def test_encrypt_gcm(self, monkeypatch):
def mockurandom(length):
return b"\xff" * length
monkeypatch.setattr(os, 'urandom', mockurandom)
connection = Connection(uuid.uuid4(), "server", 445)
connection.dialect = Dialects.SMB_3_1_1
connection.cipher_id = Ciphers.get_cipher(Ciphers.AES_128_GCM)
session = Session(connection, "user", "pass")
session.session_id = 1
session.encryption_key = b"\xff" * 16
expected = SMB2TransformHeader()
expected['signature'] = b"\x39\xd8\x32\x34\xd7\x53\xd0\x8e" \
b"\xc0\xfc\xbe\x33\x01\x5f\x19\xbd"
expected['nonce'] = b"\xff" * 12 + b"\x00" * 4
expected['original_message_size'] = 4
expected['flags'] = 1
expected['session_id'] = 1
expected['data'] = b"\xda\x26\x57\x33"
actual = connection._encrypt(b"\x01\x02\x03\x04", session)
assert isinstance(actual, SMB2TransformHeader)
assert actual.pack() == expected.pack()
def test_encrypt_ccm(self, monkeypatch):
def mockurandom(length):
return b"\xff" * length
monkeypatch.setattr(os, 'urandom', mockurandom)
connection = Connection(uuid.uuid4(), "server", 445)
connection.dialect = Dialects.SMB_3_1_1
connection.cipher_id = Ciphers.get_cipher(Ciphers.AES_128_CCM)
session = Session(connection, "user", "pass")
session.session_id = 1
session.encryption_key = b"\xff" * 16
expected = SMB2TransformHeader()
expected['signature'] = b"\xc8\x73\x0c\x9b\xa7\xe5\x9f\x1c" \
b"\xfd\x37\x51\xa1\x95\xf2\xb3\xac"
expected['nonce'] = b"\xff" * 11 + b"\x00" * 5
expected['original_message_size'] = 4
expected['flags'] = 1
expected['session_id'] = 1
expected['data'] = b"\x21\x91\xe3\x0e"
actual = connection._encrypt(b"\x01\x02\x03\x04", session)
assert isinstance(actual, SMB2TransformHeader)
assert actual.pack() == expected.pack()
def test_secure_negotiation_verification_failed(self, smb_real):
connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3])
connection.connect(Dialects.SMB_3_0_2)
session = Session(connection, smb_real[0], smb_real[1])
connection.dialect = Dialects.SMB_3_0_0
tree = TreeConnect(session, smb_real[4])
try:
session.connect()
with pytest.raises(SMBException) as exc:
tree.connect()
assert "Secure negotiate failed to verify server dialect, " \
"Actual: 770, Expected: 768" in str(exc.value)
finally:
connection.disconnect(True)
def test_secure_ignore_negotiation_verification_failed(self, smb_real):
connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3])
connection.connect(Dialects.SMB_3_0_2)
session = Session(connection, smb_real[0], smb_real[1])
connection.dialect = Dialects.SMB_3_0_0
tree = TreeConnect(session, smb_real[4])
try:
session.connect()
tree.connect(False)
assert not tree.encrypt_data
assert not tree.is_ca_share
assert not tree.is_dfs_share
assert not tree.is_scaleout_share
assert isinstance(tree.tree_connect_id, int)
finally:
connection.disconnect(True)
tree.disconnect() # test that disconnect can be run mutliple times
