forked from osmocom/wireshark
IS-IS: Add support for CRYPTO_AUTH authentication type
CRYPTO_AUTH (generic cryptographic authentication) is documented in RFC 5310, https://tools.ietf.org/html/rfc5310. Sample IS-IS .pcap files using CRYPTO_AUTH (HMAC-SHA1/HMAC-SHA256) can be found at https://c0decafe.de/svn/codename_loki/test/. Bug: 13727 Change-Id: If25edc5985e13de56ab6bade570f06e0e9db276c Reviewed-on: https://code.wireshark.org/review/21697 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This commit is contained in:
parent
3346fc9c83
commit
b83e74c3dd
|
@ -29,6 +29,15 @@
|
|||
#include "packet-isis-clv.h"
|
||||
#include <epan/nlpid.h>
|
||||
|
||||
static const value_string algorithm_vals[] = {
|
||||
{ 20, "hmac-sha1" },
|
||||
{ 28, "hmac-sha224" },
|
||||
{ 32, "hmac-sha256" },
|
||||
{ 48, "hmac-sha384" },
|
||||
{ 64, "hmac-sha512" },
|
||||
{ 0, NULL }
|
||||
};
|
||||
|
||||
/*
|
||||
* Name: isis_dissect_area_address_clv()
|
||||
*
|
||||
|
@ -138,8 +147,9 @@ isis_dissect_instance_identifier_clv(proto_tree *tree, packet_info* pinfo, tvbuf
|
|||
* Take apart the CLV that hold authentication information. This
|
||||
* is currently 1 octet auth type.
|
||||
* the two defined authentication types
|
||||
* are 1 for a clear text password and
|
||||
* 54 for a HMAC-MD5 digest
|
||||
* are 1 for a clear text password,
|
||||
* 54 for a HMAC-MD5 digest and
|
||||
* 3 for CRYPTO_AUTH (rfc5310)
|
||||
*
|
||||
* Input:
|
||||
* tvbuff_t * : tvbuffer for packet data
|
||||
|
@ -152,10 +162,11 @@ isis_dissect_instance_identifier_clv(proto_tree *tree, packet_info* pinfo, tvbuf
|
|||
*/
|
||||
void
|
||||
isis_dissect_authentication_clv(proto_tree *tree, packet_info* pinfo, tvbuff_t *tvb,
|
||||
int hf_auth_bytes, expert_field* auth_expert, int offset, int length)
|
||||
int hf_auth_bytes, int hf_key_id, expert_field* auth_expert, int offset, int length)
|
||||
{
|
||||
guchar pw_type;
|
||||
int auth_unsupported;
|
||||
const gchar *algorithm = NULL;
|
||||
|
||||
if ( length <= 0 ) {
|
||||
return;
|
||||
|
@ -179,12 +190,26 @@ isis_dissect_authentication_clv(proto_tree *tree, packet_info* pinfo, tvbuff_t *
|
|||
case 54:
|
||||
if ( length == 16 ) {
|
||||
proto_tree_add_bytes_format( tree, hf_auth_bytes, tvb, offset, length,
|
||||
NULL, "hmac-md5 (54), password (length %d) = %s", length, tvb_bytes_to_str(wmem_packet_scope(), tvb, offset, length));
|
||||
NULL, "hmac-md5 (54), message digest (length %d) = %s", length, tvb_bytes_to_str(wmem_packet_scope(), tvb, offset, length));
|
||||
} else {
|
||||
proto_tree_add_bytes_format( tree, hf_auth_bytes, tvb, offset, length,
|
||||
NULL, "hmac-md5 (54), illegal hmac-md5 digest format (must be 16 bytes)");
|
||||
}
|
||||
break;
|
||||
case 3:
|
||||
proto_tree_add_item(tree, hf_key_id, tvb, offset, 2, ENC_BIG_ENDIAN);
|
||||
offset += 2;
|
||||
length -= 2;
|
||||
algorithm = try_val_to_str(length, algorithm_vals);
|
||||
if ( algorithm ) {
|
||||
proto_tree_add_bytes_format( tree, hf_auth_bytes, tvb, offset, length,
|
||||
NULL, "CRYPTO_AUTH %s (3), message digest (length %d) = %s", algorithm,
|
||||
length, tvb_bytes_to_str(wmem_packet_scope(), tvb, offset, length));
|
||||
} else {
|
||||
proto_tree_add_bytes_format( tree, hf_auth_bytes, tvb, offset, length,
|
||||
NULL, "CRYPTO_AUTH (3) illegal message digest format");
|
||||
}
|
||||
break;
|
||||
default:
|
||||
proto_tree_add_bytes_format( tree, hf_auth_bytes, tvb, offset, length,
|
||||
NULL, "type 0x%02x (0x%02x)", pw_type, length);
|
||||
|
|
|
@ -109,7 +109,7 @@ extern void isis_dissect_mt_clv(tvbuff_t *tvb, packet_info* pinfo, proto_tree *t
|
|||
extern void isis_dissect_hostname_clv(tvbuff_t *tvb, proto_tree *tree,
|
||||
int offset, int length, int tree_id);
|
||||
extern void isis_dissect_authentication_clv(proto_tree *tree, packet_info* pinfo, tvbuff_t *tvb,
|
||||
int hf_auth_bytes, expert_field* auth_expert, int offset, int length);
|
||||
int hf_auth_bytes, int hf_key_id, expert_field* auth_expert, int offset, int length);
|
||||
extern void isis_dissect_area_address_clv(proto_tree *tree, packet_info* pinfo, tvbuff_t *tvb,
|
||||
expert_field* expert, int hf_area, int offset, int length);
|
||||
extern void isis_dissect_instance_identifier_clv(proto_tree *tree, packet_info* pinfo, tvbuff_t *tvb,
|
||||
|
|
|
@ -663,7 +663,7 @@ static void
|
|||
dissect_hello_authentication_clv(tvbuff_t *tvb, packet_info* pinfo,
|
||||
proto_tree *tree, int offset, int id_length _U_, int length)
|
||||
{
|
||||
isis_dissect_authentication_clv(tree, pinfo, tvb, hf_isis_hello_authentication, &ei_isis_hello_authentication, offset, length);
|
||||
isis_dissect_authentication_clv(tree, pinfo, tvb, hf_isis_hello_authentication, hf_isis_clv_key_id, &ei_isis_hello_authentication, offset, length);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -2151,7 +2151,7 @@ static void
|
|||
dissect_lsp_authentication_clv(tvbuff_t *tvb, packet_info* pinfo, proto_tree *tree, int offset,
|
||||
int id_length _U_, int length)
|
||||
{
|
||||
isis_dissect_authentication_clv(tree, pinfo, tvb, hf_isis_lsp_authentication, &ei_isis_lsp_authentication, offset, length);
|
||||
isis_dissect_authentication_clv(tree, pinfo, tvb, hf_isis_lsp_authentication, hf_isis_clv_key_id, &ei_isis_lsp_authentication, offset, length);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -96,7 +96,7 @@ static void
|
|||
dissect_snp_authentication_clv(tvbuff_t *tvb, packet_info* pinfo, proto_tree *tree, int offset,
|
||||
int id_length _U_, int length)
|
||||
{
|
||||
isis_dissect_authentication_clv(tree, pinfo, tvb, hf_isis_csnp_authentication, &ei_isis_csnp_authentication, offset, length);
|
||||
isis_dissect_authentication_clv(tree, pinfo, tvb, hf_isis_csnp_authentication, hf_isis_clv_key_id, &ei_isis_csnp_authentication, offset, length);
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
|
@ -49,6 +49,7 @@ static int hf_isis_type_reserved = -1;
|
|||
static int hf_isis_version2 = -1;
|
||||
static int hf_isis_reserved = -1;
|
||||
static int hf_isis_max_area_adr = -1;
|
||||
int hf_isis_clv_key_id = -1;
|
||||
|
||||
static gint ett_isis = -1;
|
||||
|
||||
|
@ -194,6 +195,9 @@ proto_register_isis(void)
|
|||
{ "Maximum Area Addresses", "isis.max_area_adr", FT_UINT8, BASE_DEC, NULL,
|
||||
0x0, "Maximum Area Addresses, 0 means 3", HFILL }},
|
||||
|
||||
{ &hf_isis_clv_key_id,
|
||||
{ "Key ID", "isis.clv.key_id", FT_UINT16, BASE_DEC, NULL,
|
||||
0x0, NULL, HFILL }},
|
||||
};
|
||||
/*
|
||||
* Note, we pull in the unknown CLV handler here, since it
|
||||
|
|
|
@ -54,6 +54,8 @@ typedef struct isis_data {
|
|||
guint8 system_id_len;
|
||||
} isis_data_t;
|
||||
|
||||
extern int hf_isis_clv_key_id;
|
||||
|
||||
#endif /* _PACKET_ISIS_H */
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in New Issue