From e758a218ea1a4017ff4070186da63e1bbb25e710 Mon Sep 17 00:00:00 2001
From: mtu <maxence.tury@ssi.gouv.fr>
Date: Thu, 26 Jan 2017 16:26:59 +0100
Subject: [PATCH] Ask for python-cryptography v1.7+ in warnings and
 documentation

---
 appveyor.yml                     |  2 +-
 doc/scapy/installation.rst       | 26 ++++++----
 scapy/config.py                  | 27 +++++++++-
 scapy/layers/dot11.py            | 70 +++++++++++++-------------
 scapy/layers/ipsec.py            | 47 ++++++++----------
 scapy/layers/tls/__init__.py     |  8 +--
 scapy/layers/tls/cert.py         | 14 ++++--
 scapy/layers/tls/crypto/pkcs1.py | 84 ++++++++++++++++++--------------
 test/ipsec.uts                   |  3 +-
 9 files changed, 161 insertions(+), 120 deletions(-)

diff --git a/appveyor.yml b/appveyor.yml
index c8300abac..351cf4ef9 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -29,7 +29,7 @@ test_script:
 
   # Secondary unit tests
   - 'del test\bpf.uts' # Don't bother with BPF regression tests
-  - "for %%t in (test\\*.uts) do (%PYTHON%\\python -m coverage run -a bin\\UTscapy -f text -t %%t -F -K combined_modes || exit /b 42)"
+  - "for %%t in (test\\*.uts) do (%PYTHON%\\python -m coverage run -a bin\\UTscapy -f text -t %%t -F -K combined_modes_ccm || exit /b 42)"
   
   # Contrib unit tests
   - "for %%t in (scapy\\contrib\\*.uts) do (%PYTHON%\\python -m coverage run -a bin\\UTscapy -f text -t %%t -F -P \"load_contrib(\'%%~nt\')\"  || exit /b 42)"
diff --git a/doc/scapy/installation.rst b/doc/scapy/installation.rst
index 9272bd470..ac5ab68bf 100644
--- a/doc/scapy/installation.rst
+++ b/doc/scapy/installation.rst
@@ -166,11 +166,13 @@ Here are the topics involved and some examples that you can use to try if your i
      >>> enc=rdpcap("weplab-64bit-AA-managed.pcap")
      >>> enc.show()
      >>> enc[0]
-      >>> conf.wepkey="AA\x00\x00\x00"
-      >>> dec=Dot11PacketList(enc).toEthernet()
-      >>> dec.show()
-      >>> dec[0]
+     >>> conf.wepkey="AA\x00\x00\x00"
+     >>> dec=Dot11PacketList(enc).toEthernet()
+     >>> dec.show()
+     >>> dec[0]
  
+* PKI operations and TLS decryption. `cryptography <https://cryptography.io>` is also needed.
+
 * Fingerprinting. ``nmap_fp()`` needs `Nmap <http://nmap.org>`_. You need an `old version <http://nmap.org/dist-old/>`_ (before v4.23) that still supports first generation fingerprinting.
 
   .. code-block:: python 
@@ -187,8 +189,6 @@ Here are the topics involved and some examples that you can use to try if your i
  
 * VOIP. ``voip_play()`` needs `SoX <http://sox.sourceforge.net/>`_.
  
-* IPsec Crypto Support. ``SecurityAssociation()`` needs `Pycrypto 2.7a1 <https://github.com/dlitz/pycrypto>`_. Combined AEAD modes such as GCM and CCM are not available yet because of cryptography restrictions.
-
 Platform-specific instructions
 ==============================
 
@@ -207,7 +207,13 @@ Debian/Ubuntu
 
 Just use the standard packages::
 
-$ sudo apt-get install tcpdump graphviz imagemagick python-gnuplot python-crypto python-pyx 
+$ sudo apt-get install tcpdump graphviz imagemagick python-gnuplot python-cryptography python-pyx
+
+Scapy optionally uses python-cryptography v1.7 or later. It has not been packaged for ``apt`` in less recent OS versions (e.g. Debian Jessie). If you need the cryptography-related methods, you may install the library with:
+
+.. code-block:: text
+
+    # pip install cryptography
 
 Fedora
 ------
@@ -226,7 +232,7 @@ Some optional packages:
 
 .. code-block:: text
 
-    # yum install graphviz python-crypto sox PyX gnuplot numpy
+    # yum install graphviz python-cryptography sox PyX gnuplot numpy
     # cd /tmp
     # wget http://heanet.dl.sourceforge.net/sourceforge/gnuplot-py/gnuplot-py-1.8.tar.gz
     # tar xvfz gnuplot-py-1.8.tar.gz
@@ -288,11 +294,11 @@ Here's how to install Scapy on OpenBSD 5.9+
 Optional packages (OpenBSD only)
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-py-crypto
+py-cryptography
 
 .. code-block:: text
 
- # pkg_add py-crypto
+ # pkg_add py-cryptography
 
 gnuplot and its Python binding: 
 
diff --git a/scapy/config.py b/scapy/config.py
index fe541ed57..ffd0844b6 100755
--- a/scapy/config.py
+++ b/scapy/config.py
@@ -4,7 +4,7 @@
 ## This program is published under a GPLv2 license
 
 """
-Implementation for of the configuration object.
+Implementation of the configuration object.
 """
 
 import os,time,socket,sys
@@ -279,6 +279,14 @@ class LogLevel(object):
         obj._logLevel = val
         
 
+def isCryptographyValid():
+    try:
+        import cryptography
+    except ImportError:
+        return False
+    from distutils.version import LooseVersion
+    return LooseVersion(cryptography.__version__) >= LooseVersion("1.7")
+
 
 def _prompt_changer(attr,val):
     prompt = conf.prompt
@@ -396,6 +404,7 @@ contribs: a dict which can be used by contrib layers to store local configuratio
                    "tftp", "x509", "bluetooth", "dhcp6", "llmnr",
                    "sctp", "vrrp", "ipsec", "lltd", "vxlan"]
     contribs = dict()
+    crypto_valid = isCryptographyValid()
 
 
 if not Conf.ipv6_enabled:
@@ -404,7 +413,23 @@ if not Conf.ipv6_enabled:
         if m in Conf.load_layers:
             Conf.load_layers.remove(m)
     
+if not Conf.crypto_valid:
+    log_scapy.warning("Crypto-related methods disabled for IPsec, Dot11 "
+                      "and TLS layers (needs python-cryptography v1.7+).")
 
 conf=Conf()
 conf.logLevel=30 # 30=Warning
 
+
+def crypto_validator(func):
+    """
+    This a decorator to be used for any method relying on the cryptography library.
+    Its behaviour depends on the 'crypto_valid' attribute of the global 'conf'.
+    """
+    def func_in(*args, **kwargs):
+        if not conf.crypto_valid:
+            raise ImportError("Cannot execute crypto-related method! "
+                              "Please install python-cryptography v1.7 or later.")
+        return func(*args, **kwargs)
+    return func_in
+
diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py
index f6f92b773..8474412e4 100644
--- a/scapy/layers/dot11.py
+++ b/scapy/layers/dot11.py
@@ -10,7 +10,7 @@ Wireless LAN according to IEEE 802.11.
 import re,struct
 from zlib import crc32
 
-from scapy.config import conf
+from scapy.config import conf, crypto_validator
 from scapy.data import *
 from scapy.packet import *
 from scapy.fields import *
@@ -20,14 +20,12 @@ from scapy.layers.l2 import *
 from scapy.layers.inet import IP, TCP
 
 
-try:
+if conf.crypto_valid:
     from cryptography.hazmat.backends import default_backend
-    from cryptography.hazmat.primitives.ciphers import (
-        Cipher,
-        algorithms,
-    )
-except ImportError:
-    log_loading.info("Can't import python cryptography lib. Won't be able to decrypt WEP.")
+    from cryptography.hazmat.primitives.ciphers import Cipher, algorithms
+else:
+    default_backend = Ciphers = algorithms = None
+    log_loading.info("Can't import python-cryptography v1.7+. Disabled WEP decryption/encryption.")
 
 
 ### Fields
@@ -324,6 +322,18 @@ class Dot11WEP(Packet):
                     StrField("wepdata",None,remain=4),
                     IntField("icv",None) ]
 
+    @crypto_validator
+    def decrypt(self, key=None):
+        if key is None:
+            key = conf.wepkey
+        if key:
+            d = Cipher(
+                algorithms.ARC4(self.iv + key),
+                None,
+                default_backend(),
+            ).decryptor()
+            self.add_payload(LLC(d.update(self.wepdata) + d.finalize()))
+
     def post_dissect(self, s):
         self.decrypt()
 
@@ -332,36 +342,30 @@ class Dot11WEP(Packet):
             return Packet.build_payload(self)
         return ""
 
-    def post_build(self, p, pay):
-        if self.wepdata is None:
-            key = conf.wepkey
-            if key:
-                if self.icv is None:
-                    pay += struct.pack("<I",crc32(pay))
-                    icv = ""
-                else:
-                    icv = p[4:8]
-                e = Cipher(
-                    algorithms.ARC4(self.iv+key),
-                    None,
-                    default_backend(),
-                ).encryptor()
-                p = p[:4]+e.update(pay)+e.finalize()+icv
-            else:
-                warning("No WEP key set (conf.wepkey).. strange results expected..")
-        return p
-            
-
-    def decrypt(self,key=None):
+    @crypto_validator
+    def encrypt(self, p, pay, key=None):
         if key is None:
             key = conf.wepkey
         if key:
-            d = Cipher(
-                algorithms.ARC4(self.iv+key),
+            if self.icv is None:
+                pay += struct.pack("<I", crc32(pay))
+                icv = ""
+            else:
+                icv = p[4:8]
+            e = Cipher(
+                algorithms.ARC4(self.iv + key),
                 None,
                 default_backend(),
-            ).decryptor()
-            self.add_payload(LLC(d.update(self.wepdata)+d.finalize()))
+            ).encryptor()
+            return p[:4] + e.update(pay) + e.finalize() + icv
+        else:
+            warning("No WEP key set (conf.wepkey).. strange results expected..")
+            return None
+
+    def post_build(self, p, pay):
+        if self.wepdata is None:
+            p = self.encrypt(p, pay)
+        return p
 
 
 bind_layers( PrismHeader,   Dot11,         )
diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py
index dd9f5a9b7..9153ac7c4 100644
--- a/scapy/layers/ipsec.py
+++ b/scapy/layers/ipsec.py
@@ -44,19 +44,15 @@ import os
 import socket
 import struct
 
-from scapy.error import warning
-
+from scapy.config import conf, crypto_validator
 from scapy.data import IP_PROTOS
 from scapy.error import log_loading
-
-from scapy.fields import ByteEnumField, ByteField, StrField, XIntField, IntField, \
-    ShortField, PacketField
-
+from scapy.fields import (ByteEnumField, ByteField, StrField, XIntField,
+                          IntField, ShortField, PacketField)
 from scapy.packet import Packet, bind_layers, Raw
-
 from scapy.layers.inet import IP, UDP
-from scapy.layers.inet6 import IPv6, IPv6ExtHdrHopByHop, IPv6ExtHdrDestOpt, \
-    IPv6ExtHdrRouting
+from scapy.layers.inet6 import (IPv6, IPv6ExtHdrHopByHop, IPv6ExtHdrDestOpt,
+                                IPv6ExtHdrRouting)
 
 
 #------------------------------------------------------------------------------
@@ -142,26 +138,20 @@ class _ESPPlain(Packet):
         return str(self.data) + self.padding + chr(self.padlen) + chr(self.nh)
 
 #------------------------------------------------------------------------------
-try:
+if conf.crypto_valid:
     from cryptography.exceptions import InvalidTag
     from cryptography.hazmat.backends import default_backend
+    from cryptography.hazmat.primitives import interfaces
     from cryptography.hazmat.primitives.ciphers import (
         Cipher,
         algorithms,
         modes,
     )
-except ImportError:
-    log_loading.info("Can't import python cryptography lib. "
+else:
+    log_loading.info("Can't import python-cryptography v1.7+. "
                      "Disabled IPsec encryption/authentication.")
-    algorithms = None
-    Cipher = None
-    modes = None
-
-try:
-    from Crypto.Cipher.AES import MODE_GCM
-    from Crypto.Cipher.AES import MODE_CCM
-except ImportError:
-    warning("Combined crypto modes not available for IPsec (pycrypto 2.7a1 required).")
+    InvalidTag = default_backend = interfaces = None
+    Cipher = algorithms = modes = None
 
 #------------------------------------------------------------------------------
 def _lcm(a, b):
@@ -201,8 +191,9 @@ class CryptAlgo(object):
         self.mode = mode
         self.icv_size = icv_size
 
-        if self.mode is not None:
-            self.is_aead = issubclass(self.mode, modes.ModeWithAuthenticationTag)
+        if modes and self.mode is not None:
+            self.is_aead = issubclass(self.mode,
+                                      modes.ModeWithAuthenticationTag)
         else:
             self.is_aead = False
 
@@ -248,6 +239,7 @@ class CryptAlgo(object):
         # XXX: random bytes for counters, so it is not wrong to do it that way
         return os.urandom(self.iv_size - self.salt_size)
 
+    @crypto_validator
     def new_cipher(self, key, iv, digest=None):
         """
         @param key:    the secret key, a byte string
@@ -430,15 +422,13 @@ if algorithms:
                                     mode=modes.CBC)
 
 #------------------------------------------------------------------------------
-try:
+if conf.crypto_valid:
     from cryptography.hazmat.primitives.hmac import HMAC
     from cryptography.hazmat.primitives.cmac import CMAC
     from cryptography.hazmat.primitives import hashes
-except ImportError:
+else:
     # no error if cryptography is not available but authentication won't be supported
-    HMAC = None
-    CMAC = None
-    hashes = None
+    HMAC = CMAC = hashes = None
 
 #------------------------------------------------------------------------------
 class IPSecIntegrityError(Exception):
@@ -478,6 +468,7 @@ class AuthAlgo(object):
             raise TypeError('invalid key size %s, must be one of %s' %
                             (len(key), self.key_size))
 
+    @crypto_validator
     def new_mac(self, key):
         """
         @param key:    a byte string
diff --git a/scapy/layers/tls/__init__.py b/scapy/layers/tls/__init__.py
index 98ee163d8..2f2063088 100644
--- a/scapy/layers/tls/__init__.py
+++ b/scapy/layers/tls/__init__.py
@@ -7,12 +7,12 @@
 Tools for handling TLS sessions and digital certificates.
 """
 
-try:
-    import cryptography
-except ImportError:
+from scapy.config import conf
+
+if not conf.crypto_valid:
     import logging
     log_loading = logging.getLogger("scapy.loading")
-    log_loading.info("Can't import python cryptography lib. Disabled certificate manipulation tools")
+    log_loading.info("Can't import python-cryptography v1.7+. Disabled PKCS #1 signing/verifying.")
 
 try:
     import ecdsa
diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py
index 56e505fb2..8d81097e0 100644
--- a/scapy/layers/tls/cert.py
+++ b/scapy/layers/tls/cert.py
@@ -29,9 +29,13 @@ Supports both RSA and ECDSA objects.
 import base64, os, time
 
 import ecdsa
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives.asymmetric import rsa
-from cryptography.hazmat.primitives import hashes
+
+from scapy.config import conf, crypto_validator
+if conf.crypto_valid:
+    from cryptography.hazmat.backends import default_backend
+    from cryptography.hazmat.primitives.asymmetric import rsa
+else:
+    default_backend = rsa = None
 
 from scapy.layers.tls.crypto.curves import import_curve
 from scapy.layers.tls.crypto.pkcs1 import pkcs_os2ip, pkcs_i2osp, mapHashFunc
@@ -199,7 +203,7 @@ class _PubKeyFactory(_PKIObjMaker):
                 obj.__class__ = PubKeyECDSA
                 obj.updateWith(spki)
             else:
-                raise Exception("Unsupported publicKey type")
+                raise
             marker = "PUBLIC KEY"
         except:
             try:
@@ -241,6 +245,7 @@ class PubKeyRSA(_PKIObj, PubKey, _EncryptAndVerifyRSA):
     Wrapper for RSA keys based on _EncryptAndVerifyRSA from crypto/pkcs1.py
     Use the 'key' attribute to access original object.
     """
+    @crypto_validator
     def updateWith(self, pubkey):
         self.modulus    = pubkey.modulus.val
         self.modulusLen = len(binrepr(pubkey.modulus.val))
@@ -391,6 +396,7 @@ class PrivKeyRSA(_PKIObj, PrivKey, _EncryptAndVerifyRSA, _DecryptAndSignRSA):
     Wrapper for RSA keys based on _DecryptAndSignRSA from crypto/pkcs1.py
     Use the 'key' attribute to access original object.
     """
+    @crypto_validator
     def updateWith(self, privkey):
         self.modulus     = privkey.modulus.val
         self.modulusLen  = len(binrepr(privkey.modulus.val))
diff --git a/scapy/layers/tls/crypto/pkcs1.py b/scapy/layers/tls/crypto/pkcs1.py
index 3ae21e543..956268e79 100644
--- a/scapy/layers/tls/crypto/pkcs1.py
+++ b/scapy/layers/tls/crypto/pkcs1.py
@@ -10,10 +10,14 @@ PKCS #1 methods as defined in RFC 3447.
 import os, popen2, tempfile
 import math, random, struct
 
-from cryptography.exceptions import InvalidSignature
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives.asymmetric import padding
+from scapy.config import conf, crypto_validator
+if conf.crypto_valid:
+    from cryptography.exceptions import InvalidSignature
+    from cryptography.hazmat.backends import default_backend
+    from cryptography.hazmat.primitives import hashes
+    from cryptography.hazmat.primitives.asymmetric import padding
+else:
+    InvalidSignature = dafault_backend = hashes = padding = None
 
 
 #####################################################################
@@ -108,40 +112,44 @@ def pkcs_ilen(n):
 #   PKCS#1 v2.1, MD4 should not be used.
 # - 'tls' one is the concatenation of both md5 and sha1 hashes used
 #   by SSL/TLS when signing/verifying things
-def _hashWrapper(hash_algo, message, backend=default_backend()):
-    digest = hashes.Hash(hash_algo, backend).update(message)
-    return digest.finalize()
 
-_hashFuncParams = {
-    "md5"    : (16,
-                hashes.MD5,
-                lambda x: _hashWrapper(hashes.MD5, x),
-                '\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10'),
-    "sha1"   : (20,
-                hashes.SHA1,
-                lambda x: _hashWrapper(hashes.SHA1, x),
-                '\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14'),
-    "sha224" : (28,
-                hashes.SHA224,
-                lambda x: _hashWrapper(hashes.SHA224, x),
-                '\x30\x2d\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04\x05\x00\x04\x1c'),
-    "sha256" : (32,
-                hashes.SHA256,
-                lambda x: _hashWrapper(hashes.SHA256, x),
-                '\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20'),
-    "sha384" : (48,
-                hashes.SHA384,
-                lambda x: _hashWrapper(hashes.SHA384, x),
-                '\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x05\x00\x04\x30'),
-    "sha512" : (64,
-                hashes.SHA512,
-                lambda x: _hashWrapper(hashes.SHA512, x),
-                '\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40'),
-    "tls"    : (36,
-                None,
-                lambda x: _hashWrapper(hashes.MD5, x) + _hashWrapper(hashes.SHA1, x),
-                '')
-    }
+_hashFuncParams = {}
+if conf.crypto_valid:
+
+    def _hashWrapper(hash_algo, message, backend=default_backend()):
+        digest = hashes.Hash(hash_algo, backend).update(message)
+        return digest.finalize()
+
+    _hashFuncParams = {
+        "md5"    : (16,
+                    hashes.MD5,
+                    lambda x: _hashWrapper(hashes.MD5, x),
+                    '\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10'),
+        "sha1"   : (20,
+                    hashes.SHA1,
+                    lambda x: _hashWrapper(hashes.SHA1, x),
+                    '\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14'),
+        "sha224" : (28,
+                    hashes.SHA224,
+                    lambda x: _hashWrapper(hashes.SHA224, x),
+                    '\x30\x2d\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04\x05\x00\x04\x1c'),
+        "sha256" : (32,
+                    hashes.SHA256,
+                    lambda x: _hashWrapper(hashes.SHA256, x),
+                    '\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20'),
+        "sha384" : (48,
+                    hashes.SHA384,
+                    lambda x: _hashWrapper(hashes.SHA384, x),
+                    '\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x05\x00\x04\x30'),
+        "sha512" : (64,
+                    hashes.SHA512,
+                    lambda x: _hashWrapper(hashes.SHA512, x),
+                    '\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40'),
+        "tls"    : (36,
+                    None,
+                    lambda x: _hashWrapper(hashes.MD5, x) + _hashWrapper(hashes.SHA1, x),
+                    '')
+        }
 
 def mapHashFunc(hashStr):
     try:
@@ -424,6 +432,7 @@ def create_temporary_ca_path(anchor_list, folder):
 #####################################################################
 
 class _EncryptAndVerifyRSA(object):
+    @crypto_validator
     def encrypt(self, m, t=None, h=None, mgf=None, L=None):
         """
         Encrypt message 'm' using 't' encryption scheme where 't' can be:
@@ -484,6 +493,7 @@ class _EncryptAndVerifyRSA(object):
             _warning("Key.encrypt(): Unknown encryption type (%s) provided" % t)
             return None
 
+    @crypto_validator
     def verify(self, M, S, t=None, h=None, mgf=None, sLen=None):
         """
         Verify alleged signature 'S' is indeed the signature of message 'M'
diff --git a/test/ipsec.uts b/test/ipsec.uts
index 9707dce8b..c271cc8ee 100644
--- a/test/ipsec.uts
+++ b/test/ipsec.uts
@@ -2491,7 +2491,6 @@ assert(d[TCP] == p[TCP])
 
 #######################################
 = IPv4 / ESP - Tunnel - AES-GCM - NULL
-~ combined_modes
 
 p = IP(src='1.1.1.1', dst='2.2.2.2')
 p /= TCP(sport=45012, dport=80)
@@ -2526,7 +2525,7 @@ assert(d == p)
 
 #######################################
 = IPv4 / ESP - Tunnel - AES-CCM - NULL
-~ combined_modes combined_modes_ccm
+~ combined_modes_ccm
 
 p = IP(src='1.1.1.1', dst='2.2.2.2')
 p /= TCP(sport=45012, dport=80)