View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000360310000-007: ProfilesSpecpublic2016-11-15 17:062022-09-13 07:16
Reporterbrameret Assigned ToKarl Deiretsbacher  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Summary0003603: Under specified Security Policy Basic256Sha256
Description

The security policy Basic256Sha256 (URI: https://opcfoundation.org/UA/SecurityPolicy/#Basic256Sha256, or Part7 v1.03, table 11), is not completely specified :

1) AsymmetricEncryptionAlgorithm – Rsa_Oaep: the OAEP RSA scheme, as defined in RFC 3447 (PKCS#1 v2.1), can work with a large spectrum of hash methods. Recommended methods are SHA-1, SHA-256/384/512. Current implementation uses SHA-1 by default.
This choice impacts both the result of the encryptions and the sizes of the encrypted messages.
Possible fix: Rsa_Oaep_Sha256.

2) AsymmetricSignatureAlgorithm – Rsa_Sha256: when using RSA as a signing algorithm, it is possible to use two signing schemes (as of RFC 3447 PKCS#1 v2.1): PKCS#1 v1.5 or OAEP. Current implementation uses PKCS#1 v1.5 by default. RFC 3447 recommends OAEP.
Furthermore, "Sha256" in Rsa_Sha256 implies that SHA-256 should be used, but it is not clear how. In practice, it is the hash of the message that is signed, and not the message itself. RFC 3447 recommends using OAEP.
When using OAEP, another hash method must be specified. However, the OAEP hash method should be the same method that was used to hash the message to sign.
Possible fixes: "Sha256_RSA-PKCS1v1.5", "Sha256_RSA-OAEP_Sha256".

TagsNo tags attached.
Commit Version
Fix Due Date

Activities

randyarmstrong

2016-12-04 19:07

administrator   ~0007398

Older (prior to 4.6) .NET frameworks do not give any control over these options. To maximize IOP this profile needs to mandate SHA1 for the OAEP padding with encryption and PKCS#1 v1.5 padding with the signature.

The name of the profile cannot be changed at this time. So we should look at adding a new profile Basic256Sha256_PKCSv2.1 which would require full compliance with RFC3447 recommendations.

Karl Deiretsbacher

2016-12-30 08:57

developer   ~0007685

Dallas meeting:

Add following explanatory text:
“uses PKCS#1 v1.5 padding” to AsymmetricSignatureAlgorithm
“uses Sha1 for padding” to AsymmetricEncryptionAlgorithm

Karl Deiretsbacher

2017-02-08 13:13

developer   ~0007867

Fixed in OPC UA Part 7 - Profiles Release 1.04.02.docx

Jim Luth

2017-02-14 16:19

administrator   ~0007880

Agreed to text in telecon.

Issue History

Date Modified Username Field Change
2016-11-15 17:06 brameret New Issue
2016-11-22 17:00 Jim Luth Assigned To => randyarmstrong
2016-11-22 17:00 Jim Luth Status new => assigned
2016-11-22 17:00 Jim Luth Project UA Specification => 10000-007: Profiles
2016-11-29 17:04 Karl Deiretsbacher Target Version => 1.04
2016-12-04 19:07 randyarmstrong Note Added: 0007398
2016-12-04 19:09 randyarmstrong Assigned To randyarmstrong =>
2016-12-04 19:09 randyarmstrong Assigned To => Karl Deiretsbacher
2016-12-30 08:57 Karl Deiretsbacher Note Added: 0007685
2017-02-08 13:13 Karl Deiretsbacher Note Added: 0007867
2017-02-08 13:13 Karl Deiretsbacher Status assigned => resolved
2017-02-08 13:13 Karl Deiretsbacher Fixed in Version => 1.04
2017-02-08 13:13 Karl Deiretsbacher Resolution open => fixed
2017-02-14 16:19 Jim Luth Note Added: 0007880
2017-02-14 16:19 Jim Luth Status resolved => closed
2022-09-13 07:16 fieldsplum Tag Attached: PROFINET
2022-09-13 07:16 fieldsplum Tag Detached: PROFINET