def test_encrypt_gcm(self, monkeypatch):
def mockurandom(length):
return b"\xff" * length
monkeypatch.setattr(os, 'urandom', mockurandom)
connection = Connection(uuid.uuid4(), "server", 445)
connection.dialect = Dialects.SMB_3_1_1
connection.cipher_id = Ciphers.get_cipher(Ciphers.AES_128_GCM)
session = Session(connection, "user", "pass")
session.session_id = 1
session.encryption_key = b"\xff" * 16
expected = SMB2TransformHeader()
expected['signature'] = b"\x39\xd8\x32\x34\xd7\x53\xd0\x8e" \
b"\xc0\xfc\xbe\x33\x01\x5f\x19\xbd"
expected['nonce'] = b"\xff" * 12 + b"\x00" * 4
expected['original_message_size'] = 4
expected['flags'] = 1
expected['session_id'] = 1
expected['data'] = b"\xda\x26\x57\x33"
actual = connection._encrypt(b"\x01\x02\x03\x04", session)
assert isinstance(actual, SMB2TransformHeader)
assert actual.pack() == expected.pack()
def test_encrypt_ccm(self, monkeypatch):
def mockurandom(length):
return b"\xff" * length
monkeypatch.setattr(os, 'urandom', mockurandom)
connection = Connection(uuid.uuid4(), "server", 445)
connection.dialect = Dialects.SMB_3_1_1
connection.cipher_id = Ciphers.get_cipher(Ciphers.AES_128_CCM)
session = Session(connection, "user", "pass")
session.session_id = 1
session.encryption_key = b"\xff" * 16
expected = SMB2TransformHeader()
expected['signature'] = b"\xc8\x73\x0c\x9b\xa7\xe5\x9f\x1c" \
b"\xfd\x37\x51\xa1\x95\xf2\xb3\xac"
expected['nonce'] = b"\xff" * 11 + b"\x00" * 5
expected['original_message_size'] = 4
expected['flags'] = 1
expected['session_id'] = 1
expected['data'] = b"\x21\x91\xe3\x0e"
actual = connection._encrypt(b"\x01\x02\x03\x04", session)
assert isinstance(actual, SMB2TransformHeader)
assert actual.pack() == expected.pack()
def test_decrypt_invalid_session_id(self, smb_real):
connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3], True)
session = Session(connection, smb_real[0], smb_real[1])
connection.connect()
try:
session.connect()
# just get some random message
header = connection.preauth_integrity_hash_value[-1]
enc_header = connection._encrypt(header.pack(), session)
assert isinstance(enc_header, SMB2TransformHeader)
enc_header['session_id'] = 100
with pytest.raises(SMBException) as exc:
connection._decrypt(enc_header)
assert str(exc.value) == "Failed to find valid session 100 for " \
"message decryption"
finally:
connection.disconnect(True)
def test_decrypt_invalid_flag(self, smb_real):
connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3], True)
session = Session(connection, smb_real[0], smb_real[1])
connection.connect()
try:
session.connect()
# just get some random message
header = connection.preauth_integrity_hash_value[-1]
enc_header = connection._encrypt(header.pack(), session)
assert isinstance(enc_header, SMB2TransformHeader)
enc_header['flags'] = 5
with pytest.raises(SMBException) as exc:
connection._decrypt(enc_header)
assert str(exc.value) == "Expecting flag of 0x0001 but got 5 in " \
"the SMB Transform Header Response"
finally:
connection.disconnect(True)
