plugins/epan/opcua/opcua_keyset.c

   1 /******************************************************************************
   2 ** Copyright (C) 2006-2023 ascolab GmbH. All Rights Reserved.
   3 ** Web: http://www.ascolab.com
   4 **
   5 ** SPDX-License-Identifier: GPL-2.0-or-later
   6 **
   7 ** This file is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE
   8 ** WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
   9 **
  10 ** Project: OpcUa Wireshark Plugin
  11 **
  12 ** Description: OpcUa Protocol Decoder.
  13 **
  14 ** Author: Gerhard Gappmeier <gerhard.gappmeier@ascolab.com>
  15 ******************************************************************************/
  16
  17 #include "opcua_keyset.h"
  18 #include <stdbool.h>
  19 #include <stddef.h>
  20 #include <stdlib.h>
  21 #include <epan/packet.h>
  22
  23 static struct ua_keyset *g_keysets;
  24 static unsigned int g_num_keysets;
  25 static bool g_sorted;
  26
  27 int ua_keysets_init(void)
  28 {
  29     g_keysets = NULL;
  30     g_num_keysets = 0;
  31     g_sorted = false;
  32     return 0;
  33 }
  34
  35 int ua_keysets_clear(void)
  36 {
  37     if (g_keysets) {
  38         g_free(g_keysets);
  39         g_keysets = NULL;
  40     }
  41     g_num_keysets = 0;
  42     g_sorted = false;
  43     return 0;
  44 }
  45
  46 /**
  47  * Allocates a new keyset entry.
  48  *
  49  * @return Returns pointer to new empty keyset.
  50  *  NULL would indicate an out of memory situation.
  51  */
  52 struct ua_keyset *ua_keysets_add(void)
  53 {
  54     struct ua_keyset *tmp = g_realloc(g_keysets, sizeof(*g_keysets) * (g_num_keysets + 1));
  55     if (tmp == NULL) return NULL; /* out of mem */
  56     /* realloc succeeded, assign new pointer */
  57     g_keysets = tmp;
  58     /* return new element */
  59     tmp = &g_keysets[g_num_keysets++];
  60     memset(tmp, 0, sizeof(*tmp));
  61     /* default to 32 byte sig_len if missing.
  62      * This is the most likely length for SHA256 based signatures,
  63      * SHA1 based signatures with 16 bytes are deprecated.
  64      */
  65     tmp->client_sig_len = 32;
  66     tmp->server_sig_len = 32;
  67     return tmp;
  68 }
  69
  70 /**
  71  * Compare function for bsearch/qsort.
  72  * Sorts by keyset->id.
  73  */
  74 static int keyset_compare(const void *a, const void *b)
  75 {
  76     const struct ua_keyset *keyset_a = a;
  77     const struct ua_keyset *keyset_b = b;
  78
  79     if (keyset_a->id == keyset_b->id) return 0;
  80     if (keyset_a->id < keyset_b->id) return -1;
  81     return 1;
  82 }
  83
  84 /**
  85  * Sorts the keyset to be able to use bsearch.
  86  */
  87 void ua_keysets_sort(void)
  88 {
  89     if (g_num_keysets >= 2) {
  90         qsort(g_keysets, g_num_keysets, sizeof(struct ua_keyset), keyset_compare);
  91     }
  92
  93     g_sorted = true;
  94 }
  95
  96 /**
  97  * Looks up a keyset by id.
  98  *
  99  * @param id The id is 64bit value which contains the combined securechannel_id and token_id.
 100  *
 101  * @return Keyset if found, NULL if not found.
 102  */
 103 struct ua_keyset *ua_keysets_lookup(uint64_t id)
 104 {
 105     struct ua_keyset *tmp, key;
 106
 107     if (!g_sorted) return NULL;
 108
 109     key.id = id;
 110     tmp = bsearch(&key, g_keysets, g_num_keysets, sizeof(struct ua_keyset), keyset_compare);
 111
 112     return tmp;
 113 }
 114
 115 static void print_hex(unsigned char *data, unsigned int data_len)
 116 {
 117     unsigned int i;
 118
 119     for (i = 0; i < data_len; ++i) {
 120         printf("%02X", data[i]);
 121     }
 122     printf("\n");
 123 }
 124
 125 /**
 126  * For debugging purposes only.
 127  */
 128 void ua_keysets_dump(void)
 129 {
 130     struct ua_keyset *tmp;
 131     unsigned int i;
 132     uint32_t channel_id, token_id;
 133
 134     printf("Number of keysets: %u\n", g_num_keysets);
 135
 136     for (i = 0; i < g_num_keysets; ++i) {
 137         tmp = &g_keysets[i];
 138         channel_id = (uint32_t)(tmp->id >> 32);
 139         token_id = (uint32_t)(tmp->id & 0xffffffff);
 140
 141         printf("%u: id=%" PRIu64 ", channel_id=%u, token_id=%u\n", i, tmp->id, channel_id, token_id);
 142
 143         printf("%u: client IV: ", i);
 144         print_hex(tmp->client_iv, sizeof(tmp->client_iv));
 145         printf("%u: client key(%u): ", i, tmp->client_key_len);
 146         print_hex(tmp->client_key, tmp->client_key_len);
 147         printf("%u: client sig_len(%u): ", i, tmp->client_sig_len);
 148
 149         printf("%u: server IV: ", i);
 150         print_hex(tmp->server_iv, sizeof(tmp->server_iv));
 151         printf("%u: server key(%u): ", i, tmp->server_key_len);
 152         print_hex(tmp->server_key, tmp->server_key_len);
 153         printf("%u: server sig_len(%u): ", i, tmp->server_sig_len);
 154     }
 155 }
 156