packetgen-plugin-ipsec 1.0.3 → 1.1.0

data/lib/packetgen/plugin/ike/auth.rb

@@ -53,11 +53,11 @@ module PacketGen::Plugin
       # @attribute [r] auth_method
       #   8-bit Auth Method
       #   @return [Integer]
-      define_field_before :content, :auth_method, PacketGen::Types::Int8Enum, enum: METHODS
+      define_attr_before :content, :auth_method, BinStruct::Int8Enum, enum: METHODS
       # @attribute reserved
       #   24-bit reserved field
       #   @return [Integer]
-      define_field_before :content, :reserved, PacketGen::Types::Int24
+      define_attr_before :content, :reserved, BinStruct::Int24
 
       # Check authentication (see RFC 7296 §2.15)
       # @param [Packet] init_msg first IKE message sent by peer
@@ -73,49 +73,17 @@ module PacketGen::Plugin
       #   supported.
       # @note For certificates, only check AUTH authenticity with given (or guessed
       #   from packet) certificate, but certificate chain is not verified.
-      def check?(init_msg: nil, nonce: '', sk_p: '', prf: 1, shared_secret: '',
+      def check?(init_msg: nil, nonce: '', sk_p: '', prf: 1, shared_secret: '', # rubocop:disable Metrics/ParameterLists
                  cert: nil)
         raise TypeError, 'init_msg should be a Packet' unless init_msg.is_a?(PacketGen::Packet)
 
-        signed_octets = init_msg.ike.to_s
-        signed_octets << nonce
-        id = packet.ike.flag_i? ? packet.ike_idi : packet.ike_idr
-        signed_octets << prf(prf, sk_p, id.to_s[4, id.length - 4])
-
+        signed_octets = build_signed_octets(init_msg, nonce, sk_p, prf)
         case auth_method
         when METHODS['SHARED_KEY']
-          auth = prf(prf(shared_secret, 'Key Pad for IKEv2'), signed_octets)
-          auth == content
+          check_shared_key?(shared_secret, signed_octets)
         when METHODS['RSA_SIGNATURE'], METHODS['ECDSA256'], METHODS['ECDSA384'],
              METHODS['ECDSA512']
-          if packet.ike_cert
-            # FIXME: Expect a ENCODING_X509_CERT_SIG
-            #        Others types not supported for now...
-            cert = OpenSSL::X509::Certificate.new(packet.ike_cert.content)
-          elsif cert.nil?
-            raise CryptoError, 'a certificate should be provided'
-          end
-
-          text = cert.to_text
-          m = text.match(/Public Key Algorithm: ([a-zA-Z0-9-]+)/)
-          digest = case m[1]
-                   when 'id-ecPublicKey'
-                     m2 = text.match(/Public-Key: \((\d+) bit\)/)
-                     case m2[1]
-                     when '256'
-                       OpenSSL::Digest::SHA256.new
-                     when '384'
-                       OpenSSL::Digest::SHA384.new
-                     when '521'
-                       OpenSSL::Digest::SHA512.new
-                     end
-                   when /sha([235]\d+)/
-                     OpenSSL::Digest.const_get("SHA#{$1}").new
-                   when /sha1/, 'rsaEncryption'
-                     OpenSSL::Digest::SHA1.new
-                   end
-          signature = format_signature(cert.public_key, content.to_s)
-          cert.public_key.verify(digest, signature, signed_octets)
+          check_signature?(cert, signed_octets)
         when METHOD_NULL
           true
         else
@@ -131,6 +99,13 @@ module PacketGen::Plugin
 
       private
 
+      def build_signed_octets(init_msg, nonce, sk_p, prf)
+        signed_octets = init_msg.ike.to_s
+        signed_octets << nonce
+        id = packet.ike.flag_i? ? packet.ike_idi : packet.ike_idr
+        signed_octets << prf(prf, sk_p, id.to_s[4, id.length - 4])
+      end
+
       def prf(type, key, msg)
         case type
         when Transform::PRF_HMAC_MD5, Transform::PRF_HMAC_SHA1,
@@ -138,7 +113,7 @@ module PacketGen::Plugin
              Transform::PRF_HMAC_SHA2_512
           digestname = Transform.constants.grep(/PRF_/)
                                 .detect { |c| Transform.const_get(c) == type }
-                                .to_s.sub(/^PRF_HMAC_/, '').sub(/2_/, '')
+                                .to_s.sub(/^PRF_HMAC_/, '').sub('2_', '')
           digest = OpenSSL::Digest.const_get(digestname).new
         else
           raise NotImplementedError, 'for now, only HMAC-based PRF are supported'
@@ -148,6 +123,44 @@ module PacketGen::Plugin
         hmac.digest
       end
 
+      def check_shared_key?(shared_secret, signed_octets)
+        auth = prf(prf(shared_secret, 'Key Pad for IKEv2'), signed_octets)
+        auth == content
+      end
+
+      def check_signature?(cert, signed_octets)
+        if packet.ike_cert
+          # FIXME: Expect a ENCODING_X509_CERT_SIG
+          #        Others types not supported for now...
+          cert = OpenSSL::X509::Certificate.new(packet.ike_cert.content)
+        elsif cert.nil?
+          raise CryptoError, 'a certificate should be provided'
+        end
+
+        text = cert.to_text
+        digest = build_digest_object(text)
+        signature = format_signature(cert.public_key, content.to_s)
+        cert.public_key.verify(digest, signature, signed_octets)
+      end
+
+      def build_digest_object(text)
+        m = text.match(/Public Key Algorithm: ([a-zA-Z0-9-]+)/)
+        case m[1]
+        when 'id-ecPublicKey'
+          m2 = text.match(/Public-Key: \((\d+) bit\)/)
+          case m2[1]
+          when '256', '384'
+            OpenSSL::Digest.new("SHA#{m2[1]}")
+          when '521'
+            OpenSSL::Digest.new(SHA512)
+          end
+        when /sha([235]\d+)/
+          OpenSSL::Digest.new("SHA#{$1}")
+        when /sha1/, 'rsaEncryption'
+          OpenSSL::Digest.new('SHA1')
+        end
+      end
+
       def format_signature(pkey, sig)
         if pkey.is_a?(OpenSSL::PKey::EC)
           # PKey::EC need a signature as a DER string representing a sequence of

data/lib/packetgen/plugin/ike/cert.rb

@@ -56,7 +56,7 @@ module PacketGen::Plugin
       # @attribute encoding
       #   8-bit certificate encoding
       #   @return [Integer]
-      define_field_before :content, :encoding, PacketGen::Types::Int8Enum, enum: ENCODINGS
+      define_attr_before :content, :encoding, BinStruct::Int8Enum, enum: ENCODINGS
 
       def initialize(options={})
         super

data/lib/packetgen/plugin/ike/certreq.rb

@@ -55,7 +55,7 @@ module PacketGen::Plugin
           next unless attr == :content
 
           str = PacketGen::Inspect.shift_level
-          str << PacketGen::Inspect::FMT_ATTR % ['hashes', :content, human_content]
+          str << (PacketGen::Inspect::FMT_ATTR % ['hashes', :content, human_content])
         end
       end
     end

data/lib/packetgen/plugin/ike/id.rb

@@ -41,23 +41,23 @@ module PacketGen::Plugin
 
       # ID types
       TYPES = {
-        'IPV4_ADDR'   => 1,
-        'FQDN'        => 2,
+        'IPV4_ADDR' => 1,
+        'FQDN' => 2,
         'RFC822_ADDR' => 3,
-        'IPV6_ADDR'   => 5,
+        'IPV6_ADDR' => 5,
         'DER_ASN1_DN' => 9,
         'DER_ASN1_GN' => 10,
-        'KEY_ID'      => 11
+        'KEY_ID' => 11
       }.freeze
 
       # @attribute [r] type
       #   8-bit ID type
       #   @return [Integer]
-      define_field_before :content, :type, PacketGen::Types::Int8Enum, enum: TYPES
+      define_attr_before :content, :type, BinStruct::Int8Enum, enum: TYPES
       # @attribute reserved
       #   24-bit reserved field
       #   @return [Integer]
-      define_field_before :content, :reserved, PacketGen::Types::Int24
+      define_attr_before :content, :reserved, BinStruct::Int24
 
       # Get ID type name
       # @return [String]
@@ -69,7 +69,7 @@ module PacketGen::Plugin
       # @return [String]
       def human_content
         case type
-        when TYPES['IPV4_ADDR'], TYPES['IPV4_ADDR']
+        when TYPES['IPV4_ADDR'], TYPES['IPV6_ADDR']
           IPAddr.ntop(content)
         when TYPES['DER_ASN1_DN'], TYPES['DER_ASN1_GN']
           OpenSSL::X509::Name.new(content).to_s
@@ -77,7 +77,6 @@ module PacketGen::Plugin
           content.inspect
         end
       end
-
     end
 
     # This class handles Identification - Responder payloads, denoted IDr.

data/lib/packetgen/plugin/ike/ke.rb

@@ -24,9 +24,9 @@ module PacketGen::Plugin
     #   |                                                               |
     #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     # These specific fields are:
-    # * {#group_num} (type {PacketGen::Types::Int16}),
-    # * {#reserved} (type {PacketGen::Types::Int16}),
-    # * and {#content} (type {PacketGen::Types::String}).
+    # * {#group_num} (type {BinStruct::Int16}),
+    # * {#reserved} (type {BinStruct::Int16}),
+    # * and {#content} (type {BinStruct::String}).
     #
     # == Create a KE payload
     #   # Create a IKE packet with a KE payload
@@ -44,11 +44,11 @@ module PacketGen::Plugin
       # @!attribute group_num
       #  16-bit DH group number
       #  @return [Integer]
-      define_field_before :content, :group_num, PacketGen::Types::Int16
+      define_attr_before :content, :group_num, BinStruct::Int16
       # @!attribute reserved
       #  16-bit reserved field
       #  @return [Integer]
-      define_field_before :content, :reserved, PacketGen::Types::Int16, default: 0
+      define_attr_before :content, :reserved, BinStruct::Int16, default: 0
 
       def initialize(options={})
         super
@@ -68,6 +68,7 @@ module PacketGen::Plugin
                   Transform.const_defined?(cname) ? Transform.const_get(cname) : nil
                 end
         raise ArgumentError, "unknown group #{value.inspect}" unless group
+
         self[:group_num].value = group
       end
     end

data/lib/packetgen/plugin/ike/nonce.rb

@@ -11,7 +11,7 @@ module PacketGen::Plugin
     # This class handles Nonce payloads, as defined in RFC 7296 §3.9.
     #
     # A Nonce payload contains a generic payload Plugin (see {Payload}) and
-    # data field (type {PacketGen::Types::String}):
+    # data field (type {BinStruct::String}):
     #                        1                   2                   3
     #    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

data/lib/packetgen/plugin/ike/notify.rb

@@ -28,11 +28,11 @@ module PacketGen::Plugin
     #   |                                                               |
     #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     # These specific fields are:
-    # * {#protocol} (type {PacketGen::Types::Int8}),
-    # * {#spi_size} (type {PacketGen::Types::Int8}),
-    # * {#message_type} (type {PacketGen::Types::Int16}),
-    # * {#spi} (type {PacketGen::Types::String}),
-    # * {#content} (type {PacketGen::Types::String}).
+    # * {#protocol} (type {BinStruct::Int8}),
+    # * {#spi_size} (type {BinStruct::Int8}),
+    # * {#message_type} (type {BinStruct::Int16}),
+    # * {#spi} (type {BinStruct::String}),
+    # * {#content} (type {BinStruct::String}).
     #
     # == Create a Notify payload
     #   # Create a IKE packet with a Notify payload
@@ -43,7 +43,7 @@ module PacketGen::Plugin
     # == Create a Notify payload with a SPI
     #   # Create a IKE packet with a Notify payload
     #   pkt = PacketGen.gen('IP').add('UDP').add('IKE').add('IKE::Notify', protocol: 'ESP', spi_size: 4, type: 'INVALID_SYNTAX')
-    #   pkt.ike_notify.spi.read PacketGen::Types::Int32.new(0x12345678).to_s
+    #   pkt.ike_notify.spi.read BinStruct::Int32.new(0x12345678).to_s
     #   pkt.calc_length
     #   @author Sylvain Daubert
     class Notify < Payload
@@ -93,7 +93,7 @@ module PacketGen::Plugin
       #  CHILD_SA_NOT_FOUND.  If the SPI field is empty, this field MUST be
       #  sent as zero and MUST be ignored on receipt.
       #  @return [Integer]
-      define_field_before :content, :protocol, PacketGen::Types::Int8Enum, enum: PROTOCOLS
+      define_attr_before :content, :protocol, BinStruct::Int8Enum, enum: PROTOCOLS
       # @!attribute spi_size
       #  8-bit SPI size. Give size of SPI field. Length in octets of the SPI as
       #  defined by the IPsec protocol ID or zero if no SPI is applicable. For a
@@ -101,17 +101,17 @@ module PacketGen::Plugin
       #  the field must be empty.Set to 0 for an initial IKE SA
       #  negotiation, as SPI is obtained from outer Plugin.
       #  @return [Integer]
-      define_field_before :content, :spi_size, PacketGen::Types::Int8, default: 0
+      define_attr_before :content, :spi_size, BinStruct::Int8, default: 0
       # @!attribute message_type
       #  16-bit notify message type. Specifies the type of notification message.
       #  @return [Integer]
-      define_field_before :content, :message_type, PacketGen::Types::Int16Enum, enum: TYPES, default: 0
+      define_attr_before :content, :message_type, BinStruct::Int16Enum, enum: TYPES, default: 0
       # @!attribute spi
       #   the sending entity's SPI. When the {#spi_size} field is zero,
       #   this field is not present in the proposal.
       #   @return [String]
-      define_field_before :content, :spi, PacketGen::Types::String,
-                          builder: ->(h, t) { t.new(length_from: h[:spi_size]) }
+      define_attr_before :content, :spi, BinStruct::String,
+                         builder: ->(h, t) { t.new(length_from: h[:spi_size]) }
 
       alias type message_type
 
@@ -144,8 +144,7 @@ module PacketGen::Plugin
           next unless attr == :protocol
 
           str = PacketGen::Inspect.shift_level
-          str << PacketGen::Inspect::FMT_ATTR % [self[attr].class.to_s.sub(/.*::/, ''), attr,
-                                      human_protocol]
+          str << (PacketGen::Inspect::FMT_ATTR % [self[attr].class.to_s.sub(/.*::/, ''), attr, human_protocol])
         end
       end
     end

data/lib/packetgen/plugin/ike/payload.rb

@@ -30,42 +30,40 @@ module PacketGen::Plugin
       # @!attribute next
       #  8-bit next payload
       #  @return [Integer]
-      define_field :next, PacketGen::Types::Int8
+      define_attr :next, BinStruct::Int8
       # @!attribute flags
       #  8-bit flags
       #  @return [Integer]
-      define_field :flags, PacketGen::Types::Int8
+      # @!attribute critical
+      #  critical flag
+      #  @return [Boolean]
+      # @!attribute hreserved
+      #  reserved part of {#flags} field
+      #  @return [Integer]
+      define_bit_attr :flags, critical: 1, hreserved: 7
       # @!attribute length
       #  16-bit payload total length, including generic payload Plugin
       #  @return [Integer]
-      define_field :length, PacketGen::Types::Int16
+      define_attr :length, BinStruct::Int16
       # @!attribute content
       #  Payload content. Depends on payload. Variable length.
       #  @return [String]
-      define_field :content, PacketGen::Types::String, builder: ->(h, t) { t.new(length_from: -> { h.length - h.offset_of(:content) }) }
+      define_attr :content, BinStruct::String, builder: ->(h, t) { t.new(length_from: -> { h.length - h.offset_of(:content) }) }
 
       # Defining a body permits using Packet#parse to parse next IKE payloads.
-      define_field :body, PacketGen::Types::String
-
-      # @!attribute critical
-      #  critical flag
-      #  @return [Boolean]
-      # @!attribute hreserved
-      #  reserved part of {#flags} field
-      #  @return [Integer]
-      define_bit_fields_on :flags, :critical, :hreserved, 7
+      define_attr :body, BinStruct::String
 
       def initialize(options={})
         super
         if options[:content]
-          self[:content] = PacketGen::Types::String.new
+          self[:content] = BinStruct::String.new
           self[:content].read options[:content]
         end
         calc_length unless options[:length]
       end
 
-        # Compute length and set {#length} field
-        # @return [Integer] new length
+      # Compute length and set {#length} field
+      # @return [Integer] new length
       def calc_length
         # Here, #body is next payload, so body size should not be taken in
         # account (payload's real body is #content).
@@ -89,7 +87,7 @@ require_relative 'auth'
 require_relative 'ts'
 require_relative 'vendor_id'
 
-module PacketGen::Plugin
+module PacketGen::Plugin # rubocop:disable Metrics/ModuleLength
   IKE.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
   IKE::Payload.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
   IKE::KE.bind IKE::SA, next: IKE::SA::PAYLOAD_TYPE
@@ -287,19 +285,19 @@ module PacketGen::Plugin
   IKE::TSr.bind IKE::VendorID, next: IKE::VendorID::PAYLOAD_TYPE
 
   # Last defined. To be used as default if no other may be parsed.
-  IKE::SA.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE::KE.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE::Nonce.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE::Notify.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE::SK.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE::IDi.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE::IDr.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE::Cert.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE::CertReq.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE::Auth.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE::TSi.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE::TSr.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE::VendorID.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE.bind IKE::Payload, next: ->(v) { v > 0 }
-  IKE::Payload.bind IKE::Payload, next: ->(v) { v > 0 }
+  IKE::SA.bind IKE::Payload, next: lambda(&:positive?)
+  IKE::KE.bind IKE::Payload, next: lambda(&:positive?)
+  IKE::Nonce.bind IKE::Payload, next: lambda(&:positive?)
+  IKE::Notify.bind IKE::Payload, next: lambda(&:positive?)
+  IKE::SK.bind IKE::Payload, next: lambda(&:positive?)
+  IKE::IDi.bind IKE::Payload, next: lambda(&:positive?)
+  IKE::IDr.bind IKE::Payload, next: lambda(&:positive?)
+  IKE::Cert.bind IKE::Payload, next: lambda(&:positive?)
+  IKE::CertReq.bind IKE::Payload, next: lambda(&:positive?)
+  IKE::Auth.bind IKE::Payload, next: lambda(&:positive?)
+  IKE::TSi.bind IKE::Payload, next: lambda(&:positive?)
+  IKE::TSr.bind IKE::Payload, next: lambda(&:positive?)
+  IKE::VendorID.bind IKE::Payload, next: lambda(&:positive?)
+  IKE.bind IKE::Payload, next: lambda(&:positive?)
+  IKE::Payload.bind IKE::Payload, next: lambda(&:positive?)
 end

data/lib/packetgen/plugin/ike/sa.rb

@@ -21,22 +21,22 @@ module PacketGen::Plugin
     # Such an attribute may have a TLV (Type/length/value) format if AF=0,
     # or a TV format (AF=1).
     # @author Sylvain Daubert
-    class Attribute < PacketGen::Types::Fields
+    class Attribute < BinStruct::Struct
       # KeyLength attribute type
       TYPE_KEY_LENGTH = 14
 
       # @!attribute type
       #  attribute type
       #  @return [Integer]
-      define_field :type, PacketGen::Types::Int16
+      define_attr :type, BinStruct::Int16
       # @!attribute length
       #  attribute length
       #  @return [Integer]
-      define_field :length, PacketGen::Types::Int16
+      define_attr :length, BinStruct::Int16
       # @!attribute value
       #  attribute value
       #  @return [Integer]
-      define_field :value, PacketGen::Types::Int32, optional: ->(h) { !h.tv_format? }
+      define_attr :value, BinStruct::Int32, optional: ->(h) { !h.tv_format? }
 
       def initialize(options={})
         super
@@ -64,7 +64,7 @@ module PacketGen::Plugin
       def to_human
         name = self.class.constants.grep(/TYPE_/)
                    .detect { |c| self.class.const_get(c) == (type & 0x7fff) } || "attr[#{type & 0x7fff}]"
-        name = name.to_s.sub(/TYPE_/, '')
+        name = name.to_s.sub('TYPE_', '')
         "#{name}=#{value}"
       end
 
@@ -77,7 +77,7 @@ module PacketGen::Plugin
 
     # Set of {Attribute} in a {Transform}
     # @author Sylvain Daubert
-    class Attributes < PacketGen::Types::Array
+    class Attributes < BinStruct::Array
       set_of Attribute
     end
 
@@ -102,11 +102,11 @@ module PacketGen::Plugin
     # == Add attributes to a transform
     #  # using an Attribute object
     #  attr = PacketGen::Plugin::IKE::Attribute.new(type: 14, value: 128)
-    #  trans.attributes << attr
+    #  trans.tattributes << attr
     #  # using a hash
-    #  trans.attributes << { type: 14, value: 128 }
+    #  trans.tattributes << { type: 14, value: 128 }
     # @author Sylvain Daubert
-    class Transform < PacketGen::Types::Fields
+    class Transform < BinStruct::Struct
       # Transform types
       TYPES = {
         'ENCR' => 1,
@@ -253,33 +253,33 @@ module PacketGen::Plugin
       #  if this was the last Transform Substructure, and a value of 3 if
       #  there are more Transform Substructures.
       #  @return [Integer]
-      define_field :last, PacketGen::Types::Int8
+      define_attr :last, BinStruct::Int8
       # @!attribute rsv1
       #  8-bit reserved field
       #  @return [Integer]
-      define_field :rsv1, PacketGen::Types::Int8
+      define_attr :rsv1, BinStruct::Int8
       # @!attribute length
       #  16-bit transform length
       #  @return [Integer]
-      define_field :length, PacketGen::Types::Int16
+      define_attr :length, BinStruct::Int16
       # @!attribute [r] type
       #  8-bit transform type. The Transform Type is the cryptographic
       #  algorithm type (i.e. encryption, PRF, integrity, etc.)
       #  @return [Integer]
-      define_field :type, PacketGen::Types::Int8Enum, enum: TYPES
+      define_attr :type, BinStruct::Int8Enum, enum: TYPES
       # @!attribute rsv2
       #  8-bit reserved field
       #  @return [Integer]
-      define_field :rsv2, PacketGen::Types::Int8
+      define_attr :rsv2, BinStruct::Int8
       # @!attribute [r] id
       #  16-bit transform ID. The Transform ID is the specific instance of
       #  the proposed transform type.
       #  @return [Integer]
-      define_field :id, PacketGen::Types::Int16
-      # @!attribute attributes
+      define_attr :id, BinStruct::Int16
+      # @!attribute tattributes
       #  Set of attributes for this transform
       #  @return [Attributes]
-      define_field :attributes, Attributes, builder: ->(h, t) { t.new(length_from: -> { h.length - h.offset_of(:attributes) }) }
+      define_attr :tattributes, Attributes, builder: ->(h, t) { t.new(length_from: -> { h.length - h.offset_of(:tattributes) }) }
 
       def initialize(options={})
         super
@@ -315,8 +315,8 @@ module PacketGen::Plugin
       # Get a human readable string
       # @return [String]
       def to_human
-        h = +"#{human_type}(#{human_id}"
-        h << ",#{attributes.to_human}" unless attributes.empty?
+        h = "#{human_type}(#{human_id}"
+        h << ",#{tattributes.to_human}" unless tattributes.empty?
 
         h << ')'
       end
@@ -353,11 +353,11 @@ module PacketGen::Plugin
 
     # Set of {Transform} in a {SAProposal}
     # @author Sylvain Daubert
-    class Transforms < PacketGen::Types::Array
+    class Transforms < BinStruct::Array
       set_of Transform
 
-      # Same as {PacketGen::Types::Array#push} but update previous {Transform#last} attribute
-      # @see PacketGen::Types::Array#push
+      # Same as {BinStruct::Array#push} but update previous {Transform#last} attribute
+      # @see BinStruct::Array#push
       def push(trans)
         super
         self[-2].last = 3 if size > 1
@@ -393,22 +393,22 @@ module PacketGen::Plugin
     #  # using a hash
     #  proposal.transforms << { type: 'ENCR', id: '3DES' }
     # @author Sylvain Daubert
-    class SAProposal < PacketGen::Types::Fields
+    class SAProposal < BinStruct::Struct
       # @!attribute last
       #  8-bit last substructure. Specifies whether or not this is the
       #  last Proposal Substructure in the SA. This field has a value of 0
       #  if this was the last Proposal Substructure, and a value of 2 if
       #  there are more Proposal Substructures.
       #  @return [Integer]
-      define_field :last, PacketGen::Types::Int8
+      define_attr :last, BinStruct::Int8
       # @!attribute reserved
       #  8-bit reserved field
       #  @return [Integer]
-      define_field :reserved, PacketGen::Types::Int8
+      define_attr :reserved, BinStruct::Int8
       # @!attribute length
       #  16-bit proposal length
       #  @return [Integer]
-      define_field :length, PacketGen::Types::Int16
+      define_attr :length, BinStruct::Int16
       # @!attribute num
       #  8-bit proposal number. When a proposal is made, the first
       #  proposal in an SA payload MUST be 1, and subsequent proposals MUST
@@ -417,30 +417,30 @@ module PacketGen::Plugin
       #  in the SA payload MUST match the number on the proposal sent that
       #  was accepted.
       #  @return [Integer]
-      define_field :num, PacketGen::Types::Int8, default: 1
+      define_attr :num, BinStruct::Int8, default: 1
       # @!attribute [r] protocol
       #  8-bit protocol ID. Specify IPsec protocol currently negociated.
       #  May 1 (IKE), 2 (AH) or 3 (ESP).
       #  @return [Integer]
-      define_field :protocol, PacketGen::Types::Int8Enum, enum: PROTOCOLS
+      define_attr :protocol, BinStruct::Int8Enum, enum: PROTOCOLS
       # @!attribute spi_size
       #  8-bit SPI size. Give size of SPI field. Set to 0 for an initial IKE SA
       #  negotiation, as SPI is obtained from outer Plugin.
       #  @return [Integer]
-      define_field :spi_size, PacketGen::Types::Int8, default: 0
+      define_attr :spi_size, BinStruct::Int8, default: 0
       # @!attribute num_trans
       #  8-bit number of transformations
       #  @return [Integer]
-      define_field :num_trans, PacketGen::Types::Int8, default: 0
+      define_attr :num_trans, BinStruct::Int8, default: 0
       # @!attribute spi
       #   the sending entity's SPI. When the {#spi_size} field is zero,
       #   this field is not present in the proposal.
       #   @return [String]
-      define_field :spi, PacketGen::Types::String, builder: ->(h, t) { t.new(length_from: h[:spi_size]) }
+      define_attr :spi, BinStruct::String, builder: ->(h, t) { t.new(length_from: h[:spi_size]) }
       # @!attribute transforms
       #  8-bit set of tranforms for this proposal
       #  @return [Transforms]
-      define_field :transforms, Transforms, builder: ->(h, t) { t.new(counter: h[:num_trans]) }
+      define_attr :transforms, Transforms, builder: ->(h, t) { t.new(counter: h[:num_trans]) }
 
       def initialize(options={})
         options[:spi_size] = options[:spi].size if options[:spi] && options[:spi_size].nil?
@@ -459,12 +459,12 @@ module PacketGen::Plugin
       # Get a human readable string
       # @return [String]
       def to_human
-        str = +"##{num} #{human_protocol}"
+        str = "##{num} #{human_protocol}"
         case spi_size
         when 4
-          str << '(spi:0x%08x)' % PacketGen::Types::Int32.new.read(spi).to_i
+          str << ('(spi:0x%08x)' % BinStruct::Int32.new.read(spi).to_i)
         when 8
-          str << '(spi:0x%016x)' % PacketGen::Types::Int64.new.read(spi).to_i
+          str << ('(spi:0x%016x)' % BinStruct::Int64.new.read(spi).to_i)
         end
         str << ":#{transforms.to_human}"
       end
@@ -490,14 +490,14 @@ module PacketGen::Plugin
 
     # Set of {SAProposal}
     # @author Sylvain Daubert
-    class SAProposals < PacketGen::Types::Array
+    class SAProposals < BinStruct::Array
       set_of SAProposal
 
       # Separator used between proposals in {#to_human}
       HUMAN_SEPARATOR = '; '
 
-      # Same as {PacketGen::Types::Array#push} but update previous {SAProposal#last} attribute
-      # @see PacketGen::Types::Array#push
+      # Same as {BinStruct::Array#push} but update previous {SAProposal#last} attribute
+      # @see BinStruct::Array#push
       def push(prop)
         super
         self[-2].last = 2 if size > 1
@@ -530,19 +530,19 @@ module PacketGen::Plugin
     #   # ID is taken from Transform::<TYPE>_* constants.
     #   pkt.ike_sa.proposals.first.transforms << { type: 'ENCR', id: 'AES_CTR' }
     #   # and finally, add an attribute to this transform (here, KEY_SIZE = 128 bits)
-    #   pkt.ike_sa.proposals[0].transforms[0].attributes << { type: 0x800e, value: 128 }
+    #   pkt.ike_sa.proposals[0].transforms[0].tattributes << { type: 0x800e, value: 128 }
     #   pkt.calc_length
     # @author Sylvain Daubert
     class SA < Payload
       # Payload type number
       PAYLOAD_TYPE = 33
 
-      remove_field :content
+      remove_attr :content
 
       # @!attribute proposals
       #  Set of SA proposals
       #  @return [SAProposals]
-      define_field_before :body, :proposals, SAProposals, builder: ->(h, t) { t.new(length_from: -> { h.length - h.offset_of(:proposals) }) }
+      define_attr_before :body, :proposals, SAProposals, builder: ->(h, t) { t.new(length_from: -> { h.length - h.offset_of(:proposals) }) }
 
       # Compute length and set {#length} field
       # @return [Integer] new length