Quantcast

Re: How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

Jakob Bohm-7
On 17/02/2017 15:25, Stephan Mühlstrasser wrote:
> Hi,
>
> we use OpenSSL 1.0.2 together with PKCS#11 tokens by plugging methods
> into the RSA_METHOD structure that interface with the PKCS#11 token,
> and this works fine so far. However, for creating RSA signatures with
> PSS padding this strategy doesn't work anymore, because OpenSSL wants
> to directly encrypt with the private key in this case, which is not
> possible in PKCS#11.
>
I believe some PKCS#11 tokens can do this by using CKM_RSA_X_509

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

Stephan Mühlstrasser
Am 17.02.17 um 16:09 schrieb Jakob Bohm:

> On 17/02/2017 15:25, Stephan Mühlstrasser wrote:
>> Hi,
>>
>> we use OpenSSL 1.0.2 together with PKCS#11 tokens by plugging methods
>> into the RSA_METHOD structure that interface with the PKCS#11 token,
>> and this works fine so far. However, for creating RSA signatures with
>> PSS padding this strategy doesn't work anymore, because OpenSSL wants
>> to directly encrypt with the private key in this case, which is not
>> possible in PKCS#11.
>>
> I believe some PKCS#11 tokens can do this by using CKM_RSA_X_509

How could that work? If I understand the PKCS#11 specification correctly
it is not possible in principle to use private keys for encryption via
the C_EncryptInit() and C_Encrypt() functions, for the following reasons:

1) Private keys are not allowed to have the CKA_ENCRYPT attribute (see
"Table 30, Common Private Key Attributes" in the PKCS#11 specification,
which does not list the CKA_ENCRYPT attribute).

2) For the C_EncryptInit() to succeed the key must have the attribute
CKA_ENCRYPT=true.

 From the PKCS#11 documentation of C_EncryptInit():

"The CKA_ENCRYPT attribute of the encryption key, which indicates
whether the key supports encryption, must be CK_TRUE."

--
Stephan

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

Jakob Bohm-7
On 17/02/2017 16:21, Stephan Mühlstrasser wrote:

> Am 17.02.17 um 16:09 schrieb Jakob Bohm:
>> On 17/02/2017 15:25, Stephan Mühlstrasser wrote:
>>> Hi,
>>>
>>> we use OpenSSL 1.0.2 together with PKCS#11 tokens by plugging methods
>>> into the RSA_METHOD structure that interface with the PKCS#11 token,
>>> and this works fine so far. However, for creating RSA signatures with
>>> PSS padding this strategy doesn't work anymore, because OpenSSL wants
>>> to directly encrypt with the private key in this case, which is not
>>> possible in PKCS#11.
>>>
>> I believe some PKCS#11 tokens can do this by using CKM_RSA_X_509
>
> How could that work? If I understand the PKCS#11 specification
> correctly it is not possible in principle to use private keys for
> encryption via the C_EncryptInit() and C_Encrypt() functions, for the
> following reasons:
>
> 1) Private keys are not allowed to have the CKA_ENCRYPT attribute (see
> "Table 30, Common Private Key Attributes" in the PKCS#11
> specification, which does not list the CKA_ENCRYPT attribute).
>
> 2) For the C_EncryptInit() to succeed the key must have the attribute
> CKA_ENCRYPT=true.
>
> From the PKCS#11 documentation of C_EncryptInit():
>
> "The CKA_ENCRYPT attribute of the encryption key, which indicates
> whether the key supports encryption, must be CK_TRUE."
>
Some token keys on some tokens (think e-mail decryption private keys or
TLS server private keys) intentionally support decryption of a wrapped
symmetric key via PKCS#11 mechanisms such as the one from PKCS1v1.5 or OAEP.

The precise set of such public key operations available is given by the set
of "mechanisms" enumerated by the pkcs11 driver for the individual token.

One of the defined mechanisms (the one confusingly named "X509") appears to
actually be the raw RSA operation, thus allowing it to be repurposed to
implement any RSA scheme (such as PSS, or SHA-256 signatures) that might
be missing on the token iteself.  But this obviously only works for those
tokens that allow this, which varies by token model, token configuration
and PKCS11-driver version.

This obviously isn't possible for all tokens, and thus in general doesn't
solve your original problem for those tokens that support PSS signatures
natively, but not the raw RSA operation.  But it can be helpful for those
tokens that do support the raw RSA operation and expose this ability
through
their PKCS#11 drivers.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

Stephan Mühlstrasser
Jakob,

Am 17.02.17 um 18:43 schrieb Jakob Bohm:

>> ...
> Some token keys on some tokens (think e-mail decryption private keys or
> TLS server private keys) intentionally support decryption of a wrapped
> symmetric key via PKCS#11 mechanisms such as the one from PKCS1v1.5 or
> OAEP.
>
> The precise set of such public key operations available is given by the set
> of "mechanisms" enumerated by the pkcs11 driver for the individual token.
>
> One of the defined mechanisms (the one confusingly named "X509") appears to
> actually be the raw RSA operation, thus allowing it to be repurposed to
> implement any RSA scheme (such as PSS, or SHA-256 signatures) that might
> be missing on the token iteself.  But this obviously only works for those
> tokens that allow this, which varies by token model, token configuration
> and PKCS11-driver version.
>
> This obviously isn't possible for all tokens, and thus in general doesn't
> solve your original problem for those tokens that support PSS signatures
> natively, but not the raw RSA operation.  But it can be helpful for those
> tokens that do support the raw RSA operation and expose this ability
> through
> their PKCS#11 drivers.

thank you for the explanation about the CKM_RSA_X_509 mechanism. I was
not aware of its meaning, and I will study it in more detail. The tokens
that I have access to do provide this mechanism, so I can experiment
with it.

Regarding my original question, does anybody have comments whether and
if so how it is possible to override methods in a EVP_PKEY_METHOD structure?

Thank you.

--
Stephan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...