Commit 8792594f authored by garciay's avatar garciay
Browse files

Start Security support in the TA

Start ATS security review
Validation of TD_AUTO_IOT_DENM_RWW_BV_01 in progress
parent 9e56815d
......@@ -834,10 +834,32 @@ int GeoNetworkingLayer::build_secured_geonetworking_pdu(OCTETSTRING& data, Param
LibItsGeoNetworking__TypesAndValues::BasicHeader basic_header;
decode_basic_header(data, basic_header);
// Update security mode
unsigned int basic_header_len = basic_header.get_descriptor()->raw->fieldlength / 8;
basic_header.nextHeader() = BasicNextHeader::e__securedPacket;
OCTETSTRING unsecured_gn_payload = OCTETSTRING(data.lengthof() - 4, static_cast<const unsigned char*>(data) + 4);
OCTETSTRING unsecured_gn_payload = OCTETSTRING(data.lengthof() - basic_header_len, static_cast<const unsigned char*>(data) + basic_header_len);
OCTETSTRING secured_gn_payload;
return security_services::get_instance().secure_gn_payload(unsecured_gn_payload, false, secured_gn_payload, params); // TODO Add timer to check if certificate shall be sent
if (security_services::get_instance().secure_gn_payload(unsecured_gn_payload, false, secured_gn_payload, params) != 0) {
loggers::get_instance().warning("GeoNetworkingLayer::build_secured_geonetworking_pdu: failed to build secured pdu");
return -1;
}
// TODO Add timer to check if certificate shall be sent
// Encode the basid header
//loggers::get_instance().log_msg("GeoNetworkingLayer::build_secured_geonetworking_pdu: New basic_header = ", basic_header);
RAW_enc_tr_pos rp;
rp.level=0;
rp.pos=NULL;
RAW_enc_tree enc_tree(FALSE, NULL, &rp, 1, basic_header.get_descriptor()->raw);
basic_header.RAW_encode(*basic_header.get_descriptor(), enc_tree);
TTCN_Buffer encoding_buffer;
enc_tree.put_to_buf(encoding_buffer);
// Copy result
data =
OCTETSTRING(encoding_buffer.get_len(), encoding_buffer.get_data()) +
secured_gn_payload;
loggers::get_instance().log_msg("GeoNetworkingLayer::build_secured_geonetworking_pdu: Secured pdu = ", data);
return 0;
}
int GeoNetworkingLayer::decode_basic_header(const OCTETSTRING& p_data, LibItsGeoNetworking__TypesAndValues::BasicHeader& p_basic_header) {
......@@ -848,7 +870,7 @@ int GeoNetworkingLayer::decode_basic_header(const OCTETSTRING& p_data, LibItsGeo
loggers::get_instance().log_msg("GeoNetworkingLayer::receiveData: bh: ", bh);
TTCN_Buffer decoding_buffer(bh);
p_basic_header.RAW_decode(*p_basic_header.get_descriptor(), decoding_buffer, decoding_buffer.get_len() * 8, raw_order_t::ORDER_MSB);
loggers::get_instance().log_msg("GeoNetworkingLayer::receiveData: decode_basic_header: ", p_basic_header);
loggers::get_instance().log_msg("GeoNetworkingLayer::decode_basic_header: ", p_basic_header);
return 0;
}
......
......@@ -18,6 +18,8 @@ security_db::security_db(const std::string& p_db_path): security_db() {
} else {
load_from_files(p_db_path);
}
dump();
} // End of ctor
security_db::~security_db() {
......@@ -106,7 +108,7 @@ int security_db::simulate_certificates() {
loggers::get_instance().log(">>> security_db::simulate_certificates");
{
std::string key("ta_ca_cert_nistp256_sha256");
std::string key("ta_cert_nistp256_sha256_ca");
std::vector<unsigned char> cert = converter::get_instance().hexa_to_bytes("8003008100188120535446353338204E6973745032353620526F6F742043657274696669636174650000000000010A8F1C86000A01028001248104038300018001258104038300010101E0800101800101810101010000808084CF58BA68FD3FFA4C67C333C7FDA1433678CA3CF8B7864D77D44159313C4699CBA61262989BDC042ECA224586798CAF6FEB0E16C17F04027804674AD2844322738084CF58BA68FD3FFA4C67C333C7FDA1433678CA3CF8B7864D77D44159313C4699CBA61262989BDC042ECA224586798CAF6FEB0E16C17F04027804674AD284432273C4757BF29746FBA553EAEE5A79A00C6A3B45F62A6104DCEFF4ECDEA832A9F7C47F40836703F51CF635DF408741A92E5CCFB66A840C601AE0EEED832D38DB95CC");
std::vector<unsigned char> issuer;
std::vector<unsigned char> h = converter::get_instance().hexa_to_bytes("7AE33C47E0C1EF90"); // Hashed ID
......@@ -114,18 +116,18 @@ int security_db::simulate_certificates() {
std::vector<unsigned char> xk = converter::get_instance().hexa_to_bytes("CF58BA68FD3FFA4C67C333C7FDA1433678CA3CF8B7864D77D44159313C4699CB"); // Public key X
std::vector<unsigned char> yk = converter::get_instance().hexa_to_bytes("A61262989BDC042ECA224586798CAF6FEB0E16C17F04027804674AD284432273"); // Public key Y
_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(new security_db_record(
key,
cert, // Certificate
issuer, // Hashed ID fo the issuer, empty for CA
h, // Hashed ID
pk, // Private key
xk, // Public key X
yk // Public key Y
))
));
key,
cert, // Certificate
issuer, // Hashed ID fo the issuer, empty for CA
h, // Hashed ID
pk, // Private key
xk, // Public key X
yk // Public key Y
))
));
}
{
std::string key = "ta_aa_cert_nistp256_sha256";
std::string key = "ta_cert_nistp256_sha256_aa";
std::vector<unsigned char> cert = converter::get_instance().hexa_to_bytes("800300807AE33C47E0C1EF9050811E535446353338204E697374503235362041412043657274696669636174650000000000010A8F1C86000A83010280000C8000220102800124810403830001800125810403830001808084804ECD51522FB92F464C815CACE691FC4DDB157AB736116698BD1EB17B05DDC2C85FD7C0D28EB038F061599E91DC8CD432720E3844A5B223C08B7CE20D84FBF78084CF58BA68FD3FFA4C67C333C7FDA1433678CA3CF8B7864D77D44159313C4699CBA61262989BDC042ECA224586798CAF6FEB0E16C17F04027804674AD2844322739D6ECE19CEBE366268B420F4288EC7CBD8C275B0357F6BBB057ECBB9F35985F7154534E278336A0E76675A037A46B33CFA4951CDBAA9F41364DA4E8A4DDCEBEB");
std::vector<unsigned char> issuer = converter::get_instance().hexa_to_bytes("7AE33C47E0C1EF90");
std::vector<unsigned char> h = converter::get_instance().hexa_to_bytes("B72C8DC20C0B895D"); // Hashed ID
......@@ -133,18 +135,18 @@ int security_db::simulate_certificates() {
std::vector<unsigned char> xk = converter::get_instance().hexa_to_bytes("804ECD51522FB92F464C815CACE691FC4DDB157AB736116698BD1EB17B05DDC2"); // Public key X
std::vector<unsigned char> yk = converter::get_instance().hexa_to_bytes("C85FD7C0D28EB038F061599E91DC8CD432720E3844A5B223C08B7CE20D84FBF7"); // Public key Y
_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(new security_db_record(
key,
cert, // Certificate
issuer, // Hashed ID fo the issuer, empty for CA
h, // Hashed ID
pk, // Private key
xk, // Public key X
yk // Public key Y
))
));
key,
cert, // Certificate
issuer, // Hashed ID fo the issuer, empty for CA
h, // Hashed ID
pk, // Private key
xk, // Public key X
yk // Public key Y
))
));
}
{
std::string key = "ta_at_cert_nistp256_sha256";
std::string key = "ta_cert_nistp256_sha256_at";
std::vector<unsigned char> cert = converter::get_instance().hexa_to_bytes("80030080B72C8DC20C0B895D50811E535446353338204E697374503235362041542043657274696669636174650000000000010A8F1C86000A83010280000C8000220102800124810403830001800125810403830001808084778176B2068C42EC4815DF780A428627061DC14E02F4DD249738A940B130836F665E7B08BBB6195BEABC169F4B21DDD0AD093D58764D1A9E9BCD9DADD2BB8AC88084804ECD51522FB92F464C815CACE691FC4DDB157AB736116698BD1EB17B05DDC2C85FD7C0D28EB038F061599E91DC8CD432720E3844A5B223C08B7CE20D84FBF750C6D53A1B14EC95DAAFB33C10597BA6A6CEF527FBF339D8FD9D03024ADD362AD88346C027E8CB55751592CCF6852AA2A6D1E5B78460B44C776E6A208472127F");
std::vector<unsigned char> issuer = converter::get_instance().hexa_to_bytes("B72C8DC20C0B895D");
std::vector<unsigned char> h = converter::get_instance().hexa_to_bytes("DD2D89F4C9DE0436"); // Hashed ID
......@@ -152,18 +154,16 @@ int security_db::simulate_certificates() {
std::vector<unsigned char> xk = converter::get_instance().hexa_to_bytes("778176B2068C42EC4815DF780A428627061DC14E02F4DD249738A940B130836F"); // Public key X
std::vector<unsigned char> yk = converter::get_instance().hexa_to_bytes("665E7B08BBB6195BEABC169F4B21DDD0AD093D58764D1A9E9BCD9DADD2BB8AC8"); // Public key Y
_certificates.insert(std::pair<const std::string, std::unique_ptr<security_db_record> >(key, std::unique_ptr<security_db_record>(new security_db_record(
key,
cert, // Certificate
issuer, // Hashed ID fo the issuer, empty for CA
h, // Hashed ID
pk, // Private key
xk, // Public key X
yk // Public key Y
))
));
key,
cert, // Certificate
issuer, // Hashed ID fo the issuer, empty for CA
h, // Hashed ID
pk, // Private key
xk, // Public key X
yk // Public key Y
))
));
}
dump();
return 0;
} // End of method genrate_certificates
......@@ -171,11 +171,16 @@ int security_db::simulate_certificates() {
void security_db::dump() const {
loggers::get_instance().log("security_db::dump_certificates: # items = %d", _certificates.size());
for (std::map<const std::string, std::unique_ptr<security_db_record> >::const_iterator it = _certificates.cbegin(); it != _certificates.cend(); ++it) {
loggers::get_instance().log("security_db::dump: pointer = %p", it->second.get());
security_db_record* p = it->second.get();
loggers::get_instance().log("security_db::dump: certificate_id = %s", p->certificate_id().c_str());
loggers::get_instance().log_to_hexa("security_db::dump: certificate = ", p->certificate().data(), p->certificate().size());
loggers::get_instance().log_to_hexa("security_db::dump: hashed_id = ", p->hashed_id().data(), p->hashed_id().size());
loggers::get_instance().log_to_hexa("security_db::dump: hashed_id_issuer = ", p->hashed_id_issuer().data(), p->hashed_id_issuer().size());
loggers::get_instance().log_to_hexa("security_db::dump: private_key = ", p->private_key().data(), p->private_key().size());
loggers::get_instance().log_to_hexa("security_db::dump: public_key_x = ", p->public_key_x().data(), p->public_key_x().size());
loggers::get_instance().log_to_hexa("security_db::dump: public_key_y = ", p->public_key_y().data(), p->public_key_y().size());
} // End of 'for' statement
}
} // End of method dump
/******************************************************
File used for the example:
......
......@@ -110,16 +110,18 @@ int security_services::secure_gn_payload(const OCTETSTRING& p_unsecured_gn_paylo
return -1;
}
IEEE1609dot2::SignerIdentifier signer;
std::string certificate_id = p_params[Params::certificate] + "_at";
loggers::get_instance().log("security_services::process_ieee_dot2_content: certificate_id = %s", certificate_id.c_str());
if (!p_add_certificate) {
OCTETSTRING digest;
if (_security_db->get_hashed_id(p_params[Params::certificate], digest) != 0) {
if (_security_db->get_hashed_id(certificate_id, digest) != 0) {
loggers::get_instance().warning("security_services::process_ieee_dot2_content: Failed to secure payload");
return -1;
}
signer.digest() = digest;
} else { // FIXME Add certifcate case
OCTETSTRING cert;
if (_security_db->get_certificate(p_params[Params::certificate], cert) != 0) {
if (_security_db->get_certificate(certificate_id, cert) != 0) {
loggers::get_instance().warning("security_services::process_ieee_dot2_content: Failed to secure payload");
return -1;
}
......@@ -216,15 +218,17 @@ int security_services::hash_sha384(const OCTETSTRING& p_data, OCTETSTRING& p_has
int security_services::sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, Params& p_params) {
loggers::get_instance().log_msg(">>> security_services::sign_ecdsa_nistp256: ", p_hash);
std::string certificate_id = p_params[Params::certificate] + "_at";
loggers::get_instance().log("security_services::sign_tbs_data: encoded certificate_id = '%s'", certificate_id.c_str());
OCTETSTRING pkey;
if (_security_db->get_private_key(p_params[Params::certificate], pkey) != 0) {
if (_security_db->get_private_key(certificate_id, pkey) != 0) {
loggers::get_instance().warning("security_services::sign_ecdsa_nistp256: Failed to get private key");
return -1;
}
std::vector<unsigned char> private_key(static_cast<const unsigned char *>(pkey), static_cast<const unsigned char *>(pkey) + pkey.lengthof());
OCTETSTRING public_key_x;
OCTETSTRING public_key_y;
if (_security_db->get_public_keys(p_params[Params::certificate], public_key_x, public_key_y) != 0) {
if (_security_db->get_public_keys(certificate_id, public_key_x, public_key_y) != 0) {
loggers::get_instance().warning("security_services::sign_ecdsa_nistp256: Failed to get public keys");
return -1;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment