Commit Graph

9182 Commits

Author SHA1 Message Date
Shreya Malviya 4d31e0d56e Island: Switch back to using secrets for encryption key generation instead of cryptography.fernet in DataStoreEncryptor and RepositoryEncryptor 2022-07-19 19:17:18 +05:30
Shreya Malviya d022c65439 Island: Fix imports in encryption_key_types.py and key_based_encryptor.py 2022-07-19 19:17:18 +05:30
Shreya Malviya 80104381d7 Island: Use EncryptionKey32Bytes in KeyBasedEncryptor 2022-07-19 19:17:18 +05:30
Shreya Malviya 4e755bbd2f Island: Move SizeError to its own file 2022-07-19 19:17:18 +05:30
Shreya Malviya 0111dea47f Island: Move EncryptionKey32Bytes to its own file 2022-07-19 19:17:18 +05:30
Shreya Malviya d55e7b1455 Island: Create custom type EncryptionKey32Bit 2022-07-19 19:17:18 +05:30
Shreya Malviya cbe842029a Island: Add details about what kind of key is acceptable in KeyBasedEncryptor 2022-07-19 19:17:18 +05:30
Shreya Malviya bd1c788a4c Island: Add docstrings to KeyBasedEncryptor 2022-07-19 19:17:18 +05:30
Shreya Malviya ca420b8afc UT: Modify test_key_based_encryptor so it doesn't rely on KeyBasedEncryptor._BLOCK_SIZE 2022-07-19 19:17:18 +05:30
Shreya Malviya 24a119eb81 Island: Remove ununsed _BLOCK_SIZE variable from KeyBasedEncryptor 2022-07-19 19:17:18 +05:30
Shreya Malviya 978057b289 Project: Remove pycryptodome as an Island dependency 2022-07-19 19:17:17 +05:30
Shreya Malviya 53e366a677 Island: Remove unused _KEY_LENGTH_BYTES variables from DataStoreEncryptor and RepositoryEncryptor 2022-07-19 14:51:58 +05:30
Shreya Malviya f8eeda1e6f Island: Use cryptography.fernet to generate key in DataStoreEncryptor
and RepositoryEncryptor

We changed our encryption code to use cryptography.fernet instead of
pycryptodome. Using secrets.token_bytes() with fernet was causing
padding and encoding issues. This is a quicker and easier solution, and
also probably more reliable since everything to do with encryption is
from the same module now.
2022-07-19 14:51:58 +05:30
Shreya Malviya 5eb77dcbb6 UT: Change key in test_key_based_encryptor.py to be URL safe (cryptography.fernet requires this) 2022-07-19 14:51:58 +05:30
Shreya Malviya f542c9d0a8 Island: Fix KeyBasedEncryptor's encrypt function's logic 2022-07-19 14:51:58 +05:30
Shreya Malviya 637926ed09 Island: Extract fernet_object to an object variable in KeyBasedEncryptor 2022-07-19 14:51:58 +05:30
Shreya Malviya 373d34dce6 Island: Use cryptography.fernet for encryption in KeyBasedEncryptor 2022-07-19 14:51:58 +05:30
Shreya Malviya c1449fb897 Island: Remove TODO comment about using cryptography.fernet 2022-07-19 14:51:58 +05:30
Shreya Malviya 09e57541cc Project: Update Island dependencies to add `cryptography` 2022-07-19 14:51:58 +05:30
Shreya Malviya c12e281e4e Island: Use secrets instead of Crypto (pycryptodome) in DataStoreEncryptor 2022-07-19 14:51:58 +05:30
ilija-lazoroski 7456ef6b05
Merge pull request #2100 from guardicore/2092-remove-single-tests
2092 remove single tests
2022-07-18 21:02:54 +02:00
Mike Salvatore ea1dc930a1 BB: Remove "single_tests" subpackage 2022-07-18 13:08:29 -04:00
Mike Salvatore cf45ae4c3e BB: Remove "grouped" subpackage 2022-07-18 13:07:18 -04:00
Mike Salvatore c1073bd1ea BB: Remove unused "single_tests" 2022-07-18 13:06:00 -04:00
Mike Salvatore 70f3506317 BB: Remove test_blackbox_in_depth.py 2022-07-18 13:02:19 -04:00
Mike Salvatore 4e11ed2816
Merge pull request #2099 from guardicore/2072-credentials-store-fix
2072 credentials store fix
2022-07-18 11:07:38 -04:00
Mike Salvatore dde3fd3476 UT: Parametrize test_get_credentials_from_store() 2022-07-18 10:30:52 -04:00
Mike Salvatore ebc854735e Agent: Use new Credentials objects in AggregatingCredentialsStore 2022-07-18 10:22:14 -04:00
Mike Salvatore ef4fbb30cc Agent: Use new credentials format in ControlChannel 2022-07-18 09:55:08 -04:00
Mike Salvatore 19a7bfd8e6
Merge pull request #2098 from guardicore/2072-simplify-credentials
2072 simplify credentials
2022-07-18 09:35:54 -04:00
Mike Salvatore e5d3271b74 UT: Use Credentials.to_mapping() in test_credential_telem_send() 2022-07-18 09:23:21 -04:00
Mike Salvatore 068dbbe963 Agent: Extract methods to clean up AggregatingCredentialsStore 2022-07-18 09:14:51 -04:00
Mike Salvatore 7c920cced3 Agent: Fix identity logic in AggregatingCredentialsStore 2022-07-18 09:07:11 -04:00
Mike Salvatore 9edfe6979b Agent: Capture secrets if missing username in SSHCredentialCollector 2022-07-18 08:53:36 -04:00
Mike Salvatore d5a125d985 Agent: Capture username even if no secrets are associated 2022-07-18 08:46:07 -04:00
Mike Salvatore c144ad9e64 Agent: Fix "new user" logic in MimikatzCredentialCollector
Neither Passwords nor hashes should be included for and users that
Infection Monkey creates.
2022-07-18 08:42:31 -04:00
Mike Salvatore cb9f43d242 Agent: Fix type hint in MimikatzCredentialCollector 2022-07-18 08:27:32 -04:00
Mike Salvatore 302803b779 Agent: Improve variable names in MimikatzCredentialCollector 2022-07-18 08:27:08 -04:00
Mike Salvatore acf12c2de1 Common: Simplify _make_credentials() 2022-07-18 08:14:01 -04:00
Mike Salvatore 9e7963afc0 Common: Simplify _serialize_credentials() 2022-07-18 08:13:09 -04:00
Ilija Lazoroski 575fff0cdb Agent: Simplify credentials object in MimikatzCredentialCollector 2022-07-18 11:49:44 +02:00
Ilija Lazoroski 2cb6c60866 UT: Fix credentials intercepting telemetry messenger tests 2022-07-18 11:47:49 +02:00
Ilija Lazoroski 0f2fc0902f Agent: Simplify credentials object in aggregating credentials store 2022-07-18 11:32:12 +02:00
Ilija Lazoroski f421f42604 Agent: Simplify credentials in ssh credentials collector 2022-07-18 11:32:12 +02:00
Mike Salvatore 213b161d1a Common: Fix type hints in credentials.py 2022-07-15 12:34:42 -04:00
Mike Salvatore 62ce91b59b Common: Prevent invalid Credentials objects from being constructed 2022-07-15 12:19:12 -04:00
Mike Salvatore 19a720898e Island: Handle encryption/decryption of None credential components 2022-07-15 11:36:07 -04:00
Mike Salvatore 2af713dabd Common: Allow identities or secrets to be None
It's possible that credentials are stolen and an identity/secret
association can not be made. For example, a list of usernames can be
acquired by `ls /home`, but no passwords will be retrieved this way.
Credentials(identity=Username("username"), secret=None) will represent
this case.
2022-07-15 10:50:25 -04:00
Mike Salvatore e3b23993fa Common: Add type hints to dicts in credentials.py 2022-07-15 10:44:14 -04:00
Mike Salvatore 63731b8334 UT: Test identity/password combos in test_credentials.py 2022-07-15 10:44:14 -04:00