Commit 68c52bb0 authored by garciay's avatar garciay
Browse files

STF525: Add encryption support in Test System

STF545: Start TestSystem support
parent 12fde3ae
......@@ -361,9 +361,9 @@ namespace LibItsSecurity__Functions
return OCTETSTRING();
}
// 2. Generate and derive shared secret
std::vector<unsigned char> peer_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
std::vector<unsigned char> peer_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, peer_public_key_x, peer_public_key_y) == -1) {
std::vector<unsigned char> recipients_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
std::vector<unsigned char> recipients_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, recipients_public_key_x, recipients_public_key_y) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key");
return OCTETSTRING();
}
......@@ -450,9 +450,9 @@ namespace LibItsSecurity__Functions
return OCTETSTRING();
}
// 2. Generate and derive shared secret
std::vector<unsigned char> peer_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
std::vector<unsigned char> peer_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, peer_public_key_x, peer_public_key_y) == -1) {
std::vector<unsigned char> recipients_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
std::vector<unsigned char> recipients_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, recipients_public_key_x, recipients_public_key_y) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to generate and derive secret key");
return OCTETSTRING();
}
......
// This Test Port skeleton source file was generated by the
// TTCN-3 Compiler of the TTCN-3 Test Executor version CRL 113 200/5 R3A
// for U-ERICSSON\ethgry (ethgry@HU00078339) on Fri Aug 14 21:19:06 2015
// Copyright Ericsson Telecom AB 2000-2014
// You may modify this file. Complete the body of empty functions and
// add your member functions here.
#include "PkiPort.hh"
namespace LibItsPki__TestSystem {
PkiPort::PkiPort(const char *par_port_name)
: PkiPort_BASE(par_port_name)
{
}
PkiPort::~PkiPort()
{
}
void PkiPort::set_parameter(const char * /*parameter_name*/,
const char * /*parameter_value*/)
{
}
/*void PkiPort::Handle_Fd_Event(int fd, boolean is_readable,
boolean is_writable, boolean is_error) {}*/
void PkiPort::Handle_Fd_Event_Error(int /*fd*/)
{
}
void PkiPort::Handle_Fd_Event_Writable(int /*fd*/)
{
}
void PkiPort::Handle_Fd_Event_Readable(int /*fd*/)
{
}
/*void PkiPort::Handle_Timeout(double time_since_last_call) {}*/
void PkiPort::user_map(const char * /*system_port*/)
{
}
void PkiPort::user_unmap(const char * /*system_port*/)
{
}
void PkiPort::user_start()
{
}
void PkiPort::user_stop()
{
}
void PkiPort::outgoing_send(const LibItsPki__TestSystem::PkiReq& /*send_par*/)
{
}
} /* end of namespace */
// This Test Port skeleton header file was generated by the
// TTCN-3 Compiler of the TTCN-3 Test Executor version CRL 113 200/5 R3A
// for U-ERICSSON\ethgry (ethgry@HU00078339) on Fri Aug 14 21:19:06 2015
// Copyright Ericsson Telecom AB 2000-2014
// You may modify this file. Add your attributes and prototypes of your
// member functions here.
#ifndef PkiPort_HH
#define PkiPort_HH
#include "LibItsPki_TestSystem.hh"
namespace LibItsPki__TestSystem {
class PkiPort : public PkiPort_BASE {
public:
PkiPort(const char *par_port_name = NULL);
~PkiPort();
void set_parameter(const char *parameter_name,
const char *parameter_value);
private:
/* void Handle_Fd_Event(int fd, boolean is_readable,
boolean is_writable, boolean is_error); */
void Handle_Fd_Event_Error(int fd);
void Handle_Fd_Event_Writable(int fd);
void Handle_Fd_Event_Readable(int fd);
/* void Handle_Timeout(double time_since_last_call); */
protected:
void user_map(const char *system_port);
void user_unmap(const char *system_port);
void user_start();
void user_stop();
void outgoing_send(const LibItsPki__TestSystem::PkiReq& send_par);
};
} /* end of namespace */
#endif
......@@ -85,19 +85,21 @@ void ConfigRsuSimulatorLayer::receive_data(OCTETSTRING& data, Params& params)
unsigned char id = *(static_cast<const unsigned char*>(data));
if (id == 0x00) { // Receive an UtxxInitialise
process_data(data, params);
process_utinitialize_data(data, params);
} else if (id == 0x00) { // Receive an UtCamChangeSpeed
process_ut_cam_changespeed_data(data, params);
} else {
loggers::get_instance().warning("ConfigRsuSimulatorLayer::receive_data: Unsupported tag %02x", id);
}
}
int ConfigRsuSimulatorLayer::process_data(OCTETSTRING& data, Params& params) {
loggers::get_instance().log("ConfigRsuSimulatorLayer::process_data");
int ConfigRsuSimulatorLayer::process_utinitialize_data(OCTETSTRING& data, Params& params) {
loggers::get_instance().log("ConfigRsuSimulatorLayer::process_utinitialize_data");
Params::const_iterator it = _params.find("ut");
if (it == _params.cend()) {
loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_data: CF layer's ut parameter is missing");
loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_utinitialize_data: CF layer's ut parameter is missing");
return -1;
}
......@@ -117,7 +119,30 @@ int ConfigRsuSimulatorLayer::process_data(OCTETSTRING& data, Params& params) {
// Pass it to the ports if any
to_all_upper_ports(p, params);
} else {
loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_data: Unsupported protocol");
loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_utinitialize_data: Unsupported protocol");
return -1;
}
return 0;
}
int ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data(OCTETSTRING& data, Params& params) {
loggers::get_instance().log("ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data");
Params::const_iterator it = _params.find("ut");
if (it == _params.cend()) {
loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data: CF layer's ut parameter is missing");
return -1;
}
if (_params[std::string("ut")].compare("cam") == 0) {
OCTETSTRING speed(data.lengthof() - 1, 1 + static_cast<const unsigned char*>(data));
LibItsCam__TypesAndValues::UtCamTrigger p;
p.changeSpeed() = oct2int(speed);
// Pass it to the ports if any
to_all_upper_ports(p, params);
} else {
loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data: Unsupported protocol");
return -1;
}
......
......@@ -40,6 +40,7 @@ public:
virtual void receive_data(OCTETSTRING& data, Params& params);
private:
int process_data(OCTETSTRING& data, Params& params);
int process_utinitialize_data(OCTETSTRING& data, Params& params);
int process_ut_cam_changespeed_data(OCTETSTRING& data, Params& params);
}; // End of class ConfigRsuSimulatorLayer
......@@ -163,6 +163,16 @@ namespace ItsRSUsSimulator__TestSystem {
incoming_message(p_ind);
}
void ConfigRsuSimulatorPort::receiveMsg (const LibItsCam__TypesAndValues::UtCamTrigger& p_ind, const Params& p_params) {
loggers::get_instance().log_msg(">>> ConfigRsuSimulatorPort::receive_msg: ", p_ind);
// Sanity check
if (!p_ind.is_bound()) {
return;
}
incoming_message(p_ind);
}
void ConfigRsuSimulatorPort::receiveMsg (const LibItsDenm__TypesAndValues::UtDenmInitialize& p_ind, const Params& p_params) {
loggers::get_instance().log_msg(">>> ConfigRsuSimulatorPort::receive_msg: ", p_ind);
// Sanity check
......
......@@ -21,6 +21,7 @@ namespace ItsRSUsSimulator__TestSystem {
void receiveMsg (const BOOLEAN& p_ind, const Params& p_params);
void receiveMsg (const LibItsGeoNetworking__TypesAndValues::UtGnInitialize& p_ind, const Params& p_params);
void receiveMsg (const LibItsCam__TypesAndValues::UtCamInitialize& p_ind, const Params& p_params);
void receiveMsg (const LibItsCam__TypesAndValues::UtCamTrigger& p_ind, const Params& p_params);
void receiveMsg (const LibItsDenm__TypesAndValues::UtDenmInitialize& p_ind, const Params& p_params);
/*void send(const CfInitialize& send_par, const COMPONENT& destination_component);
......
......@@ -74,10 +74,14 @@ geonetworking_layer::geonetworking_layer(const std::string & p_type, const std::
it = _params.find(Params::secured_mode);
if (it != _params.cend()) {
_secured_mode = (1 == converter::get_instance().string_to_int(it->second));
} else {
_params.insert(std::pair<std::string, std::string>(std::string("secured_mode"), "0"));
}
it = _params.find(Params::encrypted_mode);
if (it != _params.cend()) {
_encrypted_mode = (1 == converter::get_instance().string_to_int(it->second));
} else {
_params.insert(std::pair<std::string, std::string>(std::string("encrypted_mode"), "0"));
}
it = _params.find(Params::enable_security_checks);
if (it != _params.cend()) {
......@@ -991,7 +995,7 @@ int geonetworking_layer::build_secured_pdu(OCTETSTRING& data, Params& params) {
return -1;
}
// Encode the basid header
// Encode the basic header
//loggers::get_instance().log_msg("geonetworking_layer::build_secured_pdu: New basic_header = ", basic_header);
RAW_enc_tr_pos rp;
rp.level=0;
......
......@@ -26,7 +26,8 @@ security_services::security_services() : _setup_done{false}, _ec_keys_enc(nullpt
int security_services::setup(Params& p_params) { // FIXME Rename this method
loggers::get_instance().log(">>> security_services::setup");
p_params.log();
_params = p_params;
_params.log();
if (_setup_done) {
loggers::get_instance().warning("security_services::setup: Already done");
......@@ -34,29 +35,29 @@ int security_services::setup(Params& p_params) { // FIXME Rename this method
}
_setup_done = true;
_security_db.reset(new security_db(p_params[Params::sec_db_path]));
// Build the certificate caching
_security_db.reset(new security_db(_params[Params::sec_db_path]));
if (_security_db.get() == nullptr) { // Memory allocation issue
loggers::get_instance().warning("security_services::setup: _security_db pointer is NULL");
return -1;
}
// Setup encryption instance
// std::string certificate_id = p_params[Params::certificate];
// OCTETSTRING os;
// _security_db.get()->get_private_enc_key(certificate_id, os);
// std::vector<unsigned char> pri_enc_key(static_cast<const unsigned char*>(os), os.lengthof() + static_cast<const unsigned char*>(os));
Params::const_iterator it = p_params.find(Params::cypher);
if (it == p_params.cend()) {
_ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
} else if (it->second.compare("NISTP-256")) {
_ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
} else if (it->second.compare("BP-256")) {
_ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::brainpool_p_256_r1));
} else {
loggers::get_instance().warning("security_services::setup: Failed to encode ToBeSignedData");
return -1;
// Initialise encryption mechanism
if (_params[Params::encrypted_mode].compare("1") == 0) {
Params::const_iterator it = _params.find(Params::cypher);
if (it == _params.cend()) {
_ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
_params.insert(std::pair<std::string, std::string>(Params::cypher, std::string("NISTP-256")));
p_params.insert(std::pair<std::string, std::string>(Params::cypher, std::string("NISTP-256")));
} else if (it->second.compare("NISTP-256")) {
_ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
} else if (it->second.compare("BP-256")) {
_ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::brainpool_p_256_r1));
} else {
loggers::get_instance().warning("security_services::setup: Failed to encode ToBeSignedData");
return -1;
}
}
return 0;
}
......@@ -161,6 +162,24 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
}
}
}
// Check encryption keys if present
if (header_info.encryptionKey().is_present()) {
// TODO
}
// Check request certificate
if (header_info.inlineP2pcdRequest().is_present()) {
loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: inlineP2pcdRequest not supported yet");
// TODO
}
// Check requested certificate
if (header_info.requestedCertificate().is_present()) {
loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: requestedCertificate not supported yet");
// TODO
}
// Check and extract unsecured payload
if (p_signed_data.tbsData().payload().data().is_present()) {
// Check protocol version
......@@ -364,7 +383,31 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
int security_services::process_ieee_1609_dot2_encrypted_data(const IEEE1609dot2::EncryptedData& p_encrypted_data, const bool p_verify, OCTETSTRING& p_unsecured_payload, Params& p_params) {
loggers::get_instance().log_msg(">>> security_services::process_ieee_1609_dot2_encrypted_data: ", p_encrypted_data);
//loggers::get_instance().log_msg("<<< security_services::process_ieee_1609_dot2_encrypted_data: ", p_unsecured_payload);
if (_params[Params::cypher].compare("NISTP-256") == 0) {
_ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
} else if (_params[Params::cypher].compare("BP-256") == 0) {
_ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::brainpool_p_256_r1));
} else {
loggers::get_instance().warning("security_services::setup: Failed to encode ToBeSignedData");
return -1;
}
// 1. Retrieve recipient's public keys
// OCTETSTRING recipients_key_x;
// OCTETSTRING recipients_key_y;
// if (_security_db.get()->get_public_enc_keys(certificate_id, recipients_key_x, recipients_key_y) == -1) {
// loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to retrieve recipient's public keys");
// return -1;
// }
loggers::get_instance().log_msg("<<< security_services::process_ieee_1609_dot2_encrypted_data: ", p_unsecured_payload);
return -1;
} // End of method process_ieee_1609_dot2_encrypted_data
......@@ -379,8 +422,7 @@ int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_paylo
return -1;
}
Params::const_iterator it = p_params.find(Params::encrypted_mode);
if (it != p_params.cend()) {
if (_params[Params::encrypted_mode].compare("1") == 0) {
if (encrypt_gn_payload(signed_payload, p_secured_gn_payload, p_params) != 0) {
p_secured_gn_payload = signed_payload;
loggers::get_instance().warning("security_services::secure_gn_payload: Failed to encrypt payload");
......@@ -417,7 +459,12 @@ int security_services::sign_gn_payload(const OCTETSTRING& p_unsecured_gn_payload
header_info.generationLocation().set_to_omit();
header_info.p2pcdLearningRequest().set_to_omit();
header_info.missingCrlIdentifier().set_to_omit();
header_info.encryptionKey().set_to_omit();
if (_params[Params::encrypted_mode].compare("1") == 0) {
// TODO Set the encrytion key
header_info.encryptionKey().set_to_omit();
} else {
header_info.encryptionKey().set_to_omit();
}
Params::const_iterator it = p_params.find(Params::payload_type);
if (it != p_params.cend()) {
loggers::get_instance().log("security_services::sign_gn_payload: Payload type: %s", it->second.c_str());
......@@ -511,15 +558,58 @@ int security_services::encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payl
loggers::get_instance().log_msg(">>> security_services::encrypt_gn_payload: ", p_unsecured_gn_payload);
// Sanity checks
if (_ec_keys_enc.get() == nullptr) {
loggers::get_instance().warning("security_services::encrypt_gn_payload: Encryption not initialised");
// if (_ec_keys_enc.get() == nullptr) {
// loggers::get_instance().warning("security_services::encrypt_gn_payload: Encryption not initialised");
// return -1;
// }
// 1. Retrieve recipient's public keys
// OCTETSTRING recipients_key_x;
// OCTETSTRING recipients_key_y;
// if (_security_db.get()->get_public_enc_keys(certificate_id, recipients_key_x, recipients_key_y) == -1) {
// loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to retrieve recipient's public keys");
// return -1;
// }
// 2. Generate new ephemeral Private/Public keys
if (_ec_keys_enc.get()->generate() == -1) {
loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to generate ephemeral keys");
return -1;
}
// 3. Generate and derive shared secret
// std::vector<unsigned char> peer_public_key_x(static_cast<const unsigned char *>(recipients_key_x), recipients_key_x.lengthof() + static_cast<const unsigned char *>(recipients_key_x));
// std::vector<unsigned char> peer_public_key_y(static_cast<const unsigned char *>(recipients_key_y), recipients_key_y.lengthof() + static_cast<const unsigned char *>(recipients_key_y));
// if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, peer_public_key_x, peer_public_key_y) == -1) {
// loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to generate and derive secret key");
// return -1;
// }
// AES-128 encryption of the data
std::vector<unsigned char> message(static_cast<const unsigned char*>(p_unsecured_gn_payload), p_unsecured_gn_payload.lengthof() + static_cast<const unsigned char*>(p_unsecured_gn_payload));
std::vector<unsigned char> enc_message;
_ec_keys_enc.get()->encrypt(encryption_algotithm::aes_128_ccm, message, enc_message);
if (_ec_keys_enc.get()->encrypt(encryption_algotithm::aes_128_ccm, message, enc_message) == -1) {
loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to encrypt message");
return -1;
}
// _ec_keys_enc object contains the key, the none and the tag
OCTETSTRING nonce = OCTETSTRING(_ec_keys_enc.get()->nonce().size(), _ec_keys_enc.get()->nonce().data());
OCTETSTRING tag = OCTETSTRING(_ec_keys_enc.get()->tag().size(), _ec_keys_enc.get()->tag().data());
......@@ -534,7 +624,7 @@ int security_services::encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payl
std::string certificate_id = p_params[Params::certificate];
OCTETSTRING recipient_id;
_security_db.get()->get_hashed_id(certificate_id, recipient_id); // SHA-256 of the certificate which contain the encryption private/public keys
// TODO Encryt the AES-128 key
// TODO Encrypt the AES-128 key
OCTETSTRING public_enc_key_x;
OCTETSTRING public_enc_key_y;
......
......@@ -37,6 +37,8 @@ class security_services {
* \brief Unique static object reference of this class
*/
static security_services* instance;
Params _params;
bool _setup_done;
std::unique_ptr<security_ecc> _ec_keys_enc;
std::unique_ptr<security_ecc> _ec_keys_dec;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment