OpenDDS  Snapshot(2023/04/28-20:55)
CryptoBuiltInImpl.h
Go to the documentation of this file.
1 /*
2  * Distributed under the OpenDDS License.
3  * See: http://www.opendds.org/license.html
4  */
5 
6 #ifndef OPENDDS_DCPS_SECURITY_CRYPTOBUILTINIMPL_H
7 #define OPENDDS_DCPS_SECURITY_CRYPTOBUILTINIMPL_H
8 
10 #include "CryptoBuiltInC.h"
11 
12 #include <dds/DdsSecurityCoreC.h>
14 
15 #include <tao/LocalObject.h>
16 
17 #include <ace/Thread_Mutex.h>
18 
19 #include <map>
20 
21 #if !defined (ACE_LACKS_PRAGMA_ONCE)
22 #pragma once
23 #endif /* ACE_LACKS_PRAGMA_ONCE */
24 
25 class DDS_TEST;
26 
28 
29 namespace OpenDDS {
30 namespace Security {
31 
33  : public virtual DDS::Security::CryptoKeyFactory
34  , public virtual DDS::Security::CryptoKeyExchange
35  , public virtual DDS::Security::CryptoTransform
36  , public virtual CORBA::LocalObject
37 {
38 public:
40  virtual ~CryptoBuiltInImpl();
41 
42 
43 private:
44  // Local Object
45 
46  bool _is_a(const char*);
47  const char* _interface_repository_id() const;
48  bool marshal(TAO_OutputCDR&);
49 
50 
51  // Key Factory
52 
53  virtual DDS::Security::ParticipantCryptoHandle register_local_participant(
54  DDS::Security::IdentityHandle participant_identity,
55  DDS::Security::PermissionsHandle participant_permissions,
56  const DDS::PropertySeq& participant_properties,
57  const DDS::Security::ParticipantSecurityAttributes& participant_security_attributes,
59 
60  virtual DDS::Security::ParticipantCryptoHandle register_matched_remote_participant(
61  DDS::Security::ParticipantCryptoHandle local_participant_crypto_handle,
62  DDS::Security::IdentityHandle remote_participant_identity,
63  DDS::Security::PermissionsHandle remote_participant_permissions,
64  DDS::Security::SharedSecretHandle* shared_secret,
66 
67  virtual DDS::Security::DatawriterCryptoHandle register_local_datawriter(
68  DDS::Security::ParticipantCryptoHandle participant_crypto,
69  const DDS::PropertySeq& datawriter_properties,
70  const DDS::Security::EndpointSecurityAttributes& datawriter_security_attributes,
72 
73  virtual DDS::Security::DatareaderCryptoHandle register_matched_remote_datareader(
74  DDS::Security::DatawriterCryptoHandle local_datawriter_crypto_handle,
75  DDS::Security::ParticipantCryptoHandle remote_participant_crypto,
76  DDS::Security::SharedSecretHandle* shared_secret,
77  bool relay_only,
79 
80  virtual DDS::Security::DatareaderCryptoHandle register_local_datareader(
81  DDS::Security::ParticipantCryptoHandle participant_crypto,
82  const DDS::PropertySeq& datareader_properties,
83  const DDS::Security::EndpointSecurityAttributes& datareader_security_attributes,
85 
86  virtual DDS::Security::DatawriterCryptoHandle register_matched_remote_datawriter(
87  DDS::Security::DatareaderCryptoHandle local_datareader_crypto_handle,
88  DDS::Security::ParticipantCryptoHandle remote_participant_crypt,
89  DDS::Security::SharedSecretHandle* shared_secret,
91 
92  virtual bool unregister_participant(
93  DDS::Security::ParticipantCryptoHandle participant_crypto_handle,
95 
96  virtual bool unregister_datawriter(
97  DDS::Security::DatawriterCryptoHandle datawriter_crypto_handle,
99 
100  virtual bool unregister_datareader(
101  DDS::Security::DatareaderCryptoHandle datareader_crypto_handle,
103 
104 
105  // Key Exchange
106 
107  virtual bool create_local_participant_crypto_tokens(
108  DDS::Security::ParticipantCryptoTokenSeq& local_participant_crypto_tokens,
109  DDS::Security::ParticipantCryptoHandle local_participant_crypto,
110  DDS::Security::ParticipantCryptoHandle remote_participant_crypto,
112 
113  virtual bool have_local_participant_crypto_tokens(
114  DDS::Security::ParticipantCryptoHandle local_participant_crypto,
115  DDS::Security::ParticipantCryptoHandle remote_participant_crypto);
116 
117  virtual bool set_remote_participant_crypto_tokens(
118  DDS::Security::ParticipantCryptoHandle local_participant_crypto,
119  DDS::Security::ParticipantCryptoHandle remote_participant_crypto,
120  const DDS::Security::ParticipantCryptoTokenSeq& remote_participant_tokens,
122 
123  virtual bool have_remote_participant_crypto_tokens(
124  DDS::Security::ParticipantCryptoHandle local_participant_crypto,
125  DDS::Security::ParticipantCryptoHandle remote_participant_crypto);
126 
127  virtual bool create_local_datawriter_crypto_tokens(
128  DDS::Security::DatawriterCryptoTokenSeq& local_datawriter_crypto_tokens,
129  DDS::Security::DatawriterCryptoHandle local_datawriter_crypto,
130  DDS::Security::DatareaderCryptoHandle remote_datareader_crypto,
132 
133  virtual bool have_local_datawriter_crypto_tokens(
134  DDS::Security::DatawriterCryptoHandle local_datawriter_crypto,
135  DDS::Security::DatareaderCryptoHandle remote_datareader_crypto);
136 
137  virtual bool set_remote_datawriter_crypto_tokens(
138  DDS::Security::DatareaderCryptoHandle local_datareader_crypto,
139  DDS::Security::DatawriterCryptoHandle remote_datawriter_crypto,
140  const DDS::Security::DatawriterCryptoTokenSeq& remote_datawriter_tokens,
142 
143  virtual bool have_remote_datawriter_crypto_tokens(
144  DDS::Security::DatareaderCryptoHandle local_datareader_crypto,
145  DDS::Security::DatawriterCryptoHandle remote_datawriter_crypto);
146 
147  virtual bool create_local_datareader_crypto_tokens(
148  DDS::Security::DatareaderCryptoTokenSeq& local_datareader_crypto_tokens,
149  DDS::Security::DatareaderCryptoHandle local_datareader_crypto,
150  DDS::Security::DatawriterCryptoHandle remote_datawriter_crypto,
152 
153  virtual bool have_local_datareader_crypto_tokens(
154  DDS::Security::DatareaderCryptoHandle local_datareader_crypto,
155  DDS::Security::DatawriterCryptoHandle remote_datawriter_crypto);
156 
157  virtual bool set_remote_datareader_crypto_tokens(
158  DDS::Security::DatawriterCryptoHandle local_datawriter_crypto,
159  DDS::Security::DatareaderCryptoHandle remote_datareader_crypto,
160  const DDS::Security::DatareaderCryptoTokenSeq& remote_datareader_tokens,
162 
163  virtual bool have_remote_datareader_crypto_tokens(
164  DDS::Security::DatawriterCryptoHandle local_datawriter_crypto,
165  DDS::Security::DatareaderCryptoHandle remote_datareader_crypto);
166 
167  virtual bool return_crypto_tokens(
168  const DDS::Security::CryptoTokenSeq& crypto_tokens,
170 
171 
172  // Transform
173 
174  virtual bool encode_serialized_payload(
175  DDS::OctetSeq& encoded_buffer,
176  DDS::OctetSeq& extra_inline_qos,
177  const DDS::OctetSeq& plain_buffer,
178  DDS::Security::DatawriterCryptoHandle sending_datawriter_crypto,
180 
181  virtual bool encode_datawriter_submessage(
182  DDS::OctetSeq& encoded_rtps_submessage,
183  const DDS::OctetSeq& plain_rtps_submessage,
184  DDS::Security::DatawriterCryptoHandle sending_datawriter_crypto,
185  const DDS::Security::DatareaderCryptoHandleSeq& receiving_datareader_crypto_list,
186  CORBA::Long& receiving_datareader_crypto_list_index,
188 
189  virtual bool encode_datareader_submessage(
190  DDS::OctetSeq& encoded_rtps_submessage,
191  const DDS::OctetSeq& plain_rtps_submessage,
192  DDS::Security::DatareaderCryptoHandle sending_datareader_crypto,
193  const DDS::Security::DatawriterCryptoHandleSeq& receiving_datawriter_crypto_list,
195 
196  virtual bool encode_rtps_message(
197  DDS::OctetSeq& encoded_rtps_message,
198  const DDS::OctetSeq& plain_rtps_message,
199  DDS::Security::ParticipantCryptoHandle sending_participant_crypto,
200  const DDS::Security::ParticipantCryptoHandleSeq& receiving_participant_crypto_list,
201  CORBA::Long& receiving_participant_crypto_list_index,
203 
204  virtual bool decode_rtps_message(
205  DDS::OctetSeq& plain_buffer,
206  const DDS::OctetSeq& encoded_buffer,
207  DDS::Security::ParticipantCryptoHandle receiving_participant_crypto,
208  DDS::Security::ParticipantCryptoHandle sending_participant_crypto,
210 
211  virtual bool preprocess_secure_submsg(
212  DDS::Security::DatawriterCryptoHandle& datawriter_crypto,
213  DDS::Security::DatareaderCryptoHandle& datareader_crypto,
214  DDS::Security::SecureSubmessageCategory_t& secure_submessage_category,
215  const DDS::OctetSeq& encoded_rtps_submessage,
216  DDS::Security::ParticipantCryptoHandle receiving_participant_crypto,
217  DDS::Security::ParticipantCryptoHandle sending_participant_crypto,
219 
220  virtual bool decode_datawriter_submessage(
221  DDS::OctetSeq& plain_rtps_submessage,
222  const DDS::OctetSeq& encoded_rtps_submessage,
223  DDS::Security::DatareaderCryptoHandle receiving_datareader_crypto,
224  DDS::Security::DatawriterCryptoHandle sending_datawriter_crypto,
226 
227  virtual bool decode_datareader_submessage(
228  DDS::OctetSeq& plain_rtps_submessage,
229  const DDS::OctetSeq& encoded_rtps_submessage,
230  DDS::Security::DatawriterCryptoHandle receiving_datawriter_crypto,
231  DDS::Security::DatareaderCryptoHandle sending_datareader_crypto,
233 
234  virtual bool decode_serialized_payload(
235  DDS::OctetSeq& plain_buffer,
236  const DDS::OctetSeq& encoded_buffer,
237  const DDS::OctetSeq& inline_qos,
238  DDS::Security::DatareaderCryptoHandle receiving_datareader_crypto,
239  DDS::Security::DatawriterCryptoHandle sending_datawriter_crypto,
241 
243  CryptoBuiltInImpl& operator=(const CryptoBuiltInImpl&);
244 
245  DDS::Security::NativeCryptoHandle generate_handle();
246  DDS::Security::NativeCryptoHandle generate_handle_i();
247 
250 
253  typedef std::map<DDS::Security::NativeCryptoHandle, KeySeq> KeyTable_t;
254  KeyTable_t keys_;
255 
256  /// Use CryptoHandles to Determine What Should Be Encrypted and Decrypted
257  ///@{
258  struct EncryptOpts {
259  bool submessage_, payload_;
260  EncryptOpts() : submessage_(false), payload_(false) {}
262  : submessage_(attribs.is_submessage_protected)
263  , payload_(attribs.is_payload_protected)
264  {}
265  };
266  typedef std::map<DDS::Security::NativeCryptoHandle, EncryptOpts> EncryptOptions_t;
267  EncryptOptions_t encrypt_options_;
268  ///@}
269 
270  struct EntityInfo {
275  : category_(c), handle_(h) {}
276  };
279 
280  typedef std::pair<DDS::Security::NativeCryptoHandle, DDS::Security::NativeCryptoHandle> HandlePair_t;
281  typedef std::map<HandlePair_t, DDS::Security::NativeCryptoHandle> DerivedKeyIndex_t;
282  DerivedKeyIndex_t derived_key_handles_;
283 
284  struct Session {
289 
290  KeyOctetSeq get_key(const KeyMaterial& master, const CryptoHeader& header);
291  void create_key(const KeyMaterial& master);
292  void derive_key(const KeyMaterial& master);
293  void next_id(const KeyMaterial& master);
294  void inc_iv();
295  };
296  typedef std::pair<DDS::Security::NativeCryptoHandle, unsigned int> KeyId_t;
297  typedef std::map<KeyId_t, Session> SessionTable_t;
298  SessionTable_t sessions_;
299 
300  void clear_endpoint_data(DDS::Security::NativeCryptoHandle handle);
301  void clear_common_data(DDS::Security::NativeCryptoHandle handle);
302 
303  bool encode_submessage(DDS::OctetSeq& encoded_rtps_submessage,
304  const DDS::OctetSeq& plain_rtps_submessage,
305  DDS::Security::NativeCryptoHandle sender_handle,
307 
308  bool encrypt(const KeyMaterial& master, Session& sess,
309  const DDS::OctetSeq& plain,
310  CryptoHeader& header, CryptoFooter& footer,
312 
313  bool authtag(const KeyMaterial& master, Session& sess,
314  const DDS::OctetSeq& plain,
315  CryptoHeader& header, CryptoFooter& footer,
317 
318  void encauth_setup(const KeyMaterial& master, Session& sess,
319  const DDS::OctetSeq& plain, CryptoHeader& header);
320 
321  bool decode_submessage(DDS::OctetSeq& plain_rtps_submessage,
322  const DDS::OctetSeq& encoded_rtps_submessage,
323  DDS::Security::NativeCryptoHandle sender_handle,
325 
326  bool decrypt(const KeyMaterial& master, Session& sess, const char* ciphertext,
327  unsigned int n, const CryptoHeader& header,
328  const CryptoFooter& footer, DDS::OctetSeq& out,
330 
331  bool verify(const KeyMaterial& master, Session& sess, const char* in,
332  unsigned int n, const CryptoHeader& header,
333  const CryptoFooter& footer, DDS::OctetSeq& out,
335 };
336 
337 } // Security
338 } // OpenDDS
339 
341 
342 #endif
KeyMaterial_AES_GCM_GMAC KeyMaterial
ACE_CDR::Long Long
sequence< octet, 32 > KeyOctetSeq
std::map< DDS::Security::NativeCryptoHandle, EncryptOpts > EncryptOptions_t
sequence< DatareaderCryptoHandle > DatareaderCryptoHandleSeq
sequence< DatawriterCryptoHandle > DatawriterCryptoHandleSeq
KeyMaterial_AES_GCM_GMAC_Seq KeySeq
EntityInfo(DDS::Security::SecureSubmessageCategory_t c, DDS::Security::NativeCryptoHandle h)
CryptoTokenSeq ParticipantCryptoTokenSeq
std::pair< DDS::Security::NativeCryptoHandle, DDS::Security::NativeCryptoHandle > HandlePair_t
NativeCryptoHandle DatawriterCryptoHandle
CryptoTokenSeq DatareaderCryptoTokenSeq
EncryptOpts(const DDS::Security::EndpointSecurityAttributes &attribs)
Christopher Diggins *renamed files *fixing compilation errors *adding Visual C project file *removed make Max Lybbert *removed references to missing and unused header
Definition: CHANGELOG.txt:8
NativeCryptoHandle DatareaderCryptoHandle
std::map< DDS::Security::NativeCryptoHandle, KeySeq > KeyTable_t
DDS::PropertySeq PropertySeq
Definition: RtpsCore.idl:49
sequence< octet > OctetSeq
Definition: DdsDcpsCore.idl:64
unsigned long long ACE_UINT64
#define OpenDDS_Security_Export
TAO_AnyTypeCode_Export bool marshal(TAO_OutputCDR &cdr, CORBA::TypeCode_ptr tc, CORBA::ULong offset)
DDS::Security::SecureSubmessageCategory_t category_
sequence< ParticipantCryptoHandle > ParticipantCryptoHandleSeq
#define OPENDDS_END_VERSIONED_NAMESPACE_DECL
std::multimap< DDS::Security::ParticipantCryptoHandle, EntityInfo > participant_to_entity_
std::pair< DDS::Security::NativeCryptoHandle, unsigned int > KeyId_t
std::map< HandlePair_t, DDS::Security::NativeCryptoHandle > DerivedKeyIndex_t
sequence< CryptoToken > CryptoTokenSeq
sequence< KeyMaterial_AES_GCM_GMAC > KeyMaterial_AES_GCM_GMAC_Seq
The Internal API and Implementation of OpenDDS.
Definition: AddressCache.h:28
CryptoTokenSeq DatawriterCryptoTokenSeq
std::map< KeyId_t, Session > SessionTable_t