Home       Trees       Indices       Help   
Package pike :: Package test :: Module test_smb3_encryption_vector
[hide private]
[frames] | no frames]

Source Code for Module pike.test.test_smb3_encryption_vector

  1  # test vectors from Microsoft openspecification group 
  2  # SMB 3.0 Encryption: https://blogs.msdn.microsoft.com/openspecification/2012/10/05/encryption-in-smb-3-0-a-protocol-perspective/ 
  3  # SMB 3.1.1 Encryption: https://blogs.msdn.microsoft.com/openspecification/2015/09/09/smb-3-1-1-encryption-in-windows-10/ 
  4  # SMB 3.1.1 Pre-auth integrity: https://blogs.msdn.microsoft.com/openspecification/2015/08/11/smb-3-1-1-pre-authentication-integrity-in-windows-10/ 
  5  import array 
  6  import unittest as unt 
  7  import pike.crypto as crypto 
  8  import pike.digest as digest 
  9  import pike.netbios as netbios 
 10  import pike.smb2 as smb2 
 11  from binascii import unhexlify, hexlify 
 12   

 13 -class bogus_connection(object): 

 14 -    def signing_key(self, *args, **kwds): 

 15          return self._signing_key 

 16   

 17 -    def encryption_context(self, *args, **kwds): 

 18          return self._encryption_context 

 19   

 20 -    def signing_digest(self, *args, **kwds): 

 21          return digest.aes128_cmac 

 22   

 23 -class bogus_300_connection(bogus_connection): 

 24 -    def __init__(self, session_key): 

 25          self._signing_key = digest.derive_key( 
 26                  session_key, 
 27                  'SMB2AESCMAC', 
 28                  'SmbSign\0')[:16] 
 29          self._encryption_context = crypto.EncryptionContext( 
 30                  crypto.CryptoKeys300(session_key), 
 31                  [crypto.SMB2_AES_128_CCM]) 

 32   

 33 -class bogus_311_connection(bogus_connection): 

 34 -    def __init__(self, session_key, pre_auth_integrity_value, ciphers): 

 35          self._signing_key = digest.derive_key( 
 36                  session_key, 
 37                  'SMBSigningKey', 
 38                  pre_auth_integrity_value)[:16] 
 39          self._encryption_context = crypto.EncryptionContext( 
 40                  crypto.CryptoKeys311(session_key, 
 41                                       pre_auth_integrity_value), 
 42                  ciphers) 

 43   

 44 -class PAIntegrity(object): 

 45 -    def __init__(self): 

 46          self.hash = array.array('B', "\0"*64) 

 47 -    def update(self, data): 

 48          self.hash = digest.smb3_sha512( 
 49              self.hash + 
 50              data) 

 51   

 52 -class TestVector(unt.TestCase): 

 53 -    def test_pre_auth_integrity(self): 

 54          h = PAIntegrity() 
 55          negotiate_request = array.array('B', unhexlify( 
 56              "FE534D4240000100000000000000800000000000000000000100000000000000FFFE000000000000" 
 57              "00000000000000000000000000000000000000000000000024000500000000003F000000ECD86F32" 
 58              "6276024F9F7752B89BB33F3A70000000020000000202100200030203110300000100260000000000" 
 59              "010020000100FA49E6578F1F3A9F4CD3E9CC14A67AA884B3D05844E0E5A118225C15887F32FF0000" 
 60              "0200060000000000020002000100")) 
 61          h.update(negotiate_request) 
 62          exp_pae_1 = array.array('B', unhexlify( 
 63              "DD94EFC5321BB618A2E208BA8920D2F422992526947A409B5037DE1E0FE8C7362B8C47122594CDE0" 
 64              "CE26AA9DFC8BCDBDE0621957672623351A7540F1E54A0426")) 
 65          self.assertEqual(h.hash, exp_pae_1) 
 66          negotiate_response = array.array('B', unhexlify( 
 67              "FE534D4240000100000000000000010001000000000000000100000000000000FFFE000000000000" 
 68              "000000000000000000000000000000000000000000000000410001001103020039CBCAF329714942" 
 69              "BDCE5D60F09AB3FB2F000000000080000000800000008000D8DAE5ADCBAED00109094AB095AED001" 
 70              "80004001C00100006082013C06062B0601050502A08201303082012CA01A3018060A2B0601040182" 
 71              "3702021E060A2B06010401823702020AA282010C048201084E45474F455854530100000000000000" 
 72              "60000000700000007C7CC0FD06D6362D02DDE1CF343BFE292900F49750B4AA97934D9C4296B26E51" 
 73              "FD370471B235E15A50DAE15BD5489C87000000000000000060000000010000000000000000000000" 
 74              "5C33530DEAF90D4DB2EC4AE3786EC3084E45474F4558545303000000010000004000000098000000" 
 75              "7C7CC0FD06D6362D02DDE1CF343BFE295C33530DEAF90D4DB2EC4AE3786EC3084000000058000000" 
 76              "3056A05430523027802530233121301F06035504031318546F6B656E205369676E696E6720507562" 
 77              "6C6963204B65793027802530233121301F06035504031318546F6B656E205369676E696E67205075" 
 78              "626C6963204B6579010026000000000001002000010060A3C3B95C3C7CCD51EC536648D9B3AC74C4" 
 79              "83CA5B65385A251117BEB30712E50000020004000000000001000200")) 
 80          h.update(negotiate_response) 
 81          exp_pae_2 = array.array('B', unhexlify( 
 82              "324BFA92A4F3A190E466EBEA08D9C110DC88BFED758D9846ECC6F541CC1D02AE3C94A79F36011E99" 
 83              "7E13F841B91B50957AD07B19C8E2539C0B23FDAE09D2C513")) 
 84          self.assertEqual(h.hash, exp_pae_2) 
 85          session_setup_request = array.array('B', unhexlify( 
 86              "FE534D4240000100000000000100800000000000000000000200000000000000FFFE000000000000" 
 87              "00000000000000000000000000000000000000000000000019000001010000000000000058004A00" 
 88              "0000000000000000604806062B0601050502A03E303CA00E300C060A2B06010401823702020AA22A" 
 89              "04284E544C4D5353500001000000978208E200000000000000000000000000000000060380250000" 
 90              "000F")) 
 91          h.update(session_setup_request) 
 92          exp_pae_3 = array.array('B', unhexlify( 
 93              "AC0B0F2B9986257700365E416D142A6EDC96DF03594A19E52A15F6BD0D041CD5D432F8ED42C55E33" 
 94              "197A50C9EC00F1462B50C592211B1471A04B56088FDFD5F9")) 
 95          self.assertEqual(h.hash, exp_pae_3) 
 96          session_setup_response = array.array('B', unhexlify( 
 97              "FE534D4240000100160000C00100010001000000000000000200000000000000FFFE000000000000" 
 98              "190000000010000000000000000000000000000000000000090000004800B300A181B03081ADA003" 
 99              "0A0101A10C060A2B06010401823702020AA281970481944E544C4D53535000020000000C000C0038" 
100              "00000015828AE20D1D8BA31179D008000000000000000050005000440000000A0092270000000F53" 
101              "005500540033003100310002000C0053005500540033003100310001000C00530055005400330031" 
102              "00310004000C0053005500540033003100310003000C0053005500540033003100310007000800A1" 
103              "A1F5ADCBAED00100000000")) 
104          h.update(session_setup_response) 
105          exp_pae_4 = array.array('B', unhexlify( 
106              "2729E3440DFDDD839E37193F6E8F20C20CEFB3469E453A70CD980EEC06B8835740A7376008563336" 
107              "4C8989895ECE81BF102DEEB14D4B7D48AFA76901A7A38387")) 
108          self.assertEqual(h.hash, exp_pae_4) 
109          session_setup_response2 = array.array('B', unhexlify( 
110              "FE534D4240000100000000000100800000000000000000000300000000000000FFFE000000000000" 
111              "1900000000100000000000000000000000000000000000001900000101000000000000005800CF01" 
112              "0000000000000000A18201CB308201C7A0030A0101A28201AA048201A64E544C4D53535000030000" 
113              "001800180090000000EE00EE00A80000000C000C00580000001A001A0064000000120012007E0000" 
114              "001000100096010000158288E2060380250000000FECAC77A5F385A8BF9C38C706EEEDDCD3530055" 
115              "005400330031003100610064006D0069006E006900730074007200610074006F0072004400520049" 
116              "0056004500520033003100310000000000000000000000000000000000000000000000000063078E" 
117              "B639FE03E20A231C3AE3BF23080101000000000000A1A1F5ADCBAED001BC4AD05F223CC90F000000" 
118              "0002000C0053005500540033003100310001000C0053005500540033003100310004000C00530055" 
119              "00540033003100310003000C0053005500540033003100310007000800A1A1F5ADCBAED001060004" 
120              "00020000000800300030000000000000000000000000300000B61FEFCAA857EA57BF1EDCEBF8974B" 
121              "8E0EBA5A6DFD9D07A31D11B548F8C9D0CC0A00100000000000000000000000000000000000090016" 
122              "0063006900660073002F005300550054003300310031000000000000000000000000003B9BDFF38F" 
123              "5EE8F9663F11A0F4C03A78A31204100100000063775A9A5FD97F0600000000")) 
124          h.update(session_setup_response2) 
125          exp_pae_5 = array.array('B', unhexlify( 
126              "0DD13628CC3ED218EF9DF9772D436D0887AB9814BFAE63A80AA845F36909DB7928622DDDAD522D97" 
127              "51640A459762C5A9D6BB084CBB3CE6BDADEF5D5BCE3C6C01")) 
128          self.assertEqual(h.hash, exp_pae_5) 
129          session_key = array.array('B', unhexlify("270E1BA896585EEB7AF3472D3B4C75A7")) 
130          signing_key = digest.derive_key( 
131                  session_key, 
132                  'SMBSigningKey', 
133                  h.hash)[:16] 
134          exp_signing_key = array.array('B', unhexlify("73FE7A9A77BEF0BDE49C650D8CCB5F76")) 
135          self.assertEqual(signing_key, exp_signing_key) 

136   

137 -    def test_encryption_smb_300(self): 

138          session_key = array.array('B', unhexlify("B4546771B515F766A86735532DD6C4F0")) 
139          session_id = 0x8e40014000011 
140          conn = bogus_300_connection(session_key) 
141          exp_encryption_key = unhexlify("261B72350558F2E9DCF613070383EDBF") 
142          self.assertEqual(conn.encryption_context().keys.encryption, 
143                           exp_encryption_key) 
144   
145          # construct the request 
146          nb = netbios.Netbios() 
147          th = crypto.TransformHeader(nb) 
148          th.nonce = array.array('B', unhexlify("66E69A111892584FB5ED524A744DA3EE")) 
149          th.session_id = session_id 
150          th.encryption_context = conn.encryption_context() 
151   
152          smb_packet = smb2.Smb2(nb, conn) 
153          smb_packet.credit_charge = 1 
154          smb_packet.credit_request = 64 
155          smb_packet.channel_sequence = 0 
156          smb_packet.flags = smb2.SMB2_FLAGS_SIGNED 
157          smb_packet.message_id = 4 
158          smb_packet.tree_id = 1 
159          smb_packet.signature = "\0"*16 
160          smb_packet.session_id = session_id 
161          write_req = smb2.WriteRequest(smb_packet) 
162          write_req.file_id = (0x200003900000115, 0x23900000001) 
163          write_req.buffer = "Smb3 encryption testing" 
164          write_req.write_channel_info_offset = 0x70 
165   
166          exp_serialized = array.array('B', unhexlify( 
167              "FE534D4240000100000000000900400008000000000000000400000000000000" 
168              "FFFE0000010000001100001400E4080000000000000000000000000000000000" 
169              "3100700017000000000000000000000015010000390000020100000039020000" 
170              "00000000000000007000000000000000536D623320656E6372797074696F6E20" 
171              "74657374696E67")) 
172          serialized = smb_packet.serialize() 
173          self.assertEqual(serialized, exp_serialized) 
174   
175          transformed_serial = th.serialize() 
176   
177          exp_encrypted = array.array('B', unhexlify( 
178              "25C8FEE16605A437832D1CD52DA9F4645333482A175FE5384563F45FCDAFAEF3" 
179              "8BC62BA4D5C62897996625A44C29BE5658DE2E6117585779E7B59FFD971278D0" 
180              "8580D7FA899E410E910EABF5AA1DB43050B33B49182637759AC15D84BFCDF5B6" 
181              "B238993C0F4CF4D6012023F6C627297075D84B7803912D0A9639634453595EF3" 
182              "E33FFE4E7AC2AB")) 
183          self.assertEqual(th.ciphertext, exp_encrypted) 
184   
185          exp_transformed = array.array('B', unhexlify( 
186              "FD534D4281A286535415445DAE393921E44FA42E66E69A111892584FB5ED524A" 
187              "744DA3EE87000000000001001100001400E4080025C8FEE16605A437832D1CD5" 
188              "2DA9F4645333482A175FE5384563F45FCDAFAEF38BC62BA4D5C62897996625A4" 
189              "4C29BE5658DE2E6117585779E7B59FFD971278D08580D7FA899E410E910EABF5" 
190              "AA1DB43050B33B49182637759AC15D84BFCDF5B6B238993C0F4CF4D6012023F6" 
191              "C627297075D84B7803912D0A9639634453595EF3E33FFE4E7AC2AB")) 
192          self.assertEqual(transformed_serial, exp_transformed) 

193   

194 -    def test_decryption_smb_300(self): 

195          session_key = array.array('B', unhexlify("B4546771B515F766A86735532DD6C4F0")) 
196          session_id = 0x8e40014000011 
197          conn = bogus_300_connection(session_key) 
198          exp_decryption_key = unhexlify("8FE2B57EC34D2DB5B1A9727F526BBDB5") 
199          self.assertEqual(conn.encryption_context().keys.decryption, 
200                           exp_decryption_key) 
201          transform_message = array.array('B', unhexlify( 
202              "FD534D42A6015530A18F6D9AFFE22AFAE8E66484860000000000000011000014" 
203              "00E4080050000000000001001100001400E40800DBF46435C5F14169293CE079" 
204              "E344479BF670227E49873F458672C3098DAC467DD5809F369D67409166515787" 
205              "1483E01F7BECD02064EAC3E235F913668BBC2F097980D4B378F1993EFF6E60D1" 
206              "77309E5B")) 
207          nb = netbios.Netbios() 
208          th = crypto.TransformHeader(nb) 
209          th.encryption_context = conn.encryption_context() 
210          th.parse(transform_message) 
211          exp_smb_message = array.array('B', unhexlify( 
212              "FE534D4240000100000000000900210009000000000000000400000000000000" 
213              "FFFE0000010000001100001400E4080000000000000000000000000000000000" 
214              "11000000170000000000000000000000")) 
215          self.assertEqual(nb[0].buf, exp_smb_message) 

216   

217 -    def test_encryption_smb_311(self): 

218          session_key = array.array('B', unhexlify("419FDDF34C1E001909D362AE7FB6AF79")) 
219          pre_auth_integrity_hash = array.array('B', unhexlify( 
220              "B23F3CBFD69487D9832B79B1594A367CDD950909B774C3A4C412B4FCEA9EDDDBA7DB256BA2EA30E9" 
221              "77F11F9B113247578E0E915C6D2A513B8F2FCA5707DC8770")) 
222          session_id = 0x100000000025 
223          ciphers = [crypto.SMB2_AES_128_GCM] 
224          conn = bogus_311_connection(session_key, 
225                                      pre_auth_integrity_hash, 
226                                      ciphers) 
227          exp_encryption_key = unhexlify("A2F5E80E5D59103034F32E52F698E5EC") 
228          self.assertEqual(conn.encryption_context().keys.encryption, 
229                           exp_encryption_key) 
230   
231          # construct the request 
232          nb = netbios.Netbios() 
233          th = crypto.TransformHeader(nb) 
234          th.nonce = array.array('B', unhexlify("C7D6822D269CAF48904C664C")) 
235          th.session_id = session_id 
236          th.encryption_context = conn.encryption_context() 
237   
238          smb_packet = smb2.Smb2(nb, conn) 
239          smb_packet.credit_charge = 1 
240          smb_packet.credit_request = 1 
241          smb_packet.channel_sequence = 0 
242          smb_packet.flags = smb2.SMB2_FLAGS_SIGNED 
243          smb_packet.message_id = 5 
244          smb_packet.tree_id = 1 
245          smb_packet.signature = "\0"*16 
246          smb_packet.session_id = session_id 
247          write_req = smb2.WriteRequest(smb_packet) 
248          write_req.file_id = (0x400000006, 0x400000001) 
249          write_req.buffer = "Smb3 encryption testing" 
250          write_req.write_channel_info_offset = 0x70 
251   
252          exp_serialized = array.array('B', unhexlify( 
253              "FE534D4240000100000000000900010008000000000000000500000000000000FFFE000001000000" 
254              "25000000001000000000000000000000000000000000000031007000170000000000000000000000" 
255              "0600000004000000010000000400000000000000000000007000000000000000536D623320656E63" 
256              "72797074696F6E2074657374696E67")) 
257          serialized = smb_packet.serialize() 
258          self.assertEqual(serialized, exp_serialized) 
259   
260          transformed_serial = th.serialize() 
261   
262          exp_encrypted = array.array('B', unhexlify( 
263              "6ECDD2A7AFC7B47763057A041B8FD4DAFFE990B70C9E09D36C084E02D14EF247F8BDE38ACF6256F8" 
264              "B1D3B56F77FBDEB312FEA5E92CBCC1ED8FB2EBBFAA75E49A4A394BB44576545567C24D4C014D47C9" 
265              "FBDFDAFD2C4F9B72F8D256452620A299F48E29E53D6B61D1C13A19E91AF013F00D17E3ABC2FC3D36" 
266              "C8C1B6B93973253852DBD442E46EE8")) 
267          self.assertEqual(th.ciphertext, exp_encrypted) 
268   
269          exp_transformed = array.array('B', unhexlify( 
270              "FD534D42BD73D97D2BC9001BCAFAC0FDFF5FEEBCC7D6822D269CAF48904C664C0000000087000000" 
271              "0000010025000000001000006ECDD2A7AFC7B47763057A041B8FD4DAFFE990B70C9E09D36C084E02" 
272              "D14EF247F8BDE38ACF6256F8B1D3B56F77FBDEB312FEA5E92CBCC1ED8FB2EBBFAA75E49A4A394BB4" 
273              "4576545567C24D4C014D47C9FBDFDAFD2C4F9B72F8D256452620A299F48E29E53D6B61D1C13A19E9" 
274              "1AF013F00D17E3ABC2FC3D36C8C1B6B93973253852DBD442E46EE8")) 
275          self.assertEqual(transformed_serial, exp_transformed) 

276   

277 -    def test_decryption_smb_311(self): 

278          session_key = array.array('B', unhexlify("419FDDF34C1E001909D362AE7FB6AF79")) 
279          pre_auth_integrity_hash = array.array('B', unhexlify( 
280              "B23F3CBFD69487D9832B79B1594A367CDD950909B774C3A4C412B4FCEA9EDDDBA7DB256BA2EA30E9" 
281              "77F11F9B113247578E0E915C6D2A513B8F2FCA5707DC8770")) 
282          session_id = 0x100000000025 
283          ciphers = [crypto.SMB2_AES_128_GCM] 
284          conn = bogus_311_connection(session_key, 
285                                      pre_auth_integrity_hash, 
286                                      ciphers) 
287          exp_decryption_key = unhexlify("748C50868C90F302962A5C35F5F9A8BF") 
288          self.assertEqual(conn.encryption_context().keys.decryption, 
289                           exp_decryption_key) 
290   
291          transform_message = array.array('B', unhexlify( 
292              "FD534D42ACBE1CB7ED343ADF1725EF144D90D4B0E06831DD2E8EB7B4000000000000000050000000" 
293              "00000100250000000010000026BBBF949983A6C1C796559D0F2C510CB651D1F7B6AC8DED32A2A0B8" 
294              "F2D793A815C6F6B848D69767A215841A42D400AE6DDB5F0B44173A014973321FDD7950DA6179159B" 
295              "82E03C9E18A050FF0EA1C967")) 
296          nb = netbios.Netbios() 
297          th = crypto.TransformHeader(nb) 
298          th.encryption_context = conn.encryption_context() 
299          th.parse(transform_message) 
300          exp_smb_message = array.array('B', unhexlify( 
301              "FE534D4240000100000000000900010001000000000000000500000000000000FFFE000001000000" 
302              "25000000001000000000000000000000000000000000000011000000170000000000000000000000")) 
303          self.assertEqual(nb[0].buf, exp_smb_message) 

304   
305  if __name__ == "__main__": 
306      unt.main() 
307

   Home       Trees       Indices       Help   
Generated by Epydoc 3.0.1 on Thu Jun 29 08:51:24 2017 http://epydoc.sourceforge.net