The Algorithm Object
8 RSA BSAFE Crypto-C Library Reference Manual
The Algorithm Object
In the above code example, B_EncryptInit, B_EncryptUpdate, and B_EncryptFinal
use an
algorithm object
called
desAlgorithm
. An algorithm object holds information
about an algorithm’s parameters (for example, the DES initialization vector), and
keeps a context during a cryptographic operation (for example, DES encryption).
Before Crypto-C can use an algorithm object, you must create and set it with
B_CreateAlgorithmObject and B_SetAlgorithmInfo.
Every algorithm object that is created by
B_CreateAlgorithmObject must be
destroyed by
B_DestroyAlgorithmObject. For security reasons, when Crypto-C
destroys an algorithm object, it zeroizes (sets to zero) and freezes any sensitive
memory that the object allocated. Note that you can use an algorithm object for either
encryption or decryption, but not for both. You must create separate algorithm objects
to handle each case. Once you set an algorithm, do not reset it. In other words, once
you call
B_SetAlgorithmInfo for a particular algorithm object, do not call it again for
the same object until that object has been destroyed and recreated.
As shown in Chapter 4, page 330,
B_SetAlgorithmInfo has three input arguments,
algorithmObject
,
infoType
, and
info.algorithmObject
is the name of the algorithm
object you are setting.
infoType
is one of the algorithm info types (AIs) listed in
Chapter 2. The AI specifies which algorithm to use, such as DES-CBC, as well as the
format of the actual algorithm information supplied by
info
.
As shown in Chapter 2, page 85, the format of
info
supplied to B_SetAlgorithmInfo
for
AI_FeedbackCipher is a pointer to a B_BLK_CIPHER_W_FEEDBACK_PARAMS structure
that holds the necessary information for the encryption object. This data includes the
encryption method name (
“des”), the feedback method name (“cbc”), and a pointer
to an
ITEM structure that contains the 8 bytes of the initialization vector (
iv
), which
seeds the process. In the preceding example, the data in the
ITEM structure is the
iv
input argument to
EncryptData
.
