STF525: Add encryption support in Test System

STF545: Start TestSystem support

STF525: Add encryption support in Test System
STF545: Start TestSystem support
68c52bb0 · garciay · 12fde3ae · 68c52bb0 · 68c52bb0 · 68c52bb0
Commit 68c52bb0 authored Apr 05, 2018 by garciay
--- a/ccsrc/Externals/LibItsSecurity_externals.cc
+++ b/ccsrc/Externals/LibItsSecurity_externals.cc
@@ -361,9 +361,9 @@ namespace LibItsSecurity__Functions
      return OCTETSTRING();
    }
    // 2. Generate and derive shared secret
-    std::vector<unsigned char> peer_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
+    std::vector<unsigned char> recipients_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
-    std::vector<unsigned char> peer_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
+    std::vector<unsigned char> recipients_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
-    if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, peer_public_key_x, peer_public_key_y) == -1) {
+    if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, recipients_public_key_x, recipients_public_key_y) == -1) {
      loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key");
      return OCTETSTRING();
    }
@@ -450,9 +450,9 @@ namespace LibItsSecurity__Functions
      return OCTETSTRING();
    }
    // 2. Generate and derive shared secret
-    std::vector<unsigned char> peer_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
+    std::vector<unsigned char> recipients_public_key_x(static_cast<const unsigned char *>(p__recipientsPublicKeyX), p__recipientsPublicKeyX.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyX));
-    std::vector<unsigned char> peer_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
+    std::vector<unsigned char> recipients_public_key_y(static_cast<const unsigned char *>(p__recipientsPublicKeyY), p__recipientsPublicKeyY.lengthof() + static_cast<const unsigned char *>(p__recipientsPublicKeyY));
-    if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, peer_public_key_x, peer_public_key_y) == -1) {
+    if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, recipients_public_key_x, recipients_public_key_y) == -1) {
      loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to generate and derive secret key");
      return OCTETSTRING();
    }

--- a/ccsrc/Ports/LibIts_ports/Pki_ports/PkiPort.cc
+++ b/ccsrc/Ports/LibIts_ports/Pki_ports/PkiPort.cc
+// This Test Port skeleton source file was generated by the
+// TTCN-3 Compiler of the TTCN-3 Test Executor version CRL 113 200/5 R3A
+// for U-ERICSSON\ethgry (ethgry@HU00078339) on Fri Aug 14 21:19:06 2015
+// Copyright Ericsson Telecom AB 2000-2014
+// You may modify this file. Complete the body of empty functions and
+// add your member functions here.
+#include "PkiPort.hh"
+namespace LibItsPki__TestSystem {
+PkiPort::PkiPort(const char *par_port_name)
+	: PkiPort_BASE(par_port_name)
+{
+}
+PkiPort::~PkiPort()
+{
+}
+void PkiPort::set_parameter(const char * /*parameter_name*/,
+	const char * /*parameter_value*/)
+{
+}
+/*void PkiPort::Handle_Fd_Event(int fd, boolean is_readable,
+	boolean is_writable, boolean is_error) {}*/
+void PkiPort::Handle_Fd_Event_Error(int /*fd*/)
+{
+}
+void PkiPort::Handle_Fd_Event_Writable(int /*fd*/)
+{
+}
+void PkiPort::Handle_Fd_Event_Readable(int /*fd*/)
+{
+}
+/*void PkiPort::Handle_Timeout(double time_since_last_call) {}*/
+void PkiPort::user_map(const char * /*system_port*/)
+{
+}
+void PkiPort::user_unmap(const char * /*system_port*/)
+{
+}
+void PkiPort::user_start()
+{
+}
+void PkiPort::user_stop()
+{
+}
+void PkiPort::outgoing_send(const LibItsPki__TestSystem::PkiReq& /*send_par*/)
+{
+}
+} /* end of namespace */
--- a/ccsrc/Ports/LibIts_ports/Pki_ports/PkiPort.hh
+++ b/ccsrc/Ports/LibIts_ports/Pki_ports/PkiPort.hh
+// This Test Port skeleton header file was generated by the
+// TTCN-3 Compiler of the TTCN-3 Test Executor version CRL 113 200/5 R3A
+// for U-ERICSSON\ethgry (ethgry@HU00078339) on Fri Aug 14 21:19:06 2015
+// Copyright Ericsson Telecom AB 2000-2014
+// You may modify this file. Add your attributes and prototypes of your
+// member functions here.
+#ifndef PkiPort_HH
+#define PkiPort_HH
+#include "LibItsPki_TestSystem.hh"
+namespace LibItsPki__TestSystem {
+class PkiPort : public PkiPort_BASE {
+public:
+	PkiPort(const char *par_port_name = NULL);
+	~PkiPort();
+	void set_parameter(const char *parameter_name,
+		const char *parameter_value);
+private:
+	/* void Handle_Fd_Event(int fd, boolean is_readable,
+		boolean is_writable, boolean is_error); */
+	void Handle_Fd_Event_Error(int fd);
+	void Handle_Fd_Event_Writable(int fd);
+	void Handle_Fd_Event_Readable(int fd);
+	/* void Handle_Timeout(double time_since_last_call); */
+protected:
+	void user_map(const char *system_port);
+	void user_unmap(const char *system_port);
+	void user_start();
+	void user_stop();
+	void outgoing_send(const LibItsPki__TestSystem::PkiReq& send_par);
+};
+} /* end of namespace */
+#endif
--- a/ccsrc/Ports/LibIts_ports/RSUsSimulator_ports/ConfigRsuSimulatorLayer.cc
+++ b/ccsrc/Ports/LibIts_ports/RSUsSimulator_ports/ConfigRsuSimulatorLayer.cc
@@ -85,19 +85,21 @@ void ConfigRsuSimulatorLayer::receive_data(OCTETSTRING& data, Params& params)
  unsigned char id = *(static_cast<const unsigned char*>(data));
  if (id == 0x00) { // Receive an UtxxInitialise
-    process_data(data, params);
+    process_utinitialize_data(data, params);
+  } else if (id == 0x00) { // Receive an UtCamChangeSpeed
+    process_ut_cam_changespeed_data(data, params);
  } else {
    loggers::get_instance().warning("ConfigRsuSimulatorLayer::receive_data: Unsupported tag %02x", id);
  }
 }
-int ConfigRsuSimulatorLayer::process_data(OCTETSTRING& data, Params& params) {
+int ConfigRsuSimulatorLayer::process_utinitialize_data(OCTETSTRING& data, Params& params) {
-  loggers::get_instance().log("ConfigRsuSimulatorLayer::process_data");
+  loggers::get_instance().log("ConfigRsuSimulatorLayer::process_utinitialize_data");
  Params::const_iterator it = _params.find("ut");
  if (it == _params.cend()) {
-    loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_data: CF layer's ut parameter is missing");
+    loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_utinitialize_data: CF layer's ut parameter is missing");
    return -1;
  }
@@ -117,7 +119,30 @@ int ConfigRsuSimulatorLayer::process_data(OCTETSTRING& data, Params& params) {
    // Pass it to the ports if any
    to_all_upper_ports(p, params);
  } else {
-    loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_data: Unsupported protocol");
+    loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_utinitialize_data: Unsupported protocol");
+    return -1;
+  }
+  return 0;
+}
+int ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data(OCTETSTRING& data, Params& params) {
+  loggers::get_instance().log("ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data");
+  Params::const_iterator it = _params.find("ut");
+  if (it == _params.cend()) {
+    loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data: CF layer's ut parameter is missing");
+    return -1;
+  }
+  if (_params[std::string("ut")].compare("cam") == 0) {
+    OCTETSTRING speed(data.lengthof() - 1,  1 + static_cast<const unsigned char*>(data));
+    LibItsCam__TypesAndValues::UtCamTrigger p;
+    p.changeSpeed() = oct2int(speed);
+    // Pass it to the ports if any
+    to_all_upper_ports(p, params);
+  } else {
+    loggers::get_instance().warning("ConfigRsuSimulatorLayer::process_ut_cam_changespeed_data: Unsupported protocol");
    return -1;
  }

--- a/ccsrc/Ports/LibIts_ports/RSUsSimulator_ports/ConfigRsuSimulatorLayer.hh
+++ b/ccsrc/Ports/LibIts_ports/RSUsSimulator_ports/ConfigRsuSimulatorLayer.hh
@@ -40,6 +40,7 @@ public:
  virtual void receive_data(OCTETSTRING& data, Params& params);
 private:
-  int process_data(OCTETSTRING& data, Params& params);
+  int process_utinitialize_data(OCTETSTRING& data, Params& params);
+  int process_ut_cam_changespeed_data(OCTETSTRING& data, Params& params);
 }; // End of class ConfigRsuSimulatorLayer
--- a/ccsrc/Ports/LibIts_ports/RSUsSimulator_ports/ConfigRsuSimulatorPort.cc
+++ b/ccsrc/Ports/LibIts_ports/RSUsSimulator_ports/ConfigRsuSimulatorPort.cc
@@ -163,6 +163,16 @@ namespace ItsRSUsSimulator__TestSystem {
    incoming_message(p_ind);
  }
+  void ConfigRsuSimulatorPort::receiveMsg (const LibItsCam__TypesAndValues::UtCamTrigger& p_ind, const Params& p_params) {
+    loggers::get_instance().log_msg(">>> ConfigRsuSimulatorPort::receive_msg: ", p_ind);
+    // Sanity check
+    if (!p_ind.is_bound()) {
+      return;
+    }
+    incoming_message(p_ind);
+  }
  void ConfigRsuSimulatorPort::receiveMsg (const LibItsDenm__TypesAndValues::UtDenmInitialize& p_ind, const Params& p_params) {
    loggers::get_instance().log_msg(">>> ConfigRsuSimulatorPort::receive_msg: ", p_ind);
    // Sanity check

--- a/ccsrc/Ports/LibIts_ports/RSUsSimulator_ports/ConfigRsuSimulatorPort.hh
+++ b/ccsrc/Ports/LibIts_ports/RSUsSimulator_ports/ConfigRsuSimulatorPort.hh
@@ -21,6 +21,7 @@ namespace ItsRSUsSimulator__TestSystem {
    void receiveMsg (const BOOLEAN& p_ind, const Params& p_params);
    void receiveMsg (const LibItsGeoNetworking__TypesAndValues::UtGnInitialize& p_ind, const Params& p_params);
    void receiveMsg (const LibItsCam__TypesAndValues::UtCamInitialize& p_ind, const Params& p_params);
+    void receiveMsg (const LibItsCam__TypesAndValues::UtCamTrigger& p_ind, const Params& p_params);
    void receiveMsg (const LibItsDenm__TypesAndValues::UtDenmInitialize& p_ind, const Params& p_params);
    /*void send(const CfInitialize& send_par, const COMPONENT& destination_component);

--- a/ccsrc/Protocols/GeoNetworking/geonetworking_layer.cc
+++ b/ccsrc/Protocols/GeoNetworking/geonetworking_layer.cc
@@ -74,10 +74,14 @@ geonetworking_layer::geonetworking_layer(const std::string & p_type, const std::
  it = _params.find(Params::secured_mode);
  if (it != _params.cend()) {
    _secured_mode = (1 == converter::get_instance().string_to_int(it->second));
+  } else {
+    _params.insert(std::pair<std::string, std::string>(std::string("secured_mode"), "0"));
  }
  it = _params.find(Params::encrypted_mode);
  if (it != _params.cend()) {
    _encrypted_mode = (1 == converter::get_instance().string_to_int(it->second));
+  } else {
+    _params.insert(std::pair<std::string, std::string>(std::string("encrypted_mode"), "0"));
  }
  it = _params.find(Params::enable_security_checks);
  if (it != _params.cend()) {
@@ -991,7 +995,7 @@ int geonetworking_layer::build_secured_pdu(OCTETSTRING& data, Params& params) {
    return -1;
  }
-  // Encode the basid header
+  // Encode the basic header
  //loggers::get_instance().log_msg("geonetworking_layer::build_secured_pdu: New basic_header = ", basic_header);
  RAW_enc_tr_pos rp;
  rp.level=0;

--- a/ccsrc/Protocols/Security/security_services.cc
+++ b/ccsrc/Protocols/Security/security_services.cc
@@ -26,7 +26,8 @@ security_services::security_services() : _setup_done{false}, _ec_keys_enc(nullpt
 int security_services::setup(Params& p_params) { // FIXME Rename this method
  loggers::get_instance().log(">>> security_services::setup");
-  p_params.log();
+  _params = p_params;
+  _params.log();
  if (_setup_done) {
    loggers::get_instance().warning("security_services::setup: Already done");
@@ -34,20 +35,20 @@ int security_services::setup(Params& p_params) { // FIXME Rename this method
  }
  _setup_done = true;
-  _security_db.reset(new security_db(p_params[Params::sec_db_path]));
+  // Build the certificate caching
+  _security_db.reset(new security_db(_params[Params::sec_db_path]));
  if (_security_db.get() == nullptr) { // Memory allocation issue
    loggers::get_instance().warning("security_services::setup: _security_db pointer is NULL");
    return -1;
  }
-  // Setup encryption instance
+  // Initialise encryption mechanism
-  // std::string certificate_id = p_params[Params::certificate];
+  if (_params[Params::encrypted_mode].compare("1") == 0) {
-  // OCTETSTRING os;
+    Params::const_iterator it = _params.find(Params::cypher);
-  // _security_db.get()->get_private_enc_key(certificate_id, os);
+    if (it == _params.cend()) {
-  // std::vector<unsigned char> pri_enc_key(static_cast<const unsigned char*>(os), os.lengthof() + static_cast<const unsigned char*>(os));
-  Params::const_iterator it = p_params.find(Params::cypher);
-  if (it == p_params.cend()) {
      _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
+      _params.insert(std::pair<std::string, std::string>(Params::cypher, std::string("NISTP-256")));
+      p_params.insert(std::pair<std::string, std::string>(Params::cypher, std::string("NISTP-256")));
    } else if (it->second.compare("NISTP-256")) {
      _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
    } else if (it->second.compare("BP-256")) {
@@ -56,7 +57,7 @@ int security_services::setup(Params& p_params) { // FIXME Rename this method
      loggers::get_instance().warning("security_services::setup: Failed to encode ToBeSignedData");
      return -1;
    }
+  }
  return 0;
 }
@@ -161,6 +162,24 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
      }
    }
  }
+  // Check encryption keys if present
+  if (header_info.encryptionKey().is_present()) {
+    // TODO
+  }
+  // Check request certificate
+  if (header_info.inlineP2pcdRequest().is_present()) {
+      loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: inlineP2pcdRequest not supported yet");
+      // TODO
+  }
+  // Check requested certificate
+  if (header_info.requestedCertificate().is_present()) {
+      loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: requestedCertificate not supported yet");
+      // TODO
+  }
  // Check and extract unsecured payload
  if (p_signed_data.tbsData().payload().data().is_present()) {
    // Check protocol version
@@ -364,7 +383,31 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
 int security_services::process_ieee_1609_dot2_encrypted_data(const IEEE1609dot2::EncryptedData& p_encrypted_data, const bool p_verify, OCTETSTRING& p_unsecured_payload, Params& p_params) {
  loggers::get_instance().log_msg(">>> security_services::process_ieee_1609_dot2_encrypted_data: ", p_encrypted_data);
-  //loggers::get_instance().log_msg("<<< security_services::process_ieee_1609_dot2_encrypted_data: ", p_unsecured_payload);
+  if (_params[Params::cypher].compare("NISTP-256") == 0) {
+	  _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
+  } else if (_params[Params::cypher].compare("BP-256") == 0) {
+	  _ec_keys_enc.reset(new security_ecc(ec_elliptic_curves::brainpool_p_256_r1));
+  } else {
+    loggers::get_instance().warning("security_services::setup: Failed to encode ToBeSignedData");
+    return -1;
+  }
+  // 1. Retrieve recipient's public keys
+  // OCTETSTRING recipients_key_x;
+  // OCTETSTRING recipients_key_y;
+  // if (_security_db.get()->get_public_enc_keys(certificate_id, recipients_key_x, recipients_key_y) == -1) {
+  //   loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to retrieve recipient's public keys");
+  //   return -1;
+  // }
+  loggers::get_instance().log_msg("<<< security_services::process_ieee_1609_dot2_encrypted_data: ", p_unsecured_payload);
  return -1;
 } // End of method process_ieee_1609_dot2_encrypted_data
@@ -379,8 +422,7 @@ int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_paylo
    return -1;
  }
-  Params::const_iterator it = p_params.find(Params::encrypted_mode);
+  if (_params[Params::encrypted_mode].compare("1") == 0) {
-  if (it != p_params.cend()) {
    if (encrypt_gn_payload(signed_payload, p_secured_gn_payload, p_params) != 0) {
      p_secured_gn_payload = signed_payload;
      loggers::get_instance().warning("security_services::secure_gn_payload: Failed to encrypt payload");
@@ -417,7 +459,12 @@ int security_services::sign_gn_payload(const OCTETSTRING& p_unsecured_gn_payload
  header_info.generationLocation().set_to_omit();
  header_info.p2pcdLearningRequest().set_to_omit();
  header_info.missingCrlIdentifier().set_to_omit();
+  if (_params[Params::encrypted_mode].compare("1") == 0) {
+    // TODO Set the encrytion key
+    header_info.encryptionKey().set_to_omit();
+  } else {
    header_info.encryptionKey().set_to_omit();
+  }
  Params::const_iterator it = p_params.find(Params::payload_type);
  if (it != p_params.cend()) {
    loggers::get_instance().log("security_services::sign_gn_payload: Payload type: %s", it->second.c_str());
@@ -511,15 +558,58 @@ int security_services::encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payl
  loggers::get_instance().log_msg(">>> security_services::encrypt_gn_payload: ", p_unsecured_gn_payload);
  // Sanity checks
-  if (_ec_keys_enc.get() == nullptr) {
+//  if (_ec_keys_enc.get() == nullptr) {
-    loggers::get_instance().warning("security_services::encrypt_gn_payload: Encryption not initialised");
+//    loggers::get_instance().warning("security_services::encrypt_gn_payload: Encryption not initialised");
+//    return -1;
+//  }
+  // 1. Retrieve recipient's public keys
+  // OCTETSTRING recipients_key_x;
+  // OCTETSTRING recipients_key_y;
+  // if (_security_db.get()->get_public_enc_keys(certificate_id, recipients_key_x, recipients_key_y) == -1) {
+  //   loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to retrieve recipient's public keys");
+  //   return -1;
+  // }
+  // 2. Generate new ephemeral Private/Public keys
+  if (_ec_keys_enc.get()->generate() == -1) {
+    loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to generate ephemeral keys");
    return -1;
  }
+  // 3. Generate and derive shared secret
+  // std::vector<unsigned char> peer_public_key_x(static_cast<const unsigned char *>(recipients_key_x), recipients_key_x.lengthof() + static_cast<const unsigned char *>(recipients_key_x));
+  // std::vector<unsigned char> peer_public_key_y(static_cast<const unsigned char *>(recipients_key_y), recipients_key_y.lengthof() + static_cast<const unsigned char *>(recipients_key_y));
+  // if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, peer_public_key_x, peer_public_key_y) == -1) {
+  //   loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to generate and derive secret key");
+  //   return -1;
+  // }
  // AES-128 encryption of the data
  std::vector<unsigned char> message(static_cast<const unsigned char*>(p_unsecured_gn_payload), p_unsecured_gn_payload.lengthof() + static_cast<const unsigned char*>(p_unsecured_gn_payload));
  std::vector<unsigned char> enc_message;
-  _ec_keys_enc.get()->encrypt(encryption_algotithm::aes_128_ccm, message, enc_message);
+  if (_ec_keys_enc.get()->encrypt(encryption_algotithm::aes_128_ccm, message, enc_message) == -1) {
+    loggers::get_instance().warning("security_services::encrypt_gn_payload: Failed to encrypt message");
+    return -1;
+  }
  // _ec_keys_enc object contains the key, the none and the tag
  OCTETSTRING nonce = OCTETSTRING(_ec_keys_enc.get()->nonce().size(), _ec_keys_enc.get()->nonce().data());
  OCTETSTRING tag = OCTETSTRING(_ec_keys_enc.get()->tag().size(), _ec_keys_enc.get()->tag().data());
@@ -534,7 +624,7 @@ int security_services::encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payl
  std::string certificate_id = p_params[Params::certificate];
  OCTETSTRING recipient_id;
  _security_db.get()->get_hashed_id(certificate_id, recipient_id); // SHA-256 of the certificate which contain the encryption private/public keys
-  // TODO Encryt the AES-128 key
+  // TODO Encrypt the AES-128 key
  OCTETSTRING public_enc_key_x;
  OCTETSTRING public_enc_key_y;

--- a/ccsrc/Protocols/Security/security_services.hh
+++ b/ccsrc/Protocols/Security/security_services.hh
@@ -37,6 +37,8 @@ class security_services {
   * \brief Unique static object reference of this class
   */
  static security_services* instance;
+  Params _params;
  bool _setup_done;
  std::unique_ptr<security_ecc> _ec_keys_enc;
  std::unique_ptr<security_ecc> _ec_keys_dec;