Manuals / RSA Security / TV and Video / Projection Television

RSA Security 5.2.2 manual Performing Elliptic Curve Operations

Models: 5.2.2

1 376

Download 376 pages 13.91 Kb

Page 294

Performing Elliptic Curve Operations

B_GetKeyInfo gives a pointer to memory, but this memory is owned by Crypto-C. If you want to store this information, you need to make your own copy of the information because another call to Crypto-C may modify the memory owned by Crypto-C. The routines AllocAndCopyECPubKeyInfo and FreeECPubKeyInfo given here retrieve and store the key information. These routines are used in the sample code for building public-key acceleration tables.

AllocAndCopyECPubKeyInfo takes as input a pointer to an A_EC_PUBLIC_KEY structure containing memory belonging to Crypto-C. It copies the information from the structure owned by Crypto-C to an A_EC_PUBLIC_KEY structure created by the application and outputs a pointer to the structure just created. The memory allocated with AllocAndCopyECPubKeyInfo should be freed using FreeECPubKeyInfo when appropriate:

int AllocAndCopyECPubKeyInfo(output, input) A_EC_PUBLIC_KEY *output; A_EC_PUBLIC_KEY *input;

{

int status;

do {

output->publicKey.len = input->publicKey.len; output->publicKey.data = T_malloc(output->publicKey.len); if ((status = (output->publicKey.data == NULL_PTR)) != 0)

break;

T_memcpy(output->publicKey.data, input->publicKey.data, output->publicKey.len);

if ((status = AllocAndCopyECParamInfo(&(output->curveParams), &(input->curveParams))) != 0)

break; } while(0);

if (status != 0)

printf("AllocAndCopyECPubKeyInfo failed with status %i\n", status);

return status;

}/* end AllocAndCopyECPubKeyInfo */

FreeECPubKeyInfo takes a pointer to an A_EC_PUBLIC_KEY structure that contains space that was allocated by AllocAndCopyECPubKeyInfo and calls T_malloc to free all allocated data:

2 7 2

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Image 294

RSA Security 5.2.2 manual Performing Elliptic Curve Operations

Contents

Crypto-C Cryptographic Components for CDistribution TrademarksLicense agreement Limit distribution of this document to trusted personnelContents Quick Start CryptographyN t e n t s Using Crypto-C 101 Algorithms in Crypto-CNon-Cryptographic Operations 151 Saved StateSymmetric-Key Operations 177 Public-Key Operations 213Secret Sharing Operations 305 Putting It All Together An X9.31 ExampleAppendix a Command-Line Demos 327 Glossary 339 Index 349List of Figures A B S a F E C r y p t o C D e v e l o p e r ’s G u i d e List of Tables A B S a F E C r y p t o C D e v e l o p e r ’s G u i d e Preface Hardware support What’s New in Version 5.2.2?Improved performance MultiPrime RSAOrganization of This Manual Organization of This ManualAdvanced Encryption Standard AES E f a c eCrypto-C procedures to use with algorithm object Conventions Used in This ManualConventions Used in This Manual Terms and Abbreviations Terms and AbbreviationsRelated Documents Related DocumentsA B S a F E C r y p t o C D e v e l o p e r ’s G u i d e Ieee Standard Specifications for Public-Key Cryptography on Http//stdsbbs.ieee.org/groups/1363/index.htmlHow to Contact RSA Security How to Contact RSA SecurityRSA Security Web Site Getting Support and Service You can get technical support as followsIntroduction Crypto-C Toolkit AlgorithmsElliptic Curve Public-Key Algorithms Public-Key AlgorithmsDigital Signatures Secret SharingNist Standards and Crypto-C Cryptographic Standards and Crypto-CPkcs Standards and Crypto-C Nist Approval and Windows 32-bit PlatformsPkcs Compared with Nist Nist Approval and Windows NT PlatformsAnsi X9 Standards and Crypto-C Quick Start Six-Step Sequence Six-Step SequenceCreating an Algorithm Object Introductory ExampleInclude Files Introductory ExampleTypedef unsigned char *POINTER Where Pointer is defined in aglobal.hNullptr is also defined in aglobal.h #define Nullptr POINTER0Setting the Algorithm Object Balgorithmobj algorithmObject Algorithm objectAlgorithm information Init BreakSetting a Key Object Creating a Key ObjectFor our example, we use Int BSetKeyInfo Key informationSelecting an Algorithm Chooser Now we can complete the call to BSetKeyInfoSurrender Context UpdateSaving the Object State optional We can now complete our call to BEncryptInitLength of output data Output data bufferUnsigned int Input dataUnsigned int outputLenUpdate For now, we declareUnsigned char *encryptedData = Nullptr If status = BEncryptUpdate FinalDestroy Asurrenderctx *surrenderContext Surrender contextBalgorithmobj * algorithmObject For our example, we use the followingPointer to key object Pointer blockTfree encryptedData Putting It All TogetherFor this example, call Tfree as follows If rc4KeyItem.data != NullptrInit If status = BEncryptInit Introductory Example If encryptedData != Nullptr EncryptedData = Nullptr End mainDecrypting the Introductory Example Decrypting the Introductory ExampleCreating the Key Object First create the algorithm objectSetting the Key Object Always destroy objects when you no longer need them DecryptedData = NullptrMultiple Updates Multiple UpdatesUpdatesize Break End whileMultiple Updates Create Summary of the Six StepsInclude SetFinal Page Cryptography Ciphers Cryptography OverviewSymmetric-Key Cryptography Cryptography OverviewCiphers in Crypto-C Block CiphersPadding Crypto-C implements the following block ciphersTriple DES 2Triple DES Encryption as Implemented in Crypto-CRC5 RC6 Modes of Operation Four ModesElectronic Codebook ECB Mode 3Electronic Codebook ECB ModeCipher Block Chaining CBC Mode Cipher Feedback CFB Mode5Cipher Feedback CFB Mode Output Feedback OFB Mode 6Output Feedback Mode OFB Stream CiphersMessage Digests RC4 algorithm with MACMessage Digests and Pseudo-Random Numbers Password-Based Encryption Hash-Based Message Authentication Codes Hmac8DES Key and IV Generation for Password Based Encryption Public-Key CryptographyRSA Algorithm 9Public-Key CryptographyMultiPrime Numbers Modular MathPrime Numbers RSA AlgorithmCryptography Overview Calculation is shown in Table SummarySecurity 1Calculation of 827 modDigital Envelopes Optimal Asymmetric Encryption Padding Oaep10Digital Envelope Authentication and Digital Signatures Cryptography Overview 11RSA Digital Signature Digital Signature Algorithm DSA Digital Certificates MathDiffie-Hellman Public Key Agreement AlgorithmPhase PhaseParameter Generation Math Elliptic Curve Cryptography Multiple-Party Key AgreementElliptic Curve Parameters Finite FieldFields of Even Characteristic Odd Prime FieldsCoefficients Over an Odd Prime Field = 0·I ≡ 2·2m-1·Imod2mPoints of an Elliptic Curve Coefficients Over a Field of Even CharacteristicPoint P and its Order Elliptic curve parametersPoint of Prime Order Order of an Elliptic CurveOrder of a Point Is written EFqOrder n of P Is sometimes called the base point Summary of Elliptic Curve TerminologyCofactor 2Elliptic Curve ParametersRepresenting Fields of Even Characteristic Elliptic Curve Key Pair GenerationEcdsa Signature Scheme Creating the Key PairSigning a Message Verifying a Signature MathElliptic Curve Authenticated Encryption Scheme Ecaes Recall that Q = dP, soNow recall that s = k-1e+dr mod n, so Encrypting a Message Using the Public Key Decrypting a Message Using the Private Key Elliptic Curve Diffie-Hellman Key AgreementPhase 13Elliptic Curve Diffie-Hellman Key Agreement Secret Sharing First coordinate of S, xS, is their agreed-upon secret keyWorking with Keys Key GenerationKey Management Key EscrowLocal Applications Applications of CryptographyAscii Encoding and Decoding Applications of CryptographyPoint-to-Point Applications Client/Server Applications Peer-to-Peer Applications Stream vs. Block Symmetric-Key Algorithms Choosing AlgorithmsPublic-Key vs. Symmetric-Key Cryptography Choosing AlgorithmsBlock Symmetric-Key Algorithms Key Agreement vs. Digital EnvelopesSecret Sharing and Key Escrow Elliptic Curve AlgorithmsInteroperability Elliptic Curve Standards Security ConsiderationsHandling Private Keys Security ConsiderationsTemporary Buffers Pseudo-Random Numbers and Seed GenerationChoosing Passwords Initialization Vectors and Salts DES Weak Keys3DES Weak and Semi-Weak Keys Stream Ciphers Timing Attacks and BlindingPick a random value r and compute = mre mod nChoosing Key Sizes MD5p padP MD5q padQ mRSA Keys 4Summary of Recommended Key SizesRC4 Key Bits Diffie-Hellman Parameters and DSA KeysRC2 Effective Key Bits RC5 Key Bits and RoundsElliptic Curve Keys Using Crypto-C Algorithms in Crypto-CBER-Based Algorithm Info Types Information Formats Provided by Crypto-CBasic Algorithm Info Types Algorithms in Crypto-CBSAFE1 Algorithm Info Types Summary of AIsPEM-Based Algorithm Info Types 1Message Digests4Pseudo-Random Number Generation Algorithms in Crypto-C 2Message Authentication3ASCII Encoding 5Symmetric Stream CiphersAlgorithms in Crypto-C 5Symmetric Stream Ciphers 6Symmetric Block CiphersAlgorithms in Crypto-C 6Symmetric Block Ciphers RC27RSA Public-Key Cryptography Key GenerationAlgorithms in Crypto-C 7RSA Public-Key Cryptography Oaep8DSA Public-Key Cryptography Digital SignaturesAlgorithms in Crypto-C 9Diffie-Hellman Key Agreement 10Elliptic Curve Public-Key Cryptography10 Elliptic Curve Public-Key Cryptography 11Bloom-Shamir Secret Sharing12Hardware Interface Algorithms in Crypto-C 13Advanced Encryption Standard AES Algorithm Info TypeKeys In Crypto-C Keys In Crypto-CSummary of KIs 15Block Cipher KeysKeys In Crypto-C 15Block Cipher Keys 16RSA Public and Private Keys17DSA Public and Private Keys Keys In Crypto-C 18Elliptic Curve Keys An Encryption Algorithm Chooser System Considerations In Crypto-CAlgorithm Choosers System Considerations In Crypto-CAn RSA Algorithm Chooser Surrender Context Description of AIX962RandomV0 instead of AISHA1RandomReserved for future use Sample Surrender FunctionAlso gives the form that a surrender function must have Int *Surrender Pointer handleSaving State When to Allocate Memory Crypto-C uses the following memory-management routines Memory-Management RoutinesMemory-Management Routines and Standard C Libraries Tmalloc Trealloc Tfree Tmemset Tmemcpy Tmemmove TmemcmpBER/DER Encoding Memory AllocationBinary Data Typedef struct unsigned char *data unsigned int len System Considerations In Crypto-C Input constraints Input and OutputSymmetric Block Algorithms Output considerations20Input Limits for RSA Pkcs Encryption General Considerations Key Size DES KeysPublic Key Size Private Key Size C2 58 60 B1 00 C2 58 60 B1Using Cryptographic Hardware Using Cryptographic HardwareInterfacing with a Bhapi Implementation 2Algorithm Object in a Hardware Implementation Pkcs #11 Support Using a Pkcs #11 Device with Crypto-C Using Cryptographic Hardware Balgorithmmethod *RSASIGNHWCHOOSER = &AMMD5 Using Cryptographic Hardware KeypairGenParams.privateKeyAttributes.tokenFlag = TfprivateNow generate Using Cryptographic Hardware Using Cryptographic Hardware Return Behardware Pkcs #11 Support for DSA Key Pair Generation Balgorithmmethod *DSAKEYGENCHOOSER = &AMDSAKEYGEN P11KeyGenParams.privateKeyAttributes.keyUsage = POINTER&pubKeyData-paramsDigest Advanced Pkcs #11For an RSA private key, it would be this 00 00 00 66 a9 47 2d 80 5aCkrv rv Rv = Hardware IssuesRandom Numbers CKBYTEPTRseedBuffer, CKULONGseedLenUsing Cryptographic Hardware Page Non-Cryptographic Operations Message Digests Message DigestsCreating a Digest Example in this section corresponds to the file mdigest.cIf status = BDigestInit If status = BDigestUpdate Your call will be the following#define Digestlen Remember to destroy all objects when you are done with them BER-Encoding the DigestSaving the State of a Digest Algorithm Object Saved StateFollowing example BER-encodes the preceeding sample digest Item stateInfo = Null Message Digests 1Code Sample DigestDataSavedState Status = Rsademoealloc breakMessage Digests Hash-Based Message Authentication Code Hmac Hash-Based Message Authentication CodeHash-Based Message Authentication Code Hmac Generate a random 24-byte key using KI24ByteCreate the key object RandomAlgorithm, keyData, KEYSIZE, Asurrenderctx *NULLPTR != Unsigned char *digestedData unsigned int digestedDataLen Generating Random Numbers Generating Random Numbers with SHA1Generating Random Numbers Setting The Algorithm Object Random Seed Puts Enter a random seed if status = Unsigned char *gets char *randomSeed != 0 breakGenerate If status = BGenerateRandomBytesTypedef struct Generating Independent Streams of RandomnessThis step is identical to the previous example Additional seedingSteps 4, 5 These steps are identical to the previous exampleItem randomSeed AX931RANDOMPARAMS x931Params Converting Data Between Binary Encoding Binary Data To AsciiConverting Data Between Binary and Ascii If status = BEncodeInit asciiEncoder != 0 break Decoding ASCII-Encoded Data BDestroyAlgorithmObject &asciiEncoder Tfree asciiEncodingIf status = BDecodeInit asciiDecoder != 0 break If status = binaryDecoding == Nullptr != 0 breakBDestroyAlgorithmObject &asciiDecoder Tfree binaryDecoding Symmetric-Key Operations Block Ciphers Block CiphersDES with CBC Example in this section corresponds to the file descbc.cPoints at init vector Item Examples include des, rc5RC5 parameters For new padding schemesNow set up the Bblkcipherwfeedbackparams structure Call BGenerateRandomBytesDepends on cipher type, as follows Format of info supplied to BSetKeyInfoUnsigned int outputBufferSize Decrypting RC2 Cipher Now you can set your algorithm object as follows Init Use a random number generator to come up with 24 bytes If rc2KeyItem.data != NullptrUpdate EncryptedData = Nullptr If rc2KeyItem.data != Nullptr RC5 Cipher 0x10 Unsigned int 255 Unsigned intInitialization vector Unsigned char initVector8 ARC5CBCPARAMS rc5Params Use a random number generator to create 10 bytes Item rc5KeyItemIf rc5KeyItem.data != Nullptr Update Final RC6 Cipher EncryptedData = Nullptr#define Blocksize Unsigned char initVectorBLOCKSIZE Setting the Key Data If rc6KeyItem.data != Nullptr Break OutputLenTotal = outputLenUpdate + outputLenFinal AES Cipher Been allocatedUnsigned char *aesParams Creating a Key Object If aesKeyItem.data != Nullptr Final Password-Based Encryption Unsigned char * salt Iteration countInit Tmemset pbeKeyItem.data, 0, Maxpwlen Update Final Page Public-Key Operations Performing RSA Operations Generating a Key PairPerforming RSA Operations Where Item is There is no in generating a key pair Destroy MultiPrime What is MultiPrime?MultiPrime Milliseconds Private non-CRTHow Many Primes? Two-Prime RSA 48.8 17.5 Three-Prime RSA 10.9Sample BGenerateKeypair BGenerateInitRsaGen BGetKeyInfoGenerating an RSA MultiPrime Key Set the Algorithm ObjectDistributing an RSA Public Key If status = BGenerateInit keypairGeneratorCrypto-C Format BER/DER EncodingIf you looked at the elements of the struct Format of info returned by BGetKeyInfo If status = myPublicKeyBER.data == Nullptr !=RSA Public-Key Encryption Send it off Remember to free any memory you allocatedTfree myPublicKeyBER.data Reference Manual entry on AIPKCSRSAPublic states Input constraints#define Blocksize RSA Private-Key Decryption If status = BDecryptInit Optimal Asymetric Encryption Padding Oaep Raw RSA Encryption and DecryptionMultiPrime RSA Digital Signatures Computing a Digital SignatureSetting The Algorithm Object Entry for the AI in use Verifying a Digital Signature Surrender context outlined in The Surrender Context onIf status = BVerifyInit Update Performing DSA Operations Generating DSA ParametersPerforming DSA Operations There is no in generating DSA parameters Bdsaparamgenparams dsaParams DsaParams.primeBits =Generate Generating a DSA Key Pair DSA Signatures Computing a Digital Signature Creating An Algorithm Object Properly cast Nullptr for the surrender context #define Maxsiglen To verify the signature created here, use the same AI Data and you know its length, your call is the following Generating Diffie-Hellman Parameters Performing Diffie-Hellman Key AgreementAdhparamgenparams There is no in generating Diffie-Hellman parameters Adhparamgenparams dhParamsDestroy Distributing Diffie-Hellman Parameters Base generatorBER Format If you look at the elements of the structA p t e r 7 P u b l i c K e y O p e r a t i o n s Diffie-Hellman Key Agreement Item dhParametersBERIf status = BKeyAgreeInit Phase Saving the Object State Other party should send their public value and its lengthPerforming Elliptic Curve Operations Generating Elliptic Curve ParametersPerforming Elliptic Curve Operations Format of info supplied to BSetAlgorithmInfo Input of 0 defaults to fieldElementBitsInput of 0 defaults to Implementation versionPerforming Elliptic Curve Operations No Update step is necessary for parameter generation Retrieving Elliptic Curve Parameters GeneralFlag =Case that fieldType = Ftfp Indicates type of base fieldIt is the prime number Elliptic curve coefficientIf status = output-base.data == Nullptr != 0 break If status = output-order.data == Nullptr != 0 break Aecparams ecParamInfoFreeECParamInfo&ecParamInfo Generating an Elliptic Curve Key Pair Sample code, FreeECParamInfo is implemented as followsBecparams paramInfo There is no Update step for key generation InitializePublic component Retrieving an Elliptic Curve KeyKIECPublic gives a pointer to an Aecpublickey structure Aecparams curveParamsPerforming Elliptic Curve Operations Generating Acceleration Tables Generating a Generic Acceleration TableEnd FreeECPubKeyInfo Retrieve the elliptic curve parameters Format the informationAecparams *cryptocECParamInfo Aecparams ecParamInfo There is no Update step for building acceleration tables For odd prime fieldAllocate memory Build the acceleration tableItem accelTableItem Generating a Public-Key Acceleration Table Retrieve the public key informationPut the information retrieved in the proper format FreeECPubKeyInfo&publicKeyInfoItem pubKeyAccelTableItem unsigned int maxTableLen Item pubKeyAccelTableItem Performing EC Diffie-Hellman Key AgreementBuild the public-key acceleration table GeneralFlag = If status = BBuildTableFinalCreate Optional Set Acceleration Table Info If status = alicePublicValue == Nullptr != 0 break Performing Ecdsa in Compliance with Ansi If status = aliceSecretValue == Nullptr != 0 breakGenerating EC Parameters Generating an EC Key PairComputing a Digital Signature Create Build an algorithm chooser with the appropriate AMs Item aTableItemNow, using BSignUpdate, pass in the data to be signed Aecparams *ecParamInfoIf status = signature == Nullptr != 0 break Use the same AI and digestInfo as you did for signing Initialized random algorithm in BSignFinalDestroy all objects that are no longer needed Unsigned int signatureLenOptional Set Public Key Acceleration Table Info Performing Ecdsa with X9.62-Compliant BER 0x52 0xd1 Item stockECParamsBERECParamsBER154 = 0x30 0x81 0x7aStockECParamsBER.data = ECParamsBER stockECParamsBER.len = 0x73 DataToSign = 0x530x68 0x79Aecparams *ecParamsInfo Use the same AI as you did for signing Using Ecaes Tfreesignature BDestoryAlgorithmObject &ecDSAVerifyUsing Elliptic Curve Parameters Using an EC Key PairEcaes Public-Key Encryption Optional Acceleration Table Now, pass this information into your algorithm objectItem accelerationTableItem Break FieldElementLen = ecParamInfo-fieldElementBits + 7 Final Ecaes Private-Key Decryption Steps for decryption are similar to those for encryptionCreate an algorithm object MaxDecryptedDataLen = outputLenTotal BDecryptUpdateOutputLenUpdate = TmallocmaxDecryptedDataLenPage Secret Sharing Generating SharesSecret Sharing Example in this section corresponds to the file scrtshar.c#define Secretsize 16 #define Totalshares Unsigned int outputLenFinal If status = BEncryptFinal If status = secretSharecount == Nullptr != 0 breakBreak If status != 0 break Tfree secretSharecountReconstructing the Secret Use the same AI, AIBSSecretSharingAsurrenderctx *NULLPTR != 0 break If status != 0 break BDestroyAlgorithmObject &secretReconstructer Page Putting It All Together An X9.31 Example X9.31 Sample Program X9.31 Sample ProgramBkeyobj privateKey = Bkeyobjnullptr Item randomSeed Unsigned int status Generating Random BytesStatic unsigned char f4Data = 0x01, 0x00 Printf ================================================\nTo create a random algorithm object and set the parameters Providing the Seed Generating a Key Pair Break Computing a Digital Signature Printf ============================= \nRsaVerifyX931. For signing, use rsaSignX931 AX931PARAMS Break Init Verifying the Signature If status != Surrendering Control Return End GeneralSurrenderFunctionPrinting the Buffer Contents Overview of the Demos Appendix aInput Redirection mode Command-Line Demo User’s GuideCommand Line mode Command-Line Demo User’s GuideUsing Bdemo Specifying User KeysSign a File Create a File Envelope Verify a Signed FileOpen a File Envelope Generate a Key Pair Using Bdemodsa Running BdemodsaEnter any arbitrary string of printable characters Sign a File Using Bdemoec Running BdemoecFile Reference File ReferenceTable A-1Demo Program Source Files BSLite BSLite Table A-1Demo Program Source FilesBSLite Page Glossary American National Standards Institute Advanced Encryption StandardSeries of steps used to complete a task Application Programming InterfaceO s s a r y See ECC Generic security service application program interfaceElectronic business Data Interchange See XORAct of creating a key Process of having a third party hold onto encryption keysProcess that creates a larger key from the original key An algorithm that generates the subkeys in a block cipherExtra bits concatenated with a key, password, or plaintext Data to be encryptedPrivate key in the RSA public-key cryptosystem Number extracted from a pseudo- random sequence Secure Multipurpose Internet Mail ExtensionsSee secret key Simple Mail Transfer ProtocolSecure Wide Area Network Trusted Computer System Evaluation CriteriaXOR Page Index Ecdsa D e A B S a F E C r y p t o C D e v e l o p e r ’s G u i d e D e See also RC4 subprime