Re: [Lurk] lurk integration with openssl

Daniel Migault <daniel.migault@ericsson.com> Thu, 28 June 2018 13:14 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F1E0130F88 for <lurk@ietfa.amsl.com>; Thu, 28 Jun 2018 06:14:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.138
X-Spam-Level:
X-Spam-Status: No, score=-1.138 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UMCWFsIRbi9V for <lurk@ietfa.amsl.com>; Thu, 28 Jun 2018 06:14:41 -0700 (PDT)
Received: from mail-lj1-x243.google.com (mail-lj1-x243.google.com [IPv6:2a00:1450:4864:20::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65E20129619 for <lurk@ietf.org>; Thu, 28 Jun 2018 06:14:40 -0700 (PDT)
Received: by mail-lj1-x243.google.com with SMTP id k20-v6so4471227ljk.9 for <lurk@ietf.org>; Thu, 28 Jun 2018 06:14:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=Lyh8vKlkgaHUnPteTLpw87cxw5bjhW0XA1FrM3PArys=; b=o3ZYCrLP8ZTk9NXMki7HwuHi4VTK3SG+RMi5iiFRVs00nojPtxe3uKY8NOxQJGZHxQ GY2gkSG6LX2whjPi9ixWoBBhT8E+QpYVwIKHWxOmEqk/WxoN3Kzyvd2+6S/bDKdHe29G 5tDlr5CteV22SuELkHOKlDlxyr0YaPSDGqWj9hFJQBut8iqvFd3vPSP/fnLdBxRYUeUm 2RKPukd0J7FM5aVYnGgTUmKfOAN1513czZLMQCu/bTbCWldVuSwgz/oRqTWb1V2rH2gq BW/cFMCVMVzXDNn3HM4xDP+ueRAkZs/Knvbrm6WCZI3c3Ar33LFYjQSPMvLjOdY36uHD /ElQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=Lyh8vKlkgaHUnPteTLpw87cxw5bjhW0XA1FrM3PArys=; b=S1goUAnUI6uzB2oXjTUC9KlWTjCn2p9dVcIoq+fbsVLEYXYTW4fhE8GTmoXOz1MxEv NqaCT5TZlhrsxLaZwhWZFDEx1rmQV/cEyLRZb8ObdjWHNivYlkLOndtADJkJLnmEjTOQ WM0B1D0avip/dHzk4IIsQChSh2wXg2JRl2RZefv/bbLw1Sii5WF0c97rkyXDRm3LEDL6 8WmomsU4n/Funw67yuYwrk0Xw7cFkxoCiV1VtQVWASmJFU9NfLWaLXkHOj/1LByjpH2w G181ZPX4r8ypopsJDaqB2yp51N5as4nno5x4CE78fa8y5rJpbt2NgFVbGyDkc0MwZYWW Zt/w==
X-Gm-Message-State: APt69E0RU+AnwxIKVDP3RvOjgzCMvlsLoBJUC2pcpiFhiaHybQBF7+H+ eoEhaKhK7FWJFB49xlLodyAMG2XY7iAGqvMXSN0=
X-Google-Smtp-Source: AAOMgpdp3JkBCwLJ+AtxawlvCZj3WLcishkM9jabSk0uPp4skP0CNiMOK+cyyJiR9lBAGKfANvVsMFMF5lbcGtTX9QY=
X-Received: by 2002:a2e:88d1:: with SMTP id a17-v6mr7064147ljk.54.1530191678672; Thu, 28 Jun 2018 06:14:38 -0700 (PDT)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 2002:a2e:4281:0:0:0:0:0 with HTTP; Thu, 28 Jun 2018 06:14:38 -0700 (PDT)
In-Reply-To: <7ffa6dbe1b912b4bbfeb1eff101fcade@jesusalberto.me>
References: <CADZyTkmgW89C_hEYbuM2iVRADLGt47q2SMDqbWXMVLiYo9VtSw@mail.gmail.com> <CAAvCjhggLfVZwDbFuLpek0_T=VAryQVF8vFQH2mgvrVK0sJnGQ@mail.gmail.com> <fc8cdf45-9d4b-4840-9943-082db7538eef@Spark> <2DD56D786E600F45AC6BDE7DA4E8A8C118E4240A@eusaamb107.ericsson.se> <2f5dd5f6f12678d48679be2c5d7c4664@jesusalberto.me> <CADZyTkmNTPQDy9_k1QErcCqqxDuno4h4e41LJbNoMwugob92Kw@mail.gmail.com> <7ffa6dbe1b912b4bbfeb1eff101fcade@jesusalberto.me>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Thu, 28 Jun 2018 09:14:38 -0400
X-Google-Sender-Auth: S2ZQf5H6Ebfm8YCktQLFxmK81KA
Message-ID: <CADZyTknHWhjVrroxtWL32cGr5D5_kHexbx6DvfLJh6cScamT5g@mail.gmail.com>
To: =?UTF-8?Q?Jes=C3=BAs_Alberto_Polo?= <ietf@jesusalberto.me>
Cc: LURK BoF <lurk@ietf.org>, Dmitry Kravkov <dmitryk@qwilt.com>
Content-Type: multipart/alternative; boundary="0000000000007211e3056fb383c7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/lnrSJc7BZDwkYHwlzrWlzjdkI0Y>
Subject: Re: [Lurk] lurk integration with openssl
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jun 2018 13:14:44 -0000

Thanks for sharing your implementation. If there are other implementation
please share them on the list!
Yours,
Daniel


On Thu, Jun 28, 2018 at 4:31 AM, Jesús Alberto Polo <ietf@jesusalberto.me>;
wrote:

> Hi,
>
> I’ve uploaded an early-version of a C implementation of LURK with openssl
> and nginx to Github, concretely for the ECDHE handshake (I think RSA
> handshake was developed in the previous hackathon). Note that it’s still a
> prototype and some functionalities are missing or need to be improved
> (those are specified in the README and in the code).
>
> The respository is available at https://github.com/jesusalber1/clurk.
>
> Best,
>
> Jesús Alberto
>
>
> On 2018-05-23 19:19, Daniel Migault wrote:
>
>> Hi Jesus,
>>
>> That is really great to have two implementations! In addition the c
>> implementation integrated with openssl would provide more accurate
>> measurements on how lurk impact the edge server. That is great news
>> and I wish interoperability tests may be done at the hackathon!
>>
>> Yours,
>>
>> Daniel
>>
>> On Wed, May 23, 2018 at 11:38 AM, Jesús Alberto Polo
>> <ietf@jesusalberto.me>; wrote:
>>
>> Hi,
>>>
>>> A very early version of clurk will be ready very soon. So far, the
>>> ECDHE handshake is done (POO is missing though) and I’m finishing
>>> the RSA handshake (PFS is missing as well) based on the patch you
>>> shared lately.
>>>
>>> I’ll share the GitHub link as soon as it is ready and also provide
>>> more details.
>>>
>>> Best,
>>>
>>> Jesús Alberto
>>>
>>> On 2018-04-24 17:34, Daniel Migault wrote:
>>>
>>> Thanks for the feed back! Yes absolutely for ecdhe, the
>>> sig_and_hash
>>> is missing from the spec. I have also slightly changed the extended
>>> master structure by exchanging the session_hash and encrypted
>>> premaster. I expect to be able to update the draft by next week as
>>> well. On my python implementation I am using the following
>>> structures
>>> for ecdhe.
>>>
>>> Yours,
>>>
>>> Daniel
>>>
>>> TLS12ECDHERequestPayload = Struct(
>>>
>>> Embedded(TLS12Base),
>>>
>>> "sig_and_hash" / SignatureAndHashAlgorithm,
>>>
>>> "ecdhe_params" / ServerECDHParams,
>>>
>>> "poo_params" / Struct(
>>>
>>> "poo_prf" / Default( POOPRF, "null" ),
>>>
>>> "rG" / IfThenElse( this.poo_prf == 'null',
>>>
>>> Pass,
>>>
>>> Switch( this.ecdhe_params.curve_param.curve,
>>>
>>> {
>>>
>>> "secp256r1" : UncompressedPointRepresentation_256,
>>>
>>> "secp384r1" : UncompressedPointRepresentation_384,
>>>
>>> "secp512r1" : UncompressedPointRepresentation_512
>>>
>>> }) ),
>>>
>>> "tG" / IfThenElse( this.poo_prf == 'null',
>>>
>>> Pass,
>>>
>>> Switch( this.ecdhe_params.curve_param.curve,
>>>
>>> {
>>>
>>> "secp256r1" : UncompressedPointRepresentation_256,
>>>
>>> "secp384r1" : UncompressedPointRepresentation_384,
>>>
>>> "secp512r1" : UncompressedPointRepresentation_512
>>>
>>> }) ),
>>>
>>> )
>>>
>>> )
>>>
>>> With
>>>
>>> TLS12Base = Struct(
>>>
>>> "key_id" / KeyPairID ,
>>>
>>> "client_random" / Random,
>>>
>>> "server_random" / Random,
>>>
>>> "tls_version" /  ProtocolVersion,
>>>
>>> "prf" / PRFAlgorithm
>>>
>>> )
>>>
>>> I have also changed the structure of the extended master by
>>> interverting the session hash and the encrypted master to ease the
>>> parsing.
>>>
>>> struct{
>>>
>>> KeyPairID key_id
>>>
>>> ProtocolVersion tls_version   // see RFC5246 section 6.2.1
>>>
>>> PRFAlgorithm prf              // see RFC5246 section 6.1
>>>
>>> opaque session_hash<2...2^16-2>
>>>
>>> EncryptedPreMasterSecret  pre_master
>>>
>>> // see RFC5246 section 7.4.7.1
>>>
>>> }TLS12ExtendedMasterRSARequestPayload;
>>>
>>> ]]></artwork>
>>>
>>> FROM: Jesús Alberto Polo [mailto:ietf@jesusalberto.me]
>>> SENT: Tuesday, April 24, 2018 11:11 AM
>>> TO: Dmitry Kravkov <dmitryk@qwilt.com>;; Daniel Migault
>>> <daniel.migault@ericsson.com>;
>>> CC: LURK BoF <lurk@ietf.org>;
>>> SUBJECT: Re: [Lurk] lurk integration with openssl
>>>
>>> Hi,
>>>
>>> Thanks for the resources and the patch, it’s definitely easier to
>>> solve it the way you did in the hackathon.
>>>
>>> I managed to integrate the basic functionality of LURK for ECDHE and
>>> I’m preparing some tests, I hope they’re done and the code
>>> cleaned
>>> up by the end of this week.
>>>
>>> Regarding the TLS12ECDHERequestPayload [1], I think the _Signature
>>> Algorithm_ field is missing (hash and signature), to indicate the
>>> chosen algorithms for the TLS connection.
>>>
>>> Best regards,
>>>
>>> Jesús Alberto
>>>
>>> [1] https://tools.ietf.org/html/draft-mglt-lurk-tls12-00#section-7.1
>>> [1]
>>> [1]
>>>
>>> On 22 Apr 2018, 12:08 +0200, Dmitry Kravkov <dmitryk@qwilt.com>;,
>>> wrote:
>>>
>>> Hi Jesus Alberto,
>>>
>>> this is a patch for openssl used during 101 hackathon
>>>
>>> It looks that direct calling for lurk library from statemachine will
>>> be hard to push upstream, but adding more callbacks for master
>>> secret calculation that nginx (or other client) registers for,  will
>>> be easier to submit.
>>>
>>> On Fri, Apr 20, 2018 at 9:26 PM Daniel Migault
>>> <daniel.migault@ericsson.com>; wrote:
>>>
>>> Hi Jesus Alberto,
>>>
>>> There have been some discussions regarding the integration of lurk
>>> with openssl during the hackathon, so feel free to share your
>>> concerns on the mailing list..
>>>
>>> Here are some links you might find of interest:
>>>
>>
>> https://www.agwa.name/blog/post/protecting_the_openssl_priva
>> te_key_in_a_separate_process
>> [4]
>>
>>
>>>> https://www.agwa.name/blog/post/titus_isolation_techniques_continued
>>> [3]
>>>
>>> Yours,
>>>>
>>>> Daniel
>>>>
>>>> _______________________________________________
>>>> Lurk mailing list
>>>> Lurk@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/lurk [2]
>>>>
>>>
>>> --
>>>
>>> DMITRY KRAVKOV
>>> Qwilt | Work: +972-72-2221630 | Mobile: +972-54-4839923
>>>
>>> dmitrykATqwilt.com
>>>
>>
>> Links:
>> ------
>> [1] https://tools.ietf.org/html/draft-mglt-lurk-tls12-00%23section-7.1
>> [5]
>>
>> _______________________________________________
>> Lurk mailing list
>> Lurk@ietf.org
>> https://www.ietf.org/mailman/listinfo/lurk [2]
>>
>>
>>
>> Links:
>> ------
>> [1] https://tools.ietf.org/html/draft-mglt-lurk-tls12-00#section-7.1
>> [2] https://www.ietf.org/mailman/listinfo/lurk
>> [3] https://www.agwa.name/blog/post/titus_isolation_techniques_continued
>> [4]
>> https://www.agwa.name/blog/post/protecting_the_openssl_priva
>> te_key_in_a_separate_process
>> [5] https://tools.ietf.org/html/draft-mglt-lurk-tls12-00%23section-7.1
>>
>