def wrap(self, data):
iov = IOV(IOVBufferType.header,
data,
IOVBufferType.padding,
std_layout=False)
wrap_iov(self._context, iov, confidential=True)
return iov[0].value, iov[1].value + (iov[2].value or b"")
def wrap(self, data):
if self._context.mech == gssapi.OID.from_int_seq(
self._AUTH_PROVIDERS['ntlm']):
# NTLM was used, either directly or through SPNEGO and gss-ntlmssp does not support wrap_iov, wrap works
# just fine in this scenario though.
enc_data = self._context.wrap(data, True).message
# NTLM headers are capped at the first 16 bytes of the encrypted payload.
return enc_data[:16], enc_data[16:]
else:
iov = IOV(IOVBufferType.header,
data,
IOVBufferType.padding,
std_layout=False)
wrap_iov(self._context, iov, confidential=True)
return iov[0].value, iov[1].value + (iov[2].value or b"")
def test_basic_iov_wrap_unwrap_autoalloc(self):
init_data = b'some encrypted data'
init_other_data = b'some other encrypted data'
init_signed_info = b'some sig data'
init_message = gb.IOV((gb.IOVBufferType.sign_only, init_signed_info),
init_data, init_other_data)
conf = gb.wrap_iov(self.client_ctx, init_message)
conf.should_be_a(bool)
conf.should_be_true()
# make sure we didn't strings used
init_data.should_be(b'some encrypted data')
init_other_data.should_be(b'some other encrypted data')
init_signed_info.should_be(b'some sig data')
init_message[2].value.shouldnt_be(b'some encrypted data')
init_message[3].value.shouldnt_be(b'some other encrypted data')
(conf, qop) = gb.unwrap_iov(self.server_ctx, init_message)
conf.should_be_a(bool)
conf.should_be_true()
qop.should_be_a(int)
init_message[1].value.should_be(init_signed_info)
init_message[2].value.should_be(init_data)
init_message[3].value.should_be(init_other_data)
def test_basic_iov_wrap_unwrap_autoalloc(self):
init_data = b'some encrypted data'
init_other_data = b'some other encrypted data'
init_signed_info = b'some sig data'
init_message = gb.IOV((gb.IOVBufferType.sign_only, init_signed_info),
init_data, init_other_data)
conf = gb.wrap_iov(self.client_ctx, init_message)
conf.should_be_a(bool)
conf.should_be_true()
# make sure we didn't strings used
init_data.should_be(b'some encrypted data')
init_other_data.should_be(b'some other encrypted data')
init_signed_info.should_be(b'some sig data')
init_message[2].value.shouldnt_be(b'some encrypted data')
init_message[3].value.shouldnt_be(b'some other encrypted data')
(conf, qop) = gb.unwrap_iov(self.server_ctx, init_message)
conf.should_be_a(bool)
conf.should_be_true()
qop.should_be_a(int)
init_message[1].value.should_be(init_signed_info)
init_message[2].value.should_be(init_data)
init_message[3].value.should_be(init_other_data)
def wrap_iov(self, iov, encrypt=True, qop=None):
iov_buffer = IOV(*self._build_iov_list(iov), std_layout=False)
encrypted = wrap_iov(self._context,
iov_buffer,
confidential=encrypt,
qop=qop)
return IOVWrapResult(buffers=_create_iov_result(iov_buffer),
encrypted=encrypted)