Add support for DTLS encryption protocol

Added initial implementation
author: Andriy Byzhynar <AByzhynar@luxoft.com> 2018-02-13 17:32:44 +0200
committer: Andrii Kalinich <AKalinich@luxoft.com> 2018-06-18 18:50:54 +0300
commit: a0a2951999d10dcf3c27e1a5a854cf6a28167021 (patch)
tree: 5fdf7d09e9fbe7789b8be9de08344a5f94cf288f
parent: 7f4db1878dc618e3d8454d9b70b665bf79fea5ed (diff)
download: sdl_core-a0a2951999d10dcf3c27e1a5a854cf6a28167021.tar.gz
4 files changed, 25 insertions, 2 deletions
diff --git a/src/appMain/smartDeviceLink.ini b/src/appMain/smartDeviceLink.ini
index d201a0736e..26b5c8a295 100644
--- a/src/appMain/smartDeviceLink.ini
+++ b/src/appMain/smartDeviceLink.ini
@@ -153,6 +153,7 @@ AppInfoStorage = app_info.dat
 
 [Security Manager]
 Protocol = TLSv1.2
+;Protocol = DTLSv1.0
 ; Certificate and key path to pem file
 CertificatePath = mycert.pem
 KeyPath         = mykey.pem
diff --git a/src/components/include/security_manager/security_manager_settings.h b/src/components/include/security_manager/security_manager_settings.h
index c6b97f85cc..e8ce5f84bf 100644
--- a/src/components/include/security_manager/security_manager_settings.h
+++ b/src/components/include/security_manager/security_manager_settings.h
@@ -33,9 +33,12 @@
 #ifndef SRC_COMPONENTS_INCLUDE_SECURITY_MANAGER_SECURITY_MANAGER_SETTINGS_H_
 #define SRC_COMPONENTS_INCLUDE_SECURITY_MANAGER_SECURITY_MANAGER_SETTINGS_H_
 
+#include <stddef.h>
+#include <string>
+
 namespace security_manager {
 enum Mode { CLIENT, SERVER };
-enum Protocol { SSLv3, TLSv1, TLSv1_1, TLSv1_2 };
+enum Protocol { SSLv3, TLSv1, TLSv1_1, TLSv1_2, DTLSv1 };
 /**
  * \class ConnectionHandlerSettings
  * \brief Interface for connection handler component settings.
diff --git a/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h
index 1e4699b77a..4775436b74 100644
--- a/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h
+++ b/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h
@@ -17,6 +17,7 @@ class CryptoManagerSettingsImpl : public CryptoManagerSettings {
     return profile_.ssl_mode() == "SERVER" ? security_manager::SERVER
                                            : security_manager::CLIENT;
   }
+
   Protocol security_manager_protocol_name() const OVERRIDE {
     CREATE_LOGGERPTR_LOCAL(logger_, "SecurityManager")
 
@@ -33,26 +34,36 @@ class CryptoManagerSettingsImpl : public CryptoManagerSettings {
     if (protocol_str == "SSLv3") {
       return security_manager::SSLv3;
     }
+    if (protocol_str == "DTLSv1.0") {
+      return security_manager::DTLSv1;
+    }
+
     LOG4CXX_ERROR(
         logger_,
         "Unknown protocol: " << profile_.security_manager_protocol_name());
     return static_cast<security_manager::Protocol>(-1);
   }
+
   bool verify_peer() const OVERRIDE {
     return profile_.verify_peer();
   }
+
   const std::string& certificate_data() const OVERRIDE {
     return certificate_data_;
   }
+
   const std::string& ciphers_list() const OVERRIDE {
     return profile_.ciphers_list();
   }
+
   const std::string& ca_cert_path() const OVERRIDE {
     return profile_.ca_cert_path();
   }
+
   size_t update_before_hours() const OVERRIDE {
     return profile_.update_before_hours();
   }
+
   size_t maximum_payload_size() const OVERRIDE {
     return profile_.maximum_payload_size();
   }
@@ -61,5 +72,5 @@ class CryptoManagerSettingsImpl : public CryptoManagerSettings {
   const profile::Profile& profile_;
   const std::string certificate_data_;
 };
-}
+}  // namespace security_manager
 #endif  // SRC_COMPONENTS_SECURITY_MANAGER_INCLUDE_SECURITY_MANAGER_CRYPTO_MANAGER_SETTINGS_IMPL_H_
diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc
index 1e1b4ef44a..1d95edcec2 100644
--- a/src/components/security_manager/src/crypto_manager_impl.cc
+++ b/src/components/security_manager/src/crypto_manager_impl.cc
@@ -145,13 +145,16 @@ bool CryptoManagerImpl::Init() {
       LOG4CXX_WARN(logger_, "OpenSSL does not support SSL3 protocol");
       return false;
 #else
+      LOG4CXX_DEBUG(logger_, "SSLv3 is used");
       method = is_server ? SSLv3_server_method() : SSLv3_client_method();
       break;
 #endif
     case TLSv1:
+      LOG4CXX_DEBUG(logger_, "TLSv1 is used");
       method = is_server ? TLSv1_server_method() : TLSv1_client_method();
       break;
     case TLSv1_1:
+      LOG4CXX_DEBUG(logger_, "TLSv1_1 is used");
 #if OPENSSL_VERSION_NUMBER < TLS1_1_MINIMAL_VERSION
       LOG4CXX_WARN(
           logger_,
@@ -162,6 +165,7 @@ bool CryptoManagerImpl::Init() {
 #endif
       break;
     case TLSv1_2:
+      LOG4CXX_DEBUG(logger_, "TLSv1_2 is used");
 #if OPENSSL_VERSION_NUMBER < TLS1_1_MINIMAL_VERSION
       LOG4CXX_WARN(
           logger_,
@@ -171,6 +175,10 @@ bool CryptoManagerImpl::Init() {
       method = is_server ? TLSv1_2_server_method() : TLSv1_2_client_method();
 #endif
       break;
+    case DTLSv1:
+      LOG4CXX_DEBUG(logger_, "DTLSv1 is used");
+      method = is_server ? DTLSv1_server_method() : DTLSv1_client_method();
+      break;
     default:
       LOG4CXX_ERROR(logger_,
                     "Unknown protocol: "
author	Andriy Byzhynar <AByzhynar@luxoft.com>	2018-02-13 17:32:44 +0200
committer	Andrii Kalinich <AKalinich@luxoft.com>	2018-06-18 18:50:54 +0300
commit	a0a2951999d10dcf3c27e1a5a854cf6a28167021 (patch)
tree	5fdf7d09e9fbe7789b8be9de08344a5f94cf288f
parent	7f4db1878dc618e3d8454d9b70b665bf79fea5ed (diff)
download	sdl_core-a0a2951999d10dcf3c27e1a5a854cf6a28167021.tar.gz