def setUp(self): super(TestMessage, self).setUp() transform1 = Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA1_96) transform2 = Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1) transform3 = Transform(Transform.Type.ENCR, Transform.EncrId.ENCR_AES_CBC, 256) proposal1 = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [transform1, transform2, transform3]) proposal2 = Proposal(20, Proposal.Protocol.IKE, b'anotherone', [transform3]) payload_sa = PayloadSA([proposal1, proposal2]) payload_nonce = PayloadNONCE() payload_ke = PayloadKE(5, b'1234567890' * 10) payload_vendor = PayloadVENDOR(b'pyikev2-test-0.1') self.object = Message( spi_i=b'12345678', spi_r=b'12345678', major=2, minor=0, exchange_type=Message.Exchange.IKE_SA_INIT, is_response=False, can_use_higher_version=False, is_initiator=False, message_id=0, payloads=[payload_sa, payload_ke, payload_nonce, payload_vendor], encrypted_payloads=[])
def setUp(self): super(TestProposal, self).setUp() transform1 = Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA1_96) transform2 = Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1) self.object = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [transform1, transform2])
def test_intersection(self): proposal = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [ Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA1_96), Transform(Transform.Type.ENCR, Transform.EncrId.ENCR_AES_CBC, 128), Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1) ]) intersection = self.object.intersection(proposal) self.assertEqual(intersection, self.object) self.assertIsNone(proposal.intersection(self.object))
def test_no_spi(self): transform1 = Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA1_96) transform2 = Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1) proposal = Proposal(20, Proposal.Protocol.IKE, b'', [transform1, transform2]) data = proposal.to_bytes() proposal = Proposal.parse(data) self.assertEqual(proposal.spi, b'')
def setUp(self): super(TestPayloadSA, self).setUp() transform1 = Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA1_96) transform2 = Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1) transform3 = Transform(Transform.Type.ENCR, Transform.EncrId.ENCR_AES_CBC, 128) proposal1 = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [transform1, transform2]) proposal2 = Proposal(20, Proposal.Protocol.IKE, b'anotherone', [transform3]) self.object = PayloadSA([proposal1, proposal2])
def test_eq(self): transform1 = Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA1_96) transform2 = Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1) transform3 = Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_MD5) proposal = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [transform2, transform1]) proposal2 = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [transform2]) proposal3 = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [transform1, transform2, transform3]) self.assertEqual(self.object, proposal) self.assertNotEqual(self.object, proposal2) self.assertNotEqual(self.object, proposal3)
def _load_ipsec_conf(self, ikeconf, conf_dict): no_esn = [Transform(Transform.Type.ESN, Transform.EsnId.NO_ESN)] ipsec_proto = self._load_from_dict(conf_dict.get('ipsec_proto', 'esp'), _ipsec_proto_name_to_enum) encr = self._load_crypto_algs('encr', conf_dict.get('encr', ['aes256']), _encr_name_to_transform) integ = self._load_crypto_algs('integ', conf_dict.get('integ', ['sha256']), _integ_name_to_transform) dh = self._load_crypto_algs('dh', conf_dict.get('dh', []), _dh_name_to_transform) if ipsec_proto == Proposal.Protocol.AH: encr = [] ip_proto = self._load_from_dict(conf_dict.get('ip_proto', 'any'), _ip_proto_name_to_enum) my_subnet = self._load_ip_network( conf_dict.get('my_subnet', ikeconf.my_addr)) my_port = int(conf_dict.get('my_port', 0)) peer_subnet = self._load_ip_network( conf_dict.get('peer_subnet', ikeconf.peer_addr)) peer_port = int(conf_dict.get('peer_port', 0)) return IpsecConfiguration( index=int(conf_dict.get('index', random.randint(0, 2**20))), my_ts=TrafficSelector.from_network(my_subnet, my_port, ip_proto), peer_ts=TrafficSelector.from_network(peer_subnet, peer_port, ip_proto), lifetime=int(conf_dict.get('lifetime', 5 * 60)), mode=self._load_from_dict(conf_dict.get('mode', 'tunnel'), _mode_name_to_enum), proposal=Proposal(1, ipsec_proto, b'', encr + integ + dh + no_esn), )
def _load_ike_conf(self, name, conf_dict, my_addresses): encr = self._load_crypto_algs('encr', conf_dict.get('encr', ['aes256']), _encr_name_to_transform) integ = self._load_crypto_algs('integ', conf_dict.get('integ', ['sha256']), _integ_name_to_transform) prf = self._load_crypto_algs('prf', conf_dict.get('prf', ['sha256']), _prf_name_to_transform) dh = self._load_crypto_algs('dh', conf_dict.get('dh', ['14']), _dh_name_to_transform) ikeconf = IkeConfiguration( name=name, my_addr=self._load_ip_address(conf_dict['my_addr']), peer_addr=self._load_ip_address(conf_dict['peer_addr']), my_auth=self._load_auth_conf(conf_dict['my_auth']), peer_auth=self._load_auth_conf(conf_dict['peer_auth']), lifetime=int(conf_dict.get('lifetime', 15 * 60)), dpd=int(conf_dict.get('dpd', 60)), proposal=Proposal(1, Proposal.Protocol.IKE, b'', encr + integ + prf + dh), protect=[]) if ikeconf.my_addr not in my_addresses: raise ConfigurationError( f'Connection {name} has invalid "my_addr" {ikeconf.my_addr}. You need to listen from it' ) for ipsecconf_dict in conf_dict['protect']: ikeconf.protect.append( self._load_ipsec_conf(ikeconf, ipsecconf_dict)) return ikeconf
def test_is_subset(self): proposal = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [ Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA1_96), Transform(Transform.Type.ENCR, Transform.EncrId.ENCR_AES_CBC, 128), Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1) ]) self.assertTrue(self.object.is_subset(proposal))
def propose_operation(self, operation: Operation, client_address): self.acquire_lock() slot = self.get_next_available_slot() proposal = Proposal(self.uid, self.view_modulo, client_address, slot, operation) self.accepted_proposal_buffer[slot] = proposal self.release_lock() return proposal
def test_encrypted(self): transform1 = Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA2_256_128) transform2 = Transform(Transform.Type.ENCR, Transform.EncrId.ENCR_AES_CBC, 256) proposal1 = Proposal(1, Proposal.Protocol.IKE, b'aspiwhatever', [transform1, transform2]) payload_sa = PayloadSA([proposal1]) payload_nonce = PayloadNONCE(b'123456789012341232132132131') crypto = Crypto( Cipher( Transform(Transform.Type.ENCR, Transform.EncrId.ENCR_AES_CBC, 256)), b'a' * 32, Integrity( Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA2_512_256)), b'a' * 8, None, b'') message = Message(spi_i=b'12345678', spi_r=b'12345678', major=2, minor=0, exchange_type=Message.Exchange.IKE_AUTH, is_response=False, can_use_higher_version=False, is_initiator=False, message_id=0, payloads=[], encrypted_payloads=[payload_sa, payload_nonce], crypto=crypto) data = message.to_bytes() new_message = Message.parse(data, crypto=crypto) data2 = new_message.to_bytes() self.assertEqual(data, data2)
def test_invalid_transform_header(self): data = self.object.to_bytes() with self.assertRaises(InvalidSyntax): Proposal.parse(data[:-5])
def test_no_transforms(self): with self.assertRaises(InvalidSyntax): Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [])
class TestProposal(TestPayloadMixin, unittest.TestCase): def setUp(self): super(TestProposal, self).setUp() transform1 = Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA1_96) transform2 = Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1) self.object = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [transform1, transform2]) def test_parse_random(self): with self.assertRaises(InvalidSyntax): super(TestProposal, self).test_parse_random() def test_no_transforms(self): with self.assertRaises(InvalidSyntax): Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', []) def test_no_spi(self): transform1 = Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA1_96) transform2 = Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1) proposal = Proposal(20, Proposal.Protocol.IKE, b'', [transform1, transform2]) data = proposal.to_bytes() proposal = Proposal.parse(data) self.assertEqual(proposal.spi, b'') def test_invalid_transform_header(self): data = self.object.to_bytes() with self.assertRaises(InvalidSyntax): Proposal.parse(data[:-5]) def test_get_transform(self): self.object.get_transform(Transform.Type.INTEG) self.object.get_transforms(Transform.Type.PRF) def test_intersection(self): proposal = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [ Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA1_96), Transform(Transform.Type.ENCR, Transform.EncrId.ENCR_AES_CBC, 128), Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1) ]) intersection = self.object.intersection(proposal) self.assertEqual(intersection, self.object) self.assertIsNone(proposal.intersection(self.object)) def test_is_subset(self): proposal = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [ Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA1_96), Transform(Transform.Type.ENCR, Transform.EncrId.ENCR_AES_CBC, 128), Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1) ]) self.assertTrue(self.object.is_subset(proposal)) def test_eq(self): transform1 = Transform(Transform.Type.INTEG, Transform.IntegId.AUTH_HMAC_SHA1_96) transform2 = Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_SHA1) transform3 = Transform(Transform.Type.PRF, Transform.PrfId.PRF_HMAC_MD5) proposal = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [transform2, transform1]) proposal2 = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [transform2]) proposal3 = Proposal(20, Proposal.Protocol.IKE, b'aspiwhatever', [transform1, transform2, transform3]) self.assertEqual(self.object, proposal) self.assertNotEqual(self.object, proposal2) self.assertNotEqual(self.object, proposal3)
def do_Invoke(self, sender, caller, client_id, input_value): proposal = Proposal(caller, client_id, input_value) slot = next((s for s, p in self.proposals.items() if p == proposal), None) # propose, or re-propose if this proposal already has a slot self.propose(proposal, slot)
import logging from message import Ballot, Proposal JOIN_RETRANSMIT = 0.7 CATCHUP_INTERVAL = 0.6 ACCEPT_RETRANSMIT = 1.0 PREPARE_RETRANSMIT = 1.0 INVOKE_RETRANSMIT = 0.5 LEADER_TIMEOUT = 1.0 NULL_BALLOT = Ballot(-1, -1) NOOP_PROPOSAL = Proposal(None, None, None) class SimTimeLogger(logging.LoggerAdapter): def process(self, msg, kwargs): return 'T=%.3f %s' % (self.extra['network'].now, msg), kwargs def getChild(self, name): return self.__class__(self.logger.getChild(name), {'network': self.extra['network']})