def setUp(self):
super(TestMessage, self).setUp()
transform1 = Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA1_96)
transform2 = Transform(Transform.Type.PRF,
Transform.PrfId.PRF_HMAC_SHA1)
transform3 = Transform(Transform.Type.ENCR,
Transform.EncrId.ENCR_AES_CBC, 256)
proposal1 = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever',
[transform1, transform2, transform3])
proposal2 = Proposal(20, Proposal.Protocol.IKE, b'anotherone',
[transform3])
payload_sa = PayloadSA([proposal1, proposal2])
payload_nonce = PayloadNONCE()
payload_ke = PayloadKE(5, b'1234567890' * 10)
payload_vendor = PayloadVENDOR(b'pyikev2-test-0.1')
self.object = Message(
spi_i=b'12345678',
spi_r=b'12345678',
major=2,
minor=0,
exchange_type=Message.Exchange.IKE_SA_INIT,
is_response=False,
can_use_higher_version=False,
is_initiator=False,
message_id=0,
payloads=[payload_sa, payload_ke, payload_nonce, payload_vendor],
encrypted_payloads=[])
def setUp(self):
super(TestProposal, self).setUp()
transform1 = Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA1_96)
transform2 = Transform(Transform.Type.PRF,
Transform.PrfId.PRF_HMAC_SHA1)
self.object = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever',
[transform1, transform2])
def test_intersection(self):
proposal = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [
Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA1_96),
Transform(Transform.Type.ENCR, Transform.EncrId.ENCR_AES_CBC, 128),
Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1)
])
intersection = self.object.intersection(proposal)
self.assertEqual(intersection, self.object)
self.assertIsNone(proposal.intersection(self.object))
def test_no_spi(self):
transform1 = Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA1_96)
transform2 = Transform(Transform.Type.PRF,
Transform.PrfId.PRF_HMAC_SHA1)
proposal = Proposal(20, Proposal.Protocol.IKE, b'',
[transform1, transform2])
data = proposal.to_bytes()
proposal = Proposal.parse(data)
self.assertEqual(proposal.spi, b'')
def setUp(self):
super(TestPayloadSA, self).setUp()
transform1 = Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA1_96)
transform2 = Transform(Transform.Type.PRF,
Transform.PrfId.PRF_HMAC_SHA1)
transform3 = Transform(Transform.Type.ENCR,
Transform.EncrId.ENCR_AES_CBC, 128)
proposal1 = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever',
[transform1, transform2])
proposal2 = Proposal(20, Proposal.Protocol.IKE, b'anotherone',
[transform3])
self.object = PayloadSA([proposal1, proposal2])
def test_eq(self):
transform1 = Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA1_96)
transform2 = Transform(Transform.Type.PRF,
Transform.PrfId.PRF_HMAC_SHA1)
transform3 = Transform(Transform.Type.PRF,
Transform.PrfId.PRF_HMAC_MD5)
proposal = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever',
[transform2, transform1])
proposal2 = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever',
[transform2])
proposal3 = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever',
[transform1, transform2, transform3])
self.assertEqual(self.object, proposal)
self.assertNotEqual(self.object, proposal2)
self.assertNotEqual(self.object, proposal3)
def _load_ipsec_conf(self, ikeconf, conf_dict):
no_esn = [Transform(Transform.Type.ESN, Transform.EsnId.NO_ESN)]
ipsec_proto = self._load_from_dict(conf_dict.get('ipsec_proto', 'esp'),
_ipsec_proto_name_to_enum)
encr = self._load_crypto_algs('encr',
conf_dict.get('encr', ['aes256']),
_encr_name_to_transform)
integ = self._load_crypto_algs('integ',
conf_dict.get('integ', ['sha256']),
_integ_name_to_transform)
dh = self._load_crypto_algs('dh', conf_dict.get('dh', []),
_dh_name_to_transform)
if ipsec_proto == Proposal.Protocol.AH:
encr = []
ip_proto = self._load_from_dict(conf_dict.get('ip_proto', 'any'),
_ip_proto_name_to_enum)
my_subnet = self._load_ip_network(
conf_dict.get('my_subnet', ikeconf.my_addr))
my_port = int(conf_dict.get('my_port', 0))
peer_subnet = self._load_ip_network(
conf_dict.get('peer_subnet', ikeconf.peer_addr))
peer_port = int(conf_dict.get('peer_port', 0))
return IpsecConfiguration(
index=int(conf_dict.get('index', random.randint(0, 2**20))),
my_ts=TrafficSelector.from_network(my_subnet, my_port, ip_proto),
peer_ts=TrafficSelector.from_network(peer_subnet, peer_port,
ip_proto),
lifetime=int(conf_dict.get('lifetime', 5 * 60)),
mode=self._load_from_dict(conf_dict.get('mode', 'tunnel'),
_mode_name_to_enum),
proposal=Proposal(1, ipsec_proto, b'', encr + integ + dh + no_esn),
)
def _load_ike_conf(self, name, conf_dict, my_addresses):
encr = self._load_crypto_algs('encr',
conf_dict.get('encr', ['aes256']),
_encr_name_to_transform)
integ = self._load_crypto_algs('integ',
conf_dict.get('integ', ['sha256']),
_integ_name_to_transform)
prf = self._load_crypto_algs('prf', conf_dict.get('prf', ['sha256']),
_prf_name_to_transform)
dh = self._load_crypto_algs('dh', conf_dict.get('dh', ['14']),
_dh_name_to_transform)
ikeconf = IkeConfiguration(
name=name,
my_addr=self._load_ip_address(conf_dict['my_addr']),
peer_addr=self._load_ip_address(conf_dict['peer_addr']),
my_auth=self._load_auth_conf(conf_dict['my_auth']),
peer_auth=self._load_auth_conf(conf_dict['peer_auth']),
lifetime=int(conf_dict.get('lifetime', 15 * 60)),
dpd=int(conf_dict.get('dpd', 60)),
proposal=Proposal(1, Proposal.Protocol.IKE, b'',
encr + integ + prf + dh),
protect=[])
if ikeconf.my_addr not in my_addresses:
raise ConfigurationError(
f'Connection {name} has invalid "my_addr" {ikeconf.my_addr}. You need to listen from it'
)
for ipsecconf_dict in conf_dict['protect']:
ikeconf.protect.append(
self._load_ipsec_conf(ikeconf, ipsecconf_dict))
return ikeconf
def test_is_subset(self):
proposal = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [
Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA1_96),
Transform(Transform.Type.ENCR, Transform.EncrId.ENCR_AES_CBC, 128),
Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1)
])
self.assertTrue(self.object.is_subset(proposal))
def propose_operation(self, operation: Operation, client_address):
self.acquire_lock()
slot = self.get_next_available_slot()
proposal = Proposal(self.uid, self.view_modulo, client_address, slot,
operation)
self.accepted_proposal_buffer[slot] = proposal
self.release_lock()
return proposal
def test_encrypted(self):
transform1 = Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA2_256_128)
transform2 = Transform(Transform.Type.ENCR,
Transform.EncrId.ENCR_AES_CBC, 256)
proposal1 = Proposal(1, Proposal.Protocol.IKE, b'aspiwhatever',
[transform1, transform2])
payload_sa = PayloadSA([proposal1])
payload_nonce = PayloadNONCE(b'123456789012341232132132131')
crypto = Crypto(
Cipher(
Transform(Transform.Type.ENCR, Transform.EncrId.ENCR_AES_CBC,
256)), b'a' * 32,
Integrity(
Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA2_512_256)), b'a' * 8,
None, b'')
message = Message(spi_i=b'12345678',
spi_r=b'12345678',
major=2,
minor=0,
exchange_type=Message.Exchange.IKE_AUTH,
is_response=False,
can_use_higher_version=False,
is_initiator=False,
message_id=0,
payloads=[],
encrypted_payloads=[payload_sa, payload_nonce],
crypto=crypto)
data = message.to_bytes()
new_message = Message.parse(data, crypto=crypto)
data2 = new_message.to_bytes()
self.assertEqual(data, data2)
def test_invalid_transform_header(self):
data = self.object.to_bytes()
with self.assertRaises(InvalidSyntax):
Proposal.parse(data[:-5])
def test_no_transforms(self):
with self.assertRaises(InvalidSyntax):
Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [])
class TestProposal(TestPayloadMixin, unittest.TestCase):
def setUp(self):
super(TestProposal, self).setUp()
transform1 = Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA1_96)
transform2 = Transform(Transform.Type.PRF,
Transform.PrfId.PRF_HMAC_SHA1)
self.object = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever',
[transform1, transform2])
def test_parse_random(self):
with self.assertRaises(InvalidSyntax):
super(TestProposal, self).test_parse_random()
def test_no_transforms(self):
with self.assertRaises(InvalidSyntax):
Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [])
def test_no_spi(self):
transform1 = Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA1_96)
transform2 = Transform(Transform.Type.PRF,
Transform.PrfId.PRF_HMAC_SHA1)
proposal = Proposal(20, Proposal.Protocol.IKE, b'',
[transform1, transform2])
data = proposal.to_bytes()
proposal = Proposal.parse(data)
self.assertEqual(proposal.spi, b'')
def test_invalid_transform_header(self):
data = self.object.to_bytes()
with self.assertRaises(InvalidSyntax):
Proposal.parse(data[:-5])
def test_get_transform(self):
self.object.get_transform(Transform.Type.INTEG)
self.object.get_transforms(Transform.Type.PRF)
def test_intersection(self):
proposal = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [
Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA1_96),
Transform(Transform.Type.ENCR, Transform.EncrId.ENCR_AES_CBC, 128),
Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1)
])
intersection = self.object.intersection(proposal)
self.assertEqual(intersection, self.object)
self.assertIsNone(proposal.intersection(self.object))
def test_is_subset(self):
proposal = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [
Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA1_96),
Transform(Transform.Type.ENCR, Transform.EncrId.ENCR_AES_CBC, 128),
Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1)
])
self.assertTrue(self.object.is_subset(proposal))
def test_eq(self):
transform1 = Transform(Transform.Type.INTEG,
Transform.IntegId.AUTH_HMAC_SHA1_96)
transform2 = Transform(Transform.Type.PRF,
Transform.PrfId.PRF_HMAC_SHA1)
transform3 = Transform(Transform.Type.PRF,
Transform.PrfId.PRF_HMAC_MD5)
proposal = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever',
[transform2, transform1])
proposal2 = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever',
[transform2])
proposal3 = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever',
[transform1, transform2, transform3])
self.assertEqual(self.object, proposal)
self.assertNotEqual(self.object, proposal2)
self.assertNotEqual(self.object, proposal3)
def do_Invoke(self, sender, caller, client_id, input_value):
proposal = Proposal(caller, client_id, input_value)
slot = next((s for s, p in self.proposals.items() if p == proposal), None)
# propose, or re-propose if this proposal already has a slot
self.propose(proposal, slot)
import logging
from message import Ballot, Proposal
JOIN_RETRANSMIT = 0.7
CATCHUP_INTERVAL = 0.6
ACCEPT_RETRANSMIT = 1.0
PREPARE_RETRANSMIT = 1.0
INVOKE_RETRANSMIT = 0.5
LEADER_TIMEOUT = 1.0
NULL_BALLOT = Ballot(-1, -1)
NOOP_PROPOSAL = Proposal(None, None, None)
class SimTimeLogger(logging.LoggerAdapter):
def process(self, msg, kwargs):
return 'T=%.3f %s' % (self.extra['network'].now, msg), kwargs
def getChild(self, name):
return self.__class__(self.logger.getChild(name),
{'network': self.extra['network']})
