/// <summary>
/// The server MUST sign the message under the following conditions
/// </summary>
private static void VerifyResponseShouldSign(
ModelSmb2Status status,
SigningModelRequest request,
SigningModelSessionId sessionId,
SigningFlagType signingFlagType)
{
if (request.signingFlagType == SigningFlagType.SignedFlagSet &&
sessionId == SigningModelSessionId.NonZeroSessionId &&
Session_SigningRequired)
{
ModelHelper.Log(LogType.Requirement, "3.3.4.1.1: The server SHOULD<182> sign the message under the following conditions:");
ModelHelper.Log(LogType.Requirement,
"\tIf the request was signed by the client, the response message being sent contains a nonzero SessionId and a zero TreeId in the SMB2 header, " +
"and the session identified by SessionId has Session.SigningRequired equal to TRUE.");
ModelHelper.Log(LogType.TestInfo, "The condition is met.");
Condition.IsTrue(signingFlagType == SigningFlagType.SignedFlagSet);
}
else if (request.signingFlagType == SigningFlagType.SignedFlagSet)
{
ModelHelper.Log(LogType.Requirement, "3.3.4.1.1: The server SHOULD<182> sign the message under the following conditions:");
ModelHelper.Log(LogType.Requirement,
"\tIf the request was signed by the client, and the response is not an interim response to an asynchronously processed request.");
ModelHelper.Log(LogType.TestInfo, "The condition is met.");
Condition.IsTrue(signingFlagType == SigningFlagType.SignedFlagSet);
}
}
public void TreeConnectRequest(SigningFlagType signingFlagType)
{
uint treeId;
SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId;
SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet;
string sharePath = Smb2Utility.GetUncPath(testConfig.SutComputerName, testConfig.BasicFileShare);
Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE;
// Inform SDK to disable/enable signing according to SigningFlagType.
bool isEnableSigning = !(signingFlagType == SigningFlagType.SignedFlagNotSet);
testClient.EnableSessionSigningAndEncryption(enableSigning: isEnableSigning, enableEncryption: false);
uint status = testClient.TreeConnect(
headerFlags,
sharePath,
out treeId,
checker: (header, response) =>
{
modelSessionId = GetModelSessionId(header.SessionId);
responseSigningFlagType = GetSigningFlagType(header.Flags);
});
TreeConnectResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType);
}
public static void SessionSetupResponse(
ModelSmb2Status status,
SigningModelSessionId sessionId,
SigningFlagType signingFlagType,
SessionFlags_Values sessionFlag,
SigningConfig c)
{
Condition.IsTrue(State == ModelState.Connected);
Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired);
SigningModelRequest sessionSetupRequest = ModelHelper.RetrieveOutstandingRequest <SigningModelRequest>(ref Request);
if (!VerifySignature(status, sessionSetupRequest))
{
State = ModelState.Uninitialized;
return;
}
if (sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ||
(!sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) &&
!Session_IsAnonymous &&
(Connection_ShouldSign || c.IsServerSigningRequired)))
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.5.3: 5. Session.SigningRequired MUST be set to TRUE under the following conditions:");
ModelHelper.Log(LogType.Requirement,
"\tIf the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode field of the client request.");
ModelHelper.Log(LogType.Requirement,
"\tIf the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags field " +
"and Session.IsAnonymous is FALSE and either Connection.ShouldSign or global RequireMessageSigning is TRUE.");
ModelHelper.Log(LogType.TestInfo,
"SMB2_NEGOTIATE_SIGNING_REQUIRED is {0}set.", sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ? "" : "not ");
ModelHelper.Log(LogType.TestInfo,
"SMB2_SESSION_FLAG_IS_GUEST bit is {0}set.", sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) ? "" : "not ");
ModelHelper.Log(LogType.TestInfo, "Session.IsAnonymous is {0}.", Session_IsAnonymous);
ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is {0}.", Connection_ShouldSign);
ModelHelper.Log(LogType.TestInfo, "Global RequireMessageSigning is {0}.", c.IsServerSigningRequired);
ModelHelper.Log(LogType.TestInfo, "So Session.SigningRequired is set to TRUE.");
Session_SigningRequired = true;
}
VerifyResponseShouldSign(status, sessionSetupRequest, sessionId, signingFlagType);
Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS);
Session_IsExisted = true;
}
public static void TreeConnectResponse(ModelSmb2Status status, SigningModelSessionId sessionId, SigningFlagType signingFlagType)
{
Condition.IsTrue(State == ModelState.Connected);
SigningModelRequest treeConnectRequest = ModelHelper.RetrieveOutstandingRequest <SigningModelRequest>(ref Request);
if (!VerifySignature(status, treeConnectRequest))
{
return;
}
VerifyResponseShouldSign(status, treeConnectRequest, sessionId, signingFlagType);
Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS);
}
public void SessionSetupRequest(SigningFlagType signingFlagType, SigningEnabledType signingEnabledType, SigningRequiredType signingRequiredType, UserType userType)
{
SigningModelSessionId modelSessionId = SigningModelSessionId.ZeroSessionId;
SessionFlags_Values sessionFlag = SessionFlags_Values.NONE;
SigningFlagType responseSigningFlagType = SigningFlagType.SignedFlagNotSet;
Packet_Header_Flags_Values headerFlags = (signingFlagType == SigningFlagType.SignedFlagSet) ? Packet_Header_Flags_Values.FLAGS_SIGNED : Packet_Header_Flags_Values.NONE;
uint status = testClient.SessionSetup(
headerFlags,
testConfig.DefaultSecurityPackage,
testConfig.SutComputerName,
GetAccountCredential(userType),
true,
GetSessionSetupSecurityMode(signingEnabledType, signingRequiredType),
checker: (header, response) =>
{
modelSessionId = GetModelSessionId(header.SessionId);
responseSigningFlagType = GetSigningFlagType(header.Flags);
sessionFlag = response.SessionFlags;
});
SessionSetupResponse((ModelSmb2Status)status, modelSessionId, responseSigningFlagType, sessionFlag, signingConfig);
}
/// <summary>
/// The server MUST sign the message under the following conditions
/// </summary>
private static void VerifyResponseShouldSign(
ModelSmb2Status status,
SigningModelRequest request,
SigningModelSessionId sessionId,
SigningFlagType signingFlagType)
{
if (request.signingFlagType == SigningFlagType.SignedFlagSet
&& sessionId == SigningModelSessionId.NonZeroSessionId
&& Session_SigningRequired)
{
ModelHelper.Log(LogType.Requirement, "3.3.4.1.1: The server SHOULD<182> sign the message under the following conditions:");
ModelHelper.Log(LogType.Requirement,
"\tIf the request was signed by the client, the response message being sent contains a nonzero SessionId and a zero TreeId in the SMB2 header, " +
"and the session identified by SessionId has Session.SigningRequired equal to TRUE.");
ModelHelper.Log(LogType.TestInfo, "The condition is met.");
Condition.IsTrue(signingFlagType == SigningFlagType.SignedFlagSet);
}
else if (request.signingFlagType == SigningFlagType.SignedFlagSet)
{
ModelHelper.Log(LogType.Requirement, "3.3.4.1.1: The server SHOULD<182> sign the message under the following conditions:");
ModelHelper.Log(LogType.Requirement,
"\tIf the request was signed by the client, and the response is not an interim response to an asynchronously processed request.");
ModelHelper.Log(LogType.TestInfo, "The condition is met.");
Condition.IsTrue(signingFlagType == SigningFlagType.SignedFlagSet);
}
}
public static void TreeConnectResponse(ModelSmb2Status status, SigningModelSessionId sessionId, SigningFlagType signingFlagType)
{
Condition.IsTrue(State == ModelState.Connected);
SigningModelRequest treeConnectRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request);
if (!VerifySignature(status, treeConnectRequest))
{
return;
}
VerifyResponseShouldSign(status, treeConnectRequest, sessionId, signingFlagType);
Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS);
}
public static void SessionSetupResponse(
ModelSmb2Status status,
SigningModelSessionId sessionId,
SigningFlagType signingFlagType,
SessionFlags_Values sessionFlag,
SigningConfig c)
{
Condition.IsTrue(State == ModelState.Connected);
Condition.IsTrue(Config.IsServerSigningRequired == c.IsServerSigningRequired);
SigningModelRequest sessionSetupRequest = ModelHelper.RetrieveOutstandingRequest<SigningModelRequest>(ref Request);
if (!VerifySignature(status, sessionSetupRequest))
{
State = ModelState.Uninitialized;
return;
}
if (sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet
|| (!sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST)
&& !Session_IsAnonymous
&& (Connection_ShouldSign || c.IsServerSigningRequired)))
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.5.3: 5. Session.SigningRequired MUST be set to TRUE under the following conditions:");
ModelHelper.Log(LogType.Requirement,
"\tIf the SMB2_NEGOTIATE_SIGNING_REQUIRED bit is set in the SecurityMode field of the client request.");
ModelHelper.Log(LogType.Requirement,
"\tIf the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags field " +
"and Session.IsAnonymous is FALSE and either Connection.ShouldSign or global RequireMessageSigning is TRUE.");
ModelHelper.Log(LogType.TestInfo,
"SMB2_NEGOTIATE_SIGNING_REQUIRED is {0}set.", sessionSetupRequest.signingFlagType == SigningFlagType.SignedFlagSet ? "" : "not ");
ModelHelper.Log(LogType.TestInfo,
"SMB2_SESSION_FLAG_IS_GUEST bit is {0}set.", sessionFlag.HasFlag(SessionFlags_Values.SESSION_FLAG_IS_GUEST) ? "" : "not ");
ModelHelper.Log(LogType.TestInfo, "Session.IsAnonymous is {0}.", Session_IsAnonymous);
ModelHelper.Log(LogType.TestInfo, "Connection.ShouldSign is {0}.", Connection_ShouldSign);
ModelHelper.Log(LogType.TestInfo, "Global RequireMessageSigning is {0}.", c.IsServerSigningRequired);
ModelHelper.Log(LogType.TestInfo, "So Session.SigningRequired is set to TRUE.");
Session_SigningRequired = true;
}
VerifyResponseShouldSign(status, sessionSetupRequest, sessionId, signingFlagType);
Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS);
Session_IsExisted = true;
}
