When specifying SA keys for AES-CTR, Wireshark expects a key length of 160, 224
or 288 bits, (i.e. 128, 192 or 256 bits, followed by the 32 bit nonce value),
but gcry_cipher_setkey() in packet_ipsec.c fails, as it expects 128, 192 or 256
bits.
Omitting the nonce won't work -- even if Wireshark liked those key lengths,
gcrypt wouldn't be able to decrypt without it.
svn path=/trunk/; revision=33105
for GNUTLS since they provide 32-bit and 64-bit Windows packages. We no
longer have winposixtype.h, so remove its #includes and add a ssize_t
typedef to config.h.win32.
svn path=/trunk/; revision=31341
Errors occur which means decrypted_len - esp_iv len will render a negative value and thus
cause the problem. This patch prevents the crash. Not sure if this is a proper fix. At least it
looks like a sane check to do.
svn path=/trunk/; revision=29979
As for now, Wireshark supports only 96-bit (or 0-bit for NULL authentication)
integrity control values (ICVs) for IPsec ESP. While the autentication field is
of variable length, this may lead to situations where the whole packet is not
parsable.
To solve this, I added generic classes (not checked) for 128, 192 and 256 bit
ICVs to the ESP dissector. I also split the HMAC-SHA-256 autentication
algorithm to HMAC-SHA-256-128 (128 bit as defined in RFC 4868) and
HMAC-SHA-256-96 (from the very first draft, nevertheless unpatched Linux and
BSDs do it this way).
svn path=/trunk/; revision=29121
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
the increments a bit closer to the point of use.
(XXX - is there more than one place where we turn a sequence of hex
digits into a string? If so, we should make it a common utility.)
svn path=/trunk/; revision=25268
digits into a string of characters; use g_ascii_xdigit_value() to
convert individual hex digit characters to their hex value - and check
whether it succeeds or not, so we catch invalid hex digits! - and just
append the resulting byte value to the string.
Handle the case where compute_ascii_key() fails.
svn path=/trunk/; revision=25265
est. Use g_ascii_strcasecmp() and g_ascii_strncasecmp(), and supply our
own versions if they're missing from GLib (as is the case with GLib
1.x).
In the code to build the list of named fields for Diameter, don't use
g_strdown(); do our own g_ascii_-style upper-case to lower-case mapping
in the hash function and use g_ascii_strcasecmp() in the compare
function.
We do this because there is no guarantee that toupper(), tolower(), and
functions that use them will, for example, map between "I" and "i" in
all locales; in Turkish locales, for example, there are, in both
upper case and lower case, versions of "i" with and without a dot, and
the upper-case version of "i" is "I"-with-a-dot and the lower-case
version of "I" is "i"-without-a-dot. This causes strings that should
match not to match.
This finishes fixing bug 2010 - an earlier checkin prevented the crash
(as there are other ways to produce the same crash, e.g. a bogus
dictionary.xml file), but didn't fix the case-insensitive string matching.
svn path=/trunk/; revision=23623
most have been tagged unused (few have been deleted if dissector has not been
modified since a long time)
move packet-ssl-utils.c to DISSECTOR_SRC
svn path=/trunk/; revision=21431
since source/dest/protocol/info is updated by the content of the payload it doesnt make sense to hide the actual payload inside esp/ah
it just would look confusing
svn path=/trunk/; revision=19206
as requested here is a patch in order to take into account Encryption
and Authentication keys for ESP in hexa.
You only have to write your key with 0x first. In this case if the key
is not in 8-bit unit, it will be considered as starting with a "0" (4 bits). Excepted this case, the key should be completely written, even if it
starts with "0x00".
svn path=/trunk/; revision=19181
protocol has a lot of preference items. Change the number of
configurable ESP SAs to 16 (in case someone needs do decrypt many
sessions in a single trace file). Fix up whitespace.
svn path=/trunk/; revision=18903
libgcrypt, enable it in the Windows build.
In packet-ipsec.c:
- Remove non-constants from variable declaration initializations.
- Use ep_alloc() in a couple of places.
- Fix an off-by-one error.
- Reduce the number of SAs in the preferences from 4 to 2. 4 made the
preferences window absolutely enormous. This is probably the wrong
way to fix this.
- Fix up whitespace.
svn path=/trunk/; revision=18856
Check for libgcrypt 1.1.0 (note: I don't know which version
is required, so maybe the version number needs to be changed
for this test to work reliably).
packet-ipsec.c:
- Replace __USE_LIBGCRYPT__ by HAVE_LIBGCRYPT to follow
conventions.
- Warning fixes: signedness in sscanf (%i -> %u)
- Warning fixes: mixed declaration and code
svn path=/trunk/; revision=18460
I updated my previous patch of ESP :
* It now check authentication for (similar to the ICMP checksum):
- NULL Authentication
- HMAC-SHA1-96 [RFC2404]
- HMAC-SHA256
- HMAC-MD5-96 [RFC2403] (2)
I put aside AES-XCBC-MAC-96 [RFC3566] because I did not succeed to have
a working implementation.
I added a field for any authenticator of 12bytes length (without
authentication process)
* I also correct the printing of this authenticator field which was
decrypted :-[ .
Thus, with this patch if libgcrypt is linked withe ethereal you should
have the availability to :
- decrypt packets
- check authentication
at the same time or not.
If noone of these options are set (or libgcrypt is not available) you
also may use the previous heuristic.
svn path=/trunk/; revision=17858
With a change :
#ifdef HAVE_LIBCRYPT
#define __USE_LIBGCRYPT__
#endif
>> > finally, I have updated my dissector using libgcrypt.
>> > It does not use openssl anymore.
>> > If gnutls is installed, all should work.
>> > Thus, now it should decrypt and dissect (transport/tunnel/several
>> > encapsulations ...) :
>> >
>> > - NULL Encryption Algorithm
>> > - TripleDES-CBC [RFC2451] : keylen 192 bits.
>> > - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256
>> > bits.
>> > - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
>> > 32 bits will be used as nonce.
>> > - DES-CBC [RFC2405] : keylen 64 bits
>> >
>> > I also have added :
>> >
>> > - BLOWFISH-CBC : keylen 128 bits.
>> > - TWOFISH-CBC : keylen 128/256 bits.
>> >
>> > You have to indicate the Authentication algorithm even if all
>> > Algorithms since it uses 12 bytes in the Auth field should work
>> > (have a look to the README to understand why I put it
>> > ;-) ). If you consider I have to throw it away please tell me.
>> >
>> > HMAC-SHA1-96 [RFC2404]
>> > NULL
>> > AES-XCBC-MAC-96 [RFC3566]
>> > HMAC-MD5-96 [RFC2403]
svn path=/trunk/; revision=17734
add a "match_strval_idx()" routine that does the same thing, and have
"match_strval()" call it.
Make those routines, and "val_to_str()", return a "const" pointer.
Update dissectors as necessary to squelch compiler warnings produced by
that.
Use "val_to_str()" rather than using "match_strval()" and then, if the
result is null, substituting a specific string. Clean up some other
"match_strval()"/"val_to_str()" usages.
Add a null pointer check in the NDPS dissector's "attribute_value()"
routine, as it's not clear that "global_attribute_name" won't be null at
that point.
Make some global variables in the AFS4INT dissector local.
Make some routines not used outside the module they're in static.
Make some tables "static const".
Clean up white space.
Fix Gerald's address in some files.
svn path=/trunk/; revision=14786
Jaap Keuter