Key Wrap Algorithm in Secure Channel | OPC UAProsys Forum | Prosys OPC & OPC UA related discussion

Please consider registering
guest

Forum

OPC UA

Key Wrap Algorithm in Secure Channel

Topic RSS

Key Wrap Algorithm in Secure Channel

March 4, 2014
15:39, EET

Mel

Member

Members

Forum Posts: 9

Member Since:
March 4, 2014

Offline

Hi,

I have a general question about the Key Wrap Algorithm
and how this algorithm gets the secret for generating the symmetric key.

I read the specifications, but this point is not clear for me.
In part 6 on page 27, the security handshake of OPC UA is described.
If I capture a communication process between a client and a slave with wireshark (Security Mode: None),
then I can see the different exchanged messages. The handshake and the theoretical usage of the described algorithms is clear.
But how does OPC UA creates the symmetric key, when security is used. Which secret is used to generate the symmetric key with the key wrap algorithm P_SHA1? And also for signing the “Create Session Request/Response”: what is the Client/Server Signing Key? Where do I find hints in the message-structure?

Is there any quote in the spezifications where this part is explained?

Thank you very much,
Mel

March 4, 2014
16:10, EET

Jouni Aro

Moderator

Moderators

Forum Posts: 1010

Member Since:
December 21, 2011

Offline

The symmetric keys are based on Nonce values passed in the OpenSecureChannel message.

See the spec Part 4. / 5.5.2

March 5, 2014
8:00, EET

Mel

Member

Members

Forum Posts: 9

Member Since:
March 4, 2014

Offline

Thanks for the quick answer :-)

March 12, 2014
9:13, EET

Mel

Member

Members

Forum Posts: 9

Member Since:
March 4, 2014

Offline

Hi,

I have another question to this topic. There is also the Key Derivation Algorithm used which belongs to the WS-Secure-Conversation Specification.
The Link in the OPC UA specification does not work.

For the computation of P_SHA1 the following formular is used:
P_SHA(secret, label + seed)

When I compare this formular with the formular used in TLS Specification (RFC2246):
P_SHA1 (secret, seed) = HMAC_SHA1(secret, A(1) + seed)+
HMAC_SHA1(secret, A(2) + seed)+ …
with A(): A(0)= seed and A(i)=HMAC_SHA1(secret, A(i-1))

I think label is similar with A(). What is seed? And where do I find seed in the OPC UA handshake. I understood that the secret is ClientNonce and ServerNonce.

Thanks,
Mel

March 12, 2014
14:27, EET

Jouni Aro

Moderator

Moderators

Forum Posts: 1010

Member Since:
December 21, 2011

Offline

See 6.7.5 for the key derivation in OPC UA Secure Conversation. The nonces are used for the secret and seed (as explained in Table 36)

March 13, 2014
11:34, EET

Mel

Member

Members

Forum Posts: 9

Member Since:
March 4, 2014

Offline

Thanks again :-)

All RSS

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 518

Currently Online:
16 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 135

pramanj: 86

Francesco Zambon: 81

rocket science: 77

Ibrahim: 76

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

fred: 41

Member Stats:

Guest Posters: 0

Members: 681

Moderators: 16

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1467

Posts: 6261

Newest Members:

graciela2073, sagarchau, elviralangwell4, Donnavek, Eddiefauth, DonaldPooma, fidelduke938316, Jan-Pfizer, DavidROunc, fen.pang@woodside.com

Moderators: Jouni Aro: 1010, Otso Palonen: 32, Tuomas Hiltunen: 5, Pyry: 1, Petri: 0, Bjarne Boström: 983, Heikki Tahvanainen: 402, Jukka Asikainen: 1, moldzh08: 0, Jimmy Ni: 26, Teppo Uimonen: 21, Markus Johansson: 42, Niklas Nurminen: 0, Matti Siponen: 321, Lusetti: 0, Ari-Pekka Soikkeli: 5

Administrators: admin: 1