Re: RSA and DES encryption and decryption with C++ on Windows

[Dr Paul Dale]

Thanks Matthias, that's exactly what I did.  Too many repositories :)

Pauli



On 12/4/22 05:24, Dr. Matthias St. Pierre wrote:


Pauli accidentally posted a link to our internal repository. You can 
jost replace githuib.openssl.org by github.com:


https://github.com/openssl/openssl/tree/master/demos/encrypt

Matthias

*From:*openssl-users  *On Behalf Of 
*John Alway

*Sent:* Monday, April 11, 2022 7:06 PM
*Cc:* openssl-users@openssl.org
*Subject:* Re: RSA and DES encryption and decryption with C++ on Windows

Pauli,

Thanks for the link, but apparently that code requires having an 
account to view it.


However, I've passed the information from this thread onto the guy I'm 
working with and he's going to reevaluate what he wants to do.


Regards,

...John





Virus-free. www.avg.com 
 



On Sun, Apr 10, 2022 at 5:52 PM Dr Paul Dale  wrote:

Have a look in the demos/encrypt folder:
https://github.openssl.org/openssl/openssl/tree/master/demos/encrypt

There has been an amount of effort put into updating these for 3.0
& later.  There is more to do.


Pauli

On 10/4/22 23:50, Kenneth Goldman wrote:

Anyway, I'm trying to encrypt/decrypt using RSA and DES
schemes.  I've tried some of the older code examples I could
find, but some of the functions weren't recognized by my
header files.

[kgold] You cannot encrypt long streams with RSA.  DES is
deprecated.

Can anyone help me with this?  I want to encrypt fairly long
strings.  A few hundred bytes or so.   Maybe longer.  If I can
do a continuous stream of blocks that would be great, as well.

*//*

[kgold] Post a short example that did not work.

RE: RSA and DES encryption and decryption with C++ on Windows

[Dr. Matthias St. Pierre]

Pauli accidentally posted a link to our internal repository. You can jost 
replace githuib.openssl.org by github.com:


https://github.com/openssl/openssl/tree/master/demos/encrypt


Matthias


From: openssl-users  On Behalf Of John Alway
Sent: Monday, April 11, 2022 7:06 PM
Cc: openssl-users@openssl.org
Subject: Re: RSA and DES encryption and decryption with C++ on Windows

Pauli,

Thanks for the link, but apparently that code requires having an account to 
view it.

However, I've passed the information from this thread onto the guy I'm working 
with and he's going to reevaluate what he wants to do.

Regards,
...John

[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png]

Virus-free. 
www.avg.com


On Sun, Apr 10, 2022 at 5:52 PM Dr Paul Dale 
mailto:pa...@openssl.org>> wrote:
Have a look in the demos/encrypt folder: 
https://github.openssl.org/openssl/openssl/tree/master/demos/encrypt

There has been an amount of effort put into updating these for 3.0 & later.  
There is more to do.


Pauli
On 10/4/22 23:50, Kenneth Goldman wrote:

Anyway, I'm trying to encrypt/decrypt using RSA and DES schemes.  I've tried 
some of the older code examples I could find, but some of the functions weren't 
recognized by my header files.
[kgold] You cannot encrypt long streams with RSA.  DES is deprecated.

Can anyone help me with this?  I want to encrypt fairly long strings.  A few 
hundred bytes or so.   Maybe longer.  If I can do a continuous stream of blocks 
that would be great, as well.


[kgold] Post a short example that did not work.







smime.p7s
Description: S/MIME cryptographic signature

Re: RSA and DES encryption and decryption with C++ on Windows

[John Alway]

Pauli,

Thanks for the link, but apparently that code requires having an account to
view it.

However, I've passed the information from this thread onto the guy I'm
working with and he's going to reevaluate what he wants to do.

Regards,
...John


Virus-free.
www.avg.com

<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

On Sun, Apr 10, 2022 at 5:52 PM Dr Paul Dale  wrote:

> Have a look in the demos/encrypt folder:
> https://github.openssl.org/openssl/openssl/tree/master/demos/encrypt
>
> There has been an amount of effort put into updating these for 3.0 &
> later.  There is more to do.
>
>
> Pauli
>
> On 10/4/22 23:50, Kenneth Goldman wrote:
>
>
>
> Anyway, I'm trying to encrypt/decrypt using RSA and DES schemes.  I've
> tried some of the older code examples I could find, but some of the
> functions weren't recognized by my header files.
>
> [kgold] You cannot encrypt long streams with RSA.  DES is deprecated.
>
>
>
> Can anyone help me with this?  I want to encrypt fairly long strings.  A
> few hundred bytes or so.   Maybe longer.  If I can do a continuous stream
> of blocks that would be great, as well.
>
>
>
>
>
> [kgold] Post a short example that did not work.
>
>
>
>
>
>
>
>
>
>
>

Re: Is there a simple implementation of hooking external private key with openssl-3.0 API?

[Matt Caswell]

On 11/04/2022 16:53, Alon Bar-Lev wrote:

On Mon, Apr 11, 2022 at 11:52 AM Matt Caswell  wrote:




On 10/04/2022 19:18, Alon Bar-Lev wrote:

Hello,

I am trying to migrate to openssl-3.0 API, it seems to be very
complicated to hook primitive private key usage to a custom function.
This is required, for example, to use private keys that reside on
hardware devices or when an application wishes to externalize private
key operations to other programs using IPC.

I hope I am wrong but it seems like an entirely new provider must be
implemented with complete reimplementation of the default providers,
including serialization, padding etc... While in openssl-0/1 it was
quite easy.



You will need to implement a provider, and include a key manager plus an
implementation of whatever operations you want to support, e.g.
signature or asymcipher. Typically where a private key resides on a
hardware device then you don't need to support
serialization/deserialization because the keys can't be
serialized/deserialized anyway. If you do want to support that then the
key manager just needs to be able to import or export keys using the
standard parameters for the algorithm and it will automatically be able
to use the default provider's encoders and decoders. Support for key
generation is also probably optional. You would need to support any
padding that you need - that's considered part of the low level
algorithm implementation.



Thank you Matt,
I am aware I can implement new three providers from scratch.
However, I was hopping you will show me a way to cascade the existing
providers just like we have done in the past with the RSA_METHOD.


It is actually technically possible to cascade providers. There is an 
example of this happening in the test code. We have a filter provider 
which "wraps" the default provider and modifies its behaviour. See:


https://github.com/openssl/openssl/blob/master/test/filterprov.c

However, I'm not sure that it helps you in this particular instance.

We also have instances of "composite" algorithms, e.g. where a high 
level algorithm makes use of some other low level algorithm (consider a 
DigestSign operation which uses RSA for signing, but also uses some 
digest algorithm as part of its work).




I would like the exact behavior of the existing providers while
overriding the low level RSA operations.


The problem is that we don't currently expose the low level RSA 
operations as provider operations. Feasibly we could have two RSA 
implementations - a "low" level one and a "high" level one, where the 
high level one does all padding etc, and the "low" level one does the 
actual raw RSA work. The high level one could then call the low level 
one. If we had that then it would probably be feasible for you to hook 
in an alternative implementation for just the low level pieces.


That would require some refactoring though.



Are you opened for a discussion for improving this?


Absolutely. I'd suggest you raise an issue on github to discuss it.

I'm sure someone else raised a similar issue some while ago and we had 
some similar discussions, but I've gone searching for it and couldn't 
find it. I did come across this issue though which touches on some 
similar topics:


https://github.com/openssl/openssl/issues/17187

Matt





[1] https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/xkey_provider.c
[2] https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/xkey_helper.c




I wrote a testcase program using openssl-1 APIs[1] which also works
using openssl-3, in this testcase I prepare a new RSA method based on
the default method, hook the private operations and then hook the RSA
object to use the custom method.

I am looking for a way to implement the __hook_evp_pkey function in
openssl-3 api, so that when a private key operation is executed on the
EVP_PKEY or EVP_PKEY_CTX a custom callback will be executed while
public key operation continue to be executed normally.

While looking into the existing RSA providers I can see that the
providers continue to use the deprecated RSA_* functions with the
following comment:

  /*
   * RSA low level APIs are deprecated for public use, but still ok for
   * internal use.
   */

This is exactly what I need... :) To have the RSA low level API be
redirected back to the application so that I can enjoy the default
implementation of signature/rsa_sig.c padding etc while being able to
override the private encrypt. But these low level functions are hidden
from the user.


As the comment says, RSA low level APIs are deprecated. Deprecated does
*not* mean removed. So you can still use them for now, although expect
them to be removed from some future version of OpenSSL.


Marking deprecated APIs is announcing your intentions and gives enough
time for everyone to workout the gaps (if any).
I believe there is a gap which will introduce a great burden for
developers in the existing design, I would like to work with you to
reach similar 

Re: Is there a simple implementation of hooking external private key with openssl-3.0 API?

[Alon Bar-Lev]

On Mon, Apr 11, 2022 at 11:52 AM Matt Caswell  wrote:
>
>
>
> On 10/04/2022 19:18, Alon Bar-Lev wrote:
> > Hello,
> >
> > I am trying to migrate to openssl-3.0 API, it seems to be very
> > complicated to hook primitive private key usage to a custom function.
> > This is required, for example, to use private keys that reside on
> > hardware devices or when an application wishes to externalize private
> > key operations to other programs using IPC.
> >
> > I hope I am wrong but it seems like an entirely new provider must be
> > implemented with complete reimplementation of the default providers,
> > including serialization, padding etc... While in openssl-0/1 it was
> > quite easy.
> >
>
> You will need to implement a provider, and include a key manager plus an
> implementation of whatever operations you want to support, e.g.
> signature or asymcipher. Typically where a private key resides on a
> hardware device then you don't need to support
> serialization/deserialization because the keys can't be
> serialized/deserialized anyway. If you do want to support that then the
> key manager just needs to be able to import or export keys using the
> standard parameters for the algorithm and it will automatically be able
> to use the default provider's encoders and decoders. Support for key
> generation is also probably optional. You would need to support any
> padding that you need - that's considered part of the low level
> algorithm implementation.
>

Thank you Matt,
I am aware I can implement new three providers from scratch.
However, I was hopping you will show me a way to cascade the existing
providers just like we have done in the past with the RSA_METHOD.
I would like the exact behavior of the existing providers while
overriding the low level RSA operations.
Even if I would implement an entirely new provider I guess I need to
keep using deprecated low level RSA_* functions for the public key
part.
OpenVPN had brute forced this[1][2] in about 1500 lines of code of
what used to be about 120 lines of code.

I would like to raise my concern that this openssl-3.0 provider
interface may need some improvement to allow easier integration,
similar to what we had in openssl since about ever.

Are you opened for a discussion for improving this?

[1] https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/xkey_provider.c
[2] https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/xkey_helper.c

>
> > I wrote a testcase program using openssl-1 APIs[1] which also works
> > using openssl-3, in this testcase I prepare a new RSA method based on
> > the default method, hook the private operations and then hook the RSA
> > object to use the custom method.
> >
> > I am looking for a way to implement the __hook_evp_pkey function in
> > openssl-3 api, so that when a private key operation is executed on the
> > EVP_PKEY or EVP_PKEY_CTX a custom callback will be executed while
> > public key operation continue to be executed normally.
> >
> > While looking into the existing RSA providers I can see that the
> > providers continue to use the deprecated RSA_* functions with the
> > following comment:
> >
> >  /*
> >   * RSA low level APIs are deprecated for public use, but still ok for
> >   * internal use.
> >   */
> >
> > This is exactly what I need... :) To have the RSA low level API be
> > redirected back to the application so that I can enjoy the default
> > implementation of signature/rsa_sig.c padding etc while being able to
> > override the private encrypt. But these low level functions are hidden
> > from the user.
>
> As the comment says, RSA low level APIs are deprecated. Deprecated does
> *not* mean removed. So you can still use them for now, although expect
> them to be removed from some future version of OpenSSL.

Marking deprecated APIs is announcing your intentions and gives enough
time for everyone to workout the gaps (if any).
I believe there is a gap which will introduce a great burden for
developers in the existing design, I would like to work with you to
reach similar solution we had in prior openssl versions by leveraging
the current provider approach and create a reference implementation
similar to what I've provided.
If I understand the design correctly the missing bits are the ability
to cascade a provider and access low level primitives, maybe as its
own provider.

> Matt
>

Thanks,
Alon

> >
> > Can anyone help us to create a testcase of openssl-3? This will help
> > many applications such as opensc/libp11 opensc/pkcs11-helper openvpn
> > and probably more.
> >
> > For your convenience, you may find the program here[1].
> >
> > Regards,
> > Alon Bar-Lev
> >
> > [1] https://github.com/alonbl/openssl-external/blob/master/example.c
> >
> > ---
> >
> > #include 
> > #include 
> > #include 
> > #include 
> > #include 
> > #include 
> >
> > static RSA_METHOD *__example_rsa_method;
> > static int __example_rsa_index;
> >
> > static int __example_rsa_priv_enc(int flen, const unsigned char 

Re: Is there a simple implementation of hooking external private key with openssl-3.0 API?

[Matt Caswell]

On 10/04/2022 19:18, Alon Bar-Lev wrote:

Hello,

I am trying to migrate to openssl-3.0 API, it seems to be very
complicated to hook primitive private key usage to a custom function.
This is required, for example, to use private keys that reside on
hardware devices or when an application wishes to externalize private
key operations to other programs using IPC.

I hope I am wrong but it seems like an entirely new provider must be
implemented with complete reimplementation of the default providers,
including serialization, padding etc... While in openssl-0/1 it was
quite easy.



You will need to implement a provider, and include a key manager plus an 
implementation of whatever operations you want to support, e.g. 
signature or asymcipher. Typically where a private key resides on a 
hardware device then you don't need to support 
serialization/deserialization because the keys can't be 
serialized/deserialized anyway. If you do want to support that then the 
key manager just needs to be able to import or export keys using the 
standard parameters for the algorithm and it will automatically be able 
to use the default provider's encoders and decoders. Support for key 
generation is also probably optional. You would need to support any 
padding that you need - that's considered part of the low level 
algorithm implementation.







I wrote a testcase program using openssl-1 APIs[1] which also works
using openssl-3, in this testcase I prepare a new RSA method based on
the default method, hook the private operations and then hook the RSA
object to use the custom method.

I am looking for a way to implement the __hook_evp_pkey function in
openssl-3 api, so that when a private key operation is executed on the
EVP_PKEY or EVP_PKEY_CTX a custom callback will be executed while
public key operation continue to be executed normally.

While looking into the existing RSA providers I can see that the
providers continue to use the deprecated RSA_* functions with the
following comment:

 /*
  * RSA low level APIs are deprecated for public use, but still ok for
  * internal use.
  */

This is exactly what I need... :) To have the RSA low level API be
redirected back to the application so that I can enjoy the default
implementation of signature/rsa_sig.c padding etc while being able to
override the private encrypt. But these low level functions are hidden
from the user.


As the comment says, RSA low level APIs are deprecated. Deprecated does 
*not* mean removed. So you can still use them for now, although expect 
them to be removed from some future version of OpenSSL.


Matt




Can anyone help us to create a testcase of openssl-3? This will help
many applications such as opensc/libp11 opensc/pkcs11-helper openvpn
and probably more.

For your convenience, you may find the program here[1].

Regards,
Alon Bar-Lev

[1] https://github.com/alonbl/openssl-external/blob/master/example.c

---

#include 
#include 
#include 
#include 
#include 
#include 

static RSA_METHOD *__example_rsa_method;
static int __example_rsa_index;

static int __example_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
 const RSA_METHOD *rsa_method = NULL;
 int ret = -1;

 if ((rsa_method = RSA_get_method(rsa)) == NULL) {
 goto cleanup;
 }

 /*
  * Do it.
  */
 printf("ENCRYPT\n");
 memset(to, 0, flen);
 ret = 1;

cleanup:

 return ret;
}

static int __example_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
 const RSA_METHOD *rsa_method = NULL;
 int ret = -1;

 if ((rsa_method = RSA_get_method(rsa)) == NULL) {
 goto cleanup;
 }

 /*
  * Do it.
  */
 printf("DECRYPT\n");
 memset(to, 0, flen);
 ret = 1;

cleanup:

 return ret;
}


static int __prepare_method(void) {
 int ret = 0;

 if ((__example_rsa_method =
RSA_meth_dup(RSA_get_default_method())) == NULL) {
 goto cleanup;
 }

 if (!RSA_meth_set1_name(__example_rsa_method, "example")) {
 goto cleanup;
 }

 if (!RSA_meth_set_priv_dec(__example_rsa_method, __example_rsa_priv_dec)) {
 goto cleanup;
 }

 if (!RSA_meth_set_priv_enc(__example_rsa_method, __example_rsa_priv_enc)) {
 goto cleanup;
 }

 if ((__example_rsa_index = RSA_get_ex_new_index(0, "example",
NULL, NULL, NULL)) == -1) {
 goto cleanup;
 }

 ret = 1;

cleanup:

 return ret;
}

static int __free_method(void) {
 RSA_meth_free(__example_rsa_method);
}

static int __hook_evp_pkey(EVP_PKEY *evp_pkey) {

 RSA *rsa = NULL;
 int ret = 0;

 /*
  * Hook private key methods
  */

 if (EVP_PKEY_id(evp_pkey) != EVP_PKEY_RSA) {
 goto cleanup;
 }

 if ((rsa = EVP_PKEY_get1_RSA(evp_pkey)) == NULL) {
 goto cleanup;
 }

 if (!RSA_set_method(rsa, __example_rsa_method)) {