Commit 36c8d39e authored by Yann Garcia's avatar Yann Garcia
Browse files

Add PKI support to RSU simumlator

parent af58f006
......@@ -38,14 +38,31 @@ ItsRSUsSimulator_Pics.PICS_GENERATE_SSEM := false
ItsRSUsSimulator_Pics.PICS_PKI_SUPPORT := true
ItsRSUsSimulator_Pics.PICS_BEACON_FREQUENCY := 1.0
ItsRSUsSimulator_Pics.PICS_CAM_FREQUENCY := 0.75
ItsRSUsSimulator_Pics.PICS_DENM_FREQUENCY := 0.75
ItsRSUsSimulator_Pics.PICS_CAM_FREQUENCY := 1.0
ItsRSUsSimulator_Pics.PICS_DENM_FREQUENCY := 1.0
ItsRSUsSimulator_Pics.PICS_SEND_CAM_INDICATION := false
LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
# Enable Security support
LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
# Root path to access certificate stored in files, identified by certficate ID
LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
# Configuration sub-directory to access certificate stored in files
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.0.252"
LibItsPki_Pics.PICS_HTTP_POST_URI := "/ea/enrolment"
LibItsPki_Pics.PICS_MULTIPLE_END_POINT := false
LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment"
LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/aa/authorization"
LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/ea/authval"
LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O
LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID := "CERT_TS_A_EA"
LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_TS_A_AA"
[LOGGING]
# In this section you can specify the name of the log file and the classes of events
......@@ -131,9 +148,9 @@ LogEventTypes:= Yes
# Single GeoNetworking component port
# its_aid=36: CAM
# its_aid=37: DENM
system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,its_aid=36,secured_mode=1,encrypted_mode=0,certificate=CERT_IUT_A_AT,peer_certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=080027500f9b)/PCAP(mac_src=080027500f9b,nic=eth1,filter=and ether proto 0x8947)"
system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,its_aid=36,secured_mode=1,encrypted_mode=0,certificate=CERT_IUT_A_AT,peer_certifIcate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=080027500f9b)/PCAP(mac_src=080027500f9b,nic=eth1,filter=and ether proto 0x8947)"
system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server_mode=1,server=192.168.0.250,port=80,use_ssl=0)"
system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server=192.168.0.252,port=80)"
# Config port based on UDP
system.cfPort.params := "CF(ut=pki)/UDP(dst_ip=192.168.0.252,src_port=12345)"
......
......@@ -1063,19 +1063,33 @@ module ItsRSUsSimulator_Functions {
cfPort.send(UtPkiResults: { utPkiInitializeResult := true } );
repeat;
}
[vc_pki == true] cfPort.receive(UtPkiTrigger:?) -> value v_utPkiTrigger {
[vc_pki == true] cfPort.receive(UtPkiTrigger: { triggerEnrolmentRequest := ? }) -> value v_utPkiTrigger {
var ItsPkiHttp v_pki;
cfPort.send(UtPkiResults: { utPkiTriggerResult := true } );
v_pki := ItsPkiHttp.create("TriggeredEc") alive;
v_pki.start(f_trigger_enrolment_request_await_response(
vc_reenrolment,
vc_ec_certificates_counter,
vc_ec_counter,
vc_ec_certificates
));
//v_pki.done;
repeat;
}
[vc_pki == true] cfPort.receive(UtPkiTrigger: { triggerAuthorizationRequest := ? }) -> value v_utPkiTrigger {
var ItsPkiHttp v_pki;
cfPort.send(UtPkiResults: { utPkiTriggerResult := true } );
v_pki := ItsPkiHttp.create("TriggeredAt") alive;
v_pki.start(f_trigger_authorization_request_await_response(
vc_ec_counter,
vc_ec_certificates,
vc_at_counter,
vc_at_certificates
));
//v_pki.done;
repeat;
}
[] cfPort.receive {
// Ignore it
log("*** " & testcasename() & ": INFO: Unexpected CF message received ***");
......@@ -1085,8 +1099,8 @@ module ItsRSUsSimulator_Functions {
function f_trigger_enrolment_request_await_response(
inout boolean p_reenrolment,
inout integer p_ec_certificates_counter,
inout SequenceOfCertificate p_ec_certificates
inout integer p_ec_counter,
inout SequenceOfEcData p_ec_certificates
) runs on ItsPkiHttp {
// Local variables
var Oct32 v_private_key;
......@@ -1135,7 +1149,94 @@ module ItsRSUsSimulator_Functions {
v_t.stop;
log("f_trigger_enrolment_request_await_response: receive ", v_response);
if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
log("f_trigger_enrolment_request_await_response: Failed to verify PKI message ***");
} else {
log("f_trigger_enrolment_request_await_response: Receive ", v_etsi_ts_102941_data, " ***");
// Verify the received EC certificate
log("f_trigger_enrolment_request_await_response: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) {
var InnerEcResponse v_inner_ec_response := v_etsi_ts_102941_data.content.enrolmentResponse;
if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_compressed_public_key, v_compressed_mode)) {
log("f_trigger_enrolment_request_await_response: Well-secured EA certificate received ***");
log("p_inner_ec_response= ", v_inner_ec_response);
p_reenrolment := true;
// Store the new certificate
p_ec_certificates[p_ec_counter].private_key := v_private_key;
p_ec_certificates[p_ec_counter].aes_sym_key := v_aes_sym_key;
p_ec_certificates[p_ec_counter].certificate := v_inner_ec_response.certificate;
p_ec_counter := p_ec_counter + 1;
} else {
log("f_trigger_enrolment_request_await_response: Cannot verify EC certificate signature ***");
}
} else {
log("f_trigger_enrolment_request_await_response: Unexpected message received ***");
}
}
}
[] v_t.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
}
} // End of 'alt' statement
f_cfHttpDown();
log("<<< f_trigger_enrolment_request_await_response");
}
function f_trigger_authorization_request_await_response(
inout integer p_ec_counter,
inout SequenceOfEcData p_ec_certificates,
inout integer p_at_counter,
inout SequenceOfAtData p_at_certificates
) runs on ItsPkiHttp {
// Local variables
var Oct32 v_private_key;
var Oct32 v_compressed_public_key;
var integer v_compressed_mode;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var HeaderLines v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
timer v_t := 5.0;
log(">>> f_trigger_authorization_request_await_response");
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
/*f_http_build_authorization_request(v_private_key, v_compressed_public_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_at_request", v_headers);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
// Wait for the resposne
v_t.start;
alt {
[] httpPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_SymmetricCiphertext_aes128ccm
))))))) -> value v_response {
v_t.stop;
log("f_trigger_enrolment_request_await_response: receive ", v_response);
if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
log("f_trigger_enrolment_request_await_response: Failed to verify PKI message ***");
} else {
log("f_trigger_enrolment_request_await_response: Receive ", v_etsi_ts_102941_data, " ***");
......@@ -1164,7 +1265,7 @@ module ItsRSUsSimulator_Functions {
} // End of 'alt' statement
f_cfHttpDown();
log("<<< f_trigger_enrolment_request_await_response");
log("<<< f_trigger_authorization_request_await_response");*/
}
} // End of module ItsRSUsSimulator_Functions
......@@ -118,10 +118,10 @@ module ItsRSUsSimulator_TestSystem {
//timer tc_evcsn := PICS_EVCSN_FREQUENCY;
var boolean vc_reenrolment := false;
var integer vc_ec_certificates_counter := 0;
var SequenceOfCertificate vc_ec_certificates := {};
var integer vc_at_certificates_counter := 0;
var SequenceOfCertificate vc_at_certificates := {};
var integer vc_ec_counter := 0;
var SequenceOfEcData vc_ec_certificates := {};
var integer vc_at_counter := 0;
var SequenceOfAtData vc_at_certificates := {};
} // End of component ItsRSUsSimulator
/**
......
......@@ -2,6 +2,7 @@ module ItsRSUsSimulator_TypesAndValues {
// LibCommon
import from LibCommon_BasicTypesAndValues all;
import from LibCommon_DataStrings all;
// LibIts
import from ITS_Container language "ASN.1:1997" all;
......@@ -16,6 +17,8 @@ module ItsRSUsSimulator_TypesAndValues {
import from DSRC language "ASN.1:1997" all;
import from DSRC_REGION_noCircular language "ASN.1:1997" all;
import from EfcDsrcApplication language "ASN.1:1997" all;
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
import from IEEE1609dot2 language "ASN.1:1997" all;
// LibItsGeoNetworking
import from LibItsGeoNetworking_TypesAndValues all;
......@@ -78,6 +81,24 @@ module ItsRSUsSimulator_TypesAndValues {
type record of DenmParmContainersList DenmParmContainersListRsu;
} // End of group rsiSimulatordataStructures
group pkiDataStructures {
type record EcData {
octetstring private_key,
Certificate certificate,
Oct16 aes_sym_key
}
type record of EcData SequenceOfEcData;
type record AtData {
octetstring private_key,
Certificate certificate,
Oct16 aes_sym_key
}
type record of AtData SequenceOfAtData;
} // End of group pkiDataStructures
/**
* @desc Data structures used to set up IS messages & event according to the track configuration
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment