diff options
author | Aurelien Aptel <aaptel@suse.com> | 2020-02-19 22:35:50 +0100 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2020-02-23 06:14:06 +0000 |
commit | 1702e59b5536d0dd4e44605cbc62ec1be41dd74a (patch) | |
tree | 9e5617c5346739e7e9e43996bbc52e40e5cac907 /test | |
parent | b8f9448c7887729ce82efeb097da01b9f8d246de (diff) |
test/suite_decryption.py: update SMB3+ decryption tests
Update existing tests to the new smb2_seskey_list syntax and add new
tests for decrypting using different combinations of provided keys.
Change-Id: I86fda351ff736cae6029ec2321c45a02c1917226
Reviewed-on: https://code.wireshark.org/review/36137
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/suite_decryption.py | 215 |
1 files changed, 166 insertions, 49 deletions
diff --git a/test/suite_decryption.py b/test/suite_decryption.py index 6decdb1b2b..519faf9d87 100644 --- a/test/suite_decryption.py +++ b/test/suite_decryption.py @@ -1106,65 +1106,182 @@ class case_decrypt_pkcs11(subprocesstest.SubprocessTestCase): @fixtures.mark_usefixtures('test_env') @fixtures.uses_fixtures class case_decrypt_smb2(subprocesstest.SubprocessTestCase): - def test_smb300_bad_key(self, cmd_tshark, capture_file): - '''Check that a bad session key doesn't crash''' - seskey = 'ffffffffffffffffffffffffffffffff' - sesid = '1900009c003c0000' - proc = self.assertRun((cmd_tshark, - '-r', capture_file('smb300-aes-128-ccm.pcap.gz'), - '-o', 'uat:smb2_seskey_list:{},{},"",""'.format(sesid, seskey), - '-Y', 'frame.number == 7', - )) - self.assertIn('Encrypted', proc.stdout_str) + BAD_KEY = 'ffffffffffffffffffffffffffffffff' - def test_smb311_bad_key(self, cmd_tshark, capture_file): - seskey = 'ffffffffffffffffffffffffffffffff' - sesid = '2900009c003c0000' + def check_bad_key(self, cmd_tshark, cap, disp_filter, sesid, seskey, s2ckey, c2skey): proc = self.assertRun((cmd_tshark, - '-r', capture_file('smb311-aes-128-ccm.pcap.gz'), - '-o', 'uat:smb2_seskey_list:{},{},"",""'.format(sesid, seskey), - '-Y', 'frame.number == 7' + '-r', cap, + '-o', 'uat:smb2_seskey_list:{},{},{},{}'.format(sesid, seskey, s2ckey, c2skey), + '-Y', disp_filter, )) - self.assertIn('Encrypted', proc.stdout_str) + self.assertIn('Encrypted SMB', proc.stdout_str) - def test_smb300_aes128ccm(self, cmd_tshark, capture_file): - '''Check SMB 3.0 AES128CCM decryption.''' - sesid = '1900009c003c0000' - seskey = '9a9ea16a0cdbeb6064772318073f172f' - tree = r'\\dfsroot1.foo.test\IPC$' - proc = self.assertRun((cmd_tshark, - '-r', capture_file('smb300-aes-128-ccm.pcap.gz'), - '-o', 'uat:smb2_seskey_list:{},{},"",""'.format(sesid, seskey), - '-Tfields', - '-e', 'smb2.tree', - '-Y', 'smb2.tree == "{}"'.format(tree.replace('\\', '\\\\')), - )) - self.assertEqual(tree, proc.stdout_str.strip()) + # + # SMB3.0 CCM bad keys tests + # + def test_smb300_bad_seskey(self, features, cmd_tshark, capture_file): + '''Check that a bad session key doesn't crash''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_bad_key(cmd_tshark, capture_file('smb300-aes-128-ccm.pcap.gz'), + 'frame.number == 7', '1900009c003c0000', self.BAD_KEY, '""', '""') + + def test_smb300_bad_s2ckey(self, features, cmd_tshark, capture_file): + '''Check that a bad s2c key doesn't crash''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_bad_key(cmd_tshark, capture_file('smb300-aes-128-ccm.pcap.gz'), + 'frame.number == 7', '1900009c003c0000', '""', self.BAD_KEY, '""') + + def test_smb300_bad_c2skey(self, features, cmd_tshark, capture_file): + '''Check that a bad c2s key doesn't crash''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_bad_key(cmd_tshark, capture_file('smb300-aes-128-ccm.pcap.gz'), + 'frame.number == 7', '1900009c003c0000', '""', '""', self.BAD_KEY) + + def test_smb300_bad_deckey(self, features, cmd_tshark, capture_file): + '''Check that bad decryption keys doesn't crash''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_bad_key(cmd_tshark, capture_file('smb300-aes-128-ccm.pcap.gz'), + 'frame.number == 7', '1900009c003c0000', '""', self.BAD_KEY, self.BAD_KEY) + + def test_smb300_bad_allkey(self, features, cmd_tshark, capture_file): + '''Check that all bad keys doesn't crash''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_bad_key(cmd_tshark, capture_file('smb300-aes-128-ccm.pcap.gz'), + 'frame.number == 7', '1900009c003c0000', self.BAD_KEY, self.BAD_KEY, self.BAD_KEY) + + # + # SMB3.1.1 CCM bad key tests + # + def test_smb311_bad_seskey(self, features, cmd_tshark, capture_file): + '''Check that a bad session key doesn't crash''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_bad_key(cmd_tshark, capture_file('smb311-aes-128-ccm.pcap.gz'), + 'frame.number == 7', '2900009c003c0000', self.BAD_KEY, '""', '""') + + def test_smb311_bad_s2ckey(self, features, cmd_tshark, capture_file): + '''Check that a bad s2c key doesn't crash''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_bad_key(cmd_tshark, capture_file('smb311-aes-128-ccm.pcap.gz'), + 'frame.number == 7', '2900009c003c0000', '""', self.BAD_KEY, '""') + + def test_smb311_bad_c2skey(self, features, cmd_tshark, capture_file): + '''Check that a bad c2s key doesn't crash''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_bad_key(cmd_tshark, capture_file('smb311-aes-128-ccm.pcap.gz'), + 'frame.number == 7', '2900009c003c0000', '""', '""', self.BAD_KEY) + + def test_smb311_bad_deckey(self, features, cmd_tshark, capture_file): + '''Check that bad decryption keys doesn't crash''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_bad_key(cmd_tshark, capture_file('smb311-aes-128-ccm.pcap.gz'), + 'frame.number == 7', '2900009c003c0000', '""', self.BAD_KEY, self.BAD_KEY) + + def test_smb311_bad_allkey(self, features, cmd_tshark, capture_file): + '''Check that all bad keys doesn't crash''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_bad_key(cmd_tshark, capture_file('smb311-aes-128-ccm.pcap.gz'), + 'frame.number == 7', '2900009c003c0000', self.BAD_KEY, self.BAD_KEY, self.BAD_KEY) + + # + # Decryption tests + # - def test_smb311_aes128ccm(self, cmd_tshark, capture_file): - '''Check SMB 3.1.1 AES128CCM decryption.''' - sesid = '2900009c003c0000' - seskey = 'f1fa528d3cd182cca67bd4596dabd885' - tree = r'\\dfsroot1.foo.test\IPC$' + def check_tree(self, cmd_tshark, cap, tree, sesid, seskey, s2ckey, c2skey): proc = self.assertRun((cmd_tshark, - '-r', capture_file('smb311-aes-128-ccm.pcap.gz'), - '-o', 'uat:smb2_seskey_list:{},{},"",""'.format(sesid, seskey), + '-r', cap, + '-o', 'uat:smb2_seskey_list:{},{},{},{}'.format(sesid, seskey, s2ckey, c2skey), '-Tfields', '-e', 'smb2.tree', '-Y', 'smb2.tree == "{}"'.format(tree.replace('\\', '\\\\')), )) self.assertEqual(tree, proc.stdout_str.strip()) - def test_smb311_aes128gcm(self, cmd_tshark, capture_file): - '''Check SMB 3.1.1 AES128GCM decryption.''' - sesid = '3900000000400000' - seskey = 'e79161ded03bda1449b2c8e58f753953' - tree = r'\\dfsroot1.foo.test\IPC$' - proc = self.assertRun((cmd_tshark, - '-r', capture_file('smb311-aes-128-gcm.pcap.gz'), - '-o', 'uat:smb2_seskey_list:{},{},"",""'.format(sesid, seskey), - '-Tfields', - '-e', 'smb2.tree', - '-Y', 'smb2.tree == "{}"'.format(tree.replace('\\', '\\\\')), + # SMB3.0 CCM + def test_smb300_aes128ccm_seskey(self, features, cmd_tshark, capture_file): + '''Check SMB 3.0 AES128CCM decryption with session key.''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_tree(cmd_tshark, capture_file('smb300-aes-128-ccm.pcap.gz'), + r'\\dfsroot1.foo.test\IPC$', '1900009c003c0000', + '9a9ea16a0cdbeb6064772318073f172f', '""', '""') + + def test_smb300_aes128ccm_deckey(self, features, cmd_tshark, capture_file): + '''Check SMB 3.0 AES128CCM decryption with decryption keys.''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_tree(cmd_tshark, capture_file('smb300-aes-128-ccm.pcap.gz'), + r'\\dfsroot1.foo.test\IPC$', '1900009c003c0000', + '""', '8be6cc53d4beba29387e69aef035d497','bff985870e81784d533fdc09497b8eab') + + + # SMB3.1.1 CCM + def test_smb311_aes128ccm_seskey(self, features, cmd_tshark, capture_file): + '''Check SMB 3.1.1 AES128CCM decryption with session key.''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_tree(cmd_tshark, capture_file('smb311-aes-128-ccm.pcap.gz'), + r'\\dfsroot1.foo.test\IPC$', '2900009c003c0000', + 'f1fa528d3cd182cca67bd4596dabd885', '""', '""') + + def test_smb311_aes128ccm_deckey(self, features, cmd_tshark, capture_file): + '''Check SMB 3.1.1 AES128CCM decryption with decryption keys.''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_tree(cmd_tshark, capture_file('smb311-aes-128-ccm.pcap.gz'), + r'\\dfsroot1.foo.test\IPC$', '2900009c003c0000', + '""', '763d5552dbc9650b700869467a5857e4', '35e69833c6578e438c8701cb40bf483e') + + # SMB3.1.1 GCM + def test_smb311_aes128gcm_seskey(self, features, cmd_tshark, capture_file): + '''Check SMB 3.1.1 AES128GCM decryption with session key.''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_tree(cmd_tshark, capture_file('smb311-aes-128-gcm.pcap.gz'), + r'\\dfsroot1.foo.test\IPC$', '3900000000400000', + 'e79161ded03bda1449b2c8e58f753953', '""', '""') + + def test_smb311_aes128gcm_deckey(self, features, cmd_tshark, capture_file): + '''Check SMB 3.1.1 AES128GCM decryption with decryption keys.''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_tree(cmd_tshark, capture_file('smb311-aes-128-gcm.pcap.gz'), + r'\\dfsroot1.foo.test\IPC$', '3900000000400000', + '""', 'b02f5de25e0562075c3dc329fa2aa396', '7201623a31754e6581864581209dd3d2') + + def check_partial(self, home_path, cmd_tshark, full_cap, pkt_skip, tree, sesid, s2ckey, c2skey): + # generate a trace without NegProt and SessionSetup + partial_cap = os.path.join(home_path, 'short.pcap') + self.assertRun((cmd_tshark, + '-r', full_cap, + '-Y', 'frame.number >= %d'%pkt_skip, + '-w', partial_cap, )) - self.assertEqual(tree, proc.stdout_str.strip()) + self.check_tree(cmd_tshark, partial_cap, tree, sesid, '""', s2ckey, c2skey) + + def test_smb311_aes128gcm_partial(self, features, home_path, cmd_tshark, capture_file): + '''Check SMB 3.1.1 AES128GCM decryption in capture missing session setup''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_partial(home_path, cmd_tshark, + capture_file('smb311-aes-128-gcm.pcap.gz'), 7, + r'\\dfsroot1.foo.test\IPC$', '3900000000400000', + 'b02f5de25e0562075c3dc329fa2aa396', '7201623a31754e6581864581209dd3d2') + + def test_smb311_aes128gcm_partial_keyswap(self, features, home_path, cmd_tshark, capture_file): + '''Check SMB 3.1.1 AES128GCM decryption in capture missing session setup with keys in wrong order''' + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.check_partial(home_path, cmd_tshark, + capture_file('smb311-aes-128-gcm.pcap.gz'), 7, + r'\\dfsroot1.foo.test\IPC$', '3900000000400000', + '7201623a31754e6581864581209dd3d2', 'b02f5de25e0562075c3dc329fa2aa396') |