OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian)

[gaglia]

Well, of course, but it's still nice, no? And you save some precious bytes of communication

[gaglia]

Sorry, just another question I was thinking of. You say:

I am also unsure about the support for it in PolarSSL (which the iOS/Android clients use).

Does this mean that you are not positive about making this patch work with Android / CyanogenMod ?

[janjust]

if PolarSSL does not support EC crypto then there will be no way to make it work with the Android/iOS OpenVPN Connect clients.

[gaglia]

How to know for sure? Here it seems that certain curves are indeed supported: https://polarssl.org/core-features

[Wheelz]

Has anyone figured out how to use ECDH instead of DH?

I have compiled OpenVPN 2.3.2 on top of OpenSSL 1.0.1e-fips.

I use

Code: Select all

openssl-new ecparam -out ecdh256.pem -name secp256r1

to build my DH file.

When I include the ecdh256.pem file in my server.conf, it gives an error message:

"Cannot load DH parameters from ../ecdh256.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line"

I'm sure it's because the header in ecdh256.pem is:

-----BEGIN EC PARAMETERS-----

and a dh.pem file would show:

-----BEGIN DH PARAMETERS-----

I haven't found any documentation on how to utilize ECDH.....Can anyone help?

[gaglia]

Unfortunately ECDH seems to be unsupported by openVPN so far. With that comand you just create the parameters for an elliptic curve, but with the "dh" directive you are expected to provide traditional DH parameters (i.e.: finite field discrete logarithm based). I guess we have to wait for ECDH to be implemented, but at this point it may be better to switch directly to something more exotic (like NTRU or similars)

[Wheelz]

with the following hack to OpenVPN's ssl.c code:

Code: Select all

--- ssl.c       2011-06-24 08:13:39.000000000 +0200
+++ /home/janjust/src/openvpn-2.2.1/ssl.c       2011-09-08 00:04:37.000000000 +0200
@@ -1588,6 +1588,7 @@
   DH *dh;
   BIO *bio;
   bool using_cert_file = false;
+  EC_KEY *ecdh=NULL;
 
   ERR_clear_error ();
 
@@ -1622,6 +1623,16 @@
       msg (D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",
           8 * DH_size (dh));
       DH_free (dh);
+
+      ecdh = EC_KEY_new_by_curve_name(NID_secp224r1);
+
+      if (ecdh == NULL)
+          msg (M_SSLERR, "Unable to create curve (NID_secp224r1)");
+
+      if (!SSL_CTX_set_tmp_ecdh(ctx, ecdh))
+          msg (M_SSLERR, "SSL_CTX_set_tmp_ecdh");
+
+      EC_KEY_free(ecdh);
     }
   else                         /* if client */
     {

I can use the ecdsa-with-SHA512 signed certificates ; the 'no shared cipher' message is gone and the TLS control channel is now encrypted using

Code: Select all

Sep  8 12:49:57 2011 us=360534 X.X.X.X:60345 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES256-SHA

I am not sure how to test whether the data channel , which uses a separate cipher and digest (signing) algorithm, is also signed using ECDSA enabled keys.

Janjust,
Do you know if this patch still works for 2.3.2? I looked at the ssl.c source code and didn't see this in there. I guess the patch didn't make it to the latest version?

[Nucleardragon]

Hello All!

Is there any news about normal support elliptic curves in OpenVPN 2.3.2 + OpenSSL 1.0.1e?
For me it is a very important safety issue. In particular, what about support ECDH?

Indeed it is strange that few people are concerned about the safety Openvpn...

[Nucleardragon]

Tried anyone Used hash function Whirlpool in return SHA512?
Can OpenVPN / OpenSSL support symmetric encryption algorithms such as Twofish and Serpent?
And what do you think of the algorithm CAMELLIA-256 in comparison with the AES-256?
The advantage of AES-256 is its hardware support in some CPU, but is not this the same way its potential vulnerability?
Is it possible to use ECRSA instead of ECDSA?

[uwnthesis]

The use of Twofish, Threefish, Serpent and Skein would be very welcome.

Silent circle are moving away from AES...
https://threatpost.com/silent-circle-mo ... ons/102452

Twofish is a cipher suite written by Bruce Schneier and it was one of the finalists during the AES competition, but lost out to the Rijndael algorithm. It has been resistant to cryptanalysis thus far, and Callas said it also has the advantage of being an easy replacement for AES in Silent Circle’s products. The company also will be replacing SHA-2, an older NIST hash function, with Skein, which was a finalists in the recently completed SHA-3 competition.

“We are going to replace our use of the AES cipher with the Twofish cipher, as it is a drop-in replacement. We are going to replace our use of the SHA–2 hash functions with the Skein hash function. We are also examining using the Threefish cipher where that makes sense. (Full disclosure: I’m a co-author of Skein and Threefish.) Threefish is the heart of Skein, and is a tweakable, wide-block cipher. There are a lot of cool things you can do with it, but that requires some rethinking of protocols,” Callas said.

*****

Schneier wrote a journal paper 13 years ago raising safety concerns about AES.

Schneiers min safety factor is 2. A broken cipher has a safety factor of 1.

His article states (from memory)....

Broken cipher = 1

AES 128 = 1.11 (too low a safety factor, but fast)

AES 256 = 1.56 (fast, but not acheiving 2)

Twofish = 2.56

Serpent = 3.56 (designed for hardware, so slow in software).

***
Journal is here:
https://www.schneier.com/paper-twofish-final.html

The Twofish Team's Final Comments on AES Selection

B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, T. Kohno, M. Stay

May 15, 2000

****
We have to accept that the NSA has a dual function - to carry out drag net surveillance AND to rate safety of encryption. There is a conflict between these 2 objectives.

It may mean that more public support for Schneiers encryption and hashing algorithm, will appear, as an insurance policy against the dual nature of the NSA.

I would be very interested to see the addition of Twofish, Serpent and Skein into OpenVPN.

[rich]

Hi

Has anyone been able to implement "Twofish" into openvpn?

Thanks...

[neoCrimeLabs]

So now that RedHat (RHEL6.5) and Fedora 19 both officially support EC, can this patch become mainstream?

[vpn_user]

Any word on ECDHE + ECDSA support in future releases?

[TCalhau]

Dream to see Serpent-256 be implemented on OpenVPN. But I'd be very happy with the implementation of the Twofish-256. I don't have much faith in the power of the AES.

[jasjeet]

Is there any help on getting ECDSA crypto setup (prime256v1) for authentication and AES 256 CBC encryption for data? And is this more secure than RSA 4096bit?