Classes
class	Bio

struct	cache_dsign_algo_impl

class	Certificate

struct	deserialize_impl

class	DH_2048_MODP_256_PRIME

class	dh_constructor

struct	DH_Handle

class	dh_shared_secret

class	DHAlgorithm

class	DiffieHellman

struct	EC_Handle

class	ecdh_constructor

class	ECDH_PRIME_256_V1_CEUM

class	ecdh_pubkey_as_octets

class	ecdh_shared_secret_from_octets

class	hash_serialized_impl

class	PKCS7Doc

class	PrivateKey

class	sign_implementation

class	SignedDocument

class	StackOfX509

class	SubjectName

class	verify_implementation

class	X509Store

Functions
std::ostream &	operator<< (std::ostream &lhs, const Certificate &rhs)

bool	operator== (const Certificate &lhs, const Certificate &rhs)

bool	operator== (const PrivateKey &lhs, const PrivateKey &rhs)

int	make_adjusted_guid (const OpenDDS::DCPS::GUID_t &src, OpenDDS::DCPS::GUID_t &dst, const Certificate &target)

template<size_t Bits>
int	make_nonce (std::vector< unsigned char > &nonce)

int	make_nonce_256 (std::vector< unsigned char > &nonce)

int	make_nonce_256 (DDS::OctetSeq &nonce)

unsigned char	offset_1bit (const unsigned char array[], size_t i)
	Gets byte from array as though it were shifted right one bit. More...

int	hash (const std::vector< const DDS::OctetSeq *> &src, DDS::OctetSeq &dst)

int	hash_serialized (const DDS::BinaryPropertySeq &src, DDS::OctetSeq &dst)

int	sign_serialized (const DDS::BinaryPropertySeq &src, const PrivateKey &key, DDS::OctetSeq &dst)

int	verify_serialized (const DDS::BinaryPropertySeq &src, const Certificate &key, const DDS::OctetSeq &signed_data)

Variables
const char	DH_2048_MODP_256_PRIME_STR [] = "DH+MODP-2048-256"

const char	ECDH_PRIME_256_V1_CEUM_STR [] = "ECDH+prime256v1-CEUM"

Function Documentation

◆ hash()

OpenDDS_Security_Export int OpenDDS::Security::SSL::hash	(	const std::vector< const DDS::OctetSeq * > &	src,
		DDS::OctetSeq &	dst
	)

Returns: int 0 on success; 1 on failure.

Definition at line 132 of file security/SSL/Utils.cpp.

References EVP_MD_CTX_free, EVP_MD_CTX_new, and OPENDDS_SSL_LOG_ERR.

Referenced by OpenDDS::DCPS::AddressCacheEntryProxy::addrs(), OpenDDS::Security::AuthenticationBuiltInImpl::begin_handshake_reply(), OpenDDS::Security::AuthenticationBuiltInImpl::begin_handshake_request(), OPENDDS_BEGIN_VERSIONED_NAMESPACE_DECL::hash_endpoint(), OPENDDS_BEGIN_VERSIONED_NAMESPACE_DECL::hash_endpoints(), hash_serialized(), OpenDDS::Security::SSL::DHAlgorithm::hash_shared_secret(), make_adjusted_guid(), OpenDDS::DCPS::NetworkAddress::operator<(), and OpenDDS::Security::AuthenticationBuiltInImpl::process_handshake_reply().

 {
   EVP_MD_CTX* hash_ctx = EVP_MD_CTX_new();
   if (!hash_ctx) {
     OPENDDS_SSL_LOG_ERR("EVP_MD_CTX_new failed");
     return 1;
   }
 
   EVP_DigestInit_ex(hash_ctx, EVP_sha256(), 0);
 
   unsigned char hash[EVP_MAX_MD_SIZE] = { 0 };
   unsigned int len = 0u;
 
   std::vector<const DDS::OctetSeq*>::const_iterator i, n = src.end();
   for (i = src.begin(); i != n; ++i) {
     EVP_DigestUpdate(hash_ctx, (*i)->get_buffer(), (*i)->length());
   }
 
   EVP_DigestFinal_ex(hash_ctx, hash, &len);
 
   dst.length(len);
   std::memcpy(dst.get_buffer(), hash, len);
 
   EVP_MD_CTX_free(hash_ctx);
 
   return 0;
 }

◆ hash_serialized()

OpenDDS_Security_Export int OpenDDS::Security::SSL::hash_serialized	(	const DDS::BinaryPropertySeq &	src,
		DDS::OctetSeq &	dst
	)

Returns: int 0 on success; 1 on failure.

Definition at line 214 of file security/SSL/Utils.cpp.

References hash().

Referenced by OpenDDS::Security::CredentialHash::operator()().

 {
   hash_serialized_impl hash;
   return hash(src, dst);
 }

◆ make_adjusted_guid()

OpenDDS_Security_Export int OpenDDS::Security::SSL::make_adjusted_guid	(	const OpenDDS::DCPS::GUID_t &	src,
		OpenDDS::DCPS::GUID_t &	dst,
		const Certificate &	target
	)

Definition at line 41 of file security/SSL/Utils.cpp.

References OpenDDS::DCPS::GUID_t::entityId, EVP_MD_CTX_free, EVP_MD_CTX_new, OpenDDS::DCPS::GUID_UNKNOWN, hash(), offset_1bit(), and OpenDDS::Security::SSL::Certificate::subject_name_digest().

Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::validate_local_identity().

 {
   dst = OpenDDS::DCPS::GUID_UNKNOWN;
   dst.entityId = src.entityId;
 
   std::vector<unsigned char> hash;
   int result = target.subject_name_digest(hash);
 
   if (result == 0 && hash.size() >= 6) {
     unsigned char* bytes = reinterpret_cast<unsigned char*>(&dst);
 
     for (size_t i = 0; i < 6; ++i) {  // First 6 bytes of guid prefix
       bytes[i] = offset_1bit(&hash[0], i);
     }
 
     bytes[0] |= 0x80;
 
     // Last 6 bytes of guid prefix = hash of src guid (candidate guid)
 
     unsigned char hash2[EVP_MAX_MD_SIZE] = {0};
     unsigned int len = 0u;
 
     EVP_MD_CTX* hash_ctx = EVP_MD_CTX_new();
     if (hash_ctx) {
       EVP_DigestInit_ex(hash_ctx, EVP_sha256(), 0);
       EVP_DigestUpdate(hash_ctx, &src, sizeof(OpenDDS::DCPS::GUID_t));
       EVP_DigestFinal_ex(hash_ctx, hash2, &len);
       if (len > 5) {
         std::memcpy(bytes + 6, hash2, 6);
       } else {
         result = 1;
       }
 
       EVP_MD_CTX_free(hash_ctx);
     }
   }
 
   return result;
 }

◆ make_nonce()

template<size_t Bits>

int OpenDDS::Security::SSL::make_nonce ( std::vector< unsigned char > & nonce )

Definition at line 84 of file security/SSL/Utils.cpp.

References ACE_ERROR, ACE_TEXT(), and LM_ERROR.

 {
   nonce.clear();
 
   unsigned char tmp[Bits / 8] = { 0 };
 
   if (RAND_bytes(tmp, sizeof tmp) == 1) {
     nonce.insert(nonce.begin(), tmp, tmp + sizeof tmp);
 
     return 0;
 
   } else {
     unsigned long err = ERR_get_error();
     char msg[256] = { 0 };
     ERR_error_string_n(err, msg, sizeof(msg));
 
     ACE_ERROR((LM_ERROR,
                ACE_TEXT("(%P|%t) SSL::make_nonce: ERROR '%C' returned by RAND_bytes(...)\n"),
                msg));
   }
 
   return 1;
 }

◆ make_nonce_256() [1/2]

OpenDDS_Security_Export int OpenDDS::Security::SSL::make_nonce_256 ( std::vector< unsigned char > & nonce )

Returns: int 0 on success; 1 on failure.

Definition at line 108 of file security/SSL/Utils.cpp.

Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::begin_handshake_reply(), OpenDDS::Security::AuthenticationBuiltInImpl::begin_handshake_request(), and OpenDDS::Security::AuthenticationBuiltInImpl::validate_remote_identity().

 {
   return make_nonce<256>(nonce);
 }

◆ make_nonce_256() [2/2]

OpenDDS_Security_Export int OpenDDS::Security::SSL::make_nonce_256 ( DDS::OctetSeq & nonce )

Returns: int 0 on success; 1 on failure.

Definition at line 113 of file security/SSL/Utils.cpp.

 {
   /* A bit slower but the impl. for vectors is already complete */
   std::vector<unsigned char> tmp;
   int err = make_nonce<256>(tmp);
   if (!err) {
     nonce.length(static_cast<unsigned int>(tmp.size()));
     for (size_t i = 0; i < tmp.size(); ++i) {
       nonce[static_cast<unsigned int>(i)] = tmp[i];
     }
   }
   return err;
 }

◆ offset_1bit()

OpenDDS_Security_Export unsigned char OpenDDS::Security::SSL::offset_1bit	(	const unsigned char	array[],
		size_t	i
	)

Gets byte from array as though it were shifted right one bit.

Definition at line 127 of file security/SSL/Utils.cpp.

Referenced by make_adjusted_guid(), and OpenDDS::Security::validate_topic_data_guid().

 {
   return (array[i] >> 1) | (i == 0 ? 0 : ((array[i - 1] & 1) ? 0x80 : 0));
 }

◆ operator<<()

OpenDDS_Security_Export std::ostream & OpenDDS::Security::SSL::operator<<	(	std::ostream &	lhs,
		const Certificate &	rhs
	)

Definition at line 644 of file Certificate.cpp.

References OpenDDS::Security::SSL::Certificate::x_.

 {
   if (rhs.x_) {
     lhs << "Certificate: { is_ca? '"
         << (X509_check_ca(rhs.x_) ? "yes" : "no") << "'; }";
 
   } else {
     lhs << "NULL";
   }
   return lhs;
 }

◆ operator==() [1/2]

OpenDDS_Security_Export bool OpenDDS::Security::SSL::operator==	(	const PrivateKey &	lhs,
		const PrivateKey &	rhs
	)

Definition at line 231 of file PrivateKey.cpp.

References OpenDDS::Security::SSL::PrivateKey::k_, and OPENDDS_END_VERSIONED_NAMESPACE_DECL.

 {
   if (lhs.k_ && rhs.k_) {
 #ifdef OPENSSL_V_3_0
     return 1 == EVP_PKEY_eq(lhs.k_, rhs.k_);
 #else
     return 1 == EVP_PKEY_cmp(lhs.k_, rhs.k_);
 #endif
   }
   return lhs.k_ == rhs.k_;
 }

◆ operator==() [2/2]

OpenDDS_Security_Export bool OpenDDS::Security::SSL::operator==	(	const Certificate &	lhs,
		const Certificate &	rhs
	)

Definition at line 656 of file Certificate.cpp.

References OPENDDS_END_VERSIONED_NAMESPACE_DECL, OpenDDS::Security::SSL::Certificate::original_bytes_, and OpenDDS::Security::SSL::Certificate::x_.

Referenced by OpenDDS::Security::SSL::SignedDocument::filename().

 {
   if (lhs.x_ && rhs.x_) {
     return (0 == X509_cmp(lhs.x_, rhs.x_)) &&
       (lhs.original_bytes_ == rhs.original_bytes_);
   }
   return (lhs.x_ == rhs.x_) &&
     (lhs.original_bytes_ == rhs.original_bytes_);
 }

◆ sign_serialized()

OpenDDS_Security_Export int OpenDDS::Security::SSL::sign_serialized	(	const DDS::BinaryPropertySeq &	src,
		const PrivateKey &	key,
		DDS::OctetSeq &	dst
	)

Returns: int 0 on success; 1 on failure.

Definition at line 220 of file security/SSL/Utils.cpp.

References ACE_ERROR, ACE_TEXT(), OpenDDS::STUN::encoding(), LM_ERROR, OpenDDS::DCPS::serialized_size(), and OpenDDS::Security::SSL::PrivateKey::sign().

Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::begin_handshake_reply(), and OpenDDS::Security::AuthenticationBuiltInImpl::process_handshake_reply().

 {
   const Encoding encoding = get_common_encoding();
   size_t size = 0;
   serialized_size(encoding, size, src);
 
   DDS::OctetSeq tmp;
   tmp.length(static_cast<unsigned int>(size));
   ACE_Message_Block buffer(reinterpret_cast<const char*>(tmp.get_buffer()),
                            tmp.length());
   Serializer serializer(&buffer, encoding);
   if (!(serializer << src)) {
     ACE_ERROR((LM_ERROR,
                ACE_TEXT("(%P|%t) SSL::sign_serialized: ERROR, failed to serialize "
                         "binary-property-sequence\n")));
 
     return 1;
   }
 
   std::vector<const DDS::OctetSeq*> sign_these;
   sign_these.push_back(&tmp);
 
   return key.sign(sign_these, dst);
 }

◆ verify_serialized()

OpenDDS_Security_Export int OpenDDS::Security::SSL::verify_serialized	(	const DDS::BinaryPropertySeq &	src,
		const Certificate &	key,
		const DDS::OctetSeq &	signed_data
	)

Returns: int 0 on success; 1 on failure.

Definition at line 246 of file security/SSL/Utils.cpp.

References ACE_ERROR, ACE_TEXT(), OpenDDS::STUN::encoding(), LM_ERROR, OPENDDS_END_VERSIONED_NAMESPACE_DECL, OpenDDS::DCPS::serialized_size(), and OpenDDS::Security::SSL::Certificate::verify_signature().

Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::process_final_handshake(), and OpenDDS::Security::AuthenticationBuiltInImpl::process_handshake_reply().

 {
   const Encoding encoding = get_common_encoding();
   size_t size = 0;
   serialized_size(encoding, size, src);
 
   DDS::OctetSeq tmp;
   tmp.length(static_cast<unsigned int>(size));
   ACE_Message_Block buffer(reinterpret_cast<const char*>(tmp.get_buffer()),
                            tmp.length());
   Serializer serializer(&buffer, encoding);
   if (!(serializer << src)) {
     ACE_ERROR((LM_ERROR,
                ACE_TEXT("(%P|%t) SSL::verify_serialized: ERROR, failed to serialize binary-property-sequence\n")));
 
     return 1;
   }
 
   std::vector<const DDS::OctetSeq*> verify_these;
   verify_these.push_back(&tmp);
 
   return key.verify_signature(signed_data, verify_these);
 }

Variable Documentation

◆ DH_2048_MODP_256_PRIME_STR

const char OpenDDS::Security::SSL::DH_2048_MODP_256_PRIME_STR[] = "DH+MODP-2048-256"

Definition at line 22 of file DiffieHellman.h.

Referenced by OpenDDS::Security::SSL::DiffieHellman::factory(), and OpenDDS::Security::SSL::DH_2048_MODP_256_PRIME::kagree_algo().

◆ ECDH_PRIME_256_V1_CEUM_STR

const char OpenDDS::Security::SSL::ECDH_PRIME_256_V1_CEUM_STR[] = "ECDH+prime256v1-CEUM"

Definition at line 23 of file DiffieHellman.h.

Referenced by OpenDDS::Security::SSL::DiffieHellman::factory(), and OpenDDS::Security::SSL::ECDH_PRIME_256_V1_CEUM::kagree_algo().

Classes

Functions

Variables