TokenBindingVerifyMessage function

Validates the token binding message and verifies the token bindings that the message contains.

Syntax


SECURITY_STATUS WINAPI TokenBindingVerifyMessage(
  _In_  const void                     *tokenBindingMessage,
  _In_        DWORD                    tokenBindingMessageSize,
  _In_        PCWSTR                   keyType,
  _In_  const void                     *tlsUnique,
  _In_        DWORD                    tlsUniqueSize,
  _Out_       TOKENBINDING_RESULT_LIST **resultList
);

Parameters

tokenBindingMessage [in]

A pointer to the buffer that contains the token binding message.

tokenBindingMessageSize [in]

The size of the buffer that the tokenBindingMessage parameter points to, in bytes.

keyType [in]

The negotiated key algorithm to use. Use a value from the list of key types that you retrieved by calling the TokenBindingGetKeyTypesServer function.

tlsUnique [in]

A pointer to a buffer that contains unique data.

tlsUniqueSize [in]

The size of the buffer that the tlsUnique parameter points to, in bytes.

resultList [out]

A pointer that receives the address for the buffer that contains the results for each of the token bindings that TokenBindingVerifyMessage verifies.

In user mode, use HeapAlloc to allocate the memory for the buffer, and HeapFree to free that memory. In kernel mode, use ExAllocatePoolWithTag to allocate the memory for the buffer, and ExFreePool to free that memory.

Return value

Returns a status code that indicates the success or failure of the function.

Remarks

You can call TokenBindingVerifyMessage from both user mode and kernel mode. o call this function in kernel mode, link to Ksecdd.sys, and use the functions mentioned in the description for the resultList parameter for allocating and freeing memory.

Requirements

Minimum supported client

Windows 10 [desktop apps only]

Minimum supported server

Windows Server 2016 [desktop apps only]

Header

Tokenbinding.h

Library

Tokenbinding.lib

DLL

Tokenbinding.dll (user mode);
Ksecdd.sys (kernel mode)

See also

TokenBindingGenerateMessage
TokenBindingGetKeyTypesServer
TOKENBINDING_RESULT_LIST
ExAllocatePoolWithTag
ExFreePool

 

 

Show: