def test_encrypt_gcm(self, monkeypatch): def mockurandom(length): return b"\xff" * length monkeypatch.setattr(os, 'urandom', mockurandom) connection = Connection(uuid.uuid4(), "server", 445) connection.dialect = Dialects.SMB_3_1_1 connection.cipher_id = Ciphers.get_cipher(Ciphers.AES_128_GCM) session = Session(connection, "user", "pass") session.session_id = 1 session.encryption_key = b"\xff" * 16 expected = SMB2TransformHeader() expected['signature'] = b"\x39\xd8\x32\x34\xd7\x53\xd0\x8e" \ b"\xc0\xfc\xbe\x33\x01\x5f\x19\xbd" expected['nonce'] = b"\xff" * 12 + b"\x00" * 4 expected['original_message_size'] = 4 expected['flags'] = 1 expected['session_id'] = 1 expected['data'] = b"\xda\x26\x57\x33" actual = connection._encrypt(b"\x01\x02\x03\x04", session) assert isinstance(actual, SMB2TransformHeader) assert actual.pack() == expected.pack()
def test_encrypt_ccm(self, monkeypatch): def mockurandom(length): return b"\xff" * length monkeypatch.setattr(os, 'urandom', mockurandom) connection = Connection(uuid.uuid4(), "server", 445) connection.dialect = Dialects.SMB_3_1_1 connection.cipher_id = Ciphers.get_cipher(Ciphers.AES_128_CCM) session = Session(connection, "user", "pass") session.session_id = 1 session.encryption_key = b"\xff" * 16 expected = SMB2TransformHeader() expected['signature'] = b"\xc8\x73\x0c\x9b\xa7\xe5\x9f\x1c" \ b"\xfd\x37\x51\xa1\x95\xf2\xb3\xac" expected['nonce'] = b"\xff" * 11 + b"\x00" * 5 expected['original_message_size'] = 4 expected['flags'] = 1 expected['session_id'] = 1 expected['data'] = b"\x21\x91\xe3\x0e" actual = connection._encrypt(b"\x01\x02\x03\x04", session) assert isinstance(actual, SMB2TransformHeader) assert actual.pack() == expected.pack()
def test_decrypt_invalid_session_id(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3], True) session = Session(connection, smb_real[0], smb_real[1]) connection.connect() try: session.connect() # just get some random message header = connection.preauth_integrity_hash_value[-1] enc_header = connection._encrypt(header.pack(), session) assert isinstance(enc_header, SMB2TransformHeader) enc_header['session_id'] = 100 with pytest.raises(SMBException) as exc: connection._decrypt(enc_header) assert str(exc.value) == "Failed to find valid session 100 for " \ "message decryption" finally: connection.disconnect(True)
def test_decrypt_invalid_flag(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3], True) session = Session(connection, smb_real[0], smb_real[1]) connection.connect() try: session.connect() # just get some random message header = connection.preauth_integrity_hash_value[-1] enc_header = connection._encrypt(header.pack(), session) assert isinstance(enc_header, SMB2TransformHeader) enc_header['flags'] = 5 with pytest.raises(SMBException) as exc: connection._decrypt(enc_header) assert str(exc.value) == "Expecting flag of 0x0001 but got 5 in " \ "the SMB Transform Header Response" finally: connection.disconnect(True)