Re: EC curve preferences

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Nov 20, 2020 at 08:43:59AM -0800, Skip Carter wrote:

> I am sure this in the documentation somewhere; but where ?
> 
> What are the preferred ECDH curves for a given keysize ?  Which curves
> are considered obsolete/deprecated/untrustworthy ?

Is this a general question about industry best-practices or a question
about OpenSSL default or configurable behaviour?  Or in other words,
is this a theory question or a how-to question?

Also, are you asking specifically about TLS, or more broadly (e.g. EC in
CMS).

For SSL, curve selection is controlled via the functions documented
under:

    https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_groups.html

But this does not specify the default list, which is in ssl/t1_lib.c:

    /* The default curves */
    static const uint16_t eccurves_default[] = {
        29,                      /* X25519 (29) */
        23,                      /* secp256r1 (23) */
        30,                      /* X448 (30) */
        25,                      /* secp521r1 (25) */
        24,                      /* secp384r1 (24) */
    };

The full list of "available" curves is:

    /*
     * Table of curve information.
     * Do not delete entries or reorder this array! It is used as a lookup
     * table: the index of each entry is one less than the TLS curve id.
     */
    static const TLS_GROUP_INFO nid_list[] = {
        {NID_sect163k1, 80, TLS_CURVE_CHAR2}, /* sect163k1 (1) */
        {NID_sect163r1, 80, TLS_CURVE_CHAR2}, /* sect163r1 (2) */
        {NID_sect163r2, 80, TLS_CURVE_CHAR2}, /* sect163r2 (3) */
        {NID_sect193r1, 80, TLS_CURVE_CHAR2}, /* sect193r1 (4) */
        {NID_sect193r2, 80, TLS_CURVE_CHAR2}, /* sect193r2 (5) */
        {NID_sect233k1, 112, TLS_CURVE_CHAR2}, /* sect233k1 (6) */
        {NID_sect233r1, 112, TLS_CURVE_CHAR2}, /* sect233r1 (7) */
        {NID_sect239k1, 112, TLS_CURVE_CHAR2}, /* sect239k1 (8) */
        {NID_sect283k1, 128, TLS_CURVE_CHAR2}, /* sect283k1 (9) */
        {NID_sect283r1, 128, TLS_CURVE_CHAR2}, /* sect283r1 (10) */
        {NID_sect409k1, 192, TLS_CURVE_CHAR2}, /* sect409k1 (11) */
        {NID_sect409r1, 192, TLS_CURVE_CHAR2}, /* sect409r1 (12) */
        {NID_sect571k1, 256, TLS_CURVE_CHAR2}, /* sect571k1 (13) */
        {NID_sect571r1, 256, TLS_CURVE_CHAR2}, /* sect571r1 (14) */
        {NID_secp160k1, 80, TLS_CURVE_PRIME}, /* secp160k1 (15) */
        {NID_secp160r1, 80, TLS_CURVE_PRIME}, /* secp160r1 (16) */
        {NID_secp160r2, 80, TLS_CURVE_PRIME}, /* secp160r2 (17) */
        {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */
        {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */
        {NID_secp224k1, 112, TLS_CURVE_PRIME}, /* secp224k1 (20) */
        {NID_secp224r1, 112, TLS_CURVE_PRIME}, /* secp224r1 (21) */
        {NID_secp256k1, 128, TLS_CURVE_PRIME}, /* secp256k1 (22) */
        {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME}, /* secp256r1 (23) */
        {NID_secp384r1, 192, TLS_CURVE_PRIME}, /* secp384r1 (24) */
        {NID_secp521r1, 256, TLS_CURVE_PRIME}, /* secp521r1 (25) */
        {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */
        {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
        {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
        {EVP_PKEY_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
        {EVP_PKEY_X448, 224, TLS_CURVE_CUSTOM}, /* X448 (30) */
    };

-- 
    Viktor.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux