[22280] New property to select preferred key agreement algorithm (backport #5413) #5442

mergify · 2024-11-28T15:16:43Z

Description

DDS security specifies the possibility of selecting the key agreement algorithm used to generate the shared secret at the end of the authentication phase.

The Fast DDS documentation indicates that Elliptic Curve Diffie-Hellman (ECDH) is used, but this is only the case if a participant from other vendor starts the authentication and proposes that method.

This pull request:

Changes the default key agreement algorithm to the one indicated in the documentation
Adds a new dds.sec.auth.builtin.PKI-DH.preferred_key_agreement property that allows choosing the preferred algorithm to use.

@Mergifyio backport 3.1.x

We will backport to 3.1.x, but leaving the default value of the new property to the old behavior.
We will then backport from there into 3.0.x 2.14.x 2.10.x

Contributor Checklist

Commit messages follow the project guidelines.
The code follows the style guidelines of this project.
Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally
N/A Any new/modified methods have been properly documented using Doxygen.
Any new configuration API has an equivalent XML API (with the corresponding XSD extension)
Changes are backport compatible: they do NOT break ABI nor change library core behavior.
Changes are API compatible.
New feature has been added to the versions.md file (if applicable).
New feature has been documented/Current behavior is correctly described in the documentation.
- Related documentation PR: [22280] Add documentation for preferred_key_agreement property Fast-DDS-docs#963
Applicable backports have been included in the description.

Reviewer Checklist

The PR has a milestone assigned.
The title and description correctly express the PR's purpose.
Check contributor checklist is correct.
If this is a critical bug fix, backports to the critical-only supported branches have been requested.
Check CI results: changes do not issue any warning.
Check CI results: failing tests are unrelated with the changes.

This is an automatic backport of pull request #5413 done by [Mergify](https://mergify.com).

* Refs #19921. Implement selection of key agreement. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Change default to ECDH. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add unit test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Factor out duplicated publisher code on BB test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Factor out duplicated subscriber code on BB test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add new parameter to BB test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Apply new parameter on publisher properties. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Apply new parameter on subscriber properties. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Improve emplace_back calls. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Uncrustify. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Use `DH` alias instead of `RSA`. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Add new property to communication tests XML profiles. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Fix unit test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Configure key agreement on BB test depending on process id. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add `AUTO` value to new option. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add `AUTO` value to blackbox test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Remove unused lambda capture. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Fix failing blackbox tests. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Update versions.md Signed-off-by: Miguel Company <miguelcompany@eprosima.com> --------- Signed-off-by: Miguel Company <miguelcompany@eprosima.com> (cherry picked from commit 8a99a07) # Conflicts: # versions.md

mergify · 2024-11-28T15:16:44Z

Cherry-pick of 8a99a07 has failed:

On branch mergify/bp/3.1.x/pr-5413
Your branch is up to date with 'origin/3.1.x'.

You are currently cherry-picking commit 8a99a0759.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   src/cpp/security/authentication/PKIDH.cpp
	modified:   test/blackbox/common/BlackboxTestsSecurity.cpp
	modified:   test/dds/communication/security/secure_msg_crypto_besteffort_pub_profile.xml
	modified:   test/dds/communication/security/secure_msg_submsg_crypto_besteffort_pub_profile.xml
	modified:   test/dds/communication/security/secure_msg_submsg_crypto_besteffort_sub_profile.xml
	modified:   test/dds/communication/security/secure_submsg_crypto_besteffort_pub_profile.xml
	modified:   test/dds/communication/security/secure_submsg_crypto_besteffort_sub_profile.xml
	modified:   test/dds/communication/security/simple_secure_besteffort_pub_profile.xml
	modified:   test/dds/communication/security/simple_secure_besteffort_sub_profile.xml
	modified:   test/unittest/security/authentication/AuthenticationPluginTests.hpp
	modified:   test/unittest/security/authentication/BuiltinPKIDHTests.cpp

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   versions.md

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

Mario-DL

LGTM

MiguelCompany · 2024-11-29T06:39:13Z

@Mergifyio backport 3.0.x 2.14.x 2.10.x

mergify · 2024-11-29T06:39:17Z

backport 3.0.x 2.14.x 2.10.x

✅ Backports have been created

#5443 [22280] New property to select preferred key agreement algorithm (backport #5413) (backport #5442) has been created for branch 3.0.x
#5444 [22280] New property to select preferred key agreement algorithm (backport #5413) (backport #5442) has been created for branch 2.14.x but encountered conflicts
#5445 [22280] New property to select preferred key agreement algorithm (backport #5413) (backport #5442) has been created for branch 2.10.x but encountered conflicts

* New property to select preferred key agreement algorithm (#5413) * Refs #19921. Implement selection of key agreement. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Change default to ECDH. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add unit test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Factor out duplicated publisher code on BB test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Factor out duplicated subscriber code on BB test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add new parameter to BB test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Apply new parameter on publisher properties. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Apply new parameter on subscriber properties. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Improve emplace_back calls. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Uncrustify. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Use `DH` alias instead of `RSA`. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Add new property to communication tests XML profiles. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Fix unit test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Configure key agreement on BB test depending on process id. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add `AUTO` value to new option. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add `AUTO` value to blackbox test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Remove unused lambda capture. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Fix failing blackbox tests. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Update versions.md Signed-off-by: Miguel Company <miguelcompany@eprosima.com> --------- Signed-off-by: Miguel Company <miguelcompany@eprosima.com> (cherry picked from commit 8a99a07) # Conflicts: # versions.md * Fix conflicts. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Change default value to `DH`. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> --------- Signed-off-by: Miguel Company <miguelcompany@eprosima.com> Co-authored-by: Miguel Company <miguelcompany@eprosima.com> (cherry picked from commit 4d793f0)

* New property to select preferred key agreement algorithm (#5413) * Refs #19921. Implement selection of key agreement. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Change default to ECDH. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add unit test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Factor out duplicated publisher code on BB test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Factor out duplicated subscriber code on BB test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add new parameter to BB test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Apply new parameter on publisher properties. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Apply new parameter on subscriber properties. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Improve emplace_back calls. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Uncrustify. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Use `DH` alias instead of `RSA`. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Add new property to communication tests XML profiles. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Fix unit test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Configure key agreement on BB test depending on process id. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add `AUTO` value to new option. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add `AUTO` value to blackbox test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Remove unused lambda capture. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Fix failing blackbox tests. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Update versions.md Signed-off-by: Miguel Company <miguelcompany@eprosima.com> --------- Signed-off-by: Miguel Company <miguelcompany@eprosima.com> (cherry picked from commit 8a99a07) # Conflicts: # versions.md * Fix conflicts. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Change default value to `DH`. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> --------- Signed-off-by: Miguel Company <miguelcompany@eprosima.com> Co-authored-by: Miguel Company <miguelcompany@eprosima.com> (cherry picked from commit 4d793f0) # Conflicts: # test/blackbox/common/BlackboxTestsSecurity.cpp # versions.md

…) (#5443) * New property to select preferred key agreement algorithm (#5413) * Refs #19921. Implement selection of key agreement. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Change default to ECDH. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add unit test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Factor out duplicated publisher code on BB test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Factor out duplicated subscriber code on BB test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add new parameter to BB test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Apply new parameter on publisher properties. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Apply new parameter on subscriber properties. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Improve emplace_back calls. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Uncrustify. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Use `DH` alias instead of `RSA`. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Add new property to communication tests XML profiles. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Fix unit test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Configure key agreement on BB test depending on process id. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add `AUTO` value to new option. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #19921. Add `AUTO` value to blackbox test. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Remove unused lambda capture. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Refs #22280. Fix failing blackbox tests. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Update versions.md Signed-off-by: Miguel Company <miguelcompany@eprosima.com> --------- Signed-off-by: Miguel Company <miguelcompany@eprosima.com> (cherry picked from commit 8a99a07) # Conflicts: # versions.md * Fix conflicts. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> * Change default value to `DH`. Signed-off-by: Miguel Company <miguelcompany@eprosima.com> --------- Signed-off-by: Miguel Company <miguelcompany@eprosima.com> Co-authored-by: Miguel Company <miguelcompany@eprosima.com> (cherry picked from commit 4d793f0) Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

mergify bot added the conflicts Backport PR wich git cherry pick failed label Nov 28, 2024

mergify bot mentioned this pull request Nov 28, 2024

[22280] New property to select preferred key agreement algorithm #5413

Merged

15 tasks

MiguelCompany added 2 commits November 28, 2024 16:19

Fix conflicts.

6fe7b3c

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

Change default value to DH.

86bef69

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>

MiguelCompany requested a review from Mario-DL November 28, 2024 15:21

MiguelCompany added this to the v3.1.1 milestone Nov 28, 2024

MiguelCompany removed the conflicts Backport PR wich git cherry pick failed label Nov 28, 2024

MiguelCompany requested review from Mario-DL and removed request for Mario-DL November 28, 2024 15:22

github-actions bot added the ci-pending PR which CI is running label Nov 28, 2024

Mario-DL approved these changes Nov 29, 2024

View reviewed changes

MiguelCompany merged commit 4d793f0 into 3.1.x Nov 29, 2024
19 of 21 checks passed

MiguelCompany deleted the mergify/bp/3.1.x/pr-5413 branch November 29, 2024 06:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[22280] New property to select preferred key agreement algorithm (backport #5413) #5442

[22280] New property to select preferred key agreement algorithm (backport #5413) #5442

mergify bot commented Nov 28, 2024

mergify bot commented Nov 28, 2024

Mario-DL left a comment

MiguelCompany commented Nov 29, 2024

mergify bot commented Nov 29, 2024 •

edited

Loading

[22280] New property to select preferred key agreement algorithm (backport #5413) #5442

[22280] New property to select preferred key agreement algorithm (backport #5413) #5442

Conversation

mergify bot commented Nov 28, 2024

Description

Contributor Checklist

Reviewer Checklist

mergify bot commented Nov 28, 2024

Mario-DL left a comment

Choose a reason for hiding this comment

MiguelCompany commented Nov 29, 2024

mergify bot commented Nov 29, 2024 • edited Loading

✅ Backports have been created

mergify bot commented Nov 29, 2024 •

edited

Loading