From 458d740c9a6cb95deb30ee1739649ac681eac39e Mon Sep 17 00:00:00 2001 From: Michael Zillgith Date: Fri, 20 Jun 2025 18:55:49 +0100 Subject: [PATCH] - .NET API: added missing TLS related functions (LIB61850-486) --- dotnet/IEC61850forCSharp/TLS.cs | 129 ++++++++++++++++++++++++++++++-- 1 file changed, 121 insertions(+), 8 deletions(-) diff --git a/dotnet/IEC61850forCSharp/TLS.cs b/dotnet/IEC61850forCSharp/TLS.cs index d645c547..0661f038 100644 --- a/dotnet/IEC61850forCSharp/TLS.cs +++ b/dotnet/IEC61850forCSharp/TLS.cs @@ -216,6 +216,12 @@ namespace IEC61850 private bool allowOnlyKnownCerts = false; private bool chainValidation = true; + private bool sessionResumptionEnabled = true; /* default is true */ + + private int sessionResumptionInterval = 21600; /* in seconds */ + + private bool timeValidation = true; /* validate validity time in vertificates (default: true) */ + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] static extern IntPtr TLSConfiguration_create(); @@ -263,18 +269,41 @@ namespace IEC61850 [return: MarshalAs(UnmanagedType.I1)] static extern bool TLSConfiguration_addCACertificateFromFile(IntPtr self, string filename); - [DllImport("tase2", CallingConvention = CallingConvention.Cdecl)] + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + [return: MarshalAs(UnmanagedType.I1)] + static extern bool TLSConfiguration_addCRL(IntPtr self, byte[] crl, int crlLen); + + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + [return: MarshalAs(UnmanagedType.I1)] + static extern bool TLSConfiguration_addCRLFromFile(IntPtr self, string filename); + + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + static extern void TLSConfiguration_resetCRL(IntPtr self); + + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] static extern void TLSConfiguration_setMinTlsVersion(IntPtr self, int version); - [DllImport("tase2", CallingConvention = CallingConvention.Cdecl)] + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] static extern void TLSConfiguration_setMaxTlsVersion(IntPtr self, int version); - [DllImport("tase2", CallingConvention = CallingConvention.Cdecl)] + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] static extern void TLSConfiguration_addCipherSuite(IntPtr self, int ciphersuite); - [DllImport("tase2", CallingConvention = CallingConvention.Cdecl)] + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] static extern void TLSConfiguration_clearCipherSuiteList(IntPtr self); + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + static extern void TLSConfiguration_enableSessionResumption(IntPtr self, [MarshalAs(UnmanagedType.I1)] bool value); + + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + static extern void TLSConfiguration_setSessionResumptionInterval(IntPtr self, int value); + + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + static extern void TLSConfiguration_setTimeValidation(IntPtr self, [MarshalAs(UnmanagedType.I1)] bool value); + + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + static extern void TLSConfiguration_setRenegotiationTime(IntPtr self, int value); + private TLSEventHandler eventHandler = null; private object eventHandlerParameter = null; @@ -354,6 +383,64 @@ namespace IEC61850 } } + /// + /// Enable or disable session resumption (enabled by default) + /// + public bool SessionResumption + { + set + { + TLSConfiguration_enableSessionResumption(self, value); + sessionResumptionEnabled = value; + } + get + { + return sessionResumptionEnabled; + } + } + + + /// + /// Get or set the session resumption interval in seconds + /// + public int SessionResumptionInterval + { + set + { + TLSConfiguration_setSessionResumptionInterval(self, value); + sessionResumptionInterval = value; + } + get + { + return sessionResumptionInterval; + } + } + + /// + /// Verify validity of times in certificates and CRLs (default: true) + /// + public bool TimeValidation + { + set + { + TLSConfiguration_setTimeValidation(self, value); + timeValidation = value; + } + get + { + return timeValidation; + } + } + + /// + /// Set the TLS session renegotiation timeout. + /// + /// session renegotiation timeout in milliseconds + public void SetRenegotiationTime(int timeInMs) + { + TLSConfiguration_setRenegotiationTime(self, timeInMs); + } + public void SetClientMode() { TLSConfiguration_setClientMode(self); @@ -413,7 +500,13 @@ namespace IEC61850 } } - public void SetOwnKey(string filename, string password) + /// + /// Set own private key from file + /// + /// Filename of a DER or PEM private key file + /// Password in case the private key is password protected + /// + public void SetOwnKey(string filename, string password = null) { if (TLSConfiguration_setOwnKeyFromFile(self, filename, password) == false) { @@ -431,6 +524,26 @@ namespace IEC61850 } } + /// + /// Add a CRL from a X509 CRL file + /// + /// the name of the CRL file + public void AddCRL(string filename) + { + if (TLSConfiguration_addCRLFromFile(self, filename) == false) + { + throw new CryptographicException("Failed to read CRL from file"); + } + } + + /// + /// Removes any CRL (certificate revocation list) currently in use + /// + public void ResetCRL() + { + TLSConfiguration_resetCRL(self); + } + /// /// Set minimal allowed TLS version to use /// @@ -454,7 +567,7 @@ namespace IEC61850 /// Add an allowed ciphersuite to the list of allowed ciphersuites /// /// - public void addCipherSuite(TlsCipherSuite ciphersuite) + public void AddCipherSuite(TlsCipherSuite ciphersuite) { TLSConfiguration_addCipherSuite(self,(int) ciphersuite); } @@ -464,7 +577,7 @@ namespace IEC61850 /// /// Version for .NET framework that does not support TlsCipherSuite enum /// - public void addCipherSuite(int ciphersuite) + public void AddCipherSuite(int ciphersuite) { TLSConfiguration_addCipherSuite(self, ciphersuite); } @@ -473,7 +586,7 @@ namespace IEC61850 /// Clears list of allowed ciphersuites /// /// - public void clearCipherSuiteList() + public void ClearCipherSuiteList() { TLSConfiguration_clearCipherSuiteList(self); }