AuthenticationSecure.cpp
Go to the documentation of this file.
1 // -- BEGIN LICENSE BLOCK ----------------------------------------------
20 // -- END LICENSE BLOCK ------------------------------------------------
21 
22 #include "sick_safevisionary_base/AuthenticationSecure.h"
23 #include "sick_safevisionary_base/CoLaParameterReader.h"
24 #include "sick_safevisionary_base/CoLaParameterWriter.h"
25 #include "sick_safevisionary_base/SHA256.h"
26 
27 namespace visionary {
28 
29 namespace {
30 enum class ChallengeResponseResult : std::uint8_t
31 {
32  SUCCESS = 0u,
33  INVALID_CLIENT = 1u,
34  NOT_ACCEPTED = 2u,
35  UNKNOWN_CHALLENGE = 3u,
36  PWD_NOT_CHANGABLE = 4u,
37  TIMELOCK_ACTIVE = 5u
38 };
39 }
40 
41 AuthenticationSecure::AuthenticationSecure(SafeVisionaryControl& vctrl)
42  : m_VisionaryControl(vctrl)
43 {
44 }
45 
46 AuthenticationSecure::~AuthenticationSecure() {}
47 
48 PasswordHash AuthenticationSecure::CreatePasswortHash(UserLevel userLevel,
49  const std::string& password,
50  const ChallengeRequest& challengeRequest)
51 {
52  PasswordHash passwordHash{};
53  std::string passwordPrefix{};
54 
55  switch (userLevel)
56  {
57  case UserLevel::RUN: {
58  passwordPrefix = "Run";
59  break;
60  }
61  case UserLevel::OPERATOR: {
62  passwordPrefix = "Operator";
63  break;
64  }
65  case UserLevel::MAINTENANCE: {
66  passwordPrefix = "Maintenance";
67  break;
68  }
69  case UserLevel::AUTHORIZED_CLIENT: {
70  passwordPrefix = "AuthorizedClient";
71  break;
72  }
73  case UserLevel::SERVICE: {
74  passwordPrefix = "Service";
75  break;
76  }
77  default: {
78  // return empty hash code in case of error
79  return passwordHash;
80  break;
81  }
82  }
83  std::string separator = ":";
84  std::string passwordWithPrefix = passwordPrefix + ":SICK Sensor:" + password;
85 
86  hash_state hashState{};
87  sha256_init(&hashState);
88 
89  sha256_process(&hashState,
90  reinterpret_cast<const uint8_t*>(passwordWithPrefix.c_str()),
91  static_cast<std::uint32_t>(passwordWithPrefix.size()));
92  sha256_process(&hashState,
93  reinterpret_cast<const uint8_t*>(separator.c_str()),
94  static_cast<std::uint32_t>(separator.size()));
95  sha256_process(&hashState,
96  challengeRequest.salt.data(),
97  static_cast<std::uint32_t>(challengeRequest.salt.size()));
98  sha256_done(&hashState, passwordHash.data());
99 
100  return passwordHash;
101 }
102 
103 ChallengeResponse AuthenticationSecure::CreateChallengeResponse(
104  UserLevel userLevel, const std::string& password, const ChallengeRequest& challengeRequest)
105 {
106  ChallengeResponse challengeResponse{};
107  PasswordHash passwordHash = CreatePasswortHash(userLevel, password, challengeRequest);
108 
109  hash_state hashState{};
110  sha256_init(&hashState);
111  sha256_process(&hashState, passwordHash.data(), static_cast<std::uint32_t>(passwordHash.size()));
112  sha256_process(&hashState,
113  challengeRequest.challenge.data(),
114  static_cast<std::uint32_t>(challengeRequest.challenge.size()));
115  sha256_done(&hashState, challengeResponse.data());
116 
117  return challengeResponse;
118 }
119 
120 bool AuthenticationSecure::login(UserLevel userLevel, const std::string& password)
121 {
122  bool isLoginSuccessful{false};
123 
124  // create command to get the challenge
125  CoLaCommand getChallengeCommand =
126  CoLaParameterWriter(CoLaCommandType::METHOD_INVOCATION, "GetChallenge")
127  .parameterUSInt(static_cast<uint8_t>(userLevel))
128  .build();
129 
130  // send command and get the response
131  CoLaCommand getChallengeResponse = m_VisionaryControl.sendCommand(getChallengeCommand);
132 
133  // check whether there occurred an error with the CoLa communication
134  if (getChallengeResponse.getError() == CoLaError::OK)
135  {
136  // read and check response of GetChallenge command
137  CoLaParameterReader coLaParameterReader = CoLaParameterReader(getChallengeResponse);
138  if (static_cast<ChallengeResponseResult>(coLaParameterReader.readUSInt()) ==
139  ChallengeResponseResult::SUCCESS)
140  {
141  ChallengeRequest challengeRequest{};
142  for (std::uint32_t byteCounter = 0u; byteCounter < sizeof(challengeRequest.challenge);
143  byteCounter++)
144  {
145  challengeRequest.challenge[byteCounter] = coLaParameterReader.readUSInt();
146  }
147  for (std::uint32_t byteCounter = 0u; byteCounter < sizeof(challengeRequest.salt);
148  byteCounter++)
149  {
150  challengeRequest.salt[byteCounter] = coLaParameterReader.readUSInt();
151  }
152 
153  ChallengeResponse challengeResponse =
154  CreateChallengeResponse(userLevel, password, challengeRequest);
155 
156  CoLaParameterWriter coLaParameterWriter =
157  CoLaParameterWriter(CoLaCommandType::METHOD_INVOCATION, "SetUserLevel");
158 
159  // add challenge response value to set user level command
160  for (std::uint32_t byteCounter = 0u; byteCounter < challengeResponse.size(); byteCounter++)
161  {
162  coLaParameterWriter.parameterUSInt(challengeResponse[byteCounter]);
163  }
164 
165  // add user Level to command and build it
166  CoLaCommand getUserLevelCommand =
167  coLaParameterWriter.parameterUSInt(static_cast<uint8_t>(userLevel)).build();
168  CoLaCommand getUserLevelResponse = m_VisionaryControl.sendCommand(getUserLevelCommand);
169  if (getUserLevelResponse.getError() == CoLaError::OK)
170  {
171  coLaParameterReader = CoLaParameterReader(getUserLevelResponse);
172  if (static_cast<ChallengeResponseResult>(coLaParameterReader.readUSInt()) ==
173  ChallengeResponseResult::SUCCESS)
174  {
175  isLoginSuccessful = true;
176  }
177  }
178  }
179  }
180  return isLoginSuccessful;
181 }
182 
183 bool AuthenticationSecure::logout()
184 {
185  CoLaCommand runCommand = CoLaParameterWriter(CoLaCommandType::METHOD_INVOCATION, "Run").build();
186  CoLaCommand runResponse = m_VisionaryControl.sendCommand(runCommand);
187 
188  if (runResponse.getError() == CoLaError::OK)
189  {
190  return CoLaParameterReader(runResponse).readUSInt();
191  }
192  return false;
193 }
194 
195 } // namespace visionary
visionary::AuthenticationSecure::CreatePasswortHash
PasswordHash CreatePasswortHash(UserLevel userLevel, const std::string &password, const ChallengeRequest &challengeRequest)
Definition: AuthenticationSecure.cpp:48
visionary::CoLaParameterWriter::parameterUSInt
CoLaParameterWriter & parameterUSInt(const uint8_t uSInt)
Add a unsigned short (8-bit, range [0, 255]).
Definition: CoLaParameterWriter.cpp:44
visionary::IAuthentication::UserLevel
UserLevel
Available CoLa user levels.
Definition: IAuthentication.h:31
visionary::IAuthentication::UserLevel::AUTHORIZED_CLIENT
@ AUTHORIZED_CLIENT
visionary::CoLaParameterReader
Class for reading data from a CoLaCommand.
Definition: CoLaParameterReader.h:33
sha256_init
int sha256_init(hash_state *md)
Definition: SHA256.cpp:180
visionary::IAuthentication::UserLevel::SERVICE
@ SERVICE
visionary
Definition: AuthenticationLegacy.h:25
AuthenticationSecure.h
visionary::CoLaParameterWriter
Builder for constructing CoLaCommands.
Definition: CoLaParameterWriter.h:35
visionary::CoLaCommand
Definition: CoLaCommand.h:32
visionary::AuthenticationSecure::logout
virtual bool logout()
Definition: AuthenticationSecure.cpp:183
visionary::IAuthentication::UserLevel::OPERATOR
@ OPERATOR
sha256_done
int sha256_done(hash_state *md, ulong8 *hash)
visionary::CoLaError::OK
@ OK
No error.
Definition: CoLaError.h:35
visionary::CoLaCommand::getError
CoLaError::Enum getError()
Get error.
Definition: CoLaCommand.cpp:113
Hash_state
Definition: SHA256.h:34
visionary::ChallengeRequest::salt
std::array< std::uint8_t, 16 > salt
Definition: AuthenticationSecure.h:31
CoLaParameterWriter.h
visionary::ChallengeResponse
std::array< std::uint8_t, 32 > ChallengeResponse
Definition: AuthenticationSecure.h:35
visionary::SafeVisionaryControl::sendCommand
CoLaCommand sendCommand(CoLaCommand &command)
Send a CoLaBCommand to the device and waits for the result.
Definition: SafeVisionaryControl.cpp:122
visionary::AuthenticationSecure::AuthenticationSecure
AuthenticationSecure(SafeVisionaryControl &vctrl)
Definition: AuthenticationSecure.cpp:41
SHA256.h
visionary::PasswordHash
std::array< std::uint8_t, 32 > PasswordHash
Definition: AuthenticationSecure.h:34
visionary::IAuthentication::UserLevel::RUN
@ RUN
visionary::CoLaCommandType::METHOD_INVOCATION
@ METHOD_INVOCATION
Definition: CoLaCommandType.h:36
visionary::CoLaParameterReader::readUSInt
uint8_t readUSInt()
Read a unsigned short int (8 bit, range [0, 255]) and advances position by 1 byte.
Definition: CoLaParameterReader.cpp:47
visionary::ChallengeRequest::challenge
std::array< std::uint8_t, 16 > challenge
Definition: AuthenticationSecure.h:30
visionary::AuthenticationSecure::m_VisionaryControl
SafeVisionaryControl & m_VisionaryControl
Definition: AuthenticationSecure.h:48
visionary::ChallengeRequest
Definition: AuthenticationSecure.h:28
visionary::SafeVisionaryControl
Definition: SafeVisionaryControl.h:34
visionary::AuthenticationSecure::~AuthenticationSecure
virtual ~AuthenticationSecure()
Definition: AuthenticationSecure.cpp:46
visionary::AuthenticationSecure::CreateChallengeResponse
ChallengeResponse CreateChallengeResponse(UserLevel userLevel, const std::string &password, const ChallengeRequest &challengeRequest)
Definition: AuthenticationSecure.cpp:103
CoLaParameterReader.h
visionary::AuthenticationSecure::login
virtual bool login(UserLevel userLevel, const std::string &password)
Definition: AuthenticationSecure.cpp:120
sha256_process
int sha256_process(hash_state *md, const ulong8 *in, ulong32 inlen)
Definition: SHA256.cpp:212
visionary::CoLaParameterWriter::build
const CoLaCommand build()
Definition: CoLaParameterWriter.cpp:198
visionary::IAuthentication::UserLevel::MAINTENANCE
@ MAINTENANCE

sick_safevisionary_base
Author(s):
autogenerated on Sat Oct 21 2023 02:24:26