Marek Chmiel : dssenh/tests: Key length tests for the DSSENH cryptographic service provider.

14 Aug 2012

Module: wine
Branch: master
Commit: 01e937d49a1d0d4aedfeb308951bfa48b29b0ff9
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=01e937d49a1d0d4aedfeb30895...
Author: Marek Chmiel kcmark@gmail.com
Date:   Thu Jun 28 21:31:37 2012 -0500
dssenh/tests: Key length tests for the DSSENH cryptographic service provider.
---
dlls/dssenh/tests/dssenh.c |  218 ++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 218 insertions(+), 0 deletions(-)

diff --git a/dlls/dssenh/tests/dssenh.c b/dlls/dssenh/tests/dssenh.c
index 332b865..0c37c91 100644
--- a/dlls/dssenh/tests/dssenh.c
+++ b/dlls/dssenh/tests/dssenh.c
@@ -179,7 +179,225 @@ static void test_acquire_context(void)
         "Expected NTE_EXISTS, got %08x\n", GetLastError());
 }
+struct keylength_test {
+    ALG_ID algid;
+    DWORD flags;
+    BOOL expectedResult;
+    DWORD expectedError;
+    BOOL brokenResult;
+    DWORD brokenError;
+};
+
+static const struct keylength_test baseDSS_keylength[] = {
+    /* AT_KEYEXCHANGE is not supported by the base DSS provider */
+    {AT_KEYEXCHANGE, 448 << 16, FALSE, NTE_BAD_ALGID, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {AT_KEYEXCHANGE, 512 << 16, FALSE, NTE_BAD_ALGID, TRUE}, /* success on WinNT4 */
+    {AT_KEYEXCHANGE, 1024 << 16, FALSE, NTE_BAD_ALGID, TRUE}, /* success on WinNT4 */
+    {AT_KEYEXCHANGE, 1088 << 16, FALSE, NTE_BAD_ALGID, FALSE, NTE_BAD_FLAGS},/* WinNT4 and Win2k */
+    /* min 512 max 1024 increment by 64 */
+    {AT_SIGNATURE, 448 << 16, FALSE, NTE_BAD_FLAGS},
+    {AT_SIGNATURE, 512 << 16, TRUE},
+    {AT_SIGNATURE, 513 << 16, FALSE, NTE_FAIL, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {AT_SIGNATURE, 768 << 16, TRUE},
+    {AT_SIGNATURE, 1024 << 16, TRUE},
+    {AT_SIGNATURE, 1088 << 16, FALSE, NTE_BAD_FLAGS},
+    /* CALG_DH_EPHEM is not supported by the base DSS provider */
+    {CALG_DH_EPHEM, 448 << 16, FALSE, NTE_BAD_ALGID, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {CALG_DH_EPHEM, 512 << 16, FALSE, NTE_BAD_ALGID, TRUE}, /* success on WinNT4 */
+    {CALG_DH_EPHEM, 1024 << 16, FALSE, NTE_BAD_ALGID, TRUE}, /* success on WinNT4 */
+    {CALG_DH_EPHEM, 1088 << 16, FALSE, NTE_BAD_ALGID, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    /* CALG_DH_SF is not supported by the base DSS provider */
+    {CALG_DH_SF, 448 << 16, FALSE, NTE_BAD_ALGID, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {CALG_DH_SF, 512 << 16, FALSE, NTE_BAD_ALGID, TRUE}, /* success on WinNT4 */
+    {CALG_DH_SF, 1024 << 16, FALSE, NTE_BAD_ALGID, TRUE}, /* success on WinNT4 */
+    {CALG_DH_SF, 1088 << 16, FALSE, NTE_BAD_ALGID, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    /* min 512 max 1024, increment by 64 */
+    {CALG_DSS_SIGN, 448 << 16, FALSE, NTE_BAD_FLAGS},
+    {CALG_DSS_SIGN, 512 << 16, TRUE},
+    {CALG_DSS_SIGN, 513 << 16, FALSE, NTE_FAIL, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {CALG_DSS_SIGN, 768 << 16, TRUE},
+    {CALG_DSS_SIGN, 1024 << 16, TRUE},
+    {CALG_DSS_SIGN, 1088 << 16, FALSE, NTE_BAD_FLAGS}
+};
+
+static const struct keylength_test dssDH_keylength[] = {
+    /* min 512 max 1024, increment by 64 */
+    {AT_KEYEXCHANGE, 448 << 16, FALSE, NTE_BAD_FLAGS},
+    {AT_KEYEXCHANGE, 512 << 16, TRUE},
+    {AT_KEYEXCHANGE, 513 << 16, FALSE,  NTE_FAIL, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {AT_KEYEXCHANGE, 768 << 16, TRUE},
+    {AT_KEYEXCHANGE, 1024 << 16, TRUE},
+    {AT_KEYEXCHANGE, 1088 << 16, FALSE, NTE_BAD_FLAGS},
+    {AT_SIGNATURE, 448 << 16, FALSE, NTE_BAD_FLAGS},
+    {AT_SIGNATURE, 512 << 16, TRUE},
+    {AT_SIGNATURE, 513 << 16, FALSE,  NTE_FAIL, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {AT_SIGNATURE, 768 << 16, TRUE},
+    {AT_SIGNATURE, 1024 << 16, TRUE},
+    {AT_SIGNATURE, 1088 << 16, FALSE, NTE_BAD_FLAGS},
+    {CALG_DH_EPHEM, 448 << 16, FALSE, NTE_BAD_FLAGS},
+    {CALG_DH_EPHEM, 512 << 16, TRUE},
+    {CALG_DH_EPHEM, 513 << 16, FALSE,  NTE_FAIL, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {CALG_DH_EPHEM, 768 << 16, TRUE},
+    {CALG_DH_EPHEM, 1024 << 16, TRUE},
+    {CALG_DH_EPHEM, 1088 << 16, FALSE, NTE_BAD_FLAGS},
+    {CALG_DH_SF, 448 << 16, FALSE, NTE_BAD_FLAGS},
+    {CALG_DH_SF, 512 << 16, TRUE},
+    {CALG_DH_SF, 513 << 16, FALSE,  NTE_FAIL, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {CALG_DH_SF, 768 << 16, TRUE},
+    {CALG_DH_SF, 1024 << 16, TRUE},
+    {CALG_DH_SF, 1088 << 16, FALSE, NTE_BAD_FLAGS},
+    {CALG_DSS_SIGN, 448 << 16, FALSE, NTE_BAD_FLAGS},
+    {CALG_DSS_SIGN, 512 << 16, TRUE},
+    {CALG_DSS_SIGN, 513 << 16, FALSE,  NTE_FAIL, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {CALG_DSS_SIGN, 768 << 16, TRUE},
+    {CALG_DSS_SIGN, 1024 << 16, TRUE},
+    {CALG_DSS_SIGN, 1088 << 16, FALSE, NTE_BAD_FLAGS}
+};
+
+static const struct keylength_test dssENH_keylength[] = {
+    /* min 512 max 1024 (AT_KEYEXCHANGE max 4096), increment by 64*/
+    {AT_KEYEXCHANGE, 448 << 16, FALSE, NTE_BAD_FLAGS},
+    {AT_KEYEXCHANGE, 512 << 16, TRUE},
+    {AT_KEYEXCHANGE, 513 << 16, FALSE,  NTE_FAIL, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {AT_KEYEXCHANGE, 768 << 16, TRUE},
+    {AT_KEYEXCHANGE, 1024 << 16, TRUE},
+    {AT_KEYEXCHANGE, 1088 << 16, TRUE},
+    {AT_KEYEXCHANGE, 2048 << 16, TRUE},
+    /* Keylength too large - test bot timeout.
+    {AT_KEYEXCHANGE, 3072 << 16, TRUE},
+    {AT_KEYEXCHANGE, 4096 << 16, TRUE}, */
+    {AT_KEYEXCHANGE, 4160 << 16, FALSE, NTE_BAD_FLAGS},
+    {AT_SIGNATURE, 448 << 16, FALSE, NTE_BAD_FLAGS},
+    {AT_SIGNATURE, 512 << 16, TRUE},
+    {AT_SIGNATURE, 513 << 16, FALSE,  NTE_FAIL, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {AT_SIGNATURE, 768 << 16, TRUE},
+    {AT_SIGNATURE, 1024 << 16, TRUE},
+    {AT_SIGNATURE, 1032 << 16, FALSE, NTE_BAD_FLAGS},
+    {CALG_DH_EPHEM, 448 << 16, FALSE, NTE_BAD_FLAGS},
+    {CALG_DH_EPHEM, 512 << 16, TRUE},
+    {CALG_DH_EPHEM, 513 << 16, FALSE,  NTE_FAIL, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {CALG_DH_EPHEM, 768 << 16, TRUE},
+    {CALG_DH_EPHEM, 1024 << 16, TRUE},
+    {CALG_DH_EPHEM, 1040 << 16, FALSE, NTE_BAD_FLAGS},
+    {CALG_DH_SF, 448 << 16, FALSE, NTE_BAD_FLAGS},
+    {CALG_DH_SF, 512 << 16, TRUE},
+    {CALG_DH_SF, 513 << 16, FALSE,  NTE_FAIL, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {CALG_DH_SF, 768 << 16, TRUE},
+    {CALG_DH_SF, 1024 << 16, TRUE},
+    {CALG_DH_SF, 1032 << 16, FALSE, NTE_BAD_FLAGS},
+    {CALG_DSS_SIGN, 448 << 16, FALSE, NTE_BAD_FLAGS},
+    {CALG_DSS_SIGN, 512 << 16, TRUE},
+    {CALG_DSS_SIGN, 513 << 16, FALSE,  NTE_FAIL, FALSE, NTE_BAD_FLAGS}, /* WinNT4 and Win2k */
+    {CALG_DSS_SIGN, 768 << 16, TRUE},
+    {CALG_DSS_SIGN, 1024 << 16, TRUE},
+    {CALG_DSS_SIGN, 1088 << 16, FALSE, NTE_BAD_FLAGS}
+};
+
+static void test_keylength_array(HCRYPTPROV hProv,const struct keylength_test *tests, int testLen)
+{
+    HCRYPTKEY key;
+    BOOL result;
+    int i;
+
+    for (i = 0; i < testLen; i++)
+    {
+        SetLastError(0xdeadbeef);
+        result = CryptGenKey(hProv, tests[i].algid, tests[i].flags, &key);
+
+        /* success */
+        if(tests[i].expectedResult)
+        {
+            ok(result, "Expected a key, got %08x\n", GetLastError());
+            result = CryptDestroyKey(key);
+            ok(result, "Expected no errors.\n");
+        }
+        else
+        {   /* error but success on older system */
+            if(tests[i].brokenResult)
+                ok((!result && GetLastError() == tests[i].expectedError) ||
+                    broken(result), "Expected a key, got %x.\n", GetLastError());
+            else
+            {
+                /* error */
+                if(!tests[i].brokenError)
+                    ok(!result && GetLastError() == tests[i].expectedError,
+                        "Expected a key, got %x.\n", GetLastError());
+
+                /* error but different error on older system */
+                else
+                    ok(!result && (GetLastError() == tests[i].expectedError ||
+                        broken(GetLastError() == tests[i].brokenError)),
+                        "Expected a key, got %x.\n", GetLastError());
+            }
+        }
+    }
+}
+
+#define TESTLEN(x) (sizeof(x) / sizeof((x)[0]))
+
+static void test_keylength(void)
+{
+    HCRYPTPROV hProv = 0;
+    BOOL result;
+
+    /* acquire base dss provider */
+    result = CryptAcquireContextA(
+        &hProv, NULL, MS_DEF_DSS_PROV_A, PROV_DSS, CRYPT_VERIFYCONTEXT);
+    if(!result)
+    {
+        skip("DSSENH is currently not available, skipping key length tests.\n");
+        return;
+    }
+    ok(result, "Expected no errors.\n");
+
+    /* perform keylength tests */
+    test_keylength_array(hProv, baseDSS_keylength, TESTLEN(baseDSS_keylength));
+
+    result = CryptReleaseContext(hProv, 0);
+    ok(result, "Expected release of CSP provider.\n");
+
+    /* acquire diffie hellman dss provider */
+    result = CryptAcquireContextA(
+        &hProv, NULL, MS_DEF_DSS_DH_PROV, PROV_DSS_DH, CRYPT_VERIFYCONTEXT);
+    ok(result, "Expected no errors.\n");
+
+    /* perform keylength tests */
+    test_keylength_array(hProv, dssDH_keylength, TESTLEN(dssDH_keylength));
+
+    result = CryptReleaseContext(hProv, 0);
+    ok(result, "Expected release of CSP provider.\n");
+
+    /* acquire enhanced dss provider */
+    SetLastError(0xdeadbeef);
+    result = CryptAcquireContextA(
+        &hProv, NULL, MS_ENH_DSS_DH_PROV, PROV_DSS_DH, CRYPT_VERIFYCONTEXT);
+    if(!result && GetLastError() == NTE_KEYSET_NOT_DEF)
+    {
+        win_skip("DSSENH and Schannel provider is broken on WinNT4\n");
+        return;
+    }
+    ok(result, "Expected no errors.\n");
+
+    /* perform keylength tests */
+    test_keylength_array(hProv, dssENH_keylength, TESTLEN(dssENH_keylength));
+
+    result = CryptReleaseContext(hProv, 0);
+    ok(result, "Expected release of CSP provider.\n");
+
+    /* acquire schannel dss provider */
+    result = CryptAcquireContextA(
+        &hProv, NULL, MS_DEF_DH_SCHANNEL_PROV, PROV_DH_SCHANNEL, CRYPT_VERIFYCONTEXT);
+    ok(result, "Expected no errors.\n");
+
+    /* perform keylength tests */
+    test_keylength_array(hProv, dssENH_keylength, TESTLEN(dssENH_keylength));
+
+    result = CryptReleaseContext(hProv, 0);
+    ok(result, "Expected release of CSP provider.\n");
+}
+
 START_TEST(dssenh)
 {
     test_acquire_context();
+    test_keylength();
 }

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Marek Chmiel : dssenh/tests: Key length tests for the DSSENH cryptographic service provider.