niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cyclonedds/src/security/builtin_plugins/tests/CMakeLists.txt

103 lines
5.1 KiB
Text
Raw Normal View History

Builtin authentication plugin for DDS Security Builtin authentication plugin of DDS Security implementation was added. This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence. The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods. DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core. Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations. Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-10-30 11:41:00 +01:00
#
# Copyright(c) 2006 to 2019 ADLINK Technology Limited and others
#
# This program and the accompanying materials are made available under the
# terms of the Eclipse Public License v. 2.0 which is available at
# http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
# v. 1.0 which is available at
# http://www.eclipse.org/org/documents/edl-v10.php.
#
# SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
#
include(CUnit)
DDS Security built-in Cryptographic plugin (#306) * DDS Security built-in Cryptographic plugin This commit adds the built-in Cryptographic plugin that is part of the DDS Security implementation for Cyclone. The Cryptographic plugin defines the types and operations necessary to support encryption, digest, message authentication codes, and key exchange for DDS DomainParticipants, DataWriters and DDS DataReaders. Similar to other builtin plugins, the DDS Security cryptographic plugin is built as a shared library to allow dynamic library loading on runtime. This enables DDS participants to use specific plugin implementations with different configurations. Although I think this initial version is a reasonable starting point to be merged in the security branch, some parts of the code will need refactoring: * crypto_key_factory.c: crypto_factory_get_endpoint_relation returns arbitrary local-remote relation if no specific key for remote is found, which will not work in Cyclone because participants can have different security settings * performance of encoding data can be improved by not copying plain_rtps_message to a new buffer (to enable this, crypto_cipher_encrypt_data should allow encrypting parts of a message) * when decoding a message the message is split in several parts (header, body, footer, etc) and for this memory is allocated which is probably not necessary. Performance should be improved by removing these allocations and use pointers to the data instead. Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP processing crypto plugin review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP more refactoring based on review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing crypto plugin support for 128 bit key size Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored master key storage to reduce memory usage when using 128 bit keys Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing windows build linker issue Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored crypto key types, avoid returning pointers to released ref-counted object Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed bug in test decode_datareader_submessage.invalid_data Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed issues from review: use correct constant for hashing and handle different src/dst keysize correctly Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
2019-12-05 10:30:35 +01:00
find_package(OpenSSL)
Builtin authentication plugin for DDS Security Builtin authentication plugin of DDS Security implementation was added. This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence. The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods. DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core. Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations. Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-10-30 11:41:00 +01:00
set(security_auth_test_sources
DDS Security built-in Cryptographic plugin (#306) * DDS Security built-in Cryptographic plugin This commit adds the built-in Cryptographic plugin that is part of the DDS Security implementation for Cyclone. The Cryptographic plugin defines the types and operations necessary to support encryption, digest, message authentication codes, and key exchange for DDS DomainParticipants, DataWriters and DDS DataReaders. Similar to other builtin plugins, the DDS Security cryptographic plugin is built as a shared library to allow dynamic library loading on runtime. This enables DDS participants to use specific plugin implementations with different configurations. Although I think this initial version is a reasonable starting point to be merged in the security branch, some parts of the code will need refactoring: * crypto_key_factory.c: crypto_factory_get_endpoint_relation returns arbitrary local-remote relation if no specific key for remote is found, which will not work in Cyclone because participants can have different security settings * performance of encoding data can be improved by not copying plain_rtps_message to a new buffer (to enable this, crypto_cipher_encrypt_data should allow encrypting parts of a message) * when decoding a message the message is split in several parts (header, body, footer, etc) and for this memory is allocated which is probably not necessary. Performance should be improved by removing these allocations and use pointers to the data instead. Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP processing crypto plugin review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP more refactoring based on review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing crypto plugin support for 128 bit key size Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored master key storage to reduce memory usage when using 128 bit keys Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing windows build linker issue Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored crypto key types, avoid returning pointers to released ref-counted object Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed bug in test decode_datareader_submessage.invalid_data Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed issues from review: use correct constant for hashing and handle different src/dst keysize correctly Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
2019-12-05 10:30:35 +01:00
"common/src/loader.c"
"common/src/handshake_helper.c"
Builtin authentication plugin for DDS Security Builtin authentication plugin of DDS Security implementation was added. This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence. The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods. DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core. Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations. Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-10-30 11:41:00 +01:00
"get_authenticated_peer_credential_token/src/get_authenticated_peer_credential_token_utests.c"
DDS Security built-in Cryptographic plugin (#306) * DDS Security built-in Cryptographic plugin This commit adds the built-in Cryptographic plugin that is part of the DDS Security implementation for Cyclone. The Cryptographic plugin defines the types and operations necessary to support encryption, digest, message authentication codes, and key exchange for DDS DomainParticipants, DataWriters and DDS DataReaders. Similar to other builtin plugins, the DDS Security cryptographic plugin is built as a shared library to allow dynamic library loading on runtime. This enables DDS participants to use specific plugin implementations with different configurations. Although I think this initial version is a reasonable starting point to be merged in the security branch, some parts of the code will need refactoring: * crypto_key_factory.c: crypto_factory_get_endpoint_relation returns arbitrary local-remote relation if no specific key for remote is found, which will not work in Cyclone because participants can have different security settings * performance of encoding data can be improved by not copying plain_rtps_message to a new buffer (to enable this, crypto_cipher_encrypt_data should allow encrypting parts of a message) * when decoding a message the message is split in several parts (header, body, footer, etc) and for this memory is allocated which is probably not necessary. Performance should be improved by removing these allocations and use pointers to the data instead. Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP processing crypto plugin review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP more refactoring based on review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing crypto plugin support for 128 bit key size Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored master key storage to reduce memory usage when using 128 bit keys Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing windows build linker issue Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored crypto key types, avoid returning pointers to released ref-counted object Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed bug in test decode_datareader_submessage.invalid_data Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed issues from review: use correct constant for hashing and handle different src/dst keysize correctly Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
2019-12-05 10:30:35 +01:00
"process_handshake/src/process_handshake_utests.c"
"validate_begin_handshake_reply/src/validate_begin_handshake_reply_utests.c"
"validate_begin_handshake_request/src/validate_begin_handshake_request_utests.c"
Builtin authentication plugin for DDS Security Builtin authentication plugin of DDS Security implementation was added. This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence. The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods. DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core. Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations. Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-10-30 11:41:00 +01:00
"validate_local_identity/src/validate_local_identity_utests.c"
"validate_remote_identity/src/validate_remote_identity_utests.c"
Certificate trigger and directory operations Implement trigger of certificate and permission expiries using the timed callbacks. Implement directory operations such that trusted CA can be read. This implements OS abstraction functions such as opendir and stat. Signed-off-by: Stefan Kimmer <skimmer@s2e-systems.com>
2020-01-24 10:53:18 +01:00
"listeners_authentication/src/listeners_authentication_utests.c"
"listeners_access_control/src/listeners_access_control_utests.c"
DDS Security built-in Cryptographic plugin (#306) * DDS Security built-in Cryptographic plugin This commit adds the built-in Cryptographic plugin that is part of the DDS Security implementation for Cyclone. The Cryptographic plugin defines the types and operations necessary to support encryption, digest, message authentication codes, and key exchange for DDS DomainParticipants, DataWriters and DDS DataReaders. Similar to other builtin plugins, the DDS Security cryptographic plugin is built as a shared library to allow dynamic library loading on runtime. This enables DDS participants to use specific plugin implementations with different configurations. Although I think this initial version is a reasonable starting point to be merged in the security branch, some parts of the code will need refactoring: * crypto_key_factory.c: crypto_factory_get_endpoint_relation returns arbitrary local-remote relation if no specific key for remote is found, which will not work in Cyclone because participants can have different security settings * performance of encoding data can be improved by not copying plain_rtps_message to a new buffer (to enable this, crypto_cipher_encrypt_data should allow encrypting parts of a message) * when decoding a message the message is split in several parts (header, body, footer, etc) and for this memory is allocated which is probably not necessary. Performance should be improved by removing these allocations and use pointers to the data instead. Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP processing crypto plugin review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP more refactoring based on review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing crypto plugin support for 128 bit key size Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored master key storage to reduce memory usage when using 128 bit keys Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing windows build linker issue Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored crypto key types, avoid returning pointers to released ref-counted object Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed bug in test decode_datareader_submessage.invalid_data Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed issues from review: use correct constant for hashing and handle different src/dst keysize correctly Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
2019-12-05 10:30:35 +01:00
)
Builtin authentication plugin for DDS Security Builtin authentication plugin of DDS Security implementation was added. This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence. The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods. DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core. Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations. Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-10-30 11:41:00 +01:00
DDS Security built-in Access Control plugin This commit adds the build-in Access Control plugin that is part of the DDS Security implementation for Cyclone. The Access Control Plugin API defines the types and operations necessary to support an access control mechanism for DDS Domain Participants. Similar to other builtin plugins, the DDS Security access control plugin is built as a shared library to allow dynamic library loading on runtime. This enables DDS participants to use specific plugin implementations with different configurations. This commit includes some basic tests for the access control functions. This initial version of the plugin does not support permissions expiry (not-valid-after date in permissions configuration). Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Process review comments for access control plugin Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Part 2 of processing review changes for access control Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Add test for topicname dcps, add comment for xml date parser Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Fixed an bug in leap year count for year 2200, changed the rounding for sub-ns fraction and added an additional overflow test in DDS_Security_parse_xml_date Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
2019-11-21 12:01:34 +01:00
set(security_ac_test_sources
"access_control_fnmatch/src/access_control_fnmatch_utests.c"
"get_permissions_credential_token/src/get_permissions_credential_token_utests.c"
"get_permissions_token/src/get_permissions_token_utests.c"
"get_xxx_sec_attributes/src/get_xxx_sec_attributes_utests.c"
# "listeners_access_control/src/listeners_access_control_utests.c"
"validate_local_permissions/src/validate_local_permissions_utests.c"
"validate_remote_permissions/src/validate_remote_permissions_utests.c"
)
DDS Security built-in Cryptographic plugin (#306) * DDS Security built-in Cryptographic plugin This commit adds the built-in Cryptographic plugin that is part of the DDS Security implementation for Cyclone. The Cryptographic plugin defines the types and operations necessary to support encryption, digest, message authentication codes, and key exchange for DDS DomainParticipants, DataWriters and DDS DataReaders. Similar to other builtin plugins, the DDS Security cryptographic plugin is built as a shared library to allow dynamic library loading on runtime. This enables DDS participants to use specific plugin implementations with different configurations. Although I think this initial version is a reasonable starting point to be merged in the security branch, some parts of the code will need refactoring: * crypto_key_factory.c: crypto_factory_get_endpoint_relation returns arbitrary local-remote relation if no specific key for remote is found, which will not work in Cyclone because participants can have different security settings * performance of encoding data can be improved by not copying plain_rtps_message to a new buffer (to enable this, crypto_cipher_encrypt_data should allow encrypting parts of a message) * when decoding a message the message is split in several parts (header, body, footer, etc) and for this memory is allocated which is probably not necessary. Performance should be improved by removing these allocations and use pointers to the data instead. Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP processing crypto plugin review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP more refactoring based on review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing crypto plugin support for 128 bit key size Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored master key storage to reduce memory usage when using 128 bit keys Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing windows build linker issue Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored crypto key types, avoid returning pointers to released ref-counted object Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed bug in test decode_datareader_submessage.invalid_data Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed issues from review: use correct constant for hashing and handle different src/dst keysize correctly Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
2019-12-05 10:30:35 +01:00
set(security_crypto_test_sources
"common/src/crypto_helper.c"
"create_local_datareader_crypto_tokens/src/create_local_datareader_crypto_tokens_utests.c"
"create_local_datawriter_crypto_tokens/src/create_local_datawriter_crypto_tokens_utests.c"
"create_local_participant_crypto_tokens/src/create_local_participant_crypto_tokens_utests.c"
"decode_datareader_submessage/src/decode_datareader_submessage_utests.c"
"decode_datawriter_submessage/src/decode_datawriter_submessage_utests.c"
"decode_rtps_message/src/decode_rtps_message_utests.c"
"decode_serialized_payload/src/decode_serialized_payload_utests.c"
"encode_datareader_submessage/src/encode_datareader_submessage_utests.c"
"encode_datawriter_submessage/src/encode_datawriter_submessage_utests.c"
"encode_rtps_message/src/encode_rtps_message_utests.c"
"encode_serialized_payload/src/encode_serialized_payload_utests.c"
"preprocess_secure_submsg/src/preprocess_secure_submsg_utests.c"
"register_local_datareader/src/register_local_datareader_utests.c"
"register_local_datawriter/src/register_local_datawriter_utests.c"
"register_local_participant/src/register_local_participant_utests.c"
"register_matched_remote_datareader/src/register_matched_remote_datareader_utests.c"
"register_matched_remote_datawriter/src/register_matched_remote_datawriter_utests.c"
"register_matched_remote_participant/src/register_matched_remote_participant_utests.c"
"set_remote_datareader_crypto_tokens/src/set_remote_datareader_crypto_tokens_utests.c"
"set_remote_datawriter_crypto_tokens/src/set_remote_datawriter_crypto_tokens_utests.c"
"set_remote_participant_crypto_tokens/src/set_remote_participant_crypto_tokens_utests.c"
)
Builtin authentication plugin for DDS Security Builtin authentication plugin of DDS Security implementation was added. This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence. The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods. DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core. Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations. Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-10-30 11:41:00 +01:00
DDS Security built-in Access Control plugin This commit adds the build-in Access Control plugin that is part of the DDS Security implementation for Cyclone. The Access Control Plugin API defines the types and operations necessary to support an access control mechanism for DDS Domain Participants. Similar to other builtin plugins, the DDS Security access control plugin is built as a shared library to allow dynamic library loading on runtime. This enables DDS participants to use specific plugin implementations with different configurations. This commit includes some basic tests for the access control functions. This initial version of the plugin does not support permissions expiry (not-valid-after date in permissions configuration). Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Process review comments for access control plugin Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Part 2 of processing review changes for access control Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Add test for topicname dcps, add comment for xml date parser Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Fixed an bug in leap year count for year 2200, changed the rounding for sub-ns fraction and added an additional overflow test in DDS_Security_parse_xml_date Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
2019-11-21 12:01:34 +01:00
add_cunit_executable(cunit_security_plugins ${security_auth_test_sources} ${security_ac_test_sources} ${security_crypto_test_sources})
target_include_directories(
cunit_security_plugins PRIVATE
"$<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/src/include/>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_api,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_core,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>"
)
target_link_libraries(cunit_security_plugins PRIVATE ddsc security_api)
Builtin authentication plugin for DDS Security Builtin authentication plugin of DDS Security implementation was added. This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence. The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods. DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core. Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations. Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-10-30 11:41:00 +01:00
if(OPENSSL_FOUND)
DDS Security built-in Access Control plugin This commit adds the build-in Access Control plugin that is part of the DDS Security implementation for Cyclone. The Access Control Plugin API defines the types and operations necessary to support an access control mechanism for DDS Domain Participants. Similar to other builtin plugins, the DDS Security access control plugin is built as a shared library to allow dynamic library loading on runtime. This enables DDS participants to use specific plugin implementations with different configurations. This commit includes some basic tests for the access control functions. This initial version of the plugin does not support permissions expiry (not-valid-after date in permissions configuration). Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Process review comments for access control plugin Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Part 2 of processing review changes for access control Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Add test for topicname dcps, add comment for xml date parser Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Fixed an bug in leap year count for year 2200, changed the rounding for sub-ns fraction and added an additional overflow test in DDS_Security_parse_xml_date Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
2019-11-21 12:01:34 +01:00
target_link_libraries(cunit_security_plugins PRIVATE ddsc dds_security_ac)
target_link_libraries(cunit_security_plugins PRIVATE ddsc dds_security_crypto)
Builtin authentication plugin for DDS Security Builtin authentication plugin of DDS Security implementation was added. This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence. The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods. DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core. Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations. Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-10-30 11:41:00 +01:00
target_link_libraries(cunit_security_plugins PRIVATE OpenSSL::SSL)
Certificate trigger and directory operations Implement trigger of certificate and permission expiries using the timed callbacks. Implement directory operations such that trusted CA can be read. This implements OS abstraction functions such as opendir and stat. Signed-off-by: Stefan Kimmer <skimmer@s2e-systems.com>
2020-01-24 10:53:18 +01:00
Builtin authentication plugin for DDS Security Builtin authentication plugin of DDS Security implementation was added. This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence. The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods. DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core. Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations. Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-10-30 11:41:00 +01:00
else()
DDS Security dynamic plugin loading Security plugin loading with the given configuration has been added. The configuration can be given by either the Cyclone DDS configuration file or ParticipantQoS during participant creation. ParticipantQoS is required by DDS Security spec. However, the configuration file is an additional useful feature that helps the user to add security to the DDS application without changing the binary. If ParticipantQoS has a Property starting with the name "dds.sec", then the configuration file is ignored. If the participant is the first participant, the security component is initialized. If the participant is the last active participant, then the security component is de-initialized. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-11-20 16:54:28 +01:00
message(FATAL_ERROR "To build with openssl support, set ENABLE_OPENSSL to ON")
Builtin authentication plugin for DDS Security Builtin authentication plugin of DDS Security implementation was added. This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence. The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods. DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core. Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations. Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-10-30 11:41:00 +01:00
endif()
DDS Security built-in Cryptographic plugin (#306) * DDS Security built-in Cryptographic plugin This commit adds the built-in Cryptographic plugin that is part of the DDS Security implementation for Cyclone. The Cryptographic plugin defines the types and operations necessary to support encryption, digest, message authentication codes, and key exchange for DDS DomainParticipants, DataWriters and DDS DataReaders. Similar to other builtin plugins, the DDS Security cryptographic plugin is built as a shared library to allow dynamic library loading on runtime. This enables DDS participants to use specific plugin implementations with different configurations. Although I think this initial version is a reasonable starting point to be merged in the security branch, some parts of the code will need refactoring: * crypto_key_factory.c: crypto_factory_get_endpoint_relation returns arbitrary local-remote relation if no specific key for remote is found, which will not work in Cyclone because participants can have different security settings * performance of encoding data can be improved by not copying plain_rtps_message to a new buffer (to enable this, crypto_cipher_encrypt_data should allow encrypting parts of a message) * when decoding a message the message is split in several parts (header, body, footer, etc) and for this memory is allocated which is probably not necessary. Performance should be improved by removing these allocations and use pointers to the data instead. Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP processing crypto plugin review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP more refactoring based on review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing crypto plugin support for 128 bit key size Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored master key storage to reduce memory usage when using 128 bit keys Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing windows build linker issue Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored crypto key types, avoid returning pointers to released ref-counted object Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed bug in test decode_datareader_submessage.invalid_data Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed issues from review: use correct constant for hashing and handle different src/dst keysize correctly Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
2019-12-05 10:30:35 +01:00
target_include_directories(
cunit_security_plugins PRIVATE
DDS Security built-in Access Control plugin This commit adds the build-in Access Control plugin that is part of the DDS Security implementation for Cyclone. The Access Control Plugin API defines the types and operations necessary to support an access control mechanism for DDS Domain Participants. Similar to other builtin plugins, the DDS Security access control plugin is built as a shared library to allow dynamic library loading on runtime. This enables DDS participants to use specific plugin implementations with different configurations. This commit includes some basic tests for the access control functions. This initial version of the plugin does not support permissions expiry (not-valid-after date in permissions configuration). Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Process review comments for access control plugin Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Part 2 of processing review changes for access control Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Add test for topicname dcps, add comment for xml date parser Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> Fixed an bug in leap year count for year 2200, changed the rounding for sub-ns fraction and added an additional overflow test in DDS_Security_parse_xml_date Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
2019-11-21 12:01:34 +01:00
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/../access_control/src/>"
DDS Security built-in Cryptographic plugin (#306) * DDS Security built-in Cryptographic plugin This commit adds the built-in Cryptographic plugin that is part of the DDS Security implementation for Cyclone. The Cryptographic plugin defines the types and operations necessary to support encryption, digest, message authentication codes, and key exchange for DDS DomainParticipants, DataWriters and DDS DataReaders. Similar to other builtin plugins, the DDS Security cryptographic plugin is built as a shared library to allow dynamic library loading on runtime. This enables DDS participants to use specific plugin implementations with different configurations. Although I think this initial version is a reasonable starting point to be merged in the security branch, some parts of the code will need refactoring: * crypto_key_factory.c: crypto_factory_get_endpoint_relation returns arbitrary local-remote relation if no specific key for remote is found, which will not work in Cyclone because participants can have different security settings * performance of encoding data can be improved by not copying plain_rtps_message to a new buffer (to enable this, crypto_cipher_encrypt_data should allow encrypting parts of a message) * when decoding a message the message is split in several parts (header, body, footer, etc) and for this memory is allocated which is probably not necessary. Performance should be improved by removing these allocations and use pointers to the data instead. Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP processing crypto plugin review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP more refactoring based on review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing crypto plugin support for 128 bit key size Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored master key storage to reduce memory usage when using 128 bit keys Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing windows build linker issue Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored crypto key types, avoid returning pointers to released ref-counted object Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed bug in test decode_datareader_submessage.invalid_data Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed issues from review: use correct constant for hashing and handle different src/dst keysize correctly Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
2019-12-05 10:30:35 +01:00
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/../cryptographic/src/>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_api,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_core,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>"
)
Builtin authentication plugin for DDS Security Builtin authentication plugin of DDS Security implementation was added. This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence. The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods. DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core. Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations. Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-10-30 11:41:00 +01:00
DDS Security dynamic plugin loading Security plugin loading with the given configuration has been added. The configuration can be given by either the Cyclone DDS configuration file or ParticipantQoS during participant creation. ParticipantQoS is required by DDS Security spec. However, the configuration file is an additional useful feature that helps the user to add security to the DDS application without changing the binary. If ParticipantQoS has a Property starting with the name "dds.sec", then the configuration file is ignored. If the participant is the first participant, the security component is initialized. If the participant is the last active participant, then the security component is de-initialized. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-11-20 16:54:28 +01:00
Builtin authentication plugin for DDS Security Builtin authentication plugin of DDS Security implementation was added. This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence. The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods. DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core. Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations. Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-10-30 11:41:00 +01:00
DDS Security built-in Cryptographic plugin (#306) * DDS Security built-in Cryptographic plugin This commit adds the built-in Cryptographic plugin that is part of the DDS Security implementation for Cyclone. The Cryptographic plugin defines the types and operations necessary to support encryption, digest, message authentication codes, and key exchange for DDS DomainParticipants, DataWriters and DDS DataReaders. Similar to other builtin plugins, the DDS Security cryptographic plugin is built as a shared library to allow dynamic library loading on runtime. This enables DDS participants to use specific plugin implementations with different configurations. Although I think this initial version is a reasonable starting point to be merged in the security branch, some parts of the code will need refactoring: * crypto_key_factory.c: crypto_factory_get_endpoint_relation returns arbitrary local-remote relation if no specific key for remote is found, which will not work in Cyclone because participants can have different security settings * performance of encoding data can be improved by not copying plain_rtps_message to a new buffer (to enable this, crypto_cipher_encrypt_data should allow encrypting parts of a message) * when decoding a message the message is split in several parts (header, body, footer, etc) and for this memory is allocated which is probably not necessary. Performance should be improved by removing these allocations and use pointers to the data instead. Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP processing crypto plugin review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP more refactoring based on review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing crypto plugin support for 128 bit key size Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored master key storage to reduce memory usage when using 128 bit keys Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing windows build linker issue Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored crypto key types, avoid returning pointers to released ref-counted object Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed bug in test decode_datareader_submessage.invalid_data Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed issues from review: use correct constant for hashing and handle different src/dst keysize correctly Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
2019-12-05 10:30:35 +01:00
set(CUnit_builtin_plugins_tests_dir "${CMAKE_CURRENT_LIST_DIR}")
Certificate trigger and directory operations Implement trigger of certificate and permission expiries using the timed callbacks. Implement directory operations such that trusted CA can be read. This implements OS abstraction functions such as opendir and stat. Signed-off-by: Stefan Kimmer <skimmer@s2e-systems.com>
2020-01-24 10:53:18 +01:00
set(CUnit_build_dir "${CMAKE_CURRENT_BINARY_DIR}")
Builtin authentication plugin for DDS Security Builtin authentication plugin of DDS Security implementation was added. This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence. The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods. DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core. Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations. Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-10-30 11:41:00 +01:00
DDS Security built-in Cryptographic plugin (#306) * DDS Security built-in Cryptographic plugin This commit adds the built-in Cryptographic plugin that is part of the DDS Security implementation for Cyclone. The Cryptographic plugin defines the types and operations necessary to support encryption, digest, message authentication codes, and key exchange for DDS DomainParticipants, DataWriters and DDS DataReaders. Similar to other builtin plugins, the DDS Security cryptographic plugin is built as a shared library to allow dynamic library loading on runtime. This enables DDS participants to use specific plugin implementations with different configurations. Although I think this initial version is a reasonable starting point to be merged in the security branch, some parts of the code will need refactoring: * crypto_key_factory.c: crypto_factory_get_endpoint_relation returns arbitrary local-remote relation if no specific key for remote is found, which will not work in Cyclone because participants can have different security settings * performance of encoding data can be improved by not copying plain_rtps_message to a new buffer (to enable this, crypto_cipher_encrypt_data should allow encrypting parts of a message) * when decoding a message the message is split in several parts (header, body, footer, etc) and for this memory is allocated which is probably not necessary. Performance should be improved by removing these allocations and use pointers to the data instead. Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP processing crypto plugin review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP more refactoring based on review comments Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing crypto plugin support for 128 bit key size Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored master key storage to reduce memory usage when using 128 bit keys Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP fixing windows build linker issue Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * WIP refactored crypto key types, avoid returning pointers to released ref-counted object Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed bug in test decode_datareader_submessage.invalid_data Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com> * Fixed issues from review: use correct constant for hashing and handle different src/dst keysize correctly Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
2019-12-05 10:30:35 +01:00
configure_file("config_env.h.in" "config_env.h")
Certificate trigger and directory operations Implement trigger of certificate and permission expiries using the timed callbacks. Implement directory operations such that trusted CA can be read. This implements OS abstraction functions such as opendir and stat. Signed-off-by: Stefan Kimmer <skimmer@s2e-systems.com>
2020-01-24 10:53:18 +01:00
Reference in a new issue Copy permalink