niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add security authentication handshake and encoding and decoding

Browse source 
Signed-off-by: Marcel Jordense <marcel.jordense@adlinktech.com>
This commit is contained in:
Marcel Jordense 2019-11-22 17:50:35 +01:00 committed by eboasson
parent 1c77aad39c
commit 4960fbf94c
48 changed files with 7473 additions and 1539 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/security/builtin_plugins/access_control/src/access_control_parser.c
View file

@ -958,8 +958,10 @@ static int permissions_element_open_cb(void *varg, uintptr_t parentinfo, uintptr
{
parser->current = new_element(ELEMENT_KIND_IGNORED, parser->current, sizeof(struct element));
/*if this is the first element in the IGNORED branch, then give warning for the user*/
#if 0
if (parser->current->parent->kind != ELEMENT_KIND_IGNORED)
printf("Warning: Unsupported element \"%s\" has been ignored in permissions file.\n", name);
#endif
}
else
{

3
src/security/builtin_plugins/authentication/src/auth_utils.c
View file

@ -1225,7 +1225,8 @@ get_trusted_ca_list ( const char* trusted_ca_dir,
if( loading_result == DDS_SECURITY_VALIDATION_OK ){
ca_buffer_array[ca_buffer_array_size] = identityCA;
ca_buffer_array_size++;
} else {
DDS_Security_Exception_reset(ex);
}
}
}

590
src/security/builtin_plugins/authentication/src/authentication.c
View file

File diff suppressed because it is too large Load diff

73
src/security/builtin_plugins/cryptographic/src/crypto_key_exchange.c
View file

@ -71,21 +71,35 @@ static bool check_not_data_empty(const DDS_Security_OctetSeq *seq)
return false;
}
static bool check_crypto_keymaterial(const DDS_Security_KeyMaterial_AES_GCM_GMAC *keymat)
static bool check_crypto_keymaterial(
const dds_security_crypto_key_exchange_impl *impl,
const DDS_Security_KeyMaterial_AES_GCM_GMAC *keymat,
const int64_t handle)
{
bool status;
bool status = false;
uint32_t transform_kind = CRYPTO_TRANSFORM_KIND(keymat->transformation_kind);
uint32_t key_sz = CRYPTO_KEY_SIZE_BYTES(transform_kind);
status = (transform_kind >= CRYPTO_TRANSFORMATION_KIND_AES128_GMAC && transform_kind <= CRYPTO_TRANSFORMATION_KIND_AES256_GCM &&
keymat->master_salt._length == key_sz && keymat->master_salt._buffer != NULL && check_not_data_empty(&keymat->master_salt) &&
keymat->master_sender_key._length == key_sz && keymat->master_sender_key._buffer != NULL && check_not_data_empty(&keymat->master_sender_key));
if (status && CRYPTO_TRANSFORM_ID(keymat->receiver_specific_key_id))
if (transform_kind != CRYPTO_TRANSFORMATION_KIND_NONE)
{
status = (keymat->master_receiver_specific_key._length == key_sz &&
keymat->master_receiver_specific_key._buffer != NULL && check_not_data_empty(&keymat->master_receiver_specific_key));
status = (transform_kind <= CRYPTO_TRANSFORMATION_KIND_AES256_GCM &&
keymat->master_salt._length == key_sz && keymat->master_salt._buffer != NULL && check_not_data_empty(&keymat->master_salt) &&
keymat->master_sender_key._length == key_sz && keymat->master_sender_key._buffer != NULL && check_not_data_empty(&keymat->master_sender_key));
if (status && CRYPTO_TRANSFORM_ID(keymat->receiver_specific_key_id))
{
status = (keymat->master_receiver_specific_key._length == key_sz &&
keymat->master_receiver_specific_key._buffer != NULL && check_not_data_empty(&keymat->master_receiver_specific_key));
}
}
else
{
const dds_security_crypto_key_factory *factory;
DDS_Security_ProtectionKind kind;
factory = cryptography_get_crypto_key_factory(impl->crypto);
if (crypto_factory_get_protection_kind(factory, handle, &kind))
status = (kind == DDS_SECURITY_PROTECTION_KIND_NONE);
}
return status;
@ -179,12 +193,34 @@ create_local_participant_crypto_tokens(
tokens->_buffer[0].binary_properties._buffer[0].value._length =
tokens->_buffer[0].binary_properties._buffer[0].value._maximum = length;
tokens->_buffer[0].binary_properties._buffer[0].value._buffer = buffer;
tokens->_buffer[0].binary_properties._buffer[0].propagate = true;
return true;
fail_invalid_arg:
return false;
}
static DDS_Security_boolean
allow_empty_tokens(
const dds_security_crypto_key_exchange_impl *impl,
const DDS_Security_ParticipantCryptoTokenSeq *tokens,
const int64_t handle)
{
const dds_security_crypto_key_factory *factory;
DDS_Security_ProtectionKind kind;
if (tokens->_length > 0)
return false;
factory = cryptography_get_crypto_key_factory(impl->crypto);
if (crypto_factory_get_protection_kind(factory, handle, &kind))
return (kind == DDS_SECURITY_PROTECTION_KIND_NONE);
return false;
}
static DDS_Security_boolean
set_remote_participant_crypto_tokens(
dds_security_crypto_key_exchange *instance,
@ -207,6 +243,9 @@ set_remote_participant_crypto_tokens(
return false;
}
if (allow_empty_tokens(impl, tokens, remote_id))
return true;
if (!check_crypto_tokens(tokens))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_ARGUMENT_CODE, 0,
@ -229,7 +268,7 @@ set_remote_participant_crypto_tokens(
"set_remote_participant_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
result = false;
}
else if (!check_crypto_keymaterial(&remote_key_mat))
else if (!check_crypto_keymaterial(impl, &remote_key_mat, remote_id))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_CODE, 0,
"set_remote_participant_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
@ -290,6 +329,7 @@ create_local_datawriter_crypto_tokens(
tokens->_buffer[i].binary_properties._buffer[0].value._length =
tokens->_buffer[i].binary_properties._buffer[0].value._maximum = length;
tokens->_buffer[i].binary_properties._buffer[0].value._buffer = buffer;
tokens->_buffer[i].binary_properties._buffer[0].propagate = true;
CRYPTO_OBJECT_RELEASE(key_mat[i]);
}
@ -317,6 +357,9 @@ set_remote_datawriter_crypto_tokens(
return false;
}
if (allow_empty_tokens(impl, tokens, remote_writer_handle))
return true;
if (!check_crypto_tokens(tokens))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_ARGUMENT_CODE, 0,
@ -347,7 +390,7 @@ set_remote_datawriter_crypto_tokens(
"set_remote_datawriter_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
result = false;
}
else if (!check_crypto_keymaterial(&remote_key_mat[i]))
else if (!check_crypto_keymaterial(impl, &remote_key_mat[i], remote_writer_handle))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_CODE, 0,
"set_remote_datawriter_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
@ -409,6 +452,7 @@ create_local_datareader_crypto_tokens(
tokens->_buffer[0].binary_properties._buffer[0].value._length =
tokens->_buffer[0].binary_properties._buffer[0].value._maximum = length;
tokens->_buffer[0].binary_properties._buffer[0].value._buffer = buffer;
tokens->_buffer[0].binary_properties._buffer[0].propagate = true;
CRYPTO_OBJECT_RELEASE(key_mat);
}
@ -444,6 +488,9 @@ set_remote_datareader_crypto_tokens(
return false;
}
if (allow_empty_tokens(impl, tokens, remote_reader_handle))
return true;
if (!check_crypto_tokens(tokens))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_ARGUMENT_CODE, 0,
@ -466,7 +513,7 @@ set_remote_datareader_crypto_tokens(
"set_remote_datareader_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
result = false;
}
else if (!check_crypto_keymaterial(&remote_key_mat))
else if (!check_crypto_keymaterial(impl, &remote_key_mat, remote_reader_handle))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_CODE, 0,
"set_remote_datareader_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);

105
src/security/builtin_plugins/cryptographic/src/crypto_key_factory.c
View file

@ -245,6 +245,7 @@ remove_relation_from_keymaterial(
CryptoObject *remote_crypto)
{
endpoint_relation *relation;
relation = crypto_endpoint_relation_find_by_crypto(key_material->endpoint_relations, local_crypto, remote_crypto);
if (relation)
{
@ -258,24 +259,21 @@ remove_remote_writer_relation(
dds_security_crypto_key_factory_impl *implementation,
remote_datawriter_crypto *remote_writer)
{
local_datareader_crypto *local_reader;
remote_participant_crypto *remote_participant;
participant_key_material *key_material;
DDSRT_UNUSED_ARG(implementation);
assert(remote_writer);
remote_participant = remote_writer->participant;
assert(remote_participant);
local_reader = (local_datareader_crypto *)crypto_object_table_find(implementation->crypto_objects, remote_writer->local_reader_handle);
if (local_reader)
key_material = (participant_key_material *)crypto_object_table_find(
remote_participant->key_material, CRYPTO_OBJECT_HANDLE(remote_writer->local_reader->participant));
if (key_material)
{
key_material = (participant_key_material *)crypto_object_table_find(
remote_participant->key_material, CRYPTO_OBJECT_HANDLE(local_reader->participant));
if (key_material)
{
remove_relation_from_keymaterial(key_material, (CryptoObject *)local_reader, (CryptoObject *)remote_writer);
CRYPTO_OBJECT_RELEASE(key_material);
}
CRYPTO_OBJECT_RELEASE(local_reader);
remove_relation_from_keymaterial(key_material, (CryptoObject *)remote_writer->local_reader, (CryptoObject *)remote_writer);
CRYPTO_OBJECT_RELEASE(key_material);
}
}
@ -284,24 +282,21 @@ remove_remote_reader_relation(
dds_security_crypto_key_factory_impl *implementation,
remote_datareader_crypto *remote_reader)
{
local_datawriter_crypto *local_writer;
remote_participant_crypto *remote_participant;
participant_key_material *key_material;
DDSRT_UNUSED_ARG(implementation);
assert(remote_reader);
remote_participant = remote_reader->participant;
assert(remote_participant);
local_writer = (local_datawriter_crypto *)crypto_object_table_find(implementation->crypto_objects, remote_reader->local_writer_handle);
if (local_writer)
key_material = (participant_key_material *)crypto_object_table_find(
remote_participant->key_material, CRYPTO_OBJECT_HANDLE(remote_reader->local_writer->participant));
if (key_material)
{
key_material = (participant_key_material *)crypto_object_table_find(
remote_participant->key_material, CRYPTO_OBJECT_HANDLE(local_writer->participant));
if (key_material)
{
remove_relation_from_keymaterial(key_material, (CryptoObject *)local_writer, (CryptoObject *)remote_reader);
CRYPTO_OBJECT_RELEASE(key_material);
}
CRYPTO_OBJECT_RELEASE(local_writer);
remove_relation_from_keymaterial(key_material, (CryptoObject *)remote_reader->local_writer, (CryptoObject *)remote_reader);
CRYPTO_OBJECT_RELEASE(key_material);
}
}
@ -562,6 +557,7 @@ register_local_datawriter(
crypto_object_table_insert(implementation->crypto_objects, (CryptoObject *)writer_crypto);
CRYPTO_OBJECT_RELEASE(participant_crypto);
CRYPTO_OBJECT_RELEASE(writer_crypto);
return writer_crypto->_parent.handle;
err_random_generation:
@ -619,7 +615,7 @@ register_matched_remote_datareader(
data_protectionKind = local_writer->data_protectionKind;
metadata_protectionKind = local_writer->metadata_protectionKind;
reader_crypto = crypto_remote_datareader_crypto__new(remote_participant, metadata_protectionKind, data_protectionKind, local_datawriter_crypto_handle);
reader_crypto = crypto_remote_datareader_crypto__new(remote_participant, metadata_protectionKind, data_protectionKind, local_writer);
/* check if the writer is BuiltinParticipantVolatileMessageSecureWriter */
if (local_writer->is_builtin_participant_volatile_message_secure_writer)
@ -667,6 +663,7 @@ register_matched_remote_datareader(
CRYPTO_OBJECT_RELEASE(remote_participant);
CRYPTO_OBJECT_RELEASE(local_writer);
CRYPTO_OBJECT_RELEASE(reader_crypto);
return DATAREADER_CRYPTO_HANDLE(reader_crypto);
err_random_generation:
@ -736,6 +733,7 @@ register_local_datareader(
crypto_object_table_insert(implementation->crypto_objects, (CryptoObject *)reader_crypto);
CRYPTO_OBJECT_RELEASE(participant_crypto);
CRYPTO_OBJECT_RELEASE(reader_crypto);
return DATAREADER_CRYPTO_HANDLE(reader_crypto);
err_random_generation:
@ -786,8 +784,7 @@ register_matched_remote_datawriter(
goto err_invalid_parameter;
}
writer_crypto = crypto_remote_datawriter_crypto__new(remote_participant, local_reader->metadata_protectionKind,
local_reader->data_protectionKind, local_datareader_crypto_handle);
writer_crypto = crypto_remote_datawriter_crypto__new(remote_participant, local_reader->metadata_protectionKind, local_reader->data_protectionKind, local_reader);
/* check if the writer is BuiltinParticipantVolatileMessageSecureWriter */
if (local_reader->is_builtin_participant_volatile_message_secure_reader)
@ -833,6 +830,7 @@ register_matched_remote_datawriter(
CRYPTO_OBJECT_RELEASE(remote_participant);
CRYPTO_OBJECT_RELEASE(local_reader);
CRYPTO_OBJECT_RELEASE(writer_crypto);
return DATAREADER_CRYPTO_HANDLE(writer_crypto);
err_random_generation:
@ -983,6 +981,51 @@ void dds_security_crypto_key_factory__dealloc(dds_security_crypto_key_factory *i
ddsrt_free(implementation);
}
bool
crypto_factory_get_protection_kind(
const dds_security_crypto_key_factory *factory,
int64_t handle,
DDS_Security_ProtectionKind *kind)
{
const dds_security_crypto_key_factory_impl *impl = (const dds_security_crypto_key_factory_impl *)factory;
CryptoObject *obj;
bool result = true;
obj = crypto_object_table_find(impl->crypto_objects, handle);
if (!obj)
{
return false;
}
switch (obj->kind)
{
case CRYPTO_OBJECT_KIND_LOCAL_CRYPTO:
*kind = ((local_participant_crypto *)obj)->rtps_protection_kind;
break;
case CRYPTO_OBJECT_KIND_REMOTE_CRYPTO:
*kind = ((remote_participant_crypto *)obj)->rtps_protection_kind;
break;
case CRYPTO_OBJECT_KIND_LOCAL_WRITER_CRYPTO:
*kind = ((local_datawriter_crypto *)obj)->metadata_protectionKind;
break;
case CRYPTO_OBJECT_KIND_REMOTE_WRITER_CRYPTO:
*kind = ((remote_datawriter_crypto *)obj)->metadata_protectionKind;
break;
case CRYPTO_OBJECT_KIND_LOCAL_READER_CRYPTO:
*kind = ((local_datareader_crypto *)obj)->metadata_protectionKind;
break;
case CRYPTO_OBJECT_KIND_REMOTE_READER_CRYPTO:
*kind = ((remote_datareader_crypto *)obj)->metadata_protectionKind;
break;
default:
result = false;
break;
}
CRYPTO_OBJECT_RELEASE(obj);
return result;
}
bool
crypto_factory_get_participant_crypto_tokens(
const dds_security_crypto_key_factory *factory,
@ -1110,7 +1153,7 @@ crypto_factory_get_datawriter_crypto_tokens(
goto err_inv_remote;
}
if (remote_reader_crypto->local_writer_handle != local_writer_handle)
if (CRYPTO_OBJECT_HANDLE(remote_reader_crypto->local_writer) != local_writer_handle)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1180,7 +1223,7 @@ crypto_factory_set_datawriter_crypto_tokens(
goto err_inv_local;
}
if (remote_writer_crypto->local_reader_handle != local_reader_handle)
if (CRYPTO_OBJECT_HANDLE(remote_writer_crypto->local_reader) != local_reader_handle)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1254,7 +1297,7 @@ crypto_factory_get_datareader_crypto_tokens(
goto err_inv_remote;
}
if (remote_writer_crypto->local_reader_handle != local_reader_handle)
if (CRYPTO_OBJECT_HANDLE(remote_writer_crypto->local_reader) != local_reader_handle)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1317,7 +1360,7 @@ crypto_factory_set_datareader_crypto_tokens(
goto err_inv_local;
}
if (remote_reader_crypto->local_writer_handle != local_writer_handle)
if (CRYPTO_OBJECT_HANDLE(remote_reader_crypto->local_writer) != local_writer_handle)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1582,7 +1625,7 @@ crypto_factory_get_remote_writer_key_material(
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
goto err_inv_crypto;
}
if (writer_crypto->local_reader_handle != reader_id)
if (CRYPTO_OBJECT_HANDLE(writer_crypto->local_reader) != reader_id)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1646,7 +1689,7 @@ crypto_factory_get_remote_reader_key_material(
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
goto err_inv_crypto;
}
if (reader_crypto->local_writer_handle != writer_id)
if (CRYPTO_OBJECT_HANDLE(reader_crypto->local_writer) != writer_id)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,

5
src/security/builtin_plugins/cryptographic/src/crypto_key_factory.h
View file

@ -29,6 +29,11 @@ int generate_key_pairs(
char **private_key,
char **public_key);
bool crypto_factory_get_protection_kind(
const dds_security_crypto_key_factory *factory,
int64_t handle,
DDS_Security_ProtectionKind *kind);
bool crypto_factory_get_participant_crypto_tokens(
const dds_security_crypto_key_factory *factory,
DDS_Security_ParticipantCryptoHandle local_id,

13
src/security/builtin_plugins/cryptographic/src/crypto_objects.c
View file

@ -11,6 +11,7 @@
*/
#include <assert.h>
#include <string.h>
#include <stdio.h>
#include "dds/ddsrt/heap.h"
#include "dds/ddsrt/hopscotch.h"
#include "dds/ddsrt/types.h"
@ -63,7 +64,9 @@ void crypto_object_free(CryptoObject *obj)
CryptoObject * crypto_object_keep(CryptoObject *obj)
{
if (obj)
{
ddsrt_atomic_inc32(&obj->refcount);
}
return obj;
}
@ -455,6 +458,7 @@ static void remote_datawriter_crypto__free(CryptoObject *obj)
CRYPTO_OBJECT_RELEASE(datawriter_crypto->reader2writer_key_material);
CRYPTO_OBJECT_RELEASE(datawriter_crypto->writer2reader_key_material[0]);
CRYPTO_OBJECT_RELEASE(datawriter_crypto->writer2reader_key_material[1]);
CRYPTO_OBJECT_RELEASE(datawriter_crypto->local_reader);
CRYPTO_OBJECT_RELEASE(datawriter_crypto->participant);
crypto_object_deinit((CryptoObject *)datawriter_crypto);
ddsrt_free(datawriter_crypto);
@ -462,14 +466,14 @@ static void remote_datawriter_crypto__free(CryptoObject *obj)
}
remote_datawriter_crypto * crypto_remote_datawriter_crypto__new(const remote_participant_crypto *participant,
DDS_Security_ProtectionKind meta_protection, DDS_Security_BasicProtectionKind data_protection, DDS_Security_DatareaderCryptoHandle local_reader_handle)
DDS_Security_ProtectionKind meta_protection, DDS_Security_BasicProtectionKind data_protection, local_datareader_crypto *local_reader)
{
remote_datawriter_crypto *writer_crypto = ddsrt_calloc(1, sizeof(*writer_crypto));
crypto_object_init((CryptoObject *)writer_crypto, CRYPTO_OBJECT_KIND_REMOTE_WRITER_CRYPTO, remote_datawriter_crypto__free);
writer_crypto->participant = (remote_participant_crypto *)CRYPTO_OBJECT_KEEP(participant);
writer_crypto->metadata_protectionKind = meta_protection;
writer_crypto->data_protectionKind = data_protection;
writer_crypto->local_reader_handle = local_reader_handle;
writer_crypto->local_reader = (local_datareader_crypto *)CRYPTO_OBJECT_KEEP(local_reader);
writer_crypto->is_builtin_participant_volatile_message_secure_writer = false;
return writer_crypto;
@ -514,6 +518,7 @@ static void remote_datareader_crypto__free(CryptoObject *obj)
CRYPTO_OBJECT_RELEASE(datareader_crypto->reader2writer_key_material);
CRYPTO_OBJECT_RELEASE(datareader_crypto->writer2reader_key_material_message);
CRYPTO_OBJECT_RELEASE(datareader_crypto->writer2reader_key_material_payload);
CRYPTO_OBJECT_RELEASE(datareader_crypto->local_writer);
CRYPTO_OBJECT_RELEASE(datareader_crypto->participant);
crypto_object_deinit((CryptoObject *)datareader_crypto);
ddsrt_free(datareader_crypto);
@ -521,14 +526,14 @@ static void remote_datareader_crypto__free(CryptoObject *obj)
}
remote_datareader_crypto *crypto_remote_datareader_crypto__new(const remote_participant_crypto *participant, DDS_Security_ProtectionKind metadata_protectionKind,
DDS_Security_BasicProtectionKind data_protectionKind, DDS_Security_DatawriterCryptoHandle local_writer_handle)
DDS_Security_BasicProtectionKind data_protectionKind, local_datawriter_crypto *local_writer)
{
remote_datareader_crypto *reader_crypto = ddsrt_calloc(1, sizeof(*reader_crypto));
crypto_object_init((CryptoObject *)reader_crypto, CRYPTO_OBJECT_KIND_REMOTE_READER_CRYPTO, remote_datareader_crypto__free);
reader_crypto->participant = (remote_participant_crypto *)CRYPTO_OBJECT_KEEP(participant);
reader_crypto->metadata_protectionKind = metadata_protectionKind;
reader_crypto->data_protectionKind = data_protectionKind;
reader_crypto->local_writer_handle = local_writer_handle;
reader_crypto->local_writer = (local_datawriter_crypto *)CRYPTO_OBJECT_KEEP(local_writer);
reader_crypto->is_builtin_participant_volatile_message_secure_reader = false;
return reader_crypto;

8
src/security/builtin_plugins/cryptographic/src/crypto_objects.h
View file

@ -165,7 +165,7 @@ typedef struct remote_datawriter_crypto
master_key_material *reader2writer_key_material;
master_key_material *writer2reader_key_material[2];
session_key_material *reader_session; /* reference to the session key used by the reader */
DDS_Security_DatareaderCryptoHandle local_reader_handle;
struct local_datareader_crypto *local_reader;
bool is_builtin_participant_volatile_message_secure_writer;
} remote_datawriter_crypto;
@ -190,7 +190,7 @@ typedef struct remote_datareader_crypto
master_key_material *writer2reader_key_material_message;
master_key_material *writer2reader_key_material_payload;
session_key_material *writer_session; /* reference to the session key used by the writer */
DDS_Security_DatawriterCryptoHandle local_writer_handle;
local_datawriter_crypto *local_writer;
bool is_builtin_participant_volatile_message_secure_reader;
} remote_datareader_crypto;
@ -257,7 +257,7 @@ crypto_remote_datareader_crypto__new(
const remote_participant_crypto *participant,
DDS_Security_ProtectionKind metadata_protectionKind,
DDS_Security_BasicProtectionKind data_protectionKind,
DDS_Security_DatawriterCryptoHandle local_writer_handle);
local_datawriter_crypto *local_writer);
local_datareader_crypto *
crypto_local_datareader_crypto__new(
@ -270,7 +270,7 @@ crypto_remote_datawriter_crypto__new(
const remote_participant_crypto *participant,
DDS_Security_ProtectionKind meta_protection,
DDS_Security_BasicProtectionKind data_protection,
DDS_Security_DatareaderCryptoHandle local_reader_handle);
local_datareader_crypto *local_reader);
CryptoObject *
crypto_object_keep(

1
src/security/builtin_plugins/tests/set_remote_datareader_crypto_tokens/src/set_remote_datareader_crypto_tokens_utests.c
View file

@ -149,6 +149,7 @@ register_local_datawriter(void)
memset(&datawriter_security_attributes, 0, sizeof(DDS_Security_EndpointSecurityAttributes));
datawriter_security_attributes.is_discovery_protected = true;
datawriter_security_attributes.is_submessage_protected = true;
local_writer_crypto =
crypto->crypto_key_factory->register_local_datawriter(

1
src/security/builtin_plugins/tests/set_remote_datawriter_crypto_tokens/src/set_remote_datawriter_crypto_tokens_utests.c
View file

@ -141,6 +141,7 @@ static int register_local_datareader(void)
memset(&datareader_properties, 0, sizeof(datareader_properties));
memset(&datareader_security_attributes, 0, sizeof(datareader_security_attributes));
datareader_security_attributes.is_discovery_protected = true;
datareader_security_attributes.is_submessage_protected = true;
local_reader_crypto =
crypto->crypto_key_factory->register_local_datareader(