RSA Security 4.3 دليل المستخدم

ملخص المحتوى في الصفحة رقم 1

®
RSA BSAFE
Crypto-C
Cryptographic Components for C
®
Intel Security Hardware
User’s Guide
Version 4.3

ملخص المحتوى في الصفحة رقم 2

Copyright Notice © 1999 RSA Security Inc. All rights reserved. This work contains proprietary information of RSA Security Inc. Distribution is limited to authorized licensees of RSA Security Inc. Any unauthorized reproduction or distribution of this document is strictly prohibited. ACE/Server, BSAFE, Genuine RSA Encryption Engine, RC2, RC4, RSA SecurPC, SecurID, SoftID, and WebID are registered trademarks, and ACE/Agent, ACE/Sentry, eSecurity, Genuine RSA encryption, Kane Security Analyst,

ملخص المحتوى في الصفحة رقم 3

Contents Chapter 1 Overview 1 Intel Hardware Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 RSA BSAFE Crypto-C Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 How This Book Is Organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Additional Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

ملخص المحتوى في الصفحة رقم 4

Obtaining a Random Seed from Hardware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Retrieving Hardware Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Generating Random Numbers in Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Appendix A Crypto-C Error Codes 23 Appendix B Intel Security Hardware Error Codes 25 Appendix C Redistributing the Intel Security Driver 27 Determining That the Firmw

ملخص المحتوى في الصفحة رقم 5

Chapter 1 Overview RSA Security Inc. and Intel Corporation have teamed to provide C programmers ® access to the Intel Random Number Generator via the RSA BSAFE Crypto-C interface. Intel Hardware Security Features ® The Intel hardware security features are intended to provide a hardware infrastructure for cryptographic functions, such as random number generation. Version 1.0 of the hardware security features includes the Intel Random Number Generator (RNG), dedicated hardware that harnesses

ملخص المحتوى في الصفحة رقم 6

How This Book Is Organized certain features in their BSAFE Crypto-C software applications. How This Book Is Organized The audience for this document is application programmers who are familiar with Crypto-C and who wish to benefit from Intel’s hardware security features in a Crypto-C application. The following topics are covered: • Chapter 1, “Overview” (this chapter) gives an overview of the Intel hardware security features and the Crypto-C hardware interface. • Chapter 2, “Using Intel Hardw

ملخص المحتوى في الصفحة رقم 7

Overview of a Crypto-C Hardware Application Overview of a Crypto-C Hardware Application Creating a Crypto-C application that can use Intel’s security hardware features is similar to creating any Crypto-C application. If you are not familiar with Crypto-C, you may wish to consult the introductory example in Chapter 1 of the Crypto-C User’s Guide. For an application that will use hardware, the following differences should be noted: Additional algorithm info types (AIs). Crypto-C provides some

ملخص المحتوى في الصفحة رقم 8

The Six-Step Sequence The Six-Step Sequence The model for building a hardware-aware application with Crypto-C is similar to the six-step model described in Chapter 1 of the Crypto-C User’s Manual. The differences are as follows: 1. Create: At this point you may want to create the session chooser that will be used in Step 3. 2. Set 3. Init: In this step, you must pass a modified chooser, the session chooser, to your initialization function. (The session chooser must be created earlier, but is

ملخص المحتوى في الصفحة رقم 9

Chapter 2 Using Intel Hardware With Crypto-C Crypto-C uses the RSA BSAFE Hardware API (BHAPI) to access the Intel hardware security features. In order to use this interface, you need to match the appropriate Crypto-C and Intel algorithm methods via a session chooser. In addition, your application must be linked with the SEC32IPI.lib library that comes with the security driver provided by Intel. See Appendix C, “Redistributing the Intel Security Driver” for instructions on installing the Int

ملخص المحتوى في الصفحة رقم 10

Algorithm Methods capabilities. The AMs required to support the Intel security hardware are included as part of Crypto-C. As with all algorithm methods, the hardware-compatible AMs in Crypto-C are only available for certain algorithm info types (AIs). The AIs in Crypto-C offer differing levels of support for hardware, as follows: • Crypto-C AIs that support hardware only, such as AI_HW_Random. For these AIs, the hardware-compatible AMs are listed in the Crypto-C Library Reference Manual as

ملخص المحتوى في الصفحة رقم 11

The Session Chooser The Session Chooser Any Crypto-C application which uses hardware requires your application to declare two choosers: • The baseline software chooser, such as the one that is used in any Crypto-C application. This chooser must be modified to include the generic Crypto-C hardware methods that support the desired hardware. • The hardware chooser, that lists the manufacturer-specific hardware methods that can be used. This chooser has no analogue in a software-only applicatio

ملخص المحتوى في الصفحة رقم 12

The Session Chooser Creating the Hardware Chooser A hardware chooser is a list of manufacturer-supplied HW_TABLE_ENTRYs. Each entry defines the necessary code for accessing the specified piece of hardware. In the case of the Intel hardware random generator, use HW_INTEL_RANDOM. If you wish, the hardware chooser can contain several HW_TABLE_ENTRYs, possibly supplied by different manufacturers, that all correspond to the same AM in the software chooser. If more than one hardware method can be

ملخص المحتوى في الصفحة رقم 13

Hardware Availability make the actual Crypto-C function call during the Crypto-C Init step, for example, as the chooser argument to B_RandomInit. Hardware Availability When you specify a specific hardware device via a manufacturer-specific AM, such as HW_INTEL_RANDOM, the application will verify that the hardware is present during the call to B_CreateSessionChooser. If the hardware is not present, Crypto-C will return an error. For some AMs, Crypto-C will default to a software implementation

ملخص المحتوى في الصفحة رقم 14

Hardware Errors Hardware Errors If the hardware fails, Crypto-C will return an error of BE_HARDWARE or BE_NOT_SUPPORTED. BE_HARDWARE indicates that the Intel primitive has returned an error. This error can be retrieved using B_GetExtendedErrorInfo (described in the Crypto-C Library Reference Manual), as shown below. In this example, randomAlgorithm is an algorithm that has been created to retrieve a seed from the Intel Random Number Generator. The data returned in the data field of errorDat

ملخص المحتوى في الصفحة رقم 15

Hardware Errors A_RSA_EXTENDED_ERROR This Crypto-C structure is defined specifically for retrieving Intel error codes. It is defined as follows: typedef struct { UINT4 errorCode; char errorMsg[128]; } A_RSA_EXTENDED_ERROR Definitions: errorCode The error code returned by the Intel hardware. errorMsg A NULL-terminated description of the error provided by Crypto-C. Chapter 2 Using Intel Hardware With Crypto-C 11

ملخص المحتوى في الصفحة رقم 16

Hardware Errors 12 RSA BSAFE Crypto -C In tel Hardwa re Us er’s Guid e

ملخص المحتوى في الصفحة رقم 17

Chapter 3 Using the Intel Random Number Generator This chapter gives some background on random number generators and shows how to use the Intel Random Number Generator (RNG) with a Crypto-C application. Random Numbers All cryptosystems, whether secret-key systems like DES or public-key systems like RSA encryption, need a good source of cryptographic random numbers. The random numbers are used to generate input such as keys and initialization vectors. A good random number source should produ

ملخص المحتوى في الصفحة رقم 18

Random Numbers The Intel Random Number Generator The Intel Random Number Generator is dedicated hardware that harnesses system thermal noise to generate random values. The generator is free-running, accumulating random bits of data until a 32-bit buffer is filled. Whitening Hardware Results The bits the Intel RNG supplies to the application have been whitened by the hardware; that is, a post-processing algorithm has been applied to reduce patterns in the hardware bits and make them less pred

ملخص المحتوى في الصفحة رقم 19

Random Numbers Pseudo-Random Number Generators (PRNGs) Crypto-C provides several pseudo-random number generators that can be seeded via the Intel RNG and used to generate random numbers. The PRNGs in Crypto-C satisfy mathematical tests that measure randomness and are considered cryptographically secure. The Intel RNG can be used to provide a quick, secure seed to a PRNG. Once a PRNG has been seeded, it produces output up to ten thousand times faster than a hardware random number generator.

ملخص المحتوى في الصفحة رقم 20

Generating Random Numbers Generating Random Numbers This example demonstrates how to use the Intel Hardware Random Number Generator to seed a software-based pseudo-random number generator (PRNG). To generate random numbers, do the following: 1. Use the Intel Random Number Generator to generate a random seed. In general, you should use a seed that is at least 256 bits long. 2. Seed a pseudo-random number generator with the random value that you retrieved in the first step. Once you have provi