System Considerations In Crypto-C
116 RSA BSAFE Crypto-C Developer’s Guide
System Considerations In Crypto-CAlgorithm Choosers
When you use an AI, it in turn calls one or more algorithm methods. An algorithm
method (or AM) is the underlying code that will actually perform the cryptography.
Because many AIs can perform more than one cryptographic function (for instance,
both encryption and decryption, as with AI_FeedbackCipher), an application will
often have a choice of which underlying cryptographic code to link in. An algorithm
chooser lists all the AMs the application can use. That is, it chooses in advance which
AMs to link in.
Crypto-C comes with a demonstration application containing the algorithm chooser
DEMO_ALGORITHM_CHOOSER. You can use this algorithm chooser in any Crypto-C
application as long as the module that defines it (choosc.c) is compiled and linked in.
However, DEMO_ALGORITHM_CHOOSER will link in all the algorithm methods available,
even though an application may use only two or three. A developer can write an
algorithm chooser tailored for the specific application to make the executable image
smaller.
The section “Defining an Algorithm Chooser” in the Reference Manual says: “An
algorithm chooser is an array of pointers to B_ALGORITHM_METHOD values. The last
element of the array must be (B_ALGORITHM_METHOD *)NULL_PTR.”
From this we see that an algorithm chooser is a pointer to an array. This array
contains pointers to algorithm methods, which are the AMs the application will use.
To determine which AMs to include in your algorithm chooser, you need to know
which AIs you will use in your application. Next, for each AI, find the Chapter 2 entry
in the Reference Manual and look at the AMs listed under the heading “Algorithm
methods to include in application’s algorithm chooser.” Finally, based on how your
application uses the given AI, decide which of those AMs you need to include in your
algorithm chooser.
An Encryption Algorithm Chooser
The section “Introductory Example” on page9 describes a program that encrypted
data and did nothing else. It did not decrypt data, generate random numbers, execute
the Diffie-Hellman key agreement protocols, or use elliptic curve cryptography.
Therefore, the only cryptographic tools the program needed was encryption code.
And the only kind of encryption code it needed was RC4 encryption, not DES, RC2,