Ticket #26: scapysec.2.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


  
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />



  
  
  <title>Document sans nom</title>
  <style type="text/css">
<!--
.Style1 {color: #FF0000}
.Style2 {font-family: Arial, Helvetica, sans-serif}
.Style3 {
        color: #000000;
        font-weight: bold;
}
.Style4 {font-family: Arial, Helvetica, sans-serif; font-style: italic; }
.Style5 {font-family: "Courier New", Courier, monospace}
.Style6 {color: #0080FF}
.Style7 {font-family: Arial, Helvetica, sans-serif; color: #0080FF; }
.Style8 {font-family: Arial, Helvetica, sans-serif; color: #0080FF; font-weight: bold; }
-->
  </style>
</head>


<body>



<p class="Style2"><span class="Style3">README : Scapysec v1.0 (IPsec
for Scapy)</span><br />


  </p>

<hr style="width: 100%; height: 2px;" />
<p class="Style4"><font size="-1"> Author: Frederic ROUDAUT <br />


  (frederic.roudaut@free.fr)</font></p>


<p class="Style4"><font size="-1"> Date : 2006</font></p>


<hr style="width: 100%; height: 2px;" />
<p class="Style2">&nbsp;</p>


<p class="Style8"><small><a href="#chap1">1 - INTRODUCTION : Scapy &amp; Scapysec</a><br />


  <a href="#chap2">2 - OVERVIEW</a><br />


  <a href="#chap3">3 - NEEDS AND INSTALLATION</a><br />


  <a href="#chap4">4 - THE ESP CLASS</a><br />


  <a href="#chap5">5 - SECURITY ASSOCIATIONS DATABASE (SAD)</a><br />


  <a href="#chap5_1">5.1 - PACKET MATCHING WITH SA</a><br />


  <a href="#chap5_2">5.2 - ENCRYPTION ALGORITHMS</a><br />


  <a href="#chap5_3">5.3 - AUTHENTICATION ALGORITHM</a><br />


  <a href="#chap5_4">5.4 - SETTING THE SAD</a><br />


  <a href="#chap5_4_1">5.4.1 - ADDING A SA</a><br />


  <a href="#chap5_4_2">5.4.2 - DELETING A SA</a><br />


  <a href="#chap5_4_3">5.4.3 - CLEARING THE DATABASE</a><br />


  <a href="#chap6">6 - ENCRYPTION ON THE FLIGHT : IPsec Class</a><br />


  <a href="#chap7">7 - WHAT'S MORE</a><br />


  <a href="#chap8">8 - UPDATE</a><br />


  <a href="#chap9">9 - POSSIBLE EXTENSIONS</a><br />


  <a href="#chap10">10 - CREDITS AND LICENCE</a><br />


  <a href="#chap11">11 - BUGS</a></small></p>


<p class="Style8"><small><a href="#chapA">ANNEX A - IPSEC ALGORITHMS AND KEYS</a><br />


  <a href="#chapA.1">A.1 - ESP ALGORITHMS</a><br />


  <a href="#chapA.1.1">A.1.1 - REQUIREMENTS</a><br />


  <a href="#chapA.1.2">A.1.2 : TripleDES-CBC [RFC2451]</a><br />


  <a href="#chapA.1.3">A.1.3 : AES-CBC with 128-bit keys [RFC3602]</a><br />


  <a href="#chapA.1.4">A.1.4 : AES-CTR [RFC3686]</a><br />


  <a href="#chapA.1.5">A.1.5 : DES-CBC [RFC2405]</a><br />


  <a href="#chapA.1.6">A.1.6 : BLOWFISH-CBC [RFC2451]</a><br />


  <a href="#chapA.1.7">A.1.7 : HMAC-MD5-96 [RFC2403]</a><br />


  <a href="#chapA.1.8">A.1.8 : HMAC-SHA1-96 [RFC2404]</a><br />


  <a href="#chapA.1.9">A.1.9 : HMAC-SHA256</a></small></p>


<p class="Style7">&nbsp;</p>


<span style="font-family: Arial,Helvetica,sans-serif;"></span>
<hr style="width: 100%; height: 2px;" /><span style="font-family: Arial,Helvetica,sans-serif;"></span>
<h2 class="Style2"><small><span class="Style6">1 - INTRODUCTION : Scapy &amp; Scapysec</span><a name="chap1" id="chap1"></a></small><br />


</h2>


<p class="Style2"><small>"Scapy (<a href="http://www.secdev.org/projects/scapy/">http://www.secdev.org/projects/scapy/</a>)
is a powerful interactive packet manipulation program. It is able to
forge or decode packets of a wide number of protocols, send them on the
wire, capture them, match requests and replies, and much more. It can
easily handle most classical tasks like scanning, tracerouting,
probing, unit tests, attacks or network discovery (it can replace
hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f,
etc.). It also performs very well at a lot of other specific tasks that
most other tools can't handle, like sending invalid frames, injecting
your own 802.11 frames, combining technics (VLAN hopping+ARP cache
poisoning, VOIP decoding on WEP encrypted channel, ...), etc"</small></p>



<p><small> Scapy6 (<a href="http://namabiiru.hongo.wide.ad.jp/scapy6/">http://namabiiru.hongo.wide.ad.jp/scapy6/</a>)
is an extension to handle IPv6 Packets.    
</small></p>



<p class="Style2"><small>Scapysec aims is to extend Scapy to handle
IPsec packets with IPv4 or IPv6. Ie to encode/decode IPsec packets,
generate any valid/invalid IPsec Packet using different encryption and
authentication algorithms. <br />

On this basis, some more complex applications could be build up.&nbsp;</small></p>

<p class="Style2"><small>Currently, Scapysec supports ESP with :</small></p>


<p class="Style2"><small><strong>&nbsp;&nbsp;&nbsp; Encryption Algorithm</strong> (Key Lengths in bits) &lt;block length in bytes&gt;<br />


  </small></p>

<ul>

  
  <ul>

    <li><small><small><big><strong>NULL</strong> : (Any)</big><strong></strong></small></small></li>

    <li><small><strong>TripleDES-CBC</strong> [RFC2451] : (192) &lt;8&gt;<strong></strong></small></li>

    <li><small><strong>AES-CBC</strong> [RFC3602] : (128/192/256) &lt;16&gt;<strong></strong></small></li>

    <li><small><strong>AES-CTR </strong>[RFC3686] : (160/224/288) The remaining 32 bits will be used as nonce. &lt;16&gt;<strong></strong></small></li>

    <li><small><strong>DES-CBC</strong> [RFC2405] : (64) &lt;8&gt;<strong></strong></small></li>

    <li><small><strong>BLOWFISH-CBC</strong> : (128) &lt;8&gt;<small><strong></strong></small></small></li>

    <li><small><strong>CAST-CBC</strong> : (Any) &lt;8&gt;</small></li>

  
  </ul>

</ul>


<p class="Style2"><small><strong>&nbsp;&nbsp;&nbsp; Authentication Algorithm</strong> (Key Lengths in bits)<br />


  </small></p>

<ul>

  
  <ul>

    <li><small><small><big><strong>NULL</strong></big><strong><span style="font-family: Arial,Helvetica,sans-serif;"></span></strong></small></small></li>

    <li><small><strong><span style="font-family: Arial,Helvetica,sans-serif;"></span>HMAC-SHA1-96</strong> [RFC2404] : (Any)<strong><span style="font-family: Arial,Helvetica,sans-serif;"></span></strong></small></li>

    <li><small><strong><span style="font-family: Arial,Helvetica,sans-serif;"></span>HMAC-MD5-96</strong> [RFC2403] : (Any)<small><strong><span style="font-family: Arial,Helvetica,sans-serif;"></span></strong></small></small></li>

    <li><small><small><strong><span style="font-family: Arial,Helvetica,sans-serif;"></span><big>HMAC-SHA256</big></strong><big> : (Any)</big></small></small></li>

  
  </ul>

</ul>


<p>&nbsp;</p>

<hr style="width: 100%; height: 2px;" />
<h2 class="Style2"><small><span class="Style6">2 - OVERVIEW</span><a name="chap2" id="chap2"></a><br />


</small></h2>


<p class="Style2"><small>The example will be explained later but shows how it is simple to generate encrypted IPsec packets. </small></p>


<p><small><span class="Style1">&gt;&gt;&gt;</span> q = IP(dst="192.168.0.6")/ESP(spi=5)/TCP()<br />


  <span class="Style1">&gt;&gt;&gt;</span> q.show2()</small></p>


<p><small>== IPv4 IPsec SA Used for: &lt;Src: 192.168.0.2&gt; &lt;Dst: 192.168.0.6&gt; &lt;Spi: 5&gt; ==<br />


  &lt;Src: *&gt; &lt;Dst: 192.168.0.6&gt; &lt;Spi: *&gt;<br />


  Crypt Algo: AES-CTR<br />


  Crypt Key: 00001234abc12ffffbc1<br />


  Auth Algo: HMAC-MD5<br />


  Auth Key: 5632abc1azefvc</small></p>


<p><small><span class="Style1">###[ IP ]###</span><br />


  version= 4L<br />


  ihl= 5L<br />


  tos= 0x0<br />


  len= 80<br />


  id= 1<br />


  flags=<br />


  frag= 0L<br />


  ttl= 64<br />


  proto= IPv6-Crypt<br />


  chksum= 0xf922<br />


  src= 192.168.0.2<br />


  dst= 192.168.0.6<br />


  options= ''<br />


  <span class="Style1">###[ ESP ]###</span><br />


  spi= 0x5L<br />


  seq= 0L<br />


  data= 0<br />


  iv= '\xc7\xaem\xba&lt;\x08i\x93'<br />


  pad= 'XyYkQx8RDl'<br />


  padlen= 10<br />


  nh= TCP<br />


  authentication= '\n\xf8[\x1a\xe0\xaf\xc1\xab4f\x0f\xda'<br />


  <span class="Style1">###[ TCP ]###</span><br />


  sport= ftp-data<br />


  dport= http<br />


  seq= 0L<br />


  ack= 0L<br />


  dataofs= 5L<br />


  reserved= 0L<br />


  flags= S<br />


  window= 8192<br />


  chksum= 0xe26<br />


  urgptr= 0<br />


  options= {}<br />


  <span class="Style1">&gt;&gt;&gt;</span> q.show2()</small></p>


<p><small><span class="Style2">In this example we have several things. Indeed the packet matchs what we will call a Security Association:</span><br />


  &lt;Src: *&gt; &lt;Dst: 192.168.0.6&gt; &lt;Spi: *&gt;<br />


  <span class="Style2">Then the packet is created. All the fields are
filled, the packet is encrypted and the authentication is computed and
appended according to the Algorithm specified in the Security
Association</span></small></p>


<p class="Style2"><small>When q.show2() is called, the reverse is done.
The security Association matching the packet is found and the packet is
decrypted before the printing as it has been sent by another host on the network.</small></p>


<p><small>&nbsp;</small></p>

<hr style="width: 100%; height: 2px;" />
<h2 class="Style2"><small><span class="Style6">3 - NEEDS AND INSTALLATION</span><a name="chap3" id="chap3"></a><br />


</small></h2>


<p class="Style2"><small>Scapysec uses the Python language 2.3 or
upcomming versions. There is no paticular need. You just need to have
scapy.py and scapy6.py if you want to be able to generate IPsec packets
with IPv6. You also need pycrypto since all the encryption/decryption
is done using this library.</small></p>


<p><small><span class="Style2">just do : </span>python ./scapysec.py</small></p>


<p class="Style2"><small>Oups, you also need a few adaptions to Scapy. <br />


  Normaly it should be included with this file. If not you may
  download it to :<br />

<a href="http://roudaut.frederic.free.fr/data/scapysec/scapy.py">http://roudaut.frederic.free.fr/data/scapysec/scapy.py</a>.
 </small></p>


<p class="Style2"><small>
  Scapy6 may be downloaded to <a href="http://namabiiru.hongo.wide.ad.jp/scapy6/"> http://namabiiru.hongo.wide.ad.jp/scapy6/  </a>.
 </small></p>



 
  
<p><small>&nbsp;</small></p>

<hr style="width: 100%; height: 2px;" />
<h2 class="Style2"><small><span class="Style6">4 - The ESP CLASS</span><a name="chap4" id="chap4"></a><br />


</small></h2>


<p class="Style2"><small>The different fields of the ESP layer may be seen using ls()<br />


  If you do not know about Scapy, this command gives the field name, the type, the value and the default value for this field</small></p>


<p><small><span class="Style1">&gt;&gt;&gt;</span> ls(ESP())<br />


  spi        : XIntField            = 0               (0)<br />


  seq        : IntField             = 0               (0)<br />


  data       : StrField             = None            (None)<br />


  iv         : StrField             = None            (None)<br />


  pad        : StrField             = None            (None)<br />


  padlen     : ByteField            = None            (None)<br />


  nh         : ByteEnumField        = None            (None)<br />


  authentication : StrField             = None            (None)<br />


</small></p>


<p><small>The fields are the following : <br />


  - spi : Security Parameters Index<br />


  - seq : Sequence Number<br />


  - data : data field is used to give directly encrypted data for iv + pad + padlen + nh<br />


  - iv : Initialization Vector. Computed if not set. The size is<br />


  precised by the Encryption Algorithm<br />


  - pad : Filled if not set and depending from the Encryption Algorithm<br />


  - padlen : Pad length. Computed if not set<br />


  - nh : Next Header. Set if not set<br />


  - authentication : Computed if available<br />


</small></p>


<p class="Style2"><small>pad, padlen and iv lengths are depending from
the Encryption Algorithms. As you may create packets that will fail
with Encryption, they will be corrected if inadequate.</small></p>


<p class="Style2"><small>The data field will be used to directly give encrypted data for iv + pad + padlen + nh</small></p>


<p class="Style2"><small>As you may see, you now have to find a way to indicate:<br />

</small></p>

<ul>

  <li><small>
  the Encryption Algorithm</small><span style="font-family: Arial,Helvetica,sans-serif;"></span></li>

  <li><span style="font-family: Arial,Helvetica,sans-serif;"></span><font size="-1">the Encryption Key<span style="font-family: Arial,Helvetica,sans-serif;"></span></font></li>

  <li><font size="-1"><span style="font-family: Arial,Helvetica,sans-serif;"></span>the Authentication Algorithm<span style="font-family: Arial,Helvetica,sans-serif;"></span></font></li>

  <li><small><font size="-1"><span style="font-family: Arial,Helvetica,sans-serif;"></span></font>the Authentication Key</small></li>

</ul>


<p class="Style2"><small>These elements will be indicated in the Security Associations Database</small></p>


<p class="Style2"><small>&nbsp;</small></p>

<hr style="width: 100%; height: 2px;" />
<h2 class="Style2"><small><span class="Style6">5 - SECURITY ASSOCIATIONS DATABASE (SAD)</span><a name="chap5" id="chap5"></a><br />


</small></h2>


<p class="Style2"><small>Here is an example of the SAD<br />


</small></p>


<p><small>ipsec_sad_example = {'IPV4' :
[['192.168.0.2','192.168.0.1','5','ESP','BLOWFISH-CBC','azdregrnytnytftg','HMAC-SHA1','ecuheznbevnbevabgj'],\<br />


  ['192.168.*.2','192.168.0.5','5','ESP','DES-CBC','5632abc1','HMAC-SHA1','5632abc1azefvc'],\<br />


  ['192.168.0.2','192.168.0.3','0x0**0**05','ESP','AES-CBC','1234abc12ffffbc1','HMAC-SHA1','5632abc1azefvc'],\<br />


  ['192.168.0.2','192.168.0.7','*','ESP','AES-CBC','1234abc12ffffbc1','HMAC-SHA256','5llll632abc1azefvc'],\<br />


  ['*','192.168.0.6','*','ESP','AES-CTR','1234abc12ffffbc1','HMAC-MD5','5632abc1azefvc'],\<br />


  ['192.168.*.2','192.168.0.8','*','ESP','DES-CBC','5632abcuyfyuf1','HMAC-SHA1','5632abc1azefvc'],\<br />


  ['192.168.*.2','192.168.0.12','*','ESP','DES-CBC','5632abcuyfyuf1','HMAC-MD5','5632abc1azefvc'],\<br />


  ['192.168.0.2','192.*.0.4','*','ESP','NULL','','NULL','']],\<br />


  'IPV6' : [['*','fe80::240:96ff:fea7:c5d1','5','ESP','DES-CBC','5632abc1','HMAC-SHA1','5632abc1azefvc'],\<br />


  ['*','3ffe::3','0x0**0**05','ESP','AES-CBC','1234abc12ffffbc1','HMAC-SHA1','5632abc1azefvc'],\<br />


  ['','3f*e::4','*','ESP','AES-CBC','1234abc12ffffbc1','HMAC-SHA256','5llll632abc1azefvc']]}<br />


</small></p>


<p class="Style2"><small>The SAD is a dictionnary {'IPV4':[],'IPV6':[]}<br />


  One entry is for IPv4, the other one is for IPv6. <br />


  Each one contains a list of Security Associations (SAs).<br />


  The SA described hereafter gives:<br />

</small></p>

<ul>

  <li><small>
  the source address filter: '192.168.0.2'<span style="font-family: Arial,Helvetica,sans-serif;"></span></small></li>

  <li><small><span style="font-family: Arial,Helvetica,sans-serif;"></span>the destination address filter: '192.168.0.1'<span style="font-family: Arial,Helvetica,sans-serif;"></span></small></li>

  <li><small><span style="font-family: Arial,Helvetica,sans-serif;"></span>the SPI filter: '5'<span style="font-family: Arial,Helvetica,sans-serif;"></span></small></li>

  <li><small><span style="font-family: Arial,Helvetica,sans-serif;"></span>the protocol: 'AH' or 'ESP' :&nbsp;<span style="font-family: Arial,Helvetica,sans-serif;"></span></small></li>

  <li><small><span style="font-family: Arial,Helvetica,sans-serif;"></span>the Encryption Algorithm : 'BLOWFISH-CBC'<span style="font-family: Arial,Helvetica,sans-serif;"></span></small></li>

  <li><small><span style="font-family: Arial,Helvetica,sans-serif;"></span>the Encryption Key : 'azdregrnytnytftg'<span style="font-family: Arial,Helvetica,sans-serif;"></span></small></li>

  <li><small><span style="font-family: Arial,Helvetica,sans-serif;"></span>the Authentication Algorithm : 'HMAC-SHA1'</small><small><span style="font-family: Arial,Helvetica,sans-serif;"></span></small></li>

  <li><small><span style="font-family: Arial,Helvetica,sans-serif;"></span>the Authentication Key : 'ecuheznbevnbevabgj'</small></li>

</ul>


<p><small>['192.168.0.2','192.168.0.1','5','ESP','BLOWFISH-CBC','azdregrnytnytftg','HMAC-SHA1','ecuheznbevnbevabgj']<br />


</small></p>


<p class="Style2"><small>When an IPsec Packet is sent or received, the
corresponding SAD entry (IPv4 or IPv6) is checked. If the packet is
catched by one security association, it will be encrypted or decrypted
using the associated algorithms and keys. </small></p>


<p><small>&nbsp;</small></p>

<hr style="width: 100%; height: 2px;" />
<h2 class="Style2"><small><span class="Style6">5.1 - PACKET MATCHING WITH SA</span><a name="chap5_1" id="chap5_1"></a><br />


</small></h2>


<p class="Style2"><small>An IPsec packet is catched by a security
association if its source, destination address and SPI match a
corresponding entry in the SAD. The matching uses the wildcard '*'.</small></p>


<p><small><span class="Style2">Address are string. It may be IPv4 (</span>'192.168.0.2'<span class="Style2">) or any IPv6 address</span><span style="font-family: Arial,Helvetica,sans-serif;"> </span>('3FFE::1'<span class="Style2"> or </span>'fe80::240:96ff:fea7:c5d0'<span class="Style2">) </span><span class="Style2">You may use</span> '*'<span class="Style2"> to indicate any address or</span> '*' <span class="Style2">in the address string.<br />


  For IPv4, we then may have </span>'192.168.*.2'<span class="Style2">. Each</span> '*' <span class="Style2">means 1 byte. <br />


  For IPv6, each</span> '*' <span class="Style2">means 4 bits. (</span>'3FF*::1', 'fe80::240:96ff:fea7:c5d0'<span class="Style2">)</span></small></p>


<p><small><span class="Style2">The SPI is a string but it may represent an integer value (</span>'8') <span class="Style2">or an hexadecimal value (</span>'0x23'<span class="Style2">).</span> <br />


  <span class="Style2">You also may use</span> '*'<span class="Style2"> to indicate any SPI or even</span> '*' <span class="Style2">in the hexadecimal SPI string as</span> '0x34*6'.<span class="Style2"> In this case we do not mind about the hexadecimal value between the</span> '4' <span class="Style2">and the </span>'6'.</small></p>

<p><small> </small></p>


<hr style="width: 100%; height: 2px;" />
<h2 class="Style2"><small><span class="Style6">5.2 - ENCRYPTION ALGORITHMS</span><a name="chap5_2" id="chap5_2"></a><br />


</small></h2>


<p class="Style2"><small>The Encryption Algorithms available are the following:<br />


  Between () we give the key length available in bits.<br />


  Between &lt;&gt; we indicate the block size in bytes</small></p>


<ul>

  <li><small>NULL               : (Any)</small></li>

  <li><small>3DES-CBC [RFC2451] : (192) &lt;8&gt;</small></li>

  <li><small>AES-CBC            : (128/192/256) &lt;16&gt;</small></li>

  <li><small>AES-CTR            : (160/224/288) The remaining 32 bits will be used as nonce. &lt;16&gt;</small></li>

  <li><small>DES-CBC [RFC2405]  : (64) &lt;8&gt;</small></li>

  <li><small>BLOWFISH-CBC       : (128) &lt;8&gt;</small></li>

  <li><small>CAST-CBC           : (Any) &lt;8&gt;<br />


    </small></li>

</ul>


<p class="Style2"><small>A key with an incorrect length will not be used. Instead it may be truncated or enhanced.</small></p>

<br />

<hr style="width: 100%; height: 2px;" />
<h2 class="Style2"><small><span class="Style6">5.3 - AUTHENTICATION ALGORITHM</span><a name="chap5_3" id="chap5_3"></a><br />


</small></h2>


<p class="Style2"><small>The Authentication Algorithms available are the following:<br />


  Between () we give the key length available.</small></p>


<ul>

  <li><small>NULL                   : (Any)</small></li>

  <li><small>HMAC-SHA1-96 [RFC2404] : (Any)</small></li>

  <li><small>HMAC-MD5-96 [RFC2403]  : (Any)</small></li>

  <li><small>HMAC-SHA256            : (Any)<br />


    </small></li>

</ul>


<p class="Style2"><small>A key with an incorrect length will not be used. Instead it may be truncated or enhanced.</small></p>


<p><small>&nbsp;</small></p>


<hr style="width: 100%; height: 2px;" />
<h2 class="Style2"><small><span class="Style6">5.4 - SETTING THE SAD</span><a name="chap5_4" id="chap5_4"></a><br />


</small></h2>


<p><small><span class="Style2">The conf Instance has been enhanced with a setkey variable that uses the</span> _IPSEC_SAD <span class="Style2">Python Class.</span></small></p>


<p class="Style2"><small>Then if you do conf.setkey you get the current SAD</small></p>


<p><small><span class="Style1">&gt;&gt;&gt;</span> conf.setkey<br />


  == IPv4 Security Associations ==<br />


  &lt;Src : 192.168.0.2&gt;   &lt;Dst : 192.168.0.1&gt;   &lt;SPI : 5&gt;<br />


  Mode ESP<br />


  Crypt Algo : BLOWFISH-CBC   Crypt Key : azdregrnytnytftg<br />


  Auth Algo  : HMAC-SHA1   Auth Key : ecuheznbevnbevabgj</small></p>


<p><small&