Enum opcua_server::prelude::SecurityPolicy
source · [−]pub enum SecurityPolicy {
Unknown,
None,
Aes128Sha256RsaOaep,
Basic256Sha256,
Aes256Sha256RsaPss,
Basic128Rsa15,
Basic256,
}
Expand description
SecurityPolicy implies what encryption and signing algorithms and their relevant key strengths are used during an encrypted session.
Variants
Unknown
None
Aes128Sha256RsaOaep
Basic256Sha256
Aes256Sha256RsaPss
Basic128Rsa15
Basic256
Implementations
sourceimpl SecurityPolicy
impl SecurityPolicy
pub fn to_uri(&self) -> &'static str
sourcepub fn is_supported(&self) -> bool
pub fn is_supported(&self) -> bool
Returns true if the security policy is supported. It might be recognized but be unsupported by the implementation
sourcepub fn is_deprecated(&self) -> bool
pub fn is_deprecated(&self) -> bool
Returns true if the security policy has been deprecated by the OPC UA specification
pub fn to_str(&self) -> &'static str
pub fn asymmetric_encryption_algorithm(&self) -> &'static str
pub fn asymmetric_signature_algorithm(&self) -> &'static str
pub fn symmetric_signature_algorithm(&self) -> &'static str
pub fn plain_block_size(&self) -> usize
pub fn symmetric_signature_size(&self) -> usize
sourcepub fn derived_signature_key_size(&self) -> usize
pub fn derived_signature_key_size(&self) -> usize
Returns the derived signature key (not the signature) size in bytes
sourcepub fn min_max_asymmetric_keylength(&self) -> (usize, usize)
pub fn min_max_asymmetric_keylength(&self) -> (usize, usize)
Returns the min and max (inclusive) key length in bits
sourcepub fn is_valid_keylength(&self, keylength: usize) -> bool
pub fn is_valid_keylength(&self, keylength: usize) -> bool
Tests if the supplied key length is valid for this policy
sourcepub fn random_nonce(&self) -> ByteString
pub fn random_nonce(&self) -> ByteString
Creates a random nonce in a bytestring with a length appropriate for the policy
pub fn secure_channel_nonce_length(&self) -> usize
pub fn from_uri(uri: &str) -> SecurityPolicy
sourcepub fn make_secure_channel_keys(
&self,
secret: &[u8],
seed: &[u8]
) -> (Vec<u8, Global>, AesKey, Vec<u8, Global>)
pub fn make_secure_channel_keys(
&self,
secret: &[u8],
seed: &[u8]
) -> (Vec<u8, Global>, AesKey, Vec<u8, Global>)
Part 6 6.7.5 Deriving keys Once the SecureChannel is established the Messages are signed and encrypted with keys derived from the Nonces exchanged in the OpenSecureChannel call. These keys are derived by passing the Nonces to a pseudo-random function which produces a sequence of bytes from a set of inputs. A pseudo-random function is represented by the following function declaration:
Byte[] PRF( Byte[] secret, Byte[] seed, i32 length, i32 offset)
Where length is the number of bytes to return and offset is a number of bytes from the beginning of the sequence.
The lengths of the keys that need to be generated depend on the SecurityPolicy used for the channel. The following information is specified by the SecurityPolicy:
a) SigningKeyLength (from the DerivedSignatureKeyLength); b) EncryptingKeyLength (implied by the SymmetricEncryptionAlgorithm); c) EncryptingBlockSize (implied by the SymmetricEncryptionAlgorithm).
The parameters passed to the pseudo random function are specified in Table 33.
Table 33 – Cryptography key generation parameters
Key | Secret | Seed | Length | Offset ClientSigningKey | ServerNonce | ClientNonce | SigningKeyLength | 0 ClientEncryptingKey | ServerNonce | ClientNonce | EncryptingKeyLength | SigningKeyLength ClientInitializationVector | ServerNonce | ClientNonce | EncryptingBlockSize | SigningKeyLength + EncryptingKeyLength ServerSigningKey | ClientNonce | ServerNonce | SigningKeyLength | 0 ServerEncryptingKey | ClientNonce | ServerNonce | EncryptingKeyLength | SigningKeyLength ServerInitializationVector | ClientNonce | ServerNonce | EncryptingBlockSize | SigningKeyLength + EncryptingKeyLength
The Client keys are used to secure Messages sent by the Client. The Server keys are used to secure Messages sent by the Server.
sourcepub fn asymmetric_sign(
&self,
signing_key: &PKey<Private>,
data: &[u8],
signature: &mut [u8]
) -> Result<usize, StatusCode>
pub fn asymmetric_sign(
&self,
signing_key: &PKey<Private>,
data: &[u8],
signature: &mut [u8]
) -> Result<usize, StatusCode>
Produce a signature of the data using an asymmetric key. Stores the signature in the supplied
signature
buffer. Returns the size of the signature within that buffer.
sourcepub fn asymmetric_verify_signature(
&self,
verification_key: &PKey<Public>,
data: &[u8],
signature: &[u8],
their_private_key: Option<PKey<Private>>
) -> Result<(), StatusCode>
pub fn asymmetric_verify_signature(
&self,
verification_key: &PKey<Public>,
data: &[u8],
signature: &[u8],
their_private_key: Option<PKey<Private>>
) -> Result<(), StatusCode>
Verifies a signature of the data using an asymmetric key. In a debugging scenario, the signing key can also be supplied so that the supplied signature can be compared to a freshly generated signature.
sourcepub fn asymmetric_encryption_padding(&self) -> RsaPadding
pub fn asymmetric_encryption_padding(&self) -> RsaPadding
Returns the padding algorithm used for this security policy for asymettric encryption and decryption.
sourcepub fn asymmetric_encrypt(
&self,
encryption_key: &PKey<Public>,
src: &[u8],
dst: &mut [u8]
) -> Result<usize, StatusCode>
pub fn asymmetric_encrypt(
&self,
encryption_key: &PKey<Public>,
src: &[u8],
dst: &mut [u8]
) -> Result<usize, StatusCode>
Encrypts a message using the supplied encryption key, returns the encrypted size. Destination buffer must be large enough to hold encrypted bytes including any padding.
sourcepub fn asymmetric_decrypt(
&self,
decryption_key: &PKey<Private>,
src: &[u8],
dst: &mut [u8]
) -> Result<usize, StatusCode>
pub fn asymmetric_decrypt(
&self,
decryption_key: &PKey<Private>,
src: &[u8],
dst: &mut [u8]
) -> Result<usize, StatusCode>
Decrypts a message whose thumbprint matches the x509 cert and private key pair.
Returns the number of decrypted bytes
sourcepub fn symmetric_sign(
&self,
key: &[u8],
data: &[u8],
signature: &mut [u8]
) -> Result<(), StatusCode>
pub fn symmetric_sign(
&self,
key: &[u8],
data: &[u8],
signature: &mut [u8]
) -> Result<(), StatusCode>
Produce a signature of some data using the supplied symmetric key. Signing algorithm is determined
by the security policy. Signature is stored in the supplied signature
argument.
sourcepub fn symmetric_verify_signature(
&self,
key: &[u8],
data: &[u8],
signature: &[u8]
) -> Result<bool, StatusCode>
pub fn symmetric_verify_signature(
&self,
key: &[u8],
data: &[u8],
signature: &[u8]
) -> Result<bool, StatusCode>
Verify the signature of a data block using the supplied symmetric key.
Trait Implementations
sourceimpl Clone for SecurityPolicy
impl Clone for SecurityPolicy
sourcefn clone(&self) -> SecurityPolicy
fn clone(&self) -> SecurityPolicy
Returns a copy of the value. Read more
1.0.0 · sourcefn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from source
. Read more
sourceimpl Debug for SecurityPolicy
impl Debug for SecurityPolicy
sourceimpl Display for SecurityPolicy
impl Display for SecurityPolicy
sourceimpl FromStr for SecurityPolicy
impl FromStr for SecurityPolicy
sourceimpl PartialEq<SecurityPolicy> for SecurityPolicy
impl PartialEq<SecurityPolicy> for SecurityPolicy
impl Copy for SecurityPolicy
impl StructuralPartialEq for SecurityPolicy
Auto Trait Implementations
impl RefUnwindSafe for SecurityPolicy
impl Send for SecurityPolicy
impl Sync for SecurityPolicy
impl Unpin for SecurityPolicy
impl UnwindSafe for SecurityPolicy
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> ToOwned for T where
T: Clone,
impl<T> ToOwned for T where
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
sourcefn clone_into(&self, target: &mut T)
fn clone_into(&self, target: &mut T)
toowned_clone_into
)Uses borrowed data to replace owned data, usually by cloning. Read more