Impement the revoke identity callback in ddsi that is called when
the identity certificate of a participant expires. In case the
identity handle that expires is from a local participant, all
proxy pp connections will be dropped for this participant. In case
the identity that expires is from a remote participant, the
corresponding proxy participant is deleted.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Implement handler for access control on_revoke_permissions. This callback
function disconnects and deletes all proxy participant that are using the
revoked permissions handle (in case of remote permissions expire) and
proxy participant that are connected with a participant for which the
permissions expire (local permissions expire).
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Refactoring security core tests and adding more tests:
- Dynamically generate ca and identity certificates in authentication tests, so that certificate expiry is tested.
Added writing/reading samples to these tests to ensure that nodes can (or cannot) communicate in a specific test case
- Secure communication tests: improved the validation of encryption in wrapper
- Added test for access control plugin settings
- Replaced the in-code test identities (and included ca private keys), added an additional identity
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Trying not to assume an int is at least 32 bits.
* Technically speaking, comparing "unrelated" addresses is undefined
behaviour which can be avoided by a cast to uintptr_t.
* The early out if either local_crypto == 0 does work in context,
provided the nodes in tree never have local_crypto == 0. That implies
crypto_insert_endpoint_relation must never have a 0 in there, which I
think the callers do respect. Still I think it is better to not hide
these assumptions in the compare function and address the problem in
the lookup function instead.
These changes likely make the code fractionally slower, but I do think
they improve clarity.
Signed-off-by: Erik Boasson <eb@ilities.com>
* Remove duplicated code in authentication plugin
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Fix build warnings
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Fix memory leak and call create_validate_asymmetrical_signature directly from create_validate_signature_impl
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Fix refcount issue (assert in openssl) for identity cert in hs remote info
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Refactoring of validate_handshake_token function
Co-authored-by: Erik Boasson <eb@ilities.com>
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Isolate domains by using unique tags when running tests that are using security handshake.
And updated coding style and some minor refactoring in fsm and timed_cb tests.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Trusted CA dir in security configuration is optional, but participant
creation currently fails if no or empty dir is provided. This commit
fixes this issue and adds some tests for various trusted_ca_dir values.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
updated plugin loading tests to use these instead of specific wrappers per test. Added
test for securing communication ad handshake fail (using different identity CAs)
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Implement trigger of certificate and permission expiries using the timed callbacks.
Implement directory operations such that trusted CA can be read.
This implements OS abstraction functions such as opendir and stat.
Signed-off-by: Stefan Kimmer <skimmer@s2e-systems.com>
This commit adds the build-in Access Control plugin that is part of the
DDS Security implementation for Cyclone.
The Access Control Plugin API defines the types and operations necessary
to support an access control mechanism for DDS Domain Participants.
Similar to other builtin plugins, the DDS Security access control plugin
is built as a shared library to allow dynamic library loading on runtime.
This enables DDS participants to use specific plugin implementations with
different configurations.
This commit includes some basic tests for the access control functions.
This initial version of the plugin does not support permissions expiry
(not-valid-after date in permissions configuration).
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Process review comments for access control plugin
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Part 2 of processing review changes for access control
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Add test for topicname dcps, add comment for xml date parser
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Fixed an bug in leap year count for year 2200, changed the rounding for sub-ns fraction and added an additional overflow test in DDS_Security_parse_xml_date
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Dispatchers are added to a custom linked list while each dispatcher owns a
fibheap of callbacks that are ordered by expiry timestamp. A seperate
fibheap is use for each dispatcher to allow disabling and enabling of
each dispatcher. A new and free function is added that creates a
timed_cd_data object that is used by every public function. A thread is
initialized at object creation instead of using a counter. Add
a protection for the terminate flag.
Signed-off-by: Joao Rebelo <jrebelo@s2e-systems.com>
A generic FSM has been added to DDS Security Core component to realize authentication handshake process.
The list of the states and the transitions are given in the creation and the FSM is started with a start call.
Passing arguments to transition funstions is possible.
Timeout transitions are possible.
Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
Security plugin loading with the given configuration has been added.
The configuration can be given by either the Cyclone DDS configuration file or ParticipantQoS during participant creation.
ParticipantQoS is required by DDS Security spec. However, the configuration file is an additional useful feature that helps the user to add security to the DDS application without changing the binary.
If ParticipantQoS has a Property starting with the name "dds.sec", then the configuration file is ignored.
If the participant is the first participant, the security component is initialized. If the participant is the last active participant, then the security component is de-initialized.
Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
* DDS Security built-in Cryptographic plugin
This commit adds the built-in Cryptographic plugin that is part of the
DDS Security implementation for Cyclone.
The Cryptographic plugin defines the types and operations necessary
to support encryption, digest, message authentication codes, and key
exchange for DDS DomainParticipants, DataWriters and DDS DataReaders.
Similar to other builtin plugins, the DDS Security cryptographic plugin
is built as a shared library to allow dynamic library loading on runtime.
This enables DDS participants to use specific plugin implementations
with different configurations.
Although I think this initial version is a reasonable starting point to be
merged in the security branch, some parts of the code will need refactoring:
* crypto_key_factory.c: crypto_factory_get_endpoint_relation returns
arbitrary local-remote relation if no specific key for remote is found,
which will not work in Cyclone because participants can have different
security settings
* performance of encoding data can be improved by not copying
plain_rtps_message to a new buffer (to enable this, crypto_cipher_encrypt_data
should allow encrypting parts of a message)
* when decoding a message the message is split in several parts (header, body,
footer, etc) and for this memory is allocated which is probably not necessary.
Performance should be improved by removing these allocations and use pointers
to the data instead.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP processing crypto plugin review comments
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP more refactoring based on review comments
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP fixing crypto plugin support for 128 bit key size
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP refactored master key storage to reduce memory usage when using 128 bit keys
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP fixing windows build linker issue
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* WIP refactored crypto key types, avoid returning pointers to released ref-counted object
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Fixed bug in test decode_datareader_submessage.invalid_data
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
* Fixed issues from review: use correct constant for hashing and handle different src/dst keysize correctly
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Builtin authentication plugin of DDS Security implementation was added.
This plugin is the first implementation and it also contains the functions that are used initially in the secure communication sequence.
The builtin authentication plugin implements authentication using a trusted Certificate Authority (CA). It performs mutual authentication between discovered participants using the RSA or ECDSA Digital Signature Algorithms and establishes a shared secret using Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Methods.
DDS Security core component is introduced with this commit. DDSI and other builtin plugins will also use the security core.
Like all builtin plugins, dds security authentication plugin is a shared library for providing dynamic library loading on runtime. So that, dds participants can use different plugin implementations with different configurations.
Authentication plugin uses ddsrt functions. ddsrt is not expected to be a shared library and statically adding ddsrt objects to authentication library produces linkage errors in windows. So, dynamically linking authentication plugin to ddc library is decided. Another decision should be taken for the platforms that are not supporting dynamic libraries later.
Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
