1############################## 2% IPsec layer regression tests 3############################## 4 5~ crypto 6 7############################################################################### 8+ IPv4 / ESP - Transport - Encryption Algorithms 9 10####################################### 11= IPv4 / ESP - Transport - NULL - NULL 12~ -crypto 13 14import socket 15 16p = IP(src='1.1.1.1', dst='2.2.2.2') 17p /= TCP(sport=45012, dport=80) 18p /= Raw('testdata') 19p = IP(raw(p)) 20p 21 22sa = SecurityAssociation(ESP, spi=0x222, 23 crypt_algo='NULL', crypt_key=None, 24 auth_algo='NULL', auth_key=None) 25 26e = sa.encrypt(p) 27e 28 29assert(isinstance(e, IP)) 30assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 31assert(e.chksum != p.chksum) 32assert(e.proto == socket.IPPROTO_ESP) 33assert(e.haslayer(ESP)) 34assert(not e.haslayer(TCP)) 35assert(e[ESP].spi == sa.spi) 36assert(b'testdata' in e[ESP].data) 37 38d = sa.decrypt(e) 39d 40 41* after decryption the original packet payload should be unaltered 42assert(d[TCP] == p[TCP]) 43 44####################################### 45= IPv4 / ESP - Transport - DES - NULL 46 47p = IP(src='1.1.1.1', dst='2.2.2.2') 48p /= TCP(sport=45012, dport=80) 49p /= Raw('testdata') 50p = IP(raw(p)) 51p 52 53sa = SecurityAssociation(ESP, spi=0x222, 54 crypt_algo='DES', crypt_key=b'8bytekey', 55 auth_algo='NULL', auth_key=None) 56 57e = sa.encrypt(p) 58e 59 60assert(isinstance(e, IP)) 61assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 62assert(e.chksum != p.chksum) 63* the encrypted packet should have an ESP layer 64assert(e.proto == socket.IPPROTO_ESP) 65assert(e.haslayer(ESP)) 66assert(not e.haslayer(TCP)) 67assert(e[ESP].spi == sa.spi) 68* after encryption the original packet payload should NOT be readable 69assert(b'testdata' not in e[ESP].data) 70 71d = sa.decrypt(e) 72d 73 74* after decryption the original packet payload should be unaltered 75assert(d[TCP] == p[TCP]) 76 77# Generated with Linux 4.4.0-62-generic #83-Ubuntu 78# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ 79# mode tunnel enc 'cbc(des)' '0x38627974656b6579' auth digest_null '' flag align4 80ref = IP() \ 81 / ESP(spi=0x222, 82 data=b'\x0f\x6d\x2f\x3d\x1e\xc1\x0b\xc2\xb6\x8f\xfd\x67\x39\xc0\x96\x2c' 83 b'\x17\x79\x88\xf6\xbc\x4d\xf7\x45\xd8\x36\x63\x86\xcd\x08\x7c\x08' 84 b'\x2b\xf8\xa2\x91\x18\x21\x88\xd9\x26\x00\xc5\x21\x24\xbf\x8f\xf5' 85 b'\x6c\x47\xb0\x3a\x8e\xdb\x75\x21\xd9\x33\x85\x5a\x15\xc6\x31\x00' 86 b'\x1c\xef\x3e\x12\xce\x70\xec\x8f\x48\xc7\x81\x9b\x66\xcb\xf5\x39' 87 b'\x91\xb3\x8e\x72\xfb\x7f\x64\x65\x6c\xf4\xa9\xf2\x5e\x63\x2f\x60', 88 seq=1) 89 90d_ref = sa.decrypt(ref) 91d_ref 92 93* Check for ICMP layer in decrypted reference 94assert(d_ref.haslayer(ICMP)) 95 96####################################### 97= IPv4 / ESP - Transport - 3DES - NULL 98 99p = IP(src='1.1.1.1', dst='2.2.2.2') 100p /= TCP(sport=45012, dport=80) 101p /= Raw('testdata') 102p = IP(raw(p)) 103p 104 105sa = SecurityAssociation(ESP, spi=0x222, 106 crypt_algo='3DES', crypt_key=b'threedifferent8byteskeys', 107 auth_algo='NULL', auth_key=None) 108 109e = sa.encrypt(p) 110e 111 112assert(isinstance(e, IP)) 113assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 114assert(e.chksum != p.chksum) 115* the encrypted packet should have an ESP layer 116assert(e.proto == socket.IPPROTO_ESP) 117assert(e.haslayer(ESP)) 118assert(not e.haslayer(TCP)) 119assert(e[ESP].spi == sa.spi) 120* after encryption the original packet payload should NOT be readable 121assert(b'testdata' not in e[ESP].data) 122 123d = sa.decrypt(e) 124d 125 126* after decryption the original packet payload should be unaltered 127assert(d[TCP] == p[TCP]) 128 129# Generated with Linux 4.4.0-62-generic #83-Ubuntu 130# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ 131# mode tunnel enc 'cbc(des3_ede)' '0x7468726565646966666572656e743862797465736b657973' auth digest_null '' flag align4 132ref = IP() \ 133 / ESP(spi=0x222, 134 data=b'\x36\x5c\x9b\x41\x37\xc8\x59\x1e\x39\x63\xe8\x6b\xf7\x0d\x97\x54' 135 b'\x13\x84\xf6\x81\x66\x19\xe7\xcb\x75\x94\xf1\x0b\x8e\xa3\xf1\xa0' 136 b'\x3e\x88\x51\xc4\x50\xd0\xa9\x1f\x16\x25\xc6\xbd\xe9\x0b\xdc\xae' 137 b'\xf8\x13\x00\xa3\x8c\x53\xee\x1c\x96\xc0\xfe\x99\x70\xab\x94\x77' 138 b'\xd7\xc4\xe8\xfd\x9f\x96\x28\xb8\x95\x20\x86\x7b\x19\xbc\x8f\xf5' 139 b'\x96\xb0\x7e\xcc\x04\x83\xae\x4d\xa3\xba\x1d\x44\xf0\xba\x2e\xcd', 140 seq=1) 141 142d_ref = sa.decrypt(ref) 143d_ref 144 145* Check for ICMP layer in decrypted reference 146assert(d_ref.haslayer(ICMP)) 147 148####################################### 149= IPv4 / ESP - Transport - AES-CBC - NULL 150 151p = IP(src='1.1.1.1', dst='2.2.2.2') 152p /= TCP(sport=45012, dport=80) 153p /= Raw('testdata') 154p = IP(raw(p)) 155p 156 157sa = SecurityAssociation(ESP, spi=0x222, 158 crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key', 159 auth_algo='NULL', auth_key=None) 160 161e = sa.encrypt(p) 162e 163 164assert(isinstance(e, IP)) 165assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 166assert(e.chksum != p.chksum) 167assert(e.proto == socket.IPPROTO_ESP) 168assert(e.haslayer(ESP)) 169assert(not e.haslayer(TCP)) 170assert(e[ESP].spi == sa.spi) 171* after encryption the original packet payload should NOT be readable 172assert(b'testdata' not in e[ESP].data) 173 174d = sa.decrypt(e) 175d 176 177* after decryption the original packet payload should be unaltered 178assert(d[TCP] == p[TCP]) 179 180# Generated with Linux 4.4.0-62-generic #83-Ubuntu 181# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ 182# mode tunnel enc 'cbc(aes)' '0x7369787465656e6279746573206b6579' auth digest_null '' flag align4 183ref = IP() \ 184 / ESP(spi=0x222, 185 data=b'\x08\x2f\x94\xe6\x53\xd8\x8e\x13\x70\xe8\xff\x61\x52\x90\x27\x3c' 186 b'\xf2\xb4\x1f\x75\xd2\xa0\xac\xae\x1c\xa8\x5e\x1c\x78\x21\x4c\x7f' 187 b'\xc3\x30\x17\x6a\x8d\xf3\xb1\xa7\xd1\xa8\x42\x01\xd6\x8d\x2d\x7e' 188 b'\x5d\x06\xdf\xaa\x05\x27\x42\xb1\x00\x12\xcf\xff\x64\x02\x5a\x40' 189 b'\xcd\xca\x1b\x91\xba\xf8\xc8\x59\xe7\xbd\x4d\x19\xb4\x8d\x39\x25' 190 b'\x6c\x73\xf1\x2d\xaa\xee\xe1\x0b\x71\xcd\xfc\x11\x1d\x56\xce\x60' 191 b'\xed\xd2\x32\x87\xd4\x90\xc3\xf5\x31\x47\x97\x69\x83\x82\x6d\x38', 192 seq=1) 193 194d_ref = sa.decrypt(ref) 195d_ref 196 197* Check for ICMP layer in decrypted reference 198assert(d_ref.haslayer(ICMP)) 199 200####################################### 201= IPv4 / ESP - Transport - AES-CTR - NULL 202 203p = IP(src='1.1.1.1', dst='2.2.2.2') 204p /= TCP(sport=45012, dport=80) 205p /= Raw('testdata') 206p = IP(raw(p)) 207p 208 209sa = SecurityAssociation(ESP, spi=0x222, 210 crypt_algo='AES-CTR', crypt_key=b'16bytekey+4bytenonce', 211 auth_algo='NULL', auth_key=None) 212 213e = sa.encrypt(p) 214e 215 216assert(isinstance(e, IP)) 217assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 218assert(e.chksum != p.chksum) 219assert(e.proto == socket.IPPROTO_ESP) 220assert(e.haslayer(ESP)) 221assert(not e.haslayer(TCP)) 222assert(e[ESP].spi == sa.spi) 223* after encryption the original packet payload should NOT be readable 224assert(b'testdata' not in e[ESP].data) 225 226d = sa.decrypt(e) 227d 228 229* after decryption original packet should be preserved 230assert(d[TCP] == p[TCP]) 231 232# Generated with Linux 4.4.0-62-generic #83-Ubuntu 233# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ 234# mode tunnel enc 'rfc3686(ctr(aes))' '0x3136627974656b65792b34627974656e6f6e6365' auth digest_null '' flag align4 235ref = IP() \ 236 / ESP(spi=0x222, 237 data=b'\xc4\xca\x09\x0f\x8b\xd3\x05\x3d\xac\x5a\x2f\x87\xca\x71\x10\x01' 238 b'\xa7\x95\xc9\x07\xcc\xd4\x05\x58\x65\x23\x22\x4b\x63\x9b\x1f\xef' 239 b'\x55\xb9\x1a\x91\x52\x76\x00\xf7\x94\x7b\x1d\xe1\x8e\x03\x2e\x85' 240 b'\xad\xdd\x83\x22\x8a\xc3\x88\x6e\x85\xf5\x9b\xed\xa9\x6e\xb1\xc3' 241 b'\x78\x00\x2f\xcd\x77\xe8\x3e\xec\x0e\x77\x94\xb2\x9b\x0f\x64\x5e' 242 b'\x09\x83\x03\x7d\x83\x22\x39\xbb\x94\x66\xae\x9f\xbf\x01\xda\xfb', 243 seq=1) 244 245d_ref = sa.decrypt(ref) 246d_ref 247 248* Check for ICMP layer in decrypted reference 249assert(d_ref.haslayer(ICMP)) 250 251####################################### 252= IPv4 / ESP - Transport - Blowfish - NULL 253 254p = IP(src='1.1.1.1', dst='2.2.2.2') 255p /= TCP(sport=45012, dport=80) 256p /= Raw('testdata') 257p = IP(raw(p)) 258p 259 260sa = SecurityAssociation(ESP, spi=0x222, 261 crypt_algo='Blowfish', crypt_key=b'sixteenbytes key', 262 auth_algo='NULL', auth_key=None) 263 264e = sa.encrypt(p) 265e 266 267assert(isinstance(e, IP)) 268assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 269assert(e.chksum != p.chksum) 270assert(e.proto == socket.IPPROTO_ESP) 271assert(e.haslayer(ESP)) 272assert(not e.haslayer(TCP)) 273assert(e[ESP].spi == sa.spi) 274* after encryption the original packet payload should NOT be readable 275assert(b'testdata' not in e[ESP].data) 276 277d = sa.decrypt(e) 278d 279 280* after decryption original packet should be preserved 281assert(d[TCP] == p[TCP]) 282 283# Generated with Linux 4.4.0-62-generic #83-Ubuntu 284# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ 285# mode tunnel enc 'cbc(blowfish)' '0x7369787465656e6279746573206b6579' auth digest_null '' flag align4 286ref = IP() \ 287 / ESP(spi=0x222, 288 data=b'\x93\x9f\x5a\x10\x55\x57\x30\xa0\xb4\x00\x72\x1e\x46\x42\x46\x20' 289 b'\xbc\x01\xef\xc3\x79\xcc\x3e\x55\x64\xba\x09\xc2\x6a\x5a\x5c\xb3' 290 b'\xcc\xb5\xd5\x87\x82\xb0\x0a\x94\x58\xfc\x50\x37\x40\xe1\x03\xd3' 291 b'\x4a\x09\xb2\x23\x53\x56\xa4\x45\x4c\xbb\x81\x1c\xdb\x31\xa7\x67' 292 b'\xbd\x38\x8e\xba\x55\xd9\x1f\xf1\x3c\xeb\x07\x4c\x02\xb0\x3e\xc5' 293 b'\xf6\x60\xdd\x68\xe1\xd4\xec\xee\x27\xc0\x6d\x1a\x80\xe2\xcc\x7d', 294 seq=1) 295 296d_ref = sa.decrypt(ref) 297d_ref 298 299* Check for ICMP layer in decrypted reference 300assert(d_ref.haslayer(ICMP)) 301 302####################################### 303= IPv4 / ESP - Transport - CAST - NULL 304 305p = IP(src='1.1.1.1', dst='2.2.2.2') 306p /= TCP(sport=45012, dport=80) 307p /= Raw('testdata') 308p = IP(raw(p)) 309p 310 311sa = SecurityAssociation(ESP, spi=0x222, 312 crypt_algo='CAST', crypt_key=b'sixteenbytes key', 313 auth_algo='NULL', auth_key=None) 314 315e = sa.encrypt(p) 316e 317 318assert(isinstance(e, IP)) 319assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 320assert(e.chksum != p.chksum) 321assert(e.proto == socket.IPPROTO_ESP) 322assert(e.haslayer(ESP)) 323assert(not e.haslayer(TCP)) 324assert(e[ESP].spi == sa.spi) 325* after encryption the original packet payload should NOT be readable 326assert(b'testdata' not in e[ESP].data) 327 328d = sa.decrypt(e) 329d 330 331* after decryption original packet should be preserved 332assert(d[TCP] == p[TCP]) 333 334# Generated with Linux 4.4.0-62-generic #83-Ubuntu 335# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ 336# mode tunnel enc 'cbc(cast5)' '0x7369787465656e6279746573206b6579' auth digest_null '' flag align4 337ref = IP() \ 338 / ESP(spi=0x222, 339 data=b'\xcd\x4a\x46\x05\x51\x54\x73\x35\x1d\xad\x4b\x10\xc1\x15\xe2\x70' 340 b'\xbc\x9c\x53\x8f\x4d\x1c\x87\x1a\xc1\xb0\xdf\x80\xd1\x0c\xa4\x59' 341 b'\xe6\x50\xde\x46\xdb\x3f\x28\xc2\xda\x6c\x2b\x81\x5e\x7c\x7b\x4f' 342 b'\xbc\x8d\xc1\x6d\x4a\x2b\x04\x91\x9e\xc4\x0b\xba\x05\xba\x3b\x71' 343 b'\xac\xe3\x16\xcf\x7f\x00\xc5\x87\x7d\x72\x48\xe6\x5b\x43\x19\x24' 344 b'\xae\xa6\x2c\xcc\xad\xbf\x37\x6c\x6e\xea\x71\x67\x73\xd6\x11\x9f', 345 seq=1) 346 347d_ref = sa.decrypt(ref) 348d_ref 349 350* Check for ICMP layer in decrypted reference 351assert(d_ref.haslayer(ICMP)) 352 353############################################################################### 354+ IPv4 / ESP - Tunnel - Encryption Algorithms 355 356####################################### 357= IPv4 / ESP - Tunnel - NULL - NULL 358~ -crypto 359 360p = IP(src='1.1.1.1', dst='2.2.2.2') 361p /= TCP(sport=45012, dport=80) 362p /= Raw('testdata') 363p = IP(raw(p)) 364p 365 366sa = SecurityAssociation(ESP, spi=0x222, 367 crypt_algo='NULL', crypt_key=None, 368 auth_algo='NULL', auth_key=None, 369 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 370 371e = sa.encrypt(p) 372e 373 374assert(isinstance(e, IP)) 375* after encryption packet should be encapsulated with the given ip tunnel header 376assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 377assert(e.chksum != p.chksum) 378assert(e.proto == socket.IPPROTO_ESP) 379assert(e.haslayer(ESP)) 380assert(not e.haslayer(TCP)) 381assert(e[ESP].spi == sa.spi) 382assert(b'testdata' in e[ESP].data) 383 384d = sa.decrypt(e) 385d 386 387* after decryption the original packet payload should be unaltered 388assert(d[TCP] == p[TCP]) 389 390####################################### 391= IPv4 / ESP - Tunnel - DES - NULL 392 393p = IP(src='1.1.1.1', dst='2.2.2.2') 394p /= TCP(sport=45012, dport=80) 395p /= Raw('testdata') 396p = IP(raw(p)) 397p 398 399sa = SecurityAssociation(ESP, spi=0x222, 400 crypt_algo='DES', crypt_key=b'8bytekey', 401 auth_algo='NULL', auth_key=None, 402 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 403 404e = sa.encrypt(p) 405e 406 407assert(isinstance(e, IP)) 408* after encryption packet should be encapsulated with the given ip tunnel header 409assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 410assert(e.chksum != p.chksum) 411* the encrypted packet should have an ESP layer 412assert(e.proto == socket.IPPROTO_ESP) 413assert(e.haslayer(ESP)) 414assert(not e.haslayer(TCP)) 415assert(e[ESP].spi == sa.spi) 416* after encryption the original packet payload should NOT be readable 417assert(b'testdata' not in e[ESP].data) 418 419d = sa.decrypt(e) 420d 421 422* after decryption the original packet payload should be unaltered 423assert(d[TCP] == p[TCP]) 424 425####################################### 426= IPv4 / ESP - Tunnel - 3DES - NULL 427 428p = IP(src='1.1.1.1', dst='2.2.2.2') 429p /= TCP(sport=45012, dport=80) 430p /= Raw('testdata') 431p = IP(raw(p)) 432p 433 434sa = SecurityAssociation(ESP, spi=0x222, 435 crypt_algo='3DES', crypt_key=b'threedifferent8byteskeys', 436 auth_algo='NULL', auth_key=None, 437 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 438 439e = sa.encrypt(p) 440e 441 442assert(isinstance(e, IP)) 443* after encryption packet should be encapsulated with the given ip tunnel header 444assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 445assert(e.chksum != p.chksum) 446* the encrypted packet should have an ESP layer 447assert(e.proto == socket.IPPROTO_ESP) 448assert(e.haslayer(ESP)) 449assert(not e.haslayer(TCP)) 450assert(e[ESP].spi == sa.spi) 451* after encryption the original packet payload should NOT be readable 452assert(b'testdata' not in e[ESP].data) 453 454d = sa.decrypt(e) 455d 456 457* after decryption the original packet payload should be unaltered 458assert(d[TCP] == p[TCP]) 459 460####################################### 461= IPv4 / ESP - Tunnel - AES-CBC - NULL 462 463p = IP(src='1.1.1.1', dst='2.2.2.2') 464p /= TCP(sport=45012, dport=80) 465p /= Raw('testdata') 466p = IP(raw(p)) 467p 468 469sa = SecurityAssociation(ESP, spi=0x222, 470 crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key', 471 auth_algo='NULL', auth_key=None, 472 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 473 474e = sa.encrypt(p) 475e 476 477assert(isinstance(e, IP)) 478* after encryption packet should be encapsulated with the given ip tunnel header 479assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 480assert(e.chksum != p.chksum) 481assert(e.proto == socket.IPPROTO_ESP) 482assert(e.haslayer(ESP)) 483assert(not e.haslayer(TCP)) 484assert(e[ESP].spi == sa.spi) 485* after encryption the original packet payload should NOT be readable 486assert(b'testdata' not in e[ESP].data) 487 488d = sa.decrypt(e) 489d 490 491* after decryption the original packet payload should be unaltered 492assert(d[TCP] == p[TCP]) 493 494####################################### 495= IPv4 / ESP - Tunnel - AES-CTR - NULL 496 497p = IP(src='1.1.1.1', dst='2.2.2.2') 498p /= TCP(sport=45012, dport=80) 499p /= Raw('testdata') 500p = IP(raw(p)) 501p 502 503sa = SecurityAssociation(ESP, spi=0x222, 504 crypt_algo='AES-CTR', crypt_key=b'16bytekey+4bytenonce', 505 auth_algo='NULL', auth_key=None, 506 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 507 508e = sa.encrypt(p) 509e 510 511assert(isinstance(e, IP)) 512* after encryption packet should be encapsulated with the given ip tunnel header 513assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 514assert(e.chksum != p.chksum) 515assert(e.proto == socket.IPPROTO_ESP) 516assert(e.haslayer(ESP)) 517assert(not e.haslayer(TCP)) 518assert(e[ESP].spi == sa.spi) 519* after encryption the original packet payload should NOT be readable 520assert(b'testdata' not in e[ESP].data) 521 522d = sa.decrypt(e) 523d 524 525* after decryption original packet should be preserved 526assert(d[TCP] == p[TCP]) 527 528####################################### 529= IPv4 / ESP - Tunnel - Blowfish - NULL 530 531p = IP(src='1.1.1.1', dst='2.2.2.2') 532p /= TCP(sport=45012, dport=80) 533p /= Raw('testdata') 534p = IP(raw(p)) 535p 536 537sa = SecurityAssociation(ESP, spi=0x222, 538 crypt_algo='Blowfish', crypt_key=b'sixteenbytes key', 539 auth_algo='NULL', auth_key=None, 540 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 541 542e = sa.encrypt(p) 543e 544 545assert(isinstance(e, IP)) 546* after encryption packet should be encapsulated with the given ip tunnel header 547assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 548assert(e.chksum != p.chksum) 549assert(e.proto == socket.IPPROTO_ESP) 550assert(e.haslayer(ESP)) 551assert(not e.haslayer(TCP)) 552assert(e[ESP].spi == sa.spi) 553* after encryption the original packet payload should NOT be readable 554assert(b'testdata' not in e[ESP].data) 555 556d = sa.decrypt(e) 557d 558 559* after decryption original packet should be preserved 560assert(d[TCP] == p[TCP]) 561 562####################################### 563= IPv4 / ESP - Tunnel - CAST - NULL 564 565p = IP(src='1.1.1.1', dst='2.2.2.2') 566p /= TCP(sport=45012, dport=80) 567p /= Raw('testdata') 568p = IP(raw(p)) 569p 570 571sa = SecurityAssociation(ESP, spi=0x222, 572 crypt_algo='CAST', crypt_key=b'sixteenbytes key', 573 auth_algo='NULL', auth_key=None, 574 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 575 576e = sa.encrypt(p) 577e 578 579assert(isinstance(e, IP)) 580* after encryption packet should be encapsulated with the given ip tunnel header 581assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 582assert(e.chksum != p.chksum) 583assert(e.proto == socket.IPPROTO_ESP) 584assert(e.haslayer(ESP)) 585assert(not e.haslayer(TCP)) 586assert(e[ESP].spi == sa.spi) 587* after encryption the original packet payload should NOT be readable 588assert(b'testdata' not in e[ESP].data) 589 590d = sa.decrypt(e) 591d 592 593* after decryption original packet should be preserved 594assert(d[TCP] == p[TCP]) 595 596############################################################################### 597+ IPv4 / ESP - Transport - Authentication Algorithms 598 599####################################### 600= IPv4 / ESP - Transport - NULL - HMAC-SHA1-96 601 602p = IP(src='1.1.1.1', dst='2.2.2.2') 603p /= TCP(sport=45012, dport=80) 604p /= Raw('testdata') 605p = IP(raw(p)) 606p 607 608sa = SecurityAssociation(ESP, spi=0x222, 609 crypt_algo='NULL', crypt_key=None, 610 auth_algo='HMAC-SHA1-96', auth_key=b'secret key') 611 612e = sa.encrypt(p) 613e 614 615assert(isinstance(e, IP)) 616assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 617assert(e.chksum != p.chksum) 618assert(e.proto == socket.IPPROTO_ESP) 619assert(e.haslayer(ESP)) 620assert(not e.haslayer(TCP)) 621assert(e[ESP].spi == sa.spi) 622assert(b'testdata' in e[ESP].data) 623 624* integrity verification should pass 625d = sa.decrypt(e) 626 627* after decryption the original packet payload should be unaltered 628assert(d[TCP] == p[TCP]) 629 630####################################### 631= IPv4 / ESP - Transport - NULL - HMAC-SHA1-96 - altered packet 632 633p = IP(src='1.1.1.1', dst='2.2.2.2') 634p /= TCP(sport=45012, dport=80) 635p /= Raw('testdata') 636p = IP(raw(p)) 637p 638 639sa = SecurityAssociation(ESP, spi=0x222, 640 crypt_algo='NULL', crypt_key=None, 641 auth_algo='HMAC-SHA1-96', auth_key=b'secret key') 642 643e = sa.encrypt(p) 644e 645 646assert(isinstance(e, IP)) 647assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 648assert(e.chksum != p.chksum) 649assert(e.proto == socket.IPPROTO_ESP) 650assert(e.haslayer(ESP)) 651assert(not e.haslayer(TCP)) 652assert(e[ESP].spi == sa.spi) 653assert(b'testdata' in e[ESP].data) 654 655* simulate the alteration of the packet before decryption 656e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 657 658* integrity verification should fail 659try: 660 d = sa.decrypt(e) 661 assert(False) 662except IPSecIntegrityError as err: 663 err 664 665####################################### 666= IPv4 / ESP - Transport - NULL - SHA2-256-128 667 668p = IP(src='1.1.1.1', dst='2.2.2.2') 669p /= TCP(sport=45012, dport=80) 670p /= Raw('testdata') 671p = IP(raw(p)) 672p 673 674sa = SecurityAssociation(ESP, spi=0x222, 675 crypt_algo='NULL', crypt_key=None, 676 auth_algo='SHA2-256-128', auth_key=b'secret key') 677 678e = sa.encrypt(p) 679e 680 681assert(isinstance(e, IP)) 682assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 683assert(e.chksum != p.chksum) 684assert(e.proto == socket.IPPROTO_ESP) 685assert(e.haslayer(ESP)) 686assert(not e.haslayer(TCP)) 687assert(e[ESP].spi == sa.spi) 688* after encryption the original packet payload should be readable 689assert(b'testdata' in e[ESP].data) 690 691* integrity verification should pass 692d = sa.decrypt(e) 693 694* after decryption the original packet should be preserved 695assert(d == p) 696 697####################################### 698= IPv4 / ESP - Transport - NULL - SHA2-256-128 - altered packet 699 700p = IP(src='1.1.1.1', dst='2.2.2.2') 701p /= TCP(sport=45012, dport=80) 702p /= Raw('testdata') 703p = IP(raw(p)) 704p 705 706sa = SecurityAssociation(ESP, spi=0x222, 707 crypt_algo='NULL', crypt_key=None, 708 auth_algo='SHA2-256-128', auth_key=b'secret key') 709 710e = sa.encrypt(p) 711e 712 713assert(isinstance(e, IP)) 714assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 715assert(e.chksum != p.chksum) 716assert(e.proto == socket.IPPROTO_ESP) 717assert(e.haslayer(ESP)) 718assert(not e.haslayer(TCP)) 719assert(e[ESP].spi == sa.spi) 720* after encryption the original packet payload should be readable 721assert(b'testdata' in e[ESP].data) 722 723* simulate the alteration of the packet before decryption 724e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 725 726* integrity verification should fail 727try: 728 d = sa.decrypt(e) 729 assert(False) 730except IPSecIntegrityError as err: 731 err 732 733####################################### 734= IPv4 / ESP - Transport - NULL - SHA2-384-192 735 736p = IP(src='1.1.1.1', dst='2.2.2.2') 737p /= TCP(sport=45012, dport=80) 738p /= Raw('testdata') 739p = IP(raw(p)) 740p 741 742sa = SecurityAssociation(ESP, spi=0x222, 743 crypt_algo='NULL', crypt_key=None, 744 auth_algo='SHA2-384-192', auth_key=b'secret key') 745 746e = sa.encrypt(p) 747e 748 749assert(isinstance(e, IP)) 750assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 751assert(e.chksum != p.chksum) 752assert(e.proto == socket.IPPROTO_ESP) 753assert(e.haslayer(ESP)) 754assert(not e.haslayer(TCP)) 755assert(e[ESP].spi == sa.spi) 756* after encryption the original packet payload should be readable 757assert(b'testdata' in e[ESP].data) 758 759* integrity verification should pass 760d = sa.decrypt(e) 761 762* after decryption the original packet should be preserved 763assert(d == p) 764 765####################################### 766= IPv4 / ESP - Transport - NULL - SHA2-384-192 - altered packet 767 768p = IP(src='1.1.1.1', dst='2.2.2.2') 769p /= TCP(sport=45012, dport=80) 770p /= Raw('testdata') 771p = IP(raw(p)) 772p 773 774sa = SecurityAssociation(ESP, spi=0x222, 775 crypt_algo='NULL', crypt_key=None, 776 auth_algo='SHA2-384-192', auth_key=b'secret key') 777 778e = sa.encrypt(p) 779e 780 781assert(isinstance(e, IP)) 782assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 783assert(e.chksum != p.chksum) 784assert(e.proto == socket.IPPROTO_ESP) 785assert(e.haslayer(ESP)) 786assert(not e.haslayer(TCP)) 787assert(e[ESP].spi == sa.spi) 788* after encryption the original packet payload should be readable 789assert(b'testdata' in e[ESP].data) 790 791* simulate the alteration of the packet before decryption 792e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 793 794* integrity verification should fail 795try: 796 d = sa.decrypt(e) 797 assert(False) 798except IPSecIntegrityError as err: 799 err 800 801####################################### 802= IPv4 / ESP - Transport - NULL - SHA2-512-256 803 804p = IP(src='1.1.1.1', dst='2.2.2.2') 805p /= TCP(sport=45012, dport=80) 806p /= Raw('testdata') 807p = IP(raw(p)) 808p 809 810sa = SecurityAssociation(ESP, spi=0x222, 811 crypt_algo='NULL', crypt_key=None, 812 auth_algo='SHA2-512-256', auth_key=b'secret key') 813 814e = sa.encrypt(p) 815e 816 817assert(isinstance(e, IP)) 818assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 819assert(e.chksum != p.chksum) 820assert(e.proto == socket.IPPROTO_ESP) 821assert(e.haslayer(ESP)) 822assert(not e.haslayer(TCP)) 823assert(e[ESP].spi == sa.spi) 824* after encryption the original packet payload should be readable 825assert(b'testdata' in e[ESP].data) 826 827* integrity verification should pass 828d = sa.decrypt(e) 829 830* after decryption the original packet should be preserved 831assert(d == p) 832 833####################################### 834= IPv4 / ESP - Transport - NULL - SHA2-512-256 - altered packet 835 836p = IP(src='1.1.1.1', dst='2.2.2.2') 837p /= TCP(sport=45012, dport=80) 838p /= Raw('testdata') 839p = IP(raw(p)) 840p 841 842sa = SecurityAssociation(ESP, spi=0x222, 843 crypt_algo='NULL', crypt_key=None, 844 auth_algo='SHA2-512-256', auth_key=b'secret key') 845 846e = sa.encrypt(p) 847e 848 849assert(isinstance(e, IP)) 850assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 851assert(e.chksum != p.chksum) 852assert(e.proto == socket.IPPROTO_ESP) 853assert(e.haslayer(ESP)) 854assert(not e.haslayer(TCP)) 855assert(e[ESP].spi == sa.spi) 856* after encryption the original packet payload should be readable 857assert(b'testdata' in e[ESP].data) 858 859* simulate the alteration of the packet before decryption 860e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 861 862* integrity verification should fail 863try: 864 d = sa.decrypt(e) 865 assert(False) 866except IPSecIntegrityError as err: 867 err 868 869####################################### 870= IPv4 / ESP - Transport - NULL - HMAC-MD5-96 871 872p = IP(src='1.1.1.1', dst='2.2.2.2') 873p /= TCP(sport=45012, dport=80) 874p /= Raw('testdata') 875p = IP(raw(p)) 876p 877 878sa = SecurityAssociation(ESP, spi=0x222, 879 crypt_algo='NULL', crypt_key=None, 880 auth_algo='HMAC-MD5-96', auth_key=b'secret key') 881 882e = sa.encrypt(p) 883e 884 885assert(isinstance(e, IP)) 886assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 887assert(e.chksum != p.chksum) 888assert(e.proto == socket.IPPROTO_ESP) 889assert(e.haslayer(ESP)) 890assert(not e.haslayer(TCP)) 891assert(e[ESP].spi == sa.spi) 892* after encryption the original packet payload should be readable 893assert(b'testdata' in e[ESP].data) 894 895* integrity verification should pass 896d = sa.decrypt(e) 897 898* after decryption the original packet should be preserved 899assert(d == p) 900 901####################################### 902= IPv4 / ESP - Transport - NULL - HMAC-MD5-96 - altered packet 903 904p = IP(src='1.1.1.1', dst='2.2.2.2') 905p /= TCP(sport=45012, dport=80) 906p /= Raw('testdata') 907p = IP(raw(p)) 908p 909 910sa = SecurityAssociation(ESP, spi=0x222, 911 crypt_algo='NULL', crypt_key=None, 912 auth_algo='HMAC-MD5-96', auth_key=b'secret key') 913 914e = sa.encrypt(p) 915e 916 917assert(isinstance(e, IP)) 918assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 919assert(e.chksum != p.chksum) 920assert(e.proto == socket.IPPROTO_ESP) 921assert(e.haslayer(ESP)) 922assert(not e.haslayer(TCP)) 923assert(e[ESP].spi == sa.spi) 924* after encryption the original packet payload should be readable 925assert(b'testdata' in e[ESP].data) 926 927* simulate the alteration of the packet before decryption 928e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 929 930* integrity verification should fail 931try: 932 d = sa.decrypt(e) 933 assert(False) 934except IPSecIntegrityError as err: 935 err 936 937####################################### 938= IPv4 / ESP - Transport - NULL - AES-CMAC-96 939 940p = IP(src='1.1.1.1', dst='2.2.2.2') 941p /= TCP(sport=45012, dport=80) 942p /= Raw('testdata') 943p = IP(raw(p)) 944p 945 946sa = SecurityAssociation(ESP, spi=0x222, 947 crypt_algo='NULL', crypt_key=None, 948 auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key') 949 950e = sa.encrypt(p) 951e 952 953assert(isinstance(e, IP)) 954assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 955assert(e.chksum != p.chksum) 956assert(e.proto == socket.IPPROTO_ESP) 957assert(e.haslayer(ESP)) 958assert(not e.haslayer(TCP)) 959assert(e[ESP].spi == sa.spi) 960* after encryption the original packet payload should be readable 961assert(b'testdata' in e[ESP].data) 962 963* integrity verification should pass 964d = sa.decrypt(e) 965 966* after decryption the original packet should be preserved 967assert(d == p) 968 969####################################### 970= IPv4 / ESP - Transport - NULL - AES-CMAC-96 - altered packet 971 972p = IP(src='1.1.1.1', dst='2.2.2.2') 973p /= TCP(sport=45012, dport=80) 974p /= Raw('testdata') 975p = IP(raw(p)) 976p 977 978sa = SecurityAssociation(ESP, spi=0x222, 979 crypt_algo='NULL', crypt_key=None, 980 auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key') 981 982e = sa.encrypt(p) 983e 984 985assert(isinstance(e, IP)) 986assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 987assert(e.chksum != p.chksum) 988assert(e.proto == socket.IPPROTO_ESP) 989assert(e.haslayer(ESP)) 990assert(not e.haslayer(TCP)) 991assert(e[ESP].spi == sa.spi) 992* after encryption the original packet payload should be readable 993assert(b'testdata' in e[ESP].data) 994 995* simulate the alteration of the packet before decryption 996e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 997 998* integrity verification should fail 999try: 1000 d = sa.decrypt(e) 1001 assert(False) 1002except IPSecIntegrityError as err: 1003 err 1004 1005############################################################################### 1006+ IPv4 / ESP - Tunnel - Authentication Algorithms 1007 1008####################################### 1009= IPv4 / ESP - Tunnel - NULL - HMAC-SHA1-96 1010 1011p = IP(src='1.1.1.1', dst='2.2.2.2') 1012p /= TCP(sport=45012, dport=80) 1013p /= Raw('testdata') 1014p = IP(raw(p)) 1015p 1016 1017sa = SecurityAssociation(ESP, spi=0x222, 1018 crypt_algo='NULL', crypt_key=None, 1019 auth_algo='HMAC-SHA1-96', auth_key=b'secret key', 1020 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1021 1022e = sa.encrypt(p) 1023e 1024 1025assert(isinstance(e, IP)) 1026* after encryption packet should be encapsulated with the given ip tunnel header 1027assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1028assert(e.chksum != p.chksum) 1029assert(e.proto == socket.IPPROTO_ESP) 1030assert(e.haslayer(ESP)) 1031assert(not e.haslayer(TCP)) 1032assert(e[ESP].spi == sa.spi) 1033assert(b'testdata' in e[ESP].data) 1034 1035* integrity verification should pass 1036d = sa.decrypt(e) 1037 1038* after decryption the original packet payload should be unaltered 1039assert(d[TCP] == p[TCP]) 1040 1041####################################### 1042= IPv4 / ESP - Tunnel - NULL - HMAC-SHA1-96 - altered packet 1043 1044p = IP(src='1.1.1.1', dst='2.2.2.2') 1045p /= TCP(sport=45012, dport=80) 1046p /= Raw('testdata') 1047p = IP(raw(p)) 1048p 1049 1050sa = SecurityAssociation(ESP, spi=0x222, 1051 crypt_algo='NULL', crypt_key=None, 1052 auth_algo='HMAC-SHA1-96', auth_key=b'secret key', 1053 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1054 1055e = sa.encrypt(p) 1056e 1057 1058assert(isinstance(e, IP)) 1059* after encryption packet should be encapsulated with the given ip tunnel header 1060assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1061assert(e.chksum != p.chksum) 1062assert(e.proto == socket.IPPROTO_ESP) 1063assert(e.haslayer(ESP)) 1064assert(not e.haslayer(TCP)) 1065assert(e[ESP].spi == sa.spi) 1066assert(b'testdata' in e[ESP].data) 1067 1068* simulate the alteration of the packet before decryption 1069e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 1070 1071* integrity verification should fail 1072try: 1073 d = sa.decrypt(e) 1074 assert(False) 1075except IPSecIntegrityError as err: 1076 err 1077 1078####################################### 1079= IPv4 / ESP - Tunnel - NULL - SHA2-256-128 1080 1081p = IP(src='1.1.1.1', dst='2.2.2.2') 1082p /= TCP(sport=45012, dport=80) 1083p /= Raw('testdata') 1084p = IP(raw(p)) 1085p 1086 1087sa = SecurityAssociation(ESP, spi=0x222, 1088 crypt_algo='NULL', crypt_key=None, 1089 auth_algo='SHA2-256-128', auth_key=b'secret key', 1090 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1091 1092e = sa.encrypt(p) 1093e 1094 1095assert(isinstance(e, IP)) 1096* after encryption packet should be encapsulated with the given ip tunnel header 1097assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1098assert(e.chksum != p.chksum) 1099assert(e.proto == socket.IPPROTO_ESP) 1100assert(e.haslayer(ESP)) 1101assert(not e.haslayer(TCP)) 1102assert(e[ESP].spi == sa.spi) 1103* after encryption the original packet payload should be readable 1104assert(b'testdata' in e[ESP].data) 1105 1106* integrity verification should pass 1107d = sa.decrypt(e) 1108 1109* after decryption the original packet should be preserved 1110assert(d == p) 1111 1112####################################### 1113= IPv4 / ESP - Tunnel - NULL - SHA2-256-128 - altered packet 1114 1115p = IP(src='1.1.1.1', dst='2.2.2.2') 1116p /= TCP(sport=45012, dport=80) 1117p /= Raw('testdata') 1118p = IP(raw(p)) 1119p 1120 1121sa = SecurityAssociation(ESP, spi=0x222, 1122 crypt_algo='NULL', crypt_key=None, 1123 auth_algo='SHA2-256-128', auth_key=b'secret key', 1124 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1125 1126e = sa.encrypt(p) 1127e 1128 1129assert(isinstance(e, IP)) 1130* after encryption packet should be encapsulated with the given ip tunnel header 1131assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1132assert(e.chksum != p.chksum) 1133assert(e.proto == socket.IPPROTO_ESP) 1134assert(e.haslayer(ESP)) 1135assert(not e.haslayer(TCP)) 1136assert(e[ESP].spi == sa.spi) 1137* after encryption the original packet payload should be readable 1138assert(b'testdata' in e[ESP].data) 1139 1140* simulate the alteration of the packet before decryption 1141e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 1142 1143* integrity verification should fail 1144try: 1145 d = sa.decrypt(e) 1146 assert(False) 1147except IPSecIntegrityError as err: 1148 err 1149 1150####################################### 1151= IPv4 / ESP - Tunnel - NULL - SHA2-384-192 1152 1153p = IP(src='1.1.1.1', dst='2.2.2.2') 1154p /= TCP(sport=45012, dport=80) 1155p /= Raw('testdata') 1156p = IP(raw(p)) 1157p 1158 1159sa = SecurityAssociation(ESP, spi=0x222, 1160 crypt_algo='NULL', crypt_key=None, 1161 auth_algo='SHA2-384-192', auth_key=b'secret key', 1162 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1163 1164e = sa.encrypt(p) 1165e 1166 1167assert(isinstance(e, IP)) 1168* after encryption packet should be encapsulated with the given ip tunnel header 1169assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1170assert(e.chksum != p.chksum) 1171assert(e.proto == socket.IPPROTO_ESP) 1172assert(e.haslayer(ESP)) 1173assert(not e.haslayer(TCP)) 1174assert(e[ESP].spi == sa.spi) 1175* after encryption the original packet payload should be readable 1176assert(b'testdata' in e[ESP].data) 1177 1178* integrity verification should pass 1179d = sa.decrypt(e) 1180 1181* after decryption the original packet should be preserved 1182assert(d == p) 1183 1184####################################### 1185= IPv4 / ESP - Tunnel - NULL - SHA2-384-192 - altered packet 1186 1187p = IP(src='1.1.1.1', dst='2.2.2.2') 1188p /= TCP(sport=45012, dport=80) 1189p /= Raw('testdata') 1190p = IP(raw(p)) 1191p 1192 1193sa = SecurityAssociation(ESP, spi=0x222, 1194 crypt_algo='NULL', crypt_key=None, 1195 auth_algo='SHA2-384-192', auth_key=b'secret key', 1196 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1197 1198e = sa.encrypt(p) 1199e 1200 1201assert(isinstance(e, IP)) 1202* after encryption packet should be encapsulated with the given ip tunnel header 1203assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1204assert(e.chksum != p.chksum) 1205assert(e.proto == socket.IPPROTO_ESP) 1206assert(e.haslayer(ESP)) 1207assert(not e.haslayer(TCP)) 1208assert(e[ESP].spi == sa.spi) 1209* after encryption the original packet payload should be readable 1210assert(b'testdata' in e[ESP].data) 1211 1212* simulate the alteration of the packet before decryption 1213e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 1214 1215* integrity verification should fail 1216try: 1217 d = sa.decrypt(e) 1218 assert(False) 1219except IPSecIntegrityError as err: 1220 err 1221 1222####################################### 1223= IPv4 / ESP - Tunnel - NULL - SHA2-512-256 1224 1225p = IP(src='1.1.1.1', dst='2.2.2.2') 1226p /= TCP(sport=45012, dport=80) 1227p /= Raw('testdata') 1228p = IP(raw(p)) 1229p 1230 1231sa = SecurityAssociation(ESP, spi=0x222, 1232 crypt_algo='NULL', crypt_key=None, 1233 auth_algo='SHA2-512-256', auth_key=b'secret key', 1234 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1235 1236e = sa.encrypt(p) 1237e 1238 1239assert(isinstance(e, IP)) 1240* after encryption packet should be encapsulated with the given ip tunnel header 1241assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1242assert(e.chksum != p.chksum) 1243assert(e.proto == socket.IPPROTO_ESP) 1244assert(e.haslayer(ESP)) 1245assert(not e.haslayer(TCP)) 1246assert(e[ESP].spi == sa.spi) 1247* after encryption the original packet payload should be readable 1248assert(b'testdata' in e[ESP].data) 1249 1250* integrity verification should pass 1251d = sa.decrypt(e) 1252 1253* after decryption the original packet should be preserved 1254assert(d == p) 1255 1256####################################### 1257= IPv4 / ESP - Tunnel - NULL - SHA2-512-256 - altered packet 1258 1259p = IP(src='1.1.1.1', dst='2.2.2.2') 1260p /= TCP(sport=45012, dport=80) 1261p /= Raw('testdata') 1262p = IP(raw(p)) 1263p 1264 1265sa = SecurityAssociation(ESP, spi=0x222, 1266 crypt_algo='NULL', crypt_key=None, 1267 auth_algo='SHA2-512-256', auth_key=b'secret key', 1268 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1269 1270e = sa.encrypt(p) 1271e 1272 1273assert(isinstance(e, IP)) 1274* after encryption packet should be encapsulated with the given ip tunnel header 1275assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1276assert(e.chksum != p.chksum) 1277assert(e.proto == socket.IPPROTO_ESP) 1278assert(e.haslayer(ESP)) 1279assert(not e.haslayer(TCP)) 1280assert(e[ESP].spi == sa.spi) 1281* after encryption the original packet payload should be readable 1282assert(b'testdata' in e[ESP].data) 1283 1284* simulate the alteration of the packet before decryption 1285e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 1286 1287* integrity verification should fail 1288try: 1289 d = sa.decrypt(e) 1290 assert(False) 1291except IPSecIntegrityError as err: 1292 err 1293 1294####################################### 1295= IPv4 / ESP - Tunnel - NULL - HMAC-MD5-96 1296 1297p = IP(src='1.1.1.1', dst='2.2.2.2') 1298p /= TCP(sport=45012, dport=80) 1299p /= Raw('testdata') 1300p = IP(raw(p)) 1301p 1302 1303sa = SecurityAssociation(ESP, spi=0x222, 1304 crypt_algo='NULL', crypt_key=None, 1305 auth_algo='HMAC-MD5-96', auth_key=b'secret key', 1306 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1307 1308e = sa.encrypt(p) 1309e 1310 1311assert(isinstance(e, IP)) 1312* after encryption packet should be encapsulated with the given ip tunnel header 1313assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1314assert(e.chksum != p.chksum) 1315assert(e.proto == socket.IPPROTO_ESP) 1316assert(e.haslayer(ESP)) 1317assert(not e.haslayer(TCP)) 1318assert(e[ESP].spi == sa.spi) 1319* after encryption the original packet payload should be readable 1320assert(b'testdata' in e[ESP].data) 1321 1322* integrity verification should pass 1323d = sa.decrypt(e) 1324 1325* after decryption the original packet should be preserved 1326assert(d == p) 1327 1328####################################### 1329= IPv4 / ESP - Tunnel - NULL - HMAC-MD5-96 - altered packet 1330 1331p = IP(src='1.1.1.1', dst='2.2.2.2') 1332p /= TCP(sport=45012, dport=80) 1333p /= Raw('testdata') 1334p = IP(raw(p)) 1335p 1336 1337sa = SecurityAssociation(ESP, spi=0x222, 1338 crypt_algo='NULL', crypt_key=None, 1339 auth_algo='HMAC-MD5-96', auth_key=b'secret key', 1340 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1341 1342e = sa.encrypt(p) 1343e 1344 1345assert(isinstance(e, IP)) 1346* after encryption packet should be encapsulated with the given ip tunnel header 1347assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1348assert(e.chksum != p.chksum) 1349assert(e.proto == socket.IPPROTO_ESP) 1350assert(e.haslayer(ESP)) 1351assert(not e.haslayer(TCP)) 1352assert(e[ESP].spi == sa.spi) 1353* after encryption the original packet payload should be readable 1354assert(b'testdata' in e[ESP].data) 1355 1356* simulate the alteration of the packet before decryption 1357e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 1358 1359* integrity verification should fail 1360try: 1361 d = sa.decrypt(e) 1362 assert(False) 1363except IPSecIntegrityError as err: 1364 err 1365 1366####################################### 1367= IPv4 / ESP - Tunnel - NULL - AES-CMAC-96 1368 1369p = IP(src='1.1.1.1', dst='2.2.2.2') 1370p /= TCP(sport=45012, dport=80) 1371p /= Raw('testdata') 1372p = IP(raw(p)) 1373p 1374 1375sa = SecurityAssociation(ESP, spi=0x222, 1376 crypt_algo='NULL', crypt_key=None, 1377 auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key', 1378 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1379 1380e = sa.encrypt(p) 1381e 1382 1383assert(isinstance(e, IP)) 1384* after encryption packet should be encapsulated with the given ip tunnel header 1385assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1386assert(e.chksum != p.chksum) 1387assert(e.proto == socket.IPPROTO_ESP) 1388assert(e.haslayer(ESP)) 1389assert(not e.haslayer(TCP)) 1390assert(e[ESP].spi == sa.spi) 1391* after encryption the original packet payload should be readable 1392assert(b'testdata' in e[ESP].data) 1393 1394* integrity verification should pass 1395d = sa.decrypt(e) 1396 1397* after decryption the original packet should be preserved 1398assert(d == p) 1399 1400####################################### 1401= IPv4 / ESP - Tunnel - NULL - AES-CMAC-96 - altered packet 1402 1403p = IP(src='1.1.1.1', dst='2.2.2.2') 1404p /= TCP(sport=45012, dport=80) 1405p /= Raw('testdata') 1406p = IP(raw(p)) 1407p 1408 1409sa = SecurityAssociation(ESP, spi=0x222, 1410 crypt_algo='NULL', crypt_key=None, 1411 auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key', 1412 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1413 1414e = sa.encrypt(p) 1415e 1416 1417assert(isinstance(e, IP)) 1418* after encryption packet should be encapsulated with the given ip tunnel header 1419assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1420assert(e.chksum != p.chksum) 1421assert(e.proto == socket.IPPROTO_ESP) 1422assert(e.haslayer(ESP)) 1423assert(not e.haslayer(TCP)) 1424assert(e[ESP].spi == sa.spi) 1425* after encryption the original packet payload should be readable 1426assert(b'testdata' in e[ESP].data) 1427 1428* simulate the alteration of the packet before decryption 1429e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 1430 1431* integrity verification should fail 1432try: 1433 d = sa.decrypt(e) 1434 assert(False) 1435except IPSecIntegrityError as err: 1436 err 1437 1438############################################################################### 1439+ IPv4 / ESP - Encryption + Authentication 1440 1441####################################### 1442= IPv4 / ESP - Transport - AES-CBC - HMAC-SHA1-96 1443 1444p = IP(src='1.1.1.1', dst='2.2.2.2') 1445p /= TCP(sport=45012, dport=80) 1446p /= Raw('testdata') 1447p = IP(raw(p)) 1448p 1449 1450sa = SecurityAssociation(ESP, spi=0x222, 1451 crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key', 1452 auth_algo='HMAC-SHA1-96', auth_key=b'secret key') 1453 1454e = sa.encrypt(p) 1455e 1456 1457assert(isinstance(e, IP)) 1458assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 1459assert(e.chksum != p.chksum) 1460assert(e.proto == socket.IPPROTO_ESP) 1461assert(e.haslayer(ESP)) 1462assert(not e.haslayer(TCP)) 1463assert(e[ESP].spi == sa.spi) 1464* after encryption the original packet payload should NOT be readable 1465assert(b'testdata' not in e[ESP].data) 1466 1467d = sa.decrypt(e) 1468d 1469 1470* after decryption the original packet payload should be unaltered 1471assert(d[TCP] == p[TCP]) 1472 1473####################################### 1474= IPv4 / ESP - Transport - AES-CBC - HMAC-SHA1-96 - altered packet 1475 1476p = IP(src='1.1.1.1', dst='2.2.2.2') 1477p /= TCP(sport=45012, dport=80) 1478p /= Raw('testdata') 1479p = IP(raw(p)) 1480p 1481 1482sa = SecurityAssociation(ESP, spi=0x222, 1483 crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key', 1484 auth_algo='HMAC-SHA1-96', auth_key=b'secret key') 1485 1486e = sa.encrypt(p) 1487e 1488 1489assert(isinstance(e, IP)) 1490assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 1491assert(e.chksum != p.chksum) 1492assert(e.proto == socket.IPPROTO_ESP) 1493assert(e.haslayer(ESP)) 1494assert(not e.haslayer(TCP)) 1495assert(e[ESP].spi == sa.spi) 1496* after encryption the original packet payload should NOT be readable 1497assert(b'testdata' not in e[ESP].data) 1498 1499* simulate the alteration of the packet before decryption 1500e[ESP].seq += 1 1501 1502* integrity verification should fail 1503try: 1504 d = sa.decrypt(e) 1505 assert(False) 1506except IPSecIntegrityError as err: 1507 err 1508 1509####################################### 1510= IPv4 / ESP - Transport - AES-GCM - NULL 1511 1512p = IP(src='1.1.1.1', dst='2.2.2.2') 1513p /= TCP(sport=45012, dport=80) 1514p /= Raw('testdata') 1515p = IP(raw(p)) 1516p 1517 1518sa = SecurityAssociation(ESP, spi=0x222, 1519 crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce', 1520 auth_algo='NULL', auth_key=None) 1521 1522e = sa.encrypt(p) 1523e 1524 1525assert(isinstance(e, IP)) 1526assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 1527assert(e.chksum != p.chksum) 1528assert(e.proto == socket.IPPROTO_ESP) 1529assert(e.haslayer(ESP)) 1530assert(not e.haslayer(TCP)) 1531assert(e[ESP].spi == sa.spi) 1532* after encryption the original packet payload should NOT be readable 1533assert(b'testdata' not in e[ESP].data) 1534 1535d = sa.decrypt(e) 1536d 1537 1538* after decryption original packet should be preserved 1539assert(d[TCP] == p[TCP]) 1540 1541# Generated with Linux 4.4.0-62-generic #83-Ubuntu 1542# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ 1543# mode tunnel aead 'rfc4106(gcm(aes))' '0x3136627974656b65792b34627974656e6f6e6365' 128 flag align4 1544ref = IP() \ 1545 / ESP(spi=0x222, 1546 data=b'\x66\x00\x28\x86\xe9\xdf\xc5\x24\xb0\xbd\xfd\x62\x61\x7e\xd3\x76' 1547 b'\x7b\x48\x28\x8e\x76\xaa\xea\x48\xb8\x40\x30\x8a\xce\x50\x71\xbb' 1548 b'\xc0\xb2\x47\x71\xd7\xa4\xa0\xcb\x03\x68\xd3\x16\x5a\x7c\x37\x84' 1549 b'\x87\xc7\x19\x59\xb4\x7c\x76\xe3\x48\xc0\x90\x4b\xd2\x36\x95\xc1' 1550 b'\xb7\xa4\xb6\x7b\x89\xe6\x4f\x10\xae\xdb\x84\x47\x46\x00\xb4\x44' 1551 b'\xe6\x6d\x16\x55\x5f\x82\x36\xa5\x49\xf7\x52\x81\x65\x90\x4d\x28' 1552 b'\x92\xb2\xe3\xf1\xa4\x02\xd2\x37\xac\x0b\x7a\x10\xcf\x64\x46\xb9', 1553 seq=1) 1554 1555d_ref = sa.decrypt(ref) 1556d_ref 1557 1558* Check for ICMP layer in decrypted reference 1559assert(d_ref.haslayer(ICMP)) 1560 1561####################################### 1562= IPv4 / ESP - Transport - AES-GCM - NULL - altered packet 1563 1564p = IP(src='1.1.1.1', dst='2.2.2.2') 1565p /= TCP(sport=45012, dport=80) 1566p /= Raw('testdata') 1567p = IP(raw(p)) 1568p 1569 1570sa = SecurityAssociation(ESP, spi=0x222, 1571 crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce', 1572 auth_algo='NULL', auth_key=None) 1573 1574e = sa.encrypt(p) 1575e 1576 1577assert(isinstance(e, IP)) 1578assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 1579assert(e.chksum != p.chksum) 1580assert(e.proto == socket.IPPROTO_ESP) 1581assert(e.haslayer(ESP)) 1582assert(not e.haslayer(TCP)) 1583assert(e[ESP].spi == sa.spi) 1584* after encryption the original packet payload should NOT be readable 1585assert(b'testdata' not in e[ESP].data) 1586 1587* simulate the alteration of the packet before decryption 1588e[ESP].seq += 1 1589 1590* integrity verification should fail 1591try: 1592 d = sa.decrypt(e) 1593 assert(False) 1594except IPSecIntegrityError as err: 1595 err 1596 1597####################################### 1598= IPv4 / ESP - Transport - AES-CCM - NULL 1599~ crypto_advanced 1600 1601p = IP(src='1.1.1.1', dst='2.2.2.2') 1602p /= TCP(sport=45012, dport=80) 1603p /= Raw('testdata') 1604p = IP(raw(p)) 1605p 1606 1607sa = SecurityAssociation(ESP, spi=0x222, 1608 crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce', 1609 auth_algo='NULL', auth_key=None) 1610 1611e = sa.encrypt(p) 1612e 1613 1614assert(isinstance(e, IP)) 1615* after encryption packet should be encapsulated with the given ip tunnel header 1616assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1617assert(e.chksum != p.chksum) 1618assert(e.proto == socket.IPPROTO_ESP) 1619assert(e.haslayer(ESP)) 1620assert(not e.haslayer(TCP)) 1621assert(e[ESP].spi == sa.spi) 1622* after encryption the original packet payload should NOT be readable 1623assert(b'testdata' not in e[ESP].data) 1624 1625d = sa.decrypt(e) 1626d 1627 1628* after decryption original packet should be preserved 1629assert(d == p) 1630 1631# Generated with Linux 4.4.0-62-generic #83-Ubuntu 1632# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ 1633# mode tunnel aead 'rfc4309(ccm(aes))' '0x3136627974656b657933627974656e6f6e6365' 64 1634ref = IP() \ 1635 / ESP(spi=0x222, 1636 data=b'\x2e\x02\x9f\x1f\xad\x76\x80\x58\x8f\xeb\x45\xf1\x66\xe3\xad\xa6' 1637 b'\x90\x1b\x2b\x7d\xd3\x3d\xa4\x53\x35\xc8\xfa\x92\xfd\xd7\x42\x2f' 1638 b'\x87\x60\x9b\x46\xb0\x21\x5e\x82\xfb\x2f\x59\xba\xf0\x6c\xe5\x51' 1639 b'\xb8\x36\x20\x88\xfe\x49\x86\x60\xe8\x0a\x3d\x36\xb5\x8a\x08\xa9' 1640 b'\x5e\xe3\x87\xfa\x93\x3f\xe8\xc2\xc5\xbf\xb1\x2e\x6f\x7d\xc5\xa5' 1641 b'\xd8\xe5\xf3\x25\x21\x81\x43\x16\x48\x10\x7c\x04\x31\x20\x07\x7c' 1642 b'\x7b\xda\x5d\x1a\x72\x45\xc4\x79', 1643 seq=1) 1644 1645d_ref = sa.decrypt(ref) 1646d_ref 1647 1648* Check for ICMP layer in decrypted reference 1649assert(d_ref.haslayer(ICMP)) 1650 1651####################################### 1652= IPv4 / ESP - Transport - AES-CCM - NULL - altered packet 1653~ crypto_advanced 1654 1655p = IP(src='1.1.1.1', dst='2.2.2.2') 1656p /= TCP(sport=45012, dport=80) 1657p /= Raw('testdata') 1658p = IP(raw(p)) 1659p 1660 1661sa = SecurityAssociation(ESP, spi=0x222, 1662 crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce', 1663 auth_algo='NULL', auth_key=None) 1664 1665e = sa.encrypt(p) 1666e 1667 1668assert(isinstance(e, IP)) 1669* after encryption packet should be encapsulated with the given ip tunnel header 1670assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1671assert(e.chksum != p.chksum) 1672assert(e.proto == socket.IPPROTO_ESP) 1673assert(e.haslayer(ESP)) 1674assert(not e.haslayer(TCP)) 1675assert(e[ESP].spi == sa.spi) 1676* after encryption the original packet payload should NOT be readable 1677assert(b'testdata' not in e[ESP].data) 1678 1679* simulate the alteration of the packet before decryption 1680e[ESP].seq += 1 1681 1682* integrity verification should fail 1683try: 1684 d = sa.decrypt(e) 1685 assert(False) 1686except IPSecIntegrityError as err: 1687 err 1688 1689####################################### 1690= IPv4 / ESP - Tunnel - AES-CBC - HMAC-SHA1-96 1691 1692p = IP(src='1.1.1.1', dst='2.2.2.2') 1693p /= TCP(sport=45012, dport=80) 1694p /= Raw('testdata') 1695p = IP(raw(p)) 1696p 1697 1698sa = SecurityAssociation(ESP, spi=0x222, 1699 crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key', 1700 auth_algo='HMAC-SHA1-96', auth_key=b'secret key', 1701 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1702 1703e = sa.encrypt(p) 1704e 1705 1706assert(isinstance(e, IP)) 1707* after encryption packet should be encapsulated with the given ip tunnel header 1708assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1709assert(e.chksum != p.chksum) 1710assert(e.proto == socket.IPPROTO_ESP) 1711assert(e.haslayer(ESP)) 1712assert(not e.haslayer(TCP)) 1713assert(e[ESP].spi == sa.spi) 1714* after encryption the original packet payload should NOT be readable 1715assert(b'testdata' not in e[ESP].data) 1716 1717d = sa.decrypt(e) 1718d 1719 1720* after decryption the original packet payload should be unaltered 1721assert(d[TCP] == p[TCP]) 1722 1723####################################### 1724= IPv4 / ESP - Tunnel - AES-CBC - HMAC-SHA1-96 - altered packet 1725 1726p = IP(src='1.1.1.1', dst='2.2.2.2') 1727p /= TCP(sport=45012, dport=80) 1728p /= Raw('testdata') 1729p = IP(raw(p)) 1730p 1731 1732sa = SecurityAssociation(ESP, spi=0x222, 1733 crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key', 1734 auth_algo='HMAC-SHA1-96', auth_key=b'secret key', 1735 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1736 1737e = sa.encrypt(p) 1738e 1739 1740assert(isinstance(e, IP)) 1741* after encryption packet should be encapsulated with the given ip tunnel header 1742assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1743assert(e.chksum != p.chksum) 1744assert(e.proto == socket.IPPROTO_ESP) 1745assert(e.haslayer(ESP)) 1746assert(not e.haslayer(TCP)) 1747assert(e[ESP].spi == sa.spi) 1748* after encryption the original packet payload should NOT be readable 1749assert(b'testdata' not in e[ESP].data) 1750 1751* simulate the alteration of the packet before decryption 1752e[ESP].seq += 1 1753 1754* integrity verification should fail 1755try: 1756 d = sa.decrypt(e) 1757 assert(False) 1758except IPSecIntegrityError as err: 1759 err 1760 1761####################################### 1762= IPv4 / ESP - Tunnel - AES-GCM - NULL 1763 1764p = IP(src='1.1.1.1', dst='2.2.2.2') 1765p /= TCP(sport=45012, dport=80) 1766p /= Raw('testdata') 1767p = IP(raw(p)) 1768p 1769 1770sa = SecurityAssociation(ESP, spi=0x222, 1771 crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce', 1772 auth_algo='NULL', auth_key=None, 1773 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1774 1775e = sa.encrypt(p) 1776e 1777 1778assert(isinstance(e, IP)) 1779* after encryption packet should be encapsulated with the given ip tunnel header 1780assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1781assert(e.chksum != p.chksum) 1782assert(e.proto == socket.IPPROTO_ESP) 1783assert(e.haslayer(ESP)) 1784assert(not e.haslayer(TCP)) 1785assert(e[ESP].spi == sa.spi) 1786* after encryption the original packet payload should NOT be readable 1787assert(b'testdata' not in e[ESP].data) 1788 1789d = sa.decrypt(e) 1790d 1791 1792* after decryption original packet should be preserved 1793assert(d[TCP] == p[TCP]) 1794 1795####################################### 1796= IPv4 / ESP - Tunnel - AES-GCM - NULL - altered packet 1797 1798p = IP(src='1.1.1.1', dst='2.2.2.2') 1799p /= TCP(sport=45012, dport=80) 1800p /= Raw('testdata') 1801p = IP(raw(p)) 1802p 1803 1804sa = SecurityAssociation(ESP, spi=0x222, 1805 crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce', 1806 auth_algo='NULL', auth_key=None, 1807 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1808 1809e = sa.encrypt(p) 1810e 1811 1812assert(isinstance(e, IP)) 1813* after encryption packet should be encapsulated with the given ip tunnel header 1814assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1815assert(e.chksum != p.chksum) 1816assert(e.proto == socket.IPPROTO_ESP) 1817assert(e.haslayer(ESP)) 1818assert(not e.haslayer(TCP)) 1819assert(e[ESP].spi == sa.spi) 1820* after encryption the original packet payload should NOT be readable 1821assert(b'testdata' not in e[ESP].data) 1822 1823* simulate the alteration of the packet before decryption 1824e[ESP].seq += 1 1825 1826* integrity verification should fail 1827try: 1828 d = sa.decrypt(e) 1829 assert(False) 1830except IPSecIntegrityError as err: 1831 err 1832 1833####################################### 1834= IPv4 / ESP - Tunnel - AES-CCM - NULL 1835~ crypto_advanced 1836 1837p = IP(src='1.1.1.1', dst='2.2.2.2') 1838p /= TCP(sport=45012, dport=80) 1839p /= Raw('testdata') 1840p = IP(raw(p)) 1841p 1842 1843sa = SecurityAssociation(ESP, spi=0x222, 1844 crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce', 1845 auth_algo='NULL', auth_key=None, 1846 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1847 1848e = sa.encrypt(p) 1849e 1850 1851assert(isinstance(e, IP)) 1852* after encryption packet should be encapsulated with the given ip tunnel header 1853assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1854assert(e.chksum != p.chksum) 1855assert(e.proto == socket.IPPROTO_ESP) 1856assert(e.haslayer(ESP)) 1857assert(not e.haslayer(TCP)) 1858assert(e[ESP].spi == sa.spi) 1859* after encryption the original packet payload should NOT be readable 1860assert(b'testdata' not in e[ESP].data) 1861 1862d = sa.decrypt(e) 1863d 1864 1865* after decryption original packet should be preserved 1866assert(d == p) 1867 1868####################################### 1869= IPv4 / ESP - Tunnel - AES-CCM - NULL 1870~ crypto_advanced 1871 1872p = IP(src='1.1.1.1', dst='2.2.2.2') 1873p /= TCP(sport=45012, dport=80) 1874p /= Raw('testdata') 1875p = IP(raw(p)) 1876p 1877 1878sa = SecurityAssociation(ESP, spi=0x222, 1879 crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce', 1880 auth_algo='NULL', auth_key=None, 1881 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 1882 1883e = sa.encrypt(p) 1884e 1885 1886assert(isinstance(e, IP)) 1887* after encryption packet should be encapsulated with the given ip tunnel header 1888assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 1889assert(e.chksum != p.chksum) 1890assert(e.proto == socket.IPPROTO_ESP) 1891assert(e.haslayer(ESP)) 1892assert(not e.haslayer(TCP)) 1893assert(e[ESP].spi == sa.spi) 1894* after encryption the original packet payload should NOT be readable 1895assert(b'testdata' not in e[ESP].data) 1896 1897* simulate the alteration of the packet before decryption 1898e[ESP].seq += 1 1899 1900* integrity verification should fail 1901try: 1902 d = sa.decrypt(e) 1903 assert(False) 1904except IPSecIntegrityError as err: 1905 err 1906 1907############################################################################### 1908+ IPv4 / AH - Transport 1909 1910####################################### 1911= IPv4 / AH - Transport - HMAC-SHA1-96 1912 1913p = IP(src='1.1.1.1', dst='2.2.2.2') 1914p /= TCP(sport=45012, dport=80) 1915p /= Raw('testdata') 1916p = IP(raw(p)) 1917p 1918 1919sa = SecurityAssociation(AH, spi=0x222, 1920 auth_algo='HMAC-SHA1-96', auth_key=b'sixteenbytes key') 1921 1922e = sa.encrypt(p) 1923e 1924 1925assert(isinstance(e, IP)) 1926assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 1927assert(e.chksum != p.chksum) 1928* the encrypted packet should have an AH layer 1929assert(e.proto == socket.IPPROTO_AH) 1930assert(e.haslayer(AH)) 1931assert(e.haslayer(TCP)) 1932assert(e[AH].spi == sa.spi) 1933 1934* alter mutable fields in the packet 1935e.ttl = 2 1936 1937* integrity verification should pass 1938d = sa.decrypt(e) 1939d 1940 1941* after decryption the original packet payload should be unaltered 1942assert(d[TCP] == p[TCP]) 1943 1944####################################### 1945= IPv4 / AH - Transport - HMAC-SHA1-96 - altered packet 1946 1947p = IP(src='1.1.1.1', dst='2.2.2.2') 1948p /= TCP(sport=45012, dport=80) 1949p /= Raw('testdata') 1950p = IP(raw(p)) 1951p 1952 1953sa = SecurityAssociation(AH, spi=0x222, 1954 auth_algo='HMAC-SHA1-96', auth_key=b'sixteenbytes key') 1955 1956e = sa.encrypt(p) 1957e 1958 1959assert(isinstance(e, IP)) 1960assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 1961assert(e.chksum != p.chksum) 1962* the encrypted packet should have an AH layer 1963assert(e.proto == socket.IPPROTO_AH) 1964assert(e.haslayer(AH)) 1965assert(e.haslayer(TCP)) 1966assert(e[AH].spi == sa.spi) 1967 1968* simulate the alteration of the packet before decryption 1969e[TCP].sport = 5 1970 1971* integrity verification should fail 1972try: 1973 d = sa.decrypt(e) 1974 assert(False) 1975except IPSecIntegrityError as err: 1976 err 1977 1978####################################### 1979= IPv4 / AH - Transport - SHA2-256-128 1980 1981p = IP(src='1.1.1.1', dst='2.2.2.2') 1982p /= TCP(sport=45012, dport=80) 1983p /= Raw('testdata') 1984p = IP(raw(p)) 1985p 1986 1987sa = SecurityAssociation(AH, spi=0x222, 1988 auth_algo='SHA2-256-128', auth_key=b'secret key') 1989 1990e = sa.encrypt(p) 1991e 1992 1993assert(isinstance(e, IP)) 1994assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 1995assert(e.chksum != p.chksum) 1996* the encrypted packet should have an AH layer 1997assert(e.proto == socket.IPPROTO_AH) 1998assert(e.haslayer(AH)) 1999assert(e.haslayer(TCP)) 2000assert(e[AH].spi == sa.spi) 2001 2002* alter mutable fields in the packet 2003e.ttl = 2 2004 2005* integrity verification should pass 2006d = sa.decrypt(e) 2007d 2008 2009* after decryption the original packet should be unaltered 2010assert(d[TCP] == p[TCP]) 2011 2012####################################### 2013= IPv4 / AH - Transport - SHA2-256-128 - altered packet 2014 2015p = IP(src='1.1.1.1', dst='2.2.2.2') 2016p /= TCP(sport=45012, dport=80) 2017p /= Raw('testdata') 2018p = IP(raw(p)) 2019p 2020 2021sa = SecurityAssociation(AH, spi=0x222, 2022 auth_algo='SHA2-256-128', auth_key=b'secret key') 2023 2024e = sa.encrypt(p) 2025e 2026 2027assert(isinstance(e, IP)) 2028assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 2029assert(e.chksum != p.chksum) 2030* the encrypted packet should have an AH layer 2031assert(e.proto == socket.IPPROTO_AH) 2032assert(e.haslayer(AH)) 2033assert(e.haslayer(TCP)) 2034assert(e[AH].spi == sa.spi) 2035 2036* simulate the alteration of the packet before verification 2037e[TCP].dport = 46 2038 2039* integrity verification should fail 2040try: 2041 d = sa.decrypt(e) 2042 assert(False) 2043except IPSecIntegrityError as err: 2044 err 2045 2046####################################### 2047= IPv4 / AH - Transport - SHA2-384-192 2048 2049p = IP(src='1.1.1.1', dst='2.2.2.2') 2050p /= TCP(sport=45012, dport=80) 2051p /= Raw('testdata') 2052p = IP(raw(p)) 2053p 2054 2055sa = SecurityAssociation(AH, spi=0x222, 2056 auth_algo='SHA2-384-192', auth_key=b'secret key') 2057 2058e = sa.encrypt(p) 2059e 2060 2061assert(isinstance(e, IP)) 2062assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 2063assert(e.chksum != p.chksum) 2064* the encrypted packet should have an AH layer 2065assert(e.proto == socket.IPPROTO_AH) 2066assert(e.haslayer(AH)) 2067assert(e.haslayer(TCP)) 2068assert(e[AH].spi == sa.spi) 2069 2070* alter mutable fields in the packet 2071e.ttl = 2 2072 2073* integrity verification should pass 2074d = sa.decrypt(e) 2075d 2076 2077* after decryption the original packet should be unaltered 2078assert(d[TCP] == p[TCP]) 2079 2080####################################### 2081= IPv4 / AH - Transport - SHA2-384-192 - altered packet 2082 2083p = IP(src='1.1.1.1', dst='2.2.2.2') 2084p /= TCP(sport=45012, dport=80) 2085p /= Raw('testdata') 2086p = IP(raw(p)) 2087p 2088 2089sa = SecurityAssociation(AH, spi=0x222, 2090 auth_algo='SHA2-384-192', auth_key=b'secret key') 2091 2092e = sa.encrypt(p) 2093e 2094 2095assert(isinstance(e, IP)) 2096assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 2097assert(e.chksum != p.chksum) 2098* the encrypted packet should have an AH layer 2099assert(e.proto == socket.IPPROTO_AH) 2100assert(e.haslayer(AH)) 2101assert(e.haslayer(TCP)) 2102assert(e[AH].spi == sa.spi) 2103 2104* simulate the alteration of the packet before verification 2105e[TCP].dport = 46 2106 2107* integrity verification should fail 2108try: 2109 d = sa.decrypt(e) 2110 assert(False) 2111except IPSecIntegrityError as err: 2112 err 2113 2114####################################### 2115= IPv4 / AH - Transport - SHA2-512-256 2116 2117p = IP(src='1.1.1.1', dst='2.2.2.2') 2118p /= TCP(sport=45012, dport=80) 2119p /= Raw('testdata') 2120p = IP(raw(p)) 2121p 2122 2123sa = SecurityAssociation(AH, spi=0x222, 2124 auth_algo='SHA2-512-256', auth_key=b'secret key') 2125 2126e = sa.encrypt(p) 2127e 2128 2129assert(isinstance(e, IP)) 2130assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 2131assert(e.chksum != p.chksum) 2132* the encrypted packet should have an AH layer 2133assert(e.proto == socket.IPPROTO_AH) 2134assert(e.haslayer(AH)) 2135assert(e.haslayer(TCP)) 2136assert(e[AH].spi == sa.spi) 2137 2138* alter mutable fields in the packet 2139e.ttl = 2 2140 2141* integrity verification should pass 2142d = sa.decrypt(e) 2143d 2144 2145* after decryption the original packet should be unaltered 2146assert(d[TCP] == p[TCP]) 2147 2148####################################### 2149= IPv4 / AH - Transport - SHA2-512-256 - altered packet 2150 2151p = IP(src='1.1.1.1', dst='2.2.2.2') 2152p /= TCP(sport=45012, dport=80) 2153p /= Raw('testdata') 2154p = IP(raw(p)) 2155p 2156 2157sa = SecurityAssociation(AH, spi=0x222, 2158 auth_algo='SHA2-512-256', auth_key=b'secret key') 2159 2160e = sa.encrypt(p) 2161e 2162 2163assert(isinstance(e, IP)) 2164assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 2165assert(e.chksum != p.chksum) 2166* the encrypted packet should have an AH layer 2167assert(e.proto == socket.IPPROTO_AH) 2168assert(e.haslayer(AH)) 2169assert(e.haslayer(TCP)) 2170assert(e[AH].spi == sa.spi) 2171 2172* simulate the alteration of the packet before verification 2173e[TCP].dport = 46 2174 2175* integrity verification should fail 2176try: 2177 d = sa.decrypt(e) 2178 assert(False) 2179except IPSecIntegrityError as err: 2180 err 2181 2182####################################### 2183= IPv4 / AH - Transport - HMAC-MD5-96 2184 2185p = IP(src='1.1.1.1', dst='2.2.2.2') 2186p /= TCP(sport=45012, dport=80) 2187p /= Raw('testdata') 2188p = IP(raw(p)) 2189p 2190 2191sa = SecurityAssociation(AH, spi=0x222, 2192 auth_algo='HMAC-MD5-96', auth_key=b'secret key') 2193 2194e = sa.encrypt(p) 2195e 2196 2197assert(isinstance(e, IP)) 2198assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 2199assert(e.chksum != p.chksum) 2200* the encrypted packet should have an AH layer 2201assert(e.proto == socket.IPPROTO_AH) 2202assert(e.haslayer(AH)) 2203assert(e.haslayer(TCP)) 2204assert(e[AH].spi == sa.spi) 2205 2206* alter mutable fields in the packet 2207e.ttl = 2 2208 2209* integrity verification should pass 2210d = sa.decrypt(e) 2211d 2212 2213* after decryption the original packet should be unaltered 2214assert(d[TCP] == p[TCP]) 2215 2216####################################### 2217= IPv4 / AH - Transport - HMAC-MD5-96 - altered packet 2218 2219p = IP(src='1.1.1.1', dst='2.2.2.2') 2220p /= TCP(sport=45012, dport=80) 2221p /= Raw('testdata') 2222p = IP(raw(p)) 2223p 2224 2225sa = SecurityAssociation(AH, spi=0x222, 2226 auth_algo='HMAC-MD5-96', auth_key=b'secret key') 2227 2228e = sa.encrypt(p) 2229e 2230 2231assert(isinstance(e, IP)) 2232assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 2233assert(e.chksum != p.chksum) 2234* the encrypted packet should have an AH layer 2235assert(e.proto == socket.IPPROTO_AH) 2236assert(e.haslayer(AH)) 2237assert(e.haslayer(TCP)) 2238assert(e[AH].spi == sa.spi) 2239 2240* simulate the alteration of the packet before verification 2241e[TCP].dport = 46 2242 2243* integrity verification should fail 2244try: 2245 d = sa.decrypt(e) 2246 assert(False) 2247except IPSecIntegrityError as err: 2248 err 2249 2250####################################### 2251= IPv4 / AH - Transport - AES-CMAC-96 2252 2253p = IP(src='1.1.1.1', dst='2.2.2.2') 2254p /= TCP(sport=45012, dport=80) 2255p /= Raw('testdata') 2256p = IP(raw(p)) 2257p 2258 2259sa = SecurityAssociation(AH, spi=0x222, 2260 auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key') 2261 2262e = sa.encrypt(p) 2263e 2264 2265assert(isinstance(e, IP)) 2266assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 2267assert(e.chksum != p.chksum) 2268* the encrypted packet should have an AH layer 2269assert(e.proto == socket.IPPROTO_AH) 2270assert(e.haslayer(AH)) 2271assert(e.haslayer(TCP)) 2272assert(e[AH].spi == sa.spi) 2273 2274* alter mutable fields in the packet 2275e.ttl = 2 2276 2277* integrity verification should pass 2278d = sa.decrypt(e) 2279d 2280 2281* after decryption the original packet should be unaltered 2282assert(d[TCP] == p[TCP]) 2283 2284####################################### 2285= IPv4 / AH - Transport - AES-CMAC-96 - altered packet 2286 2287p = IP(src='1.1.1.1', dst='2.2.2.2') 2288p /= TCP(sport=45012, dport=80) 2289p /= Raw('testdata') 2290p = IP(raw(p)) 2291p 2292 2293sa = SecurityAssociation(AH, spi=0x222, 2294 auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key') 2295 2296e = sa.encrypt(p) 2297e 2298 2299assert(isinstance(e, IP)) 2300assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') 2301assert(e.chksum != p.chksum) 2302* the encrypted packet should have an AH layer 2303assert(e.proto == socket.IPPROTO_AH) 2304assert(e.haslayer(AH)) 2305assert(e.haslayer(TCP)) 2306assert(e[AH].spi == sa.spi) 2307 2308* simulate the alteration of the packet before verification 2309e[TCP].dport = 46 2310 2311* integrity verification should fail 2312try: 2313 d = sa.decrypt(e) 2314 assert(False) 2315except IPSecIntegrityError as err: 2316 err 2317 2318############################################################################### 2319+ IPv4 / AH - Tunnel 2320 2321####################################### 2322= IPv4 / AH - Tunnel - HMAC-SHA1-96 2323 2324p = IP(src='1.1.1.1', dst='2.2.2.2') 2325p /= TCP(sport=45012, dport=80) 2326p /= Raw('testdata') 2327p = IP(raw(p)) 2328p 2329 2330sa = SecurityAssociation(AH, spi=0x222, 2331 auth_algo='HMAC-SHA1-96', auth_key=b'secret key', 2332 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 2333 2334e = sa.encrypt(p) 2335e 2336 2337assert(isinstance(e, IP)) 2338assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 2339assert(e.chksum != p.chksum) 2340assert(e.proto == socket.IPPROTO_AH) 2341assert(e.haslayer(AH)) 2342assert(e.haslayer(TCP)) 2343assert(e[AH].spi == sa.spi) 2344 2345* alter mutable fields in the packet 2346e.ttl = 2 2347 2348* integrity verification should pass 2349d = sa.decrypt(e) 2350d 2351 2352* after decryption the original packet payload should be unaltered 2353assert(d[TCP] == p[TCP]) 2354 2355####################################### 2356= IPv4 / AH - Tunnel - HMAC-SHA1-96 - altered packet 2357 2358p = IP(src='1.1.1.1', dst='2.2.2.2') 2359p /= TCP(sport=45012, dport=80) 2360p /= Raw('testdata') 2361p = IP(raw(p)) 2362p 2363 2364sa = SecurityAssociation(AH, spi=0x222, 2365 auth_algo='HMAC-SHA1-96', auth_key=b'secret key', 2366 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 2367 2368e = sa.encrypt(p) 2369e 2370 2371assert(isinstance(e, IP)) 2372assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 2373assert(e.chksum != p.chksum) 2374assert(e.proto == socket.IPPROTO_AH) 2375assert(e.haslayer(AH)) 2376assert(e.haslayer(TCP)) 2377assert(e[AH].spi == sa.spi) 2378 2379* simulate the alteration of the packet before verification 2380e.dst = '4.4.4.4' 2381 2382* integrity verification should fail 2383try: 2384 d = sa.decrypt(e) 2385 assert(False) 2386except IPSecIntegrityError as err: 2387 err 2388 2389####################################### 2390= IPv4 / AH - Tunnel - SHA2-256-128 2391 2392p = IP(src='1.1.1.1', dst='2.2.2.2') 2393p /= TCP(sport=45012, dport=80) 2394p /= Raw('testdata') 2395p = IP(raw(p)) 2396p 2397 2398sa = SecurityAssociation(AH, spi=0x222, 2399 auth_algo='SHA2-256-128', auth_key=b'secret key', 2400 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 2401 2402e = sa.encrypt(p) 2403e 2404 2405assert(isinstance(e, IP)) 2406assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 2407assert(e.chksum != p.chksum) 2408assert(e.proto == socket.IPPROTO_AH) 2409assert(e.haslayer(AH)) 2410assert(e.haslayer(TCP)) 2411assert(e[AH].spi == sa.spi) 2412 2413* alter mutable fields in the packet 2414e.ttl = 2 2415 2416* integrity verification should pass 2417d = sa.decrypt(e) 2418d 2419 2420* after decryption the original packet should be unaltered 2421assert(d == p) 2422 2423####################################### 2424= IPv4 / AH - Tunnel - SHA2-256-128 - altered packet 2425 2426p = IP(src='1.1.1.1', dst='2.2.2.2') 2427p /= TCP(sport=45012, dport=80) 2428p /= Raw('testdata') 2429p = IP(raw(p)) 2430p 2431 2432sa = SecurityAssociation(AH, spi=0x222, 2433 auth_algo='SHA2-256-128', auth_key=b'secret key', 2434 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 2435 2436e = sa.encrypt(p) 2437e 2438 2439assert(isinstance(e, IP)) 2440assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 2441assert(e.chksum != p.chksum) 2442assert(e.proto == socket.IPPROTO_AH) 2443assert(e.haslayer(AH)) 2444assert(e.haslayer(TCP)) 2445assert(e[AH].spi == sa.spi) 2446 2447* simulate the alteration of the packet before verification 2448e.dst = '4.4.4.4' 2449 2450* integrity verification should fail 2451try: 2452 d = sa.decrypt(e) 2453 assert(False) 2454except IPSecIntegrityError as err: 2455 err 2456 2457####################################### 2458= IPv4 / AH - Tunnel - SHA2-384-192 2459 2460p = IP(src='1.1.1.1', dst='2.2.2.2') 2461p /= TCP(sport=45012, dport=80) 2462p /= Raw('testdata') 2463p = IP(raw(p)) 2464p 2465 2466sa = SecurityAssociation(AH, spi=0x222, 2467 auth_algo='SHA2-384-192', auth_key=b'secret key', 2468 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 2469 2470e = sa.encrypt(p) 2471e 2472 2473assert(isinstance(e, IP)) 2474assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 2475assert(e.chksum != p.chksum) 2476assert(e.proto == socket.IPPROTO_AH) 2477assert(e.haslayer(AH)) 2478assert(e.haslayer(TCP)) 2479assert(e[AH].spi == sa.spi) 2480 2481* alter mutable fields in the packet 2482e.ttl = 2 2483 2484* integrity verification should pass 2485d = sa.decrypt(e) 2486d 2487 2488* after decryption the original packet should be unaltered 2489assert(d == p) 2490 2491####################################### 2492= IPv4 / AH - Tunnel - SHA2-384-192 - altered packet 2493 2494p = IP(src='1.1.1.1', dst='2.2.2.2') 2495p /= TCP(sport=45012, dport=80) 2496p /= Raw('testdata') 2497p = IP(raw(p)) 2498p 2499 2500sa = SecurityAssociation(AH, spi=0x222, 2501 auth_algo='SHA2-384-192', auth_key=b'secret key', 2502 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 2503 2504e = sa.encrypt(p) 2505e 2506 2507assert(isinstance(e, IP)) 2508assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 2509assert(e.chksum != p.chksum) 2510assert(e.proto == socket.IPPROTO_AH) 2511assert(e.haslayer(AH)) 2512assert(e.haslayer(TCP)) 2513assert(e[AH].spi == sa.spi) 2514 2515* simulate the alteration of the packet before verification 2516e.dst = '4.4.4.4' 2517 2518* integrity verification should fail 2519try: 2520 d = sa.decrypt(e) 2521 assert(False) 2522except IPSecIntegrityError as err: 2523 err 2524 2525####################################### 2526= IPv4 / AH - Tunnel - SHA2-512-256 2527 2528p = IP(src='1.1.1.1', dst='2.2.2.2') 2529p /= TCP(sport=45012, dport=80) 2530p /= Raw('testdata') 2531p = IP(raw(p)) 2532p 2533 2534sa = SecurityAssociation(AH, spi=0x222, 2535 auth_algo='SHA2-512-256', auth_key=b'secret key', 2536 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 2537 2538e = sa.encrypt(p) 2539e 2540 2541assert(isinstance(e, IP)) 2542assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 2543assert(e.chksum != p.chksum) 2544assert(e.proto == socket.IPPROTO_AH) 2545assert(e.haslayer(AH)) 2546assert(e.haslayer(TCP)) 2547assert(e[AH].spi == sa.spi) 2548 2549* alter mutable fields in the packet 2550e.ttl = 2 2551 2552* integrity verification should pass 2553d = sa.decrypt(e) 2554d 2555 2556* after decryption the original packet should be unaltered 2557assert(d == p) 2558 2559####################################### 2560= IPv4 / AH - Tunnel - SHA2-512-256 - altered packet 2561 2562p = IP(src='1.1.1.1', dst='2.2.2.2') 2563p /= TCP(sport=45012, dport=80) 2564p /= Raw('testdata') 2565p = IP(raw(p)) 2566p 2567 2568sa = SecurityAssociation(AH, spi=0x222, 2569 auth_algo='SHA2-512-256', auth_key=b'secret key', 2570 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 2571 2572e = sa.encrypt(p) 2573e 2574 2575assert(isinstance(e, IP)) 2576assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 2577assert(e.chksum != p.chksum) 2578assert(e.proto == socket.IPPROTO_AH) 2579assert(e.haslayer(AH)) 2580assert(e.haslayer(TCP)) 2581assert(e[AH].spi == sa.spi) 2582 2583* simulate the alteration of the packet before verification 2584e.dst = '4.4.4.4' 2585 2586* integrity verification should fail 2587try: 2588 d = sa.decrypt(e) 2589 assert(False) 2590except IPSecIntegrityError as err: 2591 err 2592 2593####################################### 2594= IPv4 / AH - Tunnel - HMAC-MD5-96 2595 2596p = IP(src='1.1.1.1', dst='2.2.2.2') 2597p /= TCP(sport=45012, dport=80) 2598p /= Raw('testdata') 2599p = IP(raw(p)) 2600p 2601 2602sa = SecurityAssociation(AH, spi=0x222, 2603 auth_algo='HMAC-MD5-96', auth_key=b'secret key', 2604 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 2605 2606e = sa.encrypt(p) 2607e 2608 2609assert(isinstance(e, IP)) 2610assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 2611assert(e.chksum != p.chksum) 2612assert(e.proto == socket.IPPROTO_AH) 2613assert(e.haslayer(AH)) 2614assert(e.haslayer(TCP)) 2615assert(e[AH].spi == sa.spi) 2616 2617* alter mutable fields in the packet 2618e.ttl = 2 2619 2620* integrity verification should pass 2621d = sa.decrypt(e) 2622d 2623 2624* after decryption the original packet should be unaltered 2625assert(d == p) 2626 2627####################################### 2628= IPv4 / AH - Tunnel - HMAC-MD5-96 - altered packet 2629 2630p = IP(src='1.1.1.1', dst='2.2.2.2') 2631p /= TCP(sport=45012, dport=80) 2632p /= Raw('testdata') 2633p = IP(raw(p)) 2634p 2635 2636sa = SecurityAssociation(AH, spi=0x222, 2637 auth_algo='HMAC-MD5-96', auth_key=b'secret key', 2638 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 2639 2640e = sa.encrypt(p) 2641e 2642 2643assert(isinstance(e, IP)) 2644assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 2645assert(e.chksum != p.chksum) 2646assert(e.proto == socket.IPPROTO_AH) 2647assert(e.haslayer(AH)) 2648assert(e.haslayer(TCP)) 2649assert(e[AH].spi == sa.spi) 2650 2651* simulate the alteration of the packet before verification 2652e.dst = '4.4.4.4' 2653 2654* integrity verification should fail 2655try: 2656 d = sa.decrypt(e) 2657 assert(False) 2658except IPSecIntegrityError as err: 2659 err 2660 2661####################################### 2662= IPv4 / AH - Tunnel - AES-CMAC-96 2663 2664p = IP(src='1.1.1.1', dst='2.2.2.2') 2665p /= TCP(sport=45012, dport=80) 2666p /= Raw('testdata') 2667p = IP(raw(p)) 2668p 2669 2670sa = SecurityAssociation(AH, spi=0x222, 2671 auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key', 2672 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 2673 2674e = sa.encrypt(p) 2675e 2676 2677assert(isinstance(e, IP)) 2678assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 2679assert(e.chksum != p.chksum) 2680assert(e.proto == socket.IPPROTO_AH) 2681assert(e.haslayer(AH)) 2682assert(e.haslayer(TCP)) 2683assert(e[AH].spi == sa.spi) 2684 2685* alter mutable fields in the packet 2686e.ttl = 2 2687 2688* integrity verification should pass 2689d = sa.decrypt(e) 2690d 2691 2692* after decryption the original packet should be unaltered 2693assert(d == p) 2694 2695####################################### 2696= IPv4 / AH - Tunnel - AES-CMAC-96 - altered packet 2697 2698p = IP(src='1.1.1.1', dst='2.2.2.2') 2699p /= TCP(sport=45012, dport=80) 2700p /= Raw('testdata') 2701p = IP(raw(p)) 2702p 2703 2704sa = SecurityAssociation(AH, spi=0x222, 2705 auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key', 2706 tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) 2707 2708e = sa.encrypt(p) 2709e 2710 2711assert(isinstance(e, IP)) 2712assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') 2713assert(e.chksum != p.chksum) 2714assert(e.proto == socket.IPPROTO_AH) 2715assert(e.haslayer(AH)) 2716assert(e.haslayer(TCP)) 2717assert(e[AH].spi == sa.spi) 2718 2719* simulate the alteration of the packet before verification 2720e.dst = '4.4.4.4' 2721 2722* integrity verification should fail 2723try: 2724 d = sa.decrypt(e) 2725 assert(False) 2726except IPSecIntegrityError as err: 2727 err 2728 2729############################################################################### 2730+ IPv6 / ESP 2731 2732####################################### 2733= IPv6 / ESP - Transport - NULL - NULL 2734~ -crypto 2735 2736p = IPv6(src='11::22', dst='22::11') 2737p /= TCP(sport=45012, dport=80) 2738p /= Raw('testdata') 2739p = IPv6(raw(p)) 2740p 2741 2742sa = SecurityAssociation(ESP, spi=0x222, 2743 crypt_algo='NULL', crypt_key=None, 2744 auth_algo='NULL', auth_key=None) 2745 2746e = sa.encrypt(p) 2747e 2748 2749assert(isinstance(e, IPv6)) 2750assert(e.src == '11::22' and e.dst == '22::11') 2751assert(e.nh == socket.IPPROTO_ESP) 2752assert(e.haslayer(ESP)) 2753assert(not e.haslayer(TCP)) 2754assert(e[ESP].spi == sa.spi) 2755assert(b'testdata' in e[ESP].data) 2756 2757d = sa.decrypt(e) 2758d 2759 2760* after decryption the original packet payload should be unaltered 2761assert(d[TCP] == p[TCP]) 2762 2763####################################### 2764= IPv6 / ESP - Transport - AES-CBC - NULL 2765 2766p = IPv6(src='11::22', dst='22::11') 2767p /= TCP(sport=45012, dport=80) 2768p /= Raw('testdata') 2769p = IPv6(raw(p)) 2770p 2771 2772sa = SecurityAssociation(ESP, spi=0x222, 2773 crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key', 2774 auth_algo='NULL', auth_key=None) 2775 2776e = sa.encrypt(p) 2777e 2778 2779assert(isinstance(e, IPv6)) 2780assert(e.src == '11::22' and e.dst == '22::11') 2781assert(e.nh == socket.IPPROTO_ESP) 2782assert(e.haslayer(ESP)) 2783assert(not e.haslayer(TCP)) 2784assert(e[ESP].spi == sa.spi) 2785* after encryption the original packet payload should NOT be readable 2786assert(b'testdata' not in e[ESP].data) 2787 2788d = sa.decrypt(e) 2789d 2790 2791* after decryption the original packet payload should be unaltered 2792assert(d[TCP] == p[TCP]) 2793 2794####################################### 2795= IPv6 / ESP - Transport - NULL - HMAC-SHA1-96 2796 2797p = IPv6(src='11::22', dst='22::11') 2798p /= TCP(sport=45012, dport=80) 2799p /= Raw('testdata') 2800p = IPv6(raw(p)) 2801p 2802 2803sa = SecurityAssociation(ESP, spi=0x222, 2804 crypt_algo='NULL', crypt_key=None, 2805 auth_algo='HMAC-SHA1-96', auth_key=b'secret key') 2806 2807e = sa.encrypt(p) 2808e 2809 2810assert(isinstance(e, IPv6)) 2811assert(e.src == '11::22' and e.dst == '22::11') 2812assert(e.nh == socket.IPPROTO_ESP) 2813assert(e.haslayer(ESP)) 2814assert(not e.haslayer(TCP)) 2815assert(e[ESP].spi == sa.spi) 2816assert(b'testdata' in e[ESP].data) 2817 2818* integrity verification should pass 2819d = sa.decrypt(e) 2820 2821* after decryption the original packet payload should be unaltered 2822assert(d[TCP] == p[TCP]) 2823 2824####################################### 2825= IPv6 / ESP - Transport - NULL - HMAC-SHA1-96 - altered packet 2826 2827p = IPv6(src='11::22', dst='22::11') 2828p /= TCP(sport=45012, dport=80) 2829p /= Raw('testdata') 2830p = IPv6(raw(p)) 2831p 2832 2833sa = SecurityAssociation(ESP, spi=0x222, 2834 crypt_algo='NULL', crypt_key=None, 2835 auth_algo='HMAC-SHA1-96', auth_key=b'secret key') 2836 2837e = sa.encrypt(p) 2838e 2839 2840assert(isinstance(e, IPv6)) 2841assert(e.src == '11::22' and e.dst == '22::11') 2842assert(e.nh == socket.IPPROTO_ESP) 2843assert(e.haslayer(ESP)) 2844assert(not e.haslayer(TCP)) 2845assert(e[ESP].spi == sa.spi) 2846assert(b'testdata' in e[ESP].data) 2847 2848* simulate the alteration of the packet before decryption 2849e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 2850 2851* integrity verification should fail 2852try: 2853 d = sa.decrypt(e) 2854 assert(False) 2855except IPSecIntegrityError as err: 2856 err 2857 2858####################################### 2859= IPv6 / ESP - Transport - AES-CBC - HMAC-SHA1-96 2860 2861p = IPv6(src='11::22', dst='22::11') 2862p /= TCP(sport=45012, dport=80) 2863p /= Raw('testdata') 2864p = IPv6(raw(p)) 2865p 2866 2867sa = SecurityAssociation(ESP, spi=0x222, 2868 crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key', 2869 auth_algo='HMAC-SHA1-96', auth_key=b'secret key') 2870 2871e = sa.encrypt(p) 2872e 2873 2874assert(isinstance(e, IPv6)) 2875assert(e.src == '11::22' and e.dst == '22::11') 2876assert(e.nh == socket.IPPROTO_ESP) 2877assert(e.haslayer(ESP)) 2878assert(not e.haslayer(TCP)) 2879assert(e[ESP].spi == sa.spi) 2880* after encryption the original packet payload should NOT be readable 2881assert(b'testdata' not in e[ESP].data) 2882 2883d = sa.decrypt(e) 2884d 2885 2886* after decryption the original packet payload should be unaltered 2887assert(d[TCP] == p[TCP]) 2888 2889####################################### 2890= IPv6 / ESP - Transport - AES-CBC - HMAC-SHA1-96 - altered packet 2891 2892p = IPv6(src='11::22', dst='22::11') 2893p /= TCP(sport=45012, dport=80) 2894p /= Raw('testdata') 2895p = IPv6(raw(p)) 2896p 2897 2898sa = SecurityAssociation(ESP, spi=0x222, 2899 crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key', 2900 auth_algo='HMAC-SHA1-96', auth_key=b'secret key') 2901 2902e = sa.encrypt(p) 2903e 2904 2905assert(isinstance(e, IPv6)) 2906assert(e.src == '11::22' and e.dst == '22::11') 2907assert(e.nh == socket.IPPROTO_ESP) 2908assert(e.haslayer(ESP)) 2909assert(not e.haslayer(TCP)) 2910assert(e[ESP].spi == sa.spi) 2911* after encryption the original packet payload should NOT be readable 2912assert(b'testdata' not in e[ESP].data) 2913 2914* simulate the alteration of the packet before decryption 2915e[ESP].seq += 1 2916 2917* integrity verification should fail 2918try: 2919 d = sa.decrypt(e) 2920 assert(False) 2921except IPSecIntegrityError as err: 2922 err 2923 2924####################################### 2925= IPv6 / ESP - Transport - AES-GCM - NULL 2926 2927p = IPv6(src='11::22', dst='22::11') 2928p /= TCP(sport=45012, dport=80) 2929p /= Raw('testdata') 2930p = IPv6(raw(p)) 2931p 2932 2933sa = SecurityAssociation(ESP, spi=0x222, 2934 crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce', 2935 auth_algo='NULL', auth_key=None) 2936 2937e = sa.encrypt(p) 2938e 2939 2940assert(isinstance(e, IPv6)) 2941assert(e.src == '11::22' and e.dst == '22::11') 2942assert(e.nh == socket.IPPROTO_ESP) 2943assert(e.haslayer(ESP)) 2944assert(not e.haslayer(TCP)) 2945assert(e[ESP].spi == sa.spi) 2946* after encryption the original packet payload should NOT be readable 2947assert(b'testdata' not in e[ESP].data) 2948 2949d = sa.decrypt(e) 2950d 2951 2952* after decryption original packet should be preserved 2953assert(d[TCP] == p[TCP]) 2954 2955####################################### 2956= IPv6 / ESP - Transport - AES-GCM - NULL - altered packet 2957 2958p = IPv6(src='11::22', dst='22::11') 2959p /= TCP(sport=45012, dport=80) 2960p /= Raw('testdata') 2961p = IPv6(raw(p)) 2962p 2963 2964sa = SecurityAssociation(ESP, spi=0x222, 2965 crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce', 2966 auth_algo='NULL', auth_key=None) 2967 2968e = sa.encrypt(p) 2969e 2970 2971assert(isinstance(e, IPv6)) 2972assert(e.src == '11::22' and e.dst == '22::11') 2973assert(e.nh == socket.IPPROTO_ESP) 2974assert(e.haslayer(ESP)) 2975assert(not e.haslayer(TCP)) 2976assert(e[ESP].spi == sa.spi) 2977* after encryption the original packet payload should NOT be readable 2978assert(b'testdata' not in e[ESP].data) 2979 2980* simulate the alteration of the packet before decryption 2981e[ESP].seq += 1 2982 2983* integrity verification should fail 2984try: 2985 d = sa.decrypt(e) 2986 assert(False) 2987except IPSecIntegrityError as err: 2988 err 2989 2990####################################### 2991= IPv6 / ESP - Transport - AES-CCM - NULL 2992~ crypto_advanced 2993 2994p = IPv6(src='11::22', dst='22::11') 2995p /= TCP(sport=45012, dport=80) 2996p /= Raw('testdata') 2997p = IPv6(raw(p)) 2998p 2999 3000sa = SecurityAssociation(ESP, spi=0x222, 3001 crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce', 3002 auth_algo='NULL', auth_key=None) 3003 3004e = sa.encrypt(p) 3005e 3006 3007assert(isinstance(e, IPv6)) 3008assert(e.src == '11::22' and e.dst == '22::11') 3009assert(e.nh == socket.IPPROTO_ESP) 3010assert(e.haslayer(ESP)) 3011assert(not e.haslayer(TCP)) 3012assert(e[ESP].spi == sa.spi) 3013* after encryption the original packet payload should NOT be readable 3014assert(b'testdata' not in e[ESP].data) 3015 3016d = sa.decrypt(e) 3017d 3018 3019* after decryption original packet should be preserved 3020assert(d[TCP] == p[TCP]) 3021 3022####################################### 3023= IPv6 / ESP - Transport - AES-CCM - NULL - altered packet 3024~ crypto_advanced 3025 3026p = IPv6(src='11::22', dst='22::11') 3027p /= TCP(sport=45012, dport=80) 3028p /= Raw('testdata') 3029p = IPv6(raw(p)) 3030p 3031 3032sa = SecurityAssociation(ESP, spi=0x222, 3033 crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce', 3034 auth_algo='NULL', auth_key=None) 3035 3036e = sa.encrypt(p) 3037e 3038 3039assert(isinstance(e, IPv6)) 3040assert(e.src == '11::22' and e.dst == '22::11') 3041assert(e.nh == socket.IPPROTO_ESP) 3042assert(e.haslayer(ESP)) 3043assert(not e.haslayer(TCP)) 3044assert(e[ESP].spi == sa.spi) 3045* after encryption the original packet payload should NOT be readable 3046assert(b'testdata' not in e[ESP].data) 3047 3048* simulate the alteration of the packet before decryption 3049e[ESP].seq += 1 3050 3051* integrity verification should fail 3052try: 3053 d = sa.decrypt(e) 3054 assert(False) 3055except IPSecIntegrityError as err: 3056 err 3057 3058####################################### 3059= IPv6 / ESP - Tunnel - NULL - NULL 3060~ -crypto 3061 3062p = IPv6(src='11::22', dst='22::11') 3063p /= TCP(sport=45012, dport=80) 3064p /= Raw('testdata') 3065p = IPv6(raw(p)) 3066p 3067 3068sa = SecurityAssociation(ESP, spi=0x222, 3069 crypt_algo='NULL', crypt_key=None, 3070 auth_algo='NULL', auth_key=None, 3071 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3072 3073e = sa.encrypt(p) 3074e 3075 3076assert(isinstance(e, IPv6)) 3077* after encryption packet should be encapsulated with the given ip tunnel header 3078assert(e.src == 'aa::bb' and e.dst == 'bb::aa') 3079assert(e.nh == socket.IPPROTO_ESP) 3080assert(e.haslayer(ESP)) 3081assert(not e.haslayer(TCP)) 3082assert(e[ESP].spi == sa.spi) 3083assert(b'testdata' in e[ESP].data) 3084 3085d = sa.decrypt(e) 3086d 3087 3088* after decryption the original packet payload should be unaltered 3089assert(d[TCP] == p[TCP]) 3090 3091####################################### 3092= IPv6 / ESP - Tunnel - AES-CBC - NULL 3093 3094p = IPv6(src='11::22', dst='22::11') 3095p /= TCP(sport=45012, dport=80) 3096p /= Raw('testdata') 3097p = IPv6(raw(p)) 3098p 3099 3100sa = SecurityAssociation(ESP, spi=0x222, 3101 crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key', 3102 auth_algo='NULL', auth_key=None, 3103 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3104 3105e = sa.encrypt(p) 3106e 3107 3108assert(isinstance(e, IPv6)) 3109* after encryption packet should be encapsulated with the given ip tunnel header 3110assert(e.src == 'aa::bb' and e.dst == 'bb::aa') 3111assert(e.nh == socket.IPPROTO_ESP) 3112assert(e.haslayer(ESP)) 3113assert(not e.haslayer(TCP)) 3114assert(e[ESP].spi == sa.spi) 3115* after encryption the original packet payload should NOT be readable 3116assert(b'testdata' not in e[ESP].data) 3117 3118d = sa.decrypt(e) 3119d 3120 3121* after decryption the original packet payload should be unaltered 3122assert(d[TCP] == p[TCP]) 3123 3124####################################### 3125= IPv6 / ESP - Tunnel - NULL - HMAC-SHA1-96 3126 3127p = IPv6(src='11::22', dst='22::11') 3128p /= TCP(sport=45012, dport=80) 3129p /= Raw('testdata') 3130p = IPv6(raw(p)) 3131p 3132 3133sa = SecurityAssociation(ESP, spi=0x222, 3134 crypt_algo='NULL', crypt_key=None, 3135 auth_algo='HMAC-SHA1-96', auth_key=b'secret key', 3136 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3137 3138e = sa.encrypt(p) 3139e 3140 3141assert(isinstance(e, IPv6)) 3142* after encryption packet should be encapsulated with the given ip tunnel header 3143assert(e.src == 'aa::bb' and e.dst == 'bb::aa') 3144assert(e.nh == socket.IPPROTO_ESP) 3145assert(e.haslayer(ESP)) 3146assert(not e.haslayer(TCP)) 3147assert(e[ESP].spi == sa.spi) 3148assert(b'testdata' in e[ESP].data) 3149 3150* integrity verification should pass 3151d = sa.decrypt(e) 3152 3153* after decryption the original packet payload should be unaltered 3154assert(d[TCP] == p[TCP]) 3155 3156####################################### 3157= IPv6 / ESP - Tunnel - NULL - HMAC-SHA1-96 - altered packet 3158 3159p = IPv6(src='11::22', dst='22::11') 3160p /= TCP(sport=45012, dport=80) 3161p /= Raw('testdata') 3162p = IPv6(raw(p)) 3163p 3164 3165sa = SecurityAssociation(ESP, spi=0x222, 3166 crypt_algo='NULL', crypt_key=None, 3167 auth_algo='HMAC-SHA1-96', auth_key=b'secret key', 3168 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3169 3170e = sa.encrypt(p) 3171e 3172 3173assert(isinstance(e, IPv6)) 3174* after encryption packet should be encapsulated with the given ip tunnel header 3175assert(e.src == 'aa::bb' and e.dst == 'bb::aa') 3176assert(e.nh == socket.IPPROTO_ESP) 3177assert(e.haslayer(ESP)) 3178assert(not e.haslayer(TCP)) 3179assert(e[ESP].spi == sa.spi) 3180assert(b'testdata' in e[ESP].data) 3181 3182* simulate the alteration of the packet before decryption 3183e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') 3184 3185* integrity verification should fail 3186try: 3187 d = sa.decrypt(e) 3188 assert(False) 3189except IPSecIntegrityError as err: 3190 err 3191 3192####################################### 3193= IPv6 / ESP - Tunnel - AES-CBC - HMAC-SHA1-96 3194 3195p = IPv6(src='11::22', dst='22::11') 3196p /= TCP(sport=45012, dport=80) 3197p /= Raw('testdata') 3198p = IPv6(raw(p)) 3199p 3200 3201sa = SecurityAssociation(ESP, spi=0x222, 3202 crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key', 3203 auth_algo='HMAC-SHA1-96', auth_key=b'secret key', 3204 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3205 3206e = sa.encrypt(p) 3207e 3208 3209assert(isinstance(e, IPv6)) 3210* after encryption packet should be encapsulated with the given ip tunnel header 3211assert(e.src == 'aa::bb' and e.dst == 'bb::aa') 3212assert(e.nh == socket.IPPROTO_ESP) 3213assert(e.haslayer(ESP)) 3214assert(not e.haslayer(TCP)) 3215assert(e[ESP].spi == sa.spi) 3216* after encryption the original packet payload should NOT be readable 3217assert(b'testdata' not in e[ESP].data) 3218 3219d = sa.decrypt(e) 3220d 3221 3222* after decryption the original packet payload should be unaltered 3223assert(d[TCP] == p[TCP]) 3224 3225####################################### 3226= IPv6 / ESP - Tunnel - AES-CBC - HMAC-SHA1-96 - altered packet 3227 3228p = IPv6(src='11::22', dst='22::11') 3229p /= TCP(sport=45012, dport=80) 3230p /= Raw('testdata') 3231p = IPv6(raw(p)) 3232p 3233 3234sa = SecurityAssociation(ESP, spi=0x222, 3235 crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key', 3236 auth_algo='HMAC-SHA1-96', auth_key=b'secret key', 3237 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3238 3239e = sa.encrypt(p) 3240e 3241 3242assert(isinstance(e, IPv6)) 3243* after encryption packet should be encapsulated with the given ip tunnel header 3244assert(e.src == 'aa::bb' and e.dst == 'bb::aa') 3245assert(e.nh == socket.IPPROTO_ESP) 3246assert(e.haslayer(ESP)) 3247assert(not e.haslayer(TCP)) 3248assert(e[ESP].spi == sa.spi) 3249* after encryption the original packet payload should NOT be readable 3250assert(b'testdata' not in e[ESP].data) 3251 3252* simulate the alteration of the packet before decryption 3253e[ESP].seq += 1 3254 3255* integrity verification should fail 3256try: 3257 d = sa.decrypt(e) 3258 assert(False) 3259except IPSecIntegrityError as err: 3260 err 3261 3262####################################### 3263= IPv6 / ESP - Tunnel - AES-GCM - NULL 3264 3265p = IPv6(src='11::22', dst='22::11') 3266p /= TCP(sport=45012, dport=80) 3267p /= Raw('testdata') 3268p = IPv6(raw(p)) 3269p 3270 3271sa = SecurityAssociation(ESP, spi=0x222, 3272 crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce', 3273 auth_algo='NULL', auth_key=None, 3274 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3275 3276e = sa.encrypt(p) 3277e 3278 3279assert(isinstance(e, IPv6)) 3280* after encryption packet should be encapsulated with the given ip tunnel header 3281assert(e.src == 'aa::bb' and e.dst == 'bb::aa') 3282assert(e.nh == socket.IPPROTO_ESP) 3283assert(e.haslayer(ESP)) 3284assert(not e.haslayer(TCP)) 3285assert(e[ESP].spi == sa.spi) 3286* after encryption the original packet payload should NOT be readable 3287assert(b'testdata' not in e[ESP].data) 3288 3289d = sa.decrypt(e) 3290d 3291 3292* after decryption original packet should be preserved 3293assert(d[TCP] == p[TCP]) 3294 3295####################################### 3296= IPv6 / ESP - Tunnel - AES-GCM - NULL - altered packet 3297 3298p = IPv6(src='11::22', dst='22::11') 3299p /= TCP(sport=45012, dport=80) 3300p /= Raw('testdata') 3301p = IPv6(raw(p)) 3302p 3303 3304sa = SecurityAssociation(ESP, spi=0x222, 3305 crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce', 3306 auth_algo='NULL', auth_key=None, 3307 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3308 3309e = sa.encrypt(p) 3310e 3311 3312assert(isinstance(e, IPv6)) 3313* after encryption packet should be encapsulated with the given ip tunnel header 3314assert(e.src == 'aa::bb' and e.dst == 'bb::aa') 3315assert(e.nh == socket.IPPROTO_ESP) 3316assert(e.haslayer(ESP)) 3317assert(not e.haslayer(TCP)) 3318assert(e[ESP].spi == sa.spi) 3319* after encryption the original packet payload should NOT be readable 3320assert(b'testdata' not in e[ESP].data) 3321 3322* simulate the alteration of the packet before decryption 3323e[ESP].seq += 1 3324 3325* integrity verification should fail 3326try: 3327 d = sa.decrypt(e) 3328 assert(False) 3329except IPSecIntegrityError as err: 3330 err 3331 3332####################################### 3333= IPv6 / ESP - Tunnel - AES-CCM - NULL 3334~ crypto_advanced 3335 3336p = IPv6(src='11::22', dst='22::11') 3337p /= TCP(sport=45012, dport=80) 3338p /= Raw('testdata') 3339p = IPv6(raw(p)) 3340p 3341 3342sa = SecurityAssociation(ESP, spi=0x222, 3343 crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce', 3344 auth_algo='NULL', auth_key=None, 3345 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3346 3347e = sa.encrypt(p) 3348e 3349 3350assert(isinstance(e, IPv6)) 3351assert(e.src == '11::22' and e.dst == '22::11') 3352assert(e.nh == socket.IPPROTO_ESP) 3353assert(e.haslayer(ESP)) 3354assert(not e.haslayer(TCP)) 3355assert(e[ESP].spi == sa.spi) 3356* after encryption the original packet payload should NOT be readable 3357assert(b'testdata' not in e[ESP].data) 3358 3359d = sa.decrypt(e) 3360d 3361 3362* after decryption original packet should be preserved 3363assert(d[TCP] == p[TCP]) 3364 3365####################################### 3366= IPv6 / ESP - Tunnel - AES-CCM - NULL - altered packet 3367~ crypto_advanced 3368 3369p = IPv6(src='11::22', dst='22::11') 3370p /= TCP(sport=45012, dport=80) 3371p /= Raw('testdata') 3372p = IPv6(raw(p)) 3373p 3374 3375sa = SecurityAssociation(ESP, spi=0x222, 3376 crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce', 3377 auth_algo='NULL', auth_key=None, 3378 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3379 3380e = sa.encrypt(p) 3381e 3382 3383assert(isinstance(e, IPv6)) 3384assert(e.src == '11::22' and e.dst == '22::11') 3385assert(e.nh == socket.IPPROTO_ESP) 3386assert(e.haslayer(ESP)) 3387assert(not e.haslayer(TCP)) 3388assert(e[ESP].spi == sa.spi) 3389* after encryption the original packet payload should NOT be readable 3390assert(b'testdata' not in e[ESP].data) 3391 3392* simulate the alteration of the packet before decryption 3393e[ESP].seq += 1 3394 3395* integrity verification should fail 3396try: 3397 d = sa.decrypt(e) 3398 assert(False) 3399except IPSecIntegrityError as err: 3400 err 3401 3402####################################### 3403############################################################################### 3404+ IPv6 / AH 3405 3406####################################### 3407= IPv6 / AH - Transport - HMAC-SHA1-96 3408 3409p = IPv6(src='11::22', dst='22::11') 3410p /= TCP(sport=45012, dport=80) 3411p /= Raw('testdata') 3412p = IPv6(raw(p)) 3413p 3414 3415sa = SecurityAssociation(AH, spi=0x222, 3416 auth_algo='HMAC-SHA1-96', auth_key=b'secret key') 3417 3418e = sa.encrypt(p) 3419e 3420 3421assert(isinstance(e, IPv6)) 3422assert(e.src == '11::22' and e.dst == '22::11') 3423* the encrypted packet should have an AH layer 3424assert(e.nh == socket.IPPROTO_AH) 3425assert(e.haslayer(AH)) 3426assert(e.haslayer(TCP)) 3427assert(e[AH].spi == sa.spi) 3428 3429* alter mutable fields in the packet 3430e.hlim = 2 3431 3432* integrity verification should pass 3433d = sa.decrypt(e) 3434d 3435 3436* after decryption the original packet payload should be unaltered 3437assert(d[TCP] == p[TCP]) 3438 3439####################################### 3440= IPv6 / AH - Transport - HMAC-SHA1-96 - altered packet 3441 3442p = IPv6(src='11::22', dst='22::11') 3443p /= TCP(sport=45012, dport=80) 3444p /= Raw('testdata') 3445p = IPv6(raw(p)) 3446p 3447 3448sa = SecurityAssociation(AH, spi=0x222, 3449 auth_algo='HMAC-SHA1-96', auth_key=b'secret key') 3450 3451e = sa.encrypt(p) 3452e 3453 3454assert(isinstance(e, IPv6)) 3455assert(e.src == '11::22' and e.dst == '22::11') 3456* the encrypted packet should have an AH layer 3457assert(e.nh == socket.IPPROTO_AH) 3458assert(e.haslayer(AH)) 3459assert(e.haslayer(TCP)) 3460assert(e[AH].spi == sa.spi) 3461 3462* simulate the alteration of the packet before verification 3463e[TCP].dport = 46 3464 3465* integrity verification should fail 3466try: 3467 d = sa.decrypt(e) 3468 assert(False) 3469except IPSecIntegrityError as err: 3470 err 3471 3472####################################### 3473= IPv6 / AH - Transport - SHA2-256-128 3474 3475p = IPv6(src='11::22', dst='22::11') 3476p /= TCP(sport=45012, dport=80) 3477p /= Raw('testdata') 3478p = IPv6(raw(p)) 3479p 3480 3481sa = SecurityAssociation(AH, spi=0x222, 3482 auth_algo='SHA2-256-128', auth_key=b'secret key') 3483 3484e = sa.encrypt(p) 3485e 3486 3487assert(isinstance(e, IPv6)) 3488assert(e.src == '11::22' and e.dst == '22::11') 3489* the encrypted packet should have an AH layer 3490assert(e.nh == socket.IPPROTO_AH) 3491assert(e.haslayer(AH)) 3492assert(e.haslayer(TCP)) 3493assert(e[AH].spi == sa.spi) 3494 3495* alter mutable fields in the packet 3496e.hlim = 2 3497 3498* integrity verification should pass 3499d = sa.decrypt(e) 3500d 3501 3502* after decryption the original packet payload should be unaltered 3503assert(d[TCP] == p[TCP]) 3504 3505####################################### 3506= IPv6 / AH - Transport - SHA2-256-128 - altered packet 3507 3508p = IPv6(src='11::22', dst='22::11') 3509p /= TCP(sport=45012, dport=80) 3510p /= Raw('testdata') 3511p = IPv6(raw(p)) 3512p 3513 3514sa = SecurityAssociation(AH, spi=0x222, 3515 auth_algo='SHA2-256-128', auth_key=b'secret key') 3516 3517e = sa.encrypt(p) 3518e 3519 3520assert(isinstance(e, IPv6)) 3521assert(e.src == '11::22' and e.dst == '22::11') 3522* the encrypted packet should have an AH layer 3523assert(e.nh == socket.IPPROTO_AH) 3524assert(e.haslayer(AH)) 3525assert(e.haslayer(TCP)) 3526assert(e[AH].spi == sa.spi) 3527 3528* simulate the alteration of the packet before verification 3529e[TCP].dport = 46 3530 3531* integrity verification should fail 3532try: 3533 d = sa.decrypt(e) 3534 assert(False) 3535except IPSecIntegrityError as err: 3536 err 3537 3538####################################### 3539= IPv6 / AH - Tunnel - HMAC-SHA1-96 3540 3541p = IPv6(src='11::22', dst='22::11') 3542p /= TCP(sport=45012, dport=80) 3543p /= Raw('testdata') 3544p = IPv6(raw(p)) 3545p 3546 3547sa = SecurityAssociation(AH, spi=0x222, 3548 auth_algo='HMAC-SHA1-96', auth_key=b'secret key', 3549 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3550 3551e = sa.encrypt(p) 3552e 3553 3554assert(isinstance(e, IPv6)) 3555* after encryption packet should be encapsulated with the given ip tunnel header 3556assert(e.src == 'aa::bb' and e.dst == 'bb::aa') 3557assert(e.nh == socket.IPPROTO_AH) 3558assert(e.haslayer(AH)) 3559assert(e.haslayer(TCP)) 3560assert(e[AH].spi == sa.spi) 3561 3562* alter mutable fields in the packet 3563e.hlim = 2 3564 3565* integrity verification should pass 3566d = sa.decrypt(e) 3567d 3568 3569* after decryption the original packet payload should be unaltered 3570assert(d == p) 3571 3572####################################### 3573= IPv6 / AH - Tunnel - HMAC-SHA1-96 - altered packet 3574 3575p = IPv6(src='11::22', dst='22::11') 3576p /= TCP(sport=45012, dport=80) 3577p /= Raw('testdata') 3578p = IPv6(raw(p)) 3579p 3580 3581sa = SecurityAssociation(AH, spi=0x222, 3582 auth_algo='HMAC-SHA1-96', auth_key=b'secret key', 3583 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3584 3585e = sa.encrypt(p) 3586e 3587 3588assert(isinstance(e, IPv6)) 3589* after encryption packet should be encapsulated with the given ip tunnel header 3590assert(e.src == 'aa::bb' and e.dst == 'bb::aa') 3591assert(e.nh == socket.IPPROTO_AH) 3592assert(e.haslayer(AH)) 3593assert(e.haslayer(TCP)) 3594assert(e[AH].spi == sa.spi) 3595 3596* simulate the alteration of the packet before verification 3597e.src = 'cc::ee' 3598 3599* integrity verification should fail 3600try: 3601 d = sa.decrypt(e) 3602 assert(False) 3603except IPSecIntegrityError as err: 3604 err 3605 3606####################################### 3607= IPv6 / AH - Tunnel - SHA2-256-128 3608 3609p = IPv6(src='11::22', dst='22::11') 3610p /= TCP(sport=45012, dport=80) 3611p /= Raw('testdata') 3612p = IPv6(raw(p)) 3613p 3614 3615sa = SecurityAssociation(AH, spi=0x222, 3616 auth_algo='SHA2-256-128', auth_key=b'secret key', 3617 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3618 3619e = sa.encrypt(p) 3620e 3621 3622assert(isinstance(e, IPv6)) 3623* after encryption packet should be encapsulated with the given ip tunnel header 3624assert(e.src == 'aa::bb' and e.dst == 'bb::aa') 3625assert(e.nh == socket.IPPROTO_AH) 3626assert(e.haslayer(AH)) 3627assert(e.haslayer(TCP)) 3628assert(e[AH].spi == sa.spi) 3629 3630* alter mutable fields in the packet 3631e.hlim = 2 3632 3633* integrity verification should pass 3634d = sa.decrypt(e) 3635d 3636 3637* after decryption the original packet payload should be unaltered 3638assert(d == p) 3639 3640####################################### 3641= IPv6 / AH - Tunnel - SHA2-256-128 - altered packet 3642 3643p = IPv6(src='11::22', dst='22::11') 3644p /= TCP(sport=45012, dport=80) 3645p /= Raw('testdata') 3646p = IPv6(raw(p)) 3647p 3648 3649sa = SecurityAssociation(AH, spi=0x222, 3650 auth_algo='SHA2-256-128', auth_key=b'secret key', 3651 tunnel_header=IPv6(src='aa::bb', dst='bb::aa')) 3652 3653e = sa.encrypt(p) 3654e 3655 3656assert(isinstance(e, IPv6)) 3657* after encryption packet should be encapsulated with the given ip tunnel header 3658assert(e.src == 'aa::bb' and e.dst == 'bb::aa') 3659assert(e.nh == socket.IPPROTO_AH) 3660assert(e.haslayer(AH)) 3661assert(e.haslayer(TCP)) 3662assert(e[AH].spi == sa.spi) 3663 3664* simulate the alteration of the packet before verification 3665e.src = 'cc::ee' 3666 3667* integrity verification should fail 3668try: 3669 d = sa.decrypt(e) 3670 assert(False) 3671except IPSecIntegrityError as err: 3672 err 3673 3674############################################################################### 3675+ IPv6 + Extensions / AH 3676 3677####################################### 3678= IPv6 + Extensions / AH - Transport 3679 3680p = IPv6(src='11::22', dst='22::11') 3681p /= IPv6ExtHdrHopByHop() 3682p /= IPv6ExtHdrDestOpt() 3683p /= IPv6ExtHdrRouting() 3684p /= IPv6ExtHdrDestOpt() 3685p /= IPv6ExtHdrFragment() 3686p /= TCP(sport=45012, dport=80) 3687p /= Raw('testdata') 3688p = IPv6(raw(p)) 3689p 3690 3691sa = SecurityAssociation(AH, spi=0x222, 3692 auth_algo='HMAC-SHA1-96', auth_key=b'secret key') 3693 3694e = sa.encrypt(p) 3695e 3696 3697assert(e.src == '11::22' and e.dst == '22::11') 3698* AH header should be inserted between the routing header and the dest options header 3699assert(isinstance(e[AH].underlayer, IPv6ExtHdrRouting)) 3700assert(isinstance(e[AH].payload, IPv6ExtHdrDestOpt)) 3701 3702####################################### 3703= IPv6 + Routing Header / AH - Transport 3704 3705p = IPv6(src='11::22', dst='22::11') 3706p /= IPv6ExtHdrHopByHop() 3707p /= IPv6ExtHdrRouting(addresses=['aa::bb', 'cc::dd', 'ee::ff']) 3708p /= TCP(sport=45012, dport=80) 3709p /= Raw('testdata') 3710p = IPv6(raw(p)) 3711p 3712 3713sa = SecurityAssociation(AH, spi=0x222, 3714 auth_algo='HMAC-SHA1-96', auth_key=b'secret key') 3715 3716e = sa.encrypt(p) 3717e 3718 3719assert(e.src == '11::22' and e.dst == '22::11') 3720* AH header should be inserted between the routing header and TCP 3721assert(isinstance(e[AH].underlayer, IPv6ExtHdrRouting)) 3722assert(isinstance(e[AH].payload, TCP)) 3723 3724* reorder the routing header as the receiver will get it 3725final = e[IPv6ExtHdrRouting].addresses.pop() 3726e[IPv6ExtHdrRouting].addresses.insert(0, e.dst) 3727e.dst = final 3728e[IPv6ExtHdrRouting].segleft = 0 3729 3730* integrity verification should pass 3731d = sa.decrypt(e) 3732d 3733 3734