[openssl-dev] confusion with rsa_meth_st in a custom RSA engine
Douglas E Engert
deengert at gmail.com
Wed Aug 23 14:15:47 UTC 2017
You can use RSA_meth_dup to copy the default RSA_METHOD,then use the RSA_meth_set* routines to point to your own routines.
it only overrides RSA_meth_set1_name, RSA_meth_set_priv_enc RSA_meth_set_priv_dec RSA_meth_set_finish see:
https://github.com/OpenSC/libp11/blob/master/src/p11_rsa.c
But You will have to populate the key with the public parts of the key.
On 8/22/2017 8:50 PM, Brett R. Nicholas wrote:
> I am trying to develop a engine for a custom RSA hardware accelerator, and have a few questions about the RSA_METHOD stucture implementation.
>
>
> Some context: for encryption, my accelerator takes as inputs the base, public exponent, and modulus, and returns the resulting ciphertext. For decryption, it takes as inputs the base, and modulus. It
> does not need a private key, as this is stored in hardware, and can only be configured through an out-of-band channel. I already have a kernel module that exposes an API to userspace programs to use
> the accelerator. Now I just need to integrate it into openSSL.
>
>
> I've already created a similar engine for AES and SHA256, however I'm struggling with RSA. Ideally, I'd like to not have to worry about anything other than just performing the modular exponentiation
> on a pre-padded and prepared chunk of data. For SHA and AES, this is straightforward: all that was taken care of by the EVP interface, so all I needed to worry about was getting the data two and from
> my accelerators. But it doesn't appear to be as simple for RSA (pls correct me if I'm wrong).
>
>
> I'm confused as to which RSA_METHOD function pointers that my engine needs to implement. I show the structure below for reference:
>
> struct rsa_meth_st {
> char *name;
> int (*rsa_pub_enc) (int flen, const unsigned char *from,
> unsigned char *to, RSA *rsa, int padding);
> int (*rsa_pub_dec) (int flen, const unsigned char *from,
> unsigned char *to, RSA *rsa, int padding);
> int (*rsa_priv_enc) (int flen, const unsigned char *from,
> unsigned char *to, RSA *rsa, int padding);
> int (*rsa_priv_dec) (int flen, const unsigned char *from,
> unsigned char *to, RSA *rsa, int padding);
>
> int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
>
> int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
> const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
> /* ....stuff.... */
> int flags;
> /* .... stuff ... */
> }; // TYPEDEF'ED TO RSA_METHOD in include/ossl_typ.h
>
>
> *So, three questions:
> *
>
> *
> *
>
> 1. *Is it possible for the standard OpenSSL RSA implementation to use my engine's "modular exponentiation" function, without having to rewrite the RSA_[public|private]_[encrypt|decrypt] family of
> functions from /include/openssl/rsa.h?
> *
> 2. *If so, does it suffice to only implement the rsa_mod_exp function? *Or must I implement both public_enc/dec and private_enc/dec functions as well? I ask, because the source code for the old Intel
> RSAX engine (https://gist.github.com/bigbrett/91903f773f9d150b7329c7d462cd220a) does this, but I can't figure out how and when in the "RSA flow" the engine's function gets invoked.
> 3. In /include/openssl/rsa.h, I saw the following macro for the RSA_METHOD flag field (line 55):
>
> /*
> * This flag means the private key operations will be handled by rsa_mod_exp
> * and that they do not depend on the private key components being present:
> * for example a key stored in external hardware. Without this flag
> * bn_mod_exp gets called when private key components are absent.
> */
> # define RSA_FLAG_EXT_PKEY 0x0020
>
> *Does this mean that if I use this flag in the "flags" field of RSA_METHOD, that I DO NOT need to implement rsa_pub_enc/dec and friends? *I guess I'm just confused as to at what point in the RSA
> encryption/decryption process my engine should be invoked at.
>
>
> FWIW I'm planning on releasing a comprehensive engine tutorial and some documentation for all this stuff once I finish (will already be written up in my thesis), so I want to make sure I get these
> details ironed out!
>
>
> Any words of wisdom would be greatly appreciated.
>
> Best,
>
> Brett
>
>
>
>
--
Douglas E. Engert <DEEngert at gmail.com>
More information about the openssl-dev
mailing list