RSA Security 4.3 manual

RSA BS AFE ® Crypto-C Cryptograph ic Comp onents for C Intel ® Se cu rit y Ha r dwar e User’ s G uide Ve r s i o n 4 . 3[...]

© 1999 RSA SECU RI TY INC. 001-190 01-430-00 1- 000 Copyri ght Notice © 1999 RSA Securi ty Inc. All righ ts re ser v ed. This work contai n s pr opri eta r y informa tion o f RSA Sec urity I nc. Distribut ion is limited t o auth o rized licensees o f RS A Secur ity I nc. Any una uthor i z ed repr o duction or dis tr ibuti on o f t h is doc u me n[...]

iii Contents Ch apt er 1 Overview 1 Inte l Hard ware S ecur ity Fe ature s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 RSA BSA FE Cryp to-C I nterfa ce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 How T his B ook I s Orga ni z e d . . . . . . . . . . . . . . . . . . . . [...]

iv RSA BS AFE Crypto -C I ntel Har dwar e User ’ s Gui de Obt aini ng a R and om Se ed fro m H ardw are . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Ret rievi ng Ha rdw are Er ror Cod es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Gen eratin g R andom Nu mbers in Softw are . . . . .[...]

1 Ch apt er 1 Overview RS A Secu r ity Inc. an d Intel Corpor ation have te ame d to provid e C pro g r amme rs acce s s to the Inte l Random Numb e r Gen erator via the RSA BSAFE ® Crypto -C interface. Inte l Hardwa re Secu ri ty Featu res Th e Int el ® hardware s ecur i ty featur es ar e intended to provide a hardware in f r astruct ure for cr [...]

How This Book Is Organize d 2 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide ce rt ain featu res in th eir BS AFE Crypto -C sof twar e applicat ions. How This Book I s Organ ized Th e audien ce for this doc umen t is applicat io n pro gram m ers who are famili ar wit h Cryp to- C an d wh o wi sh to ben efi t f r om Intel ’s har d wa re sec[...]

Chapte r 1 Ov erview 3 Overvie w of a Cry pto-C Hardw are Appli cat ion Overv iew of a Crypto-C Har dware Appli cation Creat ing a Crypto- C applic atio n that can us e Intel’ s security hardwar e f eatur es is similar to crea ting any Crypt o -C app lication. If you a re not fam iliar w ith Cr ypto-C, you m ay wi sh to c onsul t the intro d uc t[...]

The S ix-Step Sequence 4 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide The S ix-Ste p Sequenc e Th e model fo r buildin g a ha rdwa re-aware applic ation wit h Cry pto-C is similar t o the six -st ep m odel desc ribed in Ch apter 1 of t h e Cr ypto- C Use r ’ s Manua l . Th e differences are as fol l ows : 1. Create: At this poi nt you m [...]

5 Ch apt er 2 Using Intel Hardware With Crypto -C Cr ypto -C use s th e R SA BS AFE Ha rdwa r e AP I (B HAP I ) to acce ss th e Int el h a rdwa re sec uri ty f ea t u re s . I n or d er to us e th is i nt erf a c e, you n e e d to ma tc h th e a p p ro p ri a t e Cryp t o-C and Intel al gorit h m meth ods vi a a se ssi on cho oser. In addit ion, yo[...]

Algo rith m Metho ds 6 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide capabilit ies. The AM s requir ed to su pport the In tel secu rity hardw a re are in cluded as par t of Cr ypto- C . As wi th all algor ithm met hods, th e hardw a re -compa ti ble AMs i n Crypto -C are only availabl e for c ertain algorithm info types ( AIs ). The AIs in [...]

Chapte r 2 Using In tel Hardware With C rypto-C 7 The Se ssion Choo ser The S ession Chooser Any Crypto-C applic ation wh ich uses hardwar e requires you r applicati on to declare two ch oose r s: • Th e baseli ne softwa r e choo ser , such as the on e th at is used in any Cr ypto- C appl ic ation. This ch ooser must b e mod ified to in clud e t [...]

The S ess ion Choos er 8 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide Creating the Hardw are Chooser A ha rd war e ch oo s e r is a lis t o f m an u f a ct u re r -s up p l ie d HW_T ABL E_ENTRY s. E a ch e ntr y def in es the necess ary co de f or acc essi ng the spe cifi ed piece of hard war e. In the ca se of the Int el hardwa re rand o[...]

Chapte r 2 Using In tel Hardware With C rypto-C 9 Hardware A vail abilit y make the actual Crypto-C function call during the Crypto-C Init step, for ex ample, a s the c h o oser a rg u me n t to B_R andomI nit . Ha rd wa re Avai la b il it y When you specify a specific hardware device via a manufacturer-spec ific AM, such as HW_INT EL_ RANDOM , t h[...]

Hardware Err ors 10 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide Ha rd wa re Er ror s If the ha rdwa re fails, C rypto-C w ill ret urn an e rror o f BE_HARDW ARE or BE_NOT_ SUPPORTED . BE_HARDWARE indicates that the Intel p rimit ive ha s returned an er ro r. Th i s er ror ca n be ret riev ed us i ng B_ GetExte nde dError Info (d es cr i b[...]

Chapte r 2 Using In tel Hardware With C rypto-C 11 Hardware Err ors A_R SA_ EXTE NDED _ER ROR Th is Cryp t o-C s tructure is defin ed sp ecifically for r etrievin g Intel er ror cod es. It is defined as follows: Definit ions: errorCode Th e erro r co de r e turn e d by the Inte l h ardware . er rorM sg A NULL -t erminated descripti on of th e error[...]

Hardware Err ors 12 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide[...]

13 Ch apt er 3 Using the Intel R andom N umber Generator This ch apter gi v es s ome b a c k gr ound on rand om numbe r g e nerat ors and shows h ow to us e t h e Intel Ran dom Numbe r Gener at or ( RN G) with a Crypt o-C appli ca tion. Random Nu mbers All cr yptosystem s, whet her se cret-key sys tems l ike DES o r public -key sys tems like RSA en[...]

Rand om Numbers 14 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide The Inte l Rand om Numb er Gen erator The Inte l Rando m Numb e r Gener ator is ded icat ed hard ware th at har nesses sy ste m therm al noise t o gener ate rando m va lues. The g enerat or is fre e- running, accumu lating rando m bits of dat a until a 32-bit buffer is filled.[...]

Chapte r 3 Us ing the Inte l Rando m Number Generato r 15 Random Numb ers Pseudo-Random Number Generators (PR NGs) Crypto-C provides several pseud o-ra ndom n umber generators that can be seeded vi a the I ntel RNG a nd used t o gener ate r an dom numbe rs. The P RNGs i n Crypt o-C sati sf y ma themati cal tests that m easure random ness and ar e c[...]

Genera ting Ra ndom Numbers 16 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide Genera ting Random Numbers This example demonstrates how to use the Int el Hardware Random N umb er Ge nerato r to se ed a soft war e-based p se u do-ran d om number ge n erat or (PRN G). To generate r andom number s , do th e followin g: 1. Use th e Intel R an d o[...]

Chapte r 3 Us ing the Inte l Rando m Number Generato r 17 Generati ng Random Numb ers Step 1: Creat e an Algorithm O bject Th e ne xt task is to creat e the al gorithm objec t. This ob ject w ill contr ol the ra ndom b yte gen e ra tion. Creat ing the objec t only alloc ate s t he memor y neede d for the pr ocess. It does n ot ini tial i ze the o b[...]

Genera ting Ra ndom Numbers 18 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide Step 4: Updat e the Random Object Step 4 is not needed fo r random number seeding in h ardware. Step 5: Gener ate Random By tes Gene rate the rando m bytes f or the seed. In this examp le, you will have the Cr ypt o-C SDK generate se edMax Lengt h ra nd om b ytes ,[...]

Chapte r 3 Us ing the Inte l Rando m Number Generato r 19 Generati ng Random Numb ers Step 6b: Free the Session Chooser Fr ee the se ssi on ch oo ser. It is import ant to fre e th e sessi on choo ser, so th at any ha nd les to h ar dw are an d al loc a ted me mor y a re rele as ed . Retrievin g Hardwa re Error Codes If the hardw are fails or c a nn[...]

Genera ting Ra ndom Numbers 20 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide software. After the seed has been passed to t he sof tware algorithm info type, this is similar to any Cr ypt o-C PRNG implementation. The o nly difference is the fast, truly random, seed o peration. For th is exam ple, yo u will use Crypto- C’s SH A1 P R NG to g[...]

Chapte r 3 Us ing the Inte l Rando m Number Generato r 21 Generati ng Random Numb ers Step 3: Initial ize the Ra ndom Algorithm To i niti ali z e t he ra ndom al gorit h m, y ou mu st pass th e alg or ithm o b ject , the algo r ithm ch ooser, and a sur re n der co n t ext. A s menti oned be f ore, t he algor ithm choo ser does not need to be a sess[...]

Genera ting Ra ndom Numbers 22 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide call would be identic al in a software imple m ent a tion: Step 5: Gener ate Random Numb ers Befo re calling B_Gen erateR andomBy tes , prepare a buffer f or receiving the random byte s. This is a lit tle dif f erent than the soft ware implem entati on . Now you ca[...]

23 Appe ndix A Crypto- C Error Codes Table A-1 lists th e hardware-relate d error v alues returned by Crypto-C. If Crypto-C rec eive s a ha rdwa re-le ve l er ror fro m t he In tel ha rdwa re, C ryp to -C will retu rn BE_HAR DWA RE . T he u nde rly ing Intel e rro r co de c an be re trie ve d usin g t he C ry pto -C B_GetE xte ndedEr rorInfo functi[...]

24 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide[...]

25 Appe ndix B Intel Security H ardware E rror Codes Table B-1 l ists the error val u es returned by the underlying Intel har dw a re. If Crypto-C ret urn s an e rro r of BE_ HARDWAR E , t he u nde r lying Intel er ror co de can b e retr ieved using the Crypto-C function B_GetE xtende dErrorI nfo . T abl e B-1 Intel S ecuri ty Hardw are Error Codes[...]

26 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide[...]

27 Appe ndix C Redistributing t he Intel Security Driver Deter mining That the Fi rmware Hub Is Inst alled on the T arget Sy stem Before installin g the In tel Secur ity Driver , you sh ould ve rify tha t the f irmware h ub is ins tal l e d on th e ta r ge t sy st e m, as fo ll o w s: Opera ting Sy ste m F ir mware Hu b Insta ll atio n Check Mi cr [...]

Redi stribu ting the D river 28 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide Redis t r ibuti ng the Drive r Th e Intel Sec urity D river ca n be redistri buted in two w ays: via a sil ent ins t all (usi ng Inst allShie l d ) or v i a .inf fi l e s. Re dis trib uting v ia a Si le nt Inst all To redist ribut e the Intel Secur ity Driver in y[...]

Appen dix C Red istributing the Intel S ecurity Dr iver 29 Redistri buting the Dri v er Files Inst alled Th e silent ins tall pla ces the driver files in the followi ng locatio ns: Fil e O/S Locat ion De scrip tion ISECD RV . S YS Mi cr osoft Wi ndo w s NT 4.0 w in dowss y st em 32 dri ver s Legac y Micros oft W ind ows NT 4. 0 dr iv er ISECD RV[...]

Redi stribu ting the D river 30 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide Re di s tri b uti ng th e Driv er vi a .i nf Fi le s Instead o f running the InstallSh ield si lent install, described above, you can have the use r i ns tall th e driv e r on the tar get sy st em by do i ng the fol lowi n g. User Instr uctions for Installin g the[...]

Appen dix C Red istributing the Intel S ecurity Dr iver 31 Redistri buting the Dri v er Microsoft Windows 95 1. Copy t he foll o wing files f ro m t he Crypto -C C D to a f l oppy di sk . RED IS TRIB INF Win9 5 IS D_ 95.IN F IS EC DRV.V XD 2. Lo g on to th e ta rg e t sy st e m . 3. Insert the floppy disk y o u creat ed in step 1. 4. Cli ck Star[...]

Redi stribu ting the D river 32 RSA B SAFE Crypto -C Intel H ardwa re User’ s Guide Microsoft Windows 98 1. Copy t he foll o wing files f ro m t he Crypto -C C D to a f l oppy di sk . RE DI STRIB INF WDM IS D_ WDM.I NF IS EC DRV.S YS IS D_ CAT.C AT 2. Lo g on to th e ta rg e t sy st e m . 3. Insert the floppy disk y o u creat ed in step 1. 4. [...]

33 In dex A alg o ri t hm i nf o t y p e 3 AI_HW _Random 6 su pp or t fo r ha rd w a re 6 algor it hm metho d 3 , 5 AM _HW_RA NDO M 6 , 16 ha rd wa re m eth o d co r res po ndin g to 8 h ard wa re- aw are 5 Intel 6 multiple h ardware metho ds and 8 ven dor -spec ific 5 algor it hm objec t 5 B BHAPI 1 , 5 C cho os er Se e hardware choos er , session[...]

34 RSA BSAFE Crypto-C Intel Security Hardware Us er’ s Gui de[...]