uapolicy

package
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 16, 2024 License: MIT Imports: 14 Imported by: 0

Documentation

Overview

Package uapolicy implements the encryption, decryption, signing, and signature verifying algorithms for Security Policy profiles as defined in Part 7 of the OPC-UA specifications (version 1.04)

Index

Constants

View Source
const (
	AESBlockSize  = aes.BlockSize
	AESMinPadding = 0
)
View Source
const (
	NoneBlockSize  = 1
	NoneMinPadding = 0
)
View Source
const (
	RSAOAEPMinPaddingSHA1   = (2 * 20) + 2
	RSAOAEPMinPaddingSHA256 = (2 * 64) + 2
)

messageLen = (keyLenBits / 8) - 2*(hashLenBits / 8) - 2 paddingLen = keyLen - messageLen

= 2*hashLenBytes + 2
View Source
const PKCS1v15MinPadding = 11

Variables

This section is empty.

Functions

func PublicKey

func PublicKey(c []byte) (*rsa.PublicKey, error)

PublicKey returns the RSA PublicKey from a DER-encoded certificate

func SupportedPolicies

func SupportedPolicies() []string

SupportedPolicies returns all supported Security Policies (and therefore, valid inputs to Asymmetric(...) and Symmetric(...))

func Thumbprint

func Thumbprint(c []byte) []byte

Thumbprint returns the thumbprint of a DER-encoded certificate

Types

type AES

type AES struct {
	KeyLength int
	IV        []byte
	Secret    []byte
}

func (*AES) Decrypt

func (a *AES) Decrypt(src []byte) ([]byte, error)

func (*AES) Encrypt

func (a *AES) Encrypt(src []byte) ([]byte, error)

type EncryptionAlgorithm

type EncryptionAlgorithm struct {
	// contains filtered or unexported fields
}

EncryptionAlgorithm wraps the functions used to return the various methods required to implement the symmetric and asymmetric algorithms Function variables were used instead of an interface to make better use of policies which implement the same algorithms in different combinations

EncryptionAlgorithm should always be instantiated through calls to SecurityPolicy.Symmetric() and SecurityPolicy.Asymmetric() to ensure correct behavior.

The zero value of this struct will use SecurityPolicy#None although using in this manner is discouraged for readability

func Asymmetric

func Asymmetric(uri string, localKey *rsa.PrivateKey, remoteKey *rsa.PublicKey) (*EncryptionAlgorithm, error)

Asymmetric returns the asymmetric encryption algorithm for the given security policy.

func Symmetric

func Symmetric(uri string, localNonce, remoteNonce []byte) (*EncryptionAlgorithm, error)

Symmetric returns the symmetric encryption algorithm for the given security policy.

func (*EncryptionAlgorithm) BlockSize

func (e *EncryptionAlgorithm) BlockSize() int

BlockSize returns the underlying encryption algorithm's blocksize. Used to calculate the padding required to make the cleartext an even multiple of the blocksize

func (*EncryptionAlgorithm) Decrypt

func (e *EncryptionAlgorithm) Decrypt(ciphertext []byte) (cleartext []byte, err error)

Decrypt decrypts the input ciphertext based on the algorithms and keys passed in

func (*EncryptionAlgorithm) Encrypt

func (e *EncryptionAlgorithm) Encrypt(cleartext []byte) (ciphertext []byte, err error)

Encrypt encrypts the input cleartext based on the algorithms and keys passed in

func (*EncryptionAlgorithm) EncryptionURI

func (e *EncryptionAlgorithm) EncryptionURI() string

EncryptionURI returns the URI for the encryption algorithm as defined by the OPC-UA profiles in Part 7

func (*EncryptionAlgorithm) MakeNonce

func (e *EncryptionAlgorithm) MakeNonce() ([]byte, error)

func (*EncryptionAlgorithm) NonceLength

func (e *EncryptionAlgorithm) NonceLength() int

NonceLength returns the recommended nonce length in bytes for the security policy Only applicable for the Asymmetric security algorithm. Symmetric algorithms should report NonceLength as zero

func (*EncryptionAlgorithm) PlaintextBlockSize

func (e *EncryptionAlgorithm) PlaintextBlockSize() int

PlaintextBlockSize returns the size of the plaintext blocksize that can be fed into the encryption algorithm. Used to calculate the amount of padding to add to the unencrypted message

func (*EncryptionAlgorithm) RemoteSignatureLength

func (e *EncryptionAlgorithm) RemoteSignatureLength() int

RemoteSignatureLength returns the length in bytes for incoming signatures.

func (*EncryptionAlgorithm) Signature

func (e *EncryptionAlgorithm) Signature(message []byte) (signature []byte, err error)

Signature returns the cryptographic signature of message

func (*EncryptionAlgorithm) SignatureLength

func (e *EncryptionAlgorithm) SignatureLength() int

SignatureLength returns the length in bytes for outgoing signatures.

func (*EncryptionAlgorithm) SignatureURI

func (e *EncryptionAlgorithm) SignatureURI() string

SignatureURI returns the URI for the signature algorithm as defined by the OPC-UA profiles in Part 7

func (*EncryptionAlgorithm) VerifySignature

func (e *EncryptionAlgorithm) VerifySignature(message, signature []byte) error

VerifySignature validates that 'signature' is the correct cryptographic signature of 'message' or returns an error. A return value of nil means the signature is valid

type HMAC

type HMAC struct {
	Hash   crypto.Hash
	Secret []byte
}

func (*HMAC) Signature

func (s *HMAC) Signature(msg []byte) ([]byte, error)

func (*HMAC) Verify

func (s *HMAC) Verify(msg, signature []byte) error

type None

type None struct{}

func (*None) Decrypt

func (c *None) Decrypt(src []byte) ([]byte, error)

func (*None) Encrypt

func (c *None) Encrypt(src []byte) ([]byte, error)

func (*None) Signature

func (s *None) Signature(msg []byte) ([]byte, error)

func (*None) Verify

func (s *None) Verify(msg, signature []byte) error

type PKCS1v15

type PKCS1v15 struct {
	Hash       crypto.Hash
	PublicKey  *rsa.PublicKey
	PrivateKey *rsa.PrivateKey
}

func (*PKCS1v15) Decrypt

func (c *PKCS1v15) Decrypt(src []byte) ([]byte, error)

func (*PKCS1v15) Encrypt

func (c *PKCS1v15) Encrypt(src []byte) ([]byte, error)

func (*PKCS1v15) Signature

func (s *PKCS1v15) Signature(msg []byte) ([]byte, error)

func (*PKCS1v15) Verify

func (s *PKCS1v15) Verify(msg, signature []byte) error

type RSAOAEP

type RSAOAEP struct {
	Hash       crypto.Hash
	PublicKey  *rsa.PublicKey
	PrivateKey *rsa.PrivateKey
}

func (*RSAOAEP) Decrypt

func (a *RSAOAEP) Decrypt(src []byte) ([]byte, error)

func (*RSAOAEP) Encrypt

func (a *RSAOAEP) Encrypt(src []byte) ([]byte, error)

type RSAPSS

type RSAPSS struct {
	Hash       crypto.Hash
	PublicKey  *rsa.PublicKey
	PrivateKey *rsa.PrivateKey
}

func (*RSAPSS) Signature

func (s *RSAPSS) Signature(msg []byte) ([]byte, error)

func (*RSAPSS) Verify

func (s *RSAPSS) Verify(msg, signature []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL