ko-maren
commented
2 weeks ago What is the current status of this? Are there any plans to support brainpool in TLS 1.3 or got it already implemented?
Open reneme opened 1 year ago
ko-maren
commented
2 weeks ago What is the current status of this? Are there any plans to support brainpool in TLS 1.3 or got it already implemented?
reneme
commented
2 weeks ago As it stands, there is support for the actual brainpool signatures, but the integration in TLS isn't fully functional. Similarly, for the key exchange, there's a pull request that has also stalled unfortunately: https://github.com/randombit/botan/pull/3810
If there's an interest in using brainpool in TLS, we should look into how to pick up this work again.
Currently, the enum
TLS::Signature_Scheme::Codedoes not contain code points for brainpool signatures RFC 8734 (0x081A-0x081C). Instead, the implementation accepts the usage of Brainpool keys with the code points forECDSA_SHAxxx(0x0403, 0x0503, 0x0603).As defined in RFC 8446 Section 4.2.3, the code points 0x0*03 are meant for the NIST curves exclusively. Instead, we should introduce the brainpool-specific code points from RFC 8734 and fix the validation code that ensures proper association.
See also:
TLS::Signature_Scheme::is_suitable_for(Private_Key)Handshake_State::parse_sig_format()(TLS 1.2)Certificate_Verify_13::choose_signature_scheme()