Enumerating Supported Protocols

  • Article

Supported protocols and cipher suites can be listed by calls to CryptGetProvParam with PP_ENUMALGS or PP_ENUMALGS_EX. The PP_ENUMALGS_EX value works like PP_ENUMALGS but returns a PROV_ENUMALGS_EX structure that holds more extensive information on the algorithms supported by the provider.

For more information about defined protocol flags and their values, see Protocol Flags.

Given that the hCryptProv member is the handle of an open cryptographic context acquired by using CryptAcquireContext with its dwProvType parameter set to PROV_RSA_SCHANNEL, the following example lists the names of all algorithms available in the CSP.

PROV_ENUMALGS_EX EnumAlgs;     //   Structure to hold information on 
                               //   a supported algorithm
DWORD dFlag = CRYPT_FIRST;     //   Flag indicating that the first
                               //   supported algorithm is to be
                               //   enumerated. Changed to 0 after the
                               //   first call to the function.
cbData = sizeof(PROV_ENUMALGS_EX);

while( CryptGetProvParam(
    hCryptProv,          // handle to an open cryptographic provider
    PP_ENUMALGS_EX, 
    (BYTE *)&EnumAlgs,  // information on the next algorithm
    &cbData,            // number of bytes in the PROV_ENUMALGS_EX
    dFlag))             // flag to indicate whether this is a first or
                        // subsequent algorithm supported by the
                        // CSP.
{
    printf("Supported Algorithm name %s\n", EnumAlgs.szName);
    dFlag = CRYPT_NEXT;          // Set to CRYPT_NEXT after the first call,
} //  end of while loop. When all of the supported algorithms have
  //  been enumerated, the function returns FALSE.

The following table lists some algorithms returned by a typical domestic PROV_RSA_SCHANNEL CSP. Notice that neither SSL2 SHA MACs nor SSL2 DES encryption is supported by the CSP in this example.

Algorithm identifier Minimum key length Maximum key length Protocols Algorithm name
CALG_RSA_KEYX 512 2048 0x0007 "RSA_KEYX"
CALG_MD5 128 128 0x0007 "MD5"
CALG_SHA 160 160 0x0005 "SHA"
CALG_RC4 40 128 0x0007 "RC4"
CALG_DES 56 56 0x0005 "DES"

 

To prepare to send ClientHello or ServerHello messages, the Schannel protocol engine enumerates the algorithms and key sizes supported by the CSP and builds a list internally of supported cipher suites.