Class: PacketGen::Plugin::IKE::Auth
- Defined in:
- lib/packetgen/plugin/ike/auth.rb
Overview
This class handles Authentication payloads.
A AUTH payload consists of the IKE generic payload Plugin (see Payload) and some specific fields:
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Payload |C| RESERVED | Payload Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Auth Method | RESERVED |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Authentication Data ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
These specific fields are:
-
#type (ID type),
-
and Payload#content (Identification Data).
Create a KE payload
# create a IKE packet with a Auth payload
pkt = PacketGen.gen('IP').add('UDP').add('IKE').add('IKE::Auth', auth_method: 'SHARED_KEY')
pkt.calc_length
Constant Summary collapse
- PAYLOAD_TYPE =
Payload type number
39- METHODS =
Authentication methods
{ 'RSA_SIGNATURE' => 1, 'SHARED_KEY' => 2, 'DSA_SIGNATURE' => 3, 'ECDSA256' => 9, 'ECDSA384' => 10, 'ECDSA512' => 11, 'PASSWORD' => 12, 'NULL' => 13, 'DIGITAL_SIGNATURE' => 14 }.freeze
Instance Attribute Summary collapse
-
#auth_method ⇒ Integer
readonly
8-bit Auth Method.
-
#reserved ⇒ Integer
24-bit reserved field.
Attributes inherited from Payload
#content, #critical, #flags, #hreserved, #length, #next
Instance Method Summary collapse
-
#check?(init_msg: nil, nonce: '', sk_p: '', prf: 1, shared_secret: '', cert: nil) ⇒ Boolean
Check authentication (see RFC 7296 §2.15).
-
#human_auth_method ⇒ String
Get authentication method name.
Methods inherited from Payload
#calc_length, #initialize, protocol_name
Constructor Details
This class inherits a constructor from PacketGen::Plugin::IKE::Payload
Instance Attribute Details
#auth_method ⇒ Integer (readonly)
8-bit Auth Method
56 |
# File 'lib/packetgen/plugin/ike/auth.rb', line 56 define_attr_before :content, :auth_method, BinStruct::Int8Enum, enum: METHODS |
#reserved ⇒ Integer
24-bit reserved field
60 |
# File 'lib/packetgen/plugin/ike/auth.rb', line 60 define_attr_before :content, :reserved, BinStruct::Int24 |
Instance Method Details
#check?(init_msg: nil, nonce: '', sk_p: '', prf: 1, shared_secret: '', cert: nil) ⇒ Boolean
For now, only NULL, SHARED_KEY and RSA, DSA and ECDSA signatures are supported.
For certificates, only check AUTH authenticity with given (or guessed from packet) certificate, but certificate chain is not verified.
Check authentication (see RFC 7296 §2.15)
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 |
# File 'lib/packetgen/plugin/ike/auth.rb', line 76 def check?(init_msg: nil, nonce: '', sk_p: '', prf: 1, shared_secret: '', # rubocop:disable Metrics/ParameterLists cert: nil) raise TypeError, 'init_msg should be a Packet' unless init_msg.is_a?(PacketGen::Packet) signed_octets = build_signed_octets(init_msg, nonce, sk_p, prf) case auth_method when METHODS['SHARED_KEY'] check_shared_key?(shared_secret, signed_octets) when METHODS['RSA_SIGNATURE'], METHODS['ECDSA256'], METHODS['ECDSA384'], METHODS['ECDSA512'] check_signature?(cert, signed_octets) when METHOD_NULL true else raise NotImplementedError, "unsupported auth method #{human_auth_method}" end end |
#human_auth_method ⇒ String
Get authentication method name
96 97 98 |
# File 'lib/packetgen/plugin/ike/auth.rb', line 96 def human_auth_method self[:auth_method].to_human end |