DDS Security built-in Cryptographic plugin (#306)

* DDS Security built-in Cryptographic plugin

This commit adds the built-in Cryptographic plugin that is part of the
DDS Security implementation for Cyclone.

The Cryptographic plugin defines the types and operations necessary
to support encryption, digest, message authentication codes, and key
exchange for DDS DomainParticipants, DataWriters and DDS DataReaders.

Similar to other builtin plugins, the DDS Security cryptographic plugin
is built as a shared library to allow dynamic library loading on runtime.
This enables DDS participants to use specific plugin implementations
with different configurations.

Although I think this initial version is a reasonable starting point to be
merged in the security branch, some parts of the code will need refactoring:

* crypto_key_factory.c: crypto_factory_get_endpoint_relation returns
arbitrary local-remote relation if no specific key for remote is found,
which will not work in Cyclone because participants can have different
security settings

* performance of encoding data can be improved by not copying
plain_rtps_message to a new buffer (to enable this, crypto_cipher_encrypt_data
should allow encrypting parts of a message)

* when decoding a message the message is split in several parts (header, body,
footer, etc) and for this memory is allocated which is probably not necessary.
Performance should be improved by removing these allocations and use pointers
to the data instead.

Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>

* WIP processing crypto plugin review comments

Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>

* WIP more refactoring based on review comments

Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>

* WIP fixing crypto plugin support for 128 bit key size

Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>

* WIP refactored master key storage to reduce memory usage when using 128 bit keys

Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>

* WIP fixing windows build linker issue

Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>

* WIP refactored crypto key types, avoid returning pointers to released ref-counted object

Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>

* Fixed bug in test decode_datareader_submessage.invalid_data

Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>

* Fixed issues from review: use correct constant for hashing and handle different src/dst keysize correctly

Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>

src/security/core/include/dds/security/core/dds_security_serialize.h

@@ -65,12 +65,12 @@ DDS_Security_Serialize_DataHolderSeq(
      const DDS_Security_DataHolderSeq *seq);
 
 DDS_EXPORT void
-DDD_Security_Serialize_ParticipantBuiltinTopicData(
+DDS_Security_Serialize_ParticipantBuiltinTopicData(
      DDS_Security_Serializer ser,
      DDS_Security_ParticipantBuiltinTopicData *pdata);
 
 DDS_EXPORT void
-DDD_Security_Serialize_KeyMaterial_AES_GCM_GMAC(
+DDS_Security_Serialize_KeyMaterial_AES_GCM_GMAC(
      DDS_Security_Serializer ser,
      const DDS_Security_KeyMaterial_AES_GCM_GMAC *data);
 
@@ -84,18 +84,18 @@ DDS_Security_Deserializer_free(
      DDS_Security_Deserializer deserializer);
 
 DDS_EXPORT int
-DDD_Security_Deserialize_ParticipantBuiltinTopicData(
+DDS_Security_Deserialize_ParticipantBuiltinTopicData(
      DDS_Security_Deserializer deserializer,
      DDS_Security_ParticipantBuiltinTopicData *pdata,
      DDS_Security_SecurityException *ex);
 
 DDS_EXPORT void
-DDD_Security_BuiltinTopicKeyBE(
+DDS_Security_BuiltinTopicKeyBE(
      DDS_Security_BuiltinTopicKey_t dst,
      const  DDS_Security_BuiltinTopicKey_t src);
 
 DDS_EXPORT int
-DDD_Security_Deserialize_KeyMaterial_AES_GCM_GMAC(
+DDS_Security_Deserialize_KeyMaterial_AES_GCM_GMAC(
      DDS_Security_Deserializer dser,
      DDS_Security_KeyMaterial_AES_GCM_GMAC *data);
 

src/security/core/include/dds/security/core/dds_security_types.h

@@ -50,11 +50,11 @@ typedef enum
 
 typedef struct DDS_Security_KeyMaterial_AES_GCM_GMAC {
   DDS_Security_CryptoTransformKind transformation_kind;
-  DDS_Security_OctetSeq master_salt;         /*size shall be 32*/
+  DDS_Security_OctetSeq master_salt;         /*size shall be 16 or 32*/
   DDS_Security_CryptoTransformKeyId sender_key_id;
-  DDS_Security_OctetSeq master_sender_key;   /*size shall be 32*/
+  DDS_Security_OctetSeq master_sender_key;   /*size shall be 16 or 32*/
   DDS_Security_CryptoTransformKeyId receiver_specific_key_id;
-  DDS_Security_OctetSeq master_receiver_specific_key; /*size shall be 32*/
+  DDS_Security_OctetSeq master_receiver_specific_key; /*size shall be 0, 16 or 32*/
 } DDS_Security_KeyMaterial_AES_GCM_GMAC;
 
 struct CryptoTransformIdentifier {

src/security/core/include/dds/security/core/dds_security_utils.h

@@ -341,39 +341,39 @@ ddssec_strchrs (
 
 
 #define DDS_Security_ParticipantCryptoTokenSeq_alloc() \
-                    (DDS_Security_ParticipantCryptoTokenSeq *)DDS_Security_DataHolderSeq_alloc())
+                    DDS_Security_DataHolderSeq_alloc())
 #define DDS_Security_ParticipantCryptoTokenSeq_freebuf(s) \
-                    DDS_Security_DataHolderSeq_freebuf((DDS_Security_DataHolderSeq *)(s))
+                    DDS_Security_DataHolderSeq_freebuf(s)
 #define DDS_Security_ParticipantCryptoTokenSeq_free(s) \
-                    DDS_Security_DataHolderSeq_free((DDS_Security_DataHolderSeq *)(s))
+                    DDS_Security_DataHolderSeq_free(s)
 #define DDS_Security_ParticipantCryptoTokenSeq_deinit(s) \
-                    DDS_Security_DataHolderSeq_deinit((DDS_Security_DataHolderSeq *)(s))
+                    DDS_Security_DataHolderSeq_deinit(s)
 #define DDS_Security_ParticipantCryptoTokenSeq_copy(d,s) \
-                    DDS_Security_DataHolderSeq_copy((DDS_Security_DataHolderSeq *)(d), (const DDS_Security_DataHolderSeq *)(s))
+                    DDS_Security_DataHolderSeq_copy((d), (s))
 
 
-#define DDS_Security_ParticipantCryptoHandleSeq_alloc()     (DDS_Security_ParticipantCryptoHandleSeq*)DDS_Security_HandleSeq_alloc()
+#define DDS_Security_ParticipantCryptoHandleSeq_alloc()     DDS_Security_HandleSeq_alloc()
 #define DDS_Security_ParticipantCryptoHandleSeq_allocbuf(l) DDS_Security_HandleSeq_allocbuf(l)
-#define DDS_Security_ParticipantCryptoHandleSeq_freebuf(s)  DDS_Security_HandleSeq_freebuf((DDS_Security_HandleSeq*)s)
-#define DDS_Security_ParticipantCryptoHandleSeq_free(s)     DDS_Security_HandleSeq_free((DDS_Security_HandleSeq*)s)
-#define DDS_Security_ParticipantCryptoHandleSeq_deinit(s)   DDS_Security_HandleSeq_deinit((DDS_Security_HandleSeq*)s)
+#define DDS_Security_ParticipantCryptoHandleSeq_freebuf(s)  DDS_Security_HandleSeq_freebuf(s)
+#define DDS_Security_ParticipantCryptoHandleSeq_free(s)     DDS_Security_HandleSeq_free(s)
+#define DDS_Security_ParticipantCryptoHandleSeq_deinit(s)   DDS_Security_HandleSeq_deinit(s)
 
-#define DDS_Security_DatawriterCryptoHandleSeq_alloc()      (DDS_Security_DatawriterCryptoHandleSeq*)DDS_Security_HandleSeq_alloc()
+#define DDS_Security_DatawriterCryptoHandleSeq_alloc()      DDS_Security_HandleSeq_alloc()
 #define DDS_Security_DatawriterCryptoHandleSeq_allocbuf(l)  DDS_Security_HandleSeq_allocbuf(l)
-#define DDS_Security_DatawriterCryptoHandleSeq_freebuf(s)   DDS_Security_HandleSeq_freebuf((DDS_Security_HandleSeq*)s)
-#define DDS_Security_DatawriterCryptoHandleSeq_free(s)      DDS_Security_HandleSeq_free((DDS_Security_HandleSeq*)s)
-#define DDS_Security_DatawriterCryptoHandleSeq_deinit(s)    DDS_Security_HandleSeq_deinit((DDS_Security_HandleSeq*)s)
+#define DDS_Security_DatawriterCryptoHandleSeq_freebuf(s)   DDS_Security_HandleSeq_freebuf(s)
+#define DDS_Security_DatawriterCryptoHandleSeq_free(s)      DDS_Security_HandleSeq_free(s)
+#define DDS_Security_DatawriterCryptoHandleSeq_deinit(s)    DDS_Security_HandleSeq_deinit(s)
 
-#define DDS_Security_DatareaderCryptoHandleSeq_alloc()      (DDS_Security_DatareaderCryptoHandleSeq*)DDS_Security_HandleSeq_alloc()
+#define DDS_Security_DatareaderCryptoHandleSeq_alloc()      DDS_Security_HandleSeq_alloc()
 #define DDS_Security_DatareaderCryptoHandleSeq_allocbuf(l)  DDS_Security_HandleSeq_allocbuf(l)
-#define DDS_Security_DatareaderCryptoHandleSeq_freebuf(s)   DDS_Security_HandleSeq_freebuf((DDS_Security_HandleSeq*)s)
-#define DDS_Security_DatareaderCryptoHandleSeq_free(s)      DDS_Security_HandleSeq_free((DDS_Security_HandleSeq*)s)
-#define DDS_Security_DatareaderCryptoHandleSeq_deinit(s)    DDS_Security_HandleSeq_deinit((DDS_Security_HandleSeq*)s)
+#define DDS_Security_DatareaderCryptoHandleSeq_freebuf(s)   DDS_Security_HandleSeq_freebuf(s)
+#define DDS_Security_DatareaderCryptoHandleSeq_free(s)      DDS_Security_HandleSeq_free(s)
+#define DDS_Security_DatareaderCryptoHandleSeq_deinit(s)    DDS_Security_HandleSeq_deinit(s)
 
-#define DDS_Security_CryptoTokenSeq_alloc()     (DDS_Security_CryptoTokenSeq*)DDS_Security_DataHolderSeq_alloc()
+#define DDS_Security_CryptoTokenSeq_alloc()     DDS_Security_DataHolderSeq_alloc()
 #define DDS_Security_CryptoTokenSeq_allocbuf(l) DDS_Security_DataHolderSeq_allocbuf(l)
-#define DDS_Security_CryptoTokenSeq_freebuf(s)  DDS_Security_DataHolderSeq_freebuf((DDS_Security_CryptoTokenSeq*)s)
-#define DDS_Security_CryptoTokenSeq_free(s)     DDS_Security_DataHolderSeq_free((DDS_Security_CryptoTokenSeq*)s)
+#define DDS_Security_CryptoTokenSeq_freebuf(s)  DDS_Security_DataHolderSeq_freebuf(s)
+#define DDS_Security_CryptoTokenSeq_free(s)     DDS_Security_DataHolderSeq_free(s)
 
 
 /* for DEBUG purposes */

src/security/core/include/dds/security/core/shared_secret.h

@@ -9,32 +9,25 @@
  *
  * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
  */
-
-
 #ifndef SRC_SECURITY_CORE_INCLUDE_SHARED_SECRET_HANDLE_H_
 #define SRC_SECURITY_CORE_INCLUDE_SHARED_SECRET_HANDLE_H_
 
-#include "dds/export.h"
+#include <stddef.h>
 #include <stdint.h>
+
+#include "dds/export.h"
 #include "dds/security/dds_security_api.h"
 
-
 typedef struct DDS_Security_SharedSecretHandleImpl {
-
-    DDS_Security_octet* shared_secret;
-    DDS_Security_long shared_secret_size;
-    DDS_Security_octet challenge1[DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE];
-    DDS_Security_octet challenge2[DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE];
-
+  DDS_Security_octet* shared_secret;
+  DDS_Security_long shared_secret_size;
+  DDS_Security_octet challenge1[DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE];
+  DDS_Security_octet challenge2[DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE];
 } DDS_Security_SharedSecretHandleImpl;
 
-DDS_EXPORT const DDS_Security_octet* get_challenge1_from_secret_handle( DDS_Security_SharedSecretHandle handle);
-
-DDS_EXPORT const DDS_Security_octet* get_challenge2_from_secret_handle( DDS_Security_SharedSecretHandle handle );
-
-DDS_EXPORT const DDS_Security_octet* get_secret_from_secret_handle( DDS_Security_SharedSecretHandle handle );
-
-DDS_EXPORT int32_t get_secret_size_from_secret_handle( DDS_Security_SharedSecretHandle handle );
+DDS_EXPORT const DDS_Security_octet* get_challenge1_from_secret_handle (DDS_Security_SharedSecretHandle handle);
+DDS_EXPORT const DDS_Security_octet* get_challenge2_from_secret_handle (DDS_Security_SharedSecretHandle handle);
+DDS_EXPORT const DDS_Security_octet* get_secret_from_secret_handle (DDS_Security_SharedSecretHandle handle);
+DDS_EXPORT size_t get_secret_size_from_secret_handle (DDS_Security_SharedSecretHandle handle);
 
 #endif /* SRC_SECURITY_CORE_INCLUDE_SHARED_SECRET_H_ */
-

src/security/core/src/dds_security_serialize.c

@@ -13,6 +13,7 @@
 
 #include <assert.h>
 #include <string.h>
+#include "dds/ddsrt/bswap.h"
 #include "dds/ddsrt/heap.h"
 #include "dds/ddsrt/atomics.h"
 #include "dds/ddsrt/string.h"
@@ -92,7 +93,6 @@
 #define PID_PARTICIPANT_SECURITY_INFO           0x1005u
 #define PID_IDENTITY_STATUS_TOKEN               0x1006u
 
-
 struct DDS_Security_Serializer {
     unsigned char *buffer;
     size_t size;
@@ -211,7 +211,7 @@ DDS_Security_Serialize_update_len(
 {
     unsigned short len;
 
-    len = (unsigned short)(ser->offset - ser->marker - sizeof(unsigned short));
+    len = (unsigned short)(ser->offset - ser->marker - sizeof(len));
     *(unsigned short *)&(ser->buffer[ser->marker]) = ddsrt_toBE2u(len);
 }
 
@@ -220,11 +220,11 @@ DDS_Security_Serialize_uint16(
      DDS_Security_Serializer ser,
      unsigned short value)
 {
-    serbuffer_align(ser, sizeof(unsigned short));
-    serbuffer_adjust_size(ser, sizeof(unsigned short));
+    serbuffer_align(ser, sizeof(value));
+    serbuffer_adjust_size(ser, sizeof(value));
 
     *(unsigned short *)&(ser->buffer[ser->offset]) = ddsrt_toBE2u(value);
-    ser->offset += sizeof(unsigned short);
+    ser->offset += sizeof(value);
 }
 
 static void
@@ -232,11 +232,11 @@ DDS_Security_Serialize_uint32_t(
      DDS_Security_Serializer ser,
      uint32_t value)
 {
-    serbuffer_align(ser, sizeof(uint32_t));
-    serbuffer_adjust_size(ser, sizeof(uint32_t));
+    serbuffer_align(ser, sizeof(value));
+    serbuffer_adjust_size(ser, sizeof(value));
 
     *(uint32_t *)&(ser->buffer[ser->offset]) = ddsrt_toBE4u(value);
-    ser->offset += sizeof(uint32_t);
+    ser->offset += sizeof(value);
 }
 
 static void
@@ -244,12 +244,10 @@ DDS_Security_Serialize_string(
      DDS_Security_Serializer ser,
      const char *str)
 {
-    size_t len;
-
-    len = strlen(str) + 1;
+    size_t len = strlen(str) + 1;
 
     DDS_Security_Serialize_uint32_t(ser, (uint32_t)len);
-    serbuffer_adjust_size(ser, len );
+    serbuffer_adjust_size(ser, len);
 
     memcpy(&(ser->buffer[ser->offset]), str, len);
     ser->offset += len;
@@ -416,7 +414,7 @@ DDS_Security_Serialize_ParticipantSecurityInfo(
 
 
 void
-DDD_Security_Serialize_ParticipantBuiltinTopicData(
+DDS_Security_Serialize_ParticipantBuiltinTopicData(
      DDS_Security_Serializer ser,
      DDS_Security_ParticipantBuiltinTopicData *pdata)
 {
@@ -432,7 +430,7 @@ DDD_Security_Serialize_ParticipantBuiltinTopicData(
 }
 
 static void
-DDD_Security_Serialize_OctetArray(
+DDS_Security_Serialize_OctetArray(
      DDS_Security_Serializer ser,
      const DDS_Security_octet *data,
      uint32_t length)
@@ -443,15 +441,15 @@ DDD_Security_Serialize_OctetArray(
 }
 
 void
-DDD_Security_Serialize_KeyMaterial_AES_GCM_GMAC(
+DDS_Security_Serialize_KeyMaterial_AES_GCM_GMAC(
      DDS_Security_Serializer ser,
      const DDS_Security_KeyMaterial_AES_GCM_GMAC *data)
 {
-    DDD_Security_Serialize_OctetArray(ser, data->transformation_kind, sizeof(data->transformation_kind));
+    DDS_Security_Serialize_OctetArray(ser, data->transformation_kind, sizeof(data->transformation_kind));
     DDS_Security_Serialize_OctetSeq(ser, &data->master_salt);
-    DDD_Security_Serialize_OctetArray(ser, data->sender_key_id, sizeof(data->sender_key_id));
+    DDS_Security_Serialize_OctetArray(ser, data->sender_key_id, sizeof(data->sender_key_id));
     DDS_Security_Serialize_OctetSeq(ser, &data->master_sender_key);
-    DDD_Security_Serialize_OctetArray(ser, data->receiver_specific_key_id, sizeof(data->receiver_specific_key_id));
+    DDS_Security_Serialize_OctetArray(ser, data->receiver_specific_key_id, sizeof(data->receiver_specific_key_id));
     DDS_Security_Serialize_OctetSeq(ser, &data->master_receiver_specific_key);
 }
 
@@ -500,7 +498,7 @@ DDS_Security_Deserialize_uint16(
      DDS_Security_Deserializer dser,
      unsigned short *value)
 {
-    size_t l = sizeof(unsigned short);
+    size_t l = sizeof(*value);
 
     DDS_Security_Deserialize_align(dser, l);
 
@@ -519,7 +517,7 @@ DDS_Security_Deserialize_uint32_t(
      DDS_Security_Deserializer dser,
      uint32_t *value)
 {
-    size_t l = sizeof(uint32_t);
+    size_t l = sizeof(*value);
 
     DDS_Security_Deserialize_align(dser, l);
 
@@ -692,9 +690,7 @@ DDS_Security_Deserialize_BuiltinTopicKey(
      DDS_Security_Deserializer dser,
      DDS_Security_BuiltinTopicKey_t key)
 {
-    int r;
-
-    r = DDS_Security_Deserialize_uint32_t(dser, (uint32_t *)&key[0]) &&
+    int r = DDS_Security_Deserialize_uint32_t(dser, (uint32_t *)&key[0]) &&
         DDS_Security_Deserialize_uint32_t(dser, (uint32_t *)&key[1]) &&
         DDS_Security_Deserialize_uint32_t(dser, (uint32_t *)&key[2]);
 
@@ -710,16 +706,12 @@ DDS_Security_Deserialize_ParticipantSecurityInfo(
     DDS_Security_Deserializer dser,
     DDS_Security_ParticipantSecurityInfo *info)
 {
-    int r;
-
-    r =  DDS_Security_Deserialize_uint32_t(dser, &info->participant_security_attributes) &&
+    return DDS_Security_Deserialize_uint32_t(dser, &info->participant_security_attributes) &&
          DDS_Security_Deserialize_uint32_t(dser, &info->plugin_participant_security_attributes);
-
-    return r;
 }
 
 int
-DDD_Security_Deserialize_ParticipantBuiltinTopicData(
+DDS_Security_Deserialize_ParticipantBuiltinTopicData(
      DDS_Security_Deserializer dser,
      DDS_Security_ParticipantBuiltinTopicData *pdata,
      DDS_Security_SecurityException *ex)
@@ -786,7 +778,7 @@ DDD_Security_Deserialize_ParticipantBuiltinTopicData(
 }
 
 void
-DDD_Security_BuiltinTopicKeyBE(
+DDS_Security_BuiltinTopicKeyBE(
      DDS_Security_BuiltinTopicKey_t dst,
      const  DDS_Security_BuiltinTopicKey_t src)
 {
@@ -796,18 +788,16 @@ DDD_Security_BuiltinTopicKeyBE(
 }
 
 int
-DDD_Security_Deserialize_KeyMaterial_AES_GCM_GMAC(
+DDS_Security_Deserialize_KeyMaterial_AES_GCM_GMAC(
      DDS_Security_Deserializer dser,
      DDS_Security_KeyMaterial_AES_GCM_GMAC *data)
 {
-    int r = 0;
-
-    r = DDS_Security_Deserialize_OctetArray(dser, data->transformation_kind, sizeof(data->transformation_kind)) &&
+    memset(data, 0, sizeof(*data));
+    return
+        DDS_Security_Deserialize_OctetArray(dser, data->transformation_kind, sizeof(data->transformation_kind)) &&
         DDS_Security_Deserialize_OctetSeq(dser, &data->master_salt) &&
         DDS_Security_Deserialize_OctetArray(dser, data->sender_key_id, sizeof(data->sender_key_id)) &&
         DDS_Security_Deserialize_OctetSeq(dser, &data->master_sender_key) &&
         DDS_Security_Deserialize_OctetArray(dser, data->receiver_specific_key_id, sizeof(data->receiver_specific_key_id)) &&
         DDS_Security_Deserialize_OctetSeq(dser, &data->master_receiver_specific_key);
-
-    return r;
 }

src/security/core/src/dds_security_utils.c

@@ -46,6 +46,7 @@ DDS_Security_BinaryProperty_deinit(
     }
 
     ddsrt_free(p->name);
+    memset (p->value._buffer, 0, p->value._length); /* because key material can be stored in binary property */
     ddsrt_free(p->value._buffer);
 }
 
@@ -906,51 +907,45 @@ DDS_Security_KeyMaterial_AES_GCM_GMAC_deinit(
 {
     if (key_material) {
         if (key_material->master_receiver_specific_key._buffer != NULL) {
+            memset (key_material->master_receiver_specific_key._buffer, 0, key_material->master_receiver_specific_key._length);
             ddsrt_free(key_material->master_receiver_specific_key._buffer);
         }
         if( key_material->master_salt._buffer != NULL){
+            memset (key_material->master_salt._buffer, 0, key_material->master_salt._length);
             ddsrt_free(key_material->master_salt._buffer);
         }
         if( key_material->master_sender_key._buffer != NULL){
+            memset (key_material->master_sender_key._buffer, 0, key_material->master_sender_key._length);
             ddsrt_free(key_material->master_sender_key._buffer);
         }
     }
 }
 
+static uint32_t DDS_Security_getKeySize (const DDS_Security_PropertySeq *properties)
+{
+    const DDS_Security_Property_t *key_size_property;
+    if (properties != NULL)
+    {
+        key_size_property = DDS_Security_PropertySeq_find_property (properties, "dds.sec.crypto.keysize");
+        if (key_size_property != NULL && !strcmp(key_size_property->value, "128"))
+            return 128;
+    }
+    return 256;
+}
 
 DDS_Security_CryptoTransformKind_Enum
 DDS_Security_basicprotectionkind2transformationkind(
-     const DDS_Security_PropertySeq *properties, 
+     const DDS_Security_PropertySeq *properties,
      DDS_Security_BasicProtectionKind protection)
 {
-    int keysize=256;
-    const DDS_Security_Property_t *key_size_property = NULL;
-    if( properties != NULL ){
-        key_size_property = DDS_Security_PropertySeq_find_property(
-                    properties, "dds.sec.crypto.keysize");
-
-        if (key_size_property != NULL) {
-            if (strcmp(key_size_property->value, "128") == 0) {
-                keysize = 128;
-            }
-        }
-    }
-
+    uint32_t keysize = DDS_Security_getKeySize (properties);
     switch (protection) {
         case DDS_SECURITY_BASICPROTECTION_KIND_NONE:
             return CRYPTO_TRANSFORMATION_KIND_NONE;
         case DDS_SECURITY_BASICPROTECTION_KIND_SIGN:
-            if( keysize == 128 ){
-                return CRYPTO_TRANSFORMATION_KIND_AES128_GMAC;
-            } else{
-                return CRYPTO_TRANSFORMATION_KIND_AES256_GMAC;
-            }
+            return (keysize == 128) ? CRYPTO_TRANSFORMATION_KIND_AES128_GMAC : CRYPTO_TRANSFORMATION_KIND_AES256_GMAC;
         case DDS_SECURITY_BASICPROTECTION_KIND_ENCRYPT:
-            if( keysize == 128 ){
-                return CRYPTO_TRANSFORMATION_KIND_AES128_GCM;
-            } else{
-                return CRYPTO_TRANSFORMATION_KIND_AES256_GCM;
-            }
+            return (keysize == 128) ? CRYPTO_TRANSFORMATION_KIND_AES128_GCM : CRYPTO_TRANSFORMATION_KIND_AES256_GCM;
         default:
             return CRYPTO_TRANSFORMATION_KIND_INVALID;
     }
@@ -961,41 +956,22 @@ DDS_Security_protectionkind2transformationkind(
      const DDS_Security_PropertySeq *properties,
      DDS_Security_ProtectionKind protection)
 {
-    int keysize=256;
-    const DDS_Security_Property_t *key_size_property = NULL;
-    if( properties != NULL ){
-        key_size_property = DDS_Security_PropertySeq_find_property(
-                        properties, "dds.sec.crypto.keysize");
-        if (key_size_property != NULL) {
-            if (strcmp(key_size_property->value, "128") == 0) {
-                keysize = 128;
-            }
-        }
-    }
-
+    uint32_t keysize = DDS_Security_getKeySize (properties);
     switch (protection) {
         case DDS_SECURITY_PROTECTION_KIND_NONE:
             return CRYPTO_TRANSFORMATION_KIND_NONE;
         case DDS_SECURITY_PROTECTION_KIND_SIGN_WITH_ORIGIN_AUTHENTICATION:
         case DDS_SECURITY_PROTECTION_KIND_SIGN:
-            if( keysize == 128 ){
-                return CRYPTO_TRANSFORMATION_KIND_AES128_GMAC;
-            } else{
-                return CRYPTO_TRANSFORMATION_KIND_AES256_GMAC;
-            }
+            return (keysize == 128) ? CRYPTO_TRANSFORMATION_KIND_AES128_GMAC : CRYPTO_TRANSFORMATION_KIND_AES256_GMAC;
         case DDS_SECURITY_PROTECTION_KIND_ENCRYPT_WITH_ORIGIN_AUTHENTICATION:
         case DDS_SECURITY_PROTECTION_KIND_ENCRYPT:
-            if( keysize == 128 ){
-                return CRYPTO_TRANSFORMATION_KIND_AES128_GCM;
-            } else {
-                return CRYPTO_TRANSFORMATION_KIND_AES256_GCM;
-            }
+            return (keysize == 128) ? CRYPTO_TRANSFORMATION_KIND_AES128_GCM : CRYPTO_TRANSFORMATION_KIND_AES256_GCM;
         default:
             return CRYPTO_TRANSFORMATION_KIND_INVALID;
     }
 }
 
-/* for DEBUG purposes */
+#ifndef NDEBUG
 void
 print_binary_debug(
      char* name,
@@ -1021,8 +997,7 @@ print_binary_properties_debug(
     }
 
 }
-
-
+#endif
 
 
 DDS_Security_config_item_prefix_t

src/security/core/src/shared_secret.c

@@ -13,31 +13,29 @@
 #include "dds/security/core/shared_secret.h"
 
 const DDS_Security_octet*
-get_challenge1_from_secret_handle(DDS_Security_SharedSecretHandle handle)
+get_challenge1_from_secret_handle (DDS_Security_SharedSecretHandle handle)
 {
-
-    DDS_Security_SharedSecretHandleImpl *secret = (DDS_Security_SharedSecretHandleImpl *)(uintptr_t)handle;
-    return secret->challenge1;
+  DDS_Security_SharedSecretHandleImpl *secret = (DDS_Security_SharedSecretHandleImpl *)(uintptr_t)handle;
+  return secret->challenge1;
 }
 
 const DDS_Security_octet*
-get_challenge2_from_secret_handle(DDS_Security_SharedSecretHandle handle)
+get_challenge2_from_secret_handle (DDS_Security_SharedSecretHandle handle)
 {
-    DDS_Security_SharedSecretHandleImpl *secret = (DDS_Security_SharedSecretHandleImpl *)(uintptr_t)handle;
-    return secret->challenge2;
+  DDS_Security_SharedSecretHandleImpl *secret = (DDS_Security_SharedSecretHandleImpl *)(uintptr_t)handle;
+  return secret->challenge2;
 }
 
 const DDS_Security_octet*
-get_secret_from_secret_handle(DDS_Security_SharedSecretHandle handle)
+get_secret_from_secret_handle (DDS_Security_SharedSecretHandle handle)
 {
-    DDS_Security_SharedSecretHandleImpl *secret = (DDS_Security_SharedSecretHandleImpl *)(uintptr_t)handle;
-    return secret->shared_secret;
+  DDS_Security_SharedSecretHandleImpl *secret = (DDS_Security_SharedSecretHandleImpl *)(uintptr_t)handle;
+  return secret->shared_secret;
 }
 
-
-int32_t
-get_secret_size_from_secret_handle( DDS_Security_SharedSecretHandle handle ){
-    DDS_Security_SharedSecretHandleImpl *secret = (DDS_Security_SharedSecretHandleImpl *)(uintptr_t)handle;
-    return secret->shared_secret_size;
-
+size_t
+get_secret_size_from_secret_handle (DDS_Security_SharedSecretHandle handle)
+{
+  DDS_Security_SharedSecretHandleImpl *secret = (DDS_Security_SharedSecretHandleImpl *)(uintptr_t)handle;
+  return (size_t) secret->shared_secret_size;
 }