Skip to content

Use mirage-crypto-ec for elliptic curves, support ECDSA certificates#428

Merged
hannesm merged 2 commits into
mirleft:masterfrom
hannesm:mirage-crypto-ec
Apr 14, 2021
Merged

Use mirage-crypto-ec for elliptic curves, support ECDSA certificates#428
hannesm merged 2 commits into
mirleft:masterfrom
hannesm:mirage-crypto-ec

Conversation

@hannesm
Copy link
Copy Markdown
Member

@hannesm hannesm commented Mar 31, 2021
edited
Loading

This unifies the elliptic crypto primitives being used (X25519/P256), and adds support for P384 and P521 ECDH.

In addition, ECDSA (and EdDSA) certificates are now supported.

@hannesm
Use mirage-crypto-ec for elliptic curves, instead of hacl_x25519 and …
2625ccb 
…fiat

This unifies the crypto primitives being used, and adds support for P384 and
P521 ECDH.
@hannesm hannesm force-pushed the mirage-crypto-ec branch 2 times, most recently from 3d0aded to a08242f Compare April 12, 2021 22:32
@hannesm hannesm changed the title Use mirage-crypto-ec for elliptic curves, instead of hacl_x25519 and … Use mirage-crypto-ec for elliptic curves, support ECDSA certificates Apr 13, 2021
@hannesm hannesm force-pushed the mirage-crypto-ec branch 2 times, most recently from cc11724 to ef29c43 Compare April 13, 2021 19:59
@hannesm
Copy link
Copy Markdown
Member Author

hannesm commented Apr 13, 2021

This is ready. I tested with the interop-sclient and interop-sserver shell scripts (using openssl on the other end).

The first commit is pretty straightforward, it uses the DH from mirage-crypto-ec for elliptic curves.
The second commit is slightly intricate, it adds ECDSA and EdDSA support. Complexity arises from interdependent configuration options and session parameters:

  • Config.groups (client hello EllipticCurves / NamedCurve extension) in TLS 1.2 (and below) restricts the curves to use for DH and ECDSA/EdDSA
  • Config.signature_algorithms (since 1.2 [where it is optonal, required in 1.3]) specifies which signature scheme and public key type are accepted (ClientHello SignatureAlgorithms extension)
  • cross-constraints for ciphersuites (1.2 and below), which specify not only the key exchange method, but also the public key type to use

This PR builds a working configuration at "Tls.Config.client/server" invocation (depending on provided values and certificates, it may restrict some parameters (ciphers/groups/signature_algorithms), may lead to an error (conflicting values provided), and during session initiation it attempts to select a working set of parameters (group, certificate, ciphersuite, signature_algorithm) -- taking the 1.0/1.1 vs 1.2 vs 1.3 differences into account.

TL;DR: The API changed slightly (some types are gone now), a server configuration may have multiple certificates for the same hostnames (but different public key types), and the interoperability with openssl has been tested.

@hannesm hannesm mentioned this pull request Apr 13, 2021
Merged
@hannesm hannesm merged commit b919310 into mirleft:master Apr 14, 2021
@hannesm hannesm deleted the mirage-crypto-ec branch April 14, 2021 09:07
hannesm added a commit to hannesm/opam-repository that referenced this pull request Apr 14, 2021
@hannesm
[new release] tls-mirage and tls (0.13.0)
617855f 
CHANGES:

* Remove static RSA and CBC ciphersuites from default configuration. The
  default configuration now includes FFDHE and ECDHE key exchanges with RSA or
  ECDSA/EdDSA certificates, and AEAD ciphers
  (AES-GCM, AES-CCM, ChaCha20-Poly1305) (mirleft/ocaml-tls#429 by @hannesm)
* Remove SHA1 from signature_algorithms in the default configuration
  (mirleft/ocaml-tls#429 by @hannesm)
* Support ECDSA and EdDSA certificates and private keys via x509 0.12.0 and
  mirage-crypto-ec (mirleft/ocaml-tls#428 by @hannesm)
  Breaking changes:
  - the second part of type Tls.Config.certchain is now a X509.Private_key.t
    (previously Mirage_crypto_pk.Rsa.priv)
  - the type aliases X509_lwt.priv and X509_lwt.authenticator have been removed
* Use mirage-crypto-ec instead of fiat-p256 and hacl_x25519 for elliptic curve
  support - this adds P384 and P521 ECDH support (mirleft/ocaml-tls#428 by @hannesm)
* Remove custom Monad implementation, use Result and Rresult instead
  (mirleft/ocaml-tls#429 by @hannesm)
* Remove Utils.Cs submodule, use Cstruct API instead (mirleft/ocaml-tls#429 by @hannesm)
* Breaking: Tls.Engine.ret type is now a result instead of a custom variant type
  (mirleft/ocaml-tls#429 by @hannesm)
* Breaking: Tls_lwt.Unix.epoch results in (Tls.Core.epoch_data, unit) result -
  it was a custom error type previously (mirleft/ocaml-tls#429 by @hannesm)
@hannesm hannesm mentioned this pull request Apr 14, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hannesm