Upgrade to TS 103 097 v1.3.1

[kelunik]

TS 103 097 v1.3.1 has been published. Seems like quite a lot of names changed.

I'm just adding this issue as a reminder.

[JordiMarias]

I'm leaving this comment to ask if you are already developing the upgrade Vanetza to 1.3.1 version or if you are awaiting for the release 2 of the ETSI ITS protocols or the release of the asn1c to COER. For researching purposes I've been using vanetza and I would like to know if you have any roadmap in mind.

Thanks

[riebl]

I have the intention to upgrade Vanetza's security entity, however, no definite schedule exists. If you can support this endeavour, your help is much appreciated.

[valt2017]

Maybe I can offer some support, because I've been prototyping with security 1.3.1 some time ago. But I can see one possible problem: the quality of my created code is rather "dirty" and equal to prototyping level. So it's questionable whether this code can be beneficial for further implementation.

[riebl]

Thanks for your offer @valt2017! I am happy to have a look at your "dirty" code :-)

[valt2017]

Please check if you're able to download and compile the sources of vanetza from my public repo. If you find any problems or you have some comments, write me to the email from my profile. Please ignore the changes made in ITS ASN files (some SREM,SSEM prototyping). When I generate certificates with certify tool and execute socktap with --security=certs --certificate at.cert --certificate-key at.key I get following result:

[JordiMarias]

Hi @riebl ,
I'm a researcher working for a researching company called "Fundació I2CAT". And for the last couple of months, we found ourselves in need of an ETSI C-ITS implementation with the security standardized at version V1.3.1. This work is for a European research project called CARAMEL https://www.h2020caramel.eu/.

The thing is that I ended starting the development of the V1.3.1 security. Which can be found on my fork of the project under the branch of "feature/security3". It can be run just by compiling "socktap" and then running it with the following commands (and the files attached to the comment):
./socktap -p static --certificate 3_Root_CA_Cert.bin --certificate-key 3_Root_CA_private.pem --security certs

The development still has some path to walk; both for the project that is intended for and Vanetza; but I would be glad to contribute to the general project and not let this code waste. I'm quite a young researcher and still need to interiorize some of the good practices although I've tried to code following the practices of the project.
If you can take a look at the code, any comment would be more than welcoming. And if you let us contribute I'll spend some time writing tests and adding the documentation.

The code written by now is thought to reuse as much older code as possible. I've created the pull request JordiMarias#1 to comment on the code while I'm developing on the feature branch.

Example Certificate:

• Certificate: https://drive.google.com/file/d/1nA4nwp5ItymthmwnrTeVWYBhlSaR3Az2/view?usp=sharing
• Private Key: https://drive.google.com/file/d/15qBeUI1zDyZKk76VDQ7iuAUkrbkV-Pdh/view?usp=sharing

[riebl]

Hi @JordiMarias,

your support is much appreciated! My plan is to hide the security details (for now: if it is v2 or v3) behind a nice interface. I see that you have added variants for this purpose, which is also a nice option. Do you know if the security logic has changed, i.e. the steps to verify signatures? If the logic is still the same, I would like to have only one implementation of the sign and verify services.

As always, tests and documentation are highly welcome too. Related to security, I am currently preparing an initial release of some PKI integration, i.e. fetching the ECTL, station enrolment at EA and loading ATs from AA.

[JordiMarias]

Hi @riebl ,
For the current development, I had to compare many times both versions of the standard and, as far as I am concerned, the security logic is, in essence, the same. The relevant changes are on the data structures.
So the relevant changes I should make in my code are:
Integrate both the verify and sign service to one (eliminate the duplicities whose name ends with V3).
Use the SecuredMessage and Certificate as a boost variant which integrates the SecuredMessageV2 and SecuredMessageV3 in the case of the secured message and CertificateV2 along with CertificateV3.

If I open a pull request to your main branch will you comment on relevant changes to the code?

Thanks in advance.

[riebl]

Sure, I will be happy to review your pull request :-)