Problems on authentication during TLS handshake

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Problems on authentication during TLS handshake

Jin Xie

Hello everyone,

 

I’m new at OpenSSL programming and encountered a problem while build TLS connection. I’m working on a crypto chip ATECC508A. So the client private key is stored in the chip and no way to get it out. However during standard TLS handshake, I need to provide client private key by “SSL_CTX_use_private_key()” if server needs to identify the client. Because the server will give a “challenge” to client and client needs to encrypt it by client private key. Then the server will decode it by client public key and check if they match. For your reference: https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_handshake

 

I have written my sample client and server code. Everything works fine if I use my own test certificates: selft-signed CA and client cert signed by CA (this means I have the test client cert private key so that I could use SSL_CTX_use_private_key() to import it).

 

The problem is here, in ATECC508A, I’m not able to provide private key directly but have API to sign any digests. So I wonder are there any ways to do some “modification” during handshake? I have tried following two ways:

 

  1. Using OpenSSL Engine. I see that we could set our own algorithms inside engine to overwrite original methods. I think signing “challenge” is at EC_KEY_METHOD. So I write an EC_KEY_METHOD engine and load it successful. Besides I print “enter” and “leave” at the beginning and end of every function in EC_KEY_METHOD. When I do some tests using “ECDSA_sign”, I could see “enter” and “leave” printed from my sign_sig and sign function. However if I run TLS connection, nothing printed (except engine initialization log) and authentication failed (obviously). Those means my own sign and verify functions hasn’t been called.

 

  1. Set callback in SSL or SLL_ctx? I have checked the source code of these two structures but not sure how to do that.

 

Those are what I tried and of course failed every try. :( So could anyone point me what should I do? Maybe I used wrong engine, missed some important callback or others?

 

Best Regards,

 

Jim

 

=========

 

I post my client test code for your reference:

 

#include <openssl/ssl.h>

#include <openssl/conf.h>

#include "openssl/eccx08_engine.h"

#include "openssl/eccx08_engine_internal.h"

 

int main()

{

    static ENGINE *ateccx08_engine;

    OpenSSL_add_all_algorithms();

    ERR_load_crypto_strings();

 

    PRINTF("ENGINE_load_dynamic");

    ENGINE_load_dynamic();

 

    printf("CONF_modules_load_file");

    if (!CONF_modules_load_file(NULL, NULL, CONF_MFLAGS_DEFAULT_SECTION))

    {

        printf("Config failed to load");

    }

 

    printf("ENGINE_by_id");

    ateccx08_engine = ENGINE_by_id("ateccx08");

 

    if (ateccx08_engine == NULL)

    {

        printf("Engine failed to load");

    }

 

    // after some initialization

 

    // load client-side cert and key, signed by intermediate cert

    SSL_CTX_use_certificate_file(m_ctx, ClientCertificateFileTest, SSL_FILETYPE_PEM);

 

    // no need anymore because no way to extract private key

    // SSL_CTX_use_PrivateKey_file(m_ctx, ClientPrivateKeyFileTest, SSL_FILETYPE_PEM);

 

    // load intermediate cert, signed by CA

     X509* chaincert = X509_new();

    BIO* bio_cert = BIO_new_file(SignerCertificateFileTest, "rb");

    PEM_read_bio_X509(bio_cert, &chaincert, NULL, NULL);

    SSL_CTX_add1_chain_cert(m_ctx, chaincert)

 

    m_ssl = SSL_new(m_ctx);

 

    // get_seocket is my own API

    m_sock = get_socket();

 

    SSL_set_fd(m_ssl, m_sock)

 

    // doing handshake and build connection, however no output from ECDSA sign algorithm

    auto r = SSL_connect(m_ssl);

}

 

 

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problems on authentication during TLS handshake

Viktor Dukhovni
On Mon, Jan 07, 2019 at 11:43:47PM -0800, Jin Xie wrote:

[ Going forward, please try to post plain-text with regular spaces,
  rather than Unicode non-breaking spaces. ]

>        // load client-side cert and key, signed by intermediate cert
>        SSL_CTX_use_certificate_file(m_ctx, ClientCertificateFileTest, SSL_FILETYPE_PEM);
>
>        // no need anymore because no way to extract private key
>        // SSL_CTX_use_PrivateKey_file(m_ctx, ClientPrivateKeyFileTest, SSL_FILETYPE_PEM);

Your problem is here, you can't skip loading some form of private
key handle.  OpenSSL 1.1.1 provides an SSL_CTX_use_cert_and_key()
function, which allows the private key to passed as NULL, in which
case it will use the public key as a stand-in for the missing private
key.  All the relevant functions are in ssl/ssl_rsa.c, if you are
willing to read the source code to find the most suitable interface.

If you're using 1.1.0 or 1.0.2 there is probably another way, but
I don't know it off-hand.

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problems on authentication during TLS handshake

Jin Xie

Hi Viktor,

 

Thanks for your replay! Sorry for my wrong format and I would use plaint-text in the future.

 

As for “in which case it will use the public key as a stand-in for the missing private key”, do you mean use “client cert public key” instead of “client cert private key”? If so is it possible that I pass “client cert public key” in “SSL_CTX_use_PrivateKey_file”? (I’m running on 1.1 :(((( )

 

Thanks,

 

Jim

 

From: [hidden email]
Sent: Tuesday, January 8, 2019 12:05 AM
To: [hidden email]
Subject: Re: [openssl-users] Problems on authentication during TLS handshake

 

On Mon, Jan 07, 2019 at 11:43:47PM -0800, Jin Xie wrote:

 

[ Going forward, please try to post plain-text with regular spaces,

  rather than Unicode non-breaking spaces. ]

 

>        // load client-side cert and key, signed by intermediate cert

>        SSL_CTX_use_certificate_file(m_ctx, ClientCertificateFileTest, SSL_FILETYPE_PEM);

>

>        // no need anymore because no way to extract private key

>        // SSL_CTX_use_PrivateKey_file(m_ctx, ClientPrivateKeyFileTest, SSL_FILETYPE_PEM);

 

Your problem is here, you can't skip loading some form of private

key handle.  OpenSSL 1.1.1 provides an SSL_CTX_use_cert_and_key()

function, which allows the private key to passed as NULL, in which

case it will use the public key as a stand-in for the missing private

key.  All the relevant functions are in ssl/ssl_rsa.c, if you are

willing to read the source code to find the most suitable interface.

 

If you're using 1.1.0 or 1.0.2 there is probably another way, but

I don't know it off-hand.

 

--

                Viktor.

--

openssl-users mailing list

To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problems on authentication during TLS handshake

Viktor Dukhovni
On Tue, Jan 08, 2019 at 12:38:32AM -0800, Jin Xie wrote:

> As for “in which case it will use the public key as a stand-in for the
> missing private key”, do you mean use “client cert public key” instead of
> “client cert private key”? If so is it possible that I pass “client cert
> public key” in “SSL_CTX_use_PrivateKey_file”? (I’m running on 1.1 :(((( )

With engines, you have to use ENGINE_load_private_key(), and then
SSL_CTX_use_PrivateKey().

See the code in apps/s_client.c and load_key() in apps/apps.c.

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problems on authentication during TLS handshake

Jin Xie
Thank you! I would have a try.

On Tue, Jan 8, 2019 at 1:10 AM Viktor Dukhovni <[hidden email]> wrote:
On Tue, Jan 08, 2019 at 12:38:32AM -0800, Jin Xie wrote:

> As for “in which case it will use the public key as a stand-in for the
> missing private key”, do you mean use “client cert public key” instead of
> “client cert private key”? If so is it possible that I pass “client cert
> public key” in “SSL_CTX_use_PrivateKey_file”? (I’m running on 1.1 :(((( )

With engines, you have to use ENGINE_load_private_key(), and then
SSL_CTX_use_PrivateKey().

See the code in apps/s_client.c and load_key() in apps/apps.c.

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problems on authentication during TLS handshake

Antonio Iacono
Il giorno mar 8 gen 2019 alle ore 19:32 Jin Xie <[hidden email]> ha scritto:
Thank you! I would have a try.



Antonio

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Problems on authentication during TLS handshake

Jin Xie
Agreed. I use this as my engine sample and rewrite it to support OpenSSL 1.1 since this repo only works in OpenSSL 1.0.2. This takes a long time. 

Moreover very appreciated the support from everyone and Viktor, it's important to use public key in SSL_CTX_use_PrivateKey(). Now my engine is working during handshake and all encrypt processes and server is able to recognize my client.

I would give some follow up in this thread if I have more results.

Thanks,

Jim



On Tue, Jan 8, 2019 at 3:37 PM Antonio Iacono <[hidden email]> wrote:
Il giorno mar 8 gen 2019 alle ore 19:32 Jin Xie <[hidden email]> ha scritto:
Thank you! I would have a try.



Antonio
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users