Rooba
/
scapy
mirror of https://github.com/secdev/scapy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Replace IPSec with IPsec

This commit is contained in:
Guillaume Valadon 2016-11-14 11:37:17 +01:00
parent 32d71796e8
commit 584b649e11
3 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis/test.sh
View File

@ -8,7 +8,7 @@ then
TRAVIS_SUDO="" TRAVIS_SUDO=""
fi fi
# Test AEAD modes in IPSec if available # Test AEAD modes in IPsec if available
if [ "$TEST_COMBINED_MODES" != "yes" ] if [ "$TEST_COMBINED_MODES" != "yes" ]
then then
UT_FLAGS+="-K combined_modes " UT_FLAGS+="-K combined_modes "

2
doc/scapy/installation.rst
View File

@ -190,7 +190,7 @@ Here are the topics involved and some examples that you can use to try if your i
* VOIP. ``voip_play()`` needs `SoX <http://sox.sourceforge.net/>`_. * VOIP. ``voip_play()`` needs `SoX <http://sox.sourceforge.net/>`_.
* IPSec Crypto Support. ``SecurityAssociation()`` needs `Pycrypto <https://github.com/dlitz/pycrypto>`_. Combined AEAD modes such as GCM and CCM require pycrypto2.7a1, which is only available from source (no pip or package). * IPsec Crypto Support. ``SecurityAssociation()`` needs `Pycrypto <https://github.com/dlitz/pycrypto>`_. Combined AEAD modes such as GCM and CCM require pycrypto2.7a1, which is only available from source (no pip or package).
.. code-block:: text .. code-block:: text

20
scapy/layers/ipsec.py
View File

@ -1,5 +1,5 @@
############################################################################# #############################################################################
## ipsec.py --- IPSec support for Scapy ## ## ipsec.py --- IPsec support for Scapy ##
## ## ## ##
## Copyright (C) 2014 6WIND ## ## Copyright (C) 2014 6WIND ##
## ## ## ##
@ -13,7 +13,7 @@
## General Public License for more details. ## ## General Public License for more details. ##
############################################################################# #############################################################################
""" """
IPSec layer IPsec layer
=========== ===========
Example of use: Example of use:
@ -154,7 +154,7 @@ try:
from Crypto import Random from Crypto import Random
except ImportError: except ImportError:
# no error if pycrypto is not available but encryption won't be supported # no error if pycrypto is not available but encryption won't be supported
warning("IPSec encryption not supported (pycrypto required).") warning("IPsec encryption not supported (pycrypto required).")
AES = None AES = None
DES = None DES = None
DES3 = None DES3 = None
@ -166,7 +166,7 @@ try:
from Crypto.Cipher.AES import MODE_GCM from Crypto.Cipher.AES import MODE_GCM
from Crypto.Cipher.AES import MODE_CCM from Crypto.Cipher.AES import MODE_CCM
except ImportError: except ImportError:
warning("Combined crypto modes not available for IPSec (pycrypto 2.7a1 required).") warning("Combined crypto modes not available for IPsec (pycrypto 2.7a1 required).")
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
def _lcm(a, b): def _lcm(a, b):
@ -180,7 +180,7 @@ def _lcm(a, b):
class CryptAlgo(object): class CryptAlgo(object):
""" """
IPSec encryption algorithm IPsec encryption algorithm
""" """
def __init__(self, name, cipher, mode, block_size=None, iv_size=None, key_size=None, icv_size=None): def __init__(self, name, cipher, mode, block_size=None, iv_size=None, key_size=None, icv_size=None):
@ -466,7 +466,7 @@ class IPSecIntegrityError(Exception):
class AuthAlgo(object): class AuthAlgo(object):
""" """
IPSec integrity algorithm IPsec integrity algorithm
""" """
def __init__(self, name, mac, digestmod, icv_size, key_size=None): def __init__(self, name, mac, digestmod, icv_size, key_size=None):
@ -508,7 +508,7 @@ class AuthAlgo(object):
def sign(self, pkt, key): def sign(self, pkt, key):
""" """
Sign an IPSec (ESP or AH) packet with this algo. Sign an IPsec (ESP or AH) packet with this algo.
@param pkt: a packet that contains a valid encrypted ESP or AH layer @param pkt: a packet that contains a valid encrypted ESP or AH layer
@param key: the authentication key, a byte string @param key: the authentication key, a byte string
@ -619,7 +619,7 @@ def split_for_transport(orig_pkt, transport_proto):
header. header.
@param orig_pkt: the packet to split. Must be an IP or IPv6 packet @param orig_pkt: the packet to split. Must be an IP or IPv6 packet
@param transport_proto: the IPSec protocol number that will be inserted @param transport_proto: the IPsec protocol number that will be inserted
at the split position. at the split position.
@return: a tuple (header, nh, payload) where nh is the protocol number of @return: a tuple (header, nh, payload) where nh is the protocol number of
payload. payload.
@ -744,7 +744,7 @@ def zero_mutable_fields(pkt, sending=False):
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
class SecurityAssociation(object): class SecurityAssociation(object):
""" """
This class is responsible of "encryption" and "decryption" of IPSec packets. This class is responsible of "encryption" and "decryption" of IPsec packets.
""" """
SUPPORTED_PROTOS = (IP, IPv6) SUPPORTED_PROTOS = (IP, IPv6)
@ -752,7 +752,7 @@ class SecurityAssociation(object):
def __init__(self, proto, spi, seq_num=1, crypt_algo=None, crypt_key=None, def __init__(self, proto, spi, seq_num=1, crypt_algo=None, crypt_key=None,
auth_algo=None, auth_key=None, tunnel_header=None, nat_t_header=None): auth_algo=None, auth_key=None, tunnel_header=None, nat_t_header=None):
""" """
@param proto: the IPSec proto to use (ESP or AH) @param proto: the IPsec proto to use (ESP or AH)
@param spi: the Security Parameters Index of this SA @param spi: the Security Parameters Index of this SA
@param seq_num: the initial value for the sequence number on encrypted @param seq_num: the initial value for the sequence number on encrypted
packets packets