Botan 3.3.0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Member Functions | List of all members
Botan::TLS::Signature_Scheme Class Reference

#include <tls_signature_scheme.h>

Public Types

enum  Code : uint16_t {
  NONE = 0x0000 , RSA_PKCS1_SHA1 = 0x0201 , RSA_PKCS1_SHA256 = 0x0401 , RSA_PKCS1_SHA384 = 0x0501 ,
  RSA_PKCS1_SHA512 = 0x0601 , ECDSA_SHA1 = 0x0203 , ECDSA_SHA256 = 0x0403 , ECDSA_SHA384 = 0x0503 ,
  ECDSA_SHA512 = 0x0603 , RSA_PSS_SHA256 = 0x0804 , RSA_PSS_SHA384 = 0x0805 , RSA_PSS_SHA512 = 0x0806 ,
  EDDSA_25519 = 0x0807 , EDDSA_448 = 0x0808
}
 

Public Member Functions

AlgorithmIdentifier algorithm_identifier () const noexcept
 
std::string algorithm_name () const noexcept
 
std::optional< Signature_Formatformat () const noexcept
 
std::string hash_function_name () const noexcept
 
bool is_available () const noexcept
 
bool is_compatible_with (const Protocol_Version &protocol_version) const noexcept
 
bool is_set () const noexcept
 
bool is_suitable_for (const Private_Key &private_key) const noexcept
 
AlgorithmIdentifier key_algorithm_identifier () const noexcept
 
bool operator!= (const Signature_Scheme &rhs) const
 
bool operator== (const Signature_Scheme &rhs) const
 
std::string padding_string () const noexcept
 
 Signature_Scheme ()
 
 Signature_Scheme (Signature_Scheme::Code wire_code)
 
 Signature_Scheme (uint16_t wire_code)
 
std::string to_string () const noexcept
 
Signature_Scheme::Code wire_code () const noexcept
 

Static Public Member Functions

static const std::vector< Signature_Scheme > & all_available_schemes ()
 

Detailed Description

Definition at line 23 of file tls_signature_scheme.h.

Member Enumeration Documentation

◆ Code

Matches with wire encoding

Note that this is intentionally left as a bare enum. It emulates the Botan 2 API where Signature_Scheme was an enum class with associated free-standing functions. Leaving it as a bare enum resembles the legacy user-facing API.

Enumerator
NONE 
RSA_PKCS1_SHA1 
RSA_PKCS1_SHA256 
RSA_PKCS1_SHA384 
RSA_PKCS1_SHA512 
ECDSA_SHA1 
ECDSA_SHA256 
ECDSA_SHA384 
ECDSA_SHA512 
RSA_PSS_SHA256 
RSA_PSS_SHA384 
RSA_PSS_SHA512 
EDDSA_25519 
EDDSA_448 

Definition at line 32 of file tls_signature_scheme.h.

32 : uint16_t {
33 NONE = 0x0000,
34
35 RSA_PKCS1_SHA1 = 0x0201, // not implemented
36 RSA_PKCS1_SHA256 = 0x0401,
37 RSA_PKCS1_SHA384 = 0x0501,
38 RSA_PKCS1_SHA512 = 0x0601,
39
40 ECDSA_SHA1 = 0x0203, // not implemented
41 ECDSA_SHA256 = 0x0403,
42 ECDSA_SHA384 = 0x0503,
43 ECDSA_SHA512 = 0x0603,
44
45 RSA_PSS_SHA256 = 0x0804,
46 RSA_PSS_SHA384 = 0x0805,
47 RSA_PSS_SHA512 = 0x0806,
48
49 EDDSA_25519 = 0x0807,
50 EDDSA_448 = 0x0808, // not implemented
51 };

Constructor & Destructor Documentation

◆ Signature_Scheme() [1/3]

Botan::TLS::Signature_Scheme::Signature_Scheme ( )

Construct an uninitialized / invalid scheme

Definition at line 51 of file tls_signature_scheme.cpp.

51: m_code(NONE) {}

◆ Signature_Scheme() [2/3]

Botan::TLS::Signature_Scheme::Signature_Scheme ( uint16_t wire_code)

◆ Signature_Scheme() [3/3]

Botan::TLS::Signature_Scheme::Signature_Scheme ( Signature_Scheme::Code wire_code)

Definition at line 55 of file tls_signature_scheme.cpp.

55: m_code(wire_code) {}

Member Function Documentation

◆ algorithm_identifier()

AlgorithmIdentifier Botan::TLS::Signature_Scheme::algorithm_identifier ( ) const
noexcept

Definition at line 224 of file tls_signature_scheme.cpp.

224 {
225 switch(m_code) {
226 case RSA_PKCS1_SHA1:
227 return AlgorithmIdentifier(OID::from_string("RSA/EMSA3(SHA-1)"), AlgorithmIdentifier::USE_NULL_PARAM);
228 case RSA_PKCS1_SHA256:
229 return AlgorithmIdentifier(OID::from_string("RSA/EMSA3(SHA-256)"), AlgorithmIdentifier::USE_NULL_PARAM);
230 case RSA_PKCS1_SHA384:
231 return AlgorithmIdentifier(OID::from_string("RSA/EMSA3(SHA-384)"), AlgorithmIdentifier::USE_NULL_PARAM);
232 case RSA_PKCS1_SHA512:
233 return AlgorithmIdentifier(OID::from_string("RSA/EMSA3(SHA-512)"), AlgorithmIdentifier::USE_NULL_PARAM);
234
235 case ECDSA_SHA1:
236 return AlgorithmIdentifier(OID::from_string("ECDSA/SHA-1"), AlgorithmIdentifier::USE_EMPTY_PARAM);
237 case ECDSA_SHA256:
238 return AlgorithmIdentifier(OID::from_string("ECDSA/SHA-256"), AlgorithmIdentifier::USE_EMPTY_PARAM);
239 case ECDSA_SHA384:
240 return AlgorithmIdentifier(OID::from_string("ECDSA/SHA-384"), AlgorithmIdentifier::USE_EMPTY_PARAM);
241 case ECDSA_SHA512:
242 return AlgorithmIdentifier(OID::from_string("ECDSA/SHA-512"), AlgorithmIdentifier::USE_EMPTY_PARAM);
243
244 case RSA_PSS_SHA256:
245 return AlgorithmIdentifier(OID::from_string("RSA/EMSA4"), PSS_Params("SHA-256", 32).serialize());
246 case RSA_PSS_SHA384:
247 return AlgorithmIdentifier(OID::from_string("RSA/EMSA4"), PSS_Params("SHA-384", 48).serialize());
248 case RSA_PSS_SHA512:
249 return AlgorithmIdentifier(OID::from_string("RSA/EMSA4"), PSS_Params("SHA-512", 64).serialize());
250
251 default:
252 // Note that Ed25519 and Ed448 end up here
253 return AlgorithmIdentifier();
254 }
255}
static OID from_string(std::string_view str)
Definition asn1_oid.cpp:74

References ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, Botan::OID::from_string(), RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, Botan::AlgorithmIdentifier::USE_EMPTY_PARAM, and Botan::AlgorithmIdentifier::USE_NULL_PARAM.

◆ algorithm_name()

std::string Botan::TLS::Signature_Scheme::algorithm_name ( ) const
noexcept

Definition at line 169 of file tls_signature_scheme.cpp.

169 {
170 switch(m_code) {
171 case RSA_PKCS1_SHA1:
172 case RSA_PKCS1_SHA256:
173 case RSA_PKCS1_SHA384:
174 case RSA_PKCS1_SHA512:
175 case RSA_PSS_SHA256:
176 case RSA_PSS_SHA384:
177 case RSA_PSS_SHA512:
178 return "RSA";
179
180 case ECDSA_SHA1:
181 case ECDSA_SHA256:
182 case ECDSA_SHA384:
183 case ECDSA_SHA512:
184 return "ECDSA";
185
186 case EDDSA_25519:
187 return "Ed25519";
188
189 case EDDSA_448:
190 return "Ed448";
191
192 default:
193 return "Unknown algorithm";
194 }
195}

References ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Handshake_State::parse_sig_format().

◆ all_available_schemes()

const std::vector< Signature_Scheme > & Botan::TLS::Signature_Scheme::all_available_schemes ( )
static
Returns
all available signature schemes

Definition at line 21 of file tls_signature_scheme.cpp.

21 {
22 /*
23 * This is ordered in some approximate order of preference
24 */
25 static const std::vector<Signature_Scheme> all_schemes = {
26
27 // EdDSA 25519 is currently not supported as a signature scheme for certificates
28 // certificate authentication.
29 // See: https://github.com/randombit/botan/pull/2958#discussion_r851294715
30 //
31 // #if defined(BOTAN_HAS_ED25519)
32 // EDDSA_25519,
33 // #endif
34
38
42
46 };
47
48 return all_schemes;
49}

References ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Policy::allowed_signature_schemes(), and is_available().

◆ format()

std::optional< Signature_Format > Botan::TLS::Signature_Scheme::format ( ) const
noexcept

◆ hash_function_name()

std::string Botan::TLS::Signature_Scheme::hash_function_name ( ) const
noexcept

Definition at line 102 of file tls_signature_scheme.cpp.

102 {
103 switch(m_code) {
104 case RSA_PKCS1_SHA1:
105 case ECDSA_SHA1:
106 return "SHA-1";
107
108 case ECDSA_SHA256:
109 case RSA_PKCS1_SHA256:
110 case RSA_PSS_SHA256:
111 return "SHA-256";
112
113 case ECDSA_SHA384:
114 case RSA_PKCS1_SHA384:
115 case RSA_PSS_SHA384:
116 return "SHA-384";
117
118 case ECDSA_SHA512:
119 case RSA_PKCS1_SHA512:
120 case RSA_PSS_SHA512:
121 return "SHA-512";
122
123 case EDDSA_25519:
124 case EDDSA_448:
125 return "Pure";
126
127 default:
128 return "Unknown hash function";
129 }
130}

References ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Handshake_State::choose_sig_format(), and Botan::TLS::Handshake_State::parse_sig_format().

◆ is_available()

bool Botan::TLS::Signature_Scheme::is_available ( ) const
noexcept
Returns
true if support for this scheme is implemented in this Botan build

Definition at line 57 of file tls_signature_scheme.cpp.

57 {
59}
static const std::vector< Signature_Scheme > & all_available_schemes()
bool value_exists(const std::vector< T > &vec, const OT &val)
Definition stl_util.h:117

References all_available_schemes(), and Botan::value_exists().

Referenced by Botan::TLS::Certificate_Verify_13::Certificate_Verify_13(), Botan::TLS::Certificate_Verify_13::Certificate_Verify_13(), Botan::TLS::Handshake_State::parse_sig_format(), and Botan::TLS::Certificate_Verify_13::verify().

◆ is_compatible_with()

bool Botan::TLS::Signature_Scheme::is_compatible_with ( const Protocol_Version & protocol_version) const
noexcept

Definition at line 281 of file tls_signature_scheme.cpp.

281 {
282 // RFC 8446 4.4.3:
283 // The SHA-1 algorithm MUST NOT be used in any signatures of
284 // CertificateVerify messages.
285 //
286 // Note that Botan enforces that for TLS 1.2 as well.
287 if(hash_function_name() == "SHA-1") {
288 return false;
289 }
290
291 // RFC 8446 4.4.3:
292 // RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether
293 // RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms".
294 //
295 // Note that this is enforced for TLS 1.3 and above only.
296 if(!protocol_version.is_pre_tls_13() && (m_code == RSA_PKCS1_SHA1 || m_code == RSA_PKCS1_SHA256 ||
297 m_code == RSA_PKCS1_SHA384 || m_code == RSA_PKCS1_SHA512)) {
298 return false;
299 }
300
301 return true;
302}
std::string hash_function_name() const noexcept

Referenced by Botan::TLS::Certificate_Verify_13::Certificate_Verify_13(), Botan::TLS::Certificate_Verify_13::Certificate_Verify_13(), and Botan::TLS::Handshake_State::parse_sig_format().

◆ is_set()

bool Botan::TLS::Signature_Scheme::is_set ( ) const
noexcept
Returns
true if the wire_code is set to any value other than NONE

Definition at line 61 of file tls_signature_scheme.cpp.

61 {
62 return m_code != NONE;
63}

References NONE.

Referenced by Botan::TLS::Certificate_Verify::Certificate_Verify(), and Botan::TLS::Certificate_Verify::serialize().

◆ is_suitable_for()

bool Botan::TLS::Signature_Scheme::is_suitable_for ( const Private_Key & private_key) const
noexcept

Definition at line 304 of file tls_signature_scheme.cpp.

304 {
305 if(algorithm_name() != private_key.algo_name()) {
306 return false;
307 }
308
309 // The ECDSA private key length must match the utilized hash output length.
310 const auto keylen = private_key.key_length();
311 if(keylen <= 250) {
312 return false;
313 }
314
315 if(m_code == ECDSA_SHA256 && !(keylen >= 250 && keylen <= 350)) {
316 return false;
317 }
318
319 if(m_code == ECDSA_SHA384 && !(keylen >= 350 && keylen <= 450)) {
320 return false;
321 }
322
323 if(m_code == ECDSA_SHA512 && !(keylen >= 450 && keylen <= 550)) {
324 return false;
325 }
326
327 return true;
328}
std::string algorithm_name() const noexcept

◆ key_algorithm_identifier()

AlgorithmIdentifier Botan::TLS::Signature_Scheme::key_algorithm_identifier ( ) const
noexcept

Definition at line 197 of file tls_signature_scheme.cpp.

197 {
198 switch(m_code) {
199 // case ECDSA_SHA1: not defined
200 case ECDSA_SHA256:
201 return {"ECDSA", EC_Group("secp256r1").DER_encode(EC_Group_Encoding::NamedCurve)};
202 case ECDSA_SHA384:
203 return {"ECDSA", EC_Group("secp384r1").DER_encode(EC_Group_Encoding::NamedCurve)};
204 case ECDSA_SHA512:
205 return {"ECDSA", EC_Group("secp521r1").DER_encode(EC_Group_Encoding::NamedCurve)};
206
207 case EDDSA_25519:
208 return {"Ed25519", AlgorithmIdentifier::USE_EMPTY_PARAM};
209
210 case RSA_PKCS1_SHA1:
211 case RSA_PKCS1_SHA256:
212 case RSA_PKCS1_SHA384:
213 case RSA_PKCS1_SHA512:
214 case RSA_PSS_SHA256:
215 case RSA_PSS_SHA384:
216 case RSA_PSS_SHA512:
218
219 default:
220 return AlgorithmIdentifier();
221 }
222}

References Botan::EC_Group::DER_encode(), ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, Botan::NamedCurve, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, Botan::AlgorithmIdentifier::USE_EMPTY_PARAM, and Botan::AlgorithmIdentifier::USE_NULL_PARAM.

Referenced by Botan::TLS::Certificate_Verify_13::verify().

◆ operator!=()

bool Botan::TLS::Signature_Scheme::operator!= ( const Signature_Scheme & rhs) const
inline

Definition at line 93 of file tls_signature_scheme.h.

93{ return !(*this == rhs); }

◆ operator==()

bool Botan::TLS::Signature_Scheme::operator== ( const Signature_Scheme & rhs) const
inline

Definition at line 91 of file tls_signature_scheme.h.

91{ return m_code == rhs.m_code; }

◆ padding_string()

std::string Botan::TLS::Signature_Scheme::padding_string ( ) const
noexcept

Definition at line 132 of file tls_signature_scheme.cpp.

132 {
133 switch(m_code) {
134 case RSA_PKCS1_SHA1:
135 return "EMSA_PKCS1(SHA-1)";
136 case RSA_PKCS1_SHA256:
137 return "EMSA_PKCS1(SHA-256)";
138 case RSA_PKCS1_SHA384:
139 return "EMSA_PKCS1(SHA-384)";
140 case RSA_PKCS1_SHA512:
141 return "EMSA_PKCS1(SHA-512)";
142
143 case ECDSA_SHA1:
144 return "SHA-1";
145 case ECDSA_SHA256:
146 return "SHA-256";
147 case ECDSA_SHA384:
148 return "SHA-384";
149 case ECDSA_SHA512:
150 return "SHA-512";
151
152 case RSA_PSS_SHA256:
153 return "PSSR(SHA-256,MGF1,32)";
154 case RSA_PSS_SHA384:
155 return "PSSR(SHA-384,MGF1,48)";
156 case RSA_PSS_SHA512:
157 return "PSSR(SHA-512,MGF1,64)";
158
159 case EDDSA_25519:
160 return "Pure";
161 case EDDSA_448:
162 return "Pure";
163
164 default:
165 return "Unknown padding";
166 }
167}

References ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

Referenced by Botan::TLS::Certificate_Verify_13::Certificate_Verify_13(), Botan::TLS::Handshake_State::choose_sig_format(), Botan::TLS::Handshake_State::parse_sig_format(), and Botan::TLS::Certificate_Verify_13::verify().

◆ to_string()

std::string Botan::TLS::Signature_Scheme::to_string ( ) const
noexcept

Definition at line 65 of file tls_signature_scheme.cpp.

65 {
66 switch(m_code) {
67 case RSA_PKCS1_SHA1:
68 return "RSA_PKCS1_SHA1";
70 return "RSA_PKCS1_SHA256";
72 return "RSA_PKCS1_SHA384";
74 return "RSA_PKCS1_SHA512";
75
76 case ECDSA_SHA1:
77 return "ECDSA_SHA1";
78 case ECDSA_SHA256:
79 return "ECDSA_SHA256";
80 case ECDSA_SHA384:
81 return "ECDSA_SHA384";
82 case ECDSA_SHA512:
83 return "ECDSA_SHA512";
84
85 case RSA_PSS_SHA256:
86 return "RSA_PSS_SHA256";
87 case RSA_PSS_SHA384:
88 return "RSA_PSS_SHA384";
89 case RSA_PSS_SHA512:
90 return "RSA_PSS_SHA512";
91
92 case EDDSA_25519:
93 return "EDDSA_25519";
94 case EDDSA_448:
95 return "EDDSA_448";
96
97 default:
98 return "Unknown signature scheme: " + std::to_string(m_code);
99 }
100}

References ECDSA_SHA1, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, EDDSA_25519, EDDSA_448, RSA_PKCS1_SHA1, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, and RSA_PSS_SHA512.

◆ wire_code()

Signature_Scheme::Code Botan::TLS::Signature_Scheme::wire_code ( ) const
inlinenoexcept

Definition at line 68 of file tls_signature_scheme.h.

68{ return m_code; }

Referenced by Botan::TLS::Certificate_Verify::serialize().


The documentation for this class was generated from the following files: