15

First of all, I'm a beginner in the OpenSSL world. I apologize in advance for any basic, barbaric errors.

Consider a flow:

  1. Initialize OpenSSL with engine using hardware (let's call it EngineHW).
  2. Call an OpenSSL function, e.g. X509_sign.

How to check if the function called was performed on the hardware?

How to verify the EngineHW function was called? What if the function is not defined by EngineHW - will OpenSSL fallback to any default engine it has?

The question is related to asserting quality - since I've got the hardware to do crypto for me, I consider using software a regression (at least for the important functions).

hauron
  • 4,550
  • 5
  • 35
  • 52
  • Are you hinting at [command line use](http://superuser.com)? – Maarten Bodewes Sep 08 '14 at 15:49
  • I'm hinting at any solution :( can be via API calls from the code linking statically, dynamically, even rebuilding OpenSSL if it helps. – hauron Sep 09 '14 at 07:21
  • 1
    The most easy way of checking is of course making sure that the private or secret key is never leaving the HSM, although I must admit that's not the same thing as a log. You may be better off checking your HSM documentation (if applicable, smart cards may not log much). – Maarten Bodewes Sep 09 '14 at 07:53
  • owlstead, thank you for the comments, I did test some crypto flows using keys on HSM, and those indeed never export the keys outside of HSM, hence I'm sure they work. But what with actions not needing a key? Like cert verification, hash functions, random, etc... I'll look into OpenSSL, my engine, my driver, my driver documentations – hauron Sep 09 '14 at 08:23
  • Yeah, I could see how that is tricky. I would take a quick look at the top level source code to see if anything is logged. It would of course be helpful if the engine itself logs as well. I can only vote up at this point. – Maarten Bodewes Sep 09 '14 at 08:55
  • Thank you, every little helps :) – hauron Sep 09 '14 at 09:24
  • Darnit there goes another 200 points. I'm quitting with this bounty stuff. Bounty's for other peoples questions should remain valid. – Maarten Bodewes Aug 08 '15 at 21:30

1 Answers1

1

Not sure what the purpose of this is. Are you testing that OpenSSL works or are you testing your own code? It seems you want to do regression testing of OpenSSL and HSM?

However, if you want to test if X509_sign works then remove all software/disk based keys from the test system and check if you can sign something. If you get a valid signature you can be sure it comes from your HSM. If you get null back, it is not. OpenSSL doesn't fallback to a different sign function and even if it did, it can't sign since it needs a key to sign. Hope that answered your question.

Mag
  • 146
  • 1
  • 13
  • Mag: Thank you for the answer. This would work in some cases, where the key is needed to be present in hardware, but that's hardly enough. Even rand (being a step in signing) not delegated to hardware could hurt whatever secret safety... I've found the only sure way is to break the HSM connectivity and test - all functions one by one, or reverse engineer the crypto engine. – hauron Sep 30 '15 at 14:41