vanetza icon indicating copy to clipboard operation
vanetza copied to clipboard

Published 20 hours ago verified publisher icon riebl

Security V1.3.1

Open JordiMarias opened this issue 3 years ago • 13 comments

This pull request adds the functionality of the security V1.3.1; as specified in the following document: https://www.etsi.org/deliver/etsi_ts/103000_103099/103097/01.03.01_60/ts_103097v010301p.pdf

I've opened this pull request to get the code already developed to be reviewed, so I'm sure we are on the same page. Although the V1.3.1 it's already developed and working, I'm planning to update the Certify tool and add testing in the future. To run this new security layer it can be done by compiling "socktap" and running it with the following command and the certificates below: ./socktap -p static --certificate 3_Root_CA_Cert.bin --certificate-key 3_Root_CA_private.pem --security certs --security-version 3

To ensure retro compatibility I've used boost::variant on both the Certificate class and the SecuredMessage class. Which are split into SecuredMessageV2 and SecuredMessageV3 and used equally with SecuredMessageVariant. Which can be fundamentally used the same way the old SecuredMessage object could. Exactly the same applies to the CertificateVariant object.

Finally both the "verify service" and the "sign service" are under an interface and can be used indistinctly and adapt themselves to the the version of the security used.

I'll look forward to and answer any review.

P.D: I've developed this for a project and still have some months ahead to further develop features of the security layer. My intention is NOT to directly merge my code is to start a review and improvement process until an optimal point of development is reached.

Example Certificate:

Certificate: https://drive.google.com/file/d/1nA4nwp5ItymthmwnrTeVWYBhlSaR3Az2/view?usp=sharing Private Key: https://drive.google.com/file/d/15qBeUI1zDyZKk76VDQ7iuAUkrbkV-Pdh/view?usp=sharing

JordiMarias avatar May 18 '21 14:05 JordiMarias

Hi, again Riebl! I know haven't been active in this PR for quite a long time, but I'd like to contribute to the project and merge it. I've finally reviewed all the comments again and it seems now that everything is in order. Could you review it again, to check if there is something missing?

Best regards, Jordi Marias

JordiMarias avatar Mar 03 '22 10:03 JordiMarias

Hi, again Riebl! I know haven't been active in this PR for quite a long time, but I'd like to contribute to the project and merge it. I've finally reviewed all the comments again and it seems now that everything is in order. Could you review it again, to check if there is something missing?

Best regards, Jordi Marias

PD: I'm working quickly to make all UT run fine!

JordiMarias avatar Mar 03 '22 12:03 JordiMarias

Hi @JordiMarias, welcome back! :-) Let me know if you face trouble fixing the unit tests. Otherwise, I will simply wait for your update.

riebl avatar Mar 05 '22 07:03 riebl

I'm having a hard time fixing the remaining failing tests. Most of the problems that appear regard the boost::variant implementation from the fact that there is compatibility with both versions. More specifically, it boils down to the Certificate provider, when is called the "own_certificate()" method it returns the new "CertificateVariant" type of object which is a visitable variable that can either be the v1.2.1 security cert or the v1.3.1 security cert. Apparently, nothing gets returned when there is returned a boost::variant type of message. I'm working on it but if you can take a glance at it, it would be great!

JordiMarias avatar Mar 10 '22 09:03 JordiMarias

Update: I am currently extracting the security v1.2.1 encoding to the vanetza::security::v2 namespace, so vanetza::security contains only generic code working for both versions. As part of that, I am also refactoring the interfaces slightly to make the version agnostic. That should help us to get your changes into place as soon as I am done with it.

riebl avatar Mar 13 '22 21:03 riebl

Hi Riebl, what are your plans to be able to merge this pull request? Did you were able to extract the V2 security to the vanetza::security::v2? I can try to do it myself in this PR.

JordiMarias avatar Jun 12 '22 21:06 JordiMarias

Hi @JordiMarias, I have been able to extract most of the V2 security code to its namespace. Unfortunately, I have not yet been able to run all tests successfully again.

riebl avatar Jun 26 '22 18:06 riebl

Hi together, are there any news about this? We would be very interested in using this soon. Let me know if I can help somehow.

Best regards Keno

kenog avatar Oct 13 '22 08:10 kenog

Hi @kenog,

no news, I had no time yet to complete this effort. However, I could tidy up my branch a little bit and share it with you. Are you interested?

riebl avatar Oct 18 '22 18:10 riebl

Yes, that would be great! Thank you very much :)

kenog avatar Oct 19 '22 08:10 kenog

@kenog I have pushed branch sec_v2_namespace. Please note that the SecurityEntity unit test segfaults. It is still in a rough state…

Update 6 November: I have fixed the segfault issue. The branch builds and runs fine now. Next step is to add v3::SecuredMessage to the SecuredMessage variant.

riebl avatar Oct 23 '22 22:10 riebl

Hi @riebl, I'd like to know the current state of this pull request and if it is possible to use this branch for providing simply CAM and RTCMEM communication in v3 way with it. If It isn't, when do you estimate that this pull request will be closed? Thanks in advance.

serserHR avatar Oct 03 '23 08:10 serserHR

Hi @serserHR, this PR is no longer compatible with our upstream master branch. Secured v3 messages can be received meanwhile. Support for outgoing v3 secured messages is a top priority but my spare time is quite limited.

riebl avatar Oct 05 '23 19:10 riebl