ebdfcb61a135bc4147750161bbd9d25d3c8ed909
[reactos.git] / modules / rostests / winetests / secur32 / schannel.c
1 /*
2 * Schannel tests
3 *
4 * Copyright 2006 Juan Lang
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include <stdarg.h>
22 #include <windef.h>
23 #include <winsock2.h>
24 #include <ws2tcpip.h>
25 #include <stdio.h>
26 #define SECURITY_WIN32
27 #include <security.h>
28 #include <schannel.h>
29
30 #include "wine/test.h"
31
32 static QUERY_CONTEXT_ATTRIBUTES_FN_A pQueryContextAttributesA;
33
34 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
35 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
36 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
37 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
38 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
39 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
40 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
41 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
42 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
43 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
44 static WCHAR cspNameW[] = { 'W','i','n','e','C','r','y','p','t','T','e',
45 'm','p',0 };
46 static BYTE privKey[] = {
47 0x07, 0x02, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x32, 0x00,
48 0x02, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x79, 0x10, 0x1c, 0xd0, 0x6b, 0x10,
49 0x18, 0x30, 0x94, 0x61, 0xdc, 0x0e, 0xcb, 0x96, 0x4e, 0x21, 0x3f, 0x79, 0xcd,
50 0xa9, 0x17, 0x62, 0xbc, 0xbb, 0x61, 0x4c, 0xe0, 0x75, 0x38, 0x6c, 0xf3, 0xde,
51 0x60, 0x86, 0x03, 0x97, 0x65, 0xeb, 0x1e, 0x6b, 0xdb, 0x53, 0x85, 0xad, 0x68,
52 0x21, 0xf1, 0x5d, 0xe7, 0x1f, 0xe6, 0x53, 0xb4, 0xbb, 0x59, 0x3e, 0x14, 0x27,
53 0xb1, 0x83, 0xa7, 0x3a, 0x54, 0xe2, 0x8f, 0x65, 0x8e, 0x6a, 0x4a, 0xcf, 0x3b,
54 0x1f, 0x65, 0xff, 0xfe, 0xf1, 0x31, 0x3a, 0x37, 0x7a, 0x8b, 0xcb, 0xc6, 0xd4,
55 0x98, 0x50, 0x36, 0x67, 0xe4, 0xa1, 0xe8, 0x7e, 0x8a, 0xc5, 0x23, 0xf2, 0x77,
56 0xf5, 0x37, 0x61, 0x49, 0x72, 0x59, 0xe8, 0x3d, 0xf7, 0x60, 0xb2, 0x77, 0xca,
57 0x78, 0x54, 0x6d, 0x65, 0x9e, 0x03, 0x97, 0x1b, 0x61, 0xbd, 0x0c, 0xd8, 0x06,
58 0x63, 0xe2, 0xc5, 0x48, 0xef, 0xb3, 0xe2, 0x6e, 0x98, 0x7d, 0xbd, 0x4e, 0x72,
59 0x91, 0xdb, 0x31, 0x57, 0xe3, 0x65, 0x3a, 0x49, 0xca, 0xec, 0xd2, 0x02, 0x4e,
60 0x22, 0x7e, 0x72, 0x8e, 0xf9, 0x79, 0x84, 0x82, 0xdf, 0x7b, 0x92, 0x2d, 0xaf,
61 0xc9, 0xe4, 0x33, 0xef, 0x89, 0x5c, 0x66, 0x99, 0xd8, 0x80, 0x81, 0x47, 0x2b,
62 0xb1, 0x66, 0x02, 0x84, 0x59, 0x7b, 0xc3, 0xbe, 0x98, 0x45, 0x4a, 0x3d, 0xdd,
63 0xea, 0x2b, 0xdf, 0x4e, 0xb4, 0x24, 0x6b, 0xec, 0xe7, 0xd9, 0x0c, 0x45, 0xb8,
64 0xbe, 0xca, 0x69, 0x37, 0x92, 0x4c, 0x38, 0x6b, 0x96, 0x6d, 0xcd, 0x86, 0x67,
65 0x5c, 0xea, 0x54, 0x94, 0xa4, 0xca, 0xa4, 0x02, 0xa5, 0x21, 0x4d, 0xae, 0x40,
66 0x8f, 0x9d, 0x51, 0x83, 0xf2, 0x3f, 0x33, 0xc1, 0x72, 0xb4, 0x1d, 0x94, 0x6e,
67 0x7d, 0xe4, 0x27, 0x3f, 0xea, 0xff, 0xe5, 0x9b, 0xa7, 0x5e, 0x55, 0x8e, 0x0d,
68 0x69, 0x1c, 0x7a, 0xff, 0x81, 0x9d, 0x53, 0x52, 0x97, 0x9a, 0x76, 0x79, 0xda,
69 0x93, 0x32, 0x16, 0xec, 0x69, 0x51, 0x1a, 0x4e, 0xc3, 0xf1, 0x72, 0x80, 0x78,
70 0x5e, 0x66, 0x4a, 0x8d, 0x85, 0x2f, 0x3f, 0xb2, 0xa7 };
71
72 static const BYTE selfSignedCert[] = {
73 0x30, 0x82, 0x01, 0x1f, 0x30, 0x81, 0xce, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
74 0x10, 0xeb, 0x0d, 0x57, 0x2a, 0x9c, 0x09, 0xba, 0xa4, 0x4a, 0xb7, 0x25, 0x49,
75 0xd9, 0x3e, 0xb5, 0x73, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d,
76 0x05, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03,
77 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30,
78 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36, 0x32, 0x39, 0x30, 0x35, 0x30, 0x30,
79 0x34, 0x36, 0x5a, 0x17, 0x0d, 0x30, 0x37, 0x30, 0x36, 0x32, 0x39, 0x31, 0x31,
80 0x30, 0x30, 0x34, 0x36, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
81 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e,
82 0x67, 0x00, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
83 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
84 0x00, 0xe2, 0x54, 0x3a, 0xa7, 0x83, 0xb1, 0x27, 0x14, 0x3e, 0x59, 0xbb, 0xb4,
85 0x53, 0xe6, 0x1f, 0xe7, 0x5d, 0xf1, 0x21, 0x68, 0xad, 0x85, 0x53, 0xdb, 0x6b,
86 0x1e, 0xeb, 0x65, 0x97, 0x03, 0x86, 0x60, 0xde, 0xf3, 0x6c, 0x38, 0x75, 0xe0,
87 0x4c, 0x61, 0xbb, 0xbc, 0x62, 0x17, 0xa9, 0xcd, 0x79, 0x3f, 0x21, 0x4e, 0x96,
88 0xcb, 0x0e, 0xdc, 0x61, 0x94, 0x30, 0x18, 0x10, 0x6b, 0xd0, 0x1c, 0x10, 0x79,
89 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
90 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x25, 0x90, 0x53, 0x34, 0xd9, 0x56, 0x41,
91 0x5e, 0xdb, 0x7e, 0x01, 0x36, 0xec, 0x27, 0x61, 0x5e, 0xb7, 0x4d, 0x90, 0x66,
92 0xa2, 0xe1, 0x9d, 0x58, 0x76, 0xd4, 0x9c, 0xba, 0x2c, 0x84, 0xc6, 0x83, 0x7a,
93 0x22, 0x0d, 0x03, 0x69, 0x32, 0x1a, 0x6d, 0xcb, 0x0c, 0x15, 0xb3, 0x6b, 0xc7,
94 0x0a, 0x8c, 0xb4, 0x5c, 0x34, 0x78, 0xe0, 0x3c, 0x9c, 0xe9, 0xf3, 0x30, 0x9f,
95 0xa8, 0x76, 0x57, 0x92, 0x36 };
96
97 static CHAR unisp_name_a[] = UNISP_NAME_A;
98
99 static const char *algid_to_str(ALG_ID alg)
100 {
101 static char buf[12];
102 switch(alg) {
103 #define X(x) case x: return #x
104 X(CALG_MD2);
105 X(CALG_MD4);
106 X(CALG_MD5);
107 X(CALG_SHA1); /* same as CALG_SHA */
108 X(CALG_MAC);
109 X(CALG_RSA_SIGN);
110 X(CALG_DSS_SIGN);
111 X(CALG_NO_SIGN);
112 X(CALG_RSA_KEYX);
113 X(CALG_DES);
114 X(CALG_3DES_112);
115 X(CALG_3DES);
116 X(CALG_DESX);
117 X(CALG_RC2);
118 X(CALG_RC4);
119 X(CALG_SEAL);
120 X(CALG_DH_SF);
121 X(CALG_DH_EPHEM);
122 X(CALG_AGREEDKEY_ANY);
123 X(CALG_KEA_KEYX);
124 X(CALG_HUGHES_MD5);
125 X(CALG_SKIPJACK);
126 X(CALG_TEK);
127 X(CALG_CYLINK_MEK);
128 X(CALG_SSL3_SHAMD5);
129 X(CALG_SSL3_MASTER);
130 X(CALG_SCHANNEL_MASTER_HASH);
131 X(CALG_SCHANNEL_MAC_KEY);
132 X(CALG_SCHANNEL_ENC_KEY);
133 X(CALG_PCT1_MASTER);
134 X(CALG_SSL2_MASTER);
135 X(CALG_TLS1_MASTER);
136 X(CALG_RC5);
137 X(CALG_HMAC);
138 X(CALG_TLS1PRF);
139 X(CALG_HASH_REPLACE_OWF);
140 X(CALG_AES_128);
141 X(CALG_AES_192);
142 X(CALG_AES_256);
143 X(CALG_AES);
144 X(CALG_SHA_256);
145 X(CALG_SHA_384);
146 X(CALG_SHA_512);
147 X(CALG_ECDH);
148 X(CALG_ECMQV);
149 X(CALG_ECDSA);
150 #undef X
151 }
152
153 sprintf(buf, "%x", alg);
154 return buf;
155 }
156
157 static void init_cred(SCHANNEL_CRED *cred)
158 {
159 cred->dwVersion = SCHANNEL_CRED_VERSION;
160 cred->cCreds = 0;
161 cred->paCred = 0;
162 cred->hRootStore = NULL;
163 cred->cMappers = 0;
164 cred->aphMappers = NULL;
165 cred->cSupportedAlgs = 0;
166 cred->palgSupportedAlgs = NULL;
167 cred->grbitEnabledProtocols = 0;
168 cred->dwMinimumCipherStrength = 0;
169 cred->dwMaximumCipherStrength = 0;
170 cred->dwSessionLifespan = 0;
171 cred->dwFlags = 0;
172 }
173
174 static void test_strength(PCredHandle handle)
175 {
176 SecPkgCred_CipherStrengths strength = {-1,-1};
177 SECURITY_STATUS st;
178
179 st = QueryCredentialsAttributesA(handle, SECPKG_ATTR_CIPHER_STRENGTHS, &strength);
180 ok(st == SEC_E_OK, "QueryCredentialsAttributesA failed: %u\n", GetLastError());
181 ok(strength.dwMinimumCipherStrength, "dwMinimumCipherStrength not changed\n");
182 ok(strength.dwMaximumCipherStrength, "dwMaximumCipherStrength not changed\n");
183 trace("strength %d - %d\n", strength.dwMinimumCipherStrength, strength.dwMaximumCipherStrength);
184 }
185
186 static void test_supported_protocols(CredHandle *handle, unsigned exprots)
187 {
188 SecPkgCred_SupportedProtocols protocols;
189 SECURITY_STATUS status;
190
191 status = QueryCredentialsAttributesA(handle, SECPKG_ATTR_SUPPORTED_PROTOCOLS, &protocols);
192 ok(status == SEC_E_OK, "QueryCredentialsAttributes failed: %08x\n", status);
193
194 if(exprots)
195 ok(protocols.grbitProtocol == exprots, "protocols.grbitProtocol = %x, expected %x\n", protocols.grbitProtocol, exprots);
196
197 trace("Supported protocols:\n");
198
199 #define X(flag, name) do { if(protocols.grbitProtocol & flag) { trace(name "\n"); protocols.grbitProtocol &= ~flag; } }while(0)
200 X(SP_PROT_SSL2_CLIENT, "SSL 2 client");
201 X(SP_PROT_SSL3_CLIENT, "SSL 3 client");
202 X(SP_PROT_TLS1_0_CLIENT, "TLS 1.0 client");
203 X(SP_PROT_TLS1_1_CLIENT, "TLS 1.1 client");
204 X(SP_PROT_TLS1_2_CLIENT, "TLS 1.2 client");
205 X(SP_PROT_TLS1_3_CLIENT, "TLS 1.3 client");
206 #undef X
207
208 if(protocols.grbitProtocol)
209 trace("Unknown flags: %x\n", protocols.grbitProtocol);
210 }
211
212 static void test_supported_algs(CredHandle *handle)
213 {
214 SecPkgCred_SupportedAlgs algs;
215 SECURITY_STATUS status;
216 unsigned i;
217
218 status = QueryCredentialsAttributesA(handle, SECPKG_ATTR_SUPPORTED_ALGS, &algs);
219 todo_wine ok(status == SEC_E_OK, "QueryCredentialsAttributes failed: %08x\n", status);
220 if(status != SEC_E_OK)
221 return;
222
223 trace("Supported algorithms (%d):\n", algs.cSupportedAlgs);
224 for(i=0; i < algs.cSupportedAlgs; i++)
225 trace(" %s\n", algid_to_str(algs.palgSupportedAlgs[i]));
226
227 FreeContextBuffer(algs.palgSupportedAlgs);
228 }
229
230 static void test_cread_attrs(void)
231 {
232 SCHANNEL_CRED schannel_cred;
233 SECURITY_STATUS status;
234 CredHandle cred;
235
236 status = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
237 NULL, NULL, NULL, NULL, &cred, NULL);
238 ok(status == SEC_E_OK, "AcquireCredentialsHandleA failed: %x\n", status);
239
240 test_supported_protocols(&cred, 0);
241 test_supported_algs(&cred);
242
243 status = QueryCredentialsAttributesA(&cred, SECPKG_ATTR_SUPPORTED_PROTOCOLS, NULL);
244 ok(status == SEC_E_INTERNAL_ERROR, "QueryCredentialsAttributes failed: %08x, expected SEC_E_INTERNAL_ERROR\n", status);
245
246 status = QueryCredentialsAttributesA(&cred, SECPKG_ATTR_SUPPORTED_ALGS, NULL);
247 ok(status == SEC_E_INTERNAL_ERROR, "QueryCredentialsAttributes failed: %08x, expected SEC_E_INTERNAL_ERROR\n", status);
248
249 FreeCredentialsHandle(&cred);
250
251 init_cred(&schannel_cred);
252 schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT;
253 status = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
254 NULL, &schannel_cred, NULL, NULL, &cred, NULL);
255 ok(status == SEC_E_OK, "AcquireCredentialsHandleA failed: %x\n", status);
256
257 test_supported_protocols(&cred, SP_PROT_TLS1_CLIENT);
258 test_supported_algs(&cred);
259
260 FreeCredentialsHandle(&cred);
261 }
262
263 static void testAcquireSecurityContext(void)
264 {
265 BOOL has_schannel = FALSE;
266 SecPkgInfoA *package_info;
267 ULONG i;
268 SECURITY_STATUS st;
269 CredHandle cred;
270 SecPkgCredentials_NamesA names;
271 TimeStamp exp;
272 SCHANNEL_CRED schanCred;
273 PCCERT_CONTEXT certs[2];
274 HCRYPTPROV csp;
275 WCHAR ms_def_prov_w[MAX_PATH];
276 BOOL ret;
277 HCRYPTKEY key;
278 CRYPT_KEY_PROV_INFO keyProvInfo;
279
280
281 if (SUCCEEDED(EnumerateSecurityPackagesA(&i, &package_info)))
282 {
283 while(i--)
284 {
285 if (!strcmp(package_info[i].Name, unisp_name_a))
286 {
287 has_schannel = TRUE;
288 break;
289 }
290 }
291 FreeContextBuffer(package_info);
292 }
293 if (!has_schannel)
294 {
295 skip("Schannel not available\n");
296 return;
297 }
298
299 lstrcpyW(ms_def_prov_w, MS_DEF_PROV_W);
300
301 keyProvInfo.pwszContainerName = cspNameW;
302 keyProvInfo.pwszProvName = ms_def_prov_w;
303 keyProvInfo.dwProvType = PROV_RSA_FULL;
304 keyProvInfo.dwFlags = 0;
305 keyProvInfo.cProvParam = 0;
306 keyProvInfo.rgProvParam = NULL;
307 keyProvInfo.dwKeySpec = AT_SIGNATURE;
308
309 certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert, sizeof(bigCert));
310 certs[1] = CertCreateCertificateContext(X509_ASN_ENCODING, selfSignedCert, sizeof(selfSignedCert));
311
312 SetLastError(0xdeadbeef);
313 ret = CryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
314 CRYPT_DELETEKEYSET);
315 if (!ret && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
316 {
317 /* WinMe would crash on some tests */
318 win_skip("CryptAcquireContextW is not implemented\n");
319 return;
320 }
321
322 st = AcquireCredentialsHandleA(NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL,
323 NULL);
324 ok(st == SEC_E_SECPKG_NOT_FOUND,
325 "Expected SEC_E_SECPKG_NOT_FOUND, got %08x\n", st);
326 if (0)
327 {
328 /* Crashes on Win2K */
329 st = AcquireCredentialsHandleA(NULL, unisp_name_a, 0, NULL, NULL, NULL,
330 NULL, NULL, NULL);
331 ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
332
333 /* Crashes on WinNT */
334 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_BOTH, NULL,
335 NULL, NULL, NULL, NULL, NULL);
336 ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
337
338 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
339 NULL, NULL, NULL, NULL, NULL, NULL);
340 ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
341
342 /* Crashes */
343 AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
344 NULL, NULL, NULL, NULL, NULL, NULL);
345 }
346 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
347 NULL, NULL, NULL, NULL, &cred, NULL);
348 ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
349 if(st == SEC_E_OK)
350 FreeCredentialsHandle(&cred);
351 memset(&cred, 0, sizeof(cred));
352 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
353 NULL, NULL, NULL, NULL, &cred, &exp);
354 ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
355 /* expriy is indeterminate in win2k3 */
356 trace("expiry: %08x%08x\n", exp.HighPart, exp.LowPart);
357
358 st = QueryCredentialsAttributesA(&cred, SECPKG_CRED_ATTR_NAMES, &names);
359 ok(st == SEC_E_NO_CREDENTIALS || st == SEC_E_UNSUPPORTED_FUNCTION /* before Vista */, "expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
360
361 FreeCredentialsHandle(&cred);
362
363 /* Bad version in SCHANNEL_CRED */
364 memset(&schanCred, 0, sizeof(schanCred));
365 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
366 NULL, &schanCred, NULL, NULL, NULL, NULL);
367 ok(st == SEC_E_INTERNAL_ERROR ||
368 st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */ ||
369 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
370 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
371 NULL, &schanCred, NULL, NULL, NULL, NULL);
372 ok(st == SEC_E_INTERNAL_ERROR ||
373 st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */ ||
374 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
375
376 /* No cert in SCHANNEL_CRED succeeds for outbound.. */
377 schanCred.dwVersion = SCHANNEL_CRED_VERSION;
378 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
379 NULL, &schanCred, NULL, NULL, &cred, NULL);
380 ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
381 FreeCredentialsHandle(&cred);
382 /* but fails for inbound. */
383 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
384 NULL, &schanCred, NULL, NULL, &cred, NULL);
385 ok(st == SEC_E_NO_CREDENTIALS ||
386 st == SEC_E_OK /* Vista/win2k8 */,
387 "Expected SEC_E_NO_CREDENTIALS or SEC_E_OK, got %08x\n", st);
388
389 if (0)
390 {
391 /* Crashes with bad paCred pointer */
392 schanCred.cCreds = 1;
393 AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
394 NULL, &schanCred, NULL, NULL, NULL, NULL);
395 }
396
397 /* Bogus cert in SCHANNEL_CRED. Windows fails with
398 * SEC_E_UNKNOWN_CREDENTIALS, but I'll accept SEC_E_NO_CREDENTIALS too.
399 */
400 schanCred.cCreds = 1;
401 schanCred.paCred = &certs[0];
402 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
403 NULL, &schanCred, NULL, NULL, NULL, NULL);
404 ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
405 st == SEC_E_NO_CREDENTIALS ||
406 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
407 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
408 NULL, &schanCred, NULL, NULL, NULL, NULL);
409 ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
410 st == SEC_E_NO_CREDENTIALS ||
411 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
412
413 /* Good cert, but missing private key. Windows fails with
414 * SEC_E_NO_CREDENTIALS, but I'll accept SEC_E_UNKNOWN_CREDENTIALS too.
415 */
416 schanCred.cCreds = 1;
417 schanCred.paCred = &certs[1];
418 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
419 NULL, &schanCred, NULL, NULL, &cred, NULL);
420 ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_NO_CREDENTIALS ||
421 st == SEC_E_INTERNAL_ERROR, /* win2k */
422 "Expected SEC_E_UNKNOWN_CREDENTIALS, SEC_E_NO_CREDENTIALS "
423 "or SEC_E_INTERNAL_ERROR, got %08x\n", st);
424 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
425 NULL, &schanCred, NULL, NULL, NULL, NULL);
426 ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_NO_CREDENTIALS ||
427 st == SEC_E_INTERNAL_ERROR, /* win2k */
428 "Expected SEC_E_UNKNOWN_CREDENTIALS, SEC_E_NO_CREDENTIALS "
429 "or SEC_E_INTERNAL_ERROR, got %08x\n", st);
430
431 /* Good cert, with CRYPT_KEY_PROV_INFO set before it's had a key loaded. */
432 ret = CertSetCertificateContextProperty(certs[1],
433 CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo);
434 schanCred.dwVersion = SCH_CRED_V3;
435 ok(ret, "CertSetCertificateContextProperty failed: %08x\n", GetLastError());
436 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
437 NULL, &schanCred, NULL, NULL, &cred, NULL);
438 ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_INTERNAL_ERROR /* WinNT */,
439 "Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st);
440 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
441 NULL, &schanCred, NULL, NULL, &cred, NULL);
442 ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_INTERNAL_ERROR /* WinNT */,
443 "Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st);
444
445 ret = CryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
446 CRYPT_NEWKEYSET);
447 ok(ret, "CryptAcquireContextW failed: %08x\n", GetLastError());
448 ret = 0;
449
450 ret = CryptImportKey(csp, privKey, sizeof(privKey), 0, 0, &key);
451 ok(ret, "CryptImportKey failed: %08x\n", GetLastError());
452 if (ret)
453 {
454 PCCERT_CONTEXT tmp;
455
456 if (0)
457 {
458 /* Crashes */
459 AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
460 NULL, &schanCred, NULL, NULL, NULL, NULL);
461
462 /* Crashes on WinNT */
463 /* Good cert with private key, bogus version */
464 schanCred.dwVersion = SCH_CRED_V1;
465 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
466 NULL, &schanCred, NULL, NULL, &cred, NULL);
467 ok(st == SEC_E_INTERNAL_ERROR ||
468 st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
469 "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
470 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
471 NULL, &schanCred, NULL, NULL, &cred, NULL);
472 ok(st == SEC_E_INTERNAL_ERROR ||
473 st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
474 "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
475 schanCred.dwVersion = SCH_CRED_V2;
476 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
477 NULL, &schanCred, NULL, NULL, &cred, NULL);
478 ok(st == SEC_E_INTERNAL_ERROR ||
479 st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
480 "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
481 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
482 NULL, &schanCred, NULL, NULL, &cred, NULL);
483 ok(st == SEC_E_INTERNAL_ERROR ||
484 st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
485 "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
486 }
487
488 /* Succeeds on V3 or higher */
489 schanCred.dwVersion = SCH_CRED_V3;
490 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
491 NULL, &schanCred, NULL, NULL, &cred, NULL);
492 ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
493 FreeCredentialsHandle(&cred);
494 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
495 NULL, &schanCred, NULL, NULL, &cred, NULL);
496 ok(st == SEC_E_OK ||
497 st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
498 "AcquireCredentialsHandleA failed: %08x\n", st);
499 FreeCredentialsHandle(&cred);
500 schanCred.dwVersion = SCHANNEL_CRED_VERSION;
501 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
502 NULL, &schanCred, NULL, NULL, &cred, NULL);
503 ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
504 FreeCredentialsHandle(&cred);
505 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
506 NULL, &schanCred, NULL, NULL, &cred, NULL);
507 ok(st == SEC_E_OK ||
508 st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
509 "AcquireCredentialsHandleA failed: %08x\n", st);
510 if (st == SEC_E_OK) test_strength(&cred);
511 FreeCredentialsHandle(&cred);
512
513 /* How about more than one cert? */
514 schanCred.cCreds = 2;
515 schanCred.paCred = certs;
516 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
517 NULL, &schanCred, NULL, NULL, &cred, NULL);
518 ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
519 st == SEC_E_NO_CREDENTIALS /* Vista/win2k8 */ ||
520 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
521 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
522 NULL, &schanCred, NULL, NULL, &cred, NULL);
523 ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
524 st == SEC_E_NO_CREDENTIALS ||
525 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
526 tmp = certs[0];
527 certs[0] = certs[1];
528 certs[1] = tmp;
529 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
530 NULL, &schanCred, NULL, NULL, &cred, NULL);
531 ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
532 st == SEC_E_NO_CREDENTIALS ||
533 st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
534 st = AcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
535 NULL, &schanCred, NULL, NULL, &cred, NULL);
536 ok(st == SEC_E_UNKNOWN_CREDENTIALS,
537 "Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
538 /* FIXME: what about two valid certs? */
539
540 CryptDestroyKey(key);
541 }
542
543 CryptReleaseContext(csp, 0);
544 CryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_DELETEKEYSET);
545
546 CertFreeCertificateContext(certs[0]);
547 CertFreeCertificateContext(certs[1]);
548 }
549
550 static void test_remote_cert(PCCERT_CONTEXT remote_cert)
551 {
552 PCCERT_CONTEXT iter = NULL;
553 BOOL incl_remote = FALSE;
554 unsigned cert_cnt = 0;
555
556 ok(remote_cert->hCertStore != NULL, "hCertStore == NULL\n");
557
558 while((iter = CertEnumCertificatesInStore(remote_cert->hCertStore, iter))) {
559 if(iter == remote_cert)
560 incl_remote = TRUE;
561 cert_cnt++;
562 }
563
564 ok(cert_cnt == 4, "cert_cnt = %u\n", cert_cnt);
565 ok(incl_remote, "context does not contain cert itself\n");
566 }
567
568 static const char http_request[] = "HEAD /test.html HTTP/1.1\r\nHost: test.winehq.org\r\nConnection: close\r\n\r\n";
569
570 static void init_buffers(SecBufferDesc *desc, unsigned count, unsigned size)
571 {
572 desc->ulVersion = SECBUFFER_VERSION;
573 desc->cBuffers = count;
574 desc->pBuffers = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, count*sizeof(SecBuffer));
575
576 desc->pBuffers[0].cbBuffer = size;
577 desc->pBuffers[0].pvBuffer = HeapAlloc(GetProcessHeap(), 0, size);
578 }
579
580 static void reset_buffers(SecBufferDesc *desc)
581 {
582 unsigned i;
583
584 for (i = 0; i < desc->cBuffers; ++i)
585 {
586 desc->pBuffers[i].BufferType = SECBUFFER_EMPTY;
587 if (i > 0)
588 {
589 desc->pBuffers[i].cbBuffer = 0;
590 desc->pBuffers[i].pvBuffer = NULL;
591 }
592 }
593 }
594
595 static void free_buffers(SecBufferDesc *desc)
596 {
597 HeapFree(GetProcessHeap(), 0, desc->pBuffers[0].pvBuffer);
598 HeapFree(GetProcessHeap(), 0, desc->pBuffers);
599 }
600
601 static int receive_data(SOCKET sock, SecBuffer *buf)
602 {
603 unsigned received = 0;
604
605 while (1)
606 {
607 unsigned char *data = buf->pvBuffer;
608 unsigned expected = 0;
609 int ret;
610
611 ret = recv(sock, (char *)data+received, buf->cbBuffer-received, 0);
612 if (ret == -1)
613 {
614 skip("recv failed\n");
615 return -1;
616 }
617 else if(ret == 0)
618 {
619 skip("connection closed\n");
620 return -1;
621 }
622 received += ret;
623
624 while (expected < received)
625 {
626 unsigned frame_size = 5 + ((data[3]<<8) | data[4]);
627 expected += frame_size;
628 data += frame_size;
629 }
630
631 if (expected == received)
632 break;
633 }
634
635 buf->cbBuffer = received;
636
637 return received;
638 }
639
640 static void test_InitializeSecurityContext(void)
641 {
642 SCHANNEL_CRED cred;
643 CredHandle cred_handle;
644 CtxtHandle context;
645 SECURITY_STATUS status;
646 SecBuffer out_buffer = {1000, SECBUFFER_TOKEN, NULL};
647 SecBuffer in_buffer = {0, SECBUFFER_EMPTY, NULL};
648 SecBufferDesc out_buffers = {SECBUFFER_VERSION, 1, &out_buffer};
649 SecBufferDesc in_buffers = {SECBUFFER_VERSION, 1, &in_buffer};
650 ULONG attrs;
651
652 init_cred(&cred);
653 cred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT;
654 cred.dwFlags = SCH_CRED_NO_DEFAULT_CREDS|SCH_CRED_MANUAL_CRED_VALIDATION;
655 status = AcquireCredentialsHandleA(NULL, (SEC_CHAR *)UNISP_NAME_A, SECPKG_CRED_OUTBOUND, NULL,
656 &cred, NULL, NULL, &cred_handle, NULL);
657 ok(status == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", status);
658 if (status != SEC_E_OK) return;
659
660 status = InitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost",
661 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM|ISC_REQ_ALLOCATE_MEMORY,
662 0, 0, &in_buffers, 0, &context, &out_buffers, &attrs, NULL);
663 ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status);
664
665 FreeContextBuffer(out_buffer.pvBuffer);
666 DeleteSecurityContext(&context);
667 FreeCredentialsHandle(&cred_handle);
668 }
669
670 static void test_communication(void)
671 {
672 int ret;
673
674 WSADATA wsa_data;
675 SOCKET sock;
676 struct hostent *host;
677 struct sockaddr_in addr;
678
679 SECURITY_STATUS status;
680 ULONG attrs;
681
682 SCHANNEL_CRED cred;
683 CredHandle cred_handle;
684 CtxtHandle context;
685 SecPkgCredentials_NamesA names;
686 SecPkgContext_StreamSizes sizes;
687 SecPkgContext_ConnectionInfo conn_info;
688 SecPkgContext_KeyInfoA key_info;
689 CERT_CONTEXT *cert;
690 SecPkgContext_NegotiationInfoA info;
691
692 SecBufferDesc buffers[2];
693 SecBuffer *buf;
694 unsigned buf_size = 8192;
695 unsigned char *data;
696 unsigned data_size;
697
698 if (!pQueryContextAttributesA)
699 {
700 win_skip("Required secur32 functions not available\n");
701 return;
702 }
703
704 /* Create a socket and connect to test.winehq.org */
705 ret = WSAStartup(0x0202, &wsa_data);
706 if (ret)
707 {
708 skip("Can't init winsock 2.2\n");
709 return;
710 }
711
712 host = gethostbyname("test.winehq.org");
713 if (!host)
714 {
715 skip("Can't resolve test.winehq.org\n");
716 return;
717 }
718
719 addr.sin_family = host->h_addrtype;
720 addr.sin_addr = *(struct in_addr *)host->h_addr_list[0];
721 addr.sin_port = htons(443);
722 sock = socket(host->h_addrtype, SOCK_STREAM, 0);
723 if (sock == SOCKET_ERROR)
724 {
725 skip("Can't create socket\n");
726 return;
727 }
728
729 ret = connect(sock, (struct sockaddr *)&addr, sizeof(addr));
730 if (ret == SOCKET_ERROR)
731 {
732 skip("Can't connect to test.winehq.org\n");
733 return;
734 }
735
736 /* Create client credentials */
737 init_cred(&cred);
738 cred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT;
739 cred.dwFlags = SCH_CRED_NO_DEFAULT_CREDS|SCH_CRED_MANUAL_CRED_VALIDATION;
740
741 status = AcquireCredentialsHandleA(NULL, (SEC_CHAR *)UNISP_NAME_A, SECPKG_CRED_OUTBOUND, NULL,
742 &cred, NULL, NULL, &cred_handle, NULL);
743 ok(status == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", status);
744 if (status != SEC_E_OK) return;
745
746 /* Initialize the connection */
747 init_buffers(&buffers[0], 4, buf_size);
748 init_buffers(&buffers[1], 4, buf_size);
749
750 buffers[0].pBuffers[0].BufferType = SECBUFFER_TOKEN;
751 status = InitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost",
752 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
753 0, 0, NULL, 0, &context, &buffers[0], &attrs, NULL);
754 ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status);
755
756 buffers[1].cBuffers = 1;
757 buffers[1].pBuffers[0].BufferType = SECBUFFER_TOKEN;
758 buffers[0].pBuffers[0].cbBuffer = 1;
759 memset(buffers[1].pBuffers[0].pvBuffer, 0xfa, buf_size);
760 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
761 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
762 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
763 todo_wine
764 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
765 todo_wine
766 ok(buffers[0].pBuffers[0].cbBuffer == 0, "Output buffer size was not set to 0.\n");
767
768 buffers[1].cBuffers = 1;
769 buffers[1].pBuffers[0].BufferType = SECBUFFER_TOKEN;
770 buffers[0].pBuffers[0].cbBuffer = 1;
771 memset(buffers[1].pBuffers[0].pvBuffer, 0, buf_size);
772 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
773 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
774 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
775 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
776 ok(buffers[0].pBuffers[0].cbBuffer == 0, "Output buffer size was not set to 0.\n");
777
778 buffers[0].pBuffers[0].cbBuffer = 0;
779 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
780 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
781 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
782 todo_wine
783 ok(status == SEC_E_INSUFFICIENT_MEMORY || status == SEC_E_INVALID_TOKEN,
784 "Expected SEC_E_INSUFFICIENT_MEMORY or SEC_E_INVALID_TOKEN, got %08x\n", status);
785 ok(buffers[0].pBuffers[0].cbBuffer == 0, "Output buffer size was not set to 0.\n");
786
787 status = InitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost",
788 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
789 0, 0, NULL, 0, &context, NULL, &attrs, NULL);
790 todo_wine
791 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
792
793 buffers[0].pBuffers[0].cbBuffer = buf_size;
794 status = InitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost",
795 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
796 0, 0, NULL, 0, &context, &buffers[0], &attrs, NULL);
797 ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status);
798
799 buf = &buffers[0].pBuffers[0];
800 send(sock, buf->pvBuffer, buf->cbBuffer, 0);
801 buf->cbBuffer = buf_size;
802
803 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
804 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
805 0, 0, NULL, 0, NULL, &buffers[0], &attrs, NULL);
806 ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
807 ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
808 ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
809
810 buffers[1].cBuffers = 1;
811 buffers[1].pBuffers[0].cbBuffer = 0;
812
813 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
814 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
815 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
816 ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
817 ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
818 ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
819
820 buf = &buffers[1].pBuffers[0];
821 buf->cbBuffer = buf_size;
822 ret = receive_data(sock, buf);
823 if (ret == -1)
824 return;
825
826 buffers[1].pBuffers[0].cbBuffer = 4;
827 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
828 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
829 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
830 ok(status == SEC_E_INCOMPLETE_MESSAGE || status == SEC_E_INVALID_TOKEN,
831 "Got unexpected status %#x.\n", status);
832 ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
833 ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
834
835 buffers[1].pBuffers[0].cbBuffer = 5;
836 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
837 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
838 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
839 ok(status == SEC_E_INCOMPLETE_MESSAGE || status == SEC_E_INVALID_TOKEN,
840 "Got unexpected status %#x.\n", status);
841 ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
842 ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
843
844 buffers[1].pBuffers[0].cbBuffer = ret;
845 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
846 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
847 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
848 buffers[1].pBuffers[0].cbBuffer = buf_size;
849 while (status == SEC_I_CONTINUE_NEEDED)
850 {
851 buf = &buffers[0].pBuffers[0];
852 send(sock, buf->pvBuffer, buf->cbBuffer, 0);
853 buf->cbBuffer = buf_size;
854
855 buf = &buffers[1].pBuffers[0];
856 ret = receive_data(sock, buf);
857 if (ret == -1)
858 return;
859
860 buf->BufferType = SECBUFFER_TOKEN;
861
862 status = InitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
863 ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
864 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
865 buffers[1].pBuffers[0].cbBuffer = buf_size;
866 }
867
868 ok(buffers[0].pBuffers[0].cbBuffer == 0, "Output buffer size was not set to 0.\n");
869 ok(status == SEC_E_OK, "InitializeSecurityContext failed: %08x\n", status);
870 if(status != SEC_E_OK) {
871 skip("Handshake failed\n");
872 return;
873 }
874
875 status = QueryCredentialsAttributesA(&cred_handle, SECPKG_CRED_ATTR_NAMES, &names);
876 ok(status == SEC_E_NO_CREDENTIALS || status == SEC_E_UNSUPPORTED_FUNCTION /* before Vista */, "expected SEC_E_NO_CREDENTIALS, got %08x\n", status);
877
878 status = pQueryContextAttributesA(&context, SECPKG_ATTR_REMOTE_CERT_CONTEXT, (void*)&cert);
879 ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_REMOTE_CERT_CONTEXT) failed: %08x\n", status);
880 if(status == SEC_E_OK) {
881 SecPkgContext_Bindings bindings = {0xdeadbeef, (void*)0xdeadbeef};
882
883 test_remote_cert(cert);
884
885 status = pQueryContextAttributesA(&context, SECPKG_ATTR_ENDPOINT_BINDINGS, &bindings);
886 ok(status == SEC_E_OK || broken(status == SEC_E_UNSUPPORTED_FUNCTION),
887 "QueryContextAttributesW(SECPKG_ATTR_ENDPOINT_BINDINGS) failed: %08x\n", status);
888 if(status == SEC_E_OK) {
889 static const char prefix[] = "tls-server-end-point:";
890 const char *p;
891 BYTE hash[64];
892 DWORD hash_size;
893
894 ok(bindings.BindingsLength == sizeof(*bindings.Bindings) + sizeof(prefix)-1 + 32 /* hash size */,
895 "bindings.BindingsLength = %u\n", bindings.BindingsLength);
896 ok(!bindings.Bindings->dwInitiatorAddrType, "dwInitiatorAddrType = %x\n", bindings.Bindings->dwInitiatorAddrType);
897 ok(!bindings.Bindings->cbInitiatorLength, "cbInitiatorLength = %x\n", bindings.Bindings->cbInitiatorLength);
898 ok(!bindings.Bindings->dwInitiatorOffset, "dwInitiatorOffset = %x\n", bindings.Bindings->dwInitiatorOffset);
899 ok(!bindings.Bindings->dwAcceptorAddrType, "dwAcceptorAddrType = %x\n", bindings.Bindings->dwAcceptorAddrType);
900 ok(!bindings.Bindings->cbAcceptorLength, "cbAcceptorLength = %x\n", bindings.Bindings->cbAcceptorLength);
901 ok(!bindings.Bindings->dwAcceptorOffset, "dwAcceptorOffset = %x\n", bindings.Bindings->dwAcceptorOffset);
902 ok(sizeof(*bindings.Bindings) + bindings.Bindings->cbApplicationDataLength == bindings.BindingsLength,
903 "cbApplicationDataLength = %x\n", bindings.Bindings->cbApplicationDataLength);
904 ok(bindings.Bindings->dwApplicationDataOffset == sizeof(*bindings.Bindings),
905 "dwApplicationDataOffset = %x\n", bindings.Bindings->dwApplicationDataOffset);
906 p = (const char*)(bindings.Bindings+1);
907 ok(!memcmp(p, prefix, sizeof(prefix)-1), "missing prefix\n");
908 p += sizeof(prefix)-1;
909
910 hash_size = sizeof(hash);
911 ret = CryptHashCertificate(0, CALG_SHA_256, 0, cert->pbCertEncoded, cert->cbCertEncoded, hash, &hash_size);
912 if(ret) {
913 ok(hash_size == 32, "hash_size = %u\n", hash_size);
914 ok(!memcmp(hash, p, hash_size), "unexpected hash part\n");
915 }else {
916 win_skip("SHA 256 hash not supported.\n");
917 }
918
919 FreeContextBuffer(bindings.Bindings);
920 }else {
921 win_skip("SECPKG_ATTR_ENDPOINT_BINDINGS not supported\n");
922 }
923
924 CertFreeCertificateContext(cert);
925 }
926
927 status = pQueryContextAttributesA(&context, SECPKG_ATTR_CONNECTION_INFO, (void*)&conn_info);
928 ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_CONNECTION_INFO) failed: %08x\n", status);
929 if(status == SEC_E_OK) {
930 ok(conn_info.dwCipherStrength >= 128, "conn_info.dwCipherStrength = %d\n", conn_info.dwCipherStrength);
931 ok(conn_info.dwHashStrength >= 128, "conn_info.dwHashStrength = %d\n", conn_info.dwHashStrength);
932 }
933
934 status = pQueryContextAttributesA(&context, SECPKG_ATTR_KEY_INFO, &key_info);
935 ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_KEY_INFO) failed: %08x\n", status);
936 if(status == SEC_E_OK) {
937 ok(broken(key_info.SignatureAlgorithm == 0 /* WinXP,2003 */) ||
938 key_info.SignatureAlgorithm == CALG_RSA_SIGN,
939 "key_info.SignatureAlgorithm = %04x\n", key_info.SignatureAlgorithm);
940 ok(broken(key_info.SignatureAlgorithm == 0 /* WinXP,2003 */) ||
941 !strcmp(key_info.sSignatureAlgorithmName, "RSA"),
942 "key_info.sSignatureAlgorithmName = %s\n", key_info.sSignatureAlgorithmName);
943 ok(key_info.KeySize >= 128, "key_info.KeySize = %d\n", key_info.KeySize);
944 }
945
946 status = pQueryContextAttributesA(&context, SECPKG_ATTR_STREAM_SIZES, &sizes);
947 ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_STREAM_SIZES) failed: %08x\n", status);
948
949 status = QueryContextAttributesA(&context, SECPKG_ATTR_NEGOTIATION_INFO, &info);
950 ok(status == SEC_E_UNSUPPORTED_FUNCTION, "QueryContextAttributesA returned %08x\n", status);
951
952 reset_buffers(&buffers[0]);
953
954 /* Send a simple request so we get data for testing DecryptMessage */
955 buf = &buffers[0].pBuffers[0];
956 data = buf->pvBuffer;
957 buf->BufferType = SECBUFFER_STREAM_HEADER;
958 buf->cbBuffer = sizes.cbHeader;
959 ++buf;
960 buf->BufferType = SECBUFFER_DATA;
961 buf->pvBuffer = data + sizes.cbHeader;
962 buf->cbBuffer = sizeof(http_request) - 1;
963 memcpy(buf->pvBuffer, http_request, sizeof(http_request) - 1);
964 ++buf;
965 buf->BufferType = SECBUFFER_STREAM_TRAILER;
966 buf->pvBuffer = data + sizes.cbHeader + sizeof(http_request) -1;
967 buf->cbBuffer = sizes.cbTrailer;
968
969 status = EncryptMessage(&context, 0, &buffers[0], 0);
970 ok(status == SEC_E_OK, "EncryptMessage failed: %08x\n", status);
971 if (status != SEC_E_OK)
972 return;
973
974 buf = &buffers[0].pBuffers[0];
975 send(sock, buf->pvBuffer, buffers[0].pBuffers[0].cbBuffer + buffers[0].pBuffers[1].cbBuffer + buffers[0].pBuffers[2].cbBuffer, 0);
976
977 reset_buffers(&buffers[0]);
978 buf->cbBuffer = buf_size;
979 data_size = receive_data(sock, buf);
980
981 /* Too few buffers */
982 --buffers[0].cBuffers;
983 status = DecryptMessage(&context, &buffers[0], 0, NULL);
984 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
985
986 /* No data buffer */
987 ++buffers[0].cBuffers;
988 status = DecryptMessage(&context, &buffers[0], 0, NULL);
989 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
990
991 /* Two data buffers */
992 buffers[0].pBuffers[0].BufferType = SECBUFFER_DATA;
993 buffers[0].pBuffers[1].BufferType = SECBUFFER_DATA;
994 status = DecryptMessage(&context, &buffers[0], 0, NULL);
995 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
996
997 /* Too few empty buffers */
998 buffers[0].pBuffers[1].BufferType = SECBUFFER_EXTRA;
999 status = DecryptMessage(&context, &buffers[0], 0, NULL);
1000 ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
1001
1002 /* Incomplete data */
1003 buffers[0].pBuffers[1].BufferType = SECBUFFER_EMPTY;
1004 buffers[0].pBuffers[0].cbBuffer = (data[3]<<8) | data[4];
1005 status = DecryptMessage(&context, &buffers[0], 0, NULL);
1006 ok(status == SEC_E_INCOMPLETE_MESSAGE, "Expected SEC_E_INCOMPLETE_MESSAGE, got %08x\n", status);
1007 ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_MISSING, "Expected first buffer to be SECBUFFER_MISSING\n");
1008 ok(buffers[0].pBuffers[0].cbBuffer == 5, "Expected first buffer to be a five bytes\n");
1009
1010 buffers[0].pBuffers[0].cbBuffer = data_size;
1011 buffers[0].pBuffers[0].BufferType = SECBUFFER_DATA;
1012 buffers[0].pBuffers[1].BufferType = SECBUFFER_EMPTY;
1013 status = DecryptMessage(&context, &buffers[0], 0, NULL);
1014 ok(status == SEC_E_OK, "DecryptMessage failed: %08x\n", status);
1015 if (status == SEC_E_OK)
1016 {
1017 ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_STREAM_HEADER, "Expected first buffer to be SECBUFFER_STREAM_HEADER\n");
1018 ok(buffers[0].pBuffers[1].BufferType == SECBUFFER_DATA, "Expected second buffer to be SECBUFFER_DATA\n");
1019 ok(buffers[0].pBuffers[2].BufferType == SECBUFFER_STREAM_TRAILER, "Expected third buffer to be SECBUFFER_STREAM_TRAILER\n");
1020
1021 data = buffers[0].pBuffers[1].pvBuffer;
1022 data[buffers[0].pBuffers[1].cbBuffer] = 0;
1023 }
1024
1025 DeleteSecurityContext(&context);
1026 FreeCredentialsHandle(&cred_handle);
1027
1028 free_buffers(&buffers[0]);
1029 free_buffers(&buffers[1]);
1030
1031 closesocket(sock);
1032 }
1033
1034 START_TEST(schannel)
1035 {
1036 pQueryContextAttributesA = (void*)GetProcAddress(GetModuleHandleA("secur32.dll"), "QueryContextAttributesA");
1037
1038 test_cread_attrs();
1039 testAcquireSecurityContext();
1040 test_InitializeSecurityContext();
1041 test_communication();
1042 }