[openssl.org #768] IPSec/IKE/Oakley curves [vf@unity.net: DH over ECC groups]
I've applied and committed the patch as is. Thanks for your contribution. Ticket resolved. (now, all we're missing is a test in ectest.c. hint, hint, nudge, nudge) [EMAIL PROTECTED] - Sun Nov 16 17:18:57 2003]: hi again, here's another patch attached replacing the first one. It specifies the right cofactor values, fixes base group point (aka generator) order values and introduce proper NIDs. Many thanx to Nils Larsch for hints on cofactor and order and to Dr Stephen N. Henson for hint on NIDs without OIDs regards, Vadim On Sun, Nov 16, 2003 at 12:48:43PM +0100, Nils Larsch wrote: On Saturday 15 November 2003 22:59, Nils Larsch wrote: Hi Vadim, On Saturday 15 November 2003 13:34, Vadim Fedukovich wrote: Dear OpenSSL team, please consider a patch attached. It adds 2 binary curves defined in RFC 2409 and 2412. It unclear whether any well-known OID was ever assigned and I'm not quite sure what are the right cofactor values Hmm, no OIDs = no NIDs = you can't use them with ^^ this is wrong (thanks for the hint Steve) Nils __ OpenSSL Project http://www.openssl. org Development Mailing List [EMAIL PROTECTED] org Automated List Manager [EMAIL PROTECTED] org -- Richard Levitte [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #768] IPSec/IKE/Oakley curves [vf@unity.net: DH over ECC groups]
On Saturday 29 November 2003 10:28, Richard Levitte via RT wrote: I've applied and committed the patch as is. Thanks for your contribution. Ticket resolved. (now, all we're missing is a test in ectest.c. hint, hint, nudge, nudge) Actually that's not really necessary as ectest.c does some basic tests for all implemented curves (you might have noticed that there are two new dots after the testing internal curves output of ectest ;-) ). Cheers, Nils __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: IPSec/IKE/Oakley curves [vf@unity.net: DH over ECC groups]
On Saturday 15 November 2003 22:59, Nils Larsch wrote: Hi Vadim, On Saturday 15 November 2003 13:34, Vadim Fedukovich wrote: Dear OpenSSL team, please consider a patch attached. It adds 2 binary curves defined in RFC 2409 and 2412. It unclear whether any well-known OID was ever assigned and I'm not quite sure what are the right cofactor values Hmm, no OIDs = no NIDs = you can't use them with ^^ this is wrong (thanks for the hint Steve) Nils __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #768] IPSec/IKE/Oakley curves [vf@unity.net: DH over ECC groups]
Dear OpenSSL team, please consider a patch attached. It adds 2 binary curves defined in RFC 2409 and 2412. It unclear whether any well-known OID was ever assigned and I'm not quite sure what are the right cofactor values regards, Vadim - Forwarded message from Vadim Fedukovich [EMAIL PROTECTED] - Date: Fri, 14 Nov 2003 17:43:48 +0200 From: Vadim Fedukovich [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: DH over ECC groups Dear list, any plans to make racoon aware of elliptic-curve groups, namely ID 3 and 4 from RFC 2409? What is group 7? Any test vectors? Other ideas for testing? A patch is ready that could generate DH private/public values using group 3. What are patch submission rules? Requirements to have it accepted? This patch needs OpenSSL-0.9.8 (snapshot) supporting binary groups regards, Vadim Fedukovich - End forwarded message - __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: IPSec/IKE/Oakley curves [vf@unity.net: DH over ECC groups]
hi again, here's another patch attached replacing the first one. It specifies the right cofactor values, fixes base group point (aka generator) order values and introduce proper NIDs. Many thanx to Nils Larsch for hints on cofactor and order and to Dr Stephen N. Henson for hint on NIDs without OIDs regards, Vadim On Sun, Nov 16, 2003 at 12:48:43PM +0100, Nils Larsch wrote: On Saturday 15 November 2003 22:59, Nils Larsch wrote: Hi Vadim, On Saturday 15 November 2003 13:34, Vadim Fedukovich wrote: Dear OpenSSL team, please consider a patch attached. It adds 2 binary curves defined in RFC 2409 and 2412. It unclear whether any well-known OID was ever assigned and I'm not quite sure what are the right cofactor values Hmm, no OIDs = no NIDs = you can't use them with ^^ this is wrong (thanks for the hint Steve) Nils __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Naina library: http://www.unity.net/~vf/naina_r1.tgz --- crypto/objects/objects.txt.orig Fri Jul 4 19:00:19 2003 +++ crypto/objects/objects.txt Sun Nov 16 18:24:14 2003 @@ -1008,3 +1008,6 @@ rsadsi 3 10: DES-CDMF : des-cdmf rsadsi 1 1 6 : rsaOAEPEncryptionSET + + : Oakley-EC2N-3 : ipsec3 + : Oakley-EC2N-4 : ipsec4 --- crypto/ec/ec_curve.c.orig Thu Jan 16 21:15:21 2003 +++ crypto/ec/ec_curve.cSun Nov 16 19:09:47 2003 @@ -981,6 +981,31 @@ 113 bit binary curve from the WTLS standard }; +/* IPSec curves */ +static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = { + NID_X9_62_characteristic_two_field, + 08004001, + 0, + 07338f, + 7b, + 1c8, + 2AAC7F3C7881BD0868FA86C,3, + NULL, 0, + IPSec/IKE/Oakley curve #3 over a 155 bit binary field + }; + +static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = { + NID_X9_62_characteristic_two_field, + 0221, + 0, + 1ee9, + 18, + 0d, + FFEDF97C44DB9F2420BAFCA75E,2, + NULL, 0, + IPSec/IKE/Oakley curve #4 over a 185 bit binary field + }; + typedef struct _ec_list_element_st { int nid; const EC_CURVE_DATA *data; @@ -1061,6 +1086,9 @@ { NID_wap_wsg_idm_ecid_wtls10, _EC_SECG_CHAR2_233K1}, { NID_wap_wsg_idm_ecid_wtls11, _EC_SECG_CHAR2_233R1}, { NID_wap_wsg_idm_ecid_wtls12, _EC_WTLS_12}, + /* IPSec curves */ + { NID_ipsec3, _EC_IPSEC_155_ID3}, + { NID_ipsec4, _EC_IPSEC_185_ID4}, }; static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element); /* double-check base point (generator) order for IPSec curves * Vadim Fedukovich 2003 */ #include stdio.h #include openssl/bn.h int main() { BIGNUM *a = NULL; // RFC 2412, appendix E.3 BN_dec2bn(a, 3805993847215893016155463826195386266397436443); BN_mul_word(a, 4L); printf(group-155, base point order = 4*prime:\n); BN_print_fp(stdout, a); printf(\n\n); BN_clear(a); // E.4 BN_dec2bn(a, 12259964326927110866866776214413170562013096250261263279); BN_mul_word(a, 2); printf(group-185, base point order = 2*prime:\n); BN_print_fp(stdout, a); printf(\n\n); BN_clear(a); return 0; }
Re: [openssl.org #768] IPSec/IKE/Oakley curves [vf@unity.net: DH over ECC groups]
hi again, here's another patch attached replacing the first one. It specifies the right cofactor values, fixes base group point (aka generator) order values and introduce proper NIDs. Many thanx to Nils Larsch for hints on cofactor and order and to Dr Stephen N. Henson for hint on NIDs without OIDs regards, Vadim On Sun, Nov 16, 2003 at 12:48:43PM +0100, Nils Larsch wrote: On Saturday 15 November 2003 22:59, Nils Larsch wrote: Hi Vadim, On Saturday 15 November 2003 13:34, Vadim Fedukovich wrote: Dear OpenSSL team, please consider a patch attached. It adds 2 binary curves defined in RFC 2409 and 2412. It unclear whether any well-known OID was ever assigned and I'm not quite sure what are the right cofactor values Hmm, no OIDs = no NIDs = you can't use them with ^^ this is wrong (thanks for the hint Steve) Nils __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Naina library: http://www.unity.net/~vf/naina_r1.tgz __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
IPSec/IKE/Oakley curves [vf@unity.net: DH over ECC groups]
Dear OpenSSL team, please consider a patch attached. It adds 2 binary curves defined in RFC 2409 and 2412. It unclear whether any well-known OID was ever assigned and I'm not quite sure what are the right cofactor values regards, Vadim - Forwarded message from Vadim Fedukovich [EMAIL PROTECTED] - Date: Fri, 14 Nov 2003 17:43:48 +0200 From: Vadim Fedukovich [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: DH over ECC groups Dear list, any plans to make racoon aware of elliptic-curve groups, namely ID 3 and 4 from RFC 2409? What is group 7? Any test vectors? Other ideas for testing? A patch is ready that could generate DH private/public values using group 3. What are patch submission rules? Requirements to have it accepted? This patch needs OpenSSL-0.9.8 (snapshot) supporting binary groups regards, Vadim Fedukovich - End forwarded message - --- crypto/ec/ec_curve.c.orig Thu Jan 16 21:15:21 2003 +++ crypto/ec/ec_curve.cSat Nov 15 14:24:16 2003 @@ -981,6 +981,31 @@ 113 bit binary curve from the WTLS standard }; +/* IPSec curves */ +static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = { + NID_X9_62_characteristic_two_field, + 08004001, + 0, + 07338f, + 7b, + 1c8, + 57db5698537193aef944,4, // 12 + NULL, 0, + IPSec/IKE/Oakley curve #3 over a 155 bit binary field + }; + +static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = { + NID_X9_62_characteristic_two_field, + 0221, + 0, + 1ee9, + 18, + 0d, + 01ffdbf2f889b73e484175f94ebc,2, // 4 + NULL, 0, + IPSec/IKE/Oakley curve #4 over a 185 bit binary field + }; + typedef struct _ec_list_element_st { int nid; const EC_CURVE_DATA *data; @@ -1061,6 +1086,9 @@ { NID_wap_wsg_idm_ecid_wtls10, _EC_SECG_CHAR2_233K1}, { NID_wap_wsg_idm_ecid_wtls11, _EC_SECG_CHAR2_233R1}, { NID_wap_wsg_idm_ecid_wtls12, _EC_WTLS_12}, + /* IPSec curves */ + { 0, _EC_IPSEC_163_ID3}, // NIDs to be assigned + { 0, _EC_IPSEC_185_ID4}, }; static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element);
Re: IPSec/IKE/Oakley curves [vf@unity.net: DH over ECC groups]
In message [EMAIL PROTECTED] on Sat, 15 Nov 2003 14:34:38 +0200, Vadim Fedukovich [EMAIL PROTECTED] said: vf Dear OpenSSL team, vf vf please consider a patch attached. vf It adds 2 binary curves defined in RFC 2409 and 2412. vf It unclear whether any well-known OID was ever assigned vf and I'm not quite sure what are the right cofactor values I've forwarded it to our change request database. Thanks for the contribution. - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: IPSec/IKE/Oakley curves [vf@unity.net: DH over ECC groups]
Hi Vadim, On Saturday 15 November 2003 13:34, Vadim Fedukovich wrote: Dear OpenSSL team, please consider a patch attached. It adds 2 binary curves defined in RFC 2409 and 2412. It unclear whether any well-known OID was ever assigned and I'm not quite sure what are the right cofactor values Hmm, no OIDs = no NIDs = you can't use them with EC_GROUP_new_by_nid (... guess I must think about this (curve and no oid)). +/* IPSec curves */ +static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = { + NID_X9_62_characteristic_two_field, + 08004001, + 0, + 07338f, + 7b, + 1c8, + 57db5698537193aef944,4, // 12 Hmm, the order doesn't seem to be correct. If I use 2AAC7F3C7881BD0868FA86C EC_GROUP_check accepts this curve. And I think the cofactor should be 3 (but I didn't test it). ... + /* IPSec curves */ + { 0, _EC_IPSEC_163_ID3}, // NIDs to be assigned Shouldn't this be _EC_IPSEC_155_ID3 ? + { 0, _EC_IPSEC_185_ID4}, }; Nils __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]