From bdca315497c910dc847219a8819874de4e9f8c96 Mon Sep 17 00:00:00 2001
From: Evan Huus <eapache@gmail.com>
Date: Mon, 25 Feb 2013 22:19:15 +0000
Subject: [PATCH] From Alex Badea via
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8395

Support AES-GCM ipsec encryption using CTR (since libgcrypt doesn't support
GCM). Using CTR instead gets us decryption, but does not verify authentication.

svn path=/trunk/; revision=47886
---
 epan/dissectors/packet-ipsec.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/epan/dissectors/packet-ipsec.c b/epan/dissectors/packet-ipsec.c
index eb4d3b1396..e159e68299 100644
--- a/epan/dissectors/packet-ipsec.c
+++ b/epan/dissectors/packet-ipsec.c
@@ -130,6 +130,9 @@ static dissector_table_t ip_dissector_table;
 /* Encryption algorithm defined in RFC 2144 */
 #define IPSEC_ENCRYPT_CAST5_CBC 7
 
+/* Encryption algorithm defined in RFC 4106 */
+#define IPSEC_ENCRYPT_AES_GCM 8
+
 /* Authentication algorithms defined in RFC 4305 */
 #define IPSEC_AUTH_NULL 0
 #define IPSEC_AUTH_HMAC_SHA1_96 1
@@ -1524,6 +1527,7 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
                         break;
 
                     case IPSEC_ENCRYPT_AES_CTR :
+                    case IPSEC_ENCRYPT_AES_GCM :
                         /* RFC 3686 says :
                         AES supports three key sizes: 128 bits, 192 bits,
                         and 256 bits.  The default key size is 128 bits,
@@ -1565,7 +1569,7 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
                                 break;
 
                             default:
-                                fprintf (stderr, "<ESP Preferences> Error in Encryption Algorithm AES-CTR : Bad Keylen (%i Bits)\n",
+                                fprintf (stderr, "<ESP Preferences> Error in Encryption Algorithm AES-CTR / AES-GCM : Bad Keylen (%i Bits)\n",
                                     esp_crypt_key_len * 8);
                                 decrypt_ok = FALSE;
                             }
@@ -1715,6 +1719,8 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
                                     memcpy(ctr_block, esp_crypt_key + esp_crypt_key_len - 4, 4);
                                     memcpy(ctr_block + 4, encrypted_data, 8);
                                     ctr_block[15] = 1;
+                                    if (esp_crypt_algo == IPSEC_ENCRYPT_AES_GCM)
+                                      ctr_block[15]++;
                                     err = gcry_cipher_setctr (cypher_hd, ctr_block, 16);
                                     if (!err)
                                     {
@@ -2080,6 +2086,7 @@ proto_register_ipsec(void)
     { IPSEC_ENCRYPT_CAST5_CBC, "CAST5-CBC [RFC2144]" },
     { IPSEC_ENCRYPT_BLOWFISH_CBC, "BLOWFISH-CBC [RFC2451]" },
     { IPSEC_ENCRYPT_TWOFISH_CBC, "TWOFISH-CBC" },
+    { IPSEC_ENCRYPT_AES_GCM, "AES-GCM [RFC4106]" },
     { 0x00, NULL }
   };