RYTEC
/
libiec61850
mirror of https://github.com/mz-automation/libiec61850.git
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v1.5_develop_373' into v1.5_develop_merging

Browse Source
v1.5_develop_merging
Michael Zillgith 3 years ago
parent e11f113b98 ad0bc86908
commit 27340ef5c5
1 changed files with 398 additions and 178 deletions
Show Stats Download Patch File Download Diff File

576
dotnet/IEC61850forCSharp/TLS.cs
Unescape Escape View File

@ -1,7 +1,7 @@
/* /*
* TLS.cs * TLS.cs
* *
* Copyright 2017 Michael Zillgith * Copyright 2017-2022 Michael Zillgith
* *
* This file is part of libIEC61850. * This file is part of libIEC61850.
* *
@ -35,180 +35,400 @@ using IEC61850.Common;
/// </summary> /// </summary>
namespace IEC61850 namespace IEC61850
{ {
namespace TLS namespace TLS
{ {
/// <summary> public enum TLSConfigVersion
/// A container for TLS configuration and certificates. {
/// </summary> NOT_SELECTED = 0,
public class TLSConfiguration : IDisposable SSL_3_0 = 3,
{ TLS_1_0 = 4,
private IntPtr self = IntPtr.Zero; TLS_1_1 = 5,
TLS_1_2 = 6,
private bool allowOnlyKnownCerts = false; TLS_1_3 = 7
private bool chainValidation = true; }
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] public enum TLSEventLevel
static extern IntPtr TLSConfiguration_create(); {
INFO = 0,
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] WARNING = 1,
static extern void TLSConfiguration_destroy(IntPtr self); INCIDENT = 2
}
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
static extern void TLSConfiguration_setAllowOnlyKnownCertificates(IntPtr self, [MarshalAs(UnmanagedType.I1)] bool value); public enum TLSEventCode
{
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] ALM_ALGO_NOT_SUPPORTED = 1,
static extern void TLSConfiguration_setChainValidation (IntPtr self, [MarshalAs(UnmanagedType.I1)] bool value); ALM_UNSECURE_COMMUNICATION = 2,
ALM_CERT_UNAVAILABLE = 3,
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] ALM_BAD_CERT = 4,
static extern void TLSConfiguration_setClientMode(IntPtr self); ALM_CERT_SIZE_EXCEEDED = 5,
ALM_CERT_VALIDATION_FAILED = 6,
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] ALM_CERT_REQUIRED = 7,
[return: MarshalAs(UnmanagedType.I1)] ALM_HANDSHAKE_FAILED_UNKNOWN_REASON = 8,
static extern bool TLSConfiguration_setOwnCertificate(IntPtr self, byte[] certificate, int certLen); WRN_INSECURE_TLS_VERSION = 9,
INF_SESSION_RENEGOTIATION = 10,
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] ALM_CERT_EXPIRED = 11,
[return: MarshalAs(UnmanagedType.I1)] ALM_CERT_REVOKED = 12,
static extern bool TLSConfiguration_setOwnCertificateFromFile(IntPtr self, string filename); ALM_CERT_NOT_CONFIGURED = 13,
ALM_CERT_NOT_TRUSTED = 14
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] }
[return: MarshalAs(UnmanagedType.I1)]
static extern bool TLSConfiguration_setOwnKey(IntPtr self, byte[] key, int keyLen, string keyPassword); public class TLSConnection
{
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
[return: MarshalAs(UnmanagedType.I1)] static extern int TLSConnection_getTLSVersion(IntPtr self);
static extern bool TLSConfiguration_setOwnKeyFromFile (IntPtr self, string filename, string keyPassword);
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] static extern IntPtr TLSConnection_getPeerAddress(IntPtr self, IntPtr peerAddrBuf);
[return: MarshalAs(UnmanagedType.I1)]
static extern bool TLSConfiguration_addAllowedCertificate(IntPtr self, byte[] certificate, int certLen); [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
static extern IntPtr TLSConnection_getPeerCertificate(IntPtr self, out int certSize);
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
[return: MarshalAs(UnmanagedType.I1)] private IntPtr self;
static extern bool TLSConfiguration_addAllowedCertificateFromFile(IntPtr self, string filename); private bool isValid;
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] internal TLSConnection(IntPtr self)
[return: MarshalAs(UnmanagedType.I1)] {
static extern bool TLSConfiguration_addCACertificate(IntPtr self, byte[] certificate, int certLen); this.self = self;
isValid = true;
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] }
[return: MarshalAs(UnmanagedType.I1)]
static extern bool TLSConfiguration_addCACertificateFromFile(IntPtr self, string filename); // To be called by event callback caller after callback execution
internal void InValidate()
public TLSConfiguration() { {
self = TLSConfiguration_create (); lock (this)
} {
isValid = false;
~TLSConfiguration() }
{ }
Dispose ();
} /// <summary>
/// TLS version used by the connection
internal IntPtr GetNativeInstance() /// </summary>
{ public TLSConfigVersion TLSVersion
return self; {
} get
{
public bool AllowOnlyKnownCertificates lock (this)
{ {
set { if (isValid)
TLSConfiguration_setAllowOnlyKnownCertificates (self, value); {
allowOnlyKnownCerts = value; return (TLSConfigVersion)TLSConnection_getTLSVersion((IntPtr)self);
} }
get { else
return allowOnlyKnownCerts; {
} throw new InvalidOperationException("Object cannot be used outside of TLS event callback");
} }
}
public bool ChainValidation }
{ }
set {
TLSConfiguration_setChainValidation (self, value); /// <summary>
chainValidation = value; /// Peer IP address and TCP port of the TLS connection
} /// </summary>
get { public string PeerAddress
return chainValidation; {
} get
} {
lock (this)
public void SetClientMode() {
{ if (isValid)
TLSConfiguration_setClientMode (self); {
} IntPtr peerAddrBuf = Marshal.AllocHGlobal(130);
IntPtr peerAddrStr = TLSConnection_getPeerAddress(this.self, peerAddrBuf);
public void SetOwnCertificate(string filename)
{ string peerAddr = null;
if (TLSConfiguration_setOwnCertificateFromFile (self, filename) == false) {
throw new CryptographicException ("Failed to read certificate from file"); if (peerAddrStr != IntPtr.Zero)
} {
} peerAddr = Marshal.PtrToStringAnsi(peerAddrStr);
}
public void SetOwnCertificate(X509Certificate2 cert)
{ Marshal.FreeHGlobal(peerAddrBuf);
byte[] certBytes = cert.GetRawCertData ();
return peerAddr;
if (TLSConfiguration_setOwnCertificate (self, certBytes, certBytes.Length) == false) { }
throw new CryptographicException ("Failed to set certificate"); else
} {
} throw new InvalidOperationException("Object cannot be used outside of TLS event callback");
}
public void AddAllowedCertificate(string filename) }
{ }
if (TLSConfiguration_addAllowedCertificateFromFile (self, filename) == false) { }
throw new CryptographicException ("Failed to read allowed certificate from file");
} /// <summary>
} /// TLS certificate used by the peer
/// </summary>
public void AddAllowedCertificate(X509Certificate2 cert) public byte[] PeerCertificate
{ {
byte[] certBytes = cert.GetRawCertData (); get
{
if (TLSConfiguration_addAllowedCertificate (self, certBytes, certBytes.Length) == false) { lock (this)
throw new CryptographicException ("Failed to add allowed certificate"); {
} if (isValid)
} {
int certSize;
public void AddCACertificate(string filename)
{ IntPtr certBuffer = TLSConnection_getPeerCertificate(self, out certSize);
if (TLSConfiguration_addCACertificateFromFile (self, filename) == false) {
throw new CryptographicException ("Failed to read CA certificate from file"); if (certBuffer != IntPtr.Zero)
} {
} if (certSize > 0)
{
public void AddCACertificate(X509Certificate2 cert) byte[] cert = new byte[certSize];
{
byte[] certBytes = cert.GetRawCertData (); Marshal.Copy(certBuffer, cert, 0, certSize);
if (TLSConfiguration_addCACertificate (self, certBytes, certBytes.Length) == false) { return cert;
throw new CryptographicException ("Failed to add CA certificate"); }
} }
}
return null;
public void SetOwnKey (string filename, string password) }
{ else
if (TLSConfiguration_setOwnKeyFromFile (self, filename, password) == false) { {
throw new CryptographicException ("Failed to read own key from file"); throw new InvalidOperationException("Object cannot be used outside of TLS event callback");
} }
} }
}
public void SetOwnKey (X509Certificate2 key, string password) }
{
byte[] certBytes = key.Export (X509ContentType.Pkcs12); }
if (TLSConfiguration_setOwnKey (self, certBytes, certBytes.Length, password) == false) { /// <summary>
throw new CryptographicException ("Failed to set own key"); /// TLS security event handler
} /// </summary>
} /// <param name="parameter">user provided context paramter to be passed to the handler</param>
/// <param name="eventLevel">severity level of the event</param>
public void Dispose() /// <param name="eventCode">code to identify the event type</param>
{ /// <param name="message">text message describing the event</param>
lock (this) { /// <param name="connection">TLS connection that caused the event</param>
if (self != IntPtr.Zero) { public delegate void TLSEventHandler(object parameter, TLSEventLevel eventLevel, TLSEventCode eventCode, string message, TLSConnection connection);
TLSConfiguration_destroy (self);
self = IntPtr.Zero; /// <summary>
} /// A container for TLS configuration and certificates.
} /// </summary>
} public class TLSConfiguration : IDisposable
{
} private IntPtr self = IntPtr.Zero;
}
} private bool allowOnlyKnownCerts = false;
private bool chainValidation = true;
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
static extern IntPtr TLSConfiguration_create();
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
static extern void TLSConfiguration_destroy(IntPtr self);
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
static extern void TLSConfiguration_setAllowOnlyKnownCertificates(IntPtr self, [MarshalAs(UnmanagedType.I1)] bool value);
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
static extern void TLSConfiguration_setChainValidation(IntPtr self, [MarshalAs(UnmanagedType.I1)] bool value);
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
static extern void TLSConfiguration_setClientMode(IntPtr self);
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
[return: MarshalAs(UnmanagedType.I1)]
static extern bool TLSConfiguration_setOwnCertificate(IntPtr self, byte[] certificate, int certLen);
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
[return: MarshalAs(UnmanagedType.I1)]
static extern bool TLSConfiguration_setOwnCertificateFromFile(IntPtr self, string filename);
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
[return: MarshalAs(UnmanagedType.I1)]
static extern bool TLSConfiguration_setOwnKey(IntPtr self, byte[] key, int keyLen, string keyPassword);
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
[return: MarshalAs(UnmanagedType.I1)]
static extern bool TLSConfiguration_setOwnKeyFromFile(IntPtr self, string filename, string keyPassword);
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
[return: MarshalAs(UnmanagedType.I1)]
static extern bool TLSConfiguration_addAllowedCertificate(IntPtr self, byte[] certificate, int certLen);
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
[return: MarshalAs(UnmanagedType.I1)]
static extern bool TLSConfiguration_addAllowedCertificateFromFile(IntPtr self, string filename);
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
[return: MarshalAs(UnmanagedType.I1)]
static extern bool TLSConfiguration_addCACertificate(IntPtr self, byte[] certificate, int certLen);
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
[return: MarshalAs(UnmanagedType.I1)]
static extern bool TLSConfiguration_addCACertificateFromFile(IntPtr self, string filename);
private TLSEventHandler eventHandler = null;
private object eventHandlerParameter = null;
[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
private delegate void InternalTLSEventHandler(IntPtr parameter, int eventLevel, int eventCode, IntPtr message, IntPtr tlsCon);
private InternalTLSEventHandler internalTLSEventHandlerRef = null;
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
static extern void TLSConfiguration_setEventHandler(IntPtr self, InternalTLSEventHandler handler, IntPtr parameter);
void InternalTLSEventHandlerImpl(IntPtr parameter, int eventLevel, int eventCode, IntPtr message, IntPtr tlsCon)
{
if (eventHandler != null)
{
TLSConnection connection = new TLSConnection(tlsCon);
string msg = Marshal.PtrToStringAnsi(message);
eventHandler(eventHandlerParameter, (TLSEventLevel)eventLevel, (TLSEventCode)eventCode, msg, connection);
connection.InValidate();
}
}
public void SetEventHandler(TLSEventHandler handler, object parameter)
{
this.eventHandler = handler;
this.eventHandlerParameter = parameter;
if (internalTLSEventHandlerRef == null)
{
internalTLSEventHandlerRef = new InternalTLSEventHandler(InternalTLSEventHandlerImpl);
TLSConfiguration_setEventHandler(self, internalTLSEventHandlerRef, IntPtr.Zero);
}
}
public TLSConfiguration()
{
self = TLSConfiguration_create();
}
~TLSConfiguration()
{
Dispose();
}
internal IntPtr GetNativeInstance()
{
return self;
}
public bool AllowOnlyKnownCertificates
{
set
{
TLSConfiguration_setAllowOnlyKnownCertificates(self, value);
allowOnlyKnownCerts = value;
}
get
{
return allowOnlyKnownCerts;
}
}
public bool ChainValidation
{
set
{
TLSConfiguration_setChainValidation(self, value);
chainValidation = value;
}
get
{
return chainValidation;
}
}
public void SetClientMode()
{
TLSConfiguration_setClientMode(self);
}
public void SetOwnCertificate(string filename)
{
if (TLSConfiguration_setOwnCertificateFromFile(self, filename) == false)
{
throw new CryptographicException("Failed to read certificate from file");
}
}
public void SetOwnCertificate(X509Certificate2 cert)
{
byte[] certBytes = cert.GetRawCertData();
if (TLSConfiguration_setOwnCertificate(self, certBytes, certBytes.Length) == false)
{
throw new CryptographicException("Failed to set certificate");
}
}
public void AddAllowedCertificate(string filename)
{
if (TLSConfiguration_addAllowedCertificateFromFile(self, filename) == false)
{
throw new CryptographicException("Failed to read allowed certificate from file");
}
}
public void AddAllowedCertificate(X509Certificate2 cert)
{
byte[] certBytes = cert.GetRawCertData();
if (TLSConfiguration_addAllowedCertificate(self, certBytes, certBytes.Length) == false)
{
throw new CryptographicException("Failed to add allowed certificate");
}
}
public void AddCACertificate(string filename)
{
if (TLSConfiguration_addCACertificateFromFile(self, filename) == false)
{
throw new CryptographicException("Failed to read CA certificate from file");
}
}
public void AddCACertificate(X509Certificate2 cert)
{
byte[] certBytes = cert.GetRawCertData();
if (TLSConfiguration_addCACertificate(self, certBytes, certBytes.Length) == false)
{
throw new CryptographicException("Failed to add CA certificate");
}
}
public void SetOwnKey(string filename, string password)
{
if (TLSConfiguration_setOwnKeyFromFile(self, filename, password) == false)
{
throw new CryptographicException("Failed to read own key from file");
}
}
public void SetOwnKey(X509Certificate2 key, string password)
{
byte[] certBytes = key.Export(X509ContentType.Pkcs12);
if (TLSConfiguration_setOwnKey(self, certBytes, certBytes.Length, password) == false)
{
throw new CryptographicException("Failed to set own key");
}
}
public void Dispose()
{
lock (this)
{
if (self != IntPtr.Zero)
{
TLSConfiguration_destroy(self);
self = IntPtr.Zero;
}
}
}
}
}
}

Write Preview
Loading…
Cancel
Save