class MKAPeerListTuple(Packet): """ Live / Potential Peer List parameter sets tuples (802.1X-2010, section 11.11). # noqa: E501 """ name = "Peer List Tuple" fields_desc = [ XStrFixedLenField("member_id", "", length=12), XStrFixedLenField("message_number", "", length=4), ]
class WireguardResponse(Packet): name = "Wireguard Response" fields_desc = [ XLEIntField("sender_index", 0), XLEIntField("receiver_index", 0), XStrFixedLenField("unencrypted_ephemeral", 0, 32), XStrFixedLenField("encrypted_nothing", 0, 16), XStrFixedLenField("mac1", 0, 16), XStrFixedLenField("mac2", 0, 16), ]
class WireguardInitiation(Packet): name = "Wireguard Initiation" fields_desc = [ XLEIntField("sender_index", 0), XStrFixedLenField("unencrypted_ephemeral", 0, 32), XStrFixedLenField("encrypted_static", 0, 48), XStrFixedLenField("encrypted_timestamp", 0, 28), XStrFixedLenField("mac1", 0, 16), XStrFixedLenField("mac2", 0, 16), ]
class SCCP(Packet): name = "SCCP" fields_desc = [ XByteField("type", 1), XByteField("class", 1), XByteField("pointer1", 1), XByteField("pointer2", 1), XByteField("pointer3", 1), XStrFixedLenField("padding", "", 6), TBCDByteField("called_address", "", 6), XStrFixedLenField("padding2", "", 6), TBCDByteField("calling_address", "", 6), ]
class MarkerProtocol(Packet): name = "MarkerProtocol" fields_desc = [ ByteField("version", 1), ByteEnumField("marker_type", 1, MARKER_TYPES), ByteField("marker_length", 16), ShortField("requester_port", 0), MACField("requester_system", None), IntField("requester_transaction_id", 0), XStrFixedLenField("marker_reserved", "", 2), ByteField("terminator_type", 0), ByteField("terminator_length", 0), XStrFixedLenField("reserved", 0, 90), ]
class RadiusAttr_Message_Authenticator(_RadiusAttrHexStringVal): """RFC 2869""" val = 80 fields_desc = [ ByteEnumField("type", 24, _radius_attribute_types), FieldLenField( "len", 18, "value", "B", ), XStrFixedLenField("value", "\x00" * 16, length=16) ] @staticmethod def compute_message_authenticator(radius_packet, packed_req_authenticator, shared_secret): """ Computes the "Message-Authenticator" of a given RADIUS packet. """ data = prepare_packed_data(radius_packet, packed_req_authenticator) radius_hmac = hmac.new(shared_secret, data, hashlib.md5) return radius_hmac.digest()
class MKAICVSet(MKAParamSet): """ ICV (802.1X-2010, section 11.11). """ ######################################################################### # # IEEE 802.1X-2010 standard # Section 11.11 ######################################################################### # name = "ICV" fields_desc = [ PadField( ByteEnumField( "param_set_type", 255, _parameter_set_types ), 2, padwith=b"\x00" ), ShortField("param_set_body_len", 0), XStrFixedLenField("icv", "", length=MKAParamSet.MACSEC_DEFAULT_ICV_LEN) ]
class MKABasicParamSet(Packet): """ Basic Parameter Set (802.1X-2010, section 11.11). """ ######################################################################### # # IEEE 802.1X-2010 standard # Section 11.11 ######################################################################### # name = "Basic Parameter Set" fields_desc = [ ByteField("mka_version_id", 0), ByteField("key_server_priority", 0), BitField("key_server", 0, 1), BitField("macsec_desired", 0, 1), BitField("macsec_capability", 0, 2), BitField("param_set_body_len", 0, 12), PacketField("SCI", MACsecSCI(), MACsecSCI), XStrFixedLenField("actor_member_id", "", length=12), XIntField("actor_message_number", 0), XIntField("algorithm_agility", 0), PadField(XStrLenField("cak_name", "", length_from=lambda pkt: (pkt.param_set_body_len - 28)), 4, padwith=b"\x00") ] def extract_padding(self, s): return "", s
class MKADistributedCAKParamSet(MKAParamSet): """ Distributed CAK Parameter Set (802.1X-2010, section 11.11). """ ######################################################################### # # IEEE 802.1X-2010 standard # Section 11.11 ######################################################################### # name = "Distributed CAK parameter set" fields_desc = [ PadField( ByteEnumField( "param_set_type", 5, _parameter_set_types ), 2, padwith=b"\x00" ), ShortField("param_set_body_len", 0), XStrFixedLenField( "cak_aes_key_wrap", "", length=MKAParamSet.EAPOL_MKA_DEFAULT_KEY_WRAP_LEN ), XStrField("cak_key_name", "") ]
class Radius(Packet): """ Implements a RADIUS packet (RFC 2865). """ name = "RADIUS" fields_desc = [ ByteEnumField("code", 1, _packet_codes), ByteField("id", 0), FieldLenField( "len", None, "attributes", "H", adjust=lambda pkt, x: len(pkt.attributes) + 20 ), XStrFixedLenField("authenticator", "", 16), _RADIUSAttrPacketListField( "attributes", [], RadiusAttribute, length_from=lambda pkt: pkt.len - 20 ) ] def compute_authenticator(self, packed_request_auth, shared_secret): """ Computes the authenticator field (RFC 2865 - Section 3) """ if not conf.crypto_valid: g_log_loading.info(_crypto_loading_failure_message) return None packed_hdr = struct.pack("!B", self.code) packed_hdr += struct.pack("!B", self.id) packed_hdr += struct.pack("!H", self.len) packed_attrs = '' for index in range(0, len(self.attributes)): packed_attrs = packed_attrs + str(self.attributes[index]) packed_data = packed_hdr + packed_request_auth + packed_attrs +\ shared_secret digest = hashes.Hash(hashes.MD5(), backend=default_backend()) digest.update(packed_data) return digest.finalize() def post_build(self, p, pay): p += pay length = self.len if length is None: length = len(p) p = p[:2] + struct.pack("!H", length) + p[4:] return p
class PMKIDListPacket(Packet): name = "PMKIDs" fields_desc = [ LEFieldLenField("nb_pmkids", 0, count_of="pmk_id_list"), FieldListField("pmkid_list", None, XStrFixedLenField("", "", length=16), count_from=lambda pkt: pkt.nb_pmkids) ] def extract_padding(self, s): return "", s
class MKASAKUseParamSet(MKAParamSet): """ SAK Use Parameter Set (802.1X-2010, section 11.11). """ ######################################################################### # # IEEE 802.1X-2010 standard # Section 11.11 ######################################################################### # name = "SAK Use Parameter Set" fields_desc = [ ByteEnumField("param_set_type", 3, _parameter_set_types), BitField("latest_key_an", 0, 2), BitField("latest_key_tx", 0, 1), BitField("latest_key_rx", 0, 1), BitField("old_key_an", 0, 2), BitField("old_key_tx", 0, 1), BitField("old_key_rx", 0, 1), BitField("plain_tx", 0, 1), BitField("plain_rx", 0, 1), BitField("X", 0, 1), BitField("delay_protect", 0, 1), BitField("param_set_body_len", 0, 12), XStrFixedLenField("latest_key_key_server_member_id", "", length=12), XStrFixedLenField("latest_key_key_number", "", length=4), XStrFixedLenField("latest_key_lowest_acceptable_pn", "", length=4), XStrFixedLenField("old_key_key_server_member_id", "", length=12), XStrFixedLenField("old_key_key_number", "", length=4), XStrFixedLenField("old_key_lowest_acceptable_pn", "", length=4) ]
class LocatorPacket(EPacket): name = "RTPS Locator" fields_desc = [ EField(XIntField("locatorKind", 0), endianness=FORMAT_LE, endianness_from=None), EField(IntField("port", 0), endianness=FORMAT_LE, endianness_from=None), ConditionalField(ReversePadField(IPField("address", "0.0.0.0"), 20), lambda p: p.locatorKind == 0x1), ConditionalField(XStrFixedLenField("hostId", 0x0, 16), lambda p: p.locatorKind == 0x01000000) ] def extract_padding(self, p): return b"", p
class PID_TRANSPORT_INFO_LIST(PIDPacketBase): name = "PID_TRANSPORT_INFO_LIST" fields_desc = [ EField( ParameterIdField("parameterId", 0), endianness=FORMAT_LE, endianness_from=None, ), EField(ShortField("parameterLength", 0), endianness=FORMAT_LE, endianness_from=None), XStrFixedLenField("padding", "", 4), EField( PacketListField("transportInfo", [], TransportInfoPacket, length_from=lambda p: p.parameterLength - 4)) ]
class NSH(Packet): """Network Service Header. NSH MD-type 1 if there is no ContextHeaders""" name = "NSH" fields_desc = [ BitField('ver', 0, 2), BitField('oam', 0, 1), BitField('unused1', 0, 1), BitField('ttl', 63, 6), BitFieldLenField('length', None, 6, count_of='vlch', adjust=lambda pkt, x: 6 if pkt.mdtype == 1 else x + 2), BitField('unused2', 0, 4), BitEnumField( 'mdtype', 1, 4, { 0: 'Reserved MDType', 1: 'Fixed Length', 2: 'Variable Length', 0xF: 'Experimental MDType' }), ByteEnumField( 'nextproto', 3, { 1: 'IPv4', 2: 'IPv6', 3: 'Ethernet', 4: 'NSH', 5: 'MPLS', 0xFE: 'Experiment 1', 0xFF: 'Experiment 2' }), X3BytesField('spi', 0), ByteField('si', 0xFF), ConditionalField(XStrFixedLenField("context_header", "", 16), lambda pkt: pkt.mdtype == 1), ConditionalField( PacketListField("vlch", None, NSHTLV, count_from="length"), lambda pkt: pkt.mdtype == 2) ] def mysummary(self): return self.sprintf("SPI: %spi% - SI: %si%")
class RadiusAttr_Message_Authenticator(_RadiusAttrHexStringVal): """RFC 2869""" val = 80 fields_desc = [ ByteEnumField("type", 24, _radius_attribute_types), FieldLenField( "len", 18, "value", "B", ), XStrFixedLenField("value", "\x00" * 16, length=16) ] @staticmethod def compute_message_authenticator( radius_packet, packed_req_authenticator, shared_secret ): """ Computes the "Message-Authenticator" of a given RADIUS packet. """ if not conf.crypto_valid: g_log_loading.info(_crypto_loading_failure_message) return None packed_hdr = struct.pack("!B", radius_packet.code) packed_hdr += struct.pack("!B", radius_packet.id) packed_hdr += struct.pack("!H", radius_packet.len) packed_attrs = '' for index in range(0, len(radius_packet.attributes)): packed_attrs = packed_attrs + str(radius_packet.attributes[index]) hmac_ = hmac.HMAC( shared_secret, hashes.MD5(), backend=default_backend() ) packed_data = packed_hdr + packed_req_authenticator + packed_attrs hmac_.update(packed_data) return hmac_.finalize()
class NEGOEX_NEGO_MESSAGE(Packet): OFFSET = 92 show_indent = 0 fields_desc = [ NEGOEX_MESSAGE_HEADER, XStrFixedLenField("Random", b"", length=32), LELongField("ProtocolVersion", 0), LEIntField("AuthSchemeBufferOffset", None), LEShortField("AuthSchemeCount", None), LEIntField("ExtensionBufferOffset", None), LEShortField("ExtensionCount", None), # Payload _NTLMPayloadField( 'Payload', OFFSET, [ FieldListField("AuthScheme", [], UUIDEnumField("", None, _NEGOEX_AUTH_SCHEMES), count_from=lambda pkt: pkt.AuthSchemeCount), PacketListField("Extension", [], NEGOEX_EXTENSION_VECTOR, count_from=lambda pkt: pkt.ExtensionCount), ], length_from=lambda pkt: pkt.cbMessageLength - 92), # TODO: dissect extensions ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes return _NEGOEX_post_build(self, pkt, self.OFFSET, { "AuthScheme": 96, "Extension": 102, }) + pay @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): if _pkt and len(_pkt) >= 12: MessageType = struct.unpack("<I", _pkt[8:12])[0] if MessageType in [0, 1]: return NEGOEX_NEGO_MESSAGE elif MessageType in [2, 3]: return NEGOEX_EXCHANGE_MESSAGE return cls
class Radius(Packet): """ Implements a RADIUS packet (RFC 2865). """ name = "RADIUS" fields_desc = [ ByteEnumField("code", 1, _packet_codes), ByteField("id", 0), FieldLenField( "len", None, "attributes", "H", adjust=lambda pkt, x: len(pkt.attributes) + 20 ), XStrFixedLenField("authenticator", "", 16), PacketListField( "attributes", [], RadiusAttribute, length_from=lambda pkt: pkt.len - 20 ) ] def compute_authenticator(self, packed_request_auth, shared_secret): """ Computes the authenticator field (RFC 2865 - Section 3) """ data = prepare_packed_data(self, packed_request_auth) radius_mac = hashlib.md5(data + shared_secret) return radius_mac.digest() def post_build(self, p, pay): p += pay length = self.len if length is None: length = len(p) p = p[:2] + struct.pack("!H", length) + p[4:] return p
class NTLM_AUTHENTICATE(Packet): name = "NTLM Authenticate" messageType = 3 OFFSET = 88 NTLM_VERSION = 1 fields_desc = [ NTLM_Header, # LmChallengeResponseFields LEShortField('LmChallengeResponseLen', None), LEShortField('LmChallengeResponseMaxLen', None), LEIntField('LmChallengeResponseBufferOffset', None), # NtChallengeResponseFields LEShortField('NtChallengeResponseLen', None), LEShortField('NtChallengeResponseMaxLen', None), LEIntField('NtChallengeResponseBufferOffset', None), # DomainNameFields LEShortField('DomainNameLen', None), LEShortField('DomainNameMaxLen', None), LEIntField('DomainNameBufferOffset', None), # UserNameFields LEShortField('UserNameLen', None), LEShortField('UserNameMaxLen', None), LEIntField('UserNameBufferOffset', None), # WorkstationFields LEShortField('WorkstationLen', None), LEShortField('WorkstationMaxLen', None), LEIntField('WorkstationBufferOffset', None), # EncryptedRandomSessionKeyFields LEShortField('EncryptedRandomSessionKeyLen', None), LEShortField('EncryptedRandomSessionKeyMaxLen', None), LEIntField('EncryptedRandomSessionKeyBufferOffset', None), # NegotiateFlags FlagsField('NegotiateFlags', 0, -32, _negotiateFlags), # VERSION _NTLM_Version, # MIC XStrFixedLenField('MIC', b"", length=16), # Payload _NTLMPayloadField('Payload', OFFSET, [ MultipleTypeField([ (PacketField('LmChallengeResponse', LMv2_RESPONSE(), LMv2_RESPONSE), lambda pkt: pkt.NTLM_VERSION == 2) ], PacketField('LmChallengeResponse', LM_RESPONSE(), LM_RESPONSE)), MultipleTypeField([(PacketField( 'NtChallengeResponse', NTLMv2_RESPONSE(), NTLMv2_RESPONSE), lambda pkt: pkt.NTLM_VERSION == 2)], PacketField('NtChallengeResponse', NTLM_RESPONSE(), NTLM_RESPONSE)), _NTLMStrField('DomainName', b''), _NTLMStrField('UserName', b''), _NTLMStrField('Workstation', b''), XStrField('EncryptedRandomSessionKey', b''), ]) ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes return _NTML_post_build( self, pkt, self.OFFSET, { "LmChallengeResponse": 12, "NtChallengeResponse": 20, "DomainName": 28, "UserName": 36, "Workstation": 44, "EncryptedRandomSessionKey": 52 }) + pay
class NTLMv2_RESPONSE(Packet): fields_desc = [ XStrFixedLenField("NTProofStr", b"", length=16), NTLMv2_CLIENT_CHALLENGE ]