1770bb9f5f4acc0c59e3a200849c189d6616e2417Phil#!/usr/bin/env python 2770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 33e3cb22b2c55d29ed5ffc780c77feda2f7ef4564gpotter# This file is part of Scapy 43e3cb22b2c55d29ed5ffc780c77feda2f7ef4564gpotter# Scapy is free software: you can redistribute it and/or modify 53e3cb22b2c55d29ed5ffc780c77feda2f7ef4564gpotter# it under the terms of the GNU General Public License as published by 63e3cb22b2c55d29ed5ffc780c77feda2f7ef4564gpotter# the Free Software Foundation, either version 2 of the License, or 73e3cb22b2c55d29ed5ffc780c77feda2f7ef4564gpotter# any later version. 83e3cb22b2c55d29ed5ffc780c77feda2f7ef4564gpotter# 93e3cb22b2c55d29ed5ffc780c77feda2f7ef4564gpotter# Scapy is distributed in the hope that it will be useful, 103e3cb22b2c55d29ed5ffc780c77feda2f7ef4564gpotter# but WITHOUT ANY WARRANTY; without even the implied warranty of 113e3cb22b2c55d29ed5ffc780c77feda2f7ef4564gpotter# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 123e3cb22b2c55d29ed5ffc780c77feda2f7ef4564gpotter# GNU General Public License for more details. 133e3cb22b2c55d29ed5ffc780c77feda2f7ef4564gpotter# 143e3cb22b2c55d29ed5ffc780c77feda2f7ef4564gpotter# You should have received a copy of the GNU General Public License 153e3cb22b2c55d29ed5ffc780c77feda2f7ef4564gpotter# along with Scapy. If not, see <http://www.gnu.org/licenses/>. 16770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 17770bb9f5f4acc0c59e3a200849c189d6616e2417Phil# scapy.contrib.description = IKEv2 180a6a04119706e7a9486d637fd25ca80878ebc86dgpotter# scapy.contrib.status = loads 19770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 20770bb9f5f4acc0c59e3a200849c189d6616e2417Philimport logging 216057906368d55634d11e1d19a5cca1f127595b11Robin Jarryimport struct 22770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 23770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 24770bb9f5f4acc0c59e3a200849c189d6616e2417Phil## Modified from the original ISAKMP code by Yaron Sheffer <yaronf.ietf@gmail.com>, June 2010. 25770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 26770bb9f5f4acc0c59e3a200849c189d6616e2417Philfrom scapy.packet import * 27770bb9f5f4acc0c59e3a200849c189d6616e2417Philfrom scapy.fields import * 2839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterfrom scapy.layers.inet6 import * 2939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterfrom scapy.layers.x509 import X509_Cert, X509_CRL 30770bb9f5f4acc0c59e3a200849c189d6616e2417Philfrom scapy.ansmachine import * 31770bb9f5f4acc0c59e3a200849c189d6616e2417Philfrom scapy.layers.inet import IP,UDP 326057906368d55634d11e1d19a5cca1f127595b11Robin Jarryfrom scapy.layers.isakmp import ISAKMP 33770bb9f5f4acc0c59e3a200849c189d6616e2417Philfrom scapy.sendrecv import sr 34770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 35770bb9f5f4acc0c59e3a200849c189d6616e2417Phil# see http://www.iana.org/assignments/ikev2-parameters for details 36770bb9f5f4acc0c59e3a200849c189d6616e2417PhilIKEv2AttributeTypes= { "Encryption": (1, { "DES-IV64" : 1, 37770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "DES" : 2, 38770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "3DES" : 3, 39770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "RC5" : 4, 400d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz "IDEA" : 5, 410d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz "CAST" : 6, 420d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz "Blowfish" : 7, 43770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "3IDEA" : 8, 44770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "DES-IV32" : 9, 45770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "AES-CBC" : 12, 46770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "AES-CTR" : 13, 47770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "AES-CCM-8" : 14, 48770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "AES-CCM-12" : 15, 49770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "AES-CCM-16" : 16, 50770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "AES-GCM-8ICV" : 18, 51770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "AES-GCM-12ICV" : 19, 52770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "AES-GCM-16ICV" : 20, 53770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "Camellia-CBC" : 23, 54770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "Camellia-CTR" : 24, 55770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "Camellia-CCM-8ICV" : 25, 56770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "Camellia-CCM-12ICV" : 26, 57770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "Camellia-CCM-16ICV" : 27, 58770bb9f5f4acc0c59e3a200849c189d6616e2417Phil }, 0), 59770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "PRF": (2, {"PRF_HMAC_MD5":1, 60770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "PRF_HMAC_SHA1":2, 61770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "PRF_HMAC_TIGER":3, 62770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "PRF_AES128_XCBC":4, 63770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "PRF_HMAC_SHA2_256":5, 64770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "PRF_HMAC_SHA2_384":6, 65770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "PRF_HMAC_SHA2_512":7, 66770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "PRF_AES128_CMAC":8, 67770bb9f5f4acc0c59e3a200849c189d6616e2417Phil }, 0), 68770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "Integrity": (3, { "HMAC-MD5-96": 1, 69770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "HMAC-SHA1-96": 2, 70770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "DES-MAC": 3, 71770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "KPDK-MD5": 4, 72770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "AES-XCBC-96": 5, 73770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "HMAC-MD5-128": 6, 74770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "HMAC-SHA1-160": 7, 75770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "AES-CMAC-96": 8, 76770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "AES-128-GMAC": 9, 77770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "AES-192-GMAC": 10, 78770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "AES-256-GMAC": 11, 79770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "SHA2-256-128": 12, 80770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "SHA2-384-192": 13, 81770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "SHA2-512-256": 14, 82770bb9f5f4acc0c59e3a200849c189d6616e2417Phil }, 0), 83770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "GroupDesc": (4, { "768MODPgr" : 1, 840d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz "1024MODPgr" : 2, 850d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz "1536MODPgr" : 5, 860d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz "2048MODPgr" : 14, 870d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz "3072MODPgr" : 15, 880d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz "4096MODPgr" : 16, 890d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz "6144MODPgr" : 17, 900d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz "8192MODPgr" : 18, 91770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "256randECPgr" : 19, 92770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "384randECPgr" : 20, 93770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "521randECPgr" : 21, 94770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "1024MODP160POSgr" : 22, 95770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "2048MODP224POSgr" : 23, 96770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "2048MODP256POSgr" : 24, 97770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "192randECPgr" : 25, 98770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "224randECPgr" : 26, 99770bb9f5f4acc0c59e3a200849c189d6616e2417Phil }, 0), 100770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "Extended Sequence Number": (5, {"No ESN": 0, 101770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "ESN": 1, }, 0), 102770bb9f5f4acc0c59e3a200849c189d6616e2417Phil } 103770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 10439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterIKEv2AuthenticationTypes = { 10539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 0 : "Reserved", 10639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 1 : "RSA Digital Signature", 10739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 2 : "Shared Key Message Integrity Code", 10839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 3 : "DSS Digital Signature", 10939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 9 : "ECDSA with SHA-256 on the P-256 curve", 11039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 10 : "ECDSA with SHA-384 on the P-384 curve", 11139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 11 : "ECDSA with SHA-512 on the P-521 curve", 11239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 12 : "Generic Secure Password Authentication Method", 11339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 13 : "NULL Authentication", 11439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 14 : "Digital Signature" 11539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter} 11639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 11733420f2494d766bab5b154622c241d2057620c89Philippe ROSEIKEv2NotifyMessageTypes = { 11839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 1 : "UNSUPPORTED_CRITICAL_PAYLOAD", 11939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 4 : "INVALID_IKE_SPI", 12039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 5 : "INVALID_MAJOR_VERSION", 12139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 7 : "INVALID_SYNTAX", 12239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 9 : "INVALID_MESSAGE_ID", 12339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 11 : "INVALID_SPI", 12439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 14 : "NO_PROPOSAL_CHOSEN", 12539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 17 : "INVALID_KE_PAYLOAD", 12639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 24 : "AUTHENTICATION_FAILED", 12739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 34 : "SINGLE_PAIR_REQUIRED", 12839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 35 : "NO_ADDITIONAL_SAS", 12939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 36 : "INTERNAL_ADDRESS_FAILURE", 13039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 37 : "FAILED_CP_REQUIRED", 13139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 38 : "TS_UNACCEPTABLE", 13239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 39 : "INVALID_SELECTORS", 13339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 40 : "UNACCEPTABLE_ADDRESSES", 13439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 41 : "UNEXPECTED_NAT_DETECTED", 13539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 42 : "USE_ASSIGNED_HoA", 13639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 43 : "TEMPORARY_FAILURE", 13739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 44 : "CHILD_SA_NOT_FOUND", 13839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 45 : "INVALID_GROUP_ID", 13939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 46 : "AUTHORIZATION_FAILED", 14039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16384 : "INITIAL_CONTACT", 14139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16385 : "SET_WINDOW_SIZE", 14239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16386 : "ADDITIONAL_TS_POSSIBLE", 14339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16387 : "IPCOMP_SUPPORTED", 14439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16388 : "NAT_DETECTION_SOURCE_IP", 14539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16389 : "NAT_DETECTION_DESTINATION_IP", 14639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16390 : "COOKIE", 14739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16391 : "USE_TRANSPORT_MODE", 14839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16392 : "HTTP_CERT_LOOKUP_SUPPORTED", 14939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16393 : "REKEY_SA", 15039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16394 : "ESP_TFC_PADDING_NOT_SUPPORTED", 15139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16395 : "NON_FIRST_FRAGMENTS_ALSO", 15239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16396 : "MOBIKE_SUPPORTED", 15339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16397 : "ADDITIONAL_IP4_ADDRESS", 15439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16398 : "ADDITIONAL_IP6_ADDRESS", 15539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16399 : "NO_ADDITIONAL_ADDRESSES", 15639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16400 : "UPDATE_SA_ADDRESSES", 15739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16401 : "COOKIE2", 15839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16402 : "NO_NATS_ALLOWED", 15939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16403 : "AUTH_LIFETIME", 16039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16404 : "MULTIPLE_AUTH_SUPPORTED", 16139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16405 : "ANOTHER_AUTH_FOLLOWS", 16239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16406 : "REDIRECT_SUPPORTED", 16339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16407 : "REDIRECT", 16439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16408 : "REDIRECTED_FROM", 16539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16409 : "TICKET_LT_OPAQUE", 16639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16410 : "TICKET_REQUEST", 16739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16411 : "TICKET_ACK", 16839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16412 : "TICKET_NACK", 16939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16413 : "TICKET_OPAQUE", 17039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16414 : "LINK_ID", 17139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16415 : "USE_WESP_MODE", 17239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16416 : "ROHC_SUPPORTED", 17339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16417 : "EAP_ONLY_AUTHENTICATION", 17439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16418 : "CHILDLESS_IKEV2_SUPPORTED", 17539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16419 : "QUICK_CRASH_DETECTION", 17639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16420 : "IKEV2_MESSAGE_ID_SYNC_SUPPORTED", 17739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16421 : "IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED", 17839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16422 : "IKEV2_MESSAGE_ID_SYNC", 17939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16423 : "IPSEC_REPLAY_COUNTER_SYNC", 18039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16424 : "SECURE_PASSWORD_METHODS", 18139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16425 : "PSK_PERSIST", 18239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16426 : "PSK_CONFIRM", 18339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16427 : "ERX_SUPPORTED", 18439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16428 : "IFOM_CAPABILITY", 18539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16429 : "SENDER_REQUEST_ID", 18639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16430 : "IKEV2_FRAGMENTATION_SUPPORTED", 18739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16431 : "SIGNATURE_HASH_ALGORITHMS", 18839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16432 : "CLONE_IKE_SA_SUPPORTED", 18939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16433 : "CLONE_IKE_SA" 19033420f2494d766bab5b154622c241d2057620c89Philippe ROSE} 19133420f2494d766bab5b154622c241d2057620c89Philippe ROSE 19233420f2494d766bab5b154622c241d2057620c89Philippe ROSEIKEv2CertificateEncodings = { 19339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 1 : "PKCS #7 wrapped X.509 certificate", 19439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 2 : "PGP Certificate", 19539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 3 : "DNS Signed Key", 19639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 4 : "X.509 Certificate - Signature", 19739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 6 : "Kerberos Token", 19839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 7 : "Certificate Revocation List (CRL)", 19939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 8 : "Authority Revocation List (ARL)", 20039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 9 : "SPKI Certificate", 20139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 10 : "X.509 Certificate - Attribute", 20239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 11 : "Raw RSA Key", 20339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 12 : "Hash and URL of X.509 certificate", 20439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 13 : "Hash and URL of X.509 bundle" 20539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter} 20639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 20739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterIKEv2TrafficSelectorTypes = { 20839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 7 : "TS_IPV4_ADDR_RANGE", 20939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 8 : "TS_IPV6_ADDR_RANGE", 21039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 9 : "TS_FC_ADDR_RANGE" 21133420f2494d766bab5b154622c241d2057620c89Philippe ROSE} 21233420f2494d766bab5b154622c241d2057620c89Philippe ROSE 21339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterIPProtocolIDs = { 21439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 0 : "All protocols", 21539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 1 : "Internet Control Message Protocol", 21639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 2 : "Internet Group Management Protocol", 21739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 3 : "Gateway-to-Gateway Protocol", 21839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 4 : "IP in IP (encapsulation)", 21939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 5 : "Internet Stream Protocol", 22039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 6 : "Transmission Control Protocol", 22139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 7 : "Core-based trees", 22239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 8 : "Exterior Gateway Protocol", 22339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 9 : "Interior Gateway Protocol (any private interior gateway (used by Cisco for their IGRP))", 22439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 10 : "BBN RCC Monitoring", 22539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 11 : "Network Voice Protocol", 22639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 12 : "Xerox PUP", 22739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 13 : "ARGUS", 22839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 14 : "EMCON", 22939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 15 : "Cross Net Debugger", 23039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 16 : "Chaos", 23139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 17 : "User Datagram Protocol", 23239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 18 : "Multiplexing", 23339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 19 : "DCN Measurement Subsystems", 23439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 20 : "Host Monitoring Protocol", 23539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 21 : "Packet Radio Measurement", 23639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 22 : "XEROX NS IDP", 23739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 23 : "Trunk-1", 23839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 24 : "Trunk-2", 23939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 25 : "Leaf-1", 24039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 26 : "Leaf-2", 24139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 27 : "Reliable Datagram Protocol", 24239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 28 : "Internet Reliable Transaction Protocol", 24339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 29 : "ISO Transport Protocol Class 4", 24439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 30 : "Bulk Data Transfer Protocol", 24539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 31 : "MFE Network Services Protocol", 24639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 32 : "MERIT Internodal Protocol", 24739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 33 : "Datagram Congestion Control Protocol", 24839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 34 : "Third Party Connect Protocol", 24939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 35 : "Inter-Domain Policy Routing Protocol", 25039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 36 : "Xpress Transport Protocol", 25139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 37 : "Datagram Delivery Protocol", 25239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 38 : "IDPR Control Message Transport Protocol", 25339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 39 : "TP++ Transport Protocol", 25439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 40 : "IL Transport Protocol", 25539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 41 : "IPv6 Encapsulation", 25639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 42 : "Source Demand Routing Protocol", 25739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 43 : "Routing Header for IPv6", 25839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 44 : "Fragment Header for IPv6", 25939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 45 : "Inter-Domain Routing Protocol", 26039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 46 : "Resource Reservation Protocol", 26139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 47 : "Generic Routing Encapsulation", 26239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 48 : "Mobile Host Routing Protocol", 26339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 49 : "BNA", 26439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 50 : "Encapsulating Security Payload", 26539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 51 : "Authentication Header", 26639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 52 : "Integrated Net Layer Security Protocol", 26739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 53 : "SwIPe", 26839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 54 : "NBMA Address Resolution Protocol", 26939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 55 : "IP Mobility (Min Encap)", 27039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 56 : "Transport Layer Security Protocol (using Kryptonet key management)", 27139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 57 : "Simple Key-Management for Internet Protocol", 27239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 58 : "ICMP for IPv6", 27339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 59 : "No Next Header for IPv6", 27439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 60 : "Destination Options for IPv6", 27539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 61 : "Any host internal protocol", 27639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 62 : "CFTP", 27739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 63 : "Any local network", 27839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 64 : "SATNET and Backroom EXPAK", 27939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 65 : "Kryptolan", 28039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 66 : "MIT Remote Virtual Disk Protocol", 28139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 67 : "Internet Pluribus Packet Core", 28239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 68 : "Any distributed file system", 28339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 69 : "SATNET Monitoring", 28439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 70 : "VISA Protocol", 28539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 71 : "Internet Packet Core Utility", 28639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 72 : "Computer Protocol Network Executive", 28739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 73 : "Computer Protocol Heart Beat", 28839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 74 : "Wang Span Network", 28939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 75 : "Packet Video Protocol", 29039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 76 : "Backroom SATNET Monitoring", 29139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 77 : "SUN ND PROTOCOL-Temporary", 29239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 78 : "WIDEBAND Monitoring", 29339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 79 : "WIDEBAND EXPAK", 29439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 80 : "International Organization for Standardization Internet Protocol", 29539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 81 : "Versatile Message Transaction Protocol", 29639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 82 : "Secure Versatile Message Transaction Protocol", 29739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 83 : "VINES", 29839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 84 : "Internet Protocol Traffic Manager", 29939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 85 : "NSFNET-IGP", 30039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 86 : "Dissimilar Gateway Protocol", 30139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 87 : "TCF", 30239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 88 : "EIGRP", 30339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 89 : "Open Shortest Path First", 30439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 90 : "Sprite RPC Protocol", 30539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 91 : "Locus Address Resolution Protocol", 30639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 92 : "Multicast Transport Protocol", 30739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 93 : "AX.25", 30839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 94 : "IP-within-IP Encapsulation Protocol", 30939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 95 : "Mobile Internetworking Control Protocol", 31039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 96 : "Semaphore Communications Sec. Pro", 31139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 97 : "Ethernet-within-IP Encapsulation", 31239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 98 : "Encapsulation Header", 31339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 99 : "Any private encryption scheme", 31439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 100 : "GMTP", 31539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 101 : "Ipsilon Flow Management Protocol", 31639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 102 : "PNNI over IP", 31739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 103 : "Protocol Independent Multicast", 31839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 104 : "IBM's ARIS (Aggregate Route IP Switching) Protocol", 31939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 105 : "SCPS (Space Communications Protocol Standards)", 32039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 106 : "QNX", 32139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 107 : "Active Networks", 32239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 108 : "IP Payload Compression Protocol", 32339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 109 : "Sitara Networks Protocol", 32439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 110 : "Compaq Peer Protocol", 32539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 111 : "IPX in IP", 32639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 112 : "Virtual Router Redundancy Protocol, Common Address Redundancy Protocol (not IANA assigned)", 32739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 113 : "PGM Reliable Transport Protocol", 32839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 114 : "Any 0-hop protocol", 32939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 115 : "Layer Two Tunneling Protocol Version 3", 33039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 116 : "D-II Data Exchange (DDX)", 33139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 117 : "Interactive Agent Transfer Protocol", 33239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 118 : "Schedule Transfer Protocol", 33339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 119 : "SpectraLink Radio Protocol", 33439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 120 : "Universal Transport Interface Protocol", 33539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 121 : "Simple Message Protocol", 33639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 122 : "Simple Multicast Protocol", 33739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 123 : "Performance Transparency Protocol", 33839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 124 : "Intermediate System to Intermediate System (IS-IS) Protocol over IPv4", 33939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 125 : "Flexible Intra-AS Routing Environment", 34039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 126 : "Combat Radio Transport Protocol", 34139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 127 : "Combat Radio User Datagram", 34239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 128 : "Service-Specific Connection-Oriented Protocol in a Multilink and Connectionless Environment", 34339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 129 : "IPLT", 34439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 130 : "Secure Packet Shield", 34539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 131 : "Private IP Encapsulation within IP", 34639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 132 : "Stream Control Transmission Protocol", 34739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 133 : "Fibre Channel", 34839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 134 : "Reservation Protocol (RSVP) End-to-End Ignore", 34939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 135 : "Mobility Extension Header for IPv6", 35039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 136 : "Lightweight User Datagram Protocol", 35139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 137 : "Multiprotocol Label Switching Encapsulated in IP", 35239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 138 : "MANET Protocols", 35339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 139 : "Host Identity Protocol", 35439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 140 : "Site Multihoming by IPv6 Intermediation", 35539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 141 : "Wrapped Encapsulating Security Payload", 35639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 142 : "Robust Header Compression", 35739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter} 35839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 35939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter# the name 'IKEv2TransformTypes' is actually a misnomer (since the table 36039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter# holds info for all IKEv2 Attribute types, not just transforms, but we'll 361770bb9f5f4acc0c59e3a200849c189d6616e2417Phil# keep it for backwards compatibility... for now at least 362770bb9f5f4acc0c59e3a200849c189d6616e2417PhilIKEv2TransformTypes = IKEv2AttributeTypes 363770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 364770bb9f5f4acc0c59e3a200849c189d6616e2417PhilIKEv2TransformNum = {} 365770bb9f5f4acc0c59e3a200849c189d6616e2417Philfor n in IKEv2TransformTypes: 366770bb9f5f4acc0c59e3a200849c189d6616e2417Phil val = IKEv2TransformTypes[n] 367770bb9f5f4acc0c59e3a200849c189d6616e2417Phil tmp = {} 368770bb9f5f4acc0c59e3a200849c189d6616e2417Phil for e in val[1]: 369770bb9f5f4acc0c59e3a200849c189d6616e2417Phil tmp[val[1][e]] = e 37033420f2494d766bab5b154622c241d2057620c89Philippe ROSE IKEv2TransformNum[val[0]] = tmp 371770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 372770bb9f5f4acc0c59e3a200849c189d6616e2417PhilIKEv2Transforms = {} 373770bb9f5f4acc0c59e3a200849c189d6616e2417Philfor n in IKEv2TransformTypes: 3740d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz IKEv2Transforms[IKEv2TransformTypes[n][0]]=n 375770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 376770bb9f5f4acc0c59e3a200849c189d6616e2417Phildel(n) 377770bb9f5f4acc0c59e3a200849c189d6616e2417Phildel(e) 378770bb9f5f4acc0c59e3a200849c189d6616e2417Phildel(tmp) 379770bb9f5f4acc0c59e3a200849c189d6616e2417Phildel(val) 380770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 381770bb9f5f4acc0c59e3a200849c189d6616e2417Phil# Note: Transform and Proposal can only be used inside the SA payload 3820d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor PfautzIKEv2_payload_type = ["None", "", "Proposal", "Transform"] 383770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 384770bb9f5f4acc0c59e3a200849c189d6616e2417PhilIKEv2_payload_type.extend([""] * 29) 385770bb9f5f4acc0c59e3a200849c189d6616e2417PhilIKEv2_payload_type.extend(["SA","KE","IDi","IDr", "CERT","CERTREQ","AUTH","Nonce","Notify","Delete", 3869cccfd1ccbbcc8377cec9358de5d8db64111ec43Guillaume Valadon "VendorID","TSi","TSr","Encrypted","CP","EAP", "", "", "", "", "Encrypted Fragment"]) 387770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 388770bb9f5f4acc0c59e3a200849c189d6616e2417PhilIKEv2_exchange_type = [""] * 34 389770bb9f5f4acc0c59e3a200849c189d6616e2417PhilIKEv2_exchange_type.extend(["IKE_SA_INIT","IKE_AUTH","CREATE_CHILD_SA", 390770bb9f5f4acc0c59e3a200849c189d6616e2417Phil "INFORMATIONAL", "IKE_SESSION_RESUME"]) 391770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 392770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 393770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_class(Packet): 394770bb9f5f4acc0c59e3a200849c189d6616e2417Phil def guess_payload_class(self, payload): 395770bb9f5f4acc0c59e3a200849c189d6616e2417Phil np = self.next_payload 396770bb9f5f4acc0c59e3a200849c189d6616e2417Phil logging.debug("For IKEv2_class np=%d" % np) 397770bb9f5f4acc0c59e3a200849c189d6616e2417Phil if np == 0: 3987b3e970663abd72697e17b70aba9943ae0dad404Phil return conf.raw_layer 399770bb9f5f4acc0c59e3a200849c189d6616e2417Phil elif np < len(IKEv2_payload_type): 400770bb9f5f4acc0c59e3a200849c189d6616e2417Phil pt = IKEv2_payload_type[np] 401770bb9f5f4acc0c59e3a200849c189d6616e2417Phil logging.debug(globals().get("IKEv2_payload_%s" % pt, IKEv2_payload)) 402770bb9f5f4acc0c59e3a200849c189d6616e2417Phil return globals().get("IKEv2_payload_%s" % pt, IKEv2_payload) 403770bb9f5f4acc0c59e3a200849c189d6616e2417Phil else: 404770bb9f5f4acc0c59e3a200849c189d6616e2417Phil return IKEv2_payload 405770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 406770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 407770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2(IKEv2_class): # rfc4306 408770bb9f5f4acc0c59e3a200849c189d6616e2417Phil name = "IKEv2" 409770bb9f5f4acc0c59e3a200849c189d6616e2417Phil fields_desc = [ 410770bb9f5f4acc0c59e3a200849c189d6616e2417Phil StrFixedLenField("init_SPI","",8), 411770bb9f5f4acc0c59e3a200849c189d6616e2417Phil StrFixedLenField("resp_SPI","",8), 412770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("next_payload",0,IKEv2_payload_type), 41339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter XByteField("version", 0x20), 414770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("exch_type",0,IKEv2_exchange_type), 415770bb9f5f4acc0c59e3a200849c189d6616e2417Phil FlagsField("flags",0, 8, ["res0","res1","res2","Initiator","Version","Response","res6","res7"]), 416770bb9f5f4acc0c59e3a200849c189d6616e2417Phil IntField("id",0), 41739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter IntField("length",None) # Length of total message: packets + all payloads 418770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ] 419770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 420770bb9f5f4acc0c59e3a200849c189d6616e2417Phil def guess_payload_class(self, payload): 421770bb9f5f4acc0c59e3a200849c189d6616e2417Phil if self.flags & 1: 4227b3e970663abd72697e17b70aba9943ae0dad404Phil return conf.raw_layer 423770bb9f5f4acc0c59e3a200849c189d6616e2417Phil return IKEv2_class.guess_payload_class(self, payload) 424770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 425770bb9f5f4acc0c59e3a200849c189d6616e2417Phil def answers(self, other): 426770bb9f5f4acc0c59e3a200849c189d6616e2417Phil if isinstance(other, IKEv2): 427770bb9f5f4acc0c59e3a200849c189d6616e2417Phil if other.init_SPI == self.init_SPI: 428770bb9f5f4acc0c59e3a200849c189d6616e2417Phil return 1 429770bb9f5f4acc0c59e3a200849c189d6616e2417Phil return 0 430770bb9f5f4acc0c59e3a200849c189d6616e2417Phil def post_build(self, p, pay): 431770bb9f5f4acc0c59e3a200849c189d6616e2417Phil p += pay 432770bb9f5f4acc0c59e3a200849c189d6616e2417Phil if self.length is None: 433770bb9f5f4acc0c59e3a200849c189d6616e2417Phil p = p[:24]+struct.pack("!I",len(p))+p[28:] 434770bb9f5f4acc0c59e3a200849c189d6616e2417Phil return p 4350d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz 436770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 437770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_Key_Length_Attribute(IntField): 4380d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz # We only support the fixed-length Key Length attribute (the only one currently defined) 4390d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz def __init__(self, name): 4400d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz IntField.__init__(self, name, 0x800E0000) 4410d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz 4420d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz def i2h(self, pkt, x): 4430d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz return IntField.i2h(self, pkt, x & 0xFFFF) 4440d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz 4450d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz def h2i(self, pkt, x): 4460d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz return IntField.h2i(self, pkt, x if x !=None else 0 | 0x800E0000) 447770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 448770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_payload_Transform(IKEv2_class): 449770bb9f5f4acc0c59e3a200849c189d6616e2417Phil name = "IKE Transform" 450770bb9f5f4acc0c59e3a200849c189d6616e2417Phil fields_desc = [ 451770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("next_payload",None,{0:"last", 3:"Transform"}), 452770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("res",0), 453770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ShortField("length",8), 454770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("transform_type",None,IKEv2Transforms), 455770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("res2",0), 45633420f2494d766bab5b154622c241d2057620c89Philippe ROSE MultiEnumField("transform_id",None,IKEv2TransformNum,depends_on=lambda pkt:pkt.transform_type,fmt="H"), 457770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ConditionalField(IKEv2_Key_Length_Attribute("key_length"), lambda pkt: pkt.length > 8), 458770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ] 4590d92fc9fbb58df9cc4bbeb007bf65020fe1aa092Victor Pfautz 460770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_payload_Proposal(IKEv2_class): 461770bb9f5f4acc0c59e3a200849c189d6616e2417Phil name = "IKEv2 Proposal" 462770bb9f5f4acc0c59e3a200849c189d6616e2417Phil fields_desc = [ 463770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("next_payload",None,{0:"last", 2:"Proposal"}), 464770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("res",0), 46539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter FieldLenField("length",None,"trans","H", adjust=lambda pkt,x:x+8+(pkt.SPIsize if pkt.SPIsize else 0)), 466770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("proposal",1), 46739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("proto",1,{1:"IKEv2", 2:"AH", 3:"ESP"}), 468770bb9f5f4acc0c59e3a200849c189d6616e2417Phil FieldLenField("SPIsize",None,"SPI","B"), 469770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("trans_nb",None), 47039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter StrLenField("SPI","",length_from=lambda pkt:pkt.SPIsize), 47139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter PacketLenField("trans",conf.raw_layer(),IKEv2_payload_Transform,length_from=lambda pkt:pkt.length-8-pkt.SPIsize), 472770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ] 473770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 474770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 475770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_payload(IKEv2_class): 476770bb9f5f4acc0c59e3a200849c189d6616e2417Phil name = "IKEv2 Payload" 477770bb9f5f4acc0c59e3a200849c189d6616e2417Phil fields_desc = [ 478770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("next_payload",None,IKEv2_payload_type), 479770bb9f5f4acc0c59e3a200849c189d6616e2417Phil FlagsField("flags",0, 8, ["critical","res1","res2","res3","res4","res5","res6","res7"]), 480770bb9f5f4acc0c59e3a200849c189d6616e2417Phil FieldLenField("length",None,"load","H", adjust=lambda pkt,x:x+4), 481770bb9f5f4acc0c59e3a200849c189d6616e2417Phil StrLenField("load","",length_from=lambda x:x.length-4), 482770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ] 483770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 484770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 48539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterclass IKEv2_payload_AUTH(IKEv2_class): 48639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter name = "IKEv2 Authentication" 48739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter overload_fields = { IKEv2: { "next_payload":39 }} 48839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter fields_desc = [ 48939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("next_payload",None,IKEv2_payload_type), 49039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteField("res",0), 49139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter FieldLenField("length",None,"load","H", adjust=lambda pkt,x:x+8), 49239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("auth_type",None,IKEv2AuthenticationTypes), 49339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter X3BytesField("res2",0), 49439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter StrLenField("load","",length_from=lambda x:x.length-8), 49539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ] 49639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 497770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_payload_VendorID(IKEv2_class): 498770bb9f5f4acc0c59e3a200849c189d6616e2417Phil name = "IKEv2 Vendor ID" 499770bb9f5f4acc0c59e3a200849c189d6616e2417Phil overload_fields = { IKEv2: { "next_payload":43 }} 500770bb9f5f4acc0c59e3a200849c189d6616e2417Phil fields_desc = [ 501770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("next_payload",None,IKEv2_payload_type), 502770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("res",0), 503770bb9f5f4acc0c59e3a200849c189d6616e2417Phil FieldLenField("length",None,"vendorID","H", adjust=lambda pkt,x:x+4), 504770bb9f5f4acc0c59e3a200849c189d6616e2417Phil StrLenField("vendorID","",length_from=lambda x:x.length-4), 505770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ] 506770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 50739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterclass TrafficSelector(Packet): 50839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter @classmethod 50939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter def dispatch_hook(cls, _pkt=None, *args, **kargs): 51039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter if _pkt and len(_pkt) >= 16: 51139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ts_type = struct.unpack("!B", _pkt[0:1])[0] 51239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter if ts_type == 7: 51339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter return IPv4TrafficSelector 51439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter elif ts_type == 8: 51539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter return IPv6TrafficSelector 51639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter elif ts_type == 9: 51739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter return EncryptedTrafficSelector 51839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter else: 51939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter return RawTrafficSelector 52039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter return IPv4TrafficSelector 52139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 52239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterclass IPv4TrafficSelector(TrafficSelector): 52339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter name = "IKEv2 IPv4 Traffic Selector" 52439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter fields_desc = [ 52539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("TS_type",7,IKEv2TrafficSelectorTypes), 52639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("IP_protocol_ID",None,IPProtocolIDs), 52739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ShortField("length",16), 52839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ShortField("start_port",0), 52939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ShortField("end_port",65535), 53039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter IPField("starting_address_v4","192.168.0.1"), 53139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter IPField("ending_address_v4","192.168.0.255"), 53239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ] 53339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 53439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterclass IPv6TrafficSelector(TrafficSelector): 53539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter name = "IKEv2 IPv6 Traffic Selector" 53639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter fields_desc = [ 53739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("TS_type",8,IKEv2TrafficSelectorTypes), 53839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("IP_protocol_ID",None,IPProtocolIDs), 53939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ShortField("length",20), 54039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ShortField("start_port",0), 54139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ShortField("end_port",65535), 54239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter IP6Field("starting_address_v6","2001::"), 54339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter IP6Field("ending_address_v6","2001::"), 54439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ] 54539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 54639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterclass EncryptedTrafficSelector(TrafficSelector): 54739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter name = "IKEv2 Encrypted Traffic Selector" 54839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter fields_desc = [ 54939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("TS_type",9,IKEv2TrafficSelectorTypes), 55039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("IP_protocol_ID",None,IPProtocolIDs), 55139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ShortField("length",16), 55239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteField("res",0), 55339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter X3BytesField("starting_address_FC",0), 55439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteField("res2",0), 55539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter X3BytesField("ending_address_FC",0), 55639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteField("starting_R_CTL",0), 55739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteField("ending_R_CTL",0), 55839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteField("starting_type",0), 55939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteField("ending_type",0), 56039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ] 56139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 56239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterclass RawTrafficSelector(TrafficSelector): 56339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter name = "IKEv2 Encrypted Traffic Selector" 56439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter fields_desc = [ 56539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("TS_type",None,IKEv2TrafficSelectorTypes), 56639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("IP_protocol_ID",None,IPProtocolIDs), 56739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter FieldLenField("length",None,"load","H", adjust=lambda pkt,x:x+4), 56839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter PacketField("load", "", Raw) 56939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ] 57039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 57139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterclass IKEv2_payload_TSi(IKEv2_class): 57239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter name = "IKEv2 Traffic Selector - Initiator" 57339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter overload_fields = { IKEv2: { "next_payload":44 }} 57439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter fields_desc = [ 57539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("next_payload",None,IKEv2_payload_type), 57639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteField("res",0), 57739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter FieldLenField("length",None,"traffic_selector","H", adjust=lambda pkt,x:x+8), 57839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteField("number_of_TSs",0), 57939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter X3BytesField("res2",0), 58039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter PacketListField("traffic_selector",None,TrafficSelector,length_from=lambda x:x.length-8,count_from=lambda x:x.number_of_TSs), 58139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ] 58239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 58339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterclass IKEv2_payload_TSr(IKEv2_class): 58439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter name = "IKEv2 Traffic Selector - Responder" 58539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter overload_fields = { IKEv2: { "next_payload":45 }} 58639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter fields_desc = [ 58739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("next_payload",None,IKEv2_payload_type), 58839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteField("res",0), 58939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter FieldLenField("length",None,"traffic_selector","H", adjust=lambda pkt,x:x+8), 59039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteField("number_of_TSs",0), 59139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter X3BytesField("res2",0), 59239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter PacketListField("traffic_selector",None,TrafficSelector,length_from=lambda x:x.length-8,count_from=lambda x:x.number_of_TSs), 59339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ] 59439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 595770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_payload_Delete(IKEv2_class): 596770bb9f5f4acc0c59e3a200849c189d6616e2417Phil name = "IKEv2 Vendor ID" 597770bb9f5f4acc0c59e3a200849c189d6616e2417Phil overload_fields = { IKEv2: { "next_payload":42 }} 598770bb9f5f4acc0c59e3a200849c189d6616e2417Phil fields_desc = [ 599770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("next_payload",None,IKEv2_payload_type), 600770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("res",0), 601770bb9f5f4acc0c59e3a200849c189d6616e2417Phil FieldLenField("length",None,"vendorID","H", adjust=lambda pkt,x:x+4), 602770bb9f5f4acc0c59e3a200849c189d6616e2417Phil StrLenField("vendorID","",length_from=lambda x:x.length-4), 603770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ] 604770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 605770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_payload_SA(IKEv2_class): 606770bb9f5f4acc0c59e3a200849c189d6616e2417Phil name = "IKEv2 SA" 607770bb9f5f4acc0c59e3a200849c189d6616e2417Phil overload_fields = { IKEv2: { "next_payload":33 }} 608770bb9f5f4acc0c59e3a200849c189d6616e2417Phil fields_desc = [ 609770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("next_payload",None,IKEv2_payload_type), 610770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("res",0), 611770bb9f5f4acc0c59e3a200849c189d6616e2417Phil FieldLenField("length",None,"prop","H", adjust=lambda pkt,x:x+4), 6127b3e970663abd72697e17b70aba9943ae0dad404Phil PacketLenField("prop",conf.raw_layer(),IKEv2_payload_Proposal,length_from=lambda x:x.length-4), 613770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ] 614770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 615770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_payload_Nonce(IKEv2_class): 616770bb9f5f4acc0c59e3a200849c189d6616e2417Phil name = "IKEv2 Nonce" 617770bb9f5f4acc0c59e3a200849c189d6616e2417Phil overload_fields = { IKEv2: { "next_payload":40 }} 618770bb9f5f4acc0c59e3a200849c189d6616e2417Phil fields_desc = [ 619770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("next_payload",None,IKEv2_payload_type), 620770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("res",0), 621770bb9f5f4acc0c59e3a200849c189d6616e2417Phil FieldLenField("length",None,"load","H", adjust=lambda pkt,x:x+4), 622770bb9f5f4acc0c59e3a200849c189d6616e2417Phil StrLenField("load","",length_from=lambda x:x.length-4), 623770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ] 624770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 625770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_payload_Notify(IKEv2_class): 626770bb9f5f4acc0c59e3a200849c189d6616e2417Phil name = "IKEv2 Notify" 627770bb9f5f4acc0c59e3a200849c189d6616e2417Phil overload_fields = { IKEv2: { "next_payload":41 }} 628770bb9f5f4acc0c59e3a200849c189d6616e2417Phil fields_desc = [ 629770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("next_payload",None,IKEv2_payload_type), 630770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("res",0), 63133420f2494d766bab5b154622c241d2057620c89Philippe ROSE FieldLenField("length",None,"load","H", adjust=lambda pkt,x:x+8), 63233420f2494d766bab5b154622c241d2057620c89Philippe ROSE ByteEnumField("proto",None,{0:"Reserved",1:"IKE",2:"AH", 3:"ESP"}), 63333420f2494d766bab5b154622c241d2057620c89Philippe ROSE FieldLenField("SPIsize",None,"SPI","B"), 63433420f2494d766bab5b154622c241d2057620c89Philippe ROSE ShortEnumField("type",0,IKEv2NotifyMessageTypes), 63533420f2494d766bab5b154622c241d2057620c89Philippe ROSE StrLenField("SPI","",length_from=lambda x:x.SPIsize), 63633420f2494d766bab5b154622c241d2057620c89Philippe ROSE StrLenField("load","",length_from=lambda x:x.length-8), 637770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ] 638770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 639770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_payload_KE(IKEv2_class): 640770bb9f5f4acc0c59e3a200849c189d6616e2417Phil name = "IKEv2 Key Exchange" 641770bb9f5f4acc0c59e3a200849c189d6616e2417Phil overload_fields = { IKEv2: { "next_payload":34 }} 642770bb9f5f4acc0c59e3a200849c189d6616e2417Phil fields_desc = [ 643770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("next_payload",None,IKEv2_payload_type), 644770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("res",0), 64533420f2494d766bab5b154622c241d2057620c89Philippe ROSE FieldLenField("length",None,"load","H", adjust=lambda pkt,x:x+8), 646770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ShortEnumField("group", 0, IKEv2TransformTypes['GroupDesc'][1]), 64733420f2494d766bab5b154622c241d2057620c89Philippe ROSE ShortField("res2", 0), 64833420f2494d766bab5b154622c241d2057620c89Philippe ROSE StrLenField("load","",length_from=lambda x:x.length-8), 649770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ] 650770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 651770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_payload_IDi(IKEv2_class): 652770bb9f5f4acc0c59e3a200849c189d6616e2417Phil name = "IKEv2 Identification - Initiator" 653770bb9f5f4acc0c59e3a200849c189d6616e2417Phil overload_fields = { IKEv2: { "next_payload":35 }} 654770bb9f5f4acc0c59e3a200849c189d6616e2417Phil fields_desc = [ 655770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("next_payload",None,IKEv2_payload_type), 656770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("res",0), 657770bb9f5f4acc0c59e3a200849c189d6616e2417Phil FieldLenField("length",None,"load","H",adjust=lambda pkt,x:x+8), 65833420f2494d766bab5b154622c241d2057620c89Philippe ROSE ByteEnumField("IDtype",1,{1:"IPv4_addr", 2:"FQDN", 3:"Email_addr", 5:"IPv6_addr", 11:"Key"}), 659770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("ProtoID",0,{0:"Unused"}), 660770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ShortEnumField("Port",0,{0:"Unused"}), 661770bb9f5f4acc0c59e3a200849c189d6616e2417Phil# IPField("IdentData","127.0.0.1"), 662770bb9f5f4acc0c59e3a200849c189d6616e2417Phil StrLenField("load","",length_from=lambda x:x.length-8), 663770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ] 664770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 665770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_payload_IDr(IKEv2_class): 666770bb9f5f4acc0c59e3a200849c189d6616e2417Phil name = "IKEv2 Identification - Responder" 667770bb9f5f4acc0c59e3a200849c189d6616e2417Phil overload_fields = { IKEv2: { "next_payload":36 }} 668770bb9f5f4acc0c59e3a200849c189d6616e2417Phil fields_desc = [ 669770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("next_payload",None,IKEv2_payload_type), 670770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("res",0), 671770bb9f5f4acc0c59e3a200849c189d6616e2417Phil FieldLenField("length",None,"load","H",adjust=lambda pkt,x:x+8), 67233420f2494d766bab5b154622c241d2057620c89Philippe ROSE ByteEnumField("IDtype",1,{1:"IPv4_addr", 2:"FQDN", 3:"Email_addr", 5:"IPv6_addr", 11:"Key"}), 673770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("ProtoID",0,{0:"Unused"}), 674770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ShortEnumField("Port",0,{0:"Unused"}), 675770bb9f5f4acc0c59e3a200849c189d6616e2417Phil# IPField("IdentData","127.0.0.1"), 676770bb9f5f4acc0c59e3a200849c189d6616e2417Phil StrLenField("load","",length_from=lambda x:x.length-8), 677770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ] 678770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 679770bb9f5f4acc0c59e3a200849c189d6616e2417Philclass IKEv2_payload_Encrypted(IKEv2_class): 680770bb9f5f4acc0c59e3a200849c189d6616e2417Phil name = "IKEv2 Encrypted and Authenticated" 681770bb9f5f4acc0c59e3a200849c189d6616e2417Phil overload_fields = { IKEv2: { "next_payload":46 }} 682770bb9f5f4acc0c59e3a200849c189d6616e2417Phil fields_desc = [ 683770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteEnumField("next_payload",None,IKEv2_payload_type), 684770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ByteField("res",0), 685770bb9f5f4acc0c59e3a200849c189d6616e2417Phil FieldLenField("length",None,"load","H",adjust=lambda pkt,x:x+4), 686770bb9f5f4acc0c59e3a200849c189d6616e2417Phil StrLenField("load","",length_from=lambda x:x.length-4), 687770bb9f5f4acc0c59e3a200849c189d6616e2417Phil ] 688770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 6899cccfd1ccbbcc8377cec9358de5d8db64111ec43Guillaume Valadonclass IKEv2_payload_Encrypted_Fragment(IKEv2_class): 6909cccfd1ccbbcc8377cec9358de5d8db64111ec43Guillaume Valadon name = "IKEv2 Encrypted Fragment" 6919cccfd1ccbbcc8377cec9358de5d8db64111ec43Guillaume Valadon overload_fields = {IKEv2: {"next_payload": 53}} 6929cccfd1ccbbcc8377cec9358de5d8db64111ec43Guillaume Valadon fields_desc = [ 6939cccfd1ccbbcc8377cec9358de5d8db64111ec43Guillaume Valadon ByteEnumField("next_payload", None, IKEv2_payload_type), 6949cccfd1ccbbcc8377cec9358de5d8db64111ec43Guillaume Valadon ByteField("res", 0), 6959cccfd1ccbbcc8377cec9358de5d8db64111ec43Guillaume Valadon FieldLenField("length", None, "load", "H", adjust=lambda pkt, x: x+8), 6969cccfd1ccbbcc8377cec9358de5d8db64111ec43Guillaume Valadon ShortField("frag_number", 1), 6979cccfd1ccbbcc8377cec9358de5d8db64111ec43Guillaume Valadon ShortField("frag_total", 1), 6989cccfd1ccbbcc8377cec9358de5d8db64111ec43Guillaume Valadon StrLenField("load", "", length_from=lambda x: x.length-8), 6999cccfd1ccbbcc8377cec9358de5d8db64111ec43Guillaume Valadon ] 7009cccfd1ccbbcc8377cec9358de5d8db64111ec43Guillaume Valadon 70133420f2494d766bab5b154622c241d2057620c89Philippe ROSEclass IKEv2_payload_CERTREQ(IKEv2_class): 70233420f2494d766bab5b154622c241d2057620c89Philippe ROSE name = "IKEv2 Certificate Request" 70333420f2494d766bab5b154622c241d2057620c89Philippe ROSE fields_desc = [ 70433420f2494d766bab5b154622c241d2057620c89Philippe ROSE ByteEnumField("next_payload",None,IKEv2_payload_type), 70533420f2494d766bab5b154622c241d2057620c89Philippe ROSE ByteField("res",0), 70633420f2494d766bab5b154622c241d2057620c89Philippe ROSE FieldLenField("length",None,"cert_data","H",adjust=lambda pkt,x:x+5), 70733420f2494d766bab5b154622c241d2057620c89Philippe ROSE ByteEnumField("cert_type",0,IKEv2CertificateEncodings), 70833420f2494d766bab5b154622c241d2057620c89Philippe ROSE StrLenField("cert_data","",length_from=lambda x:x.length-5), 70933420f2494d766bab5b154622c241d2057620c89Philippe ROSE ] 710770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 71133420f2494d766bab5b154622c241d2057620c89Philippe ROSEclass IKEv2_payload_CERT(IKEv2_class): 71239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter @classmethod 71339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter def dispatch_hook(cls, _pkt=None, *args, **kargs): 71439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter if _pkt and len(_pkt) >= 16: 71539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ts_type = struct.unpack("!B", _pkt[4:5])[0] 71639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter if ts_type == 4: 71739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter return IKEv2_payload_CERT_CRT 71839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter elif ts_type == 7: 71939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter return IKEv2_payload_CERT_CRL 72039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter else: 72139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter return IKEv2_payload_CERT_STR 72239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter return IKEv2_payload_CERT_STR 72339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 72439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterclass IKEv2_payload_CERT_CRT(IKEv2_payload_CERT): 72533420f2494d766bab5b154622c241d2057620c89Philippe ROSE name = "IKEv2 Certificate" 72633420f2494d766bab5b154622c241d2057620c89Philippe ROSE fields_desc = [ 72733420f2494d766bab5b154622c241d2057620c89Philippe ROSE ByteEnumField("next_payload",None,IKEv2_payload_type), 72833420f2494d766bab5b154622c241d2057620c89Philippe ROSE ByteField("res",0), 72939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter FieldLenField("length",None,"x509Cert","H",adjust=lambda pkt,x: x+len(pkt.x509Cert)+5), 73039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("cert_type",4,IKEv2CertificateEncodings), 73139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter PacketLenField("x509Cert", X509_Cert(''), X509_Cert, length_from=lambda x:x.length-5), 73239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ] 73339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 73439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterclass IKEv2_payload_CERT_CRL(IKEv2_payload_CERT): 73539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter name = "IKEv2 Certificate" 73639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter fields_desc = [ 73739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("next_payload",None,IKEv2_payload_type), 73839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteField("res",0), 73939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter FieldLenField("length",None,"x509CRL","H",adjust=lambda pkt,x: x+len(pkt.x509CRL)+5), 74039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("cert_type",7,IKEv2CertificateEncodings), 74139b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter PacketLenField("x509CRL", X509_CRL(''), X509_CRL, length_from=lambda x:x.length-5), 74239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ] 74339b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter 74439b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterclass IKEv2_payload_CERT_STR(IKEv2_payload_CERT): 74539b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter name = "IKEv2 Certificate" 74639b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter fields_desc = [ 74739b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteEnumField("next_payload",None,IKEv2_payload_type), 74839b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter ByteField("res",0), 74939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter FieldLenField("length",None,"cert_data","H",adjust=lambda pkt,x: x+5), 75033420f2494d766bab5b154622c241d2057620c89Philippe ROSE ByteEnumField("cert_type",0,IKEv2CertificateEncodings), 75133420f2494d766bab5b154622c241d2057620c89Philippe ROSE StrLenField("cert_data","",length_from=lambda x:x.length-5), 75233420f2494d766bab5b154622c241d2057620c89Philippe ROSE ] 753770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 754770bb9f5f4acc0c59e3a200849c189d6616e2417PhilIKEv2_payload_type_overload = {} 7554cca8708a5fdc52e592aa2661ab7c4b06fd539b3Pierre LALETfor i, payloadname in enumerate(IKEv2_payload_type): 7564cca8708a5fdc52e592aa2661ab7c4b06fd539b3Pierre LALET name = "IKEv2_payload_%s" % payloadname 757770bb9f5f4acc0c59e3a200849c189d6616e2417Phil if name in globals(): 7584cca8708a5fdc52e592aa2661ab7c4b06fd539b3Pierre LALET IKEv2_payload_type_overload[globals()[name]] = {"next_payload": i} 759770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 7604cca8708a5fdc52e592aa2661ab7c4b06fd539b3Pierre LALETdel i, payloadname, name 761b86ad4e841bdabc2c4e79f090cb6cf129040ca2bPierre LALETIKEv2_class._overload_fields = IKEv2_payload_type_overload.copy() 762770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 763770bb9f5f4acc0c59e3a200849c189d6616e2417Philsplit_layers(UDP, ISAKMP, sport=500) 764770bb9f5f4acc0c59e3a200849c189d6616e2417Philsplit_layers(UDP, ISAKMP, dport=500) 765770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 766770bb9f5f4acc0c59e3a200849c189d6616e2417Philbind_layers( UDP, IKEv2, dport=500, sport=500) # TODO: distinguish IKEv1/IKEv2 767770bb9f5f4acc0c59e3a200849c189d6616e2417Philbind_layers( UDP, IKEv2, dport=4500, sport=4500) 768770bb9f5f4acc0c59e3a200849c189d6616e2417Phil 76939b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotterdef ikev2scan(ip, **kwargs): 77039b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter """Send a IKEv2 SA to an IP and wait for answers.""" 771770bb9f5f4acc0c59e3a200849c189d6616e2417Phil return sr(IP(dst=ip)/UDP()/IKEv2(init_SPI=RandString(8), 77239b0c5a2b2bf8d3ef0cb656540c578a1ecf3536fgpotter exch_type=34)/IKEv2_payload_SA(prop=IKEv2_payload_Proposal()), **kwargs) 773