internal int MakeSignature(byte[] buffer, int offset, int count, ref byte[] output) { SecSizes sizes = this.Sizes; int num = count + sizes.MaxSignature; if ((output == null) || (output.Length < num)) { output = new byte[num]; } Buffer.BlockCopy(buffer, offset, output, sizes.MaxSignature, count); SecurityBuffer[] input = new SecurityBuffer[] { new SecurityBuffer(output, 0, sizes.MaxSignature, BufferType.Token), new SecurityBuffer(output, sizes.MaxSignature, count, BufferType.Data) }; int error = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, 0); if (error != 0) { throw new Win32Exception(error); } return(input[0].size + input[1].size); }
public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.Secur32.ContextAttribute contextAttribute, out int errorCode) { GlobalLog.Enter("QueryContextAttributes", contextAttribute.ToString()); int nativeBlockSize = IntPtr.Size; Type handleType = null; switch (contextAttribute) { case Interop.Secur32.ContextAttribute.Sizes: nativeBlockSize = SecSizes.SizeOf; break; case Interop.Secur32.ContextAttribute.StreamSizes: nativeBlockSize = StreamSizes.SizeOf; break; case Interop.Secur32.ContextAttribute.Names: handleType = typeof(SafeFreeContextBuffer); break; case Interop.Secur32.ContextAttribute.PackageInfo: handleType = typeof(SafeFreeContextBuffer); break; case Interop.Secur32.ContextAttribute.NegotiationInfo: handleType = typeof(SafeFreeContextBuffer); nativeBlockSize = Marshal.SizeOf<NegotiationInfo>(); break; case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn: handleType = typeof(SafeFreeContextBuffer); break; case Interop.Secur32.ContextAttribute.RemoteCertificate: handleType = typeof(SafeFreeCertContext); break; case Interop.Secur32.ContextAttribute.LocalCertificate: handleType = typeof(SafeFreeCertContext); break; case Interop.Secur32.ContextAttribute.IssuerListInfoEx: nativeBlockSize = Marshal.SizeOf<Interop.Secur32.IssuerListInfoEx>(); handleType = typeof(SafeFreeContextBuffer); break; case Interop.Secur32.ContextAttribute.ConnectionInfo: nativeBlockSize = Marshal.SizeOf<SslConnectionInfo>(); break; default: throw new ArgumentException(SR.Format(SR.net_invalid_enum, "ContextAttribute"), "contextAttribute"); } SafeHandle sspiHandle = null; object attribute = null; try { byte[] nativeBuffer = new byte[nativeBlockSize]; errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle); if (errorCode != 0) { GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode)); return null; } switch (contextAttribute) { case Interop.Secur32.ContextAttribute.Sizes: attribute = new SecSizes(nativeBuffer); break; case Interop.Secur32.ContextAttribute.StreamSizes: attribute = new StreamSizes(nativeBuffer); break; case Interop.Secur32.ContextAttribute.Names: attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle()); break; case Interop.Secur32.ContextAttribute.PackageInfo: attribute = new SecurityPackageInfoClass(sspiHandle, 0); break; case Interop.Secur32.ContextAttribute.NegotiationInfo: unsafe { fixed (void* ptr = nativeBuffer) { attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest)); } } break; case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn: attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle()); break; case Interop.Secur32.ContextAttribute.LocalCertificate: // Fall-through to RemoteCertificate is intentional. case Interop.Secur32.ContextAttribute.RemoteCertificate: attribute = sspiHandle; sspiHandle = null; break; case Interop.Secur32.ContextAttribute.IssuerListInfoEx: attribute = new Interop.Secur32.IssuerListInfoEx(sspiHandle, nativeBuffer); sspiHandle = null; break; case Interop.Secur32.ContextAttribute.ConnectionInfo: attribute = new SslConnectionInfo(nativeBuffer); break; default: // Will return null. break; } } finally { if (sspiHandle != null) { sspiHandle.Dispose(); } } GlobalLog.Leave("QueryContextAttributes", LoggingHash.ObjectToString(attribute)); return attribute; }
private object QueryContextAttributes(SafeDeleteContext securityContext, Interop.Secur32.ContextAttribute contextAttribute, out int errorCode) { GlobalLog.Enter("QueryContextAttributes", contextAttribute.ToString()); int nativeBlockSize = IntPtr.Size; Type handleType = null; switch (contextAttribute) { case Interop.Secur32.ContextAttribute.Sizes: nativeBlockSize = SecSizes.SizeOf; break; case Interop.Secur32.ContextAttribute.StreamSizes: nativeBlockSize = StreamSizes.SizeOf; break; case Interop.Secur32.ContextAttribute.Names: handleType = typeof(SafeFreeContextBuffer); break; case Interop.Secur32.ContextAttribute.PackageInfo: handleType = typeof(SafeFreeContextBuffer); break; case Interop.Secur32.ContextAttribute.NegotiationInfo: handleType = typeof(SafeFreeContextBuffer); nativeBlockSize = Marshal.SizeOf <NegotiationInfo>(); break; case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn: handleType = typeof(SafeFreeContextBuffer); break; case Interop.Secur32.ContextAttribute.RemoteCertificate: handleType = typeof(SafeFreeCertContext); break; case Interop.Secur32.ContextAttribute.LocalCertificate: handleType = typeof(SafeFreeCertContext); break; case Interop.Secur32.ContextAttribute.IssuerListInfoEx: nativeBlockSize = Marshal.SizeOf <Interop.Secur32.IssuerListInfoEx>(); handleType = typeof(SafeFreeContextBuffer); break; case Interop.Secur32.ContextAttribute.ConnectionInfo: nativeBlockSize = Marshal.SizeOf <SslConnectionInfo>(); break; default: throw new ArgumentException(SR.Format(SR.net_invalid_enum, "ContextAttribute"), "contextAttribute"); } SafeHandle SspiHandle = null; object attribute = null; try { byte[] nativeBuffer = new byte[nativeBlockSize]; errorCode = QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out SspiHandle); if (errorCode != 0) { GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode)); return(null); } switch (contextAttribute) { case Interop.Secur32.ContextAttribute.Sizes: attribute = new SecSizes(nativeBuffer); break; case Interop.Secur32.ContextAttribute.StreamSizes: attribute = new StreamSizes(nativeBuffer); break; case Interop.Secur32.ContextAttribute.Names: attribute = Marshal.PtrToStringUni(SspiHandle.DangerousGetHandle()); break; case Interop.Secur32.ContextAttribute.PackageInfo: attribute = new SecurityPackageInfoClass(SspiHandle, 0); break; case Interop.Secur32.ContextAttribute.NegotiationInfo: unsafe { fixed(void *ptr = nativeBuffer) { attribute = new NegotiationInfoClass(SspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest)); } } break; case Interop.Secur32.ContextAttribute.ClientSpecifiedSpn: attribute = Marshal.PtrToStringUni(SspiHandle.DangerousGetHandle()); break; case Interop.Secur32.ContextAttribute.LocalCertificate: goto case Interop.Secur32.ContextAttribute.RemoteCertificate; case Interop.Secur32.ContextAttribute.RemoteCertificate: attribute = SspiHandle; SspiHandle = null; break; case Interop.Secur32.ContextAttribute.IssuerListInfoEx: attribute = new Interop.Secur32.IssuerListInfoEx(SspiHandle, nativeBuffer); SspiHandle = null; break; case Interop.Secur32.ContextAttribute.ConnectionInfo: attribute = new SslConnectionInfo(nativeBuffer); break; default: // Will return null. break; } } finally { if (SspiHandle != null) { SspiHandle.Dispose(); } } GlobalLog.Leave("QueryContextAttributes", Logging.ObjectToString(attribute)); return(attribute); }
internal int Encrypt(byte[] buffer, int offset, int count, ref byte[] output, uint sequenceNumber) { SecSizes sizes = Sizes; try { int maxCount = checked (Int32.MaxValue - 4 - sizes.BlockSize - sizes.SecurityTrailer); if (count > maxCount || count < 0) { throw new ArgumentOutOfRangeException("count", SR.Format(SR.net_io_out_range, maxCount)); } } catch (Exception e) { if (!ExceptionCheck.IsFatal(e) && GlobalLog.IsEnabled) { GlobalLog.Assert("NTAuthentication#" + LoggingHash.HashString(this) + "::Encrypt", "Arguments out of range."); } throw; } int resultSize = count + sizes.SecurityTrailer + sizes.BlockSize; if (output == null || output.Length < resultSize + 4) { output = new byte[resultSize + 4]; } // Make a copy of user data for in-place encryption. Buffer.BlockCopy(buffer, offset, output, 4 + sizes.SecurityTrailer, count); // Prepare buffers TOKEN(signature), DATA and Padding. var securityBuffer = new SecurityBuffer[3]; securityBuffer[0] = new SecurityBuffer(output, 4, sizes.SecurityTrailer, SecurityBufferType.Token); securityBuffer[1] = new SecurityBuffer(output, 4 + sizes.SecurityTrailer, count, SecurityBufferType.Data); securityBuffer[2] = new SecurityBuffer(output, 4 + sizes.SecurityTrailer + count, sizes.BlockSize, SecurityBufferType.Padding); int errorCode; if (IsConfidentialityFlag) { errorCode = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, sequenceNumber); } else { if (IsNTLM) { securityBuffer[1].type |= SecurityBufferType.ReadOnlyFlag; } errorCode = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, _securityContext, securityBuffer, 0); } if (errorCode != 0) { GlobalLog.Print("NTAuthentication#" + LoggingHash.HashString(this) + "::Encrypt() throw Error = " + errorCode.ToString("x", NumberFormatInfo.InvariantInfo)); throw new Win32Exception(errorCode); } // Compacting the result. resultSize = securityBuffer[0].size; bool forceCopy = false; if (resultSize != sizes.SecurityTrailer) { forceCopy = true; Buffer.BlockCopy(output, securityBuffer[1].offset, output, 4 + resultSize, securityBuffer[1].size); } resultSize += securityBuffer[1].size; if (securityBuffer[2].size != 0 && (forceCopy || resultSize != (count + sizes.SecurityTrailer))) { Buffer.BlockCopy(output, securityBuffer[2].offset, output, 4 + resultSize, securityBuffer[2].size); } resultSize += securityBuffer[2].size; unchecked { output[0] = (byte)((resultSize) & 0xFF); output[1] = (byte)(((resultSize) >> 8) & 0xFF); output[2] = (byte)(((resultSize) >> 16) & 0xFF); output[3] = (byte)(((resultSize) >> 24) & 0xFF); } return(resultSize + 4); }
public static object QueryContextAttributes(SSPIInterface secModule, SafeDeleteContext securityContext, Interop.SspiCli.ContextAttribute contextAttribute, out int errorCode) { if (GlobalLog.IsEnabled) { GlobalLog.Enter(nameof(QueryContextAttributes), contextAttribute.ToString()); } int nativeBlockSize = IntPtr.Size; Type handleType = null; switch (contextAttribute) { case Interop.SspiCli.ContextAttribute.Sizes: nativeBlockSize = SecSizes.SizeOf; break; case Interop.SspiCli.ContextAttribute.StreamSizes: nativeBlockSize = StreamSizes.SizeOf; break; case Interop.SspiCli.ContextAttribute.Names: handleType = typeof(SafeFreeContextBuffer); break; case Interop.SspiCli.ContextAttribute.PackageInfo: handleType = typeof(SafeFreeContextBuffer); break; case Interop.SspiCli.ContextAttribute.NegotiationInfo: handleType = typeof(SafeFreeContextBuffer); nativeBlockSize = Marshal.SizeOf <NegotiationInfo>(); break; case Interop.SspiCli.ContextAttribute.ClientSpecifiedSpn: handleType = typeof(SafeFreeContextBuffer); break; case Interop.SspiCli.ContextAttribute.RemoteCertificate: handleType = typeof(SafeFreeCertContext); break; case Interop.SspiCli.ContextAttribute.LocalCertificate: handleType = typeof(SafeFreeCertContext); break; case Interop.SspiCli.ContextAttribute.IssuerListInfoEx: nativeBlockSize = Marshal.SizeOf <Interop.SspiCli.IssuerListInfoEx>(); handleType = typeof(SafeFreeContextBuffer); break; case Interop.SspiCli.ContextAttribute.ConnectionInfo: nativeBlockSize = Marshal.SizeOf <SslConnectionInfo>(); break; default: throw new ArgumentException(SR.Format(SR.net_invalid_enum, nameof(contextAttribute)), nameof(contextAttribute)); } SafeHandle sspiHandle = null; object attribute = null; try { var nativeBuffer = new byte[nativeBlockSize]; errorCode = secModule.QueryContextAttributes(securityContext, contextAttribute, nativeBuffer, handleType, out sspiHandle); if (errorCode != 0) { if (GlobalLog.IsEnabled) { GlobalLog.Leave("Win32:QueryContextAttributes", "ERROR = " + ErrorDescription(errorCode)); } return(null); } switch (contextAttribute) { case Interop.SspiCli.ContextAttribute.Sizes: attribute = new SecSizes(nativeBuffer); break; case Interop.SspiCli.ContextAttribute.StreamSizes: attribute = new StreamSizes(nativeBuffer); break; case Interop.SspiCli.ContextAttribute.Names: attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle()); break; case Interop.SspiCli.ContextAttribute.PackageInfo: attribute = new SecurityPackageInfoClass(sspiHandle, 0); break; case Interop.SspiCli.ContextAttribute.NegotiationInfo: unsafe { fixed(void *ptr = nativeBuffer) { attribute = new NegotiationInfoClass(sspiHandle, Marshal.ReadInt32(new IntPtr(ptr), NegotiationInfo.NegotiationStateOffest)); } } break; case Interop.SspiCli.ContextAttribute.ClientSpecifiedSpn: attribute = Marshal.PtrToStringUni(sspiHandle.DangerousGetHandle()); break; case Interop.SspiCli.ContextAttribute.LocalCertificate: // Fall-through to RemoteCertificate is intentional. case Interop.SspiCli.ContextAttribute.RemoteCertificate: attribute = sspiHandle; sspiHandle = null; break; case Interop.SspiCli.ContextAttribute.IssuerListInfoEx: attribute = new Interop.SspiCli.IssuerListInfoEx(sspiHandle, nativeBuffer); sspiHandle = null; break; case Interop.SspiCli.ContextAttribute.ConnectionInfo: attribute = new SslConnectionInfo(nativeBuffer); break; default: // Will return null. break; } } finally { if (sspiHandle != null) { sspiHandle.Dispose(); } } if (GlobalLog.IsEnabled) { GlobalLog.Leave(nameof(QueryContextAttributes), LoggingHash.ObjectToString(attribute)); } return(attribute); }
internal int Encrypt(byte[] buffer, int offset, int count, ref byte[] output, uint sequenceNumber) { int num3; SecSizes sizes = this.Sizes; try { int num = (0x7ffffffb - sizes.BlockSize) - sizes.SecurityTrailer; if ((count > num) || (count < 0)) { throw new ArgumentOutOfRangeException("count", SR.GetString("net_io_out_range", new object[] { num })); } } catch (Exception exception) { NclUtilities.IsFatal(exception); throw; } int size = (count + sizes.SecurityTrailer) + sizes.BlockSize; if ((output == null) || (output.Length < (size + 4))) { output = new byte[size + 4]; } Buffer.BlockCopy(buffer, offset, output, 4 + sizes.SecurityTrailer, count); SecurityBuffer[] input = new SecurityBuffer[] { new SecurityBuffer(output, 4, sizes.SecurityTrailer, BufferType.Token), new SecurityBuffer(output, 4 + sizes.SecurityTrailer, count, BufferType.Data), new SecurityBuffer(output, (4 + sizes.SecurityTrailer) + count, sizes.BlockSize, BufferType.Padding) }; if (this.IsConfidentialityFlag) { num3 = SSPIWrapper.EncryptMessage(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, sequenceNumber); } else { if (this.IsNTLM) { SecurityBuffer buffer1 = input[1]; buffer1.type |= BufferType.ReadOnlyFlag; } num3 = SSPIWrapper.MakeSignature(GlobalSSPI.SSPIAuth, this.m_SecurityContext, input, 0); } if (num3 != 0) { throw new Win32Exception(num3); } size = input[0].size; bool flag = false; if (size != sizes.SecurityTrailer) { flag = true; Buffer.BlockCopy(output, input[1].offset, output, 4 + size, input[1].size); } size += input[1].size; if ((input[2].size != 0) && (flag || (size != (count + sizes.SecurityTrailer)))) { Buffer.BlockCopy(output, input[2].offset, output, 4 + size, input[2].size); } size += input[2].size; output[0] = (byte)(size & 0xff); output[1] = (byte)((size >> 8) & 0xff); output[2] = (byte)((size >> 0x10) & 0xff); output[3] = (byte)((size >> 0x18) & 0xff); return(size + 4); }