From rick at openfortress.nl Mon Sep 26 06:54:54 2016 From: rick at openfortress.nl (Rick van Rein) Date: Mon, 26 Sep 2016 08:54:54 +0200 Subject: [Opendnssec-develop] Adding ECC to ods-signer Message-ID: <57E8C63E.30909@openfortress.nl> Hello NLnet Labs, I have been asked by SURFnet to enhance the ods-signer with Elliptic Curve algorithms. You are probably aware of the research that has been done by Roland, which turns out in favour of ECDSA signatures. My plan is to fork either 2.0/master and work on that from my own repository. Just let me know if you this interferes with any work you are currently doing, or if you have any advise or requests that would make it simpler for you to accept an upcoming patch -- because of course we'll be offering it back to the project. Cheers, Rick van Rein OpenFortress Digital signatures From jakob at kirei.se Mon Sep 26 07:26:43 2016 From: jakob at kirei.se (Jakob Schlyter) Date: Mon, 26 Sep 2016 09:26:43 +0200 Subject: [Opendnssec-develop] Adding ECC to ods-signer In-Reply-To: <57E8C63E.30909@openfortress.nl> References: <57E8C63E.30909@openfortress.nl> Message-ID: <0FCA7F29-3FFD-460C-88D2-A50D8B1843D0@kirei.se> On 2016-09-26 at 08:54, Rick van Rein wrote: > I have been asked by SURFnet to enhance the ods-signer with Elliptic > Curve algorithms. You are probably aware of the research that has been > done by Roland, which turns out in favour of ECDSA signatures. Good - looking forward to the results! jakob From rick at openfortress.nl Mon Sep 26 12:32:52 2016 From: rick at openfortress.nl (Rick van Rein) Date: Mon, 26 Sep 2016 14:32:52 +0200 Subject: [Opendnssec-develop] Adding ECC to ods-signer In-Reply-To: <57E8C63E.30909@openfortress.nl> References: <57E8C63E.30909@openfortress.nl> Message-ID: <57E91574.5030508@openfortress.nl> Hi, > I have been asked by SURFnet to enhance the ods-signer with Elliptic > Curve algorithms. You are probably aware of the research that has been > done by Roland, which turns out in favour of ECDSA signatures. > I was happy to find ECDSA on P-256 and P-384 already setup in libhsm, thanks to Rickard! And if I'm not mistaken... that is all that is needed? At least it looks like the ods-signer is pretty agnostic about algorithms, it only loads the DNS algorithm id from .signconf and libhsm() finds the PKCS #11 algorithm by looking at the CKA_KEY_TYPE for the handle to the keys. Cool :) I found and ran the hsmtest, including Generating ECDSA Curve P-256 key... OK Extracting key identifier... OK, fa9f31f32e1bc52ca7b153ee7667b079 Signing (ECDSA/SHA256) with key... OK Deleting key... OK Generating ECDSA Curve P-384 key... OK Extracting key identifier... OK, 3d4aa6e60123480507a2b2e20d6dc52a Signing (ECDSA/SHA384) with key... OK Deleting key... OK Has signing with ods-signer on zones already been tested? I didn't find it in the OpenDNSSEC release notes (the site finds ECDSA mentioned only in conjunction with SoftHSMv2). I had understood ECDSA wasn't supported, but it now looks like it is all ready for use under RFC 6605! Is there work that is left to be done? Please let me know if there is :) Thanks, -Rick From rickard at opendnssec.org Mon Sep 26 12:57:51 2016 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Mon, 26 Sep 2016 14:57:51 +0200 Subject: [Opendnssec-develop] Adding ECC to ods-signer In-Reply-To: <57E91574.5030508@openfortress.nl> References: <57E8C63E.30909@openfortress.nl> <57E91574.5030508@openfortress.nl> Message-ID: On Mon, Sep 26, 2016 at 2:32 PM, Rick van Rein wrote: > > I had understood ECDSA wasn't supported, but it now looks like it is all > ready for use under RFC 6605! Is there work that is left to be done? > Please let me know if there is :) > I did some work on this a few years ago. Libhsm should be ready for use by the signer and enforcer. But I do not remember what needs to be done in order for them to use the correct algoritms. // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: From yuri at nlnetlabs.nl Tue Sep 27 07:52:21 2016 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Tue, 27 Sep 2016 09:52:21 +0200 Subject: [Opendnssec-develop] Adding ECC to ods-signer In-Reply-To: References: <57E8C63E.30909@openfortress.nl> <57E91574.5030508@openfortress.nl> Message-ID: <52502250-53a8-2392-f845-b72e9c95aa18@nlnetlabs.nl> On 26-09-16 14:57, Rickard Bellgrim wrote: > I did some work on this a few years ago. Libhsm should be ready for use > by the signer and enforcer. But I do not remember what needs to be done > in order for them to use the correct algoritms. We have this open issue in our tracker: https://issues.opendnssec.org/browse/OPENDNSSEC-450 Where you, Rickard, seem to suggest the enforcer needs work. I haven't checked what needs to be done but I expect it to be something like: "Allow the value in the KASP".Of course there is always more work to do than you think, but it is unlikely that it requires any huge architectural overhaul. So I'd say go for it! //Yuri -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: OpenPGP digital signature URL: From rick at openfortress.nl Tue Sep 27 15:28:43 2016 From: rick at openfortress.nl (Rick van Rein) Date: Tue, 27 Sep 2016 17:28:43 +0200 Subject: [Opendnssec-develop] Adding ECC to ods-signer In-Reply-To: <52502250-53a8-2392-f845-b72e9c95aa18@nlnetlabs.nl> References: <57E8C63E.30909@openfortress.nl> <57E91574.5030508@openfortress.nl> <52502250-53a8-2392-f845-b72e9c95aa18@nlnetlabs.nl> Message-ID: <57EA902B.9000205@openfortress.nl> Hey, Thanks Yuri. The Enforcer would need to allocate the ECDSA keys, I suppose. My surprise was that the Signer appears to be ready because it is agnostic to key types, and only wants a DNS algorithm identifier to publish. I will be testing that -- am now generating keys and with .signconf files with PyKCS11 to be able to tickle the Signer into actually using ECDSA. Just to manage expectations: I will not make changes to the Enforcer. I will report my findings in #450 and on this list. I'm note really sure what "has been tested with OpenDNSSEC" means here. Cheers, -Rick From berry at nlnetlabs.nl Tue Sep 27 18:32:03 2016 From: berry at nlnetlabs.nl ((Berry) A.W. van Halderen) Date: Tue, 27 Sep 2016 20:32:03 +0200 Subject: [Opendnssec-develop] Adding ECC to ods-signer In-Reply-To: <57E8C63E.30909@openfortress.nl> References: <57E8C63E.30909@openfortress.nl> Message-ID: <20160927183203.GB23395@nlnetlabs.nl> On Mon, Sep 26, 2016 at 08:54:54AM +0200, Rick van Rein wrote: > I have been asked by SURFnet to enhance the ods-signer with Elliptic > Curve algorithms. You are probably aware of the research that has been > done by Roland, which turns out in favour of ECDSA signatures. Great. It had not been on our list of immediate plans because it was not in direct demand and because of some bugs in libhsm which have been cleared now. > My plan is to fork either 2.0/master and work on that from my own > repository. The GitHub workflow in use is to fork on github. Do not clone or fork outside of GitHub because then you have a harder time being in sync. There is a "fork" button on https://github.com/opendnssec/OpenDNSSEC on the top-right op the page. This is not a hard fork but allows you to keep in sync with 2.0 and create a pull request to submit your changes back. You can use 2.0/master, but you can keep closer to the current developments by using "develop". > Just let me know if you this interferes with any work you are currently > doing, or if you have any advise or requests that would make it simpler > for you to accept an upcoming patch -- because of course we'll be > offering it back to the project. We would welcome this contribution. If your time permits, I see no problem getting this into the next 2.1 release. I would like not to make functional releases if possible in 2.0, only bug fix releases. We want to go to more frequent releases and just go for the next 2.1 and 2.2 release this year. We believe this change is not very intrusive to the code. Probably allowing the values in the configuration (which is hairy code, but we want to turn to that later, so just keep it). And passing it around. Most (all) of the code is unaware of the algo used. There is currently no change planned that we forsee could interfere with this change. So actually, if you want the change, the coming time is a good period to submit it. When you have something to review or submit you can push your changes back to github and make a pull-request for it. With kind regards, Berry van Halderen -- N: (Berry) A.W. van Halderen E: berry at nlnetlabs.nl O: NLnet Labs W: http://www.nlnetlabs.nl/ From jakob at kirei.se Wed Sep 28 06:24:48 2016 From: jakob at kirei.se (Jakob Schlyter) Date: Wed, 28 Sep 2016 08:24:48 +0200 Subject: [Opendnssec-develop] Adding ECC to ods-signer In-Reply-To: <57EA902B.9000205@openfortress.nl> References: <57E8C63E.30909@openfortress.nl> <57E91574.5030508@openfortress.nl> <52502250-53a8-2392-f845-b72e9c95aa18@nlnetlabs.nl> <57EA902B.9000205@openfortress.nl> Message-ID: <7D422A1E-7BBA-45BC-AD7B-D6D36A11F3A0@kirei.se> On 2016-09-27 at 17:28, Rick van Rein wrote: > Just to manage expectations: I will not make changes to the Enforcer. Why not? The changes should be trivial. jakob From rick at openfortress.nl Wed Sep 28 08:27:39 2016 From: rick at openfortress.nl (Rick van Rein) Date: Wed, 28 Sep 2016 10:27:39 +0200 Subject: [Opendnssec-develop] Adding ECC to ods-signer In-Reply-To: <57EB7EB1.2070600@openfortress.nl> References: <57E8C63E.30909@openfortress.nl> <57E91574.5030508@openfortress.nl> <52502250-53a8-2392-f845-b72e9c95aa18@nlnetlabs.nl> <57EA902B.9000205@openfortress.nl> <7D422A1E-7BBA-45BC-AD7B-D6D36A11F3A0@kirei.se> <57EB7EB1.2070600@openfortress.nl> Message-ID: <57EB7EFB.6080505@openfortress.nl> Hi, >> Just to manage expectations: I will not make changes to the Enforcer. > Why not? The changes should be trivial. Trivial perhaps... but both the old and new Enforcer code is too daunting to me. The new Enforcer, while I wholeheartedly agree with its style, requires a lot of understanding before I would want to make changes in it, because I would fear for putting it off-balance. -Rick From benno at NLnetLabs.nl Wed Sep 28 08:54:37 2016 From: benno at NLnetLabs.nl (Benno Overeinder) Date: Wed, 28 Sep 2016 10:54:37 +0200 Subject: [Opendnssec-develop] Adding ECC to ods-signer In-Reply-To: <57EB7EFB.6080505@openfortress.nl> References: <57E8C63E.30909@openfortress.nl> <57E91574.5030508@openfortress.nl> <52502250-53a8-2392-f845-b72e9c95aa18@nlnetlabs.nl> <57EA902B.9000205@openfortress.nl> <7D422A1E-7BBA-45BC-AD7B-D6D36A11F3A0@kirei.se> <57EB7EB1.2070600@openfortress.nl> <57EB7EFB.6080505@openfortress.nl> Message-ID: Hi Rick, > On 28 Sep 2016, at 10:27, Rick van Rein wrote: > > Hi, > >>> Just to manage expectations: I will not make changes to the Enforcer. >> Why not? The changes should be trivial. > > Trivial perhaps... but both the old and new Enforcer code is > too daunting to me. The new Enforcer, while I wholeheartedly > agree with its style, requires a lot of understanding before > I would want to make changes in it, because I would fear for > putting it off-balance. We can coordinate that part (with the Enforcer) with you. Excellent to have ECC in ODS, and appreciate your and SURFnet?s continued effort to contribute to ODS. Cheers, ? Benno -- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/ From berry at nlnetlabs.nl Wed Sep 28 09:42:44 2016 From: berry at nlnetlabs.nl ((Berry) A.W. van Halderen) Date: Wed, 28 Sep 2016 11:42:44 +0200 Subject: [Opendnssec-develop] Adding ECC to ods-signer In-Reply-To: <57EB7EFB.6080505@openfortress.nl> References: <57E8C63E.30909@openfortress.nl> <57E91574.5030508@openfortress.nl> <52502250-53a8-2392-f845-b72e9c95aa18@nlnetlabs.nl> <57EA902B.9000205@openfortress.nl> <7D422A1E-7BBA-45BC-AD7B-D6D36A11F3A0@kirei.se> <57EB7EB1.2070600@openfortress.nl> <57EB7EFB.6080505@openfortress.nl> Message-ID: <20160928094244.GB29171@nlnetlabs.nl> On Wed, Sep 28, 2016 at 10:27:39AM +0200, Rick van Rein wrote: > >> Just to manage expectations: I will not make changes to the Enforcer. > > Why not? The changes should be trivial. > > Trivial perhaps... but both the old and new Enforcer code is > too daunting to me. The new Enforcer, while I wholeheartedly > agree with its style, requires a lot of understanding before > I would want to make changes in it, because I would fear for > putting it off-balance. We'll see then. Just make a pull request with the part you are comfortable with. I agree with Yuri that the enforcer part of this change is not too much work, so we can also add to this. It will mean that not your pull request comes in, but a copy of it. With kind regards, Berry van Halderen > > > -Rick > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -- N: (Berry) A.W. van Halderen E: berry at nlnetlabs.nl O: NLnet Labs W: http://www.nlnetlabs.nl/ From rick at openfortress.nl Wed Sep 28 12:51:37 2016 From: rick at openfortress.nl (Rick van Rein) Date: Wed, 28 Sep 2016 14:51:37 +0200 Subject: [Opendnssec-develop] Adding ECC to ods-signer In-Reply-To: <20160928094244.GB29171@nlnetlabs.nl> References: <57E8C63E.30909@openfortress.nl> <57E91574.5030508@openfortress.nl> <52502250-53a8-2392-f845-b72e9c95aa18@nlnetlabs.nl> <57EA902B.9000205@openfortress.nl> <7D422A1E-7BBA-45BC-AD7B-D6D36A11F3A0@kirei.se> <57EB7EB1.2070600@openfortress.nl> <57EB7EFB.6080505@openfortress.nl> <20160928094244.GB29171@nlnetlabs.nl> Message-ID: <57EBBCD9.4060005@openfortress.nl> Great news. (replicates #450 and adds an enforcerish script) I have tried my suspicion that the Signer is so agnostic to key material that it will sign with ECDSA based on the libhsm extension. This is true, with the side-remark of the issues noted before. There is a need for the ECDSA public key to be present, though. I have created a simple script to create .signconf files for a named zone, and it will generate a key pair and produce the corresponding .signconf. A single pass by ods-signer got a result that satisfied ldns-verify-zone. (The downlink from the parent is a different matter altogether, as far as I'm concerned). In other words, I saved the required patch to OpenDNSSEC to support ECDSA on your machines already; you can find it in /dev/null and yes, it amounts to 0 lines of changes. The patch was made relative to devel-2.0 but should be trivial to backport ;-) There are a few Enforcer-level differences between ECDSA and RSA worth noting: 1. ECDSA signatures use CKA_EC_POINT which is only present in the public key object. Because of that, the public key is required for signing and so cannot be applied to ECDSA keys. I did confirm that the presence of has no impact on the behaviour of the Signer. 2. RSA key policy dictates a key size. This is insufficient information for EC, as there may be multiple curves of any given size. This is why libhsm desires a string argument (currently "P-256" or "P-384" for signature algos 13 and 14) as 3rd argument to hsm_generate_ecdsa_key(), whereas RSA's 3rd parameter constitutes a numeric key size. This probably reflects on the policy parsing and handling. Attached is my Enforcer-replacing Python script, based on PyKCS11. It generates a .signconf with keys mentioned like 257 14 20160928132644982984 Yeah: - I've assumed signalling both and is the way to specify a CSK. It seems to work, except that the .backup2 mentions "ksk" but not "zsk" on the key; - I'm using locators that enhance log file readability by using BCD notation for YYYYMMDDhhmmssuuuuuu so a decimal time with microsecond resolution. As long as the number of digits is even, the BCD format is great when information is regularly dumped in hexadecimal :-D I hope this is enough preparation for the Enforcer updates; otherwise talk, sing or shout to me! Cheers, -Rick -------------- next part -------------- A non-text attachment was scrubbed... Name: zone2signconf.py Type: text/x-python-script Size: 7094 bytes Desc: not available URL: