diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/captures/smb311-aes-128-gcm.pcap.gz | bin | 0 -> 1380 bytes | |||
-rw-r--r-- | test/suite_decryption.py | 14 |
2 files changed, 14 insertions, 0 deletions
diff --git a/test/captures/smb311-aes-128-gcm.pcap.gz b/test/captures/smb311-aes-128-gcm.pcap.gz Binary files differnew file mode 100644 index 0000000000..02e34a90da --- /dev/null +++ b/test/captures/smb311-aes-128-gcm.pcap.gz diff --git a/test/suite_decryption.py b/test/suite_decryption.py index 06cca6367e..568e095a43 100644 --- a/test/suite_decryption.py +++ b/test/suite_decryption.py @@ -1107,3 +1107,17 @@ class case_decrypt_smb2(subprocesstest.SubprocessTestCase): '-Y', 'smb2.tree == "{}"'.format(tree.replace('\\', '\\\\')), )) self.assertEqual(tree, proc.stdout_str.strip()) + + def test_smb311_aes128gcm(self, cmd_tshark, capture_file): + '''Check SMB 3.1.1 AES128GCM decryption.''' + sesid = '3900000000400000' + seskey = 'e79161ded03bda1449b2c8e58f753953' + tree = r'\\dfsroot1.foo.test\IPC$' + proc = self.assertRun((cmd_tshark, + '-r', capture_file('smb311-aes-128-gcm.pcap.gz'), + '-o', 'uat:smb2_seskey_list:{},{}'.format(sesid, seskey), + '-Tfields', + '-e', 'smb2.tree', + '-Y', 'smb2.tree == "{}"'.format(tree.replace('\\', '\\\\')), + )) + self.assertEqual(tree, proc.stdout_str.strip()) |