[openssl-dev] ECDH engine

Alexander Gostrer agostrer at gmail.com
Thu Jan 28 03:54:22 UTC 2016 

Hi Uri,

On Wed, Jan 27, 2016 at 9:30 AM, Blumenthal, Uri - 0553 - MITLL <
uri at ll.mit.edu> wrote:

> Let me know if you have any questions about these patches.
>
>
> My only questions at this time (I briefly looked at your patches only,
> haven’t looked at your engine at all) are: why you needed to add
> ECDH\generate key() to crypto/ech/ecdh_key.c,
>

In the TLS-1.2 protocol (sl_srvr.c) the server generates an ephemeral key
pair for ECDH and sends the public key in the server key exchange message
(see ssl3_send_server_key_exchange(SSL *s) function). It does not use the
private key until it gets the client public key in the
"ssl3_send_server_key_exchange(SSL *s)". Just then it calls the
"ECDH_compute_key()" with the client public key and the server private key
generated much earlier. If I do not call this new function then the openssl
sends a software-generated ephemeral key to the client. Adding this
function was the simplest way to fix the problem. On client everything
happens in the same function so it wasn't a problem.


> and what’s the purpose of enabling (*init)(EC_KEY *eckey) and (*finish)(EC_KEY
> *eckey) in crypto/ecdh/ech_locl.h.
>

I used "ecdh->meth->init(eckey)" in this new "ECDH_generate_key(EC_KEY
*eckey)" function to actually generate the ephemeral pair. Probably should
call it "generate_key()" instead but again was trying to minimize the
impact. "finish()" was in the same package - didn't use it.

Regards,
Alex.
Sorry for delay: take some time to go over the code to remember things :)

>
> Thanks!
>
>
> On Wed, Jan 20, 2016 at 12:49 PM, Douglas E Engert <deengert at gmail.com>
> wrote:
>
>> When I started to write the ECDSA code for engine_pkcs11  in 2011 the
>> code to support the method hooks was not
>> in the code. So I used internal OpenSSL header files to copy the
>> ECDSA_METHOD  and replace the function needed.
>> Look for "BUILD_WITH_ECS_LOCL_H" in libp11.  Not until 1.0.2 did OpenSSL
>> support the needed calls to hook ECDSA.
>> They did not add the hooks for ECDH.
>>
>> If you can't wait then you have to do it your self.  *YOU* could do the
>> same thing for ECDH. But your code would only
>> be good for 1.0.2 because the whole way of doing EC methods changes in
>> 1.1.
>>
>> I believe Alexander said he had changes to OpenSSL, which is another
>> approach.
>> He has said there were here:
>> https://github.com/AtmelCSO/cryptoauth-openssl-engine/tree/master/patches
>>
>> You could also hire someone who could do more then: "test it and offer
>> minor enhancements".
>> (And not me. I am taking the 1.1 approach to getting ECDH. working in
>> engine.)
>>
>> On 1/20/2016 2:19 PM, Blumenthal, Uri - 0553 - MITLL wrote:
>>
>> Very possible that I'm missing the point here.
>>
>> Still, since openssl-1_0_2 does ECDH, and it exposes ‎ECDSA to external
>> engine(s), how difficult would it be to add ECDH exposure? I suspect - a
>> good deal easier than getting 1.1 replace 1.0.x as the de-facto deployment
>> standard.
>>
>> Plus, by this time there already are (and reasonably common) tokens that
>> support ECDH, other packages that do ECDH, and people (like myself :-)
>> willing to test it and offer minor enhancements.
>>
>> Another point I seem to be missing - if what's necessary to implement
>> ECDH in an external engine is missing from 1_0_2 - how could ‎Alexander
>> write a (presumably) working ECDH engine for 1_0_2? If he could do it,  why
>> can't engine_pkcs11 be extended to do the same?
>>
>>
>> Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
>> *From: *Douglas E Engert
>> *Sent: *Wednesday, January 20, 2016 14:59
>> *To: *openssl-dev at openssl.org>> *Reply To: *openssl-dev at openssl.org
>> *Subject: *Re: [openssl-dev] ECDH engine
>>>> You are missing the point. OpenSSL-1.0.2 only exposed ECDSA, not ECDH to
>> external engines.  It took years to even get ECDSA exposed.
>> OpenSSL approach to support this is OpenSSL-1.1  that does a lot of other
>> things. But that was there approach. Its their package.
>> >From working package to distribution always takes several years...
>>
>>
>>
>>
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160127/8914811d/attachment-0001.html>

More information about the openssl-dev mailing list