11#ifndef UA_SECURECHANNEL_H_
12#define UA_SECURECHANNEL_H_
39#define UA_SECURECHANNEL_MESSAGEHEADER_LENGTH 8
40#define UA_SECURECHANNEL_CHANNELHEADER_LENGTH 12
41#define UA_SECURECHANNEL_SYMMETRIC_SECURITYHEADER_LENGTH 4
42#define UA_SECURECHANNEL_SEQUENCEHEADER_LENGTH 8
43#define UA_SECURECHANNEL_SYMMETRIC_HEADER_UNENCRYPTEDLENGTH \
44 (UA_SECURECHANNEL_CHANNELHEADER_LENGTH + \
45 UA_SECURECHANNEL_SYMMETRIC_SECURITYHEADER_LENGTH)
46#define UA_SECURECHANNEL_SYMMETRIC_HEADER_TOTALLENGTH \
47 (UA_SECURECHANNEL_CHANNELHEADER_LENGTH + \
48 UA_SECURECHANNEL_SYMMETRIC_SECURITYHEADER_LENGTH + \
49 UA_SECURECHANNEL_SEQUENCEHEADER_LENGTH)
52#define UA_SECURECHANNEL_MESSAGE_MIN_LENGTH 16
55#ifdef UA_ENABLE_UNIT_TEST_FAILURE_HOOKS
199 const void *content,
const UA_DataType *contentType);
302 const UA_Byte *buf_end,
size_t totalLength,
303 size_t securityHeaderLength,
UA_UInt32 requestId,
304 size_t *
const finalLength);
327 size_t preSigLength,
size_t totalLength);
331#define UA_LOG_TRACE_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...) \
332 UA_LOG_TRACE(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \
333 "Connection %i | SecureChannel %" PRIu32 " | " MSG "%.0s", \
334 ((CHANNEL)->connection ? (int)((CHANNEL)->connection->sockfd) : 0), \
335 (CHANNEL)->securityToken.channelId, __VA_ARGS__)
337#define UA_LOG_TRACE_CHANNEL(LOGGER, CHANNEL, ...) \
338 UA_MACRO_EXPAND(UA_LOG_TRACE_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))
340#define UA_LOG_DEBUG_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...) \
341 UA_LOG_DEBUG(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \
342 "Connection %i | SecureChannel %" PRIu32 " | " MSG "%.0s", \
343 ((CHANNEL)->connection ? (int)((CHANNEL)->connection->sockfd) : 0), \
344 (CHANNEL)->securityToken.channelId, __VA_ARGS__)
346#define UA_LOG_DEBUG_CHANNEL(LOGGER, CHANNEL, ...) \
347 UA_MACRO_EXPAND(UA_LOG_DEBUG_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))
349#define UA_LOG_INFO_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...) \
350 UA_LOG_INFO(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \
351 "Connection %i | SecureChannel %" PRIu32 " | " MSG "%.0s", \
352 ((CHANNEL)->connection ? (int)((CHANNEL)->connection->sockfd) : 0), \
353 (CHANNEL)->securityToken.channelId, __VA_ARGS__)
355#define UA_LOG_INFO_CHANNEL(LOGGER, CHANNEL, ...) \
356 UA_MACRO_EXPAND(UA_LOG_INFO_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))
358#define UA_LOG_WARNING_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...) \
359 UA_LOG_WARNING(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \
360 "Connection %i | SecureChannel %" PRIu32 " | " MSG "%.0s", \
361 ((CHANNEL)->connection ? (int)((CHANNEL)->connection->sockfd) : 0), \
362 (CHANNEL)->securityToken.channelId, __VA_ARGS__)
364#define UA_LOG_WARNING_CHANNEL(LOGGER, CHANNEL, ...) \
365 UA_MACRO_EXPAND(UA_LOG_WARNING_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))
367#define UA_LOG_ERROR_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...) \
368 UA_LOG_ERROR(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \
369 "Connection %i | SecureChannel %" PRIu32 " | " MSG "%.0s", \
370 ((CHANNEL)->connection ? (int)((CHANNEL)->connection->sockfd) : 0), \
371 (CHANNEL)->securityToken.channelId, __VA_ARGS__)
373#define UA_LOG_ERROR_CHANNEL(LOGGER, CHANNEL, ...) \
374 UA_MACRO_EXPAND(UA_LOG_ERROR_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))
376#define UA_LOG_FATAL_CHANNEL_INTERNAL(LOGGER, CHANNEL, MSG, ...) \
377 UA_LOG_FATAL(LOGGER, UA_LOGCATEGORY_SECURECHANNEL, \
378 "Connection %i | SecureChannel %" PRIu32 " | " MSG "%.0s", \
379 ((CHANNEL)->connection ? (CHANNEL)->connection->sockfd : 0), \
380 (CHANNEL)->securityToken.channelId, __VA_ARGS__)
382#define UA_LOG_FATAL_CHANNEL(LOGGER, CHANNEL, ...) \
383 UA_MACRO_EXPAND(UA_LOG_FATAL_CHANNEL_INTERNAL(LOGGER, CHANNEL, __VA_ARGS__, ""))
#define _UA_BEGIN_DECLS
#undef UA_DEBUG_DUMP_PKGS
#define SIMPLEQ_HEAD(name, type)
UA_MessageType messageType
SIMPLEQ_ENTRY(UA_Chunk) pointers
The MessageContext is forwarded into the encoding layer so that we can send chunks before continuing ...
UA_SecureChannel * channel
UA_ByteString messageBuffer
UA_ChannelSecurityToken altSecurityToken
UA_ByteString remoteNonce
UA_ByteString remoteCertificate
UA_ByteString incompleteChunk
UA_StatusCode(* processOPNHeader)(void *application, UA_SecureChannel *channel, const UA_AsymmetricAlgorithmSecurityHeader *asymHeader)
size_t decryptedChunksLength
size_t decryptedChunksCount
UA_UInt32 sendSequenceNumber
UA_SecureChannelRenewState renewState
UA_Connection * connection
UA_ChannelSecurityToken securityToken
UA_Byte remoteCertificateThumbprint[20]
UA_UInt32 receiveSequenceNumber
UA_MessageSecurityMode securityMode
UA_CertificateVerification * certificateVerification
SLIST_HEAD(, UA_SessionHeader) sessions
UA_ChunkQueue completeChunks
UA_ChunkQueue decryptedChunks
UA_SecureChannelState state
const UA_SecurityPolicy * securityPolicy
UA_ConnectionConfig config
_UA_BEGIN_DECLS typedef bool UA_Boolean
This Source Code Form is subject to the terms of the Mozilla Public License, v.
void UA_SecureChannel_init(UA_SecureChannel *channel, const UA_ConnectionConfig *config)
UA_StatusCode UA_ProcessMessageCallback(void *application, UA_SecureChannel *channel, UA_MessageType messageType, UA_UInt32 requestId, UA_ByteString *message)
void UA_MessageContext_abort(UA_MessageContext *mc)
To be used when a failure occures when a MessageContext is open.
UA_StatusCode UA_SecureChannel_generateLocalNonce(UA_SecureChannel *channel)
Wrapper function for generating a local nonce for the supplied channel.
UA_StatusCode UA_MessageContext_finish(UA_MessageContext *mc)
Sends a symmetric message already encoded in the context.
UA_StatusCode UA_SecureChannel_processHELACK(UA_SecureChannel *channel, const UA_TcpAcknowledgeMessage *remoteConfig)
Process the remote configuration in the HEL/ACK handshake.
UA_StatusCode signAndEncryptAsym(UA_SecureChannel *channel, size_t preSignLength, UA_ByteString *buf, size_t securityHeaderLength, size_t totalLength)
void padChunk(UA_SecureChannel *channel, const UA_SecurityPolicyCryptoModule *cm, const UA_Byte *start, UA_Byte **pos)
void hideBytesAsym(const UA_SecureChannel *channel, UA_Byte **buf_start, const UA_Byte **buf_end)
Internal methods in ua_securechannel_crypto.h.
UA_StatusCode UA_SecureChannel_generateLocalKeys(const UA_SecureChannel *channel)
UA_StatusCode prependHeadersAsym(UA_SecureChannel *const channel, UA_Byte *header_pos, const UA_Byte *buf_end, size_t totalLength, size_t securityHeaderLength, UA_UInt32 requestId, size_t *const finalLength)
UA_StatusCode checkSymHeader(UA_SecureChannel *channel, const UA_UInt32 tokenId)
void setBufPos(UA_MessageContext *mc)
void UA_SecureChannel_deleteBuffered(UA_SecureChannel *channel)
Remove (partially) received unprocessed chunks.
size_t calculateAsymAlgSecurityHeaderLength(const UA_SecureChannel *channel)
UA_StatusCode decryptAndVerifyChunk(const UA_SecureChannel *channel, const UA_SecurityPolicyCryptoModule *cryptoModule, UA_MessageType messageType, UA_ByteString *chunk, size_t offset)
Decrypt and verify via the signature.
UA_StatusCode generateRemoteKeys(const UA_SecureChannel *channel)
UA_StatusCode signAndEncryptSym(UA_MessageContext *messageContext, size_t preSigLength, size_t totalLength)
struct UA_SessionHeader UA_SessionHeader
Thread-local variables to force failure modes during testing.
UA_StatusCode UA_SecureChannel_sendAsymmetricOPNMessage(UA_SecureChannel *channel, UA_UInt32 requestId, const void *content, const UA_DataType *contentType)
UA_StatusCode UA_MessageContext_begin(UA_MessageContext *mc, UA_SecureChannel *channel, UA_UInt32 requestId, UA_MessageType messageType)
Start the context of a new symmetric message.
struct UA_Chunk UA_Chunk
For chunked requests.
void UA_SecureChannel_close(UA_SecureChannel *channel)
UA_StatusCode UA_SecureChannel_sendSymmetricMessage(UA_SecureChannel *channel, UA_UInt32 requestId, UA_MessageType messageType, void *payload, const UA_DataType *payloadType)
UA_StatusCode checkAsymHeader(UA_SecureChannel *channel, const UA_AsymmetricAlgorithmSecurityHeader *asymHeader)
UA_StatusCode UA_MessageContext_encode(UA_MessageContext *mc, const void *content, const UA_DataType *contentType)
Encode the content and send out full chunks.
UA_StatusCode UA_SecureChannel_processBuffer(UA_SecureChannel *channel, void *application, UA_ProcessMessageCallback callback, const UA_ByteString *buffer)
Process a received buffer.
UA_StatusCode UA_SecureChannel_setSecurityPolicy(UA_SecureChannel *channel, const UA_SecurityPolicy *securityPolicy, const UA_ByteString *remoteCertificate)
UA_SecureChannelRenewState
@ UA_SECURECHANNELRENEWSTATE_SENT
@ UA_SECURECHANNELRENEWSTATE_NORMAL
@ UA_SECURECHANNELRENEWSTATE_NEWTOKEN_SERVER
@ UA_SECURECHANNELRENEWSTATE_NEWTOKEN_CLIENT
UA_StatusCode UA_SecureChannel_receive(UA_SecureChannel *channel, void *application, UA_ProcessMessageCallback callback, UA_UInt32 timeout)
Try to receive at least one complete chunk on the connection.