public byte[] EncryptMessage(byte[] plainTextBytes) { using var inputBuffer = new GssInputBuffer(plainTextBytes); using var outputBuffer = new GssOutputBuffer(); var majorStatus = NativeMethods.gss_wrap(out uint minorStatus, handle, 0, 0, inputBuffer, out int _, outputBuffer); Gss.ThrowIfError(majorStatus, minorStatus); return(outputBuffer.ToByteArray()); }
public byte[] DecryptMessage(int messageLength, byte[] encryptedBytes) { using var inputBuffer = new GssInputBuffer(encryptedBytes); using var outputBuffer = new GssOutputBuffer(); var majorStatus = NativeMethods.gss_unwrap(out uint minorStatus, handle, inputBuffer, outputBuffer, out int _, out int _); Gss.ThrowIfError(majorStatus, minorStatus); return(outputBuffer.ToByteArray()); }
public byte[] Next(byte[] challenge) { using var inputToken = new GssInputBuffer(challenge); using var outputToken = new GssOutputBuffer(); const GssFlags authenticationFlags = GssFlags.GSS_C_MUTUAL_FLAG | GssFlags.GSS_C_SEQUENCE_FLAG; var majorStatus = NativeMethods.gss_init_sec_context(out var minorStatus, _credential, in handle, _servicePrincipalName, IntPtr.Zero, authenticationFlags, 0, IntPtr.Zero, inputToken, out var _, outputToken, out var _, out var _); Gss.ThrowIfError(majorStatus, minorStatus); _isInitialized = true; return(outputToken.ToByteArray()); }
public static GssapiServicePrincipalName Create(string service, string host, string realm) { var servicePrincipalName = $"{service}@{host}"; if (!string.IsNullOrEmpty(realm)) { servicePrincipalName += $"@{realm}"; } using (var spnBuffer = new GssInputBuffer(servicePrincipalName)) { var majorStatus = NativeMethods.gss_import_name(out var minorStatus, spnBuffer, in Oid.GSS_C_NT_HOSTBASED_SERVICE, out var spnName); Gss.ThrowIfError(majorStatus, minorStatus); return(new GssapiServicePrincipalName(spnName)); } }
public static GssapiSecurityCredential Acquire(string username, SecureString password) { var gssName = IntPtr.Zero; try { using (var nameBuffer = new GssInputBuffer(username)) { uint minorStatus, majorStatus; majorStatus = NativeMethods.gss_import_name(out minorStatus, nameBuffer, in Oid.GSS_C_NT_USER_NAME, out gssName); Gss.ThrowIfError(majorStatus, minorStatus); GssapiSecurityCredential securityCredential; if (password != null) { using (var passwordBuffer = new GssInputBuffer(SecureStringHelper.ToInsecureString(password))) { majorStatus = NativeMethods.gss_acquire_cred_with_password(out minorStatus, gssName, passwordBuffer, uint.MaxValue, IntPtr.Zero, GssCredentialUsage.GSS_C_INITIATE, out securityCredential, IntPtr.Zero, out uint _); } } else { majorStatus = NativeMethods.gss_acquire_cred(out minorStatus, gssName, uint.MaxValue, IntPtr.Zero, GssCredentialUsage.GSS_C_INITIATE, out securityCredential, IntPtr.Zero, out uint _); } Gss.ThrowIfError(majorStatus, minorStatus); return(securityCredential); } } finally { if (gssName != IntPtr.Zero) { _ = NativeMethods.gss_release_name(out _, gssName); } } }