From 2fd4a02bfa5fe56db7f6bad5b58be5a6903b1624 Mon Sep 17 00:00:00 2001 From: emanuel Date: Tue, 26 Jul 2022 18:46:41 +0100 Subject: [PATCH] Multiple mode TLS --- src/config.c | 4 ++++ src/facilities.c | 20 ++++++++++++-------- src/indications.c | 6 +++++- src/saem.c | 8 +++++++- src/tpm.c | 40 +++++++++++++++++++++++++++------------- src/tpm.h | 4 +++- 6 files changed, 58 insertions(+), 24 deletions(-) diff --git a/src/config.c b/src/config.c index 0407e08..f0afdd6 100644 --- a/src/config.c +++ b/src/config.c @@ -311,6 +311,10 @@ int facilities_config(void* facilities_s) { facilities->tolling.protocol.p = TOLLING_PROTOCOL_SIMPLE; } else if (!strcmp("tls", config->facilities.tpm.protocol)) { facilities->tolling.protocol.p = TOLLING_PROTOCOL_TLS; + } else if (!strcmp("tls-gn", config->facilities.tpm.protocol)) { + facilities->tolling.protocol.p = TOLLING_PROTOCOL_TLS_GN; + } else if (!strcmp("tls-shs", config->facilities.tpm.protocol)) { + facilities->tolling.protocol.p = TOLLING_PROTOCOL_TLS_SHS; } else { syslog_err("[facilities] [config] unrecognized tolling protocol, defaulting to 'simple'"); facilities->tolling.protocol.p = TOLLING_PROTOCOL_SIMPLE; diff --git a/src/facilities.c b/src/facilities.c index 4418407..b1dbf6f 100644 --- a/src/facilities.c +++ b/src/facilities.c @@ -7,6 +7,7 @@ #include "requests.h" #include "cpm.h" #include "saem.h" +#include "tpm.h" #include "vcm.h" #include @@ -303,10 +304,10 @@ static int transport_indication(facilities_t *facilities, void* responder, void* sREQ->choice.tlsShutdown.connId = id; b_sdu[0] = 4; asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sREQ, b_sdu+1, 2047); - syslog_debug("[facilities]->[security] SecurityRequest.tlsShutdown (%ldB)", enc.encoded+1); - zmq_send(security_socket, b_sdu, enc.encoded+1, 0); - int32_t rl = zmq_recv(security_socket, b_sdu, 2048, 0); - syslog_debug("[facilities]<-[security] SecurityReply.tlsShutdown (%dB)", rl); + syslog_debug("[facilities]->[security] SecurityRequest.tlsShutdown (%ldB)", enc.encoded+1); + zmq_send(security_socket, b_sdu, enc.encoded+1, 0); + int32_t rl = zmq_recv(security_socket, b_sdu, 2048, 0); + syslog_debug("[facilities]<-[security] SecurityReply.tlsShutdown (%dB)", rl); rv = 1; goto cleanup; @@ -333,10 +334,13 @@ static int transport_indication(facilities_t *facilities, void* responder, void* tpr->destinationPort = 7011; tpr->sourcePort = 7011; - tpr->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t)); - tpr->gn->packetTransportType = PacketTransportType_shb; - tpr->gn->destinationAddress.buf = calloc(1, 6); - tpr->gn->destinationAddress.size = 6; + if (facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS_GN || + facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS_SHS) { + tpr->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t)); + tpr->gn->packetTransportType = PacketTransportType_shb; + tpr->gn->destinationAddress.buf = calloc(1, 6); + tpr->gn->destinationAddress.size = 6; + } tpr->id = itss_id(tpr->data.buf, tpr->data.size); diff --git a/src/indications.c b/src/indications.c index 203945c..eef409a 100644 --- a/src/indications.c +++ b/src/indications.c @@ -12,7 +12,11 @@ static void tcp_conn_reset(facilities_t* facilities, TCPConnRSTInfo_t* cri, void // Reset tolling, tls tolling_t* tolling = &facilities->tolling; bulletin_t* bulletin = &facilities->bulletin; - if (tolling->enabled && tolling->protocol.p == TOLLING_PROTOCOL_TLS) { + if (tolling->enabled && + (tolling->protocol.p == TOLLING_PROTOCOL_TLS || + tolling->protocol.p == TOLLING_PROTOCOL_TLS_GN || + tolling->protocol.p == TOLLING_PROTOCOL_TLS_SHS) + ) { for (int i = 0; i < bulletin->to_consume_len; ++i) { if (!memcmp(bulletin->to_consume[i]->endpoint.ipv6_addr, cri->destinationAddress.buf, 16)) { sreq = calloc(1, sizeof(SecurityRequest_t)); diff --git a/src/saem.c b/src/saem.c index 9408da4..9dcbcd9 100644 --- a/src/saem.c +++ b/src/saem.c @@ -221,6 +221,8 @@ int mk_saem(facilities_t* facilities, uint8_t* b_saem, uint32_t* b_saem_len) { break; case TOLLING_PROTOCOL_TLS: + case TOLLING_PROTOCOL_TLS_GN: + case TOLLING_PROTOCOL_TLS_SHS: exts->list.count = 4; exts->list.size = 4 * sizeof(void*); exts->list.array = malloc(4 * sizeof(void*)); @@ -392,6 +394,8 @@ void *sa_service(void *fc) { break; case TOLLING_PROTOCOL_TLS: + case TOLLING_PROTOCOL_TLS_GN: + case TOLLING_PROTOCOL_TLS_SHS: tpm_pay(facilities, info, security_socket, NULL, bulletin->to_consume[a]->endpoint.ipv6_addr); ++bulletin->to_consume[a]->n_trigger; bulletin->to_consume[a]->t_trigger = now; @@ -402,7 +406,9 @@ void *sa_service(void *fc) { pthread_mutex_unlock(&bulletin->lock); // Tolling management - if (facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS) { + if (facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS || + facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS_GN || + facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS_SHS) { tolling_tlsc_mgmt(&facilities->tolling, &facilities->epv, facilities->tx_queue, security_socket); } diff --git a/src/tpm.c b/src/tpm.c index 362f71e..ede8741 100644 --- a/src/tpm.c +++ b/src/tpm.c @@ -266,6 +266,8 @@ int tpm_pay(void* fc, tolling_info_t* info, void* security_socket, uint8_t* neig break; case TOLLING_PROTOCOL_TLS: + case TOLLING_PROTOCOL_TLS_GN: + case TOLLING_PROTOCOL_TLS_SHS: sreq = calloc(1, sizeof(SecurityRequest_t)); sreq->present = SecurityRequest_PR_tlsSend; sreq->choice.tlsSend.data.buf = malloc(tpm_uper_len); @@ -323,12 +325,15 @@ int tpm_pay(void* fc, tolling_info_t* info, void* security_socket, uint8_t* neig tcp->data.size = srep->data->choice.tlsSend.data.size; memcpy(tcp->data.buf, srep->data->choice.tlsSend.data.buf, srep->data->choice.tlsSend.data.size); - tcp->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t)); - tcp->gn->packetTransportType = PacketTransportType_shb; - tcp->gn->destinationAddress.buf = calloc(1, 6); - tcp->gn->destinationAddress.size = 6; - tcp->gn->securityProfile.encrypt = false; - tcp->gn->securityProfile.sign = true; + if (tolling->protocol.p == TOLLING_PROTOCOL_TLS_GN || + tolling->protocol.p == TOLLING_PROTOCOL_TLS_SHS) { + tcp->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t)); + tcp->gn->packetTransportType = PacketTransportType_shb; + tcp->gn->destinationAddress.buf = calloc(1, 6); + tcp->gn->destinationAddress.size = 6; + tcp->gn->securityProfile.encrypt = false; + tcp->gn->securityProfile.sign = true; + } break; } @@ -535,6 +540,8 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur ); break; case TOLLING_PROTOCOL_TLS: + case TOLLING_PROTOCOL_TLS_GN: + case TOLLING_PROTOCOL_TLS_SHS: syslog_info("[facilities] [tolling] received toll %s.request | client: %lld nonce: %lld", tts(type_rx->present), (long long) client_id, @@ -786,6 +793,8 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur break; case TOLLING_PROTOCOL_TLS: + case TOLLING_PROTOCOL_TLS_GN: + case TOLLING_PROTOCOL_TLS_SHS: sreq = calloc(1, sizeof(SecurityRequest_t)); sreq->present = SecurityRequest_PR_tlsSend; sreq->choice.tlsSend.data.buf = malloc(tpm_uper_len); @@ -840,12 +849,15 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur tcp->data.size = srep->data->choice.tlsSend.data.size; memcpy(tcp->data.buf, srep->data->choice.tlsSend.data.buf, srep->data->choice.tlsSend.data.size); - tcp->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t)); - tcp->gn->packetTransportType = PacketTransportType_shb; - tcp->gn->destinationAddress.buf = calloc(1, 6); - tcp->gn->destinationAddress.size = 6; - tcp->gn->securityProfile.encrypt = false; - tcp->gn->securityProfile.sign = true; + if (tolling->protocol.p == TOLLING_PROTOCOL_TLS_GN || + tolling->protocol.p == TOLLING_PROTOCOL_TLS_SHS) { + tcp->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t)); + tcp->gn->packetTransportType = PacketTransportType_shb; + tcp->gn->destinationAddress.buf = calloc(1, 6); + tcp->gn->destinationAddress.size = 6; + tcp->gn->securityProfile.encrypt = false; + tcp->gn->securityProfile.sign = true; + } break; } @@ -1080,7 +1092,9 @@ static void veh_handle_recv(tolling_t* tolling, TPM_t* tpm_rx, void* security_so } // Close TCP & TLS conn - if (tolling->protocol.p == TOLLING_PROTOCOL_TLS) { + if (tolling->protocol.p == TOLLING_PROTOCOL_TLS || + tolling->protocol.p == TOLLING_PROTOCOL_TLS_GN || + tolling->protocol.p == TOLLING_PROTOCOL_TLS_SHS) { tlsc_t* tlsc = tolling_tlsc_get(tolling, epv, src_addr, 7011); if (tlsc) { sreq = calloc(1, sizeof(SecurityRequest_t)); diff --git a/src/tpm.h b/src/tpm.h index 3b0c5c1..ead6753 100644 --- a/src/tpm.h +++ b/src/tpm.h @@ -13,7 +13,9 @@ typedef enum TOLLING_PROTOCOL { TOLLING_PROTOCOL_SIMPLE, - TOLLING_PROTOCOL_TLS + TOLLING_PROTOCOL_TLS, + TOLLING_PROTOCOL_TLS_GN, + TOLLING_PROTOCOL_TLS_SHS } TOLLING_PROTOCOL_e; typedef struct tolling_info {