Home Explore Help
Sign In
thomas
/
open62541
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Session: Check that encryption algorithm id matches policy

Tested in the CTT conformance unit "Security User Name Password"
Julius Pfrommer 5 years ago
parent
f41f4f1935
commit
b313e69881
1 changed files with 8 additions and 0 deletions
Split View Show Diff Stats
  1. 8 0
      src/server/ua_services_session.c

+ 8 - 0
src/server/ua_services_session.c
View File 

@@ -426,6 +426,14 @@ Service_ActivateSession(UA_Server *server, UA_SecureChannel *channel,
 
 
        /* Encrypted password? */
 
        if(!UA_String_equal(&securityPolicy->policyUri, &UA_SECURITY_POLICY_NONE_URI)) {
 
+           /* Test if the encryption algorithm is correctly specified */
 
+           if(!UA_String_equal(&userToken->encryptionAlgorithm,
 
+                               &securityPolicy->asymmetricModule.cryptoModule.
 
+                               encryptionAlgorithm.uri)) {
 
+               response->responseHeader.serviceResult = UA_STATUSCODE_BADIDENTITYTOKENINVALID;
 
+               return;
 
+           }
 
+
 
            /* Create a temporary channel context if a different SecurityPolicy is
 
             * used for the password from the SecureChannel */
 
            void *tempChannelContext = channel->channelContext;