packetgen-plugin-ipsec 1.0.2 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dd286b833bca903e5c88756962344db3e80d78d7c97d905547a4698903861fb4
-  data.tar.gz: edb09dcf8b3ed16776da97748567d3b57ec911f2239b61b7afb97d2741d4db4d
+  metadata.gz: 63e6c93595c3d2f6361e87c0c5dd6cf60a792fadf6f15ecd52a8fe38be56bf29
+  data.tar.gz: 7759ddd4bdb74e1b510db940114c38e89ac6865d803c8966ebbc2b80c7379f97
 SHA512:
-  metadata.gz: aa5b3e67ac032978a6a5f8618d48645ba5f750b300cd409e32d12d37de35ba25266cca409b677b7f90aabbf7737d8026398a702540435e1078bb12b86e3eb2ed
-  data.tar.gz: 3ea743b743d19223c39ce245239f183c1029a4f2abf1293cce75ede601e2c60d6e8cba86e867c7d514f5554c51499cb3bc3355b1d45a4616ddba13cf56000ae9
+  metadata.gz: dab304078f641492b8b6f431777ee1fc1a1a701d3351660ea276321cea9d6a3f00def177c6da41e30c76970f684a29a2e26558b90fa6e43527d41af7e9598235
+  data.tar.gz: 475aeb08d49dcbfd0c45c40181546c96c531f8d1772a253c64d3314337d65380b08d3c9a718e08c8c9aedc68396585e7e951c2e7a0013e2f503b3972367d38df

data/.github/workflows/specs.yml

@@ -0,0 +1,32 @@
+name: Specs
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest]
+        ruby: ['3.0', '3.1', '3.2', '3.3', '3.4']
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v4
+    - name: Install dependencies
+      run: sudo apt-get update -qq && sudo apt-get install libpcap-dev -qq
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+    - name: Install Gems
+      run: |
+        bundle config set path 'vendor/bundle'
+        bundle config set --local without noci
+        bundle install
+    - name: Run tests
+      run: |
+        bundle exec rake

data/.rubocop.yml

@@ -1,14 +1,39 @@
-TargetRubyVersion: 2.3
+plugins:
+  - rubocop-performance
+AllCops:
+  TargetRubyVersion: "3.0"
+  NewCops: enable
+  Exclude:
+    - .git/**/*
+    - spec/**/*
+    - vendor/**/*
+Layout/LineLength:
+  Enabled: false
 Layout/SpaceAroundEqualsInParameterDefault:
   EnforcedStyle: no_space
 Lint/EmptyWhen:
   Enabled: false
 Lint/Void:
   Enabled: false
-Metrics:
+Metrics/AbcSize:
+  Max: 20
+Metrics/ClassLength:
+  Max: 200
+Metrics/MethodLength:
+  Max: 20
+Metrics/ParameterLists:
+  MaxOptionalParameters: 4
+Naming/FileName:
+  Enabled: false
+Style/AccessModifierDeclarations:
   Enabled: false
 Style/AsciiComments:
   Enabled: false
+Style/ClassAndModuleChildren:
+  Enabled: false
+Style/Documentation:
+  # Too many false positives!
+  Enabled: false
 Style/Encoding:
   Enabled: false
 Style/EvalWithLocation:
@@ -16,7 +41,7 @@ Style/EvalWithLocation:
 Style/FormatString:
   EnforcedStyle: percent
 Style/FormatStringToken:
-  EnforcedStyle: unannotated
+  MaxUnannotatedPlaceholdersAllowed: 3
 Style/PerlBackrefs:
   Enabled: false
 Style/RedundantSelf:

data/Gemfile

@@ -1,3 +1,21 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 gemspec
+
+gem 'bundler', '>= 1.17', '< 3'
+
+group :development do
+  gem 'rake', '~>13.0', require: false
+  gem 'rspec', '~>3.13'
+end
+
+group :noci do
+  gem 'rubocop', '~> 1.12', require: false
+  gem 'rubocop-performance', '~> 1.13', require: false
+  gem 'ruby-lsp', require: false
+  gem 'ruby-lsp-rspec', require: false
+  gem 'simplecov', '~> 0.21', require: false
+  gem 'yard', '~> 0.9', require: false
+end

data/README.md

@@ -3,13 +3,15 @@
 
 # packetgen-plugin-ipsec
 
-**Warning:** this repository is a work-in-progress. It will be available with packetgen3.
-
 This is a plugin for [PacketGen gem](https://github.com/sdaubert/packetgen). It adds two protocols:
 
 * `PacketGen::Plugin::ESP`: IP Encapsulating Security Payload ([RFC 4303](https://tools.ietf.org/html/rfc4303)),
 * `PacketGen::Plugin::IKE`: Internet Key Exchange v2 ([RFC 7296](https://tools.ietf.org/html/rfc7296)).
 
+Versions 1.0.x are compatible with PacketGen 3.x.
+
+Versions 1.1.x are compatible with PacketGen 4.x.
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -20,11 +22,15 @@ gem 'packetgen-plugin-ipsec'
 
 And then execute:
 
-    $ bundle
+```bash
+bundle
+```
 
 Or install it yourself as:
 
-    $ gem install packetgen-plugin-ipsec
+```bash
+gem install packetgen-plugin-ipsec
+```
 
 ## Usage
 
@@ -86,7 +92,7 @@ pkt.to_w
 
 ## See also
 
-API documentation: http://www.rubydoc.info/gems/packetgen-plugin-ipsec
+API documentation: <http://www.rubydoc.info/gems/packetgen-plugin-ipsec>
 
 ## License
 
@@ -94,4 +100,4 @@ MIT License (see [LICENSE](https://github.com/sdaubert/packetgen-plugin-ipsec/bl
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/sdaubert/packetgen-plugin-ipsec.
+Bug reports and pull requests are welcome on GitHub at <https://github.com/sdaubert/packetgen-plugin-ipsec>.

data/Rakefile

@@ -1,13 +1,19 @@
+# frozen_string_literal: true
 
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
-require 'yard'
 
 task default: :spec
 
 RSpec::Core::RakeTask.new
 
-YARD::Rake::YardocTask.new do |t|
-  t.options = ['--no-private']
-  t.files = ['lib/**/*.rb', '-', 'LICENSE']
+begin
+  require 'yard'
+
+  YARD::Rake::YardocTask.new do |t|
+    t.options = ['--no-private']
+    t.files = ['lib/**/*.rb', '-', 'LICENSE']
+  end
+rescue LoadError
+  # no yard, so no yard task
 end

data/lib/packetgen/plugin/crypto.rb

@@ -1,11 +1,11 @@
 # coding: utf-8
+# frozen_string_literal: true
+
 # This file is part of IPsec packetgen plugin.
 # See https://github.com/sdaubert/packetgen-plugin-ipsec for more informations
 # Copyright (c) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
 
-# frozen_string_literal: true
-
 module PacketGen::Plugin
   # Mixin for cryptographic classes
   # @api private
@@ -22,6 +22,7 @@ module PacketGen::Plugin
       @conf = conf
       @intg = intg
       return unless conf.authenticated?
+
       # #auth_tag_len only supported from ruby 2.4.0
       @conf.auth_tag_len = @trunc if @conf.respond_to? :auth_tag_len
     end
@@ -31,6 +32,7 @@ module PacketGen::Plugin
     def confidentiality_mode
       mode = @conf.name.match(/-([^-]*)$/)[1]
       raise Error, 'unknown cipher mode' if mode.nil?
+
       mode.downcase
     end
 
@@ -59,7 +61,7 @@ module PacketGen::Plugin
     # @return [String] enciphered data
     def encipher(data)
       enciphered_data = @conf.update(data)
-      @intg.update(enciphered_data) if @intg
+      @intg&.update(enciphered_data)
       enciphered_data
     end
 
@@ -67,8 +69,40 @@ module PacketGen::Plugin
     # @param [String] data
     # @return [String] deciphered data
     def decipher(data)
-      @intg.update(data) if @intg
+      @intg&.update(data)
       @conf.update(data)
     end
+
+    # Compute and set IV for deciphering mode
+    # @param [BinStruct::String] salt
+    # @param [String] msg ciphered message
+    # @return [String] iv
+    def compute_iv_for_decrypting(salt, msg)
+      case confidentiality_mode
+      when 'gcm'
+        iv = msg.slice!(0, 8)
+        real_iv = salt + iv
+      when 'cbc'
+        @conf.padding = 0
+        real_iv = iv = msg.slice!(0, 16)
+      when 'ctr'
+        iv = msg.slice!(0, 8)
+        real_iv = salt + iv + [1].pack('N')
+      else
+        real_iv = iv = msg.slice!(0, 16)
+      end
+      @conf.iv = real_iv
+      iv
+    end
+
+    # Compute and set real IV for ciphering mode
+    # @param [String] iv IV to use
+    # @param [String] salt salt to use
+    # @return [void]
+    def compute_iv_for_encrypting(iv, salt) # rubocop:disable Naming/MethodParameterName
+      real_iv = salt.b + iv.b
+      real_iv += [1].pack('N') if confidentiality_mode == 'ctr'
+      @conf.iv = real_iv
+    end
   end
 end