Re: Crypto problems in Vista
- From: "Alun Jones" <alun@xxxxxxxxxxxxx>
- Date: Fri, 7 Dec 2007 08:58:51 -0800
Question - if every time you call CryptEncrypt, you use the same IV, doesn't
that weaken the encryption, as you then have multiple ciphertexts generated
from the same key and IV? What attacks does that open up?
Alun.
~~~~
"Andrew Tucker [MSFT]" <AndrewSTucker@xxxxxxxxx> wrote in message
news:4c94f89a-3362-432c-a54d-a24934c79bf2@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
For CBC mode you can avoid padding by not passing TRUE for the Final
parameter.
This issue is covered in the CryptEncrypt MSDN page at
http://msdn2.microsoft.com/en-us/library/aa379924.aspx:
There is no way to set the cipher's feedback register to the KP_IV
value of the key without setting the Final parameter to TRUE. If this
is necessary, as in the case where you do not want to add an
additional padding block or change the size of each block, you can
simulate this by creating a duplicate of the original key by using the
CryptDuplicateKey function, and passing the duplicate key to the
CryptEncrypt function. This causes the KP_IV of the original key to be
placed in the duplicate key. After you create or import the original
key, you cannot use the original key for encryption because the
feedback register of the key will be changed. The following pseudocode
shows how this can be done.
Copy Code
// Set the IV for the original key. Do not use the original key for
// encryption or decryption after doing this because the key's
// feedback register will get modified and you cannot change it.
CryptSetKeyParam(hOriginalKey, KP_IV, newIV)
while(block = NextBlock())
{
// Create a duplicate of the original key. This causes the
// original key's IV to be copied into the duplicate key's
// feedback register.
hDuplicateKey = CryptDuplicateKey(hOriginalKey)
// Encrypt the block with the duplicate key.
CryptEncrypt(hDuplicateKey, block)
// Destroy the duplicate key. Its feedback register has been
// modified by the CryptEncrypt function, so it cannot be used
// again. It will be re-duplicated in the next iteration of the
// loop.
CryptDestroyKey(hDuplicateKey)
}
On Dec 5, 2:04 pm, Laszlo Hars <LaszloH...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
Thanks, Alun. Calling CryptGetKeyParam() was revealing...
1. The ciphertext is ALWAYS longer than the plaintext. This was my
problem.
If the plaintext I encrypt is always 128 bits (16 bytes), there is no
need
for padding, but I cannot switch it off. My question was if there is a
way
(maybe undocumented) to somehow prevent padding. Padding seems to be
always
active, which is a pity. CryptGetKeyParam() returns PKCS5_PADDING (1), no
matter what I select with CryptSetKeyParam().
In ECB mode, at encryption I can just discard the superfluous second
block,
but at decryption I have to attach the encrypted 100..0 block (the
padding),
which is a hassle.
CFB mode could be used as an AES stream cipher, but it also uses padding,
so
no matter, which mode is selected the Vista CSP pads the input.
2. I could not find anywhere documented whether CRYPT_MODE_CTS is
supported.
It is not. A call to CryptSetKeyParam with CRYPT_MODE_CTS(5) has no
effect. A
subsequent CryptGetKeyParam shows CRYPT_MODE_CBC(1) set.
3. I missed the note in MSDN that OFB is not supported.
All together, the default Vista CSP: "Microsoft Enhanced RSA and AES
Cryptographic Provider" for AES is a disappointment. Padding cannot be
switched off, not even in CFB mode, and CTS and OFB modes are not
implemented.
.
- References:
- Re: Crypto problems in Vista
- From: Alun Jones
- Re: Crypto problems in Vista
- From: Laszlo Hars
- Re: Crypto problems in Vista
- From: Andrew Tucker [MSFT]
- Re: Crypto problems in Vista
- Prev by Date: Re: Crypto problems in Vista
- Next by Date: Windows Firewall - RemoteAdminSettings
- Previous by thread: Re: Crypto problems in Vista
- Next by thread: Re: Crypto problems in Vista
- Index(es):
Relevant Pages
|
