Export (0) Print
Expand All
Information
The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.

Context Semantics

Windows Mobile 6.5
A version of this page is also available for
4/8/2010

A security context is the set of security attributes and rules in effect during a communication session. These attributes and rules include such information as the identities of the principal and information about the keys, ciphers, and algorithms being used. For Security Support Provider Interface (SSPI), a security context is an opaque structure created through an exchange involving the InitializeSecurityContext function and the AcceptSecurityContext function.

The SSPI supports three types of security contexts:

  • Connection
  • Datagram
  • Stream

With a connection context, the caller of the function is responsible for formatting messages. The caller also relies on the security provider to authenticate connections and to ensure the integrity of specific parts of the message. Most context options are available to connection contexts. These options include mutual authentication, replay detection, and sequence detection. A security package sets the SECPKG_FLAG_CONNECTION flag to indicate that it supports connection semantics.

A datagram context, or connectionless context, has slightly different semantics from a connection context. A connectionless context implies that the server has no way of determining when the client has shut down or otherwise terminated the connection. In other words, no termination notice is passed from the transport application to the server, as would occur in a connection context. A security package sets the SECPKG_FLAG_DATAGRAM flag to indicate that it supports datagram semantics. If a client specifies the ISC_REQ_DATAGRAM flag in its call to the InitializeSecurityContext function, the following characteristics apply:

  • The security package does not produce an authentication binary large object (BLOB) on the first call to InitializeSecurityContext. However, the client can immediately use the returned security context in a call to the MakeSignature function to generate a message signature.
  • The security package must enable the context to be reestablished multiple times to allow the server to drop the connection without notice. Enabling the context to be reestablished multiple times also implies that any keys used in the MakeSignature and VerifySignature functions can be reset to a consistent state. For more information about key states, see Cryptography.
  • The security package must enable the caller to specify sequence data, and must also enable the receiver to return that same sequence data back to the caller. This is not exclusive of any sequence data maintained by the package.

A stream context is different from both a connection context and a datagram context. The caller is not interested in formatting, but rather a raw stream of data. A stream context handles help to secure stream protocols.

A security package that supports stream contexts has the following characteristics:

  • The security package sets the SECPKG_FLAG_STREAM flag to indicate that it supports stream semantics, just as it would set a flag to indicate support for connection and datagram semantics.
  • A transport application requests stream semantics by setting the ISC_REQ_STREAM and ASC_REQ_STREAM flags in the calls to the InitializeSecurityContext and AcceptSecurityContext functions.
  • The application calls the QueryContextAttributes function with a SecPkgContext_StreamSizes structure to query the security context both for the number of buffers to provide and the sizes to reserve for headers or trailers.
  • The application provides extra buffer descriptors during actual data processing. By specifying stream semantics, the caller indicates it will perform extra operations so that the security provider can block messages. These extra operations include passing a list of buffers when the MakeSignature and VerifySignature functions are called. When a message is received from a stream-oriented channel, the caller passes a buffer. The following table shows the buffer types associated with these functions.

    Buffer Length Buffer type

    1

    Message length

    SECBUFFER_DATA

    2

    0

    SECBUFFER_EMPTY

    3

    0

    SECBUFFER_EMPTY

    4

    0

    SECBUFFER_EMPTY

    5

    0

    SECBUFFER_EMPTY

The security package then authenticates the BLOB. The following table shows what the buffer list looks like, if the function returns successfully.

Buffer Length Buffer type

1

Header length

SECBUFFER_STREAM_HEADER

2

Data length

SECBUFFER_DATA

3

Trailer length

SECBUFFER_STREAM_TRAILER

4

0

SECBUFFER_EMPTY

5

0

SECBUFFER_EMPTY

The following table shows an alternate return value for buffer 4.

Buffer Length Buffer type

4

X

SECBUFFER_EXTRA

The buffer listed in the previous table indicates that data in this buffer is part of the next record, and has not yet been processed.

Conversely, the following table shows what the returned buffer list would look like if the message function returns the SEC_E_INCOMPLETE_MESSAGE error message.

Buffer Length Buffer type

1

X

SECBUFFER_MISSING

The buffer described in the previous table indicates that more data is needed to process the record. Unlike most errors returned from a message function, this buffer type does not indicate that the context has been compromised. Security providers must not update their state in this condition.

Similarly, on the sender's side of the communication, the caller can call the MakeSignature function, in which case the security package may need to reallocate the buffer. The following table shows the buffer list that the caller can provide to be more efficient.

Buffer Length Buffer type

1

Header Length

SECBUFFER_STREAM_HEADER

2

Data Length

SECBUFFER_DATA

3

Trailer Length

SECBUFFER_STREAM_TRAILER

Using a buffer, like the one described in the previous table, enables the caller to use buffers more efficiently. By calling the QueryContextAttributes function to determine the amount of space to reserve before calling MakeSignature, the operation is more efficient for the application and the security package.

Community Additions

Show:
© 2014 Microsoft