diff --git a/docs/dev/modules.md b/docs/dev/modules.md
index 435516c..1bcfe6d 100644
--- a/docs/dev/modules.md
+++ b/docs/dev/modules.md
@@ -195,3 +195,94 @@ automatic if the target supports it. Finalization is primarily used to release
thread-specific memory and call routines registered by
`ddsrt_thread_cleanup_push`.
+
+## DDS Security
+
+### Specification
+
+DDS Security is an [OMG specification](https://www.omg.org/spec/DDS-SECURITY/1.1/PDF) which adds several “DDS Security Support”
+compliance points to the DDS Specification.
+The specification defines the Security Model and Service Plugin Interface (SPI)
+architecture for compliant DDS implementations. The DDS Security Model is enforced
+by the invocation of these SPIs by the DDS implementation.
+Security Model for DDS defines the security principals (users of the system),
+the objects that are being secured, and the operations on the objects that are
+to be restricted.
+
+SPIs are defined that when combined together provide Information Assurance to
+DDS systems:
+* Authentication Service Plugin. Provides the means to verify the identity of the
+application and/or user that invokes operations on DDS. Includes facilities to
+perform mutual authentication between participants and establish a shared secret.
+* AccessControl Service Plugin. Provides the means to enforce policy decisions on
+what DDS related operations an authenticated user can perform. For example, which
+domains it can join, which Topics it can publish or subscribe to, etc.
+* Cryptographic Service Plugin. Implements (or interfaces with libraries that
+implement) all cryptographic operations including encryption, decryption,
+* Logging Service Plugin. Supports auditing of all DDS security-relevant events
+* Data Tagging Service Plugin. Provides a way to add tags to data samples.
+
+
+
+
+### Cyclone DDS Security
+
+Cyclone DDS Security implementation is composed of the following components/modifications:
+
+* DDS Security plugin API
+* DDS Security built-in plugins that implement the API
+* DDS Security Core Library that is used by the plugins and DDSI.
+* Changes in the DDSI that moderate the specified security model.
+
+The dependency diagram:
+
+
+ DDSI ----> DDS Security API (headers only) <----- DDS Security Plugins
+ | ^ |
+ | | |
+ | | |
+ -------> DDS Security Core <------------------------
+ | | |
+ | | |
+ | | |
+ | v |
+ -------> DDS_RT <------------------------
+
+All security specific contents are under src/security.
+
+##### DDS Security API
+
+The DDS Security plugin API consists of just a few header files. There are separate
+header files for each plugin: dds_security_api_authentication.h dds_security_api_cryptography.h
+and dds_security_api_access_control.c
+
+The API functions and types are prepared from the IDL by adding DDS_Security_ namespace
+prefix to functions and data types. Instead of extending DDS builtin topic data types,
+separate DDS_Security_ data type is defined for the current type and the new secure data type.
+
+##### Built-in Plugins
+
+Cyclone DDS Security comes with three mandatory plugins: authentication, cryptography and access control.
+
+###### Authentication Plugin
+
+This plugin implements authentication using a trusted Certificate Authority (CA). It performs
+mutual authentication between discovered participants using the RSA or ECDSA Digital Signature
+Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman
+(ECDH) Key Agreement Methods.
+
+
+
+###### Cryptography Plugin
+
+This plugin provides authenticated encryption using Advanced Encryption Standard (AES) in
+Galois Counter Mode (AES-GCM). It supports two AES key sizes: 128 bits and 256 bits. It may
+also provide additional reader-specific message authentication codes (MACs) using Galois MAC (AES-GMAC).
+
+
+
+
+###### Access Control Plugin
+
+
+
diff --git a/docs/dev/pictures/dds_security_access_control_plugin.png b/docs/dev/pictures/dds_security_access_control_plugin.png
new file mode 100644
index 0000000..13b28d9
Binary files /dev/null and b/docs/dev/pictures/dds_security_access_control_plugin.png differ
diff --git a/docs/dev/pictures/dds_security_authentication_plugin.png b/docs/dev/pictures/dds_security_authentication_plugin.png
new file mode 100644
index 0000000..a2b3ea5
Binary files /dev/null and b/docs/dev/pictures/dds_security_authentication_plugin.png differ
diff --git a/docs/dev/pictures/dds_security_crypto_plugin.png b/docs/dev/pictures/dds_security_crypto_plugin.png
new file mode 100644
index 0000000..d314978
Binary files /dev/null and b/docs/dev/pictures/dds_security_crypto_plugin.png differ
diff --git a/docs/dev/pictures/dds_security_plugin_components.png b/docs/dev/pictures/dds_security_plugin_components.png
new file mode 100644
index 0000000..cfcd692
Binary files /dev/null and b/docs/dev/pictures/dds_security_plugin_components.png differ
diff --git a/docs/dev/todo_list.md b/docs/dev/todo_list.md
new file mode 100644
index 0000000..909b953
--- /dev/null
+++ b/docs/dev/todo_list.md
@@ -0,0 +1,32 @@
+# TODO LIST
+
+## Security
+
+* Reassess Jeroen's comment:
+https://github.com/eclipse-cyclonedds/cyclonedds/pull/177#issuecomment-494040238
+> 5. If the security_api just becomes part of ddsc, and it should in my opinion, then I'd prefer you propagate the naming scheme as introduced in ddsrt etc and name the header files e.g. dds/ddssec/auth.h or something instead of dds/security/dds_security_api_authentication.h.
+
+* Reassess Jeroen's comment:
+https://github.com/eclipse-cyclonedds/cyclonedds/pull/177#issuecomment-494040238
+> I've spent a great deal of time stripping out all the various different error codes and make it so that we simply use DDS_RETCODE_ constants everywhere. This pull request reintroduces separate error codes and that's something I really don't approve of. The security error codes start at an offset of 100 and should nicely integrate with the other codes in dds/ddsrt/retcode.h. The messages should be retrievable using dds_strretcode if you ask me.
+
+
+* reassess Erik's comment
+https://github.com/eclipse-cyclonedds/cyclonedds/pull/177#issuecomment-490718462
+> GuidPrefix & BuiltinTopicKey change
+
+* reassess erik's comment
+https://github.com/eclipse-cyclonedds/cyclonedds/pull/177#issuecomment-490718462
+> ddsrt_strchrs
+
+* Reassess Jeroen's comment:
+https://github.com/eclipse-cyclonedds/cyclonedds/pull/177#issuecomment-494040238
+> If the security_api just becomes part of ddsc, and it should in my opinion, then I'd prefer you propagate the naming scheme as introduced in ddsrt etc and name the header files e.g. dds/ddssec/auth.h or something instead of dds/security/dds_security_api_authentication.h.
+
+* Reassess Jeroen's comment:
+https://github.com/eclipse-cyclonedds/cyclonedds/pull/177#issuecomment-494040238
+> If the security_api just becomes part of ddsc, and it should in my opinion, then I'd prefer you propagate the naming scheme as introduced in ddsrt etc and name the header files e.g. dds/ddssec/auth.h or something instead of dds/security/dds_security_api_authentication.h.
+
+
+
+
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index d1539dd..48daaa2 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -178,6 +178,7 @@ set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/lib")
add_subdirectory(idlc)
add_subdirectory(ddsrt)
add_subdirectory(etc)
+add_subdirectory(security/api)
add_subdirectory(core)
add_subdirectory(tools)
add_subdirectory(scripts)
diff --git a/src/core/CMakeLists.txt b/src/core/CMakeLists.txt
index 8f36723..c97b8a4 100644
--- a/src/core/CMakeLists.txt
+++ b/src/core/CMakeLists.txt
@@ -50,13 +50,15 @@ endif()
include(ddsi/CMakeLists.txt)
include(ddsc/CMakeLists.txt)
-target_link_libraries(ddsc PRIVATE ddsrt)
+target_link_libraries(ddsc PRIVATE ddsrt security_api)
+
target_compile_definitions(
ddsc PUBLIC
$>)
target_include_directories(
ddsc PUBLIC
- $>)
+ $>
+ $>)
# SOVERSION should increase on incompatible ABI change
set_target_properties(ddsc PROPERTIES VERSION ${PROJECT_VERSION} SOVERSION ${PROJECT_VERSION_MAJOR})
diff --git a/src/ddsrt/include/dds/ddsrt/string.h b/src/ddsrt/include/dds/ddsrt/string.h
index 0023d12..1d8f184 100644
--- a/src/ddsrt/include/dds/ddsrt/string.h
+++ b/src/ddsrt/include/dds/ddsrt/string.h
@@ -12,6 +12,7 @@
#ifndef DDSRT_STRING_H
#define DDSRT_STRING_H
+#include
#include "dds/export.h"
#include "dds/ddsrt/attributes.h"
#include "dds/ddsrt/retcode.h"
@@ -169,6 +170,8 @@ ddsrt_strlcat(
size_t size)
ddsrt_nonnull((1,2));
+
+
/**
* @brief Get description for specified system error number.
*
diff --git a/src/ddsrt/src/string.c b/src/ddsrt/src/string.c
index 24d2631..3e4ed64 100644
--- a/src/ddsrt/src/string.c
+++ b/src/ddsrt/src/string.c
@@ -178,3 +178,4 @@ ddsrt_strdup(
return ddsrt_memdup(str, strlen(str) + 1);
}
+
diff --git a/src/security/api/CMakeLists.txt b/src/security/api/CMakeLists.txt
new file mode 100644
index 0000000..63caf64
--- /dev/null
+++ b/src/security/api/CMakeLists.txt
@@ -0,0 +1,25 @@
+#
+# Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License v. 2.0 which is available at
+# http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
+# v. 1.0 which is available at
+# http://www.eclipse.org/org/documents/edl-v10.php.
+#
+# SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+#
+
+
+add_library(security_api INTERFACE)
+
+target_include_directories(
+ security_api INTERFACE
+ "$")
+
+install(
+ DIRECTORY "${CMAKE_CURRENT_LIST_DIR}/include/"
+ DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}"
+ COMPONENT dev)
+
+
diff --git a/src/security/api/include/dds/security/dds_security_api.h b/src/security/api/include/dds/security/dds_security_api.h
new file mode 100644
index 0000000..1304201
--- /dev/null
+++ b/src/security/api/include/dds/security/dds_security_api.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
+ * v. 1.0 which is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+ */
+
+#ifndef DDS_SECURITY_API_H
+#define DDS_SECURITY_API_H
+
+
+/* Various security plugins. */
+#include "dds_security_api_access_control.h"
+#include "dds_security_api_authentication.h"
+#include "dds_security_api_cryptography.h"
+
+
+#if defined (__cplusplus)
+extern "C" {
+#endif
+
+
+/**
+ * Integration functions for Security plugins
+ *
+ */
+
+typedef int (*plugin_init)(
+ const char *argument,
+ void **context
+ );
+
+typedef int (*plugin_finalize)(
+ void *context
+ );
+
+
+#if defined (__cplusplus)
+}
+#endif
+
+
+#endif /* DDS_SECURITY_API_H */
diff --git a/src/security/api/include/dds/security/dds_security_api_access_control.h b/src/security/api/include/dds/security/dds_security_api_access_control.h
new file mode 100644
index 0000000..00ca926
--- /dev/null
+++ b/src/security/api/include/dds/security/dds_security_api_access_control.h
@@ -0,0 +1,375 @@
+/*
+ * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
+ * v. 1.0 which is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+ */
+
+#ifndef DDS_SECURITY_ACCESS_CONTROL_API_H
+#define DDS_SECURITY_ACCESS_CONTROL_API_H
+
+#include "dds_security_api_types.h"
+#include "dds_security_api_authentication.h"
+
+#if defined (__cplusplus)
+extern "C" {
+#endif
+
+
+
+/**
+ * AccessControl Component
+ */
+struct dds_security_access_control;
+typedef struct dds_security_access_control dds_security_access_control;
+
+struct dds_security_access_control_listener;
+typedef struct dds_security_access_control_listener dds_security_access_control_listener;
+
+
+/**
+ * AccessControlListener Interface
+ * */
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_listener_on_revoke_permissions)
+ ( dds_security_access_control_listener *instance,
+ const dds_security_access_control *plugin,
+ const DDS_Security_PermissionsHandle handle);
+
+struct dds_security_access_control_listener
+{
+ DDS_Security_access_control_listener_on_revoke_permissions on_revoke_permissions;
+};
+
+
+/**
+ * AccessControl Interface
+ */
+
+typedef DDS_Security_PermissionsHandle
+(*DDS_Security_access_control_validate_local_permissions)
+ ( dds_security_access_control *instance,
+ const dds_security_authentication *auth_plugin,
+ const DDS_Security_IdentityHandle identity,
+ const DDS_Security_DomainId domain_id,
+ const DDS_Security_Qos *participant_qos,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_PermissionsHandle
+(*DDS_Security_access_control_validate_remote_permissions)
+ ( dds_security_access_control *instance,
+ const dds_security_authentication *auth_plugin,
+ const DDS_Security_IdentityHandle local_identity_handle,
+ const DDS_Security_IdentityHandle remote_identity_handle,
+ const DDS_Security_PermissionsToken *remote_permissions_token,
+ const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_create_participant)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_DomainId domain_id,
+ const DDS_Security_Qos *participant_qos,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_create_datawriter)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_DomainId domain_id,
+ const DDS_Security_char *topic_name,
+ const DDS_Security_Qos *writer_qos,
+ const DDS_Security_PartitionQosPolicy *partition,
+ const DDS_Security_DataTags *data_tag,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_create_datareader)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_DomainId domain_id,
+ const DDS_Security_char *topic_name,
+ const DDS_Security_Qos *reader_qos,
+ const DDS_Security_PartitionQosPolicy *partition,
+ const DDS_Security_DataTags *data_tag,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_create_topic)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_DomainId domain_id,
+ const DDS_Security_char *topic_name,
+ const DDS_Security_Qos *topic_qos,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_local_datawriter_register_instance)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_Entity *writer,
+ const DDS_Security_DynamicData *key,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_local_datawriter_dispose_instance)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_Entity *writer,
+ const DDS_Security_DynamicData key,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_remote_participant)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_DomainId domain_id,
+ const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_remote_datawriter)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_DomainId domain_id,
+ const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_remote_datareader)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_DomainId domain_id,
+ const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data,
+ DDS_Security_boolean *relay_only,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_remote_topic)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_DomainId domain_id,
+ const DDS_Security_TopicBuiltinTopicData *topic_data,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_local_datawriter_match)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle writer_permissions_handle,
+ const DDS_Security_PermissionsHandle reader_permissions_handle,
+ const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data,
+ const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_local_datareader_match)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle reader_permissions_handle,
+ const DDS_Security_PermissionsHandle writer_permissions_handle,
+ const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data,
+ const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_remote_datawriter_register_instance)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_Entity *reader,
+ const DDS_Security_InstanceHandle publication_handle,
+ const DDS_Security_DynamicData key,
+ const DDS_Security_InstanceHandle instance_handle,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_check_remote_datawriter_dispose_instance)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_Entity *reader,
+ const DDS_Security_InstanceHandle publication_handle,
+ const DDS_Security_DynamicData key,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_get_permissions_token)
+ ( dds_security_access_control *instance,
+ DDS_Security_PermissionsToken *permissions_token,
+ const DDS_Security_PermissionsHandle handle,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_get_permissions_credential_token)
+ ( dds_security_access_control *instance,
+ DDS_Security_PermissionsCredentialToken *permissions_credential_token,
+ const DDS_Security_PermissionsHandle handle,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_set_listener)
+ ( dds_security_access_control *instance,
+ const dds_security_access_control_listener *listener,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_return_permissions_token)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsToken *token,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_return_permissions_credential_token)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsCredentialToken *permissions_credential_token,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_get_participant_sec_attributes)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ DDS_Security_ParticipantSecurityAttributes *attributes,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_get_topic_sec_attributes)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_char *topic_name,
+ DDS_Security_TopicSecurityAttributes *attributes,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_get_datawriter_sec_attributes)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_char *topic_name,
+ const DDS_Security_PartitionQosPolicy *partition,
+ const DDS_Security_DataTagQosPolicy *data_tag,
+ DDS_Security_EndpointSecurityAttributes *attributes,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_get_datareader_sec_attributes)
+ ( dds_security_access_control *instance,
+ const DDS_Security_PermissionsHandle permissions_handle,
+ const DDS_Security_char *topic_name,
+ const DDS_Security_PartitionQosPolicy *partition,
+ const DDS_Security_DataTagQosPolicy *data_tag,
+ DDS_Security_EndpointSecurityAttributes *attributes,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_return_participant_sec_attributes)
+ ( dds_security_access_control *instance,
+ const DDS_Security_ParticipantSecurityAttributes *attributes,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_return_topic_sec_attributes)
+ ( dds_security_access_control *instance,
+ const DDS_Security_TopicSecurityAttributes *attributes,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_return_datawriter_sec_attributes)
+ ( dds_security_access_control *instance,
+ const DDS_Security_EndpointSecurityAttributes *attributes,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_return_datareader_sec_attributes)
+ ( dds_security_access_control *instance,
+ const DDS_Security_EndpointSecurityAttributes *attributes,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_access_control_return_permissions_handle)
+ ( dds_security_access_control *instance,
+ DDS_Security_PermissionsHandle permissions_handle,
+ DDS_Security_SecurityException *ex);
+
+
+struct dds_security_access_control
+{
+ DDS_Security_access_control_validate_local_permissions validate_local_permissions;
+
+ DDS_Security_access_control_validate_remote_permissions validate_remote_permissions;
+
+ DDS_Security_access_control_check_create_participant check_create_participant;
+
+ DDS_Security_access_control_check_create_datawriter check_create_datawriter;
+
+ DDS_Security_access_control_check_create_datareader check_create_datareader;
+
+ DDS_Security_access_control_check_create_topic check_create_topic;
+
+ DDS_Security_access_control_check_local_datawriter_register_instance check_local_datawriter_register_instance;
+
+ DDS_Security_access_control_check_local_datawriter_dispose_instance check_local_datawriter_dispose_instance;
+
+ DDS_Security_access_control_check_remote_participant check_remote_participant;
+
+ DDS_Security_access_control_check_remote_datawriter check_remote_datawriter;
+
+ DDS_Security_access_control_check_remote_datareader check_remote_datareader;
+
+ DDS_Security_access_control_check_remote_topic check_remote_topic;
+
+ DDS_Security_access_control_check_local_datawriter_match check_local_datawriter_match;
+
+ DDS_Security_access_control_check_local_datareader_match check_local_datareader_match;
+
+ DDS_Security_access_control_check_remote_datawriter_register_instance check_remote_datawriter_register_instance;
+
+ DDS_Security_access_control_check_remote_datawriter_dispose_instance check_remote_datawriter_dispose_instance;
+
+ DDS_Security_access_control_get_permissions_token get_permissions_token;
+
+ DDS_Security_access_control_get_permissions_credential_token get_permissions_credential_token;
+
+ DDS_Security_access_control_set_listener set_listener;
+
+ DDS_Security_access_control_return_permissions_token return_permissions_token;
+
+ DDS_Security_access_control_return_permissions_credential_token return_permissions_credential_token;
+
+ DDS_Security_access_control_get_participant_sec_attributes get_participant_sec_attributes;
+
+ DDS_Security_access_control_get_topic_sec_attributes get_topic_sec_attributes;
+
+ DDS_Security_access_control_get_datawriter_sec_attributes get_datawriter_sec_attributes;
+
+ DDS_Security_access_control_get_datareader_sec_attributes get_datareader_sec_attributes;
+
+ DDS_Security_access_control_return_participant_sec_attributes return_participant_sec_attributes;
+
+ DDS_Security_access_control_return_topic_sec_attributes return_topic_sec_attributes;
+
+ DDS_Security_access_control_return_datawriter_sec_attributes return_datawriter_sec_attributes;
+
+ DDS_Security_access_control_return_datareader_sec_attributes return_datareader_sec_attributes;
+
+ DDS_Security_access_control_return_permissions_handle return_permissions_handle;
+
+};
+
+
+#if defined (__cplusplus)
+}
+#endif
+
+#endif /* DDS_SECURITY_ACCESS_CONTROL_API_H */
diff --git a/src/security/api/include/dds/security/dds_security_api_authentication.h b/src/security/api/include/dds/security/dds_security_api_authentication.h
new file mode 100644
index 0000000..ebcfa15
--- /dev/null
+++ b/src/security/api/include/dds/security/dds_security_api_authentication.h
@@ -0,0 +1,238 @@
+/*
+ * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
+ * v. 1.0 which is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+ */
+
+#ifndef DDS_SECURITY_AUTHENTICATION_API_H
+#define DDS_SECURITY_AUTHENTICATION_API_H
+
+#include "dds_security_api_types.h"
+
+#if defined (__cplusplus)
+extern "C" {
+#endif
+
+
+/**
+ * Authentication Component
+ */
+struct dds_security_authentication;
+typedef struct dds_security_authentication dds_security_authentication;
+
+struct dds_security_authentication_listener;
+typedef struct dds_security_authentication_listener dds_security_authentication_listener;
+
+
+/**
+ * AuthenticationListener interface
+ */
+
+typedef DDS_Security_boolean
+(*DDS_Security_authentication_listener_on_revoke_identity)
+ ( dds_security_authentication_listener *context,
+ const dds_security_authentication *plugin,
+ const DDS_Security_IdentityHandle handle
+ );
+
+typedef DDS_Security_boolean
+(*DDS_Security_authentication_listener_on_status_changed)
+ ( dds_security_authentication_listener *context,
+ const dds_security_authentication *plugin,
+ const DDS_Security_IdentityHandle handle,
+ const DDS_Security_AuthStatusKind status_kind
+ );
+
+
+struct dds_security_authentication_listener
+{
+ DDS_Security_authentication_listener_on_revoke_identity on_revoke_identity;
+
+ DDS_Security_authentication_listener_on_status_changed on_status_changed;
+};
+
+typedef DDS_Security_ValidationResult_t
+(*DDS_Security_authentication_validate_local_identity)
+ ( dds_security_authentication *instance,
+ DDS_Security_IdentityHandle *local_identity_handle,
+ DDS_Security_GUID_t *adjusted_participant_guid,
+ const DDS_Security_DomainId domain_id,
+ const DDS_Security_Qos *participant_qos,
+ const DDS_Security_GUID_t *candidate_participant_guid,
+ DDS_Security_SecurityException *ex
+ );
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_authentication_get_identity_token)
+ ( dds_security_authentication *instance,
+ DDS_Security_IdentityToken *identity_token,
+ const DDS_Security_IdentityHandle handle,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_authentication_get_identity_status_token)
+ ( dds_security_authentication *instance,
+ DDS_Security_IdentityStatusToken *identity_status_token,
+ const DDS_Security_IdentityHandle handle,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_authentication_set_permissions_credential_and_token)
+ ( dds_security_authentication *instance,
+ const DDS_Security_IdentityHandle handle,
+ const DDS_Security_PermissionsCredentialToken *permissions_credential,
+ const DDS_Security_PermissionsToken *permissions_token,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_ValidationResult_t
+(*DDS_Security_authentication_validate_remote_identity)
+ ( dds_security_authentication *instance,
+ DDS_Security_IdentityHandle *remote_identity_handle,
+ DDS_Security_AuthRequestMessageToken *local_auth_request_token,
+ const DDS_Security_AuthRequestMessageToken *remote_auth_request_token,
+ const DDS_Security_IdentityHandle local_identity_handle,
+ const DDS_Security_IdentityToken *remote_identity_token,
+ const DDS_Security_GUID_t *remote_participant_guid,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_ValidationResult_t
+(*DDS_Security_authentication_begin_handshake_request)
+ ( dds_security_authentication *instance,
+ DDS_Security_HandshakeHandle *handshake_handle,
+ DDS_Security_HandshakeMessageToken *handshake_message,
+ const DDS_Security_IdentityHandle initiator_identity_handle,
+ const DDS_Security_IdentityHandle replier_identity_handle,
+ const DDS_Security_OctetSeq *serialized_local_participant_data,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_ValidationResult_t
+(*DDS_Security_authentication_begin_handshake_reply)
+ ( dds_security_authentication *instance,
+ DDS_Security_HandshakeHandle *handshake_handle,
+ DDS_Security_HandshakeMessageToken *handshake_message_out,
+ const DDS_Security_HandshakeMessageToken *handshake_message_in,
+ const DDS_Security_IdentityHandle initiator_identity_handle,
+ const DDS_Security_IdentityHandle replier_identity_handle,
+ const DDS_Security_OctetSeq *serialized_local_participant_data,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_ValidationResult_t
+(*DDS_Security_authentication_process_handshake)
+ ( dds_security_authentication *instance,
+ DDS_Security_HandshakeMessageToken *handshake_message_out,
+ const DDS_Security_HandshakeMessageToken *handshake_message_in,
+ const DDS_Security_HandshakeHandle handshake_handle,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_SharedSecretHandle
+(*DDS_Security_authentication_get_shared_secret)
+ ( dds_security_authentication *instance,
+ const DDS_Security_HandshakeHandle handshake_handle,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_authentication_get_authenticated_peer_credential_token)
+ ( dds_security_authentication *instance,
+ DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token,
+ const DDS_Security_HandshakeHandle handshake_handle,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_authentication_set_listener)
+ ( dds_security_authentication *instance,
+ const dds_security_authentication_listener *listener,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_authentication_return_identity_token)
+ ( dds_security_authentication *instance,
+ const DDS_Security_IdentityToken *token,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_authentication_return_identity_status_token)
+ ( dds_security_authentication *instance,
+ const DDS_Security_IdentityStatusToken *token,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_authentication_return_authenticated_peer_credential_token)
+ ( dds_security_authentication *instance,
+ const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_authentication_return_handshake_handle)
+ ( dds_security_authentication *instance,
+ const DDS_Security_HandshakeHandle handshake_handle,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_authentication_return_identity_handle)
+ ( dds_security_authentication *instance,
+ const DDS_Security_IdentityHandle identity_handle,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_authentication_return_sharedsecret_handle)
+ ( dds_security_authentication *instance,
+ const DDS_Security_SharedSecretHandle sharedsecret_handle,
+ DDS_Security_SecurityException *ex);
+
+
+struct dds_security_authentication
+{
+
+ DDS_Security_authentication_validate_local_identity validate_local_identity;
+
+ DDS_Security_authentication_get_identity_token get_identity_token;
+
+ DDS_Security_authentication_get_identity_status_token get_identity_status_token;
+
+ DDS_Security_authentication_set_permissions_credential_and_token set_permissions_credential_and_token;
+
+ DDS_Security_authentication_validate_remote_identity validate_remote_identity;
+
+ DDS_Security_authentication_begin_handshake_request begin_handshake_request;
+
+ DDS_Security_authentication_begin_handshake_reply begin_handshake_reply;
+
+ DDS_Security_authentication_process_handshake process_handshake;
+
+ DDS_Security_authentication_get_shared_secret get_shared_secret;
+
+ DDS_Security_authentication_get_authenticated_peer_credential_token get_authenticated_peer_credential_token;
+
+ DDS_Security_authentication_set_listener set_listener;
+
+ DDS_Security_authentication_return_identity_token return_identity_token;
+
+ DDS_Security_authentication_return_identity_status_token return_identity_status_token;
+
+ DDS_Security_authentication_return_authenticated_peer_credential_token return_authenticated_peer_credential_token;
+
+ DDS_Security_authentication_return_handshake_handle return_handshake_handle;
+
+ DDS_Security_authentication_return_identity_handle return_identity_handle;
+
+ DDS_Security_authentication_return_sharedsecret_handle return_sharedsecret_handle;
+};
+
+
+#if defined (__cplusplus)
+}
+#endif
+
+#endif /* DDS_SECURITY_AUTHENTICATION_API_H */
diff --git a/src/security/api/include/dds/security/dds_security_api_cryptography.h b/src/security/api/include/dds/security/dds_security_api_cryptography.h
new file mode 100644
index 0000000..f082477
--- /dev/null
+++ b/src/security/api/include/dds/security/dds_security_api_cryptography.h
@@ -0,0 +1,337 @@
+/*
+ * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
+ * v. 1.0 which is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+ */
+
+#ifndef DDS_SECURITY_API_CRYPTOGRAPHY_H
+#define DDS_SECURITY_API_CRYPTOGRAPHY_H
+
+#include "dds_security_api_types.h"
+
+#if defined (__cplusplus)
+extern "C" {
+#endif
+
+/**
+ * Crypto Component
+ */
+
+struct dds_security_crypto_key_factory;
+typedef struct dds_security_crypto_key_factory dds_security_crypto_key_factory;
+
+struct dds_security_crypto_key_exchange;
+typedef struct dds_security_crypto_key_exchange dds_security_crypto_key_exchange;
+
+struct dds_security_crypto_transform;
+typedef struct dds_security_crypto_transform dds_security_crypto_transform;
+
+/**
+ * CryptoKeyFactory interface
+ */
+
+typedef DDS_Security_ParticipantCryptoHandle
+(*DDS_Security_crypto_key_factory_register_local_participant)
+ ( dds_security_crypto_key_factory *instance,
+ const DDS_Security_IdentityHandle participant_identity,
+ const DDS_Security_PermissionsHandle participant_permissions,
+ const DDS_Security_PropertySeq *participant_properties,
+ const DDS_Security_ParticipantSecurityAttributes *participant_security_attributes,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_ParticipantCryptoHandle
+(*DDS_Security_crypto_key_factory_register_matched_remote_participant)
+ ( dds_security_crypto_key_factory *instance,
+ const DDS_Security_ParticipantCryptoHandle local_participant_crypto_handle,
+ const DDS_Security_IdentityHandle remote_participant_identity,
+ const DDS_Security_PermissionsHandle remote_participant_permissions,
+ const DDS_Security_SharedSecretHandle shared_secret,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_DatawriterCryptoHandle
+(*DDS_Security_crypto_key_factory_register_local_datawriter)
+ ( dds_security_crypto_key_factory *instance,
+ const DDS_Security_ParticipantCryptoHandle participant_crypto,
+ const DDS_Security_PropertySeq *datawriter_properties,
+ const DDS_Security_EndpointSecurityAttributes *datawriter_security_attributes,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_DatareaderCryptoHandle
+(*DDS_Security_crypto_key_factory_register_matched_remote_datareader)
+ ( dds_security_crypto_key_factory *instance,
+ const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto_handle,
+ const DDS_Security_ParticipantCryptoHandle remote_participant_crypto,
+ const DDS_Security_SharedSecretHandle shared_secret,
+ const DDS_Security_boolean relay_only,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_DatareaderCryptoHandle
+(*DDS_Security_crypto_key_factory_register_local_datareader)
+ ( dds_security_crypto_key_factory *instance,
+ const DDS_Security_ParticipantCryptoHandle participant_crypto_handle,
+ const DDS_Security_PropertySeq *datareader_properties,
+ const DDS_Security_EndpointSecurityAttributes *datareader_security_attributes,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_DatawriterCryptoHandle
+(*DDS_Security_crypto_key_factory_register_matched_remote_datawriter)
+ ( dds_security_crypto_key_factory *instance,
+ const DDS_Security_DatareaderCryptoHandle local_datareader_crypto_handle,
+ const DDS_Security_ParticipantCryptoHandle remote_participant_crypt,
+ const DDS_Security_SharedSecretHandle shared_secret,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_key_factory_unregister_participant)
+ ( dds_security_crypto_key_factory *instance,
+ const DDS_Security_ParticipantCryptoHandle participant_crypto_handle,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_key_factory_unregister_datawriter)
+ ( dds_security_crypto_key_factory *instance,
+ const DDS_Security_DatawriterCryptoHandle datawriter_crypto_handle,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_key_factory_unregister_datareader)
+ ( dds_security_crypto_key_factory *instance,
+ const DDS_Security_DatareaderCryptoHandle datareader_crypto_handle,
+ DDS_Security_SecurityException *ex);
+
+struct dds_security_crypto_key_factory
+{
+
+ DDS_Security_crypto_key_factory_register_local_participant register_local_participant;
+
+ DDS_Security_crypto_key_factory_register_matched_remote_participant register_matched_remote_participant;
+
+ DDS_Security_crypto_key_factory_register_local_datawriter register_local_datawriter;
+
+ DDS_Security_crypto_key_factory_register_matched_remote_datareader register_matched_remote_datareader;
+
+ DDS_Security_crypto_key_factory_register_local_datareader register_local_datareader;
+
+ DDS_Security_crypto_key_factory_register_matched_remote_datawriter register_matched_remote_datawriter;
+
+ DDS_Security_crypto_key_factory_unregister_participant unregister_participant;
+
+ DDS_Security_crypto_key_factory_unregister_datawriter unregister_datawriter;
+
+ DDS_Security_crypto_key_factory_unregister_datareader unregister_datareader;
+} ;
+
+
+/**
+ * CryptoKeyExchange Interface
+ */
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_key_exchange_create_local_participant_crypto_tokens)
+ ( dds_security_crypto_key_exchange *instance,
+ DDS_Security_ParticipantCryptoTokenSeq *local_participant_crypto_tokens,
+ const DDS_Security_ParticipantCryptoHandle local_participant_crypto,
+ const DDS_Security_ParticipantCryptoHandle remote_participant_crypto,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_key_exchange_set_remote_participant_crypto_tokens)
+ ( dds_security_crypto_key_exchange *instance,
+ const DDS_Security_ParticipantCryptoHandle local_participant_crypto,
+ const DDS_Security_ParticipantCryptoHandle remote_participant_crypto,
+ const DDS_Security_ParticipantCryptoTokenSeq *remote_participant_tokens,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_key_exchange_create_local_datawriter_crypto_tokens)
+ ( dds_security_crypto_key_exchange *instance,
+ DDS_Security_DatawriterCryptoTokenSeq *local_datawriter_crypto_tokens,
+ const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto,
+ const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_key_exchange_set_remote_datawriter_crypto_tokens)
+ ( dds_security_crypto_key_exchange *instance,
+ const DDS_Security_DatareaderCryptoHandle local_datareader_crypto,
+ const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto,
+ const DDS_Security_DatawriterCryptoTokenSeq *remote_datawriter_tokens,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_key_exchange_create_local_datareader_crypto_tokens)
+ ( dds_security_crypto_key_exchange *instance,
+ DDS_Security_DatareaderCryptoTokenSeq *local_datareader_cryto_tokens,
+ const DDS_Security_DatareaderCryptoHandle local_datareader_crypto,
+ const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_key_exchange_set_remote_datareader_crypto_tokens)
+ ( dds_security_crypto_key_exchange *instance,
+ const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto,
+ const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto,
+ const DDS_Security_DatareaderCryptoTokenSeq *remote_datareader_tokens,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_key_exchange_return_crypto_tokens)
+ ( dds_security_crypto_key_exchange *instance,
+ DDS_Security_CryptoTokenSeq *crypto_tokens,
+ DDS_Security_SecurityException *ex);
+
+struct dds_security_crypto_key_exchange
+{
+ DDS_Security_crypto_key_exchange_create_local_participant_crypto_tokens create_local_participant_crypto_tokens;
+
+ DDS_Security_crypto_key_exchange_set_remote_participant_crypto_tokens set_remote_participant_crypto_tokens;
+
+ DDS_Security_crypto_key_exchange_create_local_datawriter_crypto_tokens create_local_datawriter_crypto_tokens;
+
+ DDS_Security_crypto_key_exchange_set_remote_datawriter_crypto_tokens set_remote_datawriter_crypto_tokens;
+
+ DDS_Security_crypto_key_exchange_create_local_datareader_crypto_tokens create_local_datareader_crypto_tokens;
+
+ DDS_Security_crypto_key_exchange_set_remote_datareader_crypto_tokens set_remote_datareader_crypto_tokens;
+
+ DDS_Security_crypto_key_exchange_return_crypto_tokens return_crypto_tokens;
+} ;
+
+
+/**
+ * CryptoTransform Interface
+ */
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_transform_encode_serialized_payload)
+ ( dds_security_crypto_transform *instance,
+ DDS_Security_OctetSeq *encoded_buffer,
+ DDS_Security_OctetSeq *extra_inline_qos,
+ const DDS_Security_OctetSeq *plain_buffer,
+ const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_transform_encode_datawriter_submessage)
+ ( dds_security_crypto_transform *instance,
+ DDS_Security_OctetSeq *encoded_rtps_submessage,
+ const DDS_Security_OctetSeq *plain_rtps_submessage,
+ const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
+ const DDS_Security_DatareaderCryptoHandleSeq *receiving_datareader_crypto_list,
+ DDS_Security_long *receiving_datareader_crypto_list_index,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_transform_encode_datareader_submessage)
+ ( dds_security_crypto_transform *instance,
+ DDS_Security_OctetSeq *encoded_rtps_submessage,
+ const DDS_Security_OctetSeq *plain_rtps_submessage,
+ const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto,
+ const DDS_Security_DatawriterCryptoHandleSeq *receiving_datawriter_crypto_list,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_transform_encode_rtps_message)
+ ( dds_security_crypto_transform *instance,
+ DDS_Security_OctetSeq *encoded_rtps_message,
+ const DDS_Security_OctetSeq *plain_rtps_message,
+ const DDS_Security_ParticipantCryptoHandle sending_participant_crypto,
+ const DDS_Security_ParticipantCryptoHandleSeq *receiving_participant_crypto_list,
+ DDS_Security_long *receiving_participant_crypto_list_index,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_transform_decode_rtps_message)
+ ( dds_security_crypto_transform *instance,
+ DDS_Security_OctetSeq *plain_buffer,
+ const DDS_Security_OctetSeq *encoded_buffer,
+ const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto,
+ const DDS_Security_ParticipantCryptoHandle sending_participant_crypto,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_transform_preprocess_secure_submsg)
+ ( dds_security_crypto_transform *instance,
+ DDS_Security_DatawriterCryptoHandle *datawriter_crypto,
+ DDS_Security_DatareaderCryptoHandle *datareader_crypto,
+ DDS_Security_SecureSubmessageCategory_t *secure_submessage_category,
+ const DDS_Security_OctetSeq *encoded_rtps_submessage,
+ const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto,
+ const DDS_Security_ParticipantCryptoHandle sending_participant_crypto,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_transform_decode_datawriter_submessage)
+ ( dds_security_crypto_transform *instance,
+ DDS_Security_OctetSeq *plain_rtps_submessage,
+ const DDS_Security_OctetSeq *encoded_rtps_submessage,
+ const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto,
+ const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
+ DDS_Security_SecurityException *ex);
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_transform_decode_datareader_submessage)
+ ( dds_security_crypto_transform *instance,
+ DDS_Security_OctetSeq *plain_rtps_message,
+ const DDS_Security_OctetSeq *encoded_rtps_message,
+ const DDS_Security_DatawriterCryptoHandle receiving_datawriter_crypto,
+ const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto,
+ DDS_Security_SecurityException *ex);
+
+
+typedef DDS_Security_boolean
+(*DDS_Security_crypto_transform_decode_serialized_payload)
+ ( dds_security_crypto_transform *instance,
+ DDS_Security_OctetSeq *plain_buffer,
+ const DDS_Security_OctetSeq *encoded_buffer,
+ const DDS_Security_OctetSeq *inline_qos,
+ const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto,
+ const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
+ DDS_Security_SecurityException *ex);
+
+
+struct dds_security_crypto_transform
+{
+ DDS_Security_crypto_transform_encode_serialized_payload encode_serialized_payload;
+
+ DDS_Security_crypto_transform_encode_datawriter_submessage encode_datawriter_submessage;
+
+ DDS_Security_crypto_transform_encode_datareader_submessage encode_datareader_submessage;
+
+ DDS_Security_crypto_transform_encode_rtps_message encode_rtps_message;
+
+ DDS_Security_crypto_transform_decode_rtps_message decode_rtps_message;
+
+ DDS_Security_crypto_transform_preprocess_secure_submsg preprocess_secure_submsg;
+
+ DDS_Security_crypto_transform_decode_datawriter_submessage decode_datawriter_submessage;
+
+ DDS_Security_crypto_transform_decode_datareader_submessage decode_datareader_submessage;
+
+ DDS_Security_crypto_transform_decode_serialized_payload decode_serialized_payload;
+} ;
+
+
+
+
+typedef struct dds_security_cryptography
+{
+ dds_security_crypto_transform *crypto_transform;
+ dds_security_crypto_key_factory *crypto_key_factory;
+ dds_security_crypto_key_exchange *crypto_key_exchange;
+} dds_security_cryptography;
+
+
+#if defined (__cplusplus)
+}
+#endif
+
+#endif /* DDS_SECURITY_API_CRYPTOGRAPHY_H */
diff --git a/src/security/api/include/dds/security/dds_security_api_defs.h b/src/security/api/include/dds/security/dds_security_api_defs.h
new file mode 100644
index 0000000..82baa98
--- /dev/null
+++ b/src/security/api/include/dds/security/dds_security_api_defs.h
@@ -0,0 +1,189 @@
+/*
+ * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
+ * v. 1.0 which is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+ */
+
+#ifndef DDS_SECURITY_API_DEF_H
+#define DDS_SECURITY_API_DEF_H
+
+#include "dds_security_api_err.h"
+
+#if defined (__cplusplus)
+extern "C" {
+#endif
+
+
+
+/**************************************************************************
+ * *
+ * Return values. *
+ * *
+ **************************************************************************/
+typedef enum {
+ DDS_SECURITY_VALIDATION_OK,
+ DDS_SECURITY_VALIDATION_FAILED,
+ DDS_SECURITY_VALIDATION_PENDING_RETRY,
+ DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_REQUEST,
+ DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_MESSAGE,
+ DDS_SECURITY_VALIDATION_OK_FINAL_MESSAGE
+} DDS_Security_ValidationResult_t;
+
+#define DDS_SECURITY_HANDLE_NIL (0)
+
+
+
+
+/**************************************************************************
+ * *
+ * Attribute flags. *
+ * *
+ **************************************************************************/
+#define DDS_SECURITY_PARTICIPANT_ATTRIBUTES_FLAG_IS_RTPS_PROTECTED (0x00000001 )
+#define DDS_SECURITY_PARTICIPANT_ATTRIBUTES_FLAG_IS_DISCOVERY_PROTECTED (0x00000001 << 1)
+#define DDS_SECURITY_PARTICIPANT_ATTRIBUTES_FLAG_IS_LIVELINESS_PROTECTED (0x00000001 << 2)
+#define DDS_SECURITY_PARTICIPANT_ATTRIBUTES_FLAG_IS_VALID (0x00000001 << 31)
+
+#define DDS_SECURITY_PLUGIN_PARTICIPANT_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED (0x00000001 )
+#define DDS_SECURITY_PLUGIN_PARTICIPANT_ATTRIBUTES_FLAG_IS_DISCOVERY_ENCRYPTED (0x00000001 << 1)
+#define DDS_SECURITY_PLUGIN_PARTICIPANT_ATTRIBUTES_FLAG_IS_LIVELINESS_ENCRYPTED (0x00000001 << 2)
+#define DDS_SECURITY_PLUGIN_PARTICIPANT_ATTRIBUTES_FLAG_IS_RTPS_AUTHENTICATED (0x00000001 << 3)
+#define DDS_SECURITY_PLUGIN_PARTICIPANT_ATTRIBUTES_FLAG_IS_DISCOVERY_AUTHENTICATED (0x00000001 << 4)
+#define DDS_SECURITY_PLUGIN_PARTICIPANT_ATTRIBUTES_FLAG_IS_LIVELINESS_AUTHENTICATED (0x00000001 << 5)
+
+#define DDS_SECURITY_ENDPOINT_ATTRIBUTES_FLAG_IS_READ_PROTECTED (0x00000001 )
+#define DDS_SECURITY_ENDPOINT_ATTRIBUTES_FLAG_IS_WRITE_PROTECTED (0x00000001 << 1)
+#define DDS_SECURITY_ENDPOINT_ATTRIBUTES_FLAG_IS_DISCOVERY_PROTECTED (0x00000001 << 2)
+#define DDS_SECURITY_ENDPOINT_ATTRIBUTES_FLAG_IS_SUBMESSAGE_PROTECTED (0x00000001 << 3)
+#define DDS_SECURITY_ENDPOINT_ATTRIBUTES_FLAG_IS_PAYLOAD_PROTECTED (0x00000001 << 4)
+#define DDS_SECURITY_ENDPOINT_ATTRIBUTES_FLAG_IS_KEY_PROTECTED (0x00000001 << 5)
+#define DDS_SECURITY_ENDPOINT_ATTRIBUTES_FLAG_IS_LIVELINESS_PROTECTED (0x00000001 << 6)
+#define DDS_SECURITY_ENDPOINT_ATTRIBUTES_FLAG_IS_VALID (0x00000001 << 31)
+
+#define DDS_SECURITY_PLUGIN_ENDPOINT_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ENCRYPTED (0x00000001 )
+#define DDS_SECURITY_PLUGIN_ENDPOINT_ATTRIBUTES_FLAG_IS_PAYLOAD_ENCRYPTED (0x00000001 << 1)
+#define DDS_SECURITY_PLUGIN_ENDPOINT_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED (0x00000001 << 2)
+
+
+
+
+/**************************************************************************
+ * *
+ * Protection types. *
+ * *
+ **************************************************************************/
+typedef enum {
+ DDS_SECURITY_PROTECTION_KIND_ENCRYPT_WITH_ORIGIN_AUTHENTICATION,
+ DDS_SECURITY_PROTECTION_KIND_SIGN_WITH_ORIGIN_AUTHENTICATION,
+ DDS_SECURITY_PROTECTION_KIND_ENCRYPT,
+ DDS_SECURITY_PROTECTION_KIND_SIGN,
+ DDS_SECURITY_PROTECTION_KIND_NONE
+} DDS_Security_ProtectionKind;
+
+typedef enum {
+ DDS_SECURITY_BASICPROTECTION_KIND_ENCRYPT,
+ DDS_SECURITY_BASICPROTECTION_KIND_SIGN,
+ DDS_SECURITY_BASICPROTECTION_KIND_NONE
+} DDS_Security_BasicProtectionKind;
+
+
+
+
+/**************************************************************************
+ * *
+ * Submessage categories. *
+ * *
+ **************************************************************************/
+typedef enum {
+ DDS_SECURITY_INFO_SUBMESSAGE,
+ DDS_SECURITY_DATAWRITER_SUBMESSAGE,
+ DDS_SECURITY_DATAREADER_SUBMESSAGE
+} DDS_Security_SecureSubmessageCategory_t;
+
+
+
+
+/**************************************************************************
+ * *
+ * QoS Policies content. *
+ * *
+ **************************************************************************/
+typedef enum {
+ DDS_SECURITY_AUTOMATIC_LIVELINESS_QOS,
+ DDS_SECURITY_MANUAL_BY_PARTICIPANT_LIVELINESS_QOS,
+ DDS_SECURITY_MANUAL_BY_TOPIC_LIVELINESS_QOS
+} DDS_Security_LivelinessQosPolicyKind;
+
+typedef enum {
+ DDS_SECURITY_BEST_EFFORT_RELIABILITY_QOS,
+ DDS_SECURITY_RELIABLE_RELIABILITY_QOS
+} DDS_Security_ReliabilityQosPolicyKind;
+
+typedef enum {
+ DDS_SECURITY_BY_RECEPTION_TIMESTAMP_DESTINATIONORDER_QOS,
+ DDS_SECURITY_BY_SOURCE_TIMESTAMP_DESTINATIONORDER_QOS
+} DDS_Security_DestinationOrderQosPolicyKind;
+
+typedef enum {
+ DDS_SECURITY_INSTANCE_PRESENTATION_QOS,
+ DDS_SECURITY_TOPIC_PRESENTATION_QOS,
+ DDS_SECURITY_GROUP_PRESENTATION_QOS
+} DDS_Security_PresentationQosPolicyAccessScopeKind;
+
+typedef enum {
+ DDS_SECURITY_KEEP_LAST_HISTORY_QOS,
+ DDS_SECURITY_KEEP_ALL_HISTORY_QOS
+} DDS_Security_HistoryQosPolicyKind;
+
+typedef enum {
+ DDS_SECURITY_VOLATILE_DURABILITY_QOS,
+ DDS_SECURITY_TRANSIENT_LOCAL_DURABILITY_QOS,
+ DDS_SECURITY_TRANSIENT_DURABILITY_QOS,
+ DDS_SECURITY_PERSISTENT_DURABILITY_QOS
+} DDS_Security_DurabilityQosPolicyKind;
+
+typedef enum {
+ DDS_SECURITY_SHARED_OWNERSHIP_QOS,
+ DDS_SECURITY_EXCLUSIVE_OWNERSHIP_QOS
+} DDS_Security_OwnershipQosPolicyKind;
+
+
+
+
+/**************************************************************************
+ * *
+ * Listener information. *
+ * *
+ **************************************************************************/
+typedef enum {
+ DDS_SECURITY_IDENTITY_STATUS
+} DDS_Security_AuthStatusKind;
+
+
+
+
+/**************************************************************************
+ * *
+ * Some byte array sizes. *
+ * *
+ **************************************************************************/
+#define DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE 32
+
+#define DDS_SECURITY_MASTER_SALT_SIZE 32
+#define DDS_SECURITY_MASTER_SENDER_KEY_SIZE 32
+#define DDS_SECURITY_MASTER_RECEIVER_SPECIFIC_KEY_SIZE 32
+
+
+
+#if defined (__cplusplus)
+}
+#endif
+
+
+#endif /* DDS_SECURITY_API_DEF_H */
diff --git a/src/security/api/include/dds/security/dds_security_api_err.h b/src/security/api/include/dds/security/dds_security_api_err.h
new file mode 100644
index 0000000..8795a44
--- /dev/null
+++ b/src/security/api/include/dds/security/dds_security_api_err.h
@@ -0,0 +1,121 @@
+/*
+ * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
+ * v. 1.0 which is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+ */
+
+#ifndef DDS_SECURITY_API_ERR_H
+#define DDS_SECURITY_API_ERR_H
+
+
+#if defined (__cplusplus)
+extern "C" {
+#endif
+
+
+#define DDS_SECURITY_ERR_OK_CODE 0
+#define DDS_SECURITY_ERR_OK_MESSAGE "OK"
+#define DDS_SECURITY_ERR_CANNOT_GENERATE_RANDOM_CODE 100
+#define DDS_SECURITY_ERR_CANNOT_GENERATE_RANDOM_MESSAGE "Can not generate random data"
+#define DDS_SECURITY_ERR_IDENTITY_EMPTY_CODE 110
+#define DDS_SECURITY_ERR_IDENTITY_EMPTY_MESSAGE "Identity empty"
+#define DDS_SECURITY_ERR_PARTICIPANT_CRYPTO_HANDLE_EMPTY_CODE 111
+#define DDS_SECURITY_ERR_PARTICIPANT_CRYPTO_HANDLE_EMPTY_MESSAGE "Participant Crypto Handle empty"
+#define DDS_SECURITY_ERR_PERMISSION_HANDLE_EMPTY_CODE 112
+#define DDS_SECURITY_ERR_PERMISSION_HANDLE_EMPTY_MESSAGE "Permission Handle empty"
+#define DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE 113
+#define DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE "Invalid Crypto Handle"
+#define DDS_SECURITY_ERR_INVALID_CRYPTO_ARGUMENT_CODE 114
+#define DDS_SECURITY_ERR_INVALID_CRYPTO_ARGUMENT_MESSAGE "Invalid argument"
+#define DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_CODE 115
+#define DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE "Invalid Crypto token"
+#define DDS_SECURITY_ERR_INVALID_PARAMETER_CODE 116
+#define DDS_SECURITY_ERR_INVALID_PARAMETER_MESSAGE "Invalid parameter"
+#define DDS_SECURITY_ERR_INVALID_FILE_PATH_CODE 117
+#define DDS_SECURITY_ERR_INVALID_FILE_PATH_MESSAGE "File could not be found, opened or is empty, path: %s"
+#define DDS_SECURITY_ERR_INVALID_CRYPTO_TRANSFORMATION_CODE 118
+#define DDS_SECURITY_ERR_INVALID_CRYPTO_TRANSFORMATION_MESSAGE "Unknown or unexpected transformation kind"
+#define DDS_SECURITY_ERR_INVALID_CRYPTO_SIGN_CODE 119
+#define DDS_SECURITY_ERR_INVALID_CRYPTO_SIGN_MESSAGE "Message cannot be authenticated, incorrect signature"
+#define DDS_SECURITY_ERR_INVALID_TRUSTED_CA_DIR_CODE 120
+#define DDS_SECURITY_ERR_INVALID_TRUSTED_CA_DIR_MESSAGE "Can not open trusted CA directory"
+#define DDS_SECURITY_ERR_CA_NOT_TRUSTED_CODE 121
+#define DDS_SECURITY_ERR_CA_NOT_TRUSTED_MESSAGE "Identity CA is not trusted"
+#define DDS_SECURITY_ERR_CERT_STARTDATE_INVALID_CODE 122
+#define DDS_SECURITY_ERR_CERT_STARTDATE_INVALID_MESSAGE "Certificate start date is in the future"
+#define DDS_SECURITY_ERR_CERT_EXPIRED_CODE 123
+#define DDS_SECURITY_ERR_CERT_EXPIRED_MESSAGE "Certificate expired"
+#define DDS_SECURITY_ERR_INVALID_CRYPTO_RECEIVER_SIGN_CODE 124
+#define DDS_SECURITY_ERR_CERT_AUTHENTICATION_ALGO_KIND_UNKNOWN_CODE 125
+#define DDS_SECURITY_ERR_CERT_AUTHENTICATION_ALGO_KIND_UNKNOWN_MESSAGE "Certificate authentication algorithm unknown"
+#define DDS_SECURITY_ERR_ALLOCATION_FAILED_CODE 126
+#define DDS_SECURITY_ERR_ALLOCATION_FAILED_MESSAGE "Failed to allocate internal structure"
+#define DDS_SECURITY_ERR_INVALID_SMIME_DOCUMENT_CODE 127
+#define DDS_SECURITY_ERR_INVALID_SMIME_DOCUMENT_MESSAGE "Failed to parse PKCS7 SMIME document"
+#define DDS_SECURITY_ERR_MISSING_PROPERTY_CODE 128
+#define DDS_SECURITY_ERR_MISSING_PROPERTY_MESSAGE "Property is missing: (%s)"
+#define DDS_SECURITY_ERR_INVALID_PERMISSION_DOCUMENT_PROPERTY_CODE 129
+#define DDS_SECURITY_ERR_INVALID_PERMISSION_DOCUMENT_PROPERTY_MESSAGE "Permissions document is invalid"
+#define DDS_SECURITY_ERR_INVALID_GOVERNANCE_DOCUMENT_PROPERTY_CODE 130
+#define DDS_SECURITY_ERR_INVALID_GOVERNANCE_DOCUMENT_PROPERTY_MESSAGE "Governance document is invalid"
+#define DDS_SECURITY_ERR_OPERATION_NOT_PERMITTED_CODE 131
+#define DDS_SECURITY_ERR_OPERATION_NOT_PERMITTED_MESSAGE "Operation is not permitted in this state"
+#define DDS_SECURITY_ERR_MISSING_REMOTE_PERMISSIONS_DOCUMENT_CODE 132
+#define DDS_SECURITY_ERR_MISSING_REMOTE_PERMISSIONS_DOCUMENT_MESSAGE "Remote permissions document is not available"
+#define DDS_SECURITY_ERR_INVALID_CERTIFICATE_CODE 133
+#define DDS_SECURITY_ERR_INVALID_CERTICICATE_MESSAGE "Certificate is invalid"
+#define DDS_SECURITY_ERR_CERTIFICATE_TYPE_NOT_SUPPORTED_CODE 134
+#define DDS_SECURITY_ERR_CERTIFICATE_TYPE_NOT_SUPPORTED_MESSAGE "Certificate type is not supported"
+#define DDS_SECURITY_ERR_GOVERNANCE_PROPERTY_REQUIRED_CODE 135
+#define DDS_SECURITY_ERR_GOVERNANCE_PROPERTY_REQUIRED_MESSAGE "Governance property is required"
+#define DDS_SECURITY_ERR_PERMISSIONS_CA_PROPERTY_REQUIRED_CODE 136
+#define DDS_SECURITY_ERR_PERMISSIONS_CA_PROPERTY_REQUIRED_MESSAGE "Permissions CA property is required"
+#define DDS_SECURITY_ERR_CAN_NOT_PARSE_GOVERNANCE_CODE 137
+#define DDS_SECURITY_ERR_CAN_NOT_PARSE_GOVERNANCE_MESSAGE "Can not parse governance file"
+#define DDS_SECURITY_ERR_CAN_NOT_PARSE_PERMISSIONS_CODE 138
+#define DDS_SECURITY_ERR_CAN_NOT_PARSE_PERMISSIONS_MESSAGE "Can not parse permissions file"
+#define DDS_SECURITY_ERR_CAN_NOT_FIND_TOPIC_PERMISSIONS_CODE 139
+#define DDS_SECURITY_ERR_CAN_NOT_FIND_TOPIC_PERMISSIONS_MESSAGE "Could not find permissions for topic"
+#define DDS_SECURITY_ERR_CAN_NOT_FIND_DOMAIN_IN_PERMISSIONS_CODE 140
+#define DDS_SECURITY_ERR_CAN_NOT_FIND_DOMAIN_IN_PERMISSIONS_MESSAGE "Could not find domain %d in permissions"
+#define DDS_SECURITY_ERR_CAN_NOT_FIND_DOMAIN_IN_GOVERNANCE_CODE 141
+#define DDS_SECURITY_ERR_CAN_NOT_FIND_DOMAIN_IN_GOVERNANCE_MESSAGE "Could not find domain %d in governance"
+#define DDS_SECURITY_ERR_CAN_NOT_FIND_TOPIC_IN_DOMAIN_CODE 142
+#define DDS_SECURITY_ERR_CAN_NOT_FIND_TOPIC_IN_DOMAIN_MESSAGE "Could not find %s topic attributes for domain(%d) in governance"
+#define DDS_SECURITY_ERR_INCOMPATIBLE_REMOTE_PLUGIN_CLASSNAME_CODE 143
+#define DDS_SECURITY_ERR_INCOMPATIBLE_REMOTE_PLUGIN_CLASSNAME_MESSAGE "PluginClass in remote token is incompatible"
+#define DDS_SECURITY_ERR_INCOMPATIBLE_REMOTE_PLUGIN_MAJORVERSION_CODE 144
+#define DDS_SECURITY_ERR_INCOMPATIBLE_REMOTE_PLUGIN_MAJORVERSION_MESSAGE "MajorVersion in remote token is incompatible"
+#define DDS_SECURITY_ERR_ACCESS_DENIED_CODE 145
+#define DDS_SECURITY_ERR_ACCESS_DENIED_MESSAGE "Access denied by access control"
+#define DDS_SECURITY_ERR_INVALID_SUBJECT_NAME_CODE 146
+#define DDS_SECURITY_ERR_INVALID_SUBJECT_NAME_MESSAGE "Subject name is invalid"
+#define DDS_SECURITY_ERR_VALIDITY_PERIOD_EXPIRED_CODE 147
+#define DDS_SECURITY_ERR_VALIDITY_PERIOD_EXPIRED_MESSAGE "Permissions validity period expired for %s"
+#define DDS_SECURITY_ERR_VALIDITY_PERIOD_NOT_STARTED_CODE 148
+#define DDS_SECURITY_ERR_VALIDITY_PERIOD_NOT_STARTED_MESSAGE "Permissions validity period has not started yet for %s"
+#define DDS_SECURITY_ERR_CAN_NOT_FIND_PERMISSIONS_GRANT_CODE 149
+#define DDS_SECURITY_ERR_CAN_NOT_FIND_PERMISSIONS_GRANT_MESSAGE "Could not find valid grant in permissions"
+#define DDS_SECURITY_ERR_PERMISSIONS_OUT_OF_VALIDITY_DATE_CODE 150
+#define DDS_SECURITY_ERR_PERMISSIONS_OUT_OF_VALIDITY_DATE_MESSAGE "Permissions of subject (%s) outside validity date: %s - %s"
+#define DDS_SECURITY_ERR_URI_TYPE_NOT_SUPPORTED_CODE 151
+#define DDS_SECURITY_ERR_URI_TYPE_NOT_SUPPORTED_MESSAGE "Unsupported URI type: %s"
+
+#define DDS_SECURITY_ERR_UNDEFINED_CODE 200
+#define DDS_SECURITY_ERR_UNDEFINED_MESSAGE "Undefined Error Message"
+
+
+#define DDS_SECURITY_ERR_CIPHER_ERROR 301
+
+#if defined (__cplusplus)
+}
+#endif
+
+#endif /* DDS_SECURITY_API_ERR_H */
+
diff --git a/src/security/api/include/dds/security/dds_security_api_types.h b/src/security/api/include/dds/security/dds_security_api_types.h
new file mode 100644
index 0000000..4e669b4
--- /dev/null
+++ b/src/security/api/include/dds/security/dds_security_api_types.h
@@ -0,0 +1,489 @@
+/*
+ * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
+ * v. 1.0 which is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+ */
+
+#ifndef DDS_SECURITY_API_TYPES_H
+#define DDS_SECURITY_API_TYPES_H
+
+#include "dds_security_api_defs.h"
+#include "stdint.h"
+
+#if defined (__cplusplus)
+extern "C" {
+#endif
+
+
+
+/**************************************************************************
+ * *
+ * Primitive types. *
+ * *
+ **************************************************************************/
+typedef int16_t DDS_Security_short;
+typedef int32_t DDS_Security_long;
+typedef int64_t DDS_Security_long_long;
+typedef uint16_t DDS_Security_unsigned_short;
+typedef uint32_t DDS_Security_unsigned_long;
+typedef uint64_t DDS_Security_unsigned_long_long;
+typedef float DDS_Security_float;
+typedef double DDS_Security_double;
+typedef long double DDS_Security_long_double;
+typedef char DDS_Security_char;
+typedef unsigned char DDS_Security_octet;
+typedef unsigned char DDS_Security_boolean;
+typedef DDS_Security_char * DDS_Security_string;
+typedef void * DDS_Security_Object;
+
+/* Sequences */
+typedef struct {
+ DDS_Security_unsigned_long _maximum;
+ DDS_Security_unsigned_long _length;
+ DDS_Security_octet *_buffer;
+} DDS_Security_OctetSeq;
+
+typedef struct {
+ DDS_Security_unsigned_long _maximum;
+ DDS_Security_unsigned_long _length;
+ DDS_Security_string *_buffer;
+} DDS_Security_StringSeq;
+
+typedef struct {
+ DDS_Security_unsigned_long _maximum;
+ DDS_Security_unsigned_long _length;
+ DDS_Security_long_long *_buffer;
+} DDS_Security_LongLongSeq;
+
+
+
+
+/**************************************************************************
+ * *
+ * Simple types. *
+ * *
+ **************************************************************************/
+typedef DDS_Security_long_long DDS_Security_IdentityHandle;
+typedef DDS_Security_long_long DDS_Security_InstanceHandle;
+typedef DDS_Security_long_long DDS_Security_HandshakeHandle;
+typedef DDS_Security_long_long DDS_Security_SharedSecretHandle;
+typedef DDS_Security_long_long DDS_Security_PermissionsHandle;
+typedef DDS_Security_long_long DDS_Security_ParticipantCryptoHandle;
+typedef DDS_Security_long_long DDS_Security_DatawriterCryptoHandle;
+typedef DDS_Security_long_long DDS_Security_DatareaderCryptoHandle;
+
+typedef DDS_Security_long DDS_Security_DynamicData;
+
+typedef DDS_Security_long DDS_Security_DomainId; /* Valid values 0 <= id <= 230 */
+
+typedef DDS_Security_long DDS_Security_Entity;
+
+typedef DDS_Security_unsigned_long DDS_Security_BuiltinTopicKey_t[3];
+
+typedef DDS_Security_octet DDS_Security_GuidPrefix_t[12];
+
+/* Sequences */
+typedef DDS_Security_LongLongSeq DDS_Security_ParticipantCryptoHandleSeq;
+typedef DDS_Security_LongLongSeq DDS_Security_DatawriterCryptoHandleSeq;
+typedef DDS_Security_LongLongSeq DDS_Security_DatareaderCryptoHandleSeq;
+
+
+
+
+/**************************************************************************
+ * *
+ * Simple structures. *
+ * *
+ **************************************************************************/
+typedef struct {
+ DDS_Security_string message;
+ DDS_Security_long code;
+ DDS_Security_long minor_code;
+} DDS_Security_SecurityException;
+
+typedef struct {
+ DDS_Security_octet entityKey[3];
+ DDS_Security_octet entityKind;
+} DDS_Security_EntityId_t;
+
+typedef struct {
+ DDS_Security_GuidPrefix_t prefix;
+ DDS_Security_EntityId_t entityId;
+} DDS_Security_GUID_t;
+
+typedef struct {
+ DDS_Security_long sec;
+ DDS_Security_unsigned_long nanosec;
+} DDS_Security_Duration_t;
+
+
+
+
+/**************************************************************************
+ * *
+ * Properties. *
+ * *
+ **************************************************************************/
+typedef struct {
+ DDS_Security_string name;
+ DDS_Security_string value;
+ DDS_Security_boolean propagate;
+} DDS_Security_Property_t;
+
+typedef struct {
+ DDS_Security_unsigned_long _maximum;
+ DDS_Security_unsigned_long _length;
+ DDS_Security_Property_t *_buffer;
+} DDS_Security_PropertySeq;
+
+typedef struct {
+ DDS_Security_string name;
+ DDS_Security_OctetSeq value;
+ DDS_Security_boolean propagate;
+} DDS_Security_BinaryProperty_t;
+
+typedef struct {
+ DDS_Security_unsigned_long _maximum;
+ DDS_Security_unsigned_long _length;
+ DDS_Security_BinaryProperty_t *_buffer;
+} DDS_Security_BinaryPropertySeq;
+
+
+
+
+/**************************************************************************
+ * *
+ * DataTags. *
+ * *
+ **************************************************************************/
+typedef struct {
+ DDS_Security_string name;
+ DDS_Security_string value;
+} DDS_Security_Tag;
+
+typedef struct {
+ DDS_Security_unsigned_long _maximum;
+ DDS_Security_unsigned_long _length;
+ DDS_Security_Tag *_buffer;
+} DDS_Security_TagSeq;
+
+typedef struct {
+ DDS_Security_TagSeq tags;
+} DDS_Security_DataTags;
+
+
+
+
+/**************************************************************************
+ * *
+ * Attributes. *
+ * *
+ **************************************************************************/
+typedef DDS_Security_unsigned_long DDS_Security_EndpointSecurityAttributesMask;
+typedef DDS_Security_unsigned_long DDS_Security_PluginEndpointSecurityAttributesMask;
+
+typedef DDS_Security_unsigned_long DDS_Security_ParticipantSecurityAttributesMask;
+typedef DDS_Security_unsigned_long DDS_Security_PluginParticipantSecurityAttributesMask;
+
+typedef struct {
+ DDS_Security_boolean allow_unauthenticated_participants;
+ DDS_Security_boolean is_access_protected;
+ DDS_Security_boolean is_rtps_protected;
+ DDS_Security_boolean is_discovery_protected;
+ DDS_Security_boolean is_liveliness_protected;
+ DDS_Security_ParticipantSecurityAttributesMask plugin_participant_attributes;
+ DDS_Security_PropertySeq ac_endpoint_properties;
+} DDS_Security_ParticipantSecurityAttributes;
+
+typedef struct {
+ DDS_Security_boolean is_read_protected;
+ DDS_Security_boolean is_write_protected;
+ DDS_Security_boolean is_discovery_protected;
+ DDS_Security_boolean is_liveliness_protected;
+} DDS_Security_TopicSecurityAttributes;
+
+typedef struct {
+ DDS_Security_boolean is_read_protected;
+ DDS_Security_boolean is_write_protected;
+ DDS_Security_boolean is_discovery_protected;
+ DDS_Security_boolean is_liveliness_protected;
+ DDS_Security_boolean is_submessage_protected;
+ DDS_Security_boolean is_payload_protected;
+ DDS_Security_boolean is_key_protected;
+ DDS_Security_PluginEndpointSecurityAttributesMask plugin_endpoint_attributes;
+ DDS_Security_PropertySeq ac_endpoint_properties;
+} DDS_Security_EndpointSecurityAttributes;
+
+typedef struct {
+ DDS_Security_ParticipantSecurityAttributesMask participant_security_attributes;
+ DDS_Security_PluginParticipantSecurityAttributesMask plugin_participant_security_attributes;
+} DDS_Security_ParticipantSecurityInfo;
+
+typedef struct {
+ DDS_Security_EndpointSecurityAttributesMask endpoint_security_mask;
+ DDS_Security_PluginEndpointSecurityAttributesMask plugin_endpoint_security_mask;
+} DDS_Security_EndpointSecurityInfo;
+
+
+
+
+/**************************************************************************
+ * *
+ * Tokens. *
+ * *
+ **************************************************************************/
+typedef struct {
+ DDS_Security_string class_id;
+ DDS_Security_PropertySeq properties;
+ DDS_Security_BinaryPropertySeq binary_properties;
+} DDS_Security_DataHolder;
+
+typedef struct {
+ DDS_Security_unsigned_long _maximum;
+ DDS_Security_unsigned_long _length;
+ DDS_Security_DataHolder *_buffer;
+} DDS_Security_DataHolderSeq;
+
+typedef DDS_Security_DataHolder DDS_Security_Token;
+typedef DDS_Security_DataHolder DDS_Security_MessageToken;
+typedef DDS_Security_DataHolder DDS_Security_IdentityToken;
+typedef DDS_Security_DataHolder DDS_Security_PermissionsToken;
+typedef DDS_Security_DataHolder DDS_Security_IdentityStatusToken;
+typedef DDS_Security_DataHolder DDS_Security_AuthRequestMessageToken;
+typedef DDS_Security_DataHolder DDS_Security_HandshakeMessageToken;
+typedef DDS_Security_DataHolder DDS_Security_AuthenticatedPeerCredentialToken;
+typedef DDS_Security_DataHolder DDS_Security_PermissionsCredentialToken;
+typedef DDS_Security_DataHolder DDS_Security_CryptoToken;
+typedef DDS_Security_DataHolder DDS_Security_ParticipantCryptoToken;
+typedef DDS_Security_DataHolder DDS_Security_DatawriterCryptoToken;
+typedef DDS_Security_DataHolder DDS_Security_DatareaderCryptoToken;
+
+typedef DDS_Security_DataHolderSeq DDS_Security_CryptoTokenSeq;
+
+typedef DDS_Security_CryptoTokenSeq DDS_Security_ParticipantCryptoTokenSeq;
+typedef DDS_Security_CryptoTokenSeq DDS_Security_DatareaderCryptoTokenSeq;
+typedef DDS_Security_CryptoTokenSeq DDS_Security_DatawriterCryptoTokenSeq;
+
+
+
+
+/**************************************************************************
+ * *
+ * Policies. *
+ * *
+ **************************************************************************/
+typedef DDS_Security_DataTags DDS_Security_DataTagQosPolicy;
+
+typedef struct {
+ DDS_Security_PropertySeq value;
+ DDS_Security_BinaryPropertySeq binary_value;
+} DDS_Security_PropertyQosPolicy;
+
+typedef struct {
+ DDS_Security_DurabilityQosPolicyKind kind;
+} DDS_Security_DurabilityQosPolicy;
+
+typedef struct {
+ DDS_Security_Duration_t period;
+} DDS_Security_DeadlineQosPolicy;
+
+typedef struct {
+ DDS_Security_Duration_t duration;
+} DDS_Security_LatencyBudgetQosPolicy;
+
+typedef struct {
+ DDS_Security_OwnershipQosPolicyKind kind;
+} DDS_Security_OwnershipQosPolicy;
+
+typedef struct {
+ DDS_Security_LivelinessQosPolicyKind kind;
+ DDS_Security_Duration_t lease_duration;
+} DDS_Security_LivelinessQosPolicy;
+
+typedef struct {
+ DDS_Security_ReliabilityQosPolicyKind kind;
+ DDS_Security_Duration_t max_blocking_time;
+ DDS_Security_boolean synchronous;
+} DDS_Security_ReliabilityQosPolicy;
+
+typedef struct {
+ DDS_Security_Duration_t duration;
+} DDS_Security_LifespanQosPolicy;
+
+typedef struct {
+ DDS_Security_DestinationOrderQosPolicyKind kind;
+} DDS_Security_DestinationOrderQosPolicy;
+
+typedef struct {
+ DDS_Security_OctetSeq value;
+} DDS_Security_UserDataQosPolicy;
+
+typedef struct {
+ DDS_Security_long value;
+} DDS_Security_OwnershipStrengthQosPolicy;
+
+typedef struct {
+ DDS_Security_PresentationQosPolicyAccessScopeKind access_scope;
+ DDS_Security_boolean coherent_access;
+ DDS_Security_boolean ordered_access;
+} DDS_Security_PresentationQosPolicy;
+
+typedef struct {
+ DDS_Security_StringSeq name;
+} DDS_Security_PartitionQosPolicy;
+
+typedef struct {
+ DDS_Security_OctetSeq value;
+} DDS_Security_TopicDataQosPolicy;
+
+typedef struct {
+ DDS_Security_OctetSeq value;
+} DDS_Security_GroupDataQosPolicy;
+
+typedef struct {
+ DDS_Security_Duration_t minimum_separation;
+} DDS_Security_TimeBasedFilterQosPolicy;
+
+typedef struct {
+ DDS_Security_Duration_t service_cleanup_delay;
+ DDS_Security_HistoryQosPolicyKind history_kind;
+ DDS_Security_long history_depth;
+ DDS_Security_long max_samples;
+ DDS_Security_long max_instances;
+ DDS_Security_long max_samples_per_instance;
+} DDS_Security_DurabilityServiceQosPolicy;
+
+typedef struct {
+ DDS_Security_long value;
+} DDS_Security_TransportPriorityQosPolicy;
+
+typedef struct {
+ DDS_Security_HistoryQosPolicyKind kind;
+ DDS_Security_long depth;
+} DDS_Security_HistoryQosPolicy;
+
+typedef struct {
+ DDS_Security_long max_samples;
+ DDS_Security_long max_instances;
+ DDS_Security_long max_samples_per_instance;
+} DDS_Security_ResourceLimitsQosPolicy;
+
+
+
+
+/**************************************************************************
+ * *
+ * QoS. *
+ * *
+ **************************************************************************/
+typedef struct {
+ // Existing policies from the DDS specification are ignored.
+ DDS_Security_PropertyQosPolicy property;
+ DDS_Security_DataTagQosPolicy data_tags;
+} DDS_Security_Qos;
+
+
+
+
+/**************************************************************************
+ * *
+ * Messages. *
+ * *
+ **************************************************************************/
+typedef struct {
+ DDS_Security_BuiltinTopicKey_t key;
+ DDS_Security_BuiltinTopicKey_t participant_key;
+ DDS_Security_string topic_name;
+ DDS_Security_string type_name;
+ DDS_Security_DurabilityQosPolicy durability;
+ DDS_Security_DeadlineQosPolicy deadline;
+ DDS_Security_LatencyBudgetQosPolicy latency_budget;
+ DDS_Security_LivelinessQosPolicy liveliness;
+ DDS_Security_ReliabilityQosPolicy reliability;
+ DDS_Security_LifespanQosPolicy lifespan;
+ DDS_Security_DestinationOrderQosPolicy destination_order;
+ DDS_Security_UserDataQosPolicy user_data;
+ DDS_Security_OwnershipQosPolicy ownership;
+ DDS_Security_OwnershipStrengthQosPolicy ownership_strength;
+ DDS_Security_PresentationQosPolicy presentation;
+ DDS_Security_PartitionQosPolicy partition;
+ DDS_Security_TopicDataQosPolicy topic_data;
+ DDS_Security_GroupDataQosPolicy group_data;
+ DDS_Security_EndpointSecurityInfo security_info;
+ DDS_Security_DataTags data_tags;
+} DDS_Security_PublicationBuiltinTopicDataSecure;
+
+typedef struct {
+ DDS_Security_BuiltinTopicKey_t key;
+ DDS_Security_BuiltinTopicKey_t participant_key;
+ DDS_Security_string topic_name;
+ DDS_Security_string type_name;
+ DDS_Security_DurabilityQosPolicy durability;
+ DDS_Security_DeadlineQosPolicy deadline;
+ DDS_Security_LatencyBudgetQosPolicy latency_budget;
+ DDS_Security_LivelinessQosPolicy liveliness;
+ DDS_Security_ReliabilityQosPolicy reliability;
+ DDS_Security_OwnershipQosPolicy ownership;
+ DDS_Security_DestinationOrderQosPolicy destination_order;
+ DDS_Security_UserDataQosPolicy user_data;
+ DDS_Security_TimeBasedFilterQosPolicy time_based_filter;
+ DDS_Security_PresentationQosPolicy presentation;
+ DDS_Security_PartitionQosPolicy partition;
+ DDS_Security_TopicDataQosPolicy topic_data;
+ DDS_Security_GroupDataQosPolicy group_data;
+ DDS_Security_EndpointSecurityInfo security_info;
+ DDS_Security_DataTags data_tags;
+} DDS_Security_SubscriptionBuiltinTopicDataSecure;
+
+typedef struct {
+ DDS_Security_BuiltinTopicKey_t key;
+ DDS_Security_string name;
+ DDS_Security_string type_name;
+ DDS_Security_DurabilityQosPolicy durability;
+ DDS_Security_DurabilityServiceQosPolicy durability_service;
+ DDS_Security_DeadlineQosPolicy deadline;
+ DDS_Security_LatencyBudgetQosPolicy latency_budget;
+ DDS_Security_LivelinessQosPolicy liveliness;
+ DDS_Security_ReliabilityQosPolicy reliability;
+ DDS_Security_TransportPriorityQosPolicy transport_priority;
+ DDS_Security_LifespanQosPolicy lifespan;
+ DDS_Security_DestinationOrderQosPolicy destination_order;
+ DDS_Security_HistoryQosPolicy history;
+ DDS_Security_ResourceLimitsQosPolicy resource_limits;
+ DDS_Security_OwnershipQosPolicy ownership;
+ DDS_Security_TopicDataQosPolicy topic_data;
+} DDS_Security_TopicBuiltinTopicData;
+
+typedef struct {
+ DDS_Security_BuiltinTopicKey_t key;
+ DDS_Security_UserDataQosPolicy user_data;
+ DDS_Security_IdentityToken identity_token;
+ DDS_Security_PermissionsToken permissions_token;
+ DDS_Security_PropertyQosPolicy property;
+ DDS_Security_ParticipantSecurityInfo security_info;
+} DDS_Security_ParticipantBuiltinTopicData;
+
+typedef struct {
+ DDS_Security_BuiltinTopicKey_t key;
+ DDS_Security_UserDataQosPolicy user_data;
+ DDS_Security_IdentityToken identity_token;
+ DDS_Security_PermissionsToken permissions_token;
+ DDS_Security_PropertyQosPolicy property;
+ DDS_Security_ParticipantSecurityInfo security_info;
+ DDS_Security_IdentityStatusToken identity_status_token;
+} DDS_Security_ParticipantBuiltinTopicDataSecure;
+
+
+
+#if defined (__cplusplus)
+}
+#endif
+
+#endif /* DDS_SECURITY_API_TYPES_H */
+