def encrypt_ike_msg(self, header, plain, first_payload):
if self.sa.ike_crypto == 'AES-GCM-16ICV':
data = self.sa.ike_crypto_alg.pad(raw(plain))
plen = len(data) + GCM_IV_SIZE + GCM_ICV_SIZE +\
len(ikev2.IKEv2_payload_Encrypted())
tlen = plen + len(ikev2.IKEv2())
# prepare aad data
sk_p = ikev2.IKEv2_payload_Encrypted(next_payload=first_payload,
length=plen)
header.length = tlen
res = header / sk_p
encr = self.sa.encrypt(raw(plain), raw(res))
sk_p = ikev2.IKEv2_payload_Encrypted(next_payload=first_payload,
length=plen,
load=encr)
res = header / sk_p
else:
encr = self.sa.encrypt(raw(plain))
trunc_len = self.sa.ike_integ_alg.trunc_len
plen = len(encr) + len(ikev2.IKEv2_payload_Encrypted()) + trunc_len
tlen = plen + len(ikev2.IKEv2())
sk_p = ikev2.IKEv2_payload_Encrypted(next_payload=first_payload,
length=plen,
load=encr)
header.length = tlen
res = header / sk_p
integ_data = raw(res)
hmac_data = self.sa.compute_hmac(self.sa.ike_integ_alg.mod(),
self.sa.my_authkey, integ_data)
res = res / Raw(hmac_data[:trunc_len])
assert (len(res) == tlen)
return res
def hmac_and_decrypt(self, ike):
ep = ike[ikev2.IKEv2_payload_Encrypted]
if self.ike_crypto == 'AES-GCM-16ICV':
aad_len = len(ikev2.IKEv2_payload_Encrypted()) + len(ikev2.IKEv2())
ct = ep.load[:-GCM_ICV_SIZE]
tag = ep.load[-GCM_ICV_SIZE:]
return self.decrypt(ct, raw(ike)[:aad_len], tag)
else:
self.verify_hmac(raw(ike))
integ_trunc = self.ike_integ_alg.trunc_len
# remove ICV and decrypt payload
ct = ep.load[:-integ_trunc]
return self.decrypt(ct)
def hmac_and_decrypt(self, ike):
ep = ike[ikev2.IKEv2_payload_Encrypted]
self.verify_hmac(raw(ike))
integ_trunc = self.ike_integ_alg.trunc_len
# remove ICV and decrypt payload
ct = ep.load[:-integ_trunc]
return self.decrypt(ct)
def verify_and_remove_non_esp_marker(self, packet):
if self.sa.natt:
# if we are in nat traversal mode check for non esp marker
# and remove it
data = raw(packet)
self.assertEqual(data[:4], b'\x00' * 4)
return ikev2.IKEv2(data[4:])
else:
return packet
def auth_init(self):
prf = self.ike_prf_alg.mod()
authmsg = self.generate_authmsg(prf, raw(self.init_req_packet))
if self.auth_method == 'shared-key':
psk = self.calc_prf(prf, self.auth_data, KEY_PAD)
self.auth_data = self.calc_prf(prf, psk, authmsg)
elif self.auth_method == 'rsa-sig':
self.auth_data = self.priv_key.sign(authmsg, padding.PKCS1v15(),
hashes.SHA1())
else:
raise TypeError('unknown auth method type!')
def vrrp_adv_packet(self, prio=None, src_ip=None):
dst_ip = self._adv_dest_ip
if prio is None:
prio = self._prio
eth = Ether(dst=self._adv_dest_mac, src=self._virtual_mac)
vrrp = VRRPv3(vrid=self._vr_id, priority=prio,
ipcount=len(self._vips), adv=self._intvl)
if self._is_ipv6:
src_ip = (self._intf.local_ip6_ll if src_ip is None else src_ip)
ip = IPv6(src=src_ip, dst=dst_ip, nh=IPPROTO_VRRP, hlim=255)
vrrp.addrlist = self._vips
else:
src_ip = (self._intf.local_ip4 if src_ip is None else src_ip)
ip = IP(src=src_ip, dst=dst_ip, proto=IPPROTO_VRRP, ttl=255, id=0)
vrrp.addrlist = self._vips
# Fill in default values & checksums
pkt = Ether(raw(eth / ip / vrrp))
return pkt
def send_sa_auth(self):
tr_attr = self.sa.esp_crypto_attr()
trans = (
ikev2.IKEv2_payload_Transform(transform_type='Encryption',
transform_id=self.sa.esp_crypto,
length=tr_attr[1],
key_length=tr_attr[0]) /
ikev2.IKEv2_payload_Transform(transform_type='Integrity',
transform_id=self.sa.esp_integ) /
ikev2.IKEv2_payload_Transform(
transform_type='Extended Sequence Number',
transform_id='No ESN') /
ikev2.IKEv2_payload_Transform(
transform_type='Extended Sequence Number', transform_id='ESN'))
props = (ikev2.IKEv2_payload_Proposal(proposal=1,
proto='ESP',
SPIsize=4,
SPI=os.urandom(4),
trans_nb=4,
trans=trans))
tsi, tsr = self.sa.generate_ts()
plain = (ikev2.IKEv2_payload_IDi(
next_payload='IDr', IDtype=self.sa.id_type, load=self.sa.i_id) /
ikev2.IKEv2_payload_IDr(next_payload='AUTH',
IDtype=self.sa.id_type,
load=self.sa.r_id) /
ikev2.IKEv2_payload_AUTH(next_payload='SA',
auth_type=AuthMethod.value(
self.sa.auth_method),
load=self.sa.auth_data) /
ikev2.IKEv2_payload_SA(next_payload='TSi', prop=props) /
ikev2.IKEv2_payload_TSi(next_payload='TSr',
number_of_TSs=len(tsi),
traffic_selector=tsi) /
ikev2.IKEv2_payload_TSr(next_payload='Notify',
number_of_TSs=len(tsr),
traffic_selector=tsr) /
ikev2.IKEv2_payload_Notify(type='INITIAL_CONTACT'))
if self.sa.ike_crypto == 'AES-GCM-16ICV':
data = self.sa.ike_crypto_alg.pad(raw(plain))
plen = len(data) + GCM_IV_SIZE + GCM_ICV_SIZE +\
len(ikev2.IKEv2_payload_Encrypted())
tlen = plen + len(ikev2.IKEv2())
# prepare aad data
sk_p = ikev2.IKEv2_payload_Encrypted(next_payload='IDi',
length=plen)
sa_auth = (ikev2.IKEv2(init_SPI=self.sa.ispi,
resp_SPI=self.sa.rspi,
id=1,
length=tlen,
flags='Initiator',
exch_type='IKE_AUTH'))
sa_auth /= sk_p
encr = self.sa.encrypt(raw(plain), raw(sa_auth))
sk_p = ikev2.IKEv2_payload_Encrypted(next_payload='IDi',
length=plen,
load=encr)
sa_auth = (ikev2.IKEv2(init_SPI=self.sa.ispi,
resp_SPI=self.sa.rspi,
id=1,
length=tlen,
flags='Initiator',
exch_type='IKE_AUTH'))
sa_auth /= sk_p
else:
encr = self.sa.encrypt(raw(plain))
trunc_len = self.sa.ike_integ_alg.trunc_len
plen = len(encr) + len(ikev2.IKEv2_payload_Encrypted()) + trunc_len
tlen = plen + len(ikev2.IKEv2())
sk_p = ikev2.IKEv2_payload_Encrypted(next_payload='IDi',
length=plen,
load=encr)
sa_auth = (ikev2.IKEv2(init_SPI=self.sa.ispi,
resp_SPI=self.sa.rspi,
id=1,
length=tlen,
flags='Initiator',
exch_type='IKE_AUTH'))
sa_auth /= sk_p
integ_data = raw(sa_auth)
hmac_data = self.sa.compute_hmac(self.sa.ike_integ_alg.mod(),
self.sa.my_authkey, integ_data)
sa_auth = sa_auth / Raw(hmac_data[:trunc_len])
assert (len(sa_auth) == tlen)
packet = self.create_ike_msg(self.pg0, sa_auth, self.sa.sport,
self.sa.dport, self.sa.natt)
self.pg0.add_stream(packet)
self.pg0.enable_capture()
self.pg_start()
capture = self.pg0.get_capture(1)
self.verify_sa_auth(capture[0])
def auth_init(self):
prf = self.ike_prf_alg.mod()
authmsg = self.generate_authmsg(prf, raw(self.init_req_packet))
psk = self.calc_prf(prf, self.auth_data, KEY_PAD)
self.auth_data = self.calc_prf(prf, psk, authmsg)
def default_transform_presave(self, packet):
from scapy.packet import raw
from numpy import asarray
hex_bytes = raw(packet)
int_bytes = [int(n) for n in hex_bytes]
return asarray(int_bytes).astype(int).reshape(-1)
