Reference Guide
Chapter 2: Changes in MES 4.2 15
RSA BSAFE Micro Edition Suite 4.4 Migration Guide
Create a Symmetric Key Encryption Object - MES 4.2
int function(R_CR_CTX *ctx, R_SKEY *key, R_ITEM *iv, unsigned
char *data, unsigned int dlen, unsigned char *out, unsigned
int *olen)
{
int ret;
R_CR *ciph = NULL;
ret = R_CR_new(ctx, R_CR_TYPE_CIPHER,
R_CR_ID_AES_128_CBC, R_CR_SUB_ENCRYPT, &ciph);
if (R_ERROR_NONE != ret)
goto end;
ret = R_CR_encrypt_init(ciph, key, iv);
if (R_ERROR_NONE != ret)
goto end;
ret = R_CR_encrypt(ciph, data, dlen, out, olen);
if (R_ERROR_NONE != ret)
goto end;
end:
R_CR_free(ciph);
return ret;
}
Initialization Vector Generation
Initialization Vector (IV) generation for symmetric key encryption is updated for
compliance with the latest FIPS 140-2 implementation guidance (IG A.5).
In MES 4.2, IV generation is updated to operate in one of two ways:
• In regular use, the IV is generated using a pseudo-random number generator
(PRNG). If you use
R_CR_IV_GEN in a resource list, resources for random
number generation, such as
R_CR_RANDOM_GENERATOR, are now required.
Note: If IV generation is used with the AES GCM algorithm, the IV
should be at least 96 bits long. This is the default.
The following code examples show IV generation using a resource list for MES 4.1
and MES 4.2.
Table 1 IV Generation Resource List
MES 4.1.n MES 4.2 - Normal Use
R_RES_LIST list[] =
{
…
R_CR_IV_GEN,
R_CR_DIGEST_SHA256,
…
};
R_RES_LIST list[] =
{
…
R_CR_IV_GEN,
R_CR_RANDOM_GENERATOR,
…
};