Merge pull request #149 from c-jimenez/fix/base64_encode_decode

c-jimenez · web-flow · commit 94a8523aeea6 · 2023-09-18T22:23:41.000+02:00
Fix base64 encode/decode + signature check during signed firmware update procedure
diff --git a/examples/common/DefaultChargePointEventsHandler.cpp b/examples/common/DefaultChargePointEventsHandler.cpp
@@ -691,9 +691,13 @@ ocpp::types::UpdateFirmwareStatusEnumType DefaultChargePointEventsHandler::check
     if (!ca_certificates.empty())
     {
         // Check signing certificate
-        if (signing_certificate.verify(ca_certificates))
+        for (const auto& cer : ca_certificates)
         {
-            ret = UpdateFirmwareStatusEnumType::Accepted;
+            if (signing_certificate.verify(cer.certificateChain()))
+            {
+                ret = UpdateFirmwareStatusEnumType::Accepted;
+                break;
+            }
         }
     }
     else
diff --git a/src/tools/x509/Base64.cpp b/src/tools/x509/Base64.cpp
@@ -35,15 +35,15 @@ std::string encode(const void* data, size_t size)
     if (data && (size != 0))
     {
         // Prepare buffer at the maximum data length
-        b64_str.resize((4u * size) / 3u + 10u);
+        b64_str.resize((4u * (size + 2u)) / 3u);
 
         // Encode data
         int encoded_size = EVP_EncodeBlock(
             reinterpret_cast<unsigned char*>(&b64_str[0]), reinterpret_cast<const unsigned char*>(data), static_cast<int>(size));
         if (encoded_size >= 0)
         {
             // Resize output
-            b64_str.resize(static_cast<unsigned int>(encoded_size));
+            b64_str.resize(static_cast<size_t>(encoded_size));
         }
         else
         {
@@ -63,15 +63,23 @@ std::vector<uint8_t> decode(const std::string& b64_str)
     if (b64_str.size() != 0)
     {
         // Prepare buffer at the maximum data length
-        data.resize((3u * b64_str.size()) / 4u + 10u);
+        data.resize((3u * b64_str.size()) / 4u);
 
         // Decode data
         int decoded_size =
             EVP_DecodeBlock(&data[0], reinterpret_cast<const unsigned char*>(b64_str.c_str()), static_cast<int>(b64_str.size()));
         if (decoded_size >= 0)
         {
             // Resize output
-            data.resize(static_cast<unsigned int>(decoded_size));
+            if (b64_str[b64_str.size() - 1u] == '=')
+            {
+                decoded_size--;
+            }
+            if (b64_str[b64_str.size() - 2u] == '=')
+            {
+                decoded_size--;
+            }
+            data.resize(static_cast<size_t>(decoded_size));
         }
         else
         {
diff --git a/tests/tools/test_x509.cpp b/tests/tools/test_x509.cpp
@@ -723,21 +723,32 @@ TEST_SUITE("Base64")
 {
     TEST_CASE("Encode/Decode nominal")
     {
-        // Data to encode
-        const std::string input_data =
-            "This string could have been some binary data but it is way more easier to do it with human readable data instead :) !";
-
-        // Expected result
-        const std::string expected_result = "VGhpcyBzdHJpbmcgY291bGQgaGF2ZSBiZWVuIHNvbWUgYmluYXJ5IGRhdGEgYnV0IGl0IGlzIHdheSBtb3JlIGVhc2llci"
-                                            "B0byBkbyBpdCB3aXRoIGh1bWFuIHJlYWRhYmxlIGRhdGEgaW5zdGVhZCA6KSAh";
-
-        // Check encoding
-        CHECK_EQ(ocpp::x509::base64::encode(input_data.c_str(), input_data.size()), expected_result);
-
-        // Check decoding
-        std::vector<uint8_t> decoded_data = ocpp::x509::base64::decode(expected_result);
-        std::string          decoded_data_str(reinterpret_cast<char*>(&decoded_data[0]), decoded_data.size());
-        CHECK_EQ(decoded_data_str, input_data);
+        // input_vector1 = defghijklmnopqrssrqponmlkjihgfed
+        // input_vector2 = FGHIJKLMNOPQRSTU
+        // input_vector3 = 012345678901
+        std::vector<uint8_t> input_vector1 = {100u, 101u, 102u, 103u, 104u, 105u, 106u, 107u, 108u, 109u, 110u,
+                                              111u, 112u, 113u, 114u, 115u, 115u, 114u, 113u, 112u, 111u, 110u,
+                                              109u, 108u, 107u, 106u, 105u, 104u, 103u, 102u, 101u, 100u};
+        std::vector<uint8_t> input_vector2 = {70u, 71u, 72u, 73u, 74u, 75u, 76u, 77u, 78u, 79u, 80u, 81u, 82u, 83u, 84u, 85u};
+        std::vector<uint8_t> input_vector3 = {48u, 49u, 50u, 51u, 52u, 53u, 54u, 55u, 56u, 57u, 48u, 49u};
+
+        // Encode with 1 trailing '='
+        auto encoded_vector1 = ocpp::x509::base64::encode(input_vector1.data(), input_vector1.size());
+        CHECK_EQ(encoded_vector1, "ZGVmZ2hpamtsbW5vcHFyc3NycXBvbm1sa2ppaGdmZWQ=");
+        auto decoded_vector1 = ocpp::x509::base64::decode(encoded_vector1);
+        CHECK_EQ(decoded_vector1, input_vector1);
+
+        // Encode with 2 trailing '='
+        auto encoded_vector2 = ocpp::x509::base64::encode(input_vector2.data(), input_vector2.size());
+        CHECK_EQ(encoded_vector2, "RkdISUpLTE1OT1BRUlNUVQ==");
+        auto decoded_vector2 = ocpp::x509::base64::decode(encoded_vector2);
+        CHECK_EQ(decoded_vector2, input_vector2);
+
+        // Encode without trailing '='
+        auto encoded_vector3 = ocpp::x509::base64::encode(input_vector3.data(), input_vector3.size());
+        CHECK_EQ(encoded_vector3, "MDEyMzQ1Njc4OTAx");
+        auto decoded_vector3 = ocpp::x509::base64::decode(encoded_vector3);
+        CHECK_EQ(decoded_vector3, input_vector3);
     }
 
     TEST_CASE("Encode/Decode limits")

Original file line number	Diff line number	Diff line change
`@@ -691,9 +691,13 @@ ocpp::types::UpdateFirmwareStatusEnumType DefaultChargePointEventsHandler::check`
`691`	`691`	`if (!ca_certificates.empty())`
`692`	`692`	`{`
`693`	`693`	`// Check signing certificate`
`694`		`- if (signing_certificate.verify(ca_certificates))`
	`694`	`+ for (const auto& cer : ca_certificates)`
`695`	`695`	`{`
`696`		`- ret = UpdateFirmwareStatusEnumType::Accepted;`
	`696`	`+ if (signing_certificate.verify(cer.certificateChain()))`
	`697`	`+ {`
	`698`	`+ ret = UpdateFirmwareStatusEnumType::Accepted;`
	`699`	`+ break;`
	`700`	`+ }`
`697`	`701`	`}`
`698`	`702`	`}`
`699`	`703`	`else`
Original file line number	Diff line number	Diff line change
`@@ -35,15 +35,15 @@ std::string encode(const void* data, size_t size)`
`35`	`35`	`if (data && (size != 0))`
`36`	`36`	`{`
`37`	`37`	`// Prepare buffer at the maximum data length`
`38`		`- b64_str.resize((4u * size) / 3u + 10u);`
	`38`	`+ b64_str.resize((4u * (size + 2u)) / 3u);`
`39`	`39`
`40`	`40`	`// Encode data`
`41`	`41`	`int encoded_size = EVP_EncodeBlock(`
`42`	`42`	`reinterpret_cast<unsigned char>(&b64_str[0]), reinterpret_cast<const unsigned char>(data), static_cast<int>(size));`
`43`	`43`	`if (encoded_size >= 0)`
`44`	`44`	`{`
`45`	`45`	`// Resize output`
`46`		`- b64_str.resize(static_cast<unsigned int>(encoded_size));`
	`46`	`+ b64_str.resize(static_cast<size_t>(encoded_size));`
`47`	`47`	`}`
`48`	`48`	`else`
`49`	`49`	`{`
`@@ -63,15 +63,23 @@ std::vector<uint8_t> decode(const std::string& b64_str)`
`63`	`63`	`if (b64_str.size() != 0)`
`64`	`64`	`{`
`65`	`65`	`// Prepare buffer at the maximum data length`
`66`		`- data.resize((3u * b64_str.size()) / 4u + 10u);`
	`66`	`+ data.resize((3u * b64_str.size()) / 4u);`
`67`	`67`
`68`	`68`	`// Decode data`
`69`	`69`	`int decoded_size =`
`70`	`70`	`EVP_DecodeBlock(&data[0], reinterpret_cast<const unsigned char*>(b64_str.c_str()), static_cast<int>(b64_str.size()));`
`71`	`71`	`if (decoded_size >= 0)`
`72`	`72`	`{`
`73`	`73`	`// Resize output`
`74`		`- data.resize(static_cast<unsigned int>(decoded_size));`
	`74`	`+ if (b64_str[b64_str.size() - 1u] == '=')`
	`75`	`+ {`
	`76`	`+ decoded_size--;`
	`77`	`+ }`
	`78`	`+ if (b64_str[b64_str.size() - 2u] == '=')`
	`79`	`+ {`
	`80`	`+ decoded_size--;`
	`81`	`+ }`
	`82`	`+ data.resize(static_cast<size_t>(decoded_size));`
`75`	`83`	`}`
`76`	`84`	`else`
`77`	`85`	`{`