fix server connexions from ignition (#183)

* fix server connexions from ignition Fixes #182 Reverts a change introduced in 5c20ed8 * Never send an all-zeroes nonce See GHSA-pq4w-qm9g-qx68 (and eclipse-milo/milo#949)
locka99 · Apr 5, 2022 · f253f40 · f253f40
1 parent 0e9a7b3
commit f253f40
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 16 deletions.
diff --git a/core/src/comms/secure_channel.rs b/core/src/comms/secure_channel.rs
@@ -12,14 +12,14 @@ use chrono::Duration;
 
 use opcua_crypto::{
     aeskey::AesKey,
+    CertificateStore,
     pkey::{KeySize, PrivateKey, PublicKey},
     random,
-    x509::X509,
-    CertificateStore, SecurityPolicy,
+    SecurityPolicy, x509::X509,
 };
 use opcua_types::{
-    service_types::ChannelSecurityToken, status_code::StatusCode, write_bytes, write_u8,
-    BinaryEncoder, ByteString, DateTime, DecodingOptions, MessageSecurityMode,
+    BinaryEncoder, ByteString, DateTime, DecodingOptions,
+    MessageSecurityMode, service_types::ChannelSecurityToken, status_code::StatusCode, write_bytes, write_u8,
 };
 
 use crate::comms::{
@@ -272,16 +272,8 @@ impl SecureChannel {
 
     /// Creates a nonce for the connection. The nonce should be the same size as the symmetric key
     pub fn create_random_nonce(&mut self) {
-        if self.security_policy != SecurityPolicy::None
-            && (self.security_mode == MessageSecurityMode::Sign
-                || self.security_mode == MessageSecurityMode::SignAndEncrypt)
-        {
-            self.local_nonce = vec![0u8; self.security_policy.secure_channel_nonce_length()];
-            random::bytes(&mut self.local_nonce);
-        } else {
-            // Empty nonce
-            self.local_nonce = Vec::new();
-        }
+        self.local_nonce.resize(self.security_policy.secure_channel_nonce_length(), 0);
+        random::bytes(&mut self.local_nonce);
     }
 
     /// Sets the remote certificate
@@ -1031,7 +1023,7 @@ impl SecureChannel {
 
     pub fn local_nonce_as_byte_string(&self) -> ByteString {
         if self.local_nonce.is_empty() {
-            ByteString::from(&[0u8; 32])
+            ByteString::null()
         } else {
             ByteString::from(&self.local_nonce)
         }

diff --git a/crypto/src/security_policy.rs b/crypto/src/security_policy.rs
@@ -395,7 +395,10 @@ impl SecurityPolicy {
             | SecurityPolicy::Basic256Sha256
             | SecurityPolicy::Aes128Sha256RsaOaep
             | SecurityPolicy::Aes256Sha256RsaPss => 32,
-            _ => panic!(""),
+            // The nonce can be used for password or X509 authentication
+            // even when the security policy is None.
+            // see https://github.com/advisories/GHSA-pq4w-qm9g-qx68
+            SecurityPolicy::None | SecurityPolicy::Unknown => 32,
         }
     }