diff --git a/src/security/core/tests/CMakeLists.txt b/src/security/core/tests/CMakeLists.txt
index 9fcc0c0..af2b446 100644
--- a/src/security/core/tests/CMakeLists.txt
+++ b/src/security/core/tests/CMakeLists.txt
@@ -46,6 +46,9 @@ function(add_wrapper libname linklibs)
set_target_properties("dds_security_${libname}_wrapper" PROPERTIES LINK_FLAGS "-undefined dynamic_lookup")
endif()
+ target_link_libraries("dds_security_${libname}_wrapper" PRIVATE CUnit)
+ target_include_directories("dds_security_${libname}_wrapper" PRIVATE "${CUNIT_DIR}/include")
+
target_link_libraries("dds_security_${libname}_wrapper" PUBLIC ddsc ${linklibs})
target_sources("dds_security_${libname}_wrapper" PRIVATE ${srcs_wrapper})
target_include_directories("dds_security_${libname}_wrapper"
@@ -87,7 +90,7 @@ endif()
target_include_directories(
cunit_security_core PRIVATE
- "$"
+ "$"
"$>"
"$>"
"$>"
diff --git a/src/security/core/tests/authentication.c b/src/security/core/tests/authentication.c
index c1e022d..1ed8ce6 100644
--- a/src/security/core/tests/authentication.c
+++ b/src/security/core/tests/authentication.c
@@ -38,7 +38,7 @@ static const char *config =
"${CYCLONEDDS_URI}${CYCLONEDDS_URI:+,}"
"0"
""
- " finest"
+ " config"
" "
" "
" "
@@ -71,38 +71,30 @@ static dds_entity_t g_participant2 = 0;
static void authentication_init(bool different_ca, const char * trusted_ca_dir, bool exp_pp_fail)
{
- struct kvp governance_vars[] = {
- { "ALLOW_UNAUTH_PP", "false" },
- { "ENABLE_JOIN_AC", "true" },
- { NULL, NULL }
- };
- char * gov_config_signed = get_governance_config (governance_vars);
-
struct kvp config_vars1[] = {
- { "GOVERNANCE_DATA", gov_config_signed },
- { "TEST_IDENTITY_CERTIFICATE", TEST_IDENTITY_CERTIFICATE },
- { "TEST_IDENTITY_PRIVATE_KEY", TEST_IDENTITY_PRIVATE_KEY },
- { "TEST_IDENTITY_CA_CERTIFICATE", TEST_IDENTITY_CA_CERTIFICATE },
- { "TRUSTED_CA_DIR", trusted_ca_dir },
- { NULL, NULL }
+ { "TEST_IDENTITY_CERTIFICATE", TEST_IDENTITY_CERTIFICATE, 1 },
+ { "TEST_IDENTITY_PRIVATE_KEY", TEST_IDENTITY_PRIVATE_KEY, 1 },
+ { "TEST_IDENTITY_CA_CERTIFICATE", TEST_IDENTITY_CA_CERTIFICATE, 1 },
+ { "TRUSTED_CA_DIR", trusted_ca_dir, 3 },
+ { NULL, NULL, 0 }
};
struct kvp config_vars2[] = {
- { "GOVERNANCE_DATA", gov_config_signed },
- { "TEST_IDENTITY_CERTIFICATE", TEST_IDENTITY2_CERTIFICATE },
- { "TEST_IDENTITY_PRIVATE_KEY", TEST_IDENTITY2_PRIVATE_KEY },
- { "TEST_IDENTITY_CA_CERTIFICATE", TEST_IDENTITY_CA2_CERTIFICATE },
- { "TRUSTED_CA_DIR", trusted_ca_dir },
- { NULL, NULL }
+ { "TEST_IDENTITY_CERTIFICATE", TEST_IDENTITY2_CERTIFICATE, 1 },
+ { "TEST_IDENTITY_PRIVATE_KEY", TEST_IDENTITY2_PRIVATE_KEY, 1 },
+ { "TEST_IDENTITY_CA_CERTIFICATE", TEST_IDENTITY_CA2_CERTIFICATE, 1 },
+ { "TRUSTED_CA_DIR", trusted_ca_dir, 3 },
+ { NULL, NULL, 0 }
};
char *conf1 = ddsrt_expand_vars (config, &expand_lookup_vars_env, config_vars1);
char *conf2 = ddsrt_expand_vars (config, &expand_lookup_vars_env, config_vars2);
+ CU_ASSERT_EQUAL_FATAL (expand_lookup_unmatched (config_vars1), 0);
+ CU_ASSERT_EQUAL_FATAL (expand_lookup_unmatched (config_vars2), 0);
g_domain1 = dds_create_domain (DDS_DOMAINID1, conf1);
g_domain2 = dds_create_domain (DDS_DOMAINID2, different_ca ? conf2 : conf1);
dds_free (conf1);
dds_free (conf2);
- ddsrt_free (gov_config_signed);
g_participant1 = dds_create_participant (DDS_DOMAINID1, NULL, NULL);
g_participant2 = dds_create_participant (DDS_DOMAINID2, NULL, NULL);
diff --git a/src/security/core/tests/common/authentication_wrapper.c b/src/security/core/tests/common/authentication_wrapper.c
index b794a3e..0ab9882 100644
--- a/src/security/core/tests/common/authentication_wrapper.c
+++ b/src/security/core/tests/common/authentication_wrapper.c
@@ -46,7 +46,8 @@ struct dds_security_authentication_impl
};
static struct dds_security_authentication_impl **auth_impl;
-static size_t auth_impl_count = 0;
+static size_t auth_impl_idx = 0;
+static size_t auth_impl_use = 0;
static const char *test_identity_certificate = TEST_IDENTITY_CERTIFICATE_DUMMY;
static const char *test_private_key = TEST_IDENTITY_PRIVATE_KEY_DUMMY;
@@ -436,11 +437,10 @@ static DDS_Security_boolean test_return_sharedsecret_handle(
static struct dds_security_authentication_impl * get_impl_for_domain(dds_domainid_t domain_id)
{
- for (size_t i = 0; i < auth_impl_count; i++)
+ for (size_t i = 0; i < auth_impl_idx; i++)
{
- if (auth_impl[i]->gv->config.domainId == domain_id)
+ if (auth_impl[i] && auth_impl[i]->gv->config.domainId == domain_id)
{
- assert(auth_impl[i]);
return auth_impl[i];
}
}
@@ -531,6 +531,10 @@ int32_t finalize_test_authentication_init_error(void *context)
return 0;
}
+/**
+ * Init and fini functions for using wrapped mode for the authentication plugin.
+ * These functions assumes that there are no concurrent calls, as the static
+ * variables used here are not protected by a lock. */
int32_t init_test_authentication_wrapped(const char *argument, void **context)
{
int32_t ret;
@@ -544,10 +548,10 @@ int32_t init_test_authentication_wrapped(const char *argument, void **context)
ret = init_authentication(argument, (void **)&impl->instance);
- auth_impl_count++;
- auth_impl = ddsrt_realloc(auth_impl, auth_impl_count * sizeof(*auth_impl));
- auth_impl[auth_impl_count - 1] = impl;
-
+ auth_impl_idx++;
+ auth_impl = ddsrt_realloc(auth_impl, auth_impl_idx * sizeof(*auth_impl));
+ auth_impl[auth_impl_idx - 1] = impl;
+ auth_impl_use++;
*context = impl;
return ret;
}
@@ -559,8 +563,23 @@ int32_t finalize_test_authentication_wrapped(void *context)
assert(impl->mode == PLUGIN_MODE_WRAPPED);
deinit_message_queue(&impl->msg_queue);
ret = finalize_authentication(impl->instance);
+
+ size_t idx;
+ for (idx = 0; idx < auth_impl_idx; idx++)
+ if (auth_impl[idx] == impl)
+ break;
+ assert (idx < auth_impl_idx);
+ auth_impl[idx] = NULL;
+
ddsrt_free(context);
- auth_impl_count--;
+
+ if (--auth_impl_use == 0)
+ {
+ ddsrt_free (auth_impl);
+ auth_impl = NULL;
+ auth_impl_idx = 0;
+ }
+
return ret;
}
diff --git a/src/security/core/tests/common/cryptography_wrapper.c b/src/security/core/tests/common/cryptography_wrapper.c
index ad9346b..f220c5c 100644
--- a/src/security/core/tests/common/cryptography_wrapper.c
+++ b/src/security/core/tests/common/cryptography_wrapper.c
@@ -11,6 +11,7 @@
*/
#include
#include
+#include "CUnit/Test.h"
#include "dds/dds.h"
#include "dds/ddsrt/heap.h"
#include "dds/ddsrt/sync.h"
@@ -74,15 +75,15 @@ void set_protection_kinds(
impl->payload_protection_kind = payload_protection_kind;
}
-static unsigned char * find_buffer_match(unsigned char *input, size_t input_len, unsigned char *match, size_t match_len)
+static unsigned char * find_buffer_match(const unsigned char *input, size_t input_len, const unsigned char *match, size_t match_len)
{
if (match_len <= input_len && match_len > 0 && input_len > 0)
{
- unsigned char *match_end = match + match_len;
- unsigned char *i = input;
+ const unsigned char *match_end = match + match_len;
+ unsigned char *i = (unsigned char *) input;
while (i <= input + input_len - match_len)
{
- unsigned char *m = match, *j = i;
+ unsigned char *m = (unsigned char *) match, *j = i;
while (*m == *j && j < input + input_len)
{
j++;
@@ -113,7 +114,7 @@ static DDS_Security_long_long check_handle(DDS_Security_long_long handle)
{
/* Assume that handle, which actually is a pointer, has a value that is likely to be
a valid memory address and not a value returned by the mock implementation. */
- assert (handle == 0 || handle > 4096);
+ CU_ASSERT_FATAL (handle == 0 || handle > 4096);
return handle;
}
diff --git a/src/security/core/tests/common/security_config_test_utils.c b/src/security/core/tests/common/security_config_test_utils.c
index c67a4d8..c6e939b 100644
--- a/src/security/core/tests/common/security_config_test_utils.c
+++ b/src/security/core/tests/common/security_config_test_utils.c
@@ -61,11 +61,14 @@ static const char *governance_xml =
const char * expand_lookup_vars(const char *name, void * data)
{
- const struct kvp *vars = (struct kvp *)data;
+ struct kvp *vars = (struct kvp *)data;
for (uint32_t i = 0; vars[i].key != NULL; i++)
{
if (!strcmp(vars[i].key, name))
+ {
+ vars[i].count--;
return vars[i].value;
+ }
}
return NULL;
}
@@ -78,6 +81,21 @@ const char * expand_lookup_vars_env(const char *name, void * data)
return ((ddsrt_getenv(name, &env)) == DDS_RETCODE_OK) ? env : NULL;
}
+int32_t expand_lookup_unmatched (const struct kvp * lookup_table)
+{
+ int32_t unmatched = 0;
+ for (uint32_t i = 0; lookup_table[i].key != NULL; i++)
+ {
+ int32_t c = lookup_table[i].count;
+ if (c > 0 && unmatched >= INT32_MAX - c)
+ return INT32_MAX;
+ if (c < 0 && unmatched <= INT32_MIN - c)
+ return INT32_MIN;
+ unmatched += c;
+ }
+ return unmatched;
+}
+
static char * smime_sign(char * ca_cert_path, char * ca_priv_key_path, const char * data)
{
// Read CA certificate
diff --git a/src/security/core/tests/common/security_config_test_utils.h b/src/security/core/tests/common/security_config_test_utils.h
index d2c8635..ab14b7f 100644
--- a/src/security/core/tests/common/security_config_test_utils.h
+++ b/src/security/core/tests/common/security_config_test_utils.h
@@ -18,10 +18,12 @@
struct kvp {
const char *key;
const char *value;
+ int32_t count;
};
const char * expand_lookup_vars (const char *name, void * data);
const char * expand_lookup_vars_env (const char *name, void * data);
+int32_t expand_lookup_unmatched (const struct kvp * lookup_table);
char * get_governance_config (struct kvp *config_vars);
diff --git a/src/security/core/tests/secure_communication.c b/src/security/core/tests/secure_communication.c
index 54882e4..9270a57 100644
--- a/src/security/core/tests/secure_communication.c
+++ b/src/security/core/tests/secure_communication.c
@@ -69,7 +69,7 @@ static const char *config =
" file:" COMMON_ETC_PATH("default_permissions.p7s") ""
" "
" "
- " "
+ " "
" "
" "
"";
@@ -200,12 +200,12 @@ static void test_init(const struct domain_sec_config * domain_config, size_t n_s
assert (n_pub_participants < MAX_PARTICIPANTS);
struct kvp governance_vars[] = {
- { "DISCOVERY_PROTECTION_KIND", pk_to_str (domain_config->discovery_pk) },
- { "LIVELINESS_PROTECTION_KIND", pk_to_str (domain_config->liveliness_pk) },
- { "RTPS_PROTECTION_KIND", pk_to_str (domain_config->rtps_pk) },
- { "METADATA_PROTECTION_KIND", pk_to_str (domain_config->metadata_pk) },
- { "DATA_PROTECTION_KIND", bpk_to_str (domain_config->payload_pk) },
- { NULL, NULL }
+ { "DISCOVERY_PROTECTION_KIND", pk_to_str (domain_config->discovery_pk), 1 },
+ { "LIVELINESS_PROTECTION_KIND", pk_to_str (domain_config->liveliness_pk), 1 },
+ { "RTPS_PROTECTION_KIND", pk_to_str (domain_config->rtps_pk), 1 },
+ { "METADATA_PROTECTION_KIND", pk_to_str (domain_config->metadata_pk), 1 },
+ { "DATA_PROTECTION_KIND", bpk_to_str (domain_config->payload_pk), 1 },
+ { NULL, NULL, 0 }
};
printf("Governance configuration: ");
@@ -215,10 +215,8 @@ static void test_init(const struct domain_sec_config * domain_config, size_t n_s
char * gov_config_signed = get_governance_config (governance_vars);
struct kvp config_vars[] = {
- { "GOVERNANCE_DATA", gov_config_signed },
- { "CRYPTO_INIT", "init_test_cryptography_wrapped" },
- { "CRYPTO_FINI", "finalize_test_cryptography_wrapped" },
- { NULL, NULL }
+ { "GOVERNANCE_DATA", gov_config_signed, 1 },
+ { NULL, NULL, 0 }
};
char *conf_pub = ddsrt_expand_vars (config, &expand_lookup_vars_env, config_vars);
@@ -454,7 +452,7 @@ CU_TheoryDataPoints(ddssec_secure_communication, multiple_readers) = {
CU_DataPoints(size_t, 1, 3, 1, 3), /* number of participants per domain */
CU_DataPoints(size_t, 3, 1, 3, 3), /* number of readers per participant */
};
-CU_Theory((size_t n_dom, size_t n_pp, size_t n_rd), ddssec_secure_communication, multiple_readers, .timeout = 60)
+CU_Theory((size_t n_dom, size_t n_pp, size_t n_rd), ddssec_secure_communication, multiple_readers, .timeout = 60, .disabled = true)
{
DDS_Security_ProtectionKind metadata_pk[] = { PK_N, PK_SOA, PK_EOA };
DDS_Security_BasicProtectionKind payload_pk[] = { BPK_N, BPK_S, BPK_E };
@@ -473,7 +471,7 @@ CU_TheoryDataPoints(ddssec_secure_communication, multiple_readers_writers) = {
CU_DataPoints(size_t, 1, 1, 2), /* number of writer domains */
CU_DataPoints(size_t, 1, 3, 3), /* number of writers per domain */
};
-CU_Theory((size_t n_rd_dom, size_t n_rd, size_t n_wr_dom, size_t n_wr), ddssec_secure_communication, multiple_readers_writers, .timeout = 60)
+CU_Theory((size_t n_rd_dom, size_t n_rd, size_t n_wr_dom, size_t n_wr), ddssec_secure_communication, multiple_readers_writers, .timeout = 60, .disabled = true)
{
DDS_Security_ProtectionKind metadata_pk[] = { PK_SOA, PK_EOA };
for (size_t metadata = 0; metadata < sizeof (metadata_pk) / sizeof (metadata_pk[0]); metadata++)