Adding a test that checks the effects of using different configuration settings
for discovery protection. This test set uses the cryptography wrapper to count
the number of invocations of the encode and decode functions during a session
and checks the counts with the expected values.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Introduced a test that checks if all crypto tokens send by a node are
received correctly by the remote node. To support this test, the crypto
wrapper plugin is extended with a token_log mode, that stores all tokens
that are exchanged after the security handshake is finished.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Implement handler for access control on_revoke_permissions. This callback
function disconnects and deletes all proxy participant that are using the
revoked permissions handle (in case of remote permissions expire) and
proxy participant that are connected with a participant for which the
permissions expire (local permissions expire).
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Refactoring security core tests and adding more tests:
- Dynamically generate ca and identity certificates in authentication tests, so that certificate expiry is tested.
Added writing/reading samples to these tests to ensure that nodes can (or cannot) communicate in a specific test case
- Secure communication tests: improved the validation of encryption in wrapper
- Added test for access control plugin settings
- Replaced the in-code test identities (and included ca private keys), added an additional identity
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Trying not to assume an int is at least 32 bits.
* Technically speaking, comparing "unrelated" addresses is undefined
behaviour which can be avoided by a cast to uintptr_t.
* The early out if either local_crypto == 0 does work in context,
provided the nodes in tree never have local_crypto == 0. That implies
crypto_insert_endpoint_relation must never have a 0 in there, which I
think the callers do respect. Still I think it is better to not hide
these assumptions in the compare function and address the problem in
the lookup function instead.
These changes likely make the code fractionally slower, but I do think
they improve clarity.
Signed-off-by: Erik Boasson <eb@ilities.com>
Isolate domains by using unique tags when running tests that are using security handshake.
And updated coding style and some minor refactoring in fsm and timed_cb tests.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
updated plugin loading tests to use these instead of specific wrappers per test. Added
test for securing communication ad handshake fail (using different identity CAs)
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
