1. 首页
  2. 问答
  3. openssl中的某些椭圆曲线给出“不共享密码”错误

openssl中的某些椭圆曲线给出“不共享密码”错误

2013-05-02 124 views
4

使用openssl s_server/s_client组合时,生成密钥对中的某些曲线似乎不起作用。在openssl ecparam -list_curvesopenssl中的某些椭圆曲线给出“不共享密码”错误

    • 创建openssl ecparam -out ec_$curve.key -name $curve -genkey椭圆曲线密钥对,的foreach $curve每个ec_$curve.keyopenssl req -x509 -new -days 365 -key ec_$curve.key -out ec_$curve.crt -subj $SOME_SUBJ

    • 每个生成的自签名证书:我已经验证了这一点使用以下方法ec_$curve.key,做:在一个窗口中,openssl s_server -cert ec_$curve.crt -key ec_$curve.key -accept 10000,另一个openssl s_client -host localhost -port 10000

    我得到的握手:

    Using default temp DH parameters Using default temp ECDH parameters ACCEPT ERROR 8606155664:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1355: shutting down SSL CONNECTION CLOSED

    与下面的曲线创建的密钥对:在c2.*曲线,prime192v[23]prime239.*sec.1[123].*曲线(如c2pnb163v1)。所有其他曲线工作正常。

    这对我来说没有意义。 s_client应该能够与s_server交谈,所以这是一个OpenSSL错误,或者我已经配置了客户端或服务器,或者两者都有错误。我已经尝试添加-named_curve参数服务器端,但这并没有改善。 OpenSSL版本是1.0.1e。

    因此,有更多加密/ EC线索的人,究竟在这里发生了什么?

    • 来源

    2013-05-02 quack

    回答

    2

    根据RFC 4492第5.1.1节的规定,任意参数的曲线也被支持(参见下面的任意表达式_prime_curves)。这意味着如果您找到要测试的每条曲线的定义和所有EC参数,则可以通过openssl调用(例如EC_GROUP_new_curve,EC_KEY_set_group,EC_KEY_get0_private_key)生成密钥,然后在TLS握手中使用它们。

    所以,结论是,如果不是使用命名曲线,而是使用自定义曲线,则可以支持您生成的所有按键可以支持

    enum { 
     sect163k1 (1), sect163r1 (2), sect163r2 (3), 
     sect193r1 (4), sect193r2 (5), sect233k1 (6), 
     sect233r1 (7), sect239k1 (8), sect283k1 (9), 
     sect283r1 (10), sect409k1 (11), sect409r1 (12), 
     sect571k1 (13), sect571r1 (14), secp160k1 (15), 
     secp160r1 (16), secp160r2 (17), secp192k1 (18), 
     secp192r1 (19), secp224k1 (20), secp224r1 (21), 
     secp256k1 (22), secp256r1 (23), secp384r1 (24), 
     secp521r1 (25), 
     reserved (0xFE00..0xFEFF), 
     arbitrary_explicit_prime_curves(0xFF01), 
     arbitrary_explicit_char2_curves(0xFF02), 
     (0xFFFF) 
    } NamedCurve;

    'openssl ecparam'中还有-C选项,允许为命名曲线生成C代码。

    openssl ecparam -name prime256v1 -C

    会生成可用于生成自定义曲线与匹配命名曲线是参数键创建EC_GROUP对象代码:

    static unsigned char ec_p_256[] = { 
    0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00, 
    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, 
    0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF 
    }; 

static unsigned char ec_a_256[] = { 
    0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00, 
    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, 
    0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC 
    }; 

static unsigned char ec_b_256[] = { 
    0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,0xB3,0xEB,0xBD,0x55, 
    0x76,0x98,0x86,0xBC,0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6, 
    0x3B,0xCE,0x3C,0x3E,0x27,0xD2,0x60,0x4B 
    }; 

static unsigned char ec_gen_256[] = { 
    0x04,0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,0xF8,0xBC,0xE6, 
    0xE5,0x63,0xA4,0x40,0xF2,0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33, 
    0xA0,0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96,0x4F,0xE3,0x42, 
    0xE2,0xFE,0x1A,0x7F,0x9B,0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E, 
    0x16,0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE,0xCB,0xB6,0x40, 
    0x68,0x37,0xBF,0x51,0xF5 
    }; 

static unsigned char ec_order_256[] = { 
    0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, 
    0xFF,0xFF,0xFF,0xFF,0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84, 
    0xF3,0xB9,0xCA,0xC2,0xFC,0x63,0x25,0x51 
    }; 

static unsigned char ec_cofactor_256[] = { 
    0x01 
    }; 



EC_GROUP *get_ec_group_256(void) 
    { 
    int ok=0; 
    EC_GROUP *group = NULL; 
    EC_POINT *point = NULL; 
    BIGNUM *tmp_1 = NULL, *tmp_2 = NULL, *tmp_3 = NULL; 

    if ((tmp_1 = BN_bin2bn(ec_p_256, sizeof(ec_p_256), NULL)) == NULL) 
     goto err; 
    if ((tmp_2 = BN_bin2bn(ec_a_256, sizeof(ec_a_256), NULL)) == NULL) 
     goto err; 
    if ((tmp_3 = BN_bin2bn(ec_b_256, sizeof(ec_b_256), NULL)) == NULL) 
     goto err; 
    if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL) 
     goto err; 

    /* build generator */ 
    if ((tmp_1 = BN_bin2bn(ec_gen_256, sizeof(ec_gen_256), tmp_1)) == NULL) 
     goto err; 
    point = EC_POINT_bn2point(group, tmp_1, NULL, NULL); 
    if (point == NULL) 
     goto err; 
    if ((tmp_2 = BN_bin2bn(ec_order_256, sizeof(ec_order_256), tmp_2)) == NULL) 
     goto err; 
    if ((tmp_3 = BN_bin2bn(ec_cofactor_256, sizeof(ec_cofactor_256), tmp_3)) == NULL) 
     goto err; 
    if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3)) 
     goto err; 

    ok=1; 
err: 
    if (tmp_1) 
     BN_free(tmp_1); 
    if (tmp_2) 
     BN_free(tmp_2); 
    if (tmp_3) 
     BN_free(tmp_3); 
    if (point) 
     EC_POINT_free(point); 
    if (!ok) 
     { 
     EC_GROUP_free(group); 
     group = NULL; 
     } 
    return(group); 
    }

    来源

    2014-10-13 23:31:28

    4

    TLS标准定义仅支持这些曲线:

    sect163k1 (1), sect163r1 (2), sect163r2 (3), 
    sect193r1 (4), sect193r2 (5), sect233k1 (6), 
    sect233r1 (7), sect239k1 (8), sect283k1 (9), 
    sect283r1 (10), sect409k1 (11), sect409r1 (12), 
    sect571k1 (13), sect571r1 (14), secp160k1 (15), 
    secp160r1 (16), secp160r2 (17), secp192k1 (18), 
    secp192r1 (19), secp224k1 (20), secp224r1 (21), 
    secp256k1 (22), secp256r1 (23), secp384r1 (24), 
    secp521r1 (25)

    虽然OpenSSL的可以产生与其他曲线证书,它们不能被用于SSL/TLS。最可能的是,这是原因。

    来源

    2013-05-02 13:28:13

    +0

    敬请告知我们的信息来源是什么? – ChiaraHsieh 2013-05-02 13:31:36

    +2

    这是RFC 4492 - 椭圆曲线加密(ECC)传输层安全(TLS)密码套件 – 2013-05-02 19:39:55

    相关问题

     相关问题