BCryptDuplicateHash function (bcrypt.h)

The BCryptDuplicateHash function duplicates an existing hash or Message Authentication Code (MAC) object. The duplicate object contains all state and data contained in the original object at the point of duplication.

Syntax

NTSTATUS BCryptDuplicateHash(
  [in]  BCRYPT_HASH_HANDLE hHash,
  [out] BCRYPT_HASH_HANDLE *phNewHash,
  [out] PUCHAR             pbHashObject,
  [in]  ULONG              cbHashObject,
  [in]  ULONG              dwFlags
);

Parameters

[in] hHash

The handle of the hash or MAC object to duplicate.

[out] phNewHash

A pointer to a BCRYPT_HASH_HANDLE value that receives the handle that represents the duplicate hash or MAC object.

[out] pbHashObject

A pointer to a buffer that receives the duplicate hash or MAC object. The cbHashObject parameter contains the size of this buffer. The required size of this buffer can be obtained by calling the BCryptGetProperty function to get the BCRYPT_OBJECT_LENGTH property. This will provide the size of the hash object for the specified algorithm.

When the duplicate hash handle is released, free this memory.

[in] cbHashObject

The size, in bytes, of the pbHashObject buffer.

[in] dwFlags

A set of flags that modify the behavior of this function. No flags are currently defined, so this parameter should be zero.

Return value

Returns a status code that indicates the success or failure of the function.

Possible return codes include, but are not limited to, the following.

Return code Description
STATUS_SUCCESS
The function was successful.
STATUS_BUFFER_TOO_SMALL
The size of the hash object specified by the cbHashObject parameter is not large enough to hold the hash object.
STATUS_INVALID_HANDLE
The hash handle in the hHash parameter is not valid.
STATUS_INVALID_PARAMETER
One or more parameters are not valid.

Remarks

This function is useful when computing a hash or MAC over a block of common data. After the common data has been processed, the hash or MAC object can be duplicated, and then the unique data can be added to the individual objects.

Depending on what processor modes a provider supports, BCryptDuplicateHash can be called either from user mode or kernel mode. Kernel mode callers can execute either at PASSIVE_LEVEL IRQL or DISPATCH_LEVEL IRQL. If the current IRQL level is DISPATCH_LEVEL, the handle provided in the hHash parameter must be derived from an algorithm handle returned by a provider that was opened by using the BCRYPT_PROV_DISPATCH flag, and any pointers passed to the BCryptDestroyKey function must refer to nonpaged (or locked) memory.

To call this function in kernel mode, use Cng.lib, which is part of the Driver Development Kit (DDK). Windows Server 2008 and Windows Vista:  To call this function in kernel mode, use Ksecdd.lib.

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps | UWP apps]
Minimum supported server Windows Server 2008 [desktop apps | UWP apps]
Target Platform Windows
Header bcrypt.h
Library Bcrypt.lib
DLL Bcrypt.dll