diff --git a/CMakeLists.txt b/CMakeLists.txt index a97dee597..4264195a6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2196,99 +2196,9 @@ endif() ################################################################################ -# GnuTLS - https://www.gnutls.org/ +# OpenSSL https://www.openssl.org/ or GnuTLS - https://www.gnutls.org/ ################################################################################ -find_package(GnuTLS) -set_package_properties(GnuTLS PROPERTIES - URL "https://www.gnutls.org/" - PURPOSE "Used for the SUPL protocol implementation." - TYPE REQUIRED -) -if(GnuTLS_FOUND AND GNUTLS_VERSION_STRING) - set_package_properties(GnuTLS PROPERTIES - DESCRIPTION "Transport Layer Security Library (found: v${GNUTLS_VERSION_STRING})" - ) -else() - set_package_properties(GnuTLS PROPERTIES - DESCRIPTION "Transport Layer Security Library" - ) -endif() -find_library(GNUTLS_OPENSSL_LIBRARY - NAMES gnutls-openssl libgnutls-openssl.so.27 - PATHS - /usr/lib - /usr/lib64 - /usr/lib/x86_64-linux-gnu - /usr/lib/aarch64-linux-gnu - /usr/lib/arm-linux-gnueabihf - /usr/lib/arm-linux-gnueabi - /usr/lib/i386-linux-gnu - /usr/lib/alpha-linux-gnu - /usr/lib/hppa-linux-gnu - /usr/lib/i386-gnu - /usr/lib/i686-gnu - /usr/lib/i686-linux-gnu - /usr/lib/x86_64-kfreebsd-gnu - /usr/lib/i686-kfreebsd-gnu - /usr/lib/m68k-linux-gnu - /usr/lib/mips-linux-gnu - /usr/lib/mips64el-linux-gnuabi64 - /usr/lib/mipsel-linux-gnu - /usr/lib/powerpc-linux-gnu - /usr/lib/powerpc-linux-gnuspe - /usr/lib/powerpc64-linux-gnu - /usr/lib/powerpc64le-linux-gnu - /usr/lib/s390x-linux-gnu - /usr/lib/riscv64-linux-gnu - /usr/lib/sparc64-linux-gnu - /usr/lib/x86_64-linux-gnux32 - /usr/lib/sh4-linux-gnu - /usr/lib/loongarch64-linux-gnu - /usr/local/lib - /usr/local/lib64 - /opt/local/lib -) -#if(NOT GNUTLS_OPENSSL_LIBRARY) -if(GNUTLS_OPENSSL_LIBRARY) - if(GnuTLS_FOUND) - message(STATUS " But it was not built with openssl compatibility.") - endif() - message(STATUS " Looking for OpenSSL instead...") - if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") - set(OPENSSL_ROOT_DIR /usr/local/opt/openssl) # Trick for Homebrew - endif() - find_package(OpenSSL) - set_package_properties(OpenSSL PROPERTIES - URL "https://www.openssl.org" - DESCRIPTION "Cryptography and SSL/TLS Toolkit (found: v${OPENSSL_VERSION})" - PURPOSE "Used for the SUPL protocol implementation." - TYPE REQUIRED - ) - message("OPENSSL_FOUND: " ${OPENSSL_FOUND}) - if(OPENSSL_FOUND) - set_package_properties(GnuTLS PROPERTIES - PURPOSE "Not found, but OpenSSL can replace it." - ) - set(GNUTLS_INCLUDE_DIR ${OPENSSL_INCLUDE_DIR}) - set(GNUTLS_LIBRARIES "") - set(GNUTLS_OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY}) - else() - message(" The GnuTLS library with openssl compatibility enabled has not been found.") - message(" You can try to install the required libraries by typing:") - if(${CMAKE_SYSTEM_NAME} MATCHES "Linux|kFreeBSD|GNU") - if(${LINUX_DISTRIBUTION} MATCHES "Fedora" OR ${LINUX_DISTRIBUTION} MATCHES "Red Hat") - message(" sudo yum install openssl-devel") - else() - message(" sudo apt-get install libgnutls28-dev") - endif() - endif() - if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") - message(" 'sudo port install gnutls', if you are using Macports, or") - message(" 'brew install openssl', if you are using Homebrew.") - endif() - message(FATAL_ERROR "GnuTLS libraries with openssl compatibility are required to build gnss-sdr") - endif() -endif() +include(GnssSdrCrypto) diff --git a/README.md b/README.md index a904764b0..5b7bc9dfd 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ information about this open-source, software-defined GNSS receiver. - [Install Armadillo, a C++ linear algebra library](#install-armadillo-a-c-linear-algebra-library) - [Install Gflags, a commandline flags processing module for C++](#install-gflags-a-commandline-flags-processing-module-for-c) - [Install Glog, a library that implements application-level logging](#install-glog-a-library-that-implements-application-level-logging) - - [Install the GnuTLS or OpenSSL libraries](#install-the-gnutls-or-openssl-libraries) + - [Install the OpenSSL libraries](#install-the-openssl-libraries) - [Install Matio, MATLAB MAT file I/O library](#install-matio-matlab-mat-file-io-library) - [Install Protocol Buffers, a portable mechanism for serialization of structured data](#install-protocol-buffers-a-portable-mechanism-for-serialization-of-structured-data) - [Install Pugixml, a light-weight C++ XML processing library](#install-pugixml-a-light-weight-c-xml-processing-library) @@ -168,16 +168,19 @@ $ sudo apt-get install build-essential cmake git pkg-config libboost-dev libboos libboost-system-dev libboost-filesystem-dev libboost-thread-dev libboost-chrono-dev \ libboost-serialization-dev liblog4cpp5-dev libuhd-dev gnuradio-dev gr-osmosdr \ libblas-dev liblapack-dev libarmadillo-dev libgflags-dev libgoogle-glog-dev \ - libgnutls-openssl-dev libpcap-dev libmatio-dev libpugixml-dev libgtest-dev \ - libprotobuf-dev protobuf-compiler python3-mako + libssl-dev libpcap-dev libmatio-dev libpugixml-dev libgtest-dev \ + libprotobuf-dev libcpu-features-dev protobuf-compiler python3-mako ``` Please note that the required files from `libgtest-dev` were named `googletest` in Debian 9 "stretch" and Ubuntu 18.04 "bionic", and renamed to `libgtest-dev` in Debian 10 "buster" and above. -Since Ubuntu 21.04 Hirsute / Debian 11, the package `libcpu-features-dev` is -also required. +In distributions older than Ubuntu 21.04 Hirsute / Debian 11, the package +`libcpu-features-dev` is not required. + +In distributions older than Ubuntu 22.04 Jammy / Debian 12, the package +`libssl-dev` must be replaced by `libgnutls-openssl-dev`. **Note for Ubuntu 14.04 LTS "trusty" users:** you will need to build from source and install GNU Radio manually, as explained below, since GNSS-SDR requires @@ -451,20 +454,15 @@ Please note that Glog is replaced by the [Abseil Logging Library](https://abseil.io/docs/cpp/guides/logging) if Abseil >= v20240116 is available in your system. -#### Install the GnuTLS or OpenSSL libraries +#### Install the OpenSSL libraries ``` -$ sudo apt-get install libgnutls-openssl-dev # For Debian/Ubuntu/LinuxMint -$ sudo yum install openssl-devel # For Fedora/CentOS/RHEL -$ sudo zypper install openssl-devel # For OpenSUSE -$ sudo pacman -S openssl # For Arch Linux +$ sudo apt-get install libssl-dev # For Debian/Ubuntu/LinuxMint +$ sudo yum install openssl-devel # For Fedora/CentOS/RHEL +$ sudo zypper install openssl-devel # For OpenSUSE +$ sudo pacman -S openssl # For Arch Linux ``` -In case the [GnuTLS](https://www.gnutls.org/ "GnuTLS's Homepage") library with -openssl extensions package is not available in your GNU/Linux distribution, -GNSS-SDR can also work well with -[OpenSSL](https://www.openssl.org/ "OpenSSL's Homepage"). - #### Install [Matio](https://github.com/tbeu/matio "Matio's Homepage"), MATLAB MAT file I/O library ``` @@ -838,7 +836,7 @@ In a terminal, type: ``` $ sudo port selfupdate $ sudo port upgrade outdated -$ sudo port install armadillo cmake pkgconfig protobuf3-cpp pugixml gnutls +$ sudo port install armadillo cmake pkgconfig protobuf3-cpp pugixml openssl3 $ sudo port install gnuradio +uhd +grc +zeromq $ sudo port install boost matio libad9361-iio libiio $ sudo port install py311-mako diff --git a/cmake/Modules/GnssSdrCrypto.cmake b/cmake/Modules/GnssSdrCrypto.cmake new file mode 100644 index 000000000..9649da9da --- /dev/null +++ b/cmake/Modules/GnssSdrCrypto.cmake @@ -0,0 +1,194 @@ +# GNSS-SDR is a Global Navigation Satellite System software-defined receiver. +# This file is part of GNSS-SDR. +# +# SPDX-FileCopyrightText: 2024 C. Fernandez-Prades cfernandez(at)cttc.es +# SPDX-License-Identifier: BSD-3-Clause + + +################################################################################ +# OpenSSL https://www.openssl.org/ +################################################################################ +if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") + set(OPENSSL_ROOT_DIR /usr/local/opt/openssl) # Trick for Homebrew +endif() +find_package(OpenSSL) +set_package_properties(OpenSSL + PROPERTIES + URL "https://www.openssl.org" + PURPOSE "Used for the OSNMA and SUPL protocol implementations." + TYPE REQUIRED +) +if(OPENSSL_FOUND) + set_package_properties(OpenSSL + PROPERTIES + DESCRIPTION "Cryptography and SSL/TLS Toolkit (found: v${OPENSSL_VERSION})" + ) +else() + set_package_properties(OpenSSL + PROPERTIES + DESCRIPTION "OpenSSL has not been found, but GnuTLS with openssl compatibility can replace it" + ) + ################################################################################ + # GnuTLS - https://www.gnutls.org/ + ################################################################################ + find_package(GnuTLS) + set_package_properties(GnuTLS PROPERTIES + URL "https://www.gnutls.org/" + PURPOSE "Used for the OSNMA and SUPL protocol implementations." + TYPE REQUIRED + ) + if(GnuTLS_FOUND AND GNUTLS_VERSION_STRING) + set_package_properties(GnuTLS PROPERTIES + DESCRIPTION "Transport Layer Security Library (found: v${GNUTLS_VERSION_STRING})" + ) + else() + set_package_properties(GnuTLS PROPERTIES + DESCRIPTION "Transport Layer Security Library" + ) + endif() + find_library(GNUTLS_OPENSSL_LIBRARY + NAMES gnutls-openssl libgnutls-openssl.so.27 + PATHS + /usr/lib + /usr/lib64 + /usr/lib/x86_64-linux-gnu + /usr/lib/aarch64-linux-gnu + /usr/lib/arm-linux-gnueabihf + /usr/lib/arm-linux-gnueabi + /usr/lib/i386-linux-gnu + /usr/lib/alpha-linux-gnu + /usr/lib/hppa-linux-gnu + /usr/lib/i386-gnu + /usr/lib/i686-gnu + /usr/lib/i686-linux-gnu + /usr/lib/x86_64-kfreebsd-gnu + /usr/lib/i686-kfreebsd-gnu + /usr/lib/m68k-linux-gnu + /usr/lib/mips-linux-gnu + /usr/lib/mips64el-linux-gnuabi64 + /usr/lib/mipsel-linux-gnu + /usr/lib/powerpc-linux-gnu + /usr/lib/powerpc-linux-gnuspe + /usr/lib/powerpc64-linux-gnu + /usr/lib/powerpc64le-linux-gnu + /usr/lib/s390x-linux-gnu + /usr/lib/riscv64-linux-gnu + /usr/lib/sparc64-linux-gnu + /usr/lib/x86_64-linux-gnux32 + /usr/lib/sh4-linux-gnu + /usr/lib/loongarch64-linux-gnu + /usr/local/lib + /usr/local/lib64 + /opt/local/lib + ) + + find_path(GNUTLS_INCLUDE_DIR NAMES gnutls/gnutls.h + PATHS + /usr/include + /usr/local/include + /opt/local/include # default location in Macports + /opt/homebrew/opt/gnutls/include/ + ${GNUTLS_ROOT_DIR}/include/ + ) + + if(NOT GNUTLS_OPENSSL_LIBRARY) + message(" The GnuTLS library with openssl compatibility enabled has not been found.") + message(" You can try to install the required libraries by typing:") + if(${CMAKE_SYSTEM_NAME} MATCHES "Linux|kFreeBSD|GNU") + if(${LINUX_DISTRIBUTION} MATCHES "Fedora" OR ${LINUX_DISTRIBUTION} MATCHES "Red Hat") + message(" sudo yum install openssl-devel") + else() + message(" sudo apt-get install libgnutls28-dev") + endif() + endif() + if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") + message(" 'sudo port install openssl3', if you are using Macports, or") + message(" 'brew install openssl', if you are using Homebrew.") + endif() + message(FATAL_ERROR "OpenSSL or the GnuTLS libraries with openssl compatibility are required to build gnss-sdr") + endif() + + # Test GnuTLS capabilities + file(READ "${GNUTLS_INCLUDE_DIR}/gnutls/gnutls.h" gnutls_gnutls_file_contents) + if("${gnutls_gnutls_file_contents}" MATCHES "GNUTLS_SIGN_ECDSA_SHA256") + set(GNUTLS_SIGN_ECDSA_SHA256 TRUE) + endif() + if("${gnutls_gnutls_file_contents}" MATCHES "GNUTLS_DIG_SHA3_256") + set(GNUTLS_DIG_SHA3_256 TRUE) + endif() + if("${gnutls_gnutls_file_contents}" MATCHES "#define GNUTLS_VERSION_MAJOR 2") + set(GNUTLS_HMAC_INIT_WITH_DIGEST TRUE) + endif() + if("${gnutls_gnutls_file_contents}" MATCHES "GNUTLS_MAC_AES_CMAC_128") + set(GNUTLS_MAC_AES_CMAC_128 TRUE) + endif() + file(READ "${GNUTLS_INCLUDE_DIR}/gnutls/abstract.h" gnutls_abstract_file_contents) + if("${gnutls_abstract_file_contents}" MATCHES "gnutls_pubkey_export2") + set(GNUTLS_PUBKEY_EXPORT2 TRUE) + endif() +endif() + +################################################################################ + +function(link_to_crypto_dependencies target) + if(OPENSSL_FOUND) + if(TARGET OpenSSL::SSL) + target_link_libraries(${target} + PUBLIC + OpenSSL::SSL + ) + if(TARGET OpenSSL::Crypto) + target_link_libraries(${target} + PUBLIC + OpenSSL::Crypto + ) + endif() + else() + target_link_libraries(${target} + PUBLIC + ${OPENSSL_LIBRARIES} + "${OPENSSL_CRYPTO_LIBRARIES}" + ) + target_include_directories(${target} + PUBLIC + ${OPENSSL_INCLUDE_DIR} + ) + endif() + if(OPENSSL_VERSION) + if(OPENSSL_VERSION VERSION_GREATER "3.0.0") + target_compile_definitions(${target} PUBLIC -DUSE_OPENSSL_3=1) + else() + if(NOT OPENSSL_VERSION VERSION_LESS "1.1.1") + target_compile_definitions(${target} PUBLIC -DUSE_OPENSSL_111=1) + endif() + endif() + else() + endif() + else() # GnuTLS + target_link_libraries(${target} + PUBLIC + ${GNUTLS_LIBRARIES} + ${GNUTLS_OPENSSL_LIBRARY} + ) + target_include_directories(${target} + PUBLIC + ${GNUTLS_INCLUDE_DIR} + ) + target_compile_definitions(${target} PUBLIC -DUSE_GNUTLS_FALLBACK=1) + if(GNUTLS_SIGN_ECDSA_SHA256) + target_compile_definitions(${target} PRIVATE -DHAVE_GNUTLS_SIGN_ECDSA_SHA256=1) + endif() + if(GNUTLS_DIG_SHA3_256) + target_compile_definitions(${target} PRIVATE -DHAVE_GNUTLS_DIG_SHA3_256=1) + endif() + if(GNUTLS_PUBKEY_EXPORT2) + target_compile_definitions(${target} PRIVATE -DHAVE_GNUTLS_PUBKEY_EXPORT2=1) + endif() + if(GNUTLS_HMAC_INIT_WITH_DIGEST) + target_compile_definitions(${target} PRIVATE -DHAVE_GNUTLS_HMAC_INIT_WITH_DIGEST=1) + endif() + if(GNUTLS_MAC_AES_CMAC_128) + target_compile_definitions(${target} PRIVATE -DHAVE_GNUTLS_MAC_AES_CMAC_128=1) + endif() + endif() +endfunction() diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index e7e594fb9..1812c76b7 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -55,6 +55,15 @@ All notable changes to GNSS-SDR will be documented in this file. This change has a downside in maintainability, since the source code becomes plagued with preprocessor directives required to maintain compatibility both with gflags and glog, and with Abseil. +- Historically, GNSS-SDR linked against the GnuTLS library for cryptographic + functions. If GnuTLS was not found, then the building system looked for and + linked against OpenSSL as a fallback. This was due to the OpenSSL 1.x dual + license scheme, which was incompatible with GPL v3.0 license, preventing it + from being a mandatory dependency for GNSS-SDR in most GNU/Linux + distributions. This issue was solved with the release of OpenSSL 3.0.0, which + transitioned to the Apache License 2.0, fully compatible with GPL v3.0. + Accordingly, the GNSS-SDR building system now looks for OpenSSL in the first + place and, if not found, then it looks for GnuTLS as a fallback. ### Improvements in Usability: diff --git a/src/core/libs/osnma_msg_receiver.cc b/src/core/libs/osnma_msg_receiver.cc index e03303a66..d9726e269 100644 --- a/src/core/libs/osnma_msg_receiver.cc +++ b/src/core/libs/osnma_msg_receiver.cc @@ -317,7 +317,7 @@ void osnma_msg_receiver::local_time_verification(const std::shared_ptr(d_receiver_time - d_GST_SIS)); if (delta_T <= d_T_L) { d_tags_allowed = tags_to_verify::all; diff --git a/src/core/libs/supl/CMakeLists.txt b/src/core/libs/supl/CMakeLists.txt index 743852047..78ab2b80e 100644 --- a/src/core/libs/supl/CMakeLists.txt +++ b/src/core/libs/supl/CMakeLists.txt @@ -46,16 +46,9 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang|GNU" AND (CMAKE_VERSION VERSION_GREATER "3 target_compile_options(core_libs_supl PUBLIC $<$:${MY_C_FLAGS}>) endif() -if(OPENSSL_FOUND) - target_compile_definitions(core_libs_supl PUBLIC -DUSE_OPENSSL_FALLBACK=1) -endif() -message("OPENSSL_FOUND: " ${OPENSSL_FOUND}) -message("USE_OPENSSL_FALLBACK:" ${USE_OPENSSL_FALLBACK}) -target_link_libraries(core_libs_supl - PUBLIC - ${GNUTLS_LIBRARIES} - ${GNUTLS_OPENSSL_LIBRARY} -) +# links to the appropriate library and defines +# USE_GNUTLS_FALLBACK, USE_OPENSSL_3, or USE_OPENSSL_111 accordingly. +link_to_crypto_dependencies(core_libs_supl) target_include_directories(core_libs_supl PUBLIC diff --git a/src/core/libs/supl/supl.h b/src/core/libs/supl/supl.h index c879112f6..8c9bef533 100644 --- a/src/core/libs/supl/supl.h +++ b/src/core/libs/supl/supl.h @@ -24,18 +24,18 @@ #define EXPORT #endif // clang-format off -#if USE_OPENSSL_FALLBACK -#include -#include -#include -#include -#include -#else +#if USE_GNUTLS_FALLBACK #include #include #include #include #include +#else +#include +#include +#include +#include +#include #endif // clang-format on #include diff --git a/src/core/receiver/gnss_flowgraph.cc b/src/core/receiver/gnss_flowgraph.cc index acdea9df2..af1795ee0 100644 --- a/src/core/receiver/gnss_flowgraph.cc +++ b/src/core/receiver/gnss_flowgraph.cc @@ -121,7 +121,7 @@ void GNSSFlowgraph::init() galileo_tow_map_ = nullptr; } - if (configuration_->property("Channels_1B.count", 0) > 0) + if (configuration_->property("Channels_1B.count", 0) > 0 && configuration_->property("GNSS-SDR.osnma_enable", true)) { enable_osnma_rx_ = true; const auto certFilePath = configuration_->property("GNSS-SDR.osnma_public_key", CRTFILE_DEFAULT); diff --git a/src/core/system_parameters/CMakeLists.txt b/src/core/system_parameters/CMakeLists.txt index 0ef4cf22e..055ff256e 100644 --- a/src/core/system_parameters/CMakeLists.txt +++ b/src/core/system_parameters/CMakeLists.txt @@ -124,7 +124,7 @@ target_link_libraries(core_system_parameters Boost::date_time Boost::serialization PRIVATE - Pugixml::pugixml + Pugixml::pugixml ) if(ENABLE_GLOG_AND_GFLAGS) @@ -140,50 +140,9 @@ target_include_directories(core_system_parameters ${GNSSSDR_SOURCE_DIR}/src/algorithms/libs ) -if(OPENSSL_FOUND) - message("OPENSSL_FOUND: " ${OPENSSL_FOUND}) - if(TARGET OpenSSL::SSL) - target_link_libraries(core_system_parameters - PUBLIC - OpenSSL::SSL - ) - else() - target_link_libraries(core_system_parameters - PUBLIC - ${OPENSSL_LIBRARIES} - ) - target_include_directories(core_system_parameters - PUBLIC - ${OPENSSL_INCLUDE_DIR} - ) - endif() - if(OPENSSL_VERSION) - message("OPENSSL_VERSION: " ${OPENSSL_VERSION}) - if(OPENSSL_VERSION VERSION_GREATER "3.0.0") - target_compile_definitions(core_system_parameters PUBLIC -DUSE_OPENSSL_FALLBACK=1 -DUSE_OPENSSL_3=1) - message("USE_OPENSSL_3: " ${DUSE_OPENSSL_3}) - message("USE_OPENSSL_FALLBACK:" ${USE_OPENSSL_FALLBACK}) - else() - if(NOT OPENSSL_VERSION VERSION_LESS "1.1.1") - target_compile_definitions(core_system_parameters PRIVATE -DUSE_OPENSSL_FALLBACK=1 -DUSE_OPENSSL_111=1) - endif() - endif() - endif() - -else() - target_link_libraries(core_system_parameters - PUBLIC - ${GNUTLS_LIBRARIES} - ${GNUTLS_OPENSSL_LIBRARY} - ) - target_include_directories(core_system_parameters - PUBLIC - ${GNUTLS_INCLUDE_DIR} - ) -endif() -if(OPENSSL_FOUND) - target_compile_definitions(core_system_parameters PUBLIC -DUSE_OPENSSL_FALLBACK=1) -endif() +# links to the appropriate library and defines +# USE_GNUTLS_FALLBACK, USE_OPENSSL_3, or USE_OPENSSL_111 accordingly. +link_to_crypto_dependencies(core_system_parameters) if(ENABLE_CLANG_TIDY) if(CLANG_TIDY_EXE) diff --git a/src/core/system_parameters/gnss_crypto.cc b/src/core/system_parameters/gnss_crypto.cc index 0f1774271..055bd0382 100644 --- a/src/core/system_parameters/gnss_crypto.cc +++ b/src/core/system_parameters/gnss_crypto.cc @@ -25,7 +25,11 @@ #include #include -#if USE_OPENSSL_FALLBACK +#if USE_GNUTLS_FALLBACK +#include +#include +#include +#else // OpenSSL #include #include #include @@ -40,14 +44,9 @@ #include #include #define OPENSSL_ENGINE nullptr -#else +#else // OpenSSL 1.x #include #endif -#else // GnuTLS -#include -#include -#include -#include #endif #if USE_GLOG_AND_GFLAGS @@ -59,28 +58,38 @@ Gnss_Crypto::Gnss_Crypto() { -#if USE_OPENSSL_FALLBACK +#if USE_GNUTLS_FALLBACK + gnutls_global_init(); +#if !HAVE_GNUTLS_SIGN_ECDSA_SHA256 + LOG(WARNING) << "The GnuTLS library version you are linking against is too old for some OSNMA functions." + << " Please do not trust OSNMA ouputs or upgrade your system to a newer version of GnuTLS or OpenSSL" + << " and rebuild GNSS-SDR against it."; +#endif +#else // OpenSSL #if !(USE_OPENSSL_3 || USE_OPENSSL_111) LOG(WARNING) << "The OpenSSL library version you are linking against is too old for some OSNMA functions." << " Please do not trust OSNMA ouputs or upgrade your system to a newer version of OpenSSL" << " and rebuild GNSS-SDR against it."; #endif -#else // GnuTLS - gnutls_global_init(); #endif } Gnss_Crypto::Gnss_Crypto(const std::string& certFilePath, const std::string& merkleTreePath) { -#if USE_OPENSSL_FALLBACK +#if USE_GNUTLS_FALLBACK + gnutls_global_init(); +#if !HAVE_GNUTLS_SIGN_ECDSA_SHA256 + LOG(WARNING) << "The GnuTLS library version you are linking against is too old for some OSNMA functions." + << " Please do not trust OSNMA ouputs or upgrade your system to a newer version of GnuTLS or OpenSSL" + << " and rebuild GNSS-SDR against it."; +#endif +#else // OpenSSL #if !(USE_OPENSSL_3 || USE_OPENSSL_111) LOG(WARNING) << "The OpenSSL library version you are linking against is too old for some OSNMA functions." << " Please do not trust OSNMA ouputs or upgrade your system to a newer version of OpenSSL" << " and rebuild GNSS-SDR against it."; #endif -#else // GnuTLS - gnutls_global_init(); #endif if (!readPublicKeyFromCRT(certFilePath)) { @@ -92,31 +101,30 @@ Gnss_Crypto::Gnss_Crypto(const std::string& certFilePath, const std::string& mer Gnss_Crypto::~Gnss_Crypto() { -#if USE_OPENSSL_FALLBACK -#if USE_OPENSSL_3 -#else - if (d_PublicKey != nullptr) - { - EC_KEY_free(d_PublicKey); - } -#endif -#else // GnuTLS +#if USE_GNUTLS_FALLBACK if (d_PublicKey != nullptr) { gnutls_pubkey_deinit(d_PublicKey); d_PublicKey = nullptr; } gnutls_global_deinit(); +#else // OpenSSL +#if !USE_OPENSSL_3 + if (d_PublicKey != nullptr) + { + EC_KEY_free(d_PublicKey); + } +#endif #endif } bool Gnss_Crypto::have_public_key() const { -#if USE_OPENSSL_FALLBACK - return (d_PublicKey != nullptr); -#else // GnuTLS +#if USE_GNUTLS_FALLBACK return (d_PublicKey != gnutls_pubkey_t{}); +#else // OpenSSL + return (d_PublicKey != nullptr); #endif } @@ -260,7 +268,15 @@ void Gnss_Crypto::read_merkle_xml(const std::string& merkleFilePath) std::vector Gnss_Crypto::computeSHA256(const std::vector& input) const { std::vector output(32); // SHA256 hash size -#if USE_OPENSSL_FALLBACK +#if USE_GNUTLS_FALLBACK + std::vector output_aux(32); + gnutls_hash_hd_t hashHandle; + gnutls_hash_init(&hashHandle, GNUTLS_DIG_SHA256); + gnutls_hash(hashHandle, input.data(), input.size()); + gnutls_hash_output(hashHandle, output_aux.data()); + output = output_aux; + gnutls_hash_deinit(hashHandle, output_aux.data()); +#else // OpenSSL #if USE_OPENSSL_3 unsigned int mdLen; EVP_MD_CTX* mdCtx = EVP_MD_CTX_new(); @@ -283,20 +299,12 @@ std::vector Gnss_Crypto::computeSHA256(const std::vector& inpu return output; } EVP_MD_CTX_free(mdCtx); -#else +#else // OpenSSL 1.x SHA256_CTX sha256Context; SHA256_Init(&sha256Context); SHA256_Update(&sha256Context, input.data(), input.size()); SHA256_Final(output.data(), &sha256Context); #endif -#else // GnuTLS - std::vector output_aux(32); - gnutls_hash_hd_t hashHandle; - gnutls_hash_init(&hashHandle, GNUTLS_DIG_SHA256); - gnutls_hash(hashHandle, input.data(), input.size()); - gnutls_hash_output(hashHandle, output_aux.data()); - output = output_aux; - gnutls_hash_deinit(hashHandle, output_aux.data()); #endif return output; } @@ -305,23 +313,8 @@ std::vector Gnss_Crypto::computeSHA256(const std::vector& inpu std::vector Gnss_Crypto::computeSHA3_256(const std::vector& input) const { std::vector output(32); // SHA256 hash size -#if USE_OPENSSL_FALLBACK -#if USE_OPENSSL_3 || USE_OPENSSL_111 - EVP_MD_CTX* mdctx = EVP_MD_CTX_new(); - const EVP_MD* md = EVP_sha3_256(); - - EVP_DigestInit_ex(mdctx, md, nullptr); - EVP_DigestUpdate(mdctx, input.data(), input.size()); - EVP_DigestFinal_ex(mdctx, output.data(), nullptr); - EVP_MD_CTX_free(mdctx); -#else - // SHA3-256 not implemented in OpenSSL 1.0, it was introduced in OpenSSL 1.1.1 - if (!input.empty()) - { - // do nothing - } -#endif -#else // GnuTLS +#if USE_GNUTLS_FALLBACK +#if HAVE_GNUTLS_DIG_SHA3_256 std::vector output_aux(32); gnutls_hash_hd_t hashHandle; gnutls_hash_init(&hashHandle, GNUTLS_DIG_SHA3_256); @@ -329,6 +322,23 @@ std::vector Gnss_Crypto::computeSHA3_256(const std::vector& in gnutls_hash_output(hashHandle, output_aux.data()); output = output_aux; gnutls_hash_deinit(hashHandle, output_aux.data()); +#endif +#else // OpenSSL +#if USE_OPENSSL_3 || USE_OPENSSL_111 + EVP_MD_CTX* mdctx = EVP_MD_CTX_new(); + const EVP_MD* md = EVP_sha3_256(); + + EVP_DigestInit_ex(mdctx, md, nullptr); + EVP_DigestUpdate(mdctx, input.data(), input.size()); + EVP_DigestFinal_ex(mdctx, output.data(), nullptr); + EVP_MD_CTX_free(mdctx); +#else // OpenSSL 1.x + // SHA3-256 not implemented in OpenSSL 1.0, it was introduced in OpenSSL 1.1.1 + if (!input.empty()) + { + // do nothing + } +#endif #endif return output; } @@ -337,7 +347,19 @@ std::vector Gnss_Crypto::computeSHA3_256(const std::vector& in std::vector Gnss_Crypto::computeHMAC_SHA_256(const std::vector& key, const std::vector& input) const { std::vector output(32); -#if USE_OPENSSL_FALLBACK +#if USE_GNUTLS_FALLBACK + std::vector output_aux(32); + gnutls_hmac_hd_t hmac; +#if HAVE_GNUTLS_HMAC_INIT_WITH_DIGEST + gnutls_hmac_init(&hmac, GNUTLS_DIG_SHA256, key.data(), key.size()); +#else + gnutls_hmac_init(&hmac, GNUTLS_MAC_SHA256, key.data(), key.size()); +#endif + gnutls_hmac(hmac, input.data(), input.size()); + gnutls_hmac_output(hmac, output_aux.data()); + output = output_aux; + gnutls_hmac_deinit(hmac, output_aux.data()); +#else // OpenSSL #if USE_OPENSSL_3 std::vector hmac(EVP_MAX_MD_SIZE); size_t output_length = 0; @@ -393,7 +415,7 @@ std::vector Gnss_Crypto::computeHMAC_SHA_256(const std::vector EVP_MAC_free(mac); hmac.resize(output_length); output = hmac; -#else +#else // OpenSSL 1.x unsigned int outputLength = EVP_MAX_MD_SIZE; unsigned char* result = HMAC(EVP_sha256(), key.data(), key.size(), input.data(), input.size(), output.data(), &outputLength); if (result == nullptr) @@ -405,14 +427,6 @@ std::vector Gnss_Crypto::computeHMAC_SHA_256(const std::vector // Resize the output vector to the actual length of the HMAC-SHA256 output output.resize(outputLength); #endif -#else // GnuTLS - std::vector output_aux(32); - gnutls_hmac_hd_t hmac; - gnutls_hmac_init(&hmac, GNUTLS_MAC_SHA256, key.data(), key.size()); - gnutls_hmac(hmac, input.data(), input.size()); - gnutls_hmac_output(hmac, output_aux.data()); - output = output_aux; - gnutls_hmac_deinit(hmac, output_aux.data()); #endif return output; } @@ -421,7 +435,43 @@ std::vector Gnss_Crypto::computeHMAC_SHA_256(const std::vector std::vector Gnss_Crypto::computeCMAC_AES(const std::vector& key, const std::vector& input) const { std::vector output(16); -#if USE_OPENSSL_FALLBACK +#if USE_GNUTLS_FALLBACK +#if HAVE_GNUTLS_MAC_AES_CMAC_128 + gnutls_hmac_hd_t hmac; + + // Initialize the HMAC context with the CMAC algorithm and key + int ret = gnutls_hmac_init(&hmac, GNUTLS_MAC_AES_CMAC_128, key.data(), key.size()); + if (ret != GNUTLS_E_SUCCESS) + { + LOG(INFO) << "OSNMA CMAC-AES: gnutls_hmac_init failed: " << gnutls_strerror(ret); + return output; + } + + // Update the HMAC context with the input data + ret = gnutls_hmac(hmac, input.data(), input.size()); + if (ret != GNUTLS_E_SUCCESS) + { + LOG(INFO) << "OSNMA CMAC-AES: gnutls_hmac failed: " << gnutls_strerror(ret); + gnutls_hmac_deinit(hmac, nullptr); + return output; + } + + // Retrieve the HMAC output + gnutls_hmac_output(hmac, output.data()); + + // Clean up the HMAC context + gnutls_hmac_deinit(hmac, nullptr); +#else + if (!key.empty()) + { + // do nothing + } + if (!input.empty()) + { + // do nothing + } +#endif +#else // OpenSSL #if USE_OPENSSL_3 std::vector aux(EVP_MAX_MD_SIZE); // CMAC-AES output size size_t output_length = 0; @@ -479,33 +529,47 @@ std::vector Gnss_Crypto::computeCMAC_AES(const std::vector& ke aux.resize(output_length); output = aux; -#else - std::vector mac(16); // CMAC-AES output size +#else // OpenSSL 1.x + size_t mac_length = 0; // to hold the length of the MAC output // Create CMAC context CMAC_CTX* cmacCtx = CMAC_CTX_new(); - CMAC_Init(cmacCtx, key.data(), key.size(), EVP_aes_128_cbc(), nullptr); + if (!cmacCtx) + { + LOG(INFO) << "OSNMA CMAC-AES: Failed to create CMAC context"; + return output; + } - // Compute CMAC-AES - CMAC_Update(cmacCtx, input.data(), input.size()); - CMAC_Final(cmacCtx, mac.data(), nullptr); + // Initialize the CMAC context with the key and cipher + if (CMAC_Init(cmacCtx, key.data(), key.size(), EVP_aes_128_cbc(), nullptr) != 1) + { + LOG(INFO) << "OSNMA CMAC-AES: MAC_Init failed"; + CMAC_CTX_free(cmacCtx); + return output; + } + + // Compute the CMAC + if (CMAC_Update(cmacCtx, input.data(), input.size()) != 1) + { + LOG(INFO) << "OSNMA CMAC-AES: CMAC_Update failed"; + CMAC_CTX_free(cmacCtx); + return output; + } + + // Finalize the CMAC computation and retrieve the output + if (CMAC_Final(cmacCtx, output.data(), &mac_length) != 1) + { + LOG(INFO) << "OSNMA CMAC-AES: CMAC_Final failed"; + CMAC_CTX_free(cmacCtx); + return output; + } // Clean up CMAC context CMAC_CTX_free(cmacCtx); - output = mac; + // Ensure the output vector is properly sized according to the actual MAC length + output.resize(mac_length); #endif -#else // GnuTLS - gnutls_cipher_hd_t cipher; - std::vector mac(16); - std::vector message = input; - gnutls_datum_t key_data = {const_cast(key.data()), static_cast(key.size())}; - gnutls_cipher_init(&cipher, GNUTLS_CIPHER_AES_128_CBC, &key_data, nullptr); - gnutls_cipher_set_iv(cipher, nullptr, 16); // Set IV to zero - gnutls_cipher_encrypt(cipher, message.data(), message.size()); // Encrypt the message with AES-128 - gnutls_cipher_tag(cipher, mac.data(), mac.size()); // Get the CMAC-AES tag - output = mac; - gnutls_cipher_deinit(cipher); #endif return output; } @@ -526,29 +590,9 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& pemFilePath) return; } std::string pemContent((std::istreambuf_iterator(pemFile)), std::istreambuf_iterator()); -#if USE_OPENSSL_FALLBACK - // Create a BIO object from the string data - BIO* bio = BIO_new_mem_buf(pemContent.c_str(), pemContent.length()); - if (!bio) - { - std::cerr << "OpenSSL: error creating a BIO object with data read from file " << pemFilePath << ". Aborting import" << std::endl; - return; - } -#if USE_OPENSSL_3 - d_PublicKey = PEM_read_bio_PUBKEY(bio, nullptr, nullptr, nullptr); -#else - d_PublicKey = PEM_read_bio_EC_PUBKEY(bio, nullptr, nullptr, nullptr); -#endif - BIO_free(bio); - if (d_PublicKey == nullptr) - { - std::cerr << "OpenSSL: error reading the OSNMA Public Key from file " << pemFilePath << ". Aborting import" << std::endl; - LOG(INFO) << "OpenSSL: error reading the OSNMA Public Key from file " << pemFilePath << ". Aborting import"; - return; - } -#else // GnuTLS +#if USE_GNUTLS_FALLBACK // Import the PEM data - gnutls_datum_t pemDatum = {const_cast(reinterpret_cast(pemContent.data())), static_cast(pemContent.size())}; + gnutls_datum_t pemDatum = {const_cast(reinterpret_cast(const_cast(pemContent.data()))), static_cast(pemContent.size())}; gnutls_pubkey_t pubkey; gnutls_pubkey_init(&pubkey); @@ -566,6 +610,26 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& pemFilePath) pubkey_copy(pubkey, &d_PublicKey); gnutls_pubkey_deinit(pubkey); +#else // OpenSSL + // Create a BIO object from the string data + BIO* bio = BIO_new_mem_buf(const_cast(pemContent.c_str()), pemContent.length()); + if (!bio) + { + std::cerr << "OpenSSL: error creating a BIO object with data read from file " << pemFilePath << ". Aborting import" << std::endl; + return; + } +#if USE_OPENSSL_3 + d_PublicKey = PEM_read_bio_PUBKEY(bio, nullptr, nullptr, nullptr); +#else // OpenSSL 1.x + d_PublicKey = PEM_read_bio_EC_PUBKEY(bio, nullptr, nullptr, nullptr); +#endif + BIO_free(bio); + if (d_PublicKey == nullptr) + { + std::cerr << "OpenSSL: error reading the OSNMA Public Key from file " << pemFilePath << ". Aborting import" << std::endl; + LOG(INFO) << "OpenSSL: error reading the OSNMA Public Key from file " << pemFilePath << ". Aborting import"; + return; + } #endif std::cout << "OSNMA Public key successfully read from file " << pemFilePath << std::endl; LOG(INFO) << "OSNMA Public key successfully read from file " << pemFilePath; @@ -574,57 +638,7 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& pemFilePath) bool Gnss_Crypto::readPublicKeyFromCRT(const std::string& crtFilePath) { -#if USE_OPENSSL_FALLBACK - // Open the .crt file - std::ifstream crtFile(crtFilePath, std::ios::binary); - if (!crtFile.is_open()) - { - std::cerr << "Unable to open file: " << crtFilePath << std::endl; - return false; - } - - // Read certificate - std::vector buffer((std::istreambuf_iterator(crtFile)), std::istreambuf_iterator()); - BIO* bio = BIO_new_mem_buf(buffer.data(), buffer.size()); - if (!bio) - { - std::cerr << "Unable to create BIO for file: " << crtFilePath << std::endl; - return false; - } - X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr); - if (!cert) - { - std::cerr << "Unable to read certificate from file: " << crtFilePath << std::endl; - BIO_free(bio); - return false; - } - - // Read the public key from the certificate - EVP_PKEY* pubkey = X509_get_pubkey(cert); -#if USE_OPENSSL_3 - if (!pubkey) - { - std::cerr << "Failed to extract the public key" << std::endl; - X509_free(cert); - return false; - } - pubkey_copy(pubkey, &d_PublicKey); - EVP_PKEY_free(pubkey); -#else - EC_KEY* ec_pubkey = EVP_PKEY_get1_EC_KEY(pubkey); - EVP_PKEY_free(pubkey); - if (!ec_pubkey) - { - std::cerr << "Failed to extract the public key" << std::endl; - X509_free(cert); - return false; - } - pubkey_copy(ec_pubkey, &d_PublicKey); - EC_KEY_free(ec_pubkey); -#endif - BIO_free(bio); - X509_free(cert); -#else // GnuTLS +#if USE_GNUTLS_FALLBACK // Open the .crt file std::ifstream crtFile(crtFilePath, std::ios::binary); if (!crtFile.is_open()) @@ -664,6 +678,56 @@ bool Gnss_Crypto::readPublicKeyFromCRT(const std::string& crtFilePath) pubkey_copy(pubkey, &d_PublicKey); gnutls_x509_crt_deinit(cert); gnutls_pubkey_deinit(pubkey); +#else // OpenSSL + // Open the .crt file + std::ifstream crtFile(crtFilePath, std::ios::binary); + if (!crtFile.is_open()) + { + std::cerr << "Unable to open file: " << crtFilePath << std::endl; + return false; + } + + // Read certificate + std::vector buffer((std::istreambuf_iterator(crtFile)), std::istreambuf_iterator()); + BIO* bio = BIO_new_mem_buf(buffer.data(), buffer.size()); + if (!bio) + { + std::cerr << "Unable to create BIO for file: " << crtFilePath << std::endl; + return false; + } + X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr); + if (!cert) + { + std::cerr << "Unable to read certificate from file: " << crtFilePath << std::endl; + BIO_free(bio); + return false; + } + + // Read the public key from the certificate + EVP_PKEY* pubkey = X509_get_pubkey(cert); +#if USE_OPENSSL_3 + if (!pubkey) + { + std::cerr << "Failed to extract the public key" << std::endl; + X509_free(cert); + return false; + } + pubkey_copy(pubkey, &d_PublicKey); + EVP_PKEY_free(pubkey); +#else // OpenSSL 1.x + EC_KEY* ec_pubkey = EVP_PKEY_get1_EC_KEY(pubkey); + EVP_PKEY_free(pubkey); + if (!ec_pubkey) + { + std::cerr << "Failed to extract the public key" << std::endl; + X509_free(cert); + return false; + } + pubkey_copy(ec_pubkey, &d_PublicKey); + EC_KEY_free(ec_pubkey); +#endif + BIO_free(bio); + X509_free(cert); #endif std::cout << "OSNMA Public key successfully read from file " << crtFilePath << std::endl; LOG(INFO) << "OSNMA Public key successfully read from file " << crtFilePath; @@ -680,7 +744,34 @@ bool Gnss_Crypto::verify_signature(const std::vector& message, const st return false; } bool success = false; -#if USE_OPENSSL_FALLBACK +#if USE_GNUTLS_FALLBACK +#if HAVE_GNUTLS_SIGN_ECDSA_SHA256 + // Convert signature to DER format + std::vector der_sig; + if (!convert_raw_to_der_ecdsa(signature, der_sig)) + { + std::cerr << "Failed to convert raw ECDSA signature to DER format" << std::endl; + return false; + } + + // Prepare the digest datum + gnutls_datum_t digest_data = {const_cast(digest.data()), static_cast(digest.size())}; + gnutls_datum_t der_sig_data = {der_sig.data(), static_cast(der_sig.size())}; + + // Verify the DER-encoded signature + int ret = gnutls_pubkey_verify_hash2(d_PublicKey, GNUTLS_SIGN_ECDSA_SHA256, 0, &digest_data, &der_sig_data); + success = (ret >= 0); + if (success) + { + LOG(INFO) << "GnuTLS: OSNMA signature authenticated successfully"; + } + else + { + std::cerr << "GnuTLS: OSNMA message authentication failed: " << gnutls_strerror(ret) << std::endl; + LOG(WARNING) << "GnuTLS: OSNMA message authentication failed: " << gnutls_strerror(ret); + } +#endif +#else // OpenSSL #if USE_OPENSSL_3 EVP_PKEY_CTX* ctx; ctx = EVP_PKEY_CTX_new(d_PublicKey, nullptr); @@ -753,7 +844,7 @@ bool Gnss_Crypto::verify_signature(const std::vector& message, const st std::cerr << "OpenSSL: OSNMA message authentication failed: " << err << std::endl; LOG(WARNING) << "OpenSSL: OSNMA message authentication failed: " << err; } -#else +#else // OpenSSL 1.x std::vector der_sig; if (!convert_raw_to_der_ecdsa(signature, der_sig)) { @@ -777,31 +868,6 @@ bool Gnss_Crypto::verify_signature(const std::vector& message, const st LOG(WARNING) << "OpenSSL: OSNMA message authentication failed"; } #endif -#else // GnuTLS - // Convert signature to DER format - std::vector der_sig; - if (!convert_raw_to_der_ecdsa(signature, der_sig)) - { - std::cerr << "Failed to convert raw ECDSA signature to DER format" << std::endl; - return false; - } - - // Prepare the digest datum - gnutls_datum_t digest_data = {const_cast(digest.data()), static_cast(digest.size())}; - gnutls_datum_t der_sig_data = {der_sig.data(), static_cast(der_sig.size())}; - - // Verify the DER-encoded signature - int ret = gnutls_pubkey_verify_hash2(d_PublicKey, GNUTLS_SIGN_ECDSA_SHA256, 0, &digest_data, &der_sig_data); - success = (ret >= 0); - if (success) - { - LOG(INFO) << "GnuTLS: OSNMA signature authenticated successfully"; - } - else - { - std::cerr << "GnuTLS: OSNMA message authentication failed: " << gnutls_strerror(ret) << std::endl; - LOG(WARNING) << "GnuTLS: OSNMA message authentication failed: " << gnutls_strerror(ret); - } #endif return success; } @@ -845,10 +911,24 @@ std::vector Gnss_Crypto::getMerkleRoot(const std::vector& publicKey) { -#if USE_OPENSSL_FALLBACK +#if USE_GNUTLS_FALLBACK + gnutls_pubkey_t pubkey; + gnutls_datum_t pemDatum = {const_cast(publicKey.data()), static_cast(publicKey.size())}; + gnutls_pubkey_init(&pubkey); + int ret = gnutls_pubkey_import(pubkey, &pemDatum, GNUTLS_X509_FMT_PEM); + if (ret != GNUTLS_E_SUCCESS) + { + gnutls_pubkey_deinit(pubkey); + std::cerr << "GnuTLS: error setting the public key" << std::endl; + std::cerr << "GnuTLS error: " << gnutls_strerror(ret) << std::endl; + return; + } + pubkey_copy(pubkey, &d_PublicKey); + gnutls_pubkey_deinit(pubkey); +#else // OpenSSL BIO* bio = nullptr; EVP_PKEY* pkey = nullptr; - bio = BIO_new_mem_buf(publicKey.data(), publicKey.size()); + bio = BIO_new_mem_buf(const_cast(publicKey.data()), publicKey.size()); if (!bio) { std::cerr << "Failed to create BIO for key \n"; @@ -876,22 +956,8 @@ void Gnss_Crypto::set_public_key(const std::vector& publicKey) return; } EC_KEY_free(ec_pkey); -#endif +#endif // OpenSSL 1.x EVP_PKEY_free(pkey); -#else // GnuTLS - gnutls_pubkey_t pubkey; - gnutls_datum_t pemDatum = {const_cast(publicKey.data()), static_cast(publicKey.size())}; - gnutls_pubkey_init(&pubkey); - int ret = gnutls_pubkey_import(pubkey, &pemDatum, GNUTLS_X509_FMT_PEM); - if (ret != GNUTLS_E_SUCCESS) - { - gnutls_pubkey_deinit(pubkey); - std::cerr << "GnuTLS: error setting the public key" << std::endl; - std::cerr << "GnuTLS error: " << gnutls_strerror(ret) << std::endl; - return; - } - pubkey_copy(pubkey, &d_PublicKey); - gnutls_pubkey_deinit(pubkey); #endif LOG(INFO) << "OSNMA Public Key successfully set up."; } @@ -945,7 +1011,45 @@ bool Gnss_Crypto::convert_raw_to_der_ecdsa(const std::vector& raw_signa } -#if USE_OPENSSL_FALLBACK +#if USE_GNUTLS_FALLBACK // GnuTLS-specific functions +bool Gnss_Crypto::pubkey_copy(gnutls_pubkey_t src, gnutls_pubkey_t* dest) +{ + gnutls_datum_t key_datum; + + // Export the public key from src to memory +#if HAVE_GNUTLS_PUBKEY_EXPORT2 + int ret = gnutls_pubkey_export2(src, GNUTLS_X509_FMT_PEM, &key_datum); +#else + size_t output_stata_size; + int ret = gnutls_pubkey_export(src, GNUTLS_X509_FMT_PEM, &key_datum, &output_stata_size); +#endif + if (ret < 0) + { + gnutls_free(key_datum.data); + return false; + } + + // Initialize dest + ret = gnutls_pubkey_init(dest); + if (ret < 0) + { + gnutls_free(key_datum.data); + return false; + } + + // Import the public key data from key_datum to dest + ret = gnutls_pubkey_import(*dest, &key_datum, GNUTLS_X509_FMT_PEM); + gnutls_free(key_datum.data); + + if (ret < 0) + { + gnutls_pubkey_deinit(*dest); + return false; + } + + return true; +} +#else // OpenSSL #if USE_OPENSSL_3 bool Gnss_Crypto::pubkey_copy(EVP_PKEY* src, EVP_PKEY** dest) { @@ -1036,41 +1140,5 @@ bool Gnss_Crypto::pubkey_copy(EC_KEY* src, EC_KEY** dest) return true; } - #endif - -#else // GnuTLS-specific functions - -bool Gnss_Crypto::pubkey_copy(gnutls_pubkey_t src, gnutls_pubkey_t* dest) -{ - gnutls_datum_t key_datum; - - // Export the public key from src to memory - int ret = gnutls_pubkey_export2(src, GNUTLS_X509_FMT_PEM, &key_datum); - if (ret < 0) - { - gnutls_free(key_datum.data); - return false; - } - - // Initialize dest - ret = gnutls_pubkey_init(dest); - if (ret < 0) - { - gnutls_free(key_datum.data); - return false; - } - - // Import the public key data from key_datum to dest - ret = gnutls_pubkey_import(*dest, &key_datum, GNUTLS_X509_FMT_PEM); - gnutls_free(key_datum.data); - - if (ret < 0) - { - gnutls_pubkey_deinit(*dest); - return false; - } - - return true; -} #endif diff --git a/src/core/system_parameters/gnss_crypto.h b/src/core/system_parameters/gnss_crypto.h index bbcac1afa..69df8d45d 100644 --- a/src/core/system_parameters/gnss_crypto.h +++ b/src/core/system_parameters/gnss_crypto.h @@ -22,10 +22,11 @@ #include #include #include -#if USE_OPENSSL_FALLBACK -#include -#else +#if USE_GNUTLS_FALLBACK +#include #include +#else // OpenSSL +#include #endif /** \addtogroup Core @@ -60,7 +61,10 @@ private: bool readPublicKeyFromCRT(const std::string& crtFilePath); bool convert_raw_to_der_ecdsa(const std::vector& raw_signature, std::vector& der_signature) const; std::vector convert_from_hex_str(const std::string& input) const; -#if USE_OPENSSL_FALLBACK +#if USE_GNUTLS_FALLBACK + bool pubkey_copy(gnutls_pubkey_t src, gnutls_pubkey_t* dest); + gnutls_pubkey_t d_PublicKey{}; +#else // OpenSSL #if USE_OPENSSL_3 bool pubkey_copy(EVP_PKEY* src, EVP_PKEY** dest); EVP_PKEY* d_PublicKey{}; @@ -68,9 +72,6 @@ private: bool pubkey_copy(EC_KEY* src, EC_KEY** dest); EC_KEY* d_PublicKey = nullptr; #endif -#else // GnuTLS - bool pubkey_copy(gnutls_pubkey_t src, gnutls_pubkey_t* dest); - gnutls_pubkey_t d_PublicKey{}; #endif std::vector d_x_4_0; std::vector d_x_3_1; @@ -82,4 +83,5 @@ private: /** \} */ /** \} */ + #endif // GNSS_SDR_GNSS_CRYPTO_H \ No newline at end of file diff --git a/src/core/system_parameters/osnma_helper.cc b/src/core/system_parameters/osnma_helper.cc index 7cf3165c2..bd469a079 100644 --- a/src/core/system_parameters/osnma_helper.cc +++ b/src/core/system_parameters/osnma_helper.cc @@ -18,6 +18,7 @@ #include #include #include +#include uint32_t Osnma_Helper::compute_gst(uint32_t WN, uint32_t TOW) const { diff --git a/src/tests/CMakeLists.txt b/src/tests/CMakeLists.txt index 8de611f5f..f1491b032 100644 --- a/src/tests/CMakeLists.txt +++ b/src/tests/CMakeLists.txt @@ -1367,6 +1367,9 @@ if(NOT ENABLE_PACKAGING AND NOT ENABLE_FPGA) GTest::GTest GTest::Main core_libs + Gnuradio::blocks + Gnuradio::runtime + Gnuradio::filter # workaround for old systems ) if(ENABLE_GLOG_AND_GFLAGS) target_link_libraries(osnma_msg_receiver_test PRIVATE Gflags::gflags Glog::glog) diff --git a/src/tests/benchmarks/CMakeLists.txt b/src/tests/benchmarks/CMakeLists.txt index 133174871..28bddd050 100644 --- a/src/tests/benchmarks/CMakeLists.txt +++ b/src/tests/benchmarks/CMakeLists.txt @@ -104,10 +104,15 @@ macro(add_benchmark) ) endmacro() +set(EXTRA_BENCHMARK_DEPENDENCIES "") +if(ENABLE_GLOG_AND_GFLAGS) + set(EXTRA_BENCHMARK_DEPENDENCIES "Gflags::gflags;Glog::glog") +endif() + add_benchmark(benchmark_copy) -add_benchmark(benchmark_preamble core_system_parameters) -add_benchmark(benchmark_detector core_system_parameters) -add_benchmark(benchmark_reed_solomon core_system_parameters) +add_benchmark(benchmark_preamble core_system_parameters ${EXTRA_BENCHMARK_DEPENDENCIES}) +add_benchmark(benchmark_detector core_system_parameters ${EXTRA_BENCHMARK_DEPENDENCIES}) +add_benchmark(benchmark_reed_solomon core_system_parameters ${EXTRA_BENCHMARK_DEPENDENCIES}) add_benchmark(benchmark_atan2 Gnuradio::runtime) if(has_std_plus_void) diff --git a/src/tests/unit-tests/signal-processing-blocks/osnma/osnma_msg_receiver_test.cc b/src/tests/unit-tests/signal-processing-blocks/osnma/osnma_msg_receiver_test.cc index 7b94baf0c..f001bab72 100644 --- a/src/tests/unit-tests/signal-processing-blocks/osnma/osnma_msg_receiver_test.cc +++ b/src/tests/unit-tests/signal-processing-blocks/osnma/osnma_msg_receiver_test.cc @@ -1,11 +1,15 @@ #include #include -#include +#include #include -#include #include #include +#if USE_GLOG_AND_GFLAGS +#include // for LOG +#else +#include +#endif struct TestVector {