6 * Copyright (C) 2008 Novell, Inc.
8 * Implemented with reference to the follow documentation:
9 * - http://davenport.sourceforge.net/ntlm.html
10 * - MS-NLMP: http://msdn.microsoft.com/en-us/library/cc207842.aspx
11 * - MS-SIP : http://msdn.microsoft.com/en-us/library/cc246115.aspx
13 * Build and run with (adjust as needed to your build platform!)
15 * $ gcc -I /usr/include/libpurple \
16 * -I /usr/include/dbus-1.0 -I /usr/lib/dbus-1.0/include \
17 * -I /usr/include/glib-2.0 -I /usr/lib/glib-2.0/include \
18 * -o tests tests.c sipe-sign.c sipmsg.c sip-sec.c uuid.c -lpurple
21 * This program is free software; you can redistribute it and/or modify
22 * it under the terms of the GNU General Public License as published by
23 * the Free Software Foundation; either version 2 of the License, or
24 * (at your option) any later version.
26 * This program is distributed in the hope that it will be useful,
27 * but WITHOUT ANY WARRANTY; without even the implied warranty of
28 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29 * GNU General Public License for more details.
31 * You should have received a copy of the GNU General Public License
32 * along with this program; if not, write to the Free Software
33 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
39 #include "sipe-sign.h"
40 #include "sip-sec-ntlm.c"
42 #include "dbus-server.h"
46 static int successes
= 0;
47 static int failures
= 0;
49 void assert_equal(const char * expected
, const guchar
* got
, int len
, gboolean stringify
)
51 const gchar
* res
= (gchar
*) got
;
56 for (i
= 0, j
= 0; i
< len
; i
++, j
+=2) {
57 g_sprintf(&to_str
[j
], "%02X", (got
[i
]&0xff));
63 printf("expected: %s\n", expected
);
64 printf("received: %s\n", res
);
66 if (strncmp(expected
, res
, len
) == 0) {
77 printf ("Starting Tests\n");
79 // Initialization that Pidgin would normally do
81 purple_signals_init();
85 purple_ciphers_init();
86 purple_debug_set_enabled(TRUE
);
88 /* These tests are from the MS-SIPE document */
90 const char * password
= "Password";
91 const char * user
= "User";
92 const char * domain
= "Domain";
93 const guchar client_challenge
[] = {0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa};
94 /* server challenge */
95 const guchar nonce
[] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
97 const guchar exported_session_key
[] = {0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55};
99 printf ("\nTesting MD4()\n");
101 MD4 ((const unsigned char *)"message digest", 14, md4
);
102 assert_equal("D9130A8164549FE818874806E1C7014B", md4
, 16, TRUE
);
104 printf ("\nTesting MD5()\n");
106 MD5 ((const unsigned char *)"message digest", 14, md5
);
107 assert_equal("F96B697D7CB7938D525A2F31AAF161D0", md5
, 16, TRUE
);
109 printf ("\nTesting HMAC_MD5()\n");
110 guchar hmac_md5
[16];
111 HMAC_MD5 ((const unsigned char *)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", 16, (const unsigned char *)"Hi There", 8, hmac_md5
);
112 assert_equal("9294727A3638BB1C13F48EF8158BFC9D", hmac_md5
, 16, TRUE
);
114 printf ("\nTesting LMOWFv1()\n");
115 guchar response_key_lm
[16];
116 LMOWFv1 (password
, user
, domain
, response_key_lm
);
117 assert_equal("E52CAC67419A9A224A3B108F3FA6CB6D", response_key_lm
, 16, TRUE
);
119 printf ("\nTesting LM Response Generation\n");
120 guchar lm_challenge_response
[24];
121 DESL (response_key_lm
, nonce
, lm_challenge_response
);
122 assert_equal("98DEF7B87F88AA5DAFE2DF779688A172DEF11C7D5CCDEF13", lm_challenge_response
, 24, TRUE
);
124 printf ("\n\nTesting NTOWFv1()\n");
125 guchar response_key_nt
[16];
126 NTOWFv1 (password
, user
, domain
, response_key_nt
);
127 assert_equal("A4F49C406510BDCAB6824EE7C30FD852", response_key_nt
, 16, TRUE
);
129 printf ("\n\nTesting NTOWFv2()\n");
130 guchar response_key_nt_v2
[16];
131 NTOWFv2 (password
, user
, domain
, response_key_nt_v2
);
132 assert_equal("0C868A403BFD7A93A3001EF22EF02E3F", response_key_nt_v2
, 16, TRUE
);
134 printf ("\nTesting NT Response Generation\n");
135 guchar nt_challenge_response
[24];
136 DESL (response_key_nt
, nonce
, nt_challenge_response
);
137 assert_equal("67C43011F30298A2AD35ECE64F16331C44BDBED927841F94", nt_challenge_response
, 24, TRUE
);
139 printf ("\n\nTesting Session Base Key and Key Exchange Generation\n");
140 guchar session_base_key
[16];
141 MD4(response_key_nt
, 16, session_base_key
);
142 guchar key_exchange_key
[16];
143 KXKEY(NEGOTIATE_FLAGS
, session_base_key
, lm_challenge_response
, nonce
, key_exchange_key
);
144 assert_equal("D87262B0CDE4B1CB7499BECCCDF10784", session_base_key
, 16, TRUE
);
145 assert_equal("D87262B0CDE4B1CB7499BECCCDF10784", key_exchange_key
, 16, TRUE
);
147 printf ("\n\nTesting Encrypted Session Key Generation\n");
148 guchar encrypted_random_session_key
[16];
149 RC4K (key_exchange_key
, 16, exported_session_key
, 16, encrypted_random_session_key
);
150 assert_equal("518822B1B3F350C8958682ECBB3E3CB7", encrypted_random_session_key
, 16, TRUE
);
152 printf ("\n\nTesting CRC32\n");
153 const guchar text
[] = {0x50, 0x00, 0x6c, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x78, 0x00, 0x74, 0x00}; //P·l·a·i·n·t·e·x·t·
154 //guchar text [] = {0x56, 0xfe, 0x04, 0xd8, 0x61, 0xf9, 0x31, 0x9a, 0xf0, 0xd7, 0x23, 0x8a, 0x2e, 0x3b, 0x4d, 0x45, 0x7f, 0xb8};
155 gint32 crc
= CRC32((char*)text
, 18);
156 assert_equal("7D84AA93", (guchar
*)&crc
, 4, TRUE
);
158 printf ("\n\nTesting MAC\n");
159 gchar
*mac
= MAC (NEGOTIATE_FLAGS
, (gchar
*)text
, 18, key_exchange_key
, 0x00000000, 0, 16);
160 assert_equal("010000000000000009DCD1DF2E459D36", (guchar
*)mac
, 32, FALSE
);
162 mac
= MAC (NEGOTIATE_FLAGS
, (gchar
*)text
, 18, key_exchange_key
, 0x45C844E5, 0, 16);
163 assert_equal("01000000E544C84509DCD1DF2E459D36", (guchar
*)mac
, 32, FALSE
);
165 mac
= MAC (NEGOTIATE_FLAGS
, (gchar
*)text
, 18, key_exchange_key
, 0xE544C845, 0, 16);
166 assert_equal("0100000045C844E509DCD1DF2E459D36", (guchar
*)mac
, 32, FALSE
);
171 ////// EXTENDED_SESSIONSECURITY ///////
172 guint32 flags
= NEGOTIATE_FLAGS
| NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
;
174 printf ("\n\n(Extended session security) Testing LM Response Generation\n");
175 memcpy(lm_challenge_response
, client_challenge
, 8);
176 Z (lm_challenge_response
+8, 16);
177 assert_equal("AAAAAAAAAAAAAAAA00000000000000000000000000000000", lm_challenge_response
, 24, TRUE
);
179 printf ("\n\n(Extended session seurity) Testing Key Exchange\n");
180 KXKEY(flags
, session_base_key
, lm_challenge_response
, nonce
, key_exchange_key
);
181 assert_equal("EB93429A8BD952F8B89C55B87F475EDC", key_exchange_key
, 16, TRUE
);
183 printf ("\n\n(Extended session security) Testing NT Response Generation\n");
184 unsigned char prehash
[16];
185 unsigned char hash
[16];
186 memcpy(prehash
, nonce
, 8);
187 memcpy(prehash
+ 8, client_challenge
, 8);
188 MD5 (prehash
, 16, hash
);
189 DESL (response_key_nt
, hash
, nt_challenge_response
);
190 assert_equal("7537F803AE367128CA458204BDE7CAF81E97ED2683267232", nt_challenge_response
, 24, TRUE
);
192 printf ("\n\n(Extended session security) SIGNKEY\n");
193 guchar client_sign_key
[16];
194 SIGNKEY (key_exchange_key
, TRUE
, client_sign_key
);
195 assert_equal("60E799BE5C72FC92922AE8EBE961FB8D", client_sign_key
, 16, TRUE
);
197 printf ("\n\n(Extended session security) Testing MAC\n");
198 mac
= MAC (flags
& ~NTLMSSP_NEGOTIATE_KEY_EXCH
, (gchar
*)text
, 18, client_sign_key
, 0, 0, 16);
199 assert_equal("01000000FF2AEB52F681793A00000000", (guchar
*)mac
, 32, FALSE
);
203 /* End tests from the MS-SIPE document */
205 // Test from http://davenport.sourceforge.net/ntlm.html#ntlm1Signing
206 const gchar
*text_j
= "jCIFS";
207 printf ("\n\nTesting Signature Algorithm\n");
208 guchar sk
[] = {0x01, 0x02, 0x03, 0x04, 0x05, 0xe5, 0x38, 0xb0};
210 "0100000078010900397420FE0E5A0F89",
211 (guchar
*) MAC(NEGOTIATE_FLAGS
, text_j
, strlen(text_j
), sk
, 0x00090178, 0, 8),
215 // Tests from http://davenport.sourceforge.net/ntlm.html#ntlm2Signing
216 printf ("\n\n(davenport) SIGNKEY\n");
217 const guchar master_key
[] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00};
218 SIGNKEY (master_key
, TRUE
, client_sign_key
);
219 assert_equal("F7F97A82EC390F9C903DAC4F6ACEB132", client_sign_key
, 16, TRUE
);
221 printf ("\n\n(davenport) Testing MAC - no Key Exchange flag\n");
222 mac
= MAC (flags
& ~NTLMSSP_NEGOTIATE_KEY_EXCH
, text_j
, strlen(text_j
), client_sign_key
, 0, 0, 16);
223 assert_equal("010000000A003602317A759A00000000", (guchar
*)mac
, 32, FALSE
);
226 // Verify signature of SIPE message received from OCS 2007 after authenticating with pidgin-sipe
227 printf ("\n\nTesting MS-SIPE Example Message Signing\n");
228 char * msg1
= "<NTLM><0878F41B><1><SIP Communications Service><ocs1.ocs.provo.novell.com><8592g5DCBa1694i5887m0D0Bt2247b3F38xAE9Fx><3><REGISTER><sip:gabriel@ocs.provo.novell.com><2947328781><B816D65C2300A32CFA6D371F2AF537FD><900><200>";
229 guchar exported_session_key2
[] = { 0x5F, 0x02, 0x91, 0x53, 0xBC, 0x02, 0x50, 0x58, 0x96, 0x95, 0x48, 0x61, 0x5E, 0x70, 0x99, 0xBA };
231 "0100000000000000BF2E52667DDF6DED",
232 (guchar
*) MAC(NEGOTIATE_FLAGS
, msg1
, strlen(msg1
), exported_session_key2
, 0, 100, 16),
236 // Verify parsing of message and signature verification
237 printf ("\n\nTesting MS-SIPE Example Message Parsing, Signing, and Verification\n");
238 char * msg2
= "SIP/2.0 200 OK\r\nms-keep-alive: UAS; tcp=no; hop-hop=yes; end-end=no; timeout=300\r\nAuthentication-Info: NTLM rspauth=\"0100000000000000BF2E52667DDF6DED\", srand=\"0878F41B\", snum=\"1\", opaque=\"4452DFB0\", qop=\"auth\", targetname=\"ocs1.ocs.provo.novell.com\", realm=\"SIP Communications Service\"\r\nFrom: \"Gabriel Burt\"<sip:gabriel@ocs.provo.novell.com>;tag=2947328781;epid=1234567890\r\nTo: <sip:gabriel@ocs.provo.novell.com>;tag=B816D65C2300A32CFA6D371F2AF537FD\r\nCall-ID: 8592g5DCBa1694i5887m0D0Bt2247b3F38xAE9Fx\r\nCSeq: 3 REGISTER\r\nVia: SIP/2.0/TLS 164.99.194.49:10409;branch=z9hG4bKE0E37DBAF252C3255BAD;received=164.99.195.20;ms-received-port=10409;ms-received-cid=1E00\r\nContact: <sip:164.99.195.20:10409;transport=tls;ms-received-cid=1E00>;expires=900\r\nExpires: 900\r\nAllow-Events: vnd-microsoft-provisioning,vnd-microsoft-roaming-contacts,vnd-microsoft-roaming-ACL,presence,presence.wpending,vnd-microsoft-roaming-self,vnd-microsoft-provisioning-v2\r\nSupported: adhoclist\r\nServer: RTC/3.0\r\nSupported: com.microsoft.msrtc.presence\r\nContent-Length: 0\r\n\r\n";
239 struct sipmsg
* msg
= sipmsg_parse_msg(msg2
);
240 struct sipmsg_breakdown msgbd
;
242 sipmsg_breakdown_parse(&msgbd
, "SIP Communications Service", "ocs1.ocs.provo.novell.com");
243 gchar
* msg_str
= sipmsg_breakdown_get_string(&msgbd
);
244 gchar
* sig
= purple_ntlm_sipe_signature_make (NEGOTIATE_FLAGS
, msg_str
, 0, exported_session_key2
);
245 sipmsg_breakdown_free(&msgbd
);
246 assert_equal ("0100000000000000BF2E52667DDF6DED", (guchar
*) sig
, 32, FALSE
);
247 printf("purple_ntlm_verify_signature result = %i\n", purple_ntlm_verify_signature (sig
, "0100000000000000BF2E52667DDF6DED"));
250 /* begin tests from MS-SIPRE */
252 const char *testEpid
= "01010101";
253 const char *expectedUUID
= "4b1682a8-f968-5701-83fc-7c6741dc6697";
254 gchar
*calcUUID
= generateUUIDfromEPID(testEpid
);
256 printf("\n\nTesting MS-SIPRE uuid derivation\n");
258 assert_equal(expectedUUID
, (guchar
*) calcUUID
, strlen(expectedUUID
), FALSE
);
265 for (i
= 0,j
=0; i
< 6; i
++,j
+=2) {
266 g_sprintf(&nmac
[j
], "%02X", addr
[i
]);
269 printf("Mac: %s\n", g_strdup(nmac
));
271 /* end tests from MS-SIPRE */
273 printf ("\nFinished With Tests; %d successs %d failures\n", successes
, failures
);