Dan Griffin's Blog
Comments on security, PKI, smart cards, cryptography, and entrepreneurship.
It came to my intention that this sample code - which shows how to plug-in a new symmetric algorithm (e.g. Twofish) via CNG (Crypto API: Next Generation) and CMS (Cryptographic Message Syntax) - has a usage error in the CMS portion.
http://download.microsoft.com/download/f/1/2/f12dbbb5-d164-4e7c-b42d-aaca3efb85dc/CNGSample.EXE
Specifically, the BCryptSetProperty BCRYPT_CHAINING_MODE call is supposed to be made against the provider handle, and not the key handle. Also, the property data input length should correspond the length of the whole property string, and not just the size of the pointer. In other words, this code:
CHECK_DWORD((DWORD) BCryptSetProperty(
*phCNGContentEncryptKey,
BCRYPT_CHAINING_MODE,
(PBYTE) BCRYPT_CHAIN_MODE_CBC,
sizeof(LPWSTR),
0));
should actually be this:
CHECK_DWORD((DWORD) BCryptSetProperty(
hAlgorithm,
BCRYPT_CHAINING_MODE,
(PBYTE) BCRYPT_CHAIN_MODE_CBC,
sizeof(WCHAR) * (1 + wcslen(BCRYPT_CHAIN_MODE_CBC)), 0));
Now, to be clear, I haven’t tested the latter. Furthermore, I was told that the former, while technically incorrect, is allowed (at least in the Vista RTM version of CNG).
Permalink |No Comments »
No comments yet.
RSS feed for comments on this post. TrackBack URL
