Skip to content

Commit

Permalink
handle extra padding if key length > 2048
Browse files Browse the repository at this point in the history
  • Loading branch information
martin.brenner authored and martin.brenner committed Apr 20, 2023
1 parent 6fd3deb commit 6e170c1
Showing 1 changed file with 18 additions and 2 deletions.
20 changes: 18 additions & 2 deletions uasc/secure_channel_instance.go
Original file line number Diff line number Diff line change
Expand Up @@ -170,11 +170,21 @@ func (c *channelInstance) signAndEncrypt(m *Message, b []byte) ([]byte, error) {
var encryptedLength int
if c.sc.cfg.SecurityMode == ua.MessageSecurityModeSignAndEncrypt || isAsymmetric {
plaintextBlockSize := c.algo.PlaintextBlockSize()
paddingLength := plaintextBlockSize - ((len(b[headerLength:]) + c.algo.SignatureLength() + 1) % plaintextBlockSize)
extraPadding := c.algo.RemoteSignatureLength() > 256
var paddingBytes int
if extraPadding {
paddingBytes = 2
} else {
paddingBytes = 1
}
paddingLength := plaintextBlockSize - ((len(b[headerLength:]) + c.algo.SignatureLength() + paddingBytes) % plaintextBlockSize)

for i := 0; i <= paddingLength; i++ {
b = append(b, byte(paddingLength))
}
if extraPadding {
b = append(b, byte(paddingLength>>8))
}
encryptedLength = ((len(b[headerLength:]) + c.algo.SignatureLength()) / plaintextBlockSize) * c.algo.BlockSize()
} else { // MessageSecurityModeSign
encryptedLength = len(b[headerLength:]) + c.algo.SignatureLength()
Expand Down Expand Up @@ -235,7 +245,13 @@ func (c *channelInstance) verifyAndDecrypt(m *MessageChunk, r []byte) ([]byte, e

var paddingLength int
if c.sc.cfg.SecurityMode == ua.MessageSecurityModeSignAndEncrypt || isAsymmetric {
paddingLength = int(messageToVerify[len(messageToVerify)-1]) + 1
paddingLength = int(messageToVerify[len(messageToVerify)-1])
if c.algo.SignatureLength() > 256 {
paddingLength <<= 8
paddingLength += int(messageToVerify[len(messageToVerify)-2])
paddingLength += 1
}
paddingLength += 1
}

b = messageToVerify[headerLength : len(messageToVerify)-paddingLength]
Expand Down

0 comments on commit 6e170c1

Please sign in to comment.