Added security for BACnet stack, based on the BACnet 2012 standard, clause 24.
Implemented the majority of functionalities presented in the standard, but there are several features that this patch currently lacks: - Set-Master-Key message has a specific order of key adding and decoding which is not covered - There is no general secure-apdu-handler function - Checks for the type of keys used for signing/encryption of specific messages is not implemented - The status of encrypted flag during the calculation of the signature is ambiguous There is a Linux implementation using the OpenSSL library, with function prototypes broad enough to allow for different implementations. Thank you, Nikola Jelić!
This commit is contained in:
skarg
@@ -80,13 +80,22 @@
|
||||
/* #define MAX_APDU 1476 */
|
||||
#if defined(BACDL_BIP)
|
||||
#define MAX_APDU 1476
|
||||
|
||||
/* #define MAX_APDU 128 enable this IP for testing readrange so you get the More Follows flag set */
|
||||
#elif defined (BACDL_ETHERNET)
|
||||
#if defined(BACNET_SECURITY)
|
||||
#define MAX_APDU 1420
|
||||
#else
|
||||
#define MAX_APDU 1476
|
||||
#endif
|
||||
#else
|
||||
#if defined(BACNET_SECURITY)
|
||||
#define MAX_APDU 412
|
||||
#else
|
||||
#define MAX_APDU 480
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* for confirmed messages, this is the number of transactions */
|
||||
/* that we hold in a queue waiting for timeout. */
|
||||
@@ -133,32 +142,32 @@
|
||||
#endif
|
||||
|
||||
#if defined (BACAPP_ALL)
|
||||
#define BACAPP_NULL
|
||||
#define BACAPP_BOOLEAN
|
||||
#define BACAPP_UNSIGNED
|
||||
#define BACAPP_SIGNED
|
||||
#define BACAPP_REAL
|
||||
#define BACAPP_DOUBLE
|
||||
#define BACAPP_OCTET_STRING
|
||||
#define BACAPP_CHARACTER_STRING
|
||||
#define BACAPP_BIT_STRING
|
||||
#define BACAPP_ENUMERATED
|
||||
#define BACAPP_DATE
|
||||
#define BACAPP_TIME
|
||||
#define BACAPP_OBJECT_ID
|
||||
#define BACAPP_DEVICE_OBJECT_PROP_REF
|
||||
#define BACAPP_LIGHTING_COMMAND
|
||||
#define BACAPP_NULL
|
||||
#define BACAPP_BOOLEAN
|
||||
#define BACAPP_UNSIGNED
|
||||
#define BACAPP_SIGNED
|
||||
#define BACAPP_REAL
|
||||
#define BACAPP_DOUBLE
|
||||
#define BACAPP_OCTET_STRING
|
||||
#define BACAPP_CHARACTER_STRING
|
||||
#define BACAPP_BIT_STRING
|
||||
#define BACAPP_ENUMERATED
|
||||
#define BACAPP_DATE
|
||||
#define BACAPP_TIME
|
||||
#define BACAPP_OBJECT_ID
|
||||
#define BACAPP_DEVICE_OBJECT_PROP_REF
|
||||
#define BACAPP_LIGHTING_COMMAND
|
||||
#elif defined (BACAPP_MINIMAL)
|
||||
#define BACAPP_NULL
|
||||
#define BACAPP_BOOLEAN
|
||||
#define BACAPP_UNSIGNED
|
||||
#define BACAPP_SIGNED
|
||||
#define BACAPP_REAL
|
||||
#define BACAPP_CHARACTER_STRING
|
||||
#define BACAPP_ENUMERATED
|
||||
#define BACAPP_DATE
|
||||
#define BACAPP_TIME
|
||||
#define BACAPP_OBJECT_ID
|
||||
#define BACAPP_NULL
|
||||
#define BACAPP_BOOLEAN
|
||||
#define BACAPP_UNSIGNED
|
||||
#define BACAPP_SIGNED
|
||||
#define BACAPP_REAL
|
||||
#define BACAPP_CHARACTER_STRING
|
||||
#define BACAPP_ENUMERATED
|
||||
#define BACAPP_DATE
|
||||
#define BACAPP_TIME
|
||||
#define BACAPP_OBJECT_ID
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user