question about ecdh functions

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

question about ecdh functions

Jan Just Keijser-2
hello list,

we're trying to add ECDH/ECDSA support to OpenVPN and we have run into a
question we cannot easily answer ourselves:

we're using SSL_CTX_set_tmp_ecdh to add an ECDH curve to your
server-side SSL CTX object; this is very similar to the DH parameters
which are added using SSL_CTX_set_tmp_dh. We do *not* add a
'set_tmp_dh_callback' to the server SSL CTX , as the DH parameter file
is static.
The question is: does the same apply to the
SSL_CTX_set_tmp_ecdh/SSL_CTX_set_tmp_ecdh_callback function?
Or do we need to add callbacks , similar to the way RSA callbacks are
added, as done in the s_server.c code?

A more general question is where we can read up on all this :) ?

many thanks in advance,

JJK / Jan Just Keijser

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: question about ecdh functions

Dr. Stephen Henson
On Tue, May 08, 2012, Jan Just Keijser wrote:

> hello list,
>
> we're trying to add ECDH/ECDSA support to OpenVPN and we have run
> into a question we cannot easily answer ourselves:
>
> we're using SSL_CTX_set_tmp_ecdh to add an ECDH curve to your
> server-side SSL CTX object; this is very similar to the DH
> parameters which are added using SSL_CTX_set_tmp_dh. We do *not* add
> a 'set_tmp_dh_callback' to the server SSL CTX , as the DH parameter
> file is static.
> The question is: does the same apply to the
> SSL_CTX_set_tmp_ecdh/SSL_CTX_set_tmp_ecdh_callback function?
> Or do we need to add callbacks , similar to the way RSA callbacks
> are added, as done in the s_server.c code?
>
> A more general question is where we can read up on all this :) ?
>
> many thanks in advance,
>

ECDH parameters aren't exactly the same as DH.

For DH generating parameters is a time consuming process and so servers allow
an external file to load DH parameters from.

With ECDH the parameters are normally form a set of hard coded names curves so
"parameter generation" just involves looking them up. It is practical for a
server to just load and use them as required but that isn't supported in
OpenSSL before 1.0.2.

So what you could do is provide an option to set ECDH parameters from a file
and have a fallback for a common set, P-256 is a good choice for example. That
can be done very simply with something like this:

EC_KEY *ecdh;
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (ecdh == NULL) /* error */
SSL_CTX_set_tmp_ecdh(ctx,ecdh);

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: question about ecdh functions

Jan Just Keijser-2
Hi ,

Dr. Stephen Henson wrote:

> On Tue, May 08, 2012, Jan Just Keijser wrote:
>
>  
>> hello list,
>>
>> we're trying to add ECDH/ECDSA support to OpenVPN and we have run
>> into a question we cannot easily answer ourselves:
>>
>> we're using SSL_CTX_set_tmp_ecdh to add an ECDH curve to your
>> server-side SSL CTX object; this is very similar to the DH
>> parameters which are added using SSL_CTX_set_tmp_dh. We do *not* add
>> a 'set_tmp_dh_callback' to the server SSL CTX , as the DH parameter
>> file is static.
>> The question is: does the same apply to the
>> SSL_CTX_set_tmp_ecdh/SSL_CTX_set_tmp_ecdh_callback function?
>> Or do we need to add callbacks , similar to the way RSA callbacks
>> are added, as done in the s_server.c code?
>>
>> A more general question is where we can read up on all this :) ?
>>
>> many thanks in advance,
>>
>>    
>
> ECDH parameters aren't exactly the same as DH.
>
> For DH generating parameters is a time consuming process and so servers allow
> an external file to load DH parameters from.
>
> With ECDH the parameters are normally form a set of hard coded names curves so
> "parameter generation" just involves looking them up. It is practical for a
> server to just load and use them as required but that isn't supported in
> OpenSSL before 1.0.2.
>
> So what you could do is provide an option to set ECDH parameters from a file
> and have a fallback for a common set, P-256 is a good choice for example. That
> can be done very simply with something like this:
>
> EC_KEY *ecdh;
> ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
> if (ecdh == NULL) /* error */
> SSL_CTX_set_tmp_ecdh(ctx,ecdh);
>
>  
thank you for the quick reply. The code we currently use is very similar:
 254     nid = OBJ_sn2nid(curve_name);
 255
 256     if (nid == 0)
 257       msg(M_SSLERR, "unknown curve name (%s)", curve_name);
 258     else
 259     {
 260       ecdh = EC_KEY_new_by_curve_name(nid);
 261       if (ecdh == NULL)
 262         msg (M_SSLERR, "Unable to create curve (%s)", curve_name);
 263       else
 264       {
 265         const char *sname;
 266
 267         if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh))
 268           msg (M_SSLERR, "SSL_CTX_set_tmp_ecdh: cannot add curve");
 269

this is for the OpenVPN server (listening) process; what we are not sure
about is whether this is sufficient for a client-server architecture:
would it be necessary to add different 'ecdh' objects for each client
(e.g. using the set_tmp_ecdh_callback function)? Or is a single 'ecdh'
object for the server sufficient?

many thanks,

JJK / Jan Just Keijser


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: question about ecdh functions

Dr. Stephen Henson
On Wed, May 09, 2012, Jan Just Keijser wrote:

> thank you for the quick reply. The code we currently use is very similar:
> 254     nid = OBJ_sn2nid(curve_name);
> 255
> 256     if (nid == 0)
> 257       msg(M_SSLERR, "unknown curve name (%s)", curve_name);
> 258     else
> 259     {
> 260       ecdh = EC_KEY_new_by_curve_name(nid);
> 261       if (ecdh == NULL)
> 262         msg (M_SSLERR, "Unable to create curve (%s)", curve_name);
> 263       else
> 264       {
> 265         const char *sname;
> 266
> 267         if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh))
> 268           msg (M_SSLERR, "SSL_CTX_set_tmp_ecdh: cannot add curve");
> 269
>
> this is for the OpenVPN server (listening) process; what we are not
> sure about is whether this is sufficient for a client-server
> architecture: would it be necessary to add different 'ecdh' objects
> for each client (e.g. using the set_tmp_ecdh_callback function)? Or
> is a single 'ecdh' object for the server sufficient?
>

No code is needed on the client: it uses the parameters the server
specifies.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: question about ecdh functions

Jan Just Keijser-2
Hi Steve,

Dr. Stephen Henson wrote:

> On Wed, May 09, 2012, Jan Just Keijser wrote:
>
>  
>> thank you for the quick reply. The code we currently use is very similar:
>> 254     nid = OBJ_sn2nid(curve_name);
>> 255
>> 256     if (nid == 0)
>> 257       msg(M_SSLERR, "unknown curve name (%s)", curve_name);
>> 258     else
>> 259     {
>> 260       ecdh = EC_KEY_new_by_curve_name(nid);
>> 261       if (ecdh == NULL)
>> 262         msg (M_SSLERR, "Unable to create curve (%s)", curve_name);
>> 263       else
>> 264       {
>> 265         const char *sname;
>> 266
>> 267         if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh))
>> 268           msg (M_SSLERR, "SSL_CTX_set_tmp_ecdh: cannot add curve");
>> 269
>>
>> this is for the OpenVPN server (listening) process; what we are not
>> sure about is whether this is sufficient for a client-server
>> architecture: would it be necessary to add different 'ecdh' objects
>> for each client (e.g. using the set_tmp_ecdh_callback function)? Or
>> is a single 'ecdh' object for the server sufficient?
>>
>>    
>
> No code is needed on the client: it uses the parameters the server
> specifies.
>  
Yes I realize that the client does not need any code change.
My bad again, for not correctly phrasing the comment/question: if
multiple clients connect to the same server, would I then need to use
multipe 'ecdh' parameters/objects on the server?  For old-style 'dh'
parameters this is usually not the case, but I'm not sure about 'ecdh'
parameters.

many thanks,

JJK / Jan Just Keijser



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]