Bug 2184411

Summary: Brainpool support in crypto policies
Product: [Fedora] Fedora Reporter: Sahana Prasad <shebburn>
Component: crypto-policiesAssignee: Alexander Sosedkin <asosedki>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: asosedki, cllang, crypto-team, dbelyavs, luk.claes, rrelyea, tm
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: crypto-policies-20230420-1.git3d08ae7.fc39 Doc Type: Enhancement
Doc Text:
Feature: Brainpool ECC curves support Reason: Result:
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-04-21 08:44:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sahana Prasad 2023-04-04 15:15:04 UTC 
Description of problem:

Brainpool (long curves only) support for ECC is now enabled in Fedora
Bug reference: https://bugzilla.redhat.com/show_bug.cgi?id=2141672
However, we don't want to allow brainpool curves in TLS by default.
We want it to be enabled via crypto-policies only.


Version-Release number of selected component (if applicable):
rawhide

Actual results:
No config option to enable brainpool curves in TLS via crypto-policies

Expected results:
Config option to enable brainpool curves in TLS via crypto-policies
Comment 1 Alexander Sosedkin 2023-04-04 15:46:37 UTC 
What's the openssl config knob for enabling and disabling brainpool usage in TLS?
Comment 2 Dmitry Belyavskiy 2023-04-04 16:01:05 UTC 
Groups and SignatureAlgorithms, I think

https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html
Comment 3 Alexander Sosedkin 2023-04-13 13:49:41 UTC 
I've started implementing this request in https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/130, to the best of my understanding.
Unfortunately, said understanding is rather limited.

What I'm fairly sure of:
1. We need to start controlling the `Groups =` directive from crypto-policies
2. and bind `Groups = brainpoolP???r1` to `group = BRAINPOOL-P???R1` in crypto-policies

What I'm not sure of at all, but implemented just in case:

3. also bound `brainpoolP???r1_tls13` to it - will we need this one as well when TLS 1.3 brainpool support reaches us?
4. and added `SignatureAlgorithms = ecdsa_brainpoolP???r1_sha???` bound to `ECDSA-BRAINPOOL-P???R1-SHA2-???` - is that needed?


Help from OpenSSL-knowlegeable folks will be greatly appreciated.
Comment 4 Alexander Sosedkin 2023-04-20 12:16:26 UTC 
Turns out it'll need re-doing.
brainpoolP???r1_tls13 and ecdsa_brainpoolP???r1_sha??? aren't really recognized by OpenSSL.

What's worse, OpenSSL doesn't just ignore invalid values (which'd be sane)
or entire directives referring to them (which'd be unfortunate and fragile, but livable with),
but instead ignores entire parts of config upon encountering ones.
https://github.com/openssl/openssl/issues/20789 has been filed upstream.