System Considerations In Crypto-C
118 RSA BSAFE Crypto-C Developer’s Guide
description of AI_X962Random_V0 instead of AI_SHA1Random:
Note: The previous algorithm chooser lists AM_RSA_CRT_DECRYPT. This AM will
not perform blinding (see “Timing Attacks and Blinding” on page95). If you
want your application to perform blinding, use
AM_RSA_CRT_ENCRYPT_BLIND or AM_RSA_CRT_DECRYPT_BLIND.
The Surrender ContextSome Crypto-C functions are time-consuming. When an application calls one of these
functions, it can appear as if the computer has crashed or frozen. A lengthy Crypto-C
function can tie up the computer, forcing other applications or programs to wait until
the Crypto-C function is finished to continue their execution. The surrender context is
a way for an application to allow Crypto-C to surrender control.
In general, it is a good idea to include a surrender context whenever a function takes
several seconds to execute. The following functions are extremely time-consuming:
•Functions for parameter generation
•Functions for key generation
•Functions for creating acceleration tables
Other functions are less time-consuming and might not need a surrender context in
your application. These include many of the block-cipher and stream-cipher
symmetric-key operations as well as message digests.
Note: Using a surrender context with private-key operations (such as signing or
opening a digital envelope) makes your key more susceptible to a timing
attack. You may want to pass in a NULL surrender context for private key
operations for security reasons.
The surrender context information is contained in an A_SURRENDER_CTX structure. The
file aglobal.h gives the definition; this is described in Chapter 1 of the Reference
Manual:
B_ALGORITHM_METHOD *RSA_SAMPLE_CHOOSER[] = {
&AM_SHA_RANDOM,
&AM_RSA_KEY_GEN,
&AM_RSA_ENCRYPT,
&AM_RSA_CRT_DECRYPT,
(B_ALGORITHM_METHOD *)NULL_PTR
};