You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: sdk-api-src/content/bcrypt/nf-bcrypt-bcryptderivekey.md
+11Lines changed: 11 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -442,6 +442,14 @@ The call to the KDF is made as shown in the following pseudocode.
442
442
KDF_SUPPPRIVINFO)</code></pre>
443
443
<b>Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: </b>This value is not supported.
444
444
445
+
#### BCRYPT_KDF_RAW_SECRET (L"TRUNCATE")
446
+
447
+
Returns the little-endian representation of the raw secret without any modification.
448
+
449
+
If the <i>cbDerivedKey</i> parameter is less than the size of the derived key, this function will only copy the specified number of bytes to the <i>pbDerivedKey</i> buffer. If the <i>cbDerivedKey</i> parameter is greater than the size of the derived key, this function will copy the key to the <i>pbDerivedKey</i> buffer and set the variable pointed to by the <i>pcbResult</i> to the actual number of bytes copied.
450
+
451
+
<b>Windows 8, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: </b>This value is not supported.
If the <i>pwszKDF</i> parameter is set to <b>BCRYPT_KDF_RAW_SECRET</b>, The returned secret (unlike the other <i>pwszKDF</i> values) will be encoded in little-endian format. It is important to take note of this when using the raw secret in any other CNG functions, as most of them take in big-endian encoded inputs.
602
+
592
603
Depending on what processor modes a provider supports, <b>BCryptDeriveKey</b> can be called either from user mode or kernel mode. Kernel mode callers can execute either at <b>PASSIVE_LEVEL</b> <a href="https://docs.microsoft.com/windows/desktop/SecGloss/i-gly">IRQL</a> or <b>DISPATCH_LEVEL</b> IRQL. If the current IRQL level is <b>DISPATCH_LEVEL</b>, the handle provided in the <i>hSharedSecret</i> parameter must be located in nonpaged (or locked) memory and must be derived from an algorithm handle returned by a provider that was opened by using the <b>BCRYPT_PROV_DISPATCH</b> flag.
593
604
594
605
To call this function in kernel mode, use Cng.lib, which is part of the Driver Development Kit (DDK). <b>Windows Server 2008 and Windows Vista: </b>To call this function in kernel mode, use Ksecdd.lib.
0 commit comments