0

I'm having trouble using the Windows cryptography API to encode/decode AES-128 blocks.

It seems like the system is geared around first generating a hash, then using that hash to set the key, i.e. CryptCreateHash, CryptHashData, CryptDeriveKey. But there is no indication on how to use a null-hash and instead just use raw data to initialize the key.

Specifically I want to use a fixed, 128-bit key, with a fixed, 128-bit IV that is shared to each side of a link through a secure channel.

Side-note: This is the only way I could find how to make a PROV_RSA_AES instead of a PROV_RSA_FULL.

If I use the following sequence to try to set the key, I get error 8009000a

CryptAcquireContext( &m_hCryptProv, 0, "Microsoft Enhanced RSA and AES Cryptographic Provider", PROV_RSA_AES, CRYPT_VERIFYCONTEXT );
CryptGenKey( m_hCryptProv, CALG_AES_128, 0, &m_hCryptKey );
CryptSetKeyParam( m_hCryptKey, KP_IV, IV, 0 );
CryptSetKeyParam( m_hCryptKey, KP_KEYVAL, key, 0 ) << FAIL
Charles Lohr
  • 695
  • 1
  • 8
  • 23

1 Answers1

0

I found the answer to my question here: Hard coded AES-256 key with WinCrypt & CryptImportKey

For AES-128, I just had to make a few tweaks, changing the size to be correct.

Instead of CryptGenKey you use CryptImportKey with PLAINTEXTKEYBLOB, i.e.

    struct aes128keyBlob
    {
        BLOBHEADER hdr;
        DWORD keySize;
        BYTE bytes[16];
    } blob;
    blob.hdr.bType = PLAINTEXTKEYBLOB;
    blob.hdr.bVersion = CUR_BLOB_VERSION;
    blob.hdr.reserved = 0;
    blob.hdr.aiKeyAlg = CALG_AES_128;
    blob.keySize = 16;
    memcpy( blob.bytes, raw_key_data, 16 );
    if( !CryptImportKey( m_hCryptProv, (BYTE *)&blob, sizeof( aes128keyBlob), 0, 0, &m_hCryptKey ) )
Charles Lohr
  • 695
  • 1
  • 8
  • 23