mirror of
https://github.com/gnss-sdr/gnss-sdr
synced 2024-10-30 06:36:21 +00:00
Merge branch 'osnma-cesare-fix5' of https://github.com/carlesfernandez/gnss-sdr into carlesfernandez-osnma-cesare-fix5
This commit is contained in:
commit
adb3b455ea
@ -2196,99 +2196,9 @@ endif()
|
||||
|
||||
|
||||
################################################################################
|
||||
# GnuTLS - https://www.gnutls.org/
|
||||
# OpenSSL https://www.openssl.org/ or GnuTLS - https://www.gnutls.org/
|
||||
################################################################################
|
||||
find_package(GnuTLS)
|
||||
set_package_properties(GnuTLS PROPERTIES
|
||||
URL "https://www.gnutls.org/"
|
||||
PURPOSE "Used for the SUPL protocol implementation."
|
||||
TYPE REQUIRED
|
||||
)
|
||||
if(GnuTLS_FOUND AND GNUTLS_VERSION_STRING)
|
||||
set_package_properties(GnuTLS PROPERTIES
|
||||
DESCRIPTION "Transport Layer Security Library (found: v${GNUTLS_VERSION_STRING})"
|
||||
)
|
||||
else()
|
||||
set_package_properties(GnuTLS PROPERTIES
|
||||
DESCRIPTION "Transport Layer Security Library"
|
||||
)
|
||||
endif()
|
||||
find_library(GNUTLS_OPENSSL_LIBRARY
|
||||
NAMES gnutls-openssl libgnutls-openssl.so.27
|
||||
PATHS
|
||||
/usr/lib
|
||||
/usr/lib64
|
||||
/usr/lib/x86_64-linux-gnu
|
||||
/usr/lib/aarch64-linux-gnu
|
||||
/usr/lib/arm-linux-gnueabihf
|
||||
/usr/lib/arm-linux-gnueabi
|
||||
/usr/lib/i386-linux-gnu
|
||||
/usr/lib/alpha-linux-gnu
|
||||
/usr/lib/hppa-linux-gnu
|
||||
/usr/lib/i386-gnu
|
||||
/usr/lib/i686-gnu
|
||||
/usr/lib/i686-linux-gnu
|
||||
/usr/lib/x86_64-kfreebsd-gnu
|
||||
/usr/lib/i686-kfreebsd-gnu
|
||||
/usr/lib/m68k-linux-gnu
|
||||
/usr/lib/mips-linux-gnu
|
||||
/usr/lib/mips64el-linux-gnuabi64
|
||||
/usr/lib/mipsel-linux-gnu
|
||||
/usr/lib/powerpc-linux-gnu
|
||||
/usr/lib/powerpc-linux-gnuspe
|
||||
/usr/lib/powerpc64-linux-gnu
|
||||
/usr/lib/powerpc64le-linux-gnu
|
||||
/usr/lib/s390x-linux-gnu
|
||||
/usr/lib/riscv64-linux-gnu
|
||||
/usr/lib/sparc64-linux-gnu
|
||||
/usr/lib/x86_64-linux-gnux32
|
||||
/usr/lib/sh4-linux-gnu
|
||||
/usr/lib/loongarch64-linux-gnu
|
||||
/usr/local/lib
|
||||
/usr/local/lib64
|
||||
/opt/local/lib
|
||||
)
|
||||
#if(NOT GNUTLS_OPENSSL_LIBRARY)
|
||||
if(GNUTLS_OPENSSL_LIBRARY)
|
||||
if(GnuTLS_FOUND)
|
||||
message(STATUS " But it was not built with openssl compatibility.")
|
||||
endif()
|
||||
message(STATUS " Looking for OpenSSL instead...")
|
||||
if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
|
||||
set(OPENSSL_ROOT_DIR /usr/local/opt/openssl) # Trick for Homebrew
|
||||
endif()
|
||||
find_package(OpenSSL)
|
||||
set_package_properties(OpenSSL PROPERTIES
|
||||
URL "https://www.openssl.org"
|
||||
DESCRIPTION "Cryptography and SSL/TLS Toolkit (found: v${OPENSSL_VERSION})"
|
||||
PURPOSE "Used for the SUPL protocol implementation."
|
||||
TYPE REQUIRED
|
||||
)
|
||||
message("OPENSSL_FOUND: " ${OPENSSL_FOUND})
|
||||
if(OPENSSL_FOUND)
|
||||
set_package_properties(GnuTLS PROPERTIES
|
||||
PURPOSE "Not found, but OpenSSL can replace it."
|
||||
)
|
||||
set(GNUTLS_INCLUDE_DIR ${OPENSSL_INCLUDE_DIR})
|
||||
set(GNUTLS_LIBRARIES "")
|
||||
set(GNUTLS_OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY})
|
||||
else()
|
||||
message(" The GnuTLS library with openssl compatibility enabled has not been found.")
|
||||
message(" You can try to install the required libraries by typing:")
|
||||
if(${CMAKE_SYSTEM_NAME} MATCHES "Linux|kFreeBSD|GNU")
|
||||
if(${LINUX_DISTRIBUTION} MATCHES "Fedora" OR ${LINUX_DISTRIBUTION} MATCHES "Red Hat")
|
||||
message(" sudo yum install openssl-devel")
|
||||
else()
|
||||
message(" sudo apt-get install libgnutls28-dev")
|
||||
endif()
|
||||
endif()
|
||||
if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
|
||||
message(" 'sudo port install gnutls', if you are using Macports, or")
|
||||
message(" 'brew install openssl', if you are using Homebrew.")
|
||||
endif()
|
||||
message(FATAL_ERROR "GnuTLS libraries with openssl compatibility are required to build gnss-sdr")
|
||||
endif()
|
||||
endif()
|
||||
include(GnssSdrCrypto)
|
||||
|
||||
|
||||
|
||||
|
30
README.md
30
README.md
@ -75,7 +75,7 @@ information about this open-source, software-defined GNSS receiver.
|
||||
- [Install Armadillo, a C++ linear algebra library](#install-armadillo-a-c-linear-algebra-library)
|
||||
- [Install Gflags, a commandline flags processing module for C++](#install-gflags-a-commandline-flags-processing-module-for-c)
|
||||
- [Install Glog, a library that implements application-level logging](#install-glog-a-library-that-implements-application-level-logging)
|
||||
- [Install the GnuTLS or OpenSSL libraries](#install-the-gnutls-or-openssl-libraries)
|
||||
- [Install the OpenSSL libraries](#install-the-openssl-libraries)
|
||||
- [Install Matio, MATLAB MAT file I/O library](#install-matio-matlab-mat-file-io-library)
|
||||
- [Install Protocol Buffers, a portable mechanism for serialization of structured data](#install-protocol-buffers-a-portable-mechanism-for-serialization-of-structured-data)
|
||||
- [Install Pugixml, a light-weight C++ XML processing library](#install-pugixml-a-light-weight-c-xml-processing-library)
|
||||
@ -168,16 +168,19 @@ $ sudo apt-get install build-essential cmake git pkg-config libboost-dev libboos
|
||||
libboost-system-dev libboost-filesystem-dev libboost-thread-dev libboost-chrono-dev \
|
||||
libboost-serialization-dev liblog4cpp5-dev libuhd-dev gnuradio-dev gr-osmosdr \
|
||||
libblas-dev liblapack-dev libarmadillo-dev libgflags-dev libgoogle-glog-dev \
|
||||
libgnutls-openssl-dev libpcap-dev libmatio-dev libpugixml-dev libgtest-dev \
|
||||
libprotobuf-dev protobuf-compiler python3-mako
|
||||
libssl-dev libpcap-dev libmatio-dev libpugixml-dev libgtest-dev \
|
||||
libprotobuf-dev libcpu-features-dev protobuf-compiler python3-mako
|
||||
```
|
||||
|
||||
Please note that the required files from `libgtest-dev` were named `googletest`
|
||||
in Debian 9 "stretch" and Ubuntu 18.04 "bionic", and renamed to `libgtest-dev`
|
||||
in Debian 10 "buster" and above.
|
||||
|
||||
Since Ubuntu 21.04 Hirsute / Debian 11, the package `libcpu-features-dev` is
|
||||
also required.
|
||||
In distributions older than Ubuntu 21.04 Hirsute / Debian 11, the package
|
||||
`libcpu-features-dev` is not required.
|
||||
|
||||
In distributions older than Ubuntu 22.04 Jammy / Debian 12, the package
|
||||
`libssl-dev` must be replaced by `libgnutls-openssl-dev`.
|
||||
|
||||
**Note for Ubuntu 14.04 LTS "trusty" users:** you will need to build from source
|
||||
and install GNU Radio manually, as explained below, since GNSS-SDR requires
|
||||
@ -451,20 +454,15 @@ Please note that Glog is replaced by the
|
||||
[Abseil Logging Library](https://abseil.io/docs/cpp/guides/logging) if Abseil >=
|
||||
v20240116 is available in your system.
|
||||
|
||||
#### Install the GnuTLS or OpenSSL libraries
|
||||
#### Install the OpenSSL libraries
|
||||
|
||||
```
|
||||
$ sudo apt-get install libgnutls-openssl-dev # For Debian/Ubuntu/LinuxMint
|
||||
$ sudo yum install openssl-devel # For Fedora/CentOS/RHEL
|
||||
$ sudo zypper install openssl-devel # For OpenSUSE
|
||||
$ sudo pacman -S openssl # For Arch Linux
|
||||
$ sudo apt-get install libssl-dev # For Debian/Ubuntu/LinuxMint
|
||||
$ sudo yum install openssl-devel # For Fedora/CentOS/RHEL
|
||||
$ sudo zypper install openssl-devel # For OpenSUSE
|
||||
$ sudo pacman -S openssl # For Arch Linux
|
||||
```
|
||||
|
||||
In case the [GnuTLS](https://www.gnutls.org/ "GnuTLS's Homepage") library with
|
||||
openssl extensions package is not available in your GNU/Linux distribution,
|
||||
GNSS-SDR can also work well with
|
||||
[OpenSSL](https://www.openssl.org/ "OpenSSL's Homepage").
|
||||
|
||||
#### Install [Matio](https://github.com/tbeu/matio "Matio's Homepage"), MATLAB MAT file I/O library
|
||||
|
||||
```
|
||||
@ -838,7 +836,7 @@ In a terminal, type:
|
||||
```
|
||||
$ sudo port selfupdate
|
||||
$ sudo port upgrade outdated
|
||||
$ sudo port install armadillo cmake pkgconfig protobuf3-cpp pugixml gnutls
|
||||
$ sudo port install armadillo cmake pkgconfig protobuf3-cpp pugixml openssl3
|
||||
$ sudo port install gnuradio +uhd +grc +zeromq
|
||||
$ sudo port install boost matio libad9361-iio libiio
|
||||
$ sudo port install py311-mako
|
||||
|
194
cmake/Modules/GnssSdrCrypto.cmake
Normal file
194
cmake/Modules/GnssSdrCrypto.cmake
Normal file
@ -0,0 +1,194 @@
|
||||
# GNSS-SDR is a Global Navigation Satellite System software-defined receiver.
|
||||
# This file is part of GNSS-SDR.
|
||||
#
|
||||
# SPDX-FileCopyrightText: 2024 C. Fernandez-Prades cfernandez(at)cttc.es
|
||||
# SPDX-License-Identifier: BSD-3-Clause
|
||||
|
||||
|
||||
################################################################################
|
||||
# OpenSSL https://www.openssl.org/
|
||||
################################################################################
|
||||
if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
|
||||
set(OPENSSL_ROOT_DIR /usr/local/opt/openssl) # Trick for Homebrew
|
||||
endif()
|
||||
find_package(OpenSSL)
|
||||
set_package_properties(OpenSSL
|
||||
PROPERTIES
|
||||
URL "https://www.openssl.org"
|
||||
PURPOSE "Used for the OSNMA and SUPL protocol implementations."
|
||||
TYPE REQUIRED
|
||||
)
|
||||
if(OPENSSL_FOUND)
|
||||
set_package_properties(OpenSSL
|
||||
PROPERTIES
|
||||
DESCRIPTION "Cryptography and SSL/TLS Toolkit (found: v${OPENSSL_VERSION})"
|
||||
)
|
||||
else()
|
||||
set_package_properties(OpenSSL
|
||||
PROPERTIES
|
||||
DESCRIPTION "OpenSSL has not been found, but GnuTLS with openssl compatibility can replace it"
|
||||
)
|
||||
################################################################################
|
||||
# GnuTLS - https://www.gnutls.org/
|
||||
################################################################################
|
||||
find_package(GnuTLS)
|
||||
set_package_properties(GnuTLS PROPERTIES
|
||||
URL "https://www.gnutls.org/"
|
||||
PURPOSE "Used for the OSNMA and SUPL protocol implementations."
|
||||
TYPE REQUIRED
|
||||
)
|
||||
if(GnuTLS_FOUND AND GNUTLS_VERSION_STRING)
|
||||
set_package_properties(GnuTLS PROPERTIES
|
||||
DESCRIPTION "Transport Layer Security Library (found: v${GNUTLS_VERSION_STRING})"
|
||||
)
|
||||
else()
|
||||
set_package_properties(GnuTLS PROPERTIES
|
||||
DESCRIPTION "Transport Layer Security Library"
|
||||
)
|
||||
endif()
|
||||
find_library(GNUTLS_OPENSSL_LIBRARY
|
||||
NAMES gnutls-openssl libgnutls-openssl.so.27
|
||||
PATHS
|
||||
/usr/lib
|
||||
/usr/lib64
|
||||
/usr/lib/x86_64-linux-gnu
|
||||
/usr/lib/aarch64-linux-gnu
|
||||
/usr/lib/arm-linux-gnueabihf
|
||||
/usr/lib/arm-linux-gnueabi
|
||||
/usr/lib/i386-linux-gnu
|
||||
/usr/lib/alpha-linux-gnu
|
||||
/usr/lib/hppa-linux-gnu
|
||||
/usr/lib/i386-gnu
|
||||
/usr/lib/i686-gnu
|
||||
/usr/lib/i686-linux-gnu
|
||||
/usr/lib/x86_64-kfreebsd-gnu
|
||||
/usr/lib/i686-kfreebsd-gnu
|
||||
/usr/lib/m68k-linux-gnu
|
||||
/usr/lib/mips-linux-gnu
|
||||
/usr/lib/mips64el-linux-gnuabi64
|
||||
/usr/lib/mipsel-linux-gnu
|
||||
/usr/lib/powerpc-linux-gnu
|
||||
/usr/lib/powerpc-linux-gnuspe
|
||||
/usr/lib/powerpc64-linux-gnu
|
||||
/usr/lib/powerpc64le-linux-gnu
|
||||
/usr/lib/s390x-linux-gnu
|
||||
/usr/lib/riscv64-linux-gnu
|
||||
/usr/lib/sparc64-linux-gnu
|
||||
/usr/lib/x86_64-linux-gnux32
|
||||
/usr/lib/sh4-linux-gnu
|
||||
/usr/lib/loongarch64-linux-gnu
|
||||
/usr/local/lib
|
||||
/usr/local/lib64
|
||||
/opt/local/lib
|
||||
)
|
||||
|
||||
find_path(GNUTLS_INCLUDE_DIR NAMES gnutls/gnutls.h
|
||||
PATHS
|
||||
/usr/include
|
||||
/usr/local/include
|
||||
/opt/local/include # default location in Macports
|
||||
/opt/homebrew/opt/gnutls/include/
|
||||
${GNUTLS_ROOT_DIR}/include/
|
||||
)
|
||||
|
||||
if(NOT GNUTLS_OPENSSL_LIBRARY)
|
||||
message(" The GnuTLS library with openssl compatibility enabled has not been found.")
|
||||
message(" You can try to install the required libraries by typing:")
|
||||
if(${CMAKE_SYSTEM_NAME} MATCHES "Linux|kFreeBSD|GNU")
|
||||
if(${LINUX_DISTRIBUTION} MATCHES "Fedora" OR ${LINUX_DISTRIBUTION} MATCHES "Red Hat")
|
||||
message(" sudo yum install openssl-devel")
|
||||
else()
|
||||
message(" sudo apt-get install libgnutls28-dev")
|
||||
endif()
|
||||
endif()
|
||||
if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
|
||||
message(" 'sudo port install openssl3', if you are using Macports, or")
|
||||
message(" 'brew install openssl', if you are using Homebrew.")
|
||||
endif()
|
||||
message(FATAL_ERROR "OpenSSL or the GnuTLS libraries with openssl compatibility are required to build gnss-sdr")
|
||||
endif()
|
||||
|
||||
# Test GnuTLS capabilities
|
||||
file(READ "${GNUTLS_INCLUDE_DIR}/gnutls/gnutls.h" gnutls_gnutls_file_contents)
|
||||
if("${gnutls_gnutls_file_contents}" MATCHES "GNUTLS_SIGN_ECDSA_SHA256")
|
||||
set(GNUTLS_SIGN_ECDSA_SHA256 TRUE)
|
||||
endif()
|
||||
if("${gnutls_gnutls_file_contents}" MATCHES "GNUTLS_DIG_SHA3_256")
|
||||
set(GNUTLS_DIG_SHA3_256 TRUE)
|
||||
endif()
|
||||
if("${gnutls_gnutls_file_contents}" MATCHES "#define GNUTLS_VERSION_MAJOR 2")
|
||||
set(GNUTLS_HMAC_INIT_WITH_DIGEST TRUE)
|
||||
endif()
|
||||
if("${gnutls_gnutls_file_contents}" MATCHES "GNUTLS_MAC_AES_CMAC_128")
|
||||
set(GNUTLS_MAC_AES_CMAC_128 TRUE)
|
||||
endif()
|
||||
file(READ "${GNUTLS_INCLUDE_DIR}/gnutls/abstract.h" gnutls_abstract_file_contents)
|
||||
if("${gnutls_abstract_file_contents}" MATCHES "gnutls_pubkey_export2")
|
||||
set(GNUTLS_PUBKEY_EXPORT2 TRUE)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
################################################################################
|
||||
|
||||
function(link_to_crypto_dependencies target)
|
||||
if(OPENSSL_FOUND)
|
||||
if(TARGET OpenSSL::SSL)
|
||||
target_link_libraries(${target}
|
||||
PUBLIC
|
||||
OpenSSL::SSL
|
||||
)
|
||||
if(TARGET OpenSSL::Crypto)
|
||||
target_link_libraries(${target}
|
||||
PUBLIC
|
||||
OpenSSL::Crypto
|
||||
)
|
||||
endif()
|
||||
else()
|
||||
target_link_libraries(${target}
|
||||
PUBLIC
|
||||
${OPENSSL_LIBRARIES}
|
||||
"${OPENSSL_CRYPTO_LIBRARIES}"
|
||||
)
|
||||
target_include_directories(${target}
|
||||
PUBLIC
|
||||
${OPENSSL_INCLUDE_DIR}
|
||||
)
|
||||
endif()
|
||||
if(OPENSSL_VERSION)
|
||||
if(OPENSSL_VERSION VERSION_GREATER "3.0.0")
|
||||
target_compile_definitions(${target} PUBLIC -DUSE_OPENSSL_3=1)
|
||||
else()
|
||||
if(NOT OPENSSL_VERSION VERSION_LESS "1.1.1")
|
||||
target_compile_definitions(${target} PUBLIC -DUSE_OPENSSL_111=1)
|
||||
endif()
|
||||
endif()
|
||||
else()
|
||||
endif()
|
||||
else() # GnuTLS
|
||||
target_link_libraries(${target}
|
||||
PUBLIC
|
||||
${GNUTLS_LIBRARIES}
|
||||
${GNUTLS_OPENSSL_LIBRARY}
|
||||
)
|
||||
target_include_directories(${target}
|
||||
PUBLIC
|
||||
${GNUTLS_INCLUDE_DIR}
|
||||
)
|
||||
target_compile_definitions(${target} PUBLIC -DUSE_GNUTLS_FALLBACK=1)
|
||||
if(GNUTLS_SIGN_ECDSA_SHA256)
|
||||
target_compile_definitions(${target} PRIVATE -DHAVE_GNUTLS_SIGN_ECDSA_SHA256=1)
|
||||
endif()
|
||||
if(GNUTLS_DIG_SHA3_256)
|
||||
target_compile_definitions(${target} PRIVATE -DHAVE_GNUTLS_DIG_SHA3_256=1)
|
||||
endif()
|
||||
if(GNUTLS_PUBKEY_EXPORT2)
|
||||
target_compile_definitions(${target} PRIVATE -DHAVE_GNUTLS_PUBKEY_EXPORT2=1)
|
||||
endif()
|
||||
if(GNUTLS_HMAC_INIT_WITH_DIGEST)
|
||||
target_compile_definitions(${target} PRIVATE -DHAVE_GNUTLS_HMAC_INIT_WITH_DIGEST=1)
|
||||
endif()
|
||||
if(GNUTLS_MAC_AES_CMAC_128)
|
||||
target_compile_definitions(${target} PRIVATE -DHAVE_GNUTLS_MAC_AES_CMAC_128=1)
|
||||
endif()
|
||||
endif()
|
||||
endfunction()
|
@ -55,6 +55,15 @@ All notable changes to GNSS-SDR will be documented in this file.
|
||||
This change has a downside in maintainability, since the source code becomes
|
||||
plagued with preprocessor directives required to maintain compatibility both
|
||||
with gflags and glog, and with Abseil.
|
||||
- Historically, GNSS-SDR linked against the GnuTLS library for cryptographic
|
||||
functions. If GnuTLS was not found, then the building system looked for and
|
||||
linked against OpenSSL as a fallback. This was due to the OpenSSL 1.x dual
|
||||
license scheme, which was incompatible with GPL v3.0 license, preventing it
|
||||
from being a mandatory dependency for GNSS-SDR in most GNU/Linux
|
||||
distributions. This issue was solved with the release of OpenSSL 3.0.0, which
|
||||
transitioned to the Apache License 2.0, fully compatible with GPL v3.0.
|
||||
Accordingly, the GNSS-SDR building system now looks for OpenSSL in the first
|
||||
place and, if not found, then it looks for GnuTLS as a fallback.
|
||||
|
||||
### Improvements in Usability:
|
||||
|
||||
|
@ -317,7 +317,7 @@ void osnma_msg_receiver::local_time_verification(const std::shared_ptr<OSNMA_msg
|
||||
// std::cout << "Galileo OSNMA: d_receiver_time: " << d_receiver_time << std::endl;
|
||||
}
|
||||
// verify time constraint
|
||||
std::time_t delta_T = abs(d_receiver_time - d_GST_SIS);
|
||||
std::time_t delta_T = std::abs(static_cast<int64_t>(d_receiver_time - d_GST_SIS));
|
||||
if (delta_T <= d_T_L)
|
||||
{
|
||||
d_tags_allowed = tags_to_verify::all;
|
||||
|
@ -46,16 +46,9 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang|GNU" AND (CMAKE_VERSION VERSION_GREATER "3
|
||||
target_compile_options(core_libs_supl PUBLIC $<$<COMPILE_LANGUAGE:C>:${MY_C_FLAGS}>)
|
||||
endif()
|
||||
|
||||
if(OPENSSL_FOUND)
|
||||
target_compile_definitions(core_libs_supl PUBLIC -DUSE_OPENSSL_FALLBACK=1)
|
||||
endif()
|
||||
message("OPENSSL_FOUND: " ${OPENSSL_FOUND})
|
||||
message("USE_OPENSSL_FALLBACK:" ${USE_OPENSSL_FALLBACK})
|
||||
target_link_libraries(core_libs_supl
|
||||
PUBLIC
|
||||
${GNUTLS_LIBRARIES}
|
||||
${GNUTLS_OPENSSL_LIBRARY}
|
||||
)
|
||||
# links to the appropriate library and defines
|
||||
# USE_GNUTLS_FALLBACK, USE_OPENSSL_3, or USE_OPENSSL_111 accordingly.
|
||||
link_to_crypto_dependencies(core_libs_supl)
|
||||
|
||||
target_include_directories(core_libs_supl
|
||||
PUBLIC
|
||||
|
@ -24,18 +24,18 @@
|
||||
#define EXPORT
|
||||
#endif
|
||||
// clang-format off
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#else
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
#include <gnutls/gnutls.h>
|
||||
#include <gnutls/compat.h>
|
||||
#include <gnutls/crypto.h>
|
||||
#include <gnutls/openssl.h>
|
||||
#include <gnutls/x509.h>
|
||||
#else
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#endif
|
||||
// clang-format on
|
||||
#include <PDU.h>
|
||||
|
@ -121,7 +121,7 @@ void GNSSFlowgraph::init()
|
||||
galileo_tow_map_ = nullptr;
|
||||
}
|
||||
|
||||
if (configuration_->property("Channels_1B.count", 0) > 0)
|
||||
if (configuration_->property("Channels_1B.count", 0) > 0 && configuration_->property("GNSS-SDR.osnma_enable", true))
|
||||
{
|
||||
enable_osnma_rx_ = true;
|
||||
const auto certFilePath = configuration_->property("GNSS-SDR.osnma_public_key", CRTFILE_DEFAULT);
|
||||
|
@ -124,7 +124,7 @@ target_link_libraries(core_system_parameters
|
||||
Boost::date_time
|
||||
Boost::serialization
|
||||
PRIVATE
|
||||
Pugixml::pugixml
|
||||
Pugixml::pugixml
|
||||
)
|
||||
|
||||
if(ENABLE_GLOG_AND_GFLAGS)
|
||||
@ -140,50 +140,9 @@ target_include_directories(core_system_parameters
|
||||
${GNSSSDR_SOURCE_DIR}/src/algorithms/libs
|
||||
)
|
||||
|
||||
if(OPENSSL_FOUND)
|
||||
message("OPENSSL_FOUND: " ${OPENSSL_FOUND})
|
||||
if(TARGET OpenSSL::SSL)
|
||||
target_link_libraries(core_system_parameters
|
||||
PUBLIC
|
||||
OpenSSL::SSL
|
||||
)
|
||||
else()
|
||||
target_link_libraries(core_system_parameters
|
||||
PUBLIC
|
||||
${OPENSSL_LIBRARIES}
|
||||
)
|
||||
target_include_directories(core_system_parameters
|
||||
PUBLIC
|
||||
${OPENSSL_INCLUDE_DIR}
|
||||
)
|
||||
endif()
|
||||
if(OPENSSL_VERSION)
|
||||
message("OPENSSL_VERSION: " ${OPENSSL_VERSION})
|
||||
if(OPENSSL_VERSION VERSION_GREATER "3.0.0")
|
||||
target_compile_definitions(core_system_parameters PUBLIC -DUSE_OPENSSL_FALLBACK=1 -DUSE_OPENSSL_3=1)
|
||||
message("USE_OPENSSL_3: " ${DUSE_OPENSSL_3})
|
||||
message("USE_OPENSSL_FALLBACK:" ${USE_OPENSSL_FALLBACK})
|
||||
else()
|
||||
if(NOT OPENSSL_VERSION VERSION_LESS "1.1.1")
|
||||
target_compile_definitions(core_system_parameters PRIVATE -DUSE_OPENSSL_FALLBACK=1 -DUSE_OPENSSL_111=1)
|
||||
endif()
|
||||
endif()
|
||||
endif()
|
||||
|
||||
else()
|
||||
target_link_libraries(core_system_parameters
|
||||
PUBLIC
|
||||
${GNUTLS_LIBRARIES}
|
||||
${GNUTLS_OPENSSL_LIBRARY}
|
||||
)
|
||||
target_include_directories(core_system_parameters
|
||||
PUBLIC
|
||||
${GNUTLS_INCLUDE_DIR}
|
||||
)
|
||||
endif()
|
||||
if(OPENSSL_FOUND)
|
||||
target_compile_definitions(core_system_parameters PUBLIC -DUSE_OPENSSL_FALLBACK=1)
|
||||
endif()
|
||||
# links to the appropriate library and defines
|
||||
# USE_GNUTLS_FALLBACK, USE_OPENSSL_3, or USE_OPENSSL_111 accordingly.
|
||||
link_to_crypto_dependencies(core_system_parameters)
|
||||
|
||||
if(ENABLE_CLANG_TIDY)
|
||||
if(CLANG_TIDY_EXE)
|
||||
|
@ -25,7 +25,11 @@
|
||||
#include <iostream>
|
||||
#include <iterator>
|
||||
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
#include <cstring>
|
||||
#include <gnutls/crypto.h>
|
||||
#include <gnutls/x509.h>
|
||||
#else // OpenSSL
|
||||
#include <openssl/cmac.h>
|
||||
#include <openssl/ecdsa.h>
|
||||
#include <openssl/hmac.h>
|
||||
@ -40,14 +44,9 @@
|
||||
#include <openssl/param_build.h>
|
||||
#include <openssl/params.h>
|
||||
#define OPENSSL_ENGINE nullptr
|
||||
#else
|
||||
#else // OpenSSL 1.x
|
||||
#include <openssl/sha.h>
|
||||
#endif
|
||||
#else // GnuTLS
|
||||
#include <cstring>
|
||||
#include <gnutls/abstract.h>
|
||||
#include <gnutls/crypto.h>
|
||||
#include <gnutls/x509.h>
|
||||
#endif
|
||||
|
||||
#if USE_GLOG_AND_GFLAGS
|
||||
@ -59,28 +58,38 @@
|
||||
|
||||
Gnss_Crypto::Gnss_Crypto()
|
||||
{
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
gnutls_global_init();
|
||||
#if !HAVE_GNUTLS_SIGN_ECDSA_SHA256
|
||||
LOG(WARNING) << "The GnuTLS library version you are linking against is too old for some OSNMA functions."
|
||||
<< " Please do not trust OSNMA ouputs or upgrade your system to a newer version of GnuTLS or OpenSSL"
|
||||
<< " and rebuild GNSS-SDR against it.";
|
||||
#endif
|
||||
#else // OpenSSL
|
||||
#if !(USE_OPENSSL_3 || USE_OPENSSL_111)
|
||||
LOG(WARNING) << "The OpenSSL library version you are linking against is too old for some OSNMA functions."
|
||||
<< " Please do not trust OSNMA ouputs or upgrade your system to a newer version of OpenSSL"
|
||||
<< " and rebuild GNSS-SDR against it.";
|
||||
#endif
|
||||
#else // GnuTLS
|
||||
gnutls_global_init();
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
Gnss_Crypto::Gnss_Crypto(const std::string& certFilePath, const std::string& merkleTreePath)
|
||||
{
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
gnutls_global_init();
|
||||
#if !HAVE_GNUTLS_SIGN_ECDSA_SHA256
|
||||
LOG(WARNING) << "The GnuTLS library version you are linking against is too old for some OSNMA functions."
|
||||
<< " Please do not trust OSNMA ouputs or upgrade your system to a newer version of GnuTLS or OpenSSL"
|
||||
<< " and rebuild GNSS-SDR against it.";
|
||||
#endif
|
||||
#else // OpenSSL
|
||||
#if !(USE_OPENSSL_3 || USE_OPENSSL_111)
|
||||
LOG(WARNING) << "The OpenSSL library version you are linking against is too old for some OSNMA functions."
|
||||
<< " Please do not trust OSNMA ouputs or upgrade your system to a newer version of OpenSSL"
|
||||
<< " and rebuild GNSS-SDR against it.";
|
||||
#endif
|
||||
#else // GnuTLS
|
||||
gnutls_global_init();
|
||||
#endif
|
||||
if (!readPublicKeyFromCRT(certFilePath))
|
||||
{
|
||||
@ -92,31 +101,30 @@ Gnss_Crypto::Gnss_Crypto(const std::string& certFilePath, const std::string& mer
|
||||
|
||||
Gnss_Crypto::~Gnss_Crypto()
|
||||
{
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#if USE_OPENSSL_3
|
||||
#else
|
||||
if (d_PublicKey != nullptr)
|
||||
{
|
||||
EC_KEY_free(d_PublicKey);
|
||||
}
|
||||
#endif
|
||||
#else // GnuTLS
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
if (d_PublicKey != nullptr)
|
||||
{
|
||||
gnutls_pubkey_deinit(d_PublicKey);
|
||||
d_PublicKey = nullptr;
|
||||
}
|
||||
gnutls_global_deinit();
|
||||
#else // OpenSSL
|
||||
#if !USE_OPENSSL_3
|
||||
if (d_PublicKey != nullptr)
|
||||
{
|
||||
EC_KEY_free(d_PublicKey);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
bool Gnss_Crypto::have_public_key() const
|
||||
{
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
return (d_PublicKey != nullptr);
|
||||
#else // GnuTLS
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
return (d_PublicKey != gnutls_pubkey_t{});
|
||||
#else // OpenSSL
|
||||
return (d_PublicKey != nullptr);
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -260,7 +268,15 @@ void Gnss_Crypto::read_merkle_xml(const std::string& merkleFilePath)
|
||||
std::vector<uint8_t> Gnss_Crypto::computeSHA256(const std::vector<uint8_t>& input) const
|
||||
{
|
||||
std::vector<uint8_t> output(32); // SHA256 hash size
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
std::vector<uint8_t> output_aux(32);
|
||||
gnutls_hash_hd_t hashHandle;
|
||||
gnutls_hash_init(&hashHandle, GNUTLS_DIG_SHA256);
|
||||
gnutls_hash(hashHandle, input.data(), input.size());
|
||||
gnutls_hash_output(hashHandle, output_aux.data());
|
||||
output = output_aux;
|
||||
gnutls_hash_deinit(hashHandle, output_aux.data());
|
||||
#else // OpenSSL
|
||||
#if USE_OPENSSL_3
|
||||
unsigned int mdLen;
|
||||
EVP_MD_CTX* mdCtx = EVP_MD_CTX_new();
|
||||
@ -283,20 +299,12 @@ std::vector<uint8_t> Gnss_Crypto::computeSHA256(const std::vector<uint8_t>& inpu
|
||||
return output;
|
||||
}
|
||||
EVP_MD_CTX_free(mdCtx);
|
||||
#else
|
||||
#else // OpenSSL 1.x
|
||||
SHA256_CTX sha256Context;
|
||||
SHA256_Init(&sha256Context);
|
||||
SHA256_Update(&sha256Context, input.data(), input.size());
|
||||
SHA256_Final(output.data(), &sha256Context);
|
||||
#endif
|
||||
#else // GnuTLS
|
||||
std::vector<uint8_t> output_aux(32);
|
||||
gnutls_hash_hd_t hashHandle;
|
||||
gnutls_hash_init(&hashHandle, GNUTLS_DIG_SHA256);
|
||||
gnutls_hash(hashHandle, input.data(), input.size());
|
||||
gnutls_hash_output(hashHandle, output_aux.data());
|
||||
output = output_aux;
|
||||
gnutls_hash_deinit(hashHandle, output_aux.data());
|
||||
#endif
|
||||
return output;
|
||||
}
|
||||
@ -305,23 +313,8 @@ std::vector<uint8_t> Gnss_Crypto::computeSHA256(const std::vector<uint8_t>& inpu
|
||||
std::vector<uint8_t> Gnss_Crypto::computeSHA3_256(const std::vector<uint8_t>& input) const
|
||||
{
|
||||
std::vector<uint8_t> output(32); // SHA256 hash size
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#if USE_OPENSSL_3 || USE_OPENSSL_111
|
||||
EVP_MD_CTX* mdctx = EVP_MD_CTX_new();
|
||||
const EVP_MD* md = EVP_sha3_256();
|
||||
|
||||
EVP_DigestInit_ex(mdctx, md, nullptr);
|
||||
EVP_DigestUpdate(mdctx, input.data(), input.size());
|
||||
EVP_DigestFinal_ex(mdctx, output.data(), nullptr);
|
||||
EVP_MD_CTX_free(mdctx);
|
||||
#else
|
||||
// SHA3-256 not implemented in OpenSSL 1.0, it was introduced in OpenSSL 1.1.1
|
||||
if (!input.empty())
|
||||
{
|
||||
// do nothing
|
||||
}
|
||||
#endif
|
||||
#else // GnuTLS
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
#if HAVE_GNUTLS_DIG_SHA3_256
|
||||
std::vector<uint8_t> output_aux(32);
|
||||
gnutls_hash_hd_t hashHandle;
|
||||
gnutls_hash_init(&hashHandle, GNUTLS_DIG_SHA3_256);
|
||||
@ -329,6 +322,23 @@ std::vector<uint8_t> Gnss_Crypto::computeSHA3_256(const std::vector<uint8_t>& in
|
||||
gnutls_hash_output(hashHandle, output_aux.data());
|
||||
output = output_aux;
|
||||
gnutls_hash_deinit(hashHandle, output_aux.data());
|
||||
#endif
|
||||
#else // OpenSSL
|
||||
#if USE_OPENSSL_3 || USE_OPENSSL_111
|
||||
EVP_MD_CTX* mdctx = EVP_MD_CTX_new();
|
||||
const EVP_MD* md = EVP_sha3_256();
|
||||
|
||||
EVP_DigestInit_ex(mdctx, md, nullptr);
|
||||
EVP_DigestUpdate(mdctx, input.data(), input.size());
|
||||
EVP_DigestFinal_ex(mdctx, output.data(), nullptr);
|
||||
EVP_MD_CTX_free(mdctx);
|
||||
#else // OpenSSL 1.x
|
||||
// SHA3-256 not implemented in OpenSSL 1.0, it was introduced in OpenSSL 1.1.1
|
||||
if (!input.empty())
|
||||
{
|
||||
// do nothing
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
return output;
|
||||
}
|
||||
@ -337,7 +347,19 @@ std::vector<uint8_t> Gnss_Crypto::computeSHA3_256(const std::vector<uint8_t>& in
|
||||
std::vector<uint8_t> Gnss_Crypto::computeHMAC_SHA_256(const std::vector<uint8_t>& key, const std::vector<uint8_t>& input) const
|
||||
{
|
||||
std::vector<uint8_t> output(32);
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
std::vector<uint8_t> output_aux(32);
|
||||
gnutls_hmac_hd_t hmac;
|
||||
#if HAVE_GNUTLS_HMAC_INIT_WITH_DIGEST
|
||||
gnutls_hmac_init(&hmac, GNUTLS_DIG_SHA256, key.data(), key.size());
|
||||
#else
|
||||
gnutls_hmac_init(&hmac, GNUTLS_MAC_SHA256, key.data(), key.size());
|
||||
#endif
|
||||
gnutls_hmac(hmac, input.data(), input.size());
|
||||
gnutls_hmac_output(hmac, output_aux.data());
|
||||
output = output_aux;
|
||||
gnutls_hmac_deinit(hmac, output_aux.data());
|
||||
#else // OpenSSL
|
||||
#if USE_OPENSSL_3
|
||||
std::vector<uint8_t> hmac(EVP_MAX_MD_SIZE);
|
||||
size_t output_length = 0;
|
||||
@ -393,7 +415,7 @@ std::vector<uint8_t> Gnss_Crypto::computeHMAC_SHA_256(const std::vector<uint8_t>
|
||||
EVP_MAC_free(mac);
|
||||
hmac.resize(output_length);
|
||||
output = hmac;
|
||||
#else
|
||||
#else // OpenSSL 1.x
|
||||
unsigned int outputLength = EVP_MAX_MD_SIZE;
|
||||
unsigned char* result = HMAC(EVP_sha256(), key.data(), key.size(), input.data(), input.size(), output.data(), &outputLength);
|
||||
if (result == nullptr)
|
||||
@ -405,14 +427,6 @@ std::vector<uint8_t> Gnss_Crypto::computeHMAC_SHA_256(const std::vector<uint8_t>
|
||||
// Resize the output vector to the actual length of the HMAC-SHA256 output
|
||||
output.resize(outputLength);
|
||||
#endif
|
||||
#else // GnuTLS
|
||||
std::vector<uint8_t> output_aux(32);
|
||||
gnutls_hmac_hd_t hmac;
|
||||
gnutls_hmac_init(&hmac, GNUTLS_MAC_SHA256, key.data(), key.size());
|
||||
gnutls_hmac(hmac, input.data(), input.size());
|
||||
gnutls_hmac_output(hmac, output_aux.data());
|
||||
output = output_aux;
|
||||
gnutls_hmac_deinit(hmac, output_aux.data());
|
||||
#endif
|
||||
return output;
|
||||
}
|
||||
@ -421,7 +435,43 @@ std::vector<uint8_t> Gnss_Crypto::computeHMAC_SHA_256(const std::vector<uint8_t>
|
||||
std::vector<uint8_t> Gnss_Crypto::computeCMAC_AES(const std::vector<uint8_t>& key, const std::vector<uint8_t>& input) const
|
||||
{
|
||||
std::vector<uint8_t> output(16);
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
#if HAVE_GNUTLS_MAC_AES_CMAC_128
|
||||
gnutls_hmac_hd_t hmac;
|
||||
|
||||
// Initialize the HMAC context with the CMAC algorithm and key
|
||||
int ret = gnutls_hmac_init(&hmac, GNUTLS_MAC_AES_CMAC_128, key.data(), key.size());
|
||||
if (ret != GNUTLS_E_SUCCESS)
|
||||
{
|
||||
LOG(INFO) << "OSNMA CMAC-AES: gnutls_hmac_init failed: " << gnutls_strerror(ret);
|
||||
return output;
|
||||
}
|
||||
|
||||
// Update the HMAC context with the input data
|
||||
ret = gnutls_hmac(hmac, input.data(), input.size());
|
||||
if (ret != GNUTLS_E_SUCCESS)
|
||||
{
|
||||
LOG(INFO) << "OSNMA CMAC-AES: gnutls_hmac failed: " << gnutls_strerror(ret);
|
||||
gnutls_hmac_deinit(hmac, nullptr);
|
||||
return output;
|
||||
}
|
||||
|
||||
// Retrieve the HMAC output
|
||||
gnutls_hmac_output(hmac, output.data());
|
||||
|
||||
// Clean up the HMAC context
|
||||
gnutls_hmac_deinit(hmac, nullptr);
|
||||
#else
|
||||
if (!key.empty())
|
||||
{
|
||||
// do nothing
|
||||
}
|
||||
if (!input.empty())
|
||||
{
|
||||
// do nothing
|
||||
}
|
||||
#endif
|
||||
#else // OpenSSL
|
||||
#if USE_OPENSSL_3
|
||||
std::vector<uint8_t> aux(EVP_MAX_MD_SIZE); // CMAC-AES output size
|
||||
size_t output_length = 0;
|
||||
@ -479,33 +529,47 @@ std::vector<uint8_t> Gnss_Crypto::computeCMAC_AES(const std::vector<uint8_t>& ke
|
||||
|
||||
aux.resize(output_length);
|
||||
output = aux;
|
||||
#else
|
||||
std::vector<uint8_t> mac(16); // CMAC-AES output size
|
||||
#else // OpenSSL 1.x
|
||||
size_t mac_length = 0; // to hold the length of the MAC output
|
||||
|
||||
// Create CMAC context
|
||||
CMAC_CTX* cmacCtx = CMAC_CTX_new();
|
||||
CMAC_Init(cmacCtx, key.data(), key.size(), EVP_aes_128_cbc(), nullptr);
|
||||
if (!cmacCtx)
|
||||
{
|
||||
LOG(INFO) << "OSNMA CMAC-AES: Failed to create CMAC context";
|
||||
return output;
|
||||
}
|
||||
|
||||
// Compute CMAC-AES
|
||||
CMAC_Update(cmacCtx, input.data(), input.size());
|
||||
CMAC_Final(cmacCtx, mac.data(), nullptr);
|
||||
// Initialize the CMAC context with the key and cipher
|
||||
if (CMAC_Init(cmacCtx, key.data(), key.size(), EVP_aes_128_cbc(), nullptr) != 1)
|
||||
{
|
||||
LOG(INFO) << "OSNMA CMAC-AES: MAC_Init failed";
|
||||
CMAC_CTX_free(cmacCtx);
|
||||
return output;
|
||||
}
|
||||
|
||||
// Compute the CMAC
|
||||
if (CMAC_Update(cmacCtx, input.data(), input.size()) != 1)
|
||||
{
|
||||
LOG(INFO) << "OSNMA CMAC-AES: CMAC_Update failed";
|
||||
CMAC_CTX_free(cmacCtx);
|
||||
return output;
|
||||
}
|
||||
|
||||
// Finalize the CMAC computation and retrieve the output
|
||||
if (CMAC_Final(cmacCtx, output.data(), &mac_length) != 1)
|
||||
{
|
||||
LOG(INFO) << "OSNMA CMAC-AES: CMAC_Final failed";
|
||||
CMAC_CTX_free(cmacCtx);
|
||||
return output;
|
||||
}
|
||||
|
||||
// Clean up CMAC context
|
||||
CMAC_CTX_free(cmacCtx);
|
||||
|
||||
output = mac;
|
||||
// Ensure the output vector is properly sized according to the actual MAC length
|
||||
output.resize(mac_length);
|
||||
#endif
|
||||
#else // GnuTLS
|
||||
gnutls_cipher_hd_t cipher;
|
||||
std::vector<uint8_t> mac(16);
|
||||
std::vector<uint8_t> message = input;
|
||||
gnutls_datum_t key_data = {const_cast<uint8_t*>(key.data()), static_cast<unsigned int>(key.size())};
|
||||
gnutls_cipher_init(&cipher, GNUTLS_CIPHER_AES_128_CBC, &key_data, nullptr);
|
||||
gnutls_cipher_set_iv(cipher, nullptr, 16); // Set IV to zero
|
||||
gnutls_cipher_encrypt(cipher, message.data(), message.size()); // Encrypt the message with AES-128
|
||||
gnutls_cipher_tag(cipher, mac.data(), mac.size()); // Get the CMAC-AES tag
|
||||
output = mac;
|
||||
gnutls_cipher_deinit(cipher);
|
||||
#endif
|
||||
return output;
|
||||
}
|
||||
@ -526,29 +590,9 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& pemFilePath)
|
||||
return;
|
||||
}
|
||||
std::string pemContent((std::istreambuf_iterator<char>(pemFile)), std::istreambuf_iterator<char>());
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
// Create a BIO object from the string data
|
||||
BIO* bio = BIO_new_mem_buf(pemContent.c_str(), pemContent.length());
|
||||
if (!bio)
|
||||
{
|
||||
std::cerr << "OpenSSL: error creating a BIO object with data read from file " << pemFilePath << ". Aborting import" << std::endl;
|
||||
return;
|
||||
}
|
||||
#if USE_OPENSSL_3
|
||||
d_PublicKey = PEM_read_bio_PUBKEY(bio, nullptr, nullptr, nullptr);
|
||||
#else
|
||||
d_PublicKey = PEM_read_bio_EC_PUBKEY(bio, nullptr, nullptr, nullptr);
|
||||
#endif
|
||||
BIO_free(bio);
|
||||
if (d_PublicKey == nullptr)
|
||||
{
|
||||
std::cerr << "OpenSSL: error reading the OSNMA Public Key from file " << pemFilePath << ". Aborting import" << std::endl;
|
||||
LOG(INFO) << "OpenSSL: error reading the OSNMA Public Key from file " << pemFilePath << ". Aborting import";
|
||||
return;
|
||||
}
|
||||
#else // GnuTLS
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
// Import the PEM data
|
||||
gnutls_datum_t pemDatum = {const_cast<unsigned char*>(reinterpret_cast<unsigned char*>(pemContent.data())), static_cast<unsigned int>(pemContent.size())};
|
||||
gnutls_datum_t pemDatum = {const_cast<unsigned char*>(reinterpret_cast<unsigned char*>(const_cast<char*>(pemContent.data()))), static_cast<unsigned int>(pemContent.size())};
|
||||
gnutls_pubkey_t pubkey;
|
||||
gnutls_pubkey_init(&pubkey);
|
||||
|
||||
@ -566,6 +610,26 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& pemFilePath)
|
||||
|
||||
pubkey_copy(pubkey, &d_PublicKey);
|
||||
gnutls_pubkey_deinit(pubkey);
|
||||
#else // OpenSSL
|
||||
// Create a BIO object from the string data
|
||||
BIO* bio = BIO_new_mem_buf(const_cast<char*>(pemContent.c_str()), pemContent.length());
|
||||
if (!bio)
|
||||
{
|
||||
std::cerr << "OpenSSL: error creating a BIO object with data read from file " << pemFilePath << ". Aborting import" << std::endl;
|
||||
return;
|
||||
}
|
||||
#if USE_OPENSSL_3
|
||||
d_PublicKey = PEM_read_bio_PUBKEY(bio, nullptr, nullptr, nullptr);
|
||||
#else // OpenSSL 1.x
|
||||
d_PublicKey = PEM_read_bio_EC_PUBKEY(bio, nullptr, nullptr, nullptr);
|
||||
#endif
|
||||
BIO_free(bio);
|
||||
if (d_PublicKey == nullptr)
|
||||
{
|
||||
std::cerr << "OpenSSL: error reading the OSNMA Public Key from file " << pemFilePath << ". Aborting import" << std::endl;
|
||||
LOG(INFO) << "OpenSSL: error reading the OSNMA Public Key from file " << pemFilePath << ". Aborting import";
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
std::cout << "OSNMA Public key successfully read from file " << pemFilePath << std::endl;
|
||||
LOG(INFO) << "OSNMA Public key successfully read from file " << pemFilePath;
|
||||
@ -574,57 +638,7 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& pemFilePath)
|
||||
|
||||
bool Gnss_Crypto::readPublicKeyFromCRT(const std::string& crtFilePath)
|
||||
{
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
// Open the .crt file
|
||||
std::ifstream crtFile(crtFilePath, std::ios::binary);
|
||||
if (!crtFile.is_open())
|
||||
{
|
||||
std::cerr << "Unable to open file: " << crtFilePath << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
// Read certificate
|
||||
std::vector<char> buffer((std::istreambuf_iterator<char>(crtFile)), std::istreambuf_iterator<char>());
|
||||
BIO* bio = BIO_new_mem_buf(buffer.data(), buffer.size());
|
||||
if (!bio)
|
||||
{
|
||||
std::cerr << "Unable to create BIO for file: " << crtFilePath << std::endl;
|
||||
return false;
|
||||
}
|
||||
X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
|
||||
if (!cert)
|
||||
{
|
||||
std::cerr << "Unable to read certificate from file: " << crtFilePath << std::endl;
|
||||
BIO_free(bio);
|
||||
return false;
|
||||
}
|
||||
|
||||
// Read the public key from the certificate
|
||||
EVP_PKEY* pubkey = X509_get_pubkey(cert);
|
||||
#if USE_OPENSSL_3
|
||||
if (!pubkey)
|
||||
{
|
||||
std::cerr << "Failed to extract the public key" << std::endl;
|
||||
X509_free(cert);
|
||||
return false;
|
||||
}
|
||||
pubkey_copy(pubkey, &d_PublicKey);
|
||||
EVP_PKEY_free(pubkey);
|
||||
#else
|
||||
EC_KEY* ec_pubkey = EVP_PKEY_get1_EC_KEY(pubkey);
|
||||
EVP_PKEY_free(pubkey);
|
||||
if (!ec_pubkey)
|
||||
{
|
||||
std::cerr << "Failed to extract the public key" << std::endl;
|
||||
X509_free(cert);
|
||||
return false;
|
||||
}
|
||||
pubkey_copy(ec_pubkey, &d_PublicKey);
|
||||
EC_KEY_free(ec_pubkey);
|
||||
#endif
|
||||
BIO_free(bio);
|
||||
X509_free(cert);
|
||||
#else // GnuTLS
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
// Open the .crt file
|
||||
std::ifstream crtFile(crtFilePath, std::ios::binary);
|
||||
if (!crtFile.is_open())
|
||||
@ -664,6 +678,56 @@ bool Gnss_Crypto::readPublicKeyFromCRT(const std::string& crtFilePath)
|
||||
pubkey_copy(pubkey, &d_PublicKey);
|
||||
gnutls_x509_crt_deinit(cert);
|
||||
gnutls_pubkey_deinit(pubkey);
|
||||
#else // OpenSSL
|
||||
// Open the .crt file
|
||||
std::ifstream crtFile(crtFilePath, std::ios::binary);
|
||||
if (!crtFile.is_open())
|
||||
{
|
||||
std::cerr << "Unable to open file: " << crtFilePath << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
// Read certificate
|
||||
std::vector<char> buffer((std::istreambuf_iterator<char>(crtFile)), std::istreambuf_iterator<char>());
|
||||
BIO* bio = BIO_new_mem_buf(buffer.data(), buffer.size());
|
||||
if (!bio)
|
||||
{
|
||||
std::cerr << "Unable to create BIO for file: " << crtFilePath << std::endl;
|
||||
return false;
|
||||
}
|
||||
X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
|
||||
if (!cert)
|
||||
{
|
||||
std::cerr << "Unable to read certificate from file: " << crtFilePath << std::endl;
|
||||
BIO_free(bio);
|
||||
return false;
|
||||
}
|
||||
|
||||
// Read the public key from the certificate
|
||||
EVP_PKEY* pubkey = X509_get_pubkey(cert);
|
||||
#if USE_OPENSSL_3
|
||||
if (!pubkey)
|
||||
{
|
||||
std::cerr << "Failed to extract the public key" << std::endl;
|
||||
X509_free(cert);
|
||||
return false;
|
||||
}
|
||||
pubkey_copy(pubkey, &d_PublicKey);
|
||||
EVP_PKEY_free(pubkey);
|
||||
#else // OpenSSL 1.x
|
||||
EC_KEY* ec_pubkey = EVP_PKEY_get1_EC_KEY(pubkey);
|
||||
EVP_PKEY_free(pubkey);
|
||||
if (!ec_pubkey)
|
||||
{
|
||||
std::cerr << "Failed to extract the public key" << std::endl;
|
||||
X509_free(cert);
|
||||
return false;
|
||||
}
|
||||
pubkey_copy(ec_pubkey, &d_PublicKey);
|
||||
EC_KEY_free(ec_pubkey);
|
||||
#endif
|
||||
BIO_free(bio);
|
||||
X509_free(cert);
|
||||
#endif
|
||||
std::cout << "OSNMA Public key successfully read from file " << crtFilePath << std::endl;
|
||||
LOG(INFO) << "OSNMA Public key successfully read from file " << crtFilePath;
|
||||
@ -680,7 +744,34 @@ bool Gnss_Crypto::verify_signature(const std::vector<uint8_t>& message, const st
|
||||
return false;
|
||||
}
|
||||
bool success = false;
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
#if HAVE_GNUTLS_SIGN_ECDSA_SHA256
|
||||
// Convert signature to DER format
|
||||
std::vector<uint8_t> der_sig;
|
||||
if (!convert_raw_to_der_ecdsa(signature, der_sig))
|
||||
{
|
||||
std::cerr << "Failed to convert raw ECDSA signature to DER format" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
// Prepare the digest datum
|
||||
gnutls_datum_t digest_data = {const_cast<unsigned char*>(digest.data()), static_cast<unsigned int>(digest.size())};
|
||||
gnutls_datum_t der_sig_data = {der_sig.data(), static_cast<unsigned int>(der_sig.size())};
|
||||
|
||||
// Verify the DER-encoded signature
|
||||
int ret = gnutls_pubkey_verify_hash2(d_PublicKey, GNUTLS_SIGN_ECDSA_SHA256, 0, &digest_data, &der_sig_data);
|
||||
success = (ret >= 0);
|
||||
if (success)
|
||||
{
|
||||
LOG(INFO) << "GnuTLS: OSNMA signature authenticated successfully";
|
||||
}
|
||||
else
|
||||
{
|
||||
std::cerr << "GnuTLS: OSNMA message authentication failed: " << gnutls_strerror(ret) << std::endl;
|
||||
LOG(WARNING) << "GnuTLS: OSNMA message authentication failed: " << gnutls_strerror(ret);
|
||||
}
|
||||
#endif
|
||||
#else // OpenSSL
|
||||
#if USE_OPENSSL_3
|
||||
EVP_PKEY_CTX* ctx;
|
||||
ctx = EVP_PKEY_CTX_new(d_PublicKey, nullptr);
|
||||
@ -753,7 +844,7 @@ bool Gnss_Crypto::verify_signature(const std::vector<uint8_t>& message, const st
|
||||
std::cerr << "OpenSSL: OSNMA message authentication failed: " << err << std::endl;
|
||||
LOG(WARNING) << "OpenSSL: OSNMA message authentication failed: " << err;
|
||||
}
|
||||
#else
|
||||
#else // OpenSSL 1.x
|
||||
std::vector<uint8_t> der_sig;
|
||||
if (!convert_raw_to_der_ecdsa(signature, der_sig))
|
||||
{
|
||||
@ -777,31 +868,6 @@ bool Gnss_Crypto::verify_signature(const std::vector<uint8_t>& message, const st
|
||||
LOG(WARNING) << "OpenSSL: OSNMA message authentication failed";
|
||||
}
|
||||
#endif
|
||||
#else // GnuTLS
|
||||
// Convert signature to DER format
|
||||
std::vector<uint8_t> der_sig;
|
||||
if (!convert_raw_to_der_ecdsa(signature, der_sig))
|
||||
{
|
||||
std::cerr << "Failed to convert raw ECDSA signature to DER format" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
// Prepare the digest datum
|
||||
gnutls_datum_t digest_data = {const_cast<unsigned char*>(digest.data()), static_cast<unsigned int>(digest.size())};
|
||||
gnutls_datum_t der_sig_data = {der_sig.data(), static_cast<unsigned int>(der_sig.size())};
|
||||
|
||||
// Verify the DER-encoded signature
|
||||
int ret = gnutls_pubkey_verify_hash2(d_PublicKey, GNUTLS_SIGN_ECDSA_SHA256, 0, &digest_data, &der_sig_data);
|
||||
success = (ret >= 0);
|
||||
if (success)
|
||||
{
|
||||
LOG(INFO) << "GnuTLS: OSNMA signature authenticated successfully";
|
||||
}
|
||||
else
|
||||
{
|
||||
std::cerr << "GnuTLS: OSNMA message authentication failed: " << gnutls_strerror(ret) << std::endl;
|
||||
LOG(WARNING) << "GnuTLS: OSNMA message authentication failed: " << gnutls_strerror(ret);
|
||||
}
|
||||
#endif
|
||||
return success;
|
||||
}
|
||||
@ -845,10 +911,24 @@ std::vector<uint8_t> Gnss_Crypto::getMerkleRoot(const std::vector<std::vector<ui
|
||||
|
||||
void Gnss_Crypto::set_public_key(const std::vector<uint8_t>& publicKey)
|
||||
{
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
gnutls_pubkey_t pubkey;
|
||||
gnutls_datum_t pemDatum = {const_cast<unsigned char*>(publicKey.data()), static_cast<unsigned int>(publicKey.size())};
|
||||
gnutls_pubkey_init(&pubkey);
|
||||
int ret = gnutls_pubkey_import(pubkey, &pemDatum, GNUTLS_X509_FMT_PEM);
|
||||
if (ret != GNUTLS_E_SUCCESS)
|
||||
{
|
||||
gnutls_pubkey_deinit(pubkey);
|
||||
std::cerr << "GnuTLS: error setting the public key" << std::endl;
|
||||
std::cerr << "GnuTLS error: " << gnutls_strerror(ret) << std::endl;
|
||||
return;
|
||||
}
|
||||
pubkey_copy(pubkey, &d_PublicKey);
|
||||
gnutls_pubkey_deinit(pubkey);
|
||||
#else // OpenSSL
|
||||
BIO* bio = nullptr;
|
||||
EVP_PKEY* pkey = nullptr;
|
||||
bio = BIO_new_mem_buf(publicKey.data(), publicKey.size());
|
||||
bio = BIO_new_mem_buf(const_cast<uint8_t*>(publicKey.data()), publicKey.size());
|
||||
if (!bio)
|
||||
{
|
||||
std::cerr << "Failed to create BIO for key \n";
|
||||
@ -876,22 +956,8 @@ void Gnss_Crypto::set_public_key(const std::vector<uint8_t>& publicKey)
|
||||
return;
|
||||
}
|
||||
EC_KEY_free(ec_pkey);
|
||||
#endif
|
||||
#endif // OpenSSL 1.x
|
||||
EVP_PKEY_free(pkey);
|
||||
#else // GnuTLS
|
||||
gnutls_pubkey_t pubkey;
|
||||
gnutls_datum_t pemDatum = {const_cast<unsigned char*>(publicKey.data()), static_cast<unsigned int>(publicKey.size())};
|
||||
gnutls_pubkey_init(&pubkey);
|
||||
int ret = gnutls_pubkey_import(pubkey, &pemDatum, GNUTLS_X509_FMT_PEM);
|
||||
if (ret != GNUTLS_E_SUCCESS)
|
||||
{
|
||||
gnutls_pubkey_deinit(pubkey);
|
||||
std::cerr << "GnuTLS: error setting the public key" << std::endl;
|
||||
std::cerr << "GnuTLS error: " << gnutls_strerror(ret) << std::endl;
|
||||
return;
|
||||
}
|
||||
pubkey_copy(pubkey, &d_PublicKey);
|
||||
gnutls_pubkey_deinit(pubkey);
|
||||
#endif
|
||||
LOG(INFO) << "OSNMA Public Key successfully set up.";
|
||||
}
|
||||
@ -945,7 +1011,45 @@ bool Gnss_Crypto::convert_raw_to_der_ecdsa(const std::vector<uint8_t>& raw_signa
|
||||
}
|
||||
|
||||
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#if USE_GNUTLS_FALLBACK // GnuTLS-specific functions
|
||||
bool Gnss_Crypto::pubkey_copy(gnutls_pubkey_t src, gnutls_pubkey_t* dest)
|
||||
{
|
||||
gnutls_datum_t key_datum;
|
||||
|
||||
// Export the public key from src to memory
|
||||
#if HAVE_GNUTLS_PUBKEY_EXPORT2
|
||||
int ret = gnutls_pubkey_export2(src, GNUTLS_X509_FMT_PEM, &key_datum);
|
||||
#else
|
||||
size_t output_stata_size;
|
||||
int ret = gnutls_pubkey_export(src, GNUTLS_X509_FMT_PEM, &key_datum, &output_stata_size);
|
||||
#endif
|
||||
if (ret < 0)
|
||||
{
|
||||
gnutls_free(key_datum.data);
|
||||
return false;
|
||||
}
|
||||
|
||||
// Initialize dest
|
||||
ret = gnutls_pubkey_init(dest);
|
||||
if (ret < 0)
|
||||
{
|
||||
gnutls_free(key_datum.data);
|
||||
return false;
|
||||
}
|
||||
|
||||
// Import the public key data from key_datum to dest
|
||||
ret = gnutls_pubkey_import(*dest, &key_datum, GNUTLS_X509_FMT_PEM);
|
||||
gnutls_free(key_datum.data);
|
||||
|
||||
if (ret < 0)
|
||||
{
|
||||
gnutls_pubkey_deinit(*dest);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
#else // OpenSSL
|
||||
#if USE_OPENSSL_3
|
||||
bool Gnss_Crypto::pubkey_copy(EVP_PKEY* src, EVP_PKEY** dest)
|
||||
{
|
||||
@ -1036,41 +1140,5 @@ bool Gnss_Crypto::pubkey_copy(EC_KEY* src, EC_KEY** dest)
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#else // GnuTLS-specific functions
|
||||
|
||||
bool Gnss_Crypto::pubkey_copy(gnutls_pubkey_t src, gnutls_pubkey_t* dest)
|
||||
{
|
||||
gnutls_datum_t key_datum;
|
||||
|
||||
// Export the public key from src to memory
|
||||
int ret = gnutls_pubkey_export2(src, GNUTLS_X509_FMT_PEM, &key_datum);
|
||||
if (ret < 0)
|
||||
{
|
||||
gnutls_free(key_datum.data);
|
||||
return false;
|
||||
}
|
||||
|
||||
// Initialize dest
|
||||
ret = gnutls_pubkey_init(dest);
|
||||
if (ret < 0)
|
||||
{
|
||||
gnutls_free(key_datum.data);
|
||||
return false;
|
||||
}
|
||||
|
||||
// Import the public key data from key_datum to dest
|
||||
ret = gnutls_pubkey_import(*dest, &key_datum, GNUTLS_X509_FMT_PEM);
|
||||
gnutls_free(key_datum.data);
|
||||
|
||||
if (ret < 0)
|
||||
{
|
||||
gnutls_pubkey_deinit(*dest);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
#endif
|
||||
|
@ -22,10 +22,11 @@
|
||||
#include <cstdint>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#include <openssl/ec.h>
|
||||
#else
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
#include <gnutls/abstract.h>
|
||||
#include <gnutls/gnutls.h>
|
||||
#else // OpenSSL
|
||||
#include <openssl/ec.h>
|
||||
#endif
|
||||
|
||||
/** \addtogroup Core
|
||||
@ -60,7 +61,10 @@ private:
|
||||
bool readPublicKeyFromCRT(const std::string& crtFilePath);
|
||||
bool convert_raw_to_der_ecdsa(const std::vector<uint8_t>& raw_signature, std::vector<uint8_t>& der_signature) const;
|
||||
std::vector<uint8_t> convert_from_hex_str(const std::string& input) const;
|
||||
#if USE_OPENSSL_FALLBACK
|
||||
#if USE_GNUTLS_FALLBACK
|
||||
bool pubkey_copy(gnutls_pubkey_t src, gnutls_pubkey_t* dest);
|
||||
gnutls_pubkey_t d_PublicKey{};
|
||||
#else // OpenSSL
|
||||
#if USE_OPENSSL_3
|
||||
bool pubkey_copy(EVP_PKEY* src, EVP_PKEY** dest);
|
||||
EVP_PKEY* d_PublicKey{};
|
||||
@ -68,9 +72,6 @@ private:
|
||||
bool pubkey_copy(EC_KEY* src, EC_KEY** dest);
|
||||
EC_KEY* d_PublicKey = nullptr;
|
||||
#endif
|
||||
#else // GnuTLS
|
||||
bool pubkey_copy(gnutls_pubkey_t src, gnutls_pubkey_t* dest);
|
||||
gnutls_pubkey_t d_PublicKey{};
|
||||
#endif
|
||||
std::vector<uint8_t> d_x_4_0;
|
||||
std::vector<uint8_t> d_x_3_1;
|
||||
@ -82,4 +83,5 @@ private:
|
||||
|
||||
/** \} */
|
||||
/** \} */
|
||||
|
||||
#endif // GNSS_SDR_GNSS_CRYPTO_H
|
@ -18,6 +18,7 @@
|
||||
#include <bitset>
|
||||
#include <iomanip>
|
||||
#include <ios>
|
||||
#include <sstream>
|
||||
|
||||
uint32_t Osnma_Helper::compute_gst(uint32_t WN, uint32_t TOW) const
|
||||
{
|
||||
|
@ -1367,6 +1367,9 @@ if(NOT ENABLE_PACKAGING AND NOT ENABLE_FPGA)
|
||||
GTest::GTest
|
||||
GTest::Main
|
||||
core_libs
|
||||
Gnuradio::blocks
|
||||
Gnuradio::runtime
|
||||
Gnuradio::filter # workaround for old systems
|
||||
)
|
||||
if(ENABLE_GLOG_AND_GFLAGS)
|
||||
target_link_libraries(osnma_msg_receiver_test PRIVATE Gflags::gflags Glog::glog)
|
||||
|
@ -104,10 +104,15 @@ macro(add_benchmark)
|
||||
)
|
||||
endmacro()
|
||||
|
||||
set(EXTRA_BENCHMARK_DEPENDENCIES "")
|
||||
if(ENABLE_GLOG_AND_GFLAGS)
|
||||
set(EXTRA_BENCHMARK_DEPENDENCIES "Gflags::gflags;Glog::glog")
|
||||
endif()
|
||||
|
||||
add_benchmark(benchmark_copy)
|
||||
add_benchmark(benchmark_preamble core_system_parameters)
|
||||
add_benchmark(benchmark_detector core_system_parameters)
|
||||
add_benchmark(benchmark_reed_solomon core_system_parameters)
|
||||
add_benchmark(benchmark_preamble core_system_parameters ${EXTRA_BENCHMARK_DEPENDENCIES})
|
||||
add_benchmark(benchmark_detector core_system_parameters ${EXTRA_BENCHMARK_DEPENDENCIES})
|
||||
add_benchmark(benchmark_reed_solomon core_system_parameters ${EXTRA_BENCHMARK_DEPENDENCIES})
|
||||
add_benchmark(benchmark_atan2 Gnuradio::runtime)
|
||||
|
||||
if(has_std_plus_void)
|
||||
|
@ -1,11 +1,15 @@
|
||||
#include <gtest/gtest.h>
|
||||
#include <bitset>
|
||||
#include <filesystem>
|
||||
#include <chrono>
|
||||
#include <fstream>
|
||||
#include <logging.h>
|
||||
#include <osnma_msg_receiver.h>
|
||||
#include <vector>
|
||||
|
||||
#if USE_GLOG_AND_GFLAGS
|
||||
#include <glog/logging.h> // for LOG
|
||||
#else
|
||||
#include <absl/log/log.h>
|
||||
#endif
|
||||
|
||||
struct TestVector
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user