The current ossl_engine is broken and cannot be build. It depends on mcr_api_resilient (which does not exist in our code base) and uses API types that have been refactored into azihsm_api.
I'd like to propose rewriting the engine from scratch and adding the code back in piece-by-piece where we can. I'm thinking of the following structure:
openssl-sys-engine - Raw FFI bindings via bindgen against the OpenSSL 1.1.x headersopenssl-engine - Generic rust abstractions over the ENGINE API: wrapper, error queue integration, typed ex_dataengine - That's the actual azihsm_engine
As a first step I'd like to bring in the bare minimum skeleton to run openssl engine -t in order to loads the skeleton. No interaction what so ever. Then I'd like to add in the following pieces one at a time:
- Key Loading - The engine itself does not support OSSL_STORE or anything like that. However I'd like to stick to the URI we defined for the provider. We need to bring this into the
ossl_engine.
- EC keygen / sign
- RSA (Sign, Decrypt)
- ECDH
- AES ciphers
- Digests & HMAC
- HKDF
- Engine Controls i.e. Key import, delete, attest command
- Resiliency
Not all commands can be fully tested with the CLI - so we will need a mixture of CLI and API tests (again). I also like to pick up what we already did in the old engine code. We have to look into what can be brought over and what not.
Also I'd like to discuss a design decision here:
- Method duplication: Do we want/need that also public key operations go through the library? In theory we could only overwrite private key operations i.e. sign and keep the verify in OpenSSL. We can export the pubkey so no communication is needed anymore with the azihsm. However if we want to keep everything
The current
ossl_engineis broken and cannot be build. It depends onmcr_api_resilient(which does not exist in our code base) and uses API types that have been refactored intoazihsm_api.I'd like to propose rewriting the engine from scratch and adding the code back in piece-by-piece where we can. I'm thinking of the following structure:
openssl-sys-engine- Raw FFI bindings via bindgen against the OpenSSL 1.1.x headersopenssl-engine- Generic rust abstractions over the ENGINE API: wrapper, error queue integration, typedex_dataengine- That's the actualazihsm_engineAs a first step I'd like to bring in the bare minimum skeleton to run
openssl engine -tin order to loads the skeleton. No interaction what so ever. Then I'd like to add in the following pieces one at a time:ossl_engine.Not all commands can be fully tested with the CLI - so we will need a mixture of CLI and API tests (again). I also like to pick up what we already did in the old engine code. We have to look into what can be brought over and what not.
Also I'd like to discuss a design decision here: