public static DecryptMessage ( System.Net.Security.SSPIInterface secModule, SafeDeleteContext context, SecurityBuffer input, uint sequenceNumber ) : int | ||
secModule | System.Net.Security.SSPIInterface | |
context | SafeDeleteContext | |
input | SecurityBuffer | |
sequenceNumber | uint | |
return | int |
public static SecurityStatusPal DecryptMessage(SafeDeleteContext securityContext, byte[] buffer, ref int offset, ref int count) { // Decryption using SCHANNEL requires four buffers. SecurityBuffer[] decspc = new SecurityBuffer[4]; decspc[0] = new SecurityBuffer(buffer, offset, count, SecurityBufferType.Data); decspc[1] = new SecurityBuffer(null, SecurityBufferType.Empty); decspc[2] = new SecurityBuffer(null, SecurityBufferType.Empty); decspc[3] = new SecurityBuffer(null, SecurityBufferType.Empty); Interop.SecurityStatus errorCode = (Interop.SecurityStatus)SSPIWrapper.DecryptMessage( GlobalSSPI.SSPISecureChannel, securityContext, decspc, 0); count = 0; for (int i = 0; i < decspc.Length; i++) { // Successfully decoded data and placed it at the following position in the buffer, if ((errorCode == Interop.SecurityStatus.OK && decspc[i].type == SecurityBufferType.Data) // or we failed to decode the data, here is the encoded data. || (errorCode != Interop.SecurityStatus.OK && decspc[i].type == SecurityBufferType.Extra)) { offset = decspc[i].offset; count = decspc[i].size; break; } } return(GetSecurityStatusPalFromInterop(errorCode)); }
internal int Decrypt(byte[] payload, int offset, int count, out int newOffset, uint expectedSeqNumber) { if (offset < 0 || offset > (payload == null ? 0 : payload.Length)) { if (GlobalLog.IsEnabled) { GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(this) + "::Decrypt", "Argument 'offset' out of range."); } throw new ArgumentOutOfRangeException("offset"); } if (count < 0 || count > (payload == null ? 0 : payload.Length - offset)) { if (GlobalLog.IsEnabled) { GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(this) + "::Decrypt", "Argument 'count' out of range."); } throw new ArgumentOutOfRangeException("count"); } if (IsNTLM) { return(DecryptNtlm(payload, offset, count, out newOffset, expectedSeqNumber)); } // // Kerberos and up // var securityBuffer = new SecurityBuffer[2]; securityBuffer[0] = new SecurityBuffer(payload, offset, count, SecurityBufferType.Stream); securityBuffer[1] = new SecurityBuffer(0, SecurityBufferType.Data); int errorCode; if (IsConfidentialityFlag) { errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, expectedSeqNumber); } else { errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, expectedSeqNumber); } if (errorCode != 0) { GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::Decrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo)); throw new Win32Exception(errorCode); } if (securityBuffer[1].type != SecurityBufferType.Data) { throw new InternalException(); } newOffset = securityBuffer[1].offset; return(securityBuffer[1].size); }
private int DecryptNtlm(byte[] payload, int offset, int count, out int newOffset, uint expectedSeqNumber) { int num; if (count < 0x10) { throw new ArgumentOutOfRangeException("count"); } SecurityBuffer[] input = new SecurityBuffer[] { new SecurityBuffer(payload, offset, 0x10, BufferType.Token), new SecurityBuffer(payload, offset + 0x10, count - 0x10, BufferType.Data) }; BufferType data = BufferType.Data; if (this.IsConfidentialityFlag) { num = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, expectedSeqNumber); } else { data |= BufferType.ReadOnlyFlag; input[1].type = data; num = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, expectedSeqNumber); } if (num != 0) { throw new Win32Exception(num); } if (input[1].type != data) { throw new InternalException(); } newOffset = input[1].offset; return(input[1].size); }
private int DecryptNtlm(byte[] payload, int offset, int count, out int newOffset, uint expectedSeqNumber) { // For the most part the arguments are verified in Encrypt(). if (count < 16) { if (GlobalLog.IsEnabled) { GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(this) + "::DecryptNtlm", "Argument 'count' out of range."); } Debug.Fail("NTAuthentication#" + LoggingHash.HashString(this) + "::DecryptNtlm", "Argument 'count' out of range."); throw new ArgumentOutOfRangeException(nameof(count)); } var securityBuffer = new SecurityBuffer[2]; securityBuffer[0] = new SecurityBuffer(payload, offset, 16, SecurityBufferType.Token); securityBuffer[1] = new SecurityBuffer(payload, offset + 16, count - 16, SecurityBufferType.Data); int errorCode; SecurityBufferType realDataType = SecurityBufferType.Data; if (IsConfidentialityFlag) { errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, expectedSeqNumber); } else { realDataType |= SecurityBufferType.ReadOnlyFlag; securityBuffer[1].type = realDataType; errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, expectedSeqNumber); } if (errorCode != 0) { if (GlobalLog.IsEnabled) { GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::Decrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo)); } throw new Win32Exception(errorCode); } if (securityBuffer[1].type != realDataType) { throw new InternalException(); } newOffset = securityBuffer[1].offset; return(securityBuffer[1].size); }
internal int Decrypt(byte[] payload, int offset, int count, out int newOffset, uint expectedSeqNumber) { int num; if ((offset < 0) || (offset > ((payload == null) ? 0 : payload.Length))) { throw new ArgumentOutOfRangeException("offset"); } if ((count < 0) || (count > ((payload == null) ? 0 : (payload.Length - offset)))) { throw new ArgumentOutOfRangeException("count"); } if (this.IsNTLM) { return(this.DecryptNtlm(payload, offset, count, out newOffset, expectedSeqNumber)); } SecurityBuffer[] input = new SecurityBuffer[] { new SecurityBuffer(payload, offset, count, BufferType.Stream), new SecurityBuffer(0, BufferType.Data) }; if (this.IsConfidentialityFlag) { num = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, expectedSeqNumber); } else { num = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, expectedSeqNumber); } if (num != 0) { throw new Win32Exception(num); } if (input[1].type != BufferType.Data) { throw new InternalException(); } newOffset = input[1].offset; return(input[1].size); }