refactor(core): Replace SymmetricAlgorithmSecurityHeader with UA_UInt32

This is the only member of the header. Simplifies the code path and reduces the overhead of a type description.
2025-06-03 04:00:21 +00:00 · 2021-03-28 21:46:05 +02:00 · 2021-03-28 21:46:05 +02:00 · b3aa7a4273
commit b3aa7a4273
parent 6cb2645d52
5 changed files with 11 additions and 21 deletions
--- a/src/ua_securechannel.c
+++ b/src/ua_securechannel.c
@ -597,22 +597,19 @@ unpackPayloadMSG(UA_SecureChannel *channel, UA_Chunk *chunk) {
    UA_assert(chunk->bytes.length >= UA_SECURECHANNEL_MESSAGE_MIN_LENGTH);
    size_t offset = UA_SECURECHANNEL_MESSAGEHEADER_LENGTH; /* Skip the message header */
    UA_UInt32 secureChannelId;
-    UA_SymmetricAlgorithmSecurityHeader symHeader;
+    UA_UInt32 tokenId; /* SymmetricAlgorithmSecurityHeader */
    UA_UInt32_decodeBinary(&chunk->bytes, &offset, &secureChannelId);
-    UA_SymmetricAlgorithmSecurityHeader_decodeBinary(&chunk->bytes, &offset, &symHeader);
+    UA_UInt32_decodeBinary(&chunk->bytes, &offset, &tokenId);
    UA_assert(offset == UA_SECURECHANNEL_MESSAGE_MIN_LENGTH);

 #if !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
    /* Check the ChannelId. Non-opened channels have the id zero. */
-    if(secureChannelId != channel->securityToken.channelId) {
-        UA_SymmetricAlgorithmSecurityHeader_clear(&symHeader);
+    if(secureChannelId != channel->securityToken.channelId)
        return UA_STATUSCODE_BADSECURECHANNELIDINVALID;
-    }
 #endif

    /* Check (and revolve) the SecurityToken */
-    UA_StatusCode res = checkSymHeader(channel, &symHeader);
-    UA_SymmetricAlgorithmSecurityHeader_clear(&symHeader);
+    UA_StatusCode res = checkSymHeader(channel, tokenId);
    if(res != UA_STATUSCODE_GOOD)
        return res;

--- a/src/ua_securechannel.h
+++ b/src/ua_securechannel.h
@ -30,7 +30,7 @@ _UA_BEGIN_DECLS
 * *** UA_SECURECHANNEL_MESSAGEHEADER_LENGTH ***
 * - SecureChannelId (4 Byte)
 * *** UA_SECURECHANNEL_CHANNELHEADER_LENGTH ***
- * - SecurityHeader (4 Byte for symmetric, otherwise dynamic length)
+ * - SecurityHeader (4 Byte TokenId for symmetric, otherwise dynamic length)
 * - SequenceHeader (8 Byte)
 *   - SequenceNumber
 *   - RequestId
@ -307,7 +307,7 @@ void
 setBufPos(UA_MessageContext *mc);

 UA_StatusCode
-checkSymHeader(UA_SecureChannel *channel, const UA_SymmetricAlgorithmSecurityHeader *symHeader);
+checkSymHeader(UA_SecureChannel *channel, const UA_UInt32 tokenId);

 UA_StatusCode
 checkAsymHeader(UA_SecureChannel *channel,
--- a/src/ua_securechannel_crypto.c
+++ b/src/ua_securechannel_crypto.c
@ -515,8 +515,7 @@ checkAsymHeader(UA_SecureChannel *channel,
 }

 UA_StatusCode
-checkSymHeader(UA_SecureChannel *channel,
-               const UA_SymmetricAlgorithmSecurityHeader *symHeader) {
+checkSymHeader(UA_SecureChannel *channel, const UA_UInt32 tokenId) {
    /* If no match, try to revolve to the next token after a
     * RenewSecureChannel */
    UA_StatusCode retval = UA_STATUSCODE_GOOD;
@ -529,11 +528,11 @@ checkSymHeader(UA_SecureChannel *channel,

    case UA_SECURECHANNELRENEWSTATE_NEWTOKEN_SERVER:
        /* Old token still in use */
-        if(symHeader->tokenId == channel->securityToken.tokenId)
+        if(tokenId == channel->securityToken.tokenId)
            break;

        /* Not the new token */
-        if(symHeader->tokenId != channel->altSecurityToken.tokenId) {
+        if(tokenId != channel->altSecurityToken.tokenId) {
            UA_LOG_WARNING_CHANNEL(channel->securityPolicy->logger, channel,
                                   "Unknown SecurityToken");
            return UA_STATUSCODE_BADSECURECHANNELTOKENUNKNOWN;
@ -549,13 +548,13 @@ checkSymHeader(UA_SecureChannel *channel,

    case UA_SECURECHANNELRENEWSTATE_NEWTOKEN_CLIENT:
        /* The server is still using the old token. That's okay. */
-        if(symHeader->tokenId == channel->altSecurityToken.tokenId) {
+        if(tokenId == channel->altSecurityToken.tokenId) {
            token = &channel->altSecurityToken;
            break;
        }

        /* Not the new token */
-        if(symHeader->tokenId != channel->securityToken.tokenId) {
+        if(tokenId != channel->securityToken.tokenId) {
            UA_LOG_WARNING_CHANNEL(channel->securityPolicy->logger, channel,
                                   "Unknown SecurityToken");
            return UA_STATUSCODE_BADSECURECHANNELTOKENUNKNOWN;
--- a/tools/schema/Custom.Opc.Ua.Transport.bsd
+++ b/tools/schema/Custom.Opc.Ua.Transport.bsd
@ -67,11 +67,6 @@
    <opc:Field Name="ReceiverCertificateThumbprint" TypeName="opc:ByteString" />
  </opc:StructuredType>

-  <opc:StructuredType Name="SymmetricAlgorithmSecurityHeader">
-    <opc:Documentation>Symmetric Security Header</opc:Documentation>
-    <opc:Field Name="TokenId" TypeName="opc:UInt32" />
-  </opc:StructuredType>
-  
  <opc:StructuredType Name="SequenceHeader">
    <opc:Documentation>Secure Layer Sequence Header</opc:Documentation>
    <opc:Field Name="SequenceNumber" TypeName="opc:UInt32" />
--- a/tools/schema/datatypes_transport.txt
+++ b/tools/schema/datatypes_transport.txt
@ -5,5 +5,4 @@ TcpHelloMessage
 TcpAcknowledgeMessage
 TcpErrorMessage
 AsymmetricAlgorithmSecurityHeader
-SymmetricAlgorithmSecurityHeader
 SequenceHeader