MultiPrime

entry for the AI in use:

B_ALGORITHM_METHOD *SIGN_SAMPLE_CHOOSER[] = { &AM_SHA,

&AM_RSA_CRT_ENCRYPT,

(B_ALGORITHM_METHOD *)NULL_PTR

};

Note: If you want to sign using the blinding technique to thwart timing attacks (see “Timing Attacks and Blinding” on page 95), use AM_RSA_CRT_ENCRYPT_BLIND in the algorithm chooser.

B_SignInit is fast, so it is reasonable to pass a properly cast NULL_PTR for the surrender context:

if ((status = B_SignInit

(digitalSigner, privateKey, SIGN_SAMPLE_CHOOSER, (A_SURRENDER_CTX *)NULL_PTR)) != 0)

break;

Step 4: Update

Digest the data to sign with B_SignUpdate, which is described in Chapter 4 of the Reference Manual. Unless there is an extraordinarily large amount of data (for example, one megabyte), this function is quick and a NULL_PTR for the surrender context should be no problem. Assuming you have your input data and you know its length, your call would be the following:

if ((status = B_SignUpdate (digitalSigner, inputData, inputDataLen, (A_SURRENDER_CTX *)NULL_PTR)) != 0)

break;

Step 5: Final

B_SignUpdate digested the data. Encrypt the digest and output the result to a signature buffer with B_SignFinal. The signature will be the same size as the public modulus, so make sure the output buffer is big enough. The chapter 2 entry of the Reference Manual on AI_SHAWithRSAEncryption states that “You may pass (B_ALGORITHM_OBJ)NULL_PTR for all randomAlgorithm arguments.” This function does not return immediately, so a surrender context can be helpful; for this example use the

C h a p t e r 7 P u b l i c - K e y O p e r a t i o n s

2 3 5

Page 257
Image 257
RSA Security 5.2.2 manual Entry for the AI in use, If status = BSignInit