Added support for:

- libwebsockets for tpm/secprofile 2/3
- TPM with hardware generated key
- config for TPM usage

Signed-off-by: AssemblyJohn <[email protected]>

CMakeLists.txt

@@ -36,6 +36,7 @@ else()
     find_package(nlohmann_json REQUIRED)
     find_package(nlohmann_json_schema_validator REQUIRED)
     find_package(websocketpp REQUIRED)
+    find_package(libwebsockets REQUIRED)
 
     find_package(fsm REQUIRED)
     find_package(everest-timer REQUIRED)

config/v16/config-docker.json

@@ -6,7 +6,8 @@
         "ChargePointModel": "Yeti",
         "ChargePointVendor": "Pionix",
         "FirmwareVersion": "0.1",
-        "AllowChargingProfileWithoutStartSchedule": true
+        "AllowChargingProfileWithoutStartSchedule": true,
+        "UseTPM" : false
     },
     "Core": {
         "AuthorizeRemoteTxRequests": false,

config/v16/profile_schemas/Internal.json

@@ -104,6 +104,11 @@
                 "TLS_AES_128_GCM_SHA256"
             ]
         },
+        "UseTPM": {
+            "type": "boolean",
+            "readOnly": true,
+            "default": false
+        },
         "RetryBackoffRandomRange": {
             "$comment": "maximum value for the random part of the websocket reconnect back-off time",
             "type": "integer",

dependencies.yaml

@@ -31,3 +31,7 @@ websocketpp:
 libevse-security:
   git: https://github.com/EVerest/libevse-security.git
   git_tag: v0.3.0
+libwebsockets:
+  git: https://github.com/warmcat/libwebsockets.git
+  git_tag: v4.3.3
+

include/ocpp/common/websocket/websocket_base.hpp

@@ -35,6 +35,7 @@ struct WebsocketConnectionOptions {
     std::optional<bool> additional_root_certificate_check;
     std::optional<std::string> hostName;
     bool verify_csms_common_name;
+    bool use_tpm_tls;
 };
 
 ///

include/ocpp/common/websocket/websocket_tls_tpm.hpp

@@ -0,0 +1,92 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2020 - 2023 Pionix GmbH and Contributors to EVerest
+#ifndef OCPP_WEBSOCKET_TLS_TPM_HPP
+#define OCPP_WEBSOCKET_TLS_TPM_HPP
+
+#include <ocpp/common/evse_security.hpp>
+#include <ocpp/common/websocket/websocket_base.hpp>
+
+#include <queue>
+namespace ocpp {
+
+struct ConnectionData;
+struct WebsocketMessage;
+
+/// \brief Experimental libwebsockets TLS connection
+class WebsocketTlsTPM final : public WebsocketBase {
+public:
+    /// \brief Creates a new Websocket object with the providede \p connection_options
+    explicit WebsocketTlsTPM(const WebsocketConnectionOptions& connection_options,
+                             std::shared_ptr<EvseSecurity> evse_security);
+
+    ~WebsocketTlsTPM();
+
+    void set_connection_options(const WebsocketConnectionOptions& connection_options) override;
+
+    /// \brief connect to a TLS websocket
+    /// \returns true if the websocket is initialized and a connection attempt is made
+    bool connect() override;
+
+    /// \brief Reconnects the websocket using the delay, a reason for this reconnect can be provided with the
+    /// \param reason parameter
+    /// \param delay delay of the reconnect attempt
+    void reconnect(std::error_code reason, long delay) override;
+
+    /// \brief closes the websocket
+    void close(websocketpp::close::status::value code, const std::string& reason) override;
+
+    /// \brief send a \p message over the websocket
+    /// \returns true if the message was sent successfully
+    bool send(const std::string& message) override;
+
+    /// \brief send a websocket ping
+    void ping() override;
+
+public:
+    int process_callback(void* wsi_ptr, int callback_reason, void* user, void* in, size_t len);
+
+private:
+    void tls_init();
+    void client_loop();
+    void recv_loop();
+
+    /// \brief Called when a TLS websocket connection is established, calls the connected callback
+    void on_conn_connected();
+
+    /// \brief Called when a TLS websocket connection is closed
+    void on_conn_close();
+
+    /// \brief Called when a TLS websocket connection fails to be established
+    void on_conn_fail();
+
+    /// \brief When the connection can send data
+    void on_writable();
+
+    /// \brief Called when a message is received over the TLS websocket, calls the message callback
+    void on_message(void* msg, size_t len);
+
+    void request_write();
+
+    void poll_message(const std::shared_ptr<WebsocketMessage>& msg, bool wait_sendaf);
+
+private:
+    std::shared_ptr<EvseSecurity> evse_security;
+
+    // Connection related data
+    std::unique_ptr<Everest::SteadyTimer> reconnect_timer_tpm;
+    std::unique_ptr<std::thread> websocket_thread;
+    std::shared_ptr<ConnectionData> conn_data;
+    std::condition_variable conn_cv;
+
+    std::mutex queue_mutex;
+    std::queue<std::shared_ptr<WebsocketMessage>> message_queue;
+    std::condition_variable msg_send_cv;
+
+    std::unique_ptr<std::thread> recv_message_thread;
+    std::mutex recv_mutex;
+    std::queue<std::string> recv_message_queue;
+    std::condition_variable recv_message_cv;
+};
+
+} // namespace ocpp
+#endif // OCPP_WEBSOCKET_HPP

include/ocpp/common/websocket/websocket_uri.hpp

@@ -40,6 +40,14 @@ class Uri {
         return this->chargepoint_id;
     }
 
+    std::string get_path() {
+        return this->path_without_chargepoint_id;
+    }
+
+    uint16_t get_port() {
+        return this->port;
+    }
+
     std::string string() {
         auto uri = get_websocketpp_uri();
         return uri.str();

include/ocpp/v16/charge_point_configuration.hpp

@@ -81,6 +81,7 @@ class ChargePointConfiguration {
     KeyValue getUseSslDefaultVerifyPathsKeyValue();
     bool getVerifyCsmsCommonName();
     KeyValue getVerifyCsmsCommonNameKeyValue();
+    bool getUseTPM();
 
     int32_t getRetryBackoffRandomRange();
     void setRetryBackoffRandomRange(int32_t retry_backoff_random_range);

lib/CMakeLists.txt

@@ -91,6 +91,7 @@ target_link_libraries(ocpp
     PUBLIC
         everest::timer
         websocketpp::websocketpp
+        websockets
         nlohmann_json_schema_validator
         everest::evse_security
     PRIVATE

lib/ocpp/common/websocket/CMakeLists.txt

@@ -5,5 +5,6 @@ target_sources(ocpp
         websocket_uri.cpp
         websocket_plain.cpp
         websocket_tls.cpp
+        websocket_tls_tpm.cpp
         websocket.cpp
 )

lib/ocpp/common/websocket/websocket.cpp

@@ -5,6 +5,8 @@
 #include <ocpp/common/websocket/websocket.hpp>
 #include <ocpp/v16/types.hpp>
 
+#include <ocpp/common/websocket/websocket_tls_tpm.hpp>
+
 #include <boost/algorithm/string.hpp>
 
 using json = nlohmann::json;
@@ -14,10 +16,15 @@ namespace ocpp {
 Websocket::Websocket(const WebsocketConnectionOptions& connection_options, std::shared_ptr<EvseSecurity> evse_security,
                      std::shared_ptr<MessageLogging> logging) :
     logging(logging) {
-    if (connection_options.security_profile <= 1) {
-        this->websocket = std::make_unique<WebsocketPlain>(connection_options);
-    } else if (connection_options.security_profile >= 2) {
-        this->websocket = std::make_unique<WebsocketTLS>(connection_options, evse_security);
+
+    if (connection_options.use_tpm_tls) {
+        this->websocket = std::make_unique<WebsocketTlsTPM>(connection_options, evse_security);
+    } else {
+        if (connection_options.security_profile <= 1) {
+            this->websocket = std::make_unique<WebsocketPlain>(connection_options);
+        } else if (connection_options.security_profile >= 2) {
+            this->websocket = std::make_unique<WebsocketTLS>(connection_options, evse_security);
+        }
     }
 }