Microsoft KB Archive/259122

{|
 * width="100%"|

HOWTO: Programmatically Determine the Cipher Strength on Windows

 * }

Q259122

-

The information in this article applies to:


 * Microsoft Win32 Application Programming Interface (API)

-

SUMMARY
To determine the cipher strength of a system programmatically, you can query schannel by calling QueryCredentialsAttributes.

QueryCredentialsAttributes can be called on all windows platforms.

MORE INFORMATION
The following source code will determine the cipher strength on a system:

#include 
 * 1) include 
 * 2) define SECURITY_WIN32
 * 3) include 
 * 4) include 
 * 5) include 

typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN_A) (VOID);

void PrintStatus(SECURITY_STATUS Status); DWORD GetCipherStrength;

void main {  DWORD dwCipherStrength;

dwCipherStrength = GetCipherStrength;

if (dwCipherStrength > 0) {     printf(&quot;\nCipher Strength : %d bits\n&quot;, dwCipherStrength); }  else {     printf(&quot;Unable to get Cipher Strength.\n&quot;); } }

// Returns the maximum cipher strength // If cipher strength is 168bit it means 128bit DWORD GetCipherStrength {   DWORD                           dwKeySize = 0; HINSTANCE                      hSecurity = 0; INITSECURITYINTERFACE_FN_A     pfnInitSecurityInterfaceA; PSecurityFunctionTable         pSecFuncTable; __try {             hSecurity = LoadLibrary(&quot;schannel&quot;); if (!hSecurity) {          printf(&quot;Unable to load library.\n&quot;); __leave; }

pfnInitSecurityInterfaceA = (INITSECURITYINTERFACE_FN_A)GetProcAddress(hSecurity, &quot;InitSecurityInterfaceA&quot;);

if (pfnInitSecurityInterfaceA == NULL) {         printf(&quot;Unable to get InitSecurityInterfaceA address\n&quot;); __leave; }

pSecFuncTable = (PSecurityFunctionTable)((*pfnInitSecurityInterfaceA)); if (pSecFuncTable == NULL) {         printf(&quot;InitSecurityInterfaceA did not return function table.\n&quot;); __leave; }

if (pSecFuncTable->AcquireCredentialsHandleA && pSecFuncTable->QueryCredentialsAttributesA) {          TimeStamp  tsExpiry; CredHandle chCred; SecPkgCred_CipherStrengths cs; SECURITY_STATUS Status; SCHANNEL_CRED credData;

ZeroMemory(&credData, sizeof(credData)); credData.dwVersion = SCHANNEL_CRED_VERSION;

// Acquire the credentials Status = (*pSecFuncTable->AcquireCredentialsHandleA)(NULL,                              UNISP_NAME_A, // Package                             SECPKG_CRED_OUTBOUND,                             NULL,                             &credData,                             NULL,                             NULL,                             &chCred,      // Handle                             &tsExpiry ))) if (Status == SEC_E_OK) {               // Query the Cipher Strength Status = (*pSecFuncTable->QueryCredentialsAttributesA)(&chCred,                                             SECPKG_ATTR_CIPHER_STRENGTHS,                                               &cs))) if (Status == SEC_E_OK) {                  dwKeySize = cs.dwMaximumCipherStrength; }              else {                   printf(&quot;QueryCredentialsAttributesA failed with %x: &quot;, Status); PrintStatus(Status); }

// Free the handle if we can if (pSecFuncTable->FreeCredentialsHandle) {                  (*pSecFuncTable->FreeCredentialsHandle)(&chCred); }          }           else {              printf(&quot;AcquireCredentialsHandleA failed with %x: &quot;, Status); PrintStatus(Status); }      }       else {         printf(&quot;AcquireCredentialsHandleA or QueryCredentialsAttributeA are NULL.\n&quot;); }   }    __finally {      if (hSecurity) FreeLibrary(hSecurity); }

return (dwKeySize >= 168 ? 128 : dwKeySize); }

void PrintStatus(SECURITY_STATUS Status) {   switch (Status) {       case SEC_E_UNSUPPORTED_FUNCTION: printf(&quot;Unsupported Function.\n&quot;); break; case SEC_E_INVALID_HANDLE: printf(&quot;Unsupported Function.\n&quot;); break; } } Additional query words:

Keywords : kbDSupport

Issue type : kbhowto

Technology : kbAudDeveloper kbWin32sSearch kbWin32API