AI_RC4WithMAC_BER

AI_RC4WithMAC_BER

Purpose:

This AI is similar to AI_RC4WithMAC except that it uses the ASN.1 BER format. This AI allows you to parse and create ASN.1 algorithm identifiers such as those used in PKCS #7 and other protocols. You call B_SetAlgorithmInfo to initialize an algorithm object from the encoded algorithm identifier which includes ASN.1 encoding of the B_RC4_WITH_MAC_PARAMS structure defined in the description of AI_RC4WithMAC. You call B_GetAlgorithmInfo with this AI to create an encoded algorithm identifier from an algorithm object that was created using AI_RC4WithMAC or AI_RC4WithMAC_BER. The OID for this algorithm, excluding the tag and length bytes, in decimal is “42, 134,

72, 134, 247, 13, 3, 5”.

Type of information this allows you to use:

the encoding of an algorithm identifier that specifies the RC4 With MAC encryption algorithm.

Format of info supplied to B_SetAlgorithmInfo:

pointer to an ITEM structure that gives the address and length of the BER-encoded algorithm identifier. The encoding is converted to DER before it is copied to the algorithm object. B_SetAlgorithmInfo returns BE_WRONG_ALGORITHM_INFO if the algorithm identifier specifies an algorithm other than RC4.

Format of info returned by B_GetAlgorithmInfo:

pointer to an ITEM structure that gives the address and length of the DER-encoded algorithm identifier.

Crypto-C procedures to use with algorithm object:

B_EncryptInit, B_EncryptUpdate, B_EncryptFinal, B_DecryptInit,

B_DecryptUpdate, and B_DecryptFinal. B_DecryptFinal returns BE_INPUT_DATA if the MAC does not match. You may pass (B_ALGORITHM_OBJ)NULL_PTR for all randomAlgorithm arguments.

Due to the nature of the RC4 algorithm, security is compromised if multiple data blocks are encrypted with the same RC4 key. Therefore, B_EncryptUpdate cannot be

1 9 4

R S A B S A F E C r y p t o - C L i b r a r y R e f e r e n c e M a n u a l

Page 204
Image 204
RSA Security 5 manual AIRC4WithMACBER