From 63ac52bad87ff35e3d4106ab2340f5b56a350c00 Mon Sep 17 00:00:00 2001 From: James Chapman Date: Thu, 20 Jun 2024 13:32:30 +0100 Subject: [PATCH] fix: add structure to EvseV2G use subdirectories to help collect common functionality and provide structure to the module. OpenSSL TLS moved to common area since it is not tied to EvseV2G. Signed-off-by: James Chapman --- config/config-sil-dc.yaml | 4 +- lib/staging/CMakeLists.txt | 1 + lib/staging/tls/CMakeLists.txt | 22 ++++++++++ .../staging/tls}/openssl_util.cpp | 28 ++++++------ .../staging/tls}/openssl_util.hpp | 15 +++++-- {modules/EvseV2G => lib/staging/tls}/tls.cpp | 0 {modules/EvseV2G => lib/staging/tls}/tls.hpp | 0 modules/EvseV2G/CMakeLists.txt | 24 ++++++----- .../EvseV2G/{ => connection}/connection.cpp | 0 .../EvseV2G/{ => connection}/connection.hpp | 0 .../{ => connection}/tls_connection.cpp | 0 .../{ => connection}/tls_connection.hpp | 0 .../EvseV2G/{ => crypto}/crypto_common.cpp | 0 .../EvseV2G/{ => crypto}/crypto_common.hpp | 16 ++----- .../EvseV2G/{ => crypto}/crypto_mbedtls.cpp | 0 .../EvseV2G/{ => crypto}/crypto_mbedtls.hpp | 0 .../EvseV2G/{ => crypto}/crypto_openssl.cpp | 0 .../EvseV2G/{ => crypto}/crypto_openssl.hpp | 0 modules/EvseV2G/tests/CMakeLists.txt | 43 +++++-------------- 19 files changed, 78 insertions(+), 75 deletions(-) create mode 100644 lib/staging/tls/CMakeLists.txt rename {modules/EvseV2G => lib/staging/tls}/openssl_util.cpp (93%) rename {modules/EvseV2G => lib/staging/tls}/openssl_util.hpp (96%) rename {modules/EvseV2G => lib/staging/tls}/tls.cpp (100%) rename {modules/EvseV2G => lib/staging/tls}/tls.hpp (100%) rename modules/EvseV2G/{ => connection}/connection.cpp (100%) rename modules/EvseV2G/{ => connection}/connection.hpp (100%) rename modules/EvseV2G/{ => connection}/tls_connection.cpp (100%) rename modules/EvseV2G/{ => connection}/tls_connection.hpp (100%) rename modules/EvseV2G/{ => crypto}/crypto_common.cpp (100%) rename modules/EvseV2G/{ => crypto}/crypto_common.hpp (78%) rename modules/EvseV2G/{ => crypto}/crypto_mbedtls.cpp (100%) rename modules/EvseV2G/{ => crypto}/crypto_mbedtls.hpp (100%) rename modules/EvseV2G/{ => crypto}/crypto_openssl.cpp (100%) rename modules/EvseV2G/{ => crypto}/crypto_openssl.hpp (100%) diff --git a/config/config-sil-dc.yaml b/config/config-sil-dc.yaml index e5f78a02b1..ef2f029410 100644 --- a/config/config-sil-dc.yaml +++ b/config/config-sil-dc.yaml @@ -14,7 +14,6 @@ active_modules: device: auto supported_DIN70121: true supported_ISO15118_2: true - tls_active: true evse_manager: module: EvseManager config_module: @@ -27,7 +26,6 @@ active_modules: session_logging_path: /tmp/everest-logs charge_mode: DC hack_allow_bpt_with_iso2: true - payment_enable_contract: false connections: bsp: - module_id: yeti_driver @@ -91,7 +89,7 @@ active_modules: evse_manager: - module_id: evse_manager implementation_id: evse - token_provider: + token_provider: module: DummyTokenProvider config_implementation: main: diff --git a/lib/staging/CMakeLists.txt b/lib/staging/CMakeLists.txt index f186caf24b..4caf814931 100644 --- a/lib/staging/CMakeLists.txt +++ b/lib/staging/CMakeLists.txt @@ -1,5 +1,6 @@ add_subdirectory(can_dpm1000) add_subdirectory(evse_security) +add_subdirectory(tls) if(EVEREST_DEPENDENCY_ENABLED_LIBSLAC AND EVEREST_DEPENDENCY_ENABLED_LIBFSM) add_subdirectory(slac) endif() diff --git a/lib/staging/tls/CMakeLists.txt b/lib/staging/tls/CMakeLists.txt new file mode 100644 index 0000000000..c1a34dcf90 --- /dev/null +++ b/lib/staging/tls/CMakeLists.txt @@ -0,0 +1,22 @@ +add_library(tls STATIC) +add_library(everest::tls ALIAS tls) + +find_package(OpenSSL) + +target_sources(tls + PRIVATE + openssl_util.cpp + tls.cpp +) + +target_include_directories(tls + PUBLIC + $ +) + +target_link_libraries(tls + PUBLIC + OpenSSL::SSL + OpenSSL::Crypto + everest::framework +) diff --git a/modules/EvseV2G/openssl_util.cpp b/lib/staging/tls/openssl_util.cpp similarity index 93% rename from modules/EvseV2G/openssl_util.cpp rename to lib/staging/tls/openssl_util.cpp index ec19d66b6d..f2e4879b2f 100644 --- a/modules/EvseV2G/openssl_util.cpp +++ b/lib/staging/tls/openssl_util.cpp @@ -356,9 +356,9 @@ Certificate_ptr der_to_certificate(const std::uint8_t* der, std::size_t len) { return result; } -crypto::verify_result_t verify_certificate(const x509_st* cert, const CertificateList& trust_anchors, - const CertificateList& untrusted) { - crypto::verify_result_t result = crypto::verify_result_t::verified; +verify_result_t verify_certificate(const x509_st* cert, const CertificateList& trust_anchors, + const CertificateList& untrusted) { + verify_result_t result = verify_result_t::verified; auto* store_ctx = X509_STORE_CTX_new(); auto* ta_store = X509_STORE_new(); auto* chain = sk_X509_new_null(); @@ -366,29 +366,29 @@ crypto::verify_result_t verify_certificate(const x509_st* cert, const Certificat if (store_ctx == nullptr) { log_error("X509_STORE_CTX_new"); - result = crypto::verify_result_t::OtherError; + result = verify_result_t::OtherError; } if (ta_store == nullptr) { log_error("X509_STORE_new"); - result = crypto::verify_result_t::OtherError; + result = verify_result_t::OtherError; } if (chain == nullptr) { log_error("sk_X509_new_null"); - result = crypto::verify_result_t::OtherError; + result = verify_result_t::OtherError; } if (cert != nullptr) { target = X509_dup(cert); if (target == nullptr) { log_error("X509_dup"); - result = crypto::verify_result_t::OtherError; + result = verify_result_t::OtherError; } } - if (result == crypto::verify_result_t::verified) { - result = crypto::verify_result_t::OtherError; + if (result == verify_result_t::verified) { + result = verify_result_t::OtherError; for (const auto& i : trust_anchors) { if (X509_STORE_add_cert(ta_store, i.get()) != 1) { @@ -420,24 +420,24 @@ crypto::verify_result_t verify_certificate(const x509_st* cert, const Certificat case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: case X509_V_ERR_UNSPECIFIED: - result = crypto::verify_result_t::CertChainError; + result = verify_result_t::CertChainError; break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_CERT_NOT_YET_VALID: - result = crypto::verify_result_t::CertificateExpired; + result = verify_result_t::CertificateExpired; break; case X509_V_ERR_CERT_REVOKED: - result = crypto::verify_result_t::CertificateRevoked; + result = verify_result_t::CertificateRevoked; break; case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - result = crypto::verify_result_t::NoCertificateAvailable; + result = verify_result_t::NoCertificateAvailable; break; default: break; } } else { - result = crypto::verify_result_t::verified; + result = verify_result_t::verified; } } } diff --git a/modules/EvseV2G/openssl_util.hpp b/lib/staging/tls/openssl_util.hpp similarity index 96% rename from modules/EvseV2G/openssl_util.hpp rename to lib/staging/tls/openssl_util.hpp index af3030f16c..6900e6e454 100644 --- a/modules/EvseV2G/openssl_util.hpp +++ b/lib/staging/tls/openssl_util.hpp @@ -14,13 +14,20 @@ #include #include -#include - struct evp_pkey_st; struct x509_st; namespace openssl { +enum class verify_result_t : std::uint8_t { + verified, + CertChainError, + CertificateExpired, + CertificateRevoked, + NoCertificateAvailable, + OtherError, +}; + constexpr std::size_t signature_size = 64; constexpr std::size_t signature_n_size = 32; constexpr std::size_t signature_der_size = 128; @@ -200,8 +207,8 @@ Certificate_ptr der_to_certificate(const std::uint8_t* der, std::size_t len); * \param[in] untrusted intermediate CAs needed to form a chain from the leaf * certificate to one of the supplied trust anchors */ -crypto::verify_result_t verify_certificate(const x509_st* cert, const CertificateList& trust_anchors, - const CertificateList& untrusted); +verify_result_t verify_certificate(const x509_st* cert, const CertificateList& trust_anchors, + const CertificateList& untrusted); /** * \brief extract the certificate subject as a dictionary of name/value pairs diff --git a/modules/EvseV2G/tls.cpp b/lib/staging/tls/tls.cpp similarity index 100% rename from modules/EvseV2G/tls.cpp rename to lib/staging/tls/tls.cpp diff --git a/modules/EvseV2G/tls.hpp b/lib/staging/tls/tls.hpp similarity index 100% rename from modules/EvseV2G/tls.hpp rename to lib/staging/tls/tls.hpp diff --git a/modules/EvseV2G/CMakeLists.txt b/modules/EvseV2G/CMakeLists.txt index c9c0cf18b7..ee476dcf1c 100644 --- a/modules/EvseV2G/CMakeLists.txt +++ b/modules/EvseV2G/CMakeLists.txt @@ -29,11 +29,15 @@ target_sources(${MODULE_NAME} # ev@c55432ab-152c-45a9-9d2e-7281d50c69c3:v1 # Add pkg-config functionality find_package(PkgConfig REQUIRED) -find_package(OpenSSL) # search for libevent.pc pkg_search_module(EVENT REQUIRED libevent) +target_include_directories(${MODULE_NAME} PRIVATE + crypto + connection +) + target_link_libraries(${MODULE_NAME} PUBLIC ${EVENT_LIBRARIES} -levent -lpthread -levent_pthreads) target_link_libraries(${MODULE_NAME} @@ -43,8 +47,8 @@ target_link_libraries(${MODULE_NAME} target_sources(${MODULE_NAME} PRIVATE - "connection.cpp" - "crypto_common.cpp" + "connection/connection.cpp" + "crypto/crypto_common.cpp" "din_server.cpp" "iso_server.cpp" "log.cpp" @@ -55,6 +59,9 @@ target_sources(${MODULE_NAME} ) if(USING_MBED_TLS) +target_include_directories(${MODULE_NAME} PRIVATE + ../../lib/staging/tls +) target_link_libraries(${MODULE_NAME} PRIVATE mbedcrypto @@ -63,20 +70,17 @@ target_link_libraries(${MODULE_NAME} ) target_sources(${MODULE_NAME} PRIVATE - "crypto_mbedtls.cpp" + "crypto/crypto_mbedtls.cpp" ) else() target_link_libraries(${MODULE_NAME} PRIVATE - OpenSSL::SSL - OpenSSL::Crypto + everest::tls ) target_sources(${MODULE_NAME} PRIVATE - "crypto_openssl.cpp" - "openssl_util.cpp" - "tls.cpp" - "tls_connection.cpp" + "crypto/crypto_openssl.cpp" + "connection/tls_connection.cpp" ) endif() diff --git a/modules/EvseV2G/connection.cpp b/modules/EvseV2G/connection/connection.cpp similarity index 100% rename from modules/EvseV2G/connection.cpp rename to modules/EvseV2G/connection/connection.cpp diff --git a/modules/EvseV2G/connection.hpp b/modules/EvseV2G/connection/connection.hpp similarity index 100% rename from modules/EvseV2G/connection.hpp rename to modules/EvseV2G/connection/connection.hpp diff --git a/modules/EvseV2G/tls_connection.cpp b/modules/EvseV2G/connection/tls_connection.cpp similarity index 100% rename from modules/EvseV2G/tls_connection.cpp rename to modules/EvseV2G/connection/tls_connection.cpp diff --git a/modules/EvseV2G/tls_connection.hpp b/modules/EvseV2G/connection/tls_connection.hpp similarity index 100% rename from modules/EvseV2G/tls_connection.hpp rename to modules/EvseV2G/connection/tls_connection.hpp diff --git a/modules/EvseV2G/crypto_common.cpp b/modules/EvseV2G/crypto/crypto_common.cpp similarity index 100% rename from modules/EvseV2G/crypto_common.cpp rename to modules/EvseV2G/crypto/crypto_common.cpp diff --git a/modules/EvseV2G/crypto_common.hpp b/modules/EvseV2G/crypto/crypto_common.hpp similarity index 78% rename from modules/EvseV2G/crypto_common.hpp rename to modules/EvseV2G/crypto/crypto_common.hpp index f6184a8dba..6400c71adb 100644 --- a/modules/EvseV2G/crypto_common.hpp +++ b/modules/EvseV2G/crypto/crypto_common.hpp @@ -6,11 +6,15 @@ #include +#include + struct iso1SignedInfoType; struct xmldsigSignedInfoType; namespace crypto { +using verify_result_t = openssl::verify_result_t; + /*! * \brief convertIso1ToXmldsigSignedInfoType This function copies V2G iso1SignedInfoType struct into * xmldsigSignedInfoType struct type @@ -20,18 +24,6 @@ namespace crypto { void convertIso1ToXmldsigSignedInfoType(struct xmldsigSignedInfoType* xmld_sig_signed_info, const struct iso1SignedInfoType* iso1_signed_info); -/*! - * \brief verification result - */ -enum class verify_result_t : std::uint8_t { - verified, - CertChainError, - CertificateExpired, - CertificateRevoked, - NoCertificateAvailable, - OtherError, -}; - } // namespace crypto #endif // CRTYPTO_COMMON_HPP_ \ No newline at end of file diff --git a/modules/EvseV2G/crypto_mbedtls.cpp b/modules/EvseV2G/crypto/crypto_mbedtls.cpp similarity index 100% rename from modules/EvseV2G/crypto_mbedtls.cpp rename to modules/EvseV2G/crypto/crypto_mbedtls.cpp diff --git a/modules/EvseV2G/crypto_mbedtls.hpp b/modules/EvseV2G/crypto/crypto_mbedtls.hpp similarity index 100% rename from modules/EvseV2G/crypto_mbedtls.hpp rename to modules/EvseV2G/crypto/crypto_mbedtls.hpp diff --git a/modules/EvseV2G/crypto_openssl.cpp b/modules/EvseV2G/crypto/crypto_openssl.cpp similarity index 100% rename from modules/EvseV2G/crypto_openssl.cpp rename to modules/EvseV2G/crypto/crypto_openssl.cpp diff --git a/modules/EvseV2G/crypto_openssl.hpp b/modules/EvseV2G/crypto/crypto_openssl.hpp similarity index 100% rename from modules/EvseV2G/crypto_openssl.hpp rename to modules/EvseV2G/crypto/crypto_openssl.hpp diff --git a/modules/EvseV2G/tests/CMakeLists.txt b/modules/EvseV2G/tests/CMakeLists.txt index 8e06512005..224ac40a2f 100644 --- a/modules/EvseV2G/tests/CMakeLists.txt +++ b/modules/EvseV2G/tests/CMakeLists.txt @@ -8,7 +8,7 @@ add_executable(${TLS_GTEST_NAME}) add_dependencies(${TLS_GTEST_NAME} generate_cpp_files) target_include_directories(${TLS_GTEST_NAME} PRIVATE - . .. + . .. ../crypto ${GENERATED_INCLUDE_DIR} ${CMAKE_BINARY_DIR}/generated/modules/${MODULE_NAME} ) @@ -20,18 +20,15 @@ target_compile_definitions(${TLS_GTEST_NAME} PRIVATE target_sources(${TLS_GTEST_NAME} PRIVATE gtest_main.cpp log.cpp - openssl_util_test.cpp - ../crypto_common.cpp - ../crypto_openssl.cpp - ../openssl_util.cpp + ../crypto/crypto_common.cpp + ../crypto/crypto_openssl.cpp ) target_link_libraries(${TLS_GTEST_NAME} PRIVATE - OpenSSL::SSL - OpenSSL::Crypto GTest::gtest everest::openv2g everest::framework + everest::tls ) set(TLS_MAIN_NAME tls_test) @@ -47,13 +44,10 @@ target_compile_definitions(${TLS_MAIN_NAME} PRIVATE target_sources(${TLS_MAIN_NAME} PRIVATE tls_main.cpp - ../openssl_util.cpp - ../tls.cpp ) target_link_libraries(${TLS_MAIN_NAME} PRIVATE - OpenSSL::SSL - OpenSSL::Crypto + everest::tls ) set(V2G_MAIN_NAME v2g_test) @@ -62,7 +56,7 @@ add_executable(${V2G_MAIN_NAME}) add_dependencies(${V2G_MAIN_NAME} generate_cpp_files) target_include_directories(${V2G_MAIN_NAME} PRIVATE - . .. ../../../tests/include + . .. ../connection ../../../tests/include ${GENERATED_INCLUDE_DIR} ${CMAKE_BINARY_DIR}/generated/modules/${MODULE_NAME} ${CMAKE_BINARY_DIR}/generated/include @@ -70,13 +64,12 @@ target_include_directories(${V2G_MAIN_NAME} PRIVATE target_compile_definitions(${V2G_MAIN_NAME} PRIVATE -DUNIT_TEST + ) target_sources(${V2G_MAIN_NAME} PRIVATE - ../connection.cpp - ../openssl_util.cpp - ../tls.cpp - ../tls_connection.cpp + ../connection/connection.cpp + ../connection/tls_connection.cpp ../tools.cpp ../v2g_ctx.cpp log.cpp @@ -85,14 +78,10 @@ target_sources(${V2G_MAIN_NAME} PRIVATE ) target_link_libraries(${V2G_MAIN_NAME} PRIVATE - OpenSSL::SSL - OpenSSL::Crypto everest::log everest::framework everest::openv2g - mbedcrypto - mbedtls - mbedx509 + everest::tls -levent -lpthread -levent_pthreads ) @@ -110,14 +99,4 @@ install( DESTINATION "${CMAKE_CURRENT_BINARY_DIR}" ) -# should be a better way!!! -if(USING_MBED_TLS) -target_compile_definitions(${TLS_MAIN_NAME} PRIVATE - EVEREST_MBED_TLS -) -target_compile_definitions(${V2G_MAIN_NAME} PRIVATE - EVEREST_MBED_TLS -) -endif() - -# add_test(${TEST_TARGET_NAME} ${TEST_TARGET_NAME}) +add_test(${TLS_GTEST_NAME} ${TLS_GTEST_NAME})