13e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil## This file is part of Scapy 23e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil## See http://www.secdev.org/projects/scapy for more informations 33e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil## Copyright (C) Philippe Biondi <phil@secdev.org> 43e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil## This program is published under a GPLv2 license 53e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil 60ce149b41a10223c75f33a135d0a7ddc6bd2e022Dirk Loss""" 70ce149b41a10223c75f33a135d0a7ddc6bd2e022Dirk LossISAKMP (Internet Security Association and Key Management Protocol). 80ce149b41a10223c75f33a135d0a7ddc6bd2e022Dirk Loss""" 90ce149b41a10223c75f33a135d0a7ddc6bd2e022Dirk Loss 1022a55b62eb35e8611fe03b99e4ff4f257a97b5d1gpotterfrom __future__ import absolute_import 11bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philimport struct 126057906368d55634d11e1d19a5cca1f127595b11Robin Jarryfrom scapy.config import conf 13bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philfrom scapy.packet import * 145e8857410015a93f6371459b2f870432ded39b9fgpotterfrom scapy.compat import * 15bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philfrom scapy.fields import * 16bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philfrom scapy.ansmachine import * 171795e1f414e0d9bb5539b52ee3c5f90dec5ed685Philfrom scapy.layers.inet import IP,UDP 181795e1f414e0d9bb5539b52ee3c5f90dec5ed685Philfrom scapy.sendrecv import sr 192a54fe68cadcb2b75c9c31244499c2b21f385eb4gpotterfrom scapy.error import warning 20d51edef8530fe1e944f13eb65ef863c2d7f04b1dgpotterfrom functools import reduce 21bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 22bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 23bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# see http://www.iana.org/assignments/ipsec-registry for details 24bb2ddd8ef0416706e645595b6b5484ee4f409ad3PhilISAKMPAttributeTypes= { "Encryption": (1, { "DES-CBC" : 1, 25bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "IDEA-CBC" : 2, 26bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "Blowfish-CBC" : 3, 27bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "RC5-R16-B64-CBC" : 4, 28bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "3DES-CBC" : 5, 29bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "CAST-CBC" : 6, 30bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "AES-CBC" : 7, 31bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "CAMELLIA-CBC" : 8, }, 0), 32bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "Hash": (2, { "MD5": 1, 33bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "SHA": 2, 34bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "Tiger": 3, 35bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "SHA2-256": 4, 36bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "SHA2-384": 5, 37bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "SHA2-512": 6,}, 0), 38bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "Authentication":(3, { "PSK": 1, 39bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "DSS": 2, 40bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "RSA Sig": 3, 41bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "RSA Encryption": 4, 42bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "RSA Encryption Revised": 5, 43bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "ElGamal Encryption": 6, 44bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "ElGamal Encryption Revised": 7, 45bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "ECDSA Sig": 8, 46bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "HybridInitRSA": 64221, 47bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "HybridRespRSA": 64222, 48bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "HybridInitDSS": 64223, 49bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "HybridRespDSS": 64224, 50bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "XAUTHInitPreShared": 65001, 51bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "XAUTHRespPreShared": 65002, 52bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "XAUTHInitDSS": 65003, 53bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "XAUTHRespDSS": 65004, 54bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "XAUTHInitRSA": 65005, 55bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "XAUTHRespRSA": 65006, 56bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "XAUTHInitRSAEncryption": 65007, 57bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "XAUTHRespRSAEncryption": 65008, 58bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "XAUTHInitRSARevisedEncryption": 65009, 59bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "XAUTHRespRSARevisedEncryptio": 65010, }, 0), 60bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "GroupDesc": (4, { "768MODPgr" : 1, 61bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "1024MODPgr" : 2, 62bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "EC2Ngr155" : 3, 63bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "EC2Ngr185" : 4, 64bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "1536MODPgr" : 5, 65bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "2048MODPgr" : 14, 66bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "3072MODPgr" : 15, 67bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "4096MODPgr" : 16, 68bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "6144MODPgr" : 17, 69bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "8192MODPgr" : 18, }, 0), 70bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "GroupType": (5, {"MODP": 1, 71bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "ECP": 2, 72bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "EC2N": 3}, 0), 73bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "GroupPrime": (6, {}, 1), 74bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "GroupGenerator1":(7, {}, 1), 75bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "GroupGenerator2":(8, {}, 1), 76bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "GroupCurveA": (9, {}, 1), 77bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "GroupCurveB": (10, {}, 1), 78bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "LifeType": (11, {"Seconds": 1, 79bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "Kilobytes": 2, }, 0), 80bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "LifeDuration": (12, {}, 1), 81bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "PRF": (13, {}, 0), 82bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "KeyLength": (14, {}, 0), 83bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "FieldSize": (15, {}, 0), 84bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "GroupOrder": (16, {}, 1), 85bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil } 86bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 87bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# the name 'ISAKMPTransformTypes' is actually a misnomer (since the table 88bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# holds info for all ISAKMP Attribute types, not just transforms, but we'll 89bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# keep it for backwards compatibility... for now at least 90bb2ddd8ef0416706e645595b6b5484ee4f409ad3PhilISAKMPTransformTypes = ISAKMPAttributeTypes 91bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 92bb2ddd8ef0416706e645595b6b5484ee4f409ad3PhilISAKMPTransformNum = {} 93bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philfor n in ISAKMPTransformTypes: 94bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil val = ISAKMPTransformTypes[n] 95bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil tmp = {} 96bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil for e in val[1]: 97bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil tmp[val[1][e]] = e 98bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ISAKMPTransformNum[val[0]] = (n,tmp, val[2]) 99bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phildel(n) 100bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phildel(e) 101bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phildel(tmp) 102bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phildel(val) 103bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 104bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 105bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philclass ISAKMPTransformSetField(StrLenField): 106bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil islist=1 107d51edef8530fe1e944f13eb65ef863c2d7f04b1dgpotter def type2num(self, type_val_tuple): 10872aa7b6143e7f476e8857fef165be95b95c16dc5gpotter typ, val = type_val_tuple 109bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil type_val,enc_dict,tlv = ISAKMPTransformTypes.get(typ, (typ,{},0)) 110bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil val = enc_dict.get(val, val) 1111186356a1d73fd59b700d8af05e789d0e8899de6gpotter s = b"" 112bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil if (val & ~0xffff): 113bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil if not tlv: 114bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil warning("%r should not be TLV but is too big => using TLV encoding" % typ) 115bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil n = 0 116bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil while val: 1175e8857410015a93f6371459b2f870432ded39b9fgpotter s = chb(val&0xff)+s 118bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil val >>= 8 119bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil n += 1 120bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil val = n 121bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil else: 122bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil type_val |= 0x8000 123bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil return struct.pack("!HH",type_val, val)+s 124bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil def num2type(self, typ, enc): 125bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil val = ISAKMPTransformNum.get(typ,(typ,{})) 126bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil enc = val[1].get(enc,enc) 127bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil return (val[0],enc) 128bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil def i2m(self, pkt, i): 129bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil if i is None: 1301186356a1d73fd59b700d8af05e789d0e8899de6gpotter return b"" 13105dc450e1f3b4240f3cca288b1208cb7e8949938Guillaume Valadon i = [self.type2num(e) for e in i] 1321186356a1d73fd59b700d8af05e789d0e8899de6gpotter return b"".join(i) 133bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil def m2i(self, pkt, m): 134bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil # I try to ensure that we don't read off the end of our packet based 135bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil # on bad length fields we're provided in the packet. There are still 136bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil # conditions where struct.unpack() may not get enough packet data, but 137bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil # worst case that should result in broken attributes (which would 138bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil # be expected). (wam) 139bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil lst = [] 140bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil while len(m) >= 4: 141bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil trans_type, = struct.unpack("!H", m[:2]) 142bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil is_tlv = not (trans_type & 0x8000) 143bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil if is_tlv: 144bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil # We should probably check to make sure the attribute type we 145bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil # are looking at is allowed to have a TLV format and issue a 146bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil # warning if we're given an TLV on a basic attribute. 147bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil value_len, = struct.unpack("!H", m[2:4]) 148bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil if value_len+4 > len(m): 149bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil warning("Bad length for ISAKMP tranform type=%#6x" % trans_type) 150bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil value = m[4:4+value_len] 151291400c1b6f65363e33cc982aaf0d43d31cc424egpotter value = reduce(lambda x,y: (x<<8)|y, struct.unpack("!%s" % ("B"*len(value),), value),0) 152bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil else: 153bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil trans_type &= 0x7fff 154bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil value_len=0 155bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil value, = struct.unpack("!H", m[2:4]) 156bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil m=m[4+value_len:] 157bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil lst.append(self.num2type(trans_type, value)) 158bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil if len(m) > 0: 159bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil warning("Extra bytes after ISAKMP transform dissection [%r]" % m) 160bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil return lst 161bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 162bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 163bb2ddd8ef0416706e645595b6b5484ee4f409ad3PhilISAKMP_payload_type = ["None","SA","Proposal","Transform","KE","ID","CERT","CR","Hash", 164bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "SIG","Nonce","Notification","Delete","VendorID"] 165bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 166bb2ddd8ef0416706e645595b6b5484ee4f409ad3PhilISAKMP_exchange_type = ["None","base","identity prot.", 167bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil "auth only", "aggressive", "info"] 168bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 169bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 170bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philclass ISAKMP_class(Packet): 171bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil def guess_payload_class(self, payload): 172bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil np = self.next_payload 173bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil if np == 0: 1747b3e970663abd72697e17b70aba9943ae0dad404Phil return conf.raw_layer 175bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil elif np < len(ISAKMP_payload_type): 176bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil pt = ISAKMP_payload_type[np] 177bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil return globals().get("ISAKMP_payload_%s" % pt, ISAKMP_payload) 178bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil else: 179bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil return ISAKMP_payload 180bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 181bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 182bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philclass ISAKMP(ISAKMP_class): # rfc2408 183bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil name = "ISAKMP" 184bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil fields_desc = [ 185bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil StrFixedLenField("init_cookie","",8), 186bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil StrFixedLenField("resp_cookie","",8), 187bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("next_payload",0,ISAKMP_payload_type), 188bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil XByteField("version",0x10), 189bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("exch_type",0,ISAKMP_exchange_type), 190bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil FlagsField("flags",0, 8, ["encryption","commit","auth_only","res3","res4","res5","res6","res7"]), # XXX use a Flag field 191bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil IntField("id",0), 192bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil IntField("length",None) 193bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ] 194bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 195bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil def guess_payload_class(self, payload): 196bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil if self.flags & 1: 1977b3e970663abd72697e17b70aba9943ae0dad404Phil return conf.raw_layer 198bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil return ISAKMP_class.guess_payload_class(self, payload) 199bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 200bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil def answers(self, other): 201bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil if isinstance(other, ISAKMP): 202bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil if other.init_cookie == self.init_cookie: 203bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil return 1 204bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil return 0 205bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil def post_build(self, p, pay): 206bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil p += pay 207bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil if self.length is None: 208bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil p = p[:24]+struct.pack("!I",len(p))+p[28:] 209bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil return p 210bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 211bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 212bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 213bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 214bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philclass ISAKMP_payload_Transform(ISAKMP_class): 215bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil name = "IKE Transform" 216bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil fields_desc = [ 217bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("next_payload",None,ISAKMP_payload_type), 218bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteField("res",0), 219bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# ShortField("len",None), 220bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ShortField("length",None), 221bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteField("num",None), 222bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("id",1,{1:"KEY_IKE"}), 223bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ShortField("res2",0), 224bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ISAKMPTransformSetField("transforms",None,length_from=lambda x:x.length-8) 225bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# XIntField("enc",0x80010005L), 226bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# XIntField("hash",0x80020002L), 227bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# XIntField("auth",0x80030001L), 228bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# XIntField("group",0x80040002L), 229bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# XIntField("life_type",0x800b0001L), 230bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# XIntField("durationh",0x000c0004L), 231bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# XIntField("durationl",0x00007080L), 232bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ] 233bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil def post_build(self, p, pay): 234bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil if self.length is None: 235bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil l = len(p) 2365e8857410015a93f6371459b2f870432ded39b9fgpotter p = p[:2]+chb((l>>8)&0xff)+chb(l&0xff)+p[4:] 237bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil p += pay 238bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil return p 239bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 240bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 241bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 242bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 243bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philclass ISAKMP_payload_Proposal(ISAKMP_class): 244bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil name = "IKE proposal" 245bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# ISAKMP_payload_type = 0 246bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil fields_desc = [ 247bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("next_payload",None,ISAKMP_payload_type), 248bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteField("res",0), 249bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil FieldLenField("length",None,"trans","H", adjust=lambda pkt,x:x+8), 250bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteField("proposal",1), 251bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("proto",1,{1:"ISAKMP"}), 252bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil FieldLenField("SPIsize",None,"SPI","B"), 253bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteField("trans_nb",None), 254bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil StrLenField("SPI","",length_from=lambda x:x.SPIsize), 2557b3e970663abd72697e17b70aba9943ae0dad404Phil PacketLenField("trans",conf.raw_layer(),ISAKMP_payload_Transform,length_from=lambda x:x.length-8), 256bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ] 257bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 258bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 259bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philclass ISAKMP_payload(ISAKMP_class): 260bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil name = "ISAKMP payload" 261bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil fields_desc = [ 262bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("next_payload",None,ISAKMP_payload_type), 263bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteField("res",0), 264bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil FieldLenField("length",None,"load","H", adjust=lambda pkt,x:x+4), 265bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil StrLenField("load","",length_from=lambda x:x.length-4), 266bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ] 267bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 268bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 269bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philclass ISAKMP_payload_VendorID(ISAKMP_class): 270bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil name = "ISAKMP Vendor ID" 271bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil overload_fields = { ISAKMP: { "next_payload":13 }} 272bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil fields_desc = [ 273bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("next_payload",None,ISAKMP_payload_type), 274bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteField("res",0), 275bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil FieldLenField("length",None,"vendorID","H", adjust=lambda pkt,x:x+4), 276bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil StrLenField("vendorID","",length_from=lambda x:x.length-4), 277bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ] 278bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 279bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philclass ISAKMP_payload_SA(ISAKMP_class): 280bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil name = "ISAKMP SA" 281bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil overload_fields = { ISAKMP: { "next_payload":1 }} 282bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil fields_desc = [ 283bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("next_payload",None,ISAKMP_payload_type), 284bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteField("res",0), 285bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil FieldLenField("length",None,"prop","H", adjust=lambda pkt,x:x+12), 286bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil IntEnumField("DOI",1,{1:"IPSEC"}), 287bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil IntEnumField("situation",1,{1:"identity"}), 2887b3e970663abd72697e17b70aba9943ae0dad404Phil PacketLenField("prop",conf.raw_layer(),ISAKMP_payload_Proposal,length_from=lambda x:x.length-12), 289bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ] 290bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 291bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philclass ISAKMP_payload_Nonce(ISAKMP_class): 292bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil name = "ISAKMP Nonce" 293bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil overload_fields = { ISAKMP: { "next_payload":10 }} 294bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil fields_desc = [ 295bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("next_payload",None,ISAKMP_payload_type), 296bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteField("res",0), 297bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil FieldLenField("length",None,"load","H", adjust=lambda pkt,x:x+4), 298bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil StrLenField("load","",length_from=lambda x:x.length-4), 299bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ] 300bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 301bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philclass ISAKMP_payload_KE(ISAKMP_class): 302bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil name = "ISAKMP Key Exchange" 303bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil overload_fields = { ISAKMP: { "next_payload":4 }} 304bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil fields_desc = [ 305bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("next_payload",None,ISAKMP_payload_type), 306bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteField("res",0), 307bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil FieldLenField("length",None,"load","H", adjust=lambda pkt,x:x+4), 308bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil StrLenField("load","",length_from=lambda x:x.length-4), 309bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ] 310bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 311bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philclass ISAKMP_payload_ID(ISAKMP_class): 312bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil name = "ISAKMP Identification" 313bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil overload_fields = { ISAKMP: { "next_payload":5 }} 314bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil fields_desc = [ 315bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("next_payload",None,ISAKMP_payload_type), 316bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteField("res",0), 317bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil FieldLenField("length",None,"load","H",adjust=lambda pkt,x:x+8), 318bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("IDtype",1,{1:"IPv4_addr", 11:"Key"}), 319bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("ProtoID",0,{0:"Unused"}), 320bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ShortEnumField("Port",0,{0:"Unused"}), 321bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil# IPField("IdentData","127.0.0.1"), 322bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil StrLenField("load","",length_from=lambda x:x.length-8), 323bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ] 324bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 325bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 326bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 327bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philclass ISAKMP_payload_Hash(ISAKMP_class): 328bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil name = "ISAKMP Hash" 329bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil overload_fields = { ISAKMP: { "next_payload":8 }} 330bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil fields_desc = [ 331bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteEnumField("next_payload",None,ISAKMP_payload_type), 332bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ByteField("res",0), 333bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil FieldLenField("length",None,"load","H",adjust=lambda pkt,x:x+4), 334bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil StrLenField("load","",length_from=lambda x:x.length-4), 335bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil ] 336bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 337bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 338bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 339bb2ddd8ef0416706e645595b6b5484ee4f409ad3PhilISAKMP_payload_type_overload = {} 3404cca8708a5fdc52e592aa2661ab7c4b06fd539b3Pierre LALETfor i, payloadname in enumerate(ISAKMP_payload_type): 3414cca8708a5fdc52e592aa2661ab7c4b06fd539b3Pierre LALET name = "ISAKMP_payload_%s" % payloadname 342bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil if name in globals(): 3434cca8708a5fdc52e592aa2661ab7c4b06fd539b3Pierre LALET ISAKMP_payload_type_overload[globals()[name]] = {"next_payload": i} 344bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 3454cca8708a5fdc52e592aa2661ab7c4b06fd539b3Pierre LALETdel i, payloadname, name 346b610145b46cc5a33c0cef8a3bc9e7a7ea755aa4dPierre LALETISAKMP_class._overload_fields = ISAKMP_payload_type_overload.copy() 347bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 348bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 349bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philbind_layers( UDP, ISAKMP, dport=500, sport=500) 350bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phildef ikescan(ip): 351bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil return sr(IP(dst=ip)/UDP()/ISAKMP(init_cookie=RandString(8), 352bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil exch_type=2)/ISAKMP_payload_SA(prop=ISAKMP_payload_Proposal())) 353bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 354