diff options
author | Andrii Kalinich (GitHub) <AKalinich@luxoft.com> | 2018-06-05 20:08:44 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-06-05 20:08:44 +0300 |
commit | a7ba8634cc5de72d0a5bd8249ecbe38083d8c934 (patch) | |
tree | 416ca3931570624da7fb7464041d3ede6e4f19a8 /src/components/security_manager | |
parent | 112c685ae48d7cf939e3d2147453de1719862ec6 (diff) | |
parent | 31ed739ba05c6702600f76645132b40d8392587b (diff) | |
download | sdl_core-a7ba8634cc5de72d0a5bd8249ecbe38083d8c934.tar.gz |
Merge branch 'develop' into feature/get_system_time
Diffstat (limited to 'src/components/security_manager')
-rw-r--r-- | src/components/security_manager/docs/SDL.SDD.Security.dox (renamed from src/components/security_manager/docs/FORD.OpenSDL.SDD.Security.dox) | 28 | ||||
-rw-r--r-- | src/components/security_manager/docs/assets/sm_class_diagram.png (renamed from src/components/security_manager/docs/assets/sm_class_digram.png) | bin | 368935 -> 368935 bytes | |||
-rw-r--r-- | src/components/security_manager/docs/assets/sm_sequence_diagram_decryption.png (renamed from src/components/security_manager/docs/assets/sm_sequence_digram_decryption.png) | bin | 28014 -> 28014 bytes | |||
-rw-r--r-- | src/components/security_manager/docs/assets/sm_sequence_diagram_encryption.png (renamed from src/components/security_manager/docs/assets/sm_sequence_digram_encryption.png) | bin | 22326 -> 22326 bytes | |||
-rw-r--r-- | src/components/security_manager/docs/assets/sm_sequence_diagram_init.png (renamed from src/components/security_manager/docs/assets/sm_sequence_digram_init.png) | bin | 119018 -> 119018 bytes | |||
-rw-r--r-- | src/components/security_manager/docs/assets/sm_sequence_diagram_verify.png (renamed from src/components/security_manager/docs/assets/sm_sequence_digram_verify.png) | bin | 39820 -> 39820 bytes | |||
-rw-r--r-- | src/components/security_manager/src/crypto_manager_impl.cc | 5 | ||||
-rw-r--r-- | src/components/security_manager/src/ssl_context_impl.cc | 2 | ||||
-rw-r--r-- | src/components/security_manager/test/ssl_context_test.cc | 59 |
9 files changed, 57 insertions, 37 deletions
diff --git a/src/components/security_manager/docs/FORD.OpenSDL.SDD.Security.dox b/src/components/security_manager/docs/SDL.SDD.Security.dox index 42da2364d3..ba35bc116e 100644 --- a/src/components/security_manager/docs/FORD.OpenSDL.SDD.Security.dox +++ b/src/components/security_manager/docs/SDL.SDD.Security.dox @@ -32,12 +32,12 @@ deployment concepts, to accomplish their respective tasks without reliance on th \anchor security_manager_rationale ## 1.1 Rationale Security Manager implements SDL Architectural Solution according to: -- https://smartdevicelink.com/en/guides/core/software-architecture-document/components-view/#security-manager +- https://smartdevicelink.com/en/docs/sdl-core/master/software-architecture-document/components-view/#security-manager \anchor security_manager_scope ## 1.2 Scope Security Manager component extracted as a separate module for -Ford channel data protection. +SDL channel data protection. This components is used to: - Provide security communications - Protect income and outcome business layer data from interception @@ -100,30 +100,30 @@ protocol layer response on handshake procedure finish. \anchor security_manager_class_structure ### 2.2 Class Structure -The following UML class digram shows the component structure. -![Security Manager class diagram](sm_class_digram.png) -For more information about class digram follow: +The following UML class diagram shows the component structure. +![Security Manager class diagram](sm_class_diagram.png) +For more information about class diagram follow: - http://www.uml-diagrams.org/class-diagrams-overview.htqml - https://sourcemaking.com/uml/modeling-it-systems/structural-view/class-diagram \anchor security_manager_sequence_diagram ### 2.3 Sequence diagram -The following UML sequence digram shows the component dynamic behavior. -For more information about sequence digram follow: +The following UML sequence diagram shows the component dynamic behavior. +For more information about sequence diagram follow: - http://www.uml-diagrams.org/sequence-diagrams.html - https://sourcemaking.com/uml/modeling-it-systems/external-view/use-case-sequence-diagram Security first initialization on session: -![Start encryption](sm_sequence_digram_init.png) +![Start encryption](sm_sequence_diagram_init.png) Security initialization for service on session with already initialized security: -![Initialization](sm_sequence_digram_verify.png) +![Initialization](sm_sequence_diagram_verify.png) Decryption procedure: -![Decryption](sm_sequence_digram_decryption.png) +![Decryption](sm_sequence_diagram_decryption.png) Encryption procedure: -![Encryption](sm_sequence_digram_encryption.png) +![Encryption](sm_sequence_diagram_encryption.png) \anchor security_manager_state_chart ### 2.4 State chart diagram @@ -215,7 +215,7 @@ data using OpenSSl API. \page security_manager_references_and_history 5 References and history \anchor security_manager_references ### 5.1 References -- [Software Architecture Document](https://smartdevicelink.com/en/guides/core/software-architecture-document/table-of-contents/) +- [Software Architecture Document](https://smartdevicelink.com/en/docs/sdl-core/master/software-architecture-document/table-of-contents/) - [OpenSSL API](https://www.openssl.org/docs/manmaster/ssl/) - [TLS 1.1 RFC](https://tools.ietf.org/html/rfc4346) - [TLS 1.2 RFC](https://tools.ietf.org/html/rfc5246) @@ -236,6 +236,6 @@ Document approve history | | | | | For more precise document change history follow github history - -- https://github.com/smartdevicelink/sdl_core/commits/master/src/components/security_manager/docs/security_manager_software_detailed_design.dox -- https://github.com/smartdevicelink/sdl_core/commits/develop/src/components/security_manager/docs/security_manager_software_detailed_design.dox +- https://github.com/smartdevicelink/sdl_core/commits/master/src/components/security_manager/docs/SDL.SDD.Security.dox +- https://github.com/smartdevicelink/sdl_core/commits/develop/src/components/security_manager/docs/SDL.SDD.Security.dox */
\ No newline at end of file diff --git a/src/components/security_manager/docs/assets/sm_class_digram.png b/src/components/security_manager/docs/assets/sm_class_diagram.png Binary files differindex 61e300f4e7..61e300f4e7 100644 --- a/src/components/security_manager/docs/assets/sm_class_digram.png +++ b/src/components/security_manager/docs/assets/sm_class_diagram.png diff --git a/src/components/security_manager/docs/assets/sm_sequence_digram_decryption.png b/src/components/security_manager/docs/assets/sm_sequence_diagram_decryption.png Binary files differindex 849fe45b88..849fe45b88 100644 --- a/src/components/security_manager/docs/assets/sm_sequence_digram_decryption.png +++ b/src/components/security_manager/docs/assets/sm_sequence_diagram_decryption.png diff --git a/src/components/security_manager/docs/assets/sm_sequence_digram_encryption.png b/src/components/security_manager/docs/assets/sm_sequence_diagram_encryption.png Binary files differindex 66dffd265e..66dffd265e 100644 --- a/src/components/security_manager/docs/assets/sm_sequence_digram_encryption.png +++ b/src/components/security_manager/docs/assets/sm_sequence_diagram_encryption.png diff --git a/src/components/security_manager/docs/assets/sm_sequence_digram_init.png b/src/components/security_manager/docs/assets/sm_sequence_diagram_init.png Binary files differindex 334b42b258..334b42b258 100644 --- a/src/components/security_manager/docs/assets/sm_sequence_digram_init.png +++ b/src/components/security_manager/docs/assets/sm_sequence_diagram_init.png diff --git a/src/components/security_manager/docs/assets/sm_sequence_digram_verify.png b/src/components/security_manager/docs/assets/sm_sequence_diagram_verify.png Binary files differindex cb040c918b..cb040c918b 100644 --- a/src/components/security_manager/docs/assets/sm_sequence_digram_verify.png +++ b/src/components/security_manager/docs/assets/sm_sequence_diagram_verify.png diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index 8db1d633a7..bdf266fda8 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -142,8 +142,13 @@ bool CryptoManagerImpl::Init() { #endif switch (get_settings().security_manager_protocol_name()) { case SSLv3: +#ifdef OPENSSL_NO_SSL3 + LOG4CXX_WARN(logger_, "OpenSSL does not support SSL3 protocol"); + return false; +#else method = is_server ? SSLv3_server_method() : SSLv3_client_method(); break; +#endif case TLSv1: method = is_server ? TLSv1_server_method() : TLSv1_client_method(); break; diff --git a/src/components/security_manager/src/ssl_context_impl.cc b/src/components/security_manager/src/ssl_context_impl.cc index 69e22dc44e..bccb885511 100644 --- a/src/components/security_manager/src/ssl_context_impl.cc +++ b/src/components/security_manager/src/ssl_context_impl.cc @@ -354,7 +354,7 @@ bool CryptoManagerImpl::SSLContextImpl::WriteHandshakeData( if (ret <= 0) { is_handshake_pending_ = false; ResetConnection(); - return Handshake_Result_AbnormalFail; + return false; } } return true; diff --git a/src/components/security_manager/test/ssl_context_test.cc b/src/components/security_manager/test/ssl_context_test.cc index 945059e58c..a77cd98b27 100644 --- a/src/components/security_manager/test/ssl_context_test.cc +++ b/src/components/security_manager/test/ssl_context_test.cc @@ -228,7 +228,7 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { GetParam().server_ciphers_list); const bool crypto_manager_initialization = crypto_manager->Init(); - EXPECT_TRUE(crypto_manager_initialization); + ASSERT_TRUE(crypto_manager_initialization); mock_client_manager_settings_ = utils::MakeShared< NiceMock<security_manager_test::MockCryptoManagerSettings> >(); @@ -241,7 +241,7 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { GetParam().client_ciphers_list); const bool client_manager_initialization = client_manager->Init(); - EXPECT_TRUE(client_manager_initialization); + ASSERT_TRUE(client_manager_initialization); server_ctx = crypto_manager->CreateSSLContext(); client_ctx = client_manager->CreateSSLContext(); @@ -261,9 +261,12 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { } void TearDown() OVERRIDE { - crypto_manager->ReleaseSSLContext(server_ctx); - client_manager->ReleaseSSLContext(client_ctx); - + if (crypto_manager) { + crypto_manager->ReleaseSSLContext(server_ctx); + } + if (client_manager) { + client_manager->ReleaseSSLContext(client_ctx); + } delete crypto_manager; delete client_manager; } @@ -303,10 +306,10 @@ class SSLTestParam : public testing::TestWithParam<ProtocolAndCipher> { mock_crypto_manager_settings_; utils::SharedPtr<NiceMock<security_manager_test::MockCryptoManagerSettings> > mock_client_manager_settings_; - security_manager::CryptoManager* crypto_manager; - security_manager::CryptoManager* client_manager; - security_manager::SSLContext* server_ctx; - security_manager::SSLContext* client_ctx; + security_manager::CryptoManager* crypto_manager = NULL; + security_manager::CryptoManager* client_manager = NULL; + security_manager::SSLContext* server_ctx = NULL; + security_manager::SSLContext* client_ctx = NULL; std::string certificate_data_base64_; }; @@ -323,11 +326,15 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1_1, kFordCipher, - kFordCipher), + kFordCipher) +#ifndef OPENSSL_NO_SSL3 + , ProtocolAndCipher(security_manager::SSLv3, security_manager::SSLv3, kFordCipher, - kFordCipher))); + kFordCipher) +#endif + )); INSTANTIATE_TEST_CASE_P( IncorrectProtocolAndCiphers, @@ -336,18 +343,10 @@ INSTANTIATE_TEST_CASE_P( security_manager::TLSv1_1, kFordCipher, kFordCipher), - ProtocolAndCipher(security_manager::TLSv1, - security_manager::SSLv3, - kFordCipher, - kFordCipher), ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1, kFordCipher, kFordCipher), - ProtocolAndCipher(security_manager::TLSv1_1, - security_manager::SSLv3, - kFordCipher, - kFordCipher), ProtocolAndCipher(security_manager::TLSv1_2, security_manager::TLSv1, kFordCipher, @@ -355,6 +354,16 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::TLSv1_2, security_manager::TLSv1_1, kFordCipher, + kFordCipher) +#ifndef OPENSSL_NO_SSL3 + , + ProtocolAndCipher(security_manager::TLSv1, + security_manager::SSLv3, + kFordCipher, + kFordCipher), + ProtocolAndCipher(security_manager::TLSv1_1, + security_manager::SSLv3, + kFordCipher, kFordCipher), ProtocolAndCipher(security_manager::TLSv1_2, security_manager::SSLv3, @@ -367,7 +376,9 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::SSLv3, security_manager::TLSv1_1, kFordCipher, - kFordCipher))); + kFordCipher) +#endif + )); TEST_F(SSLTest, OnTSL2Protocol_BrokenHandshake) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, @@ -521,11 +532,15 @@ INSTANTIATE_TEST_CASE_P( ProtocolAndCipher(security_manager::TLSv1_1, security_manager::TLSv1_2, kFordCipher, - kFordCipher), + kFordCipher) +#ifndef OPENSSL_NO_SSL3 + , ProtocolAndCipher(security_manager::SSLv3, security_manager::TLSv1_2, kFordCipher, - kFordCipher))); + kFordCipher) +#endif + )); TEST_P(SSLTestForTLS1_2, HandshakeFailed) { ASSERT_EQ(security_manager::SSLContext::Handshake_Result_Success, |