1 /* 2 * Unit test suite for crypt32.dll's CryptProtectData/CryptUnprotectData 3 * 4 * Copyright 2005 Kees Cook <kees@outflux.net> 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA 19 */ 20 21 #include <stdio.h> 22 #include <stdarg.h> 23 #include <windef.h> 24 #include <winbase.h> 25 #include <winerror.h> 26 #include <wincrypt.h> 27 28 #include "wine/test.h" 29 30 static BOOL (WINAPI *pCryptProtectData)(DATA_BLOB*,LPCWSTR,DATA_BLOB*,PVOID,CRYPTPROTECT_PROMPTSTRUCT*,DWORD,DATA_BLOB*); 31 static BOOL (WINAPI *pCryptUnprotectData)(DATA_BLOB*,LPWSTR*,DATA_BLOB*,PVOID,CRYPTPROTECT_PROMPTSTRUCT*,DWORD,DATA_BLOB*); 32 33 static char secret[] = "I am a super secret string that no one can see!"; 34 static char secret2[] = "I am a super secret string indescribable string"; 35 static char key[] = "Wibble wibble wibble"; 36 static const WCHAR desc[] = {'U','l','t','r','a',' ','s','e','c','r','e','t',' ','t','e','s','t',' ','m','e','s','s','a','g','e',0}; 37 static BOOL protected = FALSE; /* if true, the unprotect tests can run */ 38 static DATA_BLOB cipher; 39 static DATA_BLOB cipher_entropy; 40 static DATA_BLOB cipher_no_desc; 41 42 static void test_cryptprotectdata(void) 43 { 44 LONG r; 45 DATA_BLOB plain; 46 DATA_BLOB entropy; 47 48 plain.pbData=(void*)secret; 49 plain.cbData=strlen(secret)+1; 50 51 entropy.pbData=(void*)key; 52 entropy.cbData=strlen(key)+1; 53 54 SetLastError(0xDEADBEEF); 55 protected = pCryptProtectData(NULL,desc,NULL,NULL,NULL,0,&cipher); 56 ok(!protected, "Encrypting without plain data source.\n"); 57 r = GetLastError(); 58 ok(r == ERROR_INVALID_PARAMETER, "Wrong (%u) GetLastError seen\n",r); 59 60 SetLastError(0xDEADBEEF); 61 protected = pCryptProtectData(&plain,desc,NULL,NULL,NULL,0,NULL); 62 ok(!protected, "Encrypting without cipher destination.\n"); 63 r = GetLastError(); 64 ok(r == ERROR_INVALID_PARAMETER, "Wrong (%u) GetLastError seen\n",r); 65 66 cipher.pbData=NULL; 67 cipher.cbData=0; 68 69 /* without entropy */ 70 SetLastError(0xDEADBEEF); 71 protected = pCryptProtectData(&plain,desc,NULL,NULL,NULL,0,&cipher); 72 ok(protected || 73 broken(!protected), /* Win9x/NT4 */ 74 "Encrypting without entropy.\n"); 75 if (protected) 76 { 77 r = GetLastError(); 78 ok(r == ERROR_SUCCESS || 79 r == ERROR_IO_PENDING, /* win2k */ 80 "Expected ERROR_SUCCESS or ERROR_IO_PENDING, got %d\n",r); 81 } 82 83 cipher_entropy.pbData=NULL; 84 cipher_entropy.cbData=0; 85 86 /* with entropy */ 87 SetLastError(0xDEADBEEF); 88 protected = pCryptProtectData(&plain,desc,&entropy,NULL,NULL,0,&cipher_entropy); 89 ok(protected || 90 broken(!protected), /* Win9x/NT4 */ 91 "Encrypting with entropy.\n"); 92 93 cipher_no_desc.pbData=NULL; 94 cipher_no_desc.cbData=0; 95 96 /* with entropy but no description */ 97 plain.pbData=(void*)secret2; 98 plain.cbData=strlen(secret2)+1; 99 SetLastError(0xDEADBEEF); 100 protected = pCryptProtectData(&plain,NULL,&entropy,NULL,NULL,0,&cipher_no_desc); 101 if (!protected) 102 { 103 /* fails in win2k */ 104 ok(GetLastError() == ERROR_INVALID_PARAMETER, 105 "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); 106 } 107 } 108 109 static void test_cryptunprotectdata(void) 110 { 111 LONG r; 112 DATA_BLOB plain; 113 DATA_BLOB entropy; 114 BOOL okay; 115 WCHAR * data_desc; 116 117 entropy.pbData=(void*)key; 118 entropy.cbData=strlen(key)+1; 119 120 /* fails in win2k */ 121 if (!protected) 122 { 123 skip("CryptProtectData failed to run\n"); 124 return; 125 } 126 127 plain.pbData=NULL; 128 plain.cbData=0; 129 130 SetLastError(0xDEADBEEF); 131 okay = pCryptUnprotectData(&cipher,NULL,NULL,NULL,NULL,0,NULL); 132 ok(!okay,"Decrypting without destination\n"); 133 r = GetLastError(); 134 ok(r == ERROR_INVALID_PARAMETER, "Wrong (%u) GetLastError seen\n",r); 135 136 SetLastError(0xDEADBEEF); 137 okay = pCryptUnprotectData(NULL,NULL,NULL,NULL,NULL,0,&plain); 138 ok(!okay,"Decrypting without source\n"); 139 r = GetLastError(); 140 ok(r == ERROR_INVALID_PARAMETER, "Wrong (%u) GetLastError seen\n",r); 141 142 plain.pbData=NULL; 143 plain.cbData=0; 144 145 SetLastError(0xDEADBEEF); 146 okay = pCryptUnprotectData(&cipher_entropy,NULL,NULL,NULL,NULL,0,&plain); 147 ok(!okay,"Decrypting without needed entropy\n"); 148 r = GetLastError(); 149 ok(r == ERROR_INVALID_DATA, "Wrong (%u) GetLastError seen\n", r); 150 151 plain.pbData=NULL; 152 plain.cbData=0; 153 data_desc=NULL; 154 155 /* without entropy */ 156 SetLastError(0xDEADBEEF); 157 okay = pCryptUnprotectData(&cipher,&data_desc,NULL,NULL,NULL,0,&plain); 158 ok(okay,"Decrypting without entropy\n"); 159 160 ok(plain.pbData!=NULL,"Plain DATA_BLOB missing data\n"); 161 ok(plain.cbData==strlen(secret)+1,"Plain DATA_BLOB wrong length\n"); 162 ok(!strcmp((const char*)plain.pbData,secret),"Plain does not match secret\n"); 163 ok(data_desc!=NULL,"Description not allocated\n"); 164 ok(!lstrcmpW(data_desc,desc),"Description does not match\n"); 165 166 LocalFree(plain.pbData); 167 LocalFree(data_desc); 168 169 plain.pbData=NULL; 170 plain.cbData=0; 171 data_desc=NULL; 172 173 /* with wrong entropy */ 174 SetLastError(0xDEADBEEF); 175 okay = pCryptUnprotectData(&cipher_entropy,&data_desc,&cipher_entropy,NULL,NULL,0,&plain); 176 ok(!okay,"Decrypting with wrong entropy\n"); 177 r = GetLastError(); 178 ok(r == ERROR_INVALID_DATA, "Wrong (%u) GetLastError seen\n",r); 179 180 /* with entropy */ 181 SetLastError(0xDEADBEEF); 182 okay = pCryptUnprotectData(&cipher_entropy,&data_desc,&entropy,NULL,NULL,0,&plain); 183 ok(okay,"Decrypting with entropy\n"); 184 185 ok(plain.pbData!=NULL,"Plain DATA_BLOB missing data\n"); 186 ok(plain.cbData==strlen(secret)+1,"Plain DATA_BLOB wrong length\n"); 187 ok(!strcmp((const char*)plain.pbData,secret),"Plain does not match secret\n"); 188 ok(data_desc!=NULL,"Description not allocated\n"); 189 ok(!lstrcmpW(data_desc,desc),"Description does not match\n"); 190 191 LocalFree(plain.pbData); 192 LocalFree(data_desc); 193 194 plain.pbData=NULL; 195 plain.cbData=0; 196 data_desc=NULL; 197 198 /* with entropy but no description */ 199 SetLastError(0xDEADBEEF); 200 okay = pCryptUnprotectData(&cipher_no_desc,&data_desc,&entropy,NULL,NULL,0,&plain); 201 ok(okay,"Decrypting with entropy and no description\n"); 202 203 ok(plain.pbData!=NULL,"Plain DATA_BLOB missing data\n"); 204 ok(plain.cbData==strlen(secret2)+1,"Plain DATA_BLOB wrong length\n"); 205 ok(!strcmp((const char*)plain.pbData,secret2),"Plain does not match secret\n"); 206 ok(data_desc!=NULL,"Description not allocated\n"); 207 ok(data_desc[0]=='\0',"Description not empty\n"); 208 209 LocalFree(data_desc); 210 LocalFree(plain.pbData); 211 212 plain.pbData=NULL; 213 plain.cbData=0; 214 } 215 216 static void test_simpleroundtrip(const char *plaintext) 217 { 218 DATA_BLOB input; 219 DATA_BLOB encrypted; 220 DATA_BLOB output; 221 int res; 222 WCHAR emptyW[1]; 223 224 emptyW[0] = 0; 225 input.pbData = (unsigned char *)plaintext; 226 input.cbData = strlen(plaintext); 227 res = pCryptProtectData(&input, emptyW, NULL, NULL, NULL, 0, &encrypted); 228 ok(res != 0 || broken(!res), "can't protect\n"); 229 if (!res) 230 { 231 /* Fails on Win9x, NT4 */ 232 win_skip("CryptProtectData failed\n"); 233 return; 234 } 235 236 res = pCryptUnprotectData(&encrypted, NULL, NULL, NULL, NULL, 0, &output); 237 ok(res != 0, "can't unprotect; last error %u\n", GetLastError()); 238 ok(output.cbData == strlen(plaintext), "output wrong length %d for input '%s', wanted %d\n", output.cbData, plaintext, lstrlenA(plaintext)); 239 ok(!memcmp(plaintext, (char *)output.pbData, output.cbData), "output wrong contents for input '%s'\n", plaintext); 240 LocalFree(output.pbData); 241 LocalFree(encrypted.pbData); 242 } 243 244 START_TEST(protectdata) 245 { 246 HMODULE hCrypt32 = GetModuleHandleA("crypt32.dll"); 247 pCryptProtectData = (void*)GetProcAddress(hCrypt32, "CryptProtectData"); 248 pCryptUnprotectData = (void*)GetProcAddress(hCrypt32, "CryptUnprotectData"); 249 if (!pCryptProtectData || !pCryptUnprotectData) 250 { 251 win_skip("Crypt(Un)ProtectData() is not available\n"); 252 return; 253 } 254 255 protected=FALSE; 256 test_cryptprotectdata(); 257 test_cryptunprotectdata(); 258 test_simpleroundtrip(""); 259 test_simpleroundtrip("hello"); 260 261 /* deinit globals here */ 262 if (cipher.pbData) LocalFree(cipher.pbData); 263 if (cipher_entropy.pbData) LocalFree(cipher_entropy.pbData); 264 if (cipher_no_desc.pbData) LocalFree(cipher_no_desc.pbData); 265 } 266