projects / reactos.git / blob
? search:


3a2c55db2e805e150d073b4055e4679de6ccceda
[reactos.git] / modules / rostests / winetests / secur32 / schannel.c
1 /*
2 * Schannel tests
3 *
4 * Copyright 2006 Juan Lang
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20 #include <stdio.h>
21 #include <stdarg.h>
22 #include <windef.h>
23 #include <winbase.h>
24 #define SECURITY_WIN32
25 #include <security.h>
26 #include <schannel.h>
27 #include <winsock2.h>
28 #include <ws2tcpip.h>
29
30 #include "wine/test.h"
31
32 static QUERY_CONTEXT_ATTRIBUTES_FN_A pQueryContextAttributesA;
33
34 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
35 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
36 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
37 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
38 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
39 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
40 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
41 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
42 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
43 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
44 static WCHAR cspNameW[] = { 'W','i','n','e','C','r','y','p','t','T','e',
45 'm','p',0 };
46 static BYTE privKey[] = {
47 0x07, 0x02, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x32, 0x00,
48 0x02, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x79, 0x10, 0x1c, 0xd0, 0x6b, 0x10,
49 0x18, 0x30, 0x94, 0x61, 0xdc, 0x0e, 0xcb, 0x96, 0x4e, 0x21, 0x3f, 0x79, 0xcd,
50 0xa9, 0x17, 0x62, 0xbc, 0xbb, 0x61, 0x4c, 0xe0, 0x75, 0x38, 0x6c, 0xf3, 0xde,
51 0x60, 0x86, 0x03, 0x97, 0x65, 0xeb, 0x1e, 0x6b, 0xdb, 0x53, 0x85, 0xad, 0x68,
52 0x21, 0xf1, 0x5d, 0xe7, 0x1f, 0xe6, 0x53, 0xb4, 0xbb, 0x59, 0x3e, 0x14, 0x27,
53 0xb1, 0x83, 0xa7, 0x3a, 0x54, 0xe2, 0x8f, 0x65, 0x8e, 0x6a, 0x4a, 0xcf, 0x3b,
54 0x1f, 0x65, 0xff, 0xfe, 0xf1, 0x31, 0x3a, 0x37, 0x7a, 0x8b, 0xcb, 0xc6, 0xd4,
55 0x98, 0x50, 0x36, 0x67, 0xe4, 0xa1, 0xe8, 0x7e, 0x8a, 0xc5, 0x23, 0xf2, 0x77,
56 0xf5, 0x37, 0x61, 0x49, 0x72, 0x59, 0xe8, 0x3d, 0xf7, 0x60, 0xb2, 0x77, 0xca,
57 0x78, 0x54, 0x6d, 0x65, 0x9e, 0x03, 0x97, 0x1b, 0x61, 0xbd, 0x0c, 0xd8, 0x06,
58 0x63, 0xe2, 0xc5, 0x48, 0xef, 0xb3, 0xe2, 0x6e, 0x98, 0x7d, 0xbd, 0x4e, 0x72,
59 0x91, 0xdb, 0x31, 0x57, 0xe3, 0x65, 0x3a, 0x49, 0xca, 0xec, 0xd2, 0x02, 0x4e,
60 0x22, 0x7e, 0x72, 0x8e, 0xf9, 0x79, 0x84, 0x82, 0xdf, 0x7b, 0x92, 0x2d, 0xaf,
61 0xc9, 0xe4, 0x33, 0xef, 0x89, 0x5c, 0x66, 0x99, 0xd8, 0x80, 0x81, 0x47, 0x2b,
62 0xb1, 0x66, 0x02, 0x84, 0x59, 0x7b, 0xc3, 0xbe, 0x98, 0x45, 0x4a, 0x3d, 0xdd,
63 0xea, 0x2b, 0xdf, 0x4e, 0xb4, 0x24, 0x6b, 0xec, 0xe7, 0xd9, 0x0c, 0x45, 0xb8,
64 0xbe, 0xca, 0x69, 0x37, 0x92, 0x4c, 0x38, 0x6b, 0x96, 0x6d, 0xcd, 0x86, 0x67,
65 0x5c, 0xea, 0x54, 0x94, 0xa4, 0xca, 0xa4, 0x02, 0xa5, 0x21, 0x4d, 0xae, 0x40,
66 0x8f, 0x9d, 0x51, 0x83, 0xf2, 0x3f, 0x33, 0xc1, 0x72, 0xb4, 0x1d, 0x94, 0x6e,
67 0x7d, 0xe4, 0x27, 0x3f, 0xea, 0xff, 0xe5, 0x9b, 0xa7, 0x5e, 0x55, 0x8e, 0x0d,
68 0x69, 0x1c, 0x7a, 0xff, 0x81, 0x9d, 0x53, 0x52, 0x97, 0x9a, 0x76, 0x79, 0xda,
69 0x93, 0x32, 0x16, 0xec, 0x69, 0x51, 0x1a, 0x4e, 0xc3, 0xf1, 0x72, 0x80, 0x78,
70 0x5e, 0x66, 0x4a, 0x8d, 0x85, 0x2f, 0x3f, 0xb2, 0xa7 };
71
72 static const BYTE selfSignedCert[] = {
73 0x30, 0x82, 0x01, 0x1f, 0x30, 0x81, 0xce, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
74 0x10, 0xeb, 0x0d, 0x57, 0x2a, 0x9c, 0x09, 0xba, 0xa4, 0x4a, 0xb7, 0x25, 0x49,
75 0xd9, 0x3e, 0xb5, 0x73, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d,
76 0x05, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03,
77 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30,
78 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36, 0x32, 0x39, 0x30, 0x35, 0x30, 0x30,
79 0x34, 0x36, 0x5a, 0x17, 0x0d, 0x30, 0x37, 0x30, 0x36, 0x32, 0x39, 0x31, 0x31,
80 0x30, 0x30, 0x34, 0x36, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
81 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e,
82 0x67, 0x00, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
83 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
84 0x00, 0xe2, 0x54, 0x3a, 0xa7, 0x83, 0xb1, 0x27, 0x14, 0x3e, 0x59, 0xbb, 0xb4,
85 0x53, 0xe6, 0x1f, 0xe7, 0x5d, 0xf1, 0x21, 0x68, 0xad, 0x85, 0x53, 0xdb, 0x6b,
86 0x1e, 0xeb, 0x65, 0x97, 0x03, 0x86, 0x60, 0xde, 0xf3, 0x6c, 0x38, 0x75, 0xe0,
87 0x4c, 0x61, 0xbb, 0xbc, 0x62, 0x17, 0xa9, 0xcd, 0x79, 0x3f, 0x21, 0x4e, 0x96,
88 0xcb, 0x0e, 0xdc, 0x61, 0x94, 0x30, 0x18, 0x10, 0x6b, 0xd0, 0x1c, 0x10, 0x79,
89 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
90 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x25, 0x90, 0x53, 0x34, 0xd9, 0x56, 0x41,
91 0x5e, 0xdb, 0x7e, 0x01, 0x36, 0xec, 0x27, 0x61, 0x5e, 0xb7, 0x4d, 0x90, 0x66,
92 0xa2, 0xe1, 0x9d, 0x58, 0x76, 0xd4, 0x9c, 0xba, 0x2c, 0x84, 0xc6, 0x83, 0x7a,
93 0x22, 0x0d, 0x03, 0x69, 0x32, 0x1a, 0x6d, 0xcb, 0x0c, 0x15, 0xb3, 0x6b, 0xc7,
94 0x0a, 0x8c, 0xb4, 0x5c, 0x34, 0x78, 0xe0, 0x3c, 0x9c, 0xe9, 0xf3, 0x30, 0x9f,
95 0xa8, 0x76, 0x57, 0x92, 0x36 };
96
97 static CHAR unisp_name_a[] = UNISP_NAME_A;
98
99 static const char *algid_to_str(ALG_ID alg)
100 {
101 static char buf[12];
102 switch(alg) {
103 #define X(x) case x: return #x
104 X(CALG_MD2);
105 X(CALG_MD4);
106 X(CALG_MD5);
107 X(CALG_SHA1); /* same as CALG_SHA */
108 X(CALG_MAC);
109 X(CALG_RSA_SIGN);
110 X(CALG_DSS_SIGN);
111 X(CALG_NO_SIGN);
112 X(CALG_RSA_KEYX);
113 X(CALG_DES);
114 X(CALG_3DES_112);
115 X(CALG_3DES);
116 X(CALG_DESX);
117 X(CALG_RC2);
118 X(CALG_RC4);
119 X(CALG_SEAL);
120 X(CALG_DH_SF);
121 X(CALG_DH_EPHEM);
122 X(CALG_AGREEDKEY_ANY);
123 X(CALG_KEA_KEYX);
124 X(CALG_HUGHES_MD5);
125 X(CALG_SKIPJACK);
126 X(CALG_TEK);
127 X(CALG_CYLINK_MEK);
128 X(CALG_SSL3_SHAMD5);
129 X(CALG_SSL3_MASTER);
130 X(CALG_SCHANNEL_MASTER_HASH);
131 X(CALG_SCHANNEL_MAC_KEY);
132 X(CALG_SCHANNEL_ENC_KEY);
133 X(CALG_PCT1_MASTER);
134 X(CALG_SSL2_MASTER);
135 X(CALG_TLS1_MASTER);
136 X(CALG_RC5);
137 X(CALG_HMAC);
138 X(CALG_TLS1PRF);
139 X(CALG_HASH_REPLACE_OWF);
140 X(CALG_AES_128);
141 X(CALG_AES_192);
142 X(CALG_AES_256);
143 X(CALG_AES);
144 X(CALG_SHA_256);
145 X(CALG_SHA_384);
146 X(CALG_SHA_512);
147 X(CALG_ECDH);
148 X(CALG_ECMQV);
149 X(CALG_ECDSA);
150 #undef X
151 }
152
153 sprintf(buf, "%x", alg);
154 return buf;
155 }
156
157 static void init_cred(SCHANNEL_CRED *cred)
158 {
159 cred->dwVersion = SCHANNEL_CRED_VERSION;
160 cred->cCreds = 0;
161 cred->paCred = 0;
162 cred->hRootStore = NULL;
163 cred->cMappers = 0;
164 cred->aphMappers = NULL;
165 cred->cSupportedAlgs = 0;
166 cred->palgSupportedAlgs = NULL;
167 cred->grbitEnabledProtocols = 0;
168 cred->dwMinimumCipherStrength = 0;
169 cred->dwMaximumCipherStrength = 0;
170 cred->dwSessionLifespan = 0;
171 cred->dwFlags = 0;
172 }
173
174 static void test_strength(PCredHandle handle)
175 {
176 SecPkgCred_CipherStrengths strength = {-1,-1};
177 SECURITY_STATUS st;
178
179 st = QueryCredentialsAttributesA(handle, SECPKG_ATTR_CIPHER_STRENGTHS, &strength);
180 ok(st == SEC_E_OK, "QueryCredentialsAttributesA failed: %u\n", GetLastError());
181 ok(strength.dwMinimumCipherStrength, "dwMinimumCipherStrength not changed\n");
182 ok(strength.dwMaximumCipherStrength, "dwMaximumCipherStrength not changed\n");
183 trace("strength %d - %d\n", strength.dwMinimumCipherStrength, strength.dwMaximumCipherStrength);
184 }
185
186 static void test_supported_protocols(CredHandle *handle, unsigned exprots)
187 {
188 SecPkgCred_SupportedProtocols protocols;
189 SECURITY_STATUS status;
190
191 status = QueryCredentialsAttributesA(handle, SECPKG_ATTR_SUPPORTED_PROTOCOLS, &protocols);
192 ok(status == SEC_E_OK, "QueryCredentialsAttributes failed: %08x\n", status);
193
194 if(exprots)
195 ok(protocols.grbitProtocol == exprots, "protocols.grbitProtocol = %x, expected %x\n", protocols.grbitProtocol, exprots);
196
197 trace("Supported protocols:\n");
198
199 #define X(flag, name) do { if(protocols.grbitProtocol & flag) { trace(name "\n"); protocols.grbitProtocol &= ~flag; } }while(0)
200 X(SP_PROT_SSL2_CLIENT, "SSL 2 client");
201 X(SP_PROT_SSL3_CLIENT, "SSL 3 client");
202 X(SP_PROT_TLS1_0_CLIENT, "TLS 1.0 client");
203 X(SP_PROT_TLS1_1_CLIENT, "TLS 1.1 client");
204 X(SP_PROT_TLS1_2_CLIENT, "TLS 1.2 client");
205 #undef X
206
207 if(protocols.grbitProtocol)
208 trace("Unknown flags: %x\n", protocols.grbitProtocol);
209 }
210
211 static void test_supported_algs(CredHandle *handle)
212 {
213 SecPkgCred_SupportedAlgs algs;
214 SECURITY_STATUS status;
215 unsigned i;
216
217 status = QueryCredentialsAttributesA(handle, SECPKG_ATTR_SUPPORTED_ALGS, &algs);
218 todo_wine ok(status == SEC_E_OK, "QueryCredentialsAttributes failed: %08x\n", status);
219 if(status != SEC_E_OK)
220 return;
221
222 trace("Supported algorithms (%d):\n", algs.cSupportedAlgs);
223 for(i=0; i < algs.cSupportedAlgs; i++)
224 trace(" %s\n", algid_to_str(algs.palgSupportedAlgs[i]));
225
226 FreeContextBuffer(algs.palgSupportedAlgs);
227 }
228
229 static void test_cread_attrs(void)
230 {
231 SCHANNEL_CRED schannel_cred;
232 SECURITY_STATUS status;
233 CredHandle cred;
234
235 status = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
236 NULL, NULL, NULL, NULL, &cred, NULL);
237 ok(status == SEC_E_OK, "AcquireCredentialsHandleA failed: %x\n", status);
238
239 test_supported_protocols(&cred, 0);
240 test_supported_algs(&cred);
241
242 status = QueryCredentialsAttributesA(&cred, SECPKG_ATTR_SUPPORTED_PROTOCOLS, NULL);
243 ok(status == SEC_E_INTERNAL_ERROR, "QueryCredentialsAttributes failed: %08x, expected SEC_E_INTERNAL_ERROR\n", status);
244
245 status = QueryCredentialsAttributesA(&cred, SECPKG_ATTR_SUPPORTED_ALGS, NULL);
246 ok(status == SEC_E_INTERNAL_ERROR, "QueryCredentialsAttributes failed: %08x, expected SEC_E_INTERNAL_ERROR\n", status);
247
248 FreeCredentialsHandle(&cred);
249
250 init_cred(&schannel_cred);
251 schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT;
252 status = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
253 NULL, &schannel_cred, NULL, NULL, &cred, NULL);
254 ok(status == SEC_E_OK, "AcquireCredentialsHandleA failed: %x\n", status);
255
256 test_supported_protocols(&cred, SP_PROT_TLS1_CLIENT);
257 test_supported_algs(&cred);
258
259 FreeCredentialsHandle(&cred);
260 }
261
262 static void testAcquireSecurityContext(void)
263 {
264 BOOL has_schannel = FALSE;
265 SecPkgInfoA *package_info;
266 ULONG i;
267 SECURITY_STATUS st;
268 CredHandle cred;
269 SecPkgCredentials_NamesA names;
270 TimeStamp exp;
271 SCHANNEL_CRED schanCred;
272 PCCERT_CONTEXT certs[2];
273 HCRYPTPROV csp;
274 WCHAR ms_def_prov_w[MAX_PATH];
275 BOOL ret;
276 HCRYPTKEY key;
277 CRYPT_KEY_PROV_INFO keyProvInfo;
278
279
280 if (SUCCEEDED(EnumerateSecurityPackagesA(&i, &package_info)))
281 {
282 while(i--)
283 {
284 if (!strcmp(package_info[i].Name, unisp_name_a))
285 {
286 has_schannel = TRUE;
287 break;
288 }
289 }
290 FreeContextBuffer(package_info);
291 }
292 if (!has_schannel)
293 {
294 skip("Schannel not available\n");
295 return;
296 }
297
298 lstrcpyW(ms_def_prov_w, MS_DEF_PROV_W);
299
300 keyProvInfo.pwszContainerName = cspNameW;
301 keyProvInfo.pwszProvName = ms_def_prov_w;
302 keyProvInfo.dwProvType = PROV_RSA_FULL;
303 keyProvInfo.dwFlags = 0;
304 keyProvInfo.cProvParam = 0;
305 keyProvInfo.rgProvParam = NULL;
306 keyProvInfo.dwKeySpec = AT_SIGNATURE;
307
308 certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert, sizeof(bigCert));
309 certs[1] = CertCreateCertificateContext(X509_ASN_ENCODING, selfSignedCert, sizeof(selfSignedCert));
310
311 SetLastError(0xdeadbeef);
312 ret = CryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
313 CRYPT_DELETEKEYSET);
314 if (!ret && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
315 {
316 /* WinMe would crash on some tests */
317 win_skip("CryptAcquireContextW is not implemented\n");
318 return;
319 }
320
321 st = AcquireCredentialsHandleA(NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL,
322 NULL);
323 ok(st == SEC_E_SECPKG_NOT_FOUND,
324 "Expected SEC_E_SECPKG_NOT_FOUND, got %08x\n", st);
325 if (0)
326 {
327 /* Crashes on Win2K */
328 st = AcquireCredentialsHandleA(NULL, unisp_name_a, 0, NULL, NULL, NULL,
329 NULL, NULL, NULL);
330 ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
331
332 /* Crashes on WinNT */
333 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_BOTH, NULL,
334 NULL, NULL, NULL, NULL, NULL);
335 ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
336
337 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
338 NULL, NULL, NULL, NULL, NULL, NULL);
339 ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
340
341 /* Crashes */
342 AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
343 NULL, NULL, NULL, NULL, NULL, NULL);
344 }
345 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
346 NULL, NULL, NULL, NULL, &cred, NULL);
347 ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
348 if(st == SEC_E_OK)
349 FreeCredentialsHandle(&cred);
350 memset(&cred, 0, sizeof(cred));
351 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
352 NULL, NULL, NULL, NULL, &cred, &exp);
353 ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
354 /* expriy is indeterminate in win2k3 */
355 trace("expiry: %08x%08x\n", exp.HighPart, exp.LowPart);
356
357 st = QueryCredentialsAttributesA(&cred, SECPKG_CRED_ATTR_NAMES, &names);
358 ok(st == SEC_E_NO_CREDENTIALS || st == SEC_E_UNSUPPORTED_FUNCTION /* before Vista */, "expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
359
360 FreeCredentialsHandle(&cred);
361
362 /* Bad version in SCHANNEL_CRED */
363 memset(&schanCred, 0, sizeof(schanCred));
364 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
365 NULL, &schanCred, NULL, NULL, NULL, NULL);
366 ok(st == SEC_E_INTERNAL_ERROR ||
367 st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */ ||
368 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
369 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
370 NULL, &schanCred, NULL, NULL, NULL, NULL);
371 ok(st == SEC_E_INTERNAL_ERROR ||
372 st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */ ||
373 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
374
375 /* No cert in SCHANNEL_CRED succeeds for outbound.. */
376 schanCred.dwVersion = SCHANNEL_CRED_VERSION;
377 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
378 NULL, &schanCred, NULL, NULL, &cred, NULL);
379 ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
380 FreeCredentialsHandle(&cred);
381 /* but fails for inbound. */
382 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
383 NULL, &schanCred, NULL, NULL, &cred, NULL);
384 ok(st == SEC_E_NO_CREDENTIALS ||
385 st == SEC_E_OK /* Vista/win2k8 */,
386 "Expected SEC_E_NO_CREDENTIALS or SEC_E_OK, got %08x\n", st);
387
388 if (0)
389 {
390 /* Crashes with bad paCred pointer */
391 schanCred.cCreds = 1;
392 AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
393 NULL, &schanCred, NULL, NULL, NULL, NULL);
394 }
395
396 /* Bogus cert in SCHANNEL_CRED. Windows fails with
397 * SEC_E_UNKNOWN_CREDENTIALS, but I'll accept SEC_E_NO_CREDENTIALS too.
398 */
399 schanCred.cCreds = 1;
400 schanCred.paCred = &certs[0];
401 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
402 NULL, &schanCred, NULL, NULL, NULL, NULL);
403 ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
404 st == SEC_E_NO_CREDENTIALS ||
405 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
406 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
407 NULL, &schanCred, NULL, NULL, NULL, NULL);
408 ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
409 st == SEC_E_NO_CREDENTIALS ||
410 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
411
412 /* Good cert, but missing private key. Windows fails with
413 * SEC_E_NO_CREDENTIALS, but I'll accept SEC_E_UNKNOWN_CREDENTIALS too.
414 */
415 schanCred.cCreds = 1;
416 schanCred.paCred = &certs[1];
417 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
418 NULL, &schanCred, NULL, NULL, &cred, NULL);
419 ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_NO_CREDENTIALS ||
420 st == SEC_E_INTERNAL_ERROR, /* win2k */
421 "Expected SEC_E_UNKNOWN_CREDENTIALS, SEC_E_NO_CREDENTIALS "
422 "or SEC_E_INTERNAL_ERROR, got %08x\n", st);
423 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
424 NULL, &schanCred, NULL, NULL, NULL, NULL);
425 ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_NO_CREDENTIALS ||
426 st == SEC_E_INTERNAL_ERROR, /* win2k */
427 "Expected SEC_E_UNKNOWN_CREDENTIALS, SEC_E_NO_CREDENTIALS "
428 "or SEC_E_INTERNAL_ERROR, got %08x\n", st);
429
430 /* Good cert, with CRYPT_KEY_PROV_INFO set before it's had a key loaded. */
431 ret = CertSetCertificateContextProperty(certs[1],
432 CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo);
433 schanCred.dwVersion = SCH_CRED_V3;
434 ok(ret, "CertSetCertificateContextProperty failed: %08x\n", GetLastError());
435 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
436 NULL, &schanCred, NULL, NULL, &cred, NULL);
437 ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_INTERNAL_ERROR /* WinNT */,
438 "Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st);
439 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
440 NULL, &schanCred, NULL, NULL, &cred, NULL);
441 ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_INTERNAL_ERROR /* WinNT */,
442 "Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st);
443
444 ret = CryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
445 CRYPT_NEWKEYSET);
446 ok(ret, "CryptAcquireContextW failed: %08x\n", GetLastError());
447 ret = 0;
448
449 ret = CryptImportKey(csp, privKey, sizeof(privKey), 0, 0, &key);
450 ok(ret, "CryptImportKey failed: %08x\n", GetLastError());
451 if (ret)
452 {
453 PCCERT_CONTEXT tmp;
454
455 if (0)
456 {
457 /* Crashes */
458 AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
459 NULL, &schanCred, NULL, NULL, NULL, NULL);
460
461 /* Crashes on WinNT */
462 /* Good cert with private key, bogus version */
463 schanCred.dwVersion = SCH_CRED_V1;
464 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
465 NULL, &schanCred, NULL, NULL, &cred, NULL);
466 ok(st == SEC_E_INTERNAL_ERROR ||
467 st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
468 "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
469 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
470 NULL, &schanCred, NULL, NULL, &cred, NULL);
471 ok(st == SEC_E_INTERNAL_ERROR ||
472 st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
473 "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
474 schanCred.dwVersion = SCH_CRED_V2;
475 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
476 NULL, &schanCred, NULL, NULL, &cred, NULL);
477 ok(st == SEC_E_INTERNAL_ERROR ||
478 st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
479 "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
480 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
481 NULL, &schanCred, NULL, NULL, &cred, NULL);
482 ok(st == SEC_E_INTERNAL_ERROR ||
483 st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
484 "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
485 }
486
487 /* Succeeds on V3 or higher */
488 schanCred.dwVersion = SCH_CRED_V3;
489 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
490 NULL, &schanCred, NULL, NULL, &cred, NULL);
491 ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
492 FreeCredentialsHandle(&cred);
493 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
494 NULL, &schanCred, NULL, NULL, &cred, NULL);
495 ok(st == SEC_E_OK ||
496 st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
497 "AcquireCredentialsHandleA failed: %08x\n", st);
498 FreeCredentialsHandle(&cred);
499 schanCred.dwVersion = SCHANNEL_CRED_VERSION;
500 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
501 NULL, &schanCred, NULL, NULL, &cred, NULL);
502 ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
503 FreeCredentialsHandle(&cred);
504 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
505 NULL, &schanCred, NULL, NULL, &cred, NULL);
506 ok(st == SEC_E_OK ||
507 st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
508 "AcquireCredentialsHandleA failed: %08x\n", st);
509 if (st == SEC_E_OK) test_strength(&cred);
510 FreeCredentialsHandle(&cred);
511
512 /* How about more than one cert? */
513 schanCred.cCreds = 2;
514 schanCred.paCred = certs;
515 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
516 NULL, &schanCred, NULL, NULL, &cred, NULL);
517 ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
518 st == SEC_E_NO_CREDENTIALS /* Vista/win2k8 */ ||
519 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
520 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
521 NULL, &schanCred, NULL, NULL, &cred, NULL);
522 ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
523 st == SEC_E_NO_CREDENTIALS ||
524 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
525 tmp = certs[0];
526 certs[0] = certs[1];
527 certs[1] = tmp;
528 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
529 NULL, &schanCred, NULL, NULL, &cred, NULL);
530 ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
531 st == SEC_E_NO_CREDENTIALS ||
532 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
533 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
534 NULL, &schanCred, NULL, NULL, &cred, NULL);
535 ok(st == SEC_E_UNKNOWN_CREDENTIALS,
536 "Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
537 /* FIXME: what about two valid certs? */
538
539 CryptDestroyKey(key);
540 }
541
542 CryptReleaseContext(csp, 0);
543 CryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_DELETEKEYSET);
544
545 CertFreeCertificateContext(certs[0]);
546 CertFreeCertificateContext(certs[1]);
547 }
548
549 static void test_remote_cert(PCCERT_CONTEXT remote_cert)
550 {
551 PCCERT_CONTEXT iter = NULL;
552 BOOL incl_remote = FALSE;
553 unsigned cert_cnt = 0;
554
555 ok(remote_cert->hCertStore != NULL, "hCertStore == NULL\n");
556
557 while((iter = CertEnumCertificatesInStore(remote_cert->hCertStore, iter))) {
558 if(iter == remote_cert)
559 incl_remote = TRUE;
560 cert_cnt++;
561 }
562
563 ok(cert_cnt == 2 || cert_cnt == 3, "cert_cnt = %u\n", cert_cnt);
564 ok(incl_remote, "context does not contain cert itself\n");
565 }
566
567 static const char http_request[] = "HEAD /test.html HTTP/1.1\r\nHost: www.winehq.org\r\nConnection: close\r\n\r\n";
568
569 static void init_buffers(SecBufferDesc *desc, unsigned count, unsigned size)
570 {
571 desc->ulVersion = SECBUFFER_VERSION;
572 desc->cBuffers = count;
573 desc->pBuffers = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, count*sizeof(SecBuffer));
574
575 desc->pBuffers[0].cbBuffer = size;
576 desc->pBuffers[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, size);
577 }
578
579 static void reset_buffers(SecBufferDesc *desc)
580 {
581 unsigned i;
582
583 for (i = 0; i < desc->cBuffers; ++i)
584 {
585 desc->pBuffers[i].BufferType = SECBUFFER_EMPTY;
586 if (i > 0)
587 {
588 desc->pBuffers[i].cbBuffer = 0;
589 desc->pBuffers[i].pvBuffer = NULL;
590 }
591 }
592 }
593
594 static void free_buffers(SecBufferDesc *desc)
595 {
596 HeapFree(GetProcessHeap(), 0, desc->pBuffers[0].pvBuffer);
597 HeapFree(GetProcessHeap(), 0, desc->pBuffers);
598 }
599
600 static int receive_data(SOCKET sock, SecBuffer *buf)
601 {
602 unsigned received = 0;
603
604 while (1)
605 {
606 unsigned char *data = buf->pvBuffer;
607 unsigned expected = 0;
608 int ret;
609
610 ret = recv(sock, (char *)data+received, buf->cbBuffer-received, 0);
611 if (ret == -1)
612 {
613 skip("recv failed\n");
614 return -1;
615 }
616 else if(ret == 0)
617 {
618 skip("connection closed\n");
619 return -1;
620 }
621 received += ret;
622
623 while (expected < received)
624 {
625 unsigned frame_size = 5 + ((data[3]<<8) | data[4]);
626 expected += frame_size;
627 data += frame_size;
628 }
629
630 if (expected == received)
631 break;
632 }
633
634 buf->cbBuffer = received;
635
636 return received;
637 }
638
639 static void test_InitializeSecurityContext(void)
640 {
641 SCHANNEL_CRED cred;
642 CredHandle cred_handle;
643 CtxtHandle context;
644 SECURITY_STATUS status;
645 SecBuffer out_buffer = {1000, SECBUFFER_TOKEN, NULL};
646 SecBuffer in_buffer = {0, SECBUFFER_EMPTY, NULL};
647 SecBufferDesc out_buffers = {SECBUFFER_VERSION, 1, &out_buffer};
648 SecBufferDesc in_buffers = {SECBUFFER_VERSION, 1, &in_buffer};
649 ULONG attrs;
650
651 init_cred(&cred);
652 cred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT;
653 cred.dwFlags = SCH_CRED_NO_DEFAULT_CREDS|SCH_CRED_MANUAL_CRED_VALIDATION;
654 status = AcquireCredentialsHandleA(NULL, (SEC_CHAR *)UNISP_NAME_A, SECPKG_CRED_OUTBOUND, NULL,
655 &cred, NULL, NULL, &cred_handle, NULL);
656 ok(status == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", status);
657 if (status != SEC_E_OK) return;
658
659 status = InitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost",
660 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM|ISC_REQ_ALLOCATE_MEMORY,
661 0, 0, &in_buffers, 0, &context, &out_buffers, &attrs, NULL);
662 ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status);
663
664 FreeContextBuffer(out_buffer.pvBuffer);
665 DeleteSecurityContext(&context);
666 FreeCredentialsHandle(&cred_handle);
667 }
668
669 static void test_communication(void)
670 {
671 int ret;
672
673 WSADATA wsa_data;
674 SOCKET sock;
675 struct hostent *host;
676 struct sockaddr_in addr;
677
678 SECURITY_STATUS status;
679 ULONG attrs;
680
681 SCHANNEL_CRED cred;
682 CredHandle cred_handle;
683 CtxtHandle context;
684 SecPkgCredentials_NamesA names;
685 SecPkgContext_StreamSizes sizes;
686 SecPkgContext_ConnectionInfo conn_info;
687 SecPkgContext_KeyInfoA key_info;
688 CERT_CONTEXT *cert;
689
690 SecBufferDesc buffers[2];
691 SecBuffer *buf;
692 unsigned buf_size = 4000;
693 unsigned char *data;
694 unsigned data_size;
695
696 if (!pQueryContextAttributesA)
697 {
698 win_skip("Required secur32 functions not available\n");
699 return;
700 }
701
702 /* Create a socket and connect to www.winehq.org */
703 ret = WSAStartup(0x0202, &wsa_data);
704 if (ret)
705 {
706 skip("Can't init winsock 2.2\n");
707 return;
708 }
709
710 host = gethostbyname("www.winehq.org");
711 if (!host)
712 {
713 skip("Can't resolve www.winehq.org\n");
714 return;
715 }
716
717 addr.sin_family = host->h_addrtype;
718 addr.sin_addr = *(struct in_addr *)host->h_addr_list[0];
719 addr.sin_port = htons(443);
720 sock = socket(host->h_addrtype, SOCK_STREAM, 0);
721 if (sock == SOCKET_ERROR)
722 {
723 skip("Can't create socket\n");
724 return;
725 }
726
727 ret = connect(sock, (struct sockaddr *)&addr, sizeof(addr));
728 if (ret == SOCKET_ERROR)
729 {
730 skip("Can't connect to www.winehq.org\n");
731 return;
732 }
733
734 /* Create client credentials */
735 init_cred(&cred);
736 cred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT;
737 cred.dwFlags = SCH_CRED_NO_DEFAULT_CREDS|SCH_CRED_MANUAL_CRED_VALIDATION;
738
739 status = AcquireCredentialsHandleA(NULL, (SEC_CHAR *)UNISP_NAME_A, SECPKG_CRED_OUTBOUND, NULL,
740 &cred, NULL, NULL, &cred_handle, NULL);
741 ok(status == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", status);
742 if (status != SEC_E_OK) return;
743
744 /* Initialize the connection */
745 init_buffers(&buffers[0], 4, buf_size);
746 init_buffers(&buffers[1], 4, buf_size);
747
748 buffers[0].pBuffers[0].BufferType = SECBUFFER_TOKEN;
749 status = InitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost",
750 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
751 0, 0, NULL, 0, &context, &buffers[0], &attrs, NULL);
752 ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status);
753
754 buffers[1].cBuffers = 1;
755 buffers[1].pBuffers[0].BufferType = SECBUFFER_TOKEN;
756 buffers[0].pBuffers[0].cbBuffer = 1;
757 memset(buffers[1].pBuffers[0].pvBuffer, 0xfa, buf_size);
758 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
759 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
760 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
761 todo_wine
762 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
763 todo_wine
764 ok(buffers[0].pBuffers[0].cbBuffer == 0, "Output buffer size was not set to 0.\n");
765
766 buffers[1].cBuffers = 1;
767 buffers[1].pBuffers[0].BufferType = SECBUFFER_TOKEN;
768 buffers[0].pBuffers[0].cbBuffer = 1;
769 memset(buffers[1].pBuffers[0].pvBuffer, 0, buf_size);
770 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
771 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
772 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
773 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
774 ok(buffers[0].pBuffers[0].cbBuffer == 0, "Output buffer size was not set to 0.\n");
775
776 buffers[0].pBuffers[0].cbBuffer = 0;
777 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
778 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
779 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
780 todo_wine
781 ok(status == SEC_E_INSUFFICIENT_MEMORY || status == SEC_E_INVALID_TOKEN,
782 "Expected SEC_E_INSUFFICIENT_MEMORY or SEC_E_INVALID_TOKEN, got %08x\n", status);
783 ok(buffers[0].pBuffers[0].cbBuffer == 0, "Output buffer size was not set to 0.\n");
784
785 status = InitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost",
786 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
787 0, 0, NULL, 0, &context, NULL, &attrs, NULL);
788 todo_wine
789 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
790
791 buffers[0].pBuffers[0].cbBuffer = buf_size;
792 status = InitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost",
793 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
794 0, 0, NULL, 0, &context, &buffers[0], &attrs, NULL);
795 ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status);
796
797 buf = &buffers[0].pBuffers[0];
798 send(sock, buf->pvBuffer, buf->cbBuffer, 0);
799 buf->cbBuffer = buf_size;
800
801 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
802 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
803 0, 0, NULL, 0, NULL, &buffers[0], &attrs, NULL);
804 ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
805 ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
806 ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
807
808 buffers[1].cBuffers = 4;
809 buffers[1].pBuffers[0].cbBuffer = 0;
810
811 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
812 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
813 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
814 ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
815 ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
816 ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
817
818 buf = &buffers[1].pBuffers[0];
819 buf->cbBuffer = buf_size;
820 ret = receive_data(sock, buf);
821 if (ret == -1)
822 return;
823
824 buffers[1].pBuffers[0].cbBuffer = 4;
825 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
826 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
827 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
828 ok(status == SEC_E_INCOMPLETE_MESSAGE || status == SEC_E_INVALID_TOKEN,
829 "Got unexpected status %#x.\n", status);
830 ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
831 ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
832
833 buffers[1].pBuffers[0].cbBuffer = 5;
834 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
835 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
836 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
837 ok(status == SEC_E_INCOMPLETE_MESSAGE || status == SEC_E_INVALID_TOKEN,
838 "Got unexpected status %#x.\n", status);
839 ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
840 ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
841
842 buffers[1].pBuffers[0].cbBuffer = ret;
843 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
844 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
845 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
846 buffers[1].pBuffers[0].cbBuffer = buf_size;
847 while (status == SEC_I_CONTINUE_NEEDED)
848 {
849 buf = &buffers[0].pBuffers[0];
850 send(sock, buf->pvBuffer, buf->cbBuffer, 0);
851 buf->cbBuffer = buf_size;
852
853 buf = &buffers[1].pBuffers[0];
854 ret = receive_data(sock, buf);
855 if (ret == -1)
856 return;
857
858 buf->BufferType = SECBUFFER_TOKEN;
859
860 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
861 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
862 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
863 buffers[1].pBuffers[0].cbBuffer = buf_size;
864 }
865
866 ok(buffers[0].pBuffers[0].cbBuffer == 0, "Output buffer size was not set to 0.\n");
867 ok(status == SEC_E_OK || broken(status == SEC_E_INVALID_TOKEN) /* WinNT */,
868 "InitializeSecurityContext failed: %08x\n", status);
869 if(status != SEC_E_OK) {
870 win_skip("Handshake failed\n");
871 return;
872 }
873
874 status = QueryCredentialsAttributesA(&cred_handle, SECPKG_CRED_ATTR_NAMES, &names);
875 ok(status == SEC_E_NO_CREDENTIALS || status == SEC_E_UNSUPPORTED_FUNCTION /* before Vista */, "expected SEC_E_NO_CREDENTIALS, got %08x\n", status);
876
877 status = pQueryContextAttributesA(&context, SECPKG_ATTR_REMOTE_CERT_CONTEXT, (void*)&cert);
878 ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_REMOTE_CERT_CONTEXT) failed: %08x\n", status);
879 if(status == SEC_E_OK) {
880 SecPkgContext_Bindings bindings = {0xdeadbeef, (void*)0xdeadbeef};
881
882 test_remote_cert(cert);
883
884 status = pQueryContextAttributesA(&context, SECPKG_ATTR_ENDPOINT_BINDINGS, &bindings);
885 ok(status == SEC_E_OK || broken(status == SEC_E_UNSUPPORTED_FUNCTION),
886 "QueryContextAttributesW(SECPKG_ATTR_ENDPOINT_BINDINGS) failed: %08x\n", status);
887 if(status == SEC_E_OK) {
888 static const char prefix[] = "tls-server-end-point:";
889 const char *p;
890 BYTE hash[64];
891 DWORD hash_size;
892
893 ok(bindings.BindingsLength == sizeof(*bindings.Bindings) + sizeof(prefix)-1 + 32 /* hash size */,
894 "bindings.BindingsLength = %u\n", bindings.BindingsLength);
895 ok(!bindings.Bindings->dwInitiatorAddrType, "dwInitiatorAddrType = %x\n", bindings.Bindings->dwInitiatorAddrType);
896 ok(!bindings.Bindings->cbInitiatorLength, "cbInitiatorLength = %x\n", bindings.Bindings->cbInitiatorLength);
897 ok(!bindings.Bindings->dwInitiatorOffset, "dwInitiatorOffset = %x\n", bindings.Bindings->dwInitiatorOffset);
898 ok(!bindings.Bindings->dwAcceptorAddrType, "dwAcceptorAddrType = %x\n", bindings.Bindings->dwAcceptorAddrType);
899 ok(!bindings.Bindings->cbAcceptorLength, "cbAcceptorLength = %x\n", bindings.Bindings->cbAcceptorLength);
900 ok(!bindings.Bindings->dwAcceptorOffset, "dwAcceptorOffset = %x\n", bindings.Bindings->dwAcceptorOffset);
901 ok(sizeof(*bindings.Bindings) + bindings.Bindings->cbApplicationDataLength == bindings.BindingsLength,
902 "cbApplicationDataLength = %x\n", bindings.Bindings->cbApplicationDataLength);
903 ok(bindings.Bindings->dwApplicationDataOffset == sizeof(*bindings.Bindings),
904 "dwApplicationDataOffset = %x\n", bindings.Bindings->dwApplicationDataOffset);
905 p = (const char*)(bindings.Bindings+1);
906 ok(!memcmp(p, prefix, sizeof(prefix)-1), "missing prefix\n");
907 p += sizeof(prefix)-1;
908
909 hash_size = sizeof(hash);
910 ret = CryptHashCertificate(0, CALG_SHA_256, 0, cert->pbCertEncoded, cert->cbCertEncoded, hash, &hash_size);
911 if(ret) {
912 ok(hash_size == 32, "hash_size = %u\n", hash_size);
913 ok(!memcmp(hash, p, hash_size), "unexpected hash part\n");
914 }else {
915 win_skip("SHA 256 hash not supported.\n");
916 }
917
918 FreeContextBuffer(bindings.Bindings);
919 }else {
920 win_skip("SECPKG_ATTR_ENDPOINT_BINDINGS not supported\n");
921 }
922
923 CertFreeCertificateContext(cert);
924 }
925
926 status = pQueryContextAttributesA(&context, SECPKG_ATTR_CONNECTION_INFO, (void*)&conn_info);
927 ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_CONNECTION_INFO) failed: %08x\n", status);
928 if(status == SEC_E_OK) {
929 ok(conn_info.dwCipherStrength >= 128, "conn_info.dwCipherStrength = %d\n", conn_info.dwCipherStrength);
930 ok(conn_info.dwHashStrength >= 128, "conn_info.dwHashStrength = %d\n", conn_info.dwHashStrength);
931 }
932
933 status = pQueryContextAttributesA(&context, SECPKG_ATTR_KEY_INFO, &key_info);
934 ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_KEY_INFO) failed: %08x\n", status);
935 if(status == SEC_E_OK) {
936 ok(broken(key_info.SignatureAlgorithm == 0 /* WinXP,2003 */) ||
937 key_info.SignatureAlgorithm == CALG_RSA_SIGN,
938 "key_info.SignatureAlgorithm = %04x\n", key_info.SignatureAlgorithm);
939 ok(broken(key_info.SignatureAlgorithm == 0 /* WinXP,2003 */) ||
940 !strcmp(key_info.sSignatureAlgorithmName, "RSA"),
941 "key_info.sSignatureAlgorithmName = %s\n", key_info.sSignatureAlgorithmName);
942 ok(key_info.KeySize >= 128, "key_info.KeySize = %d\n", key_info.KeySize);
943 }
944
945 status = pQueryContextAttributesA(&context, SECPKG_ATTR_STREAM_SIZES, &sizes);
946 ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_STREAM_SIZES) failed: %08x\n", status);
947
948 reset_buffers(&buffers[0]);
949
950 /* Send a simple request so we get data for testing DecryptMessage */
951 buf = &buffers[0].pBuffers[0];
952 data = buf->pvBuffer;
953 buf->BufferType = SECBUFFER_STREAM_HEADER;
954 buf->cbBuffer = sizes.cbHeader;
955 ++buf;
956 buf->BufferType = SECBUFFER_DATA;
957 buf->pvBuffer = data + sizes.cbHeader;
958 buf->cbBuffer = sizeof(http_request) - 1;
959 memcpy(buf->pvBuffer, http_request, sizeof(http_request) - 1);
960 ++buf;
961 buf->BufferType = SECBUFFER_STREAM_TRAILER;
962 buf->pvBuffer = data + sizes.cbHeader + sizeof(http_request) -1;
963 buf->cbBuffer = sizes.cbTrailer;
964
965 status = EncryptMessage(&context, 0, &buffers[0], 0);
966 ok(status == SEC_E_OK, "EncryptMessage failed: %08x\n", status);
967 if (status != SEC_E_OK)
968 return;
969
970 buf = &buffers[0].pBuffers[0];
971 send(sock, buf->pvBuffer, buffers[0].pBuffers[0].cbBuffer + buffers[0].pBuffers[1].cbBuffer + buffers[0].pBuffers[2].cbBuffer, 0);
972
973 reset_buffers(&buffers[0]);
974 buf->cbBuffer = buf_size;
975 data_size = receive_data(sock, buf);
976
977 /* Too few buffers */
978 --buffers[0].cBuffers;
979 status = DecryptMessage(&context, &buffers[0], 0, NULL);
980 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
981
982 /* No data buffer */
983 ++buffers[0].cBuffers;
984 status = DecryptMessage(&context, &buffers[0], 0, NULL);
985 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
986
987 /* Two data buffers */
988 buffers[0].pBuffers[0].BufferType = SECBUFFER_DATA;
989 buffers[0].pBuffers[1].BufferType = SECBUFFER_DATA;
990 status = DecryptMessage(&context, &buffers[0], 0, NULL);
991 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
992
993 /* Too few empty buffers */
994 buffers[0].pBuffers[1].BufferType = SECBUFFER_EXTRA;
995 status = DecryptMessage(&context, &buffers[0], 0, NULL);
996 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
997
998 /* Incomplete data */
999 buffers[0].pBuffers[1].BufferType = SECBUFFER_EMPTY;
1000 buffers[0].pBuffers[0].cbBuffer = (data[3]<<8) | data[4];
1001 status = DecryptMessage(&context, &buffers[0], 0, NULL);
1002 ok(status == SEC_E_INCOMPLETE_MESSAGE, "Expected SEC_E_INCOMPLETE_MESSAGE, got %08x\n", status);
1003 ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_MISSING, "Expected first buffer to be SECBUFFER_MISSING\n");
1004 ok(buffers[0].pBuffers[0].cbBuffer == 5, "Expected first buffer to be a five bytes\n");
1005
1006 buffers[0].pBuffers[0].cbBuffer = data_size;
1007 buffers[0].pBuffers[0].BufferType = SECBUFFER_DATA;
1008 buffers[0].pBuffers[1].BufferType = SECBUFFER_EMPTY;
1009 status = DecryptMessage(&context, &buffers[0], 0, NULL);
1010 ok(status == SEC_E_OK, "DecryptMessage failed: %08x\n", status);
1011 if (status == SEC_E_OK)
1012 {
1013 ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_STREAM_HEADER, "Expected first buffer to be SECBUFFER_STREAM_HEADER\n");
1014 ok(buffers[0].pBuffers[1].BufferType == SECBUFFER_DATA, "Expected second buffer to be SECBUFFER_DATA\n");
1015 ok(buffers[0].pBuffers[2].BufferType == SECBUFFER_STREAM_TRAILER, "Expected third buffer to be SECBUFFER_STREAM_TRAILER\n");
1016
1017 data = buffers[0].pBuffers[1].pvBuffer;
1018 data[buffers[0].pBuffers[1].cbBuffer] = 0;
1019 }
1020
1021 DeleteSecurityContext(&context);
1022 FreeCredentialsHandle(&cred_handle);
1023
1024 free_buffers(&buffers[0]);
1025 free_buffers(&buffers[1]);
1026
1027 closesocket(sock);
1028 }
1029
1030 START_TEST(schannel)
1031 {
1032 pQueryContextAttributesA = (void*)GetProcAddress(GetModuleHandleA("secur32.dll"), "QueryContextAttributesA");
1033
1034 test_cread_attrs();
1035 testAcquireSecurityContext();
1036 test_InitializeSecurityContext();
1037 test_communication();
1038 }
A free Windows-compatible Operating System