public void ReadConfig(out SigningConfig c)
{
c = new SigningConfig
{
MaxSmbVersionSupported = ModelUtility.GetModelDialectRevision(testConfig.MaxSmbVersionSupported),
IsServerSigningRequired = testConfig.IsServerSigningRequired,
};
signingConfig = c;
Site.Log.Add(LogEntryKind.Debug, signingConfig.ToString());
}
public void ReadConfig(out SigningConfig c)
{
c = new SigningConfig
{
MaxSmbVersionSupported = ModelUtility.GetModelDialectRevision(testConfig.MaxSmbVersionSupported),
IsServerSigningRequired = testConfig.IsServerSigningRequired,
};
signingConfig = c;
Site.Log.Add(LogEntryKind.Debug, signingConfig.ToString());
}
public void ReadConfig(out SigningConfig c)
{
c = new SigningConfig
{
MaxSmbVersionSupported = ModelUtility.GetModelDialectRevision(testConfig.MaxSmbVersionSupported),
IsServerSigningRequired = testConfig.IsServerSigningRequired,
};
if (testConfig.IsGlobalEncryptDataEnabled && c.MaxSmbVersionSupported >= ModelDialectRevision.Smb30)
{
Site.Assert.Inconclusive("This test case is not applicable due to IsGlobalEncryptDataEnabled is True");
}
signingConfig = c;
Site.Log.Add(LogEntryKind.Debug, signingConfig.ToString());
}
public static void SessionSetupResponse(
ModelSmb2Status status,
SigningModelSessionId sessionId,
SigningFlagType signingFlagType,
SessionFlags_Values sessionFlag,
SigningConfig c)
{
Condition.IsTrue(State == ModelState.Connected);
Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired);
SigningModelRequest sessionSetupRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request);
if (!VerifySignature(status, sessionSetupRequest))
{
State = ModelState.Uninitialized;
return;
}
if (sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet
|| (!sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST)
&& !Session_IsAnonymous
&& (Connection_ShouldSign || c.IsServerSigningRequired)))
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.5.3: 5. Session.SigningRequired MUST be set to TRUE under the following conditions:");
ModelHelper.Log(LogType.Requirement,
"\tIf the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode field of the client request.");
ModelHelper.Log(LogType.Requirement,
"\tIf the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags field " +
"and Session.IsAnonymous is FALSE and either Connection.ShouldSign or global RequireMessageSigning is TRUE.");
ModelHelper.Log(LogType.TestInfo,
"SMB2_NEGOTIATE_SIGNING_REQUIRED is {0}set.", sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ? "" : "not ");
ModelHelper.Log(LogType.TestInfo,
"SMB2_SESSION_FLAG_IS_GUEST bit is {0}set.", sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) ? "" : "not ");
ModelHelper.Log(LogType.TestInfo, "Session.IsAnonymous is {0}.", Session_IsAnonymous);
ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is {0}.", Connection_ShouldSign);
ModelHelper.Log(LogType.TestInfo, "Global RequireMessageSigning is {0}.", c.IsServerSigningRequired);
ModelHelper.Log(LogType.TestInfo, "So Session.SigningRequired is set to TRUE.");
Session_SigningRequired = true;
}
VerifyResponseShouldSign(status, sessionSetupRequest, sessionId, signingFlagType);
Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS);
Session_IsExisted = true;
}
public static void ReadConfigReturn(SigningConfig c)
{
Condition.IsTrue(State == ModelState.Uninitialized);
Condition.IsNotNull(c);
NegotiateDialect = DialectRevision.Smb2Unknown;
Condition.IsTrue(c.MaxSmbVersionSupported == ModelDialectRevision.Smb2002
|| c.MaxSmbVersionSupported == ModelDialectRevision.Smb21
|| c.MaxSmbVersionSupported == ModelDialectRevision.Smb30
|| c.MaxSmbVersionSupported == ModelDialectRevision.Smb302);
Config = c;
Request = null;
State = ModelState.Initialized;
}
public static void NegotiateResponse(ModelSmb2Status status, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, SigningConfig c)
{
Condition.IsTrue(State == ModelState.Connected);
SigningModelRequest negotiateRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request);
if (negotiateRequest.signingFlagType == SigningFlagType.SignedFlagSet)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.2.4: If the SMB2 Header of the SMB2 NEGOTIATE request has the SMB2_FLAGS_SIGNED bit set in the Flags field, " +
"the server MUST fail the request with STATUS_INVALID_PARAMETER.");
ModelHelper.Log(LogType.TestInfo, "SMB2_FLAGS_SIGNED bit in the NEGOTIATE request is set.");
ModelHelper.Log(LogType.TestTag, TestTag.UnexpectedFields);
Condition.IsTrue(status == ModelSmb2Status.STATUS_INVALID_PARAMETER);
State = ModelState.Uninitialized;
return;
}
if (negotiateRequest.signingRequiredType == SigningRequiredType.SigningRequiredSet)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.4: If SMB2_NEGOTIATE_SIGNING_REQUIRED is set in SecurityMode, the server MUST set Connection.ShouldSign to TRUE.");
ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is set to TRUE.");
Connection_ShouldSign = true;
}
ModelHelper.Log(LogType.Requirement, "3.3.5.4: SecurityMode MUST have the SMB2_NEGOTIATE_SIGNING_ENABLED bit set.");
Condition.IsTrue(signingEnabledType == SigningEnabledType.SigningEnabledSet);
Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired);
if (Config.IsServerSigningRequired)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.4: If RequireMessageSigning is TRUE, the server MUST also set SMB2_NEGOTIATE_SIGNING_REQUIRED in the SecurityMode field.");
ModelHelper.Log(LogType.TestInfo, "RequireMessageSigning is TRUE.");
Condition.IsTrue(signingRequiredType == SigningRequiredType.SigningRequiredSet);
}
Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS);
}
