From d79ee8497f7ad4aaf61d812c2933a034b2c61c60 Mon Sep 17 00:00:00 2001 From: Carles Fernandez Date: Sat, 13 Jul 2024 07:19:32 +0200 Subject: [PATCH] Store public key when received from a DSM-PKR message --- src/core/libs/osnma_msg_receiver.cc | 1 + src/core/system_parameters/Galileo_OSNMA.h | 2 +- src/core/system_parameters/gnss_crypto.cc | 62 +++++----------------- src/core/system_parameters/gnss_crypto.h | 4 +- 4 files changed, 16 insertions(+), 53 deletions(-) diff --git a/src/core/libs/osnma_msg_receiver.cc b/src/core/libs/osnma_msg_receiver.cc index 74b46f7dc..43e62a738 100644 --- a/src/core/libs/osnma_msg_receiver.cc +++ b/src/core/libs/osnma_msg_receiver.cc @@ -568,6 +568,7 @@ void osnma_msg_receiver::process_dsm_message(const std::vector& dsm_msg { d_public_key_verified = true; d_crypto->set_public_key(d_osnma_data.d_dsm_pkr_message.npk); + d_crypto->store_public_key(PEMFILE_STORED); } } } diff --git a/src/core/system_parameters/Galileo_OSNMA.h b/src/core/system_parameters/Galileo_OSNMA.h index bc919c4b3..6032be061 100644 --- a/src/core/system_parameters/Galileo_OSNMA.h +++ b/src/core/system_parameters/Galileo_OSNMA.h @@ -160,7 +160,7 @@ const std::unordered_map OSNMA_TABLE_15 = { {std::string("SHA-256"), 512}, {std::string("SHA-512"), 1056}}; // key: ECDSA Curve and hash function, value: {l_ds_bits} -const std::string PEMFILE_DEFAULT("../data/OSNMA_PublicKey_20240115100000_newPKID_1.pem"); +const std::string PEMFILE_STORED("./OSNMA_PublicKey.pem"); const std::string CRTFILE_DEFAULT("../data/OSNMA_PublicKey_20240115100000_newPKID_1.crt"); const std::string MERKLEFILE_DEFAULT("../data/OSNMA_MerkleTree_20240115100000_newPKID_1.xml"); diff --git a/src/core/system_parameters/gnss_crypto.cc b/src/core/system_parameters/gnss_crypto.cc index a41159abd..b7595fa59 100644 --- a/src/core/system_parameters/gnss_crypto.cc +++ b/src/core/system_parameters/gnss_crypto.cc @@ -94,6 +94,10 @@ Gnss_Crypto::Gnss_Crypto(const std::string& certFilePath, const std::string& mer if (!readPublicKeyFromCRT(certFilePath)) { readPublicKeyFromPEM(certFilePath); + if (!have_public_key()) + { + readPublicKeyFromPEM(PEMFILE_STORED); + } } read_merkle_xml(merkleTreePath); } @@ -160,7 +164,7 @@ void Gnss_Crypto::read_merkle_xml(const std::string& merkleFilePath) // If it was not the default, maybe it is a configuration error, warn user if (merkleFilePath != MERKLEFILE_DEFAULT) { - std::cerr << "File " << merkleFilePath << " not found" << std::endl; + LOG(INFO) << "File " << merkleFilePath << " not found"; } // fill default values d_x_4_0 = convert_from_hex_str("C5B2A3BD24E819EF82B17ACE83C0E7F41D34AC9B488CB7CE4D765FDE7DCA0297"); @@ -581,12 +585,6 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& pemFilePath) std::ifstream pemFile(pemFilePath); if (!pemFile) { - // PEM file not found - // If it was not the default, maybe it is a configuration error - if (pemFilePath != PEMFILE_DEFAULT) - { - std::cerr << "File " << pemFilePath << " not found" << std::endl; - } return; } std::string pemContent((std::istreambuf_iterator(pemFile)), std::istreambuf_iterator()); @@ -659,7 +657,7 @@ bool Gnss_Crypto::readPublicKeyFromCRT(const std::string& crtFilePath) int ret = gnutls_x509_crt_import(cert, (const gnutls_datum_t*)&buffer, GNUTLS_X509_FMT_PEM); if (ret < 0) { - std::cerr << "Failed to import certificate: " << gnutls_strerror(ret) << std::endl; + LOG(INFO) << "GnuTLS: Failed to import certificate: " << gnutls_strerror(ret); gnutls_x509_crt_deinit(cert); return false; } @@ -670,7 +668,7 @@ bool Gnss_Crypto::readPublicKeyFromCRT(const std::string& crtFilePath) ret = gnutls_pubkey_import_x509(pubkey, cert, 0); if (ret < 0) { - std::cerr << "Failed to import public key: " << gnutls_strerror(ret) << std::endl; + LOG(INFO) << "GnuTLS: Failed to import public key: " << gnutls_strerror(ret); gnutls_pubkey_deinit(pubkey); gnutls_x509_crt_deinit(cert); return false; @@ -683,7 +681,7 @@ bool Gnss_Crypto::readPublicKeyFromCRT(const std::string& crtFilePath) std::ifstream crtFile(crtFilePath, std::ios::binary); if (!crtFile.is_open()) { - std::cerr << "Unable to open file: " << crtFilePath << std::endl; + LOG(INFO) << "OpenSSL: Unable to open file: " << crtFilePath; return false; } @@ -692,13 +690,13 @@ bool Gnss_Crypto::readPublicKeyFromCRT(const std::string& crtFilePath) BIO* bio = BIO_new_mem_buf(buffer.data(), buffer.size()); if (!bio) { - std::cerr << "Unable to create BIO for file: " << crtFilePath << std::endl; + LOG(INFO) << "OpenSSL: Unable to create BIO for file: " << crtFilePath; return false; } X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr); if (!cert) { - std::cerr << "Unable to read certificate from file: " << crtFilePath << std::endl; + LOG(INFO) << "OpenSSL: Unable to read certificate from file: " << crtFilePath; BIO_free(bio); return false; } @@ -708,7 +706,7 @@ bool Gnss_Crypto::readPublicKeyFromCRT(const std::string& crtFilePath) #if USE_OPENSSL_3 if (!pubkey) { - std::cerr << "Failed to extract the public key" << std::endl; + LOG(INFO) << "OpenSSL: Failed to extract the public key"; X509_free(cert); return false; } @@ -719,7 +717,7 @@ bool Gnss_Crypto::readPublicKeyFromCRT(const std::string& crtFilePath) EVP_PKEY_free(pubkey); if (!ec_pubkey) { - std::cerr << "Failed to extract the public key" << std::endl; + LOG(INFO) << "OpenSSL: Failed to extract the public key"; X509_free(cert); return false; } @@ -873,42 +871,6 @@ bool Gnss_Crypto::verify_signature(const std::vector& message, const st } -std::vector Gnss_Crypto::getMerkleRoot(const std::vector>& merkle) const -{ - if (merkle.empty()) - { - return {}; - } - else if (merkle.size() == 1) - { - return this->computeSHA3_256(merkle[0]); - } - - std::vector> new_merkle = merkle; - - while (new_merkle.size() > 1) - { - if (new_merkle.size() % 2 == 1) - { - new_merkle.push_back(merkle.back()); - } - - std::vector> result; - - for (size_t i = 0; i < new_merkle.size(); i += 2) - { - std::vector var1 = this->computeSHA3_256(new_merkle[i]); - std::vector var2 = this->computeSHA3_256(new_merkle[i + 1]); - var1.insert(var1.end(), var2.begin(), var2.end()); - std::vector hash = this->computeSHA3_256(var1); - result.push_back(hash); - } - new_merkle = result; - } - return new_merkle[0]; -} - - void Gnss_Crypto::set_public_key(const std::vector& publicKey) { #if USE_GNUTLS_FALLBACK diff --git a/src/core/system_parameters/gnss_crypto.h b/src/core/system_parameters/gnss_crypto.h index fccf1b23c..95db7032a 100644 --- a/src/core/system_parameters/gnss_crypto.h +++ b/src/core/system_parameters/gnss_crypto.h @@ -45,12 +45,12 @@ public: bool have_public_key() const; bool verify_signature(const std::vector& message, const std::vector& signature) const; bool store_public_key(const std::string& pubKeyFilePath) const; + std::vector getPublicKey() const; std::vector computeSHA256(const std::vector& input) const; std::vector computeSHA3_256(const std::vector& input) const; std::vector computeHMAC_SHA_256(const std::vector& key, const std::vector& input) const; std::vector computeCMAC_AES(const std::vector& key, const std::vector& input) const; - std::vector getMerkleRoot(const std::vector>& merkle) const; - std::vector getPublicKey() const; + inline std::vector getMerkleRoot() const { return d_x_4_0;