|
|
@@ -5,48 +5,23 @@
|
|
|
* Author: opcua
|
|
|
*/
|
|
|
#include "opcua_secureChannelLayer.h"
|
|
|
-#include "opcua_connectionHelper.h"
|
|
|
#include <stdio.h>
|
|
|
|
|
|
|
|
|
-
|
|
|
-/* Initializes securechannel connection */
|
|
|
-Int32 SL_initConnection(SL_connection *connection,
|
|
|
- UInt32 secureChannelId,
|
|
|
- UA_ByteString *serverNonce,
|
|
|
- UA_ByteString *securityPolicyUri,
|
|
|
- Int32 revisedLifetime)
|
|
|
-{
|
|
|
- connection->securityToken.secureChannelId = secureChannelId;//TODO generate valid secureChannel Id
|
|
|
-
|
|
|
- connection->securityToken.revisedLifetime = revisedLifetime;
|
|
|
- connection->SecurityPolicyUri.Data = securityPolicyUri->Data;
|
|
|
- connection->SecurityPolicyUri.Length = securityPolicyUri->Length;
|
|
|
- connection->connectionState = connectionState_CLOSED;
|
|
|
-
|
|
|
- connection->secureChannelId.Data = NULL;
|
|
|
- connection->secureChannelId.Length = 0;
|
|
|
-
|
|
|
- connection->serverNonce.Data = serverNonce->Data;
|
|
|
- connection->serverNonce.Length = serverNonce->Length;
|
|
|
-
|
|
|
-
|
|
|
- return UA_NO_ERROR;
|
|
|
-}
|
|
|
-
|
|
|
+/*
|
|
|
+ * opens a secureChannel (server side)
|
|
|
+ */
|
|
|
Int32 SL_secureChannel_open(const UA_connection *connection,
|
|
|
const AD_RawMessage *secureChannelPacket,
|
|
|
const SL_SecureConversationMessageHeader *SCMHeader,
|
|
|
const SL_AsymmetricAlgorithmSecurityHeader *AASHeader,
|
|
|
- const SL_SequenceHeader *SequenceHeader)
|
|
|
-{
|
|
|
-
|
|
|
+ const SL_SequenceHeader *SequenceHeader) {
|
|
|
UA_AD_ResponseHeader responseHeader;
|
|
|
AD_RawMessage rawMessage;
|
|
|
Int32 position = 0;
|
|
|
//SL_secureChannel_ResponseHeader_get(connection,&responseHeader);
|
|
|
Int32 size = responseHeader_calcSize(&responseHeader);
|
|
|
- rawMessage.message = (char*)opcua_malloc(size);
|
|
|
+ rawMessage.message = (char*) opcua_malloc(size);
|
|
|
|
|
|
encodeResponseHeader(&responseHeader, &position, &rawMessage);
|
|
|
|
|
|
@@ -55,32 +30,20 @@ Int32 SL_secureChannel_open(const UA_connection *connection,
|
|
|
return UA_NO_ERROR;
|
|
|
}
|
|
|
|
|
|
-Int32 SL_openSecureChannel_responseMessage(UA_connection *connection, Int32 tokenLifetime, SL_Response *response)
|
|
|
-{
|
|
|
-
|
|
|
-
|
|
|
- response->ServerNonce.Length = connection->secureLayer->serverNonce.Length; // TODO set a valid value for the Server Nonce
|
|
|
- response->ServerNonce.Data = connection->secureLayer->serverNonce.Data;
|
|
|
-
|
|
|
- response->ServerProtocolVersion = connection->transportLayer.localConf.protocolVersion;
|
|
|
-
|
|
|
-
|
|
|
- response->SecurityToken.createdAt = opcua_time_now(); //
|
|
|
- //save the request time
|
|
|
- connection->secureLayer->securityToken.createdAt = response->SecurityToken.createdAt;
|
|
|
-
|
|
|
- response->SecurityToken.revisedLifetime = tokenLifetime;
|
|
|
-
|
|
|
- //save the revised lifetime of security token
|
|
|
- connection->secureLayer->securityToken.revisedLifetime = tokenLifetime;
|
|
|
-
|
|
|
- response->SecurityToken.secureChannelId = connection->secureLayer->securityToken.secureChannelId; //TODO set a valid value for secureChannel id
|
|
|
+Int32 SL_openSecureChannel_responseMessage_get(UA_connection *connection,
|
|
|
+ SL_Response *response, Int32* sizeInOut) {
|
|
|
|
|
|
+ response->ServerNonce.Length = 0; // TODO set a valid value for the Server Nonce
|
|
|
+ response->ServerProtocolVersion = 0; //
|
|
|
+ response->SecurityToken.createdAt = opcua_getTime(); //
|
|
|
+ response->SecurityToken.revisedLifetime = 300000; //TODO set Lifetime of Security Token
|
|
|
+ response->SecurityToken.secureChannelId =
|
|
|
+ connection->secureLayer.UInt32_secureChannelId; //TODO set a valid value for secureChannel id
|
|
|
return UA_NO_ERROR;
|
|
|
}
|
|
|
|
|
|
-Int32 SL_openSecureChannel_responseMessage_calcSize(SL_Response *response, Int32* sizeInOut)
|
|
|
-{
|
|
|
+Int32 SL_openSecureChannel_responseMessage_calcSize(SL_Response *response,
|
|
|
+ Int32* sizeInOut) {
|
|
|
Int32 length = 0;
|
|
|
length += sizeof(response->SecurityToken);
|
|
|
length += UAString_calcSize(response->ServerNonce);
|
|
|
@@ -91,141 +54,121 @@ Int32 SL_openSecureChannel_responseMessage_calcSize(SL_Response *response, Int32
|
|
|
/*
|
|
|
* closes a secureChannel (server side)
|
|
|
*/
|
|
|
-void SL_secureChannel_close(UA_connection *connection)
|
|
|
-{
|
|
|
+void SL_secureChannel_close(UA_connection *connection) {
|
|
|
|
|
|
}
|
|
|
-Int32 SL_check(UA_connection *connection,UA_ByteString secureChannelPacket)
|
|
|
-{
|
|
|
+Int32 SL_check(UA_connection *connection, UA_ByteString secureChannelPacket) {
|
|
|
return UA_NO_ERROR;
|
|
|
}
|
|
|
-Int32 SL_createSecurityToken(UA_connection *connection, Int32 lifeTime)
|
|
|
-{
|
|
|
+Int32 SL_createSecurityToken(UA_connection *connection, Int32 lifeTime) {
|
|
|
return UA_NO_ERROR;
|
|
|
}
|
|
|
|
|
|
-
|
|
|
-/* 62451-6 §6.4.4, Table 34
|
|
|
- *
|
|
|
- */
|
|
|
-Int32 SL_processMessage(UA_connection *connection, UA_ByteString message)
|
|
|
-{
|
|
|
+Int32 SL_processMessage(UA_connection *connection, UA_ByteString message) {
|
|
|
Int32 pos = 0;
|
|
|
UA_AD_RequestHeader requestHeader;
|
|
|
UInt32 clientProtocolVersion;
|
|
|
- UA_NodeId ServiceRequestType;
|
|
|
+ UA_NodeId serviceRequestType;
|
|
|
Int32 requestType;
|
|
|
Int32 securityMode;
|
|
|
Int32 requestedLifetime;
|
|
|
+ UA_ByteString clientNonce;
|
|
|
+
|
|
|
+ // Every Message starts with a NodeID which names the serviceRequestType
|
|
|
+ decoder_decodeBuiltInDatatype(message.Data, NODE_ID, &pos,
|
|
|
+ &serviceRequestType);
|
|
|
+ UA_NodeId_printf("SL_processMessage - serviceRequestType=",
|
|
|
+ &serviceRequestType);
|
|
|
+
|
|
|
+ if (serviceRequestType.EncodingByte == NIEVT_FOUR_BYTE
|
|
|
+ && serviceRequestType.Identifier.Numeric == 446) {
|
|
|
+ /* OpenSecureChannelService, defined in 62541-6 §6.4.4, Table 34.
|
|
|
+ * Note that part 6 adds ClientProtocolVersion and ServerProtocolVersion
|
|
|
+ * to the definition in part 4
|
|
|
+ *
|
|
|
+ * Request
|
|
|
+ *
|
|
|
+ * Req-1) RequestHeader requestHeader
|
|
|
+ * Req-2) UInt32 ClientProtocolVersion
|
|
|
+ * Req-3) Enum SecurityTokenRequestType requestType
|
|
|
+ * Req-4) Enum MessageSecurityMode SecurityMode
|
|
|
+ * Req-5) ByteString ClientNonce
|
|
|
+ * Req-6) Int32 RequestLifetime
|
|
|
+ *
|
|
|
+ * Response
|
|
|
+ *
|
|
|
+ * Res-1) ResponseHeader responseHeader
|
|
|
+ * Res-2) UInt32 ServerProtocolVersion
|
|
|
+ * Res-3) SecurityToken channelSecurityToken
|
|
|
+ * Res-5) ByteString ServerNonce
|
|
|
+ */
|
|
|
+
|
|
|
+ UA_ByteString_printx("SL_processMessage - message=", &message);
|
|
|
+
|
|
|
+ // Req-1) RequestHeader requestHeader
|
|
|
+ decoder_decodeRequestHeader(message.Data, &pos, &requestHeader);
|
|
|
+ UA_String_printf("SL_processMessage - requestHeader.auditEntryId=",
|
|
|
+ &requestHeader.auditEntryId);
|
|
|
+ UA_NodeId_printf(
|
|
|
+ "SL_processMessage - requestHeader.authenticationToken=",
|
|
|
+ &requestHeader.authenticationToken);
|
|
|
+
|
|
|
+ // Req-2) UInt32 ClientProtocolVersion
|
|
|
+ decoder_decodeBuiltInDatatype(message.Data, UINT32, &pos,
|
|
|
+ &clientProtocolVersion);
|
|
|
+ printf("SL_processMessage - clientProtocolVersion=%d\n",clientProtocolVersion);
|
|
|
+
|
|
|
+ if (clientProtocolVersion
|
|
|
+ != connection->transportLayer.remoteConf.protocolVersion) {
|
|
|
+ printf("SL_processMessage - error protocol version \n");
|
|
|
+ //TODO error protocol version
|
|
|
+ //TODO ERROR_Bad_ProtocolVersionUnsupported
|
|
|
|
|
|
- decoder_decodeBuiltInDatatype(message.Data,NODE_ID,&pos,&ServiceRequestType);
|
|
|
- UA_NodeId_printf("SL_processMessage - serviceRequestType=",&ServiceRequestType);
|
|
|
-
|
|
|
- if(ServiceRequestType.EncodingByte == NIEVT_FOUR_BYTE)
|
|
|
- {
|
|
|
- if(ServiceRequestType.Identifier.Numeric == 446) // OpensecureChannelRequest
|
|
|
- {
|
|
|
- decoder_decodeRequestHeader(message.Data, &pos, &requestHeader);
|
|
|
- UA_String_printf("SL_processMessage - requestHeader.auditEntryId=",&requestHeader.auditEntryId);
|
|
|
- UA_NodeId_printf("SL_processMessage - requestHeader.authenticationToken=", &requestHeader.authenticationToken);
|
|
|
-
|
|
|
- decoder_decodeBuiltInDatatype(message.Data,UINT32, &pos, &clientProtocolVersion);
|
|
|
-
|
|
|
- if(clientProtocolVersion != connection->transportLayer.remoteConf.protocolVersion)
|
|
|
- {
|
|
|
- printf("SL_processMessage - error protocol version \n");
|
|
|
- //TODO error protocol version
|
|
|
- //TODO ERROR_Bad_ProtocolVersionUnsupported
|
|
|
+ }
|
|
|
|
|
|
+ // Req-3) SecurityTokenRequestType requestType
|
|
|
+ decoder_decodeBuiltInDatatype(message.Data, INT32, &pos, &requestType);
|
|
|
+ printf("SL_processMessage - requestType=%d\n",requestType);
|
|
|
+ switch (requestType) {
|
|
|
+ case securityToken_ISSUE:
|
|
|
+ if (connection->secureLayer.connectionState
|
|
|
+ == connectionState_ESTABLISHED) {
|
|
|
+ printf("SL_processMessage - multiply security token request");
|
|
|
+ //TODO return ERROR
|
|
|
+ return UA_ERROR;
|
|
|
}
|
|
|
-
|
|
|
- //securityTokenRequestType
|
|
|
- decoder_decodeBuiltInDatatype(message.Data,INT32,&pos,&requestType);
|
|
|
- switch(requestType)
|
|
|
- {
|
|
|
- case securityToken_ISSUE:
|
|
|
- if(connection->secureLayer->connectionState == connectionState_ESTABLISHED)
|
|
|
- {
|
|
|
- printf("SL_processMessage - multiply security token request");
|
|
|
- //TODO return ERROR
|
|
|
- return UA_ERROR;
|
|
|
- }
|
|
|
- printf("SL_processMessage - TODO: create new token for a new SecureChannel\n");
|
|
|
+ printf(
|
|
|
+ "SL_processMessage - TODO: create new token for a new SecureChannel\n");
|
|
|
// SL_createNewToken(connection);
|
|
|
- break;
|
|
|
- case securityToken_RENEW:
|
|
|
- if(connection->secureLayer->connectionState == connectionState_CLOSED)
|
|
|
- {
|
|
|
- printf("SL_processMessage - renew token request received, but no secureChannel was established before");
|
|
|
- //TODO return ERROR
|
|
|
- return UA_ERROR;
|
|
|
- }
|
|
|
- printf("TODO: create new token for an existing SecureChannel\n");
|
|
|
- break;
|
|
|
- }
|
|
|
-
|
|
|
- //securityMode
|
|
|
- decoder_decodeBuiltInDatatype(message.Data,INT32,&pos,&securityMode);
|
|
|
- switch(securityMode)
|
|
|
- {
|
|
|
- case securityMode_INVALID:
|
|
|
- connection->secureLayer->clientNonce.Data = NULL;
|
|
|
- connection->secureLayer->clientNonce.Length = 0;
|
|
|
- printf("SL_processMessage - client demands no security \n");
|
|
|
- break;
|
|
|
- case securityMode_SIGN:
|
|
|
- //TODO check if senderCertificate and ReceiverCertificateThumbprint are present
|
|
|
- break;
|
|
|
-
|
|
|
- case securityMode_SIGNANDENCRYPT:
|
|
|
- //TODO check if senderCertificate and ReceiverCertificateThumbprint are present
|
|
|
- break;
|
|
|
+ break;
|
|
|
+ case securityToken_RENEW:
|
|
|
+ if (connection->secureLayer.connectionState
|
|
|
+ == connectionState_CLOSED) {
|
|
|
+ printf(
|
|
|
+ "SL_processMessage - renew token request received, but no secureChannel was established before");
|
|
|
+ //TODO return ERROR
|
|
|
+ return UA_ERROR;
|
|
|
}
|
|
|
- // requestedLifetime
|
|
|
- decoder_decodeBuiltInDatatype(message.Data,INT32,&pos,&requestedLifetime);
|
|
|
- //TODO process requestedLifetime
|
|
|
-/* --------------------------------------------------------------------------------
|
|
|
- UA_ByteString responseMessage;
|
|
|
- char * response;
|
|
|
- Int32 pos = 0;
|
|
|
- String_Array stringArray;
|
|
|
-
|
|
|
- stringArray.arrayLength = 0;
|
|
|
- stringArray.data = NULL;
|
|
|
-
|
|
|
- stringArray.dimensions.data = NULL;
|
|
|
- stringArray.dimensions.length = 0;
|
|
|
-
|
|
|
- UA_DateTime now = opcua_time_now();
|
|
|
- UA_DiagnosticInfo returnDiagnostics;
|
|
|
-
|
|
|
- Int32 StatusCode;
|
|
|
- encoder_encodeBuiltInDatatype(now, DATE_TIME, &pos, response);
|
|
|
- encoder_encodeBuiltInDatatype(requestHeader.requestHandle,INT32,&pos,response);
|
|
|
- //return a valid StatusCode
|
|
|
- StatusCode = 0; //TODO generate valid StatusCode
|
|
|
- encoder_encodeBuiltInDatatype(StatusCode,Int32,&pos,response);
|
|
|
-
|
|
|
- encoder_encodeBuiltInDatatype
|
|
|
-
|
|
|
- returnDiagnostics.EncodingMask = 0; // TODO return Dianostics if client requests
|
|
|
-
|
|
|
- encoder_encodeBuiltInDatatype(returnDiagnostics,Int32,&pos,response);
|
|
|
- //encoder_encodeBuiltInDatatype(stringArray,STRING_ARRAY,pos,response);
|
|
|
-
|
|
|
- encoder_encodebuiltInDatatypeArray(stringArray.data,stringArray.arrayLength,STRING_ARRAY,&pos,response);
|
|
|
- UA_ExtensionObject additionalHeader;
|
|
|
- additionalHeader.Encoding = 0;
|
|
|
-
|
|
|
- encode_encodebuiltInDatatype(&addtionalHeader
|
|
|
- //get memory
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
+ printf("TODO: create new token for an existing SecureChannel\n");
|
|
|
+ break;
|
|
|
+ }
|
|
|
|
|
|
-/* -------------------------------------------------------------------------------- */
|
|
|
- //SL_openSecureChannel_respond(connection,TOKEN_LIFETIME);
|
|
|
+ // Req-4) MessageSecurityMode SecurityMode
|
|
|
+ decoder_decodeBuiltInDatatype(message.Data, INT32, &pos, &securityMode);
|
|
|
+ printf("SL_processMessage - securityMode=%d\n",securityMode);
|
|
|
+ switch (securityMode) {
|
|
|
+ case securityMode_INVALID:
|
|
|
+ connection->secureLayer.clientNonce.Data = NULL;
|
|
|
+ connection->secureLayer.clientNonce.Length = 0;
|
|
|
+ printf("SL_processMessage - client demands no security \n");
|
|
|
+ break;
|
|
|
+ case securityMode_SIGN:
|
|
|
+ //TODO check if senderCertificate and ReceiverCertificateThumbprint are present
|
|
|
+ break;
|
|
|
|
|
|
+ case securityMode_SIGNANDENCRYPT:
|
|
|
+ //TODO check if senderCertificate and ReceiverCertificateThumbprint are present
|
|
|
+ break;
|
|
|
}
|
|
|
else
|
|
|
{
|
|
|
@@ -233,15 +176,27 @@ Int32 SL_processMessage(UA_connection *connection, UA_ByteString message)
|
|
|
//TODO change error code
|
|
|
return UA_ERROR;
|
|
|
|
|
|
- }
|
|
|
+ // Req-5) ByteString ClientNonce
|
|
|
+ decoder_decodeBuiltInDatatype(message.Data, BYTE_STRING, &pos, &clientNonce);
|
|
|
+ UA_String_printf("SL_processMessage - clientNonce=",&clientNonce);
|
|
|
+
|
|
|
+ // Req-6) Int32 RequestLifetime
|
|
|
+ decoder_decodeBuiltInDatatype(message.Data, INT32, &pos,
|
|
|
+ &requestedLifetime);
|
|
|
+ printf("SL_processMessage - requestedLifeTime=%d\n",requestedLifetime);
|
|
|
+ //TODO process requestedLifetime
|
|
|
+ } else {
|
|
|
+ printf("SL_processMessage - unknown service request");
|
|
|
+ //TODO change error code
|
|
|
+ return UA_ERROR;
|
|
|
+
|
|
|
}
|
|
|
return UA_NO_ERROR;
|
|
|
}
|
|
|
/*
|
|
|
* receive and process data from underlying layer
|
|
|
*/
|
|
|
-void SL_receive(UA_connection *connection, UA_ByteString *serviceMessage)
|
|
|
-{
|
|
|
+void SL_receive(UA_connection *connection, UA_ByteString *serviceMessage) {
|
|
|
UA_ByteString secureChannelPacket;
|
|
|
UA_ByteString message;
|
|
|
SL_SecureConversationMessageHeader SCM_Header;
|
|
|
@@ -256,149 +211,140 @@ void SL_receive(UA_connection *connection, UA_ByteString *serviceMessage)
|
|
|
|
|
|
TL_receive(connection, &secureChannelPacket);
|
|
|
|
|
|
- if(secureChannelPacket.Length > 0 && secureChannelPacket.Data != NULL)
|
|
|
- {
|
|
|
-
|
|
|
+ if (secureChannelPacket.Length > 0 && secureChannelPacket.Data != NULL) {
|
|
|
|
|
|
printf("SL_receive - data received \n");
|
|
|
packetType = TL_getPacketType(&secureChannelPacket, &pos);
|
|
|
|
|
|
- decodeSCMHeader(&secureChannelPacket,&pos,&SCM_Header);
|
|
|
-
|
|
|
- switch(SCM_Header.MessageType)
|
|
|
- {
|
|
|
-
|
|
|
- case packetType_OPN : /* openSecureChannel Message received */
|
|
|
-
|
|
|
- decodeAASHeader(&secureChannelPacket,&pos,&AAS_Header);
|
|
|
- UA_String_printf("SL_receive - AAS_Header.ReceiverThumbprint=", &(AAS_Header.ReceiverThumbprint));
|
|
|
- UA_String_printf("SL_receive - AAS_Header.SecurityPolicyUri=", &(AAS_Header.SecurityPolicyUri));
|
|
|
- UA_String_printf("SL_receive - AAS_Header.SenderCertificate=", &(AAS_Header.SenderCertificate));
|
|
|
- if(SCM_Header.SecureChannelId != 0)
|
|
|
- {
|
|
|
-
|
|
|
- iTmp = UA_ByteString_compare(&(connection->secureLayer->SenderCertificate), &(AAS_Header.SenderCertificate));
|
|
|
- if(iTmp != UA_EQUAL)
|
|
|
- {
|
|
|
- printf("SL_receive - UA_ERROR_BadSecureChannelUnknown \n");
|
|
|
- //TODO return UA_ERROR_BadSecureChannelUnknown
|
|
|
- }
|
|
|
-
|
|
|
+ decodeSCMHeader(&secureChannelPacket, &pos, &SCM_Header);
|
|
|
+
|
|
|
+ switch (SCM_Header.MessageType) {
|
|
|
+
|
|
|
+ case packetType_OPN: /* openSecureChannel Message received */
|
|
|
+ decodeAASHeader(&secureChannelPacket, &pos, &AAS_Header);
|
|
|
+ UA_String_printf("SL_receive - AAS_Header.ReceiverThumbprint=",
|
|
|
+ &(AAS_Header.ReceiverThumbprint));
|
|
|
+ UA_String_printf("SL_receive - AAS_Header.SecurityPolicyUri=",
|
|
|
+ &(AAS_Header.SecurityPolicyUri));
|
|
|
+ UA_String_printf("SL_receive - AAS_Header.SenderCertificate=",
|
|
|
+ &(AAS_Header.SenderCertificate));
|
|
|
+ if (SCM_Header.SecureChannelId != 0) {
|
|
|
+
|
|
|
+ iTmp = UA_ByteString_compare(
|
|
|
+ &(connection->secureLayer.SenderCertificate),
|
|
|
+ &(AAS_Header.SenderCertificate));
|
|
|
+ if (iTmp != UA_EQUAL) {
|
|
|
+ printf("SL_receive - UA_ERROR_BadSecureChannelUnknown \n");
|
|
|
+ //TODO return UA_ERROR_BadSecureChannelUnknown
|
|
|
}
|
|
|
|
|
|
- decodeSequenceHeader(&secureChannelPacket,&pos,&SequenceHeader);
|
|
|
- printf("SL_receive - SequenceHeader.RequestId=%d\n",SequenceHeader.RequestId);
|
|
|
- printf("SL_receive - SequenceHeader.SequenceNr=%d\n",SequenceHeader.SequenceNumber);
|
|
|
+ }
|
|
|
|
|
|
- //TODO check that the sequence number is smaller than MaxUInt32 - 1024
|
|
|
- connection->secureLayer->sequenceNumber = SequenceHeader.SequenceNumber;
|
|
|
+ decodeSequenceHeader(&secureChannelPacket, &pos, &SequenceHeader);
|
|
|
+ printf("SL_receive - SequenceHeader.RequestId=%d\n",
|
|
|
+ SequenceHeader.RequestId);
|
|
|
+ printf("SL_receive - SequenceHeader.SequenceNr=%d\n",
|
|
|
+ SequenceHeader.SequenceNumber);
|
|
|
|
|
|
- //SL_decrypt(&secureChannelPacket);
|
|
|
+ //TODO check that the sequence number is smaller than MaxUInt32 - 1024
|
|
|
+ connection->secureLayer.sequenceNumber =
|
|
|
+ SequenceHeader.SequenceNumber;
|
|
|
|
|
|
- message.Data = &secureChannelPacket.Data[pos];
|
|
|
- message.Length = secureChannelPacket.Length - pos;
|
|
|
+ //SL_decrypt(&secureChannelPacket);
|
|
|
+ message.Data = &secureChannelPacket.Data[pos];
|
|
|
+ message.Length = secureChannelPacket.Length - pos;
|
|
|
|
|
|
- SL_processMessage(connection, message);
|
|
|
+ SL_processMessage(connection, message);
|
|
|
|
|
|
break;
|
|
|
- case packetType_MSG : /* secure Channel Message received */
|
|
|
- if(connection->secureLayer->connectionState == connectionState_ESTABLISHED)
|
|
|
- {
|
|
|
- //TODO
|
|
|
+ case packetType_MSG: /* secure Channel Message received */
|
|
|
+ if (connection->secureLayer.connectionState
|
|
|
+ == connectionState_ESTABLISHED) {
|
|
|
|
|
|
- if(SCM_Header.SecureChannelId == connection->secureLayer->securityToken.secureChannelId)
|
|
|
- {
|
|
|
+ if (SCM_Header.SecureChannelId
|
|
|
+ == connection->secureLayer.UInt32_secureChannelId) {
|
|
|
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
+ } else {
|
|
|
//TODO generate ERROR_Bad_SecureChannelUnkown
|
|
|
}
|
|
|
-
|
|
|
}
|
|
|
|
|
|
break;
|
|
|
- case packetType_CLO : /* closeSecureChannel Message received */
|
|
|
- if(SL_check(connection,secureChannelPacket) == UA_NO_ERROR)
|
|
|
- {
|
|
|
+ case packetType_CLO: /* closeSecureChannel Message received */
|
|
|
+ if (SL_check(connection, secureChannelPacket) == UA_NO_ERROR) {
|
|
|
|
|
|
}
|
|
|
break;
|
|
|
}
|
|
|
|
|
|
-
|
|
|
-
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
+ } else {
|
|
|
printf("SL_receive - no data received \n");
|
|
|
}
|
|
|
/*
|
|
|
- Int32 readPosition = 0;
|
|
|
-
|
|
|
- //get the Secure Channel Message Header
|
|
|
- decodeSCMHeader(secureChannelPacket,
|
|
|
- &readPosition, &SCM_Header);
|
|
|
-
|
|
|
- //get the Secure Channel Asymmetric Algorithm Security Header
|
|
|
- decodeAASHeader(secureChannelPacket,
|
|
|
- &readPosition, &AAS_Header);
|
|
|
-
|
|
|
- //get the Sequence Header
|
|
|
- decodeSequenceHeader(secureChannelPacket,
|
|
|
- &readPosition, &SequenceHeader);
|
|
|
-
|
|
|
- //get Secure Channel Message
|
|
|
- //SL_secureChannel_Message_get(connection, secureChannelPacket,
|
|
|
-// &readPosition,serviceMessage);
|
|
|
-
|
|
|
- if (secureChannelPacket->length > 0)
|
|
|
- {
|
|
|
- switch (SCM_Header.MessageType)
|
|
|
- {
|
|
|
- case packetType_MSG:
|
|
|
- if (connection->secureLayer.connectionState
|
|
|
- == connectionState_ESTABLISHED)
|
|
|
- {
|
|
|
-
|
|
|
- }
|
|
|
- else //receiving message, without secure channel
|
|
|
- {
|
|
|
- //TODO send back Error Message
|
|
|
- }
|
|
|
- break;
|
|
|
- case packetType_OPN:
|
|
|
- //Server Handling
|
|
|
- // if (openSecureChannelHeader_check(connection, secureChannelPacket))
|
|
|
- // {
|
|
|
- //check if the request is valid
|
|
|
- // SL_openSecureChannelRequest_check(connection, secureChannelPacket);
|
|
|
- // }
|
|
|
- // else
|
|
|
- // {
|
|
|
- // //TODO send back Error Message
|
|
|
- // }
|
|
|
- //Client Handling
|
|
|
-
|
|
|
- //TODO free memory for secureChannelPacket
|
|
|
-
|
|
|
- break;
|
|
|
- case packetType_CLO:
|
|
|
-
|
|
|
-
|
|
|
- //TODO free memory for secureChannelPacket
|
|
|
- break;
|
|
|
- }
|
|
|
-
|
|
|
- }
|
|
|
-*/
|
|
|
+ Int32 readPosition = 0;
|
|
|
+
|
|
|
+ //get the Secure Channel Message Header
|
|
|
+ decodeSCMHeader(secureChannelPacket,
|
|
|
+ &readPosition, &SCM_Header);
|
|
|
+
|
|
|
+ //get the Secure Channel Asymmetric Algorithm Security Header
|
|
|
+ decodeAASHeader(secureChannelPacket,
|
|
|
+ &readPosition, &AAS_Header);
|
|
|
+
|
|
|
+ //get the Sequence Header
|
|
|
+ decodeSequenceHeader(secureChannelPacket,
|
|
|
+ &readPosition, &SequenceHeader);
|
|
|
+
|
|
|
+ //get Secure Channel Message
|
|
|
+ //SL_secureChannel_Message_get(connection, secureChannelPacket,
|
|
|
+ // &readPosition,serviceMessage);
|
|
|
+
|
|
|
+ if (secureChannelPacket->length > 0)
|
|
|
+ {
|
|
|
+ switch (SCM_Header.MessageType)
|
|
|
+ {
|
|
|
+ case packetType_MSG:
|
|
|
+ if (connection->secureLayer.connectionState
|
|
|
+ == connectionState_ESTABLISHED)
|
|
|
+ {
|
|
|
+
|
|
|
+ }
|
|
|
+ else //receiving message, without secure channel
|
|
|
+ {
|
|
|
+ //TODO send back Error Message
|
|
|
+ }
|
|
|
+ break;
|
|
|
+ case packetType_OPN:
|
|
|
+ //Server Handling
|
|
|
+ // if (openSecureChannelHeader_check(connection, secureChannelPacket))
|
|
|
+ // {
|
|
|
+ //check if the request is valid
|
|
|
+ // SL_openSecureChannelRequest_check(connection, secureChannelPacket);
|
|
|
+ // }
|
|
|
+ // else
|
|
|
+ // {
|
|
|
+ // //TODO send back Error Message
|
|
|
+ // }
|
|
|
+ //Client Handling
|
|
|
+
|
|
|
+ //TODO free memory for secureChannelPacket
|
|
|
+
|
|
|
+ break;
|
|
|
+ case packetType_CLO:
|
|
|
+
|
|
|
+
|
|
|
+ //TODO free memory for secureChannelPacket
|
|
|
+ break;
|
|
|
+ }
|
|
|
+
|
|
|
+ }
|
|
|
+ */
|
|
|
}
|
|
|
/*
|
|
|
* get the secure channel message header
|
|
|
*/
|
|
|
-Int32 decodeSCMHeader(UA_ByteString *rawMessage,Int32 *pos,
|
|
|
- SL_SecureConversationMessageHeader* SC_Header)
|
|
|
-{
|
|
|
+Int32 decodeSCMHeader(UA_ByteString *rawMessage, Int32 *pos,
|
|
|
+ SL_SecureConversationMessageHeader* SC_Header) {
|
|
|
UInt32 err;
|
|
|
printf("decodeSCMHeader - entered \n");
|
|
|
// LU: wild guess - reset pos, we want to reread the message type again
|
|
|
@@ -411,12 +357,10 @@ Int32 decodeSCMHeader(UA_ByteString *rawMessage,Int32 *pos,
|
|
|
return UA_NO_ERROR;
|
|
|
|
|
|
}
|
|
|
-Int32 encodeSCMHeader(SL_SecureConversationMessageHeader *SC_Header,
|
|
|
- Int32 *pos,AD_RawMessage *rawMessage)
|
|
|
-{
|
|
|
+Int32 encodeSCMHeader(SL_SecureConversationMessageHeader *SC_Header, Int32 *pos,
|
|
|
+ AD_RawMessage *rawMessage) {
|
|
|
const char *type = "ERR";
|
|
|
- switch(SC_Header->MessageType)
|
|
|
- {
|
|
|
+ switch (SC_Header->MessageType) {
|
|
|
case packetType_ACK:
|
|
|
type = "ACK";
|
|
|
break;
|
|
|
@@ -444,37 +388,40 @@ Int32 encodeSCMHeader(SL_SecureConversationMessageHeader *SC_Header,
|
|
|
return UA_NO_ERROR;
|
|
|
}
|
|
|
Int32 decodeSequenceHeader(UA_ByteString *rawMessage, Int32 *pos,
|
|
|
- SL_SequenceHeader *SequenceHeader)
|
|
|
-{
|
|
|
+ SL_SequenceHeader *SequenceHeader) {
|
|
|
decodeUInt32(rawMessage->Data, pos, &(SequenceHeader->RequestId));
|
|
|
decodeUInt32(rawMessage->Data, pos, &(SequenceHeader->SequenceNumber));
|
|
|
return UA_NO_ERROR;
|
|
|
}
|
|
|
-Int32 encodeSequenceHeader(SL_SequenceHeader *sequenceHeader,Int32 *pos,
|
|
|
- AD_RawMessage *dstRawMessage)
|
|
|
-{
|
|
|
- encodeUInt32(sequenceHeader->SequenceNumber,pos,&dstRawMessage->message[*pos]);
|
|
|
+Int32 encodeSequenceHeader(SL_SequenceHeader *sequenceHeader, Int32 *pos,
|
|
|
+ AD_RawMessage *dstRawMessage) {
|
|
|
+ encodeUInt32(sequenceHeader->SequenceNumber, pos,
|
|
|
+ &dstRawMessage->message[*pos]);
|
|
|
return UA_NO_ERROR;
|
|
|
}
|
|
|
/*
|
|
|
* get the asymmetric algorithm security header
|
|
|
*/
|
|
|
Int32 decodeAASHeader(UA_ByteString *rawMessage, Int32 *pos,
|
|
|
- SL_AsymmetricAlgorithmSecurityHeader* AAS_Header)
|
|
|
-{
|
|
|
+ SL_AsymmetricAlgorithmSecurityHeader* AAS_Header) {
|
|
|
Int32 err = 0;
|
|
|
- err += decodeUAByteString(rawMessage->Data,pos,&(AAS_Header->SecurityPolicyUri));
|
|
|
- err += decodeUAByteString(rawMessage->Data,pos,&(AAS_Header->SenderCertificate));
|
|
|
- err += decodeUAByteString(rawMessage->Data,pos,&(AAS_Header->ReceiverThumbprint));
|
|
|
+ err += decodeUAByteString(rawMessage->Data, pos,
|
|
|
+ &(AAS_Header->SecurityPolicyUri));
|
|
|
+ err += decodeUAByteString(rawMessage->Data, pos,
|
|
|
+ &(AAS_Header->SenderCertificate));
|
|
|
+ err += decodeUAByteString(rawMessage->Data, pos,
|
|
|
+ &(AAS_Header->ReceiverThumbprint));
|
|
|
return err;
|
|
|
}
|
|
|
|
|
|
Int32 encodeAASHeader(SL_AsymmetricAlgorithmSecurityHeader *AAS_Header,
|
|
|
- Int32 *pos, AD_RawMessage* dstRawMessage)
|
|
|
-{
|
|
|
- encodeUAString(AAS_Header->SecurityPolicyUri,pos,&dstRawMessage->message[*pos]);
|
|
|
- encodeUAString(AAS_Header->SenderCertificate,pos,&dstRawMessage->message[*pos]);
|
|
|
- encodeUAString(AAS_Header->ReceiverThumbprint,pos,&dstRawMessage->message[*pos]);
|
|
|
+ Int32 *pos, AD_RawMessage* dstRawMessage) {
|
|
|
+ encodeUAString(AAS_Header->SecurityPolicyUri, pos,
|
|
|
+ &dstRawMessage->message[*pos]);
|
|
|
+ encodeUAString(AAS_Header->SenderCertificate, pos,
|
|
|
+ &dstRawMessage->message[*pos]);
|
|
|
+ encodeUAString(AAS_Header->ReceiverThumbprint, pos,
|
|
|
+ &dstRawMessage->message[*pos]);
|
|
|
return UA_NO_ERROR;
|
|
|
}
|
|
|
|
FlorianPalm