Initial Release ETSI 103457 Code sample

# Copyright(c) 2020 etsi103457 ATOS

# Distributed under the BSD-3 License 

cmake_minimum_required(VERSION 3.0)

ENABLE_LANGUAGE(C)

#---------------------------------------------------------------------------------------

# Start etsi103457 project

#---------------------------------------------------------------------------------------

include(cmake/utils.cmake)

etsi103457_extract_version()

project(ETSI103457 VERSION ${ETSI103457_VERSION} LANGUAGES CXX)

message(STATUS "Build ETSI103457 version: ${ETSI103457_VERSION}")

include(GNUInstallDirs)

#---------------------------------------------------------------------------------------

# Set default build to release

#---------------------------------------------------------------------------------------

if(NOT CMAKE_BUILD_TYPE)

    set(CMAKE_BUILD_TYPE "Release" CACHE STRING "Choose Release or Debug" FORCE)

endif()

#---------------------------------------------------------------------------------------

# Compiler config - Forcing C++11

#---------------------------------------------------------------------------------------

if (NOT CMAKE_CXX_STANDARD)

    set(CMAKE_CXX_STANDARD 11)

    set(CMAKE_CXX_STANDARD_REQUIRED ON)

endif()

set(CMAKE_CXX_EXTENSIONS  OFF)

set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} -O3 -Wall -Wunused -Werror -Wpedantic -fexceptions -Wextra -Wstrict-aliasing -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wzero-as-null-pointer-constant -Wnon-virtual-dtor")

if(CMAKE_SYSTEM_NAME MATCHES "CYGWIN")

	set(CMAKE_CXX_EXTENSIONS ON)

endif()

# build shared option

if(NOT WIN32)

    option(ETSI103457_BUILD_SHARED "Build shared library" OFF)

endif()

find_package(Boost 1.42 REQUIRED)

if(Boost_FOUND)

   include_directories($Boost_INCLUDE_DIRS)

endif()

# Checking for Boost::uuid

set(BOOST_UUID_HEADER "${Boost_INCLUDE_DIRS}/boost/uuid/uuid.hpp")

if(EXISTS "${BOOST_UUID_HEADER}")

else ()

    message(FATAL_ERROR "Boost uuid.hpp header not found in ${Boost_INCLUDE_DIRS}/boost/uuid")

endif()

# example options

option(ETSI103457_BUILD_EXAMPLE "Build example" ${ETSI103457_MASTER_PROJECT})

# testing options

option(ETSI103457_BUILD_TESTS "Build tests" ${ETSI103457_MASTER_PROJECT})

# install options

#option(ETSI103457_INSTALL "Generate the install target" ${ETSI103457_MASTER_PROJECT})

#find_package(Threads REQUIRED)

message(STATUS "Build type: " ${CMAKE_BUILD_TYPE})

#---------------------------------------------------------------------------------------

# Static/Shared library (shared not supported in windows yet)

#---------------------------------------------------------------------------------------

file(GLOB ETSI103457_SRCS ${PROJECT_SOURCE_DIR}/src/*.cpp)

if (ETSI103457_BUILD_SHARED)

    if(WIN32)

        message(FATAL_ERROR "ETSI103457 shared lib is not yet supported under windows")

    endif()

    add_library(etsi103457 SHARED ${ETSI103457_SRCS} ${ETSI103457_ALL_HEADERS})

else()

    add_library(etsi103457 STATIC ${ETSI103457_SRCS} ${ETSI103457_ALL_HEADERS})

endif()

include_directories( BEFORE "${CMAKE_SOURCE_DIR}/../spdlog-git/include")

include_directories( BEFORE "${CMAKE_SOURCE_DIR}/../botan-git/build/include")

target_compile_definitions(etsi103457 PUBLIC ETSI103457_COMPILED_LIB)

target_include_directories(etsi103457 PUBLIC

        "$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/include>"

        "$<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>")

#---------------------------------------------------------------------------------------

# Build doxygen documentation

#---------------------------------------------------------------------------------------

option(BUILD_DOCUMENTATION "Build Documentation" ON)

find_package(Doxygen)

if( DOXYGEN_FOUND )

	set(HAVE_DOT NO)

	set(DOXYGEN_IN ${CMAKE_CURRENT_SOURCE_DIR}/docs/Doxyfile.in)

	set(DOXYGEN_OUT ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile)

	configure_file(${DOXYGEN_IN} ${DOXYGEN_OUT} @ONLY)

	message("Doxygen build started")

	add_custom_target( doc_doxygen ALL

		COMMAND ${DOXYGEN_EXECUTABLE} ${DOXYGEN_OUT}

		WORKING_DIRECTORY ${CMAKE_CURENT_BINARY_DIR}

		COMMENT "Generating API documentation with Doxygen"

		VERBATIM )

else (DOXYGEN_FOUND)

	message("Doxygen need to be installed to generate the doxygen documentation")

endif (DOXYGEN_FOUND)

#---------------------------------------------------------------------------------------

# Build binaries sample

#---------------------------------------------------------------------------------------

if(ETSI103457_BUILD_EXAMPLE)

    message(STATUS "Generating examples")

    add_subdirectory(example)

endif()

#---------------------------------------------------------------------------------------

# Build and run tests

#---------------------------------------------------------------------------------------

if(ETSI103457_BUILD_TESTS)

    message(STATUS "Generating tests")

    enable_testing()

    add_subdirectory(tests)

endif()

#---------------------------------------------------------------------------------------

# Install

#---------------------------------------------------------------------------------------

if (ETSI103457_INSTALL)

    message(STATUS "Generating install")

    set(project_config_in "${CMAKE_CURRENT_LIST_DIR}/cmake/etsi103457Config.cmake.in")

    set(project_config_out "${CMAKE_CURRENT_BINARY_DIR}/etsi103457Config.cmake")

    set(config_targets_file "etsi103457ConfigTargets.cmake")

    set(version_config_file "${CMAKE_CURRENT_BINARY_DIR}/etsi103457ConfigVersion.cmake")

    set(export_dest_dir "${CMAKE_INSTALL_LIBDIR}/cmake/etsi103457")

    set(pkgconfig_install_dir "${CMAKE_INSTALL_LIBDIR}/pkgconfig")

    set(pkg_config "${CMAKE_BINARY_DIR}/${PROJECT_NAME}.pc")

    #---------------------------------------------------------------------------------------

    # Include files

    #---------------------------------------------------------------------------------------

    install(DIRECTORY include/ DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}")

    install(TARGETS etsi103457 EXPORT etsi103457 DESTINATION "${CMAKE_INSTALL_LIBDIR}")

    #---------------------------------------------------------------------------------------

    # Install pkg-config file

    #---------------------------------------------------------------------------------------

    get_target_property(PKG_CONFIG_DEFINES etsi103457 INTERFACE_COMPILE_DEFINITIONS)

    string(REPLACE ";" " -D" PKG_CONFIG_DEFINES "${PKG_CONFIG_DEFINES}")

    string(CONCAT PKG_CONFIG_DEFINES "-D" "${PKG_CONFIG_DEFINES}")

    configure_file("cmake/${PROJECT_NAME}.pc.in" "${pkg_config}" @ONLY)

    install(FILES "${pkg_config}" DESTINATION "${pkgconfig_install_dir}")

    #---------------------------------------------------------------------------------------

    # Install CMake config files

    #---------------------------------------------------------------------------------------

    install(EXPORT etsi103457

            DESTINATION ${export_dest_dir}

            NAMESPACE TDS::

            FILE ${config_targets_file})

    include(CMakePackageConfigHelpers)

    configure_file("${project_config_in}" "${project_config_out}" @ONLY)

    write_basic_package_version_file("${version_config_file}" COMPATIBILITY SameMajorVersion)

    install(FILES

            "${project_config_out}"

            "${version_config_file}" DESTINATION "${export_dest_dir}")

    #---------------------------------------------------------------------------------------

    # Support creation of installable packages

    #---------------------------------------------------------------------------------------

    include(cmake/etsi103457CPack.cmake)

endif ()

# ETSI TS103457 "Trusted Cross-Domain Interface: Interface to offload sensitive functions to a trusted domain"

Example implementation and demonstrator

This software is made of a library providing connection and session with trust management, message encoding and related functionnal examples done at server side (MTD).

## Dependencies installation

This description is for debian linux distribution.

Build tool packages :

 - g++

 - cmake

For botan library

  - libboost-all-dev

  - lzma-dev

  - liblzma-dev

  - libbz2-dev

  - libssl-dev

  - xv-utils

For documentation :

  - doxygen

  - graphviz

For client GUI :

  - python3

  - python3-pip

  - python3-tk

Libraries from github are required:

  - botan (crypto library): https://github.com/randombit/botan (version 2.17.3)

  - spdlog (logging library): https://github.com/gabime/spdlog

  - google catch2 (unit testing framework): https://github.com/catchorg/Catch2 (version v2.13.4)

### botan build

  - from source project root

  - `./configure.py --with-boost --with-openssl --with-bzip2 --with-lzma --with-zlib`

  - `make`

### spdlog build

  - `mkdir build && cd buid && cmake ..`

  - `make`

The location of the dependency libraries is defined in main CMakeLists.txt

Default locations are ../botan-git, ../spdlog-git and ../Catch2-git

## Project build

The library is C++ coded and uses cmake toolchain for building

The build generates libetsi103457 library, example MTD server, doxygen documentation 

and unit testing binaries.

These build options can be used with cmake:

  - `-DETSI103457_BUILD_TESTS=1`

  to enable unit testing

  - `-DETSI103457_BUILD_EXAMPLE=1`

  to build the server

## Code description

Every function from the TS has a corresponding class derived from a TDS_Commands base class.

The concept elements defined in TS are directly mapped into classes in the library :

 - TD_Message is the TTLV encoded command/response content

 - TD_Object is the generic object handled by the MTD

 - TD_Container is a MTD container

TD_TLLVTools is a static class used for coding/decoding all the types defined in the standard

TD_Connection is in charge of the protocol connection handling over and except the transport layer.

TD_Session_Manager is for the lifecycle management of the objects inside the sessions.

## Demonstrator description

The project goal is to illustrate the interactions and processings for the two domains, MTD, the more trusted domain and LTD, the lesser one. It exhibits a client/server architecture where the client in LTD offload some sensible processings

to an MTD server.

A TLS transport layer is used as recommended in standard. Demo keys and certificates are given in pki directory.

The client is a pure python implementation with a portable Tk GUI.

## Demonstrator Usage

From example directory

 - The client can be run with `python3 etsi103457-gui.py`

 - The server can be run with `./tls_server.sh` wrapper script

## Demonstrator limitations

 - The Demonstrator server is synchronous and will only accept a single client connection at a time

 - DB access has not been implemented in this Demonstrator, therefore (key/value) base type are not supported

 - TD_OpenConnection : 

      - parameters are not used

 - TD_TrustRenewal :

      - Trust is automatically checked every 240 seconds from the client. In order to demonstrate the loss of trust, BAD_CN is passed to the server as CN value when the Trusted Value checkbox is unticked in the client

 - TD_Object : 

      - Allthough Objects are stored as RAW data (bytestrings), Object values should be entered as string for logging purpose

 - TD_GetRandom :

      - SizeInBytes shall be lower than XX due to libbotan implementation

 - Archive and Storage are stored as files by default in /tmp and are prefixed by ARC and STO for demonstration purposes

      - Files content is stored as human readable content. The Storage name is stored as a string when applying, Object_Id are stored as human readable uuid, and values are Base64 encoded

# Get etsi103457 version from include/version.h and put it in ETSI103457_VERSION

function(etsi103457_extract_version)

	file(READ "${CMAKE_CURRENT_LIST_DIR}/include/version.h" file_contents)

	string(REGEX MATCH "ETSI103457_VER_MAJOR ([0-9]+)" _  "${file_contents}")

	if(NOT CMAKE_MATCH_COUNT EQUAL 1)

        message(FATAL_ERROR "Could not extract major version number from version.h")

	endif()

	set(ver_major ${CMAKE_MATCH_1})

	string(REGEX MATCH "ETSI103457_VER_MINOR ([0-9]+)" _  "${file_contents}")

	if(NOT CMAKE_MATCH_COUNT EQUAL 1)

        message(FATAL_ERROR "Could not extract minor version number from version.h")

	endif()

	set(ver_minor ${CMAKE_MATCH_1})

	string(REGEX MATCH "ETSI103457_VER_PATCH ([0-9]+)" _  "${file_contents}")

	if(NOT CMAKE_MATCH_COUNT EQUAL 1)

        message(FATAL_ERROR "Could not extract patch version number from version.h")

	endif()

	set(ver_patch ${CMAKE_MATCH_1})

    set(ETSI103457_VERSION_MAJOR ${ver_major} PARENT_SCOPE)

	set (ETSI103457_VERSION "${ver_major}.${ver_minor}.${ver_patch}" PARENT_SCOPE)

endfunction()

Botan: Crypto and TLS for Modern C++

https://github.com/randombit/botan

spdlog: Fast C++ logging library

https://github.com/gabime/spdlog

Catch2: Multi-paradigm test framework for C++

https://github.com/catchorg/Catch2

PROJECT_NAME = "ETSI103457 Sample Implementation"

OUTPUT_DIRECTORY = @CMAKE_CURRENT_BINARY_DIR@/doxygen/

INPUT		 = @CMAKE_CURRENT_SOURCE_DIR@/src/ @CMAKE_CURRENT_SOURCE_DIR@/include

GENERATE_LATEX = NO

QUIET = YES

 No newline at end of file