Merge 4acec68 into 08467ca

tests/serverBrainpoolP256r1ECCert.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBfTCCASSgAwIBAgIUdcPtlDRLVcVmWcQ3V31oeAXDS1UwCgYIKoZIzj0EAwIw
+FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIwMTAyMjE5NTQzNloXDTMwMTAyMDE5
+NTQzNlowFDESMBAGA1UEAwwJbG9jYWxob3N0MFowFAYHKoZIzj0CAQYJKyQDAwII
+AQEHA0IABAJ7rqWzCX/dPvyygGHSay+KSoyatGdA4/mciwqar+GdmwSWTzB9l0R3
+I4/rpCZ+Ri7CemspDWiZSYmZSMn3HESjUzBRMB0GA1UdDgQWBBT7XD/anl1lj1RP
+LVFQlaeWiC2nvjAfBgNVHSMEGDAWgBT7XD/anl1lj1RPLVFQlaeWiC2nvjAPBgNV
+HRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIAj6K/bwKOM26tKSNcLHPIr+
+XWZmSjaBCcaHeLuZcX8RAiBb6QIWftn0txlVwcNEay8d69XFJD1obZmKO4gxGe4K
+gQ==
+-----END CERTIFICATE-----

tests/serverBrainpoolP256r1ECKey.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHgCAQEEIH0gSdkrNpsObfPorvjAmllMjBXy9x9pnJ8vwmY7s9n/oAsGCSskAwMC
+CAEBB6FEA0IABAJ7rqWzCX/dPvyygGHSay+KSoyatGdA4/mciwqar+GdmwSWTzB9
+l0R3I4/rpCZ+Ri7CemspDWiZSYmZSMn3HEQ=
+-----END EC PRIVATE KEY-----

tests/serverBrainpoolP384r1ECCert.pem

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBvTCCAUSgAwIBAgIUPG1vSTSQmFemI8UU7EhB6tLSDmUwCgYIKoZIzj0EAwIw
+FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIwMTAyMjIxMTAyOFoXDTMwMTAyMDIx
+MTAyOFowFDESMBAGA1UEAwwJbG9jYWxob3N0MHowFAYHKoZIzj0CAQYJKyQDAwII
+AQELA2IABECMinC3tQTHVKMyUu5CPqDeq3VS9EuGuiP+5U6rzDto/eW/av1PGa0i
+hThpbl3YUIQB/670LMBj9LIZE45py5nbGdSTl593j8f8BvMzK0h9gPlqjp+rx297
+u8+C+qZoH6NTMFEwHQYDVR0OBBYEFGrfLfFHE9VToCpWErYcETRg7D8kMB8GA1Ud
+IwQYMBaAFGrfLfFHE9VToCpWErYcETRg7D8kMA8GA1UdEwEB/wQFMAMBAf8wCgYI
+KoZIzj0EAwIDZwAwZAIwNmu55BssK8gA093oUmKl9md2mc90RpEr5jWdxNj7gQJU
+QVumzJ9wVcJKmMah6hTRAjAC3mRQ7/gIdetJDMHRWECKhRhv9x42KdkCZFYR/o03
+q7CXY9Zb0VRk5fn2Prfb2MU=
+-----END CERTIFICATE-----

tests/serverBrainpoolP384r1ECKey.pem

@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGoAgEBBDAYnSS9f9KTYKoFQoxWmVdmAwUOTlK6hcj73SrBeLHq/AtaAMAklNGv
+M/Lf0iTbm8+gCwYJKyQDAwIIAQELoWQDYgAEQIyKcLe1BMdUozJS7kI+oN6rdVL0
+S4a6I/7lTqvMO2j95b9q/U8ZrSKFOGluXdhQhAH/rvQswGP0shkTjmnLmdsZ1JOX
+n3ePx/wG8zMrSH2A+WqOn6vHb3u7z4L6pmgf
+-----END EC PRIVATE KEY-----

tests/serverBrainpoolP512r1ECCert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICAjCCAWagAwIBAgIUFgWkgS+N65P1N20PV1aABz2g62cwCgYIKoZIzj0EAwIw
+FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIwMTAyMjIxMTA1OFoXDTMwMTAyMDIx
+MTA1OFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIGbMBQGByqGSM49AgEGCSskAwMC
+CAEBDQOBggAEeB8B7ZJPBeo2Dn1J5u3IZ6r4SX7256TZRGCdbakwqq/CM8bCRxL2
+aR1lg1CKnV/MzpVkwdRyOw7ArLyDv38PaiU2vLxmpLqftcUPfhQqnDabfB+TLaoJ
+Mzaphp4Ry9sPl6Rne0d+TKYAAIJm2VovcpL8THgeJX4SkXVxUTuU+FGjUzBRMB0G
+A1UdDgQWBBSY5cFYRVDd4uI47QW9EGcztkFgjzAfBgNVHSMEGDAWgBSY5cFYRVDd
+4uI47QW9EGcztkFgjzAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA4GJADCB
+hQJAN7IS6Gff8Sc+tBz5U3EmKmM/epQX8SHiah2qkza+Qli5MblOY9JP7qaDBEiR
+FCxzOXgW+PyyN6nXBNpcCGTNtwJBAKrF0UXRpb7ayHkWZ0DNRYEhGxYtbc/nhwHv
+ODc6CjTi4qDrSoZZNWGU/JADelB48b9E6gW54vcpUFT1WgLbgyo=
+-----END CERTIFICATE-----

tests/serverBrainpoolP512r1ECKey.pem

@@ -0,0 +1,7 @@
+-----BEGIN EC PRIVATE KEY-----
+MIHaAgEBBEAcA+aaUOXU1dX/R0BnzGkLs88hB507uszFBmWussX7HylhsbNTToxW
+F8H5HC5dZEnIKFLQStSpI3z7pcVyaGb4oAsGCSskAwMCCAEBDaGBhQOBggAEeB8B
+7ZJPBeo2Dn1J5u3IZ6r4SX7256TZRGCdbakwqq/CM8bCRxL2aR1lg1CKnV/MzpVk
+wdRyOw7ArLyDv38PaiU2vLxmpLqftcUPfhQqnDabfB+TLaoJMzaphp4Ry9sPl6Rn
+e0d+TKYAAIJm2VovcpL8THgeJX4SkXVxUTuU+FE=
+-----END EC PRIVATE KEY-----

tests/tlstest.py

@@ -303,6 +303,26 @@ def connect():
 
     test_no += 1
 
+    for curve, keySize in (("brainpoolP256r1", 256),
+                           ("brainpoolP384r1", 384),
+                           ("brainpoolP512r1", 512)):
+        print("Test {0} - Two good ECDSA certs - {1}, TLSv1.2".format(test_no, curve))
+        synchro.recv(1)
+        connection = connect()
+        settings = HandshakeSettings()
+        settings.minVersion = (3, 3)
+        settings.maxVersion = (3, 3)
+        settings.eccCurves = [curve]
+        settings.keyShares = []
+        connection.handshakeClientCert(settings=settings)
+        testConnClient(connection)
+        assert isinstance(connection.session.serverCertChain, X509CertChain)
+        assert len(connection.session.serverCertChain.getEndEntityPublicKey()) \
+                == keySize
+        connection.close()
+
+        test_no += 1
+
     print("Test {0} - Two good ECDSA certs - secp256r1, TLSv1.2".format(test_no))
     synchro.recv(1)
     connection = connect()
@@ -1646,6 +1666,28 @@ def connect():
         x509ecdsaP521Key = parsePEMKey(f.read(), private=True,
                                        implementations=["python"])
 
+    with open(os.path.join(dir, "serverBrainpoolP256r1ECCert.pem")) as f:
+        x509CertBrainpoolP256r1ECDSA = X509().parse(f.read())
+    x509ecdsaBrainpoolP256r1Chain = X509CertChain([x509CertBrainpoolP256r1ECDSA])
+    assert x509CertBrainpoolP256r1ECDSA.certAlg == "ecdsa"
+    with open(os.path.join(dir, "serverBrainpoolP256r1ECKey.pem")) as f:
+        x509ecdsaBrainpoolP256r1Key = parsePEMKey(f.read(), private=True,
+                                       implementations=["python"])
+    with open(os.path.join(dir, "serverBrainpoolP384r1ECCert.pem")) as f:
+        x509CertBrainpoolP384r1ECDSA = X509().parse(f.read())
+    x509ecdsaBrainpoolP384r1Chain = X509CertChain([x509CertBrainpoolP384r1ECDSA])
+    assert x509CertBrainpoolP384r1ECDSA.certAlg == "ecdsa"
+    with open(os.path.join(dir, "serverBrainpoolP384r1ECKey.pem")) as f:
+        x509ecdsaBrainpoolP384r1Key = parsePEMKey(f.read(), private=True,
+                                       implementations=["python"])
+    with open(os.path.join(dir, "serverBrainpoolP512r1ECCert.pem")) as f:
+        x509CertBrainpoolP512r1ECDSA = X509().parse(f.read())
+    x509ecdsaBrainpoolP512r1Chain = X509CertChain([x509CertBrainpoolP512r1ECDSA])
+    assert x509CertBrainpoolP512r1ECDSA.certAlg == "ecdsa"
+    with open(os.path.join(dir, "serverBrainpoolP512r1ECKey.pem")) as f:
+        x509ecdsaBrainpoolP512r1Key = parsePEMKey(f.read(), private=True,
+                                       implementations=["python"])
+
     with open(os.path.join(dir, "serverRSANonCACert.pem")) as f:
         x509CertRSANonCA = X509().parse(f.read())
     x509ChainRSANonCA = X509CertChain([x509CertRSANonCA])
@@ -1835,6 +1877,29 @@ def connect():
 
     test_no += 1
 
+    for curve, certChain, key in (("brainpoolP256r1", x509ecdsaBrainpoolP256r1Chain, x509ecdsaBrainpoolP256r1Key),
+                                  ("brainpoolP384r1", x509ecdsaBrainpoolP384r1Chain, x509ecdsaBrainpoolP384r1Key),
+                                  ("brainpoolP512r1", x509ecdsaBrainpoolP512r1Chain, x509ecdsaBrainpoolP512r1Key)):
+        print("Test {0} - Two good ECDSA certs - {1}, TLSv1.2".format(test_no, curve))
+        synchro.send(b'R')
+        connection = connect()
+        settings = HandshakeSettings()
+        settings.minVersion = (3, 3)
+        settings.maxVersion = (3, 3)
+        settings.eccCurves = [curve, "secp256r1"]
+        settings.keyShares = []
+        v_host = VirtualHost()
+        v_host.keys = [Keypair(x509ecdsaKey, x509ecdsaChain.x509List)]
+        settings.virtual_hosts = [v_host]
+        connection.handshakeServer(certChain=certChain,
+                                   privateKey=key, settings=settings)
+        assert connection.extendedMasterSecret
+        assert connection.session.serverCertChain == certChain
+        testConnServer(connection)
+        connection.close()
+
+        test_no += 1
+
     for curve, exp_chain in (("secp256r1", x509ecdsaChain),
                              ("secp384r1", x509ecdsaP384Chain)):
         print("Test {0} - Two good ECDSA certs - {1}, TLSv1.2"

tlslite/handshakesettings.py

@@ -35,7 +35,8 @@
 # so place it as the last one
 CURVE_NAMES = ["x25519", "x448", "secp384r1", "secp256r1",
                "secp521r1"]
-ALL_CURVE_NAMES = CURVE_NAMES + ["secp256k1"]
+ALL_CURVE_NAMES = CURVE_NAMES + ["secp256k1", "brainpoolP512r1",
+                                 "brainpoolP384r1", "brainpoolP256r1"]
 if ecdsaAllCurves:
     ALL_CURVE_NAMES += ["secp224r1", "secp192r1"]
 ALL_DH_GROUP_NAMES = ["ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144",
@@ -45,7 +46,10 @@
                  "secp521r1": ('NIST521p', 'P-521'),
                  "secp256k1": ('SECP256k1',),
                  "secp192r1": ('NIST192p', 'P-192'),
-                 "secp224r1": ('NIST224p', 'P-224')}
+                 "secp224r1": ('NIST224p', 'P-224'),
+                 "brainpoolP256r1": ('BRAINPOOLP256r1',),
+                 "brainpoolP384r1": ('BRAINPOOLP384r1',),
+                 "brainpoolP512r1": ('BRAINPOOLP512r1',)}
 KNOWN_VERSIONS = ((3, 0), (3, 1), (3, 2), (3, 3), (3, 4))
 TICKET_CIPHERS = ["chacha20-poly1305", "aes256gcm", "aes128gcm", "aes128ccm",
                   "aes128ccm_8", "aes256ccm", "aes256ccm_8"]

tlslite/utils/ecc.py

@@ -37,7 +37,10 @@ def getCurveByName(curveName):
     curveMap = {'secp256r1':ecdsa.NIST256p,
                 'secp384r1':ecdsa.NIST384p,
                 'secp521r1':ecdsa.NIST521p,
-                'secp256k1':ecdsa.SECP256k1}
+                'secp256k1':ecdsa.SECP256k1,
+                'brainpoolP256r1': ecdsa.BRAINPOOLP256r1,
+                'brainpoolP384r1': ecdsa.BRAINPOOLP384r1,
+                'brainpoolP512r1': ecdsa.BRAINPOOLP512r1}
     if ecdsaAllCurves:
         curveMap['secp224r1'] = ecdsa.NIST224p
         curveMap['secp192r1'] = ecdsa.NIST192p
@@ -52,7 +55,10 @@ def getPointByteSize(point):
     curveMap = {ecdsa.NIST256p.curve: 256//8,
                 ecdsa.NIST384p.curve: 384//8,
                 ecdsa.NIST521p.curve: (521+7)//8,
-                ecdsa.SECP256k1.curve: 256//8}
+                ecdsa.SECP256k1.curve: 256//8,
+                ecdsa.BRAINPOOLP256r1.curve: 256//8,
+                ecdsa.BRAINPOOLP384r1.curve: 384//8,
+                ecdsa.BRAINPOOLP512r1.curve: 512//8}
     if ecdsaAllCurves:
         curveMap[ecdsa.NIST224p.curve] = 224//8
         curveMap[ecdsa.NIST192p.curve] = 192//8