iPXE
Data Structures | Defines | Functions | Variables
ntlm_test.c File Reference

NTLM authentication self-tests. More...

#include <stdlib.h>
#include <string.h>
#include <byteswap.h>
#include <ipxe/ntlm.h>
#include <ipxe/test.h>

Go to the source code of this file.

Data Structures

struct  ntlm_key_test
 A key generation test. More...
struct  ntlm_authenticate_test
 An authentication test. More...

Defines

#define DATA(...)   { __VA_ARGS__ }
 Define inline message data.
#define KEY_TEST(name, DOMAIN, USERNAME, PASSWORD, EXPECTED)
 Define a key generation digest test.
#define AUTHENTICATE_TEST(name, DOMAIN, USERNAME, PASSWORD,WORKSTATION, NONCE, CHALLENGE, EXPECTED)
 Define an authentication test.
#define ntlm_key_ok(test)   ntlm_key_okx ( test, __FILE__, __LINE__ )
#define ntlm_data_ok(msg, msg_len, data, expected, expected_data)
#define ntlm_authenticate_ok(test)   ntlm_authenticate_okx ( test, __FILE__, __LINE__ )

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 KEY_TEST (msnlmp_ntowfv2,"Domain","User","Password", DATA(0x0c, 0x86, 0x8a, 0x40, 0x3b, 0xfd, 0x7a, 0x93, 0xa3, 0x00, 0x1e, 0xf2, 0x2e, 0xf0, 0x2e, 0x3f))
 NTOWFv2() test from MS-NLMP specification.
 AUTHENTICATE_TEST (msnlmp_authenticate,"Domain","User","Password","COMPUTER", DATA(0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa), DATA(0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0x38, 0x00, 0x00, 0x00, 0x33, 0x82, 0x8a, 0xe2, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x24, 0x00, 0x44, 0x00, 0x00, 0x00, 0x06, 0x00, 0x70, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00), DATA(0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x6c, 0x00, 0x00, 0x00, 0x54, 0x00, 0x54, 0x00, 0x84, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0x48, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x54, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x5c, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0xd8, 0x00, 0x00, 0x00, 0x35, 0x82, 0x88, 0xe2, 0x05, 0x01, 0x28, 0x0a, 0x00, 0x00, 0x00, 0x0f, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x50, 0x00, 0x55, 0x00, 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x86, 0xc3, 0x50, 0x97, 0xac, 0x9c, 0xec, 0x10, 0x25, 0x54, 0x76, 0x4a, 0x57, 0xcc, 0xcc, 0x19, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x68, 0xcd, 0x0a, 0xb8, 0x51, 0xe5, 0x1c, 0x96, 0xaa, 0xbc, 0x92, 0x7b, 0xeb, 0xef, 0x6a, 0x1c, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xda, 0xd2, 0x54, 0x4f, 0xc9, 0x79, 0x90, 0x94, 0xce, 0x1c, 0xe9, 0x0b, 0xc9, 0xd0, 0x3e))
 Authentication test from MS-NLMP specification.
static void ntlm_key_okx (struct ntlm_key_test *test, const char *file, unsigned int line)
 Report key generation test result.
static void ntlm_data_okx (struct ntlm_header *msg, size_t msg_len, struct ntlm_data *data, struct ntlm_header *expected, struct ntlm_data *expected_data, const char *field, const char *file, unsigned int line)
 Report NTLM variable-length data test result.
static void ntlm_authenticate_okx (struct ntlm_authenticate_test *test, const char *file, unsigned int line)
 Report NTLM authentication test result.
static void ntlm_test_exec (void)
 Perform NTLM self-test.

Variables

struct self_test ntlm_test __self_test
 NTLM self-test.

Detailed Description

NTLM authentication self-tests.

The test vectors are taken from the MS-NLMP specification document.

Definition in file ntlm_test.c.


Define Documentation

#define DATA (   ...)    { __VA_ARGS__ }

Define inline message data.

Definition at line 78 of file ntlm_test.c.

#define KEY_TEST (   name,
  DOMAIN,
  USERNAME,
  PASSWORD,
  EXPECTED 
)
Value:
static struct ntlm_key_test name = {                            \
                .domain = DOMAIN,                                       \
                .username = USERNAME,                                   \
                .password = PASSWORD,                                   \
                .expected = {                                           \
                        .raw = EXPECTED,                                \
                },                                                      \
        };

Define a key generation digest test.

Definition at line 81 of file ntlm_test.c.

#define AUTHENTICATE_TEST (   name,
  DOMAIN,
  USERNAME,
  PASSWORD,
  WORKSTATION,
  NONCE,
  CHALLENGE,
  EXPECTED 
)
Value:
static const uint8_t name ## _challenge[] = CHALLENGE;          \
        static const uint8_t name ## _expected[] = EXPECTED;            \
        static struct ntlm_authenticate_test name = {                   \
                .domain = DOMAIN,                                       \
                .username = USERNAME,                                   \
                .password = PASSWORD,                                   \
                .workstation = WORKSTATION,                             \
                .nonce = {                                              \
                        .raw = NONCE,                                   \
                },                                                      \
                .challenge = ( ( void * ) name ## _challenge ),         \
                .challenge_len = sizeof ( name ## _challenge ),         \
                .expected = ( ( void * ) name ## _expected ),           \
                .expected_len = sizeof ( name ## _expected ),           \
        };

Define an authentication test.

Definition at line 92 of file ntlm_test.c.

#define ntlm_key_ok (   test)    ntlm_key_okx ( test, __FILE__, __LINE__ )

Definition at line 170 of file ntlm_test.c.

Referenced by ntlm_test_exec().

#define ntlm_data_ok (   msg,
  msg_len,
  data,
  expected,
  expected_data 
)
Value:
ntlm_data_okx ( msg, msg_len, data, expected, expected_data,    \
                        __FILE__, __LINE__ )

Definition at line 214 of file ntlm_test.c.

#define ntlm_authenticate_ok (   test)    ntlm_authenticate_okx ( test, __FILE__, __LINE__ )

Definition at line 292 of file ntlm_test.c.

Referenced by ntlm_test_exec().


Function Documentation

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )
KEY_TEST ( msnlmp_ntowfv2  ,
"Domain"  ,
"User"  ,
"Password"  ,
DATA(0x0c, 0x86, 0x8a, 0x40, 0x3b, 0xfd, 0x7a, 0x93, 0xa3, 0x00, 0x1e, 0xf2, 0x2e, 0xf0, 0x2e, 0x3f)   
)

NTOWFv2() test from MS-NLMP specification.

AUTHENTICATE_TEST ( msnlmp_authenticate  ,
"Domain"  ,
"User"  ,
"Password"  ,
"COMPUTER"  ,
DATA(0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa)  ,
DATA(0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0x38, 0x00, 0x00, 0x00, 0x33, 0x82, 0x8a, 0xe2, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x24, 0x00, 0x44, 0x00, 0x00, 0x00, 0x06, 0x00, 0x70, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00)  ,
DATA(0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 0x6c, 0x00, 0x00, 0x00, 0x54, 0x00, 0x54, 0x00, 0x84, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0x48, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x54, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x5c, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0xd8, 0x00, 0x00, 0x00, 0x35, 0x82, 0x88, 0xe2, 0x05, 0x01, 0x28, 0x0a, 0x00, 0x00, 0x00, 0x0f, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x55, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x50, 0x00, 0x55, 0x00, 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x86, 0xc3, 0x50, 0x97, 0xac, 0x9c, 0xec, 0x10, 0x25, 0x54, 0x76, 0x4a, 0x57, 0xcc, 0xcc, 0x19, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x68, 0xcd, 0x0a, 0xb8, 0x51, 0xe5, 0x1c, 0x96, 0xaa, 0xbc, 0x92, 0x7b, 0xeb, 0xef, 0x6a, 0x1c, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0xda, 0xd2, 0x54, 0x4f, 0xc9, 0x79, 0x90, 0x94, 0xce, 0x1c, 0xe9, 0x0b, 0xc9, 0xd0, 0x3e)   
)

Authentication test from MS-NLMP specification.

static void ntlm_key_okx ( struct ntlm_key_test test,
const char *  file,
unsigned int  line 
) [static]

Report key generation test result.

Parameters:
testKey generation test
fileTest code file
lineTest code line

Definition at line 162 of file ntlm_test.c.

References ntlm_key_test::domain, ntlm_key_test::expected, memcmp(), ntlm_key(), okx, ntlm_key_test::password, and ntlm_key_test::username.

                                                                 {
        struct ntlm_key key;

        ntlm_key ( test->domain, test->username, test->password, &key );
        okx ( memcmp ( &key, &test->expected, sizeof ( key ) ) == 0,
              file, line );
}
static void ntlm_data_okx ( struct ntlm_header msg,
size_t  msg_len,
struct ntlm_data data,
struct ntlm_header expected,
struct ntlm_data expected_data,
const char *  field,
const char *  file,
unsigned int  line 
) [static]

Report NTLM variable-length data test result.

Parameters:
msgMessage header
msg_lenLength of message
dataVariable-length data descriptor
expectedExpected message header
expected_dataExpected variable-length data descriptor
fieldField name
fileTest code file
lineTest code line

Definition at line 185 of file ntlm_test.c.

References DBGC, DBGC_HDA, le16_to_cpu, le32_to_cpu, ntlm_data::len, len, ntlm_data::max_len, memcmp(), ntlm_data::offset, offset, okx, and raw.

Referenced by ntlm_authenticate_okx().

                                                {
        size_t offset;
        size_t len;
        void *raw;
        void *expected_raw;

        /* Verify data lies within message */
        okx ( data->len == data->max_len, file, line );
        offset = le32_to_cpu ( data->offset );
        len = le16_to_cpu ( data->len );
        okx ( offset <= msg_len, file, line );
        okx ( len <= ( msg_len - offset ), file, line );

        /* Verify content matches expected content */
        raw = ( ( ( void * ) msg ) + offset );
        expected_raw = ( ( ( void * ) expected ) +
                         le32_to_cpu ( expected_data->offset ) );
        DBGC ( msg, "NTLM %s expected:\n", field );
        DBGC_HDA ( msg, 0, expected_raw, le16_to_cpu ( expected_data->len ) );
        DBGC ( msg, "NTLM %s actual:\n", field );
        DBGC_HDA ( msg, 0, raw, len );
        okx ( data->len == expected_data->len, file, line );
        okx ( memcmp ( raw, expected_raw, len ) == 0, file, line );
}
static void ntlm_authenticate_okx ( struct ntlm_authenticate_test test,
const char *  file,
unsigned int  line 
) [static]

Report NTLM authentication test result.

Parameters:
testAuthentication test
fileTest code file
lineTest code line

Definition at line 225 of file ntlm_test.c.

References ntlm_authenticate_test::challenge, ntlm_authenticate_test::challenge_len, ntlm_authenticate_test::domain, ntlm_authenticate::domain, ntlm_authenticate_test::expected, ntlm_authenticate::flags, free, ntlm_authenticate::header, len, ntlm_authenticate::lm, malloc(), memcmp(), ntlm_authenticate_test::nonce, ntlm_authenticate::nt, ntlm_authenticate_len(), ntlm_data_okx(), ntlm_key(), NTLM_NEGOTIATE_KEY_EXCH, ntlm_response(), NULL, okx, ntlm_authenticate_test::password, ntlm_authenticate::session, ntlm_authenticate::user, ntlm_authenticate_test::username, ntlm_authenticate_test::workstation, and ntlm_authenticate::workstation.

                                                                          {
        struct ntlm_authenticate *expected = test->expected;
        struct ntlm_challenge_info info;
        struct ntlm_authenticate *auth;
        struct ntlm_key key;
        struct ntlm_lm_response lm;
        struct ntlm_nt_response nt;
        size_t len;

        /* Parse Challenge message */
        okx ( ntlm_challenge ( test->challenge, test->challenge_len,
                               &info ) == 0, file, line );

        /* Generate key */
        ntlm_key ( test->domain, test->username, test->password, &key );

        /* Generate responses */
        ntlm_response ( &info, &key, &test->nonce, &lm, &nt );

        /* Allocate buffer for Authenticate message */
        len = ntlm_authenticate_len ( &info, test->domain, test->username,
                                      test->workstation );
        okx ( len >= sizeof ( *auth ), file, line );
        auth = malloc ( len );
        okx ( auth != NULL, file, line );

        /* Construct Authenticate message */
        okx ( ntlm_authenticate ( &info, test->domain, test->username,
                                  test->workstation, &lm, &nt, auth ) == len,
              file, line );

        /* Verify header */
        okx ( memcmp ( &auth->header, &expected->header,
                       sizeof ( auth->header ) ) == 0, file, line );

        /* Verify LAN Manager response */
        ntlm_data_okx ( &auth->header, len, &auth->lm, &expected->header,
                        &expected->lm, "LM", file, line );

        /* Verify NT response */
        ntlm_data_okx ( &auth->header, len, &auth->nt, &expected->header,
                        &expected->nt, "NT", file, line );

        /* Verify domain name */
        ntlm_data_okx ( &auth->header, len, &auth->domain, &expected->header,
                        &expected->domain, "domain", file, line );

        /* Verify user name */
        ntlm_data_okx ( &auth->header, len, &auth->user, &expected->header,
                        &expected->user, "user", file, line );

        /* Verify workstation name */
        ntlm_data_okx ( &auth->header, len, &auth->workstation,
                        &expected->header, &expected->workstation,
                        "workstation",file, line );

        /* Verify session key */
        if ( auth->flags & NTLM_NEGOTIATE_KEY_EXCH ) {
                ntlm_data_okx ( &auth->header, len, &auth->session,
                                &expected->header, &expected->session,
                                "session", file, line );
        }

        /* Free Authenticate message */
        free ( auth );
}
static void ntlm_test_exec ( void  ) [static]

Perform NTLM self-test.

Definition at line 299 of file ntlm_test.c.

References ntlm_authenticate_ok, and ntlm_key_ok.

                                    {

        /* Verify key generation */
        ntlm_key_ok ( &msnlmp_ntowfv2 );

        /* Verify authentication response */
        ntlm_authenticate_ok ( &msnlmp_authenticate );
}

Variable Documentation

struct self_test ntlm_test __self_test
Initial value:
 {
        .name = "ntlm",
        .exec = ntlm_test_exec,
}

NTLM self-test.

Definition at line 309 of file ntlm_test.c.