class MKAPeerListTuple(Packet):
"""
Live / Potential Peer List parameter sets tuples (802.1X-2010, section 11.11). # noqa: E501
"""
name = "Peer List Tuple"
fields_desc = [
XStrFixedLenField("member_id", "", length=12),
XStrFixedLenField("message_number", "", length=4),
]
class WireguardResponse(Packet):
name = "Wireguard Response"
fields_desc = [
XLEIntField("sender_index", 0),
XLEIntField("receiver_index", 0),
XStrFixedLenField("unencrypted_ephemeral", 0, 32),
XStrFixedLenField("encrypted_nothing", 0, 16),
XStrFixedLenField("mac1", 0, 16),
XStrFixedLenField("mac2", 0, 16),
]
class WireguardInitiation(Packet):
name = "Wireguard Initiation"
fields_desc = [
XLEIntField("sender_index", 0),
XStrFixedLenField("unencrypted_ephemeral", 0, 32),
XStrFixedLenField("encrypted_static", 0, 48),
XStrFixedLenField("encrypted_timestamp", 0, 28),
XStrFixedLenField("mac1", 0, 16),
XStrFixedLenField("mac2", 0, 16),
]
class SCCP(Packet):
name = "SCCP"
fields_desc = [
XByteField("type", 1),
XByteField("class", 1),
XByteField("pointer1", 1),
XByteField("pointer2", 1),
XByteField("pointer3", 1),
XStrFixedLenField("padding", "", 6),
TBCDByteField("called_address", "", 6),
XStrFixedLenField("padding2", "", 6),
TBCDByteField("calling_address", "", 6),
]
class MarkerProtocol(Packet):
name = "MarkerProtocol"
fields_desc = [
ByteField("version", 1),
ByteEnumField("marker_type", 1, MARKER_TYPES),
ByteField("marker_length", 16),
ShortField("requester_port", 0),
MACField("requester_system", None),
IntField("requester_transaction_id", 0),
XStrFixedLenField("marker_reserved", "", 2),
ByteField("terminator_type", 0),
ByteField("terminator_length", 0),
XStrFixedLenField("reserved", 0, 90),
]
class RadiusAttr_Message_Authenticator(_RadiusAttrHexStringVal):
"""RFC 2869"""
val = 80
fields_desc = [
ByteEnumField("type", 24, _radius_attribute_types),
FieldLenField(
"len",
18,
"value",
"B",
),
XStrFixedLenField("value", "\x00" * 16, length=16)
]
@staticmethod
def compute_message_authenticator(radius_packet, packed_req_authenticator,
shared_secret):
"""
Computes the "Message-Authenticator" of a given RADIUS packet.
"""
data = prepare_packed_data(radius_packet, packed_req_authenticator)
radius_hmac = hmac.new(shared_secret, data, hashlib.md5)
return radius_hmac.digest()
class MKAICVSet(MKAParamSet):
"""
ICV (802.1X-2010, section 11.11).
"""
#########################################################################
#
# IEEE 802.1X-2010 standard
# Section 11.11
#########################################################################
#
name = "ICV"
fields_desc = [
PadField(
ByteEnumField(
"param_set_type",
255,
_parameter_set_types
),
2,
padwith=b"\x00"
),
ShortField("param_set_body_len", 0),
XStrFixedLenField("icv", "", length=MKAParamSet.MACSEC_DEFAULT_ICV_LEN)
]
class MKABasicParamSet(Packet):
"""
Basic Parameter Set (802.1X-2010, section 11.11).
"""
#########################################################################
#
# IEEE 802.1X-2010 standard
# Section 11.11
#########################################################################
#
name = "Basic Parameter Set"
fields_desc = [
ByteField("mka_version_id", 0),
ByteField("key_server_priority", 0),
BitField("key_server", 0, 1),
BitField("macsec_desired", 0, 1),
BitField("macsec_capability", 0, 2),
BitField("param_set_body_len", 0, 12),
PacketField("SCI", MACsecSCI(), MACsecSCI),
XStrFixedLenField("actor_member_id", "", length=12),
XIntField("actor_message_number", 0),
XIntField("algorithm_agility", 0),
PadField(XStrLenField("cak_name",
"",
length_from=lambda pkt:
(pkt.param_set_body_len - 28)),
4,
padwith=b"\x00")
]
def extract_padding(self, s):
return "", s
class MKADistributedCAKParamSet(MKAParamSet):
"""
Distributed CAK Parameter Set (802.1X-2010, section 11.11).
"""
#########################################################################
#
# IEEE 802.1X-2010 standard
# Section 11.11
#########################################################################
#
name = "Distributed CAK parameter set"
fields_desc = [
PadField(
ByteEnumField(
"param_set_type",
5,
_parameter_set_types
),
2,
padwith=b"\x00"
),
ShortField("param_set_body_len", 0),
XStrFixedLenField(
"cak_aes_key_wrap",
"",
length=MKAParamSet.EAPOL_MKA_DEFAULT_KEY_WRAP_LEN
),
XStrField("cak_key_name", "")
]
class Radius(Packet):
"""
Implements a RADIUS packet (RFC 2865).
"""
name = "RADIUS"
fields_desc = [
ByteEnumField("code", 1, _packet_codes),
ByteField("id", 0),
FieldLenField(
"len",
None,
"attributes",
"H",
adjust=lambda pkt, x: len(pkt.attributes) + 20
),
XStrFixedLenField("authenticator", "", 16),
_RADIUSAttrPacketListField(
"attributes",
[],
RadiusAttribute,
length_from=lambda pkt: pkt.len - 20
)
]
def compute_authenticator(self, packed_request_auth, shared_secret):
"""
Computes the authenticator field (RFC 2865 - Section 3)
"""
if not conf.crypto_valid:
g_log_loading.info(_crypto_loading_failure_message)
return None
packed_hdr = struct.pack("!B", self.code)
packed_hdr += struct.pack("!B", self.id)
packed_hdr += struct.pack("!H", self.len)
packed_attrs = ''
for index in range(0, len(self.attributes)):
packed_attrs = packed_attrs + str(self.attributes[index])
packed_data = packed_hdr + packed_request_auth + packed_attrs +\
shared_secret
digest = hashes.Hash(hashes.MD5(), backend=default_backend())
digest.update(packed_data)
return digest.finalize()
def post_build(self, p, pay):
p += pay
length = self.len
if length is None:
length = len(p)
p = p[:2] + struct.pack("!H", length) + p[4:]
return p
class PMKIDListPacket(Packet):
name = "PMKIDs"
fields_desc = [
LEFieldLenField("nb_pmkids", 0, count_of="pmk_id_list"),
FieldListField("pmkid_list",
None,
XStrFixedLenField("", "", length=16),
count_from=lambda pkt: pkt.nb_pmkids)
]
def extract_padding(self, s):
return "", s
class MKASAKUseParamSet(MKAParamSet):
"""
SAK Use Parameter Set (802.1X-2010, section 11.11).
"""
#########################################################################
#
# IEEE 802.1X-2010 standard
# Section 11.11
#########################################################################
#
name = "SAK Use Parameter Set"
fields_desc = [
ByteEnumField("param_set_type", 3, _parameter_set_types),
BitField("latest_key_an", 0, 2),
BitField("latest_key_tx", 0, 1),
BitField("latest_key_rx", 0, 1),
BitField("old_key_an", 0, 2),
BitField("old_key_tx", 0, 1),
BitField("old_key_rx", 0, 1),
BitField("plain_tx", 0, 1),
BitField("plain_rx", 0, 1),
BitField("X", 0, 1),
BitField("delay_protect", 0, 1),
BitField("param_set_body_len", 0, 12),
XStrFixedLenField("latest_key_key_server_member_id", "", length=12),
XStrFixedLenField("latest_key_key_number", "", length=4),
XStrFixedLenField("latest_key_lowest_acceptable_pn", "", length=4),
XStrFixedLenField("old_key_key_server_member_id", "", length=12),
XStrFixedLenField("old_key_key_number", "", length=4),
XStrFixedLenField("old_key_lowest_acceptable_pn", "", length=4)
]
class LocatorPacket(EPacket):
name = "RTPS Locator"
fields_desc = [
EField(XIntField("locatorKind", 0),
endianness=FORMAT_LE,
endianness_from=None),
EField(IntField("port", 0), endianness=FORMAT_LE,
endianness_from=None),
ConditionalField(ReversePadField(IPField("address", "0.0.0.0"), 20),
lambda p: p.locatorKind == 0x1),
ConditionalField(XStrFixedLenField("hostId", 0x0, 16),
lambda p: p.locatorKind == 0x01000000)
]
def extract_padding(self, p):
return b"", p
class PID_TRANSPORT_INFO_LIST(PIDPacketBase):
name = "PID_TRANSPORT_INFO_LIST"
fields_desc = [
EField(
ParameterIdField("parameterId", 0),
endianness=FORMAT_LE,
endianness_from=None,
),
EField(ShortField("parameterLength", 0),
endianness=FORMAT_LE,
endianness_from=None),
XStrFixedLenField("padding", "", 4),
EField(
PacketListField("transportInfo", [],
TransportInfoPacket,
length_from=lambda p: p.parameterLength - 4))
]
class NSH(Packet):
"""Network Service Header.
NSH MD-type 1 if there is no ContextHeaders"""
name = "NSH"
fields_desc = [
BitField('ver', 0, 2),
BitField('oam', 0, 1),
BitField('unused1', 0, 1),
BitField('ttl', 63, 6),
BitFieldLenField('length',
None,
6,
count_of='vlch',
adjust=lambda pkt, x: 6
if pkt.mdtype == 1 else x + 2),
BitField('unused2', 0, 4),
BitEnumField(
'mdtype', 1, 4, {
0: 'Reserved MDType',
1: 'Fixed Length',
2: 'Variable Length',
0xF: 'Experimental MDType'
}),
ByteEnumField(
'nextproto', 3, {
1: 'IPv4',
2: 'IPv6',
3: 'Ethernet',
4: 'NSH',
5: 'MPLS',
0xFE: 'Experiment 1',
0xFF: 'Experiment 2'
}),
X3BytesField('spi', 0),
ByteField('si', 0xFF),
ConditionalField(XStrFixedLenField("context_header", "", 16),
lambda pkt: pkt.mdtype == 1),
ConditionalField(
PacketListField("vlch", None, NSHTLV, count_from="length"),
lambda pkt: pkt.mdtype == 2)
]
def mysummary(self):
return self.sprintf("SPI: %spi% - SI: %si%")
class RadiusAttr_Message_Authenticator(_RadiusAttrHexStringVal):
"""RFC 2869"""
val = 80
fields_desc = [
ByteEnumField("type", 24, _radius_attribute_types),
FieldLenField(
"len",
18,
"value",
"B",
),
XStrFixedLenField("value", "\x00" * 16, length=16)
]
@staticmethod
def compute_message_authenticator(
radius_packet,
packed_req_authenticator,
shared_secret
):
"""
Computes the "Message-Authenticator" of a given RADIUS packet.
"""
if not conf.crypto_valid:
g_log_loading.info(_crypto_loading_failure_message)
return None
packed_hdr = struct.pack("!B", radius_packet.code)
packed_hdr += struct.pack("!B", radius_packet.id)
packed_hdr += struct.pack("!H", radius_packet.len)
packed_attrs = ''
for index in range(0, len(radius_packet.attributes)):
packed_attrs = packed_attrs + str(radius_packet.attributes[index])
hmac_ = hmac.HMAC(
shared_secret,
hashes.MD5(),
backend=default_backend()
)
packed_data = packed_hdr + packed_req_authenticator + packed_attrs
hmac_.update(packed_data)
return hmac_.finalize()
class NEGOEX_NEGO_MESSAGE(Packet):
OFFSET = 92
show_indent = 0
fields_desc = [
NEGOEX_MESSAGE_HEADER,
XStrFixedLenField("Random", b"", length=32),
LELongField("ProtocolVersion", 0),
LEIntField("AuthSchemeBufferOffset", None),
LEShortField("AuthSchemeCount", None),
LEIntField("ExtensionBufferOffset", None),
LEShortField("ExtensionCount", None),
# Payload
_NTLMPayloadField(
'Payload',
OFFSET, [
FieldListField("AuthScheme", [],
UUIDEnumField("", None, _NEGOEX_AUTH_SCHEMES),
count_from=lambda pkt: pkt.AuthSchemeCount),
PacketListField("Extension", [],
NEGOEX_EXTENSION_VECTOR,
count_from=lambda pkt: pkt.ExtensionCount),
],
length_from=lambda pkt: pkt.cbMessageLength - 92),
# TODO: dissect extensions
]
def post_build(self, pkt, pay):
# type: (bytes, bytes) -> bytes
return _NEGOEX_post_build(self, pkt, self.OFFSET, {
"AuthScheme": 96,
"Extension": 102,
}) + pay
@classmethod
def dispatch_hook(cls, _pkt=None, *args, **kargs):
if _pkt and len(_pkt) >= 12:
MessageType = struct.unpack("<I", _pkt[8:12])[0]
if MessageType in [0, 1]:
return NEGOEX_NEGO_MESSAGE
elif MessageType in [2, 3]:
return NEGOEX_EXCHANGE_MESSAGE
return cls
class Radius(Packet):
"""
Implements a RADIUS packet (RFC 2865).
"""
name = "RADIUS"
fields_desc = [
ByteEnumField("code", 1, _packet_codes),
ByteField("id", 0),
FieldLenField(
"len",
None,
"attributes",
"H",
adjust=lambda pkt, x: len(pkt.attributes) + 20
),
XStrFixedLenField("authenticator", "", 16),
PacketListField(
"attributes",
[],
RadiusAttribute,
length_from=lambda pkt: pkt.len - 20
)
]
def compute_authenticator(self, packed_request_auth, shared_secret):
"""
Computes the authenticator field (RFC 2865 - Section 3)
"""
data = prepare_packed_data(self, packed_request_auth)
radius_mac = hashlib.md5(data + shared_secret)
return radius_mac.digest()
def post_build(self, p, pay):
p += pay
length = self.len
if length is None:
length = len(p)
p = p[:2] + struct.pack("!H", length) + p[4:]
return p
class NTLM_AUTHENTICATE(Packet):
name = "NTLM Authenticate"
messageType = 3
OFFSET = 88
NTLM_VERSION = 1
fields_desc = [
NTLM_Header,
# LmChallengeResponseFields
LEShortField('LmChallengeResponseLen', None),
LEShortField('LmChallengeResponseMaxLen', None),
LEIntField('LmChallengeResponseBufferOffset', None),
# NtChallengeResponseFields
LEShortField('NtChallengeResponseLen', None),
LEShortField('NtChallengeResponseMaxLen', None),
LEIntField('NtChallengeResponseBufferOffset', None),
# DomainNameFields
LEShortField('DomainNameLen', None),
LEShortField('DomainNameMaxLen', None),
LEIntField('DomainNameBufferOffset', None),
# UserNameFields
LEShortField('UserNameLen', None),
LEShortField('UserNameMaxLen', None),
LEIntField('UserNameBufferOffset', None),
# WorkstationFields
LEShortField('WorkstationLen', None),
LEShortField('WorkstationMaxLen', None),
LEIntField('WorkstationBufferOffset', None),
# EncryptedRandomSessionKeyFields
LEShortField('EncryptedRandomSessionKeyLen', None),
LEShortField('EncryptedRandomSessionKeyMaxLen', None),
LEIntField('EncryptedRandomSessionKeyBufferOffset', None),
# NegotiateFlags
FlagsField('NegotiateFlags', 0, -32, _negotiateFlags),
# VERSION
_NTLM_Version,
# MIC
XStrFixedLenField('MIC', b"", length=16),
# Payload
_NTLMPayloadField('Payload', OFFSET, [
MultipleTypeField([
(PacketField('LmChallengeResponse', LMv2_RESPONSE(),
LMv2_RESPONSE), lambda pkt: pkt.NTLM_VERSION == 2)
], PacketField('LmChallengeResponse', LM_RESPONSE(), LM_RESPONSE)),
MultipleTypeField([(PacketField(
'NtChallengeResponse', NTLMv2_RESPONSE(),
NTLMv2_RESPONSE), lambda pkt: pkt.NTLM_VERSION == 2)],
PacketField('NtChallengeResponse',
NTLM_RESPONSE(), NTLM_RESPONSE)),
_NTLMStrField('DomainName', b''),
_NTLMStrField('UserName', b''),
_NTLMStrField('Workstation', b''),
XStrField('EncryptedRandomSessionKey', b''),
])
]
def post_build(self, pkt, pay):
# type: (bytes, bytes) -> bytes
return _NTML_post_build(
self, pkt, self.OFFSET, {
"LmChallengeResponse": 12,
"NtChallengeResponse": 20,
"DomainName": 28,
"UserName": 36,
"Workstation": 44,
"EncryptedRandomSessionKey": 52
}) + pay
class NTLMv2_RESPONSE(Packet):
fields_desc = [
XStrFixedLenField("NTProofStr", b"", length=16),
NTLMv2_CLIENT_CHALLENGE
]
