Several contrib layers cleanups (secdev#3939)

Author: gpotter2

.config/ci/test.sh

@@ -52,6 +52,9 @@ fi
 if python --version 2>&1 | grep -q PyPy
 then
   UT_FLAGS+=" -K not_pypy"
+  # Code coverage with PyPy makes it very, very slow. Tests work
+  # but take around 30minutes, so we disable it.
+  export DISABLE_COVERAGE=" "
 fi
 
 # libpcap

pyproject.toml

@@ -83,8 +83,8 @@ version = { attr="scapy.VERSION" }
 concurrency = [ "thread", "multiprocessing" ]
 source = [ "scapy" ]
 omit = [
-    # Scapy specific paths
-    "scapy/tools/UTscapy.py",
+    # Scapy tools
+    "scapy/tools/",
     # Scapy external modules
     "scapy/libs/six.py",
     "scapy/libs/winpcapy.py",

scapy/__init__.py

@@ -158,7 +158,7 @@ def _version():
 
 VERSION = __version__ = _version()
 
-_tmp = re.search(r"[0-9.]+", VERSION)
+_tmp = re.search(r"([0-9]|\.[0-9])+", VERSION)
 VERSION_MAIN = _tmp.group() if _tmp is not None else VERSION
 
 if __name__ == "__main__":

scapy/contrib/ubberlogger.py

@@ -10,11 +10,35 @@
 
 import struct
 
-from scapy.fields import BitField, ByteField, XByteField,\
-    ShortField, IntField, XIntField, ByteEnumField, StrLenField, XStrField,\
-    XStrLenField, XStrFixedLenField, LenField, FieldLenField, FieldListField,\
-    PacketField, PacketListField, ConditionalField, PadField
-from scapy.packet import Packet, Padding, bind_layers
+from scapy.fields import (
+    BitEnumField,
+    BitField,
+    ByteEnumField,
+    ByteField,
+    ConditionalField,
+    FieldLenField,
+    FieldListField,
+    IntField,
+    LenField,
+    LongField,
+    PacketField,
+    PacketListField,
+    PadField,
+    ShortField,
+    StrLenField,
+    XByteField,
+    XIntField,
+    XStrField,
+    XStrFixedLenField,
+    XStrLenField,
+)
+from scapy.packet import (
+    Packet,
+    Padding,
+    bind_bottom_up,
+    bind_layers,
+    bind_top_down,
+)
 from scapy.layers.l2 import SourceMACField, Ether, CookedLinux, GRE, SNAP
 from scapy.config import conf
 from scapy.compat import orb, chb
@@ -404,6 +428,64 @@ class LEAP(EAP):
     ]
 
 
+#############################################################################
+# IEEE 802.1X-2010 - EAPOL-Key
+#############################################################################
+
+# sect 11.9 of 802.1X-2010
+# AND sect 12.7.2 of 802.11-2016
+
+
+class EAPOL_KEY(Packet):
+    name = "EAPOL_KEY"
+    fields_desc = [
+        ByteEnumField("key_descriptor_type", 1, {1: "RC4", 2: "RSN"}),
+        # Key Information
+        BitEnumField("key_descriptor_type_version", 0, 3, {
+            1: "HMAC-MD5+ARC4",
+            2: "HMAC-SHA1-128+AES-128",
+            3: "AES-128-CMAC+AES-128",
+        }),
+        BitEnumField("key_type", 0, 1, {0: "Group/SMK", 1: "Pairwise"}),
+        BitField("res", 0, 2),
+        BitField("install", 0, 1),
+        BitField("key_ack", 0, 1),
+        BitField("has_key_mic", 1, 1),
+        BitField("secure", 0, 1),
+        BitField("error", 0, 1),
+        BitField("request", 0, 1),
+        BitField("encrypted_key_data", 0, 1),
+        BitField("smk_message", 0, 1),
+        BitField("res2", 0, 2),
+        #
+        LenField("len", None, "H"),
+        LongField("key_replay_counter", 0),
+        XStrFixedLenField("key_nonce", "", 32),
+        XStrFixedLenField("key_iv", "", 16),
+        XStrFixedLenField("key_rsc", "", 8),
+        XStrFixedLenField("key_id", "", 8),
+        ConditionalField(
+            XStrFixedLenField("key_mic", "", 16),  # XXX size can be 24
+            lambda pkt: pkt.has_key_mic
+        ),
+        LenField("key_length", None, "H"),
+        XStrLenField("key", "",
+                     length_from=lambda pkt: pkt.key_length)
+    ]
+
+    def extract_padding(self, s):
+        return s[:self.len], s[self.len:]
+
+    def hashret(self):
+        return struct.pack("!B", self.type) + self.payload.hashret()
+
+    def answers(self, other):
+        if isinstance(other, EAPOL_KEY) and \
+                other.descriptor_type == self.descriptor_type:
+            return 1
+        return 0
+
+
 #############################################################################
 # IEEE 802.1X-2010 - MACsec Key Agreement (MKA) protocol
 #############################################################################
@@ -765,10 +847,14 @@ def extract_padding(self, s):
         return "", s
 
 
-bind_layers(Ether, EAPOL, type=34958)
-bind_layers(Ether, EAPOL, dst='01:80:c2:00:00:03', type=34958)
-bind_layers(CookedLinux, EAPOL, proto=34958)
-bind_layers(GRE, EAPOL, proto=34958)
+# Bind EAPOL types
 bind_layers(EAPOL, EAP, type=0)
-bind_layers(SNAP, EAPOL, code=34958)
+bind_layers(EAPOL, EAPOL_KEY, type=3)
 bind_layers(EAPOL, MKAPDU, type=5)
+
+bind_bottom_up(Ether, EAPOL, type=0x888e)
+# the reserved IEEE Std 802.1X PAE address
+bind_top_down(Ether, EAPOL, dst='01:80:c2:00:00:03', type=0x888e)
+bind_layers(CookedLinux, EAPOL, proto=0x888e)
+bind_layers(SNAP, EAPOL, code=0x888e)
+bind_layers(GRE, EAPOL, proto=0x888e)

scapy/contrib/wpa_eapol.py

@@ -52,6 +52,21 @@ assert eapol.type == 0
 assert eapol.len == 60
 assert eapol.haslayer(EAP_FAST)
 
+############
+############
++ EAPOL-Key class tests
+
+= EAPOK-Key - over 802.11 - Dissection
+s = b'\x08\x02:\x01\x00\xc0\xcab\xa4\xf6\x00"k\xfbI+\x00"k\xfbI+\xa0[\xaa\xaa\x03\x00\x00\x00\x88\x8e\x02\x03\x00u\x02\x00\x8a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x04\x95X{I5\':3\x8f\x90\xb1I\xae\x1f\xd7-"\x82\x1e\\$\xefC=\x83\x97?M\xd6\xdf>\x9b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\xdd\x14\x00\x0f\xac\x04\x03\xca?d\xca\xed\xdd\xef\xf69;\xefX\xd4\x97w'
+wifi = Dot11(s)
+assert wifi[EAPOL].key_descriptor_type == 2
+assert wifi[EAPOL].key_type == 0
+assert wifi[EAPOL].has_key_mic == 1
+assert wifi[EAPOL].encrypted_key_data == 1
+assert wifi[EAPOL].key_replay_counter == 4
+assert wifi[EAPOL].key_mic == b"\x00" * 16
+assert wifi[EAPOL].key_length == 22
+assert len(wifi[EAPOL].key) == 22
 
 ############
 ############

scapy/layers/eap.py

@@ -39,13 +39,13 @@ platform =
   bsd_non_root,bsd_root: darwin|freebsd|openbsd|netbsd
   windows: win32
 commands =
-  linux_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -N {posargs}
-  linux_root: sudo -E {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc {posargs}
-  bsd_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -N {posargs}
-  bsd_root: sudo -E {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark {posargs}
-  windows: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/windows.utsc {posargs}
-  coverage combine
-  coverage xml -i
+  linux_non_root: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -N {posargs}
+  linux_root: sudo -E {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc {posargs}
+  bsd_non_root: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -N {posargs}
+  bsd_root: sudo -E {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark {posargs}
+  windows: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/windows.utsc {posargs}
+  {env:DISABLE_COVERAGE:coverage combine}
+  {env:DISABLE_COVERAGE:coverage xml -i}
 
 # Variants of the main tests