ua_securitypolicy_none.c 6.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188
  1. /* This work is licensed under a Creative Commons CCZero 1.0 Universal License.
  2. * See http://creativecommons.org/publicdomain/zero/1.0/ for more information.
  3. *
  4. * Copyright 2017-2018 (c) Mark Giraud, Fraunhofer IOSB
  5. * Copyright 2017 (c) Stefan Profanter, fortiss GmbH
  6. */
  7. #include <open62541/plugin/securitypolicy_default.h>
  8. static UA_StatusCode
  9. verify_none(const UA_SecurityPolicy *securityPolicy,
  10. void *channelContext,
  11. const UA_ByteString *message,
  12. const UA_ByteString *signature) {
  13. return UA_STATUSCODE_GOOD;
  14. }
  15. static UA_StatusCode
  16. sign_none(const UA_SecurityPolicy *securityPolicy,
  17. void *channelContext,
  18. const UA_ByteString *message,
  19. UA_ByteString *signature) {
  20. return UA_STATUSCODE_GOOD;
  21. }
  22. static size_t
  23. length_none(const UA_SecurityPolicy *securityPolicy,
  24. const void *channelContext) {
  25. return 0;
  26. }
  27. static UA_StatusCode
  28. encrypt_none(const UA_SecurityPolicy *securityPolicy,
  29. void *channelContext,
  30. UA_ByteString *data) {
  31. return UA_STATUSCODE_GOOD;
  32. }
  33. static UA_StatusCode
  34. decrypt_none(const UA_SecurityPolicy *securityPolicy,
  35. void *channelContext,
  36. UA_ByteString *data) {
  37. return UA_STATUSCODE_GOOD;
  38. }
  39. static UA_StatusCode
  40. makeThumbprint_none(const UA_SecurityPolicy *securityPolicy,
  41. const UA_ByteString *certificate,
  42. UA_ByteString *thumbprint) {
  43. return UA_STATUSCODE_GOOD;
  44. }
  45. static UA_StatusCode
  46. compareThumbprint_none(const UA_SecurityPolicy *securityPolicy,
  47. const UA_ByteString *certificateThumbprint) {
  48. return UA_STATUSCODE_GOOD;
  49. }
  50. static UA_StatusCode
  51. generateKey_none(const UA_SecurityPolicy *securityPolicy,
  52. const UA_ByteString *secret,
  53. const UA_ByteString *seed,
  54. UA_ByteString *out) {
  55. return UA_STATUSCODE_GOOD;
  56. }
  57. /* Use the non-cryptographic RNG to set the nonce */
  58. static UA_StatusCode
  59. generateNonce_none(const UA_SecurityPolicy *securityPolicy, UA_ByteString *out) {
  60. if(securityPolicy == NULL || out == NULL)
  61. return UA_STATUSCODE_BADINTERNALERROR;
  62. if(out->length == 0)
  63. return UA_STATUSCODE_GOOD;
  64. /* Fill blocks of four byte */
  65. size_t i = 0;
  66. while(i + 3 < out->length) {
  67. UA_UInt32 randNumber = UA_UInt32_random();
  68. memcpy(&out->data[i], &randNumber, 4);
  69. i = i+4;
  70. }
  71. /* Fill the remaining byte */
  72. UA_UInt32 randNumber = UA_UInt32_random();
  73. memcpy(&out->data[i], &randNumber, out->length % 4);
  74. return UA_STATUSCODE_GOOD;
  75. }
  76. static UA_StatusCode
  77. newContext_none(const UA_SecurityPolicy *securityPolicy,
  78. const UA_ByteString *remoteCertificate,
  79. void **channelContext) {
  80. return UA_STATUSCODE_GOOD;
  81. }
  82. static void
  83. deleteContext_none(void *channelContext) {
  84. }
  85. static UA_StatusCode
  86. setContextValue_none(void *channelContext,
  87. const UA_ByteString *key) {
  88. return UA_STATUSCODE_GOOD;
  89. }
  90. static UA_StatusCode
  91. compareCertificate_none(const void *channelContext,
  92. const UA_ByteString *certificate) {
  93. return UA_STATUSCODE_GOOD;
  94. }
  95. static UA_StatusCode
  96. updateCertificateAndPrivateKey_none(UA_SecurityPolicy *policy,
  97. const UA_ByteString newCertificate,
  98. const UA_ByteString newPrivateKey) {
  99. UA_ByteString_deleteMembers(&policy->localCertificate);
  100. UA_ByteString_copy(&newCertificate, &policy->localCertificate);
  101. return UA_STATUSCODE_GOOD;
  102. }
  103. static void
  104. policy_clear_none(UA_SecurityPolicy *policy) {
  105. UA_ByteString_deleteMembers(&policy->localCertificate);
  106. }
  107. UA_StatusCode
  108. UA_SecurityPolicy_None(UA_SecurityPolicy *policy,
  109. UA_CertificateVerification *certificateVerification,
  110. const UA_ByteString localCertificate, const UA_Logger *logger) {
  111. policy->policyContext = (void *)(uintptr_t)logger;
  112. policy->policyUri = UA_STRING("http://opcfoundation.org/UA/SecurityPolicy#None");
  113. policy->logger = logger;
  114. UA_ByteString_copy(&localCertificate, &policy->localCertificate);
  115. policy->certificateVerification = certificateVerification;
  116. policy->symmetricModule.generateKey = generateKey_none;
  117. policy->symmetricModule.generateNonce = generateNonce_none;
  118. UA_SecurityPolicySignatureAlgorithm *sym_signatureAlgorithm =
  119. &policy->symmetricModule.cryptoModule.signatureAlgorithm;
  120. sym_signatureAlgorithm->uri = UA_STRING_NULL;
  121. sym_signatureAlgorithm->verify = verify_none;
  122. sym_signatureAlgorithm->sign = sign_none;
  123. sym_signatureAlgorithm->getLocalSignatureSize = length_none;
  124. sym_signatureAlgorithm->getRemoteSignatureSize = length_none;
  125. sym_signatureAlgorithm->getLocalKeyLength = length_none;
  126. sym_signatureAlgorithm->getRemoteKeyLength = length_none;
  127. UA_SecurityPolicyEncryptionAlgorithm *sym_encryptionAlgorithm =
  128. &policy->symmetricModule.cryptoModule.encryptionAlgorithm;
  129. sym_encryptionAlgorithm->encrypt = encrypt_none;
  130. sym_encryptionAlgorithm->decrypt = decrypt_none;
  131. sym_encryptionAlgorithm->getLocalKeyLength = length_none;
  132. sym_encryptionAlgorithm->getRemoteKeyLength = length_none;
  133. sym_encryptionAlgorithm->getLocalBlockSize = length_none;
  134. sym_encryptionAlgorithm->getRemoteBlockSize = length_none;
  135. sym_encryptionAlgorithm->getLocalPlainTextBlockSize = length_none;
  136. sym_encryptionAlgorithm->getRemotePlainTextBlockSize = length_none;
  137. policy->symmetricModule.secureChannelNonceLength = 0;
  138. policy->asymmetricModule.makeCertificateThumbprint = makeThumbprint_none;
  139. policy->asymmetricModule.compareCertificateThumbprint = compareThumbprint_none;
  140. // This only works for none since symmetric and asymmetric crypto modules do the same i.e. nothing
  141. policy->asymmetricModule.cryptoModule = policy->symmetricModule.cryptoModule;
  142. // Use the same signing algorithm as for asymmetric signing
  143. policy->certificateSigningAlgorithm = policy->asymmetricModule.cryptoModule.signatureAlgorithm;
  144. policy->channelModule.newContext = newContext_none;
  145. policy->channelModule.deleteContext = deleteContext_none;
  146. policy->channelModule.setLocalSymEncryptingKey = setContextValue_none;
  147. policy->channelModule.setLocalSymSigningKey = setContextValue_none;
  148. policy->channelModule.setLocalSymIv = setContextValue_none;
  149. policy->channelModule.setRemoteSymEncryptingKey = setContextValue_none;
  150. policy->channelModule.setRemoteSymSigningKey = setContextValue_none;
  151. policy->channelModule.setRemoteSymIv = setContextValue_none;
  152. policy->channelModule.compareCertificate = compareCertificate_none;
  153. policy->updateCertificateAndPrivateKey = updateCertificateAndPrivateKey_none;
  154. policy->clear = policy_clear_none;
  155. return UA_STATUSCODE_GOOD;
  156. }