Currently, only internal encryption and decryption were tested but the
implementation might not be the on it is supposed to be.
Add reference packets generated using Ubuntu-16.04, iproute2 and ping:
# ip -V
ip utility, iproute2-ss151103
# uname -a
Linux router-vm 4.4.0-62-generic #83-Ubuntu SMP Wed Jan 18 14:10:15 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
# ping -V
ping utility, iputils-s20160308
Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>
In TLS, the AES-CCM test is commented out because CCM is not supported
by cryptography. But the combined_modes_ccm keyword is made to skip
these tests.
In IPsec, some IPv4 tests are located in the IPv6 section. Also add the
same combination of test for the AES-CCM as the other modes.
Also, there is some errors in the key material as the *MUST*
implementation uses a 16 bytes key and a 3 bytes nonce. Fix those
lengths.
Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>
The ICV size is defined by the authentication algorithm in the SA.
it can be deduced from the payloadlen field but the padding len is
unknown aswell so there is no way to find both without the SA.
Assume everything in payloadlen is the ICV until the verification called
from the SA. Fill padding when possible.
Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>
Change the cryptographic library used in the following layers:
* IPSec
* TLS
* Dot11
Notes:
* Fix the WEP key in regression.uts: Should be a 40 bits key (5 ASCII)
and 24 bits nonce for 64 bits WEP. The key was 8 ASCII => 88 bits
in total
* AES-GCM and AES-CMAC algorithms are now native in cryptography: add
tests in ipsec.uts
* cryptography only supports Python 2.6+
* Fix the docstring for the pad method
Removed:
* MD2 and MD4 hash algorithms for RSA in tls/crypto/pkcs1.py
* AES-XCBC-96 not supported by cryptography.
Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>
* Corrected ICV length for AES-GCM and AES-CCM in IPSec layer. Added unit tests to the ipsec campaign.
* Added travis support for pycrypto 2.7a1 combined modes.
* Updated documentation for pycrypto installation.
When using scapy as a third party library, we do not "benefit" from the
loading routine that puts all symbols in the __builtin__ namespace. This
implies that all modules must be "importable" without any errors for
undefined symbols.
This patch fixes importing every scapy module individually. Some
circular imports were fixed (between inet6 and dhcp6).
Most errors were detected by using pylint with the right configuration
(scapy produces a *lot* of errors). Other errors were detected with the
following shell script:
export PYTHONPATH=".:$PYTHONPATH"
for f in $(find scapy/ -name '*.py'); do
f=${f%/__init__.py}
module=$(echo ${f%.py} | sed 's,/,.,g')
python -c "import $module; print $module"
done
Also, replace all implicit relative imports by absolute imports to avoid
surprises with some python versions.
Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
This patch adds a full implementation of the IPSec layer in
scapy/layers/ipsec.py. See the module's doc string for instructions.
In order to support encryption/decryption and authentication, the
pycrypto library is required. If not found, only the NULL/NULL
algorithms will be available.
(almost) complete test suite can be found in test/ipsec.uts and can
be launched with:
./bin/UTscapy -m scapy/layers/ipsec.py -t test/ipsec.uts -f text -F
Signed-off-by: Robin Jarry <robin.jarry@6wind.com>
--HG--
branch : ipsec
Thomas Faivre