Merge pull request #5 from carlesfernandez/osnma-cesare-fix4

Fix building with old compilers
2025-01-07 07:50:32 +00:00 · 2024-06-25 14:12:38 +02:00 · 2024-06-25 14:12:38 +02:00 · 82ef50f8dd
commit 82ef50f8dd
parent c1c58eab06 2c833051a5
5 changed files with 508 additions and 397 deletions
--- a/src/core/libs/osnma_msg_receiver.cc
+++ b/src/core/libs/osnma_msg_receiver.cc
--- a/src/core/system_parameters/CMakeLists.txt
+++ b/src/core/system_parameters/CMakeLists.txt
@ -163,6 +163,10 @@ if(OPENSSL_FOUND)
            target_compile_definitions(core_system_parameters PUBLIC -DUSE_OPENSSL_FALLBACK=1 -DUSE_OPENSSL_3=1)
            message("USE_OPENSSL_3: " ${DUSE_OPENSSL_3})
            message("USE_OPENSSL_FALLBACK:" ${USE_OPENSSL_FALLBACK})
        else()
            if(NOT OPENSSL_VERSION VERSION_LESS "1.1.1")
                target_compile_definitions(core_system_parameters PRIVATE -DUSE_OPENSSL_FALLBACK=1 -DUSE_OPENSSL_111=1)
            endif()
        endif()
    endif()
--- a/src/core/system_parameters/gnss_crypto.cc
+++ b/src/core/system_parameters/gnss_crypto.cc
@ -60,6 +60,11 @@
 Gnss_Crypto::Gnss_Crypto()
 {
 #if USE_OPENSSL_FALLBACK
 #if !(USE_OPENSSL_3 || USE_OPENSSL_111)
    LOG(WARNING) << "The OpenSSL library version you are linking against is too old for some OSNMA functions."
                 << " Please do not trust OSNMA ouputs or upgrade your system to a newer version of OpenSSL"
                 << " and rebuild GNSS-SDR against it.";
 #endif
 #else  // GnuTLS
    gnutls_global_init();
 #endif
@ -69,6 +74,11 @@ Gnss_Crypto::Gnss_Crypto()
 Gnss_Crypto::Gnss_Crypto(const std::string& certFilePath, const std::string& merkleTreePath)
 {
 #if USE_OPENSSL_FALLBACK
 #if !(USE_OPENSSL_3 || USE_OPENSSL_111)
    LOG(WARNING) << "The OpenSSL library version you are linking against is too old for some OSNMA functions."
                 << " Please do not trust OSNMA ouputs or upgrade your system to a newer version of OpenSSL"
                 << " and rebuild GNSS-SDR against it.";
 #endif
 #else  // GnuTLS
    gnutls_global_init();
 #endif
@ -296,7 +306,7 @@ std::vector<uint8_t> Gnss_Crypto::computeSHA3_256(const std::vector<uint8_t>& in
 {
    std::vector<uint8_t> output(32);  // SHA256 hash size
 #if USE_OPENSSL_FALLBACK
-#if USE_OPENSSL_3
+#if USE_OPENSSL_3 || USE_OPENSSL_111
    EVP_MD_CTX* mdctx = EVP_MD_CTX_new();
    const EVP_MD* md = EVP_sha3_256();
@ -305,7 +315,11 @@ std::vector<uint8_t> Gnss_Crypto::computeSHA3_256(const std::vector<uint8_t>& in
    EVP_DigestFinal_ex(mdctx, output.data(), nullptr);
    EVP_MD_CTX_free(mdctx);
 #else
-    // SHA3-256 not implemented in OpenSSL < 3.0
+    // SHA3-256 not implemented in OpenSSL 1.0, it was introduced in OpenSSL 1.1.1
    if (!input.empty())
        {
            // do nothing
        }
 #endif
 #else  // GnuTLS
    std::vector<uint8_t> output_aux(32);
@ -380,24 +394,16 @@ std::vector<uint8_t> Gnss_Crypto::computeHMAC_SHA_256(const std::vector<uint8_t>
    hmac.resize(output_length);
    output = hmac;
 #else
-    std::vector<uint8_t> hmac(32);
+    unsigned int outputLength = EVP_MAX_MD_SIZE;
-    // Create HMAC context
+    unsigned char* result = HMAC(EVP_sha256(), key.data(), key.size(), input.data(), input.size(), output.data(), &outputLength);
-    HMAC_CTX* ctx = HMAC_CTX_new();
+    if (result == nullptr)
-    HMAC_Init_ex(ctx, key.data(), key.size(), EVP_sha256(), nullptr);
+        {
            LOG(WARNING) << "OSNMA HMAC_SHA_256 computation failed to compute HMAC-SHA256";
            return output;
        }
-    // Update HMAC context with the message
+    // Resize the output vector to the actual length of the HMAC-SHA256 output
-    HMAC_Update(ctx, input.data(), input.size());
+    output.resize(outputLength);
    // Finalize HMAC computation
    unsigned int hmacLen;
    HMAC_Final(ctx, hmac.data(), &hmacLen);
    // Clean up HMAC context
    HMAC_CTX_free(ctx);
    // Resize the HMAC vector to the actual length
    hmac.resize(hmacLen);
    output = hmac;
 #endif
 #else  // GnuTLS
    std::vector<uint8_t> output_aux(32);
@ -595,6 +601,7 @@ bool Gnss_Crypto::readPublicKeyFromCRT(const std::string& crtFilePath)
    // Read the public key from the certificate
    EVP_PKEY* pubkey = X509_get_pubkey(cert);
 #if USE_OPENSSL_3
    if (!pubkey)
        {
            std::cerr << "Failed to extract the public key" << std::endl;
@ -603,6 +610,18 @@ bool Gnss_Crypto::readPublicKeyFromCRT(const std::string& crtFilePath)
        }
    pubkey_copy(pubkey, &d_PublicKey);
    EVP_PKEY_free(pubkey);
 #else
    EC_KEY* ec_pubkey = EVP_PKEY_get1_EC_KEY(pubkey);
    EVP_PKEY_free(pubkey);
    if (!ec_pubkey)
        {
            std::cerr << "Failed to extract the public key" << std::endl;
            X509_free(cert);
            return false;
        }
    pubkey_copy(ec_pubkey, &d_PublicKey);
    EC_KEY_free(ec_pubkey);
 #endif
    BIO_free(bio);
    X509_free(cert);
 #else  // GnuTLS
@ -735,7 +754,13 @@ bool Gnss_Crypto::verify_signature(const std::vector<uint8_t>& message, const st
            LOG(WARNING) << "OpenSSL: OSNMA message authentication failed: " << err;
        }
 #else
-    int verification = ECDSA_verify(0, digest.data(), SHA256_DIGEST_LENGTH, signature.data(), static_cast<int>(signature.size()), d_PublicKey);
+    std::vector<uint8_t> der_sig;
    if (!convert_raw_to_der_ecdsa(signature, der_sig))
        {
            std::cerr << "Failed to convert raw ECDSA signature to DER format" << std::endl;
            return false;
        }
    int verification = ECDSA_verify(0, digest.data(), SHA256_DIGEST_LENGTH, der_sig.data(), static_cast<int>(der_sig.size()), d_PublicKey);
    if (verification == 1)
        {
            success = true;
@ -744,6 +769,7 @@ bool Gnss_Crypto::verify_signature(const std::vector<uint8_t>& message, const st
    else if (verification == 0)
        {
            std::cerr << "OpenSSL: invalid signature found when verifying message" << std::endl;
            LOG(WARNING) << "OpenSSL: invalid signature found when verifying message";
        }
    else
        {
@ -838,12 +864,19 @@ void Gnss_Crypto::set_public_key(const std::vector<uint8_t>& publicKey)
            LOG(INFO) << "OpenSSL: error setting the OSNMA public key.";
            return;
        }
-
+#if USE_OPENSSL_3
    if (!pubkey_copy(pkey, &d_PublicKey))
        {
            return;
        }
-
+#else
    EC_KEY* ec_pkey = EVP_PKEY_get1_EC_KEY(pkey);
    if (!pubkey_copy(ec_pkey, &d_PublicKey))
        {
            return;
        }
    EC_KEY_free(ec_pkey);
 #endif
    EVP_PKEY_free(pkey);
 #else  // GnuTLS
    gnutls_pubkey_t pubkey;
@ -864,53 +897,6 @@ void Gnss_Crypto::set_public_key(const std::vector<uint8_t>& publicKey)
 }
 #if USE_OPENSSL_FALLBACK
 bool Gnss_Crypto::pubkey_copy(EVP_PKEY* src, EVP_PKEY** dest)
 {
    // Open a memory buffer
    BIO* mem_bio = BIO_new(BIO_s_mem());
    if (mem_bio == nullptr)
        {
            return false;
        }
    // Export the public key from src into the memory buffer in PEM format
    if (!PEM_write_bio_PUBKEY(mem_bio, src))
        {
            BIO_free(mem_bio);
            return false;
        }
    // Read the data from the memory buffer
    char* bio_data;
    long data_len = BIO_get_mem_data(mem_bio, &bio_data);
    // Create a new memory buffer and load the data into it
    BIO* mem_bio2 = BIO_new_mem_buf(bio_data, data_len);
    if (mem_bio2 == nullptr)
        {
            BIO_free(mem_bio);
            return false;
        }
    // Read the public key from the new memory buffer
    *dest = PEM_read_bio_PUBKEY(mem_bio2, nullptr, nullptr, nullptr);
    if (*dest == nullptr)
        {
            BIO_free(mem_bio);
            BIO_free(mem_bio2);
            return false;
        }
    // Clean up
    BIO_free(mem_bio);
    BIO_free(mem_bio2);
    return true;
 }
 #else  // GnuTLS-specific functions
 bool Gnss_Crypto::convert_raw_to_der_ecdsa(const std::vector<uint8_t>& raw_signature, std::vector<uint8_t>& der_signature) const
 {
    if (raw_signature.size() % 2 != 0)
@ -959,6 +945,102 @@ bool Gnss_Crypto::convert_raw_to_der_ecdsa(const std::vector<uint8_t>& raw_signa
 }
 #if USE_OPENSSL_FALLBACK
 #if USE_OPENSSL_3
 bool Gnss_Crypto::pubkey_copy(EVP_PKEY* src, EVP_PKEY** dest)
 {
    // Open a memory buffer
    BIO* mem_bio = BIO_new(BIO_s_mem());
    if (mem_bio == nullptr)
        {
            return false;
        }
    // Export the public key from src into the memory buffer in PEM format
    if (!PEM_write_bio_PUBKEY(mem_bio, src))
        {
            BIO_free(mem_bio);
            return false;
        }
    // Read the data from the memory buffer
    char* bio_data;
    long data_len = BIO_get_mem_data(mem_bio, &bio_data);
    // Create a new memory buffer and load the data into it
    BIO* mem_bio2 = BIO_new_mem_buf(bio_data, data_len);
    if (mem_bio2 == nullptr)
        {
            BIO_free(mem_bio);
            return false;
        }
    // Read the public key from the new memory buffer
    *dest = PEM_read_bio_PUBKEY(mem_bio2, nullptr, nullptr, nullptr);
    if (*dest == nullptr)
        {
            BIO_free(mem_bio);
            BIO_free(mem_bio2);
            return false;
        }
    // Clean up
    BIO_free(mem_bio);
    BIO_free(mem_bio2);
    return true;
 }
 #else  // OpenSSL 1.x
 bool Gnss_Crypto::pubkey_copy(EC_KEY* src, EC_KEY** dest)
 {
    // Open a memory buffer
    BIO* mem_bio = BIO_new(BIO_s_mem());
    if (mem_bio == nullptr)
        {
            return false;
        }
    // Export the public key from src into the memory buffer in PEM format
    if (!PEM_write_bio_EC_PUBKEY(mem_bio, src))
        {
            BIO_free(mem_bio);
            return false;
        }
    // Read the data from the memory buffer
    char* bio_data;
    long data_len = BIO_get_mem_data(mem_bio, &bio_data);
    // Create a new memory buffer and load the data into it
    BIO* mem_bio2 = BIO_new_mem_buf(bio_data, data_len);
    if (mem_bio2 == nullptr)
        {
            BIO_free(mem_bio);
            return false;
        }
    // Read the public key from the new memory buffer
    *dest = PEM_read_bio_EC_PUBKEY(mem_bio2, nullptr, nullptr, nullptr);
    if (*dest == nullptr)
        {
            BIO_free(mem_bio);
            BIO_free(mem_bio2);
            return false;
        }
    // Clean up
    BIO_free(mem_bio);
    BIO_free(mem_bio2);
    return true;
 }
 #endif
 #else  // GnuTLS-specific functions
 bool Gnss_Crypto::pubkey_copy(gnutls_pubkey_t src, gnutls_pubkey_t* dest)
 {
    gnutls_datum_t key_datum;
--- a/src/core/system_parameters/gnss_crypto.h
+++ b/src/core/system_parameters/gnss_crypto.h
@ -58,18 +58,19 @@ private:
    void read_merkle_xml(const std::string& merkleFilePath);
    void readPublicKeyFromPEM(const std::string& pemFilePath);
    bool readPublicKeyFromCRT(const std::string& crtFilePath);
    bool convert_raw_to_der_ecdsa(const std::vector<uint8_t>& raw_signature, std::vector<uint8_t>& der_signature) const;
    std::vector<uint8_t> convert_from_hex_str(const std::string& input) const;
 #if USE_OPENSSL_FALLBACK
 #if USE_OPENSSL_3
    bool pubkey_copy(EVP_PKEY* src, EVP_PKEY** dest);
    EVP_PKEY* d_PublicKey{};
-#else
+#else  // OpenSSL 1.x
    bool pubkey_copy(EC_KEY* src, EC_KEY** dest);
    EC_KEY* d_PublicKey = nullptr;
 #endif
    bool pubkey_copy(EVP_PKEY* src, EVP_PKEY** dest);
 #else  // GnuTLS
    gnutls_pubkey_t d_PublicKey{};
    bool convert_raw_to_der_ecdsa(const std::vector<uint8_t>& raw_signature, std::vector<uint8_t>& der_signature) const;
    bool pubkey_copy(gnutls_pubkey_t src, gnutls_pubkey_t* dest);
    gnutls_pubkey_t d_PublicKey{};
 #endif
    std::vector<uint8_t> d_x_4_0;
    std::vector<uint8_t> d_x_3_1;
--- a/src/core/system_parameters/osnma_dsm_reader.h
+++ b/src/core/system_parameters/osnma_dsm_reader.h
@ -63,7 +63,6 @@ public:
    uint8_t get_npktid(const std::vector<uint8_t>& dsm_msg) const;
 private:
 #if __cplusplus == 201103L
    static constexpr std::uint8_t mask_nmas{0xC0};
    static constexpr std::uint8_t mask_cid{0x30};
    static constexpr std::uint8_t mask_cpks{0x07};
@ -83,27 +82,6 @@ private:
    static constexpr std::uint8_t mask_dsm_mid{0x0F};
    static constexpr std::uint8_t mask_dsm_npkt{0xF0};
    static constexpr std::uint8_t mask_dsm_npktid{0x0F};
 #else
    static constexpr std::uint8_t mask_nmas{0b1100'0000};
    static constexpr std::uint8_t mask_cid{0b0011'0000};
    static constexpr std::uint8_t mask_cpks{0b0000'1110};
    static constexpr std::uint8_t mask_nma_header_reserved{0b0000'0001};
    static constexpr std::uint8_t mask_dsm_id{0b1111'0000};
    static constexpr std::uint8_t mask_dsm_block_id{0b0000'1111};
    static constexpr std::uint8_t mask_dsm_number_blocks{0b1111'0000};
    static constexpr std::uint8_t mask_dsm_pkid{0b0000'1111};
    static constexpr std::uint8_t mask_dsm_cidkr{0b1100'0000};
    static constexpr std::uint8_t mask_dsm_reserved1{0b0011'0000};
    static constexpr std::uint8_t mask_dsm_hf{0b0000'1100};
    static constexpr std::uint8_t mask_dsm_mf{0b0000'0011};
    static constexpr std::uint8_t mask_dsm_ks{0b1111'0000};
    static constexpr std::uint8_t mask_dsm_ts{0b0000'1111};
    static constexpr std::uint8_t mask_dsm_reserved{0b1111'0000};
    static constexpr std::uint8_t mask_dsm_wk_k_msbyte{0b0000'1111};
    static constexpr std::uint8_t mask_dsm_mid{0b0000'1111};
    static constexpr std::uint8_t mask_dsm_npkt{0b1111'0000};
    static constexpr std::uint8_t mask_dsm_npktid{0b0000'1111};
 #endif
 };
 /** \} */