internal int MakeSignature(byte[] buffer, int offset, int count, ref byte[] output)
{
SecSizes sizes = this.Sizes;
int num = count + sizes.MaxSignature;
if ((output == null) || (output.Length < num))
{
output = new byte[num];
}
Buffer.BlockCopy(buffer, offset, output, sizes.MaxSignature, count);
SecurityBuffer[] input = new SecurityBuffer[] { new SecurityBuffer(output, 0, sizes.MaxSignature, BufferType.Token), new SecurityBuffer(output, sizes.MaxSignature, count, BufferType.Data) };
int error = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, 0);
if (error != 0)
{
throw new Win32Exception(error);
}
return(input[0].size + input[1].size);
}
public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.Secur32.ContextAttribute contextAttribute, out int errorCode)
{
GlobalLog.Enter("QueryContextAttributes", contextAttribute.ToString());
int nativeBlockSize = IntPtr.Size;
Type handleType = null;
switch (contextAttribute)
{
case Interop.Secur32.ContextAttribute.Sizes:
nativeBlockSize = SecSizes.SizeOf;
break;
case Interop.Secur32.ContextAttribute.StreamSizes:
nativeBlockSize = StreamSizes.SizeOf;
break;
case Interop.Secur32.ContextAttribute.Names:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.PackageInfo:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.NegotiationInfo:
handleType = typeof(SafeFreeContextBuffer);
nativeBlockSize = Marshal.SizeOf<NegotiationInfo>();
break;
case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.RemoteCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.Secur32.ContextAttribute.LocalCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
nativeBlockSize = Marshal.SizeOf<Interop.Secur32.IssuerListInfoEx>();
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.ConnectionInfo:
nativeBlockSize = Marshal.SizeOf<SslConnectionInfo>();
break;
default:
throw new ArgumentException(SR.Format(SR.net_invalid_enum, "ContextAttribute"), "contextAttribute");
}
SafeHandle sspiHandle = null;
object attribute = null;
try
{
byte[] nativeBuffer = new byte[nativeBlockSize];
errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle);
if (errorCode != 0)
{
GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode));
return null;
}
switch (contextAttribute)
{
case Interop.Secur32.ContextAttribute.Sizes:
attribute = new SecSizes(nativeBuffer);
break;
case Interop.Secur32.ContextAttribute.StreamSizes:
attribute = new StreamSizes(nativeBuffer);
break;
case Interop.Secur32.ContextAttribute.Names:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.Secur32.ContextAttribute.PackageInfo:
attribute = new SecurityPackageInfoClass(sspiHandle, 0);
break;
case Interop.Secur32.ContextAttribute.NegotiationInfo:
unsafe
{
fixed (void* ptr = nativeBuffer)
{
attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest));
}
}
break;
case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.Secur32.ContextAttribute.LocalCertificate:
// Fall-through to RemoteCertificate is intentional.
case Interop.Secur32.ContextAttribute.RemoteCertificate:
attribute = sspiHandle;
sspiHandle = null;
break;
case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
attribute = new Interop.Secur32.IssuerListInfoEx(sspiHandle, nativeBuffer);
sspiHandle = null;
break;
case Interop.Secur32.ContextAttribute.ConnectionInfo:
attribute = new SslConnectionInfo(nativeBuffer);
break;
default:
// Will return null.
break;
}
}
finally
{
if (sspiHandle != null)
{
sspiHandle.Dispose();
}
}
GlobalLog.Leave("QueryContextAttributes", LoggingHash.ObjectToString(attribute));
return attribute;
}
private object QueryContextAttributes(SafeDeleteContext securityContext, Interop.Secur32.ContextAttribute contextAttribute, out int errorCode)
{
GlobalLog.Enter("QueryContextAttributes", contextAttribute.ToString());
int nativeBlockSize = IntPtr.Size;
Type handleType = null;
switch (contextAttribute)
{
case Interop.Secur32.ContextAttribute.Sizes:
nativeBlockSize = SecSizes.SizeOf;
break;
case Interop.Secur32.ContextAttribute.StreamSizes:
nativeBlockSize = StreamSizes.SizeOf;
break;
case Interop.Secur32.ContextAttribute.Names:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.PackageInfo:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.NegotiationInfo:
handleType = typeof(SafeFreeContextBuffer);
nativeBlockSize = Marshal.SizeOf <NegotiationInfo>();
break;
case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.RemoteCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.Secur32.ContextAttribute.LocalCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
nativeBlockSize = Marshal.SizeOf <Interop.Secur32.IssuerListInfoEx>();
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.Secur32.ContextAttribute.ConnectionInfo:
nativeBlockSize = Marshal.SizeOf <SslConnectionInfo>();
break;
default:
throw new ArgumentException(SR.Format(SR.net_invalid_enum, "ContextAttribute"), "contextAttribute");
}
SafeHandle SspiHandle = null;
object attribute = null;
try
{
byte[] nativeBuffer = new byte[nativeBlockSize];
errorCode = QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out SspiHandle);
if (errorCode != 0)
{
GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode));
return(null);
}
switch (contextAttribute)
{
case Interop.Secur32.ContextAttribute.Sizes:
attribute = new SecSizes(nativeBuffer);
break;
case Interop.Secur32.ContextAttribute.StreamSizes:
attribute = new StreamSizes(nativeBuffer);
break;
case Interop.Secur32.ContextAttribute.Names:
attribute = Marshal.PtrToStringUni(SspiHandle.DangerousGetHandle());
break;
case Interop.Secur32.ContextAttribute.PackageInfo:
attribute = new SecurityPackageInfoClass(SspiHandle, 0);
break;
case Interop.Secur32.ContextAttribute.NegotiationInfo:
unsafe
{
fixed(void *ptr = nativeBuffer)
{
attribute = new NegotiationInfoClass(SspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest));
}
}
break;
case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn:
attribute = Marshal.PtrToStringUni(SspiHandle.DangerousGetHandle());
break;
case Interop.Secur32.ContextAttribute.LocalCertificate:
goto case Interop.Secur32.ContextAttribute.RemoteCertificate;
case Interop.Secur32.ContextAttribute.RemoteCertificate:
attribute = SspiHandle;
SspiHandle = null;
break;
case Interop.Secur32.ContextAttribute.IssuerListInfoEx:
attribute = new Interop.Secur32.IssuerListInfoEx(SspiHandle, nativeBuffer);
SspiHandle = null;
break;
case Interop.Secur32.ContextAttribute.ConnectionInfo:
attribute = new SslConnectionInfo(nativeBuffer);
break;
default:
// Will return null.
break;
}
}
finally
{
if (SspiHandle != null)
{
SspiHandle.Dispose();
}
}
GlobalLog.Leave("QueryContextAttributes", Logging.ObjectToString(attribute));
return(attribute);
}
internal int Encrypt(byte[] buffer, int offset, int count, ref byte[] output, uint sequenceNumber)
{
SecSizes sizes = Sizes;
try
{
int maxCount = checked (Int32.MaxValue - 4 - sizes.BlockSize - sizes.SecurityTrailer);
if (count > maxCount || count < 0)
{
throw new ArgumentOutOfRangeException("count", SR.Format(SR.net_io_out_range, maxCount));
}
}
catch (Exception e)
{
if (!ExceptionCheck.IsFatal(e) && GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(this) + "::Encrypt", "Arguments out of range.");
}
throw;
}
int resultSize = count + sizes.SecurityTrailer + sizes.BlockSize;
if (output == null || output.Length < resultSize + 4)
{
output = new byte[resultSize + 4];
}
// Make a copy of user data for in-place encryption.
Buffer.BlockCopy(buffer, offset, output, 4 + sizes.SecurityTrailer, count);
// Prepare buffers TOKEN(signature), DATA and Padding.
var securityBuffer = new SecurityBuffer[3];
securityBuffer[0] = new SecurityBuffer(output, 4, sizes.SecurityTrailer, SecurityBufferType.Token);
securityBuffer[1] = new SecurityBuffer(output, 4 + sizes.SecurityTrailer, count, SecurityBufferType.Data);
securityBuffer[2] = new SecurityBuffer(output, 4 + sizes.SecurityTrailer + count, sizes.BlockSize, SecurityBufferType.Padding);
int errorCode;
if (IsConfidentialityFlag)
{
errorCode = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, sequenceNumber);
}
else
{
if (IsNTLM)
{
securityBuffer[1].type |= SecurityBufferType.ReadOnlyFlag;
}
errorCode = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, 0);
}
if (errorCode != 0)
{
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::Encrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo));
throw new Win32Exception(errorCode);
}
// Compacting the result.
resultSize = securityBuffer[0].size;
bool forceCopy = false;
if (resultSize != sizes.SecurityTrailer)
{
forceCopy = true;
Buffer.BlockCopy(output, securityBuffer[1].offset, output, 4 + resultSize, securityBuffer[1].size);
}
resultSize += securityBuffer[1].size;
if (securityBuffer[2].size != 0 && (forceCopy || resultSize != (count + sizes.SecurityTrailer)))
{
Buffer.BlockCopy(output, securityBuffer[2].offset, output, 4 + resultSize, securityBuffer[2].size);
}
resultSize += securityBuffer[2].size;
unchecked
{
output[0] = (byte)((resultSize) & 0xFF);
output[1] = (byte)(((resultSize) >> 8) & 0xFF);
output[2] = (byte)(((resultSize) >> 16) & 0xFF);
output[3] = (byte)(((resultSize) >> 24) & 0xFF);
}
return(resultSize + 4);
}
public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.SspiCli.ContextAttribute contextAttribute, out int errorCode)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Enter(nameof(QueryContextAttributes), contextAttribute.ToString());
}
int nativeBlockSize = IntPtr.Size;
Type handleType = null;
switch (contextAttribute)
{
case Interop.SspiCli.ContextAttribute.Sizes:
nativeBlockSize = SecSizes.SizeOf;
break;
case Interop.SspiCli.ContextAttribute.StreamSizes:
nativeBlockSize = StreamSizes.SizeOf;
break;
case Interop.SspiCli.ContextAttribute.Names:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.PackageInfo:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.NegotiationInfo:
handleType = typeof(SafeFreeContextBuffer);
nativeBlockSize = Marshal.SizeOf <NegotiationInfo>();
break;
case Interop.SspiCli.ContextAttribute.ClientSpecifiedSpn:
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.RemoteCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.SspiCli.ContextAttribute.LocalCertificate:
handleType = typeof(SafeFreeCertContext);
break;
case Interop.SspiCli.ContextAttribute.IssuerListInfoEx:
nativeBlockSize = Marshal.SizeOf <Interop.SspiCli.IssuerListInfoEx>();
handleType = typeof(SafeFreeContextBuffer);
break;
case Interop.SspiCli.ContextAttribute.ConnectionInfo:
nativeBlockSize = Marshal.SizeOf <SslConnectionInfo>();
break;
default:
throw new ArgumentException(SR.Format(SR.net_invalid_enum, nameof(contextAttribute)), nameof(contextAttribute));
}
SafeHandle sspiHandle = null;
object attribute = null;
try
{
var nativeBuffer = new byte[nativeBlockSize];
errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle);
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode));
}
return(null);
}
switch (contextAttribute)
{
case Interop.SspiCli.ContextAttribute.Sizes:
attribute = new SecSizes(nativeBuffer);
break;
case Interop.SspiCli.ContextAttribute.StreamSizes:
attribute = new StreamSizes(nativeBuffer);
break;
case Interop.SspiCli.ContextAttribute.Names:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.SspiCli.ContextAttribute.PackageInfo:
attribute = new SecurityPackageInfoClass(sspiHandle, 0);
break;
case Interop.SspiCli.ContextAttribute.NegotiationInfo:
unsafe
{
fixed(void *ptr = nativeBuffer)
{
attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest));
}
}
break;
case Interop.SspiCli.ContextAttribute.ClientSpecifiedSpn:
attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle());
break;
case Interop.SspiCli.ContextAttribute.LocalCertificate:
// Fall-through to RemoteCertificate is intentional.
case Interop.SspiCli.ContextAttribute.RemoteCertificate:
attribute = sspiHandle;
sspiHandle = null;
break;
case Interop.SspiCli.ContextAttribute.IssuerListInfoEx:
attribute = new Interop.SspiCli.IssuerListInfoEx(sspiHandle, nativeBuffer);
sspiHandle = null;
break;
case Interop.SspiCli.ContextAttribute.ConnectionInfo:
attribute = new SslConnectionInfo(nativeBuffer);
break;
default:
// Will return null.
break;
}
}
finally
{
if (sspiHandle != null)
{
sspiHandle.Dispose();
}
}
if (GlobalLog.IsEnabled)
{
GlobalLog.Leave(nameof(QueryContextAttributes), LoggingHash.ObjectToString(attribute));
}
return(attribute);
}
internal int Encrypt(byte[] buffer, int offset, int count, ref byte[] output, uint sequenceNumber)
{
int num3;
SecSizes sizes = this.Sizes;
try
{
int num = (0x7ffffffb - sizes.BlockSize) - sizes.SecurityTrailer;
if ((count > num) || (count < 0))
{
throw new ArgumentOutOfRangeException("count", SR.GetString("net_io_out_range", new object[] { num }));
}
}
catch (Exception exception)
{
NclUtilities.IsFatal(exception);
throw;
}
int size = (count + sizes.SecurityTrailer) + sizes.BlockSize;
if ((output == null) || (output.Length < (size + 4)))
{
output = new byte[size + 4];
}
Buffer.BlockCopy(buffer, offset, output, 4 + sizes.SecurityTrailer, count);
SecurityBuffer[] input = new SecurityBuffer[] { new SecurityBuffer(output, 4, sizes.SecurityTrailer, BufferType.Token), new SecurityBuffer(output, 4 + sizes.SecurityTrailer, count, BufferType.Data), new SecurityBuffer(output, (4 + sizes.SecurityTrailer) + count, sizes.BlockSize, BufferType.Padding) };
if (this.IsConfidentialityFlag)
{
num3 = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, sequenceNumber);
}
else
{
if (this.IsNTLM)
{
SecurityBuffer buffer1 = input[1];
buffer1.type |= BufferType.ReadOnlyFlag;
}
num3 = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, 0);
}
if (num3 != 0)
{
throw new Win32Exception(num3);
}
size = input[0].size;
bool flag = false;
if (size != sizes.SecurityTrailer)
{
flag = true;
Buffer.BlockCopy(output, input[1].offset, output, 4 + size, input[1].size);
}
size += input[1].size;
if ((input[2].size != 0) && (flag || (size != (count + sizes.SecurityTrailer))))
{
Buffer.BlockCopy(output, input[2].offset, output, 4 + size, input[2].size);
}
size += input[2].size;
output[0] = (byte)(size & 0xff);
output[1] = (byte)((size >> 8) & 0xff);
output[2] = (byte)((size >> 0x10) & 0xff);
output[3] = (byte)((size >> 0x18) & 0xff);
return(size + 4);
}
