Re: [Lurk] lurk integration with openssl

Daniel Migault <daniel.migault@ericsson.com> Tue, 24 April 2018 15:35 UTC

Return-Path: <daniel.migault@ericsson.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB2F812E89A for <lurk@ietfa.amsl.com>; Tue, 24 Apr 2018 08:35:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.309
X-Spam-Level:
X-Spam-Status: No, score=-4.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CMQ_7DnRMFgw for <lurk@ietfa.amsl.com>; Tue, 24 Apr 2018 08:35:00 -0700 (PDT)
Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 499CA12FB15 for <lurk@ietf.org>; Tue, 24 Apr 2018 08:34:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1524584059; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=NPIkfTDJh5t2McnTAzYjdnV4NL7Y4GgDZBAUMXb4K6E=; b=eoMiVC3A6wPPIVS+XDWt2d4rV0qnfp3VzooSW3IhPVeRkpXu4igWL9RevLO8bnai 7cs3/NljRZqT6ZGLJw1K8hAzQK5Hv/+NDbW646ZuiLJXvJTNQOaMgmv+Gvqq8hRR 8UiZ3JGgCprh/IxqGAp1hmAUFlONPhEEIqf53up8Z9w=;
X-AuditID: c6180641-5a9879c000003b41-c8-5adf4e7b51a0
Received: from EUSAAHC005.ericsson.se (Unknown_Domain [147.117.188.87]) by usplmg21.ericsson.net (Symantec Mail Security) with SMTP id EA.B5.15169.B7E4FDA5; Tue, 24 Apr 2018 17:34:19 +0200 (CEST)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC005.ericsson.se ([147.117.188.87]) with mapi id 14.03.0382.000; Tue, 24 Apr 2018 11:34:18 -0400
From: Daniel Migault <daniel.migault@ericsson.com>
To: =?utf-8?B?SmVzw7pzIEFsYmVydG8gUG9sbw==?= <ietf@jesusalberto.me>, "Dmitry Kravkov" <dmitryk@qwilt.com>
CC: LURK BoF <lurk@ietf.org>
Thread-Topic: [Lurk] lurk integration with openssl
Thread-Index: AQHT295z6Zmqt6EvUEihILg94E6wlqQQCDvw
Date: Tue, 24 Apr 2018 15:34:15 +0000
Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C118E4240A@eusaamb107.ericsson.se>
References: <CADZyTkmgW89C_hEYbuM2iVRADLGt47q2SMDqbWXMVLiYo9VtSw@mail.gmail.com> <CAAvCjhggLfVZwDbFuLpek0_T=VAryQVF8vFQH2mgvrVK0sJnGQ@mail.gmail.com> <fc8cdf45-9d4b-4840-9943-082db7538eef@Spark>
In-Reply-To: <fc8cdf45-9d4b-4840-9943-082db7538eef@Spark>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.218]
Content-Type: multipart/alternative; boundary="_000_2DD56D786E600F45AC6BDE7DA4E8A8C118E4240Aeusaamb107erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprAIsWRmVeSWpSXmKPExsUyuXRPuG613/0og7W3pS1+Tf7DanHp+hM2 i7dr/ByYPZYs+cnkcWnOChaPBTf/MgUwR3HZpKTmZJalFunbJXBlfFp0nq2g5QxjxaGJK1kb GC8cY+xi5OSQEDCRWD/lPnsXIxeHkMBRRonbz75BOcsZJRbsvc8EUsUmYCTRdqifHcQWEciW eLVuIwuIzSwgI9F9qwXMFhYwlGjtusIKUWMkMeXlAaBeDjC7cyMPSJhFQFXibOM9ZhCbV8BX YlPbQiaIXccYJX6/mAx2EaeApUTnlHdsIDajgJjE91NrmCB2iUvcejKfCeJqAYkle84zQ9ii Ei8f/2OFsJUl1hy5wwiyl1kgX2Lxj2SIXYISJ2c+YZnAKDILyaRZCFWzkFRBhDUl1u/Sh6hW lJjS/ZAdwtaQaJ0zlx1ZfAEj+ypGjtLigpzcdCPDTYzAeDomwea4g3Fvr+chRgEORiUe3vk2 96OEWBPLiitzDzFKcDArifDulbsXJcSbklhZlVqUH19UmpNafIhRmoNFSZz3nCdvlJBAemJJ anZqakFqEUyWiYNTqoGxu3rvFHdFvWnMibeyeWqFFNNmnT+WxrXkX8POuwsbD91sf8P9/md7 Miv7CT/mzCdCMtP+Mx7J+KTHekqdl/mDwwIt/51NWsErKtmrZaybnFrtQ+5P7NI5LKU8RWFZ /Oq9v84fXcl1+rVOQJ2aW4TFpn8m4uWnbZrdWy9f1djv/mmB+Gd73+tKLMUZiYZazEXFiQBy GaqXowIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/f2NffE-FIx1paBBs1ig0uHF_I1c>
Subject: Re: [Lurk] lurk integration with openssl
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2018 15:35:04 -0000

Thanks for the feed back! Yes absolutely for ecdhe, the sig_and_hash is missing from the spec. I have also slightly changed the extended master structure by exchanging the session_hash and encrypted premaster. I expect to be able to update the draft by next week as well. On my python implementation I am using the following structures for ecdhe.

Yours,
Daniel

TLS12ECDHERequestPayload = Struct(
    Embedded(TLS12Base),
    "sig_and_hash" / SignatureAndHashAlgorithm,
    "ecdhe_params" / ServerECDHParams,
    "poo_params" / Struct(
        "poo_prf" / Default( POOPRF, "null" ),
        "rG" / IfThenElse( this.poo_prf == 'null',
             Pass,
             Switch( this.ecdhe_params.curve_param.curve,
                {
                "secp256r1" : UncompressedPointRepresentation_256,
                "secp384r1" : UncompressedPointRepresentation_384,
                "secp512r1" : UncompressedPointRepresentation_512

               }) ),
        "tG" / IfThenElse( this.poo_prf == 'null',
              Pass,
              Switch( this.ecdhe_params.curve_param.curve,
                  {
                  "secp256r1" : UncompressedPointRepresentation_256,
                  "secp384r1" : UncompressedPointRepresentation_384,
                  "secp512r1" : UncompressedPointRepresentation_512

               }) ),
    )
)

With

TLS12Base = Struct(
    "key_id" / KeyPairID ,
    "client_random" / Random,
    "server_random" / Random,
    "tls_version" /  ProtocolVersion,
    "prf" / PRFAlgorithm
)


I have also changed the structure of the extended master by interverting the session hash and the encrypted master to ease the parsing.

struct{
    KeyPairID key_id
    ProtocolVersion tls_version   // see RFC5246 section 6.2.1
    PRFAlgorithm prf              // see RFC5246 section 6.1
    opaque session_hash<2...2^16-2>
    EncryptedPreMasterSecret  pre_master
                                  // see RFC5246 section 7.4.7.1
}TLS12ExtendedMasterRSARequestPayload;
        ]]></artwork>

From: Jesús Alberto Polo [mailto:ietf@jesusalberto.me]
Sent: Tuesday, April 24, 2018 11:11 AM
To: Dmitry Kravkov <dmitryk@qwilt.com>om>; Daniel Migault <daniel.migault@ericsson.com>
Cc: LURK BoF <lurk@ietf.org>
Subject: Re: [Lurk] lurk integration with openssl


Hi,

Thanks for the resources and the patch, it’s definitely easier to solve it the way you did in the hackathon.

I managed to integrate the basic functionality of LURK for ECDHE and I’m preparing some tests, I hope they’re done and the code cleaned up by the end of this week.

Regarding the TLS12ECDHERequestPayload [1], I think the Signature Algorithm field is missing (hash and signature), to indicate the chosen algorithms for the TLS connection.

Best regards,

Jesús Alberto

[1] https://tools.ietf.org/html/draft-mglt-lurk-tls12-00#section-7.1<https://tools.ietf.org/html/draft-mglt-lurk-tls12-00%23section-7.1>

On 22 Apr 2018, 12:08 +0200, Dmitry Kravkov <dmitryk@qwilt.com<mailto:dmitryk@qwilt.com>>, wrote:

Hi Jesus Alberto,

this is a patch for openssl used during 101 hackathon

It looks that direct calling for lurk library from statemachine will be hard to push upstream, but adding more callbacks for master secret calculation that nginx (or other client) registers for,  will be easier to submit.


On Fri, Apr 20, 2018 at 9:26 PM Daniel Migault <daniel.migault@ericsson.com<mailto:daniel.migault@ericsson.com>> wrote:
Hi Jesus Alberto,
There have been some discussions regarding the integration of lurk with openssl during the hackathon, so feel free to share your concerns on the mailing list..
Here are some links you might find of interest:

https://www.agwa.name/blog/post/protecting_the_openssl_private_key_in_a_separate_process
https://www.agwa.name/blog/post/titus_isolation_techniques_continued
Yours,
Daniel


_______________________________________________
Lurk mailing list
Lurk@ietf.org<mailto:Lurk@ietf.org>
https://www.ietf.org/mailman/listinfo/lurk
--

Dmitry Kravkov
Qwilt | Work: +972-72-2221630 | Mobile: +972-54-4839923

dmitrykATqwilt.com