search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
digest: add support for OpenSSL 1.1.0
[siplcs.git] / src / core / sip-sec-ntlm-tests.c
blob2922bc0a1e9894cf3bde8c4c20c32ee59f831d52
1 /**
2 * @file sipe-sec-ntlm-tests.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2011-2016 SIPE Project <http://sipe.sourceforge.net/>
7 * Copyright (C) 2010 pier11 <pier11@operamail.com>
8 * Copyright (C) 2008 Novell, Inc.
9 *
10 * Implemented with reference to the follow documentation:
11 * - http://davenport.sourceforge.net/ntlm.html
12 * - MS-NLMP: http://msdn.microsoft.com/en-us/library/cc207842.aspx
13 * - MS-SIP : http://msdn.microsoft.com/en-us/library/cc246115.aspx
14 *
15 * Please use "make tests" to build & run them!
16 *
17 * This program is free software; you can redistribute it and/or modify
18 * it under the terms of the GNU General Public License as published by
19 * the Free Software Foundation; either version 2 of the License, or
20 * (at your option) any later version.
21 *
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * You should have received a copy of the GNU General Public License
28 * along with this program; if not, write to the Free Software
29 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
30 */
31
32 #ifdef HAVE_CONFIG_H
33 #include "config.h"
34 #endif
35
36 #include <stdlib.h>
37
38 #include <glib.h>
39 #include <glib/gprintf.h>
40
41 #include "sipmsg.h"
42 #include "sip-transport.h"
43 #include "sipe-common.h"
44 #include "sipe-sign.h"
45 #define _SIPE_COMPILING_TESTS
46 #include "sip-sec-ntlm.c"
47
48 #include "uuid.h"
49
50 /* stub for sipe-utils.c */
51 const gchar *sip_transport_epid(SIPE_UNUSED_PARAMETER struct sipe_core_private *sipe_private)
52 {
53 return(NULL);
54 }
55
56 static int successes = 0;
57 static int failures = 0;
58
59 gboolean sip_sec_ntlm_tests(void);
60
61 static void assert_equal(const char * expected, gpointer got, int len, gboolean stringify)
62 {
63 const gchar * res = (gchar *) got;
64 gchar to_str[len*2 + 1];
65
66 if (stringify) {
67 const guint8 *bin = got;
68 int i, j;
69 for (i = 0, j = 0; i < len; i++, j+=2) {
70 g_sprintf(&to_str[j], "%02X", (bin[i]&0xff));
71 }
72 len *= 2;
73 res = to_str;
74 }
75
76 printf("expected: %s\n", expected);
77 printf("received: %s\n", res);
78
79 if (g_ascii_strncasecmp(expected, res, len) == 0) {
80 successes++;
81 printf("PASSED\n");
82 } else {
83 failures++;
84 printf("FAILED\n");
85 }
86 }
87
88 /* NOTE: both values are expected to be in host byte order! */
89 static void assert_equal_guint32(guint32 expected, guint32 got)
90 {
91 printf("expected: %08X\n", expected);
92 printf("received: %08X\n", got);
93
94 if (expected == got) {
95 successes++;
96 printf("PASSED\n");
97 } else {
98 failures++;
99 printf("FAILED\n");
100 }
101 }
102
103 gboolean sip_sec_ntlm_tests(void)
104 {
105 const char *password;
106 const char *user;
107 const char *domain;
108 const guchar *client_challenge;
109 const guchar *nonce;
110 const guchar *exported_session_key;
111 const guchar *text;
112 guchar md4 [16];
113 guchar md5 [16];
114 guchar hmac_md5 [16];
115 guint32 flags;
116 guchar response_key_lm [16];
117 guchar response_key_nt [16];
118 guchar nt_challenge_response [24];
119 guchar lm_challenge_response [24];
120 guchar session_base_key [16];
121 guchar key_exchange_key [16];
122 guchar encrypted_random_session_key [16];
123 guint32 crc;
124 guchar client_seal_key [16];
125 guchar client_sign_key [16];
126 guchar server_sign_key [16];
127 guchar server_seal_key [16];
128 guint32 mac [4];
129 guchar text_enc [18 + 12];
130 struct sipmsg *msg;
131 struct sipmsg_breakdown msgbd;
132 gchar *msg_str;
133 const char *password2;
134 const char *user2;
135 const char *domain2;
136 const char *host2;
137 const char *type2_hex;
138 const char *type3_hex;
139 const char *request;
140 const char *response;
141 const gchar *request_sig;
142 const gchar *response_sig;
143
144 printf ("Starting Tests\n");
145
146 /* Initialization for crypto backend (test mode) */
147 sipe_crypto_init(FALSE);
148
149 /* Initialization for NTLM */
150 sip_sec_init__ntlm();
151
152 /* These tests are from the MS-SIPE document */
153
154 password = "Password";
155 user = "User";
156 domain = "Domain";
157 client_challenge = (guchar *)"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa";
158 /* server challenge */
159 nonce = (guchar *)"\x01\x23\x45\x67\x89\xab\xcd\xef";
160 /* 16 bytes */
161 exported_session_key = (guchar *)"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55";
162 text = (guchar *)"\x50\x00\x6c\x00\x61\x00\x69\x00\x6e\x00\x74\x00\x65\x00\x78\x00\x74\x00"; //P·l·a·i·n·t·e·x·t·
163
164
165 ////// internal Cyphers tests ///////
166 printf ("\nTesting MD4()\n");
167 MD4 ((const unsigned char *)"message digest", 14, md4);
168 assert_equal("D9130A8164549FE818874806E1C7014B", md4, 16, TRUE);
169
170 printf ("\nTesting MD5()\n");
171 MD5 ((const unsigned char *)"message digest", 14, md5);
172 assert_equal("F96B697D7CB7938D525A2F31AAF161D0", md5, 16, TRUE);
173
174 printf ("\nTesting HMAC_MD5()\n");
175 HMAC_MD5 ((const unsigned char *)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", 16, (const unsigned char *)"Hi There", 8, hmac_md5);
176 assert_equal("9294727A3638BB1C13F48EF8158BFC9D", hmac_md5, 16, TRUE);
177
178
179 ////// NTLMv1 (without Extended Session Security) ///////
180 use_ntlm_v2 = FALSE;
181
182 flags = 0
183 | NTLMSSP_NEGOTIATE_KEY_EXCH
184 | NTLMSSP_NEGOTIATE_56
185 | NTLMSSP_NEGOTIATE_128
186 | NTLMSSP_NEGOTIATE_VERSION
187 | NTLMSSP_TARGET_TYPE_SERVER
188 | NTLMSSP_NEGOTIATE_ALWAYS_SIGN
189 | NTLMSSP_NEGOTIATE_NTLM
190 | NTLMSSP_NEGOTIATE_SEAL
191 | NTLMSSP_NEGOTIATE_SIGN
192 | NTLMSSP_NEGOTIATE_OEM
193 | NTLMSSP_NEGOTIATE_UNICODE;
194
195 printf ("\n\nTesting Negotiation Flags\n");
196 assert_equal_guint32(0xE2028233, flags);
197
198 printf ("\n\nTesting LMOWFv1()\n");
199 LMOWFv1 (password, user, domain, response_key_lm);
200 assert_equal("E52CAC67419A9A224A3B108F3FA6CB6D", response_key_lm, 16, TRUE);
201
202 printf ("\n\nTesting NTOWFv1()\n");
203 NTOWFv1 (password, user, domain, response_key_nt);
204 assert_equal("A4F49C406510BDCAB6824EE7C30FD852", response_key_nt, 16, TRUE);
205
206 printf ("\n\nTesting LM Response Generation\n");
207 printf ("Testing NT Response Generation\n");
208 printf ("Testing Session Base Key\n");
209
210 compute_response(flags,
211 response_key_nt,
212 response_key_lm,
213 nonce,
214 client_challenge,
215 0,
216 NULL, /* target_info */
217 0, /* target_info_len */
218 lm_challenge_response, /* out */
219 nt_challenge_response, /* out */
220 session_base_key); /* out */
221
222 assert_equal("98DEF7B87F88AA5DAFE2DF779688A172DEF11C7D5CCDEF13", lm_challenge_response, 24, TRUE);
223 assert_equal("67C43011F30298A2AD35ECE64F16331C44BDBED927841F94", nt_challenge_response, 24, TRUE);
224 assert_equal("D87262B0CDE4B1CB7499BECCCDF10784", session_base_key, 16, TRUE);
225
226 printf ("\n\nTesting Key Exchange Key\n");
227 KXKEY(flags, session_base_key, lm_challenge_response, nonce, key_exchange_key);
228 assert_equal("D87262B0CDE4B1CB7499BECCCDF10784", key_exchange_key, 16, TRUE);
229
230 printf ("\n\nTesting Encrypted Session Key Generation\n");
231 RC4K (key_exchange_key, 16, exported_session_key, 16, encrypted_random_session_key);
232 assert_equal("518822B1B3F350C8958682ECBB3E3CB7", encrypted_random_session_key, 16, TRUE);
233
234 printf ("\n\nTesting CRC32\n");
235 crc = CRC32((char*)text, 18);
236 assert_equal_guint32(0x93AA847D, crc);
237
238 printf ("\n\nTesting Encryption\n");
239 {
240 //SEALKEY (flags, exported_session_key, TRUE, client_seal_key);
241 guchar buff [18 + 12];
242 guint32 to_enc [3];
243
244 memcpy(buff, text, 18);
245 to_enc[0] = GUINT32_TO_LE(0); // random pad
246 to_enc[1] = GUINT32_TO_LE(crc);
247 to_enc[2] = GUINT32_TO_LE(0); // zero
248 memcpy(buff+18, (gchar *)to_enc, 12);
249 RC4K (exported_session_key, 16, buff, 18 + 12, text_enc);
250 //The point is to not reinitialize rc4 cypher
251 // 0 crc 0 (zero)
252 assert_equal("56FE04D861F9319AF0D7238A2E3B4D457FB8" "45C844E5" "09DCD1DF" "2E459D36", text_enc, 18 + 12, TRUE);
253 }
254
255 printf ("\n\nTesting MAC\n");
256 {
257 // won't work in the case with sealing because RC4 is re-initialized inside.
258 // MAC (flags, (gchar*)text, 18, (guchar*)exported_session_key, 16, (guchar*)exported_session_key,16, 0x00000000, 0, mac);
259 guint32 enc [3];
260 guint32 mac2 [4];
261
262 memcpy((gchar *)enc, text_enc+18, 12);
263 mac2 [0] = GUINT32_TO_LE(1); // version
264 mac2 [1] = enc [0];
265 mac2 [2] = enc [1];
266 mac2 [3] = enc [2] ^ (GUINT32_TO_LE(0)); // ^ seq
267 assert_equal("0100000045C844E509DCD1DF2E459D36", (guchar*)mac2, 16, TRUE);
268 }
269
270
271 ////// EXTENDED_SESSIONSECURITY ///////
272 use_ntlm_v2 = FALSE;
273 flags = 0
274 | NTLMSSP_NEGOTIATE_56
275 | NTLMSSP_NEGOTIATE_VERSION
276 | NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
277 | NTLMSSP_TARGET_TYPE_SERVER
278 | NTLMSSP_NEGOTIATE_ALWAYS_SIGN
279 | NTLMSSP_NEGOTIATE_NTLM
280 | NTLMSSP_NEGOTIATE_SEAL
281 | NTLMSSP_NEGOTIATE_SIGN
282 | NTLMSSP_NEGOTIATE_OEM
283 | NTLMSSP_NEGOTIATE_UNICODE;
284
285 printf ("\n\n(Extended session security) Testing Negotiation Flags\n");
286 assert_equal_guint32(0x820A8233, flags);
287
288 /* NTOWFv1() is not different from the above test for the same */
289
290 printf ("\n\n(Extended session security) Testing LM Response\n");
291 printf ("(Extended session security) Testing NT Response\n");
292 printf ("(Extended session security) Testing Session Base Key\n");
293 compute_response(flags,
294 response_key_nt,
295 response_key_lm,
296 nonce,
297 client_challenge,
298 0,
299 NULL, /* target_info */
300 0, /* target_info_len */
301 lm_challenge_response, /* out */
302 nt_challenge_response, /* out */
303 session_base_key); /* out */
304
305 assert_equal("AAAAAAAAAAAAAAAA00000000000000000000000000000000", lm_challenge_response, 24, TRUE);
306 assert_equal("7537F803AE367128CA458204BDE7CAF81E97ED2683267232", nt_challenge_response, 24, TRUE);
307 assert_equal("D87262B0CDE4B1CB7499BECCCDF10784", session_base_key, 16, TRUE);
308
309 printf ("\n\n(Extended session security) Testing Key Exchange Key\n");
310 KXKEY(flags, session_base_key, lm_challenge_response, nonce, key_exchange_key);
311 assert_equal("EB93429A8BD952F8B89C55B87F475EDC", key_exchange_key, 16, TRUE);
312
313 printf ("\n\n(Extended session security) SIGNKEY\n");
314 SIGNKEY (key_exchange_key, TRUE, client_sign_key);
315 assert_equal("60E799BE5C72FC92922AE8EBE961FB8D", client_sign_key, 16, TRUE);
316
317 printf ("\n\n(Extended session security) SEALKEY\n");
318 SEALKEY (flags, key_exchange_key, TRUE, client_seal_key);
319 assert_equal("04DD7F014D8504D265A25CC86A3A7C06", client_seal_key, 16, TRUE);
320
321 printf ("\n\n(Extended session security) Testing Encryption\n");
322 RC4K (client_seal_key, 16, text, 18, text_enc);
323 assert_equal("A02372F6530273F3AA1EB90190CE5200C99D", text_enc, 18, TRUE);
324
325 printf ("\n\n(Extended session security) Testing MAC\n");
326 MAC (flags, (gchar*)text,18, client_sign_key,16, client_seal_key,16, 0, 0, mac);
327 assert_equal("01000000FF2AEB52F681793A00000000", mac, 16, TRUE);
328
329
330 ////// NTLMv2 ///////
331 use_ntlm_v2 = TRUE;
332 flags = 0
333 | NTLMSSP_NEGOTIATE_KEY_EXCH
334 | NTLMSSP_NEGOTIATE_56
335 | NTLMSSP_NEGOTIATE_128
336 | NTLMSSP_NEGOTIATE_VERSION
337 | NTLMSSP_NEGOTIATE_TARGET_INFO
338 | NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
339 | NTLMSSP_TARGET_TYPE_SERVER
340 | NTLMSSP_NEGOTIATE_ALWAYS_SIGN
341 | NTLMSSP_NEGOTIATE_NTLM
342 | NTLMSSP_NEGOTIATE_SEAL
343 | NTLMSSP_NEGOTIATE_SIGN
344 | NTLMSSP_NEGOTIATE_OEM
345 | NTLMSSP_NEGOTIATE_UNICODE;
346
347 printf ("\n\nTesting (NTLMv2) Negotiation Flags\n");
348 assert_equal_guint32(0xE28A8233, flags);
349
350 printf ("\n\nTesting NTOWFv2()\n");
351 NTOWFv2 (password, user, domain, response_key_nt);
352 NTOWFv2 (password, user, domain, response_key_lm);
353 assert_equal("0C868A403BFD7A93A3001EF22EF02E3F", response_key_nt, 16, TRUE);
354
355
356 printf ("\n\nTesting (NTLMv2) LM Response Generation\n");
357 printf ("Testing (NTLMv2) NT Response Generation and Session Base Key\n");
358 /*
359 Challenge:
360 4e544c4d53535000020000000c000c003800000033828ae20123456789abcdef00000000000000002400240044000000060070170000000f53006500720076006500720002000c0044006f006d00610069006e0001000c0053006500720076006500720000000000
361
362 NTLMSSP_NEGOTIATE_UNICODE
363 NTLMSSP_NEGOTIATE_OEM
364 NTLMSSP_NEGOTIATE_SIGN
365 NTLMSSP_NEGOTIATE_SEAL
366 NTLMSSP_NEGOTIATE_NTLM
367 NTLMSSP_NEGOTIATE_ALWAYS_SIGN
368 NTLMSSP_TARGET_TYPE_SERVER
369 NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
370 NTLMSSP_NEGOTIATE_TARGET_INFO
371 NTLMSSP_NEGOTIATE_VERSION
372 NTLMSSP_NEGOTIATE_128
373 NTLMSSP_NEGOTIATE_KEY_EXCH
374 NTLMSSP_NEGOTIATE_56
375 target_name.len : 12
376 target_name.maxlen: 12
377 target_name.offset: 56
378 target_info.len : 36
379 target_info.maxlen: 36
380 target_info.offset: 68
381 product: 6.0.6000 (Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2)
382 ntlm_revision_current: 0x0F (NTLMSSP_REVISION_W2K3)
383 target_name: Server
384 MsvAvNbDomainName: Domain
385 MsvAvNbComputerName: Server
386
387 target_name:
388 530065007200760065007200
389 target_info:
390 02000c0044006f006d00610069006e0001000c0053006500720076006500720000000000
391
392 Response:
393 4e544c4d5353500003000000180018006c00000054005400840000000c000c00480000000800080054000000100010005c00000010001000d8000000358288e20501280a0000000f44006f006d00610069006e00550073006500720043004f004d005000550054004500520086c35097ac9cec102554764a57cccc19aaaaaaaaaaaaaaaa68cd0ab851e51c96aabc927bebef6a1c01010000000000000000000000000000aaaaaaaaaaaaaaaa0000000002000c0044006f006d00610069006e0001000c005300650072007600650072000000000000000000c5dad2544fc9799094ce1ce90bc9d03e
394
395
396 */
397 {
398 const guint64 time_val = 0;
399 const guint8 target_info [] = {
400 0x02, 0x00, 0x0C, 0x00, //NetBIOS Domain name, 4 bytes
401 0x44, 0x00, 0x6F, 0x00, 0x6D, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6E, 0x00, //D.o.m.a.i.n. 12bytes
402 0x01, 0x00, 0x0C, 0x00, //NetBIOS Server name, 4 bytes
403 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, //S.e.r.v.e.r. 12bytes
404 0x00, 0x00, 0x00, 0x00, //Av End, 4 bytes
405 };
406 const int target_info_len = 32+4;
407 int ntlmssp_nt_resp_len = (16 + (32+target_info_len));
408 guchar nt_challenge_response_v2 [ntlmssp_nt_resp_len];
409
410 compute_response(flags,
411 response_key_nt,
412 response_key_lm,
413 nonce,
414 client_challenge,
415 time_val,
416 target_info, /* target_info */
417 target_info_len, /* target_info_len */
418 lm_challenge_response, /* out */
419 nt_challenge_response_v2, /* out */
420 session_base_key); /* out */
421
422 assert_equal("86C35097AC9CEC102554764A57CCCC19AAAAAAAAAAAAAAAA", lm_challenge_response, 24, TRUE);
423 assert_equal("68CD0AB851E51C96AABC927BEBEF6A1C", nt_challenge_response_v2, 16, TRUE);
424 /* the ref string is taken from binary dump of AUTHENTICATE_MESSAGE */
425 assert_equal("68CD0AB851E51C96AABC927BEBEF6A1C01010000000000000000000000000000AAAAAAAAAAAAAAAA0000000002000C0044006F006D00610069006E0001000C005300650072007600650072000000000000000000", nt_challenge_response_v2, ntlmssp_nt_resp_len, TRUE);
426 assert_equal("8DE40CCADBC14A82F15CB0AD0DE95CA3", session_base_key, 16, TRUE);
427 }
428
429 printf ("\n\nTesting (NTLMv2) Encrypted Session Key\n");
430 // key_exchange_key = session_base_key for NTLMv2
431 KXKEY(flags, session_base_key, lm_challenge_response, nonce, key_exchange_key);
432 //RC4 encryption of the RandomSessionKey with the KeyExchangeKey:
433 RC4K (key_exchange_key, 16, exported_session_key, 16, encrypted_random_session_key);
434 assert_equal("C5DAD2544FC9799094CE1CE90BC9D03E", encrypted_random_session_key, 16, TRUE);
435
436 printf ("\n\nTesting (NTLMv2) SIGNKEY\n");
437 SIGNKEY (exported_session_key, TRUE, client_sign_key);
438 assert_equal("4788DC861B4782F35D43FD98FE1A2D39", client_sign_key, 16, TRUE);
439
440 printf ("\n\nTesting (NTLMv2) SEALKEY\n");
441 SEALKEY (flags, exported_session_key, TRUE, client_seal_key);
442 assert_equal("59F600973CC4960A25480A7C196E4C58", client_seal_key, 16, TRUE);
443
444 printf ("\n\nTesting (NTLMv2) Encryption\n");
445 RC4K (client_seal_key, 16, text, 18, text_enc);
446 assert_equal("54E50165BF1936DC996020C1811B0F06FB5F", text_enc, 18, TRUE);
447
448 // printf ("\n\nTesting (NTLMv2) Encryption\n");
449 //const guchar text2 [] = {0x50, 0x00, 0x6c, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x78, 0x00, 0x74, 0x00
450 // , 0x70, 0x35, 0x28, 0x51, 0xf2, 0x56, 0x43, 0x09}; //P·l·a·i·n·t·e·x·t·
451 //guchar text_enc2 [18+8];
452 // RC4K (client_seal_key, 16, text2, 18+8, text_enc2);
453 // assert_equal("54E50165BF1936DC996020C1811B0F06FB5F", text_enc2, 18+8, TRUE);
454
455 printf ("\n\nTesting (NTLMv2) MAC (without RC4, as we don't keep its handle yet)\n");
456 MAC (flags & ~NTLMSSP_NEGOTIATE_KEY_EXCH, (gchar*)text,18, client_sign_key,16, client_seal_key,16, 0, 0, mac);
457 assert_equal("0100000070352851F256430900000000", mac, 16, TRUE);
458
459
460 /* End tests from the MS-SIPE document */
461
462
463 ////// davenport tests ///////
464 // Test from http://davenport.sourceforge.net/ntlm.html#ntlm1Signing
465 {
466 const gchar *text_j = "jCIFS";
467 printf ("\n\n(davenport) Testing Signature Algorithm\n");
468 {
469 guchar sk [] = {0x01, 0x02, 0x03, 0x04, 0x05, 0xe5, 0x38, 0xb0};
470 MAC (NEGOTIATE_FLAGS_CONNLESS & ~NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY, text_j, strlen(text_j), sk, 8, sk,8, 0x00090178, 0, mac);
471 assert_equal("0100000078010900397420FE0E5A0F89", mac, 16, TRUE);
472 }
473
474 // Tests from http://davenport.sourceforge.net/ntlm.html#ntlm2Signing
475 printf ("\n\n(davenport) SIGNKEY\n");
476 {
477 const guchar master_key [] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
478 SIGNKEY (master_key, TRUE, client_sign_key);
479 assert_equal("F7F97A82EC390F9C903DAC4F6ACEB132", client_sign_key, 16, TRUE);
480
481 printf ("\n\n(davenport) Testing MAC - no Key Exchange flag\n");
482 MAC (flags & ~NTLMSSP_NEGOTIATE_KEY_EXCH, text_j, strlen(text_j), client_sign_key, 16, client_sign_key,16, 0, 0, mac);
483 assert_equal("010000000A003602317A759A00000000", mac, 16, TRUE);
484 }
485 }
486
487
488 ////// SIPE internal tests ///////
489 // Verify signature of SIPE message received from OCS 2007 after authenticating with pidgin-sipe
490 printf ("\n\nTesting MS-SIPE Example Message Signing\n");
491 {
492 char * msg2;
493 char * msg1 = "<NTLM><0878F41B><1><SIP Communications Service><ocs1.ocs.provo.novell.com><8592g5DCBa1694i5887m0D0Bt2247b3F38xAE9Fx><3><REGISTER><sip:gabriel@ocs.provo.novell.com><2947328781><B816D65C2300A32CFA6D371F2AF537FD><900><200>";
494 guchar exported_session_key2 [] = { 0x5F, 0x02, 0x91, 0x53, 0xBC, 0x02, 0x50, 0x58, 0x96, 0x95, 0x48, 0x61, 0x5E, 0x70, 0x99, 0xBA };
495
496 MAC (NEGOTIATE_FLAGS_CONNLESS & ~NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY,
497 msg1, strlen(msg1), exported_session_key2, 16, exported_session_key2,16, 0, 100, mac);
498 assert_equal("0100000000000000BF2E52667DDF6DED", mac, 16, TRUE);
499
500 // Verify parsing of message and signature verification
501 printf ("\n\nTesting MS-SIPE Example Message Parsing, Signing, and Verification\n(Authentication Protocol Version 2)\n");
502 msg2 = "SIP/2.0 200 OK\r\nms-keep-alive: UAS; tcp=no; hop-hop=yes; end-end=no; timeout=300\r\nAuthentication-Info: NTLM rspauth=\"0100000000000000BF2E52667DDF6DED\", srand=\"0878F41B\", snum=\"1\", opaque=\"4452DFB0\", qop=\"auth\", targetname=\"ocs1.ocs.provo.novell.com\", realm=\"SIP Communications Service\"\r\nFrom: \"Gabriel Burt\"<sip:gabriel@ocs.provo.novell.com>;tag=2947328781;epid=1234567890\r\nTo: <sip:gabriel@ocs.provo.novell.com>;tag=B816D65C2300A32CFA6D371F2AF537FD\r\nCall-ID: 8592g5DCBa1694i5887m0D0Bt2247b3F38xAE9Fx\r\nCSeq: 3 REGISTER\r\nVia: SIP/2.0/TLS 164.99.194.49:10409;branch=z9hG4bKE0E37DBAF252C3255BAD;received=164.99.195.20;ms-received-port=10409;ms-received-cid=1E00\r\nContact: <sip:164.99.195.20:10409;transport=tls;ms-received-cid=1E00>;expires=900\r\nExpires: 900\r\nAllow-Events: vnd-microsoft-provisioning,vnd-microsoft-roaming-contacts,vnd-microsoft-roaming-ACL,presence,presence.wpending,vnd-microsoft-roaming-self,vnd-microsoft-provisioning-v2\r\nSupported: adhoclist\r\nServer: RTC/3.0\r\nSupported: com.microsoft.msrtc.presence\r\nContent-Length: 0\r\n\r\n";
503 msg = sipmsg_parse_msg(msg2);
504
505 memset(&msgbd, 0, sizeof(struct sipmsg_breakdown));
506 msgbd.msg = msg;
507 sipmsg_breakdown_parse(&msgbd, "SIP Communications Service", "ocs1.ocs.provo.novell.com", NULL);
508 msg_str = sipmsg_breakdown_get_string(2, &msgbd);
509 sip_sec_ntlm_sipe_signature_make (NEGOTIATE_FLAGS_CONNLESS & ~NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY,
510 msg_str, 0, exported_session_key2, exported_session_key2, mac);
511 sipmsg_breakdown_free(&msgbd);
512 assert_equal ("0100000000000000BF2E52667DDF6DED", mac, 16, TRUE);
513 /* sig = buff_to_hex_str((guint8 *)mac, 16); */
514 }
515
516
517 ////// real Communicator 2007 R2 tests //////
518 ////// Recreated/verifyed real authentication communication between
519 ////// Communicator 2007 R2 and Office Communications Server 2007 R2
520 ////// with SIPE NTLMv2 implementation.
521
522 password2 = "Pa$$word";
523 user2 = "User";
524 domain2 = "COSMO";
525 host2 = "COSMO-OCS-R2";
526
527 //Challenge:
528 //const char *type2 = "TlRMTVNTUAACAAAAAAAAADgAAADzgpji3Ruq9OfiGNEAAAAAAAAAAJYAlgA4AAAABQLODgAAAA8CAAoAQwBPAFMATQBPAAEAGABDAE8AUwBNAE8ALQBPAEMAUwAtAFIAMgAEABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAMAMABjAG8AcwBtAG8ALQBvAGMAcwAtAHIAMgAuAGMAbwBzAG0AbwAuAGwAbwBjAGEAbAAFABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAAAAAA=";
529 //in hex (base64 decoded):
530 type2_hex = "4E544C4D53535000020000000000000038000000F38298E2DD1BAAF4E7E218D1000000000000000096009600380000000502CE0E0000000F02000A0043004F0053004D004F000100180043004F0053004D004F002D004F00430053002D00520032000400160063006F0073006D006F002E006C006F00630061006C000300300063006F0073006D006F002D006F00630073002D00720032002E0063006F0073006D006F002E006C006F00630061006C000500160063006F0073006D006F002E006C006F00630061006C0000000000";
531 /*
532 Message (length 206):
533 NTLMSSP_NEGOTIATE_UNICODE
534 NTLMSSP_NEGOTIATE_OEM
535 NTLMSSP_NEGOTIATE_SIGN
536 NTLMSSP_NEGOTIATE_SEAL
537 NTLMSSP_NEGOTIATE_DATAGRAM
538 NTLMSSP_NEGOTIATE_LM_KEY
539 NTLMSSP_NEGOTIATE_NTLM
540 NTLMSSP_NEGOTIATE_ALWAYS_SIGN
541 NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
542 NTLMSSP_NEGOTIATE_IDENTIFY
543 NTLMSSP_NEGOTIATE_TARGET_INFO
544 NTLMSSP_NEGOTIATE_VERSION
545 NTLMSSP_NEGOTIATE_128
546 NTLMSSP_NEGOTIATE_KEY_EXCH
547 NTLMSSP_NEGOTIATE_56
548 server_challenge: DD1BAAF4E7E218D1
549 target_name.len : 0
550 target_name.maxlen: 0
551 target_name.offset: 56
552 target_info.len : 150
553 target_info.maxlen: 150
554 target_info.offset: 56
555 product: 5.2.3790 (Windows Server 2003)
556 ntlm_revision_current: 0x0F (NTLMSSP_REVISION_W2K3)
557 target_info raw: 02000A0043004F0053004D004F000100180043004F0053004D004F002D004F00430053002D00520032000400160063006F0073006D006F002E006C006F00630061006C000300300063006F0073006D006F002D006F00630073002D00720032002E0063006F0073006D006F002E006C006F00630061006C000500160063006F0073006D006F002E006C006F00630061006C0000000000
558 MsvAvNbDomainName: COSMO
559 MsvAvNbComputerName: COSMO-OCS-R2
560 MsvAvDnsDomainName: cosmo.local
561 MsvAvDnsComputerName: cosmo-ocs-r2.cosmo.local
562 MsvAvDnsTreeName: cosmo.local
563 */
564
565
566 //Response:
567 //const char *type3 = "TlRMTVNTUAADAAAAGAAYAHIAAADGAMYAigAAAAoACgBIAAAACAAIAFIAAAAYABgAWgAAABAAEABQAQAAVYKYYgUCzg4AAAAPQwBPAFMATQBPAFUAcwBlAHIAQwBPAFMATQBPAC0ATwBDAFMALQBSADIAoeku/k4Hi/fFwASazGFmwtauh1yw/apBjcDIAK527KYG0rn769BHMQEBAAAAAAAAWVGaFye5ygHWrodcsP2qQQAAAAACAAoAQwBPAFMATQBPAAEAGABDAE8AUwBNAE8ALQBPAEMAUwAtAFIAMgAEABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAMAMABjAG8AcwBtAG8ALQBvAGMAcwAtAHIAMgAuAGMAbwBzAG0AbwAuAGwAbwBjAGEAbAAFABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAAAAAAAAAAAMctznhyoCkmFkeiueXEV5A==";
568 //in hex (base64 decoded):
569 type3_hex = "4E544C4D53535000030000001800180072000000C600C6008A0000000A000A00480000000800080052000000180018005A0000001000100050010000558298620502CE0E0000000F43004F0053004D004F00550073006500720043004F0053004D004F002D004F00430053002D0052003200A1E92EFE4E078BF7C5C0049ACC6166C2D6AE875CB0FDAA418DC0C800AE76ECA606D2B9FBEBD04731010100000000000059519A1727B9CA01D6AE875CB0FDAA410000000002000A0043004F0053004D004F000100180043004F0053004D004F002D004F00430053002D00520032000400160063006F0073006D006F002E006C006F00630061006C000300300063006F0073006D006F002D006F00630073002D00720032002E0063006F0073006D006F002E006C006F00630061006C000500160063006F0073006D006F002E006C006F00630061006C00000000000000000031CB739E1CA80A498591E8AE797115E4";
570 /*
571 Message (length 352):
572 NTLMSSP_NEGOTIATE_UNICODE
573 NTLMSSP_REQUEST_TARGET
574 NTLMSSP_NEGOTIATE_SIGN
575 NTLMSSP_NEGOTIATE_DATAGRAM
576 NTLMSSP_NEGOTIATE_NTLM
577 NTLMSSP_NEGOTIATE_ALWAYS_SIGN
578 NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
579 NTLMSSP_NEGOTIATE_IDENTIFY
580 NTLMSSP_NEGOTIATE_TARGET_INFO
581 NTLMSSP_NEGOTIATE_VERSION
582 NTLMSSP_NEGOTIATE_128
583 NTLMSSP_NEGOTIATE_KEY_EXCH
584 lm_resp.len : 24
585 lm_resp.maxlen: 24
586 lm_resp.offset: 114
587 nt_resp.len : 198
588 nt_resp.maxlen: 198
589 nt_resp.offset: 138
590 domain.len : 10
591 domain.maxlen: 10
592 domain.offset: 72
593 user.len : 8
594 user.maxlen: 8
595 user.offset: 82
596 host.len : 24
597 host.maxlen: 24
598 host.offset: 90
599 session_key.len : 16
600 session_key.maxlen: 16
601 session_key.offset: 336
602 product: 5.2.3790 (Windows Server 2003)
603 ntlm_revision_current: 0x0F (NTLMSSP_REVISION_W2K3)
604 lm_resp: A1E92EFE4E078BF7C5C0049ACC6166C2D6AE875CB0FDAA41
605 nt_resp raw: 8DC0C800AE76ECA606D2B9FBEBD04731010100000000000059519A1727B9CA01D6AE875CB0FDAA410000000002000A0043004F0053004D004F000100180043004F0053004D004F002D004F00430053002D00520032000400160063006F0073006D006F002E006C006F00630061006C000300300063006F0073006D006F002D006F00630073002D00720032002E0063006F0073006D006F002E006C006F00630061006C000500160063006F0073006D006F002E006C006F00630061006C000000000000000000
606 nt_resp: 8DC0C800AE76ECA606D2B9FBEBD04731
607 target_info raw: 02000A0043004F0053004D004F000100180043004F0053004D004F002D004F00430053002D00520032000400160063006F0073006D006F002E006C006F00630061006C000300300063006F0073006D006F002D006F00630073002D00720032002E0063006F0073006D006F002E006C006F00630061006C000500160063006F0073006D006F002E006C006F00630061006C0000000000
608 response_version: 1
609 hi_response_version: 1
610 time: 59519A1727B9CA01 - Mon Mar 01 10:08:08 2010
611 client_challenge: D6AE875CB0FDAA41
612 MsvAvNbDomainName: COSMO
613 MsvAvNbComputerName: COSMO-OCS-R2
614 MsvAvDnsDomainName: cosmo.local
615 MsvAvDnsComputerName: cosmo-ocs-r2.cosmo.local
616 MsvAvDnsTreeName: cosmo.local
617 ----------- end of nt_resp v2 -----------
618 domain: COSMO
619 user: User
620 host: COSMO-OCS-R2
621 session_key: 31CB739E1CA80A498591E8AE797115E4
622 */
623
624 request =
625 "REGISTER sip:cosmo.local SIP/2.0\r\n"
626 "Via: SIP/2.0/TLS 192.168.172.6:12723\r\n"
627 "Max-Forwards: 70\r\n"
628 "From: <sip:user@cosmo.local>;tag=3e49177a52;epid=c8ca638a15\r\n"
629 "To: <sip:user@cosmo.local>\r\n"
630 "Call-ID: 4037df9284354df39065195bd57a4b14\r\n"
631 "CSeq: 3 REGISTER\r\n"
632 "Contact: <sip:192.168.172.6:12723;transport=tls;ms-opaque=fad3dfab32>;methods=\"INVITE, MESSAGE, INFO, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER, BENOTIFY\";proxy=replace;+sip.instance=\"<urn:uuid:34D859DB-6585-5F91-A3B4-DE853C15347D>\"\r\n"
633 "User-Agent: UCCAPI/3.5.6907.0 OC/3.5.6907.0 (Microsoft Office Communicator 2007 R2)\r\n"
634 "Supported: gruu-10, adhoclist, msrtc-event-categories\r\n"
635 "Supported: ms-forking\r\n"
636 "ms-keep-alive: UAC;hop-hop=yes\r\n"
637 "Event: registration\r\n"
638 "Proxy-Authorization: NTLM qop=\"auth\", realm=\"SIP Communications Service\", opaque=\"2BDBAC9D\", targetname=\"cosmo-ocs-r2.cosmo.local\", version=4, gssapi-data=\"TlRMTVNTUAADAAAAGAAYAHIAAADGAMYAigAAAAoACgBIAAAACAAIAFIAAAAYABgAWgAAABAAEABQAQAAVYKYYgUCzg4AAAAPQwBPAFMATQBPAFUAcwBlAHIAQwBPAFMATQBPAC0ATwBDAFMALQBSADIAoeku/k4Hi/fFwASazGFmwtauh1yw/apBjcDIAK527KYG0rn769BHMQEBAAAAAAAAWVGaFye5ygHWrodcsP2qQQAAAAACAAoAQwBPAFMATQBPAAEAGABDAE8AUwBNAE8ALQBPAEMAUwAtAFIAMgAEABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAMAMABjAG8AcwBtAG8ALQBvAGMAcwAtAHIAMgAuAGMAbwBzAG0AbwAuAGwAbwBjAGEAbAAFABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAAAAAAAAAAAMctznhyoCkmFkeiueXEV5A==\", crand=\"13317733\", cnum=\"1\", response=\"0100000029618e9651b65a7764000000\"\r\n"
639 "Content-Length: 0\r\n"
640 "\r\n";
641
642 request_sig = "<NTLM><13317733><1><SIP Communications Service><cosmo-ocs-r2.cosmo.local><4037df9284354df39065195bd57a4b14><3><REGISTER><sip:user@cosmo.local><3e49177a52><sip:user@cosmo.local><><><><>";
643 //Signature:
644 //0100000029618e9651b65a7764000000
645
646 response =
647 "SIP/2.0 200 OK\r\n"
648 "ms-keep-alive: UAS; tcp=no; hop-hop=yes; end-end=no; timeout=300\r\n"
649 "Authentication-Info: NTLM rspauth=\"01000000E615438A917661BE64000000\", srand=\"9616454F\", snum=\"1\", opaque=\"2BDBAC9D\", qop=\"auth\", targetname=\"cosmo-ocs-r2.cosmo.local\", realm=\"SIP Communications Service\"\r\n"
650 "From: \"User\"<sip:user@cosmo.local>;tag=3e49177a52;epid=c8ca638a15\r\n"
651 "To: <sip:user@cosmo.local>;tag=5E61CCD925D17E043D9A74835A88F664\r\n"
652 "Call-ID: 4037df9284354df39065195bd57a4b14\r\n"
653 "CSeq: 3 REGISTER\r\n"
654 "Via: SIP/2.0/TLS 192.168.172.6:12723;ms-received-port=12723;ms-received-cid=2600\r\n"
655 "Contact: <sip:192.168.172.6:12723;transport=tls;ms-opaque=fad3dfab32;ms-received-cid=2600>;expires=7200;+sip.instance=\"<urn:uuid:34d859db-6585-5f91-a3b4-de853c15347d>\";gruu=\"sip:user@cosmo.local;opaque=user:epid:21nYNIVlkV-jtN6FPBU0fQAA;gruu\"\r\n"
656 "Expires: 7200\r\n"
657 "presence-state: register-action=\"added\"\r\n"
658 "Allow-Events: vnd-microsoft-provisioning,vnd-microsoft-roaming-contacts,vnd-microsoft-roaming-ACL,presence,presence.wpending,vnd-microsoft-roaming-self,vnd-microsoft-provisioning-v2\r\n"
659 "Supported: adhoclist\r\n"
660 "Server: RTC/3.5\r\n"
661 "Supported: msrtc-event-categories\r\n"
662 "Content-Length: 0\r\n"
663 "\r\n";
664
665 response_sig = "<NTLM><9616454F><1><SIP Communications Service><cosmo-ocs-r2.cosmo.local><4037df9284354df39065195bd57a4b14><3><REGISTER><sip:user@cosmo.local><3e49177a52><sip:user@cosmo.local><5E61CCD925D17E043D9A74835A88F664><><><7200><200>";
666 //Signature:
667 //01000000E615438A917661BE64000000
668
669 use_ntlm_v2 = TRUE;
670 flags = 0
671 | NTLMSSP_NEGOTIATE_UNICODE
672 | NTLMSSP_REQUEST_TARGET
673 | NTLMSSP_NEGOTIATE_SIGN
674 | NTLMSSP_NEGOTIATE_DATAGRAM
675 | NTLMSSP_NEGOTIATE_NTLM
676 | NTLMSSP_NEGOTIATE_ALWAYS_SIGN
677 | NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
678 | NTLMSSP_NEGOTIATE_IDENTIFY
679 | NTLMSSP_NEGOTIATE_TARGET_INFO
680 | NTLMSSP_NEGOTIATE_VERSION
681 | NTLMSSP_NEGOTIATE_128
682 | NTLMSSP_NEGOTIATE_KEY_EXCH;
683
684 /* global struct */
685 test_version.product_major_version = 5;
686 test_version.product_minor_version = 2;
687 test_version.product_build = GUINT16_FROM_LE(3790);
688 test_version.ntlm_revision_current = 0x0F;
689
690 NTOWFv2 (password2, user2, domain2, response_key_nt);
691 NTOWFv2 (password2, user2, domain2, response_key_lm);
692
693 {
694 int ntlmssp_nt_resp_len;
695 int target_info2_len;
696 guint8 *nonce2;
697 guint8 *target_info2;
698 guint64 *buff2;
699 /* buff2 points to correctly aligned memory. Disable alignment check */
700 hex_str_to_buff("59519A1727B9CA01", (void *)&buff2);
701 /* global var */
702 test_time_val = GUINT64_FROM_LE(*buff2);
703 g_free(buff2);
704 buff2 = NULL;
705
706 target_info2_len = hex_str_to_buff("02000A0043004F0053004D004F000100180043004F0053004D004F002D004F00430053002D00520032000400160063006F0073006D006F002E006C006F00630061006C000300300063006F0073006D006F002D006F00630073002D00720032002E0063006F0073006D006F002E006C006F00630061006C000500160063006F0073006D006F002E006C006F00630061006C0000000000", &target_info2);
707
708 hex_str_to_buff("DD1BAAF4E7E218D1", &nonce2);
709
710 /* buff2 points to correctly aligned memory. Disable alignment check */
711 hex_str_to_buff("D6AE875CB0FDAA41", (void *)&buff2);
712 /* global buff */
713 memcpy(test_client_challenge, buff2, 8);
714 g_free(buff2);
715
716 ntlmssp_nt_resp_len = (16 + (32+target_info2_len));
717 {
718 guchar nt_challenge_response_v2_2 [ntlmssp_nt_resp_len];
719
720 printf ("\n\nTesting (NTLMv2 / OC 2007 R2) LM Response Generation\n");
721 printf ( "Testing (NTLMv2 / OC 2007 R2) NT Response Generation\n");
722 compute_response(flags,
723 response_key_nt,
724 response_key_lm,
725 nonce2,
726 test_client_challenge,
727 test_time_val,
728 target_info2, /* target_info */
729 target_info2_len, /* target_info_len */
730 lm_challenge_response, /* out */
731 nt_challenge_response_v2_2, /* out */
732 session_base_key); /* out */
733 g_free(target_info2);
734
735 assert_equal("A1E92EFE4E078BF7C5C0049ACC6166C2D6AE875CB0FDAA41", lm_challenge_response, 24, TRUE);
736 assert_equal("8DC0C800AE76ECA606D2B9FBEBD04731", nt_challenge_response_v2_2, 16, TRUE);
737 /* the ref string is taken from binary dump of AUTHENTICATE_MESSAGE */
738 assert_equal("8DC0C800AE76ECA606D2B9FBEBD04731010100000000000059519A1727B9CA01D6AE875CB0FDAA410000000002000A0043004F0053004D004F000100180043004F0053004D004F002D004F00430053002D00520032000400160063006F0073006D006F002E006C006F00630061006C000300300063006F0073006D006F002D006F00630073002D00720032002E0063006F0073006D006F002E006C006F00630061006C000500160063006F0073006D006F002E006C006F00630061006C000000000000000000", nt_challenge_response_v2_2, ntlmssp_nt_resp_len, TRUE);
739 }
740
741 KXKEY(flags, session_base_key, lm_challenge_response, nonce2, key_exchange_key);
742 g_free(nonce2);
743
744 }
745
746 //as in the Type3 message
747 {
748 guint8 *encrypted_random_session_key2;
749 hex_str_to_buff("31CB739E1CA80A498591E8AE797115E4", &encrypted_random_session_key2);
750 /* global buff - test_random_session_key */
751 //decoding exported_session_key
752 RC4K (key_exchange_key, 16, encrypted_random_session_key2, 16, test_random_session_key);
753 g_free(encrypted_random_session_key2);
754 }
755
756 SIGNKEY (test_random_session_key, TRUE, client_sign_key);
757 SEALKEY (flags, test_random_session_key, TRUE, client_seal_key);
758 SIGNKEY (test_random_session_key, FALSE, server_sign_key);
759 SEALKEY (flags, test_random_session_key, FALSE, server_seal_key);
760
761 printf ("\n\nTesting (NTLMv2 / OC 2007 R2) Message Parsing, Signing, and Verification\nClient request\n(Authentication Protocol version 4)\n");
762 msg = sipmsg_parse_msg(request);
763 memset(&msgbd, 0, sizeof(struct sipmsg_breakdown));
764 msgbd.msg = msg;
765 sipmsg_breakdown_parse(&msgbd, "SIP Communications Service", "cosmo-ocs-r2.cosmo.local", NULL);
766 msg_str = sipmsg_breakdown_get_string(4, &msgbd);
767 assert_equal (request_sig, (guchar *)msg_str, strlen(request_sig), FALSE);
768 sip_sec_ntlm_sipe_signature_make (flags, msg_str, 0, client_sign_key, client_seal_key, mac);
769 sipmsg_breakdown_free(&msgbd);
770 assert_equal ("0100000029618e9651b65a7764000000", mac, 16, TRUE);
771 /* sig = buff_to_hex_str((guint8 *)mac, 16); */
772
773 printf ("\n\nTesting (NTLMv2 / OC 2007 R2) Message Parsing, Signing, and Verification\nServer response\n(Authentication Protocol version 4)\n");
774 msg = sipmsg_parse_msg(response);
775 memset(&msgbd, 0, sizeof(struct sipmsg_breakdown));
776 msgbd.msg = msg;
777 sipmsg_breakdown_parse(&msgbd, "SIP Communications Service", "cosmo-ocs-r2.cosmo.local", NULL);
778 msg_str = sipmsg_breakdown_get_string(4, &msgbd);
779 assert_equal (response_sig, (guchar *)msg_str, strlen(response_sig), FALSE);
780 // server keys here
781 sip_sec_ntlm_sipe_signature_make (flags, msg_str, 0, server_sign_key, server_seal_key, mac);
782 sipmsg_breakdown_free(&msgbd);
783 assert_equal ("01000000E615438A917661BE64000000", mac, 16, TRUE);
784 /* sig = buff_to_hex_str((guint8 *)mac, 16); */
785
786 printf ("\n\nTesting (NTLMv2 / OC 2007 R2) MAC - client signing\n");
787 MAC (flags, (gchar*)request_sig,strlen(request_sig), client_sign_key,16, client_seal_key,16, 0, 100, mac);
788 assert_equal("0100000029618e9651b65a7764000000", mac, 16, TRUE);
789
790 printf ("\n\nTesting (NTLMv2 / OC 2007 R2) MAC - server's verifying\n");
791 MAC (flags, (gchar*)response_sig,strlen(response_sig), server_sign_key,16, server_seal_key,16, 0, 100, mac);
792 assert_equal("01000000E615438A917661BE64000000", mac, 16, TRUE);
793
794 printf ("\n\nTesting (NTLMv2 / OC 2007 R2) Type3 generation test\n");
795 {
796 guchar *client_sign_key2;
797 guchar *server_sign_key2;
798 guchar *client_seal_key2;
799 guchar *server_seal_key2;
800
801 guchar *server_challenge = NULL;
802 guint64 time_val2 = 0;
803 guchar *target_info3 = NULL;
804 int target_info3_len = 0;
805 guint32 flags2;
806 SipSecBuffer in_buff;
807 SipSecBuffer out_buff;
808
809 in_buff.length = hex_str_to_buff(type2_hex, (guint8 **)&(in_buff.value));
810
811 sip_sec_ntlm_parse_challenge(in_buff,
812 &flags2, /* out */
813 &server_challenge,
814 &time_val2,
815 &target_info3,
816 &target_info3_len);
817
818 sip_sec_ntlm_gen_authenticate(&client_sign_key2,
819 &server_sign_key2,
820 &client_seal_key2,
821 &server_seal_key2,
822 user2,
823 password2,
824 host2,
825 domain2,
826 server_challenge,
827 test_time_val,
828 target_info3,
829 target_info3_len,
830 0,
831 &out_buff,
832 &flags2);
833
834 g_free(server_challenge);
835 g_free(target_info3);
836
837 assert_equal(type3_hex, out_buff.value, out_buff.length, TRUE);
838 }
839
840 printf ("\n\nTesting Authentication Algorithm's v4 Signature String\n");
841 {
842 char *response_symbian =
843 "SIP/2.0 180 Ringing\r\n"
844 "Authentication-Info: NTLM rspauth=\"010000003EA8D688BA51D5CD64000000\", srand=\"1B6D47A1\", snum=\"11\", opaque=\"357E6F72\", qop=\"auth\", targetname=\"LOC-COMPANYT-FE03.COMPANY.COM\", realm=\"SIP Communications Service\"\r\n"
845 "Via: SIP/2.0/tls 192.168.44.10:50230;received=10.117.245.254;ms-received-port=50230;ms-received-cid=37ABE00\r\n"
846 "FROM: \"Sender\"<sip:sender@company.com>;tag=2420628112;epid=54392f1bbf01\r\n"
847 "TO: \"recipient\"<sip:recipient@company.com>;tag=7aee15546a;epid=3102EB8BD1\r\n"
848 "CSEQ: 1 INVITE\r\n"
849 "CALL-ID: 41CEg82ECa0AC8i3DD7mE673t9CF4b19DAxF780x\r\n"
850 "RECORD-ROUTE: <sip:LOC-COMPANYT-OCSR2P01.COMPANY.COM:5061;transport=tls;ms-fe=LOC-COMPANYT-FE03.COMPANY.COM;opaque=state:F:T:Eu:Ci.R37abe00;lr;ms-route-sig=gdOGgL7NiL3hv_oBc0NdrJOxZk_r-8naq-k_DtpgAA>\r\n"
851 "CONTACT: <sip:recipient@company.com;opaque=user:epid:-gLwenLTVVqy-Ak8TJn1ZAAA;gruu>;text;audio;video\r\n"
852 "CONTENT-LENGTH: 0\r\n"
853 "SUPPORTED: gruu-10\r\n"
854 "ALLOW: UPDATE\r\n"
855 "P-ASSERTED-IDENTITY: \"recipient\"<SIP:recipient@company.com>\r\n"
856 "SERVER: RTCC/3.5.0.0 MCXService/3.5.0.0 communicator.NOKIAS60R2.JVP.EN_US/1.0.6875.0\r\n"
857 "\r\n";
858
859 response_sig = "<NTLM><1B6D47A1><11><SIP Communications Service><LOC-COMPANYT-FE03.COMPANY.COM><41CEg82ECa0AC8i3DD7mE673t9CF4b19DAxF780x><1><INVITE><sip:sender@company.com><2420628112><sip:recipient@company.com><7aee15546a><SIP:recipient@company.com><><><180>";
860
861 msg = sipmsg_parse_msg(response_symbian);
862 memset(&msgbd, 0, sizeof(struct sipmsg_breakdown));
863 msgbd.msg = msg;
864 sipmsg_breakdown_parse(&msgbd, "SIP Communications Service", "LOC-COMPANYT-FE03.COMPANY.COM", NULL);
865 msg_str = sipmsg_breakdown_get_string(4, &msgbd);
866
867 assert_equal (response_sig, (guchar *)msg_str, strlen(response_sig), FALSE);
868
869 sipmsg_breakdown_free(&msgbd);
870 }
871
872 ////// UUID tests ///////
873 /* begin tests from MS-SIPRE */
874 {
875 const char *testEpid = "01010101";
876 const char *expectedUUID = "4b1682a8-f968-5701-83fc-7c6741dc6697";
877 gchar *calcUUID = generateUUIDfromEPID(testEpid);
878
879 printf("\n\nTesting MS-SIPRE UUID derivation\n");
880
881 assert_equal(expectedUUID, (guchar *) calcUUID, strlen(expectedUUID), FALSE);
882 g_free(calcUUID);
883 }
884
885 /* end tests from MS-SIPRE */
886
887 printf ("\nFinished With Tests; %d successs %d failures\n", successes, failures);
888
889 sip_sec_destroy__ntlm();
890
891 return(failures == 0);
892 }
893
894 /*
895 Local Variables:
896 mode: c
897 c-file-style: "bsd"
898 indent-tabs-mode: t
899 tab-width: 8
900 End:
901 */
A third-party Pidgin plugin for Microsoft LCS/OCS