private byte[] UnprotectPDU(byte[] header, byte[] stub_data, AuthData auth_data)
{
List <SecurityBuffer> buffers = new List <SecurityBuffer>();
buffers.Add(new SecurityBufferInOut(SecurityBufferType.Data | SecurityBufferType.ReadOnly, header));
var stub_data_buffer = new SecurityBufferInOut(SecurityBufferType.Data, stub_data);
buffers.Add(stub_data_buffer);
byte[] signature = auth_data.Data;
auth_data.Data = new byte[0];
MemoryStream stm = new MemoryStream();
BinaryWriter writer = new BinaryWriter(stm);
auth_data.Write(writer, auth_data.Padding);
buffers.Add(new SecurityBufferInOut(SecurityBufferType.Data | SecurityBufferType.ReadOnly, stm.ToArray()));
if (_transport_security.AuthenticationLevel == RpcAuthenticationLevel.PacketIntegrity)
{
if (!_auth_context.VerifySignature(buffers, signature, _recv_sequence_no))
{
throw new RpcTransportException("Invalid response PDU signature.");
}
}
else
{
_auth_context.DecryptMessage(buffers, signature, _recv_sequence_no);
stub_data = stub_data_buffer.ToArray();
}
Array.Resize(ref stub_data, stub_data.Length - auth_data.Padding);
return(stub_data);
}
internal byte[] ProtectPDU(byte[] header, ref byte[] stub_data, int auth_padding_length, int send_sequence_no)
{
List <SecurityBuffer> buffers = new List <SecurityBuffer>();
buffers.Add(new SecurityBufferInOut(SecurityBufferType.Data | SecurityBufferType.ReadOnly, header));
var stub_data_buffer = new SecurityBufferInOut(SecurityBufferType.Data, stub_data);
buffers.Add(stub_data_buffer);
buffers.Add(new SecurityBufferInOut(SecurityBufferType.Data | SecurityBufferType.ReadOnly,
AuthData.ToArray(TransportSecurity, auth_padding_length, ContextId, new byte[0])));
byte[] signature = new byte[0];
if (TransportSecurity.AuthenticationLevel == RpcAuthenticationLevel.PacketIntegrity)
{
signature = AuthContext.MakeSignature(buffers, send_sequence_no);
}
else if (TransportSecurity.AuthenticationLevel == RpcAuthenticationLevel.PacketPrivacy)
{
signature = AuthContext.EncryptMessage(buffers, SecurityQualityOfProtectionFlags.None, send_sequence_no);
stub_data = stub_data_buffer.ToArray();
RpcUtils.DumpBuffer(true, "Send Encrypted Data", stub_data);
}
if (signature.Length > 0)
{
RpcUtils.DumpBuffer(true, "Send Signature Data", signature);
}
return(AuthData.ToArray(TransportSecurity, auth_padding_length, ContextId, signature));
}
private byte[] ProtectPDU(byte[] header, ref byte[] stub_data, int auth_padding_length)
{
List <SecurityBuffer> buffers = new List <SecurityBuffer>();
if (_negotiated_auth_type != RpcAuthenticationType.Kerberos)
{
buffers.Add(new SecurityBufferInOut(SecurityBufferType.Data | SecurityBufferType.ReadOnlyWithChecksum, header));
}
var stub_data_buffer = new SecurityBufferInOut(SecurityBufferType.Data, stub_data);
buffers.Add(stub_data_buffer);
if (_negotiated_auth_type != RpcAuthenticationType.Kerberos)
{
buffers.Add(new SecurityBufferInOut(SecurityBufferType.Data | SecurityBufferType.ReadOnlyWithChecksum,
AuthData.ToArray(_transport_security, auth_padding_length, 0, new byte[0])));
}
byte[] signature;
if (_transport_security.AuthenticationLevel == RpcAuthenticationLevel.PacketIntegrity)
{
signature = _auth_context.MakeSignature(buffers, _send_sequence_no);
}
else
{
signature = _auth_context.EncryptMessage(buffers, SecurityQualityOfProtectionFlags.None, _send_sequence_no);
stub_data = stub_data_buffer.ToArray();
RpcUtils.DumpBuffer(true, "Send Encrypted Data", stub_data);
}
RpcUtils.DumpBuffer(true, "Send Signature Data", signature);
return(AuthData.ToArray(_transport_security, auth_padding_length, 0, signature));
}
internal static byte[] DecryptMessage(
SecHandle context,
EncryptedMessage message,
int sequence_no)
{
SecurityBuffer buffer = new SecurityBufferInOut(SecurityBufferType.Data, message.Message);
DecryptMessage(context, new[] { buffer }, message.Signature, sequence_no);
return(buffer.ToArray());
}
internal static EncryptedMessage EncryptMessage(
SecHandle context,
SecQopFlags flags,
byte[] message,
int sequence_no)
{
SecurityBuffer buffer = new SecurityBufferInOut(SecurityBufferType.Data, message);
var signature = EncryptMessage(context, flags, new[] { buffer }, sequence_no);
return(new EncryptedMessage(buffer.ToArray(), signature));
}
internal static byte[] DecryptMessage(
SecHandle context,
EncryptedMessage message,
int sequence_no)
{
if (message is null)
{
throw new ArgumentNullException(nameof(message));
}
SecurityBuffer buffer = new SecurityBufferInOut(SecurityBufferType.Data, message.Message);
DecryptMessage(context, new[] { buffer }, message.Signature, sequence_no);
return(buffer.ToArray());
}
internal static EncryptedMessage EncryptMessage(
SecHandle context,
SecurityQualityOfProtectionFlags flags,
byte[] message,
int sequence_no)
{
if (message is null)
{
throw new ArgumentNullException(nameof(message));
}
SecurityBuffer buffer = new SecurityBufferInOut(SecurityBufferType.Data, message);
var signature = EncryptMessage(context, flags, new[] { buffer }, sequence_no);
return(new EncryptedMessage(buffer.ToArray(), signature));
}
