Microsoft Kernel Mode Security Support Provider Interface (ksecdd.sys) Security Policy Document
This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision)
20
hKey [in, out] is the handle of the key to use to decrypt the data. This handle is obtained from one of the
key creation functions, such as BCryptGenerateSymmetricKey, BCryptGenerateKeyPair, or
BCryptImportKey.
pbInput [in] is the address of a buffer that contains the ciphertext to be decrypted. The cbInput
parameter contains the size of the ciphertext to decrypt. For more information, see Remarks.
cbInput [in] is the number of bytes in the pbInput buffer to decrypt.
pPaddingInfo [in, optional] is a pointer to a structure that contains padding information. The actual type
of structure this parameter points to depends on the value of the dwFlags parameter. This parameter is
only used with asymmetric keys and must be NULL otherwise.
pbIV [in, out, optional] is the address of a buffer that contains the initialization vector (IV) to use during
decryption. The cbIV parameter contains the size of this buffer. This function will modify the contents of
this buffer. If you need to reuse the IV later, make sure you make a copy of this buffer before calling this
function. This parameter is optional and can be NULL if no IV is used. The required size of the IV can be
obtained by calling the BCryptGetProperty function to get the BCRYPT_BLOCK_LENGTH property. This
will provide the size of a block for the algorithm, which is also the size of the IV.
cbIV [in] contains the size, in bytes, of the pbIV buffer.
pbOutput [out, optional] is the address of a buffer to receive the plaintext produced by this function. The
cbOutput parameter contains the size of this buffer. For more information, see Remarks.
If this parameter is NULL, this function will calculate the size required for the plaintext and return the size
in the location pointed to by the pcbResult parameter.
cbOutput [in] is the size, in bytes, of the pbOutput buffer. This parameter is ignored if the pbOutput
parameter is NULL.
pcbResult [out] is a pointer to a ULONG variable to receive the number of bytes copied to the pbOutput
buffer. If pbOutput is NULL, this receives the size, in bytes, required for the plaintext.
dwFlags [in] is a set of flags that modify the behavior of this function. The allowed set of flags depends
on the type of key specified by the hKey parameter. If the key is a symmetric key, this can be zero or the
following value: BCRYPT_BLOCK_PADDING. If the key is an asymmetric key, this can be one of the
following values: BCRYPT_PAD_NONE, BCRYPT_PAD_OAEP, BCRYPT_PAD_PKCS1.
5.12
Hashing and HMAC
5.12.1 BCryptCreateHash
NTSTATUS WINAPI BCryptCreateHash(
BCRYPT_ALG_HANDLE hAlgorithm,
BCRYPT_HASH_HANDLE *phHash,
PUCHAR pbHashObject,
ULONG cbHashObject,
PUCHAR pbSecret,
ULONG cbSecret,
ULONG dwFlags);
The BCryptCreateHash() function creates a hash object with an optional key. The optional key is used for
HMAC type keyed-hash functions.
hAlgorithm [in, out] is the handle of an algorithm provider created by using the
BCryptOpenAlgorithmProvider function. The algorithm that was specified when the provider was created
must support the hash interface.
phHash [out] is a pointer to a BCRYPT_HASH_HANDLE value that receives a handle that represents the
hash object. This handle is used in subsequent hashing functions, such as the BCryptHashData function.
When you have finished using this handle, release it by passing it to the BCryptDestroyHash function.
pbHashObject [out] is a pointer to a buffer that receives the hash object. The cbHashObject parameter
contains the size of this buffer. The required size of this buffer can be obtained by calling the
BCryptGetProperty function to get the BCRYPT_OBJECT_LENGTH property. This will provide the size of
the hash object for the specified algorithm. This memory can only be freed after the hash handle is
destroyed.
cbHashObject [in] contains the size, in bytes, of the pbHashObject buffer.