Encryption other than Authenticated Symmetric Encryption (AEAD) – OPC Unified Architecture

6.7.2.5.1 Encryption other than Authenticated Symmetric Encryption (AEAD)

When using encryption with algorithms other than AEAD, each MessageChunk has a footer with the fields defined in Table 61.

Table 61 – Message Footer with Encryption other than AEAD

Name	Data Type	Description
PaddingSize	Byte	The number of padding bytes (not including the byte for the PaddingSize).
Padding	OctetString	Padding added to the end of the Message to ensure length of the data to encrypt is an integer multiple of the encryption block size. The value of each byte of the padding is equal to PaddingSize.
ExtraPaddingSize	Byte	The most significant byte of a two-byte integer used to specify the padding size when the key used to encrypt the message chunk is larger than 2048 bits. This field is omitted if the key length is less than or equal to 2048 bits.
Signature	OctetString	The signature for the MessageChunk. The signature includes the headers, all Message data, the PaddingSize and the Padding. The signature is encoded as sequence of Bytes with a length specified by the SecurityPolicy.

The formula to calculate the amount of padding depends on the amount of data that is being sent (called BytesToWrite). The sender shall first calculate the maximum amount of space available in the MessageChunk (called MaxBodySize) using the following formula:

	MaxBodySize = PlainTextBlockSize * Floor ((MessageChunkSize 						– MessageHeaderSize 						- SecurityHeaderSize 						– SignatureSize - 1)/CipherTextBlockSize) – SequenceHeaderSize;

The MessageHeaderSize is 12 bytes and the SecurityHeader size depends on whether symmetric or asymmetric cryptography is used. The SequenceHeaderSize is always 8 bytes.

During encryption, a block with a size equal to PlainTextBlockSize is processed to produce a block with size equal to CipherTextBlockSize. These values depend on the encryption algorithm and may be the same.

The OPC UA Message can fit into a single chunk if BytesToWrite is less than or equal to the MaxBodySize. In this case the PaddingSize is calculated with this formula:

PaddingSize = PlainTextBlockSize –
	((BytesToWrite + SignatureSize + 1) % PlainTextBlockSize);

If the BytesToWrite is greater than MaxBodySize the sender shall write MaxBodySize bytes with a PaddingSize of 0. The remaining BytesToWrite – MaxBodySize bytes shall be sent in subsequent MessageChunks.