[gnutls-help] Using GnuTLS with an HSM

Fri Jul 19 10:02:52 CEST 2013

On 07/17/2013 09:18 PM, Horst Freiburger wrote:

> Today i analysed this flow-chart a secound time and it seems to be
> like the standard-tls-handshake (except the thing with the HSM). The
> HSM has to do 5 steps in this handshake: 1. generate the random
> number ("ClientHello" - this step is solved with
> gnutls_handshake_set_random())

> 2. generate a Client-DH-EC-keypair for the DH-key-exchange while the
> handshake ("ClientKeyExchange")

For that you'll need to modify gnutls to add a hook for generating
a private-public key pair, rather than calling gnutls_pk_generate().

> 3. calculate the pre-master-secret with the private Client-DH-Key and
> the public Server-DH-Key

This is also done by gnutls itself, so modification via a hook will be
needed.

> 4. calculate the signature of the All-Clients-Messages-Hash

This can be done using either the PKCS #11 API or use a private key that
is imported using gnutls_privkey_import_ext2().

> 5. verify the signature of the All-Servers-Message-Hash

This is also not supported. Another hook will be required there, or
better something like gnutls_pubkey_import_ext2() that would allow
importing a "virtual" public key that provides the verification
operation similarly to gnutls_privkey_import_ext2().

> Is there a way (except of direct changing the sourcecode) to
> manipulate the gnutls_handshake()? (Something like overwriting the
> whole handshake with my own functions, where i can call the
> security-module-things. 

Not really. The security module you're working on, is a bit particular
and requires much more than any supported modules.

However, if you make the hooks and can be used in a generic way there
will be no problem including them in a future release.

> Or to redirect the relevant function-calls in
> the real gnutls_handshake() to my functions) The HSM for TR-03109
> doesn't exist neither. So i want to do something like write this
> function-prototypes in my program: RANDOMUMBER
> hsm_generate_randomnumber (); (for step 1) DH_CLIENT_PUBKEY
> hsm_generate_dhec_keypair (); (for step 2) DH_PMS hsm_generate_pms
> (DH_SERVER_PUBKEY); (for step 3) SIG hsm_generate_signature (HASH);
> (for step 4) BOOL hsm_verify_signature (HASH, SIGNATURE); (for step
> 5) The Prototypes may differ in the final version. Just an example.
> An example: In the sourcode of lib\gnutls_handhshake.c in the
> function static int_gnutls_send_client_hello (gnutls_session_t
> session, int again) something like this happenens when called: 
> if(funktionPointerToHsm_generate_randomnumber != NULL) { // call
> function and get the random number from there } else { // do the
> normal way and calculate the random number with the gnutls functions 
> }

While you could directly modify gnutls for your purpose, doing things in
a more generic way (i.e., hooks), would allow that to be included in a
future version and thus you'll be able to upgrade to a future gnutls
version.

> I read that you added a gnutls_handshake_set_hook_function() to
> GNUTLS. Maybe that is the right thing for my problem and that does
> exactly what i discribed above. But i'm not familiar with the
> gnutls_handshake_set_hook_function()-function yet. (Just startet with
> GNUTLS 3 days ago). ;)

The set_hook_function() provides a call to the "hook" function after or
before a handshake message has been received. That is probably not what
you want.

best regards,
Nikos