Cryptoki到CryptoAPI安全生产协议与标准管理.ppt

安全协议与标准,linfb2009,10,PKCS#11andmore,OverviewAPIUsage:SessionFunctionsSummaryFunctionsDetail/ExampleMechanisms:Algorithm,ProtocolComparisonImplementationGSS-APIGCS-APICDSAMS-CAPIDEP,Overview,Incryptography,PKCS#11isoneofthefamilyofstandardscalledPublic-KeyCryptographyStandards(PKCS),publishedbyRSALaboratories.Itdefinesaplatform-independentAPItocryptographictokens,suchasHardwareSecurityModulesandsmartcards.(ThePKCS#11standardnamestheAPICryptoki,butisoftenusedtorefertotheAPIaswellasthestandardthatdefinesit.)Sincethereisntarealstandardforcryptographictokens,thisAPIhasbeendevelopedtobeanabstractionlayerforthegenericcryptographictoken.ThePKCS#11APIdefinesmostcommonlyusedcryptographicobjecttypes(RSAkeys,X.509Certificates,DES/TripleDESkeys,etc.)andallthefunctionsneededtouse,create/generate,modifyanddeletethoseobjects.,-,PKCS#11islargelyadoptedtoaccesssmartcardsandHSMs.MostcommercialCertificationAuthoritysoftwareusesPKCS#11toaccesstheCAsigningkeyortoenrollusercertificates.Cross-platformsoftwarethatneedstousesmartcardsusesPKCS#11,suchasMozillaFirefoxandOpenSSL(usinganextension).NSS(inFirefox)“pkcs-11v2-20.doc”,Background,Portablecomputingdevicessuchassmartcards,PCMCIAcards,andsmartdiskettesareidealtoolsforimplementingpublic-keycryptography,astheyprovideawaytostoretheprivate-keycomponentofapublic-key/private-keypairsecurely,underthecontrolofasingleuser.Withsuchadevice,acryptographicapplication,ratherthanperformingcryptographicoperationsitself,utilizesthedevicetoperformtheoperations,withsensitiveinformationsuchasprivatekeysneverbeingrevealed.Asmoreapplicationsaredevelopedforpublic-keycryptography,astandardprogramminginterfaceforthesedevicesbecomesincreasinglyvaluable.Thisstandardaddressesthisneed.,ka,MemorycardSmartcardPCMCIA/CardBusUSBflashdriveUSBKeyExpressCardPCIExpress,口令之外,口令登录指纹登录智能卡登录登录次数的限制PIN和lock功能SSO,其他生物识别认证技术,抽象：Token,TheprimarygoalofCryptokiwasalower-levelprogramminginterfacethatabstractsthedetailsofthedevices,andpresentstotheapplicationacommonmodelofthecryptographicdevice,calleda“cryptographictoken”(orsimply“token”).Atokenisadevicethatstoresobjectsandcanperformcryptographicfunctions.（cryptoki是token的接口）,GeneralCryptokiModel,ObjectHierarchy,Cryptokidefinesthreeclassesofobject,Users,ThisversionofCryptokirecognizestwotokenusertypes.OnetypeisaSecurityOfficer(SO).Theothertypeisthenormaluser.TheroleoftheSOistoinitializeatokenandtosetthenormalusersPIN,andpossiblytomanipulatesomepublicobjects.Onlythenormaluserisallowedaccesstoprivateobjectsonthetoken,andthataccessisgrantedonlyafterthenormaluserhasbeenauthenticated.,Session,Cryptokirequiresthatanapplicationopenoneormoresessionswithatokentogainaccesstothetokensobjectsandfunctions.Asessionprovidesalogicalconnectionbetweentheapplicationandthetoken.Cryptokisupportsmultiplesessionsonmultipletokens.Asessioncanbearead/write(R/W)sessionoraread-only(R/O)session.,Sessionevents,Sessioneventscausethesessionstatetochange.Thefollowingtabledescribestheevents:,Read-OnlySessionStates,Read/WriteSessionStates,AccesstoDifferentTypesObjectsbyDifferentTypesofSessions,withfork(),ConsideraUNIXprocessPwhichbecomesaCryptokiapplicationbycallingC_Initialize,andthenusesthefork()systemcalltocreateachildprocessC.ifCneedstouseCryptoki,itneedstoperformitsownC_Initializecall.(andthenC_Finalizeaftersomeotheroperations)ifithasnoneedtouseCryptoki,itshouldimmediatelycallC_InitializeandthencallC_Finalize.,withmulti-thread,Cryptokienablesapplicationstoprovideinformationtolibrariessothattheycangiveappropriatesupportformulti-threading.Inparticular,whenanapplicationinitializesaCryptokilibrarywithacalltoC_Initialize,itcanspecifyoneoffourpossiblemulti-threadingbehaviorsforthelibrary:,SummaryofCryptokiFunctions,Slotandtokenanagementfunctions,SessionManagementFunctions,Objectmanagementfunctions,Encryption/Decryptionfunctions,Messagedigestingfunctions,SigningandMACingfunctions,FunctionsforverifyingsignaturesandMACs,Dual-purposecryptographicfunctions,Keymanagementfunctions,Randomnumbergenerationfunctions,ParallelfunctionmanagementFunctions,Callbackfunction,Functionsdetail,CK_DEFINE_FUNCTION(CK_RV,C_Initialize)(CK_VOID_PTRpInitArgs);CK_DEFINE_FUNCTION(CK_RV,C_Finalize)(CK_VOID_PTRpReserved);,Example,CK_INFOinfo;CK_RVrv;CK_C_INITIALIZE_ARGSInitArgs;InitArgs.CreateMutex=,Mechanisms:Algorithm,RSA/DSA/EC/D-HKEA/KeyderivationHMACRC2/RC4/RC5/AES/2/3DES/SKIPJACK/BATON/JUNIPER/Blowfish/TwofishMD2/MD5/SHA-1/SHA-256/SHA-384/SHA-512/FASTHASH/RIPE-MDPKCS#5/PKCS#12/LYNKS,Mechanisms:Protocol,SETSSL/TLS/WTLSCMS,ComparisonofCryptokiandotherAPIs:GCS-APIvs.Cryptoki,Implementation,PKCS#11ProviderPKCS#11Wrapper,Implementation,Firefox+opencryptoki,inubuntu,NSS,NSS:ProvenApplicationSecurityArchitecture,NSSprovidesacompleteopen-sourceimplementationofthecryptolibrariesusedbyAOL,RedHat,Sun,andothercompaniesinavarietyofproducts,includingthefollowing:TheMozillaclientproducts,includingMozillaSuite,Firefox,andThunderbird.TheNetscapebrowsersAOLCommunicatorandAOLInstantMessenger(AIM)OpensourceclientapplicationssuchasEvolution,Gaim,andOpenOffice.ServerproductsfromRedHat:RedHatDirectoryServer,RedHatCertificateSystem,andthemod_nssSSLmodulefortheApachewebserver.ServerproductsfromtheSunJavaEnterpriseSystem,includingSunJavaSystem(SJS)WebServer,SJSDirectoryServer,SJSPortalServer,SJSMessagingServer,andSJSApplicationServer.,BuildFirefoxwithNSS,WindowsXPVisualStudio6/7.1/8MozillaBuildMozilla/FirefoxSourceCodemozillasecuritynss制作配置文件.mozconfig（备注行）运行start-msvc71.bat$make-fclient.mkbuild耗时编译好的在.ff-opt-staticdistbin绿色版,PKCS#11wrappers,SincePKCS#11isacomplexCAPImanywrappersexistthatletthedeveloperusetheAPIfromvariouslanguages.PyKCS11-AwrapperforPythonPythonobject-orientedwrapperforPKCS11(Cryptoki)Java5.0includesawrapperforPKCS#11APIpkcs11-helper-AsimpleopensourceCinterfacetohandlePKCS#11tokens.,GSS-APIbyIETF,GenericSecurityServicesApplicationProgrammingInterfaceGSS-APIisanapplicationprogramminginterfaceforprogramstoaccesssecurityservices.TheGSSAPIisanIETFstandardthataddressestheproblemofmanysimilarbutincompatiblesecurityservicesinusetoday.,-compatibleinterface,TheGSSAPI,byitself,doesnotprovideanysecurity.Instead,securityservicevendorsprovideGSSAPIimplementationsusuallyintheformoflibrariesinstalledwiththeirsecuritysoftware.TheselibrariespresentaGSSAPI-compatibleinterfacetoapplicationwriterswhocanwritetheirapplicationtouseonlythevendor-independentGSSAPI.Ifthesecurityimplementationeverneedsreplacing,theapplicationneednotberewritten.,GSSAPItokens,ThedefinitivefeatureofGSSAPIapplicationsistheexchangeofopaquemessages(tokens)thathidetheimplementationdetailfromthehigherlevelapplication.TheclientandserversidesoftheapplicationarewrittentoconveythetokensgiventothembytheirrespectiveGSSAPIimplementations.GSSAPItokenscanbesentoveraninsecurenetworkbecausethemechanismsguaranteeinherentmessagesecurity.Aftersomenumberoftokenshavebeenexchanged,theGSSAPIatbothendsinformtheirlocalapplicationthatasecuritycontexthasbeenestablished.,securitycontext,Onceasecuritycontextisestablished,sensitiveapplicationmessagescanbewrapped(encrypted)bytheGSSAPIforsecurecommunicationbetweenclientandserver.TypicalprotectionsguaranteedbyGSSAPIwrappingincludeconfidentiality(secrecy)andintegrity(authenticity).TheGSSAPIcanalsoprovidelocalguaranteesabouttheidentityoftheremoteuserorremotehost.,HistoryoftheGSS-API,July1991:IETFCommonAuthenticationTechnology(CAT)WorkingGroupmeetsinAtlanta,ledbyJohnLinnSeptember1993:GSSAPIversion1(RFC1508,RFC1509)May1995:WindowsNT3.51released,includesSSPIJune1996:KerberosmechanismforGSSAPI(RFC1964)January1997:GSSAPIversion2(RFC2078)October1997:SASLpublished,includesGSSAPImechanism(RFC2222)January2000:GSSAPIversion2update1(RFC2743,RFC2744)August2004:KITTENworkinggroupmeetstocontinueCATactivitiesMay2006:SecureShelluseofGSSAPIstandardised(RFC4462),GSS-APIinRFC,RFC2743TheGenericSecurityServiceAPIVersion2update1RFC2744TheGenericSecurityServiceAPIVersion2:C-BindingsRFC1964TheKerberos5GSS-APImechanismRFC4121TheKerberos5GSS-APImechanism:Version2RFC4178TheSimpleandProtectedGSS-APINegotiationMechanism(SPNEGO)RFC2025TheSimplePublic-KeyGSS-APIMechanism(SPKM)RFC2847LIPKEY-ALowInfrastructurePublicKeyMechanismUsingSPKM,Keyconcepts,NameAbinarystringthatlabelsasecurityprincipal(i.e.userorserviceprogram)-seeaccesscontrolandidentity.Forexample,KerberosusesnameslikeuserREALMforusersandservice/hostnameREALMforprograms.CredentialsInformationthatprovesanidentity;usedbyanentitytoactasthenamedprincipal.Credentialstypicallyinvolveasecretcryptographickey.ContextThestateofoneendoftheauthenticating/authenticatedprotocol.Mayprovidemessageprotectionservices,whichcanbeusedtocomposeasecurechannel.TokensOpaquemessagesexchangedeitheraspartoftheinitialauthenticationprotocol(context-leveltokens),oraspartofaprotectedcommunication(per-messagetokens)MechanismAnunderlyingGSSAPIimplementationthatprovidesactualnames,tokensandcredentials.KnownmechanismsincludeKerberos,NTLM,DistributedComputingEnvironment(DCE),SESAME,SPKM,LIPKEY.Initiator/acceptorThepeerthatsendsthefirsttokenistheinitiator;theothertheacceptor.Generally,theclientprogramistheinitiatorwhiletheserveristheacceptor.,about45procedurecalls,Significantonesinclude:GSS_Acquire_cred-obtainstheusersidentityproof,oftenasecretcryptographickeyGSS_Import_name-convertsausernameorhostnameintoaformthatidentifiesasecurityentityGSS_Init_sec_context-generatesaclienttokentosendtotheserver,usuallyachallengeGSS_Accept_sec_context-processesatokenfromGSS_Init_sec_contextandcangeneratearesponsetokentoreturnGSS_Wrap-convertsapplicationdataintoasecuremessagetoken(typicallyencrypted)GSS_Unwrap-convertsasecuremessagetokenbackintoapplicationdata,Standardize,TheGSSAPIhasbeenstandardizedfortheCandJavalanguages.LimitationsoftheGSSAPIincludethatitstandardizesonlyauthentication,andnotauthorization,andthatitassumesaclient-serverarchitecture.Anticipatingnewsecuritymechanisms,theGSSAPIincludesanegotiatingpseudomechanism,S