// Copyright 2016 Proyectos y Sistemas de Mantenimiento SL (eProsima). // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. /*! * @file Authentication.h */ #ifndef _FASTDDS_RTPS_SECURITY_CRYPTOGRAPHY_CRYPTOTRANSFORM_H_ #define _FASTDDS_RTPS_SECURITY_CRYPTOGRAPHY_CRYPTOTRANSFORM_H_ #include #include #include namespace eprosima { namespace fastrtps { namespace rtps { namespace security { class CryptoTransform { public: virtual ~CryptoTransform(){} /** * Serializes the payload sent by the user with a Datawriter. * @param encoded_payload (out) Result of the encryption * @param extra_inline_qos (out) Contains additional parameters to be added to the inlineQos of the submessage * @param payload Plain input buffer * @param sending_datawriter_crypto Returned by a prior call to register_local_datawriter * @param exception (out) Security exception * @return TRUE if successful */ virtual bool encode_serialized_payload( SerializedPayload_t& encoded_payload, std::vector& extra_inline_qos, const SerializedPayload_t& payload, DatawriterCryptoHandle& sending_datawriter_crypto, SecurityException& exception) = 0; /** * Encodes a Data, DataFrag, Gap, Heartbeat or HeartBeatFrag * @param encoded_rtps_submessage (out) Result of the encryption * @param plain_rtps_submessage Plain input buffer * @param sending_datawriter_crypto Crypto of the datawriter that sends the message * @param receiving_datareader_crypto_list Crypto of the datareaders the message is aimed at * @param exception (out) Security exception * @return TRUE is successful */ virtual bool encode_datawriter_submessage( CDRMessage_t& encoded_rtps_submessage, const CDRMessage_t& plain_rtps_submessage, DatawriterCryptoHandle& sending_datawriter_crypto, std::vector& receiving_datareader_crypto_list, SecurityException& exception) = 0; /** * Encodes an AckNack or NackFrag * @param encoded_rtps_submessage (out) Result of the encryption * @param plain_rtps_submessage Plain input buffer * @param sending_datareader_crypto Crypto of the sending datareader * @param receiving_datawriter_crypto_list List with Crypto of the intended datawriter recipients * @param exception (out) Security exception * @return TRUE if successful */ virtual bool encode_datareader_submessage( CDRMessage_t& encoded_rtps_submessage, const CDRMessage_t& plain_rtps_submessage, DatareaderCryptoHandle& sending_datareader_crypto, std::vector& receiving_datawriter_crypto_list, SecurityException& exception) = 0; /** * Encodes a full rtps message * @param encoded_rtps_message (out) Result of the encryption * @param plain_rtps_message Plain input buffer * @param sending_crypto Crypto of the Participant where the message originates from * @param receiving_crypto_list Crypto of the Partipants the message is intended towards * @param exception (out) Security expcetion * @return TRUE if successful */ virtual bool encode_rtps_message( CDRMessage_t& encoded_rtps_message, const CDRMessage_t& plain_rtps_message, ParticipantCryptoHandle &sending_crypto, std::vector &receiving_crypto_list, SecurityException &exception) = 0; /** * Reverses the transformation performed by encode_rtps_message. Decrypts the contents and veryfies MACs or digital signatures. * @param plain_buffer (out) Decoded message * @param encoded_buffer Encoded message * @param receiving_crypto Crypto of the Participant that receives the message * @param sending_crypto Crypto of the Participant that wrote the message * @param exception (out) Security exception * @return TRUE is successful */ virtual bool decode_rtps_message( CDRMessage_t& plain_buffer, const CDRMessage_t& encoded_buffer, const ParticipantCryptoHandle &receiving_crypto, const ParticipantCryptoHandle &sending_crypto, SecurityException &exception) = 0; /** * Determines whether the secure submessage comes from a datawriter or a data reader and extracts the required CryptoHandle to decode it. * @param datawriter_crypto (out) Crypto of the sending datawriter, if applicable * @param datareader_crypto (out) Crypto of the sending datareader, if applicable * @param secure_submessage_category (out) Specifies wether the message comes from a datawriter or from a datareader * @param encoded_rtps_submessage encoded input submessage * @param receiving_crypto Crypto of the Participant that receives the message * @param sending_crypto Crypto of the Participant that sent the message * @param exception (out) Security exception * @return TRUE if successful */ virtual bool preprocess_secure_submsg( DatawriterCryptoHandle **datawriter_crypto, DatareaderCryptoHandle **datareader_crypto, SecureSubmessageCategory_t &secure_submessage_category, const CDRMessage_t& encoded_rtps_submessage, ParticipantCryptoHandle &receiving_crypto, ParticipantCryptoHandle &sending_crypto, SecurityException &exception) = 0; /** * Called after prprocess_secure_submessage when the submessage category is DATAWRITER_SUBMESSAGE * @param plain_rtps_submessage (out) Result of the decryption * @param encoded_rtps_submessage Encoded message * @param receiving_datareader_crypto Crypto of the target datareader * @param sending_datawriter_crypto Crypto of the datawriter that sent the message * @param exception (out) Security exception * @return TRUE if successful */ virtual bool decode_datawriter_submessage( CDRMessage_t& plain_rtps_submessage, CDRMessage_t& encoded_rtps_submessage, DatareaderCryptoHandle &receiving_datareader_crypto, DatawriterCryptoHandle &sending_datawriter_crypto, SecurityException &exception) = 0; /** * Called after preprocess_secure_submessage when the submessage category is DATAREADER_SUBMESSAGE * @param plain_rtps_submessage (out) Result of the decryption * @param encoded_rtps_submessage Encoded message * @param receiving_datawriter_crypto Crypto of the target datawriter * @param sending_datareader_crypto Crypto of the datareader that sent the message * @param exception (out) Security exception * @return TRUE if successful */ virtual bool decode_datareader_submessage( CDRMessage_t& plain_rtps_submessage, CDRMessage_t& encoded_rtps_submessage, DatawriterCryptoHandle &receiving_datawriter_crypto, DatareaderCryptoHandle &sending_datareader_crypto, SecurityException &exception) = 0; /** * Undoes the decryption transformation made on the writer side. * @param plain_payload (out) Result of the decryption * @param encoded_payload Encoded input buffer * @param inline_qos Coming from the data message that carries the target payload * @param receiving_datareader_crypto Crypto of the target datareader * @param sending_datawriter_crypto Crypto of the datawriter that sent the message * @param exception (out) Security exception * @return TRUE if successful */ virtual bool decode_serialized_payload( SerializedPayload_t& plain_payload, const SerializedPayload_t& encoded_payload, const std::vector& inline_qos, DatareaderCryptoHandle& receiving_datareader_crypto, DatawriterCryptoHandle& sending_datawriter_crypto, SecurityException& exception) = 0; virtual uint32_t calculate_extra_size_for_rtps_message(uint32_t number_discovered_participants) const = 0; virtual uint32_t calculate_extra_size_for_rtps_submessage(uint32_t number_discovered_readers) const = 0; virtual uint32_t calculate_extra_size_for_encoded_payload(uint32_t number_discovered_readers) const = 0; }; } //namespace eprosima } //namespace fastrtps } //namespace rtps } //namespace security #endif //_FASTDDS_RTPS_SECURITY_CRYPTOGRAPHY_CRYPTOTRANSFORM_H_