internal static int Decrypt(
SafeDeleteContext securityContext,
byte[] buffer,
int offset,
int count,
bool isConfidential,
bool isNtlm,
out int newOffset,
uint sequenceNumber)
{
if (offset < 0 || offset > (buffer == null ? 0 : buffer.Length))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt", "Argument 'offset' out of range.");
}
Debug.Fail("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt", "Argument 'offset' out of range.");
throw new ArgumentOutOfRangeException(nameof(offset));
}
if (count < 0 || count > (buffer == null ? 0 : buffer.Length - offset))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt", "Argument 'count' out of range.");
}
Debug.Fail("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt", "Argument 'count' out of range.");
throw new ArgumentOutOfRangeException(nameof(count));
}
if (isNtlm)
{
return(DecryptNtlm(securityContext, buffer, offset, count, isConfidential, out newOffset, sequenceNumber));
}
//
// Kerberos and up
//
var securityBuffer = new SecurityBuffer[2];
securityBuffer[0] = new SecurityBuffer(buffer, offset, count, SecurityBufferType.SECBUFFER_STREAM);
securityBuffer[1] = new SecurityBuffer(0, SecurityBufferType.SECBUFFER_DATA);
int errorCode;
if (isConfidential)
{
errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
else
{
errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("NTAuthentication#" + "::Decrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo));
}
throw new Win32Exception(errorCode);
}
if (securityBuffer[1].type != SecurityBufferType.SECBUFFER_DATA)
{
throw new InternalException();
}
newOffset = securityBuffer[1].offset;
return(securityBuffer[1].size);
}
// This method will be called by us when the IO completes synchronously and
// by the ThreadPool when the IO completes asynchronously. (only called on WinNT)
internal override object PostCompletion(int numBytes)
{
SocketError errorCode = (SocketError)ErrorCode;
Internals.SocketAddress remoteSocketAddress = null;
if (errorCode == SocketError.Success)
{
_localBytesTransferred = numBytes;
if (SocketsEventSource.Log.IsEnabled())
{
LogBuffer((long)numBytes);
}
// get the endpoint
remoteSocketAddress = IPEndPointExtensions.Serialize(_listenSocket._rightEndPoint);
IntPtr localAddr;
int localAddrLength;
IntPtr remoteAddr;
// set the socket context
try
{
_listenSocket.GetAcceptExSockaddrs(
Marshal.UnsafeAddrOfPinnedArrayElement(_buffer, 0),
_buffer.Length - (_addressBufferLength * 2),
_addressBufferLength,
_addressBufferLength,
out localAddr,
out localAddrLength,
out remoteAddr,
out remoteSocketAddress.InternalSize);
Marshal.Copy(remoteAddr, remoteSocketAddress.Buffer, 0, remoteSocketAddress.Size);
IntPtr handle = _listenSocket.SafeHandle.DangerousGetHandle();
errorCode = Interop.Winsock.setsockopt(
_acceptSocket.SafeHandle,
SocketOptionLevel.Socket,
SocketOptionName.UpdateAcceptContext,
ref handle,
Marshal.SizeOf(handle));
if (errorCode == SocketError.SocketError)
{
errorCode = (SocketError)Marshal.GetLastWin32Error();
}
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("AcceptOverlappedAsyncResult#" + LoggingHash.HashString(this) + "::PostCallback() setsockopt handle:" + handle.ToString() + " AcceptSocket:" + LoggingHash.HashString(_acceptSocket) + " itsHandle:" + _acceptSocket.SafeHandle.DangerousGetHandle().ToString() + " returns:" + errorCode.ToString());
}
}
catch (ObjectDisposedException)
{
errorCode = SocketError.OperationAborted;
}
ErrorCode = (int)errorCode;
}
if (errorCode != SocketError.Success)
{
return(null);
}
return(_listenSocket.UpdateAcceptSocket(_acceptSocket, _listenSocket._rightEndPoint.Create(remoteSocketAddress)));
}
internal static int Encrypt(
SafeDeleteContext securityContext,
byte[] buffer,
int offset,
int count,
bool isConfidential,
bool isNtlm,
ref byte[] output,
uint sequenceNumber)
{
SecPkgContext_Sizes sizes = SSPIWrapper.QueryContextAttributes(
GlobalSSPI.SSPIAuth,
securityContext,
Interop.SspiCli.ContextAttribute.SECPKG_ATTR_SIZES
) as SecPkgContext_Sizes;
try
{
int maxCount = checked (Int32.MaxValue - 4 - sizes.cbBlockSize - sizes.cbSecurityTrailer);
if (count > maxCount || count < 0)
{
throw new ArgumentOutOfRangeException(nameof(count), SR.Format(SR.net_io_out_range, maxCount));
}
}
catch (Exception e)
{
if (!ExceptionCheck.IsFatal(e))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Encrypt", "Arguments out of range.");
}
Debug.Fail("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Encrypt", "Arguments out of range.");
}
throw;
}
int resultSize = count + sizes.cbSecurityTrailer + sizes.cbBlockSize;
if (output == null || output.Length < resultSize + 4)
{
output = new byte[resultSize + 4];
}
// Make a copy of user data for in-place encryption.
Buffer.BlockCopy(buffer, offset, output, 4 + sizes.cbSecurityTrailer, count);
// Prepare buffers TOKEN(signature), DATA and Padding.
var securityBuffer = new SecurityBuffer[3];
securityBuffer[0] = new SecurityBuffer(output, 4, sizes.cbSecurityTrailer, SecurityBufferType.SECBUFFER_TOKEN);
securityBuffer[1] = new SecurityBuffer(output, 4 + sizes.cbSecurityTrailer, count, SecurityBufferType.SECBUFFER_DATA);
securityBuffer[2] = new SecurityBuffer(output, 4 + sizes.cbSecurityTrailer + count, sizes.cbBlockSize, SecurityBufferType.SECBUFFER_PADDING);
int errorCode;
if (isConfidential)
{
errorCode = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber);
}
else
{
if (isNtlm)
{
securityBuffer[1].type |= SecurityBufferType.SECBUFFER_READONLY;
}
errorCode = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, 0);
}
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Encrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo));
}
throw new Win32Exception(errorCode);
}
// Compacting the result.
resultSize = securityBuffer[0].size;
bool forceCopy = false;
if (resultSize != sizes.cbSecurityTrailer)
{
forceCopy = true;
Buffer.BlockCopy(output, securityBuffer[1].offset, output, 4 + resultSize, securityBuffer[1].size);
}
resultSize += securityBuffer[1].size;
if (securityBuffer[2].size != 0 && (forceCopy || resultSize != (count + sizes.cbSecurityTrailer)))
{
Buffer.BlockCopy(output, securityBuffer[2].offset, output, 4 + resultSize, securityBuffer[2].size);
}
resultSize += securityBuffer[2].size;
unchecked
{
output[0] = (byte)((resultSize) & 0xFF);
output[1] = (byte)(((resultSize) >> 8) & 0xFF);
output[2] = (byte)(((resultSize) >> 16) & 0xFF);
output[3] = (byte)(((resultSize) >> 24) & 0xFF);
}
return(resultSize + 4);
}
private void LogBuffer(long size)
{
if (!SocketsEventSource.Log.IsEnabled() && GlobalLog.IsEnabled)
{
GlobalLog.AssertFormat("AcceptOverlappedAsyncResult#{0}::LogBuffer()|Logging is off!", LoggingHash.HashString(this));
}
IntPtr pinnedBuffer = Marshal.UnsafeAddrOfPinnedArrayElement(_buffer, 0);
if (pinnedBuffer != IntPtr.Zero)
{
if (size > -1)
{
SocketsEventSource.Dump(SocketsEventSource.MethodType.PostCompletion, pinnedBuffer, (int)Math.Min(size, (long)_buffer.Length));
}
else
{
SocketsEventSource.Dump(SocketsEventSource.MethodType.PostCompletion, pinnedBuffer, (int)_buffer.Length);
}
}
}
public unsafe SafeNativeOverlapped(SafeCloseSocket socketHandle, NativeOverlapped *handle)
: this((IntPtr)handle)
{
_safeCloseSocket = socketHandle;
GlobalLog.Print("SafeNativeOverlapped#" + LoggingHash.HashString(this) + "::ctor(socket#" + LoggingHash.HashString(socketHandle) + ")");
#if DEBUG
_safeCloseSocket.AddRef();
#endif
}
protected SafeNativeOverlapped()
: this(IntPtr.Zero)
{
GlobalLog.Print("SafeNativeOverlapped#" + LoggingHash.HashString(this) + "::ctor(null)");
}
private void LogSendError(HttpRequestMessage request, CancellationTokenSource cancellationTokenSource,
string method, Exception e)
{
Debug.Assert(request != null);
if (cancellationTokenSource.IsCancellationRequested)
{
if (NetEventSource.Log.IsEnabled())
{
NetEventSource.PrintError(NetEventSource.ComponentType.Http, this, method, string.Format(System.Globalization.CultureInfo.InvariantCulture, SR.net_http_client_send_canceled, LoggingHash.GetObjectLogHash(request)));
}
}
else
{
Debug.Assert(e != null);
if (NetEventSource.Log.IsEnabled())
{
NetEventSource.PrintError(NetEventSource.ComponentType.Http, this, method, string.Format(System.Globalization.CultureInfo.InvariantCulture, SR.net_http_client_send_error, LoggingHash.GetObjectLogHash(request), e));
}
}
}
public static unsafe SecurityStatusPal EncryptMessage(SafeDeleteContext securityContext, byte[] input, int offset, int size, int headerSize, int trailerSize, ref byte[] output, out int resultSize)
{
// Ensure that there is sufficient space for the message output.
int bufferSizeNeeded;
try
{
bufferSizeNeeded = checked (size + headerSize + trailerSize);
}
catch
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("SslStreamPal.Windows: SecureChannel#" + LoggingHash.HashString(securityContext) + "::Encrypt", "Arguments out of range.");
}
Debug.Fail("SslStreamPal.Windows: SecureChannel#" + LoggingHash.HashString(securityContext) + "::Encrypt", "Arguments out of range.");
throw;
}
if (output == null || output.Length < bufferSizeNeeded)
{
output = new byte[bufferSizeNeeded];
}
// Copy the input into the output buffer to prepare for SCHANNEL's expectations
Buffer.BlockCopy(input, offset, output, headerSize, size);
const int NumSecBuffers = 4; // header + data + trailer + empty
var unmanagedBuffer = stackalloc Interop.SspiCli.SecBuffer[NumSecBuffers];
var sdcInOut = new Interop.SspiCli.SecBufferDesc(NumSecBuffers);
sdcInOut.pBuffers = unmanagedBuffer;
fixed(byte *outputPtr = output)
{
Interop.SspiCli.SecBuffer *headerSecBuffer = &unmanagedBuffer[0];
headerSecBuffer->BufferType = SecurityBufferType.SECBUFFER_STREAM_HEADER;
headerSecBuffer->pvBuffer = (IntPtr)outputPtr;
headerSecBuffer->cbBuffer = headerSize;
Interop.SspiCli.SecBuffer *dataSecBuffer = &unmanagedBuffer[1];
dataSecBuffer->BufferType = SecurityBufferType.SECBUFFER_DATA;
dataSecBuffer->pvBuffer = (IntPtr)(outputPtr + headerSize);
dataSecBuffer->cbBuffer = size;
Interop.SspiCli.SecBuffer *trailerSecBuffer = &unmanagedBuffer[2];
trailerSecBuffer->BufferType = SecurityBufferType.SECBUFFER_STREAM_TRAILER;
trailerSecBuffer->pvBuffer = (IntPtr)(outputPtr + headerSize + size);
trailerSecBuffer->cbBuffer = trailerSize;
Interop.SspiCli.SecBuffer *emptySecBuffer = &unmanagedBuffer[3];
emptySecBuffer->BufferType = SecurityBufferType.SECBUFFER_EMPTY;
emptySecBuffer->cbBuffer = 0;
emptySecBuffer->pvBuffer = IntPtr.Zero;
int errorCode = GlobalSSPI.SSPISecureChannel.EncryptMessage(securityContext, sdcInOut, 0);
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("SslStreamPal.Windows: SecureChannel#" + LoggingHash.HashString(securityContext) + "::Encrypt ERROR" + errorCode.ToString("x"));
}
resultSize = 0;
return(SecurityStatusAdapterPal.GetSecurityStatusPalFromNativeInt(errorCode));
}
Debug.Assert(headerSecBuffer->cbBuffer >= 0 && dataSecBuffer->cbBuffer >= 0 && trailerSecBuffer->cbBuffer >= 0);
Debug.Assert(checked (headerSecBuffer->cbBuffer + dataSecBuffer->cbBuffer + trailerSecBuffer->cbBuffer) <= output.Length);
resultSize = checked (headerSecBuffer->cbBuffer + dataSecBuffer->cbBuffer + trailerSecBuffer->cbBuffer);
return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK));
}
}
