public void DecryptMessage(int messageLength, byte[] encryptedBytes, out byte[] decryptedBytes)
{
decryptedBytes = null;
var encryptedMessage = new byte[messageLength];
Array.Copy(encryptedBytes, 0, encryptedMessage, 0, messageLength);
var securityTrailerLength = encryptedBytes.Length - messageLength;
var securityTrailer = new byte[securityTrailerLength];
Array.Copy(encryptedBytes, messageLength, securityTrailer, 0, securityTrailerLength);
var buffers = new[]
{
new SecurityBuffer(encryptedBytes, SecurityBufferType.Data),
new SecurityBuffer(securityTrailer, SecurityBufferType.Stream)
};
var descriptor = new SecurityBufferDescriptor(buffers);
var contextAddRefSuccess = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
{
throw;
}
}
finally
{
try
{
uint quality;
var result = NativeMethods.DecryptMessage(ref _handle, ref descriptor, 0, out quality);
if (result != NativeMethods.SEC_E_OK)
{
throw Win32Exception.Create(result, "Unable to decrypt message.");
}
decryptedBytes = descriptor.ToByteArray();
}
finally
{
descriptor.Free();
}
}
}
public void MakeSignature(byte[] inBytes, out byte[] outBytes)
{
outBytes = null;
var contextAddRefSuccess = false;
SecurityPackageContextSizes sizes;
QueryBufferSizes(out sizes);
var buffers = new[]
{
new SecurityBuffer(new byte[sizes.SecurityTrailer], SecurityBufferType.Token),
new SecurityBuffer(inBytes, SecurityBufferType.Data),
new SecurityBuffer(new byte[sizes.BlockSize], SecurityBufferType.Padding)
};
var descriptor = new SecurityBufferDescriptor(buffers);
RuntimeHelpers.PrepareConstrainedRegions();
try
{
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
{
throw;
}
}
finally
{
try
{
var result = NativeMethods.MakeSignature(ref _handle, MakeSignatureQualityOfProtection.None, ref descriptor, 0);
DangerousRelease();
if (result != NativeMethods.SEC_E_OK)
{
throw Win32Exception.Create(result, "Unable to encrypt message.");
}
outBytes = descriptor.ToByteArray();
}
finally
{
descriptor.Free();
}
}
}
internal static extern uint AcceptSecurityContext(
ref SspiHandle credentialHandle,
ref SspiHandle inContextHandle,
ref SecurityBufferDescriptor inputBuffer,
SspiContextFlags requestedAttribs,
DataRepresentation dataRepresentation,
ref SspiHandle outContext,
ref SecurityBufferDescriptor outputBuffer,
out SspiContextFlags outputAttribs,
out long timestamp);
public void DecryptMessage(int messageLength, byte[] encryptedBytes, out byte[] decryptedBytes)
{
decryptedBytes = null;
var encryptedMessage = new byte[messageLength];
Array.Copy(encryptedBytes, 0, encryptedMessage, 0, messageLength);
var securityTrailerLength = encryptedBytes.Length - messageLength;
var securityTrailer = new byte[securityTrailerLength];
Array.Copy(encryptedBytes, messageLength, securityTrailer, 0, securityTrailerLength);
var buffers = new[]
{
new SecurityBuffer(encryptedBytes, SecurityBufferType.Data),
new SecurityBuffer(securityTrailer, SecurityBufferType.Stream)
};
var descriptor = new SecurityBufferDescriptor(buffers);
var contextAddRefSuccess = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
throw;
}
finally
{
try
{
uint quality;
var result = NativeMethods.DecryptMessage(ref _handle, ref descriptor, 0, out quality);
if (result != NativeMethods.SEC_E_OK)
throw Win32Exception.Create(result, "Unable to decrypt message.");
decryptedBytes = descriptor.ToByteArray();
}
finally
{
descriptor.Free();
}
}
}
public static extern uint InitializeSecurityContext(
ref SspiHandle credentialHandle,
ref SspiHandle inContextHandle,
string targetName,
SspiContextFlags flags,
int reserved1,
DataRepresentation dataRepresentation,
ref SecurityBufferDescriptor inputBuffer,
int reserved2,
ref SspiHandle outContext,
ref SecurityBufferDescriptor outputBuffer,
out SspiContextFlags outAttributes,
out long timestamp);
public static extern uint DecryptMessage(ref SspiHandle context, ref SecurityBufferDescriptor pMessage, uint sequenceNumber, out uint quality);
public static extern uint EncryptMessage(ref SspiHandle context, EncryptQualityOfProtection quality, ref SecurityBufferDescriptor pMessage, uint sequenceNumber);
internal static extern uint VerifySignature(ref SspiHandle contextHandle, ref SecurityBufferDescriptor bufferDescriptor, uint sequenceNumber, MakeSignatureQualityOfProtection qualityOfProtection);
public void VerifySignature(byte[] inBytes, out byte[] outBytes)
{
bool contextAddRefSuccess = false;
SecurityPackageContextSizes sizes;
QueryBufferSizes(out sizes);
var buffers = new[]
{
new SecurityBuffer(new byte[sizes.SecurityTrailer], SecurityBufferType.Token),
new SecurityBuffer(inBytes, SecurityBufferType.Data),
new SecurityBuffer(new byte[sizes.BlockSize], SecurityBufferType.Padding)
};
var descriptor = new SecurityBufferDescriptor(buffers);
RuntimeHelpers.PrepareConstrainedRegions();
try
{
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
throw;
}
finally
{
try
{
var status = NativeMethods.VerifySignature(ref _handle, ref descriptor, 0, MakeSignatureQualityOfProtection.None);
DangerousRelease();
switch ((long)status)
{
case NativeMethods.SEC_E_OK:
outBytes = descriptor.ToByteArray();
break;
case NativeMethods.SEC_E_OUT_OF_SEQUENCE:
case NativeMethods.SEC_E_MESSAGE_ALTERED:
outBytes = null;
break;
default:
throw Win32Exception.Create(status, "Unable to encrypt message.");
}
}
finally
{
descriptor.Free();
}
}
}
public static extern uint InitializeSecurityContext(
ref SspiHandle credentialHandle,
ref SspiHandle inContextHandle,
string targetName,
SspiContextFlags flags,
int reserved1,
DataRepresentation dataRepresentation,
ref SecurityBufferDescriptor inputBuffer,
int reserved2,
ref SspiHandle outContext,
ref SecurityBufferDescriptor outputBuffer,
out SspiContextFlags outAttributes,
out long timestamp);
public void Initialize(string servicePrincipalName, byte[] inBytes, out byte[] outBytes)
{
outBytes = null;
var outputBuffer = new SecurityBufferDescriptor((int)_credential.PackageInfo.MaxTokenSize);
var credentialAddRefSuccess = false;
var contextAddRefSuccess = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
_credential.DangerousAddRef(ref credentialAddRefSuccess);
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (credentialAddRefSuccess)
{
_credential.DangerousRelease();
credentialAddRefSuccess = false;
}
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
{
throw;
}
}
finally
{
try
{
uint result;
long timestamp;
var credentialHandle = _credential.Handle;
if (inBytes == null || inBytes.Length == 0)
{
result = NativeMethods.InitializeSecurityContext(
ref credentialHandle,
IntPtr.Zero,
servicePrincipalName,
_requestedContextFlags,
0,
DataRepresentation.Network,
IntPtr.Zero,
0,
ref _handle,
ref outputBuffer,
out _receivedContextFlags,
out timestamp);
}
else
{
var serverToken = new SecurityBufferDescriptor(inBytes);
try
{
result = NativeMethods.InitializeSecurityContext(
ref credentialHandle,
ref _handle,
servicePrincipalName,
_requestedContextFlags,
0,
DataRepresentation.Network,
ref serverToken,
0,
ref _handle,
ref outputBuffer,
out _receivedContextFlags,
out timestamp);
}
finally
{
serverToken.Free();
}
}
_credential.DangerousRelease();
DangerousRelease();
if (result != NativeMethods.SEC_E_OK && result != NativeMethods.SEC_I_CONTINUE_NEEDED)
{
throw Win32Exception.Create(result, "Unable to initialize security context.");
}
outBytes = outputBuffer.ToByteArray();
IsInitialized = result == NativeMethods.SEC_E_OK;
}
finally
{
outputBuffer.Free();
}
}
}
public void VerifySignature(byte[] inBytes, out byte[] outBytes)
{
bool contextAddRefSuccess = false;
SecurityPackageContextSizes sizes;
QueryBufferSizes(out sizes);
var buffers = new[]
{
new SecurityBuffer(new byte[sizes.SecurityTrailer], SecurityBufferType.Token),
new SecurityBuffer(inBytes, SecurityBufferType.Data),
new SecurityBuffer(new byte[sizes.BlockSize], SecurityBufferType.Padding)
};
var descriptor = new SecurityBufferDescriptor(buffers);
RuntimeHelpers.PrepareConstrainedRegions();
try
{
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
{
throw;
}
}
finally
{
try
{
var status = NativeMethods.VerifySignature(ref _handle, ref descriptor, 0, MakeSignatureQualityOfProtection.None);
DangerousRelease();
switch ((long)status)
{
case NativeMethods.SEC_E_OK:
outBytes = descriptor.ToByteArray();
break;
case NativeMethods.SEC_E_OUT_OF_SEQUENCE:
case NativeMethods.SEC_E_MESSAGE_ALTERED:
outBytes = null;
break;
default:
throw Win32Exception.Create(status, "Unable to encrypt message.");
}
}
finally
{
descriptor.Free();
}
}
}
public void AcceptToken(byte[] inBytes, out byte[] outBytes)
{
outBytes = null;
var outputBuffer = new SecurityBufferDescriptor((int)_credential.PackageInfo.MaxTokenSize);
var credentialAddRefSuccess = false;
var contextAddRefSuccess = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
_credential.DangerousAddRef(ref credentialAddRefSuccess);
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (credentialAddRefSuccess)
{
_credential.DangerousRelease();
credentialAddRefSuccess = false;
}
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
throw;
}
finally
{
try
{
var flags = SspiContextFlags.MutualAuth;
var clientToken = new SecurityBufferDescriptor(inBytes);
uint result;
long timestamp;
var credentialHandle = _credential.Handle;
if (_handle.IsZero)
{
result = NativeMethods.AcceptSecurityContext(
ref credentialHandle,
IntPtr.Zero,
ref clientToken,
flags,
DataRepresentation.Network,
ref _handle,
ref outputBuffer,
out flags,
out timestamp);
}
else
{
try
{
result = NativeMethods.AcceptSecurityContext(
ref credentialHandle,
ref _handle,
ref clientToken,
flags,
DataRepresentation.Network,
ref _handle,
ref outputBuffer,
out flags,
out timestamp);
}
finally
{
clientToken.Free();
}
}
_credential.DangerousRelease();
DangerousRelease();
if (result != NativeMethods.SEC_E_OK && result != NativeMethods.SEC_I_CONTINUE_NEEDED)
throw Win32Exception.Create(result, "Unable to initialize security context.");
outBytes = outputBuffer.ToByteArray();
IsInitialized = result == NativeMethods.SEC_E_OK;
}
finally
{
outputBuffer.Free();
}
}
}
public void Initialize(string servicePrincipalName, byte[] inBytes, out byte[] outBytes)
{
outBytes = null;
var outputBuffer = new SecurityBufferDescriptor((int)_credential.PackageInfo.MaxTokenSize);
var credentialAddRefSuccess = false;
var contextAddRefSuccess = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
_credential.DangerousAddRef(ref credentialAddRefSuccess);
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (credentialAddRefSuccess)
{
_credential.DangerousRelease();
credentialAddRefSuccess = false;
}
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
throw;
}
finally
{
try
{
uint result;
long timestamp;
var credentialHandle = _credential.Handle;
if (inBytes == null || inBytes.Length == 0)
{
result = NativeMethods.InitializeSecurityContext(
ref credentialHandle,
IntPtr.Zero,
servicePrincipalName,
_requestedContextFlags,
0,
DataRepresentation.Network,
IntPtr.Zero,
0,
ref _handle,
ref outputBuffer,
out _receivedContextFlags,
out timestamp);
}
else
{
var serverToken = new SecurityBufferDescriptor(inBytes);
try
{
result = NativeMethods.InitializeSecurityContext(
ref credentialHandle,
ref _handle,
servicePrincipalName,
_requestedContextFlags,
0,
DataRepresentation.Network,
ref serverToken,
0,
ref _handle,
ref outputBuffer,
out _receivedContextFlags,
out timestamp);
}
finally
{
serverToken.Free();
}
}
_credential.DangerousRelease();
DangerousRelease();
if (result != NativeMethods.SEC_E_OK && result != NativeMethods.SEC_I_CONTINUE_NEEDED)
throw Win32Exception.Create(result, "Unable to initialize security context.");
outBytes = outputBuffer.ToByteArray();
IsInitialized = result == NativeMethods.SEC_E_OK;
}
finally
{
outputBuffer.Free();
}
}
}
internal static extern uint VerifySignature(ref SspiHandle contextHandle, ref SecurityBufferDescriptor bufferDescriptor, uint sequenceNumber, MakeSignatureQualityOfProtection qualityOfProtection);
public void AcceptToken(byte[] inBytes, out byte[] outBytes)
{
outBytes = null;
var outputBuffer = new SecurityBufferDescriptor((int)_credential.PackageInfo.MaxTokenSize);
var credentialAddRefSuccess = false;
var contextAddRefSuccess = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
_credential.DangerousAddRef(ref credentialAddRefSuccess);
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (credentialAddRefSuccess)
{
_credential.DangerousRelease();
credentialAddRefSuccess = false;
}
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
{
throw;
}
}
finally
{
try
{
var flags = SspiContextFlags.MutualAuth;
var clientToken = new SecurityBufferDescriptor(inBytes);
uint result;
long timestamp;
var credentialHandle = _credential.Handle;
if (_handle.IsZero)
{
result = NativeMethods.AcceptSecurityContext(
ref credentialHandle,
IntPtr.Zero,
ref clientToken,
flags,
DataRepresentation.Network,
ref _handle,
ref outputBuffer,
out flags,
out timestamp);
}
else
{
try
{
result = NativeMethods.AcceptSecurityContext(
ref credentialHandle,
ref _handle,
ref clientToken,
flags,
DataRepresentation.Network,
ref _handle,
ref outputBuffer,
out flags,
out timestamp);
}
finally
{
clientToken.Free();
}
}
_credential.DangerousRelease();
DangerousRelease();
if (result != NativeMethods.SEC_E_OK && result != NativeMethods.SEC_I_CONTINUE_NEEDED)
{
throw Win32Exception.Create(result, "Unable to initialize security context.");
}
outBytes = outputBuffer.ToByteArray();
IsInitialized = result == NativeMethods.SEC_E_OK;
}
finally
{
outputBuffer.Free();
}
}
}
public static extern uint EncryptMessage(ref SspiHandle context, EncryptQualityOfProtection quality, ref SecurityBufferDescriptor pMessage, uint sequenceNumber);
public static extern uint DecryptMessage(ref SspiHandle context, ref SecurityBufferDescriptor pMessage, uint sequenceNumber, out uint quality);
internal static extern uint AcceptSecurityContext(
ref SspiHandle credentialHandle,
ref SspiHandle inContextHandle,
ref SecurityBufferDescriptor inputBuffer,
SspiContextFlags requestedAttribs,
DataRepresentation dataRepresentation,
ref SspiHandle outContext,
ref SecurityBufferDescriptor outputBuffer,
out SspiContextFlags outputAttribs,
out long timestamp);
public void MakeSignature(byte[] inBytes, out byte[] outBytes)
{
outBytes = null;
var contextAddRefSuccess = false;
SecurityPackageContextSizes sizes;
QueryBufferSizes(out sizes);
var buffers = new[]
{
new SecurityBuffer(new byte[sizes.SecurityTrailer], SecurityBufferType.Token),
new SecurityBuffer(inBytes, SecurityBufferType.Data),
new SecurityBuffer(new byte[sizes.BlockSize], SecurityBufferType.Padding)
};
var descriptor = new SecurityBufferDescriptor(buffers);
RuntimeHelpers.PrepareConstrainedRegions();
try
{
DangerousAddRef(ref contextAddRefSuccess);
}
catch (Exception ex)
{
if (contextAddRefSuccess)
{
DangerousRelease();
contextAddRefSuccess = false;
}
if (!(ex is ObjectDisposedException))
throw;
}
finally
{
try
{
var result = NativeMethods.MakeSignature(ref _handle, MakeSignatureQualityOfProtection.None, ref descriptor, 0);
DangerousRelease();
if (result != NativeMethods.SEC_E_OK)
throw Win32Exception.Create(result, "Unable to encrypt message.");
outBytes = descriptor.ToByteArray();
}
finally
{
descriptor.Free();
}
}
}
