Enabling ROS 2 Security

[Wojcik98]

Hi, I want to connect two domains, one of which is secured with sros2. I created a simple demo that should connect secured demo_nodes_cpp/talker through domain_bridge/domain_bridge on domain ID=0 to unsecured demo_nodes_cpp/listener on domain ID=1.

First, generate keys and certificates as in the sros2 tutorial. We will use /talker_listener/talker enclave for bridge, as by default it doesn't apply any access control and will work with any nodes and topics.

cd ~/sros2_demo
ros2 security create_keystore demo_keystore
ros2 security create_enclave demo_keystore /talker_listener/talker
ros2 security create_enclave demo_keystore /talker_listener/listener

Terminal 1:

export ROS_DOMAIN_ID=0
export ROS_SECURITY_KEYSTORE=~/sros2_demo/demo_keystore
export ROS_SECURITY_ENABLE=true
export ROS_SECURITY_STRATEGY=Enforce
ros2 run demo_nodes_cpp talker --ros-args --enclave /talker_listener/talker

Terminal 2:

export ROS_DOMAIN_ID=1
ros2 run demo_nodes_cpp listener

Terminal 3:

export ROS_DOMAIN_ID=0
export ROS_SECURITY_KEYSTORE=~/sros2_demo/demo_keystore
export ROS_SECURITY_ENABLE=true
export ROS_SECURITY_STRATEGY=Enforce
ros2 run domain_bridge domain_bridge bridge.yaml --ros-args --enclave /talker_listener/talker

bridge.yaml:

name: my_domain_bridge
topics:
  chatter:
    from_domain: 0
    to_domain: 1
    type: std_msgs/msg/String

Expected result

Bridge receives secured messages and publishes them as unsecured.

Actual result

Bridge crashes with following logs:

[INFO] [1686655410.275770214] [rcl]: Found security directory: /home/ros/sros2_demo/demo_keystore/enclaves/talker_listener/talker
[INFO] [1686655410.276668597] [rcl]: Found security directory: /home/ros/sros2_demo/demo_keystore/enclaves

>>> [rcutils|error_handling.c:108] rcutils_set_error_state()
This error state is being overwritten:

  'couldn't find all security files!, at ./src/participant.cpp:274, at ./src/rcl/node.c:263'

with this new error message:

  'rcl node's rmw handle is invalid, at ./src/rcl/node.c:415'

rcutils_reset_error() should be called after error handling to avoid this.
<<<
[ERROR] [1686655410.277115123] [rcl]: Failed to fini publisher for node: 1
terminate called after throwing an instance of 'rclcpp::exceptions::RCLError'
  what():  failed to initialize rcl node: rcl node's rmw handle is invalid, at ./src/rcl/node.c:415
[ros2run]: Aborted

Running any other node in Terminal 3 (e.g. ros2 run demo_nodes_cpp listener --ros-args --enclave /talker_listener/talker) works fine.

Is this error in my setup, or is the security not working with the domain_bridge yet? The "Security" section in the design doc only has "TODO" and last mention was on #1 over two years ago with no follow ups.

If I understand correctly, it should not work out of the box, as generated keystore depends on the domain ID, so even if it could somehow connect secure to insecure domain, it could be much less obvious how to connect two separately secured domains (we set keystore location through env variable).