Startsida Utforska Hjälp
Logga in
opc-ua
/
open62541
Bevaka 2
Stjärnmärk 0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: 5d72fb8462
Grenar Taggar
open62541
/
plugins
/
ua_securitypolicy_basic256sha256.c

ua_securitypolicy_basic256sha256.c 44 KB
Historik

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045 
  1. /* This Source Code Form is subject to the terms of the Mozilla Public
    2. 

  2.  * License, v. 2.0. If a copy of the MPL was not distributed with this
    3. 

  3.  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
    4. 

  4.  *
    5. 

  5.  *    Copyright 2018 (c) Mark Giraud, Fraunhofer IOSB
    6. 

  6.  *    Copyright 2018 (c) Daniel Feist, Precitec GmbH & Co. KG
    7. 

  7.  */
    8. 

  8. 

  9. #include <mbedtls/aes.h>
    10. 

  10. #include <mbedtls/md.h>
    11. 

  11. #include <mbedtls/sha256.h>
    12. 

  12. #include <mbedtls/x509_crt.h>
    13. 

  13. #include <mbedtls/ctr_drbg.h>
    14. 

  14. #include <mbedtls/entropy.h>
    15. 

  15. #include <mbedtls/entropy_poll.h>
    16. 

  16. #include <mbedtls/error.h>
    17. 

  17. #include <mbedtls/version.h>
    18. 

  18. #include <mbedtls/sha1.h>
    19. 

  19. 

  20. #include "ua_types.h"
    21. 

  21. #include "ua_plugin_pki.h"
    22. 

  22. #include "ua_securitypolicies.h"
    23. 

  23. #include "ua_types_generated_handling.h"
    24. 

  24. 

  25. /* Notes:
    26. 

  26.  * mbedTLS' AES allows in-place encryption and decryption. Sow we don't have to
    27. 

  27.  * allocate temp buffers.
    28. 

  28.  * https://tls.mbed.org/discussions/generic/in-place-decryption-with-aes256-same-input-output-buffer
    29. 

  29.  */
    30. 

  30. 

  31. #define UA_SECURITYPOLICY_BASIC256SHA256_RSAPADDING_LEN 42
    32. 

  32. #define UA_SHA1_LENGTH 20
    33. 

  33. #define UA_SHA256_LENGTH 32
    34. 

  34. #define UA_BASIC256SHA256_SYM_SIGNING_KEY_LENGTH 32
    35. 

  35. #define UA_SECURITYPOLICY_BASIC256SHA256_SYM_KEY_LENGTH 32
    36. 

  36. #define UA_SECURITYPOLICY_BASIC256SHA256_SYM_ENCRYPTION_BLOCK_SIZE 16
    37. 

  37. #define UA_SECURITYPOLICY_BASIC256SHA256_SYM_PLAIN_TEXT_BLOCK_SIZE 16
    38. 

  38. #define UA_SECURITYPOLICY_BASIC256SHA256_MINASYMKEYLENGTH 256
    39. 

  39. #define UA_SECURITYPOLICY_BASIC256SHA256_MAXASYMKEYLENGTH 512
    40. 

  40. 

  41. #define UA_LOG_MBEDERR                                                  \
    42. 

  42.     char errBuff[300];                                                  \
    43. 

  43.     mbedtls_strerror(mbedErr, errBuff, 300);                            \
    44. 

  44.     UA_LOG_WARNING(securityPolicy->logger, UA_LOGCATEGORY_SECURITYPOLICY, \
    45. 

  45.                    "mbedTLS returned an error: %s", errBuff);           \
    46. 

  46. 

  47. #define UA_MBEDTLS_ERRORHANDLING(errorcode)                             \
    48. 

  48.     if(mbedErr) {                                                       \
    49. 

  49.         UA_LOG_MBEDERR                                                  \
    50. 

  50.         retval = errorcode;                                             \
    51. 

  51.     }
    52. 

  52. 

  53. #define UA_MBEDTLS_ERRORHANDLING_RETURN(errorcode)                      \
    54. 

  54.     if(mbedErr) {                                                       \
    55. 

  55.         UA_LOG_MBEDERR                                                  \
    56. 

  56.         return errorcode;                                               \
    57. 

  57.     }
    58. 

  58. 

  59. typedef struct {
    60. 

  60.     const UA_SecurityPolicy *securityPolicy;
    61. 

  61.     UA_ByteString localCertThumbprint;
    62. 

  62. 

  63.     mbedtls_ctr_drbg_context drbgContext;
    64. 

  64.     mbedtls_entropy_context entropyContext;
    65. 

  65.     mbedtls_md_context_t sha256MdContext;
    66. 

  66.     mbedtls_pk_context localPrivateKey;
    67. 

  67. } Basic256Sha256_PolicyContext;
    68. 

  68. 

  69. typedef struct {
    70. 

  70.     Basic256Sha256_PolicyContext *policyContext;
    71. 

  71. 

  72.     UA_ByteString localSymSigningKey;
    73. 

  73.     UA_ByteString localSymEncryptingKey;
    74. 

  74.     UA_ByteString localSymIv;
    75. 

  75. 

  76.     UA_ByteString remoteSymSigningKey;
    77. 

  77.     UA_ByteString remoteSymEncryptingKey;
    78. 

  78.     UA_ByteString remoteSymIv;
    79. 

  79. 

  80.     mbedtls_x509_crt remoteCertificate;
    81. 

  81. } Basic256Sha256_ChannelContext;
    82. 

  82. 

  83. /********************/
    84. 

  84. /* AsymmetricModule */
    85. 

  85. /********************/
    86. 

  86. 

  87. /* VERIFY AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256 */
    88. 

  88. static UA_StatusCode
    89. 

  89. asym_verify_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    90. 

  90.                               Basic256Sha256_ChannelContext *cc,
    91. 

  91.                               const UA_ByteString *message,
    92. 

  92.                               const UA_ByteString *signature) {
    93. 

  93.     if(securityPolicy == NULL || message == NULL || signature == NULL || cc == NULL)
    94. 

  94.         return UA_STATUSCODE_BADINTERNALERROR;
    95. 

  95. 

  96.     unsigned char hash[UA_SHA256_LENGTH];
    97. 

  97. #if MBEDTLS_VERSION_NUMBER >= 0x02070000
    98. 

  98.     // TODO check return status
    99. 

  99.     mbedtls_sha256_ret(message->data, message->length, hash, 0);
    100. 

  100. #else
    101. 

  101.     mbedtls_sha256(message->data, message->length, hash, 0);
    102. 

  102. #endif
    103. 

  103. 

  104.     /* Set the RSA settings */
    105. 

  105.     mbedtls_rsa_context *rsaContext = mbedtls_pk_rsa(cc->remoteCertificate.pk);
    106. 

  106.     mbedtls_rsa_set_padding(rsaContext, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256);
    107. 

  107. 

  108.     /* For RSA keys, the default padding type is PKCS#1 v1.5 in mbedtls_pk_verify() */
    109. 

  109.     /* Alternatively, use more specific function mbedtls_rsa_rsassa_pkcs1_v15_verify(), i.e. */
    110. 

  110.     /* int mbedErr = mbedtls_rsa_rsassa_pkcs1_v15_verify(rsaContext, NULL, NULL,
    111. 

  111.                                                          MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256,
    112. 

  112.                                                          UA_SHA256_LENGTH, hash,
    113. 

  113.                                                          signature->data); */
    114. 

  114. 

  115.     int mbedErr = mbedtls_pk_verify(&cc->remoteCertificate.pk,
    116. 

  116.                                     MBEDTLS_MD_SHA256, hash, UA_SHA256_LENGTH,
    117. 

  117.                                     signature->data, signature->length);
    118. 

  118. 

  119.     UA_MBEDTLS_ERRORHANDLING_RETURN(UA_STATUSCODE_BADSECURITYCHECKSFAILED);
    120. 

  120.     return UA_STATUSCODE_GOOD;
    121. 

  121. }
    122. 

  122. 

  123. /* AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256 */
    124. 

  124. static UA_StatusCode
    125. 

  125. asym_sign_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    126. 

  126.                             Basic256Sha256_ChannelContext *cc,
    127. 

  127.                             const UA_ByteString *message,
    128. 

  128.                             UA_ByteString *signature) {
    129. 

  129.     if(securityPolicy == NULL || message == NULL || signature == NULL || cc == NULL)
    130. 

  130.         return UA_STATUSCODE_BADINTERNALERROR;
    131. 

  131. 

  132.     unsigned char hash[UA_SHA256_LENGTH];
    133. 

  133. #if MBEDTLS_VERSION_NUMBER >= 0x02070000
    134. 

  134.     // TODO check return status
    135. 

  135.     mbedtls_sha256_ret(message->data, message->length, hash, 0);
    136. 

  136. #else
    137. 

  137.     mbedtls_sha256(message->data, message->length, hash, 0);
    138. 

  138. #endif
    139. 

  139. 

  140.     Basic256Sha256_PolicyContext *pc = cc->policyContext;
    141. 

  141.     mbedtls_rsa_context *rsaContext = mbedtls_pk_rsa(pc->localPrivateKey);
    142. 

  142.     mbedtls_rsa_set_padding(rsaContext, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256);
    143. 

  143. 

  144.     size_t sigLen = 0;
    145. 

  145. 

  146.     /* For RSA keys, the default padding type is PKCS#1 v1.5 in mbedtls_pk_sign */
    147. 

  147.     /* Alternatively use more specific function mbedtls_rsa_rsassa_pkcs1_v15_sign() */
    148. 

  148.     int mbedErr = mbedtls_pk_sign(&pc->localPrivateKey,
    149. 

  149.                                   MBEDTLS_MD_SHA256, hash,
    150. 

  150.                                   UA_SHA256_LENGTH, signature->data,
    151. 

  151.                                   &sigLen, mbedtls_ctr_drbg_random,
    152. 

  152.                                   &pc->drbgContext);
    153. 

  153.     UA_MBEDTLS_ERRORHANDLING_RETURN(UA_STATUSCODE_BADINTERNALERROR);
    154. 

  154.     return UA_STATUSCODE_GOOD;
    155. 

  155. }
    156. 

  156. 

  157. static size_t
    158. 

  158. asym_getLocalSignatureSize_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    159. 

  159.                                              const Basic256Sha256_ChannelContext *cc) {
    160. 

  160.     if(securityPolicy == NULL || cc == NULL)
    161. 

  161.         return 0;
    162. 

  162. 

  163.     return mbedtls_pk_rsa(cc->policyContext->localPrivateKey)->len;
    164. 

  164. }
    165. 

  165. 

  166. static size_t
    167. 

  167. asym_getRemoteSignatureSize_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    168. 

  168.                                               const Basic256Sha256_ChannelContext *cc) {
    169. 

  169.     if(securityPolicy == NULL || cc == NULL)
    170. 

  170.         return 0;
    171. 

  171. 

  172.     return mbedtls_pk_rsa(cc->remoteCertificate.pk)->len;
    173. 

  173. }
    174. 

  174. 

  175. /* AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1 */
    176. 

  176. static UA_StatusCode
    177. 

  177. asym_encrypt_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    178. 

  178.                                Basic256Sha256_ChannelContext *cc,
    179. 

  179.                                UA_ByteString *data) {
    180. 

  180.     if(securityPolicy == NULL || cc == NULL || data == NULL)
    181. 

  181.         return UA_STATUSCODE_BADINTERNALERROR;
    182. 

  182. 

  183.     const size_t plainTextBlockSize = securityPolicy->asymmetricModule.cryptoModule.encryptionAlgorithm.
    184. 

  184.         getRemotePlainTextBlockSize(securityPolicy, cc);
    185. 

  185. 

  186.     if(data->length % plainTextBlockSize != 0)
    187. 

  187.         return UA_STATUSCODE_BADINTERNALERROR;
    188. 

  188. 

  189.     mbedtls_rsa_context *remoteRsaContext = mbedtls_pk_rsa(cc->remoteCertificate.pk);
    190. 

  190.     mbedtls_rsa_set_padding(remoteRsaContext, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA1);
    191. 

  191. 

  192.     UA_ByteString encrypted;
    193. 

  193.     const size_t bufferOverhead =
    194. 

  194.         UA_SecurityPolicy_getRemoteAsymEncryptionBufferLengthOverhead(securityPolicy, cc, data->length);
    195. 

  195.     UA_StatusCode retval = UA_ByteString_allocBuffer(&encrypted, data->length + bufferOverhead);
    196. 

  196.     if(retval != UA_STATUSCODE_GOOD)
    197. 

  197.         return retval;
    198. 

  198. 

  199.     size_t lenDataToEncrypt = data->length;
    200. 

  200.     size_t inOffset = 0;
    201. 

  201.     size_t offset = 0;
    202. 

  202.     const unsigned char *label = NULL;
    203. 

  203.     Basic256Sha256_PolicyContext *pc = cc->policyContext;
    204. 

  204.     while(lenDataToEncrypt >= plainTextBlockSize) {
    205. 

  205.         int mbedErr = mbedtls_rsa_rsaes_oaep_encrypt(remoteRsaContext, mbedtls_ctr_drbg_random,
    206. 

  206.                                                      &pc->drbgContext, MBEDTLS_RSA_PUBLIC,
    207. 

  207.                                                      label, 0, plainTextBlockSize,
    208. 

  208.                                                      data->data + inOffset, encrypted.data + offset);
    209. 

  209. 

  210.         UA_MBEDTLS_ERRORHANDLING(UA_STATUSCODE_BADINTERNALERROR);
    211. 

  211.         if(retval != UA_STATUSCODE_GOOD) {
    212. 

  212.             UA_ByteString_deleteMembers(&encrypted);
    213. 

  213.             return retval;
    214. 

  214.         }
    215. 

  215. 

  216.         inOffset += plainTextBlockSize;
    217. 

  217.         offset += remoteRsaContext->len;
    218. 

  218.         lenDataToEncrypt -= plainTextBlockSize;
    219. 

  219.     }
    220. 

  220. 

  221.     memcpy(data->data, encrypted.data, offset);
    222. 

  222.     UA_ByteString_deleteMembers(&encrypted);
    223. 

  223. 

  224.     return UA_STATUSCODE_GOOD;
    225. 

  225. }
    226. 

  226. 

  227. /* AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1 */
    228. 

  228. static UA_StatusCode
    229. 

  229. asym_decrypt_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    230. 

  230.                                Basic256Sha256_ChannelContext *cc,
    231. 

  231.                                UA_ByteString *data) {
    232. 

  232.     if(securityPolicy == NULL || cc == NULL || data == NULL)
    233. 

  233.         return UA_STATUSCODE_BADINTERNALERROR;
    234. 

  234. 

  235.     mbedtls_rsa_context *rsaContext =
    236. 

  236.         mbedtls_pk_rsa(cc->policyContext->localPrivateKey);
    237. 

  237. 

  238.     mbedtls_rsa_set_padding(rsaContext, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA1);
    239. 

  239. 

  240.     if(data->length % rsaContext->len != 0)
    241. 

  241.         return UA_STATUSCODE_BADINTERNALERROR;
    242. 

  242. 

  243.     UA_ByteString decrypted;
    244. 

  244.     UA_StatusCode retval = UA_ByteString_allocBuffer(&decrypted, data->length);
    245. 

  245.     if(retval != UA_STATUSCODE_GOOD)
    246. 

  246.         return retval;
    247. 

  247. 

  248.     size_t lenDataToDecrypt = data->length;
    249. 

  249.     size_t inOffset = 0;
    250. 

  250.     size_t offset = 0;
    251. 

  251.     size_t outLength = 0;
    252. 

  252.     const unsigned char *label = NULL;
    253. 

  253.     Basic256Sha256_PolicyContext *pc = cc->policyContext;
    254. 

  254. 

  255.     while(lenDataToDecrypt >= rsaContext->len) {
    256. 

  256.         int mbedErr = mbedtls_rsa_rsaes_oaep_decrypt(rsaContext, mbedtls_ctr_drbg_random,
    257. 

  257.                                                      &pc->drbgContext, MBEDTLS_RSA_PRIVATE,
    258. 

  258.                                                      label, 0, &outLength,
    259. 

  259.                                                      data->data + inOffset,
    260. 

  260.                                                      decrypted.data + offset,
    261. 

  261.                                                      decrypted.length - offset);
    262. 

  262.         if(mbedErr)
    263. 

  263.             UA_ByteString_deleteMembers(&decrypted); // TODO: Maybe change error macro to jump to cleanup?
    264. 

  264.         UA_MBEDTLS_ERRORHANDLING_RETURN(UA_STATUSCODE_BADSECURITYCHECKSFAILED);
    265. 

  265. 

  266.         inOffset += rsaContext->len;
    267. 

  267.         offset += outLength;
    268. 

  268.         lenDataToDecrypt -= rsaContext->len;
    269. 

  269.     }
    270. 

  270. 

  271.     if(lenDataToDecrypt == 0) {
    272. 

  272.         memcpy(data->data, decrypted.data, offset);
    273. 

  273.         data->length = offset;
    274. 

  274.     } else {
    275. 

  275.         retval = UA_STATUSCODE_BADINTERNALERROR;
    276. 

  276.     }
    277. 

  277. 

  278.     UA_ByteString_deleteMembers(&decrypted);
    279. 

  279.     return retval;
    280. 

  280. }
    281. 

  281. 

  282. static size_t
    283. 

  283. asym_getRemoteEncryptionKeyLength_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    284. 

  284.                                                     const Basic256Sha256_ChannelContext *cc) {
    285. 

  285.     return mbedtls_pk_get_len(&cc->remoteCertificate.pk) * 8;
    286. 

  286. }
    287. 

  287. 

  288. static size_t
    289. 

  289. asym_getRemoteBlockSize_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    290. 

  290.                                           const Basic256Sha256_ChannelContext *cc) {
    291. 

  291.     mbedtls_rsa_context *const rsaContext = mbedtls_pk_rsa(cc->remoteCertificate.pk);
    292. 

  292.     return rsaContext->len;
    293. 

  293. }
    294. 

  294. 

  295. static size_t
    296. 

  296. asym_getRemotePlainTextBlockSize_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    297. 

  297.                                                    const Basic256Sha256_ChannelContext *cc) {
    298. 

  298.     mbedtls_rsa_context *const rsaContext = mbedtls_pk_rsa(cc->remoteCertificate.pk);
    299. 

  299.     return rsaContext->len - UA_SECURITYPOLICY_BASIC256SHA256_RSAPADDING_LEN;
    300. 

  300. }
    301. 

  301. 

  302. static UA_StatusCode
    303. 

  303. asym_makeThumbprint_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    304. 

  304.                                       const UA_ByteString *certificate,
    305. 

  305.                                       UA_ByteString *thumbprint) {
    306. 

  306.     if(securityPolicy == NULL || certificate == NULL || thumbprint == NULL)
    307. 

  307.         return UA_STATUSCODE_BADINTERNALERROR;
    308. 

  308. 

  309.     if(UA_ByteString_equal(certificate, &UA_BYTESTRING_NULL))
    310. 

  310.         return UA_STATUSCODE_BADINTERNALERROR;
    311. 

  311. 

  312.     if(thumbprint->length != UA_SHA1_LENGTH)
    313. 

  313.         return UA_STATUSCODE_BADINTERNALERROR;
    314. 

  314. 

  315.     /* The certificate thumbprint is always a 20 bit sha1 hash, see Part 4 of the Specification. */
    316. 

  316. #if MBEDTLS_VERSION_NUMBER >= 0x02070000
    317. 

  317.     mbedtls_sha1_ret(certificate->data, certificate->length, thumbprint->data);
    318. 

  318. #else
    319. 

  319.     mbedtls_sha1(certificate->data, certificate->length, thumbprint->data);
    320. 

  320. #endif
    321. 

  321.     return UA_STATUSCODE_GOOD;
    322. 

  322. }
    323. 

  323. 

  324. static UA_StatusCode
    325. 

  325. asymmetricModule_compareCertificateThumbprint_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    326. 

  326.                                                                 const UA_ByteString *certificateThumbprint) {
    327. 

  327.     if(securityPolicy == NULL || certificateThumbprint == NULL)
    328. 

  328.         return UA_STATUSCODE_BADINTERNALERROR;
    329. 

  329. 

  330.     Basic256Sha256_PolicyContext *pc = (Basic256Sha256_PolicyContext *)securityPolicy->policyContext;
    331. 

  331.     if(!UA_ByteString_equal(certificateThumbprint, &pc->localCertThumbprint))
    332. 

  332.         return UA_STATUSCODE_BADCERTIFICATEINVALID;
    333. 

  333. 

  334.     return UA_STATUSCODE_GOOD;
    335. 

  335. }
    336. 

  336. 

  337. /*******************/
    338. 

  338. /* SymmetricModule */
    339. 

  339. /*******************/
    340. 

  340. 

  341. static void
    342. 

  342. md_hmac_Basic256Sha256(mbedtls_md_context_t *context, const UA_ByteString *key,
    343. 

  343.                        const UA_ByteString *in, unsigned char out[32]) {
    344. 

  344.     mbedtls_md_hmac_starts(context, key->data, key->length);
    345. 

  345.     mbedtls_md_hmac_update(context, in->data, in->length);
    346. 

  346.     mbedtls_md_hmac_finish(context, out);
    347. 

  347. }
    348. 

  348. 

  349. static UA_StatusCode
    350. 

  350. sym_verify_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    351. 

  351.                              Basic256Sha256_ChannelContext *cc,
    352. 

  352.                              const UA_ByteString *message,
    353. 

  353.                              const UA_ByteString *signature) {
    354. 

  354.     if(securityPolicy == NULL || cc == NULL || message == NULL || signature == NULL)
    355. 

  355.         return UA_STATUSCODE_BADINTERNALERROR;
    356. 

  356. 

  357.     /* Compute MAC */
    358. 

  358.     if(signature->length != UA_SHA256_LENGTH) {
    359. 

  359.         UA_LOG_ERROR(securityPolicy->logger, UA_LOGCATEGORY_SECURITYPOLICY,
    360. 

  360.                      "Signature size does not have the desired size defined by the security policy");
    361. 

  361.         return UA_STATUSCODE_BADSECURITYCHECKSFAILED;
    362. 

  362.     }
    363. 

  363. 

  364.     Basic256Sha256_PolicyContext *pc =
    365. 

  365.         (Basic256Sha256_PolicyContext *)securityPolicy->policyContext;
    366. 

  366. 

  367.     unsigned char mac[UA_SHA256_LENGTH];
    368. 

  368.     md_hmac_Basic256Sha256(&pc->sha256MdContext, &cc->remoteSymSigningKey, message, mac);
    369. 

  369. 

  370.     /* Compare with Signature */
    371. 

  371.     if(memcmp(signature->data, mac, UA_SHA256_LENGTH) != 0)
    372. 

  372.         return UA_STATUSCODE_BADSECURITYCHECKSFAILED;
    373. 

  373.     return UA_STATUSCODE_GOOD;
    374. 

  374. }
    375. 

  375. 

  376. static UA_StatusCode
    377. 

  377. sym_sign_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    378. 

  378.                            const Basic256Sha256_ChannelContext *cc,
    379. 

  379.                            const UA_ByteString *message,
    380. 

  380.                            UA_ByteString *signature) {
    381. 

  381.     if(signature->length != UA_SHA256_LENGTH)
    382. 

  382.         return UA_STATUSCODE_BADINTERNALERROR;
    383. 

  383. 

  384.     md_hmac_Basic256Sha256(&cc->policyContext->sha256MdContext, &cc->localSymSigningKey,
    385. 

  385.                            message, signature->data);
    386. 

  386.     return UA_STATUSCODE_GOOD;
    387. 

  387. }
    388. 

  388. 

  389. static size_t
    390. 

  390. sym_getSignatureSize_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    391. 

  391.                                        const void *channelContext) {
    392. 

  392.     return UA_SHA256_LENGTH;
    393. 

  393. }
    394. 

  394. 

  395. static size_t
    396. 

  396. sym_getSigningKeyLength_sp_basic256sha256(const UA_SecurityPolicy *const securityPolicy,
    397. 

  397.                                           const void *const channelContext) {
    398. 

  398.     return UA_BASIC256SHA256_SYM_SIGNING_KEY_LENGTH;
    399. 

  399. }
    400. 

  400. 

  401. static size_t
    402. 

  402. sym_getEncryptionKeyLength_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    403. 

  403.                                              const void *channelContext) {
    404. 

  404.     return UA_SECURITYPOLICY_BASIC256SHA256_SYM_KEY_LENGTH;
    405. 

  405. }
    406. 

  406. 

  407. static size_t
    408. 

  408. sym_getEncryptionBlockSize_sp_basic256sha256(const UA_SecurityPolicy *const securityPolicy,
    409. 

  409.                                              const void *const channelContext) {
    410. 

  410.     return UA_SECURITYPOLICY_BASIC256SHA256_SYM_ENCRYPTION_BLOCK_SIZE;
    411. 

  411. }
    412. 

  412. 

  413. static size_t
    414. 

  414. sym_getPlainTextBlockSize_sp_basic256sha256(const UA_SecurityPolicy *const securityPolicy,
    415. 

  415.                                             const void *const channelContext) {
    416. 

  416.     return UA_SECURITYPOLICY_BASIC256SHA256_SYM_PLAIN_TEXT_BLOCK_SIZE;
    417. 

  417. }
    418. 

  418. 

  419. static UA_StatusCode
    420. 

  420. sym_encrypt_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    421. 

  421.                               const Basic256Sha256_ChannelContext *cc,
    422. 

  422.                               UA_ByteString *data) {
    423. 

  423.     if(securityPolicy == NULL || cc == NULL || data == NULL)
    424. 

  424.         return UA_STATUSCODE_BADINTERNALERROR;
    425. 

  425. 

  426.     if(cc->localSymIv.length !=
    427. 

  427.        securityPolicy->symmetricModule.cryptoModule.encryptionAlgorithm.getLocalBlockSize(securityPolicy, cc))
    428. 

  428.         return UA_STATUSCODE_BADINTERNALERROR;
    429. 

  429. 

  430.     size_t plainTextBlockSize =
    431. 

  431.         securityPolicy->symmetricModule.cryptoModule.encryptionAlgorithm.getLocalPlainTextBlockSize(securityPolicy, cc);
    432. 

  432. 

  433.     if(data->length % plainTextBlockSize != 0) {
    434. 

  434.         UA_LOG_ERROR(securityPolicy->logger, UA_LOGCATEGORY_SECURITYPOLICY,
    435. 

  435.                      "Length of data to encrypt is not a multiple of the plain text block size."
    436. 

  436.                          "Padding might not have been calculated appropriately.");
    437. 

  437.         return UA_STATUSCODE_BADINTERNALERROR;
    438. 

  438.     }
    439. 

  439. 

  440.     /* Keylength in bits */
    441. 

  441.     unsigned int keylength = (unsigned int)(cc->localSymEncryptingKey.length * 8);
    442. 

  442.     mbedtls_aes_context aesContext;
    443. 

  443.     int mbedErr = mbedtls_aes_setkey_enc(&aesContext, cc->localSymEncryptingKey.data, keylength);
    444. 

  444.     UA_MBEDTLS_ERRORHANDLING_RETURN(UA_STATUSCODE_BADINTERNALERROR);
    445. 

  445. 

  446.     UA_ByteString ivCopy;
    447. 

  447.     UA_StatusCode retval = UA_ByteString_copy(&cc->localSymIv, &ivCopy);
    448. 

  448.     if(retval != UA_STATUSCODE_GOOD)
    449. 

  449.         return retval;
    450. 

  450. 

  451.     mbedErr = mbedtls_aes_crypt_cbc(&aesContext, MBEDTLS_AES_ENCRYPT, data->length,
    452. 

  452.                                     ivCopy.data, data->data, data->data);
    453. 

  453.     UA_MBEDTLS_ERRORHANDLING(UA_STATUSCODE_BADINTERNALERROR);
    454. 

  454.     UA_ByteString_deleteMembers(&ivCopy);
    455. 

  455.     return retval;
    456. 

  456. }
    457. 

  457. 

  458. static UA_StatusCode
    459. 

  459. sym_decrypt_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    460. 

  460.                               const Basic256Sha256_ChannelContext *cc,
    461. 

  461.                               UA_ByteString *data) {
    462. 

  462.     if(securityPolicy == NULL || cc == NULL || data == NULL)
    463. 

  463.         return UA_STATUSCODE_BADINTERNALERROR;
    464. 

  464. 

  465.     size_t encryptionBlockSize =
    466. 

  466.         securityPolicy->symmetricModule.cryptoModule.encryptionAlgorithm.getLocalBlockSize(securityPolicy, cc);
    467. 

  467. 

  468.     if(cc->remoteSymIv.length != encryptionBlockSize)
    469. 

  469.         return UA_STATUSCODE_BADINTERNALERROR;
    470. 

  470. 

  471.     if(data->length % encryptionBlockSize != 0) {
    472. 

  472.         UA_LOG_ERROR(securityPolicy->logger, UA_LOGCATEGORY_SECURITYPOLICY,
    473. 

  473.                      "Length of data to decrypt is not a multiple of the encryptingBlock size.");
    474. 

  474.         return UA_STATUSCODE_BADINTERNALERROR;
    475. 

  475.     }
    476. 

  476. 

  477.     unsigned int keylength = (unsigned int)(cc->remoteSymEncryptingKey.length * 8);
    478. 

  478.     mbedtls_aes_context aesContext;
    479. 

  479.     int mbedErr = mbedtls_aes_setkey_dec(&aesContext, cc->remoteSymEncryptingKey.data, keylength);
    480. 

  480.     UA_MBEDTLS_ERRORHANDLING_RETURN(UA_STATUSCODE_BADINTERNALERROR);
    481. 

  481. 

  482.     UA_ByteString ivCopy;
    483. 

  483.     UA_StatusCode retval = UA_ByteString_copy(&cc->remoteSymIv, &ivCopy);
    484. 

  484.     if(retval != UA_STATUSCODE_GOOD)
    485. 

  485.         return retval;
    486. 

  486. 

  487.     mbedErr = mbedtls_aes_crypt_cbc(&aesContext, MBEDTLS_AES_DECRYPT, data->length,
    488. 

  488.                                     ivCopy.data, data->data, data->data);
    489. 

  489.     UA_MBEDTLS_ERRORHANDLING(UA_STATUSCODE_BADINTERNALERROR);
    490. 

  490.     UA_ByteString_deleteMembers(&ivCopy);
    491. 

  491.     return retval;
    492. 

  492. }
    493. 

  493. 

  494. static void
    495. 

  495. swapBuffers_Basic256Sha256(UA_ByteString *const bufA, UA_ByteString *const bufB) {
    496. 

  496.     UA_ByteString tmp = *bufA;
    497. 

  497.     *bufA = *bufB;
    498. 

  498.     *bufB = tmp;
    499. 

  499. }
    500. 

  500. 

  501. static UA_StatusCode
    502. 

  502. sym_generateKey_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    503. 

  503.                                   const UA_ByteString *secret, const UA_ByteString *seed,
    504. 

  504.                                   UA_ByteString *out) {
    505. 

  505.     if(securityPolicy == NULL || secret == NULL || seed == NULL || out == NULL)
    506. 

  506.         return UA_STATUSCODE_BADINTERNALERROR;
    507. 

  507. 

  508.     Basic256Sha256_PolicyContext *pc =
    509. 

  509.         (Basic256Sha256_PolicyContext *)securityPolicy->policyContext;
    510. 

  510. 

  511.     size_t hashLen = 0;
    512. 

  512.     const mbedtls_md_info_t *mdInfo = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
    513. 

  513.     hashLen = (size_t)mbedtls_md_get_size(mdInfo);
    514. 

  514. 

  515.     UA_ByteString A_and_seed;
    516. 

  516.     UA_ByteString_allocBuffer(&A_and_seed, hashLen + seed->length);
    517. 

  517.     memcpy(A_and_seed.data + hashLen, seed->data, seed->length);
    518. 

  518. 

  519.     UA_ByteString ANext_and_seed;
    520. 

  520.     UA_ByteString_allocBuffer(&ANext_and_seed, hashLen + seed->length);
    521. 

  521.     memcpy(ANext_and_seed.data + hashLen, seed->data, seed->length);
    522. 

  522. 

  523.     UA_ByteString A = {
    524. 

  524.         hashLen,
    525. 

  525.         A_and_seed.data
    526. 

  526.     };
    527. 

  527. 

  528.     UA_ByteString ANext = {
    529. 

  529.         hashLen,
    530. 

  530.         ANext_and_seed.data
    531. 

  531.     };
    532. 

  532. 

  533.     md_hmac_Basic256Sha256(&pc->sha256MdContext, secret, seed, A.data);
    534. 

  534. 

  535.     UA_StatusCode retval = 0;
    536. 

  536.     for(size_t offset = 0; offset < out->length; offset += hashLen) {
    537. 

  537.         UA_ByteString outSegment = {
    538. 

  538.             hashLen,
    539. 

  539.             out->data + offset
    540. 

  540.         };
    541. 

  541.         UA_Boolean bufferAllocated = UA_FALSE;
    542. 

  542.         // Not enough room in out buffer to write the hash.
    543. 

  543.         if(offset + hashLen > out->length) {
    544. 

  544.             outSegment.data = NULL;
    545. 

  545.             outSegment.length = 0;
    546. 

  546.             retval = UA_ByteString_allocBuffer(&outSegment, hashLen);
    547. 

  547.             if(retval != UA_STATUSCODE_GOOD) {
    548. 

  548.                 UA_ByteString_deleteMembers(&A_and_seed);
    549. 

  549.                 UA_ByteString_deleteMembers(&ANext_and_seed);
    550. 

  550.                 return retval;
    551. 

  551.             }
    552. 

  552.             bufferAllocated = UA_TRUE;
    553. 

  553.         }
    554. 

  554. 

  555.         md_hmac_Basic256Sha256(&pc->sha256MdContext, secret, &A_and_seed, outSegment.data);
    556. 

  556.         md_hmac_Basic256Sha256(&pc->sha256MdContext, secret, &A, ANext.data);
    557. 

  557. 

  558.         if(retval != UA_STATUSCODE_GOOD) {
    559. 

  559.             if(bufferAllocated)
    560. 

  560.                 UA_ByteString_deleteMembers(&outSegment);
    561. 

  561.             UA_ByteString_deleteMembers(&A_and_seed);
    562. 

  562.             UA_ByteString_deleteMembers(&ANext_and_seed);
    563. 

  563.             return retval;
    564. 

  564.         }
    565. 

  565. 

  566.         if(bufferAllocated) {
    567. 

  567.             memcpy(out->data + offset, outSegment.data, out->length - offset);
    568. 

  568.             UA_ByteString_deleteMembers(&outSegment);
    569. 

  569.         }
    570. 

  570. 

  571.         swapBuffers_Basic256Sha256(&ANext_and_seed, &A_and_seed);
    572. 

  572.         swapBuffers_Basic256Sha256(&ANext, &A);
    573. 

  573.     }
    574. 

  574. 

  575.     UA_ByteString_deleteMembers(&A_and_seed);
    576. 

  576.     UA_ByteString_deleteMembers(&ANext_and_seed);
    577. 

  577.     return UA_STATUSCODE_GOOD;
    578. 

  578. }
    579. 

  579. 

  580. static UA_StatusCode
    581. 

  581. sym_generateNonce_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    582. 

  582.                                     UA_ByteString *out) {
    583. 

  583.     if(securityPolicy == NULL || securityPolicy->policyContext == NULL || out == NULL)
    584. 

  584.         return UA_STATUSCODE_BADINTERNALERROR;
    585. 

  585. 

  586.     Basic256Sha256_PolicyContext *data =
    587. 

  587.         (Basic256Sha256_PolicyContext *)securityPolicy->policyContext;
    588. 

  588. 

  589.     int mbedErr = mbedtls_ctr_drbg_random(&data->drbgContext, out->data, out->length);
    590. 

  590.     UA_MBEDTLS_ERRORHANDLING_RETURN(UA_STATUSCODE_BADUNEXPECTEDERROR);
    591. 

  591. 

  592.     return UA_STATUSCODE_GOOD;
    593. 

  593. }
    594. 

  594. 

  595. /*****************/
    596. 

  596. /* ChannelModule */
    597. 

  597. /*****************/
    598. 

  598. 

  599. /* Assumes that the certificate has been verified externally */
    600. 

  600. static UA_StatusCode
    601. 

  601. parseRemoteCertificate_sp_basic256sha256(Basic256Sha256_ChannelContext *cc,
    602. 

  602.                                          const UA_ByteString *remoteCertificate) {
    603. 

  603.     if(remoteCertificate == NULL || cc == NULL)
    604. 

  604.         return UA_STATUSCODE_BADINTERNALERROR;
    605. 

  605. 

  606.     const UA_SecurityPolicy *securityPolicy = cc->policyContext->securityPolicy;
    607. 

  607. 

  608.     /* Parse the certificate */
    609. 

  609.     int mbedErr = mbedtls_x509_crt_parse(&cc->remoteCertificate, remoteCertificate->data,
    610. 

  610.                                          remoteCertificate->length);
    611. 

  611.     UA_MBEDTLS_ERRORHANDLING_RETURN(UA_STATUSCODE_BADSECURITYCHECKSFAILED);
    612. 

  612. 

  613.     /* Check the key length */
    614. 

  614.     mbedtls_rsa_context *rsaContext = mbedtls_pk_rsa(cc->remoteCertificate.pk);
    615. 

  615.     if(rsaContext->len < UA_SECURITYPOLICY_BASIC256SHA256_MINASYMKEYLENGTH ||
    616. 

  616.        rsaContext->len > UA_SECURITYPOLICY_BASIC256SHA256_MAXASYMKEYLENGTH)
    617. 

  617.         return UA_STATUSCODE_BADCERTIFICATEUSENOTALLOWED;
    618. 

  618. 

  619.     return UA_STATUSCODE_GOOD;
    620. 

  620. }
    621. 

  621. 

  622. static void
    623. 

  623. channelContext_deleteContext_sp_basic256sha256(Basic256Sha256_ChannelContext *cc) {
    624. 

  624.     UA_ByteString_deleteMembers(&cc->localSymSigningKey);
    625. 

  625.     UA_ByteString_deleteMembers(&cc->localSymEncryptingKey);
    626. 

  626.     UA_ByteString_deleteMembers(&cc->localSymIv);
    627. 

  627. 

  628.     UA_ByteString_deleteMembers(&cc->remoteSymSigningKey);
    629. 

  629.     UA_ByteString_deleteMembers(&cc->remoteSymEncryptingKey);
    630. 

  630.     UA_ByteString_deleteMembers(&cc->remoteSymIv);
    631. 

  631. 

  632.     mbedtls_x509_crt_free(&cc->remoteCertificate);
    633. 

  633. 

  634.     UA_free(cc);
    635. 

  635. }
    636. 

  636. 

  637. static UA_StatusCode
    638. 

  638. channelContext_newContext_sp_basic256sha256(const UA_SecurityPolicy *securityPolicy,
    639. 

  639.                                             const UA_ByteString *remoteCertificate,
    640. 

  640.                                             void **pp_contextData) {
    641. 

  641.     if(securityPolicy == NULL || remoteCertificate == NULL || pp_contextData == NULL)
    642. 

  642.         return UA_STATUSCODE_BADINTERNALERROR;
    643. 

  643. 

  644.     /* Allocate the channel context */
    645. 

  645.     *pp_contextData = UA_malloc(sizeof(Basic256Sha256_ChannelContext));
    646. 

  646.     if(*pp_contextData == NULL)
    647. 

  647.         return UA_STATUSCODE_BADOUTOFMEMORY;
    648. 

  648. 

  649.     Basic256Sha256_ChannelContext *cc = (Basic256Sha256_ChannelContext *)*pp_contextData;
    650. 

  650. 

  651.     /* Initialize the channel context */
    652. 

  652.     cc->policyContext = (Basic256Sha256_PolicyContext *)securityPolicy->policyContext;
    653. 

  653. 

  654.     UA_ByteString_init(&cc->localSymSigningKey);
    655. 

  655.     UA_ByteString_init(&cc->localSymEncryptingKey);
    656. 

  656.     UA_ByteString_init(&cc->localSymIv);
    657. 

  657. 

  658.     UA_ByteString_init(&cc->remoteSymSigningKey);
    659. 

  659.     UA_ByteString_init(&cc->remoteSymEncryptingKey);
    660. 

  660.     UA_ByteString_init(&cc->remoteSymIv);
    661. 

  661. 

  662.     mbedtls_x509_crt_init(&cc->remoteCertificate);
    663. 

  663. 

  664.     // TODO: this can be optimized so that we dont allocate memory before parsing the certificate
    665. 

  665.     UA_StatusCode retval = parseRemoteCertificate_sp_basic256sha256(cc, remoteCertificate);
    666. 

  666.     if(retval != UA_STATUSCODE_GOOD) {
    667. 

  667.         channelContext_deleteContext_sp_basic256sha256(cc);
    668. 

  668.         *pp_contextData = NULL;
    669. 

  669.     }
    670. 

  670.     return retval;
    671. 

  671. }
    672. 

  672. 

  673. static UA_StatusCode
    674. 

  674. channelContext_setLocalSymEncryptingKey_sp_basic256sha256(Basic256Sha256_ChannelContext *cc,
    675. 

  675.                                                           const UA_ByteString *key) {
    676. 

  676.     if(key == NULL || cc == NULL)
    677. 

  677.         return UA_STATUSCODE_BADINTERNALERROR;
    678. 

  678. 

  679.     UA_ByteString_deleteMembers(&cc->localSymEncryptingKey);
    680. 

  680.     return UA_ByteString_copy(key, &cc->localSymEncryptingKey);
    681. 

  681. }
    682. 

  682. 

  683. static UA_StatusCode
    684. 

  684. channelContext_setLocalSymSigningKey_sp_basic256sha256(Basic256Sha256_ChannelContext *cc,
    685. 

  685.                                                        const UA_ByteString *key) {
    686. 

  686.     if(key == NULL || cc == NULL)
    687. 

  687.         return UA_STATUSCODE_BADINTERNALERROR;
    688. 

  688. 

  689.     UA_ByteString_deleteMembers(&cc->localSymSigningKey);
    690. 

  690.     return UA_ByteString_copy(key, &cc->localSymSigningKey);
    691. 

  691. }
    692. 

  692. 

  693. 

  694. static UA_StatusCode
    695. 

  695. channelContext_setLocalSymIv_sp_basic256sha256(Basic256Sha256_ChannelContext *cc,
    696. 

  696.                                                const UA_ByteString *iv) {
    697. 

  697.     if(iv == NULL || cc == NULL)
    698. 

  698.         return UA_STATUSCODE_BADINTERNALERROR;
    699. 

  699. 

  700.     UA_ByteString_deleteMembers(&cc->localSymIv);
    701. 

  701.     return UA_ByteString_copy(iv, &cc->localSymIv);
    702. 

  702. }
    703. 

  703. 

  704. static UA_StatusCode
    705. 

  705. channelContext_setRemoteSymEncryptingKey_sp_basic256sha256(Basic256Sha256_ChannelContext *cc,
    706. 

  706.                                                            const UA_ByteString *key) {
    707. 

  707.     if(key == NULL || cc == NULL)
    708. 

  708.         return UA_STATUSCODE_BADINTERNALERROR;
    709. 

  709. 

  710.     UA_ByteString_deleteMembers(&cc->remoteSymEncryptingKey);
    711. 

  711.     return UA_ByteString_copy(key, &cc->remoteSymEncryptingKey);
    712. 

  712. }
    713. 

  713. 

  714. static UA_StatusCode
    715. 

  715. channelContext_setRemoteSymSigningKey_sp_basic256sha256(Basic256Sha256_ChannelContext *cc,
    716. 

  716.                                                         const UA_ByteString *key) {
    717. 

  717.     if(key == NULL || cc == NULL)
    718. 

  718.         return UA_STATUSCODE_BADINTERNALERROR;
    719. 

  719. 

  720.     UA_ByteString_deleteMembers(&cc->remoteSymSigningKey);
    721. 

  721.     return UA_ByteString_copy(key, &cc->remoteSymSigningKey);
    722. 

  722. }
    723. 

  723. 

  724. static UA_StatusCode
    725. 

  725. channelContext_setRemoteSymIv_sp_basic256sha256(Basic256Sha256_ChannelContext *cc,
    726. 

  726.                                                 const UA_ByteString *iv) {
    727. 

  727.     if(iv == NULL || cc == NULL)
    728. 

  728.         return UA_STATUSCODE_BADINTERNALERROR;
    729. 

  729. 

  730.     UA_ByteString_deleteMembers(&cc->remoteSymIv);
    731. 

  731.     return UA_ByteString_copy(iv, &cc->remoteSymIv);
    732. 

  732. }
    733. 

  733. 

  734. static UA_StatusCode
    735. 

  735. channelContext_compareCertificate_sp_basic256sha256(const Basic256Sha256_ChannelContext *cc,
    736. 

  736.                                                     const UA_ByteString *certificate) {
    737. 

  737.     if(cc == NULL || certificate == NULL)
    738. 

  738.         return UA_STATUSCODE_BADINTERNALERROR;
    739. 

  739. 

  740.     const UA_SecurityPolicy *securityPolicy = cc->policyContext->securityPolicy;
    741. 

  741. 

  742.     mbedtls_x509_crt cert;
    743. 

  743.     mbedtls_x509_crt_init(&cert);
    744. 

  744.     int mbedErr = mbedtls_x509_crt_parse(&cert, certificate->data, certificate->length);
    745. 

  745.     if(mbedErr) {
    746. 

  746.         UA_LOG_MBEDERR;
    747. 

  747.         return UA_STATUSCODE_BADSECURITYCHECKSFAILED;
    748. 

  748.     }
    749. 

  749. 

  750.     UA_StatusCode retval = UA_STATUSCODE_GOOD;
    751. 

  751.     if(cert.raw.len != cc->remoteCertificate.raw.len ||
    752. 

  752.        memcmp(cert.raw.p, cc->remoteCertificate.raw.p, cert.raw.len) != 0)
    753. 

  753.         retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
    754. 

  754. 

  755.     mbedtls_x509_crt_free(&cert);
    756. 

  756.     return retval;
    757. 

  757. }
    758. 

  758. 

  759. static void
    760. 

  760. deleteMembers_sp_basic256sha256(UA_SecurityPolicy *securityPolicy) {
    761. 

  761.     if(securityPolicy == NULL)
    762. 

  762.         return;
    763. 

  763. 

  764.     if(securityPolicy->policyContext == NULL)
    765. 

  765.         return;
    766. 

  766. 

  767.     UA_ByteString_deleteMembers(&securityPolicy->localCertificate);
    768. 

  768. 

  769.     /* delete all allocated members in the context */
    770. 

  770.     Basic256Sha256_PolicyContext *pc = (Basic256Sha256_PolicyContext *)
    771. 

  771.         securityPolicy->policyContext;
    772. 

  772. 

  773.     mbedtls_ctr_drbg_free(&pc->drbgContext);
    774. 

  774.     mbedtls_entropy_free(&pc->entropyContext);
    775. 

  775.     mbedtls_pk_free(&pc->localPrivateKey);
    776. 

  776.     mbedtls_md_free(&pc->sha256MdContext);
    777. 

  777.     UA_ByteString_deleteMembers(&pc->localCertThumbprint);
    778. 

  778. 

  779.     UA_LOG_DEBUG(securityPolicy->logger, UA_LOGCATEGORY_SECURITYPOLICY,
    780. 

  780.                  "Deleted members of EndpointContext for sp_basic256sha256");
    781. 

  781. 

  782.     UA_free(pc);
    783. 

  783.     securityPolicy->policyContext = NULL;
    784. 

  784. }
    785. 

  785. 

  786. static UA_StatusCode
    787. 

  787. updateCertificateAndPrivateKey_sp_basic256sha256(UA_SecurityPolicy *securityPolicy,
    788. 

  788.                                                  const UA_ByteString newCertificate,
    789. 

  789.                                                  const UA_ByteString newPrivateKey) {
    790. 

  790.     if(securityPolicy == NULL)
    791. 

  791.         return UA_STATUSCODE_BADINTERNALERROR;
    792. 

  792. 

  793.     if(securityPolicy->policyContext == NULL)
    794. 

  794.         return UA_STATUSCODE_BADINTERNALERROR;
    795. 

  795. 

  796.     Basic256Sha256_PolicyContext *pc =
    797. 

  797.             (Basic256Sha256_PolicyContext *) securityPolicy->policyContext;
    798. 

  798. 

  799.     UA_ByteString_deleteMembers(&securityPolicy->localCertificate);
    800. 

  800. 

  801.     UA_StatusCode retval =
    802. 

  802.             UA_ByteString_allocBuffer(&securityPolicy->localCertificate, newCertificate.length + 1);
    803. 

  803.     if(retval != UA_STATUSCODE_GOOD)
    804. 

  804.         return retval;
    805. 

  805.     memcpy(securityPolicy->localCertificate.data, newCertificate.data, newCertificate.length);
    806. 

  806.     securityPolicy->localCertificate.data[newCertificate.length] = '\0';
    807. 

  807.     securityPolicy->localCertificate.length--;
    808. 

  808. 

  809.     /* Set the new private key */
    810. 

  810.     mbedtls_pk_free(&pc->localPrivateKey);
    811. 

  811.     mbedtls_pk_init(&pc->localPrivateKey);
    812. 

  812.     int mbedErr = mbedtls_pk_parse_key(&pc->localPrivateKey,
    813. 

  813.                                        newPrivateKey.data, newPrivateKey.length,
    814. 

  814.                                        NULL, 0);
    815. 

  815.     UA_MBEDTLS_ERRORHANDLING(UA_STATUSCODE_BADSECURITYCHECKSFAILED);
    816. 

  816.     if(retval != UA_STATUSCODE_GOOD)
    817. 

  817.         goto error;
    818. 

  818. 

  819.     retval = asym_makeThumbprint_sp_basic256sha256(pc->securityPolicy,
    820. 

  820.                                                    &securityPolicy->localCertificate,
    821. 

  821.                                                    &pc->localCertThumbprint);
    822. 

  822.     if(retval != UA_STATUSCODE_GOOD)
    823. 

  823.         goto error;
    824. 

  824. 

  825.     return retval;
    826. 

  826. 

  827.     error:
    828. 

  828.     UA_LOG_ERROR(securityPolicy->logger, UA_LOGCATEGORY_SECURITYPOLICY,
    829. 

  829.                  "Could not update certificate and private key");
    830. 

  830.     if(securityPolicy->policyContext != NULL)
    831. 

  831.         deleteMembers_sp_basic256sha256(securityPolicy);
    832. 

  832.     return retval;
    833. 

  833. }
    834. 

  834. 

  835. static UA_StatusCode
    836. 

  836. policyContext_newContext_sp_basic256sha256(UA_SecurityPolicy *securityPolicy,
    837. 

  837.                                            const UA_ByteString localPrivateKey) {
    838. 

  838.     UA_StatusCode retval = UA_STATUSCODE_GOOD;
    839. 

  839.     if(securityPolicy == NULL)
    840. 

  840.         return UA_STATUSCODE_BADINTERNALERROR;
    841. 

  841. 

  842.     Basic256Sha256_PolicyContext *pc = (Basic256Sha256_PolicyContext *)
    843. 

  843.         UA_malloc(sizeof(Basic256Sha256_PolicyContext));
    844. 

  844.     securityPolicy->policyContext = (void *)pc;
    845. 

  845.     if(!pc) {
    846. 

  846.         retval = UA_STATUSCODE_BADOUTOFMEMORY;
    847. 

  847.         goto error;
    848. 

  848.     }
    849. 

  849. 

  850.     /* Initialize the PolicyContext */
    851. 

  851.     memset(pc, 0, sizeof(Basic256Sha256_PolicyContext));
    852. 

  852.     mbedtls_ctr_drbg_init(&pc->drbgContext);
    853. 

  853.     mbedtls_entropy_init(&pc->entropyContext);
    854. 

  854.     mbedtls_pk_init(&pc->localPrivateKey);
    855. 

  855.     mbedtls_md_init(&pc->sha256MdContext);
    856. 

  856.     pc->securityPolicy = securityPolicy;
    857. 

  857. 

  858.     /* Initialized the message digest */
    859. 

  859.     const mbedtls_md_info_t *const mdInfo = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
    860. 

  860.     int mbedErr = mbedtls_md_setup(&pc->sha256MdContext, mdInfo, MBEDTLS_MD_SHA256);
    861. 

  861.     UA_MBEDTLS_ERRORHANDLING(UA_STATUSCODE_BADOUTOFMEMORY);
    862. 

  862.     if(retval != UA_STATUSCODE_GOOD)
    863. 

  863.         goto error;
    864. 

  864. 

  865.     /* Add the system entropy source */
    866. 

  866.     mbedErr = mbedtls_entropy_add_source(&pc->entropyContext,
    867. 

  867.                                          mbedtls_platform_entropy_poll, NULL, 0,
    868. 

  868.                                          MBEDTLS_ENTROPY_SOURCE_STRONG);
    869. 

  869.     UA_MBEDTLS_ERRORHANDLING(UA_STATUSCODE_BADSECURITYCHECKSFAILED);
    870. 

  870.     if(retval != UA_STATUSCODE_GOOD)
    871. 

  871.         goto error;
    872. 

  872. 

  873.     /* Seed the RNG */
    874. 

  874.     char *personalization = "open62541-drbg";
    875. 

  875.     mbedErr = mbedtls_ctr_drbg_seed(&pc->drbgContext, mbedtls_entropy_func,
    876. 

  876.                                     &pc->entropyContext,
    877. 

  877.                                     (const unsigned char *)personalization, 14);
    878. 

  878.     UA_MBEDTLS_ERRORHANDLING(UA_STATUSCODE_BADSECURITYCHECKSFAILED);
    879. 

  879.     if(retval != UA_STATUSCODE_GOOD)
    880. 

  880.         goto error;
    881. 

  881. 

  882.     /* Set the private key */
    883. 

  883.     mbedErr = mbedtls_pk_parse_key(&pc->localPrivateKey,
    884. 

  884.                                    localPrivateKey.data, localPrivateKey.length,
    885. 

  885.                                    NULL, 0);
    886. 

  886.     UA_MBEDTLS_ERRORHANDLING(UA_STATUSCODE_BADSECURITYCHECKSFAILED);
    887. 

  887.     if(retval != UA_STATUSCODE_GOOD)
    888. 

  888.         goto error;
    889. 

  889. 

  890.     /* Set the local certificate thumbprint */
    891. 

  891.     retval = UA_ByteString_allocBuffer(&pc->localCertThumbprint, UA_SHA1_LENGTH);
    892. 

  892.     if(retval != UA_STATUSCODE_GOOD)
    893. 

  893.         goto error;
    894. 

  894.     retval = asym_makeThumbprint_sp_basic256sha256(pc->securityPolicy,
    895. 

  895.                                                   &securityPolicy->localCertificate,
    896. 

  896.                                                   &pc->localCertThumbprint);
    897. 

  897.     if(retval != UA_STATUSCODE_GOOD)
    898. 

  898.         goto error;
    899. 

  899. 

  900.     return UA_STATUSCODE_GOOD;
    901. 

  901. 

  902. error:
    903. 

  903.     UA_LOG_ERROR(securityPolicy->logger, UA_LOGCATEGORY_SECURITYPOLICY,
    904. 

  904.                  "Could not create securityContext");
    905. 

  905.     if(securityPolicy->policyContext != NULL)
    906. 

  906.         deleteMembers_sp_basic256sha256(securityPolicy);
    907. 

  907.     return retval;
    908. 

  908. }
    909. 

  909. 

  910. UA_StatusCode
    911. 

  911. UA_SecurityPolicy_Basic256Sha256(UA_SecurityPolicy *policy, UA_CertificateVerification *certificateVerification,
    912. 

  912.                                  const UA_ByteString localCertificate, const UA_ByteString localPrivateKey,
    913. 

  913.                                  UA_Logger logger) {
    914. 

  914.     memset(policy, 0, sizeof(UA_SecurityPolicy));
    915. 

  915.     policy->logger = logger;
    916. 

  916. 

  917.     policy->policyUri = UA_STRING("http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256");
    918. 

  918. 

  919.     UA_SecurityPolicyAsymmetricModule *const asymmetricModule = &policy->asymmetricModule;
    920. 

  920.     UA_SecurityPolicySymmetricModule *const symmetricModule = &policy->symmetricModule;
    921. 

  921.     UA_SecurityPolicyChannelModule *const channelModule = &policy->channelModule;
    922. 

  922. 

  923.     /* Copy the certificate and add a NULL to the end */
    924. 

  924.     UA_StatusCode retval =
    925. 

  925.         UA_ByteString_allocBuffer(&policy->localCertificate, localCertificate.length + 1);
    926. 

  926.     if(retval != UA_STATUSCODE_GOOD)
    927. 

  927.         return retval;
    928. 

  928.     memcpy(policy->localCertificate.data, localCertificate.data, localCertificate.length);
    929. 

  929.     policy->localCertificate.data[localCertificate.length] = '\0';
    930. 

  930.     policy->localCertificate.length--;
    931. 

  931.     policy->certificateVerification = certificateVerification;
    932. 

  932. 

  933.     /* AsymmetricModule */
    934. 

  934.     UA_SecurityPolicySignatureAlgorithm *asym_signatureAlgorithm =
    935. 

  935.         &asymmetricModule->cryptoModule.signatureAlgorithm;
    936. 

  936.     asym_signatureAlgorithm->uri =
    937. 

  937.         UA_STRING("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\0");
    938. 

  938.     asym_signatureAlgorithm->verify =
    939. 

  939.         (UA_StatusCode (*)(const UA_SecurityPolicy *, void *,
    940. 

  940.                            const UA_ByteString *, const UA_ByteString *))asym_verify_sp_basic256sha256;
    941. 

  941.     asym_signatureAlgorithm->sign =
    942. 

  942.         (UA_StatusCode (*)(const UA_SecurityPolicy *, void *,
    943. 

  943.                            const UA_ByteString *, UA_ByteString *))asym_sign_sp_basic256sha256;
    944. 

  944.     asym_signatureAlgorithm->getLocalSignatureSize =
    945. 

  945.         (size_t (*)(const UA_SecurityPolicy *, const void *))asym_getLocalSignatureSize_sp_basic256sha256;
    946. 

  946.     asym_signatureAlgorithm->getRemoteSignatureSize =
    947. 

  947.         (size_t (*)(const UA_SecurityPolicy *, const void *))asym_getRemoteSignatureSize_sp_basic256sha256;
    948. 

  948.     asym_signatureAlgorithm->getLocalKeyLength = NULL; // TODO: Write function
    949. 

  949.     asym_signatureAlgorithm->getRemoteKeyLength = NULL; // TODO: Write function
    950. 

  950. 

  951.     UA_SecurityPolicyEncryptionAlgorithm *asym_encryptionAlgorithm =
    952. 

  952.         &asymmetricModule->cryptoModule.encryptionAlgorithm;
    953. 

  953.     asym_encryptionAlgorithm->uri = UA_STRING("http://www.w3.org/2001/04/xmlenc#rsa-oaep\0");
    954. 

  954.     asym_encryptionAlgorithm->encrypt =
    955. 

  955.         (UA_StatusCode(*)(const UA_SecurityPolicy *, void *, UA_ByteString *))asym_encrypt_sp_basic256sha256;
    956. 

  956.     asym_encryptionAlgorithm->decrypt =
    957. 

  957.         (UA_StatusCode(*)(const UA_SecurityPolicy *, void *, UA_ByteString *))
    958. 

  958.             asym_decrypt_sp_basic256sha256;
    959. 

  959.     asym_encryptionAlgorithm->getLocalKeyLength = NULL; // TODO: Write function
    960. 

  960.     asym_encryptionAlgorithm->getRemoteKeyLength =
    961. 

  961.         (size_t (*)(const UA_SecurityPolicy *, const void *))asym_getRemoteEncryptionKeyLength_sp_basic256sha256;
    962. 

  962.     asym_encryptionAlgorithm->getLocalBlockSize = NULL; // TODO: Write function
    963. 

  963.     asym_encryptionAlgorithm->getRemoteBlockSize = (size_t (*)(const UA_SecurityPolicy *,
    964. 

  964.                                                                const void *))asym_getRemoteBlockSize_sp_basic256sha256;
    965. 

  965.     asym_encryptionAlgorithm->getLocalPlainTextBlockSize = NULL; // TODO: Write function
    966. 

  966.     asym_encryptionAlgorithm->getRemotePlainTextBlockSize =
    967. 

  967.         (size_t (*)(const UA_SecurityPolicy *, const void *))asym_getRemotePlainTextBlockSize_sp_basic256sha256;
    968. 

  968. 

  969.     asymmetricModule->makeCertificateThumbprint = asym_makeThumbprint_sp_basic256sha256;
    970. 

  970.     asymmetricModule->compareCertificateThumbprint =
    971. 

  971.         asymmetricModule_compareCertificateThumbprint_sp_basic256sha256;
    972. 

  972. 

  973.     /* SymmetricModule */
    974. 

  974.     symmetricModule->generateKey = sym_generateKey_sp_basic256sha256;
    975. 

  975.     symmetricModule->generateNonce = sym_generateNonce_sp_basic256sha256;
    976. 

  976. 

  977.     UA_SecurityPolicySignatureAlgorithm *sym_signatureAlgorithm =
    978. 

  978.         &symmetricModule->cryptoModule.signatureAlgorithm;
    979. 

  979.     sym_signatureAlgorithm->uri =
    980. 

  980.         UA_STRING("http://www.w3.org/2000/09/xmldsig#hmac-sha1\0");
    981. 

  981.     sym_signatureAlgorithm->verify =
    982. 

  982.         (UA_StatusCode (*)(const UA_SecurityPolicy *, void *, const UA_ByteString *,
    983. 

  983.                            const UA_ByteString *))sym_verify_sp_basic256sha256;
    984. 

  984.     sym_signatureAlgorithm->sign =
    985. 

  985.         (UA_StatusCode (*)(const UA_SecurityPolicy *, void *,
    986. 

  986.                            const UA_ByteString *, UA_ByteString *))sym_sign_sp_basic256sha256;
    987. 

  987.     sym_signatureAlgorithm->getLocalSignatureSize = sym_getSignatureSize_sp_basic256sha256;
    988. 

  988.     sym_signatureAlgorithm->getRemoteSignatureSize = sym_getSignatureSize_sp_basic256sha256;
    989. 

  989.     sym_signatureAlgorithm->getLocalKeyLength =
    990. 

  990.         (size_t (*)(const UA_SecurityPolicy *,
    991. 

  991.                     const void *))sym_getSigningKeyLength_sp_basic256sha256;
    992. 

  992.     sym_signatureAlgorithm->getRemoteKeyLength =
    993. 

  993.         (size_t (*)(const UA_SecurityPolicy *,
    994. 

  994.                     const void *))sym_getSigningKeyLength_sp_basic256sha256;
    995. 

  995. 

  996.     UA_SecurityPolicyEncryptionAlgorithm *sym_encryptionAlgorithm =
    997. 

  997.         &symmetricModule->cryptoModule.encryptionAlgorithm;
    998. 

  998.     sym_encryptionAlgorithm->uri = UA_STRING("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
    999. 

  999.     sym_encryptionAlgorithm->encrypt =
    1000. 

  1000.         (UA_StatusCode(*)(const UA_SecurityPolicy *, void *, UA_ByteString *))sym_encrypt_sp_basic256sha256;
    1001. 

  1001.     sym_encryptionAlgorithm->decrypt =
    1002. 

  1002.         (UA_StatusCode(*)(const UA_SecurityPolicy *, void *, UA_ByteString *))sym_decrypt_sp_basic256sha256;
    1003. 

  1003.     sym_encryptionAlgorithm->getLocalKeyLength = sym_getEncryptionKeyLength_sp_basic256sha256;
    1004. 

  1004.     sym_encryptionAlgorithm->getRemoteKeyLength = sym_getEncryptionKeyLength_sp_basic256sha256;
    1005. 

  1005.     sym_encryptionAlgorithm->getLocalBlockSize =
    1006. 

  1006.         (size_t (*)(const UA_SecurityPolicy *, const void *))sym_getEncryptionBlockSize_sp_basic256sha256;
    1007. 

  1007.     sym_encryptionAlgorithm->getRemoteBlockSize =
    1008. 

  1008.         (size_t (*)(const UA_SecurityPolicy *, const void *))sym_getEncryptionBlockSize_sp_basic256sha256;
    1009. 

  1009.     sym_encryptionAlgorithm->getLocalPlainTextBlockSize =
    1010. 

  1010.         (size_t (*)(const UA_SecurityPolicy *, const void *))sym_getPlainTextBlockSize_sp_basic256sha256;
    1011. 

  1011.     sym_encryptionAlgorithm->getRemotePlainTextBlockSize =
    1012. 

  1012.         (size_t (*)(const UA_SecurityPolicy *, const void *))sym_getPlainTextBlockSize_sp_basic256sha256;
    1013. 

  1013.     symmetricModule->secureChannelNonceLength = 32;
    1014. 

  1014. 

  1015.     // Use the same signature algorithm as the asymmetric component for certificate signing (see standard)
    1016. 

  1016.     policy->certificateSigningAlgorithm = policy->asymmetricModule.cryptoModule.signatureAlgorithm;
    1017. 

  1017. 

  1018.     /* ChannelModule */
    1019. 

  1019.     channelModule->newContext = channelContext_newContext_sp_basic256sha256;
    1020. 

  1020.     channelModule->deleteContext = (void (*)(void *))
    1021. 

  1021.         channelContext_deleteContext_sp_basic256sha256;
    1022. 

  1022. 

  1023.     channelModule->setLocalSymEncryptingKey = (UA_StatusCode (*)(void *, const UA_ByteString *))
    1024. 

  1024.         channelContext_setLocalSymEncryptingKey_sp_basic256sha256;
    1025. 

  1025.     channelModule->setLocalSymSigningKey = (UA_StatusCode (*)(void *, const UA_ByteString *))
    1026. 

  1026.         channelContext_setLocalSymSigningKey_sp_basic256sha256;
    1027. 

  1027.     channelModule->setLocalSymIv = (UA_StatusCode (*)(void *, const UA_ByteString *))
    1028. 

  1028.         channelContext_setLocalSymIv_sp_basic256sha256;
    1029. 

  1029. 

  1030.     channelModule->setRemoteSymEncryptingKey = (UA_StatusCode (*)(void *, const UA_ByteString *))
    1031. 

  1031.         channelContext_setRemoteSymEncryptingKey_sp_basic256sha256;
    1032. 

  1032.     channelModule->setRemoteSymSigningKey = (UA_StatusCode (*)(void *, const UA_ByteString *))
    1033. 

  1033.         channelContext_setRemoteSymSigningKey_sp_basic256sha256;
    1034. 

  1034.     channelModule->setRemoteSymIv = (UA_StatusCode (*)(void *, const UA_ByteString *))
    1035. 

  1035.         channelContext_setRemoteSymIv_sp_basic256sha256;
    1036. 

  1036. 

  1037.     channelModule->compareCertificate = (UA_StatusCode (*)(const void *, const UA_ByteString *))
    1038. 

  1038.         channelContext_compareCertificate_sp_basic256sha256;
    1039. 

  1039. 

  1040.     policy->updateCertificateAndPrivateKey = updateCertificateAndPrivateKey_sp_basic256sha256;
    1041. 

  1041.     policy->deleteMembers = deleteMembers_sp_basic256sha256;
    1042. 

  1042. 

  1043.     return policyContext_newContext_sp_basic256sha256(policy, localPrivateKey);
    1044. 

  1044. }
    1045. 

  1045.