osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

From Alex Badea via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8395 

Support AES-GCM ipsec encryption using CTR (since libgcrypt doesn't support
GCM). Using CTR instead gets us decryption, but does not verify authentication.

svn path=/trunk/; revision=47886
This commit is contained in:
Evan Huus 2013-02-25 22:19:15 +00:00
parent 2c7844cc69
commit bdca315497
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
epan/dissectors/packet-ipsec.c
View File

@ -130,6 +130,9 @@ static dissector_table_t ip_dissector_table;
/* Encryption algorithm defined in RFC 2144 */ /* Encryption algorithm defined in RFC 2144 */
#define IPSEC_ENCRYPT_CAST5_CBC 7 #define IPSEC_ENCRYPT_CAST5_CBC 7
/* Encryption algorithm defined in RFC 4106 */
#define IPSEC_ENCRYPT_AES_GCM 8
/* Authentication algorithms defined in RFC 4305 */ /* Authentication algorithms defined in RFC 4305 */
#define IPSEC_AUTH_NULL 0 #define IPSEC_AUTH_NULL 0
#define IPSEC_AUTH_HMAC_SHA1_96 1 #define IPSEC_AUTH_HMAC_SHA1_96 1
@ -1524,6 +1527,7 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
break; break;
case IPSEC_ENCRYPT_AES_CTR : case IPSEC_ENCRYPT_AES_CTR :
case IPSEC_ENCRYPT_AES_GCM :
/* RFC 3686 says : /* RFC 3686 says :
AES supports three key sizes: 128 bits, 192 bits, AES supports three key sizes: 128 bits, 192 bits,
and 256 bits. The default key size is 128 bits, and 256 bits. The default key size is 128 bits,
@ -1565,7 +1569,7 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
break; break;
default: default:
fprintf (stderr, "<ESP Preferences> Error in Encryption Algorithm AES-CTR : Bad Keylen (%i Bits)\n", fprintf (stderr, "<ESP Preferences> Error in Encryption Algorithm AES-CTR / AES-GCM : Bad Keylen (%i Bits)\n",
esp_crypt_key_len * 8); esp_crypt_key_len * 8);
decrypt_ok = FALSE; decrypt_ok = FALSE;
} }
@ -1715,6 +1719,8 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
memcpy(ctr_block, esp_crypt_key + esp_crypt_key_len - 4, 4); memcpy(ctr_block, esp_crypt_key + esp_crypt_key_len - 4, 4);
memcpy(ctr_block + 4, encrypted_data, 8); memcpy(ctr_block + 4, encrypted_data, 8);
ctr_block[15] = 1; ctr_block[15] = 1;
if (esp_crypt_algo == IPSEC_ENCRYPT_AES_GCM)
ctr_block[15]++;
err = gcry_cipher_setctr (cypher_hd, ctr_block, 16); err = gcry_cipher_setctr (cypher_hd, ctr_block, 16);
if (!err) if (!err)
{ {
@ -2080,6 +2086,7 @@ proto_register_ipsec(void)
{ IPSEC_ENCRYPT_CAST5_CBC, "CAST5-CBC [RFC2144]" }, { IPSEC_ENCRYPT_CAST5_CBC, "CAST5-CBC [RFC2144]" },
{ IPSEC_ENCRYPT_BLOWFISH_CBC, "BLOWFISH-CBC [RFC2451]" }, { IPSEC_ENCRYPT_BLOWFISH_CBC, "BLOWFISH-CBC [RFC2451]" },
{ IPSEC_ENCRYPT_TWOFISH_CBC, "TWOFISH-CBC" }, { IPSEC_ENCRYPT_TWOFISH_CBC, "TWOFISH-CBC" },
{ IPSEC_ENCRYPT_AES_GCM, "AES-GCM [RFC4106]" },
{ 0x00, NULL } { 0x00, NULL }
}; };