diff options
author | Aurelien Aptel <aaptel@suse.com> | 2019-01-24 21:30:02 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2019-01-25 16:07:52 +0000 |
commit | d09d33262b4c8f3287b00374e885162900c3b730 (patch) | |
tree | 6a20862f0564572a7554b2ef8318633a73fc6b56 /test | |
parent | 75484b106da95c3fe73815fca10a6f8208e066cc (diff) |
test/suite_decryption.py: add smb2 decryption tests
add 3 tests and 2 sample captures to check smb2 decryption with:
- bad key (should fail gracefuly)
- smb3.0 AES-128-CCM
- smb3.1.1 AES-128-CCM
Change-Id: I099f5f00f83fd39ac6de9ce9ce374624297aef61
Reviewed-on: https://code.wireshark.org/review/31728
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'test')
-rw-r--r-- | test/captures/smb300-aes-128-ccm.pcap.gz | bin | 0 -> 1235 bytes | |||
-rw-r--r-- | test/captures/smb311-aes-128-ccm.pcap.gz | bin | 0 -> 1327 bytes | |||
-rw-r--r-- | test/suite_decryption.py | 52 |
3 files changed, 52 insertions, 0 deletions
diff --git a/test/captures/smb300-aes-128-ccm.pcap.gz b/test/captures/smb300-aes-128-ccm.pcap.gz Binary files differnew file mode 100644 index 0000000000..6f0c8d76a0 --- /dev/null +++ b/test/captures/smb300-aes-128-ccm.pcap.gz diff --git a/test/captures/smb311-aes-128-ccm.pcap.gz b/test/captures/smb311-aes-128-ccm.pcap.gz Binary files differnew file mode 100644 index 0000000000..fa4e196984 --- /dev/null +++ b/test/captures/smb311-aes-128-ccm.pcap.gz diff --git a/test/suite_decryption.py b/test/suite_decryption.py index a282069d7e..50692ea5ba 100644 --- a/test/suite_decryption.py +++ b/test/suite_decryption.py @@ -996,3 +996,55 @@ class case_decrypt_pkcs11(subprocesstest.SubprocessTestCase): '-Y', 'http', )) self.assertIn('/', proc.stdout_str) + +@fixtures.mark_usefixtures('test_env') +@fixtures.uses_fixtures +class case_decrypt_smb2(subprocesstest.SubprocessTestCase): + def test_smb300_bad_key(self, cmd_tshark, capture_file): + '''Check that a bad session key doesn't crash''' + seskey = 'ffffffffffffffffffffffffffffffff' + sesid = '1900009c003c0000' + proc = self.assertRun((cmd_tshark, + '-r', capture_file('smb300-aes-128-ccm.pcap.gz'), + '-o', 'uat:smb2_seskey_list:{},{}'.format(sesid, seskey), + '-Y', 'frame.number == 7', + )) + self.assertIn('unknown', proc.stdout_str) + + def test_smb311_bad_key(self, cmd_tshark, capture_file): + seskey = 'ffffffffffffffffffffffffffffffff' + sesid = '2900009c003c0000' + proc = self.assertRun((cmd_tshark, + '-r', capture_file('smb311-aes-128-ccm.pcap.gz'), + '-o', 'uat:smb2_seskey_list:{},{}'.format(sesid, seskey), + '-Y', 'frame.number == 7' + )) + self.assertIn('unknown', proc.stdout_str) + + def test_smb300_aes128ccm(self, cmd_tshark, capture_file): + '''Check SMB 3.0 AES128CCM decryption.''' + sesid = '1900009c003c0000' + seskey = '9a9ea16a0cdbeb6064772318073f172f' + tree = r'\\dfsroot1.foo.test\IPC$' + proc = self.assertRun((cmd_tshark, + '-r', capture_file('smb300-aes-128-ccm.pcap.gz'), + '-o', 'uat:smb2_seskey_list:{},{}'.format(sesid, seskey), + '-Tfields', + '-e', 'smb2.tree', + '-Y', 'smb2.tree == "{}"'.format(tree.replace('\\', '\\\\')), + )) + self.assertEqual(tree, proc.stdout_str.strip()) + + def test_smb311_aes128ccm(self, cmd_tshark, capture_file): + '''Check SMB 3.1.1 AES128CCM decryption.''' + sesid = '2900009c003c0000' + seskey = 'f1fa528d3cd182cca67bd4596dabd885' + tree = r'\\dfsroot1.foo.test\IPC$' + proc = self.assertRun((cmd_tshark, + '-r', capture_file('smb311-aes-128-ccm.pcap.gz'), + '-o', 'uat:smb2_seskey_list:{},{}'.format(sesid, seskey), + '-Tfields', + '-e', 'smb2.tree', + '-Y', 'smb2.tree == "{}"'.format(tree.replace('\\', '\\\\')), + )) + self.assertEqual(tree, proc.stdout_str.strip()) |