<div dir="ltr">Hi Uri,<div><br></div><div>Sorry, took a while to respond to your request.</div><div>I cloned "<a href="https://github.com/OpenSC/libp11.git" target="_blank">https://github.com/OpenSC/libp11.git</a>" and looked into it for some time. It is really hard for me to give you any advice without knowing the code and/or trying to debug it. My only observation is going back to my previous comment about the new EC_generate_key() function that I was adding into the openssl 1.0.2 patch. If you do not add it (and I didn't see it added to your code) then the OpenSSL TLS1.2 protocol (not sure about previous protocols) will send out to the client a software-generated ephemeral public key: it happens early in the exchange before the <span style="font-size:12.8px">"ECDH_compute_key()" function is called. Of course it does not matter if you are using just OpenSSL ephemeral keys (not hardware-generated).</span></div><div>I hope it will help.</div><div><br></div><div>Regards,</div><div>Alex.</div><div> </div><div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 27, 2016 at 9:25 AM, Blumenthal, Uri - 0553 - MITLL <span dir="ltr"><<a href="mailto:uri@ll.mit.edu" target="_blank">uri@ll.mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><span style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div bgcolor="#FFFFFF" text="#000000">When I started to write the ECDSA code for engine_pkcs11 in 2011 the code to support the method hooks was not<br>
in the code. So I used internal OpenSSL header files to copy the ECDSA_METHOD and replace the function needed.
<br>
Look for "BUILD_WITH_ECS_LOCL_H" in libp11. Not until 1.0.2 did OpenSSL support the needed calls to hook ECDSA.<br>
They did not add the hooks for ECDH. </div></div></blockquote></span><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">I am missing one thing here. Hopefully you can help me understanding it.</div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">OpenSSL-1.0.2 currently supports ECDH, as I observe by running</div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><p style="margin:0px;font-size:16px;font-family:Monaco;color:rgb(41,249,20);background-color:rgb(0,0,0)">openssl pkeyutl -derive -inkey /tmp/derive.29494.priv.pem -peerkey /tmp/derive.29494.token.pub.pem -out /tmp/derive.29494.shared1</p></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">So clearly there is working code available inside OpenSSL that does what is needed. The only issue then is to add code to libp11 to access that code. </div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">Am I correct? If not, could you please point at where/what I’m mistaken in?</div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><span style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div bgcolor="#FFFFFF" text="#000000">If you can't wait then you have to do it your self. *YOU* could do the same thing for ECDH. But your code would only
<br>
be good for 1.0.2 because the whole way of doing EC methods changes in 1.1. </div></div></blockquote></span><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">That’s perfectly OK, because if my tea leaves reading is correct, OpenSSL-1.0.2 will be around for several years at least. And most of the package providers such as Macports won’t move their packages to OpenSSL-1.1 for probably that long. So making 1.0.2 working with ECDH now will definitely make sense for me.</div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">In fact, I think making libp11 compliant with OpenSSL-1.1 <span style="font-weight:bold">now</span> is an overreach, because this effort (unlike work on 1.0.2) is highly unlikely to bring benefits to users for a few years. </div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><span style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div bgcolor="#FFFFFF" text="#000000">I believe Alexander said he had changes to OpenSSL, which is another approach. <br>
He has said there were here: <a href="https://github.com/AtmelCSO/cryptoauth-openssl-engine/tree/master/patches" target="_blank">
https://github.com/AtmelCSO/cryptoauth-openssl-engine/tree/master/patches</a></div></div></blockquote></span><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div><font face="Calibri,sans-serif" style="color:rgb(0,0,0);font-size:14px">I see that the actual patch is very small. And the only meaningful (for me) change is adding a new method </font><font face="Consolas" style="color:rgb(0,0,0);font-size:14px">EC_generate<span style="font-style:italic">_</span>key()</font><font face="Calibri,sans-serif">. I would like to understand why this method is needed – is it only to allow OpenSSL to <u>generate</u> key pair on the token? Alexander, could you comment please?</font></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><span style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div bgcolor="#FFFFFF" text="#000000">You could also hire someone who could do more then: "test it and offer minor enhancements".</div></div></blockquote></span><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">First, I cannot. Second, I don’t think (and haven’t seen any evidence to the contrary yet) that anything more <span style="font-weight:bold">is</span> needed. Especially seeing the minuscule amount of changes Alexander had to do to OpenSSL, and I’m not even sure I need those if I don’t insist on being able to generate new key pair on the token using only OpenSSL.</div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><span style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div bgcolor="#FFFFFF" text="#000000">(And not me. I am taking the 1.1 approach to getting ECDH. working in engine.) </div></div></blockquote></span><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">:-) OK, I withdraw my unexpressed and unformulated offer. Consider yourself un-asked. :-)</div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><div style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><br></div><span style="color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><blockquote style="BORDER-LEFT:#b5c4df 5 solid;PADDING:0 0 0 5;MARGIN:0 0 0 5"><div><div bgcolor="#FFFFFF" text="#000000">On 1/20/2016 2:19 PM, Blumenthal, Uri - 0553 - MITLL wrote:<br><blockquote type="cite"><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Very possible that I'm missing the point here.</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Still, since openssl-1_0_2 does ECDH, and it exposes ECDSA to external engine(s), how difficult would it be to add ECDH exposure? I suspect - a good deal easier than getting 1.1 replace 1.0.x as the de-facto deployment standard.</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Plus, by this time there already are (and reasonably common) tokens that support ECDH, other packages that do ECDH, and people (like myself :-) willing to test it and offer minor enhancements.</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Another point I seem to be missing - if what's necessary to implement ECDH in an external engine is missing from 1_0_2 - how could Alexander write a (presumably) working ECDH engine for 1_0_2? If he could do it, why can't engine_pkcs11 be extended to do the
same?</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br></div><div style="font-size:initial;font-family:Calibri,'Slate Pro',sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.</div><table style="border-spacing:0px;background-color:white" width="100%"><tbody><tr><td colspan="2" style="font-size:initial;text-align:initial;background-color:rgb(255,255,255)"><div><div><b>From: </b>Douglas E Engert</div><div><b>Sent: </b>Wednesday, January 20, 2016 14:59</div><div><b>To: </b><a href="mailto:openssl-dev@openssl.org" target="_blank">openssl-dev@openssl.org</a></div><div><b>Reply To: </b><a href="mailto:openssl-dev@openssl.org" target="_blank">openssl-dev@openssl.org</a></div><div><b>Subject: </b>Re: [openssl-dev] ECDH engine</div></div></td></tr></tbody></table></blockquote></div></div></blockquote></span></div></blockquote></div><br></div></div></div>