RSA Security 5 manual AIPKCSOAEPRecodeBER

AI_PKCS_OAEPRecodeBER

AI_PKCS_OAEPRecodeBER

Purpose:

This AI is similar to AI_PKCS_OAEPRecode except that it uses the ASN.1 BER format. This AI allows you to parse and create ASN.1 algorithm identifiers such as those used in PKCS #7 and other protocols. You call B_SetAlgorithmInfo to initialize an algorithm object from the encoded algorithm identifier that includes the hash function, mask generator function, and P source function. You call B_GetAlgorithmInfo with this AI to create an encoded algorithm identifier from an algorithm object that was created using AI_PKCS_OAEPRecode or AI_PKCS_OAEPRecodeBER. The OID for the RSA OAEP encryption, excluding the tag and length bytes, in decimal, is “42, 134, 72, 134, 247, 13, 1, 1, 7”. The OID for the mask function, excluding the tag and length bytes, in decimal, is “42, 134, 72, 134, 247, 13, 1, 1, 8”. The OID for the P source function, excluding the tag and length bytes, in decimal, is “42, 134, 72, 134, 247, 13, 1, 1, 9”. Also see AI_PKCS_OAEPRecode.

Type of information this allows you to use:

OAEP message padding as defined in PKCS #1 v2.0. When encoding, this algorithm encodes the data according to the definition of EME-OAEP-Encode as specified in PKCS #1 v2.0. When decoding, this algorithm decodes the data according to the definition of EME-OAEP-Decode.

This permits the use of raw or hardware-based RSA encryption with the PKCS #1 v2.0 flavor of Optimal Asymmetric Encryption Padding.

Format of info supplied to B_SetAlgorithmInfo:

pointer to an ITEM structure that gives the address and length of the BER-encoded algorithm identifier. The encoding is converted to DER before it is copied to the algorithm object. B_SetAlgorithmInfo returns BE_WRONG_ALGORITHM_INFO if the algorithm identifier specifies an algorithm other than RSAES-OAEP Encryption as specified by PKCS #1 v2.0.

The general ASN.1 syntax for RSAES-OAEP is complicated. The simple DER