iaik.security.ssl

Class SignatureScheme

java.lang.Object

iaik.security.ssl.SignatureAndHashAlgorithm

iaik.security.ssl.SignatureScheme

All Implemented Interfaces:

java.lang.Cloneable

public class SignatureScheme
extends SignatureAndHashAlgorithm

Implements the TLS 1.3 SignatureScheme structure as specified by RFC 8446.

Note that the TLS 1.3 SignatureScheme type replaces the TLS 1.2 the SignatureAndHashAlgorithm type. For compatibility reasons iSaSiLk can be used with both types, SignatureAndHashAlgorithm and SignatureScheme.

A TLS 1.3 client/server may use the SignatureScheme structure to announce the signature algorithms it is able to support to the peer. The client, for instance, may send a SignatureAlgorithms extension with the ClientHello extension list to tell the server which SignatureSchemes the client can process to, e.g., verify the server certificates or, e.g., sign the CertificateVerify message.
The server, for instance, will specify a list of expected SignatureSchemes when sending the CertificateRequest message.

Each SignatureScheme is specified as id consisting of two hex numbers: (see RFC 8446):

    enum {
         // RSASSA-PKCS1-v1_5 algorithms 
         rsa_pkcs1_sha256(0x0401),
         rsa_pkcs1_sha384(0x0501),
         rsa_pkcs1_sha512(0x0601),

         // ECDSA algorithms 
         ecdsa_secp256r1_sha256(0x0403),
         ecdsa_secp384r1_sha384(0x0503),
         ecdsa_secp521r1_sha512(0x0603),

         // RSASSA-PSS algorithms with public key OID rsaEncryption 
         rsa_pss_rsae_sha256(0x0804),
         rsa_pss_rsae_sha384(0x0805),
         rsa_pss_rsae_sha512(0x0806),

         // EdDSA algorithms 
         ed25519(0x0807),
         ed448(0x0808),

         // RSASSA-PSS algorithms with public key OID RSASSA-PSS 
         rsa_pss_pss_sha256(0x0809),
         rsa_pss_pss_sha384(0x080a),
         rsa_pss_pss_sha512(0x080b),

         // Legacy algorithms 
         rsa_pkcs1_sha1(0x0201),
         ecdsa_sha1(0x0203),

         // Reserved Code Points 
         private_use(0xFE00..0xFFFF),
         (0xFFFF)
         
    } SignatureScheme;

    struct {
        SignatureScheme supported_signature_algorithms<2..2^16-2>;
    } SignatureSchemeList;
 

The following TLS 1.3 SignatureSchemes are supported by iSaSiLk:

• ed25519 (id: 0x0807)
• ed448 (id: 0x0808)
• ecdsa_secp256r1_sha256 (id: 0x0403)
• ecdsa_secp384r1_sha384 (id: 0x0503)
• ecdsa_secp521r1_sha512 (id: 0x0603)
• rsa_pkcs1_sha256 (id: 0x0401)
• rsa_pkcs1_sha384 (id: 0x0501)
• rsa_pkcs1_sha512 (id: 0x0601)
• rsa_pss_rsae_sha256 (id: 0x0804)
• rsa_pss_rsae_sha384 (id: 0x0805)
• rsa_pss_rsae_sha512 (id: 0x0806)
• rsa_pss_pss_sha256 (id: 0x0809)
• rsa_pss_pss_sha384 (id: 0x080a)
• rsa_pss_pss_sha512 (id: 0x080b)
• rsa_pkcs1_sha1 (id: 0x0201) (TLS 1.2 legacy)
• ecdsa_sha1 (id: 0x0203) (TLS 1.2 legacy)

The following signature schemes are supported for compatibility reasons with TLS 1.2 but shall not used with TLS 1.3 anymore (and do not belong to the default algorithm set):

• SHA256withDSA (id: 0x0402)
• SHA512withDSA (id: 0x0602)
• SHA384withDSA (id: 0x0502)
• SHA224withRSA (id: 0x0301)
• SHA224withECDSA (id: 0x0303)
• SHA224withDSA (id: 0x0302)
• SHA1withDSA (id: 0x0202)
• MD5withRSA (id: 0x0101)

Note that the TLS 1.3 has deprecated all TLS 1.2 DSA based signature algorithms and all signature algorithms that use SHA-224 as hash algorithm. rsa_pkcs1_sha1 and ecdsa_sha1 are only maintained for interoperability reasons to existing applications using RSA/SHA-1 or ECDSA/SHA-1 certificates. They shall not be for signed TKS handshake messages anymore.
Furthermore the SignatureScheme usage differs somewhat from that of TLS 1.2 SignatureAndHashAlgorithm. Whereas TLS 1.2 ECDSA* signature algorithms may be used with any elliptic curve, TLS 1.3 ecdsa* signature schemes maybe used with the the specific elliptic curve they are explicitly specified for: ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha256 for the NIST curves secp256r1, secp384r1 and secp521r1, respectively.

See Also:

SignatureAlgorithms, SignatureSchemeList

Field Summary

Fields

Modifier and Type	Field and Description
static SignatureScheme	ecdsa_secp256r1_sha256 TLS 1.3 SignatureScheme "ecdsa_secp256r1_sha256" (id: 0x0403).
static SignatureScheme	ecdsa_secp384r1_sha384 TLS 1.3 SignatureScheme "ecdsa_secp384r1_sha384" (id: 0x0503).
static SignatureScheme	ecdsa_secp521r1_sha512 TLS 1.3 SignatureScheme "ecdsa_secp521r1_sha512" (id: 0x0603).
static SignatureScheme	ecdsa_sha1 TLS 1.3 Legacy SignatureScheme "ecdsa_sha1" (id: 0x0203).
static SignatureScheme	ed25519 TLS 1.3 SignatureScheme "ed25519" (id: 0x0807).
static SignatureScheme	ed448 TLS 1.3 SignatureScheme "ed448" (id: 0x0808).
static SignatureScheme	rsa_pkcs1_sha1 TLS 1.3 Legacy SignatureScheme "rsa_pkcs1_sha1" (id: 0x0201).
static SignatureScheme	rsa_pkcs1_sha256 TLS 1.3 SignatureScheme "rsa_pkcs1_sha256" (id: 0x0401).
static SignatureScheme	rsa_pkcs1_sha384 TLS 1.3 SignatureScheme "rsa_pkcs1_sha384" (id: 0x0501).
static SignatureScheme	rsa_pkcs1_sha512 TLS 1.3 SignatureScheme "rsa_pkcs1_sha512" (id: 0x0601).
static SignatureScheme	rsa_pss_pss_sha256 TLS 1.3 SignatureScheme "rsa_pss_pss_sha256" with public key OID RSASSA-PSS (id: 0x0809).
static SignatureScheme	rsa_pss_pss_sha384 TLS 1.3 SignatureScheme "rsa_pss_pss_sha384" with public key OID RSASSA-PSS (id: 0x080a).
static SignatureScheme	rsa_pss_pss_sha512 TLS 1.3 SignatureScheme "rsa_pss_pss_sha512" with public key OID RSASSA-PSS (id: 0x080b).
static SignatureScheme	rsa_pss_rsae_sha256 TLS 1.3 SignatureScheme "rsa_pss_rsae_sha256" with public key OID rsaEncryption (id: 0x0804).
static SignatureScheme	rsa_pss_rsae_sha384 TLS 1.3 SignatureScheme "rsa_pss_rsae_sha384" with public key OID rsaEncryption (id: 0x0805).
static SignatureScheme	rsa_pss_rsae_sha512 TLS 1.3 SignatureScheme "rsa_pss_rsae_sha512" with public key OID rsaEncryption (id: 0x0806).

Fields inherited from class iaik.security.ssl.SignatureAndHashAlgorithm

ED25519, ED448, MD5withRSA, SHA1withDSA, SHA1withECDSA, SHA1withRSA, SHA224withDSA, SHA224withECDSA, SHA224withRSA, SHA256withDSA, SHA256withECDSA, SHA256withRSA, SHA256withRSAPSS_PSS, SHA256withRSAPSS_RSAE, SHA384withDSA, SHA384withECDSA, SHA384withRSA, SHA384withRSAPSS_PSS, SHA384withRSAPSS_RSAE, SHA512withDSA, SHA512withECDSA, SHA512withRSA, SHA512withRSAPSS_PSS, SHA512withRSAPSS_RSAE

Method Summary

Modifier and Type	Method and Description
java.lang.Object	clone() Returns a clone of this SigAndHashAlgId.
java.lang.String	getSchemeName() Gets the name of this signature scheme in TLS 1.3 signature scheme syntax.

Methods inherited from class iaik.security.ssl.SignatureAndHashAlgorithm

equals, getId, getName, getVersion, hashCode, setVersion, toString, toString

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

rsa_pkcs1_sha1

public static final SignatureScheme rsa_pkcs1_sha1

TLS 1.3 Legacy SignatureScheme "rsa_pkcs1_sha1" (id: 0x0201). Same as SHA1withRSA.

rsa_pkcs1_sha256

public static final SignatureScheme rsa_pkcs1_sha256

TLS 1.3 SignatureScheme "rsa_pkcs1_sha256" (id: 0x0401). Same as SHA256withRSA.

rsa_pkcs1_sha384

public static final SignatureScheme rsa_pkcs1_sha384

TLS 1.3 SignatureScheme "rsa_pkcs1_sha384" (id: 0x0501). Same as SHA384withRSA.

rsa_pkcs1_sha512

public static final SignatureScheme rsa_pkcs1_sha512

TLS 1.3 SignatureScheme "rsa_pkcs1_sha512" (id: 0x0601). Same as SHA512withRSA.

rsa_pss_rsae_sha256

public static final SignatureScheme rsa_pss_rsae_sha256

TLS 1.3 SignatureScheme "rsa_pss_rsae_sha256" with public key OID rsaEncryption (id: 0x0804). Same as SHA256withRSAPSS_RSAE.

rsa_pss_rsae_sha384

public static final SignatureScheme rsa_pss_rsae_sha384

TLS 1.3 SignatureScheme "rsa_pss_rsae_sha384" with public key OID rsaEncryption (id: 0x0805). Same as SHA384withRSAPSS_RSAE.

rsa_pss_rsae_sha512

public static final SignatureScheme rsa_pss_rsae_sha512

TLS 1.3 SignatureScheme "rsa_pss_rsae_sha512" with public key OID rsaEncryption (id: 0x0806). Same as SHA512withRSAPSS_RSAE.

rsa_pss_pss_sha256

public static final SignatureScheme rsa_pss_pss_sha256

TLS 1.3 SignatureScheme "rsa_pss_pss_sha256" with public key OID RSASSA-PSS (id: 0x0809). Same as SHA256withRSAPSS_PSS.

rsa_pss_pss_sha384

public static final SignatureScheme rsa_pss_pss_sha384

TLS 1.3 SignatureScheme "rsa_pss_pss_sha384" with public key OID RSASSA-PSS (id: 0x080a). Same as SHA384withRSAPSS_PSS.

rsa_pss_pss_sha512

public static final SignatureScheme rsa_pss_pss_sha512

TLS 1.3 SignatureScheme "rsa_pss_pss_sha512" with public key OID RSASSA-PSS (id: 0x080b). Same as SHA512withRSAPSS_PSS.

ecdsa_sha1

public static final SignatureScheme ecdsa_sha1

TLS 1.3 Legacy SignatureScheme "ecdsa_sha1" (id: 0x0203). Same as SHA1withECDSA.

ecdsa_secp256r1_sha256

public static final SignatureScheme ecdsa_secp256r1_sha256

TLS 1.3 SignatureScheme "ecdsa_secp256r1_sha256" (id: 0x0403). Same as SHA256withECDSA.

ecdsa_secp384r1_sha384

public static final SignatureScheme ecdsa_secp384r1_sha384

TLS 1.3 SignatureScheme "ecdsa_secp384r1_sha384" (id: 0x0503). Same as SHA384withECDSA.

ecdsa_secp521r1_sha512

public static final SignatureScheme ecdsa_secp521r1_sha512

TLS 1.3 SignatureScheme "ecdsa_secp521r1_sha512" (id: 0x0603). Same as SHA512withECDSA.

ed25519

public static final SignatureScheme ed25519

TLS 1.3 SignatureScheme "ed25519" (id: 0x0807). Same as ED25519.

ed448

public static final SignatureScheme ed448

TLS 1.3 SignatureScheme "ed448" (id: 0x0808). Same as ED448.

Method Detail

getSchemeName

public java.lang.String getSchemeName()

Gets the name of this signature scheme in TLS 1.3 signature scheme syntax.

Returns:

the TLS 1.3 signature scheme name (e.g. "rsa_pkcs1_sha256" for "SHA256withRSA")

clone

public java.lang.Object clone()

Returns a clone of this SigAndHashAlgId.

Overrides:

clone in class SignatureAndHashAlgorithm

Returns:

a clone