osmocom/wireshark
14
0
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity

Reformat some long lines for readability....

Browse source 
svn path=/trunk/; revision=29570
This commit is contained in:
Bill Meier 2009-08-26 19:30:44 +00:00
parent acd415ca9b
commit 7081039a23
1 changed files with 97 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

130
epan/dissectors/packet-ipsec.c
View file

@ -359,8 +359,10 @@ static int get_ipv6_suffix(char* ipv6_suffix, char *ipv6_address)
- char *ipv6_addr : the valid ipv6 address to parse in char * - char *ipv6_addr : the valid ipv6 address to parse in char *
- char *ipv6_addr_expansed : the expanded ipv6 address associated in char * - char *ipv6_addr_expansed : the expanded ipv6 address associated in char *
ex: if IPv6 address is "3ffe::1" the IPv6 expanded address will be "3FFE0000000000000000000000000001" and the function will return 0 ex: if IPv6 address is "3ffe::1" the IPv6 expanded address
if IPV6 address is "3ffe::*" the IPv6 expanded address will be "3FFE000000000000000000000000****" and the function will return 0 will be "3FFE0000000000000000000000000001" and the function will return 0
if IPV6 address is "3ffe::*" the IPv6 expanded address
will be "3FFE000000000000000000000000****" and the function will return 0
*/ */
#ifdef HAVE_LIBGCRYPT #ifdef HAVE_LIBGCRYPT
static int static int
@ -421,13 +423,16 @@ get_full_ipv6_addr(char* ipv6_addr_expanded, char *ipv6_addr)
/* /*
Name : static gboolean get_full_ipv4_addr(char* ipv4_addr_expanded, char *ipv4_addr) Name : static gboolean get_full_ipv4_addr(char* ipv4_addr_expanded, char *ipv4_addr)
Description : Get the extended IPv4 Address of an IPv4 Address Description : Get the extended IPv4 Address of an IPv4 Address
Return : Return true if it can derive an IPv4 address. It does not mean that the previous one was valid. Return : Return true if it can derive an IPv4 address. It does not mean that
the previous one was valid.
Params: Params:
- char *ipv4_addr : the valid ipv4 address to parse in char * - char *ipv4_addr : the valid ipv4 address to parse in char *
- char *ipv4_addr_expansed : the expanded ipv4 address associated in char * - char *ipv4_addr_expansed : the expanded ipv4 address associated in char *
ex: if IPv4 address is "190.*.*.1" the IPv4 expanded address will be "BE****01" and the function will return 0 ex: if IPv4 address is "190.*.*.1" the IPv4 expanded address will be "BE****01" and
if IPv4 address is "*" the IPv4 expanded address will be "********" and the function will return 0 the function will return 0
if IPv4 address is "*" the IPv4 expanded address will be "********" and
the function will return 0
*/ */
#ifdef HAVE_LIBGCRYPT #ifdef HAVE_LIBGCRYPT
static gboolean static gboolean
@ -627,7 +632,10 @@ esp_sa_parse_ipv4addr(const gchar *sa, guint index_start, gchar **pt_ipv4addr, g
else else
{ {
if((cpt == IPSEC_IPV4_ADDR_MAX - 1) && ((cpt + index_start) < strlen(sa)) && (sa[cpt + index_start + 1] != IPSEC_SA_ADDR_LEN_SEPARATOR) && (sa[cpt + index_start + 1] != IPSEC_SA_SEPARATOR)) if((cpt == IPSEC_IPV4_ADDR_MAX - 1)
&& ((cpt + index_start) < strlen(sa))
&& (sa[cpt + index_start + 1] != IPSEC_SA_ADDR_LEN_SEPARATOR)
&& (sa[cpt + index_start + 1] != IPSEC_SA_SEPARATOR))
return FALSE; return FALSE;
addr_string[cpt] = toupper(sa[cpt + index_start]); addr_string[cpt] = toupper(sa[cpt + index_start]);
cpt ++; cpt ++;
@ -800,7 +808,10 @@ esp_sa_parse_addr_len(const gchar *sa, guint index_start, gint *len, guint *inde
else else
{ {
if((cpt == IPSEC_ADDR_LEN_MAX) && ((cpt + index_start) < strlen(sa)) && (sa[cpt + index_start + 1] != IPSEC_SA_ADDR_LEN_SEPARATOR) && (sa[cpt + index_start + 1] != IPSEC_SA_SEPARATOR)) if((cpt == IPSEC_ADDR_LEN_MAX)
&& ((cpt + index_start) < strlen(sa))
&& (sa[cpt + index_start + 1] != IPSEC_SA_ADDR_LEN_SEPARATOR)
&& (sa[cpt + index_start + 1] != IPSEC_SA_SEPARATOR))
return FALSE; return FALSE;
len_string[cpt -1] = sa[cpt + index_start]; len_string[cpt -1] = sa[cpt + index_start];
cpt ++; cpt ++;
@ -1075,7 +1086,9 @@ filter_address_match(gchar *address, gchar *filter, gint len, gint typ)
if(strlen(address) != strlen(filter)) return FALSE; if(strlen(address) != strlen(filter)) return FALSE;
/* No length specified */ /* No length specified */
if((len < 0) || ((typ == IPSEC_SA_IPV6) && (len > IPSEC_IPV6_ADDR_LEN)) || ((typ == IPSEC_SA_IPV4) && (len > IPSEC_IPV4_ADDR_LEN))) if((len < 0)
|| ((typ == IPSEC_SA_IPV6) && (len > IPSEC_IPV6_ADDR_LEN))
|| ((typ == IPSEC_SA_IPV4) && (len > IPSEC_IPV4_ADDR_LEN)))
{ {
for(i = 0; (guint)i < strlen(address); i++) for(i = 0; (guint)i < strlen(address); i++)
{ {
@ -1308,7 +1321,9 @@ get_esp_sa(g_esp_sa_database *sad, gint protocol_typ, gchar *src, gchar *dst,
/* Debugging Purpose */ /* Debugging Purpose */
/* /*
fprintf(stderr, "VALID SA => <SA : %s> <Filter Source : %s/%i> <Filter Destination : %s/%i> <SPI : %s>\n", g_esp_sad.table[i].sa, g_esp_sad.table[i].src, g_esp_sad.table[i].src_len, fprintf(stderr,
"VALID SA => <SA : %s> <Filter Source : %s/%i> <Filter Destination : %s/%i> <SPI : %s>\n",
g_esp_sad.table[i].sa, g_esp_sad.table[i].src, g_esp_sad.table[i].src_len,
g_esp_sad.table[i].dst, g_esp_sad.table[i].dst_len, g_esp_sad.table[i].spi); g_esp_sad.table[i].dst, g_esp_sad.table[i].dst_len, g_esp_sad.table[i].spi);
*/ */
@ -1935,7 +1950,9 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
err = gcry_md_open (&md_hd, auth_algo_libgcrypt, GCRY_MD_FLAG_HMAC); err = gcry_md_open (&md_hd, auth_algo_libgcrypt, GCRY_MD_FLAG_HMAC);
if (err) if (err)
{ {
fprintf (stderr,"<IPsec/ESP Dissector> Error in Algorithm %s, gcry_md_open failed: %s\n", gcry_md_algo_name(auth_algo_libgcrypt), gpg_strerror (err)); fprintf (stderr,
"<IPsec/ESP Dissector> Error in Algorithm %s, gcry_md_open failed: %s\n",
gcry_md_algo_name(auth_algo_libgcrypt), gpg_strerror (err));
authentication_ok = FALSE; authentication_ok = FALSE;
g_free(authenticator_data); g_free(authenticator_data);
g_free(esp_data); g_free(esp_data);
@ -1946,7 +1963,9 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
md_len = gcry_md_get_algo_dlen (auth_algo_libgcrypt); md_len = gcry_md_get_algo_dlen (auth_algo_libgcrypt);
if (md_len < 1 || md_len < esp_auth_len) if (md_len < 1 || md_len < esp_auth_len)
{ {
fprintf (stderr,"<IPsec/ESP Dissector> Error in Algorithm %s, grcy_md_get_algo_dlen failed: %d\n", gcry_md_algo_name(auth_algo_libgcrypt), md_len); fprintf (stderr,
"<IPsec/ESP Dissector> Error in Algorithm %s, grcy_md_get_algo_dlen failed: %d\n",
gcry_md_algo_name(auth_algo_libgcrypt), md_len);
authentication_ok = FALSE; authentication_ok = FALSE;
} }
@ -1959,7 +1978,9 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
authenticator_data_computed_md = gcry_md_read (md_hd, auth_algo_libgcrypt); authenticator_data_computed_md = gcry_md_read (md_hd, auth_algo_libgcrypt);
if (authenticator_data_computed_md == 0) if (authenticator_data_computed_md == 0)
{ {
fprintf (stderr,"<IPsec/ESP Dissector> Error in Algorithm %s, gcry_md_read failed\n", gcry_md_algo_name(auth_algo_libgcrypt)); fprintf (stderr,
"<IPsec/ESP Dissector> Error in Algorithm %s, gcry_md_read failed\n",
gcry_md_algo_name(auth_algo_libgcrypt));
authentication_ok = FALSE; authentication_ok = FALSE;
} }
else else
@ -1970,7 +1991,8 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
authenticator_data_computed = (guint8 *) g_malloc (( esp_auth_len * 2 + 1) * sizeof(guint8)); authenticator_data_computed = (guint8 *) g_malloc (( esp_auth_len * 2 + 1) * sizeof(guint8));
for (i = 0; i < esp_auth_len; i++) for (i = 0; i < esp_auth_len; i++)
{ {
g_snprintf((char *)authenticator_data_computed_car, 3, "%02X", authenticator_data_computed_md[i] & 0xFF); g_snprintf((char *)authenticator_data_computed_car, 3,
"%02X", authenticator_data_computed_md[i] & 0xFF);
authenticator_data_computed[i*2] = authenticator_data_computed_car[0]; authenticator_data_computed[i*2] = authenticator_data_computed_car[0];
authenticator_data_computed[i*2 + 1] = authenticator_data_computed_car[1]; authenticator_data_computed[i*2 + 1] = authenticator_data_computed_car[1];
} }
@ -2034,8 +2056,10 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
if (esp_crypt_key_len != gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt)) if (esp_crypt_key_len != gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt))
{ {
fprintf (stderr,"<ESP Preferences> Error in Encryption Algorithm 3DES-CBC : Bad Keylen (got %i Bits, need %lu)\n", fprintf (stderr,
esp_crypt_key_len * 8, (unsigned long) gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt) * 8); "<ESP Preferences> Error in Encryption Algorithm 3DES-CBC : Bad Keylen (got %i Bits, need %lu)\n",
esp_crypt_key_len * 8,
(unsigned long) gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt) * 8);
decrypt_ok = FALSE; decrypt_ok = FALSE;
} }
else else
@ -2091,7 +2115,8 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
} }
default: default:
{ {
fprintf (stderr,"<ESP Preferences> Error in Encryption Algorithm AES-CBC : Bad Keylen (%i Bits)\n", fprintf (stderr,
"<ESP Preferences> Error in Encryption Algorithm AES-CBC : Bad Keylen (%i Bits)\n",
esp_crypt_key_len * 8); esp_crypt_key_len * 8);
decrypt_ok = FALSE; decrypt_ok = FALSE;
} }
@ -2135,7 +2160,8 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
} }
default: default:
{ {
fprintf (stderr,"<ESP Preferences> Error in Encryption Algorithm CAST5-CBC : Bad Keylen (%i Bits)\n", fprintf (stderr,
"<ESP Preferences> Error in Encryption Algorithm CAST5-CBC : Bad Keylen (%i Bits)\n",
esp_crypt_key_len * 8); esp_crypt_key_len * 8);
decrypt_ok = FALSE; decrypt_ok = FALSE;
} }
@ -2171,8 +2197,10 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
if (esp_crypt_key_len != gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt)) if (esp_crypt_key_len != gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt))
{ {
fprintf (stderr,"<ESP Preferences> Error in Encryption Algorithm DES-CBC : Bad Keylen (%i Bits, need %lu)\n", fprintf (stderr,
esp_crypt_key_len * 8, (unsigned long) gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt) * 8); "<ESP Preferences> Error in Encryption Algorithm DES-CBC : Bad Keylen (%i Bits, need %lu)\n",
esp_crypt_key_len * 8,
(unsigned long) gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt) * 8);
decrypt_ok = FALSE; decrypt_ok = FALSE;
} }
else else
@ -2230,7 +2258,9 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
} }
default: default:
{ {
fprintf (stderr,"<ESP Preferences> Error in Encryption Algorithm AES-CTR : Bad Keylen (%i Bits)\n",esp_crypt_key_len * 8); fprintf (stderr,
"<ESP Preferences> Error in Encryption Algorithm AES-CTR : Bad Keylen (%i Bits)\n",
esp_crypt_key_len * 8);
decrypt_ok = FALSE; decrypt_ok = FALSE;
} }
} }
@ -2278,7 +2308,9 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
} }
default: default:
{ {
fprintf (stderr,"<ESP Preferences> Error in Encryption Algorithm TWOFISH-CBC : Bad Keylen (%i Bits)\n",esp_crypt_key_len * 8); fprintf (stderr,
"<ESP Preferences> Error in Encryption Algorithm TWOFISH-CBC : Bad Keylen (%i Bits)\n",
esp_crypt_key_len * 8);
decrypt_ok = FALSE; decrypt_ok = FALSE;
} }
} }
@ -2316,7 +2348,8 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
if (esp_crypt_key_len != gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt)) if (esp_crypt_key_len != gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt))
{ {
fprintf (stderr,"<ESP Preferences> Error in Encryption Algorithm BLOWFISH-CBC : Bad Keylen (%i Bits, need %lu)\n", fprintf (stderr,
"<ESP Preferences> Error in Encryption Algorithm BLOWFISH-CBC : Bad Keylen (%i Bits, need %lu)\n",
esp_crypt_key_len * 8, (unsigned long) gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt) * 8); esp_crypt_key_len * 8, (unsigned long) gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt) * 8);
decrypt_ok = FALSE; decrypt_ok = FALSE;
} }
@ -2362,7 +2395,8 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
err = gcry_cipher_open (&cypher_hd, crypt_algo_libgcrypt, crypt_mode_libgcrypt, 0); err = gcry_cipher_open (&cypher_hd, crypt_algo_libgcrypt, crypt_mode_libgcrypt, 0);
if (err) if (err)
{ {
fprintf(stderr,"<IPsec/ESP Dissector> Error in Algorithm %s Mode %d, grcy_open_cipher failed: %s\n", fprintf(stderr,
"<IPsec/ESP Dissector> Error in Algorithm %s Mode %d, grcy_open_cipher failed: %s\n",
gcry_cipher_algo_name(crypt_algo_libgcrypt), crypt_mode_libgcrypt, gpg_strerror (err)); gcry_cipher_algo_name(crypt_algo_libgcrypt), crypt_mode_libgcrypt, gpg_strerror (err));
g_free(encrypted_data); g_free(encrypted_data);
g_free(decrypted_data); g_free(decrypted_data);
@ -2374,7 +2408,8 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
err = gcry_cipher_setkey (cypher_hd, esp_crypt_key, esp_crypt_key_len); err = gcry_cipher_setkey (cypher_hd, esp_crypt_key, esp_crypt_key_len);
if (err) if (err)
{ {
fprintf(stderr,"<IPsec/ESP Dissector> Error in Algorithm %s Mode %d, gcry_cipher_setkey failed: %s\n", fprintf(stderr,
"<IPsec/ESP Dissector> Error in Algorithm %s Mode %d, gcry_cipher_setkey failed: %s\n",
gcry_cipher_algo_name(crypt_algo_libgcrypt), crypt_mode_libgcrypt, gpg_strerror (err)); gcry_cipher_algo_name(crypt_algo_libgcrypt), crypt_mode_libgcrypt, gpg_strerror (err));
gcry_cipher_close (cypher_hd); gcry_cipher_close (cypher_hd);
g_free(encrypted_data); g_free(encrypted_data);
@ -2383,10 +2418,13 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
} }
else else
{ {
err = gcry_cipher_decrypt (cypher_hd, decrypted_data, decrypted_len_alloc + esp_iv_len, encrypted_data, decrypted_len_alloc); err = gcry_cipher_decrypt (cypher_hd,
decrypted_data,
decrypted_len_alloc + esp_iv_len, encrypted_data, decrypted_len_alloc);
if (err) if (err)
{ {
fprintf(stderr,"<IPsec/ESP Dissector> Error in Algorithm %s, Mode %d, gcry_cipher_decrypt failed: %s\n", fprintf(stderr,
"<IPsec/ESP Dissector> Error in Algorithm %s, Mode %d, gcry_cipher_decrypt failed: %s\n",
gcry_cipher_algo_name(crypt_algo_libgcrypt), crypt_mode_libgcrypt, gpg_strerror (err)); gcry_cipher_algo_name(crypt_algo_libgcrypt), crypt_mode_libgcrypt, gpg_strerror (err));
gcry_cipher_close (cypher_hd); gcry_cipher_close (cypher_hd);
g_free(encrypted_data); g_free(encrypted_data);
@ -2402,7 +2440,8 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{ {
for(i = 0; i < esp_auth_len; i++) for(i = 0; i < esp_auth_len; i++)
{ {
decrypted_data[i + decrypted_len -esp_auth_len] = encrypted_data[i + decrypted_len - esp_auth_len]; decrypted_data[i + decrypted_len -esp_auth_len]
= encrypted_data[i + decrypted_len - esp_auth_len];
} }
} }
@ -2416,7 +2455,10 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
if(decrypt_ok) if(decrypt_ok)
{ {
tvb_decrypted = tvb_new_child_real_data(tvb, g_memdup(decrypted_data+sizeof(guint8)*esp_iv_len,(decrypted_len - esp_iv_len)*sizeof(guint8)), decrypted_len - esp_iv_len, decrypted_len - esp_iv_len); tvb_decrypted = tvb_new_child_real_data(tvb,
g_memdup(decrypted_data+sizeof(guint8)*esp_iv_len,
(decrypted_len - esp_iv_len)*sizeof(guint8)),
decrypted_len - esp_iv_len, decrypted_len - esp_iv_len);
g_free(decrypted_data); g_free(decrypted_data);
add_new_data_source(pinfo, add_new_data_source(pinfo,
@ -2470,7 +2512,11 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
if(esp_tree) if(esp_tree)
{ {
if(esp_pad_len !=0) if(esp_pad_len !=0)
proto_tree_add_text(esp_tree, tvb_decrypted, decrypted_len - esp_iv_len - esp_auth_len - 2 - esp_pad_len, esp_pad_len,"Pad"); proto_tree_add_text(esp_tree,
tvb_decrypted,
decrypted_len - esp_iv_len - esp_auth_len - 2 - esp_pad_len,
esp_pad_len,
"Pad");
proto_tree_add_uint(esp_tree, hf_esp_pad_len, tvb_decrypted, proto_tree_add_uint(esp_tree, hf_esp_pad_len, tvb_decrypted,
decrypted_len - esp_iv_len - esp_auth_len - 2, 1, decrypted_len - esp_iv_len - esp_auth_len - 2, 1,
@ -2482,18 +2528,30 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
"Next header: %s (0x%02x)", "Next header: %s (0x%02x)",
ipprotostr(encapsulated_protocol), encapsulated_protocol); ipprotostr(encapsulated_protocol), encapsulated_protocol);
dissect_esp_authentication(esp_tree, tvb_decrypted, decrypted_len - esp_iv_len, esp_auth_len, authenticator_data_computed, authentication_ok, authentication_checking_ok ); dissect_esp_authentication(esp_tree,
tvb_decrypted,
decrypted_len - esp_iv_len,
esp_auth_len,
authenticator_data_computed,
authentication_ok,
authentication_checking_ok );
} }
} }
else else
{ {
call_dissector(data_handle, call_dissector(data_handle,
tvb_new_subset(tvb_decrypted, 0, decrypted_len - esp_iv_len - esp_auth_len, decrypted_len - esp_iv_len - esp_auth_len), tvb_new_subset(tvb_decrypted, 0,
decrypted_len - esp_iv_len - esp_auth_len,
decrypted_len - esp_iv_len - esp_auth_len),
pinfo, esp_tree); pinfo, esp_tree);
if(esp_tree) if(esp_tree)
dissect_esp_authentication(esp_tree, tvb_decrypted, decrypted_len - esp_iv_len, esp_auth_len, authenticator_data_computed, authentication_ok, authentication_checking_ok ); dissect_esp_authentication(esp_tree,
tvb_decrypted,
decrypted_len - esp_iv_len, esp_auth_len,
authenticator_data_computed, authentication_ok,
authentication_checking_ok );
} }
} }
@ -2526,7 +2584,9 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
pinfo, esp_tree); pinfo, esp_tree);
if(esp_tree) if(esp_tree)
dissect_esp_authentication(esp_tree, tvb, len , esp_auth_len, authenticator_data_computed, authentication_ok, authentication_checking_ok ); dissect_esp_authentication(esp_tree, tvb, len ,
esp_auth_len, authenticator_data_computed,
authentication_ok, authentication_checking_ok );
} }
@ -2786,7 +2846,9 @@ proto_register_ipsec(void)
prefs_register_bool_preference(esp_module, "enable_null_encryption_decode_heuristic", prefs_register_bool_preference(esp_module, "enable_null_encryption_decode_heuristic",
"Attempt to detect/decode NULL encrypted ESP payloads", "Attempt to detect/decode NULL encrypted ESP payloads",
"This is done only if the Decoding is not SET or the packet does not belong to a SA. Assumes a 12 byte auth (HMAC-SHA1-96/HMAC-MD5-96/AES-XCBC-MAC-96) and attempts decode based on the ethertype 13 bytes from packet end", "This is done only if the Decoding is not SET or the packet does not belong to a SA. "
"Assumes a 12 byte auth (HMAC-SHA1-96/HMAC-MD5-96/AES-XCBC-MAC-96) "
"and attempts decode based on the ethertype 13 bytes from packet end",
&g_esp_enable_null_encryption_decode_heuristic); &g_esp_enable_null_encryption_decode_heuristic);