packetgen-plugin-ipsec 1.0.0

data/lib/packetgen/plugin/ike/payload.rb

@@ -0,0 +1,304 @@
+# This file is part of IPsec packetgen plugin.
+# See https://github.com/sdaubert/packetgen-plugin-ipsec for more informations
+# Copyright (c) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen
+  module Plugin
+    class IKE
+      # PacketGen::Header::Base class for IKE payloads. This class may also be used for unknown payloads.
+      #
+      # This class handles generic IKE payload Plugin:
+      #                        1                   2                   3
+      #    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #   | Next Payload  |C|  RESERVED   |         Payload Length        |
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      # to which a {#content} field is added to handle content of unknown payload types.
+      # @author Sylvain Daubert
+      class Payload < PacketGen::Header::Base
+        # Give protocol name
+        # @return [String]
+        def self.protocol_name
+          return @protocol_name if defined? @protocol_name
+
+          basename = to_s.sub(/.*::/, '')
+          @protocol_name = "IKE::#{basename}"
+        end
+
+        # @!attribute next
+        #  8-bit next payload
+        #  @return [Integer]
+        define_field :next, PacketGen::Types::Int8
+        # @!attribute flags
+        #  8-bit flags
+        #  @return [Integer]
+        define_field :flags, PacketGen::Types::Int8
+        # @!attribute length
+        #  16-bit payload total length, including generic payload Plugin
+        #  @return [Integer]
+        define_field :length, PacketGen::Types::Int16
+        # @!attribute content
+        #  Payload content. Depends on payload. Variable length.
+        #  @return [String]
+        define_field :content, PacketGen::Types::String, builder: ->(h, t) { t.new(length_from: -> { h.length - h.offset_of(:content) }) }
+
+        # Defining a body permits using Packet#parse to parse next IKE payloads.
+        define_field :body, PacketGen::Types::String
+
+        # @!attribute critical
+        #  critical flag
+        #  @return [Boolean]
+        # @!attribute hreserved
+        #  reserved part of {#flags} field
+        #  @return [Integer]
+        define_bit_fields_on :flags, :critical, :hreserved, 7
+
+        def initialize(options={})
+          super
+          self[:content].replace(options[:content]) if options[:content]
+          calc_length unless options[:length]
+        end
+
+        # Compute length and set {#length} field
+        # @return [Integer] new length
+        def calc_length
+          # Here, #body is next payload, so body size should not be taken in
+          # account (payload's real body is #content).
+          self.length = sz - self[:body].sz
+        end
+      end
+    end
+
+    Header.add_class IKE::Payload
+  end
+end
+
+require_relative 'sa'
+require_relative 'ke'
+require_relative 'nonce'
+require_relative 'notify'
+require_relative 'sk'
+require_relative 'id'
+require_relative 'cert'
+require_relative 'certreq'
+require_relative 'auth'
+require_relative 'ts'
+require_relative 'vendor_id'
+
+module PacketGen::Plugin
+  IKE.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+  IKE::Payload.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+  IKE::KE.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+  IKE::Nonce.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+  IKE::Notify.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+  IKE::SK.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+  IKE::IDi.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+  IKE::IDr.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+  IKE::Cert.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+  IKE::CertReq.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+  IKE::Auth.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+  IKE::TSi.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+  IKE::TSr.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+  IKE::VendorID.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
+
+  IKE.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+  IKE::Payload.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+  IKE::SA.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+  IKE::Nonce.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+  IKE::Notify.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+  IKE::SK.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+  IKE::IDi.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+  IKE::IDr.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+  IKE::Cert.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+  IKE::CertReq.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+  IKE::Auth.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+  IKE::TSi.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+  IKE::TSr.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+  IKE::VendorID.bind IKE::KE, next: IKE::KE::PAYLOAD_TYPE
+
+  IKE.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+  IKE::Payload.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+  IKE::SA.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+  IKE::KE.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+  IKE::Notify.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+  IKE::SK.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+  IKE::IDi.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+  IKE::IDr.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+  IKE::Cert.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+  IKE::CertReq.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+  IKE::Auth.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+  IKE::TSi.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+  IKE::TSr.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+  IKE::VendorID.bind IKE::Nonce, next: IKE::Nonce::PAYLOAD_TYPE
+
+  IKE.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::Payload.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::SA.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::KE.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::Nonce.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::Notify.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::SK.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::IDi.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::IDr.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::Cert.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::CertReq.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::Auth.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::TSi.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::TSr.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+  IKE::VendorID.bind IKE::Notify, next: IKE::Notify::PAYLOAD_TYPE
+
+  IKE.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+  IKE::Payload.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+  IKE::SA.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+  IKE::KE.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+  IKE::Nonce.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+  IKE::Notify.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+  IKE::IDi.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+  IKE::IDr.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+  IKE::Cert.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+  IKE::CertReq.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+  IKE::Auth.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+  IKE::TSi.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+  IKE::TSr.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+  IKE::VendorID.bind IKE::SK, next: IKE::SK::PAYLOAD_TYPE
+
+  IKE.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+  IKE::Payload.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+  IKE::SA.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+  IKE::KE.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+  IKE::Nonce.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+  IKE::Notify.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+  IKE::SK.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+  IKE::IDr.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+  IKE::Cert.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+  IKE::CertReq.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+  IKE::Auth.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+  IKE::TSi.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+  IKE::TSr.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+  IKE::VendorID.bind IKE::IDi, next: IKE::IDi::PAYLOAD_TYPE
+
+  IKE.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+  IKE::Payload.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+  IKE::SA.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+  IKE::KE.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+  IKE::Nonce.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+  IKE::Notify.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+  IKE::SK.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+  IKE::IDi.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+  IKE::Cert.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+  IKE::CertReq.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+  IKE::Auth.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+  IKE::TSi.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+  IKE::TSr.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+  IKE::VendorID.bind IKE::IDr, next: IKE::IDr::PAYLOAD_TYPE
+
+  IKE.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+  IKE::Payload.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+  IKE::SA.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+  IKE::KE.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+  IKE::Nonce.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+  IKE::Notify.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+  IKE::SK.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+  IKE::IDi.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+  IKE::IDr.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+  IKE::CertReq.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+  IKE::Auth.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+  IKE::TSi.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+  IKE::TSr.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+  IKE::VendorID.bind IKE::Cert, next: IKE::Cert::PAYLOAD_TYPE
+
+  IKE.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+  IKE::Payload.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+  IKE::SA.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+  IKE::KE.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+  IKE::Nonce.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+  IKE::Notify.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+  IKE::SK.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+  IKE::IDi.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+  IKE::IDr.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+  IKE::Cert.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+  IKE::Auth.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+  IKE::TSi.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+  IKE::TSr.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+  IKE::VendorID.bind IKE::CertReq, next: IKE::CertReq::PAYLOAD_TYPE
+
+  IKE.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+  IKE::Payload.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+  IKE::SA.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+  IKE::KE.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+  IKE::Nonce.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+  IKE::Notify.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+  IKE::SK.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+  IKE::IDi.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+  IKE::IDr.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+  IKE::Cert.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+  IKE::CertReq.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+  IKE::TSi.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+  IKE::TSr.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+  IKE::VendorID.bind IKE::Auth, next: IKE::Auth::PAYLOAD_TYPE
+
+  IKE.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+  IKE::Payload.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+  IKE::SA.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+  IKE::KE.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+  IKE::Nonce.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+  IKE::Notify.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+  IKE::SK.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+  IKE::IDi.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+  IKE::IDr.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+  IKE::Cert.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+  IKE::CertReq.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+  IKE::Auth.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+  IKE::TSr.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+  IKE::VendorID.bind IKE::TSi, next: IKE::TSi::PAYLOAD_TYPE
+
+  IKE.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+  IKE::Payload.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+  IKE::SA.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+  IKE::KE.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+  IKE::Nonce.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+  IKE::Notify.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+  IKE::SK.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+  IKE::IDi.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+  IKE::IDr.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+  IKE::Cert.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+  IKE::CertReq.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+  IKE::Auth.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+  IKE::TSi.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+  IKE::VendorID.bind IKE::TSr, next: IKE::TSr::PAYLOAD_TYPE
+
+  IKE.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+  IKE::Payload.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+  IKE::SA.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+  IKE::KE.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+  IKE::Nonce.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+  IKE::Notify.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+  IKE::SK.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+  IKE::IDi.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+  IKE::IDr.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+  IKE::Cert.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+  IKE::CertReq.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+  IKE::Auth.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+  IKE::TSi.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+  IKE::TSr.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
+
+  # Last defined. To be used as default if no other may be parsed.
+  IKE::SA.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::KE.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::Nonce.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::Notify.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::SK.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::IDi.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::IDr.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::Cert.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::CertReq.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::Auth.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::TSi.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::TSr.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::VendorID.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::Payload.bind IKE::Payload, next: ->(v) { v > 0 }
+end

data/lib/packetgen/plugin/ike/sa.rb

@@ -0,0 +1,494 @@
+# coding: utf-8
+# This file is part of IPsec packetgen plugin.
+# See https://github.com/sdaubert/packetgen-plugin-ipsec for more informations
+# Copyright (c) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+
+# frozen_string_literal: true
+
+module PacketGen
+  module Plugin
+    class IKE
+      # Transform attribute.
+      #                        1                   2                   3
+      #    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #   |A|       Attribute Type        |    AF=0  Attribute Length     |
+      #   |F|                             |    AF=1  Attribute Value      |
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #   |                   AF=0  Attribute Value                       |
+      #   |                   AF=1  Not Transmitted                       |
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      # Such an attribute may have a TLV (Type/length/value) format if AF=0,
+      # or a TV format (AF=1).
+      # @author Sylvain Daubert
+      class Attribute < PacketGen::Types::Fields
+        TYPE_KEY_LENGTH = 14
+
+        # @!attribute type
+        #  attribute type
+        #  @return [Integer]
+        define_field :type, PacketGen::Types::Int16
+        # @!attribute length
+        #  attribute length
+        #  @return [Integer]
+        define_field :length, PacketGen::Types::Int16
+        # @!attribute value
+        #  attribute value
+        #  @return [Integer]
+        define_field :value, PacketGen::Types::Int32, optional: ->(h) { !h.tv_format? }
+
+        def initialize(options={})
+          super
+          if tv_format?
+            self[:length].value = (options[:value] & 0xffff)
+          else
+            self[:length].value = 8 unless options[:length]
+          end
+        end
+
+        undef length, value
+
+        # @return [Integer]
+        def length
+          tv_format? ? 4 : self[:length].to_i
+        end
+
+        # @return [Integer]
+        def value
+          tv_format? ? self[:length].to_i : self[:value].to_i
+        end
+
+        # Get a human readable string
+        # @return [String]
+        def to_human
+          name = self.class.constants.grep(/TYPE_/)
+                     .detect { |c| self.class.const_get(c) == (type & 0x7fff) } || "attr[#{type & 0x7fff}]"
+          name = name.to_s.sub(/TYPE_/, '')
+          "#{name}=#{value}"
+        end
+
+        # Say if attribute use TV format (+true+) or TLV one (+false+)
+        # @return [Boolean]
+        def tv_format?
+          type & 0x8000 == 0x8000
+        end
+      end
+
+      # Set of {Attribute} in a {Transform}
+      # @author Sylvain Daubert
+      class Attributes < PacketGen::Types::Array
+        set_of Attribute
+      end
+
+      # SA Tranform substructure, as defined in RFC 7296 §3.3.2
+      #                        1                   2                   3
+      #    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #   | Last Substruc |   RESERVED    |        Transform Length       |
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #   |Transform Type |   RESERVED    |          Transform ID         |
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #   |                                                               |
+      #   ~                      Transform Attributes                     ~
+      #   |                                                               |
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #
+      # == Create a Transform
+      #  # using type and id names
+      #  trans = PacketGen::Plugin::IKE::Transform.new(type: 'ENCR', id: 'AES_CBC')
+      #  # using integer values
+      #  trans = PacketGen::Plugin::IKE::Transform.new(type: 1, id: 12)
+      # == Add attributes to a transform
+      #  # using an Attribute object
+      #  attr = PacketGen::Plugin::IKE::Attribute.new(type: 14, value: 128)
+      #  trans.attributes << attr
+      #  # using a hash
+      #  trans.attributes << { type: 14, value: 128 }
+      # @author Sylvain Daubert
+      class Transform < PacketGen::Types::Fields
+        TYPES = {
+          'ENCR' => 1,
+          'PRF'  => 2,
+          'INTG' => 3,
+          'DH'   => 4,
+          'ESN'  => 5
+        }.freeze
+
+        ENCR_DES_IV64          = 1
+        ENCR_DES               = 2
+        ENCR_3DES              = 3
+        ENCR_RC5               = 4
+        ENCR_IDEA              = 5
+        ENCR_CAST              = 6
+        ENCR_BLOWFISH          = 7
+        ENCR_3IDEA             = 8
+        ENCR_DES_IV32          = 9
+        ENCR_AES_CBC           = 12
+        ENCR_AES_CTR           = 13
+        ENCR_AES_CCM8          = 14
+        ENCR_AES_CCM12         = 15
+        ENCR_AES_CCM16         = 16
+        ENCR_AES_GCM8          = 18
+        ENCR_AES_GCM12         = 19
+        ENCR_AES_GCM16         = 20
+        ENCR_CAMELLIA_CBC      = 23
+        ENCR_CAMELLIA_CTR      = 24
+        ENCR_CAMELLIA_CCM8     = 25
+        ENCR_CAMELLIA_CCM12    = 26
+        ENCR_CAMELLIA_CCM16    = 27
+        ENCR_CHACHA20_POLY1305 = 28
+
+        PRF_HMAC_MD5      = 1
+        PRF_HMAC_SHA1     = 2
+        PRF_AES128_XCBC   = 4
+        PRF_HMAC_SHA2_256 = 5
+        PRF_HMAC_SHA2_384 = 6
+        PRF_HMAC_SHA2_512 = 7
+        PRF_AES128_CMAC   = 8
+
+        INTG_NONE              = 0
+        INTG_HMAC_MD5_96       = 1
+        INTG_HMAC_SHA1_96      = 2
+        INTG_AES_XCBC_96       = 5
+        INTG_HMAC_MD5_128      = 6
+        INTG_HMAC_SHA1_160     = 7
+        INTG_AES_CMAC_96       = 8
+        INTG_AES128_GMAC      = 9
+        INTG_AES192_GMAC      = 10
+        INTG_AES256_GMAC      = 11
+        INTG_HMAC_SHA2_256_128 = 12
+        INTG_HMAC_SHA2_384_192 = 13
+        INTG_HMAC_SHA2_512_256 = 14
+
+        DH_NONE          = 0
+        DH_MODP768       = 1
+        DH_MODP1024      = 2
+        DH_MODP1536      = 5
+        DH_MODP2048      = 14
+        DH_MODP3072      = 15
+        DH_MODP4096      = 16
+        DH_MODP6144      = 17
+        DH_MODP8192      = 18
+        DH_ECP256        = 19
+        DH_ECP384        = 20
+        DH_ECP521        = 21
+        DH_BRAINPOOLP224 = 27
+        DH_BRAINPOOLP256 = 28
+        DH_BRAINPOOLP384 = 29
+        DH_BRAINPOOLP512 = 30
+        DH_CURVE25519    = 31
+        DH_CURVE448      = 32
+
+        ESN_NO_ESN = 0
+        ESN_ESN    = 1
+
+        # @!attribute last
+        #  8-bit last substructure. Specifies whether or not this is the
+        #  last Transform Substructure in the Proposal. This field has a value of 0
+        #  if this was the last Transform Substructure, and a value of 3 if
+        #  there are more Transform Substructures.
+        #  @return [Integer]
+        define_field :last, PacketGen::Types::Int8
+        # @!attribute rsv1
+        #  8-bit reserved field
+        #  @return [Integer]
+        define_field :rsv1, PacketGen::Types::Int8
+        # @!attribute length
+        #  16-bit transform length
+        #  @return [Integer]
+        define_field :length, PacketGen::Types::Int16
+        # @!attribute [r] type
+        #  8-bit transform type. The Transform Type is the cryptographic
+        #  algorithm type (i.e. encryption, PRF, integrity, etc.)
+        #  @return [Integer]
+        define_field :type, PacketGen::Types::Int8Enum, enum: TYPES
+        # @!attribute rsv2
+        #  8-bit reserved field
+        #  @return [Integer]
+        define_field :rsv2, PacketGen::Types::Int8
+        # @!attribute [r] id
+        #  16-bit transform ID. The Transform ID is the specific instance of
+        #  the proposed transform type.
+        #  @return [Integer]
+        define_field :id, PacketGen::Types::Int16
+        # @!attribute attributes
+        #  Set of attributes for this transform
+        #  @return [Attributes]
+        define_field :attributes, Attributes, builder: ->(h, t) { t.new(length_from: -> { h.length - h.offset_of(:attributes) }) }
+
+        def initialize(options={})
+          super
+          self.type = options[:type] if options[:type]
+          self.id = options[:id] if options[:id]
+          self[:length].value = sz unless options[:length]
+        end
+
+        undef id=
+
+        # Set transform ID
+        # @param [Integer,String] value
+        # @return [Integer]
+        def id=(value)
+          id = case value
+               when Integer
+                 value
+               else
+                 c = self.class.constants.grep(/#{human_type}_#{value}/).first
+                 c ? self.class.const_get(c) : nil
+               end
+          raise ArgumentError, "unknown ID #{value.inspect}" unless id
+          self[:id].value = id
+        end
+
+        # Compute length and set {#length} field
+        # @return [Integer] new length
+        def calc_length
+          PacketGen::Header::Base.calculate_and_set_length self
+        end
+
+        # Get a human readable string
+        # @return [String]
+        def to_human
+          h = "#{human_type}(#{human_id}".dup
+          h << ",#{attributes.to_human}" unless attributes.empty?
+          h << ')'
+        end
+
+        # Get human-readable type
+        # @return [String]
+        def human_type
+          if self[:type].enum.value? self.type
+            self[:type].to_human
+          else
+            "type[#{self.type}]"
+          end
+        end
+
+        # Get human-readable ID
+        # @return [String]
+        def human_id
+          name = self.class.constants.grep(/#{human_type}_/)
+                     .detect { |c| self.class.const_get(c) == id } || "ID=#{id}"
+          name.to_s.sub(/#{human_type}_/, '')
+        end
+
+        # Say if this transform is the last one (from {#last} field)
+        # @return [Boolean,nil] returns a Boolean when {#last} has defined value (+0+ => +true+, +3+ => +false+), else +nil+ is returned.
+        def last?
+          case last
+          when 0
+            true
+          when 3
+            false
+          end
+        end
+      end
+
+      # Set of {Transform} in a {SAProposal}
+      # @author Sylvain Daubert
+      class Transforms < PacketGen::Types::Array
+        set_of Transform
+
+        # Same as {PacketGen::Types::Array#push} but update previous {Transform#last} attribute
+        # @see PacketGen::Types::Array#push
+        def push(trans)
+          super
+          self[-2].last = 3 if size > 1
+          self[-1].last = 0
+          self
+        end
+      end
+
+      # SA Proposal, as defined in RFC 7296 §3.3.1
+      #                          1                   2                   3
+      #      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+      #     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #     | Last Substruc |   RESERVED    |         Proposal Length       |
+      #     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #     | Proposal Num  |  Protocol ID  |    SPI Size   |Num  Transforms|
+      #     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #     ~                        SPI (variable)                         ~
+      #     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #     |                                                               |
+      #     ~                        <Transforms>                           ~
+      #     |                                                               |
+      #     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #
+      # == Create a proposal
+      #  # using protocol name
+      #  proposal = PacketGen::Plugin::IKE::Proposal.new(num: 1, protocol: 'IKE')
+      #  # using integer values
+      #  proposal = PacketGen::Plugin::IKE::Proposal.new(num: 1, protocol: 1)
+      # == Add transforms to a proposal
+      #  # using a Transform object
+      #  trans = PacketGen::Plugin::IKE::Transform.new(type: 'ENCR', id: '3DES')
+      #  proposal.transforms << trans
+      #  # using a hash
+      #  proposal.transforms << { type: 'ENCR', id: '3DES' }
+      # @author Sylvain Daubert
+      class SAProposal < PacketGen::Types::Fields
+        # @!attribute last
+        #  8-bit last substructure. Specifies whether or not this is the
+        #  last Proposal Substructure in the SA. This field has a value of 0
+        #  if this was the last Proposal Substructure, and a value of 2 if
+        #  there are more Proposal Substructures.
+        #  @return [Integer]
+        define_field :last, PacketGen::Types::Int8
+        # @!attribute reserved
+        #  8-bit reserved field
+        #  @return [Integer]
+        define_field :reserved, PacketGen::Types::Int8
+        # @!attribute length
+        #  16-bit proposal length
+        #  @return [Integer]
+        define_field :length, PacketGen::Types::Int16
+        # @!attribute num
+        #  8-bit proposal number. When a proposal is made, the first
+        #  proposal in an SA payload MUST be 1, and subsequent proposals MUST
+        #  be one more than the previous proposal (indicating an OR of the
+        #  two proposals).  When a proposal is accepted, the proposal number
+        #  in the SA payload MUST match the number on the proposal sent that
+        #  was accepted.
+        #  @return [Integer]
+        define_field :num, PacketGen::Types::Int8, default: 1
+        # @!attribute [r] protocol
+        #  8-bit protocol ID. Specify IPsec protocol currently negociated.
+        #  May 1 (IKE), 2 (AH) or 3 (ESP).
+        #  @return [Integer]
+        define_field :protocol, PacketGen::Types::Int8Enum, enum: PROTOCOLS
+        # @!attribute spi_size
+        #  8-bit SPI size. Give size of SPI field. Set to 0 for an initial IKE SA
+        #  negotiation, as SPI is obtained from outer Plugin.
+        #  @return [Integer]
+        define_field :spi_size, PacketGen::Types::Int8, default: 0
+        # @!attribute num_trans
+        #  8-bit number of transformations
+        #  @return [Integer]
+        define_field :num_trans, PacketGen::Types::Int8, default: 0
+        # @!attribute spi
+        #   the sending entity's SPI. When the {#spi_size} field is zero,
+        #   this field is not present in the proposal.
+        #   @return [String]
+        define_field :spi, PacketGen::Types::String, builder: ->(h, t) { t.new(length_from: h[:spi_size]) }
+        # @!attribute transforms
+        #  8-bit set of tranforms for this proposal
+        #  @return [Transforms]
+        define_field :transforms, Transforms, builder: ->(h, t) { t.new(counter: h[:num_trans]) }
+
+        def initialize(options={})
+          if options[:spi] && options[:spi_size].nil?
+            options[:spi_size] = options[:spi].size
+          end
+          super
+          self.length = sz unless options[:length]
+          self.protocol = options[:protocol] if options[:protocol]
+        end
+
+        # Compute length and set {#length} field
+        # @return [Integer] new length
+        def calc_length
+          transforms.each(&:calc_length)
+          PacketGen::Header::Base.calculate_and_set_length self
+        end
+
+        # Get a human readable string
+        # @return [String]
+        def to_human
+          str = "##{num} #{human_protocol}".dup
+          case spi_size
+          when 4
+            str << '(spi:0x%08x)' % PacketGen::Types::Int32.new.read(spi).to_i
+          when 8
+            str << '(spi:0x%016x)' % PacketGen::Types::Int64.new.read(spi).to_i
+          end
+          str << ":#{transforms.to_human}"
+        end
+
+        # Get protocol name
+        # @return [String]
+        def human_protocol
+          self[:protocol].to_human
+        end
+
+        # Say if this proposal is the last one (from {#last} field)
+        # @return [Boolean,nil] returns a Boolean when {#last} has defined value
+        #    (+0+ => +true+, +2+ => +false+), else +nil+ is returned.
+        def last?
+          case last
+          when 0
+            true
+          when 2
+            false
+          end
+        end
+      end
+
+      # Set of {SAProposal}
+      # @author Sylvain Daubert
+      class SAProposals < PacketGen::Types::Array
+        set_of SAProposal
+
+        # Separator used between proposals in {#to_human}
+        HUMAN_SEPARATOR = '; '
+
+        # Same as {PacketGen::Types::Array#push} but update previous {SAProposal#last} attribute
+        # @see PacketGen::Types::Array#push
+        def push(prop)
+          super
+          self[-2].last = 2 if size > 1
+          self[-1].last = 0
+          self
+        end
+      end
+
+      # This class handles Security Assocation payloads, as defined in RFC 7296 §3.3.
+      #
+      # A SA payload contains a generic payload Plugin (see {Payload}) and a set of
+      # {SAProposal} ({#proposals} field, which is a {SAProposals} object):
+      #                        1                   2                   3
+      #    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #   | Next Payload  |C|  RESERVED   |         Payload Length        |
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #   |                                                               |
+      #   ~                          <Proposals>                          ~
+      #   |                                                               |
+      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #
+      # == Create a SA payload
+      #   # Create a IKE packet with a SA payload
+      #   pkt = PacketGen.gen('IP').add('UDP').add('IKE').add('IKE::SA')
+      #   # add a proposal. Protocol name is taken from SAProposal::PROTO_* constants
+      #   pkt.ike_sa.proposals << { num: 1, protocol: 'ESP' }
+      #   # add a transform to this proposal.
+      #   # type name is taken from Transform::TYPE_* constants.
+      #   # ID is taken from Transform::<TYPE>_* constants.
+      #   pkt.ike_sa.proposals.first.transforms << { type: 'ENCR', id: 'AES_CTR' }
+      #   # and finally, add an attribute to this transform (here, KEY_SIZE = 128 bits)
+      #   pkt.ike_sa.proposals[0].transforms[0].attributes << { type: 0x800e, value: 128 }
+      #   pkt.calc_length
+      # @author Sylvain Daubert
+      class SA < Payload
+        # Payload type number
+        PAYLOAD_TYPE = 33
+
+        remove_field :content
+
+        # @!attribute proposals
+        #  Set of SA proposals
+        #  @return [SAProposals]
+        define_field_before :body, :proposals, SAProposals, builder: ->(h, t) { t.new(length_from: -> { h.length - h.offset_of(:proposals) }) }
+
+        # Compute length and set {#length} field
+        # @return [Integer] new length
+        def calc_length
+          proposals.each(&:calc_length)
+          super
+        end
+      end
+    end
+
+    Header.add_class IKE::SA
+  end
+end