Vanetza
Loading...
Searching...
No Matches
naive_certificate_provider.cpp
1#include <vanetza/common/its_aid.hpp>
2//#include <vanetza/security/v2/basic_elements.hpp>
3//#include <vanetza/security/v2/ecc_point.hpp>
4#include <vanetza/security/v2/naive_certificate_provider.hpp>
5//#include <vanetza/security/v2/payload.hpp>
6//#include <vanetza/security/v2/secured_message.hpp>
7//#include <vanetza/security/v2/signature.hpp>
8
9namespace vanetza
10{
11namespace security
12{
13namespace v2
14{
15
16NaiveCertificateProvider::NaiveCertificateProvider(const Runtime& rt) :
17 m_runtime(rt),
18 m_own_key_pair(m_crypto_backend.generate_key_pair()),
19 m_own_certificate(generate_authorization_ticket()) { }
20
21const Certificate& NaiveCertificateProvider::own_certificate()
22{
23 // renew certificate if necessary
24 for (auto& validity_restriction : m_own_certificate.validity_restriction) {
25 auto start_and_end = boost::get<StartAndEndValidity>(&validity_restriction);
26 auto renewal_deadline = convert_time32(m_runtime.now() + std::chrono::hours(1));
27 if (start_and_end && start_and_end->end_validity < renewal_deadline) {
28 m_own_certificate = generate_authorization_ticket();
29 break;
30 }
31 }
32
33 return m_own_certificate;
34}
35
36std::list<Certificate> NaiveCertificateProvider::own_chain()
37{
38 static const std::list<Certificate> chain = { aa_certificate() };
39
40 return chain;
41}
42
43const ecdsa256::PrivateKey& NaiveCertificateProvider::own_private_key()
44{
45 return m_own_key_pair.private_key;
46}
47
48const ecdsa256::KeyPair& NaiveCertificateProvider::aa_key_pair()
49{
50 static const ecdsa256::KeyPair aa_key_pair = m_crypto_backend.generate_key_pair();
51
52 return aa_key_pair;
53}
54
55const ecdsa256::KeyPair& NaiveCertificateProvider::root_key_pair()
56{
57 static const ecdsa256::KeyPair root_key_pair = m_crypto_backend.generate_key_pair();
58
59 return root_key_pair;
60}
61
62const Certificate& NaiveCertificateProvider::aa_certificate()
63{
64 static const std::string aa_subject("Naive Authorization CA");
65 static const Certificate aa_certificate = generate_aa_certificate(aa_subject);
66
67 return aa_certificate;
68}
69
70const Certificate& NaiveCertificateProvider::root_certificate()
71{
72 static const std::string root_subject("Naive Root CA");
73 static const Certificate root_certificate = generate_root_certificate(root_subject);
74
75 return root_certificate;
76}
77
78Certificate NaiveCertificateProvider::generate_authorization_ticket()
79{
80 // create certificate
81 Certificate certificate;
82
83 // section 6.1 in TS 103 097 v1.2.1
84 certificate.signer_info = calculate_hash(aa_certificate());
85
86 // section 6.3 in TS 103 097 v1.2.1
87 certificate.subject_info.subject_type = SubjectType::Authorization_Ticket;
88 // section 7.4.2 in TS 103 097 v1.2.1, subject_name implicit empty
89
90 // set assurance level
91 certificate.subject_attributes.push_back(SubjectAssurance(0x00));
92
93 certificate.add_permission(aid::CA, ByteBuffer({ 1, 0, 0 }));
94 certificate.add_permission(aid::DEN, ByteBuffer({ 1, 0xff, 0xff, 0xff}));
95 certificate.add_permission(aid::GN_MGMT, ByteBuffer({})); // required for beacons
96 certificate.add_permission(aid::IPV6_ROUTING, ByteBuffer({})); // required for routing tests
97
98 // section 7.4.1 in TS 103 097 v1.2.1
99 // set subject attributes
100 // set the verification_key
101 Uncompressed coordinates;
102 coordinates.x.assign(m_own_key_pair.public_key.x.begin(), m_own_key_pair.public_key.x.end());
103 coordinates.y.assign(m_own_key_pair.public_key.y.begin(), m_own_key_pair.public_key.y.end());
104 EccPoint ecc_point = coordinates;
105 ecdsa_nistp256_with_sha256 ecdsa;
106 ecdsa.public_key = ecc_point;
107 VerificationKey verification_key;
108 verification_key.key = ecdsa;
109 certificate.subject_attributes.push_back(verification_key);
110
111 // section 6.7 in TS 103 097 v1.2.1
112 // set validity restriction
113 StartAndEndValidity start_and_end;
114 start_and_end.start_validity = convert_time32(m_runtime.now() - std::chrono::hours(1));
115 start_and_end.end_validity = convert_time32(m_runtime.now() + std::chrono::hours(23));
116 certificate.validity_restriction.push_back(start_and_end);
117
118 sign_authorization_ticket(certificate);
119
120 return certificate;
121}
122
123void NaiveCertificateProvider::sign_authorization_ticket(Certificate& certificate)
124{
125 sort(certificate);
126
127 ByteBuffer data_buffer = convert_for_signing(certificate);
128 certificate.signature = m_crypto_backend.sign_data(aa_key_pair().private_key, data_buffer);
129}
130
131Certificate NaiveCertificateProvider::generate_aa_certificate(const std::string& subject_name)
132{
133 // create certificate
134 Certificate certificate;
135
136 // section 6.1 in TS 103 097 v1.2.1
137 certificate.signer_info = calculate_hash(root_certificate());
138
139 // section 6.3 in TS 103 097 v1.2.1
140 certificate.subject_info.subject_type = SubjectType::Authorization_Authority;
141
142 // section 7.4.2 in TS 103 097 v1.2.1
143 std::vector<unsigned char> subject(subject_name.begin(), subject_name.end());
144 certificate.subject_info.subject_name = subject;
145
146 // section 6.6 in TS 103 097 v1.2.1 - levels currently undefined
147 certificate.subject_attributes.push_back(SubjectAssurance(0x00));
148
149 certificate.add_permission(aid::CA);
150 certificate.add_permission(aid::DEN);
151 certificate.add_permission(aid::GN_MGMT); // required for beacons
152 certificate.add_permission(aid::IPV6_ROUTING); // required for routing tests
153
154 // section 7.4.1 in TS 103 097 v1.2.1
155 // set subject attributes
156 // set the verification_key
157 Uncompressed coordinates;
158 coordinates.x.assign(aa_key_pair().public_key.x.begin(), aa_key_pair().public_key.x.end());
159 coordinates.y.assign(aa_key_pair().public_key.y.begin(), aa_key_pair().public_key.y.end());
160 EccPoint ecc_point = coordinates;
161 ecdsa_nistp256_with_sha256 ecdsa;
162 ecdsa.public_key = ecc_point;
163 VerificationKey verification_key;
164 verification_key.key = ecdsa;
165 certificate.subject_attributes.push_back(verification_key);
166
167 // section 6.7 in TS 103 097 v1.2.1
168 // set validity restriction
169 StartAndEndValidity start_and_end;
170 start_and_end.start_validity = convert_time32(m_runtime.now() - std::chrono::hours(1));
171 start_and_end.end_validity = convert_time32(m_runtime.now() + std::chrono::hours(23));
172 certificate.validity_restriction.push_back(start_and_end);
173
174 sort(certificate);
175
176 // set signature
177 ByteBuffer data_buffer = convert_for_signing(certificate);
178 certificate.signature = m_crypto_backend.sign_data(root_key_pair().private_key, data_buffer);
179
180 return certificate;
181}
182
183Certificate NaiveCertificateProvider::generate_root_certificate(const std::string& subject_name)
184{
185 // create certificate
186 Certificate certificate;
187
188 // section 6.1 in TS 103 097 v1.2.1
189 certificate.signer_info = nullptr; /* self */
190
191 // section 6.3 in TS 103 097 v1.2.1
192 certificate.subject_info.subject_type = SubjectType::Root_CA;
193
194 // section 7.4.2 in TS 103 097 v1.2.1
195 std::vector<unsigned char> subject(subject_name.begin(), subject_name.end());
196 certificate.subject_info.subject_name = subject;
197
198 // section 6.6 in TS 103 097 v1.2.1 - levels currently undefined
199 certificate.subject_attributes.push_back(SubjectAssurance(0x00));
200
201 certificate.add_permission(aid::CA);
202 certificate.add_permission(aid::DEN);
203 certificate.add_permission(aid::GN_MGMT); // required for beacons
204 certificate.add_permission(aid::IPV6_ROUTING); // required for routing tests
205
206 // section 7.4.1 in TS 103 097 v1.2.1
207 // set subject attributes
208 // set the verification_key
209 Uncompressed coordinates;
210 coordinates.x.assign(root_key_pair().public_key.x.begin(), root_key_pair().public_key.x.end());
211 coordinates.y.assign(root_key_pair().public_key.y.begin(), root_key_pair().public_key.y.end());
212 EccPoint ecc_point = coordinates;
213 ecdsa_nistp256_with_sha256 ecdsa;
214 ecdsa.public_key = ecc_point;
215 VerificationKey verification_key;
216 verification_key.key = ecdsa;
217 certificate.subject_attributes.push_back(verification_key);
218
219 // section 6.7 in TS 103 097 v1.2.1
220 // set validity restriction
221 StartAndEndValidity start_and_end;
222 start_and_end.start_validity = convert_time32(m_runtime.now() - std::chrono::hours(1));
223 start_and_end.end_validity = convert_time32(m_runtime.now() + std::chrono::hours(365 * 24));
224 certificate.validity_restriction.push_back(start_and_end);
225
226 sort(certificate);
227
228 // set signature
229 ByteBuffer data_buffer = convert_for_signing(certificate);
230 certificate.signature = m_crypto_backend.sign_data(root_key_pair().private_key, data_buffer);
231
232 return certificate;
233}
234
235} // namespace v2
236} // namespace security
237} // namespace vanetza
vanetza::security::v2::NaiveCertificateProvider::own_certificate
const Certificate & own_certificate() override
get own certificate for signing
Definition naive_certificate_provider.cpp:21
vanetza::security::v2::NaiveCertificateProvider::generate_authorization_ticket
Certificate generate_authorization_ticket()
generate an authorization ticket
Definition naive_certificate_provider.cpp:78
vanetza::security::v2::NaiveCertificateProvider::aa_key_pair
const ecdsa256::KeyPair & aa_key_pair()
get root key (same for all instances)
Definition naive_certificate_provider.cpp:48
vanetza::security::v2::NaiveCertificateProvider::sign_authorization_ticket
void sign_authorization_ticket(Certificate &certificate)
sign an authorization ticket
Definition naive_certificate_provider.cpp:123
vanetza::security::v2::NaiveCertificateProvider::root_key_pair
const ecdsa256::KeyPair & root_key_pair()
get root key (same for all instances)
Definition naive_certificate_provider.cpp:55
vanetza::security::v2::NaiveCertificateProvider::generate_aa_certificate
Certificate generate_aa_certificate(const std::string &subject_name)
generate a authorization authority certificate
Definition naive_certificate_provider.cpp:131
vanetza::security::v2::NaiveCertificateProvider::own_private_key
const ecdsa256::PrivateKey & own_private_key() override
get own private key
Definition naive_certificate_provider.cpp:43
vanetza::security::v2::NaiveCertificateProvider::aa_certificate
const Certificate & aa_certificate()
get ticket signer certificate (same for all instances)
Definition naive_certificate_provider.cpp:62
vanetza::security::v2::NaiveCertificateProvider::root_certificate
const Certificate & root_certificate()
get root certificate (same for all instances)
Definition naive_certificate_provider.cpp:70
vanetza::security::v2::NaiveCertificateProvider::generate_root_certificate
Certificate generate_root_certificate(const std::string &subject_name)
generate a root certificate
Definition naive_certificate_provider.cpp:183
vanetza::security::v2::Certificate
described in TS 103 097 v1.2.1 (2015-06), section 6.1
Definition certificate.hpp:28
vanetza::security::v2::SubjectAssurance
SubjectAssurance specified in TS 103 097 v1.2.1 in section 6.6 and 7.4.1.
Definition subject_attribute.hpp:20
vanetza::security::v2::VerificationKey
VerificationKey specified in TS 103 097 v1.2.1, section 6.4.
Definition subject_attribute.hpp:58
vanetza::security::v2::ecdsa_nistp256_with_sha256
ecdsa_nistp256_with_sha256 specified in TS 103 097 v1.2.1, section 4.2.4
Definition public_key.hpp:29