open62541 1.3.12
Open source implementation of OPC UA
Loading...
Searching...
No Matches
ua_securechannel.h File Reference

Go to the source code of this file.

Data Structures

struct  UA_SessionHeader
 
struct  UA_Chunk
 
struct  UA_SecureChannel
 
struct  UA_MessageContext
 

Macros

#define UA_SECURECHANNEL_MESSAGEHEADER_LENGTH   8
 
#define UA_SECURECHANNEL_CHANNELHEADER_LENGTH   12
 
#define UA_SECURECHANNEL_SYMMETRIC_SECURITYHEADER_LENGTH   4
 
#define UA_SECURECHANNEL_SEQUENCEHEADER_LENGTH   8
 
#define UA_SECURECHANNEL_SYMMETRIC_HEADER_UNENCRYPTEDLENGTH
 
#define UA_SECURECHANNEL_SYMMETRIC_HEADER_TOTALLENGTH
 
#define UA_SECURECHANNEL_MESSAGE_MIN_LENGTH   16
 
#define UA_LOG_TRACE_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...)
 
#define UA_LOG_TRACE_CHANNEL(LOGGER, CHANNEL, ...)    UA_MACRO_EXPAND(UA_LOG_TRACE_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))
 
#define UA_LOG_DEBUG_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...)
 
#define UA_LOG_DEBUG_CHANNEL(LOGGER, CHANNEL, ...)    UA_MACRO_EXPAND(UA_LOG_DEBUG_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))
 
#define UA_LOG_INFO_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...)
 
#define UA_LOG_INFO_CHANNEL(LOGGER, CHANNEL, ...)    UA_MACRO_EXPAND(UA_LOG_INFO_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))
 
#define UA_LOG_WARNING_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...)
 
#define UA_LOG_WARNING_CHANNEL(LOGGER, CHANNEL, ...)    UA_MACRO_EXPAND(UA_LOG_WARNING_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))
 
#define UA_LOG_ERROR_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...)
 
#define UA_LOG_ERROR_CHANNEL(LOGGER, CHANNEL, ...)    UA_MACRO_EXPAND(UA_LOG_ERROR_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))
 
#define UA_LOG_FATAL_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...)
 
#define UA_LOG_FATAL_CHANNEL(LOGGER, CHANNEL, ...)    UA_MACRO_EXPAND(UA_LOG_FATAL_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))
 

Typedefs

typedef struct UA_SessionHeader UA_SessionHeader
 
typedef struct UA_Chunk UA_Chunk
 
typedef UA_StatusCode UA_ProcessMessageCallback(void *application, UA_SecureChannel *channel, UA_MessageType messageType, UA_UInt32 requestId, UA_ByteString *message)
 

Enumerations

enum  UA_SecureChannelRenewState
 

Functions

typedef SIMPLEQ_HEAD (UA_ChunkQueue, UA_Chunk) UA_ChunkQueue
 
void UA_SecureChannel_init (UA_SecureChannel *channel, const UA_ConnectionConfig *config)
 
void UA_SecureChannel_close (UA_SecureChannel *channel)
 
UA_StatusCode UA_SecureChannel_processHELACK (UA_SecureChannel *channel, const UA_TcpAcknowledgeMessage *remoteConfig)
 
UA_StatusCode UA_SecureChannel_setSecurityPolicy (UA_SecureChannel *channel, const UA_SecurityPolicy *securityPolicy, const UA_ByteString *remoteCertificate)
 
void UA_SecureChannel_deleteBuffered (UA_SecureChannel *channel)
 
UA_StatusCode UA_SecureChannel_generateLocalNonce (UA_SecureChannel *channel)
 
UA_StatusCode UA_SecureChannel_generateLocalKeys (const UA_SecureChannel *channel)
 
UA_StatusCode generateRemoteKeys (const UA_SecureChannel *channel)
 
UA_StatusCode UA_SecureChannel_sendAsymmetricOPNMessage (UA_SecureChannel *channel, UA_UInt32 requestId, const void *content, const UA_DataType *contentType)
 
UA_StatusCode UA_SecureChannel_sendSymmetricMessage (UA_SecureChannel *channel, UA_UInt32 requestId, UA_MessageType messageType, void *payload, const UA_DataType *payloadType)
 
UA_StatusCode UA_MessageContext_begin (UA_MessageContext *mc, UA_SecureChannel *channel, UA_UInt32 requestId, UA_MessageType messageType)
 
UA_StatusCode UA_MessageContext_encode (UA_MessageContext *mc, const void *content, const UA_DataType *contentType)
 
UA_StatusCode UA_MessageContext_finish (UA_MessageContext *mc)
 
void UA_MessageContext_abort (UA_MessageContext *mc)
 
UA_StatusCode UA_SecureChannel_processBuffer (UA_SecureChannel *channel, void *application, UA_ProcessMessageCallback callback, const UA_ByteString *buffer)
 
UA_StatusCode UA_SecureChannel_receive (UA_SecureChannel *channel, void *application, UA_ProcessMessageCallback callback, UA_UInt32 timeout)
 
void hideBytesAsym (const UA_SecureChannel *channel, UA_Byte **buf_start, const UA_Byte **buf_end)
 
UA_StatusCode decryptAndVerifyChunk (const UA_SecureChannel *channel, const UA_SecurityPolicyCryptoModule *cryptoModule, UA_MessageType messageType, UA_ByteString *chunk, size_t offset)
 
size_t calculateAsymAlgSecurityHeaderLength (const UA_SecureChannel *channel)
 
UA_StatusCode prependHeadersAsym (UA_SecureChannel *const channel, UA_Byte *header_pos, const UA_Byte *buf_end, size_t totalLength, size_t securityHeaderLength, UA_UInt32 requestId, size_t *const finalLength)
 
void setBufPos (UA_MessageContext *mc)
 
UA_StatusCode checkSymHeader (UA_SecureChannel *channel, const UA_UInt32 tokenId)
 
UA_StatusCode checkAsymHeader (UA_SecureChannel *channel, const UA_AsymmetricAlgorithmSecurityHeader *asymHeader)
 
void padChunk (UA_SecureChannel *channel, const UA_SecurityPolicyCryptoModule *cm, const UA_Byte *start, UA_Byte **pos)
 
UA_StatusCode signAndEncryptAsym (UA_SecureChannel *channel, size_t preSignLength, UA_ByteString *buf, size_t securityHeaderLength, size_t totalLength)
 
UA_StatusCode signAndEncryptSym (UA_MessageContext *messageContext, size_t preSigLength, size_t totalLength)
 

Macro Definition Documentation

◆ UA_SECURECHANNEL_MESSAGEHEADER_LENGTH

#define UA_SECURECHANNEL_MESSAGEHEADER_LENGTH   8

This Source Code Form is subject to the terms of the Mozilla Public License, v.

2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.

Copyright 2014-2020 (c) Fraunhofer IOSB (Author: Julius Pfrommer) Copyright 2017 (c) Florian Palm Copyright 2017 (c) Stefan Profanter, fortiss GmbH Copyright 2017 (c) Mark Giraud, Fraunhofer IOSB The message header of the OPC UA binary protocol is structured as follows:

  • MessageType (3 Byte)
  • IsFinal (1 Byte)
  • MessageSize (4 Byte) *** UA_SECURECHANNEL_MESSAGEHEADER_LENGTH ***
  • SecureChannelId (4 Byte) *** UA_SECURECHANNEL_CHANNELHEADER_LENGTH ***
  • SecurityHeader (4 Byte TokenId for symmetric, otherwise dynamic length)
  • SequenceHeader (8 Byte)
    • SequenceNumber
    • RequestId

Definition at line 39 of file ua_securechannel.h.

◆ UA_SECURECHANNEL_CHANNELHEADER_LENGTH

#define UA_SECURECHANNEL_CHANNELHEADER_LENGTH   12

Definition at line 40 of file ua_securechannel.h.

◆ UA_SECURECHANNEL_SYMMETRIC_SECURITYHEADER_LENGTH

#define UA_SECURECHANNEL_SYMMETRIC_SECURITYHEADER_LENGTH   4

Definition at line 41 of file ua_securechannel.h.

◆ UA_SECURECHANNEL_SEQUENCEHEADER_LENGTH

#define UA_SECURECHANNEL_SEQUENCEHEADER_LENGTH   8

Definition at line 42 of file ua_securechannel.h.

◆ UA_SECURECHANNEL_SYMMETRIC_HEADER_UNENCRYPTEDLENGTH

#define UA_SECURECHANNEL_SYMMETRIC_HEADER_UNENCRYPTEDLENGTH
Value:

Definition at line 43 of file ua_securechannel.h.

◆ UA_SECURECHANNEL_SYMMETRIC_HEADER_TOTALLENGTH

#define UA_SECURECHANNEL_SYMMETRIC_HEADER_TOTALLENGTH

◆ UA_SECURECHANNEL_MESSAGE_MIN_LENGTH

#define UA_SECURECHANNEL_MESSAGE_MIN_LENGTH   16

Minimum length of a valid message (ERR message with an empty reason)

Definition at line 52 of file ua_securechannel.h.

◆ UA_LOG_TRACE_CHANNEL_INTERNAL

#define UA_LOG_TRACE_CHANNEL_INTERNAL ( LOGGER,
CHANNEL,
MSG,
... )
Value:
UA_LOG_TRACE(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \
"Connection %i | SecureChannel %" PRIu32 " | " MSG "%.0s", \
((CHANNEL)->connection ? (int)((CHANNEL)->connection->sockfd) : 0), \
(CHANNEL)->securityToken.channelId, __VA_ARGS__)
@ UA_LOGCATEGORY_SECURECHANNEL
Definition log.h:31

Definition at line 331 of file ua_securechannel.h.

◆ UA_LOG_TRACE_CHANNEL

#define UA_LOG_TRACE_CHANNEL ( LOGGER,
CHANNEL,
... )    UA_MACRO_EXPAND(UA_LOG_TRACE_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))

Definition at line 337 of file ua_securechannel.h.

◆ UA_LOG_DEBUG_CHANNEL_INTERNAL

#define UA_LOG_DEBUG_CHANNEL_INTERNAL ( LOGGER,
CHANNEL,
MSG,
... )
Value:
UA_LOG_DEBUG(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \
"Connection %i | SecureChannel %" PRIu32 " | " MSG "%.0s", \
((CHANNEL)->connection ? (int)((CHANNEL)->connection->sockfd) : 0), \
(CHANNEL)->securityToken.channelId, __VA_ARGS__)

Definition at line 340 of file ua_securechannel.h.

◆ UA_LOG_DEBUG_CHANNEL

#define UA_LOG_DEBUG_CHANNEL ( LOGGER,
CHANNEL,
... )    UA_MACRO_EXPAND(UA_LOG_DEBUG_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))

Definition at line 346 of file ua_securechannel.h.

◆ UA_LOG_INFO_CHANNEL_INTERNAL

#define UA_LOG_INFO_CHANNEL_INTERNAL ( LOGGER,
CHANNEL,
MSG,
... )
Value:
UA_LOG_INFO(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \
"Connection %i | SecureChannel %" PRIu32 " | " MSG "%.0s", \
((CHANNEL)->connection ? (int)((CHANNEL)->connection->sockfd) : 0), \
(CHANNEL)->securityToken.channelId, __VA_ARGS__)

Definition at line 349 of file ua_securechannel.h.

◆ UA_LOG_INFO_CHANNEL

#define UA_LOG_INFO_CHANNEL ( LOGGER,
CHANNEL,
... )    UA_MACRO_EXPAND(UA_LOG_INFO_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))

Definition at line 355 of file ua_securechannel.h.

◆ UA_LOG_WARNING_CHANNEL_INTERNAL

#define UA_LOG_WARNING_CHANNEL_INTERNAL ( LOGGER,
CHANNEL,
MSG,
... )
Value:
UA_LOG_WARNING(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \
"Connection %i | SecureChannel %" PRIu32 " | " MSG "%.0s", \
((CHANNEL)->connection ? (int)((CHANNEL)->connection->sockfd) : 0), \
(CHANNEL)->securityToken.channelId, __VA_ARGS__)

Definition at line 358 of file ua_securechannel.h.

◆ UA_LOG_WARNING_CHANNEL

#define UA_LOG_WARNING_CHANNEL ( LOGGER,
CHANNEL,
... )    UA_MACRO_EXPAND(UA_LOG_WARNING_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))

Definition at line 364 of file ua_securechannel.h.

◆ UA_LOG_ERROR_CHANNEL_INTERNAL

#define UA_LOG_ERROR_CHANNEL_INTERNAL ( LOGGER,
CHANNEL,
MSG,
... )
Value:
UA_LOG_ERROR(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \
"Connection %i | SecureChannel %" PRIu32 " | " MSG "%.0s", \
((CHANNEL)->connection ? (int)((CHANNEL)->connection->sockfd) : 0), \
(CHANNEL)->securityToken.channelId, __VA_ARGS__)

Definition at line 367 of file ua_securechannel.h.

◆ UA_LOG_ERROR_CHANNEL

#define UA_LOG_ERROR_CHANNEL ( LOGGER,
CHANNEL,
... )    UA_MACRO_EXPAND(UA_LOG_ERROR_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))

Definition at line 373 of file ua_securechannel.h.

◆ UA_LOG_FATAL_CHANNEL_INTERNAL

#define UA_LOG_FATAL_CHANNEL_INTERNAL ( LOGGER,
CHANNEL,
MSG,
... )
Value:
UA_LOG_FATAL(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \
"Connection %i | SecureChannel %" PRIu32 " | " MSG "%.0s", \
((CHANNEL)->connection ? (CHANNEL)->connection->sockfd : 0), \
(CHANNEL)->securityToken.channelId, __VA_ARGS__)

Definition at line 376 of file ua_securechannel.h.

◆ UA_LOG_FATAL_CHANNEL

#define UA_LOG_FATAL_CHANNEL ( LOGGER,
CHANNEL,
... )    UA_MACRO_EXPAND(UA_LOG_FATAL_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))

Definition at line 382 of file ua_securechannel.h.

Typedef Documentation

◆ UA_SessionHeader

typedef struct UA_SessionHeader UA_SessionHeader

Thread-local variables to force failure modes during testing.

The Session implementation differs between client and server. Still, it is expected that the Session structure begins with the SessionHeader. This is the interface that will be used by the SecureChannel. The lifecycle of Sessions is independent of the underlying SecureChannel. But every Session can be attached to only one SecureChannel.

◆ UA_Chunk

typedef struct UA_Chunk UA_Chunk

For chunked requests.

◆ UA_ProcessMessageCallback

typedef UA_StatusCode UA_ProcessMessageCallback(void *application, UA_SecureChannel *channel, UA_MessageType messageType, UA_UInt32 requestId, UA_ByteString *message)

Definition at line 249 of file ua_securechannel.h.

Enumeration Type Documentation

◆ UA_SecureChannelRenewState

Enumerator
UA_SECURECHANNELRENEWSTATE_NORMAL 
UA_SECURECHANNELRENEWSTATE_SENT 
UA_SECURECHANNELRENEWSTATE_NEWTOKEN_SERVER 
UA_SECURECHANNELRENEWSTATE_NEWTOKEN_CLIENT 

Definition at line 86 of file ua_securechannel.h.

Function Documentation

◆ SIMPLEQ_HEAD()

typedef SIMPLEQ_HEAD ( UA_ChunkQueue ,
UA_Chunk  )

◆ UA_SecureChannel_init()

void UA_SecureChannel_init ( UA_SecureChannel * channel,
const UA_ConnectionConfig * config )

◆ UA_SecureChannel_close()

void UA_SecureChannel_close ( UA_SecureChannel * channel)

◆ UA_SecureChannel_processHELACK()

UA_StatusCode UA_SecureChannel_processHELACK ( UA_SecureChannel * channel,
const UA_TcpAcknowledgeMessage * remoteConfig )

Process the remote configuration in the HEL/ACK handshake.

The connection config is initialized with the local settings.

◆ UA_SecureChannel_setSecurityPolicy()

UA_StatusCode UA_SecureChannel_setSecurityPolicy ( UA_SecureChannel * channel,
const UA_SecurityPolicy * securityPolicy,
const UA_ByteString * remoteCertificate )

◆ UA_SecureChannel_deleteBuffered()

void UA_SecureChannel_deleteBuffered ( UA_SecureChannel * channel)

Remove (partially) received unprocessed chunks.

◆ UA_SecureChannel_generateLocalNonce()

UA_StatusCode UA_SecureChannel_generateLocalNonce ( UA_SecureChannel * channel)

Wrapper function for generating a local nonce for the supplied channel.

Uses the random generator of the channels security policy to allocate and generate a nonce with the specified length.

◆ UA_SecureChannel_generateLocalKeys()

UA_StatusCode UA_SecureChannel_generateLocalKeys ( const UA_SecureChannel * channel)

◆ generateRemoteKeys()

UA_StatusCode generateRemoteKeys ( const UA_SecureChannel * channel)

◆ UA_SecureChannel_sendAsymmetricOPNMessage()

UA_StatusCode UA_SecureChannel_sendAsymmetricOPNMessage ( UA_SecureChannel * channel,
UA_UInt32 requestId,
const void * content,
const UA_DataType * contentType )

◆ UA_SecureChannel_sendSymmetricMessage()

UA_StatusCode UA_SecureChannel_sendSymmetricMessage ( UA_SecureChannel * channel,
UA_UInt32 requestId,
UA_MessageType messageType,
void * payload,
const UA_DataType * payloadType )

◆ UA_MessageContext_begin()

UA_StatusCode UA_MessageContext_begin ( UA_MessageContext * mc,
UA_SecureChannel * channel,
UA_UInt32 requestId,
UA_MessageType messageType )

Start the context of a new symmetric message.

◆ UA_MessageContext_encode()

UA_StatusCode UA_MessageContext_encode ( UA_MessageContext * mc,
const void * content,
const UA_DataType * contentType )

Encode the content and send out full chunks.

If the return code is good, then the ChunkInfo contains encoded content that has not been sent. If the return code is bad, then the ChunkInfo has been cleaned up internally.

◆ UA_MessageContext_finish()

UA_StatusCode UA_MessageContext_finish ( UA_MessageContext * mc)

Sends a symmetric message already encoded in the context.

The context is cleaned up, also in case of errors.

◆ UA_MessageContext_abort()

void UA_MessageContext_abort ( UA_MessageContext * mc)

To be used when a failure occures when a MessageContext is open.

Note that the _encode and _finish methods will clean up internally. _abort can be run on a MessageContext that has already been cleaned up before.

◆ UA_SecureChannel_processBuffer()

UA_StatusCode UA_SecureChannel_processBuffer ( UA_SecureChannel * channel,
void * application,
UA_ProcessMessageCallback callback,
const UA_ByteString * buffer )

Process a received buffer.

The callback function is called with the message body if the message is complete. The message is removed afterwards. Returns if an irrecoverable error occured.

Note that only MSG and CLO messages are decrypted. HEL/ACK/OPN/... are forwarded verbatim to the application.

◆ UA_SecureChannel_receive()

UA_StatusCode UA_SecureChannel_receive ( UA_SecureChannel * channel,
void * application,
UA_ProcessMessageCallback callback,
UA_UInt32 timeout )

Try to receive at least one complete chunk on the connection.

This blocks the current thread up to the given timeout. It will return once the first buffer has been received (and possibly processed when the message is complete).

Parameters
channelThe SecureChannel
applicationThe client or server application
callbackThe function pointer for processing complete messages
timeoutThe timeout (in milliseconds) the method will block at most.
Returns
Returns UA_STATUSCODE_GOOD or an error code. A timeout does not create an error.

◆ hideBytesAsym()

void hideBytesAsym ( const UA_SecureChannel * channel,
UA_Byte ** buf_start,
const UA_Byte ** buf_end )

Internal methods in ua_securechannel_crypto.h.

◆ decryptAndVerifyChunk()

UA_StatusCode decryptAndVerifyChunk ( const UA_SecureChannel * channel,
const UA_SecurityPolicyCryptoModule * cryptoModule,
UA_MessageType messageType,
UA_ByteString * chunk,
size_t offset )

Decrypt and verify via the signature.

The chunk buffer is reused to hold the decrypted data after the MessageHeader and SecurityHeader. The chunk length is reduced by the signature, padding and encryption overhead.

The offset argument points to the start of the encrypted content (beginning with the SequenceHeader).

◆ calculateAsymAlgSecurityHeaderLength()

size_t calculateAsymAlgSecurityHeaderLength ( const UA_SecureChannel * channel)

◆ prependHeadersAsym()

UA_StatusCode prependHeadersAsym ( UA_SecureChannel *const channel,
UA_Byte * header_pos,
const UA_Byte * buf_end,
size_t totalLength,
size_t securityHeaderLength,
UA_UInt32 requestId,
size_t *const finalLength )

◆ setBufPos()

void setBufPos ( UA_MessageContext * mc)

◆ checkSymHeader()

UA_StatusCode checkSymHeader ( UA_SecureChannel * channel,
const UA_UInt32 tokenId )

◆ checkAsymHeader()

UA_StatusCode checkAsymHeader ( UA_SecureChannel * channel,
const UA_AsymmetricAlgorithmSecurityHeader * asymHeader )

◆ padChunk()

void padChunk ( UA_SecureChannel * channel,
const UA_SecurityPolicyCryptoModule * cm,
const UA_Byte * start,
UA_Byte ** pos )

◆ signAndEncryptAsym()

UA_StatusCode signAndEncryptAsym ( UA_SecureChannel * channel,
size_t preSignLength,
UA_ByteString * buf,
size_t securityHeaderLength,
size_t totalLength )

◆ signAndEncryptSym()

UA_StatusCode signAndEncryptSym ( UA_MessageContext * messageContext,
size_t preSigLength,
size_t totalLength )