RSA Security manual A p t e r 2 a l g o r i t h m I n f o Ty p e s 159

AI_PKCS_OAEPRecode

hashFuncParams.len = 0; hashFuncParams.data = NULL_PTR maskGenFuncParams.len = 0; maskGenFuncParams.data = NULL_PTR maskGenFuncUnderlyingAlgParams.len = 0; maskGenFuncUnderlyingAlgParams.data = NULL_PTR

Failure to properly initialize these parameters may cause errors when they are

implemented in future versions of Crypto-C. In this case, the default parameters for

pSourceParams should be set by the caller as follows:

pSourceParams.len = 0; pSourceParams.data = NULL_PTR;

Format of info supplied to B_GetAlgorithmInfo:

NULL_PTR.

Crypto-C procedures to use with algorithm object:

B_EncodeInit, B_EncodeUpdate, B_EncodeFinal, B_DecodeInit, B_DecodeUpdate, and B_DecodeFinal.

The final call to B_EncodeUpdate does not contain message data. Rather, the trailing call to B_EncodeUpdate is included to pass in a number of random seed bytes for the OAEP encoding process. It is recommended that the caller use AI_X962Random_V0 or AI_SHA1Random to generate hLen bytes initialized with 160 bits of entropy. The default digest algorithm for PKCS #1 v2.0 OAEP is SHA1. SHA1 produces a digest of 20 bytes, so hLen for SHA1 is 20 bytes.

B_Decode_Update does not contain an extra call for seed bytes.

Algorithm methods to include in application's algorithm chooser:

AM_SHA is required for the default pSource digest function and also for the default MGF underlying digest method.