def encrypt_ike_msg(self, header, plain, first_payload): if self.sa.ike_crypto == 'AES-GCM-16ICV': data = self.sa.ike_crypto_alg.pad(raw(plain)) plen = len(data) + GCM_IV_SIZE + GCM_ICV_SIZE +\ len(ikev2.IKEv2_payload_Encrypted()) tlen = plen + len(ikev2.IKEv2()) # prepare aad data sk_p = ikev2.IKEv2_payload_Encrypted(next_payload=first_payload, length=plen) header.length = tlen res = header / sk_p encr = self.sa.encrypt(raw(plain), raw(res)) sk_p = ikev2.IKEv2_payload_Encrypted(next_payload=first_payload, length=plen, load=encr) res = header / sk_p else: encr = self.sa.encrypt(raw(plain)) trunc_len = self.sa.ike_integ_alg.trunc_len plen = len(encr) + len(ikev2.IKEv2_payload_Encrypted()) + trunc_len tlen = plen + len(ikev2.IKEv2()) sk_p = ikev2.IKEv2_payload_Encrypted(next_payload=first_payload, length=plen, load=encr) header.length = tlen res = header / sk_p integ_data = raw(res) hmac_data = self.sa.compute_hmac(self.sa.ike_integ_alg.mod(), self.sa.my_authkey, integ_data) res = res / Raw(hmac_data[:trunc_len]) assert (len(res) == tlen) return res
def hmac_and_decrypt(self, ike): ep = ike[ikev2.IKEv2_payload_Encrypted] if self.ike_crypto == 'AES-GCM-16ICV': aad_len = len(ikev2.IKEv2_payload_Encrypted()) + len(ikev2.IKEv2()) ct = ep.load[:-GCM_ICV_SIZE] tag = ep.load[-GCM_ICV_SIZE:] return self.decrypt(ct, raw(ike)[:aad_len], tag) else: self.verify_hmac(raw(ike)) integ_trunc = self.ike_integ_alg.trunc_len # remove ICV and decrypt payload ct = ep.load[:-integ_trunc] return self.decrypt(ct)
def hmac_and_decrypt(self, ike): ep = ike[ikev2.IKEv2_payload_Encrypted] self.verify_hmac(raw(ike)) integ_trunc = self.ike_integ_alg.trunc_len # remove ICV and decrypt payload ct = ep.load[:-integ_trunc] return self.decrypt(ct)
def verify_and_remove_non_esp_marker(self, packet): if self.sa.natt: # if we are in nat traversal mode check for non esp marker # and remove it data = raw(packet) self.assertEqual(data[:4], b'\x00' * 4) return ikev2.IKEv2(data[4:]) else: return packet
def auth_init(self): prf = self.ike_prf_alg.mod() authmsg = self.generate_authmsg(prf, raw(self.init_req_packet)) if self.auth_method == 'shared-key': psk = self.calc_prf(prf, self.auth_data, KEY_PAD) self.auth_data = self.calc_prf(prf, psk, authmsg) elif self.auth_method == 'rsa-sig': self.auth_data = self.priv_key.sign(authmsg, padding.PKCS1v15(), hashes.SHA1()) else: raise TypeError('unknown auth method type!')
def vrrp_adv_packet(self, prio=None, src_ip=None): dst_ip = self._adv_dest_ip if prio is None: prio = self._prio eth = Ether(dst=self._adv_dest_mac, src=self._virtual_mac) vrrp = VRRPv3(vrid=self._vr_id, priority=prio, ipcount=len(self._vips), adv=self._intvl) if self._is_ipv6: src_ip = (self._intf.local_ip6_ll if src_ip is None else src_ip) ip = IPv6(src=src_ip, dst=dst_ip, nh=IPPROTO_VRRP, hlim=255) vrrp.addrlist = self._vips else: src_ip = (self._intf.local_ip4 if src_ip is None else src_ip) ip = IP(src=src_ip, dst=dst_ip, proto=IPPROTO_VRRP, ttl=255, id=0) vrrp.addrlist = self._vips # Fill in default values & checksums pkt = Ether(raw(eth / ip / vrrp)) return pkt
def send_sa_auth(self): tr_attr = self.sa.esp_crypto_attr() trans = ( ikev2.IKEv2_payload_Transform(transform_type='Encryption', transform_id=self.sa.esp_crypto, length=tr_attr[1], key_length=tr_attr[0]) / ikev2.IKEv2_payload_Transform(transform_type='Integrity', transform_id=self.sa.esp_integ) / ikev2.IKEv2_payload_Transform( transform_type='Extended Sequence Number', transform_id='No ESN') / ikev2.IKEv2_payload_Transform( transform_type='Extended Sequence Number', transform_id='ESN')) props = (ikev2.IKEv2_payload_Proposal(proposal=1, proto='ESP', SPIsize=4, SPI=os.urandom(4), trans_nb=4, trans=trans)) tsi, tsr = self.sa.generate_ts() plain = (ikev2.IKEv2_payload_IDi( next_payload='IDr', IDtype=self.sa.id_type, load=self.sa.i_id) / ikev2.IKEv2_payload_IDr(next_payload='AUTH', IDtype=self.sa.id_type, load=self.sa.r_id) / ikev2.IKEv2_payload_AUTH(next_payload='SA', auth_type=AuthMethod.value( self.sa.auth_method), load=self.sa.auth_data) / ikev2.IKEv2_payload_SA(next_payload='TSi', prop=props) / ikev2.IKEv2_payload_TSi(next_payload='TSr', number_of_TSs=len(tsi), traffic_selector=tsi) / ikev2.IKEv2_payload_TSr(next_payload='Notify', number_of_TSs=len(tsr), traffic_selector=tsr) / ikev2.IKEv2_payload_Notify(type='INITIAL_CONTACT')) if self.sa.ike_crypto == 'AES-GCM-16ICV': data = self.sa.ike_crypto_alg.pad(raw(plain)) plen = len(data) + GCM_IV_SIZE + GCM_ICV_SIZE +\ len(ikev2.IKEv2_payload_Encrypted()) tlen = plen + len(ikev2.IKEv2()) # prepare aad data sk_p = ikev2.IKEv2_payload_Encrypted(next_payload='IDi', length=plen) sa_auth = (ikev2.IKEv2(init_SPI=self.sa.ispi, resp_SPI=self.sa.rspi, id=1, length=tlen, flags='Initiator', exch_type='IKE_AUTH')) sa_auth /= sk_p encr = self.sa.encrypt(raw(plain), raw(sa_auth)) sk_p = ikev2.IKEv2_payload_Encrypted(next_payload='IDi', length=plen, load=encr) sa_auth = (ikev2.IKEv2(init_SPI=self.sa.ispi, resp_SPI=self.sa.rspi, id=1, length=tlen, flags='Initiator', exch_type='IKE_AUTH')) sa_auth /= sk_p else: encr = self.sa.encrypt(raw(plain)) trunc_len = self.sa.ike_integ_alg.trunc_len plen = len(encr) + len(ikev2.IKEv2_payload_Encrypted()) + trunc_len tlen = plen + len(ikev2.IKEv2()) sk_p = ikev2.IKEv2_payload_Encrypted(next_payload='IDi', length=plen, load=encr) sa_auth = (ikev2.IKEv2(init_SPI=self.sa.ispi, resp_SPI=self.sa.rspi, id=1, length=tlen, flags='Initiator', exch_type='IKE_AUTH')) sa_auth /= sk_p integ_data = raw(sa_auth) hmac_data = self.sa.compute_hmac(self.sa.ike_integ_alg.mod(), self.sa.my_authkey, integ_data) sa_auth = sa_auth / Raw(hmac_data[:trunc_len]) assert (len(sa_auth) == tlen) packet = self.create_ike_msg(self.pg0, sa_auth, self.sa.sport, self.sa.dport, self.sa.natt) self.pg0.add_stream(packet) self.pg0.enable_capture() self.pg_start() capture = self.pg0.get_capture(1) self.verify_sa_auth(capture[0])
def auth_init(self): prf = self.ike_prf_alg.mod() authmsg = self.generate_authmsg(prf, raw(self.init_req_packet)) psk = self.calc_prf(prf, self.auth_data, KEY_PAD) self.auth_data = self.calc_prf(prf, psk, authmsg)
def default_transform_presave(self, packet): from scapy.packet import raw from numpy import asarray hex_bytes = raw(packet) int_bytes = [int(n) for n in hex_bytes] return asarray(int_bytes).astype(int).reshape(-1)