Document new transmit_algorithms_as_legacy on builtin security plug…

…ins (#974) * Refs #19925. Add documentation of new property in PKIDH. Signed-off-by: Miguel Company <[email protected]> * Refs #19925. Add documentation of new property in Permissions. Signed-off-by: Miguel Company <[email protected]> * Apply suggestions from code review Co-authored-by: Mario Domínguez López <[email protected]> Signed-off-by: Miguel Company <[email protected]> --------- Signed-off-by: Miguel Company <[email protected]> Co-authored-by: Mario Domínguez López <[email protected]> (cherry picked from commit cc95496) # Conflicts: # code/DDSCodeTester.cpp # code/XMLTester.xml # docs/fastdds/property_policies/security.rst # docs/fastdds/security/auth_plugin/auth_plugin.rst
eProsima · Dec 11, 2024 · e8be423 · e8be423
1 parent d6af1b7
commit e8be423
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 0 deletions.
diff --git a/code/DDSCodeTester.cpp b/code/DDSCodeTester.cpp
@@ -593,6 +593,15 @@ void dds_domain_examples()
         pqos.properties().properties().emplace_back(
             "dds.sec.auth.builtin.PKI-DH.password",
             "domainParticipantPassword");
+<<<<<<< HEAD
+=======
+        pqos.properties().properties().emplace_back(
+            "dds.sec.auth.builtin.PKI-DH.preferred_key_agreement",
+            "ECDH");
+        pqos.properties().properties().emplace_back(
+            "dds.sec.auth.builtin.PKI-DH.transmit_algorithms_as_legacy",
+            "true");
+>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974))
         //!--
     }
     {
@@ -628,6 +637,9 @@ void dds_domain_examples()
         pqos.properties().properties().emplace_back(
             "dds.sec.access.builtin.Access-Permissions.permissions",
             "file://certs/permissions.smime");
+        pqos.properties().properties().emplace_back(
+            "dds.sec.access.builtin.Access-Permissions.transmit_algorithms_as_legacy",
+            "true");
         //!--
     }
     {

diff --git a/code/XMLTester.xml b/code/XMLTester.xml
@@ -3108,6 +3108,17 @@
                     <name>dds.sec.auth.builtin.PKI-DH.password</name>
                     <value>domainParticipantPassword</value>
                 </property>
+<<<<<<< HEAD
+=======
+                <property>
+                    <name>dds.sec.auth.builtin.PKI-DH.preferred_key_agreement</name>
+                    <value>ECDH</value>
+                </property>
+                <property>
+                    <name>dds.sec.auth.builtin.PKI-DH.transmit_algorithms_as_legacy</name>
+                    <value>true</value>
+                </property>
+>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974))
             </properties>
         </propertiesPolicy>
     </rtps>
@@ -3160,6 +3171,10 @@
                     <name>dds.sec.access.builtin.Access-Permissions.permissions</name>
                     <value>file://permissions.smime</value>
                 </property>
+                <property>
+                    <name>dds.sec.access.builtin.Access-Permissions.transmit_algorithms_as_legacy</name>
+                    <value>true</value>
+                </property>
             </properties>
         </propertiesPolicy>
     </rtps>

diff --git a/docs/fastdds/property_policies/security.rst b/docs/fastdds/property_policies/security.rst
@@ -42,6 +42,19 @@ The following table outlines the properties used for the :ref:`DDS\:Auth\:PKI-DH
        If the *password* property is not present, then the value supplied in the |br|
        *private_key* property must contain the decrypted private key. |br|
        The *password* property is ignored if the *private_key* is given in PKCS#11 scheme.
+<<<<<<< HEAD
+=======
+   * - ``preferred_key_agreement`` *(optional)*
+     - The preferred algorithm to use for generating the session's shared secret |br|
+       at the end of the authentication phase. Supported values are: |br|
+       a) ``DH``, ``DH+MODP-2048-256`` for  Diffie-Hellman Ephemeral with 2048-bit MODP Group parameters. |br|
+       b) ``ECDH``, ``ECDH+prime256v1-CEUM`` for Elliptic Curve Diffie-Hellman Ephemeral with the NIST P-256 curve. |br|
+       c) ``AUTO`` for selecting the key agreement based on the signature algorithm in the Identity CA's certificate. |br|
+       Will default to ``AUTO`` if the property is not present.
+   * - ``transmit_algorithms_as_legacy`` *(optional)*
+     - Whether to transmit algorithm identifiers in non-standard legacy format. |br|
+       Will default to ``false`` if the property is not present.
+>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974))
 
 .. note::
   All properties listed above have the ``dds.sec.auth.builtin.PKI-DH."`` prefix.

diff --git a/docs/fastdds/security/access_control_plugin/access_control_plugin.rst b/docs/fastdds/security/access_control_plugin/access_control_plugin.rst
@@ -55,6 +55,9 @@ The following table outlines the properties used for the DDS\:Access\:Permission
    * - permissions
      - URI to the Participant permissions document signed by the |br| Permissions CA in S/MIME format. |br|
        Supported URI schemes: file.
+   * - transmit_algorithms_as_legacy *(optional)*
+     - Whether to transmit algorithm identifiers in non-standard legacy format. |br|
+       Will default to ``false`` if the property is not present.
 
 .. note::
   All listed properties have "dds.sec.access.builtin.Access-Permissions." prefix.

diff --git a/docs/fastdds/security/auth_plugin/auth_plugin.rst b/docs/fastdds/security/auth_plugin/auth_plugin.rst
@@ -56,6 +56,19 @@ The following table outlines the properties used for the DDS:\Auth\:PKI-DH plugi
        If the *password* property is not present, then the value supplied in the |br|
        *private_key* property must contain the decrypted private key. |br|
        The *password* property is ignored if the *private_key* is given in PKCS#11 scheme.
+<<<<<<< HEAD
+=======
+   * - preferred_key_agreement *(optional)*
+     - The preferred algorithm to use for generating the session's shared secret |br|
+       at the end of the authentication phase. Supported values are: |br|
+       a) ``DH``, ``DH+MODP-2048-256`` for  Diffie-Hellman Ephemeral with 2048-bit MODP Group parameters. |br|
+       b) ``ECDH``, ``ECDH+prime256v1-CEUM`` for Elliptic Curve Diffie-Hellman Ephemeral with the NIST P-256 curve. |br|
+       c) ``AUTO`` for selecting the key agreement based on the signature algorithm in the Identity CA's certificate. |br|
+       Will default to ``AUTO`` if the property is not present.
+   * - transmit_algorithms_as_legacy *(optional)*
+     - Whether to transmit algorithm identifiers in non-standard legacy format. |br|
+       Will default to ``false`` if the property is not present.
+>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974))
 
 .. note::
   All listed properties have "dds.sec.auth.builtin.PKI-DH." prefix.