1##############################
2% IPsec layer regression tests
3##############################
4
5~ crypto
6
7###############################################################################
8+ IPv4 / ESP - Transport - Encryption Algorithms
9
10#######################################
11= IPv4 / ESP - Transport - NULL - NULL
12~ -crypto
13
14import socket
15
16p = IP(src='1.1.1.1', dst='2.2.2.2')
17p /= TCP(sport=45012, dport=80)
18p /= Raw('testdata')
19p = IP(raw(p))
20p
21
22sa = SecurityAssociation(ESP, spi=0x222,
23                         crypt_algo='NULL', crypt_key=None,
24                         auth_algo='NULL', auth_key=None)
25
26e = sa.encrypt(p)
27e
28
29assert(isinstance(e, IP))
30assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
31assert(e.chksum != p.chksum)
32assert(e.proto == socket.IPPROTO_ESP)
33assert(e.haslayer(ESP))
34assert(not e.haslayer(TCP))
35assert(e[ESP].spi == sa.spi)
36assert(b'testdata' in e[ESP].data)
37
38d = sa.decrypt(e)
39d
40
41* after decryption the original packet payload should be unaltered
42assert(d[TCP] == p[TCP])
43
44#######################################
45= IPv4 / ESP - Transport - DES - NULL
46
47p = IP(src='1.1.1.1', dst='2.2.2.2')
48p /= TCP(sport=45012, dport=80)
49p /= Raw('testdata')
50p = IP(raw(p))
51p
52
53sa = SecurityAssociation(ESP, spi=0x222,
54                         crypt_algo='DES', crypt_key=b'8bytekey',
55                         auth_algo='NULL', auth_key=None)
56
57e = sa.encrypt(p)
58e
59
60assert(isinstance(e, IP))
61assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
62assert(e.chksum != p.chksum)
63* the encrypted packet should have an ESP layer
64assert(e.proto == socket.IPPROTO_ESP)
65assert(e.haslayer(ESP))
66assert(not e.haslayer(TCP))
67assert(e[ESP].spi == sa.spi)
68* after encryption the original packet payload should NOT be readable
69assert(b'testdata' not in e[ESP].data)
70
71d = sa.decrypt(e)
72d
73
74* after decryption the original packet payload should be unaltered
75assert(d[TCP] == p[TCP])
76
77# Generated with Linux 4.4.0-62-generic #83-Ubuntu
78# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \
79#    mode tunnel enc 'cbc(des)' '0x38627974656b6579' auth digest_null '' flag align4
80ref = IP() \
81    / ESP(spi=0x222,
82          data=b'\x0f\x6d\x2f\x3d\x1e\xc1\x0b\xc2\xb6\x8f\xfd\x67\x39\xc0\x96\x2c'
83               b'\x17\x79\x88\xf6\xbc\x4d\xf7\x45\xd8\x36\x63\x86\xcd\x08\x7c\x08'
84               b'\x2b\xf8\xa2\x91\x18\x21\x88\xd9\x26\x00\xc5\x21\x24\xbf\x8f\xf5'
85               b'\x6c\x47\xb0\x3a\x8e\xdb\x75\x21\xd9\x33\x85\x5a\x15\xc6\x31\x00'
86               b'\x1c\xef\x3e\x12\xce\x70\xec\x8f\x48\xc7\x81\x9b\x66\xcb\xf5\x39'
87               b'\x91\xb3\x8e\x72\xfb\x7f\x64\x65\x6c\xf4\xa9\xf2\x5e\x63\x2f\x60',
88          seq=1)
89
90d_ref = sa.decrypt(ref)
91d_ref
92
93* Check for ICMP layer in decrypted reference
94assert(d_ref.haslayer(ICMP))
95
96#######################################
97= IPv4 / ESP - Transport - 3DES - NULL
98
99p = IP(src='1.1.1.1', dst='2.2.2.2')
100p /= TCP(sport=45012, dport=80)
101p /= Raw('testdata')
102p = IP(raw(p))
103p
104
105sa = SecurityAssociation(ESP, spi=0x222,
106                         crypt_algo='3DES', crypt_key=b'threedifferent8byteskeys',
107                         auth_algo='NULL', auth_key=None)
108
109e = sa.encrypt(p)
110e
111
112assert(isinstance(e, IP))
113assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
114assert(e.chksum != p.chksum)
115* the encrypted packet should have an ESP layer
116assert(e.proto == socket.IPPROTO_ESP)
117assert(e.haslayer(ESP))
118assert(not e.haslayer(TCP))
119assert(e[ESP].spi == sa.spi)
120* after encryption the original packet payload should NOT be readable
121assert(b'testdata' not in e[ESP].data)
122
123d = sa.decrypt(e)
124d
125
126* after decryption the original packet payload should be unaltered
127assert(d[TCP] == p[TCP])
128
129# Generated with Linux 4.4.0-62-generic #83-Ubuntu
130# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \
131#   mode tunnel enc 'cbc(des3_ede)' '0x7468726565646966666572656e743862797465736b657973' auth digest_null '' flag align4
132ref = IP() \
133    / ESP(spi=0x222,
134          data=b'\x36\x5c\x9b\x41\x37\xc8\x59\x1e\x39\x63\xe8\x6b\xf7\x0d\x97\x54'
135               b'\x13\x84\xf6\x81\x66\x19\xe7\xcb\x75\x94\xf1\x0b\x8e\xa3\xf1\xa0'
136               b'\x3e\x88\x51\xc4\x50\xd0\xa9\x1f\x16\x25\xc6\xbd\xe9\x0b\xdc\xae'
137               b'\xf8\x13\x00\xa3\x8c\x53\xee\x1c\x96\xc0\xfe\x99\x70\xab\x94\x77'
138               b'\xd7\xc4\xe8\xfd\x9f\x96\x28\xb8\x95\x20\x86\x7b\x19\xbc\x8f\xf5'
139               b'\x96\xb0\x7e\xcc\x04\x83\xae\x4d\xa3\xba\x1d\x44\xf0\xba\x2e\xcd',
140          seq=1)
141
142d_ref = sa.decrypt(ref)
143d_ref
144
145* Check for ICMP layer in decrypted reference
146assert(d_ref.haslayer(ICMP))
147
148#######################################
149= IPv4 / ESP - Transport - AES-CBC - NULL
150
151p = IP(src='1.1.1.1', dst='2.2.2.2')
152p /= TCP(sport=45012, dport=80)
153p /= Raw('testdata')
154p = IP(raw(p))
155p
156
157sa = SecurityAssociation(ESP, spi=0x222,
158                         crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key',
159                         auth_algo='NULL', auth_key=None)
160
161e = sa.encrypt(p)
162e
163
164assert(isinstance(e, IP))
165assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
166assert(e.chksum != p.chksum)
167assert(e.proto == socket.IPPROTO_ESP)
168assert(e.haslayer(ESP))
169assert(not e.haslayer(TCP))
170assert(e[ESP].spi == sa.spi)
171* after encryption the original packet payload should NOT be readable
172assert(b'testdata' not in e[ESP].data)
173
174d = sa.decrypt(e)
175d
176
177* after decryption the original packet payload should be unaltered
178assert(d[TCP] == p[TCP])
179
180# Generated with Linux 4.4.0-62-generic #83-Ubuntu
181# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \
182#   mode tunnel enc 'cbc(aes)' '0x7369787465656e6279746573206b6579' auth digest_null '' flag align4
183ref = IP() \
184    / ESP(spi=0x222,
185          data=b'\x08\x2f\x94\xe6\x53\xd8\x8e\x13\x70\xe8\xff\x61\x52\x90\x27\x3c'
186               b'\xf2\xb4\x1f\x75\xd2\xa0\xac\xae\x1c\xa8\x5e\x1c\x78\x21\x4c\x7f'
187               b'\xc3\x30\x17\x6a\x8d\xf3\xb1\xa7\xd1\xa8\x42\x01\xd6\x8d\x2d\x7e'
188               b'\x5d\x06\xdf\xaa\x05\x27\x42\xb1\x00\x12\xcf\xff\x64\x02\x5a\x40'
189               b'\xcd\xca\x1b\x91\xba\xf8\xc8\x59\xe7\xbd\x4d\x19\xb4\x8d\x39\x25'
190               b'\x6c\x73\xf1\x2d\xaa\xee\xe1\x0b\x71\xcd\xfc\x11\x1d\x56\xce\x60'
191               b'\xed\xd2\x32\x87\xd4\x90\xc3\xf5\x31\x47\x97\x69\x83\x82\x6d\x38',
192          seq=1)
193
194d_ref = sa.decrypt(ref)
195d_ref
196
197* Check for ICMP layer in decrypted reference
198assert(d_ref.haslayer(ICMP))
199
200#######################################
201= IPv4 / ESP - Transport - AES-CTR - NULL
202
203p = IP(src='1.1.1.1', dst='2.2.2.2')
204p /= TCP(sport=45012, dport=80)
205p /= Raw('testdata')
206p = IP(raw(p))
207p
208
209sa = SecurityAssociation(ESP, spi=0x222,
210                         crypt_algo='AES-CTR', crypt_key=b'16bytekey+4bytenonce',
211                         auth_algo='NULL', auth_key=None)
212
213e = sa.encrypt(p)
214e
215
216assert(isinstance(e, IP))
217assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
218assert(e.chksum != p.chksum)
219assert(e.proto == socket.IPPROTO_ESP)
220assert(e.haslayer(ESP))
221assert(not e.haslayer(TCP))
222assert(e[ESP].spi == sa.spi)
223* after encryption the original packet payload should NOT be readable
224assert(b'testdata' not in e[ESP].data)
225
226d = sa.decrypt(e)
227d
228
229* after decryption original packet should be preserved
230assert(d[TCP] == p[TCP])
231
232# Generated with Linux 4.4.0-62-generic #83-Ubuntu
233# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \
234#    mode tunnel enc 'rfc3686(ctr(aes))' '0x3136627974656b65792b34627974656e6f6e6365' auth digest_null '' flag align4
235ref = IP() \
236    / ESP(spi=0x222,
237          data=b'\xc4\xca\x09\x0f\x8b\xd3\x05\x3d\xac\x5a\x2f\x87\xca\x71\x10\x01'
238               b'\xa7\x95\xc9\x07\xcc\xd4\x05\x58\x65\x23\x22\x4b\x63\x9b\x1f\xef'
239               b'\x55\xb9\x1a\x91\x52\x76\x00\xf7\x94\x7b\x1d\xe1\x8e\x03\x2e\x85'
240               b'\xad\xdd\x83\x22\x8a\xc3\x88\x6e\x85\xf5\x9b\xed\xa9\x6e\xb1\xc3'
241               b'\x78\x00\x2f\xcd\x77\xe8\x3e\xec\x0e\x77\x94\xb2\x9b\x0f\x64\x5e'
242               b'\x09\x83\x03\x7d\x83\x22\x39\xbb\x94\x66\xae\x9f\xbf\x01\xda\xfb',
243          seq=1)
244
245d_ref = sa.decrypt(ref)
246d_ref
247
248* Check for ICMP layer in decrypted reference
249assert(d_ref.haslayer(ICMP))
250
251#######################################
252= IPv4 / ESP - Transport - Blowfish - NULL
253
254p = IP(src='1.1.1.1', dst='2.2.2.2')
255p /= TCP(sport=45012, dport=80)
256p /= Raw('testdata')
257p = IP(raw(p))
258p
259
260sa = SecurityAssociation(ESP, spi=0x222,
261                         crypt_algo='Blowfish', crypt_key=b'sixteenbytes key',
262                         auth_algo='NULL', auth_key=None)
263
264e = sa.encrypt(p)
265e
266
267assert(isinstance(e, IP))
268assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
269assert(e.chksum != p.chksum)
270assert(e.proto == socket.IPPROTO_ESP)
271assert(e.haslayer(ESP))
272assert(not e.haslayer(TCP))
273assert(e[ESP].spi == sa.spi)
274* after encryption the original packet payload should NOT be readable
275assert(b'testdata' not in e[ESP].data)
276
277d = sa.decrypt(e)
278d
279
280* after decryption original packet should be preserved
281assert(d[TCP] == p[TCP])
282
283# Generated with Linux 4.4.0-62-generic #83-Ubuntu
284# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \
285#    mode tunnel enc 'cbc(blowfish)' '0x7369787465656e6279746573206b6579' auth digest_null '' flag align4
286ref = IP() \
287    / ESP(spi=0x222,
288          data=b'\x93\x9f\x5a\x10\x55\x57\x30\xa0\xb4\x00\x72\x1e\x46\x42\x46\x20'
289               b'\xbc\x01\xef\xc3\x79\xcc\x3e\x55\x64\xba\x09\xc2\x6a\x5a\x5c\xb3'
290               b'\xcc\xb5\xd5\x87\x82\xb0\x0a\x94\x58\xfc\x50\x37\x40\xe1\x03\xd3'
291               b'\x4a\x09\xb2\x23\x53\x56\xa4\x45\x4c\xbb\x81\x1c\xdb\x31\xa7\x67'
292               b'\xbd\x38\x8e\xba\x55\xd9\x1f\xf1\x3c\xeb\x07\x4c\x02\xb0\x3e\xc5'
293               b'\xf6\x60\xdd\x68\xe1\xd4\xec\xee\x27\xc0\x6d\x1a\x80\xe2\xcc\x7d',
294          seq=1)
295
296d_ref = sa.decrypt(ref)
297d_ref
298
299* Check for ICMP layer in decrypted reference
300assert(d_ref.haslayer(ICMP))
301
302#######################################
303= IPv4 / ESP - Transport - CAST - NULL
304
305p = IP(src='1.1.1.1', dst='2.2.2.2')
306p /= TCP(sport=45012, dport=80)
307p /= Raw('testdata')
308p = IP(raw(p))
309p
310
311sa = SecurityAssociation(ESP, spi=0x222,
312                         crypt_algo='CAST', crypt_key=b'sixteenbytes key',
313                         auth_algo='NULL', auth_key=None)
314
315e = sa.encrypt(p)
316e
317
318assert(isinstance(e, IP))
319assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
320assert(e.chksum != p.chksum)
321assert(e.proto == socket.IPPROTO_ESP)
322assert(e.haslayer(ESP))
323assert(not e.haslayer(TCP))
324assert(e[ESP].spi == sa.spi)
325* after encryption the original packet payload should NOT be readable
326assert(b'testdata' not in e[ESP].data)
327
328d = sa.decrypt(e)
329d
330
331* after decryption original packet should be preserved
332assert(d[TCP] == p[TCP])
333
334# Generated with Linux 4.4.0-62-generic #83-Ubuntu
335# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \
336#    mode tunnel enc 'cbc(cast5)' '0x7369787465656e6279746573206b6579' auth digest_null '' flag align4
337ref = IP() \
338    / ESP(spi=0x222,
339          data=b'\xcd\x4a\x46\x05\x51\x54\x73\x35\x1d\xad\x4b\x10\xc1\x15\xe2\x70'
340               b'\xbc\x9c\x53\x8f\x4d\x1c\x87\x1a\xc1\xb0\xdf\x80\xd1\x0c\xa4\x59'
341               b'\xe6\x50\xde\x46\xdb\x3f\x28\xc2\xda\x6c\x2b\x81\x5e\x7c\x7b\x4f'
342               b'\xbc\x8d\xc1\x6d\x4a\x2b\x04\x91\x9e\xc4\x0b\xba\x05\xba\x3b\x71'
343               b'\xac\xe3\x16\xcf\x7f\x00\xc5\x87\x7d\x72\x48\xe6\x5b\x43\x19\x24'
344               b'\xae\xa6\x2c\xcc\xad\xbf\x37\x6c\x6e\xea\x71\x67\x73\xd6\x11\x9f',
345          seq=1)
346
347d_ref = sa.decrypt(ref)
348d_ref
349
350* Check for ICMP layer in decrypted reference
351assert(d_ref.haslayer(ICMP))
352
353###############################################################################
354+ IPv4 / ESP - Tunnel - Encryption Algorithms
355
356#######################################
357= IPv4 / ESP - Tunnel - NULL - NULL
358~ -crypto
359
360p = IP(src='1.1.1.1', dst='2.2.2.2')
361p /= TCP(sport=45012, dport=80)
362p /= Raw('testdata')
363p = IP(raw(p))
364p
365
366sa = SecurityAssociation(ESP, spi=0x222,
367                         crypt_algo='NULL', crypt_key=None,
368                         auth_algo='NULL', auth_key=None,
369                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
370
371e = sa.encrypt(p)
372e
373
374assert(isinstance(e, IP))
375* after encryption packet should be encapsulated with the given ip tunnel header
376assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
377assert(e.chksum != p.chksum)
378assert(e.proto == socket.IPPROTO_ESP)
379assert(e.haslayer(ESP))
380assert(not e.haslayer(TCP))
381assert(e[ESP].spi == sa.spi)
382assert(b'testdata' in e[ESP].data)
383
384d = sa.decrypt(e)
385d
386
387* after decryption the original packet payload should be unaltered
388assert(d[TCP] == p[TCP])
389
390#######################################
391= IPv4 / ESP - Tunnel - DES - NULL
392
393p = IP(src='1.1.1.1', dst='2.2.2.2')
394p /= TCP(sport=45012, dport=80)
395p /= Raw('testdata')
396p = IP(raw(p))
397p
398
399sa = SecurityAssociation(ESP, spi=0x222,
400                         crypt_algo='DES', crypt_key=b'8bytekey',
401                         auth_algo='NULL', auth_key=None,
402                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
403
404e = sa.encrypt(p)
405e
406
407assert(isinstance(e, IP))
408* after encryption packet should be encapsulated with the given ip tunnel header
409assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
410assert(e.chksum != p.chksum)
411* the encrypted packet should have an ESP layer
412assert(e.proto == socket.IPPROTO_ESP)
413assert(e.haslayer(ESP))
414assert(not e.haslayer(TCP))
415assert(e[ESP].spi == sa.spi)
416* after encryption the original packet payload should NOT be readable
417assert(b'testdata' not in e[ESP].data)
418
419d = sa.decrypt(e)
420d
421
422* after decryption the original packet payload should be unaltered
423assert(d[TCP] == p[TCP])
424
425#######################################
426= IPv4 / ESP - Tunnel - 3DES - NULL
427
428p = IP(src='1.1.1.1', dst='2.2.2.2')
429p /= TCP(sport=45012, dport=80)
430p /= Raw('testdata')
431p = IP(raw(p))
432p
433
434sa = SecurityAssociation(ESP, spi=0x222,
435                         crypt_algo='3DES', crypt_key=b'threedifferent8byteskeys',
436                         auth_algo='NULL', auth_key=None,
437                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
438
439e = sa.encrypt(p)
440e
441
442assert(isinstance(e, IP))
443* after encryption packet should be encapsulated with the given ip tunnel header
444assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
445assert(e.chksum != p.chksum)
446* the encrypted packet should have an ESP layer
447assert(e.proto == socket.IPPROTO_ESP)
448assert(e.haslayer(ESP))
449assert(not e.haslayer(TCP))
450assert(e[ESP].spi == sa.spi)
451* after encryption the original packet payload should NOT be readable
452assert(b'testdata' not in e[ESP].data)
453
454d = sa.decrypt(e)
455d
456
457* after decryption the original packet payload should be unaltered
458assert(d[TCP] == p[TCP])
459
460#######################################
461= IPv4 / ESP - Tunnel - AES-CBC - NULL
462
463p = IP(src='1.1.1.1', dst='2.2.2.2')
464p /= TCP(sport=45012, dport=80)
465p /= Raw('testdata')
466p = IP(raw(p))
467p
468
469sa = SecurityAssociation(ESP, spi=0x222,
470                         crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key',
471                         auth_algo='NULL', auth_key=None,
472                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
473
474e = sa.encrypt(p)
475e
476
477assert(isinstance(e, IP))
478* after encryption packet should be encapsulated with the given ip tunnel header
479assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
480assert(e.chksum != p.chksum)
481assert(e.proto == socket.IPPROTO_ESP)
482assert(e.haslayer(ESP))
483assert(not e.haslayer(TCP))
484assert(e[ESP].spi == sa.spi)
485* after encryption the original packet payload should NOT be readable
486assert(b'testdata' not in e[ESP].data)
487
488d = sa.decrypt(e)
489d
490
491* after decryption the original packet payload should be unaltered
492assert(d[TCP] == p[TCP])
493
494#######################################
495= IPv4 / ESP - Tunnel - AES-CTR - NULL
496
497p = IP(src='1.1.1.1', dst='2.2.2.2')
498p /= TCP(sport=45012, dport=80)
499p /= Raw('testdata')
500p = IP(raw(p))
501p
502
503sa = SecurityAssociation(ESP, spi=0x222,
504                         crypt_algo='AES-CTR', crypt_key=b'16bytekey+4bytenonce',
505                         auth_algo='NULL', auth_key=None,
506                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
507
508e = sa.encrypt(p)
509e
510
511assert(isinstance(e, IP))
512* after encryption packet should be encapsulated with the given ip tunnel header
513assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
514assert(e.chksum != p.chksum)
515assert(e.proto == socket.IPPROTO_ESP)
516assert(e.haslayer(ESP))
517assert(not e.haslayer(TCP))
518assert(e[ESP].spi == sa.spi)
519* after encryption the original packet payload should NOT be readable
520assert(b'testdata' not in e[ESP].data)
521
522d = sa.decrypt(e)
523d
524
525* after decryption original packet should be preserved
526assert(d[TCP] == p[TCP])
527
528#######################################
529= IPv4 / ESP - Tunnel - Blowfish - NULL
530
531p = IP(src='1.1.1.1', dst='2.2.2.2')
532p /= TCP(sport=45012, dport=80)
533p /= Raw('testdata')
534p = IP(raw(p))
535p
536
537sa = SecurityAssociation(ESP, spi=0x222,
538                         crypt_algo='Blowfish', crypt_key=b'sixteenbytes key',
539                         auth_algo='NULL', auth_key=None,
540                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
541
542e = sa.encrypt(p)
543e
544
545assert(isinstance(e, IP))
546* after encryption packet should be encapsulated with the given ip tunnel header
547assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
548assert(e.chksum != p.chksum)
549assert(e.proto == socket.IPPROTO_ESP)
550assert(e.haslayer(ESP))
551assert(not e.haslayer(TCP))
552assert(e[ESP].spi == sa.spi)
553* after encryption the original packet payload should NOT be readable
554assert(b'testdata' not in e[ESP].data)
555
556d = sa.decrypt(e)
557d
558
559* after decryption original packet should be preserved
560assert(d[TCP] == p[TCP])
561
562#######################################
563= IPv4 / ESP - Tunnel - CAST - NULL
564
565p = IP(src='1.1.1.1', dst='2.2.2.2')
566p /= TCP(sport=45012, dport=80)
567p /= Raw('testdata')
568p = IP(raw(p))
569p
570
571sa = SecurityAssociation(ESP, spi=0x222,
572                         crypt_algo='CAST', crypt_key=b'sixteenbytes key',
573                         auth_algo='NULL', auth_key=None,
574                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
575
576e = sa.encrypt(p)
577e
578
579assert(isinstance(e, IP))
580* after encryption packet should be encapsulated with the given ip tunnel header
581assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
582assert(e.chksum != p.chksum)
583assert(e.proto == socket.IPPROTO_ESP)
584assert(e.haslayer(ESP))
585assert(not e.haslayer(TCP))
586assert(e[ESP].spi == sa.spi)
587* after encryption the original packet payload should NOT be readable
588assert(b'testdata' not in e[ESP].data)
589
590d = sa.decrypt(e)
591d
592
593* after decryption original packet should be preserved
594assert(d[TCP] == p[TCP])
595
596###############################################################################
597+ IPv4 / ESP - Transport - Authentication Algorithms
598
599#######################################
600= IPv4 / ESP - Transport - NULL - HMAC-SHA1-96
601
602p = IP(src='1.1.1.1', dst='2.2.2.2')
603p /= TCP(sport=45012, dport=80)
604p /= Raw('testdata')
605p = IP(raw(p))
606p
607
608sa = SecurityAssociation(ESP, spi=0x222,
609                         crypt_algo='NULL', crypt_key=None,
610                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key')
611
612e = sa.encrypt(p)
613e
614
615assert(isinstance(e, IP))
616assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
617assert(e.chksum != p.chksum)
618assert(e.proto == socket.IPPROTO_ESP)
619assert(e.haslayer(ESP))
620assert(not e.haslayer(TCP))
621assert(e[ESP].spi == sa.spi)
622assert(b'testdata' in e[ESP].data)
623
624* integrity verification should pass
625d = sa.decrypt(e)
626
627* after decryption the original packet payload should be unaltered
628assert(d[TCP] == p[TCP])
629
630#######################################
631= IPv4 / ESP - Transport - NULL - HMAC-SHA1-96 - altered packet
632
633p = IP(src='1.1.1.1', dst='2.2.2.2')
634p /= TCP(sport=45012, dport=80)
635p /= Raw('testdata')
636p = IP(raw(p))
637p
638
639sa = SecurityAssociation(ESP, spi=0x222,
640                         crypt_algo='NULL', crypt_key=None,
641                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key')
642
643e = sa.encrypt(p)
644e
645
646assert(isinstance(e, IP))
647assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
648assert(e.chksum != p.chksum)
649assert(e.proto == socket.IPPROTO_ESP)
650assert(e.haslayer(ESP))
651assert(not e.haslayer(TCP))
652assert(e[ESP].spi == sa.spi)
653assert(b'testdata' in e[ESP].data)
654
655* simulate the alteration of the packet before decryption
656e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
657
658* integrity verification should fail
659try:
660    d = sa.decrypt(e)
661    assert(False)
662except IPSecIntegrityError as err:
663    err
664
665#######################################
666= IPv4 / ESP - Transport - NULL - SHA2-256-128
667
668p = IP(src='1.1.1.1', dst='2.2.2.2')
669p /= TCP(sport=45012, dport=80)
670p /= Raw('testdata')
671p = IP(raw(p))
672p
673
674sa = SecurityAssociation(ESP, spi=0x222,
675                         crypt_algo='NULL', crypt_key=None,
676                         auth_algo='SHA2-256-128', auth_key=b'secret key')
677
678e = sa.encrypt(p)
679e
680
681assert(isinstance(e, IP))
682assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
683assert(e.chksum != p.chksum)
684assert(e.proto == socket.IPPROTO_ESP)
685assert(e.haslayer(ESP))
686assert(not e.haslayer(TCP))
687assert(e[ESP].spi == sa.spi)
688* after encryption the original packet payload should be readable
689assert(b'testdata' in e[ESP].data)
690
691* integrity verification should pass
692d = sa.decrypt(e)
693
694* after decryption the original packet should be preserved
695assert(d == p)
696
697#######################################
698= IPv4 / ESP - Transport - NULL - SHA2-256-128 - altered packet
699
700p = IP(src='1.1.1.1', dst='2.2.2.2')
701p /= TCP(sport=45012, dport=80)
702p /= Raw('testdata')
703p = IP(raw(p))
704p
705
706sa = SecurityAssociation(ESP, spi=0x222,
707                         crypt_algo='NULL', crypt_key=None,
708                         auth_algo='SHA2-256-128', auth_key=b'secret key')
709
710e = sa.encrypt(p)
711e
712
713assert(isinstance(e, IP))
714assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
715assert(e.chksum != p.chksum)
716assert(e.proto == socket.IPPROTO_ESP)
717assert(e.haslayer(ESP))
718assert(not e.haslayer(TCP))
719assert(e[ESP].spi == sa.spi)
720* after encryption the original packet payload should be readable
721assert(b'testdata' in e[ESP].data)
722
723* simulate the alteration of the packet before decryption
724e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
725
726* integrity verification should fail
727try:
728    d = sa.decrypt(e)
729    assert(False)
730except IPSecIntegrityError as err:
731    err
732
733#######################################
734= IPv4 / ESP - Transport - NULL - SHA2-384-192
735
736p = IP(src='1.1.1.1', dst='2.2.2.2')
737p /= TCP(sport=45012, dport=80)
738p /= Raw('testdata')
739p = IP(raw(p))
740p
741
742sa = SecurityAssociation(ESP, spi=0x222,
743                         crypt_algo='NULL', crypt_key=None,
744                         auth_algo='SHA2-384-192', auth_key=b'secret key')
745
746e = sa.encrypt(p)
747e
748
749assert(isinstance(e, IP))
750assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
751assert(e.chksum != p.chksum)
752assert(e.proto == socket.IPPROTO_ESP)
753assert(e.haslayer(ESP))
754assert(not e.haslayer(TCP))
755assert(e[ESP].spi == sa.spi)
756* after encryption the original packet payload should be readable
757assert(b'testdata' in e[ESP].data)
758
759* integrity verification should pass
760d = sa.decrypt(e)
761
762* after decryption the original packet should be preserved
763assert(d == p)
764
765#######################################
766= IPv4 / ESP - Transport - NULL - SHA2-384-192 - altered packet
767
768p = IP(src='1.1.1.1', dst='2.2.2.2')
769p /= TCP(sport=45012, dport=80)
770p /= Raw('testdata')
771p = IP(raw(p))
772p
773
774sa = SecurityAssociation(ESP, spi=0x222,
775                         crypt_algo='NULL', crypt_key=None,
776                         auth_algo='SHA2-384-192', auth_key=b'secret key')
777
778e = sa.encrypt(p)
779e
780
781assert(isinstance(e, IP))
782assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
783assert(e.chksum != p.chksum)
784assert(e.proto == socket.IPPROTO_ESP)
785assert(e.haslayer(ESP))
786assert(not e.haslayer(TCP))
787assert(e[ESP].spi == sa.spi)
788* after encryption the original packet payload should be readable
789assert(b'testdata' in e[ESP].data)
790
791* simulate the alteration of the packet before decryption
792e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
793
794* integrity verification should fail
795try:
796    d = sa.decrypt(e)
797    assert(False)
798except IPSecIntegrityError as err:
799    err
800
801#######################################
802= IPv4 / ESP - Transport - NULL - SHA2-512-256
803
804p = IP(src='1.1.1.1', dst='2.2.2.2')
805p /= TCP(sport=45012, dport=80)
806p /= Raw('testdata')
807p = IP(raw(p))
808p
809
810sa = SecurityAssociation(ESP, spi=0x222,
811                         crypt_algo='NULL', crypt_key=None,
812                         auth_algo='SHA2-512-256', auth_key=b'secret key')
813
814e = sa.encrypt(p)
815e
816
817assert(isinstance(e, IP))
818assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
819assert(e.chksum != p.chksum)
820assert(e.proto == socket.IPPROTO_ESP)
821assert(e.haslayer(ESP))
822assert(not e.haslayer(TCP))
823assert(e[ESP].spi == sa.spi)
824* after encryption the original packet payload should be readable
825assert(b'testdata' in e[ESP].data)
826
827* integrity verification should pass
828d = sa.decrypt(e)
829
830* after decryption the original packet should be preserved
831assert(d == p)
832
833#######################################
834= IPv4 / ESP - Transport - NULL - SHA2-512-256 - altered packet
835
836p = IP(src='1.1.1.1', dst='2.2.2.2')
837p /= TCP(sport=45012, dport=80)
838p /= Raw('testdata')
839p = IP(raw(p))
840p
841
842sa = SecurityAssociation(ESP, spi=0x222,
843                         crypt_algo='NULL', crypt_key=None,
844                         auth_algo='SHA2-512-256', auth_key=b'secret key')
845
846e = sa.encrypt(p)
847e
848
849assert(isinstance(e, IP))
850assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
851assert(e.chksum != p.chksum)
852assert(e.proto == socket.IPPROTO_ESP)
853assert(e.haslayer(ESP))
854assert(not e.haslayer(TCP))
855assert(e[ESP].spi == sa.spi)
856* after encryption the original packet payload should be readable
857assert(b'testdata' in e[ESP].data)
858
859* simulate the alteration of the packet before decryption
860e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
861
862* integrity verification should fail
863try:
864    d = sa.decrypt(e)
865    assert(False)
866except IPSecIntegrityError as err:
867    err
868
869#######################################
870= IPv4 / ESP - Transport - NULL - HMAC-MD5-96
871
872p = IP(src='1.1.1.1', dst='2.2.2.2')
873p /= TCP(sport=45012, dport=80)
874p /= Raw('testdata')
875p = IP(raw(p))
876p
877
878sa = SecurityAssociation(ESP, spi=0x222,
879                         crypt_algo='NULL', crypt_key=None,
880                         auth_algo='HMAC-MD5-96', auth_key=b'secret key')
881
882e = sa.encrypt(p)
883e
884
885assert(isinstance(e, IP))
886assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
887assert(e.chksum != p.chksum)
888assert(e.proto == socket.IPPROTO_ESP)
889assert(e.haslayer(ESP))
890assert(not e.haslayer(TCP))
891assert(e[ESP].spi == sa.spi)
892* after encryption the original packet payload should be readable
893assert(b'testdata' in e[ESP].data)
894
895* integrity verification should pass
896d = sa.decrypt(e)
897
898* after decryption the original packet should be preserved
899assert(d == p)
900
901#######################################
902= IPv4 / ESP - Transport - NULL - HMAC-MD5-96 - altered packet
903
904p = IP(src='1.1.1.1', dst='2.2.2.2')
905p /= TCP(sport=45012, dport=80)
906p /= Raw('testdata')
907p = IP(raw(p))
908p
909
910sa = SecurityAssociation(ESP, spi=0x222,
911                         crypt_algo='NULL', crypt_key=None,
912                         auth_algo='HMAC-MD5-96', auth_key=b'secret key')
913
914e = sa.encrypt(p)
915e
916
917assert(isinstance(e, IP))
918assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
919assert(e.chksum != p.chksum)
920assert(e.proto == socket.IPPROTO_ESP)
921assert(e.haslayer(ESP))
922assert(not e.haslayer(TCP))
923assert(e[ESP].spi == sa.spi)
924* after encryption the original packet payload should be readable
925assert(b'testdata' in e[ESP].data)
926
927* simulate the alteration of the packet before decryption
928e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
929
930* integrity verification should fail
931try:
932    d = sa.decrypt(e)
933    assert(False)
934except IPSecIntegrityError as err:
935    err
936
937#######################################
938= IPv4 / ESP - Transport - NULL - AES-CMAC-96
939
940p = IP(src='1.1.1.1', dst='2.2.2.2')
941p /= TCP(sport=45012, dport=80)
942p /= Raw('testdata')
943p = IP(raw(p))
944p
945
946sa = SecurityAssociation(ESP, spi=0x222,
947                         crypt_algo='NULL', crypt_key=None,
948                         auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key')
949
950e = sa.encrypt(p)
951e
952
953assert(isinstance(e, IP))
954assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
955assert(e.chksum != p.chksum)
956assert(e.proto == socket.IPPROTO_ESP)
957assert(e.haslayer(ESP))
958assert(not e.haslayer(TCP))
959assert(e[ESP].spi == sa.spi)
960* after encryption the original packet payload should be readable
961assert(b'testdata' in e[ESP].data)
962
963* integrity verification should pass
964d = sa.decrypt(e)
965
966* after decryption the original packet should be preserved
967assert(d == p)
968
969#######################################
970= IPv4 / ESP - Transport - NULL - AES-CMAC-96 - altered packet
971
972p = IP(src='1.1.1.1', dst='2.2.2.2')
973p /= TCP(sport=45012, dport=80)
974p /= Raw('testdata')
975p = IP(raw(p))
976p
977
978sa = SecurityAssociation(ESP, spi=0x222,
979                         crypt_algo='NULL', crypt_key=None,
980                         auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key')
981
982e = sa.encrypt(p)
983e
984
985assert(isinstance(e, IP))
986assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
987assert(e.chksum != p.chksum)
988assert(e.proto == socket.IPPROTO_ESP)
989assert(e.haslayer(ESP))
990assert(not e.haslayer(TCP))
991assert(e[ESP].spi == sa.spi)
992* after encryption the original packet payload should be readable
993assert(b'testdata' in e[ESP].data)
994
995* simulate the alteration of the packet before decryption
996e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
997
998* integrity verification should fail
999try:
1000    d = sa.decrypt(e)
1001    assert(False)
1002except IPSecIntegrityError as err:
1003    err
1004
1005###############################################################################
1006+ IPv4 / ESP - Tunnel - Authentication Algorithms
1007
1008#######################################
1009= IPv4 / ESP - Tunnel - NULL - HMAC-SHA1-96
1010
1011p = IP(src='1.1.1.1', dst='2.2.2.2')
1012p /= TCP(sport=45012, dport=80)
1013p /= Raw('testdata')
1014p = IP(raw(p))
1015p
1016
1017sa = SecurityAssociation(ESP, spi=0x222,
1018                         crypt_algo='NULL', crypt_key=None,
1019                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key',
1020                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1021
1022e = sa.encrypt(p)
1023e
1024
1025assert(isinstance(e, IP))
1026* after encryption packet should be encapsulated with the given ip tunnel header
1027assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1028assert(e.chksum != p.chksum)
1029assert(e.proto == socket.IPPROTO_ESP)
1030assert(e.haslayer(ESP))
1031assert(not e.haslayer(TCP))
1032assert(e[ESP].spi == sa.spi)
1033assert(b'testdata' in e[ESP].data)
1034
1035* integrity verification should pass
1036d = sa.decrypt(e)
1037
1038* after decryption the original packet payload should be unaltered
1039assert(d[TCP] == p[TCP])
1040
1041#######################################
1042= IPv4 / ESP - Tunnel - NULL - HMAC-SHA1-96 - altered packet
1043
1044p = IP(src='1.1.1.1', dst='2.2.2.2')
1045p /= TCP(sport=45012, dport=80)
1046p /= Raw('testdata')
1047p = IP(raw(p))
1048p
1049
1050sa = SecurityAssociation(ESP, spi=0x222,
1051                         crypt_algo='NULL', crypt_key=None,
1052                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key',
1053                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1054
1055e = sa.encrypt(p)
1056e
1057
1058assert(isinstance(e, IP))
1059* after encryption packet should be encapsulated with the given ip tunnel header
1060assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1061assert(e.chksum != p.chksum)
1062assert(e.proto == socket.IPPROTO_ESP)
1063assert(e.haslayer(ESP))
1064assert(not e.haslayer(TCP))
1065assert(e[ESP].spi == sa.spi)
1066assert(b'testdata' in e[ESP].data)
1067
1068* simulate the alteration of the packet before decryption
1069e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
1070
1071* integrity verification should fail
1072try:
1073    d = sa.decrypt(e)
1074    assert(False)
1075except IPSecIntegrityError as err:
1076    err
1077
1078#######################################
1079= IPv4 / ESP - Tunnel - NULL - SHA2-256-128
1080
1081p = IP(src='1.1.1.1', dst='2.2.2.2')
1082p /= TCP(sport=45012, dport=80)
1083p /= Raw('testdata')
1084p = IP(raw(p))
1085p
1086
1087sa = SecurityAssociation(ESP, spi=0x222,
1088                         crypt_algo='NULL', crypt_key=None,
1089                         auth_algo='SHA2-256-128', auth_key=b'secret key',
1090                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1091
1092e = sa.encrypt(p)
1093e
1094
1095assert(isinstance(e, IP))
1096* after encryption packet should be encapsulated with the given ip tunnel header
1097assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1098assert(e.chksum != p.chksum)
1099assert(e.proto == socket.IPPROTO_ESP)
1100assert(e.haslayer(ESP))
1101assert(not e.haslayer(TCP))
1102assert(e[ESP].spi == sa.spi)
1103* after encryption the original packet payload should be readable
1104assert(b'testdata' in e[ESP].data)
1105
1106* integrity verification should pass
1107d = sa.decrypt(e)
1108
1109* after decryption the original packet should be preserved
1110assert(d == p)
1111
1112#######################################
1113= IPv4 / ESP - Tunnel - NULL - SHA2-256-128 - altered packet
1114
1115p = IP(src='1.1.1.1', dst='2.2.2.2')
1116p /= TCP(sport=45012, dport=80)
1117p /= Raw('testdata')
1118p = IP(raw(p))
1119p
1120
1121sa = SecurityAssociation(ESP, spi=0x222,
1122                         crypt_algo='NULL', crypt_key=None,
1123                         auth_algo='SHA2-256-128', auth_key=b'secret key',
1124                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1125
1126e = sa.encrypt(p)
1127e
1128
1129assert(isinstance(e, IP))
1130* after encryption packet should be encapsulated with the given ip tunnel header
1131assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1132assert(e.chksum != p.chksum)
1133assert(e.proto == socket.IPPROTO_ESP)
1134assert(e.haslayer(ESP))
1135assert(not e.haslayer(TCP))
1136assert(e[ESP].spi == sa.spi)
1137* after encryption the original packet payload should be readable
1138assert(b'testdata' in e[ESP].data)
1139
1140* simulate the alteration of the packet before decryption
1141e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
1142
1143* integrity verification should fail
1144try:
1145    d = sa.decrypt(e)
1146    assert(False)
1147except IPSecIntegrityError as err:
1148    err
1149
1150#######################################
1151= IPv4 / ESP - Tunnel - NULL - SHA2-384-192
1152
1153p = IP(src='1.1.1.1', dst='2.2.2.2')
1154p /= TCP(sport=45012, dport=80)
1155p /= Raw('testdata')
1156p = IP(raw(p))
1157p
1158
1159sa = SecurityAssociation(ESP, spi=0x222,
1160                         crypt_algo='NULL', crypt_key=None,
1161                         auth_algo='SHA2-384-192', auth_key=b'secret key',
1162                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1163
1164e = sa.encrypt(p)
1165e
1166
1167assert(isinstance(e, IP))
1168* after encryption packet should be encapsulated with the given ip tunnel header
1169assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1170assert(e.chksum != p.chksum)
1171assert(e.proto == socket.IPPROTO_ESP)
1172assert(e.haslayer(ESP))
1173assert(not e.haslayer(TCP))
1174assert(e[ESP].spi == sa.spi)
1175* after encryption the original packet payload should be readable
1176assert(b'testdata' in e[ESP].data)
1177
1178* integrity verification should pass
1179d = sa.decrypt(e)
1180
1181* after decryption the original packet should be preserved
1182assert(d == p)
1183
1184#######################################
1185= IPv4 / ESP - Tunnel - NULL - SHA2-384-192 - altered packet
1186
1187p = IP(src='1.1.1.1', dst='2.2.2.2')
1188p /= TCP(sport=45012, dport=80)
1189p /= Raw('testdata')
1190p = IP(raw(p))
1191p
1192
1193sa = SecurityAssociation(ESP, spi=0x222,
1194                         crypt_algo='NULL', crypt_key=None,
1195                         auth_algo='SHA2-384-192', auth_key=b'secret key',
1196                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1197
1198e = sa.encrypt(p)
1199e
1200
1201assert(isinstance(e, IP))
1202* after encryption packet should be encapsulated with the given ip tunnel header
1203assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1204assert(e.chksum != p.chksum)
1205assert(e.proto == socket.IPPROTO_ESP)
1206assert(e.haslayer(ESP))
1207assert(not e.haslayer(TCP))
1208assert(e[ESP].spi == sa.spi)
1209* after encryption the original packet payload should be readable
1210assert(b'testdata' in e[ESP].data)
1211
1212* simulate the alteration of the packet before decryption
1213e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
1214
1215* integrity verification should fail
1216try:
1217    d = sa.decrypt(e)
1218    assert(False)
1219except IPSecIntegrityError as err:
1220    err
1221
1222#######################################
1223= IPv4 / ESP - Tunnel - NULL - SHA2-512-256
1224
1225p = IP(src='1.1.1.1', dst='2.2.2.2')
1226p /= TCP(sport=45012, dport=80)
1227p /= Raw('testdata')
1228p = IP(raw(p))
1229p
1230
1231sa = SecurityAssociation(ESP, spi=0x222,
1232                         crypt_algo='NULL', crypt_key=None,
1233                         auth_algo='SHA2-512-256', auth_key=b'secret key',
1234                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1235
1236e = sa.encrypt(p)
1237e
1238
1239assert(isinstance(e, IP))
1240* after encryption packet should be encapsulated with the given ip tunnel header
1241assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1242assert(e.chksum != p.chksum)
1243assert(e.proto == socket.IPPROTO_ESP)
1244assert(e.haslayer(ESP))
1245assert(not e.haslayer(TCP))
1246assert(e[ESP].spi == sa.spi)
1247* after encryption the original packet payload should be readable
1248assert(b'testdata' in e[ESP].data)
1249
1250* integrity verification should pass
1251d = sa.decrypt(e)
1252
1253* after decryption the original packet should be preserved
1254assert(d == p)
1255
1256#######################################
1257= IPv4 / ESP - Tunnel - NULL - SHA2-512-256 - altered packet
1258
1259p = IP(src='1.1.1.1', dst='2.2.2.2')
1260p /= TCP(sport=45012, dport=80)
1261p /= Raw('testdata')
1262p = IP(raw(p))
1263p
1264
1265sa = SecurityAssociation(ESP, spi=0x222,
1266                         crypt_algo='NULL', crypt_key=None,
1267                         auth_algo='SHA2-512-256', auth_key=b'secret key',
1268                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1269
1270e = sa.encrypt(p)
1271e
1272
1273assert(isinstance(e, IP))
1274* after encryption packet should be encapsulated with the given ip tunnel header
1275assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1276assert(e.chksum != p.chksum)
1277assert(e.proto == socket.IPPROTO_ESP)
1278assert(e.haslayer(ESP))
1279assert(not e.haslayer(TCP))
1280assert(e[ESP].spi == sa.spi)
1281* after encryption the original packet payload should be readable
1282assert(b'testdata' in e[ESP].data)
1283
1284* simulate the alteration of the packet before decryption
1285e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
1286
1287* integrity verification should fail
1288try:
1289    d = sa.decrypt(e)
1290    assert(False)
1291except IPSecIntegrityError as err:
1292    err
1293
1294#######################################
1295= IPv4 / ESP - Tunnel - NULL - HMAC-MD5-96
1296
1297p = IP(src='1.1.1.1', dst='2.2.2.2')
1298p /= TCP(sport=45012, dport=80)
1299p /= Raw('testdata')
1300p = IP(raw(p))
1301p
1302
1303sa = SecurityAssociation(ESP, spi=0x222,
1304                         crypt_algo='NULL', crypt_key=None,
1305                         auth_algo='HMAC-MD5-96', auth_key=b'secret key',
1306                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1307
1308e = sa.encrypt(p)
1309e
1310
1311assert(isinstance(e, IP))
1312* after encryption packet should be encapsulated with the given ip tunnel header
1313assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1314assert(e.chksum != p.chksum)
1315assert(e.proto == socket.IPPROTO_ESP)
1316assert(e.haslayer(ESP))
1317assert(not e.haslayer(TCP))
1318assert(e[ESP].spi == sa.spi)
1319* after encryption the original packet payload should be readable
1320assert(b'testdata' in e[ESP].data)
1321
1322* integrity verification should pass
1323d = sa.decrypt(e)
1324
1325* after decryption the original packet should be preserved
1326assert(d == p)
1327
1328#######################################
1329= IPv4 / ESP - Tunnel - NULL - HMAC-MD5-96 - altered packet
1330
1331p = IP(src='1.1.1.1', dst='2.2.2.2')
1332p /= TCP(sport=45012, dport=80)
1333p /= Raw('testdata')
1334p = IP(raw(p))
1335p
1336
1337sa = SecurityAssociation(ESP, spi=0x222,
1338                         crypt_algo='NULL', crypt_key=None,
1339                         auth_algo='HMAC-MD5-96', auth_key=b'secret key',
1340                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1341
1342e = sa.encrypt(p)
1343e
1344
1345assert(isinstance(e, IP))
1346* after encryption packet should be encapsulated with the given ip tunnel header
1347assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1348assert(e.chksum != p.chksum)
1349assert(e.proto == socket.IPPROTO_ESP)
1350assert(e.haslayer(ESP))
1351assert(not e.haslayer(TCP))
1352assert(e[ESP].spi == sa.spi)
1353* after encryption the original packet payload should be readable
1354assert(b'testdata' in e[ESP].data)
1355
1356* simulate the alteration of the packet before decryption
1357e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
1358
1359* integrity verification should fail
1360try:
1361    d = sa.decrypt(e)
1362    assert(False)
1363except IPSecIntegrityError as err:
1364    err
1365
1366#######################################
1367= IPv4 / ESP - Tunnel - NULL - AES-CMAC-96
1368
1369p = IP(src='1.1.1.1', dst='2.2.2.2')
1370p /= TCP(sport=45012, dport=80)
1371p /= Raw('testdata')
1372p = IP(raw(p))
1373p
1374
1375sa = SecurityAssociation(ESP, spi=0x222,
1376                         crypt_algo='NULL', crypt_key=None,
1377                         auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key',
1378                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1379
1380e = sa.encrypt(p)
1381e
1382
1383assert(isinstance(e, IP))
1384* after encryption packet should be encapsulated with the given ip tunnel header
1385assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1386assert(e.chksum != p.chksum)
1387assert(e.proto == socket.IPPROTO_ESP)
1388assert(e.haslayer(ESP))
1389assert(not e.haslayer(TCP))
1390assert(e[ESP].spi == sa.spi)
1391* after encryption the original packet payload should be readable
1392assert(b'testdata' in e[ESP].data)
1393
1394* integrity verification should pass
1395d = sa.decrypt(e)
1396
1397* after decryption the original packet should be preserved
1398assert(d == p)
1399
1400#######################################
1401= IPv4 / ESP - Tunnel - NULL - AES-CMAC-96 - altered packet
1402
1403p = IP(src='1.1.1.1', dst='2.2.2.2')
1404p /= TCP(sport=45012, dport=80)
1405p /= Raw('testdata')
1406p = IP(raw(p))
1407p
1408
1409sa = SecurityAssociation(ESP, spi=0x222,
1410                         crypt_algo='NULL', crypt_key=None,
1411                         auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key',
1412                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1413
1414e = sa.encrypt(p)
1415e
1416
1417assert(isinstance(e, IP))
1418* after encryption packet should be encapsulated with the given ip tunnel header
1419assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1420assert(e.chksum != p.chksum)
1421assert(e.proto == socket.IPPROTO_ESP)
1422assert(e.haslayer(ESP))
1423assert(not e.haslayer(TCP))
1424assert(e[ESP].spi == sa.spi)
1425* after encryption the original packet payload should be readable
1426assert(b'testdata' in e[ESP].data)
1427
1428* simulate the alteration of the packet before decryption
1429e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
1430
1431* integrity verification should fail
1432try:
1433    d = sa.decrypt(e)
1434    assert(False)
1435except IPSecIntegrityError as err:
1436    err
1437
1438###############################################################################
1439+ IPv4 / ESP - Encryption + Authentication
1440
1441#######################################
1442= IPv4 / ESP - Transport - AES-CBC - HMAC-SHA1-96
1443
1444p = IP(src='1.1.1.1', dst='2.2.2.2')
1445p /= TCP(sport=45012, dport=80)
1446p /= Raw('testdata')
1447p = IP(raw(p))
1448p
1449
1450sa = SecurityAssociation(ESP, spi=0x222,
1451                         crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key',
1452                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key')
1453
1454e = sa.encrypt(p)
1455e
1456
1457assert(isinstance(e, IP))
1458assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
1459assert(e.chksum != p.chksum)
1460assert(e.proto == socket.IPPROTO_ESP)
1461assert(e.haslayer(ESP))
1462assert(not e.haslayer(TCP))
1463assert(e[ESP].spi == sa.spi)
1464* after encryption the original packet payload should NOT be readable
1465assert(b'testdata' not in e[ESP].data)
1466
1467d = sa.decrypt(e)
1468d
1469
1470* after decryption the original packet payload should be unaltered
1471assert(d[TCP] == p[TCP])
1472
1473#######################################
1474= IPv4 / ESP - Transport - AES-CBC - HMAC-SHA1-96 - altered packet
1475
1476p = IP(src='1.1.1.1', dst='2.2.2.2')
1477p /= TCP(sport=45012, dport=80)
1478p /= Raw('testdata')
1479p = IP(raw(p))
1480p
1481
1482sa = SecurityAssociation(ESP, spi=0x222,
1483                         crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key',
1484                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key')
1485
1486e = sa.encrypt(p)
1487e
1488
1489assert(isinstance(e, IP))
1490assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
1491assert(e.chksum != p.chksum)
1492assert(e.proto == socket.IPPROTO_ESP)
1493assert(e.haslayer(ESP))
1494assert(not e.haslayer(TCP))
1495assert(e[ESP].spi == sa.spi)
1496* after encryption the original packet payload should NOT be readable
1497assert(b'testdata' not in e[ESP].data)
1498
1499* simulate the alteration of the packet before decryption
1500e[ESP].seq += 1
1501
1502* integrity verification should fail
1503try:
1504    d = sa.decrypt(e)
1505    assert(False)
1506except IPSecIntegrityError as err:
1507    err
1508
1509#######################################
1510= IPv4 / ESP - Transport - AES-GCM - NULL
1511
1512p = IP(src='1.1.1.1', dst='2.2.2.2')
1513p /= TCP(sport=45012, dport=80)
1514p /= Raw('testdata')
1515p = IP(raw(p))
1516p
1517
1518sa = SecurityAssociation(ESP, spi=0x222,
1519                         crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce',
1520                         auth_algo='NULL', auth_key=None)
1521
1522e = sa.encrypt(p)
1523e
1524
1525assert(isinstance(e, IP))
1526assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
1527assert(e.chksum != p.chksum)
1528assert(e.proto == socket.IPPROTO_ESP)
1529assert(e.haslayer(ESP))
1530assert(not e.haslayer(TCP))
1531assert(e[ESP].spi == sa.spi)
1532* after encryption the original packet payload should NOT be readable
1533assert(b'testdata' not in e[ESP].data)
1534
1535d = sa.decrypt(e)
1536d
1537
1538* after decryption original packet should be preserved
1539assert(d[TCP] == p[TCP])
1540
1541# Generated with Linux 4.4.0-62-generic #83-Ubuntu
1542# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \
1543#    mode tunnel aead 'rfc4106(gcm(aes))' '0x3136627974656b65792b34627974656e6f6e6365' 128 flag align4
1544ref = IP() \
1545    / ESP(spi=0x222,
1546          data=b'\x66\x00\x28\x86\xe9\xdf\xc5\x24\xb0\xbd\xfd\x62\x61\x7e\xd3\x76'
1547               b'\x7b\x48\x28\x8e\x76\xaa\xea\x48\xb8\x40\x30\x8a\xce\x50\x71\xbb'
1548               b'\xc0\xb2\x47\x71\xd7\xa4\xa0\xcb\x03\x68\xd3\x16\x5a\x7c\x37\x84'
1549               b'\x87\xc7\x19\x59\xb4\x7c\x76\xe3\x48\xc0\x90\x4b\xd2\x36\x95\xc1'
1550               b'\xb7\xa4\xb6\x7b\x89\xe6\x4f\x10\xae\xdb\x84\x47\x46\x00\xb4\x44'
1551               b'\xe6\x6d\x16\x55\x5f\x82\x36\xa5\x49\xf7\x52\x81\x65\x90\x4d\x28'
1552               b'\x92\xb2\xe3\xf1\xa4\x02\xd2\x37\xac\x0b\x7a\x10\xcf\x64\x46\xb9',
1553          seq=1)
1554
1555d_ref = sa.decrypt(ref)
1556d_ref
1557
1558* Check for ICMP layer in decrypted reference
1559assert(d_ref.haslayer(ICMP))
1560
1561#######################################
1562= IPv4 / ESP - Transport - AES-GCM - NULL - altered packet
1563
1564p = IP(src='1.1.1.1', dst='2.2.2.2')
1565p /= TCP(sport=45012, dport=80)
1566p /= Raw('testdata')
1567p = IP(raw(p))
1568p
1569
1570sa = SecurityAssociation(ESP, spi=0x222,
1571                         crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce',
1572                         auth_algo='NULL', auth_key=None)
1573
1574e = sa.encrypt(p)
1575e
1576
1577assert(isinstance(e, IP))
1578assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
1579assert(e.chksum != p.chksum)
1580assert(e.proto == socket.IPPROTO_ESP)
1581assert(e.haslayer(ESP))
1582assert(not e.haslayer(TCP))
1583assert(e[ESP].spi == sa.spi)
1584* after encryption the original packet payload should NOT be readable
1585assert(b'testdata' not in e[ESP].data)
1586
1587* simulate the alteration of the packet before decryption
1588e[ESP].seq += 1
1589
1590* integrity verification should fail
1591try:
1592    d = sa.decrypt(e)
1593    assert(False)
1594except IPSecIntegrityError as err:
1595    err
1596
1597#######################################
1598= IPv4 / ESP - Transport - AES-CCM - NULL
1599~ crypto_advanced
1600
1601p = IP(src='1.1.1.1', dst='2.2.2.2')
1602p /= TCP(sport=45012, dport=80)
1603p /= Raw('testdata')
1604p = IP(raw(p))
1605p
1606
1607sa = SecurityAssociation(ESP, spi=0x222,
1608                         crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce',
1609                         auth_algo='NULL', auth_key=None)
1610
1611e = sa.encrypt(p)
1612e
1613
1614assert(isinstance(e, IP))
1615* after encryption packet should be encapsulated with the given ip tunnel header
1616assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1617assert(e.chksum != p.chksum)
1618assert(e.proto == socket.IPPROTO_ESP)
1619assert(e.haslayer(ESP))
1620assert(not e.haslayer(TCP))
1621assert(e[ESP].spi == sa.spi)
1622* after encryption the original packet payload should NOT be readable
1623assert(b'testdata' not in e[ESP].data)
1624
1625d = sa.decrypt(e)
1626d
1627
1628* after decryption original packet should be preserved
1629assert(d == p)
1630
1631# Generated with Linux 4.4.0-62-generic #83-Ubuntu
1632# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \
1633#    mode tunnel aead 'rfc4309(ccm(aes))' '0x3136627974656b657933627974656e6f6e6365' 64
1634ref = IP() \
1635    / ESP(spi=0x222,
1636          data=b'\x2e\x02\x9f\x1f\xad\x76\x80\x58\x8f\xeb\x45\xf1\x66\xe3\xad\xa6'
1637               b'\x90\x1b\x2b\x7d\xd3\x3d\xa4\x53\x35\xc8\xfa\x92\xfd\xd7\x42\x2f'
1638               b'\x87\x60\x9b\x46\xb0\x21\x5e\x82\xfb\x2f\x59\xba\xf0\x6c\xe5\x51'
1639               b'\xb8\x36\x20\x88\xfe\x49\x86\x60\xe8\x0a\x3d\x36\xb5\x8a\x08\xa9'
1640               b'\x5e\xe3\x87\xfa\x93\x3f\xe8\xc2\xc5\xbf\xb1\x2e\x6f\x7d\xc5\xa5'
1641               b'\xd8\xe5\xf3\x25\x21\x81\x43\x16\x48\x10\x7c\x04\x31\x20\x07\x7c'
1642               b'\x7b\xda\x5d\x1a\x72\x45\xc4\x79',
1643          seq=1)
1644
1645d_ref = sa.decrypt(ref)
1646d_ref
1647
1648* Check for ICMP layer in decrypted reference
1649assert(d_ref.haslayer(ICMP))
1650
1651#######################################
1652= IPv4 / ESP - Transport - AES-CCM - NULL - altered packet
1653~ crypto_advanced
1654
1655p = IP(src='1.1.1.1', dst='2.2.2.2')
1656p /= TCP(sport=45012, dport=80)
1657p /= Raw('testdata')
1658p = IP(raw(p))
1659p
1660
1661sa = SecurityAssociation(ESP, spi=0x222,
1662                         crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce',
1663                         auth_algo='NULL', auth_key=None)
1664
1665e = sa.encrypt(p)
1666e
1667
1668assert(isinstance(e, IP))
1669* after encryption packet should be encapsulated with the given ip tunnel header
1670assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1671assert(e.chksum != p.chksum)
1672assert(e.proto == socket.IPPROTO_ESP)
1673assert(e.haslayer(ESP))
1674assert(not e.haslayer(TCP))
1675assert(e[ESP].spi == sa.spi)
1676* after encryption the original packet payload should NOT be readable
1677assert(b'testdata' not in e[ESP].data)
1678
1679* simulate the alteration of the packet before decryption
1680e[ESP].seq += 1
1681
1682* integrity verification should fail
1683try:
1684    d = sa.decrypt(e)
1685    assert(False)
1686except IPSecIntegrityError as err:
1687    err
1688
1689#######################################
1690= IPv4 / ESP - Tunnel - AES-CBC - HMAC-SHA1-96
1691
1692p = IP(src='1.1.1.1', dst='2.2.2.2')
1693p /= TCP(sport=45012, dport=80)
1694p /= Raw('testdata')
1695p = IP(raw(p))
1696p
1697
1698sa = SecurityAssociation(ESP, spi=0x222,
1699                         crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key',
1700                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key',
1701                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1702
1703e = sa.encrypt(p)
1704e
1705
1706assert(isinstance(e, IP))
1707* after encryption packet should be encapsulated with the given ip tunnel header
1708assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1709assert(e.chksum != p.chksum)
1710assert(e.proto == socket.IPPROTO_ESP)
1711assert(e.haslayer(ESP))
1712assert(not e.haslayer(TCP))
1713assert(e[ESP].spi == sa.spi)
1714* after encryption the original packet payload should NOT be readable
1715assert(b'testdata' not in e[ESP].data)
1716
1717d = sa.decrypt(e)
1718d
1719
1720* after decryption the original packet payload should be unaltered
1721assert(d[TCP] == p[TCP])
1722
1723#######################################
1724= IPv4 / ESP - Tunnel - AES-CBC - HMAC-SHA1-96 - altered packet
1725
1726p = IP(src='1.1.1.1', dst='2.2.2.2')
1727p /= TCP(sport=45012, dport=80)
1728p /= Raw('testdata')
1729p = IP(raw(p))
1730p
1731
1732sa = SecurityAssociation(ESP, spi=0x222,
1733                         crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key',
1734                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key',
1735                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1736
1737e = sa.encrypt(p)
1738e
1739
1740assert(isinstance(e, IP))
1741* after encryption packet should be encapsulated with the given ip tunnel header
1742assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1743assert(e.chksum != p.chksum)
1744assert(e.proto == socket.IPPROTO_ESP)
1745assert(e.haslayer(ESP))
1746assert(not e.haslayer(TCP))
1747assert(e[ESP].spi == sa.spi)
1748* after encryption the original packet payload should NOT be readable
1749assert(b'testdata' not in e[ESP].data)
1750
1751* simulate the alteration of the packet before decryption
1752e[ESP].seq += 1
1753
1754* integrity verification should fail
1755try:
1756    d = sa.decrypt(e)
1757    assert(False)
1758except IPSecIntegrityError as err:
1759    err
1760
1761#######################################
1762= IPv4 / ESP - Tunnel - AES-GCM - NULL
1763
1764p = IP(src='1.1.1.1', dst='2.2.2.2')
1765p /= TCP(sport=45012, dport=80)
1766p /= Raw('testdata')
1767p = IP(raw(p))
1768p
1769
1770sa = SecurityAssociation(ESP, spi=0x222,
1771                         crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce',
1772                         auth_algo='NULL', auth_key=None,
1773                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1774
1775e = sa.encrypt(p)
1776e
1777
1778assert(isinstance(e, IP))
1779* after encryption packet should be encapsulated with the given ip tunnel header
1780assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1781assert(e.chksum != p.chksum)
1782assert(e.proto == socket.IPPROTO_ESP)
1783assert(e.haslayer(ESP))
1784assert(not e.haslayer(TCP))
1785assert(e[ESP].spi == sa.spi)
1786* after encryption the original packet payload should NOT be readable
1787assert(b'testdata' not in e[ESP].data)
1788
1789d = sa.decrypt(e)
1790d
1791
1792* after decryption original packet should be preserved
1793assert(d[TCP] == p[TCP])
1794
1795#######################################
1796= IPv4 / ESP - Tunnel - AES-GCM - NULL - altered packet
1797
1798p = IP(src='1.1.1.1', dst='2.2.2.2')
1799p /= TCP(sport=45012, dport=80)
1800p /= Raw('testdata')
1801p = IP(raw(p))
1802p
1803
1804sa = SecurityAssociation(ESP, spi=0x222,
1805                         crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce',
1806                         auth_algo='NULL', auth_key=None,
1807                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1808
1809e = sa.encrypt(p)
1810e
1811
1812assert(isinstance(e, IP))
1813* after encryption packet should be encapsulated with the given ip tunnel header
1814assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1815assert(e.chksum != p.chksum)
1816assert(e.proto == socket.IPPROTO_ESP)
1817assert(e.haslayer(ESP))
1818assert(not e.haslayer(TCP))
1819assert(e[ESP].spi == sa.spi)
1820* after encryption the original packet payload should NOT be readable
1821assert(b'testdata' not in e[ESP].data)
1822
1823* simulate the alteration of the packet before decryption
1824e[ESP].seq += 1
1825
1826* integrity verification should fail
1827try:
1828    d = sa.decrypt(e)
1829    assert(False)
1830except IPSecIntegrityError as err:
1831    err
1832
1833#######################################
1834= IPv4 / ESP - Tunnel - AES-CCM - NULL
1835~ crypto_advanced
1836
1837p = IP(src='1.1.1.1', dst='2.2.2.2')
1838p /= TCP(sport=45012, dport=80)
1839p /= Raw('testdata')
1840p = IP(raw(p))
1841p
1842
1843sa = SecurityAssociation(ESP, spi=0x222,
1844                         crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce',
1845                         auth_algo='NULL', auth_key=None,
1846                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1847
1848e = sa.encrypt(p)
1849e
1850
1851assert(isinstance(e, IP))
1852* after encryption packet should be encapsulated with the given ip tunnel header
1853assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1854assert(e.chksum != p.chksum)
1855assert(e.proto == socket.IPPROTO_ESP)
1856assert(e.haslayer(ESP))
1857assert(not e.haslayer(TCP))
1858assert(e[ESP].spi == sa.spi)
1859* after encryption the original packet payload should NOT be readable
1860assert(b'testdata' not in e[ESP].data)
1861
1862d = sa.decrypt(e)
1863d
1864
1865* after decryption original packet should be preserved
1866assert(d == p)
1867
1868#######################################
1869= IPv4 / ESP - Tunnel - AES-CCM - NULL
1870~ crypto_advanced
1871
1872p = IP(src='1.1.1.1', dst='2.2.2.2')
1873p /= TCP(sport=45012, dport=80)
1874p /= Raw('testdata')
1875p = IP(raw(p))
1876p
1877
1878sa = SecurityAssociation(ESP, spi=0x222,
1879                         crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce',
1880                         auth_algo='NULL', auth_key=None,
1881                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
1882
1883e = sa.encrypt(p)
1884e
1885
1886assert(isinstance(e, IP))
1887* after encryption packet should be encapsulated with the given ip tunnel header
1888assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
1889assert(e.chksum != p.chksum)
1890assert(e.proto == socket.IPPROTO_ESP)
1891assert(e.haslayer(ESP))
1892assert(not e.haslayer(TCP))
1893assert(e[ESP].spi == sa.spi)
1894* after encryption the original packet payload should NOT be readable
1895assert(b'testdata' not in e[ESP].data)
1896
1897* simulate the alteration of the packet before decryption
1898e[ESP].seq += 1
1899
1900* integrity verification should fail
1901try:
1902    d = sa.decrypt(e)
1903    assert(False)
1904except IPSecIntegrityError as err:
1905    err
1906
1907###############################################################################
1908+ IPv4 / AH - Transport
1909
1910#######################################
1911= IPv4 / AH - Transport - HMAC-SHA1-96
1912
1913p = IP(src='1.1.1.1', dst='2.2.2.2')
1914p /= TCP(sport=45012, dport=80)
1915p /= Raw('testdata')
1916p = IP(raw(p))
1917p
1918
1919sa = SecurityAssociation(AH, spi=0x222,
1920                         auth_algo='HMAC-SHA1-96', auth_key=b'sixteenbytes key')
1921
1922e = sa.encrypt(p)
1923e
1924
1925assert(isinstance(e, IP))
1926assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
1927assert(e.chksum != p.chksum)
1928* the encrypted packet should have an AH layer
1929assert(e.proto == socket.IPPROTO_AH)
1930assert(e.haslayer(AH))
1931assert(e.haslayer(TCP))
1932assert(e[AH].spi == sa.spi)
1933
1934* alter mutable fields in the packet
1935e.ttl = 2
1936
1937* integrity verification should pass
1938d = sa.decrypt(e)
1939d
1940
1941* after decryption the original packet payload should be unaltered
1942assert(d[TCP] == p[TCP])
1943
1944#######################################
1945= IPv4 / AH - Transport - HMAC-SHA1-96 - altered packet
1946
1947p = IP(src='1.1.1.1', dst='2.2.2.2')
1948p /= TCP(sport=45012, dport=80)
1949p /= Raw('testdata')
1950p = IP(raw(p))
1951p
1952
1953sa = SecurityAssociation(AH, spi=0x222,
1954                         auth_algo='HMAC-SHA1-96', auth_key=b'sixteenbytes key')
1955
1956e = sa.encrypt(p)
1957e
1958
1959assert(isinstance(e, IP))
1960assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
1961assert(e.chksum != p.chksum)
1962* the encrypted packet should have an AH layer
1963assert(e.proto == socket.IPPROTO_AH)
1964assert(e.haslayer(AH))
1965assert(e.haslayer(TCP))
1966assert(e[AH].spi == sa.spi)
1967
1968* simulate the alteration of the packet before decryption
1969e[TCP].sport = 5
1970
1971* integrity verification should fail
1972try:
1973    d = sa.decrypt(e)
1974    assert(False)
1975except IPSecIntegrityError as err:
1976    err
1977
1978#######################################
1979= IPv4 / AH - Transport - SHA2-256-128
1980
1981p = IP(src='1.1.1.1', dst='2.2.2.2')
1982p /= TCP(sport=45012, dport=80)
1983p /= Raw('testdata')
1984p = IP(raw(p))
1985p
1986
1987sa = SecurityAssociation(AH, spi=0x222,
1988                         auth_algo='SHA2-256-128', auth_key=b'secret key')
1989
1990e = sa.encrypt(p)
1991e
1992
1993assert(isinstance(e, IP))
1994assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
1995assert(e.chksum != p.chksum)
1996* the encrypted packet should have an AH layer
1997assert(e.proto == socket.IPPROTO_AH)
1998assert(e.haslayer(AH))
1999assert(e.haslayer(TCP))
2000assert(e[AH].spi == sa.spi)
2001
2002* alter mutable fields in the packet
2003e.ttl = 2
2004
2005* integrity verification should pass
2006d = sa.decrypt(e)
2007d
2008
2009* after decryption the original packet should be unaltered
2010assert(d[TCP] == p[TCP])
2011
2012#######################################
2013= IPv4 / AH - Transport - SHA2-256-128 - altered packet
2014
2015p = IP(src='1.1.1.1', dst='2.2.2.2')
2016p /= TCP(sport=45012, dport=80)
2017p /= Raw('testdata')
2018p = IP(raw(p))
2019p
2020
2021sa = SecurityAssociation(AH, spi=0x222,
2022                         auth_algo='SHA2-256-128', auth_key=b'secret key')
2023
2024e = sa.encrypt(p)
2025e
2026
2027assert(isinstance(e, IP))
2028assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
2029assert(e.chksum != p.chksum)
2030* the encrypted packet should have an AH layer
2031assert(e.proto == socket.IPPROTO_AH)
2032assert(e.haslayer(AH))
2033assert(e.haslayer(TCP))
2034assert(e[AH].spi == sa.spi)
2035
2036* simulate the alteration of the packet before verification
2037e[TCP].dport = 46
2038
2039* integrity verification should fail
2040try:
2041    d = sa.decrypt(e)
2042    assert(False)
2043except IPSecIntegrityError as err:
2044    err
2045
2046#######################################
2047= IPv4 / AH - Transport - SHA2-384-192
2048
2049p = IP(src='1.1.1.1', dst='2.2.2.2')
2050p /= TCP(sport=45012, dport=80)
2051p /= Raw('testdata')
2052p = IP(raw(p))
2053p
2054
2055sa = SecurityAssociation(AH, spi=0x222,
2056                         auth_algo='SHA2-384-192', auth_key=b'secret key')
2057
2058e = sa.encrypt(p)
2059e
2060
2061assert(isinstance(e, IP))
2062assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
2063assert(e.chksum != p.chksum)
2064* the encrypted packet should have an AH layer
2065assert(e.proto == socket.IPPROTO_AH)
2066assert(e.haslayer(AH))
2067assert(e.haslayer(TCP))
2068assert(e[AH].spi == sa.spi)
2069
2070* alter mutable fields in the packet
2071e.ttl = 2
2072
2073* integrity verification should pass
2074d = sa.decrypt(e)
2075d
2076
2077* after decryption the original packet should be unaltered
2078assert(d[TCP] == p[TCP])
2079
2080#######################################
2081= IPv4 / AH - Transport - SHA2-384-192 - altered packet
2082
2083p = IP(src='1.1.1.1', dst='2.2.2.2')
2084p /= TCP(sport=45012, dport=80)
2085p /= Raw('testdata')
2086p = IP(raw(p))
2087p
2088
2089sa = SecurityAssociation(AH, spi=0x222,
2090                         auth_algo='SHA2-384-192', auth_key=b'secret key')
2091
2092e = sa.encrypt(p)
2093e
2094
2095assert(isinstance(e, IP))
2096assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
2097assert(e.chksum != p.chksum)
2098* the encrypted packet should have an AH layer
2099assert(e.proto == socket.IPPROTO_AH)
2100assert(e.haslayer(AH))
2101assert(e.haslayer(TCP))
2102assert(e[AH].spi == sa.spi)
2103
2104* simulate the alteration of the packet before verification
2105e[TCP].dport = 46
2106
2107* integrity verification should fail
2108try:
2109    d = sa.decrypt(e)
2110    assert(False)
2111except IPSecIntegrityError as err:
2112    err
2113
2114#######################################
2115= IPv4 / AH - Transport - SHA2-512-256
2116
2117p = IP(src='1.1.1.1', dst='2.2.2.2')
2118p /= TCP(sport=45012, dport=80)
2119p /= Raw('testdata')
2120p = IP(raw(p))
2121p
2122
2123sa = SecurityAssociation(AH, spi=0x222,
2124                         auth_algo='SHA2-512-256', auth_key=b'secret key')
2125
2126e = sa.encrypt(p)
2127e
2128
2129assert(isinstance(e, IP))
2130assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
2131assert(e.chksum != p.chksum)
2132* the encrypted packet should have an AH layer
2133assert(e.proto == socket.IPPROTO_AH)
2134assert(e.haslayer(AH))
2135assert(e.haslayer(TCP))
2136assert(e[AH].spi == sa.spi)
2137
2138* alter mutable fields in the packet
2139e.ttl = 2
2140
2141* integrity verification should pass
2142d = sa.decrypt(e)
2143d
2144
2145* after decryption the original packet should be unaltered
2146assert(d[TCP] == p[TCP])
2147
2148#######################################
2149= IPv4 / AH - Transport - SHA2-512-256 - altered packet
2150
2151p = IP(src='1.1.1.1', dst='2.2.2.2')
2152p /= TCP(sport=45012, dport=80)
2153p /= Raw('testdata')
2154p = IP(raw(p))
2155p
2156
2157sa = SecurityAssociation(AH, spi=0x222,
2158                         auth_algo='SHA2-512-256', auth_key=b'secret key')
2159
2160e = sa.encrypt(p)
2161e
2162
2163assert(isinstance(e, IP))
2164assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
2165assert(e.chksum != p.chksum)
2166* the encrypted packet should have an AH layer
2167assert(e.proto == socket.IPPROTO_AH)
2168assert(e.haslayer(AH))
2169assert(e.haslayer(TCP))
2170assert(e[AH].spi == sa.spi)
2171
2172* simulate the alteration of the packet before verification
2173e[TCP].dport = 46
2174
2175* integrity verification should fail
2176try:
2177    d = sa.decrypt(e)
2178    assert(False)
2179except IPSecIntegrityError as err:
2180    err
2181
2182#######################################
2183= IPv4 / AH - Transport - HMAC-MD5-96
2184
2185p = IP(src='1.1.1.1', dst='2.2.2.2')
2186p /= TCP(sport=45012, dport=80)
2187p /= Raw('testdata')
2188p = IP(raw(p))
2189p
2190
2191sa = SecurityAssociation(AH, spi=0x222,
2192                         auth_algo='HMAC-MD5-96', auth_key=b'secret key')
2193
2194e = sa.encrypt(p)
2195e
2196
2197assert(isinstance(e, IP))
2198assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
2199assert(e.chksum != p.chksum)
2200* the encrypted packet should have an AH layer
2201assert(e.proto == socket.IPPROTO_AH)
2202assert(e.haslayer(AH))
2203assert(e.haslayer(TCP))
2204assert(e[AH].spi == sa.spi)
2205
2206* alter mutable fields in the packet
2207e.ttl = 2
2208
2209* integrity verification should pass
2210d = sa.decrypt(e)
2211d
2212
2213* after decryption the original packet should be unaltered
2214assert(d[TCP] == p[TCP])
2215
2216#######################################
2217= IPv4 / AH - Transport - HMAC-MD5-96 - altered packet
2218
2219p = IP(src='1.1.1.1', dst='2.2.2.2')
2220p /= TCP(sport=45012, dport=80)
2221p /= Raw('testdata')
2222p = IP(raw(p))
2223p
2224
2225sa = SecurityAssociation(AH, spi=0x222,
2226                         auth_algo='HMAC-MD5-96', auth_key=b'secret key')
2227
2228e = sa.encrypt(p)
2229e
2230
2231assert(isinstance(e, IP))
2232assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
2233assert(e.chksum != p.chksum)
2234* the encrypted packet should have an AH layer
2235assert(e.proto == socket.IPPROTO_AH)
2236assert(e.haslayer(AH))
2237assert(e.haslayer(TCP))
2238assert(e[AH].spi == sa.spi)
2239
2240* simulate the alteration of the packet before verification
2241e[TCP].dport = 46
2242
2243* integrity verification should fail
2244try:
2245    d = sa.decrypt(e)
2246    assert(False)
2247except IPSecIntegrityError as err:
2248    err
2249
2250#######################################
2251= IPv4 / AH - Transport - AES-CMAC-96
2252
2253p = IP(src='1.1.1.1', dst='2.2.2.2')
2254p /= TCP(sport=45012, dport=80)
2255p /= Raw('testdata')
2256p = IP(raw(p))
2257p
2258
2259sa = SecurityAssociation(AH, spi=0x222,
2260                         auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key')
2261
2262e = sa.encrypt(p)
2263e
2264
2265assert(isinstance(e, IP))
2266assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
2267assert(e.chksum != p.chksum)
2268* the encrypted packet should have an AH layer
2269assert(e.proto == socket.IPPROTO_AH)
2270assert(e.haslayer(AH))
2271assert(e.haslayer(TCP))
2272assert(e[AH].spi == sa.spi)
2273
2274* alter mutable fields in the packet
2275e.ttl = 2
2276
2277* integrity verification should pass
2278d = sa.decrypt(e)
2279d
2280
2281* after decryption the original packet should be unaltered
2282assert(d[TCP] == p[TCP])
2283
2284#######################################
2285= IPv4 / AH - Transport - AES-CMAC-96 - altered packet
2286
2287p = IP(src='1.1.1.1', dst='2.2.2.2')
2288p /= TCP(sport=45012, dport=80)
2289p /= Raw('testdata')
2290p = IP(raw(p))
2291p
2292
2293sa = SecurityAssociation(AH, spi=0x222,
2294                         auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key')
2295
2296e = sa.encrypt(p)
2297e
2298
2299assert(isinstance(e, IP))
2300assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2')
2301assert(e.chksum != p.chksum)
2302* the encrypted packet should have an AH layer
2303assert(e.proto == socket.IPPROTO_AH)
2304assert(e.haslayer(AH))
2305assert(e.haslayer(TCP))
2306assert(e[AH].spi == sa.spi)
2307
2308* simulate the alteration of the packet before verification
2309e[TCP].dport = 46
2310
2311* integrity verification should fail
2312try:
2313    d = sa.decrypt(e)
2314    assert(False)
2315except IPSecIntegrityError as err:
2316    err
2317
2318###############################################################################
2319+ IPv4 / AH - Tunnel
2320
2321#######################################
2322= IPv4 / AH - Tunnel - HMAC-SHA1-96
2323
2324p = IP(src='1.1.1.1', dst='2.2.2.2')
2325p /= TCP(sport=45012, dport=80)
2326p /= Raw('testdata')
2327p = IP(raw(p))
2328p
2329
2330sa = SecurityAssociation(AH, spi=0x222,
2331                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key',
2332                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
2333
2334e = sa.encrypt(p)
2335e
2336
2337assert(isinstance(e, IP))
2338assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
2339assert(e.chksum != p.chksum)
2340assert(e.proto == socket.IPPROTO_AH)
2341assert(e.haslayer(AH))
2342assert(e.haslayer(TCP))
2343assert(e[AH].spi == sa.spi)
2344
2345* alter mutable fields in the packet
2346e.ttl = 2
2347
2348* integrity verification should pass
2349d = sa.decrypt(e)
2350d
2351
2352* after decryption the original packet payload should be unaltered
2353assert(d[TCP] == p[TCP])
2354
2355#######################################
2356= IPv4 / AH - Tunnel - HMAC-SHA1-96 - altered packet
2357
2358p = IP(src='1.1.1.1', dst='2.2.2.2')
2359p /= TCP(sport=45012, dport=80)
2360p /= Raw('testdata')
2361p = IP(raw(p))
2362p
2363
2364sa = SecurityAssociation(AH, spi=0x222,
2365                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key',
2366                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
2367
2368e = sa.encrypt(p)
2369e
2370
2371assert(isinstance(e, IP))
2372assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
2373assert(e.chksum != p.chksum)
2374assert(e.proto == socket.IPPROTO_AH)
2375assert(e.haslayer(AH))
2376assert(e.haslayer(TCP))
2377assert(e[AH].spi == sa.spi)
2378
2379* simulate the alteration of the packet before verification
2380e.dst = '4.4.4.4'
2381
2382* integrity verification should fail
2383try:
2384    d = sa.decrypt(e)
2385    assert(False)
2386except IPSecIntegrityError as err:
2387    err
2388
2389#######################################
2390= IPv4 / AH - Tunnel - SHA2-256-128
2391
2392p = IP(src='1.1.1.1', dst='2.2.2.2')
2393p /= TCP(sport=45012, dport=80)
2394p /= Raw('testdata')
2395p = IP(raw(p))
2396p
2397
2398sa = SecurityAssociation(AH, spi=0x222,
2399                         auth_algo='SHA2-256-128', auth_key=b'secret key',
2400                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
2401
2402e = sa.encrypt(p)
2403e
2404
2405assert(isinstance(e, IP))
2406assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
2407assert(e.chksum != p.chksum)
2408assert(e.proto == socket.IPPROTO_AH)
2409assert(e.haslayer(AH))
2410assert(e.haslayer(TCP))
2411assert(e[AH].spi == sa.spi)
2412
2413* alter mutable fields in the packet
2414e.ttl = 2
2415
2416* integrity verification should pass
2417d = sa.decrypt(e)
2418d
2419
2420* after decryption the original packet should be unaltered
2421assert(d == p)
2422
2423#######################################
2424= IPv4 / AH - Tunnel - SHA2-256-128 - altered packet
2425
2426p = IP(src='1.1.1.1', dst='2.2.2.2')
2427p /= TCP(sport=45012, dport=80)
2428p /= Raw('testdata')
2429p = IP(raw(p))
2430p
2431
2432sa = SecurityAssociation(AH, spi=0x222,
2433                         auth_algo='SHA2-256-128', auth_key=b'secret key',
2434                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
2435
2436e = sa.encrypt(p)
2437e
2438
2439assert(isinstance(e, IP))
2440assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
2441assert(e.chksum != p.chksum)
2442assert(e.proto == socket.IPPROTO_AH)
2443assert(e.haslayer(AH))
2444assert(e.haslayer(TCP))
2445assert(e[AH].spi == sa.spi)
2446
2447* simulate the alteration of the packet before verification
2448e.dst = '4.4.4.4'
2449
2450* integrity verification should fail
2451try:
2452    d = sa.decrypt(e)
2453    assert(False)
2454except IPSecIntegrityError as err:
2455    err
2456
2457#######################################
2458= IPv4 / AH - Tunnel - SHA2-384-192
2459
2460p = IP(src='1.1.1.1', dst='2.2.2.2')
2461p /= TCP(sport=45012, dport=80)
2462p /= Raw('testdata')
2463p = IP(raw(p))
2464p
2465
2466sa = SecurityAssociation(AH, spi=0x222,
2467                         auth_algo='SHA2-384-192', auth_key=b'secret key',
2468                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
2469
2470e = sa.encrypt(p)
2471e
2472
2473assert(isinstance(e, IP))
2474assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
2475assert(e.chksum != p.chksum)
2476assert(e.proto == socket.IPPROTO_AH)
2477assert(e.haslayer(AH))
2478assert(e.haslayer(TCP))
2479assert(e[AH].spi == sa.spi)
2480
2481* alter mutable fields in the packet
2482e.ttl = 2
2483
2484* integrity verification should pass
2485d = sa.decrypt(e)
2486d
2487
2488* after decryption the original packet should be unaltered
2489assert(d == p)
2490
2491#######################################
2492= IPv4 / AH - Tunnel - SHA2-384-192 - altered packet
2493
2494p = IP(src='1.1.1.1', dst='2.2.2.2')
2495p /= TCP(sport=45012, dport=80)
2496p /= Raw('testdata')
2497p = IP(raw(p))
2498p
2499
2500sa = SecurityAssociation(AH, spi=0x222,
2501                         auth_algo='SHA2-384-192', auth_key=b'secret key',
2502                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
2503
2504e = sa.encrypt(p)
2505e
2506
2507assert(isinstance(e, IP))
2508assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
2509assert(e.chksum != p.chksum)
2510assert(e.proto == socket.IPPROTO_AH)
2511assert(e.haslayer(AH))
2512assert(e.haslayer(TCP))
2513assert(e[AH].spi == sa.spi)
2514
2515* simulate the alteration of the packet before verification
2516e.dst = '4.4.4.4'
2517
2518* integrity verification should fail
2519try:
2520    d = sa.decrypt(e)
2521    assert(False)
2522except IPSecIntegrityError as err:
2523    err
2524
2525#######################################
2526= IPv4 / AH - Tunnel - SHA2-512-256
2527
2528p = IP(src='1.1.1.1', dst='2.2.2.2')
2529p /= TCP(sport=45012, dport=80)
2530p /= Raw('testdata')
2531p = IP(raw(p))
2532p
2533
2534sa = SecurityAssociation(AH, spi=0x222,
2535                         auth_algo='SHA2-512-256', auth_key=b'secret key',
2536                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
2537
2538e = sa.encrypt(p)
2539e
2540
2541assert(isinstance(e, IP))
2542assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
2543assert(e.chksum != p.chksum)
2544assert(e.proto == socket.IPPROTO_AH)
2545assert(e.haslayer(AH))
2546assert(e.haslayer(TCP))
2547assert(e[AH].spi == sa.spi)
2548
2549* alter mutable fields in the packet
2550e.ttl = 2
2551
2552* integrity verification should pass
2553d = sa.decrypt(e)
2554d
2555
2556* after decryption the original packet should be unaltered
2557assert(d == p)
2558
2559#######################################
2560= IPv4 / AH - Tunnel - SHA2-512-256 - altered packet
2561
2562p = IP(src='1.1.1.1', dst='2.2.2.2')
2563p /= TCP(sport=45012, dport=80)
2564p /= Raw('testdata')
2565p = IP(raw(p))
2566p
2567
2568sa = SecurityAssociation(AH, spi=0x222,
2569                         auth_algo='SHA2-512-256', auth_key=b'secret key',
2570                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
2571
2572e = sa.encrypt(p)
2573e
2574
2575assert(isinstance(e, IP))
2576assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
2577assert(e.chksum != p.chksum)
2578assert(e.proto == socket.IPPROTO_AH)
2579assert(e.haslayer(AH))
2580assert(e.haslayer(TCP))
2581assert(e[AH].spi == sa.spi)
2582
2583* simulate the alteration of the packet before verification
2584e.dst = '4.4.4.4'
2585
2586* integrity verification should fail
2587try:
2588    d = sa.decrypt(e)
2589    assert(False)
2590except IPSecIntegrityError as err:
2591    err
2592
2593#######################################
2594= IPv4 / AH - Tunnel - HMAC-MD5-96
2595
2596p = IP(src='1.1.1.1', dst='2.2.2.2')
2597p /= TCP(sport=45012, dport=80)
2598p /= Raw('testdata')
2599p = IP(raw(p))
2600p
2601
2602sa = SecurityAssociation(AH, spi=0x222,
2603                         auth_algo='HMAC-MD5-96', auth_key=b'secret key',
2604                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
2605
2606e = sa.encrypt(p)
2607e
2608
2609assert(isinstance(e, IP))
2610assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
2611assert(e.chksum != p.chksum)
2612assert(e.proto == socket.IPPROTO_AH)
2613assert(e.haslayer(AH))
2614assert(e.haslayer(TCP))
2615assert(e[AH].spi == sa.spi)
2616
2617* alter mutable fields in the packet
2618e.ttl = 2
2619
2620* integrity verification should pass
2621d = sa.decrypt(e)
2622d
2623
2624* after decryption the original packet should be unaltered
2625assert(d == p)
2626
2627#######################################
2628= IPv4 / AH - Tunnel - HMAC-MD5-96 - altered packet
2629
2630p = IP(src='1.1.1.1', dst='2.2.2.2')
2631p /= TCP(sport=45012, dport=80)
2632p /= Raw('testdata')
2633p = IP(raw(p))
2634p
2635
2636sa = SecurityAssociation(AH, spi=0x222,
2637                         auth_algo='HMAC-MD5-96', auth_key=b'secret key',
2638                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
2639
2640e = sa.encrypt(p)
2641e
2642
2643assert(isinstance(e, IP))
2644assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
2645assert(e.chksum != p.chksum)
2646assert(e.proto == socket.IPPROTO_AH)
2647assert(e.haslayer(AH))
2648assert(e.haslayer(TCP))
2649assert(e[AH].spi == sa.spi)
2650
2651* simulate the alteration of the packet before verification
2652e.dst = '4.4.4.4'
2653
2654* integrity verification should fail
2655try:
2656    d = sa.decrypt(e)
2657    assert(False)
2658except IPSecIntegrityError as err:
2659    err
2660
2661#######################################
2662= IPv4 / AH - Tunnel - AES-CMAC-96
2663
2664p = IP(src='1.1.1.1', dst='2.2.2.2')
2665p /= TCP(sport=45012, dport=80)
2666p /= Raw('testdata')
2667p = IP(raw(p))
2668p
2669
2670sa = SecurityAssociation(AH, spi=0x222,
2671                         auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key',
2672                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
2673
2674e = sa.encrypt(p)
2675e
2676
2677assert(isinstance(e, IP))
2678assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
2679assert(e.chksum != p.chksum)
2680assert(e.proto == socket.IPPROTO_AH)
2681assert(e.haslayer(AH))
2682assert(e.haslayer(TCP))
2683assert(e[AH].spi == sa.spi)
2684
2685* alter mutable fields in the packet
2686e.ttl = 2
2687
2688* integrity verification should pass
2689d = sa.decrypt(e)
2690d
2691
2692* after decryption the original packet should be unaltered
2693assert(d == p)
2694
2695#######################################
2696= IPv4 / AH - Tunnel - AES-CMAC-96 - altered packet
2697
2698p = IP(src='1.1.1.1', dst='2.2.2.2')
2699p /= TCP(sport=45012, dport=80)
2700p /= Raw('testdata')
2701p = IP(raw(p))
2702p
2703
2704sa = SecurityAssociation(AH, spi=0x222,
2705                         auth_algo='AES-CMAC-96', auth_key=b'sixteenbytes key',
2706                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
2707
2708e = sa.encrypt(p)
2709e
2710
2711assert(isinstance(e, IP))
2712assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
2713assert(e.chksum != p.chksum)
2714assert(e.proto == socket.IPPROTO_AH)
2715assert(e.haslayer(AH))
2716assert(e.haslayer(TCP))
2717assert(e[AH].spi == sa.spi)
2718
2719* simulate the alteration of the packet before verification
2720e.dst = '4.4.4.4'
2721
2722* integrity verification should fail
2723try:
2724    d = sa.decrypt(e)
2725    assert(False)
2726except IPSecIntegrityError as err:
2727    err
2728
2729###############################################################################
2730+ IPv6 / ESP
2731
2732#######################################
2733= IPv6 / ESP - Transport - NULL - NULL
2734~ -crypto
2735
2736p = IPv6(src='11::22', dst='22::11')
2737p /= TCP(sport=45012, dport=80)
2738p /= Raw('testdata')
2739p = IPv6(raw(p))
2740p
2741
2742sa = SecurityAssociation(ESP, spi=0x222,
2743                         crypt_algo='NULL', crypt_key=None,
2744                         auth_algo='NULL', auth_key=None)
2745
2746e = sa.encrypt(p)
2747e
2748
2749assert(isinstance(e, IPv6))
2750assert(e.src == '11::22' and e.dst == '22::11')
2751assert(e.nh == socket.IPPROTO_ESP)
2752assert(e.haslayer(ESP))
2753assert(not e.haslayer(TCP))
2754assert(e[ESP].spi == sa.spi)
2755assert(b'testdata' in e[ESP].data)
2756
2757d = sa.decrypt(e)
2758d
2759
2760* after decryption the original packet payload should be unaltered
2761assert(d[TCP] == p[TCP])
2762
2763#######################################
2764= IPv6 / ESP - Transport - AES-CBC - NULL
2765
2766p = IPv6(src='11::22', dst='22::11')
2767p /= TCP(sport=45012, dport=80)
2768p /= Raw('testdata')
2769p = IPv6(raw(p))
2770p
2771
2772sa = SecurityAssociation(ESP, spi=0x222,
2773                         crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key',
2774                         auth_algo='NULL', auth_key=None)
2775
2776e = sa.encrypt(p)
2777e
2778
2779assert(isinstance(e, IPv6))
2780assert(e.src == '11::22' and e.dst == '22::11')
2781assert(e.nh == socket.IPPROTO_ESP)
2782assert(e.haslayer(ESP))
2783assert(not e.haslayer(TCP))
2784assert(e[ESP].spi == sa.spi)
2785* after encryption the original packet payload should NOT be readable
2786assert(b'testdata' not in e[ESP].data)
2787
2788d = sa.decrypt(e)
2789d
2790
2791* after decryption the original packet payload should be unaltered
2792assert(d[TCP] == p[TCP])
2793
2794#######################################
2795= IPv6 / ESP - Transport - NULL - HMAC-SHA1-96
2796
2797p = IPv6(src='11::22', dst='22::11')
2798p /= TCP(sport=45012, dport=80)
2799p /= Raw('testdata')
2800p = IPv6(raw(p))
2801p
2802
2803sa = SecurityAssociation(ESP, spi=0x222,
2804                         crypt_algo='NULL', crypt_key=None,
2805                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key')
2806
2807e = sa.encrypt(p)
2808e
2809
2810assert(isinstance(e, IPv6))
2811assert(e.src == '11::22' and e.dst == '22::11')
2812assert(e.nh == socket.IPPROTO_ESP)
2813assert(e.haslayer(ESP))
2814assert(not e.haslayer(TCP))
2815assert(e[ESP].spi == sa.spi)
2816assert(b'testdata' in e[ESP].data)
2817
2818* integrity verification should pass
2819d = sa.decrypt(e)
2820
2821* after decryption the original packet payload should be unaltered
2822assert(d[TCP] == p[TCP])
2823
2824#######################################
2825= IPv6 / ESP - Transport - NULL - HMAC-SHA1-96 - altered packet
2826
2827p = IPv6(src='11::22', dst='22::11')
2828p /= TCP(sport=45012, dport=80)
2829p /= Raw('testdata')
2830p = IPv6(raw(p))
2831p
2832
2833sa = SecurityAssociation(ESP, spi=0x222,
2834                         crypt_algo='NULL', crypt_key=None,
2835                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key')
2836
2837e = sa.encrypt(p)
2838e
2839
2840assert(isinstance(e, IPv6))
2841assert(e.src == '11::22' and e.dst == '22::11')
2842assert(e.nh == socket.IPPROTO_ESP)
2843assert(e.haslayer(ESP))
2844assert(not e.haslayer(TCP))
2845assert(e[ESP].spi == sa.spi)
2846assert(b'testdata' in e[ESP].data)
2847
2848* simulate the alteration of the packet before decryption
2849e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
2850
2851* integrity verification should fail
2852try:
2853    d = sa.decrypt(e)
2854    assert(False)
2855except IPSecIntegrityError as err:
2856    err
2857
2858#######################################
2859= IPv6 / ESP - Transport - AES-CBC - HMAC-SHA1-96
2860
2861p = IPv6(src='11::22', dst='22::11')
2862p /= TCP(sport=45012, dport=80)
2863p /= Raw('testdata')
2864p = IPv6(raw(p))
2865p
2866
2867sa = SecurityAssociation(ESP, spi=0x222,
2868                         crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key',
2869                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key')
2870
2871e = sa.encrypt(p)
2872e
2873
2874assert(isinstance(e, IPv6))
2875assert(e.src == '11::22' and e.dst == '22::11')
2876assert(e.nh == socket.IPPROTO_ESP)
2877assert(e.haslayer(ESP))
2878assert(not e.haslayer(TCP))
2879assert(e[ESP].spi == sa.spi)
2880* after encryption the original packet payload should NOT be readable
2881assert(b'testdata' not in e[ESP].data)
2882
2883d = sa.decrypt(e)
2884d
2885
2886* after decryption the original packet payload should be unaltered
2887assert(d[TCP] == p[TCP])
2888
2889#######################################
2890= IPv6 / ESP - Transport - AES-CBC - HMAC-SHA1-96 - altered packet
2891
2892p = IPv6(src='11::22', dst='22::11')
2893p /= TCP(sport=45012, dport=80)
2894p /= Raw('testdata')
2895p = IPv6(raw(p))
2896p
2897
2898sa = SecurityAssociation(ESP, spi=0x222,
2899                         crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key',
2900                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key')
2901
2902e = sa.encrypt(p)
2903e
2904
2905assert(isinstance(e, IPv6))
2906assert(e.src == '11::22' and e.dst == '22::11')
2907assert(e.nh == socket.IPPROTO_ESP)
2908assert(e.haslayer(ESP))
2909assert(not e.haslayer(TCP))
2910assert(e[ESP].spi == sa.spi)
2911* after encryption the original packet payload should NOT be readable
2912assert(b'testdata' not in e[ESP].data)
2913
2914* simulate the alteration of the packet before decryption
2915e[ESP].seq += 1
2916
2917* integrity verification should fail
2918try:
2919    d = sa.decrypt(e)
2920    assert(False)
2921except IPSecIntegrityError as err:
2922    err
2923
2924#######################################
2925= IPv6 / ESP - Transport - AES-GCM - NULL
2926
2927p = IPv6(src='11::22', dst='22::11')
2928p /= TCP(sport=45012, dport=80)
2929p /= Raw('testdata')
2930p = IPv6(raw(p))
2931p
2932
2933sa = SecurityAssociation(ESP, spi=0x222,
2934                         crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce',
2935                         auth_algo='NULL', auth_key=None)
2936
2937e = sa.encrypt(p)
2938e
2939
2940assert(isinstance(e, IPv6))
2941assert(e.src == '11::22' and e.dst == '22::11')
2942assert(e.nh == socket.IPPROTO_ESP)
2943assert(e.haslayer(ESP))
2944assert(not e.haslayer(TCP))
2945assert(e[ESP].spi == sa.spi)
2946* after encryption the original packet payload should NOT be readable
2947assert(b'testdata' not in e[ESP].data)
2948
2949d = sa.decrypt(e)
2950d
2951
2952* after decryption original packet should be preserved
2953assert(d[TCP] == p[TCP])
2954
2955#######################################
2956= IPv6 / ESP - Transport - AES-GCM - NULL - altered packet
2957
2958p = IPv6(src='11::22', dst='22::11')
2959p /= TCP(sport=45012, dport=80)
2960p /= Raw('testdata')
2961p = IPv6(raw(p))
2962p
2963
2964sa = SecurityAssociation(ESP, spi=0x222,
2965                         crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce',
2966                         auth_algo='NULL', auth_key=None)
2967
2968e = sa.encrypt(p)
2969e
2970
2971assert(isinstance(e, IPv6))
2972assert(e.src == '11::22' and e.dst == '22::11')
2973assert(e.nh == socket.IPPROTO_ESP)
2974assert(e.haslayer(ESP))
2975assert(not e.haslayer(TCP))
2976assert(e[ESP].spi == sa.spi)
2977* after encryption the original packet payload should NOT be readable
2978assert(b'testdata' not in e[ESP].data)
2979
2980* simulate the alteration of the packet before decryption
2981e[ESP].seq += 1
2982
2983* integrity verification should fail
2984try:
2985    d = sa.decrypt(e)
2986    assert(False)
2987except IPSecIntegrityError as err:
2988    err
2989
2990#######################################
2991= IPv6 / ESP - Transport - AES-CCM - NULL
2992~ crypto_advanced
2993
2994p = IPv6(src='11::22', dst='22::11')
2995p /= TCP(sport=45012, dport=80)
2996p /= Raw('testdata')
2997p = IPv6(raw(p))
2998p
2999
3000sa = SecurityAssociation(ESP, spi=0x222,
3001                         crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce',
3002                         auth_algo='NULL', auth_key=None)
3003
3004e = sa.encrypt(p)
3005e
3006
3007assert(isinstance(e, IPv6))
3008assert(e.src == '11::22' and e.dst == '22::11')
3009assert(e.nh == socket.IPPROTO_ESP)
3010assert(e.haslayer(ESP))
3011assert(not e.haslayer(TCP))
3012assert(e[ESP].spi == sa.spi)
3013* after encryption the original packet payload should NOT be readable
3014assert(b'testdata' not in e[ESP].data)
3015
3016d = sa.decrypt(e)
3017d
3018
3019* after decryption original packet should be preserved
3020assert(d[TCP] == p[TCP])
3021
3022#######################################
3023= IPv6 / ESP - Transport - AES-CCM - NULL - altered packet
3024~ crypto_advanced
3025
3026p = IPv6(src='11::22', dst='22::11')
3027p /= TCP(sport=45012, dport=80)
3028p /= Raw('testdata')
3029p = IPv6(raw(p))
3030p
3031
3032sa = SecurityAssociation(ESP, spi=0x222,
3033                         crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce',
3034                         auth_algo='NULL', auth_key=None)
3035
3036e = sa.encrypt(p)
3037e
3038
3039assert(isinstance(e, IPv6))
3040assert(e.src == '11::22' and e.dst == '22::11')
3041assert(e.nh == socket.IPPROTO_ESP)
3042assert(e.haslayer(ESP))
3043assert(not e.haslayer(TCP))
3044assert(e[ESP].spi == sa.spi)
3045* after encryption the original packet payload should NOT be readable
3046assert(b'testdata' not in e[ESP].data)
3047
3048* simulate the alteration of the packet before decryption
3049e[ESP].seq += 1
3050
3051* integrity verification should fail
3052try:
3053    d = sa.decrypt(e)
3054    assert(False)
3055except IPSecIntegrityError as err:
3056    err
3057
3058#######################################
3059= IPv6 / ESP - Tunnel - NULL - NULL
3060~ -crypto
3061
3062p = IPv6(src='11::22', dst='22::11')
3063p /= TCP(sport=45012, dport=80)
3064p /= Raw('testdata')
3065p = IPv6(raw(p))
3066p
3067
3068sa = SecurityAssociation(ESP, spi=0x222,
3069                         crypt_algo='NULL', crypt_key=None,
3070                         auth_algo='NULL', auth_key=None,
3071                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3072
3073e = sa.encrypt(p)
3074e
3075
3076assert(isinstance(e, IPv6))
3077* after encryption packet should be encapsulated with the given ip tunnel header
3078assert(e.src == 'aa::bb' and e.dst == 'bb::aa')
3079assert(e.nh == socket.IPPROTO_ESP)
3080assert(e.haslayer(ESP))
3081assert(not e.haslayer(TCP))
3082assert(e[ESP].spi == sa.spi)
3083assert(b'testdata' in e[ESP].data)
3084
3085d = sa.decrypt(e)
3086d
3087
3088* after decryption the original packet payload should be unaltered
3089assert(d[TCP] == p[TCP])
3090
3091#######################################
3092= IPv6 / ESP - Tunnel - AES-CBC - NULL
3093
3094p = IPv6(src='11::22', dst='22::11')
3095p /= TCP(sport=45012, dport=80)
3096p /= Raw('testdata')
3097p = IPv6(raw(p))
3098p
3099
3100sa = SecurityAssociation(ESP, spi=0x222,
3101                         crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key',
3102                         auth_algo='NULL', auth_key=None,
3103                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3104
3105e = sa.encrypt(p)
3106e
3107
3108assert(isinstance(e, IPv6))
3109* after encryption packet should be encapsulated with the given ip tunnel header
3110assert(e.src == 'aa::bb' and e.dst == 'bb::aa')
3111assert(e.nh == socket.IPPROTO_ESP)
3112assert(e.haslayer(ESP))
3113assert(not e.haslayer(TCP))
3114assert(e[ESP].spi == sa.spi)
3115* after encryption the original packet payload should NOT be readable
3116assert(b'testdata' not in e[ESP].data)
3117
3118d = sa.decrypt(e)
3119d
3120
3121* after decryption the original packet payload should be unaltered
3122assert(d[TCP] == p[TCP])
3123
3124#######################################
3125= IPv6 / ESP - Tunnel - NULL - HMAC-SHA1-96
3126
3127p = IPv6(src='11::22', dst='22::11')
3128p /= TCP(sport=45012, dport=80)
3129p /= Raw('testdata')
3130p = IPv6(raw(p))
3131p
3132
3133sa = SecurityAssociation(ESP, spi=0x222,
3134                         crypt_algo='NULL', crypt_key=None,
3135                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key',
3136                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3137
3138e = sa.encrypt(p)
3139e
3140
3141assert(isinstance(e, IPv6))
3142* after encryption packet should be encapsulated with the given ip tunnel header
3143assert(e.src == 'aa::bb' and e.dst == 'bb::aa')
3144assert(e.nh == socket.IPPROTO_ESP)
3145assert(e.haslayer(ESP))
3146assert(not e.haslayer(TCP))
3147assert(e[ESP].spi == sa.spi)
3148assert(b'testdata' in e[ESP].data)
3149
3150* integrity verification should pass
3151d = sa.decrypt(e)
3152
3153* after decryption the original packet payload should be unaltered
3154assert(d[TCP] == p[TCP])
3155
3156#######################################
3157= IPv6 / ESP - Tunnel - NULL - HMAC-SHA1-96 - altered packet
3158
3159p = IPv6(src='11::22', dst='22::11')
3160p /= TCP(sport=45012, dport=80)
3161p /= Raw('testdata')
3162p = IPv6(raw(p))
3163p
3164
3165sa = SecurityAssociation(ESP, spi=0x222,
3166                         crypt_algo='NULL', crypt_key=None,
3167                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key',
3168                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3169
3170e = sa.encrypt(p)
3171e
3172
3173assert(isinstance(e, IPv6))
3174* after encryption packet should be encapsulated with the given ip tunnel header
3175assert(e.src == 'aa::bb' and e.dst == 'bb::aa')
3176assert(e.nh == socket.IPPROTO_ESP)
3177assert(e.haslayer(ESP))
3178assert(not e.haslayer(TCP))
3179assert(e[ESP].spi == sa.spi)
3180assert(b'testdata' in e[ESP].data)
3181
3182* simulate the alteration of the packet before decryption
3183e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
3184
3185* integrity verification should fail
3186try:
3187    d = sa.decrypt(e)
3188    assert(False)
3189except IPSecIntegrityError as err:
3190    err
3191
3192#######################################
3193= IPv6 / ESP - Tunnel - AES-CBC - HMAC-SHA1-96
3194
3195p = IPv6(src='11::22', dst='22::11')
3196p /= TCP(sport=45012, dport=80)
3197p /= Raw('testdata')
3198p = IPv6(raw(p))
3199p
3200
3201sa = SecurityAssociation(ESP, spi=0x222,
3202                         crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key',
3203                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key',
3204                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3205
3206e = sa.encrypt(p)
3207e
3208
3209assert(isinstance(e, IPv6))
3210* after encryption packet should be encapsulated with the given ip tunnel header
3211assert(e.src == 'aa::bb' and e.dst == 'bb::aa')
3212assert(e.nh == socket.IPPROTO_ESP)
3213assert(e.haslayer(ESP))
3214assert(not e.haslayer(TCP))
3215assert(e[ESP].spi == sa.spi)
3216* after encryption the original packet payload should NOT be readable
3217assert(b'testdata' not in e[ESP].data)
3218
3219d = sa.decrypt(e)
3220d
3221
3222* after decryption the original packet payload should be unaltered
3223assert(d[TCP] == p[TCP])
3224
3225#######################################
3226= IPv6 / ESP - Tunnel - AES-CBC - HMAC-SHA1-96 - altered packet
3227
3228p = IPv6(src='11::22', dst='22::11')
3229p /= TCP(sport=45012, dport=80)
3230p /= Raw('testdata')
3231p = IPv6(raw(p))
3232p
3233
3234sa = SecurityAssociation(ESP, spi=0x222,
3235                         crypt_algo='AES-CBC', crypt_key=b'sixteenbytes key',
3236                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key',
3237                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3238
3239e = sa.encrypt(p)
3240e
3241
3242assert(isinstance(e, IPv6))
3243* after encryption packet should be encapsulated with the given ip tunnel header
3244assert(e.src == 'aa::bb' and e.dst == 'bb::aa')
3245assert(e.nh == socket.IPPROTO_ESP)
3246assert(e.haslayer(ESP))
3247assert(not e.haslayer(TCP))
3248assert(e[ESP].spi == sa.spi)
3249* after encryption the original packet payload should NOT be readable
3250assert(b'testdata' not in e[ESP].data)
3251
3252* simulate the alteration of the packet before decryption
3253e[ESP].seq += 1
3254
3255* integrity verification should fail
3256try:
3257    d = sa.decrypt(e)
3258    assert(False)
3259except IPSecIntegrityError as err:
3260    err
3261
3262#######################################
3263= IPv6 / ESP - Tunnel - AES-GCM - NULL
3264
3265p = IPv6(src='11::22', dst='22::11')
3266p /= TCP(sport=45012, dport=80)
3267p /= Raw('testdata')
3268p = IPv6(raw(p))
3269p
3270
3271sa = SecurityAssociation(ESP, spi=0x222,
3272                         crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce',
3273                         auth_algo='NULL', auth_key=None,
3274                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3275
3276e = sa.encrypt(p)
3277e
3278
3279assert(isinstance(e, IPv6))
3280* after encryption packet should be encapsulated with the given ip tunnel header
3281assert(e.src == 'aa::bb' and e.dst == 'bb::aa')
3282assert(e.nh == socket.IPPROTO_ESP)
3283assert(e.haslayer(ESP))
3284assert(not e.haslayer(TCP))
3285assert(e[ESP].spi == sa.spi)
3286* after encryption the original packet payload should NOT be readable
3287assert(b'testdata' not in e[ESP].data)
3288
3289d = sa.decrypt(e)
3290d
3291
3292* after decryption original packet should be preserved
3293assert(d[TCP] == p[TCP])
3294
3295#######################################
3296= IPv6 / ESP - Tunnel - AES-GCM - NULL - altered packet
3297
3298p = IPv6(src='11::22', dst='22::11')
3299p /= TCP(sport=45012, dport=80)
3300p /= Raw('testdata')
3301p = IPv6(raw(p))
3302p
3303
3304sa = SecurityAssociation(ESP, spi=0x222,
3305                         crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce',
3306                         auth_algo='NULL', auth_key=None,
3307                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3308
3309e = sa.encrypt(p)
3310e
3311
3312assert(isinstance(e, IPv6))
3313* after encryption packet should be encapsulated with the given ip tunnel header
3314assert(e.src == 'aa::bb' and e.dst == 'bb::aa')
3315assert(e.nh == socket.IPPROTO_ESP)
3316assert(e.haslayer(ESP))
3317assert(not e.haslayer(TCP))
3318assert(e[ESP].spi == sa.spi)
3319* after encryption the original packet payload should NOT be readable
3320assert(b'testdata' not in e[ESP].data)
3321
3322* simulate the alteration of the packet before decryption
3323e[ESP].seq += 1
3324
3325* integrity verification should fail
3326try:
3327    d = sa.decrypt(e)
3328    assert(False)
3329except IPSecIntegrityError as err:
3330    err
3331
3332#######################################
3333= IPv6 / ESP - Tunnel - AES-CCM - NULL
3334~ crypto_advanced
3335
3336p = IPv6(src='11::22', dst='22::11')
3337p /= TCP(sport=45012, dport=80)
3338p /= Raw('testdata')
3339p = IPv6(raw(p))
3340p
3341
3342sa = SecurityAssociation(ESP, spi=0x222,
3343                         crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce',
3344                         auth_algo='NULL', auth_key=None,
3345                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3346
3347e = sa.encrypt(p)
3348e
3349
3350assert(isinstance(e, IPv6))
3351assert(e.src == '11::22' and e.dst == '22::11')
3352assert(e.nh == socket.IPPROTO_ESP)
3353assert(e.haslayer(ESP))
3354assert(not e.haslayer(TCP))
3355assert(e[ESP].spi == sa.spi)
3356* after encryption the original packet payload should NOT be readable
3357assert(b'testdata' not in e[ESP].data)
3358
3359d = sa.decrypt(e)
3360d
3361
3362* after decryption original packet should be preserved
3363assert(d[TCP] == p[TCP])
3364
3365#######################################
3366= IPv6 / ESP - Tunnel - AES-CCM - NULL - altered packet
3367~ crypto_advanced
3368
3369p = IPv6(src='11::22', dst='22::11')
3370p /= TCP(sport=45012, dport=80)
3371p /= Raw('testdata')
3372p = IPv6(raw(p))
3373p
3374
3375sa = SecurityAssociation(ESP, spi=0x222,
3376                         crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce',
3377                         auth_algo='NULL', auth_key=None,
3378                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3379
3380e = sa.encrypt(p)
3381e
3382
3383assert(isinstance(e, IPv6))
3384assert(e.src == '11::22' and e.dst == '22::11')
3385assert(e.nh == socket.IPPROTO_ESP)
3386assert(e.haslayer(ESP))
3387assert(not e.haslayer(TCP))
3388assert(e[ESP].spi == sa.spi)
3389* after encryption the original packet payload should NOT be readable
3390assert(b'testdata' not in e[ESP].data)
3391
3392* simulate the alteration of the packet before decryption
3393e[ESP].seq += 1
3394
3395* integrity verification should fail
3396try:
3397    d = sa.decrypt(e)
3398    assert(False)
3399except IPSecIntegrityError as err:
3400    err
3401
3402#######################################
3403###############################################################################
3404+ IPv6 / AH
3405
3406#######################################
3407= IPv6 / AH - Transport - HMAC-SHA1-96
3408
3409p = IPv6(src='11::22', dst='22::11')
3410p /= TCP(sport=45012, dport=80)
3411p /= Raw('testdata')
3412p = IPv6(raw(p))
3413p
3414
3415sa = SecurityAssociation(AH, spi=0x222,
3416                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key')
3417
3418e = sa.encrypt(p)
3419e
3420
3421assert(isinstance(e, IPv6))
3422assert(e.src == '11::22' and e.dst == '22::11')
3423* the encrypted packet should have an AH layer
3424assert(e.nh == socket.IPPROTO_AH)
3425assert(e.haslayer(AH))
3426assert(e.haslayer(TCP))
3427assert(e[AH].spi == sa.spi)
3428
3429* alter mutable fields in the packet
3430e.hlim = 2
3431
3432* integrity verification should pass
3433d = sa.decrypt(e)
3434d
3435
3436* after decryption the original packet payload should be unaltered
3437assert(d[TCP] == p[TCP])
3438
3439#######################################
3440= IPv6 / AH - Transport - HMAC-SHA1-96 - altered packet
3441
3442p = IPv6(src='11::22', dst='22::11')
3443p /= TCP(sport=45012, dport=80)
3444p /= Raw('testdata')
3445p = IPv6(raw(p))
3446p
3447
3448sa = SecurityAssociation(AH, spi=0x222,
3449                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key')
3450
3451e = sa.encrypt(p)
3452e
3453
3454assert(isinstance(e, IPv6))
3455assert(e.src == '11::22' and e.dst == '22::11')
3456* the encrypted packet should have an AH layer
3457assert(e.nh == socket.IPPROTO_AH)
3458assert(e.haslayer(AH))
3459assert(e.haslayer(TCP))
3460assert(e[AH].spi == sa.spi)
3461
3462* simulate the alteration of the packet before verification
3463e[TCP].dport = 46
3464
3465* integrity verification should fail
3466try:
3467    d = sa.decrypt(e)
3468    assert(False)
3469except IPSecIntegrityError as err:
3470    err
3471
3472#######################################
3473= IPv6 / AH - Transport - SHA2-256-128
3474
3475p = IPv6(src='11::22', dst='22::11')
3476p /= TCP(sport=45012, dport=80)
3477p /= Raw('testdata')
3478p = IPv6(raw(p))
3479p
3480
3481sa = SecurityAssociation(AH, spi=0x222,
3482                         auth_algo='SHA2-256-128', auth_key=b'secret key')
3483
3484e = sa.encrypt(p)
3485e
3486
3487assert(isinstance(e, IPv6))
3488assert(e.src == '11::22' and e.dst == '22::11')
3489* the encrypted packet should have an AH layer
3490assert(e.nh == socket.IPPROTO_AH)
3491assert(e.haslayer(AH))
3492assert(e.haslayer(TCP))
3493assert(e[AH].spi == sa.spi)
3494
3495* alter mutable fields in the packet
3496e.hlim = 2
3497
3498* integrity verification should pass
3499d = sa.decrypt(e)
3500d
3501
3502* after decryption the original packet payload should be unaltered
3503assert(d[TCP] == p[TCP])
3504
3505#######################################
3506= IPv6 / AH - Transport - SHA2-256-128 - altered packet
3507
3508p = IPv6(src='11::22', dst='22::11')
3509p /= TCP(sport=45012, dport=80)
3510p /= Raw('testdata')
3511p = IPv6(raw(p))
3512p
3513
3514sa = SecurityAssociation(AH, spi=0x222,
3515                         auth_algo='SHA2-256-128', auth_key=b'secret key')
3516
3517e = sa.encrypt(p)
3518e
3519
3520assert(isinstance(e, IPv6))
3521assert(e.src == '11::22' and e.dst == '22::11')
3522* the encrypted packet should have an AH layer
3523assert(e.nh == socket.IPPROTO_AH)
3524assert(e.haslayer(AH))
3525assert(e.haslayer(TCP))
3526assert(e[AH].spi == sa.spi)
3527
3528* simulate the alteration of the packet before verification
3529e[TCP].dport = 46
3530
3531* integrity verification should fail
3532try:
3533    d = sa.decrypt(e)
3534    assert(False)
3535except IPSecIntegrityError as err:
3536    err
3537
3538#######################################
3539= IPv6 / AH - Tunnel - HMAC-SHA1-96
3540
3541p = IPv6(src='11::22', dst='22::11')
3542p /= TCP(sport=45012, dport=80)
3543p /= Raw('testdata')
3544p = IPv6(raw(p))
3545p
3546
3547sa = SecurityAssociation(AH, spi=0x222,
3548                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key',
3549                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3550
3551e = sa.encrypt(p)
3552e
3553
3554assert(isinstance(e, IPv6))
3555* after encryption packet should be encapsulated with the given ip tunnel header
3556assert(e.src == 'aa::bb' and e.dst == 'bb::aa')
3557assert(e.nh == socket.IPPROTO_AH)
3558assert(e.haslayer(AH))
3559assert(e.haslayer(TCP))
3560assert(e[AH].spi == sa.spi)
3561
3562* alter mutable fields in the packet
3563e.hlim = 2
3564
3565* integrity verification should pass
3566d = sa.decrypt(e)
3567d
3568
3569* after decryption the original packet payload should be unaltered
3570assert(d == p)
3571
3572#######################################
3573= IPv6 / AH - Tunnel - HMAC-SHA1-96 - altered packet
3574
3575p = IPv6(src='11::22', dst='22::11')
3576p /= TCP(sport=45012, dport=80)
3577p /= Raw('testdata')
3578p = IPv6(raw(p))
3579p
3580
3581sa = SecurityAssociation(AH, spi=0x222,
3582                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key',
3583                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3584
3585e = sa.encrypt(p)
3586e
3587
3588assert(isinstance(e, IPv6))
3589* after encryption packet should be encapsulated with the given ip tunnel header
3590assert(e.src == 'aa::bb' and e.dst == 'bb::aa')
3591assert(e.nh == socket.IPPROTO_AH)
3592assert(e.haslayer(AH))
3593assert(e.haslayer(TCP))
3594assert(e[AH].spi == sa.spi)
3595
3596* simulate the alteration of the packet before verification
3597e.src = 'cc::ee'
3598
3599* integrity verification should fail
3600try:
3601    d = sa.decrypt(e)
3602    assert(False)
3603except IPSecIntegrityError as err:
3604    err
3605
3606#######################################
3607= IPv6 / AH - Tunnel - SHA2-256-128
3608
3609p = IPv6(src='11::22', dst='22::11')
3610p /= TCP(sport=45012, dport=80)
3611p /= Raw('testdata')
3612p = IPv6(raw(p))
3613p
3614
3615sa = SecurityAssociation(AH, spi=0x222,
3616                         auth_algo='SHA2-256-128', auth_key=b'secret key',
3617                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3618
3619e = sa.encrypt(p)
3620e
3621
3622assert(isinstance(e, IPv6))
3623* after encryption packet should be encapsulated with the given ip tunnel header
3624assert(e.src == 'aa::bb' and e.dst == 'bb::aa')
3625assert(e.nh == socket.IPPROTO_AH)
3626assert(e.haslayer(AH))
3627assert(e.haslayer(TCP))
3628assert(e[AH].spi == sa.spi)
3629
3630* alter mutable fields in the packet
3631e.hlim = 2
3632
3633* integrity verification should pass
3634d = sa.decrypt(e)
3635d
3636
3637* after decryption the original packet payload should be unaltered
3638assert(d == p)
3639
3640#######################################
3641= IPv6 / AH - Tunnel - SHA2-256-128 - altered packet
3642
3643p = IPv6(src='11::22', dst='22::11')
3644p /= TCP(sport=45012, dport=80)
3645p /= Raw('testdata')
3646p = IPv6(raw(p))
3647p
3648
3649sa = SecurityAssociation(AH, spi=0x222,
3650                         auth_algo='SHA2-256-128', auth_key=b'secret key',
3651                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
3652
3653e = sa.encrypt(p)
3654e
3655
3656assert(isinstance(e, IPv6))
3657* after encryption packet should be encapsulated with the given ip tunnel header
3658assert(e.src == 'aa::bb' and e.dst == 'bb::aa')
3659assert(e.nh == socket.IPPROTO_AH)
3660assert(e.haslayer(AH))
3661assert(e.haslayer(TCP))
3662assert(e[AH].spi == sa.spi)
3663
3664* simulate the alteration of the packet before verification
3665e.src = 'cc::ee'
3666
3667* integrity verification should fail
3668try:
3669    d = sa.decrypt(e)
3670    assert(False)
3671except IPSecIntegrityError as err:
3672    err
3673
3674###############################################################################
3675+ IPv6 + Extensions / AH
3676
3677#######################################
3678= IPv6 + Extensions / AH - Transport
3679
3680p = IPv6(src='11::22', dst='22::11')
3681p /= IPv6ExtHdrHopByHop()
3682p /= IPv6ExtHdrDestOpt()
3683p /= IPv6ExtHdrRouting()
3684p /= IPv6ExtHdrDestOpt()
3685p /= IPv6ExtHdrFragment()
3686p /= TCP(sport=45012, dport=80)
3687p /= Raw('testdata')
3688p = IPv6(raw(p))
3689p
3690
3691sa = SecurityAssociation(AH, spi=0x222,
3692                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key')
3693
3694e = sa.encrypt(p)
3695e
3696
3697assert(e.src == '11::22' and e.dst == '22::11')
3698* AH header should be inserted between the routing header and the dest options header
3699assert(isinstance(e[AH].underlayer, IPv6ExtHdrRouting))
3700assert(isinstance(e[AH].payload, IPv6ExtHdrDestOpt))
3701
3702#######################################
3703= IPv6 + Routing Header / AH - Transport
3704
3705p = IPv6(src='11::22', dst='22::11')
3706p /= IPv6ExtHdrHopByHop()
3707p /= IPv6ExtHdrRouting(addresses=['aa::bb', 'cc::dd', 'ee::ff'])
3708p /= TCP(sport=45012, dport=80)
3709p /= Raw('testdata')
3710p = IPv6(raw(p))
3711p
3712
3713sa = SecurityAssociation(AH, spi=0x222,
3714                         auth_algo='HMAC-SHA1-96', auth_key=b'secret key')
3715
3716e = sa.encrypt(p)
3717e
3718
3719assert(e.src == '11::22' and e.dst == '22::11')
3720* AH header should be inserted between the routing header and TCP
3721assert(isinstance(e[AH].underlayer, IPv6ExtHdrRouting))
3722assert(isinstance(e[AH].payload, TCP))
3723
3724* reorder the routing header as the receiver will get it
3725final = e[IPv6ExtHdrRouting].addresses.pop()
3726e[IPv6ExtHdrRouting].addresses.insert(0, e.dst)
3727e.dst = final
3728e[IPv6ExtHdrRouting].segleft = 0
3729
3730* integrity verification should pass
3731d = sa.decrypt(e)
3732d
3733
3734