scapy icon indicating copy to clipboard operation
scapy copied to clipboard
verified publisher icon secdev

decrypted IPv6 packet using decrypt_esp for NAT-Traversal is return wrong packet

Open ImanAfaneh293 opened this issue 1 year ago • 0 comments

Brief description

when decrypt ipv6 packet using decrypt_esp for NAT-Traversal, the packet is returned with nat_header

if you check _decrypt_esp in ipsec.py: When having nat_header, encrypted.underlayer will return UDP/ESP, so when decrypting IPv6 packet, the decrypt packet will be returned with nat_header (UDP), which will return a corrupted packet.

Example:

original packet: IPv6/TCP/Raw encrypted packet: IPv6/UDP/ESP Decrypted packet: IPv6/UDP/TCP/Raw

proposal fix: https://github.com/secdev/scapy/pull/4370

Scapy version

2.5

Python version

3.8.2

Operating system

Ubuntu 20.04

Additional environment information

No response

How to reproduce

packet = IPv6(version=6, tc=157, fl=646335, plen=752, nh=17, hlim=157, src='1122:3344:5566:7788:99aa:bbcc:ddee:ff00', dst='1122:3344:5566:7788:99aa:bbcc:ddee:ff00')/UDP(sport=3333, dport=55, len=752, chksum=59013)/Raw(load=b'nh9auzfzjgajh8hmdasm4mml0w626i3cwvcawd68rzvo1erd01foqpbky7awczfmlmal86giy7bi5inzpvyzy14t1cdwjwwucdldkqy2wgpm0faqheqr1r4ika0yrah355poeqx6t0s709v7ivvapckxb9fs8pwpv1nrfqfxanhe4fp8lut56vp6zdw9xnu7qmla5fml4219dkq7d9da3q0mhnrsdmikofohv9onpd3yosayzvteci0385yfn83sgjwhmx88dea7eujffppb53nx32z2ylp2wp8oml59vyhxsykx12oscr8fn0oau46w038pxphh507l8yvpan10hgvbby46jpwod1d77na6f9pk3yk1yv79iamikgeuyquxui3wvi4y6gzgg3zdr0d7m3qfbb0p15vrfjv0pdd2h81wti8da7ruhbl3s1bwekzqp8me15rp09t82aefyf4m8zobfhlvk73o9cbz6mdmpg9kqg2nq32gn0o2ci6blg8mzb3retqo4vfniza81e6y5c78alkdxg9rsuuqxgmwvgnyqm3fdvuueeq07930tynxjf2qgh651ci0mmvufizp6gg61iw2fgucj9ndmfd4nbnfq2hdpgbmdy5wc8fawdnnapsn9vmf76f85oo3akxjuvw4yrcib7q83ptxqebsvkhtlzvoq4dyswu2969wdlrjnvstabk5x2ypd13whxckf8pz085d1jpd208m4vzy')

sa = SecurityAssociation(ESP, spi=6,seq_num=0, esn_en=False, esn=0, crypt_algo='AES-GCM',crypt_key=b'\x11"3D\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06', nat_header=UDP(sport=12345, dport=4500))

encrypt_packet = sa.encrypt(packet, iv=b'\x00\x00\x00\x00\x00\x00\x00\x00') decrypt_packet = sa.decrypt(encrypt_packet)

Actual result

Ether(dst='ff:ff:ff:ff:ff:ff', src='00:16:3e:62:91:68', type=34525)/IPv6(version=6, tc=157, fl=646335, plen=760, nh=17, hlim=157, src='1122:3344:5566:7788:99aa:bbcc:ddee:ff00', dst='1122:3344:5566:7788:99aa:bbcc:ddee:ff00')/UDP(sport=12345, dport=4500, len=796, chksum=61064)/UDP(sport=3333, dport=55, len=752, chksum=59013)/Raw(load=b'nh9auzfzjgajh8hmdasm4mml0w626i3cwvcawd68rzvo1erd01foqpbky7awczfmlmal86giy7bi5inzpvyzy14t1cdwjwwucdldkqy2wgpm0faqheqr1r4ika0yrah355poeqx6t0s709v7ivvapckxb9fs8pwpv1nrfqfxanhe4fp8lut56vp6zdw9xnu7qmla5fml4219dkq7d9da3q0mhnrsdmikofohv9onpd3yosayzvteci0385yfn83sgjwhmx88dea7eujffppb53nx32z2ylp2wp8oml59vyhxsykx12oscr8fn0oau46w038pxphh507l8yvpan10hgvbby46jpwod1d77na6f9pk3yk1yv79iamikgeuyquxui3wvi4y6gzgg3zdr0d7m3qfbb0p15vrfjv0pdd2h81wti8da7ruhbl3s1bwekzqp8me15rp09t82aefyf4m8zobfhlvk73o9cbz6mdmpg9kqg2nq32gn0o2ci6blg8mzb3retqo4vfniza81e6y5c78alkdxg9rsuuqxgmwvgnyqm3fdvuueeq07930tynxjf2qgh651ci0mmvufizp6gg61iw2fgucj9ndmfd4nbnfq2hdpgbmdy5wc8fawdnnapsn9vmf76f85oo3akxjuvw4yrcib7q83ptxqebsvkhtlzvoq4dyswu2969wdlrjnvstabk5x2ypd13whxckf8pz085d1jpd208m4vzy')

Expected result

packet = Ether(dst='ff:ff:ff:ff:ff:ff', src='00:16:3e:62:91:68', type=34525)/IPv6(version=6, tc=157, fl=646335, plen=752, nh=17, hlim=157, src='1122:3344:5566:7788:99aa:bbcc:ddee:ff00', dst='1122:3344:5566:7788:99aa:bbcc:ddee:ff00')/UDP(sport=3333, dport=55, len=752, chksum=59013)/Raw(load=b'nh9auzfzjgajh8hmdasm4mml0w626i3cwvcawd68rzvo1erd01foqpbky7awczfmlmal86giy7bi5inzpvyzy14t1cdwjwwucdldkqy2wgpm0faqheqr1r4ika0yrah355poeqx6t0s709v7ivvapckxb9fs8pwpv1nrfqfxanhe4fp8lut56vp6zdw9xnu7qmla5fml4219dkq7d9da3q0mhnrsdmikofohv9onpd3yosayzvteci0385yfn83sgjwhmx88dea7eujffppb53nx32z2ylp2wp8oml59vyhxsykx12oscr8fn0oau46w038pxphh507l8yvpan10hgvbby46jpwod1d77na6f9pk3yk1yv79iamikgeuyquxui3wvi4y6gzgg3zdr0d7m3qfbb0p15vrfjv0pdd2h81wti8da7ruhbl3s1bwekzqp8me15rp09t82aefyf4m8zobfhlvk73o9cbz6mdmpg9kqg2nq32gn0o2ci6blg8mzb3retqo4vfniza81e6y5c78alkdxg9rsuuqxgmwvgnyqm3fdvuueeq07930tynxjf2qgh651ci0mmvufizp6gg61iw2fgucj9ndmfd4nbnfq2hdpgbmdy5wc8fawdnnapsn9vmf76f85oo3akxjuvw4yrcib7q83ptxqebsvkhtlzvoq4dyswu2969wdlrjnvstabk5x2ypd13whxckf8pz085d1jpd208m4vzy')

Related resources

No response

ImanAfaneh293 avatar Apr 29 '24 14:04 ImanAfaneh293