Review Pki Layer

ccsrc/Ports/LibIts_ports/AdapterControlPort.cc

@@ -9,7 +9,7 @@
 #include "IVIM_ports/AdapterControlPort_IVIM.partC"
 #include "MapemSpatem_ports/AdapterControlPort_MapemSpatem.partC"
 #include "SremSsem_ports/AdapterControlPort_SremSsem.partC"
-//#include "Pki_ports/AdapterControlPort_Pki.partC"
+#include "Pki_ports/AdapterControlPort_Pki.partC"
 //#include "V2G_ports/AdapterControlPort_V2G.partC"
 
 #else //_NO_SOFTLINKS_
@@ -20,7 +20,7 @@
 #include "AdapterControlPort_MapemSpatem.partC"
 #include "AdapterControlPort_SremSsem.partC"
 #include "AdapterControlPort_GN.partC"
-//#include "AdapterControlPort_Pki.partC"
+#include "AdapterControlPort_Pki.partC"
 /*
 #include "AdapterControlPort_IVIM.partC"
 #include "AdapterControlPort_MapemSpatem.partC"

ccsrc/Ports/LibIts_ports/AdapterControlPort.hh

@@ -9,7 +9,7 @@
 #include "CAM_ports/AdapterControlPort_CAM.partH"
 #include "DENM_ports/AdapterControlPort_DENM.partH"
 #include "GN_ports/AdapterControlPort_GN.partH"
-//#include "Pki_ports/AdapterControlPort_Pki.partH"
+#include "Pki_ports/AdapterControlPort_Pki.partH"
 #include "IVIM_ports/AdapterControlPort_IVIM.partH"
 #include "MapemSpatem_ports/AdapterControlPort_MapemSpatem.partH"
 #include "SremSsem_ports/AdapterControlPort_SremSsem.partH"
@@ -23,7 +23,7 @@
 #include "AdapterControlPort_MapemSpatem.partH"
 #include "AdapterControlPort_SremSsem.partH"
 #include "AdapterControlPort_GN.partH"
-//#include "AdapterControlPort_Pki.partH"
+#include "AdapterControlPort_Pki.partH"
 /*
 #include "AdapterControlPort_IVIM.partH"
 #include "AdapterControlPort_MapemSpatem.partH"

ccsrc/Ports/LibIts_ports/Pki_ports/AdapterControlPort_Pki.partC

@@ -69,41 +69,26 @@ namespace LibItsPki__TestSystem {
 
   }
 
-  void AdapterControlPort::outgoing_send(const LibItsPki__TypesAndValues::AcGnPrimitive& send_par)
+  void AdapterControlPort::outgoing_send(const LibItsPki__TypesAndValues::AcPkiPrimitive& send_par)
   {
     loggers::get_instance().log_msg(">>> AdapterControlPort::outgoing_send: ", send_par);
-
-  }
-
-  void AdapterControlPort::outgoing_send(const LibItsCommon__TypesAndValues::AcSecPrimitive& send_par)
-  {
-    loggers::get_instance().log_msg(">>> AdapterControlPort::outgoing_send: ", send_par);
-
+    
     // Register this object for AdapterControlPort
-    http_layer* p = registration<http_layer>::get_instance().get_item(std::string("HTTP"));
+    pki_layer* p = registration<pki_layer>::get_instance().get_item(std::string("PKI"));
     if (p != NULL) {
-      loggers::get_instance().log("AdapterControlPort::outgoing_send: Got HTTP layer %p", p);
-      LibItsCommon__TypesAndValues::AdapterControlResults response;
-      response.acSecResponse() = BOOLEAN(true);
-      if (send_par.ischosen(LibItsCommon__TypesAndValues::AcSecPrimitive::ALT_acEnableSecurity)) {
-        loggers::get_instance().log("AdapterControlPort::outgoing_send: Enable secured mode");
-        std::string str(static_cast<const char*>(send_par.acEnableSecurity().certificateId()));
-        if (p->enable_secured_mode(str, send_par.acEnableSecurity().enforceSecurity()) == -1) {
-          response.acSecResponse() = BOOLEAN(false);
-        }
-      } else if (send_par.ischosen(LibItsCommon__TypesAndValues::AcSecPrimitive::ALT_acDisableSecurity)) {
-        loggers::get_instance().log("AdapterControlPort::outgoing_send: Disable secured mode");
-        if (p->disable_secured_mode() == -1) {
-          response.acSecResponse() = BOOLEAN(false);
-        }
-      } else {
-        response.acSecResponse() = BOOLEAN(false);
+      loggers::get_instance().log("AdapterControlPort::outgoing_send: Got PKI layer %p", p);
+      LibItsPki__TypesAndValues::AcPkiResponse response;
+      response.result() = LibItsPki__TypesAndValues::AcPkiResponse(BOOLEAN(false));
+      if (send_par.ischosen(LibItsPki__TypesAndValues::AcPkiPrimitive::ALT_acSetSecurityData)) {
+        loggers::get_instance().log("AdapterControlPort::outgoing_send: AcSetSecurityData");
+        p->set_pki_keys(send_par.acSetSecurityData());
+        response.result() = LibItsPki__TypesAndValues::AcPkiResponse(BOOLEAN(true));
       }
       // Send response
       loggers::get_instance().log_msg("AdapterControlPort::outgoing_send: Send response: ", response);
       incoming_message(response);
     } else {
-      loggers::get_instance().error("AdapterControlPort::outgoing_send: %s not registered", "geoNetworkingPort");
+      loggers::get_instance().error("AdapterControlPort::outgoing_send: %s not registered", "pkiPort");
     }
   }
 

ccsrc/Ports/LibIts_ports/Pki_ports/AdapterControlPort_Pki.partH

@@ -29,10 +29,8 @@ protected:
 	void user_start();
 	void user_stop();
 
-	void outgoing_send(const LibItsPki__TypesAndValues::AcGnPrimitive& send_par);
+	void outgoing_send(const LibItsPki__TypesAndValues::AcPkiPrimitive& send_par);
 	
-    void outgoing_send(const LibItsCommon__TypesAndValues::AcSecPrimitive& send_par);
-
 };
 
 } /* end of namespace */

ccsrc/Ports/LibIts_ports/Pki_ports/PkiPort.cc

@@ -16,7 +16,6 @@ namespace LibItsPki__TestSystem {
   PkiPort::PkiPort(const char *par_port_name)
     : PkiPort_BASE(par_port_name), _cfg_params(), _layer_params(), _layer(nullptr), _time_key("PkiPort::outgoing_send") {
     // Nothing to do
-    
   }
 
   PkiPort::~PkiPort()

ccsrc/Protocols/GeoNetworking/geonetworking_layer.cc

@@ -7,13 +7,14 @@
 
 #include "geonetworking_layer_factory.hh"
 
-#include "registration.hh"
 #include "loggers.hh"
 
 #include "security_services.hh"
 
 #include "base_time.hh"
 
+#include "registration.hh"
+
 #include "converter.hh"
 
 using namespace LibItsGeoNetworking__TypesAndValues;

ccsrc/Protocols/Pki/pki_layer.cc

@@ -3,11 +3,16 @@
 
 #include "loggers.hh"
 
+#include "base_time.hh"
+
+#include "registration.hh"
+
 #include "converter.hh"
 
-#include "security_services.hh"
+#include "pki_layer.hh"
 
 using namespace std; // Required for isnan()
+#include "LibItsPki_TypesAndValues.hh"
 #include "LibItsPki_TestSystem.hh"
 
 pki_layer::pki_layer(const std::string & p_type, const std::string & param) : t_layer<LibItsPki__TestSystem::PkiPort>(p_type), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec()
@@ -29,18 +34,40 @@ pki_layer::pki_layer(const std::string & p_type, const std::string & param) : t_
   _params[params::payload_type] = "";
   _params[params::signature] = "NISTP-256";
   _params[params::encrypted_mode] = "1";
+
+  // Register this object for AdapterControlPort
+  loggers::get_instance().log("pki_layer::pki_layer: Register %s/%p", p_type.c_str(), this);
+  registration<pki_layer>::get_instance().add_item(p_type, this);
+}
+
+void pki_layer::set_pki_keys(const LibItsPki__TypesAndValues::AcSetSecurityData& p_ac_set_security_data) {
+  _ac_set_security_data.reset(new LibItsPki__TypesAndValues::AcSetSecurityData(p_ac_set_security_data));
 }
 
 void pki_layer::sendMsg(const EtsiTs102941TypesEnrolment::InnerEcRequest& p_inner_ec_request, params& p_param) {
   loggers::get_instance().log_msg(">>> pki_layer::sendMsg: ", p_inner_ec_request);
 
-  OCTETSTRING data;
-  _etsi_ts102941_types_enrolment_inner_request.encode(p_inner_ec_request, data);
-  // Add security
-  OCTETSTRING secured_data;
-  if (sign_and_encrypt_payload(data, secured_data) == 0) {
-    send_data(data, _params);
+  // Sanity checks
+  if (_ac_set_security_data.get() == nullptr) {
+    loggers::get_instance().error("pki_layer::sendMsg: Security data missing");
+    return;
+  }
+
+  OCTETSTRING inner_ec_request;
+  _etsi_ts102941_types_enrolment_inner_request.encode(p_inner_ec_request, inner_ec_request);
+  // Build the EtsiTs103097Data-Signed
+  OCTETSTRING etsi_ts_102941_data;
+  if (generate_inner_ec_request_signed_for_pop(inner_ec_request, etsi_ts_102941_data) == -1) {
+    loggers::get_instance().warning("pki_layer::sendMsg: Failed to generate InnerExRequestSignedForPop");
+    return;
   }
+  // Secured the Pki message
+  OCTETSTRING signed_and_encrypted_data;
+  if (sign_and_encrypt_payload(daetsi_ts_102941_datata, signed_and_encrypted_data) == 0) {
+    loggers::get_instance().warning("pki_layer::sendMsg: Failed to secure Pki message");
+    return;
+  }
+  send_data(signed_and_encrypted_data, _params);
 }
 
 void pki_layer::sendMsg(const EtsiTs102941TypesEnrolment::InnerEcResponse& p_inner_ec_response, params& p_param) {
@@ -76,6 +103,70 @@ void pki_layer::receive_data(OCTETSTRING& data, params& params)
   // to_all_upper_ports(pki_message, params);
 }
 
+int pki_layer::generate_inner_ec_request_signed_for_pop(const OCTETSTRING& p_inner_ec_request, OCTETSTRING& p_etsi_ts_102941_data) {
+  loggers::get_instance().log_msg(">>> pki_layer::generate_inner_ec_request_signed_for_pop: ", p_inner_ec_request);
+
+  // Set unsecured data
+  IEEE1609dot2::Ieee1609Dot2Content unsecured_data_content;
+  unsecured_data_content.unsecuredData() = p_inner_ec_request;
+  IEEE1609dot2::Ieee1609Dot2Data unsecured_data(ProtocolVersion, unsecured_data_content);
+  // Set hash algorithm
+  IEEE1609dot2BaseTypes::HashAlgorithm hashId(IEEE1609dot2BaseTypes::HashAlgorithm::sha256);
+  if (p_params[params::hash].compare("SHA-384") == 0) {
+    hashId = IEEE1609dot2BaseTypes::HashAlgorithm::sha384;
+  }
+  // Set SignedDataPayload
+  IEEE1609dot2::SignedDataPayload payload;
+  payload.data() = unsecured_data;
+  payload.extDataHash().set_to_omit();
+  IEEE1609dot2::HeaderInfo header_info;
+  // Set secured field
+  header_info.psid() = converter::get_instance().string_to_int(p_params[params::its_aid]);
+  header_info.expiryTime().set_to_omit();
+  header_info.generationLocation().set_to_omit();
+  header_info.p2pcdLearningRequest().set_to_omit();
+  header_info.missingCrlIdentifier().set_to_omit();
+  header_info.encryptionKey().set_to_omit();
+  INTEGER i;
+  i.set_long_long_val((unsigned int) ms);
+  header_info.generationTime() = OPTIONAL<INTEGER>(i);
+  header_info.inlineP2pcdRequest().set_to_omit();
+  header_info.requestedCertificate().set_to_omit();
+
+  IEEE1609dot2::ToBeSignedData tbs_data;
+  tbs_data.payload() = payload;
+  tbs_data.headerInfo() = header_info;
+  loggers::get_instance().log_msg("pki_layer::sign_payload: tbs_data = ", tbs_data);
+  // Sign the ToBeSignedData data structure
+  IEEE1609dot2BaseTypes::Signature signature;
+  if (security_services::get_instance().sign_tbs_data(tbs_data, hashId, signature, p_params) != 0) {
+    loggers::get_instance().warning("pki_layer::sign_payload: Failed to secure payload");
+    return -1;
+  }
+  IEEE1609dot2::SignerIdentifier signer;
+  loggers::get_instance().log("pki_layer::sign_payload: ms = %d - _last_generation_time = %d - ms - _last_generation_time = %d", (unsigned int) ms, _last_generation_time, (unsigned int) (ms - _last_generation_time));
+
+  signer.self() = nullptr;
+  IEEE1609dot2::SignedData signed_data(hashId, tbs_data, signer, signature);
+  loggers::get_instance().log_msg("pki_layer::sign_payload: signed_data = ", signed_data);
+  IEEE1609dot2::Ieee1609Dot2Content ieee_dot2_content;
+  ieee_dot2_content.signedData() = signed_data;
+  IEEE1609dot2::Ieee1609Dot2Data ieee_1609dot2_data(pki_layer::ProtocolVersion, ieee_dot2_content);
+  loggers::get_instance().log_msg("pki_layer::sign_payload: ieee_1609dot2_data = ", ieee_1609dot2_data);
+  // Set EtsiTs102941Data layer
+  EtsiTs102941MessagesItss::EtsiTs102941Data etsi_ts_102941_data;
+  etsi_ts_102941_data.content().enrolmentRequest = ieee_1609dot2_data;
+  _codec.encode(ieee_1609dot2_data, p_etsi_ts_102941_data);
+  if (!p_etsi_ts_102941_data.is_bound()) {
+    loggers::get_instance().warning("pki_layer::sign_payload: Failed to encode Ieee1609Dot2Data");
+    return -1;
+  }
+
+  return 0;
+}
+
+
+
 int pki_layer::sign_and_encrypt_payload(const OCTETSTRING& p_data, OCTETSTRING& p_secured_data) {
   loggers::get_instance().log_msg(">>> pki_layer::sign_and_encrypt_payload: ", p_data);
 

ccsrc/Protocols/Pki/pki_layer.hh

@@ -19,7 +19,11 @@
 #include "etsi_ts103097_data_codec.hh"
 
 namespace LibItsPki__TestSystem {
-  class PkiPort;
+  class PkiPort; //! Forward declaration of TITAN class
+}
+
+namespace LibItsPki__TypesAndValues {
+  class AcSetSecurityData; //! Forward declaration of TITAN class
 }
 
 class OCTETSTRING; //! Forward declaration of TITAN class
@@ -34,6 +38,8 @@ class pki_layer : public t_layer<LibItsPki__TestSystem::PkiPort> {
   etsi_ts102941_types_enrolment_inner_response _etsi_ts102941_types_enrolment_inner_response;
   etsi_ts103097_data_codec _codec;
 
+  std::unique_ptr<LibItsPki__TypesAndValues::AcSetSecurityData> _ac_set_security_data;
+
 public: //! \publicsection
   /*!
    * \brief Specialised constructor
@@ -41,7 +47,7 @@ public: //! \publicsection
    * \param[in] p_type \todo
    * \param[in] p_param \todo
    */
-  pki_layer() : t_layer(), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec() { };
+  pki_layer() : t_layer(), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec(), _ac_set_security_data(nullptr) { };
   /*!
    * \brief Specialised constructor
    *        Create a new instance of the pki_layer class
@@ -88,6 +94,11 @@ public: //! \publicsection
   virtual void receive_data(OCTETSTRING& data, params& info);
 
 private:
+
+  void set_pki_keys(const LibItsPki__TypesAndValues::AcSetSecurityData& p_ac_set_security_data);
+
+  int generate_inner_ec_request_signed_for_pop(const OCTETSTRING& p_inner_ec_request, OCTETSTRING& p_etsi_ts_102941_data);
+
   /*!
    * \fn int sign_and_encrypt_payload(const OCTETSTRING& p_data, OCTETSTRING& p_secured_data);
    * \brief Sign and encryptpayload

LibIts @ 15ed5690

-Subproject commit d58221e7c8fdd6ad4baf5b396b8c8f8836ea99e6
+Subproject commit 15ed56907addc3e8af880b5363e3616a3842f7a6