adds support for brainpoolP256r1 #646
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
|
Thank you. |
Spomky
reviewed
Dec 18, 2025
Member
Spomky
left a comment
Spomky
left a comment
There was a problem hiding this comment.
Hi @robertboeser,
Please fix the issues I spotted.
Also, would you mind adding some tests to confirm:
- BP-256 key creation
- PEM import/export to check the OID
- OpenSSL compatibility
Many thanks.
Regards.
| { | ||
| $der = match ($jwk->get('crv')) { | ||
| 'P-256' => self::p256PublicKey(), | ||
| 'BP-256' => self::p256PublicKey(), |
Member
There was a problem hiding this comment.
This is not correct as the OID is different for BP public keys
Member
There was a problem hiding this comment.
Should be as follows:
private static function bp256PublicKey(): string
{
return pack(
'H*',
'305a' // SEQUENCE, length 90
. '3014' // SEQUENCE, length 20
. '0607' // OID, length 7
. '2a8648ce3d0201' // 1.2.840.10045.2.1 = EC Public Key
. '0609' // OID, length 9
. '2b2403030208010107' // 1.3.36.3.3.2.8.1.1.7 = brainpoolP256r1
. '0342' // BIT STRING, length 66
. '00' // prepend with NUL
);
}| { | ||
| $der = match ($jwk->get('crv')) { | ||
| 'P-256' => self::p256PrivateKey($jwk), | ||
| 'BP-256' => self::p256PrivateKey($jwk), |
Member
There was a problem hiding this comment.
Same here. The OID is different for BP private keys
Member
There was a problem hiding this comment.
Should be as follows:
private static function bp256PrivateKey(JWK $jwk): string
{
$d = $jwk->get('d');
if (!is_string($d)) {
throw new InvalidArgumentException('Unable to get the private key');
}
$d = unpack('H*', str_pad(Base64UrlSafe::decodeNoPadding($d), 32, "\0", STR_PAD_LEFT));
if (!is_array($d) || !isset($d[1])) {
throw new InvalidArgumentException('Unable to get the private key');
}
return pack(
'H*',
'3078' // SEQUENCE, length 120
. '020101' // INTEGER, 1
. '0420' // OCTET STRING, length 32
. $d[1]
. 'a00b' // TAGGED OBJECT #0, length 11
. '0609' // OID, length 9
. '2b2403030208010107' // 1.3.36.3.3.2.8.1.1.7
. 'a144' // TAGGED OBJECT #1, length 68
. '0342' // BIT STRING, length 66
. '00'
);
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Target branch: 4.2.x
Includes:
I needed support for the brainpool curve, so I added support for it. Maybe it is useful for somebody else, too.