diff --git a/config/config-sil-dc.yaml b/config/config-sil-dc.yaml index e5f78a02b1..ef2f029410 100644 --- a/config/config-sil-dc.yaml +++ b/config/config-sil-dc.yaml @@ -14,7 +14,6 @@ active_modules: device: auto supported_DIN70121: true supported_ISO15118_2: true - tls_active: true evse_manager: module: EvseManager config_module: @@ -27,7 +26,6 @@ active_modules: session_logging_path: /tmp/everest-logs charge_mode: DC hack_allow_bpt_with_iso2: true - payment_enable_contract: false connections: bsp: - module_id: yeti_driver @@ -91,7 +89,7 @@ active_modules: evse_manager: - module_id: evse_manager implementation_id: evse - token_provider: + token_provider: module: DummyTokenProvider config_implementation: main: diff --git a/lib/staging/CMakeLists.txt b/lib/staging/CMakeLists.txt index f186caf24b..4caf814931 100644 --- a/lib/staging/CMakeLists.txt +++ b/lib/staging/CMakeLists.txt @@ -1,5 +1,6 @@ add_subdirectory(can_dpm1000) add_subdirectory(evse_security) +add_subdirectory(tls) if(EVEREST_DEPENDENCY_ENABLED_LIBSLAC AND EVEREST_DEPENDENCY_ENABLED_LIBFSM) add_subdirectory(slac) endif() diff --git a/lib/staging/tls/CMakeLists.txt b/lib/staging/tls/CMakeLists.txt new file mode 100644 index 0000000000..c1a34dcf90 --- /dev/null +++ b/lib/staging/tls/CMakeLists.txt @@ -0,0 +1,22 @@ +add_library(tls STATIC) +add_library(everest::tls ALIAS tls) + +find_package(OpenSSL) + +target_sources(tls + PRIVATE + openssl_util.cpp + tls.cpp +) + +target_include_directories(tls + PUBLIC + $ +) + +target_link_libraries(tls + PUBLIC + OpenSSL::SSL + OpenSSL::Crypto + everest::framework +) diff --git a/modules/EvseV2G/openssl_util.cpp b/lib/staging/tls/openssl_util.cpp similarity index 93% rename from modules/EvseV2G/openssl_util.cpp rename to lib/staging/tls/openssl_util.cpp index ec19d66b6d..f2e4879b2f 100644 --- a/modules/EvseV2G/openssl_util.cpp +++ b/lib/staging/tls/openssl_util.cpp @@ -356,9 +356,9 @@ Certificate_ptr der_to_certificate(const std::uint8_t* der, std::size_t len) { return result; } -crypto::verify_result_t verify_certificate(const x509_st* cert, const CertificateList& trust_anchors, - const CertificateList& untrusted) { - crypto::verify_result_t result = crypto::verify_result_t::verified; +verify_result_t verify_certificate(const x509_st* cert, const CertificateList& trust_anchors, + const CertificateList& untrusted) { + verify_result_t result = verify_result_t::verified; auto* store_ctx = X509_STORE_CTX_new(); auto* ta_store = X509_STORE_new(); auto* chain = sk_X509_new_null(); @@ -366,29 +366,29 @@ crypto::verify_result_t verify_certificate(const x509_st* cert, const Certificat if (store_ctx == nullptr) { log_error("X509_STORE_CTX_new"); - result = crypto::verify_result_t::OtherError; + result = verify_result_t::OtherError; } if (ta_store == nullptr) { log_error("X509_STORE_new"); - result = crypto::verify_result_t::OtherError; + result = verify_result_t::OtherError; } if (chain == nullptr) { log_error("sk_X509_new_null"); - result = crypto::verify_result_t::OtherError; + result = verify_result_t::OtherError; } if (cert != nullptr) { target = X509_dup(cert); if (target == nullptr) { log_error("X509_dup"); - result = crypto::verify_result_t::OtherError; + result = verify_result_t::OtherError; } } - if (result == crypto::verify_result_t::verified) { - result = crypto::verify_result_t::OtherError; + if (result == verify_result_t::verified) { + result = verify_result_t::OtherError; for (const auto& i : trust_anchors) { if (X509_STORE_add_cert(ta_store, i.get()) != 1) { @@ -420,24 +420,24 @@ crypto::verify_result_t verify_certificate(const x509_st* cert, const Certificat case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: case X509_V_ERR_UNSPECIFIED: - result = crypto::verify_result_t::CertChainError; + result = verify_result_t::CertChainError; break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_CERT_NOT_YET_VALID: - result = crypto::verify_result_t::CertificateExpired; + result = verify_result_t::CertificateExpired; break; case X509_V_ERR_CERT_REVOKED: - result = crypto::verify_result_t::CertificateRevoked; + result = verify_result_t::CertificateRevoked; break; case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - result = crypto::verify_result_t::NoCertificateAvailable; + result = verify_result_t::NoCertificateAvailable; break; default: break; } } else { - result = crypto::verify_result_t::verified; + result = verify_result_t::verified; } } } diff --git a/modules/EvseV2G/openssl_util.hpp b/lib/staging/tls/openssl_util.hpp similarity index 96% rename from modules/EvseV2G/openssl_util.hpp rename to lib/staging/tls/openssl_util.hpp index af3030f16c..6900e6e454 100644 --- a/modules/EvseV2G/openssl_util.hpp +++ b/lib/staging/tls/openssl_util.hpp @@ -14,13 +14,20 @@ #include #include -#include - struct evp_pkey_st; struct x509_st; namespace openssl { +enum class verify_result_t : std::uint8_t { + verified, + CertChainError, + CertificateExpired, + CertificateRevoked, + NoCertificateAvailable, + OtherError, +}; + constexpr std::size_t signature_size = 64; constexpr std::size_t signature_n_size = 32; constexpr std::size_t signature_der_size = 128; @@ -200,8 +207,8 @@ Certificate_ptr der_to_certificate(const std::uint8_t* der, std::size_t len); * \param[in] untrusted intermediate CAs needed to form a chain from the leaf * certificate to one of the supplied trust anchors */ -crypto::verify_result_t verify_certificate(const x509_st* cert, const CertificateList& trust_anchors, - const CertificateList& untrusted); +verify_result_t verify_certificate(const x509_st* cert, const CertificateList& trust_anchors, + const CertificateList& untrusted); /** * \brief extract the certificate subject as a dictionary of name/value pairs diff --git a/modules/EvseV2G/tls.cpp b/lib/staging/tls/tls.cpp similarity index 100% rename from modules/EvseV2G/tls.cpp rename to lib/staging/tls/tls.cpp diff --git a/modules/EvseV2G/tls.hpp b/lib/staging/tls/tls.hpp similarity index 100% rename from modules/EvseV2G/tls.hpp rename to lib/staging/tls/tls.hpp diff --git a/modules/EvseV2G/CMakeLists.txt b/modules/EvseV2G/CMakeLists.txt index c9c0cf18b7..ee476dcf1c 100644 --- a/modules/EvseV2G/CMakeLists.txt +++ b/modules/EvseV2G/CMakeLists.txt @@ -29,11 +29,15 @@ target_sources(${MODULE_NAME} # ev@c55432ab-152c-45a9-9d2e-7281d50c69c3:v1 # Add pkg-config functionality find_package(PkgConfig REQUIRED) -find_package(OpenSSL) # search for libevent.pc pkg_search_module(EVENT REQUIRED libevent) +target_include_directories(${MODULE_NAME} PRIVATE + crypto + connection +) + target_link_libraries(${MODULE_NAME} PUBLIC ${EVENT_LIBRARIES} -levent -lpthread -levent_pthreads) target_link_libraries(${MODULE_NAME} @@ -43,8 +47,8 @@ target_link_libraries(${MODULE_NAME} target_sources(${MODULE_NAME} PRIVATE - "connection.cpp" - "crypto_common.cpp" + "connection/connection.cpp" + "crypto/crypto_common.cpp" "din_server.cpp" "iso_server.cpp" "log.cpp" @@ -55,6 +59,9 @@ target_sources(${MODULE_NAME} ) if(USING_MBED_TLS) +target_include_directories(${MODULE_NAME} PRIVATE + ../../lib/staging/tls +) target_link_libraries(${MODULE_NAME} PRIVATE mbedcrypto @@ -63,20 +70,17 @@ target_link_libraries(${MODULE_NAME} ) target_sources(${MODULE_NAME} PRIVATE - "crypto_mbedtls.cpp" + "crypto/crypto_mbedtls.cpp" ) else() target_link_libraries(${MODULE_NAME} PRIVATE - OpenSSL::SSL - OpenSSL::Crypto + everest::tls ) target_sources(${MODULE_NAME} PRIVATE - "crypto_openssl.cpp" - "openssl_util.cpp" - "tls.cpp" - "tls_connection.cpp" + "crypto/crypto_openssl.cpp" + "connection/tls_connection.cpp" ) endif() diff --git a/modules/EvseV2G/connection.cpp b/modules/EvseV2G/connection/connection.cpp similarity index 100% rename from modules/EvseV2G/connection.cpp rename to modules/EvseV2G/connection/connection.cpp diff --git a/modules/EvseV2G/connection.hpp b/modules/EvseV2G/connection/connection.hpp similarity index 100% rename from modules/EvseV2G/connection.hpp rename to modules/EvseV2G/connection/connection.hpp diff --git a/modules/EvseV2G/tls_connection.cpp b/modules/EvseV2G/connection/tls_connection.cpp similarity index 100% rename from modules/EvseV2G/tls_connection.cpp rename to modules/EvseV2G/connection/tls_connection.cpp diff --git a/modules/EvseV2G/tls_connection.hpp b/modules/EvseV2G/connection/tls_connection.hpp similarity index 100% rename from modules/EvseV2G/tls_connection.hpp rename to modules/EvseV2G/connection/tls_connection.hpp diff --git a/modules/EvseV2G/crypto_common.cpp b/modules/EvseV2G/crypto/crypto_common.cpp similarity index 100% rename from modules/EvseV2G/crypto_common.cpp rename to modules/EvseV2G/crypto/crypto_common.cpp diff --git a/modules/EvseV2G/crypto_common.hpp b/modules/EvseV2G/crypto/crypto_common.hpp similarity index 78% rename from modules/EvseV2G/crypto_common.hpp rename to modules/EvseV2G/crypto/crypto_common.hpp index f6184a8dba..6400c71adb 100644 --- a/modules/EvseV2G/crypto_common.hpp +++ b/modules/EvseV2G/crypto/crypto_common.hpp @@ -6,11 +6,15 @@ #include +#include + struct iso1SignedInfoType; struct xmldsigSignedInfoType; namespace crypto { +using verify_result_t = openssl::verify_result_t; + /*! * \brief convertIso1ToXmldsigSignedInfoType This function copies V2G iso1SignedInfoType struct into * xmldsigSignedInfoType struct type @@ -20,18 +24,6 @@ namespace crypto { void convertIso1ToXmldsigSignedInfoType(struct xmldsigSignedInfoType* xmld_sig_signed_info, const struct iso1SignedInfoType* iso1_signed_info); -/*! - * \brief verification result - */ -enum class verify_result_t : std::uint8_t { - verified, - CertChainError, - CertificateExpired, - CertificateRevoked, - NoCertificateAvailable, - OtherError, -}; - } // namespace crypto #endif // CRTYPTO_COMMON_HPP_ \ No newline at end of file diff --git a/modules/EvseV2G/crypto_mbedtls.cpp b/modules/EvseV2G/crypto/crypto_mbedtls.cpp similarity index 100% rename from modules/EvseV2G/crypto_mbedtls.cpp rename to modules/EvseV2G/crypto/crypto_mbedtls.cpp diff --git a/modules/EvseV2G/crypto_mbedtls.hpp b/modules/EvseV2G/crypto/crypto_mbedtls.hpp similarity index 100% rename from modules/EvseV2G/crypto_mbedtls.hpp rename to modules/EvseV2G/crypto/crypto_mbedtls.hpp diff --git a/modules/EvseV2G/crypto_openssl.cpp b/modules/EvseV2G/crypto/crypto_openssl.cpp similarity index 100% rename from modules/EvseV2G/crypto_openssl.cpp rename to modules/EvseV2G/crypto/crypto_openssl.cpp diff --git a/modules/EvseV2G/crypto_openssl.hpp b/modules/EvseV2G/crypto/crypto_openssl.hpp similarity index 100% rename from modules/EvseV2G/crypto_openssl.hpp rename to modules/EvseV2G/crypto/crypto_openssl.hpp diff --git a/modules/EvseV2G/tests/CMakeLists.txt b/modules/EvseV2G/tests/CMakeLists.txt index 8e06512005..224ac40a2f 100644 --- a/modules/EvseV2G/tests/CMakeLists.txt +++ b/modules/EvseV2G/tests/CMakeLists.txt @@ -8,7 +8,7 @@ add_executable(${TLS_GTEST_NAME}) add_dependencies(${TLS_GTEST_NAME} generate_cpp_files) target_include_directories(${TLS_GTEST_NAME} PRIVATE - . .. + . .. ../crypto ${GENERATED_INCLUDE_DIR} ${CMAKE_BINARY_DIR}/generated/modules/${MODULE_NAME} ) @@ -20,18 +20,15 @@ target_compile_definitions(${TLS_GTEST_NAME} PRIVATE target_sources(${TLS_GTEST_NAME} PRIVATE gtest_main.cpp log.cpp - openssl_util_test.cpp - ../crypto_common.cpp - ../crypto_openssl.cpp - ../openssl_util.cpp + ../crypto/crypto_common.cpp + ../crypto/crypto_openssl.cpp ) target_link_libraries(${TLS_GTEST_NAME} PRIVATE - OpenSSL::SSL - OpenSSL::Crypto GTest::gtest everest::openv2g everest::framework + everest::tls ) set(TLS_MAIN_NAME tls_test) @@ -47,13 +44,10 @@ target_compile_definitions(${TLS_MAIN_NAME} PRIVATE target_sources(${TLS_MAIN_NAME} PRIVATE tls_main.cpp - ../openssl_util.cpp - ../tls.cpp ) target_link_libraries(${TLS_MAIN_NAME} PRIVATE - OpenSSL::SSL - OpenSSL::Crypto + everest::tls ) set(V2G_MAIN_NAME v2g_test) @@ -62,7 +56,7 @@ add_executable(${V2G_MAIN_NAME}) add_dependencies(${V2G_MAIN_NAME} generate_cpp_files) target_include_directories(${V2G_MAIN_NAME} PRIVATE - . .. ../../../tests/include + . .. ../connection ../../../tests/include ${GENERATED_INCLUDE_DIR} ${CMAKE_BINARY_DIR}/generated/modules/${MODULE_NAME} ${CMAKE_BINARY_DIR}/generated/include @@ -70,13 +64,12 @@ target_include_directories(${V2G_MAIN_NAME} PRIVATE target_compile_definitions(${V2G_MAIN_NAME} PRIVATE -DUNIT_TEST + ) target_sources(${V2G_MAIN_NAME} PRIVATE - ../connection.cpp - ../openssl_util.cpp - ../tls.cpp - ../tls_connection.cpp + ../connection/connection.cpp + ../connection/tls_connection.cpp ../tools.cpp ../v2g_ctx.cpp log.cpp @@ -85,14 +78,10 @@ target_sources(${V2G_MAIN_NAME} PRIVATE ) target_link_libraries(${V2G_MAIN_NAME} PRIVATE - OpenSSL::SSL - OpenSSL::Crypto everest::log everest::framework everest::openv2g - mbedcrypto - mbedtls - mbedx509 + everest::tls -levent -lpthread -levent_pthreads ) @@ -110,14 +99,4 @@ install( DESTINATION "${CMAKE_CURRENT_BINARY_DIR}" ) -# should be a better way!!! -if(USING_MBED_TLS) -target_compile_definitions(${TLS_MAIN_NAME} PRIVATE - EVEREST_MBED_TLS -) -target_compile_definitions(${V2G_MAIN_NAME} PRIVATE - EVEREST_MBED_TLS -) -endif() - -# add_test(${TEST_TARGET_NAME} ${TEST_TARGET_NAME}) +add_test(${TLS_GTEST_NAME} ${TLS_GTEST_NAME})