cyclonedds
cyclonedds copied to clipboard
Published
20 hours ago •
eclipse-cyclonedds
eclipse-cyclonedds
cunit_security_core Unit Tests Failing on Android (cryptography_wrapper.c:369: handle == 0 || handle > 4096)
Hello,
I am not so much familiar with DDS framework innerworkings but I am trying to build CycloneDDS for Android using NDK 23. I have the security feature enabled (ENABLE_SECURITY, ENABLE_SSL). I am trying this on different branches such as releases/0.7.x to releases/0.10.x.
I was able to successfully generate openssl and CycloneDDS related binary and libraries and push it under /odm/bin and /odm/lib64 directories in my ARM64 based Android platform. I also successfully generated unit test binaries and pushed them to /odm/bin as well.
Now I am running the unit tests in order to verify the porting efforts. I am running the unit tests from under /odm/bin directory. Most of the unit test binaries are successfully executed and gives no failure. This also includes cunit_security_plugins. However, during the execution of cunit_security_core unit tests I am getting 23 failures for which I haven't been able to find the root cause yet. I noticed that during unit test execution many additional files are used such as certificates. I pushed all of them under /etc/config and made sure the path is correctly changed inside related CMake files.
src/security/core/tests/CMakeLists.txt
if(BUILD_ANDROID)
set(common_etc_dir "/etc/config")
set(plugin_wrapper_lib_dir "/odm/lib64")
else()
set(common_etc_dir "${CMAKE_CURRENT_SOURCE_DIR}/common/etc")
set(plugin_wrapper_lib_dir "${CMAKE_CURRENT_BINARY_DIR}")
endif()
The failures looks as follows;
failed tests
- ddssec_access_control permissions_expiry_multiple
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_access_control encoding_mismatch_rtps
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_access_control encoding_mismatch_discovery
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_access_control encoding_mismatch_liveliness
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_access_control encoding_mismatch_metadata
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_access_control encoding_mismatch_payload
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_access_control readwrite_protection
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_access_control denied_topic
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_access_control partition
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_access_control config_parameters_file
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_access_control permissions_expiry
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_access_control hooks
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_access_control join_access_control
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_access_control discovery_liveliness_protection
assertion failure: src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
- ddssec_secure_communication protection_kinds
assertion failure: src/security/core/tests/secure_communication.c:134: doms[d] > 0
- ddssec_secure_communication discovery_liveliness_protection
assertion failure: src/security/core/tests/secure_communication.c:134: doms[d] > 0
- ddssec_secure_communication check_encrypted_secret
assertion failure: src/security/core/tests/secure_communication.c:134: doms[d] > 0
- ddssec_secure_communication multiple_readers
assertion failure: src/security/core/tests/secure_communication.c:134: doms[d] > 0
- ddssec_secure_communication multiple_readers_writers
assertion failure: src/security/core/tests/secure_communication.c:134: doms[d] > 0
I printed some debug messages to check any anomalies but unable to identify any anomaly. Printed debug messages for permissions_expiry_multiple is given below;
!!!***permissions_expiry_multiple---
!!!***permissions_expiry_multiple---topic_name: ddssec_access_control_0_pid8191_tid8191
!!!***permissions_expiry_multiple---rules_xml: <allow_rule> <domains><id_range><min>0</min><max>230</max></id_range></domains> <publish> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </publish> <subscribe> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </subscribe> </allow_rule>
1690315155.333428 creating permissions grants
!!!***permissions_expiry_multiple---gov[0]: file:/etc/config/default_governance.p7s
!!!***permissions_expiry_multiple---perm_ca[0]: file:/etc/config/default_permissions_ca.pem
!!!***permissions_expiry_multiple---gov[1]: file:/etc/config/default_governance.p7s
!!!***permissions_expiry_multiple---perm_ca[1]: file:/etc/config/default_permissions_ca.pem
1690315155.377562 w[0] grant expires at 1690315161.000000
!!!***w[0] grant expires at 1690315161.000000
!!!***permissions_expiry_multiple---gov[2]: file:/etc/config/default_governance.p7s
!!!***permissions_expiry_multiple---perm_ca[2]: file:/etc/config/default_permissions_ca.pem
1690315155.397915 w[1] grant expires at 1690315163.000000
!!!***w[1] grant expires at 1690315163.000000
!!!***permissions_expiry_multiple---gov[3]: file:/etc/config/default_governance.p7s
!!!***permissions_expiry_multiple---perm_ca[3]: file:/etc/config/default_permissions_ca.pem
1690315155.418589 w[2] grant expires at 1690315165.000000
!!!***w[2] grant expires at 1690315165.000000
!!!***permissions_expiry_multiple---perm_config_str: data:,MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----C5021801F64B68F823AA3384272834E3"
This is an S/MIME signed message
------C5021801F64B68F823AA3384272834E3
Content-Type: text/plain
<?xml version="1.0" encoding="utf-8"?><dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd"> <permissions> <grant name="id_0"> <subject_name>/C=NL/O=Example Organization/CN=id_0/[email protected]</subject_name> <validity><not_before>2023-07-25T19:59:15Z</not_before><not_after>2023-07-25T20:59:16Z</not_after></validity> <allow_rule> <domains><id_range><min>0</min><max>230</max></id_range></domains> <publish> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </publish> <subscribe> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </subscribe> </allow_rule> <default>DENY</default> </grant> <grant name="id_1"> <subject_name>/C=NL/O=Example Organization/CN=id_1/[email protected]</subject_name> <validity><not_before>2023-07-25T19:59:15Z</not_before><not_after>2023-07-25T19:59:21Z</not_after></validity> <allow_rule> <domains><id_range><min>0</min><max>230</max></id_range></domains> <publish> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </publish> <subscribe> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </subscribe> </allow_rule> <default>DENY</default> </grant> <grant name="id_2"> <subject_name>/C=NL/O=Example Organization/CN=id_2/[email protected]</subject_name> <validity><not_before>2023-07-25T19:59:15Z</not_before><not_after>2023-07-25T19:59:23Z</not_after></validity> <allow_rule> <domains><id_range><min>0</min><max>230</max></id_range></domains> <publish> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </publish> <subscribe> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </subscribe> </allow_rule> <default>DENY</default> </grant> <grant name="id_3"> <subject_name>/C=NL/O=Example Organization/CN=id_3/[email protected]</subject_name> <validity><not_before>2023-07-25T19:59:15Z</not_before><not_after>2023-07-25T19:59:25Z</not_after></validity> <allow_rule> <domains><id_range><min>0</min><max>230</max></id_range></domains> <publish> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </publish> <subscribe> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </subscribe> </allow_rule> <default>DENY</default> </grant> </permissions></dds>
------C5021801F64B68F823AA3384272834E3
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
!!!***---access_control_init---init domain 0
1690315155.429566 init domain 0
!!!***access_control_init---conf: <Domain id="any"> <Discovery> <ExternalDomainId>0</ExternalDomainId> <Tag>${CYCLONEDDS_PID}</Tag> </Discovery> <Security> <Authentication> <Library finalizeFunction="finalize_test_authentication_wrapped" initFunction="init_test_authentication_wrapped" path="/odm/lib64/libdds_security_authentication_wrapper.so"/> <IdentityCertificate>data:,-----BEGIN CERTIFICATE-----
</IdentityCA> </Authentication> <AccessControl> <Library initFunction="init_test_access_control_wrapped" finalizeFunction="finalize_test_access_control_wrapped" path="/odm/lib64/libdds_security_access_control_wrapper.so"/> <Governance><![CDATA[file:/etc/config/default_governance.p7s]]></Governance> <PermissionsCA>file:/etc/config/default_permissions_ca.pem</PermissionsCA> <Permissions><![CDATA[data:,MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----C5021801F64B68F823AA3384272834E3"
This is an S/MIME signed message
------C5021801F64B68F823AA3384272834E3
Content-Type: text/plain
<?xml version="1.0" encoding="utf-8"?><dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd"> <permissions> <grant name="id_0"> <subject_name>/C=NL/O=Example Organization/CN=id_0/[email protected]</subject_name> <validity><not_before>2023-07-25T19:59:15Z</not_before><not_after>2023-07-25T20:59:16Z</not_after></validity> <allow_rule> <domains><id_range><min>0</min><max>230</max></id_range></domains> <publish> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </publish> <subscribe> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </subscribe> </allow_rule> <default>DENY</default> </grant> <grant name="id_1"> <subject_name>/C=NL/O=Example Organization/CN=id_1/[email protected]</subject_name> <validity><not_before>2023-07-25T19:59:15Z</not_before><not_after>2023-07-25T19:59:21Z</not_after></validity> <allow_rule> <domains><id_range><min>0</min><max>230</max></id_range></domains> <publish> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </publish> <subscribe> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </subscribe> </allow_rule> <default>DENY</default> </grant> <grant name="id_2"> <subject_name>/C=NL/O=Example Organization/CN=id_2/[email protected]</subject_name> <validity><not_before>2023-07-25T19:59:15Z</not_before><not_after>2023-07-25T19:59:23Z</not_after></validity> <allow_rule> <domains><id_range><min>0</min><max>230</max></id_range></domains> <publish> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </publish> <subscribe> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </subscribe> </allow_rule> <default>DENY</default> </grant> <grant name="id_3"> <subject_name>/C=NL/O=Example Organization/CN=id_3/[email protected]</subject_name> <validity><not_before>2023-07-25T19:59:15Z</not_before><not_after>2023-07-25T19:59:25Z</not_after></validity> <allow_rule> <domains><id_range><min>0</min><max>230</max></id_range></domains> <publish> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </publish> <subscribe> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </subscribe> </allow_rule> <default>DENY</default> </grant> </permissions></dds>
------C5021801F64B68F823AA3384272834E3
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
]]></Permissions> </AccessControl> <Cryptographic> <Library initFunction="init_test_cryptography_wrapped" finalizeFunction="finalize_test_cryptography_wrapped" path="/odm/lib64/libdds_security_cryptography_wrapper.so"/> </Cryptographic> </Security></Domain>
!!!***domain: 0
!!!***config: <Domain id="any"> <Discovery> <ExternalDomainId>0</ExternalDomainId> <Tag>${CYCLONEDDS_PID}</Tag> </Discovery> <Security> <Authentication> <Library finalizeFunction="finalize_test_authentication_wrapped" initFunction="init_test_authentication_wrapped" path="/odm/lib64/libdds_security_authentication_wrapper.so"/> <IdentityCertificate>data:,-----BEGIN CERTIFICATE-----
</IdentityCA> </Authentication> <AccessControl> <Library initFunction="init_test_access_control_wrapped" finalizeFunction="finalize_test_access_control_wrapped" path="/odm/lib64/libdds_security_access_control_wrapper.so"/> <Governance><![CDATA[file:/etc/config/default_governance.p7s]]></Governance> <PermissionsCA>file:/etc/config/default_permissions_ca.pem</PermissionsCA> <Permissions><![CDATA[data:,MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----C5021801F64B68F823AA3384272834E3"
This is an S/MIME signed message
------C5021801F64B68F823AA3384272834E3
Content-Type: text/plain
<?xml version="1.0" encoding="utf-8"?><dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd"> <permissions> <grant name="id_0"> <subject_name>/C=NL/O=Example Organization/CN=id_0/[email protected]</subject_name> <validity><not_before>2023-07-25T19:59:15Z</not_before><not_after>2023-07-25T20:59:16Z</not_after></validity> <allow_rule> <domains><id_range><min>0</min><max>230</max></id_range></domains> <publish> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </publish> <subscribe> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </subscribe> </allow_rule> <default>DENY</default> </grant> <grant name="id_1"> <subject_name>/C=NL/O=Example Organization/CN=id_1/[email protected]</subject_name> <validity><not_before>2023-07-25T19:59:15Z</not_before><not_after>2023-07-25T19:59:21Z</not_after></validity> <allow_rule> <domains><id_range><min>0</min><max>230</max></id_range></domains> <publish> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </publish> <subscribe> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </subscribe> </allow_rule> <default>DENY</default> </grant> <grant name="id_2"> <subject_name>/C=NL/O=Example Organization/CN=id_2/[email protected]</subject_name> <validity><not_before>2023-07-25T19:59:15Z</not_before><not_after>2023-07-25T19:59:23Z</not_after></validity> <allow_rule> <domains><id_range><min>0</min><max>230</max></id_range></domains> <publish> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </publish> <subscribe> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </subscribe> </allow_rule> <default>DENY</default> </grant> <grant name="id_3"> <subject_name>/C=NL/O=Example Organization/CN=id_3/[email protected]</subject_name> <validity><not_before>2023-07-25T19:59:15Z</not_before><not_after>2023-07-25T19:59:25Z</not_after></validity> <allow_rule> <domains><id_range><min>0</min><max>230</max></id_range></domains> <publish> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </publish> <subscribe> <topics><topic>ddssec_access_control_0_pid8191_tid8191</topic></topics> <partitions><partition>*</partition></partitions> </subscribe> </allow_rule> <default>DENY</default> </grant> </permissions></dds>
------C5021801F64B68F823AA3384272834E3
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
suite ddssec_access_control test permissions_expiry_multiple: assertion failure: /src/security/core/tests/common/cryptography_wrapper.c:369: handle == 0 || handle > 4096
Assertion failures indicate that the failures are related to following piece of code;
static DDS_Security_long_long check_handle(DDS_Security_long_long handle)
{
/* Assume that handle, which actually is a pointer, has a value that is likely to be
a valid memory address and not a value returned by the mock implementation. */
CU_ASSERT_FATAL (handle == 0 || handle > 4096);
return handle;
}
The platform is rooted, verity disabled, and in SELinux permissive mode so I highly doubt any permission issue regarding the Android platform here. I would appreciate any clues as to what I might be missing regarding these failed tests that are running on Android platform.
Thank you very much in advance.
