Dear OpenSSL users Thanks for thinking about it. (Especially grateful to Mr./Ms. Mattl, Michael and Kris. )
I took a little time to clarify our questions. The attached document is a diagram of our idea of how the original protocol and TLS should work together. Objective: We want to implement QUIC-TLS, which is lightweight and secure. Specifically, we would like to implement a handshake protocol by incorporating non-standard protocols. For example, we are considering a post-quantum key exchange protocol. This is just a part of our research, and we are not considering a new standardization proposal for TLS handshaking that includes the above protocols at this stage. What we would like to hear: 1. what exactly is the structure that stores ephemeral keys in ECDHE/DHE? 2. What is the function that calculates the ephemeral public key of ECDHE/DHE and stores the value in the above structure? 3. After receiving a client hello or server hello message, where is the part that extracts the ephemeral public key of the communication partner from the received message? Also, where is the place to calculate the session key from ECDHE/DHE? Additional two information. Current situation: I'm trying to implement it using "msquic". The handshake in "msquic" uses "quictls" forked from OpenSSL, but I think the implementation of the TLS handshake is based on OpenSSL. Problem: I would like to be able to use the TLS handshake part of OpenSSL (ClientHello, ServerHello) with protocol messages on behalf of ECDHE and DHE to perform key exchange and pass the generated session key to the TLS record protocol. Nobuo Aoki (master 1st student, Japan). (It seems that the file could not be attached because of the large sending byte size. Instead, I'll share it from my university's storage. Here is the link for sharing) https://hunet-my.sharepoint.com/:i:/g/personal/mg66001_e_hiroshima-cu_ac_jp/Ecmdv1CofjZCniQ9vWFSLu4Bjfm7bYuShGcdG1J0IRZzjQ?e=p5s3uV <https://hunet-my.sharepoint.com/:i:/g/personal/mg66001_e_hiroshima-cu_ac_jp/Ecmdv1CofjZCniQ9vWFSLu4Bjfm7bYuShGcdG1J0IRZzjQ?e=p5s3uV> > 2021/08/30 16:57、Matt Caswell <m...@openssl.org>のメール: > > > > On 29/08/2021 20:41, Nobuo Aoki wrote: >> I am trying to identify the implementation >> where “ephemeral public key” and “ephemeral private key” can be added, > > I am unclear from your question whether you are asking how to add a new > public/private key scheme for integration into TLS. Or whether you are simply > asking for the location in the code where the key_share is generated. If the > latter then you might look here for the client side: > > https://github.com/openssl/openssl/blob/e8e1f6d1a9e599d575431f559200018b8f822e0f/ssl/statem/extensions_clnt.c#L649-L705 > > And here for the server side: > > https://github.com/openssl/openssl/blob/e8e1f6d1a9e599d575431f559200018b8f822e0f/ssl/statem/extensions_srvr.c#L1577-L1707 > > > Matt >
