def build_MIC_ICV(data, mic_key, source, dest):
"""Compute and return the data with its MIC and ICV"""
# DATA - MIC(DA - SA - Priority=0 - 0 - 0 - 0 - DATA) - ICV
# 802.11i p.47
sa = hex_bytes(source.replace(":", "")) # Source MAC
da = hex_bytes(dest.replace(":", "")) # Dest MAC
MIC = michael(mic_key, da + sa + "\x00" + "\x00" * 3 + data)
ICV = pack("<I", crc32(data + MIC) & 0xFFFFFFFF)
return data + MIC + ICV
def build_MIC_ICV(data, mic_key, source, dest):
"""Compute and return the data with its MIC and ICV"""
# DATA - MIC(DA - SA - Priority=0 - 0 - 0 - 0 - DATA) - ICV
# 802.11i p.47
sa = hex_bytes(source.replace(":", "")) # Source MAC
da = hex_bytes(dest.replace(":", "")) # Dest MAC
MIC = michael(mic_key, da + sa + "\x00" + "\x00" * 3 + data)
ICV = pack("<I", crc32(data + MIC) & 0xFFFFFFFF)
return data + MIC + ICV
def install_unicast_keys(self, client_nonce):
"""Use the client nonce @client_nonce to compute and install
PTK, KCK, KEK, TK, MIC (AP -> STA), MIC (STA -> AP)
"""
pmk = self.pmk
anonce = self.anonce
snonce = client_nonce
amac = hex_bytes(self.mac.replace(":", ""))
smac = hex_bytes(self.client.replace(":", ""))
# Compute PTK
self.ptk = customPRF512(pmk, amac, smac, anonce, snonce)
# Extract derivated keys
self.kck = self.ptk[:16]
self.kek = self.ptk[16:32]
self.tk = self.ptk[32:48]
self.mic_ap_to_sta = self.ptk[48:56]
self.mic_sta_to_ap = self.ptk[56:64]
# Reset IV
self.client_iv = count()
def install_unicast_keys(self, client_nonce):
"""Use the client nonce @client_nonce to compute and install
PTK, KCK, KEK, TK, MIC (AP -> STA), MIC (STA -> AP)
"""
pmk = self.pmk
anonce = self.anonce
snonce = client_nonce
amac = hex_bytes(self.mac.replace(":", ""))
smac = hex_bytes(self.client.replace(":", ""))
# Compute PTK
self.ptk = customPRF512(pmk, amac, smac, anonce, snonce)
# Extract derivated keys
self.kck = self.ptk[:16]
self.kek = self.ptk[16:32]
self.tk = self.ptk[32:48]
self.mic_ap_to_sta = self.ptk[48:56]
self.mic_sta_to_ap = self.ptk[56:64]
# Reset IV
self.client_iv = count()
def check_MIC_ICV(data, mic_key, source, dest):
"""Check MIC, ICV & return the data from a decrypted TKIP packet"""
assert len(data) > 12
# DATA - MIC(DA - SA - Priority=0 - 0 - 0 - 0 - DATA) - ICV
# 802.11i p.47
ICV = data[-4:]
MIC = data[-12:-4]
data_clear = data[:-12]
expected_ICV = pack("<I", crc32(data_clear + MIC) & 0xFFFFFFFF)
if expected_ICV != ICV:
raise ICVError()
sa = hex_bytes(source.replace(":", "")) # Source MAC
da = hex_bytes(dest.replace(":", "")) # Dest MAC
expected_MIC = michael(mic_key, da + sa + "\x00" + "\x00" * 3 + data_clear)
if expected_MIC != MIC:
raise MICError()
return data_clear
def _inet6_pton(addr):
# type: (str) -> bytes
"""Convert an IPv6 address from text representation into binary form,
used when socket.inet_pton is not available.
"""
joker_pos = None
result = b""
addr = plain_str(addr)
if addr == '::':
return b'\x00' * 16
if addr.startswith('::'):
addr = addr[1:]
if addr.endswith('::'):
addr = addr[:-1]
parts = addr.split(":")
nparts = len(parts)
for i, part in enumerate(parts):
if not part:
# "::" indicates one or more groups of 2 null bytes
if joker_pos is None:
joker_pos = len(result)
else:
# Wildcard is only allowed once
raise _INET6_PTON_EXC
elif i + 1 == nparts and '.' in part:
# The last part of an IPv6 address can be an IPv4 address
if part.count('.') != 3:
# we have to do this since socket.inet_aton('1.2') ==
# b'\x01\x00\x00\x02'
raise _INET6_PTON_EXC
try:
result += socket.inet_aton(part)
except socket.error:
raise _INET6_PTON_EXC
else:
# Each part must be 16bit. Add missing zeroes before decoding.
try:
result += hex_bytes(part.rjust(4, "0"))
except (binascii.Error, TypeError):
raise _INET6_PTON_EXC
# If there's a wildcard, fill up with zeros to reach 128bit (16 bytes)
if joker_pos is not None:
if len(result) == 16:
raise _INET6_PTON_EXC
result = (result[:joker_pos] + b"\x00" * (16 - len(result)) +
result[joker_pos:])
if len(result) != 16:
raise _INET6_PTON_EXC
return result
def pkcs_i2osp(n, sLen):
"""
I2OSP conversion function from RFC 3447.
The length parameter allows the function to perform the padding needed.
Note that the user is responsible for providing a sufficient xLen.
Input : n nonnegative integer to be converted
sLen intended length of the resulting octet string
Output: s corresponding octet string
"""
# if n >= 256**sLen:
# raise Exception("Integer too large for provided sLen %d" % sLen)
fmt = "%%0%dx" % (2 * sLen)
return hex_bytes(fmt % n)
def check_MIC_ICV(data, mic_key, source, dest):
"""Check MIC, ICV & return the data from a decrypted TKIP packet"""
assert len(data) > 12
# DATA - MIC(DA - SA - Priority=0 - 0 - 0 - 0 - DATA) - ICV
# 802.11i p.47
ICV = data[-4:]
MIC = data[-12:-4]
data_clear = data[:-12]
expected_ICV = pack("<I", crc32(data_clear + MIC) & 0xFFFFFFFF)
if expected_ICV != ICV:
raise ICVError()
sa = hex_bytes(source.replace(":", "")) # Source MAC
da = hex_bytes(dest.replace(":", "")) # Dest MAC
expected_MIC = michael(mic_key, da + sa + "\x00" + "\x00" * 3 + data_clear)
if expected_MIC != MIC:
raise MICError()
return data_clear
def pkcs_i2osp(n, sLen):
"""
I2OSP conversion function from RFC 3447.
The length parameter allows the function to perform the padding needed.
Note that the user is responsible for providing a sufficient xLen.
Input : n nonnegative integer to be converted
sLen intended length of the resulting octet string
Output: s corresponding octet string
"""
# if n >= 256**sLen:
# raise Exception("Integer too large for provided sLen %d" % sLen)
fmt = "%%0%dx" % (2 * sLen)
return hex_bytes(fmt % n)
def build_TKIP_payload(data, iv, mac, tk):
"""Build a TKIP header for IV @iv and mac @mac, and encrypt @data
based on temporal key @tk
"""
TSC5, TSC4, TSC3, TSC2, TSC1, TSC0 = ((iv >> 40) & 0xFF, (iv >> 32) & 0xFF,
(iv >> 24) & 0xFF, (iv >> 16) & 0xFF,
(iv >> 8) & 0xFF, iv & 0xFF)
bitfield = 1 << 5 # Extended IV
TKIP_hdr = chr(TSC1) + chr((TSC1 | 0x20) & 0x7f) + chr(TSC0) + chr(
bitfield) # noqa: E501
TKIP_hdr += chr(TSC2) + chr(TSC3) + chr(TSC4) + chr(TSC5)
TA = [orb(e) for e in hex_bytes(mac.replace(':', ''))]
TSC = [TSC0, TSC1, TSC2, TSC3, TSC4, TSC5]
TK = [orb(x) for x in tk]
rc4_key = gen_TKIP_RC4_key(TSC, TA, TK)
return TKIP_hdr + ARC4_encrypt(rc4_key, data)
def build_TKIP_payload(data, iv, mac, tk):
"""Build a TKIP header for IV @iv and mac @mac, and encrypt @data
based on temporal key @tk
"""
TSC5, TSC4, TSC3, TSC2, TSC1, TSC0 = (
(iv >> 40) & 0xFF,
(iv >> 32) & 0xFF,
(iv >> 24) & 0xFF,
(iv >> 16) & 0xFF,
(iv >> 8) & 0xFF,
iv & 0xFF
)
bitfield = 1 << 5 # Extended IV
TKIP_hdr = chr(TSC1) + chr((TSC1 | 0x20) & 0x7f) + chr(TSC0) + chr(bitfield) # noqa: E501
TKIP_hdr += chr(TSC2) + chr(TSC3) + chr(TSC4) + chr(TSC5)
TA = [orb(e) for e in hex_bytes(mac.replace(':', ''))]
TSC = [TSC0, TSC1, TSC2, TSC3, TSC4, TSC5]
TK = [orb(x) for x in tk]
rc4_key = gen_TKIP_RC4_key(TSC, TA, TK)
return TKIP_hdr + ARC4_encrypt(rc4_key, data)
def parse_TKIP_hdr(pkt):
"""Extract TSCs, TA and encoded-data from a packet @pkt"""
# Note: FCS bit is not handled
assert pkt.FCfield.wep
# 802.11i - 8.3.2.2
payload = BytesIO(pkt[Raw].load)
TSC1, WEPseed, TSC0, bitfield = (orb(x) for x in payload.read(4))
if bitfield & (1 << 5):
# Extended IV
TSC2, TSC3, TSC4, TSC5 = (orb(x) for x in payload.read(4))
else:
TSC2, TSC3, TSC4, TSC5 = None, None, None, None
# 802.11i p. 46
raise ValueError("Extended IV must be set for TKIP")
# 802.11i p. 46
assert (TSC1 | 0x20) & 0x7f == WEPseed
TA = [orb(e) for e in hex_bytes(pkt.addr2.replace(':', ''))]
TSC = [TSC0, TSC1, TSC2, TSC3, TSC4, TSC5]
return TSC, TA, payload.read()
def parse_TKIP_hdr(pkt):
"""Extract TSCs, TA and encoded-data from a packet @pkt"""
# Note: FCS bit is not handled
assert pkt.FCfield.wep
# 802.11i - 8.3.2.2
payload = BytesIO(pkt[Raw].load)
TSC1, WEPseed, TSC0, bitfield = (orb(x) for x in payload.read(4))
if bitfield & (1 << 5):
# Extended IV
TSC2, TSC3, TSC4, TSC5 = (orb(x) for x in payload.read(4))
else:
TSC2, TSC3, TSC4, TSC5 = None, None, None, None
# 802.11i p. 46
raise ValueError("Extended IV must be set for TKIP")
# 802.11i p. 46
assert (TSC1 | 0x20) & 0x7f == WEPseed
TA = [orb(e) for e in hex_bytes(pkt.addr2.replace(':', ''))]
TSC = [TSC0, TSC1, TSC2, TSC3, TSC4, TSC5]
return TSC, TA, payload.read()
def isis_sysid2str(sysid):
return b"".join(hex_bytes(x) for x in sysid.split("."))
def isis_area2str(area):
return b"".join(hex_bytes(x) for x in area.split("."))
def isis_lspid2str(lspid):
return isis_nodeid2str(lspid[:-3]) + hex_bytes(lspid[-2:])
def isis_nodeid2str(nodeid):
return isis_sysid2str(nodeid[:-3]) + hex_bytes(nodeid[-2:])
def isis_sysid2str(sysid):
return b"".join(hex_bytes(x) for x in sysid.split("."))
def isis_nodeid2str(nodeid):
return isis_sysid2str(nodeid[:-3]) + hex_bytes(nodeid[-2:])
def isis_area2str(area):
return b"".join(hex_bytes(x) for x in area.split("."))
def isis_lspid2str(lspid):
return isis_nodeid2str(lspid[:-3]) + hex_bytes(lspid[-2:])
