Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PnC Authorization -> First AuthorizationReq message contains the id and GenChallenge, but not the upcoming ones #26

Closed
tropxy opened this issue Mar 22, 2022 · 1 comment · Fixed by #107
Closed

PnC Authorization -> First AuthorizationReq message contains the id and GenChallenge, but not the upcoming ones #26

tropxy opened this issue Mar 22, 2022 · 1 comment · Fixed by #107

Comments

@tropxy
Copy link
Contributor

tropxy commented Mar 22, 2022
edited by azure-boards bot

Azure ticket: AB#1049

This is the Authorization state class:

class Authorization(StateSECC):
    """
    The ISO 15118-2 state in which the SECC processes an
    AuthorizationReq message from the EVCC.

    At this state, the application will assert if the authorization has been
    concluded by running the method `is_authorised` from the evcc_controller.
    If the method returns `True`, then the authorization step is finished and
    the state machine can move on to the `ChargeParameterDiscovery` state,
    otherwise will stay in this state and answer to the EV with
    `EVSEProcessing=Ongoing`.

    TODO: This method is incomplete, as it wont allow answering with a Failed
          response, for a rejected authorization. `is_authorized` shall return
          one out of three responses: `ongoing`, `accepted` or `rejected`.
          In case of rejected and according to table 112 from ISO 15118-2, the
          errors allowed to be used are: FAILED, FAILED_Challenge_Invalid or
          FAILED_Certificate_Revoked.
          Please check: https://dev.azure.com/switch-ev/Josev/_backlogs/backlog/Josev%20Team/Stories/?workitem=1049  # noqa: E501

    """

    def __init__(self, comm_session: SECCCommunicationSession):
        super().__init__(comm_session, Timeouts.V2G_SECC_SEQUENCE_TIMEOUT)

    def process_message(
        self,
        message: Union[
            SupportedAppProtocolReq,
            SupportedAppProtocolRes,
            V2GMessageV2,
            V2GMessageV20,
        ],
    ):
        msg = self.check_msg_v2(message, [AuthorizationReq])

        if not msg:
            return

        authorization_req: AuthorizationReq = msg.body.authorization_req

        if self.comm_session.selected_auth_option == AuthEnum.PNC_V2:
            if not self.comm_session.contract_cert_chain:
                self.stop_state_machine(
                    "No contract certificate chain available to "
                    "verify AuthorizationReq",
                    message,
                    ResponseCode.FAILED_SIGNATURE_ERROR,
                )
                return

            if not verify_signature(
                msg.header.signature,
                [
                    (
                        authorization_req.id,
                        EXI().to_exi(authorization_req, Namespace.ISO_V2_MSG_DEF),
                    )
                ],
                self.comm_session.contract_cert_chain.certificate,
            ):
                self.stop_state_machine(
                    "Unable to verify signature of AuthorizationReq",
                    message,
                    ResponseCode.FAILED_SIGNATURE_ERROR,
                )
                return

        auth_status: EVSEProcessing = EVSEProcessing.ONGOING
        next_state: Type["State"] = Authorization
        if self.comm_session.evse_controller.is_authorised():
            auth_status = EVSEProcessing.FINISHED
            next_state = ChargeParameterDiscovery

        # TODO Need to distinguish between ONGOING and
        #      ONGOING_WAITING_FOR_CUSTOMER

        authorization_res = AuthorizationRes(
            response_code=ResponseCode.OK, evse_processing=auth_status
        )

        self.create_next_message(
            next_state,
            authorization_res,
            Timeouts.V2G_SECC_SEQUENCE_TIMEOUT,
            Namespace.ISO_V2_MSG_DEF,
        )

According to requirement [V2G2-684], in case of PnC and after the first AuthorizationReq, which has to be signed by the EVCC, is verified, if the SECC has not yet an answer from the CSMS that the EV is authorized or not, then iso15118 can for 60s be in a loop of AuthorizationReq/Res with EVSEProcessing = "Ongoing" and in this case, the subsequent AutorizationReq messages are empty, so the SECC does not need to verify the Signature of those messages.

Inspecting the code, is clear that this is not expected and, as of today, the code would fail, because it would try to verify the signature of the Authorization message when not supposed to.

Solution: Save in a variable that the 1st Authorization was verified, so that the next AuthorizationReq does not need to be verified.
@tropxy tropxy changed the title PnC Authorization PnC Authorization -> First AuthorizationReq message contains the id and GenChallenge, but not the upcoming ones May 9, 2022
@tropxy tropxy mentioned this issue Sep 15, 2022
Merged
@tropxy
Copy link
Contributor Author

tropxy commented Sep 15, 2022

This was solved here #107

@tropxy tropxy closed this as completed Sep 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feat/complete pnc auth EcoG-io/iso15118
1 participant
@tropxy