Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: X25519 and X448 and ECDH #26626

Open
panva opened this issue Mar 13, 2019 · 8 comments · May be fixed by #31178
Open

crypto: X25519 and X448 and ECDH #26626

panva opened this issue Mar 13, 2019 · 8 comments · May be fixed by #31178

Comments

@panva
Copy link
Contributor

@panva panva commented Mar 13, 2019

Is your feature request related to a problem? Please describe.

Implementing CFRG curves ECDH-ES

Resources:

Describe the solution you'd like

The following WIP on Node already paves the way for EdDSA signatures

👇
To complete the implementation i'd like X25519 and X448 curves/functions to be usable with crypto.createECDH(curveName) to get JOSE ECDH-ES with these OKP keys working.

I understand from this thread (#18770), particularly this comment and the conversation below that it may end up being a separate API and that's fine.

It seems the curves are already somewhat in because the returned error differs when providing nonsense vs. valid crv/function name.

@panva panva changed the title crypto: X25519 and X448 for crypto.ECDH crypto: X25519 and X448 for createECDH Mar 13, 2019
@bnoordhuis

This comment has been minimized.

Copy link
Member

@bnoordhuis bnoordhuis commented Mar 13, 2019

I don't think it makes sense to bolt X448/X25519 support onto crypto.createECDH() - that API is only expected to work with the curve names from crypto.getCurves().

Supporting them through crypto.generateKeyPair() however might be a good way forward.

It seems the curves are already somewhat in because the returned error differs when providing nonsense vs. valid crv/function name.

The difference is because "X448" and "X25519" are valid NIDs (identifiers.) That doesn't mean they're valid curve names, however.

To wit, crypto.createECDH('AES-128-ECB') and crypto.createECDH('valid') (!) throw the same error.

@panva

This comment has been minimized.

Copy link
Contributor Author

@panva panva commented Mar 13, 2019

@bnoordhuis Ed25519 and Ed448 keys through generateKeyPair is already on the way.
However, be it through createECDH or any other API the X448/X25519 functions are usable in Elliptic Curve Diffie-Hellman. createECDH is where i as a user would expect to look for its support.

The difference is because "X448" and "X25519" are valid NIDs (identifiers.) That doesn't mean they're valid curve names, however.
To wit, crypto.createECDH('AES-128-ECB') and crypto.createECDH('valid') (!) throw the same error.

Thanks for pointing that out.

@bnoordhuis

This comment has been minimized.

Copy link
Member

@bnoordhuis bnoordhuis commented Mar 13, 2019

For technical background: crypto.createECDH() currently is a wrapper around openssl's EC_KEY family of functions.

X448 and X25519 on the other hand are implemented through the EVP_PKEY functions - more specifically EVP_PKEY_keygen() - and that's precisely what crypto.generateKeyPair() is a wrapper around.

However, after thinking about it some more, extending crypto.createECDH() could be an option if it was possible to rewrite it using EVP_PKEY functions like EVP_PKEY_derive().

I don't know exactly how feasible that is but my gut feeling is that it's doable.

@panva panva changed the title crypto: X25519 and X448 for createECDH crypto: X25519 and X448 keys and ECDH Mar 19, 2019
@panva panva changed the title crypto: X25519 and X448 keys and ECDH crypto: X25519 and X448 and ECDH Mar 21, 2019
tniessen added a commit that referenced this issue Mar 25, 2019
PR-URL: #26774
Refs: #26626
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
targos added a commit that referenced this issue Mar 28, 2019
PR-URL: #26774
Refs: #26626
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@DuBistKomisch

This comment has been minimized.

Copy link

@DuBistKomisch DuBistKomisch commented Aug 6, 2019

I'm interested in migrating to this API from curve25519-n, it looks like the x25519 key generation has landed, are we just waiting for the equivalent of ECDH#computeSecret?

@panva

This comment has been minimized.

Copy link
Contributor Author

@panva panva commented Aug 6, 2019

I recall @tniessen wanted to take a stab at this a few months back.

@jurelik

This comment has been minimized.

Copy link

@jurelik jurelik commented Sep 19, 2019

Any updates on this issue? If anyone has any information on when we can expect x25519/x448 included in crypto.createECDH(), it would be much appreciated.

@sam-github

This comment has been minimized.

Copy link
Member

@sam-github sam-github commented Sep 19, 2019

@jurelik I don't see that anyone volunteered to implement this, much less comitted to a timeline.

Are you interested in implementing the feature? We are always looking for more collaborators on crypto support, and there are people who would help get a PR in shape if you needed any help along the way.

@awoie

This comment has been minimized.

Copy link

@awoie awoie commented Dec 1, 2019

Is anyone working on this?

Decentralized Identity Foundation (DIF) is very interested in using this feature. X25519 became quite popular in our community. We are about to finalize a spec that uses ECDH-ES (X25519) and it would be great to have a node reference implementation: https://github.com/decentralized-identity/did-siop/blob/master/docs/index.html.

@tniessen tniessen linked a pull request that will close this issue Jan 3, 2020
4 of 4 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.