Merge pull request #110 from FreeOpcUa/token

jonasgreen88 : fix token

asyncua/client/client.py

@@ -255,10 +255,8 @@ class Client:
         params.SecurityMode = self.security_policy.Mode
         params.RequestedLifetime = self.secure_channel_timeout
         # length should be equal to the length of key of symmetric encryption
-        nonce = create_nonce(self.security_policy.symmetric_key_size)
-        params.ClientNonce = nonce  # this nonce is used to create a symmetric key
+        params.ClientNonce = create_nonce(self.security_policy.symmetric_key_size)
         result = await self.uaclient.open_secure_channel(params)
-        self.security_policy.make_symmetric_key(nonce, result.ServerNonce)
         self.secure_channel_timeout = result.SecurityToken.RevisedLifetime
 
     async def close_secure_channel(self):

asyncua/client/ua_client.py

@@ -120,6 +120,11 @@ class UASocketProtocol(asyncio.Protocol):
         self._request_id += 1
         future = self.loop.create_future()
         self._callbackmap[self._request_id] = future
+
+        # Change to the new security token if the connection has been renewed.
+        if self._connection.next_security_token.TokenId != 0:
+            self._connection.revolve_tokens()
+
         msg = self._connection.message_to_binary(binreq, message_type=message_type, request_id=self._request_id)
         self.transport.write(msg)
         return future
@@ -195,11 +200,9 @@ class UASocketProtocol(asyncio.Protocol):
             self._send_request(request, message_type=ua.MessageType.SecureOpen),
             self.timeout
         )
-        # FIXME: we have a race condition here
-        # we can get a packet with the new token id before we reach to store it..
         response = struct_from_binary(ua.OpenSecureChannelResponse, result)
         response.ResponseHeader.ServiceResult.check()
-        self._connection.set_channel(response.Parameters)
+        self._connection.set_channel(response.Parameters, params.RequestType, params.ClientNonce)
         return response.Parameters
 
     async def close_secure_channel(self):

asyncua/crypto/security_policies.py

@@ -422,14 +422,17 @@ class SecurityPolicyBasic128Rsa15(SecurityPolicy):
         self.server_certificate = uacrypto.der_from_x509(server_cert)
         self.client_certificate = uacrypto.der_from_x509(client_cert)
 
-    def make_symmetric_key(self, nonce1, nonce2):
+    def make_local_symmetric_key(self, secret, seed):
         key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
 
-        (sigkey, key, init_vec) = uacrypto.p_sha1(nonce2, nonce1, key_sizes)
+        (sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
         self.symmetric_cryptography.Signer = SignerAesCbc(sigkey)
         self.symmetric_cryptography.Encryptor = EncryptorAesCbc(key, init_vec)
 
-        (sigkey, key, init_vec) = uacrypto.p_sha1(nonce1, nonce2, key_sizes)
+    def make_remote_symmetric_key(self, secret, seed):
+        key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
+
+        (sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
         self.symmetric_cryptography.Verifier = VerifierAesCbc(sigkey)
         self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)
 
@@ -494,15 +497,20 @@ class SecurityPolicyBasic256(SecurityPolicy):
         self.server_certificate = uacrypto.der_from_x509(server_cert)
         self.client_certificate = uacrypto.der_from_x509(client_cert)
 
-    def make_symmetric_key(self, nonce1, nonce2):
+    def make_local_symmetric_key(self, secret, seed):
         # specs part 6, 6.7.5
         key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
 
-        (sigkey, key, init_vec) = uacrypto.p_sha1(nonce2, nonce1, key_sizes)
+        (sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
         self.symmetric_cryptography.Signer = SignerAesCbc(sigkey)
         self.symmetric_cryptography.Encryptor = EncryptorAesCbc(key, init_vec)
 
-        (sigkey, key, init_vec) = uacrypto.p_sha1(nonce1, nonce2, key_sizes)
+    def make_remote_symmetric_key(self, secret, seed):
+
+        # specs part 6, 6.7.5
+        key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
+
+        (sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
         self.symmetric_cryptography.Verifier = VerifierAesCbc(sigkey)
         self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)
 
@@ -560,15 +568,20 @@ class SecurityPolicyBasic256Sha256(SecurityPolicy):
         self.server_certificate = uacrypto.der_from_x509(server_cert)
         self.client_certificate = uacrypto.der_from_x509(client_cert)
 
-    def make_symmetric_key(self, nonce1, nonce2):
+    def make_local_symmetric_key(self, secret, seed):
         # specs part 6, 6.7.5
         key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
 
-        (sigkey, key, init_vec) = uacrypto.p_sha256(nonce2, nonce1, key_sizes)
+        (sigkey, key, init_vec) = uacrypto.p_sha256(secret, seed, key_sizes)
         self.symmetric_cryptography.Signer = SignerHMac256(sigkey)
         self.symmetric_cryptography.Encryptor = EncryptorAesCbc(key, init_vec)
 
-        (sigkey, key, init_vec) = uacrypto.p_sha256(nonce1, nonce2, key_sizes)
+    def make_remote_symmetric_key(self, secret, seed):
+
+        # specs part 6, 6.7.5
+        key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
+
+        (sigkey, key, init_vec) = uacrypto.p_sha256(secret, seed, key_sizes)
         self.symmetric_cryptography.Verifier = VerifierHMac256(sigkey)
         self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)
 

asyncua/ua/uaprotocol_hand.py

@@ -229,7 +229,10 @@ class SecurityPolicy:
         self.server_certificate = None
         self.client_certificate = None
 
-    def make_symmetric_key(self, a, b):
+    def make_local_symmetric_key(self, secret, seed):
+        pass
+
+    def make_remote_symmetric_key(self, secret, seed):
         pass