private static int GssUnwrap( SafeGssContextHandle?context, byte[] buffer, int offset, int count) { Debug.Assert((buffer != null) && (buffer.Length > 0), "Invalid input buffer passed to Decrypt"); Debug.Assert((offset >= 0) && (offset <= buffer.Length), "Invalid input offset passed to Decrypt"); Debug.Assert((count >= 0) && (count <= (buffer.Length - offset)), "Invalid input count passed to Decrypt"); Interop.NetSecurityNative.GssBuffer decryptedBuffer = default(Interop.NetSecurityNative.GssBuffer); try { Interop.NetSecurityNative.Status minorStatus; Interop.NetSecurityNative.Status status = Interop.NetSecurityNative.UnwrapBuffer(out minorStatus, context, buffer, offset, count, ref decryptedBuffer); if (status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) { throw new Interop.NetSecurityNative.GssApiException(status, minorStatus); } return(decryptedBuffer.Copy(buffer, offset)); } finally { decryptedBuffer.Dispose(); } }
static byte[] GssWrap( SafeGssContextHandle context, bool encrypt, byte[] buffer, int offset, int count) { Debug.Assert((buffer != null) && (buffer.Length > 0), "Invalid input buffer passed to Encrypt"); Debug.Assert((offset >= 0) && (offset < buffer.Length), "Invalid input offset passed to Encrypt"); Debug.Assert((count >= 0) && (count <= (buffer.Length - offset)), "Invalid input count passed to Encrypt"); Interop.NetSecurityNative.GssBuffer encryptedBuffer = default(Interop.NetSecurityNative.GssBuffer); try { Interop.NetSecurityNative.Status minorStatus; Interop.NetSecurityNative.Status status = Interop.NetSecurityNative.WrapBuffer(out minorStatus, context, encrypt, buffer, offset, count, ref encryptedBuffer); if (status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) { throw new Interop.NetSecurityNative.GssApiException(status, minorStatus); } return(encryptedBuffer.ToByteArray()); } finally { encryptedBuffer.Dispose(); } }
protected override bool ReleaseHandle() { Interop.NetSecurityNative.Status minorStatus; Interop.NetSecurityNative.Status status = Interop.NetSecurityNative.ReleaseName(out minorStatus, ref handle); SetHandle(IntPtr.Zero); return(status == Interop.NetSecurityNative.Status.GSS_S_COMPLETE); }
internal static int Encrypt( SafeDeleteContext securityContext, ReadOnlySpan <byte> buffer, bool isConfidential, bool isNtlm, [NotNull] ref byte[]?output) { SafeGssContextHandle gssContext = ((SafeDeleteNegoContext)securityContext).GssContext !; int resultSize; if (isNtlm && !isConfidential) { Interop.NetSecurityNative.GssBuffer micBuffer = default; try { Interop.NetSecurityNative.Status minorStatus; Interop.NetSecurityNative.Status status = Interop.NetSecurityNative.GetMic( out minorStatus, gssContext, buffer, ref micBuffer); if (status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) { throw new Interop.NetSecurityNative.GssApiException(status, minorStatus); } resultSize = micBuffer.Span.Length + buffer.Length; if (output == null || output.Length < resultSize + 4) { output = new byte[resultSize + 4]; } micBuffer.Span.CopyTo(output.AsSpan(4)); buffer.CopyTo(output.AsSpan(micBuffer.Span.Length + 4)); BinaryPrimitives.WriteInt32LittleEndian(output, resultSize); return(resultSize + 4); } finally { micBuffer.Dispose(); } } byte[] tempOutput = GssWrap(gssContext, ref isConfidential, buffer); // Create space for prefixing with the length const int prefixLength = 4; output = new byte[tempOutput.Length + prefixLength]; Array.Copy(tempOutput, 0, output, prefixLength, tempOutput.Length); resultSize = tempOutput.Length; BinaryPrimitives.WriteInt32LittleEndian(output, resultSize); return(resultSize + 4); }
protected override unsafe bool ReleaseHandle() { Interop.NetSecurityNative.Status minorStatus; fixed(IntPtr *handleRef = &handle) { Interop.NetSecurityNative.Status status = Interop.NetSecurityNative.ReleaseName(&minorStatus, handleRef); SetHandle(IntPtr.Zero); return(status == Interop.NetSecurityNative.Status.GSS_S_COMPLETE); } }
private static string GetGssApiDisplayStatus(Status status, bool isMinor) { GssBuffer displayBuffer = default(GssBuffer); try { Interop.NetSecurityNative.Status minStat; Interop.NetSecurityNative.Status displayCallStatus = isMinor ? DisplayMinorStatus(out minStat, status, ref displayBuffer): DisplayMajorStatus(out minStat, status, ref displayBuffer); return((Status.GSS_S_COMPLETE != displayCallStatus) ? null : Marshal.PtrToStringAnsi(displayBuffer._data)); } finally { displayBuffer.Dispose(); } }
public static SafeGssNameHandle CreateTarget(string name) { Debug.Assert(!string.IsNullOrEmpty(name), "Invalid target name passed to SafeGssNameHandle create"); SafeGssNameHandle retHandle; Interop.NetSecurityNative.Status minorStatus; Interop.NetSecurityNative.Status status = Interop.NetSecurityNative.ImportPrincipalName( out minorStatus, name, Encoding.UTF8.GetByteCount(name), out retHandle); if (status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) { retHandle.Dispose(); throw new Interop.NetSecurityNative.GssApiException(status, minorStatus); } return(retHandle); }
internal static NegotiateAuthenticationStatusCode Unwrap( SafeDeleteContext securityContext, ReadOnlySpan <byte> input, IBufferWriter <byte> outputWriter, out bool isEncrypted) { SafeGssContextHandle gssContext = ((SafeDeleteNegoContext)securityContext).GssContext !; Interop.NetSecurityNative.GssBuffer decryptedBuffer = default(Interop.NetSecurityNative.GssBuffer); try { Interop.NetSecurityNative.Status minorStatus; Interop.NetSecurityNative.Status status = Interop.NetSecurityNative.UnwrapBuffer(out minorStatus, gssContext, out isEncrypted, input, ref decryptedBuffer); if (status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) { return(status switch { Interop.NetSecurityNative.Status.GSS_S_BAD_SIG => NegotiateAuthenticationStatusCode.MessageAltered, _ => NegotiateAuthenticationStatusCode.InvalidToken }); }
private static byte[] GssWrap( SafeGssContextHandle?context, bool encrypt, ReadOnlySpan <byte> buffer) { Interop.NetSecurityNative.GssBuffer encryptedBuffer = default; try { Interop.NetSecurityNative.Status minorStatus; Interop.NetSecurityNative.Status status = Interop.NetSecurityNative.WrapBuffer(out minorStatus, context, encrypt, buffer, ref encryptedBuffer); if (status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) { throw new Interop.NetSecurityNative.GssApiException(status, minorStatus); } return(encryptedBuffer.ToByteArray()); } finally { encryptedBuffer.Dispose(); } }
private static int GssUnwrap( SafeGssContextHandle context, out bool encrypt, Span <byte> buffer) { Interop.NetSecurityNative.GssBuffer decryptedBuffer = default(Interop.NetSecurityNative.GssBuffer); try { Interop.NetSecurityNative.Status minorStatus; Interop.NetSecurityNative.Status status = Interop.NetSecurityNative.UnwrapBuffer(out minorStatus, context, out encrypt, buffer, ref decryptedBuffer); if (status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) { throw new Interop.NetSecurityNative.GssApiException(status, minorStatus); } decryptedBuffer.Span.CopyTo(buffer); return(decryptedBuffer.Span.Length); } finally { decryptedBuffer.Dispose(); } }
internal static int Decrypt( SafeDeleteContext securityContext, Span <byte> buffer, bool isConfidential, bool isNtlm, out int newOffset) { SafeGssContextHandle gssContext = ((SafeDeleteNegoContext)securityContext).GssContext !; if (isNtlm && !isConfidential) { const int NtlmSignatureLength = 16; if (buffer.Length < NtlmSignatureLength) { Debug.Fail("Argument 'count' out of range."); throw new Interop.NetSecurityNative.GssApiException(Interop.NetSecurityNative.Status.GSS_S_DEFECTIVE_TOKEN, 0); } Interop.NetSecurityNative.Status minorStatus; Interop.NetSecurityNative.Status status = Interop.NetSecurityNative.VerifyMic( out minorStatus, gssContext, buffer.Slice(NtlmSignatureLength), buffer.Slice(0, NtlmSignatureLength)); if (status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) { throw new Interop.NetSecurityNative.GssApiException(status, minorStatus); } newOffset = NtlmSignatureLength; return(buffer.Length - NtlmSignatureLength); } newOffset = 0; return(GssUnwrap(gssContext, out _, buffer)); }
private static string GssGetUser( ref SafeGssContextHandle?context) { Interop.NetSecurityNative.GssBuffer token = default(Interop.NetSecurityNative.GssBuffer); try { Interop.NetSecurityNative.Status status = Interop.NetSecurityNative.GetUser(out var minorStatus, context, ref token); if (status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) { throw new Interop.NetSecurityNative.GssApiException(status, minorStatus); } ReadOnlySpan <byte> tokenBytes = token.Span; int length = tokenBytes.Length; if (length > 0 && tokenBytes[length - 1] == '\0') { // Some GSS-API providers (gss-ntlmssp) include the terminating null with strings, so skip that. tokenBytes = tokenBytes.Slice(0, length - 1); } #if NETSTANDARD2_0 return(Encoding.UTF8.GetString(tokenBytes.ToArray(), 0, tokenBytes.Length)); #else return(Encoding.UTF8.GetString(tokenBytes)); #endif } finally { token.Dispose(); } }
private static string GssGetUser( ref SafeGssContextHandle context) { Interop.NetSecurityNative.GssBuffer token = default(Interop.NetSecurityNative.GssBuffer); try { Interop.NetSecurityNative.Status status = Interop.NetSecurityNative.GetUser(out var minorStatus, context, ref token); if (status != Interop.NetSecurityNative.Status.GSS_S_COMPLETE) { throw new Interop.NetSecurityNative.GssApiException(status, minorStatus); } return(Encoding.UTF8.GetString(token.ToByteArray())); } finally { token.Dispose(); } }
protected override unsafe bool ReleaseHandle() { Interop.NetSecurityNative.Status status = Interop.NetSecurityNative.DeleteSecContext(out _, ref handle); SetHandle(IntPtr.Zero); return(status == Interop.NetSecurityNative.Status.GSS_S_COMPLETE); }