diff --git a/code/DDSCodeTester.cpp b/code/DDSCodeTester.cpp index 2b31d7fee..c043ba6f6 100644 --- a/code/DDSCodeTester.cpp +++ b/code/DDSCodeTester.cpp @@ -593,6 +593,15 @@ void dds_domain_examples() pqos.properties().properties().emplace_back( "dds.sec.auth.builtin.PKI-DH.password", "domainParticipantPassword"); +<<<<<<< HEAD +======= + pqos.properties().properties().emplace_back( + "dds.sec.auth.builtin.PKI-DH.preferred_key_agreement", + "ECDH"); + pqos.properties().properties().emplace_back( + "dds.sec.auth.builtin.PKI-DH.transmit_algorithms_as_legacy", + "true"); +>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974)) //!-- } { @@ -628,6 +637,9 @@ void dds_domain_examples() pqos.properties().properties().emplace_back( "dds.sec.access.builtin.Access-Permissions.permissions", "file://certs/permissions.smime"); + pqos.properties().properties().emplace_back( + "dds.sec.access.builtin.Access-Permissions.transmit_algorithms_as_legacy", + "true"); //!-- } { diff --git a/code/XMLTester.xml b/code/XMLTester.xml index 05d1dd0eb..0c49f45d4 100644 --- a/code/XMLTester.xml +++ b/code/XMLTester.xml @@ -3108,6 +3108,17 @@ dds.sec.auth.builtin.PKI-DH.password domainParticipantPassword +<<<<<<< HEAD +======= + + dds.sec.auth.builtin.PKI-DH.preferred_key_agreement + ECDH + + + dds.sec.auth.builtin.PKI-DH.transmit_algorithms_as_legacy + true + +>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974)) @@ -3160,6 +3171,10 @@ dds.sec.access.builtin.Access-Permissions.permissions file://permissions.smime + + dds.sec.access.builtin.Access-Permissions.transmit_algorithms_as_legacy + true + diff --git a/docs/fastdds/property_policies/security.rst b/docs/fastdds/property_policies/security.rst index 7c593a978..eb041e20b 100644 --- a/docs/fastdds/property_policies/security.rst +++ b/docs/fastdds/property_policies/security.rst @@ -42,6 +42,19 @@ The following table outlines the properties used for the :ref:`DDS\:Auth\:PKI-DH If the *password* property is not present, then the value supplied in the |br| *private_key* property must contain the decrypted private key. |br| The *password* property is ignored if the *private_key* is given in PKCS#11 scheme. +<<<<<<< HEAD +======= + * - ``preferred_key_agreement`` *(optional)* + - The preferred algorithm to use for generating the session's shared secret |br| + at the end of the authentication phase. Supported values are: |br| + a) ``DH``, ``DH+MODP-2048-256`` for Diffie-Hellman Ephemeral with 2048-bit MODP Group parameters. |br| + b) ``ECDH``, ``ECDH+prime256v1-CEUM`` for Elliptic Curve Diffie-Hellman Ephemeral with the NIST P-256 curve. |br| + c) ``AUTO`` for selecting the key agreement based on the signature algorithm in the Identity CA's certificate. |br| + Will default to ``AUTO`` if the property is not present. + * - ``transmit_algorithms_as_legacy`` *(optional)* + - Whether to transmit algorithm identifiers in non-standard legacy format. |br| + Will default to ``false`` if the property is not present. +>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974)) .. note:: All properties listed above have the ``dds.sec.auth.builtin.PKI-DH."`` prefix. diff --git a/docs/fastdds/security/access_control_plugin/access_control_plugin.rst b/docs/fastdds/security/access_control_plugin/access_control_plugin.rst index eacb1981a..0a5396ccf 100644 --- a/docs/fastdds/security/access_control_plugin/access_control_plugin.rst +++ b/docs/fastdds/security/access_control_plugin/access_control_plugin.rst @@ -55,6 +55,9 @@ The following table outlines the properties used for the DDS\:Access\:Permission * - permissions - URI to the Participant permissions document signed by the |br| Permissions CA in S/MIME format. |br| Supported URI schemes: file. + * - transmit_algorithms_as_legacy *(optional)* + - Whether to transmit algorithm identifiers in non-standard legacy format. |br| + Will default to ``false`` if the property is not present. .. note:: All listed properties have "dds.sec.access.builtin.Access-Permissions." prefix. diff --git a/docs/fastdds/security/auth_plugin/auth_plugin.rst b/docs/fastdds/security/auth_plugin/auth_plugin.rst index 3bbb6045d..20af114bd 100644 --- a/docs/fastdds/security/auth_plugin/auth_plugin.rst +++ b/docs/fastdds/security/auth_plugin/auth_plugin.rst @@ -56,6 +56,19 @@ The following table outlines the properties used for the DDS:\Auth\:PKI-DH plugi If the *password* property is not present, then the value supplied in the |br| *private_key* property must contain the decrypted private key. |br| The *password* property is ignored if the *private_key* is given in PKCS#11 scheme. +<<<<<<< HEAD +======= + * - preferred_key_agreement *(optional)* + - The preferred algorithm to use for generating the session's shared secret |br| + at the end of the authentication phase. Supported values are: |br| + a) ``DH``, ``DH+MODP-2048-256`` for Diffie-Hellman Ephemeral with 2048-bit MODP Group parameters. |br| + b) ``ECDH``, ``ECDH+prime256v1-CEUM`` for Elliptic Curve Diffie-Hellman Ephemeral with the NIST P-256 curve. |br| + c) ``AUTO`` for selecting the key agreement based on the signature algorithm in the Identity CA's certificate. |br| + Will default to ``AUTO`` if the property is not present. + * - transmit_algorithms_as_legacy *(optional)* + - Whether to transmit algorithm identifiers in non-standard legacy format. |br| + Will default to ``false`` if the property is not present. +>>>>>>> cc95496 (Document new `transmit_algorithms_as_legacy` on builtin security plugins (#974)) .. note:: All listed properties have "dds.sec.auth.builtin.PKI-DH." prefix.