diff options
author | Simo Sorce <simo@redhat.com> | 2013-10-17 11:26:49 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-10-18 15:26:32 -0400 |
commit | 9aae9989eae728b66cd1476eb216c95bf3d28981 (patch) | |
tree | a56e7b2e77a0dc1ef9f3df11a8c68269f4c198e4 /tests | |
parent | 5a8271d7475029e680f049d24863763b2dce2e38 (diff) | |
download | gss-ntlmssp-9aae9989eae728b66cd1476eb216c95bf3d28981.tar.gz gss-ntlmssp-9aae9989eae728b66cd1476eb216c95bf3d28981.tar.xz gss-ntlmssp-9aae9989eae728b66cd1476eb216c95bf3d28981.zip |
Fix generation of signing keys and add tests
Diffstat (limited to 'tests')
-rw-r--r-- | tests/ntlmssptest.c | 183 |
1 files changed, 183 insertions, 0 deletions
diff --git a/tests/ntlmssptest.c b/tests/ntlmssptest.c index e0cc7af..2546041 100644 --- a/tests/ntlmssptest.c +++ b/tests/ntlmssptest.c @@ -357,6 +357,108 @@ struct { } }; +struct t_gsswrapex_data { + uint32_t flags; + uint32_t SeqNum; + struct ntlm_buffer Plaintext; + struct ntlm_key KeyExchangeKey; + struct ntlm_key ClientSealKey; + struct ntlm_key ClientSignKey; + struct ntlm_buffer Ciphertext; + struct ntlm_buffer Signature; +}; + +/* GSS_WrapEx V1 Extended Session Security Test Data */ +struct t_gsswrapex_data T_GSSWRAPEXv1 = { + ( + NTLMSSP_NEGOTIATE_56 | + NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL | + NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY + ), + 0, + { + .data = (uint8_t *)"\x50\x00\x6c\x00\x61\x00\x69\x00" + "\x6e\x00\x74\x00\x65\x00\x78\x00\x74\x00", + .length = 18 + }, + { + .data = { + 0xeb, 0x93, 0x42, 0x9a, 0x8b, 0xd9, 0x52, 0xf8, + 0xb8, 0x9c, 0x55, 0xb8, 0x7f, 0x47, 0x5e, 0xdc + }, + .length = 16 + }, + { + .data = { + 0x04, 0xdd, 0x7f, 0x01, 0x4d, 0x85, 0x04, 0xd2, + 0x65, 0xa2, 0x5c, 0xc8, 0x6a, 0x3a, 0x7c, 0x06 + }, + .length = 16 + }, + { + .data = { + 0x60, 0xe7, 0x99, 0xbe, 0x5c, 0x72, 0xfc, 0x92, + 0x92, 0x2a, 0xe8, 0xeb, 0xe9, 0x61, 0xfb, 0x8d + }, + .length = 16 + }, + { + .data = (uint8_t *)"\xa0\x23\x72\xf6\x53\x02\x73\xf3" + "\xaa\x1e\xb9\x01\x90\xce\x52\x00\xc9\x9d", + .length = 18 + }, + { + .data = (uint8_t *)"\x01\x00\x00\x00\xff\x2a\xeb\x52" + "\xf6\x81\x79\x3a\x00\x00\x00\x00", + .length = 16 + }, +}; + +/* GSS_WrapEx V2 Test Data */ +struct t_gsswrapex_data T_GSSWRAPEXv2 = { + ( + NTLMSSP_NEGOTIATE_56 | NTLMSSP_NEGOTIATE_128 | + NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL | + NTLMSSP_NEGOTIATE_KEY_EXCH | NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY + ), + 0, + { + .data = (uint8_t *)"\x50\x00\x6c\x00\x61\x00\x69\x00" + "\x6e\x00\x74\x00\x65\x00\x78\x00\x74\x00", + .length = 18 + }, + { + .data = { + 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, + 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55 + }, + .length = 16 + }, + { + .data = { + 0x59, 0xf6, 0x00, 0x97, 0x3c, 0xc4, 0x96, 0x0a, + 0x25, 0x48, 0x0a, 0x7c, 0x19, 0x6e, 0x4c, 0x58 + }, + .length = 16 + }, + { + .data = { + 0x47, 0x88, 0xdc, 0x86, 0x1b, 0x47, 0x82, 0xf3, + 0x5d, 0x43, 0xfd, 0x98, 0xfe, 0x1a, 0x2d, 0x39 + }, + .length = 16 + }, + { + .data = (uint8_t *)"\x54\xe5\x01\x65\xbf\x19\x36\xdc" + "\x99\x60\x20\xc1\x81\x1b\x0f\x06\xfb\x5f", + .length = 18 + }, + { + .data = (uint8_t *)"\x01\x00\x00\x00\x7f\xb3\x8e\xc5" + "\xc5\x5d\x49\x76\x00\x00\x00\x00", + .length = 16 + }, +}; int test_LMOWFv1(struct ntlm_ctx *ctx) { struct ntlm_key result = { .length = 16 }; @@ -874,6 +976,79 @@ int test_EncodeAuthenticateMessageV2(struct ntlm_ctx *ctx) return ret; } +int test_GSS_Wrap_EX(struct ntlm_ctx *ctx, struct t_gsswrapex_data *data) +{ + struct ntlm_key sign_send_key; + struct ntlm_key sign_recv_key; + struct ntlm_key seal_send_key; + struct ntlm_key seal_recv_key; + struct ntlm_rc4_handle *seal_send_handle; + struct ntlm_rc4_handle *seal_recv_handle; + uint8_t outbuf[data->Ciphertext.length]; + uint8_t signbuf[16]; + struct ntlm_buffer output = { outbuf, data->Ciphertext.length }; + struct ntlm_buffer signature = { signbuf, 16 }; + int ret; + + ret = ntlm_signseal_keys(data->flags, true, + &data->KeyExchangeKey, + &sign_send_key, &sign_recv_key, + &seal_send_key, &seal_recv_key, + &seal_send_handle, &seal_recv_handle); + if (ret) return ret; + + if (memcmp(seal_send_key.data, data->ClientSealKey.data, 16) != 0) { + fprintf(stderr, "Client Sealing Keys differ!\n"); + fprintf(stderr, "expected:\n%s", + hex_to_dump(data->ClientSealKey.data, 16)); + fprintf(stderr, "obtained:\n%s", + hex_to_dump(seal_send_key.data, sign_send_key.length)); + ret = EINVAL; + } + + if (memcmp(sign_send_key.data, data->ClientSignKey.data, 16) != 0) { + fprintf(stderr, "Client Signing Keys differ!\n"); + fprintf(stderr, "expected:\n%s", + hex_to_dump(data->ClientSignKey.data, 16)); + fprintf(stderr, "obtained:\n%s", + hex_to_dump(sign_send_key.data, sign_send_key.length)); + ret = EINVAL; + } + + if (ret) return ret; + + ret = ntlm_seal(seal_send_handle, data->flags, + &sign_send_key, data->SeqNum, + &data->Plaintext, &output, &signature); + + if (ret) { + fprintf(stderr, "Sealing failed\n"); + return ret; + } + + if (memcmp(output.data, data->Ciphertext.data, + data->Ciphertext.length) != 0) { + fprintf(stderr, "Ciphertext differs!\n"); + fprintf(stderr, "expected:\n%s", + hex_to_dump(data->Ciphertext.data, + data->Ciphertext.length)); + fprintf(stderr, "obtained:\n%s", + hex_to_dump(output.data, output.length)); + ret = EINVAL; + } + + if (memcmp(signature.data, data->Signature.data, 16) != 0) { + fprintf(stderr, "Signature differs!\n"); + fprintf(stderr, "expected:\n%s", + hex_to_dump(data->Signature.data, 16)); + fprintf(stderr, "obtained:\n%s", + hex_to_dump(signature.data, signature.length)); + ret = EINVAL; + } + + return ret; +} + #define TEST_USER_FILE "examples/test_user_file.txt" int test_gssapi_1(bool user_env_file) @@ -1202,6 +1377,14 @@ int main(int argc, const char *argv[]) ret = test_EncodeAuthenticateMessageV2(ctx); fprintf(stdout, "Test: %s\n", (ret ? "FAIL":"SUCCESS")); + fprintf(stdout, "Test sealing a Message with NTLMv1 Extended Security\n"); + ret = test_GSS_Wrap_EX(ctx, &T_GSSWRAPEXv1); + fprintf(stdout, "Test: %s\n", (ret ? "FAIL":"SUCCESS")); + + fprintf(stdout, "Test sealing a Message with NTLMv2 Extended Security\n"); + ret = test_GSS_Wrap_EX(ctx, &T_GSSWRAPEXv2); + fprintf(stdout, "Test: %s\n", (ret ? "FAIL":"SUCCESS")); + fprintf(stdout, "Test GSSAPI conversation (user env file)\n"); ret = test_gssapi_1(true); fprintf(stdout, "Test: %s\n", (ret ? "FAIL":"SUCCESS")); |