Loading ccsrc/Externals/LibItsSecurity_externals.cc +32 −0 Original line number Diff line number Diff line Loading @@ -2062,6 +2062,38 @@ namespace LibItsSecurity__Functions { return TRUE; } BOOLEAN fx__reconstructPublicKeyBrainpoolP256r1( const OCTETSTRING &p__cert__to__be__signed, const OCTETSTRING &p__issuer, const OCTETSTRING &p__reconstruct__public__key__compressed, const INTEGER &p__compressedMode, OCTETSTRING &p__public__key__x, OCTETSTRING &p__public__key__y, OCTETSTRING &p__public__key__compressed, INTEGER &p__public__key__compressed_mode ) { loggers::get_instance().log_msg(">>> fx_reconstructPublicKeyBrainpoolP256r1: p__cert__to__be__signed: ", p__cert__to__be__signed); loggers::get_instance().log_msg(">>> fx_reconstructPublicKeyBrainpoolP256r1: p__issuer: ", p__issuer); loggers::get_instance().log_msg(">>> fx_reconstructPublicKeyBrainpoolP256r1: p__reconstruct__public__key__compressed: ", p__reconstruct__public__key__compressed); loggers::get_instance().log_msg(">>> fx_reconstructPublicKeyBrainpoolP256r1: p__compressedMode: ", p__compressedMode); CHARSTRING certificate_id; if (security_services_its::get_instance().read_certificate_from_digest(p__issuer, certificate_id) == -1) { return FALSE; } OCTETSTRING public_key_x, public_key_y; if (security_services_its::get_instance().read_public_keys(certificate_id, public_key_x, public_key_y) == -1) { return FALSE; } // Create reconstruction key security_ecc ecc(ec_elliptic_curves::brainpool_p_256_r1, p__reconstruct__public__key__compressed, (p__compressedMode == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1); if (ecc.reconstruct_public_keys(p__cert__to__be__signed, public_key_x, public_key_y, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed_mode) == -1) { return FALSE; } return TRUE; } // group geospacial /* * \brief Check that given polygon doesn't have neither self-intersections nor holes. Loading ccsrc/Protocols/Security/security_services_its.cc +4 −3 Original line number Diff line number Diff line Loading @@ -179,9 +179,9 @@ int security_services_its::process_ieee_1609_dot2_signed_data(const Ieee1609Dot2 unsigned long long gt = ((INTEGER &)(*v.get_opt_value())).get_long_long_val(); // Get current time timestamp unsigned long long us = base_time::get_instance().get_its_current_time_us(); // in microsecond loggers::get_instance().warning("security_services_its::process_ieee_1609_dot2_signed_data: generation time check %ld / %ld, delta = %f", gt, us, abs((double)gt - (double)us)); if (abs((double)gt - (double)us) >= 5000000.0) { // TODO Use a params for generation_time_epsilon, 5s differences loggers::get_instance().warning("security_services_its::process_ieee_1609_dot2_signed_data: generation time check %ld / %ld, delta = %f, comp = %x", gt, us, abs((double)gt - (double)us), (abs((double)gt - (double)us) >= 60000000.0)); if (abs((double)gt - (double)us) >= 30000000.0) { // TODO Use a params for generation_time_epsilon, 30s differences loggers::get_instance().warning("security_services_its::process_ieee_1609_dot2_signed_data: Invalid generation time, discard it"); if (p_verify) { return -1; Loading Loading @@ -532,6 +532,7 @@ int security_services_its::sign_payload(const OCTETSTRING &p_unsecured_gn_payloa if (it != p_params.cend()) { force_certificate = true; } loggers::get_instance().log("security_services_its::sign_payload: force_certificate='%d", force_certificate); if (p_params[params_its::its_aid].compare("37") == 0) { // Only used by AtsRSUSimulator to add location header // Mandatory for DENM payload OPTIONAL<Ieee1609Dot2BaseTypes::ThreeDLocation> location(Ieee1609Dot2BaseTypes::ThreeDLocation(_latitude, _longitude, _elevation)); Loading data/certificates/profiles/CERT_TS_F3_AT_IMP.xml 0 → 100644 +35 −0 Original line number Diff line number Diff line <certificate> <version>3</version> <signer type="digest" name="CERT_IUT_A_B_AA"/> <subject type="AT" name=""> <!-- verification_key --> <attribute type="verification_key"> <reconstruction_value> <ecc_point type="compressed"/> </reconstruction_value> </attribute> <!-- encryption_key --> <attribute type="encryption_key"> <public_key sym_alg="0" algorithm="0"> ><ecc_point type="compressed"/> </public_key> </attribute> <!-- assurance_level --> <attribute type="assurance_level"> <assurance level="3"/> </attribute> <!-- its_aid_ssp_list --> <attribute type="its_aid_ssp_list"> <ssp aid="CAM">01 FF FC</ssp> <!-- CAM --> <ssp aid="DENM">01 FF FF FF</ssp> <!-- DENM --> <ssp aid="GN-MGMT"></ssp> <!--ssp aid="GN-MGMT">00</ssp--> <!-- GN-MGMT --> </attribute> </subject> <validity> <restriction type="time" start="+0d" end="+365d"/> <restriction type="region"> <none/> </restriction> </validity> <signature algorithm="brainpool256"/> </certificate> etc/AtsSecurity/AtsSecurity.cfg +5 −2 Original line number Diff line number Diff line Loading @@ -152,10 +152,13 @@ system.camUtPort.params := "UT_CAM/UDP(dst_ip=192.168.1.43,dst_port=12345,src_po # --------------------- IMPILICT CERT --------------------- # Check that IUT supports usage of implicit certificate for signing message #ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BV # Check that IUT accepts a valid secured CAM message signed with a known implicit certificate ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BV # Check that IUT accepts a valid secured CAM message signed with implicit certificate #ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BV # Check that IUT accepts a valid secured CAM message signed with an unknown implicit certificate #ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_02_BV # Check that IUT discards a valid secured CAM message signed with implicit certificate containing signature #ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BO Loading Loading
ccsrc/Externals/LibItsSecurity_externals.cc +32 −0 Original line number Diff line number Diff line Loading @@ -2062,6 +2062,38 @@ namespace LibItsSecurity__Functions { return TRUE; } BOOLEAN fx__reconstructPublicKeyBrainpoolP256r1( const OCTETSTRING &p__cert__to__be__signed, const OCTETSTRING &p__issuer, const OCTETSTRING &p__reconstruct__public__key__compressed, const INTEGER &p__compressedMode, OCTETSTRING &p__public__key__x, OCTETSTRING &p__public__key__y, OCTETSTRING &p__public__key__compressed, INTEGER &p__public__key__compressed_mode ) { loggers::get_instance().log_msg(">>> fx_reconstructPublicKeyBrainpoolP256r1: p__cert__to__be__signed: ", p__cert__to__be__signed); loggers::get_instance().log_msg(">>> fx_reconstructPublicKeyBrainpoolP256r1: p__issuer: ", p__issuer); loggers::get_instance().log_msg(">>> fx_reconstructPublicKeyBrainpoolP256r1: p__reconstruct__public__key__compressed: ", p__reconstruct__public__key__compressed); loggers::get_instance().log_msg(">>> fx_reconstructPublicKeyBrainpoolP256r1: p__compressedMode: ", p__compressedMode); CHARSTRING certificate_id; if (security_services_its::get_instance().read_certificate_from_digest(p__issuer, certificate_id) == -1) { return FALSE; } OCTETSTRING public_key_x, public_key_y; if (security_services_its::get_instance().read_public_keys(certificate_id, public_key_x, public_key_y) == -1) { return FALSE; } // Create reconstruction key security_ecc ecc(ec_elliptic_curves::brainpool_p_256_r1, p__reconstruct__public__key__compressed, (p__compressedMode == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1); if (ecc.reconstruct_public_keys(p__cert__to__be__signed, public_key_x, public_key_y, p__public__key__x, p__public__key__y, p__public__key__compressed, p__public__key__compressed_mode) == -1) { return FALSE; } return TRUE; } // group geospacial /* * \brief Check that given polygon doesn't have neither self-intersections nor holes. Loading
ccsrc/Protocols/Security/security_services_its.cc +4 −3 Original line number Diff line number Diff line Loading @@ -179,9 +179,9 @@ int security_services_its::process_ieee_1609_dot2_signed_data(const Ieee1609Dot2 unsigned long long gt = ((INTEGER &)(*v.get_opt_value())).get_long_long_val(); // Get current time timestamp unsigned long long us = base_time::get_instance().get_its_current_time_us(); // in microsecond loggers::get_instance().warning("security_services_its::process_ieee_1609_dot2_signed_data: generation time check %ld / %ld, delta = %f", gt, us, abs((double)gt - (double)us)); if (abs((double)gt - (double)us) >= 5000000.0) { // TODO Use a params for generation_time_epsilon, 5s differences loggers::get_instance().warning("security_services_its::process_ieee_1609_dot2_signed_data: generation time check %ld / %ld, delta = %f, comp = %x", gt, us, abs((double)gt - (double)us), (abs((double)gt - (double)us) >= 60000000.0)); if (abs((double)gt - (double)us) >= 30000000.0) { // TODO Use a params for generation_time_epsilon, 30s differences loggers::get_instance().warning("security_services_its::process_ieee_1609_dot2_signed_data: Invalid generation time, discard it"); if (p_verify) { return -1; Loading Loading @@ -532,6 +532,7 @@ int security_services_its::sign_payload(const OCTETSTRING &p_unsecured_gn_payloa if (it != p_params.cend()) { force_certificate = true; } loggers::get_instance().log("security_services_its::sign_payload: force_certificate='%d", force_certificate); if (p_params[params_its::its_aid].compare("37") == 0) { // Only used by AtsRSUSimulator to add location header // Mandatory for DENM payload OPTIONAL<Ieee1609Dot2BaseTypes::ThreeDLocation> location(Ieee1609Dot2BaseTypes::ThreeDLocation(_latitude, _longitude, _elevation)); Loading
data/certificates/profiles/CERT_TS_F3_AT_IMP.xml 0 → 100644 +35 −0 Original line number Diff line number Diff line <certificate> <version>3</version> <signer type="digest" name="CERT_IUT_A_B_AA"/> <subject type="AT" name=""> <!-- verification_key --> <attribute type="verification_key"> <reconstruction_value> <ecc_point type="compressed"/> </reconstruction_value> </attribute> <!-- encryption_key --> <attribute type="encryption_key"> <public_key sym_alg="0" algorithm="0"> ><ecc_point type="compressed"/> </public_key> </attribute> <!-- assurance_level --> <attribute type="assurance_level"> <assurance level="3"/> </attribute> <!-- its_aid_ssp_list --> <attribute type="its_aid_ssp_list"> <ssp aid="CAM">01 FF FC</ssp> <!-- CAM --> <ssp aid="DENM">01 FF FF FF</ssp> <!-- DENM --> <ssp aid="GN-MGMT"></ssp> <!--ssp aid="GN-MGMT">00</ssp--> <!-- GN-MGMT --> </attribute> </subject> <validity> <restriction type="time" start="+0d" end="+365d"/> <restriction type="region"> <none/> </restriction> </validity> <signature algorithm="brainpool256"/> </certificate>
etc/AtsSecurity/AtsSecurity.cfg +5 −2 Original line number Diff line number Diff line Loading @@ -152,10 +152,13 @@ system.camUtPort.params := "UT_CAM/UDP(dst_ip=192.168.1.43,dst_port=12345,src_po # --------------------- IMPILICT CERT --------------------- # Check that IUT supports usage of implicit certificate for signing message #ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BV # Check that IUT accepts a valid secured CAM message signed with a known implicit certificate ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BV # Check that IUT accepts a valid secured CAM message signed with implicit certificate #ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BV # Check that IUT accepts a valid secured CAM message signed with an unknown implicit certificate #ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_02_BV # Check that IUT discards a valid secured CAM message signed with implicit certificate containing signature #ItsSecurity_TestCases.TC_SEC_ITSS_SND_IMPLICIT_CERT_01_BO Loading
