Commit 98594485 authored by garciay's avatar garciay
Browse files

Security support in the TA

parent 64be0b12

ccsrc/Framework/Params.hh

+4 −4
Original line number Diff line number Diff line
@@ -48,10 +48,10 @@ public: 
  static const std::string& device_mode;           //! To indicate to the lower layer to act as a standalone device

  static const std::string& secured_mode;          //! To indicate to the lower layer to apply securty on message exchanges as defined in IEEE 1609.2 & ETSI TS 102 965

  static const std::string& enable_security_checks;//! To indicates if security check failures shall be treated as error or warning

  static const std::string& sec_db_path;

  static const std::string& certificate;

  static const std::string& hash;

  static const std::string& signature;

  static const std::string& sec_db_path;           //! Path to the folder containing certificates

  static const std::string& certificate;           //! The certificate identifier the Test System shall use. E.g. CERT_TS_A

  static const std::string& hash;                  //! The digest algorithm the Test System shall use, authorised values are SHA-256 or SHA-384. Default: SHA-256

  static const std::string& signature;             //! The signature algorithm the Test System shall use, authorised values are NISTP-256, BP-256 and BP-384. Default: NISTP-256

  static const std::string& cypher;

  static const std::string& distanceA;             //! Test system GeoNetworking DistanceA parameter name

  static const std::string& distanceB;             //! Test system GeoNetworking DistanceB parameter name

ccsrc/Protocols/GeoNetworking/GeoNetworkingLayer.cc

+25 −19
Original line number Diff line number Diff line
@@ -65,6 +65,7 @@ GeoNetworkingLayer::GeoNetworkingLayer(const std::string & p_type, const std::st 
  if (it != _params.cend()) {

    _enable_security_checks = (1 == converter::get_instance().string_to_int(it->second));

  }

  

  // Add broadcast address if needed

  it = _params.find(Params::its_aid);

  if (it == _params.cend()) {
@@ -74,11 +75,14 @@ GeoNetworkingLayer::GeoNetworkingLayer(const std::string & p_type, const std::st 
  if (it == _params.cend()) {

    _params.insert(std::pair<std::string, std::string>(std::string("mac_bc"), "FFFFFFFFFFFF"));

  }

  

  // Register this object for AdapterControlPort

  loggers::get_instance().log("GeoNetworkingLayer::GeoNetworkingLayer: register %s/%p", p_type.c_str(), this);

  registration<GeoNetworkingLayer>::get_instance().add_item(p_type, this);



  // Set up default security parameters value

  if (_secured_mode == 1) {

    loggers::get_instance().log("GeoNetworkingLayer::GeoNetworkingLayer: Secured mod is activated");

    it = _params.find(Params::certificate);

    if (it == _params.cend()) {

      _params.insert(std::pair<std::string, std::string>(std::string("certificate"), "cert_ta"));
@@ -87,17 +91,19 @@ GeoNetworkingLayer::GeoNetworkingLayer(const std::string & p_type, const std::st 
    if (it == _params.cend()) {

      _params.insert(std::pair<std::string, std::string>(std::string("sec_db_path"), ""));

    }

  // TODO it = _params.find(Params::hash);

  // if (it == _params.cend()) {

  //   _params.insert(std::pair<std::string, std::string>(std::string("sec_sign"), "SHA-256"));

  // }

    it = _params.find(Params::hash);

    if (it == _params.cend()) {

      _params.insert(std::pair<std::string, std::string>(std::string("hash"), "SHA-256"));

    }

    it = _params.find(Params::signature);

    if (it == _params.cend()) {

      _params.insert(std::pair<std::string, std::string>(std::string("signature"), "NISTP-256"));

    }

    // Set up security services even if secured_mode is set to 0. Later, we can receive an AcEnableSecurity request, the sertificate caching will be ready to go

    security_services::get_instance().setup(_params);

  }



  // Automatic beaconing mode

  Params::const_iterator i = _params.find(Params::beaconing);

  if ((i != _params.cend()) && (i->second.compare("1") == 0)) { // Immediate beaconing was requested

    // Prepare beaconing operation
@@ -146,7 +152,7 @@ void GeoNetworkingLayer::sendData(OCTETSTRING& data, Params& params) { 


  if (_device_mode) { // Need to build a GN packet

    params[Params::certificate] = _params[Params::certificate];

    //params[Params::sec_sign] = _params[Params::sec_sign];

    params[Params::hash] = _params[Params::hash];

    params[Params::signature] = _params[Params::signature];

    if (build_geonetworking_pdu(data, params) != 0) {

      return;

ccsrc/Protocols/Security/security_services.cc

+10 −3
Original line number Diff line number Diff line
@@ -391,9 +391,16 @@ int security_services::sign_tbs_data(const IEEE1609dot2::ToBeSignedData& p_tbs_d 
  loggers::get_instance().log("security_services::sign_tbs_data: encoded Params::certificate = '%s'", p_params[Params::certificate].c_str());

  if (p_params[Params::signature].compare("NISTP-256") == 0) {

    result = sign_ecdsa_nistp256(hashed_data, p_signature, p_params);

  } else if (p_params[Params::signature].compare("BP-256") == 0) {

    //result = sign_ecdsa_brainpoolp256(hashed_data, p_signature, p_params);

    loggers::get_instance().error("security_services::sign_tbs_data: TODO");

    result = -1;

  } else if (p_params[Params::signature].compare("BP-384") == 0) {

    //result = sign_ecdsa_brainpoolp256(hashed_data, p_signature, p_params);

    loggers::get_instance().error("security_services::sign_tbs_data: TODO");

    result = -1;

  } else  {

    // TODO Add other signature algorithm

    loggers::get_instance().error("security_services::sign_tbs_data: TODO Add other signature algorithm");

    loggers::get_instance().error("security_services::sign_tbs_data: Unsupported signature algorithm");

    result = -1;

  }

  if (result != 0) {