Manuals / RSA Security / TV and Video / Projection Television

RSA Security 5.2.2 manual Update, #define Secretsize 16 #define Totalshares

Models: 5.2.2

1 376

Download 376 pages 13.91 Kb

Page 329

Secret Sharing

if ((status = B_EncryptInit (secretSplitter, (B_KEY_OBJ)NULL_PTR, (B_ALGORITHM_CHOOSER)NULL_PTR, (A_SURRENDER_CTX *)NULL_PTR)) != 0)

break;

Step 4: Update

Call B_EncryptUpdate once for each of the total number of shares. Each call to

B_EncryptUpdate produces a share. For each share, you must allocate a space that is one byte larger than the secret. A share is actually the same size as the secret, but Crypto-C also appends one byte containing the number of the share. (This is why Crypto-C limits the shares to 255; it is the largest integer one byte can represent.) Make sure you do not overwrite a previous share.

The input for each call to B_EncryptUpdate is the secret itself. You also need a random algorithm for the first call to B_EncryptUpdate. You can pass a random algorithm each time, however; Crypto-C simply ignores it on each successive call. Complete Steps 1 through 4 of “Generating Random Numbers” on page 165. You do not need random bytes, only an algorithm that can generate them. This function is not too time- consuming, so it is reasonable to pass a properly cast NULL_PTR for the surrender context.

To create four shares, you could use the following:

#define SECRET_SIZE 16 #define TOTAL_SHARES 4

static unsigned char secretKey[SECRET_SIZE] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10

};

unsigned char *secretShare[TOTAL_SHARES]; unsigned int secretShareLen[TOTAL_SHARES]; int count;

for (count = 0; count < TOTAL_SHARES; ++count) secretShare[count] = NULL_PTR;

C h a p t e r 8 S e c r e t S h a r i n g O p e r a t i o n s

3 0 7

Image 329

RSA Security 5.2.2 manual Update, #define Secretsize 16 #define Totalshares

Contents

Cryptographic Components for C Crypto-CLicense agreement TrademarksDistribution Limit distribution of this document to trusted personnelContents Cryptography Quick StartN t e n t s Algorithms in Crypto-C Using Crypto-C 101Saved State Non-Cryptographic Operations 151Public-Key Operations 213 Symmetric-Key Operations 177Putting It All Together An X9.31 Example Secret Sharing Operations 305Glossary 339 Index 349 Appendix a Command-Line Demos 327List of Figures A B S a F E C r y p t o C D e v e l o p e r ’s G u i d e List of Tables A B S a F E C r y p t o C D e v e l o p e r ’s G u i d e Preface Improved performance What’s New in Version 5.2.2?Hardware support MultiPrime RSAAdvanced Encryption Standard AES Organization of This ManualOrganization of This Manual E f a c eConventions Used in This Manual Crypto-C procedures to use with algorithm objectConventions Used in This Manual Terms and Abbreviations Terms and AbbreviationsA B S a F E C r y p t o C D e v e l o p e r ’s G u i d e Related DocumentsRelated Documents Http//stdsbbs.ieee.org/groups/1363/index.html Ieee Standard Specifications for Public-Key Cryptography onRSA Security Web Site Getting Support and Service How to Contact RSA SecurityHow to Contact RSA Security You can get technical support as followsIntroduction Algorithms Crypto-C ToolkitDigital Signatures Public-Key AlgorithmsElliptic Curve Public-Key Algorithms Secret SharingPkcs Standards and Crypto-C Cryptographic Standards and Crypto-CNist Standards and Crypto-C Nist Approval and Windows 32-bit PlatformsNist Approval and Windows NT Platforms Pkcs Compared with NistAnsi X9 Standards and Crypto-C Quick Start Six-Step Sequence Six-Step SequenceInclude Files Introductory ExampleCreating an Algorithm Object Introductory ExampleNullptr is also defined in aglobal.h Where Pointer is defined in aglobal.hTypedef unsigned char *POINTER #define Nullptr POINTER0Algorithm information Setting the Algorithm ObjectBalgorithmobj algorithmObject Algorithm object Break InitFor our example, we use Setting a Key ObjectCreating a Key Object Key information Int BSetKeyInfoNow we can complete the call to BSetKeyInfo Selecting an Algorithm ChooserSaving the Object State optional UpdateSurrender Context We can now complete our call to BEncryptInitUnsigned int Output data bufferLength of output data Input dataUnsigned char *encryptedData = Nullptr Unsigned int outputLenUpdateFor now, we declare Final If status = BEncryptUpdateAsurrenderctx *surrenderContext Surrender context DestroyPointer to key object For our example, we use the followingBalgorithmobj * algorithmObject Pointer blockFor this example, call Tfree as follows Putting It All TogetherTfree encryptedData If rc4KeyItem.data != NullptrInit If status = BEncryptInit Introductory Example EncryptedData = Nullptr End main If encryptedData != NullptrCreating the Key Object Decrypting the Introductory ExampleDecrypting the Introductory Example First create the algorithm objectSetting the Key Object DecryptedData = Nullptr Always destroy objects when you no longer need themMultiple Updates Multiple UpdatesBreak End while UpdatesizeMultiple Updates Include Summary of the Six StepsCreate SetFinal Page Cryptography Symmetric-Key Cryptography Cryptography OverviewCiphers Cryptography OverviewPadding Block CiphersCiphers in Crypto-C Crypto-C implements the following block ciphers2Triple DES Encryption as Implemented in Crypto-C Triple DESRC5 RC6 Four Modes Modes of Operation3Electronic Codebook ECB Mode Electronic Codebook ECB ModeCipher Feedback CFB Mode Cipher Block Chaining CBC Mode5Cipher Feedback CFB Mode Output Feedback OFB Mode Stream Ciphers 6Output Feedback Mode OFBRC4 algorithm with MAC Message DigestsMessage Digests and Pseudo-Random Numbers Hash-Based Message Authentication Codes Hmac Password-Based EncryptionPublic-Key Cryptography 8DES Key and IV Generation for Password Based Encryption9Public-Key Cryptography RSA AlgorithmPrime Numbers Modular MathMultiPrime Numbers RSA AlgorithmCryptography Overview Security SummaryCalculation is shown in Table 1Calculation of 827 modOptimal Asymmetric Encryption Padding Oaep Digital Envelopes10Digital Envelope Authentication and Digital Signatures Cryptography Overview 11RSA Digital Signature Digital Signature Algorithm DSA Math Digital CertificatesAlgorithm Diffie-Hellman Public Key AgreementParameter Generation PhasePhase Math Multiple-Party Key Agreement Elliptic Curve CryptographyFinite Field Elliptic Curve ParametersOdd Prime Fields Fields of Even Characteristic= 0·I ≡ 2·2m-1·Imod2m Coefficients Over an Odd Prime FieldPoint P and its Order Coefficients Over a Field of Even CharacteristicPoints of an Elliptic Curve Elliptic curve parametersOrder of a Point Order of an Elliptic CurvePoint of Prime Order Is written EFqCofactor Summary of Elliptic Curve TerminologyOrder n of P Is sometimes called the base point 2Elliptic Curve ParametersElliptic Curve Key Pair Generation Representing Fields of Even CharacteristicSigning a Message Ecdsa Signature SchemeCreating the Key Pair Math Verifying a SignatureNow recall that s = k-1e+dr mod n, so Elliptic Curve Authenticated Encryption Scheme EcaesRecall that Q = dP, so Encrypting a Message Using the Public Key Elliptic Curve Diffie-Hellman Key Agreement Decrypting a Message Using the Private KeyPhase 13Elliptic Curve Diffie-Hellman Key Agreement First coordinate of S, xS, is their agreed-upon secret key Secret SharingKey Generation Working with KeysKey Escrow Key ManagementAscii Encoding and Decoding Applications of CryptographyLocal Applications Applications of CryptographyPoint-to-Point Applications Client/Server Applications Peer-to-Peer Applications Public-Key vs. Symmetric-Key Cryptography Choosing AlgorithmsStream vs. Block Symmetric-Key Algorithms Choosing AlgorithmsKey Agreement vs. Digital Envelopes Block Symmetric-Key AlgorithmsElliptic Curve Algorithms Secret Sharing and Key EscrowInteroperability Handling Private Keys Security ConsiderationsElliptic Curve Standards Security ConsiderationsPseudo-Random Numbers and Seed Generation Temporary BuffersChoosing Passwords 3DES Weak and Semi-Weak Keys Initialization Vectors and SaltsDES Weak Keys Timing Attacks and Blinding Stream Ciphers= mre mod n Pick a random value r and computeMD5p padP MD5q padQ m Choosing Key Sizes4Summary of Recommended Key Sizes RSA KeysRC2 Effective Key Bits Diffie-Hellman Parameters and DSA KeysRC4 Key Bits RC5 Key Bits and RoundsElliptic Curve Keys Algorithms in Crypto-C Using Crypto-CBasic Algorithm Info Types Information Formats Provided by Crypto-CBER-Based Algorithm Info Types Algorithms in Crypto-CPEM-Based Algorithm Info Types Summary of AIsBSAFE1 Algorithm Info Types 1Message Digests3ASCII Encoding Algorithms in Crypto-C 2Message Authentication4Pseudo-Random Number Generation 5Symmetric Stream Ciphers6Symmetric Block Ciphers Algorithms in Crypto-C 5Symmetric Stream CiphersRC2 Algorithms in Crypto-C 6Symmetric Block CiphersKey Generation 7RSA Public-Key CryptographyOaep Algorithms in Crypto-C 7RSA Public-Key CryptographyDigital Signatures 8DSA Public-Key Cryptography10Elliptic Curve Public-Key Cryptography Algorithms in Crypto-C 9Diffie-Hellman Key Agreement12Hardware Interface 10 Elliptic Curve Public-Key Cryptography11Bloom-Shamir Secret Sharing Algorithm Info Type Algorithms in Crypto-C 13Advanced Encryption Standard AESSummary of KIs Keys In Crypto-CKeys In Crypto-C 15Block Cipher Keys17DSA Public and Private Keys Keys In Crypto-C 15Block Cipher Keys16RSA Public and Private Keys Keys In Crypto-C 18Elliptic Curve Keys Algorithm Choosers System Considerations In Crypto-CAn Encryption Algorithm Chooser System Considerations In Crypto-CAn RSA Algorithm Chooser Description of AIX962RandomV0 instead of AISHA1Random Surrender ContextAlso gives the form that a surrender function must have Sample Surrender FunctionReserved for future use Int *Surrender Pointer handleSaving State When to Allocate Memory Memory-Management Routines and Standard C Libraries Memory-Management RoutinesCrypto-C uses the following memory-management routines Tmalloc Trealloc Tfree Tmemset Tmemcpy Tmemmove TmemcmpBinary Data BER/DER EncodingMemory Allocation Typedef struct unsigned char *data unsigned int len System Considerations In Crypto-C Symmetric Block Algorithms Input and OutputInput constraints Output considerations20Input Limits for RSA Pkcs Encryption General Considerations Public Key Size Key SizeDES Keys Private Key Size 00 C2 58 60 B1 C2 58 60 B1Interfacing with a Bhapi Implementation Using Cryptographic HardwareUsing Cryptographic Hardware 2Algorithm Object in a Hardware Implementation Pkcs #11 Support Using a Pkcs #11 Device with Crypto-C Using Cryptographic Hardware Balgorithmmethod *RSASIGNHWCHOOSER = &AMMD5 Using Cryptographic Hardware Tfprivate KeypairGenParams.privateKeyAttributes.tokenFlag =Now generate Using Cryptographic Hardware Using Cryptographic Hardware Return Behardware Pkcs #11 Support for DSA Key Pair Generation Balgorithmmethod *DSAKEYGENCHOOSER = &AMDSAKEYGEN POINTER&pubKeyData-params P11KeyGenParams.privateKeyAttributes.keyUsage =For an RSA private key, it would be this Advanced Pkcs #11Digest 00 00 00 66 a9 47 2d 80 5aRandom Numbers Hardware IssuesCkrv rv Rv = CKBYTEPTRseedBuffer, CKULONGseedLenUsing Cryptographic Hardware Page Non-Cryptographic Operations Creating a Digest Message DigestsMessage Digests Example in this section corresponds to the file mdigest.cIf status = BDigestInit #define Digestlen If status = BDigestUpdateYour call will be the following BER-Encoding the Digest Remember to destroy all objects when you are done with themFollowing example BER-encodes the preceeding sample digest Saving the State of a Digest Algorithm ObjectSaved State Item stateInfo = Null Message Digests Status = Rsademoealloc break 1Code Sample DigestDataSavedStateMessage Digests Hash-Based Message Authentication Code Hash-Based Message Authentication Code HmacCreate the key object Hash-Based Message Authentication Code HmacGenerate a random 24-byte key using KI24Byte RandomAlgorithm, keyData, KEYSIZE, Asurrenderctx *NULLPTR != Unsigned char *digestedData unsigned int digestedDataLen Generating Random Numbers Generating Random NumbersGenerating Random Numbers with SHA1 Setting The Algorithm Object Random Seed Unsigned char *gets char *randomSeed != 0 break Puts Enter a random seed if status =If status = BGenerateRandomBytes GenerateThis step is identical to the previous example Generating Independent Streams of RandomnessTypedef struct Additional seedingItem randomSeed AX931RANDOMPARAMS x931Params Steps 4, 5These steps are identical to the previous example Converting Data Between Binary and Ascii Converting Data Between BinaryEncoding Binary Data To Ascii If status = BEncodeInit asciiEncoder != 0 break BDestroyAlgorithmObject &asciiEncoder Tfree asciiEncoding Decoding ASCII-Encoded DataIf status = binaryDecoding == Nullptr != 0 break If status = BDecodeInit asciiDecoder != 0 breakBDestroyAlgorithmObject &asciiDecoder Tfree binaryDecoding Symmetric-Key Operations DES with CBC Block CiphersBlock Ciphers Example in this section corresponds to the file descbc.cRC5 parameters Examples include des, rc5Points at init vector Item For new padding schemesCall BGenerateRandomBytes Now set up the Bblkcipherwfeedbackparams structureFormat of info supplied to BSetKeyInfo Depends on cipher type, as followsUnsigned int outputBufferSize Decrypting RC2 Cipher Now you can set your algorithm object as follows Init If rc2KeyItem.data != Nullptr Use a random number generator to come up with 24 bytesUpdate EncryptedData = Nullptr If rc2KeyItem.data != Nullptr RC5 Cipher Initialization vector 0x10 Unsigned int255 Unsigned int Unsigned char initVector8 ARC5CBCPARAMS rc5Params If rc5KeyItem.data != Nullptr Use a random number generator to create 10 bytesItem rc5KeyItem Update Final EncryptedData = Nullptr RC6 Cipher#define Blocksize Unsigned char initVectorBLOCKSIZE Setting the Key Data If rc6KeyItem.data != Nullptr Break OutputLenTotal = outputLenUpdate + outputLenFinal Been allocated AES CipherUnsigned char *aesParams Creating a Key Object If aesKeyItem.data != Nullptr Final Password-Based Encryption Iteration count Unsigned char * saltInit Tmemset pbeKeyItem.data, 0, Maxpwlen Update Final Page Public-Key Operations Performing RSA Operations Performing RSA OperationsGenerating a Key Pair Where Item is There is no in generating a key pair Destroy MultiPrime What is MultiPrime?MultiPrime Milliseconds Private non-CRTTwo-Prime RSA 48.8 17.5 Three-Prime RSA 10.9 How Many Primes?Sample RsaGen BGenerateInitBGenerateKeypair BGetKeyInfoSet the Algorithm Object Generating an RSA MultiPrime KeyIf status = BGenerateInit keypairGenerator Distributing an RSA Public KeyIf you looked at the elements of the struct Crypto-C FormatBER/DER Encoding If status = myPublicKeyBER.data == Nullptr != Format of info returned by BGetKeyInfoTfree myPublicKeyBER.data RSA Public-Key EncryptionSend it off Remember to free any memory you allocated Input constraints Reference Manual entry on AIPKCSRSAPublic states#define Blocksize RSA Private-Key Decryption If status = BDecryptInit Raw RSA Encryption and Decryption Optimal Asymetric Encryption Padding OaepMultiPrime Computing a Digital Signature RSA Digital SignaturesSetting The Algorithm Object Entry for the AI in use Surrender context outlined in The Surrender Context on Verifying a Digital SignatureIf status = BVerifyInit Update Performing DSA Operations Performing DSA OperationsGenerating DSA Parameters Bdsaparamgenparams dsaParams DsaParams.primeBits = There is no in generating DSA parametersGenerate Generating a DSA Key Pair DSA Signatures Computing a Digital Signature Creating An Algorithm Object Properly cast Nullptr for the surrender context #define Maxsiglen To verify the signature created here, use the same AI Data and you know its length, your call is the following Performing Diffie-Hellman Key Agreement Generating Diffie-Hellman ParametersAdhparamgenparams Adhparamgenparams dhParams There is no in generating Diffie-Hellman parametersDestroy Base generator Distributing Diffie-Hellman ParametersIf you look at the elements of the struct BER FormatA p t e r 7 P u b l i c K e y O p e r a t i o n s Item dhParametersBER Diffie-Hellman Key AgreementIf status = BKeyAgreeInit Phase Other party should send their public value and its length Saving the Object StatePerforming Elliptic Curve Operations Performing Elliptic Curve OperationsGenerating Elliptic Curve Parameters Input of 0 defaults to Input of 0 defaults to fieldElementBitsFormat of info supplied to BSetAlgorithmInfo Implementation versionPerforming Elliptic Curve Operations No Update step is necessary for parameter generation GeneralFlag = Retrieving Elliptic Curve ParametersIt is the prime number Indicates type of base fieldCase that fieldType = Ftfp Elliptic curve coefficientIf status = output-base.data == Nullptr != 0 break FreeECParamInfo&ecParamInfo If status = output-order.data == Nullptr != 0 breakAecparams ecParamInfo Sample code, FreeECParamInfo is implemented as follows Generating an Elliptic Curve Key PairBecparams paramInfo Initialize There is no Update step for key generationKIECPublic gives a pointer to an Aecpublickey structure Retrieving an Elliptic Curve KeyPublic component Aecparams curveParamsPerforming Elliptic Curve Operations End FreeECPubKeyInfo Generating Acceleration TablesGenerating a Generic Acceleration Table Aecparams *cryptocECParamInfo Aecparams ecParamInfo Retrieve the elliptic curve parametersFormat the information For odd prime field There is no Update step for building acceleration tablesItem accelTableItem Allocate memoryBuild the acceleration table Retrieve the public key information Generating a Public-Key Acceleration TableFreeECPubKeyInfo&publicKeyInfo Put the information retrieved in the proper formatItem pubKeyAccelTableItem unsigned int maxTableLen Build the public-key acceleration table Performing EC Diffie-Hellman Key AgreementItem pubKeyAccelTableItem GeneralFlag = If status = BBuildTableFinalCreate Optional Set Acceleration Table Info If status = alicePublicValue == Nullptr != 0 break If status = aliceSecretValue == Nullptr != 0 break Performing Ecdsa in Compliance with AnsiGenerating an EC Key Pair Generating EC ParametersComputing a Digital Signature Create Item aTableItem Build an algorithm chooser with the appropriate AMsIf status = signature == Nullptr != 0 break Now, using BSignUpdate, pass in the data to be signedAecparams *ecParamInfo Destroy all objects that are no longer needed Initialized random algorithm in BSignFinalUse the same AI and digestInfo as you did for signing Unsigned int signatureLenOptional Set Public Key Acceleration Table Info Performing Ecdsa with X9.62-Compliant BER ECParamsBER154 = 0x30 0x81 Item stockECParamsBER0x52 0xd1 0x7aStockECParamsBER.data = ECParamsBER stockECParamsBER.len = 0x68 DataToSign = 0x530x73 0x79Aecparams *ecParamsInfo Use the same AI as you did for signing Tfreesignature BDestoryAlgorithmObject &ecDSAVerify Using EcaesEcaes Public-Key Encryption Using Elliptic Curve ParametersUsing an EC Key Pair Item accelerationTableItem Optional Acceleration TableNow, pass this information into your algorithm object Break FieldElementLen = ecParamInfo-fieldElementBits + 7 Final Create an algorithm object Ecaes Private-Key DecryptionSteps for decryption are similar to those for encryption OutputLenUpdate BDecryptUpdateMaxDecryptedDataLen = outputLenTotal = TmallocmaxDecryptedDataLenPage Generating Shares Secret SharingExample in this section corresponds to the file scrtshar.c Secret Sharing#define Secretsize 16 #define Totalshares Break If status != 0 break If status = secretSharecount == Nullptr != 0 breakUnsigned int outputLenFinal If status = BEncryptFinal Tfree secretSharecountUse the same AI, AIBSSecretSharing Reconstructing the SecretAsurrenderctx *NULLPTR != 0 break If status != 0 break BDestroyAlgorithmObject &secretReconstructer Page Putting It All Together An X9.31 Example Bkeyobj privateKey = Bkeyobjnullptr Item randomSeed X9.31 Sample ProgramX9.31 Sample Program Static unsigned char f4Data = 0x01, 0x00 Generating Random BytesUnsigned int status Printf ================================================\nTo create a random algorithm object and set the parameters Providing the Seed Generating a Key Pair Break RsaVerifyX931. For signing, use rsaSignX931 Computing a Digital SignaturePrintf ============================= \n AX931PARAMS Break Init Verifying the Signature If status != Return End GeneralSurrenderFunction Surrendering ControlPrinting the Buffer Contents Appendix a Overview of the DemosCommand Line mode Command-Line Demo User’s GuideInput Redirection mode Command-Line Demo User’s GuideSign a File Using BdemoSpecifying User Keys Open a File Envelope Create a File EnvelopeVerify a Signed File Generate a Key Pair Enter any arbitrary string of printable characters Using BdemodsaRunning Bdemodsa Sign a File Running Bdemoec Using BdemoecTable A-1Demo Program Source Files File ReferenceFile Reference BSLite Table A-1Demo Program Source Files BSLiteBSLite Page Glossary Series of steps used to complete a task Advanced Encryption StandardAmerican National Standards Institute Application Programming InterfaceO s s a r y Electronic business Data Interchange Generic security service application program interfaceSee ECC See XORProcess that creates a larger key from the original key Process of having a third party hold onto encryption keysAct of creating a key An algorithm that generates the subkeys in a block cipherPrivate key in the RSA public-key cryptosystem Extra bits concatenated with a key, password, or plaintextData to be encrypted Secure Multipurpose Internet Mail Extensions Number extracted from a pseudo- random sequenceSecure Wide Area Network Simple Mail Transfer ProtocolSee secret key Trusted Computer System Evaluation CriteriaXOR Page Index Ecdsa D e A B S a F E C r y p t o C D e v e l o p e r ’s G u i d e D e See also RC4 subprime