The CPHashSessionKey function is used by applications to feed a cryptographic key to a specified hash object. This allows session keys to be hashed without the application having access to the key material.
BOOL CPHashSessionKey(
HCRYPTPROV hProv, // in
HCRYPTHASH hHash, // in
HCRYPTKEY hKey, // in
DWORD dwFlags // in
);
If the function succeeds, TRUE should be returned; otherwise, return FALSE. When FALSE is returned, the appropriate error code (see the following table) must be set via SetLastError.
| Error | Description |
|---|---|
| NTE_BAD_ALGID | The hHash handle specifies a hash algorithm that this function does not support. |
| NTE_BAD_FLAGS | The dwFlags parameter is non-zero. |
| NTE_BAD_HASH | The hash object specified by the hHash parameter is invalid. |
| NTE_BAD_HASH_STATE | An attempt was made to add data to a hash object that is already marked as "finished." |
| NTE_BAD_KEY | A keyed hash algorithm is being used, but the session key is no longer valid. This error will be generated if the session key passed to CPCreateHash is destroyed before the hashing operating is complete. |
| NTE_BAD_UID | The CSP context that was specified when the hash object was created cannot now be found. |
| NTE_FAIL | The function failed in some unexpected way. |
The only data that this function is to add to the hash object is the session key material itself. If necessary, the application itself can hash in the key's salt, initialization vector, and so on. Depending on the CSP type, the key material may need to be formatted or padded in some specific way before being added to the hash. This is discussed further in Interoperability with RSA CSPs.
CPCreateHash, CPGenKey, CPHashData, CryptHashSessionKey