SslImportMasterKey function

The SslImportMasterKey function performs a server-side Secure Sockets Layer protocol (SSL) key exchange operation.

Syntax

SECURITY_STATUS WINAPI SslImportMasterKey(
  _In_  NCRYPT_PROV_HANDLE hSslProvider,
  _In_  NCRYPT_KEY_HANDLE  hPrivateKey,
  _Out_ NCRYPT_KEY_HANDLE  *phMasterKey,
  _In_  DWORD              dwProtocol,
  _In_  DWORD              dwCipherSuite,
  _In_  PNCryptBufferDesc  pParameterList,
  _In_  PBYTE              pbEncryptedKey,
  _In_  DWORD              cbEncryptedKey,
  _In_  DWORD              dwFlags
);

Parameters

hSslProvider [in]

The handle to the SSL protocol provider instance.

hPrivateKey [in]

The handle to the private key used in the exchange.

phMasterKey [out]

A pointer to the handle to receive the master key.

dwProtocol [in]

One of the CNG SSL Provider Protocol Identifier values.

dwCipherSuite [in]

One of the CNG SSL Provider Cipher Suite Identifiers values.

pParameterList [in]

A pointer to an array of NCryptBuffer buffers that contain information used as part of the key exchange operation. The precise set of buffers is dependent on the protocol and cipher suite that is used. At the minimum, the list will contain buffers that contain the client and server supplied random values.

pbEncryptedKey [in]

A pointer to a buffer that contains the encrypted premaster secret key encrypted with the public key of the server.

cbEncryptedKey [in]

The size, in bytes, of the pbEncryptedKey buffer.

dwFlags [in]

Set this parameter to NCRYPT_SSL_SERVER_FLAG to indicate that this is a server call.

Return value

If the function succeeds, it returns zero.

If the function fails, it returns a nonzero error value.

Possible return codes include, but are not limited to, the following.

Return code/value Description
NTE_NO_MEMORY
0x8009000EL
Not enough memory is available to allocate necessary buffers.
NTE_INVALID_HANDLE
0x80090026L
One of the provided handles is not valid.
NTE_INVALID_PARAMETER
0x80090027L
The phMasterKey parameter is NULL.

Remarks

This function decrypts the premaster secret, computes the SSL master secret, and returns a handle to this object to the caller. This master key can then be used to derive the SSL session key and finish the SSL handshake.

Note

This function is used when the RSA key exchange algorithm is being used. When DH is used, then the server code calls SslGenerateMasterKey instead.

Requirements

Requirement Value
Minimum supported client
Windows Vista [desktop apps only]
Minimum supported server
Windows Server 2008 [desktop apps only]
Header
Sslprovider.h
DLL
Ncrypt.dll