Sign extension causes some character values to be interpreted as special
tokens, potentially causing the parser to hang, pass a null pointer as
element name to the "elem_open" callback (which would crash the
configuration processing).
Signed-off-by: Erik Boasson <eb@ilities.com>
When scanning buckets while looking for a specific element, it is faster
to only inspect those buckets for which the corresponding bit in
"hopinfo" is set. Sadly, simple scanning is faster than the far more
elegant perfect hash based on a De Bruijn sequence.
Add a simple test/performance measurement.
Signed-off-by: Erik Boasson <eb@ilities.com>
Builtin authentication plugin of DDS Security implementation was added.
This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence.
The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods.
DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core.
Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations.
Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later.
Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
* Add PropertyPolicy to QoS API for Security settings
This commit adds the public API for PropertyQosPolicy including
tests. This policy can be used to set the parameters for the DDS security
implementation, as an alternative for using the xml configuration.
Tests are also inlcuded for setting security properties and conflict
resolving when both security configuration and qos properties are present.
Finally, the pubsub tool is updated so that is handles this qos correctly.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Init binary_value.props to fix failing qos merge and moved init code in qset_prop functions
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Add additional test and some validation improvements based on review comments
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Refactoring of qos property
Refactored the qos property handling based on review comments. Setting
and unsettings functions are simplified and now use helper functions
for lookup, property initialisation is simplified. Added an additional
check for required security properties when creating participant using
security settings from qos, and added a test-case for this code.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Check for qos flag before getting property index from qos
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Participant creation should fail on inconsistent security qos properties, and some minor code improvements in property qos api functions
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Update log message in test security_config_qos
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Fixed unused label compiler error in q_entity.c when security is disabled
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Refactored qprop functions with macros to avoid code duplicate code
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Moved bswap functions to ddsrt
Moved the byte swapping functions from ddsi to ddsrt so that
these can be re-used in e.g. the security plugins and tests.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Moved decarations for bswap functions to ddsrt
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
This will eliminate two large dependencies when building CycloneDDS with
colcon for ROS 2, which doesn't appear to need the IDLC.
Signed-off-by: Scott K Logan <logans@cottsay.net>
This is useful when building CycloneDDS on platforms that provide CMake
configuration for CUnit outside of Conan.
If no configuration is found in the system CMake registry the module
continues as before.
Co-authored-by: Steven! Ragnarök <steven@nuclearsandwich.com>
Signed-off-by: Scott K Logan <logans@cottsay.net>
These conditionals may fail if the variable they're checking isn't
defined at all. Adding quotes makes the comparison against an empty
string in this case, which avoids the syntax error.
Signed-off-by: Scott K Logan <logans@cottsay.net>
CMAKE_PROJECT_NAME refers to the top-level project name, not the most recent project. So any CMake project that pulls this in as a dependency was in for a nasty surprise.
https://cmake.org/cmake/help/latest/variable/CMAKE_PROJECT_NAME.html
Signed-off-by: Dan Rose <dan@digilabs.io>
The test only works on Linux and macOS because of the system
dependencies in catching an abort. The logging code is platform
independent so testing only on these platforms still gives a good sanity
check.
Signed-off-by: Erik Boasson <eb@ilities.com>
Allow unique prefix matches for elements and attributes specified in
directly in CYCLONEDDS_URI. That mode already has a few niceties for
quickly specifying some configuration overrides, this is simply one
more.
Signed-off-by: Erik Boasson <eb@ilities.com>
The ``docs/makernc.pl`` perl script can extract the options from the
source code for the configuration processing and turn these into a
GitHub MarkDown document and a RELAX NG Compact form (RNC) description
of the options. Standard conversion tools can be used to turn the RNC
file into an XSD.
Although they are generated by a mechanical transformation, it is not
(yet) part of the build process, in no small part because there no
proper generation and publishing system has yet been set up for the
documentation.
Now that there is an XSD and a Markdown file for discovering the
options, there is no need to retain the configuration editing tool. Any
decent editor will do a better job.
Signed-off-by: Erik Boasson <eb@ilities.com>
From a distant past came code to encrypt data on the wire, but it hasn't
been functional in Cyclone for a long time and it only ever provided
protection against casual eavesdroppers. It is better to delete it.
Signed-off-by: Erik Boasson <eb@ilities.com>
* macOS < 10.13: skip log tests for want of fmemopen
There is a dependency on fmemopen in the tests for the logging
functions, which macOS introduced only in version 10.13. There should
be no other obstacle to building/running/testing on older versions of
macOS. This commit does the pragmatic thing: remove the dependency and
turns the tests into no-ops in this one case.
Signed-off-by: Erik Boasson <eb@ilities.com>
* Fix macOS clock_gettime_nsec_np availability test
Signed-off-by: Erik Boasson <eb@ilities.com>
* GUID, keyhash compare (currently no reliance on this comparison, so
not causing trouble in Cyclone for applications)
* comparing "propagate" boolean in plist (newly added for security,
not yet used)
* fix memory leak in plist_unalias (currently only used in duplicating
them, in which case the memory leak doesn't occur)
* add unit tests for plist handling
Signed-off-by: Erik Boasson <eb@ilities.com>
