libs/osnma_msg_receiver.cc

@@ -459,9 +459,8 @@ void osnma_msg_receiver::process_dsm_message(const std::vector<uint8_t>& dsm_msg
             const uint16_t l_lk_bytes = d_dsm_reader->get_lk_bits(d_osnma_data.d_dsm_kroot_message.ks) / 8;
             d_osnma_data.d_dsm_kroot_message.kroot = d_dsm_reader->get_kroot(dsm_msg, l_lk_bytes);
             // DS field
-            std::string hash_function = d_dsm_reader->get_hash_function(d_osnma_data.d_dsm_kroot_message.hf);
             uint16_t l_ds_bits = 0;
-            const auto it = OSNMA_TABLE_15.find(hash_function);
+            const auto it = OSNMA_TABLE_15.find(d_crypto->d_PublicKeyType);
             if (it != OSNMA_TABLE_15.cend())
                 {
                     l_ds_bits = it->second;
@@ -596,9 +595,11 @@ void osnma_msg_receiver::process_dsm_message(const std::vector<uint8_t>& dsm_msg
             d_osnma_data.d_dsm_pkr_message.npktid = npktid;
 
             uint32_t l_npk_bytes = 0;
+            std::string PKT;
             const auto it = OSNMA_TABLE_5.find(d_osnma_data.d_dsm_pkr_message.npkt);
             if (it != OSNMA_TABLE_5.cend())
                 {
+                    PKT = it->second;
                     const auto it2 = OSNMA_TABLE_6.find(it->second);
                     if (it2 != OSNMA_TABLE_6.cend())
                         {
@@ -648,6 +649,7 @@ void osnma_msg_receiver::process_dsm_message(const std::vector<uint8_t>& dsm_msg
                                     d_new_public_key = d_osnma_data.d_dsm_pkr_message.npk;
                                 }
                             else {
+                                    d_crypto->d_PublicKeyType = PKT;
                                     d_crypto->set_public_key(d_osnma_data.d_dsm_pkr_message.npk);
                                     d_crypto->store_public_key(PEMFILE_DEFAULT);
                                 }
@@ -1159,8 +1161,8 @@ bool osnma_msg_receiver::verify_dsm_pkr(const DSM_PKR_message& message) const
 
     if (computed_merkle_root == d_crypto->get_merkle_root())
         {
-            LOG(INFO) << "Galileo OSNMA: DSM-PKR verification for Message ID " << msg_id << " :: SUCCESS.";
-            std::cout << "Galileo OSNMA: DSM-PKR verification for Message ID " << msg_id << " :: SUCCESS." << std::endl;
+            LOG(INFO) << "Galileo OSNMA: DSM-PKR verification for Message ID " << msg_id << " :: SUCCESS. PKID=" << static_cast<unsigned>(message.npktid);
+            std::cout << "Galileo OSNMA: DSM-PKR verification for Message ID " << msg_id << " :: SUCCESS. PKID=" << static_cast<unsigned>(message.npktid) << std::endl;
             return true;
         }
     else

src/core/system_parameters/Galileo_OSNMA.h

@@ -92,7 +92,7 @@ const std::unordered_map<std::string, uint16_t> OSNMA_TABLE_6 = {
     {std::string("ECDSA P-256"), 264},
     {std::string("ECDSA P-521"), 536}};
 
-// OSNMA User ICD for the Test Phase, Issue 1.0, Table 7
+// OSNMA User ICD, Issue 1.1, Table 7
 const std::unordered_map<uint8_t, std::pair<uint16_t, uint16_t>> OSNMA_TABLE_7 = {
     {0, {0, 0}},
     {1, {7, 728}},
@@ -156,9 +156,7 @@ const std::unordered_map<uint8_t, uint8_t> OSNMA_TABLE_11 = {
 
 const std::unordered_map<std::string, uint16_t> OSNMA_TABLE_15 = {
     {std::string("ECDSA P-256"), 512},
-    {std::string("ECDSA P-521"), 1056},
-    {std::string("SHA-256"), 512},
-    {std::string("SHA-512"), 1056}};  // key: ECDSA Curve and hash function, value: {l_ds_bits}
+    {std::string("ECDSA P-521"), 1056}};  // key: ECDSA Curve and hash function, value: {l_ds_bits}
 
 const std::string PEMFILE_DEFAULT("./data/OSNMA_PublicKey.pem");
 const std::string CRTFILE_DEFAULT("./data/OSNMA_PublicKey_20240115100000_newPKID_1.crt");

src/core/system_parameters/gnss_crypto.cc

@@ -1189,6 +1189,17 @@ bool Gnss_Crypto::readPublicKeyFromCRT(const std::string& crtFilePath)
 
     // Read the public key from the certificate
     EVP_PKEY* pubkey = X509_get_pubkey(cert);
+
+    // store the key type - needed for the Kroot in case no DSM-PKR available
+    // TODO - only way I have found to find the curve type
+    auto ec_key = EVP_PKEY_get0_EC_KEY(pubkey);
+    const EC_GROUP *group = EC_KEY_get0_group(ec_key);
+    int nid = EC_GROUP_get_curve_name(group);
+    if (nid == NID_X9_62_prime256v1) {
+            d_PublicKeyType = "ECDSA P-256";
+        } else if (nid == NID_secp521r1) {
+            d_PublicKeyType = "ECDSA P-521";
+        }
 #if USE_OPENSSL_3
     if (!pubkey)
         {

src/core/system_parameters/gnss_crypto.h

@@ -72,6 +72,7 @@ public:
     void set_public_key(const std::vector<uint8_t>& publickey);  //!< Sets the ECDSA Public Key (publickey compressed format)
     void set_merkle_root(const std::vector<uint8_t>& v);         //!< Sets the Merkle Tree root node x(\f$ x_{4,0} \f$)
     void read_merkle_xml(const std::string& merkleFilePath);
+    std::string d_PublicKeyType;
 
 private:
     void readPublicKeyFromPEM(const std::string& pemFilePath);