Manuals / RSA Security / TV and Video / Projection Television

RSA Security 5.2.2 manual Generating Random Numbers with SHA1

Models: 5.2.2

1 376

Download 376 pages 13.91 Kb

Page 187

Generating Random Numbers

Generating Random Numbers

In the “Introductory Example” on page 9, we hard-coded the DES key. In an actual application, you would use randomly-generated values. Crypto-C allows you to generate a pseudo-random sequence of bytes using a pseudo-random number generator (PRNG). These PRNGs are based on the message digests MD2, MD5, and SHA1. This section shows how to use AI_X962Random_V0, a SHA1-based pseudo- random number generator. Its implementation can also be used as a model for the MD2 and MD5 random number generators. This model should be used for most random-number generation methods.

Note: There is also AI_X931Random, which is a SHA1-based pseudo-random number generator that allows multiple streams of randomness. It is intended primarily for use with AI_RSAStrongKeyGen, and should not be used for general-purpose random-number generation. For an example of how to use AI_X931Random, see “Putting It All Together: An X9.31 Example” on page 313.

Generating Random Numbers with SHA1

The example in this section corresponds to the file genbytes.c. This example, which uses AI_X962Random_V0, can easily be modified to use the PRNGs based on MD2 and MD5, AI_MD2Random and AI_MD5Random, respectively.

Step 1: Creating An Algorithm Object

Declare a variable to be B_ALGORITHM_OBJ. As defined in the function prototype in Chapter 4 of the Reference Manual, its address is the argument for B_CreateAlgorithmObject:

B_ALGORITHM_OBJ randomAlgorithm = (B_ALGORITHM_OBJ)NULL_PTR;

if ((status = B_CreateAlgorithmObject (&randomAlgorithm)) != 0) break;

C h a p t e r 5 N o n - C r y p t o g r a p h i c O p e r a t i o n s

1 6 5

Image 187

RSA Security 5.2.2 manual Generating Random Numbers with SHA1

Contents

Cryptographic Components for C Crypto-CLimit distribution of this document to trusted personnel TrademarksLicense agreement DistributionContents Cryptography Quick StartN t e n t s Algorithms in Crypto-C Using Crypto-C 101Saved State Non-Cryptographic Operations 151Public-Key Operations 213 Symmetric-Key Operations 177Putting It All Together An X9.31 Example Secret Sharing Operations 305Glossary 339 Index 349 Appendix a Command-Line Demos 327List of Figures A B S a F E C r y p t o C D e v e l o p e r ’s G u i d e List of Tables A B S a F E C r y p t o C D e v e l o p e r ’s G u i d e Preface MultiPrime RSA What’s New in Version 5.2.2?Improved performance Hardware supportE f a c e Organization of This ManualAdvanced Encryption Standard AES Organization of This ManualConventions Used in This Manual Crypto-C procedures to use with algorithm objectConventions Used in This Manual Terms and Abbreviations Terms and AbbreviationsRelated Documents Related DocumentsA B S a F E C r y p t o C D e v e l o p e r ’s G u i d e Http//stdsbbs.ieee.org/groups/1363/index.html Ieee Standard Specifications for Public-Key Cryptography onYou can get technical support as follows How to Contact RSA SecurityRSA Security Web Site Getting Support and Service How to Contact RSA SecurityIntroduction Algorithms Crypto-C ToolkitSecret Sharing Public-Key AlgorithmsDigital Signatures Elliptic Curve Public-Key AlgorithmsNist Approval and Windows 32-bit Platforms Cryptographic Standards and Crypto-CPkcs Standards and Crypto-C Nist Standards and Crypto-CNist Approval and Windows NT Platforms Pkcs Compared with NistAnsi X9 Standards and Crypto-C Quick Start Six-Step Sequence Six-Step SequenceIntroductory Example Introductory ExampleInclude Files Creating an Algorithm Object#define Nullptr POINTER0 Where Pointer is defined in aglobal.hNullptr is also defined in aglobal.h Typedef unsigned char *POINTERBalgorithmobj algorithmObject Algorithm object Setting the Algorithm ObjectAlgorithm information Break InitCreating a Key Object Setting a Key ObjectFor our example, we use Key information Int BSetKeyInfoNow we can complete the call to BSetKeyInfo Selecting an Algorithm ChooserWe can now complete our call to BEncryptInit UpdateSaving the Object State optional Surrender ContextInput data Output data bufferUnsigned int Length of output dataFor now, we declare Unsigned int outputLenUpdateUnsigned char *encryptedData = Nullptr Final If status = BEncryptUpdateAsurrenderctx *surrenderContext Surrender context DestroyPointer block For our example, we use the followingPointer to key object Balgorithmobj * algorithmObjectIf rc4KeyItem.data != Nullptr Putting It All TogetherFor this example, call Tfree as follows Tfree encryptedDataInit If status = BEncryptInit Introductory Example EncryptedData = Nullptr End main If encryptedData != NullptrFirst create the algorithm object Decrypting the Introductory ExampleCreating the Key Object Decrypting the Introductory ExampleSetting the Key Object DecryptedData = Nullptr Always destroy objects when you no longer need themMultiple Updates Multiple UpdatesBreak End while UpdatesizeMultiple Updates Set Summary of the Six StepsInclude CreateFinal Page Cryptography Cryptography Overview Cryptography OverviewSymmetric-Key Cryptography CiphersCrypto-C implements the following block ciphers Block CiphersPadding Ciphers in Crypto-C2Triple DES Encryption as Implemented in Crypto-C Triple DESRC5 RC6 Four Modes Modes of Operation3Electronic Codebook ECB Mode Electronic Codebook ECB ModeCipher Feedback CFB Mode Cipher Block Chaining CBC Mode5Cipher Feedback CFB Mode Output Feedback OFB Mode Stream Ciphers 6Output Feedback Mode OFBRC4 algorithm with MAC Message DigestsMessage Digests and Pseudo-Random Numbers Hash-Based Message Authentication Codes Hmac Password-Based EncryptionPublic-Key Cryptography 8DES Key and IV Generation for Password Based Encryption9Public-Key Cryptography RSA AlgorithmRSA Algorithm Modular MathPrime Numbers MultiPrime NumbersCryptography Overview 1Calculation of 827 mod SummarySecurity Calculation is shown in TableOptimal Asymmetric Encryption Padding Oaep Digital Envelopes10Digital Envelope Authentication and Digital Signatures Cryptography Overview 11RSA Digital Signature Digital Signature Algorithm DSA Math Digital CertificatesAlgorithm Diffie-Hellman Public Key AgreementPhase PhaseParameter Generation Math Multiple-Party Key Agreement Elliptic Curve CryptographyFinite Field Elliptic Curve ParametersOdd Prime Fields Fields of Even Characteristic= 0·I ≡ 2·2m-1·Imod2m Coefficients Over an Odd Prime FieldElliptic curve parameters Coefficients Over a Field of Even CharacteristicPoint P and its Order Points of an Elliptic CurveIs written EFq Order of an Elliptic CurveOrder of a Point Point of Prime Order2Elliptic Curve Parameters Summary of Elliptic Curve TerminologyCofactor Order n of P Is sometimes called the base pointElliptic Curve Key Pair Generation Representing Fields of Even CharacteristicCreating the Key Pair Ecdsa Signature SchemeSigning a Message Math Verifying a SignatureRecall that Q = dP, so Elliptic Curve Authenticated Encryption Scheme EcaesNow recall that s = k-1e+dr mod n, so Encrypting a Message Using the Public Key Elliptic Curve Diffie-Hellman Key Agreement Decrypting a Message Using the Private KeyPhase 13Elliptic Curve Diffie-Hellman Key Agreement First coordinate of S, xS, is their agreed-upon secret key Secret SharingKey Generation Working with KeysKey Escrow Key ManagementApplications of Cryptography Applications of CryptographyAscii Encoding and Decoding Local ApplicationsPoint-to-Point Applications Client/Server Applications Peer-to-Peer Applications Choosing Algorithms Choosing AlgorithmsPublic-Key vs. Symmetric-Key Cryptography Stream vs. Block Symmetric-Key AlgorithmsKey Agreement vs. Digital Envelopes Block Symmetric-Key AlgorithmsElliptic Curve Algorithms Secret Sharing and Key EscrowInteroperability Security Considerations Security ConsiderationsHandling Private Keys Elliptic Curve StandardsPseudo-Random Numbers and Seed Generation Temporary BuffersChoosing Passwords DES Weak Keys Initialization Vectors and Salts3DES Weak and Semi-Weak Keys Timing Attacks and Blinding Stream Ciphers= mre mod n Pick a random value r and computeMD5p padP MD5q padQ m Choosing Key Sizes4Summary of Recommended Key Sizes RSA KeysRC5 Key Bits and Rounds Diffie-Hellman Parameters and DSA KeysRC2 Effective Key Bits RC4 Key BitsElliptic Curve Keys Algorithms in Crypto-C Using Crypto-CAlgorithms in Crypto-C Information Formats Provided by Crypto-CBasic Algorithm Info Types BER-Based Algorithm Info Types1Message Digests Summary of AIsPEM-Based Algorithm Info Types BSAFE1 Algorithm Info Types5Symmetric Stream Ciphers Algorithms in Crypto-C 2Message Authentication3ASCII Encoding 4Pseudo-Random Number Generation6Symmetric Block Ciphers Algorithms in Crypto-C 5Symmetric Stream CiphersRC2 Algorithms in Crypto-C 6Symmetric Block CiphersKey Generation 7RSA Public-Key CryptographyOaep Algorithms in Crypto-C 7RSA Public-Key CryptographyDigital Signatures 8DSA Public-Key Cryptography10Elliptic Curve Public-Key Cryptography Algorithms in Crypto-C 9Diffie-Hellman Key Agreement11Bloom-Shamir Secret Sharing 10 Elliptic Curve Public-Key Cryptography12Hardware Interface Algorithm Info Type Algorithms in Crypto-C 13Advanced Encryption Standard AES15Block Cipher Keys Keys In Crypto-CSummary of KIs Keys In Crypto-C16RSA Public and Private Keys Keys In Crypto-C 15Block Cipher Keys17DSA Public and Private Keys Keys In Crypto-C 18Elliptic Curve Keys System Considerations In Crypto-C System Considerations In Crypto-CAlgorithm Choosers An Encryption Algorithm ChooserAn RSA Algorithm Chooser Description of AIX962RandomV0 instead of AISHA1Random Surrender ContextInt *Surrender Pointer handle Sample Surrender FunctionAlso gives the form that a surrender function must have Reserved for future useSaving State When to Allocate Memory Tmalloc Trealloc Tfree Tmemset Tmemcpy Tmemmove Tmemcmp Memory-Management RoutinesMemory-Management Routines and Standard C Libraries Crypto-C uses the following memory-management routinesMemory Allocation BER/DER EncodingBinary Data Typedef struct unsigned char *data unsigned int len System Considerations In Crypto-C Output considerations Input and OutputSymmetric Block Algorithms Input constraints20Input Limits for RSA Pkcs Encryption General Considerations DES Keys Key SizePublic Key Size Private Key Size 00 C2 58 60 B1 C2 58 60 B1Using Cryptographic Hardware Using Cryptographic HardwareInterfacing with a Bhapi Implementation 2Algorithm Object in a Hardware Implementation Pkcs #11 Support Using a Pkcs #11 Device with Crypto-C Using Cryptographic Hardware Balgorithmmethod *RSASIGNHWCHOOSER = &AMMD5 Using Cryptographic Hardware Tfprivate KeypairGenParams.privateKeyAttributes.tokenFlag =Now generate Using Cryptographic Hardware Using Cryptographic Hardware Return Behardware Pkcs #11 Support for DSA Key Pair Generation Balgorithmmethod *DSAKEYGENCHOOSER = &AMDSAKEYGEN POINTER&pubKeyData-params P11KeyGenParams.privateKeyAttributes.keyUsage =00 00 00 66 a9 47 2d 80 5a Advanced Pkcs #11For an RSA private key, it would be this DigestCKBYTEPTRseedBuffer, CKULONGseedLen Hardware IssuesRandom Numbers Ckrv rv Rv =Using Cryptographic Hardware Page Non-Cryptographic Operations Example in this section corresponds to the file mdigest.c Message DigestsCreating a Digest Message DigestsIf status = BDigestInit Your call will be the following If status = BDigestUpdate#define Digestlen BER-Encoding the Digest Remember to destroy all objects when you are done with themSaved State Saving the State of a Digest Algorithm ObjectFollowing example BER-encodes the preceeding sample digest Item stateInfo = Null Message Digests Status = Rsademoealloc break 1Code Sample DigestDataSavedStateMessage Digests Hash-Based Message Authentication Code Hash-Based Message Authentication Code HmacGenerate a random 24-byte key using KI24Byte Hash-Based Message Authentication Code HmacCreate the key object RandomAlgorithm, keyData, KEYSIZE, Asurrenderctx *NULLPTR != Unsigned char *digestedData unsigned int digestedDataLen Generating Random Numbers with SHA1 Generating Random NumbersGenerating Random Numbers Setting The Algorithm Object Random Seed Unsigned char *gets char *randomSeed != 0 break Puts Enter a random seed if status =If status = BGenerateRandomBytes GenerateAdditional seeding Generating Independent Streams of RandomnessThis step is identical to the previous example Typedef structThese steps are identical to the previous example Steps 4, 5Item randomSeed AX931RANDOMPARAMS x931Params Encoding Binary Data To Ascii Converting Data Between BinaryConverting Data Between Binary and Ascii If status = BEncodeInit asciiEncoder != 0 break BDestroyAlgorithmObject &asciiEncoder Tfree asciiEncoding Decoding ASCII-Encoded DataIf status = binaryDecoding == Nullptr != 0 break If status = BDecodeInit asciiDecoder != 0 breakBDestroyAlgorithmObject &asciiDecoder Tfree binaryDecoding Symmetric-Key Operations Example in this section corresponds to the file descbc.c Block CiphersDES with CBC Block CiphersFor new padding schemes Examples include des, rc5RC5 parameters Points at init vector ItemCall BGenerateRandomBytes Now set up the Bblkcipherwfeedbackparams structureFormat of info supplied to BSetKeyInfo Depends on cipher type, as followsUnsigned int outputBufferSize Decrypting RC2 Cipher Now you can set your algorithm object as follows Init If rc2KeyItem.data != Nullptr Use a random number generator to come up with 24 bytesUpdate EncryptedData = Nullptr If rc2KeyItem.data != Nullptr RC5 Cipher 255 Unsigned int 0x10 Unsigned intInitialization vector Unsigned char initVector8 ARC5CBCPARAMS rc5Params Item rc5KeyItem Use a random number generator to create 10 bytesIf rc5KeyItem.data != Nullptr Update Final EncryptedData = Nullptr RC6 Cipher#define Blocksize Unsigned char initVectorBLOCKSIZE Setting the Key Data If rc6KeyItem.data != Nullptr Break OutputLenTotal = outputLenUpdate + outputLenFinal Been allocated AES CipherUnsigned char *aesParams Creating a Key Object If aesKeyItem.data != Nullptr Final Password-Based Encryption Iteration count Unsigned char * saltInit Tmemset pbeKeyItem.data, 0, Maxpwlen Update Final Page Public-Key Operations Generating a Key Pair Performing RSA OperationsPerforming RSA Operations Where Item is There is no in generating a key pair Destroy Milliseconds Private non-CRT What is MultiPrime?MultiPrime MultiPrimeTwo-Prime RSA 48.8 17.5 Three-Prime RSA 10.9 How Many Primes?Sample BGetKeyInfo BGenerateInitRsaGen BGenerateKeypairSet the Algorithm Object Generating an RSA MultiPrime KeyIf status = BGenerateInit keypairGenerator Distributing an RSA Public KeyBER/DER Encoding Crypto-C FormatIf you looked at the elements of the struct If status = myPublicKeyBER.data == Nullptr != Format of info returned by BGetKeyInfoSend it off Remember to free any memory you allocated RSA Public-Key EncryptionTfree myPublicKeyBER.data Input constraints Reference Manual entry on AIPKCSRSAPublic states#define Blocksize RSA Private-Key Decryption If status = BDecryptInit Raw RSA Encryption and Decryption Optimal Asymetric Encryption Padding OaepMultiPrime Computing a Digital Signature RSA Digital SignaturesSetting The Algorithm Object Entry for the AI in use Surrender context outlined in The Surrender Context on Verifying a Digital SignatureIf status = BVerifyInit Update Generating DSA Parameters Performing DSA OperationsPerforming DSA Operations Bdsaparamgenparams dsaParams DsaParams.primeBits = There is no in generating DSA parametersGenerate Generating a DSA Key Pair DSA Signatures Computing a Digital Signature Creating An Algorithm Object Properly cast Nullptr for the surrender context #define Maxsiglen To verify the signature created here, use the same AI Data and you know its length, your call is the following Performing Diffie-Hellman Key Agreement Generating Diffie-Hellman ParametersAdhparamgenparams Adhparamgenparams dhParams There is no in generating Diffie-Hellman parametersDestroy Base generator Distributing Diffie-Hellman ParametersIf you look at the elements of the struct BER FormatA p t e r 7 P u b l i c K e y O p e r a t i o n s Item dhParametersBER Diffie-Hellman Key AgreementIf status = BKeyAgreeInit Phase Other party should send their public value and its length Saving the Object StateGenerating Elliptic Curve Parameters Performing Elliptic Curve OperationsPerforming Elliptic Curve Operations Implementation version Input of 0 defaults to fieldElementBitsInput of 0 defaults to Format of info supplied to BSetAlgorithmInfoPerforming Elliptic Curve Operations No Update step is necessary for parameter generation GeneralFlag = Retrieving Elliptic Curve ParametersElliptic curve coefficient Indicates type of base fieldIt is the prime number Case that fieldType = FtfpIf status = output-base.data == Nullptr != 0 break Aecparams ecParamInfo If status = output-order.data == Nullptr != 0 breakFreeECParamInfo&ecParamInfo Sample code, FreeECParamInfo is implemented as follows Generating an Elliptic Curve Key PairBecparams paramInfo Initialize There is no Update step for key generationAecparams curveParams Retrieving an Elliptic Curve KeyKIECPublic gives a pointer to an Aecpublickey structure Public componentPerforming Elliptic Curve Operations Generating a Generic Acceleration Table Generating Acceleration TablesEnd FreeECPubKeyInfo Format the information Retrieve the elliptic curve parametersAecparams *cryptocECParamInfo Aecparams ecParamInfo For odd prime field There is no Update step for building acceleration tablesBuild the acceleration table Allocate memoryItem accelTableItem Retrieve the public key information Generating a Public-Key Acceleration TableFreeECPubKeyInfo&publicKeyInfo Put the information retrieved in the proper formatItem pubKeyAccelTableItem unsigned int maxTableLen GeneralFlag = If status = BBuildTableFinal Performing EC Diffie-Hellman Key AgreementBuild the public-key acceleration table Item pubKeyAccelTableItemCreate Optional Set Acceleration Table Info If status = alicePublicValue == Nullptr != 0 break If status = aliceSecretValue == Nullptr != 0 break Performing Ecdsa in Compliance with AnsiGenerating an EC Key Pair Generating EC ParametersComputing a Digital Signature Create Item aTableItem Build an algorithm chooser with the appropriate AMsAecparams *ecParamInfo Now, using BSignUpdate, pass in the data to be signedIf status = signature == Nullptr != 0 break Unsigned int signatureLen Initialized random algorithm in BSignFinalDestroy all objects that are no longer needed Use the same AI and digestInfo as you did for signingOptional Set Public Key Acceleration Table Info Performing Ecdsa with X9.62-Compliant BER 0x7a Item stockECParamsBERECParamsBER154 = 0x30 0x81 0x52 0xd1StockECParamsBER.data = ECParamsBER stockECParamsBER.len = 0x79 DataToSign = 0x530x68 0x73Aecparams *ecParamsInfo Use the same AI as you did for signing Tfreesignature BDestoryAlgorithmObject &ecDSAVerify Using EcaesUsing an EC Key Pair Using Elliptic Curve ParametersEcaes Public-Key Encryption Now, pass this information into your algorithm object Optional Acceleration TableItem accelerationTableItem Break FieldElementLen = ecParamInfo-fieldElementBits + 7 Final Steps for decryption are similar to those for encryption Ecaes Private-Key DecryptionCreate an algorithm object = TmallocmaxDecryptedDataLen BDecryptUpdateOutputLenUpdate MaxDecryptedDataLen = outputLenTotalPage Generating Shares Secret SharingExample in this section corresponds to the file scrtshar.c Secret Sharing#define Secretsize 16 #define Totalshares Tfree secretSharecount If status = secretSharecount == Nullptr != 0 breakBreak If status != 0 break Unsigned int outputLenFinal If status = BEncryptFinalUse the same AI, AIBSSecretSharing Reconstructing the SecretAsurrenderctx *NULLPTR != 0 break If status != 0 break BDestroyAlgorithmObject &secretReconstructer Page Putting It All Together An X9.31 Example X9.31 Sample Program X9.31 Sample ProgramBkeyobj privateKey = Bkeyobjnullptr Item randomSeed Printf ================================================\n Generating Random BytesStatic unsigned char f4Data = 0x01, 0x00 Unsigned int statusTo create a random algorithm object and set the parameters Providing the Seed Generating a Key Pair Break Printf ============================= \n Computing a Digital SignatureRsaVerifyX931. For signing, use rsaSignX931 AX931PARAMS Break Init Verifying the Signature If status != Return End GeneralSurrenderFunction Surrendering ControlPrinting the Buffer Contents Appendix a Overview of the DemosCommand-Line Demo User’s Guide Command-Line Demo User’s GuideCommand Line mode Input Redirection modeSpecifying User Keys Using BdemoSign a File Verify a Signed File Create a File EnvelopeOpen a File Envelope Generate a Key Pair Running Bdemodsa Using BdemodsaEnter any arbitrary string of printable characters Sign a File Running Bdemoec Using BdemoecFile Reference File ReferenceTable A-1Demo Program Source Files BSLite Table A-1Demo Program Source Files BSLiteBSLite Page Glossary Application Programming Interface Advanced Encryption StandardSeries of steps used to complete a task American National Standards InstituteO s s a r y See XOR Generic security service application program interfaceElectronic business Data Interchange See ECCAn algorithm that generates the subkeys in a block cipher Process of having a third party hold onto encryption keysProcess that creates a larger key from the original key Act of creating a keyData to be encrypted Extra bits concatenated with a key, password, or plaintextPrivate key in the RSA public-key cryptosystem Secure Multipurpose Internet Mail Extensions Number extracted from a pseudo- random sequenceTrusted Computer System Evaluation Criteria Simple Mail Transfer ProtocolSecure Wide Area Network See secret keyXOR Page Index Ecdsa D e A B S a F E C r y p t o C D e v e l o p e r ’s G u i d e D e See also RC4 subprime