SslGenerateMasterKey function

The SslGenerateMasterKey function computes the Secure Sockets Layer protocol (SSL) master secret key.

Syntax

SECURITY_STATUS WINAPI SslGenerateMasterKey(
  _In_  NCRYPT_PROV_HANDLE hSslProvider,
  _In_  NCRYPT_KEY_HANDLE  hPrivateKey,
  _In_  NCRYPT_KEY_HANDLE  hPublicKey,
  _Out_ NCRYPT_KEY_HANDLE  *phMasterKey,
  _In_  DWORD              dwProtocol,
  _In_  DWORD              dwCipherSuite,
  _In_  PNCryptBufferDesc  pParameterList,
  _Out_ PBYTE              pbOutput,
  _In_  DWORD              cbOutput,
  _Out_ DWORD              *pcbResult,
  _In_  DWORD              dwFlags
);

Parameters

hSslProvider [in]

The handle to the SSL protocol provider instance.

hPrivateKey [in]

The handle to the private key used in the exchange.

hPublicKey [in]

The handle to the public key used in the exchange.

phMasterKey [out]

A pointer to the handle to the generated master key.

dwProtocol [in]

One of the CNG SSL Provider Protocol Identifier values.

dwCipherSuite [in]

One of the CNG SSL Provider Cipher Suite Identifier values.

pParameterList [in]

A pointer to an array of NCryptBuffer buffers that contain information used as part of the key exchange operation. The precise set of buffers is dependent on the protocol and cipher suite that is used. At the minimum, the list will contain buffers that contain the client and server supplied random values.

pbOutput [out]

The address of a buffer that receives the premaster secret encrypted with the public key of the server. The cbOutput parameter contains the size of this buffer. If this parameter is NULL, this function returns the required size, in bytes, in the DWORD pointed to by the pcbResult parameter.

Note

This buffer is used when performing a RSA key exchange.

cbOutput [in]

The size, in bytes, of the pbOutput buffer.

pcbResult [out]

A pointer to a DWORD value in which to place number of bytes written to the pbOutput buffer.

dwFlags [in]

Specifies whether this function is being used for client-side or server-side key exchange.

Value Meaning
NCRYPT_SSL_CLIENT_FLAG
0x00000001
Specifies a client-side key exchange.
NCRYPT_SSL_SERVER_FLAG
0x00000002
Specifies a server-side key exchange.

Return value

If the function succeeds, it returns zero.

If the function fails, it returns a nonzero error value.

Possible return codes include, but are not limited to, the following.

Return code/value Description
NTE_NO_MEMORY
0x8009000EL
Not enough memory is available to allocate necessary buffers.
NTE_INVALID_HANDLE
0x80090026L
One of the provided handles is not valid.
NTE_INVALID_PARAMETER
0x80090027L
The phMasterKey or hPublicKey parameter is not valid.

Requirements

Requirement Value
Minimum supported client
Windows Vista [desktop apps only]
Minimum supported server
Windows Server 2008 [desktop apps only]
Header
Sslprovider.h
DLL
Ncrypt.dll