Platform SDK: Cryptography

CPSetKeyParam Schannel Extensions

The CPSetKeyParam function in CSPs that support Schannel protocols must implement all of the normal functionality of CSSetKeyParam. In addition, it must support several new parameters.

The following new parameters are valid when used with a master key and can be set multiple times on the same master key. If a parameter is set multiple times, at each re-setting, the old value is discarded and replaced with the new value.

The following dwParam parameters have been added.

dwParam Description
KP_SCHANNEL_ALG Set the bulk encryption, MAC algorithms, and key sizes derive the master key. The use of this parameter is shown in Specifying the Algorithms.
KP_CLIENT_RANDOM For PCT, set the challenge data. For SSL 3.0, TLS 1.0, and Diffie-Hellman, set the "client random" data. This parameter is not used with SSL 2.0. In all cases, the data is 32 bytes long.
KP_SERVER_RANDOM For PCT, set the "connection id" data. For SSL 3.0, TLS 1.0, and Diffie-Hellman, set the "server random" data. For PCT, SSL 3.0, and TLS 1.0, the data originates in the "ClientHello" message.

This parameter is not used with SSL 2.0.

In all cases, the data is 32 bytes long.

KP_CERTIFICATE This parameter is used only with PCT. It sets the "server certificate" data.
KP_ALGID For use with Diffie-Hellman. Change the key from an agreed key to a required pre-master secret key. Two new algorithm types have been added for use with this value: CALG_SSL3_MASTER and CALG_TLS1_MASTER.