Extracting the public modulus from an RSA public key?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Extracting the public modulus from an RSA public key?

Thomas Dwyer III
I'm porting some old legacy code from OpenSSL 1.0.2 to OpenSSL 3.0.0. A portion of this code reads X509 certificates, extracts the public key, and passes it to firmware that I cannot modify. Unfortunately, this legacy firmware API was very poorly designed such that the public key is passed in a way similar to:

    RSA *rsa = get_pubkey_from_cert(...)
    BIGNUM *bn = rsa->n;
    int len = BN_num_bytes(bn);
    unsigned char *buf = malloc(len);
    BN_bn2bin(bn, buf);
    pubkey_to_firmware(buf, len);

Yuck. Ignoring the fact that this firmware appears to assume a constant exponent 'e', I cannot find a way to extract the modulus 'n' from the RSA key. I understand this is intentional. The only solution I could find is to print the key to a buffer via EVP_PKEY_print_public(), parse the result to extract the modulus into a giant hex string, and then BN_hex2bn() that back into a BIGNUM. Is there a better way?


Thanks,
Tom.III

Reply | Threaded
Open this post in threaded view
|

Re: Extracting the public modulus from an RSA public key?

Dr Paul Dale
Might I suggest reading the documentation?

RSA_get0_n() is the function you are wanting.


Pauli
-- 
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia




On 6 May 2020, at 2:20 pm, Thomas Dwyer III <[hidden email]> wrote:

I'm porting some old legacy code from OpenSSL 1.0.2 to OpenSSL 3.0.0. A portion of this code reads X509 certificates, extracts the public key, and passes it to firmware that I cannot modify. Unfortunately, this legacy firmware API was very poorly designed such that the public key is passed in a way similar to:

    RSA *rsa = get_pubkey_from_cert(...)
    BIGNUM *bn = rsa->n;
    int len = BN_num_bytes(bn);
    unsigned char *buf = malloc(len);
    BN_bn2bin(bn, buf);
    pubkey_to_firmware(buf, len);

Yuck. Ignoring the fact that this firmware appears to assume a constant exponent 'e', I cannot find a way to extract the modulus 'n' from the RSA key. I understand this is intentional. The only solution I could find is to print the key to a buffer via EVP_PKEY_print_public(), parse the result to extract the modulus into a giant hex string, and then BN_hex2bn() that back into a BIGNUM. Is there a better way?


Thanks,
Tom.III


Reply | Threaded
Open this post in threaded view
|

Re: Extracting the public modulus from an RSA public key?

Thomas Dwyer III
Ugh. So simple! I don't know how I missed that. I found get0 & get1 accessors for many other structures but I didn't see that one.


Thanks,
Tom.III


On Tue, May 5, 2020 at 9:50 PM Dr Paul Dale <[hidden email]> wrote:
Might I suggest reading the documentation?

RSA_get0_n() is the function you are wanting.


Pauli
-- 
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia




On 6 May 2020, at 2:20 pm, Thomas Dwyer III <[hidden email]> wrote:

I'm porting some old legacy code from OpenSSL 1.0.2 to OpenSSL 3.0.0. A portion of this code reads X509 certificates, extracts the public key, and passes it to firmware that I cannot modify. Unfortunately, this legacy firmware API was very poorly designed such that the public key is passed in a way similar to:

    RSA *rsa = get_pubkey_from_cert(...)
    BIGNUM *bn = rsa->n;
    int len = BN_num_bytes(bn);
    unsigned char *buf = malloc(len);
    BN_bn2bin(bn, buf);
    pubkey_to_firmware(buf, len);

Yuck. Ignoring the fact that this firmware appears to assume a constant exponent 'e', I cannot find a way to extract the modulus 'n' from the RSA key. I understand this is intentional. The only solution I could find is to print the key to a buffer via EVP_PKEY_print_public(), parse the result to extract the modulus into a giant hex string, and then BN_hex2bn() that back into a BIGNUM. Is there a better way?


Thanks,
Tom.III