[16501] PKI exchange finished

include/fastdds/rtps/builtin/discovery/participant/PDP.h

@@ -47,6 +47,12 @@ class PDPEndpoints;
 } // namespace fastdds
 
 namespace fastrtps {
+namespace types {
+
+class TypeObject;
+class TypeIdentifier;
+
+} // namespace types
 namespace rtps {
 
 class RTPSWriter;
@@ -76,6 +82,7 @@ class PDP
     friend class PDPListener;
     friend class PDPServerListener;
     friend class fastdds::rtps::PDPServerListener;
+    friend class PDPSecurityInitiatorListener;
 
 public:
 

include/fastdds/rtps/common/EntityId_t.hpp

@@ -363,6 +363,11 @@ const EntityId_t participant_volatile_message_secure_reader_entity_id =
 
 const EntityId_t c_EntityId_WriterLivelinessSecure = ENTITYID_P2P_BUILTIN_PARTICIPANT_MESSAGE_SECURE_WRITER;
 const EntityId_t c_EntityId_ReaderLivelinessSecure = ENTITYID_P2P_BUILTIN_PARTICIPANT_MESSAGE_SECURE_READER;
+
+const EntityId_t c_EntityId_spdp_reliable_participant_secure_reader =
+        ENTITYID_SPDP_RELIABLE_BUILTIN_PARTICIPANT_SECURE_READER;
+const EntityId_t c_EntityId_spdp_reliable_participant_secure_writer =
+        ENTITYID_SPDP_RELIABLE_BUILTIN_PARTICIPANT_SECURE_WRITER;
 #endif // if HAVE_SECURITY
 
 const EntityId_t ds_server_virtual_writer = ENTITYID_DS_SERVER_VIRTUAL_WRITER;

src/cpp/CMakeLists.txt

@@ -292,6 +292,7 @@ set(${PROJECT_NAME}_security_source_files
     rtps/security/logging/Logging.cpp
     rtps/security/SecurityManager.cpp
     rtps/security/SecurityPluginFactory.cpp
+    rtps/builtin/discovery/participant/DS/PDPSecurityInitiatorListener.cpp
     security/authentication/PKIDH.cpp
     security/accesscontrol/Permissions.cpp
     security/cryptography/AESGCMGMAC.cpp
@@ -390,7 +391,7 @@ find_package(Atomic MODULE)
 # prioritizes writes
 
 # try_run cannot manage targets yet
-get_target_property(CMAKE_ATOMIC_LIB eProsima_atomic INTERFACE_LINK_LIBRARIES)    
+get_target_property(CMAKE_ATOMIC_LIB eProsima_atomic INTERFACE_LINK_LIBRARIES)
 if(NOT CMAKE_ATOMIC_LIB)
     set(CMAKE_ATOMIC_LIB)
 endif()
@@ -508,7 +509,7 @@ if(MSVC OR MSVC_IDE)
         endif()
 
         # Get OpenSSL version suitable manifest format
-        execute_process( COMMAND PowerShell -NoLogo -Command "&{ param([string]$original) 
+        execute_process( COMMAND PowerShell -NoLogo -Command "&{ param([string]$original)
         if ($original -notmatch '\\d+$')
             { $res = $original.Substring(0,$original.length-1) + '.' +
             ([int]$original[$original.length-1]-[int][char]'a'+1); }

src/cpp/rtps/builtin/discovery/participant/DS/DiscoveryServerPDPEndpointsSecure.hpp

@@ -0,0 +1,100 @@
+// Copyright 2022 Proyectos y Sistemas de Mantenimiento SL (eProsima).
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/**
+ * @file DiscoveryServerPDPEndpointsSecure.hpp
+ */
+
+#ifndef FASTDDS_RTPS_BUILTIN_DISCOVERY_PARTICIPANT_DS__DISCOVERYSERVERPDPENDPOINTSSECURE_HPP_
+#define FASTDDS_RTPS_BUILTIN_DISCOVERY_PARTICIPANT_DS__DISCOVERYSERVERPDPENDPOINTSSECURE_HPP_
+
+#include <memory>
+
+#include <fastdds/rtps/builtin/data/BuiltinEndpoints.hpp>
+#include <fastdds/rtps/common/EntityId_t.hpp>
+#include <fastdds/rtps/reader/StatelessReader.h>
+
+#include <rtps/builtin/BuiltinReader.hpp>
+#include <rtps/builtin/discovery/participant/DS/DiscoveryServerPDPEndpoints.hpp>
+
+namespace eprosima {
+namespace fastdds {
+namespace rtps {
+
+/**
+ * Container for the builtin endpoints of secure PDPClient and PDPServer
+ */
+struct DiscoveryServerPDPEndpointsSecure : public DiscoveryServerPDPEndpoints
+{
+    ~DiscoveryServerPDPEndpointsSecure() override = default;
+
+    fastrtps::rtps::BuiltinEndpointSet_t builtin_endpoints() const override
+    {
+        return DiscoveryServerPDPEndpoints::builtin_endpoints() |
+               DISC_BUILTIN_ENDPOINT_PARTICIPANT_SECURE_ANNOUNCER | DISC_BUILTIN_ENDPOINT_PARTICIPANT_SECURE_DETECTOR;
+    }
+
+    bool enable_pdp_readers(
+            fastrtps::rtps::RTPSParticipantImpl* participant) override
+    {
+        return DiscoveryServerPDPEndpoints::enable_pdp_readers(participant) &&
+               participant->enableReader(stateless_reader.reader_);
+    }
+
+    void disable_pdp_readers(
+            fastrtps::rtps::RTPSParticipantImpl* participant) override
+    {
+        participant->disableReader(stateless_reader.reader_);
+        DiscoveryServerPDPEndpoints::disable_pdp_readers(participant);
+    }
+
+    void delete_pdp_endpoints(
+            fastrtps::rtps::RTPSParticipantImpl* participant) override
+    {
+        participant->deleteUserEndpoint(stateless_reader.reader_->getGuid());
+        DiscoveryServerPDPEndpoints::delete_pdp_endpoints(participant);
+    }
+
+    void remove_from_pdp_reader_history(
+            const fastrtps::rtps::InstanceHandle_t& remote_participant) override
+    {
+        stateless_reader.remove_from_history(remote_participant);
+        DiscoveryServerPDPEndpoints::remove_from_pdp_reader_history(remote_participant);
+    }
+
+    void remove_from_pdp_reader_history(
+            fastrtps::rtps::CacheChange_t* change) override
+    {
+        assert(nullptr != change);
+        if (change->writerGUID.entityId == fastrtps::rtps::c_EntityId_SPDPWriter)
+        {
+            stateless_reader.history_->remove_change(change);
+        }
+        else
+        {
+            DiscoveryServerPDPEndpoints::remove_from_pdp_reader_history(change);
+        }
+    }
+
+    //! Builtin Simple PDP reader
+    BuiltinReader<fastrtps::rtps::StatelessReader> stateless_reader;
+    //! Listener for stateless_reader
+    std::unique_ptr<fastrtps::rtps::ReaderListener> stateless_listener;
+};
+
+} // namespace rtps
+} // namespace fastdds
+} // namespace eprosima
+
+#endif  // FASTDDS_RTPS_BUILTIN_DISCOVERY_PARTICIPANT_DS__DISCOVERYSERVERPDPENDPOINTSSECURE_HPP_

src/cpp/rtps/builtin/discovery/participant/DS/FakeWriter.hpp

@@ -0,0 +1,55 @@
+// Copyright 2022 Proyectos y Sistemas de Mantenimiento SL (eProsima).
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/**
+ * @file FakeWriter.hpp
+ */
+
+#ifndef FASTDDS_RTPS_BUILTIN_DISCOVERY_PARTICIPANT_DS__FAKEWRITER_HPP_
+#define FASTDDS_RTPS_BUILTIN_DISCOVERY_PARTICIPANT_DS__FAKEWRITER_HPP_
+
+#include <fastdds/rtps/Endpoint.h>
+
+#include <rtps/participant/RTPSParticipantImpl.h>
+
+namespace eprosima {
+namespace fastdds {
+namespace rtps {
+
+/**
+ * An RTPS writer simulator used to send messages with a \ref DirectMessageSender.
+ */
+class FakeWriter : public fastrtps::rtps::Endpoint
+{
+public:
+
+    FakeWriter(
+            fastrtps::rtps::RTPSParticipantImpl* participant,
+            const fastrtps::rtps::EntityId_t& entity_id)
+        : fastrtps::rtps::Endpoint(participant, { participant->getGuid().guidPrefix, entity_id }, {})
+    {
+        m_att.endpointKind = fastrtps::rtps::EndpointKind_t::WRITER;
+#if HAVE_SECURITY
+        participant->set_endpoint_rtps_protection_supports(this, false);
+#endif // HAVE_SECURITY
+    }
+
+    virtual ~FakeWriter() override = default;
+};
+
+}  // namespace rtps
+}  // namespace fastdds
+}  // namespace eprosima
+
+#endif /* FASTDDS_RTPS_BUILTIN_DISCOVERY_PARTICIPANT_DS__FAKEWRITER_HPP_ */

src/cpp/rtps/builtin/discovery/participant/DS/PDPSecurityInitiatorListener.cpp

@@ -0,0 +1,165 @@
+// Copyright 2022 Proyectos y Sistemas de Mantenimiento SL (eProsima).
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/**
+ * @file PDPSecurityInitiatorListener.cpp
+ *
+ */
+
+#include <rtps/builtin/discovery/participant/DS/PDPSecurityInitiatorListener.hpp>
+
+#include <fastdds/dds/log/Log.hpp>
+
+#include <fastdds/rtps/builtin/discovery/endpoint/EDP.h>
+#include <fastdds/rtps/builtin/discovery/participant/PDP.h>
+#include <fastdds/rtps/history/ReaderHistory.h>
+#include <fastdds/rtps/participant/ParticipantDiscoveryInfo.h>
+#include <fastdds/rtps/participant/RTPSParticipantListener.h>
+#include <fastdds/rtps/reader/RTPSReader.h>
+#include <fastdds/rtps/resources/TimedEvent.h>
+
+#include <fastrtps/utils/TimeConversion.h>
+
+#include <fastdds/core/policy/ParameterList.hpp>
+#include <rtps/builtin/discovery/participant/PDPEndpoints.hpp>
+#include <rtps/network/ExternalLocatorsProcessor.hpp>
+#include <rtps/participant/RTPSParticipantImpl.h>
+
+#include <mutex>
+
+using ParameterList = eprosima::fastdds::dds::ParameterList;
+
+namespace eprosima {
+namespace fastrtps {
+namespace rtps {
+
+PDPSecurityInitiatorListener::PDPSecurityInitiatorListener(
+        PDP* parent,
+        SecurityInitiatedCallback response_cb)
+    : parent_pdp_(parent)
+    , temp_participant_data_(parent->getRTPSParticipant()->getRTPSParticipantAttributes().allocation)
+    , response_cb_(response_cb)
+{
+}
+
+void PDPSecurityInitiatorListener::onNewCacheChangeAdded(
+        RTPSReader* reader,
+        const CacheChange_t* const change_in)
+{
+    CacheChange_t* change = const_cast<CacheChange_t*>(change_in);
+    GUID_t writer_guid = change->writerGUID;
+    EPROSIMA_LOG_INFO(RTPS_PDP, "SPDP Message received from: " << change_in->writerGUID);
+
+    // Make sure we have an instance handle (i.e GUID)
+    if (change->instanceHandle == c_InstanceHandle_Unknown)
+    {
+        if (!this->get_key(change))
+        {
+            EPROSIMA_LOG_WARNING(RTPS_PDP, "Problem getting the key of the change, removing");
+            parent_pdp_->builtin_endpoints_->remove_from_pdp_reader_history(change);
+            return;
+        }
+    }
+
+    // Take GUID from instance handle
+    GUID_t guid;
+    iHandle2GUID(guid, change->instanceHandle);
+
+    if (change->kind == ALIVE)
+    {
+        // Ignore announcement from own RTPSParticipant
+        if (guid == parent_pdp_->getRTPSParticipant()->getGuid())
+        {
+            EPROSIMA_LOG_INFO(RTPS_PDP, "Message from own RTPSParticipant, removing");
+            parent_pdp_->builtin_endpoints_->remove_from_pdp_reader_history(change);
+            return;
+        }
+
+        // Release reader lock to avoid ABBA lock. PDP mutex should always be first.
+        // Keep change information on local variables to check consistency later
+        SequenceNumber_t seq_num = change->sequenceNumber;
+        reader->getMutex().unlock();
+        std::unique_lock<std::recursive_mutex> lock(*parent_pdp_->getMutex());
+        reader->getMutex().lock();
+
+        // If change is not consistent, it will be processed on the thread that has overriten it
+        if ((ALIVE != change->kind) || (seq_num != change->sequenceNumber) || (writer_guid != change->writerGUID))
+        {
+            return;
+        }
+
+        // Access to temp_participant_data_ is protected by reader lock
+
+        // Load information on temp_participant_data_
+        CDRMessage_t msg(change->serializedPayload);
+        temp_participant_data_.clear();
+        if (temp_participant_data_.readFromCDRMessage(&msg, true, parent_pdp_->getRTPSParticipant()->network_factory(),
+                parent_pdp_->getRTPSParticipant()->has_shm_transport()))
+        {
+            // After correctly reading it
+            change->instanceHandle = temp_participant_data_.m_key;
+            guid = temp_participant_data_.m_guid;
+
+            // Filter locators
+            const auto& pattr = parent_pdp_->getRTPSParticipant()->getAttributes();
+            fastdds::rtps::ExternalLocatorsProcessor::filter_remote_locators(temp_participant_data_,
+                    pattr.builtin.metatraffic_external_unicast_locators, pattr.default_external_unicast_locators,
+                    pattr.ignore_non_matching_locators);
+
+            // Check if participant already exists (updated info)
+            ParticipantProxyData* pdata = nullptr;
+            for (ParticipantProxyData* it : parent_pdp_->participant_proxies_)
+            {
+                if (guid == it->m_guid)
+                {
+                    pdata = it;
+                    break;
+                }
+            }
+
+            if (pdata == nullptr)
+            {
+                // Create a new one when not found
+
+                reader->getMutex().unlock();
+                lock.unlock();
+
+                //! notify security manager in order to start handshake
+                parent_pdp_->getRTPSParticipant()->security_manager().discovered_participant(temp_participant_data_);
+
+                //! Reply to the remote participant
+                response_cb_(temp_participant_data_);
+
+                // Take again the reader lock
+                reader->getMutex().lock();
+
+            } //! Do nothing if already discovered
+
+        }
+
+    } //! Do nothing on participant removal
+
+    //Remove change form history.
+    parent_pdp_->builtin_endpoints_->remove_from_pdp_reader_history(change);
+}
+
+bool PDPSecurityInitiatorListener::get_key(
+        CacheChange_t* change)
+{
+    return ParameterList::readInstanceHandleFromCDRMsg(change, fastdds::dds::PID_PARTICIPANT_GUID);
+}
+
+} /* namespace rtps */
+} /* namespace fastrtps */
+} /* namespace eprosima */