STF525: Add encryption support in Test System

STF545: Start TestSystem support

ccsrc/Externals/LibItsSecurity_externals.cc

@@ -361,9 +361,9 @@ namespace LibItsSecurity__Functions
       return OCTETSTRING();
     }
     // 2. Generate and derive shared secret
-    std::vector<unsigned char> peer_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
-    std::vector<unsigned char> peer_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
-    if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, peer_public_key_x, peer_public_key_y) == -1) {
+    std::vector<unsigned char> recipients_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
+    std::vector<unsigned char> recipients_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
+    if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, recipients_public_key_x, recipients_public_key_y) == -1) {
       loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key");
       return OCTETSTRING();
     }
@@ -450,9 +450,9 @@ namespace LibItsSecurity__Functions
       return OCTETSTRING();
     }
     // 2. Generate and derive shared secret
-    std::vector<unsigned char> peer_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
-    std::vector<unsigned char> peer_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
-    if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, peer_public_key_x, peer_public_key_y) == -1) {
+    std::vector<unsigned char> recipients_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
+    std::vector<unsigned char> recipients_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
+    if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, recipients_public_key_x, recipients_public_key_y) == -1) {
       loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to generate and derive secret key");
       return OCTETSTRING();
     }

ccsrc/Ports/LibIts_ports/Pki_ports/PkiPort.cc

+// This Test Port skeleton source file was generated by the
+// TTCN-3 Compiler of the TTCN-3 Test Executor version CRL 113 200/5 R3A
+// for U-ERICSSON\ethgry (ethgry@HU00078339) on Fri Aug 14 21:19:06 2015
+
+// Copyright Ericsson Telecom AB 2000-2014
+
+// You may modify this file. Complete the body of empty functions and
+// add your member functions here.
+
+#include "PkiPort.hh"
+
+namespace LibItsPki__TestSystem {
+
+PkiPort::PkiPort(const char *par_port_name)
+	: PkiPort_BASE(par_port_name)
+{
+
+}
+
+PkiPort::~PkiPort()
+{
+
+}
+
+void PkiPort::set_parameter(const char * /*parameter_name*/,
+	const char * /*parameter_value*/)
+{
+
+}
+
+/*void PkiPort::Handle_Fd_Event(int fd, boolean is_readable,
+	boolean is_writable, boolean is_error) {}*/
+
+void PkiPort::Handle_Fd_Event_Error(int /*fd*/)
+{
+
+}
+
+void PkiPort::Handle_Fd_Event_Writable(int /*fd*/)
+{
+
+}
+
+void PkiPort::Handle_Fd_Event_Readable(int /*fd*/)
+{
+
+}
+
+/*void PkiPort::Handle_Timeout(double time_since_last_call) {}*/
+
+void PkiPort::user_map(const char * /*system_port*/)
+{
+
+}
+
+void PkiPort::user_unmap(const char * /*system_port*/)
+{
+
+}
+
+void PkiPort::user_start()
+{
+
+}
+
+void PkiPort::user_stop()
+{
+
+}
+
+void PkiPort::outgoing_send(const LibItsPki__TestSystem::PkiReq& /*send_par*/)
+{
+
+}
+
+
+} /* end of namespace */
+

ccsrc/Ports/LibIts_ports/Pki_ports/PkiPort.hh

+// This Test Port skeleton header file was generated by the
+// TTCN-3 Compiler of the TTCN-3 Test Executor version CRL 113 200/5 R3A
+// for U-ERICSSON\ethgry (ethgry@HU00078339) on Fri Aug 14 21:19:06 2015
+
+// Copyright Ericsson Telecom AB 2000-2014
+
+// You may modify this file. Add your attributes and prototypes of your
+// member functions here.
+
+#ifndef PkiPort_HH
+#define PkiPort_HH
+
+#include "LibItsPki_TestSystem.hh"
+
+namespace LibItsPki__TestSystem {
+
+class PkiPort : public PkiPort_BASE {
+public:
+	PkiPort(const char *par_port_name = NULL);
+	~PkiPort();
+
+	void set_parameter(const char *parameter_name,
+		const char *parameter_value);
+
+private:
+	/* void Handle_Fd_Event(int fd, boolean is_readable,
+		boolean is_writable, boolean is_error); */
+	void Handle_Fd_Event_Error(int fd);
+	void Handle_Fd_Event_Writable(int fd);
+	void Handle_Fd_Event_Readable(int fd);
+	/* void Handle_Timeout(double time_since_last_call); */
+protected:
+	void user_map(const char *system_port);
+	void user_unmap(const char *system_port);
+
+	void user_start();
+	void user_stop();
+
+	void outgoing_send(const LibItsPki__TestSystem::PkiReq& send_par);
+};
+
+} /* end of namespace */
+
+#endif

ccsrc/Ports/LibIts_ports/RSUsSimulator_ports/ConfigRsuSimulatorLayer.cc

@@ -85,19 +85,21 @@ void ConfigRsuSimulatorLayer::receive_data(OCTETSTRING& data, Params& params)
 
   unsigned char id = *(static_cast<const unsigned char*>(data));
   if (id == 0x00) { // Receive an UtxxInitialise
-    process_data(data, params);
+    process_utinitialize_data(data, params);
+  } else if (id == 0x00) { // Receive an UtCamChangeSpeed
+    process_ut_cam_changespeed_data(data, params);
   } else {
     loggers::get_instance().warning("ConfigRsuSimulatorLayer::receive_data: Unsupported tag %02x", id);
   }
   
 }
 
-int ConfigRsuSimulatorLayer::process_data(OCTETSTRING& data, Params& params) {
-  loggers::get_instance().log("ConfigRsuSimulatorLayer::process_data");
+int ConfigRsuSimulatorLayer::process_utinitialize_data(OCTETSTRING& data, Params& params) {
+  loggers::get_instance().log("ConfigRsuSimulatorLayer::process_utinitialize_data");
   
   Params::const_iterator it = _params.find("ut");
   if (it == _params.cend()) {
-    loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_data: CF layer's ut parameter is missing");
+    loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_utinitialize_data: CF layer's ut parameter is missing");
     return -1;
   }
 
@@ -117,7 +119,30 @@ int ConfigRsuSimulatorLayer::process_data(OCTETSTRING& data, Params& params) {
     // Pass it to the ports if any
     to_all_upper_ports(p, params);
   } else {
-    loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_data: Unsupported protocol");
+    loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_utinitialize_data: Unsupported protocol");
+    return -1;
+  }
+
+  return 0;
+}
+
+int ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data(OCTETSTRING& data, Params& params) {
+  loggers::get_instance().log("ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data");
+
+  Params::const_iterator it = _params.find("ut");
+  if (it == _params.cend()) {
+    loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data: CF layer's ut parameter is missing");
+    return -1;
+  }
+
+  if (_params[std::string("ut")].compare("cam") == 0) {
+    OCTETSTRING speed(data.lengthof() - 1,  1 + static_cast<const unsigned char*>(data));
+    LibItsCam__TypesAndValues::UtCamTrigger p;
+    p.changeSpeed() = oct2int(speed);
+    // Pass it to the ports if any
+    to_all_upper_ports(p, params);
+  } else {
+    loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data: Unsupported protocol");
     return -1;
   }
 

ccsrc/Ports/LibIts_ports/RSUsSimulator_ports/ConfigRsuSimulatorLayer.hh

@@ -40,6 +40,7 @@ public:
   virtual void receive_data(OCTETSTRING& data, Params& params);
 
 private:
-  int process_data(OCTETSTRING& data, Params& params);
+  int process_utinitialize_data(OCTETSTRING& data, Params& params);
+  int process_ut_cam_changespeed_data(OCTETSTRING& data, Params& params);
 
 }; // End of class ConfigRsuSimulatorLayer

ccsrc/Ports/LibIts_ports/RSUsSimulator_ports/ConfigRsuSimulatorPort.cc

@@ -163,6 +163,16 @@ namespace ItsRSUsSimulator__TestSystem {
     incoming_message(p_ind);
   }
   
+  void ConfigRsuSimulatorPort::receiveMsg (const LibItsCam__TypesAndValues::UtCamTrigger& p_ind, const Params& p_params) {
+    loggers::get_instance().log_msg(">>> ConfigRsuSimulatorPort::receive_msg: ", p_ind);
+    // Sanity check
+    if (!p_ind.is_bound()) {
+      return;
+    }
+
+    incoming_message(p_ind);
+  }
+
   void ConfigRsuSimulatorPort::receiveMsg (const LibItsDenm__TypesAndValues::UtDenmInitialize& p_ind, const Params& p_params) {
     loggers::get_instance().log_msg(">>> ConfigRsuSimulatorPort::receive_msg: ", p_ind);
     // Sanity check

ccsrc/Ports/LibIts_ports/RSUsSimulator_ports/ConfigRsuSimulatorPort.hh

@@ -21,6 +21,7 @@ namespace ItsRSUsSimulator__TestSystem {
     void receiveMsg (const BOOLEAN& p_ind, const Params& p_params);
     void receiveMsg (const LibItsGeoNetworking__TypesAndValues::UtGnInitialize& p_ind, const Params& p_params);
     void receiveMsg (const LibItsCam__TypesAndValues::UtCamInitialize& p_ind, const Params& p_params);
+    void receiveMsg (const LibItsCam__TypesAndValues::UtCamTrigger& p_ind, const Params& p_params);
     void receiveMsg (const LibItsDenm__TypesAndValues::UtDenmInitialize& p_ind, const Params& p_params);
   
     /*void send(const CfInitialize& send_par, const COMPONENT& destination_component);

ccsrc/Protocols/GeoNetworking/geonetworking_layer.cc

@@ -74,10 +74,14 @@ geonetworking_layer::geonetworking_layer(const std::string & p_type, const std::
   it = _params.find(Params::secured_mode);
   if (it != _params.cend()) {
     _secured_mode = (1 == converter::get_instance().string_to_int(it->second));
+  } else {
+    _params.insert(std::pair<std::string, std::string>(std::string("secured_mode"), "0"));
   }
   it = _params.find(Params::encrypted_mode);
   if (it != _params.cend()) {
     _encrypted_mode = (1 == converter::get_instance().string_to_int(it->second));
+  } else {
+    _params.insert(std::pair<std::string, std::string>(std::string("encrypted_mode"), "0"));
   }
   it = _params.find(Params::enable_security_checks);
   if (it != _params.cend()) {
@@ -991,7 +995,7 @@ int geonetworking_layer::build_secured_pdu(OCTETSTRING& data, Params& params) {
     return -1;
   }
 
-  // Encode the basid header
+  // Encode the basic header
   //loggers::get_instance().log_msg("geonetworking_layer::build_secured_pdu: New basic_header = ", basic_header);
   RAW_enc_tr_pos rp;
   rp.level=0;

ccsrc/Protocols/Security/security_services.cc

@@ -26,7 +26,8 @@ security_services::security_services() : _setup_done{false}, _ec_keys_enc(nullpt
 
 int security_services::setup(Params& p_params) { // FIXME Rename this method
   loggers::get_instance().log(">>> security_services::setup");
-  p_params.log();
+  _params = p_params;
+  _params.log();
 
   if (_setup_done) {
     loggers::get_instance().warning("security_services::setup: Already done");
@@ -34,29 +35,29 @@ int security_services::setup(Params& p_params) { // FIXME Rename this method
   }
   _setup_done = true;
   
-  _security_db.reset(new security_db(p_params[Params::sec_db_path]));
+  // Build the certificate caching
+  _security_db.reset(new security_db(_params[Params::sec_db_path]));
   if (_security_db.get() == nullptr) { // Memory allocation issue
     loggers::get_instance().warning("security_services::setup: _security_db pointer is NULL");
     return -1;
   }
   
-  // Setup encryption instance
-  // std::string certificate_id = p_params[Params::certificate];
-  // OCTETSTRING os;
-  // _security_db.get()->get_private_enc_key(certificate_id, os);
-  // std::vector<unsigned char> pri_enc_key(static_cast<const unsigned char*>(os), os.lengthof() + static_cast<const unsigned char*>(os));
-  Params::const_iterator it = p_params.find(Params::cypher);
-  if (it == p_params.cend()) {
-    _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
-  } else if (it->second.compare("NISTP-256")) {
-	  _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
-  } else if (it->second.compare("BP-256")) {
-	  _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::brainpool_p_256_r1));
-  } else {
-    loggers::get_instance().warning("security_services::setup: Failed to encode ToBeSignedData");
-    return -1;
+  // Initialise encryption mechanism
+  if (_params[Params::encrypted_mode].compare("1") == 0) {
+    Params::const_iterator it = _params.find(Params::cypher);
+    if (it == _params.cend()) {
+      _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
+      _params.insert(std::pair<std::string, std::string>(Params::cypher, std::string("NISTP-256")));
+      p_params.insert(std::pair<std::string, std::string>(Params::cypher, std::string("NISTP-256")));
+    } else if (it->second.compare("NISTP-256")) {
+      _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
+    } else if (it->second.compare("BP-256")) {
+      _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::brainpool_p_256_r1));
+    } else {
+      loggers::get_instance().warning("security_services::setup: Failed to encode ToBeSignedData");
+      return -1;
+    }
   }
-
   return 0;
 }
 
@@ -161,6 +162,24 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
       }
     }
   }
+
+  // Check encryption keys if present
+  if (header_info.encryptionKey().is_present()) {
+    // TODO
+  }
+
+  // Check request certificate
+  if (header_info.inlineP2pcdRequest().is_present()) {
+      loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: inlineP2pcdRequest not supported yet");
+      // TODO
+  }
+
+  // Check requested certificate
+  if (header_info.requestedCertificate().is_present()) {
+      loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: requestedCertificate not supported yet");
+      // TODO
+  }
+
   // Check and extract unsecured payload
   if (p_signed_data.tbsData().payload().data().is_present()) {
     // Check protocol version
@@ -364,7 +383,31 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
 
 int security_services::process_ieee_1609_dot2_encrypted_data(const IEEE1609dot2::EncryptedData& p_encrypted_data, const bool p_verify, OCTETSTRING& p_unsecured_payload, Params& p_params) {
   loggers::get_instance().log_msg(">>> security_services::process_ieee_1609_dot2_encrypted_data: ", p_encrypted_data);
-  //loggers::get_instance().log_msg("<<< security_services::process_ieee_1609_dot2_encrypted_data: ", p_unsecured_payload);
+
+
+  if (_params[Params::cypher].compare("NISTP-256") == 0) {
+	  _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
+  } else if (_params[Params::cypher].compare("BP-256") == 0) {
+	  _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::brainpool_p_256_r1));
+  } else {
+    loggers::get_instance().warning("security_services::setup: Failed to encode ToBeSignedData");
+    return -1;
+  }
+
+
+
+  // 1. Retrieve recipient's public keys
+  // OCTETSTRING recipients_key_x;
+  // OCTETSTRING recipients_key_y;
+  // if (_security_db.get()->get_public_enc_keys(certificate_id, recipients_key_x, recipients_key_y) == -1) {
+  //   loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to retrieve recipient's public keys");
+  //   return -1;
+  // }
+
+
+
+
+  loggers::get_instance().log_msg("<<< security_services::process_ieee_1609_dot2_encrypted_data: ", p_unsecured_payload);
   return -1;
 } // End of method process_ieee_1609_dot2_encrypted_data
 
@@ -379,8 +422,7 @@ int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_paylo
     return -1;
   }
 
-  Params::const_iterator it = p_params.find(Params::encrypted_mode);
-  if (it != p_params.cend()) {
+  if (_params[Params::encrypted_mode].compare("1") == 0) {
     if (encrypt_gn_payload(signed_payload, p_secured_gn_payload, p_params) != 0) {
       p_secured_gn_payload = signed_payload;
       loggers::get_instance().warning("security_services::secure_gn_payload: Failed to encrypt payload");
@@ -417,7 +459,12 @@ int security_services::sign_gn_payload(const OCTETSTRING& p_unsecured_gn_payload
   header_info.generationLocation().set_to_omit();
   header_info.p2pcdLearningRequest().set_to_omit();
   header_info.missingCrlIdentifier().set_to_omit();
-  header_info.encryptionKey().set_to_omit();
+  if (_params[Params::encrypted_mode].compare("1") == 0) {
+    // TODO Set the encrytion key
+    header_info.encryptionKey().set_to_omit();
+  } else {
+    header_info.encryptionKey().set_to_omit();
+  }
   Params::const_iterator it = p_params.find(Params::payload_type);
   if (it != p_params.cend()) {
     loggers::get_instance().log("security_services::sign_gn_payload: Payload type: %s", it->second.c_str());
@@ -511,15 +558,58 @@ int security_services::encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payl
   loggers::get_instance().log_msg(">>> security_services::encrypt_gn_payload: ", p_unsecured_gn_payload);
   
   // Sanity checks
-  if (_ec_keys_enc.get() == nullptr) {
-    loggers::get_instance().warning("security_services::encrypt_gn_payload: Encryption not initialised");
+//  if (_ec_keys_enc.get() == nullptr) {
+//    loggers::get_instance().warning("security_services::encrypt_gn_payload: Encryption not initialised");
+//    return -1;
+//  }
+
+  // 1. Retrieve recipient's public keys
+  // OCTETSTRING recipients_key_x;
+  // OCTETSTRING recipients_key_y;
+  // if (_security_db.get()->get_public_enc_keys(certificate_id, recipients_key_x, recipients_key_y) == -1) {
+  //   loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to retrieve recipient's public keys");
+  //   return -1;
+  // }
+
+  // 2. Generate new ephemeral Private/Public keys
+  if (_ec_keys_enc.get()->generate() == -1) {
+    loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to generate ephemeral keys");
     return -1;
   }
+
+  // 3. Generate and derive shared secret
+  // std::vector<unsigned char> peer_public_key_x(static_cast<const unsigned char *>(recipients_key_x), recipients_key_x.lengthof() + static_cast<const unsigned char *>(recipients_key_x));
+  // std::vector<unsigned char> peer_public_key_y(static_cast<const unsigned char *>(recipients_key_y), recipients_key_y.lengthof() + static_cast<const unsigned char *>(recipients_key_y));
+  // if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, peer_public_key_x, peer_public_key_y) == -1) {
+  //   loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to generate and derive secret key");
+  //   return -1;
+  // }
   
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
   // AES-128 encryption of the data
   std::vector<unsigned char> message(static_cast<const unsigned char*>(p_unsecured_gn_payload), p_unsecured_gn_payload.lengthof() + static_cast<const unsigned char*>(p_unsecured_gn_payload));
   std::vector<unsigned char> enc_message;
-  _ec_keys_enc.get()->encrypt(encryption_algotithm::aes_128_ccm, message, enc_message);
+  if (_ec_keys_enc.get()->encrypt(encryption_algotithm::aes_128_ccm, message, enc_message) == -1) {
+    loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to encrypt message");
+    return -1;
+  }
   // _ec_keys_enc object contains the key, the none and the tag
   OCTETSTRING nonce = OCTETSTRING(_ec_keys_enc.get()->nonce().size(), _ec_keys_enc.get()->nonce().data());
   OCTETSTRING tag = OCTETSTRING(_ec_keys_enc.get()->tag().size(), _ec_keys_enc.get()->tag().data());
@@ -534,7 +624,7 @@ int security_services::encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payl
   std::string certificate_id = p_params[Params::certificate];
   OCTETSTRING recipient_id;
   _security_db.get()->get_hashed_id(certificate_id, recipient_id); // SHA-256 of the certificate which contain the encryption private/public keys
-  // TODO Encryt the AES-128 key
+  // TODO Encrypt the AES-128 key
 
   OCTETSTRING public_enc_key_x;
   OCTETSTRING public_enc_key_y;

ccsrc/Protocols/Security/security_services.hh

@@ -37,6 +37,8 @@ class security_services {
    * \brief Unique static object reference of this class
    */
   static security_services* instance;
+
+  Params _params;
   bool _setup_done;
   std::unique_ptr<security_ecc> _ec_keys_enc;
   std::unique_ptr<security_ecc> _ec_keys_dec;