[openssl-users] Slightly OT: X.509 & PCKS10 generation in Perl

2018-07-28 Thread Felipe Gasper 
Hi all,

Based on some comments I’ve seen lately, I thought it might be helpful 
to mention Crypt::Perl (https://metacpan.org/pod/Crypt::Perl), a Perl crypto 
toolkit I’ve written that implements RSA, ECC, and Ed25519 and can generate TLS 
certificates and CSRs.

I mention it because I think the syntax is more straightforward than 
navigating the openssl binary and openssl.cnf. It’s not nearly as fast, of 
course, but I’ve found it useful. YMMV.

-Felipe Gasper
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Using a TPM to sign CSRs

2018-07-28 Thread William Roberts 
On Sat, Jul 28, 2018, 09:13 Devang Kubavat  wrote:

> Hi Kaarhik,
>
> Please refer https://github.com/ThomasHabets/openssl-tpm-engine. It is
> OpenSSL TPM Engine. It will help to offload all crypto operation to TPM.
>

Is this for tpm2.0?


> Regards,
> Devang.
>
> On Tue, Jul 24, 2018 at 4:48 PM, Kaarthik Sivakumar  > wrote:
>
>> Hello
>>
>> I need to create a key pair using a TPM (proprietary) and build a CSR and
>> sign it using it the TPM as well. Currently I dont have an engine interface
>> to talk to the TPM. I do the following:
>>
>> 1. generate key pair in the TPM. private key is kept private in the TPM
>> and public key can be obtained out of the TPM
>>
>> 2. use the public key to generate a CSR (X509_REQ_init(), etc)
>>
>> 3. Get the hash of the CSR (X509_REQ_digest())
>>
>> 4. Pass the digest to the TPM and get back signature
>>
>> 5. Add signature to the CSR - I dont see any way to do this. Is there an
>> openssl API to perform this step? I dont think I can use X509_REQ_sign()
>> since that will use the private key provided or if I have an engine
>> interface then it will call the engine to do the signing. Is there a way to
>> call sign() and make it call my function that can do the step 4 above?
>>
>> Thanks!
>>
>> -kaarthik-
>>
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] openssl cms -decrypt failing due to malloc(3) failure

2018-07-28 Thread Salz, Rich via openssl-users 



>It would appear that both commands fail due to them being unable to
allocate more memory to slurp the rest of the input file's contents into.
Is this intentional behaviour?
  
It is a known issue.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] openssl cms -decrypt failing due to malloc(3) failure

2018-07-28 Thread Christian Böhme 
Hello all,

Assume that we have

$ uname -srvmpio
Linux 4.4.0-109-generic #132-Ubuntu SMP Tue Jan 9 19:52:39 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux

$ openssl version
OpenSSL 1.0.2g  1 Mar 2016

$ printenv SHELL
/bin/bash

$ ulimit -a
core file size  (blocks, -c) 0
data seg size   (kbytes, -d) unlimited
scheduling priority (-e) 0
file size   (blocks, -f) unlimited
pending signals (-i) 63575
max locked memory   (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files  (-n) 1024
pipe size(512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority  (-r) 0
stack size  (kbytes, -s) 8192
cpu time   (seconds, -t) unlimited
max user processes  (-u) 63575
virtual memory  (kbytes, -v) unlimited
file locks  (-x) unlimited

$ dd if=/dev/zero of=plaintext.in bs=1024 count=$((1024 * 1024 * 2))
2097152+0 records in
2097152+0 records out
2147483648 bytes (2.1 GB, 2.0 GiB) copied, 7.7645 s, 277 MB/s

$ echo -n 'uno dos tres cuatro' | openssl cms -encrypt -aes-256-cbc 
-pwri_password fd:0 -in plaintext.in -binary -out ciphertext.der -outform DER

$ ls -lAF
total 4054804
-rw-rw-r-- 1 ubuntu ubuntu 2004623580 Jul 28 20:09 ciphertext.der
-rw-rw-r-- 1 ubuntu ubuntu 2147483648 Jul 28 19:55 plaintext.in

then we get

$ openssl asn1parse -in ciphertext.der -inform DER -i
14050799902:error:07064041:memory buffer routines:BUF_MEM_grow:malloc 
failure:buffer.c:113:

or

$ echo -n 'uno dos tres cuatro' | openssl cms -decrypt -pwri_password fd:0 -in 
ciphertext.der -inform DER -out plaintext.out
Error reading S/MIME message
139871963694744:error:07069041:memory buffer routines:BUF_MEM_grow_clean:malloc 
failure:buffer.c:150:
139871963694744:error:0D06B041:asn1 encoding routines:ASN1_D2I_READ_BIO:malloc 
failure:a_d2i_fp.c:239:

It would appear that both commands fail due to them being unable to
allocate more memory to slurp the rest of the input file's contents into.
Is this intentional behaviour?

Both commands work when the plaintext file is half the size, i.e. 1 GiB, BTW.


Thanks,
Christian

-- 
*Christian Böhme*

Developer System Integration

CLOUD

*CLOUD & HEAT Technologies GmbH*
Königsbrücker Str. 96 (Halle 15) | 01099 Dresden
Tel: +49 351 479 3670 - 100
Fax: +49 351 479 3670 - 110
E-Mail: christian.boe...@cloudandheat.com 

Web: https://www.cloudandheat.com 

Handelsregister: Amtsgericht Dresden
Registernummer: HRB 30549
USt.-Ident.-Nr.: DE281093504
Geschäftsführer: Nicolas Röhrs




signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Using a TPM to sign CSRs

2018-07-28 Thread Devang Kubavat 
Hi Kaarhik,

Please refer https://github.com/ThomasHabets/openssl-tpm-engine. It is
OpenSSL TPM Engine. It will help to offload all crypto operation to TPM.

Regards,
Devang.

On Tue, Jul 24, 2018 at 4:48 PM, Kaarthik Sivakumar 
wrote:

> Hello
>
> I need to create a key pair using a TPM (proprietary) and build a CSR and
> sign it using it the TPM as well. Currently I dont have an engine interface
> to talk to the TPM. I do the following:
>
> 1. generate key pair in the TPM. private key is kept private in the TPM
> and public key can be obtained out of the TPM
>
> 2. use the public key to generate a CSR (X509_REQ_init(), etc)
>
> 3. Get the hash of the CSR (X509_REQ_digest())
>
> 4. Pass the digest to the TPM and get back signature
>
> 5. Add signature to the CSR - I dont see any way to do this. Is there an
> openssl API to perform this step? I dont think I can use X509_REQ_sign()
> since that will use the private key provided or if I have an engine
> interface then it will call the engine to do the signing. Is there a way to
> call sign() and make it call my function that can do the step 4 above?
>
> Thanks!
>
> -kaarthik-
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Ed25519 and X.509

2018-07-28 Thread Felipe Gasper 
Ah ok. Thank you for clarifying!

-FG

> On Jul 28, 2018, at 7:42 AM, Matt Caswell  wrote:
> 
> 
> 
>> On 28/07/18 12:23, Felipe Gasper wrote:
>> I knew about this one. I see OIDs here for the key algorithm, but not the 
>> signature/hash algorithm .. ? I’m looking for the OID that precedes the 
>> signature in an X.509 structure.
> 
> There is an example of a certificate signed with Ed25519 in that
> document. As noted in the text:
> 
>  "The same algorithm identifiers are used for identifying a public key,
>   identifying a private key and identifying a signature (for the two
>   EdDSA related OIDs). "
> 
> Note, these OIDS are for EdDSA in pure mode so there is no hash, and
> hence no need for a separate OID for the sig/hash pair.
> 
> Matt
> 
> 
>> 
>> Thank you!
>> 
>> -FG
>> 
>>> On Jul 28, 2018, at 7:10 AM, Matt Caswell  wrote:
>>> 
>>> 
>>> 
 On 28/07/18 03:49, Felipe Gasper wrote:
 Hi all,
 
   Are there yet OIDs for Ed25519-signed X.509? I know about the drafts for 
 the key format but am not aware of actual OIDs to identify the signature 
 hash algorithm.
 
   Thank you!
 
>>> 
>>> See:
>>> 
>>> https://tools.ietf.org/html/draft-ietf-curdle-pkix-10
>>> 
>>> Matt
>>> 
>>> -- 
>>> openssl-users mailing list
>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] request for TLBleed information / non-constant-time vulnerabilities

2018-07-28 Thread Michael Wojcik 
> From: Michael R. Hines [mailto:mrhi...@digitalocean.com]
> Sent: Friday, July 27, 2018 19:06
>
> Forgive the stupid question, but what's the takeaway for a cloud
> provider?

Well, in general, it's probably the commonplace that security is a process, not 
a product. There will always be new attacks of some sort.

> Do we gather from these points that the entire set of timing
> attacks will never really be known?

That's probably a safe assumption, particularly if "timing attacks" is defined 
broadly. (There was a famous timing attack against the TENEX logon mechanism 
back in the 1970s; does that count?)

Even for computational timing attacks (like Kocher's) and microarchitectural 
timing attacks (like TLBleed), it would be impossible to prove you had the 
complete set unless the entire system was formally verified and the 
implementation could somehow be demonstrated to conform to the forrmal 
specification under all conditions.

In theory you can increase the noise on the channel to the point where it's no 
longer economical. Research on that goes back to at least the early 1990s. The 
problems, of course, are making sure you comprehensively inject noise into all 
the known channels, and finding users willing to pay the cost - increased noise 
means reduced efficiency. We see this trade-off in all sorts of side-channel 
attacks; in the cloud, for example, you have the various results showing 
security issues with memory deduplication.

For cloud computing, we've had at least a decade of research into this issue 
(see e.g. Ristenpart et al, "Hey, you, get off my cloud", published nine years 
ago so work presumably started no later than 2008). And it's still a problem, 
which means it's complicated and likely to be durable.

> What does this confirm (or not confirm) about openssl's vulnerability
> (or knowable status) to TLBleed?

Specifically? Not much. It goes more to the general principle that systems leak 
information as they do work. Ultimately it comes down to thermodynamics, and 
you never bet against thermodynamics.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Ed25519 and X.509

2018-07-28 Thread Matt Caswell 


On 28/07/18 12:23, Felipe Gasper wrote:
> I knew about this one. I see OIDs here for the key algorithm, but not the 
> signature/hash algorithm .. ? I’m looking for the OID that precedes the 
> signature in an X.509 structure.

There is an example of a certificate signed with Ed25519 in that
document. As noted in the text:

  "The same algorithm identifiers are used for identifying a public key,
   identifying a private key and identifying a signature (for the two
   EdDSA related OIDs). "

Note, these OIDS are for EdDSA in pure mode so there is no hash, and
hence no need for a separate OID for the sig/hash pair.

Matt


> 
> Thank you!
> 
> -FG
> 
>> On Jul 28, 2018, at 7:10 AM, Matt Caswell  wrote:
>>
>>
>>
>>> On 28/07/18 03:49, Felipe Gasper wrote:
>>> Hi all,
>>>
>>>Are there yet OIDs for Ed25519-signed X.509? I know about the drafts for 
>>> the key format but am not aware of actual OIDs to identify the signature 
>>> hash algorithm.
>>>
>>>Thank you!
>>>
>>
>> See:
>>
>> https://tools.ietf.org/html/draft-ietf-curdle-pkix-10
>>
>> Matt
>>
>> -- 
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Ed25519 and X.509

2018-07-28 Thread Felipe Gasper 
I knew about this one. I see OIDs here for the key algorithm, but not the 
signature/hash algorithm .. ? I’m looking for the OID that precedes the 
signature in an X.509 structure.

Thank you!

-FG

> On Jul 28, 2018, at 7:10 AM, Matt Caswell  wrote:
> 
> 
> 
>> On 28/07/18 03:49, Felipe Gasper wrote:
>> Hi all,
>> 
>>Are there yet OIDs for Ed25519-signed X.509? I know about the drafts for 
>> the key format but am not aware of actual OIDs to identify the signature 
>> hash algorithm.
>> 
>>Thank you!
>> 
> 
> See:
> 
> https://tools.ietf.org/html/draft-ietf-curdle-pkix-10
> 
> Matt
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Ed25519 and X.509

2018-07-28 Thread Matt Caswell 



On 28/07/18 03:49, Felipe Gasper wrote:
> Hi all,
> 
>   Are there yet OIDs for Ed25519-signed X.509? I know about the drafts 
> for the key format but am not aware of actual OIDs to identify the signature 
> hash algorithm.
> 
>   Thank you!
> 

See:

https://tools.ietf.org/html/draft-ietf-curdle-pkix-10

Matt

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] genpkey for ed25519

2018-07-28 Thread Matt Caswell 



On 27/07/18 15:04, Tomas Mraz wrote:
> On Fri, 2018-07-27 at 09:44 -0400, Robert Moskowitz wrote:
>> Here we go again with figuring out what to put in the command
>> lines.  
>> Dr. Google is not giving up enough answers.
>>
>> For ecdsa I started with:
>>
>> openssl genpkey -aes256 -algorithm ec\
>>   -pkeyopt ec_paramgen_curve:prime256v1\
>>   -outform pem -pkeyopt ec_param_enc:named_curve\
>>   -out $dir/private/ca.key.pem
>>
>> I found one reference that I should use -algorithm ed25519 (though
>> the 
>> example used caps: ED25519)
> 
> Yes, it is case insensitive.
> 
>> But I have not found recommendation for ec_parmgen_curve or
>> ec_param_enc
>>
>> Can someone point me to the information on values for these (and I 
>> suspect I will be hitting others as I go).
> 
> Just do not use these options.
> 

Just to add to this, the genpkey documentation gives an example for
X25519 and ED448. Its the same for ED25519:

https://www.openssl.org/docs/manmaster/man1/genpkey.html

Matt
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users