/// <summary>
 /// Constructs an instance of the KeyProvider_SspiClient class.
 /// </summary>
 /// <param name="requiredFeatures">SSPI features that will be provided by the security session.</param>
 /// <param name="packageName">The name of the used SSPI package.</param>
 /// <param name="authIdentity">The authentication identity used during authentication.</param>
 /// <param name="targetName">The name of the server which will be the target of the context. See description of the InitializeSecurityContext function in Platform SDK Security.</param>
 /// <param name="delegatedContext">The context being delegated to the destination host.</param>
 public KeyProvider_SspiClient(SspiFeatureFlags requiredFeatures, SupportedSspiPackages packageName, NetworkCredential authIdentity, string targetName, SecuritySession_SspiServer delegatedContext)
 {
     this.RequiredFeatures = requiredFeatures;
     this.PackageName = Enum.Format(typeof(SupportedSspiPackages), packageName, "f");
     this.AuthIdentity = authIdentity;
     this.ServerName = targetName;
     this.DelegatedContext = delegatedContext;
 }
 /// <summary>
 /// Constructs an instance of the KeyProvider_SspiClient class.
 /// </summary>
 /// <param name="requiredFeatures">SSPI features that will be provided by the security session.</param>
 /// <param name="packageName">The name of the used SSPI package.</param>
 /// <param name="authIdentity">The authentication identity used during authentication.</param>
 /// <param name="targetName">The name of the server which will be the target of the context. See description of the InitializeSecurityContext function in Platform SDK Security.</param>
 /// <param name="delegatedContext">The context being delegated to the destination host.</param>
 public KeyProvider_SspiClient(SspiFeatureFlags requiredFeatures, SupportedSspiPackages packageName, NetworkCredential authIdentity, string targetName, SecuritySession_SspiServer delegatedContext)
 {
     this.RequiredFeatures = requiredFeatures;
     this.PackageName      = Enum.Format(typeof(SupportedSspiPackages), packageName, "f");
     this.AuthIdentity     = authIdentity;
     this.ServerName       = targetName;
     this.DelegatedContext = delegatedContext;
 }
示例#3
0
        /// <summary>
        /// Decrypts the data.
        /// </summary>
        /// <param name="sourceStream">Stream containing encrypted data.</param>
        /// <param name="sspiFeatureFlags">Requested SSPI features.</param>
        /// <returns>Stream containing decrypted data.</returns>
        public Stream DecryptMessage(Stream sourceStream, SspiFeatureFlags sspiFeatureFlags)
        {
            // get package sizes
            lock (_secPkgContext_SizesLock)
            {
                if (!_secPkgContext_SizesInitialized)
                {
                    SspiApi.QueryContextSizes(this._phContext, ref this._secPkgContext_Sizes);
                    _secPkgContext_SizesInitialized = true;
                }
            }

            BinaryReader messageReader = new BinaryReader(sourceStream);

            if ((sspiFeatureFlags & SspiFeatureFlags.Encryption) != 0)
            {
                // decrypt it
                return(SspiApi.DecryptMessage(this._phContext, messageReader));
            }
            else if ((sspiFeatureFlags & SspiFeatureFlags.Signing) != 0)
            {
                // read signature
                int    signatureSize = messageReader.ReadInt32();
                byte[] signature     = new byte[signatureSize];
                GenuineUtility.ReadDataFromStream(sourceStream, signature, 0, signatureSize);

                // read content
                int    contentSize = messageReader.ReadInt32();
                byte[] content     = new byte[contentSize];
                GenuineUtility.ReadDataFromStream(sourceStream, content, 0, contentSize);

                // verify signature
                SspiApi.VerifySignature(this._phContext, content, signature);

                // return verified content
                return(new MemoryStream(content, 0, content.Length, false, true));
            }

            return(sourceStream);
        }
示例#4
0
        /// <summary>
        /// Creates a Security Session.
        /// </summary>
        /// <param name="name">Security Session name.</param>
        /// <param name="securitySessionType">Security Session type.</param>
        /// <param name="sspiFeatureFlags">Requested features.</param>
        /// <param name="sspiPackage">SSPI package.</param>
        public void CreateSecuritySession(string name, SecuritySessionType securitySessionType,
                                          SspiFeatureFlags sspiFeatureFlags, SupportedSspiPackages sspiPackage)
        {
            IKeyProvider iKeyProvider = null;

            switch (securitySessionType)
            {
            case SecuritySessionType.Basic:
                iKeyProvider = new KeyProvider_Basic();
                break;

            case SecuritySessionType.KnownSymmetric:
                SymmetricAlgorithm symmetricAlgorithm = SymmetricAlgorithm.Create();

                // read the key
                Stream stream = typeof(IEstablishSecuritySession).Assembly.GetManifestResourceStream("Known.written_key");
                byte[] key    = new byte[32];
                stream.Read(key, 0, key.Length);
                stream.Close();

                // initialize the key
                symmetricAlgorithm.Key  = key;
                symmetricAlgorithm.Mode = CipherMode.ECB;

                iKeyProvider = new KeyProvider_KnownSymmetric(symmetricAlgorithm);
                break;

            case SecuritySessionType.SelfEstablishingSymmetric:
                iKeyProvider = new KeyProvider_SelfEstablishingSymmetric();
                break;

            case SecuritySessionType.Sspi:
                iKeyProvider = new KeyProvider_SspiServer(sspiFeatureFlags, sspiPackage);
                break;
            }

            // register the Security Session in the current Transport Context
            GenuineUtility.CurrentMessage.ITransportContext.IKeyStore.SetKey(name, iKeyProvider);
            this._currentSecuritySessionName = name;
        }
        /// <summary>
        /// Decrypts the data.
        /// </summary>
        /// <param name="sourceStream">Stream containing encrypted data.</param>
        /// <param name="sspiFeatureFlags">Requested SSPI features.</param>
        /// <returns>Stream containing decrypted data.</returns>
        public Stream DecryptMessage(Stream sourceStream, SspiFeatureFlags sspiFeatureFlags)
        {
            // get package sizes
            lock(_secPkgContext_SizesLock)
            {
                if (! _secPkgContext_SizesInitialized)
                {
                    SspiApi.QueryContextSizes(this._phContext, ref this._secPkgContext_Sizes);
                    _secPkgContext_SizesInitialized = true;
                }
            }

            BinaryReader messageReader = new BinaryReader(sourceStream);

            if ( (sspiFeatureFlags & SspiFeatureFlags.Encryption) != 0)
                // decrypt it
                return SspiApi.DecryptMessage(this._phContext, messageReader);
            else if ( (sspiFeatureFlags & SspiFeatureFlags.Signing) != 0)
            {
                // read signature
                int signatureSize = messageReader.ReadInt32();
                byte[] signature = new byte[signatureSize];
                GenuineUtility.ReadDataFromStream(sourceStream, signature, 0, signatureSize);

                // read content
                int contentSize = messageReader.ReadInt32();
                byte[] content = new byte[contentSize];
                GenuineUtility.ReadDataFromStream(sourceStream, content, 0, contentSize);

                // verify signature
                SspiApi.VerifySignature(this._phContext, content, signature);

                // return verified content
                return new MemoryStream(content, 0, content.Length, false, true);
            }

            return sourceStream;
        }
示例#6
0
        /// <summary>
        /// Encrypts the stream under current security conditions.
        /// </summary>
        /// <param name="messageStream">Data to be encrypted.</param>
        /// <param name="outputStream">Stream to write encrypted content to.</param>
        /// <param name="sspiFeatureFlags">Requested features.</param>
        public void EncryptMessage(Stream messageStream, GenuineChunkedStream outputStream, SspiFeatureFlags sspiFeatureFlags)
        {
            // get package sizes
            lock (_secPkgContext_SizesLock)
            {
                if (!_secPkgContext_SizesInitialized)
                {
                    SspiApi.QueryContextSizes(this._phContext, ref this._secPkgContext_Sizes);
                    _secPkgContext_SizesInitialized = true;
                }
            }

            byte[]       chunk        = null;
            int          position     = 0;
            BinaryWriter outputWriter = new BinaryWriter(outputStream);

            if ((sspiFeatureFlags & SspiFeatureFlags.Encryption) != 0)
            {
                // it'll write signature automatically as well as encrypt content
                SspiApi.EncryptMessage(this._phContext, messageStream, outputWriter, ref this._secPkgContext_Sizes);
            }
            else if ((sspiFeatureFlags & SspiFeatureFlags.Signing) != 0)
            {
                // remember position to write signature size later
                outputStream.WriteInt32AndRememberItsLocation(0, out chunk, out position);
                long currentLength = outputStream.Length;

                // anyway will have to read this into buffer
                byte[] contentBuffer = new byte[(int)messageStream.Length];
                GenuineUtility.ReadDataFromStream(messageStream, contentBuffer, 0, contentBuffer.Length);

                // write signature
                SspiApi.MakeSignature(this._phContext, contentBuffer, outputWriter, ref this._secPkgContext_Sizes);

                // update signature size
                MessageCoder.WriteInt32(chunk, position, (int)(outputStream.Length - currentLength));

                // write the content
                outputWriter.Write((int)contentBuffer.Length);
                outputWriter.Write(contentBuffer, 0, contentBuffer.Length);
            }
            else
            {
                // just copy the source content
                //outputWriter.Write( (int) messageStream.Length );
                GenuineUtility.CopyStreamToStream(messageStream, outputStream);
            }
        }
        /// <summary>
        /// Encrypts the stream under current security conditions.
        /// </summary>
        /// <param name="messageStream">Data to be encrypted.</param>
        /// <param name="outputStream">Stream to write encrypted content to.</param>
        /// <param name="sspiFeatureFlags">Requested features.</param>
        public void EncryptMessage(Stream messageStream, GenuineChunkedStream outputStream, SspiFeatureFlags sspiFeatureFlags)
        {
            // get package sizes
            lock(_secPkgContext_SizesLock)
            {
                if (! _secPkgContext_SizesInitialized)
                {
                    SspiApi.QueryContextSizes(this._phContext, ref this._secPkgContext_Sizes);
                    _secPkgContext_SizesInitialized = true;
                }
            }

            byte[] chunk = null;
            int position = 0;
            BinaryWriter outputWriter = new BinaryWriter(outputStream);

            if ( (sspiFeatureFlags & SspiFeatureFlags.Encryption) != 0)
                // it'll write signature automatically as well as encrypt content
                SspiApi.EncryptMessage(this._phContext, messageStream, outputWriter, ref this._secPkgContext_Sizes);
            else if ( (sspiFeatureFlags & SspiFeatureFlags.Signing) != 0)
            {
                // remember position to write signature size later
                outputStream.WriteInt32AndRememberItsLocation(0, out chunk, out position);
                long currentLength = outputStream.Length;

                // anyway will have to read this into buffer
                byte[] contentBuffer = new byte[(int) messageStream.Length];
                GenuineUtility.ReadDataFromStream(messageStream, contentBuffer, 0, contentBuffer.Length);

                // write signature
                SspiApi.MakeSignature(this._phContext, contentBuffer, outputWriter, ref this._secPkgContext_Sizes);

                // update signature size
                MessageCoder.WriteInt32(chunk, position, (int) (outputStream.Length - currentLength) );

                // write the content
                outputWriter.Write( (int) contentBuffer.Length );
                outputWriter.Write( contentBuffer, 0, contentBuffer.Length);
            }
            else
            {
                // just copy the source content
                //outputWriter.Write( (int) messageStream.Length );
                GenuineUtility.CopyStreamToStream(messageStream, outputStream);
            }
        }
 /// <summary>
 /// Constructs an instance of the KeyProvider_SspiServer class.
 /// </summary>
 /// <param name="requiredFeatures">SSPI features that will be provided by Security Sessions.</param>
 /// <param name="packageName">The name of the used SSPI package.</param>
 public KeyProvider_SspiServer(SspiFeatureFlags requiredFeatures, SupportedSspiPackages packageName)
 {
     this.RequiredFeatures = requiredFeatures;
     this.PackageName = Enum.Format(typeof(SupportedSspiPackages), packageName, "f");
 }
 /// <summary>
 /// Constructs an instance of the KeyProvider_SspiClient class.
 /// </summary>
 /// <param name="requiredFeatures">SSPI features that will be provided by the security session.</param>
 /// <param name="packageName">The name of the used SSPI package.</param>
 /// <param name="authIdentity">The authentication identity used during authentication.</param>
 /// <param name="targetName">The name of the server which will be the target of the context. See description of the InitializeSecurityContext function in Platform SDK Security.</param>
 public KeyProvider_SspiClient(SspiFeatureFlags requiredFeatures, SupportedSspiPackages packageName, NetworkCredential authIdentity, string targetName) : this(requiredFeatures, packageName, authIdentity, targetName, null)
 {
 }
示例#10
0
        /// <summary>
        /// Calls InitializeSecurityContext SSPI API function.
        /// Throws an exception if the call fails.
        /// receivedData parameter must be null for the first call.
        /// </summary>
        /// <param name="credHandle">Credential handle.</param>
        /// <param name="inputPhContext">Source security context.</param>
        /// <param name="outputPhContext">Created security context.</param>
        /// <param name="targetName">Target name.</param>
        /// <param name="requiredFeatures">Requested features.</param>
        /// <param name="ptsExpiry">Expiry.</param>
        /// <param name="receivedData">Input data.</param>
        /// <param name="outputStream">Output data.</param>
        /// <returns>True if security context has been succesfully built up.</returns>
        public static bool InitializeSecurityContext(SspiApi.SecHandle credHandle, 
            SspiApi.SecHandle inputPhContext, SspiApi.SecHandle outputPhContext, string targetName,
            SspiFeatureFlags requiredFeatures, ref Int64 ptsExpiry,
            Stream receivedData, Stream outputStream)
        {
            bool finalResult = false;

            // get the size of the received chunk
            int inputContentSize = 0;
            if (receivedData != null)
            {
                BinaryReader binaryReader = new BinaryReader(receivedData);
                inputContentSize = binaryReader.ReadInt32();
            }

            SspiApi.SecBufferDescNative secInputDesc = new SspiApi.SecBufferDescNative();
            SspiApi.SecBuffer secInputBuf = new SspiApi.SecBuffer();
            SspiApi.SecBufferDescNative secOutputDesc = new SspiApi.SecBufferDescNative();
            SspiApi.SecBuffer secOutputBuf = new SspiApi.SecBuffer();
            IntPtr inputDescBuffer = IntPtr.Zero;
            IntPtr outputDescBuffer = IntPtr.Zero;

            #if TRIAL
            #else
            try
            {
            #endif
                inputDescBuffer = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(SspiApi.SecBufferDescNative)));
                outputDescBuffer = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(SspiApi.SecBufferDescNative)));

                // setup input buffer
                secInputDesc.ulVersion = SspiApi.SECBUFFER_VERSION;
                secInputDesc.cBuffers = 1;
                secInputDesc.pBuffers = inputDescBuffer;

                secInputBuf.BufferType = SspiApi.SECBUFFER_TOKEN;
                secInputBuf.cbBuffer = inputContentSize;
                if (inputContentSize > 0)
                {
                    secInputBuf.pvBuffer = Marshal.AllocHGlobal(inputContentSize);

                    // read from the stream
                    byte[] content = new byte[inputContentSize];
                    GenuineUtility.ReadDataFromStream(receivedData, content, 0, inputContentSize);
                    Marshal.Copy(content, 0, secInputBuf.pvBuffer, inputContentSize);
                }
                else
                    secInputBuf.pvBuffer = IntPtr.Zero;

                Marshal.StructureToPtr(secInputBuf, inputDescBuffer, false);

                // setup output buffer
                secOutputDesc.ulVersion = SspiApi.SECBUFFER_VERSION;
                secOutputDesc.cBuffers = 1;
                secOutputDesc.pBuffers = outputDescBuffer;

                secOutputBuf.BufferType = SspiApi.SECBUFFER_TOKEN;
                secOutputBuf.cbBuffer = 0;
                secOutputBuf.pvBuffer = IntPtr.Zero;
                Marshal.StructureToPtr(secOutputBuf, outputDescBuffer, false);

                int fContextReq = SspiApi.ISC_REQ_REPLAY_DETECT | SspiApi.ISC_REQ_CONNECTION | SspiApi.ISC_REQ_ALLOCATE_MEMORY;
                if ((requiredFeatures & SspiFeatureFlags.Encryption) != 0)
                    fContextReq |= SspiApi.ISC_REQ_CONFIDENTIALITY;
                if ((requiredFeatures & SspiFeatureFlags.Signing) != 0)
                    fContextReq |= SspiApi.ISC_REQ_INTEGRITY;
                if ((requiredFeatures & SspiFeatureFlags.Delegation) != 0)
                    fContextReq |= SspiApi.ISC_REQ_MUTUAL_AUTH | SspiApi.ISC_REQ_DELEGATE;

                int fContextAttr = 0;

                // initialize context
                int result = 0;

                if (_isNT)
                    result = SspiApi.InitializeSecurityContext_NT(credHandle,
                        inputPhContext, targetName, fContextReq, 0,
                        SspiApi.SECURITY_NATIVE_DREP, ref secInputDesc, 0, outputPhContext,
                        ref secOutputDesc, ref fContextAttr, ref ptsExpiry);
                else
                    result = SspiApi.InitializeSecurityContext__(credHandle,
                        inputPhContext, targetName, fContextReq, 0,
                        SspiApi.SECURITY_NATIVE_DREP, ref secInputDesc, 0, outputPhContext,
                        ref secOutputDesc, ref fContextAttr, ref ptsExpiry);

            #if DEBUG
            //				GenuineLoggingServices.BinaryLogWriter.Log(LogMessageCategory.Notification, null, "SspiApi.InitializeSecurityContext",
            //					null, "SSPI InitializeSecurityContext function returned {0:X}.", result);
            #endif

                // analyze the result
                if (result == SspiApi.SEC_E_OK)
                    finalResult = true;
                else if (result == SspiApi.SEC_I_CONTINUE_NEEDED)
                    finalResult = false;
                else
                    throw GenuineExceptions.Get_Windows_SspiError(result);

                // bring out feature checking into security session built event
                if (finalResult)
                {
                    // check whether all the requested features will be available
                    if ((requiredFeatures & SspiFeatureFlags.Encryption) != 0 &&
                        (fContextAttr & SspiApi.ISC_REQ_CONFIDENTIALITY) == 0)
                        throw GenuineExceptions.Get_Windows_SspiDidNotProvideRequestedFeature("SspiFeatureFlags.Encryption");

                    if ((requiredFeatures & SspiFeatureFlags.Signing) != 0 &&
                        (fContextAttr & SspiApi.ISC_REQ_INTEGRITY) == 0)
                        throw GenuineExceptions.Get_Windows_SspiDidNotProvideRequestedFeature("SspiFeatureFlags.Signing");

                    if ((requiredFeatures & SspiFeatureFlags.Delegation) != 0 &&
                        (fContextAttr & SspiApi.ISC_REQ_DELEGATE) == 0)
                        throw GenuineExceptions.Get_Windows_SspiDidNotProvideRequestedFeature("SspiFeatureFlags.Delegation");
                }

                // copy received data from the buffer
                Marshal.PtrToStructure(outputDescBuffer, secOutputBuf);
                if (secOutputBuf.cbBuffer > 0)
                {
                    // allocate memory chunk and write content
                    byte[] content = new byte[secOutputBuf.cbBuffer];
                    Marshal.Copy(secOutputBuf.pvBuffer, content, 0, secOutputBuf.cbBuffer);

                    // write it to the stream
                    BinaryWriter binaryWriter = new BinaryWriter(outputStream);
                    binaryWriter.Write((int) secOutputBuf.cbBuffer);
                    binaryWriter.Write(content);
                }
            #if TRIAL
            #else
            }
            finally
            {
                // release allocated resources
                if (secInputBuf.pvBuffer != IntPtr.Zero)
                    Marshal.FreeHGlobal(secInputBuf.pvBuffer);
                if (secOutputBuf.pvBuffer != IntPtr.Zero)
                    SspiApi.FreeContextBuffer(secOutputBuf.pvBuffer);

                if (inputDescBuffer != IntPtr.Zero)
                    Marshal.FreeHGlobal(inputDescBuffer);

                if (outputDescBuffer != IntPtr.Zero)
                    Marshal.FreeHGlobal(outputDescBuffer);
            }
            #endif
            return finalResult;
        }
示例#11
0
 /// <summary>
 /// Constructs an instance of the KeyProvider_SspiServer class.
 /// </summary>
 /// <param name="requiredFeatures">SSPI features that will be provided by Security Sessions.</param>
 /// <param name="packageName">The name of the used SSPI package.</param>
 public KeyProvider_SspiServer(SspiFeatureFlags requiredFeatures, SupportedSspiPackages packageName)
 {
     this.RequiredFeatures = requiredFeatures;
     this.PackageName      = Enum.Format(typeof(SupportedSspiPackages), packageName, "f");
 }
 /// <summary>
 /// Constructs an instance of the KeyProvider_SspiClient class.
 /// </summary>
 /// <param name="requiredFeatures">SSPI features that will be provided by the security session.</param>
 /// <param name="packageName">The name of the used SSPI package.</param>
 /// <param name="authIdentity">The authentication identity used during authentication.</param>
 /// <param name="targetName">The name of the server which will be the target of the context. See description of the InitializeSecurityContext function in Platform SDK Security.</param>
 public KeyProvider_SspiClient(SspiFeatureFlags requiredFeatures, SupportedSspiPackages packageName, NetworkCredential authIdentity, string targetName)
     : this(requiredFeatures, packageName, authIdentity, targetName, null)
 {
 }