Public-key based authentication of clients
Hi All, I have a simple C++ client/server application, in which the clients use OpenSSL's PSK (Pre-Shared-Key) mechanism to log in to the server via TLS -- i.e. the client GUI prompts the user to enter a username and password, and when the client connects, it calls SSL_set_psk_client_callback(), and the server calls SSL_set_psk_server_callback(), and OpenSSL does its thing, and if the client's username and password matches the ones the server is expecting, the TLS connection is allowed, otherwise it is rejected. That all works great; however, what I'd like to do now (mostly just to see if it can be done) is add an alternative, keypair-based mechanism, similar to what github (and I imagine many other web services) provide. I imagine it would work like this: The user runs the openssl app to create a private/public keypair, and (by some external mechanism) gives the public key-file to the server, and the private key-file to the client. Then, when the client program connects to the server, it has to prove to the server (via cryptographic math) that it has the private-key file in its possession, and the server uses the public-key to verify that proof, before deciding whether to let the client continue or not. This seems like it should be pretty straightforward, but I haven't been able to find any clear documentation or examples of how to implement it using the OpenSSL library. Is it possible to implement this behavior using OpenSSL, and if so, how might I go about it? Thanks, Jeremy
Trying to use a ((constructor)) to force libcrypto.so into FIPS mode
Re: openssl-1.0.2r
Re: openssl-fips-2.0.16
OS: Linux Mint 19.1 (Ubuntu)
I have added a shared library initializer function to cryptlib.c to force
OpenSSL into FIPS mode, without requiring a “module operator” to directly
initiate (i.e. call FIPS_mode_set(1)).
void __attribute__((constructor)) ForceFIPSModeOn()
{
FIPS_mode_set(1);
FIPS_selftest_check();
}
The build fails shortly after creating the executable ‘fips_premain_dso’.
fips.c(140): OpenSSL internal error, assertion failed: FATAL FIPS SELFTEST
FAILURE
Aborted (core dumped)
I traced the problem to a failed FIPS_check_incore_fingerprint call. The
embedded signature appears uninitialized:
Starting FIPS_selftest
fips: 00 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
imem: 33 53 e6 29 f6 eb df f3 d0 23 e9 7c 39 84 91 e0 3f 32 83 b2
failed FIPS_check_incore_fingerprint
I am at a loss to explain what is happening. Is my initializer running before
the embedded sig is loaded? Or is there another issue.
If I remove the call to FIPS_selftest_check(), the link completes, but the
selftest still fails, when it is initiated from the initializer. A “module
operator” can still use the libcrypto.so services, because all subsequent
selftests pass.
How can I get my module initializer to pass the selftest?
Sent from Mail for Windows 10
Re: Handling signature_algorithm extension on TLS1.3 server
On 06/06/2019 16:15, Raja Ashok wrote: > Hi, > > Currently has_usable_cert() function is called on tls_choose_sigalg() to find > out the suitable certificate available. But currently rsa_pkcs1_xxx and > rsa_pss_rsae_xxx certs are stored on same index SSL_PKEY_RSA. Because of this > it > may ends in choosing rsa_pkcs1_xxx cert for rsa_pss_rsae_xxx extension. Is > this > behaviour correct ? There are two things to consider: 1) The OID in the RSA cert, which can be one of rsaEncryption or RSASSA-PSS. The former is for "traditional" RSA certs, whilst the latter *only* allows use of the key for signing (it cannot be used for encryption). 2) The type of signing in use, e.g. RSASSA-PKCS-v1_5 or RSASSA-PSS. rsaEncryption certs are capable of doing *either* form of signing, whilst RSASSA-PSS certs can only do PSS signing. We store rsaEncryption certs under the SSL_PKEY_RSA index, and RSASSA-PSS certs under the SSL_PKEY_RSA_PSS_SIGN index. TLSv1.2 and below signs handshake messages using PKCS v1.5. which corresponds to these signature algorithms: rsa_pkcs1_sha256(0x0401) rsa_pkcs1_sha384(0x0501) rsa_pkcs1_sha512(0x0601) These sig algs cannot be used in TLSv1.3 for signing handshake messages, although they may appear in a ClientHello for backwards compatibility with TLSv1.2. You can only use these sig algs with "traditional" RSA certs (not PSS RSA certs). TLSv1.3 signs handshake messages using PSS which corresponds to these signature algorithms for "traditional" (rsaEncryption) certs: rsa_pss_rsae_sha256(0x0804) rsa_pss_rsae_sha384(0x0805) rsa_pss_rsae_sha512(0x0806) Or these signature algorithms for PSS certs: rsa_pss_pss_sha256(0x0809) rsa_pss_pss_sha384(0x080a) rsa_pss_pss_sha512(0x080b) Therefore it is perfectly correct behaviour that a cert stored under the SSL_PKEY_RSA index could be used for signing handshake message using either rsa_pkcs1_xxx or for rsa_pss_rsae_xxx. The former is used in TLSv1.2 and the latter is used in TLSv1.3. Matt
Handling signature_algorithm extension on TLS1.3 server
Hi, Currently has_usable_cert() function is called on tls_choose_sigalg() to find out the suitable certificate available. But currently rsa_pkcs1_xxx and rsa_pss_rsae_xxx certs are stored on same index SSL_PKEY_RSA. Because of this it may ends in choosing rsa_pkcs1_xxx cert for rsa_pss_rsae_xxx extension. Is this behaviour correct ? As per my understanding a new index should be created like SSL_PKEY_RSA_PSS_RSAE_SIGN for rsa_pss_rsae_xxx type certs. Regards, Raja Ashok
Re: query related to openssl certificate generation of Ed X25519, X448
I think the error messages are pretty clear in these cases. Trying to set a hash with (standardized) EdDSA is not going to go well for you. Have you tried this very nice walkthrough? https://tools.ietf.org/html/draft-moskowitz-eddsa-pki-00 BBB On Thu, Jun 6, 2019 at 9:47 AM Sowmya P wrote: > > Hi , > Have query regarding generation of X255519 and X448 certificate chain > > Below is the script which i used to generate certificate chain of Ecdsa type. > https://github.com/raja-ashok/sample_certificates/blob/master/ECC_Prime256_Certs/gen_ecc_cert.sh > > Now for generating EdDSA certificate chain I am using command from > (https://github.com/openssl/openssl/issues/6201). But with this command I am > able to generate only certificate and private key pair. But not able to > generate certificate chain. > > > > Below is the command used for generating end entity cert > > Openssl req -config openssl.cnf -new -key serverkey.pem > -subj”/C=IN/ST=kar/L=En/0=htipl/OU=team/CN=server” -outr server_cert.csr > > Openssl ca -config openssl.cnf -cert rootcert.pem -key rootkey.pem > -extensions usr_cert -subj -days 360 -md sha256 -in server_cert.csr -out > server_cert.pem >When i executed above command below errro is thrown > > Cant open ./root/private/cakey.pem for reading no such file or directory > System library:fopen:no such file or directory:crypto/bio/bss_file.c :72 > Bio routines :BIO_new_file:no such file crypto/bio:bss_file.c > > > > > Tried another command to generated server cert that is openssl x509 -req > -days 360 -in server_cert.csr -signkey rootykey.pem -sha256 -out serever.crt > > For this elliptic curve routines:pkey_ecd_ctrl:invalid digest > type:crypto/ec/ecx_meth.c > error will be thrown > > > Please help me out to resolve this issue > > > Thanks , > Soumya pattada. > >
query related to openssl certificate generation of Ed X25519,X448
Hi , Have query regarding generation of X255519 and X448 certificate chain Below is the script which i used to generate certificate chain of Ecdsa type. https://github.com/raja-ashok/sample_certificates/blob/master/ECC_Prime256_Certs/gen_ecc_cert.sh Now for generating EdDSA certificate chain I am using command from ( https://github.com/openssl/openssl/issues/6201). But with this command I am able to generate only certificate and private key pair. But not able to generate certificate chain. Below is the command used for generating end entity cert Openssl req -config openssl.cnf -new -key serverkey.pem -subj”/C=IN/ST=kar/L=En/0=htipl/OU=team/CN=server” -outr server_cert.csr Openssl ca -config openssl.cnf -cert rootcert.pem -key rootkey.pem -extensions usr_cert -subj -days 360 -md sha256 -in server_cert.csr -out server_cert.pem When i executed above command below errro is thrown Cant open ./root/private/cakey.pem for reading no such file or directory System library:fopen:no such file or directory:crypto/bio/bss_file.c :72 Bio routines :BIO_new_file:no such file crypto/bio:bss_file.c Tried another command to generated server cert that is openssl x509 -req -days 360 -in server_cert.csr -signkey rootykey.pem -sha256 -out serever.crt For this elliptic curve routines:pkey_ecd_ctrl:invalid digest type:crypto/ec/ecx_meth.c error will be thrown Please help me out to resolve this issue Thanks , Soumya pattada.
