TiagoRG
/
it2s-itss-facilities
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Multiple mode TLS

This commit is contained in:
emanuel 2022-07-26 18:46:41 +01:00
parent 41dbcccf1f
commit 2fd4a02bfa
6 changed files with 58 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/config.c
View File

@ -311,6 +311,10 @@ int facilities_config(void* facilities_s) {
facilities->tolling.protocol.p = TOLLING_PROTOCOL_SIMPLE;
} else if (!strcmp("tls", config->facilities.tpm.protocol)) {
facilities->tolling.protocol.p = TOLLING_PROTOCOL_TLS;
} else if (!strcmp("tls-gn", config->facilities.tpm.protocol)) {
facilities->tolling.protocol.p = TOLLING_PROTOCOL_TLS_GN;
} else if (!strcmp("tls-shs", config->facilities.tpm.protocol)) {
facilities->tolling.protocol.p = TOLLING_PROTOCOL_TLS_SHS;
} else {
syslog_err("[facilities] [config] unrecognized tolling protocol, defaulting to 'simple'");
facilities->tolling.protocol.p = TOLLING_PROTOCOL_SIMPLE;

20
src/facilities.c
View File

@ -7,6 +7,7 @@
#include "requests.h"
#include "cpm.h"
#include "saem.h"
#include "tpm.h"
#include "vcm.h"
#include <itss-networking/NetworkingIndication.h>
@ -303,10 +304,10 @@ static int transport_indication(facilities_t *facilities, void* responder, void*
sREQ->choice.tlsShutdown.connId = id;
b_sdu[0] = 4;
asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sREQ, b_sdu+1, 2047);
syslog_debug("[facilities]->[security] SecurityRequest.tlsShutdown (%ldB)", enc.encoded+1);
zmq_send(security_socket, b_sdu, enc.encoded+1, 0);
int32_t rl = zmq_recv(security_socket, b_sdu, 2048, 0);
syslog_debug("[facilities]<-[security] SecurityReply.tlsShutdown (%dB)", rl);
syslog_debug("[facilities]->[security] SecurityRequest.tlsShutdown (%ldB)", enc.encoded+1);
zmq_send(security_socket, b_sdu, enc.encoded+1, 0);
int32_t rl = zmq_recv(security_socket, b_sdu, 2048, 0);
syslog_debug("[facilities]<-[security] SecurityReply.tlsShutdown (%dB)", rl);
rv = 1;
goto cleanup;
@ -333,10 +334,13 @@ static int transport_indication(facilities_t *facilities, void* responder, void*
tpr->destinationPort = 7011;
tpr->sourcePort = 7011;
tpr->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
tpr->gn->packetTransportType = PacketTransportType_shb;
tpr->gn->destinationAddress.buf = calloc(1, 6);
tpr->gn->destinationAddress.size = 6;
if (facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS_GN ||
facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS_SHS) {
tpr->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
tpr->gn->packetTransportType = PacketTransportType_shb;
tpr->gn->destinationAddress.buf = calloc(1, 6);
tpr->gn->destinationAddress.size = 6;
}
tpr->id = itss_id(tpr->data.buf, tpr->data.size);

6
src/indications.c
View File

@ -12,7 +12,11 @@ static void tcp_conn_reset(facilities_t* facilities, TCPConnRSTInfo_t* cri, void
// Reset tolling, tls
tolling_t* tolling = &facilities->tolling;
bulletin_t* bulletin = &facilities->bulletin;
if (tolling->enabled && tolling->protocol.p == TOLLING_PROTOCOL_TLS) {
if (tolling->enabled &&
(tolling->protocol.p == TOLLING_PROTOCOL_TLS ||
tolling->protocol.p == TOLLING_PROTOCOL_TLS_GN ||
tolling->protocol.p == TOLLING_PROTOCOL_TLS_SHS)
) {
for (int i = 0; i < bulletin->to_consume_len; ++i) {
if (!memcmp(bulletin->to_consume[i]->endpoint.ipv6_addr, cri->destinationAddress.buf, 16)) {
sreq = calloc(1, sizeof(SecurityRequest_t));

8
src/saem.c
View File

@ -221,6 +221,8 @@ int mk_saem(facilities_t* facilities, uint8_t* b_saem, uint32_t* b_saem_len) {
break;
case TOLLING_PROTOCOL_TLS:
case TOLLING_PROTOCOL_TLS_GN:
case TOLLING_PROTOCOL_TLS_SHS:
exts->list.count = 4;
exts->list.size = 4 * sizeof(void*);
exts->list.array = malloc(4 * sizeof(void*));
@ -392,6 +394,8 @@ void *sa_service(void *fc) {
break;
case TOLLING_PROTOCOL_TLS:
case TOLLING_PROTOCOL_TLS_GN:
case TOLLING_PROTOCOL_TLS_SHS:
tpm_pay(facilities, info, security_socket, NULL, bulletin->to_consume[a]->endpoint.ipv6_addr);
++bulletin->to_consume[a]->n_trigger;
bulletin->to_consume[a]->t_trigger = now;
@ -402,7 +406,9 @@ void *sa_service(void *fc) {
pthread_mutex_unlock(&bulletin->lock);
// Tolling management
if (facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS) {
if (facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS ||
facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS_GN ||
facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS_SHS) {
tolling_tlsc_mgmt(&facilities->tolling, &facilities->epv, facilities->tx_queue, security_socket);
}

40
src/tpm.c
View File

@ -266,6 +266,8 @@ int tpm_pay(void* fc, tolling_info_t* info, void* security_socket, uint8_t* neig
break;
case TOLLING_PROTOCOL_TLS:
case TOLLING_PROTOCOL_TLS_GN:
case TOLLING_PROTOCOL_TLS_SHS:
sreq = calloc(1, sizeof(SecurityRequest_t));
sreq->present = SecurityRequest_PR_tlsSend;
sreq->choice.tlsSend.data.buf = malloc(tpm_uper_len);
@ -323,12 +325,15 @@ int tpm_pay(void* fc, tolling_info_t* info, void* security_socket, uint8_t* neig
tcp->data.size = srep->data->choice.tlsSend.data.size;
memcpy(tcp->data.buf, srep->data->choice.tlsSend.data.buf, srep->data->choice.tlsSend.data.size);
tcp->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
tcp->gn->packetTransportType = PacketTransportType_shb;
tcp->gn->destinationAddress.buf = calloc(1, 6);
tcp->gn->destinationAddress.size = 6;
tcp->gn->securityProfile.encrypt = false;
tcp->gn->securityProfile.sign = true;
if (tolling->protocol.p == TOLLING_PROTOCOL_TLS_GN ||
tolling->protocol.p == TOLLING_PROTOCOL_TLS_SHS) {
tcp->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
tcp->gn->packetTransportType = PacketTransportType_shb;
tcp->gn->destinationAddress.buf = calloc(1, 6);
tcp->gn->destinationAddress.size = 6;
tcp->gn->securityProfile.encrypt = false;
tcp->gn->securityProfile.sign = true;
}
break;
}
@ -535,6 +540,8 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
);
break;
case TOLLING_PROTOCOL_TLS:
case TOLLING_PROTOCOL_TLS_GN:
case TOLLING_PROTOCOL_TLS_SHS:
syslog_info("[facilities] [tolling] received toll %s.request | client: %lld nonce: %lld",
tts(type_rx->present),
(long long) client_id,
@ -786,6 +793,8 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
break;
case TOLLING_PROTOCOL_TLS:
case TOLLING_PROTOCOL_TLS_GN:
case TOLLING_PROTOCOL_TLS_SHS:
sreq = calloc(1, sizeof(SecurityRequest_t));
sreq->present = SecurityRequest_PR_tlsSend;
sreq->choice.tlsSend.data.buf = malloc(tpm_uper_len);
@ -840,12 +849,15 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
tcp->data.size = srep->data->choice.tlsSend.data.size;
memcpy(tcp->data.buf, srep->data->choice.tlsSend.data.buf, srep->data->choice.tlsSend.data.size);
tcp->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
tcp->gn->packetTransportType = PacketTransportType_shb;
tcp->gn->destinationAddress.buf = calloc(1, 6);
tcp->gn->destinationAddress.size = 6;
tcp->gn->securityProfile.encrypt = false;
tcp->gn->securityProfile.sign = true;
if (tolling->protocol.p == TOLLING_PROTOCOL_TLS_GN ||
tolling->protocol.p == TOLLING_PROTOCOL_TLS_SHS) {
tcp->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
tcp->gn->packetTransportType = PacketTransportType_shb;
tcp->gn->destinationAddress.buf = calloc(1, 6);
tcp->gn->destinationAddress.size = 6;
tcp->gn->securityProfile.encrypt = false;
tcp->gn->securityProfile.sign = true;
}
break;
}
@ -1080,7 +1092,9 @@ static void veh_handle_recv(tolling_t* tolling, TPM_t* tpm_rx, void* security_so
}
// Close TCP & TLS conn
if (tolling->protocol.p == TOLLING_PROTOCOL_TLS) {
if (tolling->protocol.p == TOLLING_PROTOCOL_TLS ||
tolling->protocol.p == TOLLING_PROTOCOL_TLS_GN ||
tolling->protocol.p == TOLLING_PROTOCOL_TLS_SHS) {
tlsc_t* tlsc = tolling_tlsc_get(tolling, epv, src_addr, 7011);
if (tlsc) {
sreq = calloc(1, sizeof(SecurityRequest_t));

4
src/tpm.h
View File

@ -13,7 +13,9 @@
typedef enum TOLLING_PROTOCOL {
TOLLING_PROTOCOL_SIMPLE,
TOLLING_PROTOCOL_TLS
TOLLING_PROTOCOL_TLS,
TOLLING_PROTOCOL_TLS_GN,
TOLLING_PROTOCOL_TLS_SHS
} TOLLING_PROTOCOL_e;
typedef struct tolling_info {