Connecting using Aes128_Sha256_RsaOaep|OPC UA Implementation: Stacks, Tools, and Samples|Forum|OPC Foundation

Avatar
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
Connecting using Aes128_Sha256_RsaOaep
Avatar
Peter Franklin
Member
Members
Forum Posts: 24
Member Since:
04/14/2020
sp_UserOfflineSmall Offline
1
07/01/2021 - 17:32
sp_Permalink sp_Print

We are using the .NET Standard implementation libraries for our OPCUA server.

When testing using Matrikon client, we see a failure to connect when using the Aes128_Sha256_RsaOaep security policy.

Looking at the code in SecurityPolicies.cs, it fails in the Decrypt() method. In the switch statement, it hits this case statement, for SecurityPolicies.Aes128_Sha256_RsaOaep:

case SecurityPolicies.Basic256:
case SecurityPolicies.Basic256Sha256:
case SecurityPolicies.Aes128_Sha256_RsaOaep:
{
   if (dataToDecrypt.Algorithm == SecurityAlgorithms.RsaOaep)
   {
      return RsaUtils.Decrypt(new ArraySegment<byte>(dataToDecrypt.Data), certificate, RsaUtils.Padding.OaepSHA1);
   }
   break;
}

But the value of dataToDecrypt.Algorithm is RsaOaepSha256, so it doesn’t do the decryption and return. Instead it exits the switch statement and throws:

throw ServiceResultException.Create(
   StatusCodes.BadIdentityTokenInvalid,
   “Unexpected encryption algorithm : {0}”,
   dataToDecrypt.Algorithm);

If I skip the ‘if’ statement and allow it to go into the Decrypt method, it works.

Does this indicate a bug in the Server? Should this ‘if’ statement be allowing SecurityAlgorithm.RsaOaepSha256 to enter the clause? 

Or does this indicate a bug in the Matrikon client?

Any help would be much appreciated.

Avatar
Randy Armstrong
Admin
Forum Posts: 1580
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
2
07/01/2021 - 19:55
sp_Permalink sp_Print sp_EditHistory

Please review the Aes128_Sha256_RsaOaep policy:

https://profiles.opcfoundation…..EBE7312464

You will see that the AsymmetricEncryptionAlgorithm is RSA-OAEP-SHA1.

This means the bug is in the client that is either using SHA256 when it should use SHA1.

Or it is setting the wrong string in the “Algorithm” field.

FWIW – the disconnect between the SHA256 used for SymmetricEncryption and the SHA1 used for AsymmetricEncryption occurs because older versions of the .NET Framework did not support SHA256 with OAEP when the policy was released. The compromise was deemed acceptable because there was no plausible exploit when using SHA1 in combination with OAEP padding even if SHA1 on its own was deemed vulnerable.

Forum Timezone: America/Phoenix
Most Users Ever Online: 510
Currently Online:
Guest(s) 29
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1446
Posts: 4891