def wrap(self, data): iov = IOV(IOVBufferType.header, data, IOVBufferType.padding, std_layout=False) wrap_iov(self._context, iov, confidential=True) return iov[0].value, iov[1].value + (iov[2].value or b"")
def wrap(self, data): if self._context.mech == gssapi.OID.from_int_seq( self._AUTH_PROVIDERS['ntlm']): # NTLM was used, either directly or through SPNEGO and gss-ntlmssp does not support wrap_iov, wrap works # just fine in this scenario though. enc_data = self._context.wrap(data, True).message # NTLM headers are capped at the first 16 bytes of the encrypted payload. return enc_data[:16], enc_data[16:] else: iov = IOV(IOVBufferType.header, data, IOVBufferType.padding, std_layout=False) wrap_iov(self._context, iov, confidential=True) return iov[0].value, iov[1].value + (iov[2].value or b"")
def test_basic_iov_wrap_unwrap_autoalloc(self): init_data = b'some encrypted data' init_other_data = b'some other encrypted data' init_signed_info = b'some sig data' init_message = gb.IOV((gb.IOVBufferType.sign_only, init_signed_info), init_data, init_other_data) conf = gb.wrap_iov(self.client_ctx, init_message) conf.should_be_a(bool) conf.should_be_true() # make sure we didn't strings used init_data.should_be(b'some encrypted data') init_other_data.should_be(b'some other encrypted data') init_signed_info.should_be(b'some sig data') init_message[2].value.shouldnt_be(b'some encrypted data') init_message[3].value.shouldnt_be(b'some other encrypted data') (conf, qop) = gb.unwrap_iov(self.server_ctx, init_message) conf.should_be_a(bool) conf.should_be_true() qop.should_be_a(int) init_message[1].value.should_be(init_signed_info) init_message[2].value.should_be(init_data) init_message[3].value.should_be(init_other_data)
def wrap_iov(self, iov, encrypt=True, qop=None): iov_buffer = IOV(*self._build_iov_list(iov), std_layout=False) encrypted = wrap_iov(self._context, iov_buffer, confidential=encrypt, qop=qop) return IOVWrapResult(buffers=_create_iov_result(iov_buffer), encrypted=encrypted)