niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add a test that validates that a plain message is not read by a remote reader in case payload/submsg/rtps encryption or signing is enabled

Browse source 
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
This commit is contained in:
Dennis Potman 2020-05-11 21:53:56 +02:00 committed by eboasson
parent 9ba54c70e7
commit cf75263d1d
4 changed files with 298 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/security/core/tests/CMakeLists.txt
View file

@ -79,6 +79,7 @@ if(ENABLE_SSL)
"authentication.c"
"access_control.c"
"config.c"
"crypto.c"
"handshake.c"
"plugin_loading.c"
"secure_communication.c"

133
src/security/core/tests/common/cryptography_wrapper.c
View file

@ -33,7 +33,8 @@ enum crypto_plugin_mode {
PLUGIN_MODE_ALL_OK,
PLUGIN_MODE_MISSING_FUNC,
PLUGIN_MODE_WRAPPED,
PLUGIN_MODE_TOKEN_LOG
PLUGIN_MODE_TOKEN_LOG,
PLUGIN_MODE_PLAIN_DATA
};
struct dds_security_crypto_key_exchange_impl {
@ -76,6 +77,10 @@ struct dds_security_cryptography_impl {
struct ddsrt_circlist token_data_list;
ddsrt_mutex_t encode_decode_log_lock;
struct ddsrt_circlist encode_decode_log;
bool force_plain_rtps;
bool force_plain_submsg;
bool force_plain_payload;
DDS_Security_DatawriterCryptoHandle force_plain_sender_handle;
};
static DDS_Security_ParticipantCryptoHandle g_local_participant_handle = 0;
@ -120,6 +125,16 @@ void set_entity_data_secret(struct dds_security_cryptography_impl * impl, const
impl->ep_secret = ep_secret;
}
void set_force_plain_data(struct dds_security_cryptography_impl * impl, DDS_Security_DatawriterCryptoHandle handle, bool plain_rtps, bool plain_submsg, bool plain_payload)
{
assert (impl);
assert (impl->mode == PLUGIN_MODE_PLAIN_DATA);
impl->force_plain_rtps = plain_rtps;
impl->force_plain_submsg = plain_submsg;
impl->force_plain_payload = plain_payload;
impl->force_plain_sender_handle = handle;
}
static bool check_crypto_tokens(const DDS_Security_DataHolderSeq *tokens)
{
bool result = true;
@ -371,6 +386,20 @@ static bool expect_encrypted_buffer (DDS_Security_ProtectionKind pk)
return pk == DDS_SECURITY_PROTECTION_KIND_ENCRYPT || pk == DDS_SECURITY_PROTECTION_KIND_ENCRYPT_WITH_ORIGIN_AUTHENTICATION;
}
static void copy_octetseq(DDS_Security_OctetSeq *encoded_submsg, const DDS_Security_OctetSeq *plain_submsg)
{
encoded_submsg->_length = encoded_submsg->_maximum = plain_submsg->_length;
if (plain_submsg->_length > 0)
{
encoded_submsg->_buffer = ddsrt_malloc(encoded_submsg->_length);
memcpy(encoded_submsg->_buffer, plain_submsg->_buffer, encoded_submsg->_length);
}
else
{
encoded_submsg->_buffer = NULL;
}
}
/**
* Crypto key exchange
*/
@ -386,6 +415,7 @@ static DDS_Security_boolean create_local_participant_crypto_tokens(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
{
DDS_Security_boolean ret = impl->instance->create_local_participant_crypto_tokens (impl->instance, local_participant_crypto_tokens,
local_participant_crypto, remote_participant_crypto, ex);
@ -410,6 +440,7 @@ static DDS_Security_boolean set_remote_participant_crypto_tokens(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
{
DDS_Security_boolean ret = impl->instance->set_remote_participant_crypto_tokens (impl->instance, check_handle (local_participant_crypto),
check_handle (remote_participant_crypto), remote_participant_tokens, ex);
@ -434,6 +465,7 @@ static DDS_Security_boolean create_local_datawriter_crypto_tokens(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
{
DDS_Security_boolean ret = impl->instance->create_local_datawriter_crypto_tokens (impl->instance, local_datawriter_crypto_tokens,
check_handle (local_datawriter_crypto), check_handle (remote_datareader_crypto), ex);
@ -458,6 +490,7 @@ static DDS_Security_boolean set_remote_datawriter_crypto_tokens(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
{
DDS_Security_boolean ret = impl->instance->set_remote_datawriter_crypto_tokens (impl->instance, check_handle (local_datareader_crypto),
check_handle (remote_datawriter_crypto), remote_datawriter_tokens, ex);
@ -482,6 +515,7 @@ static DDS_Security_boolean create_local_datareader_crypto_tokens(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
{
DDS_Security_boolean ret = impl->instance->create_local_datareader_crypto_tokens (impl->instance, local_datareader_cryto_tokens,
check_handle (local_datareader_crypto), check_handle (remote_datawriter_crypto), ex);
@ -506,6 +540,7 @@ static DDS_Security_boolean set_remote_datareader_crypto_tokens(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
{
DDS_Security_boolean ret = impl->instance->set_remote_datareader_crypto_tokens (impl->instance, check_handle (local_datawriter_crypto),
check_handle (remote_datareader_crypto), remote_datareader_tokens, ex);
@ -528,6 +563,7 @@ static DDS_Security_boolean return_crypto_tokens(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
return impl->instance->return_crypto_tokens (impl->instance, crypto_tokens, ex);
default:
return true;
@ -550,6 +586,7 @@ static DDS_Security_ParticipantCryptoHandle register_local_participant(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
return check_handle (impl->instance->register_local_participant (impl->instance, check_handle (participant_identity),
check_handle (participant_permissions), participant_properties, participant_security_attributes, ex));
default:
@ -570,6 +607,7 @@ static DDS_Security_ParticipantCryptoHandle register_matched_remote_participant(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
return check_handle (impl->instance->register_matched_remote_participant (impl->instance, local_participant_crypto_handle,
remote_participant_identity, remote_participant_permissions, shared_secret, ex));
default:
@ -589,6 +627,7 @@ static DDS_Security_DatawriterCryptoHandle register_local_datawriter(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
return check_handle (impl->instance->register_local_datawriter (impl->instance, check_handle (participant_crypto),
datawriter_properties, datawriter_security_attributes, ex));
default:
@ -609,6 +648,7 @@ static DDS_Security_DatareaderCryptoHandle register_matched_remote_datareader(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
return check_handle (impl->instance->register_matched_remote_datareader (impl->instance, check_handle (local_datawriter_crypto_handle),
check_handle (remote_participant_crypto), check_handle (shared_secret), relay_only, ex));
default:
@ -628,6 +668,7 @@ static DDS_Security_DatareaderCryptoHandle register_local_datareader(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
return check_handle (impl->instance->register_local_datareader (impl->instance, check_handle (participant_crypto),
datareader_properties, datareader_security_attributes, ex));
default:
@ -647,6 +688,7 @@ static DDS_Security_DatawriterCryptoHandle register_matched_remote_datawriter(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
return check_handle (impl->instance->register_matched_remote_datawriter (impl->instance, check_handle (local_datareader_crypto_handle),
check_handle (remote_participant_crypt), shared_secret, ex));
default:
@ -664,6 +706,7 @@ static DDS_Security_boolean unregister_participant(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
return impl->instance->unregister_participant (impl->instance, check_handle (participant_crypto_handle), ex);
default:
return true;
@ -680,6 +723,7 @@ static DDS_Security_boolean unregister_datawriter(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
return impl->instance->unregister_datawriter (impl->instance, check_handle (datawriter_crypto_handle), ex);
default:
return true;
@ -696,6 +740,7 @@ static DDS_Security_boolean unregister_datareader(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
return impl->instance->unregister_datareader (impl->instance, check_handle (datareader_crypto_handle), ex);
default:
return true;
@ -716,6 +761,13 @@ static DDS_Security_boolean encode_serialized_payload(
struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance;
switch (impl->parent->mode)
{
case PLUGIN_MODE_PLAIN_DATA:
if (impl->parent->force_plain_payload && impl->parent->force_plain_sender_handle == sending_datawriter_crypto)
{
copy_octetseq (encoded_buffer, plain_buffer);
return true;
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
{
@ -771,6 +823,15 @@ static DDS_Security_boolean encode_datawriter_submessage(
struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance;
switch (impl->parent->mode)
{
case PLUGIN_MODE_PLAIN_DATA:
if (impl->parent->force_plain_submsg && impl->parent->force_plain_sender_handle == sending_datawriter_crypto)
{
copy_octetseq (encoded_rtps_submessage, plain_rtps_submessage);
assert (receiving_datareader_crypto_list->_length <= INT32_MAX);
*receiving_datareader_crypto_list_index = (int32_t) receiving_datareader_crypto_list->_length;
return true;
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
log_encode_decode (impl->parent, ENCODE_DATAWRITER_SUBMESSAGE, sending_datawriter_crypto);
/* fall-through */
@ -821,6 +882,13 @@ static DDS_Security_boolean encode_datareader_submessage(
struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance;
switch (impl->parent->mode)
{
case PLUGIN_MODE_PLAIN_DATA:
if (impl->parent->force_plain_submsg && impl->parent->force_plain_sender_handle == sending_datareader_crypto)
{
copy_octetseq (encoded_rtps_submessage, plain_rtps_submessage);
return true;
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
log_encode_decode (impl->parent, ENCODE_DATAREADER_SUBMESSAGE, sending_datareader_crypto);
/* fall-through */
@ -846,6 +914,15 @@ static DDS_Security_boolean encode_rtps_message(
struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance;
switch (impl->parent->mode)
{
case PLUGIN_MODE_PLAIN_DATA:
if (impl->parent->force_plain_rtps)
{
copy_octetseq (encoded_rtps_message, plain_rtps_message);
assert (receiving_participant_crypto_list->_length <= INT32_MAX);
*receiving_participant_crypto_list_index = (int32_t) receiving_participant_crypto_list->_length;
return true;
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
if (!impl->instance->encode_rtps_message (impl->instance, encoded_rtps_message,
@ -880,6 +957,7 @@ static DDS_Security_boolean decode_rtps_message(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
return impl->instance->decode_rtps_message (impl->instance, plain_buffer, encoded_buffer,
check_handle (receiving_participant_crypto), check_handle (sending_participant_crypto), ex);
default:
@ -902,6 +980,7 @@ static DDS_Security_boolean preprocess_secure_submsg(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
return impl->instance->preprocess_secure_submsg (impl->instance, datawriter_crypto, datareader_crypto,
secure_submessage_category, encoded_rtps_submessage, check_handle (receiving_participant_crypto), check_handle (sending_participant_crypto), ex);
default:
@ -920,6 +999,7 @@ static DDS_Security_boolean decode_datawriter_submessage(
struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance;
switch (impl->parent->mode)
{
case PLUGIN_MODE_PLAIN_DATA:
case PLUGIN_MODE_WRAPPED:
log_encode_decode (impl->parent, DECODE_DATAWRITER_SUBMESSAGE, receiving_datareader_crypto);
/* fall-through */
@ -942,6 +1022,7 @@ static DDS_Security_boolean decode_datareader_submessage(
struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance;
switch (impl->parent->mode)
{
case PLUGIN_MODE_PLAIN_DATA:
case PLUGIN_MODE_WRAPPED:
log_encode_decode (impl->parent, DECODE_DATAREADER_SUBMESSAGE, receiving_datawriter_crypto);
/* fall-through */
@ -967,6 +1048,7 @@ static DDS_Security_boolean decode_serialized_payload(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_TOKEN_LOG:
case PLUGIN_MODE_PLAIN_DATA:
return impl->instance->decode_serialized_payload(impl->instance, plain_buffer, encoded_buffer,
inline_qos, check_handle (receiving_datareader_crypto), check_handle (sending_datawriter_crypto), ex);
default:
@ -1075,22 +1157,14 @@ int finalize_test_cryptography_missing_func(void *context)
return finalize_test_cryptography_common(impl, false);
}
int init_test_cryptography_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv)
static void init_encode_decode_log(struct dds_security_cryptography_impl *impl)
{
struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, true, gv);
if (!impl)
return DDS_SECURITY_FAILED;
impl->mode = PLUGIN_MODE_WRAPPED;
ddsrt_mutex_init (&impl->encode_decode_log_lock);
ddsrt_circlist_init (&impl->encode_decode_log);
*context = impl;
return DDS_SECURITY_SUCCESS;
}
int finalize_test_cryptography_wrapped(void *context)
static void fini_encode_decode_log(struct dds_security_cryptography_impl *impl)
{
struct dds_security_cryptography_impl* impl = (struct dds_security_cryptography_impl*) context;
assert(impl->mode == PLUGIN_MODE_WRAPPED);
ddsrt_mutex_lock (&impl->encode_decode_log_lock);
while (!ddsrt_circlist_isempty (&impl->encode_decode_log))
{
@ -1100,6 +1174,24 @@ int finalize_test_cryptography_wrapped(void *context)
}
ddsrt_mutex_unlock (&impl->encode_decode_log_lock);
ddsrt_mutex_destroy (&impl->encode_decode_log_lock);
}
int init_test_cryptography_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv)
{
struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, true, gv);
if (!impl)
return DDS_SECURITY_FAILED;
impl->mode = PLUGIN_MODE_WRAPPED;
init_encode_decode_log(impl);
*context = impl;
return DDS_SECURITY_SUCCESS;
}
int finalize_test_cryptography_wrapped(void *context)
{
struct dds_security_cryptography_impl* impl = (struct dds_security_cryptography_impl*) context;
assert(impl->mode == PLUGIN_MODE_WRAPPED);
fini_encode_decode_log(impl);
return finalize_test_cryptography_common(impl, true);
}
@ -1141,3 +1233,22 @@ int32_t finalize_test_cryptography_store_tokens(void *context)
return finalize_test_cryptography_common(impl, true);
}
int init_test_cryptography_plain_data(const char *argument, void **context, struct ddsi_domaingv *gv)
{
struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, true, gv);
if (!impl)
return DDS_SECURITY_FAILED;
impl->mode = PLUGIN_MODE_PLAIN_DATA;
init_encode_decode_log(impl);
*context = impl;
return DDS_SECURITY_SUCCESS;
}
int finalize_test_cryptography_plain_data(void *context)
{
struct dds_security_cryptography_impl* impl = (struct dds_security_cryptography_impl*) context;
assert(impl->mode == PLUGIN_MODE_PLAIN_DATA);
fini_encode_decode_log(impl);
return finalize_test_cryptography_common(impl, true);
}

8
src/security/core/tests/common/cryptography_wrapper.h
View file

@ -62,15 +62,13 @@ SECURITY_EXPORT void set_protection_kinds(
DDS_Security_ProtectionKind rtps_protection_kind,
DDS_Security_ProtectionKind metadata_protection_kind,
DDS_Security_BasicProtectionKind payload_protection_kind);
SECURITY_EXPORT void set_encrypted_secret(struct dds_security_cryptography_impl * impl, const char * secret);
SECURITY_EXPORT void set_disc_protection_kinds(
struct dds_security_cryptography_impl * impl,
DDS_Security_ProtectionKind disc_protection_kind,
DDS_Security_ProtectionKind liveliness_protection_kind);
SECURITY_EXPORT void set_entity_data_secret(struct dds_security_cryptography_impl * impl, const char * pp_secret, const char * groupdata_secret, const char * ep_secret);
SECURITY_EXPORT void set_force_plain_data(struct dds_security_cryptography_impl * impl, DDS_Security_DatawriterCryptoHandle wr_handle, bool plain_rtps, bool plain_submsg, bool plain_payload);
SECURITY_EXPORT const char *get_crypto_token_type_str (enum crypto_tokens_type type);
SECURITY_EXPORT struct ddsrt_circlist * get_crypto_tokens (struct dds_security_cryptography_impl * impl);
@ -93,4 +91,8 @@ SECURITY_EXPORT int finalize_test_cryptography_wrapped(void *context);
SECURITY_EXPORT int32_t init_test_cryptography_store_tokens(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int32_t finalize_test_cryptography_store_tokens(void *context);
/* Init in plain-data mode (force plain data for payload, submsg and/or rtps) */
SECURITY_EXPORT int init_test_cryptography_plain_data(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int finalize_test_cryptography_plain_data(void *context);
#endif /* SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_ */

170
src/security/core/tests/crypto.c Normal file
View file

@ -0,0 +1,170 @@
/*
* Copyright(c) 2006 to 2020 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#include <stdlib.h>
#include <assert.h>
#include "dds/dds.h"
#include "CUnit/Test.h"
#include "CUnit/Theory.h"
#include "dds/version.h"
#include "dds/ddsrt/cdtors.h"
#include "dds/ddsrt/environ.h"
#include "dds/ddsrt/heap.h"
#include "dds/ddsrt/string.h"
#include "dds/ddsi/q_config.h"
#include "dds/ddsi/ddsi_domaingv.h"
#include "dds/ddsi/q_misc.h"
#include "dds/ddsi/ddsi_xqos.h"
#include "dds/security/dds_security_api.h"
#include "common/config_env.h"
#include "common/cryptography_wrapper.h"
#include "common/test_utils.h"
#include "common/security_config_test_utils.h"
#include "common/test_identity.h"
#include "common/cert_utils.h"
static const char *config =
"${CYCLONEDDS_URI}${CYCLONEDDS_URI:+,}"
"<Domain id=\"any\">"
" <Discovery>"
" <ExternalDomainId>0</ExternalDomainId>"
" <Tag>\\${CYCLONEDDS_PID}</Tag>"
" </Discovery>"
" <DDSSecurity>"
" <Authentication>"
" <Library finalizeFunction=\"finalize_authentication\" initFunction=\"init_authentication\"/>"
" <IdentityCertificate>data:,${TEST_IDENTITY_CERTIFICATE}</IdentityCertificate>"
" <PrivateKey>data:,${TEST_IDENTITY_PRIVATE_KEY}</PrivateKey>"
" <IdentityCA>data:,${TEST_IDENTITY_CA_CERTIFICATE}</IdentityCA>"
" </Authentication>"
" <AccessControl>"
" <Library finalizeFunction=\"finalize_access_control\" initFunction=\"init_access_control\"/>"
" <Governance><![CDATA[${GOVERNANCE_CONFIG}]]></Governance>"
" <PermissionsCA>file:" COMMON_ETC_PATH("default_permissions_ca.pem") "</PermissionsCA>"
" <Permissions><![CDATA[${PERMISSIONS_CONFIG}]]></Permissions>"
" </AccessControl>"
" <Cryptographic>"
" <Library initFunction=\"${CRYPTO_INIT:-init_test_cryptography_wrapped}\" finalizeFunction=\"${CRYPTO_FINI:-finalize_test_cryptography_wrapped}\" path=\"" WRAPPERLIB_PATH("dds_security_cryptography_wrapper") "\"/>"
" </Cryptographic>"
" </DDSSecurity>"
"</Domain>";
#define DDS_DOMAINID1 0
#define DDS_DOMAINID2 1
static dds_entity_t g_domain1;
static dds_entity_t g_participant1;
static dds_entity_t g_domain2;
static dds_entity_t g_participant2;
static uint32_t g_topic_nr = 0;
static void init_domain_pp (dds_domainid_t domain_id, const char *id_cert, const char * id_key, const char * id_ca,
const char * gov_config, const char * perm_config, const char * crypto_init, const char * crypto_fini, dds_entity_t *domain, dds_entity_t *pp)
{
struct kvp config_vars[] =
{
{ "TEST_IDENTITY_CERTIFICATE", id_cert, 1 },
{ "TEST_IDENTITY_PRIVATE_KEY", id_key, 1 },
{ "TEST_IDENTITY_CA_CERTIFICATE", id_ca, 1 },
{ "PERMISSIONS_CONFIG", perm_config, 1 },
{ "GOVERNANCE_CONFIG", gov_config, 1 },
{ "CRYPTO_INIT", crypto_init, 1 },
{ "CRYPTO_FINI", crypto_fini, 1 },
{ NULL, NULL, 0 }
};
char *conf = ddsrt_expand_vars_sh (config, &expand_lookup_vars_env, config_vars);
CU_ASSERT_EQUAL_FATAL (expand_lookup_unmatched (config_vars), 0);
*domain = dds_create_domain (domain_id, conf);
*pp = dds_create_participant (domain_id, NULL, NULL);
CU_ASSERT_FATAL (*pp > 0);
ddsrt_free (conf);
}
static void crypto_init (
const char * gov_config1, const char * perm_config1, const char * id_cert1, const char * id_key1, const char * crypto_init1, const char * crypto_fini1,
const char * gov_config2, const char * perm_config2, const char * id_cert2, const char * id_key2, const char * crypto_init2, const char * crypto_fini2,
const char * id_ca)
{
init_domain_pp (DDS_DOMAINID1, id_cert1, id_key1, id_ca, gov_config1, perm_config1, crypto_init1, crypto_fini1, &g_domain1, &g_participant1);
init_domain_pp (DDS_DOMAINID2, id_cert2, id_key2, id_ca, gov_config2, perm_config2, crypto_init2, crypto_fini2, &g_domain2, &g_participant2);
}
static void crypto_fini (void * res[], size_t nres)
{
CU_ASSERT_EQUAL_FATAL (dds_delete (g_domain1), DDS_RETCODE_OK);
CU_ASSERT_EQUAL_FATAL (dds_delete (g_domain2), DDS_RETCODE_OK);
if (res != NULL)
{
for (size_t i = 0; i < nres; i++)
ddsrt_free (res[i]);
}
}
CU_TheoryDataPoints(ddssec_crypto, inject_plain_data) = {
CU_DataPoints(const char *,
/* */"payload encrypt",
/* | */"payload sign",
/* | | */"submessage encrypt",
/* | | | */"submessage sign",
/* | | | | */"rtps encrypt",
/* | | | | | */"rtps sign"),
CU_DataPoints(DDS_Security_BasicProtectionKind, BPK_E, BPK_S, BPK_N, BPK_N, BPK_N, BPK_N), /* payload protection */
CU_DataPoints(DDS_Security_ProtectionKind, PK_N, PK_N, PK_E, PK_S, PK_N, PK_N), /* submessage protection */
CU_DataPoints(DDS_Security_ProtectionKind, PK_N, PK_N, PK_N, PK_N, PK_E, PK_S), /* rtps protection */
};
CU_Theory((const char * test_descr, DDS_Security_BasicProtectionKind payload_pk, DDS_Security_ProtectionKind submsg_pk, DDS_Security_ProtectionKind rtps_pk),
ddssec_crypto, inject_plain_data, .timeout=30)
{
print_test_msg ("running test inject_plain_data: %s\n", test_descr);
char topic_name[100];
create_topic_name ("ddssec_crypto_", g_topic_nr++, topic_name, sizeof (topic_name));
char *ca, *id1, *id1_subj, *id2, *id2_subj;
ca = generate_ca ("ca1", TEST_IDENTITY_CA1_PRIVATE_KEY, 0, 3600);
id1 = generate_identity (ca, TEST_IDENTITY_CA1_PRIVATE_KEY, "id1", TEST_IDENTITY1_PRIVATE_KEY, 0, 3600, &id1_subj);
id2 = generate_identity (ca, TEST_IDENTITY_CA1_PRIVATE_KEY, "id2", TEST_IDENTITY1_PRIVATE_KEY, 0, 3600, &id2_subj);
char * grants[] = {
get_permissions_default_grant ("id1", id1_subj, topic_name),
get_permissions_default_grant ("id2", id2_subj, topic_name) };
char * perm_config = get_permissions_config (grants, 2, true);
char * gov_topic_rule = get_governance_topic_rule (topic_name, false, false, false, false, submsg_pk, payload_pk);
char * gov_config = get_governance_config (false, true, PK_N, PK_N, rtps_pk, gov_topic_rule, true);
crypto_init (
gov_config, perm_config, id1, TEST_IDENTITY1_PRIVATE_KEY, "init_test_cryptography_plain_data", "finalize_test_cryptography_plain_data",
gov_config, perm_config, id2, TEST_IDENTITY1_PRIVATE_KEY, "init_test_cryptography_wrapped", "finalize_test_cryptography_wrapped",
ca);
dds_entity_t pub, sub, pub_tp, sub_tp, wr, rd;
rd_wr_init (g_participant1, &pub, &pub_tp, &wr, g_participant2, &sub, &sub_tp, &rd, topic_name);
/* set forced plain data for payload/submsg/rtps */
DDS_Security_DatawriterCryptoHandle wr_handle = get_writer_crypto_handle (wr);
struct dds_security_cryptography_impl * crypto_impl = get_crypto_context (g_participant1);
set_force_plain_data (crypto_impl, wr_handle, rtps_pk != PK_N, submsg_pk != PK_N, payload_pk != BPK_N);
/* sync and write/take sample */
sync_writer_to_readers (g_participant1, wr, 1, DDS_SECS (2));
write_read_for (wr, g_participant2, rd, DDS_MSECS (10), false, true);
/* reset forced plain data */
set_force_plain_data (crypto_impl, wr_handle, false, false, false);
crypto_fini ((void * []) { gov_config, gov_topic_rule, grants[0], grants[1], perm_config, ca, id1_subj, id1, id2_subj, id2 }, 10);
}