[17141] Feature: secure discovery server

include/fastdds/rtps/builtin/data/BuiltinEndpoints.hpp

@@ -0,0 +1,47 @@
+// Copyright 2022 Proyectos y Sistemas de Mantenimiento SL (eProsima).
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/**
+ * @file BuiltinEndpoints.hpp
+ */
+
+#ifndef FASTDDS_RTPS_BUILTIN_DATA__BUILTINENDPOINTS_HPP
+#define FASTDDS_RTPS_BUILTIN_DATA__BUILTINENDPOINTS_HPP
+
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_ANNOUNCER              (0x00000001 << 0)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_DETECTOR               (0x00000001 << 1)
+#define DISC_BUILTIN_ENDPOINT_PUBLICATION_ANNOUNCER              (0x00000001 << 2)
+#define DISC_BUILTIN_ENDPOINT_PUBLICATION_DETECTOR               (0x00000001 << 3)
+#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_ANNOUNCER             (0x00000001 << 4)
+#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_DETECTOR              (0x00000001 << 5)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_PROXY_ANNOUNCER        (0x00000001 << 6)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_PROXY_DETECTOR         (0x00000001 << 7)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_STATE_ANNOUNCER        (0x00000001 << 8)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_STATE_DETECTOR         (0x00000001 << 9)
+#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_DATA_WRITER         (0x00000001 << 10)
+#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_DATA_READER         (0x00000001 << 11)
+#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REQUEST_DATA_WRITER  (0x00000001 << 12)
+#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REQUEST_DATA_READER  (0x00000001 << 13)
+#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REPLY_DATA_WRITER    (0x00000001 << 14)
+#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REPLY_DATA_READER    (0x00000001 << 15)
+#define DISC_BUILTIN_ENDPOINT_PUBLICATION_SECURE_ANNOUNCER       (0x00000001 << 16)
+#define DISC_BUILTIN_ENDPOINT_PUBLICATION_SECURE_DETECTOR        (0x00000001 << 17)
+#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_SECURE_ANNOUNCER      (0x00000001 << 18)
+#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_SECURE_DETECTOR       (0x00000001 << 19)
+#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_SECURE_DATA_WRITER  (0x00000001 << 20)
+#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_SECURE_DATA_READER  (0x00000001 << 21)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_SECURE_ANNOUNCER       (0x00000001 << 26)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_SECURE_DETECTOR        (0x00000001 << 27)
+
+#endif // FASTDDS_RTPS_BUILTIN_DATA__BUILTINENDPOINTS_HPP

include/fastdds/rtps/builtin/data/ParticipantProxyData.h

@@ -26,6 +26,7 @@
 #include <fastdds/rtps/attributes/RTPSParticipantAllocationAttributes.hpp>
 #include <fastdds/rtps/attributes/WriterAttributes.h>
 #include <fastdds/rtps/attributes/ReaderAttributes.h>
+#include <fastdds/rtps/builtin/data/BuiltinEndpoints.hpp>
 #include <fastdds/rtps/common/Token.h>
 #include <fastdds/rtps/common/RemoteLocators.hpp>
 
@@ -38,31 +39,6 @@
 #define BUILTIN_PARTICIPANT_DATA_MAX_SIZE 100
 #define TYPELOOKUP_DATA_MAX_SIZE 5000
 
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_ANNOUNCER              (0x00000001 << 0)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_DETECTOR               (0x00000001 << 1)
-#define DISC_BUILTIN_ENDPOINT_PUBLICATION_ANNOUNCER              (0x00000001 << 2)
-#define DISC_BUILTIN_ENDPOINT_PUBLICATION_DETECTOR               (0x00000001 << 3)
-#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_ANNOUNCER             (0x00000001 << 4)
-#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_DETECTOR              (0x00000001 << 5)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_PROXY_ANNOUNCER        (0x00000001 << 6)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_PROXY_DETECTOR         (0x00000001 << 7)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_STATE_ANNOUNCER        (0x00000001 << 8)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_STATE_DETECTOR         (0x00000001 << 9)
-#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_DATA_WRITER         (0x00000001 << 10)
-#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_DATA_READER         (0x00000001 << 11)
-#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REQUEST_DATA_WRITER  (0x00000001 << 12)
-#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REQUEST_DATA_READER  (0x00000001 << 13)
-#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REPLY_DATA_WRITER    (0x00000001 << 14)
-#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REPLY_DATA_READER    (0x00000001 << 15)
-#define DISC_BUILTIN_ENDPOINT_PUBLICATION_SECURE_ANNOUNCER       (0x00000001 << 16)
-#define DISC_BUILTIN_ENDPOINT_PUBLICATION_SECURE_DETECTOR        (0x00000001 << 17)
-#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_SECURE_ANNOUNCER      (0x00000001 << 18)
-#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_SECURE_DETECTOR       (0x00000001 << 19)
-#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_SECURE_DATA_WRITER  (0x00000001 << 20)
-#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_SECURE_DATA_READER  (0x00000001 << 21)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_SECURE_ANNOUNCER       (0x00000001 << 26)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_SECURE_DETECTOR        (0x00000001 << 27)
-
 namespace eprosima {
 namespace fastrtps {
 namespace rtps {

include/fastdds/rtps/builtin/discovery/endpoint/EDPSimple.h

@@ -223,6 +223,23 @@ class EDPSimple : public EDP
             t_p_StatefulWriter& writer,
             key_list& demises);
 
+    /**
+     * Get a pointer pair of the corresponding writer builtin endpoint for the entity_id
+     * @param [in] entity_id The entity_id to obtain the pair from.
+     * @return A pair of nullptrs if operation was unsuccessful
+     */
+    t_p_StatefulWriter get_builtin_writer_history_pair_by_entity(
+            const EntityId_t& entity_id);
+
+    /**
+     * Get a pointer pair of the corresponding reader builtin endpoint for the entity_id.
+     * If a builtin writer Entity is passed, the equivalent reader entity builtin is returned.
+     * @param [in] entity_id The entity_id to obtain the pair from.
+     * @return A pair of nullptrs if operation was unsuccessful
+     */
+    t_p_StatefulReader get_builtin_reader_history_pair_by_entity(
+            const EntityId_t& entity_id);
+
     std::shared_ptr<ITopicPayloadPool> pub_writer_payload_pool_;
     std::shared_ptr<ITopicPayloadPool> pub_reader_payload_pool_;
     std::shared_ptr<ITopicPayloadPool> sub_writer_payload_pool_;

include/fastdds/rtps/builtin/discovery/participant/PDP.h

@@ -22,8 +22,9 @@
 #ifndef DOXYGEN_SHOULD_SKIP_THIS_PUBLIC
 
 #include <atomic>
-#include <mutex>
 #include <functional>
+#include <memory>
+#include <mutex>
 
 #include <fastdds/rtps/attributes/RTPSParticipantAttributes.h>
 #include <fastdds/rtps/builtin/data/ReaderProxyData.h>
@@ -40,11 +41,18 @@ namespace fastdds {
 namespace rtps {
 
 class PDPServerListener;
+class PDPEndpoints;
 
 } // namespace rtps
 } // namespace fastdds
 
 namespace fastrtps {
+namespace types {
+
+class TypeObject;
+class TypeIdentifier;
+
+} // namespace types
 namespace rtps {
 
 class RTPSWriter;
@@ -74,6 +82,7 @@ class PDP
     friend class PDPListener;
     friend class PDPServerListener;
     friend class fastdds::rtps::PDPServerListener;
+    friend class PDPSecurityInitiatorListener;
 
 public:
 
@@ -128,7 +137,7 @@ class PDP
     virtual void announceParticipantState(
             bool new_change,
             bool dispose = false,
-            WriteParams& wparams = WriteParams::WRITE_PARAM_DEFAULT);
+            WriteParams& wparams = WriteParams::WRITE_PARAM_DEFAULT) = 0;
 
     //!Stop the RTPSParticipantAnnouncement (only used in tests).
     virtual void stopParticipantAnnouncement();
@@ -376,6 +385,16 @@ class PDP
         return temp_writer_proxies_;
     }
 
+#if HAVE_SECURITY
+    virtual bool pairing_remote_writer_with_local_reader_after_security(
+            const GUID_t& local_reader,
+            const WriterProxyData& remote_writer_data);
+
+    virtual bool pairing_remote_reader_with_local_writer_after_security(
+            const GUID_t& local_writer,
+            const ReaderProxyData& remote_reader_data);
+#endif // HAVE_SECURITY
+
 protected:
 
     //!Pointer to the builtin protocols object.
@@ -384,10 +403,8 @@ class PDP
     RTPSParticipantImpl* mp_RTPSParticipant;
     //!Discovery attributes.
     BuiltinAttributes m_discovery;
-    //!Pointer to the PDPWriter.
-    RTPSWriter* mp_PDPWriter;
-    //!Pointer to the PDPReader.
-    RTPSReader* mp_PDPReader;
+    //!Builtin PDP endpoints
+    std::unique_ptr<fastdds::rtps::PDPEndpoints> builtin_endpoints_;
     //!Pointer to the EDP object.
     EDP* mp_EDP;
     //!Number of participant proxy data objects created
@@ -408,14 +425,6 @@ class PDP
     std::atomic_bool m_hasChangedLocalPDP;
     //!Listener for the SPDP messages.
     ReaderListener* mp_listener;
-    //!WriterHistory
-    WriterHistory* mp_PDPWriterHistory;
-    //!Writer payload pool
-    std::shared_ptr<ITopicPayloadPool> writer_payload_pool_;
-    //!Reader History
-    ReaderHistory* mp_PDPReaderHistory;
-    //!Reader payload pool
-    std::shared_ptr<ITopicPayloadPool> reader_payload_pool_;
     //! ProxyPool for temporary reader proxies
     ProxyPool<ReaderProxyData> temp_reader_proxies_;
     //! ProxyPool for temporary writer proxies
@@ -442,6 +451,19 @@ class PDP
             bool with_lease_duration,
             const ParticipantProxyData* participant_proxy_data = nullptr);
 
+    /**
+     * Checks whether two participant prefixes are equal by calculating the mangled
+     * GUID and comparing it with the remote participant prefix.
+     *
+     * @param guid_prefix the original desired guid_prefix to compare
+     * @param participant_data The participant proxy data to compare against
+     *
+     * @return true when prefixes are equivalent
+     */
+    bool data_matches_with_prefix(
+            const GuidPrefix_t& guid_prefix,
+            const ParticipantProxyData& participant_data);
+
     /**
      * Gets the key of a participant proxy data.
      *
@@ -454,6 +476,26 @@ class PDP
             const GUID_t& participant_guid,
             InstanceHandle_t& key);
 
+    /**
+     * Force the sending of our local DPD to all remote RTPSParticipants and multicast Locators.
+     * @param writer RTPSWriter to use for sending the announcement
+     * @param history history where the change should be added
+     * @param new_change If true a new change (with new seqNum) is created and sent;If false the last change is re-sent
+     * @param dispose sets change kind to NOT_ALIVE_DISPOSED_UNREGISTERED
+     * @param wparams allows to identify the change
+     */
+    void announceParticipantState(
+            RTPSWriter& writer,
+            WriterHistory& history,
+            bool new_change,
+            bool dispose = false,
+            WriteParams& wparams = WriteParams::WRITE_PARAM_DEFAULT);
+
+    /**
+     * Called after creating the builtin endpoints to update the metatraffic unicast locators of BuiltinProtocols
+     */
+    virtual void update_builtin_locators() = 0;
+
 private:
 
     //!TimedEvent to periodically resend the local RTPSParticipant information.

include/fastdds/rtps/builtin/discovery/participant/PDPSimple.h

@@ -54,7 +54,8 @@ class PDPSimple : public PDP
      * @param part Pointer to the RTPSParticipant.
      * @return True on success
      */
-    bool init(RTPSParticipantImpl* part) override;
+    bool init(
+            RTPSParticipantImpl* part) override;
 
     /**
      * Creates an initializes a new participant proxy from a DATA(p) raw info
@@ -63,8 +64,8 @@ class PDPSimple : public PDP
      * @return new ParticipantProxyData * or nullptr on failure
      */
     ParticipantProxyData* createParticipantProxyData(
-        const ParticipantProxyData& p,
-        const GUID_t& writer_guid) override;
+            const ParticipantProxyData& p,
+            const GUID_t& writer_guid) override;
 
     /**
      * Some PDP classes require EDP matching with update PDP DATAs like EDPStatic
@@ -79,28 +80,31 @@ class PDPSimple : public PDP
      * @param wparams allows to identify the change
      */
     void announceParticipantState(
-        bool new_change,
-        bool dispose = false,
-        WriteParams& wparams = WriteParams::WRITE_PARAM_DEFAULT) override;
+            bool new_change,
+            bool dispose = false,
+            WriteParams& wparams = WriteParams::WRITE_PARAM_DEFAULT) override;
 
     /**
      * This method assigns remote endpoints to the builtin endpoints defined in this protocol. It also calls
      * the corresponding methods in EDP and WLP.
      * @param pdata Pointer to the ParticipantProxyData object.
      */
-    void assignRemoteEndpoints(ParticipantProxyData* pdata) override;
+    void assignRemoteEndpoints(
+            ParticipantProxyData* pdata) override;
 
     /**
      * Remove remote endpoints from the participant discovery protocol
      * @param pdata Pointer to the ParticipantProxyData to remove
      */
-    void removeRemoteEndpoints(ParticipantProxyData * pdata) override;
+    void removeRemoteEndpoints(
+            ParticipantProxyData* pdata) override;
 
     /**
      * This method notifies EDP and WLP of the existence of a new participant.
      * @param pdata
      */
-    void notifyAboveRemoteEndpoints(const ParticipantProxyData& pdata) override;
+    void notifyAboveRemoteEndpoints(
+            const ParticipantProxyData& pdata) override;
 
     /**
      * Activate a new Remote Endpoint that has been statically discovered.
@@ -113,10 +117,12 @@ class PDPSimple : public PDP
             int16_t userDefinedId,
             EndpointKind_t kind);
 
+    void update_builtin_locators() override;
 
 private:
 
-    void initializeParticipantProxyData(ParticipantProxyData* participant_data) override;
+    void initializeParticipantProxyData(
+            ParticipantProxyData* participant_data) override;
 
     /**
      * Create the SPDP Writer and Reader
@@ -130,5 +136,5 @@ class PDPSimple : public PDP
 } /* namespace fastrtps */
 } /* namespace eprosima */
 
-#endif
+#endif // ifndef DOXYGEN_SHOULD_SKIP_THIS_PUBLIC
 #endif //_FASTDDS_RTPS_BUILTIN_DISCOVERY_PARTICIPANT_PDPSIMPLE_H_

include/fastdds/rtps/common/EntityId_t.hpp

@@ -363,6 +363,11 @@ const EntityId_t participant_volatile_message_secure_reader_entity_id =
 
 const EntityId_t c_EntityId_WriterLivelinessSecure = ENTITYID_P2P_BUILTIN_PARTICIPANT_MESSAGE_SECURE_WRITER;
 const EntityId_t c_EntityId_ReaderLivelinessSecure = ENTITYID_P2P_BUILTIN_PARTICIPANT_MESSAGE_SECURE_READER;
+
+const EntityId_t c_EntityId_spdp_reliable_participant_secure_reader =
+        ENTITYID_SPDP_RELIABLE_BUILTIN_PARTICIPANT_SECURE_READER;
+const EntityId_t c_EntityId_spdp_reliable_participant_secure_writer =
+        ENTITYID_SPDP_RELIABLE_BUILTIN_PARTICIPANT_SECURE_WRITER;
 #endif // if HAVE_SECURITY
 
 const EntityId_t ds_server_virtual_writer = ENTITYID_DS_SERVER_VIRTUAL_WRITER;

include/fastdds/rtps/security/authentication/Authentication.h

@@ -249,6 +249,24 @@ class Authentication
             PermissionsCredentialToken* token,
             SecurityException& ex) = 0;
 
+    /**
+     * Returns whether a mangled GUID is the same as the original
+     * @param identity_handle Identity Handle of remote peer
+     * @param adjusted Mangled GUID prefix
+     * @param original Original GUID prefix candidate to compare
+     * @return true when @c adjusted corresponds to @c original
+     */
+    virtual bool check_guid_comes_from(
+            IdentityHandle* identity_handle,
+            const GUID_t& adjusted,
+            const GUID_t& original)
+    {
+        static_cast<void>(identity_handle);
+
+        //! By default, return this comparison
+        return adjusted == original;
+    }
+
     bool set_logger(
             Logging* logger,
             SecurityException& /*exception*/)

src/cpp/CMakeLists.txt

@@ -292,6 +292,7 @@ set(${PROJECT_NAME}_security_source_files
     rtps/security/logging/Logging.cpp
     rtps/security/SecurityManager.cpp
     rtps/security/SecurityPluginFactory.cpp
+    rtps/builtin/discovery/participant/DS/PDPSecurityInitiatorListener.cpp
     security/authentication/PKIDH.cpp
     security/accesscontrol/Permissions.cpp
     security/cryptography/AESGCMGMAC.cpp
@@ -390,7 +391,7 @@ find_package(Atomic MODULE)
 # prioritizes writes
 
 # try_run cannot manage targets yet
-get_target_property(CMAKE_ATOMIC_LIB eProsima_atomic INTERFACE_LINK_LIBRARIES)    
+get_target_property(CMAKE_ATOMIC_LIB eProsima_atomic INTERFACE_LINK_LIBRARIES)
 if(NOT CMAKE_ATOMIC_LIB)
     set(CMAKE_ATOMIC_LIB)
 endif()
@@ -508,7 +509,7 @@ if(MSVC OR MSVC_IDE)
         endif()
 
         # Get OpenSSL version suitable manifest format
-        execute_process( COMMAND PowerShell -NoLogo -Command "&{ param([string]$original) 
+        execute_process( COMMAND PowerShell -NoLogo -Command "&{ param([string]$original)
         if ($original -notmatch '\\d+$')
             { $res = $original.Substring(0,$original.length-1) + '.' +
             ([int]$original[$original.length-1]-[int][char]'a'+1); }