diff --git a/src/cpp/fastrtps_deprecated/security/authentication/PKIDH.cpp b/src/cpp/fastrtps_deprecated/security/authentication/PKIDH.cpp index d6adc30ce86..5afe1690dc8 100644 --- a/src/cpp/fastrtps_deprecated/security/authentication/PKIDH.cpp +++ b/src/cpp/fastrtps_deprecated/security/authentication/PKIDH.cpp @@ -32,6 +32,12 @@ #define OPENSSL_CONST #endif +#if OPENSSL_VERSION_NUMBER >= 0x10101040L +#define IS_OPENSSL_1_1_1d 1 +#else +#define IS_OPENSSL_1_1_1d 0 +#endif + #include #include #include @@ -741,7 +747,7 @@ static EVP_PKEY* generate_dh_key( return nullptr; } } - else + else if (type == EVP_PKEY_DH) { params = EVP_PKEY_new(); if (params != nullptr) @@ -759,6 +765,11 @@ static EVP_PKEY* generate_dh_key( return nullptr; } } + else + { + exception = _SecurityException_("Wrong DH kind"); + return nullptr; + } EVP_PKEY* keys = nullptr; EVP_PKEY_CTX* kctx = EVP_PKEY_CTX_new(params, NULL); @@ -795,47 +806,56 @@ static EVP_PKEY* generate_dh_key( static bool store_dh_public_key( EVP_PKEY* dhkey, + int type, std::vector& buffer, SecurityException& exception) { bool returnedValue = false; - DH* dh = + + if (type == EVP_PKEY_DH) + { + DH* dh = #if IS_OPENSSL_1_1 EVP_PKEY_get0_DH(dhkey); #else dhkey->pkey.dh; #endif - if (dh != nullptr) - { + if (dh != nullptr) + { #if IS_OPENSSL_1_1 - const BIGNUM* pub_key = nullptr; - const BIGNUM* priv_key = nullptr; - DH_get0_key(dh, &pub_key, &priv_key); + const BIGNUM* pub_key = nullptr; + const BIGNUM* priv_key = nullptr; + DH_get0_key(dh, &pub_key, &priv_key); #else - const BIGNUM* pub_key = dh->pub_key; + const BIGNUM* pub_key = dh->pub_key; #endif - int len = BN_num_bytes(pub_key); - buffer.resize(len); - unsigned char* pointer = buffer.data(); - if (BN_bn2bin(pub_key, pointer) == len) - { - returnedValue = true; + int len = BN_num_bytes(pub_key); + buffer.resize(len); + unsigned char* pointer = buffer.data(); + if (BN_bn2bin(pub_key, pointer) == len) + { + returnedValue = true; + } + else + { + exception = _SecurityException_("Cannot serialize public key"); + } } else { - exception = _SecurityException_("Cannot serialize public key"); + exception = _SecurityException_("OpenSSL library doesn't retrieve DH"); } } - else + else if(type == EVP_PKEY_EC) { EC_KEY* ec = #if IS_OPENSSL_1_1 - EVP_PKEY_get0_EC_KEY(dhkey); + EVP_PKEY_get0_EC_KEY(dhkey); #else - dhkey->pkey.ec; + dhkey->pkey.ec; #endif if (ec != nullptr) { @@ -857,6 +877,10 @@ static bool store_dh_public_key( exception = _SecurityException_("OpenSSL library doesn't retrieve DH"); } } + else + { + exception = _SecurityException_("Wrong DH kind"); + } return returnedValue; } @@ -864,7 +888,7 @@ static bool store_dh_public_key( static EVP_PKEY* generate_dh_peer_key( const std::vector& buffer, SecurityException& exception, - int alg_kind = EVP_PKEY_DH) + int alg_kind) { if (alg_kind == EVP_PKEY_DH) { @@ -890,7 +914,12 @@ static EVP_PKEY* generate_dh_peer_key( if (key != nullptr) { +#if IS_OPENSSL_1_1_1d + int type = DH_get0_q(dh) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX; + if (EVP_PKEY_assign(key, type, dh) > 0) +#else if (EVP_PKEY_assign_DH(key, dh) > 0) +#endif { return key; } @@ -916,7 +945,7 @@ static EVP_PKEY* generate_dh_peer_key( exception = _SecurityException_("OpenSSL library cannot create dh"); } } - else + else if (alg_kind == EVP_PKEY_EC) { EC_KEY* ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); @@ -962,6 +991,10 @@ static EVP_PKEY* generate_dh_peer_key( exception = _SecurityException_("OpenSSL library cannot create ec"); } } + else + { + exception = _SecurityException_("Wrong DH kind"); + } return nullptr; } @@ -1370,14 +1403,15 @@ ValidationResult_t PKIDH::begin_handshake_request( bproperty.propagate(true); (*handshake_handle_aux)->handshake_message_.binary_properties().push_back(std::move(bproperty)); + int kagree_kind = get_dh_type((*handshake_handle_aux)->kagree_alg_); + // dh1 - if (((*handshake_handle_aux)->dhkeys_ = - generate_dh_key(get_dh_type((*handshake_handle_aux)->kagree_alg_), exception)) != nullptr) + if (((*handshake_handle_aux)->dhkeys_ = generate_dh_key(kagree_kind, exception)) != nullptr) { bproperty.name("dh1"); bproperty.propagate(true); - if (store_dh_public_key((*handshake_handle_aux)->dhkeys_, bproperty.value(), exception)) + if (store_dh_public_key((*handshake_handle_aux)->dhkeys_, kagree_kind, bproperty.value(), exception)) { (*handshake_handle_aux)->handshake_message_.binary_properties().push_back(std::move(bproperty)); @@ -1732,7 +1766,7 @@ ValidationResult_t PKIDH::begin_handshake_reply( bproperty.name("dh2"); bproperty.propagate(true); - if (store_dh_public_key((*handshake_handle_aux)->dhkeys_, bproperty.value(), exception)) + if (store_dh_public_key((*handshake_handle_aux)->dhkeys_, kagree_kind, bproperty.value(), exception)) { (*handshake_handle_aux)->handshake_message_.binary_properties().push_back(std::move(bproperty)); @@ -2056,14 +2090,15 @@ ValidationResult_t PKIDH::process_handshake_request( // dh2 BinaryProperty* dh2 = DataHolderHelper::find_binary_property(handshake_message_in, "dh2"); - if (dh2 == nullptr) { logWarning(SECURITY_AUTHENTICATION, "Cannot find property dh2"); return ValidationResult_t::VALIDATION_FAILED; } - if ((handshake_handle->peerkeys_ = generate_dh_peer_key(dh2->value(), exception)) == nullptr) + int kagree_kind = get_dh_type(s_kagree_algo); + + if ((handshake_handle->peerkeys_ = generate_dh_peer_key(dh2->value(), exception, kagree_kind)) == nullptr) { exception = _SecurityException_("Cannot store peer key from dh2"); return ValidationResult_t::VALIDATION_FAILED; diff --git a/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_KeyFactory.cpp b/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_KeyFactory.cpp index 712d23a8834..2f8a13ad97d 100644 --- a/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_KeyFactory.cpp +++ b/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_KeyFactory.cpp @@ -320,7 +320,7 @@ DatawriterCryptoHandle * AESGCMGMAC_KeyFactory::register_local_datawriter( auto plugin_attrs = datawriter_security_properties.plugin_endpoint_attributes; bool is_sub_encrypted = (plugin_attrs & PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ENCRYPTED) != 0; bool is_payload_encrypted = (plugin_attrs & PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_PAYLOAD_ENCRYPTED) != 0; - bool use_256_bits = false; + bool use_256_bits = true; bool use_kx_keys = false; int maxblockspersession = 32; //Default to key update every 32 usages if (!datawriter_prop.empty()) @@ -329,9 +329,9 @@ DatawriterCryptoHandle * AESGCMGMAC_KeyFactory::register_local_datawriter( { if (it->name().compare("dds.sec.crypto.keysize") == 0) { - if (it->value().compare("256") == 0) + if (it->value().compare("128") == 0) { - use_256_bits = true; + use_256_bits = false; } } else if (it->name().compare("dds.sec.crypto.maxblockspersession") == 0) @@ -539,7 +539,7 @@ DatareaderCryptoHandle * AESGCMGMAC_KeyFactory::register_local_datareader( auto plugin_attrs = datareder_security_attributes.plugin_endpoint_attributes; bool is_sub_encrypted = (plugin_attrs & PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ENCRYPTED) != 0; - bool use_256_bits = false; + bool use_256_bits = true; bool use_kx_keys = false; int maxblockspersession = 32; //Default to key update every 32 usages if (!datareader_properties.empty()) @@ -548,9 +548,9 @@ DatareaderCryptoHandle * AESGCMGMAC_KeyFactory::register_local_datareader( { if (it->name().compare("dds.sec.crypto.keysize") == 0) { - if (it->value().compare("256") == 0) + if (it->value().compare("128") == 0) { - use_256_bits = true; + use_256_bits = false; } } else if (it->name().compare("dds.sec.crypto.maxblockspersession") == 0) @@ -847,12 +847,12 @@ void AESGCMGMAC_KeyFactory::create_key( bool use_256_bits) { std::array transformationtype = encrypt_then_sign - ? use_256_bits + ? (use_256_bits ? c_transfrom_kind_aes256_gcm - : c_transfrom_kind_aes128_gcm - : use_256_bits + : c_transfrom_kind_aes128_gcm) + : (use_256_bits ? c_transfrom_kind_aes256_gmac - : c_transfrom_kind_aes128_gmac; + : c_transfrom_kind_aes128_gmac); int nBytes = use_256_bits ? 32 : 16; diff --git a/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_Transform.cpp b/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_Transform.cpp index 96773aa1bc0..3465c53d376 100644 --- a/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_Transform.cpp +++ b/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_Transform.cpp @@ -111,11 +111,13 @@ bool AESGCMGMAC_Transform::encode_serialized_payload( session->session_block_counter += 1; //Build NONCE elements (Build once, use once) - std::array initialization_vector_suffix; //iv suffix changes with every operation + //iv suffix changes with every operation + std::array initialization_vector_suffix; RAND_bytes(initialization_vector_suffix.data(), initialization_vector_suffix_length); - std::array initialization_vector; //96 bytes, session_id + suffix + // 96 bits, session_id + suffix + std::array initialization_vector; memcpy(initialization_vector.data(),&(session->session_id),4); - memcpy(initialization_vector.data() + 4, initialization_vector_suffix.data(), 8); + memcpy(initialization_vector.data() + 4, initialization_vector_suffix.data(), initialization_vector_suffix_length); std::array session_id; memcpy(session_id.data(), &(session->session_id), 4); @@ -668,14 +670,15 @@ bool AESGCMGMAC_Transform::decode_rtps_message( memcpy(&session_id, header.session_id.data(), 4); //Sessionkey - std::array session_key; + std::array session_key{0}; compute_sessionkey(session_key, sending_participant->RemoteParticipant2ParticipantKeyMaterial.at(0), session_id); //IV - std::array initialization_vector; + std::array initialization_vector{0}; memcpy(initialization_vector.data(), header.session_id.data(), 4); - memcpy(initialization_vector.data() + 4, header.initialization_vector_suffix.data(), 8); + memcpy(initialization_vector.data() + 4, + header.initialization_vector_suffix.data(), initialization_vector_suffix_length); // Body uint32_t body_length = 0, body_align = 0; @@ -1040,12 +1043,13 @@ bool AESGCMGMAC_Transform::decode_datawriter_submessage( uint32_t session_id; memcpy(&session_id,header.session_id.data(),4); //Sessionkey - std::array session_key; + std::array session_key{0}; compute_sessionkey(session_key, *keyMat, session_id); //IV - std::array initialization_vector; + std::array initialization_vector{0}; memcpy(initialization_vector.data(), header.session_id.data(), 4); - memcpy(initialization_vector.data() + 4, header.initialization_vector_suffix.data(), 8); + memcpy(initialization_vector.data() + 4, + header.initialization_vector_suffix.data(), initialization_vector_suffix_length); // Body uint32_t body_length = 0, body_align = 0; @@ -1218,12 +1222,13 @@ bool AESGCMGMAC_Transform::decode_datareader_submessage( uint32_t session_id; memcpy(&session_id,header.session_id.data(),4); //Sessionkey - std::array session_key; + std::array session_key{0}; compute_sessionkey(session_key, *keyMat, session_id); //IV - std::array initialization_vector; + std::array initialization_vector{0}; memcpy(initialization_vector.data(), header.session_id.data(), 4); - memcpy(initialization_vector.data() + 4, header.initialization_vector_suffix.data(), 8); + memcpy(initialization_vector.data() + 4, + header.initialization_vector_suffix.data(), initialization_vector_suffix_length); // Body uint32_t body_length = 0, body_align = 0; @@ -1372,12 +1377,13 @@ bool AESGCMGMAC_Transform::decode_serialized_payload( memcpy(&session_id, header.session_id.data(), 4); //Sessionkey - std::array session_key; + std::array session_key{0}; compute_sessionkey(session_key, *keyMat, session_id); //IV - std::array initialization_vector; + std::array initialization_vector{0}; memcpy(initialization_vector.data(), header.session_id.data(), 4); - memcpy(initialization_vector.data() + 4, header.initialization_vector_suffix.data(), 8); + memcpy(initialization_vector.data() + 4, + header.initialization_vector_suffix.data(), initialization_vector_suffix_length); // Body uint32_t body_length = 0, body_align = 0; @@ -1449,6 +1455,8 @@ void AESGCMGMAC_Transform::compute_sessionkey(std::array& session_k const std::array& master_key, const std::array& master_salt, const uint32_t session_id, int key_len) { + session_key.fill(0); + int sourceLen = 0; unsigned char source[18 + 32 + 4]; const char seq[] = "SessionKey"; @@ -1614,7 +1622,7 @@ bool AESGCMGMAC_Transform::serialize_SecureDataBody(eprosima::fastcdr::Cdr& seri return false; } - if (!EVP_EncryptFinal(e_ctx, output_buffer_raw, &final_size)) + if (!EVP_EncryptFinal(e_ctx, &output_buffer_raw[actual_size], &final_size)) { logError(SECURITY_CRYPTO, "Unable to encode the payload. EVP_EncryptFinal function returns an error"); EVP_CIPHER_CTX_free(e_ctx); @@ -1631,6 +1639,7 @@ bool AESGCMGMAC_Transform::serialize_SecureDataBody(eprosima::fastcdr::Cdr& seri if (submessage) { uint16_t length = static_cast(actual_size + final_size + sizeof(uint32_t)); + length = (length + 3) & ~3; serializer << length; } @@ -1685,7 +1694,6 @@ bool AESGCMGMAC_Transform::serialize_SecureDataTag(eprosima::fastcdr::Cdr& seria //Check the list of receivers, search for keys and compute session keys as needed for(auto rec = receiving_crypto_list.begin(); rec != receiving_crypto_list.end(); ++rec) { - AESGCMGMAC_EntityCryptoHandle& remote_entity = AESGCMGMAC_ReaderCryptoHandle::narrow(**rec); if(remote_entity.nil()) @@ -1755,7 +1763,7 @@ bool AESGCMGMAC_Transform::serialize_SecureDataTag(eprosima::fastcdr::Cdr& seria continue; } serializer << remote_entity->Remote2EntityKeyMaterial.at(0).receiver_specific_key_id; - EVP_CIPHER_CTX_ctrl(e_ctx, EVP_CTRL_GCM_GET_TAG, 16, serializer.getCurrentPosition()); + EVP_CIPHER_CTX_ctrl(e_ctx, EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, serializer.getCurrentPosition()); serializer.jump(16); EVP_CIPHER_CTX_free(e_ctx); @@ -1784,7 +1792,6 @@ bool AESGCMGMAC_Transform::serialize_SecureDataTag(eprosima::fastcdr::Cdr& seria //Check the list of receivers, search for keys and compute session keys as needed for(auto rec = receiving_crypto_list.begin(); rec != receiving_crypto_list.end(); ++rec) { - AESGCMGMAC_ParticipantCryptoHandle& remote_participant = AESGCMGMAC_ParticipantCryptoHandle::narrow(**rec); if(remote_participant.nil()) @@ -1860,7 +1867,7 @@ bool AESGCMGMAC_Transform::serialize_SecureDataTag(eprosima::fastcdr::Cdr& seria continue; } serializer << remote_participant->Participant2ParticipantKeyMaterial.at(0).receiver_specific_key_id; - EVP_CIPHER_CTX_ctrl(e_ctx, EVP_CTRL_GCM_GET_TAG, 16, serializer.getCurrentPosition()); + EVP_CIPHER_CTX_ctrl(e_ctx, EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, serializer.getCurrentPosition()); serializer.jump(16); EVP_CIPHER_CTX_free(e_ctx); @@ -1886,7 +1893,7 @@ SecureDataHeader AESGCMGMAC_Transform::deserialize_SecureDataHeader(eprosima::fa bool AESGCMGMAC_Transform::deserialize_SecureDataBody(eprosima::fastcdr::Cdr& decoder, eprosima::fastcdr::Cdr::state& body_state, SecureDataTag& tag, const uint32_t body_length, - const std::array transformation_kind, + const std::array& transformation_kind, const std::array& session_key, const std::array& initialization_vector, octet* plain_buffer, uint32_t& plain_buffer_len) { @@ -1950,7 +1957,7 @@ bool AESGCMGMAC_Transform::deserialize_SecureDataBody(eprosima::fastcdr::Cdr& de EVP_CIPHER_CTX_ctrl(d_ctx, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag.common_mac.data()); - if(!EVP_DecryptFinal(d_ctx, output_buffer, &final_size)) + if(!EVP_DecryptFinal(d_ctx, output_buffer ? &output_buffer[actual_size] : nullptr, &final_size)) { logWarning(SECURITY_CRYPTO, "Unable to decode the payload. EVP_DecryptFinal function returns an error"); EVP_CIPHER_CTX_free(d_ctx); @@ -2056,18 +2063,19 @@ bool AESGCMGMAC_Transform::deserialize_SecureDataTag(eprosima::fastcdr::Cdr& dec int actual_size = 0, final_size = 0; //Get ReceiverSpecificSessionKey - std::array specific_session_key; - compute_sessionkey(specific_session_key, true, receiver_specific_key, master_salt, session_id); + std::array specific_session_key{0}; //Verify specific MAC if(transformation_kind == c_transfrom_kind_aes128_gcm || transformation_kind == c_transfrom_kind_aes128_gmac) { + compute_sessionkey(specific_session_key, true, receiver_specific_key, master_salt, session_id, 16); d_cipher = EVP_aes_128_gcm(); } else if(transformation_kind == c_transfrom_kind_aes256_gcm || transformation_kind == c_transfrom_kind_aes256_gmac) { + compute_sessionkey(specific_session_key, true, receiver_specific_key, master_salt, session_id, 32); d_cipher = EVP_aes_256_gcm(); } else @@ -2092,7 +2100,7 @@ bool AESGCMGMAC_Transform::deserialize_SecureDataTag(eprosima::fastcdr::Cdr& dec return false; } - if (!EVP_CIPHER_CTX_ctrl(d_ctx, EVP_CTRL_GCM_SET_TAG, 16, tag.receiver_mac.data())) + if (!EVP_CIPHER_CTX_ctrl(d_ctx, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag.receiver_mac.data())) { logError(SECURITY_CRYPTO, "Unable to authenticate the message. EVP_CIPHER_CTX_ctrl function returns an error"); EVP_CIPHER_CTX_free(d_ctx); diff --git a/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_Transform.h b/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_Transform.h index 458513cbfb7..50d4ad7f8c7 100644 --- a/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_Transform.h +++ b/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_Transform.h @@ -111,7 +111,7 @@ class AESGCMGMAC_Transform : public CryptoTransform const std::array& master_key, const std::array& master_salt, const uint32_t session_id, - int key_len = 32); + int key_len); void compute_sessionkey( std::array& session_key, @@ -154,7 +154,7 @@ class AESGCMGMAC_Transform : public CryptoTransform bool deserialize_SecureDataBody(eprosima::fastcdr::Cdr& decoder, eprosima::fastcdr::Cdr::state& body_state, SecureDataTag& tag, uint32_t body_length, - const std::array transformation_kind, + const std::array& transformation_kind, const std::array& session_key, const std::array& initialization_vector, octet* plain_buffer, uint32_t& plain_buffer_len); diff --git a/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_Types.h b/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_Types.h index 8f3c4b5998f..90cd51f27c9 100644 --- a/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_Types.h +++ b/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_Types.h @@ -54,11 +54,11 @@ namespace fastrtps { namespace rtps { namespace security { -const CryptoTransformKind c_transfrom_kind_none = CRYPTO_TRANSFORMATION_KIND_NONE; -const CryptoTransformKind c_transfrom_kind_aes128_gmac = CRYPTO_TRANSFORMATION_KIND_AES128_GMAC; -const CryptoTransformKind c_transfrom_kind_aes128_gcm = CRYPTO_TRANSFORMATION_KIND_AES128_GCM; -const CryptoTransformKind c_transfrom_kind_aes256_gmac = CRYPTO_TRANSFORMATION_KIND_AES256_GMAC; -const CryptoTransformKind c_transfrom_kind_aes256_gcm = CRYPTO_TRANSFORMATION_KIND_AES256_GCM; +constexpr CryptoTransformKind c_transfrom_kind_none = CRYPTO_TRANSFORMATION_KIND_NONE; +constexpr CryptoTransformKind c_transfrom_kind_aes128_gmac = CRYPTO_TRANSFORMATION_KIND_AES128_GMAC; +constexpr CryptoTransformKind c_transfrom_kind_aes128_gcm = CRYPTO_TRANSFORMATION_KIND_AES128_GCM; +constexpr CryptoTransformKind c_transfrom_kind_aes256_gmac = CRYPTO_TRANSFORMATION_KIND_AES256_GMAC; +constexpr CryptoTransformKind c_transfrom_kind_aes256_gcm = CRYPTO_TRANSFORMATION_KIND_AES256_GCM; /* Key Storage * ----------- diff --git a/src/cpp/rtps/builtin/discovery/endpoint/EDPSimpleListeners.cpp b/src/cpp/rtps/builtin/discovery/endpoint/EDPSimpleListeners.cpp index 338b186fc73..958a4c3066d 100644 --- a/src/cpp/rtps/builtin/discovery/endpoint/EDPSimpleListeners.cpp +++ b/src/cpp/rtps/builtin/discovery/endpoint/EDPSimpleListeners.cpp @@ -40,6 +40,23 @@ #include +// Release reader lock to avoid ABBA lock. PDP mutex should always be first. +// Keep change information on local variables to check consistency later +#define PREVENT_PDP_DEADLOCK(reader, change, pdp) \ + GUID_t writer_guid = (change)->writerGUID; \ + SequenceNumber_t seq_num = (change)->sequenceNumber; \ + (reader)->getMutex().unlock(); \ + std::unique_lock lock(*((pdp)->getMutex())); \ + (reader)->getMutex().lock(); \ + \ + if ( (ALIVE != (change)->kind) || \ + (seq_num != (change)->sequenceNumber) || \ + (writer_guid != (change)->writerGUID) ) \ + { \ + return; \ + } \ + (void)seq_num + namespace eprosima { namespace fastrtps { namespace rtps { @@ -128,6 +145,8 @@ void EDPSimplePUBListener::onNewCacheChangeAdded( if (change->kind == ALIVE) { + PREVENT_PDP_DEADLOCK(reader, change, sedp_->mp_PDP); + // Note: change is removed from history inside this method. add_writer_from_change(reader, reader_history, change, sedp_); } @@ -136,10 +155,11 @@ void EDPSimplePUBListener::onNewCacheChangeAdded( //REMOVE WRITER FROM OUR READERS: logInfo(RTPS_EDP, "Disposed Remote Writer, removing..."); GUID_t writer_guid = iHandle2GUID(change->instanceHandle); - this->sedp_->mp_PDP->removeWriterProxyData(writer_guid); - //Removing change from history reader_history->remove_change(change); + reader->getMutex().unlock(); + this->sedp_->mp_PDP->removeWriterProxyData(writer_guid); + reader->getMutex().lock(); } } @@ -246,6 +266,8 @@ void EDPSimpleSUBListener::onNewCacheChangeAdded( if (change->kind == ALIVE) { + PREVENT_PDP_DEADLOCK(reader, change, sedp_->mp_PDP); + // Note: change is removed from history inside this method. add_reader_from_change(reader, reader_history, change, sedp_); } @@ -255,10 +277,11 @@ void EDPSimpleSUBListener::onNewCacheChangeAdded( logInfo(RTPS_EDP, "Disposed Remote Reader, removing..."); GUID_t reader_guid = iHandle2GUID(change->instanceHandle); - this->sedp_->mp_PDP->removeReaderProxyData(reader_guid); - - // Remove change from history. + //Removing change from history reader_history->remove_change(change); + reader->getMutex().unlock(); + this->sedp_->mp_PDP->removeReaderProxyData(reader_guid); + reader->getMutex().lock(); } } diff --git a/test/unittest/security/authentication/CMakeLists.txt b/test/unittest/security/authentication/CMakeLists.txt index 7e4ab72300d..03f9860690b 100644 --- a/test/unittest/security/authentication/CMakeLists.txt +++ b/test/unittest/security/authentication/CMakeLists.txt @@ -66,6 +66,7 @@ if(NOT ((MSVC OR MSVC_IDE) AND EPROSIMA_INSTALLER)) target_link_libraries(BuiltinPKIDH ${GTEST_LIBRARIES} ${OPENSSL_LIBRARIES} foonathan_memory $<$:ws2_32>) add_gtest(BuiltinPKIDH SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/BuiltinPKIDHTests.cpp + ${CMAKE_CURRENT_SOURCE_DIR}/AuthenticationPluginTests.hpp ENVIRONMENTS "CERTS_PATH=${PROJECT_SOURCE_DIR}/test/certs") endif() endif() diff --git a/test/unittest/security/cryptography/CMakeLists.txt b/test/unittest/security/cryptography/CMakeLists.txt index cfddcb8453a..ab7196111cb 100644 --- a/test/unittest/security/cryptography/CMakeLists.txt +++ b/test/unittest/security/cryptography/CMakeLists.txt @@ -60,6 +60,7 @@ if(NOT ((MSVC OR MSVC_IDE) AND EPROSIMA_INSTALLER)) ${PROJECT_SOURCE_DIR}/src/cpp/fastrtps_deprecated/security/cryptography/AESGCMGMAC_Types.cpp ${PROJECT_SOURCE_DIR}/src/cpp/fastrtps_deprecated/security/OpenSSLInit.cpp ${CMAKE_CURRENT_SOURCE_DIR}/builtinAESGCMGMACTests.cpp + ${CMAKE_CURRENT_SOURCE_DIR}/CryptographyPluginTests.hpp ENVIRONMENTS "CERTS_PATH=${PROJECT_SOURCE_DIR}/test/certs") endif() endif() diff --git a/test/unittest/security/cryptography/CryptographyPluginTests.hpp b/test/unittest/security/cryptography/CryptographyPluginTests.hpp index bb9588353f0..36625e77267 100644 --- a/test/unittest/security/cryptography/CryptographyPluginTests.hpp +++ b/test/unittest/security/cryptography/CryptographyPluginTests.hpp @@ -27,32 +27,38 @@ class CryptographyPluginTest : public ::testing::Test { - protected: +protected: - virtual void SetUp() - { - eprosima::fastrtps::rtps::PropertyPolicy m_propertypolicy; + virtual void SetUp() + { + eprosima::fastrtps::rtps::PropertyPolicy m_propertypolicy; + + CryptoPlugin = new eprosima::fastrtps::rtps::security::AESGCMGMAC(); + } - CryptoPlugin = new eprosima::fastrtps::rtps::security::AESGCMGMAC(); - } + virtual void TearDown() + { + delete CryptoPlugin; + } - virtual void TearDown() - { - delete CryptoPlugin; - } +public: - public: - CryptographyPluginTest():CryptoPlugin(nullptr){}; + CryptographyPluginTest() + : CryptoPlugin(nullptr) + { + } - eprosima::fastrtps::rtps::security::AESGCMGMAC* CryptoPlugin; + eprosima::fastrtps::rtps::security::AESGCMGMAC* CryptoPlugin; }; TEST_F(CryptographyPluginTest, factory_CreateLocalParticipantHandle) { - eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); - eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); + eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = + new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); + eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = + new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); eprosima::fastrtps::rtps::PropertySeq prop_handle; eprosima::fastrtps::rtps::security::ParticipantSecurityAttributes part_sec_attr; @@ -60,58 +66,97 @@ TEST_F(CryptographyPluginTest, factory_CreateLocalParticipantHandle) part_sec_attr.is_rtps_protected = true; part_sec_attr.plugin_participant_attributes = PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED | - PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; + PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *target = CryptoPlugin->keyfactory()->register_local_participant(*i_handle,*perm_handle,prop_handle,part_sec_attr,exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* target = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); ASSERT_TRUE(target != nullptr); - eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& local_participant = eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*target); + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& local_participant = + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*target); ASSERT_TRUE(!local_participant.nil()); ASSERT_GT(local_participant->Participant2ParticipantKeyMaterial.size(), 0ul); ASSERT_GT(local_participant->Participant2ParticipantKxKeyMaterial.size(), 0ul); - ASSERT_TRUE( (local_participant->ParticipantKeyMaterial.transformation_kind == eprosima::fastrtps::rtps::security::c_transfrom_kind_aes256_gcm) ); - ASSERT_TRUE( (local_participant->Participant2ParticipantKeyMaterial.at(0).transformation_kind == eprosima::fastrtps::rtps::security::c_transfrom_kind_aes256_gcm) ); - ASSERT_TRUE( (local_participant->Participant2ParticipantKxKeyMaterial.at(0).transformation_kind == eprosima::fastrtps::rtps::security::c_transfrom_kind_aes256_gcm) ); - - ASSERT_FALSE( std::all_of(local_participant->ParticipantKeyMaterial.master_salt.begin(),local_participant->ParticipantKeyMaterial.master_salt.end(), [](uint8_t i){return i==0;}) ); - ASSERT_FALSE( std::all_of(local_participant->Participant2ParticipantKeyMaterial.at(0).master_salt.begin(),local_participant->Participant2ParticipantKeyMaterial.at(0).master_salt.end(), [](uint8_t i){return i==0;}) ); - ASSERT_FALSE( std::all_of(local_participant->Participant2ParticipantKxKeyMaterial.at(0).master_salt.begin(),local_participant->Participant2ParticipantKxKeyMaterial.at(0).master_salt.end(), [](uint8_t i){return i==0;}) ); - - ASSERT_FALSE( std::all_of(local_participant->ParticipantKeyMaterial.master_sender_key.begin(),local_participant->ParticipantKeyMaterial.master_sender_key.end(), [](uint8_t i){return i==0;}) ); - ASSERT_FALSE( std::all_of(local_participant->Participant2ParticipantKeyMaterial.at(0).master_sender_key.begin(),local_participant->Participant2ParticipantKeyMaterial.at(0).master_sender_key.end(), [](uint8_t i){return i==0;}) ); - ASSERT_FALSE( std::all_of(local_participant->Participant2ParticipantKxKeyMaterial.at(0).master_sender_key.begin(),local_participant->Participant2ParticipantKxKeyMaterial.at(0).master_sender_key.end(), [](uint8_t i){return i==0;}) ); - - ASSERT_FALSE( std::any_of(local_participant->ParticipantKeyMaterial.receiver_specific_key_id.begin(),local_participant->ParticipantKeyMaterial.receiver_specific_key_id.end(), [](uint8_t i){return i!=0;}) ); - ASSERT_FALSE( std::any_of(local_participant->Participant2ParticipantKeyMaterial.at(0).receiver_specific_key_id.begin(),local_participant->Participant2ParticipantKeyMaterial.at(0).receiver_specific_key_id.end(), [](uint8_t i){return i==0;}) ); - ASSERT_FALSE( std::any_of(local_participant->Participant2ParticipantKxKeyMaterial.at(0).receiver_specific_key_id.begin(),local_participant->Participant2ParticipantKxKeyMaterial.at(0).receiver_specific_key_id.end(), [](uint8_t i){return i==0;}) ); + ASSERT_TRUE( (local_participant->ParticipantKeyMaterial.transformation_kind == + eprosima::fastrtps::rtps::security::c_transfrom_kind_aes256_gcm) ); + ASSERT_TRUE( (local_participant->Participant2ParticipantKeyMaterial.at(0).transformation_kind == + eprosima::fastrtps::rtps::security::c_transfrom_kind_aes256_gcm) ); + ASSERT_TRUE( (local_participant->Participant2ParticipantKxKeyMaterial.at(0).transformation_kind == + eprosima::fastrtps::rtps::security::c_transfrom_kind_aes256_gcm) ); + + ASSERT_FALSE( std::all_of(local_participant->ParticipantKeyMaterial.master_salt.begin(), + local_participant->ParticipantKeyMaterial.master_salt.end(), [](uint8_t i){ + return i == 0; + }) ); + ASSERT_FALSE( std::all_of(local_participant->Participant2ParticipantKeyMaterial.at(0).master_salt.begin(), + local_participant->Participant2ParticipantKeyMaterial.at(0).master_salt.end(), [](uint8_t i){ + return i == 0; + }) ); + ASSERT_FALSE( std::all_of(local_participant->Participant2ParticipantKxKeyMaterial.at(0).master_salt.begin(), + local_participant->Participant2ParticipantKxKeyMaterial.at(0).master_salt.end(), [](uint8_t i){ + return i == 0; + }) ); + + ASSERT_FALSE( std::all_of(local_participant->ParticipantKeyMaterial.master_sender_key.begin(), + local_participant->ParticipantKeyMaterial.master_sender_key.end(), [](uint8_t i){ + return i == 0; + }) ); + ASSERT_FALSE( std::all_of(local_participant->Participant2ParticipantKeyMaterial.at(0).master_sender_key.begin(), + local_participant->Participant2ParticipantKeyMaterial.at(0).master_sender_key.end(), [](uint8_t i){ + return i == 0; + }) ); + ASSERT_FALSE( std::all_of(local_participant->Participant2ParticipantKxKeyMaterial.at(0).master_sender_key.begin(), + local_participant->Participant2ParticipantKxKeyMaterial.at(0).master_sender_key.end(), [](uint8_t i){ + return i == 0; + }) ); + + ASSERT_FALSE( std::any_of(local_participant->ParticipantKeyMaterial.receiver_specific_key_id.begin(), + local_participant->ParticipantKeyMaterial.receiver_specific_key_id.end(), [](uint8_t i){ + return i != 0; + }) ); + ASSERT_FALSE( std::any_of(local_participant->Participant2ParticipantKeyMaterial.at(0).receiver_specific_key_id.begin(), + local_participant->Participant2ParticipantKeyMaterial.at(0).receiver_specific_key_id.end(), [](uint8_t i){ + return i == 0; + }) ); + ASSERT_FALSE( std::any_of(local_participant->Participant2ParticipantKxKeyMaterial.at(0).receiver_specific_key_id. + begin(), local_participant->Participant2ParticipantKxKeyMaterial.at(0).receiver_specific_key_id.end(), + [](uint8_t i){ + return i == 0; + }) ); delete i_handle; delete perm_handle; //Release resources and check the handle is indeed empty - CryptoPlugin->keyfactory()->unregister_participant(target,exception); + CryptoPlugin->keyfactory()->unregister_participant(target, exception); } TEST_F(CryptographyPluginTest, factory_RegisterRemoteParticipant) { - eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); - eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); + eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = + new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); + eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = + new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); eprosima::fastrtps::rtps::PropertySeq prop_handle; eprosima::fastrtps::rtps::security::ParticipantSecurityAttributes part_sec_attr; - eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = new eprosima::fastrtps::rtps::security::SharedSecretHandle(); + eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = + new eprosima::fastrtps::rtps::security::SharedSecretHandle(); eprosima::fastrtps::rtps::security::SecurityException exception; part_sec_attr.is_rtps_protected = true; part_sec_attr.plugin_participant_attributes = PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED | - PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; + PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *local = CryptoPlugin->keyfactory()->register_local_participant(*i_handle,*perm_handle,prop_handle,part_sec_attr,exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* local = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); ASSERT_TRUE(local != nullptr); @@ -120,33 +165,39 @@ TEST_F(CryptographyPluginTest, factory_RegisterRemoteParticipant) //Fill shared secret with dummy values std::vector dummy_data, challenge_1, challenge_2; eprosima::fastrtps::rtps::security::SharedSecret::BinaryData binary_data; - challenge_1.resize(8); - challenge_2.resize(8); + challenge_1.resize(32); + challenge_2.resize(32); - RAND_bytes(challenge_1.data(),8); + RAND_bytes(challenge_1.data(), 32); binary_data.name("Challenge1"); binary_data.value(challenge_1); (*shared_secret)->data_.push_back(binary_data); - RAND_bytes(challenge_2.data(),8); + RAND_bytes(challenge_2.data(), 32); binary_data.name("Challenge2"); binary_data.value(challenge_2); (*shared_secret)->data_.push_back(binary_data); dummy_data.resize(32); - RAND_bytes(dummy_data.data(),32); + RAND_bytes(dummy_data.data(), 32); binary_data.name("SharedSecret"); binary_data.value(dummy_data); (*shared_secret)->data_.push_back(binary_data); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *remote_A =CryptoPlugin->keyfactory()->register_matched_remote_participant(*local,*i_handle,*perm_handle,*shared_secret, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *remote_B =CryptoPlugin->keyfactory()->register_matched_remote_participant(*local,*i_handle,*perm_handle,*shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* remote_A = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*local, *i_handle, *perm_handle, + *shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* remote_B = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*local, *i_handle, *perm_handle, + *shared_secret, exception); ASSERT_TRUE( (remote_A != nullptr) ); ASSERT_TRUE( (remote_B != nullptr) ); - eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& remote_participant_A = eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*remote_A); - eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& remote_participant_B = eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*remote_B); + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& remote_participant_A = + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*remote_A); + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& remote_participant_B = + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*remote_B); //Check the presence of both remote P2PKeyMaterial and P2PKxKeyMaterial ASSERT_TRUE(remote_participant_A->Participant2ParticipantKeyMaterial.size() == 1); @@ -154,14 +205,19 @@ TEST_F(CryptographyPluginTest, factory_RegisterRemoteParticipant) ASSERT_TRUE(remote_participant_A->Participant2ParticipantKxKeyMaterial.size() == 1); ASSERT_TRUE(remote_participant_B->Participant2ParticipantKxKeyMaterial.size() == 1); //Check that both remoteKeysMaterials have unique IDS (keys are the same since they use the same source material - ASSERT_TRUE(remote_participant_A->Participant2ParticipantKeyMaterial.at(0).sender_key_id == remote_participant_B->Participant2ParticipantKeyMaterial.at(0).sender_key_id); + ASSERT_TRUE(remote_participant_A->Participant2ParticipantKeyMaterial.at( + 0).sender_key_id == remote_participant_B->Participant2ParticipantKeyMaterial.at(0).sender_key_id); //KxKeys should be the same since they derive from the same Shared Secret although Keys should not - ASSERT_TRUE(remote_participant_A->Participant2ParticipantKeyMaterial.at(0).master_receiver_specific_key != remote_participant_B->Participant2ParticipantKeyMaterial.at(0).master_receiver_specific_key); - ASSERT_TRUE(remote_participant_A->Participant2ParticipantKxKeyMaterial.at(0).master_sender_key == remote_participant_B->Participant2ParticipantKxKeyMaterial.at(0).master_sender_key); + ASSERT_TRUE(remote_participant_A->Participant2ParticipantKeyMaterial.at( + 0).master_receiver_specific_key != remote_participant_B->Participant2ParticipantKeyMaterial.at( + 0).master_receiver_specific_key); + ASSERT_TRUE(remote_participant_A->Participant2ParticipantKxKeyMaterial.at( + 0).master_sender_key == remote_participant_B->Participant2ParticipantKxKeyMaterial.at( + 0).master_sender_key); - CryptoPlugin->keyfactory()->unregister_participant(remote_A,exception); - CryptoPlugin->keyfactory()->unregister_participant(remote_B,exception); - CryptoPlugin->keyfactory()->unregister_participant(local,exception); + CryptoPlugin->keyfactory()->unregister_participant(remote_A, exception); + CryptoPlugin->keyfactory()->unregister_participant(remote_B, exception); + CryptoPlugin->keyfactory()->unregister_participant(local, exception); delete perm_handle; delete i_handle; @@ -170,19 +226,24 @@ TEST_F(CryptographyPluginTest, factory_RegisterRemoteParticipant) TEST_F(CryptographyPluginTest, exchange_CDRSerializenDeserialize){ - eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); - eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); + eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = + new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); + eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = + new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); eprosima::fastrtps::rtps::PropertySeq prop_handle; eprosima::fastrtps::rtps::security::ParticipantSecurityAttributes part_sec_attr; eprosima::fastrtps::rtps::security::SecurityException exception; part_sec_attr.is_rtps_protected = true; part_sec_attr.plugin_participant_attributes = PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED | - PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; + PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantA = CryptoPlugin->keyfactory()->register_local_participant(*i_handle,*perm_handle,prop_handle,part_sec_attr,exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantA = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); - eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& Participant_A = eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*ParticipantA); + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& Participant_A = + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*ParticipantA); eprosima::fastrtps::rtps::security::KeyMaterial_AES_GCM_GMAC base = Participant_A->ParticipantKeyMaterial; @@ -190,15 +251,15 @@ TEST_F(CryptographyPluginTest, exchange_CDRSerializenDeserialize){ eprosima::fastrtps::rtps::security::KeyMaterial_AES_GCM_GMAC result; CryptoPlugin->keyexchange()->KeyMaterialCDRDeserialize(result, &serialized); ASSERT_TRUE( - (base.transformation_kind == result.transformation_kind) & - (base.master_salt == result.master_salt) & - (base.sender_key_id == result.sender_key_id) & - (base.master_sender_key == result.master_sender_key) & - (base.receiver_specific_key_id == result.receiver_specific_key_id) & - (base.master_receiver_specific_key == result.master_receiver_specific_key) - ); + (base.transformation_kind == result.transformation_kind) & + (base.master_salt == result.master_salt) & + (base.sender_key_id == result.sender_key_id) & + (base.master_sender_key == result.master_sender_key) & + (base.receiver_specific_key_id == result.receiver_specific_key_id) & + (base.master_receiver_specific_key == result.master_receiver_specific_key) + ); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantA,exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantA, exception); delete i_handle; delete perm_handle; @@ -208,82 +269,103 @@ TEST_F(CryptographyPluginTest, exchange_CDRSerializenDeserialize){ TEST_F(CryptographyPluginTest, exchange_ParticipantCryptoTokens) { - eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); - eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); + eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = + new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); + eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = + new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); eprosima::fastrtps::rtps::PropertySeq prop_handle; eprosima::fastrtps::rtps::security::ParticipantSecurityAttributes part_sec_attr; - eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = new eprosima::fastrtps::rtps::security::SharedSecretHandle(); + eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = + new eprosima::fastrtps::rtps::security::SharedSecretHandle(); eprosima::fastrtps::rtps::security::SecurityException exception; part_sec_attr.is_rtps_protected = true; part_sec_attr.plugin_participant_attributes = PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED | - PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; + PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; //Fill shared secret with dummy values std::vector dummy_data, challenge_1, challenge_2; eprosima::fastrtps::rtps::security::SharedSecret::BinaryData binary_data; - challenge_1.resize(8); - challenge_2.resize(8); + challenge_1.resize(32); + challenge_2.resize(32); - RAND_bytes(challenge_1.data(),8); + RAND_bytes(challenge_1.data(), 32); binary_data.name("Challenge1"); binary_data.value(challenge_1); (*shared_secret)->data_.push_back(binary_data); - RAND_bytes(challenge_2.data(),8); + RAND_bytes(challenge_2.data(), 32); binary_data.name("Challenge2"); binary_data.value(challenge_2); (*shared_secret)->data_.push_back(binary_data); dummy_data.resize(32); - RAND_bytes(dummy_data.data(),32); + RAND_bytes(dummy_data.data(), 32); binary_data.name("SharedSecret"); binary_data.value(dummy_data); (*shared_secret)->data_.push_back(binary_data); //Create ParticipantA and ParticipantB - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantA = CryptoPlugin->keyfactory()->register_local_participant(*i_handle,*perm_handle,prop_handle,part_sec_attr,exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantB = CryptoPlugin->keyfactory()->register_local_participant(*i_handle,*perm_handle,prop_handle,part_sec_attr,exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantA = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantB = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); ASSERT_TRUE( (ParticipantA != nullptr) & (ParticipantB != nullptr) ); //Register a remote for both Participants - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantA_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantA,*i_handle,*perm_handle,*shared_secret, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantB_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantB,*i_handle,*perm_handle,*shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantA_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantA, *i_handle, *perm_handle, + *shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantB_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantB, *i_handle, *perm_handle, + *shared_secret, exception); //Create CryptoTokens for both Participants eprosima::fastrtps::rtps::security::ParticipantCryptoTokenSeq ParticipantA_CryptoTokens, ParticipantB_CryptoTokens; ASSERT_TRUE( - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *ParticipantA, *ParticipantA_remote, exception) - ); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *ParticipantA, + *ParticipantA_remote, exception) + ); ASSERT_TRUE( - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *ParticipantB, *ParticipantB_remote, exception) - ); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *ParticipantB, + *ParticipantB_remote, exception) + ); //Set ParticipantA token into ParticipantB and viceversa ASSERT_TRUE( - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*ParticipantA,*ParticipantA_remote,ParticipantB_CryptoTokens,exception) - ); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*ParticipantA, *ParticipantA_remote, + ParticipantB_CryptoTokens, exception) + ); ASSERT_TRUE( - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*ParticipantB,*ParticipantB_remote,ParticipantA_CryptoTokens,exception) - ); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*ParticipantB, *ParticipantB_remote, + ParticipantA_CryptoTokens, exception) + ); //Check that ParticipantB's KeyMaterial is congruent with ParticipantA and viceversa - eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& Participant_A_remote = eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*ParticipantA_remote); - eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& Participant_B_remote = eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*ParticipantB_remote); + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& Participant_A_remote = + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*ParticipantA_remote); + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& Participant_B_remote = + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*ParticipantB_remote); ASSERT_TRUE(Participant_A_remote->RemoteParticipant2ParticipantKeyMaterial.size() == 1); ASSERT_TRUE(Participant_B_remote->RemoteParticipant2ParticipantKeyMaterial.size() == 1); - ASSERT_TRUE(Participant_A_remote->Participant2ParticipantKeyMaterial.at(0).master_sender_key == Participant_B_remote->RemoteParticipant2ParticipantKeyMaterial.at(0).master_sender_key); - ASSERT_TRUE(Participant_B_remote->Participant2ParticipantKeyMaterial.at(0).master_sender_key == Participant_A_remote->RemoteParticipant2ParticipantKeyMaterial.at(0).master_sender_key); + ASSERT_TRUE(Participant_A_remote->Participant2ParticipantKeyMaterial.at( + 0).master_sender_key == Participant_B_remote->RemoteParticipant2ParticipantKeyMaterial.at( + 0).master_sender_key); + ASSERT_TRUE(Participant_B_remote->Participant2ParticipantKeyMaterial.at( + 0).master_sender_key == Participant_A_remote->RemoteParticipant2ParticipantKeyMaterial.at( + 0).master_sender_key); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantA,exception); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantB,exception); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote,exception); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantB_remote,exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantA, exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantB, exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote, exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantB_remote, exception); delete shared_secret; delete perm_handle; @@ -293,59 +375,74 @@ TEST_F(CryptographyPluginTest, exchange_ParticipantCryptoTokens) TEST_F(CryptographyPluginTest, transform_RTPSMessage) { - eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); - eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); + eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = + new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); + eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = + new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); eprosima::fastrtps::rtps::PropertySeq prop_handle; eprosima::fastrtps::rtps::security::ParticipantSecurityAttributes part_sec_attr; - eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = new eprosima::fastrtps::rtps::security::SharedSecretHandle(); + eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = + new eprosima::fastrtps::rtps::security::SharedSecretHandle(); eprosima::fastrtps::rtps::security::SecurityException exception; part_sec_attr.is_rtps_protected = true; part_sec_attr.plugin_participant_attributes = PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED | - PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; + PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; //Fill shared secret with dummy values std::vector dummy_data, challenge_1, challenge_2; eprosima::fastrtps::rtps::security::SharedSecret::BinaryData binary_data; - challenge_1.resize(8); - challenge_2.resize(8); + challenge_1.resize(32); + challenge_2.resize(32); - RAND_bytes(challenge_1.data(),8); + RAND_bytes(challenge_1.data(), 32); binary_data.name("Challenge1"); binary_data.value(challenge_1); (*shared_secret)->data_.push_back(binary_data); - RAND_bytes(challenge_2.data(),8); + RAND_bytes(challenge_2.data(), 32); binary_data.name("Challenge2"); binary_data.value(challenge_2); (*shared_secret)->data_.push_back(binary_data); dummy_data.resize(32); - RAND_bytes(dummy_data.data(),32); + RAND_bytes(dummy_data.data(), 32); binary_data.name("SharedSecret"); binary_data.value(dummy_data); (*shared_secret)->data_.push_back(binary_data); //Create ParticipantA and ParticipantB - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantA = CryptoPlugin->keyfactory()->register_local_participant(*i_handle,*perm_handle,prop_handle,part_sec_attr,exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantB = CryptoPlugin->keyfactory()->register_local_participant(*i_handle,*perm_handle,prop_handle,part_sec_attr,exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantA = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantB = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); ASSERT_TRUE( (ParticipantA != nullptr) & (ParticipantB != nullptr) ); //Register a remote for both Participants - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantA_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantA,*i_handle,*perm_handle,*shared_secret, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantB_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantB,*i_handle,*perm_handle,*shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantA_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantA, *i_handle, *perm_handle, + *shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantB_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantB, *i_handle, *perm_handle, + *shared_secret, exception); //Create CryptoTokens for both Participants eprosima::fastrtps::rtps::security::ParticipantCryptoTokenSeq ParticipantA_CryptoTokens, ParticipantB_CryptoTokens; - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *ParticipantA, *ParticipantA_remote, exception); - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *ParticipantB, *ParticipantB_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *ParticipantA, + *ParticipantA_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *ParticipantB, + *ParticipantB_remote, exception); //Set ParticipantA token into ParticipantB and viceversa - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*ParticipantA,*ParticipantA_remote,ParticipantB_CryptoTokens,exception); - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*ParticipantB,*ParticipantB_remote,ParticipantA_CryptoTokens,exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*ParticipantA, *ParticipantA_remote, + ParticipantB_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*ParticipantB, *ParticipantB_remote, + ParticipantA_CryptoTokens, exception); //Perform sample message exchange eprosima::fastrtps::rtps::CDRMessage_t plain_rtps_message(RTPSMESSAGE_DEFAULT_SIZE); @@ -354,70 +451,92 @@ TEST_F(CryptographyPluginTest, transform_RTPSMessage) char message[] = "RPTSMessage"; //Length 11 memcpy(plain_rtps_message.buffer, message, 11); + plain_rtps_message.length = 11; - - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *unintended_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantA,*i_handle,*perm_handle,*shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* unintended_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantA, *i_handle, *perm_handle, + *shared_secret, exception); std::vector receivers; //Send message to intended participant receivers.push_back(ParticipantA_remote); receivers.push_back(unintended_remote); - for(int i=0;i<50;i++) + for (int i = 0; i < 50; i++) { - ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_rtps_message(encoded_rtps_message, plain_rtps_message,*ParticipantA,receivers,exception)); + ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_rtps_message(encoded_rtps_message, plain_rtps_message, + *ParticipantA, receivers, exception)); encoded_rtps_message.pos = 0; - ASSERT_TRUE(CryptoPlugin->cryptotransform()->decode_rtps_message(decoded_rtps_message,encoded_rtps_message,*ParticipantB,*ParticipantB_remote,exception)); + ASSERT_TRUE(CryptoPlugin->cryptotransform()->decode_rtps_message(decoded_rtps_message, encoded_rtps_message, + *ParticipantB, *ParticipantB_remote, exception)); ASSERT_TRUE(plain_rtps_message.length == decoded_rtps_message.length); ASSERT_TRUE(memcmp(plain_rtps_message.buffer, decoded_rtps_message.buffer, decoded_rtps_message.length) == 0); plain_rtps_message.pos = 0; encoded_rtps_message.pos = 0; + encoded_rtps_message.length = 0; decoded_rtps_message.pos = 0; + decoded_rtps_message.length = 0; } //Send message to unintended participant receivers.clear(); receivers.push_back(unintended_remote); - ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_rtps_message(encoded_rtps_message, plain_rtps_message,*ParticipantA,receivers,exception)); - ASSERT_FALSE(CryptoPlugin->cryptotransform()->decode_rtps_message(decoded_rtps_message,encoded_rtps_message,*ParticipantB,*ParticipantB_remote,exception)); + ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_rtps_message(encoded_rtps_message, plain_rtps_message, + *ParticipantA, receivers, exception)); + encoded_rtps_message.pos = 0; + ASSERT_FALSE(CryptoPlugin->cryptotransform()->decode_rtps_message(decoded_rtps_message, encoded_rtps_message, + *ParticipantB, *ParticipantB_remote, exception)); plain_rtps_message.pos = 0; encoded_rtps_message.pos = 0; + encoded_rtps_message.length = 0; decoded_rtps_message.pos = 0; + decoded_rtps_message.length = 0; - CryptoPlugin->keyfactory()->unregister_participant(ParticipantA,exception); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantB,exception); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote,exception); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantB_remote,exception); - CryptoPlugin->keyfactory()->unregister_participant(unintended_remote,exception); - + CryptoPlugin->keyfactory()->unregister_participant(ParticipantA, exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantB, exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote, exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantB_remote, exception); + CryptoPlugin->keyfactory()->unregister_participant(unintended_remote, exception); - //Now lets do the same with 256GCM + //Now lets do the same with 128GCM //Fill prop_handle with info about the new mode we want eprosima::fastrtps::rtps::Property prop1; prop1.name("dds.sec.crypto.keysize"); - prop1.value("256"); + prop1.value("128"); prop_handle.push_back(prop1); eprosima::fastrtps::rtps::Property prop2; prop2.name("dds.sec.crypto.maxblockspersession"); prop2.value("16"); prop_handle.push_back(prop2); //Create ParticipantA and ParticipantB - ParticipantA = CryptoPlugin->keyfactory()->register_local_participant(*i_handle,*perm_handle,prop_handle,part_sec_attr,exception); - ParticipantB = CryptoPlugin->keyfactory()->register_local_participant(*i_handle,*perm_handle,prop_handle,part_sec_attr,exception); + ParticipantA = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, + part_sec_attr, exception); + ParticipantB = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, + part_sec_attr, exception); //Register a remote for both Participants - ParticipantA_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantA,*i_handle,*perm_handle,*shared_secret, exception); - ParticipantB_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantB,*i_handle,*perm_handle,*shared_secret, exception); + ParticipantA_remote = CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantA, *i_handle, + *perm_handle, *shared_secret, + exception); + ParticipantB_remote = CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantB, *i_handle, + *perm_handle, *shared_secret, + exception); //Create CryptoTokens for both Participants - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *ParticipantA, *ParticipantA_remote, exception); - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *ParticipantB, *ParticipantB_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *ParticipantA, + *ParticipantA_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *ParticipantB, + *ParticipantB_remote, exception); //Set ParticipantA token into ParticipantB and viceversa - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*ParticipantA,*ParticipantA_remote,ParticipantB_CryptoTokens,exception); - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*ParticipantB,*ParticipantB_remote,ParticipantA_CryptoTokens,exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*ParticipantA, *ParticipantA_remote, + ParticipantB_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*ParticipantB, *ParticipantB_remote, + ParticipantA_CryptoTokens, exception); - unintended_remote = CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantA,*i_handle,*perm_handle,*shared_secret, exception); + unintended_remote = CryptoPlugin->keyfactory()->register_matched_remote_participant(*ParticipantA, *i_handle, + *perm_handle, *shared_secret, + exception); //Perform sample message exchange receivers.clear(); @@ -425,18 +544,20 @@ TEST_F(CryptographyPluginTest, transform_RTPSMessage) //Send message to intended participant receivers.push_back(ParticipantA_remote); receivers.push_back(unintended_remote); - ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_rtps_message(encoded_rtps_message, plain_rtps_message,*ParticipantA,receivers,exception)); + ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_rtps_message(encoded_rtps_message, plain_rtps_message, + *ParticipantA, receivers, exception)); encoded_rtps_message.pos = 0; - ASSERT_TRUE(CryptoPlugin->cryptotransform()->decode_rtps_message(decoded_rtps_message,encoded_rtps_message,*ParticipantB,*ParticipantB_remote,exception)); + ASSERT_TRUE(CryptoPlugin->cryptotransform()->decode_rtps_message(decoded_rtps_message, encoded_rtps_message, + *ParticipantB, *ParticipantB_remote, exception)); ASSERT_TRUE(plain_rtps_message.length == decoded_rtps_message.length); ASSERT_TRUE(memcmp(plain_rtps_message.buffer, decoded_rtps_message.buffer, decoded_rtps_message.length) == 0); - CryptoPlugin->keyfactory()->unregister_participant(unintended_remote,exception); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantA,exception); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantB,exception); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote,exception); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantB_remote,exception); + CryptoPlugin->keyfactory()->unregister_participant(unintended_remote, exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantA, exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantB, exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote, exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantB_remote, exception); delete shared_secret; delete i_handle; @@ -446,163 +567,220 @@ TEST_F(CryptographyPluginTest, transform_RTPSMessage) TEST_F(CryptographyPluginTest, factory_CreateLocalWriterHandle) { - eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); - eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); + eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = + new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); + eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = + new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); eprosima::fastrtps::rtps::PropertySeq prop_handle; eprosima::fastrtps::rtps::security::ParticipantSecurityAttributes part_sec_attr; eprosima::fastrtps::rtps::security::EndpointSecurityAttributes sec_attrs; - eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = new eprosima::fastrtps::rtps::security::SharedSecretHandle(); + eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = + new eprosima::fastrtps::rtps::security::SharedSecretHandle(); eprosima::fastrtps::rtps::security::SecurityException exception; part_sec_attr.is_rtps_protected = true; part_sec_attr.plugin_participant_attributes = PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED | - PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; + PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; sec_attrs.is_submessage_protected = true; sec_attrs.is_payload_protected = false; sec_attrs.is_key_protected = false; sec_attrs.plugin_endpoint_attributes = PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ENCRYPTED | - PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; + PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); - eprosima::fastrtps::rtps::security::DatawriterCryptoHandle *target = CryptoPlugin->keyfactory()->register_local_datawriter(*participant, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); + eprosima::fastrtps::rtps::security::DatawriterCryptoHandle* target = + CryptoPlugin->keyfactory()->register_local_datawriter(*participant, prop_handle, sec_attrs, exception); ASSERT_TRUE(target != nullptr); - eprosima::fastrtps::rtps::security::AESGCMGMAC_WriterCryptoHandle& local_writer = eprosima::fastrtps::rtps::security::AESGCMGMAC_WriterCryptoHandle::narrow(*target); + eprosima::fastrtps::rtps::security::AESGCMGMAC_WriterCryptoHandle& local_writer = + eprosima::fastrtps::rtps::security::AESGCMGMAC_WriterCryptoHandle::narrow(*target); ASSERT_TRUE(!local_writer.nil()); ASSERT_TRUE(local_writer->Entity2RemoteKeyMaterial.empty()); - ASSERT_TRUE( (local_writer->EntityKeyMaterial.at(0).transformation_kind == eprosima::fastrtps::rtps::security::c_transfrom_kind_aes128_gcm) ); + ASSERT_TRUE( (local_writer->EntityKeyMaterial.at(0).transformation_kind == + eprosima::fastrtps::rtps::security::c_transfrom_kind_aes256_gcm) ); - ASSERT_FALSE( std::all_of(local_writer->EntityKeyMaterial.at(0).master_salt.begin(),local_writer->EntityKeyMaterial.at(0).master_salt.end(), [](uint8_t i){return i==0;}) ); + ASSERT_FALSE( std::all_of(local_writer->EntityKeyMaterial.at(0).master_salt.begin(), + local_writer->EntityKeyMaterial.at(0).master_salt.end(), [](uint8_t i){ + return i == 0; + }) ); - ASSERT_FALSE( std::all_of(local_writer->EntityKeyMaterial.at(0).master_sender_key.begin(),local_writer->EntityKeyMaterial.at(0).master_sender_key.end(), [](uint8_t i){return i==0;}) ); + ASSERT_FALSE( std::all_of(local_writer->EntityKeyMaterial.at(0).master_sender_key.begin(), + local_writer->EntityKeyMaterial.at(0).master_sender_key.end(), [](uint8_t i){ + return i == 0; + }) ); - ASSERT_FALSE( std::any_of(local_writer->EntityKeyMaterial.at(0).receiver_specific_key_id.begin(),local_writer->EntityKeyMaterial.at(0).receiver_specific_key_id.end(), [](uint8_t i){return i!=0;}) ); + ASSERT_FALSE( std::any_of(local_writer->EntityKeyMaterial.at(0).receiver_specific_key_id.begin(), + local_writer->EntityKeyMaterial.at(0).receiver_specific_key_id.end(), [](uint8_t i){ + return i != 0; + }) ); - ASSERT_FALSE( std::any_of(local_writer->EntityKeyMaterial.at(0).master_receiver_specific_key.begin(),local_writer->EntityKeyMaterial.at(0).master_receiver_specific_key.end(), [](uint8_t i){return i!=0;}) ); + ASSERT_FALSE( std::any_of(local_writer->EntityKeyMaterial.at(0).master_receiver_specific_key.begin(), + local_writer->EntityKeyMaterial.at(0).master_receiver_specific_key.end(), [](uint8_t i){ + return i != 0; + }) ); delete i_handle; delete perm_handle; delete shared_secret; //Release resources and check the handle is indeed empty - CryptoPlugin->keyfactory()->unregister_datawriter(target,exception); - CryptoPlugin->keyfactory()->unregister_participant(participant,exception); + CryptoPlugin->keyfactory()->unregister_datawriter(target, exception); + CryptoPlugin->keyfactory()->unregister_participant(participant, exception); } TEST_F(CryptographyPluginTest, factory_CreateLocalReaderHandle) { - eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); - eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); + eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = + new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); + eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = + new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); eprosima::fastrtps::rtps::PropertySeq prop_handle; eprosima::fastrtps::rtps::security::ParticipantSecurityAttributes part_sec_attr; eprosima::fastrtps::rtps::security::EndpointSecurityAttributes sec_attrs; - eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = new eprosima::fastrtps::rtps::security::SharedSecretHandle(); + eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = + new eprosima::fastrtps::rtps::security::SharedSecretHandle(); eprosima::fastrtps::rtps::security::SecurityException exception; part_sec_attr.is_rtps_protected = true; part_sec_attr.plugin_participant_attributes = PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED | - PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; + PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; sec_attrs.is_submessage_protected = true; sec_attrs.is_payload_protected = false; sec_attrs.is_key_protected = false; sec_attrs.plugin_endpoint_attributes = PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ENCRYPTED | - PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; + PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *target = CryptoPlugin->keyfactory()->register_local_datareader(*participant, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* target = + CryptoPlugin->keyfactory()->register_local_datareader(*participant, prop_handle, sec_attrs, exception); ASSERT_TRUE(target != nullptr); - eprosima::fastrtps::rtps::security::AESGCMGMAC_ReaderCryptoHandle& local_reader = eprosima::fastrtps::rtps::security::AESGCMGMAC_ReaderCryptoHandle::narrow(*target); + eprosima::fastrtps::rtps::security::AESGCMGMAC_ReaderCryptoHandle& local_reader = + eprosima::fastrtps::rtps::security::AESGCMGMAC_ReaderCryptoHandle::narrow(*target); ASSERT_TRUE(!local_reader.nil()); ASSERT_TRUE(local_reader->Entity2RemoteKeyMaterial.empty()); - ASSERT_TRUE( (local_reader->EntityKeyMaterial.at(0).transformation_kind == eprosima::fastrtps::rtps::security::c_transfrom_kind_aes128_gcm) ); + ASSERT_TRUE( (local_reader->EntityKeyMaterial.at(0).transformation_kind == + eprosima::fastrtps::rtps::security::c_transfrom_kind_aes256_gcm) ); - ASSERT_FALSE( std::all_of(local_reader->EntityKeyMaterial.at(0).master_salt.begin(),local_reader->EntityKeyMaterial.at(0).master_salt.end(), [](uint8_t i){return i==0;}) ); + ASSERT_FALSE( std::all_of(local_reader->EntityKeyMaterial.at(0).master_salt.begin(), + local_reader->EntityKeyMaterial.at(0).master_salt.end(), [](uint8_t i){ + return i == 0; + }) ); - ASSERT_FALSE( std::all_of(local_reader->EntityKeyMaterial.at(0).master_sender_key.begin(),local_reader->EntityKeyMaterial.at(0).master_sender_key.end(), [](uint8_t i){return i==0;}) ); + ASSERT_FALSE( std::all_of(local_reader->EntityKeyMaterial.at(0).master_sender_key.begin(), + local_reader->EntityKeyMaterial.at(0).master_sender_key.end(), [](uint8_t i){ + return i == 0; + }) ); - ASSERT_FALSE( std::any_of(local_reader->EntityKeyMaterial.at(0).receiver_specific_key_id.begin(),local_reader->EntityKeyMaterial.at(0).receiver_specific_key_id.end(), [](uint8_t i){return i!=0;}) ); + ASSERT_FALSE( std::any_of(local_reader->EntityKeyMaterial.at(0).receiver_specific_key_id.begin(), + local_reader->EntityKeyMaterial.at(0).receiver_specific_key_id.end(), [](uint8_t i){ + return i != 0; + }) ); - ASSERT_FALSE( std::any_of(local_reader->EntityKeyMaterial.at(0).master_receiver_specific_key.begin(),local_reader->EntityKeyMaterial.at(0).master_receiver_specific_key.end(), [](uint8_t i){return i!=0;}) ); + ASSERT_FALSE( std::any_of(local_reader->EntityKeyMaterial.at(0).master_receiver_specific_key.begin(), + local_reader->EntityKeyMaterial.at(0).master_receiver_specific_key.end(), [](uint8_t i){ + return i != 0; + }) ); delete i_handle; delete perm_handle; delete shared_secret; //Release resources and check the handle is indeed empty - CryptoPlugin->keyfactory()->unregister_datareader(target,exception); - CryptoPlugin->keyfactory()->unregister_participant(participant,exception); + CryptoPlugin->keyfactory()->unregister_datareader(target, exception); + CryptoPlugin->keyfactory()->unregister_participant(participant, exception); } TEST_F(CryptographyPluginTest, factory_RegisterRemoteReaderWriter) { - eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); - eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); + eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = + new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); + eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = + new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); eprosima::fastrtps::rtps::PropertySeq prop_handle; eprosima::fastrtps::rtps::security::ParticipantSecurityAttributes part_sec_attr; eprosima::fastrtps::rtps::security::EndpointSecurityAttributes sec_attrs; - eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = new eprosima::fastrtps::rtps::security::SharedSecretHandle(); + eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = + new eprosima::fastrtps::rtps::security::SharedSecretHandle(); eprosima::fastrtps::rtps::security::SecurityException exception; part_sec_attr.is_rtps_protected = true; part_sec_attr.plugin_participant_attributes = PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED | - PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; + PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; sec_attrs.is_submessage_protected = true; sec_attrs.is_payload_protected = false; sec_attrs.is_key_protected = false; sec_attrs.plugin_endpoint_attributes = PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ENCRYPTED | - PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; + PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant_A = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant_B = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant_A = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant_B = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *reader = CryptoPlugin->keyfactory()->register_local_datareader(*participant_A, prop_handle, sec_attrs, exception); - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *writer = CryptoPlugin->keyfactory()->register_local_datawriter(*participant_B, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* reader = + CryptoPlugin->keyfactory()->register_local_datareader(*participant_A, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* writer = + CryptoPlugin->keyfactory()->register_local_datawriter(*participant_B, prop_handle, sec_attrs, exception); //Fill shared secret with dummy values std::vector dummy_data, challenge_1, challenge_2; eprosima::fastrtps::rtps::security::SharedSecret::BinaryData binary_data; - challenge_1.resize(8); - challenge_2.resize(8); + challenge_1.resize(32); + challenge_2.resize(32); - RAND_bytes(challenge_1.data(),8); + RAND_bytes(challenge_1.data(), 32); binary_data.name("Challenge1"); binary_data.value(challenge_1); (*shared_secret)->data_.push_back(binary_data); - RAND_bytes(challenge_2.data(),8); + RAND_bytes(challenge_2.data(), 32); binary_data.name("Challenge2"); binary_data.value(challenge_2); (*shared_secret)->data_.push_back(binary_data); dummy_data.resize(32); - RAND_bytes(dummy_data.data(),32); + RAND_bytes(dummy_data.data(), 32); binary_data.name("SharedSecret"); binary_data.value(dummy_data); (*shared_secret)->data_.push_back(binary_data); //Register a remote for both Participants - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantA_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A,*i_handle,*perm_handle,*shared_secret, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantB_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B,*i_handle,*perm_handle,*shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantA_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A, *i_handle, *perm_handle, + *shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantB_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B, *i_handle, *perm_handle, + *shared_secret, exception); //Register DataReader with DataWriter - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *remote_reader = CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, *shared_secret, false, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* remote_reader = + CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, + *shared_secret, false, exception); ASSERT_TRUE(remote_reader != nullptr); //Register DataWriter with DataReader - eprosima::fastrtps::rtps::security::DatawriterCryptoHandle *remote_writer = CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, *shared_secret, exception); + eprosima::fastrtps::rtps::security::DatawriterCryptoHandle* remote_writer = + CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, + *shared_secret, exception); ASSERT_TRUE(remote_writer != nullptr); delete i_handle; @@ -630,95 +808,122 @@ TEST_F(CryptographyPluginTest, exchange_ReaderWriterCryptoTokens) // Participant A owns Writer // Participant B owns Reader - eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); - eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); + eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = + new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); + eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = + new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); eprosima::fastrtps::rtps::PropertySeq prop_handle; eprosima::fastrtps::rtps::security::ParticipantSecurityAttributes part_sec_attr; eprosima::fastrtps::rtps::security::EndpointSecurityAttributes sec_attrs; - eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = new eprosima::fastrtps::rtps::security::SharedSecretHandle(); + eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = + new eprosima::fastrtps::rtps::security::SharedSecretHandle(); eprosima::fastrtps::rtps::security::SecurityException exception; part_sec_attr.is_rtps_protected = true; part_sec_attr.plugin_participant_attributes = PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED | - PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; + PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; sec_attrs.is_submessage_protected = true; sec_attrs.is_payload_protected = false; sec_attrs.is_key_protected = false; sec_attrs.plugin_endpoint_attributes = PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ENCRYPTED | - PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; + PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant_A = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant_B = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant_A = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant_B = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *reader = CryptoPlugin->keyfactory()->register_local_datareader(*participant_A, prop_handle, sec_attrs, exception); - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *writer = CryptoPlugin->keyfactory()->register_local_datawriter(*participant_B, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* reader = + CryptoPlugin->keyfactory()->register_local_datareader(*participant_A, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* writer = + CryptoPlugin->keyfactory()->register_local_datawriter(*participant_B, prop_handle, sec_attrs, exception); //Fill shared secret with dummy values std::vector dummy_data, challenge_1, challenge_2; eprosima::fastrtps::rtps::security::SharedSecret::BinaryData binary_data; - challenge_1.resize(8); - challenge_2.resize(8); + challenge_1.resize(32); + challenge_2.resize(32); - RAND_bytes(challenge_1.data(),8); + RAND_bytes(challenge_1.data(), 32); binary_data.name("Challenge1"); binary_data.value(challenge_1); (*shared_secret)->data_.push_back(binary_data); - RAND_bytes(challenge_2.data(),8); + RAND_bytes(challenge_2.data(), 32); binary_data.name("Challenge2"); binary_data.value(challenge_2); (*shared_secret)->data_.push_back(binary_data); dummy_data.resize(32); - RAND_bytes(dummy_data.data(),32); + RAND_bytes(dummy_data.data(), 32); binary_data.name("SharedSecret"); binary_data.value(dummy_data); (*shared_secret)->data_.push_back(binary_data); //Register a remote for both Participants - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantA_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A,*i_handle,*perm_handle,*shared_secret, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantB_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B,*i_handle,*perm_handle,*shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantA_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A, *i_handle, *perm_handle, + *shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantB_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B, *i_handle, *perm_handle, + *shared_secret, exception); //Register DataReader with DataWriter - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *remote_reader = CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, *shared_secret, false, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* remote_reader = + CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, + *shared_secret, false, exception); //Register DataWriter with DataReader - eprosima::fastrtps::rtps::security::DatawriterCryptoHandle *remote_writer = CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, *shared_secret, exception); + eprosima::fastrtps::rtps::security::DatawriterCryptoHandle* remote_writer = + CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, + *shared_secret, exception); //Create CryptoTokens for both Participants eprosima::fastrtps::rtps::security::ParticipantCryptoTokenSeq ParticipantA_CryptoTokens, ParticipantB_CryptoTokens; - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, *ParticipantA_remote, exception); - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, *ParticipantB_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, + *ParticipantA_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, + *ParticipantB_remote, exception); //Set ParticipantA token into ParticipantB and viceversa - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A,*ParticipantA_remote,ParticipantB_CryptoTokens,exception); - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B,*ParticipantB_remote,ParticipantA_CryptoTokens,exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A, *ParticipantA_remote, + ParticipantB_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B, *ParticipantB_remote, + ParticipantA_CryptoTokens, exception); //Create CryptoTokens for the DataWriter and DataReader eprosima::fastrtps::rtps::security::DatawriterCryptoTokenSeq Writer_CryptoTokens, Reader_CryptoTokens; ASSERT_TRUE( - CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, exception) - ); + CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, + exception) + ); ASSERT_TRUE( - CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, exception) - ); + CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, + exception) + ); //Exchange Datareader and Datawriter Cryptotokens ASSERT_TRUE( - CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, exception) - ); + CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, + exception) + ); ASSERT_TRUE( - CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, exception) - ); + CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, + exception) + ); //Check contents - eprosima::fastrtps::rtps::security::AESGCMGMAC_WriterCryptoHandle& WriterH = eprosima::fastrtps::rtps::security::AESGCMGMAC_WriterCryptoHandle::narrow(*writer); - eprosima::fastrtps::rtps::security::AESGCMGMAC_ReaderCryptoHandle& ReaderH = eprosima::fastrtps::rtps::security::AESGCMGMAC_ReaderCryptoHandle::narrow(*reader); + eprosima::fastrtps::rtps::security::AESGCMGMAC_WriterCryptoHandle& WriterH = + eprosima::fastrtps::rtps::security::AESGCMGMAC_WriterCryptoHandle::narrow(*writer); + eprosima::fastrtps::rtps::security::AESGCMGMAC_ReaderCryptoHandle& ReaderH = + eprosima::fastrtps::rtps::security::AESGCMGMAC_ReaderCryptoHandle::narrow(*reader); ASSERT_TRUE(WriterH->Remote2EntityKeyMaterial.size() == 1); ASSERT_TRUE(ReaderH->Remote2EntityKeyMaterial.size() == 1); @@ -731,15 +936,15 @@ TEST_F(CryptographyPluginTest, exchange_ReaderWriterCryptoTokens) delete perm_handle; delete shared_secret; - CryptoPlugin->keyfactory()->unregister_datawriter(writer,exception); - CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer,exception); - CryptoPlugin->keyfactory()->unregister_datareader(reader,exception); - CryptoPlugin->keyfactory()->unregister_datareader(remote_reader,exception); + CryptoPlugin->keyfactory()->unregister_datawriter(writer, exception); + CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer, exception); + CryptoPlugin->keyfactory()->unregister_datareader(reader, exception); + CryptoPlugin->keyfactory()->unregister_datareader(remote_reader, exception); - CryptoPlugin->keyfactory()->unregister_participant(participant_A,exception); - CryptoPlugin->keyfactory()->unregister_participant(participant_B,exception); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote,exception); - CryptoPlugin->keyfactory()->unregister_participant(ParticipantB_remote,exception); + CryptoPlugin->keyfactory()->unregister_participant(participant_A, exception); + CryptoPlugin->keyfactory()->unregister_participant(participant_B, exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote, exception); + CryptoPlugin->keyfactory()->unregister_participant(ParticipantB_remote, exception); } @@ -748,170 +953,222 @@ TEST_F(CryptographyPluginTest, transform_SerializedPayload) // Participant A owns Writer // Participant B owns Reader - eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); - eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); + eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = + new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); + eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = + new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); eprosima::fastrtps::rtps::PropertySeq prop_handle; eprosima::fastrtps::rtps::security::ParticipantSecurityAttributes part_sec_attr; eprosima::fastrtps::rtps::security::EndpointSecurityAttributes sec_attrs; - eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = new eprosima::fastrtps::rtps::security::SharedSecretHandle(); + eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = + new eprosima::fastrtps::rtps::security::SharedSecretHandle(); eprosima::fastrtps::rtps::security::SecurityException exception; part_sec_attr.is_rtps_protected = true; part_sec_attr.plugin_participant_attributes = PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED | - PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; + PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; sec_attrs.is_submessage_protected = true; sec_attrs.is_payload_protected = true; sec_attrs.is_key_protected = true; sec_attrs.plugin_endpoint_attributes = PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ENCRYPTED | - PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED | - PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_PAYLOAD_ENCRYPTED; + PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED | + PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_PAYLOAD_ENCRYPTED; - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant_A = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant_B = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant_A = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant_B = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *reader = CryptoPlugin->keyfactory()->register_local_datareader(*participant_A, prop_handle, sec_attrs, exception); - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *writer = CryptoPlugin->keyfactory()->register_local_datawriter(*participant_B, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* reader = + CryptoPlugin->keyfactory()->register_local_datareader(*participant_A, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* writer = + CryptoPlugin->keyfactory()->register_local_datawriter(*participant_B, prop_handle, sec_attrs, exception); //Fill shared secret with dummy values std::vector dummy_data, challenge_1, challenge_2; eprosima::fastrtps::rtps::security::SharedSecret::BinaryData binary_data; - challenge_1.resize(8); - challenge_2.resize(8); + challenge_1.resize(32); + challenge_2.resize(32); - RAND_bytes(challenge_1.data(),8); + RAND_bytes(challenge_1.data(), 32); binary_data.name("Challenge1"); binary_data.value(challenge_1); (*shared_secret)->data_.push_back(binary_data); - RAND_bytes(challenge_2.data(),8); + RAND_bytes(challenge_2.data(), 32); binary_data.name("Challenge2"); binary_data.value(challenge_2); (*shared_secret)->data_.push_back(binary_data); dummy_data.resize(32); - RAND_bytes(dummy_data.data(),32); + RAND_bytes(dummy_data.data(), 32); binary_data.name("SharedSecret"); binary_data.value(dummy_data); (*shared_secret)->data_.push_back(binary_data); //Register a remote for both Participants - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantA_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A,*i_handle,*perm_handle,*shared_secret, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantB_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B,*i_handle,*perm_handle,*shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantA_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A, *i_handle, *perm_handle, + *shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantB_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B, *i_handle, *perm_handle, + *shared_secret, exception); //Register DataReader with DataWriter - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *remote_reader = CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, *shared_secret, false, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* remote_reader = + CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, + *shared_secret, false, exception); //Register DataWriter with DataReader - eprosima::fastrtps::rtps::security::DatawriterCryptoHandle *remote_writer = CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, *shared_secret, exception); + eprosima::fastrtps::rtps::security::DatawriterCryptoHandle* remote_writer = + CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, + *shared_secret, exception); //Create CryptoTokens for both Participants eprosima::fastrtps::rtps::security::ParticipantCryptoTokenSeq ParticipantA_CryptoTokens, ParticipantB_CryptoTokens; - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, *ParticipantA_remote, exception); - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, *ParticipantB_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, + *ParticipantA_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, + *ParticipantB_remote, exception); //Set ParticipantA token into ParticipantB and viceversa - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A,*ParticipantA_remote,ParticipantB_CryptoTokens,exception); - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B,*ParticipantB_remote,ParticipantA_CryptoTokens,exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A, *ParticipantA_remote, + ParticipantB_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B, *ParticipantB_remote, + ParticipantA_CryptoTokens, exception); //Create CryptoTokens for the DataWriter and DataReader eprosima::fastrtps::rtps::security::DatawriterCryptoTokenSeq Writer_CryptoTokens, Reader_CryptoTokens; - CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, exception); - CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, exception); + CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, + exception); + CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, + exception); //Exchange Datareader and Datawriter Cryptotokens - CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, exception); - CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, + exception); + CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, + exception); //Perform sample message exchange eprosima::fastrtps::rtps::SerializedPayload_t plain_payload(18); // Message will have 18 length. eprosima::fastrtps::rtps::SerializedPayload_t encoded_payload(100); - eprosima::fastrtps::rtps::SerializedPayload_t decoded_payload(18); // Message will have 18 length. + eprosima::fastrtps::rtps::SerializedPayload_t decoded_payload(18 + 32); // Message will have 18 length + cipher block size. char message[] = "My goose is cooked"; //Length 18 memcpy(plain_payload.data, message, 18); + plain_payload.length = 18; std::vector inline_qos; //Send message to intended participant - ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_serialized_payload(encoded_payload, inline_qos, plain_payload, *writer, exception)); - ASSERT_TRUE(CryptoPlugin->cryptotransform()->decode_serialized_payload(decoded_payload, encoded_payload, inline_qos, *reader, *remote_writer, exception)); - ASSERT_TRUE(memcmp(plain_payload.data, decoded_payload.data, 18)); + ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_serialized_payload(encoded_payload, inline_qos, plain_payload, + *writer, exception)); + encoded_payload.pos = 0; + ASSERT_TRUE(CryptoPlugin->cryptotransform()->decode_serialized_payload(decoded_payload, encoded_payload, inline_qos, + *reader, *remote_writer, exception)); + ASSERT_TRUE(memcmp(plain_payload.data, decoded_payload.data, 18) == 0); + plain_payload.pos = 0; + encoded_payload.pos = 0; + encoded_payload.length = 0; + decoded_payload.pos = 0; + decoded_payload.length = 0; - CryptoPlugin->keyfactory()->unregister_datawriter(writer,exception); - CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer,exception); + CryptoPlugin->keyfactory()->unregister_datawriter(writer, exception); + CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer, exception); - CryptoPlugin->keyfactory()->unregister_datareader(reader,exception); - CryptoPlugin->keyfactory()->unregister_datareader(remote_reader,exception); + CryptoPlugin->keyfactory()->unregister_datareader(reader, exception); + CryptoPlugin->keyfactory()->unregister_datareader(remote_reader, exception); CryptoPlugin->keyfactory()->unregister_participant(participant_A, exception); CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote, exception); CryptoPlugin->keyfactory()->unregister_participant(participant_B, exception); CryptoPlugin->keyfactory()->unregister_participant(ParticipantB_remote, exception); - //Lets do it with the 256 version + //Lets do it with the 128 version eprosima::fastrtps::rtps::Property prop1; prop1.name("dds.sec.crypto.keysize"); - prop1.value("256"); + prop1.value("128"); prop_handle.push_back(prop1); eprosima::fastrtps::rtps::Property prop2; prop2.name("dds.sec.crypto.maxblockspersession"); prop2.value("16"); prop_handle.push_back(prop2); - participant_A = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); - participant_B = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); + participant_A = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, + part_sec_attr, exception); + participant_B = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, + part_sec_attr, exception); reader = CryptoPlugin->keyfactory()->register_local_datareader(*participant_A, prop_handle, sec_attrs, exception); writer = CryptoPlugin->keyfactory()->register_local_datawriter(*participant_B, prop_handle, sec_attrs, exception); //Register a remote for both Participants - ParticipantA_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A,*i_handle,*perm_handle,*shared_secret, exception); - ParticipantB_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B,*i_handle,*perm_handle,*shared_secret, exception); + ParticipantA_remote = CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A, *i_handle, + *perm_handle, *shared_secret, + exception); + ParticipantB_remote = CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B, *i_handle, + *perm_handle, *shared_secret, + exception); //Register DataReader with DataWriter - remote_reader = CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, *shared_secret, false, exception); + remote_reader = CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, + *shared_secret, false, exception); //Register DataWriter with DataReader - remote_writer = CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, *shared_secret, exception); + remote_writer = CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, + *shared_secret, exception); - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, *ParticipantA_remote, exception); - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, *ParticipantB_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, + *ParticipantA_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, + *ParticipantB_remote, exception); //Set ParticipantA token into ParticipantB and viceversa - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A,*ParticipantA_remote,ParticipantB_CryptoTokens,exception); - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B,*ParticipantB_remote,ParticipantA_CryptoTokens,exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A, *ParticipantA_remote, + ParticipantB_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B, *ParticipantB_remote, + ParticipantA_CryptoTokens, exception); //Create CryptoTokens for the DataWriter and DataReader - CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, exception); - CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, exception); + CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, + exception); + CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, + exception); //Exchange Datareader and Datawriter Cryptotokens - CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, exception); - CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, + exception); + CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, + exception); //Perform sample message exchange //Send message to intended participant - ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_serialized_payload(encoded_payload, inline_qos, plain_payload, *writer, exception)); - ASSERT_TRUE(CryptoPlugin->cryptotransform()->decode_serialized_payload(decoded_payload, encoded_payload, inline_qos, *reader, *remote_writer, exception)); - ASSERT_TRUE(memcmp(plain_payload.data, decoded_payload.data, 18)); + ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_serialized_payload(encoded_payload, inline_qos, plain_payload, + *writer, exception)); + encoded_payload.pos = 0; + ASSERT_TRUE(CryptoPlugin->cryptotransform()->decode_serialized_payload(decoded_payload, encoded_payload, inline_qos, + *reader, *remote_writer, exception)); + ASSERT_TRUE(memcmp(plain_payload.data, decoded_payload.data, 18) == 0); - delete i_handle; - delete perm_handle; - delete shared_secret; - - CryptoPlugin->keyfactory()->unregister_datawriter(writer,exception); - CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer,exception); + CryptoPlugin->keyfactory()->unregister_datawriter(writer, exception); + CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer, exception); - CryptoPlugin->keyfactory()->unregister_datareader(reader,exception); - CryptoPlugin->keyfactory()->unregister_datareader(remote_reader,exception); + CryptoPlugin->keyfactory()->unregister_datareader(reader, exception); + CryptoPlugin->keyfactory()->unregister_datareader(remote_reader, exception); CryptoPlugin->keyfactory()->unregister_participant(participant_A, exception); CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote, exception); CryptoPlugin->keyfactory()->unregister_participant(participant_B, exception); CryptoPlugin->keyfactory()->unregister_participant(ParticipantB_remote, exception); + delete i_handle; + delete perm_handle; + delete shared_secret; } TEST_F(CryptographyPluginTest, transform_Writer_Submesage) @@ -920,82 +1177,107 @@ TEST_F(CryptographyPluginTest, transform_Writer_Submesage) // Participant A owns Writer // Participant B owns Reader - eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); - eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); + eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = + new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); + eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = + new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); eprosima::fastrtps::rtps::PropertySeq prop_handle; eprosima::fastrtps::rtps::security::ParticipantSecurityAttributes part_sec_attr; eprosima::fastrtps::rtps::security::EndpointSecurityAttributes sec_attrs; - eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = new eprosima::fastrtps::rtps::security::SharedSecretHandle(); + eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = + new eprosima::fastrtps::rtps::security::SharedSecretHandle(); eprosima::fastrtps::rtps::security::SecurityException exception; part_sec_attr.is_rtps_protected = true; part_sec_attr.plugin_participant_attributes = PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED | - PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; + PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; sec_attrs.is_submessage_protected = true; sec_attrs.is_payload_protected = false; sec_attrs.is_key_protected = false; sec_attrs.plugin_endpoint_attributes = PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ENCRYPTED | - PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; + PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant_A = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant_B = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant_A = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant_B = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *reader = CryptoPlugin->keyfactory()->register_local_datareader(*participant_A, prop_handle, sec_attrs, exception); - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *writer = CryptoPlugin->keyfactory()->register_local_datawriter(*participant_B, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* reader = + CryptoPlugin->keyfactory()->register_local_datareader(*participant_A, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* writer = + CryptoPlugin->keyfactory()->register_local_datawriter(*participant_B, prop_handle, sec_attrs, exception); //Fill shared secret with dummy values std::vector dummy_data, challenge_1, challenge_2; eprosima::fastrtps::rtps::security::SharedSecret::BinaryData binary_data; - challenge_1.resize(8); - challenge_2.resize(8); + challenge_1.resize(32); + challenge_2.resize(32); - RAND_bytes(challenge_1.data(),8); + RAND_bytes(challenge_1.data(), 32); binary_data.name("Challenge1"); binary_data.value(challenge_1); (*shared_secret)->data_.push_back(binary_data); - RAND_bytes(challenge_2.data(),8); + RAND_bytes(challenge_2.data(), 32); binary_data.name("Challenge2"); binary_data.value(challenge_2); (*shared_secret)->data_.push_back(binary_data); dummy_data.resize(32); - RAND_bytes(dummy_data.data(),32); + RAND_bytes(dummy_data.data(), 32); binary_data.name("SharedSecret"); binary_data.value(dummy_data); (*shared_secret)->data_.push_back(binary_data); //Register a remote for both Participants - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantA_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A,*i_handle,*perm_handle,*shared_secret, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantB_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B,*i_handle,*perm_handle,*shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantA_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A, *i_handle, *perm_handle, + *shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantB_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B, *i_handle, *perm_handle, + *shared_secret, exception); //Register DataReader with DataWriter - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *remote_reader = CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, *shared_secret, false, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* remote_reader = + CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, + *shared_secret, false, exception); //Register DataWriter with DataReader - eprosima::fastrtps::rtps::security::DatawriterCryptoHandle *remote_writer = CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, *shared_secret, exception); + eprosima::fastrtps::rtps::security::DatawriterCryptoHandle* remote_writer = + CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, + *shared_secret, exception); //Create CryptoTokens for both Participants eprosima::fastrtps::rtps::security::ParticipantCryptoTokenSeq ParticipantA_CryptoTokens, ParticipantB_CryptoTokens; - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, *ParticipantA_remote, exception); - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, *ParticipantB_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, + *ParticipantA_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, + *ParticipantB_remote, exception); //Set ParticipantA token into ParticipantB and viceversa - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A,*ParticipantA_remote,ParticipantB_CryptoTokens,exception); - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B,*ParticipantB_remote,ParticipantA_CryptoTokens,exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A, *ParticipantA_remote, + ParticipantB_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B, *ParticipantB_remote, + ParticipantA_CryptoTokens, exception); //Create CryptoTokens for the DataWriter and DataReader eprosima::fastrtps::rtps::security::DatawriterCryptoTokenSeq Writer_CryptoTokens, Reader_CryptoTokens; - CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, exception); - CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, exception); + CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, + exception); + CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, + exception); //Exchange Datareader and Datawriter Cryptotokens - CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, exception); - CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, + exception); + CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, + exception); //Perform sample message exchange std::vector plain_payload; @@ -1016,59 +1298,75 @@ TEST_F(CryptographyPluginTest, transform_Writer_Submesage) ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_datawriter_submessage(encoded_payload, plain_payload, *writer, receivers, exception)); ASSERT_TRUE(CryptoPlugin->cryptotransform()->decode_datawriter_submessage(decoded_payload, encoded_payload, *reader, *remote_writer, exception)); ASSERT_TRUE(plain_payload == decoded_payload); - */ + */ - CryptoPlugin->keyfactory()->unregister_datawriter(writer,exception); - CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer,exception); + CryptoPlugin->keyfactory()->unregister_datawriter(writer, exception); + CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer, exception); - CryptoPlugin->keyfactory()->unregister_datareader(reader,exception); - CryptoPlugin->keyfactory()->unregister_datareader(remote_reader,exception); + CryptoPlugin->keyfactory()->unregister_datareader(reader, exception); + CryptoPlugin->keyfactory()->unregister_datareader(remote_reader, exception); CryptoPlugin->keyfactory()->unregister_participant(participant_A, exception); CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote, exception); CryptoPlugin->keyfactory()->unregister_participant(participant_B, exception); CryptoPlugin->keyfactory()->unregister_participant(ParticipantB_remote, exception); - //Test the GCM256 version + //Test the GCM128 version eprosima::fastrtps::rtps::Property prop1; prop1.name("dds.sec.crypto.keysize"); - prop1.value("256"); + prop1.value("128"); prop_handle.push_back(prop1); eprosima::fastrtps::rtps::Property prop2; prop2.name("dds.sec.crypto.maxblockspersession"); prop2.value("16"); prop_handle.push_back(prop2); - participant_A = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); - participant_B = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); + participant_A = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, + part_sec_attr, exception); + participant_B = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, + part_sec_attr, exception); reader = CryptoPlugin->keyfactory()->register_local_datareader(*participant_A, prop_handle, sec_attrs, exception); writer = CryptoPlugin->keyfactory()->register_local_datawriter(*participant_B, prop_handle, sec_attrs, exception); //Register a remote for both Participants - ParticipantA_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A,*i_handle,*perm_handle,*shared_secret, exception); - ParticipantB_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B,*i_handle,*perm_handle,*shared_secret, exception); + ParticipantA_remote = CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A, *i_handle, + *perm_handle, *shared_secret, + exception); + ParticipantB_remote = CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B, *i_handle, + *perm_handle, *shared_secret, + exception); //Register DataReader with DataWriter - remote_reader = CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, *shared_secret, false, exception); + remote_reader = CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, + *shared_secret, false, exception); //Register DataWriter with DataReader - remote_writer = CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, *shared_secret, exception); + remote_writer = CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, + *shared_secret, exception); - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, *ParticipantA_remote, exception); - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, *ParticipantB_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, + *ParticipantA_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, + *ParticipantB_remote, exception); //Set ParticipantA token into ParticipantB and viceversa - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A,*ParticipantA_remote,ParticipantB_CryptoTokens,exception); - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B,*ParticipantB_remote,ParticipantA_CryptoTokens,exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A, *ParticipantA_remote, + ParticipantB_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B, *ParticipantB_remote, + ParticipantA_CryptoTokens, exception); //Create CryptoTokens for the DataWriter and DataReader - CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, exception); - CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, exception); + CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, + exception); + CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, + exception); //Exchange Datareader and Datawriter Cryptotokens - CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, exception); - CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, + exception); + CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, + exception); receivers.clear(); receivers.push_back(remote_reader); @@ -1079,17 +1377,17 @@ TEST_F(CryptographyPluginTest, transform_Writer_Submesage) ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_datawriter_submessage(encoded_payload, plain_payload, *writer, receivers, exception)); ASSERT_TRUE(CryptoPlugin->cryptotransform()->decode_datawriter_submessage(decoded_payload, encoded_payload, *reader, *remote_writer, exception)); ASSERT_TRUE(plain_payload == decoded_payload); - */ + */ delete i_handle; delete perm_handle; delete shared_secret; - CryptoPlugin->keyfactory()->unregister_datawriter(writer,exception); - CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer,exception); + CryptoPlugin->keyfactory()->unregister_datawriter(writer, exception); + CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer, exception); - CryptoPlugin->keyfactory()->unregister_datareader(reader,exception); - CryptoPlugin->keyfactory()->unregister_datareader(remote_reader,exception); + CryptoPlugin->keyfactory()->unregister_datareader(reader, exception); + CryptoPlugin->keyfactory()->unregister_datareader(remote_reader, exception); CryptoPlugin->keyfactory()->unregister_participant(participant_A, exception); CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote, exception); @@ -1104,82 +1402,107 @@ TEST_F(CryptographyPluginTest, transform_Reader_Submessage) // Participant A owns Writer // Participant B owns Reader - eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); - eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); + eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = + new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); + eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = + new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); eprosima::fastrtps::rtps::PropertySeq prop_handle; eprosima::fastrtps::rtps::security::ParticipantSecurityAttributes part_sec_attr; eprosima::fastrtps::rtps::security::EndpointSecurityAttributes sec_attrs; - eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = new eprosima::fastrtps::rtps::security::SharedSecretHandle(); + eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = + new eprosima::fastrtps::rtps::security::SharedSecretHandle(); eprosima::fastrtps::rtps::security::SecurityException exception; part_sec_attr.is_rtps_protected = true; part_sec_attr.plugin_participant_attributes = PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED | - PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; + PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; sec_attrs.is_submessage_protected = true; sec_attrs.is_payload_protected = false; sec_attrs.is_key_protected = false; sec_attrs.plugin_endpoint_attributes = PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ENCRYPTED | - PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; + PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant_A = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant_B = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant_A = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant_B = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *reader = CryptoPlugin->keyfactory()->register_local_datareader(*participant_A, prop_handle, sec_attrs, exception); - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *writer = CryptoPlugin->keyfactory()->register_local_datawriter(*participant_B, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* reader = + CryptoPlugin->keyfactory()->register_local_datareader(*participant_A, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* writer = + CryptoPlugin->keyfactory()->register_local_datawriter(*participant_B, prop_handle, sec_attrs, exception); //Fill shared secret with dummy values std::vector dummy_data, challenge_1, challenge_2; eprosima::fastrtps::rtps::security::SharedSecret::BinaryData binary_data; - challenge_1.resize(8); - challenge_2.resize(8); + challenge_1.resize(32); + challenge_2.resize(32); - RAND_bytes(challenge_1.data(),8); + RAND_bytes(challenge_1.data(), 32); binary_data.name("Challenge1"); binary_data.value(challenge_1); (*shared_secret)->data_.push_back(binary_data); - RAND_bytes(challenge_2.data(),8); + RAND_bytes(challenge_2.data(), 32); binary_data.name("Challenge2"); binary_data.value(challenge_2); (*shared_secret)->data_.push_back(binary_data); dummy_data.resize(32); - RAND_bytes(dummy_data.data(),32); + RAND_bytes(dummy_data.data(), 32); binary_data.name("SharedSecret"); binary_data.value(dummy_data); (*shared_secret)->data_.push_back(binary_data); //Register a remote for both Participants - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantA_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A,*i_handle,*perm_handle,*shared_secret, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantB_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B,*i_handle,*perm_handle,*shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantA_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A, *i_handle, *perm_handle, + *shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantB_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B, *i_handle, *perm_handle, + *shared_secret, exception); //Register DataReader with DataWriter - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *remote_reader = CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, *shared_secret, false, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* remote_reader = + CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, + *shared_secret, false, exception); //Register DataWriter with DataReader - eprosima::fastrtps::rtps::security::DatawriterCryptoHandle *remote_writer = CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, *shared_secret, exception); + eprosima::fastrtps::rtps::security::DatawriterCryptoHandle* remote_writer = + CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, + *shared_secret, exception); //Create CryptoTokens for both Participants eprosima::fastrtps::rtps::security::ParticipantCryptoTokenSeq ParticipantA_CryptoTokens, ParticipantB_CryptoTokens; - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, *ParticipantA_remote, exception); - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, *ParticipantB_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, + *ParticipantA_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, + *ParticipantB_remote, exception); //Set ParticipantA token into ParticipantB and viceversa - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A,*ParticipantA_remote,ParticipantB_CryptoTokens,exception); - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B,*ParticipantB_remote,ParticipantA_CryptoTokens,exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A, *ParticipantA_remote, + ParticipantB_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B, *ParticipantB_remote, + ParticipantA_CryptoTokens, exception); //Create CryptoTokens for the DataWriter and DataReader eprosima::fastrtps::rtps::security::DatawriterCryptoTokenSeq Writer_CryptoTokens, Reader_CryptoTokens; - CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, exception); - CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, exception); + CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, + exception); + CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, + exception); //Exchange Datareader and Datawriter Cryptotokens - CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, exception); - CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, + exception); + CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, + exception); //Perform sample message exchange std::vector plain_payload; @@ -1199,60 +1522,76 @@ TEST_F(CryptographyPluginTest, transform_Reader_Submessage) ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_datareader_submessage(encoded_payload, plain_payload, *reader, receivers, exception)); ASSERT_TRUE(CryptoPlugin->cryptotransform()->decode_datareader_submessage(decoded_payload, encoded_payload, *writer, *remote_reader, exception)); ASSERT_TRUE(plain_payload == decoded_payload); - */ + */ - CryptoPlugin->keyfactory()->unregister_datawriter(writer,exception); - CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer,exception); + CryptoPlugin->keyfactory()->unregister_datawriter(writer, exception); + CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer, exception); - CryptoPlugin->keyfactory()->unregister_datareader(reader,exception); - CryptoPlugin->keyfactory()->unregister_datareader(remote_reader,exception); + CryptoPlugin->keyfactory()->unregister_datareader(reader, exception); + CryptoPlugin->keyfactory()->unregister_datareader(remote_reader, exception); CryptoPlugin->keyfactory()->unregister_participant(participant_A, exception); CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote, exception); CryptoPlugin->keyfactory()->unregister_participant(participant_B, exception); CryptoPlugin->keyfactory()->unregister_participant(ParticipantB_remote, exception); - //Test the GCM256 version + //Test the GCM128 version eprosima::fastrtps::rtps::Property prop1; prop1.name("dds.sec.crypto.keysize"); - prop1.value("256"); + prop1.value("128"); prop_handle.push_back(prop1); eprosima::fastrtps::rtps::Property prop2; prop2.name("dds.sec.crypto.maxblockspersession"); prop2.value("16"); prop_handle.push_back(prop2); - participant_A = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); - participant_B = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); + participant_A = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, + part_sec_attr, exception); + participant_B = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, + part_sec_attr, exception); reader = CryptoPlugin->keyfactory()->register_local_datareader(*participant_A, prop_handle, sec_attrs, exception); writer = CryptoPlugin->keyfactory()->register_local_datawriter(*participant_B, prop_handle, sec_attrs, exception); //Register a remote for both Participants - ParticipantA_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A,*i_handle,*perm_handle,*shared_secret, exception); - ParticipantB_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B,*i_handle,*perm_handle,*shared_secret, exception); + ParticipantA_remote = CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A, *i_handle, + *perm_handle, *shared_secret, + exception); + ParticipantB_remote = CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B, *i_handle, + *perm_handle, *shared_secret, + exception); //Register DataReader with DataWriter - remote_reader = CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, *shared_secret, false, exception); + remote_reader = CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantB_remote, + *shared_secret, false, exception); //Register DataWriter with DataReader - remote_writer = CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, *shared_secret, exception); + remote_writer = CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantA_remote, + *shared_secret, exception); //Create CryptoTokens for both Participants - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, *ParticipantA_remote, exception); - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, *ParticipantB_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, + *ParticipantA_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, + *ParticipantB_remote, exception); //Set ParticipantA token into ParticipantB and viceversa - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A,*ParticipantA_remote,ParticipantB_CryptoTokens,exception); - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B,*ParticipantB_remote,ParticipantA_CryptoTokens,exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A, *ParticipantA_remote, + ParticipantB_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B, *ParticipantB_remote, + ParticipantA_CryptoTokens, exception); //Create CryptoTokens for the DataWriter and DataReader - CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, exception); - CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, exception); + CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, + exception); + CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, + exception); //Exchange Datareader and Datawriter Cryptotokens - CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, exception); - CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, + exception); + CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, + exception); //Perform sample message exchange receivers.clear(); @@ -1264,13 +1603,13 @@ TEST_F(CryptographyPluginTest, transform_Reader_Submessage) ASSERT_TRUE(CryptoPlugin->cryptotransform()->encode_datareader_submessage(encoded_payload, plain_payload, *reader, receivers, exception)); ASSERT_TRUE(CryptoPlugin->cryptotransform()->decode_datareader_submessage(decoded_payload, encoded_payload, *writer, *remote_reader, exception)); ASSERT_TRUE(plain_payload == decoded_payload); - */ + */ - CryptoPlugin->keyfactory()->unregister_datawriter(writer,exception); - CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer,exception); + CryptoPlugin->keyfactory()->unregister_datawriter(writer, exception); + CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer, exception); - CryptoPlugin->keyfactory()->unregister_datareader(reader,exception); - CryptoPlugin->keyfactory()->unregister_datareader(remote_reader,exception); + CryptoPlugin->keyfactory()->unregister_datareader(reader, exception); + CryptoPlugin->keyfactory()->unregister_datareader(remote_reader, exception); CryptoPlugin->keyfactory()->unregister_participant(participant_A, exception); CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote, exception); @@ -1287,86 +1626,113 @@ TEST_F(CryptographyPluginTest, transform_preprocess_secure_submessage) // Participant A owns Writer // Participant B owns Reader - eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); - eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); + eprosima::fastrtps::rtps::security::PKIIdentityHandle* i_handle = + new eprosima::fastrtps::rtps::security::PKIIdentityHandle(); + eprosima::fastrtps::rtps::security::AccessPermissionsHandle* perm_handle = + new eprosima::fastrtps::rtps::security::AccessPermissionsHandle(); eprosima::fastrtps::rtps::PropertySeq prop_handle; eprosima::fastrtps::rtps::security::ParticipantSecurityAttributes part_sec_attr; eprosima::fastrtps::rtps::security::EndpointSecurityAttributes sec_attrs; - eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = new eprosima::fastrtps::rtps::security::SharedSecretHandle(); + eprosima::fastrtps::rtps::security::SharedSecretHandle* shared_secret = + new eprosima::fastrtps::rtps::security::SharedSecretHandle(); eprosima::fastrtps::rtps::security::SecurityException exception; part_sec_attr.is_rtps_protected = true; part_sec_attr.plugin_participant_attributes = PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED | - PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; + PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ORIGIN_AUTHENTICATED; sec_attrs.is_submessage_protected = true; sec_attrs.is_payload_protected = false; sec_attrs.is_key_protected = false; sec_attrs.plugin_endpoint_attributes = PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ENCRYPTED | - PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; + PLUGIN_ENDPOINT_SECURITY_ATTRIBUTES_FLAG_IS_SUBMESSAGE_ORIGIN_AUTHENTICATED; - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant_A = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *participant_B = CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant_A = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* participant_B = + CryptoPlugin->keyfactory()->register_local_participant(*i_handle, *perm_handle, prop_handle, part_sec_attr, + exception); - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *reader = CryptoPlugin->keyfactory()->register_local_datareader(*participant_B, prop_handle, sec_attrs, exception); - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *writer = CryptoPlugin->keyfactory()->register_local_datawriter(*participant_A, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* reader = + CryptoPlugin->keyfactory()->register_local_datareader(*participant_B, prop_handle, sec_attrs, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* writer = + CryptoPlugin->keyfactory()->register_local_datawriter(*participant_A, prop_handle, sec_attrs, exception); //Fill shared secret with dummy values std::vector dummy_data, challenge_1, challenge_2; eprosima::fastrtps::rtps::security::SharedSecret::BinaryData binary_data; - challenge_1.resize(8); - challenge_2.resize(8); + challenge_1.resize(32); + challenge_2.resize(32); - RAND_bytes(challenge_1.data(),8); + RAND_bytes(challenge_1.data(), 32); binary_data.name("Challenge1"); binary_data.value(challenge_1); (*shared_secret)->data_.push_back(binary_data); - RAND_bytes(challenge_2.data(),8); + RAND_bytes(challenge_2.data(), 32); binary_data.name("Challenge2"); binary_data.value(challenge_2); (*shared_secret)->data_.push_back(binary_data); dummy_data.resize(32); - RAND_bytes(dummy_data.data(),32); + RAND_bytes(dummy_data.data(), 32); binary_data.name("SharedSecret"); binary_data.value(dummy_data); (*shared_secret)->data_.push_back(binary_data); //Register a remote for both Participants - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantA_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A,*i_handle,*perm_handle,*shared_secret, exception); - eprosima::fastrtps::rtps::security::ParticipantCryptoHandle *ParticipantB_remote =CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B,*i_handle,*perm_handle,*shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantA_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_A, *i_handle, *perm_handle, + *shared_secret, exception); + eprosima::fastrtps::rtps::security::ParticipantCryptoHandle* ParticipantB_remote = + CryptoPlugin->keyfactory()->register_matched_remote_participant(*participant_B, *i_handle, *perm_handle, + *shared_secret, exception); //Register DataReader with DataWriter - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *remote_reader = CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantA_remote, *shared_secret, false, exception); + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle* remote_reader = + CryptoPlugin->keyfactory()->register_matched_remote_datareader(*writer, *ParticipantA_remote, + *shared_secret, false, exception); //Register DataWriter with DataReader - eprosima::fastrtps::rtps::security::DatawriterCryptoHandle *remote_writer = CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantB_remote, *shared_secret, exception); + eprosima::fastrtps::rtps::security::DatawriterCryptoHandle* remote_writer = + CryptoPlugin->keyfactory()->register_matched_remote_datawriter(*reader, *ParticipantB_remote, + *shared_secret, exception); //Create CryptoTokens for both Participants eprosima::fastrtps::rtps::security::ParticipantCryptoTokenSeq ParticipantA_CryptoTokens, ParticipantB_CryptoTokens; - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, *ParticipantA_remote, exception); - CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, *ParticipantB_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantA_CryptoTokens, *participant_A, + *ParticipantA_remote, exception); + CryptoPlugin->keyexchange()->create_local_participant_crypto_tokens(ParticipantB_CryptoTokens, *participant_B, + *ParticipantB_remote, exception); //Set ParticipantA token into ParticipantB and viceversa - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A,*ParticipantA_remote,ParticipantB_CryptoTokens,exception); - CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B,*ParticipantB_remote,ParticipantA_CryptoTokens,exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_A, *ParticipantA_remote, + ParticipantB_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_participant_crypto_tokens(*participant_B, *ParticipantB_remote, + ParticipantA_CryptoTokens, exception); //Create CryptoTokens for the DataWriter and DataReader eprosima::fastrtps::rtps::security::DatawriterCryptoTokenSeq Writer_CryptoTokens, Reader_CryptoTokens; - CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, exception); - CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, exception); + CryptoPlugin->keyexchange()->create_local_datawriter_crypto_tokens(Writer_CryptoTokens, *writer, *remote_reader, + exception); + CryptoPlugin->keyexchange()->create_local_datareader_crypto_tokens(Reader_CryptoTokens, *reader, *remote_writer, + exception); //Exchange Datareader and Datawriter Cryptotokens - CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, exception); - CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, exception); + CryptoPlugin->keyexchange()->set_remote_datareader_crypto_tokens(*writer, *remote_reader, Reader_CryptoTokens, + exception); + CryptoPlugin->keyexchange()->set_remote_datawriter_crypto_tokens(*reader, *remote_writer, Writer_CryptoTokens, + exception); //Verify each remote participant has data about the remote readers and writer - eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& P_B = eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*ParticipantB_remote); //Owner of a Reader - eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& P_A = eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*ParticipantA_remote); //Owner of a Writer + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& P_B = + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*ParticipantB_remote); //Owner of a Reader + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle& P_A = + eprosima::fastrtps::rtps::security::AESGCMGMAC_ParticipantCryptoHandle::narrow(*ParticipantA_remote); //Owner of a Writer ASSERT_TRUE( P_A->Readers.size() == 2); ASSERT_TRUE( P_A->Writers.size() == 1); @@ -1380,29 +1746,36 @@ TEST_F(CryptographyPluginTest, transform_preprocess_secure_submessage) char message[] = "My goose is cooked"; //Length 18 memcpy(plain_payload.buffer, message, 18); + plain_payload.length = 18; std::vector receivers; receivers.push_back(remote_writer); - CryptoPlugin->cryptotransform()->encode_datareader_submessage(encoded_datareader_payload, plain_payload, *reader, receivers, exception); + CryptoPlugin->cryptotransform()->encode_datareader_submessage(encoded_datareader_payload, plain_payload, *reader, + receivers, exception); receivers.clear(); receivers.push_back(remote_reader); plain_payload.pos = 0; - CryptoPlugin->cryptotransform()->encode_datawriter_submessage(encoded_datawriter_payload, plain_payload, *writer, receivers, exception); + CryptoPlugin->cryptotransform()->encode_datawriter_submessage(encoded_datawriter_payload, plain_payload, *writer, + receivers, exception); eprosima::fastrtps::rtps::security::SecureSubmessageCategory_t message_category; - eprosima::fastrtps::rtps::security::DatareaderCryptoHandle **target_reader = new eprosima::fastrtps::rtps::security::DatareaderCryptoHandle*; - eprosima::fastrtps::rtps::security::DatawriterCryptoHandle **target_writer = new eprosima::fastrtps::rtps::security::DatawriterCryptoHandle*; + eprosima::fastrtps::rtps::security::DatareaderCryptoHandle** target_reader = + new eprosima::fastrtps::rtps::security::DatareaderCryptoHandle *; + eprosima::fastrtps::rtps::security::DatawriterCryptoHandle** target_writer = + new eprosima::fastrtps::rtps::security::DatawriterCryptoHandle *; encoded_datareader_payload.pos = 0; - ASSERT_TRUE(CryptoPlugin->cryptotransform()->preprocess_secure_submsg(target_writer, target_reader, message_category, encoded_datareader_payload, *participant_A, *ParticipantA_remote, exception)); + ASSERT_TRUE(CryptoPlugin->cryptotransform()->preprocess_secure_submsg(target_writer, target_reader, + message_category, encoded_datareader_payload, *participant_A, *ParticipantA_remote, exception)); ASSERT_TRUE(message_category == eprosima::fastrtps::rtps::security::DATAREADER_SUBMESSAGE); ASSERT_TRUE(*target_reader == remote_reader); ASSERT_TRUE(*target_writer == writer); encoded_datawriter_payload.pos = 0; - ASSERT_TRUE(CryptoPlugin->cryptotransform()->preprocess_secure_submsg(target_writer, target_reader, message_category, encoded_datawriter_payload, *participant_B, *ParticipantB_remote, exception)); + ASSERT_TRUE(CryptoPlugin->cryptotransform()->preprocess_secure_submsg(target_writer, target_reader, + message_category, encoded_datawriter_payload, *participant_B, *ParticipantB_remote, exception)); ASSERT_TRUE(message_category == eprosima::fastrtps::rtps::security::DATAWRITER_SUBMESSAGE); ASSERT_TRUE(*target_writer == remote_writer); ASSERT_TRUE(*target_reader == reader); @@ -1410,11 +1783,11 @@ TEST_F(CryptographyPluginTest, transform_preprocess_secure_submessage) delete target_reader; delete target_writer; - CryptoPlugin->keyfactory()->unregister_datawriter(writer,exception); - CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer,exception); + CryptoPlugin->keyfactory()->unregister_datawriter(writer, exception); + CryptoPlugin->keyfactory()->unregister_datawriter(remote_writer, exception); - CryptoPlugin->keyfactory()->unregister_datareader(reader,exception); - CryptoPlugin->keyfactory()->unregister_datareader(remote_reader,exception); + CryptoPlugin->keyfactory()->unregister_datareader(reader, exception); + CryptoPlugin->keyfactory()->unregister_datareader(remote_reader, exception); CryptoPlugin->keyfactory()->unregister_participant(participant_A, exception); CryptoPlugin->keyfactory()->unregister_participant(ParticipantA_remote, exception);