Botan 3.0.0-alpha0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Member Functions | List of all members
Botan::TLS::Signature_Scheme Class Reference

#include <tls_signature_scheme.h>

Public Types

enum  Code : uint16_t {
  NONE = 0x0000 , RSA_PKCS1_SHA1 = 0x0201 , RSA_PKCS1_SHA256 = 0x0401 , RSA_PKCS1_SHA384 = 0x0501 ,
  RSA_PKCS1_SHA512 = 0x0601 , ECDSA_SHA1 = 0x0203 , ECDSA_SHA256 = 0x0403 , ECDSA_SHA384 = 0x0503 ,
  ECDSA_SHA512 = 0x0603 , RSA_PSS_SHA256 = 0x0804 , RSA_PSS_SHA384 = 0x0805 , RSA_PSS_SHA512 = 0x0806 ,
  EDDSA_25519 = 0x0807 , EDDSA_448 = 0x0808 , DSA_SHA1 = 0x0202 , DSA_SHA256 = 0x0402 ,
  DSA_SHA384 = 0x0502 , DSA_SHA512 = 0x0602
}
 

Public Member Functions

AlgorithmIdentifier algorithm_identifier () const noexcept
 
std::string algorithm_name () const noexcept
 
std::optional< Signature_Formatformat () const noexcept
 
std::string hash_function_name () const noexcept
 
bool is_available () const noexcept
 
bool is_compatible_with (const Protocol_Version &protocol_version) const noexcept
 
bool is_set () const noexcept
 
bool is_suitable_for (const Private_Key &private_key) const noexcept
 
bool operator!= (const Signature_Scheme &rhs) const
 
bool operator== (const Signature_Scheme &rhs) const
 
std::string padding_string () const noexcept
 
 Signature_Scheme ()
 
 Signature_Scheme (Signature_Scheme::Code wire_code)
 
 Signature_Scheme (uint16_t wire_code)
 
std::string to_string () const noexcept
 
Signature_Scheme::Code wire_code () const noexcept
 

Static Public Member Functions

static const std::vector< Signature_Scheme > & all_available_schemes ()
 

Detailed Description

Definition at line 23 of file tls_signature_scheme.h.

Member Enumeration Documentation

◆ Code

Matches with wire encoding

Note that this is intentionally left as a bare enum. It emulates the Botan 2 API where Signature_Scheme was an enum class with associated free-standing functions. Leaving it as a bare enum resembles the legacy user-facing API.

Enumerator
NONE 
RSA_PKCS1_SHA1 
RSA_PKCS1_SHA256 
RSA_PKCS1_SHA384 
RSA_PKCS1_SHA512 
ECDSA_SHA1 
ECDSA_SHA256 
ECDSA_SHA384 
ECDSA_SHA512 
RSA_PSS_SHA256 
RSA_PSS_SHA384 
RSA_PSS_SHA512 
EDDSA_25519 
EDDSA_448 
DSA_SHA1 
DSA_SHA256 
DSA_SHA384 
DSA_SHA512 

Definition at line 33 of file tls_signature_scheme.h.

33 : uint16_t {
34 NONE = 0x0000,
35
36 RSA_PKCS1_SHA1 = 0x0201, // not implemented
37 RSA_PKCS1_SHA256 = 0x0401,
38 RSA_PKCS1_SHA384 = 0x0501,
39 RSA_PKCS1_SHA512 = 0x0601,
40
41 ECDSA_SHA1 = 0x0203, // not implemented
42 ECDSA_SHA256 = 0x0403,
43 ECDSA_SHA384 = 0x0503,
44 ECDSA_SHA512 = 0x0603,
45
46 RSA_PSS_SHA256 = 0x0804,
47 RSA_PSS_SHA384 = 0x0805,
48 RSA_PSS_SHA512 = 0x0806,
49
50 EDDSA_25519 = 0x0807,
51 EDDSA_448 = 0x0808, // not implemented
52
53 // not implemented
54 DSA_SHA1 = 0x0202,
55 DSA_SHA256 = 0x0402,
56 DSA_SHA384 = 0x0502,
57 DSA_SHA512 = 0x0602
58};

Constructor & Destructor Documentation

◆ Signature_Scheme() [1/3]

Botan::TLS::Signature_Scheme::Signature_Scheme ( )

Construct an uninitialized / invalid scheme

Definition at line 49 of file tls_signature_scheme.cpp.

50 : m_code(NONE)
51 {}

References Botan::NONE.

◆ Signature_Scheme() [2/3]

Botan::TLS::Signature_Scheme::Signature_Scheme ( uint16_t  wire_code)

◆ Signature_Scheme() [3/3]

Botan::TLS::Signature_Scheme::Signature_Scheme ( Signature_Scheme::Code  wire_code)

Definition at line 57 of file tls_signature_scheme.cpp.

58 : m_code(wire_code)
59 {}

Member Function Documentation

◆ algorithm_identifier()

AlgorithmIdentifier Botan::TLS::Signature_Scheme::algorithm_identifier ( ) const
noexcept

Definition at line 230 of file tls_signature_scheme.cpp.

231 {
232 switch(m_code)
233 {
234 // case ECDSA_SHA1: not defined
235 case ECDSA_SHA256:
236 return { "ECDSA", Botan::EC_Group("secp256r1").DER_encode(Botan::EC_Group_Encoding::NamedCurve) };
237 case ECDSA_SHA384:
238 return { "ECDSA", Botan::EC_Group("secp384r1").DER_encode(Botan::EC_Group_Encoding::NamedCurve) };
239 case ECDSA_SHA512:
240 return { "ECDSA", Botan::EC_Group("secp521r1").DER_encode(Botan::EC_Group_Encoding::NamedCurve) };
241
242 case EDDSA_25519:
243 return { "Ed25519", AlgorithmIdentifier::USE_EMPTY_PARAM };
244
245 case RSA_PKCS1_SHA1:
246 case RSA_PKCS1_SHA256:
247 case RSA_PKCS1_SHA384:
248 case RSA_PKCS1_SHA512:
249 case RSA_PSS_SHA256:
250 case RSA_PSS_SHA384:
251 case RSA_PSS_SHA512:
252 return { "RSA", AlgorithmIdentifier::USE_NULL_PARAM };
253
254 default:
255 return AlgorithmIdentifier();
256 }
257 }
std::vector< uint8_t > DER_encode(EC_Group_Encoding form) const
Definition: ec_group.cpp:717

References Botan::EC_Group::DER_encode(), ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, Botan::NamedCurve, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, Botan::AlgorithmIdentifier::USE_EMPTY_PARAM, and Botan::AlgorithmIdentifier::USE_NULL_PARAM.

◆ algorithm_name()

std::string Botan::TLS::Signature_Scheme::algorithm_name ( ) const
noexcept

Definition at line 194 of file tls_signature_scheme.cpp.

195 {
196 switch(m_code)
197 {
198 case RSA_PKCS1_SHA1:
199 case RSA_PKCS1_SHA256:
200 case RSA_PKCS1_SHA384:
201 case RSA_PKCS1_SHA512:
202 case RSA_PSS_SHA256:
203 case RSA_PSS_SHA384:
204 case RSA_PSS_SHA512:
205 return "RSA";
206
207 case ECDSA_SHA1:
208 case ECDSA_SHA256:
209 case ECDSA_SHA384:
210 case ECDSA_SHA512:
211 return "ECDSA";
212
213 case EDDSA_25519:
214 return "Ed25519";
215
216 case EDDSA_448:
217 return "Ed448";
218
219 case DSA_SHA1:
220 case DSA_SHA256:
221 case DSA_SHA384:
222 case DSA_SHA512:
223 return "DSA";
224
225 default:
226 return "Unknown algorithm";
227 }
228 }

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Handshake_State::parse_sig_format().

◆ all_available_schemes()

const std::vector< Signature_Scheme > & Botan::TLS::Signature_Scheme::all_available_schemes ( )
static
Returns
all available signature schemes

Definition at line 17 of file tls_signature_scheme.cpp.

18 {
19 /*
20 * This is ordered in some approximate order of preference
21 */
22 static const std::vector<Signature_Scheme> all_schemes = {
23
24// EdDSA 25519 is currently not supported as a signature scheme for certificates
25// certificate authentication.
26// See: https://github.com/randombit/botan/pull/2958#discussion_r851294715
27//
28// #if defined(BOTAN_HAS_ED25519)
29// EDDSA_25519,
30// #endif
31
35
39
43 };
44
45 return all_schemes;
46 }

References ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Policy::allowed_signature_schemes(), and is_available().

◆ format()

std::optional< Signature_Format > Botan::TLS::Signature_Scheme::format ( ) const
noexcept

Definition at line 259 of file tls_signature_scheme.cpp.

260 {
261 switch(m_code)
262 {
263 case RSA_PKCS1_SHA1:
264 case RSA_PKCS1_SHA256:
265 case RSA_PKCS1_SHA384:
266 case RSA_PKCS1_SHA512:
267 case RSA_PSS_SHA256:
268 case RSA_PSS_SHA384:
269 case RSA_PSS_SHA512:
270 return IEEE_1363;
271
272 case ECDSA_SHA1:
273 case ECDSA_SHA256:
274 case ECDSA_SHA384:
275 case ECDSA_SHA512:
276 case EDDSA_25519:
277 case EDDSA_448:
278 case DSA_SHA1:
279 case DSA_SHA256:
280 case DSA_SHA384:
281 case DSA_SHA512:
282 return DER_SEQUENCE;
283
284 default:
285 return std::nullopt;
286 }
287 }
@ DER_SEQUENCE
Definition: pk_keys.h:23
@ IEEE_1363
Definition: pk_keys.h:23

References Botan::DER_SEQUENCE, DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, Botan::IEEE_1363, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Handshake_State::choose_sig_format(), and Botan::TLS::Handshake_State::parse_sig_format().

◆ hash_function_name()

std::string Botan::TLS::Signature_Scheme::hash_function_name ( ) const
noexcept

Definition at line 119 of file tls_signature_scheme.cpp.

120 {
121 switch(m_code)
122 {
123 case RSA_PKCS1_SHA1:
124 case ECDSA_SHA1:
125 case DSA_SHA1:
126 return "SHA-1";
127
128 case ECDSA_SHA256:
129 case RSA_PKCS1_SHA256:
130 case RSA_PSS_SHA256:
131 case DSA_SHA256:
132 return "SHA-256";
133
134 case ECDSA_SHA384:
135 case RSA_PKCS1_SHA384:
136 case RSA_PSS_SHA384:
137 case DSA_SHA384:
138 return "SHA-384";
139
140 case ECDSA_SHA512:
141 case RSA_PKCS1_SHA512:
142 case RSA_PSS_SHA512:
143 case DSA_SHA512:
144 return "SHA-512";
145
146 case EDDSA_25519:
147 case EDDSA_448:
148 return "Pure";
149
150 default:
151 return "Unknown hash function";
152 }
153 }

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Handshake_State::choose_sig_format(), and Botan::TLS::Handshake_State::parse_sig_format().

◆ is_available()

bool Botan::TLS::Signature_Scheme::is_available ( ) const
noexcept
Returns
true if support for this scheme is implemented in this Botan build

Definition at line 61 of file tls_signature_scheme.cpp.

62 {
64 }
static const std::vector< Signature_Scheme > & all_available_schemes()
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:89

References all_available_schemes(), and Botan::value_exists().

Referenced by Botan::TLS::Handshake_State::parse_sig_format().

◆ is_compatible_with()

bool Botan::TLS::Signature_Scheme::is_compatible_with ( const Protocol_Version protocol_version) const
noexcept

Definition at line 289 of file tls_signature_scheme.cpp.

290 {
291 // RFC 8446 4.4.3:
292 // The SHA-1 algorithm MUST NOT be used in any signatures of
293 // CertificateVerify messages.
294 //
295 // Note that Botan enforces that for TLS 1.2 as well.
296 if(hash_function_name() == "SHA-1")
297 return false;
298
299 // RFC 8446 4.4.3:
300 // RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether
301 // RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms".
302 //
303 // Note that this is enforced for TLS 1.3 and above only.
304 if(!protocol_version.is_pre_tls_13() &&
305 (m_code == RSA_PKCS1_SHA1 ||
306 m_code == RSA_PKCS1_SHA256 ||
307 m_code == RSA_PKCS1_SHA384 ||
308 m_code == RSA_PKCS1_SHA512))
309 return false;
310
311 return true;
312 }
std::string hash_function_name() const noexcept

Referenced by Botan::TLS::Handshake_State::parse_sig_format().

◆ is_set()

bool Botan::TLS::Signature_Scheme::is_set ( ) const
noexcept
Returns
true if the wire_code is set to any value other than NONE

Definition at line 66 of file tls_signature_scheme.cpp.

67 {
68 return m_code != NONE;
69 }

References NONE.

Referenced by Botan::TLS::Certificate_Verify::Certificate_Verify(), and Botan::TLS::Certificate_Verify::serialize().

◆ is_suitable_for()

bool Botan::TLS::Signature_Scheme::is_suitable_for ( const Private_Key private_key) const
noexcept

Definition at line 314 of file tls_signature_scheme.cpp.

315 {
316 if(algorithm_name() != private_key.algo_name())
317 return false;
318
319 // The ECDSA private key length must match the utilized hash output length.
320 const auto keylen = private_key.key_length();
321 if(keylen <= 250)
322 return false;
323
324 if(m_code == ECDSA_SHA256 && !(keylen >= 250 && keylen <= 350)) // lgtm [cpp/constant-comparison]
325 return false; // `keylen >= 250` will always be true, because keylen <= 250
326 // was checked before. Leaving it in for readability.
327 if(m_code == ECDSA_SHA384 && !(keylen >= 350 && keylen <= 450))
328 return false;
329
330 if(m_code == ECDSA_SHA512 && !(keylen >= 450 && keylen <= 550))
331 return false;
332
333 return true;
334 }
std::string algorithm_name() const noexcept

◆ operator!=()

bool Botan::TLS::Signature_Scheme::operator!= ( const Signature_Scheme rhs) const
inline

Definition at line 98 of file tls_signature_scheme.h.

98{ return !(*this == rhs); }

◆ operator==()

bool Botan::TLS::Signature_Scheme::operator== ( const Signature_Scheme rhs) const
inline

Definition at line 97 of file tls_signature_scheme.h.

97{ return m_code == rhs.m_code; }

◆ padding_string()

std::string Botan::TLS::Signature_Scheme::padding_string ( ) const
noexcept

Definition at line 155 of file tls_signature_scheme.cpp.

156 {
157 switch(m_code)
158 {
159 case RSA_PKCS1_SHA1:
160 return "EMSA_PKCS1(SHA-1)";
161 case RSA_PKCS1_SHA256:
162 return "EMSA_PKCS1(SHA-256)";
163 case RSA_PKCS1_SHA384:
164 return "EMSA_PKCS1(SHA-384)";
165 case RSA_PKCS1_SHA512:
166 return "EMSA_PKCS1(SHA-512)";
167
168 case ECDSA_SHA1:
169 return "EMSA1(SHA-1)";
170 case ECDSA_SHA256:
171 return "EMSA1(SHA-256)";
172 case ECDSA_SHA384:
173 return "EMSA1(SHA-384)";
174 case ECDSA_SHA512:
175 return "EMSA1(SHA-512)";
176
177 case RSA_PSS_SHA256:
178 return "PSSR(SHA-256,MGF1,32)";
179 case RSA_PSS_SHA384:
180 return "PSSR(SHA-384,MGF1,48)";
181 case RSA_PSS_SHA512:
182 return "PSSR(SHA-512,MGF1,64)";
183
184 case EDDSA_25519:
185 return "Pure";
186 case EDDSA_448:
187 return "Pure";
188
189 default:
190 return "Unknown padding";
191 }
192 }

References ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Handshake_State::choose_sig_format(), and Botan::TLS::Handshake_State::parse_sig_format().

◆ to_string()

std::string Botan::TLS::Signature_Scheme::to_string ( ) const
noexcept

Definition at line 71 of file tls_signature_scheme.cpp.

72 {
73 switch(m_code)
74 {
75 case RSA_PKCS1_SHA1:
76 return "RSA_PKCS1_SHA1";
78 return "RSA_PKCS1_SHA256";
80 return "RSA_PKCS1_SHA384";
82 return "RSA_PKCS1_SHA512";
83
84 case ECDSA_SHA1:
85 return "ECDSA_SHA1";
86 case ECDSA_SHA256:
87 return "ECDSA_SHA256";
88 case ECDSA_SHA384:
89 return "ECDSA_SHA384";
90 case ECDSA_SHA512:
91 return "ECDSA_SHA512";
92
93 case RSA_PSS_SHA256:
94 return "RSA_PSS_SHA256";
95 case RSA_PSS_SHA384:
96 return "RSA_PSS_SHA384";
97 case RSA_PSS_SHA512:
98 return "RSA_PSS_SHA512";
99
100 case EDDSA_25519:
101 return "EDDSA_25519";
102 case EDDSA_448:
103 return "EDDSA_448";
104
105 case DSA_SHA1:
106 return "DSA_SHA1";
107 case DSA_SHA256:
108 return "DSA_SHA256";
109 case DSA_SHA384:
110 return "DSA_SHA384";
111 case DSA_SHA512:
112 return "DSA_SHA512";
113
114 default:
115 return "Unknown signature scheme: " + std::to_string(m_code);
116 }
117 }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:209

References DSA_SHA1, DSA_SHA256, DSA_SHA384, DSA_SHA512, ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, and Botan::ASN1::to_string().

◆ wire_code()

Signature_Scheme::Code Botan::TLS::Signature_Scheme::wire_code ( ) const
inlinenoexcept

Definition at line 75 of file tls_signature_scheme.h.

75{ return m_code; }

Referenced by Botan::TLS::Certificate_Verify::serialize().


The documentation for this class was generated from the following files: