public SecurityBuffer(byte[] secBufferBytes, SecurityBufferType bufferType) { cbBuffer = secBufferBytes.Length; cbBufferType = (int)bufferType; pvBuffer = Marshal.AllocHGlobal(cbBuffer); Marshal.Copy(secBufferBytes, 0, pvBuffer, cbBuffer); }
internal static int DecryptNtlm( SafeDeleteContext securityContext, byte[] buffer, int offset, int count, bool isConfidential, out int newOffset, uint sequenceNumber) { const int ntlmSignatureLength = 16; // For the most part the arguments are verified in Decrypt(). if (count < ntlmSignatureLength) { if (GlobalLog.IsEnabled) { GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::DecryptNtlm", "Argument 'count' out of range."); } Debug.Fail("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::DecryptNtlm", "Argument 'count' out of range."); throw new ArgumentOutOfRangeException(nameof(count)); } var securityBuffer = new SecurityBuffer[2]; securityBuffer[0] = new SecurityBuffer(buffer, offset, ntlmSignatureLength, SecurityBufferType.Token); securityBuffer[1] = new SecurityBuffer(buffer, offset + ntlmSignatureLength, count - ntlmSignatureLength, SecurityBufferType.Data); int errorCode; SecurityBufferType realDataType = SecurityBufferType.Data; if (isConfidential) { errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber); } else { realDataType |= SecurityBufferType.ReadOnlyFlag; securityBuffer[1].type = realDataType; errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber); } if (errorCode != 0) { if (GlobalLog.IsEnabled) { GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(securityContext) + "::Decrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo)); } throw new Win32Exception(errorCode); } if (securityBuffer[1].type != realDataType) { throw new InternalException(); } newOffset = securityBuffer[1].offset; return(securityBuffer[1].size); }
/// <summary> /// Initializes a new instance of the <see cref="SecurityBufferDescriptor" /> struct. /// </summary> /// <param name="buffers">The buffers.</param> /// <exception cref="System.ArgumentException">cannot be null or 0 length;buffers</exception> public SecurityBufferDescriptor(SecurityBuffer[] buffers) { if (buffers == null || buffers.Length == 0) { throw new ArgumentException("cannot be null or 0 length", "buffers"); } BufferType = SecurityBufferType.Version; NumBuffers = buffers.Length; //Allocate memory for SecBuffer Array.... BufferPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(SecurityBuffer)) * NumBuffers); for (int i = 0; i < buffers.Length; i++) { var currentBuffer = buffers[i]; var currentOffset = i * Marshal.SizeOf(typeof(SecurityBuffer)); Marshal.WriteInt32(BufferPtr, currentOffset, currentBuffer.Count); var length = currentOffset + Marshal.SizeOf(typeof(int)); Marshal.WriteInt32(BufferPtr, length, (int)currentBuffer.BufferType); length = currentOffset + Marshal.SizeOf(typeof(int)) + Marshal.SizeOf(typeof(int)); Marshal.WriteIntPtr(BufferPtr, length, currentBuffer.Token); } }
public SecurityBuffer(byte[] data, int offset, int size, SecurityBufferType tokentype) { if (offset < 0 || offset > (data == null ? 0 : data.Length)) { if (GlobalLog.IsEnabled) { GlobalLog.Assert("SecurityBuffer::.ctor", "'offset' out of range. [" + offset + "]"); } Debug.Fail("SecurityBuffer::.ctor", "'offset' out of range. [" + offset + "]"); } if (size < 0 || size > (data == null ? 0 : data.Length - offset)) { if (GlobalLog.IsEnabled) { GlobalLog.Assert("SecurityBuffer::.ctor", "'size' out of range. [" + size + "]"); } Debug.Fail("SecurityBuffer::.ctor", "'size' out of range. [" + size + "]"); } this.offset = data == null || offset < 0 ? 0 : Math.Min(offset, data.Length); this.size = data == null || size < 0 ? 0 : Math.Min(size, data.Length - this.offset); this.type = tokentype; this.token = size == 0 ? null : data; }
public static SecBuffer Create(SecurityBufferType type, int length, DisposableList list) { var buffer = list.AddResource(new SafeHGlobalBuffer(length)); buffer.FillBuffer(0); return(new SecBuffer(type, buffer)); }
/// <summary> /// Initializes a new instance of the <see cref="SecurityBuffer" /> struct. /// </summary> /// <param name="bytes">The bytes.</param> public SecurityBuffer(byte[] bytes) { Count = bytes.Length; BufferType = SecurityBufferType.Token; Token = Marshal.AllocHGlobal(Count); Marshal.Copy(bytes, 0, Token, Count); }
public SecurityBufferDescriptor(SecurityBuffer[] buffers) { if (buffers == null || buffers.Length == 0) { throw new ArgumentException("cannot be null or 0 length", "buffers"); } BufferType = SecurityBufferType.Version; NumBuffers = buffers.Length; //Allocate memory for SecBuffer Array.... BufferPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(SecurityBuffer)) * NumBuffers); for (int i = 0; i < buffers.Length; i++) { var currentBuffer = buffers[i]; var currentOffset = i * Marshal.SizeOf(typeof(SecurityBuffer)); Marshal.WriteInt32(BufferPtr, currentOffset, currentBuffer.Count); var length = currentOffset + Marshal.SizeOf(typeof(int)); Marshal.WriteInt32(BufferPtr, length, (int)currentBuffer.BufferType); length = currentOffset + Marshal.SizeOf(typeof(int)) + Marshal.SizeOf(typeof(int)); Marshal.WriteIntPtr(BufferPtr, length, currentBuffer.Token); } }
/// <summary> /// Get the data to be signed. /// </summary> /// <param name="securityBuffers">The security buffer to extract the data to be signed</param> /// <returns>The data to be signed</returns> internal static byte[] GetToBeSignedDataFromSecurityBuffers(SecurityBuffer[] securityBuffers) { if (securityBuffers == null) { throw new ArgumentNullException("securityBuffers"); } byte[] message = new byte[0]; for (int i = 0; i < securityBuffers.Length; i++) { if (securityBuffers[i] == null) { throw new ArgumentNullException("securityBuffers"); } SecurityBufferType securityBufferType = (securityBuffers[i].BufferType & ~SecurityBufferType.AttrMask); if (securityBufferType == SecurityBufferType.Data || securityBufferType == SecurityBufferType.Padding) { bool skip = (securityBuffers[i].BufferType & SecurityBufferType.ReadOnly) != 0; if (!skip && securityBuffers[i].Buffer != null) { message = ArrayUtility.ConcatenateArrays(message, securityBuffers[i].Buffer); } } } return(message); }
private static byte[] ConcatenateSecurityBuffers( SecurityBuffer[] securityBuffers, SecurityBufferType[] targetTypes, bool bothReadOnlyAndReadWrite) { byte[] buf = new byte[0]; for (int i = 0; i < securityBuffers.Length; i++) { SecurityBufferType securityBufferType = (securityBuffers[i].BufferType & ~SecurityBufferType.AttrMask); bool typeMatch = false; for (int j = 0; j < targetTypes.Length; j++) { if (securityBufferType == targetTypes[j]) { typeMatch = true; break; } } if (typeMatch) { bool skip = !bothReadOnlyAndReadWrite && (((securityBuffers[i].BufferType & SecurityBufferType.ReadOnly) != 0) || ((securityBuffers[i].BufferType & SecurityBufferType.ReadOnlyWithChecksum) != 0)); if (!skip && securityBuffers[i].Buffer != null) { buf = ArrayUtility.ConcatenateArrays(buf, securityBuffers[i].Buffer); } } } return(buf); }
/// <summary> /// Initializes a new instance of the <see cref="SecurityBufferDescriptor" /> struct. /// </summary> /// <param name="secBufferBytes">The sec buffer bytes.</param> public SecurityBufferDescriptor(byte[] secBufferBytes) { BufferType = SecurityBufferType.Version; NumBuffers = 1; var buffer = new SecurityBuffer(secBufferBytes); BufferPtr = Marshal.AllocHGlobal(Marshal.SizeOf(buffer)); Marshal.StructureToPtr(buffer, BufferPtr, false); }
public SecurityBuffer(int size, SecurityBufferType tokentype) { GlobalLog.Assert(size >= 0, "SecurityBuffer::.ctor", "'size' out of range. [" + size + "]"); this.size = size; this.type = tokentype; this.token = size == 0 ? null : new byte[size]; }
public SecurityBuffer(byte[]?data, SecurityBufferType tokentype) { this.offset = 0; this.size = data == null ? 0 : data.Length; this.type = tokentype; this.token = size == 0 ? null : data; this.unmanagedToken = null; }
public SecurityBuffer(ChannelBinding binding) { this.offset = 0; this.size = (binding == null ? 0 : binding.Size); this.type = SecurityBufferType.SECBUFFER_CHANNEL_BINDINGS; this.token = null; this.unmanagedToken = binding; }
public SecurityBufferDescriptor(byte[] secBufferBytes) { BufferType = SecurityBufferType.Version; NumBuffers = 1; var buffer = new SecurityBuffer(secBufferBytes); BufferPtr = Marshal.AllocHGlobal(Marshal.SizeOf(buffer)); Marshal.StructureToPtr(buffer, BufferPtr, false); }
private static int DecryptNtlm( SafeDeleteContext securityContext, byte[] buffer, int offset, int count, bool isConfidential, out int newOffset, uint sequenceNumber) { const int ntlmSignatureLength = 16; // For the most part the arguments are verified in Decrypt(). if (count < ntlmSignatureLength) { NetEventSource.Fail(null, "Argument 'count' out of range."); throw new ArgumentOutOfRangeException(nameof(count)); } TwoSecurityBuffers buffers = default; var securityBuffer = MemoryMarshal.CreateSpan(ref buffers._item0, 2); securityBuffer[0] = new SecurityBuffer(buffer, offset, ntlmSignatureLength, SecurityBufferType.SECBUFFER_TOKEN); securityBuffer[1] = new SecurityBuffer(buffer, offset + ntlmSignatureLength, count - ntlmSignatureLength, SecurityBufferType.SECBUFFER_DATA); int errorCode; SecurityBufferType realDataType = SecurityBufferType.SECBUFFER_DATA; if (isConfidential) { errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber); } else { realDataType |= SecurityBufferType.SECBUFFER_READONLY; securityBuffer[1].type = realDataType; errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, securityContext, securityBuffer, sequenceNumber); } if (errorCode != 0) { Exception e = new Win32Exception(errorCode); if (NetEventSource.IsEnabled) { NetEventSource.Error(null, e); } throw new Win32Exception(errorCode); } if (securityBuffer[1].type != realDataType) { throw new InternalException(securityBuffer[1].type); } newOffset = securityBuffer[1].offset; return(securityBuffer[1].size); }
public SecurityBuffer(byte[] data, int offset, int size, SecurityBufferType tokentype) { GlobalLog.Assert(offset >= 0 && offset <= (data == null ? 0 : data.Length), "SecurityBuffer::.ctor", "'offset' out of range. [" + offset + "]"); GlobalLog.Assert(size >= 0 && size <= (data == null ? 0 : data.Length - offset), "SecurityBuffer::.ctor", "'size' out of range. [" + size + "]"); this.offset = data == null || offset < 0 ? 0 : Math.Min(offset, data.Length); this.size = data == null || size < 0 ? 0 : Math.Min(size, data.Length - this.offset); this.type = tokentype; this.token = size == 0 ? null : data; }
public SecurityBuffer(int size, SecurityBufferType tokentype) { Debug.Assert(size >= 0, $"'size' out of range. [{size}]"); this.offset = 0; this.size = size; this.type = tokentype; this.token = size == 0 ? null : new byte[size]; this.unmanagedToken = null; }
public SecurityBufferWrapper(byte[] buffer, SecurityBufferType bufferType) { if (buffer == null || buffer.Length == 0) { throw new ArgumentException("Buffer cannot be null or zero length"); } Buffer = buffer; BufferType = bufferType; }
public BufferWrapper(byte[] buffer, SecurityBufferType bufferType) { if (buffer == null || buffer.Length == 0) { throw new ArgumentException("buffer cannot be null or 0 length"); } Buffer = buffer; BufferType = bufferType; }
public SecurityBuffer(byte[]?data, int offset, int size, SecurityBufferType tokentype) { Debug.Assert(offset >= 0 && offset <= (data == null ? 0 : data.Length), $"'offset' out of range. [{offset}]"); Debug.Assert(size >= 0 && size <= (data == null ? 0 : data.Length - offset), $"'size' out of range. [{size}]"); this.offset = data == null || offset < 0 ? 0 : Math.Min(offset, data.Length); this.size = data == null || size < 0 ? 0 : Math.Min(size, data.Length - this.offset); this.type = tokentype; this.token = size == 0 ? null : data; this.unmanagedToken = null; }
public SecurityBuffer(int size, SecurityBufferType tokentype) { if (size < 0) { NetEventSource.Fail(this, $"'size' out of range. [{size}]"); } this.size = size; this.type = tokentype; this.token = size == 0 ? null : new byte[size]; }
private int DecryptNtlm(byte[] payload, int offset, int count, out int newOffset, uint expectedSeqNumber) { // For the most part the arguments are verified in Encrypt(). if (count < 16) { if (GlobalLog.IsEnabled) { GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(this) + "::DecryptNtlm", "Argument 'count' out of range."); } Debug.Fail("NTAuthentication#" + LoggingHash.HashString(this) + "::DecryptNtlm", "Argument 'count' out of range."); throw new ArgumentOutOfRangeException(nameof(count)); } var securityBuffer = new SecurityBuffer[2]; securityBuffer[0] = new SecurityBuffer(payload, offset, 16, SecurityBufferType.Token); securityBuffer[1] = new SecurityBuffer(payload, offset + 16, count - 16, SecurityBufferType.Data); int errorCode; SecurityBufferType realDataType = SecurityBufferType.Data; if (IsConfidentialityFlag) { errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, expectedSeqNumber); } else { realDataType |= SecurityBufferType.ReadOnlyFlag; securityBuffer[1].type = realDataType; errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, expectedSeqNumber); } if (errorCode != 0) { if (GlobalLog.IsEnabled) { GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::Decrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo)); } throw new Win32Exception(errorCode); } if (securityBuffer[1].type != realDataType) { throw new InternalException(); } newOffset = securityBuffer[1].offset; return(securityBuffer[1].size); }
public SecurityBuffer(int size, SecurityBufferType tokentype) { if (size < 0) { NetEventSource.Fail(typeof(SecurityBuffer), $"'size' out of range. [{size}]"); } this.offset = 0; this.size = size; this.type = tokentype; this.token = size == 0 ? null : new byte[size]; this.unmanagedToken = null; }
public SecurityBuffer(int size, SecurityBufferType tokentype) { if (size < 0) { if (GlobalLog.IsEnabled) { GlobalLog.Assert("SecurityBuffer::.ctor", "'size' out of range. [" + size + "]"); } Debug.Fail("SecurityBuffer::.ctor", "'size' out of range. [" + size + "]"); } this.size = size; this.type = tokentype; this.token = size == 0 ? null : new byte[size]; }
/// <summary> /// Initializes a new instance of the <see cref="SecurityBuffer" /> struct. /// </summary> /// <param name="bytes">The bytes.</param> /// <param name="bufferType">Type of the buffer.</param> public SecurityBuffer(byte[] bytes, SecurityBufferType bufferType) { BufferType = bufferType; if (bytes != null && bytes.Length != 0) { Count = bytes.Length; Token = Marshal.AllocHGlobal(Count); Marshal.Copy(bytes, 0, Token, Count); } else { Count = 0; Token = IntPtr.Zero; } }
public SecurityBuffer(byte[] data, int offset, int size, SecurityBufferType tokentype) { if (offset < 0 || offset > (data == null ? 0 : data.Length)) { NetEventSource.Fail(this, $"'offset' out of range. [{offset}]"); } if (size < 0 || size > (data == null ? 0 : data.Length - offset)) { NetEventSource.Fail(this, $"'size' out of range. [{size}]"); } this.offset = data == null || offset < 0 ? 0 : Math.Min(offset, data.Length); this.size = data == null || size < 0 ? 0 : Math.Min(size, data.Length - this.offset); this.type = tokentype; this.token = size == 0 ? null : data; }
/// <summary> /// Update buffers of a specified type in the list. /// Buffer will be separated automatically to fit the original length of a security buffer. /// If Buffer field of an input security buffer is null, it means the length is unlimited /// (that is all remaining data will be copied into it). /// Only read-write (READONLY flag is not set) security buffer will be updated. /// </summary> /// <param name="securityBuffers">Input security buffers.</param> /// <param name="targetTypes">Specified types.</param> /// <param name="buffer">The buffer to be updated into security buffers.</param> /// <exception cref="ArgumentNullException"> /// Thrown when securityBuffers or buffer is null. /// </exception> /// <exception cref="SspiException"> /// Total length of security buffers is not enough. /// </exception> public static void UpdateSecurityBuffers(SecurityBuffer[] securityBuffers, SecurityBufferType[] targetTypes, byte[] buffer) { if (securityBuffers == null || securityBuffers.Length == 0) { throw new ArgumentNullException("securityBuffers"); } for (int i = 0; i < securityBuffers.Length; i++) { if (securityBuffers[i] == null) { throw new ArgumentNullException("securityBuffers"); } } if (buffer == null) { throw new ArgumentNullException("buffer"); } int offset = 0; for (int i = 0; i < securityBuffers.Length; i++) { SecurityBufferType securityBufferType = (securityBuffers[i].BufferType & ~SecurityBufferType.AttrMask); bool isReadOnly = ((securityBuffers[i].BufferType & SecurityBufferType.ReadOnly) != 0) || ((securityBuffers[i].BufferType & SecurityBufferType.ReadOnlyWithChecksum) != 0); bool typeMatch = false; for (int j = 0; j < targetTypes.Length; j++) { if (securityBufferType == targetTypes[j]) { typeMatch = true; break; } } if (typeMatch && !isReadOnly) { int length = buffer.Length - offset; if (securityBuffers[i].Buffer != null && securityBuffers[i].Buffer.Length < length) { length = securityBuffers[i].Buffer.Length; } securityBuffers[i].Buffer = ArrayUtility.SubArray( buffer, offset, length); offset += length; } } if (offset < buffer.Length) { throw new SspiException("Total length of security buffers is not enough."); } else if (offset > buffer.Length) { //Unlikely to happen throw new InvalidOperationException("Extra data were written to security buffers."); } }
/// <summary> /// Constructor /// </summary> /// <param name="bufferType">SecBuffer type</param> /// <param name="buffer">SecBuffer in bytes.</param> public SecurityBuffer(SecurityBufferType bufferType, byte[] buffer) { this.BufferType = bufferType; this.Buffer = buffer; }
public SecurityBuffer(byte[] data, SecurityBufferType tokentype) { this.size = data == null ? 0 : data.Length; this.type = tokentype; this.token = size == 0 ? null : data; }
/// <summary> /// Constructor. /// </summary> /// <param name="type">The type of buffer.</param> public SecurityBufferEmpty(SecurityBufferType type) : base(type) { }
private static byte[] ConcatenateSecurityBuffers( SecurityBuffer[] securityBuffers, SecurityBufferType[] targetTypes, bool bothReadOnlyAndReadWrite) { byte[] buf = new byte[0]; for (int i = 0; i < securityBuffers.Length; i++) { SecurityBufferType securityBufferType = (securityBuffers[i].BufferType & ~SecurityBufferType.AttrMask); bool typeMatch = false; for (int j = 0; j < targetTypes.Length; j++) { if (securityBufferType == targetTypes[j]) { typeMatch = true; break; } } if (typeMatch) { bool skip = !bothReadOnlyAndReadWrite && (((securityBuffers[i].BufferType & SecurityBufferType.ReadOnly) != 0) || ((securityBuffers[i].BufferType & SecurityBufferType.ReadOnlyWithChecksum) != 0)); if (!skip && securityBuffers[i].Buffer != null) { buf = ArrayUtility.ConcatenateArrays(buf, securityBuffers[i].Buffer); } } } return buf; }
// constructors /// <summary> /// Initializes a new instance of the <see cref="SecurityBuffer" /> struct. /// </summary> /// <param name="bufferSize">Size of the buffer.</param> public SecurityBuffer(int bufferSize) { Count = bufferSize; BufferType = SecurityBufferType.Token; Token = Marshal.AllocHGlobal(bufferSize); }
public SecurityBuffer(ChannelBinding binding) { this.size = (binding == null ? 0 : binding.Size); this.type = SecurityBufferType.ChannelBindings; this.unmanagedToken = binding; }
/// <summary> /// Constructor. /// </summary> /// <param name="type">The type of buffer.</param> /// <param name="size">The size of the output buffer.</param> public SecurityBufferOut(SecurityBufferType type, int size) : base(type) { _size = size; }
/// <summary> /// Constructor. /// </summary> /// <param name="type">The type of the buffer.</param> public SecurityBufferAllocMem(SecurityBufferType type) : base(type) { }
/// <summary> /// Update buffers of a specified type in the list. /// Buffer will be separated automatically to fit the original length of a security buffer. /// If Buffer field of an input security buffer is null, it means the length is unlimited /// (that is all remaining data will be copied into it). /// Only read-write (READONLY flag is not set) security buffer will be updated. /// </summary> /// <param name="securityBuffers">Input security buffers.</param> /// <param name="targetType">A specified type.</param> /// <param name="buffer">The buffer to be updated into security buffers.</param> /// <exception cref="ArgumentNullException"> /// Thrown when securityBuffers or buffer is null. /// </exception> /// <exception cref="SspiException"> /// Total length of security buffers is not enough. /// </exception> public static void UpdateSecurityBuffers(SecurityBuffer[] securityBuffers, SecurityBufferType targetType, byte[] buffer) { UpdateSecurityBuffers(securityBuffers, new SecurityBufferType[] { targetType }, buffer); }
private protected SecurityBuffer(SecurityBufferType type) { Type = type; }
public SecurityBuffer(ChannelBinding binding) { this.size = (binding == null ? 0 : binding.Size); this.type = SecurityBufferType.SECBUFFER_CHANNEL_BINDINGS; this.unmanagedToken = binding; }