Creating an OpenSSL Engine to use indigenous ECDH, ECDSA and HASH Algorithms

From OpenSSLWiki
Revision as of 08:37, 9 October 2015 by Oezgan (talk | contribs) (Created page with "==Introduction== This tutorial is intended to provide an example implementation of an OpenSSL Engine such that indigenous cryptographic code for ECDSA and ECDH as well as some...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Introduction

This tutorial is intended to provide an example implementation of an OpenSSL Engine such that indigenous cryptographic code for ECDSA and ECDH as well as some sha2 family algorithms can be used in OpenSSL for different purposes.

This guide will not provide the reader with implementation of actual cryptographic primitives but only with the necessary code to embed cryptographic software into OpenSSL as an engine.

To test our implementation we will also write a program “EngineTester” to see the that our engine is actually working.

Preparations

In this tutorial is done on an (X)Ubuntu 15.04, with custom compiled OpenSSL version 1.0.2d. The GCC version is: “gcc (Ubuntu 4.9.2-10ubuntu13) 4.9.2”

Note that the OpenSSL Engine has to be written in pure C, anything C++ related causes OpenSSL not to load the Engine. You can however embed C++ code, with some tricks more on that later. Also the OpenSSL Engine is a shared library object “libXXXX.so”.

If the compiler warns with something like “implicit declaration of …” then the engine will also not work, you have to use strictly C syntax. OpenSSL Engines are stored in “/usr/lib/engines/” on the mentioned Ubuntu 15.04 System others may vary. To make it easy we create a symbolic link in this directory pointing to our output shared library. When we call our engine oezganEngine and the shared library will be liboezganEngine.so, then we create our symbolic link with: sudo ln –s ~/workspace/oezganEngine/Debug/liboezganengine.so liboezgan.so

You can also copy the compiled shared library into the “/usr/lib/engines/” directory but this should be done when the engine is ready to be deployed.You can find the OpenSSL include files in “/usr/include/openssl”.

Beginning

We will start with implementing an engine which only has its name and nothing else. The oezganEngine.c file: <source>

  1. include <openssl/engine.h>

static const char *engine_oezgan_id = "oezgan"; static const char *engine_oezgan_name = "oezgan engine by Fraunhofer FKIE"; IMPLEMENT_DYNAMIC_CHECK_FN(); IMPLEMENT_DYNAMIC_BIND_FN(bind_helper); int oezgan_init(ENGINE *e) {

   printf("Oezgan Engine Initializatzion!\n");
   return 786;

} int bind_helper(ENGINE * e, const char *id) {

   if (!ENGINE_set_id(e, engine_oezgan_id) ||
           !ENGINE_set_name(e, engine_oezgan_name) ||
           !ENGINE_set_init_function(e,oezgan_init)
   )
       return 0;
   return 1;

} </source>