internal static extern int AcceptSecurityContext(
ref SECURITY_HANDLE phCredential,
ref SECURITY_HANDLE phContext,
ref SecBufferDesc pInput,
uint fContextReq,
uint targetDataRep,
out SECURITY_HANDLE phNewContext,
out SecBufferDesc pOutput,
out uint pfContextAttr, //managed ulong == 64 bits!!!
out SECURITY_INTEGER ptsTimeStamp);
internal static extern int AcquireCredentialsHandle(
string pszPrincipal, //SEC_CHAR*
string pszPackage, //SEC_CHAR* //"Kerberos","NTLM","Negotiative"
int fCredentialUse,
IntPtr pAuthenticationId, //_LUID AuthenticationID,//pvLogonID, //PLUID
IntPtr pAuthData, //PVOID
int pGetKeyFn, //SEC_GET_KEY_FN
IntPtr pvGetKeyArgument, //PVOID
ref SECURITY_HANDLE phCredential, //SecHandle //PCtxtHandle ref
ref SECURITY_INTEGER ptsExpiry); //PTimeStamp //TimeStamp ref
internal static extern int InitializeSecurityContext(
ref SECURITY_HANDLE phCredential, //PCredHandle
ref SECURITY_HANDLE phContext, //PCtxtHandle
string pszTargetName,
int fContextReq,
int reserved1,
int targetDataRep,
ref SecBufferDesc secBufferDesc, //PSecBufferDesc SecBufferDesc
int reserved2,
out SECURITY_HANDLE phNewContext, //PCtxtHandle
out SecBufferDesc pOutput, //PSecBufferDesc SecBufferDesc
out uint pfContextAttr, //managed ulong == 64 bits!!!
out SECURITY_INTEGER ptsExpiry); //PTimeStamp
public void VerifyMessage(int messageLength, byte[] signedBuffer, bool bUseClientContext,
out byte[] verifiedBuffer)
{
verifiedBuffer = null;
SECURITY_HANDLE decryptionContext = _hServerContext;
if (bUseClientContext)
{
decryptionContext = _hClientContext;
}
var signedMessage = new byte[messageLength];
Array.Copy(signedBuffer, 0, signedMessage, 0, messageLength);
int signatureLength = signedBuffer.Length - messageLength;
var signature = new byte[signatureLength];
Array.Copy(signedBuffer, messageLength, signature, 0, signatureLength);
var thisSecHelper = new MultipleSecBufferHelper[2];
thisSecHelper[0] = new MultipleSecBufferHelper(signedMessage, SecBufferType.SECBUFFER_DATA);
thisSecHelper[1] = new MultipleSecBufferHelper(signature, SecBufferType.SECBUFFER_TOKEN);
var descBuffer = new SecBufferDesc(thisSecHelper);
try
{
uint encryptionQuality;
int result = NativeMethods.VerifySignature(ref decryptionContext, ref descBuffer, 0,
out encryptionQuality);
if (result != NativeContants.SEC_E_OK)
{
throw new SspiException("VerifySignature() failed!!!", result);
}
verifiedBuffer = new byte[messageLength];
Array.Copy(descBuffer.GetSecBufferByteArray(), 0, verifiedBuffer, 0, messageLength);
}
finally
{
descBuffer.Dispose();
}
}
public void SignMessage(byte[] message, bool bUseClientContext, out byte[] signedBuffer,
ref SECURITY_HANDLE hServerContext)
{
signedBuffer = null;
SECURITY_HANDLE encryptionContext = _hServerContext;
if (bUseClientContext)
{
encryptionContext = _hClientContext;
}
SecPkgContext_Sizes contextSizes;
int result = NativeMethods.QueryContextAttributes(ref encryptionContext, NativeContants.SECPKG_ATTR_SIZES,
out contextSizes);
if (result != NativeContants.SEC_E_OK)
{
throw new SspiException("QueryContextAttribute() failed!!!", result);
}
var thisSecHelper = new MultipleSecBufferHelper[2];
thisSecHelper[0] = new MultipleSecBufferHelper(message, SecBufferType.SECBUFFER_DATA);
thisSecHelper[1] = new MultipleSecBufferHelper(new byte[contextSizes.cbMaxSignature],
SecBufferType.SECBUFFER_TOKEN);
var descBuffer = new SecBufferDesc(thisSecHelper);
try
{
result = NativeMethods.MakeSignature(ref encryptionContext, 0, ref descBuffer, 0);
if (result != NativeContants.SEC_E_OK)
{
throw new SspiException("MakeSignature() failed!!!", result);
}
//SSPIHelper.SignAndVerify(ref _hClientContext,ref hServerContext,ref DescBuffer);
uint encryptionQuality;
NativeMethods.VerifySignature(ref _hServerContext, ref descBuffer, 0, out encryptionQuality);
signedBuffer = descBuffer.GetSecBufferByteArray();
}
finally
{
descBuffer.Dispose();
}
}
public void EncryptMessage(
byte[] message, bool bUseClientContext, out byte[] encryptedBuffer)
{
encryptedBuffer = null;
SECURITY_HANDLE encryptionContext = _hServerContext;
if (bUseClientContext)
{
encryptionContext = _hClientContext;
}
SecPkgContext_Sizes contextSizes;
int result = NativeMethods.QueryContextAttributes(ref encryptionContext, NativeContants.SECPKG_ATTR_SIZES,
out contextSizes);
if (result != NativeContants.SEC_E_OK)
{
throw new SspiException("QueryContextAttribute() failed!!!", result);
}
var thisSecHelper = new MultipleSecBufferHelper[2];
thisSecHelper[0] = new MultipleSecBufferHelper(message, SecBufferType.SECBUFFER_DATA);
thisSecHelper[1] = new MultipleSecBufferHelper(new byte[contextSizes.cbSecurityTrailer],
SecBufferType.SECBUFFER_TOKEN);
var descBuffer = new SecBufferDesc(thisSecHelper);
try
{
result = NativeMethods.EncryptMessage(ref encryptionContext, 0, ref descBuffer, 0);
if (result != NativeContants.SEC_E_OK)
{
throw new SspiException("EncryptMessage() failed!!!", result);
}
encryptedBuffer = descBuffer.GetSecBufferByteArray();
}
finally
{
descBuffer.Dispose();
}
}
internal static extern int QueryContextAttributes(
ref SECURITY_HANDLE phContext,
uint ulAttribute,
out SecPkgContext_Sizes pContextAttributes);
internal static extern int ImpersonateSecurityContext(
ref SECURITY_HANDLE phContext);
internal static extern int VerifySignature(
ref SECURITY_HANDLE phContext, // Context to use
ref SecBufferDesc pMessage, // Message to sign
uint messageSeqNo, // Message Sequence Num.
out uint pfQop); // Quality of Protection
internal static extern int MakeSignature(
ref SECURITY_HANDLE phContext, // Context to use
uint fQop, // Quality of Protection
ref SecBufferDesc pMessage, // Message to sign
uint messageSeqNo); // Message Sequence Num.
internal static extern int DecryptMessage(
ref SECURITY_HANDLE phContext,
ref SecBufferDesc pMessage,
uint messageSeqNo,
out uint pfQop);
internal static extern int EncryptMessage(
ref SECURITY_HANDLE phContext,
uint fQop, //managed ulong == 64 bits!!!
ref SecBufferDesc pMessage,
uint messageSeqNo); //managed ulong == 64 bits!!!
