What should you do if you find that DecryptMessage (Schannel) function returns SEC_E_INVALID_TOKEN; which means the buffers are of wrong type or no buffer of type SECBUFFER_DATA was found.
DecryptMessage (Schannel) function returns SEC_E_INVALID_TOKEN, means the buffers are of the wrong type or no buffer of type SECBUFFER_DATA was found.
In short the buffers are not set properly.
A quick reference is the example at the link https://msdn.microsoft.com/en-us/library/aa380536(VS.85).aspx, which references the code stated below.
BuffDesc.ulVersion = 0; BuffDesc.cBuffers = 2; BuffDesc.pBuffers = SecBuff; SecBuff[0].cbBuffer = SigBufferSize; SecBuff[0].BufferType = SECBUFFER_TOKEN; SecBuff[0].pvBuffer = pSigBuffer; SecBuff[1].cbBuffer = *pcbMessage; SecBuff[1].BufferType = SECBUFFER_DATA; SecBuff[1].pvBuffer = pDataBuffer; .... DecryptMessage( hCtxt, &BuffDesc, 0, &ulQop); |
Couple of points to note:
· When using the Schannel SSP with contexts that are not connection oriented, on input, the structure must contain four SecBuffer structures. Exactly one buffer must be of type SECBUFFER_DATA and contain an encrypted message, which is decrypted in place. The remaining buffers are used for output and must be of type SECBUFFER_EMPTY.
· For connection-oriented contexts, a SECBUFFER_DATA type buffer must be supplied, as noted for non-connection-oriented contexts. Additionally, a second SECBUFFER_TOKEN type buffer that contains a security token must also be supplied. The above example is more appropriate for connection-oriented contexts.
Example (For Schannel SSP with contexts that are not connection oriented):
Buffers[0].pvBuffer = pbIoBuffer; Buffers[0].cbBuffer = cbIoBuffer; Buffers[0].BufferType = SECBUFFER_DATA; Buffers[1].BufferType = SECBUFFER_EMPTY; Buffers[2].BufferType = SECBUFFER_EMPTY; Buffers[3].BufferType = SECBUFFER_EMPTY; Message.ulVersion = SECBUFFER_VERSION; Message.cBuffers = 4; Message.pBuffers = Buffers; .... DecryptMessage(phContext, &Message, 0, NULL); |
References:
https://msdn.microsoft.com/en-us/library/aa375348(VS.85).aspx
Shamik Misra