Vanetza
Loading...
Searching...
No Matches
certificate.hpp
1#pragma once
2#include <vanetza/asn1/asn1c_wrapper.hpp>
3#include <vanetza/asn1/security/EtsiTs103097Certificate.h>
4#include <vanetza/common/clock.hpp>
5#include <vanetza/common/its_aid.hpp>
6#include <vanetza/common/position_fix.hpp>
7#include <vanetza/net/packet_variant.hpp>
8#include <vanetza/security/hashed_id.hpp>
9#include <vanetza/security/key_type.hpp>
10#include <vanetza/security/public_key.hpp>
11#include <vanetza/security/signature.hpp>
12#include <vanetza/security/v3/asn1_types.hpp>
13#include <vanetza/security/v3/location_checker.hpp>
14#include <vanetza/security/v3/validity_restriction.hpp>
15#include <boost/optional/optional_fwd.hpp>
16#include <list>
17
18namespace vanetza
19{
20namespace security
21{
22namespace v3
23{
24
25// forward declaration
26class Certificate;
27
28/**
29 * Read-only view on a certificate
30 *
31 * In contrast to Certificate, a view does not own the certificate data.
32 * A view can be created with low overhead as no heavy copying is required.
33 */
34class CertificateView
35{
36public:
37 explicit CertificateView(const asn1::EtsiTs103097Certificate* cert);
38
39 /**
40 * Calculate digest of certificate
41 * \return digest if possible
42 */
43 boost::optional<HashedId8> calculate_digest() const;
44
45 /**
46 * Get start and end validity
47 * \return certificate start and end validity
48 */
49 StartAndEndValidity get_start_and_end_validity() const;
50
51 /**
52 * Get verification key type
53 * \return verification key type if possible; otherwise unspecified
54 */
55 KeyType get_verification_key_type() const;
56
57 /**
58 * Get issuer digest (if any)
59 * \return issuer digest
60 */
61 boost::optional<HashedId8> issuer_digest() const;
62
63 /**
64 * Check if certificate is self-signed
65 * \return true if certificate is self-signed
66 */
67 bool issuer_is_self() const;
68
69 /**
70 * Check if certificate is a Certification Authority certificate
71 * \return true if certificate is a CA certificate
72 */
73 bool is_ca_certificate() const;
74
75 /**
76 * Check if certificate is an Authorization Ticket certificate
77 * \return true if certificate is an AT certificate
78 */
79 bool is_at_certificate() const;
80
81 /**
82 * Check if certificate has an region restriction
83 * \return true if certificate is only valid within a specific region
84 */
85 bool has_region_restriction() const;
86
87 /**
88 * Check if certificate is valid at given location
89 *
90 * \param location location to be checked
91 * \return true if certificate is valid at location
92 */
93 bool valid_at_location(const PositionFix& location, const LocationChecker* lc) const;
94
95 /**
96 * Check if certificate is valid at given time point
97 *
98 * \param time_point time point to be checked
99 * \return true if certificate is valid at time point
100 */
101 bool valid_at_timepoint(const Clock::time_point& time_point) const;
102
103 /**
104 * Check if certificate is valid for given application
105 *
106 * \param aid application to be checked
107 * \return true if certificate is valid for application
108 */
109 bool valid_for_application(ItsAid aid) const;
110
111 /**
112 * Check if certificate has a canonical format
113 * \return true if certificate is in canonical format
114 */
115 bool is_canonical() const;
116
117 /**
118 * Convert certificate into its canonical format if possible.
119 * \return canonical certificate (or none if conversion failed)
120 */
121 boost::optional<Certificate> canonicalize() const;
122
123 /**
124 * Encode certificate.
125 * \return encoded certificate
126 */
127 ByteBuffer encode() const;
128
129protected:
130 const asn1::EtsiTs103097Certificate* m_cert = nullptr;
131};
132
133struct Certificate : public asn1::asn1c_oer_wrapper<asn1::EtsiTs103097Certificate>, public CertificateView
134{
135 using Wrapper = asn1::asn1c_oer_wrapper<asn1::EtsiTs103097Certificate>;
136
137 Certificate();
138 explicit Certificate(const asn1::EtsiTs103097Certificate&);
139
140 Certificate(const Certificate&);
141 Certificate& operator=(const Certificate&);
142
143 Certificate(Certificate&&);
144 Certificate& operator=(Certificate&&);
145
146 // resolve ambiguity
147 ByteBuffer encode() const;
148
149 void add_permission(ItsAid aid, const ByteBuffer& ssp);
150
151 void add_cert_permission(asn1::PsidGroupPermissions* group_permission);
152
153 void set_signature(const SomeEcdsaSignature& signature);
154};
155
156/**
157 * Calculate digest of v3 certificate
158 * \param cert certificate
159 * \return digest if possible
160 */
161boost::optional<HashedId8> calculate_digest(const asn1::EtsiTs103097Certificate& cert);
162
163/**
164 * Check if certificate is in canonical format suitable for digest calculation.
165 * \param cert certificate
166 * \return true if certificate is in canonical format
167 */
168bool is_canonical(const asn1::EtsiTs103097Certificate& cert);
169
170/**
171 * Convert certificate into its canonical format if possible.
172 * \param cert certificate
173 * \return canonical certificate (or none if conversion failed)
174 */
175boost::optional<Certificate> canonicalize(const asn1::EtsiTs103097Certificate& cert);
176
177/**
178 * Check if certificate is valid at given time point
179 *
180 * \param cert certificate to be checked
181 * \param time_point time point to be checked
182 * \return true if certificate is valid at time point
183 */
184bool valid_at_timepoint(const asn1::EtsiTs103097Certificate& cert, const Clock::time_point& time_point);
185
186/**
187 * Check if certificate is valid for given application
188 *
189 * \param cert certificate to be checked
190 * \param aid application to be checked
191 * \return true if certificate is valid for application
192 */
193bool valid_for_application(const asn1::EtsiTs103097Certificate& cert, ItsAid aid);
194
195/**
196 * Extract the public key out of a certificate
197 * \param cert certificate
198 * \return public key if possible
199 */
200boost::optional<PublicKey> get_public_key(const asn1::EtsiTs103097Certificate& cert);
201
202/**
203 * Get verification key type
204 * \param cert certificate
205 * \return verification key type (maybe unspecified)
206 */
207KeyType get_verification_key_type(const asn1::EtsiTs103097Certificate& cert);
208
209/**
210 * Extract the public key for encrypting out of a certificate
211 * \param cert certificate
212 * \return encryption key if possible
213 */
214boost::optional<PublicKey> get_public_encryption_key(const asn1::EtsiTs103097Certificate& cert);
215
216/**
217 * Extract the signature out of a certificate
218 * \param cert certificate
219 * \return signature if possible
220 */
221boost::optional<Signature> get_signature(const asn1::EtsiTs103097Certificate& cert);
222
223/**
224 * Get list of ITS AID permissions from certificate
225 * \param cert certificate
226 * \return list of ITS AIDs
227 */
228std::list<ItsAid> get_aids(const asn1::EtsiTs103097Certificate& cert);
229
230/**
231 * Get application permissions (SSP = service specific permissions)
232 * \param cert certificate containing application permissions
233 * \param aid look up permissions for this application identifier
234 * \return SSP bitmap or empty buffer
235 */
236ByteBuffer get_app_permissions(const asn1::EtsiTs103097Certificate& cert, ItsAid aid);
237
238void add_psid_group_permission(asn1::PsidGroupPermissions* group_permission, ItsAid aid, const ByteBuffer& ssp, const ByteBuffer& bitmask);
239
240void serialize(OutputArchive& ar, const Certificate& certificate);
241
242Certificate fake_certificate();
243
244} // namespace v3
245} // namespace security
246} // namespace vanetza
FWD_STRUCT
#define FWD_STRUCT(name)
Definition asn1_types.hpp:23
FWD_OCTET_STRING
#define FWD_OCTET_STRING(name)
Definition asn1_types.hpp:17
FWD_ALIAS
#define FWD_ALIAS(name, base)
Definition asn1_types.hpp:11
FWD_NATIVE_INTEGER
#define FWD_NATIVE_INTEGER(name)
Definition asn1_types.hpp:29
vanetza::ChunkPacket
ChunckPacket is a packet consisting of several memory chunks.
Definition chunk_packet.hpp:19
vanetza::ChunkPacket::operator[]
ByteBufferConvertible & operator[](OsiLayer ol)
Definition chunk_packet.hpp:41
vanetza::ChunkPacket::merge
ChunkPacket & merge(ChunkPacket &packet, OsiLayer from, OsiLayer to)
Definition chunk_packet.cpp:77
vanetza::ChunkPacket::size
std::size_t size() const
Definition chunk_packet.cpp:44
vanetza::ChunkPacket::layer
const ByteBufferConvertible & layer(OsiLayer ol) const
Definition chunk_packet.cpp:33
vanetza::ChunkPacket::operator[]
const ByteBufferConvertible & operator[](OsiLayer ol) const
Definition chunk_packet.hpp:47
vanetza::ChunkPacket::layer
ByteBufferConvertible & layer(OsiLayer ol)
Definition chunk_packet.cpp:28
vanetza::ChunkPacket::size
std::size_t size(OsiLayer from, OsiLayer to) const
Definition chunk_packet.cpp:55
vanetza::ChunkPacket::extract
ChunkPacket extract(OsiLayer from, OsiLayer to)
Definition chunk_packet.cpp:67
vanetza::CohesivePacket::size
std::size_t size(OsiLayer from, OsiLayer to) const
Definition cohesive_packet.cpp:85
vanetza::CohesivePacket::operator[]
buffer_const_range operator[](OsiLayer layer) const
Definition cohesive_packet.cpp:41
vanetza::CohesivePacket::size
std::size_t size() const
Definition cohesive_packet.cpp:75
vanetza::CohesivePacket::set_boundary
void set_boundary(OsiLayer, unsigned bytes)
Definition cohesive_packet.cpp:51
vanetza::CohesivePacket::buffer
const ByteBuffer & buffer() const
Definition cohesive_packet.hpp:84
vanetza::CohesivePacket::CohesivePacket
CohesivePacket(const ByteBuffer &buffer, OsiLayer layer)
Definition cohesive_packet.cpp:16
vanetza::CohesivePacket::trim
void trim(OsiLayer from, unsigned bytes)
Definition cohesive_packet.cpp:58
vanetza::CohesivePacket::size
std::size_t size(OsiLayer single_layer) const
Definition cohesive_packet.cpp:80
vanetza::Factory::create
Result create(Args... args) const
Definition factory.hpp:45
vanetza::asn1::asn1c_oer_wrapper
Definition asn1c_wrapper.hpp:217
vanetza::byte_view_iterator
Definition byte_view.hpp:16
vanetza::byte_view_range
Definition byte_view.hpp:135
vanetza::byte_view_range::operator[]
value_type operator[](size_type) const
Definition byte_view.cpp:48
vanetza::byte_view_range::byte_view_range
byte_view_range(ByteBuffer &&)
Definition byte_view.cpp:37
vanetza::byte_view_range::byte_view_range
byte_view_range(const ByteBuffer::const_iterator &, const ByteBuffer::const_iterator &)
Definition byte_view.cpp:27
vanetza::byte_view_range::data
ByteBuffer::const_pointer data() const
Definition byte_view.cpp:42
vanetza::geonet::Lifetime::encode
void encode(units::Duration)
Definition lifetime.cpp:45
vanetza::geonet::Lifetime::decode
units::Duration decode() const
Definition lifetime.cpp:59
vanetza::geonet::Timestamp::after
bool after(const Timestamp &other) const
Definition timestamp.cpp:76
vanetza::geonet::Timestamp::before
bool before(const Timestamp &other) const
Definition timestamp.cpp:71
vanetza::security::Backend::decompress_point
virtual boost::optional< Uncompressed > decompress_point(const EccPoint &ecc_point)=0
decompress a possibly compressed elliptic curve point
vanetza::security::CertificateValidity::valid
static CertificateValidity valid()
Create CertificateValidity signalling a valid certificate This method is equivalent to default constr...
Definition certificate_validity.hpp:43
vanetza::security::CertificateValidity::CertificateValidity
CertificateValidity(CertificateInvalidReason reason)
Definition certificate_validity.hpp:36
vanetza::security::CertificateValidity::reason
CertificateInvalidReason reason() const
Get reason for certificate invalidity This call is only safe if reason is available,...
Definition certificate_validity.hpp:57
vanetza::security::v2::Duration::to_seconds
std::chrono::seconds to_seconds() const
Definition validity_restriction.cpp:26
vanetza::security::v2::IntX
IntX specified in TS 103 097 v1.2.1, section 4.2.1.
Definition int_x.hpp:21
vanetza::security::v3::CertificateView::canonicalize
boost::optional< Certificate > canonicalize() const
Definition certificate.cpp:284
vanetza::security::v3::CertificateView::valid_at_timepoint
bool valid_at_timepoint(const Clock::time_point &time_point) const
Definition certificate.cpp:98
vanetza::security::v3::CertificateView::get_start_and_end_validity
StartAndEndValidity get_start_and_end_validity() const
Definition certificate.cpp:205
vanetza::security::v3::CertificateView::valid_for_application
bool valid_for_application(ItsAid aid) const
Definition certificate.cpp:141
vanetza::security::v3::CertificateView::calculate_digest
boost::optional< HashedId8 > calculate_digest() const
Definition certificate.cpp:83
vanetza::security::v3::CertificateView::valid_at_location
bool valid_at_location(const PositionFix &location, const LocationChecker *lc) const
Definition certificate.cpp:93
vanetza::security::v3::CertificateView::issuer_digest
boost::optional< HashedId8 > issuer_digest() const
Definition certificate.cpp:161
vanetza::convertible::byte_buffer_impl
Definition asn1c_conversion.hpp:16
vanetza::convertible::byte_buffer
Definition byte_buffer_convertible.hpp:16
vanetza::security::Compressed_Lsb_Y_0
Compressed_Lsb_Y_0 specified in TS 103 097 v1.2.1 in section 4.2.5.
Definition ecc_point.hpp:24
vanetza::security::Compressed_Lsb_Y_1
Compressed_Lsb_Y_1 specified in TS 103 097 v1.2.1 in section 4.2.5.
Definition ecc_point.hpp:30
vanetza::security::DecapConfirm::from
static DecapConfirm from(VerifyConfirm &&verify_confirm, const SecuredMessageView &msg_view)
Definition decap_service.cpp:41
vanetza::security::DecapRequest
Input data for decapsulating a secured message.
Definition decap_service.hpp:27
vanetza::security::EcdsaSignature
EcdsaSignature specified in TS 103 097 v1.2.1, section 4.2.9.
Definition signature.hpp:17
vanetza::security::Uncompressed
Uncompressed specified in TS 103 097 v1.2.1 in section 4.2.5.
Definition ecc_point.hpp:36
vanetza::security::X_Coordinate_Only
X_Coordinate_Only specified in TS 103 097 v1.2.1 in section 4.2.5.
Definition ecc_point.hpp:18
vanetza::security::v2::CertificateDigestWithOtherAlgorithm
described in TS 103 097 v1.2.1, section 4.2.10
Definition signer_info.hpp:33
vanetza::security::v2::Certificate
described in TS 103 097 v1.2.1 (2015-06), section 6.1
Definition certificate.hpp:28
vanetza::security::v2::Certificate::add_permission
void add_permission(ItsAid aid, const ByteBuffer &ssp)
Definition certificate.cpp:242
vanetza::security::v2::Certificate::get_restriction
const ValidityRestriction * get_restriction(ValidityRestrictionType type) const
Definition certificate.cpp:195
vanetza::security::v2::Certificate::get_attribute
const SubjectAttribute * get_attribute(SubjectAttributeType type) const
Definition certificate.cpp:183
vanetza::security::v2::Certificate::remove_attribute
void remove_attribute(SubjectAttributeType type)
Definition certificate.cpp:207
vanetza::security::v2::Certificate::get_restriction
const validity_restriction_type< T > * get_restriction() const
Definition certificate.hpp:93
vanetza::security::v2::Certificate::get_attribute
const subject_attribute_type< T > * get_attribute() const
Definition certificate.hpp:80
vanetza::security::v2::Certificate::remove_restriction
void remove_restriction(ValidityRestrictionType type)
Definition certificate.cpp:218
vanetza::security::v2::CircularRegion
CircularRegion specified in TS 103 097 v1.2.1, section 4.2.22.
Definition region.hpp:74
vanetza::security::v2::EciesEncryptedKey
EciesEncryptedKey specified in TS 103 097 v1.2.1, section 5.9.
Definition recipient_info.hpp:17
vanetza::security::v2::EncryptionKey
EncryptionKey specified in TS 103 097 v1.2.1, section 6.4.
Definition subject_attribute.hpp:64
vanetza::security::v2::IdentifiedRegion
IdentifiedRegion specified in TS 103 097 v1.2.1, section 4.2.25.
Definition region.hpp:110
vanetza::security::v2::ItsAidSsp
ItsAidSsp specified in TS 103 097 v1.2.1, section 6.9.
Definition subject_attribute.hpp:41
vanetza::security::v2::NoneRegion
Specified in TS 103 097 v1.2.1, section 4.2.20.
Definition region.hpp:65
vanetza::security::v2::OpaqueKey
OpaqueKey specified in TS 103 097 v1.2.1, section 5.8.
Definition recipient_info.hpp:25
vanetza::security::v2::Payload
Payload specified in TS 103 097 v1.2.1, section 5.2.
Definition payload.hpp:28
vanetza::security::v2::RecipientInfo
RecipientInfo specified in TS 103 097 v1.2.1, section 5.8.
Definition recipient_info.hpp:34
vanetza::security::v2::RectangularRegion
RectangularRegion specified in TS 103 097 v1.2.1, section 4.2.23.
Definition region.hpp:90
vanetza::security::v2::SecuredMessage
SecuredMessage as specified in TS 103 097 v1.2.1, section 5.1.
Definition secured_message.hpp:20
vanetza::security::v2::SecuredMessage::header_field
HeaderField * header_field(HeaderFieldType)
Definition secured_message.cpp:15
vanetza::security::v2::SecuredMessage::trailer_field
const TrailerField * trailer_field(TrailerFieldType type) const
Definition secured_message.cpp:51
vanetza::security::v2::SecuredMessage::header_field
const HeaderField * header_field(HeaderFieldType type) const
Definition secured_message.cpp:27
vanetza::security::v2::SecuredMessage::trailer_field
TrailerField * trailer_field(TrailerFieldType)
Definition secured_message.cpp:39
vanetza::security::v2::SubjectAssurance
SubjectAssurance specified in TS 103 097 v1.2.1 in section 6.6 and 7.4.1.
Definition subject_attribute.hpp:20
vanetza::security::v2::SubjectInfo
described in TS 103 097 v1.2.1, section 6.2
Definition subject_info.hpp:29
vanetza::security::v2::ThreeDLocation
ThreeDLocation specified in TS 103 097 v1.2.1, section 4.2.19.
Definition region.hpp:21
vanetza::security::v2::Time64WithStandardDeviation
Time64WithStandardDeviation specified in TS 103 097 v1.2.1, section 4.2.16.
Definition basic_elements.hpp:20
vanetza::security::v2::TwoDLocation
TwoDLocation specified in TS 103 097 v1.2.1, section 4.2.18.
Definition region.hpp:47
vanetza::security::v2::VerificationKey
VerificationKey specified in TS 103 097 v1.2.1, section 6.4.
Definition subject_attribute.hpp:58
vanetza::security::v2::detail::subject_attribute_type< SubjectAttributeType::Assurance_Level >
Definition subject_attribute.hpp:156
vanetza::security::v2::detail::subject_attribute_type< SubjectAttributeType::Encryption_Key >
Definition subject_attribute.hpp:150
vanetza::security::v2::detail::subject_attribute_type< SubjectAttributeType::ITS_AID_List >
Definition subject_attribute.hpp:168
vanetza::security::v2::detail::subject_attribute_type< SubjectAttributeType::ITS_AID_SSP_List >
Definition subject_attribute.hpp:174
vanetza::security::v2::detail::subject_attribute_type< SubjectAttributeType::Reconstruction_Value >
Definition subject_attribute.hpp:162
vanetza::security::v2::detail::subject_attribute_type< SubjectAttributeType::Verification_Key >
Definition subject_attribute.hpp:144
vanetza::security::v2::detail::subject_attribute_type
Definition subject_attribute.hpp:140
vanetza::security::v2::detail::validity_restriction_type< ValidityRestrictionType::Time_Start_And_Duration >
Definition validity_restriction.hpp:155
vanetza::security::v2::detail::validity_restriction_type< ValidityRestrictionType::Region >
Definition validity_restriction.hpp:161
vanetza::security::v2::detail::validity_restriction_type< ValidityRestrictionType::Time_End >
Definition validity_restriction.hpp:143
vanetza::security::v2::detail::validity_restriction_type< ValidityRestrictionType::Time_Start_And_End >
Definition validity_restriction.hpp:149
vanetza::security::v2::detail::validity_restriction_type
Definition validity_restriction.hpp:139
vanetza::security::v2::ecdsa_nistp256_with_sha256
ecdsa_nistp256_with_sha256 specified in TS 103 097 v1.2.1, section 4.2.4
Definition public_key.hpp:29
vanetza::security::v2::ecies_nistp256
ecies_nistp256 specified in TS 103 097 v1.2.1, section 4.2.4
Definition public_key.hpp:35
vanetza::security::v2::header_field_type< HeaderFieldType::Encryption_Parameters >
Definition header_field.hpp:130
vanetza::security::v2::header_field_type< HeaderFieldType::Expiration >
Definition header_field.hpp:100
vanetza::security::v2::header_field_type< HeaderFieldType::Generation_Location >
Definition header_field.hpp:106
vanetza::security::v2::header_field_type< HeaderFieldType::Generation_Time >
Definition header_field.hpp:88
vanetza::security::v2::header_field_type< HeaderFieldType::Generation_Time_Confidence >
Definition header_field.hpp:94
vanetza::security::v2::header_field_type< HeaderFieldType::Its_Aid >
Definition header_field.hpp:118
vanetza::security::v2::header_field_type< HeaderFieldType::Recipient_Info >
Definition header_field.hpp:136
vanetza::security::v2::header_field_type< HeaderFieldType::Request_Unrecognized_Certificate >
Definition header_field.hpp:112
vanetza::security::v2::header_field_type< HeaderFieldType::Signer_Info >
Definition header_field.hpp:124
vanetza::security::v2::header_field_type
resolve type for matching HeaderFieldType
Definition header_field.hpp:84
vanetza::security::v2::trailer_field_type< TrailerFieldType::Signature >
Definition trailer_field.hpp:63
vanetza::security::v2::trailer_field_type
resolve type for matching TrailerFieldType
Definition trailer_field.hpp:60