8 #include "CryptoBuiltInTypeSupportImpl.h" 13 #include "dds/DdsDcpsInfrastructureC.h" 14 #include "dds/DdsSecurityParamsC.h" 25 #include "dds/DCPS/RTPS/RtpsCoreTypeSupportImpl.h" 27 #include <openssl/err.h> 28 #include <openssl/evp.h> 29 #include <openssl/rand.h> 51 CryptoBuiltInImpl::CryptoBuiltInImpl()
62 ACE_TEXT(
"CryptoBuiltInImpl::~CryptoBuiltInImpl keys_ %B encrypt_options_ %B participant_to_entity_ %B sessions_ %B derived_key_handles_ %B\n"),
75 return CryptoKeyFactory::_is_a(
id)
76 || CryptoKeyExchange::_is_a(
id)
77 || CryptoTransform::_is_a(
id);
105 const unsigned int KEY_LEN_BYTES = 32;
106 const unsigned int BLOCK_LEN_BYTES = 16;
107 const unsigned int MAX_BLOCKS_PER_SESSION = 1024;
121 RAND_bytes(k.
master_salt.get_buffer(), KEY_LEN_BYTES);
138 const unsigned submessage_key_index = 0;
171 ACE_TEXT(
"CryptoBuiltInImpl::register_local_participant keys_ (total %B)\n"),
192 if (!shared_secret) {
204 return 0 == std::strcmp(lhs, rhs);
209 return 0 == std::strcmp(lhs, rhs);
214 for (
unsigned int i = 0; i < props.length(); ++i) {
215 if (props[i].
name ==
"dds.sec.builtin_endpoint_name") {
216 return props[i].value ==
"BuiltinParticipantVolatileMessageSecureWriter" 217 || props[i].value ==
"BuiltinParticipantVolatileMessageSecureReader";
227 return 0 == std::memcmp(VOLATILE_PLACEHOLDER_KIND, keymat.
transformation_kind,
sizeof VOLATILE_PLACEHOLDER_KIND);
235 std::memcpy(k.
transformation_kind, VOLATILE_PLACEHOLDER_KIND,
sizeof VOLATILE_PLACEHOLDER_KIND);
244 : pkey_(EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, 0, key.get_buffer(), key.length()))
247 :
pkey_(EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, 0, key.get_buffer(), key.length()))
250 ~PrivateKey() { EVP_PKEY_free(pkey_); }
253 struct DigestContext {
256 operator EVP_MD_CTX*() {
return ctx_; }
260 void hkdf(
KeyOctetSeq& result,
const DDS::OctetSeq_var& prefix,
261 const char (&cookie)[17],
const DDS::OctetSeq_var& suffix,
262 const DDS::OctetSeq_var& data)
264 char*
const cookie_buffer =
const_cast<char*
>(cookie);
265 DDS::OctetSeq cookieSeq(16, 16, reinterpret_cast<CORBA::Octet*>(cookie_buffer));
266 std::vector<const DDS::OctetSeq*> input(3);
267 input[0] = prefix.ptr();
268 input[1] = &cookieSeq;
269 input[2] = suffix.ptr();
275 PrivateKey pkey(key);
277 const EVP_MD*
const md = EVP_get_digestbyname(
"SHA256");
278 if (EVP_DigestInit_ex(ctx, md, 0) != 1) {
282 if (EVP_DigestSignInit(ctx, 0, md, 0, pkey) != 1) {
286 if (EVP_DigestSignUpdate(ctx, data->get_buffer(), data->length()) != 1) {
291 if (EVP_DigestSignFinal(ctx, 0, &req) != 1) {
295 result.length(static_cast<unsigned int>(req));
296 if (EVP_DigestSignFinal(ctx, result.get_buffer(), &req) != 1) {
301 KeyMaterial_AES_GCM_GMAC
302 make_volatile_key(
const DDS::OctetSeq_var& challenge1,
303 const DDS::OctetSeq_var& challenge2,
304 const DDS::OctetSeq_var& sharedSec)
306 static const char KxSaltCookie[] =
"keyexchange salt";
307 static const char KxKeyCookie[] =
"key exchange key";
308 KeyMaterial_AES_GCM_GMAC k = {
310 KeyOctetSeq(), {0, 0, 0, 0},
KeyOctetSeq(), {0, 0, 0, 0},
KeyOctetSeq()
312 hkdf(k.master_salt, challenge1, KxSaltCookie, challenge2, sharedSec);
313 hkdf(k.master_sender_key, challenge2, KxKeyCookie, challenge1, sharedSec);
329 if (is_builtin_volatile(properties)) {
342 ACE_TEXT(
"created submessage key with id %C for LDWCH %d\n"),
347 ACE_TEXT(
"created submessage key for LDWCH %d:\n%C"), h,
357 ACE_TEXT(
"created payload key with id %C for LDWCH %d\n"),
362 ACE_TEXT(
"created payload key for LDWCH %d:\n%C"), h,
372 ACE_TEXT(
"CryptoBuiltInImpl::register_local_datawriter keys_ (total %B)\n"),
378 ACE_TEXT(
"CryptoBuiltInImpl::register_local_datawriter encrypt_options_ (total %B)\n"),
387 ACE_TEXT(
"CryptoBuiltInImpl::register_local_datawriter participant_to_entity_ (total %B)\n"),
410 if (!shared_secret) {
416 const KeyTable_t::const_iterator iter =
keys_.find(local_datawriter_crypto_handle);
417 if (iter ==
keys_.end()) {
422 const KeySeq& dw_keys = iter->second;
423 const bool use_derived_key = dw_keys.length() == 1 && is_volatile_placeholder(dw_keys[0]);
425 const HandlePair_t input_handles = std::make_pair(remote_participant_crypto, local_datawriter_crypto_handle);
426 const DerivedKeyIndex_t::iterator existing_handle_iter =
432 if (use_derived_key) {
436 dr_keys[0] = make_volatile_key(shared_secret->
challenge1(),
439 if (!dr_keys[0].master_salt.length()
440 || !dr_keys[0].master_sender_key.length()) {
442 "volatile remote reader");
447 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datareader ")
448 ACE_TEXT(
"created volatile key for RDRCH %d\n"), h));
452 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datareader ")
453 ACE_TEXT(
"created volatile key for RDRCH %d:\n%C"), h,
459 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datareader keys_ (total %B)\n"),
463 sessions_.erase(std::make_pair(h, submessage_key_index));
466 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datareader sessions_ (total %B)\n"),
473 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datareader derived_key_handles_ (total %B)\n"),
483 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datareader participant_to_entity_ (total %B)\n"),
489 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datareader encrypt_options_ (total %B)\n"),
505 if (is_builtin_volatile(properties)) {
512 ACE_TEXT(
"created submessage key with id %C for LDRCH %d\n"),
517 ACE_TEXT(
"created submessage key for LDRCH %d:\n%C"), h,
527 ACE_TEXT(
"CryptoBuiltInImpl::register_local_datareader keys_ (total %B)\n"),
533 ACE_TEXT(
"CryptoBuiltInImpl::register_local_datareader encrypt_options_ (total %B)\n"),
542 ACE_TEXT(
"CryptoBuiltInImpl::register_local_datareader participant_to_entity_ (total %B)\n"),
564 if (!shared_secret) {
570 const KeyTable_t::const_iterator iter =
keys_.find(local_datareader_crypto_handle);
571 if (iter ==
keys_.end()) {
576 const KeySeq& dr_keys = iter->second;
577 const bool use_derived_key = dr_keys.length() == 1 && is_volatile_placeholder(dr_keys[0]);
579 const HandlePair_t input_handles = std::make_pair(remote_participant_crypto, local_datareader_crypto_handle);
580 const DerivedKeyIndex_t::iterator existing_handle_iter =
586 if (use_derived_key) {
590 dw_keys[0] = make_volatile_key(shared_secret->
challenge1(),
593 if (!dw_keys[0].master_salt.length()
594 || !dw_keys[0].master_sender_key.length()) {
596 "volatile remote writer");
601 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datawriter ")
602 ACE_TEXT(
"created volatile key for RDWCH %d\n"), h));
606 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datawriter ")
607 ACE_TEXT(
"created volatile key for RDWCH %d:\n%C"), h,
613 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datawriter keys_ (total %B)\n"),
617 sessions_.erase(std::make_pair(h, submessage_key_index));
620 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datawriter sessions_ (total %B)\n"),
627 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datawriter derived_key_handles_ (total %B)\n"),
637 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datawriter participant_to_entity_ (total %B)\n"),
643 ACE_TEXT(
"CryptoBuiltInImpl::register_matched_remote_datawriter encrypt_options_ (total %B)\n"),
657 for (DerivedKeyIndex_t::iterator it =
derived_key_handles_.lower_bound(std::make_pair(handle, 0));
661 ACE_TEXT(
"CryptoBuiltInImpl::unregister_participant derived_key_handles_ (total %B)\n"),
673 ACE_TEXT(
"CryptoBuiltInImpl::clear_common_data keys_ (total %B)\n"),
676 for (SessionTable_t::iterator st_iter =
sessions_.lower_bound(std::make_pair(handle, 0));
677 st_iter !=
sessions_.end() && st_iter->first.first == handle;
681 ACE_TEXT(
"CryptoBuiltInImpl::clear_common_data sessions_ (total %B)\n"),
693 ACE_TEXT(
"CryptoBuiltInImpl::clear_endpoint_data encrypt_options_ (total %B)\n"),
697 typedef std::multimap<ParticipantCryptoHandle, EntityInfo>::iterator iter_t;
699 if (it->second.handle_ == handle) {
703 ACE_TEXT(
"CryptoBuiltInImpl::clear_endpoint_data participant_to_entity_ (total %B)\n"),
738 const char Crypto_Token_Class_Id[] =
"DDS:Crypto:AES_GCM_GMAC";
739 const char Token_KeyMat_Name[] =
"dds.cryp.keymat";
741 const char* to_mb(
const unsigned char* buffer)
743 return reinterpret_cast<const char*
>(buffer);
749 for (
unsigned int i = 0; i < keys.length(); ++i) {
754 p.
name = Token_KeyMat_Name;
757 p.
value.length(static_cast<unsigned int>(size));
760 if (ser << keys[i]) {
764 "(%P|%t) ERROR: keys_to_tokens: Failed to serialize\n"));
773 for (
unsigned int i = 0; i < tokens.length(); ++i) {
775 if (Crypto_Token_Class_Id == t.
class_id) {
778 if (Token_KeyMat_Name == p.
name) {
787 "(%P|%t) ERROR: tokens_to_keys: Failed to deserialize\n"));
812 const KeyTable_t::const_iterator iter =
keys_.find(local_participant_crypto);
813 if (iter !=
keys_.end()) {
814 local_participant_crypto_tokens = keys_to_tokens(iter->second);
817 local_participant_crypto_tokens.length(0);
835 const KeyTable_t::const_iterator iter =
keys_.find(local_participant_crypto);
836 if (iter ==
keys_.end()) {
839 return iter->second.length();
856 keys_[remote_participant_crypto] = tokens_to_keys(remote_participant_tokens);
859 ACE_TEXT(
"CryptoBuiltInImpl::set_remote_participant_crypto_tokens keys_ (total %B)\n"),
877 const KeyTable_t::const_iterator iter =
keys_.find(remote_participant_crypto);
878 if (iter ==
keys_.end()) {
881 return iter->second.length();
898 const KeyTable_t::const_iterator iter =
keys_.find(local_datawriter_crypto);
899 if (iter !=
keys_.end()) {
900 local_datawriter_crypto_tokens = keys_to_tokens(iter->second);
902 local_datawriter_crypto_tokens.length(0);
920 const KeyTable_t::const_iterator iter =
keys_.find(local_datawriter_crypto);
921 if (iter ==
keys_.end()) {
924 return iter->second.length();
941 keys_[remote_datawriter_crypto] = tokens_to_keys(remote_datawriter_tokens);
944 ACE_TEXT(
"CryptoBuiltInImpl::set_remote_datawriter_crypto_tokens keys_ (total %B)\n"),
962 const KeyTable_t::const_iterator iter =
keys_.find(remote_datawriter_crypto);
963 if (iter ==
keys_.end()) {
966 return iter->second.length();
983 const KeyTable_t::const_iterator iter =
keys_.find(local_datareader_crypto);
984 if (iter !=
keys_.end()) {
985 local_datareader_crypto_tokens = keys_to_tokens(iter->second);
987 local_datareader_crypto_tokens.length(0);
1005 const KeyTable_t::const_iterator iter =
keys_.find(local_datareader_crypto);
1006 if (iter ==
keys_.end()) {
1009 return iter->second.length();
1026 keys_[remote_datareader_crypto] = tokens_to_keys(remote_datareader_tokens);
1029 ACE_TEXT(
"CryptoBuiltInImpl::set_remote_datareader_crypto_tokens keys_ (total %B)\n"),
1047 const KeyTable_t::const_iterator iter =
keys_.find(remote_datareader_crypto);
1048 if (iter ==
keys_.end()) {
1051 return iter->second.length();
1066 return kind[0] == 0 && kind[1] == 0 && kind[2] == 0
1074 return kind[0] == 0 && kind[1] == 0 && kind[2] == 0
1079 struct CipherContext {
1080 EVP_CIPHER_CTX*
ctx_;
1081 CipherContext() :
ctx_(EVP_CIPHER_CTX_new()) {}
1082 operator EVP_CIPHER_CTX*() {
return ctx_; }
1083 ~CipherContext() { EVP_CIPHER_CTX_free(ctx_); }
1086 bool inc32(
unsigned char* a)
1088 for (
int i = 0; i < 4; ++i) {
1094 std::fill(a, a + 4, 0);
1098 const size_t CRYPTO_CONTENT_ADDED_LENGTH = 4;
1099 const size_t CRYPTO_HEADER_LENGTH = 20;
1114 const KeyTable_t::const_iterator keys_iter =
keys_.find(sending_datawriter_crypto);
1115 const EncryptOptions_t::const_iterator eo_iter =
encrypt_options_.find(sending_datawriter_crypto);
1119 if (keys_iter ==
keys_.end() || !eo_iter->second.payload_) {
1120 encoded_buffer = plain_buffer;
1124 const KeySeq& keyseq = keys_iter->second;
1125 if (!keyseq.length()) {
1126 encoded_buffer = plain_buffer;
1136 const unsigned int key_idx = keyseq.length() >= 2 ? 1 : 0;
1137 const KeyId_t sKey = std::make_pair(sending_datawriter_crypto, key_idx);
1139 if (encrypts(keyseq[key_idx])) {
1141 header, footer, out, ex);
1144 }
else if (authenticates(keyseq[key_idx])) {
1146 header, footer, ex);
1158 if (pOut != &plain_buffer) {
1159 size += CRYPTO_CONTENT_ADDED_LENGTH;
1162 size += pOut->length();
1165 encoded_buffer.length(static_cast<unsigned int>(size));
1170 if (pOut != &plain_buffer) {
1181 RAND_bytes(id_,
sizeof id_);
1182 RAND_bytes(iv_suffix_,
sizeof iv_suffix_);
1190 RAND_bytes(iv_suffix_,
sizeof iv_suffix_);
1198 if (inc32(iv_suffix_)) {
1199 inc32(iv_suffix_ + 4);
1207 const unsigned int blocks =
1208 (plain.length() + BLOCK_LEN_BYTES - 1) / BLOCK_LEN_BYTES;
1210 if (!sess.
key_.length()) {
1213 }
else if (sess.
counter_ + blocks > MAX_BLOCKS_PER_SESSION) {
1236 ACE_TEXT(
"Using this key to encrypt:\n%C"),
1241 static const int IV_LEN = 12, IV_SUFFIX_IDX = 4;
1242 unsigned char iv[IV_LEN];
1243 std::memcpy(iv, &sess.
id_,
sizeof sess.
id_);
1252 const unsigned char*
const key = sess.
key_.get_buffer();
1253 if (EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), 0, key, iv) != 1) {
1258 out.length(plain.length() + BLOCK_LEN_BYTES - 1);
1259 unsigned char*
const out_buffer = out.get_buffer();
1260 if (EVP_EncryptUpdate(ctx, out_buffer, &len,
1261 plain.get_buffer(), plain.length()) != 1) {
1266 if (EVP_EncryptFinal_ex(ctx, out_buffer + len, &padLen) != 1) {
1270 out.length(len + padLen);
1287 static const int IV_LEN = 12, IV_SUFFIX_IDX = 4;
1288 unsigned char iv[IV_LEN];
1289 std::memcpy(iv, &sess.
id_,
sizeof sess.
id_);
1293 const unsigned char*
const key = sess.
key_.get_buffer();
1294 if (EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), 0, key, iv) != 1) {
1299 if (EVP_EncryptUpdate(ctx, 0, &n, plain.get_buffer(), plain.length()) != 1) {
1303 if (EVP_EncryptFinal_ex(ctx, 0, &n) != 1) {
1318 unsigned int findLastSubmessage(
const DDS::OctetSeq& plaintext)
1321 const char*
const start = parser.
current();
1324 const unsigned int sm_start =
static_cast<unsigned int>(parser.
current() - start);
1340 unsigned int roundUp(
unsigned int length,
unsigned int alignment)
1342 const unsigned int offset = length % alignment;
1343 return length + (offset ? alignment - offset : 0);
1346 const int SEQLEN_SZ = 4;
1358 const size_t origLength = original.length() - offset;
1360 mb_in.
wr_ptr(origLength);
1365 unsigned char flags;
1370 ACE_UINT16 submessageLength;
1371 ser_in >> submessageLength;
1372 if (submessageLength == 0) {
1373 modified = original;
1375 modified[offset + 2 + !flag_e] = len & 0xff;
1376 modified[offset + 2 + flag_e] = (len >> 8) & 0xff;
1389 const KeyTable_t::const_iterator iter =
keys_.find(sender_handle);
1390 if (iter ==
keys_.end()) {
1391 encoded_rtps_submessage = plain_rtps_submessage;
1395 const KeySeq& keyseq = iter->second;
1396 if (!keyseq.length()) {
1397 encoded_rtps_submessage = plain_rtps_submessage;
1406 const KeyId_t sKey = std::make_pair(sender_handle, submessage_key_index);
1407 bool authOnly =
false;
1409 if (encrypts(keyseq[submessage_key_index])) {
1410 ok =
encrypt(keyseq[submessage_key_index],
sessions_[sKey], plain_rtps_submessage,
1411 header, footer, out, ex);
1414 }
else if (authenticates(keyseq[submessage_key_index])) {
1417 if (setOctetsToNextHeader(out, plain_rtps_submessage)) {
1421 header, footer, ex);
1436 const ACE_UINT16 hdrLen =
static_cast<ACE_UINT16
>(size -
RTPS::SMHDR_SZ);
1442 size += pOut->length();
1446 const size_t preFooter = size;
1449 encoded_rtps_submessage.length(static_cast<unsigned int>(size));
1458 smHdr.submessageLength =
static_cast<ACE_UINT16
>(roundUp(SEQLEN_SZ + pOut->length(),
RTPS::SM_ALIGN));
1467 smHdr.submessageLength =
static_cast<ACE_UINT16
>(size - preFooter);
1479 CORBA::Long& receiving_datareader_crypto_list_index,
1486 if (receiving_datareader_crypto_list_index < 0) {
1490 const int len =
static_cast<int>(receiving_datareader_crypto_list.length());
1493 if (len && receiving_datareader_crypto_list_index >= len) {
1497 for (
unsigned int i = 0; i < receiving_datareader_crypto_list.length(); ++i) {
1505 const EncryptOptions_t::const_iterator eo_iter =
encrypt_options_.find(encode_handle);
1510 if (!eo_iter->second.submessage_) {
1511 encoded_rtps_submessage = plain_rtps_submessage;
1512 receiving_datareader_crypto_list_index = len;
1516 if (receiving_datareader_crypto_list.length() == 1) {
1517 const KeyTable_t::const_iterator iter =
keys_.find(encode_handle);
1518 if (iter !=
keys_.end()) {
1519 const KeySeq& dw_keys = iter->second;
1520 if (dw_keys.length() == 1 && is_volatile_placeholder(dw_keys[0])) {
1521 encode_handle = receiving_datareader_crypto_list[0];
1527 plain_rtps_submessage, encode_handle, ex);
1529 receiving_datareader_crypto_list_index = len;
1545 for (
unsigned int i = 0; i < receiving_datawriter_crypto_list.length(); ++i) {
1553 if (receiving_datawriter_crypto_list.length() == 1) {
1554 const KeyTable_t::const_iterator iter =
keys_.find(encode_handle);
1555 if (iter !=
keys_.end()) {
1556 const KeySeq& dr_keys = iter->second;
1557 if (dr_keys.length() == 1 && is_volatile_placeholder(dr_keys[0])) {
1558 encode_handle = receiving_datawriter_crypto_list[0];
1572 CORBA::Long& receiving_participant_crypto_list_index,
1575 receiving_participant_crypto_list_index = receiving_participant_crypto_list.length();
1584 const KeyTable_t::const_iterator iter =
keys_.find(sending_participant_crypto);
1585 if (iter ==
keys_.end()) {
1589 const KeySeq& keyseq = iter->second;
1590 if (!keyseq.length()) {
1596 transformed.length(transformed.maximum());
1601 std::memcpy(transformed.get_buffer() +
RTPS::SMHDR_SZ, plain_rtps_message.get_buffer(), plain_rtps_message.length());
1603 bool ok, addSecBody =
false;
1609 const KeyId_t sKey = std::make_pair(sending_participant_crypto, 0);
1611 if (encrypts(key)) {
1612 ok =
encrypt(key,
sessions_[sKey], transformed, cryptoHdr, cryptoFooter, out, ex);
1616 }
else if (authenticates(key)) {
1619 const unsigned int offsetFinal = findLastSubmessage(transformed);
1620 if (offsetFinal && setOctetsToNextHeader(out, transformed, offsetFinal)) {
1635 const ACE_UINT16 cryptoHdrLen =
1639 size += RTPS::SMHDR_SZ + SEQLEN_SZ;
1642 size += pOut->length();
1648 encoded_rtps_message.length(static_cast<unsigned int>(size));
1660 smHdr.submessageLength =
static_cast<ACE_UINT16
>(roundUp(SEQLEN_SZ + pOut->length(),
RTPS::SM_ALIGN));
1669 smHdr.submessageLength = 0;
1671 ser << cryptoFooter;
1703 encoded_rtps_submessage.length());
1704 mb_in.
wr_ptr(encoded_rtps_submessage.length());
1709 "(%P|%t) CryptoBuiltInImpl::preprocess_secure_submsg: " 1710 "Could not deserializer CyptoHeader\n"));
1714 typedef std::multimap<ParticipantCryptoHandle, EntityInfo>::iterator iter_t;
1715 const std::pair<iter_t, iter_t> iters =
1719 ACE_TEXT(
"Looking for CH that matches transformation id:\n%C"),
1722 for (iter_t iter = iters.first; iter != iters.second; ++iter) {
1724 const KeyTable_t::const_iterator kiter =
keys_.find(sending_entity_candidate);
1727 ACE_TEXT(
" Looking at CH %u, has keys: %C\n"),
1728 sending_entity_candidate, kiter ==
keys_.end() ?
"false" :
"true"));
1730 if (kiter !=
keys_.end()) {
1731 const KeySeq& keyseq = kiter->second;
1732 const unsigned keycount = keyseq.length();
1735 ACE_TEXT(
" Number of keys: %u\n"), keycount));
1737 for (
unsigned int i = 0; i < keycount; ++i) {
1744 if (matches(keyseq[i], ch)) {
1746 secure_submessage_category = iter->second.category_;
1747 switch (secure_submessage_category) {
1749 datawriter_crypto = iter->second.handle_;
1753 datareader_crypto = iter->second.handle_;
1761 ACE_TEXT(
"D%cCH Found!\n"), chtype));
1778 if (key_.length() && 0 == std::memcmp(&id_, &header.
session_id,
sizeof id_)) {
1781 std::memcpy(&id_, &header.
session_id,
sizeof id_);
1791 const EVP_MD* md = EVP_get_digestbyname(
"SHA256");
1793 if (EVP_DigestInit_ex(ctx, md, 0) < 1) {
1797 if (EVP_DigestSignInit(ctx, 0, md, 0, pkey) < 1) {
1801 static const char cookie[] =
"SessionKey";
1802 if (EVP_DigestSignUpdate(ctx, cookie, (
sizeof cookie) - 1) < 1) {
1807 if (EVP_DigestSignUpdate(ctx, salt.get_buffer(), salt.length()) < 1) {
1811 if (EVP_DigestSignUpdate(ctx, id_,
sizeof id_) < 1) {
1816 if (EVP_DigestSignFinal(ctx, 0, &req) < 1) {
1820 key_.length(static_cast<unsigned int>(req));
1821 if (EVP_DigestSignFinal(ctx, key_.get_buffer(), &req) < 1) {
1827 const char* ciphertext,
unsigned int n,
1835 ACE_TEXT(
"Using this key to decrypt:\n%C"),
1840 if (!sess_key.length()) {
1847 "unsupported transformation kind %d\n",
1854 std::memcpy(out.get_buffer(), ciphertext, n);
1860 if (EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), 0, sess_key.get_buffer(),
1863 "EVP_DecryptInit_ex %Ld\n", ERR_peek_last_error()));
1867 out.length(n + KEY_LEN_BYTES);
1868 unsigned char*
const out_buffer = out.get_buffer();
1870 if (EVP_DecryptUpdate(ctx, out_buffer, &len,
1871 reinterpret_cast<const unsigned char*>(ciphertext), n)
1874 "EVP_DecryptUpdate %Ld\n", ERR_peek_last_error()));
1878 void* tag =
const_cast<void*
>(
static_cast<const void*
>(footer.
common_mac));
1879 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) {
1881 "EVP_CIPHER_CTX_ctrl %Ld\n", ERR_peek_last_error()));
1886 if (EVP_DecryptFinal_ex(ctx, out_buffer + len, &len2) == 1) {
1887 out.length(len + len2);
1891 "EVP_DecryptFinal_ex %Ld\n", ERR_peek_last_error()));
1896 const char* in,
unsigned int n,
1903 if (!sess_key.length()) {
1910 "unsupported transformation kind %d\n",
1917 if (EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), 0, sess_key.get_buffer(),
1920 "EVP_DecryptInit_ex %Ld\n", ERR_peek_last_error()));
1925 if (EVP_DecryptUpdate(ctx, 0, &len,
1926 reinterpret_cast<const unsigned char*>(in), n) != 1) {
1928 "EVP_DecryptUpdate %Ld\n", ERR_peek_last_error()));
1932 void* tag =
const_cast<void*
>(
static_cast<const void*
>(footer.
common_mac));
1933 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) {
1935 "EVP_CIPHER_CTX_ctrl %Ld\n", ERR_peek_last_error()));
1940 if (EVP_DecryptFinal_ex(ctx, 0, &len2) == 1) {
1942 std::memcpy(out.get_buffer(), in, n);
1946 "EVP_DecryptFinal_ex %Ld\n", ERR_peek_last_error()));
1972 bool haveCryptoHeader =
false, haveCryptoFooter =
false;
1973 const char* afterSrtpsPrefix = 0;
1974 unsigned int sizeOfAuthenticated, sizeOfEncrypted;
1975 const char* encrypted = 0;
1977 for (
int i = 0; parser.
remaining(); ++i) {
1986 if (!(parser >> ch)) {
1989 haveCryptoHeader =
true;
1993 afterSrtpsPrefix = parser.
current();
1996 if (!(parser >> sizeOfEncrypted)) {
1999 const unsigned short sz =
2010 sizeOfAuthenticated =
static_cast<unsigned int>(parser.
current() - afterSrtpsPrefix -
RTPS::SMHDR_SZ);
2011 if (!(parser >> cf)) {
2017 haveCryptoFooter =
true;
2031 if (!haveCryptoHeader || !haveCryptoFooter) {
2036 const KeyTable_t::const_iterator iter =
keys_.find(sending_participant_crypto);
2037 if (iter ==
keys_.end()) {
2040 const KeySeq& keyseq = iter->second;
2041 bool foundKey =
false;
2043 for (
unsigned int i = 0; !foundKey && i < keyseq.length(); ++i) {
2044 if (matches(keyseq[i], ch)) {
2045 const KeyId_t sKey = std::make_pair(sending_participant_crypto, i);
2047 if (encrypts(keyseq[i])) {
2053 ch, cf, transformed, ex)) {
2057 }
else if (authenticates(keyseq[i])) {
2059 if (!
verify(keyseq[i],
sessions_[sKey], afterSrtpsPrefix, sizeOfAuthenticated,
2060 ch, cf, transformed, ex)) {
2080 static const int GuidPrefixOffset = 8;
2081 if (std::memcmp(transformed.get_buffer() +
RTPS::SMHDR_SZ + GuidPrefixOffset,
2082 encoded_buffer.get_buffer() + GuidPrefixOffset,
2102 encoded_rtps_submessage.length());
2103 mb_in.
wr_ptr(encoded_rtps_submessage.length());
2108 de_ser >> ACE_InputCDR::to_octet(flags);
2111 de_ser >> octetsToNext;
2115 de_ser.
skip(octetsToNext - CRYPTO_HEADER_LENGTH);
2118 "(%P|%t) ERROR: CryptoBuiltInImpl::decode_submessage: " 2119 "Failed to deserialize SEC_PREFIX\n"));
2124 de_ser >> ACE_InputCDR::to_octet(type);
2125 de_ser >> ACE_InputCDR::to_octet(flags);
2127 de_ser >> octetsToNext;
2130 "(%P|%t) ERROR: CryptoBuiltInImpl::decode_submessage: " 2131 "Failed to deserialize next submessage\n"));
2136 mb_footer->
rd_ptr(octetsToNext);
2139 post_ser >> ACE_InputCDR::to_octet(type);
2140 post_ser >> ACE_InputCDR::to_octet(flags);
2143 post_ser >> postfixOctetsToNext;
2147 if (!post_ser.good_bit()) {
2149 "(%P|%t) ERROR: CryptoBuiltInImpl::decode_submessage: " 2150 "Failed to deserialize SEC_POST\n"));
2155 const KeyTable_t::const_iterator keys_iter =
keys_.find(sender_handle);
2156 if (keys_iter ==
keys_.end()) {
2160 const KeySeq& keyseq = keys_iter->second;
2161 for (
unsigned int i = 0; i < keyseq.length(); ++i) {
2162 if (matches(keyseq[i], ch)) {
2163 const KeyId_t sKey = std::make_pair(sender_handle, i);
2165 if (encrypts(keyseq[i])) {
2168 if (!(de_ser >> n)) {
2170 "(%P|%t) ERROR: CryptoBuiltInImpl::decode_submessage: " 2171 "Failed to deserialize content size(?)\n"));
2175 plain_rtps_submessage, ex);
2177 }
else if (authenticates(keyseq[i])) {
2179 RTPS::SMHDR_SZ + octetsToNext, ch, cf, plain_rtps_submessage, ex);
2207 ACE_TEXT(
"Sending DWCH is %u, Receiving DRCH is %u\n"),
2208 sending_datawriter_crypto, receiving_datareader_crypto));
2212 sending_datawriter_crypto, ex);
2232 ACE_TEXT(
"Sending DRCH is %u, Receiving DWCH is %u\n"),
2233 sending_datareader_crypto, receiving_datawriter_crypto));
2237 sending_datareader_crypto, ex);
2259 ACE_TEXT(
"Sending DWCH is %u, Receiving DRCH is %u\n"),
2260 sending_datawriter_crypto, receiving_datareader_crypto));
2264 const KeyTable_t::const_iterator iter =
keys_.find(sending_datawriter_crypto);
2265 if (iter ==
keys_.end()) {
2268 const EncryptOptions_t::const_iterator eo_iter =
encrypt_options_.find(sending_datawriter_crypto);
2272 if (!eo_iter->second.payload_) {
2273 plain_buffer = encoded_buffer;
2276 ACE_TEXT(
"Sending datawriter isn't encrypting as far as we know, returning input as plaintext\n"),
2277 sending_datawriter_crypto, receiving_datareader_crypto));
2283 encoded_buffer.length());
2284 mb_in.
wr_ptr(encoded_buffer.length());
2287 if (!(de_ser >> ch)) {
2291 const KeySeq& keyseq = iter->second;
2292 for (
unsigned int i = 0; i < keyseq.length(); ++i) {
2293 if (matches(keyseq[i], ch)) {
2294 const KeyId_t sKey = std::make_pair(sending_datawriter_crypto, i);
2295 if (encrypts(keyseq[i])) {
2297 if (!(de_ser >> n)) {
2300 const char*
const ciphertext = mb_in.rd_ptr();
2301 if (!de_ser.
skip(n)) {
2305 if (!(de_ser >> cf)) {
2308 return decrypt(keyseq[i],
sessions_[sKey], ciphertext, n, ch, cf, plain_buffer, ex);
2310 }
else if (authenticates(keyseq[i])) {
2312 "transformation not supported " virtual DDS::Security::DatawriterCryptoHandle register_matched_remote_datawriter(DDS::Security::DatareaderCryptoHandle local_datareader_crypto_handle, DDS::Security::ParticipantCryptoHandle remote_participant_crypt, DDS::Security::SharedSecretHandle *shared_secret, DDS::Security::SecurityException &ex)
virtual bool encode_datawriter_submessage(DDS::OctetSeq &encoded_rtps_submessage, const DDS::OctetSeq &plain_rtps_submessage, DDS::Security::DatawriterCryptoHandle sending_datawriter_crypto, const DDS::Security::DatareaderCryptoHandleSeq &receiving_datareader_crypto_list, CORBA::Long &receiving_datareader_crypto_list_index, DDS::Security::SecurityException &ex)
virtual bool create_local_datawriter_crypto_tokens(DDS::Security::DatawriterCryptoTokenSeq &local_datawriter_crypto_tokens, DDS::Security::DatawriterCryptoHandle local_datawriter_crypto, DDS::Security::DatareaderCryptoHandle remote_datareader_crypto, DDS::Security::SecurityException &ex)
virtual bool decode_rtps_message(DDS::OctetSeq &plain_buffer, const DDS::OctetSeq &encoded_buffer, DDS::Security::ParticipantCryptoHandle receiving_participant_crypto, DDS::Security::ParticipantCryptoHandle sending_participant_crypto, DDS::Security::SecurityException &ex)
virtual bool decode_serialized_payload(DDS::OctetSeq &plain_buffer, const DDS::OctetSeq &encoded_buffer, const DDS::OctetSeq &inline_qos, DDS::Security::DatareaderCryptoHandle receiving_datareader_crypto, DDS::Security::DatawriterCryptoHandle sending_datawriter_crypto, DDS::Security::SecurityException &ex)
CryptoTransformKeyId receiver_specific_key_id
virtual bool set_remote_datawriter_crypto_tokens(DDS::Security::DatareaderCryptoHandle local_datareader_crypto, DDS::Security::DatawriterCryptoHandle remote_datawriter_crypto, const DDS::Security::DatawriterCryptoTokenSeq &remote_datawriter_tokens, DDS::Security::SecurityException &ex)
const octet CRYPTO_TRANSFORMATION_KIND_AES256_GCM
sequence< octet, 32 > KeyOctetSeq
BinaryPropertySeq binary_properties
const InstanceHandle_t HANDLE_NIL
const ACE_CDR::UShort INFO_SRC_SZ
const unsigned long FLAG_IS_PAYLOAD_ENCRYPTED
virtual bool have_local_datawriter_crypto_tokens(DDS::Security::DatawriterCryptoHandle local_datawriter_crypto, DDS::Security::DatareaderCryptoHandle remote_datareader_crypto)
const ACE_CDR::UShort RTPSHDR_SZ
SubmessageHeader submessageHeader() const
bool authtag(const KeyMaterial &master, Session &sess, const DDS::OctetSeq &plain, CryptoHeader &header, CryptoFooter &footer, DDS::Security::SecurityException &ex)
bool chlookup
Print Verbose Search Info About Getting the Crypto Handle from a Key id.
int hash(const std::vector< const DDS::OctetSeq *> &src, DDS::OctetSeq &dst)
bool hasNextSubmessage() const
virtual bool encode_datareader_submessage(DDS::OctetSeq &encoded_rtps_submessage, const DDS::OctetSeq &plain_rtps_submessage, DDS::Security::DatareaderCryptoHandle sending_datareader_crypto, const DDS::Security::DatawriterCryptoHandleSeq &receiving_datawriter_crypto_list, DDS::Security::SecurityException &ex)
const unsigned long FLAG_IS_SUBMESSAGE_ENCRYPTED
sequence< DatareaderCryptoHandle > DatareaderCryptoHandleSeq
const octet CRYPTO_TRANSFORMATION_KIND_AES128_GCM
bool skip(size_t n, int size=1)
virtual bool preprocess_secure_submsg(DDS::Security::DatawriterCryptoHandle &datawriter_crypto, DDS::Security::DatareaderCryptoHandle &datareader_crypto, DDS::Security::SecureSubmessageCategory_t &secure_submessage_category, const DDS::OctetSeq &encoded_rtps_submessage, DDS::Security::ParticipantCryptoHandle receiving_participant_crypto, DDS::Security::ParticipantCryptoHandle sending_participant_crypto, DDS::Security::SecurityException &ex)
String to_dds_string(unsigned short to_convert)
KeyOctetSeq master_receiver_specific_key
const char * _interface_repository_id() const
const ACE_CDR::Octet PROTOCOL_RTPS[]
bool decrypt(const KeyMaterial &master, Session &sess, const char *ciphertext, unsigned int n, const CryptoHeader &header, const CryptoFooter &footer, DDS::OctetSeq &out, DDS::Security::SecurityException &ex)
octet CryptoTransformKeyId[4]
sequence< DatawriterCryptoHandle > DatawriterCryptoHandleSeq
virtual bool have_local_participant_crypto_tokens(DDS::Security::ParticipantCryptoHandle local_participant_crypto, DDS::Security::ParticipantCryptoHandle remote_participant_crypto)
virtual bool decode_datareader_submessage(DDS::OctetSeq &plain_rtps_submessage, const DDS::OctetSeq &encoded_rtps_submessage, DDS::Security::DatawriterCryptoHandle receiving_datawriter_crypto, DDS::Security::DatareaderCryptoHandle sending_datareader_crypto, DDS::Security::SecurityException &ex)
struct evp_pkey_st EVP_PKEY
const char * ctk_to_dds_string(const CryptoTransformKind &keyKind)
unsigned long PluginEndpointSecurityAttributesMask
KeyMaterial_AES_GCM_GMAC_Seq KeySeq
virtual DDS::Security::DatareaderCryptoHandle register_matched_remote_datareader(DDS::Security::DatawriterCryptoHandle local_datawriter_crypto_handle, DDS::Security::ParticipantCryptoHandle remote_participant_crypto, DDS::Security::SharedSecretHandle *shared_secret, bool relay_only, DDS::Security::SecurityException &ex)
#define ACE_CDR_BYTE_ORDER
bool operator==(const DisjointSequence::OrderedRanges< T > &a, const DisjointSequence::OrderedRanges< T > &b)
KeyOctetSeq get_key(const KeyMaterial &master, const CryptoHeader &header)
KeyOctetSeq master_sender_key
void serialized_size(const Encoding &encoding, size_t &size, const SequenceNumber &)
CommonMAC_Type common_mac
bool parseSubmessageHeader()
const size_t uint32_cdr_size
char * rd_ptr(void) const
virtual ~CryptoBuiltInImpl()
CryptoTransformKeyId transformation_key_id
const octet CRYPTO_TRANSFORMATION_KIND_AES128_GMAC
virtual bool create_local_participant_crypto_tokens(DDS::Security::ParticipantCryptoTokenSeq &local_participant_crypto_tokens, DDS::Security::ParticipantCryptoHandle local_participant_crypto, DDS::Security::ParticipantCryptoHandle remote_participant_crypto, DDS::Security::SecurityException &ex)
virtual bool have_local_datareader_crypto_tokens(DDS::Security::DatareaderCryptoHandle local_datareader_crypto, DDS::Security::DatawriterCryptoHandle remote_datawriter_crypto)
const ACE_CDR::UShort SMHDR_SZ
PluginEndpointSecurityAttributesMask plugin_endpoint_attributes
virtual DDS::Security::ParticipantCryptoHandle register_local_participant(DDS::Security::IdentityHandle participant_identity, DDS::Security::PermissionsHandle participant_permissions, const DDS::PropertySeq &participant_properties, const DDS::Security::ParticipantSecurityAttributes &participant_security_attributes, DDS::Security::SecurityException &ex)
CryptoTokenSeq ParticipantCryptoTokenSeq
EncryptOptions_t encrypt_options_
bool write_octet_array(const ACE_CDR::Octet *x, ACE_CDR::ULong length)
bool encode_submessage(DDS::OctetSeq &encoded_rtps_submessage, const DDS::OctetSeq &plain_rtps_submessage, DDS::Security::NativeCryptoHandle sender_handle, DDS::Security::SecurityException &ex)
readonly attribute OctetSeq challenge2
std::pair< DDS::Security::NativeCryptoHandle, DDS::Security::NativeCryptoHandle > HandlePair_t
PluginParticipantSecurityAttributesMask plugin_participant_attributes
const unsigned long TransformKindIndex
NativeCryptoHandle DatawriterCryptoHandle
virtual bool have_remote_datareader_crypto_tokens(DDS::Security::DatawriterCryptoHandle local_datawriter_crypto, DDS::Security::DatareaderCryptoHandle remote_datareader_crypto)
virtual bool decode_datawriter_submessage(DDS::OctetSeq &plain_rtps_submessage, const DDS::OctetSeq &encoded_rtps_submessage, DDS::Security::DatareaderCryptoHandle receiving_datareader_crypto, DDS::Security::DatawriterCryptoHandle sending_datawriter_crypto, DDS::Security::SecurityException &ex)
CryptoTokenSeq DatareaderCryptoTokenSeq
bool marshal(TAO_OutputCDR &)
Class to serialize and deserialize data for DDS.
int increment_handle(int &next)
void clear_endpoint_data(DDS::Security::NativeCryptoHandle handle)
const long OPENDDS_EXCEPTION_CODE_NO_KEY
size_t length() const
Number of bytes left to read in message block chain.
virtual bool encode_rtps_message(DDS::OctetSeq &encoded_rtps_message, const DDS::OctetSeq &plain_rtps_message, DDS::Security::ParticipantCryptoHandle sending_participant_crypto, const DDS::Security::ParticipantCryptoHandleSeq &receiving_participant_crypto_list, CORBA::Long &receiving_participant_crypto_list_index, DDS::Security::SecurityException &ex)
bool verify(const KeyMaterial &master, Session &sess, const char *in, unsigned int n, const CryptoHeader &header, const CryptoFooter &footer, DDS::OctetSeq &out, DDS::Security::SecurityException &ex)
unsigned short submessageLength
Christopher Diggins *renamed files *fixing compilation errors *adding Visual C project file *removed make Max Lybbert *removed references to missing and unused header
Endianness endianness() const
long ParticipantCryptoHandle
NativeCryptoHandle DatareaderCryptoHandle
void derive_key(const KeyMaterial &master)
const Encoding common_encoding(Encoding::KIND_XCDR1, ENDIAN_BIG)
unique_ptr< ACE_Message_Block, Message_Block_Deleter > Message_Block_Ptr
virtual bool have_remote_participant_crypto_tokens(DDS::Security::ParticipantCryptoHandle local_participant_crypto, DDS::Security::ParticipantCryptoHandle remote_participant_crypto)
String_Manager_T< CORBA::Char > String_Manager
bool encrypt(const KeyMaterial &master, Session &sess, const DDS::OctetSeq &plain, CryptoHeader &header, CryptoFooter &footer, DDS::OctetSeq &out, DDS::Security::SecurityException &ex)
bool bookkeeping
Generation and Tracking of Crypto Handles and Keys.
virtual bool have_remote_datawriter_crypto_tokens(DDS::Security::DatareaderCryptoHandle local_datareader_crypto, DDS::Security::DatawriterCryptoHandle remote_datawriter_crypto)
virtual DDS::Security::DatawriterCryptoHandle register_local_datawriter(DDS::Security::ParticipantCryptoHandle participant_crypto, const DDS::PropertySeq &datawriter_properties, const DDS::Security::EndpointSecurityAttributes &datawriter_security_attributes, DDS::Security::SecurityException &ex)
virtual bool unregister_datareader(DDS::Security::DatareaderCryptoHandle datareader_crypto_handle, DDS::Security::SecurityException &ex)
DDS::PropertySeq PropertySeq
char * wr_ptr(void) const
sequence< octet > OctetSeq
DerivedKeyIndex_t derived_key_handles_
void encauth_setup(const KeyMaterial &master, Session &sess, const DDS::OctetSeq &plain, CryptoHeader &header)
OpenDDS_Dcps_Export void align(size_t &value, size_t by)
Align "value" by "by" if it's not already.
virtual DDS::Security::DatareaderCryptoHandle register_local_datareader(DDS::Security::ParticipantCryptoHandle participant_crypto, const DDS::PropertySeq &datareader_properties, const DDS::Security::EndpointSecurityAttributes &datareader_security_attributes, DDS::Security::SecurityException &ex)
octet CryptoTransformKind[4]
const octet CRYPTO_TRANSFORMATION_KIND_AES256_GMAC
boolean is_submessage_protected
virtual bool set_remote_participant_crypto_tokens(DDS::Security::ParticipantCryptoHandle local_participant_crypto, DDS::Security::ParticipantCryptoHandle remote_participant_crypto, const DDS::Security::ParticipantCryptoTokenSeq &remote_participant_tokens, DDS::Security::SecurityException &ex)
void swap_bytes(bool do_swap)
CryptoTransformKeyId sender_key_id
OPENDDS_STRING ctki_to_dds_string(const CryptoTransformKeyId &keyId)
virtual bool return_crypto_tokens(const DDS::Security::CryptoTokenSeq &crypto_tokens, DDS::Security::SecurityException &ex)
void push_back(Seq &seq, const typename Seq::value_type &val)
std::vector-style push_back() for CORBA Sequences
virtual bool unregister_datawriter(DDS::Security::DatawriterCryptoHandle datawriter_crypto_handle, DDS::Security::SecurityException &ex)
SecureSubmessageCategory_t
bool decode_submessage(DDS::OctetSeq &plain_rtps_submessage, const DDS::OctetSeq &encoded_rtps_submessage, DDS::Security::NativeCryptoHandle sender_handle, DDS::Security::SecurityException &ex)
IV_SuffixType initialization_vector_suffix
CryptoTransformKind transformation_kind
virtual bool create_local_datareader_crypto_tokens(DDS::Security::DatareaderCryptoTokenSeq &local_datareader_crypto_tokens, DDS::Security::DatareaderCryptoHandle local_datareader_crypto, DDS::Security::DatawriterCryptoHandle remote_datawriter_crypto, DDS::Security::SecurityException &ex)
bool align_w(size_t alignment)
readonly attribute OctetSeq challenge1
const long OPENDDS_EXCEPTION_MINOR_CODE_NO_KEY
void next_id(const KeyMaterial &master)
void clear_common_data(DDS::Security::NativeCryptoHandle handle)
bool skipToNextSubmessage()
sequence< ParticipantCryptoHandle > ParticipantCryptoHandleSeq
virtual bool set_remote_datareader_crypto_tokens(DDS::Security::DatawriterCryptoHandle local_datawriter_crypto, DDS::Security::DatareaderCryptoHandle remote_datareader_crypto, const DDS::Security::DatareaderCryptoTokenSeq &remote_datareader_tokens, DDS::Security::SecurityException &ex)
#define OPENDDS_END_VERSIONED_NAMESPACE_DECL
std::multimap< DDS::Security::ParticipantCryptoHandle, EntityInfo > participant_to_entity_
std::pair< DDS::Security::NativeCryptoHandle, unsigned int > KeyId_t
bool showkeys
Print the Key when Generating it or Using It.
virtual bool encode_serialized_payload(DDS::OctetSeq &encoded_buffer, DDS::OctetSeq &extra_inline_qos, const DDS::OctetSeq &plain_buffer, DDS::Security::DatawriterCryptoHandle sending_datawriter_crypto, DDS::Security::SecurityException &ex)
readonly attribute OctetSeq sharedSecret
const char * current() const
boolean is_rtps_protected
boolean is_payload_protected
const GuidVendorId_t VENDORID_OCI
Vendor Id value specified for OCI is used for OpenDDS.
bool set_security_error(DDS::Security::SecurityException &ex, int code, int minor_code, const char *message)
sequence< CryptoToken > CryptoTokenSeq
sequence< KeyMaterial_AES_GCM_GMAC > KeyMaterial_AES_GCM_GMAC_Seq
virtual bool unregister_participant(DDS::Security::ParticipantCryptoHandle participant_crypto_handle, DDS::Security::SecurityException &ex)
#define EVP_CTRL_AEAD_GET_TAG
const ParticipantSecurityAttributesMask PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_RTPS_ENCRYPTED
DCPS::Serializer & serializer()
The Internal API and Implementation of OpenDDS.
CryptoTokenSeq DatawriterCryptoTokenSeq
CryptoTransformIdentifier transform_identifier
bool fake_encryption
Disable all encryption for security, even the required builtin encryption.
OpenDDS_Dcps_Export SecurityDebug security_debug
CryptoTransformKind transformation_kind
DDS::Security::NativeCryptoHandle generate_handle_i()
const size_t SM_ALIGN
Alignment of RTPS Submessage.
void create_key(const KeyMaterial &master)
virtual DDS::Security::ParticipantCryptoHandle register_matched_remote_participant(DDS::Security::ParticipantCryptoHandle local_participant_crypto_handle, DDS::Security::IdentityHandle remote_participant_identity, DDS::Security::PermissionsHandle remote_participant_permissions, DDS::Security::SharedSecretHandle *shared_secret, DDS::Security::SecurityException &ex)
DDS::Security::NativeCryptoHandle generate_handle()
