static void test_communication(void)
{
int ret;
WSADATA wsa_data;
SOCKET sock;
struct hostent *host;
struct sockaddr_in addr;
SECURITY_STATUS status;
ULONG attrs;
SCHANNEL_CRED cred;
CredHandle cred_handle;
CtxtHandle context;
SecPkgCredentials_NamesA names;
SecPkgContext_StreamSizes sizes;
SecPkgContext_ConnectionInfo conn_info;
CERT_CONTEXT *cert;
SecBufferDesc buffers[2];
SecBuffer *buf;
unsigned buf_size = 4000;
unsigned char *data;
unsigned data_size;
if (!pAcquireCredentialsHandleA || !pFreeCredentialsHandle ||
!pInitializeSecurityContextA || !pDeleteSecurityContext ||
!pQueryContextAttributesA || !pDecryptMessage || !pEncryptMessage)
{
skip("Required secur32 functions not available\n");
return;
}
/* Create a socket and connect to www.winehq.org */
ret = WSAStartup(0x0202, &wsa_data);
if (ret)
{
skip("Can't init winsock 2.2\n");
return;
}
host = gethostbyname("www.winehq.org");
if (!host)
{
skip("Can't resolve www.winehq.org\n");
return;
}
addr.sin_family = host->h_addrtype;
addr.sin_addr = *(struct in_addr *)host->h_addr_list[0];
addr.sin_port = htons(443);
sock = socket(host->h_addrtype, SOCK_STREAM, 0);
if (sock == SOCKET_ERROR)
{
skip("Can't create socket\n");
return;
}
ret = connect(sock, (struct sockaddr *)&addr, sizeof(addr));
if (ret == SOCKET_ERROR)
{
skip("Can't connect to www.winehq.org\n");
return;
}
/* Create client credentials */
init_cred(&cred);
cred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT;
cred.dwFlags = SCH_CRED_NO_DEFAULT_CREDS|SCH_CRED_MANUAL_CRED_VALIDATION;
status = pAcquireCredentialsHandleA(NULL, (SEC_CHAR *)UNISP_NAME_A, SECPKG_CRED_OUTBOUND, NULL,
&cred, NULL, NULL, &cred_handle, NULL);
ok(status == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", status);
if (status != SEC_E_OK) return;
/* Initialize the connection */
init_buffers(&buffers[0], 4, buf_size);
init_buffers(&buffers[1], 4, buf_size);
buffers[0].pBuffers[0].BufferType = SECBUFFER_TOKEN;
status = pInitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, NULL, 0, &context, &buffers[0], &attrs, NULL);
ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status);
buffers[1].cBuffers = 1;
buffers[1].pBuffers[0].BufferType = SECBUFFER_TOKEN;
buffers[0].pBuffers[0].cbBuffer = 1;
memset(buffers[1].pBuffers[0].pvBuffer, 0xfa, buf_size);
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
todo_wine
ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
todo_wine
ok(buffers[0].pBuffers[0].cbBuffer == 0, "Output buffer size was not set to 0.\n");
buffers[1].cBuffers = 1;
buffers[1].pBuffers[0].BufferType = SECBUFFER_TOKEN;
buffers[0].pBuffers[0].cbBuffer = 1;
memset(buffers[1].pBuffers[0].pvBuffer, 0, buf_size);
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
todo_wine
ok(buffers[0].pBuffers[0].cbBuffer == 0, "Output buffer size was not set to 0.\n");
buffers[0].pBuffers[0].cbBuffer = 0;
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
todo_wine
ok(status == SEC_E_INSUFFICIENT_MEMORY || status == SEC_E_INVALID_TOKEN,
"Expected SEC_E_INSUFFICIENT_MEMORY or SEC_E_INVALID_TOKEN, got %08x\n", status);
buffers[0].pBuffers[0].cbBuffer = buf_size;
status = pInitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, NULL, 0, &context, &buffers[0], &attrs, NULL);
ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status);
buf = &buffers[0].pBuffers[0];
send(sock, buf->pvBuffer, buf->cbBuffer, 0);
buf->cbBuffer = buf_size;
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, NULL, 0, NULL, &buffers[0], &attrs, NULL);
ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
buffers[1].cBuffers = 4;
buffers[1].pBuffers[0].cbBuffer = 0;
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
buf = &buffers[1].pBuffers[0];
buf->cbBuffer = buf_size;
ret = receive_data(sock, buf);
if (ret == -1)
return;
buffers[1].pBuffers[0].cbBuffer = 4;
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
buffers[1].pBuffers[0].cbBuffer = 5;
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
buffers[1].pBuffers[0].cbBuffer = ret;
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
buffers[1].pBuffers[0].cbBuffer = buf_size;
while (status == SEC_I_CONTINUE_NEEDED)
{
buf = &buffers[0].pBuffers[0];
send(sock, buf->pvBuffer, buf->cbBuffer, 0);
buf->cbBuffer = buf_size;
buf = &buffers[1].pBuffers[0];
ret = receive_data(sock, buf);
if (ret == -1)
return;
buf->BufferType = SECBUFFER_TOKEN;
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
buffers[1].pBuffers[0].cbBuffer = buf_size;
}
ok(status == SEC_E_OK || broken(status == SEC_E_INVALID_TOKEN) /* WinNT */,
"InitializeSecurityContext failed: %08x\n", status);
if(status != SEC_E_OK) {
win_skip("Handshake failed\n");
return;
}
status = pQueryCredentialsAttributesA(&cred_handle, SECPKG_CRED_ATTR_NAMES, &names);
ok(status == SEC_E_NO_CREDENTIALS || status == SEC_E_UNSUPPORTED_FUNCTION /* before Vista */, "expected SEC_E_NO_CREDENTIALS, got %08x\n", status);
status = pQueryContextAttributesA(&context, SECPKG_ATTR_REMOTE_CERT_CONTEXT, (void*)&cert);
ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_REMOTE_CERT_CONTEXT) failed: %08x\n", status);
if(status == SEC_E_OK) {
test_remote_cert(cert);
pCertFreeCertificateContext(cert);
}
status = pQueryContextAttributesA(&context, SECPKG_ATTR_CONNECTION_INFO, (void*)&conn_info);
ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_CONNECTION_INFO) failed: %08x\n", status);
if(status == SEC_E_OK) {
ok(conn_info.dwCipherStrength == 128 || conn_info.dwCipherStrength == 168,
"conn_info.dwCipherStrength = %d\n", conn_info.dwCipherStrength);
ok(conn_info.dwHashStrength >= 128, "conn_info.dwHashStrength = %d\n", conn_info.dwHashStrength);
}
status = pQueryContextAttributesA(&context, SECPKG_ATTR_STREAM_SIZES, &sizes);
ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_STREAM_SIZES) failed: %08x\n", status);
reset_buffers(&buffers[0]);
/* Send a simple request so we get data for testing DecryptMessage */
buf = &buffers[0].pBuffers[0];
data = buf->pvBuffer;
buf->BufferType = SECBUFFER_STREAM_HEADER;
buf->cbBuffer = sizes.cbHeader;
++buf;
buf->BufferType = SECBUFFER_DATA;
buf->pvBuffer = data + sizes.cbHeader;
buf->cbBuffer = sizeof(http_request) - 1;
memcpy(buf->pvBuffer, http_request, sizeof(http_request) - 1);
++buf;
buf->BufferType = SECBUFFER_STREAM_TRAILER;
buf->pvBuffer = data + sizes.cbHeader + sizeof(http_request) -1;
buf->cbBuffer = sizes.cbTrailer;
status = pEncryptMessage(&context, 0, &buffers[0], 0);
ok(status == SEC_E_OK, "EncryptMessage failed: %08x\n", status);
if (status != SEC_E_OK)
return;
buf = &buffers[0].pBuffers[0];
send(sock, buf->pvBuffer, buffers[0].pBuffers[0].cbBuffer + buffers[0].pBuffers[1].cbBuffer + buffers[0].pBuffers[2].cbBuffer, 0);
reset_buffers(&buffers[0]);
buf->cbBuffer = buf_size;
data_size = receive_data(sock, buf);
/* Too few buffers */
--buffers[0].cBuffers;
status = pDecryptMessage(&context, &buffers[0], 0, NULL);
ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
/* No data buffer */
++buffers[0].cBuffers;
status = pDecryptMessage(&context, &buffers[0], 0, NULL);
ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
/* Two data buffers */
buffers[0].pBuffers[0].BufferType = SECBUFFER_DATA;
buffers[0].pBuffers[1].BufferType = SECBUFFER_DATA;
status = pDecryptMessage(&context, &buffers[0], 0, NULL);
ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
/* Too few empty buffers */
buffers[0].pBuffers[1].BufferType = SECBUFFER_EXTRA;
status = pDecryptMessage(&context, &buffers[0], 0, NULL);
ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
/* Incomplete data */
buffers[0].pBuffers[1].BufferType = SECBUFFER_EMPTY;
buffers[0].pBuffers[0].cbBuffer = (data[3]<<8) | data[4];
status = pDecryptMessage(&context, &buffers[0], 0, NULL);
ok(status == SEC_E_INCOMPLETE_MESSAGE, "Expected SEC_E_INCOMPLETE_MESSAGE, got %08x\n", status);
ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_MISSING, "Expected first buffer to be SECBUFFER_MISSING\n");
ok(buffers[0].pBuffers[0].cbBuffer == 5, "Expected first buffer to be a five bytes\n");
buffers[0].pBuffers[0].cbBuffer = data_size;
buffers[0].pBuffers[0].BufferType = SECBUFFER_DATA;
buffers[0].pBuffers[1].BufferType = SECBUFFER_EMPTY;
status = pDecryptMessage(&context, &buffers[0], 0, NULL);
ok(status == SEC_E_OK, "DecryptMessage failed: %08x\n", status);
if (status == SEC_E_OK)
{
ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_STREAM_HEADER, "Expected first buffer to be SECBUFFER_STREAM_HEADER\n");
ok(buffers[0].pBuffers[1].BufferType == SECBUFFER_DATA, "Expected second buffer to be SECBUFFER_DATA\n");
ok(buffers[0].pBuffers[2].BufferType == SECBUFFER_STREAM_TRAILER, "Expected third buffer to be SECBUFFER_STREAM_TRAILER\n");
data = buffers[0].pBuffers[1].pvBuffer;
data[buffers[0].pBuffers[1].cbBuffer] = 0;
}
pDeleteSecurityContext(&context);
pFreeCredentialsHandle(&cred_handle);
free_buffers(&buffers[0]);
free_buffers(&buffers[1]);
closesocket(sock);
}
static void testAcquireSecurityContext(void)
{
SECURITY_STATUS st;
CredHandle cred;
TimeStamp exp;
SCHANNEL_CRED schanCred;
PCCERT_CONTEXT certs[2];
HCRYPTPROV csp;
static CHAR unisp_name_a[] = UNISP_NAME_A;
WCHAR ms_def_prov_w[MAX_PATH];
BOOL ret;
HCRYPTKEY key;
CRYPT_KEY_PROV_INFO keyProvInfo;
if (!pAcquireCredentialsHandleA || !pCertCreateCertificateContext ||
!pFreeCredentialsHandle || !pCryptAcquireContextW)
{
skip("Needed functions are not available\n");
return;
}
lstrcpyW(ms_def_prov_w, MS_DEF_PROV_W);
keyProvInfo.pwszContainerName = cspNameW;
keyProvInfo.pwszProvName = ms_def_prov_w;
keyProvInfo.dwProvType = PROV_RSA_FULL;
keyProvInfo.dwFlags = 0;
keyProvInfo.cProvParam = 0;
keyProvInfo.rgProvParam = NULL;
keyProvInfo.dwKeySpec = AT_SIGNATURE;
certs[0] = pCertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
sizeof(bigCert));
certs[1] = pCertCreateCertificateContext(X509_ASN_ENCODING, selfSignedCert,
sizeof(selfSignedCert));
pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_DELETEKEYSET);
st = pAcquireCredentialsHandleA(NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL,
NULL);
ok(st == SEC_E_SECPKG_NOT_FOUND,
"Expected SEC_E_SECPKG_NOT_FOUND, got %08x\n", st);
if (0)
{
/* Crashes on Win2K */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, 0, NULL, NULL, NULL,
NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n",
st);
}
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_BOTH, NULL,
NULL, NULL, NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n",
st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, NULL, NULL, NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n",
st);
if (0)
{
/* Crashes */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, NULL, NULL);
}
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
memset(&cred, 0, sizeof(cred));
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, &cred, &exp);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
/* expriy is indeterminate in win2k3 */
trace("expiry: %08lx%08lx\n", exp.HighPart, exp.LowPart);
pFreeCredentialsHandle(&cred);
/* Bad version in SCHANNEL_CRED */
memset(&schanCred, 0, sizeof(schanCred));
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_INTERNAL_ERROR, "Expected SEC_E_INTERNAL_ERROR, got %08x\n",
st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_INTERNAL_ERROR, "Expected SEC_E_INTERNAL_ERROR, got %08x\n",
st);
/* No cert in SCHANNEL_CRED succeeds for outbound.. */
schanCred.dwVersion = SCHANNEL_CRED_VERSION;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
/* but fails for inbound. */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n",
st);
if (0)
{
/* Crashes with bad paCred pointer */
schanCred.cCreds = 1;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
}
/* Bogus cert in SCHANNEL_CRED. Windows fails with
* SEC_E_UNKNOWN_CREDENTIALS, but I'll accept SEC_E_NO_CREDENTIALS too.
*/
schanCred.cCreds = 1;
schanCred.paCred = &certs[0];
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || SEC_E_NO_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_NO_CREDENTIALS, got %08x\n",
st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || SEC_E_NO_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_NO_CREDENTIALS, got %08x\n",
st);
/* Good cert, but missing private key. Windows fails with
* SEC_E_NO_CREDENTIALS, but I'll accept SEC_E_UNKNOWN_CREDENTIALS too.
*/
schanCred.cCreds = 1;
schanCred.paCred = &certs[1];
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || SEC_E_NO_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_NO_CREDENTIALS, got %08x\n",
st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || SEC_E_NO_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_NO_CREDENTIALS, got %08x\n",
st);
/* Good cert, with CRYPT_KEY_PROV_INFO set before it's had a key loaded. */
if (pCertSetCertificateContextProperty)
{
ret = pCertSetCertificateContextProperty(certs[1],
CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo);
schanCred.dwVersion = SCH_CRED_V3;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
}
ret = pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_NEWKEYSET);
ok(ret, "CryptAcquireContextW failed: %08x\n", GetLastError());
ret = 0;
if (pCryptImportKey)
{
ret = pCryptImportKey(csp, privKey, sizeof(privKey), 0, 0, &key);
ok(ret, "CryptImportKey failed: %08x\n", GetLastError());
}
if (ret)
{
PCCERT_CONTEXT tmp;
if (0)
{
/* Crashes */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
}
/* Good cert with private key, bogus version */
schanCred.dwVersion = SCH_CRED_V1;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR,
"Expected SEC_E_INTERNAL_ERROR, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR,
"Expected SEC_E_INTERNAL_ERROR, got %08x\n", st);
schanCred.dwVersion = SCH_CRED_V2;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR,
"Expected SEC_E_INTERNAL_ERROR, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR,
"Expected SEC_E_INTERNAL_ERROR, got %08x\n", st);
/* Succeeds on V3 or higher */
schanCred.dwVersion = SCH_CRED_V3;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK ||
st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
"AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
schanCred.dwVersion = SCHANNEL_CRED_VERSION;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK ||
st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
"AcquireCredentialsHandleA failed: %08x\n", st);
if (st == SEC_E_OK) test_strength(&cred);
pFreeCredentialsHandle(&cred);
/* How about more than one cert? */
schanCred.cCreds = 2;
schanCred.paCred = certs;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
tmp = certs[0];
certs[0] = certs[1];
certs[1] = tmp;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
/* FIXME: what about two valid certs? */
if (pCryptDestroyKey)
pCryptDestroyKey(key);
}
if (pCryptReleaseContext)
pCryptReleaseContext(csp, 0);
pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_DELETEKEYSET);
if (pCertFreeCertificateContext)
{
pCertFreeCertificateContext(certs[0]);
pCertFreeCertificateContext(certs[1]);
}
}
static void testAcquireSecurityContext(void)
{
BOOL has_schannel = FALSE;
SecPkgInfoA *package_info;
ULONG i;
SECURITY_STATUS st;
CredHandle cred;
SecPkgCredentials_NamesA names;
TimeStamp exp;
SCHANNEL_CRED schanCred;
PCCERT_CONTEXT certs[2];
HCRYPTPROV csp;
WCHAR ms_def_prov_w[MAX_PATH];
BOOL ret;
HCRYPTKEY key;
CRYPT_KEY_PROV_INFO keyProvInfo;
if (!pAcquireCredentialsHandleA || !pCertCreateCertificateContext ||
!pEnumerateSecurityPackagesA || !pFreeContextBuffer ||
!pFreeCredentialsHandle || !pCryptAcquireContextW)
{
win_skip("Needed functions are not available\n");
return;
}
if (SUCCEEDED(pEnumerateSecurityPackagesA(&i, &package_info)))
{
while(i--)
{
if (!strcmp(package_info[i].Name, unisp_name_a))
{
has_schannel = TRUE;
break;
}
}
pFreeContextBuffer(package_info);
}
if (!has_schannel)
{
skip("Schannel not available\n");
return;
}
lstrcpyW(ms_def_prov_w, MS_DEF_PROV_W);
keyProvInfo.pwszContainerName = cspNameW;
keyProvInfo.pwszProvName = ms_def_prov_w;
keyProvInfo.dwProvType = PROV_RSA_FULL;
keyProvInfo.dwFlags = 0;
keyProvInfo.cProvParam = 0;
keyProvInfo.rgProvParam = NULL;
keyProvInfo.dwKeySpec = AT_SIGNATURE;
certs[0] = pCertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
sizeof(bigCert));
certs[1] = pCertCreateCertificateContext(X509_ASN_ENCODING, selfSignedCert,
sizeof(selfSignedCert));
SetLastError(0xdeadbeef);
ret = pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_DELETEKEYSET);
if (!ret && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
{
/* WinMe would crash on some tests */
win_skip("CryptAcquireContextW is not implemented\n");
return;
}
st = pAcquireCredentialsHandleA(NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL,
NULL);
ok(st == SEC_E_SECPKG_NOT_FOUND,
"Expected SEC_E_SECPKG_NOT_FOUND, got %08x\n", st);
if (0)
{
/* Crashes on Win2K */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, 0, NULL, NULL, NULL,
NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
/* Crashes on WinNT */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_BOTH, NULL,
NULL, NULL, NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, NULL, NULL, NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
/* Crashes */
pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, NULL, NULL);
}
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
if(st == SEC_E_OK)
pFreeCredentialsHandle(&cred);
memset(&cred, 0, sizeof(cred));
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, &cred, &exp);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
/* expriy is indeterminate in win2k3 */
trace("expiry: %08x%08x\n", exp.HighPart, exp.LowPart);
st = pQueryCredentialsAttributesA(&cred, SECPKG_CRED_ATTR_NAMES, &names);
ok(st == SEC_E_NO_CREDENTIALS || st == SEC_E_UNSUPPORTED_FUNCTION /* before Vista */, "expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
pFreeCredentialsHandle(&cred);
/* Bad version in SCHANNEL_CRED */
memset(&schanCred, 0, sizeof(schanCred));
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */ ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */ ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
/* No cert in SCHANNEL_CRED succeeds for outbound.. */
schanCred.dwVersion = SCHANNEL_CRED_VERSION;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
/* but fails for inbound. */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_OK /* Vista/win2k8 */,
"Expected SEC_E_NO_CREDENTIALS or SEC_E_OK, got %08x\n", st);
if (0)
{
/* Crashes with bad paCred pointer */
schanCred.cCreds = 1;
pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
}
/* Bogus cert in SCHANNEL_CRED. Windows fails with
* SEC_E_UNKNOWN_CREDENTIALS, but I'll accept SEC_E_NO_CREDENTIALS too.
*/
schanCred.cCreds = 1;
schanCred.paCred = &certs[0];
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
/* Good cert, but missing private key. Windows fails with
* SEC_E_NO_CREDENTIALS, but I'll accept SEC_E_UNKNOWN_CREDENTIALS too.
*/
schanCred.cCreds = 1;
schanCred.paCred = &certs[1];
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INTERNAL_ERROR, /* win2k */
"Expected SEC_E_UNKNOWN_CREDENTIALS, SEC_E_NO_CREDENTIALS "
"or SEC_E_INTERNAL_ERROR, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INTERNAL_ERROR, /* win2k */
"Expected SEC_E_UNKNOWN_CREDENTIALS, SEC_E_NO_CREDENTIALS "
"or SEC_E_INTERNAL_ERROR, got %08x\n", st);
/* Good cert, with CRYPT_KEY_PROV_INFO set before it's had a key loaded. */
if (pCertSetCertificateContextProperty)
{
ret = pCertSetCertificateContextProperty(certs[1],
CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo);
schanCred.dwVersion = SCH_CRED_V3;
ok(ret, "CertSetCertificateContextProperty failed: %08x\n", GetLastError());
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_INTERNAL_ERROR /* WinNT */,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_INTERNAL_ERROR /* WinNT */,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st);
}
ret = pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_NEWKEYSET);
ok(ret, "CryptAcquireContextW failed: %08x\n", GetLastError());
ret = 0;
if (pCryptImportKey)
{
ret = pCryptImportKey(csp, privKey, sizeof(privKey), 0, 0, &key);
ok(ret, "CryptImportKey failed: %08x\n", GetLastError());
}
if (ret)
{
PCCERT_CONTEXT tmp;
if (0)
{
/* Crashes */
pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
/* Crashes on WinNT */
/* Good cert with private key, bogus version */
schanCred.dwVersion = SCH_CRED_V1;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
"Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
"Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
schanCred.dwVersion = SCH_CRED_V2;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
"Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
"Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
}
/* Succeeds on V3 or higher */
schanCred.dwVersion = SCH_CRED_V3;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK ||
st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
"AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
schanCred.dwVersion = SCHANNEL_CRED_VERSION;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK ||
st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
"AcquireCredentialsHandleA failed: %08x\n", st);
if (st == SEC_E_OK) test_strength(&cred);
pFreeCredentialsHandle(&cred);
/* How about more than one cert? */
schanCred.cCreds = 2;
schanCred.paCred = certs;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS /* Vista/win2k8 */ ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
tmp = certs[0];
certs[0] = certs[1];
certs[1] = tmp;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
/* FIXME: what about two valid certs? */
if (pCryptDestroyKey)
pCryptDestroyKey(key);
}
if (pCryptReleaseContext)
pCryptReleaseContext(csp, 0);
pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_DELETEKEYSET);
if (pCertFreeCertificateContext)
{
pCertFreeCertificateContext(certs[0]);
pCertFreeCertificateContext(certs[1]);
}
}
