安全协议与标准03-从Cryptoki到CryptoAPI.ppt

安全协议与标准 linfb 2009 10 PKCS 11andmore Overview APIUsage Session FunctionsSummary FunctionsDetail Example Mechanisms Algorithm Protocol Comparison Implementation GSS API GCS API CDSA MS CAPI DEP Overview Incryptography PKCS 11isoneofthefamilyofstandardscalledPublic KeyCryptographyStandards PKCS publishedbyRSALaboratories Itdefinesaplatform independentAPItocryptographictokens suchasHardwareSecurityModulesandsmartcards ThePKCS 11standardnamestheAPI Cryptoki butisoftenusedtorefertotheAPIaswellasthestandardthatdefinesit Sincethereisn tarealstandardforcryptographictokens thisAPIhasbeendevelopedtobeanabstractionlayerforthegenericcryptographictoken ThePKCS 11APIdefinesmostcommonlyusedcryptographicobjecttypes RSAkeys X 509Certificates DES TripleDESkeys etc andallthefunctionsneededtouse create generate modifyanddeletethoseobjects PKCS 11islargelyadoptedtoaccesssmartcardsandHSMs MostcommercialCertificationAuthoritysoftwareusesPKCS 11toaccesstheCAsigningkeyortoenrollusercertificates Cross platformsoftwarethatneedstousesmartcardsusesPKCS 11 suchasMozillaFirefoxandOpenSSL usinganextension NSS inFirefox pkcs 11v2 20 doc Background Portablecomputingdevicessuchassmartcards PCMCIAcards andsmartdiskettesareidealtoolsforimplementingpublic keycryptography astheyprovideawaytostoretheprivate keycomponentofapublic key private keypairsecurely underthecontrolofasingleuser Withsuchadevice acryptographicapplication ratherthanperformingcryptographicoperationsitself utilizesthedevicetoperformtheoperations withsensitiveinformationsuchasprivatekeysneverbeingrevealed Asmoreapplicationsaredevelopedforpublic keycryptography astandardprogramminginterfaceforthesedevicesbecomesincreasinglyvaluable Thisstandardaddressesthisneed ka MemorycardSmartcardPCMCIA CardBusUSBflashdriveUSBKeyExpressCardPCIExpress 口令之外 口令登录指纹登录智能卡登录登录次数的限制PIN和lock功能SSO 其他生物识别认证技术 抽象 Token TheprimarygoalofCryptokiwasalower levelprogramminginterfacethatabstractsthedetailsofthedevices andpresentstotheapplicationacommonmodelofthecryptographicdevice calleda cryptographictoken orsimply token Atokenisadevicethatstoresobjectsandcanperformcryptographicfunctions cryptoki是token的接口 GeneralCryptokiModel ObjectHierarchy Cryptokidefinesthreeclassesofobject Users ThisversionofCryptokirecognizestwotokenusertypes OnetypeisaSecurityOfficer SO Theothertypeisthenormaluser TheroleoftheSOistoinitializeatokenandtosetthenormaluser sPIN andpossiblytomanipulatesomepublicobjects Onlythenormaluserisallowedaccesstoprivateobjectsonthetoken andthataccessisgrantedonlyafterthenormaluserhasbeenauthenticated Session Cryptokirequiresthatanapplicationopenoneormoresessionswithatokentogainaccesstothetoken sobjectsandfunctions Asessionprovidesalogicalconnectionbetweentheapplicationandthetoken Cryptokisupportsmultiplesessionsonmultipletokens Asessioncanbearead write R W sessionoraread only R O session Sessionevents Sessioneventscausethesessionstatetochange Thefollowingtabledescribestheevents Read OnlySessionStates Read WriteSessionStates AccesstoDifferentTypesObjectsbyDifferentTypesofSessions withfork ConsideraUNIXprocessPwhichbecomesaCryptokiapplicationbycallingC Initialize andthenusesthefork systemcalltocreateachildprocessC ifCneedstouseCryptoki itneedstoperformitsownC Initializecall andthenC Finalizeaftersomeotheroperations ifithasnoneedtouseCryptoki itshouldimmediatelycallC InitializeandthencallC Finalize withmulti thread Cryptokienablesapplicationstoprovideinformationtolibrariessothattheycangiveappropriatesupportformulti threading Inparticular whenanapplicationinitializesaCryptokilibrarywithacalltoC Initialize itcanspecifyoneoffourpossiblemulti threadingbehaviorsforthelibrary SummaryofCryptokiFunctions Slotandtokenanagementfunctions SessionManagementFunctions Objectmanagementfunctions Encryption Decryptionfunctions Messagedigestingfunctions SigningandMACingfunctions FunctionsforverifyingsignaturesandMACs Dual purposecryptographicfunctions Keymanagementfunctions Randomnumbergenerationfunctions ParallelfunctionmanagementFunctions Callbackfunction Functionsdetail CK DEFINE FUNCTION CK RV C Initialize CK VOID PTRpInitArgs CK DEFINE FUNCTION CK RV C Finalize CK VOID PTRpReserved Example CK INFOinfo CK RVrv CK C INITIALIZE ARGSInitArgs InitArgs CreateMutex Mechanisms Algorithm RSA DSA EC D HKEA KeyderivationHMACRC2 RC4 RC5 AES 2 3DES SKIPJACK BATON JUNIPER Blowfish TwofishMD2 MD5 SHA 1 SHA 256 SHA 384 SHA 512 FASTHASH RIPE MDPKCS 5 PKCS 12 LYNKS Mechanisms Protocol SETSSL TLS WTLSCMS ComparisonofCryptokiandotherAPIs GCS APIvs Cryptoki Implementation PKCS 11ProviderPKCS 11Wrapper Implementation openCryptoki Firefox opencryptoki inubuntu NSS OpenSourcePKIProjects NSS JSShttp www mozilla org projects security http www mozilla org projects security pki nss ToimplementALLyoursecurityfeatures NSSincludesaframeworktowhichdevelopersandOEMscancontributepatches suchasassemblercode tooptimizeperformanceontheirplatforms NSS3 xhasbeencertifiedon18platforms NSS ProvenApplicationSecurityArchitecture NSSprovidesacompleteopen sourceimplementationofthecryptolibrariesusedbyAOL RedHat Sun andothercompaniesinavarietyofproducts includingthefollowing TheMozillaclientproducts includingMozillaSuite Firefox andThunderbird TheNetscapebrowsersAOLCommunicatorandAOLInstantMessenger AIM OpensourceclientapplicationssuchasEvolution Gaim andOpenOffice ServerproductsfromRedHat RedHatDirectoryServer RedHatCertificateSystem andthemod nssSSLmodulefortheApachewebserver ServerproductsfromtheSunJavaEnterpriseSystem includingSunJavaSystem SJS WebServer SJSDirectoryServer SJSPortalServer SJSMessagingServer andSJSApplicationServer BuildFirefoxwithNSS WindowsXPVisualStudio6 7 1 8MozillaBuildMozilla FirefoxSourceCode mozilla security nss 制作配置文件 mozconfig 备注行 运行start msvc71 bat make fclient mkbuild耗时编译好的在 ff opt static dist bin绿色版 PKCS 11wrappers SincePKCS 11isacomplexCAPImanywrappersexistthatletthedeveloperusetheAPIfromvariouslanguages PyKCS11 AwrapperforPythonPythonobject orientedwrapperforPKCS11 Cryptoki Java5 0includesawrapperforPKCS 11APIpkcs11 helper AsimpleopensourceCinterfacetohandlePKCS 11tokens Open sourcePKIBook GSS APIbyIETF GenericSecurityServicesApplicationProgrammingInterfaceGSS APIisanapplicationprogramminginterfaceforprogramstoaccesssecurityservices TheGSSAPIisanIETFstandardthataddressestheproblemofmanysimilarbutincompatiblesecurityservicesinusetoday compatibleinterface TheGSSAPI byitself doesnotprovideanysecurity Instead securityservicevendorsprovideGSSAPIimplementationsusuallyintheformoflibrariesinstalledwiththeirsecuritysoftware TheselibrariespresentaGSSAPI compatibleinterfacetoapplicationwriterswhocanwritetheirapplicationtouseonlythevendor independentGSSAPI Ifthesecurityimplementationeverneedsreplacing theapplicationneednotberewritten GSSAPItokens ThedefinitivefeatureofGSSAPIapplicationsistheexchangeofopaquemessages tokens thathidetheimplementationdetailfromthehigherlevelapplication TheclientandserversidesoftheapplicationarewrittentoconveythetokensgiventothembytheirrespectiveGSSAPIimplementations GSSAPItokenscanbesentoveraninsecurenetworkbecausethemechanismsguaranteeinherentmessagesecurity Aftersomenumberoftokenshavebeenexchanged theGSSAPIatbothendsinformtheirlocalapplicationthatasecuritycontexthasbeenestablished securitycontext Onceasecuritycontextisestablished sensitiveapplicationmessagescanbewrapped encrypted bytheGSSAPIforsecurecommunicationbetweenclientandserver TypicalprotectionsguaranteedbyGSSAPIwrappingincludeconfidentiality secrecy andintegrity authenticity TheGSSAPIcanalsoprovidelocalguaranteesabouttheidentityoftheremoteuserorremotehost HistoryoftheGSS API July1991 IETFCommonAuthenticationTechnology CAT WorkingGroupmeetsinAtlanta ledbyJohnLinnSeptember1993 GSSAPIversion1 RFC1508 RFC1509 May1995 WindowsNT3 51released includesSSPIJune1996 KerberosmechanismforGSSAPI RFC1964 January1997 GSSAPIversion2 RFC2078 October1997 SASLpublished includesGSSAPImechanism RFC2222 January2000 GSSAPIversion2update1 RFC2743 RFC2744 August2004 KITTENworkinggroupmeetstocontinueCATactivitiesMay2006 SecureShelluseofGSSAPIstandardised RFC4462 GSS APIinRFC RFC2743TheGenericSecurityServiceAPIVersion2update1RFC2744TheGenericSecurityServiceAPIVersion2 C BindingsRFC1964TheKerberos5GSS APImechanismRFC4121TheKerberos5GSS APImechanism Version2RFC4178TheSimpleandProtectedGSS APINegotiationMechanism SPNEGO RFC2025TheSimplePublic KeyGSS APIMechanism SPKM RFC2847LIPKEY ALowInfrastructurePublicKeyMechanismUsingSPKM Keyconcepts NameAbinarystringthatlabelsasecurityprincipal i e userorserviceprogram seeaccesscontrolandidentity Forexample Kerberosusesnameslikeuser REALMforusersandservice hostname REALMforprograms CredentialsInformationthatprovesanidentity usedbyanentitytoactasthenamedprincipal Credentialstypicallyinvolveasecretcryptographickey ContextThestateofoneendoftheauthenticating authenticatedprotocol Mayprovidemessageprotectionservices whichcanbeusedtocomposeasecurechannel TokensOpaquemessagesexchangedeitheraspartoftheinitialauthenticationprotocol context leveltokens oraspartofaprotectedcommunication per messagetokens MechanismAnunderlyingGSSAPIimplementationthatprovidesactualnames tokensandcredentials KnownmechanismsincludeKerberos NTLM DistributedComputingEnvironment DCE SESAME SPKM LIPKEY Initiator acceptorThepeerthatsendsthefirsttokenistheinitiator theothertheacceptor Generally theclientprogramistheinitiatorwhiletheserveristheacceptor about45procedurecalls Significantonesinclude GSS Acquire cred obtainstheuser sidentityproof oftenasecretcryptographickeyGSS Import name convertsausernameorhostnameintoaformthatidentifiesasecurityentityGSS Init sec context generatesaclienttokentosendtotheserver usuallyachallengeGSS Accept sec context processesatokenfromGSS Init sec contextandcangeneratearesponsetokentoreturnGSS Wrap convertsapplicationdataintoasecuremessagetoken typicallyencrypted GSS Unwrap convertsasecuremessagetokenbackintoapplicationdata Standardize TheGSSAPIhasbeenstandardizedfortheCandJavalanguages LimitationsoftheGSSAPIincludethatitstandardizesonlyauthentication andnotauthorization andthatitassumesaclient serverarchitecture Anticipatingnewsecuritymechanisms theGSSAPIincludesanegotiatingpseudomechanism SPNEGO thatcandiscoverandusenewmechanismsnotpresentwhentheoriginalapplicationwasbuilt GSS Kerberos ThedominantGSSAPImechanismimplementationinuseisKerberos UnliketheGSSAPI theKerberosAPIhasnotbeenstandardizedandvariousexistingimplementationsuseincompatibleAPIs TheGSSAPIallowsKerberosimplementationstobeAPIcompatible GSSAPI成为不同Kerberos的API Implementation JavaGenericSecurityServices JavaGSS API NextGenerationGSS API Kittenworkinggroup nextgenerationGSS APIhttp www ietf org html charters kitten charter htmlTheCommonAuthenticationTechnologyNextGenerationWorkingGroup Kitten willworkonstandardizingextensionsandimprovementstothecoreGSSAPIspecificationandlanguagebindingsthattheIETFbelievesarenecessarybasedonexperienceusingGSSAPIoverthelast10years ExtensionsmaybepublishedasseparatedraftsorincludedinaGSSAPIversion3 Whileversion2oftheGSSAPImaybeclarified nobackwardincompatiblechangeswillbemadetothisversionoftheAPI GCS APIbyX Open GenericCryptographicServiceAPIfromX Open http www opengroup org pubs catalog se htmtoprovidecryptographicservicesinsupportofbothalgorithmunawareandalgorithmawareapplications Assuch theinterfacespecificationisprovidedforusebyprogrammerswhodevelopapplicationsthatrelyoncryptographicservicesandkeymanagementservices API GCS APIimplement theGCS APIisdesignedforcryptographic awareapplicationsGCS APIisnotrecommendedforgeneralapplications CDSA CommonDataSecurityArchitecture CDSA byIntel OpenGrouphttp www opengroup org security l2 cdsa htmCDSA安全体系架构CDSA是一个安全体系架构规范标准说明 解释了CDSA的结构 各模块需要完成的功能 以及各接口的函数名称 调用模式 参数数量和名称 广泛支持 CDSA标准与规范 CommonSecurity CDSAandCSSM Version2 withCorrigenda http www opengroup org publications catalog c914 htmhttp www opengroup org onlinepubs 9690989599 toc pdf maybe 1034pages four layerarchitecture CDSAdefinesahorizontal four layerarchitecture 1 Applications2 Layeredservicesandmiddleware3 CommonSecurityServicesManager CSSM infrastructure4 SecurityServiceProviderModules CDSA 安全体系架构 图 TheCDSAv2 3isorganizedinto15parts 1 TheCDSAarchitecture2 CommonSecurityServicesManager CSSM APIsforcoreservices3 CryptographicServiceProviders CSP 4 TrustPolicyServices TP 5 AuthorizationComputationServices AC 6 CertificateLibraryServices CL 7 DataStorageLibraryServices DL 8 ModuleDirectoryService MDS 9 KeyRecoveryServices KR 10 EmbeddedIntegrityServicesLibrary EISL 11 SignedManifest12 ObjectIdentifiersforCertficateLibraryModules13 ElectiveModuleManager EMM 14 Add inModuleStructureandAdministration15 Appendices Glossary andIndex CDSA优缺点 工业标准 通用性 可扩展性 安全性 单一模式的安全解决方案 不足性能 难以适应小环境 CDSA实现 CDSA实现 TheSecurityForuminX Open opengroup WorkingGroupsAutoComplianceExpertCOAFrameworkCOAReferenceArch EcosystemforSecurityRiskMgmt FAIRSecureEnterprise2 0SecureMobileArch SecurityArch ESA SecurityDesignPatternsSecurityGuidesSecurityStrategySOAandSecurityTrustMgmt Class nUpdate XDAS MS CAPI SoftwarewrittenforMicrosoftWindowsmayusetheplatformspecificMS CAPIAPIinstead MS CAPI TheCryptographicApplicationProgrammingInterface alsoknownvariouslyasCryptoAPI MicrosoftCryptographyAPI orsimplyCAPI isanapplicationprogramminginterfaceincludedwithMicrosoftWindowsoperatingsystemsthatprovidesservicestoenabledeveloperstosecureWindows basedapplicationsusingcryptography Itisasetofdynamically linkedlibrariesthatprovidesanabstractionlayerwhichisolatesprogrammersfromthecodeusedtoencryptthedata CryptoAPIsupportsbothpublic keyandsymmetrickeycryptography Itincludesfunctionalityforencryptinganddecryptingdataandforauthenticationusingdigitalcertificates ItalsoincludesacryptographicallysecurepseudorandomnumbergeneratorfunctionCryptGenRandom CryptoAPIworkswithanumberofCSPs CryptographicServiceProviders installedonthemachine CSPsarethemodulesthatdotheactualworkofencodinganddecodingdatabyperformingthecryptographicfunctions CSP CryptoAPIworkswithanumberofCSPs CryptographicServiceProviders installedonthemachine CSPsarethemodulesthatdotheactualworkofencodinganddecodingdatabyperformingthecryptographicfunctions CSP DLLMS对CSP DLL的签名 CAPI结构图 CAPI例子程序 5003 exeMSDNexample5003 zip改正了一个bug加密 解密一个文件相关CAPI函数CryptAcquireContextCryptReleaseContextCryptEncryptCryptDecrypt CryptographyAPI NextGeneration CNG WindowsVistafeaturesanupdatetotheCryptoAPIknownasCryptographyAPI NextGeneration CNG IthasbetterAPIfactoringtoallowthesamefunctionstoworkusingawiderangeofcryptographicalgorithms andtheinclusionofanumberofneweralgorithmsthatarepartoftheNationalSecurityAgency NSA SuiteB Itisalsoflexible featuringsupportforpluggingincustomcryptographicAPIsintotheCNGruntime CNGworksinbothuserandkernelmode andalsosupportsallofthealgorithmsfromtheCryptoAPI TheMicrosoftproviderthatimplem