public void FileOperationVerifyEncryptionRequest(ModelRequestType modelRequestType)
{
uint status = 0;
if (modelRequestType == ModelRequestType.UnEncryptedRequest)
{
testClient.EnableSessionSigningAndEncryption(enableSigning: testConfig.SendSignedRequest, enableEncryption: false);
}
bool isRequestEncrypted = (modelRequestType == ModelRequestType.EncryptedRequest) ? true : false;
testClient.SetTreeEncryption(treeId, isRequestEncrypted);
try
{
FILEID fileId;
Smb2CreateContextResponse[] serverCreateContexts;
// Skip the verification of signature when sending a non-encrypted CREATE request to an encrypted share
testClient.Smb2Client.DisableVerifySignature = true;
status = testClient.Create(
treeId,
Guid.NewGuid().ToString(),
CreateOptions_Values.FILE_NON_DIRECTORY_FILE | CreateOptions_Values.FILE_DELETE_ON_CLOSE,
out fileId,
out serverCreateContexts,
checker: (header, response) => { });
//TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient
ModelResponseType modelResponseType = (modelRequestType == ModelRequestType.EncryptedRequest) ? ModelResponseType.EncryptedResponse : ModelResponseType.UnEncryptedResponse;
FileOperationVerifyEncryptionResponse((ModelSmb2Status)status, modelResponseType, encryptionConfig);
}
catch
{
}
}
public void TreeConnectRequest(ConnectToShareType connectToShareType, ModelRequestType modelRequestType)
{
string sharePath = (connectToShareType == ConnectToShareType.ConnectToEncryptedShare) ?
Smb2Utility.GetUncPath(testConfig.SutComputerName, testConfig.EncryptedFileShare) : Smb2Utility.GetUncPath(testConfig.SutComputerName, testConfig.BasicFileShare);
if (modelRequestType == ModelRequestType.EncryptedRequest)
{
testClient.EnableSessionSigningAndEncryption(enableSigning: false, enableEncryption: true);
}
else
{
testClient.EnableSessionSigningAndEncryption(enableSigning: testConfig.SendSignedRequest, enableEncryption: false);
}
try
{
uint status = 0;
TREE_CONNECT_Response?treeConnectResponse = null;
status = testClient.TreeConnect(
sharePath,
out treeId,
checker: (header, response) =>
{
treeConnectResponse = response;
});
ShareEncryptDataType shareEncryptDataType = treeConnectResponse.Value.ShareFlags.HasFlag(ShareFlags_Values.SHAREFLAG_ENCRYPT_DATA) ? ShareEncryptDataType.ShareEncryptDataSet : ShareEncryptDataType.ShareEncryptDataNotSet;
//TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient
ModelResponseType modelResponseType = (modelRequestType == ModelRequestType.EncryptedRequest) ? ModelResponseType.EncryptedResponse : ModelResponseType.UnEncryptedResponse;
TreeConnectResponse((ModelSmb2Status)status, shareEncryptDataType, modelResponseType, encryptionConfig);
}
catch
{
}
}
public static void FileOperationVerifyEncryptionResponse(ModelSmb2Status status, ModelResponseType modelResponseType, EncryptionConfig c)
{
Condition.IsTrue(state == ModelState.Connected);
Condition.IsTrue(config.IsGlobalRejectUnencryptedAccessEnabled == c.IsGlobalRejectUnencryptedAccessEnabled);
Condition.IsTrue(Session_IsExisted);
ModelFileOperationVerifyEncryptionRequest createFileRequest = ModelHelper.RetrieveOutstandingRequest <ModelFileOperationVerifyEncryptionRequest>(ref request);
if (!VerifySession(status, createFileRequest.modelRequestType, c))
{
return;
}
if (!VerifyTreeConnect(status, createFileRequest.modelRequestType, c))
{
return;
}
ModelHelper.Log(LogType.TestInfo,
"The server implements {0}, Request.IsEncrypted is {1}, Connection.ServerCapabilities {2}include SMB2_GLOBAL_CAP_ENCRYPTION, " +
"TreeConnect.Share.EncryptData is {3}, " +
"EncryptData is {4}, RejectUnencryptedAccess is {5}",
config.MaxSmbVersionSupported,
createFileRequest.modelRequestType == ModelRequestType.UnEncryptedRequest ? "FALSE" : "TRUE",
Connection_ServerCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION ? "" : "does not ",
Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare ? "TRUE" : "FALSE",
config.IsGlobalEncryptDataEnabled ? "TRUE" : "FALSE",
config.IsGlobalRejectUnencryptedAccessEnabled ? "TRUE" : "FALSE");
if (((createFileRequest.modelRequestType == ModelRequestType.UnEncryptedRequest &&
(config.IsGlobalEncryptDataEnabled ||
Encryption_TreeId == EncryptionTreeId.TreeIdToEncryptShare)) ||
(createFileRequest.modelRequestType == ModelRequestType.EncryptedRequest && !Connection_ServerCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION)) &&
config.IsGlobalRejectUnencryptedAccessEnabled)
{
ModelHelper.Log(LogType.Requirement,
"3.3.1.5: RejectUnencryptedAccess: A Boolean that, if set, " +
"indicates that the server will reject any unencrypted messages. " +
"This flag is applicable only if EncryptData is TRUE or if " +
"Share.EncryptData (as defined in section 3.3.1.6) is TRUE.");
Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED);
return;
}
//TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient
if (createFileRequest.modelRequestType == ModelRequestType.EncryptedRequest)
{
Condition.IsTrue(modelResponseType == ModelResponseType.EncryptedResponse);
}
else
{
Condition.IsTrue(modelResponseType == ModelResponseType.UnEncryptedResponse);
}
Condition.IsTrue(status == Smb2Status.STATUS_SUCCESS);
}
public static void TreeConnectResponse(
ModelSmb2Status status,
ShareEncryptDataType shareEncryptDataType,
ModelResponseType modelResponseType,
EncryptionConfig c)
{
Condition.IsTrue(state == ModelState.Connected);
Condition.IsTrue(config.IsGlobalRejectUnencryptedAccessEnabled == c.IsGlobalRejectUnencryptedAccessEnabled);
Condition.IsTrue(Session_IsExisted);
ModelTreeConnectRequest treeConnectRequest = ModelHelper.RetrieveOutstandingRequest <ModelTreeConnectRequest>(ref request);
if (!VerifySession(status, treeConnectRequest.modelRequestType, c))
{
return;
}
if (ModelUtility.IsSmb3xFamily(config.MaxSmbVersionSupported) &&
(config.IsGlobalEncryptDataEnabled ||
treeConnectRequest.connectToShareType == ConnectToShareType.ConnectToEncryptedShare) &&
config.IsGlobalRejectUnencryptedAccessEnabled &&
!Connection_ServerCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.7: If the server implements the SMB 3.x dialect family, EncryptData or Share.EncryptData is TRUE, " +
"RejectUnencryptedAccess is TRUE, and Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION, " +
"the server MUST fail the request with STATUS_ACCESS_DENIED.");
Condition.IsTrue(config.Platform == c.Platform);
ModelHelper.Log(LogType.TestInfo,
"The server implements {0}, EncryptData is {1}, Share.EncryptData is {2}, RejectUnencryptedAccess is TRUE, " +
"Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION.",
config.MaxSmbVersionSupported,
config.IsGlobalEncryptDataEnabled,
treeConnectRequest.connectToShareType == ConnectToShareType.ConnectToEncryptedShare ? "TRUE" : "FALSE");
ModelHelper.Log(LogType.TestInfo, "The SUT platform is {0}.", config.Platform);
ModelHelper.Log(LogType.TestTag, TestTag.Compatibility);
Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED);
return;
}
if (Smb2Utility.IsSmb3xFamily(negotiateDialect) &&
treeConnectRequest.connectToShareType == ConnectToShareType.ConnectToEncryptedShare &&
config.IsGlobalRejectUnencryptedAccessEnabled &&
!Connection_ServerCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.7: If Connection.Dialect belongs to the SMB 3.x dialect family, " +
"Share.EncryptData is TRUE, RejectUnencryptedAccess is TRUE, " +
"and Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION, " +
"the server MUST fail the request with STATUS_ACCESS_DENIED.");
ModelHelper.Log(LogType.Requirement,
"\tSet the SMB2_SHAREFLAG_ENCRYPT_DATA bit.");
ModelHelper.Log(LogType.TestInfo, "Connection.Dialect is {0}, and Share.EncryptData is TRUE.", negotiateDialect);
Condition.IsTrue(shareEncryptDataType == ShareEncryptDataType.ShareEncryptDataSet);
}
//TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient
if (treeConnectRequest.modelRequestType == ModelRequestType.EncryptedRequest)
{
Condition.IsTrue(modelResponseType == ModelResponseType.EncryptedResponse);
}
else
{
Condition.IsTrue(modelResponseType == ModelResponseType.UnEncryptedResponse);
}
Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS);
Encryption_TreeId = (treeConnectRequest.connectToShareType == ConnectToShareType.ConnectToEncryptedShare) ? EncryptionTreeId.TreeIdToEncryptShare : EncryptionTreeId.TreeIdToUnEncryptShare;
}
public static void TreeConnectResponse(
ModelSmb2Status status,
ShareEncryptDataType shareEncryptDataType,
ModelResponseType modelResponseType,
EncryptionConfig c)
{
Condition.IsTrue(state == ModelState.Connected);
Condition.IsTrue(config.IsGlobalRejectUnencryptedAccessEnabled == c.IsGlobalRejectUnencryptedAccessEnabled);
ModelTreeConnectRequest treeConnectRequest = ModelHelper.RetrieveOutstandingRequest<ModelTreeConnectRequest>(ref request);
if (!VerifySession(status, treeConnectRequest.modelRequestType))
{
return;
}
if (ModelUtility.IsSmb3xFamily(config.MaxSmbVersionSupported)
&& (config.IsGlobalEncryptDataEnabled
|| treeConnectRequest.connectToShareType == ConnectToShareType.ConnectToEncryptedShare)
&& config.IsGlobalRejectUnencryptedAccessEnabled
&& !Connection_ServerCapabilities_SMB2_GLOBAL_CAP_ENCRYPTION)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.7: If the server implements the SMB 3.x dialect family, EncryptData or Share.EncryptData is TRUE, " +
"RejectUnencryptedAccess is TRUE, and Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION, " +
"the server SHOULD fail the request with STATUS_ACCESS_DENIED.");
Condition.IsTrue(config.Platform == c.Platform);
ModelHelper.Log(LogType.TestInfo,
"The server implements {0}, EncryptData is {1}, Share.EncryptData is {2}, RejectUnencryptedAccess is TRUE, " +
"Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION.",
config.MaxSmbVersionSupported,
config.IsGlobalEncryptDataEnabled,
treeConnectRequest.connectToShareType == ConnectToShareType.ConnectToEncryptedShare ? "TRUE" : "FALSE");
ModelHelper.Log(LogType.TestInfo, "The SUT platform is {0}.", config.Platform);
ModelHelper.Log(LogType.TestTag, TestTag.Compatibility);
if (config.Platform == Platform.NonWindows)
{
Condition.IsTrue(status != ModelSmb2Status.STATUS_SUCCESS);
}
else
{
Condition.IsTrue(status == ModelSmb2Status.STATUS_ACCESS_DENIED);
}
return;
}
if (Smb2Utility.IsSmb3xFamily(negotiateDialect)
&& treeConnectRequest.connectToShareType == ConnectToShareType.ConnectToEncryptedShare)
{
ModelHelper.Log(LogType.Requirement,
"3.3.5.7: If Connection.Dialect belongs to the SMB 3.x dialect family, " +
"and Share.EncryptData is TRUE, the server MUST do the following:");
ModelHelper.Log(LogType.Requirement,
"\tSet the SMB2_SHAREFLAG_ENCRYPT_DATA bit.");
ModelHelper.Log(LogType.TestInfo, "Connection.Dialect is {0}, and Share.EncryptData is TRUE.", negotiateDialect);
Condition.IsTrue(shareEncryptDataType== ShareEncryptDataType.ShareEncryptDataSet);
}
//TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient
if (treeConnectRequest.modelRequestType == ModelRequestType.EncryptedRequest)
{
Condition.IsTrue(modelResponseType == ModelResponseType.EncryptedResponse);
}
else
{
Condition.IsTrue(modelResponseType == ModelResponseType.UnEncryptedResponse);
}
Condition.IsTrue(status == ModelSmb2Status.STATUS_SUCCESS);
Encryption_TreeId = (treeConnectRequest.connectToShareType == ConnectToShareType.ConnectToEncryptedShare) ? EncryptionTreeId.TreeIdToEncryptShare : EncryptionTreeId.TreeIdToUnEncryptShare;
}
public static void FileOperationVerifyEncryptionResponse(ModelSmb2Status status, ModelResponseType modelResponseType, EncryptionConfig c)
{
Condition.IsTrue(state == ModelState.Connected);
Condition.IsTrue(config.IsGlobalRejectUnencryptedAccessEnabled == c.IsGlobalRejectUnencryptedAccessEnabled);
ModelFileOperationVerifyEncryptionRequest createFileRequest = ModelHelper.RetrieveOutstandingRequest<ModelFileOperationVerifyEncryptionRequest>(ref request);
if (!VerifySession(status, createFileRequest.modelRequestType))
{
return;
}
if (!VerifyTreeConnect(status, createFileRequest.modelRequestType, c))
{
return;
}
//TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient
if (createFileRequest.modelRequestType == ModelRequestType.EncryptedRequest)
{
Condition.IsTrue(modelResponseType == ModelResponseType.EncryptedResponse);
}
else
{
Condition.IsTrue(modelResponseType == ModelResponseType.UnEncryptedResponse);
}
Condition.IsTrue(status == Smb2Status.STATUS_SUCCESS);
}
public static void FileOperationVerifyEncryptionResponse(ModelSmb2Status status, ModelResponseType modelResponseType, EncryptionConfig c)
{
Condition.IsTrue(state == ModelState.Connected);
Condition.IsTrue(config.IsGlobalRejectUnencryptedAccessEnabled == c.IsGlobalRejectUnencryptedAccessEnabled);
Condition.IsTrue(Session_IsExisted);
ModelFileOperationVerifyEncryptionRequest createFileRequest = ModelHelper.RetrieveOutstandingRequest <ModelFileOperationVerifyEncryptionRequest>(ref request);
if (!VerifySession(status, createFileRequest.modelRequestType))
{
return;
}
if (!VerifyTreeConnect(status, createFileRequest.modelRequestType, c))
{
return;
}
//TODO: To be implemented after TRANSFORM_HEADER added into Smb2FunctionalClient
if (createFileRequest.modelRequestType == ModelRequestType.EncryptedRequest)
{
Condition.IsTrue(modelResponseType == ModelResponseType.EncryptedResponse);
}
else
{
Condition.IsTrue(modelResponseType == ModelResponseType.UnEncryptedResponse);
}
Condition.IsTrue(status == Smb2Status.STATUS_SUCCESS);
}
