Support explicit EC parameters for Brainpool curves#14905
Open
sfarestam-iproov wants to merge 1 commit into
Open
Support explicit EC parameters for Brainpool curves#14905sfarestam-iproov wants to merge 1 commit into
sfarestam-iproov wants to merge 1 commit into
Conversation
sfarestam-iproov
force-pushed
the
brainpool-explicit-params
branch
from
d11eedf to
04cad16
Compare
ICAO Doc 9303 Part 12 Section 4.1.6.3 mandates that ECDSA keys in ePassport certificates use explicit EC domain parameters. PR pyca#12916 added explicit-to-named-curve mapping for P-256, P-384, and P-521. This extends the same mapping to brainpoolP256r1, brainpoolP384r1, and brainpoolP512r1, which are already supported as named curves. Domain parameters are from RFC 5639 Section 3. Both with-seed and without-seed variants are supported, matching the NIST curve pattern. This enables loading of ePassport CSCA and Document Signer certificates from 30+ countries (Germany, Sweden, Finland, Switzerland, etc.) that use Brainpool curves with explicit parameters per the ICAO standard. Closes pyca#5659 (Brainpool portion)
sfarestam-iproov
force-pushed
the
brainpool-explicit-params
branch
from
04cad16 to
ffdae46
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Extend the explicit-to-named-curve mapping (added in #12916) to cover brainpoolP256r1, brainpoolP384r1, and brainpoolP512r1. These curves are already supported as named curves — this PR adds only the
SpecifiedECDomainconstants so that keys encoded with explicit domain parameters are recognized and mapped to the existing named curves.Motivation
ICAO Doc 9303 (the international standard for machine-readable travel documents / ePassports), Part 12, Section 4.1.6.3 states:
The standard further recommends BSI TR-03111 for elliptic curve selection, which includes the Brainpool curves defined in RFC 5639.
Countries including Germany, Sweden, Finland, Switzerland, Austria, Cyprus, Lithuania, Latvia, Brazil, Russia, China, Turkey, and 20+ others issue ePassport CSCA and Document Signer certificates using Brainpool curves with explicit parameters, exactly as the standard mandates. These certificates are available in the publicly downloadable German CSCA Master List (580 certificates from 114 countries) and the Dutch CSCA Master List.
What this PR does
BRAINPOOLP256R1_DOMAIN,BRAINPOOLP384R1_DOMAIN,BRAINPOOLP512R1_DOMAINconstants (and_NO_SEEDvariants) toec_constants.rs, with domain parameters from RFC 5639 Section 3SpecifiedCurvebranch ofec_params_to_groupinec.rs, gated behind#[cfg(not(any(CRYPTOGRAPHY_IS_BORINGSSL, CRYPTOGRAPHY_IS_AWSLC)))](same as the existing named-curve Brainpool entries)openssl ecparam -name <curve> -param_enc explicit [-no_seed] -genkeytest_load_private_key_explicit_parametersandtest_load_public_key_explicit_parametersparametrized testsWhat this PR does NOT do
References