DDS-SECURITY 1.2 RTF Avatar
  1. OMG Issue

DDSSEC12 — CryptoTransformIdentifier extensibility FINAL is not compatibly with its derived classes

  • Key: DDSSEC12-14
  • Status: open  
  • Source: Real-Time Innovations ( Gerardo Pardo-Castellote)
  • Summary:

    Section 7.3.7.3 defines CryptoHeader as inheriting from CryptoTransformIdentifier. However CryptoHeader is APPENDABLE and CryptoTransformIdentifier is FINAL.

    This does not seem possible according to XTYPES.

    We want CryptoHeader to remain APPENDABLE so we have two choices. Either make CryptoTransformIdentifier also APPENDABLE or re-define CryptoHeader from:

    @extensibility(APPENDABLE)
    struct CryptoHeader : CryptoTransformIdentifier  {
        // Extra plugin-specific information added below
        // CryptoHeader   plugin_crypto_header_extra;
    };
    

    To be:

    @extensibility(APPENDABLE)
    struct CryptoHeader   {
        CryptoTransformIdentifier base;
        // Extra plugin-specific information added below
        // CryptoHeader   plugin_crypto_header_extra;
    };
    

    This second approach would appear to be better as is is wire compatible with the existing definitions.

    This would also affect 9.5.2.3 were it defines the plugin-specifc struct CryptoHeader as:

    // Serialized as Big Endian
    @extensibility(FINAL)
    struct CryptoHeader {
        CryptoTransformIdentifier transform_identifier;
        octet                     session_id[4];
        octet                     initialization_vector_suffix[8];
    };
    

    This would seem inconsistent since we are effectively extending something marked as FINAL.

  • Reported: DDS-SECURITY 1.1 — Sat, 16 Dec 2017 04:11 GMT
  • Updated: Sat, 16 Dec 2017 04:15 GMT