def setUp(self): super(TestMemoryCollector, self).setUp() self.output_path = "analysis/memory_scanner" self.key = rdf_crypto.AES128Key("1a5eafcc77d428863d4c2441ea26e5a5") self.iv = rdf_crypto.AES128Key("2241b14c64874b1898dad4de7173d8c0") self.memory_file = os.path.join(config_lib.CONFIG["Test.data_dir"], "auth.log") with open(self.memory_file, "r") as f: self.memory_dump = f.read() self.assertTrue(self.memory_dump) self.client_mock = action_mocks.ActionMock( "TransferBuffer", "HashBuffer", "StatFile", "CopyPathToFile", "SendFile", "DeleteGRRTempFiles", "GetConfiguration", "Find", "Grep") self.old_driver_flow = flow.GRRFlow.classes["LoadMemoryDriver"] flow.GRRFlow.classes["LoadMemoryDriver"] = DummyLoadMemoryDriverFlow self.old_diskvolume_flow = flow.GRRFlow.classes["DiskVolumeInfo"] flow.GRRFlow.classes["DiskVolumeInfo"] = DummyDiskVolumeInfo vfs.VFS_HANDLERS[rdf_paths.PathSpec.PathType. MEMORY] = test_lib.FakeTestDataVFSHandler
class TestSendFile(base.LocalClientTest): """Test SendFile.""" platforms = ["Linux"] flow = "SendFile" key = rdf_crypto.AES128Key("1a5eafcc77d428863d4c2441ea26e5a5") iv = rdf_crypto.AES128Key("2241b14c64874b1898dad4de7173d8c0") args = dict(host="127.0.0.1", port=12345, pathspec=rdf_paths.PathSpec(pathtype=0, path="/bin/ls"), key=key, iv=iv) def setUp(self): class Listener(threading.Thread): result = [] daemon = True def run(self): for res in socket.getaddrinfo( None, 12345, socket.AF_INET, socket.SOCK_STREAM, 0, socket.AI_ADDRCONFIG): af, socktype, proto, _, sa = res try: s = socket.socket(af, socktype, proto) except socket.error: s = None continue try: s.bind(sa) s.listen(1) except socket.error: s.close() s = None continue break conn, _ = s.accept() while 1: data = conn.recv(1024) if not data: break self.result.append(data) conn.close() self.listener = Listener() self.listener.start() def CheckFlow(self): if self.local_client: original_data = open("/bin/ls", "rb").read() received_cipher = "".join(self.listener.result) cipher = rdf_crypto.AES128CBCCipher( key=self.key, iv=self.iv, mode=rdf_crypto.AES128CBCCipher.OP_DECRYPT) received_data = cipher.Update(received_cipher) + cipher.Final() self.assertEqual(received_data, original_data)
def testAES128CBCCipher(self): key = rdf_crypto.AES128Key() iv = rdf_crypto.AES128Key() cipher = rdf_crypto.AES128CBCCipher(key, iv) plain_text = "hello world!" cipher_text = cipher.Encrypt(plain_text) # Repeatadly calling Encrypt should repeat the same cipher text. self.assertEqual(cipher_text, cipher.Encrypt(plain_text)) self.assertNotEqual(cipher_text, plain_text) self.assertEqual(cipher.Decrypt(cipher_text), plain_text)
def InitializeFromEncryption(self, string, username, password): """Initialize client credentials from encrypted string from the master.""" # Use the same key used in Encrypt() key = self._MakeEncryptKey(username, password) # Initialization vector was prepended. init_vector_str = string[:INITVECTOR_SIZE] init_vector = crypto.AES128Key(init_vector_str) ciphertext = string[INITVECTOR_SIZE:] decryptor = crypto.AES128CBCCipher(key, init_vector, crypto.Cipher.OP_DECRYPT) # Decrypt credentials information and set the required fields. try: plain = decryptor.Update(ciphertext) plain += decryptor.Final() # Remove padding plain = plain.strip(" ") creds = data_server.DataServerClientCredentials(plain) # Create client credentials. self.client_users = {} for client in creds.users: self.client_users[client.username] = client return self except EVP.EVPError: return None
def testAES128Key(self): key = rdf_crypto.AES128Key() iv = rdf_crypto.AES128Key() # Empty keys are initialized to a random string. self.assertEqual(len(key), key.length / 8) self.assertNotEqual(key, iv) self.assertNotEqual(key.RawBytes(), iv.RawBytes()) # This key is too short. self.assertRaises(rdf_crypto.CipherError, rdf_crypto.AES128Key, "foo") # Deserialize from hex encoded. copied_key = rdf_crypto.AES128Key(key.RawBytes().encode("hex")) self.assertEqual(copied_key, key) self.assertEqual(copied_key.RawBytes(), key.RawBytes()) copied_key = rdf_crypto.AES128Key(key.RawBytes()) self.assertEqual(copied_key, key)
def setUp(self): super(TestMemoryCollector, self).setUp() self.output_path = "analysis/memory_scanner" self.key = rdf_crypto.AES128Key("1a5eafcc77d428863d4c2441ea26e5a5") self.iv = rdf_crypto.AES128Key("2241b14c64874b1898dad4de7173d8c0") self.memory_file = os.path.join(config_lib.CONFIG["Test.data_dir"], "searching/auth.log") with open(self.memory_file, "r") as f: self.memory_dump = f.read() self.assertTrue(self.memory_dump) self.client_mock = MemoryCollectorClientMock() # Ensure there is some data in the memory dump. self.assertTrue(self.client_mock.memory_dump) self.old_diskvolume_flow = flow.GRRFlow.classes["DiskVolumeInfo"] flow.GRRFlow.classes["DiskVolumeInfo"] = DummyDiskVolumeInfo
def testAES128Key(self): key = rdf_crypto.AES128Key.GenerateKey() iv = rdf_crypto.AES128Key.GenerateKey() self.assertNotEqual(key, iv) self.assertNotEqual(key.RawBytes(), iv.RawBytes()) # This key is too short. self.assertRaises(rdf_crypto.CipherError, rdf_crypto.AES128Key, "foo") copied_key = rdf_crypto.AES128Key(key.RawBytes()) self.assertEqual(copied_key, key) self.assertEqual(copied_key.RawBytes(), key.RawBytes())
def _MakeInitVector(self): init_vector = crypto.AES128Key() init_vector.Generate() return init_vector
def _MakeEncryptKey(self, username, password): data = hashlib.md5(username + password).hexdigest() return crypto.AES128Key(data)