Documentation ¶
Overview ¶
Package uapolicy implements the encryption, decryption, signing, and signature verifying algorithms for Security Policy profiles as defined in Part 7 of the OPC-UA specifications (version 1.04)
Index ¶
- Constants
- func PublicKey(c []byte) (*rsa.PublicKey, error)
- func SecurityLevel(policy string, mode ua.MessageSecurityMode) uint8
- func SupportedPolicies() []string
- func Thumbprint(c []byte) []byte
- type AES
- type EncryptionAlgorithm
- func (e *EncryptionAlgorithm) BlockSize() int
- func (e *EncryptionAlgorithm) Decrypt(ciphertext []byte) (cleartext []byte, err error)
- func (e *EncryptionAlgorithm) Encrypt(cleartext []byte) (ciphertext []byte, err error)
- func (e *EncryptionAlgorithm) EncryptionURI() string
- func (e *EncryptionAlgorithm) MakeNonce() ([]byte, error)
- func (e *EncryptionAlgorithm) NonceLength() int
- func (e *EncryptionAlgorithm) PlaintextBlockSize() int
- func (e *EncryptionAlgorithm) RemoteSignatureLength() int
- func (e *EncryptionAlgorithm) Signature(message []byte) (signature []byte, err error)
- func (e *EncryptionAlgorithm) SignatureLength() int
- func (e *EncryptionAlgorithm) SignatureURI() string
- func (e *EncryptionAlgorithm) VerifySignature(message, signature []byte) error
- type HMAC
- type None
- type PKCS1v15
- type RSAOAEP
- type RSAPSS
Constants ¶
const ( AESBlockSize = aes.BlockSize AESMinPadding = 0 )
const ( NoneBlockSize = 1 NoneMinPadding = 0 )
const ( RSAOAEPMinPaddingSHA1 = (2 * 20) + 2 RSAOAEPMinPaddingSHA256 = (2 * 64) + 2 )
messageLen = (keyLenBits / 8) - 2*(hashLenBits / 8) - 2 paddingLen = keyLen - messageLen
= 2*hashLenBytes + 2
const PKCS1v15MinPadding = 11
Variables ¶
This section is empty.
Functions ¶
func SecurityLevel ¶ added in v0.6.0
func SecurityLevel(policy string, mode ua.MessageSecurityMode) uint8
func SupportedPolicies ¶
func SupportedPolicies() []string
SupportedPolicies returns all supported Security Policies (and therefore, valid inputs to Asymmetric(...) and Symmetric(...))
func Thumbprint ¶
Thumbprint returns the thumbprint of a DER-encoded certificate
Types ¶
type EncryptionAlgorithm ¶
type EncryptionAlgorithm struct {
// contains filtered or unexported fields
}
EncryptionAlgorithm wraps the functions used to return the various methods required to implement the symmetric and asymmetric algorithms Function variables were used instead of an interface to make better use of policies which implement the same algorithms in different combinations
EncryptionAlgorithm should always be instantiated through calls to SecurityPolicy.Symmetric() and SecurityPolicy.Asymmetric() to ensure correct behavior.
The zero value of this struct will use SecurityPolicy#None although using in this manner is discouraged for readability
func Asymmetric ¶
func Asymmetric(uri string, localKey *rsa.PrivateKey, remoteKey *rsa.PublicKey) (*EncryptionAlgorithm, error)
Asymmetric returns the asymmetric encryption algorithm for the given security policy.
func Symmetric ¶
func Symmetric(uri string, localNonce, remoteNonce []byte) (*EncryptionAlgorithm, error)
Symmetric returns the symmetric encryption algorithm for the given security policy.
func (*EncryptionAlgorithm) BlockSize ¶
func (e *EncryptionAlgorithm) BlockSize() int
BlockSize returns the underlying encryption algorithm's blocksize. Used to calculate the padding required to make the cleartext an even multiple of the blocksize
func (*EncryptionAlgorithm) Decrypt ¶
func (e *EncryptionAlgorithm) Decrypt(ciphertext []byte) (cleartext []byte, err error)
Decrypt decrypts the input ciphertext based on the algorithms and keys passed in
func (*EncryptionAlgorithm) Encrypt ¶
func (e *EncryptionAlgorithm) Encrypt(cleartext []byte) (ciphertext []byte, err error)
Encrypt encrypts the input cleartext based on the algorithms and keys passed in
func (*EncryptionAlgorithm) EncryptionURI ¶
func (e *EncryptionAlgorithm) EncryptionURI() string
EncryptionURI returns the URI for the encryption algorithm as defined by the OPC-UA profiles in Part 7
func (*EncryptionAlgorithm) MakeNonce ¶ added in v0.1.13
func (e *EncryptionAlgorithm) MakeNonce() ([]byte, error)
func (*EncryptionAlgorithm) NonceLength ¶
func (e *EncryptionAlgorithm) NonceLength() int
NonceLength returns the recommended nonce length in bytes for the security policy Only applicable for the Asymmetric security algorithm. Symmetric algorithms should report NonceLength as zero
func (*EncryptionAlgorithm) PlaintextBlockSize ¶
func (e *EncryptionAlgorithm) PlaintextBlockSize() int
PlaintextBlockSize returns the size of the plaintext blocksize that can be fed into the encryption algorithm. Used to calculate the amount of padding to add to the unencrypted message
func (*EncryptionAlgorithm) RemoteSignatureLength ¶ added in v0.1.12
func (e *EncryptionAlgorithm) RemoteSignatureLength() int
RemoteSignatureLength returns the length in bytes for incoming signatures.
func (*EncryptionAlgorithm) Signature ¶
func (e *EncryptionAlgorithm) Signature(message []byte) (signature []byte, err error)
Signature returns the cryptographic signature of message
func (*EncryptionAlgorithm) SignatureLength ¶
func (e *EncryptionAlgorithm) SignatureLength() int
SignatureLength returns the length in bytes for outgoing signatures.
func (*EncryptionAlgorithm) SignatureURI ¶
func (e *EncryptionAlgorithm) SignatureURI() string
SignatureURI returns the URI for the signature algorithm as defined by the OPC-UA profiles in Part 7
func (*EncryptionAlgorithm) VerifySignature ¶
func (e *EncryptionAlgorithm) VerifySignature(message, signature []byte) error
VerifySignature validates that 'signature' is the correct cryptographic signature of 'message' or returns an error. A return value of nil means the signature is valid
Source Files ¶
- cert_utils.go
- crypto_aes.go
- crypto_hmac.go
- crypto_key.go
- crypto_none.go
- crypto_pkcs1v15.go
- crypto_rsaoaep.go
- crypto_rsapss.go
- policyAes128Sha256RsaOaep.go
- policyAes256Sha256RsaPss.go
- policyBasic128Rsa15.go
- policyBasic256.go
- policyBasic256Sha256.go
- policyNone.go
- policyPubSubAes128CTR.go
- policyPubSubAes256CTR.go
- securitypolicy.go