From 1b5a3696ae9db5d47aa2bd63022d5f532f713a24 Mon Sep 17 00:00:00 2001
From: pier11 <pier11@operamail.com>
Date: Tue, 2 Mar 2010 12:27:34 +0000
Subject: [PATCH] tests: test for high-level functions
 sip_sec_ntlm_gen_authenticate() sip_sec_ntlm_parse_challenge()

need a tweek with flags yet, working on it
---
 src/core/sip-sec-ntlm.c | 45 +++++++++++++++++++-------
 src/core/tests.c        | 85 +++++++++++++++++++++++++++++++++++++++++--------
 2 files changed, 104 insertions(+), 26 deletions(-)

diff --git a/src/core/sip-sec-ntlm.c b/src/core/sip-sec-ntlm.c
index e56cbdea..ada61569 100644
--- a/src/core/sip-sec-ntlm.c
+++ b/src/core/sip-sec-ntlm.c
@@ -140,6 +140,15 @@
 #define TIME_T_TO_VAL(time_t)   (((guint64)(time_t)) * TIME_VAL_FACTOR + TIME_VAL_OFFSET)
 #define TIME_VAL_TO_T(time_val) ((time_t)((GUINT64_FROM_LE((time_val)) - TIME_VAL_OFFSET) / TIME_VAL_FACTOR))
 
+/* 8 bytes */
+struct version {
+	guint8  product_major_version;
+	guint8  product_minor_version;
+	guint16 product_build;
+	guint8  zero2[3];
+	guint8  ntlm_revision_current;
+};
+
 /*
  * NTLMv1 is no longer used except in tests. R.I.P.
  *
@@ -147,6 +156,11 @@
  */
 #ifdef _SIPE_COMPILING_TESTS
 static gboolean use_ntlm_v2 = FALSE;
+
+guint64 test_time_val = 0;		/* actual time in implementation */
+guchar test_client_challenge [8];	/* random in implementation */
+guchar test_random_session_key[16];	/* random in implementation */
+struct version test_version;		/* optional, not set in  in implementation */
 #endif
 
 /* Common negotiate flags */
@@ -200,15 +214,6 @@ struct av_pair {
 	}
 
 /* 8 bytes */
-struct version {
-	guint8  product_major_version;
-	guint8  product_minor_version;
-	guint16 product_build;
-	guint8  zero2[3];
-	guint8  ntlm_revision_current;
-};
-
-/* 8 bytes */
 struct smb_header {
 	guint16 len;
 	guint16 maxlen;
@@ -1081,11 +1086,16 @@ sip_sec_ntlm_gen_authenticate(guchar **client_sign_key,
 	unsigned char encrypted_random_session_key [16];
 	unsigned char key [16];
 	unsigned char client_challenge [8];
-
+	guint64 time_vl = time_val ? time_val : TIME_T_TO_VAL(time(NULL));
+	
 	NONCE (client_challenge, 8);
 
 #ifdef _SIPE_COMPILING_TESTS
+	memcpy(client_challenge, test_client_challenge, 8);
+	time_vl = test_time_val ? test_time_val : time_vl;
+
 	if (use_ntlm_v2) {
+		
 #endif
 		NTOWFv2 (password, user, domain, response_key_nt);
 		memcpy(response_key_lm, response_key_nt, NTLMSSP_LN_OR_NT_KEY_LEN);
@@ -1101,7 +1111,7 @@ sip_sec_ntlm_gen_authenticate(guchar **client_sign_key,
 			 response_key_lm,
 			 server_challenge,
 			 client_challenge,
-			 time_val ? time_val : TIME_T_TO_VAL(time(NULL)),
+			 time_vl,
 			 target_info,
 			 target_info_len,
 			 lm_challenge_response,	/* out */
@@ -1116,6 +1126,9 @@ sip_sec_ntlm_gen_authenticate(guchar **client_sign_key,
 
 	if (IS_FLAG(neg_flags, NTLMSSP_NEGOTIATE_KEY_EXCH)) {
 		NONCE (exported_session_key, 16); // random master key
+#ifdef _SIPE_COMPILING_TESTS
+		memcpy(exported_session_key, test_random_session_key, 16);
+#endif
 		RC4K (key_exchange_key, 16, exported_session_key, 16, encrypted_random_session_key);
 	} else {
 		memcpy(exported_session_key, key_exchange_key, 16);
@@ -1203,7 +1216,7 @@ sip_sec_ntlm_gen_authenticate(guchar **client_sign_key,
 	len = (srclen);			  \
 	memcpy(tmp, (src), len);	  \
 	_FILL_SMB_HEADER(header)
-
+	
 	/* Domain */
 	_APPEND_STRING(domain, domain);
 
@@ -1235,6 +1248,14 @@ sip_sec_ntlm_gen_authenticate(guchar **client_sign_key,
 		tmsg->session_key.len = tmsg->session_key.maxlen = 0;
 	}
 
+#ifdef _SIPE_COMPILING_TESTS
+	tmsg->ver.product_major_version = test_version.product_major_version;
+	tmsg->ver.product_minor_version = test_version.product_minor_version;
+	tmsg->ver.product_build = test_version.product_build;
+	memset(tmsg->ver.zero2, 0, 3);
+	tmsg->ver.ntlm_revision_current = test_version.ntlm_revision_current;
+#endif
+
 	*flags = neg_flags;
 
 	tmp = purple_base64_encode(exported_session_key, 16);
diff --git a/src/core/tests.c b/src/core/tests.c
index ec58cf6e..062273b6 100644
--- a/src/core/tests.c
+++ b/src/core/tests.c
@@ -487,9 +487,12 @@ Response:
 	const char *password2 = "Pa$$word";
 	const char *user2 = "User";
 	const char *domain2 = "COSMO";
+	const char *host2 = "COSMO-OCS-R2";
 
 //Challenge:
-//TlRMTVNTUAACAAAAAAAAADgAAADzgpji3Ruq9OfiGNEAAAAAAAAAAJYAlgA4AAAABQLODgAAAA8CAAoAQwBPAFMATQBPAAEAGABDAE8AUwBNAE8ALQBPAEMAUwAtAFIAMgAEABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAMAMABjAG8AcwBtAG8ALQBvAGMAcwAtAHIAMgAuAGMAbwBzAG0AbwAuAGwAbwBjAGEAbAAFABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAAAAAA=
+//const char *type2 = "TlRMTVNTUAACAAAAAAAAADgAAADzgpji3Ruq9OfiGNEAAAAAAAAAAJYAlgA4AAAABQLODgAAAA8CAAoAQwBPAFMATQBPAAEAGABDAE8AUwBNAE8ALQBPAEMAUwAtAFIAMgAEABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAMAMABjAG8AcwBtAG8ALQBvAGMAcwAtAHIAMgAuAGMAbwBzAG0AbwAuAGwAbwBjAGEAbAAFABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAAAAAA=";
+//in hex (base64 decoded):
+const char *type2_hex = "4E544C4D53535000020000000000000038000000F38298E2DD1BAAF4E7E218D1000000000000000096009600380000000502CE0E0000000F02000A0043004F0053004D004F000100180043004F0053004D004F002D004F00430053002D00520032000400160063006F0073006D006F002E006C006F00630061006C000300300063006F0073006D006F002D006F00630073002D00720032002E0063006F0073006D006F002E006C006F00630061006C000500160063006F0073006D006F002E006C006F00630061006C0000000000";
 /*
 Message (length 206):
         NTLMSSP_NEGOTIATE_UNICODE
@@ -526,7 +529,9 @@ Message (length 206):
 
 
 //Response:
-//TlRMTVNTUAADAAAAGAAYAHIAAADGAMYAigAAAAoACgBIAAAACAAIAFIAAAAYABgAWgAAABAAEABQAQAAVYKYYgUCzg4AAAAPQwBPAFMATQBPAFUAcwBlAHIAQwBPAFMATQBPAC0ATwBDAFMALQBSADIAoeku/k4Hi/fFwASazGFmwtauh1yw/apBjcDIAK527KYG0rn769BHMQEBAAAAAAAAWVGaFye5ygHWrodcsP2qQQAAAAACAAoAQwBPAFMATQBPAAEAGABDAE8AUwBNAE8ALQBPAEMAUwAtAFIAMgAEABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAMAMABjAG8AcwBtAG8ALQBvAGMAcwAtAHIAMgAuAGMAbwBzAG0AbwAuAGwAbwBjAGEAbAAFABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAAAAAAAAAAAMctznhyoCkmFkeiueXEV5A==
+//const char *type3 = "TlRMTVNTUAADAAAAGAAYAHIAAADGAMYAigAAAAoACgBIAAAACAAIAFIAAAAYABgAWgAAABAAEABQAQAAVYKYYgUCzg4AAAAPQwBPAFMATQBPAFUAcwBlAHIAQwBPAFMATQBPAC0ATwBDAFMALQBSADIAoeku/k4Hi/fFwASazGFmwtauh1yw/apBjcDIAK527KYG0rn769BHMQEBAAAAAAAAWVGaFye5ygHWrodcsP2qQQAAAAACAAoAQwBPAFMATQBPAAEAGABDAE8AUwBNAE8ALQBPAEMAUwAtAFIAMgAEABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAMAMABjAG8AcwBtAG8ALQBvAGMAcwAtAHIAMgAuAGMAbwBzAG0AbwAuAGwAbwBjAGEAbAAFABYAYwBvAHMAbQBvAC4AbABvAGMAYQBsAAAAAAAAAAAAMctznhyoCkmFkeiueXEV5A==";
+//in hex (base64 decoded):
+const char *type3_hex = "4E544C4D53535000030000001800180072000000C600C6008A0000000A000A00480000000800080052000000180018005A0000001000100050010000558298620502CE0E0000000F43004F0053004D004F00550073006500720043004F0053004D004F002D004F00430053002D0052003200A1E92EFE4E078BF7C5C0049ACC6166C2D6AE875CB0FDAA418DC0C800AE76ECA606D2B9FBEBD04731010100000000000059519A1727B9CA01D6AE875CB0FDAA410000000002000A0043004F0053004D004F000100180043004F0053004D004F002D004F00430053002D00520032000400160063006F0073006D006F002E006C006F00630061006C000300300063006F0073006D006F002D006F00630073002D00720032002E0063006F0073006D006F002E006C006F00630061006C000500160063006F0073006D006F002E006C006F00630061006C00000000000000000031CB739E1CA80A498591E8AE797115E4";
 /*
 Message (length 352):
         NTLMSSP_NEGOTIATE_UNICODE
@@ -640,13 +645,20 @@ Message (length 352):
 		| NTLMSSP_NEGOTIATE_VERSION
 		| NTLMSSP_NEGOTIATE_128
 		| NTLMSSP_NEGOTIATE_KEY_EXCH;
+		
+	/* global struct */
+	test_version.product_major_version = 5;
+	test_version.product_minor_version = 2;
+	test_version.product_build = 3790;
+	test_version.ntlm_revision_current = 0x0F;
 
 	NTOWFv2 (password2, user2, domain2, response_key_nt);
 	NTOWFv2 (password2, user2, domain2, response_key_lm);
 
 	guint8 *buff2;
 	hex_str_to_buff("59519A1727B9CA01", &buff2);
-	const guint64 time_val2 = GUINT64_FROM_LE(*((guint64 *)buff2));
+	/* global var */
+	test_time_val = GUINT64_FROM_LE(*((guint64 *)buff2));
 	g_free(buff2);
 
 	guint8 *target_info2;
@@ -655,8 +667,10 @@ Message (length 352):
 	guint8 *nonce2;
 	hex_str_to_buff("DD1BAAF4E7E218D1", &nonce2);
 
-	guint8 *client_challenge2;
-	hex_str_to_buff("D6AE875CB0FDAA41", &client_challenge2);
+	hex_str_to_buff("D6AE875CB0FDAA41", &buff2);
+	/* global buff */
+	memcpy(test_client_challenge, buff2, 8);
+	g_free(buff2);
 
 	ntlmssp_nt_resp_len = (16 + (32+target_info2_len));
 	guchar nt_challenge_response_v2_2 [ntlmssp_nt_resp_len];
@@ -667,14 +681,13 @@ Message (length 352):
 			 response_key_nt,
 			 response_key_lm,
 			 nonce2,
-			 client_challenge2,
-			 time_val2,
+			 test_client_challenge,
+			 test_time_val,
 			 target_info2, /* target_info */
 			 target_info2_len,  /* target_info_len */
 			 lm_challenge_response,	/* out */
 			 nt_challenge_response_v2_2,	/* out */
 			 session_base_key);	/* out */
-	g_free(client_challenge2);
 	g_free(nonce2);
 	g_free(target_info2);
 
@@ -687,17 +700,17 @@ Message (length 352):
 	//as in the Type3 message
 	guint8 *encrypted_random_session_key2;
 	hex_str_to_buff("31CB739E1CA80A498591E8AE797115E4", &encrypted_random_session_key2);
-	guchar exported_session_key3[16];
+	/* Global buff - test_random_session_key */
 	//decoding exported_session_key
-	RC4K (key_exchange_key, 16, encrypted_random_session_key2, 16, exported_session_key3);
+	RC4K (key_exchange_key, 16, encrypted_random_session_key2, 16, test_random_session_key);
 	g_free(encrypted_random_session_key2);
 
 	guchar server_sign_key [16];
 	guchar server_seal_key [16];
-	SIGNKEY (exported_session_key3, TRUE, client_sign_key);
-	SEALKEY (flags, exported_session_key3, TRUE, client_seal_key);
-	SIGNKEY (exported_session_key3, FALSE, server_sign_key);
-	SEALKEY (flags, exported_session_key3, FALSE, server_seal_key);
+	SIGNKEY (test_random_session_key, TRUE, client_sign_key);
+	SEALKEY (flags, test_random_session_key, TRUE, client_seal_key);
+	SIGNKEY (test_random_session_key, FALSE, server_sign_key);
+	SEALKEY (flags, test_random_session_key, FALSE, server_seal_key);
 
 	printf ("\n\nTesting (NTLMv2 / OC 2007 R2) Message Parsing, Signing, and Verification\nClient request\n(Authentication Protocol version 4)\n");
 	msg = sipmsg_parse_msg(request);
@@ -732,6 +745,50 @@ Message (length 352):
 	assert_equal("01000000E615438A917661BE64000000", (guchar*)mac, 32, FALSE);
 	g_free(mac);
 
+	printf ("\n\nTesting (NTLMv2 / OC 2007 R2) Type3 generation test\n");
+	guchar *client_sign_key2;
+	guchar *server_sign_key2;
+	guchar *client_seal_key2;
+	guchar *server_seal_key2;
+
+	guchar *server_challenge = NULL;
+	guint64 time_val2 = 0;
+	guchar *target_info3 = NULL;
+	int target_info3_len = 0;
+	guint32 flags2;
+	SipSecBuffer in_buff;
+	SipSecBuffer out_buff;
+	
+	in_buff.length = hex_str_to_buff(type2_hex, (guint8 **)&(in_buff.value));
+
+	sip_sec_ntlm_parse_challenge(in_buff,
+				     0,
+				     &flags2,
+				     &server_challenge,
+				     &time_val2,
+				     &target_info3,
+				     &target_info3_len);
+
+	sip_sec_ntlm_gen_authenticate(&client_sign_key2,
+				      &server_sign_key2,
+				      &client_seal_key2,
+				      &server_seal_key2,
+				      user2,
+				      password2,
+				      host2,
+				      domain2,
+				      server_challenge,
+				      test_time_val,
+				      target_info3,
+				      target_info3_len,
+				      0,
+				      &out_buff,
+				      &flags2);
+
+	g_free(server_challenge);
+	g_free(target_info3);
+
+	assert_equal(type3_hex, out_buff.value, out_buff.length, TRUE);
 
 ////// UUID tests ///////
 	/* begin tests from MS-SIPRE */
-- 
2.11.4.GIT