Pkcs #11: Cryptographic Token Interface Standard rsa laboratories



Download 1.99 Mb.
Page47/50
Date28.01.2017
Size1.99 Mb.
#9297
1   ...   42   43   44   45   46   47   48   49   50

11.31. SET mechanism parameters

  • CK_KEY_WRAP_SET_OAEP_PARAMS; CK_KEY_WRAP_SET_OAEP_PARAMS_PTR


CK_KEY_WRAP_SET_OAEP_PARAMS is a structure that provides the parameters to the CKM_KEY_WRAP_SET_OAEP mechanism. It is defined as follows:

typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {

CK_BYTE bBC;

CK_BYTE_PTR pX;

CK_ULONG ulXLen;

} CK_KEY_WRAP_SET_OAEP_PARAMS;


The fields of the structure have the following meanings:

bBC block contents byte

pX concatenation of hash of plaintext data (if present) and extra data (if present)

ulXLen length in bytes of concatenation of hash of plaintext data (if present) and extra data (if present). 0 if neither is present

CK_KEY_WRAP_SET_OAEP_PARAMS_PTR is a pointer to a CK_KEY_WRAP_SET_OAEP_PARAMS.

11.32. SET mechanisms

11.32.1. OAEP key wrapping for SET


The OAEP key wrapping for SET mechanism, denoted CKM_KEY_WRAP_SET_OAEP, is a mechanism for wrapping and unwrapping a DES key with an RSA key. The hash of some plaintext data and/or some extra data may optionally be wrapped together with the DES key. This mechanism is defined in the SET protocol specifications.

It takes a parameter, a CK_KEY_WRAP_SET_OAEP_PARAMS structure. This structure holds the “Block Contents” byte of the data and the concatenation of the hash of plaintext data (if present) and the extra data to be wrapped (if present). If neither the hash nor the extra data is present, this is indicated by the ulXLen field having the value 0.

When this mechanism is used to unwrap a key, the concatenation of the hash of plaintext data (if present) and the extra data (if present) is returned following the convention described in Section on producing output. Note that if the inputs to C_UnwrapKey are such that the extra data is not returned (e.g., the buffer supplied in the CK_KEY_WRAP_SET_OAEP_PARAMS structure is NULL_PTR), then the unwrapped key object will not be created, either.

Be aware that when this mechanism is used to unwrap a key, the bBC and pX fields of the parameter supplied to the mechanism may be modified.

If an application uses C_UnwrapKey with CKM_KEY_WRAP_SET_OAEP, it may be preferable for it simply to allocate a 128-byte buffer for the concatenation of the hash of plaintext data and the extra data (this concatenation is never larger than 128 bytes), rather than calling C_UnwrapKey twice. Each call of C_UnwrapKey with CKM_KEY_WRAP_SET_OAEP requires an RSA decryption operation to be performed, and this computational overhead can be avoided by this means.

11.33. LYNKS mechanisms

11.33.1. LYNKS key wrapping


The LYNKS key wrapping mechanism, denoted CKM_WRAP_LYNKS, is a mechanism for wrapping and unwrapping secret keys with DES keys. It can wrap any 8-byte secret key, and it produces a 10-byte wrapped key, containing a cryptographic checksum.

It does not have a parameter.

To wrap a 8-byte secret key K with a DES key W, this mechanism performs the following steps:


  1. Initialize two 16-bit integers, sum1 and sum2, to 0.

  2. Loop through the bytes of K from first to last.

  3. Set sum1= sum1+the key byte (treat the key byte as a number in the range 0-255).

  4. Set sum2= sum2+ sum1.

  5. Encrypt K with W in ECB mode, obtaining an encrypted key, E.

  6. Concatenate the last 6 bytes of E with sum2, representing sum2 most-significant bit first. The result is an 8-byte block, T.

  7. Encrypt T with W in ECB mode, obtaining an encrypted checksum, C.

  8. Concatenate E with the last 2 bytes of C to obtain the wrapped key.

When unwrapping a key with this mechanism, if the cryptographic checksum does not check out properly, an error is returned. In addition, if a DES key or CDMF key is unwrapped with this mechanism, the parity bits on the wrapped key must be set appropriately. If they are not set properly, an error is returned.

11.34. SSL mechanism parameters

  • CK_SSL3_RANDOM_DATA


CK_SSL3_RANDOM_DATA is a structure which provides information about the random data of a client and a server in an SSL context. This structure is used by both the CKM_SSL3_MASTER_KEY_DERIVE and the CKM_SSL3_KEY_AND_MAC_DERIVE mechanisms. It is defined as follows:

typedef struct CK_SSL3_RANDOM_DATA {

CK_BYTE_PTR pClientRandom;

CK_ULONG ulClientRandomLen;

CK_BYTE_PTR pServerRandom;

CK_ULONG ulServerRandomLen;

} CK_SSL3_RANDOM_DATA;
The fields of the structure have the following meanings:

pClientRandom pointer to the client’s random data

ulClientRandomLen length in bytes of the client’s random data

pServerRandom pointer to the server’s random data

ulServerRandomLen length in bytes of the server’s random data

  • CK_SSL3_MASTER_KEY_DERIVE_PARAMS; CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR


CK_SSL3_MASTER_KEY_DERIVE_PARAMS is a structure that provides the parameters to the CKM_SSL3_MASTER_KEY_DERIVE mechanism. It is defined as follows:

typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {

CK_SSL3_RANDOM_DATA RandomInfo;

CK_VERSION_PTR pVersion;

} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
The fields of the structure have the following meanings:

RandomInfo client’s and server’s random data information.

pVersion pointer to a CK_VERSION structure which receives the SSL protocol version information

CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR is a pointer to a CK_SSL3_MASTER_KEY_DERIVE_PARAMS.

  • CK_SSL3_KEY_MAT_OUT; CK_SSL3_KEY_MAT_OUT_PTR


CK_SSL3_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:

typedef struct CK_SSL3_KEY_MAT_OUT {

CK_OBJECT_HANDLE hClientMacSecret;

CK_OBJECT_HANDLE hServerMacSecret;

CK_OBJECT_HANDLE hClientKey;

CK_OBJECT_HANDLE hServerKey;

CK_BYTE_PTR pIVClient;

CK_BYTE_PTR pIVServer;

} CK_SSL3_KEY_MAT_OUT;
The fields of the structure have the following meanings:

hClientMacSecret key handle for the resulting Client MAC Secret key

hServerMacSecret key handle for the resulting Server MAC Secret key

hClientKey key handle for the resulting Client Secret key

hServerKey key handle for the resulting Server Secret key

pIVClient pointer to a location which receives the initialization vector (IV) created for the client (if any)

pIVServer pointer to a location which receives the initialization vector (IV) created for the server (if any)

CK_SSL3_KEY_MAT_OUT_PTR is a pointer to a CK_SSL3_KEY_MAT_OUT.

  • CK_SSL3_KEY_MAT_PARAMS; CK_SSL3_KEY_MAT_PARAMS_PTR


CK_SSL3_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:

typedef struct CK_SSL3_KEY_MAT_PARAMS {

CK_ULONG ulMacSizeInBits;

CK_ULONG ulKeySizeInBits;

CK_ULONG ulIVSizeInBits;

CK_BBOOL bIsExport;

CK_SSL3_RANDOM_DATA RandomInfo;

CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;

} CK_SSL3_KEY_MAT_PARAMS;
The fields of the structure have the following meanings:

ulMacSizeInBits the length (in bits) of the MACing keys agreed upon during the protocol handshake phase

ulKeySizeInBits the length (in bits) of the secret keys agreed upon during the protocol handshake phase

ulIVSizeInBits the length (in bits) of the IV agreed upon during the protocol handshake phase. If no IV is required, the length should be set to 0

bIsExport a Boolean value which indicates whether the keys have to be derived for an export version of the protocol

RandomInfo client’s and server’s random data information.

pReturnedKeyMaterial points to a CK_SSL3_KEY_MAT_OUT structures which receives the handles for the keys generated and the IVs

CK_SSL3_KEY_MAT_PARAMS_PTR is a pointer to a CK_SSL3_KEY_MAT_PARAMS.


Download 1.99 Mb.

Share with your friends:
1   ...   42   43   44   45   46   47   48   49   50



The database is protected by copyright ©ininet.org 2024
send message
    Main page
project coordinator