The default build of nss only enables Suite B ECC ciphers. The attached patch to the ebuild adds a use flag which enables the complete set. Without the patch: # certutil -G -H -G Generate a new key pair -h token-name Name of token in which to generate key (default is internal) -k key-type Type of key pair to generate ("dsa", "ec", "rsa" (default)) -g key-size Key size in bits, (min 512, max 8192, default 1024) (not for ec) -y exp Set the public exponent value (3, 17, 65537) (rsa only) -f password-file Specify the password file -z noisefile Specify the noise file to be used -q pqgfile read PQG value from pqgfile (dsa only) -q curve-name Elliptic curve name (ec only) One of nistp256, nistp384, nistp521 -d keydir Key database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix --keyAttrFlags attrflags PKCS #11 key Attributes. Comma separated list of key attribute attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable} --keyOpFlagsOn opflags --keyOpFlagsOff opflags PKCS #11 key Operation Flags. Comma separated list of one or more of the following: encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap, derive With the patch: # certutil -G -H -G Generate a new key pair -h token-name Name of token in which to generate key (default is internal) -k key-type Type of key pair to generate ("dsa", "ec", "rsa" (default)) -g key-size Key size in bits, (min 512, max 8192, default 1024) (not for ec) -y exp Set the public exponent value (3, 17, 65537) (rsa only) -f password-file Specify the password file -z noisefile Specify the noise file to be used -q pqgfile read PQG value from pqgfile (dsa only) -q curve-name Elliptic curve name (ec only) One of nistp256, nistp384, nistp521 sect163k1, nistk163, sect163r1, sect163r2, nistb163, sect193r1, sect193r2, sect233k1, nistk233, sect233r1, nistb233, sect239k1, sect283k1, nistk283, sect283r1, nistb283, sect409k1, nistk409, sect409r1, nistb409, sect571k1, nistk571, sect571r1, nistb571, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, nistp192, secp224k1, secp224r1, nistp224, secp256k1, secp256r1, secp384r1, secp521r1, prime192v1, prime192v2, prime192v3, prime239v1, prime239v2, prime239v3, c2pnb163v1, c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2pnb272w1, c2pnb304w1, c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, secp112r2, secp128r1, secp128r2, sect113r1, sect113r2 sect131r1, sect131r2 -d keydir Key database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix --keyAttrFlags attrflags PKCS #11 key Attributes. Comma separated list of key attribute attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable} --keyOpFlagsOn opflags --keyOpFlagsOff opflags PKCS #11 key Operation Flags. Comma separated list of one or more of the following: encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap, derive Reproducible: Always The additional commands were derived from this guide: http://pki.fedoraproject.org/wiki/ECC_Capable_NSS It is possible that the clean/rebuild could be optimised to reduce the work. It seems that the additional suites are possibly patent encumbered. OpenSSL seems to control their inclusion via the bindist flag. Perhaps for consistency the additional suites should be compiled by default unless this flag is set.
Created attachment 363678 [details, diff] Patch to enable additional ECC ciphers
Created attachment 365682 [details, diff] Patch containing initialisation code for additional curves The curve parameters are copied from NSS_3_11_1_BRANCH of the nss mercurial repository. It seems they were removed the 3.12 release.
Created attachment 365684 [details, diff] Updated version of the ebuild patch This new version of the ebuild applies the curve patch which allows everything to be built cleanly first time without needing the additional clean + make.
PDFs containing the initialisation parameters can be found at http://www.secg.org/. I have not checked the values in the patch against what has been published.
(In reply to Spooky Ghost from comment #2) > Created attachment 365682 [details, diff] [details, diff] > Patch containing initialisation code for additional curves > > The curve parameters are copied from NSS_3_11_1_BRANCH of the nss mercurial > repository. It seems they were removed the 3.12 release. There is obviously a reason that this was all removed. We will need to determine first and for most why the code was drop'd.
(In reply to Jory A. Pratt from comment #5) > (In reply to Spooky Ghost from comment #2) > > Created attachment 365682 [details, diff] [details, diff] [details, diff] > > Patch containing initialisation code for additional curves > > > > The curve parameters are copied from NSS_3_11_1_BRANCH of the nss mercurial > > repository. It seems they were removed the 3.12 release. > > There is obviously a reason that this was all removed. We will need to > determine first and for most why the code was drop'd. As observed in the original report this seems to be related to patent concerns in the US. In OpenSSL the inclusion of these algorithms is controlled by the bindist use flag. i.e. the binary stage3 images do not include this but if I compile OpenSSL with -bindist then I get them.
The history of the ecl-curve.h file can be seen in mercurial at https://hg.mozilla.org/projects/nss/log/a42d84159793/security/nss/lib/freebl/ecl/ecl-curve.h The additional curve parameters seem to be removed in https://hg.mozilla.org/projects/nss/rev/e4114d455532 - rrelyea%redhat.com - bug 35748 Mozilla ECC checkin. https://bugzilla.mozilla.org/show_bug.cgi?id=35748 however doesn't comment on this change. https://bugzilla.mozilla.org/show_bug.cgi?id=337770 does however contain attachments covering the change. Red Hat remove the OpenSSL version of these algorithms (https://bugzilla.redhat.com/show_bug.cgi?id=612265) and it seems they were carrying a patch for nss too do the same http://www.redhat.com/archives/fedora-cvs-commits/2006-May/msg01500.html. Wikipedia discussion of ECC patents: http://en.wikipedia.org/wiki/ECC_patents Despite a reasonable amount of searching I can't find any discussion from the NSS developers about why the patch to remove the additional curve support was accepted. As far as I can tell there aren't any technical concerns over the security of the additional curves, recent new stories aside:)
(In reply to Spooky Ghost from comment #7) > The history of the ecl-curve.h file can be seen in mercurial at > https://hg.mozilla.org/projects/nss/log/a42d84159793/security/nss/lib/freebl/ > ecl/ecl-curve.h > > The additional curve parameters seem to be removed in > https://hg.mozilla.org/projects/nss/rev/e4114d455532 - rrelyea%redhat.com - > bug 35748 Mozilla ECC checkin. > https://bugzilla.mozilla.org/show_bug.cgi?id=35748 however doesn't comment > on this change. https://bugzilla.mozilla.org/show_bug.cgi?id=337770 does > however contain attachments covering the change. > > Red Hat remove the OpenSSL version of these algorithms > (https://bugzilla.redhat.com/show_bug.cgi?id=612265) and it seems they were > carrying a patch for nss too do the same > http://www.redhat.com/archives/fedora-cvs-commits/2006-May/msg01500.html. > > Wikipedia discussion of ECC patents: http://en.wikipedia.org/wiki/ECC_patents > > Despite a reasonable amount of searching I can't find any discussion from > the NSS developers about why the patch to remove the additional curve > support was accepted. As far as I can tell there aren't any technical > concerns over the security of the additional curves, recent new stories > aside:) I have been in touch with upstream. Is there a specific reason you need the other elliptic curves? As most will never need the other there is no plan to readd them to nss.
Scratching an itch:) I have a CA for my local network which had been RSA 1024 until a few months ago. I reissued all my certificates using OpenSSL and picked what I believed to be strongest ECC mode. After installing all the new certificates I could no longer access my https except with Konqueror which was built against OpenSSL. With this patch I get access with Seamonkey back. There were obviously other solutions to the problem I made for myself but I was trying to achieve parity between OpenSSL and NSS.
putting them behind a USE=bindist flag seems reasonable ...
(In reply to SpanKY from comment #10) > putting them behind a USE=bindist flag seems reasonable ... Wont fix, upstream has removed them an has no interest in adding them back without good cause.
