CryptoBuiltInImpl.h

Go to the documentation of this file.
00001 /*
00002  * Distributed under the OpenDDS License.
00003  * See: http://www.opendds.org/license.html
00004  */
00005 
00006 #ifndef OPENDDS_CRYPTO_BUILTIN_IMPL_H
00007 #define OPENDDS_CRYPTO_BUILTIN_IMPL_H
00008 
00009 #include "DdsSecurity_Export.h"
00010 #include "CryptoBuiltInC.h"
00011 
00012 #include "dds/DdsSecurityCoreC.h"
00013 #include "dds/Versioned_Namespace.h"
00014 
00015 #include "tao/LocalObject.h"
00016 
00017 #include "ace/Thread_Mutex.h"
00018 
00019 #include <map>
00020 
00021 #if !defined (ACE_LACKS_PRAGMA_ONCE)
00022 #pragma once
00023 #endif /* ACE_LACKS_PRAGMA_ONCE */
00024 
00025 class DDS_TEST;
00026 
00027 OPENDDS_BEGIN_VERSIONED_NAMESPACE_DECL
00028 
00029 namespace OpenDDS {
00030 namespace Security {
00031 
00032 class DdsSecurity_Export CryptoBuiltInImpl
00033   : public virtual DDS::Security::CryptoKeyFactory
00034   , public virtual DDS::Security::CryptoKeyExchange
00035   , public virtual DDS::Security::CryptoTransform
00036   , public virtual CORBA::LocalObject
00037 {
00038 public:
00039   CryptoBuiltInImpl();
00040   virtual ~CryptoBuiltInImpl();
00041 
00042 
00043 private:
00044   // Local Object
00045 
00046   bool _is_a(const char*);
00047   const char* _interface_repository_id() const;
00048   bool marshal(TAO_OutputCDR&);
00049 
00050 
00051   // Key Factory
00052 
00053   virtual DDS::Security::ParticipantCryptoHandle register_local_participant(
00054     DDS::Security::IdentityHandle participant_identity,
00055     DDS::Security::PermissionsHandle participant_permissions,
00056     const DDS::PropertySeq& participant_properties,
00057     const DDS::Security::ParticipantSecurityAttributes& participant_security_attributes,
00058     DDS::Security::SecurityException& ex);
00059 
00060   virtual DDS::Security::ParticipantCryptoHandle register_matched_remote_participant(
00061     DDS::Security::ParticipantCryptoHandle local_participant_crypto_handle,
00062     DDS::Security::IdentityHandle remote_participant_identity,
00063     DDS::Security::PermissionsHandle remote_participant_permissions,
00064     DDS::Security::SharedSecretHandle* shared_secret,
00065     DDS::Security::SecurityException& ex);
00066 
00067   virtual DDS::Security::DatawriterCryptoHandle register_local_datawriter(
00068     DDS::Security::ParticipantCryptoHandle participant_crypto,
00069     const DDS::PropertySeq& datawriter_properties,
00070     const DDS::Security::EndpointSecurityAttributes& datawriter_security_attributes,
00071     DDS::Security::SecurityException& ex);
00072 
00073   virtual DDS::Security::DatareaderCryptoHandle register_matched_remote_datareader(
00074     DDS::Security::DatawriterCryptoHandle local_datawriter_crypto_handle,
00075     DDS::Security::ParticipantCryptoHandle remote_participant_crypto,
00076     DDS::Security::SharedSecretHandle* shared_secret,
00077     bool relay_only,
00078     DDS::Security::SecurityException& ex);
00079 
00080   virtual DDS::Security::DatareaderCryptoHandle register_local_datareader(
00081     DDS::Security::ParticipantCryptoHandle participant_crypto,
00082     const DDS::PropertySeq& datareader_properties,
00083     const DDS::Security::EndpointSecurityAttributes& datareader_security_attributes,
00084     DDS::Security::SecurityException& ex);
00085 
00086   virtual DDS::Security::DatawriterCryptoHandle register_matched_remote_datawriter(
00087     DDS::Security::DatareaderCryptoHandle local_datareader_crypto_handle,
00088     DDS::Security::ParticipantCryptoHandle remote_participant_crypt,
00089     DDS::Security::SharedSecretHandle* shared_secret,
00090     DDS::Security::SecurityException& ex);
00091 
00092   virtual bool unregister_participant(
00093     DDS::Security::ParticipantCryptoHandle participant_crypto_handle,
00094     DDS::Security::SecurityException& ex);
00095 
00096   virtual bool unregister_datawriter(
00097     DDS::Security::DatawriterCryptoHandle datawriter_crypto_handle,
00098     DDS::Security::SecurityException& ex);
00099 
00100   virtual bool unregister_datareader(
00101     DDS::Security::DatareaderCryptoHandle datareader_crypto_handle,
00102     DDS::Security::SecurityException& ex);
00103 
00104 
00105   // Key Exchange
00106 
00107   virtual bool create_local_participant_crypto_tokens(
00108     DDS::Security::ParticipantCryptoTokenSeq& local_participant_crypto_tokens,
00109     DDS::Security::ParticipantCryptoHandle local_participant_crypto,
00110     DDS::Security::ParticipantCryptoHandle remote_participant_crypto,
00111     DDS::Security::SecurityException& ex);
00112 
00113   virtual bool set_remote_participant_crypto_tokens(
00114     DDS::Security::ParticipantCryptoHandle local_participant_crypto,
00115     DDS::Security::ParticipantCryptoHandle remote_participant_crypto,
00116     const DDS::Security::ParticipantCryptoTokenSeq& remote_participant_tokens,
00117     DDS::Security::SecurityException& ex);
00118 
00119   virtual bool create_local_datawriter_crypto_tokens(
00120     DDS::Security::DatawriterCryptoTokenSeq& local_datawriter_crypto_tokens,
00121     DDS::Security::DatawriterCryptoHandle local_datawriter_crypto,
00122     DDS::Security::DatareaderCryptoHandle remote_datareader_crypto,
00123     DDS::Security::SecurityException& ex);
00124 
00125   virtual bool set_remote_datawriter_crypto_tokens(
00126     DDS::Security::DatareaderCryptoHandle local_datareader_crypto,
00127     DDS::Security::DatawriterCryptoHandle remote_datawriter_crypto,
00128     const DDS::Security::DatawriterCryptoTokenSeq& remote_datawriter_tokens,
00129     DDS::Security::SecurityException& ex);
00130 
00131   virtual bool create_local_datareader_crypto_tokens(
00132     DDS::Security::DatareaderCryptoTokenSeq& local_datareader_crypto_tokens,
00133     DDS::Security::DatareaderCryptoHandle local_datareader_crypto,
00134     DDS::Security::DatawriterCryptoHandle remote_datawriter_crypto,
00135     DDS::Security::SecurityException& ex);
00136 
00137   virtual bool set_remote_datareader_crypto_tokens(
00138     DDS::Security::DatawriterCryptoHandle local_datawriter_crypto,
00139     DDS::Security::DatareaderCryptoHandle remote_datareader_crypto,
00140     const DDS::Security::DatareaderCryptoTokenSeq& remote_datareader_tokens,
00141     DDS::Security::SecurityException& ex);
00142 
00143   virtual bool return_crypto_tokens(
00144     const DDS::Security::CryptoTokenSeq& crypto_tokens,
00145     DDS::Security::SecurityException& ex);
00146 
00147 
00148   // Transform
00149 
00150   virtual bool encode_serialized_payload(
00151     DDS::OctetSeq& encoded_buffer,
00152     DDS::OctetSeq& extra_inline_qos,
00153     const DDS::OctetSeq& plain_buffer,
00154     DDS::Security::DatawriterCryptoHandle sending_datawriter_crypto,
00155     DDS::Security::SecurityException& ex);
00156 
00157   virtual bool encode_datawriter_submessage(
00158     DDS::OctetSeq& encoded_rtps_submessage,
00159     const DDS::OctetSeq& plain_rtps_submessage,
00160     DDS::Security::DatawriterCryptoHandle sending_datawriter_crypto,
00161     const DDS::Security::DatareaderCryptoHandleSeq& receiving_datareader_crypto_list,
00162     CORBA::Long& receiving_datareader_crypto_list_index,
00163     DDS::Security::SecurityException& ex);
00164 
00165   virtual bool encode_datareader_submessage(
00166     DDS::OctetSeq& encoded_rtps_submessage,
00167     const DDS::OctetSeq& plain_rtps_submessage,
00168     DDS::Security::DatareaderCryptoHandle sending_datareader_crypto,
00169     const DDS::Security::DatawriterCryptoHandleSeq& receiving_datawriter_crypto_list,
00170     DDS::Security::SecurityException& ex);
00171 
00172   virtual bool encode_rtps_message(
00173     DDS::OctetSeq& encoded_rtps_message,
00174     const DDS::OctetSeq& plain_rtps_message,
00175     DDS::Security::ParticipantCryptoHandle sending_participant_crypto,
00176     const DDS::Security::ParticipantCryptoHandleSeq& receiving_participant_crypto_list,
00177     CORBA::Long& receiving_participant_crypto_list_index,
00178     DDS::Security::SecurityException& ex);
00179 
00180   virtual bool decode_rtps_message(
00181     DDS::OctetSeq& plain_buffer,
00182     const DDS::OctetSeq& encoded_buffer,
00183     DDS::Security::ParticipantCryptoHandle receiving_participant_crypto,
00184     DDS::Security::ParticipantCryptoHandle sending_participant_crypto,
00185     DDS::Security::SecurityException& ex);
00186 
00187   virtual bool preprocess_secure_submsg(
00188     DDS::Security::DatawriterCryptoHandle& datawriter_crypto,
00189     DDS::Security::DatareaderCryptoHandle& datareader_crypto,
00190     DDS::Security::SecureSubmessageCategory_t& secure_submessage_category,
00191     const DDS::OctetSeq& encoded_rtps_submessage,
00192     DDS::Security::ParticipantCryptoHandle receiving_participant_crypto,
00193     DDS::Security::ParticipantCryptoHandle sending_participant_crypto,
00194     DDS::Security::SecurityException& ex);
00195 
00196   virtual bool decode_datawriter_submessage(
00197     DDS::OctetSeq& plain_rtps_submessage,
00198     const DDS::OctetSeq& encoded_rtps_submessage,
00199     DDS::Security::DatareaderCryptoHandle receiving_datareader_crypto,
00200     DDS::Security::DatawriterCryptoHandle sending_datawriter_crypto,
00201     DDS::Security::SecurityException& ex);
00202 
00203   virtual bool decode_datareader_submessage(
00204     DDS::OctetSeq& plain_rtps_submessage,
00205     const DDS::OctetSeq& encoded_rtps_submessage,
00206     DDS::Security::DatawriterCryptoHandle receiving_datawriter_crypto,
00207     DDS::Security::DatareaderCryptoHandle sending_datareader_crypto,
00208     DDS::Security::SecurityException& ex);
00209 
00210   virtual bool decode_serialized_payload(
00211     DDS::OctetSeq& plain_buffer,
00212     const DDS::OctetSeq& encoded_buffer,
00213     const DDS::OctetSeq& inline_qos,
00214     DDS::Security::DatareaderCryptoHandle receiving_datareader_crypto,
00215     DDS::Security::DatawriterCryptoHandle sending_datawriter_crypto,
00216     DDS::Security::SecurityException& ex);
00217 
00218   CryptoBuiltInImpl(const CryptoBuiltInImpl&);
00219   CryptoBuiltInImpl& operator=(const CryptoBuiltInImpl&);
00220 
00221   DDS::Security::NativeCryptoHandle generate_handle();
00222 
00223   ACE_Thread_Mutex mutex_;
00224   int next_handle_;
00225 
00226   typedef KeyMaterial_AES_GCM_GMAC KeyMaterial;
00227   typedef KeyMaterial_AES_GCM_GMAC_Seq KeySeq;
00228   typedef std::map<DDS::Security::NativeCryptoHandle, KeySeq> KeyTable_t;
00229   KeyTable_t keys_;
00230 
00231   struct WriterOpts {
00232     bool submessage_, payload_;
00233     WriterOpts() : submessage_(false), payload_(false) {}
00234     WriterOpts(const DDS::Security::EndpointSecurityAttributes& attribs)
00235       : submessage_(attribs.is_submessage_protected)
00236       , payload_(attribs.is_payload_protected)
00237     {}
00238   };
00239   typedef std::map<DDS::Security::DatawriterCryptoHandle, WriterOpts> Writers_t;
00240   Writers_t writer_options_;
00241 
00242   struct EntityInfo {
00243     DDS::Security::SecureSubmessageCategory_t category_;
00244     DDS::Security::NativeCryptoHandle handle_;
00245     EntityInfo(DDS::Security::SecureSubmessageCategory_t c,
00246                DDS::Security::NativeCryptoHandle h)
00247       : category_(c), handle_(h) {}
00248   };
00249   std::multimap<DDS::Security::ParticipantCryptoHandle,
00250                 EntityInfo> participant_to_entity_;
00251 
00252   struct Session {
00253     SessionIdType id_;
00254     IV_SuffixType iv_suffix_;
00255     KeyOctetSeq key_;
00256     ACE_UINT64 counter_;
00257 
00258     KeyOctetSeq get_key(const KeyMaterial& master, const CryptoHeader& header);
00259     void create_key(const KeyMaterial& master);
00260     void derive_key(const KeyMaterial& master);
00261     void next_id(const KeyMaterial& master);
00262     void inc_iv();
00263   };
00264   typedef std::pair<DDS::Security::NativeCryptoHandle, unsigned int> KeyId_t;
00265   typedef std::map<KeyId_t, Session> SessionTable_t;
00266   SessionTable_t sessions_;
00267 
00268   void clear_endpoint_data(DDS::Security::NativeCryptoHandle handle);
00269 
00270   bool encode_submessage(DDS::OctetSeq& encoded_rtps_submessage,
00271                          const DDS::OctetSeq& plain_rtps_submessage,
00272                          DDS::Security::NativeCryptoHandle sender_handle,
00273                          DDS::Security::SecurityException& ex);
00274 
00275   bool encrypt(const KeyMaterial& master, Session& sess,
00276                const DDS::OctetSeq& plain,
00277                CryptoHeader& header, CryptoFooter& footer,
00278                DDS::OctetSeq& out, DDS::Security::SecurityException& ex);
00279 
00280   bool authtag(const KeyMaterial& master, Session& sess,
00281                const DDS::OctetSeq& plain,
00282                CryptoHeader& header, CryptoFooter& footer,
00283                DDS::Security::SecurityException& ex);
00284 
00285   void encauth_setup(const KeyMaterial& master, Session& sess,
00286                      const DDS::OctetSeq& plain, CryptoHeader& header);
00287 
00288   bool decode_submessage(DDS::OctetSeq& plain_rtps_submessage,
00289                          const DDS::OctetSeq& encoded_rtps_submessage,
00290                          DDS::Security::NativeCryptoHandle sender_handle,
00291                          DDS::Security::SecurityException& ex);
00292 
00293   bool decrypt(const KeyMaterial& master, Session& sess, const char* ciphertext,
00294                unsigned int n, const CryptoHeader& header,
00295                const CryptoFooter& footer, DDS::OctetSeq& out,
00296                DDS::Security::SecurityException& ex);
00297 
00298   bool verify(const KeyMaterial& master, Session& sess, const char* in,
00299               unsigned int n, const CryptoHeader& header,
00300               const CryptoFooter& footer, DDS::OctetSeq& out,
00301               DDS::Security::SecurityException& ex);
00302 };
00303 
00304 } // Security
00305 } // OpenDDS
00306 
00307 OPENDDS_END_VERSIONED_NAMESPACE_DECL
00308 
00309 #endif
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Defines
Generated on 10 Aug 2018 for OpenDDS by  doxygen 1.6.1