diff --git a/code/DDSCodeTester.cpp b/code/DDSCodeTester.cpp
index c37b28245..8ad5de638 100644
--- a/code/DDSCodeTester.cpp
+++ b/code/DDSCodeTester.cpp
@@ -592,6 +592,21 @@ void dds_domain_examples()
"domainParticipantPassword");
//!--
}
+ {
+ // DDS_SECURITY_AUTH_HANDSHAKE_PROPS
+ DomainParticipantQos pqos;
+
+ pqos.properties().properties().emplace_back(
+ "dds.sec.auth.builtin.PKI-DH.max_handshake_requests",
+ "5");
+ pqos.properties().properties().emplace_back(
+ "dds.sec.auth.builtin.PKI-DH.initial_handshake_resend_period",
+ "250");
+ pqos.properties().properties().emplace_back(
+ "dds.sec.auth.builtin.PKI-DH.handshake_resend_period_gain",
+ "1.5");
+ //!--
+ }
{
// DDS_SECURITY_ACCESS_CONTROL_PLUGIN
DomainParticipantQos pqos;
diff --git a/code/XMLTester.xml b/code/XMLTester.xml
index 0d4c89fda..ab1e44dc0 100644
--- a/code/XMLTester.xml
+++ b/code/XMLTester.xml
@@ -2949,6 +2949,29 @@
<-->
+DDS_SECURITY_AUTH_HANDSHAKE_PROPS<-->
+
+
+
+
+
+ dds.sec.auth.builtin.PKI-DH.max_handshake_requests
+ 5
+
+
+ dds.sec.auth.builtin.PKI-DH.initial_handshake_resend_period
+ 250
+
+
+ dds.sec.auth.builtin.PKI-DH.handshake_resend_period_gain
+ 1.5
+
+
+
+
+
+<-->
+
DDS_SECURITY_ACCESS_CONTROL_PLUGIN<-->
diff --git a/docs/fastdds/property_policies/security.rst b/docs/fastdds/property_policies/security.rst
index e353527f1..7c593a978 100644
--- a/docs/fastdds/property_policies/security.rst
+++ b/docs/fastdds/property_policies/security.rst
@@ -1,10 +1,139 @@
.. include:: ../../03-exports/aliases.include
.. include:: ../../03-exports/aliases-api.include
+.. include:: ../../03-exports/roles.include
.. _property_policies_security:
Security Plugins Settings
-------------------------
-.. warning::
- This section is still under work.
+As described in the :ref:`security` section, the security
+plugins admit a set of settings that can be configured.
+
+Authentication plugin settings
+******************************
+
+The :ref:`DDS\:Auth\:PKI-DH ` authentication plugin, can be activated setting the |DomainParticipantQos|
+|DomainParticipantQos::properties-api|
+``dds.sec.auth.plugin`` with the value ``builtin.PKI-DH``.
+The following table outlines the properties used for the :ref:`DDS\:Auth\:PKI-DH ` plugin configuration.
+
+.. list-table::
+ :header-rows: 1
+ :align: left
+
+ * - PropertyPolicyQos name
+ - PropertyPolicyQos value
+ * - ``identity_ca``
+ - URI to the X.509 v3 certificate of the Identity CA in PEM format. |br|
+ Supported URI schemes: file. |br|
+ * - ``identity_certificate``
+ - URI to an X.509 v3 certificate signed by the Identity CA in PEM format |br|
+ containing the signed public key for the Participant. |br|
+ Supported URI schemes: file.
+ * - ``identity_crl`` *(optional)*
+ - URI to a X.509 Certificate Revocation List (CRL). |br|
+ Supported URI schemes: file.
+ * - ``private_key``
+ - URI to access the private Private Key for the Participant. |br|
+ Supported URI schemes: file, :ref:`PKCS#11 `.
+ * - ``password`` *(optional)*
+ - A password used to decrypt the *private_key*. |br|
+ If the *password* property is not present, then the value supplied in the |br|
+ *private_key* property must contain the decrypted private key. |br|
+ The *password* property is ignored if the *private_key* is given in PKCS#11 scheme.
+
+.. note::
+ All properties listed above have the ``dds.sec.auth.builtin.PKI-DH."`` prefix.
+ For example: ``dds.sec.auth.builtin.PKI-DH.identity_ca``. For examples
+ and further information, please refer to the :ref:`auth-pki-dh` section.
+
+Authentication handshake settings
+*********************************
+
+The authentication phase starts when discovery information is received
+from the remote |DomainParticipants|. At this moment, the participant sends
+a handshake request until a handshake response is received from the remote participant.
+Some parameters are involved in the behavior of this exchange:
+
+* ``max_handshake_requests`` controls the maximum number of handshake requests to be sent.
+
+* ``initial_handshake_resend_period`` represents the initial waiting time (in milliseconds)
+ for the first handshake request that has to be resent.
+
+* ``handshake_resend_period_gain`` is the gain against which the period is multiplied
+ between two handshake requests.
+
+Hence, the period of time to wait for sending a new handshake request is computed at each
+iteration as the period between the last two handshake requests multiplied by the gain
+(so that the period increases).
+
+The following table lists the
+settings to configure the authentication handshake behavior within
+the ``dds.sec.auth.builtin.PKI-DH`` plugin:
+
+.. list-table::
+ :header-rows: 1
+ :align: left
+
+ * - PropertyPolicyQos name
+ - PropertyPolicyQos value
+ - PropertyPolicyQos bounds
+ - Default value
+ * - ``max_handshake_requests``
+ - ````
+ - ``[1, max)``
+ - ``10``
+ * - ``initial_handshake_resend_period``
+ - ````
+ - ``[1, max)``
+ - ``125``
+ * - ``handshake_resend_period_gain``
+ - ````
+ - ``(1.0, max)``
+ - ``1.5``
+
+.. note::
+
+ All listed properties have the ``dds.sec.auth.builtin.PKI-DH.`` prefix.
+ For example: ``dds.sec.auth.builtin.PKI-DH.max_handshake_requests``.
+
+The following is an example of how to set the properties of DomainParticipantQoS for the
+authentication handshake configuration.
+
++----------------------------------------------------------------------------------------------------------------------+
+| **C++** |
++----------------------------------------------------------------------------------------------------------------------+
+| .. literalinclude:: /../code/DDSCodeTester.cpp |
+| :language: c++ |
+| :start-after: // DDS_SECURITY_AUTH_HANDSHAKE_PROPS |
+| :end-before: //!-- |
+| :dedent: 8 |
++----------------------------------------------------------------------------------------------------------------------+
+| **XML** |
++----------------------------------------------------------------------------------------------------------------------+
+| .. literalinclude:: /../code/XMLTester.xml |
+| :language: xml |
+| :start-after: DDS_SECURITY_AUTH_HANDSHAKE_PROPS<--> |
+| :end-before: <--> |
++----------------------------------------------------------------------------------------------------------------------+
+
+Cryptographic plugin settings
+*****************************
+
+The :ref:`DDS\:Crypto\:AES-GCM-GMAC ` authentication plugin,
+can be activated setting the |DomainParticipantQos| |DomainParticipantQos::properties-api|
+``dds.sec.crypto.plugin`` with the value ``builtin.AES-GCM-GMAC``.
+Moreover, this plugin needs the activation of the :ref:`auth-pki-dh`.
+The :ref:`DDS\:Crypto\:AES-GCM-GMAC ` plugin is configured using the
+:ref:`access-permissions`, i.e the cryptography plugin is configured through the properties
+and configuration files of the access control plugin.
+For further information and examples in this regard please refer to :ref:`crypto-aes-gcm-gmac`.
+
+Logging plugin settings
+***********************
+The :ref:`DDS\:Logging\:DDS_LogTopic ` authentication plugin,
+can be activated setting the |DomainParticipantQos| |DomainParticipantQos::properties-api|
+``dds.sec.log.plugin`` with the value ``builtin.DDS_LogTopic``.
+The following table outlines the properties used for the DDS\:Logging\:DDS_LogTopic plugin configuration.
+For further information and examples follow the dedicated documentation: :ref:`logging-logtopic`.
diff --git a/docs/fastdds/security/security.rst b/docs/fastdds/security/security.rst
index 4abd09286..259a382a7 100644
--- a/docs/fastdds/security/security.rst
+++ b/docs/fastdds/security/security.rst
@@ -17,3 +17,7 @@ Security
crypto_plugin/crypto_plugin
logging_plugin/logging_plugin
pkcs11_support/pkcs11_support
+
+Also, the following section contains the list of :ref:`propertypolicyqos`
+that can be set within *Fast DDS Security*:
+:ref:`Security Property QoS Settings `.