[openssl-users] How to enable Fixed Diffie Hellman key exchange mechanism

Thu Jan 11 21:17:43 UTC 2018

On 11/01/2018 10:35, Bharathi Prasad wrote:
> Hello,
>
> I want to use static Diffie Hellman key exchange with RSA authentication
> (DH_RSA) in my application.
>
> I am currently using OpenSSL version 1.0.2n. I understand that from version
> 1.0.2 openSSL supports fixed DH.
>
> Here is what I have tried so far.
>
> Trial 1: I created DH server and client certificates as described in demo
> script in master branch demos/certs/mkcerts.sh.
>   I need a certificate in PKCS12 file to import into my application. Since DH
> certificate do not have private key I used pkcs12 -nokeys option. This
> approach failed when I tried to read the certificate from my store.
DH certificates DO have an associated private key.  A private DH key
which will be the same for every connection (the matching public key
is in the certificate).

>
> Trial 2.  I tried to set DH certificates with SSL_CTX_use_certificate_file()
> in the client and server applications.
> After loading the certificate into my ssl context what should I do?
>
> Trial 3. I came across some articles where it was suggested that for static
> DH key exchange append DH parameters to the server certificate. So I
> appended my DH parameters (2048 key size) to my server certificate and
> created a pkcs12 file.
>
> Import certificate worked however when I tried to read back the certificate
> from store into x509 object I was unable to retrieve the DH parameters.
>
> I could not find a way to retrieve my DH parameters from the server
> certificate.
Start by doing openssl x509 -noout -text -in serverDHcert.pem to see
if they are there, and in what field.  Then start looking for functions
that retrieve that field from an X509 object.  In 1.0.2 that might be
a function or a "public" field in the X509 structure.

> Trial 4: I placed DH parameter file in my project folder and read the
> parameters using PEM_read_DHparams(). Then I tried to create DH key with
> DH_generate_key();
>
> I could not call DH_compute_key as I do not have peer certificate. This
> configuration is done before I call ssl_connect. So my SSL object is NULL at
> this point of time.
Only the TLS *server* would have a DH certificate.  The TLS client would
have a random DH private key for the parameters received from the TLS
server, sending the single-use client DH public key to the TLS server.

The TLS server would combine it's private DH server key with the received
client DH public key in DH_compute_key() called from inside the TLS code.

The TLS client would combine it's random DH private key with the public
DH server key from the received server certificate in a similar way to
get the same shared secret and thus the same shared TLS master secret.

> After this I do not know how to proceed.
>
> I cannot use SSL_CTX_set_tmp_dh as this api is used for ephemeral Diffie
> Hellman key exchange.
>
> Please let me know where I am going wrong. I need to enable static DH in my
> application.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded