ENGINE_load_private_key does not get invoked

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

ENGINE_load_private_key does not get invoked

Mahendra SP
Hi All,

While writing the engine implementation for private key encryption and decryption, I need to get the private key from external source. 
ENGINE_set_load_privkey_function(e, load_tpm_private_key)
Above API is success.

RSA structure is as below.
RSA_METHOD my_rsa_struct =
{
   "MY RSA method",
   NULL,
   NULL,
   MyRSAPrivEnc,
   MyRSAPrivDec,
   NULL, 
   NULL,
   NULL, 
   NULL,
   0, 
   NULL,
   NULL,
   NULL,
   NULL
};

However, the routine load_tpm_private_key  does not get invoked during private key encryption and decryption.
Private key encryption and decryption gets routed to the above overloaded routines namely " MyRSAPrivEnc " and " MyRSAPrivDec". But  load_tpm_private_key never gets invoked. 

Is there a flag  to force the same ? I have tried it using openssl 1.0.2 version. All other engine calls work as expected, but not this one. 

I have also tried to debug in ENGINE_load_private_key in eng_pkey.c file. I dont see this function getting invoked. In this function, the private key callback set above gets invoked.
 
Please suggest if I am missing something here.

Thanks
Mahendra
Reply | Threaded
Open this post in threaded view
|

Re: ENGINE_load_private_key does not get invoked

Dmitry Belyavsky-3
Dear Mahendra,

Take a look at the load_key function in the apps/apps.c as a referent example.

On Mon, Apr 20, 2020 at 2:34 PM Mahendra SP <[hidden email]> wrote:
Hi All,

While writing the engine implementation for private key encryption and decryption, I need to get the private key from external source. 
ENGINE_set_load_privkey_function(e, load_tpm_private_key)
Above API is success.

RSA structure is as below.
RSA_METHOD my_rsa_struct =
{
   "MY RSA method",
   NULL,
   NULL,
   MyRSAPrivEnc,
   MyRSAPrivDec,
   NULL, 
   NULL,
   NULL, 
   NULL,
   0, 
   NULL,
   NULL,
   NULL,
   NULL
};

However, the routine load_tpm_private_key  does not get invoked during private key encryption and decryption.
Private key encryption and decryption gets routed to the above overloaded routines namely " MyRSAPrivEnc " and " MyRSAPrivDec". But  load_tpm_private_key never gets invoked. 

Is there a flag  to force the same ? I have tried it using openssl 1.0.2 version. All other engine calls work as expected, but not this one. 

I have also tried to debug in ENGINE_load_private_key in eng_pkey.c file. I dont see this function getting invoked. In this function, the private key callback set above gets invoked.
 
Please suggest if I am missing something here.

Thanks
Mahendra


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: ENGINE_load_private_key does not get invoked

Mahendra SP
Hi Dmitry Belyavsky,

Thank you for the inputs. If I understand correctly, the reference indicates loading the private key to engine instance.

My requirement is to call the ENGINE_set_load_privkey_function so that the callback gets called before each RSA private key operation.
Reason being, application can use either key with TPM or keys in software. So I need to load the correct key before each operation gets invoked.I was looking at 
ENGINE_set_load_privkey_function  to set the callback.Is this understanding correct ? 

Please suggest.

Thanks
Mahendra

  

On Mon, Apr 20, 2020 at 8:43 PM Dmitry Belyavsky <[hidden email]> wrote:
Dear Mahendra,

Take a look at the load_key function in the apps/apps.c as a referent example.

On Mon, Apr 20, 2020 at 2:34 PM Mahendra SP <[hidden email]> wrote:
Hi All,

While writing the engine implementation for private key encryption and decryption, I need to get the private key from external source. 
ENGINE_set_load_privkey_function(e, load_tpm_private_key)
Above API is success.

RSA structure is as below.
RSA_METHOD my_rsa_struct =
{
   "MY RSA method",
   NULL,
   NULL,
   MyRSAPrivEnc,
   MyRSAPrivDec,
   NULL, 
   NULL,
   NULL, 
   NULL,
   0, 
   NULL,
   NULL,
   NULL,
   NULL
};

However, the routine load_tpm_private_key  does not get invoked during private key encryption and decryption.
Private key encryption and decryption gets routed to the above overloaded routines namely " MyRSAPrivEnc " and " MyRSAPrivDec". But  load_tpm_private_key never gets invoked. 

Is there a flag  to force the same ? I have tried it using openssl 1.0.2 version. All other engine calls work as expected, but not this one. 

I have also tried to debug in ENGINE_load_private_key in eng_pkey.c file. I dont see this function getting invoked. In this function, the private key callback set above gets invoked.
 
Please suggest if I am missing something here.

Thanks
Mahendra


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: ENGINE_load_private_key does not get invoked

Dmitry Belyavsky-3
Dear Mahendra,

On Mon, Apr 20, 2020 at 7:27 PM Mahendra SP <[hidden email]> wrote:
Hi Dmitry Belyavsky,

Thank you for the inputs. If I understand correctly, the reference indicates loading the private key to engine instance.

My requirement is to call the ENGINE_set_load_privkey_function so that the callback gets called before each RSA private key operation.
Reason being, application can use either key with TPM or keys in software. So I need to load the correct key before each operation gets invoked.I was looking at 
ENGINE_set_load_privkey_function  to set the callback.Is this understanding correct ? 

You specify the engine-specific function via ENGINE_set_load_privkey_function.

After that, you can load your key using ENGINE_load_private_key - 
if you pass the reference to your engine to it, the function set via 
ENGINE_set_load_privkey_function will be used.


Please suggest.

Thanks
Mahendra

  

On Mon, Apr 20, 2020 at 8:43 PM Dmitry Belyavsky <[hidden email]> wrote:
Dear Mahendra,

Take a look at the load_key function in the apps/apps.c as a referent example.

On Mon, Apr 20, 2020 at 2:34 PM Mahendra SP <[hidden email]> wrote:
Hi All,

While writing the engine implementation for private key encryption and decryption, I need to get the private key from external source. 
ENGINE_set_load_privkey_function(e, load_tpm_private_key)
Above API is success.

RSA structure is as below.
RSA_METHOD my_rsa_struct =
{
   "MY RSA method",
   NULL,
   NULL,
   MyRSAPrivEnc,
   MyRSAPrivDec,
   NULL, 
   NULL,
   NULL, 
   NULL,
   0, 
   NULL,
   NULL,
   NULL,
   NULL
};

However, the routine load_tpm_private_key  does not get invoked during private key encryption and decryption.
Private key encryption and decryption gets routed to the above overloaded routines namely " MyRSAPrivEnc " and " MyRSAPrivDec". But  load_tpm_private_key never gets invoked. 

Is there a flag  to force the same ? I have tried it using openssl 1.0.2 version. All other engine calls work as expected, but not this one. 

I have also tried to debug in ENGINE_load_private_key in eng_pkey.c file. I dont see this function getting invoked. In this function, the private key callback set above gets invoked.
 
Please suggest if I am missing something here.

Thanks
Mahendra


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: ENGINE_load_private_key does not get invoked

Mahendra SP
Hi Dmitry Belyavsky,

Thank you..To give more info, I am looking at something similar the engine in e_4758cca.c in engines folder where  ENGINE_set_load_privkey_function is called.
My understanding was, once the callback is set, it automatically gets called during RSA operations. As demostrated in e_4758cca.c, ex data can be added and during private key operations, same can be access to decide the operation. Is this not correct ?
From your above inputs, looks like ENGINE_set_load_privkey_function needs to be called to invoke the callback.

 e_4758cca.c shows that in callback, RSA can be modified to add the ex data so that same can be accessed during RSA private key operations. 
To confirm, once the callback is registered using ENGINE_set_load_privkey_function, callback gets called by openssl before every private key operation. Is this correct ? 

Thanks
Mahendra


On Mon, Apr 20, 2020 at 10:03 PM Dmitry Belyavsky <[hidden email]> wrote:
Dear Mahendra,

On Mon, Apr 20, 2020 at 7:27 PM Mahendra SP <[hidden email]> wrote:
Hi Dmitry Belyavsky,

Thank you for the inputs. If I understand correctly, the reference indicates loading the private key to engine instance.

My requirement is to call the ENGINE_set_load_privkey_function so that the callback gets called before each RSA private key operation.
Reason being, application can use either key with TPM or keys in software. So I need to load the correct key before each operation gets invoked.I was looking at 
ENGINE_set_load_privkey_function  to set the callback.Is this understanding correct ? 

You specify the engine-specific function via ENGINE_set_load_privkey_function.

After that, you can load your key using ENGINE_load_private_key - 
if you pass the reference to your engine to it, the function set via 
ENGINE_set_load_privkey_function will be used.


Please suggest.

Thanks
Mahendra

  

On Mon, Apr 20, 2020 at 8:43 PM Dmitry Belyavsky <[hidden email]> wrote:
Dear Mahendra,

Take a look at the load_key function in the apps/apps.c as a referent example.

On Mon, Apr 20, 2020 at 2:34 PM Mahendra SP <[hidden email]> wrote:
Hi All,

While writing the engine implementation for private key encryption and decryption, I need to get the private key from external source. 
ENGINE_set_load_privkey_function(e, load_tpm_private_key)
Above API is success.

RSA structure is as below.
RSA_METHOD my_rsa_struct =
{
   "MY RSA method",
   NULL,
   NULL,
   MyRSAPrivEnc,
   MyRSAPrivDec,
   NULL, 
   NULL,
   NULL, 
   NULL,
   0, 
   NULL,
   NULL,
   NULL,
   NULL
};

However, the routine load_tpm_private_key  does not get invoked during private key encryption and decryption.
Private key encryption and decryption gets routed to the above overloaded routines namely " MyRSAPrivEnc " and " MyRSAPrivDec". But  load_tpm_private_key never gets invoked. 

Is there a flag  to force the same ? I have tried it using openssl 1.0.2 version. All other engine calls work as expected, but not this one. 

I have also tried to debug in ENGINE_load_private_key in eng_pkey.c file. I dont see this function getting invoked. In this function, the private key callback set above gets invoked.
 
Please suggest if I am missing something here.

Thanks
Mahendra


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: ENGINE_load_private_key does not get invoked

Dmitry Belyavsky-3
Dear Mahendra,

On Mon, Apr 20, 2020 at 7:57 PM Mahendra SP <[hidden email]> wrote:
Hi Dmitry Belyavsky,

Thank you..To give more info, I am looking at something similar the engine in e_4758cca.c in engines folder where  ENGINE_set_load_privkey_function is called.
My understanding was, once the callback is set, it automatically gets called during RSA operations. As demostrated in e_4758cca.c, ex data can be added and during private key operations, same can be access to decide the operation. Is this not correct ?
From your above inputs, looks like ENGINE_set_load_privkey_function needs to be called to invoke the callback.

 e_4758cca.c shows that in callback, RSA can be modified to add the ex data so that same can be accessed during RSA private key operations. 
To confirm, once the callback is registered using ENGINE_set_load_privkey_function, callback gets called by openssl before every private key operation. Is this correct ? 

If I understand you correctly, yes.
 

Thanks
Mahendra


On Mon, Apr 20, 2020 at 10:03 PM Dmitry Belyavsky <[hidden email]> wrote:
Dear Mahendra,

On Mon, Apr 20, 2020 at 7:27 PM Mahendra SP <[hidden email]> wrote:
Hi Dmitry Belyavsky,

Thank you for the inputs. If I understand correctly, the reference indicates loading the private key to engine instance.

My requirement is to call the ENGINE_set_load_privkey_function so that the callback gets called before each RSA private key operation.
Reason being, application can use either key with TPM or keys in software. So I need to load the correct key before each operation gets invoked.I was looking at 
ENGINE_set_load_privkey_function  to set the callback.Is this understanding correct ? 

You specify the engine-specific function via ENGINE_set_load_privkey_function.

After that, you can load your key using ENGINE_load_private_key - 
if you pass the reference to your engine to it, the function set via 
ENGINE_set_load_privkey_function will be used.


Please suggest.

Thanks
Mahendra

  

On Mon, Apr 20, 2020 at 8:43 PM Dmitry Belyavsky <[hidden email]> wrote:
Dear Mahendra,

Take a look at the load_key function in the apps/apps.c as a referent example.

On Mon, Apr 20, 2020 at 2:34 PM Mahendra SP <[hidden email]> wrote:
Hi All,

While writing the engine implementation for private key encryption and decryption, I need to get the private key from external source. 
ENGINE_set_load_privkey_function(e, load_tpm_private_key)
Above API is success.

RSA structure is as below.
RSA_METHOD my_rsa_struct =
{
   "MY RSA method",
   NULL,
   NULL,
   MyRSAPrivEnc,
   MyRSAPrivDec,
   NULL, 
   NULL,
   NULL, 
   NULL,
   0, 
   NULL,
   NULL,
   NULL,
   NULL
};

However, the routine load_tpm_private_key  does not get invoked during private key encryption and decryption.
Private key encryption and decryption gets routed to the above overloaded routines namely " MyRSAPrivEnc " and " MyRSAPrivDec". But  load_tpm_private_key never gets invoked. 

Is there a flag  to force the same ? I have tried it using openssl 1.0.2 version. All other engine calls work as expected, but not this one. 

I have also tried to debug in ENGINE_load_private_key in eng_pkey.c file. I dont see this function getting invoked. In this function, the private key callback set above gets invoked.
 
Please suggest if I am missing something here.

Thanks
Mahendra


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky