botan icon indicating copy to clipboard operation
botan copied to clipboard
verified publisher icon randombit

TLS `SignatureScheme` lacks support for Brainpool

Open reneme opened this issue 2 years ago • 2 comments

Currently, the enum TLS::Signature_Scheme::Code does not contain code points for brainpool signatures RFC 8734 (0x081A-0x081C). Instead, the implementation accepts the usage of Brainpool keys with the code points for ECDSA_SHAxxx (0x0403, 0x0503, 0x0603).

As defined in RFC 8446 Section 4.2.3, the code points 0x0*03 are meant for the NIST curves exclusively. Instead, we should introduce the brainpool-specific code points from RFC 8734 and fix the validation code that ensures proper association.

See also:

  • TLS::Signature_Scheme::is_suitable_for(Private_Key)
  • Handshake_State::parse_sig_format() (TLS 1.2)
  • Certificate_Verify_13::choose_signature_scheme()

reneme avatar Nov 17 '23 14:11 reneme

What is the current status of this? Are there any plans to support brainpool in TLS 1.3 or got it already implemented?

ko-maren avatar Nov 14 '24 08:11 ko-maren

As it stands, there is support for the actual brainpool signatures, but the integration in TLS isn't fully functional. Similarly, for the key exchange, there's a pull request that has also stalled unfortunately: https://github.com/randombit/botan/pull/3810

If there's an interest in using brainpool in TLS, we should look into how to pick up this work again.

reneme avatar Nov 14 '24 10:11 reneme