public void SecurityStatusException_MessageNotFound()
{
SECURITY_STATUS error = (SECURITY_STATUS)0xC1111111;
var ex = new SecurityStatusException(error);
Assert.Equal("SECURITY_STATUS error: 0xC1111111", ex.Message);
}
public void SecurityStatusException_NativeErrorCode()
{
SECURITY_STATUS error = SECURITY_STATUS.NTE_BAD_DATA;
var ex = new SecurityStatusException(error);
Assert.Equal(error, ex.NativeErrorCode);
}
public void SecurityStatusException_CodeAndMessage()
{
SECURITY_STATUS error = SECURITY_STATUS.NTE_BAD_DATA;
var ex = new SecurityStatusException(error, "msg");
Assert.Equal(error, ex.NativeErrorCode);
Assert.Equal("msg", ex.Message);
}
/// <summary>
/// Gets the text associated with a <see cref="SECURITY_STATUS"/>.
/// </summary>
/// <param name="error">The error code.</param>
/// <returns>The error message. Or <c>null</c> if no message could be found.</returns>
public static unsafe string GetMessage(this SECURITY_STATUS error)
{
return(FormatMessage(
FormatMessageFlags.FORMAT_MESSAGE_FROM_SYSTEM,
null,
(int)error,
0,
null,
MaxAllowedBufferSize));
}
/// <summary>
/// Throws an exception if an NCrypt function returned a failure error code.
/// </summary>
/// <param name="status">The result from an NCrypt function.</param>
public static void ThrowOnError(this SECURITY_STATUS status)
{
switch (status)
{
case SECURITY_STATUS.ERROR_SUCCESS:
return;
default:
throw new SecurityStatusException(status);
}
}
/// <summary>
/// Throws an exception if an NCrypt function returned a failure error code.
/// </summary>
/// <param name="status">The result from an NCrypt function.</param>
public static void ThrowOnError(this SECURITY_STATUS status)
{
switch (status)
{
case SECURITY_STATUS.ERROR_SUCCESS:
return;
default:
throw new Exception($"SECURITY_STATUS: {status} (0x{(int)status:x8})");
}
}
public void SecurityStatusException_Error_Message()
{
SECURITY_STATUS error = SECURITY_STATUS.NTE_BAD_DATA;
var ex = new SecurityStatusException(error);
#if NETFRAMEWORK
Assert.Equal("Bad Data (SECURITY_STATUS error: NTE_BAD_DATA (0x80090005))", ex.Message);
#else
Assert.Equal("SECURITY_STATUS error: NTE_BAD_DATA (0x80090005)", ex.Message);
#endif
}
public void SecurityStatusException_Success_Message()
{
SECURITY_STATUS error = SECURITY_STATUS.ERROR_SUCCESS;
var ex = new SecurityStatusException(error);
#if NETFRAMEWORK
Assert.Equal("The operation completed successfully (SECURITY_STATUS success: ERROR_SUCCESS (0x00000000))", ex.Message);
#else
Assert.Equal("SECURITY_STATUS success: ERROR_SUCCESS (0x00000000)", ex.Message);
#endif
}
public void ThrowOnError_Failure()
{
SECURITY_STATUS status = SECURITY_STATUS.NTE_BAD_DATA;
try
{
status.ThrowOnError();
Assert.False(true, "Expected exception not thrown.");
}
catch (SecurityStatusException ex)
{
Assert.Equal("Bad Data (SECURITY_STATUS error: NTE_BAD_DATA (0x80090005))", ex.Message);
}
}
/// <summary>
/// Gets the message associated with the given <see cref="SECURITY_STATUS"/>.
/// </summary>
/// <param name="status">The <see cref="SECURITY_STATUS"/> for the error.</param>
/// <returns>The description of the error.</returns>
private static string GetMessage(SECURITY_STATUS status)
{
string hexCode = $"0x{(int)status:X8}";
string namedCode = Enum.GetName(typeof(SECURITY_STATUS), status);
string statusAsString = namedCode != null
? $"{namedCode} ({hexCode})"
: hexCode;
string insert = $"SECURITY_STATUS {GetSeverityString(status)}: {statusAsString}";
string message = status.GetMessage();
return(message != null
? $"{message} ({insert})"
: insert);
}
/// <summary>
/// Gets the message associated with the given <see cref="SECURITY_STATUS"/>.
/// </summary>
/// <param name="status">The <see cref="SECURITY_STATUS"/> for the error.</param>
/// <returns>The description of the error.</returns>
private static string GetMessage(SECURITY_STATUS status)
{
string hexCode = $"0x{(int)status:X8}";
string namedCode = Enum.GetName(typeof(SECURITY_STATUS), status);
string statusAsString = namedCode != null
? $"{namedCode} ({hexCode})"
: hexCode;
string insert = $"SECURITY_STATUS {GetSeverityString(status)}: {statusAsString}";
string message = status.GetMessage();
return message != null
? $"{message} ({insert})"
: insert;
}
/// <summary>
/// Gets the text associated with a <see cref="SECURITY_STATUS"/>.
/// </summary>
/// <param name="error">The error code.</param>
/// <returns>The error message. Or <c>null</c> if no message could be found.</returns>
public static unsafe string GetMessage(this SECURITY_STATUS error)
{
int dwLanguageId = 0;
#if DESKTOP
dwLanguageId = CultureInfo.CurrentCulture.LCID;
#endif
return(FormatMessage(
FormatMessageFlags.FORMAT_MESSAGE_FROM_SYSTEM,
null,
(int)error,
dwLanguageId,
null,
MaxAllowedBufferSize));
}
/// <summary>
/// Verifies that the specified signature matches the specified hash.
/// </summary>
/// <param name="key">
/// The handle of the key to use to decrypt the signature. This must be an identical key or the public key portion of the key pair used to sign the data with the <see cref="NCryptSignHash(SafeKeyHandle, void*, byte*, int, byte*, int, out int, NCryptSignHashFlags)"/> function.
/// </param>
/// <param name="paddingInfo">
/// A pointer to a structure that contains padding information. The actual type of structure this parameter points to depends on the value of the <paramref name="flags"/> parameter. This parameter is only used with asymmetric keys and must be NULL otherwise.
/// </param>
/// <param name="hashValue">
/// The address of a buffer that contains the hash of the data.
/// </param>
/// <param name="signature">
/// The address of a buffer that contains the signed hash of the data. The <see cref="NCryptSignHash(SafeKeyHandle, void*, byte*, int, byte*, int, out int, NCryptSignHashFlags)"/> function is used to create the signature.
/// </param>
/// <param name="flags">
/// A set of flags that modify the behavior of this function. The allowed set of flags depends on the type of key specified by the hKey parameter.
/// If the key is a symmetric key, this parameter is not used and should be zero.
/// If the key is an asymmetric key, this can be one of the following values.
/// </param>
/// <returns>
/// <c>true</c> if the signature is valid; <c>false</c> otherwise.
/// </returns>
/// <exception cref="SecurityStatusException">Thrown if any other error besides an invalid signature occurs.</exception>
public static unsafe bool NCryptVerifySignature(SafeKeyHandle key, void *paddingInfo, byte[] hashValue, byte[] signature, NCryptSignHashFlags flags = NCryptSignHashFlags.None)
{
fixed(byte *pHashValue = hashValue)
fixed(byte *pSignature = signature)
{
SECURITY_STATUS result = NCryptVerifySignature(key, paddingInfo, pHashValue, hashValue.Length, pSignature, signature.Length, flags);
if (result == SECURITY_STATUS.NTE_BAD_SIGNATURE)
{
return(false);
}
result.ThrowOnError();
return(true);
}
}
public unsafe void NCryptEnumKeys_IntPtr_Test()
{
using (var provider = NCryptOpenStorageProvider(KeyStorageProviders.MS_KEY_STORAGE_PROVIDER))
{
const string scope = null;
IntPtr ipkeyName;
IntPtr enumState = IntPtr.Zero;
SECURITY_STATUS status = NCryptEnumKeys(provider, scope, out ipkeyName, ref enumState);
while (status == SECURITY_STATUS.ERROR_SUCCESS)
{
var keyName = (NCryptKeyName *)ipkeyName.ToPointer();
this.logger.WriteLine($"{keyName->Name} ({keyName->Algid})");
if (keyName->Name.StartsWith("PclCrypto_"))
{
using (var key = NCryptOpenKey(provider, *keyName))
{
NCryptDeleteKey(key).ThrowOnError();
key.SetHandleAsInvalid();
}
}
NCryptFreeBuffer(keyName).ThrowOnError();
status = NCryptEnumKeys(provider, scope, out ipkeyName, ref enumState);
}
if (enumState != null)
{
NCryptFreeBuffer(enumState).ThrowOnError();
}
if (status != SECURITY_STATUS.NTE_NO_MORE_ITEMS)
{
status.ThrowOnError();
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="SecurityStatusException"/> class.
/// </summary>
/// <param name="status">The error code leading to this exception.</param>
/// <param name="message">The customized message for the exception.</param>
/// <param name="inner">The inner exception.</param>
public SecurityStatusException(SECURITY_STATUS status, string message, Exception inner)
: base(message ?? GetMessage(status), inner)
{
this.NativeErrorCode = status;
}
/// <summary>
/// Initializes a new instance of the <see cref="SecurityStatusException"/> class.
/// </summary>
/// <param name="status">The error code leading to this exception.</param>
public SecurityStatusException(SECURITY_STATUS status)
: this(status, GetMessage(status), null)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="SecurityStatusException"/> class.
/// </summary>
/// <param name="status">The error code leading to this exception.</param>
public SecurityStatusException(SECURITY_STATUS status)
: this(status, GetMessage(status), null)
{
}
private static string GetSeverityString(SECURITY_STATUS status)
{
return status == SECURITY_STATUS.ERROR_SUCCESS
? "success"
: "error";
}
/// <summary>
/// Initializes a new instance of the <see cref="SecurityStatusException"/> class.
/// </summary>
/// <param name="status">The error code leading to this exception.</param>
/// <param name="message">The customized message for the exception.</param>
public SecurityStatusException(SECURITY_STATUS status, string message)
: this(status, message, null)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="SecurityStatusException"/> class.
/// </summary>
/// <param name="status">The error code leading to this exception.</param>
/// <param name="message">The customized message for the exception.</param>
/// <param name="inner">The inner exception.</param>
public SecurityStatusException(SECURITY_STATUS status, string message, Exception inner)
: base(message ?? GetMessage(status), inner)
{
this.NativeErrorCode = status;
}
private static string GetSeverityString(SECURITY_STATUS status)
{
return(status == SECURITY_STATUS.ERROR_SUCCESS
? "success"
: "error");
}
public void GetMessage_SecurityStatus()
{
SECURITY_STATUS status = SECURITY_STATUS.NTE_BAD_DATA;
Assert.Equal("Bad Data", status.GetMessage());
}
/// <summary>
/// Initializes a new instance of the <see cref="SecurityStatusException"/> class.
/// </summary>
/// <param name="status">The error code leading to this exception.</param>
/// <param name="message">The customized message for the exception.</param>
public SecurityStatusException(SECURITY_STATUS status, string message)
: this(status, message, null)
{
}
