Skip to content

Commit

Permalink
update the security plugins remove deprecate warning when using opens…
Browse files Browse the repository at this point in the history
…sl v3
  • Loading branch information
Marcel Jordense authored and MarcelJordense committed Sep 14, 2023
1 parent 7c5e790 commit d9eba58
Show file tree
Hide file tree
Showing 8 changed files with 953 additions and 984 deletions.
317 changes: 277 additions & 40 deletions src/security/builtin_plugins/authentication/src/auth_utils.c

Large diffs are not rendered by default.

750 changes: 636 additions & 114 deletions src/security/builtin_plugins/tests/common/src/handshake_helper.c

Large diffs are not rendered by default.

39 changes: 33 additions & 6 deletions src/security/builtin_plugins/tests/common/src/handshake_helper.h
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,41 @@
#include "dds/security/core/dds_security_serialize.h"
#include "dds/security/openssl_support.h"

const BIGNUM *
dh_get_public_key(
DH *dhkey);
struct octet_seq {
unsigned char *data;
uint32_t length;
};

void
octet_seq_init(
struct octet_seq *seq,
unsigned char *data,
uint32_t size);

void
octet_seq_deinit(
struct octet_seq *seq);

ASN1_INTEGER *
get_pubkey_asn1int(EVP_PKEY *pkey);

int
get_dh_public_key_modp_2048(
EVP_PKEY *pkey,
struct octet_seq *pubkey);

int
get_dh_public_key_ecdh(
EVP_PKEY *pkey,
struct octet_seq *pubkey);

int
create_dh_key_modp_2048(
EVP_PKEY **pkey);

int
dh_set_public_key(
DH *dhkey,
BIGNUM *pubkey);
create_dh_key_ecdh(
EVP_PKEY **pkey);

DDS_Security_ValidationResult_t
create_signature_for_test(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,6 @@ typedef enum {
} HandshakeStep_t;


struct octet_seq {
unsigned char *data;
uint32_t length;
};

static const char * AUTH_DSIGN_ALGO_RSA_NAME = "RSASSA-PSS-SHA256";
static const char * AUTH_KAGREE_ALGO_RSA_NAME = "DH+MODP-2048-256";
static const char * AUTH_KAGREE_ALGO_ECDH_NAME = "ECDH+prime256v1-CEUM";
Expand Down Expand Up @@ -219,25 +214,6 @@ static EVP_PKEY *g_dh_ecdh_key = NULL;
static struct octet_seq g_dh_modp_pub_key = {NULL, 0};
static struct octet_seq g_dh_ecdh_pub_key = {NULL, 0};


static void
octet_seq_init(
struct octet_seq *seq,
unsigned char *data,
uint32_t size)
{
seq->data = ddsrt_malloc(size);
memcpy(seq->data, data, size);
seq->length = size;
}

static void
octet_seq_deinit(
struct octet_seq *seq)
{
ddsrt_free(seq->data);
}

static void
serializer_participant_data(
DDS_Security_ParticipantBuiltinTopicData *pdata,
Expand Down Expand Up @@ -541,199 +517,9 @@ get_adjusted_participant_guid(
return result;
}

static int
create_dh_key_modp_2048(
EVP_PKEY **pkey)
{
int r = 0;
EVP_PKEY *params = NULL;
EVP_PKEY_CTX *kctx = NULL;
DH *dh = NULL;

*pkey = NULL;

if ((params = EVP_PKEY_new()) == NULL) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to allocate EVP_PKEY: %s", msg);
ddsrt_free(msg);
r = -1;
} else if ((dh = DH_get_2048_256()) == NULL) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to allocate DH parameter: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_set1_DH(params, dh) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to set DH parameter to MODP_2048_256: %s", msg);
ddsrt_free(msg);
r = -1;
} else if ((kctx = EVP_PKEY_CTX_new(params, NULL)) == NULL) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to allocate KEY context %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_keygen_init(kctx) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to initialize KEY context: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_keygen(kctx, pkey) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to generate :MODP_2048_256 keys %s", msg);
ddsrt_free(msg);
r = -1;
}

if (params) EVP_PKEY_free(params);
if (kctx) EVP_PKEY_CTX_free(kctx);
if (dh) DH_free(dh);

return r;
}

static int
get_dh_public_key_modp_2048(
EVP_PKEY *pkey,
struct octet_seq *pubkey)
{
int r = 0;
DH *dhkey;
unsigned char *buffer = NULL;
uint32_t size;
ASN1_INTEGER *asn1int;

dhkey = EVP_PKEY_get1_DH(pkey);
if (!dhkey) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to get DH key from PKEY: %s", msg);
ddsrt_free(msg);
r = -1;
goto fail_get_dhkey;
}

asn1int = BN_to_ASN1_INTEGER( dh_get_public_key(dhkey) , NULL);
if (!asn1int) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to convert DH key to ASN1 integer: %s", msg);
ddsrt_free(msg);
r = -1;
goto fail_get_pubkey;
}

size = (uint32_t)i2d_ASN1_INTEGER(asn1int, &buffer);
octet_seq_init(pubkey, buffer, size);

ASN1_INTEGER_free(asn1int);
OPENSSL_free(buffer);

fail_get_pubkey:
DH_free(dhkey);
fail_get_dhkey:
return r;
}

static int
create_dh_key_ecdh(
EVP_PKEY **pkey)
{
int r = 0;
EVP_PKEY *params = NULL;
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY_CTX *kctx = NULL;

*pkey = NULL;

if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) == NULL) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to allocate DH parameter context: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_paramgen_init(pctx) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to initialize DH generation context: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_X9_62_prime256v1) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to set DH generation parameter generation method: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_paramgen(pctx, &params) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to generate DH parameters: %s", msg);
ddsrt_free(msg);
r = -1;
} else if ((kctx = EVP_PKEY_CTX_new(params, NULL)) == NULL) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to allocate KEY context %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_keygen_init(kctx) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to initialize KEY context: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_keygen(kctx, pkey) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to generate :MODP_2048_256 keys %s", msg);
ddsrt_free(msg);
r = -1;
}

if (kctx) EVP_PKEY_CTX_free(kctx);
if (params) EVP_PKEY_free(params);
if (pctx) EVP_PKEY_CTX_free(pctx);

return r;
}

static int
get_dh_public_key_ecdh(
EVP_PKEY *pkey,
struct octet_seq *pubkey)
{
int r = 0;
EC_KEY *eckey = NULL;
const EC_GROUP *group = NULL;
const EC_POINT *point = NULL;
size_t sz;

if (!(eckey = EVP_PKEY_get1_EC_KEY(pkey))) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to get EC key from PKEY: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (!(point = EC_KEY_get0_public_key(eckey))) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to get public key from ECKEY: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (!(group = EC_KEY_get0_group(eckey))) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to get group from ECKEY: %s", msg);
ddsrt_free(msg);
r = -1;
} else if ((sz = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, NULL, 0, NULL)) != 0) {
pubkey->data = ddsrt_malloc(sz);
pubkey->length = (uint32_t) EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, pubkey->data, sz, NULL);
if (pubkey->length == 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to serialize public EC key: %s", msg);
ddsrt_free(msg);
octet_seq_deinit(pubkey);
r = -1;
}
} else {
char *msg = get_openssl_error_message_for_test();
printf("Failed to serialize public EC key: %s", msg);
ddsrt_free(msg);
r = -1;
}

if (eckey) EC_KEY_free(eckey);

return r;
}

static int
validate_remote_identities (const char *remote_id_certificate)
Expand Down
Loading

0 comments on commit d9eba58

Please sign in to comment.