security: introduce SecuredMessageView

riebl · May 24, 2024 · a1ce9e7 · a1ce9e7
1 parent 935dfa1
commit a1ce9e7
Show file tree

Hide file tree

Showing 11 changed files with 130 additions and 116 deletions.
diff --git a/tools/benchmark/cases/security/validation.cpp b/tools/benchmark/cases/security/validation.cpp
@@ -103,8 +103,7 @@ int SecurityValidationCase::execute()
     std::cout << "Starting benchmark for messages ... ";
 
     for (unsigned i = 0; i < messages; i++) {
-        SecuredMessage secured_message = secured_messages[dis(gen)];
-        DecapRequest decap_request { &secured_message };
+        DecapRequest decap_request { SecuredMessageView { secured_messages[dis(gen)] }};
         auto decap_confirm = security_entity.decapsulate_packet(std::move(decap_request));
         assert(decap_confirm.report == DecapReport::Success);
     }

diff --git a/vanetza/geonet/router.cpp b/vanetza/geonet/router.cpp
@@ -486,7 +486,7 @@ void Router::indicate_secured(IndicationContextBasic& ctx, const BasicHeader& ba
     } else if (m_security_entity) {
         // Decap packet
         using namespace vanetza::security;
-        DecapConfirm decap_confirm = m_security_entity->decapsulate_packet(DecapRequest(secured_message));
+        DecapConfirm decap_confirm = m_security_entity->decapsulate_packet(SecuredMessageView { *secured_message });
         ctx.service_primitive().security_report = decap_confirm.report;
         ctx.service_primitive().its_aid = decap_confirm.its_aid;
         ctx.service_primitive().permissions = decap_confirm.permissions;

diff --git a/vanetza/security/decap_request.hpp b/vanetza/security/decap_request.hpp
@@ -15,10 +15,11 @@ namespace security
 */
 struct DecapRequest
 {
-    DecapRequest(const SecuredMessage* secmsg) : sec_packet(secmsg) {}
-    const SecuredMessage* sec_packet;
+    DecapRequest(SecuredMessageView sec_msg_view) : sec_packet(sec_msg_view) {}
+    SecuredMessageView sec_packet;
 };
 
 } // namespace security
 } // namespace vanetza
+
 #endif // DECAP_REQUEST_HPP_WH8O09MB
diff --git a/vanetza/security/delegating_security_entity.cpp b/vanetza/security/delegating_security_entity.cpp
@@ -34,18 +34,13 @@ DecapConfirm DelegatingSecurityEntity::decapsulate_packet(DecapRequest&& decap_r
 {
     DecapConfirm decap_confirm;
 
-    if (decap_request.sec_packet) {
-        VerifyConfirm verify_confirm = m_verify_service->verify(VerifyRequest { decap_request.sec_packet });
-
-        decap_confirm.plaintext_payload = get_payload_copy(*decap_request.sec_packet);
-        decap_confirm.report = static_cast<DecapReport>(verify_confirm.report);
-        decap_confirm.certificate_validity = verify_confirm.certificate_validity;
-        decap_confirm.its_aid = verify_confirm.its_aid;
-        decap_confirm.permissions = verify_confirm.permissions;
-    } else {
-        decap_confirm.report = DecapReport::Unsigned_Message;
-    }
-
+    VerifyConfirm verify_confirm = m_verify_service->verify(VerifyRequest { decap_request.sec_packet });
+    decap_confirm.plaintext_payload = get_payload_copy(decap_request.sec_packet);
+    decap_confirm.report = static_cast<DecapReport>(verify_confirm.report);
+    decap_confirm.certificate_validity = verify_confirm.certificate_validity;
+    decap_confirm.its_aid = verify_confirm.its_aid;
+    decap_confirm.permissions = verify_confirm.permissions;
+
     return decap_confirm;
 }
 

diff --git a/vanetza/security/secured_message.cpp b/vanetza/security/secured_message.cpp
@@ -7,22 +7,32 @@ namespace vanetza
 namespace security
 {
 
-ItsAid get_its_aid(const SecuredMessage& msg)
+SecuredMessageView::SecuredMessageView(const SecuredMessage& msg) :
+    m_variant(msg)
+{
+}
+
+struct ItsAidVisitor : boost::static_visitor<ItsAid>
 {
-    struct Visitor : boost::static_visitor<ItsAid>
+    ItsAid operator()(const v2::SecuredMessage& msg) const
     {
-        ItsAid operator()(const v2::SecuredMessage& msg) const
-        {
-            return get_its_aid(msg);
-        }
+        return get_its_aid(msg);
+    }
 
-        ItsAid operator()(const v3::SecuredMessage& msg) const
-        {
-            return msg.its_aid();
-        }
-    };
+    ItsAid operator()(const v3::SecuredMessage& msg) const
+    {
+        return msg.its_aid();
+    }
+};
 
-    return boost::apply_visitor(Visitor(), msg);
+ItsAid get_its_aid(const SecuredMessage& msg)
+{
+    return boost::apply_visitor(ItsAidVisitor(), msg);
+}
+
+ItsAid get_its_aid(const SecuredMessageView& msg)
+{
+    return boost::apply_visitor(ItsAidVisitor(), msg);
 }
 
 std::size_t get_size(const SecuredMessage& msg)
@@ -43,25 +53,31 @@ std::size_t get_size(const SecuredMessage& msg)
     return boost::apply_visitor(Visitor(), msg);
 }
 
-void serialize(OutputArchive& ar, const SecuredMessage& msg)
+struct SerializeVisitor : boost::static_visitor<void>
 {
-    struct Visitor : boost::static_visitor<void>
+    OutputArchive& m_archive;
+    SerializeVisitor(OutputArchive& ar) : m_archive(ar) {}
+
+    void operator()(const v2::SecuredMessage& msg)
     {
-        OutputArchive& m_archive;
-        Visitor(OutputArchive& ar) : m_archive(ar) {}
+        serialize(m_archive, msg);
+    }
 
-        void operator()(const v2::SecuredMessage& msg)
-        {
-            serialize(m_archive, msg);
-        }
+    void operator()(const v3::SecuredMessage& msg)
+    {
+        serialize(m_archive, msg);
+    }
+};
 
-        void operator()(const v3::SecuredMessage& msg)
-        {
-            serialize(m_archive, msg);
-        }
-    };
+void serialize(OutputArchive& ar, const SecuredMessage& msg)
+{
+    SerializeVisitor visitor { ar };
+    boost::apply_visitor(visitor, msg);
+}
 
-    Visitor visitor(ar);
+void serialize(OutputArchive& ar, const SecuredMessageView& msg)
+{
+    SerializeVisitor visitor { ar };
     boost::apply_visitor(visitor, msg);
 }
 
@@ -87,22 +103,27 @@ std::size_t deserialize(InputArchive& ar, SecuredMessage& msg)
     return boost::apply_visitor(visitor, msg);
 }
 
-PacketVariant get_payload_copy(const SecuredMessage& msg)
+struct PayloadCopyVisitor : boost::static_visitor<PacketVariant>
 {
-    struct Visitor : boost::static_visitor<PacketVariant>
+    PacketVariant operator()(const v2::SecuredMessage& msg) const
     {
-        PacketVariant operator()(const v2::SecuredMessage& msg) const
-        {
-            return msg.payload.data;
-        }
+        return msg.payload.data;
+    }
 
-        PacketVariant operator()(const v3::SecuredMessage& msg) const
-        {
-            return msg.payload();
-        }
-    };
+    PacketVariant operator()(const v3::SecuredMessage& msg) const
+    {
+        return msg.payload();
+    }
+};
 
-    return boost::apply_visitor(Visitor {}, msg);
+PacketVariant get_payload_copy(const SecuredMessage& msg)
+{
+    return boost::apply_visitor(PayloadCopyVisitor {}, msg);
+}
+
+PacketVariant get_payload_copy(const SecuredMessageView& msg)
+{
+    return boost::apply_visitor(PayloadCopyVisitor {}, msg);
 }
 
 } // namespace security

diff --git a/vanetza/security/secured_message.hpp b/vanetza/security/secured_message.hpp
@@ -15,15 +15,34 @@ namespace security
 
 using SecuredMessage = boost::variant<v2::SecuredMessage, v3::SecuredMessage>;
 
+class SecuredMessageView
+{
+public:
+    explicit SecuredMessageView(const SecuredMessage& msg);
+
+    template<typename Visitor>
+    typename Visitor::result_type apply_visitor(Visitor& visitor) const
+    {
+        return m_variant.apply_visitor(visitor);
+    }
+
+private:
+    boost::variant<const v2::SecuredMessage&, const v3::SecuredMessage&> m_variant;
+};
+
 ItsAid get_its_aid(const SecuredMessage&);
+ItsAid get_its_aid(const SecuredMessageView&);
 
 std::size_t get_size(const SecuredMessage& msg);
+std::size_t get_size(const SecuredMessageView& msg);
 
 void serialize(OutputArchive& ar, const SecuredMessage& msg);
+void serialize(OutputArchive& ar, const SecuredMessageView& msg);
 
 std::size_t deserialize(InputArchive& ar, SecuredMessage&);
 
 PacketVariant get_payload_copy(const SecuredMessage&);
+PacketVariant get_payload_copy(const SecuredMessageView&);
 
 } // namespace security
 } // namespace vanetza

diff --git a/vanetza/security/straight_verify_service.cpp b/vanetza/security/straight_verify_service.cpp
@@ -97,13 +97,7 @@ VerifyConfirm StraightVerifyService::verify(const VerifyRequest& request)
         StraightVerifyService* m_service = nullptr;
     } visitor(this);
 
-    if (request.secured_message) {
-        return boost::apply_visitor(visitor, *request.secured_message);
-    } else {
-        VerifyConfirm confirm;
-        confirm.report = VerificationReport::Unsigned_Message;
-        return confirm;
-    }
+    return boost::apply_visitor(visitor, request.secured_message);
 }
 
 VerifyConfirm StraightVerifyService::verify(const v2::SecuredMessage& secured_message)

diff --git a/vanetza/security/tests/dummy_verify_service.cpp b/vanetza/security/tests/dummy_verify_service.cpp
@@ -10,7 +10,7 @@ TEST(DummyVerifyServiceTest, lookup)
         VerificationReport::Invalid_Timestamp, CertificateValidity::valid() }};
 
     SecuredMessage message;
-    VerifyRequest req(&message);
+    VerifyRequest req(SecuredMessageView { message });
 
     auto confirm = dummy->verify(std::move(req));