Enum opcua_server::prelude::security_policy::SecurityPolicy

pub enum SecurityPolicy {
    Unknown,
    None,
    Aes128Sha256RsaOaep,
    Basic256Sha256,
    Aes256Sha256RsaPss,
    Basic128Rsa15,
    Basic256,
}

SecurityPolicy implies what encryption and signing algorithms and their relevant key strengths are used during an encrypted session.

Variants

Unknown

None

Aes128Sha256RsaOaep

Basic256Sha256

Aes256Sha256RsaPss

Basic128Rsa15

Basic256

Implementations

impl SecurityPolicy

pub fn to_uri(&self) -> &'static str

pub fn is_supported(&self) -> bool

Returns true if the security policy is supported. It might be recognized but be unsupported by the implementation

pub fn is_deprecated(&self) -> bool

Returns true if the security policy has been deprecated by the OPC UA specification

pub fn to_str(&self) -> &'static str

pub fn asymmetric_encryption_algorithm(&self) -> &'static str

pub fn asymmetric_signature_algorithm(&self) -> &'static str

pub fn symmetric_signature_algorithm(&self) -> &'static str

pub fn plain_block_size(&self) -> usize

pub fn symmetric_signature_size(&self) -> usize

pub fn derived_signature_key_size(&self) -> usize

Returns the derived signature key (not the signature) size in bytes

pub fn min_max_asymmetric_keylength(&self) -> (usize, usize)

Returns the min and max (inclusive) key length in bits

pub fn is_valid_keylength(&self, keylength: usize) -> bool

Tests if the supplied key length is valid for this policy

pub fn random_nonce(&self) -> ByteString

Creates a random nonce in a bytestring with a length appropriate for the policy

pub fn secure_channel_nonce_length(&self) -> usize

pub fn from_uri(uri: &str) -> SecurityPolicy

pub fn make_secure_channel_keys(
    &self,
    secret: &[u8],
    seed: &[u8]
) -> (Vec<u8, Global>, AesKey, Vec<u8, Global>)

Part 6 6.7.5 Deriving keys Once the SecureChannel is established the Messages are signed and encrypted with keys derived from the Nonces exchanged in the OpenSecureChannel call. These keys are derived by passing the Nonces to a pseudo-random function which produces a sequence of bytes from a set of inputs. A pseudo-random function is represented by the following function declaration:

Byte[] PRF( Byte[] secret,  Byte[] seed,  i32 length,  i32 offset)

Where length is the number of bytes to return and offset is a number of bytes from the beginning of the sequence.

The lengths of the keys that need to be generated depend on the SecurityPolicy used for the channel. The following information is specified by the SecurityPolicy:

a) SigningKeyLength (from the DerivedSignatureKeyLength); b) EncryptingKeyLength (implied by the SymmetricEncryptionAlgorithm); c) EncryptingBlockSize (implied by the SymmetricEncryptionAlgorithm).

The parameters passed to the pseudo random function are specified in Table 33.

Table 33 – Cryptography key generation parameters

Key | Secret | Seed | Length | Offset ClientSigningKey | ServerNonce | ClientNonce | SigningKeyLength | 0 ClientEncryptingKey | ServerNonce | ClientNonce | EncryptingKeyLength | SigningKeyLength ClientInitializationVector | ServerNonce | ClientNonce | EncryptingBlockSize | SigningKeyLength + EncryptingKeyLength ServerSigningKey | ClientNonce | ServerNonce | SigningKeyLength | 0 ServerEncryptingKey | ClientNonce | ServerNonce | EncryptingKeyLength | SigningKeyLength ServerInitializationVector | ClientNonce | ServerNonce | EncryptingBlockSize | SigningKeyLength + EncryptingKeyLength

The Client keys are used to secure Messages sent by the Client. The Server keys are used to secure Messages sent by the Server.

pub fn asymmetric_sign(
    &self,
    signing_key: &PKey<Private>,
    data: &[u8],
    signature: &mut [u8]
) -> Result<usize, StatusCode>

Produce a signature of the data using an asymmetric key. Stores the signature in the supplied signature buffer. Returns the size of the signature within that buffer.

pub fn asymmetric_verify_signature(
    &self,
    verification_key: &PKey<Public>,
    data: &[u8],
    signature: &[u8],
    their_private_key: Option<PKey<Private>>
) -> Result<(), StatusCode>

Verifies a signature of the data using an asymmetric key. In a debugging scenario, the signing key can also be supplied so that the supplied signature can be compared to a freshly generated signature.

pub fn asymmetric_encryption_padding(&self) -> RsaPadding

Returns the padding algorithm used for this security policy for asymettric encryption and decryption.

pub fn asymmetric_encrypt(
    &self,
    encryption_key: &PKey<Public>,
    src: &[u8],
    dst: &mut [u8]
) -> Result<usize, StatusCode>

Encrypts a message using the supplied encryption key, returns the encrypted size. Destination buffer must be large enough to hold encrypted bytes including any padding.

pub fn asymmetric_decrypt(
    &self,
    decryption_key: &PKey<Private>,
    src: &[u8],
    dst: &mut [u8]
) -> Result<usize, StatusCode>

Decrypts a message whose thumbprint matches the x509 cert and private key pair.

Returns the number of decrypted bytes

pub fn symmetric_sign(
    &self,
    key: &[u8],
    data: &[u8],
    signature: &mut [u8]
) -> Result<(), StatusCode>

Produce a signature of some data using the supplied symmetric key. Signing algorithm is determined by the security policy. Signature is stored in the supplied signature argument.

pub fn symmetric_verify_signature(
    &self,
    key: &[u8],
    data: &[u8],
    signature: &[u8]
) -> Result<bool, StatusCode>

Verify the signature of a data block using the supplied symmetric key.

pub fn symmetric_encrypt(
    &self,
    key: &AesKey,
    iv: &[u8],
    src: &[u8],
    dst: &mut [u8]
) -> Result<usize, StatusCode>

Encrypt the supplied data using the supplied key storing the result in the destination.

pub fn symmetric_decrypt(
    &self,
    key: &AesKey,
    iv: &[u8],
    src: &[u8],
    dst: &mut [u8]
) -> Result<usize, StatusCode>

Decrypts the supplied data using the supplied key storing the result in the destination.

Trait Implementations

impl Clone for SecurityPolicy

fn clone(&self) -> SecurityPolicy

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SecurityPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Display for SecurityPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl FromStr for SecurityPolicy

type Err = ()

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<SecurityPolicy, <SecurityPolicy as FromStr>::Err>

Parses a string s to return a value of this type.

impl PartialEq<SecurityPolicy> for SecurityPolicy

fn eq(&self, other: &SecurityPolicy) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=.

impl Copy for SecurityPolicy

impl StructuralPartialEq for SecurityPolicy