crypto: Properly select encryption algo from security policies

locka99 / opcua

A client and server implementation of the OPC UA specification written in Rust

Mozilla Public License 2.0

496 stars 131 forks source link

crypto: Properly select encryption algo from security policies #112

Closed laumann closed 3 years ago

laumann commented 3 years ago

When calling the ActivateSession Service, the service should accept UserIdentityToken. For the UserNameIdentityToken, we need to provide a password and it can be the case that the password needs to be encrypted even though the SecureChannel's SecurityPolicy is set to None.

This commit adjusts the selection of the EncryptionAlgorithm as outlined in Table 187 Opc Part 4. In general, we should prefer the UserTokenIdentity.SecurityPolicy, expect for when it's not specified.

See locka99/opcua#58

laumann commented 3 years ago

@locka99 This is one part of the fix (for #58). The implementation is based on Table 187 Opc Part 4:

locka99 commented 3 years ago

Thanks I'll take it !