JDK-7007966 : Add Brainpool ECC support (RFC 5639)
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 7
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: linux_ubuntu
  • CPU: x86
  • Submitted: 2010-12-20
  • Updated: 2022-12-14
  • Resolved: 2018-06-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 12
11 b20Fixed 12Fixed
Related Reports
Blocks :  
JDK-8189594 - Error in optimized ECC field arithmetic
CSR :  
JDK-8204836 - Add Brainpool ECC support (RFC 5639)
Duplicate :  
JDK-8189594 - Error in optimized ECC field arithmetic
Relates :  
JDK-8080704 - Support the retrieval of standard names for EC parameters
Relates :  
JDK-8201290 - keytool importcert fails with CertificateParsingException if unknown certificate algorithms should be imported
Relates :  
JDK-8298721 - Elliptic Curve Cryptography (ECC) Brainpool curves
Sub Tasks
JDK-8208580 :  
Release Note: Added Brainpool EC Support (RFC 5639) - Closed
Description
This ticket was opened a long time ago. Since then, Brainpool NamedCurve entries have been added, but there is still no support for Brainpool curves in the SunEC implementation. This ticket will be left open to track the remaining effort of implementing Brainpool in SunEC. The original description is below. 

----------------------------------------------------------------------------------------

A DESCRIPTION OF THE REQUEST :
OpenJDK doesn't have NamedCurves for the Brainpool elliptic curves[1].

[1] http://tools.ietf.org/html/rfc5639


JUSTIFICATION :
Brainpool curves have some advantages over other curves (see the RFC) and are being used in many ePassport deployments in Europe.


CUSTOMER SUBMITTED WORKAROUND :
I've made a patch that works with JDK6 and JDK7.  I've only done some basic manual testing of it because the test for sun.security.ec is currently broken in JDK7.

https://gist.github.com/740601
Comments
URL: http://hg.openjdk.java.net/jdk/jdk/rev/ed322b4cfe49 User: valeriep Date: 2018-06-22 23:18:59 +0000
22-06-2018
7007966: Add Brainpool ECC support (RFC 5639) Summary: Enhance SunEC provider with the support of brainpool256/320/384/512r1 curves Reviewed-by: valeriep Contributed-by: Tobias Wagner <tobias.wagner@n-design.de>
25-05-2018
Related discussion on security-dev: http://mail.openjdk.java.net/pipermail/security-dev/2015-September/012809.html
23-09-2015
> From: Mike Kushner <mike.kushner@primekey.se> > Date: 27 August 2014 15:27:51 IST > To: "Rory O'Donnell" <rory.odonnell@oracle.com> > Subject: Re: Testing EJBCA with JDK 8 EA Builds > > Hi Rory, > > BrainPool: > RFE: http://bugs.java.com/bugdatabase/view_bug.do?bug_id=7007966 > openjdk mailing list discussion: http://www.mail-archive.com/security-dev@openjdk.java.net/msg02537.html > Our issue (with patch): https://jira.primekey.se/browse/ECA-2012 > > RSA-PSS: > RFE: http://bugs.java.com/bugdatabase/view_bug.do?bug_id=7018515 > Our issues: https://jira.primekey.se/browse/ECA-2013 and https://jira.primekey.se/browse/ECA-2014 > > If you want, I can also send our current JDK patches to you. > > -mike
03-09-2014
SUGGESTED FIX See attached patches from OpenJDK bugzilla.
23-07-2012
EVALUATION There may be patent issues. From RFC 5639: 6. Intellectual Property Rights The authors have no knowledge about any intellectual property rights that cover the usage of the domain parameters defined herein. However, readers should be aware that implementations based on these domain parameters may require use of inventions covered by patent rights.
24-12-2010