Namespaces | |
| namespace | CommonUtilities |
| namespace | SSL |
Classes | |
| struct | SPDPdiscoveredParticipantData |
| class | Governance |
| class | LocalAccessCredentialData |
| class | Permissions |
| class | AccessControlBuiltInImpl |
| Implements the DDS built-in version of the Access Control plugin for the DDS Security Specification. More... | |
| class | CredentialHash |
| class | LocalAuthCredentialData |
| struct | SharedSecret |
| class | AuthenticationBuiltInImpl |
| Implements the DDS built-in version of the Authentication plugin for the DDS Security Specification. More... | |
| class | BuiltInPluginLoader |
| class | BuiltinPluginsInitializer |
| class | BuiltInSecurityPluginInst |
| Factory object to create interfaces for the BuiltIn plugin. More... | |
| struct | CryptoTransformIdentifier |
| struct | KeyMaterial_AES_GCM_GMAC |
| struct | CryptoHeader |
| struct | CryptoContent |
| struct | ReceiverSpecificMAC |
| struct | CryptoFooter |
| class | CryptoBuiltInImpl |
| class | SecurityConfig |
| class | SecurityPluginInst |
| Base class for concrete security plugins to provide new objects. More... | |
| class | SecurityRegistry |
| struct | has_property |
| class | TokenReader |
| Implements some simple wrapper functions to provide a const API around the Token data structure as specified in the DDS security specification. More... | |
| class | TokenWriter |
| Implements some simple wrapper functions to provide a non-const API around the Token data structure as specified in the DDS security specification. More... | |
Typedefs | |
| typedef Governance::GovernanceAccessRules::iterator | gov_iter |
| typedef Permissions::PermissionGrantRules::iterator | perm_grant_iter |
| typedef Permissions::TopicRules::iterator | perm_topic_rules_iter |
| typedef Permissions::Partitions::iterator | perm_partitions_iter |
| typedef Permissions::TopicPsRules::iterator | perm_topic_ps_rules_iter |
| typedef Permissions::PartitionPsList::iterator | perm_partition_ps_iter |
| typedef octet | CryptoTransformKind [4] |
| typedef octet | CryptoTransformKeyId [4] |
| typedef sequence< octet, 32 > | KeyOctetSeq |
| typedef sequence < KeyMaterial_AES_GCM_GMAC > | KeyMaterial_AES_GCM_GMAC_Seq |
| typedef octet | SessionIdType [4] |
| typedef octet | IV_SuffixType [8] |
| typedef octet | ReceiverMAC_Type [16] |
| typedef sequence < ReceiverSpecificMAC > | ReceiverSpecificMACSeq |
| typedef octet | CommonMAC_Type [16] |
| typedef DCPS::RcHandle < SecurityConfig > | SecurityConfig_rch |
| typedef std::pair < OPENDDS_STRING, OPENDDS_STRING > | ConfigProperty |
| typedef DCPS::RcHandle < SecurityPluginInst > | SecurityPluginInst_rch |
Enumerations | |
| enum | DiscoveredParticipantDataKind { DPDK_NONE, DPDK_ORIGINAL, DPDK_ENHANCED, DPDK_SECURE } |
Functions | |
| static const std::string | PermissionsTokenClassId ("DDS:Access:Permissions:1.0") |
| static const std::string | AccessControl_Plugin_Name ("DDS:Access:Permissions") |
| static const std::string | AccessControl_Major_Version ("1") |
| static const std::string | AccessControl_Minor_Version ("0") |
| static const std::string | PermissionsCredentialTokenClassId ("DDS:Access:PermissionsCredential") |
| static bool | challenges_match (const DDS::OctetSeq &c1, const DDS::OctetSeq &c2) |
| static void | extract_participant_guid_from_cpdata (const DDS::OctetSeq &cpdata, DCPS::GUID_t &dst) |
| static bool | validate_topic_data_guid (const DDS::OctetSeq &cpdata, const std::vector< unsigned char > &subject_name_hash, DDS::Security::SecurityException &ex) |
| const std::string | Auth_Plugin_Name ("DDS:Auth:PKI-DH") |
| const std::string | Auth_Plugin_Major_Version ("1") |
| const std::string | Auth_Plugin_Minor_Version ("0") |
| const std::string | Identity_Status_Token_Class_Id ("DDS:Auth:PKI-DH:1.0") |
| const std::string | Auth_Peer_Cred_Token_Class_Id ("DDS:Auth:PKI-DH:1.0") |
| const std::string | Auth_Request_Class_Ext ("AuthReq") |
| const std::string | Handshake_Request_Class_Ext ("Req") |
| const std::string | Handshake_Reply_Class_Ext ("Reply") |
| const std::string | Handshake_Final_Class_Ext ("Final") |
| static void | make_reply_signature_sequence (const DDS::OctetSeq &hash_c2, const DDS::OctetSeq &challenge2, const DDS::OctetSeq &dh2, const DDS::OctetSeq &challenge1, const DDS::OctetSeq &dh1, const DDS::OctetSeq &hash_c1, DDS::BinaryPropertySeq &dst) |
| static void | make_final_signature_sequence (const DDS::OctetSeq &hash_c1, const DDS::OctetSeq &challenge1, const DDS::OctetSeq &dh1, const DDS::OctetSeq &challenge2, const DDS::OctetSeq &dh2, const DDS::OctetSeq &hash_c2, DDS::BinaryPropertySeq &dst) |
| static const std::string | PLUGIN_NAME ("BuiltIn") |
| ACE_FACTORY_DEFINE (DdsSecurity, BuiltInPluginLoader) | |
| typedef | OPENDDS_VECTOR (ConfigProperty) ConfigPropertyList |
Variables | |
| static BuiltinPluginsInitializer | builtin_plugins_init |
| const unsigned long | TransformKindIndex = 3 |
| const octet | CRYPTO_TRANSFORMATION_KIND_NONE = 0 |
| const octet | CRYPTO_TRANSFORMATION_KIND_AES128_GMAC = 1 |
| const octet | CRYPTO_TRANSFORMATION_KIND_AES128_GCM = 2 |
| const octet | CRYPTO_TRANSFORMATION_KIND_AES256_GMAC = 3 |
| const octet | CRYPTO_TRANSFORMATION_KIND_AES256_GCM = 4 |
| const unsigned long | FLAG_IS_SUBMESSAGE_ENCRYPTED = 1 |
| const unsigned long | FLAG_IS_PAYLOAD_ENCRYPTED = 2 |
| typedef octet OpenDDS::Security::CommonMAC_Type[16] |
Definition at line 92 of file CryptoBuiltIn.idl.
| typedef std::pair<OPENDDS_STRING, OPENDDS_STRING> OpenDDS::Security::ConfigProperty |
Definition at line 19 of file SecurityConfigPropertyList.h.
| typedef octet OpenDDS::Security::CryptoTransformKeyId[4] |
Definition at line 51 of file CryptoBuiltIn.idl.
| typedef octet OpenDDS::Security::CryptoTransformKind[4] |
Definition at line 50 of file CryptoBuiltIn.idl.
| typedef Governance::GovernanceAccessRules::iterator OpenDDS::Security::gov_iter |
Definition at line 37 of file AccessControlBuiltInImpl.cpp.
| typedef octet OpenDDS::Security::IV_SuffixType[8] |
Definition at line 73 of file CryptoBuiltIn.idl.
| typedef sequence<KeyMaterial_AES_GCM_GMAC> OpenDDS::Security::KeyMaterial_AES_GCM_GMAC_Seq |
Definition at line 70 of file CryptoBuiltIn.idl.
| typedef sequence<octet, 32> OpenDDS::Security::KeyOctetSeq |
Definition at line 57 of file CryptoBuiltIn.idl.
| typedef Permissions::PermissionGrantRules::iterator OpenDDS::Security::perm_grant_iter |
Definition at line 38 of file AccessControlBuiltInImpl.cpp.
| typedef Permissions::PartitionPsList::iterator OpenDDS::Security::perm_partition_ps_iter |
Definition at line 42 of file AccessControlBuiltInImpl.cpp.
| typedef Permissions::Partitions::iterator OpenDDS::Security::perm_partitions_iter |
Definition at line 40 of file AccessControlBuiltInImpl.cpp.
| typedef Permissions::TopicPsRules::iterator OpenDDS::Security::perm_topic_ps_rules_iter |
Definition at line 41 of file AccessControlBuiltInImpl.cpp.
| typedef Permissions::TopicRules::iterator OpenDDS::Security::perm_topic_rules_iter |
Definition at line 39 of file AccessControlBuiltInImpl.cpp.
| typedef octet OpenDDS::Security::ReceiverMAC_Type[16] |
Definition at line 85 of file CryptoBuiltIn.idl.
| typedef sequence<ReceiverSpecificMAC> OpenDDS::Security::ReceiverSpecificMACSeq |
Definition at line 91 of file CryptoBuiltIn.idl.
Definition at line 24 of file SecurityConfig_rch.h.
Definition at line 19 of file SecurityPluginInst_rch.h.
| typedef octet OpenDDS::Security::SessionIdType[4] |
Definition at line 72 of file CryptoBuiltIn.idl.
Definition at line 17 of file RtpsSecurity.idl.
00017 { 00018 DPDK_NONE, 00019 DPDK_ORIGINAL, 00020 DPDK_ENHANCED, 00021 DPDK_SECURE 00022 };
| static const std::string OpenDDS::Security::AccessControl_Major_Version | ( | "1" | ) | [static] |
| static const std::string OpenDDS::Security::AccessControl_Minor_Version | ( | "0" | ) | [static] |
| static const std::string OpenDDS::Security::AccessControl_Plugin_Name | ( | "DDS:Access:Permissions" | ) | [static] |
| OpenDDS::Security::ACE_FACTORY_DEFINE | ( | DdsSecurity | , | |
| BuiltInPluginLoader | ||||
| ) |
| const std::string OpenDDS::Security::Auth_Peer_Cred_Token_Class_Id | ( | "DDS:Auth:PKI-DH:1.0" | ) |
Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::get_authenticated_peer_credential_token().
| const std::string OpenDDS::Security::Auth_Plugin_Major_Version | ( | "1" | ) |
Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::build_class_id(), and OpenDDS::Security::AuthenticationBuiltInImpl::check_class_versions().
| const std::string OpenDDS::Security::Auth_Plugin_Minor_Version | ( | "0" | ) |
Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::build_class_id().
| const std::string OpenDDS::Security::Auth_Plugin_Name | ( | "DDS:Auth:PKI-DH" | ) |
Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::build_class_id(), and OpenDDS::Security::AuthenticationBuiltInImpl::check_class_versions().
| const std::string OpenDDS::Security::Auth_Request_Class_Ext | ( | "AuthReq" | ) |
| bool OpenDDS::Security::challenges_match | ( | const DDS::OctetSeq & | c1, | |
| const DDS::OctetSeq & | c2 | |||
| ) | [static] |
Definition at line 1161 of file AuthenticationBuiltInImpl.cpp.
Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::begin_handshake_reply(), OpenDDS::Security::AuthenticationBuiltInImpl::process_final_handshake(), and OpenDDS::Security::AuthenticationBuiltInImpl::process_handshake_reply().
01162 { 01163 if ((c1.length()) < 1 || (c2.length() < 1)) { 01164 return false; 01165 } 01166 if (c1.length() != c2.length()) { 01167 return false; 01168 } 01169 01170 if (0 != std::memcmp(c1.get_buffer(), c2.get_buffer(), c2.length())) { 01171 return false; 01172 } 01173 01174 return true; 01175 }
| void OpenDDS::Security::extract_participant_guid_from_cpdata | ( | const DDS::OctetSeq & | cpdata, | |
| DCPS::GUID_t & | dst | |||
| ) | [static] |
Definition at line 407 of file AuthenticationBuiltInImpl.cpp.
References ACE_TEXT(), OpenDDS::DCPS::Serializer::ALIGN_CDR, OpenDDS::RTPS::Parameter::guid, OpenDDS::DCPS::GUID_UNKNOWN, LM_WARNING, OpenDDS::RTPS::PID_PARTICIPANT_GUID, and OpenDDS::DCPS::Serializer::SWAP_BE.
Referenced by validate_topic_data_guid().
00408 { 00409 dst = DCPS::GUID_UNKNOWN; 00410 00411 ACE_Message_Block buffer(reinterpret_cast<const char*>(cpdata.get_buffer()), cpdata.length()); 00412 buffer.wr_ptr(cpdata.length()); 00413 OpenDDS::DCPS::Serializer serializer(&buffer, DCPS::Serializer::SWAP_BE, DCPS::Serializer::ALIGN_CDR); 00414 RTPS::ParameterList params; 00415 00416 if (serializer >> params) { 00417 for (size_t i = 0; i < params.length(); ++i) { 00418 const RTPS::Parameter& p = params[i]; 00419 00420 if (p._d() == RTPS::PID_PARTICIPANT_GUID) { 00421 dst = p.guid(); 00422 break; 00423 } 00424 } 00425 00426 } else { 00427 ACE_ERROR((LM_WARNING, 00428 ACE_TEXT("(%P|%t) WARNING: extract_participant_guid_from_cpdata, ") 00429 ACE_TEXT("failed to deserialize guid from cpdata.\n"))); 00430 } 00431 00432 }
| const std::string OpenDDS::Security::Handshake_Final_Class_Ext | ( | "Final" | ) |
Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::process_handshake(), and OpenDDS::Security::AuthenticationBuiltInImpl::process_handshake_reply().
| const std::string OpenDDS::Security::Handshake_Reply_Class_Ext | ( | "Reply" | ) |
Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::begin_handshake_reply(), and OpenDDS::Security::AuthenticationBuiltInImpl::process_handshake().
| const std::string OpenDDS::Security::Handshake_Request_Class_Ext | ( | "Req" | ) |
Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::begin_handshake_request().
| const std::string OpenDDS::Security::Identity_Status_Token_Class_Id | ( | "DDS:Auth:PKI-DH:1.0" | ) |
| static void OpenDDS::Security::make_final_signature_sequence | ( | const DDS::OctetSeq & | hash_c1, | |
| const DDS::OctetSeq & | challenge1, | |||
| const DDS::OctetSeq & | dh1, | |||
| const DDS::OctetSeq & | challenge2, | |||
| const DDS::OctetSeq & | dh2, | |||
| const DDS::OctetSeq & | hash_c2, | |||
| DDS::BinaryPropertySeq & | dst | |||
| ) | [static] |
Definition at line 533 of file AuthenticationBuiltInImpl.cpp.
References DDS::BinaryProperty_t::name, DDS::BinaryProperty_t::propagate, and DDS::BinaryProperty_t::value.
Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::process_final_handshake(), and OpenDDS::Security::AuthenticationBuiltInImpl::process_handshake_reply().
00540 { 00541 DCPS::SequenceBackInsertIterator<DDS::BinaryPropertySeq> inserter(dst); 00542 00543 { 00544 DDS::BinaryProperty_t p; 00545 p.name = "hash_c1"; 00546 p.value = hash_c1; 00547 p.propagate = true; 00548 *inserter = p; 00549 } 00550 00551 { 00552 DDS::BinaryProperty_t p; 00553 p.name = "challenge1"; 00554 p.value = challenge1; 00555 p.propagate = true; 00556 *inserter = p; 00557 } 00558 00559 { 00560 DDS::BinaryProperty_t p; 00561 p.name = "dh1"; 00562 p.value = dh1; 00563 p.propagate = true; 00564 *inserter = p; 00565 } 00566 00567 { 00568 DDS::BinaryProperty_t p; 00569 p.name = "challenge2"; 00570 p.value = challenge2; 00571 p.propagate = true; 00572 *inserter = p; 00573 } 00574 00575 { 00576 DDS::BinaryProperty_t p; 00577 p.name = "dh2"; 00578 p.value = dh2; 00579 p.propagate = true; 00580 *inserter = p; 00581 } 00582 00583 { 00584 DDS::BinaryProperty_t p; 00585 p.name = "hash_c2"; 00586 p.value = hash_c2; 00587 p.propagate = true; 00588 *inserter = p; 00589 } 00590 }
| static void OpenDDS::Security::make_reply_signature_sequence | ( | const DDS::OctetSeq & | hash_c2, | |
| const DDS::OctetSeq & | challenge2, | |||
| const DDS::OctetSeq & | dh2, | |||
| const DDS::OctetSeq & | challenge1, | |||
| const DDS::OctetSeq & | dh1, | |||
| const DDS::OctetSeq & | hash_c1, | |||
| DDS::BinaryPropertySeq & | dst | |||
| ) | [static] |
Definition at line 474 of file AuthenticationBuiltInImpl.cpp.
References DDS::BinaryProperty_t::name, DDS::BinaryProperty_t::propagate, and DDS::BinaryProperty_t::value.
Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::begin_handshake_reply(), and OpenDDS::Security::AuthenticationBuiltInImpl::process_handshake_reply().
00481 { 00482 DCPS::SequenceBackInsertIterator<DDS::BinaryPropertySeq> inserter(dst); 00483 00484 { 00485 DDS::BinaryProperty_t p; 00486 p.name = "hash_c2"; 00487 p.value = hash_c2; 00488 p.propagate = true; 00489 *inserter = p; 00490 } 00491 00492 { 00493 DDS::BinaryProperty_t p; 00494 p.name = "challenge2"; 00495 p.value = challenge2; 00496 p.propagate = true; 00497 *inserter = p; 00498 } 00499 00500 { 00501 DDS::BinaryProperty_t p; 00502 p.name = "dh2"; 00503 p.value = dh2; 00504 p.propagate = true; 00505 *inserter = p; 00506 } 00507 00508 { 00509 DDS::BinaryProperty_t p; 00510 p.name = "challenge1"; 00511 p.value = challenge1; 00512 p.propagate = true; 00513 *inserter = p; 00514 } 00515 00516 { 00517 DDS::BinaryProperty_t p; 00518 p.name = "dh1"; 00519 p.value = dh1; 00520 p.propagate = true; 00521 *inserter = p; 00522 } 00523 00524 { 00525 DDS::BinaryProperty_t p; 00526 p.name = "hash_c1"; 00527 p.value = hash_c1; 00528 p.propagate = true; 00529 *inserter = p; 00530 } 00531 }
| typedef OpenDDS::Security::OPENDDS_VECTOR | ( | ConfigProperty | ) |
| static const std::string OpenDDS::Security::PermissionsCredentialTokenClassId | ( | "DDS:Access:PermissionsCredential" | ) | [static] |
Referenced by OpenDDS::Security::AccessControlBuiltInImpl::validate_local_permissions().
| static const std::string OpenDDS::Security::PermissionsTokenClassId | ( | "DDS:Access:Permissions:1.0" | ) | [static] |
Referenced by OpenDDS::Security::AccessControlBuiltInImpl::validate_local_permissions().
| static const std::string OpenDDS::Security::PLUGIN_NAME | ( | "BuiltIn" | ) | [static] |
Referenced by OpenDDS::Security::BuiltInPluginLoader::init().
| bool OpenDDS::Security::validate_topic_data_guid | ( | const DDS::OctetSeq & | cpdata, | |
| const std::vector< unsigned char > & | subject_name_hash, | |||
| DDS::Security::SecurityException & | ex | |||
| ) | [static] |
Definition at line 434 of file AuthenticationBuiltInImpl.cpp.
References extract_participant_guid_from_cpdata(), OpenDDS::DCPS::GUID_t::guidPrefix, OpenDDS::Security::SSL::offset_1bit(), and OpenDDS::Security::CommonUtilities::set_security_error().
Referenced by OpenDDS::Security::AuthenticationBuiltInImpl::begin_handshake_reply(), and OpenDDS::Security::AuthenticationBuiltInImpl::process_handshake_reply().
00437 { 00438 if (cpdata.length() > 5u) { /* Enough to withstand the hash-comparison below */ 00439 00440 DCPS::GUID_t remote_participant_guid; 00441 extract_participant_guid_from_cpdata(cpdata, remote_participant_guid); 00442 00443 const DCPS::GuidPrefix_t& prefix = remote_participant_guid.guidPrefix; 00444 00445 /* Make sure first bit is set */ 00446 00447 if ((prefix[0] & 0x80) != 0x80) { 00448 set_security_error(ex, -1, 0, "Malformed participant_guid in 'c.pdata'; First bit must be set."); 00449 return false; 00450 } 00451 00452 /* Check the following 47 bits match the subject-hash */ 00453 00454 /* First byte needs to remove the manually-set first-bit before comparison */ 00455 if ((prefix[0] & 0x7F) != SSL::offset_1bit(&subject_name_hash[0], 0)) { 00456 set_security_error(ex, -1, 0, "First byte of participant_guid in 'c.pdata' does not match bits of subject-name hash in 'c.id'"); 00457 return false; 00458 } 00459 for (size_t i = 1; i <= 5u; ++i) { /* Compare remaining 5 bytes */ 00460 if (prefix[i] != SSL::offset_1bit(&subject_name_hash[0], i)) { /* Slide the hash to the right 1 so it aligns with the guid prefix */ 00461 set_security_error(ex, -1, 0, "Bits 2 - 48 of 'c.pdata' participant_guid does not match first 47 bits of subject-name hash in 'c.id'"); 00462 return false; 00463 } 00464 } 00465 00466 } else { 00467 set_security_error(ex, -1, 0, "Data missing in 'c.pdata'"); 00468 return false; 00469 } 00470 00471 return true; 00472 }
Definition at line 22 of file BuiltInPlugins.h.
| const octet OpenDDS::Security::CRYPTO_TRANSFORMATION_KIND_AES128_GCM = 2 |
Definition at line 31 of file CryptoBuiltIn.idl.
| const octet OpenDDS::Security::CRYPTO_TRANSFORMATION_KIND_AES128_GMAC = 1 |
Definition at line 23 of file CryptoBuiltIn.idl.
| const octet OpenDDS::Security::CRYPTO_TRANSFORMATION_KIND_AES256_GCM = 4 |
Definition at line 48 of file CryptoBuiltIn.idl.
Referenced by OpenDDS::Security::CryptoBuiltInImpl::decrypt().
| const octet OpenDDS::Security::CRYPTO_TRANSFORMATION_KIND_AES256_GMAC = 3 |
Definition at line 39 of file CryptoBuiltIn.idl.
Referenced by OpenDDS::Security::CryptoBuiltInImpl::verify().
| const octet OpenDDS::Security::CRYPTO_TRANSFORMATION_KIND_NONE = 0 |
Definition at line 16 of file CryptoBuiltIn.idl.
| const unsigned long OpenDDS::Security::FLAG_IS_PAYLOAD_ENCRYPTED = 2 |
Definition at line 101 of file CryptoBuiltIn.idl.
| const unsigned long OpenDDS::Security::FLAG_IS_SUBMESSAGE_ENCRYPTED = 1 |
Definition at line 100 of file CryptoBuiltIn.idl.
| const unsigned long OpenDDS::Security::TransformKindIndex = 3 |
Definition at line 13 of file CryptoBuiltIn.idl.
1.6.1
