Hi People. We now have a working PC running with the IBM 4758 PCI-Crypto card, and a few test programs running. A quick discussion with Martin and Ivan found that we at the very least need something like the following (C-syntax for now)
int getRandomBytes(int count, unsigned char **randomBytes); int setShare(int id, unsigned char *shareValue); int getShare(int id, unsigned char **shareValue); the getRandomBytes operation is a way to get hardware-generated pseudorandom values from the PCI card, and the set/get Share operations can be used to securely store secret shares (encrypting them with a hardware key). There are some issues, so if anyone wish to comment on these (or have additional operations they would like to have in hardware). 1. Memory allocation How is memory to be handled? One way would be to have the caller (the Python code) allocate enough memory to store return values (fx. from getRandomBytes), or perhaps it would be better to let the C code allocate the memoery? How is this usually handled with Python/C? Anyone? Regarding free'ing the memory when done, can Python do this on its own, or will we need to expose some cleanup-handles in the C-module, for free'ing memory allocated earlier in the C code? 2. SSL communication? Ivan mentioned that it would be nice to have the RSA keys used for SSL communication to be stored in hardware. This is also doable, and would likely only require that the SSL software we use supports hardware keys (which software do we use for communication, and does it support hardware keys?) Kind regards Brian Graversen _______________________________________________ viff-devel mailing list (http://viff.dk/) viff-devel@viff.dk http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk
