Multiple mode TLS
This commit is contained in:
emanuel
parent
41dbcccf1f
commit
2fd4a02bfa
|
|
@ -311,6 +311,10 @@ int facilities_config(void* facilities_s) {
|
||||||
facilities->tolling.protocol.p = TOLLING_PROTOCOL_SIMPLE;
|
facilities->tolling.protocol.p = TOLLING_PROTOCOL_SIMPLE;
|
||||||
} else if (!strcmp("tls", config->facilities.tpm.protocol)) {
|
} else if (!strcmp("tls", config->facilities.tpm.protocol)) {
|
||||||
facilities->tolling.protocol.p = TOLLING_PROTOCOL_TLS;
|
facilities->tolling.protocol.p = TOLLING_PROTOCOL_TLS;
|
||||||
|
} else if (!strcmp("tls-gn", config->facilities.tpm.protocol)) {
|
||||||
|
facilities->tolling.protocol.p = TOLLING_PROTOCOL_TLS_GN;
|
||||||
|
} else if (!strcmp("tls-shs", config->facilities.tpm.protocol)) {
|
||||||
|
facilities->tolling.protocol.p = TOLLING_PROTOCOL_TLS_SHS;
|
||||||
} else {
|
} else {
|
||||||
syslog_err("[facilities] [config] unrecognized tolling protocol, defaulting to 'simple'");
|
syslog_err("[facilities] [config] unrecognized tolling protocol, defaulting to 'simple'");
|
||||||
facilities->tolling.protocol.p = TOLLING_PROTOCOL_SIMPLE;
|
facilities->tolling.protocol.p = TOLLING_PROTOCOL_SIMPLE;
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@
|
||||||
#include "requests.h"
|
#include "requests.h"
|
||||||
#include "cpm.h"
|
#include "cpm.h"
|
||||||
#include "saem.h"
|
#include "saem.h"
|
||||||
|
#include "tpm.h"
|
||||||
#include "vcm.h"
|
#include "vcm.h"
|
||||||
|
|
||||||
#include <itss-networking/NetworkingIndication.h>
|
#include <itss-networking/NetworkingIndication.h>
|
||||||
|
|
@ -303,10 +304,10 @@ static int transport_indication(facilities_t *facilities, void* responder, void*
|
||||||
sREQ->choice.tlsShutdown.connId = id;
|
sREQ->choice.tlsShutdown.connId = id;
|
||||||
b_sdu[0] = 4;
|
b_sdu[0] = 4;
|
||||||
asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sREQ, b_sdu+1, 2047);
|
asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sREQ, b_sdu+1, 2047);
|
||||||
syslog_debug("[facilities]->[security] SecurityRequest.tlsShutdown (%ldB)", enc.encoded+1);
|
syslog_debug("[facilities]->[security] SecurityRequest.tlsShutdown (%ldB)", enc.encoded+1);
|
||||||
zmq_send(security_socket, b_sdu, enc.encoded+1, 0);
|
zmq_send(security_socket, b_sdu, enc.encoded+1, 0);
|
||||||
int32_t rl = zmq_recv(security_socket, b_sdu, 2048, 0);
|
int32_t rl = zmq_recv(security_socket, b_sdu, 2048, 0);
|
||||||
syslog_debug("[facilities]<-[security] SecurityReply.tlsShutdown (%dB)", rl);
|
syslog_debug("[facilities]<-[security] SecurityReply.tlsShutdown (%dB)", rl);
|
||||||
|
|
||||||
rv = 1;
|
rv = 1;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
@ -333,10 +334,13 @@ static int transport_indication(facilities_t *facilities, void* responder, void*
|
||||||
tpr->destinationPort = 7011;
|
tpr->destinationPort = 7011;
|
||||||
tpr->sourcePort = 7011;
|
tpr->sourcePort = 7011;
|
||||||
|
|
||||||
tpr->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
|
if (facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS_GN ||
|
||||||
tpr->gn->packetTransportType = PacketTransportType_shb;
|
facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS_SHS) {
|
||||||
tpr->gn->destinationAddress.buf = calloc(1, 6);
|
tpr->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
|
||||||
tpr->gn->destinationAddress.size = 6;
|
tpr->gn->packetTransportType = PacketTransportType_shb;
|
||||||
|
tpr->gn->destinationAddress.buf = calloc(1, 6);
|
||||||
|
tpr->gn->destinationAddress.size = 6;
|
||||||
|
}
|
||||||
|
|
||||||
tpr->id = itss_id(tpr->data.buf, tpr->data.size);
|
tpr->id = itss_id(tpr->data.buf, tpr->data.size);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,11 @@ static void tcp_conn_reset(facilities_t* facilities, TCPConnRSTInfo_t* cri, void
|
||||||
// Reset tolling, tls
|
// Reset tolling, tls
|
||||||
tolling_t* tolling = &facilities->tolling;
|
tolling_t* tolling = &facilities->tolling;
|
||||||
bulletin_t* bulletin = &facilities->bulletin;
|
bulletin_t* bulletin = &facilities->bulletin;
|
||||||
if (tolling->enabled && tolling->protocol.p == TOLLING_PROTOCOL_TLS) {
|
if (tolling->enabled &&
|
||||||
|
(tolling->protocol.p == TOLLING_PROTOCOL_TLS ||
|
||||||
|
tolling->protocol.p == TOLLING_PROTOCOL_TLS_GN ||
|
||||||
|
tolling->protocol.p == TOLLING_PROTOCOL_TLS_SHS)
|
||||||
|
) {
|
||||||
for (int i = 0; i < bulletin->to_consume_len; ++i) {
|
for (int i = 0; i < bulletin->to_consume_len; ++i) {
|
||||||
if (!memcmp(bulletin->to_consume[i]->endpoint.ipv6_addr, cri->destinationAddress.buf, 16)) {
|
if (!memcmp(bulletin->to_consume[i]->endpoint.ipv6_addr, cri->destinationAddress.buf, 16)) {
|
||||||
sreq = calloc(1, sizeof(SecurityRequest_t));
|
sreq = calloc(1, sizeof(SecurityRequest_t));
|
||||||
|
|
|
||||||
|
|
@ -221,6 +221,8 @@ int mk_saem(facilities_t* facilities, uint8_t* b_saem, uint32_t* b_saem_len) {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TOLLING_PROTOCOL_TLS:
|
case TOLLING_PROTOCOL_TLS:
|
||||||
|
case TOLLING_PROTOCOL_TLS_GN:
|
||||||
|
case TOLLING_PROTOCOL_TLS_SHS:
|
||||||
exts->list.count = 4;
|
exts->list.count = 4;
|
||||||
exts->list.size = 4 * sizeof(void*);
|
exts->list.size = 4 * sizeof(void*);
|
||||||
exts->list.array = malloc(4 * sizeof(void*));
|
exts->list.array = malloc(4 * sizeof(void*));
|
||||||
|
|
@ -392,6 +394,8 @@ void *sa_service(void *fc) {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TOLLING_PROTOCOL_TLS:
|
case TOLLING_PROTOCOL_TLS:
|
||||||
|
case TOLLING_PROTOCOL_TLS_GN:
|
||||||
|
case TOLLING_PROTOCOL_TLS_SHS:
|
||||||
tpm_pay(facilities, info, security_socket, NULL, bulletin->to_consume[a]->endpoint.ipv6_addr);
|
tpm_pay(facilities, info, security_socket, NULL, bulletin->to_consume[a]->endpoint.ipv6_addr);
|
||||||
++bulletin->to_consume[a]->n_trigger;
|
++bulletin->to_consume[a]->n_trigger;
|
||||||
bulletin->to_consume[a]->t_trigger = now;
|
bulletin->to_consume[a]->t_trigger = now;
|
||||||
|
|
@ -402,7 +406,9 @@ void *sa_service(void *fc) {
|
||||||
pthread_mutex_unlock(&bulletin->lock);
|
pthread_mutex_unlock(&bulletin->lock);
|
||||||
|
|
||||||
// Tolling management
|
// Tolling management
|
||||||
if (facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS) {
|
if (facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS ||
|
||||||
|
facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS_GN ||
|
||||||
|
facilities->tolling.protocol.p == TOLLING_PROTOCOL_TLS_SHS) {
|
||||||
tolling_tlsc_mgmt(&facilities->tolling, &facilities->epv, facilities->tx_queue, security_socket);
|
tolling_tlsc_mgmt(&facilities->tolling, &facilities->epv, facilities->tx_queue, security_socket);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
40
src/tpm.c
40
src/tpm.c
|
|
@ -266,6 +266,8 @@ int tpm_pay(void* fc, tolling_info_t* info, void* security_socket, uint8_t* neig
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TOLLING_PROTOCOL_TLS:
|
case TOLLING_PROTOCOL_TLS:
|
||||||
|
case TOLLING_PROTOCOL_TLS_GN:
|
||||||
|
case TOLLING_PROTOCOL_TLS_SHS:
|
||||||
sreq = calloc(1, sizeof(SecurityRequest_t));
|
sreq = calloc(1, sizeof(SecurityRequest_t));
|
||||||
sreq->present = SecurityRequest_PR_tlsSend;
|
sreq->present = SecurityRequest_PR_tlsSend;
|
||||||
sreq->choice.tlsSend.data.buf = malloc(tpm_uper_len);
|
sreq->choice.tlsSend.data.buf = malloc(tpm_uper_len);
|
||||||
|
|
@ -323,12 +325,15 @@ int tpm_pay(void* fc, tolling_info_t* info, void* security_socket, uint8_t* neig
|
||||||
tcp->data.size = srep->data->choice.tlsSend.data.size;
|
tcp->data.size = srep->data->choice.tlsSend.data.size;
|
||||||
memcpy(tcp->data.buf, srep->data->choice.tlsSend.data.buf, srep->data->choice.tlsSend.data.size);
|
memcpy(tcp->data.buf, srep->data->choice.tlsSend.data.buf, srep->data->choice.tlsSend.data.size);
|
||||||
|
|
||||||
tcp->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
|
if (tolling->protocol.p == TOLLING_PROTOCOL_TLS_GN ||
|
||||||
tcp->gn->packetTransportType = PacketTransportType_shb;
|
tolling->protocol.p == TOLLING_PROTOCOL_TLS_SHS) {
|
||||||
tcp->gn->destinationAddress.buf = calloc(1, 6);
|
tcp->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
|
||||||
tcp->gn->destinationAddress.size = 6;
|
tcp->gn->packetTransportType = PacketTransportType_shb;
|
||||||
tcp->gn->securityProfile.encrypt = false;
|
tcp->gn->destinationAddress.buf = calloc(1, 6);
|
||||||
tcp->gn->securityProfile.sign = true;
|
tcp->gn->destinationAddress.size = 6;
|
||||||
|
tcp->gn->securityProfile.encrypt = false;
|
||||||
|
tcp->gn->securityProfile.sign = true;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -535,6 +540,8 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
case TOLLING_PROTOCOL_TLS:
|
case TOLLING_PROTOCOL_TLS:
|
||||||
|
case TOLLING_PROTOCOL_TLS_GN:
|
||||||
|
case TOLLING_PROTOCOL_TLS_SHS:
|
||||||
syslog_info("[facilities] [tolling] received toll %s.request | client: %lld nonce: %lld",
|
syslog_info("[facilities] [tolling] received toll %s.request | client: %lld nonce: %lld",
|
||||||
tts(type_rx->present),
|
tts(type_rx->present),
|
||||||
(long long) client_id,
|
(long long) client_id,
|
||||||
|
|
@ -786,6 +793,8 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TOLLING_PROTOCOL_TLS:
|
case TOLLING_PROTOCOL_TLS:
|
||||||
|
case TOLLING_PROTOCOL_TLS_GN:
|
||||||
|
case TOLLING_PROTOCOL_TLS_SHS:
|
||||||
sreq = calloc(1, sizeof(SecurityRequest_t));
|
sreq = calloc(1, sizeof(SecurityRequest_t));
|
||||||
sreq->present = SecurityRequest_PR_tlsSend;
|
sreq->present = SecurityRequest_PR_tlsSend;
|
||||||
sreq->choice.tlsSend.data.buf = malloc(tpm_uper_len);
|
sreq->choice.tlsSend.data.buf = malloc(tpm_uper_len);
|
||||||
|
|
@ -840,12 +849,15 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
|
||||||
tcp->data.size = srep->data->choice.tlsSend.data.size;
|
tcp->data.size = srep->data->choice.tlsSend.data.size;
|
||||||
memcpy(tcp->data.buf, srep->data->choice.tlsSend.data.buf, srep->data->choice.tlsSend.data.size);
|
memcpy(tcp->data.buf, srep->data->choice.tlsSend.data.buf, srep->data->choice.tlsSend.data.size);
|
||||||
|
|
||||||
tcp->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
|
if (tolling->protocol.p == TOLLING_PROTOCOL_TLS_GN ||
|
||||||
tcp->gn->packetTransportType = PacketTransportType_shb;
|
tolling->protocol.p == TOLLING_PROTOCOL_TLS_SHS) {
|
||||||
tcp->gn->destinationAddress.buf = calloc(1, 6);
|
tcp->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
|
||||||
tcp->gn->destinationAddress.size = 6;
|
tcp->gn->packetTransportType = PacketTransportType_shb;
|
||||||
tcp->gn->securityProfile.encrypt = false;
|
tcp->gn->destinationAddress.buf = calloc(1, 6);
|
||||||
tcp->gn->securityProfile.sign = true;
|
tcp->gn->destinationAddress.size = 6;
|
||||||
|
tcp->gn->securityProfile.encrypt = false;
|
||||||
|
tcp->gn->securityProfile.sign = true;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1080,7 +1092,9 @@ static void veh_handle_recv(tolling_t* tolling, TPM_t* tpm_rx, void* security_so
|
||||||
}
|
}
|
||||||
|
|
||||||
// Close TCP & TLS conn
|
// Close TCP & TLS conn
|
||||||
if (tolling->protocol.p == TOLLING_PROTOCOL_TLS) {
|
if (tolling->protocol.p == TOLLING_PROTOCOL_TLS ||
|
||||||
|
tolling->protocol.p == TOLLING_PROTOCOL_TLS_GN ||
|
||||||
|
tolling->protocol.p == TOLLING_PROTOCOL_TLS_SHS) {
|
||||||
tlsc_t* tlsc = tolling_tlsc_get(tolling, epv, src_addr, 7011);
|
tlsc_t* tlsc = tolling_tlsc_get(tolling, epv, src_addr, 7011);
|
||||||
if (tlsc) {
|
if (tlsc) {
|
||||||
sreq = calloc(1, sizeof(SecurityRequest_t));
|
sreq = calloc(1, sizeof(SecurityRequest_t));
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,9 @@
|
||||||
|
|
||||||
typedef enum TOLLING_PROTOCOL {
|
typedef enum TOLLING_PROTOCOL {
|
||||||
TOLLING_PROTOCOL_SIMPLE,
|
TOLLING_PROTOCOL_SIMPLE,
|
||||||
TOLLING_PROTOCOL_TLS
|
TOLLING_PROTOCOL_TLS,
|
||||||
|
TOLLING_PROTOCOL_TLS_GN,
|
||||||
|
TOLLING_PROTOCOL_TLS_SHS
|
||||||
} TOLLING_PROTOCOL_e;
|
} TOLLING_PROTOCOL_e;
|
||||||
|
|
||||||
typedef struct tolling_info {
|
typedef struct tolling_info {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue