none
SChannel in kernel mode RRS feed

  • Question

  • I'm trying to use SChannel in kernel mode. I'd like to call AcquireCredentialsHandle, however it requires an instance of SCHANNEL_CRED for the pAuthDate parameter, which is not available in kernel mode.

    Creating it in user mode, and passing it down, won't work, since it contains pointers (eg paCred) which will be invalid in kernel mode, since they will be user mode pointers.

    What are my options?



    • Edited by elicym Thursday, July 19, 2018 7:54 PM
    Thursday, July 19, 2018 7:52 PM

All replies

  • The documentation says that, for kernel mode callers, the buffers must be in "process virtual memory", which means they are user-mode addresses.  That implies that you have to call this in the context of the process.

    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    • Marked as answer by elicym Sunday, July 22, 2018 5:47 PM
    • Unmarked as answer by elicym Thursday, July 26, 2018 3:51 PM
    Sunday, July 22, 2018 5:52 AM
  • Thank you, but this didn't work. Please see my answer.
    • Edited by elicym Friday, July 27, 2018 9:21 AM
    Sunday, July 22, 2018 5:47 PM
  • I couldn't get it working by passing down the credentials from user mode. Instead I mocked SCHANNEL_CRED in kernel mode, set dwCredFormat to SCH_CRED_FORMAT_CERT_HASH (see docs). Ensure that cCreds is set to 0, and paCred is set to the certificate hash.
    EDIT: Actually this doesn't work. Setting cCreds to 0 simply ignores the certificate, so although the call AcquireCredentialsHandle works, the next call to AcceptSecurityContext fails, as if you had never supplied any certificate. Setting it to one fails immediately with SEC_E_NO_CREDENTIALS.

    • Marked as answer by elicym Friday, July 27, 2018 9:21 AM
    • Unmarked as answer by elicym Sunday, July 29, 2018 10:39 AM
    • Edited by elicym Sunday, July 29, 2018 10:44 AM
    Friday, July 27, 2018 9:21 AM