Using Cryptographic Hardware

Using Cryptographic Hardware

Crypto-C lets you enhance the security and speed of cryptographic

operations by exploiting cryptographic hardware that supplies an interface to Crypto- C via the BSAFE Hardware Application Programming Interface (BHAPI). Capabilities include a hardware algorithm method for random number generation and key token types that encapsulate RSA, DSA, and symmetric keys inside of hardware.

For an example of a hardware implementation using Crypto-C, see the Intel Security Hardware User’s Guide, available on the Crypto-C CD.

Interfacing with a BHAPI Implementation

When you Create, Set, and Init an algorithm object in a Crypto-C software application, you set an algorithm info type (AI) and the parameters required by that AI. You also choose which algorithm methods to use via the software chooser. The AI itself doesn’t perform any cryptographic operations; rather, it is used to store information, allocate space, and to create the necessary points of contact with the underlying Crypto-C functions. Figure 4-1 shows the relation between the algorithm object and the Crypto-C software library.

Alg Object

Type (AI)

Parameters

Functions

BSAFE Software Library

Figure 4-1Algorithm Object in a Software Implementation

A hardware manufacturer can associate a hardware function with a Crypto-C AM (algorithm method) and provide these methods to the software developer. You then access the hardware by using B_CreateSessionChooser to create a hardware-based chooser, for example, FIXED_HARDWARE_CHOOSER, that lists the available required hardware methods. This substitution is made at link time, and does not change once

1 3 2

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Page 154
Image 154
RSA Security 5.2.2 manual Using Cryptographic Hardware, Interfacing with a Bhapi Implementation