/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef UA_SECURECHANNEL_H_ #define UA_SECURECHANNEL_H_ #ifdef __cplusplus extern "C" { #endif #include "queue.h" #include "ua_types.h" #include "ua_transport_generated.h" #include "ua_connection_internal.h" #include "ua_plugin_securitypolicy.h" #include "ua_plugin_log.h" #include "ua_util.h" #define UA_SECURE_CONVERSATION_MESSAGE_HEADER_LENGTH 12 struct UA_Session; typedef struct UA_Session UA_Session; struct SessionEntry { LIST_ENTRY(SessionEntry) pointers; UA_Session *session; // Just a pointer. The session is held in the session manager or the client }; /* For chunked requests */ struct ChunkEntry { LIST_ENTRY(ChunkEntry) pointers; UA_UInt32 requestId; UA_ByteString bytes; }; typedef enum { UA_SECURECHANNELSTATE_FRESH, UA_SECURECHANNELSTATE_OPEN, UA_SECURECHANNELSTATE_CLOSED } UA_SecureChannelState; struct UA_SecureChannel { UA_SecureChannelState state; UA_MessageSecurityMode securityMode; UA_ChannelSecurityToken securityToken; /* the channelId is contained in the securityToken */ UA_ChannelSecurityToken nextSecurityToken; /* The endpoint and context of the channel */ const UA_SecurityPolicy *securityPolicy; void *channelContext; /* For interaction with the security policy */ UA_Connection *connection; /* Asymmetric encryption info */ UA_ByteString remoteCertificate; UA_Byte remoteCertificateThumbprint[20]; /* The thumprint of the remote certificate */ /* Symmetric encryption info */ UA_ByteString remoteNonce; UA_ByteString localNonce; UA_UInt32 receiveSequenceNumber; UA_UInt32 sendSequenceNumber; LIST_HEAD(session_pointerlist, SessionEntry) sessions; LIST_HEAD(chunk_pointerlist, ChunkEntry) chunks; }; UA_StatusCode UA_SecureChannel_init(UA_SecureChannel *channel, const UA_SecurityPolicy *securityPolicy, const UA_ByteString *remoteCertificate); void UA_SecureChannel_deleteMembersCleanup(UA_SecureChannel *channel); /* Generates new keys and sets them in the channel context */ UA_StatusCode UA_SecureChannel_generateNewKeys(UA_SecureChannel* const channel); /* Wrapper function for generating nonces for the supplied channel. * * Uses the random generator of the channels security policy to allocate * and generate a nonce with the specified length. * * \param channel the channel to use. * \param nonceLength the length of the nonce to be generated. * \param nonce will contain the nonce after being successfully called. */ UA_StatusCode UA_SecureChannel_generateNonce(const UA_SecureChannel *const channel, const size_t nonceLength, UA_ByteString *const nonce); void UA_SecureChannel_attachSession(UA_SecureChannel *channel, UA_Session *session); void UA_SecureChannel_detachSession(UA_SecureChannel *channel, UA_Session *session); UA_Session * UA_SecureChannel_getSession(UA_SecureChannel *channel, UA_NodeId *token); UA_StatusCode UA_SecureChannel_revolveTokens(UA_SecureChannel *channel); UA_StatusCode UA_SecureChannel_sendSymmetricMessage(UA_SecureChannel *channel, UA_UInt32 requestId, UA_MessageType messageType, const void *content, const UA_DataType *contentType); UA_StatusCode UA_SecureChannel_sendAsymmetricOPNMessage(UA_SecureChannel *channel, UA_UInt32 requestId, const void *content, const UA_DataType *contentType); /** * Chunking * -------- */ /* For sending responses in multiple chunks */ typedef struct { UA_SecureChannel *channel; UA_UInt32 requestId; UA_UInt32 messageType; UA_UInt16 chunksSoFar; size_t messageSizeSoFar; UA_ByteString messageBuffer; UA_StatusCode errorCode; UA_Boolean final; } UA_ChunkInfo; typedef UA_StatusCode (UA_ProcessMessageCallback)(void *application, UA_SecureChannel *channel, UA_MessageType messageType, UA_UInt32 requestId, const UA_ByteString *message); typedef UA_StatusCode (UA_AsymHeaderCallback)(void *application, UA_SecureChannel *channel, UA_AsymmetricAlgorithmSecurityHeader *asymHeader); typedef UA_StatusCode (UA_SymHeaderCallback)(void *application, UA_SecureChannel *channel, UA_UInt32 tokenId); /* Process a single chunk. This also decrypts the chunk if required. The * callback function is called with the complete message body if the message is * complete. * * Symmetric calback is ERR, MSG, CLO only * Asymmetric callback is OPN only * * @param channel the channel the chunks were recieved on. * @param chunks the memory region where the chunks are stored. * @param callback the callback function that gets called with the complete * message body, once a final chunk is processed. * @param application data pointer to application specific data that gets passed * on to the callback function. */ UA_StatusCode UA_SecureChannel_processChunk(UA_SecureChannel *channel, UA_ByteString *chunk, UA_ProcessMessageCallback callback, void *application); /** * Log Helper * ---------- * C99 requires at least one element for the variadic argument. If the log * statement has no variable arguments, supply an additional NULL. It will be * ignored by printf. * * We have to jump through some hoops to enable the use of format strings * without arguments since (pedantic) C99 does not allow variadic macros with * zero arguments. So we add a dummy argument that is not printed (%.0s is * string of length zero). */ #define UA_LOG_TRACE_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...) \ UA_LOG_TRACE(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \ "Connection %i | SecureChannel %i | " MSG "%.0s", \ ((CHANNEL)->connection ? (CHANNEL)->connection->sockfd : 0), \ (CHANNEL)->securityToken.channelId, __VA_ARGS__) #define UA_LOG_TRACE_CHANNEL(LOGGER, CHANNEL, ...) \ UA_MACRO_EXPAND(UA_LOG_TRACE_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, "")) #define UA_LOG_DEBUG_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...) \ UA_LOG_DEBUG(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \ "Connection %i | SecureChannel %i | " MSG "%.0s", \ ((CHANNEL)->connection ? (CHANNEL)->connection->sockfd : 0), \ (CHANNEL)->securityToken.channelId, __VA_ARGS__) #define UA_LOG_DEBUG_CHANNEL(LOGGER, CHANNEL, ...) \ UA_MACRO_EXPAND(UA_LOG_DEBUG_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, "")) #define UA_LOG_INFO_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...) \ UA_LOG_INFO(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \ "Connection %i | SecureChannel %i | " MSG "%.0s", \ ((CHANNEL)->connection ? (CHANNEL)->connection->sockfd : 0), \ (CHANNEL)->securityToken.channelId, __VA_ARGS__) #define UA_LOG_INFO_CHANNEL(LOGGER, CHANNEL, ...) \ UA_MACRO_EXPAND(UA_LOG_INFO_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, "")) #define UA_LOG_WARNING_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...) \ UA_LOG_WARNING(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \ "Connection %i | SecureChannel %i | " MSG "%.0s", \ ((CHANNEL)->connection ? (CHANNEL)->connection->sockfd : 0), \ (CHANNEL)->securityToken.channelId, __VA_ARGS__) #define UA_LOG_WARNING_CHANNEL(LOGGER, CHANNEL, ...) \ UA_MACRO_EXPAND(UA_LOG_WARNING_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, "")) #define UA_LOG_ERROR_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...) \ UA_LOG_ERROR(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \ "Connection %i | SecureChannel %i | " MSG "%.0s", \ ((CHANNEL)->connection ? (CHANNEL)->connection->sockfd : 0), \ (CHANNEL)->securityToken.channelId, __VA_ARGS__) #define UA_LOG_ERROR_CHANNEL(LOGGER, CHANNEL, ...) \ UA_MACRO_EXPAND(UA_LOG_ERROR_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, "")) #define UA_LOG_FATAL_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...) \ UA_LOG_FATAL(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \ "Connection %i | SecureChannel %i | " MSG "%.0s", \ ((CHANNEL)->connection ? (CHANNEL)->connection->sockfd : 0), \ (CHANNEL)->securityToken.channelId, __VA_ARGS__) #define UA_LOG_FATAL_CHANNEL(LOGGER, CHANNEL, ...) \ UA_MACRO_EXPAND(UA_LOG_FATAL_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, "")) #ifdef __cplusplus } // extern "C" #endif #endif /* UA_SECURECHANNEL_H_ */