search

ibmruntimes / openj9-openjdk-jdk21

GNU General Public License v2.0
8 stars 40 forks source link

Support brainpoolP512r1 TLS 1.3 RFC 8734 #181

Closed jasonkatonica closed 3 months ago

jasonkatonica commented 3 months ago

This update supports both the ecdsa_brainpoolP512r1tls13_sha512 signature scheme and brainpoolP512r1tls13 key exchange mechanisms defined in RFC 8734 using openssl.

The NativeECDHKeyAgreement class was enhanced to allow for a key exchange to take place using the EC named curve brainpoolP512r1. This functionality can be enabled by configuring the named group brainpoolP512r1tls13.

The NativeECDSASignature class was enhanced to allow for ECDSA brainpoolP512r1 signatures to be routed to openssl for execution.

The NativeECKeyPairGenerator was enhanced to allow for brainpoolP512r1 based keys to be generated with openssl.

Both the ecdsa_brainpoolP512r1tls13_sha512 signature scheme and brainpoolP512r1tls13 key exchange mechanism are optionally configured and not enabled by default.

Tests were added to exercise both the signature scheme and key exchange along with sign and verify using the brainpoolP512r1 named curve.

keithc-ca commented 3 months ago

Jenkins test sanity amac jdk21