Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[22280] New property to select preferred key agreement algorithm #5413

Open
wants to merge 17 commits into
base: master
Choose a base branch
from
Open

[22280] New property to select preferred key agreement algorithm #5413

wants to merge 17 commits into from

Conversation

MiguelCompany
Copy link
Member

@MiguelCompany MiguelCompany commented Nov 21, 2024
edited
Loading

Description

DDS security specifies the possibility of selecting the key agreement algorithm used to generate the shared secret at the end of the authentication phase.

The Fast DDS documentation indicates that Elliptic Curve Diffie-Hellman (ECDH) is used, but this is only the case if a participant from other vendor starts the authentication and proposes that method.

This pull request:

  1. Changes the default key agreement algorithm to the one indicated in the documentation
  2. Adds a new dds.sec.auth.builtin.PKI-DH.preferred_key_agreement property that allows choosing the preferred algorithm to use.

Contributor Checklist

  • Commit messages follow the project guidelines.
  • The code follows the style guidelines of this project.
  • Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally
  • N/A Any new/modified methods have been properly documented using Doxygen.
  • Any new configuration API has an equivalent XML API (with the corresponding XSD extension)
  • Changes are backport compatible: they do NOT break ABI nor change library core behavior.
  • Changes are API compatible.
  • New feature has been added to the versions.md file (if applicable).
  • New feature has been documented/Current behavior is correctly described in the documentation.
  • Applicable backports have been included in the description.

Reviewer Checklist

  • The PR has a milestone assigned.
  • The title and description correctly express the PR's purpose.
  • Check contributor checklist is correct.
  • If this is a critical bug fix, backports to the critical-only supported branches have been requested.
  • Check CI results: changes do not issue any warning.
  • Check CI results: failing tests are unrelated with the changes.

@MiguelCompany MiguelCompany added needs-review PR that is ready to be reviewed doc-pending Issue or PR which is pending to be documented labels Nov 21, 2024
@MiguelCompany MiguelCompany added this to the v3.2.0 milestone Nov 21, 2024
@MiguelCompany MiguelCompany changed the title [19921] New property to select preferred key agreement algorithm [22280] New property to select preferred key agreement algorithm Nov 21, 2024
Mario-DL
Mario-DL requested changes Nov 22, 2024
View reviewed changes
Copy link
Member

@Mario-DL Mario-DL left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting additions. Apart from the comments below, I think it would be interesting to have the possibility of specifying this property in the XML. If the suggestion is accepted, proper XMLParser test should be added.
Also, we would need to pair this PR with the corresponding one in docs

src/cpp/security/authentication/PKIDH.cpp Outdated Show resolved Hide resolved
src/cpp/security/authentication/PKIDH.cpp Outdated Show resolved Hide resolved
test/unittest/security/authentication/BuiltinPKIDHTests.cpp Outdated Show resolved Hide resolved
test/unittest/security/authentication/BuiltinPKIDHTests.cpp Outdated Show resolved Hide resolved
@Mario-DL Mario-DL removed the needs-review PR that is ready to be reviewed label Nov 22, 2024
@MiguelCompany
Copy link
Member Author

Apart from the comments below, I think it would be interesting to have the possibility of specifying this property in the XML. If the suggestion is accepted, proper XMLParser test should be added.

Properties are already parsed from the XML. There is no distinction or special processing for the security ones.
On commit c01c29d I have added the new property to the profiles of some of the security communication tests.

@MiguelCompany MiguelCompany mentioned this pull request Nov 22, 2024
Open
8 tasks
@github-actions github-actions bot added the ci-pending PR which CI is running label Nov 25, 2024
Mario-DL
Mario-DL previously approved these changes Nov 25, 2024
View reviewed changes
@MiguelCompany
Refs #19921. Implement selection of key agreement.
98b60be 
Signed-off-by: Miguel Company <[email protected]>
@MiguelCompany
Refs #19921. Change default to ECDH.
d4ef4a7 
Signed-off-by: Miguel Company <[email protected]>
@MiguelCompany
Refs #19921. Add unit test.
a9a1e28 
Signed-off-by: Miguel Company <[email protected]>
@MiguelCompany
Refs #19921. Factor out duplicated publisher code on BB test.
371a4a9 
Signed-off-by: Miguel Company <[email protected]>
@MiguelCompany
Refs #19921. Factor out duplicated subscriber code on BB test.
e0ec117 
Signed-off-by: Miguel Company <[email protected]>
@MiguelCompany
Refs #19921. Add new parameter to BB test.
39860ca 
Signed-off-by: Miguel Company <[email protected]>
@MiguelCompany
Refs #19921. Apply new parameter on publisher properties.
bc819b8 
Signed-off-by: Miguel Company <[email protected]>
@MiguelCompany
Refs #19921. Apply new parameter on subscriber properties.
d58895f 
Signed-off-by: Miguel Company <[email protected]>
@MiguelCompany
Refs #19921. Improve emplace_back calls.
f4f901d 
Signed-off-by: Miguel Company <[email protected]>
@MiguelCompany
Refs #19921. Uncrustify.
42b7a2f 
Signed-off-by: Miguel Company <[email protected]>
@MiguelCompany
Refs #22280. Use DH alias instead of RSA.
21388ab 
Signed-off-by: Miguel Company <[email protected]>
@MiguelCompany
Refs #22280. Add new property to communication tests XML profiles.
f941185 
Signed-off-by: Miguel Company <[email protected]>
Mario-DL
Mario-DL previously approved these changes Nov 25, 2024
View reviewed changes
Copy link
Member

@Mario-DL Mario-DL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with green CI

@MiguelCompany
Refs #22280. Fix unit test.
83c3a5f 
Signed-off-by: Miguel Company <[email protected]>
@MiguelCompany MiguelCompany requested review from Mario-DL and removed request for richiprosima and Mario-DL November 27, 2024 08:04
Mario-DL
Mario-DL previously approved these changes Nov 27, 2024
View reviewed changes
Copy link
Member

@Mario-DL Mario-DL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with green CI

@MiguelCompany MiguelCompany requested review from Mario-DL and removed request for Mario-DL November 27, 2024 11:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mario-DL Mario-DL Awaiting requested review from Mario-DL

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
ci-pending PR which CI is running doc-pending Issue or PR which is pending to be documented
Projects
None yet
Milestone
v3.2.0
Development

Successfully merging this pull request may close these issues.
2 participants
@MiguelCompany @Mario-DL