Enum SecurityPolicy 

pub enum SecurityPolicy {
    Unknown,
    None,
    Aes128Sha256RsaOaep,
    Basic256Sha256,
    Aes256Sha256RsaPss,
    Basic128Rsa15,
    Basic256,
}

SecurityPolicy implies what encryption and signing algorithms and their relevant key strengths are used during an encrypted session.

Variants

Unknown

Security policy is unknown, this is generally an error.

None

No security.

Aes128Sha256RsaOaep

AES128/SHA256 RSA-OAEP.

Basic256Sha256

Basic256/SHA256

Aes256Sha256RsaPss

AES256/SHA256 RSA-PSS

Basic128Rsa15

Basic128. Note that this security policy is deprecated.

Basic256

Basic256.

Implementations

impl SecurityPolicy

pub fn to_uri(&self) -> &'static str

Get the security policy URI from this policy.

This will panic if the security policy is Unknown.

pub fn is_supported(&self) -> bool

Returns true if the security policy is supported. It might be recognized but be unsupported by the implementation

pub fn is_deprecated(&self) -> bool

Returns true if the security policy has been deprecated by the OPC UA specification

pub fn to_str(&self) -> &'static str

Get a string representation of this policy.

This will panic if the security policy is Unknown.

pub fn asymmetric_encryption_algorithm(&self) -> Option<&'static str>

Get the asymmetric encryption algorithm for this security policy.

This will panic if the security policy is Unknown or None.

pub fn asymmetric_signature_algorithm(&self) -> &'static str

Get the asymmetric signature algorithm for this security policy.

This will panic if the security policy is Unknown or None.

pub fn plain_block_size(&self) -> usize

Plaintext block size in bytes.

This will panic if the security policy is Unknown or None.

pub fn symmetric_signature_size(&self) -> usize

Signature size in bytes.

This will panic if the security policy is Unknown.

pub fn is_valid_keylength(&self, keylength: usize) -> bool

Tests if the supplied key length is valid for this policy

pub fn random_nonce(&self) -> ByteString

Creates a random nonce in a bytestring with a length appropriate for the policy

pub fn secure_channel_nonce_length(&self) -> usize

Length of the secure channel nonce for this security policy.

pub fn from_uri(uri: &str) -> SecurityPolicy

Get the security policy from the given URI. Returns Unknown if the URI does not match any known policy.

pub fn legacy_sequence_numbers(&self) -> bool

Returns whether the security policy uses legacy sequence numbers.

pub fn make_secure_channel_keys( &self, secret: &[u8], seed: &[u8], ) -> AesDerivedKeys

Part 6 6.7.5 Deriving keys Once the SecureChannel is established the Messages are signed and encrypted with keys derived from the Nonces exchanged in the OpenSecureChannel call. These keys are derived by passing the Nonces to a pseudo-random function which produces a sequence of bytes from a set of inputs. A pseudo-random function is represented by the following function declaration:

Byte[] PRF( Byte[] secret,  Byte[] seed,  i32 length,  i32 offset)

Where length is the number of bytes to return and offset is a number of bytes from the beginning of the sequence.

The lengths of the keys that need to be generated depend on the SecurityPolicy used for the channel. The following information is specified by the SecurityPolicy:

a) SigningKeyLength (from the DerivedSignatureKeyLength); b) EncryptingKeyLength (implied by the SymmetricEncryptionAlgorithm); c) EncryptingBlockSize (implied by the SymmetricEncryptionAlgorithm).

The parameters passed to the pseudo random function are specified in Table 33.

Table 33 – Cryptography key generation parameters

Key | Secret | Seed | Length | Offset ClientSigningKey | ServerNonce | ClientNonce | SigningKeyLength | 0 ClientEncryptingKey | ServerNonce | ClientNonce | EncryptingKeyLength | SigningKeyLength ClientInitializationVector | ServerNonce | ClientNonce | EncryptingBlockSize | SigningKeyLength + EncryptingKeyLength ServerSigningKey | ClientNonce | ServerNonce | SigningKeyLength | 0 ServerEncryptingKey | ClientNonce | ServerNonce | EncryptingKeyLength | SigningKeyLength ServerInitializationVector | ClientNonce | ServerNonce | EncryptingBlockSize | SigningKeyLength + EncryptingKeyLength

The Client keys are used to secure Messages sent by the Client. The Server keys are used to secure Messages sent by the Server.

pub fn asymmetric_sign( &self, signing_key: &PKey<RsaPrivateKey>, data: &[u8], signature: &mut [u8], ) -> Result<usize, Error>

Produce a signature of the data using an asymmetric key. Stores the signature in the supplied signature buffer. Returns the size of the signature within that buffer.

pub fn asymmetric_verify_signature( &self, verification_key: &PKey<RsaPublicKey>, data: &[u8], signature: &[u8], ) -> Result<(), Error>

Verifies a signature of the data using an asymmetric key. In a debugging scenario, the signing key can also be supplied so that the supplied signature can be compared to a freshly generated signature.

pub fn symmetric_padding_info(&self) -> PaddingInfo

Get information about message padding for symmetric encryption using this policy.

pub fn asymmetric_padding_info( &self, remote_key: &PKey<RsaPublicKey>, ) -> PaddingInfo

Get information about message padding for asymmetric encryption using this policy, requires the public key of the receiver.

pub fn calculate_cipher_text_size( &self, plain_text_size: usize, key: &PKey<RsaPublicKey>, ) -> usize

Calculate the size of the cipher text for asymmetric encryption.

pub fn asymmetric_encrypt( &self, encryption_key: &PKey<RsaPublicKey>, src: &[u8], dst: &mut [u8], ) -> Result<usize, Error>

Encrypts a message using the supplied encryption key, returns the encrypted size. Destination buffer must be large enough to hold encrypted bytes including any padding.

pub fn asymmetric_decrypt( &self, decryption_key: &PKey<RsaPrivateKey>, src: &[u8], dst: &mut [u8], ) -> Result<usize, Error>

Decrypts a message whose thumbprint matches the x509 cert and private key pair.

Returns the number of decrypted bytes

pub fn symmetric_sign( &self, keys: &AesDerivedKeys, data: &[u8], signature: &mut [u8], ) -> Result<(), Error>

Produce a signature of some data using the supplied symmetric key. Signing algorithm is determined by the security policy. Signature is stored in the supplied signature argument.

pub fn symmetric_verify_signature( &self, keys: &AesDerivedKeys, data: &[u8], signature: &[u8], ) -> Result<(), Error>

Verify the signature of a data block using the supplied symmetric key.

pub fn symmetric_encrypt( &self, keys: &AesDerivedKeys, src: &[u8], dst: &mut [u8], ) -> Result<usize, Error>

Encrypt the supplied data using the supplied key storing the result in the destination.

pub fn symmetric_decrypt( &self, keys: &AesDerivedKeys, src: &[u8], dst: &mut [u8], ) -> Result<usize, Error>

Decrypts the supplied data using the supplied key storing the result in the destination.

pub fn encrypting_key_length(&self) -> usize

Get the key length used for symmetric encryption.

Trait Implementations

impl Clone for SecurityPolicy

fn clone(&self) -> SecurityPolicy

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SecurityPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Display for SecurityPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl FromStr for SecurityPolicy

type Err = ()

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<SecurityPolicy, <SecurityPolicy as FromStr>::Err>

Parses a string s to return a value of this type.

impl PartialEq for SecurityPolicy

fn eq(&self, other: &SecurityPolicy) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Copy for SecurityPolicy

impl StructuralPartialEq for SecurityPolicy