-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security V1.3.1 #130
base: master
Are you sure you want to change the base?
Security V1.3.1 #130
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your effort and sorry for my delayed review. Looks quite good overall, I have just some minor change requests. See the inline comments for details.
Hi, again Riebl! I know haven't been active in this PR for quite a long time, but I'd like to contribute to the project and merge it. Best regards, |
PD: I'm working quickly to make all UT run fine! |
Hi @JordiMarias, welcome back! :-) |
I'm having a hard time fixing the remaining failing tests. Most of the problems that appear regard the boost::variant implementation from the fact that there is compatibility with both versions. More specifically, it boils down to the Certificate provider, when is called the "own_certificate()" method it returns the new "CertificateVariant" type of object which is a visitable variable that can either be the v1.2.1 security cert or the v1.3.1 security cert. Apparently, nothing gets returned when there is returned a boost::variant type of message. |
Update: I am currently extracting the security v1.2.1 encoding to the |
Hi Riebl, what are your plans to be able to merge this pull request? Did you were able to extract the V2 security to the vanetza::security::v2? I can try to do it myself in this PR. |
Hi @JordiMarias, I have been able to extract most of the V2 security code to its namespace. Unfortunately, I have not yet been able to run all tests successfully again. |
Hi together, Best regards |
Hi @kenog, no news, I had no time yet to complete this effort. However, I could tidy up my branch a little bit and share it with you. Are you interested? |
Yes, that would be great! Thank you very much :) |
@kenog I have pushed branch sec_v2_namespace. Please note that the SecurityEntity unit test segfaults. It is still in a rough state… Update 6 November: I have fixed the segfault issue. The branch builds and runs fine now. Next step is to add |
Hi @riebl, |
Hi @serserHR, this PR is no longer compatible with our upstream master branch. Secured v3 messages can be received meanwhile. Support for outgoing v3 secured messages is a top priority but my spare time is quite limited. |
This pull request adds the functionality of the security V1.3.1; as specified in the following document:
https://www.etsi.org/deliver/etsi_ts/103000_103099/103097/01.03.01_60/ts_103097v010301p.pdf
I've opened this pull request to get the code already developed to be reviewed, so I'm sure we are on the same page. Although the V1.3.1 it's already developed and working, I'm planning to update the Certify tool and add testing in the future. To run this new security layer it can be done by compiling "socktap" and running it with the following command and the certificates below:
./socktap -p static --certificate 3_Root_CA_Cert.bin --certificate-key 3_Root_CA_private.pem --security certs --security-version 3
To ensure retro compatibility I've used boost::variant on both the Certificate class and the SecuredMessage class. Which are split into SecuredMessageV2 and SecuredMessageV3 and used equally with SecuredMessageVariant. Which can be fundamentally used the same way the old SecuredMessage object could. Exactly the same applies to the CertificateVariant object.
Finally both the "verify service" and the "sign service" are under an interface and can be used indistinctly and adapt themselves to the
the version of the security used.
I'll look forward to and answer any review.
P.D: I've developed this for a project and still have some months ahead to further develop features of the security layer. My intention is NOT to directly merge my code is to start a review and improvement process until an optimal point of development is reached.
Example Certificate:
Certificate: https://drive.google.com/file/d/1nA4nwp5ItymthmwnrTeVWYBhlSaR3Az2/view?usp=sharing
Private Key: https://drive.google.com/file/d/15qBeUI1zDyZKk76VDQ7iuAUkrbkV-Pdh/view?usp=sharing