PKCS#11, ECC and OpenSSL

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

PKCS#11, ECC and OpenSSL

Douglas E Engert

Rich,
I believe we corresponded starting over OSF-DCE, GSS-API, Kerberos and and IETF lists as well.
I see you are very active in OpenSSL now.

I am retired now from Argonne National Lab, but still active with the OpenSC project,
mostly with the NIST 800-73 PIV smart cards. These cards and others support ECC as well as RSA keys.

On the OpenSC mailing list there is a discussion about OpenSSL and PKCS#11 and OpenSSL bug #11 from 2002 came up:

  http://rt.openssl.org/Ticket/Display.html?id=11

I see you rejected it on Sept 10, 2014 but you said in the comments:
"Having said that (twice, actually), a PKCS11 ENGINE would be a cool thing to have."


OpenSC has had a PKCS11 Engine for years:

   https://github.com/OpenSC/engine_pkcs11

And it works well with RSA keys, but the support in OpenSSL needed for ECC keys has stalled
in OpenSSL ticket #2568

    http://rt.openssl.org/Ticket/Display.html?id=2568

Any chance to get this moving?
maybe with a different approach?

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#11, ECC and OpenSSL

David Woodhouse
On Wed, 2014-12-10 at 14:59 -0500, Salz, Rich wrote:
> Hi Doug, I certainly remember you!
>
> >    https://github.com/OpenSC/engine_pkcs11
>
> Is this something you'd want bundled into openssl or kept separate like it is now?

Personally, I'd like it to be bundled.

We really want to get to the point where any application which can take
certificates/keys from files can *also* accept a PKCS#11 URI as
described at https://tools.ietf.org/html/draft-pechanec-pkcs11uri-16 and
will find it from any of the PKCS#11 modules configured in the system's
p11-kit installation. This stuff should Just Work™.

All the manual specification of which library module to load, and the
weird ad-hoc formats for how you describe which object to use, must die.

OpenSSL is the last major crypto library that *doesn't* support PKCS#11
as a first-class citizen, and it would be really good to fix that by
making the PKCS#11 engine available by default.

I'm happy to spend some time working on that.

--
dwmw2

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#11, ECC and OpenSSL

Douglas E Engert
In reply to this post by Douglas E Engert

On 12/10/2014 1:59 PM, Salz, Rich wrote:
> Hi Doug, I certainly remember you!


>
>>     https://github.com/OpenSC/engine_pkcs11
>
> Is this something you'd want bundled into openssl or kept separate like it is now?

That's a good question and would hope other OpenSC developers would respond too.

   https://github.com/OpenSC/engine_pkcs11

depends on

https://github.com/OpenSC/libp11

There are experimental ECDSA and ECDH mods to libp11 described here:

   https://github.com/dengert/libp11/commit/88f980d864d45e9e72591bad99ac56641bf4516a

I have not made a pull request, as I was expecting to get the OpenSSL part done first as described in:

http://rt.openssl.org/Ticket/Display.html?id=2568

>
>> And it works well with RSA keys, but the support in OpenSSL needed for ECC
>> keys has stalled in OpenSSL ticket #2568
>
> So we're doing the exercise of making as much as possible opaque datatypes for the 1.1 release (master branch).  This can probably get fixed with that work.  Ping me in January, and I can start a conversation with folsk from your team and openssl folks.  Ok?
>

And I will ping you again in January!


>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#11, ECC and OpenSSL

David Woodhouse
In reply to this post by Douglas E Engert
On Wed, 2014-12-10 at 13:24 -0600, Douglas E Engert wrote:
>
>
> OpenSC has had a PKCS11 Engine for years:
>
>    https://github.com/OpenSC/engine_pkcs11

I'm looking at tidying up this code, and I have a question about object
lifetimes.

One of the problems is that its ENGINE_load_private_key() function we
should be setting pkey->engine in the returned key, to ensure that a
reference on the engine is held for the lifetime of the key.

However, doing so causes problems in
crypto/evo/pmeth_lib.c::int_ctx_new() because it assumes that the engine
will use ENGINE_set_pkey_meths() to provide a suitable method lookup
function.

Is that a requirement? Or does this 'fix' on the OpenSSL side make
sense...?

--- openssl-1.0.1j/crypto/evp/pmeth_lib.c~ 2014-10-15 13:53:39.000000000 +0100
+++ openssl-1.0.1j/crypto/evp/pmeth_lib.c 2014-12-15 16:21:41.001549233 +0000
@@ -153,7 +153,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKE
  * use internal tables.
  */
 
- if (e)
+ if (e && ENGINE_get_pkey_meths(e))
  pmeth = ENGINE_get_pkey_meth(e, id);
  else
 #endif


--
David Woodhouse                            Open Source Technology Centre
[hidden email]                              Intel Corporation

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#11, ECC and OpenSSL

Douglas E Engert
Thanks, Rich.

Rich Salz introduced David and myself to Tim Hudson, who then responded via private mail.

Tim reported:

"There is an implementation of the ECDSA_METHOD approach in master and in
1.0.2 - I've updated RT2459 to make that clear.
There is no init and final as they don't belong - as for the EC handling
the interface does not generate the key or manage the key internals -
the EC code is rather different and the EC_KEY is where the method
specific hooks for key type handling are."

So I am going to test the ECDSA code in libp11 and opensc-engine against
OpenSSL master.

  http://rt.openssl.org/Ticket/Display.html?id=2459

Only asked for ECDSA, and not ECDH. The OpenSC/libp11 should also work with ECDH
for key derivation. I need so see if the ECDSA code in OpenSSL  works, and
what is need to add matching ECDH changes in OpenSSL.  (These are different methods.)

(In my option, main reason for ECDSA in the engine is to allow OpenSSL
to create a certificate request signed by the EC key on a smartcard.
It would also allow the OpenSSL CA to use a smart card (or HSM) for the CA
key if it was an EC key.)


Tim also asked:
"Is there a soft token which supports ECDSA which you have worked with
that this code matches? And a simple test procedure?
What is it not practical? What are the issues?"

Maybe other OpenSC developers could answer this, or provide to OpenSSL
some test software or even hardware.



On 12/15/2014 11:18 AM, Salz, Rich wrote:
> Let me find out the expert and introduce you :)
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#11, ECC and OpenSSL

Douglas E Engert
A followup on this message, in regard to the OpenSSL-1.0.2-beta3 and OpenSSL git master

I have now updated the comments and fixed a minor bug and squashed the ECC branches of:

    https://github.com/dengert/libp11
    https://github.com/dengert/engine_pkcs11

These have been tested against OpenSSL-1.0.2-beta3 and the OpenSSL git master
using openssl req with the opensc-engine to sign a certificate request using an ECC key.

openssl req verify using sofware verifies the signature.

I have submitted pull request for these changes to OpenSC/libp11 and OpenSC/engine_pkcs11
and expect to merge them next week.

See the comments in the pull requests:

    https://github.com/OpenSC/libp11/pull/13
    https://github.com/OpenSC/engine_pkcs11/pull/10


On 12/17/2014 11:07 AM, Douglas E Engert wrote:

> Thanks, Rich.
>
> Rich Salz introduced David and myself to Tim Hudson, who then responded via private mail.
>
> Tim reported:
>
> "There is an implementation of the ECDSA_METHOD approach in master and in
> 1.0.2 - I've updated RT2459 to make that clear.
> There is no init and final as they don't belong - as for the EC handling
> the interface does not generate the key or manage the key internals -
> the EC code is rather different and the EC_KEY is where the method
> specific hooks for key type handling are."
>
> So I am going to test the ECDSA code in libp11 and opensc-engine against
> OpenSSL master.
>
>   http://rt.openssl.org/Ticket/Display.html?id=2459
>
> Only asked for ECDSA, and not ECDH. The OpenSC/libp11 should also work with ECDH
> for key derivation. I need so see if the ECDSA code in OpenSSL  works, and
> what is need to add matching ECDH changes in OpenSSL.  (These are different methods.)
>
> (In my option, main reason for ECDSA in the engine is to allow OpenSSL
> to create a certificate request signed by the EC key on a smartcard.
> It would also allow the OpenSSL CA to use a smart card (or HSM) for the CA
> key if it was an EC key.)
>
>
> Tim also asked:
> "Is there a soft token which supports ECDSA which you have worked with
> that this code matches? And a simple test procedure?
> What is it not practical? What are the issues?"
>
> Maybe other OpenSC developers could answer this, or provide to OpenSSL
> some test software or even hardware.
>
>
>
> On 12/15/2014 11:18 AM, Salz, Rich wrote:
>> Let me find out the expert and introduce you :)
>>
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel