1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-24 02:04:21 +03:00
samba-mirror/lib/crypto/test_gkdi_key_derivation.c
Joseph Sutton 5f5a49d78a lib:crypto: Add tests for GKDI key derivation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 22 06:31:29 UTC 2023 on atb-devel-224
2023-12-22 06:31:29 +00:00

493 lines
21 KiB
C
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*
* Unix SMB/CIFS implementation.
*
* Copyright (C) Catalyst.Net Ltd 2023
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <stdarg.h>
#include <stddef.h>
#include <stdint.h>
#include <setjmp.h>
#include <cmocka.h>
#include "replace.h"
#include <talloc.h>
#include "libcli/util/ntstatus.h"
#include "lib/crypto/gkdi.h"
static const uint8_t gmsa_security_descriptor[] = {
/* O:SYD:(A;;FRFW;;;S-1-5-9) */
0x01, 0x00, 0x04, 0x80, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x02, 0x00, 0x1c, 0x00,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x9f, 0x01, 0x12, 0x00,
0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00,
0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00};
#define GKID(l0_idx_, l1_idx_, l2_idx_) \
((struct Gkid){.l0_idx = l0_idx_, .l1_idx = l1_idx_, .l2_idx = l2_idx_})
#define GUID_LITERAL( \
time_low_, time_mid_, time_hi_and_version_, clock_seq_, node_) \
((struct GUID){.time_low = (0x##time_low_), \
.time_mid = (0x##time_mid_), \
.time_hi_and_version = (0x##time_hi_and_version_), \
.clock_seq = {(uint32_t)(0x##clock_seq_) >> 8, \
(uint8_t)(0x##clock_seq_)}, \
.node = {(uint64_t)(0x##node_) >> 40, \
(uint8_t)((uint64_t)(0x##node_) >> 32), \
(uint8_t)((uint64_t)(0x##node_) >> 24), \
(uint8_t)((uint64_t)(0x##node_) >> 16), \
(uint8_t)((uint64_t)(0x##node_) >> 8), \
(uint8_t)(0x##node_)}})
struct test_vector {
const char *name; /* The name of the test scenario. */
struct Gkid gkid; /* The GKID of the key to derive. */
struct ProvRootKey root_key;
NTSTATUS expected_status;
uint8_t expected_key[GKDI_KEY_LEN]; /* The expected derived key. */
};
#define DATA_BLOB_CONST(data_, length_) \
((DATA_BLOB){.data = (discard_const_p(uint8_t, data_)), \
.length = (length_)})
#define ARRAY(...) ((const uint8_t[]){__VA_ARGS__})
#define ROOT_KEY_DATA(...) \
DATA_BLOB_CONST(ARRAY(__VA_ARGS__), sizeof(ARRAY(__VA_ARGS__)))
#define EXPECTED_KEY(...) {__VA_ARGS__}
#define ROOT_KEY_VERSION(version) (version)
#define ARBITRARY_ROOT_KEY_DATA \
ROOT_KEY_DATA(72, 159, 53, 49, 197, 55, 119, 77, 67, 45, 107, \
151, 227, 188, 31, 67, 210, 232, 198, 220, 23, 235, \
14, 79, 217, 160, 135, 13, 47, 30, 191, 146, 226, \
73, 102, 104, 168, 181, 189, 17, 174, 162, 211, 45, \
10, 171, 113, 111, 72, 254, 86, 159, 92, 155, 80, \
255, 63, 155, 245, 222, 174, 165, 114, 251)
#define ARBITRARY_GUID GUID_LITERAL(4cdf4285, c46a, 62a3, 2f7d, 95f97342685b)
#define SUCCESS_VECTOR( \
name_, root_key_id, algorithm, gkid_, root_key_data, expected_key_) \
{ \
.name = (name_), .gkid = (gkid_), \
.root_key = {.version = root_key_version_1, \
.id = (root_key_id), \
.data = (root_key_data), \
.kdf_algorithm = \
{.id = KDF_ALGORITHM_SP800_108_CTR_HMAC, \
.param.sp800_108 = (algorithm)}}, \
.expected_status = NT_STATUS_OK, \
.expected_key = expected_key_, \
}
#define FAILURE_VECTOR_VERSION(name_, \
root_key_id, \
algorithm, \
gkid_, \
root_key_version, \
root_key_data, \
expected_status_) \
{ \
.name = (name_), .gkid = (gkid_), \
.root_key = {.version = (root_key_version), \
.id = (root_key_id), \
.data = (root_key_data), \
.kdf_algorithm = \
{.id = KDF_ALGORITHM_SP800_108_CTR_HMAC, \
.param.sp800_108 = (algorithm)}}, \
.expected_status = (expected_status_), .expected_key = {}, \
}
#define FAILURE_VECTOR( \
name_, root_key_id, algorithm, gkid_, root_key_data, expected_status_) \
FAILURE_VECTOR_VERSION(name_, \
root_key_id, \
algorithm, \
gkid_, \
root_key_version_1, \
root_key_data, \
expected_status_)
/* Test vectors derived from samba.tests.krb5.gkdi_tests Python tests. */
static const struct test_vector gkdi_vectors[] = {
SUCCESS_VECTOR(
"samba.tests.krb5.gkdi_tests.GkdiSelfTests.test_current_l0_idx_"
"l1_seed_key",
GUID_LITERAL(89f70521, 9d66, 441f, c314, 1b462f9b1052),
KDF_PARAM_SHA512,
GKID(255, 24, -1),
ROOT_KEY_DATA(166, 239, 135, 219, 187, 248, 107, 107, 190, 85,
117, 11, 148, 31, 19, 202, 153, 239, 229, 24,
94, 46, 43, 222, 213, 184, 56, 216, 160, 231,
118, 71, 5, 55, 230, 140, 174, 69, 167, 160,
244, 177, 214, 201, 191, 84, 148, 195, 248, 121,
225, 114, 227, 38, 85, 124, 219, 182, 165, 110,
135, 153, 167, 34),
EXPECTED_KEY(189, 83, 138, 7, 52, 144, 243, 207, 148, 81,
201, 51, 2, 93, 233, 178, 44, 151, 234, 221,
175, 250, 148, 179, 121, 226, 185, 25, 164, 190,
209, 71, 91, 198, 127, 106, 145, 117, 177, 57,
198, 146, 4, 197, 125, 67, 0, 160, 20, 31,
254, 52, 209, 44, 237, 132, 97, 69, 147, 177,
170, 19, 175, 28)),
SUCCESS_VECTOR(
"samba.tests.krb5.gkdi_tests.GkdiSelfTests.test_current_l0_idx_"
"l2_seed_key",
GUID_LITERAL(1a3d6c30, aa81, cb7f, d3fe, 80775d135dfe),
KDF_PARAM_SHA512,
GKID(321, 0, 12),
ROOT_KEY_DATA(223, 217, 91, 227, 21, 58, 8, 5, 198, 86,
148, 231, 210, 132, 170, 206, 90, 176, 170, 73,
51, 80, 2, 94, 184, 219, 198, 223, 11, 78,
146, 86, 251, 76, 191, 190, 98, 55, 206, 55,
50, 105, 78, 38, 8, 118, 0, 118, 182, 112,
130, 211, 154, 189, 60, 15, 237, 186, 27, 136,
115, 100, 80, 100),
EXPECTED_KEY(187, 189, 147, 118, 205, 22, 194, 71, 237, 64,
245, 145, 45, 25, 8, 33, 140, 8, 240, 145,
91, 174, 2, 254, 2, 203, 251, 55, 83, 189,
228, 6, 249, 197, 83, 172, 217, 81, 67, 207,
99, 144, 106, 4, 64, 227, 207, 35, 125, 35,
53, 174, 78, 75, 156, 210, 217, 70, 167, 19,
81, 235, 203, 123)),
SUCCESS_VECTOR(
"samba.tests.krb5.gkdi_tests.GkdiSelfTests.test_current_l0_idx_"
"both_seed_keys (next older L1)",
GUID_LITERAL(09de0b38, c743, 7abf, 44ea, 7a3c3e404314),
KDF_PARAM_SHA512,
GKID(123, 20, -1),
ROOT_KEY_DATA(213, 145, 45, 14, 179, 189, 96, 225, 55, 27,
30, 82, 93, 216, 59, 231, 252, 91, 175, 119,
1, 139, 13, 186, 107, 217, 72, 183, 169, 142,
190, 90, 243, 118, 116, 51, 37, 6, 164, 108,
82, 193, 8, 166, 47, 42, 62, 137, 37, 26,
209, 189, 230, 213, 57, 0, 70, 121, 192, 101,
136, 83, 187, 104),
EXPECTED_KEY(177, 247, 197, 137, 110, 125, 199, 145, 217, 192,
170, 248, 202, 125, 186, 184, 193, 114, 164, 248,
184, 115, 219, 72, 138, 60, 76, 189, 15, 85,
155, 17, 82, 255, 186, 57, 212, 175, 242, 217,
232, 170, 218, 144, 178, 122, 60, 148, 165, 175,
153, 111, 75, 143, 88, 74, 79, 55, 204, 171,
77, 80, 93, 61)),
SUCCESS_VECTOR(
"samba.tests.krb5.gkdi_tests.GkdiSelfTests.test_current_l0_idx_"
"both_seed_keys (L2)",
GUID_LITERAL(09de0b38, c743, 7abf, 44ea, 7a3c3e404314),
KDF_PARAM_SHA512,
GKID(123, 21, 0),
ROOT_KEY_DATA(213, 145, 45, 14, 179, 189, 96, 225, 55, 27,
30, 82, 93, 216, 59, 231, 252, 91, 175, 119,
1, 139, 13, 186, 107, 217, 72, 183, 169, 142,
190, 90, 243, 118, 116, 51, 37, 6, 164, 108,
82, 193, 8, 166, 47, 42, 62, 137, 37, 26,
209, 189, 230, 213, 57, 0, 70, 121, 192, 101,
136, 83, 187, 104),
EXPECTED_KEY(19, 60, 155, 189, 32, 217, 34, 122, 235, 56,
223, 205, 59, 230, 188, 191, 197, 152, 59, 163,
114, 2, 8, 143, 245, 200, 167, 5, 17, 33,
69, 6, 166, 156, 25, 90, 136, 7, 205, 132,
75, 203, 149, 94, 149, 105, 200, 228, 209, 151,
117, 159, 40, 87, 124, 193, 38, 209, 95, 22,
167, 218, 78, 224)),
SUCCESS_VECTOR(
"samba.tests.krb5.gkdi_tests.GkdiSelfTests.test_previous_l0_"
"idx",
GUID_LITERAL(27136e8f, e093, 6fe3, e57f, 1d915b102e1c),
KDF_PARAM_SHA512,
GKID(100, 31, -1),
ROOT_KEY_DATA(180, 17, 24, 198, 10, 25, 202, 250, 94, 207,
133, 141, 26, 42, 34, 22, 82, 123, 45, 174,
223, 56, 110, 157, 89, 158, 66, 164, 106, 221,
108, 125, 201, 56, 104, 97, 151, 97, 200, 128,
255, 54, 116, 167, 124, 110, 95, 191, 52, 52,
209, 48, 169, 114, 123, 178, 205, 42, 37, 87,
189, 207, 199, 82),
EXPECTED_KEY(147, 92, 189, 192, 97, 152, 235, 40, 250, 68,
184, 216, 39, 143, 81, 7, 44, 70, 19, 153,
146, 54, 88, 80, 65, 237, 232, 231, 45, 2,
254, 149, 227, 69, 79, 4, 99, 130, 203, 192,
167, 0, 119, 155, 121, 71, 77, 215, 224, 128,
80, 157, 118, 48, 45, 41, 55, 64, 126, 150,
227, 211, 208, 34)),
SUCCESS_VECTOR(
"samba.tests.krb5.gkdi_tests.GkdiSelfTests.test_sha1 (next "
"older L1)",
GUID_LITERAL(970abad6, fe55, 073a, caf1, b801d3f26bd3),
KDF_PARAM_SHA1,
GKID(1, 1, -1),
ROOT_KEY_DATA(59, 237, 3, 191, 15, 183, 212, 1, 49, 73,
21, 79, 36, 202, 45, 89, 185, 141, 182, 213,
136, 203, 31, 84, 236, 160, 131, 133, 94, 37,
235, 40, 211, 86, 42, 1, 173, 199, 140, 75,
112, 224, 183, 42, 89, 81, 88, 99, 231, 115,
43, 133, 63, 186, 2, 221, 118, 70, 230, 49,
8, 68, 18, 17),
EXPECTED_KEY(87, 108, 182, 143, 46, 82, 235, 115, 159, 129,
123, 72, 140, 53, 144, 216, 111, 28, 44, 54,
95, 63, 201, 32, 29, 156, 127, 238, 116, 148,
133, 61, 88, 116, 110, 225, 62, 72, 241, 138,
166, 250, 105, 247, 21, 125, 227, 208, 125, 227,
78, 19, 131, 103, 146, 183, 192, 136, 255, 182,
145, 74, 137, 194)),
SUCCESS_VECTOR(
"samba.tests.krb5.gkdi_tests.GkdiSelfTests.test_sha1 (L2)",
GUID_LITERAL(970abad6, fe55, 073a, caf1, b801d3f26bd3),
KDF_PARAM_SHA1,
GKID(1, 2, 3),
ROOT_KEY_DATA(59, 237, 3, 191, 15, 183, 212, 1, 49, 73,
21, 79, 36, 202, 45, 89, 185, 141, 182, 213,
136, 203, 31, 84, 236, 160, 131, 133, 94, 37,
235, 40, 211, 86, 42, 1, 173, 199, 140, 75,
112, 224, 183, 42, 89, 81, 88, 99, 231, 115,
43, 133, 63, 186, 2, 221, 118, 70, 230, 49,
8, 68, 18, 17),
EXPECTED_KEY(63, 251, 130, 90, 218, 241, 22, 182, 83, 50,
7, 213, 104, 163, 14, 211, 211, 242, 28, 104,
132, 9, 65, 201, 69, 102, 132, 249, 175, 161,
27, 5, 110, 12, 89, 57, 27, 77, 136, 196,
149, 217, 132, 195, 214, 128, 2, 156, 197, 197,
148, 99, 15, 52, 23, 145, 25, 193, 197, 172,
170, 229, 233, 14)),
SUCCESS_VECTOR(
"samba.tests.krb5.gkdi_tests.GkdiSelfTests.test_sha256 (next "
"older L1)",
GUID_LITERAL(45e26207, ed33, dcd5, 925a, 518a0deef69e),
KDF_PARAM_SHA256,
GKID(222, 21, -1),
ROOT_KEY_DATA(40, 181, 182, 80, 61, 60, 29, 36, 129, 77,
231, 129, 187, 123, 252, 227, 239, 105, 238, 209,
206, 72, 9, 55, 43, 238, 44, 80, 98, 112,
197, 240, 181, 198, 223, 89, 116, 114, 98, 63,
37, 108, 134, 218, 160, 153, 30, 138, 17, 161,
112, 95, 33, 178, 207, 220, 11, 185, 219, 75,
162, 50, 70, 162),
EXPECTED_KEY(87, 172, 237, 110, 117, 248, 63, 58, 244, 248,
121, 179, 139, 96, 240, 144, 180, 46, 75, 250,
2, 47, 174, 62, 111, 217, 66, 128, 180, 105,
176, 236, 21, 216, 184, 83, 168, 112, 181, 251,
223, 40, 112, 140, 206, 25, 39, 59, 116, 165,
115, 172, 190, 13, 237, 168, 239, 81, 93, 180,
105, 30, 45, 203)),
SUCCESS_VECTOR(
"samba.tests.krb5.gkdi_tests.GkdiSelfTests.test_sha256 (L2)",
GUID_LITERAL(45e26207, ed33, dcd5, 925a, 518a0deef69e),
KDF_PARAM_SHA256,
GKID(222, 22, 22),
ROOT_KEY_DATA(40, 181, 182, 80, 61, 60, 29, 36, 129, 77,
231, 129, 187, 123, 252, 227, 239, 105, 238, 209,
206, 72, 9, 55, 43, 238, 44, 80, 98, 112,
197, 240, 181, 198, 223, 89, 116, 114, 98, 63,
37, 108, 134, 218, 160, 153, 30, 138, 17, 161,
112, 95, 33, 178, 207, 220, 11, 185, 219, 75,
162, 50, 70, 162),
EXPECTED_KEY(117, 42, 8, 121, 174, 36, 36, 192, 80, 76,
116, 147, 89, 159, 19, 229, 136, 225, 187, 220,
37, 47, 131, 50, 90, 213, 177, 251, 145, 194,
76, 137, 1, 212, 64, 243, 255, 159, 251, 165,
159, 205, 101, 187, 151, 87, 50, 217, 243, 131,
221, 80, 184, 152, 23, 75, 185, 57, 62, 56,
61, 37, 213, 64)),
SUCCESS_VECTOR(
"samba.tests.krb5.gkdi_tests.GkdiSelfTests.test_sha384 (next "
"older L1)",
GUID_LITERAL(66e6d9f7, 4924, f3fc, fe34, 605634d42ebd),
KDF_PARAM_SHA384,
GKID(287, 27, -1),
ROOT_KEY_DATA(35, 229, 186, 134, 203, 216, 143, 123, 67, 46,
230, 109, 187, 3, 191, 78, 235, 244, 1, 203,
252, 61, 247, 53, 212, 215, 40, 181, 3, 200,
127, 132, 50, 7, 198, 246, 21, 63, 25, 13,
254, 133, 168, 108, 184, 216, 183, 77, 241, 59,
37, 48, 89, 129, 190, 141, 126, 41, 201, 110,
229, 76, 150, 48),
EXPECTED_KEY(250, 186, 221, 122, 154, 99, 223, 87, 214, 131,
45, 247, 167, 53, 174, 187, 110, 24, 24, 136,
178, 234, 243, 1, 162, 228, 255, 154, 112, 36,
109, 56, 171, 29, 36, 22, 50, 91, 243, 235,
114, 106, 2, 103, 186, 180, 189, 149, 12, 114,
145, 240, 94, 165, 241, 113, 151, 236, 229, 105,
146, 175, 62, 184)),
SUCCESS_VECTOR(
"samba.tests.krb5.gkdi_tests.GkdiSelfTests.test_sha384 (L2)",
GUID_LITERAL(66e6d9f7, 4924, f3fc, fe34, 605634d42ebd),
KDF_PARAM_SHA384,
GKID(287, 28, 27),
ROOT_KEY_DATA(35, 229, 186, 134, 203, 216, 143, 123, 67, 46,
230, 109, 187, 3, 191, 78, 235, 244, 1, 203,
252, 61, 247, 53, 212, 215, 40, 181, 3, 200,
127, 132, 50, 7, 198, 246, 21, 63, 25, 13,
254, 133, 168, 108, 184, 216, 183, 77, 241, 59,
37, 48, 89, 129, 190, 141, 126, 41, 201, 110,
229, 76, 150, 48),
EXPECTED_KEY(236, 28, 101, 99, 75, 86, 148, 129, 142, 29,
52, 29, 169, 153, 109, 184, 242, 161, 239, 106,
44, 119, 106, 113, 38, 167, 235, 209, 139, 55,
160, 115, 175, 218, 196, 76, 65, 177, 103, 177,
78, 75, 135, 45, 72, 91, 187, 109, 123, 112,
150, 66, 21, 208, 232, 74, 47, 241, 66, 169,
217, 67, 242, 5)),
SUCCESS_VECTOR(
"samba.tests.krb5.gkdi_tests.GkdiSelfTests.test_derive_key_"
"exact",
GUID_LITERAL(d95fb06f, 5a9c, 1829, e20d, 27f3f2ecfbeb),
KDF_PARAM_SHA512,
GKID(333, 22, 11),
ROOT_KEY_DATA(72, 159, 53, 49, 197, 55, 119, 77, 67, 45,
107, 151, 227, 188, 31, 67, 210, 232, 198, 220,
23, 235, 14, 79, 217, 160, 135, 13, 47, 30,
191, 146, 226, 73, 102, 104, 168, 181, 189, 17,
174, 162, 211, 45, 10, 171, 113, 111, 72, 254,
86, 159, 92, 155, 80, 255, 63, 155, 245, 222,
174, 165, 114, 251),
EXPECTED_KEY(214, 171, 59, 20, 244, 244, 200, 144, 138, 163,
70, 64, 17, 179, 159, 16, 168, 191, 173, 185,
151, 74, 249, 15, 125, 154, 159, 237, 226, 253,
198, 229, 246, 138, 98, 142, 192, 15, 153, 148,
163, 171, 216, 165, 42, 233, 226, 219, 79, 104,
232, 54, 72, 49, 30, 157, 119, 101, 242, 83,
85, 21, 181, 226)),
FAILURE_VECTOR_VERSION("unsupported root key version (0)",
ARBITRARY_GUID,
KDF_PARAM_SHA512,
GKID(0, 0, 0),
ROOT_KEY_VERSION(0),
ARBITRARY_ROOT_KEY_DATA,
NT_STATUS_NOT_SUPPORTED),
FAILURE_VECTOR_VERSION("unsupported root key version (2)",
ARBITRARY_GUID,
KDF_PARAM_SHA512,
GKID(0, 0, 0),
ROOT_KEY_VERSION(2),
ARBITRARY_ROOT_KEY_DATA,
NT_STATUS_NOT_SUPPORTED),
FAILURE_VECTOR("unsupported algorithm (1)",
ARBITRARY_GUID,
-1 /* an unsupported algorithm */,
GKID(0, 0, 0),
ARBITRARY_ROOT_KEY_DATA,
NT_STATUS_NOT_SUPPORTED),
FAILURE_VECTOR("wrong length (32 bytes short) for root key data",
ARBITRARY_GUID,
KDF_PARAM_SHA512,
GKID(0, 0, 0),
ROOT_KEY_DATA(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31),
NT_STATUS_NOT_SUPPORTED),
FAILURE_VECTOR("default GKID (1, 1, 1)",
ARBITRARY_GUID,
KDF_PARAM_SHA512,
GKID(-1, -1, -1),
ARBITRARY_ROOT_KEY_DATA,
NT_STATUS_INVALID_PARAMETER),
FAILURE_VECTOR("invalid GKID (2, 1, 1)",
ARBITRARY_GUID,
KDF_PARAM_SHA512,
GKID(-2, -1, -1),
ARBITRARY_ROOT_KEY_DATA,
NT_STATUS_INVALID_PARAMETER),
FAILURE_VECTOR("invalid GKID (1, 0, 0)",
ARBITRARY_GUID,
KDF_PARAM_SHA512,
GKID(-1, 0, 0),
ARBITRARY_ROOT_KEY_DATA,
NT_STATUS_INVALID_PARAMETER),
FAILURE_VECTOR("invalid GKID (0, 1, 0)",
ARBITRARY_GUID,
KDF_PARAM_SHA512,
GKID(0, -1, 0),
ARBITRARY_ROOT_KEY_DATA,
NT_STATUS_INVALID_PARAMETER),
FAILURE_VECTOR("invalid GKID (0, 2, 1)",
ARBITRARY_GUID,
KDF_PARAM_SHA512,
GKID(0, -2, -1),
ARBITRARY_ROOT_KEY_DATA,
NT_STATUS_INVALID_PARAMETER),
FAILURE_VECTOR("invalid GKID (0, 0, 2)",
ARBITRARY_GUID,
KDF_PARAM_SHA512,
GKID(0, 0, -2),
ARBITRARY_ROOT_KEY_DATA,
NT_STATUS_INVALID_PARAMETER),
FAILURE_VECTOR("invalid GKID (123, 0, 32)",
ARBITRARY_GUID,
KDF_PARAM_SHA512,
GKID(123, 0, 32),
ARBITRARY_ROOT_KEY_DATA,
NT_STATUS_INVALID_PARAMETER),
FAILURE_VECTOR("invalid GKID (456, 32, 0)",
ARBITRARY_GUID,
KDF_PARAM_SHA512,
GKID(456, 32, 0),
ARBITRARY_ROOT_KEY_DATA,
NT_STATUS_INVALID_PARAMETER),
FAILURE_VECTOR("try to derive L0 seed key (333, 1, 1)",
ARBITRARY_GUID,
KDF_PARAM_SHA512,
GKID(333, -1, -1),
ARBITRARY_ROOT_KEY_DATA,
NT_STATUS_INVALID_PARAMETER),
};
static void test_gkdi_key_derivation(void **state)
{
TALLOC_CTX *mem_ctx = NULL;
size_t n;
mem_ctx = talloc_new(NULL);
assert_non_null(mem_ctx);
for (n = 0; n < ARRAY_SIZE(gkdi_vectors); ++n) {
const struct test_vector *test_vector = &gkdi_vectors[n];
uint8_t out[GKDI_KEY_LEN] = {};
NTSTATUS status;
print_message("Running: %s\n", test_vector->name);
status = compute_seed_key(
mem_ctx,
DATA_BLOB_CONST(gmsa_security_descriptor,
sizeof gmsa_security_descriptor),
&test_vector->root_key,
test_vector->gkid,
out);
assert_int_equal(NT_STATUS_V(test_vector->expected_status),
NT_STATUS_V(status));
assert_memory_equal(test_vector->expected_key,
out,
GKDI_KEY_LEN);
}
talloc_free(mem_ctx);
}
int main(int argc, char *argv[])
{
static const struct CMUnitTest tests[] = {
cmocka_unit_test(test_gkdi_key_derivation),
};
if (argc == 2) {
cmocka_set_test_filter(argv[1]);
}
cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
return cmocka_run_group_tests(tests, NULL, NULL);
}