Skip to content

Commit

Permalink
Update sros2_cmake to use security contexts
Browse files Browse the repository at this point in the history
Signed-off-by: Ivan Santiago Paunovic <ivanpauno@ekumenlabs.com>
  • Loading branch information
ivanpauno committed Apr 3, 2020
1 parent 0d4bc74 commit 521b0cb
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 20 deletions.
14 changes: 8 additions & 6 deletions sros2_cmake/README.md
Original file line number Diff line number Diff line change
@@ -1,19 +1,21 @@
# Security Helper
Add node authentication, cryptography, and access control security keys using a cmake macro.
The macro will generate the secure root directory if it does not exists, then create authentication and cryptography keys in the secure root directory.
Add authentication, cryptography, and access control security keys using a cmake macro.
The macro will generate the secure root directory if it does not exists, then create authentication and cryptography keys.

In package.xml add:
`<depend>sros2_cmake</depend>`
In CMakeLists add:
`find_package(sros2_cmake REQUIRED)`
`ros2_secure_node(NODES <node_name>)`
`sros2_generate_artifacts(SECURITY_CONTEXTS <context_name>)`

Macro definition:
```
# ros2_secure_node(NODES <node_1> <node_2>...<node_n>)
# sros2_generate_artifacts(SECURITY_CONTEXTS <context_1> <context_2>...<context_n>)
# NODES (macro multi-arg) takes the node names for which keys will be generated
# SECURITY_CONTEXTS (macro multi-arg) takes the security contexts names for which keys will be generated
# Executables can use a different or the same security contexts.
# All nodes in the same process use the same security context.
# SECURITY (cmake arg) if not define or OFF, will not generate key/keystores
# ROS_SECURITY_ROOT_DIRECTORY (env variable) the location of the keystore
# POLICY_FILE (cmake arg) if defined, will compile policies by node name into the access private certificates (e.g POLICY_FILE=/etc/policies/<policy.xml>, Generate: <node_name> /etc/policies/<policy.xml>) **if defined, all nodes must have a policy defined for them**
# POLICY_FILE (cmake arg) if defined, will generate security artifacts for each context defined in the policy file.
```
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2016-2019 Open Source Robotics Foundation, Inc.
# Copyright 2016-2020 Open Source Robotics Foundation, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -12,12 +12,13 @@
# See the License for the specific language governing permissions and
# limitations under the License.

macro(ros2_secure_node)
# ros2_secure_node(NODES <node_1> <node_2>...<node_n>)
macro(sros2_generate_artifacts)
# sros2_generate_artifacts(SECURITY_CONTEXTS <context_1> <context_1>...<context_1>)
#
# NODES (macro multi-arg) takes the node names for which artifacts will be generated
# SECURITY_CONTEXTS (macro multi-arg) takes the context names for which artifacts will be generated
# SECURITY (cmake arg) if not defined or OFF, will not generate keystore/keys/permissions
# POLICY_FILE (cmake arg) if defined, policies defined in the file will used to generate permission files for all the nodes listed in the policy file
# POLICY_FILE (cmake arg) if defined, policies defined in the file will used to generate
# permission files for all the security contexts listed in the policy file.
# ROS_SECURITY_ROOT_DIRECTORY (env variable) will be the location of the keystore
if(NOT SECURITY)
message(STATUS "Not generating security files")
Expand All @@ -30,13 +31,13 @@ macro(ros2_secure_node)
else()
set(SECURITY_KEYSTORE ${DEFAULT_KEYSTORE})
endif()
cmake_parse_arguments(ros2_secure_node "" "" "NODES" ${ARGN})
cmake_parse_arguments(ros2_generate_security_artifacts "" "" "SECURITY_CONTEXTS" ${ARGN})
set(generate_artifacts_command ${PROGRAM} security generate_artifacts -k ${SECURITY_KEYSTORE})
list(LENGTH ros2_secure_node_NODES nb_nodes)
if(${nb_nodes} GREATER "0")
list(APPEND generate_artifacts_command "-n")
foreach(node ${ros2_secure_node_NODES})
list(APPEND generate_artifacts_command ${node})
list(LENGTH ros2_generate_security_artifacts_SECURITY_CONTEXTS nb_security_contexts)
if(${nb_security_contexts} GREATER "0")
list(APPEND generate_artifacts_command "-c")
foreach(security_context ${ros2_generate_security_artifacts_SECURITY_CONTEXTS})
list(APPEND generate_artifacts_command security_context)
endforeach()
endif()
if(POLICY_FILE)
Expand Down
2 changes: 1 addition & 1 deletion sros2_cmake/package.xml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<package format="3">
<name>sros2_cmake</name>
<version>0.8.1</version>
<description>CMake macros to configure security for nodes</description>
<description>CMake macros to configure security</description>
<maintainer email="ros-security@googlegroups.com">ROS Security Working Group</maintainer>
<license>Apache 2.0</license>

Expand Down
4 changes: 2 additions & 2 deletions sros2_cmake/sros2_cmake-extras.cmake
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2019 Open Source Robotics Foundation Inc.
# Copyright 2019-2020 Open Source Robotics Foundation Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -14,5 +14,5 @@

set(DEFAULT_KEYSTORE "${CMAKE_INSTALL_PREFIX}/ros2_security/keystore")

include("${sros2_cmake_DIR}/ros2_secure_node.cmake")
include("${sros2_cmake_DIR}/sros2_generate_artifacts.cmake")

0 comments on commit 521b0cb

Please sign in to comment.