DH_generate_key (Sands, Daniel)

Narayana, Sunil Kumar sanarayana at rbbn.com
Wed Dec 9 15:10:38 UTC 2020 

Hi,
we could not get the pointer reference to the examples of safe primes or using probable primes which you mentioned (i.e. The man page in section 7 (EVP_PKEY_DH) has examples)
And also we wanted to check the usage of  OSSL_PARAM_construct_xxx.  Appreciate if you can pass on the web link.

Secondly, we referred to the apps/speed.c , and we are not clear on two things.

  1.  What “ffdh_params” should we use in our application when we call to EVP_PKEY_CTX_set_dh_nid   ( I see  an array of  {"ffdh2048", NID_ffdhe2048, 2048},….  Been used in the example)
  2.  In our present DH logic, we have public/private keys ( BIGNUM *pub_key,  BIGNUM *priv_key) obtained from DH, how to get pub/priv keys using  EVP_PKEY_new() ?


Regards,
Sunil


From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of openssl-users-request at openssl.org
Sent: 09 December 2020 02:01
To: openssl-users at openssl.org
Subject: openssl-users Digest, Vol 73, Issue 6

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

Send openssl-users mailing list submissions to
openssl-users at openssl.org<mailto:openssl-users at openssl.org>

To subscribe or unsubscribe via the World Wide Web, visit
https://mta.openssl.org/mailman/listinfo/openssl-users<https://mta.openssl.org/mailman/listinfo/openssl-users>
or, via email, send a message with subject or body 'help' to
openssl-users-request at openssl.org<mailto:openssl-users-request at openssl.org>

You can reach the person managing the list at
openssl-users-owner at openssl.org<mailto:openssl-users-owner at openssl.org>

When replying, please edit your Subject line so it is more specific
than "Re: Contents of openssl-users digest..."


Today's Topics:

1. Re: Use OpenSSL to decrypt TLS session from PCAP files
(Matt Caswell)
2. Re: Use OpenSSL to decrypt TLS session from PCAP files
(John Baldwin)
3. DH_generate_key (Narayana, Sunil Kumar)
4. RE: DH_generate_key (Sands, Daniel)


----------------------------------------------------------------------

Message: 1
Date: Tue, 8 Dec 2020 15:46:00 +0000
From: Matt Caswell <matt at openssl.org<mailto:matt at openssl.org>>
To: openssl-users at openssl.org<mailto:openssl-users at openssl.org>
Subject: Re: Use OpenSSL to decrypt TLS session from PCAP files
Message-ID: <8f9c7ad4-f3cb-38a1-0968-61833bb77462 at openssl.org<mailto:8f9c7ad4-f3cb-38a1-0968-61833bb77462 at openssl.org>>
Content-Type: text/plain; charset=utf-8



On 08/12/2020 15:28, Oren Shpigel wrote:
> Hi, thanks for the answer.
>
> I know wireshark and ssldump have this capability, but I'm looking for a
> way to do it in my own software in C++, (using OpenSSL, if possible, but
> open to other suggestions as well).

Unfortunately OpenSSL does not support this capability. It obviously
supports all the required low-level crypto primitives to do it - but you
would have to put them together yourself, as well as do all the packet
parsing, etc. This would be ... difficult. :-)

Matt


>
> On Tue, Dec 8, 2020 at 4:32 PM Dr. Matthias St. Pierre
> <Matthias.St.Pierre at ncp-e.com <mailto:Matthias.St.Pierre at ncp-e.com<mailto:Matthias.St.Pierre at ncp-e.com%20%3cmailto:Matthias.St.Pierre at ncp-e.com>>> wrote:
>
> Do you need to integrate the decryption into your own software, or
> are you just looking for a possibility to monitor and view the
> traffic?____
>
> If it?s the latter, try and take a look at the SSL decryption
> support that Wireshark provides. ____
>
> __?__
>
> https://wiki.wireshark.org/TLS____<https://wiki.wireshark.org/TLS____>
>
> https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/____<https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/____>
>
> __?__
>
> __?__
>
> hth,____
>
> Matthias____
>
> __?__
>
> Disclaimer: I haven?t used it for TLS myself, only for IPsec, and I
> can?t tell how up-to-date it is, in particular whether it is TLS 1.3
> ready.____
>
> __?__
>
> ?
>
> *NCP engingeering GmbH* ** *Dr. Matthias St. Pierre*
>
> Senior Software Engineer
> matthias.st.pierre at ncp-e.com<mailto:matthias.st.pierre at ncp-e.com> <mailto:matthias.st.pierre at ncp-e.com>
> Phone: +49 911 9968-0
> www.ncp-e.com<http://www.ncp-e.com> <http://www.ncp-e.com<http://www.ncp-e.com>>
>
> *
> Follow us on:*?Facebook <https://www.facebook.com/NCPengineering<https://www.facebook.com/NCPengineering>> |
> Twitter <https://twitter.com/NCP_engineering<https://twitter.com/NCP_engineering>>?| Xing
> <https://www.xing.com/companies/ncpengineeringgmbh<https://www.xing.com/companies/ncpengineeringgmbh>>?| YouTube
> <https://www.youtube.com/user/NCPengineeringGmbH<https://www.youtube.com/user/NCPengineeringGmbH>> | LinkedIn
> <http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0<http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0>>
>
> *Headquarters Germany: *NCP engineering GmbH ? Dombuehler Str. 2 ?
> 90449 ? Nuremberg
> *North American HQ:* NCP engineering Inc. ? 601 Cleveland Str.,
> Suite 501-25 ? Clearwater, FL 33755
>
> Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate
> Dietrich
> Registry Court: Lower District Court of Nuremberg
> Commercial register No.: HRB 7786 Nuremberg, VAT identification No.:
> DE 133557619
>
> This e-mail message including any attachments is for the sole use of
> the intended recipient(s) and may contain privileged or confidential
> information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient,
> please immediately contact the sender by reply e-mail and delete the
> original message and destroy all copies thereof.
>
> <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen<https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>><https://www.ncp-e.com/de/aktuelles/events/veranstaltungen<https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>>
>
>
> *From**:*openssl-users <openssl-users-bounces at openssl.org
<mailto:openssl-users-bounces at openssl.org%0b>> <mailto:openssl-users-bounces at openssl.org>> *On Behalf Of *Oren Shpigel
> *Sent:* Tuesday, December 8, 2020 3:15 PM
> *To:* openssl-users at openssl.org<mailto:openssl-users at openssl.org> <mailto:openssl-users at openssl.org>
> *Subject:* Use OpenSSL to decrypt TLS session from PCAP files____
>
> __?__
>
> Hi,?____
>
> I generated a PCAP file with TLS session, and I have the matching
> private key used by my HTTPS server.
> The TLS session is not using DH for key exchange, so it should be
> possible to decrypt.
> I know OpenSSL can be used to connect to a socket to "actively"
> handle the TLS session, but is there a way to "passively" decode and
> decrypt a session?
> How can I "feed" the packets (both directions) into the OpenSSL
> library?____
>
> Thanks!____
>


------------------------------

Message: 2
Date: Tue, 8 Dec 2020 09:17:54 -0800
From: John Baldwin <jhb at FreeBSD.org<mailto:jhb at FreeBSD.org>>
To: Matt Caswell <matt at openssl.org<mailto:matt at openssl.org>>, openssl-users at openssl.org<mailto:openssl-users at openssl.org>
Subject: Re: Use OpenSSL to decrypt TLS session from PCAP files
Message-ID: <a13039b5-4e75-543a-fbcf-bcf7caf1c3d0 at FreeBSD.org<mailto:a13039b5-4e75-543a-fbcf-bcf7caf1c3d0 at FreeBSD.org>>
Content-Type: text/plain; charset=utf-8

On 12/8/20 7:46 AM, Matt Caswell wrote:
>
>
> On 08/12/2020 15:28, Oren Shpigel wrote:
>> Hi, thanks for the answer.
>>
>> I know wireshark and ssldump have this capability, but I'm looking for a
>> way to do it in my own software in C++, (using OpenSSL, if possible, but
>> open to other suggestions as well).
>
> Unfortunately OpenSSL does not support this capability. It obviously
> supports all the required low-level crypto primitives to do it - but you
> would have to put them together yourself, as well as do all the packet
> parsing, etc. This would be ... difficult. :-)

You could use a memory BIO or the like to feed the reconstructed data
stream into to handle the TLS bits though? You are still stuck with
writing your own TCP stack (effectively)? I think openvpn does something
like this when I looked (it used memory BIOs to and then manually
read/wrote their contents on its tunnel socket).

--
John Baldwin


------------------------------

Message: 3
Date: Tue, 8 Dec 2020 17:43:47 +0000
From: "Narayana, Sunil Kumar" <sanarayana at rbbn.com<mailto:sanarayana at rbbn.com>>
To: "openssl-users at openssl.org<mailto:openssl-users at openssl.org>" <openssl-users at openssl.org<mailto:openssl-users at openssl.org>>
Subject: DH_generate_key
Message-ID:
<SN6PR03MB40618D30CCD11C458E2B2EB2B0CD0 at SN6PR03MB4061.namprd03.prod.outlook.com<mailto:SN6PR03MB40618D30CCD11C458E2B2EB2B0CD0 at SN6PR03MB4061.namprd03.prod.outlook.com>>

Content-Type: text/plain; charset="utf-8"

Dear openssl team,

While migrating from 1.0.2 to 3.0, we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>> & EVP_PKEY_derive<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>>
our application creates a new DH and using DH_generate_key() creates pub_key/priv_key and uses it. how can we replace this exactly with EVP.
And please suggest what EVP API's should we use to generate pub/priv keys ?

Application code

dh = DH_new();
dh->p = BN_bin2bn(modSize, octet_len, NULL);
dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);

if ( ! DH_generate_key(dh) )
{
return FAILURE;
}
n = (unsigned) BN_num_bytes(dh->pub_key);

BN_bn2bin(dh->pub_key, p);
n = (unsigned) BN_num_bytes(dh->priv_key);


Instead above logic can we do this ? is derive generated pub/priv keys ?

//create ctx
Ctx = EVP_PKEY_CTX_new_from_name (NULL, "DM", NULL);
EVP_PKEY_derive_init (ctx)


Regards,
Sunil


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/9e8c0a5b/attachment-0001.html<https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/9e8c0a5b/attachment-0001.html>>

------------------------------

Message: 4
Date: Tue, 8 Dec 2020 20:30:22 +0000
From: "Sands, Daniel" <dnsands at sandia.gov<mailto:dnsands at sandia.gov>>
To: "openssl-users at openssl.org<mailto:openssl-users at openssl.org>" <openssl-users at openssl.org<mailto:openssl-users at openssl.org>>
Subject: RE: DH_generate_key
Message-ID:
<0223126022f1463f903459929b4902c6 at ES08AMSNLNT.srn.sandia.gov<mailto:0223126022f1463f903459929b4902c6 at ES08AMSNLNT.srn.sandia.gov>>
Content-Type: text/plain; charset="utf-8"

Dear openssl team,

While migrating from 1.0.2 to 3.0, we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html>> & EVP_PKEY_derive<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>>
our application creates a new DH and using DH_generate_key() creates pub_key/priv_key and uses it. how can we replace this exactly with EVP.
And please suggest what EVP API?s should we use to generate pub/priv keys ?

Application code

dh = DH_new();
dh->p = BN_bin2bn(modSize, octet_len, NULL);
dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);

if ( ! DH_generate_key(dh) )
{
return FAILURE;
}
n = (unsigned) BN_num_bytes(dh->pub_key);

BN_bn2bin(dh->pub_key, p);
n = (unsigned) BN_num_bytes(dh->priv_key);


Instead above logic can we do this ? is derive generated pub/priv keys ?




The man page in section 7 (EVP_PKEY_DH) has examples for generating using safe primes or using probable primes. Seems better since you don?t have to use the BN API anymore, but a little more complicated because you have to call OSSL_PARAM_construct_xxx for parameters and assign them to an array.

From there, you can use EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get your shared secret. See apps/speed.c in the OSSL3 source code for an example. Look for the text EVP_PKEY_DH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/3c2fdbaf/attachment.html<https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/3c2fdbaf/attachment.html>>

------------------------------

Subject: Digest Footer

_______________________________________________
openssl-users mailing list
openssl-users at openssl.org<mailto:openssl-users at openssl.org>
https://mta.openssl.org/mailman/listinfo/openssl-users<https://mta.openssl.org/mailman/listinfo/openssl-users>


------------------------------

End of openssl-users Digest, Vol 73, Issue 6
********************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201209/c4847bc2/attachment-0001.html>

More information about the openssl-users mailing list