'Re: SCHANNEL_ALG'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: SCHANNEL_ALG
From:       John Banes <jbanes () WINDOWS ! MICROSOFT ! COM>
Date:       2001-11-10 0:52:55
[Download RAW message or body]


I just double-checked, and it turns out that the cBits value for DES is
actually 64, rather than 56 as I stated earlier. At least, that's what
I'm seeing in my debugger.

Sorry for the confusion,

John

-----Original Message-----
From: Rasmus Faber Larsen [mailto:Rasmus.Faber@CRYPTOMATHIC.COM]=20
Sent: Thursday, November 08, 2001 2:34 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: SCHANNEL_ALG


Hi John,

Thanks for the fast response.

Using the MS RSA Schannel Provider, if I set the cBits to 56 and Algid
to CALG_DES, I get a 7 bytes long DES key generated from 7 bytes of
key-material; so the cBits field is not interpreted as the effective key
bits field. It rather seems to specify the bits of keymaterial to use
(which is equal to the eff. key bits for keys without parity).

So am I right to conclude, that the cBits field should specify the
amount of key-material and the length of the resulting key? Fortunately,
at present the DES40 cipher is the only cipher, which differs in the
length of the used key-material and the length of the key; and which
does not have a salt-value, in which to put the remainder of the key
(RC2 and RC4 40 bit puts the first 5 bytes of the expanded key in the
key-value and the remaining 11 bytes in the salt-value).

The interpretation, that the cBits field should specify the amount of
key-material to use, and that the length of the resulting key should be
the default value for the algorithm, unless overridden by the high word
of the dwFlags in DeriveKeys, would be compatible for schannel purposes;
as well as being more intuitive. But as I am developing a CSP, I am
really only concerned about being correct in my interpretation of the
value.

Thanks again,
Rasmus.



John Banes <jbanes@WINDOWS.MICROSOFT.COM>
Sent by: Microsoft Cryptographic API <CryptoAPI@DISCUSS.MICROSOFT.COM>
11/07/01 07:14 PM Please respond to Microsoft Cryptographic API


        To:     CryptoAPI@DISCUSS.MICROSOFT.COM
        cc:



The cBits field contains the number of bits that are secret. This is set
to 40 for 40-bit RC4 and RC2, set to 56 for 56-bit RC4 and DES, set to
128 for 128-bit RC4, and 168 for 3DES, etc. The INTERNATIONAL_USAGE flag
is set whenever the cipher suite is an "exportable" one. We needed to
define this flag explicitly since there are both export and domestic DES
cipher suites, and the key derivation is done slightly differently for
each of these.

Neither schannel nor the Microsoft CSPs support SSL using the DES40
cipher. I would guess that this is what's causing your confusion.

Regards, John

-----Original Message-----
From: Rasmus Faber Larsen [mailto:Rasmus.Faber@CRYPTOMATHIC.COM]
Sent: Wednesday, November 07, 2001 2:37 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: SCHANNEL_ALG


Hi,

I have been trying to decipher the exact meaning of the fields of the
SCHANNEL_ALG structure, which is used to specify the algorithms when
deriving SSL/TLS session keys.

Let me remind you of the definition:
typedef struct _SCHANNEL_ALG
{
    DWORD  dwUse;
    ALG_ID Algid;
    DWORD  cBits;
    DWORD  dwFlags;
    DWORD  dwReserved;
} SCHANNEL_ALG, *PSCHANNEL_ALG;

dwUse is set to either SCHANNEL_ENC_KEY or SCHANNEL_MAC_KEY, depending
on whether you want to specify the algorithms for encryption or mac'ing.
Algid specifies the encryption/mac'ing algorithm to use. cBits specifies
the bitlength of the key. dwFlags is set to 0 or INTERNATIONAL_USAGE,
depending on whether you want regular or export keys. dwReserved is
reserved.

Now for my question: what is the exact meaning of the cBits field, when
deriving export keys. Three interpretations are possible (at least): 1.
The cBits field specifies the effective number of keybits; that is the
number of bits to take from the keyblock, before using MD5 or the PRF to
create the final keys. The final key is then set to a default length, or
the length specified in the high word of the dwFlags when calling
DeriveKey(). If this is the case, then the cBits field should always be
40, when deriving export keys. 2. The cBits field specifies the
bitlength of the final keys. We always use 40 bits per key for the
initial keymaterial. In this case, the cBits field should be 128 for
RC2_CBC_40 and RC4_40 and 64 for DES40_CBC. 3. The cBits field specifies
both the effective number of keybits and the bitlength of the final key.
RC2 and RC4 40 bit keys are supplied with a salt of 88 bits from the end
of the derived key. In this case, the cBits field should be 40 for
RC2_CBC_40 and RC4_40; and if you want to use DES40_CBC you are out of
luck, since 40 would give you a too short key and 64 would give you a
wrong key, since too many bits was taken from the initial keyblock.

I have tried to experiment with the Microsoft RSA Schannel Provider, and
it seems, that this implements the third interpretation. Is this
correct? And if so, is it correct, that there is no way to derive keys
for using DES40_CBC?

Best regards,
Rasmus Faber Larsen.

Systems Engineer                CRYPTOMAThIC A/S
Rasmus Faber Larsen             Kannikegade 14, 3.
Tel:    +(45) 86 13 90 20       DK-8000 Aarhus C
Direct: +(45) 86 76 22 85       Denmark
Fax:    +(45) 86 20 29 75
Web:    http://www.cryptomathic.com

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html . To unsubscribe,
mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html . To unsubscribe,
mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html . To unsubscribe,
mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic