def loadMembers(self, mappings, maxDepth):
if not LoadableMembersStructure.loadMembers(self, mappings, maxDepth):
return False
# Load and memcopy key and iv
log.debug('Enc Memcopying a Key with %d bytes'%self.key_len)
attr_obj_address = getaddress(self.key)
log.debug('got key @%x '%(attr_obj_address))
memoryMap = is_valid_address_value( attr_obj_address, mappings)
# DEBUG - I do question the buffer_copy.
log.debug('memoryMap is %s - \nmake array '%(memoryMap))
array=(ctypes.c_ubyte*self.key_len).from_buffer_copy(memoryMap.readArray(attr_obj_address, ctypes.c_ubyte, self.key_len))
# save key as bitstream
##key_contents = ctypes.c_ubyte.from_buffer(array)
key_contents = array
log.debug('keep ref ')
model.keepRef(key_contents, model.get_subtype(self.key), attr_obj_address)
log.debug('Enc Memcopying a IV with %d bytes'%( self.block_size) )
attr_obj_address=getaddress(self.iv)
memoryMap = is_valid_address_value( attr_obj_address, mappings)
log.debug('make array ')
array=(ctypes.c_ubyte*self.block_size).from_buffer_copy(memoryMap.readArray(attr_obj_address, ctypes.c_ubyte,self.block_size))
# save iv contents as bitstream
##iv_contents = ctypes.c_ubyte.from_buffer(array)
iv_contents = array
log.debug('keep ref')
model.keepRef(iv_contents, model.get_subtype(self.iv), attr_obj_address)
log.debug('ENC KEY(%d bytes) and IV(%d bytes) acquired'%(self.key_len,self.block_size))
return True
def loadMembers(self, mappings, maxDepth):
if not LoadableMembersStructure.loadMembers(self, mappings, maxDepth):
return False
#log.debug('evp app_data attr_obj_address=0x%lx'%(self.evp.app_data) )
#log.debug('evp cipher_data attr_obj_address=0x%lx'%(self.evp.cipher_data) ) ##none
cipher = model.getRef( Cipher, getaddress(self.cipher) )
ciphername = cipher.name.toString()
# cast evp.app_data into a valid struct
if ciphername in self.cipherContexts:
# evp.cipher.nid should be 0
struct = self.cipherContexts[ciphername]
if (struct is None):
log.warning("Unsupported cipher %s"%(ciphername))
return True
attr_obj_address = self.evp.app_data
memoryMap = is_valid_address_value( attr_obj_address, mappings, struct)
log.debug( "CipherContext CAST app_data into : %s "%( struct) )
if not memoryMap:
log.warning('On second toughts, app_data seems to be at an invalid address. That should not happen (often).')
log.warning('%s addr:0x%lx size:0x%lx addr+size:0x%lx '%(is_valid_address_value( attr_obj_address, mappings),
attr_obj_address, ctypes.sizeof(struct), attr_obj_address+ctypes.sizeof(struct)))
return False # DEBUG kill it
# read the void * and keep a ref
st = memoryMap.readStruct(attr_obj_address, struct )
model.keepRef(st, struct, attr_obj_address)
# yeah... no. "self.evp.app_data = xx" means SEGFAULT.
evp_app_data = ctypes.c_void_p(ctypes.addressof(st))
log.debug('Copied 0x%lx into app_data (0x%lx)'%(attr_obj_address, evp_app_data.value) )
log.debug('LOADED app_data as %s from 0x%lx (%s) into 0x%lx'%(struct,
attr_obj_address, is_valid_address_value(attr_obj_address,mappings,struct), evp_app_data.value))
log.debug('\t\t---------\n%s\t\t---------'%(st.toString() ) )
else:
log.debug("Unknown cipher %s, can't load a data struct for the EVP_CIPHER_CTX->app_data"%(ciphername))
return True
def loadMembers(self, mappings, maxDepth):
if not LoadableMembers.loadMembers(self, mappings, maxDepth):
return False
# Load and memcopy key and iv
log.debug('Memcopying a Key with %d bytes'%self.key_len)
attr_obj_address=getaddress(self.key)
memoryMap = is_valid_address_value( attr_obj_address, mappings)
array=(ctypes.c_ubyte*self.key_len).from_buffer_copy(memoryMap.readArray(attr_obj_address, ctypes.c_ubyte, self.key_len))
self.key.contents=ctypes.c_ubyte.from_buffer(array)
log.debug('Memcopying a IV with %d bytes'%( self.block_size) )
attr_obj_address=getaddress(self.iv)
memoryMap = is_valid_address_value( attr_obj_address, mappings)
array=(ctypes.c_ubyte*self.block_size).from_buffer_copy(memoryMap.readArray(attr_obj_address, ctypes.c_ubyte,self.block_size))
self.iv.contents=ctypes.c_ubyte.from_buffer(array)
log.debug('ENC KEY(%d bytes) and IV(%d bytes) acquired'%(self.key_len,self.block_size))
return True
def EVP_CIPHER_CTX_toPyObject(self):
d=super(EVP_CIPHER_CTX,self).toPyObject()
log.debug('Cast a EVP_CIPHER_CTX into PyObj')
# cast app_data or cipher_data to right struct
if bool(self.cipher_data):
cipher = model.getRef( evp_cipher_st, getaddress(self.cipher) )
struct = getCipherDataType( cipher.nid)
if struct is not None:
# CAST c_void_p to struct
d.cipher_data = struct.from_address(self.cipher_data).toPyObject()
return d
def loadMembers(self, mappings, maxDepth):
if not LoadableMembers.loadMembers(self, mappings, maxDepth):
return False
# Load and memcopy key
log.debug('Memcopying a Key with %d bytes'%self.key_len)
attr_obj_address=getaddress(self.key)
memoryMap = is_valid_address_value( attr_obj_address, mappings)
array=(ctypes.c_ubyte*self.key_len).from_buffer_copy(memoryMap.readArray(attr_obj_address, ctypes.c_ubyte, self.key_len))
self.key.contents=ctypes.c_ubyte.from_buffer(array)
log.debug('unmac_ctx has been nulled and ignored. its not often used by any ssh impl. Not useful for us anyway.')
log.debug('MAC KEY(%d bytes) acquired'%(self.key_len))
return True
def getEvpAppData(self):
cipher = model.getRef( Cipher, getaddress(self.cipher) )
ciphername = cipher.name.toString()
if ciphername in self.cipherContexts:
struct = self.cipherContexts[ciphername]
if(struct is None):
log.warning("Unsupported cipher %s"%(ciphername))
log.warning("%s"%(cipher.toString()))
return None
log.debug('CAST evp.app_data Into %s'%(struct))
attr_obj_address = self.evp.app_data
st = model.getRef(struct, attr_obj_address)
#st = struct.from_address(attr)
log.debug('app_data value is : 0x%lx'%(attr_obj_address))
log.debug(st.toString())
return st
return None
def list_head_getOffsets(self, mappings, attrtype, listHeadName):
'''
get the prev and next structure's real start addresses.
we need a real attrtype and the list_head attrname to calculate the offset
@param attrtype the target structure type
@param listHeadName the member name in that target structure
'''
names = ['prev','next']
ret = list()
for name in names:
addr = getaddress(getattr(self, name))
log.debug( '0x%x %s.%s'%(addr, listHeadName, name) )
if addr < 1 or not is_valid_address_value(addr, mappings, attrtype) :
addr = None
else:
addr -= offsetof(attrtype, listHeadName)
ret.append(addr)
return (ret[0],ret[1])#(addr_prev,addr_next)
def list_head_getOffsets(self, mappings, attrtype, listHeadName):
'''
get the prev and next structure's real start addresses.
we need a real attrtype and the list_head attrname to calculate the offset
@param attrtype the target structure type
@param listHeadName the member name in that target structure
'''
names = ['prev', 'next']
ret = list()
for name in names:
addr = getaddress(getattr(self, name))
log.debug('0x%x %s.%s' % (addr, listHeadName, name))
if addr < 1 or not is_valid_address_value(addr, mappings, attrtype):
addr = None
else:
addr -= offsetof(attrtype, listHeadName)
ret.append(addr)
return (ret[0], ret[1]) #(addr_prev,addr_next)
def BIGNUM_loadMembers(self, mappings, maxDepth):
'''
#self._d = process.readArray(attr_obj_address, ctypes.c_ulong, self.top)
## or
#ulong_array= (ctypes.c_ulong * self.top)
'''
if not self.isValid(mappings):
log.debug('BigNUm tries to load members when its not validated')
return False
# Load and memcopy d / BN_ULONG *
attr_obj_address=getaddress(self.d)
if not bool(self.d):
log.debug('BIGNUM has a Null pointer d')
return True
memoryMap = is_valid_address_value( attr_obj_address, mappings)
contents=(BN_ULONG*self.top).from_buffer_copy(memoryMap.readArray(attr_obj_address, BN_ULONG, self.top))
log.debug('contents acquired %d'%ctypes.sizeof(contents))
self.d.contents=BN_ULONG.from_address(ctypes.addressof(contents))
self.d=ctypes.cast(contents, ctypes.POINTER(BN_ULONG) )
return True
def EVP_CIPHER_CTX_loadMembers(self, mappings, maxDepth):
if not super(EVP_CIPHER_CTX,self).loadMembers(mappings, maxDepth):
return False
log.debug('trying to load cipher_data Structs.')
'''
if bool(cipher) and bool(self.cipher.nid) and is_valid_address(cipher_data):
memcopy( self.cipher_data, cipher_data_addr, self.cipher.ctx_size)
# cast possible on cipher.nid -> cipherType
'''
cipher = model.getRef( evp_cipher_st, getaddress(self.cipher) )
if cipher.nid == 0: # NID_undef, not openssl doing
log.info('The cipher is home made - the cipher context data should be application dependant (app_data)')
return True
struct = getCipherDataType( cipher.nid)
log.debug('cipher type is %s - loading %s'%( getCipherName(cipher.nid), struct ))
if(struct is None):
log.warning("Unsupported cipher %s"%(cipher.nid))
return True
# c_void_p is a basic type.
attr_obj_address = self.cipher_data
memoryMap = is_valid_address_value( attr_obj_address, mappings, struct)
log.debug( "cipher_data CAST into : %s "%(struct) )
if not memoryMap:
log.warning('in CTX On second toughts, cipher_data seems to be at an invalid address. That should not happen (often).')
log.warning('%s addr:0x%lx size:0x%lx addr+size:0x%lx '%(is_valid_address_value( attr_obj_address, mappings),
attr_obj_address, ctypes.sizeof(struct), attr_obj_address+ctypes.sizeof(struct)))
return True
#ok
st = memoryMap.readStruct(attr_obj_address, struct )
model.keepRef(st, struct, attr_obj_address)
self.cipher_data = ctypes.c_void_p(ctypes.addressof(st))
###print 'self.cipher_data in loadmembers',self.cipher_data
# check debug
attr=getattr(self, 'cipher_data')
log.debug('Copied 0x%lx into %s (0x%lx)'%(ctypes.addressof(st), 'cipher_data', attr))
log.debug('LOADED cipher_data as %s from 0x%lx (%s) into 0x%lx'%(struct,
attr_obj_address, is_valid_address_value(attr_obj_address, mappings, struct), attr ))
log.debug('\t\t---------\n%s\t\t---------'%st.toString())
return True
def task_struct_getTasksPrev(self): return container_of(getaddress(self.tasks.prev), gen.task_struct, 'tasks')
def task_struct_getTasksNext(self): ''' once the task_struct is loadMembers(ed), self->tasks.next is loaded to. just a bit hidden''' return container_of(getaddress(self.tasks.next), gen.task_struct, 'tasks')
def task_struct_getTasksPrev(self):
return container_of(getaddress(self.tasks.prev), gen.task_struct, 'tasks')
def task_struct_getTasksNext(self):
''' once the task_struct is loadMembers(ed), self->tasks.next is loaded to. just a bit hidden'''
return container_of(getaddress(self.tasks.next), gen.task_struct, 'tasks')
def BIGNUM___str__(self):
d= getaddress(self.d)
return ("BN { d=0x%lx, top=%d, dmax=%d, neg=%d, flags=%d }"%
(d, self.top, self.dmax, self.neg, self.flags) )
def getIV(self): #return pointer2bytes(model.getRef(ctypes.Array, getaddress(self.iv)), self.block_size) return model.array2bytes(model.getRef( model.get_subtype(self.iv), getaddress(self.iv)) )
def getKey(self): #return pointer2bytes(self.key,self.key_len) return model.array2bytes( model.getRef( model.get_subtype(self.key), getaddress(self.key)) )
def BIGNUM_get_d(self): return getRef( model.getSubtype(self.d), getaddress(self.d))