Re: MacTripleDes (.NET managed and CryptoApi unmanaged interop)

From: casey chesnut (casey_at_brains-N-brawn.com)
Date: 10/09/03 

Date: Thu, 9 Oct 2003 07:22:38 -0500

i'll give your code a try, thank you.

the key size was always right, no matter if i did DES (8) 2DES (16) or 3DES
(24).
i was making sure to reverse the bytes of the key as well on the managed
side.
CryptGenKey is exactly what i want, because you want a session key to be
different every time.
GetHashParam works too, i know a MD5 hash is 16 bytes, so i can just pass
that in and call it once.

Thanks
casey

"Rhett Gong" <v-raygon@online.microsoft.com> wrote in message
news:q$H56gijDHA.560@cpmsftngxa06.phx.gbl...
> Hi Casey:
>
> I've written a VC++ snippet with the CryptoApis (listed below). It
can
> get an actual hash value no matter I use TRIP_DES or DES. I have checked
> your code, and I found that you used CryptGenKey() to generate the key. It
> generates different keys when it is invoked. You said that the hash value
> ends up being all zeros when you are using TRIP_DES. Maybe the key you
> generated doesn't meet the TRIP_DES' need.
> MACTripleDES uses a key of length 8, 16 or 24 bytes. But HmacSha1
accepts
> keys of any size.
> I think there may have some problems in this line too:
> retVal = CryptGetHashParam(hash, (uint) HashParam.HASHVAL,data, ref
> dataLen, flags);
> Maybe you need call this function twice to get the dataLen or the
> HASHVAL.data. I signed that with a comment in my code snippet.
>
> void CGHashDlg::OnBnClickedButton1()
> {
> HCRYPTPROV hProv; // CSP handle
> HCRYPTKEY hKey; // Session key handle
> HCRYPTHASH hHash;
> BYTE *data= (BYTE *)"76543218";
> DWORD dwHashLen = sizeof(DWORD);
> BYTE *pbHash;
>
>
> //////////////////////////////////////////////////////////////////////////
> // Acquire a cryptographic provider context handle.
> if(CryptAcquireContext( &hProv,NULL,MS_ENHANCED_PROV,PROV_RSA_FULL,0) )
> {
> TRACE("The CSP has been acquired. \n");
> }
> else
> {
> TRACE("Error during CryptAcquireContext.\n");
> }
>
>
> if (CryptGenKey(hProv,CALG_3DES,CRYPT_EXPORTABLE,&hKey))
> {
> TRACE("Original session key is created. \n");
> }
> else
> {
> TRACE("ERROR -- CryptGenKey.\n");
> }
>
> if ( CryptCreateHash(hProv,CALG_MAC,hKey,0,&hHash))
> {
> TRACE("Hash code is created. \n");
> }
> else
> {
> TRACE("ERROR -- CryptCreateHash.\n");
> }
> DWORD errMsg = GetLastError();
>
> if ( CryptHashData(hHash,data,8,CRYPT_USERDATA))
> {
> TRACE("Hash code is created. \n");
> }
> else
> {
> TRACE("ERROR -- CryptHashData.\n");
> }
>
> // Note I have called the CryptGetHashParam() twice , one for getting the
> Hash Length,
> // and another for getting the Hash value
> CryptGetHashParam(hHash,HP_HASHVAL,NULL,&dwHashLen,0);
> pbHash = (BYTE*)malloc(dwHashLen);
> CryptGetHashParam(hHash,HP_HASHVAL,pbHash,&dwHashLen,0);
> errMsg = GetLastError();
>
>
> for(UINT i = 0 ; i < dwHashLen ; i++)
> {
> TRACE("%2.2x ",pbHash[i]);
> }
>
>
> free(pbHash);
>
> }
>
> Does this answer your question?
> If it does, please let me know! I will feel happier for that.
>
> Best regards,
>
> Rhett Gong [MSFT]
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
>
> This posting is provided "AS IS" with no warranties and confers no rights.
> --------------------
> Content-Class: urn:content-classes:message
> From: "casey chesnut" <casey@brains-n-brawn.com>
> Sender: "casey chesnut" <casey@brains-n-brawn.com>
> References: <b5234d63.0310070552.dc83723@posting.google.com>
> <AOUN1mZjDHA.1716@cpmsftngxa06.phx.gbl>
> Subject: RE: MacTripleDes (.NET managed and CryptoApi unmanaged interop)
> Date: Wed, 8 Oct 2003 08:30:01 -0700
> Lines: 135
> Message-ID: <2562f01c38db1$09e81b80$a601280a@phx.gbl>
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> X-Newsreader: Microsoft CDO for Windows 2000
> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
> Thread-Index: AcONsQnoGE2iSw4NSSy7aRcTnnciAQ==
> Newsgroups: microsoft.public.platformsdk.security
> Path: cpmsftngxa06.phx.gbl
> Xref: cpmsftngxa06.phx.gbl microsoft.public.platformsdk.security:2888
> NNTP-Posting-Host: TK2MSFTNGXA14 10.40.1.166
> X-Tomcat-NG: microsoft.public.platformsdk.security
>
> here is the source.
> the hash value ends up being all zeros.
> the same code will return an actual hash if I change the
> key algId from TRIP_DES to DES.
> Thanks,
> casey
>
> //prov is enhanced provider
> //byte [] dataToHash; //already filled
> IntPtr key;
> bool retVal = CryptGenKey(prov, (uint) Calg.TRIP_DES,
> (uint) GenKeyParam.EXPORTABLE, out key);
>
> uint flags = 0;
> IntPtr hash;
> retVal = CryptCreateHash(prov, (uint) CalgHash.MAC, key,
> flags, out hash);
>
> retVal = CryptHashData(hash, dataToHash,
> dataToHash.Length, flags);
>
> byte [] data = new byte[0];
> uint dataLen = 0;
> //size
> retVal = CryptGetHashParam(hash, (uint) HashParam.HASHVAL,
> data, ref dataLen, flags);
> int lastErr = GetLastError();
> if(lastErr == (err) ErrCode.MORE_DATA)
> {
> //data
> data = new byte[dataLen];
> retVal = CryptGetHashParam(hash, (uint)
> HashParam.HASHVAL, data, ref dataLen, flags);
> }
>
> //at this point the data byte[] is 16 bytes of zero.
>
>
> >-----Original Message-----
> >Hi Casey:
> > It may have got a different result, if you give
> different parameters to
> >the CryptoApi functions. The .Net framework may use
> different parameters to
> >implement that. So I want to know what parameters you
> have given in the
> >CryptoApi functions. Can you send me your source code to
> clarify your
> >idea? It may be helpful to further understanding your
> problem.
> >Thanks.
> >
> >Best regards,
> >
> >Rhett Gong [MSFT]
> >Microsoft Online Partner Support
> >Get Secure! - www.microsoft.com/security
> >
> >This posting is provided "AS IS" with no warranties and
> confers no rights.
> >--------------------
> >From: casey@brains-n-brawn.com (casey chesnut)
> >Newsgroups: microsoft.public.platformsdk.security
> >Subject: MacTripleDes (.NET managed and CryptoApi
> unmanaged interop)
> >Date: 7 Oct 2003 06:52:20 -0700
> >Organization: http://groups.google.com
> >Lines: 23
> >Message-ID:
> <b5234d63.0310070552.dc83723@posting.google.com>
> >NNTP-Posting-Host: 192.132.24.81
> >Content-Type: text/plain; charset=ISO-8859-1
> >Content-Transfer-Encoding: 8bit
> >X-Trace: posting.google.com 1065534741 11063 127.0.0.1 (7
> Oct 2003 13:52:21
> >GMT)
> >X-Complaints-To: groups-abuse@google.com
> >NNTP-Posting-Date: Tue, 7 Oct 2003 13:52:21 +0000 (UTC)
> >Path:
> >cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!
> newsfeed00.sul.t-online.de!t-onlin
> >e.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!sn-
> xit-03!sn-xit-01!sn-
> >xit-09!supernews.com!postnews1.google.com!not-for-mail
> >Xref: cpmsftngxa06.phx.gbl
> microsoft.public.platformsdk.security:2842
> >X-Tomcat-NG: microsoft.public.platformsdk.security
> >
> >I need to do both keyed hashes (MacTripleDes and
> HmacSha1).
> >I can do HmacSha1 using pInvokes to the CryptoApi,
> >and then get the same hash value using .NET.
> >
> >But I am not having the same luck with MacTripleDes:
> >On the managed side all i do is:
> >MACTripleDES mtd = new MACTripleDES(_baKey);
> >byte [] manHash = mtd.ComputeHash(_dataToHash);
> >
> >For the cryptoApi, its something like this:
> >IntPtr key = CryptGenKey(prov, Calg.TRIP_DES,
> GenKeyParam.EXPORTABLE);
> >//get 24 byte key as byte [] '_baKey' using nullKey
> export hack,
> >//and then reverse it
> >IntPtr hash = CryptCreateHash(prov, Calg.MAC, key);
> >HashData(hash, _dataToHash);
> >byte [] unmanHash = CryptGetHashParam(hash);
> >CryptDestroyHash(hash);
> >CryptDestroyKey(key);
> >
> >Any ideas?
> >
> >Thanks
> >casey
> >
> >
> >Does this answer your question?
> >If it does, please let me know! I will feel happier for
> that.
> >If not, write your problems with detailed information. I
> always do my best
> >to
> >solve your problems;-)
> >
> >Best regards,
> >
> >Rhett Gong [MSFT]
> >Microsoft Online Partner Support
> >Get Secure! - www.microsoft.com/security
> >
> >This posting is provided "AS IS" with no warranties and
> confers no rights.
> >
> >.
> >
>
>
>

Quantcast