Manualshelf

Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Micro Edition Suite
21222324252627282930
Chapter 3: Changes in MES 4.3 19
RSA BSAFE Micro Edition Suite 4.4 Migration Guide
Cryptographic API Changes
Improved ASN.1 AlgorithmIdentifier Handling
MES 4.3 introduces improved support for ASN.1 AlgorithmIdentifier
handling, including:
A new algorithm parameters object (
R_ALG_PARAMS) to represent the
configurable aspects of cryptographic algorithms, and to allow encoding and
decoding of
AlgorithmIdentifier data.
Cryptographic objects can be created from algorithm parameter objects, and
algorithm parameter objects can be created from cryptographic objects, with
configuration data transferred transparently.
For more information about the functions and identifiers for algorithm parameter
objects, see API Reference Information > Algorithm Parameter Operations in the
RSA BSAFE Micro Edition Suite Developers Guide.
Initialization Vector Generation
In MES 4.3 IV generation was extended for the special case of IV generation in AES
GCM for the TLS protocol. In all other cases IV generation is still done using a PRNG.
If IVs are generated for the AES GCM algorithm as part of the TLS protocol, the IV
can be generated deterministically using an internal counter value and an externally
supplied salt value.
In this case, the internal counter value is initialized to include the current system time,
so a time resource, such as
R_TIME_RES_MI, is required in your resource list.
For more information, see
R_CR_INFO_ID_CIPHER_PARTIAL_IV in the RSA
BSAFE Micro Edition Suite Developers Guide.
Note: If IV generation is used with the AES GCM algorithm, the IV should be
at least 96 bits long. This is the default.
Example IV Generation Resource List for MES 4.3 - AES GCM with TLS
R_RES_LIST list[] =
{
R_CR_IV_GEN,
R_TIME_RES_MI,
};