Support explicit EC parameters for Brainpool curves#14905
Support explicit EC parameters for Brainpool curves#14905sfarestam-iproov wants to merge 1 commit into
Conversation
sfarestam-iproov
force-pushed
the
brainpool-explicit-params
branch
from
d11eedf to
04cad16
Compare
ICAO Doc 9303 Part 12 Section 4.1.6.3 mandates that ECDSA keys in ePassport certificates use explicit EC domain parameters. PR pyca#12916 added explicit-to-named-curve mapping for P-256, P-384, and P-521. This extends the same mapping to brainpoolP256r1, brainpoolP384r1, and brainpoolP512r1, which are already supported as named curves. Domain parameters are from RFC 5639 Section 3. Both with-seed and without-seed variants are supported, matching the NIST curve pattern. This enables loading of ePassport CSCA and Document Signer certificates from 30+ countries (Germany, Sweden, Finland, Switzerland, etc.) that use Brainpool curves with explicit parameters per the ICAO standard. Closes pyca#5659 (Brainpool portion)
sfarestam-iproov
force-pushed
the
brainpool-explicit-params
branch
from
04cad16 to
ffdae46
Compare
|
Thanks for the contribution. One major challenge here is that we're actively interested in reducing the set of dependencies we have that keep us on OpenSSL in our wheels (see: https://cryptography.io/en/latest/statements/state-of-openssl/), and forks like aws-lc do not support brainpool. If we accept this patch then we will break all wheel users who rely on it when we switch off OpenSSL for our wheels. aws/aws-lc#2939 might be of interest to you. If aws-lc adds support then that significantly reduces my concern about long-term maintainability of this path. |
|
Thanks for the review and context — I wasn't aware of the AWS-LC wheel migration plans. I want to note that this PR does not add any new public-facing curves. BrainpoolP256r1, BrainpoolP384r1, and BrainpoolP512r1 are already exposed in the library's Python API ( That said, I understand the broader concern about investing in OpenSSL-only code paths. I've added a comment on aws/aws-lc#2939 with the ICAO 9303 ePassport use case, since that issue could use more real-world demand signal to help AWS prioritize. Happy to keep this PR open until the AWS-LC situation clarifies, or if you'd prefer to close it and revisit later, that works too. |
2 participants
Summary
Extend the explicit-to-named-curve mapping (added in #12916) to cover brainpoolP256r1, brainpoolP384r1, and brainpoolP512r1. These curves are already supported as named curves — this PR adds only the
SpecifiedECDomainconstants so that keys encoded with explicit domain parameters are recognized and mapped to the existing named curves.Motivation
ICAO Doc 9303 (the international standard for machine-readable travel documents / ePassports), Part 12, Section 4.1.6.3 states:
The standard further recommends BSI TR-03111 for elliptic curve selection, which includes the Brainpool curves defined in RFC 5639.
Countries including Germany, Sweden, Finland, Switzerland, Austria, Cyprus, Lithuania, Latvia, Brazil, Russia, China, Turkey, and 20+ others issue ePassport CSCA and Document Signer certificates using Brainpool curves with explicit parameters, exactly as the standard mandates. These certificates are available in the publicly downloadable German CSCA Master List (580 certificates from 114 countries) and the Dutch CSCA Master List.
What this PR does
BRAINPOOLP256R1_DOMAIN,BRAINPOOLP384R1_DOMAIN,BRAINPOOLP512R1_DOMAINconstants (and_NO_SEEDvariants) toec_constants.rs, with domain parameters from RFC 5639 Section 3SpecifiedCurvebranch ofec_params_to_groupinec.rs, gated behind#[cfg(not(any(CRYPTOGRAPHY_IS_BORINGSSL, CRYPTOGRAPHY_IS_AWSLC)))](same as the existing named-curve Brainpool entries)openssl ecparam -name <curve> -param_enc explicit [-no_seed] -genkeytest_load_private_key_explicit_parametersandtest_load_public_key_explicit_parametersparametrized testsWhat this PR does NOT do
References