public void ReadConfig(out SigningConfig c) { c = new SigningConfig { MaxSmbVersionSupported = ModelUtility.GetModelDialectRevision(testConfig.MaxSmbVersionSupported), IsServerSigningRequired = testConfig.IsServerSigningRequired, }; signingConfig = c; Site.Log.Add(LogEntryKind.Debug, signingConfig.ToString()); }
public void ReadConfig(out SigningConfig c) { c = new SigningConfig { MaxSmbVersionSupported = ModelUtility.GetModelDialectRevision(testConfig.MaxSmbVersionSupported), IsServerSigningRequired = testConfig.IsServerSigningRequired, }; if (testConfig.IsGlobalEncryptDataEnabled && c.MaxSmbVersionSupported >= ModelDialectRevision.Smb30) { Site.Assert.Inconclusive("This test case is not applicable due to IsGlobalEncryptDataEnabled is True"); } signingConfig = c; Site.Log.Add(LogEntryKind.Debug, signingConfig.ToString()); }
public static void SessionSetupResponse( ModelSmb2Status status, SigningModelSessionId sessionId, SigningFlagType signingFlagType, SessionFlags_Values sessionFlag, SigningConfig c) { Condition.IsTrue(State == ModelState.Connected); Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired); SigningModelRequest sessionSetupRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request); if (!VerifySignature(status, sessionSetupRequest)) { State = ModelState.Uninitialized; return; } if (sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet || (!sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) && !Session_IsAnonymous && (Connection_ShouldSign || c.IsServerSigningRequired))) { ModelHelper.Log(LogType.Requirement, "3.3.5.5.3: 5. Session.SigningRequired MUST be set to TRUE under the following conditions:"); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode field of the client request."); ModelHelper.Log(LogType.Requirement, "\tIf the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags field " + "and Session.IsAnonymous is FALSE and either Connection.ShouldSign or global RequireMessageSigning is TRUE."); ModelHelper.Log(LogType.TestInfo, "SMB2_NEGOTIATE_SIGNING_REQUIRED is {0}set.", sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "SMB2_SESSION_FLAG_IS_GUEST bit is {0}set.", sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) ? "" : "not "); ModelHelper.Log(LogType.TestInfo, "Session.IsAnonymous is {0}.", Session_IsAnonymous); ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is {0}.", Connection_ShouldSign); ModelHelper.Log(LogType.TestInfo, "Global RequireMessageSigning is {0}.", c.IsServerSigningRequired); ModelHelper.Log(LogType.TestInfo, "So Session.SigningRequired is set to TRUE."); Session_SigningRequired = true; } VerifyResponseShouldSign(status, sessionSetupRequest, sessionId, signingFlagType); Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); Session_IsExisted = true; }
public static void ReadConfigReturn(SigningConfig c) { Condition.IsTrue(State == ModelState.Uninitialized); Condition.IsNotNull(c); NegotiateDialect = DialectRevision.Smb2Unknown; Condition.IsTrue(c.MaxSmbVersionSupported == ModelDialectRevision.Smb2002 || c.MaxSmbVersionSupported == ModelDialectRevision.Smb21 || c.MaxSmbVersionSupported == ModelDialectRevision.Smb30 || c.MaxSmbVersionSupported == ModelDialectRevision.Smb302); Config = c; Request = null; State = ModelState.Initialized; }
public static void NegotiateResponse(ModelSmb2Status status, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, SigningConfig c) { Condition.IsTrue(State == ModelState.Connected); SigningModelRequest negotiateRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request); if (negotiateRequest.signingFlagType == SigningFlagType.SignedFlagSet) { ModelHelper.Log(LogType.Requirement, "3.3.5.2.4: If the SMB2 Header of the SMB2 NEGOTIATE request has the SMB2_FLAGS_SIGNED bit set in the Flags field, " + "the server MUST fail the request with STATUS_INVALID_PARAMETER."); ModelHelper.Log(LogType.TestInfo, "SMB2_FLAGS_SIGNED bit in the NEGOTIATE request is set."); ModelHelper.Log(LogType.TestTag, TestTag.UnexpectedFields); Condition.IsTrue(status == ModelSmb2Status.STATUS_INVALID_PARAMETER); State = ModelState.Uninitialized; return; } if (negotiateRequest.signingRequiredType == SigningRequiredType.SigningRequiredSet) { ModelHelper.Log(LogType.Requirement, "3.3.5.4: If SMB2_NEGOTIATE_SIGNING_REQUIRED is set in SecurityMode, the server MUST set Connection.ShouldSign to TRUE."); ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is set to TRUE."); Connection_ShouldSign = true; } ModelHelper.Log(LogType.Requirement, "3.3.5.4: SecurityMode MUST have the SMB2_NEGOTIATE_SIGNING_ENABLED bit set."); Condition.IsTrue(signingEnabledType == SigningEnabledType.SigningEnabledSet); Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired); if (Config.IsServerSigningRequired) { ModelHelper.Log(LogType.Requirement, "3.3.5.4: If RequireMessageSigning is TRUE, the server MUST also set SMB2_NEGOTIATE_SIGNING_REQUIRED in the SecurityMode field."); ModelHelper.Log(LogType.TestInfo, "RequireMessageSigning is TRUE."); Condition.IsTrue(signingRequiredType == SigningRequiredType.SigningRequiredSet); } Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS); }