domain_bridge
domain_bridge copied to clipboard
Enabling ROS 2 Security
Hi,
I want to connect two domains, one of which is secured with sros2. I created a simple demo that should connect secured demo_nodes_cpp/talker
through domain_bridge/domain_bridge
on domain ID=0 to unsecured demo_nodes_cpp/listener
on domain ID=1.
First, generate keys and certificates as in the sros2 tutorial. We will use /talker_listener/talker
enclave for bridge, as by default it doesn't apply any access control and will work with any nodes and topics.
cd ~/sros2_demo
ros2 security create_keystore demo_keystore
ros2 security create_enclave demo_keystore /talker_listener/talker
ros2 security create_enclave demo_keystore /talker_listener/listener
Terminal 1:
export ROS_DOMAIN_ID=0
export ROS_SECURITY_KEYSTORE=~/sros2_demo/demo_keystore
export ROS_SECURITY_ENABLE=true
export ROS_SECURITY_STRATEGY=Enforce
ros2 run demo_nodes_cpp talker --ros-args --enclave /talker_listener/talker
Terminal 2:
export ROS_DOMAIN_ID=1
ros2 run demo_nodes_cpp listener
Terminal 3:
export ROS_DOMAIN_ID=0
export ROS_SECURITY_KEYSTORE=~/sros2_demo/demo_keystore
export ROS_SECURITY_ENABLE=true
export ROS_SECURITY_STRATEGY=Enforce
ros2 run domain_bridge domain_bridge bridge.yaml --ros-args --enclave /talker_listener/talker
bridge.yaml:
name: my_domain_bridge
topics:
chatter:
from_domain: 0
to_domain: 1
type: std_msgs/msg/String
Expected result
Bridge receives secured messages and publishes them as unsecured.
Actual result
Bridge crashes with following logs:
[INFO] [1686655410.275770214] [rcl]: Found security directory: /home/ros/sros2_demo/demo_keystore/enclaves/talker_listener/talker
[INFO] [1686655410.276668597] [rcl]: Found security directory: /home/ros/sros2_demo/demo_keystore/enclaves
>>> [rcutils|error_handling.c:108] rcutils_set_error_state()
This error state is being overwritten:
'couldn't find all security files!, at ./src/participant.cpp:274, at ./src/rcl/node.c:263'
with this new error message:
'rcl node's rmw handle is invalid, at ./src/rcl/node.c:415'
rcutils_reset_error() should be called after error handling to avoid this.
<<<
[ERROR] [1686655410.277115123] [rcl]: Failed to fini publisher for node: 1
terminate called after throwing an instance of 'rclcpp::exceptions::RCLError'
what(): failed to initialize rcl node: rcl node's rmw handle is invalid, at ./src/rcl/node.c:415
[ros2run]: Aborted
Running any other node in Terminal 3 (e.g. ros2 run demo_nodes_cpp listener --ros-args --enclave /talker_listener/talker
) works fine.
Is this error in my setup, or is the security not working with the domain_bridge
yet? The "Security" section in the design doc only has "TODO" and last mention was on #1 over two years ago with no follow ups.
If I understand correctly, it should not work out of the box, as generated keystore depends on the domain ID, so even if it could somehow connect secure to insecure domain, it could be much less obvious how to connect two separately secured domains (we set keystore location through env variable).