| public static VerifySignature ( System.Net.Security.SSPIInterface secModule, SafeDeleteContext context, SecurityBuffer input, uint sequenceNumber ) : int | ||
| secModule | System.Net.Security.SSPIInterface | |
| context | SafeDeleteContext | |
| input | SecurityBuffer | |
| sequenceNumber | uint | |
| return | int | |
internal int Decrypt(byte[] payload, int offset, int count, out int newOffset, uint expectedSeqNumber)
{
if (offset < 0 || offset > (payload == null ? 0 : payload.Length))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(this) + "::Decrypt", "Argument 'offset' out of range.");
}
throw new ArgumentOutOfRangeException("offset");
}
if (count < 0 || count > (payload == null ? 0 : payload.Length - offset))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(this) + "::Decrypt", "Argument 'count' out of range.");
}
throw new ArgumentOutOfRangeException("count");
}
if (IsNTLM)
{
return(DecryptNtlm(payload, offset, count, out newOffset, expectedSeqNumber));
}
//
// Kerberos and up
//
var securityBuffer = new SecurityBuffer[2];
securityBuffer[0] = new SecurityBuffer(payload, offset, count, SecurityBufferType.Stream);
securityBuffer[1] = new SecurityBuffer(0, SecurityBufferType.Data);
int errorCode;
if (IsConfidentialityFlag)
{
errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, expectedSeqNumber);
}
else
{
errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, expectedSeqNumber);
}
if (errorCode != 0)
{
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::Decrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo));
throw new Win32Exception(errorCode);
}
if (securityBuffer[1].type != SecurityBufferType.Data)
{
throw new InternalException();
}
newOffset = securityBuffer[1].offset;
return(securityBuffer[1].size);
}
private int DecryptNtlm(byte[] payload, int offset, int count, out int newOffset, uint expectedSeqNumber)
{
int num;
if (count < 0x10)
{
throw new ArgumentOutOfRangeException("count");
}
SecurityBuffer[] input = new SecurityBuffer[] { new SecurityBuffer(payload, offset, 0x10, BufferType.Token), new SecurityBuffer(payload, offset + 0x10, count - 0x10, BufferType.Data) };
BufferType data = BufferType.Data;
if (this.IsConfidentialityFlag)
{
num = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, expectedSeqNumber);
}
else
{
data |= BufferType.ReadOnlyFlag;
input[1].type = data;
num = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, expectedSeqNumber);
}
if (num != 0)
{
throw new Win32Exception(num);
}
if (input[1].type != data)
{
throw new InternalException();
}
newOffset = input[1].offset;
return(input[1].size);
}
private int DecryptNtlm(byte[] payload, int offset, int count, out int newOffset, uint expectedSeqNumber)
{
// For the most part the arguments are verified in Encrypt().
if (count < 16)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(this) + "::DecryptNtlm", "Argument 'count' out of range.");
}
Debug.Fail("NTAuthentication#" + LoggingHash.HashString(this) + "::DecryptNtlm", "Argument 'count' out of range.");
throw new ArgumentOutOfRangeException(nameof(count));
}
var securityBuffer = new SecurityBuffer[2];
securityBuffer[0] = new SecurityBuffer(payload, offset, 16, SecurityBufferType.Token);
securityBuffer[1] = new SecurityBuffer(payload, offset + 16, count - 16, SecurityBufferType.Data);
int errorCode;
SecurityBufferType realDataType = SecurityBufferType.Data;
if (IsConfidentialityFlag)
{
errorCode = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, expectedSeqNumber);
}
else
{
realDataType |= SecurityBufferType.ReadOnlyFlag;
securityBuffer[1].type = realDataType;
errorCode = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, expectedSeqNumber);
}
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::Decrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo));
}
throw new Win32Exception(errorCode);
}
if (securityBuffer[1].type != realDataType)
{
throw new InternalException();
}
newOffset = securityBuffer[1].offset;
return(securityBuffer[1].size);
}
internal int VerifySignature(byte[] buffer, int offset, int count)
{
if ((offset < 0) || (offset > ((buffer == null) ? 0 : buffer.Length)))
{
throw new ArgumentOutOfRangeException("offset");
}
if ((count < 0) || (count > ((buffer == null) ? 0 : (buffer.Length - offset))))
{
throw new ArgumentOutOfRangeException("count");
}
SecurityBuffer[] input = new SecurityBuffer[] { new SecurityBuffer(buffer, offset, count, BufferType.Stream), new SecurityBuffer(0, BufferType.Data) };
int error = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, 0);
if (error != 0)
{
throw new Win32Exception(error);
}
if (input[1].type != BufferType.Data)
{
throw new InternalException();
}
return(input[1].size);
}
internal int Decrypt(byte[] payload, int offset, int count, out int newOffset, uint expectedSeqNumber)
{
int num;
if ((offset < 0) || (offset > ((payload == null) ? 0 : payload.Length)))
{
throw new ArgumentOutOfRangeException("offset");
}
if ((count < 0) || (count > ((payload == null) ? 0 : (payload.Length - offset))))
{
throw new ArgumentOutOfRangeException("count");
}
if (this.IsNTLM)
{
return(this.DecryptNtlm(payload, offset, count, out newOffset, expectedSeqNumber));
}
SecurityBuffer[] input = new SecurityBuffer[] { new SecurityBuffer(payload, offset, count, BufferType.Stream), new SecurityBuffer(0, BufferType.Data) };
if (this.IsConfidentialityFlag)
{
num = SSPIWrapper.DecryptMessage(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, expectedSeqNumber);
}
else
{
num = SSPIWrapper.VerifySignature(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, expectedSeqNumber);
}
if (num != 0)
{
throw new Win32Exception(num);
}
if (input[1].type != BufferType.Data)
{
throw new InternalException();
}
newOffset = input[1].offset;
return(input[1].size);
}
