-
-
Notifications
You must be signed in to change notification settings - Fork 2k
/
ikev2.uts
1622 lines (1542 loc) · 75.2 KB
/
ikev2.uts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
% Ikev2 unit tests
#
# Type the following command to launch start the tests:
# $ test/run_tests -P "load_contrib('ikev2')" -t test/contrib/ikev2.uts
* Tests for the Ikev2 layer
+ Basic Layer Tests
= Ikev2 build
a = IKEv2()
assert raw(a) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c'
= Ikev2 dissection
a = IKEv2(b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00! \x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x14\x00\x00\x00\x10\x01\x01\x00\x00\x00\x00\x00\x08\x02\x00\x00\x03")
assert a[IKEv2_Transform].transform_type == 2
assert a[IKEv2_Transform].transform_id == 3
assert a.next_payload == 33
assert a[IKEv2_SA].next_payload == 0
assert a[IKEv2_Proposal].next_payload == 0
assert a[IKEv2_Proposal].proposal == 1
assert a[IKEv2_Transform].next_payload == 0
a[IKEv2_Transform].show()
= Build Ikev2 SA request packet
a = IKEv2(init_SPI="MySPI",exch_type=34)/IKEv2_SA(prop=IKEv2_Proposal())
assert raw(a) == b'MySPI\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00! "\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x0c\x00\x00\x00\x08\x01\x01\x00\x00'
= Build advanced IKEv2
import binascii
key_exchange = binascii.unhexlify('bb41bb41cfaf34e3b3209672aef1c51b9d52919f1781d0b4cd889d4aafe261688776000c3d9031505aefc0186967eaf5a7663725fb102c59c39b7a70d8d9161c3bd0eb445888b5028ea063ba0ae01f5b3f30808a6b6710dc9bab601e4116157d7f58cf835cb633c64abcb3a5c61c223e9332538bfc9f282cb62d1f00f4ee8802')
nonce = binascii.unhexlify('8dfcf8384c5c32f1b294c64eab69f98e9d8cf7e7f352971a91ff6777d47dffed')
nat_detection_source_ip = binascii.unhexlify('e64c81c4152ad83bd6e035009fbb900406be371f')
nat_detection_destination_ip = binascii.unhexlify('28cd99b9fa1267654b53f60887c9c35bcf67a8ff')
transform_1 = IKEv2_Transform(next_payload = 'Transform', transform_type = 'Encryption', transform_id = 12, length = 12, key_length = 0x80)
transform_2 = IKEv2_Transform(next_payload = 'Transform', transform_type = 'PRF', transform_id = 2)
transform_3 = IKEv2_Transform(next_payload = 'Transform', transform_type = 'Integrity', transform_id = 2)
transform_4 = IKEv2_Transform(next_payload = 'None', transform_type = 'GroupDesc', transform_id = 2)
packet = IP(dst = '192.168.1.10', src = '192.168.1.130') /\
UDP(dport = 500) /\
IKEv2(init_SPI = b'KWdxMhjA', next_payload = 'SA', exch_type = 'IKE_SA_INIT', flags='Initiator') /\
IKEv2_SA(next_payload = 'KE', prop = IKEv2_Proposal(trans_nb = 4, trans = transform_1 / transform_2 / transform_3 / transform_4, )) /\
IKEv2_KE(next_payload = 'Nonce', group = '1024MODPgr', ke = key_exchange) /\
IKEv2_Nonce(next_payload = 'Notify', nonce = nonce) /\
IKEv2_Notify(next_payload = 'Notify', type = 16388, notify = nat_detection_source_ip) /\
IKEv2_Notify(next_payload = 'None', type = 16389, notify = nat_detection_destination_ip)
assert raw(packet) == b'E\x00\x01L\x00\x01\x00\x00@\x11\xf5\xc3\xc0\xa8\x01\x82\xc0\xa8\x01\n\x01\xf4\x01\xf4\x018\xa6\xc0KWdxMhjA\x00\x00\x00\x00\x00\x00\x00\x00! "\x08\x00\x00\x00\x00\x00\x00\x010"\x00\x000\x00\x00\x00,\x01\x01\x00\x04\x03\x00\x00\x0c\x01\x00\x00\x0c\x80\x0e\x00\x80\x03\x00\x00\x08\x02\x00\x00\x02\x03\x00\x00\x08\x03\x00\x00\x02\x00\x00\x00\x08\x04\x00\x00\x02(\x00\x00\x88\x00\x02\x00\x00\xbbA\xbbA\xcf\xaf4\xe3\xb3 \x96r\xae\xf1\xc5\x1b\x9dR\x91\x9f\x17\x81\xd0\xb4\xcd\x88\x9dJ\xaf\xe2ah\x87v\x00\x0c=\x901PZ\xef\xc0\x18ig\xea\xf5\xa7f7%\xfb\x10,Y\xc3\x9bzp\xd8\xd9\x16\x1c;\xd0\xebDX\x88\xb5\x02\x8e\xa0c\xba\n\xe0\x1f[?0\x80\x8akg\x10\xdc\x9b\xab`\x1eA\x16\x15}\x7fX\xcf\x83\\\xb63\xc6J\xbc\xb3\xa5\xc6\x1c">\x932S\x8b\xfc\x9f(,\xb6-\x1f\x00\xf4\xee\x88\x02)\x00\x00$\x8d\xfc\xf88L\\2\xf1\xb2\x94\xc6N\xabi\xf9\x8e\x9d\x8c\xf7\xe7\xf3R\x97\x1a\x91\xffgw\xd4}\xff\xed)\x00\x00\x1c\x00\x00@\x04\xe6L\x81\xc4\x15*\xd8;\xd6\xe05\x00\x9f\xbb\x90\x04\x06\xbe7\x1f\x00\x00\x00\x1c\x00\x00@\x05(\xcd\x99\xb9\xfa\x12geKS\xf6\x08\x87\xc9\xc3[\xcfg\xa8\xff'
## packets taken from
## https://github.com/wireshark/wireshark/blob/master/test/captures/ikev2-decrypt-aes128ccm12.pcap
= Dissect Initiator Request
a = Ether(b'\x00!k\x91#H\xb8\'\xeb\xa6XI\x08\x00E\x00\x01\x14u\xc2@\x00@\x11@\xb6\xc0\xa8\x01\x02\xc0\xa8\x01\x0e\x01\xf4\x01\xf4\x01\x00=8\xeahM!Yz\xfd6\x00\x00\x00\x00\x00\x00\x00\x00! "\x08\x00\x00\x00\x00\x00\x00\x00\xf8"\x00\x00(\x00\x00\x00$\x01\x01\x00\x03\x03\x00\x00\x0c\x01\x00\x00\x0f\x80\x0e\x00\x80\x03\x00\x00\x08\x02\x00\x00\x05\x00\x00\x00\x08\x04\x00\x00\x13(\x00\x00H\x00\x13\x00\x002\xc6\xdf\xfe\\C\xb0\xd5\x81\x1f~\xaa\xa8L\x9fx\xbf\x99\xb9\x06\x9c+\x07.\x0b\x82\xf4k\xf6\xf6m\xd4_\x97\xef\x89\xee(_\xd5\xdfRzDwkR\x9f\xc9\xd8\xa9\t\xd8B\xa6\xfbY\xb9j\tS\x95ar)\x00\x00$\xb6UF-oKf\xf8r\xcc\xd7\xf0\xf4\xb4\x85w2\x92\x139\xcb\xaaR7\xed\xba$O&+h#)\x00\x00\x1c\x00\x00@\x04\x94\x9c\x9d\xb5s\x9du\xa9t\xa4\x9c\x18F\x186\x9b4\xb7\xf9B)\x00\x00\x1c\x00\x00@\x05>r\x1bF\xbe\x07\xd51\x11B]\x7f\x80\xd2\xc6\xe2 \xc6\x07.\x00\x00\x00\x10\x00\x00@/\x00\x01\x00\x02\x00\x03\x00\x04')
assert a[IKEv2_SA].prop.trans.transform_id == 15
assert a[IKEv2_Notify].next_payload == 41
assert IP(a[IKEv2_Notify].notify).src == "70.24.54.155"
assert IP(a[IKEv2_Notify].payload.notify).dst == "32.198.7.46"
= Dissect Responder Response
b = Ether(b'\xb8\'\xeb\xa6XI\x00!k\x91#H\x08\x00E\x00\x01\x0c\xd2R@\x00@\x11\xe4-\xc0\xa8\x01\x0e\xc0\xa8\x01\x02\x01\xf4\x01\xf4\x00\xf8\x07\xdd\xeahM!Yz\xfd6\xd9\xfe*\xb2-\xac#\xac! " \x00\x00\x00\x00\x00\x00\x00\xf0"\x00\x00(\x00\x00\x00$\x01\x01\x00\x03\x03\x00\x00\x0c\x01\x00\x00\x0f\x80\x0e\x00\x80\x03\x00\x00\x08\x02\x00\x00\x05\x00\x00\x00\x08\x04\x00\x00\x13(\x00\x00H\x00\x13\x00\x00,f\xbe\xad\xb6\xce\x855\xd6!\x8c\xb4\x01\xaaZ\x1e\xb4\x03[\x97\xca\xdd\xaf67J\x97\x9c\x04F\xb8\x80\x05\x06\xbf\x9do\x95\tR2k\xf3\x01\x19\x13\xda\x93\xbb\x8e@\xf8\x157k\xe1\xa0h\x01\xc0\xa6>;T)\x00\x00$\x9e]&sy\xe6\x81\xe7\xd3\x8d\x81\xc7\x10\xd3\x83@\x1d\xe7\xe3`{\x92m\x90\xa9\x95\x8a\xdc\xb5(1\xaa)\x00\x00\x1c\x00\x00@\x04z\x07\x85\'=Y 8)\xa6\x97U\x0f1\xcb\xb9N\xb7+C)\x00\x00\x1c\x00\x00@\x05\xc3\xe5\x8a\x8c\xc9\x93<\xe0\xb7\x8f*P\xe8\xde\x80\x13N\x12\xce1\x00\x00\x00\x08\x00\x00@\x14')
assert b[UDP].dport == 500
assert b[IKEv2_KE].ke == b',f\xbe\xad\xb6\xce\x855\xd6!\x8c\xb4\x01\xaaZ\x1e\xb4\x03[\x97\xca\xdd\xaf67J\x97\x9c\x04F\xb8\x80\x05\x06\xbf\x9do\x95\tR2k\xf3\x01\x19\x13\xda\x93\xbb\x8e@\xf8\x157k\xe1\xa0h\x01\xc0\xa6>;T'
assert b[IKEv2_Nonce].payload.type == 16388
assert b[IKEv2_Nonce].payload.payload.payload.next_payload == 0
= Dissect Encrypted Initiator Request
a = Ether(b"\x00!k\x91#H\xb8'\xeb\xa6XI\x08\x00E\x00\x00Yu\xe2@\x00@\x11AQ\xc0\xa8\x01\x02\xc0\xa8\x01\x0e\x01\xf4\x01\xf4\x00E}\xe0\xeahM!Yz\xfd6\xd9\xfe*\xb2-\xac#\xac. %\x08\x00\x00\x00\x02\x00\x00\x00=*\x00\x00!\xcc\xa0\xb3]\xe5\xab\xc5\x1c\x99\x87\xcb\xf1\xf5\xec\xff!\x0e\xb7g\xcd\xb8Qy8;\x96Mx\xe2")
assert a[IKEv2_Encrypted].next_payload == 42
assert a[IKEv2_Encrypted].load == b'\xcc\xa0\xb3]\xe5\xab\xc5\x1c\x99\x87\xcb\xf1\xf5\xec\xff!\x0e\xb7g\xcd\xb8Qy8;\x96Mx\xe2'
= Dissect Encrypted Responder Response
b = Ether(b"\xb8'\xeb\xa6XI\x00!k\x91#H\x08\x00E\x00\x00Q\xd5y@\x00@\x11\xe1\xc1\xc0\xa8\x01\x0e\xc0\xa8\x01\x02\x01\xf4\x01\xf4\x00=\xf9F\xeahM!Yz\xfd6\xd9\xfe*\xb2-\xac#\xac. % \x00\x00\x00\x02\x00\x00\x005\x00\x00\x00\x19\xa8\x0c\x95{\xac\x15\xc3\xf8\xaf\xdf1Z\x81\xccK|@\xe8f\rD")
assert b[IKEv2].init_SPI == b'\xeahM!Yz\xfd6'
assert b[IKEv2].resp_SPI == b'\xd9\xfe*\xb2-\xac#\xac'
assert b[IKEv2].next_payload == 46
assert b[IKEv2_Encrypted].load == b'\xa8\x0c\x95{\xac\x15\xc3\xf8\xaf\xdf1Z\x81\xccK|@\xe8f\rD'
= Test Certs detection
a = IKEv2_CERT(raw(IKEv2_CERT(cert_encoding = "X.509 Certificate - Signature")))
b = IKEv2_CERT(raw(IKEv2_CERT(cert_encoding ="Certificate Revocation List (CRL)")))
c = IKEv2_CERT(raw(IKEv2_CERT(cert_encoding = 0)))
assert a.cert_encoding == 4
assert isinstance(a.cert_data, X509_Cert)
assert b.cert_encoding == 7
assert isinstance(b.cert_data, X509_CRL)
assert c.cert_encoding == 0
assert isinstance(c.cert_data, bytes)
= Test Certs length calculations
## For the length calculations see Figure 12 in RFC 7296
assert a.length == len(a.cert_data) + 5
assert b.length == len(b.cert_data) + 5
assert c.length == len(c.cert_data) + 5
= Test TrafficSelector detection
a = TrafficSelector(raw(IPv4TrafficSelector()))
b = TrafficSelector(raw(IPv6TrafficSelector()))
c = TrafficSelector(raw(EncryptedTrafficSelector()))
assert isinstance(a, IPv4TrafficSelector)
assert isinstance(b, IPv6TrafficSelector)
assert isinstance(c, EncryptedTrafficSelector)
= Test TSi with multiple TrafficSelector dissection
a = IKEv2_TSi()
a.traffic_selector.extend(IPv4TrafficSelector() * 2)
a.traffic_selector.extend(IPv6TrafficSelector() * 3)
assert len(a.traffic_selector) == 5
b = IKEv2_TSi(raw(a))
assert len(b.traffic_selector) == 5
= Test automatic calculation of number_of_TSs field
a = IKEv2_TSi(traffic_selector=IPv4TrafficSelector() * 2)
b = IKEv2_TSi(raw(a))
assert b.number_of_TSs == 2
c = IKEv2_TSr(traffic_selector=IPv4TrafficSelector() * 2)
d = IKEv2_TSr(raw(c))
assert d.number_of_TSs == 2
= IKEv2_Encrypted_Fragment, simple tests
s = b"\x00\x00\x00\x08\x00\x01\x00\x01"
assert raw(IKEv2_Encrypted_Fragment()) == s
p = IKEv2_Encrypted_Fragment(s)
assert p.length == 8 and p.frag_number == 1
= Build and dissect UDP encapsulated IKEv1 packets
pkt = Ether() / IP() / UDP() / NON_ESP() / ISAKMP(init_cookie = b'\x01\x02\x03\x04\x05\x06\x07\x08', resp_cookie = b'\x08\x07\x06\x05\x04\x03\x02\x01')
pkt.show()
assert pkt[UDP].sport == 4500
assert pkt[UDP].dport == 4500
assert pkt[NON_ESP].non_esp == 0x00
assert pkt[ISAKMP].version == 0x10
assert pkt[ISAKMP].init_cookie == b'\x01\x02\x03\x04\x05\x06\x07\x08'
assert pkt[ISAKMP].resp_cookie == b'\x08\x07\x06\x05\x04\x03\x02\x01'
pkt = Ether(raw(pkt))
pkt.show()
assert pkt[UDP].sport == 4500
assert pkt[UDP].dport == 4500
assert pkt[NON_ESP].non_esp == 0x00
assert pkt[ISAKMP].version == 0x10
assert pkt[ISAKMP].init_cookie == b'\x01\x02\x03\x04\x05\x06\x07\x08'
assert pkt[ISAKMP].resp_cookie == b'\x08\x07\x06\x05\x04\x03\x02\x01'
# the IKEv1 and IKEv2 headers are compatible, so changing the version to 0x02...
pkt[ISAKMP].version = 0x20
# ...should turn the ISAKMP packet into an IKEv2 packet after building and dissecting
pkt = Ether(raw(pkt))
pkt.show()
assert pkt[UDP].sport == 4500
assert pkt[UDP].dport == 4500
assert pkt[NON_ESP].non_esp == 0x00
assert pkt[IKEv2].version == 0x20
assert pkt[IKEv2].init_SPI == b'\x01\x02\x03\x04\x05\x06\x07\x08'
assert pkt[IKEv2].resp_SPI == b'\x08\x07\x06\x05\x04\x03\x02\x01'
= Build and dissect UDP encapsulated IKEv2 packets
pkt = Ether() / IP() / UDP() / NON_ESP() / IKEv2(init_SPI = b'\x01\x02\x03\x04\x05\x06\x07\x08', resp_SPI = b'\x08\x07\x06\x05\x04\x03\x02\x01')
pkt.show()
assert pkt[UDP].sport == 4500
assert pkt[UDP].dport == 4500
assert pkt[NON_ESP].non_esp == 0x00
assert pkt[IKEv2].version == 0x20
assert pkt[IKEv2].init_SPI == b'\x01\x02\x03\x04\x05\x06\x07\x08'
assert pkt[IKEv2].resp_SPI == b'\x08\x07\x06\x05\x04\x03\x02\x01'
pkt = Ether(raw(pkt))
pkt.show()
assert pkt[UDP].sport == 4500
assert pkt[UDP].dport == 4500
assert pkt[NON_ESP].non_esp == 0x00
assert pkt[IKEv2].version == 0x20
assert pkt[IKEv2].init_SPI == b'\x01\x02\x03\x04\x05\x06\x07\x08'
assert pkt[IKEv2].resp_SPI == b'\x08\x07\x06\x05\x04\x03\x02\x01'
# the IKEv1 and IKEv2 headers are compatible, so changing the version to 0x01...
pkt[IKEv2].version = 0x10
# ...should turn the IKEv2 packet into an ISAKMP packet after building and dissecting
pkt = Ether(raw(pkt))
pkt.show()
assert pkt[UDP].sport == 4500
assert pkt[UDP].dport == 4500
assert pkt[NON_ESP].non_esp == 0x00
assert pkt[ISAKMP].version == 0x10
assert pkt[ISAKMP].init_cookie == b'\x01\x02\x03\x04\x05\x06\x07\x08'
assert pkt[ISAKMP].resp_cookie == b'\x08\x07\x06\x05\x04\x03\x02\x01'
= Build and dissect UDP encapsulated ESP packets
pkt = Ether() / IP() / UDP() / ESP(spi = 0x01020304)
pkt.show()
assert pkt[UDP].sport == 4500
assert pkt[UDP].dport == 4500
assert pkt[ESP].spi == 0x01020304
pkt = Ether(raw(pkt))
pkt.show()
assert pkt[UDP].sport == 4500
assert pkt[UDP].dport == 4500
assert pkt[ESP].spi == 0x01020304
= Build and dissect UDP encapsulated NAT-keepalive packets
pkt = Ether() / IP() / UDP() / NAT_KEEPALIVE()
pkt.show()
assert pkt[UDP].sport == 4500
assert pkt[UDP].dport == 4500
assert pkt[NAT_KEEPALIVE].nat_keepalive == 0xFF
pkt = Ether(b'DNm\xa4\xf6G`W\x18\x93\x9c\x7f\x08\x00E\x00\x00\x1d\xfb.\x00\x00\x80\x11\x9a\x16\xc0\xa8\x01\x1c>\x99\xa5-*\xca\x11\x94\x00\t\x1e\xf2\xff')
pkt.show()
assert pkt[UDP].dport == 4500
assert pkt[NAT_KEEPALIVE].nat_keepalive == 0xFF
+ Wireshark Captures
= IKEv2 key exchange with NAT-traversal
* Loads and dissects the four frames of the key exchange from a Wireshark
* capture and compares them with manually built scapy packets.
pcap = rdpcap(scapy_path("/test/pcaps/ikev2_nat_t.pcapng"), count=4)
ike_auth_request_encrypted_payload = binascii.unhexlify(''.join("""
be11 14ab1abe02954640 ce512b03d6527a50
dd17707ff420b9b5 b02d2874c57afdd3 fa95b15693017a12 8333c8d694f2cd61
e98b0717f65e1860 430f0699a4174af6 a6c929ff4114b686 f201f471ff9b191e
4d4cbd43dd994ef6 d5179b6845843d2d 1502f16d4356dc3b ad819c1b0549296b
dbe479878dbc8a8b e71f9017946bc198 ef010f83a69a5d81 a312be0df9afa949
e3f0807bd2785498 c0c492f0bcde5085 b2df1187657cbf23 e11c25558af278d0
1bceadf5548a8990 a6adea270410cb16 1786e0798ed8f047 3442b43399e42122
6f2ee1e2b0787dfc f56b7b32f3d0b02d 038764ce8ffee757 b94896763c68c2bb
2a94dec851dcf7e4 489ba8e431d1c63c f5d19a097674b513 58e6b5052a87dd48
bb3be834b06ab704 579fcac6f6bf647c 87b4c5c0b7353df6 0b55e32a75ac4ced
3c1724d32a068207 226769352b08eefb 195da55e29c3eea1 05f0fd024029e0d7
8b83757bd1b6052a 64febad6779cfca3 5b9a2529dc15d2a5 ee8825a2ab3e72ed
e84aaeb86e8debd6 2a9b3d6503dd6c1a 7e03b87b81578dc0 fb087a5ad2d6bf6b
d149d108defcabb5 721f8b4ebf1b9b78 80bdd2fc93856afe 4f54a32125964bbc
fd917239f5af1db9 cd3d188ab7165826 7a445c13d2147169 5da3f3a674c2baaf
5fd7636cc8ca4b43 142fd2588bb31fdd d6a42b20ebc03b01 04e8beb1356fc863
0bd95de8574e16fe 14cfa9a6455e20e9 eb08bf632cea53e7 c614277e32fa81d9
cb2efed29b04377a 748bfab753058349 f21a03fa5c5f478b c0bd993ca3e982b9
d19fa8d24306e46a b41d9bbfd1d2e2da 112b6c840cc7b86b 8e005aa71b5339d1
ff2eabb0124df2bf 910173c17380a7e3 85d22f94fa6e3f78 bce897a9a37e08c1
1124661701dfd643 bba0c4ab4d8e19bb 95478e272d61c1a1 6d4e562f25c3c0a1
69d39a84045183e2 684ac80ab6e18f20 dc4cc8d5b1d83293 07766d58695eff56
14c207e045152933 07f9dbeb621e1c25 665f75f55e1ae90c aa43a500fa1ecf18
3d7e7d46db8eae03 e1bc7a3aefab0c00 9884ca11e7889841 8459936a02699e5f
7f798d3c81de4933 a7f14f62aa5c31ae 2693089ca1df68a5 2cd338d5d2539053
5099dd4f0646318f 079822b43f5a47b7 db9eba75ef843a42 98fb9e695a349824
bef5ee441997f7c5 303c4f8288bb8be1 6cc72fc348c777ec 7ce8b0f032633890
f01fbeef028f3bb5 ffd1ec663e9304cf 745d4659fc67f32d cffffa9deae65066
5a2779b742057d71 86bd2603ce0946c4 1589d63fae9c404d 6c7f793a436c775a
d7d34f2dd609a272 4ac70b514a76d248 8eefb6fc2f3bd196 4dfc1a0d652e89a9
e0b3278bc2c4c961 19df82bdc3b1f99d 399b0dbf62d23ea3 a7e940177525130b
df5960b33b3d2d73 28d98a5fd9bbec2e 71404b77facc8053 a14feafd49bf150f
450384b99d392549 31f06ac18d225368 5c52b4ee6ad50337 dbce7f72bf56e4bf
55fdf3fd42c39c7d 65a48987ad84d1e0 c4e4543463c95a8e 646744240fdc00b6
0c009f4afd15b800 182a5004e4062557 e7b20115e01d1cc3 5eb8d01e22f0bf2d
bb2db84a970934d0 5f9b0d5e5350a45f 733a747e229eca56 087886a5c09efac8
0c9545e6d849189b 40d7e7b9da4a9f04 9fb0273c3a2ad370 a84d5e7db14c362c
c84483bbe70f2573 8116b11b877a7939 628a2dec6a590056 fdc7ce849770f12d
0f63a701e672cf93 75c68c4325e60e3e ae46c7dd014df09d 4594339fa5e82ab3
9de316df933694da e20120886403
""".split()))
ike_auth_response_encrypted_payload = binascii.unhexlify(''.join("""
0fb3 4e8905b03a3d9b97 70f3e63428ab00be
1bc29397bec721ef 9bd02e6cc64a309b 0c0dd67e4442f235 c201ccb5f6b8c8b0
26baaaf0dce597c0 dd610ebbc4aa2d07 8cbd6fdc2dd879a9 f3216edaabd965d8
5fe04a202615c5c6 08b0caf7db24dc08 4d0d86e560ccb75e 209941a2945bab45
0795b96cc4f03752 163825f1be62d009 038f29f25956f3e9 3648ea647af4fbea
52a19bbf16074ed3 9161cfd1a1695176 059cbfc48c57755f b1b1b397155171a0
b11e10d3f476512b 73687912265ccb6f 1fef5aa5dee1ffc3 a5ecc574a76d529b
884f819f859c015a a3977230a69657d7 1d54b5cfebcc135a 4010294fdc98db45
e933cfeca0d638b1 f3f42c863be5501c 105ebc0efc4a8dd2 e48fdc4f35a59068
5b1c073f6dd368fa 4ac1af60469f5ac0 d209445259a5ec1c e1ce59fad2dd60bb
11eae2a678095d99 7b69733553933371 b083e1f94d5bd71d b9fc9167068f4565
1f9de7b7cfa30e6f 54f65e2c9f1a6d88 ff7beff94532af43 ce9067db85fd3679
5a8ad841889285f4 f27d740d8da1429b 0764f789f314e20f 5a08258b4bdfd75d
7b7b9cb4b0bb7c2b a469ac24545f2fbe 0621bdaa76898cb6 cb3bbd334c6b6394
ef7e1cf31df2dd0b 86089a654b942f6e fb7ee5ba401200e0 d727791fc3f978dc
f446067cd054e664 69ea05784e61ce67 a1fe98a73d22962d 703ad51ff1091920
f111c2f1535197f8 72471fc2b482b55b 15bfb7525c4c1b4d 8b9a1b98534dcea5
8343e35e0ecb0164 953604b8687315b8 86509cc26b8730be f8ef669e77466628
2da94192b67f0c4a 56ff1f7b3a080e4f 0e9ed767d497e8d3 1807169a7c62b80c
c27c8e4907d59b02 a9d5fd0b9aa8ed96 7bd26a1ad6bce39b 562382ccfc6102d3
5d4cefd222eadfc4 cffff96f16e69c4a 7b7367dbf48a13c2 1c95ef3b3bf7e1fb
b240854e6c40b8a8 a8e957919e088d36 4e1da0c0130ae87b 83e980f6f14a9cfa
fe8e956d489a03aa c365767ec06cee58 04ed81cfe559a8a5 ed00e0ae964e2705
d2c9011390ba6afd 262b4527144ce8b6 4d438ebddd94eb2c e39c6c254547f0d4
27b4abf5217c9588 f96dc393517bfab2 50153321ddced8e2 dbb52454e342a483
1af575c5420b5d37 42aa9ae79e3e7187 3117fd36c856e1c0 317b4ad2d1d3fe38
b528eb3438210e14 d10e5d2d9feff9d8 1f6fdefde57da710 db7f72e03d154aba
61bacccd26c0a80f e710f55eb5bb59db 2c0aec7f1003fb4f 1ffd219932bc8e7f
4f7ced086f6c3067 7610e78a6e8e04dc 330cd2da1ffb181a e09b5b52b9ea366b
ea88329e2c2d6f51 68b1b2b7ac118861 a56cdc43402d89d6 26344a127a7cb39a
3f2e1a8ae35b72fa c0b8eb83622cd944 fe86bc8f340ea1a0 81fb980c9e6baa8e
f9c1b37d11b13d51 e0cf72aac6dbfab9 49f8443d4f3098f9 b022ea0fa25dd418
f9cc26d0b8358ddd 778204fd9da6374a 46c4cc1777485acc b9c3975a1c12d9f3
ac326a8e37ca3c17 31a0b6f163a4335c 1c589d52d8b82699 c0c1b31b6b58a7d6
76d3eeca77a0b4ee 289b11494a217031 d464e32c28e7c109 5afdad0297c5dd65
1ad1a856f330647a 4ba7be0eee67eace e4a8137709b1234e 07909fb464b5b4fe
f63e8829a9f066dc ecb8c12cf91836cd 7b7300b86ecea0f7 467b2991832c8380
3e5f02e1b663e064 e4bd991caa1bcadb 38d984595233f6aa 5c7079217ea5405e
72a515e9f787d3d9 0a48cb098216f8ff a94ddd0bd8634d48 2f4ffcb96dd81e66
0a4324eb34f6
""".split()))
frames = [
(
# i: frame number
0,
# title:
"IKE_SA_INIT request",
# data: raw frame data
binascii.unhexlify(''.join("""
005056eddb32000c 2930109e08004500 014cedc240004011 da45c0a8f583ac10
0f5c2aca11940138 97c9000000008992 2c915f35570e0000 0000000000002120
2208000000000000 012c220000280000 0024010100030300 000c01000014800e
0100030000080200 0005000000080400 0013280000480013 0000db253178440c
e776a794133cb8b6 9e5eb07473353657 0c64d7b630549c89 9c0712d828b37168
500885e051024578 afc75c101f73b894 3cad62d74a30f2be 1fca2b00002c09cb
538b2c3dbd4d0bb0 eec8d318cb801a9b 4715b207828d9b5f f1f4ec64ed588637
07bcf14ccf052b00 0014eb4c1b788afd 4a9cb7730a68d56c 53212b000014c61b
aca1f1a60cc10800 0000000000002b00 00184048b7d56ebc e88525e7de7f00d6
c2d3c00000002900 00144048b7d56ebc e88525e7de7f00d6 c2d3290000080000
402e290000080000 4016000000100000 402f000100020003 0004
""".split())),
# packet: Ether / IP / UDP / NON_ESP / IKEv2 / ...
Ether(dst='00:50:56:ed:db:32', src='00:0c:29:30:10:9e', type='IPv4') /
IP(version=4, ihl=5, tos=0x0, len=332, id=60866, flags='DF', frag=0, ttl=64, proto='udp', chksum=0xda45, src='192.168.245.131', dst='172.16.15.92') /
UDP(sport=10954, dport=4500, len=312, chksum=0x97c9) /
NON_ESP() /
IKEv2(
init_SPI=b'\x89\x92\x2c\x91\x5f\x35\x57\x0e',
resp_SPI=b'\x00\x00\x00\x00\x00\x00\x00\x00',
next_payload='SA',
version=0x20,
exch_type='IKE_SA_INIT',
flags='Initiator',
id=0,
length=300
) /
IKEv2_SA(
next_payload='KE',
flags='',
length=40,
prop=IKEv2_Proposal(
next_payload='None',
flags='',
length=36,
proposal=1,
proto='IKE',
trans_nb=3,
trans=(
IKEv2_Transform(
next_payload='Transform',
flags='',
length=12,
transform_type='Encryption',
res2=0,
transform_id='AES-GCM-16ICV',
key_length=256
) /
IKEv2_Transform(
next_payload='Transform',
flags='',
length=8,
transform_type='PRF',
res2=0,
transform_id='PRF_HMAC_SHA2_256'
) /
IKEv2_Transform(
next_payload='None',
flags='',
length=8,
transform_type='GroupDesc',
res2=0,
transform_id='256randECPgr'
)
)
)
) /
IKEv2_KE(
next_payload='Nonce',
flags='',
length=72,
group='256randECPgr',
res2=0,
ke=b'\xdb%1xD\x0c\xe7v\xa7\x94\x13<\xb8\xb6\x9e^\xb0ts56W\x0cd\xd7\xb60T\x9c\x89\x9c\x07\x12\xd8(\xb3qhP\x08\x85\xe0Q\x02Ex\xaf\xc7\\\x10\x1fs\xb8\x94<\xadb\xd7J0\xf2\xbe\x1f\xca'
) /
IKEv2_Nonce(
next_payload='VendorID',
flags='',
length=44,
nonce=b'\t\xcbS\x8b,=\xbdM\x0b\xb0\xee\xc8\xd3\x18\xcb\x80\x1a\x9bG\x15\xb2\x07\x82\x8d\x9b_\xf1\xf4\xecd\xedX\x867\x07\xbc\xf1L\xcf\x05'
) /
IKEv2_VendorID(
next_payload='VendorID',
flags='',
length=20,
vendorID=b'\xebL\x1bx\x8a\xfdJ\x9c\xb7s\nh\xd5lS!'
) /
IKEv2_VendorID(
next_payload='VendorID',
flags='',
length=20,
vendorID=b'\xc6\x1b\xac\xa1\xf1\xa6\x0c\xc1\x08\x00\x00\x00\x00\x00\x00\x00'
) /
IKEv2_VendorID(
next_payload='VendorID',
flags='',
length=24,
vendorID=b'@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3\xc0\x00\x00\x00'
) /
IKEv2_VendorID(
next_payload='Notify',
flags='',
length=20,
vendorID=b'@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3'
) /
IKEv2_Notify(
next_payload='Notify',
flags='',
length=8,
type='IKEV2_FRAGMENTATION_SUPPORTED',
) /
IKEv2_Notify(
next_payload='Notify',
flags='',
length=8,
type='REDIRECT_SUPPORTED',
) /
IKEv2_Notify(
next_payload='None',
flags='',
length=16,
type='SIGNATURE_HASH_ALGORITHMS',
notify=b'\x00\x01\x00\x02\x00\x03\x00\x04'
)
),
(
# i: frame number
1,
# title:
"IKE_SA_INIT response",
# data: raw frame data
binascii.unhexlify(''.join("""
000c2930109e0050 56eddb3208004500 0151a5dc00008011 2227ac100f5cc0a8
f58311942aca013d af99000000008992 2c915f35570e98d5 6d32e2a047422120
2220000000000000 0131220000280000 0024010100030300 000c01000014800e
0100030000080200 0005000000080400 0013280000480013 00001d9cd5974c95
0c95e0544483fb1f 7a9132f5fe8959c0 9ab3a54c779ff2bc f4522a030dc33b9d
5ddfeb99e028c0e8 ba7d80dfdcf12b15 16dbe180e6aec664 428b2600002c1d10
7dc5a7463da7d761 014139fb381af9cd 3b8c0181e6cd36a8 ae105e55aa7fe71f
5db1d36c29152b00 0005042b00001840 48b7d56ebce88525 e7de7f00d6c2d3c0
0000002b00001440 48b7d56ebce88525 e7de7f00d6c2d32b 000014c6f57ac398
f493208145b7581e 8789832900001485 817703c6e320d2ae 5a4dd02056c6d729
0000080000402e29 0000100000402f00 0100020003000400 00000800004014
""".split())),
# packet: Ether / IP / UDP / NON_ESP / IKEv2 / ...
Ether(dst='00:0c:29:30:10:9e', src='00:50:56:ed:db:32', type='IPv4') /
IP(version=4, ihl=5, tos=0x0, len=337, id=42460, flags='', frag=0, ttl=128,
proto='udp', chksum=0x2227, src='172.16.15.92', dst='192.168.245.131') /
UDP(sport=4500, dport=10954, len=317, chksum=0xaf99) /
NON_ESP() /
IKEv2(
init_SPI=b'\x89\x92\x2c\x91\x5f\x35\x57\x0e',
resp_SPI=b'\x98\xd5\x6d\x32\xe2\xa0\x47\x42',
next_payload='SA',
version=0x20,
exch_type='IKE_SA_INIT',
flags='Response',
id=0,
length=305
) /
IKEv2_SA(
next_payload='KE',
flags='',
length=40,
prop=IKEv2_Proposal(
next_payload='None',
flags='',
length=36,
proposal=1,
proto='IKE',
trans_nb=3,
trans=(
IKEv2_Transform(
next_payload='Transform',
flags='',
length=12,
transform_type='Encryption',
res2=0,
transform_id='AES-GCM-16ICV',
key_length=256
) /
IKEv2_Transform(
next_payload='Transform',
flags='',
length=8,
transform_type='PRF',
res2=0,
transform_id='PRF_HMAC_SHA2_256'
) /
IKEv2_Transform(
next_payload='None',
flags='',
length=8,
transform_type='GroupDesc',
res2=0,
transform_id='256randECPgr'
)
)
)
) /
IKEv2_KE(
next_payload='Nonce',
flags='',
length=72,
group='256randECPgr',
res2=0,
ke=b'\x1d\x9c\xd5\x97L\x95\x0c\x95\xe0TD\x83\xfb\x1fz\x912\xf5\xfe\x89Y\xc0\x9a\xb3\xa5Lw\x9f\xf2\xbc\xf4R*\x03\r\xc3;\x9d]\xdf\xeb\x99\xe0(\xc0\xe8\xba}\x80\xdf\xdc\xf1+\x15\x16\xdb\xe1\x80\xe6\xae\xc6dB\x8b'
) /
IKEv2_Nonce(
next_payload='CERTREQ',
flags='',
length=44,
nonce=b'\x1d\x10}\xc5\xa7F=\xa7\xd7a\x01A9\xfb8\x1a\xf9\xcd;\x8c\x01\x81\xe6\xcd6\xa8\xae\x10^U\xaa\x7f\xe7\x1f]\xb1\xd3l)\x15'
) /
IKEv2_CERTREQ(
next_payload='VendorID',
flags='',
length=5,
cert_encoding='X.509 Certificate - Signature',
cert_authority=b''
) /
IKEv2_VendorID(
next_payload='VendorID',
flags='',
length=24,
vendorID=b'@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3\xc0\x00\x00\x00'
) /
IKEv2_VendorID(
next_payload='VendorID',
flags='',
length=20,
vendorID=b'@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3'
) /
IKEv2_VendorID(
next_payload='VendorID',
flags='',
length=20,
vendorID=b'\xc6\xf5z\xc3\x98\xf4\x93 \x81E\xb7X\x1e\x87\x89\x83'
) /
IKEv2_VendorID(
next_payload='Notify',
flags='',
length=20,
vendorID=b'\x85\x81w\x03\xc6\xe3 \xd2\xaeZM\xd0 V\xc6\xd7'
) /
IKEv2_Notify(
next_payload='Notify',
flags='',
length=8,
type='IKEV2_FRAGMENTATION_SUPPORTED',
) /
IKEv2_Notify(
next_payload='Notify',
flags='',
length=16,
type='SIGNATURE_HASH_ALGORITHMS',
notify=b'\x00\x01\x00\x02\x00\x03\x00\x04'
) /
IKEv2_Notify(
next_payload='None',
flags='',
length=8,
type='MULTIPLE_AUTH_SUPPORTED'
)
),
(
# i: frame number
2,
# title:
"IKE_AUTH request",
# data: raw frame data
binascii.unhexlify(''.join("""
005056eddb32000c 2930109e08004500 0520edc640004011 d66dc0a8f583ac10
0f5c2aca1194050c 8eb0000000008992 2c915f35570e98d5 6d32e2a047422e20
2308000000010000 0500230004e4
""".split())) + ike_auth_request_encrypted_payload,
# packet: Ether / IP / UDP / NON_ESP / IKEv2 / ...
Ether(dst='00:50:56:ed:db:32', src='00:0c:29:30:10:9e', type='IPv4') /
IP(version=4, ihl=5, tos=0x0, len=1312, id=60870, flags='DF', frag=0, ttl=64,
proto='udp', chksum=0xd66d, src='192.168.245.131', dst='172.16.15.92') /
UDP(sport=10954, dport=4500, len=1292, chksum=0x8eb0) /
NON_ESP() /
IKEv2(
init_SPI=b'\x89\x92\x2c\x91\x5f\x35\x57\x0e',
resp_SPI=b'\x98\xd5\x6d\x32\xe2\xa0\x47\x42',
next_payload='Encrypted',
version=0x20,
exch_type='IKE_AUTH',
flags='Initiator',
id=1,
length=1280
) /
IKEv2_Encrypted(
next_payload='IDi',
flags='',
length=1252,
load = ike_auth_request_encrypted_payload
)
),
(
# i: frame number
3,
# title:
"IKE_AUTH response",
# data: raw frame data
binascii.unhexlify(''.join("""
000c2930109e0050 56eddb3208004500 0518a5dd00008011 1e5fac100f5cc0a8
f58311942aca0504 886e000000008992 2c915f35570e98d5 6d32e2a047422e20
2320000000010000 04f8240004dc
""".split())) + ike_auth_response_encrypted_payload,
# packet: Ether / IP / UDP / NON_ESP / IKEv2 / ...
Ether(dst='00:0c:29:30:10:9e', src='00:50:56:ed:db:32', type='IPv4') /
IP(version=4, ihl=5, tos=0x0, len=1304, id=42461, flags='', frag=0, ttl=128,
proto='udp', chksum=0x1e5f, src='172.16.15.92', dst='192.168.245.131') /
UDP(sport=4500, dport=10954, len=1284, chksum=0x886e) /
NON_ESP() /
IKEv2(
init_SPI=b'\x89\x92\x2c\x91\x5f\x35\x57\x0e',
resp_SPI=b'\x98\xd5\x6d\x32\xe2\xa0\x47\x42',
next_payload='Encrypted',
version=0x20,
exch_type='IKE_AUTH',
flags='Response',
id=1,
length=1272
) /
IKEv2_Encrypted(
next_payload='IDr',
flags='',
length=1244,
load=ike_auth_response_encrypted_payload
)
),
(
# i: frame number
-2,
# title:
"IKE_AUTH request, decrypted",
binascii.unhexlify(''.join("""
005056eddb32000c 2930109e08004500 0520edc640004011 d66dc0a8f583ac10
0f5c2aca1194050c 8eb0000000008992 2c915f35570e98d5 6d32e2a047422320
2308000000010000 0500250000120300 0000696b6576322d 63657274290002dc
04308202d3308202 79a0030201020204 01000013300a0608 2a8648ce3d040302
304b310b30090603 5504061302444531 0f300d0603550408 130642617965726e
310c300a06035504 0a13034e4350311d 301b060355040313 144e43502044656d
6f20434120454343 2032303530302218 0f32303136303830 343038303031335a
180f323035303038 3035303830303133 5a3074310b300906 0355040613024445
311a301806035504 0a0c1144656d6f20 4f7267616e697a61 74696f6e3110300e
060355040b0c0744 656d6f204f553110 300e06035504030c 07436c69656e7431
3125302306092a86 4886f70d01090116 16636c69656e7431 4064656d6f2e6e63
702d652e636f6d30 59301306072a8648 ce3d020106082a86 48ce3d0301070342
0004b74572a1b5dd 1c4cafdab7f06a92 913cab7ee2a55106 efa4056e2dc17369
600510553454e37e 69e9a08c5abae5a0 5a77e01ebb04e4b2 72fe349f12a34088
ceeaa382011c3082 011830090603551d 1304023000300b06 03551d0f04040302
05a0301d0603551d 250416301406082b 0601050507030206 082b060105050703
07301d0603551d0e 041604145a5e6aa2 9f89959131c17018 ef64dc2a8a4a4a6a
30750603551d2304 6e306c801425db6d 44dec7a03eb5f862 3ab18784546a0f04
09a14fa44d304b31 0b30090603550406 13024445310f300d 0603550408130642
617965726e310c30 0a060355040a1303 4e4350311d301b06 0355040313144e43
502044656d6f2043 4120454343203230 3530820302000230 490603551d110442
3040a026060a2b06 0104018237140203 a0180c16436c6965 6e74314064656d6f
2e6e63702d652e63 6f6d8116436c6965 6e74314064656d6f 2e6e63702d652e63
6f6d300a06082a86 48ce3d0403020348 0030450220602d76 6db7e07b70d88e38
10acc6cd350ccdda 1e60d77bd36ed6e6 0f869ef371022100 d1e3d278fcacf41c
d8380691363ad393 3d6bc293fae9c847 ddf6187bb0f06f49 2900000801004000
2600000801004008 270000410491c1dc 0f2a8f0e3bd7da99 1a43a39226355e42
29bcb62a0e9de979 fda864e3f06460dc aaff850759f48956 233865214e9a10e6
376f4c59b5c02f36 6d2f00005c0e0000 000c300a06082a86 48ce3d0403023045
022100c1486ab5b3 db4c8b08f3ae0613 20104c826fb0803b a1e6e30d58c8000b
ac514202205865ea 41bc99e0adfa2856 770efaff530f2e85 50da1d86f8504df0
04025fb12d210000 8001000000000100 0000020000000300 00000400004e2200
0000080000000900 00000a0000001900 0000070000700000 0070010000700200
004e2600004e2700 0070030000700400 0070050000700600 0070070000700800
00700900004e2300 004e240000700a00 004e250006646562 69616e700a000664
656269616e2c0000 2400000020010304 02c1a9656b030000 0c01000014800e00
8000000008050000 002d000018010000 00070000100000ff ff00000000ffffff
ff2b000018010000 00070000100000ff ffc0a8e100c0a8e1 ff2b000014afcad7
1368a1f1c96b8696 fc775701002b0000 14c61baca1f1a60c c208000000000000
002900001c4e6350 0a09b8e83c80b693 36268ec8f6000c29 30109e0000290000
080000400c000000 0800004014
""".split())),
Ether(dst='00:50:56:ed:db:32', src='00:0c:29:30:10:9e', type='IPv4') /
IP(version=4, ihl=5, tos=0x0, len=1312, id=60870, flags='DF', frag=0, ttl=64, proto='udp', chksum=0xd66d, src='192.168.245.131', dst='172.16.15.92') /
UDP(sport=10954, dport=4500, len=1292, chksum=0x8eb0) /
NON_ESP(non_esp=0x0) /
IKEv2(
init_SPI=b'\x89\x92\x2c\x91\x5f\x35\x57\x0e',
resp_SPI=b'\x98\xd5m2\xe2\xa0GB',
next_payload='IDi',
version=0x20,
exch_type='IKE_AUTH',
flags='Initiator',
id=1,
length=1280
) /
IKEv2_IDi(
next_payload='CERT',
flags='',
length=18,
IDtype='Email_addr',
res2=0x0,
ID='ikev2-cert'
) /
IKEv2_CERT(
next_payload='Notify', flags='', length=732,
cert_encoding='X.509 Certificate - Signature',
cert_data=X509_Cert(
tbsCertificate=X509_TBSCertificate(
version=ASN1_INTEGER(2),
serialNumber=ASN1_INTEGER(0x1000013),
signature=X509_AlgorithmIdentifier(
algorithm=ASN1_OID('ecdsa-with-SHA256'),
parameters=None
),
issuer=[
X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('countryName'), value=ASN1_PRINTABLE_STRING(b'DE'))),
X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('stateOrProvinceName'), value=ASN1_PRINTABLE_STRING(b'Bayern'))),
X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('organizationName'), value=ASN1_PRINTABLE_STRING(b'NCP'))),
X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('commonName'), value=ASN1_PRINTABLE_STRING(b'NCP Demo CA ECC 2050')))
],
validity=X509_Validity(
not_before=ASN1_GENERALIZED_TIME('20160804080013Z'),
not_after=ASN1_GENERALIZED_TIME('20500805080013Z')
),
subject=[
X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('countryName'), value=ASN1_PRINTABLE_STRING(b'DE'))),
X509_RDN(rdn=(X509_AttributeTypeAndValue(type=ASN1_OID('organizationName'), value=ASN1_UTF8_STRING(b'Demo Organization')))),
X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('organizationUnitName'), value=ASN1_UTF8_STRING(b'Demo OU'))),
X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('commonName'), value=ASN1_UTF8_STRING(b'Client1'))),
X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('emailAddress'), value=ASN1_IA5_STRING(b'client1@demo.ncp-e.com')))
],
subjectPublicKeyInfo=X509_SubjectPublicKeyInfo(
signatureAlgorithm=X509_AlgorithmIdentifier(
algorithm=ASN1_OID('ecPublicKey'),
parameters=ASN1_OID('prime256v1')),
subjectPublicKey=ECDSAPublicKey(
ecPoint=ASN1_BIT_STRING(
'000001001011011101000101011100101010000110110101110111010001110'
'001001100101011111101101010110111111100000110101010010010100100'
'010011110010101011011111101110001010100101010100010000011011101'
'111101001000000010101101110001011011100000101110011011010010110'
'000000000101000100000101010100110100010101001110001101111110011'
'010011110100110100000100011000101101010111010111001011010000001'
'011010011101111110000000011110101110110000010011100100101100100'
'111001011111110001101001001111100010010101000110100000010001000'
'1100111011101010'))),
issuerUniqueID=None,
subjectUniqueID=None,
extensions=[
X509_Extension(
extnID=ASN1_OID('basicConstraints'),
critical=None,
extnValue=X509_ExtBasicConstraints(cA=None, pathLenConstraint=None)
),
X509_Extension(
extnID=ASN1_OID('keyUsage'),
critical=None,
extnValue=X509_ExtKeyUsage(keyUsage=ASN1_BIT_STRING('101'))
),
X509_Extension(
extnID=ASN1_OID('extKeyUsage'),
critical=None,
extnValue=X509_ExtExtendedKeyUsage(
extendedKeyUsage=[
ASN1P_OID(oid=ASN1_OID('clientAuth')),
ASN1P_OID(oid=ASN1_OID('ipsecUser'))
]
)
),
X509_Extension(
extnID=ASN1_OID('subjectKeyIdentifier'),
critical=None,
extnValue=X509_ExtSubjectKeyIdentifier(
keyIdentifier=ASN1_STRING(b'Z^j\xa2\x9f\x89\x95\x911\xc1p\x18\xefd\xdc*\x8aJJj')
)
),
X509_Extension(
extnID=ASN1_OID('authorityKeyIdentifier'),
critical=None,
extnValue=X509_ExtAuthorityKeyIdentifier(
keyIdentifier=ASN1_STRING(b'%\xdbmD\xde\xc7\xa0>\xb5\xf8b:\xb1\x87\x84Tj\x0f\x04\t'),
authorityCertIssuer=X509_GeneralName(
generalName=X509_DirectoryName(
directoryName=[
X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('countryName'), value=ASN1_PRINTABLE_STRING(b'DE'))),
X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('stateOrProvinceName'), value=ASN1_PRINTABLE_STRING(b'Bayern'))),
X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('organizationName'), value=ASN1_PRINTABLE_STRING(b'NCP'))),
X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('commonName'), value=ASN1_PRINTABLE_STRING(b'NCP Demo CA ECC 2050')))
]
)
),
authorityCertSerialNumber=ASN1_INTEGER(0x20002)
)
),
X509_Extension(
extnID=ASN1_OID('subjectAltName'),
critical=None,
extnValue=X509_ExtSubjectAltName(
subjectAltName=[
X509_GeneralName(
generalName=X509_OtherName(
type_id=ASN1_OID('.1.3.6.1.4.1.311.20.2.3'),
value=ASN1_UTF8_STRING(b'Client1@demo.ncp-e.com')
)
),
X509_GeneralName(
generalName=X509_RFC822Name(
rfc822Name=ASN1_IA5_STRING(b'Client1@demo.ncp-e.com')
)
)
]
)
)
]
),
signatureAlgorithm=X509_AlgorithmIdentifier(
algorithm=ASN1_OID('ecdsa-with-SHA256'),
parameters=None
),
signatureValue=ECDSASignature(
r=ASN1_INTEGER(0x602d766db7e07b70d88e3810acc6cd350ccdda1e60d77bd36ed6e60f869ef371),
s=ASN1_INTEGER(0xd1e3d278fcacf41cd8380691363ad3933d6bc293fae9c847ddf6187bb0f06f49)
)
)
) /
IKEv2_Notify(
next_payload='Notify',
flags='',
length=8,
proto='IKE',
type='INITIAL_CONTACT',
notify=''
) /
IKEv2_Notify(
next_payload='CERTREQ',
flags='',
length=8,
proto='IKE',
type='HTTP_CERT_LOOKUP_SUPPORTED',
notify=''
) /
IKEv2_CERTREQ(
next_payload='AUTH',
flags='',
length=65,
cert_encoding='X.509 Certificate - Signature',
cert_authority=b'\x91\xc1\xdc\x0f*\x8f\x0e;\xd7\xda\x99\x1aC\xa3\x92&5^B)\xbc\xb6*\x0e\x9d\xe9y\xfd\xa8d\xe3\xf0d`\xdc\xaa\xff\x85\x07Y\xf4\x89V#8e!N\x9a\x10\xe67oLY\xb5\xc0/6m'
) /
IKEv2_AUTH(
next_payload='CP',
flags='',
length=92,
auth_type='Digital Signature',
res2=0x0,
load=b'\x0c0\n\x06\x08*\x86H\xce=\x04\x03\x020E\x02!\x00\xc1Hj\xb5\xb3\xdbL\x8b\x08\xf3\xae\x06\x13 \x10L\x82o\xb0\x80;\xa1\xe6\xe3\rX\xc8\x00\x0b\xacQB\x02 Xe\xeaA\xbc\x99\xe0\xad\xfa(Vw\x0e\xfa\xffS\x0f.\x85P\xda\x1d\x86\xf8PM\xf0\x04\x02_\xb1-'
) /
IKEv2_CP(
next_payload='SA',
flags='',
length=128,
CFGType='CFG_REQUEST',
res2=0x0,
attributes=[
ConfigurationAttribute(type='INTERNAL_IP4_ADDRESS', length=0, value=''),
ConfigurationAttribute(type='INTERNAL_IP4_NETMASK', length=0, value=''),
ConfigurationAttribute(type='INTERNAL_IP4_DNS', length=0, value=''),
ConfigurationAttribute(type='INTERNAL_IP4_NBNS', length=0, value=''),
ConfigurationAttribute(type=20002, length=0, value=''),
ConfigurationAttribute(type='INTERNAL_IP6_ADDRESS', length=0, value=''),
ConfigurationAttribute(type=9, length=0, value=''),
ConfigurationAttribute(type='INTERNAL_IP6_DNS', length=0, value=''),
ConfigurationAttribute(type='INTERNAL_DNS_DOMAIN', length=0, value=''),
ConfigurationAttribute(type='APPLICATION_VERSION', length=0, value=''),
ConfigurationAttribute(type=28672, length=0, value=''),
ConfigurationAttribute(type=28673, length=0, value=''),
ConfigurationAttribute(type=28674, length=0, value=''),
ConfigurationAttribute(type=20006, length=0, value=''),
ConfigurationAttribute(type=20007, length=0, value=''),
ConfigurationAttribute(type=28675, length=0, value=''),
ConfigurationAttribute(type=28676, length=0, value=''),
ConfigurationAttribute(type=28677, length=0, value=''),
ConfigurationAttribute(type=28678, length=0, value=''),
ConfigurationAttribute(type=28679, length=0, value=''),
ConfigurationAttribute(type=28680, length=0, value=''),
ConfigurationAttribute(type=28681, length=0, value=''),
ConfigurationAttribute(type=20003, length=0, value=''),
ConfigurationAttribute(type=20004, length=0, value=''),
ConfigurationAttribute(type=28682, length=0, value=''),
ConfigurationAttribute(type=20005, length=6, value='debian'),
ConfigurationAttribute(type=28682, length=6, value='debian')
]
) /
IKEv2_SA(
next_payload='TSi',
flags='',
length=36,
prop=IKEv2_Proposal(
next_payload='None',
flags='',
length=32,
proposal=1,
proto='ESP',
SPIsize=4,
trans_nb=2,
SPI=b'\xc1\xa9ek',
trans=IKEv2_Transform(flags='', length=12, transform_type='Encryption', res2=0, transform_id='AES-GCM-16ICV', key_length=128) /
IKEv2_Transform(flags='', length=8, transform_type='Extended Sequence Number', res2=0, transform_id='No ESN')
)
) /
IKEv2_TSi(
next_payload='TSr',
flags='',
length=24,
number_of_TSs=1,
res2=0x0,
traffic_selector=[
IPv4TrafficSelector(TS_type='TS_IPV4_ADDR_RANGE',
IP_protocol_ID='All protocols',
length=16,
start_port=0,
end_port=65535,
starting_address_v4='0.0.0.0',
ending_address_v4='255.255.255.255')
]
) /
IKEv2_TSr(
next_payload='VendorID',
flags='',
length=24,
number_of_TSs=1,
res2=0x0,
traffic_selector=[
IPv4TrafficSelector(
TS_type='TS_IPV4_ADDR_RANGE',
IP_protocol_ID='All protocols',
length=16,
start_port=0,
end_port=65535,
starting_address_v4='192.168.225.0',
ending_address_v4='192.168.225.255')
]
) /
IKEv2_VendorID(
next_payload='VendorID',
flags='',
length=20,
vendorID=b'\xaf\xca\xd7\x13h\xa1\xf1\xc9k\x86\x96\xfcwW\x01\x00'
) /
IKEv2_VendorID(
next_payload='VendorID',
flags='',