Skip to content

Commit

Permalink
Merge branch 'riebl:master' into feature/security
Browse files Browse the repository at this point in the history
  • Loading branch information
khevessy authored Nov 15, 2024
2 parents 877d181 + 08ec1b7 commit f8d1204
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 8 deletions.
3 changes: 2 additions & 1 deletion tools/fuzz-harness/compile.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#!/bin/bash -eu
#!/bin/bash
set -eu

if [[ ! -d "/AFLplusplus" ]] ; then
echo "This script shall be run inside the AFL++ container"
Expand Down
5 changes: 3 additions & 2 deletions tools/fuzz-harness/docker.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#!/bin/bash -eu
#!/bin/bash
set -eu
HARNESS_DIR=$(realpath $(dirname $0))
SOURCE_DIR=$HARNESS_DIR/../..

Expand All @@ -12,4 +13,4 @@ docker run --rm -it \
-v$HARNESS_DIR/input:/input:ro \
-v$HARNESS_DIR/output:/output \
-e HOST_USER_ID=$(id -u) -e HOST_GROUP_ID=$(id -g) \
$IMAGE
$IMAGE
3 changes: 2 additions & 1 deletion tools/fuzz-harness/fuzz.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#!/bin/bash -eu
#!/bin/bash
set -eu
: ${FUZZ_INPUT:="$HOME/input"}
: ${FUZZ_OUTPUT:="$HOME/output"}
: ${FUZZ_BUILD:="$HOME/build"}
Expand Down
11 changes: 7 additions & 4 deletions vanetza/security/straight_verify_service.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -469,17 +469,20 @@ VerifyConfirm StraightVerifyService::verify(const v3::SecuredMessage& msg)
}

const v3::asn1::Certificate* certificate = boost::apply_visitor(certificate_lookup_visitor, signer_identifier);
if (!certificate && maybe_digest) {
if (msg.its_aid() == aid::CA && m_context_v3.m_sign_policy) {
if (!certificate) {
if (msg.its_aid() == aid::CA && m_context_v3.m_sign_policy && maybe_digest) {
// for received CAMs (having digest as signer identifier) with unknown AT we request the full AT certificate
m_context_v3.m_sign_policy->request_unrecognized_certificate(*maybe_digest);
}
confirm.report = VerificationReport::Signer_Certificate_Not_Found;
return confirm;
}

// code below can safely dereference certificate
assert(certificate != nullptr);

// check AT certificate's validity
if (certificate && m_context_v3.m_cert_validator) {
if (m_context_v3.m_cert_validator) {
auto verdict = m_context_v3.m_cert_validator->valid_for_signing(v3::CertificateView { certificate }, msg.its_aid());
if (verdict != v3::CertificateValidator::Verdict::Valid) {
confirm.report = VerificationReport::Invalid_Certificate;
Expand Down Expand Up @@ -538,7 +541,7 @@ VerifyConfirm StraightVerifyService::verify(const v3::SecuredMessage& msg)
}

// update certificate cache with received certificate
if (certificate && v3::contains_certificate(signer_identifier)) {
if (v3::contains_certificate(signer_identifier)) {
cache.store(v3::Certificate { *certificate });
}
}
Expand Down
6 changes: 6 additions & 0 deletions vanetza/security/v3/secured_message.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -377,6 +377,9 @@ PacketVariant SecuredMessage::payload() const
case Vanetza_Security_Ieee1609Dot2Content_PR_signedData:
buffer = get_payload(m_struct->content->choice.signedData);
break;
default:
// empty buffer as fallback
break;
}

return CohesivePacket { std::move(buffer), OsiLayer::Network };
Expand All @@ -391,6 +394,9 @@ void SecuredMessage::set_payload(const ByteBuffer& payload)
case Vanetza_Security_Ieee1609Dot2Content_PR_signedData:
vanetza::security::v3::set_payload(&m_struct->content->choice.signedData->tbsData->payload->data->content->choice.unsecuredData, payload);
break;
default:
// cannot copy payload into secured message
break;
}
}

Expand Down

0 comments on commit f8d1204

Please sign in to comment.