packetgen-plugin-ipsec 1.0.0

data/lib/packetgen/plugin/ike.rb

@@ -0,0 +1,241 @@
+# This file is part of IPsec packetgen plugin.
+# See https://github.com/sdaubert/packetgen-plugin-ipsec for more informations
+# Copyright (c) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen
+  module Plugin
+    # This class handles a pseudo-Plugin used to differentiate ESP from IKE Plugins
+    # in a UDP datagram with port 4500.
+    # @author Sylvain Daubert
+    class NonESPMarker < PacketGen::Header::Base
+      # @!attribute non_esp_marker
+      #  32-bit zero marker to differentiate IKE packet over UDP port 4500 from ESP ones
+      #  @return [Integer]
+      define_field :non_esp_marker, PacketGen::Types::Int32, default: 0
+      # @!attribute body
+      #  @return [PacketGen::Types::String,PacketGen::Header::Base]
+      define_field :body, PacketGen::Types::String
+
+      # Check non_esp_marker field
+      # @see [PacketGen::Header::Base#parse?]
+      def parse?
+        non_esp_marker.zero?
+      end
+    end
+
+    # IKE is the Internet Key Exchange protocol (RFC 7296). Ony IKEv2 is supported.
+    #
+    # A IKE Plugin consists of a Plugin, and a set of payloads. This class
+    # handles IKE Plugin. For payloads, see {IKE::Payload}.
+    #
+    # == IKE Plugin
+    # The format of a IKE Plugin is shown below:
+    #                       1                   2                   3
+    #   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+    #  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    #  |                       IKE SA Initiator's SPI                  |
+    #  |                                                               |
+    #  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    #  |                       IKE SA Responder's SPI                  |
+    #  |                                                               |
+    #  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    #  |  Next Payload | MjVer | MnVer | Exchange Type |     Flags     |
+    #  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    #  |                          Message ID                           |
+    #  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    #  |                            Length                             |
+    #  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    # A IKE Plugin consists of:
+    # * a IKE SA initiator SPI ({#init_spi}, {PacketGen::Types::Int64} type),
+    # * a IKE SA responder SPI ({#resp_spi}, {PacketGen::Types::Int64} type),
+    # * a Next Payload field ({#next}, {PacketGen::Types::Int8} type),
+    # * a Version field ({#version}, {PacketGen::Types::Int8} type, with first 4-bit field
+    #   as major number, and last 4-bit field as minor number),
+    # * a Exchange type ({#exchange_type}, {PacketGen::Types::Int8} type),
+    # * a {#flags} field ({PacketGen::Types::Int8} type),
+    # * a Message ID ({#message_id}, {PacketGen::Types::Int32} type),
+    # * and a {#length} ({PacketGen::Types::Int32} type).
+    #
+    # == Create a IKE Plugin
+    # === Standalone
+    #   ike = PacketGen::Plugin::IKE.new
+    # === Classical IKE packet
+    #   pkt = PacketGen.gen('IP').add('UDP').add('IKE')
+    #   # access to IKE Plugin
+    #   pkt.ike    # => PacketGen::Plugin::IKE
+    # === NAT-T IKE packet
+    #   # NonESPMarker is used to insert a 32-bit null field between UDP Plugin
+    #   # and IKE one to differentiate it from ESP-in-UDP (see RFC 3948)
+    #   pkt = PacketGen.gen('IP').add('UDP').add('NonESPMarker').add('IKE)
+    # @author Sylvain Daubert
+    class IKE < PacketGen::Header::Base
+      # Classical well-known UDP port for IKE
+      UDP_PORT1 = 500
+      # Well-known UDP port for IKE when NAT is detected
+      UDP_PORT2 = 4500
+
+      PROTOCOLS = {
+        'IKE' => 1,
+        'AH'  => 2,
+        'ESP' => 3
+      }.freeze
+
+      EXCHANGE_TYPES = {
+        'IKE_SA_INIT'     => 34,
+        'IKE_AUTH'        => 35,
+        'CREATE_CHILD_SA' => 36,
+        'INFORMATIONAL'   => 37
+      }.freeze
+
+      # @!attribute init_spi
+      #  64-bit initiator SPI
+      #  @return [Integer]
+      define_field :init_spi, PacketGen::Types::Int64
+      # @!attribute resp_spi
+      #  64-bit responder SPI
+      #  @return [Integer]
+      define_field :resp_spi, PacketGen::Types::Int64
+      # @!attribute next
+      #  8-bit next payload type
+      #  @return [Integer]
+      define_field :next, PacketGen::Types::Int8
+      # @!attribute version
+      #  8-bit IKE version
+      #  @return [Integer]
+      define_field :version, PacketGen::Types::Int8, default: 0x20
+      # @!attribute [r] exchange_type
+      #  8-bit exchange type
+      #  @return [Integer]
+      define_field :exchange_type, PacketGen::Types::Int8Enum, enum: EXCHANGE_TYPES
+      # @!attribute flags
+      #  8-bit flags
+      #  @return [Integer]
+      define_field :flags, PacketGen::Types::Int8
+      # @!attribute message_id
+      #  32-bit message ID
+      #  @return [Integer]
+      define_field :message_id, PacketGen::Types::Int32
+      # @!attribute length
+      #  32-bit length of total message (Plugin + payloads)
+      #  @return [Integer]
+      define_field :length, PacketGen::Types::Int32
+
+      # Defining a body permits using Packet#parse to parse IKE payloads.
+      # But this method is hidden as prefered way to access payloads is via #payloads
+      define_field :body, PacketGen::Types::String
+
+      # @!attribute mjver
+      #  4-bit major version value
+      #  @return [Integer]
+      # @!attribute mnver
+      #  4-bit minor version value
+      #  @return [Integer]
+      define_bit_fields_on :version, :mjver, 4, :mnver, 4
+
+      # @!attribute rsv1
+      #  @return [Integer]
+      # @!attribute rsv2
+      #  @return [Integer]
+      # @!attribute flag_i
+      #  bit set in message sent by the original initiator
+      #  @return [Boolean]
+      # @!attribute flag_r
+      #  indicate this message is a response to a message containing the same Message ID
+      #  @return [Boolean]
+      # @!attribute flag_v
+      #  version flag. Ignored by IKEv2 peers, and should be set to 0
+      #  @return [Boolean]
+      define_bit_fields_on :flags, :rsv1, 2, :flag_r, :flag_v, :flag_i, :rsv2, 3
+
+      # @param [Hash] options
+      # @see PacketGen::Header::Base#initialize
+      def initialize(options={})
+        super
+        calc_length unless options[:length]
+        self.type = options[:type] if options[:type]
+        self.type = options[:exchange_type] if options[:exchange_type]
+      end
+
+      alias type exchange_type
+      alias type= exchange_type=
+
+      # Get exchange type name
+      # @return [String
+      def human_exchange_type
+        self[:exchange_type].to_human
+      end
+      alias human_type human_exchange_type
+
+      # Calculate length field
+      # @return [Integer]
+      def calc_length
+        PacketGen::Header::Base.calculate_and_set_length self
+      end
+
+      # IKE payloads
+      # @return [Array<Payload>]
+      def payloads
+        payloads = []
+        body = self.body
+        while body.is_a?(Payload)
+          payloads << body
+          body = body.body
+        end
+        payloads
+      end
+
+      # @return [String]
+      def inspect
+        super do |attr|
+          case attr
+          when :flags
+            str_flags = ''.dup
+            %w[r v i].each do |flag|
+              str_flags << (send("flag_#{flag}?") ? flag.upcase : '.')
+            end
+            str = Inspect.shift_level
+            str << Inspect::FMT_ATTR % [self[attr].class.to_s.sub(/.*::/, ''), attr,
+                                        str_flags]
+          end
+        end
+      end
+
+      # Toggle +I+ and +R+ flags.
+      # @return [self]
+      def reply!
+        self.flag_r = !self.flag_r?
+        self.flag_i = !self.flag_i?
+        self
+      end
+
+      # @api private
+      # @note This method is used internally by PacketGen and should not be
+      #       directly called
+      # @param [Packet] packet
+      # @return [void]
+      def added_to_packet(packet)
+        return unless packet.is? 'UDP'
+        return unless packet.udp.sport.zero?
+        packet.udp.sport = if packet.is?('NonESPMarker')
+                             UDP_PORT2
+                           else
+                             UDP_PORT1
+                           end
+      end
+    end
+
+    Header.add_class IKE
+    Header.add_class NonESPMarker
+
+    PacketGen::Header::UDP.bind IKE, dport: IKE::UDP_PORT1
+    PacketGen::Header::UDP.bind IKE, sport: IKE::UDP_PORT1
+    PacketGen::Header::UDP.bind NonESPMarker, dport: IKE::UDP_PORT2
+    PacketGen::Header::UDP.bind NonESPMarker, sport: IKE::UDP_PORT2
+    NonESPMarker.bind IKE
+  end
+end
+
+require_relative 'ike/payload'

data/lib/packetgen/plugin/ike/auth.rb

@@ -0,0 +1,165 @@
+# coding: utf-8
+# This file is part of IPsec packetgen plugin.
+# See https://github.com/sdaubert/packetgen-plugin-ipsec for more informations
+# Copyright (c) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen
+  module Plugin
+    class IKE
+      # This class handles Authentication payloads.
+      #
+      # A AUTH payload consists of the IKE generic payload Plugin (see {Payload})
+      # and some specific fields:
+      #                        1                   2                   3
+      #    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #   | Next Payload  |C|  RESERVED   |         Payload Length        |
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #   | Auth Method   |                RESERVED                       |
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #   |                                                               |
+      #   ~                      Authentication Data                      ~
+      #   |                                                               |
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      # These specific fields are:
+      # * {#type} (ID type),
+      # * {#reserved},
+      # * and {#content} (Identification Data).
+      #
+      # == Create a KE payload
+      #   # create a IKE packet with a Auth payload
+      #   pkt = PacketGen.gen('IP').add('UDP').add('IKE').add('IKE::Auth', method: 'SHARED_KEY')
+      #   pkt.calc_length
+      # @author Sylvain Daubert
+      class Auth < Payload
+        # Payload type number
+        PAYLOAD_TYPE = 39
+
+        METHODS = {
+          'RSA_SIGNATURE'     => 1,
+          'SHARED_KEY'        => 2,
+          'DSA_SIGNATURE'     => 3,
+          'ECDSA256'          => 9,
+          'ECDSA384'          => 10,
+          'ECDSA512'          => 11,
+          'PASSWORD'          => 12,
+          'NULL'              => 13,
+          'DIGITAL_SIGNATURE' => 14
+        }.freeze
+
+        # @attribute [r] method
+        #   8-bit Auth Method
+        #   @return [Integer]
+        define_field_before :content, :method, PacketGen::Types::Int8Enum, enum: METHODS
+        # @attribute reserved
+        #   24-bit reserved field
+        #   @return [Integer]
+        define_field_before :content, :reserved, PacketGen::Types::Int24
+
+        # Check authentication (see RFC 7296 §2.15)
+        # @param [Packet] init_msg first IKE message sent by peer
+        # @param [String] nonce my nonce, sent in first message
+        # @param [String] sk_p secret key used to compute prf(SK_px, IDx')
+        # @param [Integer] prf PRF type to use (see {Transform}+::PRF_*+ constants)
+        # @param [String] shared_secret shared secret to use as PSK (shared secret
+        #    method only)
+        # @param [OpenSSL::X509::Certificate] cert certificate to check AUTH signature,
+        #   if not embedded in IKE message
+        # @return [Boolean]
+        # @note For now, only NULL, SHARED_KEY and RSA, DSA and ECDSA signatures are
+        #   supported.
+        # @note For certificates, only check AUTH authenticity with given (or guessed
+        #   from packet) certificate, but certificate chain is not verified.
+        def check?(init_msg: nil, nonce: '', sk_p: '', prf: 1, shared_secret: '',
+                   cert: nil)
+          raise TypeError, 'init_msg should be a Packet' unless init_msg.is_a?(Packet)
+          signed_octets = init_msg.ike.to_s
+          signed_octets << nonce
+          id = packet.ike.flag_i? ? packet.ike_idi : packet.ike_idr
+          signed_octets << prf(prf, sk_p, id.to_s[4, id.length - 4])
+
+          case method
+          when METHODS['SHARED_KEY']
+            auth  = prf(prf(shared_secret, 'Key Pad for IKEv2'), signed_octets)
+            auth == content
+          when METHODS['RSA_SIGNATURE'], METHODS['ECDSA256'], METHODS['ECDSA384'],
+               METHODS['ECDSA512']
+            if packet.ike_cert
+              # FIXME: Expect a ENCODING_X509_CERT_SIG
+              #        Others types not supported for now...
+              cert = OpenSSL::X509::Certificate.new(packet.ike_cert.content)
+            elsif cert.nil?
+              raise CryptoError, 'a certificate should be provided'
+            end
+
+            text = cert.to_text
+            m = text.match(/Public Key Algorithm: ([a-zA-Z0-9-]+)/)
+            digest = case m[1]
+                     when 'id-ecPublicKey'
+                       m2 = text.match(/Public-Key: \((\d+) bit\)/)
+                       case m2[1]
+                       when '256'
+                         OpenSSL::Digest::SHA256.new
+                       when '384'
+                         OpenSSL::Digest::SHA384.new
+                       when '521'
+                         OpenSSL::Digest::SHA512.new
+                       end
+                     when /sha([235]\d+)/
+                       OpenSSL::Digest.const_get("SHA#{$1}").new
+                     when /sha1/, 'rsaEncryption'
+                       OpenSSL::Digest::SHA1.new
+                     end
+            signature = format_signature(cert.public_key, content.to_s)
+            cert.public_key.verify(digest, signature, signed_octets)
+          when METHOD_NULL
+            true
+          else
+            raise NotImplementedError, "unsupported method #{human_method}"
+          end
+        end
+
+        # Get authentication method name
+        # @return [String]
+        def human_method
+          self[:method].to_human
+        end
+
+        private
+
+        def prf(type, key, msg)
+          case type
+          when Transform::PRF_HMAC_MD5, Transform::PRF_HMAC_SHA1,
+               Transform::PRF_HMAC_SHA2_256, Transform::PRF_HMAC_SHA2_384,
+               Transform::PRF_HMAC_SHA2_512
+            digestname = Transform.constants.grep(/PRF_/)
+                                  .detect { |c| Transform.const_get(c) == type }
+                                  .to_s.sub(/^PRF_HMAC_/, '').sub(/2_/, '')
+            digest = OpenSSL::Digest.const_get(digestname).new
+          else
+            raise NotImplementedError, 'for now, only HMAC-based PRF are supported'
+          end
+          hmac = OpenSSL::HMAC.new(key, digest)
+          hmac << msg
+          hmac.digest
+        end
+
+        def format_signature(pkey, sig)
+          if pkey.is_a?(OpenSSL::PKey::EC)
+            # PKey::EC need a signature as a DER string representing a sequence of
+            # 2 integers: r and s
+            r = OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sig[0, sig.size / 2], 2).to_i)
+            s = OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sig[sig.size / 2,
+                                                               sig.size / 2], 2).to_i)
+            OpenSSL::ASN1::Sequence.new([r, s]).to_der
+          else
+            sig
+          end
+        end
+      end
+    end
+  end
+end

data/lib/packetgen/plugin/ike/cert.rb

@@ -0,0 +1,76 @@
+# coding: utf-8
+# This file is part of IPsec packetgen plugin.
+# See https://github.com/sdaubert/packetgen-plugin-ipsec for more informations
+# Copyright (c) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen
+  module Plugin
+    class IKE
+      # This class handles Certificate payloads.
+      #
+      # A Cert payload consists of the IKE generic payload Plugin (see {Payload})
+      # and some specific fields:
+      #                        1                   2                   3
+      #    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #   | Next Payload  |C|  RESERVED   |         Payload Length        |
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #   | Cert Encoding |                                               |
+      #   +-+-+-+-+-+-+-+-+                                               +
+      #   |                                                               |
+      #   ~                       Certificate Data                        ~
+      #   |                                                               |
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      # These specific fields are:
+      # * {#encoding},
+      # * and {#content} (Certificate Data).
+      #
+      # == Create a Cert payload
+      #   # Create a IKE packet with a Cert payload
+      #   pkt = PacketGen.gen('IP').add('UDP').add('IKE').add('IKE::Cert', encoding: 'X509_CERT_SIG')
+      #   certs = cert.to_der << ca_cert.to_der
+      #   pkt.ike_cert.content.read certs
+      #   pkt.calc_length
+      # @author Sylvain Daubert
+      class Cert < Payload
+        # Payload type number
+        PAYLOAD_TYPE = 37
+
+        ENCODINGS = {
+          'PKCS7_WRAPPED_X509'   => 1,
+          'PGP'                  => 2,
+          'DNS_SIGNED_KEY'       => 3,
+          'X509_CERT_SIG'        => 4,
+          'KERBEROS_TOKEN'       => 6,
+          'X509_CRL'             => 7,
+          'X509_ARL'             => 8,
+          'SPKI_CERT'            => 9,
+          'X509_CERT_ATTR'       => 10,
+          'HASH_URL_X509_CERT'   => 12,
+          'HASH_URL_X509_BUNDLE' => 13
+        }.freeze
+
+        # @attribute encoding
+        #   8-bit certificate encoding
+        #   @return [Integer]
+        define_field_before :content, :encoding, PacketGen::Types::Int8Enum, enum: ENCODINGS
+
+        def initialize(options={})
+          super
+          self.encoding = options[:encoding] if options[:encoding]
+        end
+
+        # Get encoding name
+        # @return [String]
+        def human_encoding
+          self[:encoding].to_human
+        end
+      end
+    end
+
+    Header.add_class IKE::Cert
+  end
+end