Commit 98594485 authored by garciay's avatar garciay
Browse files

Security support in the TA

parent 64be0b12
......@@ -48,10 +48,10 @@ public:
static const std::string& device_mode; //! To indicate to the lower layer to act as a standalone device
static const std::string& secured_mode; //! To indicate to the lower layer to apply securty on message exchanges as defined in IEEE 1609.2 & ETSI TS 102 965
static const std::string& enable_security_checks;//! To indicates if security check failures shall be treated as error or warning
static const std::string& sec_db_path;
static const std::string& certificate;
static const std::string& hash;
static const std::string& signature;
static const std::string& sec_db_path; //! Path to the folder containing certificates
static const std::string& certificate; //! The certificate identifier the Test System shall use. E.g. CERT_TS_A
static const std::string& hash; //! The digest algorithm the Test System shall use, authorised values are SHA-256 or SHA-384. Default: SHA-256
static const std::string& signature; //! The signature algorithm the Test System shall use, authorised values are NISTP-256, BP-256 and BP-384. Default: NISTP-256
static const std::string& cypher;
static const std::string& distanceA; //! Test system GeoNetworking DistanceA parameter name
static const std::string& distanceB; //! Test system GeoNetworking DistanceB parameter name
......
......@@ -65,6 +65,7 @@ GeoNetworkingLayer::GeoNetworkingLayer(const std::string & p_type, const std::st
if (it != _params.cend()) {
_enable_security_checks = (1 == converter::get_instance().string_to_int(it->second));
}
// Add broadcast address if needed
it = _params.find(Params::its_aid);
if (it == _params.cend()) {
......@@ -74,30 +75,35 @@ GeoNetworkingLayer::GeoNetworkingLayer(const std::string & p_type, const std::st
if (it == _params.cend()) {
_params.insert(std::pair<std::string, std::string>(std::string("mac_bc"), "FFFFFFFFFFFF"));
}
// Register this object for AdapterControlPort
loggers::get_instance().log("GeoNetworkingLayer::GeoNetworkingLayer: register %s/%p", p_type.c_str(), this);
registration<GeoNetworkingLayer>::get_instance().add_item(p_type, this);
// Set up default security parameters value
it = _params.find(Params::certificate);
if (it == _params.cend()) {
_params.insert(std::pair<std::string, std::string>(std::string("certificate"), "cert_ta"));
}
it = _params.find(Params::sec_db_path);
if (it == _params.cend()) {
_params.insert(std::pair<std::string, std::string>(std::string("sec_db_path"), ""));
}
// TODO it = _params.find(Params::hash);
// if (it == _params.cend()) {
// _params.insert(std::pair<std::string, std::string>(std::string("sec_sign"), "SHA-256"));
// }
it = _params.find(Params::signature);
if (it == _params.cend()) {
_params.insert(std::pair<std::string, std::string>(std::string("signature"), "NISTP-256"));
if (_secured_mode == 1) {
loggers::get_instance().log("GeoNetworkingLayer::GeoNetworkingLayer: Secured mod is activated");
it = _params.find(Params::certificate);
if (it == _params.cend()) {
_params.insert(std::pair<std::string, std::string>(std::string("certificate"), "cert_ta"));
}
it = _params.find(Params::sec_db_path);
if (it == _params.cend()) {
_params.insert(std::pair<std::string, std::string>(std::string("sec_db_path"), ""));
}
it = _params.find(Params::hash);
if (it == _params.cend()) {
_params.insert(std::pair<std::string, std::string>(std::string("hash"), "SHA-256"));
}
it = _params.find(Params::signature);
if (it == _params.cend()) {
_params.insert(std::pair<std::string, std::string>(std::string("signature"), "NISTP-256"));
}
// Set up security services even if secured_mode is set to 0. Later, we can receive an AcEnableSecurity request, the sertificate caching will be ready to go
security_services::get_instance().setup(_params);
}
// Set up security services even if secured_mode is set to 0. Later, we can receive an AcEnableSecurity request, the sertificate caching will be ready to go
security_services::get_instance().setup(_params);
// Automatic beaconing mode
Params::const_iterator i = _params.find(Params::beaconing);
if ((i != _params.cend()) && (i->second.compare("1") == 0)) { // Immediate beaconing was requested
// Prepare beaconing operation
......@@ -146,7 +152,7 @@ void GeoNetworkingLayer::sendData(OCTETSTRING& data, Params& params) {
if (_device_mode) { // Need to build a GN packet
params[Params::certificate] = _params[Params::certificate];
//params[Params::sec_sign] = _params[Params::sec_sign];
params[Params::hash] = _params[Params::hash];
params[Params::signature] = _params[Params::signature];
if (build_geonetworking_pdu(data, params) != 0) {
return;
......
......@@ -391,9 +391,16 @@ int security_services::sign_tbs_data(const IEEE1609dot2::ToBeSignedData& p_tbs_d
loggers::get_instance().log("security_services::sign_tbs_data: encoded Params::certificate = '%s'", p_params[Params::certificate].c_str());
if (p_params[Params::signature].compare("NISTP-256") == 0) {
result = sign_ecdsa_nistp256(hashed_data, p_signature, p_params);
} else {
// TODO Add other signature algorithm
loggers::get_instance().error("security_services::sign_tbs_data: TODO Add other signature algorithm");
} else if (p_params[Params::signature].compare("BP-256") == 0) {
//result = sign_ecdsa_brainpoolp256(hashed_data, p_signature, p_params);
loggers::get_instance().error("security_services::sign_tbs_data: TODO");
result = -1;
} else if (p_params[Params::signature].compare("BP-384") == 0) {
//result = sign_ecdsa_brainpoolp256(hashed_data, p_signature, p_params);
loggers::get_instance().error("security_services::sign_tbs_data: TODO");
result = -1;
} else {
loggers::get_instance().error("security_services::sign_tbs_data: Unsupported signature algorithm");
result = -1;
}
if (result != 0) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment