/src/S2OPC/src/Common/crypto/sopc_crypto_profiles.c
Line | Count | Source |
1 | | /* |
2 | | * Licensed to Systerel under one or more contributor license |
3 | | * agreements. See the NOTICE file distributed with this work |
4 | | * for additional information regarding copyright ownership. |
5 | | * Systerel licenses this file to you under the Apache |
6 | | * License, Version 2.0 (the "License"); you may not use this |
7 | | * file except in compliance with the License. You may obtain |
8 | | * a copy of the License at |
9 | | * |
10 | | * http://www.apache.org/licenses/LICENSE-2.0 |
11 | | * |
12 | | * Unless required by applicable law or agreed to in writing, |
13 | | * software distributed under the License is distributed on an |
14 | | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
15 | | * KIND, either express or implied. See the License for the |
16 | | * specific language governing permissions and limitations |
17 | | * under the License. |
18 | | */ |
19 | | |
20 | | #include <string.h> |
21 | | |
22 | | #include "sopc_assert.h" |
23 | | #include "sopc_crypto_decl.h" |
24 | | #include "sopc_crypto_profiles.h" |
25 | | #include "sopc_crypto_profiles_lib_itf.h" |
26 | | #include "sopc_helper_string.h" |
27 | | |
28 | | // CryptoProfiles instances |
29 | | extern const SOPC_CryptoProfile sopc_g_cpAes256Sha256RsaPss; |
30 | | extern const SOPC_CryptoProfile sopc_g_cpAes128Sha256RsaOaep; |
31 | | extern const SOPC_CryptoProfile sopc_g_cpBasic256Sha256; |
32 | | extern const SOPC_CryptoProfile sopc_g_cpBasic256; |
33 | | extern const SOPC_CryptoProfile sopc_g_cpNone; |
34 | | extern const SOPC_CryptoProfile_PubSub sopc_g_cppsPubSubAes256; |
35 | | extern const SOPC_CryptoProfile_PubSub sopc_g_cppsNone; |
36 | | |
37 | | static const SOPC_CryptoProfile* SOPC_CryptoProfile_LibProfile_Get(const char* uri) |
38 | 0 | { |
39 | 0 | if (uri == NULL) |
40 | 0 | { |
41 | 0 | return NULL; |
42 | 0 | } |
43 | | |
44 | 0 | if (strcmp(uri, SOPC_SecurityPolicy_Aes256Sha256RsaPss_URI) == 0) |
45 | 0 | { |
46 | 0 | return &sopc_g_cpAes256Sha256RsaPss; |
47 | 0 | } |
48 | 0 | else if (strcmp(uri, SOPC_SecurityPolicy_Aes128Sha256RsaOaep_URI) == 0) |
49 | 0 | { |
50 | 0 | return &sopc_g_cpAes128Sha256RsaOaep; |
51 | 0 | } |
52 | 0 | else if (strcmp(uri, SOPC_SecurityPolicy_Basic256Sha256_URI) == 0) |
53 | 0 | { |
54 | 0 | return &sopc_g_cpBasic256Sha256; |
55 | 0 | } |
56 | 0 | else if (strcmp(uri, SOPC_SecurityPolicy_Basic256_URI) == 0) |
57 | 0 | { |
58 | 0 | return &sopc_g_cpBasic256; |
59 | 0 | } |
60 | 0 | else if (strcmp(uri, SOPC_SecurityPolicy_None_URI) == 0) |
61 | 0 | { |
62 | 0 | return &sopc_g_cpNone; |
63 | 0 | } |
64 | | |
65 | 0 | return NULL; |
66 | 0 | } |
67 | | |
68 | | static const SOPC_CryptoProfile_PubSub* SOPC_CryptoProfile_LibPubSub_Get(const char* uri) |
69 | 0 | { |
70 | 0 | if (uri == NULL) |
71 | 0 | { |
72 | 0 | return NULL; |
73 | 0 | } |
74 | | |
75 | 0 | if (strcmp(uri, SOPC_SecurityPolicy_PubSub_Aes256_URI) == 0) |
76 | 0 | { |
77 | 0 | return &sopc_g_cppsPubSubAes256; |
78 | 0 | } |
79 | 0 | else if (strcmp(uri, SOPC_SecurityPolicy_None_URI) == 0) |
80 | 0 | { |
81 | 0 | return &sopc_g_cppsNone; |
82 | 0 | } |
83 | | |
84 | 0 | return NULL; |
85 | 0 | } |
86 | | |
87 | | const SOPC_SecurityPolicy_Config securityPolicy_cfg[SOPC_SecurityPolicy_Last_ID] = { |
88 | | // SOPC_SecurityPolicy_Invalid_ID |
89 | | {.uri = NULL, |
90 | | .name = "<Invalid>", |
91 | | .isInvalid = true, |
92 | | .profile = NULL, |
93 | | .psProfile = NULL, |
94 | | .secuPolicyWeight = 0, |
95 | | .symmLen_CryptoKey = 0, |
96 | | .symmLen_SignKey = 0, |
97 | | .symmLen_Signature = 0, |
98 | | .symmLen_Block = 0, |
99 | | .symmLen_KeyNonce = 0, |
100 | | .symmLen_MessageRandom = 0, |
101 | | .asymLen_OAEP_Hash = 0, |
102 | | .asymLen_KeyMinBits = 0, |
103 | | .asymLen_KeyMaxBits = 0, |
104 | | .secureChannelNonceLength = 0, |
105 | | .URI_SignAlgo = NULL, |
106 | | .certLen_Thumbprint = 0}, |
107 | | // SOPC_SecurityPolicy_Basic256Sha256_ID |
108 | | {.uri = SOPC_SecurityPolicy_Basic256Sha256_URI, |
109 | | .name = "Basic256Sha256", |
110 | | .isInvalid = false, |
111 | | .profile = &SOPC_CryptoProfile_LibProfile_Get, |
112 | | .psProfile = NULL, |
113 | | .secuPolicyWeight = 3, |
114 | | .symmLen_CryptoKey = 32, |
115 | | .symmLen_SignKey = 32, |
116 | | .symmLen_Signature = 32, |
117 | | .symmLen_Block = 16, |
118 | | .symmLen_KeyNonce = 0, |
119 | | .symmLen_MessageRandom = 0, |
120 | | .asymLen_OAEP_Hash = 20, |
121 | | .asymLen_KeyMinBits = 2048, |
122 | | .asymLen_KeyMaxBits = 4096, |
123 | | .secureChannelNonceLength = 32, |
124 | | .URI_SignAlgo = SOPC_SecurityPolicy_Basic256Sha256_URI_SignAlgo, |
125 | | .certLen_Thumbprint = 20}, |
126 | | // SOPC_SecurityPolicy_Basic256_ID |
127 | | {.uri = SOPC_SecurityPolicy_Basic256_URI, |
128 | | .name = "Basic256", |
129 | | .isInvalid = false, |
130 | | .profile = &SOPC_CryptoProfile_LibProfile_Get, |
131 | | .psProfile = NULL, |
132 | | .secuPolicyWeight = 2, |
133 | | .symmLen_CryptoKey = 32, |
134 | | .symmLen_SignKey = 24, |
135 | | .symmLen_Signature = 20, |
136 | | .symmLen_Block = 16, |
137 | | .symmLen_KeyNonce = 0, |
138 | | .symmLen_MessageRandom = 0, |
139 | | .asymLen_OAEP_Hash = 20, |
140 | | .asymLen_KeyMinBits = 1024, |
141 | | .asymLen_KeyMaxBits = 2048, |
142 | | .secureChannelNonceLength = 32, |
143 | | .URI_SignAlgo = SOPC_SecurityPolicy_Basic256_URI_SignAlgo, |
144 | | .certLen_Thumbprint = 20}, |
145 | | // SOPC_SecurityPolicy_None_ID |
146 | | {.uri = SOPC_SecurityPolicy_None_URI, |
147 | | .name = "None", |
148 | | .isInvalid = false, |
149 | | .profile = &SOPC_CryptoProfile_LibProfile_Get, |
150 | | .psProfile = &SOPC_CryptoProfile_LibPubSub_Get, |
151 | | .secuPolicyWeight = 0, |
152 | | .symmLen_CryptoKey = 0, |
153 | | .symmLen_SignKey = 0, |
154 | | .symmLen_Signature = 0, |
155 | | .symmLen_Block = 0, |
156 | | .symmLen_KeyNonce = 0, |
157 | | .symmLen_MessageRandom = 0, |
158 | | .asymLen_OAEP_Hash = 0, |
159 | | .asymLen_KeyMinBits = 0, |
160 | | .asymLen_KeyMaxBits = 0, |
161 | | .secureChannelNonceLength = 0, |
162 | | .URI_SignAlgo = NULL, |
163 | | .certLen_Thumbprint = 0}, |
164 | | // SOPC_SecurityPolicy_PubSub_Aes256_ID |
165 | | {.uri = SOPC_SecurityPolicy_PubSub_Aes256_URI, |
166 | | .name = "Aes256", |
167 | | .isInvalid = false, |
168 | | .profile = NULL, |
169 | | .psProfile = &SOPC_CryptoProfile_LibPubSub_Get, |
170 | | .secuPolicyWeight = 0, |
171 | | .symmLen_CryptoKey = 32, |
172 | | .symmLen_SignKey = 32, |
173 | | .symmLen_Signature = 32, |
174 | | .symmLen_Block = 0, |
175 | | .symmLen_KeyNonce = 4, |
176 | | .symmLen_MessageRandom = 4, |
177 | | .asymLen_OAEP_Hash = 0, |
178 | | .asymLen_KeyMinBits = 0, |
179 | | .asymLen_KeyMaxBits = 0, |
180 | | .secureChannelNonceLength = 0, |
181 | | .URI_SignAlgo = NULL, |
182 | | .certLen_Thumbprint = 0}, |
183 | | // SOPC_SecurityPolicy_Aes128Sha256RsaOaep_ID |
184 | | {.uri = SOPC_SecurityPolicy_Aes128Sha256RsaOaep_URI, |
185 | | .name = "Aes128-Sha256-RsaOaep", |
186 | | .isInvalid = false, |
187 | | .profile = &SOPC_CryptoProfile_LibProfile_Get, |
188 | | .psProfile = NULL, |
189 | | .secuPolicyWeight = 1, |
190 | | .symmLen_CryptoKey = 16, |
191 | | .symmLen_SignKey = 32, |
192 | | .symmLen_Signature = 32, |
193 | | .symmLen_Block = 16, |
194 | | .symmLen_KeyNonce = 0, |
195 | | .symmLen_MessageRandom = 0, |
196 | | .asymLen_OAEP_Hash = 20, |
197 | | .asymLen_KeyMinBits = 2048, |
198 | | .asymLen_KeyMaxBits = 4096, |
199 | | .secureChannelNonceLength = 32, |
200 | | .URI_SignAlgo = SOPC_SecurityPolicy_Aes128Sha256RsaOaep_URI_SignAlgo, |
201 | | .certLen_Thumbprint = 20}, |
202 | | // SOPC_SecurityPolicy_Aes256Sha256RsaPss_ID |
203 | | {.uri = SOPC_SecurityPolicy_Aes256Sha256RsaPss_URI, |
204 | | .name = "Aes256-Sha256-RsaPss", |
205 | | .isInvalid = false, |
206 | | .profile = &SOPC_CryptoProfile_LibProfile_Get, |
207 | | .psProfile = NULL, |
208 | | .secuPolicyWeight = 4, |
209 | | .symmLen_CryptoKey = 32, |
210 | | .symmLen_SignKey = 32, |
211 | | .symmLen_Signature = 32, |
212 | | .symmLen_Block = 16, |
213 | | .symmLen_KeyNonce = 0, |
214 | | .symmLen_MessageRandom = 0, |
215 | | .asymLen_OAEP_Hash = 32, |
216 | | .asymLen_KeyMinBits = 2048, |
217 | | .asymLen_KeyMaxBits = 4096, |
218 | | .secureChannelNonceLength = 32, |
219 | | .URI_SignAlgo = SOPC_SecurityPolicy_Aes256Sha256RsaPss_URI_SignAlgo, |
220 | | .certLen_Thumbprint = 20}, |
221 | | }; |
222 | | |
223 | | const SOPC_SecurityPolicy_Config* SOPC_SecurityPolicy_Config_Get(SOPC_SecurityPolicy_ID policyId) |
224 | 0 | { |
225 | 0 | if (((uint32_t) policyId) >= SOPC_SecurityPolicy_Last_ID) |
226 | 0 | { |
227 | 0 | policyId = SOPC_SecurityPolicy_Invalid_ID; |
228 | 0 | } |
229 | 0 | return &securityPolicy_cfg[policyId]; |
230 | 0 | } |
231 | | |
232 | | const SOPC_SecurityPolicy_Config* SOPC_CryptoProfile_Get(const char* uri) |
233 | 0 | { |
234 | 0 | if (NULL == uri) |
235 | 0 | { |
236 | 0 | return NULL; |
237 | 0 | } |
238 | | |
239 | | /* Compares len+1 to include the trailing \0 of the zero-terminated URI. |
240 | | * This avoids false positives with strings prefixed by a valid security policy. */ |
241 | 0 | const size_t len = strlen(uri) + 1; |
242 | 0 | for (size_t i = 0; i < SOPC_SecurityPolicy_Last_ID; i++) |
243 | 0 | { |
244 | 0 | const SOPC_SecurityPolicy_Config* policy = &securityPolicy_cfg[i]; |
245 | |
|
246 | 0 | if (SOPC_strncmp_ignore_case(uri, policy->uri, len) == 0) |
247 | 0 | { |
248 | 0 | return policy; |
249 | 0 | } |
250 | 0 | } |
251 | | |
252 | 0 | return NULL; |
253 | 0 | } |
254 | | |
255 | | const SOPC_CryptoProfile_PubSub* SOPC_CryptoProfile_PubSub_Get(const char* uri) |
256 | 0 | { |
257 | 0 | if (NULL == uri) |
258 | 0 | { |
259 | 0 | return NULL; |
260 | 0 | } |
261 | | |
262 | | /* Compares len+1 to include the trailing \0 of the zero-terminated URI. |
263 | | * This avoids false positives with strings prefixed by a valid security policy. */ |
264 | 0 | const size_t len = strlen(uri) + 1; |
265 | 0 | for (size_t i = 0; i < SOPC_SecurityPolicy_Last_ID; i++) |
266 | 0 | { |
267 | 0 | const SOPC_SecurityPolicy_Config* policy = &securityPolicy_cfg[i]; |
268 | |
|
269 | 0 | if (SOPC_strncmp_ignore_case(uri, policy->uri, len) == 0) |
270 | 0 | { |
271 | 0 | return policy->psProfile(uri); |
272 | 0 | } |
273 | 0 | } |
274 | | |
275 | 0 | return NULL; |
276 | 0 | } |