c65921f774
In RFC 7296, CREATE_CHILD_SA Exchange may contain the KE payload to enable stronger guarantees of forward secrecy. When the KEi payload is included in the CREATE_CHILD_SA request, responder should reply with the KEr payload and complete the key exchange, in accordance with the RFC. Type: improvement Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I13cf6cf24359c11c3366757e585195bb7e999638
2361 lines
82 KiB
Python
2361 lines
82 KiB
Python
import os
|
|
import time
|
|
from socket import inet_pton
|
|
from cryptography import x509
|
|
from cryptography.hazmat.backends import default_backend
|
|
from cryptography.hazmat.primitives import hashes, hmac
|
|
from cryptography.hazmat.primitives.asymmetric import dh, padding
|
|
from cryptography.hazmat.primitives.serialization import load_pem_private_key
|
|
from cryptography.hazmat.primitives.ciphers import (
|
|
Cipher,
|
|
algorithms,
|
|
modes,
|
|
)
|
|
from ipaddress import IPv4Address, IPv6Address, ip_address
|
|
import unittest
|
|
from config import config
|
|
from scapy.layers.ipsec import ESP
|
|
from scapy.layers.inet import IP, UDP, Ether
|
|
from scapy.layers.inet6 import IPv6
|
|
from scapy.packet import raw, Raw
|
|
from scapy.utils import long_converter
|
|
from framework import tag_fixme_vpp_workers
|
|
from framework import VppTestCase, VppTestRunner
|
|
from vpp_ikev2 import Profile, IDType, AuthMethod
|
|
from vpp_papi import VppEnum
|
|
|
|
try:
|
|
text_type = unicode
|
|
except NameError:
|
|
text_type = str
|
|
|
|
KEY_PAD = b"Key Pad for IKEv2"
|
|
SALT_SIZE = 4
|
|
GCM_ICV_SIZE = 16
|
|
GCM_IV_SIZE = 8
|
|
|
|
|
|
# defined in rfc3526
|
|
# tuple structure is (p, g, key_len)
|
|
DH = {
|
|
"2048MODPgr": (
|
|
long_converter(
|
|
"""
|
|
FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
|
|
29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
|
|
EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
|
|
E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
|
|
EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D
|
|
C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F
|
|
83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D
|
|
670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B
|
|
E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9
|
|
DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510
|
|
15728E5A 8AACAA68 FFFFFFFF FFFFFFFF"""
|
|
),
|
|
2,
|
|
256,
|
|
),
|
|
"3072MODPgr": (
|
|
long_converter(
|
|
"""
|
|
FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
|
|
29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
|
|
EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
|
|
E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
|
|
EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D
|
|
C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F
|
|
83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D
|
|
670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B
|
|
E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9
|
|
DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510
|
|
15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64
|
|
ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7
|
|
ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B
|
|
F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C
|
|
BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31
|
|
43DB5BFC E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF"""
|
|
),
|
|
2,
|
|
384,
|
|
),
|
|
}
|
|
|
|
|
|
class CryptoAlgo(object):
|
|
def __init__(self, name, cipher, mode):
|
|
self.name = name
|
|
self.cipher = cipher
|
|
self.mode = mode
|
|
if self.cipher is not None:
|
|
self.bs = self.cipher.block_size // 8
|
|
|
|
if self.name == "AES-GCM-16ICV":
|
|
self.iv_len = GCM_IV_SIZE
|
|
else:
|
|
self.iv_len = self.bs
|
|
|
|
def encrypt(self, data, key, aad=None):
|
|
iv = os.urandom(self.iv_len)
|
|
if aad is None:
|
|
encryptor = Cipher(
|
|
self.cipher(key), self.mode(iv), default_backend()
|
|
).encryptor()
|
|
return iv + encryptor.update(data) + encryptor.finalize()
|
|
else:
|
|
salt = key[-SALT_SIZE:]
|
|
nonce = salt + iv
|
|
encryptor = Cipher(
|
|
self.cipher(key[:-SALT_SIZE]), self.mode(nonce), default_backend()
|
|
).encryptor()
|
|
encryptor.authenticate_additional_data(aad)
|
|
data = encryptor.update(data) + encryptor.finalize()
|
|
data += encryptor.tag[:GCM_ICV_SIZE]
|
|
return iv + data
|
|
|
|
def decrypt(self, data, key, aad=None, icv=None):
|
|
if aad is None:
|
|
iv = data[: self.iv_len]
|
|
ct = data[self.iv_len :]
|
|
decryptor = Cipher(
|
|
algorithms.AES(key), self.mode(iv), default_backend()
|
|
).decryptor()
|
|
return decryptor.update(ct) + decryptor.finalize()
|
|
else:
|
|
salt = key[-SALT_SIZE:]
|
|
nonce = salt + data[:GCM_IV_SIZE]
|
|
ct = data[GCM_IV_SIZE:]
|
|
key = key[:-SALT_SIZE]
|
|
decryptor = Cipher(
|
|
algorithms.AES(key), self.mode(nonce, icv, len(icv)), default_backend()
|
|
).decryptor()
|
|
decryptor.authenticate_additional_data(aad)
|
|
return decryptor.update(ct) + decryptor.finalize()
|
|
|
|
def pad(self, data):
|
|
pad_len = (len(data) // self.bs + 1) * self.bs - len(data)
|
|
data = data + b"\x00" * (pad_len - 1)
|
|
return data + bytes([pad_len - 1])
|
|
|
|
|
|
class AuthAlgo(object):
|
|
def __init__(self, name, mac, mod, key_len, trunc_len=None):
|
|
self.name = name
|
|
self.mac = mac
|
|
self.mod = mod
|
|
self.key_len = key_len
|
|
self.trunc_len = trunc_len or key_len
|
|
|
|
|
|
CRYPTO_ALGOS = {
|
|
"NULL": CryptoAlgo("NULL", cipher=None, mode=None),
|
|
"AES-CBC": CryptoAlgo("AES-CBC", cipher=algorithms.AES, mode=modes.CBC),
|
|
"AES-GCM-16ICV": CryptoAlgo("AES-GCM-16ICV", cipher=algorithms.AES, mode=modes.GCM),
|
|
}
|
|
|
|
AUTH_ALGOS = {
|
|
"NULL": AuthAlgo("NULL", mac=None, mod=None, key_len=0, trunc_len=0),
|
|
"HMAC-SHA1-96": AuthAlgo("HMAC-SHA1-96", hmac.HMAC, hashes.SHA1, 20, 12),
|
|
"SHA2-256-128": AuthAlgo("SHA2-256-128", hmac.HMAC, hashes.SHA256, 32, 16),
|
|
"SHA2-384-192": AuthAlgo("SHA2-384-192", hmac.HMAC, hashes.SHA256, 48, 24),
|
|
"SHA2-512-256": AuthAlgo("SHA2-512-256", hmac.HMAC, hashes.SHA256, 64, 32),
|
|
}
|
|
|
|
PRF_ALGOS = {
|
|
"NULL": AuthAlgo("NULL", mac=None, mod=None, key_len=0, trunc_len=0),
|
|
"PRF_HMAC_SHA2_256": AuthAlgo("PRF_HMAC_SHA2_256", hmac.HMAC, hashes.SHA256, 32),
|
|
}
|
|
|
|
CRYPTO_IDS = {
|
|
12: "AES-CBC",
|
|
20: "AES-GCM-16ICV",
|
|
}
|
|
|
|
INTEG_IDS = {
|
|
2: "HMAC-SHA1-96",
|
|
12: "SHA2-256-128",
|
|
13: "SHA2-384-192",
|
|
14: "SHA2-512-256",
|
|
}
|
|
|
|
|
|
class IKEv2ChildSA(object):
|
|
def __init__(self, local_ts, remote_ts, is_initiator):
|
|
spi = os.urandom(4)
|
|
if is_initiator:
|
|
self.ispi = spi
|
|
self.rspi = None
|
|
else:
|
|
self.rspi = spi
|
|
self.ispi = None
|
|
self.local_ts = local_ts
|
|
self.remote_ts = remote_ts
|
|
|
|
|
|
class IKEv2SA(object):
|
|
def __init__(
|
|
self,
|
|
test,
|
|
is_initiator=True,
|
|
i_id=None,
|
|
r_id=None,
|
|
spi=b"\x01\x02\x03\x04\x05\x06\x07\x08",
|
|
id_type="fqdn",
|
|
nonce=None,
|
|
auth_data=None,
|
|
local_ts=None,
|
|
remote_ts=None,
|
|
auth_method="shared-key",
|
|
priv_key=None,
|
|
i_natt=False,
|
|
r_natt=False,
|
|
udp_encap=False,
|
|
):
|
|
self.udp_encap = udp_encap
|
|
self.i_natt = i_natt
|
|
self.r_natt = r_natt
|
|
if i_natt or r_natt:
|
|
self.sport = 4500
|
|
self.dport = 4500
|
|
else:
|
|
self.sport = 500
|
|
self.dport = 500
|
|
self.msg_id = 0
|
|
self.dh_params = None
|
|
self.test = test
|
|
self.priv_key = priv_key
|
|
self.is_initiator = is_initiator
|
|
nonce = nonce or os.urandom(32)
|
|
self.auth_data = auth_data
|
|
self.i_id = i_id
|
|
self.r_id = r_id
|
|
if isinstance(id_type, str):
|
|
self.id_type = IDType.value(id_type)
|
|
else:
|
|
self.id_type = id_type
|
|
self.auth_method = auth_method
|
|
if self.is_initiator:
|
|
self.rspi = 8 * b"\x00"
|
|
self.ispi = spi
|
|
self.i_nonce = nonce
|
|
else:
|
|
self.rspi = spi
|
|
self.ispi = 8 * b"\x00"
|
|
self.r_nonce = nonce
|
|
self.child_sas = [IKEv2ChildSA(local_ts, remote_ts, self.is_initiator)]
|
|
|
|
def new_msg_id(self):
|
|
self.msg_id += 1
|
|
return self.msg_id
|
|
|
|
@property
|
|
def my_dh_pub_key(self):
|
|
if self.is_initiator:
|
|
return self.i_dh_data
|
|
return self.r_dh_data
|
|
|
|
@property
|
|
def peer_dh_pub_key(self):
|
|
if self.is_initiator:
|
|
return self.r_dh_data
|
|
return self.i_dh_data
|
|
|
|
@property
|
|
def natt(self):
|
|
return self.i_natt or self.r_natt
|
|
|
|
def compute_secret(self):
|
|
priv = self.dh_private_key
|
|
peer = self.peer_dh_pub_key
|
|
p, g, l = self.ike_group
|
|
return pow(
|
|
int.from_bytes(peer, "big"), int.from_bytes(priv, "big"), p
|
|
).to_bytes(l, "big")
|
|
|
|
def generate_dh_data(self):
|
|
# generate DH keys
|
|
if self.ike_dh not in DH:
|
|
raise NotImplementedError("%s not in DH group" % self.ike_dh)
|
|
|
|
if self.dh_params is None:
|
|
dhg = DH[self.ike_dh]
|
|
pn = dh.DHParameterNumbers(dhg[0], dhg[1])
|
|
self.dh_params = pn.parameters(default_backend())
|
|
|
|
priv = self.dh_params.generate_private_key()
|
|
pub = priv.public_key()
|
|
x = priv.private_numbers().x
|
|
self.dh_private_key = x.to_bytes(priv.key_size // 8, "big")
|
|
y = pub.public_numbers().y
|
|
|
|
if self.is_initiator:
|
|
self.i_dh_data = y.to_bytes(pub.key_size // 8, "big")
|
|
else:
|
|
self.r_dh_data = y.to_bytes(pub.key_size // 8, "big")
|
|
|
|
def complete_dh_data(self):
|
|
self.dh_shared_secret = self.compute_secret()
|
|
|
|
def calc_child_keys(self, kex=False):
|
|
prf = self.ike_prf_alg.mod()
|
|
s = self.i_nonce + self.r_nonce
|
|
if kex:
|
|
s = self.dh_shared_secret + s
|
|
c = self.child_sas[0]
|
|
|
|
encr_key_len = self.esp_crypto_key_len
|
|
integ_key_len = self.esp_integ_alg.key_len
|
|
salt_len = 0 if integ_key_len else 4
|
|
|
|
l = integ_key_len * 2 + encr_key_len * 2 + salt_len * 2
|
|
keymat = self.calc_prfplus(prf, self.sk_d, s, l)
|
|
|
|
pos = 0
|
|
c.sk_ei = keymat[pos : pos + encr_key_len]
|
|
pos += encr_key_len
|
|
|
|
if integ_key_len:
|
|
c.sk_ai = keymat[pos : pos + integ_key_len]
|
|
pos += integ_key_len
|
|
else:
|
|
c.salt_ei = keymat[pos : pos + salt_len]
|
|
pos += salt_len
|
|
|
|
c.sk_er = keymat[pos : pos + encr_key_len]
|
|
pos += encr_key_len
|
|
|
|
if integ_key_len:
|
|
c.sk_ar = keymat[pos : pos + integ_key_len]
|
|
pos += integ_key_len
|
|
else:
|
|
c.salt_er = keymat[pos : pos + salt_len]
|
|
pos += salt_len
|
|
|
|
def calc_prfplus(self, prf, key, seed, length):
|
|
r = b""
|
|
t = None
|
|
x = 1
|
|
while len(r) < length and x < 255:
|
|
if t is not None:
|
|
s = t
|
|
else:
|
|
s = b""
|
|
s = s + seed + bytes([x])
|
|
t = self.calc_prf(prf, key, s)
|
|
r = r + t
|
|
x = x + 1
|
|
|
|
if x == 255:
|
|
return None
|
|
return r
|
|
|
|
def calc_prf(self, prf, key, data):
|
|
h = self.ike_prf_alg.mac(key, prf, backend=default_backend())
|
|
h.update(data)
|
|
return h.finalize()
|
|
|
|
def calc_keys(self):
|
|
prf = self.ike_prf_alg.mod()
|
|
# SKEYSEED = prf(Ni | Nr, g^ir)
|
|
s = self.i_nonce + self.r_nonce
|
|
self.skeyseed = self.calc_prf(prf, s, self.dh_shared_secret)
|
|
|
|
# calculate S = Ni | Nr | SPIi SPIr
|
|
s = s + self.ispi + self.rspi
|
|
|
|
prf_key_trunc = self.ike_prf_alg.trunc_len
|
|
encr_key_len = self.ike_crypto_key_len
|
|
tr_prf_key_len = self.ike_prf_alg.key_len
|
|
integ_key_len = self.ike_integ_alg.key_len
|
|
if integ_key_len == 0:
|
|
salt_size = 4
|
|
else:
|
|
salt_size = 0
|
|
|
|
l = (
|
|
prf_key_trunc
|
|
+ integ_key_len * 2
|
|
+ encr_key_len * 2
|
|
+ tr_prf_key_len * 2
|
|
+ salt_size * 2
|
|
)
|
|
keymat = self.calc_prfplus(prf, self.skeyseed, s, l)
|
|
|
|
pos = 0
|
|
self.sk_d = keymat[: pos + prf_key_trunc]
|
|
pos += prf_key_trunc
|
|
|
|
self.sk_ai = keymat[pos : pos + integ_key_len]
|
|
pos += integ_key_len
|
|
self.sk_ar = keymat[pos : pos + integ_key_len]
|
|
pos += integ_key_len
|
|
|
|
self.sk_ei = keymat[pos : pos + encr_key_len + salt_size]
|
|
pos += encr_key_len + salt_size
|
|
self.sk_er = keymat[pos : pos + encr_key_len + salt_size]
|
|
pos += encr_key_len + salt_size
|
|
|
|
self.sk_pi = keymat[pos : pos + tr_prf_key_len]
|
|
pos += tr_prf_key_len
|
|
self.sk_pr = keymat[pos : pos + tr_prf_key_len]
|
|
|
|
def generate_authmsg(self, prf, packet):
|
|
if self.is_initiator:
|
|
id = self.i_id
|
|
nonce = self.r_nonce
|
|
key = self.sk_pi
|
|
else:
|
|
id = self.r_id
|
|
nonce = self.i_nonce
|
|
key = self.sk_pr
|
|
data = bytes([self.id_type, 0, 0, 0]) + id
|
|
id_hash = self.calc_prf(prf, key, data)
|
|
return packet + nonce + id_hash
|
|
|
|
def auth_init(self):
|
|
prf = self.ike_prf_alg.mod()
|
|
if self.is_initiator:
|
|
packet = self.init_req_packet
|
|
else:
|
|
packet = self.init_resp_packet
|
|
authmsg = self.generate_authmsg(prf, raw(packet))
|
|
if self.auth_method == "shared-key":
|
|
psk = self.calc_prf(prf, self.auth_data, KEY_PAD)
|
|
self.auth_data = self.calc_prf(prf, psk, authmsg)
|
|
elif self.auth_method == "rsa-sig":
|
|
self.auth_data = self.priv_key.sign(
|
|
authmsg, padding.PKCS1v15(), hashes.SHA1()
|
|
)
|
|
else:
|
|
raise TypeError("unknown auth method type!")
|
|
|
|
def encrypt(self, data, aad=None):
|
|
data = self.ike_crypto_alg.pad(data)
|
|
return self.ike_crypto_alg.encrypt(data, self.my_cryptokey, aad)
|
|
|
|
@property
|
|
def peer_authkey(self):
|
|
if self.is_initiator:
|
|
return self.sk_ar
|
|
return self.sk_ai
|
|
|
|
@property
|
|
def my_authkey(self):
|
|
if self.is_initiator:
|
|
return self.sk_ai
|
|
return self.sk_ar
|
|
|
|
@property
|
|
def my_cryptokey(self):
|
|
if self.is_initiator:
|
|
return self.sk_ei
|
|
return self.sk_er
|
|
|
|
@property
|
|
def peer_cryptokey(self):
|
|
if self.is_initiator:
|
|
return self.sk_er
|
|
return self.sk_ei
|
|
|
|
def concat(self, alg, key_len):
|
|
return alg + "-" + str(key_len * 8)
|
|
|
|
@property
|
|
def vpp_ike_cypto_alg(self):
|
|
return self.concat(self.ike_crypto, self.ike_crypto_key_len)
|
|
|
|
@property
|
|
def vpp_esp_cypto_alg(self):
|
|
return self.concat(self.esp_crypto, self.esp_crypto_key_len)
|
|
|
|
def verify_hmac(self, ikemsg):
|
|
integ_trunc = self.ike_integ_alg.trunc_len
|
|
exp_hmac = ikemsg[-integ_trunc:]
|
|
data = ikemsg[:-integ_trunc]
|
|
computed_hmac = self.compute_hmac(
|
|
self.ike_integ_alg.mod(), self.peer_authkey, data
|
|
)
|
|
self.test.assertEqual(computed_hmac[:integ_trunc], exp_hmac)
|
|
|
|
def compute_hmac(self, integ, key, data):
|
|
h = self.ike_integ_alg.mac(key, integ, backend=default_backend())
|
|
h.update(data)
|
|
return h.finalize()
|
|
|
|
def decrypt(self, data, aad=None, icv=None):
|
|
return self.ike_crypto_alg.decrypt(data, self.peer_cryptokey, aad, icv)
|
|
|
|
def hmac_and_decrypt(self, ike):
|
|
ep = ike[ikev2.IKEv2_payload_Encrypted]
|
|
if self.ike_crypto == "AES-GCM-16ICV":
|
|
aad_len = len(ikev2.IKEv2_payload_Encrypted()) + len(ikev2.IKEv2())
|
|
ct = ep.load[:-GCM_ICV_SIZE]
|
|
tag = ep.load[-GCM_ICV_SIZE:]
|
|
plain = self.decrypt(ct, raw(ike)[:aad_len], tag)
|
|
else:
|
|
self.verify_hmac(raw(ike))
|
|
integ_trunc = self.ike_integ_alg.trunc_len
|
|
|
|
# remove ICV and decrypt payload
|
|
ct = ep.load[:-integ_trunc]
|
|
plain = self.decrypt(ct)
|
|
# remove padding
|
|
pad_len = plain[-1]
|
|
return plain[: -pad_len - 1]
|
|
|
|
def build_ts_addr(self, ts, version):
|
|
return {
|
|
"starting_address_v" + version: ts["start_addr"],
|
|
"ending_address_v" + version: ts["end_addr"],
|
|
}
|
|
|
|
def generate_ts(self, is_ip4):
|
|
c = self.child_sas[0]
|
|
ts_data = {"IP_protocol_ID": 0, "start_port": 0, "end_port": 0xFFFF}
|
|
if is_ip4:
|
|
ts_data.update(self.build_ts_addr(c.local_ts, "4"))
|
|
ts1 = ikev2.IPv4TrafficSelector(**ts_data)
|
|
ts_data.update(self.build_ts_addr(c.remote_ts, "4"))
|
|
ts2 = ikev2.IPv4TrafficSelector(**ts_data)
|
|
else:
|
|
ts_data.update(self.build_ts_addr(c.local_ts, "6"))
|
|
ts1 = ikev2.IPv6TrafficSelector(**ts_data)
|
|
ts_data.update(self.build_ts_addr(c.remote_ts, "6"))
|
|
ts2 = ikev2.IPv6TrafficSelector(**ts_data)
|
|
|
|
if self.is_initiator:
|
|
return ([ts1], [ts2])
|
|
return ([ts2], [ts1])
|
|
|
|
def set_ike_props(self, crypto, crypto_key_len, integ, prf, dh):
|
|
if crypto not in CRYPTO_ALGOS:
|
|
raise TypeError("unsupported encryption algo %r" % crypto)
|
|
self.ike_crypto = crypto
|
|
self.ike_crypto_alg = CRYPTO_ALGOS[crypto]
|
|
self.ike_crypto_key_len = crypto_key_len
|
|
|
|
if integ not in AUTH_ALGOS:
|
|
raise TypeError("unsupported auth algo %r" % integ)
|
|
self.ike_integ = None if integ == "NULL" else integ
|
|
self.ike_integ_alg = AUTH_ALGOS[integ]
|
|
|
|
if prf not in PRF_ALGOS:
|
|
raise TypeError("unsupported prf algo %r" % prf)
|
|
self.ike_prf = prf
|
|
self.ike_prf_alg = PRF_ALGOS[prf]
|
|
self.ike_dh = dh
|
|
self.ike_group = DH[self.ike_dh]
|
|
|
|
def set_esp_props(self, crypto, crypto_key_len, integ):
|
|
self.esp_crypto_key_len = crypto_key_len
|
|
if crypto not in CRYPTO_ALGOS:
|
|
raise TypeError("unsupported encryption algo %r" % crypto)
|
|
self.esp_crypto = crypto
|
|
self.esp_crypto_alg = CRYPTO_ALGOS[crypto]
|
|
|
|
if integ not in AUTH_ALGOS:
|
|
raise TypeError("unsupported auth algo %r" % integ)
|
|
self.esp_integ = None if integ == "NULL" else integ
|
|
self.esp_integ_alg = AUTH_ALGOS[integ]
|
|
|
|
def crypto_attr(self, key_len):
|
|
if self.ike_crypto in ["AES-CBC", "AES-GCM-16ICV"]:
|
|
return (0x800E << 16 | key_len << 3, 12)
|
|
else:
|
|
raise Exception("unsupported attribute type")
|
|
|
|
def ike_crypto_attr(self):
|
|
return self.crypto_attr(self.ike_crypto_key_len)
|
|
|
|
def esp_crypto_attr(self):
|
|
return self.crypto_attr(self.esp_crypto_key_len)
|
|
|
|
def compute_nat_sha1(self, ip, port, rspi=None):
|
|
if rspi is None:
|
|
rspi = self.rspi
|
|
data = self.ispi + rspi + ip + (port).to_bytes(2, "big")
|
|
digest = hashes.Hash(hashes.SHA1(), backend=default_backend())
|
|
digest.update(data)
|
|
return digest.finalize()
|
|
|
|
|
|
class IkePeer(VppTestCase):
|
|
"""common class for initiator and responder"""
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
import scapy.contrib.ikev2 as _ikev2
|
|
|
|
globals()["ikev2"] = _ikev2
|
|
super(IkePeer, cls).setUpClass()
|
|
cls.create_pg_interfaces(range(2))
|
|
for i in cls.pg_interfaces:
|
|
i.admin_up()
|
|
i.config_ip4()
|
|
i.resolve_arp()
|
|
i.config_ip6()
|
|
i.resolve_ndp()
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
super(IkePeer, cls).tearDownClass()
|
|
|
|
def tearDown(self):
|
|
super(IkePeer, self).tearDown()
|
|
if self.del_sa_from_responder:
|
|
self.initiate_del_sa_from_responder()
|
|
else:
|
|
self.initiate_del_sa_from_initiator()
|
|
r = self.vapi.ikev2_sa_dump()
|
|
self.assertEqual(len(r), 0)
|
|
sas = self.vapi.ipsec_sa_dump()
|
|
self.assertEqual(len(sas), 0)
|
|
self.p.remove_vpp_config()
|
|
self.assertIsNone(self.p.query_vpp_config())
|
|
|
|
def setUp(self):
|
|
super(IkePeer, self).setUp()
|
|
self.config_tc()
|
|
self.p.add_vpp_config()
|
|
self.assertIsNotNone(self.p.query_vpp_config())
|
|
if self.sa.is_initiator:
|
|
self.sa.generate_dh_data()
|
|
self.vapi.cli("ikev2 set logging level 4")
|
|
self.vapi.cli("event-lo clear")
|
|
|
|
def assert_counter(self, count, name, version="ip4"):
|
|
node_name = "/err/ikev2-%s/" % version + name
|
|
self.assertEqual(count, self.statistics.get_err_counter(node_name))
|
|
|
|
def create_rekey_request(self, kex=False):
|
|
sa, first_payload = self.generate_auth_payload(is_rekey=True, kex=kex)
|
|
header = ikev2.IKEv2(
|
|
init_SPI=self.sa.ispi,
|
|
resp_SPI=self.sa.rspi,
|
|
id=self.sa.new_msg_id(),
|
|
flags="Initiator",
|
|
exch_type="CREATE_CHILD_SA",
|
|
)
|
|
|
|
ike_msg = self.encrypt_ike_msg(header, sa, first_payload)
|
|
return self.create_packet(
|
|
self.pg0, ike_msg, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
|
|
)
|
|
|
|
def create_empty_request(self):
|
|
header = ikev2.IKEv2(
|
|
init_SPI=self.sa.ispi,
|
|
resp_SPI=self.sa.rspi,
|
|
id=self.sa.new_msg_id(),
|
|
flags="Initiator",
|
|
exch_type="INFORMATIONAL",
|
|
next_payload="Encrypted",
|
|
)
|
|
|
|
msg = self.encrypt_ike_msg(header, b"", None)
|
|
return self.create_packet(
|
|
self.pg0, msg, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
|
|
)
|
|
|
|
def create_packet(
|
|
self, src_if, msg, sport=500, dport=500, natt=False, use_ip6=False
|
|
):
|
|
if use_ip6:
|
|
src_ip = src_if.remote_ip6
|
|
dst_ip = src_if.local_ip6
|
|
ip_layer = IPv6
|
|
else:
|
|
src_ip = src_if.remote_ip4
|
|
dst_ip = src_if.local_ip4
|
|
ip_layer = IP
|
|
res = (
|
|
Ether(dst=src_if.local_mac, src=src_if.remote_mac)
|
|
/ ip_layer(src=src_ip, dst=dst_ip)
|
|
/ UDP(sport=sport, dport=dport)
|
|
)
|
|
if natt:
|
|
# insert non ESP marker
|
|
res = res / Raw(b"\x00" * 4)
|
|
return res / msg
|
|
|
|
def verify_udp(self, udp):
|
|
self.assertEqual(udp.sport, self.sa.sport)
|
|
self.assertEqual(udp.dport, self.sa.dport)
|
|
|
|
def get_ike_header(self, packet):
|
|
try:
|
|
ih = packet[ikev2.IKEv2]
|
|
ih = self.verify_and_remove_non_esp_marker(ih)
|
|
except IndexError as e:
|
|
# this is a workaround for getting IKEv2 layer as both ikev2 and
|
|
# ipsec register for port 4500
|
|
esp = packet[ESP]
|
|
ih = self.verify_and_remove_non_esp_marker(esp)
|
|
self.assertEqual(ih.version, 0x20)
|
|
self.assertNotIn("Version", ih.flags)
|
|
return ih
|
|
|
|
def verify_and_remove_non_esp_marker(self, packet):
|
|
if self.sa.natt:
|
|
# if we are in nat traversal mode check for non esp marker
|
|
# and remove it
|
|
data = raw(packet)
|
|
self.assertEqual(data[:4], b"\x00" * 4)
|
|
return ikev2.IKEv2(data[4:])
|
|
else:
|
|
return packet
|
|
|
|
def encrypt_ike_msg(self, header, plain, first_payload):
|
|
if self.sa.ike_crypto == "AES-GCM-16ICV":
|
|
data = self.sa.ike_crypto_alg.pad(raw(plain))
|
|
plen = (
|
|
len(data)
|
|
+ GCM_IV_SIZE
|
|
+ GCM_ICV_SIZE
|
|
+ len(ikev2.IKEv2_payload_Encrypted())
|
|
)
|
|
tlen = plen + len(ikev2.IKEv2())
|
|
|
|
# prepare aad data
|
|
sk_p = ikev2.IKEv2_payload_Encrypted(
|
|
next_payload=first_payload, length=plen
|
|
)
|
|
header.length = tlen
|
|
res = header / sk_p
|
|
encr = self.sa.encrypt(raw(plain), raw(res))
|
|
sk_p = ikev2.IKEv2_payload_Encrypted(
|
|
next_payload=first_payload, length=plen, load=encr
|
|
)
|
|
res = header / sk_p
|
|
else:
|
|
encr = self.sa.encrypt(raw(plain))
|
|
trunc_len = self.sa.ike_integ_alg.trunc_len
|
|
plen = len(encr) + len(ikev2.IKEv2_payload_Encrypted()) + trunc_len
|
|
tlen = plen + len(ikev2.IKEv2())
|
|
|
|
sk_p = ikev2.IKEv2_payload_Encrypted(
|
|
next_payload=first_payload, length=plen, load=encr
|
|
)
|
|
header.length = tlen
|
|
res = header / sk_p
|
|
|
|
integ_data = raw(res)
|
|
hmac_data = self.sa.compute_hmac(
|
|
self.sa.ike_integ_alg.mod(), self.sa.my_authkey, integ_data
|
|
)
|
|
res = res / Raw(hmac_data[:trunc_len])
|
|
assert len(res) == tlen
|
|
return res
|
|
|
|
def verify_udp_encap(self, ipsec_sa):
|
|
e = VppEnum.vl_api_ipsec_sad_flags_t
|
|
if self.sa.udp_encap or self.sa.natt:
|
|
self.assertIn(e.IPSEC_API_SAD_FLAG_UDP_ENCAP, ipsec_sa.flags)
|
|
else:
|
|
self.assertNotIn(e.IPSEC_API_SAD_FLAG_UDP_ENCAP, ipsec_sa.flags)
|
|
|
|
def verify_ipsec_sas(self, is_rekey=False, sa_count=None):
|
|
sas = self.vapi.ipsec_sa_dump()
|
|
if sa_count is None:
|
|
if is_rekey:
|
|
# after rekey there is a short period of time in which old
|
|
# inbound SA is still present
|
|
sa_count = 3
|
|
else:
|
|
sa_count = 2
|
|
self.assertEqual(len(sas), sa_count)
|
|
if self.sa.is_initiator:
|
|
if is_rekey:
|
|
sa0 = sas[0].entry
|
|
sa1 = sas[2].entry
|
|
else:
|
|
sa0 = sas[0].entry
|
|
sa1 = sas[1].entry
|
|
else:
|
|
if is_rekey:
|
|
sa0 = sas[2].entry
|
|
sa1 = sas[0].entry
|
|
else:
|
|
sa1 = sas[0].entry
|
|
sa0 = sas[1].entry
|
|
|
|
c = self.sa.child_sas[0]
|
|
|
|
self.verify_udp_encap(sa0)
|
|
self.verify_udp_encap(sa1)
|
|
vpp_crypto_alg = self.vpp_enums[self.sa.vpp_esp_cypto_alg]
|
|
self.assertEqual(sa0.crypto_algorithm, vpp_crypto_alg)
|
|
self.assertEqual(sa1.crypto_algorithm, vpp_crypto_alg)
|
|
|
|
if self.sa.esp_integ is None:
|
|
vpp_integ_alg = 0
|
|
else:
|
|
vpp_integ_alg = self.vpp_enums[self.sa.esp_integ]
|
|
self.assertEqual(sa0.integrity_algorithm, vpp_integ_alg)
|
|
self.assertEqual(sa1.integrity_algorithm, vpp_integ_alg)
|
|
|
|
# verify crypto keys
|
|
self.assertEqual(sa0.crypto_key.length, len(c.sk_er))
|
|
self.assertEqual(sa1.crypto_key.length, len(c.sk_ei))
|
|
self.assertEqual(sa0.crypto_key.data[: len(c.sk_er)], c.sk_er)
|
|
self.assertEqual(sa1.crypto_key.data[: len(c.sk_ei)], c.sk_ei)
|
|
|
|
# verify integ keys
|
|
if vpp_integ_alg:
|
|
self.assertEqual(sa0.integrity_key.length, len(c.sk_ar))
|
|
self.assertEqual(sa1.integrity_key.length, len(c.sk_ai))
|
|
self.assertEqual(sa0.integrity_key.data[: len(c.sk_ar)], c.sk_ar)
|
|
self.assertEqual(sa1.integrity_key.data[: len(c.sk_ai)], c.sk_ai)
|
|
else:
|
|
self.assertEqual(sa0.salt.to_bytes(4, "little"), c.salt_er)
|
|
self.assertEqual(sa1.salt.to_bytes(4, "little"), c.salt_ei)
|
|
|
|
def verify_keymat(self, api_keys, keys, name):
|
|
km = getattr(keys, name)
|
|
api_km = getattr(api_keys, name)
|
|
api_km_len = getattr(api_keys, name + "_len")
|
|
self.assertEqual(len(km), api_km_len)
|
|
self.assertEqual(km, api_km[:api_km_len])
|
|
|
|
def verify_id(self, api_id, exp_id):
|
|
self.assertEqual(api_id.type, IDType.value(exp_id.type))
|
|
self.assertEqual(api_id.data_len, exp_id.data_len)
|
|
self.assertEqual(bytes(api_id.data, "ascii"), exp_id.type)
|
|
|
|
def verify_ike_sas(self):
|
|
r = self.vapi.ikev2_sa_dump()
|
|
self.assertEqual(len(r), 1)
|
|
sa = r[0].sa
|
|
self.assertEqual(self.sa.ispi, (sa.ispi).to_bytes(8, "big"))
|
|
self.assertEqual(self.sa.rspi, (sa.rspi).to_bytes(8, "big"))
|
|
if self.ip6:
|
|
if self.sa.is_initiator:
|
|
self.assertEqual(sa.iaddr, IPv6Address(self.pg0.remote_ip6))
|
|
self.assertEqual(sa.raddr, IPv6Address(self.pg0.local_ip6))
|
|
else:
|
|
self.assertEqual(sa.iaddr, IPv6Address(self.pg0.local_ip6))
|
|
self.assertEqual(sa.raddr, IPv6Address(self.pg0.remote_ip6))
|
|
else:
|
|
if self.sa.is_initiator:
|
|
self.assertEqual(sa.iaddr, IPv4Address(self.pg0.remote_ip4))
|
|
self.assertEqual(sa.raddr, IPv4Address(self.pg0.local_ip4))
|
|
else:
|
|
self.assertEqual(sa.iaddr, IPv4Address(self.pg0.local_ip4))
|
|
self.assertEqual(sa.raddr, IPv4Address(self.pg0.remote_ip4))
|
|
self.verify_keymat(sa.keys, self.sa, "sk_d")
|
|
self.verify_keymat(sa.keys, self.sa, "sk_ai")
|
|
self.verify_keymat(sa.keys, self.sa, "sk_ar")
|
|
self.verify_keymat(sa.keys, self.sa, "sk_ei")
|
|
self.verify_keymat(sa.keys, self.sa, "sk_er")
|
|
self.verify_keymat(sa.keys, self.sa, "sk_pi")
|
|
self.verify_keymat(sa.keys, self.sa, "sk_pr")
|
|
|
|
self.assertEqual(sa.i_id.type, self.sa.id_type)
|
|
self.assertEqual(sa.r_id.type, self.sa.id_type)
|
|
self.assertEqual(sa.i_id.data_len, len(self.sa.i_id))
|
|
self.assertEqual(sa.r_id.data_len, len(self.idr))
|
|
self.assertEqual(bytes(sa.i_id.data, "ascii"), self.sa.i_id)
|
|
self.assertEqual(bytes(sa.r_id.data, "ascii"), self.idr)
|
|
|
|
r = self.vapi.ikev2_child_sa_dump(sa_index=sa.sa_index)
|
|
self.assertEqual(len(r), 1)
|
|
csa = r[0].child_sa
|
|
self.assertEqual(csa.sa_index, sa.sa_index)
|
|
c = self.sa.child_sas[0]
|
|
if hasattr(c, "sk_ai"):
|
|
self.verify_keymat(csa.keys, c, "sk_ai")
|
|
self.verify_keymat(csa.keys, c, "sk_ar")
|
|
self.verify_keymat(csa.keys, c, "sk_ei")
|
|
self.verify_keymat(csa.keys, c, "sk_er")
|
|
self.assertEqual(csa.i_spi.to_bytes(4, "big"), c.ispi)
|
|
self.assertEqual(csa.r_spi.to_bytes(4, "big"), c.rspi)
|
|
|
|
tsi, tsr = self.sa.generate_ts(self.p.ts_is_ip4)
|
|
tsi = tsi[0]
|
|
tsr = tsr[0]
|
|
r = self.vapi.ikev2_traffic_selector_dump(
|
|
is_initiator=True, sa_index=sa.sa_index, child_sa_index=csa.child_sa_index
|
|
)
|
|
self.assertEqual(len(r), 1)
|
|
ts = r[0].ts
|
|
self.verify_ts(r[0].ts, tsi[0], True)
|
|
|
|
r = self.vapi.ikev2_traffic_selector_dump(
|
|
is_initiator=False, sa_index=sa.sa_index, child_sa_index=csa.child_sa_index
|
|
)
|
|
self.assertEqual(len(r), 1)
|
|
self.verify_ts(r[0].ts, tsr[0], False)
|
|
|
|
n = self.vapi.ikev2_nonce_get(is_initiator=True, sa_index=sa.sa_index)
|
|
self.verify_nonce(n, self.sa.i_nonce)
|
|
n = self.vapi.ikev2_nonce_get(is_initiator=False, sa_index=sa.sa_index)
|
|
self.verify_nonce(n, self.sa.r_nonce)
|
|
|
|
def verify_nonce(self, api_nonce, nonce):
|
|
self.assertEqual(api_nonce.data_len, len(nonce))
|
|
self.assertEqual(api_nonce.nonce, nonce)
|
|
|
|
def verify_ts(self, api_ts, ts, is_initiator):
|
|
if is_initiator:
|
|
self.assertTrue(api_ts.is_local)
|
|
else:
|
|
self.assertFalse(api_ts.is_local)
|
|
|
|
if self.p.ts_is_ip4:
|
|
self.assertEqual(api_ts.start_addr, IPv4Address(ts.starting_address_v4))
|
|
self.assertEqual(api_ts.end_addr, IPv4Address(ts.ending_address_v4))
|
|
else:
|
|
self.assertEqual(api_ts.start_addr, IPv6Address(ts.starting_address_v6))
|
|
self.assertEqual(api_ts.end_addr, IPv6Address(ts.ending_address_v6))
|
|
self.assertEqual(api_ts.start_port, ts.start_port)
|
|
self.assertEqual(api_ts.end_port, ts.end_port)
|
|
self.assertEqual(api_ts.protocol_id, ts.IP_protocol_ID)
|
|
|
|
|
|
class TemplateInitiator(IkePeer):
|
|
"""initiator test template"""
|
|
|
|
def initiate_del_sa_from_initiator(self):
|
|
ispi = int.from_bytes(self.sa.ispi, "little")
|
|
self.pg0.enable_capture()
|
|
self.pg_start()
|
|
self.vapi.ikev2_initiate_del_ike_sa(ispi=ispi)
|
|
capture = self.pg0.get_capture(1)
|
|
ih = self.get_ike_header(capture[0])
|
|
self.assertNotIn("Response", ih.flags)
|
|
self.assertIn("Initiator", ih.flags)
|
|
self.assertEqual(ih.init_SPI, self.sa.ispi)
|
|
self.assertEqual(ih.resp_SPI, self.sa.rspi)
|
|
plain = self.sa.hmac_and_decrypt(ih)
|
|
d = ikev2.IKEv2_payload_Delete(plain)
|
|
self.assertEqual(d.proto, 1) # proto=IKEv2
|
|
header = ikev2.IKEv2(
|
|
init_SPI=self.sa.ispi,
|
|
resp_SPI=self.sa.rspi,
|
|
flags="Response",
|
|
exch_type="INFORMATIONAL",
|
|
id=ih.id,
|
|
next_payload="Encrypted",
|
|
)
|
|
resp = self.encrypt_ike_msg(header, b"", None)
|
|
self.send_and_assert_no_replies(self.pg0, resp)
|
|
|
|
def verify_del_sa(self, packet):
|
|
ih = self.get_ike_header(packet)
|
|
self.assertEqual(ih.id, self.sa.msg_id)
|
|
self.assertEqual(ih.exch_type, 37) # exchange informational
|
|
self.assertIn("Response", ih.flags)
|
|
self.assertIn("Initiator", ih.flags)
|
|
plain = self.sa.hmac_and_decrypt(ih)
|
|
self.assertEqual(plain, b"")
|
|
|
|
def initiate_del_sa_from_responder(self):
|
|
header = ikev2.IKEv2(
|
|
init_SPI=self.sa.ispi,
|
|
resp_SPI=self.sa.rspi,
|
|
exch_type="INFORMATIONAL",
|
|
id=self.sa.new_msg_id(),
|
|
)
|
|
del_sa = ikev2.IKEv2_payload_Delete(proto="IKEv2")
|
|
ike_msg = self.encrypt_ike_msg(header, del_sa, "Delete")
|
|
packet = self.create_packet(
|
|
self.pg0, ike_msg, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
|
|
)
|
|
self.pg0.add_stream(packet)
|
|
self.pg0.enable_capture()
|
|
self.pg_start()
|
|
capture = self.pg0.get_capture(1)
|
|
self.verify_del_sa(capture[0])
|
|
|
|
@staticmethod
|
|
def find_notify_payload(packet, notify_type):
|
|
n = packet[ikev2.IKEv2_payload_Notify]
|
|
while n is not None:
|
|
if n.type == notify_type:
|
|
return n
|
|
n = n.payload
|
|
return None
|
|
|
|
def verify_nat_detection(self, packet):
|
|
if self.ip6:
|
|
iph = packet[IPv6]
|
|
else:
|
|
iph = packet[IP]
|
|
udp = packet[UDP]
|
|
|
|
# NAT_DETECTION_SOURCE_IP
|
|
s = self.find_notify_payload(packet, 16388)
|
|
self.assertIsNotNone(s)
|
|
src_sha = self.sa.compute_nat_sha1(
|
|
inet_pton(socket.AF_INET, iph.src), udp.sport, b"\x00" * 8
|
|
)
|
|
self.assertEqual(s.load, src_sha)
|
|
|
|
# NAT_DETECTION_DESTINATION_IP
|
|
s = self.find_notify_payload(packet, 16389)
|
|
self.assertIsNotNone(s)
|
|
dst_sha = self.sa.compute_nat_sha1(
|
|
inet_pton(socket.AF_INET, iph.dst), udp.dport, b"\x00" * 8
|
|
)
|
|
self.assertEqual(s.load, dst_sha)
|
|
|
|
def verify_sa_init_request(self, packet):
|
|
udp = packet[UDP]
|
|
self.sa.dport = udp.sport
|
|
ih = packet[ikev2.IKEv2]
|
|
self.assertNotEqual(ih.init_SPI, 8 * b"\x00")
|
|
self.assertEqual(ih.exch_type, 34) # SA_INIT
|
|
self.sa.ispi = ih.init_SPI
|
|
self.assertEqual(ih.resp_SPI, 8 * b"\x00")
|
|
self.assertIn("Initiator", ih.flags)
|
|
self.assertNotIn("Response", ih.flags)
|
|
self.sa.i_nonce = ih[ikev2.IKEv2_payload_Nonce].load
|
|
self.sa.i_dh_data = ih[ikev2.IKEv2_payload_KE].load
|
|
|
|
prop = packet[ikev2.IKEv2_payload_Proposal]
|
|
self.assertEqual(prop.proto, 1) # proto = ikev2
|
|
self.assertEqual(prop.proposal, 1)
|
|
self.assertEqual(prop.trans[0].transform_type, 1) # encryption
|
|
self.assertEqual(
|
|
prop.trans[0].transform_id, self.p.ike_transforms["crypto_alg"]
|
|
)
|
|
self.assertEqual(prop.trans[1].transform_type, 2) # prf
|
|
self.assertEqual(prop.trans[1].transform_id, 5) # "hmac-sha2-256"
|
|
self.assertEqual(prop.trans[2].transform_type, 4) # dh
|
|
self.assertEqual(prop.trans[2].transform_id, self.p.ike_transforms["dh_group"])
|
|
|
|
self.verify_nat_detection(packet)
|
|
self.sa.set_ike_props(
|
|
crypto="AES-GCM-16ICV",
|
|
crypto_key_len=32,
|
|
integ="NULL",
|
|
prf="PRF_HMAC_SHA2_256",
|
|
dh="3072MODPgr",
|
|
)
|
|
self.sa.set_esp_props(crypto="AES-CBC", crypto_key_len=32, integ="SHA2-256-128")
|
|
self.sa.generate_dh_data()
|
|
self.sa.complete_dh_data()
|
|
self.sa.calc_keys()
|
|
|
|
def update_esp_transforms(self, trans, sa):
|
|
while trans:
|
|
if trans.transform_type == 1: # ecryption
|
|
sa.esp_crypto = CRYPTO_IDS[trans.transform_id]
|
|
elif trans.transform_type == 3: # integrity
|
|
sa.esp_integ = INTEG_IDS[trans.transform_id]
|
|
trans = trans.payload
|
|
|
|
def verify_sa_auth_req(self, packet):
|
|
udp = packet[UDP]
|
|
self.sa.dport = udp.sport
|
|
ih = self.get_ike_header(packet)
|
|
self.assertEqual(ih.resp_SPI, self.sa.rspi)
|
|
self.assertEqual(ih.init_SPI, self.sa.ispi)
|
|
self.assertEqual(ih.exch_type, 35) # IKE_AUTH
|
|
self.assertIn("Initiator", ih.flags)
|
|
self.assertNotIn("Response", ih.flags)
|
|
|
|
udp = packet[UDP]
|
|
self.verify_udp(udp)
|
|
self.assertEqual(ih.id, self.sa.msg_id + 1)
|
|
self.sa.msg_id += 1
|
|
plain = self.sa.hmac_and_decrypt(ih)
|
|
idi = ikev2.IKEv2_payload_IDi(plain)
|
|
self.assertEqual(idi.load, self.sa.i_id)
|
|
if self.no_idr_auth:
|
|
self.assertEqual(idi.next_payload, 39) # AUTH
|
|
else:
|
|
idr = ikev2.IKEv2_payload_IDr(idi.payload)
|
|
self.assertEqual(idr.load, self.sa.r_id)
|
|
prop = idi[ikev2.IKEv2_payload_Proposal]
|
|
c = self.sa.child_sas[0]
|
|
c.ispi = prop.SPI
|
|
self.update_esp_transforms(prop[ikev2.IKEv2_payload_Transform], self.sa)
|
|
|
|
def send_init_response(self):
|
|
tr_attr = self.sa.ike_crypto_attr()
|
|
trans = (
|
|
ikev2.IKEv2_payload_Transform(
|
|
transform_type="Encryption",
|
|
transform_id=self.sa.ike_crypto,
|
|
length=tr_attr[1],
|
|
key_length=tr_attr[0],
|
|
)
|
|
/ ikev2.IKEv2_payload_Transform(
|
|
transform_type="Integrity", transform_id=self.sa.ike_integ
|
|
)
|
|
/ ikev2.IKEv2_payload_Transform(
|
|
transform_type="PRF", transform_id=self.sa.ike_prf_alg.name
|
|
)
|
|
/ ikev2.IKEv2_payload_Transform(
|
|
transform_type="GroupDesc", transform_id=self.sa.ike_dh
|
|
)
|
|
)
|
|
props = ikev2.IKEv2_payload_Proposal(
|
|
proposal=1, proto="IKEv2", trans_nb=4, trans=trans
|
|
)
|
|
|
|
src_address = inet_pton(socket.AF_INET, self.pg0.remote_ip4)
|
|
if self.sa.natt:
|
|
dst_address = b"\x0a\x0a\x0a\x0a"
|
|
else:
|
|
dst_address = inet_pton(socket.AF_INET, self.pg0.local_ip4)
|
|
src_nat = self.sa.compute_nat_sha1(src_address, self.sa.sport)
|
|
dst_nat = self.sa.compute_nat_sha1(dst_address, self.sa.dport)
|
|
|
|
self.sa.init_resp_packet = (
|
|
ikev2.IKEv2(
|
|
init_SPI=self.sa.ispi,
|
|
resp_SPI=self.sa.rspi,
|
|
exch_type="IKE_SA_INIT",
|
|
flags="Response",
|
|
)
|
|
/ ikev2.IKEv2_payload_SA(next_payload="KE", prop=props)
|
|
/ ikev2.IKEv2_payload_KE(
|
|
next_payload="Nonce", group=self.sa.ike_dh, load=self.sa.my_dh_pub_key
|
|
)
|
|
/ ikev2.IKEv2_payload_Nonce(load=self.sa.r_nonce, next_payload="Notify")
|
|
/ ikev2.IKEv2_payload_Notify(
|
|
type="NAT_DETECTION_SOURCE_IP", load=src_nat, next_payload="Notify"
|
|
)
|
|
/ ikev2.IKEv2_payload_Notify(
|
|
type="NAT_DETECTION_DESTINATION_IP", load=dst_nat
|
|
)
|
|
)
|
|
|
|
ike_msg = self.create_packet(
|
|
self.pg0,
|
|
self.sa.init_resp_packet,
|
|
self.sa.sport,
|
|
self.sa.dport,
|
|
False,
|
|
self.ip6,
|
|
)
|
|
self.pg_send(self.pg0, ike_msg)
|
|
capture = self.pg0.get_capture(1)
|
|
self.verify_sa_auth_req(capture[0])
|
|
|
|
def initiate_sa_init(self):
|
|
self.pg0.enable_capture()
|
|
self.pg_start()
|
|
self.vapi.ikev2_initiate_sa_init(name=self.p.profile_name)
|
|
|
|
capture = self.pg0.get_capture(1)
|
|
self.verify_sa_init_request(capture[0])
|
|
self.send_init_response()
|
|
|
|
def send_auth_response(self):
|
|
tr_attr = self.sa.esp_crypto_attr()
|
|
trans = (
|
|
ikev2.IKEv2_payload_Transform(
|
|
transform_type="Encryption",
|
|
transform_id=self.sa.esp_crypto,
|
|
length=tr_attr[1],
|
|
key_length=tr_attr[0],
|
|
)
|
|
/ ikev2.IKEv2_payload_Transform(
|
|
transform_type="Integrity", transform_id=self.sa.esp_integ
|
|
)
|
|
/ ikev2.IKEv2_payload_Transform(
|
|
transform_type="Extended Sequence Number", transform_id="No ESN"
|
|
)
|
|
/ ikev2.IKEv2_payload_Transform(
|
|
transform_type="Extended Sequence Number", transform_id="ESN"
|
|
)
|
|
)
|
|
|
|
c = self.sa.child_sas[0]
|
|
props = ikev2.IKEv2_payload_Proposal(
|
|
proposal=1, proto="ESP", SPIsize=4, SPI=c.rspi, trans_nb=4, trans=trans
|
|
)
|
|
|
|
tsi, tsr = self.sa.generate_ts(self.p.ts_is_ip4)
|
|
plain = (
|
|
ikev2.IKEv2_payload_IDi(
|
|
next_payload="IDr", IDtype=self.sa.id_type, load=self.sa.i_id
|
|
)
|
|
/ ikev2.IKEv2_payload_IDr(
|
|
next_payload="AUTH", IDtype=self.sa.id_type, load=self.sa.r_id
|
|
)
|
|
/ ikev2.IKEv2_payload_AUTH(
|
|
next_payload="SA",
|
|
auth_type=AuthMethod.value(self.sa.auth_method),
|
|
load=self.sa.auth_data,
|
|
)
|
|
/ ikev2.IKEv2_payload_SA(next_payload="TSi", prop=props)
|
|
/ ikev2.IKEv2_payload_TSi(
|
|
next_payload="TSr", number_of_TSs=len(tsi), traffic_selector=tsi
|
|
)
|
|
/ ikev2.IKEv2_payload_TSr(
|
|
next_payload="Notify", number_of_TSs=len(tsr), traffic_selector=tsr
|
|
)
|
|
/ ikev2.IKEv2_payload_Notify(type="INITIAL_CONTACT")
|
|
)
|
|
|
|
header = ikev2.IKEv2(
|
|
init_SPI=self.sa.ispi,
|
|
resp_SPI=self.sa.rspi,
|
|
id=self.sa.new_msg_id(),
|
|
flags="Response",
|
|
exch_type="IKE_AUTH",
|
|
)
|
|
|
|
ike_msg = self.encrypt_ike_msg(header, plain, "IDi")
|
|
packet = self.create_packet(
|
|
self.pg0, ike_msg, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
|
|
)
|
|
self.pg_send(self.pg0, packet)
|
|
|
|
def test_initiator(self):
|
|
self.initiate_sa_init()
|
|
self.sa.auth_init()
|
|
self.sa.calc_child_keys()
|
|
self.send_auth_response()
|
|
self.verify_ike_sas()
|
|
|
|
|
|
class TemplateResponder(IkePeer):
|
|
"""responder test template"""
|
|
|
|
def initiate_del_sa_from_responder(self):
|
|
self.pg0.enable_capture()
|
|
self.pg_start()
|
|
self.vapi.ikev2_initiate_del_ike_sa(ispi=int.from_bytes(self.sa.ispi, "little"))
|
|
capture = self.pg0.get_capture(1)
|
|
ih = self.get_ike_header(capture[0])
|
|
self.assertNotIn("Response", ih.flags)
|
|
self.assertNotIn("Initiator", ih.flags)
|
|
self.assertEqual(ih.exch_type, 37) # INFORMATIONAL
|
|
plain = self.sa.hmac_and_decrypt(ih)
|
|
d = ikev2.IKEv2_payload_Delete(plain)
|
|
self.assertEqual(d.proto, 1) # proto=IKEv2
|
|
self.assertEqual(ih.init_SPI, self.sa.ispi)
|
|
self.assertEqual(ih.resp_SPI, self.sa.rspi)
|
|
header = ikev2.IKEv2(
|
|
init_SPI=self.sa.ispi,
|
|
resp_SPI=self.sa.rspi,
|
|
flags="Initiator+Response",
|
|
exch_type="INFORMATIONAL",
|
|
id=ih.id,
|
|
next_payload="Encrypted",
|
|
)
|
|
resp = self.encrypt_ike_msg(header, b"", None)
|
|
self.send_and_assert_no_replies(self.pg0, resp)
|
|
|
|
def verify_del_sa(self, packet):
|
|
ih = self.get_ike_header(packet)
|
|
self.assertEqual(ih.id, self.sa.msg_id)
|
|
self.assertEqual(ih.exch_type, 37) # exchange informational
|
|
self.assertIn("Response", ih.flags)
|
|
self.assertNotIn("Initiator", ih.flags)
|
|
self.assertEqual(ih.next_payload, 46) # Encrypted
|
|
self.assertEqual(ih.init_SPI, self.sa.ispi)
|
|
self.assertEqual(ih.resp_SPI, self.sa.rspi)
|
|
plain = self.sa.hmac_and_decrypt(ih)
|
|
self.assertEqual(plain, b"")
|
|
|
|
def initiate_del_sa_from_initiator(self):
|
|
header = ikev2.IKEv2(
|
|
init_SPI=self.sa.ispi,
|
|
resp_SPI=self.sa.rspi,
|
|
flags="Initiator",
|
|
exch_type="INFORMATIONAL",
|
|
id=self.sa.new_msg_id(),
|
|
)
|
|
del_sa = ikev2.IKEv2_payload_Delete(proto="IKEv2")
|
|
ike_msg = self.encrypt_ike_msg(header, del_sa, "Delete")
|
|
packet = self.create_packet(
|
|
self.pg0, ike_msg, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
|
|
)
|
|
self.pg0.add_stream(packet)
|
|
self.pg0.enable_capture()
|
|
self.pg_start()
|
|
capture = self.pg0.get_capture(1)
|
|
self.verify_del_sa(capture[0])
|
|
|
|
def send_sa_init_req(self):
|
|
tr_attr = self.sa.ike_crypto_attr()
|
|
trans = (
|
|
ikev2.IKEv2_payload_Transform(
|
|
transform_type="Encryption",
|
|
transform_id=self.sa.ike_crypto,
|
|
length=tr_attr[1],
|
|
key_length=tr_attr[0],
|
|
)
|
|
/ ikev2.IKEv2_payload_Transform(
|
|
transform_type="Integrity", transform_id=self.sa.ike_integ
|
|
)
|
|
/ ikev2.IKEv2_payload_Transform(
|
|
transform_type="PRF", transform_id=self.sa.ike_prf_alg.name
|
|
)
|
|
/ ikev2.IKEv2_payload_Transform(
|
|
transform_type="GroupDesc", transform_id=self.sa.ike_dh
|
|
)
|
|
)
|
|
|
|
props = ikev2.IKEv2_payload_Proposal(
|
|
proposal=1, proto="IKEv2", trans_nb=4, trans=trans
|
|
)
|
|
|
|
next_payload = None if self.ip6 else "Notify"
|
|
|
|
self.sa.init_req_packet = (
|
|
ikev2.IKEv2(
|
|
init_SPI=self.sa.ispi, flags="Initiator", exch_type="IKE_SA_INIT"
|
|
)
|
|
/ ikev2.IKEv2_payload_SA(next_payload="KE", prop=props)
|
|
/ ikev2.IKEv2_payload_KE(
|
|
next_payload="Nonce", group=self.sa.ike_dh, load=self.sa.my_dh_pub_key
|
|
)
|
|
/ ikev2.IKEv2_payload_Nonce(next_payload=next_payload, load=self.sa.i_nonce)
|
|
)
|
|
|
|
if not self.ip6:
|
|
if self.sa.i_natt:
|
|
src_address = b"\x0a\x0a\x0a\x01"
|
|
else:
|
|
src_address = inet_pton(socket.AF_INET, self.pg0.remote_ip4)
|
|
|
|
if self.sa.r_natt:
|
|
dst_address = b"\x0a\x0a\x0a\x0a"
|
|
else:
|
|
dst_address = inet_pton(socket.AF_INET, self.pg0.local_ip4)
|
|
|
|
src_nat = self.sa.compute_nat_sha1(src_address, self.sa.sport)
|
|
dst_nat = self.sa.compute_nat_sha1(dst_address, self.sa.dport)
|
|
nat_src_detection = ikev2.IKEv2_payload_Notify(
|
|
type="NAT_DETECTION_SOURCE_IP", load=src_nat, next_payload="Notify"
|
|
)
|
|
nat_dst_detection = ikev2.IKEv2_payload_Notify(
|
|
type="NAT_DETECTION_DESTINATION_IP", load=dst_nat
|
|
)
|
|
self.sa.init_req_packet = (
|
|
self.sa.init_req_packet / nat_src_detection / nat_dst_detection
|
|
)
|
|
|
|
ike_msg = self.create_packet(
|
|
self.pg0,
|
|
self.sa.init_req_packet,
|
|
self.sa.sport,
|
|
self.sa.dport,
|
|
self.sa.natt,
|
|
self.ip6,
|
|
)
|
|
self.pg0.add_stream(ike_msg)
|
|
self.pg0.enable_capture()
|
|
self.pg_start()
|
|
capture = self.pg0.get_capture(1)
|
|
self.verify_sa_init(capture[0])
|
|
|
|
def generate_auth_payload(self, last_payload=None, is_rekey=False, kex=False):
|
|
tr_attr = self.sa.esp_crypto_attr()
|
|
last_payload = last_payload or "Notify"
|
|
trans_nb = 4
|
|
trans = (
|
|
ikev2.IKEv2_payload_Transform(
|
|
transform_type="Encryption",
|
|
transform_id=self.sa.esp_crypto,
|
|
length=tr_attr[1],
|
|
key_length=tr_attr[0],
|
|
)
|
|
/ ikev2.IKEv2_payload_Transform(
|
|
transform_type="Integrity", transform_id=self.sa.esp_integ
|
|
)
|
|
/ ikev2.IKEv2_payload_Transform(
|
|
transform_type="Extended Sequence Number", transform_id="No ESN"
|
|
)
|
|
/ ikev2.IKEv2_payload_Transform(
|
|
transform_type="Extended Sequence Number", transform_id="ESN"
|
|
)
|
|
)
|
|
|
|
if kex:
|
|
trans_nb += 1
|
|
trans /= ikev2.IKEv2_payload_Transform(
|
|
transform_type="GroupDesc", transform_id=self.sa.ike_dh
|
|
)
|
|
|
|
c = self.sa.child_sas[0]
|
|
props = ikev2.IKEv2_payload_Proposal(
|
|
proposal=1,
|
|
proto="ESP",
|
|
SPIsize=4,
|
|
SPI=c.ispi,
|
|
trans_nb=trans_nb,
|
|
trans=trans,
|
|
)
|
|
|
|
tsi, tsr = self.sa.generate_ts(self.p.ts_is_ip4)
|
|
plain = (
|
|
ikev2.IKEv2_payload_AUTH(
|
|
next_payload="SA",
|
|
auth_type=AuthMethod.value(self.sa.auth_method),
|
|
load=self.sa.auth_data,
|
|
)
|
|
/ ikev2.IKEv2_payload_SA(next_payload="TSi", prop=props)
|
|
/ ikev2.IKEv2_payload_TSi(
|
|
next_payload="TSr", number_of_TSs=len(tsi), traffic_selector=tsi
|
|
)
|
|
/ ikev2.IKEv2_payload_TSr(
|
|
next_payload=last_payload, number_of_TSs=len(tsr), traffic_selector=tsr
|
|
)
|
|
)
|
|
|
|
if is_rekey:
|
|
first_payload = "Nonce"
|
|
if kex:
|
|
head = ikev2.IKEv2_payload_Nonce(
|
|
load=self.sa.i_nonce, next_payload="KE"
|
|
) / ikev2.IKEv2_payload_KE(
|
|
group=self.sa.ike_dh, load=self.sa.my_dh_pub_key, next_payload="SA"
|
|
)
|
|
else:
|
|
head = ikev2.IKEv2_payload_Nonce(
|
|
load=self.sa.i_nonce, next_payload="SA"
|
|
)
|
|
plain = (
|
|
head
|
|
/ plain
|
|
/ ikev2.IKEv2_payload_Notify(
|
|
type="REKEY_SA",
|
|
proto="ESP",
|
|
SPI=c.ispi,
|
|
length=8 + len(c.ispi),
|
|
next_payload="Notify",
|
|
)
|
|
/ ikev2.IKEv2_payload_Notify(type="ESP_TFC_PADDING_NOT_SUPPORTED")
|
|
)
|
|
else:
|
|
first_payload = "IDi"
|
|
if self.no_idr_auth:
|
|
ids = ikev2.IKEv2_payload_IDi(
|
|
next_payload="AUTH", IDtype=self.sa.id_type, load=self.sa.i_id
|
|
)
|
|
else:
|
|
ids = ikev2.IKEv2_payload_IDi(
|
|
next_payload="IDr", IDtype=self.sa.id_type, load=self.sa.i_id
|
|
) / ikev2.IKEv2_payload_IDr(
|
|
next_payload="AUTH", IDtype=self.sa.id_type, load=self.sa.r_id
|
|
)
|
|
plain = ids / plain
|
|
return plain, first_payload
|
|
|
|
def send_sa_auth(self):
|
|
plain, first_payload = self.generate_auth_payload(last_payload="Notify")
|
|
plain = plain / ikev2.IKEv2_payload_Notify(type="INITIAL_CONTACT")
|
|
header = ikev2.IKEv2(
|
|
init_SPI=self.sa.ispi,
|
|
resp_SPI=self.sa.rspi,
|
|
id=self.sa.new_msg_id(),
|
|
flags="Initiator",
|
|
exch_type="IKE_AUTH",
|
|
)
|
|
|
|
ike_msg = self.encrypt_ike_msg(header, plain, first_payload)
|
|
packet = self.create_packet(
|
|
self.pg0, ike_msg, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
|
|
)
|
|
self.pg0.add_stream(packet)
|
|
self.pg0.enable_capture()
|
|
self.pg_start()
|
|
capture = self.pg0.get_capture(1)
|
|
self.verify_sa_auth_resp(capture[0])
|
|
|
|
def verify_sa_init(self, packet):
|
|
ih = self.get_ike_header(packet)
|
|
|
|
self.assertEqual(ih.id, self.sa.msg_id)
|
|
self.assertEqual(ih.exch_type, 34)
|
|
self.assertIn("Response", ih.flags)
|
|
self.assertEqual(ih.init_SPI, self.sa.ispi)
|
|
self.assertNotEqual(ih.resp_SPI, 0)
|
|
self.sa.rspi = ih.resp_SPI
|
|
try:
|
|
sa = ih[ikev2.IKEv2_payload_SA]
|
|
self.sa.r_nonce = ih[ikev2.IKEv2_payload_Nonce].load
|
|
self.sa.r_dh_data = ih[ikev2.IKEv2_payload_KE].load
|
|
except IndexError as e:
|
|
self.logger.error("unexpected reply: SA/Nonce/KE payload found!")
|
|
self.logger.error(ih.show())
|
|
raise
|
|
self.sa.complete_dh_data()
|
|
self.sa.calc_keys()
|
|
self.sa.auth_init()
|
|
|
|
def verify_sa_auth_resp(self, packet):
|
|
ike = self.get_ike_header(packet)
|
|
udp = packet[UDP]
|
|
self.verify_udp(udp)
|
|
self.assertEqual(ike.id, self.sa.msg_id)
|
|
plain = self.sa.hmac_and_decrypt(ike)
|
|
idr = ikev2.IKEv2_payload_IDr(plain)
|
|
prop = idr[ikev2.IKEv2_payload_Proposal]
|
|
self.assertEqual(prop.SPIsize, 4)
|
|
self.sa.child_sas[0].rspi = prop.SPI
|
|
self.sa.calc_child_keys()
|
|
|
|
IKE_NODE_SUFFIX = "ip4"
|
|
|
|
def verify_counters(self):
|
|
self.assert_counter(2, "processed", self.IKE_NODE_SUFFIX)
|
|
self.assert_counter(1, "init_sa_req", self.IKE_NODE_SUFFIX)
|
|
self.assert_counter(1, "ike_auth_req", self.IKE_NODE_SUFFIX)
|
|
|
|
r = self.vapi.ikev2_sa_dump()
|
|
s = r[0].sa.stats
|
|
self.assertEqual(1, s.n_sa_auth_req)
|
|
self.assertEqual(1, s.n_sa_init_req)
|
|
|
|
def test_responder(self):
|
|
self.send_sa_init_req()
|
|
self.send_sa_auth()
|
|
self.verify_ipsec_sas()
|
|
self.verify_ike_sas()
|
|
self.verify_counters()
|
|
|
|
|
|
class Ikev2Params(object):
|
|
def config_params(self, params={}):
|
|
ec = VppEnum.vl_api_ipsec_crypto_alg_t
|
|
ei = VppEnum.vl_api_ipsec_integ_alg_t
|
|
self.vpp_enums = {
|
|
"AES-CBC-128": ec.IPSEC_API_CRYPTO_ALG_AES_CBC_128,
|
|
"AES-CBC-192": ec.IPSEC_API_CRYPTO_ALG_AES_CBC_192,
|
|
"AES-CBC-256": ec.IPSEC_API_CRYPTO_ALG_AES_CBC_256,
|
|
"AES-GCM-16ICV-128": ec.IPSEC_API_CRYPTO_ALG_AES_GCM_128,
|
|
"AES-GCM-16ICV-192": ec.IPSEC_API_CRYPTO_ALG_AES_GCM_192,
|
|
"AES-GCM-16ICV-256": ec.IPSEC_API_CRYPTO_ALG_AES_GCM_256,
|
|
"HMAC-SHA1-96": ei.IPSEC_API_INTEG_ALG_SHA1_96,
|
|
"SHA2-256-128": ei.IPSEC_API_INTEG_ALG_SHA_256_128,
|
|
"SHA2-384-192": ei.IPSEC_API_INTEG_ALG_SHA_384_192,
|
|
"SHA2-512-256": ei.IPSEC_API_INTEG_ALG_SHA_512_256,
|
|
}
|
|
|
|
dpd_disabled = True if "dpd_disabled" not in params else params["dpd_disabled"]
|
|
if dpd_disabled:
|
|
self.vapi.cli("ikev2 dpd disable")
|
|
self.del_sa_from_responder = (
|
|
False
|
|
if "del_sa_from_responder" not in params
|
|
else params["del_sa_from_responder"]
|
|
)
|
|
i_natt = False if "i_natt" not in params else params["i_natt"]
|
|
r_natt = False if "r_natt" not in params else params["r_natt"]
|
|
self.p = Profile(self, "pr1")
|
|
self.ip6 = False if "ip6" not in params else params["ip6"]
|
|
|
|
if "auth" in params and params["auth"] == "rsa-sig":
|
|
auth_method = "rsa-sig"
|
|
work_dir = f"{config.vpp_ws_dir}/src/plugins/ikev2/test/certs/"
|
|
self.vapi.ikev2_set_local_key(key_file=work_dir + params["server-key"])
|
|
|
|
client_file = work_dir + params["client-cert"]
|
|
server_pem = open(work_dir + params["server-cert"]).read()
|
|
client_priv = open(work_dir + params["client-key"]).read()
|
|
client_priv = load_pem_private_key(
|
|
str.encode(client_priv), None, default_backend()
|
|
)
|
|
self.peer_cert = x509.load_pem_x509_certificate(
|
|
str.encode(server_pem), default_backend()
|
|
)
|
|
self.p.add_auth(method="rsa-sig", data=str.encode(client_file))
|
|
auth_data = None
|
|
else:
|
|
auth_data = b"$3cr3tpa$$w0rd"
|
|
self.p.add_auth(method="shared-key", data=auth_data)
|
|
auth_method = "shared-key"
|
|
client_priv = None
|
|
|
|
is_init = True if "is_initiator" not in params else params["is_initiator"]
|
|
self.no_idr_auth = params.get("no_idr_in_auth", False)
|
|
|
|
idr = {"id_type": "fqdn", "data": b"vpp.home"}
|
|
idi = {"id_type": "fqdn", "data": b"roadwarrior.example.com"}
|
|
r_id = self.idr = idr["data"]
|
|
i_id = self.idi = idi["data"]
|
|
if is_init:
|
|
# scapy is initiator, VPP is responder
|
|
self.p.add_local_id(**idr)
|
|
self.p.add_remote_id(**idi)
|
|
if self.no_idr_auth:
|
|
r_id = None
|
|
else:
|
|
# VPP is initiator, scapy is responder
|
|
self.p.add_local_id(**idi)
|
|
if not self.no_idr_auth:
|
|
self.p.add_remote_id(**idr)
|
|
|
|
loc_ts = (
|
|
{"start_addr": "10.10.10.0", "end_addr": "10.10.10.255"}
|
|
if "loc_ts" not in params
|
|
else params["loc_ts"]
|
|
)
|
|
rem_ts = (
|
|
{"start_addr": "10.0.0.0", "end_addr": "10.0.0.255"}
|
|
if "rem_ts" not in params
|
|
else params["rem_ts"]
|
|
)
|
|
self.p.add_local_ts(**loc_ts)
|
|
self.p.add_remote_ts(**rem_ts)
|
|
if "responder" in params:
|
|
self.p.add_responder(params["responder"])
|
|
if "ike_transforms" in params:
|
|
self.p.add_ike_transforms(params["ike_transforms"])
|
|
if "esp_transforms" in params:
|
|
self.p.add_esp_transforms(params["esp_transforms"])
|
|
|
|
udp_encap = False if "udp_encap" not in params else params["udp_encap"]
|
|
if udp_encap:
|
|
self.p.set_udp_encap(True)
|
|
|
|
if "responder_hostname" in params:
|
|
hn = params["responder_hostname"]
|
|
self.p.add_responder_hostname(hn)
|
|
|
|
# configure static dns record
|
|
self.vapi.dns_name_server_add_del(
|
|
is_ip6=0, is_add=1, server_address=IPv4Address("8.8.8.8").packed
|
|
)
|
|
self.vapi.dns_enable_disable(enable=1)
|
|
|
|
cmd = "dns cache add {} {}".format(hn["hostname"], self.pg0.remote_ip4)
|
|
self.vapi.cli(cmd)
|
|
|
|
self.sa = IKEv2SA(
|
|
self,
|
|
i_id=i_id,
|
|
r_id=r_id,
|
|
is_initiator=is_init,
|
|
id_type=self.p.local_id["id_type"],
|
|
i_natt=i_natt,
|
|
r_natt=r_natt,
|
|
priv_key=client_priv,
|
|
auth_method=auth_method,
|
|
nonce=params.get("nonce"),
|
|
auth_data=auth_data,
|
|
udp_encap=udp_encap,
|
|
local_ts=self.p.remote_ts,
|
|
remote_ts=self.p.local_ts,
|
|
)
|
|
|
|
if is_init:
|
|
ike_crypto = (
|
|
("AES-CBC", 32) if "ike-crypto" not in params else params["ike-crypto"]
|
|
)
|
|
ike_integ = (
|
|
"HMAC-SHA1-96" if "ike-integ" not in params else params["ike-integ"]
|
|
)
|
|
ike_dh = "2048MODPgr" if "ike-dh" not in params else params["ike-dh"]
|
|
|
|
esp_crypto = (
|
|
("AES-CBC", 32) if "esp-crypto" not in params else params["esp-crypto"]
|
|
)
|
|
esp_integ = (
|
|
"HMAC-SHA1-96" if "esp-integ" not in params else params["esp-integ"]
|
|
)
|
|
|
|
self.sa.set_ike_props(
|
|
crypto=ike_crypto[0],
|
|
crypto_key_len=ike_crypto[1],
|
|
integ=ike_integ,
|
|
prf="PRF_HMAC_SHA2_256",
|
|
dh=ike_dh,
|
|
)
|
|
self.sa.set_esp_props(
|
|
crypto=esp_crypto[0], crypto_key_len=esp_crypto[1], integ=esp_integ
|
|
)
|
|
|
|
|
|
class TestApi(VppTestCase):
|
|
"""Test IKEV2 API"""
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
super(TestApi, cls).setUpClass()
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
super(TestApi, cls).tearDownClass()
|
|
|
|
def tearDown(self):
|
|
super(TestApi, self).tearDown()
|
|
self.p1.remove_vpp_config()
|
|
self.p2.remove_vpp_config()
|
|
r = self.vapi.ikev2_profile_dump()
|
|
self.assertEqual(len(r), 0)
|
|
|
|
def configure_profile(self, cfg):
|
|
p = Profile(self, cfg["name"])
|
|
p.add_local_id(id_type=cfg["loc_id"][0], data=cfg["loc_id"][1])
|
|
p.add_remote_id(id_type=cfg["rem_id"][0], data=cfg["rem_id"][1])
|
|
p.add_local_ts(**cfg["loc_ts"])
|
|
p.add_remote_ts(**cfg["rem_ts"])
|
|
p.add_responder(cfg["responder"])
|
|
p.add_ike_transforms(cfg["ike_ts"])
|
|
p.add_esp_transforms(cfg["esp_ts"])
|
|
p.add_auth(**cfg["auth"])
|
|
p.set_udp_encap(cfg["udp_encap"])
|
|
p.set_ipsec_over_udp_port(cfg["ipsec_over_udp_port"])
|
|
if "lifetime_data" in cfg:
|
|
p.set_lifetime_data(cfg["lifetime_data"])
|
|
if "tun_itf" in cfg:
|
|
p.set_tunnel_interface(cfg["tun_itf"])
|
|
if "natt_disabled" in cfg and cfg["natt_disabled"]:
|
|
p.disable_natt()
|
|
p.add_vpp_config()
|
|
return p
|
|
|
|
def test_profile_api(self):
|
|
"""test profile dump API"""
|
|
loc_ts4 = {
|
|
"proto": 8,
|
|
"start_port": 1,
|
|
"end_port": 19,
|
|
"start_addr": "3.3.3.2",
|
|
"end_addr": "3.3.3.3",
|
|
}
|
|
rem_ts4 = {
|
|
"proto": 9,
|
|
"start_port": 10,
|
|
"end_port": 119,
|
|
"start_addr": "4.5.76.80",
|
|
"end_addr": "2.3.4.6",
|
|
}
|
|
|
|
loc_ts6 = {
|
|
"proto": 8,
|
|
"start_port": 1,
|
|
"end_port": 19,
|
|
"start_addr": "ab::1",
|
|
"end_addr": "ab::4",
|
|
}
|
|
rem_ts6 = {
|
|
"proto": 9,
|
|
"start_port": 10,
|
|
"end_port": 119,
|
|
"start_addr": "cd::12",
|
|
"end_addr": "cd::13",
|
|
}
|
|
|
|
conf = {
|
|
"p1": {
|
|
"name": "p1",
|
|
"natt_disabled": True,
|
|
"loc_id": ("fqdn", b"vpp.home"),
|
|
"rem_id": ("fqdn", b"roadwarrior.example.com"),
|
|
"loc_ts": loc_ts4,
|
|
"rem_ts": rem_ts4,
|
|
"responder": {"sw_if_index": 0, "addr": "5.6.7.8"},
|
|
"ike_ts": {
|
|
"crypto_alg": 20,
|
|
"crypto_key_size": 32,
|
|
"integ_alg": 0,
|
|
"dh_group": 1,
|
|
},
|
|
"esp_ts": {"crypto_alg": 13, "crypto_key_size": 24, "integ_alg": 2},
|
|
"auth": {"method": "shared-key", "data": b"sharedkeydata"},
|
|
"udp_encap": True,
|
|
"ipsec_over_udp_port": 4501,
|
|
"lifetime_data": {
|
|
"lifetime": 123,
|
|
"lifetime_maxdata": 20192,
|
|
"lifetime_jitter": 9,
|
|
"handover": 132,
|
|
},
|
|
},
|
|
"p2": {
|
|
"name": "p2",
|
|
"loc_id": ("ip4-addr", b"192.168.2.1"),
|
|
"rem_id": ("ip6-addr", b"abcd::1"),
|
|
"loc_ts": loc_ts6,
|
|
"rem_ts": rem_ts6,
|
|
"responder": {"sw_if_index": 4, "addr": "def::10"},
|
|
"ike_ts": {
|
|
"crypto_alg": 12,
|
|
"crypto_key_size": 16,
|
|
"integ_alg": 3,
|
|
"dh_group": 3,
|
|
},
|
|
"esp_ts": {"crypto_alg": 9, "crypto_key_size": 24, "integ_alg": 4},
|
|
"auth": {"method": "shared-key", "data": b"sharedkeydata"},
|
|
"udp_encap": False,
|
|
"ipsec_over_udp_port": 4600,
|
|
"tun_itf": 0,
|
|
},
|
|
}
|
|
self.p1 = self.configure_profile(conf["p1"])
|
|
self.p2 = self.configure_profile(conf["p2"])
|
|
|
|
r = self.vapi.ikev2_profile_dump()
|
|
self.assertEqual(len(r), 2)
|
|
self.verify_profile(r[0].profile, conf["p1"])
|
|
self.verify_profile(r[1].profile, conf["p2"])
|
|
|
|
def verify_id(self, api_id, cfg_id):
|
|
self.assertEqual(api_id.type, IDType.value(cfg_id[0]))
|
|
self.assertEqual(bytes(api_id.data, "ascii"), cfg_id[1])
|
|
|
|
def verify_ts(self, api_ts, cfg_ts):
|
|
self.assertEqual(api_ts.protocol_id, cfg_ts["proto"])
|
|
self.assertEqual(api_ts.start_port, cfg_ts["start_port"])
|
|
self.assertEqual(api_ts.end_port, cfg_ts["end_port"])
|
|
self.assertEqual(api_ts.start_addr, ip_address(text_type(cfg_ts["start_addr"])))
|
|
self.assertEqual(api_ts.end_addr, ip_address(text_type(cfg_ts["end_addr"])))
|
|
|
|
def verify_responder(self, api_r, cfg_r):
|
|
self.assertEqual(api_r.sw_if_index, cfg_r["sw_if_index"])
|
|
self.assertEqual(api_r.addr, ip_address(cfg_r["addr"]))
|
|
|
|
def verify_transforms(self, api_ts, cfg_ts):
|
|
self.assertEqual(api_ts.crypto_alg, cfg_ts["crypto_alg"])
|
|
self.assertEqual(api_ts.crypto_key_size, cfg_ts["crypto_key_size"])
|
|
self.assertEqual(api_ts.integ_alg, cfg_ts["integ_alg"])
|
|
|
|
def verify_ike_transforms(self, api_ts, cfg_ts):
|
|
self.verify_transforms(api_ts, cfg_ts)
|
|
self.assertEqual(api_ts.dh_group, cfg_ts["dh_group"])
|
|
|
|
def verify_esp_transforms(self, api_ts, cfg_ts):
|
|
self.verify_transforms(api_ts, cfg_ts)
|
|
|
|
def verify_auth(self, api_auth, cfg_auth):
|
|
self.assertEqual(api_auth.method, AuthMethod.value(cfg_auth["method"]))
|
|
self.assertEqual(api_auth.data, cfg_auth["data"])
|
|
self.assertEqual(api_auth.data_len, len(cfg_auth["data"]))
|
|
|
|
def verify_lifetime_data(self, p, ld):
|
|
self.assertEqual(p.lifetime, ld["lifetime"])
|
|
self.assertEqual(p.lifetime_maxdata, ld["lifetime_maxdata"])
|
|
self.assertEqual(p.lifetime_jitter, ld["lifetime_jitter"])
|
|
self.assertEqual(p.handover, ld["handover"])
|
|
|
|
def verify_profile(self, ap, cp):
|
|
self.assertEqual(ap.name, cp["name"])
|
|
self.assertEqual(ap.udp_encap, cp["udp_encap"])
|
|
self.verify_id(ap.loc_id, cp["loc_id"])
|
|
self.verify_id(ap.rem_id, cp["rem_id"])
|
|
self.verify_ts(ap.loc_ts, cp["loc_ts"])
|
|
self.verify_ts(ap.rem_ts, cp["rem_ts"])
|
|
self.verify_responder(ap.responder, cp["responder"])
|
|
self.verify_ike_transforms(ap.ike_ts, cp["ike_ts"])
|
|
self.verify_esp_transforms(ap.esp_ts, cp["esp_ts"])
|
|
self.verify_auth(ap.auth, cp["auth"])
|
|
natt_dis = False if "natt_disabled" not in cp else cp["natt_disabled"]
|
|
self.assertTrue(natt_dis == ap.natt_disabled)
|
|
|
|
if "lifetime_data" in cp:
|
|
self.verify_lifetime_data(ap, cp["lifetime_data"])
|
|
self.assertEqual(ap.ipsec_over_udp_port, cp["ipsec_over_udp_port"])
|
|
if "tun_itf" in cp:
|
|
self.assertEqual(ap.tun_itf, cp["tun_itf"])
|
|
else:
|
|
self.assertEqual(ap.tun_itf, 0xFFFFFFFF)
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestResponderBehindNAT(TemplateResponder, Ikev2Params):
|
|
"""test responder - responder behind NAT"""
|
|
|
|
IKE_NODE_SUFFIX = "ip4-natt"
|
|
|
|
def config_tc(self):
|
|
self.config_params({"r_natt": True})
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestInitiatorNATT(TemplateInitiator, Ikev2Params):
|
|
"""test ikev2 initiator - NAT traversal (intitiator behind NAT)"""
|
|
|
|
def config_tc(self):
|
|
self.config_params(
|
|
{
|
|
"i_natt": True,
|
|
"is_initiator": False, # seen from test case perspective
|
|
# thus vpp is initiator
|
|
"responder": {
|
|
"sw_if_index": self.pg0.sw_if_index,
|
|
"addr": self.pg0.remote_ip4,
|
|
},
|
|
"ike-crypto": ("AES-GCM-16ICV", 32),
|
|
"ike-integ": "NULL",
|
|
"ike-dh": "3072MODPgr",
|
|
"ike_transforms": {
|
|
"crypto_alg": 20, # "aes-gcm-16"
|
|
"crypto_key_size": 256,
|
|
"dh_group": 15, # "modp-3072"
|
|
},
|
|
"esp_transforms": {
|
|
"crypto_alg": 12, # "aes-cbc"
|
|
"crypto_key_size": 256,
|
|
# "hmac-sha2-256-128"
|
|
"integ_alg": 12,
|
|
},
|
|
}
|
|
)
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestInitiatorPsk(TemplateInitiator, Ikev2Params):
|
|
"""test ikev2 initiator - pre shared key auth"""
|
|
|
|
def config_tc(self):
|
|
self.config_params(
|
|
{
|
|
"is_initiator": False, # seen from test case perspective
|
|
# thus vpp is initiator
|
|
"ike-crypto": ("AES-GCM-16ICV", 32),
|
|
"ike-integ": "NULL",
|
|
"ike-dh": "3072MODPgr",
|
|
"ike_transforms": {
|
|
"crypto_alg": 20, # "aes-gcm-16"
|
|
"crypto_key_size": 256,
|
|
"dh_group": 15, # "modp-3072"
|
|
},
|
|
"esp_transforms": {
|
|
"crypto_alg": 12, # "aes-cbc"
|
|
"crypto_key_size": 256,
|
|
# "hmac-sha2-256-128"
|
|
"integ_alg": 12,
|
|
},
|
|
"responder_hostname": {
|
|
"hostname": "vpp.responder.org",
|
|
"sw_if_index": self.pg0.sw_if_index,
|
|
},
|
|
}
|
|
)
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestInitiatorRequestWindowSize(TestInitiatorPsk):
|
|
"""test initiator - request window size (1)"""
|
|
|
|
def rekey_respond(self, req, update_child_sa_data):
|
|
ih = self.get_ike_header(req)
|
|
plain = self.sa.hmac_and_decrypt(ih)
|
|
sa = ikev2.IKEv2_payload_SA(plain)
|
|
if update_child_sa_data:
|
|
prop = sa[ikev2.IKEv2_payload_Proposal]
|
|
self.sa.i_nonce = sa[ikev2.IKEv2_payload_Nonce].load
|
|
self.sa.r_nonce = self.sa.i_nonce
|
|
self.sa.child_sas[0].ispi = prop.SPI
|
|
self.sa.child_sas[0].rspi = prop.SPI
|
|
self.sa.calc_child_keys()
|
|
|
|
header = ikev2.IKEv2(
|
|
init_SPI=self.sa.ispi,
|
|
resp_SPI=self.sa.rspi,
|
|
flags="Response",
|
|
exch_type=36,
|
|
id=ih.id,
|
|
next_payload="Encrypted",
|
|
)
|
|
resp = self.encrypt_ike_msg(header, sa, "SA")
|
|
packet = self.create_packet(
|
|
self.pg0, resp, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
|
|
)
|
|
self.send_and_assert_no_replies(self.pg0, packet)
|
|
|
|
def test_initiator(self):
|
|
super(TestInitiatorRequestWindowSize, self).test_initiator()
|
|
self.pg0.enable_capture()
|
|
self.pg_start()
|
|
ispi = int.from_bytes(self.sa.child_sas[0].ispi, "little")
|
|
self.vapi.ikev2_initiate_rekey_child_sa(ispi=ispi)
|
|
self.vapi.ikev2_initiate_rekey_child_sa(ispi=ispi)
|
|
capture = self.pg0.get_capture(2)
|
|
|
|
# reply in reverse order
|
|
self.rekey_respond(capture[1], True)
|
|
self.rekey_respond(capture[0], False)
|
|
|
|
# verify that only the second request was accepted
|
|
self.verify_ike_sas()
|
|
self.verify_ipsec_sas(is_rekey=True)
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestInitiatorRekey(TestInitiatorPsk):
|
|
"""test ikev2 initiator - rekey"""
|
|
|
|
def rekey_from_initiator(self):
|
|
ispi = int.from_bytes(self.sa.child_sas[0].ispi, "little")
|
|
self.pg0.enable_capture()
|
|
self.pg_start()
|
|
self.vapi.ikev2_initiate_rekey_child_sa(ispi=ispi)
|
|
capture = self.pg0.get_capture(1)
|
|
ih = self.get_ike_header(capture[0])
|
|
self.assertEqual(ih.exch_type, 36) # CHILD_SA
|
|
self.assertNotIn("Response", ih.flags)
|
|
self.assertIn("Initiator", ih.flags)
|
|
plain = self.sa.hmac_and_decrypt(ih)
|
|
sa = ikev2.IKEv2_payload_SA(plain)
|
|
prop = sa[ikev2.IKEv2_payload_Proposal]
|
|
self.sa.i_nonce = sa[ikev2.IKEv2_payload_Nonce].load
|
|
self.sa.r_nonce = self.sa.i_nonce
|
|
# update new responder SPI
|
|
self.sa.child_sas[0].ispi = prop.SPI
|
|
self.sa.child_sas[0].rspi = prop.SPI
|
|
self.sa.calc_child_keys()
|
|
header = ikev2.IKEv2(
|
|
init_SPI=self.sa.ispi,
|
|
resp_SPI=self.sa.rspi,
|
|
flags="Response",
|
|
exch_type=36,
|
|
id=ih.id,
|
|
next_payload="Encrypted",
|
|
)
|
|
resp = self.encrypt_ike_msg(header, sa, "SA")
|
|
packet = self.create_packet(
|
|
self.pg0, resp, self.sa.sport, self.sa.dport, self.sa.natt, self.ip6
|
|
)
|
|
self.send_and_assert_no_replies(self.pg0, packet)
|
|
|
|
def test_initiator(self):
|
|
super(TestInitiatorRekey, self).test_initiator()
|
|
self.rekey_from_initiator()
|
|
self.verify_ike_sas()
|
|
self.verify_ipsec_sas(is_rekey=True)
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestInitiatorDelSAFromResponder(TemplateInitiator, Ikev2Params):
|
|
"""test ikev2 initiator - delete IKE SA from responder"""
|
|
|
|
def config_tc(self):
|
|
self.config_params(
|
|
{
|
|
"del_sa_from_responder": True,
|
|
"is_initiator": False, # seen from test case perspective
|
|
# thus vpp is initiator
|
|
"responder": {
|
|
"sw_if_index": self.pg0.sw_if_index,
|
|
"addr": self.pg0.remote_ip4,
|
|
},
|
|
"ike-crypto": ("AES-GCM-16ICV", 32),
|
|
"ike-integ": "NULL",
|
|
"ike-dh": "3072MODPgr",
|
|
"ike_transforms": {
|
|
"crypto_alg": 20, # "aes-gcm-16"
|
|
"crypto_key_size": 256,
|
|
"dh_group": 15, # "modp-3072"
|
|
},
|
|
"esp_transforms": {
|
|
"crypto_alg": 12, # "aes-cbc"
|
|
"crypto_key_size": 256,
|
|
# "hmac-sha2-256-128"
|
|
"integ_alg": 12,
|
|
},
|
|
"no_idr_in_auth": True,
|
|
}
|
|
)
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestResponderInitBehindNATT(TemplateResponder, Ikev2Params):
|
|
"""test ikev2 responder - initiator behind NAT"""
|
|
|
|
IKE_NODE_SUFFIX = "ip4-natt"
|
|
|
|
def config_tc(self):
|
|
self.config_params({"i_natt": True})
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestResponderPsk(TemplateResponder, Ikev2Params):
|
|
"""test ikev2 responder - pre shared key auth"""
|
|
|
|
def config_tc(self):
|
|
self.config_params()
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestResponderDpd(TestResponderPsk):
|
|
"""
|
|
Dead peer detection test
|
|
"""
|
|
|
|
def config_tc(self):
|
|
self.config_params({"dpd_disabled": False})
|
|
|
|
def tearDown(self):
|
|
pass
|
|
|
|
def test_responder(self):
|
|
self.vapi.ikev2_profile_set_liveness(period=2, max_retries=1)
|
|
super(TestResponderDpd, self).test_responder()
|
|
self.pg0.enable_capture()
|
|
self.pg_start()
|
|
# capture empty request but don't reply
|
|
capture = self.pg0.get_capture(expected_count=1, timeout=5)
|
|
ih = self.get_ike_header(capture[0])
|
|
self.assertEqual(ih.exch_type, 37) # INFORMATIONAL
|
|
plain = self.sa.hmac_and_decrypt(ih)
|
|
self.assertEqual(plain, b"")
|
|
# wait for SA expiration
|
|
time.sleep(3)
|
|
ike_sas = self.vapi.ikev2_sa_dump()
|
|
self.assertEqual(len(ike_sas), 0)
|
|
ipsec_sas = self.vapi.ipsec_sa_dump()
|
|
self.assertEqual(len(ipsec_sas), 0)
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestResponderRekey(TestResponderPsk):
|
|
"""test ikev2 responder - rekey"""
|
|
|
|
WITH_KEX = False
|
|
|
|
def send_rekey_from_initiator(self):
|
|
if self.WITH_KEX:
|
|
self.sa.generate_dh_data()
|
|
packet = self.create_rekey_request(kex=self.WITH_KEX)
|
|
self.pg0.add_stream(packet)
|
|
self.pg0.enable_capture()
|
|
self.pg_start()
|
|
capture = self.pg0.get_capture(1)
|
|
return capture
|
|
|
|
def process_rekey_response(self, capture):
|
|
ih = self.get_ike_header(capture[0])
|
|
plain = self.sa.hmac_and_decrypt(ih)
|
|
sa = ikev2.IKEv2_payload_SA(plain)
|
|
prop = sa[ikev2.IKEv2_payload_Proposal]
|
|
self.sa.r_nonce = sa[ikev2.IKEv2_payload_Nonce].load
|
|
# update new responder SPI
|
|
self.sa.child_sas[0].rspi = prop.SPI
|
|
if self.WITH_KEX:
|
|
self.sa.r_dh_data = sa[ikev2.IKEv2_payload_KE].load
|
|
self.sa.complete_dh_data()
|
|
self.sa.calc_child_keys(kex=self.WITH_KEX)
|
|
|
|
def test_responder(self):
|
|
super(TestResponderRekey, self).test_responder()
|
|
self.process_rekey_response(self.send_rekey_from_initiator())
|
|
self.verify_ike_sas()
|
|
self.verify_ipsec_sas(is_rekey=True)
|
|
self.assert_counter(1, "rekey_req", "ip4")
|
|
r = self.vapi.ikev2_sa_dump()
|
|
self.assertEqual(r[0].sa.stats.n_rekey_req, 1)
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestResponderRekeyRepeat(TestResponderRekey):
|
|
"""test ikev2 responder - rekey repeat"""
|
|
|
|
def test_responder(self):
|
|
super(TestResponderRekeyRepeat, self).test_responder()
|
|
# rekey request is not accepted until old IPsec SA is expired
|
|
capture = self.send_rekey_from_initiator()
|
|
ih = self.get_ike_header(capture[0])
|
|
plain = self.sa.hmac_and_decrypt(ih)
|
|
notify = ikev2.IKEv2_payload_Notify(plain)
|
|
self.assertEqual(notify.type, 43)
|
|
self.assertEqual(len(self.vapi.ipsec_sa_dump()), 3)
|
|
# rekey request is accepted after old IPsec SA was expired
|
|
for _ in range(50):
|
|
if len(self.vapi.ipsec_sa_dump()) != 3:
|
|
break
|
|
time.sleep(0.2)
|
|
else:
|
|
self.fail("old IPsec SA not expired")
|
|
self.process_rekey_response(self.send_rekey_from_initiator())
|
|
self.verify_ike_sas()
|
|
self.verify_ipsec_sas(sa_count=3)
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestResponderRekeyKEX(TestResponderRekey):
|
|
"""test ikev2 responder - rekey with key exchange"""
|
|
|
|
WITH_KEX = True
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestResponderRekeyRepeatKEX(TestResponderRekeyRepeat):
|
|
"""test ikev2 responder - rekey repeat with key exchange"""
|
|
|
|
WITH_KEX = True
|
|
|
|
|
|
class TestResponderVrf(TestResponderPsk, Ikev2Params):
|
|
"""test ikev2 responder - non-default table id"""
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
import scapy.contrib.ikev2 as _ikev2
|
|
|
|
globals()["ikev2"] = _ikev2
|
|
super(IkePeer, cls).setUpClass()
|
|
cls.create_pg_interfaces(range(1))
|
|
cls.vapi.cli("ip table add 1")
|
|
cls.vapi.cli("set interface ip table pg0 1")
|
|
for i in cls.pg_interfaces:
|
|
i.admin_up()
|
|
i.config_ip4()
|
|
i.resolve_arp()
|
|
i.config_ip6()
|
|
i.resolve_ndp()
|
|
|
|
def config_tc(self):
|
|
self.config_params({"dpd_disabled": False})
|
|
|
|
def test_responder(self):
|
|
self.vapi.ikev2_profile_set_liveness(period=2, max_retries=1)
|
|
super(TestResponderVrf, self).test_responder()
|
|
self.pg0.enable_capture()
|
|
self.pg_start()
|
|
capture = self.pg0.get_capture(expected_count=1, timeout=5)
|
|
ih = self.get_ike_header(capture[0])
|
|
self.assertEqual(ih.exch_type, 37) # INFORMATIONAL
|
|
plain = self.sa.hmac_and_decrypt(ih)
|
|
self.assertEqual(plain, b"")
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestResponderRsaSign(TemplateResponder, Ikev2Params):
|
|
"""test ikev2 responder - cert based auth"""
|
|
|
|
def config_tc(self):
|
|
self.config_params(
|
|
{
|
|
"udp_encap": True,
|
|
"auth": "rsa-sig",
|
|
"server-key": "server-key.pem",
|
|
"client-key": "client-key.pem",
|
|
"client-cert": "client-cert.pem",
|
|
"server-cert": "server-cert.pem",
|
|
}
|
|
)
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class Test_IKE_AES_CBC_128_SHA256_128_MODP2048_ESP_AES_CBC_192_SHA_384_192(
|
|
TemplateResponder, Ikev2Params
|
|
):
|
|
"""
|
|
IKE:AES_CBC_128_SHA256_128,DH=modp2048 ESP:AES_CBC_192_SHA_384_192
|
|
"""
|
|
|
|
def config_tc(self):
|
|
self.config_params(
|
|
{
|
|
"ike-crypto": ("AES-CBC", 16),
|
|
"ike-integ": "SHA2-256-128",
|
|
"esp-crypto": ("AES-CBC", 24),
|
|
"esp-integ": "SHA2-384-192",
|
|
"ike-dh": "2048MODPgr",
|
|
"nonce": os.urandom(256),
|
|
"no_idr_in_auth": True,
|
|
}
|
|
)
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestAES_CBC_128_SHA256_128_MODP3072_ESP_AES_GCM_16(
|
|
TemplateResponder, Ikev2Params
|
|
):
|
|
|
|
"""
|
|
IKE:AES_CBC_128_SHA256_128,DH=modp3072 ESP:AES_GCM_16
|
|
"""
|
|
|
|
def config_tc(self):
|
|
self.config_params(
|
|
{
|
|
"ike-crypto": ("AES-CBC", 32),
|
|
"ike-integ": "SHA2-256-128",
|
|
"esp-crypto": ("AES-GCM-16ICV", 32),
|
|
"esp-integ": "NULL",
|
|
"ike-dh": "3072MODPgr",
|
|
}
|
|
)
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class Test_IKE_AES_GCM_16_256(TemplateResponder, Ikev2Params):
|
|
"""
|
|
IKE:AES_GCM_16_256
|
|
"""
|
|
|
|
IKE_NODE_SUFFIX = "ip6"
|
|
|
|
def config_tc(self):
|
|
self.config_params(
|
|
{
|
|
"del_sa_from_responder": True,
|
|
"ip6": True,
|
|
"natt": True,
|
|
"ike-crypto": ("AES-GCM-16ICV", 32),
|
|
"ike-integ": "NULL",
|
|
"ike-dh": "2048MODPgr",
|
|
"loc_ts": {"start_addr": "ab:cd::0", "end_addr": "ab:cd::10"},
|
|
"rem_ts": {"start_addr": "11::0", "end_addr": "11::100"},
|
|
}
|
|
)
|
|
|
|
|
|
@tag_fixme_vpp_workers
|
|
class TestInitiatorKeepaliveMsg(TestInitiatorPsk):
|
|
"""
|
|
Test for keep alive messages
|
|
"""
|
|
|
|
def send_empty_req_from_responder(self):
|
|
packet = self.create_empty_request()
|
|
self.pg0.add_stream(packet)
|
|
self.pg0.enable_capture()
|
|
self.pg_start()
|
|
capture = self.pg0.get_capture(1)
|
|
ih = self.get_ike_header(capture[0])
|
|
self.assertEqual(ih.id, self.sa.msg_id)
|
|
plain = self.sa.hmac_and_decrypt(ih)
|
|
self.assertEqual(plain, b"")
|
|
self.assert_counter(1, "keepalive", "ip4")
|
|
r = self.vapi.ikev2_sa_dump()
|
|
self.assertEqual(1, r[0].sa.stats.n_keepalives)
|
|
|
|
def test_initiator(self):
|
|
super(TestInitiatorKeepaliveMsg, self).test_initiator()
|
|
self.send_empty_req_from_responder()
|
|
|
|
|
|
class TestMalformedMessages(TemplateResponder, Ikev2Params):
|
|
"""malformed packet test"""
|
|
|
|
def tearDown(self):
|
|
pass
|
|
|
|
def config_tc(self):
|
|
self.config_params()
|
|
|
|
def create_ike_init_msg(self, length=None, payload=None):
|
|
msg = ikev2.IKEv2(
|
|
length=length,
|
|
init_SPI="\x11" * 8,
|
|
flags="Initiator",
|
|
exch_type="IKE_SA_INIT",
|
|
)
|
|
if payload is not None:
|
|
msg /= payload
|
|
return self.create_packet(self.pg0, msg, self.sa.sport, self.sa.dport)
|
|
|
|
def verify_bad_packet_length(self):
|
|
ike_msg = self.create_ike_init_msg(length=0xDEAD)
|
|
self.send_and_assert_no_replies(self.pg0, ike_msg * self.pkt_count)
|
|
self.assert_counter(self.pkt_count, "bad_length")
|
|
|
|
def verify_bad_sa_payload_length(self):
|
|
p = ikev2.IKEv2_payload_SA(length=0xDEAD)
|
|
ike_msg = self.create_ike_init_msg(payload=p)
|
|
self.send_and_assert_no_replies(self.pg0, ike_msg * self.pkt_count)
|
|
self.assert_counter(self.pkt_count, "malformed_packet")
|
|
|
|
def test_responder(self):
|
|
self.pkt_count = 254
|
|
self.verify_bad_packet_length()
|
|
self.verify_bad_sa_payload_length()
|
|
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main(testRunner=VppTestRunner)
|