Commit 7a69f81b authored by garciay's avatar garciay
Browse files

Security support in the TA

parent 04b86d01
......@@ -174,6 +174,7 @@ void GeoNetworkingLayer::receiveData(OCTETSTRING& data, Params& params) {
OCTETSTRING unsecured_gn_payload;
OCTETSTRING secured_data = OCTETSTRING(data.lengthof() - basic_header_len, static_cast<const unsigned char*>(data) + basic_header_len);
///////////////////
// FIXME Check what to do with this!
if (*static_cast<const unsigned char*>(secured_data) == 0x02) { // This is the old Security version format, discard it
loggers::get_instance().warning("GeoNetworkingLayer::receiveData: Old security format, discard it");
return;
......@@ -425,7 +426,7 @@ void GeoNetworkingLayer::send_beacon() {
}
// Update timestamp
unsigned long long ms = std::chrono::duration_cast<std::chrono::milliseconds>(std::chrono::system_clock::now().time_since_epoch()).count() - 1072911600000L; // TODO Add method such as its_time() & its_time_mod()
eh->beaconHeader().srcPosVector().timestamp__().set_long_long_val(static_cast<unsigned int>(ms));
eh->beaconHeader().srcPosVector().timestamp__().set_long_long_val((unsigned int)ms);
//loggers::get_instance().log_msg("GeoNetworkingLayer::send_beacon: ", *_beacon);
// Encode message using TITAN because of payload in omited
TTCN_Buffer encoding_buffer;
......@@ -848,11 +849,10 @@ int GeoNetworkingLayer::build_secured_pdu(OCTETSTRING& data, Params& params) {
basic_header.nextHeader() = BasicNextHeader::e__securedPacket;
OCTETSTRING unsecured_gn_payload = OCTETSTRING(data.lengthof() - basic_header_len, static_cast<const unsigned char*>(data) + basic_header_len);
OCTETSTRING secured_gn_payload;
if (security_services::get_instance().secure_gn_payload(unsecured_gn_payload, false, secured_gn_payload, params) != 0) {
if (security_services::get_instance().secure_gn_payload(unsecured_gn_payload, secured_gn_payload, params) != 0) {
loggers::get_instance().warning("GeoNetworkingLayer::build_secured_pdu: failed to build secured pdu");
return -1;
}
// TODO Add timer to check if certificate shall be sent
// Encode the basid header
//loggers::get_instance().log_msg("GeoNetworkingLayer::build_secured_pdu: New basic_header = ", basic_header);
......
#include <iostream>
#include <fstream>
#include "EtsiTs103097Module.hh"
#include "certificates_loader.hh"
namespace fs = std::experimental::filesystem;
#include "EtsiTs103097Codec_Certificate.hh"
#include "converter.hh"
......@@ -21,7 +24,10 @@ int certificates_loader::build_path(const std::string& p_root_directory) {
if (!p_root_directory.empty()) {
_full_path = p_root_directory;
if (!std::experimental::filesystem::is_directory(_full_path)) {
_full_path = "./";
// Create directory
if (!std::experimental::filesystem::create_directory(_full_path)) {
_full_path = "./";
}
}
} else {
_full_path = "./";
......@@ -37,7 +43,7 @@ int certificates_loader::build_path(const std::string& p_root_directory) {
return 0;
} // End of method build_path
int certificates_loader::load_certificates(std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s) {
int certificates_loader::load_certificates(std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s, std::map<std::vector<unsigned char>, std::string>& p_issuers) {
loggers::get_instance().log(">>> certificates_loader::load_certificates");
// Sanity check
......@@ -52,7 +58,7 @@ int certificates_loader::load_certificates(std::map<std::string, std::unique_ptr
return -1;
}
// Build the certificates cache
if (build_certificates_cache(files, p_certificates, p_hashed_id8s) == -1) {
if (build_certificates_cache(files, p_certificates, p_hashed_id8s, p_issuers) == -1) {
loggers::get_instance().warning("certificates_loader::load_certificates: Failed to build the certificate cache");
return -1;
}
......@@ -82,11 +88,11 @@ int certificates_loader::retrieve_certificates_list(std::set<std::experimental::
if (folders.size() == 0) {
loggers::get_instance().warning("certificates_loader::retrieve_certificates_list: No folder after filtering");
return -1;
folders.insert(_full_path);
}
// Process files
p_files.clear();
std::set<std::string> extensions_filter{ _certificateExt, _privateKeyExt, _publicKeysExt };
std::set<std::string> extensions_filter{ _certificateExt, _privateKeyExt, _publicKeysExt, _hashedidDigestExt, _issuerDigestExt };
for (std::set<std::experimental::filesystem::path>::const_reverse_iterator f = folders.crbegin(); f != folders.crend(); ++f) {
loggers::get_instance().log("certificates_loader::retrieve_certificates_list: Processing directory '%s'", f->string().c_str());
for(const std::experimental::filesystem::directory_entry it : std::experimental::filesystem::recursive_directory_iterator(*f)) {
......@@ -110,14 +116,15 @@ int certificates_loader::retrieve_certificates_list(std::set<std::experimental::
return 0;
} // End of method retrieve_certificates_list
int certificates_loader::build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s) {
int certificates_loader::build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s, std::map<std::vector<unsigned char>, std::string>& p_issuers) {
loggers::get_instance().log(">>> certificates_loader::build_certificates_cache");
std::set<std::experimental::filesystem::path>::const_iterator it = p_files.cbegin();
do {
loggers::get_instance().log("certificates_loader::build_certificates_cache: Caching '%s'", it->string().c_str());
std::experimental::filesystem::path p = *it;
std::string key = p.filename();
const std::string& key = p.stem();
loggers::get_instance().log("certificates_loader::build_certificates_cache: Key = '%s'", key.c_str());
// Load certificate file
it = p_files.find(p.replace_extension(_certificateExt));
......@@ -212,10 +219,16 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
p_files.erase(it);
// Create new record
EtsiTs103097Codec_Certificate codec;
IEEE1609dot2::CertificateBase decoded_certificate;
OCTETSTRING os(certificate.size(), certificate.data());
codec.decode(os, decoded_certificate);
loggers::get_instance().log_msg("certificates_loader::build_certificates_cache: Decoded certificate: ", decoded_certificate);
p_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(
new security_db_record(
key,
certificate, // Certificate
decoded_certificate,
issuer, // Hashed ID fo the issuer, empty for CA
hashed_id, // Hashed ID
private_key, // Private key
......@@ -229,6 +242,7 @@ int certificates_loader::build_certificates_cache(std::set<std::experimental::fi
return -1;
}
p_hashed_id8s.insert(std::pair<std::vector<unsigned char>, std::string>(i->second.get()->hashed_id(), i->first));
p_issuers.insert(std::pair<std::vector<unsigned char>, std::string>(i->second.get()->issuer(), i->first));
// Reset pointer
it = p_files.cbegin();
......@@ -243,7 +257,7 @@ int certificates_loader::save_certificate(const security_db_record& p_certificat
// Certificate file
std::experimental::filesystem::path p(_full_path);
p /= p_certificate.certificate_id();
p += _certificateExt;//, _privateKeyExt{".pkey"}, _publicKeysExt{".vkey"}
p += _certificateExt;
if (std::experimental::filesystem::exists(p)) {
std::experimental::filesystem::remove(p);
}
......@@ -256,7 +270,7 @@ int certificates_loader::save_certificate(const security_db_record& p_certificat
// Private key
p = _full_path;
p /= p_certificate.certificate_id();
p += _privateKeyExt; // _publicKeysExt{".vkey"}
p += _privateKeyExt;
if (std::experimental::filesystem::exists(p)) {
std::experimental::filesystem::remove(p);
}
......@@ -289,7 +303,7 @@ int certificates_loader::save_certificate(const security_db_record& p_certificat
}
loggers::get_instance().log("certificates_loader::save_certificate: Issuer digest file: '%s'", p.string().c_str());
os.open(p.string(), ios::out | ios::binary);
os.write(reinterpret_cast<const char *>(p_certificate.hashed_id_issuer().data()), p_certificate.hashed_id_issuer().size());
os.write(reinterpret_cast<const char *>(p_certificate.issuer().data()), p_certificate.issuer().size());
os.close();
std::experimental::filesystem::permissions(p, std::experimental::filesystem::perms::add_perms | std::experimental::filesystem::perms::owner_all | std::experimental::filesystem::perms::group_all | std::experimental::filesystem::perms::others_all);
......
......@@ -71,13 +71,13 @@ public: /*! \publicsection */
int build_path(const std::string& p_root_directory);
int load_certificates(std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s);
int load_certificates(std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s, std::map<std::vector<unsigned char>, std::string>& p_issuers);
//int load_certificate(std::unique_ptr<security_db_record> >& p_certificate, std::map<const std::vector<unsigned char>, const std::string&>& p_hashed_id8s);
int save_certificate(const security_db_record& p_certificate);
private:
int retrieve_certificates_list(std::set<std::experimental::filesystem::path>& p_files);
int build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s);
int build_certificates_cache(std::set<std::experimental::filesystem::path>& p_files, std::map<std::string, std::unique_ptr<security_db_record> >& p_certificates, std::map<std::vector<unsigned char>, std::string>& p_hashed_id8s, std::map<std::vector<unsigned char>, std::string>& p_issuers);
}; // End of class certificates_loader
......@@ -6,9 +6,11 @@
#include "certificates_loader.hh"
#include "EtsiTs103097Codec_Certificate.hh"
#include "loggers.hh"
security_db::security_db(): _certificates(), _hashed_id8s() {
security_db::security_db(): _certificates(), _hashed_id8s(), _issuers() {
loggers::get_instance().log(">>> security_db::security_db");
} // End of ctor
......@@ -26,6 +28,7 @@ security_db::~security_db() {
int security_db::clear() {
_certificates.clear(); // Smart pointers will do the job
_hashed_id8s.clear();
_issuers.clear();
return 0;
} // End of clear method
......@@ -44,6 +47,20 @@ int security_db::get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string
return 0;
}
int security_db::get_certificate_id_by_issuer(const OCTETSTRING& p_issuer, std::string& p_certifcate_id) const {
loggers::get_instance().log_msg(">>> security_db::get_certificate_id_by_issuer: ", p_issuer);
std::vector<unsigned char> key(static_cast<const unsigned char*>(p_issuer), p_issuer.lengthof() + static_cast<const unsigned char*>(p_issuer));
std::map<std::vector<unsigned char>, std::string>::const_iterator it = _issuers.find(key);
if (it == _issuers.cend()) {
p_certifcate_id = "";
return -1;
}
p_certifcate_id = it->second;
return 0;
}
int security_db::get_certificate(const std::string& p_certificate_id, OCTETSTRING& p_certificate) const {
loggers::get_instance().log(">>> security_db::get_certificate: '%s'", p_certificate_id.c_str());
......@@ -58,16 +75,29 @@ int security_db::get_certificate(const std::string& p_certificate_id, OCTETSTRIN
return 0;
}
int security_db::get_hashed_id_issuer(const std::string& p_certificate_id, OCTETSTRING& p_hashed_id_issuer) const {
loggers::get_instance().log(">>> security_db::get_hashed_id_issuer: '%s'", p_certificate_id.c_str());
int security_db::get_certificate(const std::string& p_certificate_id, IEEE1609dot2::CertificateBase& p_certificate) const {
loggers::get_instance().log(">>> security_db::get_certificate: '%s'", p_certificate_id.c_str());
std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id);
if (it == _certificates.cend()) {
loggers::get_instance().warning("security_db::get_certificate: record not found");
return -1;
}
p_certificate = it->second.get()->decoded_certificate();
return 0;
}
int security_db::get_issuer(const std::string& p_certificate_id, OCTETSTRING& p_hashed_id_issuer) const {
loggers::get_instance().log(">>> security_db::get_issuer: '%s'", p_certificate_id.c_str());
std::map<std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.find(p_certificate_id);
if (it == _certificates.cend()) {
loggers::get_instance().warning("security_db::get_certificate: record not found");
return -1;
}
const std::vector<unsigned char> hashed_id_issuer = it->second.get()->hashed_id_issuer();
p_hashed_id_issuer = OCTETSTRING(hashed_id_issuer.size(), hashed_id_issuer.data());
const std::vector<unsigned char> issuer = it->second.get()->issuer();
p_hashed_id_issuer = OCTETSTRING(issuer.size(), issuer.data());
return 0;
}
......@@ -124,7 +154,7 @@ int security_db::load_from_files(const std::string& p_db_path) {
return -1;
}
if (certificates_loader::get_instance().load_certificates(_certificates, _hashed_id8s) == -1) {
if (certificates_loader::get_instance().load_certificates(_certificates, _hashed_id8s, _issuers) == -1) {
loggers::get_instance().log(">>> security_db::load_from_files: certificates_loader::load_certificates method failed");
return -1;
}
......@@ -142,11 +172,16 @@ int security_db::store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRIN
std::vector<unsigned char> public_key_y(static_cast<const unsigned char*>(p_public_key_y), static_cast<const unsigned char*>(p_public_key_y) + p_public_key_y.lengthof());
std::vector<unsigned char> hashed_id8(static_cast<const unsigned char*>(p_hashed_id8), static_cast<const unsigned char*>(p_hashed_id8) + p_hashed_id8.lengthof());
std::vector<unsigned char> issuer(static_cast<const unsigned char*>(p_issuer), static_cast<const unsigned char*>(p_issuer) + p_issuer.lengthof());
EtsiTs103097Codec_Certificate codec;
IEEE1609dot2::CertificateBase decoded_certificate;
codec.decode(p_cert, decoded_certificate);
loggers::get_instance().log_msg("security_db::store_certificate: Decoded certificate: ", decoded_certificate);
security_db_record* p = new security_db_record(
key, // Certificate id
cert, // Certificate
decoded_certificate,
issuer, // Hashed ID fo the issuer, empty for CA
hashed_id8, // Hashed ID
hashed_id8, // Hashed ID
private_key, // Private key
public_key_x, // Public key X
public_key_y // Public key Y
......@@ -179,8 +214,9 @@ void security_db::dump() const {
security_db_record* p = it->second.get();
loggers::get_instance().log("security_db::dump: certificate_id = %s", p->certificate_id().c_str());
loggers::get_instance().log_to_hexa("security_db::dump: certificate = ", p->certificate().data(), p->certificate().size());
loggers::get_instance().log_msg("security_db::dump: decoded certificate = ", p->decoded_certificate());
loggers::get_instance().log_to_hexa("security_db::dump: hashed_id = ", p->hashed_id().data(), p->hashed_id().size());
loggers::get_instance().log_to_hexa("security_db::dump: hashed_id_issuer = ", p->hashed_id_issuer().data(), p->hashed_id_issuer().size());
loggers::get_instance().log_to_hexa("security_db::dump: hashed_id_issuer = ", p->issuer().data(), p->issuer().size());
loggers::get_instance().log_to_hexa("security_db::dump: private_key = ", p->private_key().data(), p->private_key().size());
loggers::get_instance().log_to_hexa("security_db::dump: public_key_x = ", p->public_key_x().data(), p->public_key_x().size());
loggers::get_instance().log_to_hexa("security_db::dump: public_key_y = ", p->public_key_y().data(), p->public_key_y().size());
......
......@@ -18,6 +18,7 @@ class security_db {
// TODO Enforce with const security_db_record, and const std::string
std::map<std::string, std::unique_ptr<security_db_record> > _certificates; //! List of the certificates indexed by the certficate identifier
std::map<std::vector<unsigned char>, std::string> _hashed_id8s; //! List of the certificates indexed by the HashedId8
std::map<std::vector<unsigned char>, std::string> _issuers; //! List of the certificates indexed by the IssuerIdentifier
public: /*! \publicsection */
/*!
......@@ -34,8 +35,10 @@ public: /*! \publicsection */
~security_db();
int get_certificate_id(const OCTETSTRING& p_hashed_id8, std::string& p_certifcate_id) const;
int get_certificate_id_by_issuer(const OCTETSTRING& p_issuer, std::string& p_certifcate_id) const;
int get_certificate(const std::string& p_certifcate_id, OCTETSTRING& p_certificate) const;
int get_hashed_id_issuer(const std::string& p_certifcate_id, OCTETSTRING& p_hashed_id_issuer) const;
int get_certificate(const std::string& p_certifcate_id, IEEE1609dot2::CertificateBase& p_certificate) const;
int get_issuer(const std::string& p_certifcate_id, OCTETSTRING& p_hashed_id_issuer) const;
int get_hashed_id(const std::string& p_certifcate_id, OCTETSTRING& p_hashed_id) const;
int get_private_key(const std::string& p_certifcate_id, OCTETSTRING& p_private_key) const;
int get_public_keys(const std::string& p_certifcate_id, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y) const;
......
#include "EtsiTs103097Module.hh"
#include "security_db_record.hh"
security_db_record::security_db_record(
const std::string& p_certificate_id,
const std::vector<unsigned char>& p_certificate,
const IEEE1609dot2::CertificateBase& p_decoded_certificate,
const std::vector<unsigned char>& p_hashed_id_issuer,
const std::vector<unsigned char>& p_hashed_id,
const std::vector<unsigned char>& p_pr_key,
const std::vector<unsigned char>& p_pu_key_x,
const std::vector<unsigned char>& p_pu_key_y,
const bool p_to_be_saved
): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(p_certificate_id), _certificate(p_certificate), _hashed_id_issuer(p_hashed_id_issuer), _hashed_id(p_hashed_id), _pr_key(p_pr_key), _pu_key_x(p_pu_key_x), _pu_key_y(p_pu_key_y), _to_be_saved(p_to_be_saved), _decoded_certificate(static_cast<IEEE1609dot2::CertificateBase*>(p_decoded_certificate.clone())) {
}
const IEEE1609dot2::CertificateBase& security_db_record::decoded_certificate() const {
return *_decoded_certificate;
}
#pragma once
#include <string>
#include <vector>
#include "ec_keys.hh"
namespace IEEE1609dot2 {
class CertificateBase;
};
/*!
* \class security_db_record
* \brief This class provides security record description for security database
......@@ -18,34 +23,27 @@ class security_db_record {
std::vector<unsigned char> _pr_key; /*!< Private key storage */
std::vector<unsigned char> _pu_key_x; /*!< Public key X storage */
std::vector<unsigned char> _pu_key_y; /*!< Public key Y storage */
bool _to_be_saved;
bool _to_be_saved; /*!< Flag to indicate if the record shall be saved, i.e. has been modified */
IEEE1609dot2::CertificateBase* _decoded_certificate;
public: /*! \publicsection */
/*!
* \brief Default private ctor
*/
security_db_record(): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(), _certificate(), _hashed_id_issuer(), _hashed_id(), _pr_key(), _pu_key_x(), _pu_key_y(), _to_be_saved(false) { };
security_db_record(
const std::string& p_certificate_id,
const std::vector<unsigned char>& p_certificate,
const std::vector<unsigned char>& p_hashed_id_issuer,
const std::vector<unsigned char>& p_hashed_id,
const std::vector<unsigned char>& p_pr_key,
const std::vector<unsigned char>& p_pu_key_x,
const std::vector<unsigned char>& p_pu_key_y,
const bool p_to_be_saved = true
): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(p_certificate_id), _certificate(p_certificate), _hashed_id_issuer(p_hashed_id_issuer), _hashed_id(p_hashed_id), _pr_key(p_pr_key), _pu_key_x(p_pu_key_x), _pu_key_y(p_pu_key_y), _to_be_saved(p_to_be_saved) { };
security_db_record(): _algorithm{ec_elliptic_curves::nist_p_256}, _certificate_id(), _certificate(), _hashed_id_issuer(), _hashed_id(), _pr_key(), _pu_key_x(), _pu_key_y(), _to_be_saved(false), _decoded_certificate(nullptr) { };
security_db_record(const std::string& p_certificate_id, const std::vector<unsigned char>& p_certificate, const IEEE1609dot2::CertificateBase& p_decoded_certificate, const std::vector<unsigned char>& p_hashed_id_issuer, const std::vector<unsigned char>& p_hashed_id, const std::vector<unsigned char>& p_pr_key, const std::vector<unsigned char>& p_pu_key_x, const std::vector<unsigned char>& p_pu_key_y, const bool p_to_be_saved = true);
/*!
* \brief Default private dtor
*/
~security_db_record() { };
~security_db_record() { if (_decoded_certificate != nullptr) { delete _decoded_certificate; } };
const IEEE1609dot2::CertificateBase& decoded_certificate() const;
inline const std::string& certificate_id() const { return _certificate_id; };
inline const std::vector<unsigned char>& certificate() const { return _certificate; };
inline const std::vector<unsigned char>& hashed_id() const { return _hashed_id; };
inline const std::vector<unsigned char>& hashed_id_issuer() const { return _hashed_id_issuer; };
inline const std::vector<unsigned char>& issuer() const { return _hashed_id_issuer; };
inline const std::vector<unsigned char>& private_key() const { return _pr_key; };
inline const std::vector<unsigned char>& public_key_x() const { return _pu_key_x; };
inline const std::vector<unsigned char>& public_key_y() const { return _pu_key_y; };
......
......@@ -20,7 +20,7 @@
security_services * security_services::instance = nullptr;
security_services::security_services() : _ec_keys(nullptr), _security_db(nullptr) {
security_services::security_services() : _ec_keys(nullptr), _security_db(nullptr), _last_generation_time(0) {
loggers::get_instance().log(">>> security_services::security_services");
} // End of ctor
......@@ -150,12 +150,24 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
std::string certificate_id;
result = -1;
if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_digest)) {
// TODO Retrieve the certificate identifier from digest
loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: TODO Retrieve the certificate identifier from digest");
// Retrieve the certificate identifier from digest
loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: Retrieve the certificate identifier from digest");
result = _security_db.get()->get_certificate_id(p_signed_data.signer().digest(), certificate_id);
} else if (p_signed_data.signer().ischosen(IEEE1609dot2::SignerIdentifier::ALT_certificate)) {
loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier");
return -1;
// Extract the certifcate
IEEE1609dot2::CertificateBase cert = p_signed_data.signer().certificate()[0];
// TODO Verify signature
// TODO Check if certificate is known
// TODO Create certificate cahe
// TODO Request certiticate
if (cert.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha256AndDigest)) {
result = _security_db.get()->get_certificate_id_by_issuer(cert.issuer().sha256AndDigest(), certificate_id);
} else if (cert.issuer().ischosen(IEEE1609dot2::IssuerIdentifier::ALT_sha384AndDigest)) {
result = _security_db.get()->get_certificate_id_by_issuer(cert.issuer().sha384AndDigest(), certificate_id);
} else {
loggers::get_instance().error("security_services::process_ieee_1609_dot2_signed_data: Unsupported certificate issuer");
return -1;
}
} else {
loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Unsupported SignerIdentifier");
return -1;
......@@ -169,7 +181,7 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
loggers::get_instance().log_msg("security_services::process_ieee_1609_dot2_signed_data: signature = ", p_signed_data.signature__());
result = -1;
if (p_signed_data.signature__().ischosen(IEEE1609dot2BaseTypes::Signature::ALT_ecdsaNistP256Signature)) {
result = verify_sign_ecdsa_nistp256(os, p_signed_data.signature__(), certificate_id, p_params);
result = verify_sign_ecdsa_nistp256(hashed_data, p_signed_data.signature__(), certificate_id, p_params);
} else {
// TODO
loggers::get_instance().error("security_services::process_ieee_1609_dot2_content: TODO");
......@@ -190,7 +202,7 @@ int security_services::process_ieee_1609_dot2_encrypted_data(const IEEE1609dot2:
return -1;
} // End of method process_ieee_1609_dot2_encrypted_data
int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, const bool p_add_certificate, OCTETSTRING& p_secured_gn_payload, Params& p_params) {
int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_secured_gn_payload, Params& p_params) {
loggers::get_instance().log_msg(">>> security_services::secure_gn_payload: ", p_unsecured_gn_payload);
//p_params.log();
......@@ -210,7 +222,10 @@ int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_paylo
IEEE1609dot2::HeaderInfo header_info;
header_info.psid() = converter::get_instance().string_to_int(p_params[Params::its_aid]);
unsigned long long ms = std::chrono::duration_cast<std::chrono::milliseconds>(std::chrono::system_clock::now().time_since_epoch()).count() - 1072911600000L; // TODO Add method such as its_tme() & its_time_mod() beacuse it is used also in LibItsCommon_externals
header_info.generationTime() = ms;
INTEGER i;
i.set_long_long_val((unsigned int)ms);
header_info.generationTime() = OPTIONAL<INTEGER>(i);
// TODO Set secured field according to the payload!
header_info.expiryTime().set_to_omit();
header_info.generationLocation().set_to_omit();
header_info.p2pcdLearningRequest().set_to_omit();
......@@ -230,23 +245,27 @@ int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_paylo
return -1;
}
IEEE1609dot2::SignerIdentifier signer;
std::string certificate_id = p_params[Params::certificate] + "_at";
loggers::get_instance().log("security_services::secure_gn_payload: ms = %d - _last_generation_time = %d - ms - _last_generation_time = %d", (unsigned int)ms, _last_generation_time, (unsigned int)(ms - _last_generation_time));
std::string certificate_id = p_params[Params::certificate] + "_AT";
loggers::get_instance().log("security_services::secure_gn_payload: certificate_id = %s", certificate_id.c_str());
if (!p_add_certificate) {
if ((unsigned int)(ms - _last_generation_time) >= 1000 * 0.95) { // Need to add certificate
IEEE1609dot2::CertificateBase cert;
if (_security_db->get_certificate(certificate_id, cert) != 0) {
loggers::get_instance().warning("security_services:secure_gn_payload: Failed to secure payload");
return -1;
}
IEEE1609dot2::SequenceOfCertificate sequenceOfCertificate;
sequenceOfCertificate[0] = cert;
signer.certificate() = sequenceOfCertificate;
// Reset send certificate timer
_last_generation_time = ms;
} else {
OCTETSTRING digest;
if (_security_db->get_hashed_id(certificate_id, digest) != 0) {
loggers::get_instance().warning("security_services::secure_gn_payload: Failed to secure payload");
return -1;
}
signer.digest() = digest;
} else {
OCTETSTRING cert;
if (_security_db->get_certificate(certificate_id, cert) != 0) {
loggers::get_instance().warning("security_services:secure_gn_payload: Failed to secure payload");
return -1;
}
loggers::get_instance().error("security_services::secured_gn_payload: TODO Add certifcate case");
// FIXME Need to decode certifcate, shall be done once is security_db
}
IEEE1609dot2::SignedData signed_data(
hashId,
......@@ -343,8 +362,8 @@ int security_services::hash_sha384(const OCTETSTRING& p_data, OCTETSTRING& p_has
int security_services::sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, Params& p_params) {
loggers::get_instance().log_msg(">>> security_services::sign_ecdsa_nistp256: ", p_hash);
std::string certificate_id = p_params[Params::certificate] + "_at";
loggers::get_instance().log("security_services::sign_tbs_data: encoded certificate_id = '%s'", certificate_id.c_str());
std::string certificate_id = p_params[Params::certificate] + "_AT"; // FIXME Specified strictly the naming of the certificate files
loggers::get_instance().log("security_services::sign_ecdsa_nistp256: encoded certificate_id = '%s'", certificate_id.c_str());
OCTETSTRING pkey;
if (_security_db->get_private_key(certificate_id, pkey) != 0) {
loggers::get_instance().warning("security_services::sign_ecdsa_nistp256: Failed to get private key");
......@@ -367,13 +386,10 @@ int security_services::sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609do
return -1;
}
IEEE1609dot2BaseTypes::EccP256CurvePoint ep;
ep.uncompressedP256() = IEEE1609dot2BaseTypes::EccP256CurvePoint_uncompressedP256(
public_key_x,
public_key_y
);
ep.x__only() = OCTETSTRING(r_sig.size(), r_sig.data());
p_signature.ecdsaNistP256Signature() = IEEE1609dot2BaseTypes::EcdsaP256Signature(
ep,
OCTETSTRING(r_sig.size(), r_sig.data()) + OCTETSTRING(s_sig.size(), s_sig.data())
OCTETSTRING(s_sig.size(), s_sig.data())
);
loggers::get_instance().log_msg("security_services::sign_ecdsa_nistp256: signature = ", p_signature);
......@@ -391,7 +407,19 @@ int security_services::verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, con
}
std::vector<unsigned char> hashData(static_cast<const unsigned char *>(p_hash), static_cast<const unsigned char *>(p_hash) + p_hash.lengthof());
OCTETSTRING os = p_signature.ecdsaNistP256Signature().rSig().x__only() + p_signature.ecdsaNistP256Signature().sSig();
OCTETSTRING os;
if (p_signature.ecdsaNistP256Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_x__only)) {
os = p_signature.ecdsaNistP256Signature().rSig().x__only() + p_signature.ecdsaNistP256Signature().sSig();
} else if (p_signature.ecdsaNistP256Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__0)) {
os = p_signature.ecdsaNistP256Signature().rSig().compressed__y__0() + p_signature.ecdsaNistP256Signature().sSig();
} else if (p_signature.ecdsaNistP256Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_compressed__y__1)) {
os = p_signature.ecdsaNistP256Signature().rSig().compressed__y__1() + p_signature.ecdsaNistP256Signature().sSig();
} else if (p_signature.ecdsaNistP256Signature().rSig().ischosen(IEEE1609dot2BaseTypes::EccP256CurvePoint::ALT_uncompressedP256)) {
os = p_signature.ecdsaNistP256Signature().rSig().uncompressedP256().x() + p_signature.ecdsaNistP256Signature().rSig().uncompressedP256().y() + p_signature.ecdsaNistP256Signature().sSig();
} else {
loggers::get_instance().warning("security_services::verify_sign_ecdsa_nistp256: Invalid curve point");
return -1;
}
std::vector<unsigned char> signature(static_cast<const unsigned char *>(os), static_cast<const unsigned char *>(os) + os.lengthof());
std::vector<unsigned char> key_x(static_cast<const unsigned char *>(public_key_x), static_cast<const unsigned char *>(public_key_x) + public_key_x.lengthof());
std::vector<unsigned char> key_y(static_cast<const unsigned char *>(public_key_y), static_cast<const unsigned char *>(public_key_y) + public_key_y.lengthof());
......
......@@ -37,9 +37,8 @@ class security_services {
*/
static security_services* instance;
std::unique_ptr<ec_keys> _ec_keys;
std::unique_ptr<security_db> _security_db;
unsigned long long _last_generation_time;
/*!
* \brief Default private ctor
*/
......@@ -74,7 +73,7 @@ public: /*! \publicsection */
*/
int verify_and_extract_gn_payload(const OCTETSTRING& p_secured_gn_payload, const bool p_verify, OCTETSTRING& p_unsecured_gn_payload, Params& p_params);
int secure_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, const bool p_add_certificate, OCTETSTRING& p_secured_gn_payload, Params& p_params);
int secure_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_secured_gn_payload, Params& p_params);
int setup(Params &p_params);
......
......@@ -124,17 +124,20 @@ void loggers::user(const char *fmt, ...)
void loggers::warning(const char *fmt, ...)
{
TTCN_Logger::begin_event(TTCN_Logger::WARNING_UNQUALIFIED);
va_list args;
va_start(args, fmt);
TTCN_warning(fmt, args);
TTCN_Logger::log_event_va_list(fmt, args);
<