search

ibmruntimes / openj9-openjdk-jdk

Extensions for OpenJDK for Eclipse OpenJ9
GNU General Public License v2.0
17 stars 73 forks source link

Support brainpoolP512r1 TLS 1.3 RFC 8734 #801

Closed jasonkatonica closed 1 month ago

jasonkatonica commented 3 months ago

This update supports both the ecdsa_brainpoolP512r1tls13_sha512 signature scheme and brainpoolP512r1tls13 key exchange mechanisms defined in RFC 8734 using openssl.

The NativeECDHKeyAgreement class was enhanced to allow for a key exchange to take place using the EC named curve brainpoolP512r1. This functionality can be enabled by configuring the named group brainpoolP512r1tls13.

The NativeECDSASignature class was enhanced to allow for ECDSA brainpoolP512r1 signatures to be routed to openssl for execution.

The NativeECKeyPairGenerator was enhanced to allow for brainpoolP512r1 based keys to be generated with openssl.

Both the ecdsa_brainpoolP512r1tls13_sha512 signature scheme and brainpoolP512r1tls13 key exchange mechanism are optionally configured and not enabled by default.

Tests were added to exercise both the signature scheme and key exchange along with sign and verify using the brainpoolP512r1 named curve.

Signed-off-by: Jason Katonica katonica@us.ibm.com

keithc-ca commented 3 months ago

This looks good, but please squash, and then mark as "ready for review" when you're ready.

keithc-ca commented 1 month ago

Jenkins compile aix,zlinux jdknext

keithc-ca commented 1 month ago

Grinder for jdk_security3 https://openj9-jenkins.osuosl.org/job/Grinder/3747 passed except for known failures discussed in https://github.com/eclipse-openj9/openj9/issues/19499.