-
Key: DDSSEC12-2
-
Status: open
-
Source: THALES ( Cyril Dangerville)
-
Summary:
An implementation of the built-in Cryptography plugin is not compatible with the local implementation of the built-in Authentication, unless it uses/understands the same type of SharedSecretHandle. (SharedSecretHandle is the interface defined at the architecture level.) Therefore, the two built-in plugins are tied together and you cannot replace one or another with any other implementation of the same built-in plugin.
It is possible to make them independent in two possible ways (at least):- Define a BuiltinSharedSecretHandle that extends SharedSecretHandle interface, and has 3 methods like this:
- octet[] getChallenge1(): returns challenge1 from the authentication handshake
- octet[] getChallenge2(): returns challenge2 from the authentication handshake
- octet[] getSharedSecret(): returns the shared secret from the authentication handshake
- OR define a new type of Token (IDL structure) - e.g. HandshakeResultToken - for the final output of the Authentication handshake like this:
- class_id DDS:Auth:PKI-DH:1.0+Result
- binary_properties: challenge1, challenge2, SharedSecret
In both cases, it would change the specs of the methods get_shared_secret() and return_shared_handle() of the Authentication plugin, section 9.3.3.
- Define a BuiltinSharedSecretHandle that extends SharedSecretHandle interface, and has 3 methods like this:
-
Reported: DDS-SECURITY 1.0b1 — Tue, 1 Mar 2016 17:36 GMT
-
Updated: Mon, 25 Mar 2024 15:55 GMT
DDSSEC12 — Built-in Authentication and Cryptography plugins tied together by SharedSecretHandle implementation
- Key: DDSSEC12-2
- OMG Task Force: DDS Security 1.2 RTF