summaryrefslogtreecommitdiffstats
path: root/test/patches/scapy-2.4.3
diff options
context:
space:
mode:
authorsnaramre <snaramre@cisco.com>2019-12-13 23:39:35 +0000
committerPaul Vinciguerra <pvinci@vinciconsulting.com>2019-12-14 22:14:12 +0000
commit5d4b8912d2fe186b4fb920a72b3a2f7b556f4e7d (patch)
tree4530f71a783679e3566ed501471cbad481c128d7 /test/patches/scapy-2.4.3
parentaa72578637e2a346ee845545b2e26aad83e12192 (diff)
tests: changes for scapy 2.4.3 migration
Type: fix Change-Id: I7e041b666dabd90df23a920a1f1d99db4c10ddfe Signed-off-by: snaramre <snaramre@cisco.com>
Diffstat (limited to 'test/patches/scapy-2.4.3')
-rw-r--r--test/patches/scapy-2.4.3/cdp.patch31
-rw-r--r--test/patches/scapy-2.4.3/ipsec.patch162
2 files changed, 193 insertions, 0 deletions
diff --git a/test/patches/scapy-2.4.3/cdp.patch b/test/patches/scapy-2.4.3/cdp.patch
new file mode 100644
index 00000000000..de16f5d5079
--- /dev/null
+++ b/test/patches/scapy-2.4.3/cdp.patch
@@ -0,0 +1,31 @@
+diff --git a/scapy/contrib/cdp.py b/scapy/contrib/cdp.py
+index c8b7f106..7b1ff64d 100644
+--- a/scapy/contrib/cdp.py
++++ b/scapy/contrib/cdp.py
+@@ -102,7 +102,8 @@ def _CDPGuessPayloadClass(p, **kargs):
+ class CDPMsgGeneric(Packet):
+ name = "CDP Generic Message"
+ fields_desc = [ XShortEnumField("type", None, _cdp_tlv_types),
+- FieldLenField("len", None, "val", "!H"),
++ FieldLenField("len", None, "val", "!H",
++ adjust=lambda pkt, x: x + 4),
+ StrLenField("val", "", length_from=lambda x:x.len - 4) ]
+
+
+@@ -178,5 +179,6 @@ class CDPMsgAddr(CDPMsgGeneric):
+ class CDPMsgPortID(CDPMsgGeneric):
+ name = "Port ID"
+ fields_desc = [ XShortEnumField("type", 0x0003, _cdp_tlv_types),
+- FieldLenField("len", None, "iface", "!H"),
++ FieldLenField("len", None, "iface", "!H",
++ adjust=lambda pkt, x: x + 4),
+ StrLenField("iface", "Port 1", length_from=lambda x:x.len - 4) ]
+@@ -319,7 +319,7 @@ class _CDPChecksum:
+ This padding is only used for checksum computation. The original
+ packet should not be altered."""
+ if len(pkt) % 2:
+- last_chr = pkt[-1]
++ last_chr = pkt[len(pkt)-1:]
+ if last_chr <= b'\x80':
+ return pkt[:-1] + b'\x00' + last_chr
+ else:
diff --git a/test/patches/scapy-2.4.3/ipsec.patch b/test/patches/scapy-2.4.3/ipsec.patch
new file mode 100644
index 00000000000..993604768ff
--- /dev/null
+++ b/test/patches/scapy-2.4.3/ipsec.patch
@@ -0,0 +1,162 @@
+diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py
+index f8c601fa..f566d288 100644
+--- a/scapy/layers/ipsec.py
++++ b/scapy/layers/ipsec.py
+@@ -359,11 +359,8 @@ class CryptAlgo(object):
+ encryptor = cipher.encryptor()
+
+ if self.is_aead:
+- if esn_en:
+- aad = struct.pack('!LLL', esp.spi, esn, esp.seq)
+- else:
+- aad = struct.pack('!LL', esp.spi, esp.seq)
+- encryptor.authenticate_additional_data(aad)
++ encryptor.authenticate_additional_data(sa.build_aead(esp))
++
+ data = encryptor.update(data) + encryptor.finalize()
+ data += encryptor.tag[:self.icv_size]
+ else:
+@@ -401,12 +398,7 @@ class CryptAlgo(object):
+
+ if self.is_aead:
+ # Tag value check is done during the finalize method
+- if esn_en:
+- decryptor.authenticate_additional_data(
+- struct.pack('!LLL', esp.spi, esn, esp.seq))
+- else:
+- decryptor.authenticate_additional_data(
+- struct.pack('!LL', esp.spi, esp.seq))
++ decryptor.authenticate_additional_data(sa.build_aead(esp))
+ try:
+ data = decryptor.update(data) + decryptor.finalize()
+ except InvalidTag as err:
+@@ -545,7 +537,7 @@ class AuthAlgo(object):
+ else:
+ return self.mac(key, self.digestmod(), default_backend())
+
+- def sign(self, pkt, key):
++ def sign(self, pkt, key, trailer=None):
+ """
+ Sign an IPsec (ESP or AH) packet with this algo.
+
+@@ -561,16 +553,20 @@ class AuthAlgo(object):
+
+ if pkt.haslayer(ESP):
+ mac.update(raw(pkt[ESP]))
++ if trailer:
++ mac.update(trailer)
+ pkt[ESP].data += mac.finalize()[:self.icv_size]
+
+ elif pkt.haslayer(AH):
+ clone = zero_mutable_fields(pkt.copy(), sending=True)
+ mac.update(raw(clone))
++ if trailer:
++ mac.update(trailer)
+ pkt[AH].icv = mac.finalize()[:self.icv_size]
+
+ return pkt
+
+- def verify(self, pkt, key):
++ def verify(self, pkt, key, trailer):
+ """
+ Check that the integrity check value (icv) of a packet is valid.
+
+@@ -602,6 +598,8 @@ class AuthAlgo(object):
+ clone = zero_mutable_fields(pkt.copy(), sending=False)
+
+ mac.update(raw(clone))
++ if trailer:
++ mac.update(trailer) # bytearray(4)) #raw(trailer))
+ computed_icv = mac.finalize()[:self.icv_size]
+
+ # XXX: Cannot use mac.verify because the ICV can be truncated
+@@ -864,6 +862,23 @@ class SecurityAssociation(object):
+ raise TypeError('nat_t_header must be %s' % UDP.name)
+ self.nat_t_header = nat_t_header
+
++ def build_aead(self, esp):
++ if self.esn_en:
++ return (struct.pack('!LLL', esp.spi, self.seq_num >> 32, esp.seq))
++ else:
++ return (struct.pack('!LL', esp.spi, esp.seq))
++
++ def build_seq_num(self, num):
++ # only lower order bits are transmitted
++ # higher order bits are used in the ICV
++ lower = num & 0xffffffff
++ upper = num >> 32
++
++ if self.esn_en:
++ return lower, struct.pack("!I", upper)
++ else:
++ return lower, None
++
+ def check_spi(self, pkt):
+ if pkt.spi != self.spi:
+ raise TypeError('packet spi=0x%x does not match the SA spi=0x%x' %
+@@ -877,7 +892,8 @@ class SecurityAssociation(object):
+ if len(iv) != self.crypt_algo.iv_size:
+ raise TypeError('iv length must be %s' % self.crypt_algo.iv_size) # noqa: E501
+
+- esp = _ESPPlain(spi=self.spi, seq=seq_num or self.seq_num, iv=iv)
++ low_seq_num, high_seq_num = self.build_seq_num(seq_num or self.seq_num)
++ esp = _ESPPlain(spi=self.spi, seq=low_seq_num, iv=iv)
+
+ if self.tunnel_header:
+ tunnel = self.tunnel_header.copy()
+@@ -901,7 +917,7 @@ class SecurityAssociation(object):
+ esn_en=esn_en or self.esn_en,
+ esn=esn or self.esn)
+
+- self.auth_algo.sign(esp, self.auth_key)
++ self.auth_algo.sign(esp, self.auth_key, high_seq_num)
+
+ if self.nat_t_header:
+ nat_t_header = self.nat_t_header.copy()
+@@ -928,7 +944,8 @@ class SecurityAssociation(object):
+
+ def _encrypt_ah(self, pkt, seq_num=None):
+
+- ah = AH(spi=self.spi, seq=seq_num or self.seq_num,
++ low_seq_num, high_seq_num = self.build_seq_num(seq_num or self.seq_num)
++ ah = AH(spi=self.spi, seq=low_seq_num,
+ icv=b"\x00" * self.auth_algo.icv_size)
+
+ if self.tunnel_header:
+@@ -968,7 +985,8 @@ class SecurityAssociation(object):
+ else:
+ ip_header.plen = len(ip_header.payload) + len(ah) + len(payload)
+
+- signed_pkt = self.auth_algo.sign(ip_header / ah / payload, self.auth_key) # noqa: E501
++ signed_pkt = self.auth_algo.sign(ip_header / ah / payload,
++ self.auth_key, high_seq_num) # noqa: E501
+
+ # sequence number must always change, unless specified by the user
+ if seq_num is None:
+@@ -1005,11 +1023,12 @@ class SecurityAssociation(object):
+
+ def _decrypt_esp(self, pkt, verify=True, esn_en=None, esn=None):
+
++ low_seq_num, high_seq_num = self.build_seq_num(self.seq_num)
+ encrypted = pkt[ESP]
+
+ if verify:
+ self.check_spi(pkt)
+- self.auth_algo.verify(encrypted, self.auth_key)
++ self.auth_algo.verify(encrypted, self.auth_key, high_seq_num)
+
+ esp = self.crypt_algo.decrypt(self, encrypted, self.crypt_key,
+ self.crypt_algo.icv_size or
+@@ -1050,9 +1069,10 @@ class SecurityAssociation(object):
+
+ def _decrypt_ah(self, pkt, verify=True):
+
++ low_seq_num, high_seq_num = self.build_seq_num(self.seq_num)
+ if verify:
+ self.check_spi(pkt)
+- self.auth_algo.verify(pkt, self.auth_key)
++ self.auth_algo.verify(pkt, self.auth_key, high_seq_num)
+
+ ah = pkt[AH]
+ payload = ah.payload
+