#include <CryptoBuiltInImpl.h>
Definition at line 32 of file CryptoBuiltInImpl.h.
typedef std::pair<DDS::Security::NativeCryptoHandle, unsigned int> OpenDDS::Security::CryptoBuiltInImpl::KeyId_t [private] |
Definition at line 264 of file CryptoBuiltInImpl.h.
typedef KeyMaterial_AES_GCM_GMAC OpenDDS::Security::CryptoBuiltInImpl::KeyMaterial [private] |
Definition at line 226 of file CryptoBuiltInImpl.h.
typedef KeyMaterial_AES_GCM_GMAC_Seq OpenDDS::Security::CryptoBuiltInImpl::KeySeq [private] |
Definition at line 227 of file CryptoBuiltInImpl.h.
typedef std::map<DDS::Security::NativeCryptoHandle, KeySeq> OpenDDS::Security::CryptoBuiltInImpl::KeyTable_t [private] |
Definition at line 228 of file CryptoBuiltInImpl.h.
typedef std::map<KeyId_t, Session> OpenDDS::Security::CryptoBuiltInImpl::SessionTable_t [private] |
Definition at line 265 of file CryptoBuiltInImpl.h.
typedef std::map<DDS::Security::DatawriterCryptoHandle, WriterOpts> OpenDDS::Security::CryptoBuiltInImpl::Writers_t [private] |
Definition at line 239 of file CryptoBuiltInImpl.h.
| OpenDDS::Security::CryptoBuiltInImpl::CryptoBuiltInImpl | ( | ) |
Definition at line 40 of file CryptoBuiltInImpl.cpp.
References openssl_init().
00041 : mutex_() 00042 , next_handle_(1) 00043 { 00044 openssl_init(); 00045 }
| OpenDDS::Security::CryptoBuiltInImpl::~CryptoBuiltInImpl | ( | ) | [virtual] |
Definition at line 47 of file CryptoBuiltInImpl.cpp.
References openssl_cleanup().
00048 { 00049 openssl_cleanup(); 00050 }
| OpenDDS::Security::CryptoBuiltInImpl::CryptoBuiltInImpl | ( | const CryptoBuiltInImpl & | ) | [private] |
| const char * OpenDDS::Security::CryptoBuiltInImpl::_interface_repository_id | ( | void | ) | const [private, virtual] |
Reimplemented from CORBA::Object.
Definition at line 59 of file CryptoBuiltInImpl.cpp.
| bool OpenDDS::Security::CryptoBuiltInImpl::_is_a | ( | const char * | id | ) | [private, virtual] |
Reimplemented from CORBA::Object.
Definition at line 52 of file CryptoBuiltInImpl.cpp.
00053 { 00054 return CryptoKeyFactory::_is_a(id) 00055 || CryptoKeyExchange::_is_a(id) 00056 || CryptoTransform::_is_a(id); 00057 }
| bool OpenDDS::Security::CryptoBuiltInImpl::authtag | ( | const KeyMaterial & | master, | |
| Session & | sess, | |||
| const DDS::OctetSeq & | plain, | |||
| CryptoHeader & | header, | |||
| CryptoFooter & | footer, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private] |
Definition at line 948 of file CryptoBuiltInImpl.cpp.
References OpenDDS::Security::CryptoFooter::common_mac, encauth_setup(), EVP_CTRL_AEAD_GET_TAG, OpenDDS::Security::CryptoBuiltInImpl::Session::id_, OpenDDS::Security::CryptoBuiltInImpl::Session::iv_suffix_, OpenDDS::Security::CryptoBuiltInImpl::Session::key_, and OpenDDS::Security::CommonUtilities::set_security_error().
00953 { 00954 encauth_setup(master, sess, plain, header); 00955 static const int IV_LEN = 12, IV_SUFFIX_IDX = 4; 00956 unsigned char iv[IV_LEN]; 00957 std::memcpy(iv, &sess.id_, sizeof sess.id_); 00958 std::memcpy(iv + IV_SUFFIX_IDX, &sess.iv_suffix_, sizeof sess.iv_suffix_); 00959 00960 CipherContext ctx; 00961 const unsigned char* key = sess.key_.get_buffer(); 00962 if (EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), 0, key, iv) != 1) { 00963 CommonUtilities::set_security_error(ex, -1, 0, "EVP_EncryptInit_ex"); 00964 return false; 00965 } 00966 00967 int n; 00968 if (EVP_EncryptUpdate(ctx, 0, &n, plain.get_buffer(), plain.length()) != 1) { 00969 CommonUtilities::set_security_error(ex, -1, 0, "EVP_EncryptUpdate"); 00970 return false; 00971 } 00972 00973 if (EVP_EncryptFinal_ex(ctx, 0, &n) != 1) { 00974 CommonUtilities::set_security_error(ex, -1, 0, "EVP_EncryptFinal_ex"); 00975 return false; 00976 } 00977 00978 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, sizeof footer.common_mac, 00979 &footer.common_mac) != 1) { 00980 CommonUtilities::set_security_error(ex, -1, 0, "EVP_CIPHER_CTX_ctrl"); 00981 return false; 00982 } 00983 00984 return true; 00985 }
| void OpenDDS::Security::CryptoBuiltInImpl::clear_endpoint_data | ( | DDS::Security::NativeCryptoHandle | handle | ) | [private] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::create_local_datareader_crypto_tokens | ( | DDS::Security::DatareaderCryptoTokenSeq & | local_datareader_crypto_tokens, | |
| DDS::Security::DatareaderCryptoHandle | local_datareader_crypto, | |||
| DDS::Security::DatawriterCryptoHandle | remote_datawriter_crypto, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::create_local_datawriter_crypto_tokens | ( | DDS::Security::DatawriterCryptoTokenSeq & | local_datawriter_crypto_tokens, | |
| DDS::Security::DatawriterCryptoHandle | local_datawriter_crypto, | |||
| DDS::Security::DatareaderCryptoHandle | remote_datareader_crypto, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::create_local_participant_crypto_tokens | ( | DDS::Security::ParticipantCryptoTokenSeq & | local_participant_crypto_tokens, | |
| DDS::Security::ParticipantCryptoHandle | local_participant_crypto, | |||
| DDS::Security::ParticipantCryptoHandle | remote_participant_crypto, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::decode_datareader_submessage | ( | DDS::OctetSeq & | plain_rtps_submessage, | |
| const DDS::OctetSeq & | encoded_rtps_submessage, | |||
| DDS::Security::DatawriterCryptoHandle | receiving_datawriter_crypto, | |||
| DDS::Security::DatareaderCryptoHandle | sending_datareader_crypto, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::decode_datawriter_submessage | ( | DDS::OctetSeq & | plain_rtps_submessage, | |
| const DDS::OctetSeq & | encoded_rtps_submessage, | |||
| DDS::Security::DatareaderCryptoHandle | receiving_datareader_crypto, | |||
| DDS::Security::DatawriterCryptoHandle | sending_datawriter_crypto, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::decode_rtps_message | ( | DDS::OctetSeq & | plain_buffer, | |
| const DDS::OctetSeq & | encoded_buffer, | |||
| DDS::Security::ParticipantCryptoHandle | receiving_participant_crypto, | |||
| DDS::Security::ParticipantCryptoHandle | sending_participant_crypto, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::decode_serialized_payload | ( | DDS::OctetSeq & | plain_buffer, | |
| const DDS::OctetSeq & | encoded_buffer, | |||
| const DDS::OctetSeq & | inline_qos, | |||
| DDS::Security::DatareaderCryptoHandle | receiving_datareader_crypto, | |||
| DDS::Security::DatawriterCryptoHandle | sending_datawriter_crypto, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| bool OpenDDS::Security::CryptoBuiltInImpl::decode_submessage | ( | DDS::OctetSeq & | plain_rtps_submessage, | |
| const DDS::OctetSeq & | encoded_rtps_submessage, | |||
| DDS::Security::NativeCryptoHandle | sender_handle, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private] |
| bool OpenDDS::Security::CryptoBuiltInImpl::decrypt | ( | const KeyMaterial & | master, | |
| Session & | sess, | |||
| const char * | ciphertext, | |||
| unsigned int | n, | |||
| const CryptoHeader & | header, | |||
| const CryptoFooter & | footer, | |||
| DDS::OctetSeq & | out, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private] |
Definition at line 1388 of file CryptoBuiltInImpl.cpp.
References OpenDDS::Security::CryptoFooter::common_mac, OpenDDS::Security::CRYPTO_TRANSFORMATION_KIND_AES256_GCM, OpenDDS::Security::CryptoBuiltInImpl::Session::get_key(), LM_ERROR, OpenDDS::Security::CryptoHeader::session_id, OpenDDS::Security::CommonUtilities::set_security_error(), and OpenDDS::Security::KeyMaterial_AES_GCM_GMAC::transformation_kind.
01394 { 01395 const KeyOctetSeq sess_key = sess.get_key(master, header); 01396 if (!sess_key.length()) { 01397 CommonUtilities::set_security_error(ex, -1, 0, "no session key"); 01398 return false; 01399 } 01400 01401 if (master.transformation_kind[TransformKindIndex] != 01402 CRYPTO_TRANSFORMATION_KIND_AES256_GCM) { 01403 CommonUtilities::set_security_error(ex, -1, 0, 01404 "unsupported transformation kind"); 01405 ACE_ERROR((LM_ERROR, "(%P|%t) CryptoBuiltInImpl::decrypt - ERROR " 01406 "unsupported transformation kind %d\n", 01407 master.transformation_kind[TransformKindIndex])); 01408 return false; 01409 } 01410 01411 CipherContext ctx; 01412 // session_id is start of IV contiguous bytes 01413 if (EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), 0, sess_key.get_buffer(), 01414 header.session_id) != 1) { 01415 CommonUtilities::set_security_error(ex, -1, 0, "EVP_DecryptInit_ex"); 01416 ACE_ERROR((LM_ERROR, "(%P|%t) CryptoBuiltInImpl::decrypt - ERROR " 01417 "EVP_DecryptInit_ex %Ld\n", ERR_peek_last_error())); 01418 return false; 01419 } 01420 01421 out.length(n + KEY_LEN_BYTES); 01422 int len; 01423 if (EVP_DecryptUpdate(ctx, out.get_buffer(), &len, 01424 reinterpret_cast<const unsigned char*>(ciphertext), n) 01425 != 1) { 01426 CommonUtilities::set_security_error(ex, -1, 0, "EVP_DecryptUpdate"); 01427 ACE_ERROR((LM_ERROR, "(%P|%t) CryptoBuiltInImpl::decrypt - ERROR " 01428 "EVP_DecryptUpdate %Ld\n", ERR_peek_last_error())); 01429 return false; 01430 } 01431 01432 void* tag = const_cast<void*>(static_cast<const void*>(footer.common_mac)); 01433 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) { 01434 CommonUtilities::set_security_error(ex, -1, 0, "EVP_CIPHER_CTX_ctrl"); 01435 ACE_ERROR((LM_ERROR, "(%P|%t) CryptoBuiltInImpl::decrypt - ERROR " 01436 "EVP_CIPHER_CTX_ctrl %Ld\n", ERR_peek_last_error())); 01437 return false; 01438 } 01439 01440 int len2; 01441 if (EVP_DecryptFinal_ex(ctx, out.get_buffer() + len, &len2) == 1) { 01442 out.length(len + len2); 01443 return true; 01444 } 01445 CommonUtilities::set_security_error(ex, -1, 0, "EVP_DecryptFinal_ex"); 01446 ACE_ERROR((LM_ERROR, "(%P|%t) CryptoBuiltInImpl::decrypt - ERROR " 01447 "EVP_DecryptFinal_ex %Ld\n", ERR_peek_last_error())); 01448 return false; 01449 }
| void OpenDDS::Security::CryptoBuiltInImpl::encauth_setup | ( | const KeyMaterial & | master, | |
| Session & | sess, | |||
| const DDS::OctetSeq & | plain, | |||
| CryptoHeader & | header | |||
| ) | [private] |
Definition at line 878 of file CryptoBuiltInImpl.cpp.
References OpenDDS::Security::CryptoBuiltInImpl::Session::counter_, OpenDDS::Security::CryptoBuiltInImpl::Session::create_key(), OpenDDS::Security::CryptoBuiltInImpl::Session::id_, OpenDDS::Security::CryptoBuiltInImpl::Session::inc_iv(), OpenDDS::Security::CryptoHeader::initialization_vector_suffix, OpenDDS::Security::CryptoBuiltInImpl::Session::iv_suffix_, OpenDDS::Security::CryptoBuiltInImpl::Session::key_, OpenDDS::Security::CryptoBuiltInImpl::Session::next_id(), OpenDDS::Security::KeyMaterial_AES_GCM_GMAC::sender_key_id, OpenDDS::Security::CryptoHeader::session_id, OpenDDS::Security::CryptoHeader::transform_identifier, OpenDDS::Security::CryptoTransformIdentifier::transformation_key_id, OpenDDS::Security::KeyMaterial_AES_GCM_GMAC::transformation_kind, and OpenDDS::Security::CryptoTransformIdentifier::transformation_kind.
Referenced by authtag(), and encrypt().
00881 { 00882 const unsigned int blocks = 00883 (plain.length() + BLOCK_LEN_BYTES - 1) / BLOCK_LEN_BYTES; 00884 00885 if (!sess.key_.length()) { 00886 sess.create_key(master); 00887 00888 } else if (sess.counter_ + blocks > MAX_BLOCKS_PER_SESSION) { 00889 sess.next_id(master); 00890 00891 } else { 00892 sess.inc_iv(); 00893 sess.counter_ += blocks; 00894 } 00895 00896 std::memcpy(&header.transform_identifier.transformation_kind, 00897 &master.transformation_kind, sizeof master.transformation_kind); 00898 std::memcpy(&header.transform_identifier.transformation_key_id, 00899 &master.sender_key_id, sizeof master.sender_key_id); 00900 std::memcpy(&header.session_id, &sess.id_, sizeof sess.id_); 00901 std::memcpy(&header.initialization_vector_suffix, &sess.iv_suffix_, 00902 sizeof sess.iv_suffix_); 00903 }
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::encode_datareader_submessage | ( | DDS::OctetSeq & | encoded_rtps_submessage, | |
| const DDS::OctetSeq & | plain_rtps_submessage, | |||
| DDS::Security::DatareaderCryptoHandle | sending_datareader_crypto, | |||
| const DDS::Security::DatawriterCryptoHandleSeq & | receiving_datawriter_crypto_list, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::encode_datawriter_submessage | ( | DDS::OctetSeq & | encoded_rtps_submessage, | |
| const DDS::OctetSeq & | plain_rtps_submessage, | |||
| DDS::Security::DatawriterCryptoHandle | sending_datawriter_crypto, | |||
| const DDS::Security::DatareaderCryptoHandleSeq & | receiving_datareader_crypto_list, | |||
| CORBA::Long & | receiving_datareader_crypto_list_index, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::encode_rtps_message | ( | DDS::OctetSeq & | encoded_rtps_message, | |
| const DDS::OctetSeq & | plain_rtps_message, | |||
| DDS::Security::ParticipantCryptoHandle | sending_participant_crypto, | |||
| const DDS::Security::ParticipantCryptoHandleSeq & | receiving_participant_crypto_list, | |||
| CORBA::Long & | receiving_participant_crypto_list_index, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::encode_serialized_payload | ( | DDS::OctetSeq & | encoded_buffer, | |
| DDS::OctetSeq & | extra_inline_qos, | |||
| const DDS::OctetSeq & | plain_buffer, | |||
| DDS::Security::DatawriterCryptoHandle | sending_datawriter_crypto, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| bool OpenDDS::Security::CryptoBuiltInImpl::encode_submessage | ( | DDS::OctetSeq & | encoded_rtps_submessage, | |
| const DDS::OctetSeq & | plain_rtps_submessage, | |||
| DDS::Security::NativeCryptoHandle | sender_handle, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private] |
| bool OpenDDS::Security::CryptoBuiltInImpl::encrypt | ( | const KeyMaterial & | master, | |
| Session & | sess, | |||
| const DDS::OctetSeq & | plain, | |||
| CryptoHeader & | header, | |||
| CryptoFooter & | footer, | |||
| DDS::OctetSeq & | out, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private] |
Definition at line 905 of file CryptoBuiltInImpl.cpp.
References OpenDDS::Security::CryptoFooter::common_mac, encauth_setup(), EVP_CTRL_AEAD_GET_TAG, OpenDDS::Security::CryptoBuiltInImpl::Session::id_, OpenDDS::Security::CryptoBuiltInImpl::Session::iv_suffix_, OpenDDS::Security::CryptoBuiltInImpl::Session::key_, len, and OpenDDS::Security::CommonUtilities::set_security_error().
00909 { 00910 encauth_setup(master, sess, plain, header); 00911 static const int IV_LEN = 12, IV_SUFFIX_IDX = 4; 00912 unsigned char iv[IV_LEN]; 00913 std::memcpy(iv, &sess.id_, sizeof sess.id_); 00914 std::memcpy(iv + IV_SUFFIX_IDX, &sess.iv_suffix_, sizeof sess.iv_suffix_); 00915 00916 CipherContext ctx; 00917 const unsigned char* key = sess.key_.get_buffer(); 00918 if (EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), 0, key, iv) != 1) { 00919 CommonUtilities::set_security_error(ex, -1, 0, "EVP_EncryptInit_ex"); 00920 return false; 00921 } 00922 00923 int len; 00924 out.length(plain.length() + BLOCK_LEN_BYTES - 1); 00925 if (EVP_EncryptUpdate(ctx, out.get_buffer(), &len, 00926 plain.get_buffer(), plain.length()) != 1) { 00927 CommonUtilities::set_security_error(ex, -1, 0, "EVP_EncryptUpdate"); 00928 return false; 00929 } 00930 00931 int padLen; 00932 if (EVP_EncryptFinal_ex(ctx, out.get_buffer() + len, &padLen) != 1) { 00933 CommonUtilities::set_security_error(ex, -1, 0, "EVP_EncryptFinal_ex"); 00934 return false; 00935 } 00936 00937 out.length(len + padLen); 00938 00939 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, sizeof footer.common_mac, 00940 &footer.common_mac) != 1) { 00941 CommonUtilities::set_security_error(ex, -1, 0, "EVP_CIPHER_CTX_ctrl"); 00942 return false; 00943 } 00944 00945 return true; 00946 }
| NativeCryptoHandle OpenDDS::Security::CryptoBuiltInImpl::generate_handle | ( | ) | [private] |
Definition at line 69 of file CryptoBuiltInImpl.cpp.
References OpenDDS::Security::CommonUtilities::increment_handle(), mutex_, and next_handle_.
00070 { 00071 ACE_Guard<ACE_Thread_Mutex> guard(mutex_); 00072 return CommonUtilities::increment_handle(next_handle_); 00073 }
| bool OpenDDS::Security::CryptoBuiltInImpl::marshal | ( | TAO_OutputCDR & | ) | [private, virtual] |
Reimplemented from CORBA::Object.
Definition at line 64 of file CryptoBuiltInImpl.cpp.
| CryptoBuiltInImpl& OpenDDS::Security::CryptoBuiltInImpl::operator= | ( | const CryptoBuiltInImpl & | ) | [private] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::preprocess_secure_submsg | ( | DDS::Security::DatawriterCryptoHandle & | datawriter_crypto, | |
| DDS::Security::DatareaderCryptoHandle & | datareader_crypto, | |||
| DDS::Security::SecureSubmessageCategory_t & | secure_submessage_category, | |||
| const DDS::OctetSeq & | encoded_rtps_submessage, | |||
| DDS::Security::ParticipantCryptoHandle | receiving_participant_crypto, | |||
| DDS::Security::ParticipantCryptoHandle | sending_participant_crypto, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual DDS::Security::DatareaderCryptoHandle OpenDDS::Security::CryptoBuiltInImpl::register_local_datareader | ( | DDS::Security::ParticipantCryptoHandle | participant_crypto, | |
| const DDS::PropertySeq & | datareader_properties, | |||
| const DDS::Security::EndpointSecurityAttributes & | datareader_security_attributes, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual DDS::Security::DatawriterCryptoHandle OpenDDS::Security::CryptoBuiltInImpl::register_local_datawriter | ( | DDS::Security::ParticipantCryptoHandle | participant_crypto, | |
| const DDS::PropertySeq & | datawriter_properties, | |||
| const DDS::Security::EndpointSecurityAttributes & | datawriter_security_attributes, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual DDS::Security::ParticipantCryptoHandle OpenDDS::Security::CryptoBuiltInImpl::register_local_participant | ( | DDS::Security::IdentityHandle | participant_identity, | |
| DDS::Security::PermissionsHandle | participant_permissions, | |||
| const DDS::PropertySeq & | participant_properties, | |||
| const DDS::Security::ParticipantSecurityAttributes & | participant_security_attributes, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual DDS::Security::DatareaderCryptoHandle OpenDDS::Security::CryptoBuiltInImpl::register_matched_remote_datareader | ( | DDS::Security::DatawriterCryptoHandle | local_datawriter_crypto_handle, | |
| DDS::Security::ParticipantCryptoHandle | remote_participant_crypto, | |||
| DDS::Security::SharedSecretHandle * | shared_secret, | |||
| bool | relay_only, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual DDS::Security::DatawriterCryptoHandle OpenDDS::Security::CryptoBuiltInImpl::register_matched_remote_datawriter | ( | DDS::Security::DatareaderCryptoHandle | local_datareader_crypto_handle, | |
| DDS::Security::ParticipantCryptoHandle | remote_participant_crypt, | |||
| DDS::Security::SharedSecretHandle * | shared_secret, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual DDS::Security::ParticipantCryptoHandle OpenDDS::Security::CryptoBuiltInImpl::register_matched_remote_participant | ( | DDS::Security::ParticipantCryptoHandle | local_participant_crypto_handle, | |
| DDS::Security::IdentityHandle | remote_participant_identity, | |||
| DDS::Security::PermissionsHandle | remote_participant_permissions, | |||
| DDS::Security::SharedSecretHandle * | shared_secret, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::return_crypto_tokens | ( | const DDS::Security::CryptoTokenSeq & | crypto_tokens, | |
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::set_remote_datareader_crypto_tokens | ( | DDS::Security::DatawriterCryptoHandle | local_datawriter_crypto, | |
| DDS::Security::DatareaderCryptoHandle | remote_datareader_crypto, | |||
| const DDS::Security::DatareaderCryptoTokenSeq & | remote_datareader_tokens, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::set_remote_datawriter_crypto_tokens | ( | DDS::Security::DatareaderCryptoHandle | local_datareader_crypto, | |
| DDS::Security::DatawriterCryptoHandle | remote_datawriter_crypto, | |||
| const DDS::Security::DatawriterCryptoTokenSeq & | remote_datawriter_tokens, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::set_remote_participant_crypto_tokens | ( | DDS::Security::ParticipantCryptoHandle | local_participant_crypto, | |
| DDS::Security::ParticipantCryptoHandle | remote_participant_crypto, | |||
| const DDS::Security::ParticipantCryptoTokenSeq & | remote_participant_tokens, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::unregister_datareader | ( | DDS::Security::DatareaderCryptoHandle | datareader_crypto_handle, | |
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::unregister_datawriter | ( | DDS::Security::DatawriterCryptoHandle | datawriter_crypto_handle, | |
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| virtual bool OpenDDS::Security::CryptoBuiltInImpl::unregister_participant | ( | DDS::Security::ParticipantCryptoHandle | participant_crypto_handle, | |
| DDS::Security::SecurityException & | ex | |||
| ) | [private, virtual] |
| bool OpenDDS::Security::CryptoBuiltInImpl::verify | ( | const KeyMaterial & | master, | |
| Session & | sess, | |||
| const char * | in, | |||
| unsigned int | n, | |||
| const CryptoHeader & | header, | |||
| const CryptoFooter & | footer, | |||
| DDS::OctetSeq & | out, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [private] |
Definition at line 1451 of file CryptoBuiltInImpl.cpp.
References OpenDDS::Security::CryptoFooter::common_mac, OpenDDS::Security::CRYPTO_TRANSFORMATION_KIND_AES256_GMAC, OpenDDS::Security::CryptoBuiltInImpl::Session::get_key(), LM_ERROR, OpenDDS::Security::CryptoHeader::session_id, OpenDDS::Security::CommonUtilities::set_security_error(), and OpenDDS::Security::KeyMaterial_AES_GCM_GMAC::transformation_kind.
01457 { 01458 const KeyOctetSeq sess_key = sess.get_key(master, header); 01459 if (!sess_key.length()) { 01460 CommonUtilities::set_security_error(ex, -1, 0, "no session key"); 01461 return false; 01462 } 01463 01464 if (master.transformation_kind[TransformKindIndex] != 01465 CRYPTO_TRANSFORMATION_KIND_AES256_GMAC) { 01466 CommonUtilities::set_security_error(ex, -1, 0, 01467 "unsupported transformation kind"); 01468 ACE_ERROR((LM_ERROR, "(%P|%t) CryptoBuiltInImpl::verify - ERROR " 01469 "unsupported transformation kind %d\n", 01470 master.transformation_kind[TransformKindIndex])); 01471 return false; 01472 } 01473 01474 CipherContext ctx; 01475 // session_id is start of IV contiguous bytes 01476 if (EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), 0, sess_key.get_buffer(), 01477 header.session_id) != 1) { 01478 CommonUtilities::set_security_error(ex, -1, 0, "EVP_DecryptInit_ex"); 01479 ACE_ERROR((LM_ERROR, "(%P|%t) CryptoBuiltInImpl::verify - ERROR " 01480 "EVP_DecryptInit_ex %Ld\n", ERR_peek_last_error())); 01481 return false; 01482 } 01483 01484 int len; 01485 if (EVP_DecryptUpdate(ctx, 0, &len, 01486 reinterpret_cast<const unsigned char*>(in), n) != 1) { 01487 CommonUtilities::set_security_error(ex, -1, 0, "EVP_DecryptUpdate"); 01488 ACE_ERROR((LM_ERROR, "(%P|%t) CryptoBuiltInImpl::verify - ERROR " 01489 "EVP_DecryptUpdate %Ld\n", ERR_peek_last_error())); 01490 return false; 01491 } 01492 01493 void* tag = const_cast<void*>(static_cast<const void*>(footer.common_mac)); 01494 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) { 01495 CommonUtilities::set_security_error(ex, -1, 0, "EVP_CIPHER_CTX_ctrl"); 01496 ACE_ERROR((LM_ERROR, "(%P|%t) CryptoBuiltInImpl::verify - ERROR " 01497 "EVP_CIPHER_CTX_ctrl %Ld\n", ERR_peek_last_error())); 01498 return false; 01499 } 01500 01501 int len2; 01502 if (EVP_DecryptFinal_ex(ctx, 0, &len2) == 1) { 01503 out.length(n); 01504 std::memcpy(out.get_buffer(), in, n); 01505 return true; 01506 } 01507 CommonUtilities::set_security_error(ex, -1, 0, "EVP_DecryptFinal_ex"); 01508 ACE_ERROR((LM_ERROR, "(%P|%t) CryptoBuiltInImpl::verify - ERROR " 01509 "EVP_DecryptFinal_ex %Ld\n", ERR_peek_last_error())); 01510 return false; 01511 }
Definition at line 229 of file CryptoBuiltInImpl.h.
Definition at line 223 of file CryptoBuiltInImpl.h.
Referenced by generate_handle().
int OpenDDS::Security::CryptoBuiltInImpl::next_handle_ [private] |
Definition at line 224 of file CryptoBuiltInImpl.h.
Referenced by generate_handle().
std::multimap<DDS::Security::ParticipantCryptoHandle, EntityInfo> OpenDDS::Security::CryptoBuiltInImpl::participant_to_entity_ [private] |
Definition at line 250 of file CryptoBuiltInImpl.h.
Definition at line 266 of file CryptoBuiltInImpl.h.
Definition at line 240 of file CryptoBuiltInImpl.h.
1.6.1
