RE: DH_generate_key (Sands, Daniel)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

RE: DH_generate_key (Sands, Daniel)

Narayana, Sunil Kumar

Hi,

we could not get the pointer reference to the examples of safe primes or using probable primes which you mentioned (i.e. The man page in section 7 (EVP_PKEY_DH) has examples)

And also we wanted to check the usage of  OSSL_PARAM_construct_xxx.  Appreciate if you can pass on the web link.

 

Secondly, we referred to the apps/speed.c , and we are not clear on two things.

  1. What “ffdh_params” should we use in our application when we call to EVP_PKEY_CTX_set_dh_nid   ( I see  an array of  {"ffdh2048", NID_ffdhe2048, 2048},….  Been used in the example)
  2. In our present DH logic, we have public/private keys ( BIGNUM *pub_key,  BIGNUM *priv_key) obtained from DH, how to get pub/priv keys using  EVP_PKEY_new() ?

 

Regards,

Sunil

 

 

From: openssl-users <[hidden email]> On Behalf Of [hidden email]
Sent: 09 December 2020 02:01
To: [hidden email]
Subject: openssl-users Digest, Vol 73, Issue 6

 


NOTICE: This email was received from an EXTERNAL sender



Send openssl-users mailing list submissions to
[hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
https://mta.openssl.org/mailman/listinfo/openssl-users
or, via email, send a message with subject or body 'help' to
[hidden email]

You can reach the person managing the list at
[hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of openssl-users digest..."


Today's Topics:

1. Re: Use OpenSSL to decrypt TLS session from PCAP files
(Matt Caswell)
2. Re: Use OpenSSL to decrypt TLS session from PCAP files
(John Baldwin)
3. DH_generate_key (Narayana, Sunil Kumar)
4. RE: DH_generate_key (Sands, Daniel)


----------------------------------------------------------------------

Message: 1
Date: Tue, 8 Dec 2020 15:46:00 +0000
From: Matt Caswell <[hidden email]>
To: [hidden email]
Subject: Re: Use OpenSSL to decrypt TLS session from PCAP files
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8



On 08/12/2020 15:28, Oren Shpigel wrote:
> Hi, thanks for the answer.
>
> I know wireshark and ssldump have this capability, but I'm looking for a
> way to do it in my own software in C++, (using OpenSSL, if possible, but
> open to other suggestions as well).

Unfortunately OpenSSL does not support this capability. It obviously
supports all the required low-level crypto primitives to do it - but you
would have to put them together yourself, as well as do all the packet
parsing, etc. This would be ... difficult. :-)

Matt


>
> On Tue, Dec 8, 2020 at 4:32 PM Dr. Matthias St. Pierre
> <[hidden email]>> wrote:
>
> Do you need to integrate the decryption into your own software, or
> are you just looking for a possibility to monitor and view the
> traffic?____
>
> If it?s the latter, try and take a look at the SSL decryption
> support that Wireshark provides. ____
>
> __?__
>
> https://wiki.wireshark.org/TLS____
>
> https://www.comparitech.com/net-admin/decrypt-ssl-with-wireshark/____
>
> __?__
>
> __?__
>
> hth,____
>
> Matthias____
>
> __?__
>
> Disclaimer: I haven?t used it for TLS myself, only for IPsec, and I
> can?t tell how up-to-date it is, in particular whether it is TLS 1.3
> ready.____
>
> __?__
>
> ?
>
> *NCP engingeering GmbH* ** *Dr. Matthias St. Pierre*
>
> Senior Software Engineer
> [hidden email] <[hidden email]>
> Phone: +49 911 9968-0
> www.ncp-e.com <http://www.ncp-e.com>
>
> *
> Follow us on:*?Facebook <https://www.facebook.com/NCPengineering> |
> Twitter <https://twitter.com/NCP_engineering>?| Xing
> <https://www.xing.com/companies/ncpengineeringgmbh>?| YouTube
> <https://www.youtube.com/user/NCPengineeringGmbH> | LinkedIn
> <http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0>
>
> *Headquarters Germany: *NCP engineering GmbH ? Dombuehler Str. 2 ?
> 90449 ? Nuremberg
> *North American HQ:* NCP engineering Inc. ? 601 Cleveland Str.,
> Suite 501-25 ? Clearwater, FL 33755
>
> Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate
> Dietrich
> Registry Court: Lower District Court of Nuremberg
> Commercial register No.: HRB 7786 Nuremberg, VAT identification No.:
> DE 133557619
>
> This e-mail message including any attachments is for the sole use of
> the intended recipient(s) and may contain privileged or confidential
> information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient,
> please immediately contact the sender by reply e-mail and delete the
> original message and destroy all copies thereof.
>
> <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen><https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>
>
>
> *From**:*openssl-users <[hidden email]> <[hidden email]>> *On Behalf Of *Oren Shpigel
> *Sent:* Tuesday, December 8, 2020 3:15 PM
> *To:* [hidden email] <[hidden email]>
> *Subject:* Use OpenSSL to decrypt TLS session from PCAP files____
>
> __?__
>
> Hi,?____
>
> I generated a PCAP file with TLS session, and I have the matching
> private key used by my HTTPS server.
> The TLS session is not using DH for key exchange, so it should be
> possible to decrypt.
> I know OpenSSL can be used to connect to a socket to "actively"
> handle the TLS session, but is there a way to "passively" decode and
> decrypt a session?
> How can I "feed" the packets (both directions) into the OpenSSL
> library?____
>
> Thanks!____
>


------------------------------

Message: 2
Date: Tue, 8 Dec 2020 09:17:54 -0800
From: John Baldwin <[hidden email]>
To: Matt Caswell <[hidden email]>, [hidden email]
Subject: Re: Use OpenSSL to decrypt TLS session from PCAP files
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8

On 12/8/20 7:46 AM, Matt Caswell wrote:
>
>
> On 08/12/2020 15:28, Oren Shpigel wrote:
>> Hi, thanks for the answer.
>>
>> I know wireshark and ssldump have this capability, but I'm looking for a
>> way to do it in my own software in C++, (using OpenSSL, if possible, but
>> open to other suggestions as well).
>
> Unfortunately OpenSSL does not support this capability. It obviously
> supports all the required low-level crypto primitives to do it - but you
> would have to put them together yourself, as well as do all the packet
> parsing, etc. This would be ... difficult. :-)

You could use a memory BIO or the like to feed the reconstructed data
stream into to handle the TLS bits though? You are still stuck with
writing your own TCP stack (effectively)? I think openvpn does something
like this when I looked (it used memory BIOs to and then manually
read/wrote their contents on its tunnel socket).

--
John Baldwin


------------------------------

Message: 3
Date: Tue, 8 Dec 2020 17:43:47 +0000
From: "Narayana, Sunil Kumar" <[hidden email]>
To: "[hidden email]" <[hidden email]>
Subject: DH_generate_key
Message-ID:
<[hidden email]>

Content-Type: text/plain; charset="utf-8"

Dear openssl team,

While migrating from 1.0.2 to 3.0, we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html> & EVP_PKEY_derive<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>
our application creates a new DH and using DH_generate_key() creates pub_key/priv_key and uses it. how can we replace this exactly with EVP.
And please suggest what EVP API's should we use to generate pub/priv keys ?

Application code

dh = DH_new();
dh->p = BN_bin2bn(modSize, octet_len, NULL);
dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);

if ( ! DH_generate_key(dh) )
{
return FAILURE;
}
n = (unsigned) BN_num_bytes(dh->pub_key);

BN_bn2bin(dh->pub_key, p);
n = (unsigned) BN_num_bytes(dh->priv_key);


Instead above logic can we do this ? is derive generated pub/priv keys ?

//create ctx
Ctx = EVP_PKEY_CTX_new_from_name (NULL, "DM", NULL);
EVP_PKEY_derive_init (ctx)


Regards,
Sunil


-----------------------------------------------------------------------------------------------------------------------
Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. that
is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or
distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended
recipient, please notify the sender immediately and then delete all copies, including any attachments.
-----------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/9e8c0a5b/attachment-0001.html>

------------------------------

Message: 4
Date: Tue, 8 Dec 2020 20:30:22 +0000
From: "Sands, Daniel" <[hidden email]>
To: "[hidden email]" <[hidden email]>
Subject: RE: DH_generate_key
Message-ID:
<[hidden email]>
Content-Type: text/plain; charset="utf-8"

Dear openssl team,

While migrating from 1.0.2 to 3.0, we found that DH_generate_key() has be deprecated. And as per the man page, it is advised to use EVP_PKEY_derive_init<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive_init.html> & EVP_PKEY_derive<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_derive.html>
our application creates a new DH and using DH_generate_key() creates pub_key/priv_key and uses it. how can we replace this exactly with EVP.
And please suggest what EVP API?s should we use to generate pub/priv keys ?

Application code

dh = DH_new();
dh->p = BN_bin2bn(modSize, octet_len, NULL);
dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);

if ( ! DH_generate_key(dh) )
{
return FAILURE;
}
n = (unsigned) BN_num_bytes(dh->pub_key);

BN_bn2bin(dh->pub_key, p);
n = (unsigned) BN_num_bytes(dh->priv_key);


Instead above logic can we do this ? is derive generated pub/priv keys ?




The man page in section 7 (EVP_PKEY_DH) has examples for generating using safe primes or using probable primes. Seems better since you don?t have to use the BN API anymore, but a little more complicated because you have to call OSSL_PARAM_construct_xxx for parameters and assign them to an array.

From there, you can use EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get your shared secret. See apps/speed.c in the OSSL3 source code for an example. Look for the text EVP_PKEY_DH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201208/3c2fdbaf/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
openssl-users mailing list
[hidden email]
https://mta.openssl.org/mailman/listinfo/openssl-users


------------------------------

End of openssl-users Digest, Vol 73, Issue 6
********************************************