niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Drop broken protection against casual eavesdroppers

Browse source 
From a distant past came code to encrypt data on the wire, but it hasn't
been functional in Cyclone for a long time and it only ever provided
protection against casual eavesdroppers.  It is better to delete it.

Signed-off-by: Erik Boasson <eb@ilities.com>
This commit is contained in:
Erik Boasson 2019-10-02 17:29:51 +02:00 committed by eboasson
parent 0b57b74b93
commit fde05810c6
10 changed files with 13 additions and 2135 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/core/ddsi/CMakeLists.txt
View file

@ -47,7 +47,6 @@ PREPEND(srcs_ddsi "${CMAKE_CURRENT_LIST_DIR}/src"
q_qosmatch.c
q_radmin.c
q_receive.c
q_security.c
q_sockwaitset.c
q_thread.c
q_time.c
@ -106,7 +105,6 @@ PREPEND(hdrs_private_ddsi "${CMAKE_CURRENT_LIST_DIR}/include/dds/ddsi"
q_radmin.h
q_receive.h
q_rtps.h
q_security.h
q_sockwaitset.h
q_thread.h
q_time.h

38
src/core/ddsi/include/dds/ddsi/q_config.h
View file

@ -14,9 +14,6 @@
#include "dds/ddsi/q_log.h"
#include "dds/ddsi/q_thread.h"
#ifdef DDSI_INCLUDE_ENCRYPTION
#include "dds/ddsi/q_security.h"
#endif /* DDSI_INCLUDE_ENCRYPTION */
#include "dds/ddsi/q_xqos.h"
#include "dds/ddsi/q_feature_check.h"
@ -73,34 +70,6 @@ struct config_listelem {
struct config_listelem *next;
};
#ifdef DDSI_INCLUDE_ENCRYPTION
struct q_security_plugins
{
c_bool (*encode) (q_securityEncoderSet, uint32_t, void *, uint32_t, uint32_t *);
c_bool (*decode) (q_securityDecoderSet, void *, size_t, size_t *);
q_securityEncoderSet (*new_encoder) (void);
q_securityDecoderSet (*new_decoder) (void);
c_bool (*free_encoder) (q_securityEncoderSet);
c_bool (*free_decoder) (q_securityDecoderSet);
ssize_t (*send_encoded) (ddsi_tran_conn_t, const nn_locator_t *dst, size_t niov, ddsrt_iovec_t *iov, q_securityEncoderSet *, uint32_t, uint32_t);
char * (*cipher_type) (q_cipherType);
c_bool (*cipher_type_from_string) (const char *, q_cipherType *);
uint32_t (*header_size) (q_securityEncoderSet, uint32_t);
q_cipherType (*encoder_type) (q_securityEncoderSet, uint32_t);
c_bool (*valid_uri) (q_cipherType, const char *);
};
struct q_security_plugins q_security_plugin;
struct config_securityprofile_listelem
{
struct config_securityprofile_listelem *next;
char *name;
q_cipherType cipher;
char *key;
};
#endif /* DDSI_INCLUDE_ENCRYPTION */
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
struct config_networkpartition_listelem {
struct config_networkpartition_listelem *next;
@ -108,10 +77,6 @@ struct config_networkpartition_listelem {
char *address_string;
struct addrset *as;
int connected;
#ifdef DDSI_INCLUDE_ENCRYPTION
char *profileName;
struct config_securityprofile_listelem *securityProfile;
#endif /* DDSI_INCLUDE_ENCRYPTION */
uint32_t partitionHash;
uint32_t partitionId;
};
@ -311,9 +276,6 @@ struct config
struct config_channel_listelem *channels;
struct config_channel_listelem *max_channel; /* channel with highest prio; always computed */
#endif /* DDSI_INCLUDE_NETWORK_CHANNELS */
#ifdef DDSI_INCLUDE_ENCRYPTION
struct config_securityprofile_listelem *securityProfiles;
#endif /* DDSI_INCLUDE_ENCRYPTION */
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
struct config_networkpartition_listelem *networkPartitions;
unsigned nof_networkPartitions;

9
src/core/ddsi/include/dds/ddsi/q_feature_check.h
View file

@ -11,9 +11,6 @@
*/
/* Feature macros:
- ENCRYPTION: support for encryption
requires: NETWORK_PARTITIONS
- SSM: support for source-specific multicast
requires: NETWORK_PARTIITONS
also requires platform support; SSM is silently disabled if the
@ -31,12 +28,6 @@
*/
#ifdef DDSI_INCLUDE_ENCRYPTION
#ifndef DDSI_INCLUDE_NETWORK_PARTITIONS
#error "ENCRYPTION requires NETWORK_PARTITIONS"
#endif
#endif
#ifdef DDSI_INCLUDE_SSM
#ifndef DDSI_INCLUDE_NETWORK_PARTITIONS
#error "SSM requires NETWORK_PARTITIONS"

11
src/core/ddsi/include/dds/ddsi/q_globals.h
View file

@ -26,10 +26,6 @@
#include "dds/ddsi/q_sockwaitset.h"
#include "dds/ddsi/q_config.h"
#ifdef DDSI_INCLUDE_ENCRYPTION
#include "dds/ddsi/q_security.h" /* for q_securityDecoderSet */
#endif /* DDSI_INCLUDE_ENCRYPTION */
#if defined (__cplusplus)
extern "C" {
#endif
@ -288,13 +284,6 @@ struct q_globals {
int sendq_stop;
struct thread_state1 *sendq_ts;
#ifdef DDSI_INCLUDE_ENCRYPTION
/* Codecs needed for decoding incoming encrypted messages
FIXME: should be a property of the receiver thread, and pass down
while processing messages. For now made global */
q_securityDecoderSet recvSecurityCodec;
#endif /* DDSI_INCLUDE_ENCRYPTION */
/* File for dumping captured packets, NULL if disabled */
FILE *pcap_fp;
ddsrt_mutex_t pcap_lock;

46
src/core/ddsi/include/dds/ddsi/q_security.h
View file

@ -1,46 +0,0 @@
/*
* Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifdef DDSI_INCLUDE_ENCRYPTION
#ifndef Q_SECURITY_H
#define Q_SECURITY_H
#include "c_typebase.h"
#if defined (__cplusplus)
extern "C" {
#endif
/* Generic class */
C_CLASS(q_securityEncoderSet);
C_CLASS(q_securityDecoderSet);
/* Set of supported ciphers */
typedef enum
{
Q_CIPHER_UNDEFINED,
Q_CIPHER_NULL,
Q_CIPHER_BLOWFISH,
Q_CIPHER_AES128,
Q_CIPHER_AES192,
Q_CIPHER_AES256,
Q_CIPHER_NONE,
Q_CIPHER_MAX
} q_cipherType;
void ddsi_security_plugin (void);
#if defined (__cplusplus)
}
#endif
#endif
#endif

136
src/core/ddsi/src/q_config.c
View file

@ -181,9 +181,6 @@ DUPF(retransmit_merging);
DUPF(sched_class);
DUPF(maybe_memsize);
DUPF(maybe_int32);
#ifdef DDSI_INCLUDE_ENCRYPTION
DUPF(cipher);
#endif
#ifdef DDSI_INCLUDE_BANDWIDTH_LIMITING
DUPF(bandwidth);
#endif
@ -207,9 +204,6 @@ DF(ff_networkAddresses);
#ifdef DDSI_INCLUDE_NETWORK_CHANNELS
DI(if_channel);
#endif /* DDSI_INCLUDE_NETWORK_CHANNELS */
#ifdef DDSI_INCLUDE_ENCRYPTION
DI(if_security_profile);
#endif
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
DI(if_network_partition);
DI(if_ignored_partition);
@ -287,33 +281,6 @@ static const struct cfgelem general_cfgelems[] = {
END_MARKER
};
#ifdef DDSI_INCLUDE_ENCRYPTION
static const struct cfgelem securityprofile_cfgattrs[] = {
{ ATTR("Name"), 1, NULL, RELOFF(config_securityprofile_listelem, name), 0, uf_string, ff_free, pf_string,
BLURB("<p>This attribute specifies the name of this DDSI2E security profile. Two security profiles cannot have the same name.</p>") },
{ ATTR("Cipher"), 1, "null", RELOFF(config_securityprofile_listelem, cipher), 0, uf_cipher, 0, pf_cipher,
BLURB("<p>This attribute specifies the cipher to be used for encrypting traffic over network partitions secured by this security profile. The possible ciphers are:</p>\n\
<ul><li><i>aes128</i>: AES with a 128-bit key;</li>\n\
<li><i>aes192</i>: AES with a 192-bit key;</li>\n\
<li><i>aes256</i>: AES with a 256-bit key;</li>\n\
<li><i>blowfish</i>: the Blowfish cipher with a 128 bit key;</li>\n\
<li><i>null</i>: no encryption;</li></ul>\n\
<p>SHA1 is used on conjunction with all ciphers except \"null\" to ensure data integrity.</p>") },
{ ATTR("CipherKey"), 1, "", RELOFF(config_securityprofile_listelem, key), 0, uf_string, ff_free, pf_key,
BLURB("<p>The CipherKey attribute is used to define the secret key required by the cipher selected using the Cipher attribute. The value can be a URI referencing an external file containing the secret key, or the secret key can be defined in-place as a string value.</p>\n\
<p>The key must be specified as a hexadecimal string with each character representing 4 bits of the key. E.g., 1ABC represents the 16-bit key 0001 1010 1011 1100. The key should not follow a well-known pattern and must exactly match the key length of the selected cipher.</p>\n\
<p>A malformed key will cause the security profile to be marked as invalid, and disable all network partitions secured by the (invalid) security profile to prevent information leaks.</p>\n\
<p>As all DDS applications require read access to the XML configuration file, for security reasons it is recommended to store the secret key in an external file in the file system, referenced by its URI. The file should be protected against read and write access from other users on the host.</p>") },
END_MARKER
};
static const struct cfgelem security_cfgelems[] = {
{ LEAF_W_ATTRS("SecurityProfile", securityprofile_cfgattrs), INT_MAX, 0, ABSOFF(securityProfiles), if_security_profile, 0, 0, 0,
BLURB("<p>This element defines a DDSI2E security profile.</p>") },
END_MARKER
};
#endif /* DDSI_INCLUDE_ENCRYPTION */
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
static const struct cfgelem networkpartition_cfgattrs[] = {
{ ATTR("Name"), 1, NULL, RELOFF(config_networkpartition_listelem, name), 0, uf_string, ff_free, pf_string,
@ -322,10 +289,6 @@ static const struct cfgelem networkpartition_cfgattrs[] = {
BLURB("<p>This attribute specifies the multicast addresses associated with the network partition as a comma-separated list. Readers matching this network partition (cf. Partitioning/PartitionMappings) will listen for multicasts on all of these addresses and advertise them in the discovery protocol. The writers will select the most suitable address from the addresses advertised by the readers.</p>") },
{ ATTR("Connected"), 1, "true", RELOFF(config_networkpartition_listelem, connected), 0, uf_boolean, 0, pf_boolean,
BLURB("<p>This attribute is a placeholder.</p>") },
#ifdef DDSI_INCLUDE_ENCRYPTION
{ ATTR("SecurityProfile"), 1, "null", RELOFF(config_networkpartition_listelem, profileName), 0, uf_string, ff_free, pf_string,
BLURB("<p>This attribute selects the DDSI2E security profile for encrypting the traffic mapped to this DDSI2E network partition. The default \"null\" means the network partition is unsecured; any other name refers to a security profile defined using the Security/SecurityProfile elements.</p>") },
#endif /* DDSI_INCLUDE_ENCRYPTION */
END_MARKER
};
@ -810,10 +773,6 @@ static const struct cfgelem domain_cfgelems[] = {
{ MOVED("Id", "CycloneDDS/Domain[@Id]") },
{ GROUP("General", general_cfgelems),
BLURB("<p>The General element specifies overall DDSI2E service settings.</p>") },
#ifdef DDSI_INCLUDE_ENCRYPTION
{ GROUP("Security", security_cfgelems),
BLURB("<p>The Security element specifies DDSI2E security profiles that can be used to encrypt traffic mapped to DDSI2E network partitions.</p>") },
#endif
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
{ GROUP("Partitioning", partitioning_cfgelems),
BLURB("<p>The Partitioning element specifies DDSI2E network partitions and how DCPS partition/topic combinations are mapped onto the network partitions.</p>") },
@ -849,9 +808,6 @@ static const struct cfgelem root_cfgelems[] = {
{ GROUP_W_ATTRS("Domain", domain_cfgelems, domain_cfgattrs),
BLURB("<p>The General element specifying Domain related settings.</p>") },
{ MOVED("General", "CycloneDDS/Domain/General") },
#ifdef DDSI_INCLUDE_ENCRYPTION
{ MOVED("Security", "CycloneDDS/Domain/Security") },
#endif
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
{ MOVED("Partitioning", "CycloneDDS/Domain/Partitioning") },
#endif
@ -1263,15 +1219,6 @@ static int if_channel(struct cfgst *cfgst, void *parent, struct cfgelem const *
}
#endif /* DDSI_INCLUDE_NETWORK_CHANNELS */
#ifdef DDSI_INCLUDE_ENCRYPTION
static int if_security_profile (struct cfgst *cfgst, void *parent, struct cfgelem const * const cfgelem)
{
if (if_common (cfgst, parent, cfgelem, sizeof (struct config_securityprofile_listelem)) == NULL)
return -1;
return 0;
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
static int if_network_partition (struct cfgst *cfgst, void *parent, struct cfgelem const * const cfgelem)
{
@ -1279,10 +1226,6 @@ static int if_network_partition (struct cfgst *cfgst, void *parent, struct cfgel
if (new == NULL)
return -1;
new->address_string = NULL;
#ifdef DDSI_INCLUDE_ENCRYPTION
new->profileName = NULL;
new->securityProfile = NULL;
#endif /* DDSI_INCLUDE_ENCRYPTION */
return 0;
}
@ -1683,31 +1626,6 @@ static void pf_memsize (struct cfgst *cfgst, void *parent, struct cfgelem const
pf_int64_unit (cfgst, *elem, sources, unittab_memsize, "B");
}
#ifdef DDSI_INCLUDE_ENCRYPTION
static enum update_result uf_cipher(struct cfgst *cfgst, void *parent, struct cfgelem const * const cfgelem, UNUSED_ARG(int first), const char *value)
{
if (q_security_plugin.cipher_type_from_string)
{
q_cipherType * const elem = cfg_address (cfgst, parent, cfgelem);
if (! q_security_plugin.cipher_type_from_string (value, elem))
return cfg_error (cfgst, "%s: undefined value", value);
}
return URES_SUCCESS;
}
static void pf_cipher (struct cfgst *cfgst, void *parent, struct cfgelem const * const cfgelem, uint32_t sources)
{
q_cipherType const * const p = cfg_address (cfgst, parent, cfgelem);
if (q_security_plugin.cipher_type)
cfg_logelem (cfgst, sources, "%s", (q_security_plugin.cipher_type) (*p));
}
static void pf_key (struct cfgst *cfgst, UNUSED_ARG (void *parent), UNUSED_ARG (struct cfgelem const * const cfgelem), uint32_t sources)
{
cfg_logelem (cfgst, sources, "<hidden, see configfile>");
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
static enum update_result uf_tracingOutputFileName (struct cfgst *cfgst, UNUSED_ARG (void *parent), UNUSED_ARG (struct cfgelem const * const cfgelem), UNUSED_ARG (int first), const char *value)
{
struct config * const cfg = cfgst->cfg;
@ -2848,67 +2766,13 @@ struct cfgst *config_init (const char *config, struct config *cfg, uint32_t domi
ok = 0;
#endif
#ifdef DDSI_INCLUDE_ENCRYPTION
/* Check security profiles */
{
struct config_securityprofile_listelem *s = cfgst->cfg->securityProfiles;
while (s)
{
switch (s->cipher)
{
case Q_CIPHER_UNDEFINED:
case Q_CIPHER_NULL:
/* nop */
if (s->key && strlen(s->key) > 0)
DDS_ILOG (DDS_LC_INFO, domid, "config: DDSI2Service/Security/SecurityProfile[@cipherkey]: %s: cipher key not required\n", s->key);
break;
default:
/* read the cipherkey if present */
if (!s->key || strlen(s->key) == 0)
{
DDS_ILOG (DDS_LC_ERROR, domid, "config: DDSI2Service/Security/SecurityProfile[@cipherkey]: cipher key missing\n");
ok = 0;
}
else if (q_security_plugin.valid_uri && !(q_security_plugin.valid_uri) (s->cipher, s->key))
{
DDS_ILOG (DDS_LC_ERROR, domid, "config: DDSI2Service/Security/SecurityProfile[@cipherkey]: %s : incorrect key\n", s->key);
ok = 0;
}
}
s = s->next;
}
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
/* Assign network partition ids */
#ifdef DDSI_INCLUDE_ENCRYPTION
/* also create links from the network partitions to the
securityProfiles and signal errors if profiles do not exist */
#endif /* DDSI_INCLUDE_ENCRYPTION */
{
struct config_networkpartition_listelem *p = cfgst->cfg->networkPartitions;
cfgst->cfg->nof_networkPartitions = 0;
while (p)
{
#ifdef DDSI_INCLUDE_ENCRYPTION
if (ddsrt_strcasecmp(p->profileName, "null") == 0)
p->securityProfile = NULL;
else
{
struct config_securityprofile_listelem *s = cfgst->cfg->securityProfiles;
while (s && ddsrt_strcasecmp(p->profileName, s->name) != 0)
s = s->next;
if (s)
p->securityProfile = s;
else
{
DDS_ILOG (DDS_LC_ERROR, domid, "config: DDSI2Service/Partitioning/NetworkPartitions/NetworkPartition[@securityprofile]: %s: unknown securityprofile\n", p->profileName);
ok = 0;
}
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
cfgst->cfg->nof_networkPartitions++;
/* also use crc32 just like native nw and ordinary ddsi2e, only
for interoperability because it is asking for trouble &

18
src/core/ddsi/src/q_init.c
View file

@ -1001,14 +1001,6 @@ int rtps_init (struct q_globals *gv)
gv->xmsgpool = nn_xmsgpool_new ();
gv->serpool = ddsi_serdatapool_new ();
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.new_decoder)
{
gv->recvSecurityCodec = (q_security_plugin.new_decoder) ();
GVLOG (DDS_LC_CONFIG, "decoderset created\n");
}
#endif
nn_plist_init_default_participant (&gv->default_plist_pp);
nn_plist_init_default_participant (&gv->default_local_plist_pp);
nn_xqos_init_default_reader (&gv->default_xqos_rd);
@ -1337,10 +1329,6 @@ err_unicast_sockets:
ddsrt_cond_destroy (&gv->participant_set_cond);
ddsrt_mutex_destroy (&gv->participant_set_lock);
free_special_topics (gv);
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.free_decoder)
q_security_plugin.free_decoder (gv->recvSecurityCodec);
#endif
nn_xqos_fini (&gv->builtin_endpoint_xqos_wr);
nn_xqos_fini (&gv->builtin_endpoint_xqos_rd);
nn_xqos_fini (&gv->spdp_endpoint_xqos);
@ -1498,12 +1486,6 @@ void rtps_stop (struct q_globals *gv)
nn_reorder_free (gv->spdp_reorder);
nn_defrag_free (gv->spdp_defrag);
ddsrt_mutex_destroy (&gv->spdp_lock);
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.free_decoder)
{
(q_security_plugin.free_decoder) (gv->recvSecurityCodec);
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
{
struct ephash_enum_proxy_participant est;

64
src/core/ddsi/src/q_receive.c
View file

@ -206,19 +206,6 @@ static int valid_InfoTS (InfoTS_t *msg, size_t size, int byteswap)
}
}
static int valid_PT_InfoContainer (PT_InfoContainer_t *msg, size_t size, int byteswap)
{
if (size < sizeof (PT_InfoContainer_t))
return 0;
#if 0
if (msg->smhdr.flags)
return 0;
#endif
if (byteswap)
msg->id = bswap4u (msg->id);
return 1;
}
static int valid_Heartbeat (Heartbeat_t *msg, size_t size, int byteswap)
{
if (size < sizeof (*msg))
@ -2474,22 +2461,6 @@ static int handle_DataFrag (struct receiver_state *rst, nn_etime_t tnow, struct
return 1;
}
#ifdef DDSI_INCLUDE_ENCRYPTION
static size_t decode_container (unsigned char *submsg, size_t len)
{
size_t result = len;
if (gv.recvSecurityCodec && len > 0)
{
if (! (q_security_plugin.decode)
(gv.recvSecurityCodec, submsg, len, &result /* in/out, decrements the length*/))
{
result = 0;
}
}
return result;
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
static void malformed_packet_received_nosubmsg (const struct q_globals *gv, const unsigned char * msg, ssize_t len, const char *state, nn_vendorid_t vendorid
)
{
@ -2829,41 +2800,6 @@ static int handle_submsg_sequence
ts_for_latmeas = 0;
}
break;
case SMID_PT_INFO_CONTAINER:
if (vendor_is_eclipse_or_prismtech (rst->vendor))
{
state = "parse:pt_info_container";
GVTRACE ("PT_INFO_CONTAINER(");
if (!valid_PT_InfoContainer (&sm->pt_infocontainer, submsg_size, byteswap))
goto malformed;
switch (sm->pt_infocontainer.id)
{
case PTINFO_ID_ENCRYPT:
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.decode)
{
/* we have: msg .. submsg .. submsg+submsg_size-1 submsg .. msg+len-1
our container: data starts immediately following the pt_infocontainer */
const size_t len1 = submsg_size - sizeof (PT_InfoContainer_t);
unsigned char * const submsg1 = submsg + sizeof (PT_InfoContainer_t);
size_t len2 = decode_container (submsg1, len1);
if ( len2 != 0 ) {
TRACE ((")\n"));
thread_state_asleep (ts1);
if (handle_submsg_sequence (conn, srcloc, tnowWC, tnowE, src_prefix, dst_prefix, msg, (size_t) (submsg1 - msg) + len2, submsg1, rmsg) < 0)
goto malformed_asleep;
thread_state_awake (ts1);
}
TRACE (("PT_INFO_CONTAINER END"));
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
break;
default:
GVTRACE ("(unknown id %"PRIu32"?)\n", sm->pt_infocontainer.id);
}
}
break;
case SMID_PT_MSG_LEN:
{
#if 0

1743
src/core/ddsi/src/q_security.c
View file

File diff suppressed because it is too large Load diff

55
src/core/ddsi/src/q_xmsg.c
View file

@ -223,13 +223,6 @@ struct nn_xpack
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
uint32_t encoderId;
#endif /* DDSI_INCLUDE_NETWORK_PARTITIONS */
#ifdef DDSI_INCLUDE_ENCRYPTION
/* each partion is associated with a SecurityPolicy, this codecset will serve */
/* all of them, different cipher for each partition */
q_securityEncoderSet codec;
PT_InfoContainer_t SecurityHeader;
#endif /* DDSI_INCLUDE_ENCRYPTION */
};
static size_t align4u (size_t x)
@ -1001,16 +994,6 @@ struct nn_xpack * nn_xpack_new (ddsi_tran_conn_t conn, uint32_t bw_limit, bool a
if (xp->gv->thread_pool)
ddsi_sem_init (&xp->sem, 0);
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.new_encoder)
{
xp->codec = (q_security_plugin.new_encoder) ();
xp->SecurityHeader.smhdr.submessageId = SMID_PT_INFO_CONTAINER;
xp->SecurityHeader.smhdr.flags = (DDSRT_LITTLE_ENDIAN ? SMFLAG_ENDIANNESS : 0);
xp->SecurityHeader.smhdr.octetsToNextHeader = 4;
xp->SecurityHeader.id = PTINFO_ID_ENCRYPT;
}
#endif
#ifdef DDSI_INCLUDE_BANDWIDTH_LIMITING
nn_bw_limit_init (&xp->limiter, bw_limit);
#else
@ -1023,12 +1006,6 @@ void nn_xpack_free (struct nn_xpack *xp)
{
assert (xp->niov == 0);
assert (xp->included_msgs.latest == NULL);
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.free_encoder)
{
(q_security_plugin.free_encoder) (xp->codec);
}
#endif
if (xp->gv->thread_pool)
ddsi_sem_destroy (&xp->sem);
ddsrt_free (xp->iov);
@ -1059,16 +1036,6 @@ static ssize_t nn_xpack_send1 (const nn_locator_t *loc, void * varg)
}
}
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.send_encoded && xp->encoderId != 0 && (q_security_plugin.encoder_type) (xp->codec, xp->encoderId) != Q_CIPHER_NONE)
{
struct iovec iov[NN_XMSG_MAX_MESSAGE_IOVECS];
memcpy (iov, xp->iov, sizeof (iov));
nbytes = (q_security_plugin.send_encoded) (xp->conn, loc, xp->niov, iov, &xp->codec, xp->encoderId, xp->call_flags);
}
else
#endif
{
if (!gv->mute)
{
nbytes = ddsi_conn_write (xp->conn, loc, xp->niov, xp->iov, xp->call_flags);
@ -1087,7 +1054,6 @@ static ssize_t nn_xpack_send1 (const nn_locator_t *loc, void * varg)
GVTRACE ("(dropped)");
nbytes = (ssize_t) xp->msg_len.length;
}
}
/* Clear call flags, as used on a per call basis */
@ -1352,16 +1318,6 @@ static int nn_xpack_mayaddmsg (const struct nn_xpack *xp, const struct nn_xmsg *
payload_size = m->refd_payload ? (unsigned) m->refd_payload_iov.iov_len : 0;
#ifdef DDSI_INCLUDE_ENCRYPTION
if (xp->encoderId)
{
unsigned security_header;
security_header = (q_security_plugin.header_size) (xp->codec, xp->encoderId);
assert (security_header < max_msg_size);
max_msg_size -= security_header;
}
#endif
/* Check if max message size exceeded */
if (xp->msg_len.length + m->sz + payload_size > max_msg_size)
@ -1477,17 +1433,6 @@ int nn_xpack_addmsg (struct nn_xpack *xp, struct nn_xmsg *m, const uint32_t flag
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
xp->encoderId = m->encoderid;
#endif
#ifdef DDSI_INCLUDE_ENCRYPTION
if (xp->encoderId > 0 && (q_security_plugin.encoder_type) (xp->codec, xp->encoderId) != Q_CIPHER_NONE)
{
/* Insert a reference to the security header
the correct size will be set upon encryption in q_xpack_sendmsg_encoded */
xp->iov[niov].iov_base = (void*) &xp->SecurityHeader;
xp->iov[niov].iov_len = sizeof (xp->SecurityHeader);
sz += xp->iov[niov].iov_len;
niov++;
}
#endif
xp->last_src = &xp->hdr.guid_prefix;
xp->last_dst = NULL;