|
| Purpose: | Type of information this | |||||
Describes the AI, what it is | allows you to use: | |||||||
with algorithm object: | for, what it does, and how it | Describes the type of | ||||||
Describes which | relates to similar AIs. | algorithm and parameters | ||||||
procedures to use. Most |
|
|
|
| you can use with the | |||
algorithms employ Init, Update, |
|
|
|
| algorithm info type | |||
and Final steps. For example, |
|
|
|
|
|
|
| |
AI_MD5, an MD5 message |
|
|
|
|
|
|
| |
algorithm, uses B_DigestInit, |
|
|
|
|
|
|
| |
B_DigestUpdate, and |
|
|
|
|
|
|
| |
|
|
|
|
|
|
| ||
B_DigestFinal. |
|
|
|
|
|
|
| |
|
|
|
|
| AI_PKCS_RSAPrivate |
|
|
|
|
|
|
|
| Purpose: |
|
|
|
|
|
|
|
| This AI allows you to decrypt data using the RSA |
| ||
|
|
|
|
| the OAEP padding scheme defined in PKCS #1 v2.0. |
| ||
|
|
|
|
| Type of information this allows you to use: |
| ||
Algorithm methods to |
|
|
| the RSA algorithm for performing private key encryption as defined in |
| |||
|
|
| PKCS #1. When encrypting, this algorithm encodes the data according to |
| ||||
include in application’s |
|
|
| block type 01. When decrypting, this algorithm decodes the data from a |
| |||
|
|
| block type 02. |
|
|
| ||
algorithm chooser: |
|
|
| Format of info supplied to B_SetAlgorithmInfo: |
| |||
Describes which algorithm |
|
|
| NULL_PTR. |
|
|
| |
|
|
| Format of info returned by B_GetAlgorithmInfo: |
| ||||
methods can be used in your |
|
|
|
| ||||
|
|
| NULL_PTR. |
|
|
| ||
algorithm chooser. |
|
|
|
|
| |||
|
|
|
|
| B_EncryptInit, B_EncryptUpdate, B_EncryptFinal, and B_DecryptInit, |
| ||
|
|
|
|
| B_DecryptUpdate, and B_DecryptFinal. You may pass |
| ||
|
|
|
|
| (B_ALGORITHM_OBJ)NULL_PTR for all randomAlgorithm arguments. |
| ||
|
|
|
|
| Algorithm methods to include in application’s algorithm chooser: |
| ||
|
|
|
|
| AM_RSA_CRT_ENCRYPT or AM_RSA_CRT_ENCRYPT_BLIND for encrypting, or |
| ||
|
|
|
|
| AM_RSA_CRT_DECRYPT or AM_RSA_CRT_DECRYPT_BLIND for decrypting. |
| ||
|
|
|
|
| AM_RSA_CRT_ENCRYPT_BLIND and AM_RSA_CRT_DECRYPT_BLIND will perform |
| ||
|
|
|
|
| blinding to protect against timing attacks and AM_RSA_CRT_ENCRYPT and |
| ||
|
|
|
|
| AM_RSA_CRT_DECRYPT will not. |
|
|
|
|
|
|
|
| Key info types for keyObject in B_EncryptInit or B_DecryptInit: |
| ||
Key info types for |
|
|
| KI_RSA_CRT, KI_PKCS_RSAPrivate, KI_PKCS_RSAPrivateBER or |
| |||
|
|
| KI_RSAPrivateBSAFE1. |
|
|
| ||
keyObject: |
|
|
|
| Compatible representation: |
|
|
|
For algorithms which need a |
|
|
| AI_PKCS_RSAPrivateBER, AI_PKCS_RSAPrivatePEM. |
| |||
|
|
| Input constraints: |
|
|
| ||
key object, such as encryption |
|
|
| The total number of bytes to encrypt may not be more than k – 11, where k is |
| |||
and signature algorithms, |
|
|
| the key’s modulus size in bytes. |
|
|
| |
describes which KI key info |
|
|
| Output considerations: |
|
|
| |
|
|
| The output of encryption will be the same size as the key’s modulus. |
| ||||
type to use when setting the |
|
|
|
| ||||
|
|
|
|
|
|
| ||
key object. |
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
Format of info supplied to B_SetAlgorithmInfo:
Describes the exact format for supplying the algorithm parameters to B_SetAlgorithmInfo. Some algorithms, such as AI_RC4, do not have parameters; in this case, this entry will specify NULL_PTR.
Format of info returned by B_GetAlgorithmInfo:
Describes the exact format that B_GetAlgorithmInfo returns for the algorithm parameters. This is generally a “cleaned up” version of the format supplied to B_SetAlgorithmInfo. For example, B_GetAlgorithmInfo with AI_RSAKeyGen returns the public exponent with the leading zeros stripped off.
Compatible representation:
Some algorithms have multiple representations for the algorithm parameters: for example,
Input constraints:
Describes any constraints on the total number of input bytes passed to the update procedure.
Output considerations:
Describes how much space will be required for output buffers. For those AIs without this category, the output buffer should be the same size as the input buffer.
representation is different. These are called “compatible representations”.
Figure 2-1 Sample Algorithm Type
1 6 | R S A B S A F E C r y p t o - C L i b r a r y R e f e r e n c e M a n u a l |
