Category list

New Algorithms in CNG

CNG offers a number of newer algorithms; most notably and probably most importantly, is support for Suite B. Tables 7-1 and 7-2 outline all the algorithms supported by the default CNG providers in Windows Vista.

Table 7-1: Cryptographic Algorithms in Windows Vista CNG
Open table as spreadsheet
Algorithm	#define	Standard	Allowed by SDL?	Suite B?
RC2	BCRYPT_RC2_ALGORITHM	RFC2288
RC4	BCRYPT_RC4_ALGORITHM		Yes ^[*]
AES	BCRYPT_AES_ALGORITHM	FIPS 197	Yes	Yes
DES	BCRYPT_DES_ALGORITHM	FIPS 46-3, FIPS 81
DESX	BCRYPT_3DES_ALGORITHM
3DES	BCRYPT_DESX_ALGORITHM	FIPS 46-3, FIPS 81, SP800-38A
3DES-112	BCRYPT_3DES_112_ALGORITHM	FIPS 46-3, FIPS 81, SP800-38A
MD2	BCRYPT_MD2_ALGORITHM	RFC 1319
MD4	BCRYPT_MD4_ALGORITHM	RFC 1320
MD5	BCRYPT_MD5_ALGORITHM	FC 132
SHA-1	BCRYPT_SHA1_ALGORITHM	FIPS 180-2, FIPS 198
SHA-256	BCRYPT_SHA256_ALGORITHM FIPS	180-2, FIPS 198	Yes	Yes
SHA-384	BCRYPT_SHA384_ALGORITHM	FIPS 180-2, FIPS 198	Yes	Yes
SHA-512	BCRYPT_SHA512_ALGORITHM	FIPS 180-2, FIPS 198	Yes	Yes
RSA (encryption)	BCRYPT_RSA_ALGORITHM	PKCS#1 v1.5 and v2.0.	Yes
RSA (signing)	BCRYPT_RSA_SIGN_ALGORITHM	PKCS#1 v1.5 and v2.0.	Yes
Diffie-Hellman	BCRYPT_DH_ALGORITHM	PKCS#3
Digital Signature Algorithm	BCRYPT_DSA_ALGORITHM	FIPS 186-2
^[*] RC4 is only allowed after full cryptographic review.

Table 7-2: Elliptic Curve Cryptographic Algorithms in Windows Vista CNG
Open table as spreadsheet
Algorithm	#define	Standard
Elliptic Curve Digital Signature Algorithm with Prime-256 curve	BCRYPT_ECDSA_P256_ALGORITHM	FIPS 186-2, X9.62
Elliptic Curve Digital Signature Algorithm with Prime-384 curve	BCRYPT_ECDSA_P384_ALGORITHM	FIPS 186-2, X9.62
Elliptic Curve Digital Signature Algorithm with Prime-521 curve	BCRYPT_ECDSA_P521_ALGORITHM	FIPS 186-2, X9.62
Elliptic Curve Diffie-Hellman Algorithm with Prime-256 curve.	BCRYPT_ECDH_P256_ALGORITHM	SP800-56A
Elliptic Curve Diffie-Hellman Algorithm with Prime-384 curve.	BCRYPT_ECDH_P384_ALGORITHM	SP800-56A
Elliptic Curve Diffie-Hellman Algorithm with Prime-521 curve.	BCRYPT_ECDH_P521_ALGORITHM	SP800-56A

Note

SHA-256, SHA-384, and SHA-512 are collectively referred to as SHA-2 and are available on Windows Vista (in CAPI and CNG) and Windows Server 2003 (in CAPI), and all supported Windows platforms via the .NET Framework.

Note

All of the above are approved for use in the SDL, are Suite B compliant, and are new to CNG.

CNG also supports two kinds of random number generators (RNG), and both are allowed under SDL: BCRYPT_RNG_ALGORITHM and BCRYPT_RNG_FIPS186_DSA_ALGORITHM . Most applications should use the former, but if you are using DSA, then you should use the latter. Both RNGs conform to FIPS 186-2 and FIPS 140-2.

Using CNG

What follows are a series of small code function outlines that show how to use CNG to perform various cryptographic tasks . Consider the examples as pseudocode using real API names . The intent is not to demonstrate every possible algorithm or cryptographic operation, nor do we want to show huge swaths of code; rather, we want to show the general API call order.

Note

CAPI1 APIs don’t have access to CNG providers and keys, but CNG has access to CAPI1 keys used by Microsoft Cryptographic Service Providers.

The Windows Vista Software Development includes complete CNG samples in the samples/ security/CNG folder. There is also a separate CNG SDK available that includes samples and documentation relating to CNG configuration and installing CNG plug-ins (Microsoft 2006a).

In all cases you must include <bcrypt.h> and link your code with bcryt.dll . Also, CNG returns various status values defined in ntstatus.h. You may also need to add this macro to your code:

#

ifndef

NT_SUCCESS # define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) #endif

Encrypting Data

BCryptOpenAlgorithmProvider(&hAlg,...) BCryptGetProperty(hAlg,BCRYPT_BLOCK_LENGTH,&dwBlockSize,...) Allocate buffer, rounding up to

next

block

size

. BCryptGetProperty(hAlg,BCRYPT_OBJECT_LENGTH,&cbKeyObjectLen,...) Allocate buffer for key object. BCryptGenerateSymmetricKey(hAlg,&hKey,...) BCryptEncrypt(hKey,...) Data is now encrypted BCryptDestroyKey(hKey) BCryptCloseAlgorithmProvider(hAlg,0) Deallocate buffers

Note that like CryptAcquireContext in CAPI, BCryptOpenAlgorithmProvider is a reasonably expensive function call, and it might be helpful to cache the return handle in your code rather than constantly opening and closing a provider.

Hashing Data

BCryptOpenAlgorithmProvider(&hAlg,...) BCryptGetProperty(hAlg,BCRYPT_OBJECT_LENGTH,&cbHash,...) Allocate buffer for hash BCryptCreateHash(hAlg,&hHash,...) BCryptHashData(hHash,...) BCryptFinishHash(hHash,...) Use the hash data BCryptDestroyHash(hHash) BCryptCloseAlgorithmProvider(hAlg,0) Deallocate buffers

MACing Data

Creating a message authentication code is exactly the same as creating a hash, but there are two differences.

The last argument to BCryptOpenAlgorithmProvider should be BCRYPT_ALG_HANDLE_HMAC_FLAG .

The fifth and sixth arguments to BCryptCreateHash are the secret MAC key and the length of the MAC key. So the function call looks like this:

BCRYPT_ALG_HANDLE hAlg = NULL; NTSTATUS status = STATUS_UNSUCCESSFUL; status = BCryptOpenAlgorithmProvider(&hAlg, GetPreferredHmacAlg(), NULL, BCRYPT_ALG_HANDLE_HMAC_FLAG)))

The call to GetPreferredHmacAlg is not a CNG function; it’s a function you would provide to get the preferred HMAC base algorithm, perhaps from a configuration setting.

Generating Random Numbers

Because the code to generate random data is very small, we have included all the code here:

BCRYPT_ALG_HANDLE hRngAlg = NULL; if (BCryptOpenAlgorithmProvider(&hRngAlg, BCRYPT_RNG_ALGORITHM, NULL, 0) == STATUS_SUCCESS) { BYTE buf[32]; if (BCryptGenRandom(hRngAlg, buf, sizeof buf, 0) == STATUS_SUCCESS) { // We have the random data } BCryptCloseAlgorithmProvider(hRngAlg,0); hRngAlg = NULL; }