/* This work is licensed under a Creative Commons CCZero 1.0 Universal License.
* See http://creativecommons.org/publicdomain/zero/1.0/ for more information.
*
* Copyright 2017-2018 (c) Mark Giraud, Fraunhofer IOSB
* Copyright 2017 (c) Stefan Profanter, fortiss GmbH
*/
#include "ua_types.h"
#include "ua_securitypolicies.h"
#include "ua_types_generated_handling.h"
static UA_StatusCode
verify_none(const UA_SecurityPolicy *securityPolicy,
void *channelContext,
const UA_ByteString *message,
const UA_ByteString *signature) {
return UA_STATUSCODE_GOOD;
}
static UA_StatusCode
sign_none(const UA_SecurityPolicy *securityPolicy,
void *channelContext,
const UA_ByteString *message,
UA_ByteString *signature) {
return UA_STATUSCODE_GOOD;
}
static size_t
length_none(const UA_SecurityPolicy *securityPolicy,
const void *channelContext) {
return 0;
}
static UA_StatusCode
encrypt_none(const UA_SecurityPolicy *securityPolicy,
void *channelContext,
UA_ByteString *data) {
return UA_STATUSCODE_GOOD;
}
static UA_StatusCode
decrypt_none(const UA_SecurityPolicy *securityPolicy,
void *channelContext,
UA_ByteString *data) {
return UA_STATUSCODE_GOOD;
}
static UA_StatusCode
makeThumbprint_none(const UA_SecurityPolicy *securityPolicy,
const UA_ByteString *certificate,
UA_ByteString *thumbprint) {
return UA_STATUSCODE_GOOD;
}
static UA_StatusCode
compareThumbprint_none(const UA_SecurityPolicy *securityPolicy,
const UA_ByteString *certificateThumbprint) {
return UA_STATUSCODE_GOOD;
}
static UA_StatusCode
generateKey_none(const UA_SecurityPolicy *securityPolicy,
const UA_ByteString *secret,
const UA_ByteString *seed,
UA_ByteString *out) {
return UA_STATUSCODE_GOOD;
}
/* Use the non-cryptographic RNG to set the nonce */
static UA_StatusCode
generateNonce_none(const UA_SecurityPolicy *securityPolicy, UA_ByteString *out) {
if(securityPolicy == NULL || out == NULL)
return UA_STATUSCODE_BADINTERNALERROR;
if(out->length == 0)
return UA_STATUSCODE_GOOD;
/* Fill blocks of four byte */
size_t i = 0;
while(i + 3 < out->length) {
UA_UInt32 rand = UA_UInt32_random();
memcpy(&out->data[i], &rand, 4);
i = i+4;
}
/* Fill the remaining byte */
UA_UInt32 rand = UA_UInt32_random();
memcpy(&out->data[i], &rand, out->length % 4);
return UA_STATUSCODE_GOOD;
}
static UA_StatusCode
newContext_none(const UA_SecurityPolicy *securityPolicy,
const UA_ByteString *remoteCertificate,
void **channelContext) {
return UA_STATUSCODE_GOOD;
}
static void
deleteContext_none(void *channelContext) {
}
static UA_StatusCode
setContextValue_none(void *channelContext,
const UA_ByteString *key) {
return UA_STATUSCODE_GOOD;
}
static UA_StatusCode
compareCertificate_none(const void *channelContext,
const UA_ByteString *certificate) {
return UA_STATUSCODE_GOOD;
}
static UA_StatusCode
updateCertificateAndPrivateKey_none(UA_SecurityPolicy *policy,
const UA_ByteString newCertificate,
const UA_ByteString newPrivateKey) {
UA_ByteString_deleteMembers(&policy->localCertificate);
UA_ByteString_copy(&newCertificate, &policy->localCertificate);
return UA_STATUSCODE_GOOD;
}
static void
policy_deletemembers_none(UA_SecurityPolicy *policy) {
UA_ByteString_deleteMembers(&policy->localCertificate);
}
UA_StatusCode
UA_SecurityPolicy_None(UA_SecurityPolicy *policy,
UA_CertificateVerification *certificateVerification,
const UA_ByteString localCertificate, const UA_Logger *logger) {
policy->policyContext = (void *)(uintptr_t)logger;
policy->policyUri = UA_STRING("http://opcfoundation.org/UA/SecurityPolicy#None");
policy->logger = logger;
UA_ByteString_copy(&localCertificate, &policy->localCertificate);
policy->certificateVerification = certificateVerification;
policy->symmetricModule.generateKey = generateKey_none;
policy->symmetricModule.generateNonce = generateNonce_none;
UA_SecurityPolicySignatureAlgorithm *sym_signatureAlgorithm =
&policy->symmetricModule.cryptoModule.signatureAlgorithm;
sym_signatureAlgorithm->uri = UA_STRING_NULL;
sym_signatureAlgorithm->verify = verify_none;
sym_signatureAlgorithm->sign = sign_none;
sym_signatureAlgorithm->getLocalSignatureSize = length_none;
sym_signatureAlgorithm->getRemoteSignatureSize = length_none;
sym_signatureAlgorithm->getLocalKeyLength = length_none;
sym_signatureAlgorithm->getRemoteKeyLength = length_none;
UA_SecurityPolicyEncryptionAlgorithm *sym_encryptionAlgorithm =
&policy->symmetricModule.cryptoModule.encryptionAlgorithm;
sym_encryptionAlgorithm->encrypt = encrypt_none;
sym_encryptionAlgorithm->decrypt = decrypt_none;
sym_encryptionAlgorithm->getLocalKeyLength = length_none;
sym_encryptionAlgorithm->getRemoteKeyLength = length_none;
sym_encryptionAlgorithm->getLocalBlockSize = length_none;
sym_encryptionAlgorithm->getRemoteBlockSize = length_none;
sym_encryptionAlgorithm->getLocalPlainTextBlockSize = length_none;
sym_encryptionAlgorithm->getRemotePlainTextBlockSize = length_none;
policy->symmetricModule.secureChannelNonceLength = 0;
policy->asymmetricModule.makeCertificateThumbprint = makeThumbprint_none;
policy->asymmetricModule.compareCertificateThumbprint = compareThumbprint_none;
// This only works for none since symmetric and asymmetric crypto modules do the same i.e. nothing
policy->asymmetricModule.cryptoModule = policy->symmetricModule.cryptoModule;
// Use the same signing algorithm as for asymmetric signing
policy->certificateSigningAlgorithm = policy->asymmetricModule.cryptoModule.signatureAlgorithm;
policy->channelModule.newContext = newContext_none;
policy->channelModule.deleteContext = deleteContext_none;
policy->channelModule.setLocalSymEncryptingKey = setContextValue_none;
policy->channelModule.setLocalSymSigningKey = setContextValue_none;
policy->channelModule.setLocalSymIv = setContextValue_none;
policy->channelModule.setRemoteSymEncryptingKey = setContextValue_none;
policy->channelModule.setRemoteSymSigningKey = setContextValue_none;
policy->channelModule.setRemoteSymIv = setContextValue_none;
policy->channelModule.compareCertificate = compareCertificate_none;
policy->updateCertificateAndPrivateKey = updateCertificateAndPrivateKey_none;
policy->deleteMembers = policy_deletemembers_none;
return UA_STATUSCODE_GOOD;
}