fix signature in MsgCertificateChain [GV2-193] (#1307)

Co-authored-by: Jason Mobarak <jason@swift-nav.com>

Author: notoriaga

c/include/libsbp/cpp/message_traits.h

@@ -1023,6 +1023,43 @@ struct MessageTraits<sbp_msg_cell_modem_status_t> {
   }
 };
 
+template <>
+struct MessageTraits<sbp_msg_certificate_chain_dep_t> {
+  static constexpr sbp_msg_type_t id = SbpMsgCertificateChainDep;
+  static constexpr const char *name = "MSG_CERTIFICATE_CHAIN_DEP";
+  static const sbp_msg_certificate_chain_dep_t &get(const sbp_msg_t &msg) {
+    return msg.certificate_chain_dep;
+  }
+  static sbp_msg_certificate_chain_dep_t &get(sbp_msg_t &msg) {
+    return msg.certificate_chain_dep;
+  }
+  static void to_sbp_msg(const sbp_msg_certificate_chain_dep_t &msg,
+                         sbp_msg_t *sbp_msg) {
+    sbp_msg->certificate_chain_dep = msg;
+  }
+  static sbp_msg_t to_sbp_msg(const sbp_msg_certificate_chain_dep_t &msg) {
+    sbp_msg_t sbp_msg;
+    sbp_msg.certificate_chain_dep = msg;
+    return sbp_msg;
+  }
+  static s8 send(sbp_state_t *state, u16 sender_id,
+                 const sbp_msg_certificate_chain_dep_t &msg,
+                 sbp_write_fn_t write) {
+    return sbp_msg_certificate_chain_dep_send(state, sender_id, &msg, write);
+  }
+  static s8 encode(uint8_t *buf, uint8_t len, uint8_t *n_written,
+                   const sbp_msg_certificate_chain_dep_t &msg) {
+    return sbp_msg_certificate_chain_dep_encode(buf, len, n_written, &msg);
+  }
+  static s8 decode(const uint8_t *buf, uint8_t len, uint8_t *n_read,
+                   sbp_msg_certificate_chain_dep_t *msg) {
+    return sbp_msg_certificate_chain_dep_decode(buf, len, n_read, msg);
+  }
+  static size_t encoded_len(const sbp_msg_certificate_chain_dep_t &msg) {
+    return sbp_msg_certificate_chain_dep_encoded_len(&msg);
+  }
+};
+
 template <>
 struct MessageTraits<sbp_msg_certificate_chain_t> {
   static constexpr sbp_msg_type_t id = SbpMsgCertificateChain;
@@ -1476,39 +1513,76 @@ struct MessageTraits<sbp_msg_ecdsa_certificate_t> {
 };
 
 template <>
-struct MessageTraits<sbp_msg_ecdsa_signature_dep_t> {
-  static constexpr sbp_msg_type_t id = SbpMsgEcdsaSignatureDep;
-  static constexpr const char *name = "MSG_ECDSA_SIGNATURE_DEP";
-  static const sbp_msg_ecdsa_signature_dep_t &get(const sbp_msg_t &msg) {
-    return msg.ecdsa_signature_dep;
+struct MessageTraits<sbp_msg_ecdsa_signature_dep_a_t> {
+  static constexpr sbp_msg_type_t id = SbpMsgEcdsaSignatureDepA;
+  static constexpr const char *name = "MSG_ECDSA_SIGNATURE_DEP_A";
+  static const sbp_msg_ecdsa_signature_dep_a_t &get(const sbp_msg_t &msg) {
+    return msg.ecdsa_signature_dep_a;
+  }
+  static sbp_msg_ecdsa_signature_dep_a_t &get(sbp_msg_t &msg) {
+    return msg.ecdsa_signature_dep_a;
+  }
+  static void to_sbp_msg(const sbp_msg_ecdsa_signature_dep_a_t &msg,
+                         sbp_msg_t *sbp_msg) {
+    sbp_msg->ecdsa_signature_dep_a = msg;
+  }
+  static sbp_msg_t to_sbp_msg(const sbp_msg_ecdsa_signature_dep_a_t &msg) {
+    sbp_msg_t sbp_msg;
+    sbp_msg.ecdsa_signature_dep_a = msg;
+    return sbp_msg;
+  }
+  static s8 send(sbp_state_t *state, u16 sender_id,
+                 const sbp_msg_ecdsa_signature_dep_a_t &msg,
+                 sbp_write_fn_t write) {
+    return sbp_msg_ecdsa_signature_dep_a_send(state, sender_id, &msg, write);
+  }
+  static s8 encode(uint8_t *buf, uint8_t len, uint8_t *n_written,
+                   const sbp_msg_ecdsa_signature_dep_a_t &msg) {
+    return sbp_msg_ecdsa_signature_dep_a_encode(buf, len, n_written, &msg);
+  }
+  static s8 decode(const uint8_t *buf, uint8_t len, uint8_t *n_read,
+                   sbp_msg_ecdsa_signature_dep_a_t *msg) {
+    return sbp_msg_ecdsa_signature_dep_a_decode(buf, len, n_read, msg);
+  }
+  static size_t encoded_len(const sbp_msg_ecdsa_signature_dep_a_t &msg) {
+    return sbp_msg_ecdsa_signature_dep_a_encoded_len(&msg);
+  }
+};
+
+template <>
+struct MessageTraits<sbp_msg_ecdsa_signature_dep_b_t> {
+  static constexpr sbp_msg_type_t id = SbpMsgEcdsaSignatureDepB;
+  static constexpr const char *name = "MSG_ECDSA_SIGNATURE_DEP_B";
+  static const sbp_msg_ecdsa_signature_dep_b_t &get(const sbp_msg_t &msg) {
+    return msg.ecdsa_signature_dep_b;
   }
-  static sbp_msg_ecdsa_signature_dep_t &get(sbp_msg_t &msg) {
-    return msg.ecdsa_signature_dep;
+  static sbp_msg_ecdsa_signature_dep_b_t &get(sbp_msg_t &msg) {
+    return msg.ecdsa_signature_dep_b;
   }
-  static void to_sbp_msg(const sbp_msg_ecdsa_signature_dep_t &msg,
+  static void to_sbp_msg(const sbp_msg_ecdsa_signature_dep_b_t &msg,
                          sbp_msg_t *sbp_msg) {
-    sbp_msg->ecdsa_signature_dep = msg;
+    sbp_msg->ecdsa_signature_dep_b = msg;
   }
-  static sbp_msg_t to_sbp_msg(const sbp_msg_ecdsa_signature_dep_t &msg) {
+  static sbp_msg_t to_sbp_msg(const sbp_msg_ecdsa_signature_dep_b_t &msg) {
     sbp_msg_t sbp_msg;
-    sbp_msg.ecdsa_signature_dep = msg;
+    sbp_msg.ecdsa_signature_dep_b = msg;
     return sbp_msg;
   }
   static s8 send(sbp_state_t *state, u16 sender_id,
-                 const sbp_msg_ecdsa_signature_dep_t &msg,
+                 const sbp_msg_ecdsa_signature_dep_b_t &msg,
                  sbp_write_fn_t write) {
-    return sbp_msg_ecdsa_signature_dep_send(state, sender_id, &msg, write);
+    return sbp_msg_ecdsa_signature_dep_b_send(state, sender_id, &msg, write);
   }
   static s8 encode(uint8_t *buf, uint8_t len, uint8_t *n_written,
-                   const sbp_msg_ecdsa_signature_dep_t &msg) {
-    return sbp_msg_ecdsa_signature_dep_encode(buf, len, n_written, &msg);
+                   const sbp_msg_ecdsa_signature_dep_b_t &msg) {
+    return sbp_msg_ecdsa_signature_dep_b_encode(buf, len, n_written, &msg);
   }
   static s8 decode(const uint8_t *buf, uint8_t len, uint8_t *n_read,
-                   sbp_msg_ecdsa_signature_dep_t *msg) {
-    return sbp_msg_ecdsa_signature_dep_decode(buf, len, n_read, msg);
+                   sbp_msg_ecdsa_signature_dep_b_t *msg) {
+    return sbp_msg_ecdsa_signature_dep_b_decode(buf, len, n_read, msg);
   }
-  static size_t encoded_len(const sbp_msg_ecdsa_signature_dep_t &msg) {
-    return sbp_msg_ecdsa_signature_dep_encoded_len(&msg);
+  static size_t encoded_len(const sbp_msg_ecdsa_signature_dep_b_t &msg) {
+    return sbp_msg_ecdsa_signature_dep_b_encoded_len(&msg);
   }
 };
 

c/include/libsbp/legacy/cpp/message_traits.h

@@ -1186,23 +1186,35 @@ struct MessageTraits<msg_ecdsa_certificate_t> {
 
 
 template<>
-struct MessageTraits<msg_certificate_chain_t> {
+struct MessageTraits<msg_certificate_chain_dep_t> {
   static constexpr u16 id = 3077;
 };
 
 
 template<>
-struct MessageTraits<msg_ecdsa_signature_dep_t> {
+struct MessageTraits<msg_ecdsa_signature_dep_a_t> {
   static constexpr u16 id = 3078;
 };
 
 
 template<>
-struct MessageTraits<msg_ecdsa_signature_t> {
+struct MessageTraits<msg_ecdsa_signature_dep_b_t> {
   static constexpr u16 id = 3079;
 };
 
 
+template<>
+struct MessageTraits<msg_ecdsa_signature_t> {
+  static constexpr u16 id = 3080;
+};
+
+
+template<>
+struct MessageTraits<msg_certificate_chain_t> {
+  static constexpr u16 id = 3081;
+};
+
+
 template<>
 struct MessageTraits<msg_fileio_config_req_t> {
   static constexpr u16 id = 4097;

c/include/libsbp/legacy/signing.h

@@ -39,6 +39,14 @@ typedef struct SBP_ATTR_PACKED {
   u32 ns;     /**< nanoseconds of second (range 0-999999999) [nanoseconds] */
 } utc_time_t;
 
+typedef struct SBP_ATTR_PACKED {
+  u8 len;      /**< Number of bytes to use of the signature field.  The DER
+                    encoded signature has a maximum size of 72 bytes but can
+                    vary between 70 and 72 bytes in length. */
+  u8 data[72]; /**< DER encoded ECDSA signature for the messages using SHA-256
+                    as the digest algorithm. */
+} ecdsa_signature_t;
+
 /** An ECDSA certificate split over multiple messages
  *
  * A DER encoded x.509 ECDSA-256 certificate (using curve secp256r1).
@@ -56,6 +64,41 @@ typedef struct SBP_ATTR_PACKED {
   u8 certificate_bytes[0]; /**< DER encoded x.509 ECDSA certificate bytes */
 } msg_ecdsa_certificate_t;
 
+typedef struct SBP_ATTR_PACKED {
+  u8 root_certificate[20];         /**< SHA-1 fingerprint of the root
+                                        certificate */
+  u8 intermediate_certificate[20]; /**< SHA-1 fingerprint of the intermediate
+                                        certificate */
+  u8 corrections_certificate[20];  /**< SHA-1 fingerprint of the corrections
+                                        certificate */
+  utc_time_t expiration;           /**< The time after which the
+                                        signature given is no longer
+                                        valid. Implementors should
+                                        consult a time source (such as
+                                        GNSS) to check if the current
+                                        time is later than the
+                                        expiration time, if the
+                                        condition is true, signatures
+                                        in the stream should not be
+                                        considered valid. */
+  ecdsa_signature_t signature;     /**< Signature (created by
+                                        the root certificate)
+                                        over the concatenation
+                                        of the SBP payload bytes
+                                        preceding this field.
+                                        That is, the
+                                        concatenation of
+                                        `root_certificate`,
+                                        `intermediate_certificate`,
+                                        `corrections_certificate`
+                                        and `expiration`.  This
+                                        certificate chain (allow
+                                        list) can also be
+                                        validated by fetching it
+                                        from
+                                        `http(s)://certs.swiftnav.com/chain`. */
+} msg_certificate_chain_t;
+
 typedef struct SBP_ATTR_PACKED {
   u8 root_certificate[20];         /**< SHA-1 fingerprint of the root
                                         certificate */
@@ -79,7 +122,42 @@ typedef struct SBP_ATTR_PACKED {
                                         (allow list) can also be validated by
                                         fetching it from
                                         `http(s)://certs.swiftnav.com/chain`. */
-} msg_certificate_chain_t;
+} msg_certificate_chain_dep_t;
+
+/** An ECDSA signature
+ *
+ * An ECDSA-256 signature using SHA-256 as the message digest algorithm.
+ */
+
+typedef struct SBP_ATTR_PACKED {
+  u8 flags;             /**< Describes the format of the `signed\_messages`
+                             field below. */
+  u8 stream_counter;    /**< Signature message counter. Zero indexed and
+                             incremented with each signature message.  The
+                             counter will not increment if this message was
+                             in response to an on demand request.  The
+                             counter will roll over after 256 messages.
+                             Upon connection, the value of the counter may
+                             not initially be zero. */
+  u8 on_demand_counter; /**< On demand message counter. Zero indexed and
+                             incremented with each signature message sent
+                             in response to an on demand message. The
+                             counter will roll over after 256 messages.
+                             Upon connection, the value of the counter may
+                             not initially be zero. */
+  u8 certificate_id[4]; /**< The last 4 bytes of the certificate's SHA-1
+                             fingerprint */
+  ecdsa_signature_t signature; /**< Signature over the frames of
+                                    this message group. */
+  u8 signed_messages[0];       /**< CRCs of the messages covered by this
+                                    signature.  For Skylark, which delivers SBP
+                                    messages wrapped in Swift's proprietary RTCM
+                                    message, these are the 24-bit CRCs from the
+                                    RTCM message framing. For SBP only streams,
+                                    this will be 16-bit CRCs from the SBP framing.
+                                    See the `flags` field to determine the type of
+                                    CRCs covered. */
+} msg_ecdsa_signature_t;
 
 /** An ECDSA signature
  *
@@ -118,7 +196,7 @@ typedef struct SBP_ATTR_PACKED {
                               this will be 16-bit CRCs from the SBP framing.
                               See the `flags` field to determine the type of
                               CRCs covered. */
-} msg_ecdsa_signature_t;
+} msg_ecdsa_signature_dep_b_t;
 
 /** An ECDSA signature
  *
@@ -153,7 +231,7 @@ typedef struct SBP_ATTR_PACKED {
                               this will be 16-bit CRCs from the SBP framing.
                               See the `flags` field to determine the type of
                               CRCs covered. */
-} msg_ecdsa_signature_dep_t;
+} msg_ecdsa_signature_dep_a_t;
 
 typedef struct SBP_ATTR_PACKED {
   u8 n_msg;                /**< Total number messages that make up the

c/include/libsbp/sbp_msg_type.h

@@ -80,6 +80,7 @@ typedef enum {
   SbpMsgBootloaderHandshakeResp = SBP_MSG_BOOTLOADER_HANDSHAKE_RESP,
   SbpMsgBootloaderJumpToApp = SBP_MSG_BOOTLOADER_JUMP_TO_APP,
   SbpMsgCellModemStatus = SBP_MSG_CELL_MODEM_STATUS,
+  SbpMsgCertificateChainDep = SBP_MSG_CERTIFICATE_CHAIN_DEP,
   SbpMsgCertificateChain = SBP_MSG_CERTIFICATE_CHAIN,
   SbpMsgCommandOutput = SBP_MSG_COMMAND_OUTPUT,
   SbpMsgCommandReq = SBP_MSG_COMMAND_REQ,
@@ -93,7 +94,8 @@ typedef enum {
   SbpMsgDopsDepA = SBP_MSG_DOPS_DEP_A,
   SbpMsgDops = SBP_MSG_DOPS,
   SbpMsgEcdsaCertificate = SBP_MSG_ECDSA_CERTIFICATE,
-  SbpMsgEcdsaSignatureDep = SBP_MSG_ECDSA_SIGNATURE_DEP,
+  SbpMsgEcdsaSignatureDepA = SBP_MSG_ECDSA_SIGNATURE_DEP_A,
+  SbpMsgEcdsaSignatureDepB = SBP_MSG_ECDSA_SIGNATURE_DEP_B,
   SbpMsgEcdsaSignature = SBP_MSG_ECDSA_SIGNATURE,
   SbpMsgEd25519CertificateDep = SBP_MSG_ED25519_CERTIFICATE_DEP,
   SbpMsgEd25519SignatureDepA = SBP_MSG_ED25519_SIGNATURE_DEP_A,