Commit 8b48620c authored by Yann Garcia's avatar Yann Garcia
Browse files

Review Pki Layer

parent 7e84e60a
......@@ -9,7 +9,7 @@
#include "IVIM_ports/AdapterControlPort_IVIM.partC"
#include "MapemSpatem_ports/AdapterControlPort_MapemSpatem.partC"
#include "SremSsem_ports/AdapterControlPort_SremSsem.partC"
//#include "Pki_ports/AdapterControlPort_Pki.partC"
#include "Pki_ports/AdapterControlPort_Pki.partC"
//#include "V2G_ports/AdapterControlPort_V2G.partC"
#else //_NO_SOFTLINKS_
......@@ -20,7 +20,7 @@
#include "AdapterControlPort_MapemSpatem.partC"
#include "AdapterControlPort_SremSsem.partC"
#include "AdapterControlPort_GN.partC"
//#include "AdapterControlPort_Pki.partC"
#include "AdapterControlPort_Pki.partC"
/*
#include "AdapterControlPort_IVIM.partC"
#include "AdapterControlPort_MapemSpatem.partC"
......
......@@ -9,7 +9,7 @@
#include "CAM_ports/AdapterControlPort_CAM.partH"
#include "DENM_ports/AdapterControlPort_DENM.partH"
#include "GN_ports/AdapterControlPort_GN.partH"
//#include "Pki_ports/AdapterControlPort_Pki.partH"
#include "Pki_ports/AdapterControlPort_Pki.partH"
#include "IVIM_ports/AdapterControlPort_IVIM.partH"
#include "MapemSpatem_ports/AdapterControlPort_MapemSpatem.partH"
#include "SremSsem_ports/AdapterControlPort_SremSsem.partH"
......@@ -23,7 +23,7 @@
#include "AdapterControlPort_MapemSpatem.partH"
#include "AdapterControlPort_SremSsem.partH"
#include "AdapterControlPort_GN.partH"
//#include "AdapterControlPort_Pki.partH"
#include "AdapterControlPort_Pki.partH"
/*
#include "AdapterControlPort_IVIM.partH"
#include "AdapterControlPort_MapemSpatem.partH"
......
......@@ -69,41 +69,26 @@ namespace LibItsPki__TestSystem {
}
void AdapterControlPort::outgoing_send(const LibItsPki__TypesAndValues::AcGnPrimitive& send_par)
void AdapterControlPort::outgoing_send(const LibItsPki__TypesAndValues::AcPkiPrimitive& send_par)
{
loggers::get_instance().log_msg(">>> AdapterControlPort::outgoing_send: ", send_par);
}
void AdapterControlPort::outgoing_send(const LibItsCommon__TypesAndValues::AcSecPrimitive& send_par)
{
loggers::get_instance().log_msg(">>> AdapterControlPort::outgoing_send: ", send_par);
// Register this object for AdapterControlPort
http_layer* p = registration<http_layer>::get_instance().get_item(std::string("HTTP"));
pki_layer* p = registration<pki_layer>::get_instance().get_item(std::string("PKI"));
if (p != NULL) {
loggers::get_instance().log("AdapterControlPort::outgoing_send: Got HTTP layer %p", p);
LibItsCommon__TypesAndValues::AdapterControlResults response;
response.acSecResponse() = BOOLEAN(true);
if (send_par.ischosen(LibItsCommon__TypesAndValues::AcSecPrimitive::ALT_acEnableSecurity)) {
loggers::get_instance().log("AdapterControlPort::outgoing_send: Enable secured mode");
std::string str(static_cast<const char*>(send_par.acEnableSecurity().certificateId()));
if (p->enable_secured_mode(str, send_par.acEnableSecurity().enforceSecurity()) == -1) {
response.acSecResponse() = BOOLEAN(false);
}
} else if (send_par.ischosen(LibItsCommon__TypesAndValues::AcSecPrimitive::ALT_acDisableSecurity)) {
loggers::get_instance().log("AdapterControlPort::outgoing_send: Disable secured mode");
if (p->disable_secured_mode() == -1) {
response.acSecResponse() = BOOLEAN(false);
}
} else {
response.acSecResponse() = BOOLEAN(false);
loggers::get_instance().log("AdapterControlPort::outgoing_send: Got PKI layer %p", p);
LibItsPki__TypesAndValues::AcPkiResponse response;
response.result() = LibItsPki__TypesAndValues::AcPkiResponse(BOOLEAN(false));
if (send_par.ischosen(LibItsPki__TypesAndValues::AcPkiPrimitive::ALT_acSetSecurityData)) {
loggers::get_instance().log("AdapterControlPort::outgoing_send: AcSetSecurityData");
p->set_pki_keys(send_par.acSetSecurityData());
response.result() = LibItsPki__TypesAndValues::AcPkiResponse(BOOLEAN(true));
}
// Send response
loggers::get_instance().log_msg("AdapterControlPort::outgoing_send: Send response: ", response);
incoming_message(response);
} else {
loggers::get_instance().error("AdapterControlPort::outgoing_send: %s not registered", "geoNetworkingPort");
loggers::get_instance().error("AdapterControlPort::outgoing_send: %s not registered", "pkiPort");
}
}
......
......@@ -29,10 +29,8 @@ protected:
void user_start();
void user_stop();
void outgoing_send(const LibItsPki__TypesAndValues::AcGnPrimitive& send_par);
void outgoing_send(const LibItsPki__TypesAndValues::AcPkiPrimitive& send_par);
void outgoing_send(const LibItsCommon__TypesAndValues::AcSecPrimitive& send_par);
};
} /* end of namespace */
......@@ -16,7 +16,6 @@ namespace LibItsPki__TestSystem {
PkiPort::PkiPort(const char *par_port_name)
: PkiPort_BASE(par_port_name), _cfg_params(), _layer_params(), _layer(nullptr), _time_key("PkiPort::outgoing_send") {
// Nothing to do
}
PkiPort::~PkiPort()
......
......@@ -7,13 +7,14 @@
#include "geonetworking_layer_factory.hh"
#include "registration.hh"
#include "loggers.hh"
#include "security_services.hh"
#include "base_time.hh"
#include "registration.hh"
#include "converter.hh"
using namespace LibItsGeoNetworking__TypesAndValues;
......
......@@ -3,11 +3,16 @@
#include "loggers.hh"
#include "base_time.hh"
#include "registration.hh"
#include "converter.hh"
#include "security_services.hh"
#include "pki_layer.hh"
using namespace std; // Required for isnan()
#include "LibItsPki_TypesAndValues.hh"
#include "LibItsPki_TestSystem.hh"
pki_layer::pki_layer(const std::string & p_type, const std::string & param) : t_layer<LibItsPki__TestSystem::PkiPort>(p_type), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec()
......@@ -29,18 +34,40 @@ pki_layer::pki_layer(const std::string & p_type, const std::string & param) : t_
_params[params::payload_type] = "";
_params[params::signature] = "NISTP-256";
_params[params::encrypted_mode] = "1";
// Register this object for AdapterControlPort
loggers::get_instance().log("pki_layer::pki_layer: Register %s/%p", p_type.c_str(), this);
registration<pki_layer>::get_instance().add_item(p_type, this);
}
void pki_layer::set_pki_keys(const LibItsPki__TypesAndValues::AcSetSecurityData& p_ac_set_security_data) {
_ac_set_security_data.reset(new LibItsPki__TypesAndValues::AcSetSecurityData(p_ac_set_security_data));
}
void pki_layer::sendMsg(const EtsiTs102941TypesEnrolment::InnerEcRequest& p_inner_ec_request, params& p_param) {
loggers::get_instance().log_msg(">>> pki_layer::sendMsg: ", p_inner_ec_request);
OCTETSTRING data;
_etsi_ts102941_types_enrolment_inner_request.encode(p_inner_ec_request, data);
// Add security
OCTETSTRING secured_data;
if (sign_and_encrypt_payload(data, secured_data) == 0) {
send_data(data, _params);
// Sanity checks
if (_ac_set_security_data.get() == nullptr) {
loggers::get_instance().error("pki_layer::sendMsg: Security data missing");
return;
}
OCTETSTRING inner_ec_request;
_etsi_ts102941_types_enrolment_inner_request.encode(p_inner_ec_request, inner_ec_request);
// Build the EtsiTs103097Data-Signed
OCTETSTRING etsi_ts_102941_data;
if (generate_inner_ec_request_signed_for_pop(inner_ec_request, etsi_ts_102941_data) == -1) {
loggers::get_instance().warning("pki_layer::sendMsg: Failed to generate InnerExRequestSignedForPop");
return;
}
// Secured the Pki message
OCTETSTRING signed_and_encrypted_data;
if (sign_and_encrypt_payload(daetsi_ts_102941_datata, signed_and_encrypted_data) == 0) {
loggers::get_instance().warning("pki_layer::sendMsg: Failed to secure Pki message");
return;
}
send_data(signed_and_encrypted_data, _params);
}
void pki_layer::sendMsg(const EtsiTs102941TypesEnrolment::InnerEcResponse& p_inner_ec_response, params& p_param) {
......@@ -76,6 +103,70 @@ void pki_layer::receive_data(OCTETSTRING& data, params& params)
// to_all_upper_ports(pki_message, params);
}
int pki_layer::generate_inner_ec_request_signed_for_pop(const OCTETSTRING& p_inner_ec_request, OCTETSTRING& p_etsi_ts_102941_data) {
loggers::get_instance().log_msg(">>> pki_layer::generate_inner_ec_request_signed_for_pop: ", p_inner_ec_request);
// Set unsecured data
IEEE1609dot2::Ieee1609Dot2Content unsecured_data_content;
unsecured_data_content.unsecuredData() = p_inner_ec_request;
IEEE1609dot2::Ieee1609Dot2Data unsecured_data(ProtocolVersion, unsecured_data_content);
// Set hash algorithm
IEEE1609dot2BaseTypes::HashAlgorithm hashId(IEEE1609dot2BaseTypes::HashAlgorithm::sha256);
if (p_params[params::hash].compare("SHA-384") == 0) {
hashId = IEEE1609dot2BaseTypes::HashAlgorithm::sha384;
}
// Set SignedDataPayload
IEEE1609dot2::SignedDataPayload payload;
payload.data() = unsecured_data;
payload.extDataHash().set_to_omit();
IEEE1609dot2::HeaderInfo header_info;
// Set secured field
header_info.psid() = converter::get_instance().string_to_int(p_params[params::its_aid]);
header_info.expiryTime().set_to_omit();
header_info.generationLocation().set_to_omit();
header_info.p2pcdLearningRequest().set_to_omit();
header_info.missingCrlIdentifier().set_to_omit();
header_info.encryptionKey().set_to_omit();
INTEGER i;
i.set_long_long_val((unsigned int) ms);
header_info.generationTime() = OPTIONAL<INTEGER>(i);
header_info.inlineP2pcdRequest().set_to_omit();
header_info.requestedCertificate().set_to_omit();
IEEE1609dot2::ToBeSignedData tbs_data;
tbs_data.payload() = payload;
tbs_data.headerInfo() = header_info;
loggers::get_instance().log_msg("pki_layer::sign_payload: tbs_data = ", tbs_data);
// Sign the ToBeSignedData data structure
IEEE1609dot2BaseTypes::Signature signature;
if (security_services::get_instance().sign_tbs_data(tbs_data, hashId, signature, p_params) != 0) {
loggers::get_instance().warning("pki_layer::sign_payload: Failed to secure payload");
return -1;
}
IEEE1609dot2::SignerIdentifier signer;
loggers::get_instance().log("pki_layer::sign_payload: ms = %d - _last_generation_time = %d - ms - _last_generation_time = %d", (unsigned int) ms, _last_generation_time, (unsigned int) (ms - _last_generation_time));
signer.self() = nullptr;
IEEE1609dot2::SignedData signed_data(hashId, tbs_data, signer, signature);
loggers::get_instance().log_msg("pki_layer::sign_payload: signed_data = ", signed_data);
IEEE1609dot2::Ieee1609Dot2Content ieee_dot2_content;
ieee_dot2_content.signedData() = signed_data;
IEEE1609dot2::Ieee1609Dot2Data ieee_1609dot2_data(pki_layer::ProtocolVersion, ieee_dot2_content);
loggers::get_instance().log_msg("pki_layer::sign_payload: ieee_1609dot2_data = ", ieee_1609dot2_data);
// Set EtsiTs102941Data layer
EtsiTs102941MessagesItss::EtsiTs102941Data etsi_ts_102941_data;
etsi_ts_102941_data.content().enrolmentRequest = ieee_1609dot2_data;
_codec.encode(ieee_1609dot2_data, p_etsi_ts_102941_data);
if (!p_etsi_ts_102941_data.is_bound()) {
loggers::get_instance().warning("pki_layer::sign_payload: Failed to encode Ieee1609Dot2Data");
return -1;
}
return 0;
}
int pki_layer::sign_and_encrypt_payload(const OCTETSTRING& p_data, OCTETSTRING& p_secured_data) {
loggers::get_instance().log_msg(">>> pki_layer::sign_and_encrypt_payload: ", p_data);
......
......@@ -19,7 +19,11 @@
#include "etsi_ts103097_data_codec.hh"
namespace LibItsPki__TestSystem {
class PkiPort;
class PkiPort; //! Forward declaration of TITAN class
}
namespace LibItsPki__TypesAndValues {
class AcSetSecurityData; //! Forward declaration of TITAN class
}
class OCTETSTRING; //! Forward declaration of TITAN class
......@@ -34,6 +38,8 @@ class pki_layer : public t_layer<LibItsPki__TestSystem::PkiPort> {
etsi_ts102941_types_enrolment_inner_response _etsi_ts102941_types_enrolment_inner_response;
etsi_ts103097_data_codec _codec;
std::unique_ptr<LibItsPki__TypesAndValues::AcSetSecurityData> _ac_set_security_data;
public: //! \publicsection
/*!
* \brief Specialised constructor
......@@ -41,7 +47,7 @@ public: //! \publicsection
* \param[in] p_type \todo
* \param[in] p_param \todo
*/
pki_layer() : t_layer(), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec() { };
pki_layer() : t_layer(), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec(), _ac_set_security_data(nullptr) { };
/*!
* \brief Specialised constructor
* Create a new instance of the pki_layer class
......@@ -88,6 +94,11 @@ public: //! \publicsection
virtual void receive_data(OCTETSTRING& data, params& info);
private:
void set_pki_keys(const LibItsPki__TypesAndValues::AcSetSecurityData& p_ac_set_security_data);
int generate_inner_ec_request_signed_for_pop(const OCTETSTRING& p_inner_ec_request, OCTETSTRING& p_etsi_ts_102941_data);
/*!
* \fn int sign_and_encrypt_payload(const OCTETSTRING& p_data, OCTETSTRING& p_secured_data);
* \brief Sign and encryptpayload
......
Subproject commit d58221e7c8fdd6ad4baf5b396b8c8f8836ea99e6
Subproject commit 15ed56907addc3e8af880b5363e3616a3842f7a6
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment