engine interface for genrsa

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

engine interface for genrsa

William Roberts
I am currently working on writing an openssl engine
to interface with a piece of hardware.

I am trying to understand how to implement
rsa key generation, where the private key
bytes would not be available.

I am currently invoking the
command:

openssl genrsa -engine foo

Which is calling my callback for RSA keygen, registered via ENGINE_set_RSA()
and I set the flags: RSA_FLAG_EXT_PKEY.

However, genrsa app seems to want rsa->e set here:
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2g/apps/genrsa.c#L291

I can't find documentation on how to handle the keygen interface
for RSA.

Can someone point me in the right direction?

Thanks,
Bill
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: engine interface for genrsa

Richard Levitte - VMS Whacker-2
In message <CAFftDdqWPXq1+Mo9_6J0EzhZ4uwg5QC=R5fx8N1j=[hidden email]> on Fri, 13 Apr 2018 09:17:28 -0700, William Roberts <[hidden email]> said:

bill.c.roberts> I am currently working on writing an openssl engine
bill.c.roberts> to interface with a piece of hardware.
bill.c.roberts>
bill.c.roberts> I am trying to understand how to implement
bill.c.roberts> rsa key generation, where the private key
bill.c.roberts> bytes would not be available.
bill.c.roberts>
bill.c.roberts> I am currently invoking the
bill.c.roberts> command:
bill.c.roberts>
bill.c.roberts> openssl genrsa -engine foo
bill.c.roberts>
bill.c.roberts> Which is calling my callback for RSA keygen, registered via ENGINE_set_RSA()
bill.c.roberts> and I set the flags: RSA_FLAG_EXT_PKEY.
bill.c.roberts>
bill.c.roberts> However, genrsa app seems to want rsa->e set here:
bill.c.roberts> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2g/apps/genrsa.c#L291
bill.c.roberts>
bill.c.roberts> I can't find documentation on how to handle the keygen interface
bill.c.roberts> for RSA.
bill.c.roberts>
bill.c.roberts> Can someone point me in the right direction?

e and n are public components of any RSA key pair (and RSA structure
in OpenSSL).  You *must* make them available.  The rest of the numbers
are private and do not need to be part of the RSA structure that
OpenSSL handles.

Cheers,
Richard

--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: engine interface for genrsa

William Roberts
On Fri, Apr 13, 2018 at 2:55 PM, Richard Levitte <[hidden email]> wrote:

> In message <CAFftDdqWPXq1+Mo9_6J0EzhZ4uwg5QC=R5fx8N1j=[hidden email]> on Fri, 13 Apr 2018 09:17:28 -0700, William Roberts <[hidden email]> said:
>
> bill.c.roberts> I am currently working on writing an openssl engine
> bill.c.roberts> to interface with a piece of hardware.
> bill.c.roberts>
> bill.c.roberts> I am trying to understand how to implement
> bill.c.roberts> rsa key generation, where the private key
> bill.c.roberts> bytes would not be available.
> bill.c.roberts>
> bill.c.roberts> I am currently invoking the
> bill.c.roberts> command:
> bill.c.roberts>
> bill.c.roberts> openssl genrsa -engine foo
> bill.c.roberts>
> bill.c.roberts> Which is calling my callback for RSA keygen, registered via ENGINE_set_RSA()
> bill.c.roberts> and I set the flags: RSA_FLAG_EXT_PKEY.
> bill.c.roberts>
> bill.c.roberts> However, genrsa app seems to want rsa->e set here:
> bill.c.roberts> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2g/apps/genrsa.c#L291
> bill.c.roberts>
> bill.c.roberts> I can't find documentation on how to handle the keygen interface
> bill.c.roberts> for RSA.
> bill.c.roberts>
> bill.c.roberts> Can someone point me in the right direction?
>
> e and n are public components of any RSA key pair (and RSA structure
> in OpenSSL).  You *must* make them available.  The rest of the numbers
> are private and do not need to be part of the RSA structure that
> OpenSSL handles.

Thanks. I went and read the RSA page on Wikipedia, and sure enough it
has what common meanings of what all the single letter variables
are in the RSA struct.
https://en.wikipedia.org/wiki/RSA_(cryptosystem)

>
> Cheers,
> Richard
>
> --
> Richard Levitte         [hidden email]
> OpenSSL Project         http://www.openssl.org/~levitte/
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: engine interface for genrsa

Scott Wisniewski
FYI:

If you provide an genrsa implementation in your engine that doesn't include the private parameters, even if it's marked with RSA_FLAG_EXT_PKEY, the openssl executable will not handle it correctly.

That's because genrsa_main assumes that the object that comes back is an rsa private key. So it will attempt to save a PEM encoded RSA private key even though it doesn't have the private key fields and openssl won't be able to open the saved file.

So, if you want to enable use of the openssl executable with genrsa being supported by your engine, you will actually need to modify apps/genrsa.c So that genrsa_main does:

if (RSA_test_flags(rsa, RSA_FLAG_EXT_PKEY) == RSA_FLAG_EXT_PKEY) {

    if (! PEM_write_bio_RSA_PUBKEY(out, rsa))

        goto end;

}

else {

    if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,

                                     (pem_password_cb *)password_callback,

                                     &cb_data))

        goto end;

}


instead of:

if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,

                                    (pem_password_cb *)password_callback,

                                    &cb_data))

       goto end;


And then it will save the key you generated in public key pem format. which will allow openssl to read it.

One thing to note:

None of the open source engines I checked (neither the PCKS11 engine, the NCipher engine, nor the CAPI engine) implement the genrsa hook. If you are looking for wide compatibility you may wish to ask your clients to do key generation using an external utility (as that's how almost everyone else does it). 

On Fri, Apr 13, 2018 at 5:28 PM, William Roberts <[hidden email]> wrote:
On Fri, Apr 13, 2018 at 2:55 PM, Richard Levitte <[hidden email]> wrote:
> In message <CAFftDdqWPXq1+Mo9_6J0EzhZ4uwg5QC=R5fx8N1j=[hidden email]> on Fri, 13 Apr 2018 09:17:28 -0700, William Roberts <[hidden email]> said:
>
> bill.c.roberts> I am currently working on writing an openssl engine
> bill.c.roberts> to interface with a piece of hardware.
> bill.c.roberts>
> bill.c.roberts> I am trying to understand how to implement
> bill.c.roberts> rsa key generation, where the private key
> bill.c.roberts> bytes would not be available.
> bill.c.roberts>
> bill.c.roberts> I am currently invoking the
> bill.c.roberts> command:
> bill.c.roberts>
> bill.c.roberts> openssl genrsa -engine foo
> bill.c.roberts>
> bill.c.roberts> Which is calling my callback for RSA keygen, registered via ENGINE_set_RSA()
> bill.c.roberts> and I set the flags: RSA_FLAG_EXT_PKEY.
> bill.c.roberts>
> bill.c.roberts> However, genrsa app seems to want rsa->e set here:
> bill.c.roberts> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2g/apps/genrsa.c#L291
> bill.c.roberts>
> bill.c.roberts> I can't find documentation on how to handle the keygen interface
> bill.c.roberts> for RSA.
> bill.c.roberts>
> bill.c.roberts> Can someone point me in the right direction?
>
> e and n are public components of any RSA key pair (and RSA structure
> in OpenSSL).  You *must* make them available.  The rest of the numbers
> are private and do not need to be part of the RSA structure that
> OpenSSL handles.

Thanks. I went and read the RSA page on Wikipedia, and sure enough it
has what common meanings of what all the single letter variables
are in the RSA struct.
https://en.wikipedia.org/wiki/RSA_(cryptosystem)

>
> Cheers,
> Richard
>
> --
> Richard Levitte         [hidden email]
> OpenSSL Project         http://www.openssl.org/~levitte/
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: engine interface for genrsa

William Roberts
On Thu, Apr 19, 2018 at 7:45 PM, Scott Wisniewski
<[hidden email]> wrote:

> FYI:
>
> If you provide an genrsa implementation in your engine that doesn't include
> the private parameters, even if it's marked with RSA_FLAG_EXT_PKEY, the
> openssl executable will not handle it correctly.
>
> That's because genrsa_main assumes that the object that comes back is an rsa
> private key. So it will attempt to save a PEM encoded RSA private key even
> though it doesn't have the private key fields and openssl won't be able to
> open the saved file.
>
> So, if you want to enable use of the openssl executable with genrsa being
> supported by your engine, you will actually need to modify apps/genrsa.c So
> that genrsa_main does:
>
> if (RSA_test_flags(rsa, RSA_FLAG_EXT_PKEY) == RSA_FLAG_EXT_PKEY) {
>
>     if (! PEM_write_bio_RSA_PUBKEY(out, rsa))
>
>         goto end;
>
> }
>
> else {
>
>     if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
>
>                                      (pem_password_cb *)password_callback,
>
>                                      &cb_data))
>
>         goto end;
>
> }
>
>
> instead of:
>
> if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
>
>                                     (pem_password_cb *)password_callback,
>
>                                     &cb_data))
>
>        goto end;
>
>
> And then it will save the key you generated in public key pem format. which
> will allow openssl to read it.

Good to know, thanks for the detail.

>
> One thing to note:
>
> None of the open source engines I checked (neither the PCKS11 engine, the
> NCipher engine, nor the CAPI engine) implement the genrsa hook. If you are
> looking for wide compatibility you may wish to ask your clients to do key
> generation using an external utility (as that's how almost everyone else
> does it).

I have only looked at the PKCS11 module, and it's quite limited in
functionality.
I've been extending it submitting patches as they make sense. I just added
random support.


>
> On Fri, Apr 13, 2018 at 5:28 PM, William Roberts <[hidden email]>
> wrote:
>>
>> On Fri, Apr 13, 2018 at 2:55 PM, Richard Levitte <[hidden email]>
>> wrote:
>> > In message
>> > <CAFftDdqWPXq1+Mo9_6J0EzhZ4uwg5QC=R5fx8N1j=[hidden email]> on Fri,
>> > 13 Apr 2018 09:17:28 -0700, William Roberts <[hidden email]> said:
>> >
>> > bill.c.roberts> I am currently working on writing an openssl engine
>> > bill.c.roberts> to interface with a piece of hardware.
>> > bill.c.roberts>
>> > bill.c.roberts> I am trying to understand how to implement
>> > bill.c.roberts> rsa key generation, where the private key
>> > bill.c.roberts> bytes would not be available.
>> > bill.c.roberts>
>> > bill.c.roberts> I am currently invoking the
>> > bill.c.roberts> command:
>> > bill.c.roberts>
>> > bill.c.roberts> openssl genrsa -engine foo
>> > bill.c.roberts>
>> > bill.c.roberts> Which is calling my callback for RSA keygen, registered
>> > via ENGINE_set_RSA()
>> > bill.c.roberts> and I set the flags: RSA_FLAG_EXT_PKEY.
>> > bill.c.roberts>
>> > bill.c.roberts> However, genrsa app seems to want rsa->e set here:
>> > bill.c.roberts>
>> > https://github.com/openssl/openssl/blob/OpenSSL_1_0_2g/apps/genrsa.c#L291
>> > bill.c.roberts>
>> > bill.c.roberts> I can't find documentation on how to handle the keygen
>> > interface
>> > bill.c.roberts> for RSA.
>> > bill.c.roberts>
>> > bill.c.roberts> Can someone point me in the right direction?
>> >
>> > e and n are public components of any RSA key pair (and RSA structure
>> > in OpenSSL).  You *must* make them available.  The rest of the numbers
>> > are private and do not need to be part of the RSA structure that
>> > OpenSSL handles.
>>
>> Thanks. I went and read the RSA page on Wikipedia, and sure enough it
>> has what common meanings of what all the single letter variables
>> are in the RSA struct.
>> https://en.wikipedia.org/wiki/RSA_(cryptosystem)
>>
>> >
>> > Cheers,
>> > Richard
>> >
>> > --
>> > Richard Levitte         [hidden email]
>> > OpenSSL Project         http://www.openssl.org/~levitte/
>> > --
>> > openssl-users mailing list
>> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: engine interface for genrsa

ojike asharpel
In reply to this post by Scott Wisniewski
Hello dear,
I joined these group so that l can get assistance for my research work. 
Up till now, l have not been able.

Here is my problem.

My Project is an Msc Research on HTTPS Man-In-The-Middle (MITM) Attack using a Compromised Certificate Authority.
Now I am going to be very elaborative so that you can read my mind and understand what I want to achieve.
I have a Journal base paper am already working on. The author designed a new HTTPAS (HTTP Active Secure) … These are the major work he did on his project. He designed a HTTPAS framework that will enhance Client-Server web Authentication and make the web authentication more comprehensive incase a MITM attacker has compromised one or few Certificate Authorities.
Note: The MITM attacker has different vantage point and different attacking patterns. For the
man-in-the-middle variant ①, the vantage point is close to the victim web user (e.g. a gateway or a wireless access point of the victim user is compromised by man-in-the-middle attackers), and
the attackers can blindly hijack all the HTTPS connections from the victim user to any remote web sites (i.e. the attacking pattern is non-selective hijacking).
Another Variant 2 takes the case that the vantage point is nearby web servers. This variant is harder to detect than the others, because nearly all the Internet paths to the victim web server necessarily pass through the vantage point.
Look at his designs

He designed a client-side countermeasure which enables a web user to actively collect site certificates from n different web sites. A man-in-the-middle attack can be confirmed if these n certificates are issued from less than μ CAs. (This countermeasure is based on a key insight that a large number of site certificates from different Internet domains are unlikely issued by the same CA, only if a man-in-the�middle variant is launched with a single compromised CA.)
He also designed another Client-side countermeasure by enabling web users to actively collect site certificates from other web servers of the same web site. The key insight of this countermeasure is that popular web sites usually deploy a large distributed system of servers across the Internet to serve end users from different regions for high availability and performance (i.e. content delivery network or CDN in short). These web servers are likely to use the certificates issued from the same CA, while the man-in-the-middle vantage point near one web server is unlikely to be close to others, especially the ones located in a different geographical region.
Concerning his implementations, please read very well…. “We evaluate these performance overheads 

by implementing a prototype of HTTPAS using OpenSSL stacks. Our HTTPAS prototype runs additional certificate collection and verification tasks in a parallel manner. We achieve this parallel solution by exploiting the C++ multi-threading programming. We conduct the performance evaluation by running our HTTPAS prototype implementation in a virtual machine and a real machine, both of which are located in our laboratory with 8-core 2.67 GHz central processing unit and 6 GB memory. We use the virtual machine for HTTPAS performance evaluation due to a very practical reason: lots of modern web sites are now hosted by cloud computing environments, where virtual machines are the web servers running behind.



Dear friends, l need help, even though,it might require some financial involvement.  I all respect that. I want to replicate this work and also improve it

On Apr 20, 2018 3:46 AM, "Scott Wisniewski" <[hidden email]> wrote:
FYI:

If you provide an genrsa implementation in your engine that doesn't include the private parameters, even if it's marked with RSA_FLAG_EXT_PKEY, the openssl executable will not handle it correctly.

That's because genrsa_main assumes that the object that comes back is an rsa private key. So it will attempt to save a PEM encoded RSA private key even though it doesn't have the private key fields and openssl won't be able to open the saved file.

So, if you want to enable use of the openssl executable with genrsa being supported by your engine, you will actually need to modify apps/genrsa.c So that genrsa_main does:

if (RSA_test_flags(rsa, RSA_FLAG_EXT_PKEY) == RSA_FLAG_EXT_PKEY) {

    if (! PEM_write_bio_RSA_PUBKEY(out, rsa))

        goto end;

}

else {

    if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,

                                     (pem_password_cb *)password_callback,

                                     &cb_data))

        goto end;

}


instead of:

if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,

                                    (pem_password_cb *)password_callback,

                                    &cb_data))

       goto end;


And then it will save the key you generated in public key pem format. which will allow openssl to read it.

One thing to note:

None of the open source engines I checked (neither the PCKS11 engine, the NCipher engine, nor the CAPI engine) implement the genrsa hook. If you are looking for wide compatibility you may wish to ask your clients to do key generation using an external utility (as that's how almost everyone else does it). 

On Fri, Apr 13, 2018 at 5:28 PM, William Roberts <[hidden email]> wrote:
On Fri, Apr 13, 2018 at 2:55 PM, Richard Levitte <[hidden email]> wrote:
> In message <CAFftDdqWPXq1+Mo9_6J0EzhZ4uwg5QC=R5fx8N1j=[hidden email]> on Fri, 13 Apr 2018 09:17:28 -0700, William Roberts <[hidden email]> said:
>
> bill.c.roberts> I am currently working on writing an openssl engine
> bill.c.roberts> to interface with a piece of hardware.
> bill.c.roberts>
> bill.c.roberts> I am trying to understand how to implement
> bill.c.roberts> rsa key generation, where the private key
> bill.c.roberts> bytes would not be available.
> bill.c.roberts>
> bill.c.roberts> I am currently invoking the
> bill.c.roberts> command:
> bill.c.roberts>
> bill.c.roberts> openssl genrsa -engine foo
> bill.c.roberts>
> bill.c.roberts> Which is calling my callback for RSA keygen, registered via ENGINE_set_RSA()
> bill.c.roberts> and I set the flags: RSA_FLAG_EXT_PKEY.
> bill.c.roberts>
> bill.c.roberts> However, genrsa app seems to want rsa->e set here:
> bill.c.roberts> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2g/apps/genrsa.c#L291
> bill.c.roberts>
> bill.c.roberts> I can't find documentation on how to handle the keygen interface
> bill.c.roberts> for RSA.
> bill.c.roberts>
> bill.c.roberts> Can someone point me in the right direction?
>
> e and n are public components of any RSA key pair (and RSA structure
> in OpenSSL).  You *must* make them available.  The rest of the numbers
> are private and do not need to be part of the RSA structure that
> OpenSSL handles.

Thanks. I went and read the RSA page on Wikipedia, and sure enough it
has what common meanings of what all the single letter variables
are in the RSA struct.
https://en.wikipedia.org/wiki/RSA_(cryptosystem)

>
> Cheers,
> Richard
>
> --
> Richard Levitte         [hidden email]
> OpenSSL Project         http://www.openssl.org/~levitte/
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users