Block Ciphers

unsigned char *aesParams

CBC mode requires an initialization vector, so assume that you have the following buffer containing arbitrary bytes to use as the IV. Note that this information must be made available to the entity which decrypts the message. The IV is not secret information and may be sent in the clear with the ciphertext.

#define BLOCK_SIZE 16

unsigned char initVector[BLOCK_SIZE];

Now fill in an A_AES_CBC_PARAMS structure and call B_SetAlgorithmInfo. As noted previously, the only supported value for rc6Params.rounds is 20.

aesParams = (unsigned char *)initVector;

if ((status = B_SetAlgorithmInfo

(AESEncrypter, AI_AES_CBCPad, (POINTER)&aesParams)) != 0)

break;

In this example, you can use AI_AES_CBCPad for PKCS V#5 padding for simplicity. This AI automatically pads the message to be a multiple of the block size, so that you don't have to worry about the length of the data to encrypt.

Note: There is another AI, AI_AES_CBC, which can be used to perform raw AES encryption. However, as is the case when doing raw encryption with any block cipher, the length of the data to encrypt must be a multiple of the block size. In the case of AI_AES_CBC, the length of the data to encrypt must be a multiple of 16 bytes. These AIs for performing raw encryption are useful if you want to use your own padding scheme, instead of PKCS V#5.

Step 3: Init

The next step is to make a call to You will first create a key object,

B_EncryptInit. To do this, you need a key object. and then set the key data.

2 0 2

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Page 224
Image 224
RSA Security 5.2.2 manual Unsigned char *aesParams, #define Blocksize Unsigned char initVectorBLOCKSIZE