From 8837f3e95cffe5fb1774321816d6bf1c72a06c0d Mon Sep 17 00:00:00 2001 From: antiduh Date: Tue, 24 Jun 2014 22:51:38 +0000 Subject: [PATCH] Implemented CERs for encryption and decryption. --- Contexts/Context.cs | 83 +++++++++++++++++++++++++------- Contexts/ContextNativeMethods.cs | 4 +- 2 files changed, 69 insertions(+), 18 deletions(-) diff --git a/Contexts/Context.cs b/Contexts/Context.cs index ab74bba..4dbfa1e 100644 --- a/Contexts/Context.cs +++ b/Contexts/Context.cs @@ -5,6 +5,7 @@ using System.Linq; using System.Text; using System.Threading.Tasks; using System.Runtime.InteropServices; +using System.Runtime.CompilerServices; namespace NSspi { @@ -89,7 +90,7 @@ namespace NSspi SecureBuffer paddingBuffer; SecureBufferAdapter adapter; - SecurityStatus status; + SecurityStatus status = SecurityStatus.InvalidHandle; byte[] result; trailerBuffer = new SecureBuffer( new byte[sizes.SecurityTrailer], BufferType.Token ); @@ -100,13 +101,37 @@ namespace NSspi using( adapter = new SecureBufferAdapter( new[] { trailerBuffer, dataBuffer, paddingBuffer } ) ) { - // TODO SAFE_CER - status = ContextNativeMethods.EncryptMessage( - ref this.ContextHandle.rawHandle, - 0, - adapter.Handle, - 0 - ); + bool gotRef = false; + + RuntimeHelpers.PrepareConstrainedRegions(); + try + { + this.ContextHandle.DangerousAddRef( ref gotRef ); + } + catch( Exception ) + { + if( gotRef ) + { + this.ContextHandle.DangerousRelease(); + gotRef = false; + } + + throw; + } + finally + { + if( gotRef ) + { + status = ContextNativeMethods.EncryptMessage( + ref this.ContextHandle.rawHandle, + 0, + adapter.Handle, + 0 + ); + + this.ContextHandle.DangerousRelease(); + } + } } if( status != SecurityStatus.OK ) @@ -152,8 +177,8 @@ namespace NSspi SecureBuffer dataBuffer; SecureBuffer paddingBuffer; SecureBufferAdapter adapter; - - SecurityStatus status; + + SecurityStatus status = SecurityStatus.InvalidHandle; byte[] result = null; int remaining; int position; @@ -217,13 +242,37 @@ namespace NSspi using( adapter = new SecureBufferAdapter( new [] { trailerBuffer, dataBuffer, paddingBuffer } ) ) { - // TODO SAFE_CER - status = ContextNativeMethods.DecryptMessage( - ref this.ContextHandle.rawHandle, - adapter.Handle, - 0, - 0 - ); + bool gotRef = false; + + RuntimeHelpers.PrepareConstrainedRegions(); + try + { + this.ContextHandle.DangerousAddRef( ref gotRef ); + } + catch( Exception ) + { + if( gotRef ) + { + this.ContextHandle.DangerousRelease(); + gotRef = false; + } + + throw; + } + finally + { + if( gotRef ) + { + status = ContextNativeMethods.DecryptMessage( + ref this.ContextHandle.rawHandle, + adapter.Handle, + 0, + 0 + ); + + this.ContextHandle.DangerousRelease(); + } + } } if( status != SecurityStatus.OK ) diff --git a/Contexts/ContextNativeMethods.cs b/Contexts/ContextNativeMethods.cs index ef5bf47..c6375a7 100644 --- a/Contexts/ContextNativeMethods.cs +++ b/Contexts/ContextNativeMethods.cs @@ -1,6 +1,7 @@ using System; using System.Collections.Generic; using System.Linq; +using System.Runtime.ConstrainedExecution; using System.Runtime.InteropServices; using System.Text; using System.Threading.Tasks; @@ -105,6 +106,7 @@ namespace NSspi public static extern SecurityStatus DeleteSecurityContext( ref RawSspiHandle contextHandle ); + [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail )] [DllImport( "Secur32.dll", EntryPoint = "EncryptMessage", CharSet = CharSet.Unicode )] public static extern SecurityStatus EncryptMessage( ref RawSspiHandle contextHandle, @@ -113,7 +115,7 @@ namespace NSspi int sequenceNumber ); - + [ReliabilityContract( Consistency.WillNotCorruptState, Cer.MayFail )] [DllImport( "Secur32.dll", EntryPoint = "DecryptMessage", CharSet = CharSet.Unicode )] public static extern SecurityStatus DecryptMessage( ref RawSspiHandle contextHandle,