11
CryptCreateHash
The CryptCreateHash function initiates the hashing of a stream of data. It returns to the calling
application a handle to a cryptographic service provider hash object. This handle is used in subsequent
calls to CryptHashData and CryptHashSessionKey in order to hash streams of data and session keys.
SHA-1 and MD5 are the cryptographic hashing algorithms supported. In addition, a MAC using a
symmetric key is created with this call and may be used with any of the symmetric block ciphers
support by the module (DES, Triple-DES AES, RC4 or RC2). For creating a HMAC hash value, the
caller specifies the CALG_HMAC flag in the Algid parameter, and the HMAC key using a hKey handle
obtained from calling CryptImportKey.
A CALG_SCHANNEL_MASTER_HASH may be created with this call. If this is the case then a handle
to one of the following types of keys must be passed in the hKey parameter, CALG_SSL2_MASTER,
CALG_SSL3_MASTER, CALG_PCT1_MASTER, or CALG_TLS1_MASTER. This function with
CALG_SCHANNEL_MASTER_HASH in the ALGID parameter will cause the derivation of the master
secret from the pre-master secret associated with the passed in key handle. This key derivation
process is done in the method specified in the appropriate protocol specification, SSL 2.0, SSL 3.0,
PCT 1.0, or TLS. The master secret is then associated with the resulting hash handle and session
keys and MAC keys may be derived from this hash handle. The master secret may not be exported or
imported from the module. The key data associated with the hash handle is zeroized when
CryptDestroyHash is called.
CryptDestroyHash
The CryptDestroyHash function destroys the hash object referenced by the hHash parameter. After a
hash object has been destroyed, it can no longer be used. When a hash object is destroyed, the
crypto module zeroizes the memory within the module where the hash object was held. The memory
is then freed.
If the hash handle references a CALG_SCHANNEL_MASTER_HASH key then, when
CryptDestroyHash is called, the associated key material is zeroized also.
All hash objects should be destroyed with the CryptDestroyHash function when the application is
finished with them.
CryptGetHashParam
The CryptGetHashParam function retrieves data that governs the operations of a hash object. The
actual hash value can also be retrieved by using this function.
CryptHashData
The CryptHashData function adds data to a specified hash object. This function and
CryptHashSessionKey can be called multiple times to compute the hash on long data streams or
discontinuous data streams. Before calling this function, the CryptCreateHash function must be called
to create a handle of a hash object.