Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#pragma once
#include <memory>
#include "Params.hh"
#include "security_db.hh"
#include "ec_keys.hh"
class OCTETSTRING;
namespace IEEE1609dot2BaseTypes {
class HashAlgorithm;
class Signature;}
namespace IEEE1609dot2 {
class Ieee1609Dot2Data;
class Ieee1609Dot2Content;
class ToBeSignedData;
class SignerIdentifier;
}
/*!
* \class security_services
* \brief This class provides security services for all layers as specified in TSI TS 102 723-8 and ETSI TS 103 097
* \remark Singleton pattern
*/
class security_services {
static constexpr unsigned int ProtocolVersion = 3;
/*!
* \brief Unique static object reference of this class
*/
static security_services * instance;
std::unique_ptr<ec_keys> _ec_keys;
std::unique_ptr<security_db> _security_db;
/*!
* \brief Default private ctor
*/
security_services();
/*!
* \brief Default private dtor
*/
~security_services() {
if (instance != NULL) {
delete instance;
instance = NULL;
}
_ec_keys.reset(nullptr);
_security_db.reset(nullptr);
};
public: /*! \publicsection */
/*!
* \brief Public accessor to the single object reference
*/
inline static security_services & get_instance() {
if (instance == NULL) instance = new security_services();
return *instance;
};
int setup(Params &p_params);
/*!
* \brief Decrypt (if required), verify and extract the unsecured payload from the provided secured payload
* \param[in] p_secured_gn_payload The secured payload to be processed
* \param[in] p_verify Set to true if security checks shall be applied
* \param[in] p_unsecured_gn_payload The extracted payload
* \return 0 on success, negative value otherwise
*/
int verify_and_extract_gn_payload(const OCTETSTRING& p_secured_gn_payload, const bool p_verify, OCTETSTRING& p_unsecured_gn_payload, Params& p_params);
int secure_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, const bool p_add_certificate, OCTETSTRING& p_secured_gn_payload, Params& p_params);
private:
/*!
* \brief Decrypt (if required), verify and extract the unsecured payload from the IEEE1609dot2::Ieee1609Dot2Content data structure
* \param[in] p_content The secured content to be processed
* \param[in] p_verify Set to true if security checks shall be applied
* \param[in] p_unsecured_payload The extracted payload
* \return 0 on success, negative value otherwise
*/
int process_ieee_dot2_content(const IEEE1609dot2::Ieee1609Dot2Content& p_ieee_1609_dot2_content, const bool p_verify, OCTETSTRING& p_unsecured_payload, Params& p_params);
int sign_tbs_data(const IEEE1609dot2::ToBeSignedData& p_tbs_data, const IEEE1609dot2BaseTypes::HashAlgorithm& p_hashAlgorithm, IEEE1609dot2BaseTypes::Signature& p_signature, Params& p_params);
int hash_sha256(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);
int hash_sha384(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);
int sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, Params& p_params);
}; // End of class security_services