Code Integrity
© 2015 Microsoft. All Rights Reserved
Page 13 of 22
This Security Policy is nonproprietary and may be reproduced only in its original entirety (without revision).
4 PortsandInterfaces
4.1 CodeIntegrityexportfunctions
The following list contains all the functions exported by Code Integrity to its callers. Note that Code
Integrity is not callable outside the kernel. They are explained further in the subsequent subsections.
CiInitialize()
CiValidateImageHeader()
CiValidateImageData()
CiQueryInformation()
CiQueryImageSignature()
CiImportRoots()
CiGetFileCache()
CiSetFileCache()
CiHashMemorySha256()
CiGetPEInformation()
CiVerifyHashInCatalog()
CiCheckSignedFile()
CiFindPageHashesInCatalog()
CiFindPageHashesInSignedFile()
CiFreePolicyInfo()
4.1.1 CiInitialize()
CiInitialize() is the function exported by Code Integrity for initializing the image file integrity validation
capability of Code Integrity.
As the poweron (startup) function of Code Integrity, CiInitialize() conducts the following poweron
(startup) selftests.
SHS (SHA1) Known Answer Test
SHS (SHA256) Known Answer Test
SHS (SHA512) Known Answer Test
RSA verify using a verify test with a Known Signatures of the PKCS#1 v1.5 format:
o
RSA signature with 1024bit key and SHA1 message digest
o
RSA signature with 2048bit key and SHA256 message digest
If a selftest fails, CiInitialize() returns STATUS_INVALID_IMAGE_HASH. On the other hand, after the
successful initialization, CiInitialize() returns a callback structure consisting of the following functions. A
caller subsequently can use these functions to obtain the image file integrity validation service from
Code Integrity.
CiValidateImageHeader()
CiValidateImageData()
CiQueryInformation()
CiQueryImageSignature()
CiImportRoots()