TiagoRG
/
it2s-itss-facilities
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

TPM SPKI remove sec-verify check, fast fwd2apps on rx

This commit is contained in:
Mohannad 2023-08-01 13:28:12 +01:00
parent 40db7b666a
commit 01406cdbf3
4 changed files with 135 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/facilities.c
View File

@ -501,6 +501,7 @@ int main() {
edm_init();
}
facilities.apps_socket = itss_0connect(facilities.zmq.applications_address, ZMQ_REQ);
security_socket = itss_0connect(facilities.zmq.security_address, ZMQ_REQ);
uint8_t buffer[ITSS_SDU_MAX_LEN];

1
src/facilities.h
View File

@ -51,6 +51,7 @@ typedef struct facilities {
// Transmitter
itss_queue_t* tx_queue;
void* apps_socket; /* alternative to tx queue, only used in rx/main thread */
// CA
lightship_t lightship;

14
src/requests.c
View File

@ -40,7 +40,15 @@ static void fwd_to_apps(uint8_t* msg, uint16_t msg_len, int its_msg_type, uint32
buffer[0] = 4; // Facilities
asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_FacilitiesIndication, NULL, fi, buffer + 1, ITSS_SDU_MAX_LEN - 1);
itss_queue_send(facilities.tx_queue, buffer, enc.encoded + 1, ITSS_APPLICATIONS, iid, "FI.message");
log_debug("-> FI.message ->[applications] | id:%08x size:%dB",
(uint32_t)iid, enc.encoded+1);
uint8_t code;
itss_0send(facilities.apps_socket, buffer, enc.encoded+1);
int rv = itss_0recv_rt(&facilities.apps_socket, &code, 1, buffer, enc.encoded+1, 1000);
if (rv == -1) {
log_error("-> FI.message ->[applications] | id:%08x size:%dB <TIMEOUT>",
(uint32_t)iid, enc.encoded+1);
}
ASN_STRUCT_FREE(asn_DEF_FacilitiesIndication, fi);
}
@ -787,10 +795,12 @@ int transport_indication_btp(BTPPacketIndication_t* bpi, void** security_socket)
case 7011:
if (facilities.tolling.protocol.p == TOLLING_PROTOCOL_GN_SPKI) { /* do not wait for facilities process if spki */
fwd_to_apps(bpi->data.buf, bpi->data.size, bpi->destinationPort, bpi->id);
fwd = false;
} else {
fwd = true;
}
if (facilities.tolling.enabled) {
tpm_recv(its_msg, security_socket, neighbour_cert, NULL);
fwd = facilities.tolling.protocol.p != TOLLING_PROTOCOL_GN_SPKI;
}
break;

10
src/tpm.c
View File

@ -458,6 +458,8 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
SecurityRequest_t* sreq = NULL;
SecurityReply_t* srep = NULL;
tolling_t* tolling = &facilities.tolling;
switch (type_rx->present) {
case TollingType_PR_entry:
if (type_rx->choice.entry.present != TollingEntry_PR_request) {
@ -477,6 +479,10 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
log_error("[tolling] received TPM.exit is not request");
return;
}
if (tolling->protocol.p != TOLLING_PROTOCOL_GN_DPKI) {
log_warn("[tolling] cannot cryptographically verify entryProof in mode different than GN-DPKI");
} else {
client_id = type_rx->choice.exit->choice.request->clientId;
nonce = type_rx->choice.exit->choice.request->transactionNonce;
info_id = type_rx->choice.exit->choice.request->infoId;
@ -549,6 +555,7 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
ASN_STRUCT_FREE(asn_DEF_SecurityReply, srep);
sreq = NULL;
srep = NULL;
}
break;
case TollingType_PR_single:
@ -566,7 +573,6 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
return;
}
tolling_t* tolling = &facilities.tolling;
switch (tolling->protocol.p) {
case TOLLING_PROTOCOL_GN_SPKI:
@ -784,6 +790,7 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
goto cleanup;
}
if (tolling->protocol.p == TOLLING_PROTOCOL_GN_DPKI) {
// Sign
sreq = calloc(1, sizeof(SecurityRequest_t));
sreq->present = SecurityRequest_PR_sign;
@ -828,6 +835,7 @@ static void rsu_handle_recv(TPM_t* tpm_rx, void** security_socket, uint8_t* neig
ASN_STRUCT_FREE(asn_DEF_SecurityReply, srep);
sreq = NULL;
srep = NULL;
}
// encode TPM
enc = uper_encode_to_buffer(&asn_DEF_TPM, NULL, tpm, tpm_uper, buf_len);