AI_PKCS_OAEPRecodeBER

mgf1SHA1Identifier ::= AlgorithmIdentifier { id-mgf1, sha1Identifier }

--This identifier means that P is an empty string, so the digest

--of the empty string appears in the RSA block before masking.

pSpecifiedEmptyIdentifier ::= AlgorithmIdentifier { id-pSpecified, OCTET STRING SIZE (0)

}

Format of info supplied to B_GetAlgorithmInfo:

pointer to an ITEM structure that gives the address and length of the DER-encoded algorithm identifier.

Crypto-C procedures to use with algorithm object:

B_EncodeInit, B_EncodeUpdate, B_EncodeFinal, B_DecodeInit, B_DecodeUpdate, and B_DecodeFinal.

The final call to B_EncodeUpdate does not contain message data. Rather, the trailing call to B_EncodeUpdate is included to pass in a number of random seed bytes for the OAEP encoding process. It is recommended that the caller use AI_X962Random_V0 or AI_SHA1Random to generate hLen bytes initialized with 160 bits of entropy. The default digest algorithm for PKCS #1 v2.0 OAEP is SHA1. SHA1 produces a digest of 20 bytes, so hLen for SHA1 is 20 bytes.

B_Decode_Update does not contain an extra call for seed bytes.

Algorithm methods to include in application's algorithm chooser:

AM_SHA is required for the default pSource digest function and also for the default MGF underlying digest method.

Compatible representation:

AI_PKCS_OAEPRecodeBER.

Input constraints:

The total number of bytes to encode must be at least [(2 * hLen) + 1] bytes long.

1 6 4

R S A B S A F E C r y p t o - C L i b r a r y R e f e r e n c e M a n u a l

Page 174
Image 174
RSA Security 5 manual Format of info supplied to BGetAlgorithmInfo