Performing Diffie-Hellman Key Agreement

Format of info returned by B_GetAlgorithmInfo:

pointer to an ITEM structure which gives the address and length of the DER-encoded algorithm identifier.

Crypto-C returns a pointer to where that information resides, not the information. As soon as the object that contains that information is destroyed, the information will no longer be accessible. Therefore, once you get the pointer to that information, copy it into your own buffer:

ITEM *cryptocDHParametersBER;

ITEM myDHParametersBER;

myDHParametersBER.data = NULL_PTR;

if ((status = B_GetAlgorithmInfo

((POINTER *)&cryptocDHParametersBER, myDHParametersObj, AI_DHKeyAgreeBER)) != 0)

break;

myDHParametersBER.len = cryptocDHParametersBER->len; myDHParametersBER.data = T_malloc (myDHParametersBER.len); if ((status = (myDHParametersBER.data == NULL_PTR)) != 0)

break;

T_memcpy (myDHParametersBER.data, cryptocDHParametersBER->data, myDHParametersBER.len);

In summary, generate the parameters, get the algorithm info in BER format with

B_GetAlgorithmInfo and AI_DHKeyAgreeBER, encode the BER data into ASCII format and send it to the Diffie-Hellman key agreement participants.

Note: The conversion into BER or DER is known as BER-encoding or DER- encoding, and the conversion between binary to ASCII is known as encoding and decoding. This may get confusing, but the word encoding without a BER in front of it generally means binary to ASCII. If the encoding is BER- or DER- encoding, the BER or DER should be explicitly stated.

C h a p t e r 7 P u b l i c - K e y O p e r a t i o n s

2 5 5

Page 277
Image 277
RSA Security 5.2.2 manual A p t e r 7 P u b l i c K e y O p e r a t i o n s