niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixes in security core tests: add check that all provided vars are used in variable expansion for test configs, add note on concurrency in authentication wrapper, replace assert by cunit assert in crypto wrapper

Browse source 
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
This commit is contained in:
Dennis Potman 2020-03-03 12:14:39 +01:00 committed by eboasson
parent 8f464e0c99
commit ea10dbd8e1
7 changed files with 83 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/security/core/tests/CMakeLists.txt
View file

@ -46,6 +46,9 @@ function(add_wrapper libname linklibs)
set_target_properties("dds_security_${libname}_wrapper" PROPERTIES LINK_FLAGS "-undefined dynamic_lookup") set_target_properties("dds_security_${libname}_wrapper" PROPERTIES LINK_FLAGS "-undefined dynamic_lookup")
endif() endif()
target_link_libraries("dds_security_${libname}_wrapper" PRIVATE CUnit)
target_include_directories("dds_security_${libname}_wrapper" PRIVATE "${CUNIT_DIR}/include")
target_link_libraries("dds_security_${libname}_wrapper" PUBLIC ddsc ${linklibs}) target_link_libraries("dds_security_${libname}_wrapper" PUBLIC ddsc ${linklibs})
target_sources("dds_security_${libname}_wrapper" PRIVATE ${srcs_wrapper}) target_sources("dds_security_${libname}_wrapper" PRIVATE ${srcs_wrapper})
target_include_directories("dds_security_${libname}_wrapper" target_include_directories("dds_security_${libname}_wrapper"

34
src/security/core/tests/authentication.c
View file

@ -38,7 +38,7 @@ static const char *config =
"${CYCLONEDDS_URI}${CYCLONEDDS_URI:+,}" "${CYCLONEDDS_URI}${CYCLONEDDS_URI:+,}"
"<Discovery><ExternalDomainId>0</ExternalDomainId></Discovery>" "<Discovery><ExternalDomainId>0</ExternalDomainId></Discovery>"
"<Domain id=\"any\">" "<Domain id=\"any\">"
" <Tracing><Verbosity>finest</></>" " <Tracing><Verbosity>config</></>"
" <DDSSecurity>" " <DDSSecurity>"
" <Authentication>" " <Authentication>"
" <Library finalizeFunction=\"finalize_test_authentication_wrapped\" initFunction=\"init_test_authentication_wrapped\" path=\"" WRAPPERLIB_PATH("dds_security_authentication_wrapper") "\"/>" " <Library finalizeFunction=\"finalize_test_authentication_wrapped\" initFunction=\"init_test_authentication_wrapped\" path=\"" WRAPPERLIB_PATH("dds_security_authentication_wrapper") "\"/>"
@ -71,38 +71,30 @@ static dds_entity_t g_participant2 = 0;
static void authentication_init(bool different_ca, const char * trusted_ca_dir, bool exp_pp_fail) static void authentication_init(bool different_ca, const char * trusted_ca_dir, bool exp_pp_fail)
{ {
struct kvp governance_vars[] = {
{ "ALLOW_UNAUTH_PP", "false" },
{ "ENABLE_JOIN_AC", "true" },
{ NULL, NULL }
};
char * gov_config_signed = get_governance_config (governance_vars);
struct kvp config_vars1[] = { struct kvp config_vars1[] = {
{ "GOVERNANCE_DATA", gov_config_signed }, { "TEST_IDENTITY_CERTIFICATE", TEST_IDENTITY_CERTIFICATE, 1 },
{ "TEST_IDENTITY_CERTIFICATE", TEST_IDENTITY_CERTIFICATE }, { "TEST_IDENTITY_PRIVATE_KEY", TEST_IDENTITY_PRIVATE_KEY, 1 },
{ "TEST_IDENTITY_PRIVATE_KEY", TEST_IDENTITY_PRIVATE_KEY }, { "TEST_IDENTITY_CA_CERTIFICATE", TEST_IDENTITY_CA_CERTIFICATE, 1 },
{ "TEST_IDENTITY_CA_CERTIFICATE", TEST_IDENTITY_CA_CERTIFICATE }, { "TRUSTED_CA_DIR", trusted_ca_dir, 3 },
{ "TRUSTED_CA_DIR", trusted_ca_dir }, { NULL, NULL, 0 }
{ NULL, NULL }
}; };
struct kvp config_vars2[] = { struct kvp config_vars2[] = {
{ "GOVERNANCE_DATA", gov_config_signed }, { "TEST_IDENTITY_CERTIFICATE", TEST_IDENTITY2_CERTIFICATE, 1 },
{ "TEST_IDENTITY_CERTIFICATE", TEST_IDENTITY2_CERTIFICATE }, { "TEST_IDENTITY_PRIVATE_KEY", TEST_IDENTITY2_PRIVATE_KEY, 1 },
{ "TEST_IDENTITY_PRIVATE_KEY", TEST_IDENTITY2_PRIVATE_KEY }, { "TEST_IDENTITY_CA_CERTIFICATE", TEST_IDENTITY_CA2_CERTIFICATE, 1 },
{ "TEST_IDENTITY_CA_CERTIFICATE", TEST_IDENTITY_CA2_CERTIFICATE }, { "TRUSTED_CA_DIR", trusted_ca_dir, 3 },
{ "TRUSTED_CA_DIR", trusted_ca_dir }, { NULL, NULL, 0 }
{ NULL, NULL }
}; };
char *conf1 = ddsrt_expand_vars (config, &expand_lookup_vars_env, config_vars1); char *conf1 = ddsrt_expand_vars (config, &expand_lookup_vars_env, config_vars1);
char *conf2 = ddsrt_expand_vars (config, &expand_lookup_vars_env, config_vars2); char *conf2 = ddsrt_expand_vars (config, &expand_lookup_vars_env, config_vars2);
CU_ASSERT_EQUAL_FATAL (expand_lookup_unmatched (config_vars1), 0);
CU_ASSERT_EQUAL_FATAL (expand_lookup_unmatched (config_vars2), 0);
g_domain1 = dds_create_domain (DDS_DOMAINID1, conf1); g_domain1 = dds_create_domain (DDS_DOMAINID1, conf1);
g_domain2 = dds_create_domain (DDS_DOMAINID2, different_ca ? conf2 : conf1); g_domain2 = dds_create_domain (DDS_DOMAINID2, different_ca ? conf2 : conf1);
dds_free (conf1); dds_free (conf1);
dds_free (conf2); dds_free (conf2);
ddsrt_free (gov_config_signed);
g_participant1 = dds_create_participant (DDS_DOMAINID1, NULL, NULL); g_participant1 = dds_create_participant (DDS_DOMAINID1, NULL, NULL);
g_participant2 = dds_create_participant (DDS_DOMAINID2, NULL, NULL); g_participant2 = dds_create_participant (DDS_DOMAINID2, NULL, NULL);

37
src/security/core/tests/common/authentication_wrapper.c
View file

@ -46,7 +46,8 @@ struct dds_security_authentication_impl
}; };
static struct dds_security_authentication_impl **auth_impl; static struct dds_security_authentication_impl **auth_impl;
static size_t auth_impl_count = 0; static size_t auth_impl_idx = 0;
static size_t auth_impl_use = 0;
static const char *test_identity_certificate = TEST_IDENTITY_CERTIFICATE_DUMMY; static const char *test_identity_certificate = TEST_IDENTITY_CERTIFICATE_DUMMY;
static const char *test_private_key = TEST_IDENTITY_PRIVATE_KEY_DUMMY; static const char *test_private_key = TEST_IDENTITY_PRIVATE_KEY_DUMMY;
@ -436,11 +437,10 @@ static DDS_Security_boolean test_return_sharedsecret_handle(
static struct dds_security_authentication_impl * get_impl_for_domain(dds_domainid_t domain_id) static struct dds_security_authentication_impl * get_impl_for_domain(dds_domainid_t domain_id)
{ {
for (size_t i = 0; i < auth_impl_count; i++) for (size_t i = 0; i < auth_impl_idx; i++)
{ {
if (auth_impl[i]->gv->config.domainId == domain_id) if (auth_impl[i] && auth_impl[i]->gv->config.domainId == domain_id)
{ {
assert(auth_impl[i]);
return auth_impl[i]; return auth_impl[i];
} }
} }
@ -531,6 +531,10 @@ int32_t finalize_test_authentication_init_error(void *context)
return 0; return 0;
} }
/**
* Init and fini functions for using wrapped mode for the authentication plugin.
* These functions assumes that there are no concurrent calls, as the static
* variables used here are not protected by a lock. */
int32_t init_test_authentication_wrapped(const char *argument, void **context) int32_t init_test_authentication_wrapped(const char *argument, void **context)
{ {
int32_t ret; int32_t ret;
@ -544,10 +548,10 @@ int32_t init_test_authentication_wrapped(const char *argument, void **context)
ret = init_authentication(argument, (void **)&impl->instance); ret = init_authentication(argument, (void **)&impl->instance);
auth_impl_count++; auth_impl_idx++;
auth_impl = ddsrt_realloc(auth_impl, auth_impl_count * sizeof(*auth_impl)); auth_impl = ddsrt_realloc(auth_impl, auth_impl_idx * sizeof(*auth_impl));
auth_impl[auth_impl_count - 1] = impl; auth_impl[auth_impl_idx - 1] = impl;
auth_impl_use++;
*context = impl; *context = impl;
return ret; return ret;
} }
@ -559,8 +563,23 @@ int32_t finalize_test_authentication_wrapped(void *context)
assert(impl->mode == PLUGIN_MODE_WRAPPED); assert(impl->mode == PLUGIN_MODE_WRAPPED);
deinit_message_queue(&impl->msg_queue); deinit_message_queue(&impl->msg_queue);
ret = finalize_authentication(impl->instance); ret = finalize_authentication(impl->instance);
size_t idx;
for (idx = 0; idx < auth_impl_idx; idx++)
if (auth_impl[idx] == impl)
break;
assert (idx < auth_impl_idx);
auth_impl[idx] = NULL;
ddsrt_free(context); ddsrt_free(context);
auth_impl_count--;
if (--auth_impl_use == 0)
{
ddsrt_free (auth_impl);
auth_impl = NULL;
auth_impl_idx = 0;
}
return ret; return ret;
} }

11
src/security/core/tests/common/cryptography_wrapper.c
View file

@ -11,6 +11,7 @@
*/ */
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include "CUnit/Test.h"
#include "dds/dds.h" #include "dds/dds.h"
#include "dds/ddsrt/heap.h" #include "dds/ddsrt/heap.h"
#include "dds/ddsrt/sync.h" #include "dds/ddsrt/sync.h"
@ -74,15 +75,15 @@ void set_protection_kinds(
impl->payload_protection_kind = payload_protection_kind; impl->payload_protection_kind = payload_protection_kind;
} }
static unsigned char * find_buffer_match(unsigned char *input, size_t input_len, unsigned char *match, size_t match_len) static unsigned char * find_buffer_match(const unsigned char *input, size_t input_len, const unsigned char *match, size_t match_len)
{ {
if (match_len <= input_len && match_len > 0 && input_len > 0) if (match_len <= input_len && match_len > 0 && input_len > 0)
{ {
unsigned char *match_end = match + match_len; const unsigned char *match_end = match + match_len;
unsigned char *i = input; unsigned char *i = (unsigned char *) input;
while (i <= input + input_len - match_len) while (i <= input + input_len - match_len)
{ {
unsigned char *m = match, *j = i; unsigned char *m = (unsigned char *) match, *j = i;
while (*m == *j && j < input + input_len) while (*m == *j && j < input + input_len)
{ {
j++; j++;
@ -113,7 +114,7 @@ static DDS_Security_long_long check_handle(DDS_Security_long_long handle)
{ {
/* Assume that handle, which actually is a pointer, has a value that is likely to be /* Assume that handle, which actually is a pointer, has a value that is likely to be
a valid memory address and not a value returned by the mock implementation. */ a valid memory address and not a value returned by the mock implementation. */
assert (handle == 0 || handle > 4096); CU_ASSERT_FATAL (handle == 0 || handle > 4096);
return handle; return handle;
} }

20
src/security/core/tests/common/security_config_test_utils.c
View file

@ -61,12 +61,15 @@ static const char *governance_xml =
const char * expand_lookup_vars(const char *name, void * data) const char * expand_lookup_vars(const char *name, void * data)
{ {
const struct kvp *vars = (struct kvp *)data; struct kvp *vars = (struct kvp *)data;
for (uint32_t i = 0; vars[i].key != NULL; i++) for (uint32_t i = 0; vars[i].key != NULL; i++)
{ {
if (!strcmp(vars[i].key, name)) if (!strcmp(vars[i].key, name))
{
vars[i].count--;
return vars[i].value; return vars[i].value;
} }
}
return NULL; return NULL;
} }
@ -78,6 +81,21 @@ const char * expand_lookup_vars_env(const char *name, void * data)
return ((ddsrt_getenv(name, &env)) == DDS_RETCODE_OK) ? env : NULL; return ((ddsrt_getenv(name, &env)) == DDS_RETCODE_OK) ? env : NULL;
} }
int32_t expand_lookup_unmatched (const struct kvp * lookup_table)
{
int32_t unmatched = 0;
for (uint32_t i = 0; lookup_table[i].key != NULL; i++)
{
int32_t c = lookup_table[i].count;
if (c > 0 && unmatched >= INT32_MAX - c)
return INT32_MAX;
if (c < 0 && unmatched <= INT32_MIN - c)
return INT32_MIN;
unmatched += c;
}
return unmatched;
}
static char * smime_sign(char * ca_cert_path, char * ca_priv_key_path, const char * data) static char * smime_sign(char * ca_cert_path, char * ca_priv_key_path, const char * data)
{ {
// Read CA certificate // Read CA certificate

2
src/security/core/tests/common/security_config_test_utils.h
View file

@ -18,10 +18,12 @@
struct kvp { struct kvp {
const char *key; const char *key;
const char *value; const char *value;
int32_t count;
}; };
const char * expand_lookup_vars (const char *name, void * data); const char * expand_lookup_vars (const char *name, void * data);
const char * expand_lookup_vars_env (const char *name, void * data); const char * expand_lookup_vars_env (const char *name, void * data);
int32_t expand_lookup_unmatched (const struct kvp * lookup_table);
char * get_governance_config (struct kvp *config_vars); char * get_governance_config (struct kvp *config_vars);

24
src/security/core/tests/secure_communication.c
View file

@ -69,7 +69,7 @@ static const char *config =
" <Permissions>file:" COMMON_ETC_PATH("default_permissions.p7s") "</Permissions>" " <Permissions>file:" COMMON_ETC_PATH("default_permissions.p7s") "</Permissions>"
" </AccessControl>" " </AccessControl>"
" <Cryptographic>" " <Cryptographic>"
" <Library finalizeFunction=\"${CRYPTO_FINI}\" initFunction=\"${CRYPTO_INIT}\" path=\"" WRAPPERLIB_PATH("dds_security_cryptography_wrapper") "\"/>" " <Library finalizeFunction=\"finalize_test_cryptography_wrapped\" initFunction=\"init_test_cryptography_wrapped\" path=\"" WRAPPERLIB_PATH("dds_security_cryptography_wrapper") "\"/>"
" </Cryptographic>" " </Cryptographic>"
" </DDSSecurity>" " </DDSSecurity>"
"</Domain>"; "</Domain>";
@ -200,12 +200,12 @@ static void test_init(const struct domain_sec_config * domain_config, size_t n_s
assert (n_pub_participants < MAX_PARTICIPANTS); assert (n_pub_participants < MAX_PARTICIPANTS);
struct kvp governance_vars[] = { struct kvp governance_vars[] = {
{ "DISCOVERY_PROTECTION_KIND", pk_to_str (domain_config->discovery_pk) }, { "DISCOVERY_PROTECTION_KIND", pk_to_str (domain_config->discovery_pk), 1 },
{ "LIVELINESS_PROTECTION_KIND", pk_to_str (domain_config->liveliness_pk) }, { "LIVELINESS_PROTECTION_KIND", pk_to_str (domain_config->liveliness_pk), 1 },
{ "RTPS_PROTECTION_KIND", pk_to_str (domain_config->rtps_pk) }, { "RTPS_PROTECTION_KIND", pk_to_str (domain_config->rtps_pk), 1 },
{ "METADATA_PROTECTION_KIND", pk_to_str (domain_config->metadata_pk) }, { "METADATA_PROTECTION_KIND", pk_to_str (domain_config->metadata_pk), 1 },
{ "DATA_PROTECTION_KIND", bpk_to_str (domain_config->payload_pk) }, { "DATA_PROTECTION_KIND", bpk_to_str (domain_config->payload_pk), 1 },
{ NULL, NULL } { NULL, NULL, 0 }
}; };
printf("Governance configuration: "); printf("Governance configuration: ");
@ -215,10 +215,8 @@ static void test_init(const struct domain_sec_config * domain_config, size_t n_s
char * gov_config_signed = get_governance_config (governance_vars); char * gov_config_signed = get_governance_config (governance_vars);
struct kvp config_vars[] = { struct kvp config_vars[] = {
{ "GOVERNANCE_DATA", gov_config_signed }, { "GOVERNANCE_DATA", gov_config_signed, 1 },
{ "CRYPTO_INIT", "init_test_cryptography_wrapped" }, { NULL, NULL, 0 }
{ "CRYPTO_FINI", "finalize_test_cryptography_wrapped" },
{ NULL, NULL }
}; };
char *conf_pub = ddsrt_expand_vars (config, &expand_lookup_vars_env, config_vars); char *conf_pub = ddsrt_expand_vars (config, &expand_lookup_vars_env, config_vars);
@ -454,7 +452,7 @@ CU_TheoryDataPoints(ddssec_secure_communication, multiple_readers) = {
CU_DataPoints(size_t, 1, 3, 1, 3), /* number of participants per domain */ CU_DataPoints(size_t, 1, 3, 1, 3), /* number of participants per domain */
CU_DataPoints(size_t, 3, 1, 3, 3), /* number of readers per participant */ CU_DataPoints(size_t, 3, 1, 3, 3), /* number of readers per participant */
}; };
CU_Theory((size_t n_dom, size_t n_pp, size_t n_rd), ddssec_secure_communication, multiple_readers, .timeout = 60) CU_Theory((size_t n_dom, size_t n_pp, size_t n_rd), ddssec_secure_communication, multiple_readers, .timeout = 60, .disabled = true)
{ {
DDS_Security_ProtectionKind metadata_pk[] = { PK_N, PK_SOA, PK_EOA }; DDS_Security_ProtectionKind metadata_pk[] = { PK_N, PK_SOA, PK_EOA };
DDS_Security_BasicProtectionKind payload_pk[] = { BPK_N, BPK_S, BPK_E }; DDS_Security_BasicProtectionKind payload_pk[] = { BPK_N, BPK_S, BPK_E };
@ -473,7 +471,7 @@ CU_TheoryDataPoints(ddssec_secure_communication, multiple_readers_writers) = {
CU_DataPoints(size_t, 1, 1, 2), /* number of writer domains */ CU_DataPoints(size_t, 1, 1, 2), /* number of writer domains */
CU_DataPoints(size_t, 1, 3, 3), /* number of writers per domain */ CU_DataPoints(size_t, 1, 3, 3), /* number of writers per domain */
}; };
CU_Theory((size_t n_rd_dom, size_t n_rd, size_t n_wr_dom, size_t n_wr), ddssec_secure_communication, multiple_readers_writers, .timeout = 60) CU_Theory((size_t n_rd_dom, size_t n_rd, size_t n_wr_dom, size_t n_wr), ddssec_secure_communication, multiple_readers_writers, .timeout = 60, .disabled = true)
{ {
DDS_Security_ProtectionKind metadata_pk[] = { PK_SOA, PK_EOA }; DDS_Security_ProtectionKind metadata_pk[] = { PK_SOA, PK_EOA };
for (size_t metadata = 0; metadata < sizeof (metadata_pk) / sizeof (metadata_pk[0]); metadata++) for (size_t metadata = 0; metadata < sizeof (metadata_pk) / sizeof (metadata_pk[0]); metadata++)