TokenBindingVerifyMessage function (tokenbinding.h)
Validates the token binding message and verifies the token bindings that the message contains.
Syntax
SECURITY_STATUS TokenBindingVerifyMessage(
[in] const void *tokenBindingMessage,
[in] DWORD tokenBindingMessageSize,
[in] TOKENBINDING_KEY_PARAMETERS_TYPE keyType,
[in] const void *tlsEKM,
[in] DWORD tlsEKMSize,
[out] TOKENBINDING_RESULT_LIST **resultList
);
Parameters
[in] tokenBindingMessage
A pointer to the buffer that contains the token binding message.
[in] tokenBindingMessageSize
The size of the buffer that the tokenBindingMessage parameter points to, in bytes.
[in] keyType
The negotiated key algorithm to use. Use a value from the list of key types that you retrieved by calling the TokenBindingGetKeyTypesServer function.
[in] tlsEKM
A pointer to a buffer that contains unique data.
[in] tlsEKMSize
The size of the buffer that the tlsUnique parameter points to, in bytes.
[out] resultList
A pointer that receives the address for the buffer that contains the results for each of the token bindings that TokenBindingVerifyMessage verifies.
In user mode, use HeapAlloc to allocate the memory for the buffer, and HeapFree to free that memory. In kernel mode, use ExAllocatePoolWithTag to allocate the memory for the buffer, and ExFreePool to free that memory.
Return value
Returns a status code that indicates the success or failure of the function.
Remarks
You can call TokenBindingVerifyMessage from both user mode and kernel mode. o call this function in kernel mode, link to Ksecdd.sys, and use the functions mentioned in the description for the resultList parameter for allocating and freeing memory.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 10 [desktop apps only] |
| Minimum supported server | Windows Server 2016 [desktop apps only] |
| Target Platform | Windows |
| Header | tokenbinding.h |
| Library | Tokenbinding.lib |
| DLL | Tokenbinding.dll (user mode); Ksecdd.sys (kernel mode) |