From f045feb2a09adb3f4d36eef40af487df7afcafa6 Mon Sep 17 00:00:00 2001 From: ruffsl Date: Mon, 13 Apr 2020 16:49:55 -0700 Subject: [PATCH 01/13] Rename security override env from ROS_SECURITY_DIRECTORY_OVERRIDE to ROS_SECURITY_ENCLAVE_OVERRIDE Signed-off-by: ruffsl --- rcl/include/rcl/security.h | 6 +++--- rcl/src/rcl/security.c | 2 +- rcl/test/rcl/test_security.cpp | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/rcl/include/rcl/security.h b/rcl/include/rcl/security.h index f4f9fe743..805ee67f5 100644 --- a/rcl/include/rcl/security.h +++ b/rcl/include/rcl/security.h @@ -27,8 +27,8 @@ extern "C" #include "rcl/visibility_control.h" #include "rmw/security_options.h" -#ifndef ROS_SECURITY_DIRECTORY_OVERRIDE -# define ROS_SECURITY_DIRECTORY_OVERRIDE "ROS_SECURITY_DIRECTORY_OVERRIDE" +#ifndef ROS_SECURITY_ENCLAVE_OVERRIDE +# define ROS_SECURITY_ENCLAVE_OVERRIDE "ROS_SECURITY_ENCLAVE_OVERRIDE" #endif #ifndef ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME @@ -102,7 +102,7 @@ rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy); * "/r/a/b/c", where the delimiter "/" is native for target file system (e.g. "\\" for _WIN32). * * However, this expansion can be overridden by setting the secure directory override environment - * (`ROS_SECURITY_DIRECTORY_OVERRIDE`) variable, allowing users to explicitly specify the exact secure + * (`ROS_SECURITY_ENCLAVE_OVERRIDE`) variable, allowing users to explicitly specify the exact secure * root directory to be utilized. * Such an override is useful for applications where the enclave is non-deterministic * before runtime, or when testing and using additional tools that may not otherwise be easily diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c index 8d18ae76b..e047f82ef 100644 --- a/rcl/src/rcl/security.c +++ b/rcl/src/rcl/security.c @@ -140,7 +140,7 @@ char * rcl_get_secure_root( return NULL; } - if (rcutils_get_env(ROS_SECURITY_DIRECTORY_OVERRIDE, &env_buf)) { + if (rcutils_get_env(ROS_SECURITY_ENCLAVE_OVERRIDE, &env_buf)) { return NULL; } if (!env_buf) { diff --git a/rcl/test/rcl/test_security.cpp b/rcl/test/rcl/test_security.cpp index f6b2c5e3a..76e516de4 100644 --- a/rcl/test/rcl/test_security.cpp +++ b/rcl/test/rcl/test_security.cpp @@ -75,7 +75,7 @@ class TestGetSecureRoot : public ::testing::Test // Always make sure the variable we set is unset at the beginning of a test unsetenv_wrapper(ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME); - unsetenv_wrapper(ROS_SECURITY_DIRECTORY_OVERRIDE); + unsetenv_wrapper(ROS_SECURITY_ENCLAVE_OVERRIDE); unsetenv_wrapper(ROS_SECURITY_STRATEGY_VAR_NAME); unsetenv_wrapper(ROS_SECURITY_ENABLE_VAR_NAME); allocator = rcl_get_default_allocator(); @@ -175,7 +175,7 @@ TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch_multipleTokensName) TEST_F(TestGetSecureRoot, nodeSecurityDirectoryOverride_validDirectory) { /* Specify a valid directory */ - putenv_wrapper(ROS_SECURITY_DIRECTORY_OVERRIDE "=" TEST_RESOURCES_DIRECTORY); + putenv_wrapper(ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_RESOURCES_DIRECTORY); root_path = rcl_get_secure_root( "name shouldn't matter", &allocator); ASSERT_STREQ(root_path, TEST_RESOURCES_DIRECTORY); @@ -185,7 +185,7 @@ TEST_F( TestGetSecureRoot, nodeSecurityDirectoryOverride_validDirectory_overrideRootDirectoryAttempt) { /* Setting root dir has no effect */ - putenv_wrapper(ROS_SECURITY_DIRECTORY_OVERRIDE "=" TEST_RESOURCES_DIRECTORY); + putenv_wrapper(ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_RESOURCES_DIRECTORY); root_path = rcl_get_secure_root("name shouldn't matter", &allocator); putenv_wrapper(ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "=" TEST_RESOURCES_DIRECTORY); ASSERT_STREQ(root_path, TEST_RESOURCES_DIRECTORY); @@ -195,7 +195,7 @@ TEST_F(TestGetSecureRoot, nodeSecurityDirectoryOverride_invalidDirectory) { /* The override provided should exist. Providing correct node/namespace/root dir won't help * if the node override is invalid. */ putenv_wrapper( - ROS_SECURITY_DIRECTORY_OVERRIDE + ROS_SECURITY_ENCLAVE_OVERRIDE "=TheresN_oWayThi_sDirectory_Exists_hence_this_should_fail"); EXPECT_EQ( rcl_get_secure_root(TEST_ENCLAVE_ABSOLUTE, &allocator), @@ -217,7 +217,7 @@ TEST_F(TestGetSecureRoot, test_get_security_options) { putenv_wrapper(ROS_SECURITY_STRATEGY_VAR_NAME "=Enforce"); putenv_wrapper( - ROS_SECURITY_DIRECTORY_OVERRIDE "=" TEST_RESOURCES_DIRECTORY); + ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_RESOURCES_DIRECTORY); ret = rcl_get_security_options_from_environment( "doesn't matter at all", &allocator, &options); ASSERT_EQ(RMW_RET_OK, ret) << rmw_get_error_string().str; @@ -226,7 +226,7 @@ TEST_F(TestGetSecureRoot, test_get_security_options) { EXPECT_EQ(RMW_RET_OK, rmw_security_options_fini(&options, &allocator)); options = rmw_get_zero_initialized_security_options(); - unsetenv_wrapper(ROS_SECURITY_DIRECTORY_OVERRIDE); + unsetenv_wrapper(ROS_SECURITY_ENCLAVE_OVERRIDE); putenv_wrapper( ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "=" TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME); From 38597f29e064b5dfd2b57058c9fb923f40b56e8b Mon Sep 17 00:00:00 2001 From: ruffsl Date: Mon, 13 Apr 2020 16:51:55 -0700 Subject: [PATCH 02/13] Update variables and functions directory override -> enclave override Signed-off-by: ruffsl --- rcl/src/rcl/security.c | 6 +++--- rcl/test/rcl/test_security.cpp | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c index e047f82ef..28c64ee2e 100644 --- a/rcl/src/rcl/security.c +++ b/rcl/src/rcl/security.c @@ -132,7 +132,7 @@ char * rcl_get_secure_root( const char * name, const rcl_allocator_t * allocator) { - bool ros_secure_directory_override = true; + bool ros_secure_enclave_override = true; // find out if either of the configuration environment variables are set const char * env_buf = NULL; @@ -157,14 +157,14 @@ char * rcl_get_secure_root( if (0 == strcmp("", env_buf)) { return NULL; // environment variable was empty } - ros_secure_directory_override = false; + ros_secure_enclave_override = false; } // found a usable environment variable, copy into our memory before overwriting with next lookup char * ros_secure_root_env = rcutils_strdup(env_buf, *allocator); char * secure_root = NULL; - if (ros_secure_directory_override) { + if (ros_secure_enclave_override) { secure_root = rcutils_strdup(ros_secure_root_env, *allocator); } else { secure_root = exact_match_lookup(name, ros_secure_root_env, allocator); diff --git a/rcl/test/rcl/test_security.cpp b/rcl/test/rcl/test_security.cpp index 76e516de4..17d977963 100644 --- a/rcl/test/rcl/test_security.cpp +++ b/rcl/test/rcl/test_security.cpp @@ -173,7 +173,7 @@ TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch_multipleTokensName) secure_root_str.substr(secure_root_str.size() - strlen(TEST_ENCLAVE)).c_str()); } -TEST_F(TestGetSecureRoot, nodeSecurityDirectoryOverride_validDirectory) { +TEST_F(TestGetSecureRoot, nodeSecurityEnclaveOverride_validDirectory) { /* Specify a valid directory */ putenv_wrapper(ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_RESOURCES_DIRECTORY); root_path = rcl_get_secure_root( @@ -183,7 +183,7 @@ TEST_F(TestGetSecureRoot, nodeSecurityDirectoryOverride_validDirectory) { TEST_F( TestGetSecureRoot, - nodeSecurityDirectoryOverride_validDirectory_overrideRootDirectoryAttempt) { + nodeSecurityEnclaveOverride_validDirectory_overrideRootDirectoryAttempt) { /* Setting root dir has no effect */ putenv_wrapper(ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_RESOURCES_DIRECTORY); root_path = rcl_get_secure_root("name shouldn't matter", &allocator); @@ -191,7 +191,7 @@ TEST_F( ASSERT_STREQ(root_path, TEST_RESOURCES_DIRECTORY); } -TEST_F(TestGetSecureRoot, nodeSecurityDirectoryOverride_invalidDirectory) { +TEST_F(TestGetSecureRoot, nodeSecurityEnclaveOverride_invalidDirectory) { /* The override provided should exist. Providing correct node/namespace/root dir won't help * if the node override is invalid. */ putenv_wrapper( From f7149a31fd19152f1f55617db497b77abc49b05e Mon Sep 17 00:00:00 2001 From: ruffsl Date: Mon, 13 Apr 2020 16:52:14 -0700 Subject: [PATCH 03/13] Update docs and comments directory override -> enclave override Signed-off-by: ruffsl --- rcl/include/rcl/security.h | 8 ++++---- rcl/src/rcl/security.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rcl/include/rcl/security.h b/rcl/include/rcl/security.h index 805ee67f5..9ac0ef341 100644 --- a/rcl/include/rcl/security.h +++ b/rcl/include/rcl/security.h @@ -101,16 +101,16 @@ rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy); * E.g. for a context named "/a/b/c" and root "/r", the secure root path will be * "/r/a/b/c", where the delimiter "/" is native for target file system (e.g. "\\" for _WIN32). * - * However, this expansion can be overridden by setting the secure directory override environment - * (`ROS_SECURITY_ENCLAVE_OVERRIDE`) variable, allowing users to explicitly specify the exact secure - * root directory to be utilized. + * However, this expansion can be overridden by setting the secure enclave override environment + * (`ROS_SECURITY_ENCLAVE_OVERRIDE`) variable, allowing users to explicitly specify the exact enclave + * directory to be utilized. * Such an override is useful for applications where the enclave is non-deterministic * before runtime, or when testing and using additional tools that may not otherwise be easily * provisioned. * * \param[in] name validated name (a single token) * \param[in] allocator the allocator to use for allocation - * \returns Machine specific (absolute) secure root path or NULL on failure. + * \returns Machine specific (absolute) enclave directory path or NULL on failure. * Returned pointer must be deallocated by the caller of this function */ RCL_PUBLIC diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c index 28c64ee2e..051b6af0b 100644 --- a/rcl/src/rcl/security.c +++ b/rcl/src/rcl/security.c @@ -147,7 +147,7 @@ char * rcl_get_secure_root( return NULL; } if (0 == strcmp("", env_buf)) { - // check root directory if override directory environment variable is empty + // check root directory if override enclave environment variable is empty if (rcutils_get_env(ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME, &env_buf)) { return NULL; } From ad38f8f2f7bc7b3463a49d5262cd1f008a05535a Mon Sep 17 00:00:00 2001 From: ruffsl Date: Mon, 13 Apr 2020 17:44:55 -0700 Subject: [PATCH 04/13] Rename keystore root env from ROS_SECURITY_ROOT_DIRECTORY to ROS_SECURITY_KEYSTORE Signed-off-by: ruffsl --- rcl/include/rcl/security.h | 6 +++--- rcl/src/rcl/security.c | 2 +- rcl/test/rcl/test_security.cpp | 16 ++++++++-------- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/rcl/include/rcl/security.h b/rcl/include/rcl/security.h index 9ac0ef341..fef96397a 100644 --- a/rcl/include/rcl/security.h +++ b/rcl/include/rcl/security.h @@ -31,8 +31,8 @@ extern "C" # define ROS_SECURITY_ENCLAVE_OVERRIDE "ROS_SECURITY_ENCLAVE_OVERRIDE" #endif -#ifndef ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME -# define ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "ROS_SECURITY_ROOT_DIRECTORY" +#ifndef ROS_SECURITY_KEYSTORE_VAR_NAME +# define ROS_SECURITY_KEYSTORE_VAR_NAME "ROS_SECURITY_KEYSTORE" #endif #ifndef ROS_SECURITY_STRATEGY_VAR_NAME @@ -96,7 +96,7 @@ rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy); /** * Return the security directory associated with the enclave name. * - * The value of the environment variable `ROS_SECURITY_ROOT_DIRECTORY` is used as a root. + * The value of the environment variable `ROS_SECURITY_KEYSTORE` is used as a root. * The specific directory to be used, is found from that root using the `name` passed. * E.g. for a context named "/a/b/c" and root "/r", the secure root path will be * "/r/a/b/c", where the delimiter "/" is native for target file system (e.g. "\\" for _WIN32). diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c index 051b6af0b..fcb6ee698 100644 --- a/rcl/src/rcl/security.c +++ b/rcl/src/rcl/security.c @@ -148,7 +148,7 @@ char * rcl_get_secure_root( } if (0 == strcmp("", env_buf)) { // check root directory if override enclave environment variable is empty - if (rcutils_get_env(ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME, &env_buf)) { + if (rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf)) { return NULL; } if (!env_buf) { diff --git a/rcl/test/rcl/test_security.cpp b/rcl/test/rcl/test_security.cpp index 17d977963..d191bbee4 100644 --- a/rcl/test/rcl/test_security.cpp +++ b/rcl/test/rcl/test_security.cpp @@ -74,7 +74,7 @@ class TestGetSecureRoot : public ::testing::Test rcl_reset_error(); // Always make sure the variable we set is unset at the beginning of a test - unsetenv_wrapper(ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME); + unsetenv_wrapper(ROS_SECURITY_KEYSTORE_VAR_NAME); unsetenv_wrapper(ROS_SECURITY_ENCLAVE_OVERRIDE); unsetenv_wrapper(ROS_SECURITY_STRATEGY_VAR_NAME); unsetenv_wrapper(ROS_SECURITY_ENABLE_VAR_NAME); @@ -104,7 +104,7 @@ class TestGetSecureRoot : public ::testing::Test { base_lookup_dir_fqn = rcutils_join_path( resource_dir, resource_dir_name, allocator); - std::string putenv_input = ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "="; + std::string putenv_input = ROS_SECURITY_KEYSTORE_VAR_NAME "="; putenv_input += base_lookup_dir_fqn; memcpy( g_envstring, putenv_input.c_str(), @@ -124,7 +124,7 @@ TEST_F(TestGetSecureRoot, failureScenarios) { (char *) NULL); rcl_reset_error(); - putenv_wrapper(ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "=" TEST_RESOURCES_DIRECTORY); + putenv_wrapper(ROS_SECURITY_KEYSTORE_VAR_NAME "=" TEST_RESOURCES_DIRECTORY); /* Security directory is set, but there's no matching directory */ /// Wrong enclave @@ -136,7 +136,7 @@ TEST_F(TestGetSecureRoot, failureScenarios) { TEST_F(TestGetSecureRoot, successScenarios_local_root_enclave) { putenv_wrapper( - ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "=" + ROS_SECURITY_KEYSTORE_VAR_NAME "=" TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME); secure_root = rcl_get_secure_root("/", &allocator); @@ -148,7 +148,7 @@ TEST_F(TestGetSecureRoot, successScenarios_local_root_enclave) { TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch) { putenv_wrapper( - ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "=" + ROS_SECURITY_KEYSTORE_VAR_NAME "=" TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME); secure_root = rcl_get_secure_root(TEST_ENCLAVE_ABSOLUTE, &allocator); @@ -161,7 +161,7 @@ TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch) { TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch_multipleTokensName) { putenv_wrapper( - ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "=" + ROS_SECURITY_KEYSTORE_VAR_NAME "=" TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME); secure_root = rcl_get_secure_root( @@ -187,7 +187,7 @@ TEST_F( /* Setting root dir has no effect */ putenv_wrapper(ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_RESOURCES_DIRECTORY); root_path = rcl_get_secure_root("name shouldn't matter", &allocator); - putenv_wrapper(ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "=" TEST_RESOURCES_DIRECTORY); + putenv_wrapper(ROS_SECURITY_KEYSTORE_VAR_NAME "=" TEST_RESOURCES_DIRECTORY); ASSERT_STREQ(root_path, TEST_RESOURCES_DIRECTORY); } @@ -228,7 +228,7 @@ TEST_F(TestGetSecureRoot, test_get_security_options) { options = rmw_get_zero_initialized_security_options(); unsetenv_wrapper(ROS_SECURITY_ENCLAVE_OVERRIDE); putenv_wrapper( - ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "=" + ROS_SECURITY_KEYSTORE_VAR_NAME "=" TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME); ret = rcl_get_security_options_from_environment( TEST_ENCLAVE_ABSOLUTE, &allocator, &options); From 549913bcdf31d07d8bee732011d6596c479eb3e7 Mon Sep 17 00:00:00 2001 From: ruffsl Date: Mon, 13 Apr 2020 17:46:47 -0700 Subject: [PATCH 05/13] Update variables and functions root env -> keystore env Signed-off-by: ruffsl --- rcl/src/rcl/security.c | 16 ++++++++-------- rcl/test/rcl/test_security.cpp | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c index fcb6ee698..7e6752fcb 100644 --- a/rcl/src/rcl/security.c +++ b/rcl/src/rcl/security.c @@ -106,13 +106,13 @@ rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy) char * exact_match_lookup( const char * name, - const char * ros_secure_root_env, + const char * ros_secure_keystore_env, const rcl_allocator_t * allocator) { // Perform an exact match for the enclave name in directory . char * secure_root = NULL; char * enclaves_dir = NULL; - enclaves_dir = rcutils_join_path(ros_secure_root_env, "enclaves", *allocator); + enclaves_dir = rcutils_join_path(ros_secure_keystore_env, "enclaves", *allocator); // "/" case when root namespace is explicitly passed in if (0 == strcmp(name, "/")) { secure_root = enclaves_dir; @@ -161,13 +161,13 @@ char * rcl_get_secure_root( } // found a usable environment variable, copy into our memory before overwriting with next lookup - char * ros_secure_root_env = rcutils_strdup(env_buf, *allocator); + char * ros_secure_keystore_env = rcutils_strdup(env_buf, *allocator); char * secure_root = NULL; if (ros_secure_enclave_override) { - secure_root = rcutils_strdup(ros_secure_root_env, *allocator); + secure_root = rcutils_strdup(ros_secure_keystore_env, *allocator); } else { - secure_root = exact_match_lookup(name, ros_secure_root_env, allocator); + secure_root = exact_match_lookup(name, ros_secure_keystore_env, allocator); } if (NULL == secure_root || !rcutils_is_directory(secure_root)) { @@ -175,15 +175,15 @@ char * rcl_get_secure_root( if (NULL == secure_root) { RCL_SET_ERROR_MSG_WITH_FORMAT_STRING( "SECURITY ERROR: unable to find a folder matching the name '%s' in '%s'. ", - name, ros_secure_root_env); + name, ros_secure_keystore_env); } else { RCL_SET_ERROR_MSG_WITH_FORMAT_STRING( "SECURITY ERROR: directory '%s' does not exist.", secure_root); } - allocator->deallocate(ros_secure_root_env, allocator->state); + allocator->deallocate(ros_secure_keystore_env, allocator->state); allocator->deallocate(secure_root, allocator->state); return NULL; } - allocator->deallocate(ros_secure_root_env, allocator->state); + allocator->deallocate(ros_secure_keystore_env, allocator->state); return secure_root; } diff --git a/rcl/test/rcl/test_security.cpp b/rcl/test/rcl/test_security.cpp index d191bbee4..06a63a5b0 100644 --- a/rcl/test/rcl/test_security.cpp +++ b/rcl/test/rcl/test_security.cpp @@ -183,7 +183,7 @@ TEST_F(TestGetSecureRoot, nodeSecurityEnclaveOverride_validDirectory) { TEST_F( TestGetSecureRoot, - nodeSecurityEnclaveOverride_validDirectory_overrideRootDirectoryAttempt) { + nodeSecurityEnclaveOverride_validDirectory_overrideKeystoreAttempt) { /* Setting root dir has no effect */ putenv_wrapper(ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_RESOURCES_DIRECTORY); root_path = rcl_get_secure_root("name shouldn't matter", &allocator); From c72dffe847bb5db1eb5b9021923aa21c1ca03a03 Mon Sep 17 00:00:00 2001 From: ruffsl Date: Mon, 13 Apr 2020 17:47:45 -0700 Subject: [PATCH 06/13] Update docs and comments root env -> keystore env Signed-off-by: ruffsl --- rcl/src/rcl/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c index 7e6752fcb..d1edafa94 100644 --- a/rcl/src/rcl/security.c +++ b/rcl/src/rcl/security.c @@ -147,7 +147,7 @@ char * rcl_get_secure_root( return NULL; } if (0 == strcmp("", env_buf)) { - // check root directory if override enclave environment variable is empty + // check keystore directory if override enclave environment variable is empty if (rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf)) { return NULL; } From 8574ad65681fa6f8c6cf589bb4f5056e8bd942e1 Mon Sep 17 00:00:00 2001 From: ruffsl Date: Mon, 13 Apr 2020 19:53:15 -0700 Subject: [PATCH 07/13] Change enclave overide to set name instead dir Signed-off-by: ruffsl --- rcl/include/rcl/security.h | 2 +- rcl/src/rcl/security.c | 2 +- rcl/test/rcl/test_security.cpp | 41 ++++++++++++++++++++-------------- 3 files changed, 26 insertions(+), 19 deletions(-) diff --git a/rcl/include/rcl/security.h b/rcl/include/rcl/security.h index fef96397a..0de8777fa 100644 --- a/rcl/include/rcl/security.h +++ b/rcl/include/rcl/security.h @@ -103,7 +103,7 @@ rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy); * * However, this expansion can be overridden by setting the secure enclave override environment * (`ROS_SECURITY_ENCLAVE_OVERRIDE`) variable, allowing users to explicitly specify the exact enclave - * directory to be utilized. + * `name` to be utilized. * Such an override is useful for applications where the enclave is non-deterministic * before runtime, or when testing and using additional tools that may not otherwise be easily * provisioned. diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c index d1edafa94..d2f0f1b82 100644 --- a/rcl/src/rcl/security.c +++ b/rcl/src/rcl/security.c @@ -165,7 +165,7 @@ char * rcl_get_secure_root( char * secure_root = NULL; if (ros_secure_enclave_override) { - secure_root = rcutils_strdup(ros_secure_keystore_env, *allocator); + secure_root = exact_match_lookup(ros_secure_keystore_env, ros_secure_keystore_env, allocator); } else { secure_root = exact_match_lookup(name, ros_secure_keystore_env, allocator); } diff --git a/rcl/test/rcl/test_security.cpp b/rcl/test/rcl/test_security.cpp index 06a63a5b0..35a9024cd 100644 --- a/rcl/test/rcl/test_security.cpp +++ b/rcl/test/rcl/test_security.cpp @@ -173,30 +173,31 @@ TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch_multipleTokensName) secure_root_str.substr(secure_root_str.size() - strlen(TEST_ENCLAVE)).c_str()); } -TEST_F(TestGetSecureRoot, nodeSecurityEnclaveOverride_validDirectory) { - /* Specify a valid directory */ - putenv_wrapper(ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_RESOURCES_DIRECTORY); +TEST_F(TestGetSecureRoot, nodeSecurityEnclaveOverride_validEnclave) { + putenv_wrapper( + ROS_SECURITY_KEYSTORE_VAR_NAME "=" + TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME); + + /* Specify a valid enclave */ + putenv_wrapper(ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_ENCLAVE_ABSOLUTE); root_path = rcl_get_secure_root( "name shouldn't matter", &allocator); - ASSERT_STREQ(root_path, TEST_RESOURCES_DIRECTORY); + ASSERT_STREQ( + TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME + PATH_SEPARATOR "enclaves" PATH_SEPARATOR TEST_ENCLAVE, + root_path); } -TEST_F( - TestGetSecureRoot, - nodeSecurityEnclaveOverride_validDirectory_overrideKeystoreAttempt) { - /* Setting root dir has no effect */ - putenv_wrapper(ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_RESOURCES_DIRECTORY); - root_path = rcl_get_secure_root("name shouldn't matter", &allocator); - putenv_wrapper(ROS_SECURITY_KEYSTORE_VAR_NAME "=" TEST_RESOURCES_DIRECTORY); - ASSERT_STREQ(root_path, TEST_RESOURCES_DIRECTORY); -} +TEST_F(TestGetSecureRoot, nodeSecurityEnclaveOverride_invalidEnclave) { + putenv_wrapper( + ROS_SECURITY_KEYSTORE_VAR_NAME "=" + TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME); -TEST_F(TestGetSecureRoot, nodeSecurityEnclaveOverride_invalidDirectory) { /* The override provided should exist. Providing correct node/namespace/root dir won't help * if the node override is invalid. */ putenv_wrapper( ROS_SECURITY_ENCLAVE_OVERRIDE - "=TheresN_oWayThi_sDirectory_Exists_hence_this_should_fail"); + "=TheresN_oWayThi_sEnclave_Exists_hence_this_should_fail"); EXPECT_EQ( rcl_get_secure_root(TEST_ENCLAVE_ABSOLUTE, &allocator), (char *) NULL); @@ -215,14 +216,20 @@ TEST_F(TestGetSecureRoot, test_get_security_options) { putenv_wrapper(ROS_SECURITY_ENABLE_VAR_NAME "=true"); putenv_wrapper(ROS_SECURITY_STRATEGY_VAR_NAME "=Enforce"); + putenv_wrapper( + ROS_SECURITY_KEYSTORE_VAR_NAME "=" + TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME); putenv_wrapper( - ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_RESOURCES_DIRECTORY); + ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_ENCLAVE_MULTIPLE_TOKENS); ret = rcl_get_security_options_from_environment( "doesn't matter at all", &allocator, &options); ASSERT_EQ(RMW_RET_OK, ret) << rmw_get_error_string().str; EXPECT_EQ(RMW_SECURITY_ENFORCEMENT_ENFORCE, options.enforce_security); - EXPECT_STREQ(TEST_RESOURCES_DIRECTORY, options.security_root_path); + EXPECT_STREQ( + TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME + PATH_SEPARATOR "enclaves" TEST_ENCLAVE_MULTIPLE_TOKENS, + options.security_root_path); EXPECT_EQ(RMW_RET_OK, rmw_security_options_fini(&options, &allocator)); options = rmw_get_zero_initialized_security_options(); From 74b727e21c22a8361c638bc930559d7eeb4ffbc4 Mon Sep 17 00:00:00 2001 From: ruffsl Date: Tue, 14 Apr 2020 16:13:31 -0700 Subject: [PATCH 08/13] Store security env values with separate variables Signed-off-by: ruffsl --- rcl/src/rcl/security.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c index d2f0f1b82..57839a7f0 100644 --- a/rcl/src/rcl/security.c +++ b/rcl/src/rcl/security.c @@ -140,6 +140,7 @@ char * rcl_get_secure_root( return NULL; } + // check if enclave override environment variable is empty if (rcutils_get_env(ROS_SECURITY_ENCLAVE_OVERRIDE, &env_buf)) { return NULL; } @@ -147,27 +148,34 @@ char * rcl_get_secure_root( return NULL; } if (0 == strcmp("", env_buf)) { - // check keystore directory if override enclave environment variable is empty - if (rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf)) { - return NULL; - } - if (!env_buf) { - return NULL; - } - if (0 == strcmp("", env_buf)) { - return NULL; // environment variable was empty - } ros_secure_enclave_override = false; } + char * ros_secure_enclave_override_env = rcutils_strdup(env_buf, *allocator); - // found a usable environment variable, copy into our memory before overwriting with next lookup + // check if keystore environment variable is empty + if (rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf)) { + return NULL; + } + if (!env_buf) { + return NULL; + } + if (0 == strcmp("", env_buf)) { + return NULL; // environment variable was empty + } char * ros_secure_keystore_env = rcutils_strdup(env_buf, *allocator); + // given usable environment variables, overwrite with next lookup char * secure_root = NULL; if (ros_secure_enclave_override) { - secure_root = exact_match_lookup(ros_secure_keystore_env, ros_secure_keystore_env, allocator); + secure_root = exact_match_lookup( + ros_secure_enclave_override_env, + ros_secure_keystore_env, + allocator); } else { - secure_root = exact_match_lookup(name, ros_secure_keystore_env, allocator); + secure_root = exact_match_lookup( + name, + ros_secure_keystore_env, + allocator); } if (NULL == secure_root || !rcutils_is_directory(secure_root)) { @@ -180,6 +188,7 @@ char * rcl_get_secure_root( RCL_SET_ERROR_MSG_WITH_FORMAT_STRING( "SECURITY ERROR: directory '%s' does not exist.", secure_root); } + allocator->deallocate(ros_secure_enclave_override_env, allocator->state); allocator->deallocate(ros_secure_keystore_env, allocator->state); allocator->deallocate(secure_root, allocator->state); return NULL; From 1ee70948e81d8e79f36735a1bafe7f721d0ada2f Mon Sep 17 00:00:00 2001 From: ruffsl Date: Wed, 15 Apr 2020 13:29:52 -0700 Subject: [PATCH 09/13] Bubble up errors from rcutils_get_env Signed-off-by: ruffsl --- rcl/src/rcl/security.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c index 57839a7f0..bffb3b1a8 100644 --- a/rcl/src/rcl/security.c +++ b/rcl/src/rcl/security.c @@ -141,7 +141,9 @@ char * rcl_get_secure_root( } // check if enclave override environment variable is empty - if (rcutils_get_env(ROS_SECURITY_ENCLAVE_OVERRIDE, &env_buf)) { + char * error_str = rcutils_get_env(ROS_SECURITY_ENCLAVE_OVERRIDE, &env_buf); + if (error_str) { + RCUTILS_LOG_ERROR("rcutils_get_env failed: %s\n", error_str); return NULL; } if (!env_buf) { @@ -153,7 +155,9 @@ char * rcl_get_secure_root( char * ros_secure_enclave_override_env = rcutils_strdup(env_buf, *allocator); // check if keystore environment variable is empty - if (rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf)) { + char * error_str = rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf); + if (error_str) { + RCUTILS_LOG_ERROR("rcutils_get_env failed: %s\n", error_str); return NULL; } if (!env_buf) { From 802d3c6a203a6c040bd5e858f32ff81df9fec8e4 Mon Sep 17 00:00:00 2001 From: ruffsl Date: Wed, 15 Apr 2020 13:32:49 -0700 Subject: [PATCH 10/13] Deallocate enclave override env char upon error Signed-off-by: ruffsl --- rcl/src/rcl/security.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c index bffb3b1a8..7e983969c 100644 --- a/rcl/src/rcl/security.c +++ b/rcl/src/rcl/security.c @@ -158,12 +158,15 @@ char * rcl_get_secure_root( char * error_str = rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf); if (error_str) { RCUTILS_LOG_ERROR("rcutils_get_env failed: %s\n", error_str); + allocator->deallocate(ros_secure_enclave_override_env, allocator->state); return NULL; } if (!env_buf) { + allocator->deallocate(ros_secure_enclave_override_env, allocator->state); return NULL; } if (0 == strcmp("", env_buf)) { + allocator->deallocate(ros_secure_enclave_override_env, allocator->state); return NULL; // environment variable was empty } char * ros_secure_keystore_env = rcutils_strdup(env_buf, *allocator); From 3e067b45369963b17aec7c265b07271d73bd00b9 Mon Sep 17 00:00:00 2001 From: ruffsl Date: Wed, 15 Apr 2020 13:58:12 -0700 Subject: [PATCH 11/13] Fix tests for multiple tokens Signed-off-by: ruffsl --- rcl/test/rcl/test_security.cpp | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/rcl/test/rcl/test_security.cpp b/rcl/test/rcl/test_security.cpp index 35a9024cd..85aa9ba2e 100644 --- a/rcl/test/rcl/test_security.cpp +++ b/rcl/test/rcl/test_security.cpp @@ -38,8 +38,10 @@ # define PATH_SEPARATOR "\\" #endif -#define TEST_ENCLAVE_MULTIPLE_TOKENS \ - "/group1" PATH_SEPARATOR TEST_ENCLAVE +#define TEST_ENCLAVE_MULTIPLE_TOKENS_ABSOLUTE \ + "/group1" TEST_ENCLAVE_ABSOLUTE +#define TEST_ENCLAVE_MULTIPLE_TOKENS_DIR \ + "group1" PATH_SEPARATOR TEST_ENCLAVE char g_envstring[512] = {0}; @@ -165,7 +167,7 @@ TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch_multipleTokensName) TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME); secure_root = rcl_get_secure_root( - TEST_ENCLAVE_MULTIPLE_TOKENS, &allocator); + TEST_ENCLAVE_MULTIPLE_TOKENS_ABSOLUTE, &allocator); ASSERT_NE(nullptr, secure_root); std::string secure_root_str(secure_root); ASSERT_STREQ( @@ -221,14 +223,14 @@ TEST_F(TestGetSecureRoot, test_get_security_options) { TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME); putenv_wrapper( - ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_ENCLAVE_MULTIPLE_TOKENS); + ROS_SECURITY_ENCLAVE_OVERRIDE "=" TEST_ENCLAVE_MULTIPLE_TOKENS_ABSOLUTE); ret = rcl_get_security_options_from_environment( "doesn't matter at all", &allocator, &options); ASSERT_EQ(RMW_RET_OK, ret) << rmw_get_error_string().str; EXPECT_EQ(RMW_SECURITY_ENFORCEMENT_ENFORCE, options.enforce_security); EXPECT_STREQ( TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME - PATH_SEPARATOR "enclaves" TEST_ENCLAVE_MULTIPLE_TOKENS, + PATH_SEPARATOR "enclaves" PATH_SEPARATOR TEST_ENCLAVE_MULTIPLE_TOKENS_DIR, options.security_root_path); EXPECT_EQ(RMW_RET_OK, rmw_security_options_fini(&options, &allocator)); From 68a356ef59d7e29e9505a917b3931d75d24b2bd5 Mon Sep 17 00:00:00 2001 From: ruffsl Date: Thu, 16 Apr 2020 00:28:00 -0700 Subject: [PATCH 12/13] Fix redefinition of get_env_error_str Signed-off-by: ruffsl --- rcl/src/rcl/security.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c index 7e983969c..1dc6d6fc4 100644 --- a/rcl/src/rcl/security.c +++ b/rcl/src/rcl/security.c @@ -139,11 +139,12 @@ char * rcl_get_secure_root( if (NULL == name) { return NULL; } - + + const char * get_env_error_str = NULL; // check if enclave override environment variable is empty - char * error_str = rcutils_get_env(ROS_SECURITY_ENCLAVE_OVERRIDE, &env_buf); - if (error_str) { - RCUTILS_LOG_ERROR("rcutils_get_env failed: %s\n", error_str); + get_env_error_str = rcutils_get_env(ROS_SECURITY_ENCLAVE_OVERRIDE, &env_buf); + if (NULL != get_env_error_str) { + RCUTILS_LOG_ERROR("rcutils_get_env failed: %s\n", get_env_error_str); return NULL; } if (!env_buf) { @@ -155,9 +156,9 @@ char * rcl_get_secure_root( char * ros_secure_enclave_override_env = rcutils_strdup(env_buf, *allocator); // check if keystore environment variable is empty - char * error_str = rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf); - if (error_str) { - RCUTILS_LOG_ERROR("rcutils_get_env failed: %s\n", error_str); + get_env_error_str = rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf); + if (NULL != get_env_error_str) { + RCUTILS_LOG_ERROR("rcutils_get_env failed: %s\n", get_env_error_str); allocator->deallocate(ros_secure_enclave_override_env, allocator->state); return NULL; } From 0df6603a7356745d3e52102f935a579584d7242d Mon Sep 17 00:00:00 2001 From: Ruffin Date: Thu, 16 Apr 2020 08:23:55 -0700 Subject: [PATCH 13/13] Fix linter error Co-Authored-By: Mikael Arguedas Signed-off-by: ruffsl --- rcl/src/rcl/security.c | 1 - 1 file changed, 1 deletion(-) diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c index 1dc6d6fc4..a128c6651 100644 --- a/rcl/src/rcl/security.c +++ b/rcl/src/rcl/security.c @@ -139,7 +139,6 @@ char * rcl_get_secure_root( if (NULL == name) { return NULL; } - const char * get_env_error_str = NULL; // check if enclave override environment variable is empty get_env_error_str = rcutils_get_env(ROS_SECURITY_ENCLAVE_OVERRIDE, &env_buf);