<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><div><div>Yea, my nice email server decided that it needed to re-send that piece. ;)</div><div><br></div><div>But there have been changes since our conversation in January. I’d greatly appreciate if you could take a look at the current Github master of openssl/libp11 (it now has subsumed engine_pkcs11, and integrated ECDH support) and check if it alleviates the need for your ECDH engine.</div><div><br></div><div><br></div><div><div>-- </div><div><div style="font-size: medium;">Regards,</div><div style="font-size: medium;">Uri Blumenthal</div></div></div></div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> openssl-dev <<a href="mailto:openssl-dev-bounces@openssl.org">openssl-dev-bounces@openssl.org</a>> on behalf of Alexander Gostrer <<a href="mailto:agostrer@gmail.com">agostrer@gmail.com</a>><br><span style="font-weight:bold">Reply-To: </span> openssl-dev <<a href="mailto:openssl-dev@openssl.org">openssl-dev@openssl.org</a>><br><span style="font-weight:bold">Date: </span> Wednesday, February 17, 2016 at 11:32 <br><span style="font-weight:bold">To: </span> openssl-dev <<a href="mailto:openssl-dev@openssl.org">openssl-dev@openssl.org</a>><br><span style="font-weight:bold">Subject: </span> Re: [openssl-dev] ECDH engine<br></div><div><br></div><blockquote id="MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style="BORDER-LEFT: #b5c4df 5 solid; PADDING:0 0 0 5; MARGIN:0 0 0 5;"><div><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><div><div dir="ltr">Hi Uri,<br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 27, 2016 at 9:25 AM, Blumenthal, Uri - 0553 - MITLL
<span dir="ltr"><<a href="mailto:uri@ll.mit.edu" target="_blank">uri@ll.mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><span style="color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div bgcolor="#FFFFFF" text="#000000">When I started to write the ECDSA code for engine_pkcs11 in 2011 the code to support the method hooks was not<br>
in the code. So I used internal OpenSSL header files to copy the ECDSA_METHOD and replace the function needed.
<br>
Look for "BUILD_WITH_ECS_LOCL_H" in libp11. Not until 1.0.2 did OpenSSL support the needed calls to hook ECDSA.<br>
They did not add the hooks for ECDH. </div></div></blockquote></span><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">I am missing one thing here. Hopefully you can help me understanding it.</div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">OpenSSL-1.0.2 currently supports ECDH, as I observe by running</div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(41,249,20);background-color:rgb(0,0,0)">
openssl pkeyutl -derive -inkey /tmp/derive.29494.priv.pem -peerkey /tmp/derive.29494.token.pub.pem -out /tmp/derive.29494.shared1</p></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">So clearly there is working code available inside OpenSSL that does what is needed. The only issue then is to add code to libp11 to access that code. </div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">Am I correct? If not, could you please point at where/what I’m mistaken in?</div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><span style="color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div bgcolor="#FFFFFF" text="#000000">If you can't wait then you have to do it your self. *YOU* could do the same thing for ECDH. But your code would only
<br>
be good for 1.0.2 because the whole way of doing EC methods changes in 1.1. </div></div></blockquote></span><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">That’s perfectly OK, because if my tea leaves reading is correct, OpenSSL-1.0.2 will be around for several years at least. And most of the package providers such as Macports won’t move
their packages to OpenSSL-1.1 for probably that long. So making 1.0.2 working with ECDH now will definitely make sense for me.</div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">In fact, I think making libp11 compliant with OpenSSL-1.1
<span style="font-weight:bold">now</span> is an overreach, because this effort (unlike work on 1.0.2) is highly unlikely to bring benefits to users for a few years. </div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><span style="color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div bgcolor="#FFFFFF" text="#000000">I believe Alexander said he had changes to OpenSSL, which is another approach.
<br>
He has said there were here: <a href="https://github.com/AtmelCSO/cryptoauth-openssl-engine/tree/master/patches" target="_blank">
https://github.com/AtmelCSO/cryptoauth-openssl-engine/tree/master/patches</a></div></div></blockquote></span><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div><font face="Calibri,sans-serif" style="color:rgb(0,0,0);font-size:14px">I see that the actual patch is very small. And the only meaningful (for me) change is adding a new method
</font><font face="Consolas" style="color:rgb(0,0,0);font-size:14px">EC_generate<span style="font-style:italic">_</span>key()</font><font face="Calibri,sans-serif">. I would like to understand why this method is needed – is it only to allow OpenSSL to
<u>generate</u> key pair on the token? Alexander, could you comment please?</font></div></div></blockquote><div> </div><div>I was already responding to it. Here is the copy-paste from my previous response:</div><span style="font-size:12.8px">In the TLS-1.2 protocol (sl_srvr.c) the server generates an ephemeral key pair for ECDH and sends the public key in the server key exchange message (see ssl3_send_server_key_exchange(</span><span style="font-size:12.8px">SSL *s)
function). It does not use the private key until it gets the client public key in the "ssl3_send_server_key_</span><span style="font-size:12.8px">exchange(SSL *s)". Just then it calls the "ECDH_compute_key()" with the client public key and the server private
key generated much earlier. If I do not call this new function (</span><span style="color:rgb(0,0,0);font-family:Consolas;font-size:14px">EC_generate</span><span style="color:rgb(0,0,0);font-family:Consolas;font-size:14px;font-style:italic">_</span><span style="color:rgb(0,0,0);font-family:Consolas;font-size:14px">key()</span><span style="font-size:12.8px">)
then the openssl sends a software-generated ephemeral key to the client. Adding this function was the simplest way to fix the problem. On client everything happens in the same function so it wasn't a problem.</span></div><div class="gmail_quote"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><span style="color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div bgcolor="#FFFFFF" text="#000000">You could also hire someone who could do more then: "test it and offer minor enhancements".</div></div></blockquote></span><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">First, I cannot. Second, I don’t think (and haven’t seen any evidence to the contrary yet) that anything more
<span style="font-weight:bold">is</span> needed. Especially seeing the minuscule amount of changes Alexander had to do to OpenSSL, and I’m not even sure I need those if I don’t insist on being able to generate new key pair on the token using only OpenSSL.</div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><span style="color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div bgcolor="#FFFFFF" text="#000000">(And not me. I am taking the 1.1 approach to getting ECDH. working in engine.)
</div></div></blockquote></span><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">:-) OK, I withdraw my unexpressed and unformulated offer. Consider yourself un-asked. :-)</div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><span style="color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div bgcolor="#FFFFFF" text="#000000"><br></div></div></blockquote></span></div></blockquote></div></div></div></div></div></blockquote></span></body></html>