<html><head></head><body style="background-color: rgb(255, 255, 255); line-height: initial;"> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">What is this Atmel x508x? Is it a chip? Is it a token/smartcard? Is it accessible via PKCS#11 at all? Is it accessible by/via OpenSC?</div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">I am trying to figure why such a generic and useful set of ECC operations (Sign, Derive) is implementation-limited to one single <whatever>. </div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">A much better solution to me would be adding EC-DERIVE to engine_pkcs11, and automatically get all the tokens covered.</div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">Since I'm probably missing something, could you please educate me?</div> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br></div> <div style="display:none"></div> <div style="font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.</div> <table width="100%" style="background-color:white;border-spacing:0px;"> <tbody><tr><td colspan="2" style="font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <div style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0in 0in; font-family: Tahoma, 'BB Alpha Sans', 'Slate Pro'; font-size: 10pt;"> <div><b>From: </b>Alexander Gostrer</div><div><b>Sent: </b>Wednesday, January 20, 2016 10:47</div><div><b>To: </b>Dr. Stephen Henson</div><div><b>Reply To: </b>openssl-dev@openssl.org</div><div><b>Cc: </b>openssl-dev@openssl.org</div><div><b>Subject: </b>Re: [openssl-dev] ECDH engine</div></div></td></tr></tbody></table><div style="border-style: solid none none; border-top-color: rgb(186, 188, 209); border-top-width: 1pt; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div><br><div id="_originalContent" style="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div dir="ltr">
<div>
<div>
<div>
<div>Hi Steve,<br>
</div>
And here is the ENGINE implementation for Atmel ATECC508A with few small patches to OpenSSL_1_0_2-stable:<br>
<a href="https://github.com/AtmelCSO/cryptoauth-openssl-engine" target="_BLANK">https://github.com/AtmelCSO/cryptoauth-openssl-engine</a><br>
<br>
</div>
Your comments are welcome.<br>
<br>
</div>
Regards,<br>
</div>
Alex.<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Dec 19, 2015 at 12:49 PM, Dr. Stephen Henson <span dir="ltr">
<<a href="mailto:steve@openssl.org">steve@openssl.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
On Fri, Dec 18, 2015, Alexander Gostrer wrote:<br>
<br>
> Hi Steve,<br>
><br>
> John and I completed writing an ECDH engine based on the<br>
> OpenSSL_1_0_2-stable branch. We were planning to expand it to the master<br>
> but found some major changes made by you recently. What is the status of<br>
> this task? Is it stable enough to follow it? Are you planning another<br>
> changes? Is there a design document that we can use in our work?<br>
><br>
<br>
The version in master shouldn't change much any more. Documentation will be<br>
available in the near future. The changes were meant to remove some of the<br>
weird "quirks" of ECC compared to other algortihms and to permit future<br>
expansion to a wider range of curves.<br>
<br>
In the meantime it shouldn't be too hard to follow how the new code works.<br>
Instead of separate ECDH/ECDSA methods with weird locking and ex_data and<br>
minimal ENGINE support everything is combined into a single EC_KEY_METHOD<br>
which can contain ECDSA, ECDH and key generation (something which was<br>
impossible with the old code) and be tied directly to an ENGINE.<br>
<br>
Most of the primary APIs such as ECDH_compute_key can be redirected directly<br>
through an engine supplied function in EC_KEY_METHOD.<br>
<br>
Having said that the code is very new and may have the odd bug that needs to<br>
be fixed. If you have any problems let me know and I'll look into them.<br>
<br>
Steve.<br>
--<br>
Dr Stephen N. Henson. OpenSSL project core developer.<br>
Commercial tech support now available see: <a href="http://www.openssl.org" rel="noreferrer" target="_BLANK">
http://www.openssl.org</a><br>
</blockquote>
</div>
<br>
</div>
</div>
<br><!--end of _originalContent --></div></body></html>