[openssl-dev] confusion with rsa_meth_st in a custom RSA engine

Mon Aug 28 18:05:44 UTC 2017

> Note also that if you set the public key components (n, e) you don't need
> to perform the public key operations in your ENGINE if you keep the original
> bn_mod_exp(): OpenSSL will do them for you

This is good to know. However, I think I will be implementing modular exponentiation for both public and private keys in hardware for proof of concept.

One more follow up question:

> If possible you should set the public key components anyway: some operations

> such as generating certificate requests require them to be present

I'm confused what you mean here, since my engine doesn't "own" any instances of an RSA struct, it just has a static instance of RSA_METHOD struct defined. So therefore my engine never "sets" public or private key components. It just uses the modexp functions to write the public/private data (contained in the RSA struct passed as an argument from the higher level encrypt/decrypt functions) out to the hardware accelerator, and then return the result. So I could never "set the public key components anyway", as they would be set by whichever program calls RSA_public/private_encrypt/decrypt().

Is my implementing it in this way different than how you thought I was implementing it? It made sense to me to do it this way, however please let me know if you think I'm going about it wrong, or if there are issues with this particular strategy. I want to make sure I'm using the engine API in the most intuitive and efficient way!

Brett

________________________________
From: openssl-dev <openssl-dev-bounces at openssl.org> on behalf of Dr. Stephen Henson <steve at openssl.org>
Sent: Monday, August 28, 2017 10:32:30 AM
To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] confusion with rsa_meth_st in a custom RSA engine

On Mon, Aug 28, 2017, Brett R. Nicholas wrote:

> > The rsa_mod_exp function is only called for private key operations. You can't
> > tell if it is a private encrypt or a private decrypt though but that
> > shouldn't matter because the operation performed at that level is the same for
> > both.
>
> Ah, I see. So to clarify (pls correct me if I'm wrong):
>
>   *   rsa_mod_exp() is the modular exponentiation function that openSSL will attempt to use for all private key operations (if RSA_FLAG_EXT_PKEY is set, or the private parameters of that method are non-null), before defaulting to bn_mod_exp().
>   *   And bn_mod_exp() is the modular exponentiation function used by all public key operations
>
>
> So in my case, I should set RSA_FLAG_EX_PKEY in my engine's RSA_METHOD struct, and then implement my own versions of rsa_mod_exp (for the private key encryption/decryption), and bn_mod_exp (for the public key encryption/decryption).
>
>

Yes. Note also that if you set the public key components (n, e) you don't need
to perform the public key operations in your ENGINE if you keep the original
bn_mod_exp(): OpenSSL will do them for you. If possible you should set the
public key components anyway: some operations such as generating certificate
requests require them to be present.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.openssl.org&data=02%7C01%7Cbrett.r.nicholas.th%40dartmouth.edu%7Cb1b7883dd5584c8488d708d4ee3ac4e4%7C995b093648d640e5a31ebf689ec9446f%7C0%7C0%7C636395383568793933&sdata=wDesZm0QTSpMHyOtQyAaWQRzEVYFmp9ewgZaZDn6unI%3D&reserved=0
--
openssl-dev mailing list
To unsubscribe: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmta.openssl.org%2Fmailman%2Flistinfo%2Fopenssl-dev&data=02%7C01%7Cbrett.r.nicholas.th%40dartmouth.edu%7Cb1b7883dd5584c8488d708d4ee3ac4e4%7C995b093648d640e5a31ebf689ec9446f%7C0%7C0%7C636395383568793933&sdata=g8dPj%2Fx9GwR6ldjezTCNKWkvcIOzy1nK0wSLK30ZjjY%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170828/8cb72dbe/attachment-0001.html>