Bases: enum.IntEnum
Bases: enum.IntEnum
Bases: enum.IntEnum
Bases: enum.IntEnum
IKE v2 (RFC 5996) initiator implementation
To clean up afterwards,
setkey -FP && setkey -F
Bases: asyncio.protocols.DatagramProtocol
Implements an IKE initiator that attempt to negotiate a single child SA to remote peer.
IKEv2 Payloads as specified in RFC 5996 sections 3.2 - 3.16
Bases: ike.payloads._IkePayload
Bases: ike.payloads._IkePayload
Identification Payload for initiator
Bases: ike.payloads._IkePayload
Identification Payload for responder
Bases: ike.payloads._IkePayload
Bases: ike.payloads._IkePayload
Bases: ike.payloads._IkePayload
Bases: ike.payloads._IkePayload
Bases: ike.payloads._IkePayload
Bases: ike.payloads._TS
Traffic Selector Payload for initiator
Bases: ike.payloads._TS
Traffic Selector Payload for responder
Returns an IkePayload (sub)class based on the RFC5996 payload_type :param payload_type: int() Ike Payload type
Implements Proposal and Transform substructures for Security association (SA) payloads.
Conforms to RFC5996 section 3.3
High level interface to IKEv2 protocol
Bases: builtins.object
A single IKE negotiation / SA.
Currently implements only Initiator side of the negotiation.
Handle peer’s IKE_AUTH response.
Generates the second (IKE_AUTH) packet for Initiator
Returns: | bytes() containing a valid IKE_INIT packet |
---|
Verifies the peers authentication.
Decrypts an encrypted (SK, 46) IKE payload using self.SK_er
Parameters: | data – Encrypted IKE payload including headers (payloads.SK()) |
---|---|
Returns: | next_payload, data_containing_payloads |
Raises IkeError: | |
If packet is corrupted. |
Encrypts and signs a Packet() using self.SK_ei and self.SK_ai
Parameters: | packet – Unecrypted Packet() with one or more payloads. |
---|---|
Returns: | Encrypted and signed Packet() with a single payloads.SK |
Parses the IKE_INIT response packet received from Responder.
Assigns the correct values of rSPI and Nr Calculates Diffie-Hellman exchange and assigns all keys to self.
Generates the first (IKE_INIT) packet for Initiator
Returns: | bytes() containing a valid IKE_INIT packet |
---|
Parses a received packet in to Packet() with corresponding payloads. Will decrypt encrypted packets when needed.
Parameters: | data – bytes() IKE packet from wire. |
---|---|
Returns: | Packet() instance |
Raises IkeError: | |
on malformed packet |
Verifies the HMAC signature of an encrypted (SK, 46) payload using self.SK_ar
Parameters: | data – bytes(payloads.SK()) |
---|---|
Raises IkeError: | |
if calculated signature does not match the one in the payload |
Bases: builtins.Exception
Bases: builtins.object
An IKE packet.
To generate packets:
Received packets should be generated by IKE.parse_packet().
Adds a payload to packet, updating last payload’s next_payload field
Bases: enum.IntEnum