items2003服务器系统下载

WindowsServer2003EnhancedCryptographicProvider(RSAENH)(WindowsServer2003SP2)FIPS140-2Documentation:SecurityPolicySeptember20,2007AbstractThisdocumentspecifiesthenon-proprietarysecuritypolicyforWindowsServer2003(SP2)EnhancedCryptographicProvider(RSAENH)asdescribedinFIPSPUB140-2.
2TheinformationcontainedinthisdocumentrepresentsthecurrentviewofMicrosoftCorporationontheissuesdiscussedasofthedateofpublication.
BecauseMicrosoftmustrespondtochangingmarketconditions,itshouldnotbeinterpretedtobeacommitmentonthepartofMicrosoft,andMicrosoftcannotguaranteetheaccuracyofanyinformationpresentedafterthedateofpublication.
Thisdocumentisforinformationalpurposesonly.
MICROSOFTMAKESNOWARRANTIES,EXPRESSORIMPLIED,ASTOTHEINFORMATIONINTHISDOCUMENT.
Complyingwithallapplicablecopyrightlawsistheresponsibilityoftheuser.
ThisworkislicensedundertheCreativeCommonsAttribution-NoDerivs-NonCommercialLicense(whichallowsredistributionofthework).
Toviewacopyofthislicense,visithttp://creativecommons.
org/licenses/by-nd-nc/1.
0/orsendalettertoCreativeCommons,559NathanAbbottWay,Stanford,California94305,USA.
Microsoftmayhavepatents,patentapplications,trademarks,copyrights,orotherintellectualpropertyrightscoveringsubjectmatterinthisdocument.
ExceptasexpresslyprovidedinanywrittenlicenseagreementfromMicrosoft,thefurnishingofthisdocumentdoesnotgiveyouanylicensetothesepatents,trademarks,copyrights,orotherintellectualproperty.
Theexamplecompanies,organizations,products,peopleandeventsdepictedhereinarefictitious.
Noassociationwithanyrealcompany,organization,product,personoreventisintendedorshouldbeinferred.
2003MicrosoftCorporation.
Allrightsreserved.
Microsoft,ActiveDirectory,VisualBasic,VisualStudio,Windows,theWindowslogo,WindowsNT,andWindowsServerareeitherregisteredtrademarksortrademarksofMicrosoftCorporationintheUnitedStatesand/orothercountries.
Thenamesofactualcompaniesandproductsmentionedhereinmaybethetrademarksoftheirrespectiveowners.
3CONTENTSINTRODUCTION4SECURITYPOLICY.
5SPECIFICATIONOFROLES.
6SPECIFICATIONOFSERVICES.
7CRYPTOGRAPHICKEYMANAGEMENT13SELF-TESTS15MISCELLANEOUS.
17FORMOREINFORMATION.
204INTRODUCTIONTheMicrosoftCorporation'sWindowsServer2003EnhancedCryptographicProvider(RSAENH)isaFIPS140-2Level1compliant,software-based,cryptographicserviceprovider.
LikeothercryptographicprovidersthatshipwithMicrosoftWindowsServer2003,WindowsServer2003ServicePack1andServicePack2,RSAENHencapsulatesseveraldifferentcryptographicalgorithmsinaneasy-to-usecryptographicmoduleaccessibleviatheMicrosoftCryptoAPI.
SoftwaredeveloperscandynamicallylinktheMicrosoftRSAENHmoduleintotheirapplicationstoprovideFIPS140-2compliantcryptographicsupport.
WindowsServer2003doesnotshipthepreviouslyFIPS-140-1validatedMicrosoftBaseCryptographicProvider(RSABASE)anymore.
ThereisnolossoffunctionalityastheRSABASEfunctionalityhasalwaysbeenasubsetoftheRSAENHfunctionality.
CryptographicBoundaryTheMicrosoftEnhancedCryptographicProvider(RSAENH)consistsofasingledynamically-linkedlibrary(DLL)namedRSAENH.
DLL(Softwareversion5.
2.
3790.
3959[ServicePack2])testedonanx86,x64,andia64processors,whichcomprisesthemoduleslogicalboundary.
ThecryptographicboundaryforRSAENHisdefinedastheenclosureofthecomputersystemonwhichthecryptographicmoduleistobeexecuted.
Thephysicalconfigurationofthemodule,asdefinedinFIPSPUB140-2,isMulti-ChipStandalone.
ItshouldbenotedthattheDataProtectionAPIandCryptographicAPIofMicrosoftWindowsServer2003isnotpartofthemoduleandshouldbeconsideredtobeoutsidetheboundary.
5SECURITYPOLICYRSAENHoperatesunderseveralrulesthatencapsulateitssecuritypolicy.
RSAENHissupportedonWindowsServer2003,WindowsServer2003SP1andSP2.
RSAENHprovidesnouserauthentication;however,itreliesonMicrosoftWindowsServer2003fortheauthenticationofusers.
AlltheservicesprovidedbytheRSAENHDLLareavailabletotheUserandCrypto-officerroles.
KeyscreatedwithinRSAENHbyoneuserarenotaccessibletoanyotheruserviaRSAENH.
RSAENHstoreskeysinthefilesystem,butreliesuponMicrosoftWindowsServer2003fortheencryptionofthekeyspriortostorage.
WhenoperatingthismoduleunderWindowsServer2003SP2,thefollowingalgorithmsareApprovedsecurityfunctionsandcanbeusedinFIPSmode:oFIPS-approvedalgorithms:Triple-DES,AES,SHA-1,SHA-256,SHA-384,SHA-512,HMAC,RSAandFIPS186-2GeneralPurposerandomgenerator.
RSAENHalsoprovidestherequiredself-testsfortheseFIPS-approvedalgorithms.
RSAENHsupportsthefollowingnon-FIPSapprovedalgorithms:X9.
31RSAkey-pairgeneration,DES,RC4,RC2,MD2,MD4,andMD51;andthoughthesealgorithmsmaynotbeusedwhenoperatingthemoduleinFIPSmode,themoduleprovidespower-upself-teststoprovideextrasecurityfornonFIPSusers.
OperatingthemoduleinFIPSApprovedmoderequirestheuseofApprovedalgorithmslistedaboveaswellasApprovedserviceswhichhavenotbeenexcludedbythissecuritypolicy.
1Applicationsmaynotuseanyofthesenon-FIPSalgorithmsiftheyneedtobeFIPSmode.
TooperatethemoduleinaFIPSApprovedmode,applicationsmustonlyuseFIPS-approvedalgorithms.
6SPECIFICATIONOFROLESRSAENHmodulesupportsbothaUserandCryptographicOfficerroles(asdefinedinFIPSPUB140-2).
Bothrolesmayaccessalltheservicesimplementedinthecryptographicmodule.
Whenanapplicationrequeststhecryptomoduletogeneratekeysforauser,thekeysaregenerated,used,anddeletedasrequestedbyapplications.
Therearenoimplicitkeysassociatedwithauser,andeachusermayhavenumerouskeys,bothsignatureandkeyexchange,andthesekeysareseparatefromotherusers'keys.
MaintenanceRolesMaintenancerolesarenotsupportedbyRSAENH.
MultipleConcurrentOperatorsRSAENHisintendedtorunonWindowsServer2003inSingleUserMode.
Whenruninthisconfiguration,multipleconcurrentoperatorsarenotsupported.
BecausethemoduleisaDLL,eachprocessrequestingaccessisprovideditsowninstanceofthemodule.
Assuch,eachprocesshasfullaccesstoallinformationandkeyswithinthemodule.
NotethatnokeysorotherinformationaremaintainedupondetachmentfromtheDLL,thusaninstantiationofthemodulewillonlycontainkeysorinformationthattheprocesshasplacedinthemodule.
DataAccessBecauseanoperatorisprovidedaseparateinstanceofthemodule(aseparateinstantiationoftheDLL),theoperatorhascompleteaccesstoallofthesecuritydataitemswithinthemodule.
7SPECIFICATIONOFSERVICESThefollowinglistcontainsallservicesavailabletoanoperator.
Allservicesareaccessiblebyallroles.
KeyStorageServicesThefollowingfunctionsprovideinterfacestothecryptomodule'skeycontainerfunctions.
PleaseseetheKeyStoragedescriptionundertheCryptographicKeyManagementsectionformoreinformation.
CryptAcquireContextTheCryptAcquireContextfunctionisusedtoacquireaprogrammaticcontexthandletoaparticularkeycontainerviaaparticularcryptographicserviceprovider.
Thisreturnedhandlecanthenbeusedtomakecallstotheselectedcryptographicserviceprovider.
Anysubsequentcallstoacryptographicfunctionneedtoreferencetheacquiredcontexthandle.
Thisfunctionperformstwooperations.
ItfirstattemptstofindacryptographicserviceproviderwiththecharacteristicsdescribedinthedwProvTypeandpszProviderparameters.
Ifthecryptographicserviceproviderisfound,thefunctionattemptstofindakeycontainermatchingthenamespecifiedbythepszContainerparameter.
WiththeappropriatesettingofdwFlags,thisfunctioncanalsocreateanddestroykeycontainers.
IfdwFlagsissettoCRYPT_NEWKEYSET,anewkeycontaineriscreatedwiththenamespecifiedbypszContainer.
IfpszContainerisNULL,akeycontainerwiththedefaultnameiscreated.
IfdwFlagsissettoCRYPT_DELETEKEYSET,ThekeycontainerspecifiedbypszContainerisdeleted.
IfpszContainerisNULL,thekeycontainerwiththedefaultnameisdeleted.
Allkeypairsinthekeycontainerarealsodestroyedandmemoryiszeroized.
Whenthisflagisset,thevaluereturnedinphProvisundefined,andthus,theCryptReleaseContextfunctionneednotbecalledafterwards.
CryptGetProvParamTheCryptGetProvParamfunctionretrievesdatathatgovernstheoperationsoftheprovider.
Thisfunctionmaybeusedtoenumeratekeycontainers,enumeratesupportedalgorithms,andgenerallydeterminecapabilitiesofthecryptographicserviceprovider.
CryptSetProvParamTheCryptSetProvParamfunctioncustomizesvariousaspectsofaprovider'soperations.
Thisfunctionismaybeusedtosetasecuritydescriptoronakeycontainer.
CryptReleaseContextTheCryptReleaseContextfunctionreleasesthehandlereferencedbythehProvparameter.
Afteraproviderhandlehasbeenreleased,itbecomesinvalidandcannotbeusedagain.
Inaddition,keyandhashhandlesassociatedwiththatproviderhandlemaynotbeusedafterCryptReleaseContexthasbeencalled.
8KeyGenerationandExchangeServicesThefollowingfunctionsprovideinterfacestothecryptomodule'skeygenerationandexchangefunctions.
Note:onlyFIPSapprovedPRNGareusedforalltheKeygenerationoperationsCryptDeriveKeyTheCryptDeriveKeyfunctioncreatescryptographicsessionkeysfromahashvalue.
Thisfunctionguaranteesthatwhenthesamecryptographicserviceproviderandalgorithmsareused,thekeyscreatedfromthesamehashvalueareidentical.
Thehashvalueistypicallyacryptographichash(SHA-1mustbeusedwhenoperatinginFIPS-mode)ofapasswordorsimilarsecretuserdata.
ThisfunctionisthesameasCryptGenKey,exceptthatthegeneratedsessionkeysarecreatedfromthehashvalueinsteadofbeingrandomandCryptDeriveKeycanonlybeusedtocreatesessionkeys.
Thisfunctioncannotbeusedtocreatepublic/privatekeypairs.
IfkeysarebeingderivedfromaCALG_SCHANNEL_MASTER_HASH,thentheappropriatekeyderivationprocessisusedtoderivethekey.
InthiscasetheprocessusedisfromeithertheSSL2.
0,SSL3.
0,PCTorTLSspecificationofderivingclientandserversideencryptionandMACkeys.
Thisfunctionwillcausethekeyblocktobederivedfromthemastersecretandtherequestedkeyisthenderivedfromthekeyblock.
Whichprocessisusedisdeterminedbywhichprotocolisassociatedwiththehashobject.
FormoreinformationseetheSSL2.
0,SSL3.
0,PCTandTLSspecifications.
CryptDestroyKeyTheCryptDestroyKeyfunctionreleasesthehandlereferencedbythehKeyparameter.
Afterakeyhandlehasbeenreleased,itbecomesinvalidandcannotbeusedagain.
Ifthehandlereferstoasessionkey,ortoapublickeythathasbeenimportedintothecryptographicserviceproviderthroughCryptImportKey,thisfunctionzeroizesthekeyinmemoryandfreesthememorythatthekeyoccupied.
Theunderlyingpublic/privatekeypair(whichresidesoutsidethecryptomodule)isnotdestroyedbythisfunction.
Onlythehandleisdestroyed.
CryptExportKeyTheCryptExportKeyfunctionexportscryptographickeysfromacryptographicserviceproviderinasecuremannerforkeyarchivalpurposes.
AhandletoaprivateRSAkeytobeexportedmaybepassedtothefunction,andthefunctionreturnsakeyblob.
Thisprivatekeyblobcanbesentoveranonsecuretransportorstoredinanonsecurestoragelocation.
TheprivatekeyblobisuselessuntiltheintendedrecipientusestheCryptImportKeyfunctiononittoimportthekeyintotherecipient'scryptographicserviceprovider.
Keyblobsareexportedeitherinplaintextorencryptedwithasymmetrickey.
IfasymmetrickeyisusedtoencrypttheblobthenahandletotheprivateRSAkeyispassedintothemoduleandthesymmetrickeyreferencedbythehandleisusedtoencrypttheblob.
Anyofthesupportedsymmetriccryptographicalgorithmsmaybeusedtoencrypttheprivatekeyblob(DES,Triple-DES,RC4orRC22).
2NotethatDES,RC2andRC4maynotbeusedwhileoperatingRSAENHinFIPSApprovedmode.
9PublicRSAkeysarealsoexportedusingthisfunction.
AhandletotheRSApublickeyispassedtothefunctionandthepublickeyisexported,alwaysinplaintextasablob.
ThisblobmaythenbeimportedusingtheCryptImportKeyfunction.
SymmetrickeysmayalsobeexportedencryptedwithanRSAkeyusingtheCryptExportKeyfunction.
AhandletothesymmetrickeyandahandletothepublicRSAkeytoencryptwitharepassedtothefunction.
Thefunctionreturnsablob(SIMPLEBLOB)whichistheencryptedsymmetrickey.
Symmetrickeysmayalsobeexportedbywrappingthekeyswithanothersymmetrickey.
ThewrappedkeyisthenexportedasablobandmaybeimportedusingtheCryptImportKeyfunction.
CryptGenKeyTheCryptGenKeyfunctiongeneratesarandomcryptographickey.
AhandletothekeyisreturnedinphKey.
ThishandlecanthenbeusedasneededwithanyCryptoAPIfunctionrequiringakeyhandle.
Thecallingapplicationmustspecifythealgorithmwhencallingthisfunction.
Becausethisalgorithmtypeiskeptbundledwiththekey,theapplicationdoesnotneedtospecifythealgorithmlaterwhentheactualcryptographicoperationsareperformed.
CryptGenRandomTheCryptGenRandomfunctionfillsabufferwithrandombytes.
TherandomnumbergenerationalgorithmistheSHSbasedRNGfromFIPS186.
Duringthefunctioninitialization,aseed,towhichSHA-1isappliedtocreatetheoutputrandom,iscreatedbasedonthecollectionofallthedatalistedintheMiscellaneoussection.
CryptGenRandomacceptscallersupplieddatathroughitsin/outpbBufferparameter.
ThisdataismixedwiththeseedCryptGetKeyParamTheCryptGetKeyParamfunctionretrievesdatathatgovernstheoperationsofakey.
CryptGetUserKeyTheCryptGetUserKeyfunctionretrievesahandleofoneofauser'spublic/privatekeypairs.
CryptImportKeyTheCryptImportKeyfunctiontransfersacryptographickeyfromakeyblobintoacryptographicserviceprovider.
Privatekeysmaybeimportedasblobsandthefunctionwillreturnahandletotheimportedkey.
AsymmetrickeyencryptedwithanRSApublickeyisimportedintotheCryptoImportKeyfunction.
ThefunctionusestheRSAprivatekeyexchangekeytodecrypttheblobandreturnsahandletothesymmetrickey.
10Symmetrickeyswrappedwithothersymmetrickeysmayalsobeimportedusingthisfunction.
Thewrappedkeyblobispassedinalongwithahandletoasymmetrickey,whichthemoduleissupposedtousetounwraptheblob.
Ifthefunctionissuccessfulthenahandletotheunwrappedsymmetrickeyisreturned.
TheCryptImportKeyfunctionrecognizesanewflagCRYPT_IPSEC_HMAC_KEY.
TheflagallowsthecallertosupplytheHMACkeymaterialofsizegreaterthan16bytes.
WithouttheCRYPT_IPSEC_HMAC_KEYflag,theCryptImportKeyfunctionwouldfailwithNTE_BAD_DATAifthecallersuppliestheHMACkeymaterialofsizegreater16bytes.
ForimportingaHMACkey,thecallershouldidentifytheimportedkeyblobasthePLAINTEXTKEYBLOBtypeanduseCALG_RC2asthekeyAlgorithmidentifier.
CryptSetKeyParamTheCryptSetKeyParamfunctioncustomizesvariousaspectsofakey'soperations.
Thisfunctionisusedtosetsession-specificvaluesforsymmetrickeys.
CryptDuplicateKeyTheCryptDuplicateKeyfunctionisusedtoduplicate,makeacopyof,thestateofakeyandreturnsahandletothisnewkey.
TheCryptDestroyKeyfunctionmustbeusedonboththehandletotheoriginalkeyandthenewlyduplicatedkey.
DataEncryptionandDecryptionServicesThefollowingfunctionsprovideinterfacestothecryptomodule'sdataencryptionanddecryptionfunctions.
CryptDecryptTheCryptDecryptfunctiondecryptsdatapreviouslyencryptedusingCryptEncryptfunction.
CryptEncryptTheCryptEncryptfunctionencryptsdata.
ThealgorithmusedtoencryptthedataisdesignatedbythekeyheldbythecryptographicserviceprovidermoduleandisreferencedbythehKeyparameter.
HashingandDigitalSignatureServicesThefollowingfunctionsprovideinterfacestothecryptomodule'shashinganddigitalsignaturefunctions.
11CryptCreateHashTheCryptCreateHashfunctioninitiatesthehashingofastreamofdata.
Itreturnstothecallingapplicationahandletoacryptographicserviceproviderhashobject.
ThishandleisusedinsubsequentcallstoCryptHashDataandCryptHashSessionKeyinordertohashstreamsofdataandsessionkeys.
SHA-1andMD5arethecryptographichashingalgorithmssupported.
Inaddition,aMACusingasymmetrickeyiscreatedwiththiscallandmaybeusedwithanyofthesymmetricblockcipherssupportbythemodule(DES,Triple-DESAES,RC4orRC2).
ForcreatingaHMAChashvalue,thecallerspecifiestheCALG_HMACflagintheAlgidparameter,andtheHMACkeyusingahKeyhandleobtainedfromcallingCryptImportKey.
ACALG_SCHANNEL_MASTER_HASHmaybecreatedwiththiscall.
IfthisisthecasethenahandletooneofthefollowingtypesofkeysmustbepassedinthehKeyparameter,CALG_SSL2_MASTER,CALG_SSL3_MASTER,CALG_PCT1_MASTER,orCALG_TLS1_MASTER.
ThisfunctionwithCALG_SCHANNEL_MASTER_HASHintheALGIDparameterwillcausethederivationofthemastersecretfromthepre-mastersecretassociatedwiththepassedinkeyhandle.
Thiskeyderivationprocessisdoneinthemethodspecifiedintheappropriateprotocolspecification,SSL2.
0,SSL3.
0,PCT1.
0,orTLS.
ThemastersecretisthenassociatedwiththeresultinghashhandleandsessionkeysandMACkeysmaybederivedfromthishashhandle.
Themastersecretmaynotbeexportedorimportedfromthemodule.
ThekeydataassociatedwiththehashhandleiszeroizedwhenCryptDestroyHashiscalled.
CryptDestroyHashTheCryptDestroyHashfunctiondestroysthehashobjectreferencedbythehHashparameter.
Afterahashobjecthasbeendestroyed,itcannolongerbeused.
Whenahashobjectisdestroyed,thecryptomodulezeroizesthememorywithinthemodulewherethehashobjectwasheld.
Thememoryisthenfreed.
IfthehashhandlereferencesaCALG_SCHANNEL_MASTER_HASHkeythen,whenCryptDestroyHashiscalled,theassociatedkeymaterialiszeroizedalso.
AllhashobjectsshouldbedestroyedwiththeCryptDestroyHashfunctionwhentheapplicationisfinishedwiththem.
CryptGetHashParamTheCryptGetHashParamfunctionretrievesdatathatgovernstheoperationsofahashobject.
Theactualhashvaluecanalsoberetrievedbyusingthisfunction.
CryptHashDataTheCryptHashDatafunctionaddsdatatoaspecifiedhashobject.
ThisfunctionandCryptHashSessionKeycanbecalledmultipletimestocomputethehashonlongdatastreamsordiscontinuousdatastreams.
Beforecallingthisfunction,theCryptCreateHashfunctionmustbecalledtocreateahandleofahashobject.
12CryptHashSessionKeyTheCryptHashSessionKeyfunctioncomputesthecryptographichashofakeyobject.
Thisfunctioncanbecalledmultipletimeswiththesamehashhandletocomputethehashofmultiplekeys.
CallstoCryptHashSessionKeycanbeinterspersedwithcallstoCryptHashData.
Beforecallingthisfunction,theCryptCreateHashfunctionmustbecalledtocreatethehandleofahashobject.
CryptSetHashParamTheCryptSetHashParamfunctioncustomizestheoperationsofahashobject.
ForcreatingaHMAChashassociatedwithahashobjectidentifiedthehHashhandle,thecallerusestheCryptSetHashParamfunctionwiththeHP_HMAC_INFOflagtospecifythenecessarySHA-1algorithmusingtheCALG_SHA1flagintheinputHMAC_INFOstructure.
ThereisnoneedforthecallertospecifytheHMACinnerorouterstringsasthecryptographicserviceproviderisusingtheinnerandouterstringvaluesasdocumentedintheDraftFIPSforHMACasitsdefaultvalues.
CryptSignHashTheCryptSignHashfunctionsignsdata.
Becauseallsignaturealgorithmsareasymmetricandthusslow,theCryptoAPIdoesnotallowdatabesigneddirectly.
Instead,dataisfirsthashedandCryptSignHashisusedtosignthehash.
ThecryptomodulesupportssigningwithRSA.
TheX9.
31formatmaybespecifiedbyaflag.
CryptVerifySignatureTheCryptVerifySignaturefunctionverifiesthesignatureofahashobject.
Beforecallingthisfunction,theCryptCreateHashfunctionmustbecalledtocreatethehandleofahashobject.
CryptHashDataorCryptHashSessionKeyisthenusedtoadddataorsessionkeystothehashobject.
ThecryptomodulesupportsverifyingRSAsignatures.
TheX9.
31formatmaybespecifiedbyaflag.
Afterthisfunctionhasbeencompleted,onlyCryptDestroyHashcanbecalledusingthehHashhandle.
CryptDuplicateHashTheCryptDuplicateHashfunctionisusedtoduplicate,makeacopyof,thestateofahashandreturnsahandletothisnewhash.
TheCryptDestroyHashfunctionmustbeusedonboththehandletotheoriginalhashandthenewlyduplicatedhash.
13CRYPTOGRAPHICKEYMANAGEMENTTheRSAENHcryptomodulemanageskeysinthefollowingmanner.
KeyMaterialRSAENHcancreateandusekeysforthefollowingalgorithms:RSASignature,RSAKeyExchange,RC2,RC4,DES,Triple-DES,andAES3.
EachtimeanapplicationlinkswithRSAENH,theDLLisinstantiatedandnokeysexistwithin.
TheuserapplicationisresponsibleforimportingkeysintoRSAENHorusingRSAENH'sfunctionstogeneratekeys.
SeeMSDNLibrary\PlatformSDK\WindowsBaseServices\Security\CryptoAPI2.
0\CryptoAPIReference\CryptoAPIStructures\CryptographyStructuresformoreinformationaboutkeyformatsandstructures.
(MSDNHome>MSDNLibrary>Win32andCOMDevelopment>Security>Cryptography>CryptographyReference>GeneralCryptographyStructures)KeyGenerationRandomkeyscanbegeneratedbycallingtheCryptGenKey()function.
KeyscanalsobecreatedfromknownvaluesviatheCryptDeriveKey()function.
DES,Triple-DES,andAESkeys3aregeneratedfollowingthetechniquesgiveninFIPSPUB186-2,Appendix3,RandomNumberGenerationandinFIPS140-2RNGVSrequirements.
SeeMSDNLibrary\PlatformSDK\WindowsBaseServices\Security\CryptoAPI2.
0\CryptoAPIReference\CryptoAPIFunctions\BaseCryptographyFunctions\KeyGenerationandExchangeFunctionsformoreinformation.
(MSDNHome>MSDNLibrary>Win32andCOMDevelopment>Security>Cryptography>CryptographyReference>KeyGenerationandExchangeFunctions)KeyEntryandOutputKeyscanbebothexportedandimportedoutofandintoRSAENHviaCryptExportKey()andCryptImportKey().
ExportedprivatekeysmaybeencryptedwithasymmetrickeypassedintotheCryptExportKeyfunction.
Anyofthesymmetricalgorithmssupportedbythecryptomodulemaybeusedtoencryptprivatekeysforexport(AES,DES,Triple-DES,RC4orRC23).
Whenprivatekeysaregeneratedorimportedfromarchival,theyarecoveredwiththeMicrosoftWindowsServer2003DataProtectionAPI(DPAPI)andthenoutputtedtothefilesysteminthecoveredform.
Symmetrickeyentryandoutputisdonebyexchangingkeysusingtherecipient'sasymmetricpublickey.
Symmetrickeyentryandoutputmayalsobedonebyexportingasymmetrickeywrappedwithanothersymmetrickey.
SeeMSDNLibrary\PlatformSDK\WindowsBaseServices\Security\CryptoAPI2.
0\CryptoAPIReference\CryptoAPIFunctions\BaseCryptographyFunctions\KeyGenerationandExchangeFunctionsformoreinformation.
(MSDNHome>MSDNLibrary>Win32andCOMDevelopment>Security>Cryptography>Cryptography3NotethatDES,RC2andRC4maynotbeusedwhileoperatingRSAENHinFIPSApprovdemode.
14Reference>KeyGenerationandExchangeFunctions)KeyStorageRSAENHdoesnotprovidepersistentstorageofkeys.
While,itispossibletostorekeysinthefilesystem,thisfunctionalityisoutsidethescopeofthisvalidation.
Thetaskofprotecting(orencrypting)thekeyspriortostorageinthefilesystemisdelegatedtotheDataProtectionAPI(DPAPI)ofMicrosoftWindowsServer2003.
TheDPAPIisaseparatecomponentoftheoperatingsystemthatisoutsidetheboundariesofthecryptomodulebutreliesuponRSAENHforallcryptographicfunctionality.
Thissectiondescribesthisfunctionalityforinformationpurposesonly.
Whenakeycontainerisdeleted,thefileiszeroizedbeforebeingdeleted.
RSAENHoffloadsthekeystorageoperationstotheMicrosoftWindowsServer2003operatingsystem,whichisoutsidethecryptographicboundary.
Becausekeysarenotpersistentlystoredinsidethecryptographicmodule,privatekeysareinsteadencryptedbytheMicrosoftDataProtectionAPI(DPAPI)serviceandstoredintheMicrosoftWindowsServer2003filesystem.
Keysarezeroizedfrommemoryafteruse.
Asanexception,thekeyusedforpowerupself-testingisstoredinthecryptographicmodule.
WhenanoperatorrequestsakeyedcryptographicoperationfromRSAENH,his/herkeysareretrievedfromthefilesystembyRSAENHwiththesupportofDPAPI.
Thereadersmayrefertothetechnicalpaper"WindowsDataProtection"(http://msdn.
microsoft.
com/library/en-us/dnsecure/html/windataprotection-dpapi.
asp)forfurtherdetailofDPAPI.
KeyArchivalRSAENHdoesnotdirectlyarchivecryptographickeys.
Theoperatormaychoosetoexportacryptographickeylabeledasexportable(cf.
"KeyInputandOutput"above),butmanagementofthesecurearchivalofthatkeyistheresponsibilityoftheuser.
KeyDestructionAllkeysaredestroyedandtheirmemorylocationzeroizedwhentheoperatorcallsCryptDestroyKeyonthatkeyhandle.
Privatekeysthatresideoutsidethecryptographicboundary(onesstoredbytheoperatingsysteminencryptedformatintheWindowsServer2003DPAPIsystemportionoftheOS)aredestroyedwhentheoperatorcallsCryptAcquireContextwiththeCRYPT_DELETE_KEYSETflag.
15SELF-TESTSRSAENHprovidesalloftheFIPS140-2requiredself-tests.
Asrequired,themoduleperformssomeofitsself-testsuponpowerupandotherself-testsuponencounteringaspecificcondition(keypairorrandomnumbergeneration).
NotethatRSAENHalsoprovidesself-testsfornon-FIPSapprovedalgorithms,andthoughnotrequired,RSAENHprovidesthesetestsforextrasecurity.
Finally,itshouldbenotedthatnon-FIPSapprovedalgorithmsshouldnotbeusedifoperatingRSAENHinFIPSmode.
Power-upThefollowingFIPS-approvedalgorithmtestsareinitiateduponpower-upTriple-DESECBencrypt/decryptKATTriple-DESCBCencrypt/decryptKATTriple-DES112ECBencrypt/decryptKATTriple-DES112CBCencrypt/decryptKATSHA-1hashKATSHA-256KATSHA-384KATSHA-512KATSHA-1HMAChashKATSHA-256HMAChashKATSHA-384HMAChashKATSHA-512HMAChashKATRSAsign/verifypoweruptestSoftwareintegritytestviaaRSAsignatureverificationoftheDLLimageAES128ECBencrypt/decryptKATAES192ECBencrypt/decryptKATAES256ECBencrypt/decryptKATAES128CBCencrypt/decryptKATAES192CBCencrypt/decryptKATAES256CBCencrypt/decryptKATFIPS186-2GeneralPurposerandomgeneratorThefollowingnon-FIPSapprovedalgorithmspower-uptestsinclude(maynotbeusedinFIPS-mode)DESECBencrypt/decryptKATDESCBCencrypt/decryptKATRC4encrypt/decryptKATRC2CBCencrypt/decryptKATRC2ECBencrypt/decryptKATMD5hashKATConditionalThefollowingareinitiatedatkeygenerationandrandomnumbergenerationrespectively:RSApairwiseconsistencytestContinuousrandomnumbergeneratortest1617MISCELLANEOUSThefollowingitemsaddressrequirementsnotaddressedabove.
CryptographicBypassAcryptographicbypassisnotsupportedinRSAENH.
OperatorAuthenticationRSAENHprovidesnoauthenticationofoperators.
However,theMicrosoftWindowsServer2003operatingsystemuponwhichitrunsdoesprovideauthentication,butthisisoutsideofthescopeofRSAENH'sFIPSvalidation.
TheinformationabouttheauthenticationprovidedbyMicrosoftWindowsServer2003isforinformationalpurposesonly.
MicrosoftWindowsServer2003requiresauthenticationfromatrustedcomputerbase(TCB4)beforeauserisabletoaccesssystemservices.
OnceauserisauthenticatedfromtheTCB,aprocessiscreatedbearingtheoperator'ssecuritytoken.
Allsubsequentprocessesandthreadscreatedbythatoperatorareimplicitlyassignedtheparent's(thustheoperator's)securitytoken.
EveryuserthathasbeenauthenticatedbyMicrosoftWindowsServer2003isnaturallyassignedtheoperatorrolewhenhe/sheaccessesRSAENH.
ModularExpOffloadTheModularExpOffloadfunctionoffloadsmodularexponentiationfromacryptographicserviceprovidertoahardwareaccelerator.
ThecryptographicserviceproviderwillcheckintheregistryforthevalueHKLM\Software\Microsoft\Cryptography\ExpoOffloadthatcanbethenameofaDLL.
ThecryptographicserviceproviderusesLoadLibrarytoloadthatDLLandcallsGetProcAddresstogettheOffloadModExpoentrypointintheDLLspecifiedintheregistry.
Thecryptographicserviceproviderusestheentrypointtoperformallmodularexponentiationsforbothpublicandprivatekeyoperations.
Twochecksaremadebeforeaprivatekeyisoffloaded.
NotethattouseRSAENHinFIPSmode,thisfunctionshouldnotbeused.
OperatingSystemSecurityTheRSAENHcryptomoduleisintendedtorunonWindowsServer2003inSingleUserMode.
Whenanoperatingsystemprocessloadsthecryptomoduleintomemory,thecryptomodulerunsaRSAsignatureonthecryptomodule'sdiskimageofRSAENH.
DLL,excludingtheRSAsignature,checksum,andexportsignatureresources.
ThissignatureiscomparedtothevaluestoredintheRSAsignatureresource.
Initializationwillonlysucceedifthetwovaluesareequal.
Eachoperatingsystemprocesscreatesauniqueinstanceofthecryptomodulethatiswhollydedicatedtothatprocess.
Thecryptomoduleisnotsharedbetweenprocesses.
Eachprocessrequestingaccessisprovideditsowninstanceofthemodule.
Assuch,eachprocess4TheTCBisthepartoftheoperatingsystemthatisdesignedtomeetthesecurityfunctionalrequirementsoftheControlledAccessProtectionProfile,whichcanbefoundat.
Atthistime,WindowsServer2003hasnotbeenevaluated.
18hasfullaccesstoallinformationandkeyswithinthemodule.
NotethatnokeysorotherinformationaremaintainedupondetachmentfromtheDLL,thusaninstantiationofthemodulewillonlycontainkeysorinformationthattheprocesshasplacedinthemodule.
TheCollectionofDataUsedtoCreateaSeedforRandomNumberTheRSAEnhmoduleusestheFIPS186-2generalpurposeapprovedPRNGtogeneratetherandomdatarequiredforsymmetric&asymmetrickeygeneration.
ThePRNGconcatenatesmanydifferentsourcesofinformation(detailedbelow)andtheresultingbytestreamishashedwithSHA-1toproducea20-byteseedvalue.
User-supplieddataTheprocessIDofthecurrentprocessrequestingrandomdataThethreadIDofthecurrentthreadwithintheprocessrequestingrandomdataA32bittickcountsincethesystembootThecurrentlocaldateandtimeThecurrentsystemtimeofdayinformationconsistingoftheboottime,currenttime,timezonebias,timezoneID,boottimebias,andsleeptimebiasThecurrenthardware-platform-dependenthigh-resolutionperformance-countervalueTheinformationaboutthesystem'scurrentusageofbothphysicalandvirtualmemory,andpagefileThelocaldiskinformationincludingthenumbersofsectorspercluster,bytespersector,freeclusters,andclustersthatareavailabletotheuserassociatedwiththecallingthreadAhashoftheenvironmentblockforthecurrentprocessSomehardwareCPU-specificcyclecountersThesystemprocessorperformanceinformationconsistingofIdleProcessTime,IoReadTransferCount,IoWriteTransferCount,IoOtherTransferCount,IoReadOperationCount,IoWriteOperationCount,IoOtherOperationCount,AvailablePages,CommittedPages,CommitLimit,PeakCommitment,PageFaultCount,CopyOnWriteCount,TransitionCount,CacheTransitionCount,DemandZeroCount,PageReadCount,PageReadIoCount,CacheReadCount,CacheIoCount,DirtyPagesWriteCount,DirtyWriteIoCount,MappedPagesWriteCount,MappedWriteIoCount,PagedPoolPages,NonPagedPoolPages,PagedPoolAllocatedspace,PagedPoolFreespace,NonPagedPoolAllocatedspace,NonPagedPoolFreespace,FreeSystempagetableentry,ResidentSystemCodePage,TotalSystemDriverPages,TotalSystemCodePages,NonPagedPoolLookasideHits,PagedPoolLookasideHits,AvailablePagedPoolPages,ResidentSystemCachePage,ResidentPagedPoolPage,ResidentSystemDriverPage,CachemanagerFastReadwithNoWait,CachemanagerFastReadwithWait,CachemanagerFastReadResourceMissed,CachemanagerFastReadNotPossible,CachemanagerFastMemoryDescriptorListReadwithNoWait,CachemanagerFastMemoryDescriptorListReadwithWait,CachemanagerFastMemoryDescriptorListReadResourceMissed,CachemanagerFastMemoryDescriptorListReadNotPossible,CachemanagerMapDatawithNoWait,CachemanagerMapDatawithWait,CachemanagerMapDatawithNoWaitMiss,CachemanagerMapDataWaitMiss,CachemanagerPin-MappedDataCount,CachemanagerPin-ReadwithNoWait,CachemanagerPinReadwithWait,CachemanagerPin-ReadwithNoWaitMiss,CachemanagerPin-ReadWaitMiss,CachemanagerCopy-ReadwithNoWait,CachemanagerCopy-19ReadwithWait,CachemanagerCopy-ReadwithNoWaitMiss,CachemanagerCopy-ReadwithWaitMiss,CachemanagerMemoryDescriptorListReadwithNoWait,CachemanagerMemoryDescriptorListReadwithWait,CachemanagerMemoryDescriptorListReadwithNoWaitMiss,CachemanagerMemoryDescriptorListReadwithWaitMiss,CachemanagerReadAheadIOs,CachemanagerLazy-WriteIOs,CachemanagerLazy-WritePages,CachemanagerDataFlushes,CachemanagerDataPages,ContextSwitches,FirstLevelTranslationbufferFills,SecondLevelTranslationbufferFills,andSystemCallsThesystemexceptioninformationconsistingofAlignmentFixupCount,ExceptionDispatchCount,FloatingEmulationCount,andByteWordEmulationCountThesystemlookasideinformationconsistingofCurrentDepth,MaximumDepth,TotalAllocates,AllocateMisses,TotalFrees,FreeMisses,Type,Tag,andSizeThesysteminterruptinformationconsistingofcontextswitches,deferredprocedurecallcount,deferredprocedurecallrate,timeincrement,deferredprocedurecallbypasscount,andasynchronousprocedurecallbypasscountThesystemprocessinformationconsistingofNextEntryOffset,NumberOfThreads,CreateTime,UserTime,KernelTime,ImageName,BasePriority,UniqueProcessID,InheritedfromUniqueProcessID,HandleCount,SessionID,PageDirectoryBase,PeakVirtualSize,VirtualSize,PageFaultCount,PeakWorkingSetSize,WorkingSetSize,QuotaPeakPagedPoolUsage,QuotaPagedPoolUsage,QuotaPeakNonPagedPoolUsage,QuotaNonPagedPoolUsage,PagefileUsage,PeakPagefileUsage,PrivatePageCount,ReadOperationCount,WriteOperationCount,OtherOperationCount,ReadTransferCount,WriteTransferCount,andOtherTransferCount20FORMOREINFORMATIONForthelatestinformationonWindowsServer2003,checkoutourWorldWideWebsiteathttp://www.
microsoft.
com/windows.
InformationregardingFIPS140-2andFIPS186-2canbefoundontheCMVPwebsiteathttp://csrc.
nist.
gov/cryptval/.