[Cryptech Tech] cryptlib HAL for EIM

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue May 5 12:49:01 UTC 2015


Rob Austein <sra at hactrn.net> writes:

>A template for that would be great.

OK, I'll add it... ugh, well lets say I'll add it to the current todo list
:-).  It'll get done, but I'm currently clearing things up for a six-week trip
to Europe and don't know how much free time I'll have while I'm over there.

>Am a little unclear how I'd go about reusing things like Cryptlib's RSA key
>component generation while talking directly to the HAL.  No doubt I will find
>a way, but if there's a preferred approach, holler.

It depends on what level the HAL operates, if you look in context/kg_rsa.c
you'll see the highest-level function generateRSAkey() which then uses
generatePrime() (in context/kg_prime.c) which in turn uses primeProbable()
(just a standard Miller-Rabin test) and below that the calls are to bignum
primitives.  So the idea would be to replace operations up to the highest
level possible with stuff in the HAL.  If you can do a full generateRSAkey()
then that could be done entirely in hw_dummy.c without having to use any of
the code from kg_rsa/kg_prime.c.

>The other packages I've looked at so far were SoftHSMv2, which has already
>been discussed and nixed, and the MuscleCard package (
>http://pkcs11.sourceforge.net) which is really just a skeleton containing
>stuff that falls directly out of the specification (guess the muscle is
>elsewhere).

This one is privately written, i.e. someone was paid to deal with all the
complexity (I don't want to call it suckage since it's a reasonably nice
design, it just leads to horribly complex implementation requirements).

>For now I'll press on with what I have, since I understand its internals and
>it's well enough along that at least a toy DNSSEC signer can produce what
>look like valid RSA DNSSEC signatures with it.

OK.

Peter.


More information about the Tech mailing list