From 458d740c9a6cb95deb30ee1739649ac681eac39e Mon Sep 17 00:00:00 2001 From: Michael Zillgith Date: Fri, 20 Jun 2025 18:55:49 +0100 Subject: [PATCH 1/3] - .NET API: added missing TLS related functions (LIB61850-486) --- dotnet/IEC61850forCSharp/TLS.cs | 129 ++++++++++++++++++++++++++++++-- 1 file changed, 121 insertions(+), 8 deletions(-) diff --git a/dotnet/IEC61850forCSharp/TLS.cs b/dotnet/IEC61850forCSharp/TLS.cs index d645c547..0661f038 100644 --- a/dotnet/IEC61850forCSharp/TLS.cs +++ b/dotnet/IEC61850forCSharp/TLS.cs @@ -216,6 +216,12 @@ namespace IEC61850 private bool allowOnlyKnownCerts = false; private bool chainValidation = true; + private bool sessionResumptionEnabled = true; /* default is true */ + + private int sessionResumptionInterval = 21600; /* in seconds */ + + private bool timeValidation = true; /* validate validity time in vertificates (default: true) */ + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] static extern IntPtr TLSConfiguration_create(); @@ -263,18 +269,41 @@ namespace IEC61850 [return: MarshalAs(UnmanagedType.I1)] static extern bool TLSConfiguration_addCACertificateFromFile(IntPtr self, string filename); - [DllImport("tase2", CallingConvention = CallingConvention.Cdecl)] + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + [return: MarshalAs(UnmanagedType.I1)] + static extern bool TLSConfiguration_addCRL(IntPtr self, byte[] crl, int crlLen); + + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + [return: MarshalAs(UnmanagedType.I1)] + static extern bool TLSConfiguration_addCRLFromFile(IntPtr self, string filename); + + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + static extern void TLSConfiguration_resetCRL(IntPtr self); + + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] static extern void TLSConfiguration_setMinTlsVersion(IntPtr self, int version); - [DllImport("tase2", CallingConvention = CallingConvention.Cdecl)] + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] static extern void TLSConfiguration_setMaxTlsVersion(IntPtr self, int version); - [DllImport("tase2", CallingConvention = CallingConvention.Cdecl)] + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] static extern void TLSConfiguration_addCipherSuite(IntPtr self, int ciphersuite); - [DllImport("tase2", CallingConvention = CallingConvention.Cdecl)] + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] static extern void TLSConfiguration_clearCipherSuiteList(IntPtr self); + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + static extern void TLSConfiguration_enableSessionResumption(IntPtr self, [MarshalAs(UnmanagedType.I1)] bool value); + + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + static extern void TLSConfiguration_setSessionResumptionInterval(IntPtr self, int value); + + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + static extern void TLSConfiguration_setTimeValidation(IntPtr self, [MarshalAs(UnmanagedType.I1)] bool value); + + [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)] + static extern void TLSConfiguration_setRenegotiationTime(IntPtr self, int value); + private TLSEventHandler eventHandler = null; private object eventHandlerParameter = null; @@ -354,6 +383,64 @@ namespace IEC61850 } } + /// + /// Enable or disable session resumption (enabled by default) + /// + public bool SessionResumption + { + set + { + TLSConfiguration_enableSessionResumption(self, value); + sessionResumptionEnabled = value; + } + get + { + return sessionResumptionEnabled; + } + } + + + /// + /// Get or set the session resumption interval in seconds + /// + public int SessionResumptionInterval + { + set + { + TLSConfiguration_setSessionResumptionInterval(self, value); + sessionResumptionInterval = value; + } + get + { + return sessionResumptionInterval; + } + } + + /// + /// Verify validity of times in certificates and CRLs (default: true) + /// + public bool TimeValidation + { + set + { + TLSConfiguration_setTimeValidation(self, value); + timeValidation = value; + } + get + { + return timeValidation; + } + } + + /// + /// Set the TLS session renegotiation timeout. + /// + /// session renegotiation timeout in milliseconds + public void SetRenegotiationTime(int timeInMs) + { + TLSConfiguration_setRenegotiationTime(self, timeInMs); + } + public void SetClientMode() { TLSConfiguration_setClientMode(self); @@ -413,7 +500,13 @@ namespace IEC61850 } } - public void SetOwnKey(string filename, string password) + /// + /// Set own private key from file + /// + /// Filename of a DER or PEM private key file + /// Password in case the private key is password protected + /// + public void SetOwnKey(string filename, string password = null) { if (TLSConfiguration_setOwnKeyFromFile(self, filename, password) == false) { @@ -431,6 +524,26 @@ namespace IEC61850 } } + /// + /// Add a CRL from a X509 CRL file + /// + /// the name of the CRL file + public void AddCRL(string filename) + { + if (TLSConfiguration_addCRLFromFile(self, filename) == false) + { + throw new CryptographicException("Failed to read CRL from file"); + } + } + + /// + /// Removes any CRL (certificate revocation list) currently in use + /// + public void ResetCRL() + { + TLSConfiguration_resetCRL(self); + } + /// /// Set minimal allowed TLS version to use /// @@ -454,7 +567,7 @@ namespace IEC61850 /// Add an allowed ciphersuite to the list of allowed ciphersuites /// /// - public void addCipherSuite(TlsCipherSuite ciphersuite) + public void AddCipherSuite(TlsCipherSuite ciphersuite) { TLSConfiguration_addCipherSuite(self,(int) ciphersuite); } @@ -464,7 +577,7 @@ namespace IEC61850 /// /// Version for .NET framework that does not support TlsCipherSuite enum /// - public void addCipherSuite(int ciphersuite) + public void AddCipherSuite(int ciphersuite) { TLSConfiguration_addCipherSuite(self, ciphersuite); } @@ -473,7 +586,7 @@ namespace IEC61850 /// Clears list of allowed ciphersuites /// /// - public void clearCipherSuiteList() + public void ClearCipherSuiteList() { TLSConfiguration_clearCipherSuiteList(self); } From 8ac478f6295c307f1b85228df3e77f899befc658 Mon Sep 17 00:00:00 2001 From: Michael Zillgith Date: Sat, 21 Jun 2025 06:49:10 +0100 Subject: [PATCH 2/3] - fixed typo in comment --- hal/inc/tls_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hal/inc/tls_config.h b/hal/inc/tls_config.h index 0c662bc6..fd06f1d9 100644 --- a/hal/inc/tls_config.h +++ b/hal/inc/tls_config.h @@ -170,7 +170,7 @@ PAL_API void TLSConfiguration_setChainValidation(TLSConfiguration self, bool value); /** - * \brief Enabled or disables the verification of validity times for certificates and CRLs + * \brief Enables or disables the verification of validity times for certificates and CRLs * * \param value true to enable time validation, false to disable (enabled by default) */ From 98687a1ece8949937b6e8540da98c48b9c4e1cce Mon Sep 17 00:00:00 2001 From: Michael Zillgith Date: Wed, 2 Jul 2025 16:34:42 +0100 Subject: [PATCH 3/3] - fixed format issue --- src/r_session/r_session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/r_session/r_session.c b/src/r_session/r_session.c index 538ad8ec..fcd35bf0 100644 --- a/src/r_session/r_session.c +++ b/src/r_session/r_session.c @@ -140,7 +140,7 @@ RSessionKeyMaterial_destroy(RSessionKeyMaterial self) GLOBAL_FREEMEM(self->key); GLOBAL_FREEMEM(self); } - } +} RSession RSession_create()