S2OPC OPCUA Toolkit
sopc_crypto_profiles.h
Go to the documentation of this file.
1 /*
2  * Licensed to Systerel under one or more contributor license
3  * agreements. See the NOTICE file distributed with this work
4  * for additional information regarding copyright ownership.
5  * Systerel licenses this file to you under the Apache
6  * License, Version 2.0 (the "License"); you may not use this
7  * file except in compliance with the License. You may obtain
8  * a copy of the License at
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing,
13  * software distributed under the License is distributed on an
14  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15  * KIND, either express or implied. See the License for the
16  * specific language governing permissions and limitations
17  * under the License.
18  */
19 
27 #ifndef SOPC_CRYPTO_PROFILES_H_
28 #define SOPC_CRYPTO_PROFILES_H_
29 
30 #include <stdint.h>
31 
32 #include "sopc_crypto_decl.h"
33 #include "sopc_enums.h"
34 #include "sopc_secret_buffer.h"
35 
36 // s2opc_common_export.h is generated by CMake, when not using CMake, copy and include
37 // "src/Common/helpers_platform_dep/<platform>/s2opc_common_export.h_"
38 #include "s2opc_common_export.h"
39 
40 // API
41 const SOPC_CryptoProfile* SOPC_CryptoProfile_Get(const char* uri);
42 const SOPC_CryptoProfile_PubSub* SOPC_CryptoProfile_PubSub_Get(const char* uri);
43 
44 // Client-server security policies
45 
46 // Crypto profiles uri and ID
47 #define SOPC_SecurityPolicy_Invalid_ID 0
48 #define SOPC_SecurityPolicy_Basic256Sha256_URI "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"
49 #define SOPC_SecurityPolicy_Basic256Sha256_ID 1
50 #define SOPC_SecurityPolicy_Basic256_URI "http://opcfoundation.org/UA/SecurityPolicy#Basic256"
51 #define SOPC_SecurityPolicy_Basic256_ID 2
52 #define SOPC_SecurityPolicy_None_URI "http://opcfoundation.org/UA/SecurityPolicy#None"
53 #define SOPC_SecurityPolicy_None_ID 3
54 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_URI "http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep"
55 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_ID 5
56 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_URI "http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss"
57 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_ID 6
58 
59 // Basic256Sha256, sizes in bytes
60 #define SOPC_SecurityPolicy_Basic256Sha256_SymmLen_Block 16
61 #define SOPC_SecurityPolicy_Basic256Sha256_SymmLen_CryptoKey 32
62 #define SOPC_SecurityPolicy_Basic256Sha256_SymmLen_SignKey 32
63 #define SOPC_SecurityPolicy_Basic256Sha256_SymmLen_Signature 32
64 #define SOPC_SecurityPolicy_Basic256Sha256_CertLen_Thumbprint 20
65 #define SOPC_SecurityPolicy_Basic256Sha256_AsymLen_OAEP_Hash 20 /*< RSA OAEP uses SHA-1 */
66 #define SOPC_SecurityPolicy_Basic256Sha256_AsymLen_KeyMinBits 2048
67 #define SOPC_SecurityPolicy_Basic256Sha256_AsymLen_KeyMaxBits 4096
68 #define SOPC_SecurityPolicy_Basic256Sha256_URI_SignAlgo "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
69 #define SOPC_SecurityPolicy_Basic256Sha256_SecureChannelNonceLength 32
70 
71 // Aes128-Sha256-RsaOaep, sizes in bytes
72 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_SymmLen_Block 16
73 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_SymmLen_CryptoKey 16
74 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_SymmLen_SignKey 32
75 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_SymmLen_Signature 32
76 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_CertLen_Thumbprint 20
77 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_AsymLen_OAEP_Hash 20 /*< RSA OAEP uses SHA-1 */
78 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_AsymLen_KeyMinBits 2048
79 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_AsymLen_KeyMaxBits 4096
80 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_URI_SignAlgo "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
81 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_SecureChannelNonceLength 32
82 
83 // Aes256-Sha256-RsaPss, sizes in bytes
84 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_SymmLen_Block 16
85 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_SymmLen_CryptoKey 32
86 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_SymmLen_SignKey 32
87 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_SymmLen_Signature 32
88 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_CertLen_Thumbprint 20
89 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_AsymLen_OAEP_Hash 32 /*< RSA OAEP uses SHA2-256 */
90 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_AsymLen_KeyMinBits 2048
91 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_AsymLen_KeyMaxBits 4096
92 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_URI_SignAlgo "http://opcfoundation.org/UA/security/rsa-pss-sha2-256"
93 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_SecureChannelNonceLength 32
94 
95 // Basic256, sizes in bytes
96 #define SOPC_SecurityPolicy_Basic256_SymmLen_Block 16
97 #define SOPC_SecurityPolicy_Basic256_SymmLen_CryptoKey 32
98 #define SOPC_SecurityPolicy_Basic256_SymmLen_SignKey 24
99 #define SOPC_SecurityPolicy_Basic256_SymmLen_Signature 20
100 #define SOPC_SecurityPolicy_Basic256_CertLen_Thumbprint 20
101 #define SOPC_SecurityPolicy_Basic256_AsymLen_OAEP_Hash 20 /*< RSA OAEP uses SHA-1 */
102 #define SOPC_SecurityPolicy_Basic256_AsymLen_KeyMinBits 1024
103 #define SOPC_SecurityPolicy_Basic256_AsymLen_KeyMaxBits 2048
104 #define SOPC_SecurityPolicy_Basic256_URI_SignAlgo "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
105 #define SOPC_SecurityPolicy_Basic256_SecureChannelNonceLength 32
106 
107 // CryptoProfiles instances
108 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile sopc_g_cpAes256Sha256RsaPss;
109 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile sopc_g_cpAes128Sha256RsaOaep;
110 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile sopc_g_cpBasic256Sha256;
111 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile sopc_g_cpBasic256;
112 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile sopc_g_cpNone;
113 
114 // PubSub security policies
115 
116 // Crypto profiles uri and ID, reuse None
117 #define SOPC_SecurityPolicy_PubSub_Aes256_URI "http://opcfoundation.org/UA/SecurityPolicy#PubSub-Aes256-CTR"
118 #define SOPC_SecurityPolicy_PubSub_Aes256_ID 4
119 
120 // Sizes in bytes
121 #define SOPC_SecurityPolicy_PubSub_Aes256_SymmLen_CryptoKey 32
122 #define SOPC_SecurityPolicy_PubSub_Aes256_SymmLen_SignKey 32
123 #define SOPC_SecurityPolicy_PubSub_Aes256_SymmLen_Signature 32
124 #define SOPC_SecurityPolicy_PubSub_Aes256_SymmLen_KeyNonce 4
125 #define SOPC_SecurityPolicy_PubSub_Aes256_SymmLen_MessageRandom 4
126 
127 // CryptoProfiles instances
128 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile_PubSub sopc_g_cppsPubSubAes256;
129 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile_PubSub sopc_g_cppsNone;
130 
131 /* ------------------------------------------------------------------------------------------------
132  * Internal CryptoProfile function pointers.
133  * ------------------------------------------------------------------------------------------------
134  */
135 typedef SOPC_ReturnStatus FnSymmetricEncrypt(const SOPC_CryptoProvider* pProvider,
136  const uint8_t* pInput,
137  uint32_t lenPlainText,
138  const SOPC_ExposedBuffer* pKey,
139  const SOPC_ExposedBuffer* pIV,
140  uint8_t* pOutput,
141  uint32_t lenOutput);
142 typedef SOPC_ReturnStatus FnSymmetricDecrypt(const SOPC_CryptoProvider* pProvider,
143  const uint8_t* pInput,
144  uint32_t lenCipherText,
145  const SOPC_ExposedBuffer* pKey,
146  const SOPC_ExposedBuffer* pIV,
147  uint8_t* pOutput,
148  uint32_t lenOutput);
149 typedef SOPC_ReturnStatus FnSymmetricSign(const SOPC_CryptoProvider* pProvider,
150  const uint8_t* pInput,
151  uint32_t lenInput,
152  const SOPC_ExposedBuffer* pKey,
153  uint8_t* pOutput);
154 typedef SOPC_ReturnStatus FnSymmetricVerify(const SOPC_CryptoProvider* pProvider,
155  const uint8_t* pInput,
156  uint32_t lenInput,
157  const SOPC_ExposedBuffer* pKey,
158  const uint8_t* pSignature);
159 typedef SOPC_ReturnStatus FnGenerateRandom(const SOPC_CryptoProvider* pProvider,
160  SOPC_ExposedBuffer* pData,
161  uint32_t lenData);
162 typedef SOPC_ReturnStatus FnDerivePseudoRandomData(const SOPC_CryptoProvider* pProvider,
163  const SOPC_ExposedBuffer* pSecret,
164  uint32_t lenSecret,
165  const SOPC_ExposedBuffer* pSeed,
166  uint32_t lenSeed,
167  SOPC_ExposedBuffer* pOutput,
168  uint32_t lenOutput);
169 typedef SOPC_ReturnStatus FnAsymmetricEncrypt(const SOPC_CryptoProvider* pProvider,
170  const uint8_t* pInput,
171  uint32_t lenPlainText,
172  const SOPC_AsymmetricKey* pKey,
173  uint8_t* pOutput);
174 typedef SOPC_ReturnStatus FnAsymmetricDecrypt(const SOPC_CryptoProvider* pProvider,
175  const uint8_t* pInput,
176  uint32_t lenCipherText,
177  const SOPC_AsymmetricKey* pKey,
178  uint8_t* pOutput,
179  uint32_t* lenWritten);
180 typedef SOPC_ReturnStatus FnAsymmetricSign(const SOPC_CryptoProvider* pProvider,
181  const uint8_t* pInput,
182  uint32_t lenInput,
183  const SOPC_AsymmetricKey* pKey,
184  uint8_t* pSignature);
185 typedef SOPC_ReturnStatus FnAsymmetricVerify(const SOPC_CryptoProvider* pProvider,
186  const uint8_t* pInput,
187  uint32_t lenInput,
188  const SOPC_AsymmetricKey* pKey,
189  const uint8_t* pSignature);
190 typedef SOPC_ReturnStatus FnCertificateVerify(const SOPC_CryptoProvider* pCrypto, const SOPC_CertificateList* pCert);
191 
192 typedef SOPC_ReturnStatus FnPubSubCrypt(const SOPC_CryptoProvider* pProvider,
193  const uint8_t* pInput,
194  uint32_t lenInput,
195  const SOPC_ExposedBuffer* pKey,
196  const SOPC_ExposedBuffer* pKeyNonce,
197  const SOPC_ExposedBuffer* pRandom,
198  uint32_t uSequenceNumber,
199  uint8_t* pOutput);
200 
201 /* ------------------------------------------------------------------------------------------------
202  * The CryptoProfile definitions
203  * ------------------------------------------------------------------------------------------------
204  */
205 
217 struct SOPC_CryptoProfile
218 {
219  const uint32_t SecurityPolicyID;
220  FnSymmetricEncrypt* const pFnSymmEncrypt;
221  FnSymmetricDecrypt* const pFnSymmDecrypt;
222  FnSymmetricSign* const pFnSymmSign;
223  FnSymmetricVerify* const pFnSymmVerif;
224  FnGenerateRandom* const pFnGenRnd;
225  FnDerivePseudoRandomData* const pFnDeriveData;
226  FnAsymmetricEncrypt* const pFnAsymEncrypt;
227  FnAsymmetricDecrypt* const pFnAsymDecrypt;
228  FnAsymmetricSign* const pFnAsymSign;
229  FnAsymmetricVerify* const pFnAsymVerify;
230  FnCertificateVerify* const pFnCertVerify;
231 };
232 
242 struct SOPC_CryptoProfile_PubSub
243 {
244  const uint32_t SecurityPolicyID;
245  FnPubSubCrypt* const pFnCrypt;
246  FnSymmetricSign* const pFnSymmSign;
247  FnSymmetricVerify* const pFnSymmVerif;
248  FnGenerateRandom* const pFnGenRnd;
249 };
250 
251 #endif /* SOPC_CRYPTO_PROFILES_H_ */
FnSymmetricVerify
SOPC_ReturnStatus FnSymmetricVerify(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenInput, const SOPC_ExposedBuffer *pKey, const uint8_t *pSignature)
Definition: sopc_crypto_profiles.h:154
S2OPC_COMMON_EXPORT
#define S2OPC_COMMON_EXPORT
Definition: s2opc_common_export.h:33
SOPC_CryptoProfile::pFnGenRnd
FnGenerateRandom *const pFnGenRnd
Definition: sopc_crypto_profiles.h:224
FnGenerateRandom
SOPC_ReturnStatus FnGenerateRandom(const SOPC_CryptoProvider *pProvider, SOPC_ExposedBuffer *pData, uint32_t lenData)
Definition: sopc_crypto_profiles.h:159
SOPC_CertificateList
The signed public key representation, or a chained list of such keys.
Definition: key_manager_lib.h:66
SOPC_CryptoProfile::pFnAsymEncrypt
FnAsymmetricEncrypt *const pFnAsymEncrypt
Definition: sopc_crypto_profiles.h:226
SOPC_CryptoProfile_PubSub::SecurityPolicyID
const uint32_t SecurityPolicyID
Definition: sopc_crypto_profiles.h:244
FnCertificateVerify
SOPC_ReturnStatus FnCertificateVerify(const SOPC_CryptoProvider *pCrypto, const SOPC_CertificateList *pCert)
Definition: sopc_crypto_profiles.h:190
SOPC_CryptoProfile_PubSub::pFnSymmSign
FnSymmetricSign *const pFnSymmSign
Definition: sopc_crypto_profiles.h:246
FnAsymmetricEncrypt
SOPC_ReturnStatus FnAsymmetricEncrypt(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenPlainText, const SOPC_AsymmetricKey *pKey, uint8_t *pOutput)
Definition: sopc_crypto_profiles.h:169
SOPC_CryptoProfile::pFnDeriveData
FnDerivePseudoRandomData *const pFnDeriveData
Definition: sopc_crypto_profiles.h:225
sopc_g_cpAes256Sha256RsaPss
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile sopc_g_cpAes256Sha256RsaPss
FnSymmetricDecrypt
SOPC_ReturnStatus FnSymmetricDecrypt(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenCipherText, const SOPC_ExposedBuffer *pKey, const SOPC_ExposedBuffer *pIV, uint8_t *pOutput, uint32_t lenOutput)
Definition: sopc_crypto_profiles.h:142
SOPC_CryptoProfile::pFnAsymVerify
FnAsymmetricVerify *const pFnAsymVerify
Definition: sopc_crypto_profiles.h:229
SOPC_CryptoProfile::pFnSymmEncrypt
FnSymmetricEncrypt *const pFnSymmEncrypt
Definition: sopc_crypto_profiles.h:220
sopc_crypto_decl.h
Defines the common declarations for the cryptographic objects.
sopc_g_cpAes128Sha256RsaOaep
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile sopc_g_cpAes128Sha256RsaOaep
s2opc_common_export.h
FnSymmetricEncrypt
SOPC_ReturnStatus FnSymmetricEncrypt(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenPlainText, const SOPC_ExposedBuffer *pKey, const SOPC_ExposedBuffer *pIV, uint8_t *pOutput, uint32_t lenOutput)
Definition: sopc_crypto_profiles.h:135
sopc_g_cppsNone
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile_PubSub sopc_g_cppsNone
sopc_enums.h
SOPC_CryptoProfile::pFnSymmDecrypt
FnSymmetricDecrypt *const pFnSymmDecrypt
Definition: sopc_crypto_profiles.h:221
SOPC_CryptoProfile::SecurityPolicyID
const uint32_t SecurityPolicyID
Definition: sopc_crypto_profiles.h:219
FnPubSubCrypt
SOPC_ReturnStatus FnPubSubCrypt(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenInput, const SOPC_ExposedBuffer *pKey, const SOPC_ExposedBuffer *pKeyNonce, const SOPC_ExposedBuffer *pRandom, uint32_t uSequenceNumber, uint8_t *pOutput)
Definition: sopc_crypto_profiles.h:192
SOPC_CryptoProvider
The SOPC_CryptoProvider context.
Definition: sopc_crypto_provider.h:47
SOPC_CryptoProfile_PubSub::pFnGenRnd
FnGenerateRandom *const pFnGenRnd
Definition: sopc_crypto_profiles.h:248
SOPC_CryptoProfile::pFnAsymDecrypt
FnAsymmetricDecrypt *const pFnAsymDecrypt
Definition: sopc_crypto_profiles.h:227
SOPC_CryptoProfile_PubSub::pFnCrypt
FnPubSubCrypt *const pFnCrypt
Definition: sopc_crypto_profiles.h:245
FnAsymmetricDecrypt
SOPC_ReturnStatus FnAsymmetricDecrypt(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenCipherText, const SOPC_AsymmetricKey *pKey, uint8_t *pOutput, uint32_t *lenWritten)
Definition: sopc_crypto_profiles.h:174
SOPC_CryptoProfile::pFnAsymSign
FnAsymmetricSign *const pFnAsymSign
Definition: sopc_crypto_profiles.h:228
sopc_g_cppsPubSubAes256
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile_PubSub sopc_g_cppsPubSubAes256
SOPC_CryptoProfile_PubSub_Get
const SOPC_CryptoProfile_PubSub * SOPC_CryptoProfile_PubSub_Get(const char *uri)
FnAsymmetricVerify
SOPC_ReturnStatus FnAsymmetricVerify(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenInput, const SOPC_AsymmetricKey *pKey, const uint8_t *pSignature)
Definition: sopc_crypto_profiles.h:185
sopc_g_cpNone
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile sopc_g_cpNone
FnSymmetricSign
SOPC_ReturnStatus FnSymmetricSign(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenInput, const SOPC_ExposedBuffer *pKey, uint8_t *pOutput)
Definition: sopc_crypto_profiles.h:149
SOPC_CryptoProfile_PubSub::pFnSymmVerif
FnSymmetricVerify *const pFnSymmVerif
Definition: sopc_crypto_profiles.h:247
SOPC_AsymmetricKey
The asymmetric key representation.
Definition: key_manager_lib.h:46
SOPC_CryptoProfile
SOPC_CryptoProfiles gather pointers to cryptographic functions of the security policies of OPC UA Ser...
Definition: sopc_crypto_profiles.h:218
SOPC_CryptoProfile_Get
const SOPC_CryptoProfile * SOPC_CryptoProfile_Get(const char *uri)
sopc_g_cpBasic256Sha256
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile sopc_g_cpBasic256Sha256
SOPC_CryptoProfile_PubSub
SOPC_CryptoProfiles_PubSub gather pointers to cryptographic functions of the security policies of OPC...
Definition: sopc_crypto_profiles.h:243
SOPC_CryptoProfile::pFnCertVerify
FnCertificateVerify *const pFnCertVerify
Definition: sopc_crypto_profiles.h:230
SOPC_ExposedBuffer
uint8_t SOPC_ExposedBuffer
Definition: sopc_secret_buffer.h:36
FnDerivePseudoRandomData
SOPC_ReturnStatus FnDerivePseudoRandomData(const SOPC_CryptoProvider *pProvider, const SOPC_ExposedBuffer *pSecret, uint32_t lenSecret, const SOPC_ExposedBuffer *pSeed, uint32_t lenSeed, SOPC_ExposedBuffer *pOutput, uint32_t lenOutput)
Definition: sopc_crypto_profiles.h:162
sopc_g_cpBasic256
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile sopc_g_cpBasic256
FnAsymmetricSign
SOPC_ReturnStatus FnAsymmetricSign(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenInput, const SOPC_AsymmetricKey *pKey, uint8_t *pSignature)
Definition: sopc_crypto_profiles.h:180
SOPC_CryptoProfile::pFnSymmVerif
FnSymmetricVerify *const pFnSymmVerif
Definition: sopc_crypto_profiles.h:223
sopc_secret_buffer.h
SecretBuffer (mangled key) and ExposedBuffer (contiguous deciphered buffered) APIs.
SOPC_CryptoProfile::pFnSymmSign
FnSymmetricSign *const pFnSymmSign
Definition: sopc_crypto_profiles.h:222
SOPC_ReturnStatus
SOPC_ReturnStatus
Definition: libs2opc_client.h:61
Generated on Thu Mar 23 2023 19:04:05 for S2OPC OPCUA Toolkit by   doxygen 1.8.18