diff --git a/nassl/ephemeral_key_info.py b/nassl/ephemeral_key_info.py index 7da5673..41725c4 100644 --- a/nassl/ephemeral_key_info.py +++ b/nassl/ephemeral_key_info.py @@ -52,6 +52,22 @@ class OpenSslEcNidEnum(IntEnum): X25519 = 1034 X448 = 1035 + # Brainpool + brainpoolP160r1 = 921 + brainpoolP160t1 = 922 + brainpoolP192r1 = 923 + brainpoolP192t1 = 924 + brainpoolP224r1 = 925 + brainpoolP224t1 = 926 + brainpoolP256r1 = 927 + brainpoolP256t1 = 928 + brainpoolP320r1 = 929 + brainpoolP320t1 = 930 + brainpoolP384r1 = 931 + brainpoolP384t1 = 932 + brainpoolP512r1 = 933 + brainpoolP512t1 = 934 + # Mapping between OpenSSL EVP_PKEY_XXX value and display name _OPENSSL_EVP_PKEY_TO_NAME_MAPPING: Dict[OpenSslEvpPkeyEnum, str] = { @@ -62,26 +78,6 @@ class OpenSslEcNidEnum(IntEnum): } -# Mapping between the OpenSSL NID_XXX value and NIST name defined in https://tools.ietf.org/html/rfc4492 -_OPENSSL_NID_TO_NIST_MAPPING: Dict[OpenSslEcNidEnum, str] = { - OpenSslEcNidEnum.SECT163R2: "B-163", - OpenSslEcNidEnum.SECT233R1: "B-233", - OpenSslEcNidEnum.SECT283R1: "B-283", - OpenSslEcNidEnum.SECT409R1: "B-409", - OpenSslEcNidEnum.SECT571R1: "B-571", - OpenSslEcNidEnum.SECT163K1: "K-163", - OpenSslEcNidEnum.SECT233K1: "K-233", - OpenSslEcNidEnum.SECT283K1: "K-283", - OpenSslEcNidEnum.SECT409K1: "K-409", - OpenSslEcNidEnum.SECT571K1: "K-571", - OpenSslEcNidEnum.PRIME192V1: "P-192", - OpenSslEcNidEnum.SECP224R1: "P-224", - OpenSslEcNidEnum.PRIME256V1: "P-256", - OpenSslEcNidEnum.SECP384R1: "P-384", - OpenSslEcNidEnum.SECP521R1: "P-521", -} - - # Mapping between the OpenSSL NID_XXX value and the SECG or ANSI X9.62 name (https://tools.ietf.org/html/rfc4492) # Where a ANSI X9.62 name is available, this is used in preference to the SECG # X25519 and X448 also included from https://tools.ietf.org/html/rfc8422 @@ -113,6 +109,20 @@ class OpenSslEcNidEnum(IntEnum): OpenSslEcNidEnum.SECP521R1: "secp521r1", OpenSslEcNidEnum.X25519: "X25519", OpenSslEcNidEnum.X448: "X448", + OpenSslEcNidEnum.brainpoolP160r1: "brainpoolP160r1", + OpenSslEcNidEnum.brainpoolP160t1: "brainpoolP160t1", + OpenSslEcNidEnum.brainpoolP192r1: "brainpoolP192r1", + OpenSslEcNidEnum.brainpoolP192t1: "brainpoolP192t1", + OpenSslEcNidEnum.brainpoolP224r1: "brainpoolP224r1", + OpenSslEcNidEnum.brainpoolP224t1: "brainpoolP224t1", + OpenSslEcNidEnum.brainpoolP256r1: "brainpoolP256r1", + OpenSslEcNidEnum.brainpoolP256t1: "brainpoolP256t1", + OpenSslEcNidEnum.brainpoolP320r1: "brainpoolP320r1", + OpenSslEcNidEnum.brainpoolP320t1: "brainpoolP320t1", + OpenSslEcNidEnum.brainpoolP384r1: "brainpoolP384r1", + OpenSslEcNidEnum.brainpoolP384t1: "brainpoolP384t1", + OpenSslEcNidEnum.brainpoolP512r1: "brainpoolP512r1", + OpenSslEcNidEnum.brainpoolP512t1: "brainpoolP512t1", } @@ -137,8 +147,13 @@ class EcDhEphemeralKeyInfo(EphemeralKeyInfo): def __post_init__(self) -> None: super().__post_init__() + try: + curve_name = _OPENSSL_NID_TO_SECG_ANSI_X9_62[self.curve] + except KeyError: + curve_name = f"unknown-curve-with-id-{self.curve.value}" + # Required because of frozen=True; https://docs.python.org/3/library/dataclasses.html#frozen-instances - object.__setattr__(self, "curve_name", _OPENSSL_NID_TO_SECG_ANSI_X9_62[self.curve]) + object.__setattr__(self, "curve_name", curve_name) @dataclass(frozen=True)