security_services.hh 7.23 KB
Newer Older
garciay's avatar
garciay committed
1
2
3
4
5
6
7
8
#pragma once

#include <memory>

#include "Params.hh"

#include "security_db.hh"

garciay's avatar
garciay committed
9
#include "security_ecc.hh"
garciay's avatar
garciay committed
10
11

class OCTETSTRING;
12
class CHARSTRING;
garciay's avatar
garciay committed
13
14
15
16
17
18
19
20
21

namespace IEEE1609dot2BaseTypes {
  class HashAlgorithm;
  class Signature;}

namespace IEEE1609dot2 {
  class Ieee1609Dot2Data;
  class Ieee1609Dot2Content;
  class ToBeSignedData;
garciay's avatar
garciay committed
22
23
  class SignedData;
  class EncryptedData;
garciay's avatar
garciay committed
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
  class SignerIdentifier;
}

/*!
 * \class security_services
 * \brief This class provides security services for all layers as specified in TSI TS 102 723-8 and ETSI TS 103 097
 * \remark Singleton pattern
 */
class security_services {

  static constexpr unsigned int ProtocolVersion = 3;
  
  /*!
   * \brief Unique static object reference of this class
   */
garciay's avatar
garciay committed
39
  static security_services* instance;
40
41

  Params _params;
42
  bool _setup_done;
garciay's avatar
garciay committed
43
44
  std::unique_ptr<security_ecc> _ec_keys_enc;
  std::unique_ptr<security_ecc> _ec_keys_dec;
garciay's avatar
garciay committed
45
  std::unique_ptr<security_cache> _security_cache;
garciay's avatar
garciay committed
46
  std::unique_ptr<security_db> _security_db;
garciay's avatar
garciay committed
47
  unsigned long long _last_generation_time;
garciay's avatar
garciay committed
48
  std::vector<unsigned char> _unknown_certificate;
garciay's avatar
garciay committed
49
50
51
  int _latitude;
  int _longitude;
  int _elevation;
garciay's avatar
garciay committed
52
  
garciay's avatar
garciay committed
53
54
55
56
57
58
59
60
  /*!
   * \brief Default private ctor
   */
  security_services();
  /*!
   * \brief Default private dtor
   */
  ~security_services() {
61
    _ec_keys_enc.reset(nullptr);
garciay's avatar
garciay committed
62
63
    _security_db.reset(nullptr);
    _security_cache.reset(nullptr);
garciay's avatar
garciay committed
64
65
66
67
68
69
70
71
72
73
    if (instance != NULL) {
      delete instance;
      instance = NULL;
    }
  };
  
public: /*! \publicsection */
  /*!
   * \brief Public accessor to the single object reference
   */
garciay's avatar
garciay committed
74
  inline static security_services& get_instance() {
garciay's avatar
garciay committed
75
76
77
78
79
    if (instance == NULL) instance = new security_services();
    return *instance;
  };

  /*!
80
81
82
   * \fn int verify_and_extract_gn_payload(const OCTETSTRING& p_secured_gn_payload, const bool p_verify, OCTETSTRING& p_unsecured_gn_payload, Params& p_params);
   * \brief Verify and extract the unsecured payload from the provided secured payload.
   *        The secured payload could signed only, encryted only or signed and encrypted
garciay's avatar
garciay committed
83
84
   * \param[in] p_secured_gn_payload The secured payload to be processed
   * \param[in] p_verify Set to true if security checks shall be applied
garciay's avatar
garciay committed
85
86
87
   * \param[out] p_unsecured_gn_payload The extracted payload
   * \param[out] p_ieee_1609dot2_data The secured message
   * \param[inout] p_params The Test System parameters
garciay's avatar
garciay committed
88
89
   * \return 0 on success, negative value otherwise
   */
garciay's avatar
garciay committed
90
  int verify_and_extract_gn_payload(const OCTETSTRING& p_secured_gn_payload, const bool p_verify, IEEE1609dot2::Ieee1609Dot2Data& p_ieee_1609dot2_data, OCTETSTRING& p_unsecured_gn_payload, Params& p_params);
91
92
93
94
95
96
97
98
  /*!
   * \fn int secure_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_secured_gn_payload, Params& p_params);
   * \brief Apply security to the provided unsecured payload
   * \param[in] p_unsecured_gn_payload The unsecured payload to be processed
   * \param[in] p_secured_gn_payload The secured payload
   * \param[in] p_params The Test System parameters
   * \return 0 on success, negative value otherwise
   */
garciay's avatar
garciay committed
99
  int secure_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_secured_gn_payload, Params& p_params);
garciay's avatar
garciay committed
100
101
102
  
  int setup(Params &p_params);
  
103
  int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y);
garciay's avatar
garciay committed
104
105

  inline void set_position(const int p_latitude, const int p_longitude, const int p_elevation = 0) { _latitude = p_latitude; _longitude = p_longitude; _elevation = p_elevation; };
garciay's avatar
garciay committed
106
  
107
108
  int read_certificate(const CHARSTRING& p_certificate_id, OCTETSTRING& p_certificate) const;
  int read_certificate_digest(const CHARSTRING& p_certificate_id, OCTETSTRING& p_digest) const;
109
  int read_certificate_from_digest(const OCTETSTRING& p_digest, CHARSTRING& p_certificate_id) const;
110
  int read_private_key(const CHARSTRING& p_certificate_id, OCTETSTRING& p_private_key) const;
garciay's avatar
garciay committed
111
  int read_private_enc_key(const CHARSTRING& p_certificate_id, OCTETSTRING& p_private_enc_key) const;
112
  
garciay's avatar
garciay committed
113
114
private:
  /*!
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
   * \fn int sign_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_signed_gn_payload, Params& p_params);
   * \brief Sign the payload according provided parameters
   * \param[in] p_unsecured_gn_payload The payload to be signed
   * \param[in] p_signed_gn_payload The signed payload
   * \param[in] p_params The Test System parameters
   * \return 0 on success, negative value otherwise
   */
  int sign_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_signed_gn_payload, Params& p_params);
  /*!
   * \fn int encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_signed_gn_payload, Params& p_params);
   * \brief Encrypt the payload according provided parameters
   * \param[in] p_unsecured_gn_payload The payload to be encrypted
   * \param[in] p_enc_gn_payload The encrypted payload
   * \param[in] p_params The Test System parameters
   * \return 0 on success, negative value otherwise
   */
  int encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_enc_gn_payload, Params& p_params);
  /*!
   * \fn int process_ieee_1609_dot2_content(const IEEE1609dot2::Ieee1609Dot2Content& p_ieee_1609_dot2_content, const bool p_verify, OCTETSTRING& p_unsecured_payload, Params& p_params);
   * \brief Verify and extract the unsecured payload from the IEEE1609dot2::Ieee1609Dot2Content data structure
garciay's avatar
garciay committed
135
136
137
138
139
   * \param[in] p_content The secured content to be processed
   * \param[in] p_verify Set to true if security checks shall be applied
   * \param[in] p_unsecured_payload The extracted payload
   * \return 0 on success, negative value otherwise
   */
garciay's avatar
garciay committed
140
141
142
  int process_ieee_1609_dot2_content(const IEEE1609dot2::Ieee1609Dot2Content& p_ieee_1609_dot2_content, const bool p_verify, OCTETSTRING& p_unsecured_payload, Params& p_params);
  int process_ieee_1609_dot2_signed_data(const IEEE1609dot2::SignedData& p_signed_data, const bool p_verify, OCTETSTRING& p_unsecured_payload, Params& p_params);
  int process_ieee_1609_dot2_encrypted_data(const IEEE1609dot2::EncryptedData& p_encrypted_data, const bool p_verify, OCTETSTRING& p_unsecured_payload, Params& p_params);
garciay's avatar
garciay committed
143
144
145
146
147
  int sign_tbs_data(const IEEE1609dot2::ToBeSignedData& p_tbs_data, const IEEE1609dot2BaseTypes::HashAlgorithm& p_hashAlgorithm, IEEE1609dot2BaseTypes::Signature& p_signature, Params& p_params);

  int hash_sha256(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);
  int hash_sha384(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);
  int sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, Params& p_params);
garciay's avatar
garciay committed
148
  int verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, Params& p_params);
149
150

  int extract_encryption_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_enc_key_x, OCTETSTRING& p_public_enc_key_y);
garciay's avatar
garciay committed
151
}; // End of class security_services