Add support of X448 and X25519 key exchange algorithm, and prefer using X448/X25519

This is where we can discuss what we would like to see added or changed in OpenVPN.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
A
OpenVpn Newbie
Posts: 4
Joined: Tue Aug 16, 2022 3:05 am

Add support of X448 and X25519 key exchange algorithm, and prefer using X448/X25519

Post by A » Fri Aug 26, 2022 2:30 am

Nowadays, OpenVPN doesn't support X448 (Ed448-Goldilocks) and X25519, which are recommend by SafeCurves and RFC 7748:

RFC 7748: Elliptic Curves for Security
https://datatracker.ietf.org/doc/html/rfc7748

SafeCurves: choosing safe curves for elliptic-curve cryptography
https://safecurves.cr.yp.to/

But until OpenVPN 2.5.7, OpenVPN supports none of them:

Code: Select all

secp224r1
secp256k1
secp384r1
secp521r1
prime256v1
In fact, OpenSSL 3.0.1 has been supports X25519 and X448:

Code: Select all

openssl list -key-exchange-algorithms

Code: Select all

  { 1.2.840.113549.1.3.1, DH, dhKeyAgreement } @ default
  { 1.3.101.110, X25519 } @ default
  { 1.3.101.111, X448 } @ default
  ECDH @ default
  TLS1-PRF @ default
  HKDF @ default
  { 1.3.6.1.4.1.11591.4.11, id-scrypt, SCRYPT } @ default
I wish OpenVPN supports them. Last but not least, prefer using X448, X25519, then using other curves.

A
OpenVpn Newbie
Posts: 4
Joined: Tue Aug 16, 2022 3:05 am

Re: Add support of X448 and X25519 key exchange algorithm, and prefer using X448/X25519

Post by A » Fri Aug 26, 2022 2:42 am

In https://bench.cr.yp.to/results-dh.html
amd64; Zen3 (a20f10); 2020 AMD Ryzen 9 5950X; 16 x 3400MHz; zen3, supercop-20220213 section, we can see:

curve25519 (X25519) only need 102495 cycles to generate a key pair, 110991 cycles to compute a shared secret;
ed448goldilocks (X448) only need 159723 cycles to generate a key pair, 527032 cycles to compute a shared secret;

compare with NIST P-curves:
nistp256 (P-256) need 223320 cycles to generate a key pair, 603146 cycles to compute a shared secret, it is the same security level of X25519 (in fact, it's less),
nist521gs (P-521) need 884294 cycles to generate a key pair, 887358 cycles to compute a shared secret.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Add support of X448 and X25519 key exchange algorithm, and prefer using X448/X25519

Post by TinCanTech » Fri Aug 26, 2022 8:45 am

OpenVPN is written by volunteers. Why don't you volunteer to write the code which you desire ?

Post Reply