hzdZddlZddlmZmZmZmZmZmZddl m Z m Z m Z m Z mZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZddlm Z m!Z!ddl"m#Z#m$Z$ddl%m&Z&ddl'm(Z(dd l)m*Z*dd l+m,Z,dd l-m.Z.d id ddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7fd8d9d:d;dd?d@dAdB fdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRfdSid dTddUddVd#dWd%dXd'dYdZd[d)d\d+d]d-d^d_d`dadbdcdddedfdgdhdidjdkdldmdndodpdqdrdsdtfdudvdwdxfdyZ/dze/0DZ1d{e/0DZ2d|d}d~dZ3ddddddddddd Z4id dddddddddddd#ddZddedddddddddddddddddidddddddddddddddddddddddddddddd“ddēddƓiddȓddʓdd̓ddΓddГddғddԓdd֓ddؓddړddܓddޓddddddddddiddddddddddddddddddddddddddddddddd d d d d ddddddddddddZ5ddddZ6dddd d!d"d#d$d%d&d'd(d) Z7d*d+d,d-Z8d.d/d0d1d2Z9id d3dd4dd5dd6dd7dd8dd9d:d;dd<d!d=d#d>d%d?d'd@dZdAd)dBd+dCd-dDdEdFdGdHdIdJdKZ:iddLd dMddNddOddPddQddRddSddTddUd:dVddWddXd!dYd#dZd%d[d'd\idZd]d)d^d+d_d-d`d_dadadbdcdcdedddgdedidfdkdgdhdidjdkdldmdndodpdqdrdsiddtdduddvddwddxddyddzdd{dd|dd}dd~ddddddddddddiddddddddddddddddddddddddddddddddddiddddddddddddddddddddddddddÓdĐdœdƐdǓdȐdɓdʐd˓id̐d͓dΐdϓdАdѓdҐdӓdԐdՓd֐dדdؐdٓdڐdۓdܐdݓdސdߓddddddddddddddidddddddddddddddddddddddddddd d d d d ddiddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9Z;idd:dd;dd<drd=dd>dd?dd@ddAddBddCddDddEddFddGddHddIddJdKdLdMdNdOdPdQdRdSZ<dTdUdVdWdXdYdZZ=Gd[d\eZ>Gd]d^e>Z?Gd_d`eZ@Gdadbe>ZAGdcddeAZBGdedfeAZCGdgdheAZDGdidjeAZEGdkdleZFGdmdneFZGGdodpeFZHGdqdreFZIGdsdteFZJGdudveAZKGdwdxeAZLGdydzeAZMGd{d|eAZNGd}d~eAZOGddeAZPGddeAZQGddeAZRGddeAZSGddeAZTGddeZUGddeAZVGddeAZWGddeAZXGddeAZYGddeAZZGddeAZ[GddeAZ\GddeAZ]GddeAZ^GddeAZ_ee>eCdee>eBdee>eNdree>eQdee>eRdee>eSdee>eYdee>eXdee>eDdee>eOdee>ePdee>eMdee>eEdee>eKdee>eLdee>eTdee>eVdee>eZdee>e[dee>e\dee>e]dee>e^dee>eWdee>e_dee$e(dee$e(dee$e?dee$e?dee$e?ddee&e(ee&e?dZ`dS(z< Internet Key Exchange Protocol Version 2 (IKEv2), RFC 7296 N)PacketRawbind_bottom_up bind_layers bind_top_downsplit_bottom_up) ByteEnumField ByteFieldConditionalField FieldLenFieldFieldListField FlagsFieldIP6FieldIPFieldIntFieldMultiEnumFieldMultipleTypeField PacketFieldPacketLenFieldPacketListFieldShortEnumField ShortField StrLenField X3BytesField XByteFieldXStrFixedLenField XStrLenField) X509_CertX509_CRL)IPUDP)NON_ESP)ISAKMP)sr)conf) RandString EncryptionzDES-IV64DES3DESRC5IDEACASTBlowfish3IDEA zDES-IV32 zAES-CBC zAES-CTRz AES-CCM-8z AES-CCM-12z AES-CCM-16z AES-GCM-8ICVz AES-GCM-12ICVz AES-GCM-16ICVz Camellia-CBCz Camellia-CTRzCamellia-CCM-8ICVzCamellia-CCM-12ICVzCamellia-CCM-16ICVzChaCha20-Poly1305zKuzneychik-MGM-KTREEzMAGMA-MGM-KTREE) !PRF PRF_HMAC_MD5 PRF_HMAC_SHA1PRF_HMAC_TIGERPRF_AES128_XCBCPRF_HMAC_SHA2_256PRF_HMAC_SHA2_384PRF_HMAC_SHA2_512PRF_AES128_CMACPRF_HMAC_STREEBOG_512) r(r)r+r-r/r1r3r5r7 Integrityz HMAC-MD5-96z HMAC-SHA1-96zDES-MACzKPDK-MD5z AES-XCBC-96z HMAC-MD5-128z HMAC-SHA1-160z AES-CMAC-96z AES-128-GMACz AES-192-GMACz AES-256-GMACz SHA2-256-128z SHA2-384-192z SHA2-512-256)r(r)r+r-r/r1r3r5r7 r8r9r: GroupDesc 768MODPgr 1024MODPgr 1536MODPgr 2048MODPgr 3072MODPgr 4096MODPgr 6144MODPgr 8192MODPgr 256randECPgr 384randECPgr 521randECPgr1024MODP160POSgrr@2048MODP224POSgrrA2048MODP256POSgrrB 192randECPgrrC 224randECPgrrDbrainpoolP224r1grbrainpoolP256r1grbrainpoolP384r1grbrainpoolP512r1gr curve25519gr curve448grGOST3410_2012_256GOST3410_2012_512)rErFrG"zExtended Sequence NumberzNo ESNESN)rr()r(r)r+r-r/c i|] \}\}}|| Srw).0tf_nametf_num_s W/mounts/lovelace/software/anaconda3/lib/python3.11/site-packages/scapy/contrib/ikev2.py r}s/,&!FGc i|] \}\}}|| Srwrw)rxrzr{tf_dicts r|r}r}s/, GFGr~IKEAHESP)r(r)r+ReservedzRSA Digital Signaturez!Shared Key Message Integrity CodezDSS Digital Signaturez%ECDSA with SHA-256 on the P-256 curvez%ECDSA with SHA-384 on the P-384 curvez%ECDSA with SHA-512 on the P-521 curvez-Generic Secure Password Authentication MethodzNULL AuthenticationzDigital Signature) rr(r)r+r7rSrTr8r9r:UNSUPPORTED_CRITICAL_PAYLOADINVALID_IKE_SPIINVALID_MAJOR_VERSIONINVALID_SYNTAXINVALID_MESSAGE_IDrT INVALID_SPINO_PROPOSAL_CHOSENINVALID_KE_PAYLOADAUTHENTICATION_FAILEDrtSINGLE_PAIR_REQUIRED#NO_ADDITIONAL_SAS$INTERNAL_ADDRESS_FAILURE%FAILED_CP_REQUIRED&TS_UNACCEPTABLE'INVALID_SELECTORS(UNACCEPTABLE_ADDRESSES)UNEXPECTED_NAT_DETECTED*USE_ASSIGNED_HoA+TEMPORARY_FAILURE,CHILD_SA_NOT_FOUND-INVALID_GROUP_ID.AUTHORIZATION_FAILED/NOTIFY_STATE_NOT_FOUNDi@INITIAL_CONTACTi@SET_WINDOW_SIZEi@ADDITIONAL_TS_POSSIBLEi@IPCOMP_SUPPORTEDi@NAT_DETECTION_SOURCE_IPi@NAT_DETECTION_DESTINATION_IPi@COOKIEi@USE_TRANSPORT_MODEi@HTTP_CERT_LOOKUP_SUPPORTEDi @REKEY_SAi @ESP_TFC_PADDING_NOT_SUPPORTEDi @NON_FIRST_FRAGMENTS_ALSOi @MOBIKE_SUPPORTEDi @ADDITIONAL_IP4_ADDRESSi@ADDITIONAL_IP6_ADDRESSi@NO_ADDITIONAL_ADDRESSESi@UPDATE_SA_ADDRESSESi@COOKIE2i@NO_NATS_ALLOWEDi@ AUTH_LIFETIMEi@MULTIPLE_AUTH_SUPPORTEDi@ANOTHER_AUTH_FOLLOWSi@REDIRECT_SUPPORTED@REDIRECT@REDIRECTED_FROMi@TICKET_LT_OPAQUEi@TICKET_REQUESTi@ TICKET_ACKi@ TICKET_NACKi@ TICKET_OPAQUEi@LINK_IDi@ USE_WESP_MODEi @ROHC_SUPPORTEDi!@EAP_ONLY_AUTHENTICATIONi"@CHILDLESS_IKEV2_SUPPORTEDi#@QUICK_CRASH_DETECTIONi$@IKEV2_MESSAGE_ID_SYNC_SUPPORTEDi%@#IPSEC_REPLAY_COUNTER_SYNC_SUPPORTEDi&@IKEV2_MESSAGE_ID_SYNCi'@IPSEC_REPLAY_COUNTER_SYNCi(@SECURE_PASSWORD_METHODSi)@ PSK_PERSISTi*@ PSK_CONFIRMi+@ ERX_SUPPORTEDi,@IFOM_CAPABILITYSENDER_REQUEST_IDIKEV2_FRAGMENTATION_SUPPORTEDSIGNATURE_HASH_ALGORITHMSCLONE_IKE_SA_SUPPORTED CLONE_IKE_SAIV2_NOTIFY_PUZZLEIV2_NOTIFY_USE_PPKIV2_NOTIFY_PPK_IDENTITYIV2_NOTIFY_NO_PPK_AUTH*IV2_NOTIFY_INTERMEDIATE_EXCHANGE_SUPPORTEDIV2_NOTIFY_IP4_ALLOWEDIV2_NOTIFY_IP6_ALLOWED"IV2_NOTIFY_ADDITIONAL_KEY_EXCHANGEIV2_NOTIFY_USE_AGGFRAG)i-@i.@i/@i0@i1@i2@i3@i4@i5@i6@i7@i8@i9@i:@ IPv4_addr IPv6_addrFQDNz!PKCS #7 wrapped X.509 certificatezPGP CertificatezDNS Signed KeyzX.509 Certificate - SignaturezKerberos Tokenz!Certificate Revocation List (CRL)zAuthority Revocation List (ARL)zSPKI CertificatezX.509 Certificate - Attributez Raw RSA Keyz!Hash and URL of X.509 certificatezHash and URL of X.509 bundle) r(r)r+r-r1r3r5r7rSrTr8r9TS_IPV4_ADDR_RANGETS_IPV6_ADDR_RANGETS_FC_ADDR_RANGE)r3r5r7 CFG_REQUEST CFG_REPLYCFG_SETCFG_ACK)r(r)r+r-INTERNAL_IP4_ADDRESSINTERNAL_IP4_NETMASKINTERNAL_IP4_DNSINTERNAL_IP4_NBNSINTERNAL_IP4_DHCPAPPLICATION_VERSIONINTERNAL_IP6_ADDRESSrSINTERNAL_IP6_DNSINTERNAL_IP6_DHCPINTERNAL_IP4_SUBNETSUPPORTED_ATTRIBUTESINTERNAL_IP6_SUBNETMIP6_HOME_PREFIXINTERNAL_IP6_LINKINTERNAL_IP6_PREFIXHOME_AGENT_ADDRESSP_CSCF_IP4_ADDRESSP_CSCF_IP6_ADDRESSFTT_KATEXTERNAL_SOURCE_IP4_NAT_INFO!TIMEOUT_PERIOD_FOR_LIVENESS_CHECKINTERNAL_DNS_DOMAININTERNAL_DNSSEC_TA)rarcr@rArBrCz All protocolsz!Internet Control Message Protocolz"Internet Group Management ProtocolzGateway-to-Gateway ProtocolzIP in IP (encapsulation)zInternet Stream ProtocolzTransmission Control ProtocolzCore-based treeszExterior Gateway ProtocolzWInterior Gateway Protocol (any private interior gateway (used by Cisco for their IGRP))zBBN RCC MonitoringzNetwork Voice Protocolz Xerox PUPARGUSEMCONzCross Net DebuggerChaoszUser Datagram Protocol MultiplexingzDCN Measurement SubsystemszHost Monitoring ProtocolzPacket Radio Measurementz XEROX NS IDPzTrunk-1zTrunk-2zLeaf-1zLeaf-2zReliable Datagram ProtocolrEz&Internet Reliable Transaction ProtocolrqzISO Transport Protocol Class 4rrzBulk Data Transfer ProtocolrszMFE Network Services ProtocolrFzMERIT Internodal ProtocolrGz$Datagram Congestion Control ProtocolzThird Party Connect Protocolz$Inter-Domain Policy Routing ProtocolzXpress Transport ProtocolzDatagram Delivery Protocolz'IDPR Control Message Transport ProtocolzTP++ Transport ProtocolzIL Transport ProtocolzIPv6 EncapsulationzSource Demand Routing ProtocolzRouting Header for IPv6zFragment Header for IPv6zInter-Domain Routing ProtocolzResource Reservation ProtocolzGeneric Routing Encapsulation0zMobile Host Routing Protocol1BNA2zEncapsulating Security Payload3zAuthentication Header4z&Integrated Net Layer Security Protocol5SwIPe6z NBMA Address Resolution Protocol7zIP Mobility (Min Encap)8zBTransport Layer Security Protocol (using Kryptonet key management)9z+Simple Key-Management for Internet Protocol:z ICMP for IPv6;zNo Next Header for IPv6<zDestination Options for IPv6=zAny host internal protocol>CFTP?zAny local network@zSATNET and Backroom EXPAKA KryptolanBz MIT Remote Virtual Disk ProtocolCzInternet Pluribus Packet CoreDzAny distributed file systemEzSATNET MonitoringFz VISA ProtocolGzInternet Packet Core UtilityHz#Computer Protocol Network ExecutiveIzComputer Protocol Heart BeatJzWang Span NetworkKzPacket Video ProtocolLzBackroom SATNET MonitoringMzSUN ND PROTOCOL-TemporaryNzWIDEBAND MonitoringOzWIDEBAND EXPAKPz@International Organization for Standardization Internet ProtocolQz&Versatile Message Transaction ProtocolRz-Secure Versatile Message Transaction ProtocolSVINESTz!Internet Protocol Traffic ManagerUz NSFNET-IGPVzDissimilar Gateway ProtocolWTCFXEIGRPYzOpen Shortest Path FirstZzSprite RPC Protocol[z!Locus Address Resolution Protocol\zMulticast Transport Protocol]zAX.25^z#IP-within-IP Encapsulation Protocol_z'Mobile Internetworking Control Protocol`z!Semaphore Communications Sec. Proaz Ethernet-within-IP EncapsulationbzEncapsulation HeaderczAny private encryption schemedGMTPez Ipsilon Flow Management Protocolfz PNNI over IPgzProtocol Independent Multicasthz2IBM's ARIS (Aggregate Route IP Switching) Protocoliz.SCPS (Space Communications Protocol Standards)jQNXkzActive NetworkslzIP Payload Compression ProtocolmzSitara Networks ProtocolnzCompaq Peer Protocoloz IPX in IPpzZVirtual Router Redundancy Protocol, Common Address Redundancy Protocol (not IANA assigned)qzPGM Reliable Transport ProtocolrzAny 0-hop protocolsz&Layer Two Tunneling Protocol Version 3tzD-II Data Exchange (DDX)uz#Interactive Agent Transfer ProtocolvzSchedule Transfer ProtocolwzSpectraLink Radio Protocolxz&Universal Transport Interface ProtocolyzSimple Message ProtocolzzSimple Multicast Protocol{z!Performance Transparency Protocol|zEIntermediate System to Intermediate System (IS-IS) Protocol over IPv4}z%Flexible Intra-AS Routing Environment~zCombat Radio Transport ProtocolzCombat Radio User Datagramz[Service-Specific Connection-Oriented Protocol in a Multilink and Connectionless EnvironmentIPLTzSecure Packet Shieldz"Private IP Encapsulation within IPz$Stream Control Transmission Protocolz Fibre Channelz-Reservation Protocol (RSVP) End-to-End Ignorez"Mobility Extension Header for IPv6z"Lightweight User Datagram Protocolz0Multiprotocol Label Switching Encapsulated in IPzMANET ProtocolszHost Identity Protocolz'Site Multihoming by IPv6 Intermediationz&Wrapped Encapsulating Security PayloadzRobust Header Compression)NoneProposal TransformSAKEIDiIDrCERTCERTREQAUTHNonceNotifyDeleteVendorIDTSiTSr EncryptedCPEAPGSPMIDgGSAKDEncrypted_FragmentPS)rr r rrrrr IKE_SA_INITIKE_AUTHCREATE_CHILD_SA INFORMATIONALIKE_SESSION_RESUMEIKE_INTERMEDIATE)rtrrrrrceZdZdZdS) _IKEv2_Packetc6|jrtn tjSN) next_payload IKEv2_Payloadr% raw_layer)selfpayloads r|default_payload_classz#_IKEv2_Packet.default_payload_classs $ 1E}}t~Er~N)__name__ __module__ __qualname__rrwr~r|rrs(FFFFFr~rc eZdZdZedddedddeddeedded dee d ddgd e d de d dgZ e ddZ dZdZdS)IKEv2init_SPIr5resp_SPIrrversionrF exch_typeflags)res0res1res2 InitiatorVersionResponseres6res7idlengthNc|rCt|dkr0tjd|ddd}|dkrtS|S)Nr=!Br\rrF)lenstructunpackr#)cls_pktargskargsrs r| dispatch_hookzIKEv2.dispatch_hooksI  CIIOOmD$r"u+66q9G~~  r~cTt|tr|j|jkrdSdS)Nr(r) isinstancerr)rothers r|answersz IKEv2.answerss- eU # # ~..qqr~c||z }|j8|ddtjdt|z|ddz}|S)NrAz!IrErrpackr)rppays r| post_buildzIKEv2.post_build$sI S ; #2#T3q66222QrssV;Ar~r)rrrnamerr IKEv2PayloadTypesrIKEv2ExchangeTypesrr fields_desc classmethodrrrrwr~r|rr s D*b!,,*b!,, na):;; 9d## k1&899 7Aq"n"n"nooq4   K[ r~rc eZdZdZdZdZdS)IKEv2_Key_Length_Attributec2tj||ddS)N)r__init__)rrs r|rz#IKEv2_Key_Length_Attribute.__init__-s$j11111r~c4tj|||dzS)N)ri2hrpktxs r|rzIKEv2_Key_Length_Attribute.i2h0s|D#q6z222r~c<tj||||nddzS)Nrr)rh2irs r|rzIKEv2_Key_Length_Attribute.h2i3s#|D#Q]Z'OPPPr~N)rrrrrrrwr~r|rr+sF222333QQQQQr~rceZdZdZeddeeddddgedded d d gZ d Z dS)rz IKEv2 PayloadrNrrr5criticalrloadrc|jdz SNr-rrs r|zIKEv2_Payload.= ar~ length_fromc|j8|ddtjdt|z|ddz}||zS)Nr)z!Hr-r)rrrs r|rzIKEv2_Payload.post_build@sE ; bqb'FKc#hh777#abb'ACSyr~) rrrrr rrrrrrrwr~r|rr7s} D nd,=>> 7Aq:,// 8T"" VR-G-GHHH Kr~rc eZdZdZejddeddeddee dde d de d d e e d dgzZdS)IKEv2_TransformzIKEv2 TransformNr)rr5transform_typerr transform_idc|jSr)rrs r|rzIKEv2_Transform.Ls ^a^pr~H) depends_onfmt key_lengthc|jdkSNr5rrs r|rzIKEv2_Transform.Ms sz\]~r~)rrrrrrrr IKEv2TransformTypesr rIKEv2TransformAlgorithmsr rrwr~r|rrFs D+BQB/ 8Q &.ABB &!~t-ERpRpvyzzz33LAAC]C]^^ 3KKKr~rc eZdZdZejddeddeddee dddd ed de dd d e de j ed gzZdS)IKEv2_ProposalzIKEv2 ProposalNr+proposalr(protoSPIsizeSPIBtrans_nbrc|jSrrrs r|rzIKEv2_Proposal.X r~rtransc&|jdz |jz Srrrrs r|rzIKEv2_Proposal.Ys[^[ehi[ilolw[wr~)rrrrrrr r IKEv2ProtocolTypesr rrr%rrrwr~r|rrQs D+BQB/ *a   gq"455 iuc22 *d## UB,C,CDDDw 0 0/OwOwxxx 3KKKr~rceZdZdZejddeddeedde ddd gzZdS) IKEv2_AUTHzIKEv2 AuthenticationNr+ auth_typerrrrc|jdz Srrrs r|rzIKEv2_AUTH.brr~r) rrrrrrr IKEv2AuthenticationTypesrrrwr~r|rr]sg !D+BQB/ k4)ABB VQ VR-G-GHHH3KKKr~rcReZdZdZejddedddgzZdS)IKEv2_VendorIDzIKEv2 Vendor IDNr+vendorIDrc|jdz Srrrs r|rzIKEv2_VendorID.is SZ!^r~rrrrrrrrrwr~r|rrfsF D+BQB/ Z1K1KLLL3KKKr~rc,eZdZeddZdZdS)TrafficSelectorNc|rdt|dkrQtjd|ddd}|dkrtS|dkrtS|dkrt St StS)Nr<rrr(r3r5r7)rrrIPv4TrafficSelectorIPv6TrafficSelectorEncryptedTrafficSelectorRawTrafficSelector)rrrrts_types r|rzTrafficSelector.dispatch_hooknso  *CIIOOmD$qs)44Q7G!||**A**A//))""r~c d|fS)Nrrwrss r|extract_paddingzTrafficSelector.extract_padding|s 1u r~r)rrrrrrrwr~r|r r msA # # #[ #r~r c eZdZdZeddeeddeeddedd ed d ed d eddgZ dS)r zIKEv2 IPv4 Traffic SelectorTS_typer3IP_protocol_IDNrr< start_portrend_portrstarting_address_v4z 192.168.0.1ending_address_v4z 192.168.0.255) rrrrr IKEv2TrafficSelectorTypes IPProtocolIDsrrrrwr~r|r r s (D i$=>> &m<< 8R   <## :u%%%}55#_55KKKr~r c eZdZdZeddeeddeeddedd ed d ed d edd gZ dS)rzIKEv2 IPv6 Traffic Selectorrr5rNrr?rrrrstarting_address_v6z2001::ending_address_v6) rrrrr rrrrrrwr~r|rrs (D i$=>> &m<< 8R   <## :u%%&11$h//KKKr~rc eZdZdZeddeeddeeddedd e d d ed d e d d ed d edd edd edd g Z dS)r IKEv2 Encrypted Traffic Selectorrr7rNrr<resrstarting_address_FCrending_address_FCstarting_R_CTL ending_R_CTL starting_type ending_type) rrrrr rrrr rrrwr~r|rrs -D i$=>> &m<< 8R   % *A.. &! (!,, "A&& .!$$ /1%% -## KKKr~rc ~eZdZdZeddeeddeeddddd edd e gZ dS) rr#rNrrrrc |dzSrrw)rrs r|rzRawTrafficSelector.s Qr~)adjustr) rrrrr rrr rrrrwr~r|rrsk -D i'@AA &m<< hfc:N:NOOO FB$$ KKKr~rc eZdZdZejddeddddedd edde d d gzZdS) IKEv2_TSiz"IKEv2 Traffic Selector - InitiatorNr+ number_of_TSsrtraffic_selectorrcount_ofrrc|jdz Srrrs r|rzIKEv2_TSi.  Qr~c|jSrr0rs r|rzIKEv2_TSi. s/@r~r count_from rrrrrrr rrr rwr~r|r/r/ /D+BQB/ ot1 3 3 3 VQ*D/$>$>#@#@ B B B 3KKKr~r/c eZdZdZejddeddddedd edde d d gzZdS) IKEv2_TSrz"IKEv2 Traffic Selector - ResponderNr+r0rr1r2rrc|jdz Srrrs r|rzIKEv2_TSr.r5r~c|jSrr7rs r|rzIKEv2_TSr.r8r~r9r;rwr~r|r>r>r<r~r>c eZdZdZejddeddddddd ed dd d ed de d ge ddddgzZdS) IKEv2_Deletez IKEv2 DeleteNr+rrrrr)rr(r)r+rrrSPInumrrc|jSrrrs r|rzIKEv2_Delete.sCKr~rc|jSr)rCrs r|rzIKEv2_Delete.scjr~)r:) rrrrrrr r rr rrwr~r|rBrBs D+BQB/ gt$5%Q%QRR iuc22 8Qub#|B8O8OPPP"8"8 : : : 3KKKr~rBcneZdZdZejddedeje dgzZdS)IKEv2_SAzIKEv2 SANr+propc|jdz Srrrs r|rzIKEv2_SA.sY\YcfgYgr~r) rrrrrrrr%rrrwr~r|rGrGsR D+BQB/v~t~//MgMghhh3KKKr~rGcReZdZdZejddedddgzZdS) IKEv2_Noncez IKEv2 NonceNr+noncerc|jdz Srrrs r|rzIKEv2_Nonce.s #*q.r~rr rwr~r|rKrKsF D+BQB/ Wb.H.HIII3KKKr~rKceZdZdZejddeddeedddde dd e e dd d e e d d d de edde de eddddde eedddfedddfgedd d de e dd d dg zZdS) IKEv2_Notifyz IKEv2 NotifyNr+rrrrtyperrc|jSrrrs r|rzIKEv2_Notify.rr~rnotifyc&|jdz |jz Srrrs r|rzIKEv2_Notify.sa#+1Mr~c|jdvSN)rrrPrs r|rzIKEv2_Notify.s 6r~ gw_id_typer(c|jdvSrUrVrs r|rzIKEv2_Notify. N2r~ gw_id_lengw_idc|jdvSrUrVrs r|rzIKEv2_Notify.rYr~ 127.0.0.1c|jdkSNr(rWrs r|rzIKEv2_Notify.s ala>Or~::1c|jdkS)Nr)r`ras r|rzIKEv2_Notify.s 9Jr~c|jSr)rZras r|rzIKEv2_Notify.sq{r~c|jdvSrUrVrs r|rzIKEv2_Notify.rYr~rLc&|jdz |jz S)NrS)rrZras r|rzIKEv2_Notify. s18b=1;;Vr~c|jdkS)NrrVrs r|rzIKEv2_Notify. s E)r~)rrrrrrr rr rIKEv2NotifyMessageTypesrr IKEv2GatewayIDTypesrrrrrwr~r|rOrOs D+BQB/ gt%788 iuc22vq"9:: UB,C,CDDD L2%M%M O O O 6 6   M,+> ? ? 2 2   M+tWc : : 2 2    WWk224O4OPXgu--/J/JK GR5J5JKKK    3 2   L"2V2V W W W ) )  ?$3$KKKr~rOceZdZdZejddeddededde dd d gzZdS) IKEv2_KEzIKEv2 Key ExchangeNr+grouprr-rkerc|jdz Srrrs r|rzIKEv2_KE.s szA~r~r) rrrrrrrrrrrwr~r|rkrksl D+BQB/w#;A#>?? 61 T2+E+EFFF3KKKr~rkc eZdZdZejddedddddd d d ed d ee dddfe dddfge dddgzZdS) IKEv2_IDiz IKEv2 Identification - InitiatorNr+IDtyper(rr Email_addrrKeyr(r)r+r/rTrrIDr]c|jdkSr_rqrs r|rzIKEv2_IDi.  qr~rbc|jdkSNr/rwrs r|rzIKEv2_IDi.! CJ!Or~rc|jdz Srrrs r|rzIKEv2_IDi.# 3:>r~r rrrrrrr rrrrrrwr~r|rprp -D+BQB/ h{v,S^di#j#jkk VQ{++-H-HI$&&(C(CD  Lr/I/I J J J    3 KKKr~rpc eZdZdZejddedddddd d d ed d ee dddfe dddfge dddgzZdS) IKEv2_IDrz IKEv2 Identification - ResponderNr+rqr(rrrrrrsrtrrrur]c|jdkSr_rwrs r|rzIKEv2_IDr./rxr~rbc|jdkSrzrwrs r|rzIKEv2_IDr.0r{r~rc|jdz Srrrs r|rzIKEv2_IDr.2r}r~rr~rwr~r|rr(rr~rceZdZdZdS)IKEv2_Encryptedz!IKEv2 Encrypted and AuthenticatedNrrrrrwr~r|rr7s .DDDr~rc eZdZdZeddeeddddeeddd fe dd d fge dd d gZ dZ dS)ConfigurationAttributezIKEv2 Configuration AttributerPr(rNvaluerr]c*|jdko|jdvS)Nr-)r(r)r+r-r1r?rrPrs r|rzConfigurationAttribute.CsSZ1_P=P1Pr~rbc*|jdko|jdvS)Nr<)rSr8rarrs r|rzConfigurationAttribute.EsSZ2-J#(l2Jr~rc|jSrrrs r|rzConfigurationAttribute.Gscjr~rc d|fS)Nr~rwrs r|rz&ConfigurationAttribute.extract_paddingKs Av r~) rrrrr IKEv2ConfigurationAttributeTypesr rrrrrrrwr~r|rr;s *Dvq"BCC hgs33+..PPR'5))JJL  L"2H2H I I I   Kr~rc eZdZdZejddeddeedde dde d gzZdS) IKEv2_CPzIKEv2 ConfigurationNr+CFGTyper(rr attributesc|jdz Srrrs r|rzIKEv2_CP.Ur5r~r) rrrrrrr !IKEv2ConfigurationPayloadCFGTypesrrrrwr~r|rrOss D+BQB/ i$EFF VQ d,B$>$> @ @ @3KKKr~rc~eZdZdZejddeddeddeddd gzZdS) IKEv2_Encrypted_Fragmentz*IKEv2 Encrypted and Authenticated FragmentNr+ frag_numberr( frag_totalrrc|jdz Srrrs r|rz!IKEv2_Encrypted_Fragment.^rr~r)rrrrrrrrrwr~r|rrYsd 7D+BQB/ =!$$ <## VR-G-GHHH3KKKr~rcjeZdZdZejddeddeeddd gzZdS) IKEv2_CERTREQzIKEv2 Certificate RequestNr+ cert_encodingrcert_authorityrc|jdz Srzrrs r|rzIKEv2_CERTREQ.fs 3:PQ>r~r) rrrrrrr IKEv2CertificateEncodingsrrwr~r|rrbsY &D+BQB/ oq*CDD %r7Q7QRRR3KKKr~rc eZdZdZejddeddeee de e dd fe de e d d fge dd d gzZdS) IKEv2_CERTzIKEv2 CertificateNr+rr- cert_datac|jdz Srzrrs r|rzIKEv2_CERT.q  Qr~rc|jdkSrrrs r|rzIKEv2_CERT.rS.!3r~c|jdz Srzrrs r|rzIKEv2_CERT.trr~c|jdkS)Nr3rrs r|rzIKEv2_CERT.urr~rc|jdz Srzrrs r|rzIKEv2_CERT.ws #*q.r~) rrrrrrr rrrrrrrwr~r|rrjs D+BQB/ oq*CDD YY[[),F,FHHH335  XXZZ,F,FHHH335   Lb6P6P Q Q Q  3 KKKr~rceZdZdZdS) IKEv2_EAPzIKEv2 Extensible AuthenticationNrrwr~r|rr~s ,DDDr~rceZdZdZdS) IKEv2_GSPMzGeneric Secure Password MethodNrrwr~r|rrs +DDDr~rceZdZdZdS) IKEv2_IDgzGroup IdentificationNrrwr~r|rrs !DDDr~rceZdZdZdS) IKEv2_GSAzGroup Security AssociationNrrwr~r|rrs 'DDDr~rceZdZdZdS)IKEv2_KDz Key DownloadNrrwr~r|rrs DDDr~rceZdZdZdS)IKEv2_PSzPuzzle SolutionNrrwr~r|rrs DDDr~r)ri)dport)sport)rrc tt|tz tt ddz t t z fi|S)z.Send a IKEv2 SA to an IP and wait for answers.)dstr5rt)rr)rH)r$r r!rr&rGr)ipkwargss r| ikev2scanrst bRjjj355 5*Q--35$7$7$779A~GWGW9X9X9XY d d\b d ddr~)a__doc__r scapy.packetrrrrrr scapy.fieldsr r r r r rrrrrrrrrrrrrrrrscapy.layers.x509rrscapy.layers.inetr r!scapy.layers.ipsecr"scapy.layers.isakmpr#scapy.sendrecvr$ scapy.configr%scapy.volatiler&IKEv2AttributeTypesitemsrrrrrhrirrrrrrrrrrrrrrrr r rrrr/r>rBrGrKrOrkrprrrrrrrrrrrrrrrwr~r|rs>  .21111111%%%%%%%%&&&&&&&&&&&&%%%%%%  z u  v  u  v  v   z  w  z                  ! " # $#$$#&!3   >  """ &     (  { |  |                     "  "  "   ! " ## $$####1   < #  {ddL0C0I0I0K0K0C0I0I0K0K    *.//7  S%SSS S  S  SSSSSS"SSSS  !S"!#SS$%S&'S()S*+S,-S. /S0 1S2 3S4 #5S6 7S8 $9S: );S< 8=S> ?S@ 'ASB :CSD *ESSSF %GSH ISJ #KSL #MSN $OSP QSR 9SST USV ?WSX $YSZ ![S\ ]S^ :_S` aSb cSd eSf %?P@'APB#CPD.EPPPF&GPH.IPJ#KPL$MPN1OPP!QPRSPTUPV(WPX!YPZ"[P\']P^'_P`'aPb&cPdePf(gPPPhiPj0kPlmPn*oPp!qPrLsPt5uPvwPx!yPz&{P|$}P~P@APB#CPD EPF*GPH'IPPPJ%KPLMPNOPP&QPR-SPT&UPVWPXYPZ$[P\#]P^_P`aPbJcPd0ePf7gPhiPj+kPPPl mPn%oPpqPrsPt"uPvwPx+yPz&{P|}P~-P@1APB+CPD*EPFGPH'IPJKPL +MPPPNOPP )QPR =SPT 9UPVWPX YPZ *[P\ #]P^ _P`aPb ecPd *ePf gPh 1iPj #kPl .mPn %oPPPp %qPr 1sPt "uPv $wPx ,yPz P{P| 0}P~ *P@ %APB fCPDEPF GPH -IPJ /KPLMPN 8OPP -QPPR . ;  ! 2 1 $_PPP dvz{        !" #$      3<  FFFFFFFFF MD Q Q Q Q Q Q Q Q     M   m     ]   ]f&     /        /   "                     =   }-&&&&&=&&&R}                /////m///V(}}M(----- ---,,,,,,,,""""" """((((( (((}}  M>:::: M?;;;; M8"5555 M8"5555 M926666 M926666 M:B7777 M=r:::: M:B7777 M;R8888 M;;;; M926666 M926666 M?<<<< M8"5555 M926666 M:B7777 M926666 M926666 M8"5555 M3"EEEE M8"5555V3''''V3''''sE%%%%sE%%%% c53//// wdddddr~