search

ibmruntimes / openj9-openjdk-jdk17

Extensions for OpenJDK 17 for Eclipse OpenJ9
GNU General Public License v2.0
23 stars 53 forks source link

Support brainpoolP512r1 TLS 1.3 RFC 8734 #371

Closed jasonkatonica closed 1 month ago

jasonkatonica commented 1 month ago

This update supports both the ecdsa_brainpoolP512r1tls13_sha512 signature scheme and brainpoolP512r1tls13 key exchange mechanisms defined in RFC 8734 using openssl.

The NativeECDHKeyAgreement class was enhanced to allow for a key exchange to take place using the EC named curve brainpoolP512r1. This functionality can be enabled by configuring the named group brainpoolP512r1tls13.

The NativeECDSASignature class was enhanced to allow for ECDSA brainpoolP512r1 signatures to be routed to openssl for execution.

The NativeECKeyPairGenerator was enhanced to allow for brainpoolP512r1 based keys to be generated with openssl.

Both the ecdsa_brainpoolP512r1tls13_sha512 signature scheme and brainpoolP512r1tls13 key exchange mechanism are optionally configured and not enabled by default.

Tests were added to exercise both the signature scheme and key exchange along with sign and verify using the brainpoolP512r1 named curve.

keithc-ca commented 1 month ago

Jenkins test sanity alinux jdk17