<div dir="ltr">Hi Uri,<br><div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 27, 2016 at 9:30 AM, Blumenthal, Uri - 0553 - MITLL <span dir="ltr"><<a href="mailto:uri@ll.mit.edu" target="_blank">uri@ll.mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px"><span style="font-family:Calibri,sans-serif"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div><div dir="ltr"><div dir="ltr" style="font-size:12.8px"><div>Let me know if you have any questions about these patches.</div></div></div></div></div></blockquote></span><div style="font-family:Calibri,sans-serif"><br></div><div><font face="Calibri,sans-serif">My only questions at this time (I briefly looked at your patches only, haven’t looked at your engine at all) are: why you needed to add ECDH\generate key() to crypto/ech/ecdh_key.c,</font></div></div></blockquote><div> </div><div>In the TLS-1.2 protocol (sl_srvr.c) the server generates an ephemeral key pair for ECDH and sends the public key in the server key exchange message (see ssl3_send_server_key_exchange(SSL *s) function). It does not use the private key until it gets the client public key in the "ssl3_send_server_key_exchange(SSL *s)". Just then it calls the "ECDH_compute_key()" with the client public key and the server private key generated much earlier. If I do not call this new function then the openssl sends a software-generated ephemeral key to the client. Adding this function was the simplest way to fix the problem. On client everything happens in the same function so it wasn't a problem.<br> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px"><div><font face="Calibri,sans-serif"> and what’s the purpose of enabling </font><font face="Consolas">(*init)(EC_KEY *eckey)</font><font face="Calibri,sans-serif"> and </font><font face="Consolas">(*finish)(EC_KEY *eckey)</font><font face="Calibri,sans-serif"> in crypto/ecdh/ech_locl.h.</font></div></div></blockquote><div> </div><div>I used "ecdh->meth->init(eckey)" in this new "ECDH_generate_key(EC_KEY *eckey)" function to actually generate the ephemeral pair. Probably should call it "generate_key()" instead but again was trying to minimize the impact. "finish()" was in the same package - didn't use it.<br> <br></div><div>Regards,<br></div><div>Alex.<br></div><div>Sorry for delay: take some time to go over the code to remember things :) <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px"><div style="font-family:Calibri,sans-serif"><br></div><div style="font-family:Calibri,sans-serif">Thanks!</div><div style="font-family:Calibri,sans-serif"><br></div><div style="font-family:Calibri,sans-serif"><br></div><span style="font-family:Calibri,sans-serif"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Jan 20, 2016 at 12:49 PM, Douglas E Engert <span dir="ltr">
<<a href="mailto:deengert@gmail.com" target="_blank">deengert@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">When I started to write the ECDSA code for engine_pkcs11 in 2011 the code to support the method hooks was not<br>
in the code. So I used internal OpenSSL header files to copy the ECDSA_METHOD and replace the function needed.
<br>
Look for "BUILD_WITH_ECS_LOCL_H" in libp11. Not until 1.0.2 did OpenSSL support the needed calls to hook ECDSA.<br>
They did not add the hooks for ECDH. <br><br>
If you can't wait then you have to do it your self. *YOU* could do the same thing for ECDH. But your code would only
<br>
be good for 1.0.2 because the whole way of doing EC methods changes in 1.1. <br><br>
I believe Alexander said he had changes to OpenSSL, which is another approach. <br>
He has said there were here: <a href="https://github.com/AtmelCSO/cryptoauth-openssl-engine/tree/master/patches" target="_blank">
https://github.com/AtmelCSO/cryptoauth-openssl-engine/tree/master/patches</a><br><br>
You could also hire someone who could do more then: "test it and offer minor enhancements".<br>
(And not me. I am taking the 1.1 approach to getting ECDH. working in engine.) <br><br><div>On 1/20/2016 2:19 PM, Blumenthal, Uri - 0553 - MITLL wrote:<br></div><blockquote type="cite"><div style="width:100%;font-size:initial;font-family:Calibri,"Slate Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Very possible that I'm missing the point here.</div><div style="width:100%;font-size:initial;font-family:Calibri,"Slate Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="width:100%;font-size:initial;font-family:Calibri,"Slate Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Still, since openssl-1_0_2 does ECDH, and it exposes ECDSA to external engine(s), how difficult would it be to add ECDH exposure? I suspect - a good deal easier than getting 1.1 replace 1.0.x as the de-facto deployment standard.</div><div style="width:100%;font-size:initial;font-family:Calibri,"Slate Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="width:100%;font-size:initial;font-family:Calibri,"Slate Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Plus, by this time there already are (and reasonably common) tokens that support ECDH, other packages that do ECDH, and people (like myself :-) willing to test it and offer minor enhancements.</div><div style="width:100%;font-size:initial;font-family:Calibri,"Slate Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="width:100%;font-size:initial;font-family:Calibri,"Slate Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Another point I seem to be missing - if what's necessary to implement ECDH in an external engine is missing from 1_0_2 - how could Alexander write a (presumably) working ECDH engine for 1_0_2? If he could do it, why can't engine_pkcs11 be extended to do the
same?</div><div style="width:100%;font-size:initial;font-family:Calibri,"Slate Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="font-size:initial;font-family:Calibri,"Slate Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.</div><table style="background-color:white;border-spacing:0px" width="100%"><tbody><tr><td colspan="2" style="font-size:initial;text-align:initial;background-color:rgb(255,255,255)"><div><div><b>From: </b>Douglas E Engert</div><div><b>Sent: </b>Wednesday, January 20, 2016 14:59</div><div><b>To: </b><a href="mailto:openssl-dev@openssl.org" target="_blank">openssl-dev@openssl.org</a></div><div><b>Reply To: </b><a href="mailto:openssl-dev@openssl.org" target="_blank">openssl-dev@openssl.org</a></div><div><b>Subject: </b>Re: [openssl-dev] ECDH engine</div></div></td></tr></tbody></table>
<br><div style="background-color:rgb(255,255,255)">You are missing the point. OpenSSL-1.0.2 only exposed ECDSA, not ECDH to external engines. It took years to even get ECDSA exposed.
<br>
OpenSSL approach to support this is OpenSSL-1.1 that does a lot of other things. But that was there approach. Its their package.<br>
>From working package to distribution always takes several years...<br><br><br><br></div></blockquote></div></blockquote></div><br></div></div></div></div></blockquote></span></div>
<br>_______________________________________________<br>
openssl-dev mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-dev" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-dev</a><br>
<br></blockquote></div><br></div></div></div>