2 Unix SMB/CIFS implementation.
3 test suite for backupkey remote protocol rpc operations
5 Copyright (C) Matthieu Patou 2010-2011
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "../libcli/security/security.h"
24 #include "torture/rpc/torture_rpc.h"
25 #include "torture/ndr/ndr.h"
27 #include "librpc/gen_ndr/ndr_backupkey_c.h"
28 #include "librpc/gen_ndr/ndr_backupkey.h"
29 #include "librpc/gen_ndr/ndr_lsa_c.h"
30 #include "librpc/gen_ndr/ndr_security.h"
31 #include "lib/cmdline/popt_common.h"
32 #include "libcli/auth/proto.h"
33 #include "lib/crypto/arcfour.h"
35 #include <hcrypto/sha.h>
36 #include <system/network.h>
39 #include <hcrypto/rsa.h>
40 #include <hcrypto/hmac.h>
41 #include <hcrypto/sha.h>
42 #include <hcrypto/evp.h>
48 WRONG_CIPHERTEXT_LENGTH,
50 SHORT_CIPHERTEXT_LENGTH,
52 ZERO_CIPHERTEXT_LENGTH,
58 /* Our very special and valued secret */
59 /* No need to put const as we cast the array in uint8_t
60 * we will get a warning about the discared const
62 static const char secret[] = "tata yoyo mais qu'est ce qu'il y a sous ton grand chapeau ?";
64 /* Get the SID from a user */
65 static struct dom_sid *get_user_sid(struct torture_context *tctx,
69 struct lsa_ObjectAttribute attr;
70 struct lsa_QosInfo qos;
71 struct lsa_OpenPolicy2 r;
74 struct policy_handle handle;
75 struct lsa_LookupNames l;
76 struct lsa_TransSidArray sids;
77 struct lsa_RefDomainList *domains = NULL;
78 struct lsa_String lsa_name;
80 struct dom_sid *result;
82 struct dcerpc_pipe *p2;
83 struct dcerpc_binding_handle *b;
85 const char *domain = cli_credentials_get_domain(cmdline_credentials);
87 torture_assert_ntstatus_ok(tctx,
88 torture_rpc_connection(tctx, &p2, &ndr_table_lsarpc),
89 "could not open lsarpc pipe");
90 b = p2->binding_handle;
92 if (!(tmp_ctx = talloc_new(mem_ctx))) {
96 qos.impersonation_level = 2;
98 qos.effective_only = 0;
101 attr.root_dir = NULL;
102 attr.object_name = NULL;
104 attr.sec_desc = NULL;
107 r.in.system_name = "\\";
109 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
110 r.out.handle = &handle;
112 status = dcerpc_lsa_OpenPolicy2_r(b, tmp_ctx, &r);
113 if (!NT_STATUS_IS_OK(status)) {
114 torture_comment(tctx,
115 "OpenPolicy2 failed - %s\n",
117 talloc_free(tmp_ctx);
120 if (!NT_STATUS_IS_OK(r.out.result)) {
121 torture_comment(tctx,
122 "OpenPolicy2_ failed - %s\n",
123 nt_errstr(r.out.result));
124 talloc_free(tmp_ctx);
131 lsa_name.string = talloc_asprintf(tmp_ctx, "%s\\%s", domain, user);
133 l.in.handle = &handle;
135 l.in.names = &lsa_name;
139 l.out.count = &count;
141 l.out.domains = &domains;
143 status = dcerpc_lsa_LookupNames_r(b, tmp_ctx, &l);
144 if (!NT_STATUS_IS_OK(status)) {
145 torture_comment(tctx,
146 "LookupNames of %s failed - %s\n",
149 talloc_free(tmp_ctx);
153 if (domains->count == 0) {
157 result = dom_sid_add_rid(mem_ctx,
158 domains->domains[0].sid,
159 l.out.sids->sids[0].rid);
160 c.in.handle = &handle;
161 c.out.handle = &handle;
163 status = dcerpc_lsa_Close_r(b, tmp_ctx, &c);
165 if (!NT_STATUS_IS_OK(status)) {
166 torture_comment(tctx,
167 "dcerpc_lsa_Close failed - %s\n",
169 talloc_free(tmp_ctx);
173 if (!NT_STATUS_IS_OK(c.out.result)) {
174 torture_comment(tctx,
175 "dcerpc_lsa_Close failed - %s\n",
176 nt_errstr(c.out.result));
177 talloc_free(tmp_ctx);
181 talloc_free(tmp_ctx);
184 torture_comment(tctx, "Get_user_sid finished\n");
189 * Create a bkrp_encrypted_secret_vX structure
190 * the version depends on the version parameter
191 * the structure is returned as a blob.
192 * The broken flag is to indicate if we want
193 * to create a non conform to specification structre
195 static DATA_BLOB *create_unencryptedsecret(TALLOC_CTX *mem_ctx,
199 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
200 DATA_BLOB *blob = talloc_zero(mem_ctx, DATA_BLOB);
201 enum ndr_err_code ndr_err;
204 struct bkrp_encrypted_secret_v2 unenc_sec;
206 ZERO_STRUCT(unenc_sec);
207 unenc_sec.secret_len = sizeof(secret);
208 unenc_sec.secret = discard_const_p(uint8_t, secret);
209 generate_random_buffer(unenc_sec.payload_key,
210 sizeof(unenc_sec.payload_key));
212 ndr_err = ndr_push_struct_blob(blob, blob, &unenc_sec,
213 (ndr_push_flags_fn_t)ndr_push_bkrp_encrypted_secret_v2);
214 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
219 /* The magic value is correctly set by the NDR push
220 * but we want to test the behavior of the server
221 * if a differrent value is provided
223 ((uint8_t*)blob->data)[4] = 79; /* A great year !!! */
228 struct bkrp_encrypted_secret_v3 unenc_sec;
230 ZERO_STRUCT(unenc_sec);
231 unenc_sec.secret_len = sizeof(secret);
232 unenc_sec.secret = discard_const_p(uint8_t, secret);
233 generate_random_buffer(unenc_sec.payload_key,
234 sizeof(unenc_sec.payload_key));
236 ndr_err = ndr_push_struct_blob(blob, blob, &unenc_sec,
237 (ndr_push_flags_fn_t)ndr_push_bkrp_encrypted_secret_v3);
238 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
244 * The magic value is correctly set by the NDR push
245 * but we want to test the behavior of the server
246 * if a differrent value is provided
248 ((uint8_t*)blob->data)[4] = 79; /* A great year !!! */
251 talloc_free(tmp_ctx);
256 * Create an access check structure, the format depends on the version parameter.
257 * If broken is specified then we create a stucture that isn't conform to the
260 * If the structure can't be created then NULL is returned.
262 static DATA_BLOB *create_access_check(struct torture_context *tctx,
263 struct dcerpc_pipe *p,
269 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
270 DATA_BLOB *blob = talloc_zero(mem_ctx, DATA_BLOB);
271 enum ndr_err_code ndr_err;
272 const struct dom_sid *sid = get_user_sid(tctx, tmp_ctx, user);
279 struct bkrp_access_check_v2 access_struct;
283 ZERO_STRUCT(access_struct);
284 generate_random_buffer(nonce, sizeof(nonce));
285 access_struct.nonce_len = sizeof(nonce);
286 access_struct.nonce = nonce;
287 access_struct.sid = *sid;
289 ndr_err = ndr_push_struct_blob(blob, blob, &access_struct,
290 (ndr_push_flags_fn_t)ndr_push_bkrp_access_check_v2);
291 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
296 * We pushed the whole structure including a null hash
297 * but the hash need to be calculated only up to the hash field
298 * so we reduce the size of what has to be calculated
302 SHA1_Update(&sctx, blob->data,
303 blob->length - sizeof(access_struct.hash));
304 SHA1_Final(blob->data + blob->length - sizeof(access_struct.hash),
307 /* Altering the SHA */
309 blob->data[blob->length - 1]++;
314 struct bkrp_access_check_v3 access_struct;
315 struct hc_sha512state sctx;
318 ZERO_STRUCT(access_struct);
319 generate_random_buffer(nonce, sizeof(nonce));
320 access_struct.nonce_len = sizeof(nonce);
321 access_struct.nonce = nonce;
322 access_struct.sid = *sid;
324 ndr_err = ndr_push_struct_blob(blob, blob, &access_struct,
325 (ndr_push_flags_fn_t)ndr_push_bkrp_access_check_v3);
326 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
330 /*We pushed the whole structure including a null hash
331 * but the hash need to be calculated only up to the hash field
332 * so we reduce the size of what has to be calculated
336 SHA512_Update(&sctx, blob->data,
337 blob->length - sizeof(access_struct.hash));
338 SHA512_Final(blob->data + blob->length - sizeof(access_struct.hash),
341 /* Altering the SHA */
343 blob->data[blob->length -1]++;
346 talloc_free(tmp_ctx);
351 static DATA_BLOB *encrypt_blob(struct torture_context *tctx,
355 DATA_BLOB *to_encrypt,
356 const AlgorithmIdentifier *alg)
360 heim_octet_string ivos;
361 heim_octet_string *encrypted;
362 DATA_BLOB *blob = talloc_zero(mem_ctx, DATA_BLOB);
365 ivos.data = talloc_array(mem_ctx, uint8_t, iv->length);
366 ivos.length = iv->length;
367 memcpy(ivos.data, iv->data, iv->length);
369 hx509_context_init(&hctx);
370 res = hx509_crypto_init(hctx, NULL, &alg->algorithm, &crypto);
372 torture_comment(tctx,
373 "error while doing the init of the crypto object\n");
374 hx509_context_free(&hctx);
377 res = hx509_crypto_set_key_data(crypto, key->data, key->length);
379 torture_comment(tctx,
380 "error while setting the key of the crypto object\n");
381 hx509_context_free(&hctx);
385 hx509_crypto_set_padding(crypto, HX509_CRYPTO_PADDING_NONE);
386 res = hx509_crypto_encrypt(crypto,
392 torture_comment(tctx, "error while encrypting\n");
393 hx509_crypto_destroy(crypto);
394 hx509_context_free(&hctx);
398 *blob = data_blob_talloc(blob, encrypted->data, encrypted->length);
399 der_free_octet_string(encrypted);
401 hx509_crypto_destroy(crypto);
402 hx509_context_free(&hctx);
407 * Certs used for this protocol have a GUID in the issuer_uniq_id field.
408 * This function fetch it.
410 static struct GUID *get_cert_guid(struct torture_context *tctx,
417 heim_bit_string issuer_unique_id;
421 struct GUID *guid = talloc_zero(mem_ctx, struct GUID);
424 hx509_context_init(&hctx);
426 hret = hx509_cert_init_data(hctx, cert_data, cert_len, &cert);
428 torture_comment(tctx, "error while loading the cert\n");
429 hx509_context_free(&hctx);
432 hret = hx509_cert_get_issuer_unique_id(hctx, cert, &issuer_unique_id);
434 torture_comment(tctx, "error while getting the issuer_uniq_id\n");
435 hx509_cert_free(cert);
436 hx509_context_free(&hctx);
440 /* The issuer_unique_id is a bit string,
441 * which means that the real size has to be divided by 8
442 * to have the number of bytes
444 hx509_cert_free(cert);
445 hx509_context_free(&hctx);
446 size = issuer_unique_id.length / 8;
447 data = data_blob_const(issuer_unique_id.data, size);
449 status = GUID_from_data_blob(&data, guid);
450 der_free_bit_string(&issuer_unique_id);
451 if (!NT_STATUS_IS_OK(status)) {
459 * Encrypt a blob with the private key of the certificate
460 * passed as a parameter.
462 static DATA_BLOB *encrypt_blob_pk(struct torture_context *tctx,
466 DATA_BLOB *to_encrypt)
470 heim_octet_string secretdata;
471 heim_octet_string encrypted;
472 heim_oid encryption_oid;
476 hx509_context_init(&hctx);
478 hret = hx509_cert_init_data(hctx, cert_data, cert_len, &cert);
480 torture_comment(tctx, "error while loading the cert\n");
481 hx509_context_free(&hctx);
485 secretdata.data = to_encrypt->data;
486 secretdata.length = to_encrypt->length;
487 hret = hx509_cert_public_encrypt(hctx, &secretdata,
488 cert, &encryption_oid,
490 hx509_cert_free(cert);
491 hx509_context_free(&hctx);
493 torture_comment(tctx, "error while encrypting\n");
497 blob = talloc_zero(mem_ctx, DATA_BLOB);
499 der_free_oid(&encryption_oid);
500 der_free_octet_string(&encrypted);
504 *blob = data_blob_talloc(blob, encrypted.data, encrypted.length);
505 der_free_octet_string(&encrypted);
506 der_free_oid(&encryption_oid);
507 if (blob->data == NULL) {
515 static struct bkrp_BackupKey *createRetrieveBackupKeyGUIDStruct(struct torture_context *tctx,
516 struct dcerpc_pipe *p, int version, DATA_BLOB *out)
518 struct dcerpc_binding *binding;
519 struct bkrp_client_side_wrapped data;
520 struct GUID *g = talloc(tctx, struct GUID);
521 struct bkrp_BackupKey *r = talloc_zero(tctx, struct bkrp_BackupKey);
522 enum ndr_err_code ndr_err;
530 binding = dcerpc_binding_dup(tctx, p->binding);
531 if (binding == NULL) {
535 status = dcerpc_binding_set_flags(binding, DCERPC_SEAL|DCERPC_AUTH_SPNEGO, 0);
536 if (!NT_STATUS_IS_OK(status)) {
541 status = GUID_from_string(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, g);
542 if (!NT_STATUS_IS_OK(status)) {
546 r->in.guidActionAgent = g;
547 data.version = version;
548 ndr_err = ndr_push_struct_blob(&blob, tctx, &data,
549 (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
550 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
553 r->in.data_in = blob.data;
554 r->in.data_in_len = blob.length;
555 r->out.data_out = &out->data;
556 r->out.data_out_len = talloc(r, uint32_t);
560 static struct bkrp_BackupKey *createRestoreGUIDStruct(struct torture_context *tctx,
561 struct dcerpc_pipe *p, int version, DATA_BLOB *out,
565 bool broken_magic_secret,
566 bool broken_magic_access,
567 bool broken_hash_access,
568 bool broken_cert_guid)
570 struct dcerpc_binding_handle *b = p->binding_handle;
571 struct bkrp_client_side_wrapped data;
574 DATA_BLOB *enc_sec = NULL;
575 DATA_BLOB *enc_xs = NULL;
577 DATA_BLOB enc_sec_reverted;
582 struct GUID *guid, *g;
585 enum ndr_err_code ndr_err;
588 struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, version, &out_blob);
594 /* we take a fake user*/
597 user = cli_credentials_get_username(cmdline_credentials);
601 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
603 torture_assert_werr_ok(tctx, r->out.result,
607 * We have to set it outside of the function createRetrieveBackupKeyGUIDStruct
608 * the len of the blob, this is due to the fact that they don't have the
609 * same size (one is 32bits the other 64bits)
611 out_blob.length = *r->out.data_out_len;
613 sec = create_unencryptedsecret(tctx, broken_magic_secret, version);
618 xs = create_access_check(tctx, p, tctx, user, broken_hash_access, version);
623 if (broken_magic_access){
624 /* The start of the access_check structure contains the
625 * GUID of the certificate
630 enc_sec = encrypt_blob_pk(tctx, tctx, out_blob.data, out_blob.length, sec);
634 enc_sec_reverted.data = talloc_array(tctx, uint8_t, enc_sec->length);
635 if (enc_sec_reverted.data == NULL) {
638 enc_sec_reverted.length = enc_sec->length;
641 * We DO NOT revert the array on purpose it's in order to check that
642 * when the server is not able to decrypt then it answer the correct error
645 for(t=0; t< enc_sec->length; t++) {
646 enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[t];
649 for(t=0; t< enc_sec->length; t++) {
650 enc_sec_reverted.data[t] = ((uint8_t*)enc_sec->data)[enc_sec->length - t -1];
656 const AlgorithmIdentifier *alg = hx509_crypto_des_rsdi_ede3_cbc();
657 iv.data = sec->data+(size - 8);
660 des3_key.data = sec->data+(size - 32);
661 des3_key.length = 24;
663 enc_xs = encrypt_blob(tctx, tctx, &des3_key, &iv, xs, alg);
666 const AlgorithmIdentifier *alg = hx509_crypto_aes256_cbc();
667 iv.data = sec->data+(size-16);
670 aes_key.data = sec->data+(size-48);
673 enc_xs = encrypt_blob(tctx, tctx, &aes_key, &iv, xs, alg);
680 /* To cope with the fact that heimdal do padding at the end for the moment */
681 enc_xs->length = xs->length;
683 guid = get_cert_guid(tctx, tctx, out_blob.data, out_blob.length);
688 if (broken_version) {
691 data.version = version;
695 data.encrypted_secret = enc_sec_reverted.data;
696 data.access_check = enc_xs->data;
697 data.encrypted_secret_len = enc_sec->length;
698 data.access_check_len = enc_xs->length;
700 /* We want the blob to persist after this function so we don't
701 * allocate it in the stack
703 blob2 = talloc(tctx, DATA_BLOB);
708 ndr_err = ndr_push_struct_blob(blob2, tctx, &data,
709 (ndr_push_flags_fn_t)ndr_push_bkrp_client_side_wrapped);
710 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
714 if (broken_cert_guid) {
720 g = talloc(tctx, struct GUID);
725 status = GUID_from_string(BACKUPKEY_RESTORE_GUID, g);
726 if (!NT_STATUS_IS_OK(status)) {
730 r->in.guidActionAgent = g;
731 r->in.data_in = blob2->data;
732 r->in.data_in_len = blob2->length;
734 r->out.data_out = &(out->data);
735 r->out.data_out_len = talloc(r, uint32_t);
739 /* Check that we are able to receive the certificate of the DCs
740 * used for client wrap version of the backup key protocol
742 static bool test_RetrieveBackupKeyGUID(struct torture_context *tctx,
743 struct dcerpc_pipe *p)
745 struct dcerpc_binding_handle *b = p->binding_handle;
747 struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
748 enum dcerpc_AuthType auth_type;
749 enum dcerpc_AuthLevel auth_level;
755 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
757 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
758 torture_assert_ntstatus_ok(tctx,
759 dcerpc_bkrp_BackupKey_r(b, tctx, r),
762 out_blob.length = *r->out.data_out_len;
763 torture_assert_werr_equal(tctx,
766 "Wrong dce/rpc error code");
768 torture_assert_ntstatus_equal(tctx,
769 dcerpc_bkrp_BackupKey_r(b, tctx, r),
770 NT_STATUS_ACCESS_DENIED,
776 /* Test to check the failure to recover a secret because the
777 * secret blob is not reversed
779 static bool test_RestoreGUID_ko(struct torture_context *tctx,
780 struct dcerpc_pipe *p)
782 enum ndr_err_code ndr_err;
783 struct dcerpc_binding_handle *b = p->binding_handle;
785 struct bkrp_client_side_unwrapped resp;
786 enum dcerpc_AuthType auth_type;
787 enum dcerpc_AuthLevel auth_level;
789 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
791 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
792 struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 2, &out_blob,
793 true, false, false, false, false, false, false);
794 torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
795 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
796 out_blob.length = *r->out.data_out_len;
797 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
798 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
799 if (!W_ERROR_EQUAL(r->out.result, WERR_INVALID_PARAM)) {
800 torture_assert_werr_equal(tctx, r->out.result,
805 struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
806 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
807 NT_STATUS_ACCESS_DENIED, "Get GUID");
812 static bool test_RestoreGUID_wrongversion(struct torture_context *tctx,
813 struct dcerpc_pipe *p)
815 enum ndr_err_code ndr_err;
816 struct dcerpc_binding_handle *b = p->binding_handle;
818 struct bkrp_client_side_unwrapped resp;
819 enum dcerpc_AuthType auth_type;
820 enum dcerpc_AuthLevel auth_level;
822 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
824 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
825 struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 2, &out_blob,
826 false, true, false, false, false, false, false);
827 torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
828 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
829 out_blob.length = *r->out.data_out_len;
830 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
831 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
832 torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_PARAM, "Wrong error code on wrong version");
834 struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
835 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
836 NT_STATUS_ACCESS_DENIED, "Get GUID");
841 static bool test_RestoreGUID_wronguser(struct torture_context *tctx,
842 struct dcerpc_pipe *p)
844 enum ndr_err_code ndr_err;
845 struct dcerpc_binding_handle *b = p->binding_handle;
847 struct bkrp_client_side_unwrapped resp;
848 enum dcerpc_AuthType auth_type;
849 enum dcerpc_AuthLevel auth_level;
851 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
853 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
854 struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 2, &out_blob,
855 false, false, true, false, false, false, false);
856 torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
857 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
858 out_blob.length = *r->out.data_out_len;
859 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
860 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
861 torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_ACCESS, "Restore GUID");
863 struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
864 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
865 NT_STATUS_ACCESS_DENIED, "Get GUID");
870 static bool test_RestoreGUID_v3(struct torture_context *tctx,
871 struct dcerpc_pipe *p)
873 enum ndr_err_code ndr_err;
874 struct dcerpc_binding_handle *b = p->binding_handle;
876 struct bkrp_client_side_unwrapped resp;
877 enum dcerpc_AuthType auth_type;
878 enum dcerpc_AuthLevel auth_level;
880 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
882 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
883 struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 3, &out_blob,
884 false, false, false, false, false, false, false);
885 torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
886 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
887 out_blob.length = *r->out.data_out_len;
888 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
889 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 1, "Unable to unmarshall bkrp_client_side_unwrapped");
890 torture_assert_werr_equal(tctx, r->out.result, WERR_OK, "Restore GUID");
891 torture_assert_str_equal(tctx, (char*)resp.secret.data, secret, "Wrong secret");
893 struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
894 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
895 NT_STATUS_ACCESS_DENIED, "Get GUID");
900 static bool test_RestoreGUID(struct torture_context *tctx,
901 struct dcerpc_pipe *p)
903 struct dcerpc_binding_handle *b = p->binding_handle;
905 struct bkrp_client_side_unwrapped resp;
906 enum dcerpc_AuthType auth_type;
907 enum dcerpc_AuthLevel auth_level;
909 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
911 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
912 struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 2, &out_blob,
913 false, false, false, false, false, false, false);
914 torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
915 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
916 out_blob.length = *r->out.data_out_len;
917 torture_assert_werr_equal(tctx, r->out.result, WERR_OK, "Restore GUID");
918 torture_assert_ndr_err_equal(tctx,
919 ndr_pull_struct_blob(&out_blob, tctx, &resp,
920 (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped),
922 "Unable to unmarshall bkrp_client_side_unwrapped");
923 torture_assert_str_equal(tctx, (char*)resp.secret.data, secret, "Wrong secret");
925 struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
926 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
927 NT_STATUS_ACCESS_DENIED, "Get GUID");
932 static bool test_RestoreGUID_badmagiconsecret(struct torture_context *tctx,
933 struct dcerpc_pipe *p)
935 enum ndr_err_code ndr_err;
936 struct dcerpc_binding_handle *b = p->binding_handle;
938 struct bkrp_client_side_unwrapped resp;
939 enum dcerpc_AuthType auth_type;
940 enum dcerpc_AuthLevel auth_level;
942 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
944 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
945 struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 3, &out_blob,
946 false, false, false, true, false, false, false);
947 torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
948 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
949 out_blob.length = *r->out.data_out_len;
950 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
951 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
952 torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_DATA, "Wrong error code while providing bad magic in secret");
954 struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
955 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
956 NT_STATUS_ACCESS_DENIED, "Get GUID");
961 static bool test_RestoreGUID_emptyrequest(struct torture_context *tctx,
962 struct dcerpc_pipe *p)
964 struct dcerpc_binding_handle *b = p->binding_handle;
966 enum dcerpc_AuthType auth_type;
967 enum dcerpc_AuthLevel auth_level;
969 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
971 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
972 struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 3, &out_blob,
973 false, false, false, true, false, false, true);
975 torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
976 r->in.data_in = talloc(tctx, uint8_t);
977 r->in.data_in_len = 0;
979 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
980 out_blob.length = *r->out.data_out_len;
981 torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_PARAM, "Bad error code on wrong has in access check");
983 struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
984 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
985 NT_STATUS_ACCESS_DENIED, "Get GUID");
990 static bool test_RestoreGUID_badcertguid(struct torture_context *tctx,
991 struct dcerpc_pipe *p)
993 enum ndr_err_code ndr_err;
994 struct dcerpc_binding_handle *b = p->binding_handle;
996 struct bkrp_client_side_unwrapped resp;
997 enum dcerpc_AuthType auth_type;
998 enum dcerpc_AuthLevel auth_level;
1000 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
1002 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
1003 struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 3, &out_blob,
1004 false, false, false, false, false, false, true);
1005 torture_assert(tctx, r != NULL, "createRestoreGUIDStruct() failed");
1006 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
1007 out_blob.length = *r->out.data_out_len;
1008 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
1009 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
1012 * Windows 2012R2 has, presumably, a programming error
1013 * returning an NTSTATUS code on this interface
1015 if (W_ERROR_V(r->out.result) != NT_STATUS_V(NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1016 torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check");
1019 struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
1020 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
1021 NT_STATUS_ACCESS_DENIED, "Get GUID");
1026 static bool test_RestoreGUID_badmagicaccesscheck(struct torture_context *tctx,
1027 struct dcerpc_pipe *p)
1029 enum ndr_err_code ndr_err;
1030 struct dcerpc_binding_handle *b = p->binding_handle;
1032 struct bkrp_client_side_unwrapped resp;
1033 enum dcerpc_AuthType auth_type;
1034 enum dcerpc_AuthLevel auth_level;
1036 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
1038 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
1039 struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 2, &out_blob,
1040 false, false, false, false, true, false, false);
1041 torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
1042 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
1043 out_blob.length = *r->out.data_out_len;
1044 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
1045 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
1046 torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check");
1048 struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
1049 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
1050 NT_STATUS_ACCESS_DENIED, "Get GUID");
1055 static bool test_RestoreGUID_badhashaccesscheck(struct torture_context *tctx,
1056 struct dcerpc_pipe *p)
1058 enum ndr_err_code ndr_err;
1059 struct dcerpc_binding_handle *b = p->binding_handle;
1061 struct bkrp_client_side_unwrapped resp;
1062 enum dcerpc_AuthType auth_type;
1063 enum dcerpc_AuthLevel auth_level;
1065 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
1067 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
1068 struct bkrp_BackupKey *r = createRestoreGUIDStruct(tctx, p, 2, &out_blob,
1069 false, false, false, false, false, true, false);
1070 torture_assert(tctx, r != NULL, "createRestoreGUIDStruct failed");
1071 torture_assert_ntstatus_ok(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r), "Restore GUID");
1072 out_blob.length = *r->out.data_out_len;
1073 ndr_err = ndr_pull_struct_blob(&out_blob, tctx, &resp, (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_unwrapped);
1074 torture_assert_int_equal(tctx, NDR_ERR_CODE_IS_SUCCESS(ndr_err), 0, "Unable to unmarshall bkrp_client_side_unwrapped");
1075 torture_assert_werr_equal(tctx, r->out.result, WERR_INVALID_DATA, "Bad error code on wrong has in access check");
1077 struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
1078 torture_assert_ntstatus_equal(tctx, dcerpc_bkrp_BackupKey_r(b, tctx, r),
1079 NT_STATUS_ACCESS_DENIED, "Get GUID");
1085 * Check that the RSA modulus in the certificate of the DCs has 2048 bits.
1087 static bool test_RetrieveBackupKeyGUID_2048bits(struct torture_context *tctx,
1088 struct dcerpc_pipe *p)
1090 struct dcerpc_binding_handle *b = p->binding_handle;
1092 struct bkrp_BackupKey *r = createRetrieveBackupKeyGUIDStruct(tctx, p, 2, &out_blob);
1093 enum dcerpc_AuthType auth_type;
1094 enum dcerpc_AuthLevel auth_level;
1099 SubjectPublicKeyInfo spki;
1101 int RSA_returned_bits;
1103 torture_assert(tctx, r != NULL, "createRetrieveBackupKeyGUIDStruct failed");
1105 hx509_context_init(&hctx);
1111 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
1113 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
1114 const unsigned char *spki_spk_data;
1115 torture_assert_ntstatus_ok(tctx,
1116 dcerpc_bkrp_BackupKey_r(b, tctx, r),
1119 torture_assert_werr_ok(tctx, r->out.result,
1122 out_blob.length = *r->out.data_out_len;
1124 hret = hx509_cert_init_data(hctx, out_blob.data, out_blob.length, &cert);
1125 torture_assert_int_equal(tctx, hret, 0, "hx509_cert_init_data failed");
1127 hret = hx509_cert_get_SPKI(hctx, cert , &spki);
1128 torture_assert_int_equal(tctx, hret, 0, "hx509_cert_get_SPKI failed");
1130 /* We must take a copy, as d2i_RSAPublicKey *changes* the input parameter */
1131 spki_spk_data = spki.subjectPublicKey.data;
1132 rsa = d2i_RSAPublicKey(NULL, &spki_spk_data, spki.subjectPublicKey.length / 8);
1133 torture_assert_int_equal(tctx, rsa != NULL, 1, "d2i_RSAPublicKey failed");
1135 RSA_returned_bits = BN_num_bits(rsa->n);
1136 torture_assert_int_equal(tctx,
1139 "RSA Key doesn't have 2048 bits");
1144 * Because we prevented spki from being changed above,
1145 * we can now safely call this to free it
1147 free_SubjectPublicKeyInfo(&spki);
1148 hx509_cert_free(cert);
1149 hx509_context_free(&hctx);
1152 torture_assert_ntstatus_equal(tctx,
1153 dcerpc_bkrp_BackupKey_r(b, tctx, r),
1154 NT_STATUS_ACCESS_DENIED,
1160 static bool test_ServerWrap_encrypt_decrypt(struct torture_context *tctx,
1161 struct dcerpc_pipe *p)
1163 struct bkrp_BackupKey r;
1165 DATA_BLOB plaintext = data_blob_const(secret, sizeof(secret));
1166 DATA_BLOB encrypted;
1168 DATA_BLOB decrypted;
1170 struct dcerpc_binding_handle *b = p->binding_handle;
1171 enum dcerpc_AuthType auth_type;
1172 enum dcerpc_AuthLevel auth_level;
1175 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
1178 torture_assert_ntstatus_ok(tctx,
1179 GUID_from_string(BACKUPKEY_BACKUP_GUID, &guid),
1182 r.in.guidActionAgent = &guid;
1183 r.in.data_in = plaintext.data;
1184 r.in.data_in_len = plaintext.length;
1186 r.out.data_out = &encrypted.data;
1187 r.out.data_out_len = &enclen;
1188 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
1189 torture_assert_ntstatus_ok(tctx,
1190 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1193 torture_assert_ntstatus_equal(tctx,
1194 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1195 NT_STATUS_ACCESS_DENIED,
1199 torture_assert_werr_ok(tctx,
1202 encrypted.length = *r.out.data_out_len;
1205 torture_assert_ntstatus_ok(tctx,
1206 GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
1209 r.in.guidActionAgent = &guid;
1210 r.in.data_in = encrypted.data;
1211 r.in.data_in_len = encrypted.length;
1213 r.out.data_out = &(decrypted.data);
1214 r.out.data_out_len = &declen;
1215 torture_assert_ntstatus_ok(tctx,
1216 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1218 torture_assert_werr_ok(tctx,
1221 decrypted.length = *r.out.data_out_len;
1224 torture_assert_data_blob_equal(tctx, plaintext, decrypted, "Decrypt failed");
1227 torture_assert_ntstatus_ok(tctx,
1228 GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
1231 r.in.guidActionAgent = &guid;
1232 r.in.data_in = encrypted.data;
1233 r.in.data_in_len = encrypted.length;
1235 r.out.data_out = &(decrypted.data);
1236 r.out.data_out_len = &declen;
1237 torture_assert_ntstatus_ok(tctx,
1238 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1240 torture_assert_werr_ok(tctx,
1243 decrypted.length = *r.out.data_out_len;
1246 torture_assert_data_blob_equal(tctx, plaintext, decrypted, "Decrypt failed");
1250 static bool test_ServerWrap_decrypt_wrong_keyGUID(struct torture_context *tctx,
1251 struct dcerpc_pipe *p)
1253 struct bkrp_BackupKey r;
1255 DATA_BLOB plaintext = data_blob_const(secret, sizeof(secret));
1256 DATA_BLOB encrypted;
1258 DATA_BLOB decrypted;
1260 struct dcerpc_binding_handle *b = p->binding_handle;
1261 enum ndr_err_code ndr_err;
1262 struct bkrp_server_side_wrapped server_side_wrapped;
1263 enum dcerpc_AuthType auth_type;
1264 enum dcerpc_AuthLevel auth_level;
1267 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
1270 torture_assert_ntstatus_ok(tctx,
1271 GUID_from_string(BACKUPKEY_BACKUP_GUID, &guid),
1274 r.in.guidActionAgent = &guid;
1275 r.in.data_in = plaintext.data;
1276 r.in.data_in_len = plaintext.length;
1278 r.out.data_out = &encrypted.data;
1279 r.out.data_out_len = &enclen;
1280 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
1281 torture_assert_ntstatus_ok(tctx,
1282 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1285 torture_assert_ntstatus_equal(tctx,
1286 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1287 NT_STATUS_ACCESS_DENIED,
1291 torture_assert_werr_ok(tctx,
1294 encrypted.length = *r.out.data_out_len;
1296 ndr_err = ndr_pull_struct_blob(&encrypted, tctx, &server_side_wrapped,
1297 (ndr_pull_flags_fn_t)ndr_pull_bkrp_server_side_wrapped);
1298 torture_assert_ndr_err_equal(tctx, ndr_err, NDR_ERR_SUCCESS, "pull of server_side_wrapped");
1300 /* Change the GUID */
1301 server_side_wrapped.guid = GUID_random();
1303 ndr_err = ndr_push_struct_blob(&encrypted, tctx, &server_side_wrapped,
1304 (ndr_push_flags_fn_t)ndr_push_bkrp_server_side_wrapped);
1305 torture_assert_ndr_err_equal(tctx, ndr_err, NDR_ERR_SUCCESS, "push of server_side_wrapped");
1308 torture_assert_ntstatus_ok(tctx,
1309 GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
1312 r.in.guidActionAgent = &guid;
1313 r.in.data_in = encrypted.data;
1314 r.in.data_in_len = encrypted.length;
1316 r.out.data_out = &(decrypted.data);
1317 r.out.data_out_len = &declen;
1318 torture_assert_ntstatus_ok(tctx,
1319 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1321 torture_assert_werr_equal(tctx,
1324 "decrypt should fail with WERR_INVALID_DATA");
1327 torture_assert_ntstatus_ok(tctx,
1328 GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
1331 r.in.guidActionAgent = &guid;
1332 r.in.data_in = encrypted.data;
1333 r.in.data_in_len = encrypted.length;
1335 r.out.data_out = &(decrypted.data);
1336 r.out.data_out_len = &declen;
1337 torture_assert_ntstatus_ok(tctx,
1338 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1340 torture_assert_werr_equal(tctx,
1343 "decrypt should fail with WERR_INVALID_DATA");
1348 static bool test_ServerWrap_decrypt_empty_request(struct torture_context *tctx,
1349 struct dcerpc_pipe *p)
1351 struct bkrp_BackupKey r;
1353 DATA_BLOB decrypted;
1355 struct dcerpc_binding_handle *b = p->binding_handle;
1356 uint8_t short_request[4] = { 1, 0, 0, 0 };
1357 enum dcerpc_AuthType auth_type;
1358 enum dcerpc_AuthLevel auth_level;
1361 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
1364 torture_assert_ntstatus_ok(tctx,
1365 GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
1368 r.in.guidActionAgent = &guid;
1369 r.in.data_in = short_request;
1370 r.in.data_in_len = 0;
1372 r.out.data_out = &(decrypted.data);
1373 r.out.data_out_len = &declen;
1374 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
1375 torture_assert_ntstatus_ok(tctx,
1376 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1379 torture_assert_ntstatus_equal(tctx,
1380 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1381 NT_STATUS_ACCESS_DENIED,
1385 torture_assert_werr_equal(tctx,
1388 "decrypt should fail with WERR_INVALID_PARAM");
1391 torture_assert_ntstatus_ok(tctx,
1392 GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
1395 r.in.guidActionAgent = &guid;
1396 r.in.data_in = short_request;
1397 r.in.data_in_len = 0;
1399 r.out.data_out = &(decrypted.data);
1400 r.out.data_out_len = &declen;
1401 torture_assert_ntstatus_ok(tctx,
1402 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1404 torture_assert_werr_equal(tctx,
1407 "decrypt should fail with WERR_INVALID_PARAM");
1410 torture_assert_ntstatus_ok(tctx,
1411 GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
1414 r.in.guidActionAgent = &guid;
1415 r.in.data_in = NULL;
1416 r.in.data_in_len = 0;
1418 r.out.data_out = &(decrypted.data);
1419 r.out.data_out_len = &declen;
1420 torture_assert_ntstatus_equal(tctx,
1421 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1422 NT_STATUS_INVALID_PARAMETER_MIX,
1426 torture_assert_ntstatus_ok(tctx,
1427 GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
1430 r.in.guidActionAgent = &guid;
1431 r.in.data_in = NULL;
1432 r.in.data_in_len = 0;
1434 r.out.data_out = &(decrypted.data);
1435 r.out.data_out_len = &declen;
1436 torture_assert_ntstatus_equal(tctx,
1437 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1438 NT_STATUS_INVALID_PARAMETER_MIX,
1445 static bool test_ServerWrap_decrypt_short_request(struct torture_context *tctx,
1446 struct dcerpc_pipe *p)
1448 struct bkrp_BackupKey r;
1450 DATA_BLOB decrypted;
1452 struct dcerpc_binding_handle *b = p->binding_handle;
1453 uint8_t short_request[4] = { 1, 0, 0, 0 };
1454 enum dcerpc_AuthType auth_type;
1455 enum dcerpc_AuthLevel auth_level;
1458 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
1461 torture_assert_ntstatus_ok(tctx,
1462 GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
1465 r.in.guidActionAgent = &guid;
1466 r.in.data_in = short_request;
1467 r.in.data_in_len = 4;
1469 r.out.data_out = &(decrypted.data);
1470 r.out.data_out_len = &declen;
1471 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
1472 torture_assert_ntstatus_ok(tctx,
1473 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1476 torture_assert_ntstatus_equal(tctx,
1477 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1478 NT_STATUS_ACCESS_DENIED,
1482 torture_assert_werr_equal(tctx,
1485 "decrypt should fail with WERR_INVALID_PARM");
1488 torture_assert_ntstatus_ok(tctx,
1489 GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
1492 r.in.guidActionAgent = &guid;
1493 r.in.data_in = short_request;
1494 r.in.data_in_len = 4;
1496 r.out.data_out = &(decrypted.data);
1497 r.out.data_out_len = &declen;
1498 torture_assert_ntstatus_ok(tctx,
1499 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1501 torture_assert_werr_equal(tctx,
1504 "decrypt should fail with WERR_INVALID_PARAM");
1507 torture_assert_ntstatus_ok(tctx,
1508 GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
1511 r.in.guidActionAgent = &guid;
1512 r.in.data_in = short_request;
1513 r.in.data_in_len = 1;
1515 r.out.data_out = &(decrypted.data);
1516 r.out.data_out_len = &declen;
1517 torture_assert_ntstatus_ok(tctx,
1518 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1520 torture_assert_werr_equal(tctx,
1523 "decrypt should fail with WERR_INVALID_PARAM");
1526 torture_assert_ntstatus_ok(tctx,
1527 GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
1530 r.in.guidActionAgent = &guid;
1531 r.in.data_in = short_request;
1532 r.in.data_in_len = 1;
1534 r.out.data_out = &(decrypted.data);
1535 r.out.data_out_len = &declen;
1536 torture_assert_ntstatus_ok(tctx,
1537 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1539 torture_assert_werr_equal(tctx,
1542 "decrypt should fail with WERR_INVALID_PARAM");
1547 static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx,
1548 struct bkrp_server_side_wrapped *server_side_wrapped,
1549 enum test_wrong wrong)
1551 struct dcerpc_pipe *lsa_p;
1552 struct dcerpc_binding_handle *lsa_b;
1553 struct lsa_OpenSecret r_secret;
1554 struct lsa_QuerySecret r_query_secret;
1555 struct policy_handle *handle, sec_handle;
1556 struct bkrp_BackupKey r;
1557 struct GUID preferred_key_guid;
1558 DATA_BLOB plaintext = data_blob_const(secret, sizeof(secret));
1559 DATA_BLOB preferred_key, preferred_key_clear, session_key,
1560 decrypt_key, decrypt_key_clear, encrypted_blob, symkey_blob,
1562 struct bkrp_dc_serverwrap_key server_key;
1563 struct lsa_DATA_BUF_PTR bufp1;
1564 char *key_guid_string;
1565 struct bkrp_rc4encryptedpayload rc4payload;
1566 struct dom_sid *caller_sid;
1567 uint8_t symkey[20]; /* SHA-1 hash len */
1568 uint8_t mackey[20]; /* SHA-1 hash len */
1569 uint8_t mac[20]; /* SHA-1 hash len */
1570 unsigned int hash_len;
1573 ZERO_STRUCT(r_secret);
1574 ZERO_STRUCT(r_query_secret);
1576 /* Now read BCKUPKEY_P and prove we can do a matching decrypt and encrypt */
1578 torture_assert_ntstatus_ok(tctx,
1579 torture_rpc_connection(tctx, &lsa_p, &ndr_table_lsarpc),
1580 "Opening LSA pipe");
1581 lsa_b = lsa_p->binding_handle;
1583 torture_assert(tctx, test_lsa_OpenPolicy2(lsa_b, tctx, &handle), "OpenPolicy failed");
1584 r_secret.in.name.string = "G$BCKUPKEY_P";
1586 r_secret.in.handle = handle;
1587 r_secret.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1588 r_secret.out.sec_handle = &sec_handle;
1590 torture_comment(tctx, "Testing OpenSecret\n");
1592 torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenSecret_r(lsa_b, tctx, &r_secret),
1593 "OpenSecret failed");
1594 torture_assert_ntstatus_ok(tctx, r_secret.out.result,
1595 "OpenSecret failed");
1597 r_query_secret.in.sec_handle = &sec_handle;
1598 r_query_secret.in.new_val = &bufp1;
1601 torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QuerySecret_r(lsa_b, tctx, &r_query_secret),
1602 "QuerySecret failed");
1603 torture_assert_ntstatus_ok(tctx, r_query_secret.out.result,
1604 "QuerySecret failed");
1607 preferred_key.data = r_query_secret.out.new_val->buf->data;
1608 preferred_key.length = r_query_secret.out.new_val->buf->size;
1609 torture_assert_ntstatus_ok(tctx, dcerpc_fetch_session_key(lsa_p, &session_key),
1610 "dcerpc_fetch_session_key failed");
1612 torture_assert_ntstatus_ok(tctx,
1613 sess_decrypt_blob(tctx,
1614 &preferred_key, &session_key, &preferred_key_clear),
1615 "sess_decrypt_blob failed");
1617 torture_assert_ntstatus_ok(tctx, GUID_from_ndr_blob(&preferred_key_clear, &preferred_key_guid),
1618 "GUID parse failed");
1620 torture_assert_guid_equal(tctx, server_side_wrapped->guid,
1622 "GUID didn't match value pointed at by G$BCKUPKEY_P");
1624 /* And read BCKUPKEY_<guid> and get the actual key */
1626 key_guid_string = GUID_string(tctx, &server_side_wrapped->guid);
1627 r_secret.in.name.string = talloc_asprintf(tctx, "G$BCKUPKEY_%s", key_guid_string);
1629 r_secret.in.handle = handle;
1630 r_secret.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1631 r_secret.out.sec_handle = &sec_handle;
1633 torture_comment(tctx, "Testing OpenSecret\n");
1635 torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenSecret_r(lsa_b, tctx, &r_secret),
1636 "OpenSecret failed");
1637 torture_assert_ntstatus_ok(tctx, r_secret.out.result,
1638 "OpenSecret failed");
1640 r_query_secret.in.sec_handle = &sec_handle;
1641 r_query_secret.in.new_val = &bufp1;
1643 torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QuerySecret_r(lsa_b, tctx, &r_query_secret),
1644 "QuerySecret failed");
1645 torture_assert_ntstatus_ok(tctx, r_query_secret.out.result,
1646 "QuerySecret failed");
1649 decrypt_key.data = r_query_secret.out.new_val->buf->data;
1650 decrypt_key.length = r_query_secret.out.new_val->buf->size;
1652 torture_assert_ntstatus_ok(tctx,
1653 sess_decrypt_blob(tctx,
1654 &decrypt_key, &session_key, &decrypt_key_clear),
1655 "sess_decrypt_blob failed");
1657 torture_assert_ndr_err_equal(tctx, ndr_pull_struct_blob(&decrypt_key_clear, tctx, &server_key,
1658 (ndr_pull_flags_fn_t)ndr_pull_bkrp_dc_serverwrap_key),
1659 NDR_ERR_SUCCESS, "Failed to parse server_key");
1661 torture_assert_int_equal(tctx, server_key.magic, 1, "Failed to correctly decrypt server key");
1664 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
1665 * BACKUPKEY_BACKUP_GUID, it really is the whole key
1667 HMAC(EVP_sha1(), server_key.key, sizeof(server_key.key),
1668 server_side_wrapped->r2, sizeof(server_side_wrapped->r2),
1671 /* rc4 decrypt sid and secret using sym key */
1672 symkey_blob = data_blob_const(symkey, sizeof(symkey));
1674 encrypted_blob = data_blob_talloc(tctx, server_side_wrapped->rc4encryptedpayload,
1675 server_side_wrapped->ciphertext_length);
1677 arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob);
1679 torture_assert_ndr_err_equal(tctx, ndr_pull_struct_blob(&encrypted_blob, tctx, &rc4payload,
1680 (ndr_pull_flags_fn_t)ndr_pull_bkrp_rc4encryptedpayload),
1681 NDR_ERR_SUCCESS, "Failed to parse rc4encryptedpayload");
1683 torture_assert_int_equal(tctx, rc4payload.secret_data.length,
1684 server_side_wrapped->payload_length,
1685 "length of decrypted payload not the length declared in surrounding structure");
1688 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
1689 * BACKUPKEY_BACKUP_GUID, it really is the whole key
1691 HMAC(EVP_sha1(), server_key.key, sizeof(server_key.key),
1692 rc4payload.r3, sizeof(rc4payload.r3),
1695 torture_assert_ndr_err_equal(tctx, ndr_push_struct_blob(&sid_blob, tctx, &rc4payload.sid,
1696 (ndr_push_flags_fn_t)ndr_push_dom_sid),
1697 NDR_ERR_SUCCESS, "unable to push SID");
1699 HMAC_CTX_init(&ctx);
1700 HMAC_Init_ex(&ctx, mackey, hash_len, EVP_sha1(), NULL);
1702 HMAC_Update(&ctx, sid_blob.data, sid_blob.length);
1704 HMAC_Update(&ctx, rc4payload.secret_data.data, rc4payload.secret_data.length);
1705 HMAC_Final(&ctx, mac, &hash_len);
1706 HMAC_CTX_cleanup(&ctx);
1708 torture_assert_mem_equal(tctx, mac, rc4payload.mac, sizeof(mac), "mac not correct");
1709 torture_assert_int_equal(tctx, rc4payload.secret_data.length,
1710 plaintext.length, "decrypted data is not correct length");
1711 torture_assert_mem_equal(tctx, rc4payload.secret_data.data,
1712 plaintext.data, plaintext.length,
1713 "decrypted data is not correct");
1715 /* Not strictly correct all the time, but good enough for this test */
1716 caller_sid = get_user_sid(tctx, tctx, cli_credentials_get_username(cmdline_credentials));
1718 torture_assert_sid_equal(tctx, &rc4payload.sid, caller_sid, "Secret saved with wrong SID");
1723 if (wrong == WRONG_SID) {
1724 rc4payload.sid.sub_auths[rc4payload.sid.num_auths - 1] = DOMAIN_RID_KRBTGT;
1727 dump_data_pw("mackey: \n", mackey, sizeof(mackey));
1729 torture_assert_ndr_err_equal(tctx,
1730 ndr_push_struct_blob(&sid_blob, tctx, &rc4payload.sid,
1731 (ndr_push_flags_fn_t)ndr_push_dom_sid),
1733 "push of sid failed");
1735 HMAC_CTX_init(&ctx);
1736 HMAC_Init_ex(&ctx, mackey, 20, EVP_sha1(), NULL);
1738 HMAC_Update(&ctx, sid_blob.data, sid_blob.length);
1740 HMAC_Update(&ctx, rc4payload.secret_data.data, rc4payload.secret_data.length);
1741 HMAC_Final(&ctx, rc4payload.mac, &hash_len);
1742 HMAC_CTX_cleanup(&ctx);
1744 dump_data_pw("rc4payload.mac: \n", rc4payload.mac, sizeof(rc4payload.mac));
1746 torture_assert_ndr_err_equal(tctx,
1747 ndr_push_struct_blob(&encrypted_blob, tctx, &rc4payload,
1748 (ndr_push_flags_fn_t)ndr_push_bkrp_rc4encryptedpayload),
1750 "push of rc4payload failed");
1752 if (wrong == WRONG_KEY) {
1753 symkey_blob.data[0] = 78;
1754 symkey_blob.data[1] = 78;
1755 symkey_blob.data[2] = 78;
1758 /* rc4 encrypt sid and secret using sym key */
1759 arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob);
1761 /* re-create server wrap structure */
1763 torture_assert_int_equal(tctx, encrypted_blob.length,
1764 server_side_wrapped->ciphertext_length,
1765 "expected encrypted length not to change");
1766 if (wrong == RIGHT_KEY) {
1767 torture_assert_mem_equal(tctx, server_side_wrapped->rc4encryptedpayload,
1768 encrypted_blob.data,
1769 encrypted_blob.length,
1770 "expected encrypted data not to change");
1773 server_side_wrapped->payload_length = rc4payload.secret_data.length;
1774 server_side_wrapped->ciphertext_length = encrypted_blob.length;
1775 server_side_wrapped->rc4encryptedpayload = encrypted_blob.data;
1781 static bool test_ServerWrap_decrypt_wrong_stuff(struct torture_context *tctx,
1782 struct dcerpc_pipe *p,
1783 enum test_wrong wrong)
1785 struct bkrp_BackupKey r;
1787 DATA_BLOB plaintext = data_blob_const(secret, sizeof(secret));
1788 DATA_BLOB encrypted;
1790 DATA_BLOB decrypted;
1792 struct dcerpc_binding_handle *b = p->binding_handle;
1793 enum ndr_err_code ndr_err;
1794 struct bkrp_server_side_wrapped server_side_wrapped;
1795 bool repush = false;
1796 enum dcerpc_AuthType auth_type;
1797 enum dcerpc_AuthLevel auth_level;
1800 dcerpc_binding_handle_auth_info(b, &auth_type, &auth_level);
1803 torture_assert_ntstatus_ok(tctx,
1804 GUID_from_string(BACKUPKEY_BACKUP_GUID, &guid),
1807 r.in.guidActionAgent = &guid;
1808 r.in.data_in = plaintext.data;
1809 r.in.data_in_len = plaintext.length;
1811 r.out.data_out = &encrypted.data;
1812 r.out.data_out_len = &enclen;
1813 if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
1814 torture_assert_ntstatus_ok(tctx,
1815 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1818 torture_assert_ntstatus_equal(tctx,
1819 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1820 NT_STATUS_ACCESS_DENIED,
1824 torture_assert_werr_ok(tctx,
1827 encrypted.length = *r.out.data_out_len;
1829 ndr_err = ndr_pull_struct_blob(&encrypted, tctx, &server_side_wrapped,
1830 (ndr_pull_flags_fn_t)ndr_pull_bkrp_server_side_wrapped);
1831 torture_assert_ndr_err_equal(tctx, ndr_err, NDR_ERR_SUCCESS, "pull of server_side_wrapped");
1833 torture_assert_int_equal(tctx, server_side_wrapped.payload_length, plaintext.length,
1834 "wrong payload length");
1838 /* Change the magic. Forced by our NDR layer, so do it raw */
1839 SIVAL(encrypted.data, 0, 78); /* valid values are 1-3 */
1842 server_side_wrapped.r2[0] = 78;
1843 server_side_wrapped.r2[1] = 78;
1844 server_side_wrapped.r2[3] = 78;
1847 case WRONG_PAYLOAD_LENGTH:
1848 server_side_wrapped.payload_length = UINT32_MAX - 8;
1851 case WRONG_CIPHERTEXT_LENGTH:
1853 * Change the ciphertext len. We can't push this if
1854 * we have it wrong, so do it raw
1856 SIVAL(encrypted.data, 8, UINT32_MAX - 8); /* valid values are 1-3 */
1858 case SHORT_PAYLOAD_LENGTH:
1859 server_side_wrapped.payload_length = server_side_wrapped.payload_length - 8;
1862 case SHORT_CIPHERTEXT_LENGTH:
1864 * Change the ciphertext len. We can't push this if
1865 * we have it wrong, so do it raw
1867 SIVAL(encrypted.data, 8, server_side_wrapped.ciphertext_length - 8); /* valid values are 1-3 */
1869 case ZERO_PAYLOAD_LENGTH:
1870 server_side_wrapped.payload_length = 0;
1873 case ZERO_CIPHERTEXT_LENGTH:
1875 * Change the ciphertext len. We can't push this if
1876 * we have it wrong, so do it raw
1878 SIVAL(encrypted.data, 8, 0); /* valid values are 1-3 */
1884 torture_assert(tctx,
1885 test_ServerWrap_encrypt_decrypt_manual(tctx, &server_side_wrapped, wrong),
1886 "test_ServerWrap_encrypt_decrypt_manual failed");
1892 ndr_err = ndr_push_struct_blob(&encrypted, tctx, &server_side_wrapped,
1893 (ndr_push_flags_fn_t)ndr_push_bkrp_server_side_wrapped);
1894 torture_assert_ndr_err_equal(tctx, ndr_err, NDR_ERR_SUCCESS, "push of server_side_wrapped");
1898 torture_assert_ntstatus_ok(tctx,
1899 GUID_from_string(BACKUPKEY_RESTORE_GUID, &guid),
1902 r.in.guidActionAgent = &guid;
1903 r.in.data_in = encrypted.data;
1904 r.in.data_in_len = encrypted.length;
1906 r.out.data_out = &(decrypted.data);
1907 r.out.data_out_len = &declen;
1908 torture_assert_ntstatus_ok(tctx,
1909 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1912 if ((wrong == WRONG_R2 || wrong == WRONG_KEY)
1913 && W_ERROR_EQUAL(r.out.result, WERR_INVALID_SID)) {
1914 torture_assert_werr_equal(tctx,
1917 "decrypt should fail with WERR_INVALID_SID or WERR_INVALID_PARAM");
1918 } else if (wrong == RIGHT_KEY) {
1919 torture_assert_werr_equal(tctx,
1922 "decrypt should succeed!");
1923 } else if (wrong == WRONG_SID) {
1924 torture_assert_werr_equal(tctx,
1926 WERR_INVALID_ACCESS,
1927 "decrypt should fail with WERR_INVALID_ACCESS");
1929 torture_assert_werr_equal(tctx,
1932 "decrypt should fail with WERR_INVALID_PARAM");
1936 torture_assert_ntstatus_ok(tctx,
1937 GUID_from_string(BACKUPKEY_RESTORE_GUID_WIN2K, &guid),
1940 r.in.guidActionAgent = &guid;
1941 r.in.data_in = encrypted.data;
1942 r.in.data_in_len = encrypted.length;
1944 r.out.data_out = &(decrypted.data);
1945 r.out.data_out_len = &declen;
1946 torture_assert_ntstatus_ok(tctx,
1947 dcerpc_bkrp_BackupKey_r(b, tctx, &r),
1950 if ((wrong == WRONG_R2 || wrong == WRONG_KEY)
1951 && W_ERROR_EQUAL(r.out.result, WERR_INVALID_SID)) {
1952 torture_assert_werr_equal(tctx,
1955 "decrypt should fail with WERR_INVALID_SID or WERR_INVALID_PARAM");
1956 } else if (wrong == RIGHT_KEY) {
1957 torture_assert_werr_equal(tctx,
1960 "decrypt should succeed!");
1961 } else if (wrong == WRONG_SID) {
1962 torture_assert_werr_equal(tctx,
1964 WERR_INVALID_ACCESS,
1965 "decrypt should fail with WERR_INVALID_ACCESS");
1967 torture_assert_werr_equal(tctx,
1970 "decrypt should fail with WERR_INVALID_PARAM");
1976 static bool test_ServerWrap_decrypt_wrong_magic(struct torture_context *tctx,
1977 struct dcerpc_pipe *p)
1979 return test_ServerWrap_decrypt_wrong_stuff(tctx, p, WRONG_MAGIC);
1982 static bool test_ServerWrap_decrypt_wrong_r2(struct torture_context *tctx,
1983 struct dcerpc_pipe *p)
1985 return test_ServerWrap_decrypt_wrong_stuff(tctx, p, WRONG_R2);
1988 static bool test_ServerWrap_decrypt_wrong_payload_length(struct torture_context *tctx,
1989 struct dcerpc_pipe *p)
1991 return test_ServerWrap_decrypt_wrong_stuff(tctx, p, WRONG_PAYLOAD_LENGTH);
1994 static bool test_ServerWrap_decrypt_short_payload_length(struct torture_context *tctx,
1995 struct dcerpc_pipe *p)
1997 return test_ServerWrap_decrypt_wrong_stuff(tctx, p, SHORT_PAYLOAD_LENGTH);
2000 static bool test_ServerWrap_decrypt_zero_payload_length(struct torture_context *tctx,
2001 struct dcerpc_pipe *p)
2003 return test_ServerWrap_decrypt_wrong_stuff(tctx, p, ZERO_PAYLOAD_LENGTH);
2006 static bool test_ServerWrap_decrypt_wrong_ciphertext_length(struct torture_context *tctx,
2007 struct dcerpc_pipe *p)
2009 return test_ServerWrap_decrypt_wrong_stuff(tctx, p, WRONG_CIPHERTEXT_LENGTH);
2012 static bool test_ServerWrap_decrypt_short_ciphertext_length(struct torture_context *tctx,
2013 struct dcerpc_pipe *p)
2015 return test_ServerWrap_decrypt_wrong_stuff(tctx, p, SHORT_CIPHERTEXT_LENGTH);
2018 static bool test_ServerWrap_decrypt_zero_ciphertext_length(struct torture_context *tctx,
2019 struct dcerpc_pipe *p)
2021 return test_ServerWrap_decrypt_wrong_stuff(tctx, p, ZERO_CIPHERTEXT_LENGTH);
2024 static bool test_ServerWrap_encrypt_decrypt_remote_key(struct torture_context *tctx,
2025 struct dcerpc_pipe *p)
2027 return test_ServerWrap_decrypt_wrong_stuff(tctx, p, RIGHT_KEY);
2030 static bool test_ServerWrap_encrypt_decrypt_wrong_key(struct torture_context *tctx,
2031 struct dcerpc_pipe *p)
2033 return test_ServerWrap_decrypt_wrong_stuff(tctx, p, WRONG_KEY);
2036 static bool test_ServerWrap_encrypt_decrypt_wrong_sid(struct torture_context *tctx,
2037 struct dcerpc_pipe *p)
2039 return test_ServerWrap_decrypt_wrong_stuff(tctx, p, WRONG_SID);
2042 struct torture_suite *torture_rpc_backupkey(TALLOC_CTX *mem_ctx)
2044 struct torture_suite *suite = torture_suite_create(mem_ctx, "backupkey");
2046 struct torture_rpc_tcase *tcase;
2048 tcase = torture_suite_add_rpc_iface_tcase(suite, "backupkey",
2049 &ndr_table_backupkey);
2051 torture_rpc_tcase_add_test(tcase, "retreive_backup_key_guid",
2052 test_RetrieveBackupKeyGUID);
2054 torture_rpc_tcase_add_test(tcase, "restore_guid",
2057 torture_rpc_tcase_add_test(tcase, "restore_guid version 3",
2058 test_RestoreGUID_v3);
2060 /* We double the test in order to be sure that we don't mess stuff (ie. freeing static stuff) */
2062 torture_rpc_tcase_add_test(tcase, "restore_guid_2nd",
2065 torture_rpc_tcase_add_test(tcase, "unable_to_decrypt_secret",
2066 test_RestoreGUID_ko);
2068 torture_rpc_tcase_add_test(tcase, "wrong_user_restore_guid",
2069 test_RestoreGUID_wronguser);
2071 torture_rpc_tcase_add_test(tcase, "wrong_version_restore_guid",
2072 test_RestoreGUID_wrongversion);
2074 torture_rpc_tcase_add_test(tcase, "bad_magic_on_secret_restore_guid",
2075 test_RestoreGUID_badmagiconsecret);
2077 torture_rpc_tcase_add_test(tcase, "bad_hash_on_secret_restore_guid",
2078 test_RestoreGUID_badhashaccesscheck);
2080 torture_rpc_tcase_add_test(tcase, "bad_magic_on_accesscheck_restore_guid",
2081 test_RestoreGUID_badmagicaccesscheck);
2083 torture_rpc_tcase_add_test(tcase, "bad_cert_guid_restore_guid",
2084 test_RestoreGUID_badcertguid);
2086 torture_rpc_tcase_add_test(tcase, "empty_request_restore_guid",
2087 test_RestoreGUID_emptyrequest);
2089 torture_rpc_tcase_add_test(tcase, "retreive_backup_key_guid_2048_bits",
2090 test_RetrieveBackupKeyGUID_2048bits);
2092 torture_rpc_tcase_add_test(tcase, "server_wrap_encrypt_decrypt",
2093 test_ServerWrap_encrypt_decrypt);
2095 torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_wrong_keyGUID",
2096 test_ServerWrap_decrypt_wrong_keyGUID);
2098 torture_rpc_tcase_add_test(tcase, "server_wrap_empty_request",
2099 test_ServerWrap_decrypt_empty_request);
2101 torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_short_request",
2102 test_ServerWrap_decrypt_short_request);
2104 torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_wrong_magic",
2105 test_ServerWrap_decrypt_wrong_magic);
2107 torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_wrong_r2",
2108 test_ServerWrap_decrypt_wrong_r2);
2110 torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_wrong_payload_length",
2111 test_ServerWrap_decrypt_wrong_payload_length);
2113 torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_short_payload_length",
2114 test_ServerWrap_decrypt_short_payload_length);
2116 torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_zero_payload_length",
2117 test_ServerWrap_decrypt_zero_payload_length);
2119 torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_wrong_ciphertext_length",
2120 test_ServerWrap_decrypt_wrong_ciphertext_length);
2122 torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_short_ciphertext_length",
2123 test_ServerWrap_decrypt_short_ciphertext_length);
2125 torture_rpc_tcase_add_test(tcase, "server_wrap_decrypt_zero_ciphertext_length",
2126 test_ServerWrap_decrypt_zero_ciphertext_length);
2128 torture_rpc_tcase_add_test(tcase, "server_wrap_encrypt_decrypt_remote_key",
2129 test_ServerWrap_encrypt_decrypt_remote_key);
2131 torture_rpc_tcase_add_test(tcase, "server_wrap_encrypt_decrypt_wrong_key",
2132 test_ServerWrap_encrypt_decrypt_wrong_key);
2134 torture_rpc_tcase_add_test(tcase, "server_wrap_encrypt_decrypt_wrong_sid",
2135 test_ServerWrap_encrypt_decrypt_wrong_sid);