search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-scripts: Improve update and listing code
[samba4-gss.git] / libcli / auth / tests / test_schannel.c
blobe249ff00751b8e3fda0078c221536cd8cbc664c4
1 /*
2 * Unix SMB/CIFS implementation.
3 *
4 * Copyright (C) 2019 Guenther Deschner <gd@samba.org>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include <stdarg.h>
21 #include <stddef.h>
22 #include <stdint.h>
23 #include <setjmp.h>
24 #include <cmocka.h>
25
26 #include "includes.h"
27 #include "auth/gensec/schannel.c"
28
29 static void torture_schannel_seal_flags(void **state, uint32_t flags,
30 const DATA_BLOB session_key,
31 const DATA_BLOB seq_num_initial,
32 const DATA_BLOB confounder_initial,
33 const DATA_BLOB confounder_expected,
34 const DATA_BLOB clear_initial,
35 const DATA_BLOB crypt_expected)
36 {
37 NTSTATUS status;
38 struct schannel_state *schannel_state;
39 struct netlogon_creds_CredentialState *creds;
40 uint8_t confounder[8];
41 DATA_BLOB io;
42
43 assert_int_equal(session_key.length, 16);
44 assert_int_equal(seq_num_initial.length, 8);
45 assert_int_equal(confounder_initial.length, 8);
46 assert_int_equal(confounder_expected.length, 8);
47 assert_int_equal(clear_initial.length, crypt_expected.length);
48
49 DEBUG(0,("checking buffer size: %d\n", (int)clear_initial.length));
50
51 schannel_state = talloc_zero(NULL, struct schannel_state);
52 assert_non_null(schannel_state);
53 creds = talloc_zero(schannel_state,
54 struct netlogon_creds_CredentialState);
55 assert_non_null(creds);
56 schannel_state->creds = creds;
57
58 io = data_blob_dup_talloc(schannel_state, clear_initial);
59 assert_non_null(io.data);
60 assert_int_equal(io.length, clear_initial.length);
61
62 schannel_state->creds->negotiate_flags = flags;
63 memcpy(schannel_state->creds->session_key, session_key.data, 16);
64
65 memcpy(confounder, confounder_initial.data, 8);
66
67 DEBUG(0,("confounder before crypt:\n"));
68 dump_data(0, confounder, 8);
69 dump_data(0, seq_num_initial.data, 8);
70 dump_data(0, io.data, io.length);
71
72 status = netsec_do_seal(schannel_state,
73 seq_num_initial.data,
74 confounder,
75 io.data,
76 io.length,
77 true);
78
79 assert_true(NT_STATUS_IS_OK(status));
80 dump_data(0, io.data, io.length);
81 DEBUG(0,("confounder after crypt:\n"));
82 dump_data(0, confounder, 8);
83 dump_data(0, seq_num_initial.data, 8);
84 assert_memory_equal(io.data, crypt_expected.data, crypt_expected.length);
85 assert_memory_equal(confounder, confounder_expected.data, confounder_expected.length);
86
87 status = netsec_do_seal(schannel_state,
88 seq_num_initial.data,
89 confounder,
90 io.data,
91 io.length,
92 false);
93
94 assert_true(NT_STATUS_IS_OK(status));
95 dump_data(0, io.data, io.length);
96 DEBUG(0,("confounder after decrypt:\n"));
97 dump_data(0, confounder, 8);
98 dump_data(0, seq_num_initial.data, 8);
99 assert_memory_equal(io.data, clear_initial.data, clear_initial.length);
100 assert_memory_equal(confounder, confounder_initial.data, confounder_initial.length);
101
102 talloc_free(schannel_state);
103 }
104
105 static void torture_schannel_seal_rc4(void **state)
106 {
107 const uint8_t _session_key[16] = {
108 0x14, 0xD5, 0x7F, 0x8D, 0x8E, 0xCF, 0xFB, 0x56,
109 0x71, 0x29, 0x9D, 0x9C, 0x2A, 0x75, 0x00, 0xA1
110 };
111 const DATA_BLOB session_key = data_blob_const(_session_key, 16);
112 const uint8_t _seq_num_initial[8] = {
113 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00
114 };
115 const DATA_BLOB seq_num_initial =
116 data_blob_const(_seq_num_initial, 8);
117 const uint8_t _confounder_initial[8] = {
118 0x1A, 0x5A, 0xE8, 0xC7, 0xBE, 0x4F, 0x1F, 0x07
119 };
120 const DATA_BLOB confounder_initial =
121 data_blob_const(_confounder_initial, 8);
122 const uint8_t _confounder_expected[8] = {
123 0x25, 0x4A, 0x9C, 0x15, 0x82, 0x3E, 0x4A, 0x42
124 };
125 const DATA_BLOB confounder_expected =
126 data_blob_const(_confounder_expected, 8);
127 const uint8_t _clear_initial[] = {
128 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
129 0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
130 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,
131 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
132 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
133 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
134 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
135 0x8A, 0xE3, 0x13, 0x71, 0x02, 0xF4, 0x36, 0x71,
136 0x01, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00,
137 0x02, 0x40, 0x28, 0x00, 0x78, 0x57, 0x34, 0x12,
138 0x34, 0x12, 0xCD, 0xAB, 0xEF, 0x00, 0x01, 0x23,
139 0x45, 0x67, 0x89, 0xAB, 0x00, 0x00, 0x00, 0x00,
140 0x04, 0x5D, 0x88, 0x8A, 0xEB, 0x1C, 0xC9, 0x11,
141 0x9F, 0xE8, 0x08, 0x00, 0x2B, 0x10, 0x48, 0x60,
142 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
144 };
145 const DATA_BLOB clear_initial = data_blob_const(_clear_initial,
146 sizeof(_clear_initial));
147 const uint8_t crypt_buffer[] = {
148 0x3E, 0x10, 0x74, 0xD2, 0x3C, 0x71, 0x57, 0x45,
149 0xB8, 0xAA, 0xCF, 0xE3, 0x84, 0xBE, 0xC4, 0x00,
150 0xF4, 0x4D, 0x88, 0x0A, 0x9B, 0xCC, 0x53, 0xFC,
151 0x32, 0xAA, 0x8E, 0x4B, 0x0E, 0xDE, 0x5F, 0x7D,
152 0x6D, 0x31, 0x4E, 0xAB, 0xE0, 0x7D, 0x37, 0x9D,
153 0x3D, 0x16, 0xD8, 0xBA, 0x6A, 0xB0, 0xD0, 0x99,
154 0x14, 0x05, 0x37, 0xCF, 0x63, 0xD3, 0xD7, 0x60,
155 0x63, 0x3C, 0x03, 0x0A, 0x30, 0xA0, 0x3E, 0xC7,
156 0xDA, 0x94, 0x3B, 0x40, 0x63, 0x74, 0xEF, 0xCF,
157 0xE5, 0x48, 0x87, 0xE9, 0x6A, 0x5A, 0xC7, 0x61,
158 0xF7, 0x09, 0xB7, 0x7C, 0xDE, 0xDB, 0xB0, 0x94,
159 0x9B, 0x99, 0xC0, 0xA7, 0x7E, 0x78, 0x09, 0x35,
160 0xB4, 0xF4, 0x11, 0xC3, 0xB3, 0x77, 0xB5, 0x77,
161 0x25, 0xEE, 0xFD, 0x2F, 0x9A, 0x15, 0x95, 0x27,
162 0x08, 0xDA, 0xD0, 0x28, 0xD6, 0x31, 0xB4, 0xB7,
163 0x7A, 0x19, 0xBB, 0xF3, 0x78, 0xF8, 0xC2, 0x5B
164 };
165 const DATA_BLOB crypt_expected = data_blob_const(crypt_buffer,
166 sizeof(crypt_buffer));
167 int buffer_sizes[] = {
168 0, 1, 3, 7, 8, 9, 15, 16, 17
169 };
170 size_t i;
171
172 torture_schannel_seal_flags(state, 0,
173 session_key,
174 seq_num_initial,
175 confounder_initial,
176 confounder_expected,
177 clear_initial,
178 crypt_expected);
179
180 /* repeat the test for varying buffer sizes */
181
182 for (i = 0; i < ARRAY_SIZE(buffer_sizes); i++) {
183 DATA_BLOB clear_initial_trunc =
184 data_blob_const(clear_initial.data, buffer_sizes[i]);
185 DATA_BLOB crypt_expected_trunc =
186 data_blob_const(crypt_expected.data, buffer_sizes[i]);
187 torture_schannel_seal_flags(state, 0,
188 session_key,
189 seq_num_initial,
190 confounder_initial,
191 confounder_expected,
192 clear_initial_trunc,
193 crypt_expected_trunc);
194 }
195 }
196
197 static void torture_schannel_seal_aes(void **state)
198 {
199 const uint8_t _session_key[16] = {
200 0x8E, 0xE8, 0x27, 0x85, 0x83, 0x41, 0x3C, 0x8D,
201 0xC9, 0x54, 0x70, 0x75, 0x8E, 0xC9, 0x69, 0x91
202 };
203 const DATA_BLOB session_key = data_blob_const(_session_key, 16);
204 const uint8_t _seq_num_initial[8] = {
205 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00
206 };
207 const DATA_BLOB seq_num_initial =
208 data_blob_const(_seq_num_initial, 8);
209 const uint8_t _confounder_initial[8] = {
210 0x6E, 0x09, 0x25, 0x94, 0x01, 0xA0, 0x09, 0x31
211 };
212 const DATA_BLOB confounder_initial =
213 data_blob_const(_confounder_initial, 8);
214 const uint8_t _confounder_expected[8] = {
215 0xCA, 0xFB, 0xAC, 0xFB, 0xA8, 0x26, 0x75, 0x2A
216 };
217 const DATA_BLOB confounder_expected =
218 data_blob_const(_confounder_expected, 8);
219 const uint8_t _clear_initial[] = {
220 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
221 0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00,
222 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,
223 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
224 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
225 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
226 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
227 0x8A, 0xE3, 0x13, 0x71, 0x02, 0xF4, 0x36, 0x71,
228 0x01, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00,
229 0x02, 0x40, 0x28, 0x00, 0x78, 0x57, 0x34, 0x12,
230 0x34, 0x12, 0xCD, 0xAB, 0xEF, 0x00, 0x01, 0x23,
231 0x45, 0x67, 0x89, 0xAB, 0x00, 0x00, 0x00, 0x00,
232 0x04, 0x5D, 0x88, 0x8A, 0xEB, 0x1C, 0xC9, 0x11,
233 0x9F, 0xE8, 0x08, 0x00, 0x2B, 0x10, 0x48, 0x60,
234 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
235 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
236 };
237 const DATA_BLOB clear_initial = data_blob_const(_clear_initial,
238 sizeof(_clear_initial));
239 const uint8_t crypt_buffer[] = {
240 0xE2, 0xE5, 0xE3, 0x26, 0x45, 0xFB, 0xFC, 0xF3,
241 0x9C, 0x14, 0xDD, 0xE1, 0x39, 0x23, 0xE0, 0x55,
242 0xED, 0x8F, 0xF4, 0x92, 0xA1, 0xBD, 0xDC, 0x40,
243 0x58, 0x6F, 0xD2, 0x5B, 0xF9, 0xC9, 0xA3, 0x87,
244 0x46, 0x4B, 0x7F, 0xB2, 0x03, 0xD2, 0x35, 0x22,
245 0x3E, 0x70, 0x9F, 0x1E, 0x3F, 0x1F, 0xDB, 0x7D,
246 0x79, 0x88, 0x5A, 0x3D, 0xD3, 0x40, 0x1E, 0x69,
247 0xD7, 0xE2, 0x1D, 0x5A, 0xE9, 0x3B, 0xE1, 0xE2,
248 0x98, 0xFD, 0xCB, 0x3A, 0xF7, 0xB5, 0x1C, 0xF8,
249 0xCA, 0x02, 0x00, 0x99, 0x9F, 0x0C, 0x01, 0xE6,
250 0xD2, 0x00, 0xAF, 0xE0, 0x51, 0x88, 0x62, 0x50,
251 0xB7, 0xE8, 0x6D, 0x63, 0x4B, 0x97, 0x05, 0xC1,
252 0xD4, 0x83, 0x96, 0x29, 0x80, 0xAE, 0xD8, 0xA2,
253 0xED, 0xC9, 0x5D, 0x0D, 0x29, 0xFF, 0x2C, 0x23,
254 0x02, 0xFA, 0x3B, 0xEE, 0xE8, 0xBA, 0x06, 0x01,
255 0x95, 0xDF, 0x80, 0x76, 0x0B, 0x17, 0x0E, 0xD8
256 };
257 const DATA_BLOB crypt_expected = data_blob_const(crypt_buffer,
258 sizeof(crypt_buffer));
259 int buffer_sizes[] = {
260 0, 1, 3, 7, 8, 9, 15, 16, 17
261 };
262 size_t i;
263
264 torture_schannel_seal_flags(state, NETLOGON_NEG_SUPPORTS_AES,
265 session_key,
266 seq_num_initial,
267 confounder_initial,
268 confounder_expected,
269 clear_initial,
270 crypt_expected);
271
272 /* repeat the test for varying buffer sizes */
273
274 for (i = 0; i < ARRAY_SIZE(buffer_sizes); i++) {
275 DATA_BLOB clear_initial_trunc =
276 data_blob_const(clear_initial.data, buffer_sizes[i]);
277 DATA_BLOB crypt_expected_trunc =
278 data_blob_const(crypt_expected.data, buffer_sizes[i]);
279 torture_schannel_seal_flags(state, NETLOGON_NEG_SUPPORTS_AES,
280 session_key,
281 seq_num_initial,
282 confounder_initial,
283 confounder_expected,
284 clear_initial_trunc,
285 crypt_expected_trunc);
286 }
287 }
288
289 int main(int argc, char *argv[])
290 {
291 int rc;
292 const struct CMUnitTest tests[] = {
293 cmocka_unit_test(torture_schannel_seal_rc4),
294 cmocka_unit_test(torture_schannel_seal_aes),
295 };
296
297 if (argc == 2) {
298 cmocka_set_test_filter(argv[1]);
299 }
300 cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
301
302 rc = cmocka_run_group_tests(tests, NULL, NULL);
303
304 return rc;
305 }
GSS-enabled samba4