github/open62541
7
0
Fork 0
mirror of https://github.com/open62541/open62541.git synced 2025-06-03 04:00:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(plugin): Check which privateKey should be used if no key is specified

Browse Source
This commit is contained in:
Noel Graf 2024-09-05 10:58:43 +02:00 committed by Julius Pfrommer
parent 274865b0b2
commit dccdfe629c
10 changed files with 180 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
plugins/crypto/mbedtls/securitypolicy_aes128sha256rsaoaep.c
View File

@ -603,6 +603,12 @@ updateCertificateAndPrivateKey_sp_aes128sha256rsaoaep(UA_SecurityPolicy *securit
Aes128Sha256PsaOaep_PolicyContext *pc =
(Aes128Sha256PsaOaep_PolicyContext *) securityPolicy->policyContext;
UA_Boolean isLocalKey = false;
if(newPrivateKey.length <= 0) {
if(UA_CertificateUtils_comparePublicKeys(&newCertificate, &securityPolicy->localCertificate) == 0)
isLocalKey = true;
}
UA_ByteString_clear(&securityPolicy->localCertificate);
UA_StatusCode retval = UA_mbedTLS_LoadLocalCertificate(&newCertificate, &securityPolicy->localCertificate);
@ -611,12 +617,19 @@ updateCertificateAndPrivateKey_sp_aes128sha256rsaoaep(UA_SecurityPolicy *securit
return retval;
/* Set the new private key */
mbedtls_pk_free(&pc->localPrivateKey);
mbedtls_pk_init(&pc->localPrivateKey);
int mbedErr = UA_mbedTLS_LoadPrivateKey(&newPrivateKey, &pc->localPrivateKey, &pc->entropyContext);
if(mbedErr) {
retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
goto error;
if(newPrivateKey.length > 0) {
mbedtls_pk_free(&pc->localPrivateKey);
mbedtls_pk_init(&pc->localPrivateKey);
if(UA_mbedTLS_LoadPrivateKey(&newPrivateKey, &pc->localPrivateKey, &pc->entropyContext)) {
retval = UA_STATUSCODE_BADNOTSUPPORTED;
goto error;
}
} else {
if(!isLocalKey) {
mbedtls_pk_free(&pc->localPrivateKey);
pc->localPrivateKey = pc->csrLocalPrivateKey;
mbedtls_pk_init(&pc->csrLocalPrivateKey);
}
}
retval = asym_makeThumbprint_sp_aes128sha256rsaoaep(securityPolicy,

25
plugins/crypto/mbedtls/securitypolicy_aes256sha256rsapss.c
View File

@ -695,6 +695,12 @@ updateCertificateAndPrivateKey_sp_aes256sha256rsapss(UA_SecurityPolicy *security
Aes256Sha256RsaPss_PolicyContext *pc =
(Aes256Sha256RsaPss_PolicyContext *) securityPolicy->policyContext;
UA_Boolean isLocalKey = false;
if(newPrivateKey.length <= 0) {
if(UA_CertificateUtils_comparePublicKeys(&newCertificate, &securityPolicy->localCertificate) == 0)
isLocalKey = true;
}
UA_ByteString_clear(&securityPolicy->localCertificate);
UA_StatusCode retval = UA_mbedTLS_LoadLocalCertificate(&newCertificate, &securityPolicy->localCertificate);
@ -703,12 +709,19 @@ updateCertificateAndPrivateKey_sp_aes256sha256rsapss(UA_SecurityPolicy *security
return retval;
/* Set the new private key */
mbedtls_pk_free(&pc->localPrivateKey);
mbedtls_pk_init(&pc->localPrivateKey);
int mbedErr = UA_mbedTLS_LoadPrivateKey(&newPrivateKey, &pc->localPrivateKey, &pc->entropyContext);
if(mbedErr) {
retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
goto error;
if(newPrivateKey.length > 0) {
mbedtls_pk_free(&pc->localPrivateKey);
mbedtls_pk_init(&pc->localPrivateKey);
if(UA_mbedTLS_LoadPrivateKey(&newPrivateKey, &pc->localPrivateKey, &pc->entropyContext)) {
retval = UA_STATUSCODE_BADNOTSUPPORTED;
goto error;
}
} else {
if(!isLocalKey) {
mbedtls_pk_free(&pc->localPrivateKey);
pc->localPrivateKey = pc->csrLocalPrivateKey;
mbedtls_pk_init(&pc->csrLocalPrivateKey);
}
}
retval = asym_makeThumbprint_sp_aes256sha256rsapss(securityPolicy,

25
plugins/crypto/mbedtls/securitypolicy_basic128rsa15.c
View File

@ -622,6 +622,12 @@ updateCertificateAndPrivateKey_sp_basic128rsa15(UA_SecurityPolicy *securityPolic
Basic128Rsa15_PolicyContext *pc = (Basic128Rsa15_PolicyContext *)securityPolicy->policyContext;
UA_Boolean isLocalKey = false;
if(newPrivateKey.length <= 0) {
if(UA_CertificateUtils_comparePublicKeys(&newCertificate, &securityPolicy->localCertificate) == 0)
isLocalKey = true;
}
UA_ByteString_clear(&securityPolicy->localCertificate);
UA_StatusCode retval = UA_mbedTLS_LoadLocalCertificate(&newCertificate, &securityPolicy->localCertificate);
@ -630,12 +636,19 @@ updateCertificateAndPrivateKey_sp_basic128rsa15(UA_SecurityPolicy *securityPolic
return retval;
/* Set the new private key */
mbedtls_pk_free(&pc->localPrivateKey);
mbedtls_pk_init(&pc->localPrivateKey);
int mbedErr = UA_mbedTLS_LoadPrivateKey(&newPrivateKey, &pc->localPrivateKey, &pc->entropyContext);
if(mbedErr) {
retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
goto error;
if(newPrivateKey.length > 0) {
mbedtls_pk_free(&pc->localPrivateKey);
mbedtls_pk_init(&pc->localPrivateKey);
if(UA_mbedTLS_LoadPrivateKey(&newPrivateKey, &pc->localPrivateKey, &pc->entropyContext)) {
retval = UA_STATUSCODE_BADNOTSUPPORTED;
goto error;
}
} else {
if(!isLocalKey) {
mbedtls_pk_free(&pc->localPrivateKey);
pc->localPrivateKey = pc->csrLocalPrivateKey;
mbedtls_pk_init(&pc->csrLocalPrivateKey);
}
}
retval = asym_makeThumbprint_sp_basic128rsa15(securityPolicy,

27
plugins/crypto/mbedtls/securitypolicy_basic256.c
View File

@ -553,6 +553,12 @@ updateCertificateAndPrivateKey_sp_basic256(UA_SecurityPolicy *securityPolicy,
Basic256_PolicyContext *pc = (Basic256_PolicyContext *)
securityPolicy->policyContext;
UA_Boolean isLocalKey = false;
if(newPrivateKey.length <= 0) {
if(UA_CertificateUtils_comparePublicKeys(&newCertificate, &securityPolicy->localCertificate) == 0)
isLocalKey = true;
}
UA_ByteString_clear(&securityPolicy->localCertificate);
UA_StatusCode retval = UA_mbedTLS_LoadLocalCertificate(&newCertificate, &securityPolicy->localCertificate);
@ -561,14 +567,19 @@ updateCertificateAndPrivateKey_sp_basic256(UA_SecurityPolicy *securityPolicy,
return retval;
/* Set the new private key */
mbedtls_pk_free(&pc->localPrivateKey);
mbedtls_pk_init(&pc->localPrivateKey);
int mbedErr = UA_mbedTLS_LoadPrivateKey(&newPrivateKey, &pc->localPrivateKey, &pc->entropyContext);
if(mbedErr) {
retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
goto error;
if(newPrivateKey.length > 0) {
mbedtls_pk_free(&pc->localPrivateKey);
mbedtls_pk_init(&pc->localPrivateKey);
if(UA_mbedTLS_LoadPrivateKey(&newPrivateKey, &pc->localPrivateKey, &pc->entropyContext)) {
retval = UA_STATUSCODE_BADNOTSUPPORTED;
goto error;
}
} else {
if(!isLocalKey) {
mbedtls_pk_free(&pc->localPrivateKey);
pc->localPrivateKey = pc->csrLocalPrivateKey;
mbedtls_pk_init(&pc->csrLocalPrivateKey);
}
}
retval = asym_makeThumbprint_sp_basic256(securityPolicy,

25
plugins/crypto/mbedtls/securitypolicy_basic256sha256.c
View File

@ -604,6 +604,12 @@ updateCertificateAndPrivateKey_sp_basic256sha256(UA_SecurityPolicy *securityPoli
Basic256Sha256_PolicyContext *pc =
(Basic256Sha256_PolicyContext *) securityPolicy->policyContext;
UA_Boolean isLocalKey = false;
if(newPrivateKey.length <= 0) {
if(UA_CertificateUtils_comparePublicKeys(&newCertificate, &securityPolicy->localCertificate) == 0)
isLocalKey = true;
}
UA_ByteString_clear(&securityPolicy->localCertificate);
UA_StatusCode retval = UA_mbedTLS_LoadLocalCertificate(&newCertificate, &securityPolicy->localCertificate);
@ -612,12 +618,19 @@ updateCertificateAndPrivateKey_sp_basic256sha256(UA_SecurityPolicy *securityPoli
return retval;
/* Set the new private key */
mbedtls_pk_free(&pc->localPrivateKey);
mbedtls_pk_init(&pc->localPrivateKey);
int mbedErr = UA_mbedTLS_LoadPrivateKey(&newPrivateKey, &pc->localPrivateKey, &pc->entropyContext);
if(mbedErr) {
retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
goto error;
if(newPrivateKey.length > 0) {
mbedtls_pk_free(&pc->localPrivateKey);
mbedtls_pk_init(&pc->localPrivateKey);
if(UA_mbedTLS_LoadPrivateKey(&newPrivateKey, &pc->localPrivateKey, &pc->entropyContext)) {
retval = UA_STATUSCODE_BADNOTSUPPORTED;
goto error;
}
} else {
if(!isLocalKey) {
mbedtls_pk_free(&pc->localPrivateKey);
pc->localPrivateKey = pc->csrLocalPrivateKey;
mbedtls_pk_init(&pc->csrLocalPrivateKey);
}
}
retval = asym_makeThumbprint_sp_basic256sha256(securityPolicy,

21
plugins/crypto/openssl/securitypolicy_aes128sha256rsaoaep.c
View File

@ -121,6 +121,12 @@ updateCertificateAndPrivateKey_sp_aes128sha256rsaoaep(UA_SecurityPolicy *securit
Policy_Context_Aes128Sha256RsaOaep *pc =
(Policy_Context_Aes128Sha256RsaOaep *)securityPolicy->policyContext;
UA_Boolean isLocalKey = false;
if(newPrivateKey.length <= 0) {
if(UA_CertificateUtils_comparePublicKeys(&newCertificate, &securityPolicy->localCertificate) == 0)
isLocalKey = true;
}
UA_ByteString_clear(&securityPolicy->localCertificate);
UA_StatusCode retval = UA_OpenSSL_LoadLocalCertificate(
@ -130,12 +136,19 @@ updateCertificateAndPrivateKey_sp_aes128sha256rsaoaep(UA_SecurityPolicy *securit
return retval;
/* Set the new private key */
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = UA_OpenSSL_LoadPrivateKey(&newPrivateKey);
if(newPrivateKey.length > 0) {
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = UA_OpenSSL_LoadPrivateKey(&newPrivateKey);
} else {
if(!isLocalKey) {
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = pc->csrLocalPrivateKey;
pc->csrLocalPrivateKey = NULL;
}
}
if(!pc->localPrivateKey) {
retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
retval = UA_STATUSCODE_BADNOTSUPPORTED;
goto error;
}

20
plugins/crypto/openssl/securitypolicy_aes256sha256rsapss.c
View File

@ -143,6 +143,12 @@ updateCertificateAndPrivateKey_sp_aes128sha256rsapss(UA_SecurityPolicy *security
Policy_Context_Aes256Sha256RsaPss *pc =
(Policy_Context_Aes256Sha256RsaPss *)securityPolicy->policyContext;
UA_Boolean isLocalKey = false;
if(newPrivateKey.length <= 0) {
if(UA_CertificateUtils_comparePublicKeys(&newCertificate, &securityPolicy->localCertificate) == 0)
isLocalKey = true;
}
UA_ByteString_clear(&securityPolicy->localCertificate);
UA_ByteString_clear(&pc->localCertThumbprint);
@ -153,11 +159,19 @@ updateCertificateAndPrivateKey_sp_aes128sha256rsapss(UA_SecurityPolicy *security
return retval;
/* Set the new private key */
EVP_PKEY_free(pc->localPrivateKey);
if(newPrivateKey.length > 0) {
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = UA_OpenSSL_LoadPrivateKey(&newPrivateKey);
} else {
if(!isLocalKey) {
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = pc->csrLocalPrivateKey;
pc->csrLocalPrivateKey = NULL;
}
}
pc->localPrivateKey = UA_OpenSSL_LoadPrivateKey(&newPrivateKey);
if(!pc->localPrivateKey) {
retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
retval = UA_STATUSCODE_BADNOTSUPPORTED;
goto error;
}

21
plugins/crypto/openssl/securitypolicy_basic128rsa15.c
View File

@ -113,6 +113,12 @@ updateCertificateAndPrivateKey_sp_basic128rsa15(UA_SecurityPolicy *securityPolic
Policy_Context_Basic128Rsa15 *pc =
(Policy_Context_Basic128Rsa15 *)securityPolicy->policyContext;
UA_Boolean isLocalKey = false;
if(newPrivateKey.length <= 0) {
if(UA_CertificateUtils_comparePublicKeys(&newCertificate, &securityPolicy->localCertificate) == 0)
isLocalKey = true;
}
UA_ByteString_clear(&securityPolicy->localCertificate);
UA_StatusCode retval = UA_OpenSSL_LoadLocalCertificate(
@ -122,12 +128,19 @@ updateCertificateAndPrivateKey_sp_basic128rsa15(UA_SecurityPolicy *securityPolic
return retval;
/* Set the new private key */
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = UA_OpenSSL_LoadPrivateKey(&newPrivateKey);
if(newPrivateKey.length > 0) {
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = UA_OpenSSL_LoadPrivateKey(&newPrivateKey);
} else {
if(!isLocalKey) {
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = pc->csrLocalPrivateKey;
pc->csrLocalPrivateKey = NULL;
}
}
if(!pc->localPrivateKey) {
retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
retval = UA_STATUSCODE_BADNOTSUPPORTED;
goto error;
}

21
plugins/crypto/openssl/securitypolicy_basic256.c
View File

@ -111,6 +111,12 @@ updateCertificateAndPrivateKey_sp_basic256(UA_SecurityPolicy *securityPolicy,
Policy_Context_Basic256 *pc =
(Policy_Context_Basic256 *)securityPolicy->policyContext;
UA_Boolean isLocalKey = false;
if(newPrivateKey.length <= 0) {
if(UA_CertificateUtils_comparePublicKeys(&newCertificate, &securityPolicy->localCertificate) == 0)
isLocalKey = true;
}
UA_ByteString_clear(&securityPolicy->localCertificate);
UA_StatusCode retval = UA_OpenSSL_LoadLocalCertificate(
@ -120,12 +126,19 @@ updateCertificateAndPrivateKey_sp_basic256(UA_SecurityPolicy *securityPolicy,
return retval;
/* Set the new private key */
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = UA_OpenSSL_LoadPrivateKey(&newPrivateKey);
if(newPrivateKey.length > 0) {
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = UA_OpenSSL_LoadPrivateKey(&newPrivateKey);
} else {
if(!isLocalKey) {
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = pc->csrLocalPrivateKey;
pc->csrLocalPrivateKey = NULL;
}
}
if(!pc->localPrivateKey) {
retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
retval = UA_STATUSCODE_BADNOTSUPPORTED;
goto error;
}

21
plugins/crypto/openssl/securitypolicy_basic256sha256.c
View File

@ -112,6 +112,12 @@ updateCertificateAndPrivateKey_sp_basic256sha256(UA_SecurityPolicy *securityPoli
Policy_Context_Basic256Sha256 *pc =
(Policy_Context_Basic256Sha256 *)securityPolicy->policyContext;
UA_Boolean isLocalKey = false;
if(newPrivateKey.length <= 0) {
if(UA_CertificateUtils_comparePublicKeys(&newCertificate, &securityPolicy->localCertificate) == 0)
isLocalKey = true;
}
UA_ByteString_clear(&securityPolicy->localCertificate);
UA_StatusCode retval = UA_OpenSSL_LoadLocalCertificate(
@ -121,12 +127,19 @@ updateCertificateAndPrivateKey_sp_basic256sha256(UA_SecurityPolicy *securityPoli
return retval;
/* Set the new private key */
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = UA_OpenSSL_LoadPrivateKey(&newPrivateKey);
if(newPrivateKey.length > 0) {
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = UA_OpenSSL_LoadPrivateKey(&newPrivateKey);
} else {
if(!isLocalKey) {
EVP_PKEY_free(pc->localPrivateKey);
pc->localPrivateKey = pc->csrLocalPrivateKey;
pc->csrLocalPrivateKey = NULL;
}
}
if(!pc->localPrivateKey) {
retval = UA_STATUSCODE_BADSECURITYCHECKSFAILED;
retval = UA_STATUSCODE_BADNOTSUPPORTED;
goto error;
}