iSaSiLk 6.1, (c) 2002 IAIK, (c) 2003 - 2015 SICpublic class NamedGroup
extends java.lang.Object
implements java.lang.Cloneable
NamedGroup element of the
SupportedGroups
The SupportedGroups (supported_groups) extension replaces
the SupportedEllipticCurves (elliptic_curves) extension to
extend it about support for finite field based Diffie-Hellman (DH) key exchange.
Although the [@link SupportedEllipticCurves SupportedEllipticCurves} class can
still be used for backwards compatibility to former iSaSiLk versions it is
recommended to use this SupportedGroups implementation
instead of it.
A SupportedGroups extension might be sent by the client within
an extended ClientHello message to tell the server which groups
are supported by the client when using an ECDHE or DHE based cipher suite. The server
uses the information sent by the client to select an ECC/DHE cipher suite in
accordance with the ECDHE/FFDHE groups supported by the client. The server
itself generally does not send a SupportedGroups extension.
TLS defines the SupportedGroups extension as list of named
groups (see RFC 7919):
enum {
Elliptic Curve Groups (ECDHE)
secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
x25519(0x001D), x448(0x001E),
// Finite Field Groups (DHE)
ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
ffdhe6144(0x0103), ffdhe8192(0x0104),
// Reserved Code Points
ffdhe_private_use(0x01FC..0x01FF),
ecdhe_private_use(0xFE00..0xFEFF),
(0xFFFF)
} NamedGroup;
struct {
NamedGroup named_group_list<2..2^16-1>;
} NamedGroupList;
The client shall send the list of supported groups in its preference order.
In addition to the elliptic groups listed above, iSaSiLk supports the following Brainpool groups from RFC 7027:
enum {
brainpoolP256r1(26),
brainpoolP384r1(27),
brainpoolP512r1(28)
} NamedGroup;
iSaSiLk also supports the following hybrid groups combining a classical (ECC) and a PQ (ML-KEM)
key exchange algorithm to protect key establishment in transition to post quantum cryptography
(see Post-quantum hybrid ECDHE-MLKEM Key Agreement for TLSv1.3 and
Hybrid key exchange in TLS 1.3:
enum {
SecP256r1MLKEM768(0x11EB),
X25519MLKEM768(0x11EC)
} NamedGroup;
SupportedGroups| Constructor and Description |
|---|
NamedGroup(java.lang.String name,
int id)
Creates a group with the given name, oid string and id.
|
| Modifier and Type | Method and Description |
|---|---|
java.lang.Object |
clone()
Gets a clone of this NamedGroup object.
|
boolean |
equals(java.lang.Object obj)
Checks if this NamedGroup is equal to the given object.
|
int |
getID()
Gets the TLS id of this group.
|
java.lang.String |
getName()
Gets the name of the group.
|
int |
hashCode()
Gets a hash code of this NamedGroup object.
|
java.lang.String |
toString()
Gets a String representation of this NamedGroup.
|
public NamedGroup(java.lang.String name,
int id)
name - the name of the groupid - the TLS id of the groupjava.lang.IllegalArgumentException - if the given TLS id is out-of-range (not between 1 and
216-1); or name is nullpublic java.lang.String getName()
public int getID()
public int hashCode()
hashCode in class java.lang.Objectpublic boolean equals(java.lang.Object obj)
equals in class java.lang.Objecttrue if this NamedGroup is equal to the given object
(same group id), false if it is not equal to itpublic java.lang.Object clone()
clone in class java.lang.Objectpublic java.lang.String toString()
toString in class java.lang.Object