PubSub Security Keys: manage security group id for security keys

Description

An unique security group id defined at compilation time was managed for Publisher / Scheduler using security keys for message exchanges. The objective is to manage different security groups in the PubSub schedulers and the utility SK (Security Keys) modules available to provide and manage the keys to the schedulers.

Code version identification

caa7b19b

Current behavior

The compilation time definition SOPC_PUBSUB_SKS_DEFAULT_GROUPID hard-codes a unique security group id (1 by default), the concerned modules are sopc_pub_scheduler, sopc_sub_scheduler, sopc_pubsub_sks. The SK modules in charge to provide and manage the keys in Common/SKS do not allow neither to manage several security group ids.

Expected behavior

The security group ids are configurable for each reader/writer group in PubSub configuration and are managed in consequence in sopc_pub_scheduler, sopc_sub_scheduler and sopc_pubsub_sks. Modify the existing SK modules to be able to manage several Security Groups in parallel:

  • associate each SK manager to 1 security group
  • modify the SK scheduler to be able to launch several tasks (1 per security group - SK manager),

Security impact

Indirect impact: several security groups are managed which make easier to use different keyrings in the same application. It might help to improve the security of applications by not using the same keys for different reader/writer groups.

Implementation

  • sopc_pubsub_conf: add SOPC_ReaderGroup_[Set|Get]_SecurityGroupId and SOPC_WriterGroup_[Set|Get]_SecurityGroupId API to configure several security groups
  • sopc_pubsub_sks.h: add SOPC_PubSubSKS_AddSkManager, SOPC_PubSubSKS_GetSecurityKeys and SOPC_PubSubSKS_GetSkManager API functions with security group id parameter for configuration by the application and usage by the PubSub schedulers. Add SOPC_PubSubSKS_AddTasks API to create taks for all the added SK managers with the provided scheduler / provider / builder.
  • sopc_pub_scheduler, sopc_sub_scheduler: use the security group from configuratoin when calling SOPC_PubSubSKS_GetSecurityKeys
  • sopc_sk_scheduler.h: manage multiple tasks creation using SOPC_SKscheduler_AddTask
  • sopc_sk_manager.h: associate a security group id and user context on manager instance creation
  • sopc_sk_secu_group_managers.h: dictionary to register and access the dedicated SK manager for each security group id