Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //<sspi.h>
- //<schannel.h>
- private enum ContextAttribute : uint {
- Sizes = 0x00,
- Names = 0x01,
- Lifespan = 0x02,
- DceInfo = 0x03,
- StreamSizes = 0x04,
- //KeyInfo = 0x05, must not be used, see ConnectionInfo instead
- Authority = 0x06,
- ProtoInfo = 7,
- PasswordExpiry = 8,
- SessionKey = 9,
- PackageInfo = 0x0A,
- UserFlags = 11,
- NegotiationInfo = 0x0C,
- NativeNames = 13,
- Flags = 14,
- UseValidated = 15,
- CredentialName = 16,
- TargetInformation = 17,
- AccessToken = 18,
- Target = 19,
- AuthenticationId = 20,
- UniqueBindings = 0x19,
- EndpointBindings = 0x1A,
- ClientSpecifiedSpn = 0x1B, // SECPKG_ATTR_CLIENT_SPECIFIED_TARGET = 27
- RemoteCertificate = 0x53,
- LocalCertificate = 0x54,
- RootStore = 0x55,
- IssuerListInfoEx = 0x59,
- ConnectionInfo = 0x5A,
- EAPKeyBlock = 0x5b, // returns SecPkgContext_EapKeyBlock
- MappedCredAttr = 0x5c, // returns SecPkgContext_MappedCredAttr
- SessionInfo = 0x5d, // returns SecPkgContext_SessionInfo
- AppData = 0x5e, // sets/returns SecPkgContext_SessionAppData
- RemoteCertificates = 0x5F, // returns SecPkgContext_Certificates
- ClientCertPolicy = 0x60, // sets SecPkgCred_ClientCertCtlPolicy
- CCPolicyResult = 0x61, // returns SecPkgContext_ClientCertPolicyResult
- UseNcrypt = 0x62, // Sets the CRED_FLAG_USE_NCRYPT_PROVIDER FLAG on cred group
- LocalCertInfo = 0x63, // returns SecPkgContext_CertInfo
- CipherInfo = 0x64, // returns new CNG SecPkgContext_CipherInfo
- EAPPrfInfo = 0x65, // sets SecPkgContext_EapPrfInfo
- SupportedSignatures = 0x66, // returns SecPkgContext_SupportedSignatures
- RemoteCertChain = 0x67, // returns PCCERT_CONTEXT
- UiInfo = 0x68, // sets SEcPkgContext_UiInfo
- }
- private enum ALG_ID : uint
- {
- CALG_3DES = 0x00006603, //Triple DES encryption algorithm.
- CALG_3DES_112 = 0x00006609, //Two-key triple DES encryption with effective key length equal to 112 bits.
- CALG_AES = 0x00006611, //Advanced Encryption Standard (AES).
- //This algorithm is supported by the Microsoft AES Cryptographic Provider.
- CALG_AES_128 = 0x0000660e, //128 bit AES. This algorithm is supported by the Microsoft AES Cryptographic
- //Provider.
- CALG_AES_192 = 0x0000660f, //192 bit AES. This algorithm is supported by the Microsoft AES Cryptographic
- //Provider.
- CALG_AES_256 = 0x00006610, //256 bit AES. This algorithm is supported by the Microsoft AES Cryptographic
- //Provider.
- CALG_AGREEDKEY_ANY = 0x0000aa03, //Temporary algorithm identifier for handles of Diffie-Hellman–agreed keys.
- CALG_CYLINK_MEK = 0x0000660c, //An algorithm to create a 40-bit DES key that has parity bits and zeroed
- //key bits to make its key length 64 bits.
- //This algorithm is supported by the Microsoft
- //Base Cryptographic Provider.
- CALG_DES = 0x00006601, //DES encryption algorithm.
- CALG_DESX = 0x00006604, //DESX encryption algorithm.
- CALG_DH_EPHEM = 0x0000aa02, //Diffie-Hellman ephemeral key exchange algorithm.
- CALG_DH_SF = 0x0000aa01, //Diffie-Hellman store and forward key exchange algorithm.
- CALG_DSS_SIGN = 0x00002200, //DSA public key signature algorithm.
- CALG_ECDH = 0x0000aa05, //Elliptic curve Diffie-Hellman key exchange algorithm.
- //Note This algorithm is supported only through Cryptography API:
- //Next Generation. Windows Server 2003
- //and Windows XP: This algorithm is not supported.
- CALG_ECDH_EPHEM = 0x0000ae06, //Ephemeral elliptic curve Diffie-Hellman key exchange algorithm.
- //Note This algorithm is supported only through Cryptography API:
- //Next Generation Windows Server 2003 and Windows XP:
- //This algorithm is not supported.
- CALG_ECDSA = 0x00002203, //Elliptic curve digital signature algorithm. Note This algorithm is
- //supported only through Cryptography API: Next Generation.
- //Windows Server 2003 and Windows XP: This algorithm is not supported.
- CALG_ECMQV = 0x0000a001, //Elliptic curve Menezes, Qu, and Vanstone (MQV) key exchange algorithm.
- //This algorithm is not supported.
- CALG_HASH_REPLACE_OWF = 0x0000800b, //One way function hashing algorithm.
- CALG_HUGHES_MD5 = 0x0000a003, //Hughes MD5 hashing algorithm.
- CALG_HMAC = 0x00008009, //HMAC keyed hash algorithm. This algorithm is supported by the
- //Microsoft Base Cryptographic Provider.
- CALG_KEA_KEYX = 0x0000aa04, //KEA key exchange algorithm (FORTEZZA). This algorithm is not supported.
- CALG_MAC = 0x00008005, //MAC keyed hash algorithm. This algorithm is supported by the
- //Microsoft Base Cryptographic Provider.
- CALG_MD2 = 0x00008001, //MD2 hashing algorithm. This algorithm is supported by the
- //Microsoft Base Cryptographic Provider.
- CALG_MD4 = 0x00008002, //MD4 hashing algorithm.
- CALG_MD5 = 0x00008003, //MD5 hashing algorithm. This algorithm is supported by the
- //Microsoft Base Cryptographic Provider.
- CALG_NO_SIGN = 0x00002000, //No signature algorithm.
- CALG_OID_INFO_CNG_ONLY = 0xffffffff, //The algorithm is only implemented in CNG.
- //The macro, IS_SPECIAL_OID_INFO_ALGID, can be used to determine whether
- //a cryptography algorithm is only supported by using the CNG functions.
- CALG_OID_INFO_PARAMETERS = 0xfffffffe, //The algorithm is defined in the encoded parameters. The algorithm is only
- //supported by using CNG. The macro, IS_SPECIAL_OID_INFO_ALGID, can be used
- //to determine whether a cryptography algorithm is only supported by
- //using the CNG functions.
- CALG_PCT1_MASTER = 0x00004c04, //Used by the Schannel.dll operations system.
- //This ALG_ID should not be used by applications.
- CALG_RC2 = 0x00006602, //RC2 block encryption algorithm. This algorithm is supported by the
- //Microsoft Base Cryptographic Provider.
- CALG_RC4 = 0x00006801, //RC4 stream encryption algorithm.
- //This algorithm is supported by the Microsoft Base Cryptographic Provider.
- CALG_RC5 = 0x0000660d, //RC5 block encryption algorithm.
- CALG_RSA_KEYX = 0x0000a400, //RSA public key exchange algorithm. This algorithm is supported by the
- //Microsoft Base Cryptographic Provider.
- CALG_RSA_SIGN = 0x00002400, //RSA public key signature algorithm. This algorithm is supported by the
- //Microsoft Base Cryptographic Provider.
- CALG_SCHANNEL_ENC_KEY = 0x00004c07, //Used by the Schannel.dll operations system.
- //This ALG_ID should not be used by applications.
- CALG_SCHANNEL_MAC_KEY = 0x00004c03, //Used by the Schannel.dll operations system.
- //This ALG_ID should not be used by applications.
- CALG_SCHANNEL_MASTER_HASH = 0x00004c02, //Used by the Schannel.dll operations system.
- //This ALG_ID should not be used by applications.
- CALG_SEAL = 0x00006802, //SEAL encryption algorithm. This algorithm is not supported.
- CALG_SHA = 0x00008004, //SHA hashing algorithm. This algorithm is supported by the
- //Microsoft Base Cryptographic Provider.
- CALG_SHA1 = 0x00008004, //Same as CALG_SHA. This algorithm is supported by the
- //Microsoft Base Cryptographic Provider.
- CALG_SHA_256 = 0x0000800c, //256 bit SHA hashing algorithm. This algorithm is supported by
- //Microsoft Enhanced RSA and AES Cryptographic Provider.
- //Windows XP with SP3: This algorithm is supported by the Microsoft
- //Enhanced RSA and AES Cryptographic Provider (Prototype).
- //Windows XP with SP2, Windows XP with SP1 and Windows XP:
- // This algorithm is not supported.
- CALG_SHA_384 = 0x0000800d, //384 bit SHA hashing algorithm. This algorithm is supported by
- //Microsoft Enhanced RSA and AES Cryptographic Provider. Windows XP with SP3:
- //This algorithm is supported by the Microsoft Enhanced RSA and AES
- //Cryptographic Provider (Prototype). Windows XP with SP2,
- //Windows XP with SP1 and Windows XP: This algorithm is not supported.
- CALG_SHA_512 = 0x0000800e, //512 bit SHA hashing algorithm. This algorithm is supported by
- //Microsoft Enhanced RSA and AES Cryptographic Provider. Windows XP with SP3:
- //This algorithm is supported by the Microsoft Enhanced RSA and AES
- //Cryptographic Provider (Prototype). Windows XP with SP2,
- //Windows XP with SP1 and Windows XP: This algorithm is not supported.
- CALG_SKIPJACK = 0x0000660a, //Skipjack block encryption algorithm (FORTEZZA).
- //This algorithm is not supported.
- CALG_SSL2_MASTER = 0x00004c05, //Used by the Schannel.dll operations system.
- //This ALG_ID should not be used by applications.
- CALG_SSL3_MASTER = 0x00004c01, //Used by the Schannel.dll operations system.
- //This ALG_ID should not be used by applications.
- CALG_SSL3_SHAMD5 = 0x00008008, //Used by the Schannel.dll operations system.
- //This ALG_ID should not be used by applications.
- CALG_TEK = 0x0000660b, //TEK (FORTEZZA). This algorithm is not supported.
- CALG_TLS1_MASTER = 0x00004c06, //Used by the Schannel.dll operations system.
- //This ALG_ID should not be used by applications.
- CALG_TLS1PRF = 0x0000800a //Used by the Schannel.dll operations system.
- //This ALG_ID should not be used by applications.
- }
- private enum SchProtocols {
- Zero = 0,
- PctClient = 0x00000002,
- PctServer = 0x00000001,
- Pct = (PctClient | PctServer),
- Ssl2Client = 0x00000008,
- Ssl2Server = 0x00000004,
- Ssl2 = (Ssl2Client | Ssl2Server),
- Ssl3Client = 0x00000020,
- Ssl3Server = 0x00000010,
- Ssl3 = (Ssl3Client | Ssl3Server),
- Tls10Client = 0x00000080,
- Tls10Server = 0x00000040,
- Tls10 = (Tls10Client | Tls10Server),
- Tls11Client = 0x00000200,
- Tls11Server = 0x00000100,
- Tls11 = (Tls11Client | Tls11Server),
- Tls12Client = 0x00000800,
- Tls12Server = 0x00000400,
- Tls12 = (Tls12Client | Tls12Server),
- Ssl3Tls = (Ssl3 | Tls10),
- UniClient = unchecked((int)0x80000000),
- UniServer = 0x40000000,
- Unified = (UniClient | UniServer),
- ClientMask = (PctClient | Ssl2Client | Ssl3Client | Tls10Client | Tls11Client | Tls12Client | UniClient),
- ServerMask = (PctServer | Ssl2Server | Ssl3Server | Tls10Server | Tls11Server | Tls12Server | UniServer)
- };
- private enum SchProtocolsSimple : int
- {
- SP_PROT_TLS1_CLIENT = 0x80, //Transport Layer Security 1.0 client-side.
- SP_PROT_TLS1_SERVER = 0x40, //Transport Layer Security 1.0 server-side.
- SP_PROT_SSL3_CLIENT = 0x20, //Secure Sockets Layer 3.0 client-side.
- SP_PROT_SSL3_SERVER = 0x10, //Secure Sockets Layer 3.0 server-side.
- SP_PROT_TLS1_1_CLIENT = 0x200, //Transport Layer Security 1.1 client-side.
- SP_PROT_TLS1_1_SERVER = 0x100, //Transport Layer Security 1.1 server-side.
- SP_PROT_TLS1_2_CLIENT = 0x800, //Transport Layer Security 1.2 client-side.
- SP_PROT_TLS1_2_SERVER = 0x400, //Transport Layer Security 1.2 server-side.
- SP_PROT_PCT1_CLIENT = 0x2, //Private Communications Technology 1.0 client-side. Obsolete.
- SP_PROT_PCT1_SERVER = 0x1, //Private Communications Technology 1.0 server-side. Obsolete.
- SP_PROT_SSL2_CLIENT = 0x8, //Secure Sockets Layer 2.0 client-side. Superseded by SP_PROT_TLS1_CLIENT.
- SP_PROT_SSL2_SERVER = 0x4, //Secure Sockets Layer 2.0 server-side. Superseded by SP_PROT_TLS1_SERVER.
- }
- public const int SEC_E_OK = 0;
- [DllImport("secur32.dll", CharSet = CharSet.Auto, ExactSpelling=true, SetLastError=false)]
- private static extern int QueryContextAttributesW(SSPIHandle contextHandle,
- [In] ContextAttribute attribute,
- [In] [Out] ref SecPkgContext_ConnectionInfo ConnectionInfo);
- [StructLayout(LayoutKind.Sequential, Pack=1)]
- private struct SSPIHandle {
- private IntPtr HandleHi;
- private IntPtr HandleLo;
- public bool IsZero {
- get {return HandleHi == IntPtr.Zero && HandleLo == IntPtr.Zero;}
- }
- internal void SetToInvalid() {
- HandleHi = IntPtr.Zero;
- HandleLo = IntPtr.Zero;
- }
- public override string ToString() {
- { return HandleHi.ToString("x") + ":" + HandleLo.ToString("x");}
- }
- }
- //[SuppressUnmanagedCodeSecurity]
- private struct SecPkgContext_ConnectionInfo
- {
- public SchProtocols dwProtocol;
- public ALG_ID aiCipher;
- public int dwCipherStrength;
- public ALG_ID aiHash;
- public int dwHashStrength;
- public ALG_ID aiExch;
- public int dwExchStrength;
- }
- ====================================================================================
- SSPIHandle ContextHandle = new SSPIHandle();
- ContextHandle = [m_Worker.Context.m_SecurityContext._handle]
- SecPkgContext_ConnectionInfo SecConnectionInfo = new SecPkgContext_ConnectionInfo();
- if (QueryContextAttributesW(ContextHandle, ContextAttribute.ConnectionInfo, ref SecConnectionInfo) == SEC_E_OK)
- {
- SslProtocols SslProtocol = (SslProtocols)SecConnectionInfo.dwProtocol;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement