From 32aa759df4cb18e05701cef79befa4fd5384ac6d Mon Sep 17 00:00:00 2001 From: emanuel Date: Mon, 17 Apr 2023 18:19:24 +0100 Subject: [PATCH] Mv TLS handling to separate file --- src/CMakeLists.txt | 1 + src/facilities.c | 132 ++------------------------------------ src/tls.c | 154 +++++++++++++++++++++++++++++++++++++++++++++ src/tls.h | 4 ++ 4 files changed, 163 insertions(+), 128 deletions(-) create mode 100644 src/tls.c create mode 100644 src/tls.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ca34548..d633507 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -11,6 +11,7 @@ ADD_EXECUTABLE(it2s-itss-facilities tpm.c vcm.c evm.c + tls.c ) TARGET_LINK_LIBRARIES(it2s-itss-facilities diff --git a/src/facilities.c b/src/facilities.c index 5196d48..f4ad1d8 100644 --- a/src/facilities.c +++ b/src/facilities.c @@ -41,6 +41,7 @@ #include "saem.h" #include "tpm.h" #include "vcm.h" +#include "tls.h" facilities_t facilities = {0}; @@ -297,135 +298,10 @@ static int transport_indication(void *responder, void **security_socket, uint8_t break; case TransportPacketIndication_PR_tcp: - id = tpi->choice.tcp.id; - packet = tpi->choice.tcp.data.buf; - packet_len = tpi->choice.tcp.data.size; - log_debug("<- TI.packet.tcp | id:%ld size:%dB", id, msg_len); - - sreq = calloc(1, sizeof(SecurityRequest_t)); - sreq->present = SecurityRequest_PR_tlsRecv; - sreq->choice.tlsRecv.data.size = tpi->choice.tcp.data.size; - sreq->choice.tlsRecv.data.buf = malloc(tpi->choice.tcp.data.size); - memcpy(sreq->choice.tlsRecv.data.buf, tpi->choice.tcp.data.buf, tpi->choice.tcp.data.size); - - pthread_mutex_lock(&facilities.tolling.lock); - tlsc_t *tlsc = tolling_tlsc_get(tpi->choice.tcp.sourceAddress->buf, 7011); - if (tlsc) { - id = tlsc->id; - } else { - tlsc = tolling_tlsc_new(tpi->choice.tcp.sourceAddress->buf, 7011); - id = tlsc->id; - } - ++tlsc->nmsg; - pthread_mutex_unlock(&facilities.tolling.lock); - sreq->choice.tlsSend.connId = id; - - uint8_t b_tx[2048], b_rx[2048]; - b_tx[0] = 4; - asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sreq, b_tx + 1, 2047); - - log_debug("->[security] SecurityRequest.tlsRecv (%ldB)", enc.encoded + 1); - itss_0send(*security_socket, b_tx, enc.encoded + 1); - int32_t rl = itss_0recv_rt(security_socket, b_rx, 2048, b_tx, enc.encoded + 1, 1000); - log_debug("<-[security] SecurityReply.tlsRecv (%dB)", rl); - - if (oer_decode(NULL, &asn_DEF_SecurityReply, (void **)&srep, b_rx, rl).code) { - log_error("SecurityReply.tlsRecv decode failure"); - rv = 1; - goto cleanup; - } - - if (srep->returnCode == SecurityReplyReturnCode_rejected) { - log_error("SecurityReply.tlsRecv rejected"); - - SecurityRequest_t *sREQ = calloc(1, sizeof(SecurityRequest_t)); - sREQ->present = SecurityRequest_PR_tlsShutdown; - sREQ->choice.tlsShutdown.connId = id; - b_tx[0] = 4; - asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sREQ, b_tx + 1, 2047); - log_debug("->[security] SecurityRequest.tlsShutdown (%ldB)", enc.encoded + 1); - itss_0send(*security_socket, b_tx, enc.encoded + 1); - int32_t rl = itss_0recv_rt(security_socket, b_rx, 2048, b_tx, enc.encoded + 1, 1000); - log_debug("<-[security] SecurityReply.tlsShutdown (%dB)", rl); - - rv = 1; - goto cleanup; - } - - log_debug("[tolling] tls n-msg:%d state:%d", tlsc->nmsg, tlsc->state); - - // Forward to [transport] - if (srep->data->choice.tlsRecv.state != 1) { - tr = calloc(1, sizeof(TransportRequest_t)); - tr->present = TransportRequest_PR_packet; - tr->choice.packet.present = TransportPacketRequest_PR_tcp; - TCPPacketRequest_t *tpr = &tr->choice.packet.choice.tcp; - tpr->data.size = srep->data->choice.tlsRecv.data.size; - tpr->data.buf = malloc(srep->data->choice.tlsRecv.data.size); - memcpy(tpr->data.buf, srep->data->choice.tlsRecv.data.buf, srep->data->choice.tlsRecv.data.size); - - tpr->sourcePort = tpi->choice.tcp.destinationPort; - tpr->destinationPort = tpi->choice.tcp.sourcePort; - - tpr->destinationAddress = calloc(1, sizeof(OCTET_STRING_t)); - tpr->destinationAddress->buf = malloc(16); - tpr->destinationAddress->size = 16; - memcpy(tpr->destinationAddress->buf, tpi->choice.tcp.sourceAddress->buf, 16); - tpr->destinationPort = 7011; - tpr->sourcePort = 7011; - - if (facilities.tolling.protocol.p == TOLLING_PROTOCOL_TLS_GN || - (facilities.tolling.protocol.p == TOLLING_PROTOCOL_TLS_SHS && tlsc->nmsg < 2)) { - tpr->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t)); - tpr->gn->packetTransportType = PacketTransportType_shb; - tpr->gn->destinationAddress.buf = calloc(1, 6); - tpr->gn->destinationAddress.size = 6; - } - - tpr->id = itss_id(tpr->data.buf, tpr->data.size); - - buf[0] = 4; - enc = oer_encode_to_buffer(&asn_DEF_TransportRequest, NULL, tr, buf + 1, buf_len - 1); - if (enc.encoded == -1) { - log_error("TransportRequest encoding fail"); - rv = 1; - goto cleanup; - } - - itss_queue_send(facilities.tx_queue, buf, enc.encoded + 1, ITSS_TRANSPORT, tpr->id, "TR.packet.tcp"); - } else { - if (facilities.tolling.enabled && srep->data->choice.tlsRecv.data.size) { - dec = uper_decode_complete(NULL, &asn_DEF_TPM, (void **)&its_msg, srep->data->choice.tlsRecv.data.buf, srep->data->choice.tlsRecv.data.size); - if (dec.code) { - log_debug("<- invalid TPM received"); - rv = 1; - goto cleanup; - } - if (!dec.code) { - tpm_recv(its_msg, security_socket, NULL, tpi->choice.tcp.sourceAddress->buf); - - // Fwd to [applications] - fi = calloc(1, sizeof(FacilitiesIndication_t)); - fi->present = FacilitiesIndication_PR_message; - FacilitiesMessageIndication_t *fmi = &fi->choice.message; - - fmi->id = id; - - fmi->itsMessageType = 7011; - - fmi->data.size = srep->data->choice.tlsRecv.data.size; - fmi->data.buf = malloc(srep->data->choice.tlsRecv.data.size); - memcpy(fmi->data.buf, srep->data->choice.tlsRecv.data.buf, srep->data->choice.tlsRecv.data.size); - - uint8_t buffer[ITSS_SDU_MAX_LEN]; - buffer[0] = 4; // Facilities - asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_FacilitiesIndication, NULL, fi, buffer + 1, ITSS_SDU_MAX_LEN - 1); - - itss_queue_send(facilities.tx_queue, buffer, enc.encoded + 1, ITSS_APPLICATIONS, id, "FI.message"); - } - } - } + log_debug("<- TI.packet.tcp | id:%ld size:%dB", tpi->choice.tcp.id, msg_len); + tls_recv(&tpi->choice.tcp, security_socket); break; + case TransportPacketIndication_PR_udp: id = tpi->choice.udp.id; log_debug("<- TI.packet.udp | id:%ld size:%dB", id, msg_len); diff --git a/src/tls.c b/src/tls.c new file mode 100644 index 0000000..dd9d8b0 --- /dev/null +++ b/src/tls.c @@ -0,0 +1,154 @@ +#include "tls.h" + +#include +#include +#include +#include +#include + +int tls_recv(TCPPacketIndication_t* tpi, void** security_socket) { + int rv = 0; + + uint16_t buf_len = 2048; + uint8_t buf[buf_len]; + + SecurityRequest_t* sreq = NULL; + SecurityReply_t* srep = NULL; + TransportRequest_t* tr = NULL; + FacilitiesIndication_t* fi = NULL; + + void* its_msg; + + sreq = calloc(1, sizeof(SecurityRequest_t)); + sreq->present = SecurityRequest_PR_tlsRecv; + sreq->choice.tlsRecv.data.size = tpi->data.size; + sreq->choice.tlsRecv.data.buf = malloc(tpi->data.size); + memcpy(sreq->choice.tlsRecv.data.buf, tpi->data.buf, tpi->data.size); + + uint64_t id = tpi->id; + pthread_mutex_lock(&facilities.tolling.lock); + tlsc_t *tlsc = tolling_tlsc_get(tpi->sourceAddress->buf, 7011); + if (tlsc) { + id = tlsc->id; + } else { + tlsc = tolling_tlsc_new(tpi->sourceAddress->buf, 7011); + id = tlsc->id; + } + ++tlsc->nmsg; + pthread_mutex_unlock(&facilities.tolling.lock); + sreq->choice.tlsSend.connId = id; + + uint8_t b_tx[2048], b_rx[2048]; + b_tx[0] = 4; + asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sreq, b_tx + 1, 2047); + + log_debug("->[security] SecurityRequest.tlsRecv (%ldB)", enc.encoded + 1); + itss_0send(*security_socket, b_tx, enc.encoded + 1); + int32_t rl = itss_0recv_rt(security_socket, b_rx, 2048, b_tx, enc.encoded + 1, 1000); + log_debug("<-[security] SecurityReply.tlsRecv (%dB)", rl); + + if (oer_decode(NULL, &asn_DEF_SecurityReply, (void **)&srep, b_rx, rl).code) { + log_error("SecurityReply.tlsRecv decode failure"); + rv = 1; + goto cleanup; + } + + if (srep->returnCode == SecurityReplyReturnCode_rejected) { + log_error("SecurityReply.tlsRecv rejected"); + + SecurityRequest_t *sREQ = calloc(1, sizeof(SecurityRequest_t)); + sREQ->present = SecurityRequest_PR_tlsShutdown; + sREQ->choice.tlsShutdown.connId = id; + b_tx[0] = 4; + asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sREQ, b_tx + 1, 2047); + log_debug("->[security] SecurityRequest.tlsShutdown (%ldB)", enc.encoded + 1); + itss_0send(*security_socket, b_tx, enc.encoded + 1); + int32_t rl = itss_0recv_rt(security_socket, b_rx, 2048, b_tx, enc.encoded + 1, 1000); + log_debug("<-[security] SecurityReply.tlsShutdown (%dB)", rl); + + rv = 1; + goto cleanup; + } + + log_debug("[tolling] tls n-msg:%d state:%d", tlsc->nmsg, tlsc->state); + + // Forward to [transport] + if (srep->data->choice.tlsRecv.state != 1) { + tr = calloc(1, sizeof(TransportRequest_t)); + tr->present = TransportRequest_PR_packet; + tr->choice.packet.present = TransportPacketRequest_PR_tcp; + TCPPacketRequest_t *tpr = &tr->choice.packet.choice.tcp; + tpr->data.size = srep->data->choice.tlsRecv.data.size; + tpr->data.buf = malloc(srep->data->choice.tlsRecv.data.size); + memcpy(tpr->data.buf, srep->data->choice.tlsRecv.data.buf, srep->data->choice.tlsRecv.data.size); + + tpr->sourcePort = tpi->destinationPort; + tpr->destinationPort = tpi->sourcePort; + + tpr->destinationAddress = calloc(1, sizeof(OCTET_STRING_t)); + tpr->destinationAddress->buf = malloc(16); + tpr->destinationAddress->size = 16; + memcpy(tpr->destinationAddress->buf, tpi->sourceAddress->buf, 16); + tpr->destinationPort = 7011; + tpr->sourcePort = 7011; + + if (facilities.tolling.protocol.p == TOLLING_PROTOCOL_TLS_GN || + (facilities.tolling.protocol.p == TOLLING_PROTOCOL_TLS_SHS && tlsc->nmsg < 2)) { + tpr->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t)); + tpr->gn->packetTransportType = PacketTransportType_shb; + tpr->gn->destinationAddress.buf = calloc(1, 6); + tpr->gn->destinationAddress.size = 6; + } + + tpr->id = itss_id(tpr->data.buf, tpr->data.size); + + buf[0] = 4; + enc = oer_encode_to_buffer(&asn_DEF_TransportRequest, NULL, tr, buf + 1, buf_len - 1); + if (enc.encoded == -1) { + log_error("TransportRequest encoding fail"); + rv = 1; + goto cleanup; + } + + itss_queue_send(facilities.tx_queue, buf, enc.encoded + 1, ITSS_TRANSPORT, tpr->id, "TR.packet.tcp"); + } else { + if (facilities.tolling.enabled && srep->data->choice.tlsRecv.data.size) { + asn_dec_rval_t dec = uper_decode_complete(NULL, &asn_DEF_TPM, (void **)&its_msg, srep->data->choice.tlsRecv.data.buf, srep->data->choice.tlsRecv.data.size); + if (dec.code) { + log_debug("<- invalid TPM received"); + rv = 1; + goto cleanup; + } + if (!dec.code) { + tpm_recv(its_msg, security_socket, NULL, tpi->sourceAddress->buf); + + // Fwd to [applications] + fi = calloc(1, sizeof(FacilitiesIndication_t)); + fi->present = FacilitiesIndication_PR_message; + FacilitiesMessageIndication_t *fmi = &fi->choice.message; + + fmi->id = id; + + fmi->itsMessageType = 7011; + + fmi->data.size = srep->data->choice.tlsRecv.data.size; + fmi->data.buf = malloc(srep->data->choice.tlsRecv.data.size); + memcpy(fmi->data.buf, srep->data->choice.tlsRecv.data.buf, srep->data->choice.tlsRecv.data.size); + + uint8_t buffer[ITSS_SDU_MAX_LEN]; + buffer[0] = 4; // Facilities + asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_FacilitiesIndication, NULL, fi, buffer + 1, ITSS_SDU_MAX_LEN - 1); + + itss_queue_send(facilities.tx_queue, buffer, enc.encoded + 1, ITSS_APPLICATIONS, id, "FI.message"); + } + } + } + +cleanup: + ASN_STRUCT_FREE(asn_DEF_FacilitiesIndication, fi); + ASN_STRUCT_FREE(asn_DEF_SecurityRequest, sreq); + ASN_STRUCT_FREE(asn_DEF_SecurityReply, srep); + ASN_STRUCT_FREE(asn_DEF_TransportRequest, tr); + + return rv; +} diff --git a/src/tls.h b/src/tls.h new file mode 100644 index 0000000..33474b8 --- /dev/null +++ b/src/tls.h @@ -0,0 +1,4 @@ +#include "facilities.h" +#include + +int tls_recv(TCPPacketIndication_t* tpi, void** security_socket);