def setUp(self):
super(TestMemoryCollector, self).setUp()
self.output_path = "analysis/memory_scanner"
self.key = rdf_crypto.AES128Key("1a5eafcc77d428863d4c2441ea26e5a5")
self.iv = rdf_crypto.AES128Key("2241b14c64874b1898dad4de7173d8c0")
self.memory_file = os.path.join(config_lib.CONFIG["Test.data_dir"],
"auth.log")
with open(self.memory_file, "r") as f:
self.memory_dump = f.read()
self.assertTrue(self.memory_dump)
self.client_mock = action_mocks.ActionMock(
"TransferBuffer", "HashBuffer", "StatFile", "CopyPathToFile",
"SendFile", "DeleteGRRTempFiles", "GetConfiguration", "Find",
"Grep")
self.old_driver_flow = flow.GRRFlow.classes["LoadMemoryDriver"]
flow.GRRFlow.classes["LoadMemoryDriver"] = DummyLoadMemoryDriverFlow
self.old_diskvolume_flow = flow.GRRFlow.classes["DiskVolumeInfo"]
flow.GRRFlow.classes["DiskVolumeInfo"] = DummyDiskVolumeInfo
vfs.VFS_HANDLERS[rdf_paths.PathSpec.PathType.
MEMORY] = test_lib.FakeTestDataVFSHandler
class TestSendFile(base.LocalClientTest):
"""Test SendFile."""
platforms = ["Linux"]
flow = "SendFile"
key = rdf_crypto.AES128Key("1a5eafcc77d428863d4c2441ea26e5a5")
iv = rdf_crypto.AES128Key("2241b14c64874b1898dad4de7173d8c0")
args = dict(host="127.0.0.1",
port=12345,
pathspec=rdf_paths.PathSpec(pathtype=0, path="/bin/ls"),
key=key,
iv=iv)
def setUp(self):
class Listener(threading.Thread):
result = []
daemon = True
def run(self):
for res in socket.getaddrinfo(
None, 12345, socket.AF_INET,
socket.SOCK_STREAM, 0, socket.AI_ADDRCONFIG):
af, socktype, proto, _, sa = res
try:
s = socket.socket(af, socktype, proto)
except socket.error:
s = None
continue
try:
s.bind(sa)
s.listen(1)
except socket.error:
s.close()
s = None
continue
break
conn, _ = s.accept()
while 1:
data = conn.recv(1024)
if not data: break
self.result.append(data)
conn.close()
self.listener = Listener()
self.listener.start()
def CheckFlow(self):
if self.local_client:
original_data = open("/bin/ls", "rb").read()
received_cipher = "".join(self.listener.result)
cipher = rdf_crypto.AES128CBCCipher(
key=self.key,
iv=self.iv,
mode=rdf_crypto.AES128CBCCipher.OP_DECRYPT)
received_data = cipher.Update(received_cipher) + cipher.Final()
self.assertEqual(received_data, original_data)
def testAES128CBCCipher(self):
key = rdf_crypto.AES128Key()
iv = rdf_crypto.AES128Key()
cipher = rdf_crypto.AES128CBCCipher(key, iv)
plain_text = "hello world!"
cipher_text = cipher.Encrypt(plain_text)
# Repeatadly calling Encrypt should repeat the same cipher text.
self.assertEqual(cipher_text, cipher.Encrypt(plain_text))
self.assertNotEqual(cipher_text, plain_text)
self.assertEqual(cipher.Decrypt(cipher_text), plain_text)
def InitializeFromEncryption(self, string, username, password):
"""Initialize client credentials from encrypted string from the master."""
# Use the same key used in Encrypt()
key = self._MakeEncryptKey(username, password)
# Initialization vector was prepended.
init_vector_str = string[:INITVECTOR_SIZE]
init_vector = crypto.AES128Key(init_vector_str)
ciphertext = string[INITVECTOR_SIZE:]
decryptor = crypto.AES128CBCCipher(key, init_vector,
crypto.Cipher.OP_DECRYPT)
# Decrypt credentials information and set the required fields.
try:
plain = decryptor.Update(ciphertext)
plain += decryptor.Final()
# Remove padding
plain = plain.strip(" ")
creds = data_server.DataServerClientCredentials(plain)
# Create client credentials.
self.client_users = {}
for client in creds.users:
self.client_users[client.username] = client
return self
except EVP.EVPError:
return None
def testAES128Key(self):
key = rdf_crypto.AES128Key()
iv = rdf_crypto.AES128Key()
# Empty keys are initialized to a random string.
self.assertEqual(len(key), key.length / 8)
self.assertNotEqual(key, iv)
self.assertNotEqual(key.RawBytes(), iv.RawBytes())
# This key is too short.
self.assertRaises(rdf_crypto.CipherError, rdf_crypto.AES128Key, "foo")
# Deserialize from hex encoded.
copied_key = rdf_crypto.AES128Key(key.RawBytes().encode("hex"))
self.assertEqual(copied_key, key)
self.assertEqual(copied_key.RawBytes(), key.RawBytes())
copied_key = rdf_crypto.AES128Key(key.RawBytes())
self.assertEqual(copied_key, key)
def setUp(self):
super(TestMemoryCollector, self).setUp()
self.output_path = "analysis/memory_scanner"
self.key = rdf_crypto.AES128Key("1a5eafcc77d428863d4c2441ea26e5a5")
self.iv = rdf_crypto.AES128Key("2241b14c64874b1898dad4de7173d8c0")
self.memory_file = os.path.join(config_lib.CONFIG["Test.data_dir"],
"searching/auth.log")
with open(self.memory_file, "r") as f:
self.memory_dump = f.read()
self.assertTrue(self.memory_dump)
self.client_mock = MemoryCollectorClientMock()
# Ensure there is some data in the memory dump.
self.assertTrue(self.client_mock.memory_dump)
self.old_diskvolume_flow = flow.GRRFlow.classes["DiskVolumeInfo"]
flow.GRRFlow.classes["DiskVolumeInfo"] = DummyDiskVolumeInfo
def testAES128Key(self):
key = rdf_crypto.AES128Key.GenerateKey()
iv = rdf_crypto.AES128Key.GenerateKey()
self.assertNotEqual(key, iv)
self.assertNotEqual(key.RawBytes(), iv.RawBytes())
# This key is too short.
self.assertRaises(rdf_crypto.CipherError, rdf_crypto.AES128Key, "foo")
copied_key = rdf_crypto.AES128Key(key.RawBytes())
self.assertEqual(copied_key, key)
self.assertEqual(copied_key.RawBytes(), key.RawBytes())
def _MakeInitVector(self): init_vector = crypto.AES128Key() init_vector.Generate() return init_vector
def _MakeEncryptKey(self, username, password): data = hashlib.md5(username + password).hexdigest() return crypto.AES128Key(data)
