diff --git a/Images/WS_ISO15118_2_Cert_Error.png b/Images/WS_ISO15118_2_Cert_Error.png new file mode 100644 index 0000000..a4049e6 Binary files /dev/null and b/Images/WS_ISO15118_2_Cert_Error.png differ diff --git a/Installer/InstallerScript.iss b/Installer/InstallerScript.iss index 3ff0441..757e508 100644 --- a/Installer/InstallerScript.iss +++ b/Installer/InstallerScript.iss @@ -1,5 +1,5 @@ // DO NOT CHANGE VERSION HERE! Run update_version.bat -#define AppVer "1.4.2" +#define AppVer "1.4.3" #define AppId "dsV2Gshark" [Setup] diff --git a/README.md b/README.md index ff0730e..27403aa 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,8 @@ [![Release](https://img.shields.io/github/v/release/dspace-group/dsV2Gshark?label=release)](https://github.com/dspace-group/dsV2Gshark/releases) [![dSPACE](https://img.shields.io/badge/-OpenSource%20powered%20by%20dSPACE-blue)](https://www.dspace.com/) -## ❗Wireshark 4.4+ requires dsV2Gshark 1.4.2 or higher❗ +> [!IMPORTANT] +**Wireshark 4.4+ requires dsV2Gshark 1.4.2 or higher** ## Overview This Wireshark plugin allows to analyze and decode packets between electric vehicles (EV) and charging stations (EVSE), also known as V2G messages. @@ -22,7 +23,7 @@ This Wireshark plugin allows to analyze and decode packets between electric vehi - Additional analysis features: - Validation of V2G messages according to XSD specification - Certificate information details for Plug & Charge (PnC) - - Live TLS decryption + - Live TLS decryption (requires secret disclosure) - LLC diagnostics via HomePlug AV packets for sniffer and debug packets - Automatic schema detection - Detect schema automatically in case of missing SDP or SAP @@ -31,9 +32,14 @@ This Wireshark plugin allows to analyze and decode packets between electric vehi - Wireshark I/O Graph support for V2G packets ### Live TLS Decryption +> [!IMPORTANT] +To decrypt a TLS session, you need a compatible device (like the dSPACE DS5366) that is capable of disclosing the TLS secret during or after the handshake. Please note that this feature is not available on productive devices. It is not possible to decrypt regular TLS sessions. +If a session with a disclosed TLS secret was recorded without dsV2Gshark being installed, you can still decrypt the data by installing dsV2Gshark afterwards. + The plugin processes a TLS master secret disclosure packet after handshake to decode the following V2G session. The disclosure message is a UDP packet within the source port range 49152-65535 (see Wireshark protocol settings) containing the ASCII string `CLIENT_RANDOM <32-byte client random> <48-byte master secret>` as payload data (TLS 1.2). This disclosure message has to be sent from one of the communication partners in a testing environment. For TLS 1.3 decryption you have to provide different secrets: `CLIENT_HANDSHAKE_TRAFFIC_SECRET`, `SERVER_HANDSHAKE_TRAFFIC_SECRET`, `EXPORTER_SECRET`, `CLIENT_TRAFFIC_SECRET_`, `SERVER_TRAFFIC_SECRET_`. You can send one UDP packet for each secret or combine the secrets in one UDP packet (separated by line breaks). +> [!NOTE] In order to autodecrypt charging sessions using non-GUI versions of Wireshark (e.g. tshark), the full PCAP must be parsed twice. This is because there is no matching redissection trigger available in the Wireshark API. ### Wireshark I/O Graph @@ -86,6 +92,8 @@ Click on a packet in the graph to inspect it in the Wireshark main window. Press ![ISO 15118-2 Certificates](Images/WS_ISO15118_2_Certificate.png) ### Message Validation ![ISO 15118-20 Message Validation](Images/WS_ISO15118_20_MsgValidation.png) +### Certificate Check +![ISO 15118-2 Certificate Check](Images/WS_ISO15118_2_Cert_Error.png) ### Live TLS Decryption ![ISO 15118-2 Live TLS](Images/WS_ISO15118_2_LiveTLS.png) ### Filter Buttons diff --git a/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/gnutls.h b/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/gnutls.h index fdd76ef..50ab8b6 100644 --- a/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/gnutls.h +++ b/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/gnutls.h @@ -49,14 +49,14 @@ extern "C" { #endif -#define GNUTLS_VERSION "3.8.3" +#define GNUTLS_VERSION "3.8.4" /* clang-format off */ #define GNUTLS_VERSION_MAJOR 3 #define GNUTLS_VERSION_MINOR 8 -#define GNUTLS_VERSION_PATCH 3 +#define GNUTLS_VERSION_PATCH 4 -#define GNUTLS_VERSION_NUMBER 0x030803 +#define GNUTLS_VERSION_NUMBER 0x030804 /* clang-format on */ #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC @@ -876,6 +876,7 @@ typedef enum gnutls_certificate_print_formats { * gnutls_pk_algorithm_t: * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm. * @GNUTLS_PK_RSA: RSA public-key algorithm. + * @GNUTLS_PK_RSA_OAEP: RSA public-key algorithm, with OAEP padding. * @GNUTLS_PK_RSA_PSS: RSA public-key algorithm, with PSS padding. * @GNUTLS_PK_DSA: DSA public-key algorithm. * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters. @@ -904,7 +905,8 @@ typedef enum { GNUTLS_PK_GOST_12_512 = 10, GNUTLS_PK_ECDH_X448 = 11, GNUTLS_PK_EDDSA_ED448 = 12, - GNUTLS_PK_MAX = GNUTLS_PK_EDDSA_ED448 + GNUTLS_PK_RSA_OAEP = 13, + GNUTLS_PK_MAX = GNUTLS_PK_RSA_OAEP } gnutls_pk_algorithm_t; const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm); diff --git a/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/gnutlsxx.h b/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/gnutlsxx.h new file mode 100644 index 0000000..673cf53 --- /dev/null +++ b/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/gnutlsxx.h @@ -0,0 +1,1267 @@ +/* + * Copyright (C) 2006-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifndef GNUTLS_GNUTLSXX_H +#define GNUTLS_GNUTLSXX_H + +#include +#include +#include + +namespace gnutls +{ + +class noncopyable { + protected: + noncopyable() + { + } + ~noncopyable() + { + } + + private: + /* These are non-implemented. + */ + noncopyable(const noncopyable &); + noncopyable &operator=(const noncopyable &); +}; + +class exception : public std::exception { + public: + explicit exception(int x); + const char *what() const throw(); + int get_code(); + + protected: + int retcode; +}; + +class dh_params : private noncopyable { + public: + dh_params(); + ~dh_params(); + void import_raw(const gnutls_datum_t &prime, + const gnutls_datum_t &generator); + void import_pkcs3(const gnutls_datum_t &pkcs3_params, + gnutls_x509_crt_fmt_t format); + void generate(unsigned int bits); + + void export_pkcs3(gnutls_x509_crt_fmt_t format, + unsigned char *params_data, size_t *params_data_size); + void export_raw(gnutls_datum_t &prime, gnutls_datum_t &generator); + + gnutls_dh_params_t get_params_t() const; + dh_params &operator=(const dh_params &src); + + protected: + gnutls_dh_params_t params; +}; + +class rsa_params : private noncopyable { + public: + rsa_params(); + ~rsa_params(); + void import_raw(const gnutls_datum_t &m, const gnutls_datum_t &e, + const gnutls_datum_t &d, const gnutls_datum_t &p, + const gnutls_datum_t &q, const gnutls_datum_t &u); + void import_pkcs1(const gnutls_datum_t &pkcs1_params, + gnutls_x509_crt_fmt_t format); + void generate(unsigned int bits); + + void export_pkcs1(gnutls_x509_crt_fmt_t format, + unsigned char *params_data, size_t *params_data_size); + void export_raw(gnutls_datum_t &m, gnutls_datum_t &e, gnutls_datum_t &d, + gnutls_datum_t &p, gnutls_datum_t &q, + gnutls_datum_t &u); + gnutls_rsa_params_t get_params_t() const; + rsa_params &operator=(const rsa_params &src); + + protected: + gnutls_rsa_params_t params; +}; + +class session : private noncopyable { + protected: + gnutls_session_t s; + + public: + explicit session(unsigned int); + virtual ~session(); + + gnutls_session_t ptr(); + int bye(gnutls_close_request_t how); + int handshake(); + + gnutls_alert_description_t get_alert() const; + + int send_alert(gnutls_alert_level_t level, + gnutls_alert_description_t desc); + int send_appropriate_alert(int err); + + gnutls_cipher_algorithm_t get_cipher() const; + gnutls_kx_algorithm_t get_kx() const; + gnutls_mac_algorithm_t get_mac() const; + gnutls_compression_method_t get_compression() const; + gnutls_certificate_type_t get_certificate_type() const; + + /* for the handshake + */ + void set_private_extensions(bool allow); + + gnutls_handshake_description_t get_handshake_last_out() const; + gnutls_handshake_description_t get_handshake_last_in() const; + + ssize_t send(const void *data, size_t sizeofdata); + ssize_t recv(void *data, size_t sizeofdata); + + bool get_record_direction() const; + + /* maximum packet size + */ + size_t get_max_size() const; + void set_max_size(size_t size); + + size_t check_pending() const; + + void prf(size_t label_size, const char *label, int server_random_first, + size_t extra_size, const char *extra, size_t outsize, + char *out); + + void prf_raw(size_t label_size, const char *label, size_t seed_size, + const char *seed, size_t outsize, char *out); + + /* if you just want some defaults, use the following. + */ + void set_priority(const char *prio, const char **err_pos); + void set_priority(gnutls_priority_t p); + + gnutls_protocol_t get_protocol_version() const; + + /* for resuming sessions + */ + void set_data(const void *session_data, size_t session_data_size); + void get_data(void *session_data, size_t *session_data_size) const; + void get_data(gnutls_session_t session, gnutls_datum_t &data) const; + void get_id(void *session_id, size_t *session_id_size) const; + + bool is_resumed() const; + + void set_max_handshake_packet_length(size_t max); + + void clear_credentials(); + void set_credentials(const class credentials &cred); + + void set_transport_ptr(gnutls_transport_ptr_t ptr); + void set_transport_ptr(gnutls_transport_ptr_t recv_ptr, + gnutls_transport_ptr_t send_ptr); + gnutls_transport_ptr_t get_transport_ptr() const; + void get_transport_ptr(gnutls_transport_ptr_t &recv_ptr, + gnutls_transport_ptr_t &send_ptr) const; + + void set_transport_lowat(size_t num); + void set_transport_push_function(gnutls_push_func push_func); + void + set_transport_vec_push_function(gnutls_vec_push_func vec_push_func); + void set_transport_pull_function(gnutls_pull_func pull_func); + void set_transport_pull_timeout_function( + gnutls_pull_timeout_func pull_timeout_func); + + void set_user_ptr(void *ptr); + void *get_user_ptr() const; + + void send_openpgp_cert(gnutls_openpgp_crt_status_t status); + + gnutls_credentials_type_t get_auth_type() const; + gnutls_credentials_type_t get_server_auth_type() const; + gnutls_credentials_type_t get_client_auth_type() const; + + /* informational stuff + */ + void set_dh_prime_bits(unsigned int bits); + unsigned int get_dh_secret_bits() const; + unsigned int get_dh_peers_public_bits() const; + unsigned int get_dh_prime_bits() const; + void get_dh_group(gnutls_datum_t &gen, gnutls_datum_t &prime) const; + void get_dh_pubkey(gnutls_datum_t &raw_key) const; + void get_rsa_export_pubkey(gnutls_datum_t &exponent, + gnutls_datum_t &modulus) const; + unsigned int get_rsa_export_modulus_bits() const; + + void get_our_certificate(gnutls_datum_t &cert) const; + bool + get_peers_certificate(std::vector &out_certs) const; + bool get_peers_certificate(const gnutls_datum_t **certs, + unsigned int *certs_size) const; + + time_t get_peers_certificate_activation_time() const; + time_t get_peers_certificate_expiration_time() const; + void verify_peers_certificate(unsigned int &status) const; +}; + +/* interface for databases + */ +class DB : private noncopyable { + public: + virtual ~DB() = 0; + virtual bool store(const gnutls_datum_t &key, + const gnutls_datum_t &data) = 0; + virtual bool retrieve(const gnutls_datum_t &key, + gnutls_datum_t &data) = 0; + virtual bool remove(const gnutls_datum_t &key) = 0; +}; + +class server_session : public session { + public: + server_session(); + explicit server_session(int flags); + ~server_session(); + void db_remove() const; + + void set_db_cache_expiration(unsigned int seconds); + void set_db(const DB &db); + + /* returns true if session is expired + */ + bool db_check_entry(const gnutls_datum_t &session_data) const; + + /* server side only + */ + const char *get_srp_username() const; + const char *get_psk_username() const; + + void get_server_name(void *data, size_t *data_length, + unsigned int *type, unsigned int indx) const; + + int rehandshake(); + void set_certificate_request(gnutls_certificate_request_t); +}; + +class client_session : public session { + public: + client_session(); + explicit client_session(int flags); + ~client_session(); + + void set_verify_cert(const char *hostname, unsigned flags); + void set_server_name(gnutls_server_name_type_t type, const void *name, + size_t name_length); + + bool get_request_status(); +}; + +class credentials : private noncopyable { + public: + virtual ~credentials() + { + } + gnutls_credentials_type_t get_type() const; + + protected: + friend class session; + explicit credentials(gnutls_credentials_type_t t); + void *ptr() const; + void set_ptr(void *ptr); + gnutls_credentials_type_t type; + + private: + void *cred; +}; + +class certificate_credentials : public credentials { + public: + ~certificate_credentials(); + certificate_credentials(); + + void free_keys(); + void free_cas(); + void free_ca_names(); + void free_crls(); + + void set_dh_params(const dh_params ¶ms); + void set_rsa_export_params(const rsa_params ¶ms); + void set_verify_flags(unsigned int flags); + void set_verify_limits(unsigned int max_bits, unsigned int max_depth); + + void set_x509_trust_file(const char *cafile, + gnutls_x509_crt_fmt_t type); + void set_x509_trust(const gnutls_datum_t &CA, + gnutls_x509_crt_fmt_t type); + + void set_x509_trust(gnutls_x509_crt_t *ca_list, int ca_list_size); + + void set_x509_crl_file(const char *crlfile, gnutls_x509_crt_fmt_t type); + void set_x509_crl(const gnutls_datum_t &CRL, + gnutls_x509_crt_fmt_t type); + void set_x509_crl(gnutls_x509_crl_t *crl_list, int crl_list_size); + + void set_x509_key_file(const char *certfile, const char *KEYFILE, + gnutls_x509_crt_fmt_t type); + void set_x509_key(const gnutls_datum_t &CERT, const gnutls_datum_t &KEY, + gnutls_x509_crt_fmt_t type); + + void set_x509_key(gnutls_x509_crt_t *cert_list, int cert_list_size, + gnutls_x509_privkey_t key); + + void set_simple_pkcs12_file(const char *pkcs12file, + gnutls_x509_crt_fmt_t type, + const char *password); + + void set_retrieve_function(gnutls_certificate_retrieve_function *func); + + protected: + gnutls_certificate_credentials_t cred; +}; + +class certificate_server_credentials : public certificate_credentials { + public: + void set_params_function(gnutls_params_function *func); +}; + +class certificate_client_credentials : public certificate_credentials { + public: +}; + +class anon_server_credentials : public credentials { + public: + anon_server_credentials(); + ~anon_server_credentials(); + void set_dh_params(const dh_params ¶ms); + void set_params_function(gnutls_params_function *func); + + protected: + gnutls_anon_server_credentials_t cred; +}; + +class anon_client_credentials : public credentials { + public: + anon_client_credentials(); + ~anon_client_credentials(); + + protected: + gnutls_anon_client_credentials_t cred; +}; + +class srp_server_credentials : public credentials { + public: + srp_server_credentials(); + ~srp_server_credentials(); + void set_credentials_file(const char *password_file, + const char *password_conf_file); + void + set_credentials_function(gnutls_srp_server_credentials_function *func); + + protected: + gnutls_srp_server_credentials_t cred; +}; + +class srp_client_credentials : public credentials { + public: + srp_client_credentials(); + ~srp_client_credentials(); + void set_credentials(const char *username, const char *password); + void + set_credentials_function(gnutls_srp_client_credentials_function *func); + + protected: + gnutls_srp_client_credentials_t cred; +}; + +class psk_server_credentials : public credentials { + public: + psk_server_credentials(); + ~psk_server_credentials(); + void set_credentials_file(const char *password_file); + void + set_credentials_function(gnutls_psk_server_credentials_function *func); + void set_dh_params(const dh_params ¶ms); + void set_params_function(gnutls_params_function *func); + + protected: + gnutls_psk_server_credentials_t cred; +}; + +class psk_client_credentials : public credentials { + public: + psk_client_credentials(); + ~psk_client_credentials(); + void set_credentials(const char *username, const gnutls_datum_t &key, + gnutls_psk_key_flags flags); + void + set_credentials_function(gnutls_psk_client_credentials_function *func); + + protected: + gnutls_psk_client_credentials_t cred; +}; + +/* By default, we provide the function definitions, which allows users + of the library to use the C++ header and link against the C + library. However, if GNUTLS_GNUTLSXX_NO_HEADERONLY is defined, then + the definitions are not necessary, as the user is expected to link + to the C++ library. (Which is provided for backwards-compatibility.) + + All applications using GnuTLS of version less than 3.8.0 use the + C++ library. Applications using GnuTLS 3.8.0 or above will use by + default the C library with the C++ "header-only" header, but they + still have the option to link to the C++ library instead if they + wish, and if so, they must also define + GNUTLS_GNUTLSXX_NO_HEADERONLY in their compilation step. + */ +#ifndef GNUTLS_GNUTLSXX_NO_HEADERONLY + +inline static int RETWRAP(int ret) +{ + if (ret < 0) + throw(exception(ret)); + return ret; +} + +session::session(unsigned int flags) +{ + RETWRAP(gnutls_init(&s, flags)); +} + +session::~session() +{ + gnutls_deinit(s); +} + +gnutls_session_t session::ptr() +{ + return s; +} + +int session::bye(gnutls_close_request_t how) +{ + return RETWRAP(gnutls_bye(s, how)); +} + +int session::handshake() +{ + return RETWRAP(gnutls_handshake(s)); +} + +server_session::server_session() + : session(GNUTLS_SERVER) +{ +} + +server_session::server_session(int flags) + : session(GNUTLS_SERVER | (flags & ~GNUTLS_CLIENT)) +{ +} + +server_session::~server_session() +{ +} + +int server_session::rehandshake() +{ + return RETWRAP(gnutls_rehandshake(s)); +} + +gnutls_alert_description_t session::get_alert() const +{ + return gnutls_alert_get(s); +} +int session::send_alert(gnutls_alert_level_t level, + gnutls_alert_description_t desc) +{ + return RETWRAP(gnutls_alert_send(s, level, desc)); +} + +int session::send_appropriate_alert(int err) +{ + return RETWRAP(gnutls_alert_send_appropriate(s, err)); +} + +gnutls_cipher_algorithm_t session::get_cipher() const +{ + return gnutls_cipher_get(s); +} +gnutls_kx_algorithm_t session::get_kx() const +{ + return gnutls_kx_get(s); +} +gnutls_mac_algorithm_t session::get_mac() const +{ + return gnutls_mac_get(s); +} +gnutls_compression_method_t session::get_compression() const +{ + return gnutls_compression_get(s); +} +gnutls_certificate_type_t session::get_certificate_type() const +{ + return gnutls_certificate_type_get(s); +} +void session::set_private_extensions(bool allow) +{ + gnutls_handshake_set_private_extensions(s, (int)allow); +} + +gnutls_handshake_description_t session::get_handshake_last_out() const +{ + return gnutls_handshake_get_last_out(s); +} +gnutls_handshake_description_t session::get_handshake_last_in() const +{ + return gnutls_handshake_get_last_in(s); +} +ssize_t session::send(const void *data, size_t sizeofdata) +{ + return RETWRAP(gnutls_record_send(s, data, sizeofdata)); +} + +ssize_t session::recv(void *data, size_t sizeofdata) +{ + return RETWRAP(gnutls_record_recv(s, data, sizeofdata)); +} + +bool session::get_record_direction() const +{ + return gnutls_record_get_direction(s); +} +/* maximum packet size + */ +size_t session::get_max_size() const +{ + return gnutls_record_get_max_size(s); +} +void session::set_max_size(size_t size) +{ + RETWRAP(gnutls_record_set_max_size(s, size)); +} + +size_t session::check_pending() const +{ + return gnutls_record_check_pending(s); +} +void session::prf(size_t label_size, const char *label, int server_random_first, + size_t extra_size, const char *extra, size_t outsize, + char *out) +{ + RETWRAP(gnutls_prf(s, label_size, label, server_random_first, + extra_size, extra, outsize, out)); +} + +void session::prf_raw(size_t label_size, const char *label, size_t seed_size, + const char *seed, size_t outsize, char *out) +{ + RETWRAP(gnutls_prf_raw(s, label_size, label, seed_size, seed, outsize, + out)); +} + +/* if you just want some defaults, use the following. + */ +void session::set_priority(const char *prio, const char **err_pos) +{ + RETWRAP(gnutls_priority_set_direct(s, prio, err_pos)); +} + +void session::set_priority(gnutls_priority_t p) +{ + RETWRAP(gnutls_priority_set(s, p)); +} + +gnutls_protocol_t session::get_protocol_version() const +{ + return gnutls_protocol_get_version(s); +} +void session::set_data(const void *session_data, size_t session_data_size) +{ + RETWRAP(gnutls_session_set_data(s, session_data, session_data_size)); +} + +void session::get_data(void *session_data, size_t *session_data_size) const +{ + RETWRAP(gnutls_session_get_data(s, session_data, session_data_size)); +} +void session::get_data(gnutls_session_t session, gnutls_datum_t &data) const +{ + RETWRAP(gnutls_session_get_data2(s, &data)); +} +void session::get_id(void *session_id, size_t *session_id_size) const +{ + RETWRAP(gnutls_session_get_id(s, session_id, session_id_size)); +} +bool session::is_resumed() const +{ + int ret = gnutls_session_is_resumed(s); + + return (ret != 0); +} +bool session::get_peers_certificate(std::vector &out_certs) const +{ + const gnutls_datum_t *certs; + unsigned int certs_size; + + certs = gnutls_certificate_get_peers(s, &certs_size); + + if (certs == NULL) + return false; + + for (unsigned int i = 0; i < certs_size; i++) + out_certs.push_back(certs[i]); + + return true; +} +bool session::get_peers_certificate(const gnutls_datum_t **certs, + unsigned int *certs_size) const +{ + *certs = gnutls_certificate_get_peers(s, certs_size); + + if (*certs == NULL) + return false; + return true; +} +void session::get_our_certificate(gnutls_datum_t &cert) const +{ + const gnutls_datum_t *d; + + d = gnutls_certificate_get_ours(s); + if (d == NULL) + throw(exception(GNUTLS_E_INVALID_REQUEST)); + + cert = *d; +} +time_t session::get_peers_certificate_activation_time() const +{ + return gnutls_certificate_activation_time_peers(s); +} +time_t session::get_peers_certificate_expiration_time() const +{ + return gnutls_certificate_expiration_time_peers(s); +} +void session::verify_peers_certificate(unsigned int &status) const +{ + RETWRAP(gnutls_certificate_verify_peers2(s, &status)); +} +client_session::client_session() + : session(GNUTLS_CLIENT) +{ +} + +client_session::client_session(int flags) + : session(GNUTLS_CLIENT | (flags & ~GNUTLS_SERVER)) +{ +} + +client_session::~client_session() +{ +} + +// client session +void client_session::set_verify_cert(const char *hostname, unsigned flags) +{ + gnutls_session_set_verify_cert(s, hostname, flags); +} + +void client_session::set_server_name(gnutls_server_name_type_t type, + const void *name, size_t name_length) +{ + RETWRAP(gnutls_server_name_set(s, type, name, name_length)); +} + +bool client_session::get_request_status() +{ + return RETWRAP(gnutls_certificate_client_get_request_status(s)); +} + +// server_session +void server_session::get_server_name(void *data, size_t *data_length, + unsigned int *type, + unsigned int indx) const +{ + RETWRAP(gnutls_server_name_get(s, data, data_length, type, indx)); +} +// internal DB stuff +static int store_function(void *_db, gnutls_datum_t key, gnutls_datum_t data) +{ + try { + DB *db = static_cast(_db); + + if (db->store(key, data) == false) + return -1; + } catch (...) { + return -1; + } + + return 0; +} + +const static gnutls_datum_t null_datum = { NULL, 0 }; + +static gnutls_datum_t retrieve_function(void *_db, gnutls_datum_t key) +{ + gnutls_datum_t data; + + try { + DB *db = static_cast(_db); + + if (db->retrieve(key, data) == false) + return null_datum; + + } catch (...) { + return null_datum; + } + + return data; +} + +static int remove_function(void *_db, gnutls_datum_t key) +{ + try { + DB *db = static_cast(_db); + + if (db->remove(key) == false) + return -1; + } catch (...) { + return -1; + } + + return 0; +} + +void server_session::set_db(const DB &db) +{ + gnutls_db_set_ptr(s, const_cast(&db)); + gnutls_db_set_store_function(s, store_function); + gnutls_db_set_retrieve_function(s, retrieve_function); + gnutls_db_set_remove_function(s, remove_function); +} + +void server_session::set_db_cache_expiration(unsigned int seconds) +{ + gnutls_db_set_cache_expiration(s, seconds); +} + +void server_session::db_remove() const +{ + gnutls_db_remove_session(s); +} +bool server_session::db_check_entry(const gnutls_datum_t &session_data) const +{ + int ret = gnutls_db_check_entry(s, session_data); + + if (ret != 0) + return true; + return false; +} +void session::set_max_handshake_packet_length(size_t max) +{ + gnutls_handshake_set_max_packet_length(s, max); +} + +void session::clear_credentials() +{ + gnutls_credentials_clear(s); +} + +void session::set_credentials(const credentials &cred) +{ + RETWRAP(gnutls_credentials_set(s, cred.get_type(), cred.ptr())); +} + +const char *server_session::get_srp_username() const +{ + return gnutls_srp_server_get_username(s); +} +const char *server_session::get_psk_username() const +{ + return gnutls_psk_server_get_username(s); +} +void session::set_transport_ptr(gnutls_transport_ptr_t ptr) +{ + gnutls_transport_set_ptr(s, ptr); +} + +void session::set_transport_ptr(gnutls_transport_ptr_t recv_ptr, + gnutls_transport_ptr_t send_ptr) +{ + gnutls_transport_set_ptr2(s, recv_ptr, send_ptr); +} + +gnutls_transport_ptr_t session::get_transport_ptr() const +{ + return gnutls_transport_get_ptr(s); +} +void session::get_transport_ptr(gnutls_transport_ptr_t &recv_ptr, + gnutls_transport_ptr_t &send_ptr) const +{ + gnutls_transport_get_ptr2(s, &recv_ptr, &send_ptr); +} +void session::set_transport_lowat(size_t num) +{ + throw(exception(GNUTLS_E_UNIMPLEMENTED_FEATURE)); +} + +void session::set_transport_push_function(gnutls_push_func push_func) +{ + gnutls_transport_set_push_function(s, push_func); +} + +void session::set_transport_vec_push_function(gnutls_vec_push_func vec_push_func) +{ + gnutls_transport_set_vec_push_function(s, vec_push_func); +} + +void session::set_transport_pull_function(gnutls_pull_func pull_func) +{ + gnutls_transport_set_pull_function(s, pull_func); +} + +void session::set_transport_pull_timeout_function( + gnutls_pull_timeout_func pull_timeout_func) +{ + gnutls_transport_set_pull_timeout_function(s, pull_timeout_func); +} + +void session::set_user_ptr(void *ptr) +{ + gnutls_session_set_ptr(s, ptr); +} + +void *session::get_user_ptr() const +{ + return gnutls_session_get_ptr(s); +} +void session::send_openpgp_cert(gnutls_openpgp_crt_status_t status) +{ + gnutls_openpgp_send_cert(s, status); +} + +void session::set_dh_prime_bits(unsigned int bits) +{ + gnutls_dh_set_prime_bits(s, bits); +} + +unsigned int session::get_dh_secret_bits() const +{ + return RETWRAP(gnutls_dh_get_secret_bits(s)); +} +unsigned int session::get_dh_peers_public_bits() const +{ + return RETWRAP(gnutls_dh_get_peers_public_bits(s)); +} +unsigned int session::get_dh_prime_bits() const +{ + return RETWRAP(gnutls_dh_get_prime_bits(s)); +} +void session::get_dh_group(gnutls_datum_t &gen, gnutls_datum_t &prime) const +{ + RETWRAP(gnutls_dh_get_group(s, &gen, &prime)); +} +void session::get_dh_pubkey(gnutls_datum_t &raw_key) const +{ + RETWRAP(gnutls_dh_get_pubkey(s, &raw_key)); +} +void server_session::set_certificate_request(gnutls_certificate_request_t req) +{ + gnutls_certificate_server_set_request(s, req); +} + +gnutls_credentials_type_t session::get_auth_type() const +{ + return gnutls_auth_get_type(s); +} +gnutls_credentials_type_t session::get_server_auth_type() const +{ + return gnutls_auth_server_get_type(s); +} +gnutls_credentials_type_t session::get_client_auth_type() const +{ + return gnutls_auth_client_get_type(s); +} +certificate_credentials::~certificate_credentials() +{ + gnutls_certificate_free_credentials(cred); +} + +certificate_credentials::certificate_credentials() + : credentials(GNUTLS_CRD_CERTIFICATE) +{ + RETWRAP(gnutls_certificate_allocate_credentials(&cred)); + set_ptr(cred); +} + +void certificate_server_credentials::set_params_function( + gnutls_params_function *func) +{ + gnutls_certificate_set_params_function(cred, func); +} + +anon_server_credentials::anon_server_credentials() + : credentials(GNUTLS_CRD_ANON) +{ + RETWRAP(gnutls_anon_allocate_server_credentials(&cred)); + set_ptr(cred); +} + +anon_server_credentials::~anon_server_credentials() +{ + gnutls_anon_free_server_credentials(cred); +} + +void anon_server_credentials::set_dh_params(const dh_params ¶ms) +{ + gnutls_anon_set_server_dh_params(cred, params.get_params_t()); +} + +void anon_server_credentials::set_params_function(gnutls_params_function *func) +{ + gnutls_anon_set_server_params_function(cred, func); +} + +anon_client_credentials::anon_client_credentials() + : credentials(GNUTLS_CRD_ANON) +{ + RETWRAP(gnutls_anon_allocate_client_credentials(&cred)); + set_ptr(cred); +} + +anon_client_credentials::~anon_client_credentials() +{ + gnutls_anon_free_client_credentials(cred); +} + +void certificate_credentials::free_keys() +{ + gnutls_certificate_free_keys(cred); +} + +void certificate_credentials::free_cas() +{ + gnutls_certificate_free_cas(cred); +} + +void certificate_credentials::free_ca_names() +{ + gnutls_certificate_free_ca_names(cred); +} + +void certificate_credentials::free_crls() +{ + gnutls_certificate_free_crls(cred); +} + +void certificate_credentials::set_dh_params(const dh_params ¶ms) +{ + gnutls_certificate_set_dh_params(cred, params.get_params_t()); +} + +void certificate_credentials::set_verify_flags(unsigned int flags) +{ + gnutls_certificate_set_verify_flags(cred, flags); +} + +void certificate_credentials::set_verify_limits(unsigned int max_bits, + unsigned int max_depth) +{ + gnutls_certificate_set_verify_limits(cred, max_bits, max_depth); +} + +void certificate_credentials::set_x509_trust_file(const char *cafile, + gnutls_x509_crt_fmt_t type) +{ + RETWRAP(gnutls_certificate_set_x509_trust_file(cred, cafile, type)); +} + +void certificate_credentials::set_x509_trust(const gnutls_datum_t &CA, + gnutls_x509_crt_fmt_t type) +{ + RETWRAP(gnutls_certificate_set_x509_trust_mem(cred, &CA, type)); +} + +void certificate_credentials::set_x509_crl_file(const char *crlfile, + gnutls_x509_crt_fmt_t type) +{ + RETWRAP(gnutls_certificate_set_x509_crl_file(cred, crlfile, type)); +} + +void certificate_credentials::set_x509_crl(const gnutls_datum_t &CRL, + gnutls_x509_crt_fmt_t type) +{ + RETWRAP(gnutls_certificate_set_x509_crl_mem(cred, &CRL, type)); +} + +void certificate_credentials::set_x509_key_file(const char *certfile, + const char *keyfile, + gnutls_x509_crt_fmt_t type) +{ + RETWRAP(gnutls_certificate_set_x509_key_file(cred, certfile, keyfile, + type)); +} + +void certificate_credentials::set_x509_key(const gnutls_datum_t &CERT, + const gnutls_datum_t &KEY, + gnutls_x509_crt_fmt_t type) +{ + RETWRAP(gnutls_certificate_set_x509_key_mem(cred, &CERT, &KEY, type)); +} + +void certificate_credentials::set_simple_pkcs12_file(const char *pkcs12file, + gnutls_x509_crt_fmt_t type, + const char *password) +{ + RETWRAP(gnutls_certificate_set_x509_simple_pkcs12_file(cred, pkcs12file, + type, password)); +} + +void certificate_credentials::set_x509_key(gnutls_x509_crt_t *cert_list, + int cert_list_size, + gnutls_x509_privkey_t key) +{ + RETWRAP(gnutls_certificate_set_x509_key(cred, cert_list, cert_list_size, + key)); +} + +void certificate_credentials::set_x509_trust(gnutls_x509_crt_t *ca_list, + int ca_list_size) +{ + RETWRAP(gnutls_certificate_set_x509_trust(cred, ca_list, ca_list_size)); +} + +void certificate_credentials::set_x509_crl(gnutls_x509_crl_t *crl_list, + int crl_list_size) +{ + RETWRAP(gnutls_certificate_set_x509_crl(cred, crl_list, crl_list_size)); +} + +void certificate_credentials::set_retrieve_function( + gnutls_certificate_retrieve_function *func) +{ + gnutls_certificate_set_retrieve_function(cred, func); +} + +// SRP + +srp_server_credentials::srp_server_credentials() + : credentials(GNUTLS_CRD_SRP) +{ + RETWRAP(gnutls_srp_allocate_server_credentials(&cred)); + set_ptr(cred); +} + +srp_server_credentials::~srp_server_credentials() +{ + gnutls_srp_free_server_credentials(cred); +} + +srp_client_credentials::srp_client_credentials() + : credentials(GNUTLS_CRD_SRP) +{ + RETWRAP(gnutls_srp_allocate_client_credentials(&cred)); + set_ptr(cred); +} + +srp_client_credentials::~srp_client_credentials() +{ + gnutls_srp_free_client_credentials(cred); +} + +void srp_client_credentials::set_credentials(const char *username, + const char *password) +{ + RETWRAP(gnutls_srp_set_client_credentials(cred, username, password)); +} + +void srp_server_credentials::set_credentials_file( + const char *password_file, const char *password_conf_file) +{ + RETWRAP(gnutls_srp_set_server_credentials_file(cred, password_file, + password_conf_file)); +} + +void srp_server_credentials::set_credentials_function( + gnutls_srp_server_credentials_function *func) +{ + gnutls_srp_set_server_credentials_function(cred, func); +} + +void srp_client_credentials::set_credentials_function( + gnutls_srp_client_credentials_function *func) +{ + gnutls_srp_set_client_credentials_function(cred, func); +} + +// PSK + +psk_server_credentials::psk_server_credentials() + : credentials(GNUTLS_CRD_PSK) +{ + RETWRAP(gnutls_psk_allocate_server_credentials(&cred)); + set_ptr(cred); +} + +psk_server_credentials::~psk_server_credentials() +{ + gnutls_psk_free_server_credentials(cred); +} + +void psk_server_credentials::set_credentials_file(const char *password_file) +{ + RETWRAP(gnutls_psk_set_server_credentials_file(cred, password_file)); +} + +void psk_server_credentials::set_credentials_function( + gnutls_psk_server_credentials_function *func) +{ + gnutls_psk_set_server_credentials_function(cred, func); +} + +void psk_server_credentials::set_dh_params(const dh_params ¶ms) +{ + gnutls_psk_set_server_dh_params(cred, params.get_params_t()); +} + +void psk_server_credentials::set_params_function(gnutls_params_function *func) +{ + gnutls_psk_set_server_params_function(cred, func); +} + +psk_client_credentials::psk_client_credentials() + : credentials(GNUTLS_CRD_PSK) +{ + RETWRAP(gnutls_psk_allocate_client_credentials(&cred)); + set_ptr(cred); +} + +psk_client_credentials::~psk_client_credentials() +{ + gnutls_psk_free_client_credentials(cred); +} + +void psk_client_credentials::set_credentials(const char *username, + const gnutls_datum_t &key, + gnutls_psk_key_flags flags) +{ + RETWRAP(gnutls_psk_set_client_credentials(cred, username, &key, flags)); +} + +void psk_client_credentials::set_credentials_function( + gnutls_psk_client_credentials_function *func) +{ + gnutls_psk_set_client_credentials_function(cred, func); +} + +credentials::credentials(gnutls_credentials_type_t t) + : type(t) + , cred(NULL) +{ +} + +gnutls_credentials_type_t credentials::get_type() const +{ + return type; +} +void *credentials::ptr() const +{ + return cred; +} +void credentials::set_ptr(void *ptr) +{ + cred = ptr; +} + +exception::exception(int x) +{ + retcode = x; +} + +int exception::get_code() +{ + return retcode; +} + +const char *exception::what() const throw() +{ + return gnutls_strerror(retcode); +} + +dh_params::dh_params() +{ + RETWRAP(gnutls_dh_params_init(¶ms)); +} + +dh_params::~dh_params() +{ + gnutls_dh_params_deinit(params); +} + +void dh_params::import_raw(const gnutls_datum_t &prime, + const gnutls_datum_t &generator) +{ + RETWRAP(gnutls_dh_params_import_raw(params, &prime, &generator)); +} + +void dh_params::import_pkcs3(const gnutls_datum_t &pkcs3_params, + gnutls_x509_crt_fmt_t format) +{ + RETWRAP(gnutls_dh_params_import_pkcs3(params, &pkcs3_params, format)); +} + +void dh_params::generate(unsigned int bits) +{ + RETWRAP(gnutls_dh_params_generate2(params, bits)); +} + +void dh_params::export_pkcs3(gnutls_x509_crt_fmt_t format, + unsigned char *params_data, + size_t *params_data_size) +{ + RETWRAP(gnutls_dh_params_export_pkcs3(params, format, params_data, + params_data_size)); +} + +void dh_params::export_raw(gnutls_datum_t &prime, gnutls_datum_t &generator) +{ + RETWRAP(gnutls_dh_params_export_raw(params, &prime, &generator, NULL)); +} + +gnutls_dh_params_t dh_params::get_params_t() const +{ + return params; +} +dh_params &dh_params::operator=(const dh_params &src) +{ + dh_params *dst = new dh_params; + int ret; + + ret = gnutls_dh_params_cpy(dst->params, src.params); + + if (ret < 0) { + delete dst; + throw(exception(ret)); + } + + std::swap(this->params, dst->params); + delete dst; + + return *this; +} + +#endif /* GNUTLS_GNUTLSXX_NO_HEADERONLY */ + +} /* namespace gnutls */ + +#endif /* GNUTLS_GNUTLSXX_H */ diff --git a/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/openssl.h b/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/openssl.h deleted file mode 100644 index 0383ee6..0000000 --- a/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/openssl.h +++ /dev/null @@ -1,312 +0,0 @@ -/* - * Copyright (C) 2004-2012 Free Software Foundation, Inc. - * Copyright (c) 2002 Andrew McDonald - * - * This file is part of GnuTLS-EXTRA. - * - * GnuTLS-extra is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 3 of the - * License, or (at your option) any later version. - * - * GnuTLS-extra is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with GnuTLS-EXTRA. If not, see . - */ - -/* WARNING: Error functions aren't currently thread-safe */ - -/* This file contains prototypes about the OpenSSL compatibility layer - * in GnuTLS. GnuTLS is not a complete replacement of OPENSSL so this - * compatibility layer only supports limited OpenSSL functionality. - * - * New programs should avoid using this compatibility layer, and use - * the native GnuTLS API directly. - */ - -#ifndef GNUTLS_OPENSSL_H -#define GNUTLS_OPENSSL_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -/* Extra definitions that no longer exist in gnutls. - */ -#define GNUTLS_X509_CN_SIZE 256 -#define GNUTLS_X509_C_SIZE 3 -#define GNUTLS_X509_O_SIZE 256 -#define GNUTLS_X509_OU_SIZE 256 -#define GNUTLS_X509_L_SIZE 256 -#define GNUTLS_X509_S_SIZE 256 -#define GNUTLS_X509_EMAIL_SIZE 256 - -typedef struct { - char common_name[GNUTLS_X509_CN_SIZE]; - char country[GNUTLS_X509_C_SIZE]; - char organization[GNUTLS_X509_O_SIZE]; - char organizational_unit_name[GNUTLS_X509_OU_SIZE]; - char locality_name[GNUTLS_X509_L_SIZE]; - char state_or_province_name[GNUTLS_X509_S_SIZE]; - char email[GNUTLS_X509_EMAIL_SIZE]; -} gnutls_x509_dn; - -#define OPENSSL_VERSION_NUMBER (0x0090604F) -#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER -#define OPENSSL_VERSION_TEXT ("GNUTLS " GNUTLS_VERSION " ") - -#define SSL_ERROR_NONE (0) -#define SSL_ERROR_SSL (1) -#define SSL_ERROR_WANT_READ (2) -#define SSL_ERROR_WANT_WRITE (3) -#define SSL_ERROR_SYSCALL (5) -#define SSL_ERROR_ZERO_RETURN (6) - -#define SSL_FILETYPE_PEM (GNUTLS_X509_FMT_PEM) - -#define SSL_VERIFY_NONE (0) - -#define SSL_ST_OK (1) - -#define X509_V_ERR_CERT_NOT_YET_VALID (1) -#define X509_V_ERR_CERT_HAS_EXPIRED (2) -#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT (3) - -#define SSL_OP_ALL (0x000FFFFF) -#define SSL_OP_NO_TLSv1 (0x0400000) - -#define SSL_MODE_ENABLE_PARTIAL_WRITE (0x1) -#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER (0x2) -#define SSL_MODE_AUTO_RETRY (0x4) - -#undef X509_NAME -#undef X509 -typedef gnutls_x509_dn X509_NAME; -typedef gnutls_datum_t X509; - -typedef struct _SSL SSL; - -typedef struct { - char priority_string[256]; - unsigned int connend; -} SSL_METHOD; - -typedef struct { - gnutls_protocol_t version; - gnutls_cipher_algorithm_t cipher; - gnutls_kx_algorithm_t kx; - gnutls_mac_algorithm_t mac; - gnutls_compression_method_t compression; - gnutls_certificate_type_t cert; -} SSL_CIPHER; - -typedef struct _BIO { - gnutls_transport_ptr_t fd; -} BIO; - -typedef struct { - SSL *ssl; - int error; - const gnutls_datum_t *cert_list; -#define current_cert cert_list -} X509_STORE_CTX; - -#define X509_STORE_CTX_get_current_cert(ctx) ((ctx)->current_cert) - -typedef struct _SSL_CTX { - SSL_METHOD *method; - char *certfile; - int certfile_type; - char *keyfile; - int keyfile_type; - unsigned long options; - - int (*verify_callback)(int, X509_STORE_CTX *); - int verify_mode; - -} SSL_CTX; - -struct _SSL { - gnutls_session_t gnutls_state; - - gnutls_certificate_client_credentials gnutls_cred; - - SSL_CTX *ctx; - SSL_CIPHER ciphersuite; - - int last_error; - int shutdown; - int state; - unsigned long options; - - int (*verify_callback)(int, X509_STORE_CTX *); - int verify_mode; - - gnutls_transport_ptr_t rfd; - gnutls_transport_ptr_t wfd; -}; - -#define rbio gnutls_state - -typedef struct { - void *handle; -} MD_CTX; - -struct rsa_st; -typedef struct rsa_st RSA; - -#define MD5_CTX MD_CTX -#define RIPEMD160_CTX MD_CTX - -#define OpenSSL_add_ssl_algorithms() SSL_library_init() -#define SSLeay_add_ssl_algorithms() SSL_library_init() -#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() - -#define SSL_get_cipher_name(ssl) \ - SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)) -#define SSL_get_cipher(ssl) SSL_get_cipher_name(ssl) -#define SSL_get_cipher_bits(ssl, bp) \ - SSL_CIPHER_get_bits(SSL_get_current_cipher(ssl), (bp)) -#define SSL_get_cipher_version(ssl) \ - SSL_CIPHER_get_version(SSL_get_current_cipher(ssl)) - -/* Library initialisation functions */ - -int SSL_library_init(void); -void OpenSSL_add_all_algorithms(void); - -/* SSL_CTX structure handling */ - -SSL_CTX *SSL_CTX_new(SSL_METHOD *method); -void SSL_CTX_free(SSL_CTX *ctx); -int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *certfile, int type); -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *keyfile, int type); -void SSL_CTX_set_verify(SSL_CTX *ctx, int verify_mode, - int (*verify_callback)(int, X509_STORE_CTX *)); -unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long options); -long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); -int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *list); - -/* SSL_CTX statistics */ - -long SSL_CTX_sess_number(SSL_CTX *ctx); -long SSL_CTX_sess_connect(SSL_CTX *ctx); -long SSL_CTX_sess_connect_good(SSL_CTX *ctx); -long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx); -long SSL_CTX_sess_accept(SSL_CTX *ctx); -long SSL_CTX_sess_accept_good(SSL_CTX *ctx); -long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx); -long SSL_CTX_sess_hits(SSL_CTX *ctx); -long SSL_CTX_sess_misses(SSL_CTX *ctx); -long SSL_CTX_sess_timeouts(SSL_CTX *ctx); - -/* SSL structure handling */ - -SSL *SSL_new(SSL_CTX *ctx); -void SSL_free(SSL *ssl); -void SSL_load_error_strings(void); -int SSL_get_error(SSL *ssl, int ret); -int SSL_set_fd(SSL *ssl, int fd); -int SSL_set_rfd(SSL *ssl, int fd); -int SSL_set_wfd(SSL *ssl, int fd); -void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); -void SSL_set_connect_state(SSL *ssl); -int SSL_pending(SSL *ssl); -void SSL_set_verify(SSL *ssl, int verify_mode, - int (*verify_callback)(int, X509_STORE_CTX *)); -const X509 *SSL_get_peer_certificate(SSL *ssl); - -/* SSL connection open/close/read/write functions */ - -int SSL_connect(SSL *ssl); -int SSL_accept(SSL *ssl); -int SSL_shutdown(SSL *ssl); -int SSL_read(SSL *ssl, void *buf, int len); -int SSL_write(SSL *ssl, const void *buf, int len); - -int SSL_want(SSL *ssl); - -#define SSL_NOTHING (1) -#define SSL_WRITING (2) -#define SSL_READING (3) -#define SSL_X509_LOOKUP (4) - -#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) -#define SSL_want_read(s) (SSL_want(s) == SSL_READING) -#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) -#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) - -/* SSL_METHOD functions */ - -SSL_METHOD *SSLv23_client_method(void); -SSL_METHOD *SSLv23_server_method(void); -SSL_METHOD *SSLv3_client_method(void); -SSL_METHOD *SSLv3_server_method(void); -SSL_METHOD *TLSv1_client_method(void); -SSL_METHOD *TLSv1_server_method(void); - -/* SSL_CIPHER functions */ - -SSL_CIPHER *SSL_get_current_cipher(SSL *ssl); -const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher); -int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *bits); -const char *SSL_CIPHER_get_version(SSL_CIPHER *cipher); -char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size); - -/* X509 functions */ - -X509_NAME *X509_get_subject_name(const X509 *cert); -X509_NAME *X509_get_issuer_name(const X509 *cert); -char *X509_NAME_oneline(gnutls_x509_dn *name, char *buf, int len); -void X509_free(const X509 *cert); - -/* BIO functions */ - -void BIO_get_fd(gnutls_session_t gnutls_state, int *fd); -BIO *BIO_new_socket(int sock, int close_flag); - -/* error handling */ - -unsigned long ERR_get_error(void); -const char *ERR_error_string(unsigned long e, char *buf); - -/* RAND functions */ - -int RAND_status(void); -void RAND_seed(const void *buf, int num); -int RAND_bytes(unsigned char *buf, int num); -int RAND_pseudo_bytes(unsigned char *buf, int num); -const char *RAND_file_name(char *buf, size_t len); -int RAND_load_file(const char *name, long maxbytes); -int RAND_write_file(const char *name); - -int RAND_egd_bytes(const char *path, int bytes); -#define RAND_egd(p) RAND_egd_bytes((p), 255) - -/* message digest functions */ - -#define MD5_DIGEST_LENGTH 16 - -void MD5_Init(MD5_CTX *ctx); -void MD5_Update(MD5_CTX *ctx, const void *buf, int len); -void MD5_Final(unsigned char *md, MD5_CTX *ctx); -unsigned char *MD5(const unsigned char *buf, unsigned long len, - unsigned char *md); - -void RIPEMD160_Init(RIPEMD160_CTX *ctx); -void RIPEMD160_Update(RIPEMD160_CTX *ctx, const void *buf, int len); -void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *ctx); -unsigned char *RIPEMD160(const unsigned char *buf, unsigned long len, - unsigned char *md); - -#ifdef __cplusplus -} -#endif -#endif diff --git a/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/x509.h b/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/x509.h index 4466155..c89255c 100644 --- a/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/x509.h +++ b/V2G_Libraries/Third_Party/GnuTLS/include/gnutls/x509.h @@ -410,6 +410,14 @@ void gnutls_x509_spki_set_rsa_pss_params(gnutls_x509_spki_t spki, gnutls_digest_algorithm_t dig, unsigned int salt_size); +int gnutls_x509_spki_set_rsa_oaep_params(gnutls_x509_spki_t spki, + gnutls_digest_algorithm_t dig, + const gnutls_datum_t *label); + +int gnutls_x509_spki_get_rsa_oaep_params(gnutls_x509_spki_t spki, + gnutls_digest_algorithm_t *dig, + gnutls_datum_t *label); + int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, unsigned int *bits); int gnutls_x509_crt_set_spki(gnutls_x509_crt_t crt, diff --git a/V2G_Libraries/Third_Party/cbv2g/din/din_msgDefDecoder.c b/V2G_Libraries/Third_Party/cbv2g/din/din_msgDefDecoder.c index 01dc519..a445b1c 100644 --- a/V2G_Libraries/Third_Party/cbv2g/din/din_msgDefDecoder.c +++ b/V2G_Libraries/Third_Party/cbv2g/din/din_msgDefDecoder.c @@ -2260,7 +2260,7 @@ static int decode_din_X509IssuerSerialType(exi_bitstream_t* stream, struct din_X uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(X509IssuerSerialType->X509SerialNumber.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; @@ -5268,7 +5268,7 @@ static int decode_din_SignatureMethodType(exi_bitstream_t* stream, struct din_Si uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(SignatureMethodType->HMACOutputLength.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; diff --git a/V2G_Libraries/Third_Party/cbv2g/iso-2/iso2_msgDefDecoder.c b/V2G_Libraries/Third_Party/cbv2g/iso-2/iso2_msgDefDecoder.c index fdc9b8b..c647feb 100644 --- a/V2G_Libraries/Third_Party/cbv2g/iso-2/iso2_msgDefDecoder.c +++ b/V2G_Libraries/Third_Party/cbv2g/iso-2/iso2_msgDefDecoder.c @@ -1549,7 +1549,7 @@ static int decode_iso2_X509IssuerSerialType(exi_bitstream_t* stream, struct iso2 uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(X509IssuerSerialType->X509SerialNumber.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; @@ -2336,7 +2336,7 @@ static int decode_iso2_SignatureMethodType(exi_bitstream_t* stream, struct iso2_ uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(SignatureMethodType->HMACOutputLength.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; diff --git a/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_ACDP_Decoder.c b/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_ACDP_Decoder.c index 361d259..c74e76b 100644 --- a/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_ACDP_Decoder.c +++ b/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_ACDP_Decoder.c @@ -1231,7 +1231,7 @@ static int decode_iso20_acdp_X509IssuerSerialType(exi_bitstream_t* stream, struc uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(X509IssuerSerialType->X509SerialNumber.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; @@ -1886,7 +1886,7 @@ static int decode_iso20_acdp_SignatureMethodType(exi_bitstream_t* stream, struct uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(SignatureMethodType->HMACOutputLength.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; diff --git a/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_AC_Decoder.c b/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_AC_Decoder.c index 73eec0f..ff8118f 100644 --- a/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_AC_Decoder.c +++ b/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_AC_Decoder.c @@ -1246,7 +1246,7 @@ static int decode_iso20_ac_X509IssuerSerialType(exi_bitstream_t* stream, struct uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(X509IssuerSerialType->X509SerialNumber.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; @@ -1901,7 +1901,7 @@ static int decode_iso20_ac_SignatureMethodType(exi_bitstream_t* stream, struct i uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(SignatureMethodType->HMACOutputLength.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; diff --git a/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_CommonMessages_Decoder.c b/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_CommonMessages_Decoder.c index eb6e8aa..b1dae09 100644 --- a/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_CommonMessages_Decoder.c +++ b/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_CommonMessages_Decoder.c @@ -1312,7 +1312,7 @@ static int decode_iso20_X509IssuerSerialType(exi_bitstream_t* stream, struct iso uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(X509IssuerSerialType->X509SerialNumber.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; @@ -2122,7 +2122,7 @@ static int decode_iso20_SignatureMethodType(exi_bitstream_t* stream, struct iso2 uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(SignatureMethodType->HMACOutputLength.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; diff --git a/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_DC_Decoder.c b/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_DC_Decoder.c index 89569e1..fe9db5d 100644 --- a/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_DC_Decoder.c +++ b/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_DC_Decoder.c @@ -1252,7 +1252,7 @@ static int decode_iso20_dc_X509IssuerSerialType(exi_bitstream_t* stream, struct uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(X509IssuerSerialType->X509SerialNumber.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; @@ -1907,7 +1907,7 @@ static int decode_iso20_dc_SignatureMethodType(exi_bitstream_t* stream, struct i uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(SignatureMethodType->HMACOutputLength.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; diff --git a/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_WPT_Decoder.c b/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_WPT_Decoder.c index 3e3074a..6afd21d 100644 --- a/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_WPT_Decoder.c +++ b/V2G_Libraries/Third_Party/cbv2g/iso-20/iso20_WPT_Decoder.c @@ -1264,7 +1264,7 @@ static int decode_iso20_wpt_X509IssuerSerialType(exi_bitstream_t* stream, struct uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(X509IssuerSerialType->X509SerialNumber.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; @@ -2043,7 +2043,7 @@ static int decode_iso20_wpt_SignatureMethodType(exi_bitstream_t* stream, struct uint8_t realInteger[21] = {0}; // max length: 20 + 1 zero terminator size_t realInteger_size = 0; int result = exi_basetypes_convert_bytes_from_unsigned(&(SignatureMethodType->HMACOutputLength.data), &realInteger[0], &realInteger_size, 21); - if (result != 0) + if (result == 0) { // reverse array uint8_t temp; diff --git a/V2G_Libraries/v2gLib/main.rc b/V2G_Libraries/v2gLib/main.rc index a124ccf..363829d 100644 --- a/V2G_Libraries/v2gLib/main.rc +++ b/V2G_Libraries/v2gLib/main.rc @@ -1,11 +1,11 @@ #include -#define VER_FILEVERSION 1,4,2,0 -#define VER_FILEVERSION_STR "1.4.2.0\0" +#define VER_FILEVERSION 1,4,3,0 +#define VER_FILEVERSION_STR "1.4.3.0\0" #define VER_COMPANYNAME_STR "dSPACE GmbH" #define VER_PRODUCTNAME_STR "V2gLib" -#define VER_PRODUCTVERSION 1,4,2,0 -#define VER_PRODUCTVERSION_STR "1.4.2.0\0" +#define VER_PRODUCTVERSION 1,4,3,0 +#define VER_PRODUCTVERSION_STR "1.4.3.0\0" VS_VERSION_INFO VERSIONINFO FILEVERSION VER_FILEVERSION diff --git a/V2G_Libraries/v2gLib/src/CertHelper.h b/V2G_Libraries/v2gLib/src/CertHelper.h index b16d139..7b1a09a 100644 --- a/V2G_Libraries/v2gLib/src/CertHelper.h +++ b/V2G_Libraries/v2gLib/src/CertHelper.h @@ -17,12 +17,12 @@ struct X509CertInfos { - bool valid = false; + int result = -1; // GnuTLS error code. Note: GNUTLS_E_SUCCESS == 0 std::string subject = "ERROR"; std::string issuer = "ERROR"; - int version = -1; // Note: this is defined by standards to be one less than - // the certificate version. E.g., version 3 certificate will return 2 - std::string serial_number = "ERROR"; // hex-string + int version = -1; // Note: this is defined by standards to be one less than + // the certificate version. E.g., version 3 certificate will return 2 + std::string serial_number = "ERROR"; // hex-string std::string sig_algorithm = "ERROR"; std::string sig_value = "ERROR"; std::string time_not_after = "ERROR"; @@ -40,3 +40,4 @@ struct X509CertInfos }; X509CertInfos get_cert_info(std::string x509_content); +std::string get_error_description(int error_code); \ No newline at end of file diff --git a/V2G_Libraries/v2gLib/src/GnuTLSHelper.cpp b/V2G_Libraries/v2gLib/src/GnuTLSHelper.cpp index b2985a0..9010738 100644 --- a/V2G_Libraries/v2gLib/src/GnuTLSHelper.cpp +++ b/V2G_Libraries/v2gLib/src/GnuTLSHelper.cpp @@ -25,47 +25,54 @@ constexpr int MAX_STRING_LEN = 512; +std::string get_error_description(int error_code) +{ + return std::string(gnutls_strerror(error_code)); +} + X509CertInfos get_cert_info(std::string x509_content) { X509CertInfos cert_info{}; gnutls_x509_crt_t cert; - if (gnutls_x509_crt_init(&cert) < 0) + cert_info.result = gnutls_x509_crt_init(&cert); + if (cert_info.result < 0) { fprintf(stderr, "dsV2G CertInfo error in initialization\n"); - cert_info.valid = false; return cert_info; } char buffer[MAX_STRING_LEN]; size_t size = sizeof(buffer); - cert_info.valid = true; - gnutls_datum_t cert_in; cert_in.data = new unsigned char[x509_content.length()]; - strcpy((char *)cert_in.data, x509_content.c_str()); + strncpy((char *)cert_in.data, x509_content.c_str(), x509_content.length()); cert_in.size = x509_content.length(); - if (gnutls_x509_crt_import(cert, &cert_in, GNUTLS_X509_FMT_PEM) < 0) + cert_info.result = gnutls_x509_crt_import(cert, &cert_in, GNUTLS_X509_FMT_PEM); + if (cert_info.result < 0) { fprintf(stderr, "dsV2G CertInfo error parsing certificate\n"); - cert_info.valid = false; delete[] cert_in.data; gnutls_x509_crt_deinit(cert); return cert_info; } size = sizeof(buffer); - if (gnutls_x509_crt_get_serial(cert, buffer, &size) != GNUTLS_E_SUCCESS) + int errn = gnutls_x509_crt_get_serial(cert, buffer, &size); + if (errn != GNUTLS_E_SUCCESS) { fprintf(stderr, "dsV2G CertInfo error gnutls_x509_crt_get_serial\n"); - cert_info.valid = false; + if (cert_info.result == GNUTLS_E_SUCCESS) + { + cert_info.result = errn; + } cert_info.serial_number = "ERROR"; } else { - cert_info.serial_number = uint8_to_hex_string((uint8_t *)buffer, size); + cert_info.serial_number = "0x" + uint8_to_hex_string((uint8_t *)buffer, size); } time_t expiration_time, activation_time; @@ -73,25 +80,31 @@ X509CertInfos get_cert_info(std::string x509_content) if (expiration_time == -1) { fprintf(stderr, "dsV2G CertInfo error gnutls_x509_crt_get_expiration_time\n"); - cert_info.valid = false; + if (cert_info.result == GNUTLS_E_SUCCESS) + { + cert_info.result = expiration_time; + } cert_info.time_not_after = "ERROR"; } else { cert_info.time_not_after = ctime(&expiration_time); - cert_info.time_not_after.pop_back(); // remove linebreak + cert_info.time_not_after.pop_back(); // remove linebreak } activation_time = gnutls_x509_crt_get_activation_time(cert); if (activation_time == -1) { fprintf(stderr, "dsV2G CertInfo error gnutls_x509_crt_get_activation_time\n"); - cert_info.valid = false; + if (cert_info.result == GNUTLS_E_SUCCESS) + { + cert_info.result = activation_time; + } cert_info.time_not_before = "ERROR"; } else { cert_info.time_not_before = ctime(&activation_time); - cert_info.time_not_before.pop_back(); // remove linebreak + cert_info.time_not_before.pop_back(); // remove linebreak } int sig_algorithm = gnutls_x509_crt_get_signature_algorithm(cert); @@ -101,14 +114,21 @@ X509CertInfos get_cert_info(std::string x509_content) if (cert_info.version < 0) { fprintf(stderr, "dsV2G CertInfo error gnutls_x509_crt_get_version\n"); - cert_info.valid = false; + if (cert_info.result == GNUTLS_E_SUCCESS) + { + cert_info.result = cert_info.version; + } } size = sizeof(buffer); - if (gnutls_x509_crt_get_dn(cert, buffer, &size) != GNUTLS_E_SUCCESS) + errn = gnutls_x509_crt_get_dn(cert, buffer, &size); + if (errn != GNUTLS_E_SUCCESS) { fprintf(stderr, "dsV2G CertInfo error gnutls_x509_crt_get_dn\n"); - cert_info.valid = false; + if (cert_info.result == GNUTLS_E_SUCCESS) + { + cert_info.result = errn; + } cert_info.subject = "ERROR"; } else @@ -117,10 +137,14 @@ X509CertInfos get_cert_info(std::string x509_content) } size = sizeof(buffer); - if (gnutls_x509_crt_get_issuer_dn(cert, buffer, &size) != GNUTLS_E_SUCCESS) + errn = gnutls_x509_crt_get_issuer_dn(cert, buffer, &size); + if (errn != GNUTLS_E_SUCCESS) { fprintf(stderr, "dsV2G CertInfo error gnutls_x509_crt_get_issuer_dn\n"); - cert_info.valid = false; + if (cert_info.result == GNUTLS_E_SUCCESS) + { + cert_info.result = errn; + } cert_info.issuer = "ERROR"; } else @@ -129,10 +153,14 @@ X509CertInfos get_cert_info(std::string x509_content) } size = sizeof(buffer); - if (gnutls_x509_crt_get_signature(cert, buffer, &size) != GNUTLS_E_SUCCESS) + errn = gnutls_x509_crt_get_signature(cert, buffer, &size); + if (errn != GNUTLS_E_SUCCESS) { fprintf(stderr, "dsV2G CertInfo error gnutls_x509_crt_get_signature\n"); - cert_info.valid = false; + if (cert_info.result == GNUTLS_E_SUCCESS) + { + cert_info.result = errn; + } cert_info.sig_value = "ERROR"; } else @@ -145,7 +173,10 @@ X509CertInfos get_cert_info(std::string x509_content) if (pk_algo < 0) { fprintf(stderr, "dsV2G CertInfo error gnutls_x509_crt_get_pk_algorithm\n"); - cert_info.valid = false; + if (cert_info.result == GNUTLS_E_SUCCESS) + { + cert_info.result = pk_algo; + } cert_info.pubkey_algorithm = "ERROR"; } else @@ -164,7 +195,10 @@ X509CertInfos get_cert_info(std::string x509_content) else if (basic_constraints_ret < GNUTLS_E_SUCCESS) { fprintf(stderr, "dsV2G CertInfo error gnutls_x509_crt_get_basic_constraints %d\n", basic_constraints_ret); - cert_info.valid = false; + if (cert_info.result == GNUTLS_E_SUCCESS) + { + cert_info.result = basic_constraints_ret; + } cert_info.v3ext_basic_constraint = "ERROR"; cert_info.v3ext_basic_constraint_CA = "ERROR"; } @@ -208,7 +242,10 @@ X509CertInfos get_cert_info(std::string x509_content) else if (key_usage_ret != GNUTLS_E_SUCCESS) { fprintf(stderr, "dsV2G CertInfo error gnutls_x509_crt_get_key_usage\n"); - cert_info.valid = false; + if (cert_info.result == GNUTLS_E_SUCCESS) + { + cert_info.result = key_usage_ret; + } cert_info.v3ext_key_usage = "ERROR"; cert_info.v3ext_key_usage_critical = "ERROR"; } @@ -263,7 +300,10 @@ X509CertInfos get_cert_info(std::string x509_content) else if (keyIdRet != GNUTLS_E_SUCCESS) { fprintf(stderr, "dsV2G CertInfo error gnutls_x509_crt_get_subject_key_id\n"); - cert_info.valid = false; + if (cert_info.result == GNUTLS_E_SUCCESS) + { + cert_info.result = keyIdRet; + } cert_info.v3ext_subjkey_id = "ERROR"; cert_info.v3ext_subjkey_id_critical = "ERROR"; } @@ -289,7 +329,7 @@ X509CertInfos get_cert_info(std::string x509_content) if (gnutls_x509_crt_get_pk_ecc_raw(cert, &curve, &coord_x, &coord_y) != GNUTLS_E_SUCCESS) { fprintf(stderr, "dsV2G CertInfo error gnutls_x509_crt_get_pk_ecc_raw\n"); - // cInfo.valid = false; // keep valid in case this is not ecc pk + // cert_info.result - keep previous result in case this is not ecc pk cert_info.spk_NIST_curve = "ERROR"; cert_info.spk_pub = "ERROR"; } @@ -304,4 +344,4 @@ X509CertInfos get_cert_info(std::string x509_content) gnutls_x509_crt_deinit(cert); return cert_info; -} \ No newline at end of file +} diff --git a/V2G_Libraries/v2gLib/src/LuaLibV2G.cpp b/V2G_Libraries/v2gLib/src/LuaLibV2G.cpp index b97e8fc..7955cb7 100644 --- a/V2G_Libraries/v2gLib/src/LuaLibV2G.cpp +++ b/V2G_Libraries/v2gLib/src/LuaLibV2G.cpp @@ -25,6 +25,15 @@ extern "C" #include "Decoder.h" #include "CertHelper.h" +static int l_getGnuTlsErrorDescription(lua_State *L) +{ + int error_code = luaL_checkinteger(L, 0); + + lua_pushstring(L, get_error_description(error_code).c_str()); + + return 1; +} + static int l_getX509Infos(lua_State *L) { size_t certSize; @@ -36,10 +45,10 @@ static int l_getX509Infos(lua_State *L) X509CertInfos cInfo = get_cert_info(fullcert); - lua_pushboolean(L, cInfo.valid); + lua_pushinteger(L, cInfo.result); lua_pushstring(L, cInfo.subject.c_str()); lua_pushstring(L, cInfo.issuer.c_str()); - lua_pushnumber(L, cInfo.version); + lua_pushinteger(L, cInfo.version); lua_pushstring(L, cInfo.serial_number.c_str()); lua_pushstring(L, cInfo.time_not_before.c_str()); lua_pushstring(L, cInfo.time_not_after.c_str()); @@ -55,7 +64,7 @@ static int l_getX509Infos(lua_State *L) lua_pushstring(L, cInfo.v3ext_subjkey_id.c_str()); lua_pushstring(L, cInfo.v3ext_subjkey_id_critical.c_str()); - return 18; // Note: the lua stack has only (at least) 20 free slots! + return 18; // Note: the lua stack has only (at least) 20 free slots! } Decoder v2g_message_decoder; @@ -183,6 +192,7 @@ extern "C" {"initValidator", l_validate_init}, {"cleanupValidator", l_validate_cleanup}, {"getX509Infos", l_getX509Infos}, + {"getGnuTLSErrorDescr", l_getGnuTlsErrorDescription}, {NULL, NULL}}; #if LUA_VERSION_NUM > 501 luaL_newlib(L, LuaDecoderLib); @@ -191,4 +201,4 @@ extern "C" #endif return 1; } -} \ No newline at end of file +} diff --git a/Wireshark/plugins/v2gcommon.lua b/Wireshark/plugins/v2gcommon.lua index 6ff82a1..a6639c8 100644 --- a/Wireshark/plugins/v2gcommon.lua +++ b/Wireshark/plugins/v2gcommon.lua @@ -63,7 +63,7 @@ function v2gcommon.load_v2gLib() end end -v2gcommon.DS_V2GSHARK_VERSION = "1.4.2" -- DO NOT CHANGE +v2gcommon.DS_V2GSHARK_VERSION = "1.4.3" -- DO NOT CHANGE -- extend path (where to load .lua files) if not string.find(v2gcommon.get_plugins_file_path(), package.path) then diff --git a/Wireshark/plugins/v2gmsg.lua b/Wireshark/plugins/v2gmsg.lua index 83c2f9d..6c143a8 100644 --- a/Wireshark/plugins/v2gmsg.lua +++ b/Wireshark/plugins/v2gmsg.lua @@ -137,63 +137,76 @@ local function add_expert_info(message, tree, pinfo, expertinfo) end end +local function add_certificate_subtree(xml_table, cert_element, dissector_field, pinfo) + + if string.len(xml_table.value) > 150 then -- cut too long strings + cert_element:set_text(xml_table.name .. ": " .. xml_table.value:sub(0, 150) .. "(...)") + else + cert_element:set_text(xml_table.name .. ": " .. xml_table.value) + end + + local result_code, + subj, + issuer, + version, + serial, + not_before, + not_after, + sig_algo, + sig_value, + pk_algo, + spk_curve, + spk_pub, + v3_constraint, + v3_constraint_CA, + v3_key_usage, + v3_key_usage_crit, + v3_sk_ID, + v3_sk_ID_crit = v2g_lib.getX509Infos(xml_table.value) + if result_code < 0 then + local cert_err_tree = cert_element:add(dissector_field, math.floor(result_code)) + local err_description = v2g_lib.getGnuTLSErrorDescr(math.floor(result_code)) + cert_err_tree:set_text("GnuTLS error code: " .. math.floor(result_code) .. " (" .. err_description .. ")") + add_expert_info("A GnuTLS error (" .. math.floor(result_code) .. ") was encountered while trying to process this certificate.", cert_err_tree, pinfo, ef_warning_generic) + end + cert_element:add(dissector_field, subj):set_text("Subject: " .. subj) + cert_element:add(dissector_field, issuer):set_text("Issuer: " .. issuer) + if version < 0 then + cert_element:add(dissector_field, version):set_text( + "Version: ERROR" + ) + else + cert_element:add(dissector_field, version):set_text( + "Version: v" .. (version + 1) .. " (" .. version .. ")" + ) -- certificate version is always +1 according to the standard + end + cert_element:add(dissector_field, serial):set_text("Serial Number: " .. serial) + cert_element:add(dissector_field, not_before):set_text("Not Valid Before: " .. not_before) + cert_element:add(dissector_field, not_after):set_text("Not Valid After: " .. not_after) + cert_element:add(dissector_field, sig_algo):set_text("Signature Algorithm: " .. sig_algo) + cert_element:add(dissector_field, sig_value):set_text("Signature Value: " .. sig_value) + cert_element:add(dissector_field, pk_algo):set_text("Public Key Algorithm: " .. pk_algo) + cert_element:add(dissector_field, spk_curve):set_text("Subject Public Key - Curve: " .. spk_curve) + cert_element:add(dissector_field, spk_pub):set_text("Subject Public Key - RAW: " .. spk_pub) + local x509_v3_element = cert_element:add(dissector_field, "X509v3") + x509_v3_element:set_text("X509v3") + x509_v3_element:add(dissector_field, v3_constraint):set_text("Basic Constraint: " .. v3_constraint) + x509_v3_element:add(dissector_field, v3_constraint_CA):set_text( + "Basic Constraint CA: " .. v3_constraint_CA + ) + x509_v3_element:add(dissector_field, v3_key_usage_crit):set_text("Key Usage: " .. v3_key_usage_crit) + x509_v3_element:add(dissector_field, v3_key_usage):set_text("Key Usage: " .. v3_key_usage) + x509_v3_element:add(dissector_field, v3_sk_ID_crit):set_text("Subject Key ID: " .. v3_sk_ID_crit) + x509_v3_element:add(dissector_field, v3_sk_ID):set_text("Subject Key ID: " .. v3_sk_ID) +end + local function add_xml_table_to_tree(xml_table, tree_out, dissector_field, pinfo) local new_element if xml_table.value ~= "" then -- special handling for certificates if xml_table.name == "Certificate" or xml_table.name == "OEMProvisioningCert" then local cert_element = tree_out:add(dissector_field, xml_table.value) - if string.len(xml_table.value) > 150 then -- cut too long strings - cert_element:set_text(xml_table.name .. ": " .. xml_table.value:sub(0, 150) .. "(...)") - else - cert_element:set_text(xml_table.name .. ": " .. xml_table.value) - end - - local valid, - subj, - issuer, - version, - serial, - not_before, - not_after, - sig_algo, - sig_value, - pk_algo, - spk_curve, - spk_pub, - v3_constraint, - v3_constraint_CA, - v3_key_usage, - v3_key_usage_crit, - v3_sk_ID, - v3_sk_ID_crit = v2g_lib.getX509Infos(xml_table.value) - if valid then - cert_element:add(dissector_field, subj):set_text("Subject: " .. subj) - cert_element:add(dissector_field, issuer):set_text("Issuer: " .. issuer) - cert_element:add(dissector_field, version):set_text( - "Version: v" .. (version + 1) .. " (" .. version .. ")" - ) -- certificate version is always +1 according to the standard - cert_element:add(dissector_field, serial):set_text("Serial Number: 0x" .. serial) - cert_element:add(dissector_field, not_before):set_text("Not Valid Before: " .. not_before) - cert_element:add(dissector_field, not_after):set_text("Not Valid After: " .. not_after) - cert_element:add(dissector_field, sig_algo):set_text("Signature Algorithm: " .. sig_algo) - cert_element:add(dissector_field, sig_value):set_text("Signature Value: " .. sig_value) - cert_element:add(dissector_field, pk_algo):set_text("Public Key Algorithm: " .. pk_algo) - cert_element:add(dissector_field, spk_curve):set_text("Subject Public Key - Curve: " .. spk_curve) - cert_element:add(dissector_field, spk_pub):set_text("Subject Public Key - RAW: " .. spk_pub) - local x509_v3_element = cert_element:add(dissector_field, "X509v3") - x509_v3_element:set_text("X509v3") - x509_v3_element:add(dissector_field, v3_constraint):set_text("Basic Constraint: " .. v3_constraint) - x509_v3_element:add(dissector_field, v3_constraint_CA):set_text( - "Basic Constraint CA: " .. v3_constraint_CA - ) - x509_v3_element:add(dissector_field, v3_key_usage_crit):set_text("Key Usage: " .. v3_key_usage_crit) - x509_v3_element:add(dissector_field, v3_key_usage):set_text("Key Usage: " .. v3_key_usage) - x509_v3_element:add(dissector_field, v3_sk_ID_crit):set_text("Subject Key ID: " .. v3_sk_ID_crit) - x509_v3_element:add(dissector_field, v3_sk_ID):set_text("Subject Key ID: " .. v3_sk_ID) - else - add_expert_info("INVALID CERTIFICATE", cert_element, pinfo, ef_warning_generic) - end + add_certificate_subtree(xml_table, cert_element, dissector_field, pinfo) else new_element = tree_out:add(dissector_field, xml_table.value) new_element:set_text(xml_table.name .. ": " .. xml_table.value) diff --git a/Wireshark/plugins/v2gtp.lua b/Wireshark/plugins/v2gtp.lua index ce676bd..dab8ea0 100644 --- a/Wireshark/plugins/v2gtp.lua +++ b/Wireshark/plugins/v2gtp.lua @@ -30,6 +30,10 @@ p_v2gtp.prefs["versioninfo"] = Pref.statictext("Version " .. v2gcommon.DS_V2GSHA local V2GTP_HDR_LENGTH = 8 +local function get_v2gtp_length(buf, pktinfo, offset) + return buf(offset + 4,4):uint() + V2GTP_HDR_LENGTH +end + local f_pv = ProtoField.uint8("v2gtp.protoversion", "Protocol Version", base.HEX) local f_ipv = ProtoField.uint8("v2gtp.inverseprotoversion", "Inverse Protocol Version", base.HEX) local f_pt = ProtoField.uint16("v2gtp.payloadtype", "Payload Type", base.HEX) @@ -77,10 +81,6 @@ p_v2gtp.fields = {f_pv, f_ipv, f_pt, f_len} -- PDU dissection function local function v2gtp_pdu_dissect(buf, pinfo, root) - if tostring(buf(0, 2)) ~= "01fe" then - return 0 - end - local p_type_num = buf(2, 2):uint() local prev_proto = tostring(pinfo.cols.protocol) @@ -171,7 +171,17 @@ end -- main dissection function function p_v2gtp.dissector(buf, pinfo, root) - return v2gtp_pdu_dissect(buf, pinfo, root) + -- plausibility checks + if buf:len() < V2GTP_HDR_LENGTH then return 0 end + if tostring(buf(0, 2)) ~= "01fe" then return 0 end + + -- if above TCP we need to assemble the PDU + if pinfo.port_type == 2 then + dissect_tcp_pdus(buf, root, V2GTP_HDR_LENGTH, get_v2gtp_length, v2gtp_pdu_dissect) + return buf:len() + else + return v2gtp_pdu_dissect(buf, pinfo, root) + end end -- initialization routine