Manuals / RSA Security / TV and Video / Projection Television

RSA Security 5.2.2 manual Using Cryptographic Hardware

Models: 5.2.2

1 376

Download 376 pages 13.91 Kb

Page 160

Using Cryptographic Hardware

want to create a hardware chooser only, and if you want to do the task in hardware, or if you can't you don't want to do it at all, then pass in a (B_ALGORITHM_CHOOSER)NULL_PTR as the swReplacement argument.

Note that often a software backup is not necessarily possible. A token may possess the signing key and does not allow it to leave the device. If you can not do the task in hardware, you can not do it in software, since you do not have the key. On the other hand, if the token is simply an accelerator, maybe it is possible to have a software backup. If you have the key data and you can give it to the token or the Crypto-C software, either "device" will be able to do the job. If the hardware is there, you get the accelerator. If the hardware is not there, you still get the job done.

Now that we have our choosers our code does not need to change.

A_RSA_KEY_GEN_PARAMS keyGenParams;

if ((status = B_CreateKeyObject (&pubKey)) != 0) break;

if ((status = B_CreateKeyObject (&priKey)) != 0) break;

if ((status = B_CreateAlgorithmObject (&rsaGen)) != 0) break;

keyGenParams.modulusBits = 1024; keyGenParams.publicExponent.data = expo; keyGenParams.publicExponent.len = sizeof (expo); if ((status = B_SetAlgorithmInfo

(rsaGen, AI_RSAKeyGen, (POINTER)&keyGenParams)) != 0) break;

The code looks just the same as non-PKCS #11 code. This will work with the PKCS #11 hardware. However, there is a new key generating AI that allows you to include key attributes. PKCS #11 (and other hardware interfaces) defines key attributes that specify more about the key than just the key data. For instance, you may want your private key to be a token key (the data resides on the token) and private (it is not allowed to leave the token). You may want to define the key as signing only (it is not allowed to be used to open a digital envelope). In this case, use AI_KeypairGen.

1 3 8

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Image 160

RSA Security 5.2.2 manual Using Cryptographic Hardware

Contents

Crypto-C Cryptographic Components for CTrademarks License agreementDistribution Limit distribution of this document to trusted personnelContents Quick Start CryptographyN t e n t s Using Crypto-C 101 Algorithms in Crypto-CNon-Cryptographic Operations 151 Saved StateSymmetric-Key Operations 177 Public-Key Operations 213Secret Sharing Operations 305 Putting It All Together An X9.31 ExampleAppendix a Command-Line Demos 327 Glossary 339 Index 349List of Figures A B S a F E C r y p t o C D e v e l o p e r ’s G u i d e List of Tables A B S a F E C r y p t o C D e v e l o p e r ’s G u i d e Preface What’s New in Version 5.2.2? Improved performanceHardware support MultiPrime RSAOrganization of This Manual Advanced Encryption Standard AESOrganization of This Manual E f a c eConventions Used in This Manual Crypto-C procedures to use with algorithm objectConventions Used in This Manual Terms and Abbreviations Terms and AbbreviationsRelated Documents Related DocumentsA B S a F E C r y p t o C D e v e l o p e r ’s G u i d e Ieee Standard Specifications for Public-Key Cryptography on Http//stdsbbs.ieee.org/groups/1363/index.htmlHow to Contact RSA Security RSA Security Web Site Getting Support and ServiceHow to Contact RSA Security You can get technical support as followsIntroduction Crypto-C Toolkit AlgorithmsPublic-Key Algorithms Digital SignaturesElliptic Curve Public-Key Algorithms Secret SharingCryptographic Standards and Crypto-C Pkcs Standards and Crypto-CNist Standards and Crypto-C Nist Approval and Windows 32-bit PlatformsPkcs Compared with Nist Nist Approval and Windows NT PlatformsAnsi X9 Standards and Crypto-C Quick Start Six-Step Sequence Six-Step SequenceIntroductory Example Include FilesCreating an Algorithm Object Introductory ExampleWhere Pointer is defined in aglobal.h Nullptr is also defined in aglobal.hTypedef unsigned char *POINTER #define Nullptr POINTER0Balgorithmobj algorithmObject Algorithm object Setting the Algorithm ObjectAlgorithm information Init BreakCreating a Key Object Setting a Key ObjectFor our example, we use Int BSetKeyInfo Key informationSelecting an Algorithm Chooser Now we can complete the call to BSetKeyInfoUpdate Saving the Object State optionalSurrender Context We can now complete our call to BEncryptInitOutput data buffer Unsigned intLength of output data Input dataFor now, we declare Unsigned int outputLenUpdateUnsigned char *encryptedData = Nullptr If status = BEncryptUpdate FinalDestroy Asurrenderctx *surrenderContext Surrender contextFor our example, we use the following Pointer to key objectBalgorithmobj * algorithmObject Pointer blockPutting It All Together For this example, call Tfree as followsTfree encryptedData If rc4KeyItem.data != NullptrInit If status = BEncryptInit Introductory Example If encryptedData != Nullptr EncryptedData = Nullptr End mainDecrypting the Introductory Example Creating the Key ObjectDecrypting the Introductory Example First create the algorithm objectSetting the Key Object Always destroy objects when you no longer need them DecryptedData = NullptrMultiple Updates Multiple UpdatesUpdatesize Break End whileMultiple Updates Summary of the Six Steps IncludeCreate SetFinal Page Cryptography Cryptography Overview Symmetric-Key CryptographyCiphers Cryptography OverviewBlock Ciphers PaddingCiphers in Crypto-C Crypto-C implements the following block ciphersTriple DES 2Triple DES Encryption as Implemented in Crypto-CRC5 RC6 Modes of Operation Four ModesElectronic Codebook ECB Mode 3Electronic Codebook ECB ModeCipher Block Chaining CBC Mode Cipher Feedback CFB Mode5Cipher Feedback CFB Mode Output Feedback OFB Mode 6Output Feedback Mode OFB Stream CiphersMessage Digests RC4 algorithm with MACMessage Digests and Pseudo-Random Numbers Password-Based Encryption Hash-Based Message Authentication Codes Hmac8DES Key and IV Generation for Password Based Encryption Public-Key CryptographyRSA Algorithm 9Public-Key CryptographyModular Math Prime NumbersMultiPrime Numbers RSA AlgorithmCryptography Overview Summary SecurityCalculation is shown in Table 1Calculation of 827 modDigital Envelopes Optimal Asymmetric Encryption Padding Oaep10Digital Envelope Authentication and Digital Signatures Cryptography Overview 11RSA Digital Signature Digital Signature Algorithm DSA Digital Certificates MathDiffie-Hellman Public Key Agreement AlgorithmPhase PhaseParameter Generation Math Elliptic Curve Cryptography Multiple-Party Key AgreementElliptic Curve Parameters Finite FieldFields of Even Characteristic Odd Prime FieldsCoefficients Over an Odd Prime Field = 0·I ≡ 2·2m-1·Imod2mCoefficients Over a Field of Even Characteristic Point P and its OrderPoints of an Elliptic Curve Elliptic curve parametersOrder of an Elliptic Curve Order of a PointPoint of Prime Order Is written EFqSummary of Elliptic Curve Terminology CofactorOrder n of P Is sometimes called the base point 2Elliptic Curve ParametersRepresenting Fields of Even Characteristic Elliptic Curve Key Pair GenerationCreating the Key Pair Ecdsa Signature SchemeSigning a Message Verifying a Signature MathRecall that Q = dP, so Elliptic Curve Authenticated Encryption Scheme EcaesNow recall that s = k-1e+dr mod n, so Encrypting a Message Using the Public Key Decrypting a Message Using the Private Key Elliptic Curve Diffie-Hellman Key AgreementPhase 13Elliptic Curve Diffie-Hellman Key Agreement Secret Sharing First coordinate of S, xS, is their agreed-upon secret keyWorking with Keys Key GenerationKey Management Key EscrowApplications of Cryptography Ascii Encoding and DecodingLocal Applications Applications of CryptographyPoint-to-Point Applications Client/Server Applications Peer-to-Peer Applications Choosing Algorithms Public-Key vs. Symmetric-Key CryptographyStream vs. Block Symmetric-Key Algorithms Choosing AlgorithmsBlock Symmetric-Key Algorithms Key Agreement vs. Digital EnvelopesSecret Sharing and Key Escrow Elliptic Curve AlgorithmsInteroperability Security Considerations Handling Private KeysElliptic Curve Standards Security ConsiderationsTemporary Buffers Pseudo-Random Numbers and Seed GenerationChoosing Passwords DES Weak Keys Initialization Vectors and Salts3DES Weak and Semi-Weak Keys Stream Ciphers Timing Attacks and BlindingPick a random value r and compute = mre mod nChoosing Key Sizes MD5p padP MD5q padQ mRSA Keys 4Summary of Recommended Key SizesDiffie-Hellman Parameters and DSA Keys RC2 Effective Key BitsRC4 Key Bits RC5 Key Bits and RoundsElliptic Curve Keys Using Crypto-C Algorithms in Crypto-CInformation Formats Provided by Crypto-C Basic Algorithm Info TypesBER-Based Algorithm Info Types Algorithms in Crypto-CSummary of AIs PEM-Based Algorithm Info TypesBSAFE1 Algorithm Info Types 1Message DigestsAlgorithms in Crypto-C 2Message Authentication 3ASCII Encoding4Pseudo-Random Number Generation 5Symmetric Stream CiphersAlgorithms in Crypto-C 5Symmetric Stream Ciphers 6Symmetric Block CiphersAlgorithms in Crypto-C 6Symmetric Block Ciphers RC27RSA Public-Key Cryptography Key GenerationAlgorithms in Crypto-C 7RSA Public-Key Cryptography Oaep8DSA Public-Key Cryptography Digital SignaturesAlgorithms in Crypto-C 9Diffie-Hellman Key Agreement 10Elliptic Curve Public-Key Cryptography11Bloom-Shamir Secret Sharing 10 Elliptic Curve Public-Key Cryptography12Hardware Interface Algorithms in Crypto-C 13Advanced Encryption Standard AES Algorithm Info TypeKeys In Crypto-C Summary of KIsKeys In Crypto-C 15Block Cipher Keys16RSA Public and Private Keys Keys In Crypto-C 15Block Cipher Keys17DSA Public and Private Keys Keys In Crypto-C 18Elliptic Curve Keys System Considerations In Crypto-C Algorithm ChoosersAn Encryption Algorithm Chooser System Considerations In Crypto-CAn RSA Algorithm Chooser Surrender Context Description of AIX962RandomV0 instead of AISHA1RandomSample Surrender Function Also gives the form that a surrender function must haveReserved for future use Int *Surrender Pointer handleSaving State When to Allocate Memory Memory-Management Routines Memory-Management Routines and Standard C LibrariesCrypto-C uses the following memory-management routines Tmalloc Trealloc Tfree Tmemset Tmemcpy Tmemmove TmemcmpMemory Allocation BER/DER EncodingBinary Data Typedef struct unsigned char *data unsigned int len System Considerations In Crypto-C Input and Output Symmetric Block AlgorithmsInput constraints Output considerations20Input Limits for RSA Pkcs Encryption General Considerations DES Keys Key SizePublic Key Size Private Key Size C2 58 60 B1 00 C2 58 60 B1Using Cryptographic Hardware Using Cryptographic HardwareInterfacing with a Bhapi Implementation 2Algorithm Object in a Hardware Implementation Pkcs #11 Support Using a Pkcs #11 Device with Crypto-C Using Cryptographic Hardware Balgorithmmethod *RSASIGNHWCHOOSER = &AMMD5 Using Cryptographic Hardware KeypairGenParams.privateKeyAttributes.tokenFlag = TfprivateNow generate Using Cryptographic Hardware Using Cryptographic Hardware Return Behardware Pkcs #11 Support for DSA Key Pair Generation Balgorithmmethod *DSAKEYGENCHOOSER = &AMDSAKEYGEN P11KeyGenParams.privateKeyAttributes.keyUsage = POINTER&pubKeyData-paramsAdvanced Pkcs #11 For an RSA private key, it would be thisDigest 00 00 00 66 a9 47 2d 80 5aHardware Issues Random NumbersCkrv rv Rv = CKBYTEPTRseedBuffer, CKULONGseedLenUsing Cryptographic Hardware Page Non-Cryptographic Operations Message Digests Creating a DigestMessage Digests Example in this section corresponds to the file mdigest.cIf status = BDigestInit Your call will be the following If status = BDigestUpdate#define Digestlen Remember to destroy all objects when you are done with them BER-Encoding the DigestSaved State Saving the State of a Digest Algorithm ObjectFollowing example BER-encodes the preceeding sample digest Item stateInfo = Null Message Digests 1Code Sample DigestDataSavedState Status = Rsademoealloc breakMessage Digests Hash-Based Message Authentication Code Hmac Hash-Based Message Authentication CodeGenerate a random 24-byte key using KI24Byte Hash-Based Message Authentication Code HmacCreate the key object RandomAlgorithm, keyData, KEYSIZE, Asurrenderctx *NULLPTR != Unsigned char *digestedData unsigned int digestedDataLen Generating Random Numbers with SHA1 Generating Random NumbersGenerating Random Numbers Setting The Algorithm Object Random Seed Puts Enter a random seed if status = Unsigned char *gets char *randomSeed != 0 breakGenerate If status = BGenerateRandomBytesGenerating Independent Streams of Randomness This step is identical to the previous exampleTypedef struct Additional seedingThese steps are identical to the previous example Steps 4, 5Item randomSeed AX931RANDOMPARAMS x931Params Encoding Binary Data To Ascii Converting Data Between BinaryConverting Data Between Binary and Ascii If status = BEncodeInit asciiEncoder != 0 break Decoding ASCII-Encoded Data BDestroyAlgorithmObject &asciiEncoder Tfree asciiEncodingIf status = BDecodeInit asciiDecoder != 0 break If status = binaryDecoding == Nullptr != 0 breakBDestroyAlgorithmObject &asciiDecoder Tfree binaryDecoding Symmetric-Key Operations Block Ciphers DES with CBCBlock Ciphers Example in this section corresponds to the file descbc.cExamples include des, rc5 RC5 parametersPoints at init vector Item For new padding schemesNow set up the Bblkcipherwfeedbackparams structure Call BGenerateRandomBytesDepends on cipher type, as follows Format of info supplied to BSetKeyInfoUnsigned int outputBufferSize Decrypting RC2 Cipher Now you can set your algorithm object as follows Init Use a random number generator to come up with 24 bytes If rc2KeyItem.data != NullptrUpdate EncryptedData = Nullptr If rc2KeyItem.data != Nullptr RC5 Cipher 255 Unsigned int 0x10 Unsigned intInitialization vector Unsigned char initVector8 ARC5CBCPARAMS rc5Params Item rc5KeyItem Use a random number generator to create 10 bytesIf rc5KeyItem.data != Nullptr Update Final RC6 Cipher EncryptedData = Nullptr#define Blocksize Unsigned char initVectorBLOCKSIZE Setting the Key Data If rc6KeyItem.data != Nullptr Break OutputLenTotal = outputLenUpdate + outputLenFinal AES Cipher Been allocatedUnsigned char *aesParams Creating a Key Object If aesKeyItem.data != Nullptr Final Password-Based Encryption Unsigned char * salt Iteration countInit Tmemset pbeKeyItem.data, 0, Maxpwlen Update Final Page Public-Key Operations Generating a Key Pair Performing RSA OperationsPerforming RSA Operations Where Item is There is no in generating a key pair Destroy What is MultiPrime? MultiPrimeMultiPrime Milliseconds Private non-CRTHow Many Primes? Two-Prime RSA 48.8 17.5 Three-Prime RSA 10.9Sample BGenerateInit RsaGenBGenerateKeypair BGetKeyInfoGenerating an RSA MultiPrime Key Set the Algorithm ObjectDistributing an RSA Public Key If status = BGenerateInit keypairGeneratorBER/DER Encoding Crypto-C FormatIf you looked at the elements of the struct Format of info returned by BGetKeyInfo If status = myPublicKeyBER.data == Nullptr !=Send it off Remember to free any memory you allocated RSA Public-Key EncryptionTfree myPublicKeyBER.data Reference Manual entry on AIPKCSRSAPublic states Input constraints#define Blocksize RSA Private-Key Decryption If status = BDecryptInit Optimal Asymetric Encryption Padding Oaep Raw RSA Encryption and DecryptionMultiPrime RSA Digital Signatures Computing a Digital SignatureSetting The Algorithm Object Entry for the AI in use Verifying a Digital Signature Surrender context outlined in The Surrender Context onIf status = BVerifyInit Update Generating DSA Parameters Performing DSA OperationsPerforming DSA Operations There is no in generating DSA parameters Bdsaparamgenparams dsaParams DsaParams.primeBits =Generate Generating a DSA Key Pair DSA Signatures Computing a Digital Signature Creating An Algorithm Object Properly cast Nullptr for the surrender context #define Maxsiglen To verify the signature created here, use the same AI Data and you know its length, your call is the following Generating Diffie-Hellman Parameters Performing Diffie-Hellman Key AgreementAdhparamgenparams There is no in generating Diffie-Hellman parameters Adhparamgenparams dhParamsDestroy Distributing Diffie-Hellman Parameters Base generatorBER Format If you look at the elements of the structA p t e r 7 P u b l i c K e y O p e r a t i o n s Diffie-Hellman Key Agreement Item dhParametersBERIf status = BKeyAgreeInit Phase Saving the Object State Other party should send their public value and its lengthGenerating Elliptic Curve Parameters Performing Elliptic Curve OperationsPerforming Elliptic Curve Operations Input of 0 defaults to fieldElementBits Input of 0 defaults toFormat of info supplied to BSetAlgorithmInfo Implementation versionPerforming Elliptic Curve Operations No Update step is necessary for parameter generation Retrieving Elliptic Curve Parameters GeneralFlag =Indicates type of base field It is the prime numberCase that fieldType = Ftfp Elliptic curve coefficientIf status = output-base.data == Nullptr != 0 break Aecparams ecParamInfo If status = output-order.data == Nullptr != 0 breakFreeECParamInfo&ecParamInfo Generating an Elliptic Curve Key Pair Sample code, FreeECParamInfo is implemented as followsBecparams paramInfo There is no Update step for key generation InitializeRetrieving an Elliptic Curve Key KIECPublic gives a pointer to an Aecpublickey structurePublic component Aecparams curveParamsPerforming Elliptic Curve Operations Generating a Generic Acceleration Table Generating Acceleration TablesEnd FreeECPubKeyInfo Format the information Retrieve the elliptic curve parametersAecparams *cryptocECParamInfo Aecparams ecParamInfo There is no Update step for building acceleration tables For odd prime fieldBuild the acceleration table Allocate memoryItem accelTableItem Generating a Public-Key Acceleration Table Retrieve the public key informationPut the information retrieved in the proper format FreeECPubKeyInfo&publicKeyInfoItem pubKeyAccelTableItem unsigned int maxTableLen Performing EC Diffie-Hellman Key Agreement Build the public-key acceleration tableItem pubKeyAccelTableItem GeneralFlag = If status = BBuildTableFinalCreate Optional Set Acceleration Table Info If status = alicePublicValue == Nullptr != 0 break Performing Ecdsa in Compliance with Ansi If status = aliceSecretValue == Nullptr != 0 breakGenerating EC Parameters Generating an EC Key PairComputing a Digital Signature Create Build an algorithm chooser with the appropriate AMs Item aTableItemAecparams *ecParamInfo Now, using BSignUpdate, pass in the data to be signedIf status = signature == Nullptr != 0 break Initialized random algorithm in BSignFinal Destroy all objects that are no longer neededUse the same AI and digestInfo as you did for signing Unsigned int signatureLenOptional Set Public Key Acceleration Table Info Performing Ecdsa with X9.62-Compliant BER Item stockECParamsBER ECParamsBER154 = 0x30 0x810x52 0xd1 0x7aStockECParamsBER.data = ECParamsBER stockECParamsBER.len = DataToSign = 0x53 0x680x73 0x79Aecparams *ecParamsInfo Use the same AI as you did for signing Using Ecaes Tfreesignature BDestoryAlgorithmObject &ecDSAVerifyUsing an EC Key Pair Using Elliptic Curve ParametersEcaes Public-Key Encryption Now, pass this information into your algorithm object Optional Acceleration TableItem accelerationTableItem Break FieldElementLen = ecParamInfo-fieldElementBits + 7 Final Steps for decryption are similar to those for encryption Ecaes Private-Key DecryptionCreate an algorithm object BDecryptUpdate OutputLenUpdateMaxDecryptedDataLen = outputLenTotal = TmallocmaxDecryptedDataLenPage Secret Sharing Generating SharesSecret Sharing Example in this section corresponds to the file scrtshar.c#define Secretsize 16 #define Totalshares If status = secretSharecount == Nullptr != 0 break Break If status != 0 breakUnsigned int outputLenFinal If status = BEncryptFinal Tfree secretSharecountReconstructing the Secret Use the same AI, AIBSSecretSharingAsurrenderctx *NULLPTR != 0 break If status != 0 break BDestroyAlgorithmObject &secretReconstructer Page Putting It All Together An X9.31 Example X9.31 Sample Program X9.31 Sample ProgramBkeyobj privateKey = Bkeyobjnullptr Item randomSeed Generating Random Bytes Static unsigned char f4Data = 0x01, 0x00Unsigned int status Printf ================================================\nTo create a random algorithm object and set the parameters Providing the Seed Generating a Key Pair Break Printf ============================= \n Computing a Digital SignatureRsaVerifyX931. For signing, use rsaSignX931 AX931PARAMS Break Init Verifying the Signature If status != Surrendering Control Return End GeneralSurrenderFunctionPrinting the Buffer Contents Overview of the Demos Appendix aCommand-Line Demo User’s Guide Command Line modeInput Redirection mode Command-Line Demo User’s GuideSpecifying User Keys Using BdemoSign a File Verify a Signed File Create a File EnvelopeOpen a File Envelope Generate a Key Pair Running Bdemodsa Using BdemodsaEnter any arbitrary string of printable characters Sign a File Using Bdemoec Running BdemoecFile Reference File ReferenceTable A-1Demo Program Source Files BSLite BSLite Table A-1Demo Program Source FilesBSLite Page Glossary Advanced Encryption Standard Series of steps used to complete a taskAmerican National Standards Institute Application Programming InterfaceO s s a r y Generic security service application program interface Electronic business Data InterchangeSee ECC See XORProcess of having a third party hold onto encryption keys Process that creates a larger key from the original keyAct of creating a key An algorithm that generates the subkeys in a block cipherData to be encrypted Extra bits concatenated with a key, password, or plaintextPrivate key in the RSA public-key cryptosystem Number extracted from a pseudo- random sequence Secure Multipurpose Internet Mail ExtensionsSimple Mail Transfer Protocol Secure Wide Area NetworkSee secret key Trusted Computer System Evaluation CriteriaXOR Page Index Ecdsa D e A B S a F E C r y p t o C D e v e l o p e r ’s G u i d e D e See also RC4 subprime