Chapter 4 Using Crypto-C 127
System Considerations In Crypto-C
Crypto-C offers padding for the symmetric block-encryption algorithms, which
have no restrictions on the total input length. Padding means that the total length
of the encrypted data can be as many as eight bytes more than the total length of
the input.
Note: For algorithm info types that supply padding, Crypto-C will pad even if the
input is a multiple of the block size. This way, when decrypting, Crypto-C
knows that the last byte is guaranteed to be a pad byte. For AIs that use PKCS
#5 padding, the last byte, when decrypted, will be a number: the number of
pad bytes Crypto-C should strip.
The RSA AlgorithmThe second common input constraint is the RSA algorithm. Recall that this algorithm
uses modular math.
Input constraints
The following input restrictions apply:
•Whenever modular math is used a calculation, the values passed must be less
than the RSA modulus n. For example, if the modulus is 55, the input must be
from zero to 54; the number 57 is invalid.
•For RSA encryption that is PKCS v1.5-compatible, the input to encryption or
decryption must be no more than k – 11 bytes long, where k is the modulus length
in bytes. For example, with a 768-bit modulus, the input can be no more than 85,
or 96 –11, bytes. This is because the padding scheme needs at least an 11-byte area
to work. The output will be the same size as the modulus.
For the most common key sizes, Table 4-20, which follows, shows the maximum
number of bytes you can encrypt using the RSA algorithm with PKCS padding.
Table 4-20 Input Limits for RSA PKCS Encryption
Key Size in Bits
Modulus Length (k) in
Bytes
Maximum Number of Bytes
That Can Be Encrypted (k-11)
512 64 53
768 96 85
1024 128 117
2048 256 245