<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<span style="font-family:Calibri,sans-serif">I said in the note
below: "(And not me. I am taking the 1.1 approach to getting ECDH.
working in engine.) "<br>
<br>
Now that OpenSC's libp11 and engine_pkcs11 have code committed for
use with OpenSSL-1.1-pre2 to use ECDH,<br>
I created patches for libp11 and engine_pkcs11 to use 1.0.2. This
requires libp11 to be compiled with crypto/ecdh/ech_locl.h<br>
to gain access to the hidden ecdh_meth_st. This is only for
OpenSSL-1.0.2, and does not require any changes to OpenSSL.<br>
This is more of a hack, and intended for anyone who can't wait for
1.1, and I don't see this being added to the libp11,<br>
<br>
Pointers to the patches can be found:<br>
<br>
<a class="moz-txt-link-freetext" href="https://github.com/OpenSC/libp11/issues/49">https://github.com/OpenSC/libp11/issues/49</a><br>
<br>
Comments welcome.<br>
<br>
(This does not address the issue </span><span
style="font-family:Calibri,sans-serif"> Alexander has with using
</span><span style="font-family:Calibri,sans-serif">software-generated
ephemeral keys.)<br>
</span><br>
<div class="moz-cite-prefix">On 1/27/2016 9:54 PM, Alexander Gostrer
wrote:<br>
</div>
<blockquote
cite="mid:CAMv_ppu3vOvr1sZ864Q8jGBm9i-=Te5zodhFX6wnURO6970X4Q@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Uri,<br>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Jan 27, 2016 at 9:30 AM,
Blumenthal, Uri - 0553 - MITLL <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:uri@ll.mit.edu"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:uri@ll.mit.edu">uri@ll.mit.edu</a></a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div
style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px"><span
style="font-family:Calibri,sans-serif">
<blockquote style="BORDER-LEFT:#b5c4df 5
solid;PADDING:0 0 0 5;MARGIN:0 0 0 5">
<div>
<div>
<div dir="ltr">
<div dir="ltr" style="font-size:12.8px">
<div>Let me know if you have any questions
about these patches.</div>
</div>
</div>
</div>
</div>
</blockquote>
</span>
<div style="font-family:Calibri,sans-serif"><br>
</div>
<div><font face="Calibri,sans-serif">My only questions
at this time (I briefly looked at your patches
only, haven’t looked at your engine at all) are:
why you needed to add ECDH\generate key() to
crypto/ech/ecdh_key.c,</font></div>
</div>
</blockquote>
<div> </div>
<div>In the TLS-1.2 protocol (sl_srvr.c) the server
generates an ephemeral key pair for ECDH and sends the
public key in the server key exchange message (see
ssl3_send_server_key_exchange(SSL *s) function). It does
not use the private key until it gets the client public
key in the "ssl3_send_server_key_exchange(SSL *s)". Just
then it calls the "ECDH_compute_key()" with the client
public key and the server private key generated much
earlier. If I do not call this new function then the
openssl sends a software-generated ephemeral key to the
client. Adding this function was the simplest way to fix
the problem. On client everything happens in the same
function so it wasn't a problem.<br>
<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div
style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px">
<div><font face="Calibri,sans-serif"> and what’s the
purpose of enabling </font><font face="Consolas">(*init)(EC_KEY
*eckey)</font><font face="Calibri,sans-serif"> and
</font><font face="Consolas">(*finish)(EC_KEY
*eckey)</font><font face="Calibri,sans-serif"> in
crypto/ecdh/ech_locl.h.</font></div>
</div>
</blockquote>
<div> </div>
<div>I used "ecdh->meth->init(eckey)" in this new
"ECDH_generate_key(EC_KEY *eckey)" function to actually
generate the ephemeral pair. Probably should call it
"generate_key()" instead but again was trying to
minimize the impact. "finish()" was in the same package
- didn't use it.<br>
<br>
</div>
<div>Regards,<br>
</div>
<div>Alex.<br>
</div>
<div>Sorry for delay: take some time to go over the code
to remember things :) <br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div
style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px">
<div style="font-family:Calibri,sans-serif"><br>
</div>
<div style="font-family:Calibri,sans-serif">Thanks!</div>
<div style="font-family:Calibri,sans-serif"><br>
</div>
<div style="font-family:Calibri,sans-serif"><br>
</div>
<span style="font-family:Calibri,sans-serif">
<blockquote style="BORDER-LEFT:#b5c4df 5
solid;PADDING:0 0 0 5;MARGIN:0 0 0 5">
<div>
<div>
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">On Wed, Jan 20,
2016 at 12:49 PM, Douglas E Engert <span
dir="ltr">
<<a moz-do-not-send="true"
href="mailto:deengert@gmail.com"
target="_blank">deengert@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">When
I started to write the ECDSA code
for engine_pkcs11 in 2011 the code
to support the method hooks was not<br>
in the code. So I used internal
OpenSSL header files to copy the
ECDSA_METHOD and replace the
function needed.
<br>
Look for "BUILD_WITH_ECS_LOCL_H" in
libp11. Not until 1.0.2 did OpenSSL
support the needed calls to hook
ECDSA.<br>
They did not add the hooks for ECDH.
<br>
<br>
If you can't wait then you have to
do it your self. *YOU* could do the
same thing for ECDH. But your code
would only
<br>
be good for 1.0.2 because the whole
way of doing EC methods changes in
1.1. <br>
<br>
I believe Alexander said he had
changes to OpenSSL, which is another
approach. <br>
He has said there were here: <a
moz-do-not-send="true"
href="https://github.com/AtmelCSO/cryptoauth-openssl-engine/tree/master/patches"
target="_blank">
<a class="moz-txt-link-freetext" href="https://github.com/AtmelCSO/cryptoauth-openssl-engine/tree/master/patches">https://github.com/AtmelCSO/cryptoauth-openssl-engine/tree/master/patches</a></a><br>
<br>
You could also hire someone who
could do more then: "test it and
offer minor enhancements".<br>
(And not me. I am taking the 1.1
approach to getting ECDH. working in
engine.) <br>
<br>
<div>On 1/20/2016 2:19 PM,
Blumenthal, Uri - 0553 - MITLL
wrote:<br>
</div>
<blockquote type="cite">
<div
style="width:100%;font-size:initial;font-family:Calibri,"Slate
Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Very possible that I'm missing
the point here.</div>
<div
style="width:100%;font-size:initial;font-family:Calibri,"Slate
Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br>
</div>
<div
style="width:100%;font-size:initial;font-family:Calibri,"Slate
Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Still, since openssl-1_0_2 does
ECDH, and it exposes ECDSA to
external engine(s), how
difficult would it be to add
ECDH exposure? I suspect - a
good deal easier than getting
1.1 replace 1.0.x as the
de-facto deployment standard.</div>
<div
style="width:100%;font-size:initial;font-family:Calibri,"Slate
Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br>
</div>
<div
style="width:100%;font-size:initial;font-family:Calibri,"Slate
Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Plus, by this time there already
are (and reasonably common)
tokens that support ECDH, other
packages that do ECDH, and
people (like myself :-) willing
to test it and offer minor
enhancements.</div>
<div
style="width:100%;font-size:initial;font-family:Calibri,"Slate
Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br>
</div>
<div
style="width:100%;font-size:initial;font-family:Calibri,"Slate
Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Another point I seem to be
missing - if what's necessary to
implement ECDH in an external
engine is missing from 1_0_2 -
how could Alexander write a
(presumably) working ECDH engine
for 1_0_2? If he could do it,
why can't engine_pkcs11 be
extended to do the same?</div>
<div
style="width:100%;font-size:initial;font-family:Calibri,"Slate
Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br>
</div>
<div
style="font-size:initial;font-family:Calibri,"Slate
Pro",sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.</div>
<table
style="background-color:white;border-spacing:0px"
width="100%">
<tbody>
<tr>
<td colspan="2"
style="font-size:initial;text-align:initial;background-color:rgb(255,255,255)">
<div>
<div><b>From: </b>Douglas
E Engert</div>
<div><b>Sent: </b>Wednesday,
January 20, 2016 14:59</div>
<div><b>To: </b><a
moz-do-not-send="true"
href="mailto:openssl-dev@openssl.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:openssl-dev@openssl.org">openssl-dev@openssl.org</a></a></div>
<div><b>Reply To: </b><a
moz-do-not-send="true" href="mailto:openssl-dev@openssl.org"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:openssl-dev@openssl.org">openssl-dev@openssl.org</a></a></div>
<div><b>Subject: </b>Re:
[openssl-dev] ECDH
engine</div>
</div>
</td>
</tr>
</tbody>
</table>
<br>
<div
style="background-color:rgb(255,255,255)">You
are missing the point.
OpenSSL-1.0.2 only exposed
ECDSA, not ECDH to external
engines. It took years to even
get ECDSA exposed.
<br>
OpenSSL approach to support this
is OpenSSL-1.1 that does a lot
of other things. But that was
there approach. Its their
package.<br>
>From working package to
distribution always takes
several years...<br>
<br>
<br>
<br>
</div>
</blockquote>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</blockquote>
</span></div>
<br>
_______________________________________________<br>
openssl-dev mailing list<br>
To unsubscribe: <a moz-do-not-send="true"
href="https://mta.openssl.org/mailman/listinfo/openssl-dev"
rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-dev</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
openssl-dev mailing list
To unsubscribe: <a class="moz-txt-link-freetext" href="https://mta.openssl.org/mailman/listinfo/openssl-dev">https://mta.openssl.org/mailman/listinfo/openssl-dev</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="200">--
Douglas E. Engert <a class="moz-txt-link-rfc2396E" href="mailto:DEEngert@gmail.com"><DEEngert@gmail.com></a>
</pre>
</body>
</html>