forked from gopcua/opcua
/
policyPubSubAes256CTR.go
34 lines (27 loc) · 1.85 KB
/
policyPubSubAes256CTR.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
// Copyright 2018-2020 opcua authors. All rights reserved.
// Use of this source code is governed by a MIT-style license that can be
// found in the LICENSE file.
package uapolicy
/*
"SecurityPolicy - PubSub-Aes256-CTR" Profile
http://opcfoundation.org/UA/SecurityPolicy#PubSub-Aes256-CTR
Name Opt. Description From Profile
Security Encryption Required Encryption is required using the algorithms provided in the security algorithm suite.
Security Signing Required Signing is required using the algorithms provided in the security algorithm suite.
SymmetricSignatureAlgorithm_HMAC-SHA2-256 A keyed hash used for message authentication which is defined in https://tools.ietf.org/html/rfc2104.
The hash algorithm is SHA2 with 256 bits and described in https://tools.ietf.org/html/rfc4634
SymmetricEncryptionAlgorithm_AES256-CTR The AES encryption algorithm which is defined in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf.
Multiple blocks encrypted using the CTR mode described in http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf.
The counter block format is defined in https://tools.ietf.org/html/rfc3686.
The key size is 256 bits. The block size is 16 bytes. The input nonce length is 4 bytes.
The URI is http://opcfoundation.org/UA/security/aes256-ctr.
AsymmetricSignatureAlgorithm_None This algorithm does not apply.
AsymmetricEncryptionAlgorithm_None This algorithm does not apply.
KeyDerivationAlgorithm_P-SHA2-256 The P_SHA256 pseudo-random function defined in https://tools.ietf.org/html/rfc5246.
The URI is http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha256.
CertificateSignatureAlgorithm_None This algorithm does not apply.
PubSub-Aes256-CTR_Limits -> DerivedSignatureKeyLength: 256 bits
-> MinAsymmetricKeyLength: n/a
-> MaxAsymmetricKeyLength: n/a
-> SecureChannelNonceLength: n/a
*/