Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?
On Mon, Feb 27, 2017, Stephan M?hlstrasser wrote: > Am 27.02.17 um 15:34 schrieb Dr. Stephen Henson: > > >There shouldn't be any need to add the method to the list: it should be > >possible to associate an EVP_PKEY with a non-default method (e.g. explicitly > >or implemented in an ENGINE). I say *should* because there doesn't seem to be > >currently a way to do that without changing EVP_PKEY internal fields (which > >isn't possible in 1.1.0 anyway). > > I'm sorry, I don't get what you are trying to tell me in the above > paragraph. Are you talking about an alternative way to set up the > methods in the EVP_PKEY_METHOD structure? > Well this is by analogy with how the other algorithm specific methods work. With RSA_METHOD et al there are two ways to provide your own mechanisms for operations. If it's a general purpose mechanism (e.g. a crypto accelerator) which should perform all RSA operations you can provide the default method. If you want to only affect certain keys (e.g. those tied to a specific HSM) you *can* do this via the default method and just check each key as it goes through (e.g. some ex_data attached to it) and only handle those of interest passing the rest to the default operation. There is an alternative way. You create a custom method and set that as the key's internal method. Then any existing keys use the default method as usual but the keys you care about go through the custom method. For EVP_PKEY_METHOD you can provide the default implementation for an algorithm but unfortunately there is no way to provide a key specific method which is transparently used. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?
Am 27.02.17 um 15:34 schrieb Dr. Stephen Henson: On Mon, Feb 27, 2017, Stephan M?hlstrasser wrote: How is it supposed to be possible to retrieve the original operations from an EVP_PKEY_METHOD pointer? Ah I see you're using OpenSSL 1.0.2. There isn't a way to get the existing function pointers in 1.0.2, the "getter" functions are only in 1.1.0. Ok, I looked at the evp.h header in the 1.1.0 branch, and there I can see the getter functions. So I understand that I would have to backport those getter functions to the 1.0.2 branch in my repository if I wanted to use them with 1.0.2. There shouldn't be any need to add the method to the list: it should be possible to associate an EVP_PKEY with a non-default method (e.g. explicitly or implemented in an ENGINE). I say *should* because there doesn't seem to be currently a way to do that without changing EVP_PKEY internal fields (which isn't possible in 1.1.0 anyway). I'm sorry, I don't get what you are trying to tell me in the above paragraph. Are you talking about an alternative way to set up the methods in the EVP_PKEY_METHOD structure? -- Stephan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?
On Mon, Feb 27, 2017, Stephan M?hlstrasser wrote: > Steve, > > Am 25.02.17 um 05:53 schrieb Dr. Stephen Henson: > >On Fri, Feb 17, 2017, Stephan M?hlstrasser wrote: > >... > >>Is it possible to override methods in an EVP_PKEY_METHOD structure, > >>or would it be necessary to implement a whole OpenSSL engine to do > >>what I want? > >> > > > >It should be possible yes, though AFAIK no one has yet tried to do this so > >there may be some pieces missing. > > > >In outline you'd retrieve the appropriate EVP_PKEY_METHOD for the algorithm > >of > >interest, make a copy of it and then set the operation you wish to override, > >you can also retrieve the original operation in case you sometimes wish to > >call that. > > thanks for confirming that this should be possible in principle. > > I guess my problem was that I thought one must retrieve the > EVP_PKEY_METHOD from the EVP_PKEY_CTX pointer. As you are saying it > must be retrieved for the algorithm, I think I understood now that > it must be fetched via EVP_PKEY_meth_find(). > > Is the following sketch roughly appropriate? > > int my_sign_init_function(EVP_PKEY_CTX *ctx); > int my_sign_function(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t > *siglen, const unsigned char *tbs, size_t tbslen); > > const EVP_PKEY_METHOD *rsa_meth = EVP_PKEY_meth_find(EVP_PKEY_RSA); > EVP_PKEY_METHOD *new_rsa_meth = EVP_PKEY_meth_new(EVP_PKEY_RSA, 0); > EVP_PKEY_meth_copy(new_rsa_meth, rsa_meth); > EVP_PKEY_meth_set_sign(new_rsa_meth, my_sign_init_function, > my_sign_function); > EVP_PKEY_meth_add0(new_rsa_meth); > > What is still unclear to me is how to retrieve the original function > pointers from the EVP_PKEY_METHOD. EVP_PKEY_METHOD is an opaque > structure, and I could not find a getter counterpart for > EVP_PKEY_meth_set_sign(). > > How is it supposed to be possible to retrieve the original > operations from an EVP_PKEY_METHOD pointer? > Ah I see you're using OpenSSL 1.0.2. There isn't a way to get the existing function pointers in 1.0.2, the "getter" functions are only in 1.1.0. There shouldn't be any need to add the method to the list: it should be possible to associate an EVP_PKEY with a non-default method (e.g. explicitly or implemented in an ENGINE). I say *should* because there doesn't seem to be currently a way to do that without changing EVP_PKEY internal fields (which isn't possible in 1.1.0 anyway). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?
On Fri, Feb 17, 2017, Stephan M?hlstrasser wrote: > Hi, > > we use OpenSSL 1.0.2 together with PKCS#11 tokens by plugging > methods into the RSA_METHOD structure that interface with the > PKCS#11 token, and this works fine so far. However, for creating RSA > signatures with PSS padding this strategy doesn't work anymore, > because OpenSSL wants to directly encrypt with the private key in > this case, which is not possible in PKCS#11. > > Therefore my idea is to override the function pkey_rsa_sign() and > plug a wrapper around it into the EVP_PKEY_METHOD structure that is > associated with the EVP_PKEY_CTX to handle this special situation. > > The header evp.h declares the following functions among others: > > EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags); > void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); > > void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, > int (*sign_init)(EVP_PKEY_CTX *ctx), > int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, > size_t *siglen, const unsigned char *tbs, size_t tbslen)); > > But I can't figure out how to use these functions to achieve what I > want, because the following pieces seem to be missing: > > - Retrieve the EVP_PKEY_METHOD pointer from a EVP_PKEY_CTX pointer > - Set the EVP_PKEY_METHOD pointer for a EVP_PKEY_CTX pointer > - Retrieve the existing "sign_init" and "sign" function pointers > from an initialized EVP_PKEY_METHOD pointer for being able to wrap > them > > Is it possible to override methods in an EVP_PKEY_METHOD structure, > or would it be necessary to implement a whole OpenSSL engine to do > what I want? > It should be possible yes, though AFAIK no one has yet tried to do this so there may be some pieces missing. In outline you'd retrieve the appropriate EVP_PKEY_METHOD for the algorithm of interest, make a copy of it and then set the operation you wish to override, you can also retrieve the original operation in case you sometimes wish to call that. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?
Jakob, Am 17.02.17 um 18:43 schrieb Jakob Bohm: ... Some token keys on some tokens (think e-mail decryption private keys or TLS server private keys) intentionally support decryption of a wrapped symmetric key via PKCS#11 mechanisms such as the one from PKCS1v1.5 or OAEP. The precise set of such public key operations available is given by the set of "mechanisms" enumerated by the pkcs11 driver for the individual token. One of the defined mechanisms (the one confusingly named "X509") appears to actually be the raw RSA operation, thus allowing it to be repurposed to implement any RSA scheme (such as PSS, or SHA-256 signatures) that might be missing on the token iteself. But this obviously only works for those tokens that allow this, which varies by token model, token configuration and PKCS11-driver version. This obviously isn't possible for all tokens, and thus in general doesn't solve your original problem for those tokens that support PSS signatures natively, but not the raw RSA operation. But it can be helpful for those tokens that do support the raw RSA operation and expose this ability through their PKCS#11 drivers. thank you for the explanation about the CKM_RSA_X_509 mechanism. I was not aware of its meaning, and I will study it in more detail. The tokens that I have access to do provide this mechanism, so I can experiment with it. Regarding my original question, does anybody have comments whether and if so how it is possible to override methods in a EVP_PKEY_METHOD structure? Thank you. -- Stephan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?
On 17/02/2017 16:21, Stephan Mühlstrasser wrote: Am 17.02.17 um 16:09 schrieb Jakob Bohm: On 17/02/2017 15:25, Stephan Mühlstrasser wrote: Hi, we use OpenSSL 1.0.2 together with PKCS#11 tokens by plugging methods into the RSA_METHOD structure that interface with the PKCS#11 token, and this works fine so far. However, for creating RSA signatures with PSS padding this strategy doesn't work anymore, because OpenSSL wants to directly encrypt with the private key in this case, which is not possible in PKCS#11. I believe some PKCS#11 tokens can do this by using CKM_RSA_X_509 How could that work? If I understand the PKCS#11 specification correctly it is not possible in principle to use private keys for encryption via the C_EncryptInit() and C_Encrypt() functions, for the following reasons: 1) Private keys are not allowed to have the CKA_ENCRYPT attribute (see "Table 30, Common Private Key Attributes" in the PKCS#11 specification, which does not list the CKA_ENCRYPT attribute). 2) For the C_EncryptInit() to succeed the key must have the attribute CKA_ENCRYPT=true. From the PKCS#11 documentation of C_EncryptInit(): "The CKA_ENCRYPT attribute of the encryption key, which indicates whether the key supports encryption, must be CK_TRUE." Some token keys on some tokens (think e-mail decryption private keys or TLS server private keys) intentionally support decryption of a wrapped symmetric key via PKCS#11 mechanisms such as the one from PKCS1v1.5 or OAEP. The precise set of such public key operations available is given by the set of "mechanisms" enumerated by the pkcs11 driver for the individual token. One of the defined mechanisms (the one confusingly named "X509") appears to actually be the raw RSA operation, thus allowing it to be repurposed to implement any RSA scheme (such as PSS, or SHA-256 signatures) that might be missing on the token iteself. But this obviously only works for those tokens that allow this, which varies by token model, token configuration and PKCS11-driver version. This obviously isn't possible for all tokens, and thus in general doesn't solve your original problem for those tokens that support PSS signatures natively, but not the raw RSA operation. But it can be helpful for those tokens that do support the raw RSA operation and expose this ability through their PKCS#11 drivers. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?
Am 17.02.17 um 16:09 schrieb Jakob Bohm: On 17/02/2017 15:25, Stephan Mühlstrasser wrote: Hi, we use OpenSSL 1.0.2 together with PKCS#11 tokens by plugging methods into the RSA_METHOD structure that interface with the PKCS#11 token, and this works fine so far. However, for creating RSA signatures with PSS padding this strategy doesn't work anymore, because OpenSSL wants to directly encrypt with the private key in this case, which is not possible in PKCS#11. I believe some PKCS#11 tokens can do this by using CKM_RSA_X_509 How could that work? If I understand the PKCS#11 specification correctly it is not possible in principle to use private keys for encryption via the C_EncryptInit() and C_Encrypt() functions, for the following reasons: 1) Private keys are not allowed to have the CKA_ENCRYPT attribute (see "Table 30, Common Private Key Attributes" in the PKCS#11 specification, which does not list the CKA_ENCRYPT attribute). 2) For the C_EncryptInit() to succeed the key must have the attribute CKA_ENCRYPT=true. From the PKCS#11 documentation of C_EncryptInit(): "The CKA_ENCRYPT attribute of the encryption key, which indicates whether the key supports encryption, must be CK_TRUE." -- Stephan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?
On 17/02/2017 15:25, Stephan Mühlstrasser wrote: Hi, we use OpenSSL 1.0.2 together with PKCS#11 tokens by plugging methods into the RSA_METHOD structure that interface with the PKCS#11 token, and this works fine so far. However, for creating RSA signatures with PSS padding this strategy doesn't work anymore, because OpenSSL wants to directly encrypt with the private key in this case, which is not possible in PKCS#11. I believe some PKCS#11 tokens can do this by using CKM_RSA_X_509 Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?
Hi, we use OpenSSL 1.0.2 together with PKCS#11 tokens by plugging methods into the RSA_METHOD structure that interface with the PKCS#11 token, and this works fine so far. However, for creating RSA signatures with PSS padding this strategy doesn't work anymore, because OpenSSL wants to directly encrypt with the private key in this case, which is not possible in PKCS#11. Therefore my idea is to override the function pkey_rsa_sign() and plug a wrapper around it into the EVP_PKEY_METHOD structure that is associated with the EVP_PKEY_CTX to handle this special situation. The header evp.h declares the following functions among others: EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags); void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, int (*sign_init)(EVP_PKEY_CTX *ctx), int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen)); But I can't figure out how to use these functions to achieve what I want, because the following pieces seem to be missing: - Retrieve the EVP_PKEY_METHOD pointer from a EVP_PKEY_CTX pointer - Set the EVP_PKEY_METHOD pointer for a EVP_PKEY_CTX pointer - Retrieve the existing "sign_init" and "sign" function pointers from an initialized EVP_PKEY_METHOD pointer for being able to wrap them Is it possible to override methods in an EVP_PKEY_METHOD structure, or would it be necessary to implement a whole OpenSSL engine to do what I want? Thanks. -- Stephan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users