Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support brainpoolP512r1 TLS 1.3 RFC 8734 #801

Merged
merged 1 commit into from
Jul 26, 2024
Merged

Support brainpoolP512r1 TLS 1.3 RFC 8734 #801

merged 1 commit into from
Jul 26, 2024

Conversation

jasonkatonica
Copy link
Contributor

This update supports both the ecdsa_brainpoolP512r1tls13_sha512
signature scheme and brainpoolP512r1tls13 key exchange mechanisms
defined in RFC 8734 using openssl.

The NativeECDHKeyAgreement class was enhanced to allow for a key
exchange to take place using the EC named curve brainpoolP512r1. This
functionality can be enabled by configuring the named group
brainpoolP512r1tls13.

The NativeECDSASignature class was enhanced to allow for ECDSA
brainpoolP512r1 signatures to be routed to openssl for execution.

The NativeECKeyPairGenerator was enhanced to allow for
brainpoolP512r1 based keys to be generated with openssl.

Both the ecdsa_brainpoolP512r1tls13_sha512 signature scheme and
brainpoolP512r1tls13 key exchange mechanism are optionally configured
and not enabled by default.

Tests were added to exercise both the signature scheme and key exchange
along with sign and verify using the brainpoolP512r1 named curve.

Signed-off-by: Jason Katonica [email protected]

@jasonkatonica jasonkatonica marked this pull request as draft June 6, 2024 15:51
@jasonkatonica jasonkatonica force-pushed the katonica/feature/brainpoolnext branch 2 times, most recently from eba8de6 to 967731e Compare June 6, 2024 16:00
@keithc-ca keithc-ca self-requested a review June 6, 2024 16:28
keithc-ca
keithc-ca requested changes Jun 7, 2024
View reviewed changes
@jasonkatonica jasonkatonica force-pushed the katonica/feature/brainpoolnext branch 9 times, most recently from 81d80cf to 2705bd9 Compare June 12, 2024 12:09
@jasonkatonica jasonkatonica requested a review from keithc-ca June 12, 2024 12:13
keithc-ca
keithc-ca requested changes Jun 12, 2024
View reviewed changes
@jasonkatonica jasonkatonica force-pushed the katonica/feature/brainpoolnext branch from 9efd824 to 8a5eeb6 Compare June 13, 2024 13:19
@jasonkatonica jasonkatonica force-pushed the katonica/feature/brainpoolnext branch from daa15a3 to 28a72f1 Compare June 14, 2024 13:24
@keithc-ca
Copy link
Member

This looks good, but please squash, and then mark as "ready for review" when you're ready.

@jasonkatonica jasonkatonica force-pushed the katonica/feature/brainpoolnext branch from 28a72f1 to 20cd9ec Compare June 19, 2024 17:43
@jasonkatonica
Support brainpoolP512r1 TLS 1.3 RFC 8734
0370f64 
This update supports both the `ecdsa_brainpoolP512r1tls13_sha512`
signature scheme and `brainpoolP512r1tls13` key exchange mechanisms
defined in `RFC 8734` using `openssl`.

The `NativeECDHKeyAgreement` class was enhanced to allow for a key
exchange to take place using the EC named curve `brainpoolP512r1`. This
functionality can be enabled by configuring the named group
`brainpoolP512r1tls13`.

The `NativeECDSASignature` class was enhanced to allow for `ECDSA`
`brainpoolP512r1` signatures to be routed to openssl for execution.

The `NativeECKeyPairGenerator` was enhanced to allow for
`brainpoolP512r1` based keys to be generated with openssl.

Both the `ecdsa_brainpoolP512r1tls13_sha512` signature scheme and
`brainpoolP512r1tls13` key exchange mechanism are optionally configured
and not enabled by default.

Tests were added to exercise both the signature scheme and key exchange
along with sign and verify using the `brainpoolP512r1` named curve.

Signed-off-by: Jason Katonica <[email protected]>
@jasonkatonica jasonkatonica force-pushed the katonica/feature/brainpoolnext branch from 20cd9ec to 0370f64 Compare July 17, 2024 12:49
@jasonkatonica jasonkatonica marked this pull request as ready for review July 17, 2024 12:52
@jasonkatonica jasonkatonica requested a review from keithc-ca July 17, 2024 12:53
@keithc-ca
Copy link
Member

Jenkins compile aix,zlinux jdknext

@keithc-ca
Copy link
Member

Grinder for jdk_security3 https://openj9-jenkins.osuosl.org/job/Grinder/3747 passed except for known failures discussed in eclipse-openj9/openj9#19499.

@keithc-ca keithc-ca merged commit 69742a2 into ibmruntimes:openj9 Jul 26, 2024
5 checks passed
@jasonkatonica jasonkatonica mentioned this pull request Aug 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keithc-ca keithc-ca keithc-ca approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jasonkatonica @keithc-ca