niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Builtin authentication plugin for DDS Security

Browse source 
Builtin authentication plugin of DDS Security implementation was added.
This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence.

The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods.

DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core.

Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations.

Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later.

Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
This commit is contained in:
Kurtulus Oksuztepe 2019-10-30 11:41:00 +01:00
parent aa3b95ee7f
commit 2c1d3010d0
109 changed files with 20998 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

57
src/security/core/CMakeLists.txt Normal file
View file

@ -0,0 +1,57 @@
#
# Copyright(c) 2006 to 2019 ADLINK Technology Limited and others
#
# This program and the accompanying materials are made available under the
# terms of the Eclipse Public License v. 2.0 which is available at
# http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
# v. 1.0 which is available at
# http://www.eclipse.org/org/documents/edl-v10.php.
#
# SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
#
PREPEND(srcs_security_core "${CMAKE_CURRENT_LIST_DIR}/src"
dds_security_serialize.c
dds_security_utils.c
shared_secret.c
)
PREPEND(hdrs_public_security_core "${CMAKE_CURRENT_LIST_DIR}/include/security/core"
dds_security_core_if.h
dds_security_serialize.h
dds_security_types.h
dds_security_utils.h
shared_secret.h
)
set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC" )
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC" )
add_library(security_core INTERFACE)
target_sources(security_core
INTERFACE
${srcs_security_core}
)
target_include_directories(security_core
INTERFACE
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/include>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/../api/include>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsc,INTERFACE_INCLUDE_DIRECTORIES>>"
)
#target_link_libraries(security_core PRIVATE ddsrt security_api)
install(
DIRECTORY "${CMAKE_CURRENT_LIST_DIR}/include/dds/security/core/"
DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/dds/security/core/"
COMPONENT dev)
#install(
# TARGETS security_core
# EXPORT "${CMAKE_PROJECT_NAME}"
# RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}" COMPONENT lib
# LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}" COMPONENT lib
# ARCHIVE DESTINATION "${CMAKE_INSTALL_LIBDIR}" COMPONENT lib
#)

106
src/security/core/include/dds/security/core/dds_security_serialize.h Normal file
View file

@ -0,0 +1,106 @@
/*
* Copyright(c) 2006 to 2019 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifndef DDS_SECURITY_CDR_SER_H
#define DDS_SECURITY_CDR_SER_H
#include "dds/export.h"
#include "dds/security/dds_security_api.h"
#include "dds/security/core/dds_security_types.h"
#include "stddef.h"
#if defined (__cplusplus)
extern "C" {
#endif
typedef struct DDS_Security_Serializer *DDS_Security_Serializer;
typedef struct DDS_Security_Deserializer *DDS_Security_Deserializer;
DDS_EXPORT DDS_Security_Serializer
DDS_Security_Serializer_new(
size_t size,
size_t increment);
DDS_EXPORT void
DDS_Security_Serializer_free(
DDS_Security_Serializer serializer);
DDS_EXPORT void
DDS_Security_Serializer_buffer(
DDS_Security_Serializer ser,
unsigned char **buffer,
size_t *size);
DDS_EXPORT void
DDS_Security_Serialize_PropertySeq(
DDS_Security_Serializer serializer,
const DDS_Security_PropertySeq *seq);
DDS_EXPORT void
DDS_Security_Serialize_BinaryPropertyArray(
DDS_Security_Serializer serializer,
const DDS_Security_BinaryProperty_t **properties,
const uint32_t length);
DDS_EXPORT void
DDS_Security_Serialize_BinaryPropertySeq(
DDS_Security_Serializer serializer,
const DDS_Security_BinaryPropertySeq *seq);
DDS_EXPORT void
DDS_Security_Serialize_DataHolderSeq(
DDS_Security_Serializer serializer,
const DDS_Security_DataHolderSeq *seq);
DDS_EXPORT void
DDD_Security_Serialize_ParticipantBuiltinTopicData(
DDS_Security_Serializer ser,
DDS_Security_ParticipantBuiltinTopicData *pdata);
DDS_EXPORT void
DDD_Security_Serialize_KeyMaterial_AES_GCM_GMAC(
DDS_Security_Serializer ser,
const DDS_Security_KeyMaterial_AES_GCM_GMAC *data);
DDS_EXPORT DDS_Security_Deserializer
DDS_Security_Deserializer_new(
const unsigned char *data,
size_t size);
DDS_EXPORT void
DDS_Security_Deserializer_free(
DDS_Security_Deserializer deserializer);
DDS_EXPORT int
DDD_Security_Deserialize_ParticipantBuiltinTopicData(
DDS_Security_Deserializer deserializer,
DDS_Security_ParticipantBuiltinTopicData *pdata,
DDS_Security_SecurityException *ex);
DDS_EXPORT void
DDD_Security_BuiltinTopicKeyBE(
DDS_Security_BuiltinTopicKey_t dst,
const DDS_Security_BuiltinTopicKey_t src);
DDS_EXPORT int
DDD_Security_Deserialize_KeyMaterial_AES_GCM_GMAC(
DDS_Security_Deserializer dser,
DDS_Security_KeyMaterial_AES_GCM_GMAC *data);
#if defined (__cplusplus)
}
#endif
#endif /* DDS_SECURITY_CDR_SER_H */

69
src/security/core/include/dds/security/core/dds_security_types.h Normal file
View file

@ -0,0 +1,69 @@
/*
* Copyright(c) 2006 to 2019 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifndef DSS_SECURITY_PLUGIN_TYPES_H_
#define DSS_SECURITY_PLUGIN_TYPES_H_
#include "dds/security/dds_security_api_types.h"
typedef DDS_Security_octet DDS_Security_CryptoTransformKind[4];
typedef DDS_Security_octet DDS_Security_CryptoTransformKeyId[4];
/* enumeration for CryptoTransformKind.
* ds_security_assign_CryptoTransformKind function should be used for assigning to CryptoTransformKind
*/
typedef enum
{
/* No encryption, no authentication tag */
CRYPTO_TRANSFORMATION_KIND_NONE = 0,
/* No encryption.
One AES128-GMAC authentication tag using the sender_key
Zero or more AES128-GMAC auth. tags with receiver specfic keys */
CRYPTO_TRANSFORMATION_KIND_AES128_GMAC = 1,
/* Authenticated Encryption using AES-128 in Galois Counter Mode
(GCM) using the sender key.
The authentication tag using the sender_key obtained from GCM
Zero or more AES128-GMAC auth. tags with receiver specfic keys */
CRYPTO_TRANSFORMATION_KIND_AES128_GCM = 2,
/* No encryption.
One AES256-GMAC authentication tag using the sender_key
Zero or more AES256-GMAC auth. tags with receiver specfic keys */
CRYPTO_TRANSFORMATION_KIND_AES256_GMAC = 3,
/* Authenticated Encryption using AES-256 in Galois Counter Mode
(GCM) using the sender key.
The authentication tag using the sender_key obtained from GCM
Zero or more AES256-GMAC auth. tags with receiver specfic keys */
CRYPTO_TRANSFORMATION_KIND_AES256_GCM = 4,
/* INVALID ENUM*/
CRYPTO_TRANSFORMATION_KIND_INVALID = 127,
} DDS_Security_CryptoTransformKind_Enum;
typedef struct DDS_Security_KeyMaterial_AES_GCM_GMAC {
DDS_Security_CryptoTransformKind transformation_kind;
DDS_Security_OctetSeq master_salt; /*size shall be 32*/
DDS_Security_CryptoTransformKeyId sender_key_id;
DDS_Security_OctetSeq master_sender_key; /*size shall be 32*/
DDS_Security_CryptoTransformKeyId receiver_specific_key_id;
DDS_Security_OctetSeq master_receiver_specific_key; /*size shall be 32*/
} DDS_Security_KeyMaterial_AES_GCM_GMAC;
struct CryptoTransformIdentifier {
DDS_Security_CryptoTransformKind transformation_kind;
DDS_Security_CryptoTransformKeyId transformation_key_id;
};
/** temporary address decleration until it is ready in ddsrt */
typedef uintptr_t ddsrt_address; /* word length of the platform */
#endif /* DSS_SECURITY_PLUGIN_TYPES_H_ */

391
src/security/core/include/dds/security/core/dds_security_utils.h Normal file
View file

@ -0,0 +1,391 @@
/*
* Copyright(c) 2006 to 2019 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifndef DSCMN_SECURITY_UTILS_H_
#define DSCMN_SECURITY_UTILS_H_
#include "dds/export.h"
#include <stddef.h>
#include <stdint.h>
#include <stdbool.h>
#include "dds/security/core/dds_security_types.h"
#include "dds/security/dds_security_api.h"
typedef DDS_Security_long_long DDS_Security_Handle;
typedef DDS_Security_LongLongSeq DDS_Security_HandleSeq;
#define DDS_SECURITY_SEQUENCE_INIT {0, 0, NULL}
#define DDS_SECURITY_TOKEN_INIT {NULL, DDS_SECURITY_SEQUENCE_INIT, DDS_SECURITY_SEQUENCE_INIT}
typedef enum {
DDS_SECURITY_CONFIG_ITEM_PREFIX_UNKNOWN,
DDS_SECURITY_CONFIG_ITEM_PREFIX_FILE,
DDS_SECURITY_CONFIG_ITEM_PREFIX_DATA,
DDS_SECURITY_CONFIG_ITEM_PREFIX_PKCS11
} DDS_Security_config_item_prefix_t;
DDS_EXPORT DDS_Security_BinaryProperty_t *
DDS_Security_BinaryProperty_alloc(
void);
DDS_EXPORT void
DDS_Security_BinaryProperty_deinit(
DDS_Security_BinaryProperty_t *p);
DDS_EXPORT void
DDS_Security_BinaryProperty_free(
DDS_Security_BinaryProperty_t *p);
DDS_EXPORT void
DDS_Security_BinaryProperty_copy(
DDS_Security_BinaryProperty_t *dst,
DDS_Security_BinaryProperty_t *src);
DDS_EXPORT bool
DDS_Security_BinaryProperty_equal(
DDS_Security_BinaryProperty_t *pa,
DDS_Security_BinaryProperty_t *pb);
DDS_EXPORT void
DDS_Security_BinaryProperty_set_by_value(
DDS_Security_BinaryProperty_t *bp,
const char *name,
const unsigned char *data,
uint32_t length);
DDS_EXPORT void
DDS_Security_BinaryProperty_set_by_string(
DDS_Security_BinaryProperty_t *bp,
const char *name,
const char *data);
DDS_EXPORT void
DDS_Security_BinaryProperty_set_by_ref(
DDS_Security_BinaryProperty_t *bp,
const char *name,
unsigned char *data,
uint32_t length);
DDS_EXPORT DDS_Security_BinaryPropertySeq *
DDS_Security_BinaryPropertySeq_alloc(
void);
DDS_EXPORT DDS_Security_BinaryProperty_t *
DDS_Security_BinaryPropertySeq_allocbuf(
DDS_Security_unsigned_long len);
DDS_EXPORT void
DDS_Security_BinaryPropertySeq_deinit(
DDS_Security_BinaryPropertySeq *seq);
DDS_EXPORT void
DDS_Security_BinaryPropertySeq_free(
DDS_Security_BinaryPropertySeq *seq);
DDS_EXPORT DDS_Security_Property_t *
DDS_Security_Property_alloc(
void);
DDS_EXPORT void
DDS_Security_Property_free(
DDS_Security_Property_t *p);
DDS_EXPORT void
DDS_Security_Property_deinit(
DDS_Security_Property_t *p);
DDS_EXPORT void
DDS_Security_Property_copy(
DDS_Security_Property_t *dst,
DDS_Security_Property_t *src);
DDS_EXPORT bool
DDS_Security_Property_equal(
DDS_Security_Property_t *pa,
DDS_Security_Property_t *pb);
DDS_EXPORT char *
DDS_Security_Property_get_value(
const DDS_Security_PropertySeq *properties,
const char *name);
DDS_EXPORT DDS_Security_PropertySeq *
DDS_Security_PropertySeq_alloc(
void);
DDS_EXPORT DDS_Security_Property_t *
DDS_Security_PropertySeq_allocbuf(
DDS_Security_unsigned_long len);
DDS_EXPORT void
DDS_Security_PropertySeq_freebuf(
DDS_Security_PropertySeq *seq);
DDS_EXPORT void
DDS_Security_PropertySeq_free(
DDS_Security_PropertySeq *seq);
DDS_EXPORT void
DDS_Security_PropertySeq_deinit(
DDS_Security_PropertySeq *seq);
DDS_EXPORT const DDS_Security_Property_t *
DDS_Security_PropertySeq_find_property (
const DDS_Security_PropertySeq *property_seq,
const char *name );
DDS_EXPORT DDS_Security_DataHolder *
DDS_Security_DataHolder_alloc(
void);
DDS_EXPORT void
DDS_Security_DataHolder_free(
DDS_Security_DataHolder *holder);
DDS_EXPORT void
DDS_Security_DataHolder_deinit(
DDS_Security_DataHolder *holder);
DDS_EXPORT void
DDS_Security_DataHolder_copy(
DDS_Security_DataHolder *dst,
const DDS_Security_DataHolder *src);
DDS_EXPORT bool
DDS_Security_DataHolder_equal(
const DDS_Security_DataHolder *psa,
const DDS_Security_DataHolder *psb);
DDS_EXPORT const DDS_Security_Property_t *
DDS_Security_DataHolder_find_property(
const DDS_Security_DataHolder *holder,
const char *name);
DDS_EXPORT const DDS_Security_BinaryProperty_t *
DDS_Security_DataHolder_find_binary_property(
const DDS_Security_DataHolder *holder,
const char *name);
DDS_EXPORT DDS_Security_DataHolderSeq *
DDS_Security_DataHolderSeq_alloc(
void);
DDS_EXPORT DDS_Security_DataHolder *
DDS_Security_DataHolderSeq_allocbuf(
DDS_Security_unsigned_long len);
DDS_EXPORT void
DDS_Security_DataHolderSeq_freebuf(
DDS_Security_DataHolderSeq *seq);
DDS_EXPORT void
DDS_Security_DataHolderSeq_free(
DDS_Security_DataHolderSeq *seq);
DDS_EXPORT void
DDS_Security_DataHolderSeq_deinit(
DDS_Security_DataHolderSeq *seq);
DDS_EXPORT void
DDS_Security_DataHolderSeq_copy(
DDS_Security_DataHolderSeq *dst,
const DDS_Security_DataHolderSeq *src);
DDS_EXPORT DDS_Security_ParticipantBuiltinTopicData *
DDS_Security_ParticipantBuiltinTopicData_alloc(
void);
DDS_EXPORT void
DDS_Security_ParticipantBuiltinTopicData_free(
DDS_Security_ParticipantBuiltinTopicData *data);
DDS_EXPORT void
DDS_Security_ParticipantBuiltinTopicData_deinit(
DDS_Security_ParticipantBuiltinTopicData *data);
DDS_EXPORT DDS_Security_OctetSeq *
DDS_Security_OctetSeq_alloc(
void);
DDS_EXPORT DDS_Security_octet *
DDS_Security_OctetSeq_allocbuf(
DDS_Security_unsigned_long len);
DDS_EXPORT void
DDS_Security_OctetSeq_freebuf(
DDS_Security_OctetSeq *seq);
DDS_EXPORT void
DDS_Security_OctetSeq_free(
DDS_Security_OctetSeq *seq);
DDS_EXPORT void
DDS_Security_OctetSeq_deinit(
DDS_Security_OctetSeq *seq);
DDS_EXPORT void
DDS_Security_OctetSeq_copy(
DDS_Security_OctetSeq *dst,
const DDS_Security_OctetSeq *src);
DDS_EXPORT DDS_Security_HandleSeq *
DDS_Security_HandleSeq_alloc(
void);
DDS_EXPORT DDS_Security_long_long *
DDS_Security_HandleSeq_allocbuf(
DDS_Security_unsigned_long length);
DDS_EXPORT void
DDS_Security_HandleSeq_freebuf(
DDS_Security_HandleSeq *seq);
DDS_EXPORT void
DDS_Security_HandleSeq_free(
DDS_Security_HandleSeq *seq);
DDS_EXPORT void
DDS_Security_HandleSeq_deinit(
DDS_Security_HandleSeq *seq);
DDS_EXPORT void
DDS_Security_Exception_set(
DDS_Security_SecurityException *ex,
const char *context,
int code,
int minor_code,
const char *fmt,
...);
#if DDSI_INCLUDE_SSL
DDS_EXPORT void
DDS_Security_Exception_set_with_openssl_error(
DDS_Security_SecurityException *ex,
const char *context,
int code,
int minor_code,
const char *fmt);
#endif
DDS_EXPORT void
DDS_Security_Exception_reset(
DDS_Security_SecurityException *ex);
DDS_EXPORT void
DDS_Security_Exception_clean(
DDS_Security_SecurityException *ex);
DDS_EXPORT void
DDS_Security_PropertyQosPolicy_deinit(
DDS_Security_PropertyQosPolicy *policy);
DDS_EXPORT void
DDS_Security_PropertyQosPolicy_free(
DDS_Security_PropertyQosPolicy *policy);
DDS_EXPORT void
DDS_Security_set_token_nil(
DDS_Security_DataHolder *token);
DDS_EXPORT void
DDS_Security_KeyMaterial_AES_GCM_GMAC_deinit(
DDS_Security_KeyMaterial_AES_GCM_GMAC *key_material);
DDS_EXPORT DDS_Security_CryptoTransformKind_Enum
DDS_Security_basicprotectionkind2transformationkind(
const DDS_Security_PropertySeq *properties,
DDS_Security_BasicProtectionKind protection);
DDS_EXPORT DDS_Security_CryptoTransformKind_Enum
DDS_Security_protectionkind2transformationkind(
const DDS_Security_PropertySeq *properties,
DDS_Security_ProtectionKind protection);
DDS_EXPORT DDS_Security_config_item_prefix_t
DDS_Security_get_conf_item_type(
const char *str,
char **data);
DDS_EXPORT char *
DDS_Security_normalize_file(
const char *filepath);
/**
* \brief Find first occurrence of character in null terminated string
*
* @param str String to search for given characters
* @param chrs Characters to search for in string
* @param inc true to find first character included in given characters,
* false to find first character not included.
* @return Pointer to first occurrence of character in string, or NULL
*/
DDS_EXPORT char *
ddssec_strchrs (
const char *str,
const char *chrs,
bool inc);
#define DDS_Security_ParticipantCryptoTokenSeq_alloc() \
(DDS_Security_ParticipantCryptoTokenSeq *)DDS_Security_DataHolderSeq_alloc())
#define DDS_Security_ParticipantCryptoTokenSeq_freebuf(s) \
DDS_Security_DataHolderSeq_freebuf((DDS_Security_DataHolderSeq *)(s))
#define DDS_Security_ParticipantCryptoTokenSeq_free(s) \
DDS_Security_DataHolderSeq_free((DDS_Security_DataHolderSeq *)(s))
#define DDS_Security_ParticipantCryptoTokenSeq_deinit(s) \
DDS_Security_DataHolderSeq_deinit((DDS_Security_DataHolderSeq *)(s))
#define DDS_Security_ParticipantCryptoTokenSeq_copy(d,s) \
DDS_Security_DataHolderSeq_copy((DDS_Security_DataHolderSeq *)(d), (const DDS_Security_DataHolderSeq *)(s))
#define DDS_Security_ParticipantCryptoHandleSeq_alloc() (DDS_Security_ParticipantCryptoHandleSeq*)DDS_Security_HandleSeq_alloc()
#define DDS_Security_ParticipantCryptoHandleSeq_allocbuf(l) DDS_Security_HandleSeq_allocbuf(l)
#define DDS_Security_ParticipantCryptoHandleSeq_freebuf(s) DDS_Security_HandleSeq_freebuf((DDS_Security_HandleSeq*)s)
#define DDS_Security_ParticipantCryptoHandleSeq_free(s) DDS_Security_HandleSeq_free((DDS_Security_HandleSeq*)s)
#define DDS_Security_ParticipantCryptoHandleSeq_deinit(s) DDS_Security_HandleSeq_deinit((DDS_Security_HandleSeq*)s)
#define DDS_Security_DatawriterCryptoHandleSeq_alloc() (DDS_Security_DatawriterCryptoHandleSeq*)DDS_Security_HandleSeq_alloc()
#define DDS_Security_DatawriterCryptoHandleSeq_allocbuf(l) DDS_Security_HandleSeq_allocbuf(l)
#define DDS_Security_DatawriterCryptoHandleSeq_freebuf(s) DDS_Security_HandleSeq_freebuf((DDS_Security_HandleSeq*)s)
#define DDS_Security_DatawriterCryptoHandleSeq_free(s) DDS_Security_HandleSeq_free((DDS_Security_HandleSeq*)s)
#define DDS_Security_DatawriterCryptoHandleSeq_deinit(s) DDS_Security_HandleSeq_deinit((DDS_Security_HandleSeq*)s)
#define DDS_Security_DatareaderCryptoHandleSeq_alloc() (DDS_Security_DatareaderCryptoHandleSeq*)DDS_Security_HandleSeq_alloc()
#define DDS_Security_DatareaderCryptoHandleSeq_allocbuf(l) DDS_Security_HandleSeq_allocbuf(l)
#define DDS_Security_DatareaderCryptoHandleSeq_freebuf(s) DDS_Security_HandleSeq_freebuf((DDS_Security_HandleSeq*)s)
#define DDS_Security_DatareaderCryptoHandleSeq_free(s) DDS_Security_HandleSeq_free((DDS_Security_HandleSeq*)s)
#define DDS_Security_DatareaderCryptoHandleSeq_deinit(s) DDS_Security_HandleSeq_deinit((DDS_Security_HandleSeq*)s)
#define DDS_Security_CryptoTokenSeq_alloc() (DDS_Security_CryptoTokenSeq*)DDS_Security_DataHolderSeq_alloc()
#define DDS_Security_CryptoTokenSeq_allocbuf(l) DDS_Security_DataHolderSeq_allocbuf(l)
#define DDS_Security_CryptoTokenSeq_freebuf(s) DDS_Security_DataHolderSeq_freebuf((DDS_Security_CryptoTokenSeq*)s)
#define DDS_Security_CryptoTokenSeq_free(s) DDS_Security_DataHolderSeq_free((DDS_Security_CryptoTokenSeq*)s)
/* for DEBUG purposes */
DDS_EXPORT void
print_binary_debug(
char* name,
unsigned char *value,
uint32_t size);
DDS_EXPORT void
print_binary_properties_debug(
const DDS_Security_DataHolder *token);
#endif /* DSCMN_SECURITY_UTILS_H_ */

40
src/security/core/include/dds/security/core/shared_secret.h Normal file
View file

@ -0,0 +1,40 @@
/*
* Copyright(c) 2006 to 2019 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifndef SRC_SECURITY_CORE_INCLUDE_SHARED_SECRET_HANDLE_H_
#define SRC_SECURITY_CORE_INCLUDE_SHARED_SECRET_HANDLE_H_
#include "dds/export.h"
#include <stdint.h>
#include "dds/security/dds_security_api.h"
typedef struct DDS_Security_SharedSecretHandleImpl {
DDS_Security_octet* shared_secret;
DDS_Security_long shared_secret_size;
DDS_Security_octet challenge1[DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE];
DDS_Security_octet challenge2[DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE];
} DDS_Security_SharedSecretHandleImpl;
DDS_EXPORT const DDS_Security_octet* get_challenge1_from_secret_handle( DDS_Security_SharedSecretHandle handle);
DDS_EXPORT const DDS_Security_octet* get_challenge2_from_secret_handle( DDS_Security_SharedSecretHandle handle );
DDS_EXPORT const DDS_Security_octet* get_secret_from_secret_handle( DDS_Security_SharedSecretHandle handle );
DDS_EXPORT int32_t get_secret_size_from_secret_handle( DDS_Security_SharedSecretHandle handle );
#endif /* SRC_SECURITY_CORE_INCLUDE_SHARED_SECRET_H_ */

813
src/security/core/src/dds_security_serialize.c Normal file
View file

@ -0,0 +1,813 @@
/*
* Copyright(c) 2006 to 2019 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#include <assert.h>
#include <string.h>
#include "dds/ddsrt/heap.h"
#include "dds/ddsrt/atomics.h"
#include "dds/ddsrt/string.h"
#include "dds/security/core/dds_security_serialize.h"
#include "dds/security/core/dds_security_utils.h"
#include "dds/ddsrt/endian.h"
#include "dds/ddsrt/bswap.h"
#define BYTE_ORDER_BIG_ENDIAN 0x02
#define BYTE_ORDER_LITTLE_ENDIAN 0x03
#define PID_PAD 0x0u
#define PID_SENTINEL 0x1u
#define PID_USER_DATA 0x2cu
#define PID_TOPIC_NAME 0x5u
#define PID_TYPE_NAME 0x7u
#define PID_GROUP_DATA 0x2du
#define PID_TOPIC_DATA 0x2eu
#define PID_DURABILITY 0x1du
#define PID_DURABILITY_SERVICE 0x1eu
#define PID_DEADLINE 0x23u
#define PID_LATENCY_BUDGET 0x27u
#define PID_LIVELINESS 0x1bu
#define PID_RELIABILITY 0x1au
#define PID_LIFESPAN 0x2bu
#define PID_DESTINATION_ORDER 0x25u
#define PID_HISTORY 0x40u
#define PID_RESOURCE_LIMITS 0x41u
#define PID_OWNERSHIP 0x1fu
#define PID_OWNERSHIP_STRENGTH 0x6u
#define PID_PRESENTATION 0x21u
#define PID_PARTITION 0x29u
#define PID_TIME_BASED_FILTER 0x4u
#define PID_TRANSPORT_PRIORITY 0x49u
#define PID_PROTOCOL_VERSION 0x15u
#define PID_VENDORID 0x16u
#define PID_UNICAST_LOCATOR 0x2fu
#define PID_MULTICAST_LOCATOR 0x30u
#define PID_MULTICAST_IPADDRESS 0x11u
#define PID_DEFAULT_UNICAST_LOCATOR 0x31u
#define PID_DEFAULT_MULTICAST_LOCATOR 0x48u
#define PID_METATRAFFIC_UNICAST_LOCATOR 0x32u
#define PID_METATRAFFIC_MULTICAST_LOCATOR 0x33u
#define PID_DEFAULT_UNICAST_IPADDRESS 0xcu
#define PID_DEFAULT_UNICAST_PORT 0xeu
#define PID_METATRAFFIC_UNICAST_IPADDRESS 0x45u
#define PID_METATRAFFIC_UNICAST_PORT 0xdu
#define PID_METATRAFFIC_MULTICAST_IPADDRESS 0xbu
#define PID_METATRAFFIC_MULTICAST_PORT 0x46u
#define PID_EXPECTS_INLINE_QOS 0x43u
#define PID_PARTICIPANT_MANUAL_LIVELINESS_COUNT 0x34u
#define PID_PARTICIPANT_BUILTIN_ENDPOINTS 0x44u
#define PID_PARTICIPANT_LEASE_DURATION 0x2u
#define PID_CONTENT_FILTER_PROPERTY 0x35u
#define PID_PARTICIPANT_GUID 0x50u
#define PID_PARTICIPANT_ENTITYID 0x51u
#define PID_GROUP_GUID 0x52u
#define PID_GROUP_ENTITYID 0x53u
#define PID_BUILTIN_ENDPOINT_SET 0x58u
#define PID_PROPERTY_LIST 0x59u
#define PID_TYPE_MAX_SIZE_SERIALIZED 0x60u
#define PID_ENTITY_NAME 0x62u
#define PID_KEYHASH 0x70u
#define PID_STATUSINFO 0x71u
#define PID_CONTENT_FILTER_INFO 0x55u
#define PID_COHERENT_SET 0x56u
#define PID_DIRECTED_WRITE 0x57u
#define PID_ORIGINAL_WRITER_INFO 0x61u
#define PID_ENDPOINT_GUID 0x5au
/* Security related PID values. */
#define PID_IDENTITY_TOKEN 0x1001u
#define PID_PERMISSIONS_TOKEN 0x1002u
#define PID_ENDPOINT_SECURITY_INFO 0x1004u
#define PID_PARTICIPANT_SECURITY_INFO 0x1005u
#define PID_IDENTITY_STATUS_TOKEN 0x1006u
struct DDS_Security_Serializer {
unsigned char *buffer;
size_t size;
size_t offset;
size_t increment;
size_t marker;
};
struct DDS_Security_Deserializer {
const unsigned char *buffer;
const unsigned char *cursor;
size_t size;
size_t remain;
};
static size_t
alignup_size (
size_t x,
size_t a)
{
size_t m = a-1;
return (x+m) & ~m;
}
static size_t
alignup_ptr(
const unsigned char *ptr,
size_t a)
{
size_t m = (a - 1);
size_t x = (size_t) ptr;
return ((x+m) & ~m) - x;
}
DDS_Security_Serializer
DDS_Security_Serializer_new(
size_t size,
size_t increment)
{
DDS_Security_Serializer serializer;
serializer = ddsrt_malloc(sizeof(*serializer));
serializer->buffer = ddsrt_malloc(size);
serializer->size = size;
serializer->increment = increment;
serializer->offset = 0;
return serializer;
}
void
DDS_Security_Serializer_free(
DDS_Security_Serializer ser)
{
if (ser) {
ddsrt_free(ser->buffer);
ddsrt_free(ser);
}
}
void
DDS_Security_Serializer_buffer(
DDS_Security_Serializer ser,
unsigned char **buffer,
size_t *size)
{
assert(ser);
assert(buffer);
assert(size);
*buffer = ser->buffer;
*size = ser->offset;
ser->buffer = NULL;
}
static void
serbuffer_adjust_size(
DDS_Security_Serializer ser,
size_t needed)
{
if (ser->size - ser->offset < needed) {
ser->buffer = ddsrt_realloc(ser->buffer, ser->size + needed + ser->increment);
ser->size += needed + ser->increment;
}
}
static void
serbuffer_align(
DDS_Security_Serializer ser,
size_t alignment)
{
size_t offset, i;
offset = alignup_size(ser->offset, alignment);
serbuffer_adjust_size(ser, offset-ser->offset);
for (i = 0; i < offset - ser->offset; i++) {
ser->buffer[ser->offset+i] = 0;
}
ser->offset = offset;
}
static void
DDS_Security_Serialize_mark_len(
DDS_Security_Serializer ser)
{
serbuffer_align(ser, 2);
serbuffer_adjust_size(ser, 2);
ser->marker = ser->offset;
ser->offset += 2;
}
static void
DDS_Security_Serialize_update_len(
DDS_Security_Serializer ser)
{
unsigned short len;
len = (unsigned short)(ser->offset - ser->marker - sizeof(unsigned short));
*(unsigned short *)&(ser->buffer[ser->marker]) = ddsrt_toBE2u(len);
}
static void
DDS_Security_Serialize_uint16(
DDS_Security_Serializer ser,
unsigned short value)
{
serbuffer_align(ser, sizeof(unsigned short));
serbuffer_adjust_size(ser, sizeof(unsigned short));
*(unsigned short *)&(ser->buffer[ser->offset]) = ddsrt_toBE2u(value);
ser->offset += sizeof(unsigned short);
}
static void
DDS_Security_Serialize_uint32_t(
DDS_Security_Serializer ser,
uint32_t value)
{
serbuffer_align(ser, sizeof(uint32_t));
serbuffer_adjust_size(ser, sizeof(uint32_t));
*(uint32_t *)&(ser->buffer[ser->offset]) = ddsrt_toBE4u(value);
ser->offset += sizeof(uint32_t);
}
static void
DDS_Security_Serialize_string(
DDS_Security_Serializer ser,
const char *str)
{
size_t len;
len = strlen(str) + 1;
DDS_Security_Serialize_uint32_t(ser, (uint32_t)len);
serbuffer_adjust_size(ser, len );
memcpy(&(ser->buffer[ser->offset]), str, len);
ser->offset += len;
serbuffer_align(ser, sizeof(uint32_t));
}
static void
DDS_Security_Serialize_Property(
DDS_Security_Serializer ser,
const DDS_Security_Property_t *property)
{
DDS_Security_Serialize_string(ser, property->name);
DDS_Security_Serialize_string(ser, property->value);
}
static void
DDS_Security_Serialize_OctetSeq(
DDS_Security_Serializer ser,
const DDS_Security_OctetSeq *seq)
{
DDS_Security_Serialize_uint32_t(ser, seq->_length);
serbuffer_adjust_size(ser, seq->_length);
memcpy(&(ser->buffer[ser->offset]), seq->_buffer, seq->_length);
ser->offset += seq->_length;
}
static void
DDS_Security_Serialize_BinaryProperty(
DDS_Security_Serializer ser,
const DDS_Security_BinaryProperty_t *property)
{
DDS_Security_Serialize_string(ser, property->name);
DDS_Security_Serialize_OctetSeq(ser, &property->value);
}
void
DDS_Security_Serialize_PropertySeq(
DDS_Security_Serializer ser,
const DDS_Security_PropertySeq *seq)
{
uint32_t i;
DDS_Security_Serialize_uint32_t(ser, seq->_length);
for (i = 0; i < seq->_length; i++) {
DDS_Security_Serialize_Property(ser, &seq->_buffer[i]);
}
}
void
DDS_Security_Serialize_BinaryPropertyArray(
DDS_Security_Serializer serializer,
const DDS_Security_BinaryProperty_t **properties,
const uint32_t propertyLength)
{
uint32_t i;
DDS_Security_Serialize_uint32_t(serializer, propertyLength);
for (i = 0; i < propertyLength ; i++) {
DDS_Security_Serialize_BinaryProperty(serializer, properties[i]);
}
}
void
DDS_Security_Serialize_BinaryPropertySeq(
DDS_Security_Serializer serializer,
const DDS_Security_BinaryPropertySeq *seq)
{
uint32_t i;
DDS_Security_Serialize_uint32_t(serializer, seq->_length);
for (i = 0; i < seq->_length; i++) {
DDS_Security_Serialize_BinaryProperty(serializer, &seq->_buffer[i]);
}
}
static void
DDS_Security_Serialize_DataHolder(
DDS_Security_Serializer ser,
const DDS_Security_DataHolder *holder)
{
DDS_Security_Serialize_string(ser, holder->class_id);
DDS_Security_Serialize_PropertySeq(ser, &holder->properties);
DDS_Security_Serialize_BinaryPropertySeq(ser, &holder->binary_properties);
}
static void
DDS_Security_Serialize_BuiltinTopicKey(
DDS_Security_Serializer ser,
DDS_Security_BuiltinTopicKey_t key)
{
serbuffer_align(ser, sizeof(uint32_t));
DDS_Security_Serialize_uint16(ser, PID_PARTICIPANT_GUID);
DDS_Security_Serialize_uint16(ser, 16);
DDS_Security_Serialize_uint32_t(ser, key[0]);
DDS_Security_Serialize_uint32_t(ser, key[1]);
DDS_Security_Serialize_uint32_t(ser, key[2]);
/* 4 Bytes are expected for whatever reason (gid vs guid?). */
DDS_Security_Serialize_uint32_t(ser, 0);
}
static void
DDS_Security_Serialize_UserDataQosPolicy(
DDS_Security_Serializer ser,
DDS_Security_OctetSeq *seq)
{
if (seq->_length > 0) {
serbuffer_align(ser, sizeof(uint32_t));
DDS_Security_Serialize_uint16(ser, PID_USER_DATA);
DDS_Security_Serialize_uint16(ser, (unsigned short)seq->_length);
DDS_Security_Serialize_OctetSeq(ser, seq);
}
}
static void
DDS_Security_Serialize_IdentityToken(
DDS_Security_Serializer ser,
DDS_Security_IdentityToken *token)
{
serbuffer_align(ser, sizeof(uint32_t));
DDS_Security_Serialize_uint16(ser, PID_IDENTITY_TOKEN);
DDS_Security_Serialize_mark_len(ser);
DDS_Security_Serialize_DataHolder(ser, token);
DDS_Security_Serialize_update_len(ser);
}
static void
DDS_Security_Serialize_PermissionsToken(
DDS_Security_Serializer ser,
DDS_Security_PermissionsToken *token)
{
serbuffer_align(ser, sizeof(uint32_t));
DDS_Security_Serialize_uint16(ser, PID_PERMISSIONS_TOKEN);
DDS_Security_Serialize_mark_len(ser);
DDS_Security_Serialize_DataHolder(ser, token);
DDS_Security_Serialize_update_len(ser);
}
static void
DDS_Security_Serialize_PropertyQosPolicy(
DDS_Security_Serializer ser,
DDS_Security_PropertyQosPolicy *policy)
{
serbuffer_align(ser, sizeof(uint32_t));
DDS_Security_Serialize_uint16(ser, PID_PROPERTY_LIST);
DDS_Security_Serialize_mark_len(ser);
DDS_Security_Serialize_PropertySeq(ser, &policy->value);
DDS_Security_Serialize_BinaryPropertySeq(ser, &policy->binary_value);
DDS_Security_Serialize_update_len(ser);
}
static void
DDS_Security_Serialize_ParticipantSecurityInfo(
DDS_Security_Serializer ser,
DDS_Security_ParticipantSecurityInfo *info)
{
serbuffer_align(ser, sizeof(uint32_t));
DDS_Security_Serialize_uint16(ser, PID_PARTICIPANT_SECURITY_INFO);
DDS_Security_Serialize_uint16(ser, 8);
DDS_Security_Serialize_uint32_t(ser, info->participant_security_attributes);
DDS_Security_Serialize_uint32_t(ser, info->plugin_participant_security_attributes);
}
void
DDD_Security_Serialize_ParticipantBuiltinTopicData(
DDS_Security_Serializer ser,
DDS_Security_ParticipantBuiltinTopicData *pdata)
{
DDS_Security_Serialize_BuiltinTopicKey(ser, pdata->key);
DDS_Security_Serialize_UserDataQosPolicy(ser, &pdata->user_data.value);
DDS_Security_Serialize_IdentityToken(ser, &pdata->identity_token);
DDS_Security_Serialize_PermissionsToken(ser, &pdata->permissions_token);
DDS_Security_Serialize_PropertyQosPolicy(ser, &pdata->property);
DDS_Security_Serialize_ParticipantSecurityInfo(ser, &pdata->security_info);
serbuffer_align(ser, sizeof(uint32_t));
DDS_Security_Serialize_uint16(ser, PID_SENTINEL);
DDS_Security_Serialize_uint16(ser, 0);
}
static void
DDD_Security_Serialize_OctetArray(
DDS_Security_Serializer ser,
const DDS_Security_octet *data,
uint32_t length)
{
serbuffer_adjust_size(ser, length);
memcpy(&ser->buffer[ser->offset], data, length);
ser->offset += length;
}
void
DDD_Security_Serialize_KeyMaterial_AES_GCM_GMAC(
DDS_Security_Serializer ser,
const DDS_Security_KeyMaterial_AES_GCM_GMAC *data)
{
DDD_Security_Serialize_OctetArray(ser, data->transformation_kind, sizeof(data->transformation_kind));
DDS_Security_Serialize_OctetSeq(ser, &data->master_salt);
DDD_Security_Serialize_OctetArray(ser, data->sender_key_id, sizeof(data->sender_key_id));
DDS_Security_Serialize_OctetSeq(ser, &data->master_sender_key);
DDD_Security_Serialize_OctetArray(ser, data->receiver_specific_key_id, sizeof(data->receiver_specific_key_id));
DDS_Security_Serialize_OctetSeq(ser, &data->master_receiver_specific_key);
}
DDS_Security_Deserializer
DDS_Security_Deserializer_new(
const unsigned char *data,
size_t size)
{
DDS_Security_Deserializer deserializer;
deserializer = ddsrt_malloc(sizeof(*deserializer));
deserializer->buffer = data;
deserializer->cursor = data;
deserializer->size = size;
deserializer->remain = size;
return deserializer;
}
void
DDS_Security_Deserializer_free(
DDS_Security_Deserializer dser)
{
ddsrt_free(dser);
}
static void
DDS_Security_Deserialize_align(
DDS_Security_Deserializer dser,
size_t size)
{
size_t l = alignup_ptr(dser->cursor, size);
if (dser->remain >= l) {
dser->cursor += l;
dser->remain -= l;
} else {
dser->remain = 0;
}
}
static int
DDS_Security_Deserialize_uint16(
DDS_Security_Deserializer dser,
unsigned short *value)
{
size_t l = sizeof(unsigned short);
DDS_Security_Deserialize_align(dser, l);
if (dser->remain < l) {
return 0;
}
*value = ddsrt_fromBE2u(*(unsigned short *)dser->cursor);
dser->cursor += l;
dser->remain -= l;
return 1;
}
static int
DDS_Security_Deserialize_uint32_t(
DDS_Security_Deserializer dser,
uint32_t *value)
{
size_t l = sizeof(uint32_t);
DDS_Security_Deserialize_align(dser, l);
if (dser->remain < l) {
return 0;
}
*value = ddsrt_fromBE4u(*(uint32_t *)dser->cursor);
dser->cursor += l;
dser->remain -= l;
return 1;
}
static int
DDS_Security_Deserialize_string(
DDS_Security_Deserializer dser,
char **value)
{
uint32_t len;
size_t sz;
if (!DDS_Security_Deserialize_uint32_t(dser, &len)) {
return 0;
}
sz = (size_t)len;
if (dser->remain < sz) {
return 0;
}
if (sz > 0 && (dser->cursor[sz-1] == 0)) {
*value = ddsrt_strdup((char *)dser->cursor);
/* Consider padding */
sz = alignup_size(sz, sizeof(uint32_t));
dser->cursor += sz;
dser->remain -= sz;
} else {
*value = ddsrt_strdup("");
}
return 1;
}
static int
DDS_Security_Deserialize_OctetArray(
DDS_Security_Deserializer dser,
unsigned char *arr,
uint32_t length)
{
if (dser->remain < length) {
return 0;
}
memcpy(arr, dser->cursor, length);
dser->cursor += length;
dser->remain -= length;
return 1;
}
static int
DDS_Security_Deserialize_OctetSeq(
DDS_Security_Deserializer dser,
DDS_Security_OctetSeq *seq)
{
if (!DDS_Security_Deserialize_uint32_t(dser, &seq->_length)) {
return 0;
}
if (dser->remain < seq->_length) {
return 0;
}
if (seq->_length > 0) {
/* Consider padding */
size_t a_size = alignup_size(seq->_length, sizeof(uint32_t));
seq->_buffer = ddsrt_malloc(seq->_length);
memcpy(seq->_buffer, dser->cursor, seq->_length);
dser->cursor += a_size;
dser->remain -= a_size;
} else {
seq->_buffer = NULL;
}
return 1;
}
static int
DDS_Security_Deserialize_Property(
DDS_Security_Deserializer dser,
DDS_Security_Property_t *property)
{
return DDS_Security_Deserialize_string(dser, &property->name) &&
DDS_Security_Deserialize_string(dser, &property->value);
}
static int
DDS_Security_Deserialize_BinaryProperty(
DDS_Security_Deserializer dser,
DDS_Security_BinaryProperty_t *property)
{
return DDS_Security_Deserialize_string(dser, &property->name) &&
DDS_Security_Deserialize_OctetSeq(dser, &property->value);
}
static int
DDS_Security_Deserialize_PropertySeq(
DDS_Security_Deserializer dser,
DDS_Security_PropertySeq *seq)
{
int r = 1;
uint32_t i;
if (!DDS_Security_Deserialize_uint32_t(dser, &seq->_length)) {
return 0;
}
if (seq->_length > 0) {
seq->_buffer = DDS_Security_PropertySeq_allocbuf(seq->_length);
for (i = 0; i < seq->_length && r; i++) {
r = DDS_Security_Deserialize_Property(dser, &seq->_buffer[i]);
}
}
return r;
}
static int
DDS_Security_Deserialize_BinaryPropertySeq(
DDS_Security_Deserializer dser,
DDS_Security_BinaryPropertySeq *seq)
{
int r = 1;
uint32_t i;
if (!DDS_Security_Deserialize_uint32_t(dser, &seq->_length)) {
return 0;
}
if (seq->_length > 0) {
seq->_buffer = DDS_Security_BinaryPropertySeq_allocbuf(seq->_length);
for (i = 0; i < seq->_length && r; i++) {
r = DDS_Security_Deserialize_BinaryProperty(dser, &seq->_buffer[i]);
}
}
return r;
}
static int
DDS_Security_Deserialize_DataHolder(
DDS_Security_Deserializer dser,
DDS_Security_DataHolder *holder)
{
return DDS_Security_Deserialize_string(dser, &holder->class_id) &&
DDS_Security_Deserialize_PropertySeq(dser, &holder->properties) &&
DDS_Security_Deserialize_BinaryPropertySeq(dser, &holder->binary_properties);
}
static int
DDS_Security_Deserialize_PropertyQosPolicy(
DDS_Security_Deserializer dser,
DDS_Security_PropertyQosPolicy *policy)
{
return DDS_Security_Deserialize_PropertySeq(dser, &policy->value) &&
DDS_Security_Deserialize_BinaryPropertySeq(dser, &policy->binary_value);
}
static int
DDS_Security_Deserialize_BuiltinTopicKey(
DDS_Security_Deserializer dser,
DDS_Security_BuiltinTopicKey_t key)
{
int r;
r = DDS_Security_Deserialize_uint32_t(dser, (uint32_t *)&key[0]) &&
DDS_Security_Deserialize_uint32_t(dser, (uint32_t *)&key[1]) &&
DDS_Security_Deserialize_uint32_t(dser, (uint32_t *)&key[2]);
/* guid is 16 bytes, so skip the last 4 bytes */
dser->cursor += 4;
dser->remain -= 4;
return r;
}
static int
DDS_Security_Deserialize_ParticipantSecurityInfo(
DDS_Security_Deserializer dser,
DDS_Security_ParticipantSecurityInfo *info)
{
int r;
r = DDS_Security_Deserialize_uint32_t(dser, &info->participant_security_attributes) &&
DDS_Security_Deserialize_uint32_t(dser, &info->plugin_participant_security_attributes);
return r;
}
int
DDD_Security_Deserialize_ParticipantBuiltinTopicData(
DDS_Security_Deserializer dser,
DDS_Security_ParticipantBuiltinTopicData *pdata,
DDS_Security_SecurityException *ex)
{
unsigned short len=0;
unsigned short pid=0;
int r, ready = 0;
do {
DDS_Security_Deserialize_align(dser, 4);
r = DDS_Security_Deserialize_uint16(dser, &pid) &&
DDS_Security_Deserialize_uint16(dser, &len);
if (r && (len <= dser->remain)) {
const unsigned char *next_cursor = dser->cursor + len;
switch (pid) {
case PID_PARTICIPANT_GUID:
r = DDS_Security_Deserialize_BuiltinTopicKey(dser, pdata->key);
break;
case PID_USER_DATA:
r = DDS_Security_Deserialize_OctetSeq(dser, &pdata->user_data.value);
break;
case PID_IDENTITY_TOKEN:
r = DDS_Security_Deserialize_DataHolder(dser, &pdata->identity_token);
break;
case PID_PERMISSIONS_TOKEN:
r = DDS_Security_Deserialize_DataHolder(dser, &pdata->permissions_token);
break;
case PID_PROPERTY_LIST:
r = DDS_Security_Deserialize_PropertyQosPolicy(dser, &pdata->property);
break;
case PID_PARTICIPANT_SECURITY_INFO:
r = DDS_Security_Deserialize_ParticipantSecurityInfo(dser, &pdata->security_info);
break;
case PID_SENTINEL:
ready = 1;
break;
default:
dser->cursor += len;
dser->remain -= len;
break;
}
if (r) {
if (dser->cursor != next_cursor) {
DDS_Security_Exception_set(ex, "Deserialization", DDS_SECURITY_ERR_UNDEFINED_CODE, DDS_SECURITY_VALIDATION_FAILED,
"Deserialize PID 0x%x failed: internal_size %d != external_size %d", pid, (int)len + (int)(dser->cursor - next_cursor), (int)len);
r = 0;
}
} else {
DDS_Security_Exception_set(ex, "Deserialization", DDS_SECURITY_ERR_UNDEFINED_CODE, DDS_SECURITY_VALIDATION_FAILED,
"Deserialize PID 0x%x failed: parsing failed", pid);
}
} else {
if (!r) {
DDS_Security_Exception_set(ex, "Deserialization", DDS_SECURITY_ERR_UNDEFINED_CODE, DDS_SECURITY_VALIDATION_FAILED,
"Deserialize parameter header failed");
}
}
} while (r && !ready && dser->remain > 0);
return ready;
}
void
DDD_Security_BuiltinTopicKeyBE(
DDS_Security_BuiltinTopicKey_t dst,
const DDS_Security_BuiltinTopicKey_t src)
{
dst[0] = ddsrt_toBE4u(src[0]);
dst[1] = ddsrt_toBE4u(src[1]);
dst[2] = ddsrt_toBE4u(src[2]);
}
int
DDD_Security_Deserialize_KeyMaterial_AES_GCM_GMAC(
DDS_Security_Deserializer dser,
DDS_Security_KeyMaterial_AES_GCM_GMAC *data)
{
int r = 0;
r = DDS_Security_Deserialize_OctetArray(dser, data->transformation_kind, sizeof(data->transformation_kind)) &&
DDS_Security_Deserialize_OctetSeq(dser, &data->master_salt) &&
DDS_Security_Deserialize_OctetArray(dser, data->sender_key_id, sizeof(data->sender_key_id)) &&
DDS_Security_Deserialize_OctetSeq(dser, &data->master_sender_key) &&
DDS_Security_Deserialize_OctetArray(dser, data->receiver_specific_key_id, sizeof(data->receiver_specific_key_id)) &&
DDS_Security_Deserialize_OctetSeq(dser, &data->master_receiver_specific_key);
return r;
}

1134
src/security/core/src/dds_security_utils.c Normal file
View file

File diff suppressed because it is too large Load diff

43
src/security/core/src/shared_secret.c Normal file
View file

@ -0,0 +1,43 @@
/*
* Copyright(c) 2006 to 2019 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#include "dds/security/core/shared_secret.h"
const DDS_Security_octet*
get_challenge1_from_secret_handle(DDS_Security_SharedSecretHandle handle)
{
DDS_Security_SharedSecretHandleImpl *secret = (DDS_Security_SharedSecretHandleImpl *)(uintptr_t)handle;
return secret->challenge1;
}
const DDS_Security_octet*
get_challenge2_from_secret_handle(DDS_Security_SharedSecretHandle handle)
{
DDS_Security_SharedSecretHandleImpl *secret = (DDS_Security_SharedSecretHandleImpl *)(uintptr_t)handle;
return secret->challenge2;
}
const DDS_Security_octet*
get_secret_from_secret_handle(DDS_Security_SharedSecretHandle handle)
{
DDS_Security_SharedSecretHandleImpl *secret = (DDS_Security_SharedSecretHandleImpl *)(uintptr_t)handle;
return secret->shared_secret;
}
int32_t
get_secret_size_from_secret_handle( DDS_Security_SharedSecretHandle handle ){
DDS_Security_SharedSecretHandleImpl *secret = (DDS_Security_SharedSecretHandleImpl *)(uintptr_t)handle;
return secret->shared_secret_size;
}