KspVerifySignatureFn callback function (ntsecpkg.h)

Article
10/13/2021

Verifies that the message received is correct according to the signature.

The SpVerifySignature function is the dispatch function for the VerifySignature function of the Security Support Provider Interface.

Syntax

KspVerifySignatureFn Kspverifysignaturefn;

NTSTATUS Kspverifysignaturefn(
        LSA_SEC_HANDLE ContextId,
  [in]  PSecBufferDesc Message,
  [in]  ULONG MessageSeqNo,
  [out] PULONG pfQOP
)
{...}

Parameters

ContextId

[in] Message

Pointer to a SecBufferDesc structure containing the message to verify.

[in] MessageSeqNo

Sequence number to assign to the message. Sequence numbers are optional and are used as protection against loss and insertion of messages. A value of zero indicates that sequence numbers are not in use.

[out] pfQOP

Pointer to package-specific flags that indicate the quality of protection.

Return value

If the function succeeds, return STATUS_SUCCESS.

If the function fails, return an NTSTATUS code that indicates the reason it failed. The following table lists a common reason for failure and the error code that the function should return.

Return code	Description
SEC_E_INVALID_HANDLE	The handle is not valid.

Remarks

The signature verified by the SpVerifySignature function is created by the SpMakeSignature function, used by a message sender.

SSP/APs must implement the SpVerifySignature function; however, the actual name given to the implementation is up to the developer.

A pointer to the SpVerifySignature function is available in the SECPKG_USER_FUNCTION_TABLE structure received from the SpUserModeInitialize function.

Requirements

Requirement	Value
Minimum supported client	Windows XP [desktop apps only]
Minimum supported server	Windows Server 2003 [desktop apps only]
Target Platform	Windows
Header	ntsecpkg.h