diff --git a/javasrc/adapter/org/etsi/its/adapter/SecurityHelper.java b/javasrc/adapter/org/etsi/its/adapter/SecurityHelper.java index a365829f8df0d153813e8a65ff95c0e377a00489..aef31389828b5c67bd32f6da9db193ef8eb90cd7 100644 --- a/javasrc/adapter/org/etsi/its/adapter/SecurityHelper.java +++ b/javasrc/adapter/org/etsi/its/adapter/SecurityHelper.java @@ -109,9 +109,9 @@ public class SecurityHelper { // Check version if (decvalue.read() != 2) { - TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong version number"); if (p_enforceSecurityCheck) { // Drop it + TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong version number"); return null; } } @@ -122,24 +122,28 @@ public class SecurityHelper { decvalue.read(headerFields, 0, (int) headerFieldsLength); ByteArrayOutputStream certificateKeys = new ByteArrayOutputStream(); if (!checkHeaderfields(headerFields, certificateKeys, p_enforceSecurityCheck, p_itsAidOther, lowerInfo)) { - TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Headerfields"); if (p_enforceSecurityCheck) { // Drop it + TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Headerfields"); return null; } } byte[] aaSigningPublicKeyX = null, aaSigningPublicKeyY = null; - byte[] keys = certificateKeys.toByteArray(); - if ((keys[0] == 0x02) || (keys[0] == 0x03)) { // Key length = 32 bytes - aaSigningPublicKeyX = ByteHelper.extract(keys, 1, 32); - TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX)); - } else { // Key length = 64 bytes - aaSigningPublicKeyX = ByteHelper.extract(keys, 1, 32); - TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX)); - aaSigningPublicKeyY = ByteHelper.extract(keys, 33, 32); - TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX)); + if (p_enforceSecurityCheck) { + byte[] keys = certificateKeys.toByteArray(); + if ((keys[0] == 0x02) || (keys[0] == 0x03)) { // Key length = 32 bytes + aaSigningPublicKeyX = ByteHelper.extract(keys, 1, 32); + TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX)); + } else { // Key length = 64 bytes + aaSigningPublicKeyX = ByteHelper.extract(keys, 1, 32); + TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX)); + aaSigningPublicKeyY = ByteHelper.extract(keys, 33, 32); + TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX)); + } } // FIXME Add encryption support +// if (p_enforceSecurityCheck) { +// } TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: headerFields:" + ByteHelper.byteArrayToString(headerFields)); // Extract payload, decvalue is updated with the payload if (decvalue.read() != 1) { @@ -259,11 +263,11 @@ public class SecurityHelper { byte[] hashedid8 = ByteHelper.extract(p_headerfields, signerInfoTypeIndex, Long.SIZE / Byte.SIZE); signerInfoTypeIndex += (Long.SIZE / Byte.SIZE); Long lKey = ByteHelper.byteArrayToLong(hashedid8); - TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certificate digest with SHA256=" + lKey + "/ " + ByteHelper.byteArrayToString(hashedid8)); + TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certificate digest with SHA256=" + lKey + " / " + ByteHelper.byteArrayToString(hashedid8)); if (!_neighborsCertificates.containsKey(lKey) || (_neighborsCertificates.get(lKey) == null)) { //FIXME as long as the cert chain is not complete, it should not be seen as error -> raise CR - TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Unknown HahedId8"); if (p_enforceSecurityCheck) { // Drop it + TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Unknown HahedId8"); return false; } } @@ -271,9 +275,10 @@ public class SecurityHelper { p_keys.write(_neighborsCertificates.get(lKey).toByteArray()); } catch (Exception e) { // Drop it - e.printStackTrace(); + //e.printStackTrace(); if (p_enforceSecurityCheck) { // Drop it + TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: key " + lKey + "_neighbors certificates table"); return false; } } @@ -316,9 +321,9 @@ public class SecurityHelper { long generationTime = ByteHelper.byteArrayToLong(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, Long.SIZE / Byte.SIZE)); TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: generationTime=" + generationTime); if (Math.abs(System.currentTimeMillis() - generationTime) < 1000) { - TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - GenerationTime out of range"); if (p_enforceSecurityCheck) { // Drop it + TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - GenerationTime out of range"); return false; } } @@ -351,9 +356,9 @@ public class SecurityHelper { // TODO Add MAPEM/SPATEM, IVIM & SREM/SSEM (p_headerfields[signerInfoTypeIndex] != p_itsAidOther) ) { - TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Unknown ItsAid value"); if (p_enforceSecurityCheck) { // Drop it + TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Unknown ItsAid value"); return false; } } diff --git a/javasrc/adapter/org/etsi/its/adapter/layers/GnLayer.java b/javasrc/adapter/org/etsi/its/adapter/layers/GnLayer.java index 9b7d2b62aeb3f92a4d7e60e18ecd8f6abce6505d..7d909755f3f5bd869bd6f0e492fe9653643c3dfe 100644 --- a/javasrc/adapter/org/etsi/its/adapter/layers/GnLayer.java +++ b/javasrc/adapter/org/etsi/its/adapter/layers/GnLayer.java @@ -237,7 +237,7 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { */ @Override public boolean send(byte[] message, Map params) { -// TERFactory.getInstance().logDebug(">>> GnLayer.send: " + ByteHelper.byteArrayToString(message)); + //TERFactory.getInstance().logDebug(">>> GnLayer.send: " + ByteHelper.byteArrayToString(message)); byte [] extHdr = null; int ht; @@ -299,7 +299,7 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { toBeSent = createSecuredMessage(basicHdr, commonHdr, extHdr, message); } -// TERFactory.getInstance().logDebug("<<< GnLayer.send: " + ByteHelper.byteArrayToString(toBeSent)); + //TERFactory.getInstance().logDebug("<<< GnLayer.send: " + ByteHelper.byteArrayToString(toBeSent)); return super.send(toBeSent, params); } @@ -308,7 +308,7 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { */ @Override public void receive(byte[] message, Map lowerInfo) { -// TERFactory.getInstance().logDebug(">>> GnLayer.receive: " + ByteHelper.byteArrayToString(message)); + //TERFactory.getInstance().logDebug(">>> GnLayer.receive: " + ByteHelper.byteArrayToString(message)); byte[] basicHdr = new byte[4]; System.arraycopy(message, 0, basicHdr, 0, 4); @@ -350,7 +350,7 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { params.put(GN_DEPV, depv); params.put(GN_TYPE, HT_LS); params.put(GN_SUBTYPE, HST_LSREPLY); -// TERFactory.getInstance().logDebug("GnLayer.receive: Send LS_REPLAY in unsecured mode"); + //TERFactory.getInstance().logDebug("GnLayer.receive: Send LS_REPLAY in unsecured mode"); send(null, params); } } @@ -377,10 +377,10 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { } else if (nextHeader == 0x02) { // Secured tag byte[] payload = SecurityHelper.getInstance().checkSecuredProfileAndExtractPayload(message, basicHdr.length, management.isEnforceSecuredModeSet(), management.getItsAidOther(), lowerInfo); if (payload != null) { -// TERFactory.getInstance().logDebug("GnLayer.receive: payload=" + ByteHelper.byteArrayToString(payload)); + //TERFactory.getInstance().logDebug("GnLayer.receive: payload=" + ByteHelper.byteArrayToString(payload)); byte[] commonHdr = new byte[8]; System.arraycopy(payload, 0, commonHdr, 0, 8); -// TERFactory.getInstance().logDebug("GnLayer.receive: commonHdr=" + ByteHelper.byteArrayToString(commonHdr)); + //TERFactory.getInstance().logDebug("GnLayer.receive: commonHdr=" + ByteHelper.byteArrayToString(commonHdr)); nextHeader = (byte)((commonHdr[0] & (byte)0xF0) >> 4); int trafficClass = (int)(commonHdr[2]); @@ -392,7 +392,7 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { byte[] pl = new byte[2]; System.arraycopy(commonHdr, 4, pl , 0, 2); int payloadLength = ByteHelper.byteArrayToInt(pl); -// System.out.println("GnLayer.receive: Message payload length=" + payloadLength); + System.out.println("GnLayer.receive: Message payload length=" + payloadLength); if(headerType == HT_LS) { // Process LS messages @@ -411,7 +411,7 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { params.put(GN_DEPV, depv); params.put(GN_TYPE, HT_LS); params.put(GN_SUBTYPE, HST_LSREPLY); - TERFactory.getInstance().logDebug("GnLayer.receive: Send LS_REPLAY in secured mode"); + //TERFactory.getInstance().logDebug("GnLayer.receive: Send LS_REPLAY in secured mode"); send(null, params); } } else { @@ -422,7 +422,7 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { if(payloadLength > 0) { byte[] mpayload = new byte[payloadLength]; System.arraycopy(payload, commonHdr.length + 44/*Topology-Scoped Broadcast*/, mpayload, 0, payloadLength); -// System.out.println("GnLayer.receive: Message =" + ByteHelper.byteArrayToString(mpayload)); + //TERFactory.getInstance().logDebug("GnLayer.receive: Message =" + ByteHelper.byteArrayToString(mpayload)); lowerInfo.put(GN_NEXTHEADER, nextHeader); lowerInfo.put(GN_TYPE, headerType); lowerInfo.put(GN_SUBTYPE, headerSubType); @@ -433,9 +433,8 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { } } else { // Drop it - // //FIXME as long as the cert chain is not complete, it should not be seen as error -> raise CR -// TERFactory.getInstance().logError("GnLayer.receive: Invalid basic header type"); - TERFactory.getInstance().logDebug("GnLayer.receive: Invalid basic header type"); + // FIXME as long as the cert chain is not complete, it should not be seen as error -> raise CR + //TERFactory.getInstance().logError("GnLayer.receive: Invalid basic header type"); return; } } @@ -639,7 +638,7 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { } private byte[] createSecuredMessage(final byte[] basicHdr, final byte[] commonHdr, final byte[] extHdr, final byte[] message) { -// TERFactory.getInstance().logDebug(">>> GnLayer.createSecuredMessage"); + //TERFactory.getInstance().logDebug(">>> GnLayer.createSecuredMessage"); // SecuredMessage payload length int payloadLength = commonHdr.length + extHdr.length + message.length; @@ -647,7 +646,7 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { // Build the generation time value long curtime = System.currentTimeMillis(); byte[] generationTime = ByteHelper.longToByteArray((long)(curtime - 1072915200000L) * 1000L, Long.SIZE / Byte.SIZE); // In microseconds -// TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: generationTime=" + ByteHelper.byteArrayToString(generationTime)); + //TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: generationTime=" + ByteHelper.byteArrayToString(generationTime)); // Build the payload to be signed byte[] headersField = ByteHelper.concat( ByteHelper.concat( // SecuredMessage HeaderFields @@ -732,16 +731,16 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { new byte[] { (byte)0x01 }, // Signature new byte[] { (byte)0x43 } // Signature length ); -// TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: toBeSignedData=" + ByteHelper.byteArrayToString(toBeSignedData)); + //TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: toBeSignedData=" + ByteHelper.byteArrayToString(toBeSignedData)); byte[] toBeSent = null; try { // Calculate the hash byte[] hash = CryptoLib.hashWithSha256(toBeSignedData); -// TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: hash=" + ByteHelper.byteArrayToString(hash)); + //TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: hash=" + ByteHelper.byteArrayToString(hash)); // Signed the hash byte[] signatureBytes = CryptoLib.signWithEcdsaNistp256WithSha256(hash, management.getSigningPrivateKey()); -// TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: signatureBytes=" + ByteHelper.byteArrayToString(signatureBytes)); + //TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: signatureBytes=" + ByteHelper.byteArrayToString(signatureBytes)); // Add signature toBeSent = ByteHelper.concat( basicHdr, @@ -753,7 +752,7 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { e.printStackTrace(); } -// TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: toBeSent=" + ByteHelper.byteArrayToString(toBeSent)); + //TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: toBeSent=" + ByteHelper.byteArrayToString(toBeSent)); return toBeSent; } diff --git a/javasrc/adapter/org/etsi/its/adapter/ports/CamPort.java b/javasrc/adapter/org/etsi/its/adapter/ports/CamPort.java index 8e62cdf07894b912447fdb172437b7701ab3aa26..c0d1a8d2d891f0299101d80397c40193c9af426a 100644 --- a/javasrc/adapter/org/etsi/its/adapter/ports/CamPort.java +++ b/javasrc/adapter/org/etsi/its/adapter/ports/CamPort.java @@ -38,10 +38,10 @@ public class CamPort extends ProtocolPort { */ @Override public void receive(byte[] message, Map lowerInfo) { -// TERFactory.getInstance().logDebug(">>> denmPort.receive: " + ByteHelper.byteArrayToString(message)); +// TERFactory.getInstance().logDebug(">>> CamPort.receive: " + ByteHelper.byteArrayToString(message)); - if (message[1] != 0x02) { // Check that received packet has CAM message id - TERFactory.getInstance().logDebug("camPort.receive: drop packet " + ByteHelper.byteArrayToString(message)); + if (message[1] != 0x02) { // Check that received packet has CAM message id - See ETSI TS 102 894 + TERFactory.getInstance().logDebug("CamPort.receive: drop packet " + ByteHelper.byteArrayToString(message)); return; // Drop it } diff --git a/javasrc/adapter/org/etsi/its/adapter/ports/DenmPort.java b/javasrc/adapter/org/etsi/its/adapter/ports/DenmPort.java index 3093bd72e29bcb81f59d0d03470c36624d4f2a76..22aea3646fea4d6d05cacd4a68fede1cadda1a5d 100644 --- a/javasrc/adapter/org/etsi/its/adapter/ports/DenmPort.java +++ b/javasrc/adapter/org/etsi/its/adapter/ports/DenmPort.java @@ -38,10 +38,10 @@ public class DenmPort extends ProtocolPort { */ @Override public void receive(byte[] message, Map lowerInfo) { -// TERFactory.getInstance().logDebug(">>> denmPort.receive: " + ByteHelper.byteArrayToString(message)); +// TERFactory.getInstance().logDebug(">>> DenmPort.receive: " + ByteHelper.byteArrayToString(message)); - if (message[1] != 0x01) { // Check that received packet has DENM message id - TERFactory.getInstance().logDebug("denmPort.receive: drop packet " + ByteHelper.byteArrayToString(message)); + if (message[1] != 0x01) { // Check that received packet has DENM message id - See ETSI TS 102 894 + TERFactory.getInstance().logDebug("DenmPort.receive: drop packet " + ByteHelper.byteArrayToString(message)); return; // Drop it } diff --git a/javasrc/adapter/org/etsi/its/adapter/ports/IvimPort.java b/javasrc/adapter/org/etsi/its/adapter/ports/IvimPort.java index 68f1997e63b3c183e7aab49ef161e5b4fc02f8d4..0f5ed9f2462813600653956eeb6512c1f2b2cced 100644 --- a/javasrc/adapter/org/etsi/its/adapter/ports/IvimPort.java +++ b/javasrc/adapter/org/etsi/its/adapter/ports/IvimPort.java @@ -38,10 +38,10 @@ public class IvimPort extends ProtocolPort { */ @Override public void receive(byte[] message, Map lowerInfo) { -// TERFactory.getInstance().logDebug(">>> denmPort.receive: " + ByteHelper.byteArrayToString(message)); +// TERFactory.getInstance().logDebug(">>> IvimPort.receive: " + ByteHelper.byteArrayToString(message)); - if (message[1] != 0x02) { // Check that received packet has CAM message id - TERFactory.getInstance().logDebug("ivimPort.receive: drop packet " + ByteHelper.byteArrayToString(message)); + if (message[1] != 0x06) { // Check that received packet has IVIM message id - See ETSI TS 102 894 + TERFactory.getInstance().logDebug("IvimPort.receive: drop packet " + ByteHelper.byteArrayToString(message)); return; // Drop it } diff --git a/javasrc/adapter/org/etsi/its/adapter/ports/MapemSpatemPort.java b/javasrc/adapter/org/etsi/its/adapter/ports/MapemSpatemPort.java index 68b5f1ae792df4376b368abef4bf123ec9d94f35..d2babf9161a2f1a7477e6b513307d2ca485ca048 100644 --- a/javasrc/adapter/org/etsi/its/adapter/ports/MapemSpatemPort.java +++ b/javasrc/adapter/org/etsi/its/adapter/ports/MapemSpatemPort.java @@ -3,6 +3,7 @@ package org.etsi.its.adapter.ports; import java.util.HashMap; import java.util.Map; +import org.etsi.adapter.TERFactory; import org.etsi.common.ByteHelper; import org.etsi.its.adapter.SecurityHelper; import org.etsi.its.adapter.layers.BtpLayer; @@ -26,8 +27,14 @@ public class MapemSpatemPort extends ProtocolPort { */ @Override public void receive(byte[] message, Map lowerInfo) { +// TERFactory.getInstance().logDebug(">>> MapemSpatemPort.receive: " + ByteHelper.byteArrayToString(message)); - // Encode with CAM indication header + if ((message[1] != 0x04) && (message[1] != 0x05)) { // Check that received packet has MAPEM/SPATEM message id - See ETSI TS 102 894 + TERFactory.getInstance().logDebug("MapemSpatemPort.receive: drop packet " + ByteHelper.byteArrayToString(message)); + return; // Drop it + } + + // Encode with MAPEM/SPATEM indication header byte[] msgInd = ByteHelper.concat( message, new byte[] { (Byte) lowerInfo.get(GnLayer.GN_NEXTHEADER) }, diff --git a/javasrc/adapter/org/etsi/its/adapter/ports/SremSsemPort.java b/javasrc/adapter/org/etsi/its/adapter/ports/SremSsemPort.java index 8db602edb34d8177eda9526aab97d239cf1eb2d4..eb4d11fd48f398dde5a7fc1e93081b024e7affbc 100644 --- a/javasrc/adapter/org/etsi/its/adapter/ports/SremSsemPort.java +++ b/javasrc/adapter/org/etsi/its/adapter/ports/SremSsemPort.java @@ -3,6 +3,7 @@ package org.etsi.its.adapter.ports; import java.util.HashMap; import java.util.Map; +import org.etsi.adapter.TERFactory; import org.etsi.common.ByteHelper; import org.etsi.its.adapter.SecurityHelper; import org.etsi.its.adapter.layers.BtpLayer; @@ -26,8 +27,14 @@ public class SremSsemPort extends ProtocolPort { */ @Override public void receive(byte[] message, Map lowerInfo) { +// TERFactory.getInstance().logDebug(">>> SremSsemPort.receive: " + ByteHelper.byteArrayToString(message)); - // Encode with CAM indication header + if ((message[1] != 0x09) && (message[1] != 0x0A)) { // Check that received packet has SREM/SSEM message id - See ETSI TS 102 894 + TERFactory.getInstance().logDebug("SremSsemPort.receive: drop packet " + ByteHelper.byteArrayToString(message)); + return; // Drop it + } + + // Encode with SREM/SSEM indication header byte[] msgInd = ByteHelper.concat( message, new byte[] { (Byte) lowerInfo.get(GnLayer.GN_NEXTHEADER) },