Maurice Gittens wrote:
>
> Hi,
>
> working on the implemention of a driver for a hardware crypto device I've
> encountered a little problem.
>
> The prototype for the RSA sign method in the openssl engine code contains a
> type argument
> which specifies the type of signature to be generated.
>
> int rsa_sign(int type, unsigned char *m, unsigned int m_len,
> unsigned char *sigret, unsigned int *siglen, RSA *rsa)
>
> My questions are:
> 1. How can I find out more about the types of signatures I will need to
> generate in the driver?
> 2. Is the data supplied to the sign function encoded in some special way?
>
You may not need to implement rsa_sign() at all depending on the
capabilities of your hardware.
If your hardware just supports math acceleration that rsa_mod_exp() will
handle private key operations, provided you copy the relevant fields
from the software RSA_METHOD.
Alteratively you can implement rsa_private_encrypt() if your hardware
supports internal signing and formatting of data using PKCS#1.
You need to support rsa_sign() if your hardware only supports signing of
digests and not arbirary data.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
