Platform SDK: Logon Authentication

Verifying a Message

The following example shows code to receive and verify a signed message. The example receives the signature buffer and its size are in SignatureBuffer and SignatureBufferSize, and the message buffer and its size in MessageBuffer and MessageBufferSize.

The example assumes that a SecHandle variable named phContext and a SOCKET structure named s are initialized. For the declarations and initiations of these variables, see Using SSPI with a Windows Sockets Client and Using SSPI with a Windows Sockets Server. This code also uses the function ReceiveMsg and HandleError. Code for these functions can be seen in Utility Functions for Windows Sockets Client and Server.

//--------------------------------------------------------------------
//  Declare and initialize local variables.


#define MaxMessageLength 1024
#define BUFSIZ 512
BYTE MessageBuffer[BUFSIZ];
BYTE SignatureBuffer[BUFSIZ];
DWORD MessageBufferSize;
DWORD SignatureBufferSize;
SECURITY_STATUS SecStatus;
SecBufferDesc InputBufferDescriptor;
SecBuffer InputSecurityToken[2];
ULONG fQOP;

//------------------------------------------------------------------
//    Receive the message

if(!(ReceiveMsg(
     s,
     MessageBuffer,
     MaxMessageLength,
     &MessageBufferSize)))
{
     HandleError("Error. Message not received.");
}

//------------------------------------------------------------------
//    Receive the signature.

if(!(ReceiveMsg(
     s,
     SignatureBuffer,
     MaxMessageLength,
     &SignatureBufferSize)))
{
     HandleError("Error. Signature not received.");
}

//------------------------------------------------------------------
// Build the input buffer descriptor.

InputBufferDescriptor.cBuffers = 2;
InputBufferDescriptor.pBuffers = InputSecurityToken;
InputBufferDescriptor.ulVersion = SECBUFFER_VERSION;

//-------------------------------------------------------------------
// Build the security buffer for the message

InputSecurityToken[0].BufferType = SECBUFFER_DATA;
InputSecurityToken[0].cbBuffer = MessageBufferSize;
InputSecurityToken[0].pvBuffer = MessageBuffer;

//-------------------------------------------------------------------
// Build the security buffer for the signature.

InputSecurityToken[1].BufferType = SECBUFFER_TOKEN;
InputSecurityToken[1].cbBuffer = SignatureBufferSize;
InputSecurityToken[1].pvBuffer = SignatureBuffer;

//--------------------------------------------------------------------
// Call VerifySignature. 

SecStatus =g_pFuncs->VerifySignature(
      &phContext,
      &InputBufferDescriptor,  // input message descriptor
      0,                       // no sequence number
      &fQOP                    // Quality of protection
      );
if(SecStatus == SEC_E_OK)
{
     printf("The signature verified the message.\n");
}
else
     if(SecStatus == SEC_E_MESSAGE_ALTERED)
     {
          printf("The message was altered in transit.\n");
     }
     else
          if(SecStatus == SEC_E_OUT_OF_SEQUENCE )
          {
              printf("The message is out of sequence.\n");
          }
          else
          {
              printf("An unknown error occurred in VerifyMessage.\n");
          }