niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add security authentication handshake and encoding and decoding

Browse source 
Signed-off-by: Marcel Jordense <marcel.jordense@adlinktech.com>
This commit is contained in:
Marcel Jordense 2019-11-22 17:50:35 +01:00 committed by eboasson
parent 1c77aad39c
commit 4960fbf94c
48 changed files with 7473 additions and 1539 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/security/builtin_plugins/access_control/src/access_control_parser.c
View file

@ -958,8 +958,10 @@ static int permissions_element_open_cb(void *varg, uintptr_t parentinfo, uintptr
{
parser->current = new_element(ELEMENT_KIND_IGNORED, parser->current, sizeof(struct element));
/*if this is the first element in the IGNORED branch, then give warning for the user*/
#if 0
if (parser->current->parent->kind != ELEMENT_KIND_IGNORED)
printf("Warning: Unsupported element \"%s\" has been ignored in permissions file.\n", name);
#endif
}
else
{

3
src/security/builtin_plugins/authentication/src/auth_utils.c
View file

@ -1225,7 +1225,8 @@ get_trusted_ca_list ( const char* trusted_ca_dir,
if( loading_result == DDS_SECURITY_VALIDATION_OK ){
ca_buffer_array[ca_buffer_array_size] = identityCA;
ca_buffer_array_size++;
} else {
DDS_Security_Exception_reset(ex);
}
}
}

590
src/security/builtin_plugins/authentication/src/authentication.c
View file

File diff suppressed because it is too large Load diff

73
src/security/builtin_plugins/cryptographic/src/crypto_key_exchange.c
View file

@ -71,21 +71,35 @@ static bool check_not_data_empty(const DDS_Security_OctetSeq *seq)
return false;
}
static bool check_crypto_keymaterial(const DDS_Security_KeyMaterial_AES_GCM_GMAC *keymat)
static bool check_crypto_keymaterial(
const dds_security_crypto_key_exchange_impl *impl,
const DDS_Security_KeyMaterial_AES_GCM_GMAC *keymat,
const int64_t handle)
{
bool status;
bool status = false;
uint32_t transform_kind = CRYPTO_TRANSFORM_KIND(keymat->transformation_kind);
uint32_t key_sz = CRYPTO_KEY_SIZE_BYTES(transform_kind);
status = (transform_kind >= CRYPTO_TRANSFORMATION_KIND_AES128_GMAC && transform_kind <= CRYPTO_TRANSFORMATION_KIND_AES256_GCM &&
keymat->master_salt._length == key_sz && keymat->master_salt._buffer != NULL && check_not_data_empty(&keymat->master_salt) &&
keymat->master_sender_key._length == key_sz && keymat->master_sender_key._buffer != NULL && check_not_data_empty(&keymat->master_sender_key));
if (status && CRYPTO_TRANSFORM_ID(keymat->receiver_specific_key_id))
if (transform_kind != CRYPTO_TRANSFORMATION_KIND_NONE)
{
status = (keymat->master_receiver_specific_key._length == key_sz &&
keymat->master_receiver_specific_key._buffer != NULL && check_not_data_empty(&keymat->master_receiver_specific_key));
status = (transform_kind <= CRYPTO_TRANSFORMATION_KIND_AES256_GCM &&
keymat->master_salt._length == key_sz && keymat->master_salt._buffer != NULL && check_not_data_empty(&keymat->master_salt) &&
keymat->master_sender_key._length == key_sz && keymat->master_sender_key._buffer != NULL && check_not_data_empty(&keymat->master_sender_key));
if (status && CRYPTO_TRANSFORM_ID(keymat->receiver_specific_key_id))
{
status = (keymat->master_receiver_specific_key._length == key_sz &&
keymat->master_receiver_specific_key._buffer != NULL && check_not_data_empty(&keymat->master_receiver_specific_key));
}
}
else
{
const dds_security_crypto_key_factory *factory;
DDS_Security_ProtectionKind kind;
factory = cryptography_get_crypto_key_factory(impl->crypto);
if (crypto_factory_get_protection_kind(factory, handle, &kind))
status = (kind == DDS_SECURITY_PROTECTION_KIND_NONE);
}
return status;
@ -179,12 +193,34 @@ create_local_participant_crypto_tokens(
tokens->_buffer[0].binary_properties._buffer[0].value._length =
tokens->_buffer[0].binary_properties._buffer[0].value._maximum = length;
tokens->_buffer[0].binary_properties._buffer[0].value._buffer = buffer;
tokens->_buffer[0].binary_properties._buffer[0].propagate = true;
return true;
fail_invalid_arg:
return false;
}
static DDS_Security_boolean
allow_empty_tokens(
const dds_security_crypto_key_exchange_impl *impl,
const DDS_Security_ParticipantCryptoTokenSeq *tokens,
const int64_t handle)
{
const dds_security_crypto_key_factory *factory;
DDS_Security_ProtectionKind kind;
if (tokens->_length > 0)
return false;
factory = cryptography_get_crypto_key_factory(impl->crypto);
if (crypto_factory_get_protection_kind(factory, handle, &kind))
return (kind == DDS_SECURITY_PROTECTION_KIND_NONE);
return false;
}
static DDS_Security_boolean
set_remote_participant_crypto_tokens(
dds_security_crypto_key_exchange *instance,
@ -207,6 +243,9 @@ set_remote_participant_crypto_tokens(
return false;
}
if (allow_empty_tokens(impl, tokens, remote_id))
return true;
if (!check_crypto_tokens(tokens))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_ARGUMENT_CODE, 0,
@ -229,7 +268,7 @@ set_remote_participant_crypto_tokens(
"set_remote_participant_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
result = false;
}
else if (!check_crypto_keymaterial(&remote_key_mat))
else if (!check_crypto_keymaterial(impl, &remote_key_mat, remote_id))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_CODE, 0,
"set_remote_participant_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
@ -290,6 +329,7 @@ create_local_datawriter_crypto_tokens(
tokens->_buffer[i].binary_properties._buffer[0].value._length =
tokens->_buffer[i].binary_properties._buffer[0].value._maximum = length;
tokens->_buffer[i].binary_properties._buffer[0].value._buffer = buffer;
tokens->_buffer[i].binary_properties._buffer[0].propagate = true;
CRYPTO_OBJECT_RELEASE(key_mat[i]);
}
@ -317,6 +357,9 @@ set_remote_datawriter_crypto_tokens(
return false;
}
if (allow_empty_tokens(impl, tokens, remote_writer_handle))
return true;
if (!check_crypto_tokens(tokens))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_ARGUMENT_CODE, 0,
@ -347,7 +390,7 @@ set_remote_datawriter_crypto_tokens(
"set_remote_datawriter_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
result = false;
}
else if (!check_crypto_keymaterial(&remote_key_mat[i]))
else if (!check_crypto_keymaterial(impl, &remote_key_mat[i], remote_writer_handle))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_CODE, 0,
"set_remote_datawriter_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
@ -409,6 +452,7 @@ create_local_datareader_crypto_tokens(
tokens->_buffer[0].binary_properties._buffer[0].value._length =
tokens->_buffer[0].binary_properties._buffer[0].value._maximum = length;
tokens->_buffer[0].binary_properties._buffer[0].value._buffer = buffer;
tokens->_buffer[0].binary_properties._buffer[0].propagate = true;
CRYPTO_OBJECT_RELEASE(key_mat);
}
@ -444,6 +488,9 @@ set_remote_datareader_crypto_tokens(
return false;
}
if (allow_empty_tokens(impl, tokens, remote_reader_handle))
return true;
if (!check_crypto_tokens(tokens))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_ARGUMENT_CODE, 0,
@ -466,7 +513,7 @@ set_remote_datareader_crypto_tokens(
"set_remote_datareader_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
result = false;
}
else if (!check_crypto_keymaterial(&remote_key_mat))
else if (!check_crypto_keymaterial(impl, &remote_key_mat, remote_reader_handle))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_CODE, 0,
"set_remote_datareader_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);

105
src/security/builtin_plugins/cryptographic/src/crypto_key_factory.c
View file

@ -245,6 +245,7 @@ remove_relation_from_keymaterial(
CryptoObject *remote_crypto)
{
endpoint_relation *relation;
relation = crypto_endpoint_relation_find_by_crypto(key_material->endpoint_relations, local_crypto, remote_crypto);
if (relation)
{
@ -258,24 +259,21 @@ remove_remote_writer_relation(
dds_security_crypto_key_factory_impl *implementation,
remote_datawriter_crypto *remote_writer)
{
local_datareader_crypto *local_reader;
remote_participant_crypto *remote_participant;
participant_key_material *key_material;
DDSRT_UNUSED_ARG(implementation);
assert(remote_writer);
remote_participant = remote_writer->participant;
assert(remote_participant);
local_reader = (local_datareader_crypto *)crypto_object_table_find(implementation->crypto_objects, remote_writer->local_reader_handle);
if (local_reader)
key_material = (participant_key_material *)crypto_object_table_find(
remote_participant->key_material, CRYPTO_OBJECT_HANDLE(remote_writer->local_reader->participant));
if (key_material)
{
key_material = (participant_key_material *)crypto_object_table_find(
remote_participant->key_material, CRYPTO_OBJECT_HANDLE(local_reader->participant));
if (key_material)
{
remove_relation_from_keymaterial(key_material, (CryptoObject *)local_reader, (CryptoObject *)remote_writer);
CRYPTO_OBJECT_RELEASE(key_material);
}
CRYPTO_OBJECT_RELEASE(local_reader);
remove_relation_from_keymaterial(key_material, (CryptoObject *)remote_writer->local_reader, (CryptoObject *)remote_writer);
CRYPTO_OBJECT_RELEASE(key_material);
}
}
@ -284,24 +282,21 @@ remove_remote_reader_relation(
dds_security_crypto_key_factory_impl *implementation,
remote_datareader_crypto *remote_reader)
{
local_datawriter_crypto *local_writer;
remote_participant_crypto *remote_participant;
participant_key_material *key_material;
DDSRT_UNUSED_ARG(implementation);
assert(remote_reader);
remote_participant = remote_reader->participant;
assert(remote_participant);
local_writer = (local_datawriter_crypto *)crypto_object_table_find(implementation->crypto_objects, remote_reader->local_writer_handle);
if (local_writer)
key_material = (participant_key_material *)crypto_object_table_find(
remote_participant->key_material, CRYPTO_OBJECT_HANDLE(remote_reader->local_writer->participant));
if (key_material)
{
key_material = (participant_key_material *)crypto_object_table_find(
remote_participant->key_material, CRYPTO_OBJECT_HANDLE(local_writer->participant));
if (key_material)
{
remove_relation_from_keymaterial(key_material, (CryptoObject *)local_writer, (CryptoObject *)remote_reader);
CRYPTO_OBJECT_RELEASE(key_material);
}
CRYPTO_OBJECT_RELEASE(local_writer);
remove_relation_from_keymaterial(key_material, (CryptoObject *)remote_reader->local_writer, (CryptoObject *)remote_reader);
CRYPTO_OBJECT_RELEASE(key_material);
}
}
@ -562,6 +557,7 @@ register_local_datawriter(
crypto_object_table_insert(implementation->crypto_objects, (CryptoObject *)writer_crypto);
CRYPTO_OBJECT_RELEASE(participant_crypto);
CRYPTO_OBJECT_RELEASE(writer_crypto);
return writer_crypto->_parent.handle;
err_random_generation:
@ -619,7 +615,7 @@ register_matched_remote_datareader(
data_protectionKind = local_writer->data_protectionKind;
metadata_protectionKind = local_writer->metadata_protectionKind;
reader_crypto = crypto_remote_datareader_crypto__new(remote_participant, metadata_protectionKind, data_protectionKind, local_datawriter_crypto_handle);
reader_crypto = crypto_remote_datareader_crypto__new(remote_participant, metadata_protectionKind, data_protectionKind, local_writer);
/* check if the writer is BuiltinParticipantVolatileMessageSecureWriter */
if (local_writer->is_builtin_participant_volatile_message_secure_writer)
@ -667,6 +663,7 @@ register_matched_remote_datareader(
CRYPTO_OBJECT_RELEASE(remote_participant);
CRYPTO_OBJECT_RELEASE(local_writer);
CRYPTO_OBJECT_RELEASE(reader_crypto);
return DATAREADER_CRYPTO_HANDLE(reader_crypto);
err_random_generation:
@ -736,6 +733,7 @@ register_local_datareader(
crypto_object_table_insert(implementation->crypto_objects, (CryptoObject *)reader_crypto);
CRYPTO_OBJECT_RELEASE(participant_crypto);
CRYPTO_OBJECT_RELEASE(reader_crypto);
return DATAREADER_CRYPTO_HANDLE(reader_crypto);
err_random_generation:
@ -786,8 +784,7 @@ register_matched_remote_datawriter(
goto err_invalid_parameter;
}
writer_crypto = crypto_remote_datawriter_crypto__new(remote_participant, local_reader->metadata_protectionKind,
local_reader->data_protectionKind, local_datareader_crypto_handle);
writer_crypto = crypto_remote_datawriter_crypto__new(remote_participant, local_reader->metadata_protectionKind, local_reader->data_protectionKind, local_reader);
/* check if the writer is BuiltinParticipantVolatileMessageSecureWriter */
if (local_reader->is_builtin_participant_volatile_message_secure_reader)
@ -833,6 +830,7 @@ register_matched_remote_datawriter(
CRYPTO_OBJECT_RELEASE(remote_participant);
CRYPTO_OBJECT_RELEASE(local_reader);
CRYPTO_OBJECT_RELEASE(writer_crypto);
return DATAREADER_CRYPTO_HANDLE(writer_crypto);
err_random_generation:
@ -983,6 +981,51 @@ void dds_security_crypto_key_factory__dealloc(dds_security_crypto_key_factory *i
ddsrt_free(implementation);
}
bool
crypto_factory_get_protection_kind(
const dds_security_crypto_key_factory *factory,
int64_t handle,
DDS_Security_ProtectionKind *kind)
{
const dds_security_crypto_key_factory_impl *impl = (const dds_security_crypto_key_factory_impl *)factory;
CryptoObject *obj;
bool result = true;
obj = crypto_object_table_find(impl->crypto_objects, handle);
if (!obj)
{
return false;
}
switch (obj->kind)
{
case CRYPTO_OBJECT_KIND_LOCAL_CRYPTO:
*kind = ((local_participant_crypto *)obj)->rtps_protection_kind;
break;
case CRYPTO_OBJECT_KIND_REMOTE_CRYPTO:
*kind = ((remote_participant_crypto *)obj)->rtps_protection_kind;
break;
case CRYPTO_OBJECT_KIND_LOCAL_WRITER_CRYPTO:
*kind = ((local_datawriter_crypto *)obj)->metadata_protectionKind;
break;
case CRYPTO_OBJECT_KIND_REMOTE_WRITER_CRYPTO:
*kind = ((remote_datawriter_crypto *)obj)->metadata_protectionKind;
break;
case CRYPTO_OBJECT_KIND_LOCAL_READER_CRYPTO:
*kind = ((local_datareader_crypto *)obj)->metadata_protectionKind;
break;
case CRYPTO_OBJECT_KIND_REMOTE_READER_CRYPTO:
*kind = ((remote_datareader_crypto *)obj)->metadata_protectionKind;
break;
default:
result = false;
break;
}
CRYPTO_OBJECT_RELEASE(obj);
return result;
}
bool
crypto_factory_get_participant_crypto_tokens(
const dds_security_crypto_key_factory *factory,
@ -1110,7 +1153,7 @@ crypto_factory_get_datawriter_crypto_tokens(
goto err_inv_remote;
}
if (remote_reader_crypto->local_writer_handle != local_writer_handle)
if (CRYPTO_OBJECT_HANDLE(remote_reader_crypto->local_writer) != local_writer_handle)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1180,7 +1223,7 @@ crypto_factory_set_datawriter_crypto_tokens(
goto err_inv_local;
}
if (remote_writer_crypto->local_reader_handle != local_reader_handle)
if (CRYPTO_OBJECT_HANDLE(remote_writer_crypto->local_reader) != local_reader_handle)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1254,7 +1297,7 @@ crypto_factory_get_datareader_crypto_tokens(
goto err_inv_remote;
}
if (remote_writer_crypto->local_reader_handle != local_reader_handle)
if (CRYPTO_OBJECT_HANDLE(remote_writer_crypto->local_reader) != local_reader_handle)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1317,7 +1360,7 @@ crypto_factory_set_datareader_crypto_tokens(
goto err_inv_local;
}
if (remote_reader_crypto->local_writer_handle != local_writer_handle)
if (CRYPTO_OBJECT_HANDLE(remote_reader_crypto->local_writer) != local_writer_handle)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1582,7 +1625,7 @@ crypto_factory_get_remote_writer_key_material(
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
goto err_inv_crypto;
}
if (writer_crypto->local_reader_handle != reader_id)
if (CRYPTO_OBJECT_HANDLE(writer_crypto->local_reader) != reader_id)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1646,7 +1689,7 @@ crypto_factory_get_remote_reader_key_material(
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
goto err_inv_crypto;
}
if (reader_crypto->local_writer_handle != writer_id)
if (CRYPTO_OBJECT_HANDLE(reader_crypto->local_writer) != writer_id)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,

5
src/security/builtin_plugins/cryptographic/src/crypto_key_factory.h
View file

@ -29,6 +29,11 @@ int generate_key_pairs(
char **private_key,
char **public_key);
bool crypto_factory_get_protection_kind(
const dds_security_crypto_key_factory *factory,
int64_t handle,
DDS_Security_ProtectionKind *kind);
bool crypto_factory_get_participant_crypto_tokens(
const dds_security_crypto_key_factory *factory,
DDS_Security_ParticipantCryptoHandle local_id,

13
src/security/builtin_plugins/cryptographic/src/crypto_objects.c
View file

@ -11,6 +11,7 @@
*/
#include <assert.h>
#include <string.h>
#include <stdio.h>
#include "dds/ddsrt/heap.h"
#include "dds/ddsrt/hopscotch.h"
#include "dds/ddsrt/types.h"
@ -63,7 +64,9 @@ void crypto_object_free(CryptoObject *obj)
CryptoObject * crypto_object_keep(CryptoObject *obj)
{
if (obj)
{
ddsrt_atomic_inc32(&obj->refcount);
}
return obj;
}
@ -455,6 +458,7 @@ static void remote_datawriter_crypto__free(CryptoObject *obj)
CRYPTO_OBJECT_RELEASE(datawriter_crypto->reader2writer_key_material);
CRYPTO_OBJECT_RELEASE(datawriter_crypto->writer2reader_key_material[0]);
CRYPTO_OBJECT_RELEASE(datawriter_crypto->writer2reader_key_material[1]);
CRYPTO_OBJECT_RELEASE(datawriter_crypto->local_reader);
CRYPTO_OBJECT_RELEASE(datawriter_crypto->participant);
crypto_object_deinit((CryptoObject *)datawriter_crypto);
ddsrt_free(datawriter_crypto);
@ -462,14 +466,14 @@ static void remote_datawriter_crypto__free(CryptoObject *obj)
}
remote_datawriter_crypto * crypto_remote_datawriter_crypto__new(const remote_participant_crypto *participant,
DDS_Security_ProtectionKind meta_protection, DDS_Security_BasicProtectionKind data_protection, DDS_Security_DatareaderCryptoHandle local_reader_handle)
DDS_Security_ProtectionKind meta_protection, DDS_Security_BasicProtectionKind data_protection, local_datareader_crypto *local_reader)
{
remote_datawriter_crypto *writer_crypto = ddsrt_calloc(1, sizeof(*writer_crypto));
crypto_object_init((CryptoObject *)writer_crypto, CRYPTO_OBJECT_KIND_REMOTE_WRITER_CRYPTO, remote_datawriter_crypto__free);
writer_crypto->participant = (remote_participant_crypto *)CRYPTO_OBJECT_KEEP(participant);
writer_crypto->metadata_protectionKind = meta_protection;
writer_crypto->data_protectionKind = data_protection;
writer_crypto->local_reader_handle = local_reader_handle;
writer_crypto->local_reader = (local_datareader_crypto *)CRYPTO_OBJECT_KEEP(local_reader);
writer_crypto->is_builtin_participant_volatile_message_secure_writer = false;
return writer_crypto;
@ -514,6 +518,7 @@ static void remote_datareader_crypto__free(CryptoObject *obj)
CRYPTO_OBJECT_RELEASE(datareader_crypto->reader2writer_key_material);
CRYPTO_OBJECT_RELEASE(datareader_crypto->writer2reader_key_material_message);
CRYPTO_OBJECT_RELEASE(datareader_crypto->writer2reader_key_material_payload);
CRYPTO_OBJECT_RELEASE(datareader_crypto->local_writer);
CRYPTO_OBJECT_RELEASE(datareader_crypto->participant);
crypto_object_deinit((CryptoObject *)datareader_crypto);
ddsrt_free(datareader_crypto);
@ -521,14 +526,14 @@ static void remote_datareader_crypto__free(CryptoObject *obj)
}
remote_datareader_crypto *crypto_remote_datareader_crypto__new(const remote_participant_crypto *participant, DDS_Security_ProtectionKind metadata_protectionKind,
DDS_Security_BasicProtectionKind data_protectionKind, DDS_Security_DatawriterCryptoHandle local_writer_handle)
DDS_Security_BasicProtectionKind data_protectionKind, local_datawriter_crypto *local_writer)
{
remote_datareader_crypto *reader_crypto = ddsrt_calloc(1, sizeof(*reader_crypto));
crypto_object_init((CryptoObject *)reader_crypto, CRYPTO_OBJECT_KIND_REMOTE_READER_CRYPTO, remote_datareader_crypto__free);
reader_crypto->participant = (remote_participant_crypto *)CRYPTO_OBJECT_KEEP(participant);
reader_crypto->metadata_protectionKind = metadata_protectionKind;
reader_crypto->data_protectionKind = data_protectionKind;
reader_crypto->local_writer_handle = local_writer_handle;
reader_crypto->local_writer = (local_datawriter_crypto *)CRYPTO_OBJECT_KEEP(local_writer);
reader_crypto->is_builtin_participant_volatile_message_secure_reader = false;
return reader_crypto;

8
src/security/builtin_plugins/cryptographic/src/crypto_objects.h
View file

@ -165,7 +165,7 @@ typedef struct remote_datawriter_crypto
master_key_material *reader2writer_key_material;
master_key_material *writer2reader_key_material[2];
session_key_material *reader_session; /* reference to the session key used by the reader */
DDS_Security_DatareaderCryptoHandle local_reader_handle;
struct local_datareader_crypto *local_reader;
bool is_builtin_participant_volatile_message_secure_writer;
} remote_datawriter_crypto;
@ -190,7 +190,7 @@ typedef struct remote_datareader_crypto
master_key_material *writer2reader_key_material_message;
master_key_material *writer2reader_key_material_payload;
session_key_material *writer_session; /* reference to the session key used by the writer */
DDS_Security_DatawriterCryptoHandle local_writer_handle;
local_datawriter_crypto *local_writer;
bool is_builtin_participant_volatile_message_secure_reader;
} remote_datareader_crypto;
@ -257,7 +257,7 @@ crypto_remote_datareader_crypto__new(
const remote_participant_crypto *participant,
DDS_Security_ProtectionKind metadata_protectionKind,
DDS_Security_BasicProtectionKind data_protectionKind,
DDS_Security_DatawriterCryptoHandle local_writer_handle);
local_datawriter_crypto *local_writer);
local_datareader_crypto *
crypto_local_datareader_crypto__new(
@ -270,7 +270,7 @@ crypto_remote_datawriter_crypto__new(
const remote_participant_crypto *participant,
DDS_Security_ProtectionKind meta_protection,
DDS_Security_BasicProtectionKind data_protection,
DDS_Security_DatareaderCryptoHandle local_reader_handle);
local_datareader_crypto *local_reader);
CryptoObject *
crypto_object_keep(

1
src/security/builtin_plugins/tests/set_remote_datareader_crypto_tokens/src/set_remote_datareader_crypto_tokens_utests.c
View file

@ -149,6 +149,7 @@ register_local_datawriter(void)
memset(&datawriter_security_attributes, 0, sizeof(DDS_Security_EndpointSecurityAttributes));
datawriter_security_attributes.is_discovery_protected = true;
datawriter_security_attributes.is_submessage_protected = true;
local_writer_crypto =
crypto->crypto_key_factory->register_local_datawriter(

1
src/security/builtin_plugins/tests/set_remote_datawriter_crypto_tokens/src/set_remote_datawriter_crypto_tokens_utests.c
View file

@ -141,6 +141,7 @@ static int register_local_datareader(void)
memset(&datareader_properties, 0, sizeof(datareader_properties));
memset(&datareader_security_attributes, 0, sizeof(datareader_security_attributes));
datareader_security_attributes.is_discovery_protected = true;
datareader_security_attributes.is_submessage_protected = true;
local_reader_crypto =
crypto->crypto_key_factory->register_local_datareader(

3
src/security/core/CMakeLists.txt
View file

@ -53,7 +53,8 @@ target_include_directories(security_core
if(BUILD_TESTING)
add_subdirectory(tests)
add_subdirectory(tests/plugin_loading)
# Temporarily disabled because needs refractoring w.r.t. security implementation
# add_subdirectory(tests/plugin_loading)
endif()
install(

4
src/security/core/include/dds/security/core/dds_security_utils.h
View file

@ -26,8 +26,8 @@ typedef DDS_Security_long_long DDS_Security_Handle;
typedef DDS_Security_LongLongSeq DDS_Security_HandleSeq;
#define DDS_SECURITY_SEQUENCE_INIT {0, 0, NULL}
#define DDS_SECURITY_TOKEN_INIT {NULL, DDS_SECURITY_SEQUENCE_INIT, DDS_SECURITY_SEQUENCE_INIT}
#define DDS_SECURITY_TOKEN_INIT {NULL, DDS_SECURITY_SEQUENCE_INIT, DDS_SECURITY_SEQUENCE_INIT}
#define DDS_SECURITY_EXCEPTION_INIT {NULL, 0, 0}
typedef enum {
DDS_SECURITY_CONFIG_ITEM_PREFIX_UNKNOWN,

227
src/security/core/src/dds_security_fsm.c
View file

@ -49,7 +49,8 @@ struct dds_security_fsm
{
struct dds_security_fsm *next_fsm;
struct dds_security_fsm *prev_fsm;
bool active;
bool busy;
bool deleting;
struct dds_security_fsm_control *control;
const dds_security_fsm_transition *transitions;
uint32_t size;
@ -69,8 +70,10 @@ struct dds_security_fsm_control
struct ddsi_domaingv *gv;
struct dds_security_fsm *first_fsm;
struct dds_security_fsm *last_fsm;
struct fsm_event *event_queue;
struct fsm_event *first_event;
struct fsm_event *last_event;
ddsrt_fibheap_t timers;
ddsrt_thread_t tid;
bool running;
};
@ -86,6 +89,68 @@ static int compare_timer_event (const void *va, const void *vb)
return (a->endtime == b->endtime) ? 0 : (a->endtime < b->endtime) ? -1 : 1;
}
static void append_event(struct dds_security_fsm_control *control, struct fsm_event *event)
{
event->next = NULL;
event->prev = control->last_event;
if (control->last_event)
control->last_event->next = event;
else
control->first_event = event;
control->last_event = event;
}
static void insert_event(struct dds_security_fsm_control *control, struct fsm_event *event)
{
event->prev = NULL;
event->next = control->first_event;
if (control->first_event)
control->first_event->prev = event;
else
control->last_event = event;
control->first_event = event;
}
static struct fsm_event *get_event(struct dds_security_fsm_control *control)
{
struct fsm_event *event = control->first_event;
if (event)
{
control->first_event = event->next;
if (event->next)
event->next->prev = NULL;
else
control->last_event = NULL;
event->next = NULL;
event->prev = NULL;
}
return event;
}
static void remove_events(struct dds_security_fsm_control *control, struct dds_security_fsm *fsm)
{
struct fsm_event *event = control->first_event;
while (event)
{
struct fsm_event *next = event->next;
if (event->fsm == fsm)
{
if (event->prev)
event->prev->next = event->next;
else
control->first_event = event->next;
if (event->next)
event->next->prev = event->prev;
else
control->last_event = event->prev;
ddsrt_free(event);
}
event = next;
}
}
static void fsm_dispatch (struct dds_security_fsm *fsm, int event_id, bool lifo)
{
struct dds_security_fsm_control *control = fsm->control;
@ -103,26 +168,10 @@ static void fsm_dispatch (struct dds_security_fsm *fsm, int event_id, bool lifo)
event->next = NULL;
event->prev = NULL;
if (lifo) {
/* Insert event at the top of the event list */
if (control->event_queue) {
control->event_queue->prev = event;
}
event->next = control->event_queue;
control->event_queue = event;
} else {
/* Insert FIFO event */
if (control->event_queue) {
struct fsm_event *last = control->event_queue;
while (last->next != NULL ) {
last = last->next;
}
last->next = event;
event->prev = last;
} else {
control->event_queue = event;
}
}
if (lifo)
insert_event(control, event);
else
append_event(control, event);
}
static void set_state_timer (struct dds_security_fsm *fsm)
@ -142,16 +191,18 @@ static void clear_state_timer (struct dds_security_fsm *fsm)
{
struct dds_security_fsm_control *control = fsm->control;
if (fsm->current && fsm->state_timeout_event.endtime != DDS_NEVER)
if (fsm->state_timeout_event.endtime != DDS_NEVER)
ddsrt_fibheap_delete (&timer_events_fhdef, &control->timers, &fsm->state_timeout_event);
fsm->state_timeout_event.endtime = DDS_NEVER;
}
static void clear_overall_timer (struct dds_security_fsm *fsm)
{
struct dds_security_fsm_control *control = fsm->control;
if (fsm->current && fsm->overall_timeout_event.endtime != DDS_NEVER)
if (fsm->overall_timeout_event.endtime != DDS_NEVER)
ddsrt_fibheap_delete (&timer_events_fhdef, &control->timers, &fsm->overall_timeout_event);
fsm->overall_timeout_event.endtime = DDS_NEVER;
}
static dds_time_t first_timeout (struct dds_security_fsm_control *control)
@ -185,57 +236,57 @@ static void fsm_state_change (struct thread_state1 *ts1, struct dds_security_fsm
int event_id = event->event_id;
uint32_t i;
if (fsm->active)
if (fsm->debug_func)
fsm->debug_func (fsm, DDS_SECURITY_FSM_DEBUG_ACT_HANDLING, fsm->current, event_id, fsm->arg);
for (i = 0; i < fsm->size; i++)
{
if (fsm->debug_func)
fsm->debug_func (fsm, DDS_SECURITY_FSM_DEBUG_ACT_HANDLING, fsm->current, event_id, fsm->arg);
for (i = 0; i < fsm->size; i++)
if ((fsm->transitions[i].begin == fsm->current) && (fsm->transitions[i].event_id == event_id))
{
if ((fsm->transitions[i].begin == fsm->current) && (fsm->transitions[i].event_id == event_id))
{
clear_state_timer (fsm);
fsm->current = fsm->transitions[i].end;
set_state_timer (fsm);
clear_state_timer (fsm);
fsm->current = fsm->transitions[i].end;
set_state_timer (fsm);
fsm->busy = true;
ddsrt_mutex_unlock (&control->lock);
ddsrt_mutex_unlock (&control->lock);
thread_state_asleep (ts1);
if (fsm->transitions[i].func)
fsm->transitions[i].func (fsm, fsm->arg);
if (fsm->current && fsm->current->func)
fsm->current->func (fsm, fsm->arg);
thread_state_awake (ts1, control->gv);
if (fsm->transitions[i].func)
fsm->transitions[i].func (fsm, fsm->arg);
if (fsm->current && fsm->current->func)
fsm->current->func (fsm, fsm->arg);
thread_state_awake (ts1, control->gv);
ddsrt_mutex_lock (&control->lock);
thread_state_asleep (ts1);
ddsrt_mutex_lock (&control->lock);
fsm->busy = false;
if (!fsm->deleting)
fsm_check_auto_state_change (fsm);
break;
}
else
ddsrt_cond_broadcast(&control->cond);
break;
}
}
else if (event_id == DDS_SECURITY_FSM_EVENT_DELETE)
fsm_delete (control, fsm);
}
static void fsm_handle_timeout (struct dds_security_fsm_control *control, struct fsm_timer_event *timer_event)
{
struct dds_security_fsm *fsm = timer_event->fsm;
if (fsm->active)
switch (timer_event->kind)
{
switch (timer_event->kind)
{
case FSM_TIMEOUT_STATE:
fsm_dispatch (fsm, DDS_SECURITY_FSM_EVENT_TIMEOUT, true);
break;
case FSM_TIMEOUT_OVERALL:
ddsrt_mutex_unlock (&control->lock);
if (fsm->overall_timeout_action)
fsm->overall_timeout_action (fsm, fsm->arg);
ddsrt_mutex_lock (&control->lock);
break;
}
case FSM_TIMEOUT_STATE:
fsm_dispatch (fsm, DDS_SECURITY_FSM_EVENT_TIMEOUT, true);
break;
case FSM_TIMEOUT_OVERALL:
fsm->busy = true;
ddsrt_mutex_unlock (&control->lock);
if (fsm->overall_timeout_action)
fsm->overall_timeout_action (fsm, fsm->arg);
ddsrt_mutex_lock (&control->lock);
fsm->busy = false;
if (fsm->deleting)
ddsrt_cond_broadcast(&control->cond);
break;
}
/* mark timer event as being processed */
@ -245,17 +296,16 @@ static void fsm_handle_timeout (struct dds_security_fsm_control *control, struct
static uint32_t handle_events (struct dds_security_fsm_control *control)
{
struct thread_state1 * const ts1 = lookup_thread_state ();
struct fsm_event *event;
control->tid = ddsrt_thread_self();
thread_state_awake (ts1, control->gv);
ddsrt_mutex_lock (&control->lock);
while (control->running)
{
if (control->event_queue)
if ((event = get_event(control)) != NULL)
{
struct fsm_event *event = control->event_queue;
control->event_queue = event->next;
if (control->event_queue)
control->event_queue->prev = NULL;
fsm_state_change (ts1, control, event);
ddsrt_free (event);
}
@ -288,7 +338,7 @@ void dds_security_fsm_set_timeout (struct dds_security_fsm *fsm, dds_security_fs
assert(timeout > 0);
ddsrt_mutex_lock (&fsm->control->lock);
if (fsm->active)
if (!fsm->deleting)
{
if (timeout != DDS_NEVER)
{
@ -297,7 +347,7 @@ void dds_security_fsm_set_timeout (struct dds_security_fsm *fsm, dds_security_fs
fsm->overall_timeout_event.endtime = ddsrt_time_add_duration(dds_time(), timeout);
ddsrt_fibheap_insert (&timer_events_fhdef, &fsm->control->timers, &fsm->overall_timeout_event);
if (fsm->overall_timeout_event.endtime < first_timeout(fsm->control))
ddsrt_cond_signal (&fsm->control->cond);
ddsrt_cond_broadcast (&fsm->control->cond);
}
else
clear_overall_timer (fsm);
@ -311,10 +361,10 @@ void dds_security_fsm_dispatch (struct dds_security_fsm *fsm, int32_t event_id,
assert(fsm->control);
ddsrt_mutex_lock (&fsm->control->lock);
if (fsm->active)
if (!fsm->deleting)
{
fsm_dispatch (fsm, event_id, prio);
ddsrt_cond_signal (&fsm->control->cond);
ddsrt_cond_broadcast (&fsm->control->cond);
}
ddsrt_mutex_unlock (&fsm->control->lock);
}
@ -324,7 +374,6 @@ const dds_security_fsm_state * dds_security_fsm_current_state (struct dds_securi
const dds_security_fsm_state *state;
assert(fsm);
assert(fsm->active);
ddsrt_mutex_lock (&fsm->control->lock);
state = fsm->current;
@ -407,7 +456,8 @@ struct dds_security_fsm * dds_security_fsm_create (struct dds_security_fsm_contr
fsm->overall_timeout_event.kind = FSM_TIMEOUT_OVERALL;
fsm->overall_timeout_event.endtime = DDS_NEVER;
fsm->overall_timeout_event.fsm = fsm;
fsm->active = true;
fsm->busy = false;
fsm->deleting = false;
fsm->next_fsm = NULL;
fsm->prev_fsm = NULL;
fsm->control = control;
@ -425,16 +475,17 @@ dds_security_fsm_start (struct dds_security_fsm *fsm)
dds_security_fsm_dispatch(fsm, DDS_SECURITY_FSM_EVENT_AUTO, false);
}
static void fsm_deactivate (struct dds_security_fsm *fsm, bool gen_del_event)
static void fsm_deactivate (struct dds_security_fsm_control *control, struct dds_security_fsm *fsm)
{
if (fsm->active)
fsm->deleting = true;
remove_events(control, fsm);
clear_state_timer (fsm);
clear_overall_timer (fsm);
fsm->current = NULL;
if (!ddsrt_thread_equal(control->tid, ddsrt_thread_self()))
{
fsm->active = false;
clear_state_timer (fsm);
clear_overall_timer (fsm);
fsm->current = NULL;
if (gen_del_event)
fsm_dispatch (fsm, DDS_SECURITY_FSM_EVENT_DELETE, false);
while (fsm->busy)
ddsrt_cond_wait(&control->cond, &control->lock);
}
}
@ -447,14 +498,14 @@ void dds_security_fsm_free (struct dds_security_fsm *fsm)
control = fsm->control;
ddsrt_mutex_lock (&control->lock);
fsm_deactivate (fsm, true);
fsm_deactivate (control, fsm);
ddsrt_mutex_unlock (&control->lock);
}
static void fsm_delete (struct dds_security_fsm_control *control, struct dds_security_fsm *fsm)
{
fsm_deactivate (fsm, false);
remove_fsm_from_list (control, fsm);
fsm_deactivate (control, fsm);
ddsrt_free(fsm);
}
@ -464,7 +515,8 @@ struct dds_security_fsm_control * dds_security_fsm_control_create (struct ddsi_d
control = ddsrt_malloc (sizeof(*control));
control->running = false;
control->event_queue = NULL;
control->first_event = NULL;
control->last_event = NULL;
control->first_fsm = NULL;
control->last_fsm = NULL;
control->gv = gv;
@ -486,12 +538,11 @@ void dds_security_fsm_control_free (struct dds_security_fsm_control *control)
while ((fsm = control->first_fsm) != NULL)
{
control->first_fsm = fsm->next_fsm;
fsm_deactivate (fsm, false);
ddsrt_free (fsm);
fsm_delete (control, fsm);
}
while ((event = control->event_queue) != NULL)
while ((event = control->first_event) != NULL)
{
control->event_queue = event->next;
control->first_event = event->next;
ddsrt_free (event);
}
@ -520,7 +571,7 @@ void dds_security_fsm_control_stop (struct dds_security_fsm_control *control)
ddsrt_mutex_lock (&control->lock);
control->running = false;
ddsrt_cond_signal (&control->cond);
ddsrt_cond_broadcast (&control->cond);
ddsrt_mutex_unlock (&control->lock);
join_thread (control->ts);

8
src/security/core/src/dds_security_utils.c
View file

@ -124,6 +124,7 @@ DDS_Security_BinaryProperty_set_by_value(
bp->name = ddsrt_strdup(name);
bp->value._length = length;
bp->value._maximum = length;
bp->propagate = true;
if (length) {
bp->value._buffer = ddsrt_malloc(length);
memcpy(bp->value._buffer, data, length);
@ -164,6 +165,7 @@ DDS_Security_BinaryProperty_set_by_ref(
bp->value._length = length;
bp->value._maximum = length;
bp->value._buffer = data;
bp->propagate = true;
}
DDS_Security_BinaryPropertySeq *
@ -840,7 +842,7 @@ DDS_Security_Exception_set_with_openssl_error(
void
DDS_Security_Exception_reset(
DDS_Security_SecurityException *ex)
DDS_Security_SecurityException *ex)
{
if (ex) {
if (ex->message) {
@ -855,7 +857,9 @@ DDS_Security_Exception_clean(
DDS_Security_SecurityException *ex)
{
if (ex) {
memset(ex, 0, sizeof(DDS_Security_SecurityException));
ex->code = 0;
ex->minor_code = 0;
ex->message = NULL;
}
}

17
src/security/core/tests/plugin_loading/plugin_loading.c
View file

@ -20,6 +20,7 @@
#include "dds/ddsrt/cdtors.h"
#include "dds/ddsrt/environ.h"
#include "dds/ddsrt/heap.h"
#include "plugin_mock_common.h"
//#include "dds/ddsi/ddsi_security_omg.h"
#define FORCE_ENV
@ -87,7 +88,7 @@ static uint32_t found;
static void logger(void *ptr, const dds_log_data_t *data) {
char **expected = (char **) ptr;
if (print_log) {
printf("%s\n", data->message);
fputs(data->message, stdout);
}
for (uint32_t i = 0; expected[i] != NULL; i++) {
if (patmatch(expected[i], data->message)) {
@ -112,9 +113,9 @@ CU_Test(ddssec_security_plugin_loading, all_ok, .init = ddsrt_init, .fini = ddsr
"<DDSSecurity>"
"<Authentication>"
"<Library path=\"dds_security_authentication_all_ok\" initFunction=\"init_authentication\" finalizeFunction=\"finalize_authentication\" />"
"<IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
"<IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
"<PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
"<IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
"<IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
"<PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
"<Password>testtext_Password_testtext</Password>"
"<TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
"</Authentication>"
@ -469,7 +470,7 @@ CU_Test(ddssec_security_plugin_loading, no_library_in_path, .init = ddsrt_init,
#else
dds_delete(participant);
#endif
CU_ASSERT_FATAL(found == 0xd || found == 0xe);
dds_delete(participant);
@ -551,13 +552,13 @@ CU_Test(ddssec_security_plugin_loading, all_ok_with_props, .init = ddsrt_init, .
dds_entity_t participant;
dds_qos_t * qos;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_INFO);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create the qos */
unsigned char bvalue[3] = { 0x01, 0x02, 0x03 };
CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL);

12
src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.c
View file

@ -28,6 +28,11 @@ typedef struct dds_security_authentication_impl {
int id; //sample internal member
} dds_security_authentication_impl;
static const char *test_identity_certificate = TEST_IDENTITY_CERTIFICATE_ALL_OK;
static const char *test_ca_certificate = TEST_CA_CERTIFICATE_ALL_OK;
static const char *test_private_key = TEST_PRIVATE_KEY_ALL_OK;
DDS_Security_ValidationResult_t validate_local_identity(
dds_security_authentication *instance,
DDS_Security_IdentityHandle *local_identity_handle,
@ -76,14 +81,17 @@ DDS_Security_ValidationResult_t validate_local_identity(
}
if( strcmp(identity_certificate, test_identity_certificate) != 0){
printf("identity received=%s\n", identity_certificate);
printf("identity expected=%s\n", test_identity_certificate);
result = DDS_SECURITY_VALIDATION_FAILED;
printf("FAILED: Could not get identity_certificate value properly\n");
}
else if( strcmp(identity_ca, test_ca_certificate) != 0){
printf("ca received=%s\n", identity_ca);
printf("ca expected=%s\n", test_ca_certificate);
printf("FAILED: Could not get identity_ca value properly\n");
result = DDS_SECURITY_VALIDATION_FAILED;
}else if( strcmp(private_key, test_privatekey) != 0){
}else if( strcmp(private_key, test_private_key) != 0){
printf("FAILED: Could not get private_key value properly\n");
result = DDS_SECURITY_VALIDATION_FAILED;
}

78
src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.h
View file

@ -9,6 +9,7 @@
#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_
#include "dds/security/authentication_all_ok_export.h"
#include "../../plugin_mock_common.h"
SECURITY_EXPORT int32_t
init_authentication(const char *argument, void **context);
@ -16,83 +17,6 @@ init_authentication(const char *argument, void **context);
SECURITY_EXPORT int32_t
finalize_authentication(void *context);
char *test_identity_certificate="data:,-----BEGIN CERTIFICATE-----\n\
MIIDYDCCAkigAwIBAgIBBDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\
MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\
aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\
Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowdTELMAkGA1UEBhMC\n\
TkwxCzAJBgNVBAgTAk9WMRAwDgYDVQQKEwdBRExpbmsgMREwDwYDVQQLEwhJU1Qg\n\
VGVzdDETMBEGA1UEAxMKQWxpY2UgVGVzdDEfMB0GCSqGSIb3DQEJARYQYWxpY2VA\n\
YWRsaW5rLmlzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBW+tEZ\n\
Baw7EQCEXyzH9n7IkZ8PQIKe8hG1LAOGYOF/oUYQZJO/HxbWoC4rFqOC20+A6is6\n\
kFwr1Zzp/Wurk9CrFXo5Nomi6ActH6LUM57nYqN68w6U38z/XkQxVY/ESZ5dySfD\n\
9Q1C8R+zdE8gwbimdYmwX7ioz336nghM2CoAHPDRthQeJupl8x4V7isOltr9CGx8\n\
+imJXbGr39OK6u87cNLeu23sUkOIC0lSRMIqIQK3oJtHS70J2qecXdqp9MhE7Xky\n\
/GPlI8ptQ1gJ8A3cAOvtI9mtMJMszs2EKWTLfeTcmfJHKKhKjvCgDdh3Jan4x5YP\n\
Yg7HG6H+ceOUkMMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkvuqZzyJ3Nu4/Eo5\n\
kD0nVgYGBUl7cspu+636q39zPSrxLEDMUWz+u8oXLpyGcgiZ8lZulPTV8dmOn+3C\n\
Vg55c5C+gbnbX3MDyb3wB17296RmxYf6YNul4sFOmj6+g2i+Dw9WH0PBCVKbA84F\n\
jR3Gx2Pfoifor3DvT0YFSsjNIRt090u4dQglbIb6cWEafC7O24t5jFhGPvJ7L9SE\n\
gB0Drh/HmKTVuaqaRkoOKkKaKuWoXsszK1ZFda1DHommnR5LpYPsDRQ2fVM4EuBF\n\
By03727uneuG8HLuNcLEV9H0i7LxtyfFkyCPUQvWG5jehb7xPOz/Ml26NAwwjlTJ\n\
xEEFrw==\n\
-----END CERTIFICATE-----";
char *test_ca_certificate="data:,-----BEGIN CERTIFICATE-----\n\
MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\
MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\
aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\
Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowcjELMAkGA1UEBhMC\n\
TkwxCzAJBgNVBAgTAk9WMRMwEQYDVQQKEwpBRExpbmsgSVNUMRkwFwYDVQQDExBJ\n\
ZGVudGl0eSBDQSBUZXN0MSYwJAYJKoZIhvcNAQkBFhdpbmZvQGlzdC5hZGxpbmt0\n\
ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa/ENFfGVXg\n\
bPLTzBdDfiZQcp5dWZ//Pb8ErFOJu8uosVHFv8t69dgjHgNHB4OsjmjnR7GfKUZT\n\
0cMvWJnjsC7DDlBwFET9rj4k40n96bbVCH9I7+tNhsoqzc6Eu+5h4sk7VfNGTM2Z\n\
SyCd4GiSZRuA44rRbhXI7/LDpr4hY5J9ZDo5AM9ZyoLAoh774H3CZWD67S35XvUs\n\
72dzE6uKG/vxBbvZ7eW2GLO6ewa9UxlnLVMPfJdpkp/xYXwwcPW2+2YXCge1ujxs\n\
tjrOQJ5HUySh6DkE/kZpx8zwYWm9AaCrsvCIX1thsqgvKy+U5v1FS1L58eGc6s//\n\
9yMgNhU29R0CAwEAAaOByTCBxjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRNVUJN\n\
FzhJPReYT4QSx6dK53CXCTAfBgNVHSMEGDAWgBRNVUJNFzhJPReYT4QSx6dK53CX\n\
CTAPBgNVHQ8BAf8EBQMDB/+AMGUGA1UdJQEB/wRbMFkGCCsGAQUFBwMBBggrBgEF\n\
BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkGCCsG\n\
AQUFBwMNBggrBgEFBQcDDgYHKwYBBQIDBTANBgkqhkiG9w0BAQsFAAOCAQEAcOLF\n\
ZYdJguj0uxeXB8v3xnUr1AWz9+gwg0URdfNLU2KvF2lsb/uznv6168b3/FcPgezN\n\
Ihl9GqB+RvGwgXS/1UelCGbQiIUdsNxk246P4uOGPIyW32RoJcYPWZcpY+cw11tQ\n\
NOnk994Y5/8ad1DmcxVLLqq5kwpXGWQufV1zOONq8B+mCvcVAmM4vkyF/de56Lwa\n\
sAMpk1p77uhaDnuq2lIR4q3QHX2wGctFid5Q375DRscFQteY01r/dtwBBrMn0wuL\n\
AMNx9ZGD+zAoOUaslpIlEQ+keAxk3jgGMWFMxF81YfhEnXzevSQXWpyek86XUyFL\n\
O9IAQi5pa15gXjSbUg==\n\
-----END CERTIFICATE-----";
char *test_privatekey = "data:,-----BEGIN RSA PRIVATE KEY-----\n\
MIIEowIBAAKCAQEA0Fb60RkFrDsRAIRfLMf2fsiRnw9Agp7yEbUsA4Zg4X+hRhBk\n\
k78fFtagLisWo4LbT4DqKzqQXCvVnOn9a6uT0KsVejk2iaLoBy0fotQznudio3rz\n\
DpTfzP9eRDFVj8RJnl3JJ8P1DULxH7N0TyDBuKZ1ibBfuKjPffqeCEzYKgAc8NG2\n\
FB4m6mXzHhXuKw6W2v0IbHz6KYldsavf04rq7ztw0t67bexSQ4gLSVJEwiohAreg\n\
m0dLvQnap5xd2qn0yETteTL8Y+Ujym1DWAnwDdwA6+0j2a0wkyzOzYQpZMt95NyZ\n\
8kcoqEqO8KAN2HclqfjHlg9iDscbof5x45SQwwIDAQABAoIBAG0dYPeqd0IhHWJ7\n\
8azufbchLMN1pX/D51xG2uptssfnpHuhkkufSZUYi4QipRS2ME6PYhWJ8pmTi6lH\n\
E6cUkbI0KGd/F4U2gPdhNrR9Fxwea5bbifkVF7Gx/ZkRjZJiZ3w9+mCNTQbJDKhh\n\
wITAzzT6WYznhvqbzzBX1fTa6kv0GAQtX7aHKM+XIwkhX2gzU5TU80bvH8aMrT05\n\
tAMGQqkUeRnpo0yucBl4VmTZzd/+X/d2UyXR0my15jE5iH5o+p+E6qTRE9D+MGUd\n\
MQ6Ftj0Untqy1lcog1ZLL6zPlnwcD4jgY5VCYDgvabnrSwymOJapPLsAEdWdq+U5\n\
ec44BMECgYEA/+3qPUrd4XxA517qO3fCGBvf2Gkr7w5ZDeATOTHGuD8QZeK0nxPl\n\
CWhRjdgkqo0fyf1cjczL5XgYayo+YxkO1Z4RUU+8lJAHlVx9izOQo+MTQfkwH4BK\n\
LYlHxMoHJwAOXXoE+dmBaDh5xT0mDUGU750r763L6EFovE4qRBn9hxkCgYEA0GWz\n\
rpOPNxb419WxG9npoQYdCZ5IbmEOGDH3ReggVzWHmW8sqtkqTZm5srcyDpqAc1Gu\n\
paUveMblEBbU+NFJjLWOfwB5PCp8jsrqRgCQSxolShiVkc3Vu3oyzMus9PDge1eo\n\
9mwVGO7ojQKWRu/WVAakENPaAjeyyhv4dqSNnjsCgYEAlwe8yszqoY1k8+U0T0G+\n\
HeIdOCXgkmOiNCj+zyrLvaEhuS6PLq1b5TBVqGJcSPWdQ+MrglbQIKu9pUg5ptt7\n\
wJ5WU+i9PeK9Ruxc/g/BFKYFkFJQjtZzb+nqm3wpul8zGwDN/O/ZiTqCyd3rHbmM\n\
/dZ/viKPCZHIEBAEq0m3LskCgYBndzcAo+5k8ZjWwBfQth5SfhCIp/daJgGzbYtR\n\
P/BenAsY2KOap3tjT8Fsw5usuHSxzIojX6H0Gvu7Qzq11mLn43Q+BeQrRQTWeFRc\n\
MQdy4iZFZXNNEp7dF8yE9VKHwdgSJPGUdxD6chMvf2tRCN6mlS171VLV6wVvZvez\n\
H/vX5QKBgD2Dq/NHpjCpAsECP9awmNF5Akn5WJbRGmegwXIih2mOtgtYYDeuQyxY\n\
ZCrdJFfIUjUVPagshEmUklKhkYMYpzy2PQDVtaVcm6UNFroxT5h+J+KDs1LN1H8G\n\
LsASrzyAg8EpRulwXEfLrWKiu9DKv8bMEgO4Ovgz8zTKJZIFhcac\n\
-----END RSA PRIVATE KEY-----";
DDS_Security_ValidationResult_t
validate_local_identity(
dds_security_authentication *instance,

98
src/security/core/tests/plugin_loading/plugin_mock_common.h Normal file
View file

@ -0,0 +1,98 @@
/*
* Copyright(c) 2006 to 2019 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifndef PLUGIN_MOCK_COMMON_H_
#define PLUGIN_MOCK_COMMON_H_
#define TEST_IDENTITY_CERTIFICATE_ALL_OK "testtext_IdentityCertificate_testtext"
#define TEST_CA_CERTIFICATE_ALL_OK "testtext_IdentityCA_testtext"
#define TEST_PRIVATE_KEY_ALL_OK "testtext_PrivateKey_testtext"
#define TEST_IDENTITY_CERTIFICATE "data:,-----BEGIN CERTIFICATE-----\n\
MIIDYDCCAkigAwIBAgIBBDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\
MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\
aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\
Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowdTELMAkGA1UEBhMC\n\
TkwxCzAJBgNVBAgTAk9WMRAwDgYDVQQKEwdBRExpbmsgMREwDwYDVQQLEwhJU1Qg\n\
VGVzdDETMBEGA1UEAxMKQWxpY2UgVGVzdDEfMB0GCSqGSIb3DQEJARYQYWxpY2VA\n\
YWRsaW5rLmlzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBW+tEZ\n\
Baw7EQCEXyzH9n7IkZ8PQIKe8hG1LAOGYOF/oUYQZJO/HxbWoC4rFqOC20+A6is6\n\
kFwr1Zzp/Wurk9CrFXo5Nomi6ActH6LUM57nYqN68w6U38z/XkQxVY/ESZ5dySfD\n\
9Q1C8R+zdE8gwbimdYmwX7ioz336nghM2CoAHPDRthQeJupl8x4V7isOltr9CGx8\n\
+imJXbGr39OK6u87cNLeu23sUkOIC0lSRMIqIQK3oJtHS70J2qecXdqp9MhE7Xky\n\
/GPlI8ptQ1gJ8A3cAOvtI9mtMJMszs2EKWTLfeTcmfJHKKhKjvCgDdh3Jan4x5YP\n\
Yg7HG6H+ceOUkMMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkvuqZzyJ3Nu4/Eo5\n\
kD0nVgYGBUl7cspu+636q39zPSrxLEDMUWz+u8oXLpyGcgiZ8lZulPTV8dmOn+3C\n\
Vg55c5C+gbnbX3MDyb3wB17296RmxYf6YNul4sFOmj6+g2i+Dw9WH0PBCVKbA84F\n\
jR3Gx2Pfoifor3DvT0YFSsjNIRt090u4dQglbIb6cWEafC7O24t5jFhGPvJ7L9SE\n\
gB0Drh/HmKTVuaqaRkoOKkKaKuWoXsszK1ZFda1DHommnR5LpYPsDRQ2fVM4EuBF\n\
By03727uneuG8HLuNcLEV9H0i7LxtyfFkyCPUQvWG5jehb7xPOz/Ml26NAwwjlTJ\n\
xEEFrw==\n\
-----END CERTIFICATE-----"
#define TEST_CA_CERTIFICATE_ALL "data:,-----BEGIN CERTIFICATE-----\n\
MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\
MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\
aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\
Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowcjELMAkGA1UEBhMC\n\
TkwxCzAJBgNVBAgTAk9WMRMwEQYDVQQKEwpBRExpbmsgSVNUMRkwFwYDVQQDExBJ\n\
ZGVudGl0eSBDQSBUZXN0MSYwJAYJKoZIhvcNAQkBFhdpbmZvQGlzdC5hZGxpbmt0\n\
ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa/ENFfGVXg\n\
bPLTzBdDfiZQcp5dWZ//Pb8ErFOJu8uosVHFv8t69dgjHgNHB4OsjmjnR7GfKUZT\n\
0cMvWJnjsC7DDlBwFET9rj4k40n96bbVCH9I7+tNhsoqzc6Eu+5h4sk7VfNGTM2Z\n\
SyCd4GiSZRuA44rRbhXI7/LDpr4hY5J9ZDo5AM9ZyoLAoh774H3CZWD67S35XvUs\n\
72dzE6uKG/vxBbvZ7eW2GLO6ewa9UxlnLVMPfJdpkp/xYXwwcPW2+2YXCge1ujxs\n\
tjrOQJ5HUySh6DkE/kZpx8zwYWm9AaCrsvCIX1thsqgvKy+U5v1FS1L58eGc6s//\n\
9yMgNhU29R0CAwEAAaOByTCBxjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRNVUJN\n\
FzhJPReYT4QSx6dK53CXCTAfBgNVHSMEGDAWgBRNVUJNFzhJPReYT4QSx6dK53CX\n\
CTAPBgNVHQ8BAf8EBQMDB/+AMGUGA1UdJQEB/wRbMFkGCCsGAQUFBwMBBggrBgEF\n\
BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkGCCsG\n\
AQUFBwMNBggrBgEFBQcDDgYHKwYBBQIDBTANBgkqhkiG9w0BAQsFAAOCAQEAcOLF\n\
ZYdJguj0uxeXB8v3xnUr1AWz9+gwg0URdfNLU2KvF2lsb/uznv6168b3/FcPgezN\n\
Ihl9GqB+RvGwgXS/1UelCGbQiIUdsNxk246P4uOGPIyW32RoJcYPWZcpY+cw11tQ\n\
NOnk994Y5/8ad1DmcxVLLqq5kwpXGWQufV1zOONq8B+mCvcVAmM4vkyF/de56Lwa\n\
sAMpk1p77uhaDnuq2lIR4q3QHX2wGctFid5Q375DRscFQteY01r/dtwBBrMn0wuL\n\
AMNx9ZGD+zAoOUaslpIlEQ+keAxk3jgGMWFMxF81YfhEnXzevSQXWpyek86XUyFL\n\
O9IAQi5pa15gXjSbUg==\n\
-----END CERTIFICATE-----"
#define TEST_PRIVATE_KEY_ALL "data:,-----BEGIN RSA PRIVATE KEY-----\n\
MIIEowIBAAKCAQEA0Fb60RkFrDsRAIRfLMf2fsiRnw9Agp7yEbUsA4Zg4X+hRhBk\n\
k78fFtagLisWo4LbT4DqKzqQXCvVnOn9a6uT0KsVejk2iaLoBy0fotQznudio3rz\n\
DpTfzP9eRDFVj8RJnl3JJ8P1DULxH7N0TyDBuKZ1ibBfuKjPffqeCEzYKgAc8NG2\n\
FB4m6mXzHhXuKw6W2v0IbHz6KYldsavf04rq7ztw0t67bexSQ4gLSVJEwiohAreg\n\
m0dLvQnap5xd2qn0yETteTL8Y+Ujym1DWAnwDdwA6+0j2a0wkyzOzYQpZMt95NyZ\n\
8kcoqEqO8KAN2HclqfjHlg9iDscbof5x45SQwwIDAQABAoIBAG0dYPeqd0IhHWJ7\n\
8azufbchLMN1pX/D51xG2uptssfnpHuhkkufSZUYi4QipRS2ME6PYhWJ8pmTi6lH\n\
E6cUkbI0KGd/F4U2gPdhNrR9Fxwea5bbifkVF7Gx/ZkRjZJiZ3w9+mCNTQbJDKhh\n\
wITAzzT6WYznhvqbzzBX1fTa6kv0GAQtX7aHKM+XIwkhX2gzU5TU80bvH8aMrT05\n\
tAMGQqkUeRnpo0yucBl4VmTZzd/+X/d2UyXR0my15jE5iH5o+p+E6qTRE9D+MGUd\n\
MQ6Ftj0Untqy1lcog1ZLL6zPlnwcD4jgY5VCYDgvabnrSwymOJapPLsAEdWdq+U5\n\
ec44BMECgYEA/+3qPUrd4XxA517qO3fCGBvf2Gkr7w5ZDeATOTHGuD8QZeK0nxPl\n\
CWhRjdgkqo0fyf1cjczL5XgYayo+YxkO1Z4RUU+8lJAHlVx9izOQo+MTQfkwH4BK\n\
LYlHxMoHJwAOXXoE+dmBaDh5xT0mDUGU750r763L6EFovE4qRBn9hxkCgYEA0GWz\n\
rpOPNxb419WxG9npoQYdCZ5IbmEOGDH3ReggVzWHmW8sqtkqTZm5srcyDpqAc1Gu\n\
paUveMblEBbU+NFJjLWOfwB5PCp8jsrqRgCQSxolShiVkc3Vu3oyzMus9PDge1eo\n\
9mwVGO7ojQKWRu/WVAakENPaAjeyyhv4dqSNnjsCgYEAlwe8yszqoY1k8+U0T0G+\n\
HeIdOCXgkmOiNCj+zyrLvaEhuS6PLq1b5TBVqGJcSPWdQ+MrglbQIKu9pUg5ptt7\n\
wJ5WU+i9PeK9Ruxc/g/BFKYFkFJQjtZzb+nqm3wpul8zGwDN/O/ZiTqCyd3rHbmM\n\
/dZ/viKPCZHIEBAEq0m3LskCgYBndzcAo+5k8ZjWwBfQth5SfhCIp/daJgGzbYtR\n\
P/BenAsY2KOap3tjT8Fsw5usuHSxzIojX6H0Gvu7Qzq11mLn43Q+BeQrRQTWeFRc\n\
MQdy4iZFZXNNEp7dF8yE9VKHwdgSJPGUdxD6chMvf2tRCN6mlS171VLV6wVvZvez\n\
H/vX5QKBgD2Dq/NHpjCpAsECP9awmNF5Akn5WJbRGmegwXIih2mOtgtYYDeuQyxY\n\
ZCrdJFfIUjUVPagshEmUklKhkYMYpzy2PQDVtaVcm6UNFroxT5h+J+KDs1LN1H8G\n\
LsASrzyAg8EpRulwXEfLrWKiu9DKv8bMEgO4Ovgz8zTKJZIFhcac\n\
-----END RSA PRIVATE KEY-----"
#endif

81
src/security/core/tests/plugin_loading/security_config.c
View file

@ -21,6 +21,7 @@
#include "dds/ddsrt/heap.h"
#include "dds/ddsi/q_misc.h"
#include "dds/ddsi/ddsi_xqos.h"
#include "plugin_mock_common.h"
#include "dds/security/dds_security_api_defs.h"
@ -50,9 +51,9 @@
"0:\"dds.sec.access.library.path\":\""ac"\"," \
"0:\"dds.sec.access.library.init\":\"init_access_control\"," \
"0:\"dds.sec.access.library.finalize\":\"finalize_access_control\"," \
"0:\"dds.sec.auth.identity_ca\":\"testtext_IdentityCA_testtext\"," \
"0:\"dds.sec.auth.private_key\":\"testtext_PrivateKey_testtext\"," \
"0:\"dds.sec.auth.identity_certificate\":\"testtext_IdentityCertificate_testtext\"," \
"0:\"dds.sec.auth.identity_ca\":\"" TEST_CA_CERTIFICATE_ALL_OK "\"," \
"0:\"dds.sec.auth.private_key\":\"" TEST_PRIVATE_KEY_ALL_OK "\"," \
"0:\"dds.sec.auth.identity_certificate\":\"" TEST_IDENTITY_CERTIFICATE_ALL_OK "\"," \
"0:\"dds.sec.access.permissions_ca\":\"file:Permissions_CA.pem\"," \
"0:\"dds.sec.access.governance\":\"file:Governance.p7s\"," \
"0:\"dds.sec.access.permissions\":\"file:Permissions.p7s\"" \
@ -206,9 +207,9 @@ CU_Test(ddsc_security_config, all, .init = ddsrt_init, .fini = ddsrt_fini)
"config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_CA_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_PRIVATE_KEY_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
@ -233,9 +234,9 @@ CU_Test(ddsc_security_config, all, .init = ddsrt_init, .fini = ddsrt_fini)
" <DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" <Password>testtext_Password_testtext</Password>"
" <TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
" </Authentication>"
@ -281,9 +282,9 @@ CU_Test(ddsc_security_config, security, .init = ddsrt_init, .fini = ddsrt_fini)
"config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_CA_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_PRIVATE_KEY_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/Password/#text: {}*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: {}*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
@ -307,9 +308,9 @@ CU_Test(ddsc_security_config, security, .init = ddsrt_init, .fini = ddsrt_fini)
"<DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" </Authentication>"
" <Cryptographic>"
" "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok")
@ -351,9 +352,9 @@ CU_Test(ddsc_security_config, deprecated, .init = ddsrt_init, .fini = ddsrt_fini
"config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_CA_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_PRIVATE_KEY_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
@ -378,9 +379,9 @@ CU_Test(ddsc_security_config, deprecated, .init = ddsrt_init, .fini = ddsrt_fini
" <DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" <Password>testtext_Password_testtext</Password>"
" <TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
" </Authentication>"
@ -448,9 +449,9 @@ CU_Test(ddsc_security_config, qos, .init = ddsrt_init, .fini = ddsrt_fini)
dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")"");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_CA_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_PRIVATE_KEY_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s");
@ -494,6 +495,7 @@ CU_Test(ddsc_security_config, qos_props, .init = ddsrt_init, .fini = ddsrt_fini)
PARTICIPANT_QOS_ALL_OK to work, the order must match that one */
unsigned char bvalue[3] = { 0x01, 0x02, 0x03 };
CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL);
dds_qset_prop(qos, "dds.sec.auth.library.path", ""MOCKLIB_PATH("dds_security_authentication_all_ok")"");
dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication");
dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication");
@ -503,9 +505,9 @@ CU_Test(ddsc_security_config, qos_props, .init = ddsrt_init, .fini = ddsrt_fini)
dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")"");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_CA_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_PRIVATE_KEY_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s");
@ -514,7 +516,6 @@ CU_Test(ddsc_security_config, qos_props, .init = ddsrt_init, .fini = ddsrt_fini)
dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext");
dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext");
dds_qset_bprop(qos, "test.bprop1", bvalue, 3);
/* Create participant with security config in qos. */
@ -546,9 +547,9 @@ CU_Test(ddsc_security_config, config_qos, .init = ddsrt_init, .fini = ddsrt_fini
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
" <Authentication>"
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" </Authentication>"
" <AccessControl>"
" <Governance>file:Governance.p7s</Governance>"
@ -572,9 +573,9 @@ CU_Test(ddsc_security_config, config_qos, .init = ddsrt_init, .fini = ddsrt_fini
dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")"");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_CA_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_PRIVATE_KEY_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s");
@ -614,9 +615,9 @@ CU_Test(ddsc_security_config, other_prop, .init = ddsrt_init, .fini = ddsrt_fini
"<DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" <Password>testtext_Password_testtext</Password>"
" <TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
" </Authentication>"
@ -685,9 +686,9 @@ CU_Test(ddsc_security_config, qos_invalid, .init = ddsrt_init, .fini = ddsrt_fin
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
" <Authentication>"
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" </Authentication>"
" <AccessControl>"
" <Governance>file:Governance.p7s</Governance>"

69
src/security/core/tests/tc_fsm.c
View file

@ -369,16 +369,19 @@ static const uint32_t TransitionsSize = sizeof(Transitions)/sizeof(Transitions[0
**********************************************************************/
typedef enum {
eventToTimeout, eventToEnd,
eventToTimeout, eventToInterupt, eventToEnd,
} timeout_events;
struct fsm_timeout_arg {
int id;
};
static struct dds_security_fsm *fsm_timeout;
static uint32_t visited_timeout = 0;
static uint32_t correct_fsm_timeout = 0;
static uint32_t correct_arg_timeout = 0;
static ddsrt_cond_t stop_timeout_cond;
static ddsrt_mutex_t stop_timeout_cond_mutex;
static uint32_t stop_timeout_cond_cnt = 0;
static struct fsm_timeout_arg fsm_arg = { .id = FSM_AUTH_ARG };
/* The functions called from the state-machine. */
static void doInterupt(struct dds_security_fsm *fsm, void *arg)
@ -393,24 +396,15 @@ static void doInterupt(struct dds_security_fsm *fsm, void *arg)
static void doTimeout(struct dds_security_fsm *fsm, void *arg)
{
dds_duration_t delay4 = 4 * DDS_NSECS_IN_SEC;
DDSRT_UNUSED_ARG(arg);
if (DB_TC_PRINT_DEBUG) {
printf("Transition >>>> %s %d\n", __FUNCTION__, stop_timeout_cond_cnt);
printf("Transition >>>> %s\n", __FUNCTION__);
}
visited_timeout |= 1UL << 1;
stop_timeout_cond_cnt++;
ddsrt_mutex_lock(&stop_timeout_cond_mutex);
(void) ddsrt_cond_waitfor(&stop_timeout_cond, &stop_timeout_cond_mutex,
delay4);
ddsrt_mutex_unlock(&stop_timeout_cond_mutex);
stop_timeout_cond_cnt--;
if (DB_TC_PRINT_DEBUG) {
printf("Transition <<<< %s %d\n", __FUNCTION__, stop_timeout_cond_cnt);
printf("Transition <<<< %s\n", __FUNCTION__);
}
dds_security_fsm_dispatch(fsm, eventToTimeout, false);
@ -418,7 +412,7 @@ static void doTimeout(struct dds_security_fsm *fsm, void *arg)
static void TimeoutCallback(struct dds_security_fsm *fsm, void *arg)
{
int *fsm_arg;
struct fsm_timeout_arg *farg = arg;
if (DB_TC_PRINT_DEBUG) {
printf("TimeoutCallback\n");
@ -426,10 +420,8 @@ static void TimeoutCallback(struct dds_security_fsm *fsm, void *arg)
visited_timeout |= 1UL << 2;
if (arg != NULL) {
fsm_arg = (int *) arg;
if (*fsm_arg == FSM_AUTH_ARG) {
if (farg != NULL) {
if (farg->id == FSM_AUTH_ARG) {
correct_arg_timeout = 1;
} else {
correct_arg_timeout = 0;
@ -452,14 +444,17 @@ static void TimeoutCallback2(struct dds_security_fsm *fsm, void *arg)
visited_timeout |= 1UL << 3;
}
static dds_security_fsm_state StateTimeout = {doTimeout, 0};static int fsm_arg = FSM_AUTH_ARG;
static dds_security_fsm_state StateInitial = {doTimeout, 0};
static dds_security_fsm_state StateWaitTimeout = {NULL, DDS_SECS(4)};
static dds_security_fsm_state StateInterupt = {doInterupt, 0};
static dds_security_fsm_state StateInterupt = {doInterupt, 0};
static const dds_security_fsm_transition TimeoutTransitions[] = {
{NULL, DDS_SECURITY_FSM_EVENT_AUTO, NULL, &StateTimeout}, // NULL state is the start state
{&StateTimeout, eventToTimeout, NULL, &StateInterupt},
{&StateInterupt,eventToEnd, NULL, NULL}, // Reaching NULL means end of state-diagram
{NULL, DDS_SECURITY_FSM_EVENT_AUTO, NULL, &StateInitial}, // NULL state is the start state
{&StateInitial, eventToTimeout, NULL, &StateWaitTimeout},
{&StateWaitTimeout, DDS_SECURITY_FSM_EVENT_TIMEOUT, NULL, &StateInterupt},
{&StateWaitTimeout, eventToInterupt, NULL, &StateInterupt},
{&StateInterupt, eventToEnd, NULL, NULL}, // Reaching NULL means end of state-diagram
};
static const uint32_t TimeoutTransitionsSize = sizeof(TimeoutTransitions)/sizeof(TimeoutTransitions[0]);
@ -541,16 +536,10 @@ static void fsm_control_init(void)
rc = dds_security_fsm_control_start (g_fsm_control, NULL);
CU_ASSERT_FATAL(rc == 0);
ddsrt_mutex_init(&stop_timeout_cond_mutex);
ddsrt_cond_init(&stop_timeout_cond);
}
static void fsm_control_fini(void)
{
ddsrt_cond_destroy(&stop_timeout_cond);
ddsrt_mutex_destroy(&stop_timeout_cond_mutex);
dds_security_fsm_control_stop(g_fsm_control);
dds_security_fsm_control_free(g_fsm_control);
@ -697,12 +686,10 @@ CU_Test(ddssec_fsm, timeout, .init = fsm_control_init, .fini = fsm_control_fini)
timeout--;
}
CU_ASSERT(timeout > 0);
CU_ASSERT(
CHECK_BIT(visited_timeout, 0) && CHECK_BIT(visited_timeout, 1) && CHECK_BIT(visited_timeout, 2));
CU_ASSERT(CHECK_BIT(visited_timeout, 0) && CHECK_BIT(visited_timeout, 1) && CHECK_BIT(visited_timeout, 2));
CU_ASSERT(correct_arg_timeout && correct_fsm_timeout);
dds_security_fsm_free(fsm_timeout);
}
/**
@ -740,10 +727,6 @@ CU_Test(ddssec_fsm, double_timeout, .init = fsm_control_init, .fini = fsm_contro
CU_ASSERT(CHECK_BIT(visited_timeout, 3));
dds_security_fsm_free(fsm_timeout);
dds_security_fsm_free(fsm_timeout2);
ddsrt_mutex_lock(&stop_timeout_cond_mutex);
ddsrt_cond_signal(&stop_timeout_cond);
ddsrt_mutex_unlock(&stop_timeout_cond_mutex);
}
/**
@ -840,15 +823,5 @@ CU_Test(ddssec_fsm, delete_with_timeout, .init = fsm_control_init, .fini = fsm_c
}
dds_security_fsm_free(fsm_timeout);
dds_sleepfor(100 * DDS_NSECS_IN_MSEC);
/* Just for safety to be certain that the condition isn't used anymore before destroying it. */
while (stop_timeout_cond_cnt > 0) {
dds_time_t d = DDS_NSECS_IN_SEC;
ddsrt_cond_signal(&stop_timeout_cond);
dds_sleepfor(d);
}
}