EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Creating a custom crypto-provider

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
Posted: 11/05/2008 13:27:33
by Simon Ley (Standard support level)
Joined: 11/05/2008
Posts: 2

Hello there,

i want to extend SBB to make use of the Via Padlock Security Engine, which offers fast AES de/encryption in hardware. So the proper way to do this is by creating my own CryptoProviderClass, but i'm afraid there's very few resources on how to do this.
Looking at the source, SBCryptoProv.pas seems to be my friend and the class i want to inherit is TElCustomCryptoProvider. So far i'm not sure of what to do with e.g. the defined abstract functions for hashes or randomizers - I suppose i only need to override the according functions I really want to implement and make IsAlgorithmSupported() return the correct values and ignore the rest?
looking at the built-in AES cryptoprovider doesn't really help since it's based on a different class.

some sample source code or instructions would be really nice, because i haven't found anything so far that i could relate to.

Thanks in advance,
Posted: 11/06/2008 00:24:20
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

There's no need in implementing your own cryptographic provider from scratch. A good idea is to create a descendant of the built-in cryptographic provider, thus extending it with support for the token-driven encryption.

Please see the implementation of the IDEA module. It is installed in exactly the same way, by creating an extended cryptographic provider on top of the built-in one.
Posted: 11/06/2008 16:01:29
by Simon Ley (Standard support level)
Joined: 11/05/2008
Posts: 2

ok, that seems like a lot less work than my attempt. thank you.

one question though:
The procedure GetDefaultKeyAndBlockLengths() returns the length for key and blocks. In order to get the best performance out of the hardware encryption, i should set BlockLen high enough, since i can pass any amount of data to the hardware. passing only 16 bytes per call would kill the whole performance gain.
But is it safe to return a blocklen of e.g. 16 kb, or might this cause a bottleneck somewhere else in SBB? Any ideas?
Posted: 11/06/2008 16:28:03
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Overriding blocksize for AES can break compatibility with some of SBB modules, because they are using this property directly or indirectly.
To achieve best performance you should override .InternatEncrypt() and .InternalDecrypt() methods of TElBuiltInSymmetricCrypto (instead of EncryptBlock/DecryptBlock, as IDEA does), which deals with large data chunks. Size of that chunks is the multiply of the size of the block.



Topic viewed 1677 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!