public static SecurityStatusPal DecryptMessage(SafeDeleteContext securityContext, byte[] buffer, ref int offset, ref int count)
{
// Decryption using SCHANNEL requires four buffers.
SecurityBuffer[] decspc = new SecurityBuffer[4];
decspc[0] = new SecurityBuffer(buffer, offset, count, SecurityBufferType.Data);
decspc[1] = new SecurityBuffer(null, SecurityBufferType.Empty);
decspc[2] = new SecurityBuffer(null, SecurityBufferType.Empty);
decspc[3] = new SecurityBuffer(null, SecurityBufferType.Empty);
Interop.SecurityStatus errorCode = (Interop.SecurityStatus)SSPIWrapper.DecryptMessage(
GlobalSSPI.SSPISecureChannel,
securityContext,
decspc,
0);
count = 0;
for (int i = 0; i < decspc.Length; i++)
{
// Successfully decoded data and placed it at the following position in the buffer,
if ((errorCode == Interop.SecurityStatus.OK && decspc[i].type == SecurityBufferType.Data)
// or we failed to decode the data, here is the encoded data.
|| (errorCode != Interop.SecurityStatus.OK && decspc[i].type == SecurityBufferType.Extra))
{
offset = decspc[i].offset;
count = decspc[i].size;
break;
}
}
return(SecurityStatusAdapterPal.GetSecurityStatusPalFromInterop(errorCode));
}
public static SecurityStatusPal EncryptMessage(SafeDeleteContext securityContext, byte[] input, int offset, int size, int headerSize, int trailerSize, ref byte[] output, out int resultSize)
{
byte[] writeBuffer = output;
// Copy the input into the output buffer to prepare for SCHANNEL's expectations
Buffer.BlockCopy(input, offset, writeBuffer, headerSize, size);
// Encryption using SCHANNEL requires 4 buffers: header, payload, trailer, empty.
SecurityBuffer[] securityBuffer = new SecurityBuffer[4];
securityBuffer[0] = new SecurityBuffer(writeBuffer, 0, headerSize, SecurityBufferType.Header);
securityBuffer[1] = new SecurityBuffer(writeBuffer, headerSize, size, SecurityBufferType.Data);
securityBuffer[2] = new SecurityBuffer(writeBuffer, headerSize + size, trailerSize, SecurityBufferType.Trailer);
securityBuffer[3] = new SecurityBuffer(null, SecurityBufferType.Empty);
int errorCode = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPISecureChannel, securityContext, securityBuffer, 0);
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("SslStreamPal.Windows: SecureChannel#" + LoggingHash.HashString(securityContext) + "::Encrypt ERROR" + errorCode.ToString("x"));
}
resultSize = 0;
}
else
{
// The full buffer may not be used.
resultSize = securityBuffer[0].size + securityBuffer[1].size + securityBuffer[2].size;
}
return(SecurityStatusAdapterPal.GetSecurityStatusPalFromNativeInt(errorCode));
}
public static SecurityStatusPal EncryptMessage(SafeDeleteContext securityContext, byte[] input, int offset, int size, int headerSize, int trailerSize, ref byte[] output, out int resultSize)
{
// Ensure that there is sufficient space for the message output.
try
{
int bufferSizeNeeded = checked (size + headerSize + trailerSize);
if (output == null || output.Length < bufferSizeNeeded)
{
output = new byte[bufferSizeNeeded];
}
}
catch (Exception e)
{
if (!ExceptionCheck.IsFatal(e))
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("SslStreamPal.Windows: SecureChannel#" + LoggingHash.HashString(securityContext) + "::Encrypt", "Arguments out of range.");
}
Debug.Fail("SslStreamPal.Windows: SecureChannel#" + LoggingHash.HashString(securityContext) + "::Encrypt", "Arguments out of range.");
}
throw;
}
byte[] writeBuffer = output;
// Copy the input into the output buffer to prepare for SCHANNEL's expectations
Buffer.BlockCopy(input, offset, writeBuffer, headerSize, size);
// Encryption using SCHANNEL requires 4 buffers: header, payload, trailer, empty.
SecurityBuffer[] securityBuffer = new SecurityBuffer[4];
securityBuffer[0] = new SecurityBuffer(writeBuffer, 0, headerSize, SecurityBufferType.Header);
securityBuffer[1] = new SecurityBuffer(writeBuffer, headerSize, size, SecurityBufferType.Data);
securityBuffer[2] = new SecurityBuffer(writeBuffer, headerSize + size, trailerSize, SecurityBufferType.Trailer);
securityBuffer[3] = new SecurityBuffer(null, SecurityBufferType.Empty);
int errorCode = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPISecureChannel, securityContext, securityBuffer, 0);
if (errorCode != 0)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("SslStreamPal.Windows: SecureChannel#" + LoggingHash.HashString(securityContext) + "::Encrypt ERROR" + errorCode.ToString("x"));
}
resultSize = 0;
}
else
{
// The full buffer may not be used.
resultSize = securityBuffer[0].size + securityBuffer[1].size + securityBuffer[2].size;
}
return(SecurityStatusAdapterPal.GetSecurityStatusPalFromNativeInt(errorCode));
}
public static SecurityStatusPal AcceptSecurityContext(ref SafeFreeCredentials credentialsHandle, ref SafeDeleteContext context, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, bool remoteCertRequired)
{
Interop.SspiCli.ContextFlags unusedAttributes = default(Interop.SspiCli.ContextFlags);
int errorCode = SSPIWrapper.AcceptSecurityContext(
GlobalSSPI.SSPISecureChannel,
ref credentialsHandle,
ref context,
ServerRequiredFlags | (remoteCertRequired ? Interop.SspiCli.ContextFlags.MutualAuth : Interop.SspiCli.ContextFlags.Zero),
Interop.SspiCli.Endianness.Native,
inputBuffer,
outputBuffer,
ref unusedAttributes);
return(SecurityStatusAdapterPal.GetSecurityStatusPalFromNativeInt(errorCode));
}
public static SecurityStatusPal InitializeSecurityContext(SafeFreeCredentials credentialsHandle, ref SafeDeleteContext context, string targetName, SecurityBuffer[] inputBuffers, SecurityBuffer outputBuffer)
{
Interop.SspiCli.ContextFlags unusedAttributes = default(Interop.SspiCli.ContextFlags);
int errorCode = SSPIWrapper.InitializeSecurityContext(
GlobalSSPI.SSPISecureChannel,
credentialsHandle,
ref context,
targetName,
RequiredFlags | Interop.SspiCli.ContextFlags.InitManualCredValidation,
Interop.SspiCli.Endianness.Native,
inputBuffers,
outputBuffer,
ref unusedAttributes);
return(SecurityStatusAdapterPal.GetSecurityStatusPalFromNativeInt(errorCode));
}
public static Exception GetException(SecurityStatusPal status)
{
int win32Code = (int)SecurityStatusAdapterPal.GetInteropFromSecurityStatusPal(status);
return(new Win32Exception(win32Code));
}
