Re: [openssl-dev] ECDH engine

[Douglas E Engert]

I said in the note below: "(And not me. I am taking the 1.1 approach to getting ECDH. working in engine.) " Now that OpenSC's libp11 and engine_pkcs11 have code committed for use with OpenSSL-1.1-pre2 to use ECDH, I created patches for libp11 and engine_pkcs11 to use 1.0.2. This requires libp11 to be compiled with crypto/ecdh/ech_locl.h to gain access to the hidden ecdh_meth_st. This is only for OpenSSL-1.0.2, and does not require any changes to OpenSSL. This is more of a hack, and intended for anyone who can't wait for 1.1, and I don't see this being added to the libp11, Pointers to the patches can be found:  https://github.com/OpenSC/libp11/issues/49 Comments welcome. (This does not address the issue  Alexander has with  using software-generated ephemeral keys.) On 1/27/2016 9:54 PM, Alexander Gostrer wrote: Hi Uri, On Wed, Jan 27, 2016 at 9:30 AM, Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu> wrote: Let me know if you have any questions about these patches. My only questions at this time (I briefly looked at your patches only, haven’t looked at your engine at all) are: why you needed to add ECDH\generate key() to crypto/ech/ecdh_key.c,   In the TLS-1.2 protocol (sl_srvr.c) the server generates an ephemeral key pair for ECDH and sends the public key in the server key exchange message (see ssl3_send_server_key_exchange(SSL *s) function). It does not use the private key until it gets the client public key in the "ssl3_send_server_key_exchange(SSL *s)". Just then it calls the "ECDH_compute_key()" with the client public key and the server private key generated much earlier. If I do not call this new function then the openssl sends a software-generated ephemeral key to the client. Adding this function was the simplest way to fix the problem. On client everything happens in the same function so it wasn't a problem.   and what’s the purpose of enabling (*init)(EC_KEY *eckey) and (*finish)(EC_KEY *eckey) in crypto/ecdh/ech_locl.h.   I used "ecdh->meth->init(eckey)" in this new "ECDH_generate_key(EC_KEY *eckey)" function to actually generate the ephemeral pair. Probably should call it "generate_key()" instead but again was trying to minimize the impact. "finish()" was in the same package - didn't use it.   Regards, Alex. Sorry for delay: take some time to go over the code to remember things :) Thanks! On Wed, Jan 20, 2016 at 12:49 PM, Douglas E Engert <deeng...@gmail.com> wrote: When I started to write the ECDSA code for engine_pkcs11  in 2011 the code to support the method hooks was not in the code. So I used internal OpenSSL header files to copy the ECDSA_METHOD  and replace the function needed. Look for "BUILD_WITH_ECS_LOCL_H" in libp11.  Not until 1.0.2 did OpenSSL support the needed calls to hook ECDSA. They did not add the hooks for ECDH. If you can't wait then you have to do it your self.  *YOU* could do the same thing for ECDH. But your code would only be good for 1.0.2 because the whole way of doing EC methods changes in 1.1. I believe Alexander said he had changes to OpenSSL, which is another approach. He has said there were here: https://github.com/AtmelCSO/cryptoauth-openssl-engine/tree/master/patches You could also hire someone who could do more then: "test it and offer minor enhancements". (And not me. I am taking the 1.1 approach to getting ECDH. working in engine.) On 1/20/2016 2:19 PM, Blumenthal, Uri - 0553 - MITLL wrote: Very possible that I'm missing the point here. Still, since openssl-1_0_2 does ECDH, and it exposes ‎ECDSA to external engine(s), how difficult would it be to add ECDH exposure? I suspect - a good deal easier than getting 1.1 replace 1.0.x as the de-facto deployment standard. Plus, by this time there already are (and reasonably common) tokens that support ECDH, other packages that do ECDH, and people (like myself :-) willing to test it and offer minor enhancements. Another point I seem to be missing - if what's necessary to implement ECDH in an external engine is missing from 1_0_2 - how could ‎Alexander write a (presumably) working ECDH engine for 1_0_2? If he could do it,  why can't engine_pkcs11 be extended to do the same? Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. From: Douglas E Engert Sent: Wednesday, January 20, 2016 14:59 To: openssl-dev@openssl.org‎ Reply To: openssl-dev@openssl.org Subject: Re: [openssl-dev] ECDH engine ‎ You are missing the point. OpenSSL-1.0.2 only exposed ECDSA, not ECDH to external engines.  It took years to even get ECDSA exposed. OpenSSL approach to support this is OpenSSL-1.1  that does a lot of other things. But that was there approach. Its their package. >From working package to distribution always takes several years... _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -- Douglas E. Engert <deeng...@gmail.com>

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev