Spanify input of GetOutgoingBlob

dotnet · wfurt · Jun 21, 2022 · Jun 3, 2022 · Jun 4, 2022 · Jun 4, 2022
commit 5d5c61f10c8e651d0bf9019d3f6149f75f1794a9
diff --git a/...libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.cs b/...libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.cs
@@ -73,21 +73,21 @@ internal static partial Status ReleaseCred(
             ref IntPtr credHandle);
 
         [LibraryImport(Interop.Libraries.NetSecurityNative, EntryPoint="NetSecurityNative_InitSecContext")]
-        internal static partial Status InitSecContext(
+        private static partial Status InitSecContext(
             out Status minorStatus,
             SafeGssCredHandle initiatorCredHandle,
             ref SafeGssContextHandle contextHandle,
             [MarshalAs(UnmanagedType.Bool)] bool isNtlmOnly,
             SafeGssNameHandle? targetName,
             uint reqFlags,
-            byte[]? inputBytes,
+            ref byte inputBytes,
             int inputLength,
             ref GssBuffer token,
             out uint retFlags,
             [MarshalAs(UnmanagedType.Bool)] out bool isNtlmUsed);
 
         [LibraryImport(Interop.Libraries.NetSecurityNative, EntryPoint="NetSecurityNative_InitSecContextEx")]
-        internal static partial Status InitSecContext(
+        private static partial Status InitSecContext(
             out Status minorStatus,
             SafeGssCredHandle initiatorCredHandle,
             ref SafeGssContextHandle contextHandle,
@@ -96,23 +96,99 @@ internal static partial Status InitSecContext(
             int cbtSize,
             SafeGssNameHandle? targetName,
             uint reqFlags,
-            byte[]? inputBytes,
+            ref byte inputBytes,
             int inputLength,
             ref GssBuffer token,
             out uint retFlags,
             [MarshalAs(UnmanagedType.Bool)] out bool isNtlmUsed);
 
+        internal static Status InitSecContext(
+            out Status minorStatus,
+            SafeGssCredHandle initiatorCredHandle,
+            ref SafeGssContextHandle contextHandle,
+            bool isNtlmOnly,
+            SafeGssNameHandle? targetName,
+            uint reqFlags,
+            ReadOnlySpan<byte> inputBytes,
+            ref GssBuffer token,
+            out uint retFlags,
+            out bool isNtlmUsed)
+        {
+            return InitSecContext(
+                out minorStatus,
+                initiatorCredHandle,
+                ref contextHandle,
+                isNtlmOnly,
+                targetName,
+                reqFlags,
+                ref MemoryMarshal.GetReference(inputBytes),
+                inputBytes.Length,
+                ref token,
+                out retFlags,
+                out isNtlmUsed);
+        }
+
+        internal static Status InitSecContext(
+            out Status minorStatus,
+            SafeGssCredHandle initiatorCredHandle,
+            ref SafeGssContextHandle contextHandle,
+            bool isNtlmOnly,
+            IntPtr cbt,
+            int cbtSize,
+            SafeGssNameHandle? targetName,
+            uint reqFlags,
+            ReadOnlySpan<byte> inputBytes,
+            ref GssBuffer token,
+            out uint retFlags,
+            out bool isNtlmUsed)
+        {
+            return InitSecContext(
+                out minorStatus,
+                initiatorCredHandle,
+                ref contextHandle,
+                isNtlmOnly,
+                cbt,
+                cbtSize,
+                targetName,
+                reqFlags,
+                ref MemoryMarshal.GetReference(inputBytes),
+                inputBytes.Length,
+                ref token,
+                out retFlags,
+                out isNtlmUsed);
+        }
+
         [LibraryImport(Interop.Libraries.NetSecurityNative, EntryPoint="NetSecurityNative_AcceptSecContext")]
-        internal static partial Status AcceptSecContext(
+        private static partial Status AcceptSecContext(
             out Status minorStatus,
             SafeGssCredHandle acceptorCredHandle,
             ref SafeGssContextHandle acceptContextHandle,
-            byte[]? inputBytes,
+            ref byte inputBytes,
             int inputLength,
             ref GssBuffer token,
             out uint retFlags,
             [MarshalAs(UnmanagedType.Bool)] out bool isNtlmUsed);
 
+        internal static Status AcceptSecContext(
+            out Status minorStatus,
+            SafeGssCredHandle acceptorCredHandle,
+            ref SafeGssContextHandle acceptContextHandle,
+            ReadOnlySpan<byte> inputBytes,
+            ref GssBuffer token,
+            out uint retFlags,
+            out bool isNtlmUsed)
+        {
+            return AcceptSecContext(
+                out minorStatus,
+                acceptorCredHandle,
+                ref acceptContextHandle,
+                ref MemoryMarshal.GetReference(inputBytes),
+                inputBytes.Length,
+                ref token,
+                out retFlags,
+                out isNtlmUsed);
+        }
+
         [LibraryImport(Interop.Libraries.NetSecurityNative, EntryPoint="NetSecurityNative_DeleteSecContext")]
         internal static partial Status DeleteSecContext(
             out Status minorStatus,

diff --git a/src/libraries/Common/src/System/Net/NTAuthentication.Common.cs b/src/libraries/Common/src/System/Net/NTAuthentication.Common.cs
@@ -233,11 +233,16 @@ internal int MakeSignature(byte[] buffer, int offset, int count, [AllowNull] ref
 
         internal byte[]? GetOutgoingBlob(byte[]? incomingBlob, bool throwOnError)
         {
-            return GetOutgoingBlob(incomingBlob, throwOnError, out _);
+            return GetOutgoingBlob(incomingBlob != null ? incomingBlob.AsSpan() : default, throwOnError, out _);
         }
 
         // Accepts an incoming binary security blob and returns an outgoing binary security blob.
         internal byte[]? GetOutgoingBlob(byte[]? incomingBlob, bool throwOnError, out SecurityStatusPal statusCode)
+        {
+            return GetOutgoingBlob(incomingBlob != null ? incomingBlob.AsSpan() : default, throwOnError, out statusCode);
+        }
+
+        internal byte[]? GetOutgoingBlob(ReadOnlySpan<byte> incomingBlob, bool throwOnError, out SecurityStatusPal statusCode)
         {
             byte[]? result = new byte[_tokenSize];
 

diff --git a/src/libraries/Common/src/System/Net/NTAuthentication.Managed.cs b/src/libraries/Common/src/System/Net/NTAuthentication.Managed.cs
@@ -330,18 +330,23 @@ internal void CloseContext()
 
         internal byte[]? GetOutgoingBlob(byte[]? incomingBlob, bool throwOnError)
         {
-            return GetOutgoingBlob(incomingBlob, throwOnError, out _);
+            return GetOutgoingBlob(incomingBlob != null ? incomingBlob.AsSpan() : default, throwOnError, out _);
         }
 
         // Accepts an incoming binary security blob and returns an outgoing binary security blob.
-        internal unsafe byte[]? GetOutgoingBlob(byte[]? incomingBlob, bool throwOnError, out SecurityStatusPal statusCode)
+        internal byte[]? GetOutgoingBlob(byte[]? incomingBlob, bool throwOnError, out SecurityStatusPal statusCode)
+        {
+            return GetOutgoingBlob(incomingBlob != null ? incomingBlob.AsSpan() : default, throwOnError, out statusCode);
+        }
+
+        internal unsafe byte[]? GetOutgoingBlob(ReadOnlySpan<byte> incomingBlob, bool throwOnError, out SecurityStatusPal statusCode)
         {
             byte[]? outgoingBlob;
 
             // TODO: Logging, validation
             if (_negotiateMessage == null)
             {
-                Debug.Assert(incomingBlob == null);
+                Debug.Assert(incomingBlob.IsEmpty);
 
                 _negotiateMessage = new byte[sizeof(NegotiateMessage)];
                 CreateNtlmNegotiateMessage(_negotiateMessage);
@@ -351,7 +356,7 @@ internal void CloseContext()
             }
             else
             {
-                Debug.Assert(incomingBlob != null);
+                Debug.Assert(!incomingBlob.IsEmpty);
 
                 if (!_isSpNego)
                 {
@@ -638,23 +643,22 @@ private static byte[] DeriveKey(ReadOnlySpan<byte> exportedSessionKey, ReadOnlyS
         }
 
         // This gets decoded byte blob and returns response in binary form.
-        private unsafe byte[]? ProcessChallenge(byte[] blob, out SecurityStatusPal statusCode)
+        private unsafe byte[]? ProcessChallenge(ReadOnlySpan<byte> blob, out SecurityStatusPal statusCode)
         {
             // TODO: Validate size and offsets
 
-            ReadOnlySpan<byte> asBytes = new ReadOnlySpan<byte>(blob);
-            ref readonly ChallengeMessage challengeMessage = ref MemoryMarshal.AsRef<ChallengeMessage>(asBytes.Slice(0, sizeof(ChallengeMessage)));
+            ref readonly ChallengeMessage challengeMessage = ref MemoryMarshal.AsRef<ChallengeMessage>(blob.Slice(0, sizeof(ChallengeMessage)));
 
             // Verify message type and signature
             if (challengeMessage.Header.MessageType != MessageType.Challenge ||
-                !NtlmHeader.SequenceEqual(asBytes.Slice(0, NtlmHeader.Length)))
+                !NtlmHeader.SequenceEqual(blob.Slice(0, NtlmHeader.Length)))
             {
                 statusCode = SecurityStatusPalInvalidToken;
                 return null;
             }
 
             Flags flags = BitConverter.IsLittleEndian ? challengeMessage.Flags : (Flags)BinaryPrimitives.ReverseEndianness((uint)challengeMessage.Flags);
-            ReadOnlySpan<byte> targetName = GetField(challengeMessage.TargetName, asBytes);
+            ReadOnlySpan<byte> targetName = GetField(challengeMessage.TargetName, blob);
 
             // Only NTLMv2 with MIC is supported
             //
@@ -666,7 +670,7 @@ private static byte[] DeriveKey(ReadOnlySpan<byte> exportedSessionKey, ReadOnlyS
                 return null;
             }
 
-            ReadOnlySpan<byte> targetInfo = GetField(challengeMessage.TargetInfo, asBytes);
+            ReadOnlySpan<byte> targetInfo = GetField(challengeMessage.TargetInfo, blob);
             byte[] targetInfoBuffer = ProcessTargetInfo(targetInfo, out DateTime time, out bool hasNbNames);
 
             // If NTLM v2 authentication is used and the CHALLENGE_MESSAGE does not contain both
@@ -717,7 +721,7 @@ private static byte[] DeriveKey(ReadOnlySpan<byte> exportedSessionKey, ReadOnlyS
             payloadOffset += ChallengeResponseLength;
 
             // Create NTLM2 response
-            ReadOnlySpan<byte> serverChallenge = asBytes.Slice(24, 8);
+            ReadOnlySpan<byte> serverChallenge = blob.Slice(24, 8);
             makeNtlm2ChallengeResponse(time, ntlm2hash, serverChallenge, clientChallenge, targetInfoBuffer, ref response.NtChallengeResponse, payload, ref payloadOffset);
             Debug.Assert(payloadOffset == sizeof(AuthenticateMessage) + ChallengeResponseLength + sizeof(NtChallengeResponse) + targetInfoBuffer.Length);
 
@@ -872,7 +876,7 @@ private unsafe byte[] CreateSpNegoNegotiateMessage(ReadOnlySpan<byte> ntlmNegoti
             return writer.Encode();
         }
 
-        private unsafe byte[]? ProcessSpNegoChallenge(byte[] challenge, out SecurityStatusPal statusCode)
+        private unsafe byte[]? ProcessSpNegoChallenge(ReadOnlySpan<byte> challenge, out SecurityStatusPal statusCode)
         {
             NegState state = NegState.Unknown;
             string? mech = null;
@@ -881,8 +885,8 @@ private unsafe byte[] CreateSpNegoNegotiateMessage(ReadOnlySpan<byte> ntlmNegoti
 
             try
             {
-                AsnReader reader = new AsnReader(challenge, AsnEncodingRules.DER);
-                AsnReader challengeReader = reader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegotiationToken.NegTokenResp));
+                AsnValueReader reader = new AsnValueReader(challenge, AsnEncodingRules.DER);
+                AsnValueReader challengeReader = reader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegotiationToken.NegTokenResp));
                 reader.ThrowIfNotEmpty();
 
                 // NegTokenResp ::= SEQUENCE {
@@ -904,28 +908,28 @@ private unsafe byte[] CreateSpNegoNegotiateMessage(ReadOnlySpan<byte> ntlmNegoti
 
                 if (challengeReader.HasData && challengeReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.NegState)))
                 {
-                    AsnReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.NegState));
+                    AsnValueReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.NegState));
                     state = valueReader.ReadEnumeratedValue<NegState>();
                     valueReader.ThrowIfNotEmpty();
                 }
 
                 if (challengeReader.HasData && challengeReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.SupportedMech)))
                 {
-                    AsnReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.SupportedMech));
+                    AsnValueReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.SupportedMech));
                     mech = valueReader.ReadObjectIdentifier();
                     valueReader.ThrowIfNotEmpty();
                 }
 
                 if (challengeReader.HasData && challengeReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.ResponseToken)))
                 {
-                    AsnReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.ResponseToken));
+                    AsnValueReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.ResponseToken));
                     blob = valueReader.ReadOctetString();
                     valueReader.ThrowIfNotEmpty();
                 }
 
                 if (challengeReader.HasData && challengeReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.MechListMIC)))
                 {
-                    AsnReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.MechListMIC));
+                    AsnValueReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.MechListMIC));
                     mechListMIC = valueReader.ReadOctetString();
                     valueReader.ThrowIfNotEmpty();
                 }
@@ -934,13 +938,8 @@ private unsafe byte[] CreateSpNegoNegotiateMessage(ReadOnlySpan<byte> ntlmNegoti
             }
             catch (AsnContentException)
             {
-<<<<<<< HEAD
                 statusCode = SecurityStatusPalInvalidToken;
                 return null;
-=======
-                statusCode = new SecurityStatusPal(SecurityStatusPalErrorCode.IllegalMessage, e);
-                return Array.Empty<byte>();
->>>>>>> WIP: Add implementation of NegotiateAuthentication
             }
 
             if (blob?.Length > 0)
@@ -949,14 +948,9 @@ private unsafe byte[] CreateSpNegoNegotiateMessage(ReadOnlySpan<byte> ntlmNegoti
                 // message with the challenge blob.
                 if (!NtlmOid.Equals(mech))
                 {
-<<<<<<< HEAD
                     if (NetEventSource.Log.IsEnabled()) NetEventSource.Info(this, $"Server requested unknown mechanism {mech}");
                     statusCode = SecurityStatusPalPackageNotFound;
                     return null;
-=======
-                    statusCode = new SecurityStatusPal(SecurityStatusPalErrorCode.PackageNotFound);
-                    return Array.Empty<byte>();
->>>>>>> WIP: Add implementation of NegotiateAuthentication
                 }
 
                 // Process decoded NTLM blob.
@@ -987,11 +981,7 @@ private unsafe byte[] CreateSpNegoNegotiateMessage(ReadOnlySpan<byte> ntlmNegoti
                         }
                     }
 
-<<<<<<< HEAD
                     statusCode = state == NegState.RequestMic ? SecurityStatusPalContinueNeeded : SecurityStatusPalOk;
-=======
-                    statusCode = SecurityStatusPalContinueNeeded;
->>>>>>> WIP: Add implementation of NegotiateAuthentication
                     return writer.Encode();
                 }
             }
@@ -1000,7 +990,6 @@ private unsafe byte[] CreateSpNegoNegotiateMessage(ReadOnlySpan<byte> ntlmNegoti
             {
                 if (_spnegoMechList == null || state != NegState.AcceptCompleted)
                 {
-<<<<<<< HEAD
                     statusCode = SecurityStatusPalInternalError;
                     return null;
                 }
@@ -1009,15 +998,10 @@ private unsafe byte[] CreateSpNegoNegotiateMessage(ReadOnlySpan<byte> ntlmNegoti
                 {
                     statusCode = SecurityStatusPalMessageAltered;
                     return null;
-=======
-                    statusCode = new SecurityStatusPal(SecurityStatusPalErrorCode.MessageAltered);
-                    return Array.Empty<byte>();
->>>>>>> WIP: Add implementation of NegotiateAuthentication
                 }
             }
 
             IsCompleted = state == NegState.AcceptCompleted || state == NegState.Reject;
-<<<<<<< HEAD
             statusCode = state switch {
                 NegState.AcceptCompleted => SecurityStatusPalOk,
                 NegState.AcceptIncomplete => SecurityStatusPalContinueNeeded,
@@ -1026,11 +1010,6 @@ private unsafe byte[] CreateSpNegoNegotiateMessage(ReadOnlySpan<byte> ntlmNegoti
             };
 
             return null;
-=======
-
-            statusCode = IsCompleted ? SecurityStatusPalOk : new SecurityStatusPal(SecurityStatusPalErrorCode.LogonDenied);
-            return Array.Empty<byte>();
->>>>>>> WIP: Add implementation of NegotiateAuthentication
         }
 
 #pragma warning disable CA1822