diff --git a/CMakeLists.txt b/CMakeLists.txt index 4082b98d47e24bf7b3f27949a8fd7e008f67f650..fb6cedff69f54c6ee3863eabf6c1843f3639f2f8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -120,7 +120,12 @@ target_include_directories(${PROJECT_NAME} PRIVATE target_link_libraries(${PROJECT_NAME} PRIVATE OpenSSL::SSL OpenSSL::Crypto) target_link_libraries(${PROJECT_NAME} PRIVATE TRAVODDS::TRAVODDS) - +#添加安全宏 +target_compile_definitions(${PROJECT_NAME} + PRIVATE + DDSSECURITY + ) + #############################安装配置############################# if (NOT INSTALL_DIR) set(INSTALL_DIR "${CMAKE_CURRENT_SOURCE_DIR}/install") diff --git a/debian/changelog b/debian/changelog index b41a28dd926ea79a154a21d4af6151c766eb2263..5e417b74f6fc904548120b1f711704725f88ccbe 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +travodds-security-plugin (1.1.0-1) unstable; urgency=medium + + * New release 1.1.0 + + -- AGIROS-CWW Mon, 01 Dec 2025 16:32:05 +0000 + travodds-security-plugin (1.0.0-1) unstable; urgency=medium * Initial release (Closes: #nnnn) diff --git a/debian/install b/debian/install index a44e4b54e3f2458646f1942247868672f5559efc..3bdbdf193e1d78dd665a2b342841af82f5afe358 100644 --- a/debian/install +++ b/debian/install @@ -1,2 +1,2 @@ -install/securityplugin /opt/agiros/loong/include/ -install/lib/libSecurityPlugin.so /opt/agiros/loong/lib +install/securityplugin/* /usr/include/securityplugin +install/lib/libSecurityPlugin.so /usr/lib diff --git a/include/securityplugin/permissionsaccesscontrol.h b/include/securityplugin/permissionsaccesscontrol.h index 3130ce33353947d6aa00f602cdfbe846a917ed89..d12bdfe2205933168f7db27495004156e5334456 100644 --- a/include/securityplugin/permissionsaccesscontrol.h +++ b/include/securityplugin/permissionsaccesscontrol.h @@ -936,6 +936,12 @@ private: const char* signedContent, char** originalContent, SecurityException *exception); + + static void process_protection_kind( + const ProtectionKind kind, + bool& protected_flag, + bool& encrypted_flag, + bool& orig_auth_flag); }; TRAVODDS_NAMESPACE_END diff --git a/include/securityplugin/pkidhauthentication.h b/include/securityplugin/pkidhauthentication.h index 6f56e64f75881cf01da18ed61711d4cac97b5465..90eb512ca9412258891f25914a8eff2054a45bea 100644 --- a/include/securityplugin/pkidhauthentication.h +++ b/include/securityplugin/pkidhauthentication.h @@ -229,7 +229,7 @@ public: bool return_sharedsecret_handle( const SharedSecretHandle shared_secret_handle, SecurityException *exception) { - //delete (SharedSecretHandleImpl*)shared_secret_handle; + delete (SharedSecretHandleImpl*)shared_secret_handle; return true; } diff --git a/src/permissionsaccesscontrol.cpp b/src/permissionsaccesscontrol.cpp index d0a2cd795411c02762dde829bd8c96b925b4db28..65862ba789924924fe365b232ac46b5fe3b4ff51 100644 --- a/src/permissionsaccesscontrol.cpp +++ b/src/permissionsaccesscontrol.cpp @@ -1539,6 +1539,17 @@ bool PermissionsAccessControl::check_signer(X509* ca, const char* signedContent, return result == 1; } +void PermissionsAccessControl::process_protection_kind( + const ProtectionKind kind, + bool& protected_flag, + bool& encrypted_flag, + bool& orig_auth_flag) +{ + protected_flag = kind != ProtectionKind::PROTECTIONKIND_NONE; + encrypted_flag = (kind == ProtectionKind::PROTECTIONKIND_ENCRYPT) || (kind == ProtectionKind::PROTECTIONKIND_ENCRYPT_WITH_ORIGIN_AUTHENTICATION); + orig_auth_flag = (kind == ProtectionKind::PROTECTIONKIND_ENCRYPT_WITH_ORIGIN_AUTHENTICATION) || + (kind == ProtectionKind::PROTECTIONKIND_SIGN_WITH_ORIGIN_AUTHENTICATION); +} /* 此函数的实现需要步骤如下: @@ -2539,9 +2550,27 @@ bool PermissionsAccessControl::get_participant_sec_attributes( access_control_permissions->governance.enable_join_access_control; attributes->is_rtps_protected = access_control_permissions->governance.rtps_protection_kind != PROTECTIONKIND_NONE; - attributes->is_discovery_protected = false; - attributes->is_liveliness_protected = false; - attributes->plugin_participant_attributes = 0; + + //PND 插件属性掩码初始化 + PluginParticipantSecurityAttributes plug_part_attr; + //attributes->is_discovery_protected = false; + //attributes->is_liveliness_protected = false; + process_protection_kind(access_control_permissions->governance.discovery_protection_kind, + attributes->is_discovery_protected, + plug_part_attr.is_discovery_encrypted, + plug_part_attr.is_discovery_origin_authenticated); + + process_protection_kind(access_control_permissions->governance.rtps_protection_kind, + attributes->is_rtps_protected, + plug_part_attr.is_rtps_encrypted, + plug_part_attr.is_rtps_origin_authenticated); + + process_protection_kind(access_control_permissions->governance.liveliness_protection_kind, + attributes->is_liveliness_protected, + plug_part_attr.is_liveliness_encrypted, + plug_part_attr.is_liveliness_origin_authenticated); + + attributes->plugin_participant_attributes = plug_part_attr.mask(); return true; } diff --git a/src/pkidhauthentication.cpp b/src/pkidhauthentication.cpp index bf766d281142d32f0c5d578f7acee333aadb5d74..e36d6d5cc5f36cfc9a1a5bb4e5997bf581aa4642 100644 --- a/src/pkidhauthentication.cpp +++ b/src/pkidhauthentication.cpp @@ -219,7 +219,6 @@ ValidationResult_t PKIDHAuthentication::validate_local_identity( SecurityException *exception) { //验证输入有效性 - IdentityHandleImpl *identity = new IdentityHandleImpl(); Property_t *prikey = NULL; //私钥 Property_t *prikey_password = NULL; //私钥 @@ -655,36 +654,27 @@ ValidationResult_t PKIDHAuthentication::validate_remote_identity( { remoteIdentity->participant_key.value[i] = remote_participant_key.value[i]; } - //cout << "remoteKey = " << remoteIdentity->participant_key.value[0] << ":" - // << remoteIdentity->participant_key.value[1] << ":" - // << remoteIdentity->participant_key.value[2] << ":" - // << remoteIdentity->participant_key.value[3] << endl; - //cout << "localKey = " << localIdentity->participant_key.value[0] << ":" - // << localIdentity->participant_key.value[1] << ":" - // << localIdentity->participant_key.value[2] << ":" - // << localIdentity->participant_key.value[3] << endl; //比较key大小 - if (localIdentity->participant_key < remote_participant_key) + int ret = compareBuiltinTopicKey(localIdentity->participant_key, remote_participant_key); + if (ret == -1/*localIdentity->participant_key < remote_participant_key*/) { //cout << "validate_remote_identity::it is request participant" << endl; remoteIdentity->sign = false; remoteIdentity->previous_state = INDENTITYSTATE_VALIDATE_REMOTE_IDENTITY; remoteIdentity->return_value = VALIDATION_PENDING_HANDSHAKE_REQUEST; *remote_identity_handle = remoteIdentity; - return VALIDATION_PENDING_HANDSHAKE_REQUEST; + return VALIDATION_PENDING_HANDSHAKE_REQUEST; //remote is request } - else if (remote_participant_key < localIdentity->participant_key) + else if (ret == 1/*remote_participant_key < localIdentity->participant_key*/) { - //cout << "validate_remote_identity::it is reply participant" << endl; remoteIdentity->sign = false; remoteIdentity->previous_state = INDENTITYSTATE_VALIDATE_REMOTE_IDENTITY; remoteIdentity->return_value = VALIDATION_PENDING_HANDSHAKE_MESSAGE; *remote_identity_handle = remoteIdentity; - return VALIDATION_PENDING_HANDSHAKE_MESSAGE; + return VALIDATION_PENDING_HANDSHAKE_MESSAGE; //remote is reply } else { - //cout << "localIdentity->participant_key = remote_participant_key" << endl; localIdentity->sign = true; remoteIdentity->sign = true; *remote_identity_handle = remoteIdentity; @@ -733,9 +723,11 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_request( //c.id temp_property.name = "c.id"; // 本地的dds.sec.auth.identitty_certificate,即证书文件app1Cert.pem路径,存入握手handle - for (int i = 0; i < initiatorIdentity->identity_certificate.size(); ++i) { - temp_property.value.push_back((unsigned char)initiatorIdentity->identity_certificate[i]); - } + temp_property.value.resize(initiatorIdentity->identity_certificate.size()); + memcpy(temp_property.value.data(), initiatorIdentity->identity_certificate.c_str(), initiatorIdentity->identity_certificate.size()); + //for (int i = 0; i < initiatorIdentity->identity_certificate.size(); ++i) { + // temp_property.value.push_back((unsigned char)initiatorIdentity->identity_certificate[i]); + //} handle->handshake_request_message_token.binary_properties.push_back(temp_property); /**********************************/ @@ -744,10 +736,12 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_request( BinaryProperty_t temp_property_cperm; temp_property_cperm.name = "c.perm"; //auth_permission.smime文件路径 - for (int i = 0; i < initiatorIdentity->access_permission.size(); ++i) { - unsigned char ch = static_cast(initiatorIdentity->access_permission[i]); - temp_property_cperm.value.push_back(ch); - } + temp_property_cperm.value.resize(initiatorIdentity->access_permission.size()); + memcpy(temp_property_cperm.value.data(), initiatorIdentity->access_permission.c_str(), initiatorIdentity->access_permission.size()); + //for (int i = 0; i < initiatorIdentity->access_permission.size(); ++i) { + // unsigned char ch = static_cast(initiatorIdentity->access_permission[i]); + // temp_property_cperm.value.push_back(ch); + //} handle->handshake_request_message_token.binary_properties.push_back(temp_property_cperm); @@ -755,30 +749,35 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_request( BinaryProperty_t temp_property_cpdata; temp_property_cpdata.name = "c.pdata"; ensure_length = builtin_topic_data_length; - //temp_property.value.ensure_length(ensure_length, ensure_length); - //memcpy((char*)temp_property.value._contiguousBuffer, - // builtin_topic_data, ensure_length) - for (int i = 0; i < ensure_length; ++i) { - temp_property_cpdata.value.push_back((unsigned char&)builtin_topic_data[i]); - } + temp_property_cpdata.value.resize(ensure_length); + memcpy(temp_property_cpdata.value.data(), builtin_topic_data, ensure_length); + //for (int i = 0; i < ensure_length; ++i) { + // temp_property_cpdata.value.push_back((unsigned char&)builtin_topic_data[i]); + //} handle->handshake_request_message_token.binary_properties.push_back(temp_property_cpdata); //c.dsign_algo BinaryProperty_t temp_property_cdsignalgo; temp_property_cdsignalgo.name = "c.dsign_algo"; std::string str = "RSASSA-PSS-SHA256"; - for (int i = 0; i < str.size(); ++i) { - temp_property_cdsignalgo.value.push_back((unsigned char&)str[i]); - } + + + temp_property_cdsignalgo.value.resize(str.size()); + memcpy(temp_property_cdsignalgo.value.data(), str.c_str(), str.size()); + //for (int i = 0; i < str.size(); ++i) { + // temp_property_cdsignalgo.value.push_back((unsigned char&)str[i]); + //} handle->handshake_request_message_token.binary_properties.push_back(temp_property_cdsignalgo); //c.kagree_algo BinaryProperty_t temp_property_ckagreealgo; temp_property_ckagreealgo.name = "c.kagree_algo"; str = "DH+MODP-2048-256"; - for (int i = 0; i < str.size(); ++i) { - temp_property_ckagreealgo.value.push_back((unsigned char&)str[i]); - } + temp_property_ckagreealgo.value.resize(str.size()); + memcpy(temp_property_ckagreealgo.value.data(), str.c_str(), str.size()); + //for (int i = 0; i < str.size(); ++i) { + // temp_property_ckagreealgo.value.push_back((unsigned char&)str[i]); + //} handle->handshake_request_message_token.binary_properties.push_back(temp_property_ckagreealgo); @@ -796,11 +795,12 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_request( BinaryProperty_t temp_property_hashc1; temp_property_hashc1.name = "hash_c1"; ensure_length = 32; - //temp_property.value.ensure_length(ensure_length, ensure_length); - //memcpy(temp_property.value._contiguousBuffer, handle->hash_local, ensure_length); - for (int i = 0; i < ensure_length; ++i) { - temp_property_hashc1.value.push_back((unsigned char&)handle->hash_local[i]); - } + + temp_property_hashc1.value.resize(ensure_length); + memcpy(temp_property_hashc1.value.data(), handle->hash_local, ensure_length); + //for (int i = 0; i < ensure_length; ++i) { + // temp_property_hashc1.value.push_back((unsigned char&)handle->hash_local[i]); + //} handle->handshake_request_message_token.binary_properties.push_back(temp_property_hashc1); delete[] buffer.buffer; //生成本地DH,保存到握手标识handle @@ -821,9 +821,12 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_request( //temp_property.value.ensure_length(pubkey_len, pubkey_len); char *val = new char[pubkey_len]; int len_bin = BN_bn2bin(public_key, (unsigned char*)val); - for (int i = 0; i < len_bin; ++i) { - temp_property_dh1.value.push_back((unsigned char&)val[i]); - } + + temp_property_dh1.value.resize(len_bin); + memcpy(temp_property_dh1.value.data(), val, len_bin); + //for (int i = 0; i < len_bin; ++i) { + // temp_property_dh1.value.push_back((unsigned char&)val[i]); + //} handle->handshake_request_message_token.binary_properties.push_back(temp_property_dh1); delete[] val; @@ -834,9 +837,11 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_request( //生成随机数 val = new char[ensure_length]; RAND_bytes((unsigned char*)val, 32); - for (int i = 0; i < ensure_length; ++i) { - temp_property_challenge1.value.push_back((unsigned char&)val[i]); - } + temp_property_challenge1.value.resize(ensure_length); + memcpy(temp_property_challenge1.value.data(), val, ensure_length); + //for (int i = 0; i < ensure_length; ++i) { + // temp_property_challenge1.value.push_back((unsigned char&)val[i]); + //} //存储到handle中供后续验证 handle->handshake_request_message_token.binary_properties.push_back(temp_property_challenge1); @@ -1000,7 +1005,7 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_reply( memcpy(valPtr, participantkey_property->value.data(), participantkey_property->value.size()); //participantkey_property->value.to_array(valPtr, participantkey_property->value.length()); SerializedBuffer buf; - buf.buffer = (char*)valPtr; + buf.buffer = (char*)valPtr + 4; buf.buffer_size = participantkey_property->value.size(); buf.writer_position = buf.buffer_size; CdrDeserializer cdr(&buf, true); @@ -1084,39 +1089,48 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_reply( //访问控制证书 BinaryProperty_t property_temp2; property_temp2.name = "c.perm"; - for (int i = 0; i < replierIdentity->access_permission.length(); ++i) { - unsigned char ch = replierIdentity->access_permission[i]; - property_temp2.value.push_back(ch); - } + + property_temp2.value.resize(replierIdentity->access_permission.length()); + memcpy(property_temp2.value.data(), replierIdentity->access_permission.c_str(), replierIdentity->access_permission.length()); + //for (int i = 0; i < replierIdentity->access_permission.length(); ++i) { + // unsigned char ch = replierIdentity->access_permission[i]; + // property_temp2.value.push_back(ch); + //} handle->handshake_reply_message_token.binary_properties.push_back(property_temp2); //内置主题数据 BinaryProperty_t property_temp3; property_temp3.name = "c.pdata"; - for (int i = 0; i < builtin_topic_data_length; ++i) { - unsigned char ch = builtin_topic_data[i]; - property_temp3.value.push_back(ch); - } + property_temp3.value.resize(builtin_topic_data_length); + memcpy(property_temp3.value.data(), builtin_topic_data, builtin_topic_data_length); + //for (int i = 0; i < builtin_topic_data_length; ++i) { + // unsigned char ch = builtin_topic_data[i]; + // property_temp3.value.push_back(ch); + //} handle->handshake_reply_message_token.binary_properties.push_back(property_temp3); //数字签名使用的算法 BinaryProperty_t property_temp4; property_temp4.name = "c.dsign_algo"; std::string tempStr = "RSASSA-PSS-SHA256"; - for (int i = 0; i < tempStr.length(); ++i) { - unsigned char ch = tempStr[i]; - property_temp4.value.push_back(ch); - } + property_temp4.value.resize(tempStr.length()); + memcpy(property_temp4.value.data(), tempStr.c_str(), tempStr.length()); + //for (int i = 0; i < tempStr.length(); ++i) { + // unsigned char ch = tempStr[i]; + // property_temp4.value.push_back(ch); + //} handle->handshake_reply_message_token.binary_properties.push_back(property_temp4); //生成密钥使用的算法 BinaryProperty_t property_temp5; property_temp5.name = "c.kagree_algo"; tempStr = "DH+MODP-2048-256"; - for (int i = 0; i < tempStr.length(); ++i) { - unsigned char ch = tempStr[i]; - property_temp5.value.push_back(ch); - } + property_temp5.value.resize(tempStr.length()); + memcpy(property_temp5.value.data(), tempStr.c_str(), tempStr.length()); + //for (int i = 0; i < tempStr.length(); ++i) { + // unsigned char ch = tempStr[i]; + // property_temp5.value.push_back(ch); + //} handle->handshake_reply_message_token.binary_properties.push_back(property_temp5); //hash_c2 BinaryProperty_t property_temp6; @@ -1131,10 +1145,13 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_reply( property_temp6.name = "hash_c2"; handle->hash_local = new char[32]; //TODO SHA256((unsigned char*)buffer.buffer, length, (unsigned char*)handle->hash_local); - for (int i = 0; i < 32; ++i) { - unsigned char ch = handle->hash_local[i]; - property_temp6.value.push_back(ch); - } + + property_temp6.value.resize(32); + memcpy(property_temp6.value.data(), handle->hash_local, 32); + //for (int i = 0; i < 32; ++i) { + // unsigned char ch = handle->hash_local[i]; + // property_temp6.value.push_back(ch); + //} handle->handshake_reply_message_token.binary_properties.push_back(property_temp6); signature_seq.push_back(property_temp6); //challenge2 @@ -1142,9 +1159,11 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_reply( property_temp7.name = "challenge2"; unsigned char* tempUChar = new unsigned char[32]; RAND_bytes(tempUChar, 32); - for (int i = 0; i < 32; ++i) { - property_temp7.value.push_back(tempUChar[i]); - } + property_temp7.value.resize(32); + memcpy(property_temp7.value.data(), tempUChar, 32); + //for (int i = 0; i < 32; ++i) { + // property_temp7.value.push_back(tempUChar[i]); + //} delete[]tempUChar ; handle->handshake_reply_message_token.binary_properties.push_back(property_temp7); signature_seq.push_back(property_temp7); @@ -1163,9 +1182,11 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_reply( unsigned char str_pubkey[pubkey_length]; int len_bin = BN_bn2bin(public_key, str_pubkey); property_temp8.name = "dh2"; - for (int i = 0; i < len_bin; ++i) { - property_temp8.value.push_back(str_pubkey[i]); - } + property_temp8.value.resize(len_bin); + memcpy(property_temp8.value.data(), str_pubkey, len_bin); + //for (int i = 0; i < len_bin; ++i) { + // property_temp8.value.push_back(str_pubkey[i]); + //} handle->handshake_reply_message_token.binary_properties.push_back(property_temp8); signature_seq.push_back(property_temp8); //challenge1 @@ -1254,10 +1275,12 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_reply( SHA256((unsigned char*)buffer.buffer, length, (unsigned char*)handle->hash_remote); BinaryProperty_t tmp_property; tmp_property.name = "hash_c1"; - for (int i = 0; i < 32; ++i) { - unsigned char ch = handle->hash_remote[i]; - tmp_property.value.push_back(ch); - } + tmp_property.value.resize(32); + memcpy(tmp_property.value.data(), handle->hash_remote, 32); + //for (int i = 0; i < 32; ++i) { + // unsigned char ch = handle->hash_remote[i]; + // tmp_property.value.push_back(ch); + //} handle->handshake_reply_message_token.binary_properties.push_back(tmp_property); signature_seq.push_back(tmp_property); //delete[] buffer.buffer; @@ -1336,10 +1359,12 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_reply( BinaryProperty_t property_temp9; property_temp9.name = "signature"; - for (int i = 0; i < signResLen; ++i) { - unsigned char ch = signRes[i]; - property_temp9.value.push_back(ch); - } + property_temp9.value.resize(signResLen); + memcpy(property_temp9.value.data(), signRes, signResLen); + //for (int i = 0; i < signResLen; ++i) { + // unsigned char ch = signRes[i]; + // property_temp9.value.push_back(ch); + //} handle->handshake_reply_message_token.binary_properties.push_back(property_temp9); //填充handshake_message_out //DDS_BinaryPropertySeq_set_maximum(&handshake_message_out->binary_properties, @@ -1365,9 +1390,13 @@ ValidationResult_t PKIDHAuthentication::begin_handshake_reply( } if (permission != NULL) { - for (int i = 0; i < permission->value.size(); ++i) { - initiatorIdentity->access_permission.push_back(permission->value[i]); - } + initiatorIdentity->access_permission = std::string( + permission->value.begin(), + permission->value.end() + ); + //for (int i = 0; i < permission->value.size(); ++i) { + // initiatorIdentity->access_permission.push_back(permission->value[i]); + //} } handle->previous_call = INDENTITYSTATE_BEGIN_HANDSHAKE_REPLY; handle->return_value = VALIDATION_PENDING_HANDSHAKE_MESSAGE; @@ -1564,9 +1593,11 @@ ValidationResult_t PKIDHAuthentication::process_handshake( SHA256((const unsigned char*)buffer.buffer, length, val_sha256); BinaryProperty_t tmpProperty; tmpProperty.name = "hash_c2"; - for (int i = 0; i < 32; i++) { - tmpProperty.value.push_back(val_sha256[i]); - } + tmpProperty.value.resize(32); + memcpy(tmpProperty.value.data(), val_sha256, 32); + //for (int i = 0; i < 32; i++) { + // tmpProperty.value.push_back(val_sha256[i]); + //} binary_properties.push_back(tmpProperty); //delete[] buffer.buffer; } @@ -1580,9 +1611,11 @@ ValidationResult_t PKIDHAuthentication::process_handshake( int len_bin = BN_bn2bin(Public_Key, pubkey); BinaryProperty_t tmpProperty; tmpProperty.name = "dh1"; - for (int i = 0; i < len_bin; i++) { - tmpProperty.value.push_back(pubkey[i]); - } + tmpProperty.value.resize(len_bin); + memcpy(tmpProperty.value.data(), pubkey, len_bin); + //for (int i = 0; i < len_bin; i++) { + // tmpProperty.value.push_back(pubkey[i]); + //} binary_properties.push_back(tmpProperty); } //没有hash_c1 @@ -1590,10 +1623,12 @@ ValidationResult_t PKIDHAuthentication::process_handshake( { BinaryProperty_t tmpProperty; tmpProperty.name = "hash_c1"; - for (int i = 0; i < 32; i++) { - unsigned char ch = handshake_impl->hash_local[i]; - tmpProperty.value.push_back(ch); - } + tmpProperty.value.resize(32); + memcpy(tmpProperty.value.data(), handshake_impl->hash_local, 32); + //for (int i = 0; i < 32; i++) { + // unsigned char ch = handshake_impl->hash_local[i]; + // tmpProperty.value.push_back(ch); + //} binary_properties.push_back(tmpProperty); } else if (bpropertyPtr == NULL) @@ -1657,10 +1692,12 @@ ValidationResult_t PKIDHAuthentication::process_handshake( { BinaryProperty_t tmpProperty; tmpProperty.name = "hash_c1"; - for (int i = 0; i < 32; ++i) { - unsigned char ch = handshake_impl->hash_local[i]; - tmpProperty.value.push_back(ch); - } + tmpProperty.value.resize(32); + memcpy(tmpProperty.value.data(), handshake_impl->hash_local, 32); + //for (int i = 0; i < 32; ++i) { + // unsigned char ch = handshake_impl->hash_local[i]; + // tmpProperty.value.push_back(ch); + //} handshake_message_out->binary_properties.push_back(tmpProperty); signature_seq.push_back(tmpProperty); } @@ -1674,9 +1711,11 @@ ValidationResult_t PKIDHAuthentication::process_handshake( int len_bin = BN_bn2bin(Public_Key, pubkey); BinaryProperty_t tmpProperty; tmpProperty.name = "dh1"; - for (int i = 0; i < len_bin; ++i) { - tmpProperty.value.push_back(pubkey[i]); - } + tmpProperty.value.resize(len_bin); + memcpy(tmpProperty.value.data(), pubkey, len_bin); + //for (int i = 0; i < len_bin; ++i) { + // tmpProperty.value.push_back(pubkey[i]); + //} signature_seq.push_back(tmpProperty); handshake_message_out->binary_properties.push_back(tmpProperty); } @@ -1708,9 +1747,11 @@ ValidationResult_t PKIDHAuthentication::process_handshake( BinaryProperty_t tmpProperty; tmpProperty.name = "hash_c2"; - for (int i = 0; i < 32; i++) { - tmpProperty.value[i] = val_sha256[i]; - } + tmpProperty.value.resize(32); + memcpy(tmpProperty.value.data(), val_sha256, 32); + //for (int i = 0; i < 32; i++) { + // tmpProperty.value[i] = val_sha256[i]; + //} handshake_message_out->binary_properties.push_back(tmpProperty); signature_seq.push_back(tmpProperty); //delete[]prepBuffer.buffer; @@ -1787,9 +1828,11 @@ ValidationResult_t PKIDHAuthentication::process_handshake( } temp_property.name = "signature"; - for (int i = 0; i < signResLen; ++i) { - temp_property.value.push_back(signRes[i]); - } + temp_property.value.resize(signResLen); + memcpy(temp_property.value.data(), signRes, signResLen); + //for (int i = 0; i < signResLen; ++i) { + // temp_property.value.push_back(signRes[i]); + //} handshake_message_out->binary_properties.push_back(temp_property); //delete[]signBuffer.buffer; //查找dds.sec 作为permissionscertificate @@ -2018,9 +2061,11 @@ ValidationResult_t PKIDHAuthentication::process_handshake( { BinaryProperty_t tmp_property; tmp_property.name = "hash_c1"; - for (int i = 0; i < 32; ++i) { - tmp_property.value[i] = handshake_impl->hash_remote[i]; - }; + tmp_property.value.resize(32); + memcpy(tmp_property.value.data(), handshake_impl->hash_remote, 32); + //for (int i = 0; i < 32; ++i) { + // tmp_property.value[i] = handshake_impl->hash_remote[i]; + //}; binary_properties.push_back(tmp_property); } //没有dh1 @@ -2028,9 +2073,11 @@ ValidationResult_t PKIDHAuthentication::process_handshake( { BinaryProperty_t tmp_property; tmp_property.name = "dh1"; - for (int i = 0; i < 32; ++i) { - tmp_property.value[i] = handshake_impl->hash_remote[i]; - }; + tmp_property.value.resize(32); + memcpy(tmp_property.value.data(), handshake_impl->hash_remote, 32); + //for (int i = 0; i < 32; ++i) { + // tmp_property.value[i] = handshake_impl->hash_remote[i]; + //}; binary_properties.push_back(tmp_property); } //没有dh2 @@ -2043,9 +2090,11 @@ ValidationResult_t PKIDHAuthentication::process_handshake( int len_bin = BN_bn2bin(Public_Key, pubkey); BinaryProperty_t tmp_property; tmp_property.name = "dh2"; - for (int i = 0; i < len_bin; ++i) { - tmp_property.value[i] = pubkey[i]; - }; + tmp_property.value.resize(len_bin); + memcpy(tmp_property.value.data(), pubkey, len_bin); + //for (int i = 0; i < len_bin; ++i) { + // tmp_property.value[i] = pubkey[i]; + //}; binary_properties.push_back(tmp_property); } //没有hash_c2 @@ -2053,9 +2102,11 @@ ValidationResult_t PKIDHAuthentication::process_handshake( { BinaryProperty_t tmp_property; tmp_property.name = "hash_c2"; - for (int i = 0; i < 32; ++i) { - tmp_property.value[i] = handshake_impl->hash_local[i]; - }; + tmp_property.value.resize(32); + memcpy(tmp_property.value.data(), handshake_impl->hash_local, 32); + //for (int i = 0; i < 32; ++i) { + // tmp_property.value[i] = handshake_impl->hash_local[i]; + //}; binary_properties.push_back(tmp_property); } else if (temp_binaryproperty == NULL) diff --git a/travodds-security-plugin.spec b/travodds-security-plugin.spec index 6b06ddbcabc32339e8796609874eb5b30bf15022..58ceffbe09ec545227ee7b46499ca260a9d96c0d 100644 --- a/travodds-security-plugin.spec +++ b/travodds-security-plugin.spec @@ -1,6 +1,6 @@ # 基本信息 Name: travodds-security-plugin -Version: 1.0.0 +Version: 1.1.0 Release: 1%{?dist} Summary: security plugin for travodds @@ -27,7 +27,8 @@ security plugin for travodds. # 构建流程 %prep -%setup -q -c +#%setup -q -c +%autosetup -p1 %build mkdir -p build diff --git a/travodds-security-plugin_1.0.0.orig.tar.gz b/travodds-security-plugin_1.0.0.orig.tar.gz deleted file mode 100644 index 673047d8d02d753e58016872e30f68544744e7f8..0000000000000000000000000000000000000000 Binary files a/travodds-security-plugin_1.0.0.orig.tar.gz and /dev/null differ diff --git a/travodds-security-plugin_1.1.0.orig.tar.gz b/travodds-security-plugin_1.1.0.orig.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..be097715d7082114ca0e7236afc25b487f84df60 Binary files /dev/null and b/travodds-security-plugin_1.1.0.orig.tar.gz differ