04/14/2020
We are using the .NET Standard implementation libraries for our OPCUA server.
When testing using Matrikon client, we see a failure to connect when using the Aes128_Sha256_RsaOaep security policy.
Looking at the code in SecurityPolicies.cs, it fails in the Decrypt() method. In the switch statement, it hits this case statement, for SecurityPolicies.Aes128_Sha256_RsaOaep:
case SecurityPolicies.Basic256:
case SecurityPolicies.Basic256Sha256:
case SecurityPolicies.Aes128_Sha256_RsaOaep:
{
if (dataToDecrypt.Algorithm == SecurityAlgorithms.RsaOaep)
{
return RsaUtils.Decrypt(new ArraySegment<byte>(dataToDecrypt.Data), certificate, RsaUtils.Padding.OaepSHA1);
}
break;
}
But the value of dataToDecrypt.Algorithm is RsaOaepSha256, so it doesn’t do the decryption and return. Instead it exits the switch statement and throws:
throw ServiceResultException.Create(
StatusCodes.BadIdentityTokenInvalid,
“Unexpected encryption algorithm : {0}”,
dataToDecrypt.Algorithm);
If I skip the ‘if’ statement and allow it to go into the Decrypt method, it works.
Does this indicate a bug in the Server? Should this ‘if’ statement be allowing SecurityAlgorithm.RsaOaepSha256 to enter the clause?
Or does this indicate a bug in the Matrikon client?
Any help would be much appreciated.
05/30/2017
Please review the Aes128_Sha256_RsaOaep policy:
https://profiles.opcfoundation…..EBE7312464
You will see that the AsymmetricEncryptionAlgorithm is RSA-OAEP-SHA1.
This means the bug is in the client that is either using SHA256 when it should use SHA1.
Or it is setting the wrong string in the “Algorithm” field.
FWIW – the disconnect between the SHA256 used for SymmetricEncryption and the SHA1 used for AsymmetricEncryption occurs because older versions of the .NET Framework did not support SHA256 with OAEP when the policy was released. The compromise was deemed acceptable because there was no plausible exploit when using SHA1 in combination with OAEP padding even if SHA1 on its own was deemed vulnerable.
1 Guest(s)