4 * Copyright 2006 Juan Lang
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
26 #define SECURITY_WIN32
30 #include "wine/test.h"
32 static QUERY_CONTEXT_ATTRIBUTES_FN_A pQueryContextAttributesA
;
34 static const BYTE bigCert
[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
35 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
36 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
37 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
38 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
39 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
40 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
41 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
42 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
43 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
44 static WCHAR cspNameW
[] = { 'W','i','n','e','C','r','y','p','t','T','e',
46 static BYTE privKey
[] = {
47 0x07, 0x02, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x32, 0x00,
48 0x02, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x79, 0x10, 0x1c, 0xd0, 0x6b, 0x10,
49 0x18, 0x30, 0x94, 0x61, 0xdc, 0x0e, 0xcb, 0x96, 0x4e, 0x21, 0x3f, 0x79, 0xcd,
50 0xa9, 0x17, 0x62, 0xbc, 0xbb, 0x61, 0x4c, 0xe0, 0x75, 0x38, 0x6c, 0xf3, 0xde,
51 0x60, 0x86, 0x03, 0x97, 0x65, 0xeb, 0x1e, 0x6b, 0xdb, 0x53, 0x85, 0xad, 0x68,
52 0x21, 0xf1, 0x5d, 0xe7, 0x1f, 0xe6, 0x53, 0xb4, 0xbb, 0x59, 0x3e, 0x14, 0x27,
53 0xb1, 0x83, 0xa7, 0x3a, 0x54, 0xe2, 0x8f, 0x65, 0x8e, 0x6a, 0x4a, 0xcf, 0x3b,
54 0x1f, 0x65, 0xff, 0xfe, 0xf1, 0x31, 0x3a, 0x37, 0x7a, 0x8b, 0xcb, 0xc6, 0xd4,
55 0x98, 0x50, 0x36, 0x67, 0xe4, 0xa1, 0xe8, 0x7e, 0x8a, 0xc5, 0x23, 0xf2, 0x77,
56 0xf5, 0x37, 0x61, 0x49, 0x72, 0x59, 0xe8, 0x3d, 0xf7, 0x60, 0xb2, 0x77, 0xca,
57 0x78, 0x54, 0x6d, 0x65, 0x9e, 0x03, 0x97, 0x1b, 0x61, 0xbd, 0x0c, 0xd8, 0x06,
58 0x63, 0xe2, 0xc5, 0x48, 0xef, 0xb3, 0xe2, 0x6e, 0x98, 0x7d, 0xbd, 0x4e, 0x72,
59 0x91, 0xdb, 0x31, 0x57, 0xe3, 0x65, 0x3a, 0x49, 0xca, 0xec, 0xd2, 0x02, 0x4e,
60 0x22, 0x7e, 0x72, 0x8e, 0xf9, 0x79, 0x84, 0x82, 0xdf, 0x7b, 0x92, 0x2d, 0xaf,
61 0xc9, 0xe4, 0x33, 0xef, 0x89, 0x5c, 0x66, 0x99, 0xd8, 0x80, 0x81, 0x47, 0x2b,
62 0xb1, 0x66, 0x02, 0x84, 0x59, 0x7b, 0xc3, 0xbe, 0x98, 0x45, 0x4a, 0x3d, 0xdd,
63 0xea, 0x2b, 0xdf, 0x4e, 0xb4, 0x24, 0x6b, 0xec, 0xe7, 0xd9, 0x0c, 0x45, 0xb8,
64 0xbe, 0xca, 0x69, 0x37, 0x92, 0x4c, 0x38, 0x6b, 0x96, 0x6d, 0xcd, 0x86, 0x67,
65 0x5c, 0xea, 0x54, 0x94, 0xa4, 0xca, 0xa4, 0x02, 0xa5, 0x21, 0x4d, 0xae, 0x40,
66 0x8f, 0x9d, 0x51, 0x83, 0xf2, 0x3f, 0x33, 0xc1, 0x72, 0xb4, 0x1d, 0x94, 0x6e,
67 0x7d, 0xe4, 0x27, 0x3f, 0xea, 0xff, 0xe5, 0x9b, 0xa7, 0x5e, 0x55, 0x8e, 0x0d,
68 0x69, 0x1c, 0x7a, 0xff, 0x81, 0x9d, 0x53, 0x52, 0x97, 0x9a, 0x76, 0x79, 0xda,
69 0x93, 0x32, 0x16, 0xec, 0x69, 0x51, 0x1a, 0x4e, 0xc3, 0xf1, 0x72, 0x80, 0x78,
70 0x5e, 0x66, 0x4a, 0x8d, 0x85, 0x2f, 0x3f, 0xb2, 0xa7 };
72 static const BYTE selfSignedCert
[] = {
73 0x30, 0x82, 0x01, 0x1f, 0x30, 0x81, 0xce, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
74 0x10, 0xeb, 0x0d, 0x57, 0x2a, 0x9c, 0x09, 0xba, 0xa4, 0x4a, 0xb7, 0x25, 0x49,
75 0xd9, 0x3e, 0xb5, 0x73, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d,
76 0x05, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03,
77 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30,
78 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36, 0x32, 0x39, 0x30, 0x35, 0x30, 0x30,
79 0x34, 0x36, 0x5a, 0x17, 0x0d, 0x30, 0x37, 0x30, 0x36, 0x32, 0x39, 0x31, 0x31,
80 0x30, 0x30, 0x34, 0x36, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
81 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e,
82 0x67, 0x00, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
83 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
84 0x00, 0xe2, 0x54, 0x3a, 0xa7, 0x83, 0xb1, 0x27, 0x14, 0x3e, 0x59, 0xbb, 0xb4,
85 0x53, 0xe6, 0x1f, 0xe7, 0x5d, 0xf1, 0x21, 0x68, 0xad, 0x85, 0x53, 0xdb, 0x6b,
86 0x1e, 0xeb, 0x65, 0x97, 0x03, 0x86, 0x60, 0xde, 0xf3, 0x6c, 0x38, 0x75, 0xe0,
87 0x4c, 0x61, 0xbb, 0xbc, 0x62, 0x17, 0xa9, 0xcd, 0x79, 0x3f, 0x21, 0x4e, 0x96,
88 0xcb, 0x0e, 0xdc, 0x61, 0x94, 0x30, 0x18, 0x10, 0x6b, 0xd0, 0x1c, 0x10, 0x79,
89 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
90 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x25, 0x90, 0x53, 0x34, 0xd9, 0x56, 0x41,
91 0x5e, 0xdb, 0x7e, 0x01, 0x36, 0xec, 0x27, 0x61, 0x5e, 0xb7, 0x4d, 0x90, 0x66,
92 0xa2, 0xe1, 0x9d, 0x58, 0x76, 0xd4, 0x9c, 0xba, 0x2c, 0x84, 0xc6, 0x83, 0x7a,
93 0x22, 0x0d, 0x03, 0x69, 0x32, 0x1a, 0x6d, 0xcb, 0x0c, 0x15, 0xb3, 0x6b, 0xc7,
94 0x0a, 0x8c, 0xb4, 0x5c, 0x34, 0x78, 0xe0, 0x3c, 0x9c, 0xe9, 0xf3, 0x30, 0x9f,
95 0xa8, 0x76, 0x57, 0x92, 0x36 };
97 static CHAR unisp_name_a
[] = UNISP_NAME_A
;
99 static const char *algid_to_str(ALG_ID alg
)
103 #define X(x) case x: return #x
107 X(CALG_SHA1
); /* same as CALG_SHA */
122 X(CALG_AGREEDKEY_ANY
);
130 X(CALG_SCHANNEL_MASTER_HASH
);
131 X(CALG_SCHANNEL_MAC_KEY
);
132 X(CALG_SCHANNEL_ENC_KEY
);
139 X(CALG_HASH_REPLACE_OWF
);
153 sprintf(buf
, "%x", alg
);
157 static void init_cred(SCHANNEL_CRED
*cred
)
159 cred
->dwVersion
= SCHANNEL_CRED_VERSION
;
162 cred
->hRootStore
= NULL
;
164 cred
->aphMappers
= NULL
;
165 cred
->cSupportedAlgs
= 0;
166 cred
->palgSupportedAlgs
= NULL
;
167 cred
->grbitEnabledProtocols
= 0;
168 cred
->dwMinimumCipherStrength
= 0;
169 cred
->dwMaximumCipherStrength
= 0;
170 cred
->dwSessionLifespan
= 0;
174 static void test_strength(PCredHandle handle
)
176 SecPkgCred_CipherStrengths strength
= {-1,-1};
179 st
= QueryCredentialsAttributesA(handle
, SECPKG_ATTR_CIPHER_STRENGTHS
, &strength
);
180 ok(st
== SEC_E_OK
, "QueryCredentialsAttributesA failed: %u\n", GetLastError());
181 ok(strength
.dwMinimumCipherStrength
, "dwMinimumCipherStrength not changed\n");
182 ok(strength
.dwMaximumCipherStrength
, "dwMaximumCipherStrength not changed\n");
183 trace("strength %d - %d\n", strength
.dwMinimumCipherStrength
, strength
.dwMaximumCipherStrength
);
186 static void test_supported_protocols(CredHandle
*handle
, unsigned exprots
)
188 SecPkgCred_SupportedProtocols protocols
;
189 SECURITY_STATUS status
;
191 status
= QueryCredentialsAttributesA(handle
, SECPKG_ATTR_SUPPORTED_PROTOCOLS
, &protocols
);
192 ok(status
== SEC_E_OK
, "QueryCredentialsAttributes failed: %08x\n", status
);
195 ok(protocols
.grbitProtocol
== exprots
, "protocols.grbitProtocol = %x, expected %x\n", protocols
.grbitProtocol
, exprots
);
197 trace("Supported protocols:\n");
199 #define X(flag, name) do { if(protocols.grbitProtocol & flag) { trace(name "\n"); protocols.grbitProtocol &= ~flag; } }while(0)
200 X(SP_PROT_SSL2_CLIENT
, "SSL 2 client");
201 X(SP_PROT_SSL3_CLIENT
, "SSL 3 client");
202 X(SP_PROT_TLS1_0_CLIENT
, "TLS 1.0 client");
203 X(SP_PROT_TLS1_1_CLIENT
, "TLS 1.1 client");
204 X(SP_PROT_TLS1_2_CLIENT
, "TLS 1.2 client");
207 if(protocols
.grbitProtocol
)
208 trace("Unknown flags: %x\n", protocols
.grbitProtocol
);
211 static void test_supported_algs(CredHandle
*handle
)
213 SecPkgCred_SupportedAlgs algs
;
214 SECURITY_STATUS status
;
217 status
= QueryCredentialsAttributesA(handle
, SECPKG_ATTR_SUPPORTED_ALGS
, &algs
);
218 todo_wine
ok(status
== SEC_E_OK
, "QueryCredentialsAttributes failed: %08x\n", status
);
219 if(status
!= SEC_E_OK
)
222 trace("Supported algorithms (%d):\n", algs
.cSupportedAlgs
);
223 for(i
=0; i
< algs
.cSupportedAlgs
; i
++)
224 trace(" %s\n", algid_to_str(algs
.palgSupportedAlgs
[i
]));
226 FreeContextBuffer(algs
.palgSupportedAlgs
);
229 static void test_cread_attrs(void)
231 SCHANNEL_CRED schannel_cred
;
232 SECURITY_STATUS status
;
235 status
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
236 NULL
, NULL
, NULL
, NULL
, &cred
, NULL
);
237 ok(status
== SEC_E_OK
, "AcquireCredentialsHandleA failed: %x\n", status
);
239 test_supported_protocols(&cred
, 0);
240 test_supported_algs(&cred
);
242 status
= QueryCredentialsAttributesA(&cred
, SECPKG_ATTR_SUPPORTED_PROTOCOLS
, NULL
);
243 ok(status
== SEC_E_INTERNAL_ERROR
, "QueryCredentialsAttributes failed: %08x, expected SEC_E_INTERNAL_ERROR\n", status
);
245 status
= QueryCredentialsAttributesA(&cred
, SECPKG_ATTR_SUPPORTED_ALGS
, NULL
);
246 ok(status
== SEC_E_INTERNAL_ERROR
, "QueryCredentialsAttributes failed: %08x, expected SEC_E_INTERNAL_ERROR\n", status
);
248 FreeCredentialsHandle(&cred
);
250 init_cred(&schannel_cred
);
251 schannel_cred
.grbitEnabledProtocols
= SP_PROT_TLS1_CLIENT
;
252 status
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
253 NULL
, &schannel_cred
, NULL
, NULL
, &cred
, NULL
);
254 ok(status
== SEC_E_OK
, "AcquireCredentialsHandleA failed: %x\n", status
);
256 test_supported_protocols(&cred
, SP_PROT_TLS1_CLIENT
);
257 test_supported_algs(&cred
);
259 FreeCredentialsHandle(&cred
);
262 static void testAcquireSecurityContext(void)
264 BOOL has_schannel
= FALSE
;
265 SecPkgInfoA
*package_info
;
269 SecPkgCredentials_NamesA names
;
271 SCHANNEL_CRED schanCred
;
272 PCCERT_CONTEXT certs
[2];
274 WCHAR ms_def_prov_w
[MAX_PATH
];
277 CRYPT_KEY_PROV_INFO keyProvInfo
;
280 if (SUCCEEDED(EnumerateSecurityPackagesA(&i
, &package_info
)))
284 if (!strcmp(package_info
[i
].Name
, unisp_name_a
))
290 FreeContextBuffer(package_info
);
294 skip("Schannel not available\n");
298 lstrcpyW(ms_def_prov_w
, MS_DEF_PROV_W
);
300 keyProvInfo
.pwszContainerName
= cspNameW
;
301 keyProvInfo
.pwszProvName
= ms_def_prov_w
;
302 keyProvInfo
.dwProvType
= PROV_RSA_FULL
;
303 keyProvInfo
.dwFlags
= 0;
304 keyProvInfo
.cProvParam
= 0;
305 keyProvInfo
.rgProvParam
= NULL
;
306 keyProvInfo
.dwKeySpec
= AT_SIGNATURE
;
308 certs
[0] = CertCreateCertificateContext(X509_ASN_ENCODING
, bigCert
, sizeof(bigCert
));
309 certs
[1] = CertCreateCertificateContext(X509_ASN_ENCODING
, selfSignedCert
, sizeof(selfSignedCert
));
311 SetLastError(0xdeadbeef);
312 ret
= CryptAcquireContextW(&csp
, cspNameW
, MS_DEF_PROV_W
, PROV_RSA_FULL
,
314 if (!ret
&& GetLastError() == ERROR_CALL_NOT_IMPLEMENTED
)
316 /* WinMe would crash on some tests */
317 win_skip("CryptAcquireContextW is not implemented\n");
321 st
= AcquireCredentialsHandleA(NULL
, NULL
, 0, NULL
, NULL
, NULL
, NULL
, NULL
,
323 ok(st
== SEC_E_SECPKG_NOT_FOUND
,
324 "Expected SEC_E_SECPKG_NOT_FOUND, got %08x\n", st
);
327 /* Crashes on Win2K */
328 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, 0, NULL
, NULL
, NULL
,
330 ok(st
== SEC_E_NO_CREDENTIALS
, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st
);
332 /* Crashes on WinNT */
333 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_BOTH
, NULL
,
334 NULL
, NULL
, NULL
, NULL
, NULL
);
335 ok(st
== SEC_E_NO_CREDENTIALS
, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st
);
337 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_INBOUND
,
338 NULL
, NULL
, NULL
, NULL
, NULL
, NULL
);
339 ok(st
== SEC_E_NO_CREDENTIALS
, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st
);
342 AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
343 NULL
, NULL
, NULL
, NULL
, NULL
, NULL
);
345 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
346 NULL
, NULL
, NULL
, NULL
, &cred
, NULL
);
347 ok(st
== SEC_E_OK
, "AcquireCredentialsHandleA failed: %08x\n", st
);
349 FreeCredentialsHandle(&cred
);
350 memset(&cred
, 0, sizeof(cred
));
351 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
352 NULL
, NULL
, NULL
, NULL
, &cred
, &exp
);
353 ok(st
== SEC_E_OK
, "AcquireCredentialsHandleA failed: %08x\n", st
);
354 /* expriy is indeterminate in win2k3 */
355 trace("expiry: %08x%08x\n", exp
.HighPart
, exp
.LowPart
);
357 st
= QueryCredentialsAttributesA(&cred
, SECPKG_CRED_ATTR_NAMES
, &names
);
358 ok(st
== SEC_E_NO_CREDENTIALS
|| st
== SEC_E_UNSUPPORTED_FUNCTION
/* before Vista */, "expected SEC_E_NO_CREDENTIALS, got %08x\n", st
);
360 FreeCredentialsHandle(&cred
);
362 /* Bad version in SCHANNEL_CRED */
363 memset(&schanCred
, 0, sizeof(schanCred
));
364 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
365 NULL
, &schanCred
, NULL
, NULL
, NULL
, NULL
);
366 ok(st
== SEC_E_INTERNAL_ERROR
||
367 st
== SEC_E_UNKNOWN_CREDENTIALS
/* Vista/win2k8 */ ||
368 st
== SEC_E_INVALID_TOKEN
/* WinNT */, "st = %08x\n", st
);
369 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_INBOUND
,
370 NULL
, &schanCred
, NULL
, NULL
, NULL
, NULL
);
371 ok(st
== SEC_E_INTERNAL_ERROR
||
372 st
== SEC_E_UNKNOWN_CREDENTIALS
/* Vista/win2k8 */ ||
373 st
== SEC_E_INVALID_TOKEN
/* WinNT */, "st = %08x\n", st
);
375 /* No cert in SCHANNEL_CRED succeeds for outbound.. */
376 schanCred
.dwVersion
= SCHANNEL_CRED_VERSION
;
377 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
378 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
379 ok(st
== SEC_E_OK
, "AcquireCredentialsHandleA failed: %08x\n", st
);
380 FreeCredentialsHandle(&cred
);
381 /* but fails for inbound. */
382 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_INBOUND
,
383 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
384 ok(st
== SEC_E_NO_CREDENTIALS
||
385 st
== SEC_E_OK
/* Vista/win2k8 */,
386 "Expected SEC_E_NO_CREDENTIALS or SEC_E_OK, got %08x\n", st
);
390 /* Crashes with bad paCred pointer */
391 schanCred
.cCreds
= 1;
392 AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
393 NULL
, &schanCred
, NULL
, NULL
, NULL
, NULL
);
396 /* Bogus cert in SCHANNEL_CRED. Windows fails with
397 * SEC_E_UNKNOWN_CREDENTIALS, but I'll accept SEC_E_NO_CREDENTIALS too.
399 schanCred
.cCreds
= 1;
400 schanCred
.paCred
= &certs
[0];
401 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
402 NULL
, &schanCred
, NULL
, NULL
, NULL
, NULL
);
403 ok(st
== SEC_E_UNKNOWN_CREDENTIALS
||
404 st
== SEC_E_NO_CREDENTIALS
||
405 st
== SEC_E_INVALID_TOKEN
/* WinNT */, "st = %08x\n", st
);
406 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_INBOUND
,
407 NULL
, &schanCred
, NULL
, NULL
, NULL
, NULL
);
408 ok(st
== SEC_E_UNKNOWN_CREDENTIALS
||
409 st
== SEC_E_NO_CREDENTIALS
||
410 st
== SEC_E_INVALID_TOKEN
/* WinNT */, "st = %08x\n", st
);
412 /* Good cert, but missing private key. Windows fails with
413 * SEC_E_NO_CREDENTIALS, but I'll accept SEC_E_UNKNOWN_CREDENTIALS too.
415 schanCred
.cCreds
= 1;
416 schanCred
.paCred
= &certs
[1];
417 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
418 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
419 ok(st
== SEC_E_UNKNOWN_CREDENTIALS
|| st
== SEC_E_NO_CREDENTIALS
||
420 st
== SEC_E_INTERNAL_ERROR
, /* win2k */
421 "Expected SEC_E_UNKNOWN_CREDENTIALS, SEC_E_NO_CREDENTIALS "
422 "or SEC_E_INTERNAL_ERROR, got %08x\n", st
);
423 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_INBOUND
,
424 NULL
, &schanCred
, NULL
, NULL
, NULL
, NULL
);
425 ok(st
== SEC_E_UNKNOWN_CREDENTIALS
|| st
== SEC_E_NO_CREDENTIALS
||
426 st
== SEC_E_INTERNAL_ERROR
, /* win2k */
427 "Expected SEC_E_UNKNOWN_CREDENTIALS, SEC_E_NO_CREDENTIALS "
428 "or SEC_E_INTERNAL_ERROR, got %08x\n", st
);
430 /* Good cert, with CRYPT_KEY_PROV_INFO set before it's had a key loaded. */
431 ret
= CertSetCertificateContextProperty(certs
[1],
432 CERT_KEY_PROV_INFO_PROP_ID
, 0, &keyProvInfo
);
433 schanCred
.dwVersion
= SCH_CRED_V3
;
434 ok(ret
, "CertSetCertificateContextProperty failed: %08x\n", GetLastError());
435 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
436 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
437 ok(st
== SEC_E_UNKNOWN_CREDENTIALS
|| st
== SEC_E_INTERNAL_ERROR
/* WinNT */,
438 "Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st
);
439 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_INBOUND
,
440 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
441 ok(st
== SEC_E_UNKNOWN_CREDENTIALS
|| st
== SEC_E_INTERNAL_ERROR
/* WinNT */,
442 "Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st
);
444 ret
= CryptAcquireContextW(&csp
, cspNameW
, MS_DEF_PROV_W
, PROV_RSA_FULL
,
446 ok(ret
, "CryptAcquireContextW failed: %08x\n", GetLastError());
449 ret
= CryptImportKey(csp
, privKey
, sizeof(privKey
), 0, 0, &key
);
450 ok(ret
, "CryptImportKey failed: %08x\n", GetLastError());
458 AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_INBOUND
,
459 NULL
, &schanCred
, NULL
, NULL
, NULL
, NULL
);
461 /* Crashes on WinNT */
462 /* Good cert with private key, bogus version */
463 schanCred
.dwVersion
= SCH_CRED_V1
;
464 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
465 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
466 ok(st
== SEC_E_INTERNAL_ERROR
||
467 st
== SEC_E_UNKNOWN_CREDENTIALS
/* Vista/win2k8 */,
468 "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st
);
469 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_INBOUND
,
470 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
471 ok(st
== SEC_E_INTERNAL_ERROR
||
472 st
== SEC_E_UNKNOWN_CREDENTIALS
/* Vista/win2k8 */,
473 "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st
);
474 schanCred
.dwVersion
= SCH_CRED_V2
;
475 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
476 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
477 ok(st
== SEC_E_INTERNAL_ERROR
||
478 st
== SEC_E_UNKNOWN_CREDENTIALS
/* Vista/win2k8 */,
479 "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st
);
480 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_INBOUND
,
481 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
482 ok(st
== SEC_E_INTERNAL_ERROR
||
483 st
== SEC_E_UNKNOWN_CREDENTIALS
/* Vista/win2k8 */,
484 "Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st
);
487 /* Succeeds on V3 or higher */
488 schanCred
.dwVersion
= SCH_CRED_V3
;
489 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
490 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
491 ok(st
== SEC_E_OK
, "AcquireCredentialsHandleA failed: %08x\n", st
);
492 FreeCredentialsHandle(&cred
);
493 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_INBOUND
,
494 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
496 st
== SEC_E_UNKNOWN_CREDENTIALS
, /* win2k3 */
497 "AcquireCredentialsHandleA failed: %08x\n", st
);
498 FreeCredentialsHandle(&cred
);
499 schanCred
.dwVersion
= SCHANNEL_CRED_VERSION
;
500 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
501 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
502 ok(st
== SEC_E_OK
, "AcquireCredentialsHandleA failed: %08x\n", st
);
503 FreeCredentialsHandle(&cred
);
504 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_INBOUND
,
505 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
507 st
== SEC_E_UNKNOWN_CREDENTIALS
, /* win2k3 */
508 "AcquireCredentialsHandleA failed: %08x\n", st
);
509 if (st
== SEC_E_OK
) test_strength(&cred
);
510 FreeCredentialsHandle(&cred
);
512 /* How about more than one cert? */
513 schanCred
.cCreds
= 2;
514 schanCred
.paCred
= certs
;
515 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
516 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
517 ok(st
== SEC_E_UNKNOWN_CREDENTIALS
||
518 st
== SEC_E_NO_CREDENTIALS
/* Vista/win2k8 */ ||
519 st
== SEC_E_INVALID_TOKEN
/* WinNT */, "st = %08x\n", st
);
520 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_INBOUND
,
521 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
522 ok(st
== SEC_E_UNKNOWN_CREDENTIALS
||
523 st
== SEC_E_NO_CREDENTIALS
||
524 st
== SEC_E_INVALID_TOKEN
/* WinNT */, "st = %08x\n", st
);
528 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_OUTBOUND
,
529 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
530 ok(st
== SEC_E_UNKNOWN_CREDENTIALS
||
531 st
== SEC_E_NO_CREDENTIALS
||
532 st
== SEC_E_INVALID_TOKEN
/* WinNT */, "st = %08x\n", st
);
533 st
= AcquireCredentialsHandleA(NULL
, unisp_name_a
, SECPKG_CRED_INBOUND
,
534 NULL
, &schanCred
, NULL
, NULL
, &cred
, NULL
);
535 ok(st
== SEC_E_UNKNOWN_CREDENTIALS
,
536 "Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st
);
537 /* FIXME: what about two valid certs? */
539 CryptDestroyKey(key
);
542 CryptReleaseContext(csp
, 0);
543 CryptAcquireContextW(&csp
, cspNameW
, MS_DEF_PROV_W
, PROV_RSA_FULL
, CRYPT_DELETEKEYSET
);
545 CertFreeCertificateContext(certs
[0]);
546 CertFreeCertificateContext(certs
[1]);
549 static void test_remote_cert(PCCERT_CONTEXT remote_cert
)
551 PCCERT_CONTEXT iter
= NULL
;
552 BOOL incl_remote
= FALSE
;
553 unsigned cert_cnt
= 0;
555 ok(remote_cert
->hCertStore
!= NULL
, "hCertStore == NULL\n");
557 while((iter
= CertEnumCertificatesInStore(remote_cert
->hCertStore
, iter
))) {
558 if(iter
== remote_cert
)
563 ok(cert_cnt
== 2 || cert_cnt
== 3, "cert_cnt = %u\n", cert_cnt
);
564 ok(incl_remote
, "context does not contain cert itself\n");
567 static const char http_request
[] = "HEAD /test.html HTTP/1.1\r\nHost: www.winehq.org\r\nConnection: close\r\n\r\n";
569 static void init_buffers(SecBufferDesc
*desc
, unsigned count
, unsigned size
)
571 desc
->ulVersion
= SECBUFFER_VERSION
;
572 desc
->cBuffers
= count
;
573 desc
->pBuffers
= HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY
, count
*sizeof(SecBuffer
));
575 desc
->pBuffers
[0].cbBuffer
= size
;
576 desc
->pBuffers
[0].pvBuffer
= HeapAlloc(GetProcessHeap(), 0, size
);
579 static void reset_buffers(SecBufferDesc
*desc
)
583 for (i
= 0; i
< desc
->cBuffers
; ++i
)
585 desc
->pBuffers
[i
].BufferType
= SECBUFFER_EMPTY
;
588 desc
->pBuffers
[i
].cbBuffer
= 0;
589 desc
->pBuffers
[i
].pvBuffer
= NULL
;
594 static void free_buffers(SecBufferDesc
*desc
)
596 HeapFree(GetProcessHeap(), 0, desc
->pBuffers
[0].pvBuffer
);
597 HeapFree(GetProcessHeap(), 0, desc
->pBuffers
);
600 static int receive_data(SOCKET sock
, SecBuffer
*buf
)
602 unsigned received
= 0;
606 unsigned char *data
= buf
->pvBuffer
;
607 unsigned expected
= 0;
610 ret
= recv(sock
, (char *)data
+received
, buf
->cbBuffer
-received
, 0);
613 skip("recv failed\n");
618 skip("connection closed\n");
623 while (expected
< received
)
625 unsigned frame_size
= 5 + ((data
[3]<<8) | data
[4]);
626 expected
+= frame_size
;
630 if (expected
== received
)
634 buf
->cbBuffer
= received
;
639 static void test_InitializeSecurityContext(void)
642 CredHandle cred_handle
;
644 SECURITY_STATUS status
;
645 SecBuffer out_buffer
= {1000, SECBUFFER_TOKEN
, NULL
};
646 SecBuffer in_buffer
= {0, SECBUFFER_EMPTY
, NULL
};
647 SecBufferDesc out_buffers
= {SECBUFFER_VERSION
, 1, &out_buffer
};
648 SecBufferDesc in_buffers
= {SECBUFFER_VERSION
, 1, &in_buffer
};
652 cred
.grbitEnabledProtocols
= SP_PROT_TLS1_CLIENT
;
653 cred
.dwFlags
= SCH_CRED_NO_DEFAULT_CREDS
|SCH_CRED_MANUAL_CRED_VALIDATION
;
654 status
= AcquireCredentialsHandleA(NULL
, (SEC_CHAR
*)UNISP_NAME_A
, SECPKG_CRED_OUTBOUND
, NULL
,
655 &cred
, NULL
, NULL
, &cred_handle
, NULL
);
656 ok(status
== SEC_E_OK
, "AcquireCredentialsHandleA failed: %08x\n", status
);
657 if (status
!= SEC_E_OK
) return;
659 status
= InitializeSecurityContextA(&cred_handle
, NULL
, (SEC_CHAR
*)"localhost",
660 ISC_REQ_CONFIDENTIALITY
|ISC_REQ_STREAM
|ISC_REQ_ALLOCATE_MEMORY
,
661 0, 0, &in_buffers
, 0, &context
, &out_buffers
, &attrs
, NULL
);
662 ok(status
== SEC_I_CONTINUE_NEEDED
, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status
);
664 FreeContextBuffer(out_buffer
.pvBuffer
);
665 DeleteSecurityContext(&context
);
666 FreeCredentialsHandle(&cred_handle
);
669 static void test_communication(void)
675 struct hostent
*host
;
676 struct sockaddr_in addr
;
678 SECURITY_STATUS status
;
682 CredHandle cred_handle
;
684 SecPkgCredentials_NamesA names
;
685 SecPkgContext_StreamSizes sizes
;
686 SecPkgContext_ConnectionInfo conn_info
;
687 SecPkgContext_KeyInfoA key_info
;
689 SecPkgContext_NegotiationInfoA info
;
691 SecBufferDesc buffers
[2];
693 unsigned buf_size
= 4000;
697 if (!pQueryContextAttributesA
)
699 win_skip("Required secur32 functions not available\n");
703 /* Create a socket and connect to www.winehq.org */
704 ret
= WSAStartup(0x0202, &wsa_data
);
707 skip("Can't init winsock 2.2\n");
711 host
= gethostbyname("www.winehq.org");
714 skip("Can't resolve www.winehq.org\n");
718 addr
.sin_family
= host
->h_addrtype
;
719 addr
.sin_addr
= *(struct in_addr
*)host
->h_addr_list
[0];
720 addr
.sin_port
= htons(443);
721 sock
= socket(host
->h_addrtype
, SOCK_STREAM
, 0);
722 if (sock
== SOCKET_ERROR
)
724 skip("Can't create socket\n");
728 ret
= connect(sock
, (struct sockaddr
*)&addr
, sizeof(addr
));
729 if (ret
== SOCKET_ERROR
)
731 skip("Can't connect to www.winehq.org\n");
735 /* Create client credentials */
737 cred
.grbitEnabledProtocols
= SP_PROT_TLS1_CLIENT
;
738 cred
.dwFlags
= SCH_CRED_NO_DEFAULT_CREDS
|SCH_CRED_MANUAL_CRED_VALIDATION
;
740 status
= AcquireCredentialsHandleA(NULL
, (SEC_CHAR
*)UNISP_NAME_A
, SECPKG_CRED_OUTBOUND
, NULL
,
741 &cred
, NULL
, NULL
, &cred_handle
, NULL
);
742 ok(status
== SEC_E_OK
, "AcquireCredentialsHandleA failed: %08x\n", status
);
743 if (status
!= SEC_E_OK
) return;
745 /* Initialize the connection */
746 init_buffers(&buffers
[0], 4, buf_size
);
747 init_buffers(&buffers
[1], 4, buf_size
);
749 buffers
[0].pBuffers
[0].BufferType
= SECBUFFER_TOKEN
;
750 status
= InitializeSecurityContextA(&cred_handle
, NULL
, (SEC_CHAR
*)"localhost",
751 ISC_REQ_CONFIDENTIALITY
|ISC_REQ_STREAM
,
752 0, 0, NULL
, 0, &context
, &buffers
[0], &attrs
, NULL
);
753 ok(status
== SEC_I_CONTINUE_NEEDED
, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status
);
755 buffers
[1].cBuffers
= 1;
756 buffers
[1].pBuffers
[0].BufferType
= SECBUFFER_TOKEN
;
757 buffers
[0].pBuffers
[0].cbBuffer
= 1;
758 memset(buffers
[1].pBuffers
[0].pvBuffer
, 0xfa, buf_size
);
759 status
= InitializeSecurityContextA(&cred_handle
, &context
, (SEC_CHAR
*)"localhost",
760 ISC_REQ_CONFIDENTIALITY
|ISC_REQ_STREAM
,
761 0, 0, &buffers
[1], 0, NULL
, &buffers
[0], &attrs
, NULL
);
763 ok(status
== SEC_E_INVALID_TOKEN
, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status
);
765 ok(buffers
[0].pBuffers
[0].cbBuffer
== 0, "Output buffer size was not set to 0.\n");
767 buffers
[1].cBuffers
= 1;
768 buffers
[1].pBuffers
[0].BufferType
= SECBUFFER_TOKEN
;
769 buffers
[0].pBuffers
[0].cbBuffer
= 1;
770 memset(buffers
[1].pBuffers
[0].pvBuffer
, 0, buf_size
);
771 status
= InitializeSecurityContextA(&cred_handle
, &context
, (SEC_CHAR
*)"localhost",
772 ISC_REQ_CONFIDENTIALITY
|ISC_REQ_STREAM
,
773 0, 0, &buffers
[1], 0, NULL
, &buffers
[0], &attrs
, NULL
);
774 ok(status
== SEC_E_INVALID_TOKEN
, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status
);
776 ok(buffers
[0].pBuffers
[0].cbBuffer
== 0, "Output buffer size was not set to 0.\n");
778 buffers
[0].pBuffers
[0].cbBuffer
= 0;
779 status
= InitializeSecurityContextA(&cred_handle
, &context
, (SEC_CHAR
*)"localhost",
780 ISC_REQ_CONFIDENTIALITY
|ISC_REQ_STREAM
,
781 0, 0, &buffers
[1], 0, NULL
, &buffers
[0], &attrs
, NULL
);
783 ok(status
== SEC_E_INSUFFICIENT_MEMORY
|| status
== SEC_E_INVALID_TOKEN
,
784 "Expected SEC_E_INSUFFICIENT_MEMORY or SEC_E_INVALID_TOKEN, got %08x\n", status
);
786 buffers
[0].pBuffers
[0].cbBuffer
= buf_size
;
788 status
= InitializeSecurityContextA(&cred_handle
, NULL
, (SEC_CHAR
*)"localhost",
789 ISC_REQ_CONFIDENTIALITY
|ISC_REQ_STREAM
,
790 0, 0, NULL
, 0, &context
, &buffers
[0], &attrs
, NULL
);
791 ok(status
== SEC_I_CONTINUE_NEEDED
, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status
);
793 buf
= &buffers
[0].pBuffers
[0];
794 send(sock
, buf
->pvBuffer
, buf
->cbBuffer
, 0);
795 buf
->cbBuffer
= buf_size
;
797 status
= InitializeSecurityContextA(&cred_handle
, &context
, (SEC_CHAR
*)"localhost",
798 ISC_REQ_CONFIDENTIALITY
|ISC_REQ_STREAM
,
799 0, 0, NULL
, 0, NULL
, &buffers
[0], &attrs
, NULL
);
800 ok(status
== SEC_E_INCOMPLETE_MESSAGE
, "Got unexpected status %#x.\n", status
);
801 ok(buffers
[0].pBuffers
[0].cbBuffer
== buf_size
, "Output buffer size changed.\n");
802 ok(buffers
[0].pBuffers
[0].BufferType
== SECBUFFER_TOKEN
, "Output buffer type changed.\n");
804 buffers
[1].cBuffers
= 4;
805 buffers
[1].pBuffers
[0].cbBuffer
= 0;
807 status
= InitializeSecurityContextA(&cred_handle
, &context
, (SEC_CHAR
*)"localhost",
808 ISC_REQ_CONFIDENTIALITY
|ISC_REQ_STREAM
,
809 0, 0, &buffers
[1], 0, NULL
, &buffers
[0], &attrs
, NULL
);
810 ok(status
== SEC_E_INCOMPLETE_MESSAGE
, "Got unexpected status %#x.\n", status
);
811 ok(buffers
[0].pBuffers
[0].cbBuffer
== buf_size
, "Output buffer size changed.\n");
812 ok(buffers
[0].pBuffers
[0].BufferType
== SECBUFFER_TOKEN
, "Output buffer type changed.\n");
814 buf
= &buffers
[1].pBuffers
[0];
815 buf
->cbBuffer
= buf_size
;
816 ret
= receive_data(sock
, buf
);
820 buffers
[1].pBuffers
[0].cbBuffer
= 4;
821 status
= InitializeSecurityContextA(&cred_handle
, &context
, (SEC_CHAR
*)"localhost",
822 ISC_REQ_CONFIDENTIALITY
|ISC_REQ_STREAM
,
823 0, 0, &buffers
[1], 0, NULL
, &buffers
[0], &attrs
, NULL
);
824 ok(status
== SEC_E_INCOMPLETE_MESSAGE
|| status
== SEC_E_INVALID_TOKEN
,
825 "Got unexpected status %#x.\n", status
);
826 ok(buffers
[0].pBuffers
[0].cbBuffer
== buf_size
, "Output buffer size changed.\n");
827 ok(buffers
[0].pBuffers
[0].BufferType
== SECBUFFER_TOKEN
, "Output buffer type changed.\n");
829 buffers
[1].pBuffers
[0].cbBuffer
= 5;
830 status
= InitializeSecurityContextA(&cred_handle
, &context
, (SEC_CHAR
*)"localhost",
831 ISC_REQ_CONFIDENTIALITY
|ISC_REQ_STREAM
,
832 0, 0, &buffers
[1], 0, NULL
, &buffers
[0], &attrs
, NULL
);
833 ok(status
== SEC_E_INCOMPLETE_MESSAGE
|| status
== SEC_E_INVALID_TOKEN
,
834 "Got unexpected status %#x.\n", status
);
835 ok(buffers
[0].pBuffers
[0].cbBuffer
== buf_size
, "Output buffer size changed.\n");
836 ok(buffers
[0].pBuffers
[0].BufferType
== SECBUFFER_TOKEN
, "Output buffer type changed.\n");
838 buffers
[1].pBuffers
[0].cbBuffer
= ret
;
839 status
= InitializeSecurityContextA(&cred_handle
, &context
, (SEC_CHAR
*)"localhost",
840 ISC_REQ_CONFIDENTIALITY
|ISC_REQ_STREAM
,
841 0, 0, &buffers
[1], 0, NULL
, &buffers
[0], &attrs
, NULL
);
842 buffers
[1].pBuffers
[0].cbBuffer
= buf_size
;
843 while (status
== SEC_I_CONTINUE_NEEDED
)
845 buf
= &buffers
[0].pBuffers
[0];
846 send(sock
, buf
->pvBuffer
, buf
->cbBuffer
, 0);
847 buf
->cbBuffer
= buf_size
;
849 buf
= &buffers
[1].pBuffers
[0];
850 ret
= receive_data(sock
, buf
);
854 buf
->BufferType
= SECBUFFER_TOKEN
;
856 status
= InitializeSecurityContextA(&cred_handle
, &context
, (SEC_CHAR
*)"localhost",
857 ISC_REQ_CONFIDENTIALITY
|ISC_REQ_STREAM
,
858 0, 0, &buffers
[1], 0, NULL
, &buffers
[0], &attrs
, NULL
);
859 buffers
[1].pBuffers
[0].cbBuffer
= buf_size
;
862 ok(status
== SEC_E_OK
|| broken(status
== SEC_E_INVALID_TOKEN
) /* WinNT */,
863 "InitializeSecurityContext failed: %08x\n", status
);
864 if(status
!= SEC_E_OK
) {
865 win_skip("Handshake failed\n");
869 status
= QueryCredentialsAttributesA(&cred_handle
, SECPKG_CRED_ATTR_NAMES
, &names
);
870 ok(status
== SEC_E_NO_CREDENTIALS
|| status
== SEC_E_UNSUPPORTED_FUNCTION
/* before Vista */, "expected SEC_E_NO_CREDENTIALS, got %08x\n", status
);
872 status
= pQueryContextAttributesA(&context
, SECPKG_ATTR_REMOTE_CERT_CONTEXT
, (void*)&cert
);
873 ok(status
== SEC_E_OK
, "QueryContextAttributesW(SECPKG_ATTR_REMOTE_CERT_CONTEXT) failed: %08x\n", status
);
874 if(status
== SEC_E_OK
) {
875 SecPkgContext_Bindings bindings
= {0xdeadbeef, (void*)0xdeadbeef};
877 test_remote_cert(cert
);
879 status
= pQueryContextAttributesA(&context
, SECPKG_ATTR_ENDPOINT_BINDINGS
, &bindings
);
880 ok(status
== SEC_E_OK
|| broken(status
== SEC_E_UNSUPPORTED_FUNCTION
),
881 "QueryContextAttributesW(SECPKG_ATTR_ENDPOINT_BINDINGS) failed: %08x\n", status
);
882 if(status
== SEC_E_OK
) {
883 static const char prefix
[] = "tls-server-end-point:";
888 ok(bindings
.BindingsLength
== sizeof(*bindings
.Bindings
) + sizeof(prefix
)-1 + 32 /* hash size */,
889 "bindings.BindingsLength = %u\n", bindings
.BindingsLength
);
890 ok(!bindings
.Bindings
->dwInitiatorAddrType
, "dwInitiatorAddrType = %x\n", bindings
.Bindings
->dwInitiatorAddrType
);
891 ok(!bindings
.Bindings
->cbInitiatorLength
, "cbInitiatorLength = %x\n", bindings
.Bindings
->cbInitiatorLength
);
892 ok(!bindings
.Bindings
->dwInitiatorOffset
, "dwInitiatorOffset = %x\n", bindings
.Bindings
->dwInitiatorOffset
);
893 ok(!bindings
.Bindings
->dwAcceptorAddrType
, "dwAcceptorAddrType = %x\n", bindings
.Bindings
->dwAcceptorAddrType
);
894 ok(!bindings
.Bindings
->cbAcceptorLength
, "cbAcceptorLength = %x\n", bindings
.Bindings
->cbAcceptorLength
);
895 ok(!bindings
.Bindings
->dwAcceptorOffset
, "dwAcceptorOffset = %x\n", bindings
.Bindings
->dwAcceptorOffset
);
896 ok(sizeof(*bindings
.Bindings
) + bindings
.Bindings
->cbApplicationDataLength
== bindings
.BindingsLength
,
897 "cbApplicationDataLength = %x\n", bindings
.Bindings
->cbApplicationDataLength
);
898 ok(bindings
.Bindings
->dwApplicationDataOffset
== sizeof(*bindings
.Bindings
),
899 "dwApplicationDataOffset = %x\n", bindings
.Bindings
->dwApplicationDataOffset
);
900 p
= (const char*)(bindings
.Bindings
+1);
901 ok(!memcmp(p
, prefix
, sizeof(prefix
)-1), "missing prefix\n");
902 p
+= sizeof(prefix
)-1;
904 hash_size
= sizeof(hash
);
905 ret
= CryptHashCertificate(0, CALG_SHA_256
, 0, cert
->pbCertEncoded
, cert
->cbCertEncoded
, hash
, &hash_size
);
907 ok(hash_size
== 32, "hash_size = %u\n", hash_size
);
908 ok(!memcmp(hash
, p
, hash_size
), "unexpected hash part\n");
910 win_skip("SHA 256 hash not supported.\n");
913 FreeContextBuffer(bindings
.Bindings
);
915 win_skip("SECPKG_ATTR_ENDPOINT_BINDINGS not supported\n");
918 CertFreeCertificateContext(cert
);
921 status
= pQueryContextAttributesA(&context
, SECPKG_ATTR_CONNECTION_INFO
, (void*)&conn_info
);
922 ok(status
== SEC_E_OK
, "QueryContextAttributesW(SECPKG_ATTR_CONNECTION_INFO) failed: %08x\n", status
);
923 if(status
== SEC_E_OK
) {
924 ok(conn_info
.dwCipherStrength
>= 128, "conn_info.dwCipherStrength = %d\n", conn_info
.dwCipherStrength
);
925 ok(conn_info
.dwHashStrength
>= 128, "conn_info.dwHashStrength = %d\n", conn_info
.dwHashStrength
);
928 status
= pQueryContextAttributesA(&context
, SECPKG_ATTR_KEY_INFO
, &key_info
);
929 ok(status
== SEC_E_OK
, "QueryContextAttributesW(SECPKG_ATTR_KEY_INFO) failed: %08x\n", status
);
930 if(status
== SEC_E_OK
) {
931 ok(broken(key_info
.SignatureAlgorithm
== 0 /* WinXP,2003 */) ||
932 key_info
.SignatureAlgorithm
== CALG_RSA_SIGN
,
933 "key_info.SignatureAlgorithm = %04x\n", key_info
.SignatureAlgorithm
);
934 ok(broken(key_info
.SignatureAlgorithm
== 0 /* WinXP,2003 */) ||
935 !strcmp(key_info
.sSignatureAlgorithmName
, "RSA"),
936 "key_info.sSignatureAlgorithmName = %s\n", key_info
.sSignatureAlgorithmName
);
937 ok(key_info
.KeySize
>= 128, "key_info.KeySize = %d\n", key_info
.KeySize
);
940 status
= pQueryContextAttributesA(&context
, SECPKG_ATTR_STREAM_SIZES
, &sizes
);
941 ok(status
== SEC_E_OK
, "QueryContextAttributesW(SECPKG_ATTR_STREAM_SIZES) failed: %08x\n", status
);
943 status
= QueryContextAttributesA(&context
, SECPKG_ATTR_NEGOTIATION_INFO
, &info
);
944 ok(status
== SEC_E_UNSUPPORTED_FUNCTION
, "QueryContextAttributesA returned %08x\n", status
);
946 reset_buffers(&buffers
[0]);
948 /* Send a simple request so we get data for testing DecryptMessage */
949 buf
= &buffers
[0].pBuffers
[0];
950 data
= buf
->pvBuffer
;
951 buf
->BufferType
= SECBUFFER_STREAM_HEADER
;
952 buf
->cbBuffer
= sizes
.cbHeader
;
954 buf
->BufferType
= SECBUFFER_DATA
;
955 buf
->pvBuffer
= data
+ sizes
.cbHeader
;
956 buf
->cbBuffer
= sizeof(http_request
) - 1;
957 memcpy(buf
->pvBuffer
, http_request
, sizeof(http_request
) - 1);
959 buf
->BufferType
= SECBUFFER_STREAM_TRAILER
;
960 buf
->pvBuffer
= data
+ sizes
.cbHeader
+ sizeof(http_request
) -1;
961 buf
->cbBuffer
= sizes
.cbTrailer
;
963 status
= EncryptMessage(&context
, 0, &buffers
[0], 0);
964 ok(status
== SEC_E_OK
, "EncryptMessage failed: %08x\n", status
);
965 if (status
!= SEC_E_OK
)
968 buf
= &buffers
[0].pBuffers
[0];
969 send(sock
, buf
->pvBuffer
, buffers
[0].pBuffers
[0].cbBuffer
+ buffers
[0].pBuffers
[1].cbBuffer
+ buffers
[0].pBuffers
[2].cbBuffer
, 0);
971 reset_buffers(&buffers
[0]);
972 buf
->cbBuffer
= buf_size
;
973 data_size
= receive_data(sock
, buf
);
975 /* Too few buffers */
976 --buffers
[0].cBuffers
;
977 status
= DecryptMessage(&context
, &buffers
[0], 0, NULL
);
978 ok(status
== SEC_E_INVALID_TOKEN
, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status
);
981 ++buffers
[0].cBuffers
;
982 status
= DecryptMessage(&context
, &buffers
[0], 0, NULL
);
983 ok(status
== SEC_E_INVALID_TOKEN
, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status
);
985 /* Two data buffers */
986 buffers
[0].pBuffers
[0].BufferType
= SECBUFFER_DATA
;
987 buffers
[0].pBuffers
[1].BufferType
= SECBUFFER_DATA
;
988 status
= DecryptMessage(&context
, &buffers
[0], 0, NULL
);
989 ok(status
== SEC_E_INVALID_TOKEN
, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status
);
991 /* Too few empty buffers */
992 buffers
[0].pBuffers
[1].BufferType
= SECBUFFER_EXTRA
;
993 status
= DecryptMessage(&context
, &buffers
[0], 0, NULL
);
994 ok(status
== SEC_E_INVALID_TOKEN
, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status
);
996 /* Incomplete data */
997 buffers
[0].pBuffers
[1].BufferType
= SECBUFFER_EMPTY
;
998 buffers
[0].pBuffers
[0].cbBuffer
= (data
[3]<<8) | data
[4];
999 status
= DecryptMessage(&context
, &buffers
[0], 0, NULL
);
1000 ok(status
== SEC_E_INCOMPLETE_MESSAGE
, "Expected SEC_E_INCOMPLETE_MESSAGE, got %08x\n", status
);
1001 ok(buffers
[0].pBuffers
[0].BufferType
== SECBUFFER_MISSING
, "Expected first buffer to be SECBUFFER_MISSING\n");
1002 ok(buffers
[0].pBuffers
[0].cbBuffer
== 5, "Expected first buffer to be a five bytes\n");
1004 buffers
[0].pBuffers
[0].cbBuffer
= data_size
;
1005 buffers
[0].pBuffers
[0].BufferType
= SECBUFFER_DATA
;
1006 buffers
[0].pBuffers
[1].BufferType
= SECBUFFER_EMPTY
;
1007 status
= DecryptMessage(&context
, &buffers
[0], 0, NULL
);
1008 ok(status
== SEC_E_OK
, "DecryptMessage failed: %08x\n", status
);
1009 if (status
== SEC_E_OK
)
1011 ok(buffers
[0].pBuffers
[0].BufferType
== SECBUFFER_STREAM_HEADER
, "Expected first buffer to be SECBUFFER_STREAM_HEADER\n");
1012 ok(buffers
[0].pBuffers
[1].BufferType
== SECBUFFER_DATA
, "Expected second buffer to be SECBUFFER_DATA\n");
1013 ok(buffers
[0].pBuffers
[2].BufferType
== SECBUFFER_STREAM_TRAILER
, "Expected third buffer to be SECBUFFER_STREAM_TRAILER\n");
1015 data
= buffers
[0].pBuffers
[1].pvBuffer
;
1016 data
[buffers
[0].pBuffers
[1].cbBuffer
] = 0;
1019 DeleteSecurityContext(&context
);
1020 FreeCredentialsHandle(&cred_handle
);
1022 free_buffers(&buffers
[0]);
1023 free_buffers(&buffers
[1]);
1028 START_TEST(schannel
)
1030 pQueryContextAttributesA
= (void*)GetProcAddress(GetModuleHandleA("secur32.dll"), "QueryContextAttributesA");
1033 testAcquireSecurityContext();
1034 test_InitializeSecurityContext();
1035 test_communication();