Rev

Rev 3343 | Details | Compare with Previous | Last modification | View Log | SVN | Bug Tracker

Rev Author Line No. Line
3227 filatov 1
#pragma once
2
 
3
#include <memory>
4
 
5
#include "params.hh"
6
 
7
#include "security_db.hh"
8
 
9
#include "security_ecc.hh"
10
 
3343 garciay 11
class OCTETSTRING; //! TITAN forward declaration
12
class CHARSTRING; //! TITAN forward declaration
3227 filatov 13
 
14
namespace IEEE1609dot2BaseTypes {
3343 garciay 15
  class HashAlgorithm; //! TITAN forward declaration
16
  class Signature; //! TITAN forward declaration
17
}
3227 filatov 18
 
19
namespace IEEE1609dot2 {
3343 garciay 20
  class Ieee1609Dot2Data; //! TITAN forward declaration
21
  class Ieee1609Dot2Content; //! TITAN forward declaration
22
  class ToBeSignedData; //! TITAN forward declaration
23
  class SignedData; //! TITAN forward declaration
24
  class EncryptedData; //! TITAN forward declaration
25
  class SignerIdentifier; //! TITAN forward declaration
3227 filatov 26
}
27
 
28
/*!
29
 * \class security_services
30
 * \brief This class provides security services for all layers as specified in TSI TS 102 723-8 and ETSI TS 103 097
31
 * \remark Singleton pattern
32
 */
33
class security_services {
34
 
35
  static constexpr unsigned int ProtocolVersion = 3;
36
 
37
  /*!
38
   * \brief Unique static object reference of this class
39
   */
40
  static security_services* instance;
41
 
42
  params _params;
43
  bool _setup_done;
44
  std::unique_ptr<security_ecc> _ec_keys_enc;
45
  std::unique_ptr<security_ecc> _ec_keys_dec;
46
  std::unique_ptr<security_cache> _security_cache;
47
  std::unique_ptr<security_db> _security_db;
48
  unsigned long long _last_generation_time;
3343 garciay 49
  OCTETSTRING _unknown_certificate;
3227 filatov 50
  int _latitude;
51
  int _longitude;
52
  int _elevation;
53
 
54
  /*!
55
   * \brief Default private ctor
56
   */
57
  security_services();
58
  /*!
59
   * \brief Default private dtor
60
   */
61
  ~security_services() {
62
    _ec_keys_enc.reset(nullptr);
63
    _security_db.reset(nullptr);
64
    _security_cache.reset(nullptr);
65
    if (instance != NULL) {
66
      delete instance;
67
      instance = NULL;
68
    }
69
  };
70
 
71
public: /*! \publicsection */
72
  /*!
73
   * \brief Public accessor to the single object reference
74
   */
75
  inline static security_services& get_instance() {
76
    if (instance == NULL) instance = new security_services();
77
    return *instance;
78
  };
79
 
80
  /*!
81
   * \fn int verify_and_extract_gn_payload(const OCTETSTRING& p_secured_gn_payload, const bool p_verify, OCTETSTRING& p_unsecured_gn_payload, params& p_params);
82
   * \brief Verify and extract the unsecured payload from the provided secured payload.
83
   *        The secured payload could signed only, encryted only or signed and encrypted
84
   * \param[in] p_secured_gn_payload The secured payload to be processed
85
   * \param[in] p_verify Set to true if security checks shall be applied
86
   * \param[out] p_unsecured_gn_payload The extracted payload
87
   * \param[out] p_ieee_1609dot2_data The secured message
88
   * \param[inout] p_params The Test System parameters
89
   * \return 0 on success, negative value otherwise
90
   */
91
  int verify_and_extract_gn_payload(const OCTETSTRING& p_secured_gn_payload, const bool p_verify, IEEE1609dot2::Ieee1609Dot2Data& p_ieee_1609dot2_data, OCTETSTRING& p_unsecured_gn_payload, params& p_params);
92
  /*!
93
   * \fn int secure_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_secured_gn_payload, params& p_params);
94
   * \brief Apply security to the provided unsecured payload
95
   * \param[in] p_unsecured_gn_payload The unsecured payload to be processed
96
   * \param[in] p_secured_gn_payload The secured payload
97
   * \param[in] p_params The Test System parameters
98
   * \return 0 on success, negative value otherwise
99
   */
100
  int secure_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_secured_gn_payload, params& p_params);
101
 
102
  int setup(params &p_params);
103
 
3347 garciay 104
  int store_certificate(const CHARSTRING& p_cert_id, const OCTETSTRING& p_cert, const OCTETSTRING& p_private_key, const OCTETSTRING& p_public_key_x, const OCTETSTRING& p_public_key_y, const OCTETSTRING& p_public_comp_key, const INTEGER& p_public_comp_key_mode, const OCTETSTRING& p_hash, const OCTETSTRING& p_hashid8, const OCTETSTRING& p_issuer, const OCTETSTRING& p_private_enc_key, const OCTETSTRING& p_public_enc_key_x, const OCTETSTRING& p_public_enc_key_y, const OCTETSTRING& p_public_enc_compressed_key, const INTEGER& p_public_enc_key_compressed_mode);
3227 filatov 105
 
106
  inline void set_position(const int p_latitude, const int p_longitude, const int p_elevation = 0) { _latitude = p_latitude; _longitude = p_longitude; _elevation = p_elevation; };
107
 
108
  int read_certificate(const CHARSTRING& p_certificate_id, OCTETSTRING& p_certificate) const;
109
  int read_certificate_digest(const CHARSTRING& p_certificate_id, OCTETSTRING& p_digest) const;
110
  int read_certificate_hash(const CHARSTRING& p_certificate_id, OCTETSTRING& p_hash) const;
111
  int read_certificate_from_digest(const OCTETSTRING& p_digest, CHARSTRING& p_certificate_id) const;
112
  int read_private_key(const CHARSTRING& p_certificate_id, OCTETSTRING& p_private_key) const;
113
  int read_private_enc_key(const CHARSTRING& p_certificate_id, OCTETSTRING& p_private_enc_key) const;
114
 
115
private:
116
  /*!
117
   * \fn int sign_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_signed_gn_payload, params& p_params);
118
   * \brief Sign the payload according provided parameters
119
   * \param[in] p_unsecured_gn_payload The payload to be signed
120
   * \param[in] p_signed_gn_payload The signed payload
121
   * \param[in] p_params The Test System parameters
122
   * \return 0 on success, negative value otherwise
123
   */
124
  int sign_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_signed_gn_payload, params& p_params);
125
  /*!
126
   * \fn int encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_signed_gn_payload, params& p_params);
127
   * \brief Encrypt the payload according provided parameters
128
   * \param[in] p_unsecured_gn_payload The payload to be encrypted
129
   * \param[in] p_enc_gn_payload The encrypted payload
130
   * \param[in] p_params The Test System parameters
131
   * \return 0 on success, negative value otherwise
132
   */
133
  int encrypt_gn_payload(const OCTETSTRING& p_unsecured_gn_payload, OCTETSTRING& p_enc_gn_payload, params& p_params);
134
  /*!
135
   * \fn int process_ieee_1609_dot2_content(const IEEE1609dot2::Ieee1609Dot2Content& p_ieee_1609_dot2_content, const bool p_verify, OCTETSTRING& p_unsecured_payload, params& p_params);
136
   * \brief Verify and extract the unsecured payload from the IEEE1609dot2::Ieee1609Dot2Content data structure
137
   * \param[in] p_content The secured content to be processed
138
   * \param[in] p_verify Set to true if security checks shall be applied
139
   * \param[in] p_unsecured_payload The extracted payload
140
   * \return 0 on success, negative value otherwise
141
   */
142
  int process_ieee_1609_dot2_content(const IEEE1609dot2::Ieee1609Dot2Content& p_ieee_1609_dot2_content, const bool p_verify, OCTETSTRING& p_unsecured_payload, params& p_params);
143
  int process_ieee_1609_dot2_signed_data(const IEEE1609dot2::SignedData& p_signed_data, const bool p_verify, OCTETSTRING& p_unsecured_payload, params& p_params);
144
  int process_ieee_1609_dot2_encrypted_data(const IEEE1609dot2::EncryptedData& p_encrypted_data, const bool p_verify, OCTETSTRING& p_unsecured_payload, params& p_params);
145
  int sign_tbs_data(const IEEE1609dot2::ToBeSignedData& p_tbs_data, const IEEE1609dot2BaseTypes::HashAlgorithm& p_hashAlgorithm, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);
146
 
147
  int hash_sha256(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);
148
  int hash_sha384(const OCTETSTRING& p_data, OCTETSTRING& p_hash_data);
149
  int sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609dot2BaseTypes::Signature& p_signature, params& p_params);
150
  int verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params);
151
 
152
  int extract_verification_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_key_x, OCTETSTRING& p_public_key_y, OCTETSTRING& p_public_comp_key, INTEGER& p_public_comp_key_mode);
153
  int extract_encryption_keys(const IEEE1609dot2::CertificateBase& p_cert, OCTETSTRING& p_public_enc_key_x, OCTETSTRING& p_public_enc_key_y, OCTETSTRING& p_public_enc_comp_key, INTEGER& p_public_enc_comp_key_mode);
154
  int extract_and_store_certificate(const IEEE1609dot2::CertificateBase& p_certificate, std::string& p_certificate_id);
155
}; // End of class security_services