TiagoRG
/
it2s-itss-facilities
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mv TLS handling to separate file

This commit is contained in:
emanuel 2023-04-17 18:19:24 +01:00
parent dbb5a8addc
commit 32aa759df4
4 changed files with 163 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/CMakeLists.txt
View File

@ -11,6 +11,7 @@ ADD_EXECUTABLE(it2s-itss-facilities
tpm.c tpm.c
vcm.c vcm.c
evm.c evm.c
tls.c
) )
TARGET_LINK_LIBRARIES(it2s-itss-facilities TARGET_LINK_LIBRARIES(it2s-itss-facilities

132
src/facilities.c
View File

@ -41,6 +41,7 @@
#include "saem.h" #include "saem.h"
#include "tpm.h" #include "tpm.h"
#include "vcm.h" #include "vcm.h"
#include "tls.h"
facilities_t facilities = {0}; facilities_t facilities = {0};
@ -297,135 +298,10 @@ static int transport_indication(void *responder, void **security_socket, uint8_t
break; break;
case TransportPacketIndication_PR_tcp: case TransportPacketIndication_PR_tcp:
id = tpi->choice.tcp.id; log_debug("<- TI.packet.tcp | id:%ld size:%dB", tpi->choice.tcp.id, msg_len);
packet = tpi->choice.tcp.data.buf; tls_recv(&tpi->choice.tcp, security_socket);
packet_len = tpi->choice.tcp.data.size;
log_debug("<- TI.packet.tcp | id:%ld size:%dB", id, msg_len);
sreq = calloc(1, sizeof(SecurityRequest_t));
sreq->present = SecurityRequest_PR_tlsRecv;
sreq->choice.tlsRecv.data.size = tpi->choice.tcp.data.size;
sreq->choice.tlsRecv.data.buf = malloc(tpi->choice.tcp.data.size);
memcpy(sreq->choice.tlsRecv.data.buf, tpi->choice.tcp.data.buf, tpi->choice.tcp.data.size);
pthread_mutex_lock(&facilities.tolling.lock);
tlsc_t *tlsc = tolling_tlsc_get(tpi->choice.tcp.sourceAddress->buf, 7011);
if (tlsc) {
id = tlsc->id;
} else {
tlsc = tolling_tlsc_new(tpi->choice.tcp.sourceAddress->buf, 7011);
id = tlsc->id;
}
++tlsc->nmsg;
pthread_mutex_unlock(&facilities.tolling.lock);
sreq->choice.tlsSend.connId = id;
uint8_t b_tx[2048], b_rx[2048];
b_tx[0] = 4;
asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sreq, b_tx + 1, 2047);
log_debug("->[security] SecurityRequest.tlsRecv (%ldB)", enc.encoded + 1);
itss_0send(*security_socket, b_tx, enc.encoded + 1);
int32_t rl = itss_0recv_rt(security_socket, b_rx, 2048, b_tx, enc.encoded + 1, 1000);
log_debug("<-[security] SecurityReply.tlsRecv (%dB)", rl);
if (oer_decode(NULL, &asn_DEF_SecurityReply, (void **)&srep, b_rx, rl).code) {
log_error("SecurityReply.tlsRecv decode failure");
rv = 1;
goto cleanup;
}
if (srep->returnCode == SecurityReplyReturnCode_rejected) {
log_error("SecurityReply.tlsRecv rejected");
SecurityRequest_t *sREQ = calloc(1, sizeof(SecurityRequest_t));
sREQ->present = SecurityRequest_PR_tlsShutdown;
sREQ->choice.tlsShutdown.connId = id;
b_tx[0] = 4;
asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sREQ, b_tx + 1, 2047);
log_debug("->[security] SecurityRequest.tlsShutdown (%ldB)", enc.encoded + 1);
itss_0send(*security_socket, b_tx, enc.encoded + 1);
int32_t rl = itss_0recv_rt(security_socket, b_rx, 2048, b_tx, enc.encoded + 1, 1000);
log_debug("<-[security] SecurityReply.tlsShutdown (%dB)", rl);
rv = 1;
goto cleanup;
}
log_debug("[tolling] tls n-msg:%d state:%d", tlsc->nmsg, tlsc->state);
// Forward to [transport]
if (srep->data->choice.tlsRecv.state != 1) {
tr = calloc(1, sizeof(TransportRequest_t));
tr->present = TransportRequest_PR_packet;
tr->choice.packet.present = TransportPacketRequest_PR_tcp;
TCPPacketRequest_t *tpr = &tr->choice.packet.choice.tcp;
tpr->data.size = srep->data->choice.tlsRecv.data.size;
tpr->data.buf = malloc(srep->data->choice.tlsRecv.data.size);
memcpy(tpr->data.buf, srep->data->choice.tlsRecv.data.buf, srep->data->choice.tlsRecv.data.size);
tpr->sourcePort = tpi->choice.tcp.destinationPort;
tpr->destinationPort = tpi->choice.tcp.sourcePort;
tpr->destinationAddress = calloc(1, sizeof(OCTET_STRING_t));
tpr->destinationAddress->buf = malloc(16);
tpr->destinationAddress->size = 16;
memcpy(tpr->destinationAddress->buf, tpi->choice.tcp.sourceAddress->buf, 16);
tpr->destinationPort = 7011;
tpr->sourcePort = 7011;
if (facilities.tolling.protocol.p == TOLLING_PROTOCOL_TLS_GN ||
(facilities.tolling.protocol.p == TOLLING_PROTOCOL_TLS_SHS && tlsc->nmsg < 2)) {
tpr->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
tpr->gn->packetTransportType = PacketTransportType_shb;
tpr->gn->destinationAddress.buf = calloc(1, 6);
tpr->gn->destinationAddress.size = 6;
}
tpr->id = itss_id(tpr->data.buf, tpr->data.size);
buf[0] = 4;
enc = oer_encode_to_buffer(&asn_DEF_TransportRequest, NULL, tr, buf + 1, buf_len - 1);
if (enc.encoded == -1) {
log_error("TransportRequest encoding fail");
rv = 1;
goto cleanup;
}
itss_queue_send(facilities.tx_queue, buf, enc.encoded + 1, ITSS_TRANSPORT, tpr->id, "TR.packet.tcp");
} else {
if (facilities.tolling.enabled && srep->data->choice.tlsRecv.data.size) {
dec = uper_decode_complete(NULL, &asn_DEF_TPM, (void **)&its_msg, srep->data->choice.tlsRecv.data.buf, srep->data->choice.tlsRecv.data.size);
if (dec.code) {
log_debug("<- invalid TPM received");
rv = 1;
goto cleanup;
}
if (!dec.code) {
tpm_recv(its_msg, security_socket, NULL, tpi->choice.tcp.sourceAddress->buf);
// Fwd to [applications]
fi = calloc(1, sizeof(FacilitiesIndication_t));
fi->present = FacilitiesIndication_PR_message;
FacilitiesMessageIndication_t *fmi = &fi->choice.message;
fmi->id = id;
fmi->itsMessageType = 7011;
fmi->data.size = srep->data->choice.tlsRecv.data.size;
fmi->data.buf = malloc(srep->data->choice.tlsRecv.data.size);
memcpy(fmi->data.buf, srep->data->choice.tlsRecv.data.buf, srep->data->choice.tlsRecv.data.size);
uint8_t buffer[ITSS_SDU_MAX_LEN];
buffer[0] = 4; // Facilities
asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_FacilitiesIndication, NULL, fi, buffer + 1, ITSS_SDU_MAX_LEN - 1);
itss_queue_send(facilities.tx_queue, buffer, enc.encoded + 1, ITSS_APPLICATIONS, id, "FI.message");
}
}
}
break; break;
case TransportPacketIndication_PR_udp: case TransportPacketIndication_PR_udp:
id = tpi->choice.udp.id; id = tpi->choice.udp.id;
log_debug("<- TI.packet.udp | id:%ld size:%dB", id, msg_len); log_debug("<- TI.packet.udp | id:%ld size:%dB", id, msg_len);

154
src/tls.c Normal file
View File

@ -0,0 +1,154 @@
#include "tls.h"
#include <it2s-asn/itss-security/SecurityRequest.h>
#include <it2s-asn/itss-security/SecurityReply.h>
#include <it2s-asn/itss-transport/TransportRequest.h>
#include <it2s-asn/itss-facilities/FacilitiesIndication.h>
#include <it2s-tender/packet.h>
int tls_recv(TCPPacketIndication_t* tpi, void** security_socket) {
int rv = 0;
uint16_t buf_len = 2048;
uint8_t buf[buf_len];
SecurityRequest_t* sreq = NULL;
SecurityReply_t* srep = NULL;
TransportRequest_t* tr = NULL;
FacilitiesIndication_t* fi = NULL;
void* its_msg;
sreq = calloc(1, sizeof(SecurityRequest_t));
sreq->present = SecurityRequest_PR_tlsRecv;
sreq->choice.tlsRecv.data.size = tpi->data.size;
sreq->choice.tlsRecv.data.buf = malloc(tpi->data.size);
memcpy(sreq->choice.tlsRecv.data.buf, tpi->data.buf, tpi->data.size);
uint64_t id = tpi->id;
pthread_mutex_lock(&facilities.tolling.lock);
tlsc_t *tlsc = tolling_tlsc_get(tpi->sourceAddress->buf, 7011);
if (tlsc) {
id = tlsc->id;
} else {
tlsc = tolling_tlsc_new(tpi->sourceAddress->buf, 7011);
id = tlsc->id;
}
++tlsc->nmsg;
pthread_mutex_unlock(&facilities.tolling.lock);
sreq->choice.tlsSend.connId = id;
uint8_t b_tx[2048], b_rx[2048];
b_tx[0] = 4;
asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sreq, b_tx + 1, 2047);
log_debug("->[security] SecurityRequest.tlsRecv (%ldB)", enc.encoded + 1);
itss_0send(*security_socket, b_tx, enc.encoded + 1);
int32_t rl = itss_0recv_rt(security_socket, b_rx, 2048, b_tx, enc.encoded + 1, 1000);
log_debug("<-[security] SecurityReply.tlsRecv (%dB)", rl);
if (oer_decode(NULL, &asn_DEF_SecurityReply, (void **)&srep, b_rx, rl).code) {
log_error("SecurityReply.tlsRecv decode failure");
rv = 1;
goto cleanup;
}
if (srep->returnCode == SecurityReplyReturnCode_rejected) {
log_error("SecurityReply.tlsRecv rejected");
SecurityRequest_t *sREQ = calloc(1, sizeof(SecurityRequest_t));
sREQ->present = SecurityRequest_PR_tlsShutdown;
sREQ->choice.tlsShutdown.connId = id;
b_tx[0] = 4;
asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sREQ, b_tx + 1, 2047);
log_debug("->[security] SecurityRequest.tlsShutdown (%ldB)", enc.encoded + 1);
itss_0send(*security_socket, b_tx, enc.encoded + 1);
int32_t rl = itss_0recv_rt(security_socket, b_rx, 2048, b_tx, enc.encoded + 1, 1000);
log_debug("<-[security] SecurityReply.tlsShutdown (%dB)", rl);
rv = 1;
goto cleanup;
}
log_debug("[tolling] tls n-msg:%d state:%d", tlsc->nmsg, tlsc->state);
// Forward to [transport]
if (srep->data->choice.tlsRecv.state != 1) {
tr = calloc(1, sizeof(TransportRequest_t));
tr->present = TransportRequest_PR_packet;
tr->choice.packet.present = TransportPacketRequest_PR_tcp;
TCPPacketRequest_t *tpr = &tr->choice.packet.choice.tcp;
tpr->data.size = srep->data->choice.tlsRecv.data.size;
tpr->data.buf = malloc(srep->data->choice.tlsRecv.data.size);
memcpy(tpr->data.buf, srep->data->choice.tlsRecv.data.buf, srep->data->choice.tlsRecv.data.size);
tpr->sourcePort = tpi->destinationPort;
tpr->destinationPort = tpi->sourcePort;
tpr->destinationAddress = calloc(1, sizeof(OCTET_STRING_t));
tpr->destinationAddress->buf = malloc(16);
tpr->destinationAddress->size = 16;
memcpy(tpr->destinationAddress->buf, tpi->sourceAddress->buf, 16);
tpr->destinationPort = 7011;
tpr->sourcePort = 7011;
if (facilities.tolling.protocol.p == TOLLING_PROTOCOL_TLS_GN ||
(facilities.tolling.protocol.p == TOLLING_PROTOCOL_TLS_SHS && tlsc->nmsg < 2)) {
tpr->gn = calloc(1, sizeof(GeonetworkingOutboundOptions_t));
tpr->gn->packetTransportType = PacketTransportType_shb;
tpr->gn->destinationAddress.buf = calloc(1, 6);
tpr->gn->destinationAddress.size = 6;
}
tpr->id = itss_id(tpr->data.buf, tpr->data.size);
buf[0] = 4;
enc = oer_encode_to_buffer(&asn_DEF_TransportRequest, NULL, tr, buf + 1, buf_len - 1);
if (enc.encoded == -1) {
log_error("TransportRequest encoding fail");
rv = 1;
goto cleanup;
}
itss_queue_send(facilities.tx_queue, buf, enc.encoded + 1, ITSS_TRANSPORT, tpr->id, "TR.packet.tcp");
} else {
if (facilities.tolling.enabled && srep->data->choice.tlsRecv.data.size) {
asn_dec_rval_t dec = uper_decode_complete(NULL, &asn_DEF_TPM, (void **)&its_msg, srep->data->choice.tlsRecv.data.buf, srep->data->choice.tlsRecv.data.size);
if (dec.code) {
log_debug("<- invalid TPM received");
rv = 1;
goto cleanup;
}
if (!dec.code) {
tpm_recv(its_msg, security_socket, NULL, tpi->sourceAddress->buf);
// Fwd to [applications]
fi = calloc(1, sizeof(FacilitiesIndication_t));
fi->present = FacilitiesIndication_PR_message;
FacilitiesMessageIndication_t *fmi = &fi->choice.message;
fmi->id = id;
fmi->itsMessageType = 7011;
fmi->data.size = srep->data->choice.tlsRecv.data.size;
fmi->data.buf = malloc(srep->data->choice.tlsRecv.data.size);
memcpy(fmi->data.buf, srep->data->choice.tlsRecv.data.buf, srep->data->choice.tlsRecv.data.size);
uint8_t buffer[ITSS_SDU_MAX_LEN];
buffer[0] = 4; // Facilities
asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_FacilitiesIndication, NULL, fi, buffer + 1, ITSS_SDU_MAX_LEN - 1);
itss_queue_send(facilities.tx_queue, buffer, enc.encoded + 1, ITSS_APPLICATIONS, id, "FI.message");
}
}
}
cleanup:
ASN_STRUCT_FREE(asn_DEF_FacilitiesIndication, fi);
ASN_STRUCT_FREE(asn_DEF_SecurityRequest, sreq);
ASN_STRUCT_FREE(asn_DEF_SecurityReply, srep);
ASN_STRUCT_FREE(asn_DEF_TransportRequest, tr);
return rv;
}

4
src/tls.h Normal file
View File

@ -0,0 +1,4 @@
#include "facilities.h"
#include <it2s-asn/itss-transport/TransportIndication.h>
int tls_recv(TCPPacketIndication_t* tpi, void** security_socket);