TokenBindingVerifyMessage function
Validates the token binding message and verifies the token bindings that the message contains.
Syntax
SECURITY_STATUS WINAPI TokenBindingVerifyMessage( _In_ const void *tokenBindingMessage, _In_ DWORD tokenBindingMessageSize, _In_ PCWSTR keyType, _In_ const void *tlsUnique, _In_ DWORD tlsUniqueSize, _Out_ TOKENBINDING_RESULT_LIST **resultList );
Parameters
- tokenBindingMessage [in]
-
A pointer to the buffer that contains the token binding message.
- tokenBindingMessageSize [in]
-
The size of the buffer that the tokenBindingMessage parameter points to, in bytes.
- keyType [in]
-
The negotiated key algorithm to use. Use a value from the list of key types that you retrieved by calling the TokenBindingGetKeyTypesServer function.
- tlsUnique [in]
-
A pointer to a buffer that contains unique data.
- tlsUniqueSize [in]
-
The size of the buffer that the tlsUnique parameter points to, in bytes.
- resultList [out]
-
A pointer that receives the address for the buffer that contains the results for each of the token bindings that TokenBindingVerifyMessage verifies.
In user mode, use HeapAlloc to allocate the memory for the buffer, and HeapFree to free that memory. In kernel mode, use ExAllocatePoolWithTag to allocate the memory for the buffer, and ExFreePool to free that memory.
Return value
Returns a status code that indicates the success or failure of the function.
Remarks
You can call TokenBindingVerifyMessage from both user mode and kernel mode. o call this function in kernel mode, link to Ksecdd.sys, and use the functions mentioned in the description for the resultList parameter for allocating and freeing memory.
Requirements
|
Minimum supported client |
Windows 10 [desktop apps only] |
|---|---|
|
Minimum supported server |
Windows Server 2016 [desktop apps only] |
|
Header |
|
|
Library |
|
|
DLL |
|
See also
- TokenBindingGenerateMessage
- TokenBindingGetKeyTypesServer
- TOKENBINDING_RESULT_LIST
- ExAllocatePoolWithTag
- ExFreePool