Sha2-signed certificate is interpreted as Sha1-signed and wrongly rejected ? | OPC UA Implementation: Stacks, Tools, and Samples | Forum

Avatar
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
Sha2-signed certificate is interpreted as Sha1-signed and wrongly rejected ?
Avatar
sixdiamants
Zoetermeer
Member
Members
Forum Posts: 4
Member Since:
06/15/2017
sp_UserOfflineSmall Offline
1
07/26/2019 - 01:36
sp_Permalink sp_Print

The .NETstandard OPC-UA server now rejects the weak Sha1-signed certificates. However, my newly minted Sha2-signature seems to be interpreted as a Sha1-signed signature and gets rejected as a consequence. 

I generated a Sha2-signed key and self-signed certificated by this means:

openssl req -x509 -config ssl.cnf -newkey rsa:2048 -sha256 -new -nodes -days 365 -keyout id_rsa_opcua_client_private_key.pem -outform DER -out id_rsa_opcua_client_cert.der
openssl x509 -in id_rsa_opcua_client_cert.der -inform DER -text -noout

When connecting to the .NETstandard console server, the logged response is this

26-7-2019 09:51:09.652 Channel 2 in Opening state.
26-7-2019 09:51:09.719 Security Policy: https://opcfoundation.org/UA/Se.....c256Sha256
26-7-2019 09:51:09.720 Sender Certificate: E=me@somewhere.com, CN=hors-pair, O=CasseCroute, L=Volksrust, S=ZH, C=NL
26-7-2019 09:51:09.721 Token #0 created. CreatedAt = 07:51:09.721 . Lifetime = 3600000
26-7-2019 09:51:09.725 SECURE CHANNEL CREATED [.NetStandard ServerChannel UA-TCP 1.4.354.0] [ID=2] Connected To: opc.tcp://hors-pair:51210/UA/SampleServer [SignAndEncrypt/Basic256Sha256/Binary] Client Certificate: [E=me@somewhere.com, CN=hors-pair, O=CasseCroute, L=Zoetermeer, S=ZH, C=NL] [AE41B8B60167D4DAF809E3629AE782711A5FB3C0] Server Certificate: [CN=Zevenaar-opcuaserver-ebs, C=NL, L=Zoetermeer, O=Siemens Mobility B.V., DC=hors-pair] [CAF410AB9955B74BBC231C043CE325249AC75BB5]
26-7-2019 09:51:09.732 Token #1 activated. CreatedAt = 07:51:09.721 . Lifetime = 3600000
26-7-2019 09:51:09.733 Channel 2 in Open state.
26-7-2019 09:51:09.734 Channel 2: SendOpenSecureChannelResponse()
26-7-2019 09:51:09.771 Channel 2: ProcessRequestMessage 2
26-7-2019 09:51:09.882 Session CREATED, Id=ns=4;i=1832884893, Name=Pure Python Client Session1, ChannelId=6258a10f-2074-48d1-9eb0-3ae348d61578-2, User=Anonymous
26-7-2019 09:51:09.898 Server - SESSION CREATED. SessionId=ns=4;i=1832884893
26-7-2019 09:51:09.901 Channel 2: SendResponse 2
26-7-2019 09:51:09.910 Channel 2: ProcessRequestMessage 3
26-7-2019 09:51:09.930 Server - SESSION ACTIVATE failed. Unexpected signature algorithm for Basic256Sha256/Aes128_Sha256_RsaOaep: http://www.w3.org/2000/09/xmldsig#rsa-sha1
Expected signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
26-7-2019 09:51:09.955 Channel 2: SendResponse 3
26-7-2019 09:51:38.300 Channel 0 in Connecting state.
26-7-2019 09:51:39.311 Channel 0: Close

A check of the certificate by means of 

 openssl x509 -in id_rsa_opcua_client_cert.der -inform DER -text -noout                                                                      

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:12:bd:82:dd:8a:49:44:0f:d8:a6:fe:74:a7:5f:fb:f5:7b:78:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = NL, ST = ZH, L = Volksrust, O = CasseCroute, CN = hors-pair, emailAddress = me@somewhere.com
Validity
Not Before: Jul 25 08:45:41 2019 GMT
Not After : Jul 24 08:45:41 2020 GMT
Subject: C = NL, ST = ZH, L = Volksrust, O = CasseCroute, CN = hors-pair, emailAddress = me@somewhere.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
…. cut …. cut

X509v3 extensions:
X509v3 Subject Key Identifier:
46:80:03:29:4F:13:0E:95:F6:A7:0F:C9:EA:C3:E3:60:9C:FE:B0:31
X509v3 Authority Key Identifier:
keyid:46:80:03:29:4F:13:0E:95:F6:A7:0F:C9:EA:C3:E3:60:9C:FE:B0:31

X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Certificate Sign
X509v3 Subject Alternative Name:
URI:urn:freeopcua:client
Netscape Comment:
OpenSSL certificaat voor opc-ua server

And the final client-side check of the certificate, the fingerprint matches the one reported by the server (ae41b8b60167d4daf809e3629ae782711a5fb3c0)

[Image Can Not Be Found]

 

Finally, I run the UA-.NETStandard master branch 50c9a677350b378cb5b84584dc3df9642c2541cc from march 22, 2019.

Avatar
Randy Armstrong
Admin
Forum Posts: 308
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
2
07/29/2019 - 18:18
sp_Permalink sp_Print

ActivateSession requires that the Client compute a signature for the nonce provided by the Server. The algorithm URI (http://www.w3.org/2000/09/xmldsig#rsa-sha1) is supplied with the signature. It looks like this issue is caused by your client putting the wrong URI in the algorithm bucket or using SHA1 to compute the signature on the nonce when it should be using SHA256.

Avatar
sixdiamants
Zoetermeer
Member
Members
Forum Posts: 4
Member Since:
06/15/2017
sp_UserOfflineSmall Offline
3
08/10/2019 - 14:31
sp_Permalink sp_Print

Thanks for this answer. It worked out that the client indeed presents a bug as reported here.

Forum Timezone: America/Phoenix
Most Users Ever Online: 143
Currently Online:
8
Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Newest Members:
delly@a.kualalumpurtravel.network
Forum Stats:
Groups: 2
Forums: 9
Topics: 593
Posts: 1703

 

Member Stats:
Guest Posters: 1
Members: 110639
Moderators: 10
Admins: 3
Administrators: michael.bryant@opcfoundation.org, thomas.burke@opcfoundation.org, Randy Armstrong
Moderators: matthias.damm@ascolab.com, s.hoppe@beckhoff.com, paul.hunkar@dsinteroperability.com, jouni.aro@prosys.fi, tim.fortin@honeywell.com, Jim.Luth@Schneider-Electric.com, Karl-Heinz Deiretsbacher, stefan.hoppe@opcfoundation.org, alexander.allmendinger@opcfoundation.org, Karl Deiretsbacher