Using Cryptographic Hardware

surrender context (private key operations are more susceptible to a timing attack when you use a surrender context, for instance), you must pass in NULL_PTR. If you want one operation to use a surrender context and another not to, you must create two choosers.

When, later on, you call the Crypto-C function that will actually call down to the token (such as B_GenerateKeypair or B_SignFinal), Crypto-C will ignore any surrenderContext argument you pass at that time. PKCS #11 does not allow you to have a surrender context associated with an individual function.

Suppose we were going to sign with the private key created.

B_ALGORITHM_METHOD *RSA_SIGN_HW_CHOOSER[] = { &AM_MD5,

(B_ALGORITHM_METHOD *)&AM_PKCS11_RSA_PRIVATE_SIGN, (B_ALGORITHM_METHOD *)NULL_PTR

};

B_ALGORITHM_METHOD *RSA_SIGN_SW_CHOOSER[] = { &AM_RSA_CRT_ENCRYPT, (B_ALGORITHM_METHOD *)NULL_PTR

};

B_ALGORITHM_CHOOSER *hwChooserSign = (B_ALGORITHM_CHOOSER)NULL_PTR;

if ((status = B_CreateHardwareChooser (RSA_SIGN_HW_CHOOSER, &hwChooserSign, RSA_SIGN_SW_CHOOSER, HI_PKCS11Session, (POINTER)&p11Session)) != 0)

break;

We are passing in the same B_PKCS11_SESSION struct. This time, though, it has a sessionHandle and a pointer to the cryptokiFunctions (set by Crypto-C during the last call to B_CreateHardwareChooser) Now, Crypto-C will not load the library, initialize or create a session. We could have reset the sessionHandle field to 0 but leave the cryptokiFunctions field to the address given. In that case, Crypto-C would have used the same token, but created a new session.

Both the generating chooser (hwChooserGen) and the signing chooser (hwChooserSign) must be destroyed later. You should destroy choosers in the reverse order that they were created. It will not be necessary in every situation, but there can be cases when it is required. So it is simply a good idea always to destroy them in reverse order.

In both choosers, we have software backups. That is, if Crypto-C cannot create the hardware chooser (for example, if the token is not in its slot), it will examine the software replacement argument and see if there is a suitable AM in that array. If you

C h a p t e r 4 U s i n g C r y p t o - C

1 3 7

Page 159
Image 159
RSA Security 5.2.2 manual Balgorithmmethod *RSASIGNHWCHOOSER = &AMMD5