1 /*
2  * Unit test suite for crypt32.dll's CryptProtectData/CryptUnprotectData
3  *
4  * Copyright 2005 Kees Cook <kees@outflux.net>
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19  */
20 
21 #include <stdio.h>
22 #include <stdarg.h>
23 #include <windef.h>
24 #include <winbase.h>
25 #include <winerror.h>
26 #include <wincrypt.h>
27 
28 #include "wine/test.h"
29 
30 static BOOL (WINAPI *pCryptProtectData)(DATA_BLOB*,LPCWSTR,DATA_BLOB*,PVOID,CRYPTPROTECT_PROMPTSTRUCT*,DWORD,DATA_BLOB*);
31 static BOOL (WINAPI *pCryptUnprotectData)(DATA_BLOB*,LPWSTR*,DATA_BLOB*,PVOID,CRYPTPROTECT_PROMPTSTRUCT*,DWORD,DATA_BLOB*);
32 
33 static char  secret[]     = "I am a super secret string that no one can see!";
34 static char  secret2[]    = "I am a super secret string indescribable string";
35 static char  key[]        = "Wibble wibble wibble";
36 static const WCHAR desc[] = {'U','l','t','r','a',' ','s','e','c','r','e','t',' ','t','e','s','t',' ','m','e','s','s','a','g','e',0};
37 static BOOL protected = FALSE; /* if true, the unprotect tests can run */
38 static DATA_BLOB cipher;
39 static DATA_BLOB cipher_entropy;
40 static DATA_BLOB cipher_no_desc;
41 
test_cryptprotectdata(void)42 static void test_cryptprotectdata(void)
43 {
44     LONG r;
45     DATA_BLOB plain;
46     DATA_BLOB entropy;
47 
48     plain.pbData=(void*)secret;
49     plain.cbData=strlen(secret)+1;
50 
51     entropy.pbData=(void*)key;
52     entropy.cbData=strlen(key)+1;
53 
54     SetLastError(0xDEADBEEF);
55     protected = pCryptProtectData(NULL,desc,NULL,NULL,NULL,0,&cipher);
56     ok(!protected, "Encrypting without plain data source.\n");
57     r = GetLastError();
58     ok(r == ERROR_INVALID_PARAMETER, "Wrong (%u) GetLastError seen\n",r);
59 
60     SetLastError(0xDEADBEEF);
61     protected = pCryptProtectData(&plain,desc,NULL,NULL,NULL,0,NULL);
62     ok(!protected, "Encrypting without cipher destination.\n");
63     r = GetLastError();
64     ok(r == ERROR_INVALID_PARAMETER, "Wrong (%u) GetLastError seen\n",r);
65 
66     cipher.pbData=NULL;
67     cipher.cbData=0;
68 
69     /* without entropy */
70     SetLastError(0xDEADBEEF);
71     protected = pCryptProtectData(&plain,desc,NULL,NULL,NULL,0,&cipher);
72     ok(protected ||
73      broken(!protected), /* Win9x/NT4 */
74      "Encrypting without entropy.\n");
75     if (protected)
76     {
77         r = GetLastError();
78         ok(r == ERROR_SUCCESS ||
79            r == ERROR_IO_PENDING, /* win2k */
80            "Expected ERROR_SUCCESS or ERROR_IO_PENDING, got %d\n",r);
81     }
82 
83     cipher_entropy.pbData=NULL;
84     cipher_entropy.cbData=0;
85 
86     /* with entropy */
87     SetLastError(0xDEADBEEF);
88     protected = pCryptProtectData(&plain,desc,&entropy,NULL,NULL,0,&cipher_entropy);
89     ok(protected ||
90      broken(!protected), /* Win9x/NT4 */
91      "Encrypting with entropy.\n");
92 
93     cipher_no_desc.pbData=NULL;
94     cipher_no_desc.cbData=0;
95 
96     /* with entropy but no description */
97     plain.pbData=(void*)secret2;
98     plain.cbData=strlen(secret2)+1;
99     SetLastError(0xDEADBEEF);
100     protected = pCryptProtectData(&plain,NULL,&entropy,NULL,NULL,0,&cipher_no_desc);
101     if (!protected)
102     {
103         /* fails in win2k */
104         ok(GetLastError() == ERROR_INVALID_PARAMETER,
105            "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
106     }
107 }
108 
test_cryptunprotectdata(void)109 static void test_cryptunprotectdata(void)
110 {
111     LONG r;
112     DATA_BLOB plain;
113     DATA_BLOB entropy;
114     BOOL okay;
115     WCHAR * data_desc;
116 
117     entropy.pbData=(void*)key;
118     entropy.cbData=strlen(key)+1;
119 
120     /* fails in win2k */
121     if (!protected)
122     {
123         skip("CryptProtectData failed to run\n");
124         return;
125     }
126 
127     plain.pbData=NULL;
128     plain.cbData=0;
129 
130     SetLastError(0xDEADBEEF);
131     okay = pCryptUnprotectData(&cipher,NULL,NULL,NULL,NULL,0,NULL);
132     ok(!okay,"Decrypting without destination\n");
133     r = GetLastError();
134     ok(r == ERROR_INVALID_PARAMETER, "Wrong (%u) GetLastError seen\n",r);
135 
136     SetLastError(0xDEADBEEF);
137     okay = pCryptUnprotectData(NULL,NULL,NULL,NULL,NULL,0,&plain);
138     ok(!okay,"Decrypting without source\n");
139     r = GetLastError();
140     ok(r == ERROR_INVALID_PARAMETER, "Wrong (%u) GetLastError seen\n",r);
141 
142     plain.pbData=NULL;
143     plain.cbData=0;
144 
145     SetLastError(0xDEADBEEF);
146     okay = pCryptUnprotectData(&cipher_entropy,NULL,NULL,NULL,NULL,0,&plain);
147     ok(!okay,"Decrypting without needed entropy\n");
148     r = GetLastError();
149     ok(r == ERROR_INVALID_DATA, "Wrong (%u) GetLastError seen\n", r);
150 
151     plain.pbData=NULL;
152     plain.cbData=0;
153     data_desc=NULL;
154 
155     /* without entropy */
156     SetLastError(0xDEADBEEF);
157     okay = pCryptUnprotectData(&cipher,&data_desc,NULL,NULL,NULL,0,&plain);
158     ok(okay,"Decrypting without entropy\n");
159 
160     ok(plain.pbData!=NULL,"Plain DATA_BLOB missing data\n");
161     ok(plain.cbData==strlen(secret)+1,"Plain DATA_BLOB wrong length\n");
162     ok(!strcmp((const char*)plain.pbData,secret),"Plain does not match secret\n");
163     ok(data_desc!=NULL,"Description not allocated\n");
164     ok(!lstrcmpW(data_desc,desc),"Description does not match\n");
165 
166     LocalFree(plain.pbData);
167     LocalFree(data_desc);
168 
169     plain.pbData=NULL;
170     plain.cbData=0;
171     data_desc=NULL;
172 
173     /* with wrong entropy */
174     SetLastError(0xDEADBEEF);
175     okay = pCryptUnprotectData(&cipher_entropy,&data_desc,&cipher_entropy,NULL,NULL,0,&plain);
176     ok(!okay,"Decrypting with wrong entropy\n");
177     r = GetLastError();
178     ok(r == ERROR_INVALID_DATA, "Wrong (%u) GetLastError seen\n",r);
179 
180     /* with entropy */
181     SetLastError(0xDEADBEEF);
182     okay = pCryptUnprotectData(&cipher_entropy,&data_desc,&entropy,NULL,NULL,0,&plain);
183     ok(okay,"Decrypting with entropy\n");
184 
185     ok(plain.pbData!=NULL,"Plain DATA_BLOB missing data\n");
186     ok(plain.cbData==strlen(secret)+1,"Plain DATA_BLOB wrong length\n");
187     ok(!strcmp((const char*)plain.pbData,secret),"Plain does not match secret\n");
188     ok(data_desc!=NULL,"Description not allocated\n");
189     ok(!lstrcmpW(data_desc,desc),"Description does not match\n");
190 
191     LocalFree(plain.pbData);
192     LocalFree(data_desc);
193 
194     plain.pbData=NULL;
195     plain.cbData=0;
196     data_desc=NULL;
197 
198     /* with entropy but no description */
199     SetLastError(0xDEADBEEF);
200     okay = pCryptUnprotectData(&cipher_no_desc,&data_desc,&entropy,NULL,NULL,0,&plain);
201     ok(okay,"Decrypting with entropy and no description\n");
202 
203     ok(plain.pbData!=NULL,"Plain DATA_BLOB missing data\n");
204     ok(plain.cbData==strlen(secret2)+1,"Plain DATA_BLOB wrong length\n");
205     ok(!strcmp((const char*)plain.pbData,secret2),"Plain does not match secret\n");
206     ok(data_desc!=NULL,"Description not allocated\n");
207     ok(data_desc[0]=='\0',"Description not empty\n");
208 
209     LocalFree(data_desc);
210     LocalFree(plain.pbData);
211 
212     plain.pbData=NULL;
213     plain.cbData=0;
214 }
215 
test_simpleroundtrip(const char * plaintext)216 static void test_simpleroundtrip(const char *plaintext)
217 {
218     DATA_BLOB input;
219     DATA_BLOB encrypted;
220     DATA_BLOB output;
221     int res;
222     WCHAR emptyW[1];
223 
224     emptyW[0] = 0;
225     input.pbData = (unsigned char *)plaintext;
226     input.cbData = strlen(plaintext);
227     res = pCryptProtectData(&input, emptyW, NULL, NULL, NULL, 0, &encrypted);
228     ok(res != 0 || broken(!res), "can't protect\n");
229     if (!res)
230     {
231         /* Fails on Win9x, NT4 */
232         win_skip("CryptProtectData failed\n");
233         return;
234     }
235 
236     res = pCryptUnprotectData(&encrypted, NULL, NULL, NULL, NULL, 0, &output);
237     ok(res != 0, "can't unprotect; last error %u\n", GetLastError());
238     ok(output.cbData == strlen(plaintext), "output wrong length %d for input '%s', wanted %d\n", output.cbData, plaintext, lstrlenA(plaintext));
239     ok(!memcmp(plaintext, (char *)output.pbData, output.cbData), "output wrong contents for input '%s'\n", plaintext);
240     LocalFree(output.pbData);
241     LocalFree(encrypted.pbData);
242 }
243 
START_TEST(protectdata)244 START_TEST(protectdata)
245 {
246     HMODULE hCrypt32 = GetModuleHandleA("crypt32.dll");
247     pCryptProtectData = (void*)GetProcAddress(hCrypt32, "CryptProtectData");
248     pCryptUnprotectData = (void*)GetProcAddress(hCrypt32, "CryptUnprotectData");
249     if (!pCryptProtectData || !pCryptUnprotectData)
250     {
251         win_skip("Crypt(Un)ProtectData() is not available\n");
252         return;
253     }
254 
255     protected=FALSE;
256     test_cryptprotectdata();
257     test_cryptunprotectdata();
258     test_simpleroundtrip("");
259     test_simpleroundtrip("hello");
260 
261     /* deinit globals here */
262     if (cipher.pbData) LocalFree(cipher.pbData);
263     if (cipher_entropy.pbData) LocalFree(cipher_entropy.pbData);
264     if (cipher_no_desc.pbData) LocalFree(cipher_no_desc.pbData);
265 }
266