From 1affe8e81f9b7fd510ec74abdfa279c115a9d959 Mon Sep 17 00:00:00 2001 From: Miguel Company Date: Wed, 11 Dec 2024 16:20:55 +0100 Subject: [PATCH 1/2] Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Refs #19925. Add documentation of new property in PKIDH. Signed-off-by: Miguel Company * Refs #19925. Add documentation of new property in Permissions. Signed-off-by: Miguel Company * Apply suggestions from code review Co-authored-by: Mario Domínguez López <116071334+Mario-DL@users.noreply.github.com> Signed-off-by: Miguel Company --------- Signed-off-by: Miguel Company Co-authored-by: Mario Domínguez López <116071334+Mario-DL@users.noreply.github.com> (cherry picked from commit cc95496dc6ee088366f00dec5c4213d4e3b2c86d) # Conflicts: # docs/fastdds/property_policies/security.rst # docs/fastdds/security/auth_plugin/auth_plugin.rst --- code/DDSCodeTester.cpp | 6 ++++++ code/XMLTester.xml | 8 ++++++++ docs/fastdds/property_policies/security.rst | 7 +++++++ .../access_control_plugin/access_control_plugin.rst | 3 +++ docs/fastdds/security/auth_plugin/auth_plugin.rst | 7 +++++++ 5 files changed, 31 insertions(+) diff --git a/code/DDSCodeTester.cpp b/code/DDSCodeTester.cpp index 58dda0b94..bf4fb9e4c 100644 --- a/code/DDSCodeTester.cpp +++ b/code/DDSCodeTester.cpp @@ -645,6 +645,9 @@ void dds_domain_examples() pqos.properties().properties().emplace_back( "dds.sec.auth.builtin.PKI-DH.preferred_key_agreement", "ECDH"); + pqos.properties().properties().emplace_back( + "dds.sec.auth.builtin.PKI-DH.transmit_algorithms_as_legacy", + "true"); //!-- } { @@ -680,6 +683,9 @@ void dds_domain_examples() pqos.properties().properties().emplace_back( "dds.sec.access.builtin.Access-Permissions.permissions", "file://certs/permissions.smime"); + pqos.properties().properties().emplace_back( + "dds.sec.access.builtin.Access-Permissions.transmit_algorithms_as_legacy", + "true"); //!-- } { diff --git a/code/XMLTester.xml b/code/XMLTester.xml index 40fab6886..21e4964f4 100644 --- a/code/XMLTester.xml +++ b/code/XMLTester.xml @@ -3054,6 +3054,10 @@ dds.sec.auth.builtin.PKI-DH.preferred_key_agreement ECDH + + dds.sec.auth.builtin.PKI-DH.transmit_algorithms_as_legacy + true + @@ -3106,6 +3110,10 @@ dds.sec.access.builtin.Access-Permissions.permissions file://permissions.smime + + dds.sec.access.builtin.Access-Permissions.transmit_algorithms_as_legacy + true + diff --git a/docs/fastdds/property_policies/security.rst b/docs/fastdds/property_policies/security.rst index 833e1c59f..90da9f634 100644 --- a/docs/fastdds/property_policies/security.rst +++ b/docs/fastdds/property_policies/security.rst @@ -48,7 +48,14 @@ The following table outlines the properties used for the :ref:`DDS\:Auth\:PKI-DH a) ``DH``, ``DH+MODP-2048-256`` for Diffie-Hellman Ephemeral with 2048-bit MODP Group parameters. |br| b) ``ECDH``, ``ECDH+prime256v1-CEUM`` for Elliptic Curve Diffie-Hellman Ephemeral with the NIST P-256 curve. |br| c) ``AUTO`` for selecting the key agreement based on the signature algorithm in the Identity CA's certificate. |br| +<<<<<<< HEAD Will default to ``DH`` if the property is not present. +======= + Will default to ``AUTO`` if the property is not present. + * - ``transmit_algorithms_as_legacy`` *(optional)* + - Whether to transmit algorithm identifiers in non-standard legacy format. |br| + Will default to ``false`` if the property is not present. +>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974)) .. note:: All properties listed above have the ``dds.sec.auth.builtin.PKI-DH."`` prefix. diff --git a/docs/fastdds/security/access_control_plugin/access_control_plugin.rst b/docs/fastdds/security/access_control_plugin/access_control_plugin.rst index ea094aea3..ba6abb077 100644 --- a/docs/fastdds/security/access_control_plugin/access_control_plugin.rst +++ b/docs/fastdds/security/access_control_plugin/access_control_plugin.rst @@ -55,6 +55,9 @@ The following table outlines the properties used for the DDS\:Access\:Permission * - permissions - URI to the Participant permissions document signed by the |br| Permissions CA in S/MIME format. |br| Supported URI schemes: file. + * - transmit_algorithms_as_legacy *(optional)* + - Whether to transmit algorithm identifiers in non-standard legacy format. |br| + Will default to ``false`` if the property is not present. .. note:: All listed properties have "dds.sec.access.builtin.Access-Permissions." prefix. diff --git a/docs/fastdds/security/auth_plugin/auth_plugin.rst b/docs/fastdds/security/auth_plugin/auth_plugin.rst index a8db449ae..ab2c4b13a 100644 --- a/docs/fastdds/security/auth_plugin/auth_plugin.rst +++ b/docs/fastdds/security/auth_plugin/auth_plugin.rst @@ -63,7 +63,14 @@ The following table outlines the properties used for the DDS:\Auth\:PKI-DH plugi a) ``DH``, ``DH+MODP-2048-256`` for Diffie-Hellman Ephemeral with 2048-bit MODP Group parameters. |br| b) ``ECDH``, ``ECDH+prime256v1-CEUM`` for Elliptic Curve Diffie-Hellman Ephemeral with the NIST P-256 curve. |br| c) ``AUTO`` for selecting the key agreement based on the signature algorithm in the Identity CA's certificate. |br| +<<<<<<< HEAD Will default to ``DH`` if the property is not present. +======= + Will default to ``AUTO`` if the property is not present. + * - transmit_algorithms_as_legacy *(optional)* + - Whether to transmit algorithm identifiers in non-standard legacy format. |br| + Will default to ``false`` if the property is not present. +>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974)) .. note:: All listed properties have "dds.sec.auth.builtin.PKI-DH." prefix. From 9e6f300ecb0ff71d18e56d6088e8899999727505 Mon Sep 17 00:00:00 2001 From: Miguel Company Date: Wed, 11 Dec 2024 16:37:38 +0100 Subject: [PATCH 2/2] Fix conflicts. Signed-off-by: Miguel Company --- docs/fastdds/property_policies/security.rst | 4 ---- docs/fastdds/security/auth_plugin/auth_plugin.rst | 4 ---- 2 files changed, 8 deletions(-) diff --git a/docs/fastdds/property_policies/security.rst b/docs/fastdds/property_policies/security.rst index 90da9f634..f60c22830 100644 --- a/docs/fastdds/property_policies/security.rst +++ b/docs/fastdds/property_policies/security.rst @@ -48,14 +48,10 @@ The following table outlines the properties used for the :ref:`DDS\:Auth\:PKI-DH a) ``DH``, ``DH+MODP-2048-256`` for Diffie-Hellman Ephemeral with 2048-bit MODP Group parameters. |br| b) ``ECDH``, ``ECDH+prime256v1-CEUM`` for Elliptic Curve Diffie-Hellman Ephemeral with the NIST P-256 curve. |br| c) ``AUTO`` for selecting the key agreement based on the signature algorithm in the Identity CA's certificate. |br| -<<<<<<< HEAD Will default to ``DH`` if the property is not present. -======= - Will default to ``AUTO`` if the property is not present. * - ``transmit_algorithms_as_legacy`` *(optional)* - Whether to transmit algorithm identifiers in non-standard legacy format. |br| Will default to ``false`` if the property is not present. ->>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974)) .. note:: All properties listed above have the ``dds.sec.auth.builtin.PKI-DH."`` prefix. diff --git a/docs/fastdds/security/auth_plugin/auth_plugin.rst b/docs/fastdds/security/auth_plugin/auth_plugin.rst index ab2c4b13a..7d2cbc6cb 100644 --- a/docs/fastdds/security/auth_plugin/auth_plugin.rst +++ b/docs/fastdds/security/auth_plugin/auth_plugin.rst @@ -63,14 +63,10 @@ The following table outlines the properties used for the DDS:\Auth\:PKI-DH plugi a) ``DH``, ``DH+MODP-2048-256`` for Diffie-Hellman Ephemeral with 2048-bit MODP Group parameters. |br| b) ``ECDH``, ``ECDH+prime256v1-CEUM`` for Elliptic Curve Diffie-Hellman Ephemeral with the NIST P-256 curve. |br| c) ``AUTO`` for selecting the key agreement based on the signature algorithm in the Identity CA's certificate. |br| -<<<<<<< HEAD Will default to ``DH`` if the property is not present. -======= - Will default to ``AUTO`` if the property is not present. * - transmit_algorithms_as_legacy *(optional)* - Whether to transmit algorithm identifiers in non-standard legacy format. |br| Will default to ``false`` if the property is not present. ->>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974)) .. note:: All listed properties have "dds.sec.auth.builtin.PKI-DH." prefix.