diff --git a/Libraries/Opc.Ua.Client/Session/Session.cs b/Libraries/Opc.Ua.Client/Session/Session.cs index df78d3bb5..32ee0d612 100644 --- a/Libraries/Opc.Ua.Client/Session/Session.cs +++ b/Libraries/Opc.Ua.Client/Session/Session.cs @@ -6539,6 +6539,7 @@ protected virtual void ProcessResponseAdditionalHeader(ResponseHeader responseHe { foreach (var ii in parameters.Parameters) { +#if ECC_SUPPORT if (ii.Key == "ECDHKey") { if (ii.Value.TypeInfo == TypeInfo.Scalars.StatusCode) @@ -6566,10 +6567,11 @@ protected virtual void ProcessResponseAdditionalHeader(ResponseHeader responseHe m_eccServerEphemeralKey = Nonce.CreateNonce(m_userTokenSecurityPolicyUri, key.PublicKey); } +#endif } } } - #endregion +#endregion #region Protected Fields /// diff --git a/Libraries/Opc.Ua.Configuration/ApplicationConfigurationBuilder.cs b/Libraries/Opc.Ua.Configuration/ApplicationConfigurationBuilder.cs index 36b2a60de..0e9f99f96 100644 --- a/Libraries/Opc.Ua.Configuration/ApplicationConfigurationBuilder.cs +++ b/Libraries/Opc.Ua.Configuration/ApplicationConfigurationBuilder.cs @@ -954,8 +954,13 @@ public static CertificateIdentifierCollection CreateDefaultApplicationCertificat StorePath = storePath, SubjectName = subjectName, CertificateType = ObjectTypeIds.RsaSha256ApplicationCertificateType - }, - new CertificateIdentifier { + } + }; +#if ECC_SUPPORT + certificateIdentifiers.AddRange( + new CertificateIdentifierCollection + { + new CertificateIdentifier { StoreType = storeType, StorePath = storePath, SubjectName = subjectName, @@ -967,7 +972,7 @@ public static CertificateIdentifierCollection CreateDefaultApplicationCertificat SubjectName = subjectName, CertificateType = ObjectTypeIds.EccNistP384ApplicationCertificateType } - }; + }); if (!RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) { @@ -990,11 +995,11 @@ public static CertificateIdentifierCollection CreateDefaultApplicationCertificat } }); } - +#endif return certificateIdentifiers; } - #endregion +#endregion #region Private Methods /// diff --git a/Stack/Opc.Ua.Core/Security/Certificates/CertificateValidator.cs b/Stack/Opc.Ua.Core/Security/Certificates/CertificateValidator.cs index 2504d6b34..406dad299 100644 --- a/Stack/Opc.Ua.Core/Security/Certificates/CertificateValidator.cs +++ b/Stack/Opc.Ua.Core/Security/Certificates/CertificateValidator.cs @@ -1776,6 +1776,7 @@ private static bool IsSignatureValid(X509Certificate2 cert) /// private static readonly Dictionary NamedCurveBitSizes = new Dictionary { +#if ECC_SUPPORT // NIST Curves { ECCurve.NamedCurves.nistP256.Oid.Value ?? "1.2.840.10045.3.1.7", 256 }, // NIST P-256 { ECCurve.NamedCurves.nistP384.Oid.Value ?? "1.3.132.0.34" , 384 }, // NIST P-384 @@ -1784,6 +1785,7 @@ private static bool IsSignatureValid(X509Certificate2 cert) // Brainpool Curves { ECCurve.NamedCurves.brainpoolP256r1.Oid.Value ?? "1.3.36.3.3.2.8.1.1.7", 256 }, // BrainpoolP256r1 { ECCurve.NamedCurves.brainpoolP384r1.Oid.Value ?? "1.3.36.3.3.2.8.1.1.11", 384 }, // BrainpoolP384r1 +#endif }; /// @@ -1844,7 +1846,7 @@ private bool FindDomain(X509Certificate2 serverCertificate, Uri endpointUrl) } return domainFound; } - +#if ECC_SUPPORT /// /// Returns if the certificate is secure enough for the profile. /// @@ -1883,7 +1885,8 @@ public static bool IsECSecureForProfile(X509Certificate2 certificate, int requir } } } - #endregion +#endif +#endregion #region Private Enum /// diff --git a/Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs b/Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs index 4b5f18890..89723ba4d 100644 --- a/Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs +++ b/Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs @@ -1339,7 +1339,7 @@ public static ECDsa GetPublicKey(X509Certificate2 certificate) return GetPublicKey(certificate, out securityPolicyUris); } - /// + /// /// Returns the hash algorithm for the specified security policy. /// /// @@ -1374,7 +1374,7 @@ public static HashAlgorithmName GetSignatureAlgorithmName(string securityPolicyU } } } - + #endif } } diff --git a/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs b/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs index 605c71296..daaed70b3 100644 --- a/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs +++ b/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs @@ -194,10 +194,12 @@ public static Nonce CreateNonce(string securityPolicyUri) switch (securityPolicyUri) { +#if ECC_SUPPORT case SecurityPolicies.ECC_nistP256: { return CreateNonce(ECCurve.NamedCurves.nistP256); } case SecurityPolicies.ECC_nistP384: { return CreateNonce(ECCurve.NamedCurves.nistP384); } case SecurityPolicies.ECC_brainpoolP256r1: { return CreateNonce(ECCurve.NamedCurves.brainpoolP256r1); } case SecurityPolicies.ECC_brainpoolP384r1: { return CreateNonce(ECCurve.NamedCurves.brainpoolP384r1); } +#endif #if CURVE25519 case SecurityPolicies.ECC_curve25519: { @@ -245,11 +247,12 @@ public static Nonce CreateNonce(string securityPolicyUri, byte[] nonceData) switch (securityPolicyUri) { +#if ECC_SUPPORT case SecurityPolicies.ECC_nistP256: { return CreateNonce(ECCurve.NamedCurves.nistP256, nonceData); } case SecurityPolicies.ECC_nistP384: { return CreateNonce(ECCurve.NamedCurves.nistP384, nonceData); } case SecurityPolicies.ECC_brainpoolP256r1: { return CreateNonce(ECCurve.NamedCurves.brainpoolP256r1, nonceData); } case SecurityPolicies.ECC_brainpoolP384r1: { return CreateNonce(ECCurve.NamedCurves.brainpoolP384r1, nonceData); } - +#endif case SecurityPolicies.ECC_curve25519: { return CreateNonceForCurve25519(nonceData); @@ -268,7 +271,7 @@ public static Nonce CreateNonce(string securityPolicyUri, byte[] nonceData) return nonce; } - #endregion +#endregion #region Utility Methods @@ -422,7 +425,7 @@ private static Nonce CreateNonceForCurve448(byte[] nonceData) return nonce; } - +#if ECC_SUPPORT /// /// Creates a new Nonce instance with the specified ECC curve and nonce data. /// @@ -431,7 +434,7 @@ private static Nonce CreateNonceForCurve448(byte[] nonceData) /// A new Nonce instance with the specified curve and nonce data. private static Nonce CreateNonce(ECCurve curve, byte[] nonceData) { -#if ECC_SUPPORT + Nonce nonce = new Nonce() { Data = nonceData }; @@ -464,9 +467,6 @@ private static Nonce CreateNonce(ECCurve curve, byte[] nonceData) } return nonce; -#else - throw new NotSupportedException("Platform does not support ECC curves"); -#endif } /// @@ -476,7 +476,7 @@ private static Nonce CreateNonce(ECCurve curve, byte[] nonceData) /// A new Nonce instance. private static Nonce CreateNonce(ECCurve curve) { -#if ECC_SUPPORT + var ecdh = (ECDiffieHellman)ECDiffieHellman.Create(curve); var ecdhParameters = ecdh.ExportParameters(false); int xLen = ecdhParameters.Q.X.Length; @@ -492,12 +492,8 @@ private static Nonce CreateNonce(ECCurve curve) }; return nonce; - -#else - throw new NotSupportedException("Platform does not support ECC curves"); -#endif } - +#endif /// @@ -578,9 +574,10 @@ private static Nonce CreateNonceForCurve448() /// protected Nonce(SerializationInfo info, StreamingContext context) { +#if ECC_SUPPORT var curveName = info.GetString("CurveName"); -#if ECC_SUPPORT + if (curveName != null) { var ecParams = new ECParameters { diff --git a/Stack/Opc.Ua.Core/Types/Utils/Utils.cs b/Stack/Opc.Ua.Core/Types/Utils/Utils.cs index e330389a7..371038461 100644 --- a/Stack/Opc.Ua.Core/Types/Utils/Utils.cs +++ b/Stack/Opc.Ua.Core/Types/Utils/Utils.cs @@ -3148,7 +3148,7 @@ public static bool IsSupportedCertificateType(NodeId certificateType) } return false; } - +#if ECC_SUPPORT /// /// Check if known curve is supported by platform /// @@ -3182,6 +3182,7 @@ ex is ArgumentException || { ECCurve.NamedCurves.brainpoolP256r1.Oid.FriendlyName, new Lazy(() => IsCurveSupported(ECCurve.NamedCurves.brainpoolP256r1)) }, { ECCurve.NamedCurves.brainpoolP384r1.Oid.FriendlyName, new Lazy(() => IsCurveSupported(ECCurve.NamedCurves.brainpoolP384r1)) }, }; +#endif /// /// Lazy helper to allow runtime check for Mono. @@ -3198,6 +3199,6 @@ public static bool IsRunningOnMono() { return s_isRunningOnMonoValue.Value; } - #endregion +#endregion } } diff --git a/Tests/Opc.Ua.Client.Tests/ClientTest.cs b/Tests/Opc.Ua.Client.Tests/ClientTest.cs index 494b81129..7b30df311 100644 --- a/Tests/Opc.Ua.Client.Tests/ClientTest.cs +++ b/Tests/Opc.Ua.Client.Tests/ClientTest.cs @@ -1673,7 +1673,7 @@ public async Task OpenSessionECCIssuedIdentityToken( Assert.NotNull(value1); } } - +#if ECC_SUPPORT /// /// Open a session on a channel using ECC encrypted UserCertificateIdentityToken /// @@ -1732,7 +1732,8 @@ public async Task OpenSessionECCUserCertIdentityToken( } } } - #endregion +#endif +#endregion #region Benchmarks ///