Secure socket connection using C++

Dziaji

I am trying to get an SSL/TLS connection to work in Windows. Right now, I'm using Schannel, but I'm not sure if this is the correct approach. Here is my code. InitializeSecurityContextA() function throws exception

#include "windows.h"
#pragma comment(lib, "ws2_32.lib")
#define SECURITY_WIN32
#include <SChannel.h>
#include <security.h>

int CALLBACK WinMain(HINSTANCE currentinstance, HINSTANCE previousinstance, LPSTR BS1, int BS2) {

    // Initialize Winsock 2.0
        WSADATA versioninfo;
        WSAStartup (0x0202, &versioninfo);

    // Load Security DLL
        HMODULE securitydllmodule = LoadLibrary("Secur32.dll");

    // Initialize Schannel
        INIT_SECURITY_INTERFACE initsecurtyinterfacefunction = (INIT_SECURITY_INTERFACE)GetProcAddress(securitydllmodule, "InitSecurityInterfaceA");
        PSecurityFunctionTable schannel = initsecurtyinterfacefunction();
        if (!schannel)
            MessageBox(0, "Failed to initialize schannel", "Message", MB_TASKMODAL | MB_OK);
        else
            MessageBox(0, "initialized schannel", "Message", MB_TASKMODAL | MB_OK);

    // Setup Schannel Credentials
        DWORD protocol = SP_PROT_TLS1;
        SCHANNEL_CRED schannelcredentials;
        ZeroMemory(&schannelcredentials, sizeof(schannelcredentials));
        schannelcredentials.dwVersion = SCHANNEL_CRED_VERSION;
        schannelcredentials.grbitEnabledProtocols = protocol;
        schannelcredentials.dwFlags |= SCH_CRED_NO_DEFAULT_CREDS;
        schannelcredentials.dwFlags |= SCH_CRED_MANUAL_CRED_VALIDATION;

    // Get Client Credentials handle
        CredHandle clientcredentials;
        SECURITY_STATUS securitystatus = schannel->AcquireCredentialsHandleA(
            0, 
            UNISP_NAME_A,
            SECPKG_CRED_OUTBOUND,
            0,
            &schannelcredentials,
            0,
            0,
            &clientcredentials,
            0
        );          
        if (securitystatus != SEC_E_OK)
            MessageBox(0, "Failed to get credenetials", "Message", MB_TASKMODAL | MB_OK);
        else
            MessageBox(0, "Got client credenetials", "Message", MB_TASKMODAL | MB_OK);

    // Connect to Google
        SOCKET mysocket = socket(PF_INET, SOCK_STREAM, 0);
        sockaddr_in sin;
        sin.sin_family = AF_INET;
        sin.sin_port = htons(443);
        hostent *hp = gethostbyname("www.google.com");
        memcpy(&sin.sin_addr, hp->h_addr, 4);
        if (connect(mysocket, (struct sockaddr *)&sin, sizeof(sin)) == SOCKET_ERROR)
            MessageBox(0, "Error connecting", "Message", MB_TASKMODAL | MB_OK);
        else
            MessageBox(0, "Connected", "Message", MB_TASKMODAL | MB_OK);

    // Perform Handshake:
        DWORD sspiflags = (
            ISC_REQ_SEQUENCE_DETECT
            | ISC_REQ_REPLAY_DETECT
            | ISC_REQ_CONFIDENTIALITY
            | ISC_RET_EXTENDED_ERROR
            | ISC_REQ_ALLOCATE_MEMORY
            | ISC_REQ_STREAM
        );

        SecBuffer OutBuffers[1];
        OutBuffers[0].pvBuffer = 0;
        OutBuffers[0].BufferType = SECBUFFER_TOKEN;
        OutBuffers[0].cbBuffer = 0;

        SecBufferDesc OutBuffer;
        OutBuffer.cBuffers = 1;
        OutBuffer.pBuffers = OutBuffers;
        OutBuffer.ulVersion = SECBUFFER_VERSION;

        DWORD sspioutflags;
        CtxtHandle* contexthandle;
        SECURITY_STATUS scRet = schannel->InitializeSecurityContextA(
            &clientcredentials,
            0,
            "www.google.com",
            sspiflags,
            0,
            SECURITY_NATIVE_DREP,
            0,
            0,
            contexthandle,
            &OutBuffer,
            &sspioutflags,
            0
        );
        if (scRet != SEC_I_CONTINUE_NEEDED)
            MessageBox(0, "Error Initializing Security Context", "Message", MB_TASKMODAL | MB_OK);
        else
            MessageBox(0, "Security Context Initialized", "Message", MB_TASKMODAL | MB_OK);

    // Done
        MessageBox(0, "Done", "Message", MB_TASKMODAL | MB_OK);
        return 0;
}
Pasztorpisti

Change CtxtHandle* contexthandle;to CtxtHandle contexthandle;instead of contexthandletransferring &contexthandleto your InitializeSecurityContextA()call.

Related

How to implement a simple secure socket connection

Mohabadi I am writing a simple client-server game in C#. My prototype works fine with socket programming. I use socketclasses with SocketAsyncEventArgsasync for my code. Now, for the alpha version, I like (have to) create a secure connection. But I don't have

How to implement a simple secure socket connection

Mohabadi I am writing a simple client-server game in C#. My prototype works fine with socket programming. I use socketclasses with SocketAsyncEventArgsasync for my code. Now, for the alpha version, I like (have to) create a secure connection. But I don't have

How to implement a simple secure socket connection

Mohabadi I am writing a simple client-server game in C#. My prototype works fine with socket programming. I use socketclasses with SocketAsyncEventArgsasync for my code. Now, for the alpha version, I like (have to) create a secure connection. But I don't have

Secure connection using transport client

St. Kaidal Need to connect to secure elasticsearch with https authentication using transport client in java code. I have the user id and password to connect, but need an example of how we do it? I am using elastic search 5.6.0. I'm looking for xpack and shelf

Secure connection using transport client

St. Kaidal Need to connect to secure elasticsearch with https authentication using transport client in java code. I have the user id and password to connect, but need an example of how we do it? I am using elastic search 5.6.0. I'm looking for xpack and shelf

Using Redis over a secure connection

gear I have a remote Linux box running a Redis server listening on an open port. I want to encrypt traffic, but Redis doesn't support SSH. The suggested solution is to use an SSH tunnel, but I don't have much experience with this. I try to connect a RedisClien

C++ Secure SQL Connection

Chapter 1156 I've been looking for this question and the answer is usually something like encrypting a password. I'm interested in establishing a secure connection to the MySQL server (e.g. without anything else involved, like installing some extra stuff on th

Queue socket connection in C

Domyō In a client-server architecture, I have a server that accepts connections from clients. I would like the server to accept 3 simultaneous connections and the remaining connections (if available) will be put on hold to be served FIFO. What is the correct w

Queue socket connection in C

Domyō In a client-server architecture, I have a server that accepts connections from clients. I would like the server to accept 3 simultaneous connections and the remaining connections (if available) will be put on hold to be served FIFO. What is the correct w

c++ socket connection not working when not using ip

John I am trying to connect to my Java server with my C++ client via dns. So when I enter the dns name instead of my localip, it won't connect. code: invalid sockaddr_in addr; addr.sin_family = AF_INET; addr.sin_addr.s_addr = inet_addr("blalblalb.n

c++ socket connection not working when not using ip

John I am trying to connect to my Java server with my C++ client via dns. So when I enter the dns name instead of my localip, it won't connect. code: invalid sockaddr_in addr; addr.sin_family = AF_INET; addr.sin_addr.s_addr = inet_addr("blalblalb.n

c++ socket connection not working when not using ip

John I am trying to connect to my Java server with my C++ client via dns. So when I type the dns name instead of my localip it won't connect. code: invalid sockaddr_in addr; addr.sin_family = AF_INET; addr.sin_addr.s_addr = inet_addr("blalblalb.no-

c++ socket connection not working when not using ip

John I am trying to connect to my Java server with my C++ client via dns. So when I type the dns name instead of my localip it won't connect. code: invalid sockaddr_in addr; addr.sin_family = AF_INET; addr.sin_addr.s_addr = inet_addr("blalblalb.no-

Is it secure to authenticate web socket connections using jwt?

Victor Lazzi If client-side javascript can access JWT encryption, are they secure? If not, how can I use them to authenticate my web socket connection? Pascal Lamers tl;dr - yes, you can use JWT for web socket connections if you keep certain regulations in min

Web socket issue Secure connection with Jetty web server

DN0300 I'm having trouble getting my Websocket secure (wss://) connection to work. Recently I had to use the server on the previous server wss:// connection, and switched servers and got a new SSL certificate for it to work. On the new server, I generated a ne

Web socket issue Secure connection with Jetty web server

DN0300 I'm having trouble getting my Websocket secure (wss://) connection to work. Recently I had to use the server on the previous server wss:// connection, and switched servers and got a new SSL certificate for it to work. On the new server, I generated a ne

How to get files using secure connection (https)

Matthews I want to host images in a secure server (https). My app uses https in all its webpages, so I don't want to have problems with browsers saying my webpages are not secure. I am wondering if it is possible to do this in Google Cloud Storage. Brandon Jab

Secure connection using x509 certificate

Zogby I created the CA certificate with the secret private key I generated and added it to each host's Trusted Root Certification Authorities. I then receive a certificate request from that host and sign it with my private key, defining an expiration date. And

How to get files using secure connection (https)

Matthews I want to host images in a secure server (https). My app uses https in all its webpages, so I don't want to have problems with browsers saying my webpages are not secure. I am wondering if it is possible to do this in Google Cloud Storage. Brandon Yar

Secure connection using x509 certificate

Zogby I created the CA certificate with the secret private key I generated and added it to each host's Trusted Root Certification Authorities. I then receive a certificate request from that host and sign it with my private key, defining an expiration date. And

How to get files using secure connection (https)

Matthews I want to host images in a secure server (https). My app uses https in all its webpages, so I don't want to have problems with browsers saying my webpages are not secure. I am wondering if it is possible to do this in Google Cloud Storage. Brandon Yar

About using socket, io for socket connection in webrtc

Sats17 I'm working on peer-to-peer video chat and I'm following Google Codelab to learn. I just read the theoretical part about webrtc from the html 5 rock site, so I don't know much about the encoding part of the socket connection. The link to the codelab is