Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Key Wrap Algorithm in Secure Channel
March 4, 2014
15:39, EET
Avatar
Mel
Member
Members
Forum Posts: 9
Member Since:
March 4, 2014
sp_UserOfflineSmall Offline

Hi,

I have a general question about the Key Wrap Algorithm
and how this algorithm gets the secret for generating the symmetric key.

I read the specifications, but this point is not clear for me.
In part 6 on page 27, the security handshake of OPC UA is described.
If I capture a communication process between a client and a slave with wireshark (Security Mode: None),
then I can see the different exchanged messages. The handshake and the theoretical usage of the described algorithms is clear.
But how does OPC UA creates the symmetric key, when security is used. Which secret is used to generate the symmetric key with the key wrap algorithm P_SHA1? And also for signing the “Create Session Request/Response”: what is the Client/Server Signing Key? Where do I find hints in the message-structure?

Is there any quote in the spezifications where this part is explained?

Thank you very much,
Mel

March 4, 2014
16:10, EET
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

The symmetric keys are based on Nonce values passed in the OpenSecureChannel message.

See the spec Part 4. / 5.5.2

March 5, 2014
8:00, EET
Avatar
Mel
Member
Members
Forum Posts: 9
Member Since:
March 4, 2014
sp_UserOfflineSmall Offline

Thanks for the quick answer :-)

March 12, 2014
9:13, EET
Avatar
Mel
Member
Members
Forum Posts: 9
Member Since:
March 4, 2014
sp_UserOfflineSmall Offline

Hi,

I have another question to this topic. There is also the Key Derivation Algorithm used which belongs to the WS-Secure-Conversation Specification.
The Link in the OPC UA specification does not work.

For the computation of P_SHA1 the following formular is used:
P_SHA(secret, label + seed)

When I compare this formular with the formular used in TLS Specification (RFC2246):
P_SHA1 (secret, seed) = HMAC_SHA1(secret, A(1) + seed)+
HMAC_SHA1(secret, A(2) + seed)+ …
with A(): A(0)= seed and A(i)=HMAC_SHA1(secret, A(i-1))

I think label is similar with A(). What is seed? And where do I find seed in the OPC UA handshake. I understood that the secret is ClientNonce and ServerNonce.

Thanks,
Mel

March 12, 2014
14:27, EET
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

See 6.7.5 for the key derivation in OPC UA Secure Conversation. The nonces are used for the secret and seed (as explained in Table 36)

March 13, 2014
11:34, EET
Avatar
Mel
Member
Members
Forum Posts: 9
Member Since:
March 4, 2014
sp_UserOfflineSmall Offline

Thanks again :-)

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
11 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 749

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1529

Posts: 6471

Newest Members:

scvchad954, misty3446453365, KelsonzFu, Kelsonz, lienbelisario, erick34s63346, Kaitlyntvsl, lonaerskine7, KTP21ideft, Georgecotag

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0

Administrators: admin: 1