OPTIMIZED CRYPTOGRAPHY COMPONENTS FOR CONSTRAINED ENVIRONMENTS RSA BSAFE ® Crypto Kernel Solution Brief
OPTIMIZED CRYPTOGRAPHY COMPONENTS FOR CONSTRAINED ENVIRONMENTSRSA BSAFE® Crypto Kernel
Solution Brief
RSA Solution Brief
RSA BSAFE Crypto Kernel leverages over 20 years of RSA expertise in delivering high-
quality data security toolkits for device and software manufacturers. It is a collection of
high- performance, small code-size cryptographic source code components that help
embedded system developers meet their security requirements by:
– Providing low-level cryptographic APIs which give developers maximum flexibility in their
security implementations,
– Offering high-performance and small code-size implementations of popular
cryptographic algorithms—giving developers many choices to meet constrained device
requirements,
– Delivering broad platform support, with customization services available to optimize for
specific customer platforms,
– Providing assembler-level optimizations for popular processors and
– Offering a wide variety of professional services to help tailor BSAFE components to meet
special requirements.
Designing and developing secure applications has always been a difficult task, especially
for embedded system developers that must code for highly constrained operating
environments. However, improperly secured applications greatly increase the risk of
exposure of sensitive user information, intellectual property or other device information
that could potentially compromise the entire system. Security needs are becoming just as
important as feature enhancements for mobile devices.
Good security requires good design, but how do you achieve good design without greatly
increasing costs and delivery schedules? Designing applications using the RSA BSAFE®
Crypto Kernel allows you to achieve a solid, secure application design without greatly
increasing development time lines or costs. Crypto Kernel offers versions of popular
cryptographic algorithms optimized for both small code size and high performance. This
helps address concerns like preserving battery life and working with the limited system
memory common in embedded environments. And, unlike alternatives such as open
source, RSA BSAFE technology is backed by highly regarded cryptography experts in the
RSA® Professional Services, Worldwide Support and RSA® Laboratories organizations.
EFFICIENT CRYPTOGRAPHY FOR CONSTRAINED ENVIRONMENTS
Persistent protection of your intellectual property and user data requires data security
technology that can be quickly optimized for specific needs. Particularly in constrained
environments, every line of code counts. Developers securing embedded environments
must make calculated trade-offs between code size, performance and interoperability.
However, reducing code size does not mean the sacrifice of effective security
enforcement. Regardless of where sensitive information is ultimately stored, using the
capabilities of RSA BSAFE Crypto Kernel in your application will help provide a persistent
level of protection, lessening the risk of compromise.
RSA solutions are built on open and proven industry standards, many of which have been
developed and championed by RSA. The company has a wide body of knowledge about
potential vulnerabilities and how to address them using standards-based algorithms.
Because of assembly-level optimizations on key processors, Crypto Kernel can provide
developers with algorithm implementations at increased speeds on many popular
platforms. Developers can rely on RSA to be a trusted security expert, enabling them to
stay focused on developing the core functionality users want.
In addition, RSA Professional Services offers application security design assessment
services that can help spot existing vulnerabilities in applications during development,
as well as help make design decisions which avoid problems later. The Professional
Services organization also offers customization services to help with porting to
specialized processors or meeting specific code size and performance requirements
page 2
RSA solutions are built on
open and proven industry
standards, many of which
have been developed and
championed by RSA.
FIPS 140-2 out-of-the-box
ANSI-C support
Limited level of abstraction of cryptography
Uses Crypto Kernel as its engine
ANSI-C support
Very low-level APIs
Optimized for size and performance
RSA
BS
AFE
CRy
pto
-C
MiC
Ro E
dit
ion
RSA
BS
AFE
C
Rypt
o K
ERn
El
Figure 1
RSA Solution Brief
outside the scope of RSA’s pre-built components. Working with RSA to design
applications securely will help establish trust with your users and limit the risk for you
and your customers and partners.
RSA BSAFE Crypto Kernel provides the cryptographic foundation for the RSA BSAFE
security products designed for C/C++ developers. As shown in figure 1, Crypto Kernel is
designed to offer the lowest level cryptographic application programming interfaces. The
RSA BSAFE® Crypto-C Micro Edition (ME) product uses Crypto Kernel as its cryptography
engine and provides a higher level of abstraction of the cryptographic functionality.
RSA BSAFE Crypto Kernel is offered currently as source code through RSA Professional
Services. Your purchase of Crypto Kernel includes a license to algorithm source code for
the chosen processor and operating environment as well as services needed to optimize
the code for your specific constraints. Services are also available for porting to additional
processors and operating systems or for specific optimizations not provided in the pre-
built components. Because of the specialized nature of applications that use Crypto
Kernel, it is custom-supported through Professional Services to ensure the highest level
of service.
RSA BSAFE Crypto Kernel is a collection of cryptographic algorithm implementations
provided as source code (rather than a software library) with a simple API to keep code
size small. Crypto Kernel offers multiple implementations of the same algorithm to allow
developers the flexibility of trading off performance and code size.
Crypto Kernel includes the algorithms most often used by embedded system developers.
These algorithms are a subset of those included in RSA BSAFE Crypto-C Micro Edition
(ME). By design, Crypto Kernel does not offer the smallest algorithm implementations
possible out-of-the-box since this would not meet portability and maintainability goals.
Professional Services are available to further constrain code size of a particular
implementation, if required.
Page 3
Algorithms typES Notes
Ciphers RC4, RC2, RC5, AES, DES, 3DES Modes: ECB, CBC, CFB, OFB, CTR, CCM, XTS, GCM
Digests MD2, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
Modes: HMAC, CBC-MAC
Public key RSA Padding schemes: PKCS#1, PSS, OAEP, and X9.31
Public key DSA
Public key Elliptic curve cryptography (ECC): ECDSA, EC key generation, ECIES
Named pime curves: NIST_P256, NIST_P384, NIST_P521 Named F2M Curves in polynomial and ONB formats: NIST_K283, NIST_B283, NIST_K409, NIST_B409, NIST_K571, NIST_B571
Key derivation function X9.63
Key Exchange Diffie-Hellman, ECDH
Key wrapping AES key wrapping (X9.102, RFC 3394)
Random number generation Elliptic curve deterministic random bit generator (ECDRBG), HMAC DRBG, FIPS 186-2 random
Table 1. Algorithms Supported by RSA BSAFE Crypto Kernel
RSA Solution Brief
CODE STRUCTURE
Platform-specific assembler code is found at the lowest level of Crypto Kernel, the r0
level. At the next level up, the R1 level, is the lowest level of APIs which are made public.
The next level, the R2 level, provides a higher level API such as public key algorithm sign
and verify. And at the R level are functions for allocating memory, benchmarking and
testing (see figure 2).
USING CRYPTO KERNEL
Similar to the interfaces provided by other RSA BSAFE and third-party cryptography
toolkits, to use Crypto Kernel developers first create a “context” (the operation being
performed), supplying a “method” (implementation code). Developers configure the
“context” via “set/get” calls, perform the operation and then cleanup.
Crypto Kernel is built out of a directory tree with make files. If an Integrated Development
Environment (IDE) is being used, a list of all files can be generated which can then be
inserted into the IDE and compiled.
SUPPORTED FEATURES
Algorithms
Crypto Kernel supports the most commonly used ciphers, digests and public key
algorithms. Table 1 lists those supported by the current versions of Crypto Kernel.
For each algorithm, typically four implementations are offered. Not all implementations
are available for every algorithm, so please consult with an RSA sales representative for
details on which are available for your specific needs. The four implementations typically
offered are:
– C/C++ source — for easy portability,
– “Fast” — for the fastest code possible using code switching depending on the CPU, and
typically written in assembler. “Efficient” is another description of this implementation,
since an operation completed quickly saves battery power. With the “fast”
implementation, code size is given little consideration,
– “Small” — an implementation that balances code size and performance in the best
manner possible for a given algorithm and
– “Tiny” — for the smallest code size possible at the expense of performance.
To illustrate the difference a chosen implementation can make, table 2 shows the
performance and size measurements for a Linux ARM, 126MHz XScale, with a gcc
compiler for the “fast” and “small” implementations.
In the case of the SHA-1 digest, using the “small” implementation saves almost 5KB of
code size at about 60% of the performance of the “fast” implementation.
page 4
R2 higher-level API, built on R1 routines
R1 Crypto primitive API routines
R0 low level routines (subject to change)
GEn
ERA
l u
nlA
yERE
d R
ou
tin
ES
Figure 2. Code Structure
Speed (bytes / second) Size (bytes) Size (bytes) Speed (operations/second)
Fast 6,264,000 10,901 10,901 383
Small 3,773,000 6,013 17,331 98
Table 2. Performance and size Measurements for a Linux ARM
SHA-1 Message Digest RSA PKCS#1 Verification
RSA Solution Brief
For the RSA PKCS#1 verification operation, the “small” implementation saves about 4KB
of code size though performs at about one-quarter the speed of the “fast”
implementation.
ASN.1 parsing and memory allocation
Crypto Kernel also includes support for simple ASN.1 parsing, as well as an optional
memory allocation object. If a platform supports a native memory allocator, developers
can compile out all of Crypto Kernel’s memory allocation code to further limit code size.
Crypto Kernel includes five memory allocators:
– the standard UNIX-style memory allocator,
– Win32 heaps — for the Win32 platforms,
– Static — memory is allocated from a supplied memory block. This is especially useful for
threaded applications where there is a different block of memory for each thread and
– Stats — to measure memory usage so that developers can find the maximum memory
used.
In the embedded space, there is a wide range of operating systems. Though Crypto
Kernel supports a number of platforms, many users have requested a platform
unavailable from the above list. In this case, either RSA Professional Services can port
Crypto Kernel to the necessary platform or source code can be provided so that
developers can perform their own porting.
USE CASES
These use cases illustrate how developers have used RSA BSAFE Crypto Kernel software
to develop secure applications for their embedded system environments. These
applications reflect the most common uses of Crypto Kernel.
Secure over-the-air distribution for mobile devices
This manufacturer wanted to provide secure updates to firmware following the Open
Mobile Alliance’s Firmware-Over-the-Air distribution method. To authenticate the firmware
before downloading, the manufacturer needed an implementation of RSA SHA1 signature
verification in less than 30KB. Crypto Kernel was able to meet this demanding size
requirement, something the manufacturer was unable to accomplish with open source
security software or cryptography developed by in-house developers.
Page 5
Unlike open source, RSA
BSAFE technology is
backed by highly regarded
cryptography experts
in the RSA Professional
Services, Worldwide
Support and Laboratories
organizations.
Platform CoMpilER Processor
AIX aixC PowerPC, PowerPC64
Cygwin gcc x86
HP-UX gcc, hpc PA-RISC (1.1, 2.0, 2.0W), IA64 (32-bit and 64-bit)
Linux gcc, icc x86, x86_64, ARM4L, ARM4B, MIPS32, IA64, PowerPC
Solaris gcc, sunc SPARC (v8, v8+, v9), x86, x86_64
Win32 msvs, icc x86, x86_64
Windows CE msvs ARM4L, MIPS32, SH3
VxWorks gcc ARM4L, ARM4B, MIPS32, PowerPC
Table 3. Crypto Kernel Platform Availability
RSA Solution Brief
Entitlement enforcement for mobile applications
This mobile platform vendor included a wide variety of functionalities in their platform
and wanted to be able to turn features on or off depending on the customer’s runtime
license. In addition to needing RSA SHA1 signature verification in less than 30KB, like the
mobile phone customer, the platform OEM also needed SHA-1 hashing in less than 6KB.
Again, Crypto Kernel solved an issue that the internal development team was unable to
solve.
Intellectual property protection
This transportation systems manufacturer wanted to encrypt firmware on their equipment
to protect intellectual property (IP), reducing the risk of reverse engineering of the IP and
preventing device cloning. Crypto Kernel provided the manufacturer with a small
implementation of the AES algorithm to protect the IP on the equipment.
Secure information push
To provide Global Positioning System (GPS) customers with a better user experience, this
GPS device manufacturer wanted to provide the GPS satellite coordinate predictions to
devices more frequently. The prediction data was to be sent as an encrypted payload
when the device was docked, and so both DES and AES encryption needed to be
implemented in under 20KB—a goal met successfully by Crypto Kernel.
Narrowband communication security
This U.S. Department of Defense contractor needed to encrypt data packets from a device
sending information to a receiver via a narrow band communication channel. Because
this security concern was being addressed late in the project, there was less than 5KB
RAM available for the RSA® public key-based encryption APIs. In this case, Crypto
Kernel’s RSA algorithm was optimized for an ultra low-power 16-bit RISC microcontroller—
still meeting the code size constraints.
Digital rights management (DRM)
This consumer device manufacturer was implementing Windows® Media DRM 10 on a
networked music player but, because the device was not using a Microsoft® operating
system, Microsoft was unable to provide much support. The customer wanted small
implementations of RC4®, DES, AES, SHA-1, and RSA® (the algorithms used in Windows
Media DRM) in a small footprint. Crypto Kernel software provided a solution by optimizing
algorithms for the Blackfin processor.
Secure firmware updates
This General Packet Radio Service mobile modem manufacturer wanted to have boot-time
firmware decryption using AES, as well as verification and authentication of microcode
updates with their modem (which used a MIPS32 processor and a low-profile Real-Time
Operating System). Given the constraint of having less than 50KB of memory available,
the internal development team tried to meet the requirements using open source security
software, but was able to reduce the code size to only 100KB with unacceptably slow
performance. Also, the effort of trying to solve the security software concern was
distracting the development team from working on the core product functionality. Crypto
Kernel software solved this customer’s problem in a timely manner, allowing the
development team to refocus their efforts on core development needs.
RSA’s proven solutions help developers meet the challenges of implementing
cryptography in embedded environments. RSA is one of the most respected leaders and
innovators in information security with over 20,000 customers worldwide. A full
complement of professional assessment and customization services, developer support
page 6
RSA Solution Brief
and market-leading products will help you deliver applications that inspire confidence in
your users.
RSA continues to innovate, providing the latest data security mechanisms and standards
through the support of RSA Laboratories, ensuring that you have the most efficient
technology available to secure embedded systems. RSA also continues to invest in third-
party validations of cryptography components through the National Institute for
Standards in Technology FIPS 140 Cryptographic Module Validation Program. RSA has a
deep understanding of the special needs of the embedded market and continues to
invest in highly customizable cryptographic components like Crypto Kernel to meet the
requirements of customers worldwide.
Page 7
Algorithms
RSA Solution Brief page 8
RSA Solution Brief
named curves
Page 9
RSA Solution Brief
supported standards
tls cipher suites
page 10
RSA Solution Brief Page 11
RSA Solution Brief page 12
RSA Solution Brief Page 13
EMC, EMC2, RSA, the RSA logo and BSAFE are registered trademarks or trademarks of EMC Corporation in the United
States and other countries. All other trademarks used herein are the property of their respective owners.
©2007-2011 EMC Corporation. All rights reserved. Published in the USA.
H11924 h9048-cryk-sb-1111
ABOUT RSA
RSA, The Security Division of EMC, is the premier provider of security, risk and
compliance management solutions for business acceleration. RSA helps the world’s
leading organizations succeed by solving their most complex and sensitive security
challenges. These challenges include managing organizational risk, safeguarding
mobile access and collaboration, proving compliance, and securing virtual and cloud
environments.
Combining business-critical controls in identity assurance, encryption & key
management, SIEM, Data Loss Prevention and Fraud Protection with industry leading
eGRC capabilities and robust consulting services, RSA brings visibility and trust to
millions of user identities, the transactions that they perform and the data that is
generated. For more information, please visit www.RSA.com and www.EMC.com.
www.rsa.com