osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

ISAKMP: add parse auth_method and proto for China IPSec VPN specification 

China IPSec VPN specification use value 10 for auth_method and value 128 for pyload type
This commit is contained in:
zhilei zhang 2024-01-30 16:18:08 +08:00 committed by Alexis La Goutte
parent 4e987dc451
commit 24669a5ab4
1 changed files with 42 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
epan/dissectors/packet-isakmp.c
View File

@ -222,6 +222,7 @@ static int hf_isakmp_num_spis;
static int hf_isakmp_hash;
static int hf_isakmp_sig;
static int hf_isakmp_nonce;
static int hf_isakmp_symmetric_key;
static int hf_isakmp_notify_data_3gpp_backoff_timer_len;
@ -274,6 +275,7 @@ static attribute_common_fields hf_isakmp_ike_attr;
static int hf_isakmp_ike_attr_encryption_algorithm;
static int hf_isakmp_ike_attr_hash_algorithm;
static int hf_isakmp_ike_attr_authentication_method;
static int hf_isakmp_ike_attr_authentication_method_china;
static int hf_isakmp_ike_attr_group_description;
static int hf_isakmp_ike_attr_group_type;
static int hf_isakmp_ike_attr_group_prime;
@ -623,6 +625,7 @@ static const fragment_items isakmp_frag_items = {
#define PLOAD_IKE2_GSA 51
#define PLOAD_IKE2_KD 52
#define PLOAD_IKE2_SKF 53
#define PLOAD_IKE_SK 128
#define PLOAD_IKE_NAT_D13 130
#define PLOAD_IKE_NAT_OA14 131
#define PLOAD_IKE_CISCO_FRAG 132
@ -734,7 +737,8 @@ static const range_string payload_type[] = {
{ PLOAD_IKE2_KD,PLOAD_IKE2_KD, "Key Download"},
{ PLOAD_IKE2_SKF,PLOAD_IKE2_SKF, "Encrypted and Authenticated Fragment"},
{ 54,127, "Unassigned" },
{ 128,129, "Private Use" },
{ PLOAD_IKE_SK,PLOAD_IKE_SK, "Symmetric-key"},
{ 129,129, "Private Use" },
{ PLOAD_IKE_NAT_D13,PLOAD_IKE_NAT_D13, "NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03)"},
{ PLOAD_IKE_NAT_OA14,PLOAD_IKE_NAT_OA14, "NAT-OA (draft-ietf-ipsec-nat-t-ike-01 to 03)"},
{ PLOAD_IKE_CISCO_FRAG,PLOAD_IKE_CISCO_FRAG, "Cisco-Fragmentation"},
@ -1092,6 +1096,14 @@ static const value_string ike_attr_authmeth[] = {
{ 0, NULL },
};
/* For GM/T 0022 IPSec VPN specification
This specification only define one value for authmeth
*/
static const value_string ike_attr_authmeth_china[] = {
{ 10, "Digital Envelope" },
{ 0, NULL },
};
static const value_string dh_group[] = {
{ 0, "UNDEFINED - 0" },
{ 1, "Default 768-bit MODP group" },
@ -2434,6 +2446,7 @@ static void dissect_ts_payload(tvbuff_t *, int, int, proto_tree *);
static tvbuff_t * dissect_enc(tvbuff_t *, int, int, proto_tree *, packet_info *, guint8, gboolean, void*, gboolean);
static void dissect_eap(tvbuff_t *, int, int, proto_tree *, packet_info *);
static void dissect_gspm(tvbuff_t *, int, int, proto_tree *);
static void dissect_symmetric_key(tvbuff_t *, int, int, proto_tree *);
static void dissect_cisco_fragmentation(tvbuff_t *, int, int, proto_tree *, packet_info *);
/* State of current fragmentation within a conversation */
@ -3278,6 +3291,9 @@ dissect_payloads(tvbuff_t *tvb, proto_tree *tree,
dissect_ikev2_fragmentation(tvb, offset + 4, ntree, pinfo, message_id, next_payload, is_request, decr_data );
}
break;
case PLOAD_IKE_SK:
dissect_symmetric_key(tvb, offset + 4, payload_length - 4, ntree);
break;
default:
proto_tree_add_item(ntree, hf_isakmp_datapayload, tvb, offset + 4, payload_length-4, ENC_NA);
break;
@ -4048,8 +4064,18 @@ dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int o
if (decr) decr->ike_hash_alg = tvb_get_ntohs(tvb, offset);
break;
case IKE_ATTR_AUTHENTICATION_METHOD:
proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_authentication_method, tvb, offset, value_len, ENC_BIG_ENDIAN);
proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_authmeth, "Unknown %d"));
/* for GM/T 0022 IPSec VPN specification */
if(decr && (decr->ike_hash_alg == HMAC_SM3 || decr->ike_encr_alg == ENC_SM1_CBC || decr->ike_encr_alg == ENC_SM4_CBC))
{
proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_authentication_method_china, tvb, offset, value_len, ENC_BIG_ENDIAN);
proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_authmeth_china, "Unknown %d"));
}
else
{
proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_authentication_method, tvb, offset, value_len, ENC_BIG_ENDIAN);
proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_authmeth, "Unknown %d"));
}
if (decr) decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? TRUE : FALSE;
break;
case IKE_ATTR_GROUP_DESCRIPTION:
@ -4580,6 +4606,11 @@ dissect_nonce(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
proto_tree_add_item(ntree, hf_isakmp_nonce, tvb, offset, length, ENC_NA);
}
static void dissect_symmetric_key(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
{
proto_tree_add_item(ntree, hf_isakmp_symmetric_key, tvb, offset, length, ENC_NA);
}
static void
dissect_cisco_fragmentation(tvbuff_t *tvb, int offset, int length, proto_tree *tree, packet_info *pinfo)
{
@ -7127,7 +7158,10 @@ proto_register_isakmp(void)
{ "Nonce DATA", "isakmp.nonce",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_isakmp_symmetric_key,
{ "symmetric key", "isakmp.symmetric_key",
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }},
{ &hf_isakmp_ike2_fragment_number,
{ "Fragment Number", "isakmp.frag.number",
FT_UINT16, BASE_DEC, NULL, 0x0,
@ -7393,6 +7427,10 @@ proto_register_isakmp(void)
{ "Authentication Method", "isakmp.ike.attr.authentication_method",
FT_UINT16, BASE_DEC, VALS(ike_attr_authmeth), 0x00,
NULL, HFILL }},
{ &hf_isakmp_ike_attr_authentication_method_china,
{ "Authentication Method for China IPSsec VPN specification", "isakmp.ike.attr.authentication_method_china",
FT_UINT16, BASE_DEC, VALS(ike_attr_authmeth_china), 0x00,
NULL, HFILL }},
{ &hf_isakmp_ike_attr_group_description,
{ "Group Description", "isakmp.ike.attr.group_description",
FT_UINT16, BASE_DEC, VALS(dh_group), 0x00,