Newer
Older
#pragma once
#include <memory>
#include "params.hh"
#include "security_db.hh"
#include "security_ecc.hh"
class OCTETSTRING; //! TITAN forward declaration
class CHARSTRING; //! TITAN forward declaration
namespace IEEE1609dot2BaseTypes {
class HashAlgorithm; //! TITAN forward declaration
class Signature; //! TITAN forward declaration
}
class Ieee1609Dot2Data; //! TITAN forward declaration
class Ieee1609Dot2Content; //! TITAN forward declaration
class ToBeSignedData; //! TITAN forward declaration
class SignedData; //! TITAN forward declaration
class EncryptedData; //! TITAN forward declaration
class SignerIdentifier; //! TITAN forward declaration
}
/*!
* \class security_services
* \brief This class provides security services for all layers as specified in TSI TS 102 723-8 and ETSI TS 103 097
* \remark Singleton pattern
*/
class security_services {
static constexpr unsigned int ProtocolVersion = 3;
/*!
* \brief Unique static object reference of this class
*/
static security_services* instance;
params _params;
bool _setup_done;
std::unique_ptr<security_ecc> _ec_keys_enc;
std::unique_ptr<security_ecc> _ec_keys_dec;
std::unique_ptr<security_cache> _security_cache;
std::unique_ptr<security_db> _security_db;
unsigned long long _last_generation_time;
OCTETSTRING _unknown_certificate;
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
int _latitude;
int _longitude;
int _elevation;
/*!
* \brief Default private ctor
*/
security_services();
/*!
* \brief Default private dtor
*/
~security_services() {
_ec_keys_enc.reset(nullptr);
_security_db.reset(nullptr);
_security_cache.reset(nullptr);
if (instance != NULL) {
delete instance;
instance = NULL;
}
};
public: /*! \publicsection */
/*!
* \brief Public accessor to the single object reference
*/
inline static security_services& get_instance() {
if (instance == NULL) instance = new security_services();
return *instance;
};
/*!
* \fn int verify_and_extract_gn_payload(const OCTETSTRING& p_secured_gn_payload, const bool p_verify, OCTETSTRING& p_unsecured_gn_payload, params& p_params);
* \brief Verify and extract the unsecured payload from the provided secured payload.
* The secured payload could signed only, encryted only or signed and encrypted
* \param[in] p_secured_gn_payload The secured payload to be processed
* \param[in] p_verify Set to true if security checks shall be applied
* \param[out] p_unsecured_gn_payload The extracted payload
* \param[out] p_ieee_1609dot2_data The secured message
* \param[inout] p_params The Test System parameters
* \return 0 on success, negative value otherwise
*/
int verify_and_extract_gn_payload(const OCTETSTRING& p_secured_gn_payload, const bool p_verify, IEEE1609dot2::Ieee1609Dot2Data& p_ieee_1609dot2_data, OCTETSTRING& p_unsecured_gn_payload, params& p_params);
/*!
* \fn int secure_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_secured_gn_payload, params& p_params);
* \brief Apply security to the provided unsecured payload
* \param[in] p_unsecured_gn_payload The unsecured payload to be processed
* \param[in] p_secured_gn_payload The secured payload
* \param[in] p_params The Test System parameters
* \return 0 on success, negative value otherwise
*/
int secure_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_secured_gn_payload, params& p_params);
int setup(params &p_params);
int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode);
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
inline void set_position(const int p_latitude, const int p_longitude, const int p_elevation = 0) { _latitude = p_latitude; _longitude = p_longitude; _elevation = p_elevation; };
int read_certificate(const CHARSTRING& p_certificate_id, OCTETSTRING& p_certificate) const;
int read_certificate_digest(const CHARSTRING& p_certificate_id, OCTETSTRING& p_digest) const;
int read_certificate_hash(const CHARSTRING& p_certificate_id, OCTETSTRING& p_hash) const;
int read_certificate_from_digest(const OCTETSTRING& p_digest, CHARSTRING& p_certificate_id) const;
int read_private_key(const CHARSTRING& p_certificate_id, OCTETSTRING& p_private_key) const;
int read_private_enc_key(const CHARSTRING& p_certificate_id, OCTETSTRING& p_private_enc_key) const;
private:
/*!
* \fn int sign_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_signed_gn_payload, params& p_params);
* \brief Sign the payload according provided parameters
* \param[in] p_unsecured_gn_payload The payload to be signed
* \param[in] p_signed_gn_payload The signed payload
* \param[in] p_params The Test System parameters
* \return 0 on success, negative value otherwise
*/
int sign_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_signed_gn_payload, params& p_params);
/*!
* \fn int encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_signed_gn_payload, params& p_params);
* \brief Encrypt the payload according provided parameters
* \param[in] p_unsecured_gn_payload The payload to be encrypted
* \param[in] p_enc_gn_payload The encrypted payload
* \param[in] p_params The Test System parameters
* \return 0 on success, negative value otherwise
*/
int encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_enc_gn_payload, params& p_params);
/*!
* \fn int process_ieee_1609_dot2_content(const IEEE1609dot2::Ieee1609Dot2Content& p_ieee_1609_dot2_content, const bool p_verify, OCTETSTRING& p_unsecured_payload, params& p_params);
* \brief Verify and extract the unsecured payload from the IEEE1609dot2::Ieee1609Dot2Content data structure
* \param[in] p_content The secured content to be processed
* \param[in] p_verify Set to true if security checks shall be applied
* \param[in] p_unsecured_payload The extracted payload
* \return 0 on success, negative value otherwise
*/
int process_ieee_1609_dot2_content(const IEEE1609dot2::Ieee1609Dot2Content& p_ieee_1609_dot2_content, const bool p_verify, OCTETSTRING& p_unsecured_payload, params& p_params);
int process_ieee_1609_dot2_signed_data(const IEEE1609dot2::SignedData& p_signed_data, const bool p_verify, OCTETSTRING& p_unsecured_payload, params& p_params);
int process_ieee_1609_dot2_encrypted_data(const IEEE1609dot2::EncryptedData& p_encrypted_data, const bool p_verify, OCTETSTRING& p_unsecured_payload, params& p_params);
int sign_tbs_data(const IEEE1609dot2::ToBeSignedData& p_tbs_data, const IEEE1609dot2BaseTypes::HashAlgorithm& p_hashAlgorithm, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);
int hash_sha256(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);
int hash_sha384(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);
int sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);
int verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params);
int extract_verification_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y, OCTETSTRING& p_public_comp_key, INTEGER& p_public_comp_key_mode);
int extract_encryption_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_enc_key_x, OCTETSTRING& p_public_enc_key_y, OCTETSTRING& p_public_enc_comp_key, INTEGER& p_public_enc_comp_key_mode);
int extract_and_store_certificate(const IEEE1609dot2::CertificateBase& p_certificate, std::string& p_certificate_id);
}; // End of class security_services