Reputation: 2480
SSPI Schannel API returns undocumented value of 0xAE06 or CALG_ECDH_EPHEM
I am using the following code to query current TLS connection:
SecPkgContext_ConnectionInfo data;
QueryContextAttributes(&myHandle, SECPKG_ATTR_CONNECTION_INFO, &data);
It returns correct structure with all the fields:
typedef struct _SecPkgContext_ConnectionInfo {
DWORD dwProtocol;
ALG_ID aiCipher;
DWORD dwCipherStrength;
ALG_ID aiHash;
DWORD dwHashStrength;
ALG_ID aiExch;
DWORD dwExchStrength;
} SecPkgContext_ConnectionInfo, *PSecPkgContext_ConnectionInfo;
as per MSDN documentation: https://learn.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-secpkgcontext_connectioninfo
However, the field aiExch has value of 0xAE06 which I guess (from wincrypt.h file) is defined as CALG_ECDH_EPHEM, but documentation only mention two possible values:
CALG_RSA_KEYX 0xA400 // RSA key exchange
CALG_DH_EPHEM 0xAA02 // Diffie-Hellman key exchange.
Now the questions:
- What is the meaning of 0xAE06 / CALG_ECDH_EPHEM?
- What other values the field
aiExchcan have?
Upvotes: 1
Views: 317
Answers (1)
Reputation: 15164
From ALG_ID:
CALG_ECDH_EPHEM | 0x0000ae06 | Ephemeral elliptic curve Diffie-Hellman key exchange algorithm.
[!Note]
This algorithm is supported only through Cryptography API: Next GenerationWindows Server 2003 and Windows XP: This algorithm is not supported.
I can't tell you what else might show up.
Upvotes: 2
Related Questions
- AcquireCredentialsHandle returns SEC_E_NO_CREDENTIALS
- InitializeSecurityContext (Schannel) returns SEC_I_INCOMPLETE_CREDENTIALS unexpectedly
- SSPI WDigest Server Vaildation Failure
- Need a C# signature for AcquireCredentialsHandle win32 api function
- CertCreateCertificateContext returns CRYPT_E_ASN1_BADTAG / 8009310b
- SChannel, SEC_E_ALGORITHM_MISMATCH (0x80090331)
- not compatible with PSECURITY_STRING
- windows CSP api
- TLS Handshake process by InitializeSecurityContext (Schannel)
- EncryptMessage returns SEC_E_INVALID_TOKEN