mirror/opcua-asyncio
1
0
Fork 0
mirror of https://github.com/FreeOpcUa/opcua-asyncio synced 2025-10-29 17:07:18 +08:00
Code Issues Releases Wiki Activity

Use correct signature algorithm in create session response

Browse Source 
Previously this was hardcoded to sha1. Fix this by introducing a
new URI field in the SecurityPolicy classes carrying the correct
URIs.

This fixes complaints by some UA clients that match requested
security profiles against the server response and warn the user.
This commit is contained in:
Helmut Jacob
2019-07-09 17:22:13 +02:00
committed by oroulet
parent eef145b8d6
commit 0425f17f82
3 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
asyncua/crypto/security_policies.py
View File

@@ -394,6 +394,7 @@ class SecurityPolicyBasic128Rsa15(SecurityPolicy):
signature_key_size = 16
symmetric_key_size = 16
AsymmetricEncryptionURI = "http://www.w3.org/2001/04/xmlenc#rsa-1_5"
AsymmetricSignatureURI = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
@staticmethod
def encrypt_asymmetric(pubkey, data):
@@ -465,6 +466,7 @@ class SecurityPolicyBasic256(SecurityPolicy):
signature_key_size = 24
symmetric_key_size = 32
AsymmetricEncryptionURI = "http://www.w3.org/2001/04/xmlenc#rsa-oaep"
AsymmetricSignatureURI = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
@staticmethod
def encrypt_asymmetric(pubkey, data):
@@ -533,6 +535,7 @@ class SecurityPolicyBasic256Sha256(SecurityPolicy):
signature_key_size = 32
symmetric_key_size = 32
AsymmetricEncryptionURI = "http://www.w3.org/2001/04/xmlenc#rsa-oaep"
AsymmetricSignatureURI = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
@staticmethod
def encrypt_asymmetric(pubkey, data):

3
asyncua/server/uaprocessor.py
View File

@@ -150,7 +150,8 @@ class UaProcessor:
data = self._connection.security_policy.server_certificate + params.ClientNonce
response.Parameters.ServerSignature.Signature = \
self._connection.security_policy.asymmetric_cryptography.signature(data)
response.Parameters.ServerSignature.Algorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
response.Parameters.ServerSignature.Algorithm = self._connection.security_policy.AsymmetricSignatureURI
_logger.info("sending create session response")
self.send_response(requesthdr.RequestHandle, algohdr, seqhdr, response)

1
asyncua/ua/uaprotocol_hand.py
View File

@@ -218,6 +218,7 @@ class SecurityPolicy:
Base class for security policy
"""
URI = 'http://opcfoundation.org/UA/SecurityPolicy#None'
AsymmetricSignatureURI = ''
signature_key_size = 0
symmetric_key_size = 0