S2OPC OPCUA Toolkit
sopc_crypto_profiles.h
Go to the documentation of this file.
1 /*
2  * Licensed to Systerel under one or more contributor license
3  * agreements. See the NOTICE file distributed with this work
4  * for additional information regarding copyright ownership.
5  * Systerel licenses this file to you under the Apache
6  * License, Version 2.0 (the "License"); you may not use this
7  * file except in compliance with the License. You may obtain
8  * a copy of the License at
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing,
13  * software distributed under the License is distributed on an
14  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15  * KIND, either express or implied. See the License for the
16  * specific language governing permissions and limitations
17  * under the License.
18  */
19 
27 #ifndef SOPC_CRYPTO_PROFILES_H_
28 #define SOPC_CRYPTO_PROFILES_H_
29 
30 #include <stdbool.h>
31 #include <stdint.h>
32 
33 #include "sopc_crypto_decl.h"
34 #include "sopc_enums.h"
35 #include "sopc_secret_buffer.h"
36 
37 // s2opc_common_export.h is generated by CMake, when not using CMake, copy and include
38 // "src/Common/helpers_platform_dep/<platform>/s2opc_common_export.h_"
39 #include "s2opc_common_export.h"
40 
41 // Client-server security policies
42 
43 // Crypto profiles uri and ID
44 typedef enum SOPC_SecurityPolicy_ID
45 {
46  SOPC_SecurityPolicy_Invalid_ID = 0,
47  SOPC_SecurityPolicy_Basic256Sha256_ID = 1,
48  SOPC_SecurityPolicy_Basic256_ID = 2,
49  SOPC_SecurityPolicy_None_ID = 3,
50  SOPC_SecurityPolicy_PubSub_Aes256_ID = 4,
51  SOPC_SecurityPolicy_Aes128Sha256RsaOaep_ID = 5,
52  SOPC_SecurityPolicy_Aes256Sha256RsaPss_ID = 6,
53  SOPC_SecurityPolicy_Last_ID
54 } SOPC_SecurityPolicy_ID;
55 
56 #define SOPC_SecurityPolicy_Basic256Sha256_URI "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"
57 #define SOPC_SecurityPolicy_Basic256_URI "http://opcfoundation.org/UA/SecurityPolicy#Basic256"
58 #define SOPC_SecurityPolicy_None_URI "http://opcfoundation.org/UA/SecurityPolicy#None"
59 #define SOPC_SecurityPolicy_PubSub_Aes256_URI "http://opcfoundation.org/UA/SecurityPolicy#PubSub-Aes256-CTR"
60 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_URI "http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep"
61 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_URI "http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss"
62 
63 #define SOPC_SecurityPolicy_Basic256Sha256_URI_SignAlgo "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
64 #define SOPC_SecurityPolicy_Aes128Sha256RsaOaep_URI_SignAlgo "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
65 #define SOPC_SecurityPolicy_Aes256Sha256RsaPss_URI_SignAlgo "http://opcfoundation.org/UA/security/rsa-pss-sha2-256"
66 #define SOPC_SecurityPolicy_Basic256_URI_SignAlgo "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
67 
68 typedef struct SOPC_SecurityPolicy_Config
69 {
70  const char* uri;
71  const bool isInvalid;
72  const char* name;
73  const SOPC_CryptoProfile* profile;
74  const SOPC_CryptoProfile_PubSub* psProfile;
75  uint8_t secuPolicyWeight;
76  uint32_t symmLen_CryptoKey;
77  uint32_t symmLen_SignKey;
78  uint32_t symmLen_Signature;
79  uint32_t symmLen_Block;
80  uint32_t symmLen_KeyNonce;
81  uint32_t symmLen_MessageRandom;
82  uint32_t asymLen_OAEP_Hash;
83  uint32_t asymLen_KeyMinBits;
84  uint32_t asymLen_KeyMaxBits;
85  uint32_t secureChannelNonceLength;
86  uint32_t certLen_Thumbprint;
87  const char* URI_SignAlgo;
88 } SOPC_SecurityPolicy_Config;
89 
93 const SOPC_SecurityPolicy_Config* SOPC_SecurityPolicy_Config_Get(SOPC_SecurityPolicy_ID policyId);
94 
95 // CryptoProfiles instances (Client/Server)
96 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile sopc_g_cpAes256Sha256RsaPss;
97 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile sopc_g_cpAes128Sha256RsaOaep;
98 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile sopc_g_cpBasic256Sha256;
99 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile sopc_g_cpBasic256;
100 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile sopc_g_cpNone;
101 
102 // CryptoProfiles instances (PubSub)
103 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile_PubSub sopc_g_cppsPubSubAes256;
104 S2OPC_COMMON_EXPORT extern const SOPC_CryptoProfile_PubSub sopc_g_cppsNone;
105 
106 // API
107 const SOPC_SecurityPolicy_Config* SOPC_CryptoProfile_Get(const char* uri);
108 const SOPC_CryptoProfile_PubSub* SOPC_CryptoProfile_PubSub_Get(const char* uri);
109 
110 /* ------------------------------------------------------------------------------------------------
111  * Internal CryptoProfile function pointers.
112  * ------------------------------------------------------------------------------------------------
113  */
114 typedef SOPC_ReturnStatus FnSymmetricEncrypt(const SOPC_CryptoProvider* pProvider,
115  const uint8_t* pInput,
116  uint32_t lenPlainText,
117  const SOPC_ExposedBuffer* pKey,
118  const SOPC_ExposedBuffer* pIV,
119  uint8_t* pOutput,
120  uint32_t lenOutput);
121 typedef SOPC_ReturnStatus FnSymmetricDecrypt(const SOPC_CryptoProvider* pProvider,
122  const uint8_t* pInput,
123  uint32_t lenCipherText,
124  const SOPC_ExposedBuffer* pKey,
125  const SOPC_ExposedBuffer* pIV,
126  uint8_t* pOutput,
127  uint32_t lenOutput);
128 typedef SOPC_ReturnStatus FnSymmetricSign(const SOPC_CryptoProvider* pProvider,
129  const uint8_t* pInput,
130  uint32_t lenInput,
131  const SOPC_ExposedBuffer* pKey,
132  uint8_t* pOutput);
133 typedef SOPC_ReturnStatus FnSymmetricVerify(const SOPC_CryptoProvider* pProvider,
134  const uint8_t* pInput,
135  uint32_t lenInput,
136  const SOPC_ExposedBuffer* pKey,
137  const uint8_t* pSignature);
138 typedef SOPC_ReturnStatus FnGenerateRandom(const SOPC_CryptoProvider* pProvider,
139  SOPC_ExposedBuffer* pData,
140  uint32_t lenData);
141 typedef SOPC_ReturnStatus FnDerivePseudoRandomData(const SOPC_CryptoProvider* pProvider,
142  const SOPC_ExposedBuffer* pSecret,
143  uint32_t lenSecret,
144  const SOPC_ExposedBuffer* pSeed,
145  uint32_t lenSeed,
146  SOPC_ExposedBuffer* pOutput,
147  uint32_t lenOutput);
148 typedef SOPC_ReturnStatus FnAsymmetricEncrypt(const SOPC_CryptoProvider* pProvider,
149  const uint8_t* pInput,
150  uint32_t lenPlainText,
151  const SOPC_AsymmetricKey* pKey,
152  uint8_t* pOutput);
153 typedef SOPC_ReturnStatus FnAsymmetricDecrypt(const SOPC_CryptoProvider* pProvider,
154  const uint8_t* pInput,
155  uint32_t lenCipherText,
156  const SOPC_AsymmetricKey* pKey,
157  uint8_t* pOutput,
158  uint32_t* lenWritten);
159 typedef SOPC_ReturnStatus FnAsymmetricSign(const SOPC_CryptoProvider* pProvider,
160  const uint8_t* pInput,
161  uint32_t lenInput,
162  const SOPC_AsymmetricKey* pKey,
163  uint8_t* pSignature);
164 typedef SOPC_ReturnStatus FnAsymmetricVerify(const SOPC_CryptoProvider* pProvider,
165  const uint8_t* pInput,
166  uint32_t lenInput,
167  const SOPC_AsymmetricKey* pKey,
168  const uint8_t* pSignature);
169 
170 typedef SOPC_ReturnStatus FnPubSubCrypt(const SOPC_CryptoProvider* pProvider,
171  const uint8_t* pInput,
172  uint32_t lenInput,
173  const SOPC_ExposedBuffer* pKey,
174  const SOPC_ExposedBuffer* pKeyNonce,
175  const SOPC_ExposedBuffer* pRandom,
176  uint32_t uSequenceNumber,
177  uint8_t* pOutput);
178 
179 /* ------------------------------------------------------------------------------------------------
180  * The CryptoProfile definitions
181  * ------------------------------------------------------------------------------------------------
182  */
183 
195 struct SOPC_CryptoProfile
196 {
197  const SOPC_SecurityPolicy_ID SecurityPolicyID;
198  FnSymmetricEncrypt* const pFnSymmEncrypt;
199  FnSymmetricDecrypt* const pFnSymmDecrypt;
200  FnSymmetricSign* const pFnSymmSign;
201  FnSymmetricVerify* const pFnSymmVerif;
202  FnGenerateRandom* const pFnGenRnd;
203  FnDerivePseudoRandomData* const pFnDeriveData;
204  FnAsymmetricEncrypt* const pFnAsymEncrypt;
205  FnAsymmetricDecrypt* const pFnAsymDecrypt;
206  FnAsymmetricSign* const pFnAsymSign;
207  FnAsymmetricVerify* const pFnAsymVerify;
208 };
209 
219 struct SOPC_CryptoProfile_PubSub
220 {
221  const uint32_t SecurityPolicyID;
222  FnPubSubCrypt* const pFnCrypt;
223  FnSymmetricSign* const pFnSymmSign;
224  FnSymmetricVerify* const pFnSymmVerif;
225  FnGenerateRandom* const pFnGenRnd;
226 };
227 
228 #endif /* SOPC_CRYPTO_PROFILES_H_ */
SOPC_SecurityPolicy_Config::symmLen_MessageRandom
uint32_t symmLen_MessageRandom
Definition: sopc_crypto_profiles.h:81
FnSymmetricVerify
SOPC_ReturnStatus FnSymmetricVerify(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenInput, const SOPC_ExposedBuffer *pKey, const uint8_t *pSignature)
Definition: sopc_crypto_profiles.h:133
SOPC_SecurityPolicy_Config
Definition: sopc_crypto_profiles.h:69
S2OPC_COMMON_EXPORT
#define S2OPC_COMMON_EXPORT
Definition: s2opc_common_export.h:33
SOPC_CryptoProfile::pFnGenRnd
FnGenerateRandom *const pFnGenRnd
Definition: sopc_crypto_profiles.h:202
SOPC_SecurityPolicy_Config::symmLen_Signature
uint32_t symmLen_Signature
Definition: sopc_crypto_profiles.h:78
SOPC_SecurityPolicy_Last_ID
@ SOPC_SecurityPolicy_Last_ID
Definition: sopc_crypto_profiles.h:53
FnGenerateRandom
SOPC_ReturnStatus FnGenerateRandom(const SOPC_CryptoProvider *pProvider, SOPC_ExposedBuffer *pData, uint32_t lenData)
Definition: sopc_crypto_profiles.h:138
SOPC_SecurityPolicy_Config_Get
const SOPC_SecurityPolicy_Config * SOPC_SecurityPolicy_Config_Get(SOPC_SecurityPolicy_ID policyId)
SOPC_CryptoProfile::pFnAsymEncrypt
FnAsymmetricEncrypt *const pFnAsymEncrypt
Definition: sopc_crypto_profiles.h:204
SOPC_SecurityPolicy_Config::psProfile
const SOPC_CryptoProfile_PubSub * psProfile
Definition: sopc_crypto_profiles.h:74
SOPC_SecurityPolicy_Aes256Sha256RsaPss_ID
@ SOPC_SecurityPolicy_Aes256Sha256RsaPss_ID
Definition: sopc_crypto_profiles.h:52
SOPC_CryptoProfile_PubSub::SecurityPolicyID
const uint32_t SecurityPolicyID
Definition: sopc_crypto_profiles.h:221
SOPC_SecurityPolicy_Config
struct SOPC_SecurityPolicy_Config SOPC_SecurityPolicy_Config
SOPC_SecurityPolicy_Config::certLen_Thumbprint
uint32_t certLen_Thumbprint
Definition: sopc_crypto_profiles.h:86
SOPC_SecurityPolicy_None_ID
@ SOPC_SecurityPolicy_None_ID
Definition: sopc_crypto_profiles.h:49
SOPC_SecurityPolicy_Basic256_ID
@ SOPC_SecurityPolicy_Basic256_ID
Definition: sopc_crypto_profiles.h:48
SOPC_CryptoProfile_PubSub::pFnSymmSign
FnSymmetricSign *const pFnSymmSign
Definition: sopc_crypto_profiles.h:223
FnAsymmetricEncrypt
SOPC_ReturnStatus FnAsymmetricEncrypt(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenPlainText, const SOPC_AsymmetricKey *pKey, uint8_t *pOutput)
Definition: sopc_crypto_profiles.h:148
SOPC_CryptoProfile::pFnDeriveData
FnDerivePseudoRandomData *const pFnDeriveData
Definition: sopc_crypto_profiles.h:203
sopc_g_cpAes256Sha256RsaPss
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile sopc_g_cpAes256Sha256RsaPss
FnSymmetricDecrypt
SOPC_ReturnStatus FnSymmetricDecrypt(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenCipherText, const SOPC_ExposedBuffer *pKey, const SOPC_ExposedBuffer *pIV, uint8_t *pOutput, uint32_t lenOutput)
Definition: sopc_crypto_profiles.h:121
SOPC_CryptoProfile::pFnAsymVerify
FnAsymmetricVerify *const pFnAsymVerify
Definition: sopc_crypto_profiles.h:207
SOPC_CryptoProfile::pFnSymmEncrypt
FnSymmetricEncrypt *const pFnSymmEncrypt
Definition: sopc_crypto_profiles.h:198
sopc_crypto_decl.h
Defines the common declarations for the cryptographic objects.
sopc_g_cpAes128Sha256RsaOaep
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile sopc_g_cpAes128Sha256RsaOaep
SOPC_SecurityPolicy_Config::asymLen_KeyMinBits
uint32_t asymLen_KeyMinBits
Definition: sopc_crypto_profiles.h:83
s2opc_common_export.h
SOPC_SecurityPolicy_Config::name
const char * name
Definition: sopc_crypto_profiles.h:72
FnSymmetricEncrypt
SOPC_ReturnStatus FnSymmetricEncrypt(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenPlainText, const SOPC_ExposedBuffer *pKey, const SOPC_ExposedBuffer *pIV, uint8_t *pOutput, uint32_t lenOutput)
Definition: sopc_crypto_profiles.h:114
sopc_g_cppsNone
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile_PubSub sopc_g_cppsNone
sopc_enums.h
SOPC_CryptoProfile::pFnSymmDecrypt
FnSymmetricDecrypt *const pFnSymmDecrypt
Definition: sopc_crypto_profiles.h:199
FnPubSubCrypt
SOPC_ReturnStatus FnPubSubCrypt(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenInput, const SOPC_ExposedBuffer *pKey, const SOPC_ExposedBuffer *pKeyNonce, const SOPC_ExposedBuffer *pRandom, uint32_t uSequenceNumber, uint8_t *pOutput)
Definition: sopc_crypto_profiles.h:170
SOPC_CryptoProvider
The SOPC_CryptoProvider context.
Definition: sopc_crypto_provider.h:47
SOPC_CryptoProfile_PubSub::pFnGenRnd
FnGenerateRandom *const pFnGenRnd
Definition: sopc_crypto_profiles.h:225
SOPC_CryptoProfile::pFnAsymDecrypt
FnAsymmetricDecrypt *const pFnAsymDecrypt
Definition: sopc_crypto_profiles.h:205
SOPC_CryptoProfile_PubSub::pFnCrypt
FnPubSubCrypt *const pFnCrypt
Definition: sopc_crypto_profiles.h:222
SOPC_SecurityPolicy_Invalid_ID
@ SOPC_SecurityPolicy_Invalid_ID
Definition: sopc_crypto_profiles.h:46
SOPC_SecurityPolicy_Config::secuPolicyWeight
uint8_t secuPolicyWeight
Definition: sopc_crypto_profiles.h:75
FnAsymmetricDecrypt
SOPC_ReturnStatus FnAsymmetricDecrypt(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenCipherText, const SOPC_AsymmetricKey *pKey, uint8_t *pOutput, uint32_t *lenWritten)
Definition: sopc_crypto_profiles.h:153
SOPC_CryptoProfile::pFnAsymSign
FnAsymmetricSign *const pFnAsymSign
Definition: sopc_crypto_profiles.h:206
SOPC_CryptoProfile_Get
const SOPC_SecurityPolicy_Config * SOPC_CryptoProfile_Get(const char *uri)
sopc_g_cppsPubSubAes256
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile_PubSub sopc_g_cppsPubSubAes256
SOPC_SecurityPolicy_Config::symmLen_KeyNonce
uint32_t symmLen_KeyNonce
Definition: sopc_crypto_profiles.h:80
SOPC_CryptoProfile_PubSub_Get
const SOPC_CryptoProfile_PubSub * SOPC_CryptoProfile_PubSub_Get(const char *uri)
SOPC_SecurityPolicy_PubSub_Aes256_ID
@ SOPC_SecurityPolicy_PubSub_Aes256_ID
Definition: sopc_crypto_profiles.h:50
FnAsymmetricVerify
SOPC_ReturnStatus FnAsymmetricVerify(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenInput, const SOPC_AsymmetricKey *pKey, const uint8_t *pSignature)
Definition: sopc_crypto_profiles.h:164
sopc_g_cpNone
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile sopc_g_cpNone
FnSymmetricSign
SOPC_ReturnStatus FnSymmetricSign(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenInput, const SOPC_ExposedBuffer *pKey, uint8_t *pOutput)
Definition: sopc_crypto_profiles.h:128
SOPC_SecurityPolicy_Config::asymLen_KeyMaxBits
uint32_t asymLen_KeyMaxBits
Definition: sopc_crypto_profiles.h:84
SOPC_CryptoProfile_PubSub::pFnSymmVerif
FnSymmetricVerify *const pFnSymmVerif
Definition: sopc_crypto_profiles.h:224
SOPC_SecurityPolicy_Config::profile
const SOPC_CryptoProfile * profile
Definition: sopc_crypto_profiles.h:73
SOPC_AsymmetricKey
The asymmetric key representation.
Definition: key_manager_lib.h:47
SOPC_CryptoProfile
SOPC_CryptoProfiles gather pointers to cryptographic functions of the security policies of OPC UA Ser...
Definition: sopc_crypto_profiles.h:196
sopc_g_cpBasic256Sha256
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile sopc_g_cpBasic256Sha256
SOPC_SecurityPolicy_Basic256Sha256_ID
@ SOPC_SecurityPolicy_Basic256Sha256_ID
Definition: sopc_crypto_profiles.h:47
SOPC_CryptoProfile_PubSub
SOPC_CryptoProfiles_PubSub gather pointers to cryptographic functions of the security policies of OPC...
Definition: sopc_crypto_profiles.h:220
SOPC_SecurityPolicy_Config::symmLen_Block
uint32_t symmLen_Block
Definition: sopc_crypto_profiles.h:79
SOPC_ExposedBuffer
uint8_t SOPC_ExposedBuffer
Definition: sopc_secret_buffer.h:36
FnDerivePseudoRandomData
SOPC_ReturnStatus FnDerivePseudoRandomData(const SOPC_CryptoProvider *pProvider, const SOPC_ExposedBuffer *pSecret, uint32_t lenSecret, const SOPC_ExposedBuffer *pSeed, uint32_t lenSeed, SOPC_ExposedBuffer *pOutput, uint32_t lenOutput)
Definition: sopc_crypto_profiles.h:141
SOPC_SecurityPolicy_Config::symmLen_SignKey
uint32_t symmLen_SignKey
Definition: sopc_crypto_profiles.h:77
sopc_g_cpBasic256
S2OPC_COMMON_EXPORT const SOPC_CryptoProfile sopc_g_cpBasic256
SOPC_SecurityPolicy_Aes128Sha256RsaOaep_ID
@ SOPC_SecurityPolicy_Aes128Sha256RsaOaep_ID
Definition: sopc_crypto_profiles.h:51
FnAsymmetricSign
SOPC_ReturnStatus FnAsymmetricSign(const SOPC_CryptoProvider *pProvider, const uint8_t *pInput, uint32_t lenInput, const SOPC_AsymmetricKey *pKey, uint8_t *pSignature)
Definition: sopc_crypto_profiles.h:159
SOPC_CryptoProfile::pFnSymmVerif
FnSymmetricVerify *const pFnSymmVerif
Definition: sopc_crypto_profiles.h:201
SOPC_SecurityPolicy_Config::secureChannelNonceLength
uint32_t secureChannelNonceLength
Definition: sopc_crypto_profiles.h:85
sopc_secret_buffer.h
SecretBuffer (mangled key) and ExposedBuffer (contiguous deciphered buffered) APIs.
SOPC_SecurityPolicy_Config::symmLen_CryptoKey
uint32_t symmLen_CryptoKey
Definition: sopc_crypto_profiles.h:76
SOPC_SecurityPolicy_ID
SOPC_SecurityPolicy_ID
Definition: sopc_crypto_profiles.h:45
SOPC_SecurityPolicy_Config::isInvalid
const bool isInvalid
Definition: sopc_crypto_profiles.h:71
SOPC_CryptoProfile::pFnSymmSign
FnSymmetricSign *const pFnSymmSign
Definition: sopc_crypto_profiles.h:200
SOPC_SecurityPolicy_Config::URI_SignAlgo
const char * URI_SignAlgo
Definition: sopc_crypto_profiles.h:87
SOPC_SecurityPolicy_Config::uri
const char * uri
Definition: sopc_crypto_profiles.h:70
SOPC_SecurityPolicy_Config::asymLen_OAEP_Hash
uint32_t asymLen_OAEP_Hash
Definition: sopc_crypto_profiles.h:82
SOPC_ReturnStatus
SOPC_ReturnStatus
Definition: libs2opc_client.h:64
SOPC_CryptoProfile::SecurityPolicyID
const SOPC_SecurityPolicy_ID SecurityPolicyID
Definition: sopc_crypto_profiles.h:197
Generated on Fri Sep 29 2023 17:02:15 for S2OPC OPCUA Toolkit by   doxygen 1.8.18