* DDS Security built-in Cryptographic plugin
This commit adds the built-in Cryptographic plugin that is part of the
DDS Security implementation for Cyclone.
The Cryptographic plugin defines the types and operations necessary
to support encryption, digest, message authentication codes, and key
exchange for DDS DomainParticipants, DataWriters and DDS DataReaders.
Similar to other builtin plugins, the DDS Security cryptographic plugin
is built as a shared library to allow dynamic library loading on runtime.
This enables DDS participants to use specific plugin implementations
with different configurations.
Although I think this initial version is a reasonable starting point to be
merged in the security branch, some parts of the code will need refactoring:
* crypto_key_factory.c: crypto_factory_get_endpoint_relation returns
arbitrary local-remote relation if no specific key for remote is found,
which will not work in Cyclone because participants can have different
security settings
* performance of encoding data can be improved by not copying
plain_rtps_message to a new buffer (to enable this, crypto_cipher_encrypt_data
should allow encrypting parts of a message)
* when decoding a message the message is split in several parts (header, body,
footer, etc) and for this memory is allocated which is probably not necessary.
Performance should be improved by removing these allocations and use pointers
to the data instead.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP processing crypto plugin review comments
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP more refactoring based on review comments
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP fixing crypto plugin support for 128 bit key size
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP refactored master key storage to reduce memory usage when using 128 bit keys
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP fixing windows build linker issue
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP refactored crypto key types, avoid returning pointers to released ref-counted object
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Fixed bug in test decode_datareader_submessage.invalid_data
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Fixed issues from review: use correct constant for hashing and handle different src/dst keysize correctly
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* String functions required by DDS Security Access Control plugin
The implementation for the DDS Security Access Control plugin
requires two additional string functions. This commit adds the
ddsrt_str_replace function (including tests) and exports the
existing function ddsrt_todigit.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Suppress strcpy warnings in Windows builds for ddsrt_str_replace
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Minor nitpicks on ddsrt_str_replace
Signed-off-by: Erik Boasson <eb@ilities.com>
Builtin authentication plugin of DDS Security implementation was added.
This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence.
The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods.
DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core.
Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations.
Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later.
Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
* Add PropertyPolicy to QoS API for Security settings
This commit adds the public API for PropertyQosPolicy including
tests. This policy can be used to set the parameters for the DDS security
implementation, as an alternative for using the xml configuration.
Tests are also inlcuded for setting security properties and conflict
resolving when both security configuration and qos properties are present.
Finally, the pubsub tool is updated so that is handles this qos correctly.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Init binary_value.props to fix failing qos merge and moved init code in qset_prop functions
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Add additional test and some validation improvements based on review comments
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Refactoring of qos property
Refactored the qos property handling based on review comments. Setting
and unsettings functions are simplified and now use helper functions
for lookup, property initialisation is simplified. Added an additional
check for required security properties when creating participant using
security settings from qos, and added a test-case for this code.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Check for qos flag before getting property index from qos
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Participant creation should fail on inconsistent security qos properties, and some minor code improvements in property qos api functions
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Update log message in test security_config_qos
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Fixed unused label compiler error in q_entity.c when security is disabled
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Refactored qprop functions with macros to avoid code duplicate code
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Moved bswap functions to ddsrt
Moved the byte swapping functions from ddsi to ddsrt so that
these can be re-used in e.g. the security plugins and tests.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Moved decarations for bswap functions to ddsrt
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
This will eliminate two large dependencies when building CycloneDDS with
colcon for ROS 2, which doesn't appear to need the IDLC.
Signed-off-by: Scott K Logan <logans@cottsay.net>
This is useful when building CycloneDDS on platforms that provide CMake
configuration for CUnit outside of Conan.
If no configuration is found in the system CMake registry the module
continues as before.
Co-authored-by: Steven! Ragnarök <steven@nuclearsandwich.com>
Signed-off-by: Scott K Logan <logans@cottsay.net>
These conditionals may fail if the variable they're checking isn't
defined at all. Adding quotes makes the comparison against an empty
string in this case, which avoids the syntax error.
Signed-off-by: Scott K Logan <logans@cottsay.net>
CMAKE_PROJECT_NAME refers to the top-level project name, not the most recent project. So any CMake project that pulls this in as a dependency was in for a nasty surprise.
https://cmake.org/cmake/help/latest/variable/CMAKE_PROJECT_NAME.html
Signed-off-by: Dan Rose <dan@digilabs.io>
The test only works on Linux and macOS because of the system
dependencies in catching an abort. The logging code is platform
independent so testing only on these platforms still gives a good sanity
check.
Signed-off-by: Erik Boasson <eb@ilities.com>
Allow unique prefix matches for elements and attributes specified in
directly in CYCLONEDDS_URI. That mode already has a few niceties for
quickly specifying some configuration overrides, this is simply one
more.
Signed-off-by: Erik Boasson <eb@ilities.com>
The ``docs/makernc.pl`` perl script can extract the options from the
source code for the configuration processing and turn these into a
GitHub MarkDown document and a RELAX NG Compact form (RNC) description
of the options. Standard conversion tools can be used to turn the RNC
file into an XSD.
Although they are generated by a mechanical transformation, it is not
(yet) part of the build process, in no small part because there no
proper generation and publishing system has yet been set up for the
documentation.
Now that there is an XSD and a Markdown file for discovering the
options, there is no need to retain the configuration editing tool. Any
decent editor will do a better job.
Signed-off-by: Erik Boasson <eb@ilities.com>
From a distant past came code to encrypt data on the wire, but it hasn't
been functional in Cyclone for a long time and it only ever provided
protection against casual eavesdroppers. It is better to delete it.
Signed-off-by: Erik Boasson <eb@ilities.com>
* macOS < 10.13: skip log tests for want of fmemopen
There is a dependency on fmemopen in the tests for the logging
functions, which macOS introduced only in version 10.13. There should
be no other obstacle to building/running/testing on older versions of
macOS. This commit does the pragmatic thing: remove the dependency and
turns the tests into no-ops in this one case.
Signed-off-by: Erik Boasson <eb@ilities.com>
* Fix macOS clock_gettime_nsec_np availability test
Signed-off-by: Erik Boasson <eb@ilities.com>
* GUID, keyhash compare (currently no reliance on this comparison, so
not causing trouble in Cyclone for applications)
* comparing "propagate" boolean in plist (newly added for security,
not yet used)
* fix memory leak in plist_unalias (currently only used in duplicating
them, in which case the memory leak doesn't occur)
* add unit tests for plist handling
Signed-off-by: Erik Boasson <eb@ilities.com>
