/// <summary>
/// Verifies the signature of a message
/// </summary>
public void VerifySignature(SecurityContext context, byte[] message, byte[] signature)
{
// parameters validation
if (context == null)
{
throw new ArgumentNullException("context");
}
if (message == null)
{
throw new ArgumentNullException("message");
}
if (signature == null)
{
throw new ArgumentNullException("signature");
}
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(2);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_DATA, message);
inputBuffers.SetBuffer(1, (int)SSPINative.SECBUFFER_TOKEN, signature);
// verify signature
Int64 contextHandle = context.Handle;
int error = SSPINative.VerifySignature(
ref contextHandle,
inputBuffers,
0,
0);
if (error < 0)
{
switch (error)
{
case SSPINative.SEC_E_MESSAGE_ALTERED:
throw new SSPIException(error, "The message or signature supplied for verification has been altered");
case SSPINative.SEC_E_OUT_OF_SEQUENCE:
throw new SSPIException(error, "The message supplied for verification is out of sequence");
default:
throw new SSPIException(error, "Could not verify message signature");
}
;
}
}
/// <summary>
/// Decrypts message
/// </summary>
public byte[] DecryptMessage(SecurityContext context, byte[] encBuffer)
{
// parameters validation
if (context == null)
{
throw new ArgumentNullException("context");
}
if (encBuffer == null)
{
throw new ArgumentNullException("encMessage");
}
// parse encrypted buffer
byte[] encrypted;
byte[] trailer;
ParseEncryptedBuffer(encBuffer, out encrypted, out trailer);
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(2);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_DATA, encrypted);
inputBuffers.SetBuffer(1, (int)SSPINative.SECBUFFER_TOKEN, trailer);
// encrypt message
Int64 contextHandle = context.Handle;
int error = SSPINative.DecryptMessage(
ref contextHandle,
inputBuffers,
0,
0);
if (error < 0)
{
throw new SSPIException(error, "Could not decrypt message");
}
// get decrypted message
byte[] message = inputBuffers.GetBuffer(0);
inputBuffers.Dispose();
return(message);
}
/// <summary>
/// Encrypts message
/// </summary>
public byte[] EncryptMessage(SecurityContext context, byte[] message)
{
// parameters validation
if (context == null)
{
throw new ArgumentNullException("context");
}
if (message == null)
{
throw new ArgumentNullException("message");
}
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(2);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_DATA, message);
inputBuffers.SetBuffer(1, (int)SSPINative.SECBUFFER_TOKEN, context.SecurityTrailer);
// encrypt message
Int64 contextHandle = context.Handle;
int error = SSPINative.EncryptMessage(
ref contextHandle,
0,
inputBuffers,
0);
if (error < 0)
{
throw new SSPIException(error, "Could not encrypt message");
}
// get encrypted data and trailer
byte[] encrypted = inputBuffers.GetBuffer(0);
byte[] trailer = inputBuffers.GetBuffer(1);
inputBuffers.Dispose();
// create encrypted buffer
return(CreateEncryptedBuffer(encrypted, trailer));
}
/// <summary>
/// Creates the signature of a message
/// </summary>
public byte[] CreateSignature(SecurityContext context, byte[] message)
{
// parameters validation
if (context == null)
{
throw new ArgumentNullException("context");
}
if (message == null)
{
throw new ArgumentNullException("message");
}
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(2);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_DATA, message);
inputBuffers.SetBuffer(1, (int)SSPINative.SECBUFFER_TOKEN, context.MaxSignature);
// create signature
Int64 contextHandle = context.Handle;
int error = SSPINative.MakeSignature(
ref contextHandle,
0,
inputBuffers,
0);
if (error < 0)
{
throw new SSPIException(error, "Could not create signature");
}
// get signature
byte[] signature = inputBuffers.GetBuffer(1);
inputBuffers.Dispose();
return(signature);
}
/// <summary>
/// Updates security context, proceeds input token and generates output token
/// </summary>
public void UpdateSecurityContext(
SecurityContext context,
SecurityContextAttributes contextAttributes,
byte[] inputToken,
out byte[] outputToken)
{
// parameters validation
if (context == null)
{
throw new ArgumentNullException("credentials");
}
if (inputToken == null)
{
throw new ArgumentNullException("inputToken");
}
// prepare requirements for context
uint contextReq = GetContextRequirements(context.Type == SecurityContextType.Server, contextAttributes);
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(1);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, inputToken);
SecurityBuffers outputBuffers = new SecurityBuffers(1);
outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken);
// update context
Int64 credHandle = context.credentials.Handle;
Int64 contextHandle = context.Handle;
uint contextAttribs;
int error;
if (context.Type == SecurityContextType.Client)
{
error = SSPINative.InitializeSecurityContext(
ref credHandle,
ref contextHandle,
null,
contextReq,
0,
SSPINative.SECURITY_NETWORK_DREP,
inputBuffers,
0,
IntPtr.Zero,
outputBuffers,
out contextAttribs,
IntPtr.Zero);
}
else
{
error = SSPINative.AcceptSecurityContext(
ref credHandle,
ref contextHandle,
inputBuffers,
contextReq,
SSPINative.SECURITY_NETWORK_DREP,
IntPtr.Zero,
outputBuffers,
out contextAttribs,
IntPtr.Zero);
}
inputBuffers.Dispose();
// check context state
bool continueNeeded = false;
bool completeNeeded = false;
switch (error)
{
case Win32.ERROR_SUCCESS:
break;
case SSPINative.SEC_I_CONTINUE_NEEDED:
continueNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_NEEDED:
completeNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_AND_CONTINUE:
continueNeeded = true;
completeNeeded = true;
break;
default:
throw new SSPIException(error, "Could not update security context");
}
if (completeNeeded)
{
// complete context
error = SSPINative.CompleteAuthToken(ref contextHandle, outputBuffers);
if (error < 0)
{
throw new SSPIException(error, "Could not complete security context");
}
}
// get output token
outputToken = outputBuffers.GetBuffer(0);
outputBuffers.Dispose();
// update context object state
if (!continueNeeded)
{
context.SetCompleted();
}
}
/// <summary>
/// Creates security context and generates client token
/// </summary>
public SecurityContext CreateSecurityContext(
SecurityCredentials credentials,
SecurityContextAttributes contextAttributes,
string targetName,
out byte[] outputToken)
{
// parameters validation
if (credentials == null)
throw new ArgumentNullException("credentials");
// prepare requirements for context
uint contextReq = GetContextRequirements(false, contextAttributes);
// prepare buffers
SecurityBuffers outputBuffers = new SecurityBuffers(1);
outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken);
// create context
Int64 credHandle = credentials.Handle;
Int64 newContextHandle;
Int64 contextExpiry;
uint contextAttribs;
int error = SSPINative.InitializeSecurityContext(
ref credHandle,
IntPtr.Zero,
targetName,
contextReq,
0,
SSPINative.SECURITY_NETWORK_DREP,
null,
0,
out newContextHandle,
outputBuffers,
out contextAttribs,
out contextExpiry);
// check context state
bool continueNeeded = false;
bool completeNeeded = false;
switch (error)
{
case Win32.ERROR_SUCCESS:
break;
case SSPINative.SEC_I_CONTINUE_NEEDED:
continueNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_NEEDED:
completeNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_AND_CONTINUE:
continueNeeded = true;
completeNeeded = true;
break;
default:
throw new SSPIException(error, "Could not create security context");
}
if (completeNeeded)
{
// complete context
error = SSPINative.CompleteAuthToken(ref newContextHandle, outputBuffers);
if (error < 0)
throw new SSPIException(error, "Could not complete security context");
}
// get output token
outputToken = outputBuffers.GetBuffer(0);
outputBuffers.Dispose();
// create context object
SecurityContextState contextState = (continueNeeded ? SecurityContextState.ContinueNeeded : SecurityContextState.Completed);
return new SecurityContext(credentials, newContextHandle, contextExpiry, SecurityContextType.Client, contextState);
}
/// <summary>
/// Creates security context, proceeds client token and generates server token
/// </summary>
public SecurityContext AcceptSecurityContext(
SecurityCredentials credentials,
SecurityContextAttributes contextAttributes,
byte[] inputToken,
out byte[] outputToken)
{
// parameters validation
if (credentials == null)
{
throw new ArgumentNullException("credentials");
}
if (inputToken == null)
{
throw new ArgumentNullException("inputToken");
}
// prepare requirements for context
uint contextReq = GetContextRequirements(true, contextAttributes);
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(1);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, inputToken);
SecurityBuffers outputBuffers = new SecurityBuffers(1);
outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken);
// create context
Int64 credHandle = credentials.Handle;
Int64 newContextHandle;
Int64 contextExpiry;
uint contextAttribs;
int error = SSPINative.AcceptSecurityContext(
ref credHandle,
IntPtr.Zero,
inputBuffers,
contextReq,
SSPINative.SECURITY_NETWORK_DREP,
out newContextHandle,
outputBuffers,
out contextAttribs,
out contextExpiry);
inputBuffers.Dispose();
// check context state
bool continueNeeded = false;
bool completeNeeded = false;
switch (error)
{
case Win32.ERROR_SUCCESS:
break;
case SSPINative.SEC_I_CONTINUE_NEEDED:
continueNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_NEEDED:
completeNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_AND_CONTINUE:
continueNeeded = true;
completeNeeded = true;
break;
default:
throw new SSPIException(error, "Could not accept security context");
}
if (completeNeeded)
{
// complete context
error = SSPINative.CompleteAuthToken(ref newContextHandle, outputBuffers);
if (error < 0)
{
throw new SSPIException(error, "Could not complete security context");
}
}
// get output token
outputToken = outputBuffers.GetBuffer(0);
outputBuffers.Dispose();
// create context object
SecurityContextState contextState = (continueNeeded ? SecurityContextState.ContinueNeeded : SecurityContextState.Completed);
return(new SecurityContext(credentials, newContextHandle, contextExpiry, SecurityContextType.Server, contextState));
}
/// <summary>
/// Decrypts message
/// </summary>
public byte[] DecryptMessage(SecurityContext context, byte[] encBuffer)
{
// parameters validation
if (context == null)
throw new ArgumentNullException("context");
if (encBuffer == null)
throw new ArgumentNullException("encMessage");
// parse encrypted buffer
byte[] encrypted;
byte[] trailer;
ParseEncryptedBuffer(encBuffer, out encrypted, out trailer);
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(2);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_DATA, encrypted);
inputBuffers.SetBuffer(1, (int)SSPINative.SECBUFFER_TOKEN, trailer);
// encrypt message
Int64 contextHandle = context.Handle;
int error = SSPINative.DecryptMessage(
ref contextHandle,
inputBuffers,
0,
0);
if (error < 0)
throw new SSPIException(error, "Could not decrypt message");
// get decrypted message
byte[] message = inputBuffers.GetBuffer(0);
inputBuffers.Dispose();
return message;
}
/// <summary>
/// Encrypts message
/// </summary>
public byte[] EncryptMessage(SecurityContext context, byte[] message)
{
// parameters validation
if (context == null)
throw new ArgumentNullException("context");
if (message == null)
throw new ArgumentNullException("message");
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(2);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_DATA, message);
inputBuffers.SetBuffer(1, (int)SSPINative.SECBUFFER_TOKEN, context.SecurityTrailer);
// encrypt message
Int64 contextHandle = context.Handle;
int error = SSPINative.EncryptMessage(
ref contextHandle,
0,
inputBuffers,
0);
if (error < 0)
throw new SSPIException(error, "Could not encrypt message");
// get encrypted data and trailer
byte[] encrypted = inputBuffers.GetBuffer(0);
byte[] trailer = inputBuffers.GetBuffer(1);
inputBuffers.Dispose();
// create encrypted buffer
return CreateEncryptedBuffer(encrypted, trailer);
}
/// <summary>
/// Verifies the signature of a message
/// </summary>
public void VerifySignature(SecurityContext context, byte[] message, byte[] signature)
{
// parameters validation
if (context == null)
throw new ArgumentNullException("context");
if (message == null)
throw new ArgumentNullException("message");
if (signature == null)
throw new ArgumentNullException("signature");
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(2);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_DATA, message);
inputBuffers.SetBuffer(1, (int)SSPINative.SECBUFFER_TOKEN, signature);
// verify signature
Int64 contextHandle = context.Handle;
int error = SSPINative.VerifySignature(
ref contextHandle,
inputBuffers,
0,
0);
if (error < 0)
{
switch (error)
{
case SSPINative.SEC_E_MESSAGE_ALTERED:
throw new SSPIException(error, "The message or signature supplied for verification has been altered");
case SSPINative.SEC_E_OUT_OF_SEQUENCE:
throw new SSPIException(error, "The message supplied for verification is out of sequence");
default:
throw new SSPIException(error, "Could not verify message signature");
};
}
}
/// <summary>
/// Creates the signature of a message
/// </summary>
public byte[] CreateSignature(SecurityContext context, byte[] message)
{
// parameters validation
if (context == null)
throw new ArgumentNullException("context");
if (message == null)
throw new ArgumentNullException("message");
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(2);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_DATA, message);
inputBuffers.SetBuffer(1, (int)SSPINative.SECBUFFER_TOKEN, context.MaxSignature);
// create signature
Int64 contextHandle = context.Handle;
int error = SSPINative.MakeSignature(
ref contextHandle,
0,
inputBuffers,
0);
if (error < 0)
throw new SSPIException(error, "Could not create signature");
// get signature
byte[] signature = inputBuffers.GetBuffer(1);
inputBuffers.Dispose();
return signature;
}
/// <summary>
/// Updates security context, proceeds input token and generates output token
/// </summary>
public void UpdateSecurityContext(
SecurityContext context,
SecurityContextAttributes contextAttributes,
byte[] inputToken,
out byte[] outputToken)
{
// parameters validation
if (context == null)
throw new ArgumentNullException("credentials");
if (inputToken == null)
throw new ArgumentNullException("inputToken");
// prepare requirements for context
uint contextReq = GetContextRequirements(context.Type == SecurityContextType.Server, contextAttributes);
// prepare buffers
SecurityBuffers inputBuffers = new SecurityBuffers(1);
inputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, inputToken);
SecurityBuffers outputBuffers = new SecurityBuffers(1);
outputBuffers.SetBuffer(0, (int)SSPINative.SECBUFFER_TOKEN, _secPackage.MaxToken);
// update context
Int64 credHandle = context.credentials.Handle;
Int64 contextHandle = context.Handle;
uint contextAttribs;
int error;
if (context.Type == SecurityContextType.Client)
{
error = SSPINative.InitializeSecurityContext(
ref credHandle,
ref contextHandle,
null,
contextReq,
0,
SSPINative.SECURITY_NETWORK_DREP,
inputBuffers,
0,
IntPtr.Zero,
outputBuffers,
out contextAttribs,
IntPtr.Zero);
}
else
{
error = SSPINative.AcceptSecurityContext(
ref credHandle,
ref contextHandle,
inputBuffers,
contextReq,
SSPINative.SECURITY_NETWORK_DREP,
IntPtr.Zero,
outputBuffers,
out contextAttribs,
IntPtr.Zero);
}
inputBuffers.Dispose();
// check context state
bool continueNeeded = false;
bool completeNeeded = false;
switch (error)
{
case Win32.ERROR_SUCCESS:
break;
case SSPINative.SEC_I_CONTINUE_NEEDED:
continueNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_NEEDED:
completeNeeded = true;
break;
case SSPINative.SEC_I_COMPLETE_AND_CONTINUE:
continueNeeded = true;
completeNeeded = true;
break;
default:
throw new SSPIException(error, "Could not update security context");
}
if (completeNeeded)
{
// complete context
error = SSPINative.CompleteAuthToken(ref contextHandle, outputBuffers);
if (error < 0)
throw new SSPIException(error, "Could not complete security context");
}
// get output token
outputToken = outputBuffers.GetBuffer(0);
outputBuffers.Dispose();
// update context object state
if (!continueNeeded)
{
context.SetCompleted();
}
}
