public void EncryptMessage(byte[] message, out byte[] encryptedBuffer) { encryptedBuffer = null; SECURITY_HANDLE EncryptionContext = _hClientContext; SecPkgContext_Sizes ContextSizes; if (QueryContextAttributes(ref EncryptionContext, SECPKG_ATTR_SIZES, out ContextSizes) != SEC_E_OK) { throw new Exception("QueryContextAttribute() failed!!!"); } MultipleSecBufferHelper[] ThisSecHelper = new MultipleSecBufferHelper[] { new MultipleSecBufferHelper(new byte[ContextSizes.cbSecurityTrailer], SecBufferType.SECBUFFER_TOKEN), new MultipleSecBufferHelper(message, SecBufferType.SECBUFFER_DATA), new MultipleSecBufferHelper(new byte[ContextSizes.cbBlockSize], SecBufferType.SECBUFFER_PADDING) }; SecBufferDesc DescBuffer = new SecBufferDesc(ThisSecHelper); try { if (EncryptMessage(ref EncryptionContext, SECQOP_WRAP_NO_ENCRYPT, ref DescBuffer, 0) != SEC_E_OK) { throw new Exception("EncryptMessage() failed!!!"); } encryptedBuffer = DescBuffer.GetSecBufferByteArray(); } finally { DescBuffer.Dispose(); } }
public void DecryptMessage(int messageLength, byte[] encryptedBuffer, out byte[] decryptedBuffer) { decryptedBuffer = null; SECURITY_HANDLE DecryptionContext = _hClientContext; byte[] EncryptedMessage = new byte[messageLength]; Array.Copy(encryptedBuffer, 0, EncryptedMessage, 0, messageLength); int SecurityTrailerLength = encryptedBuffer.Length - messageLength; byte[] SecurityTrailer = new byte[SecurityTrailerLength]; Array.Copy(encryptedBuffer, messageLength, SecurityTrailer, 0, SecurityTrailerLength); MultipleSecBufferHelper[] ThisSecHelper = new MultipleSecBufferHelper[] { new MultipleSecBufferHelper(EncryptedMessage, SecBufferType.SECBUFFER_DATA), new MultipleSecBufferHelper(SecurityTrailer, SecBufferType.SECBUFFER_STREAM) }; SecBufferDesc DescBuffer = new SecBufferDesc(ThisSecHelper); try { uint EncryptionQuality; if (DecryptMessage(ref DecryptionContext, ref DescBuffer, 0, out EncryptionQuality) != SEC_E_OK) { throw new Exception("DecryptMessage() failed!!!"); } decryptedBuffer = new byte[messageLength]; Array.Copy(DescBuffer.GetSecBufferByteArray(), 0, decryptedBuffer, 0, messageLength); } finally { DescBuffer.Dispose(); } }
private void InitializeClient(byte[] serverToken, out byte[] clientToken) { clientToken = null; SECURITY_INTEGER ClientLifeTime = new SECURITY_INTEGER(0); if (!_bGotClientCredentials) { uint returnValue; if (!UseWindowsCreds) { SEC_WINNT_AUTH_IDENTITY ident = new SEC_WINNT_AUTH_IDENTITY(); ident.User = Username; ident.UserLength = ident.User.Length; ident.Domain = Domain; ident.DomainLength = ident.Domain.Length; ident.Password = Password; ident.PasswordLength = ident.Password.Length; ident.Flags = 0x1; returnValue = AcquireCredentialsHandle(null, "Kerberos", SECPKG_CRED_OUTBOUND, IntPtr.Zero, ref ident, 0, IntPtr.Zero, ref _hOutboundCred, ref ClientLifeTime); } else { returnValue = AcquireCredentialsHandle(null, "Kerberos", SECPKG_CRED_OUTBOUND, HANDLE.Zero, HANDLE.Zero, 0, HANDLE.Zero, ref _hOutboundCred, ref ClientLifeTime); } if (returnValue != SEC_E_OK) { throw new Exception("Couldn't acquire client credentials"); } _bGotClientCredentials = true; } uint ss; SecBufferDesc ClientToken = new SecBufferDesc(MAX_TOKEN_SIZE); try { uint ContextAttributes; if (serverToken == null) { ss = InitializeSecurityContext(ref _hOutboundCred, IntPtr.Zero, _sAccountName, // null string pszTargetName, STANDARD_CONTEXT_ATTRIBUTES, 0, //int Reserved1, SECURITY_NETWORK_DREP, //int TargetDataRep IntPtr.Zero, //Always zero first time around... 0, //int Reserved2, out _hClientContext, //pHandle CtxtHandle = SecHandle out ClientToken, //ref SecBufferDesc pOutput, //PSecBufferDesc out ContextAttributes, //ref int pfContextAttr, out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp } else { SecBufferDesc ServerToken = new SecBufferDesc(serverToken); try { ss = InitializeSecurityContext(ref _hOutboundCred, ref _hClientContext, _sAccountName, // null string pszTargetName, STANDARD_CONTEXT_ATTRIBUTES, 0, //int Reserved1, SECURITY_NETWORK_DREP, //int TargetDataRep ref ServerToken, //Always zero first time around... 0, //int Reserved2, out _hClientContext, //pHandle CtxtHandle = SecHandle out ClientToken, //ref SecBufferDesc pOutput, //PSecBufferDesc out ContextAttributes, //ref int pfContextAttr, out ClientLifeTime); //ref IntPtr ptsExpiry ); //PTimeStamp } finally { ServerToken.Dispose(); } } if (ss == SEC_E_LOGON_DENIED) { throw new Exception("Bad username, password or domain."); } else if (ss != SEC_E_OK && ss != SEC_I_CONTINUE_NEEDED) { throw new Exception("InitializeSecurityContext() failed!!!"); } clientToken = ClientToken.GetSecBufferByteArray(); } finally { ClientToken.Dispose(); } InitializeKerberosStage = ss != SEC_E_OK; }