TiagoRG
/
it2s-itss-facilities
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

TPM SPKI remove sec-verify check, fast fwd2apps on rx

This commit is contained in:
Mohannad 2023-08-01 13:28:12 +01:00
parent 40db7b666a
commit 01406cdbf3
4 changed files with 135 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/facilities.c
View File

@ -501,6 +501,7 @@ int main() {
edm_init(); edm_init();
} }
facilities.apps_socket = itss_0connect(facilities.zmq.applications_address, ZMQ_REQ);
security_socket = itss_0connect(facilities.zmq.security_address, ZMQ_REQ); security_socket = itss_0connect(facilities.zmq.security_address, ZMQ_REQ);
uint8_t buffer[ITSS_SDU_MAX_LEN]; uint8_t buffer[ITSS_SDU_MAX_LEN];

1
src/facilities.h
View File

@ -51,6 +51,7 @@ typedef struct facilities {
// Transmitter // Transmitter
itss_queue_t* tx_queue; itss_queue_t* tx_queue;
void* apps_socket; /* alternative to tx queue, only used in rx/main thread */
// CA // CA
lightship_t lightship; lightship_t lightship;

14
src/requests.c
View File

@ -40,7 +40,15 @@ static void fwd_to_apps(uint8_t* msg, uint16_t msg_len, int its_msg_type, uint32
buffer[0] = 4; // Facilities buffer[0] = 4; // Facilities
asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_FacilitiesIndication, NULL, fi, buffer + 1, ITSS_SDU_MAX_LEN - 1); asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_FacilitiesIndication, NULL, fi, buffer + 1, ITSS_SDU_MAX_LEN - 1);
itss_queue_send(facilities.tx_queue, buffer, enc.encoded + 1, ITSS_APPLICATIONS, iid, "FI.message"); log_debug("-> FI.message ->[applications] | id:%08x size:%dB",
(uint32_t)iid, enc.encoded+1);
uint8_t code;
itss_0send(facilities.apps_socket, buffer, enc.encoded+1);
int rv = itss_0recv_rt(&facilities.apps_socket, &code, 1, buffer, enc.encoded+1, 1000);
if (rv == -1) {
log_error("-> FI.message ->[applications] | id:%08x size:%dB <TIMEOUT>",
(uint32_t)iid, enc.encoded+1);
}
ASN_STRUCT_FREE(asn_DEF_FacilitiesIndication, fi); ASN_STRUCT_FREE(asn_DEF_FacilitiesIndication, fi);
} }
@ -787,10 +795,12 @@ int transport_indication_btp(BTPPacketIndication_t* bpi, void** security_socket)
case 7011: case 7011:
if (facilities.tolling.protocol.p == TOLLING_PROTOCOL_GN_SPKI) { /* do not wait for facilities process if spki */ if (facilities.tolling.protocol.p == TOLLING_PROTOCOL_GN_SPKI) { /* do not wait for facilities process if spki */
fwd_to_apps(bpi->data.buf, bpi->data.size, bpi->destinationPort, bpi->id); fwd_to_apps(bpi->data.buf, bpi->data.size, bpi->destinationPort, bpi->id);
fwd = false;
} else {
fwd = true;
} }
if (facilities.tolling.enabled) { if (facilities.tolling.enabled) {
tpm_recv(its_msg, security_socket, neighbour_cert, NULL); tpm_recv(its_msg, security_socket, neighbour_cert, NULL);
fwd = facilities.tolling.protocol.p != TOLLING_PROTOCOL_GN_SPKI;
} }
break; break;

10
src/tpm.c
View File

@ -458,6 +458,8 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
SecurityRequest_t* sreq = NULL; SecurityRequest_t* sreq = NULL;
SecurityReply_t* srep = NULL; SecurityReply_t* srep = NULL;
tolling_t* tolling = &facilities.tolling;
switch (type_rx->present) { switch (type_rx->present) {
case TollingType_PR_entry: case TollingType_PR_entry:
if (type_rx->choice.entry.present != TollingEntry_PR_request) { if (type_rx->choice.entry.present != TollingEntry_PR_request) {
@ -477,6 +479,10 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
log_error("[tolling] received TPM.exit is not request"); log_error("[tolling] received TPM.exit is not request");
return; return;
} }
if (tolling->protocol.p != TOLLING_PROTOCOL_GN_DPKI) {
log_warn("[tolling] cannot cryptographically verify entryProof in mode different than GN-DPKI");
} else {
client_id = type_rx->choice.exit->choice.request->clientId; client_id = type_rx->choice.exit->choice.request->clientId;
nonce = type_rx->choice.exit->choice.request->transactionNonce; nonce = type_rx->choice.exit->choice.request->transactionNonce;
info_id = type_rx->choice.exit->choice.request->infoId; info_id = type_rx->choice.exit->choice.request->infoId;
@ -549,6 +555,7 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
ASN_STRUCT_FREE(asn_DEF_SecurityReply, srep); ASN_STRUCT_FREE(asn_DEF_SecurityReply, srep);
sreq = NULL; sreq = NULL;
srep = NULL; srep = NULL;
}
break; break;
case TollingType_PR_single: case TollingType_PR_single:
@ -566,7 +573,6 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
return; return;
} }
tolling_t* tolling = &facilities.tolling;
switch (tolling->protocol.p) { switch (tolling->protocol.p) {
case TOLLING_PROTOCOL_GN_SPKI: case TOLLING_PROTOCOL_GN_SPKI:
@ -784,6 +790,7 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
goto cleanup; goto cleanup;
} }
if (tolling->protocol.p == TOLLING_PROTOCOL_GN_DPKI) {
// Sign // Sign
sreq = calloc(1, sizeof(SecurityRequest_t)); sreq = calloc(1, sizeof(SecurityRequest_t));
sreq->present = SecurityRequest_PR_sign; sreq->present = SecurityRequest_PR_sign;
@ -828,6 +835,7 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
ASN_STRUCT_FREE(asn_DEF_SecurityReply, srep); ASN_STRUCT_FREE(asn_DEF_SecurityReply, srep);
sreq = NULL; sreq = NULL;
srep = NULL; srep = NULL;
}
// encode TPM // encode TPM
enc = uper_encode_to_buffer(&asn_DEF_TPM, NULL, tpm, tpm_uper, buf_len); enc = uper_encode_to_buffer(&asn_DEF_TPM, NULL, tpm, tpm_uper, buf_len);