New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for key exchange using Curve25519 and Curve448 #309

Closed
MichalStaruch opened this Issue Jun 16, 2015 · 23 comments

Comments

Projects
None yet
7 participants
@MichalStaruch
Copy link

MichalStaruch commented Jun 16, 2015

Curve25519 is described in Curve25519 for ephemeral key exchange in Transport Layer Security (TLS) IETF draft. It's designed with speed, simplicity and security in mind, and seems to be very nice alternative to NIST curves like secp256r1 or secp384r1 - especially when we think about rigidity and susceptibility to secret attacks.

It would be very nice to have it supported in OpenSSL to speed up adoption of ECDHE key exchange (kEECDH), especially among those people who don't trust curves coming from NIST.

@richsalz

This comment has been minimized.

Copy link
Contributor

richsalz commented Jun 16, 2015

it's being worked on for the next release.

@richsalz richsalz closed this Jun 16, 2015

@MichalStaruch

This comment has been minimized.

Copy link

MichalStaruch commented Jun 16, 2015

@richsalz Forgive me my strictness, but usually "being worked" mean feature is not complete, so... why closing the issue? Can I checkout the sources, compile and run it with working Curve25519?

@richsalz

This comment has been minimized.

Copy link
Contributor

richsalz commented Jun 16, 2015

I thought it was a question and encouragement to do it. It's planned for the next release. You want to re-open? Feel free.

@MichalStaruch

This comment has been minimized.

Copy link

MichalStaruch commented Jun 16, 2015

@richsalz I thought it would be have this issue hanging as feature request to have it clearly visible when this feature will be publicly available (merged to master in main repo).

About the re-opening: GitHub blocks this option for non-collabolators when issue was closed by collabolator.

@richsalz richsalz reopened this Jun 16, 2015

@MichalStaruch

This comment has been minimized.

Copy link

MichalStaruch commented Jul 15, 2015

Latest draft also added Curve448. It's pretty strong, meets all the SafeCurves requirements, and highly efficient implementations should be possible on both 32-bit and 64-bit architectures. More details (including benchmarks vs NIST curves on x86-64 and ARM) are available in this publication from Mike Hamburg.

@MichalStaruch MichalStaruch changed the title Support for key exchange using Curve25519 Support for key exchange using Curve25519 and Curve448 Jul 15, 2015

@ChALkeR

This comment has been minimized.

Copy link

ChALkeR commented Nov 8, 2015

Guess nodejs/node#1495 should be linked here to get a status badge there =).

@nick599

This comment has been minimized.

Copy link

nick599 commented Feb 28, 2016

@richsalz Has this development been done and released? / If not, when is the release planned for it?

@richsalz

This comment has been minimized.

Copy link
Contributor

richsalz commented Feb 28, 2016

In progress planned for 1.1

@asthaaggarwal

This comment has been minimized.

Copy link

asthaaggarwal commented Apr 6, 2016

@richsalz: is it released?curve25519 support is avaialble now??

@mattcaswell

This comment has been minimized.

Copy link
Member

mattcaswell commented Apr 6, 2016

It's in the latest beta for OpenSSL 1.1.0

@richsalz

This comment has been minimized.

Copy link
Contributor

richsalz commented Apr 6, 2016

Yes, it is in the master branch. It will be released in 1.1

@asthaaggarwal

This comment has been minimized.

Copy link

asthaaggarwal commented Apr 6, 2016

ok.
I downloaded this package openssl-1.1.0-pre4.tar.gz
It should be available in this package right??

@mattcaswell

This comment has been minimized.

Copy link
Member

mattcaswell commented Apr 6, 2016

Yes

@asthaaggarwal

This comment has been minimized.

Copy link

asthaaggarwal commented Apr 6, 2016

Thanks for d updates.
Where can i find the example for curve25519?how to use it?

@richsalz

This comment has been minimized.

Copy link
Contributor

richsalz commented Apr 6, 2016

You could look ☺

But yes.

@richsalz

This comment has been minimized.

Copy link
Contributor

richsalz commented Apr 6, 2016

Please ask your questions on openssl-users, https://mta.openssl.org for list information.

@JLHwung

This comment has been minimized.

Copy link

JLHwung commented Apr 17, 2016

@asthaaggarwal
openssl genpkey -algorithm EC -out some_x25519.key -pkeyopt ec_paramgen_curve:X25519 -pkeyopt ec_param_enc:named_curve

@asthaaggarwal

This comment has been minimized.

Copy link

asthaaggarwal commented Apr 18, 2016

Thanks JLHwung for ur response.

@richsalz : I would like to know if ECDHE-ECDSA-CHACHA20-POLY1305 is compatible to TLS 1.2
As per my project requirement i m suppose to exclude less than TLS1.2 so during openssl building time when excluding, its removing ECDHE-ECDSA-CHACHA20-POLY1305 cipher support also.

@richsalz

This comment has been minimized.

Copy link
Contributor

richsalz commented Apr 18, 2016

I suggest you do a search through RFC's for TLS and CHACHA for your project and find out :)

@asthaaggarwal

This comment has been minimized.

Copy link

asthaaggarwal commented Apr 18, 2016

ok..
One more issue i m facing in cross compiling of openssl-1.1.0-pre4 build. I am not able to cross compile it for arm. Before this build all other builds are working. Can you please confirm if there is any issue in cross compiling the code.

export INSTALLDIR=build-output
export PATH=$INSTALLDIR/bin:$PATH
export TARGETMACH=arm-none-linux-gnueabi
export BUILDMACH=i686-pc-linux-gnu
export CROSS=arm-none-linux-gnueabi
export CC=${CROSS}-gcc
export LD=${CROSS}-ld
export AS=${CROSS}-as
export AR=${CROSS}-ar
export PATH=$PATH:/opt/freescale/usr/local/gcc-4.1.2-glibc-2.5-nptl-3/arm-none-linux-gnueabi/bin

./Configure -DOPENSSL_NO_HEARTBEATS --openssldir=/home/user/priti/workbench/openssl/src/openssl-1.1.0-pre4/build-output shared os/compiler:/opt/freescale/usr/local/gcc-4.1.2-glibc-2.5-nptl-3/arm-none-linux-gnueabi/bin/arm-none-linux-gnueabi-gcc

Configuring OpenSSL version 1.1.0-pre4 (0x0x10100004L)
no-crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
no-crypto-mdebug-backtrace [forced] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir)
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-egd [default] OPENSSL_NO_EGD (skip dir)
no-heartbeats [default] OPENSSL_NO_HEARTBEATS (skip dir)
no-md2 [default] OPENSSL_NO_MD2 (skip dir)
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)
no-sctp [default] OPENSSL_NO_SCTP (skip dir)
no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl3 [default] OPENSSL_NO_SSL3 (skip dir)
no-ssl3-method [default] OPENSSL_NO_SSL3_METHOD (skip dir)
no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
no-zlib [default]
no-zlib-dynamic [default]
Configuring for os/compiler:/opt/freescale/usr/local/gcc-4.1.2-glibc-2.5-nptl-3/arm-none-linux-gnueabi/bin/arm-none-linux-gnueabi-gcc
*Warning! target os/compiler:/opt/freescale/usr/local/gcc-4.1.2-glibc-2.5-nptl-3/arm-none-linux-gnueabi/bin/arm-none-linux-gnueabi-gcc doesn't exist!
*

@ghost

This comment has been minimized.

Copy link

ghost commented May 3, 2016

I think the E-521 curve need to be included to OpenSSL. It is the best curve from SafeCurves.

@richsalz

This comment has been minimized.

Copy link
Contributor

richsalz commented May 3, 2016

To repeat: issues are not the place for discussions or general questions and answers. Join the mailing lists; see https://mta.openssl.org

@richsalz

This comment has been minimized.

Copy link
Contributor

richsalz commented May 3, 2016

x25519 is in 1.1
closing this issue.
please open a separate issue for goldilocks/448 support and what you want (note that the IETF CFRG isn't done with 448 signatures yet.)

@richsalz richsalz closed this May 3, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment