• Registered: 2013-01-15
  • Posts: 3

Topic: How can i get the exponent and modulus of RSA public key with wolSSL?

the following is part of  my project , is it possible to get  both local and peer  rsa public key's modulus and exponent using wolfssl 2.4.6? i found it some functions are empty, not implemented,i need to get the above modules and exponents to digest using sha256......thank you  ~

void modulus_and_exponent(CYASSL_X509 *cert, uint8_t *acExponentBuf,
        uint8_t *acModulusBuf, int *elen, int *mlen)
{
    CYASSL_EVP_PKEY *pkey = CyaSSL_X509_get_pubkey(cert);
    CYASSL_RSA *rsa_public_key = NULL;
    rsa_public_key = CyaSSL_EVP_PKEY_get1_RSA(pkey);
    if (rsa_public_key != NULL)
    {
        *elen = CyaSSL_BN_bn2bin(rsa_public_key->e,acExponentBuf);
        *mlen = CyaSSL_BN_bn2bin(rsa_public_key->n,acModulusBuf);
    }
    else
    {
        printf("rsa_public_key==NULL!");
    }
}


int GetAlpha(uint8_t nonce, CYASSL *ssl, uint8_t *FinalDigestValue)
{
#define SHA_256_MAX 1024

    EVP_MD_CTX *mdctx;
    const EVP_MD *md;

    //get both modules and exponents
    CYASSL_X509 *LocalCert, *PeerCert;
    uint8_t acLocalExponentBuf[128] =
    { 0 };
    uint8_t acLocalModulusBuf[2048] =
    { 0 };
    uint8_t acPeerExponentBuf[128] =
    { 0 };
    uint8_t acPeerModulusBuf[2048] =
    { 0 };

    PeerCert = CyaSSL_get_peer_certificate(ssl);
    LocalCert = CyaSSL_get_certificate(ssl);

    /***********/
    int elenLoc,mlenLoc;
    int elenPeer,mlenPeer;
    /*************/
    modulus_and_exponent(LocalCert, acLocalExponentBuf, acLocalModulusBuf,&elenLoc, &mlenLoc);
    modulus_and_exponent(PeerCert, acPeerExponentBuf, acPeerModulusBuf, &elenPeer, &mlenPeer);

   
    /***********/
    RemoveLeadingNullBytes(acLocalExponentBuf,&elenLoc);
    RemoveLeadingNullBytes(acLocalModulusBuf,&mlenLoc);
    RemoveLeadingNullBytes(acPeerExponentBuf,&elenPeer);
    RemoveLeadingNullBytes(acPeerModulusBuf,&mlenPeer);
    /***********/
   

    Sha256 hash;
    byte   digest[SHA256_DIGEST_SIZE];
    double start, total, persec;

    InitSha256(&hash);

    Sha256Update(&hash, acPeerModulusBuf, mlenPeer);
    Sha256Update(&hash, acPeerExponentBuf, elenPeer);
    Sha256Update(&hash, acLocalModulusBuf, mlenLoc);
    Sha256Update(&hash, acLocalExponentBuf, elenLoc);
    Sha256Update(&hash, &nonce, 1);

    Sha256Final(&hash, digest);

    strncpy(FinalDigestValue, digest, 1);

    return SHA256_DIGEST_SIZE;
}

Share

  • Registered: 2013-01-15
  • Posts: 3

Re: How can i get the exponent and modulus of RSA public key with wolSSL?

i just wonder if wolfssl embedded ssl has these related functions? Any help will be appriciated.......... smile

Share

  • Registered: 2013-01-15
  • Posts: 3

Re: How can i get the exponent and modulus of RSA public key with wolSSL?

Many of the empty functions you are seeing are part of the wolfSSL OpenSSL compatibility layer.  Our compatibility layer is designed to make it easier to port applications which had previously used OpenSSL over to wolfSSL.  The layer is always evolving and many of the functions are just stubs (as wolfSSL hasn't needed those functions yet).


It is possible to get both the local and peer public RSA key modulus and exponent using wolfSSL.  This can be done in the following manner:




1)  Getting the peer's public RSA key modulus and exponent


a) Use wolfSSL_get_peer_certificate() to get a pointer to the peer's CYASSL_X509 object.


b) Use CyaSSL_X509_get_der() to get the peer's certificate as a DER-encoded byte array


c) Use InitDecodedCert() to initialize a DecodedCert object with the DER-encoded certificate from step b).


d) Use ParseCert() to process the DecodedCert object.  For an example of InitDecodedCert() and ParseCert(), take a look at <cyassl_root>/ctaocrypt/test/test.c in the rsa_test() function.


e) Use RsaPublicKeyDecode() with cert.publicKey and cert.pubKeySize to create a RsaKey object, where "cert" is your DecodedCert from step d).


f) At this point, you will have a RsaKey object for the peer.  Lets call this RsaKey object "peerKey" to make things easy.  This object contains all the information specific to the public RSA key of the peer.  You can use mp_to_unsigned_bin() and mp_unsigned_bin_size() with peerKey.n (modulus) and peerKey.e (exponent) to get their sizes and convert them from a mp_int datatype into a byte array.




2)  Getting the local public RSA key modulus and exponent from a certificate file (client-cert.der).


a) After you have loaded the DER-formatted certificate into a buffer, you can follow the same steps as above, starting with step c).  Use InitDecodedCert() to initialize a DecodedCert object with the DER-encoded certificate.


b) Use ParseCert() to process the DecodedCert object.  For an example of InitDecodedCert() and ParseCert(), take a look at <cyassl_root>/ctaocrypt/test/test.c in the rsa_test() function.


c) Use RsaPublicKeyDecode() with cert.publicKey and cert.pubKeySize to create a RsaKey object, where "cert" is your DecodedCert from step b).


d) At this point, you will have a RsaKey object for the local certificate.  Lets call this RsaKey object "localKey" to make things easy.  This object contains all the information specific to the local public RSA key.  You can use mp_to_unsigned_bin() and mp_unsigned_bin_size() with localKey.n (modulus) and localKey.e (exponent) to get their sizes and convert them from a mp_int datatype into a byte array.




In order to access the InitDecodedCert() and ParseCert() functions, you'll need to build wolfSSL embedded ssl with the CYASSL_TEST_CERT define.  You'll also need to build in integer.c to your code to gain access to the mp_* functions.  Let me know if you have any problems or additional questions.


Best Regards,


the above is chris's answer which already help me to solve the problem, thanks all!

Share