2 * Routines for the Internet Security Association and Key Management Protocol
3 * (ISAKMP) (RFC 2408) and the Internet IP Security Domain of Interpretation
4 * for ISAKMP (RFC 2407)
5 * Brad Robel-Forrest <brad.robel-forrest@watchguard.com>
7 * Added routines for the Internet Key Exchange (IKEv2) Protocol
8 * (draft-ietf-ipsec-ikev2-17.txt)
9 * Shoichi Sakane <sakane@tanu.org>
11 * Added routines for RFC3947 Negotiation of NAT-Traversal in the IKE
14 * 04/2009 Added routines for decryption of IKEv2 Encrypted Payload
15 * Naoyoshi Ueda <piyomaru3141@gmail.com>
19 * Wireshark - Network traffic analyzer
20 * By Gerald Combs <gerald@wireshark.org>
21 * Copyright 1998 Gerald Combs
23 * This program is free software; you can redistribute it and/or
24 * modify it under the terms of the GNU General Public License
25 * as published by the Free Software Foundation; either version 2
26 * of the License, or (at your option) any later version.
28 * This program is distributed in the hope that it will be useful,
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
31 * GNU General Public License for more details.
33 * You should have received a copy of the GNU General Public License
34 * along with this program; if not, write to the Free Software
35 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
38 * IKEv2 http://www.ietf.org/rfc/rfc4306.txt?number=4306
39 * http://www.iana.org/assignments/ikev2-parameters
53 #include <winposixtype.h>
56 #include <epan/strutil.h>
57 #include <wsutil/file_util.h>
61 #include <epan/proto.h>
62 #include <epan/packet.h>
63 #include <epan/ipproto.h>
64 #include <epan/asn1.h>
65 #include <epan/reassemble.h>
66 #include <epan/dissectors/packet-x509if.h>
67 #include <epan/dissectors/packet-x509af.h>
68 #include <epan/dissectors/packet-isakmp.h>
69 #include <epan/prefs.h>
70 #include <epan/expert.h>
72 #define isakmp_min(a, b) ((a<b) ? a : b)
74 #define ARLEN(a) (sizeof(a)/sizeof(a[0]))
76 static int proto_isakmp = -1;
77 static int hf_isakmp_certificate_authority = -1;
78 static int hf_isakmp_v2_certificate_authority = -1;
79 static int hf_isakmp_nat_keepalive = -1;
81 static int hf_isakmp_icookie = -1;
82 static int hf_isakmp_rcookie = -1;
83 static int hf_isakmp_nextpayload = -1;
84 static int hf_isakmp_version = -1;
85 static int hf_isakmp_exchangetype = -1;
86 static int hf_isakmp_flags = -1;
87 static int hf_isakmp_messageid = -1;
88 static int hf_isakmp_length = -1;
89 static int hf_isakmp_payloadlen = -1;
90 static int hf_isakmp_doi = -1;
91 static int hf_isakmp_sa_situation = -1;
92 static int hf_isakmp_prop_number = -1;
93 static int hf_isakmp_spisize = -1;
94 static int hf_isakmp_prop_transforms = -1;
95 static int hf_isakmp_trans_number = -1;
96 static int hf_isakmp_trans_id = -1;
97 static int hf_isakmp_id_type = -1;
98 static int hf_isakmp_protoid = -1;
99 static int hf_isakmp_id_port = -1;
100 static int hf_isakmp_cert_encoding = -1;
101 static int hf_isakmp_certreq_type = -1;
102 static int hf_isakmp_certificate = -1;
103 static int hf_isakmp_notify_msgtype = -1;
104 static int hf_isakmp_num_spis = -1;
106 static int hf_isakmp_fragments = -1;
107 static int hf_isakmp_fragment = -1;
108 static int hf_isakmp_fragment_overlap = -1;
109 static int hf_isakmp_fragment_overlap_conflicts = -1;
110 static int hf_isakmp_fragment_multiple_tails = -1;
111 static int hf_isakmp_fragment_too_long_fragment = -1;
112 static int hf_isakmp_fragment_error = -1;
113 static int hf_isakmp_reassembled_in = -1;
115 static int hf_isakmp_cisco_frag_packetid = -1;
116 static int hf_isakmp_cisco_frag_seq = -1;
117 static int hf_isakmp_cisco_frag_last = -1;
119 static gint ett_isakmp = -1;
120 static gint ett_isakmp_flags = -1;
121 static gint ett_isakmp_payload = -1;
122 static gint ett_isakmp_fragment = -1;
123 static gint ett_isakmp_fragments = -1;
124 #ifdef HAVE_LIBGCRYPT
125 /* For decrypted IKEv2 Encrypted payload*/
126 static gint ett_isakmp_decrypted_data = -1;
127 static gint ett_isakmp_decrypted_payloads = -1;
128 #endif /* HAVE_LIBGCRYPT */
130 static dissector_handle_t eap_handle = NULL;
132 static GHashTable *isakmp_fragment_table = NULL;
133 static GHashTable *isakmp_reassembled_table = NULL;
135 static const fragment_items isakmp_frag_items = {
136 /* Fragment subtrees */
137 &ett_isakmp_fragment,
138 &ett_isakmp_fragments,
139 /* Fragment fields */
140 &hf_isakmp_fragments,
142 &hf_isakmp_fragment_overlap,
143 &hf_isakmp_fragment_overlap_conflicts,
144 &hf_isakmp_fragment_multiple_tails,
145 &hf_isakmp_fragment_too_long_fragment,
146 &hf_isakmp_fragment_error,
147 /* Reassembled in field */
148 &hf_isakmp_reassembled_in,
152 /* IKE port number assigned by IANA */
153 #define UDP_PORT_ISAKMP 500
154 #define TCP_PORT_ISAKMP 500
159 * draft-ietf-ipsec-ikev2-17.txt for IKEv2
161 #define IKE_ID_IPV4_ADDR 1
162 #define IKE_ID_FQDN 2
163 #define IKE_ID_USER_FQDN 3
164 #define IKE_ID_IPV4_ADDR_SUBNET 4
165 #define IKE_ID_IPV6_ADDR 5
166 #define IKE_ID_IPV6_ADDR_SUBNET 6
167 #define IKE_ID_IPV4_ADDR_RANGE 7
168 #define IKE_ID_IPV6_ADDR_RANGE 8
169 #define IKE_ID_DER_ASN1_DN 9
170 #define IKE_ID_DER_ASN1_GN 10
171 #define IKE_ID_KEY_ID 11
174 * Traffic Selector Type
175 * Not in use for IKEv1
177 #define IKEV2_TS_IPV4_ADDR_RANGE 7
178 #define IKEV2_TS_IPV6_ADDR_RANGE 8
180 static const value_string frag_last_vals[] = {
181 { 0, "More fragments" },
182 { 1, "Last fragment" },
186 static const value_string vs_proto[] = {
195 #define COOKIE_SIZE 8
197 typedef struct isakmp_hdr {
212 #define ISAKMP_HDR_SIZE (sizeof(struct isakmp_hdr) + (2 * COOKIE_SIZE))
214 #define ENC_DES_CBC 1
215 #define ENC_IDEA_CBC 2
216 #define ENC_BLOWFISH_CBC 3
217 #define ENC_RC5_R16_B64_CBC 4
218 #define ENC_3DES_CBC 5
219 #define ENC_CAST_CBC 6
220 #define ENC_AES_CBC 7
225 #define HMAC_SHA2_256 4
226 #define HMAC_SHA2_384 5
227 #define HMAC_SHA2_512 6
229 #ifdef HAVE_LIBGCRYPT
232 #define AGGRESSIVE_MODE 4
233 #define MAX_KEY_SIZE 256
234 #define MAX_DIGEST_SIZE 64
235 #define MAX_OAKLEY_KEY_LEN 32
237 typedef struct decrypt_key {
238 guchar secret[MAX_KEY_SIZE];
242 typedef struct iv_data {
243 guchar iv[MAX_DIGEST_SIZE];
248 typedef struct decrypt_data {
258 guchar secret[MAX_KEY_SIZE];
261 gchar last_cbc[MAX_DIGEST_SIZE];
263 gchar last_p1_cbc[MAX_DIGEST_SIZE];
264 guint last_p1_cbc_len;
265 guint32 last_message_id;
268 static GHashTable *isakmp_hash = NULL;
269 static GMemChunk *isakmp_key_data = NULL;
270 static GMemChunk *isakmp_decrypt_data = NULL;
271 static FILE *logf = NULL;
272 static const char *pluto_log_path = "insert pluto log path here";
274 /* Specifications of encryption algorithms for IKEv2 decryption */
275 typedef struct _ikev2_encr_alg_spec {
277 /* Length of encryption key */
279 /* Block size of the cipher */
281 /* Length of initialization vector */
283 /* Encryption algorithm ID to be passed to gcry_cipher_open() */
285 /* Cipher mode to be passed to gcry_cipher_open() */
287 } ikev2_encr_alg_spec_t;
289 #define IKEV2_ENCR_NULL 1
290 #define IKEV2_ENCR_3DES 2
291 #define IKEV2_ENCR_AES_CBC_128 3
292 #define IKEV2_ENCR_AES_CBC_192 4
293 #define IKEV2_ENCR_AES_CBC_256 5
295 static ikev2_encr_alg_spec_t ikev2_encr_algs[] = {
296 {IKEV2_ENCR_NULL, 0, 1, 0, GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE},
297 {IKEV2_ENCR_3DES, 24, 8, 8, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC},
298 {IKEV2_ENCR_AES_CBC_128, 16, 16, 16, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC},
299 {IKEV2_ENCR_AES_CBC_192, 24, 16, 16, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC},
300 {IKEV2_ENCR_AES_CBC_256, 32, 16, 16, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC},
305 * Specifications of authentication algorithms for
306 * decryption and/or ICD (Integrity Checksum Data) checking of IKEv2
308 typedef struct _ikev2_auth_alg_spec {
310 /* Output length of the hash algorithm */
312 /* Length of the hash key */
314 /* Actual ICD length after truncation */
316 /* Hash algorithm ID to be passed to gcry_md_open() */
318 /* Flags to be passed to gcry_md_open() */
320 } ikev2_auth_alg_spec_t;
322 #define IKEV2_AUTH_NONE 1
323 #define IKEV2_AUTH_HMAC_MD5_96 2
324 #define IKEV2_AUTH_HMAC_SHA1_96 3
325 #define IKEV2_AUTH_ANY_96BITS 4
326 #define IKEV2_AUTH_ANY_128BITS 5
327 #define IKEV2_AUTH_ANY_160BITS 6
328 #define IKEV2_AUTH_ANY_192BITS 7
329 #define IKEV2_AUTH_ANY_256BITS 8
331 static ikev2_auth_alg_spec_t ikev2_auth_algs[] = {
332 {IKEV2_AUTH_NONE, 0, 0, 0, GCRY_MD_NONE, 0},
333 {IKEV2_AUTH_HMAC_MD5_96, 16, 16, 12, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC},
334 {IKEV2_AUTH_HMAC_SHA1_96, 20, 20, 12, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC},
335 {IKEV2_AUTH_ANY_96BITS, 0, 0, 12, 0, 0},
336 {IKEV2_AUTH_ANY_128BITS, 0, 0, 16, 0, 0},
337 {IKEV2_AUTH_ANY_160BITS, 0, 0, 20, 0, 0},
338 {IKEV2_AUTH_ANY_192BITS, 0, 0, 24, 0, 0},
339 {IKEV2_AUTH_ANY_256BITS, 0, 0, 32, 0, 0},
343 typedef struct _ikev2_decrypt_data {
346 ikev2_encr_alg_spec_t *encr_spec;
347 ikev2_auth_alg_spec_t *auth_spec;
348 } ikev2_decrypt_data_t;
350 typedef struct _ikev2_uat_data_key {
355 } ikev2_uat_data_key_t;
357 typedef struct _ikev2_uat_data {
358 ikev2_uat_data_key_t key;
369 ikev2_encr_alg_spec_t *encr_spec;
370 ikev2_auth_alg_spec_t *auth_spec;
373 static ikev2_uat_data_t* ikev2_uat_data = NULL;
374 static guint num_ikev2_uat_data = 0;
375 static uat_t* ikev2_uat;
377 static GHashTable *ikev2_key_hash = NULL;
379 static const value_string vs_ikev2_encr_algs[] = {
380 {IKEV2_ENCR_3DES, "3DES [RFC2451]"},
381 {IKEV2_ENCR_AES_CBC_128, "AES-CBC-128 [RFC3602]"},
382 {IKEV2_ENCR_AES_CBC_192, "AES-CBC-192 [RFC3602]"},
383 {IKEV2_ENCR_AES_CBC_256, "AES-CBC-256 [RFC3602]"},
384 {IKEV2_ENCR_NULL, "NULL [RFC2410]"},
388 static const value_string vs_ikev2_auth_algs[] = {
389 {IKEV2_AUTH_HMAC_MD5_96, "HMAC_MD5_96 [RFC2403]"},
390 {IKEV2_AUTH_HMAC_SHA1_96, "HMAC_SHA1_96 [RFC2404]"},
391 {IKEV2_AUTH_NONE, "NONE [RFC4306]"},
392 {IKEV2_AUTH_ANY_96BITS, "ANY 96-bits of Authentication [No Checking]"},
393 {IKEV2_AUTH_ANY_128BITS, "ANY 128-bits of Authentication [No Checking]"},
394 {IKEV2_AUTH_ANY_160BITS, "ANY 160-bits of Authentication [No Checking]"},
395 {IKEV2_AUTH_ANY_192BITS, "ANY 192-bits of Authentication [No Checking]"},
396 {IKEV2_AUTH_ANY_256BITS, "ANY 256-bits of Authentication [No Checking]"},
400 ikev2_encr_alg_spec_t* ikev2_decrypt_find_encr_spec(guint num) {
401 ikev2_encr_alg_spec_t *e;
403 for (e = ikev2_encr_algs; e->number != 0; e++) {
404 if (e->number == num) {
411 ikev2_auth_alg_spec_t* ikev2_decrypt_find_auth_spec(guint num) {
412 ikev2_auth_alg_spec_t *a;
414 for (a = ikev2_auth_algs; a->number != 0; a++) {
415 if (a->number == num) {
423 scan_pluto_log(void) {
424 #define MAX_PLUTO_LINE 500
425 decrypt_data_t *decr;
426 gchar line[MAX_PLUTO_LINE];
427 guint8 i_cookie[COOKIE_SIZE], *ic_key;
428 gboolean got_cookie = FALSE;
429 guchar secret[MAX_KEY_SIZE];
430 guint secret_len = 0;
431 gchar *icookie_pfx = "| ICOOKIE: ";
432 gchar *enc_key_pfx = "| enc key: ";
434 gint icpfx_len = strlen(icookie_pfx);
435 gint ec_len = strlen(enc_key_pfx);
438 unsigned long hexval;
440 SET_ADDRESS(&null_addr, AT_NONE, 0, NULL);
443 while (fgets(line, MAX_PLUTO_LINE, logf)) {
444 if (strncmp(line, icookie_pfx, icpfx_len) == 0) {
446 pos = line + icpfx_len;
447 for (i = 0; i < COOKIE_SIZE; i++) {
448 hexval = strtoul(pos, &endpos, 16);
451 i_cookie[i] = (guint8) hexval;
454 if (i == COOKIE_SIZE)
456 } else if (strncmp(line, enc_key_pfx, ec_len) == 0) {
458 for (; secret_len < MAX_KEY_SIZE; secret_len++) {
459 hexval = strtoul(pos, &endpos, 16);
462 secret[secret_len] = (guint8) hexval;
465 } else if (got_cookie && secret_len > 1) {
466 decr = (decrypt_data_t*) g_hash_table_lookup(isakmp_hash, i_cookie);
469 ic_key = g_mem_chunk_alloc(isakmp_key_data);
470 memcpy(ic_key, i_cookie, COOKIE_SIZE);
471 decr = g_mem_chunk_alloc(isakmp_decrypt_data);
472 memset(decr, 0, sizeof(decrypt_data_t));
474 g_hash_table_insert(isakmp_hash, ic_key, decr);
477 memcpy(decr->secret, secret, secret_len);
478 decr->secret_len = secret_len;
485 set_transform_vals(decrypt_data_t *decr, int ike_p1, guint16 type, guint32 val) {
492 decr->encr_alg = val;
495 decr->hash_alg = val;
509 decrypt_payload(tvbuff_t *tvb, packet_info *pinfo, const guint8 *buf, guint buf_len, isakmp_hdr_t *hdr) {
510 decrypt_data_t *decr = (decrypt_data_t *) pinfo->private_data;
511 gchar *decrypted_data = NULL;
512 gint gcry_md_algo, gcry_cipher_algo;
514 gcry_cipher_hd_t decr_ctx;
516 iv_data_t *ivd = NULL;
518 guchar iv[MAX_DIGEST_SIZE];
520 guint32 message_id, cbc_block_size, digest_size;
523 decr->is_psk == FALSE ||
528 switch(decr->encr_alg) {
530 gcry_cipher_algo = GCRY_CIPHER_3DES;
533 gcry_cipher_algo = GCRY_CIPHER_DES;
539 if (decr->secret_len < gcry_cipher_get_algo_keylen(gcry_cipher_algo))
541 cbc_block_size = gcry_cipher_get_algo_blklen(gcry_cipher_algo);
543 switch(decr->hash_alg) {
545 gcry_md_algo = GCRY_MD_MD5;
548 gcry_md_algo = GCRY_MD_SHA1;
554 digest_size = gcry_md_get_algo_dlen(gcry_md_algo);
556 for (ivl = g_list_first(decr->iv_list); ivl != NULL; ivl = g_list_next(ivl)) {
557 ivd = (iv_data_t *) ivl->data;
558 if (ivd->frame_num == pinfo->fd->num) {
559 iv_len = ivd->iv_len;
560 memcpy(iv, ivd->iv, iv_len);
565 * Set our initialization vector as follows:
566 * - If the IV list is empty, assume we have the first packet in a phase 1
567 * exchange. The IV is built from DH values.
568 * - If our message ID changes, assume we're entering a new mode. The IV
569 * is built from the message ID and the last phase 1 CBC.
570 * - Otherwise, use the last CBC.
573 if (gcry_md_open(&md_ctx, gcry_md_algo, 0) != GPG_ERR_NO_ERROR)
575 if (decr->iv_list == NULL) {
577 ivd = g_malloc(sizeof(iv_data_t));
578 ivd->frame_num = pinfo->fd->num;
579 ivd->iv_len = digest_size;
580 decr->last_message_id = hdr->message_id;
581 gcry_md_reset(md_ctx);
582 gcry_md_write(md_ctx, decr->gi, decr->gi_len);
583 gcry_md_write(md_ctx, decr->gr, decr->gr_len);
584 gcry_md_final(md_ctx);
585 memcpy(ivd->iv, gcry_md_read(md_ctx, gcry_md_algo), digest_size);
586 decr->iv_list = g_list_append(decr->iv_list, ivd);
587 iv_len = ivd->iv_len;
588 memcpy(iv, ivd->iv, iv_len);
589 } else if (decr->last_cbc_len >= cbc_block_size) {
590 ivd = g_malloc(sizeof(iv_data_t));
591 ivd->frame_num = pinfo->fd->num;
592 if (hdr->message_id != decr->last_message_id) {
593 if (decr->last_p1_cbc_len == 0) {
594 memcpy(decr->last_p1_cbc, decr->last_cbc, cbc_block_size);
595 decr->last_p1_cbc_len = cbc_block_size;
597 ivd->iv_len = digest_size;
598 decr->last_message_id = hdr->message_id;
599 message_id = g_htonl(decr->last_message_id);
600 gcry_md_reset(md_ctx);
601 gcry_md_write(md_ctx, decr->last_p1_cbc, cbc_block_size);
602 gcry_md_write(md_ctx, &message_id, sizeof(message_id));
603 memcpy(ivd->iv, gcry_md_read(md_ctx, gcry_md_algo), digest_size);
605 ivd->iv_len = cbc_block_size;
606 memcpy(ivd->iv, decr->last_cbc, ivd->iv_len);
608 decr->iv_list = g_list_append(decr->iv_list, ivd);
609 iv_len = ivd->iv_len;
610 memcpy(iv, ivd->iv, iv_len);
612 gcry_md_close(md_ctx);
615 if (ivd == NULL) return NULL;
617 if (gcry_cipher_open(&decr_ctx, gcry_cipher_algo, GCRY_CIPHER_MODE_CBC, 0) != GPG_ERR_NO_ERROR)
619 if (iv_len > cbc_block_size)
620 iv_len = cbc_block_size; /* gcry warns otherwise */
621 if (gcry_cipher_setiv(decr_ctx, iv, iv_len))
623 if (gcry_cipher_setkey(decr_ctx, decr->secret, decr->secret_len))
626 decrypted_data = g_malloc(buf_len);
628 if (gcry_cipher_decrypt(decr_ctx, decrypted_data, buf_len, buf, buf_len) != GPG_ERR_NO_ERROR) {
629 g_free(decrypted_data);
632 gcry_cipher_close(decr_ctx);
634 encr_tvb = tvb_new_child_real_data(tvb, decrypted_data, buf_len, buf_len);
636 /* Add the decrypted data to the data source list. */
637 add_new_data_source(pinfo, encr_tvb, "Decrypted IKE");
639 /* Fill in the next IV */
640 if (tvb_length(tvb) > cbc_block_size) {
641 decr->last_cbc_len = cbc_block_size;
642 memcpy(decr->last_cbc, buf + buf_len - cbc_block_size, cbc_block_size);
644 decr->last_cbc_len = 0;
650 #endif /* HAVE_LIBGCRYPT */
652 static const char* vid_to_str(tvbuff_t *, int, int);
653 static proto_tree *dissect_payload_header(tvbuff_t *, int, int, int, guint8,
654 guint8 *, guint16 *, proto_tree *);
656 static void dissect_sa(tvbuff_t *, int, int, proto_tree *,
657 proto_tree *, packet_info *, int, int, guint8);
658 static void dissect_proposal(tvbuff_t *, int, int, proto_tree *,
659 proto_tree *, packet_info *, int, int, guint8);
660 static void dissect_transform(tvbuff_t *, int, int, proto_tree *,
661 proto_tree *, packet_info *, int, int, guint8);
662 static void dissect_transform2(tvbuff_t *, int, int, proto_tree *,
663 proto_tree *, packet_info *, int, int, guint8);
664 static void dissect_key_exch(tvbuff_t *, int, int, proto_tree *,
665 proto_tree *, packet_info *, int, int, guint8);
666 static void dissect_id(tvbuff_t *, int, int, proto_tree *,
667 proto_tree *, packet_info *, int, int, guint8);
668 static void dissect_cert(tvbuff_t *, int, int, proto_tree *,
669 proto_tree *, packet_info *, int, int, guint8);
670 static void dissect_certreq_v1(tvbuff_t *, int, int, proto_tree *,
671 proto_tree *, packet_info *, int, int, guint8);
672 static void dissect_certreq_v2(tvbuff_t *, int, int, proto_tree *,
673 proto_tree *, packet_info *, int, int, guint8);
674 static void dissect_hash(tvbuff_t *, int, int, proto_tree *,
675 proto_tree *, packet_info *, int, int, guint8);
676 static void dissect_auth(tvbuff_t *, int, int, proto_tree *,
677 proto_tree *, packet_info *, int, int, guint8);
678 static void dissect_sig(tvbuff_t *, int, int, proto_tree *,
679 proto_tree *, packet_info *, int, int, guint8);
680 static void dissect_nonce(tvbuff_t *, int, int, proto_tree *,
681 proto_tree *, packet_info *, int, int, guint8);
682 static void dissect_notif(tvbuff_t *, int, int, proto_tree *,
683 proto_tree *, packet_info *, int, int, guint8);
684 static void dissect_delete(tvbuff_t *, int, int, proto_tree *,
685 proto_tree *, packet_info *, int, int, guint8);
686 static void dissect_vid(tvbuff_t *, int, int, proto_tree *,
687 proto_tree *, packet_info *, int, int, guint8);
688 static void dissect_config(tvbuff_t *, int, int, proto_tree *,
689 proto_tree *, packet_info *, int, int, guint8);
690 static void dissect_nat_discovery(tvbuff_t *, int, int, proto_tree *,
691 proto_tree *, packet_info *, int, int, guint8);
692 static void dissect_nat_original_address(tvbuff_t *, int, int, proto_tree *,
693 proto_tree *, packet_info *, int, int, guint8);
694 static void dissect_ts(tvbuff_t *, int, int, proto_tree *,
695 proto_tree *, packet_info *, int, int, guint8);
696 static void dissect_enc(tvbuff_t *, int, int, proto_tree *,
697 proto_tree *, packet_info *, int, int, guint8);
698 static void dissect_eap(tvbuff_t *, int, int, proto_tree *,
699 proto_tree *, packet_info *, int, int, guint8);
700 static void dissect_cisco_fragmentation(tvbuff_t *, int, int, proto_tree *,
701 proto_tree *, packet_info *, int, int, guint8);
703 static const char *payloadtype2str(int, guint8);
704 static const char *exchtype2str(int, guint8);
705 static const char *doitype2str(guint32);
706 static const char *msgtype2str(int, guint16);
707 static const char *situation2str(guint32);
708 static const char *v1_attrval2str(int, guint16, guint32);
709 static const char *v2_attrval2str(guint16, guint32);
710 static const char *cfgtype2str(int, guint8);
711 static const char *cfgattr2str(int, guint16);
712 static const char *id2str(int, guint8);
713 static const char *v2_tstype2str(guint8);
714 static const char *v2_auth2str(guint8);
715 static const char *certtype2str(int, guint8);
717 static gboolean get_num(tvbuff_t *, int, guint16, guint32 *);
719 #define LOAD_TYPE_NONE 0 /* payload type for None */
720 #define LOAD_TYPE_PROPOSAL 2 /* payload type for Proposal */
721 #define LOAD_TYPE_TRANSFORM 3 /* payload type for Transform */
723 struct payload_func {
726 void (*func)(tvbuff_t *, int, int, proto_tree *, proto_tree *, packet_info *,
730 static struct payload_func v1_plfunc[] = {
732 { 1, "Security Association", dissect_sa },
733 { 2, "Proposal", dissect_proposal },
734 { 3, "Transform", dissect_transform },
735 { 4, "Key Exchange", dissect_key_exch },
736 { 5, "Identification", dissect_id },
737 { 6, "Certificate", dissect_cert },
738 { 7, "Certificate Request", dissect_certreq_v1},
739 { 8, "Hash", dissect_hash },
740 { 9, "Signature", dissect_sig },
741 { 10, "Nonce", dissect_nonce },
742 { 11, "Notification", dissect_notif },
743 { 12, "Delete", dissect_delete },
744 { 13, "Vendor ID", dissect_vid },
745 { 14, "Attrib", dissect_config },
746 { 15, "NAT-Discovery", dissect_nat_discovery }, /* draft-ietf-ipsec-nat-t-ike-04 */
747 { 16, "NAT-Original Address", dissect_nat_original_address }, /* draft-ietf-ipsec-nat-t-ike */
748 { 20, "NAT-D (RFC 3947)", dissect_nat_discovery },
749 { 21, "NAT-OA (RFC 3947)", dissect_nat_original_address },
750 { 130, "NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03)", dissect_nat_discovery },
751 { 131, "NAT-OA (draft-ietf-ipsec-nat-t-ike-01 to 04)", dissect_nat_original_address },
752 { 132, "Cisco-Fragmentation", dissect_cisco_fragmentation },
755 static struct payload_func v2_plfunc[] = {
757 { 2, "Proposal", dissect_proposal },
758 { 3, "Transform", dissect_transform2 },
759 { 33, "Security Association", dissect_sa },
760 { 34, "Key Exchange", dissect_key_exch },
761 { 35, "Identification - I", dissect_id },
762 { 36, "Identification - R", dissect_id },
763 { 37, "Certificate", dissect_cert },
764 { 38, "Certificate Request", dissect_certreq_v2},
765 { 39, "Authentication", dissect_auth },
766 { 40, "Nonce", dissect_nonce },
767 { 41, "Notification", dissect_notif },
768 { 42, "Delete", dissect_delete },
769 { 43, "Vendor ID", dissect_vid },
770 { 44, "Traffic Selector - I", dissect_ts },
771 { 45, "Traffic Selector - R", dissect_ts },
772 { 46, "Encrypted", dissect_enc },
773 { 47, "Configuration", dissect_config },
774 { 48, "Extensible Authentication", dissect_eap },
777 static struct payload_func * getpayload_func(guint8, int);
780 #define VID_MS_LEN 20
781 #define VID_CISCO_FRAG_LEN 20
783 static const guint8 VID_CISCO_FRAG[VID_CISCO_FRAG_LEN] = {0x40, 0x48, 0xB7, 0xD5, 0x6E, 0xBC, 0xE8, 0x85, 0x25, 0xE7, 0xDE, 0x7F, 0x00, 0xD6, 0xC2, 0xD3, 0x80, 0x00, 0x00, 0x00};
785 static const guint8 VID_MS_W2K_WXP[VID_MS_LEN] = {0x1E, 0x2B, 0x51, 0x69, 0x5, 0x99, 0x1C, 0x7D, 0x7C, 0x96, 0xFC, 0xBF, 0xB5, 0x87, 0xE4, 0x61, 0x0, 0x0, 0x0, 0x2}; /* according to http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/cableguy/cg0602.asp */
787 #define VID_CP_LEN 20
788 static const guint8 VID_CP[VID_CP_LEN] = {0xF4, 0xED, 0x19, 0xE0, 0xC1, 0x14, 0xEB, 0x51, 0x6F, 0xAA, 0xAC, 0x0E, 0xE3, 0x7D, 0xAF, 0x28, 0x7, 0xB4, 0x38, 0x1F};
790 static const guint8 VID_CYBERGUARD[VID_LEN] = {0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D, 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0xC, 0xF2, 0x14};
792 static const guint8 VID_rfc3947[VID_LEN] = {0x4a, 0x13, 0x1c, 0x81, 0x07, 0x03, 0x58, 0x45, 0x5c, 0x57, 0x28, 0xf2, 0x0e, 0x95, 0x45, 0x2f}; /* RFC 3947 Negotiation of NAT-Traversal in the IKE*/
794 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_0[VID_LEN] = {0xfB, 0xF4, 0x76, 0x14, 0x98, 0x40, 0x31, 0xFA, 0x8E, 0x3B, 0xB6, 0x19, 0x80, 0x89, 0xB2, 0x23}; /* Ssh Communications Security IPSEC Express version 1.1.0 */
796 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_1[VID_LEN] = {0x19, 0x52, 0xDC, 0x91, 0xAC, 0x20, 0xF6, 0x46, 0xFB, 0x01, 0xCF, 0x42, 0xA3, 0x3A, 0xEE, 0x30}; /* Ssh Communications Security IPSEC Express version 1.1.1 */
798 static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_2[VID_LEN] = {0xE8, 0xBF, 0xFA, 0x64, 0x3E, 0x5C, 0x8F, 0x2C, 0xD1, 0x0F, 0xDA, 0x73, 0x70, 0xB6, 0xEB, 0xE5}; /* Ssh Communications Security IPSEC Express version 1.1.2 */
800 static const guint8 VID_SSH_IPSEC_EXPRESS_1_2_1[VID_LEN] = {0xC1, 0x11, 0x1B, 0x2D, 0xEE, 0x8C, 0xBC, 0x3D, 0x62, 0x05, 0x73, 0xEC, 0x57, 0xAA, 0xB9, 0xCB}; /* Ssh Communications Security IPSEC Express version 1.2.1 */
802 static const guint8 VID_SSH_IPSEC_EXPRESS_1_2_2[VID_LEN] = {0x09, 0xEC, 0x27, 0xBF, 0xBC, 0x09, 0xC7, 0x58, 0x23, 0xCF, 0xEC, 0xBF, 0xFE, 0x56, 0x5A, 0x2E}; /* Ssh Communications Security IPSEC Express version 1.2.2 */
804 static const guint8 VID_SSH_IPSEC_EXPRESS_2_0_0[VID_LEN] = {0x7F, 0x21, 0xA5, 0x96, 0xE4, 0xE3, 0x18, 0xF0, 0xB2, 0xF4, 0x94, 0x4C, 0x23, 0x84, 0xCB, 0x84}; /* SSH Communications Security IPSEC Express version 2.0.0 */
806 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_0[VID_LEN] = {0x28, 0x36, 0xD1, 0xFD, 0x28, 0x07, 0xBC, 0x9E, 0x5A, 0xE3, 0x07, 0x86, 0x32, 0x04, 0x51, 0xEC}; /* SSH Communications Security IPSEC Express version 2.1.0 */
808 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_1[VID_LEN] = {0xA6, 0x8D, 0xE7, 0x56, 0xA9, 0xC5, 0x22, 0x9B, 0xAE, 0x66, 0x49, 0x80, 0x40, 0x95, 0x1A, 0xD5}; /* SSH Communications Security IPSEC Express version 2.1.1 */
810 static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_2[VID_LEN] = {0x3F, 0x23, 0x72, 0x86, 0x7E, 0x23, 0x7C, 0x1C, 0xD8, 0x25, 0x0A, 0x75, 0x55, 0x9C, 0xAE, 0x20}; /* SSH Communications Security IPSEC Express version 2.1.2 */
812 static const guint8 VID_SSH_IPSEC_EXPRESS_3_0_0[VID_LEN] = {0x0E, 0x58, 0xD5, 0x77, 0x4D, 0xF6, 0x02, 0x00, 0x7D, 0x0B, 0x02, 0x44, 0x36, 0x60, 0xF7, 0xEB}; /* SSH Communications Security IPSEC Express version 3.0.0 */
814 static const guint8 VID_SSH_IPSEC_EXPRESS_3_0_1[VID_LEN] = {0xF5, 0xCE, 0x31, 0xEB, 0xC2, 0x10, 0xF4, 0x43, 0x50, 0xCF, 0x71, 0x26, 0x5B, 0x57, 0x38, 0x0F}; /* SSH Communications Security IPSEC Express version 3.0.1 */
816 static const guint8 VID_SSH_IPSEC_EXPRESS_4_0_0[VID_LEN] = {0xF6, 0x42, 0x60, 0xAF, 0x2E, 0x27, 0x42, 0xDA, 0xDD, 0xD5, 0x69, 0x87, 0x06, 0x8A, 0x99, 0xA0}; /* SSH Communications Security IPSEC Express version 4.0.0 */
818 static const guint8 VID_SSH_IPSEC_EXPRESS_4_0_1[VID_LEN] = {0x7A, 0x54, 0xD3, 0xBD, 0xB3, 0xB1, 0xE6, 0xD9, 0x23, 0x89, 0x20, 0x64, 0xBE, 0x2D, 0x98, 0x1C}; /* SSH Communications Security IPSEC Express version 4.0.1 */
820 static const guint8 VID_SSH_IPSEC_EXPRESS_4_1_0[VID_LEN] = {0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D, 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0x0C, 0xF2, 0x14}; /* SSH Communications Security IPSEC Express version 4.1.0 */
822 static const guint8 VID_SSH_IPSEC_EXPRESS_4_1_1[VID_LEN] = {0x89, 0xF7, 0xB7, 0x60, 0xD8, 0x6B, 0x01, 0x2A, 0xCF, 0x26, 0x33, 0x82, 0x39, 0x4D, 0x96, 0x2F}; /* SSH Communications Security IPSEC Express version 4.1.1 */
824 static const guint8 VID_SSH_IPSEC_EXPRESS_5_0[VID_LEN] = {0xB0, 0x37, 0xA2, 0x1A, 0xCE, 0xCC, 0xB5, 0x57, 0x0F, 0x60, 0x25, 0x46, 0xF9, 0x7B, 0xDE, 0x8C}; /* SSH Communications Security IPSEC Express version 5.0 */
826 static const guint8 VID_SSH_IPSEC_EXPRESS_5_0_0[VID_LEN] = {0x2B, 0x2D, 0xAD, 0x97, 0xC4, 0xD1, 0x40, 0x93, 0x00, 0x53, 0x28, 0x7F, 0x99, 0x68, 0x50, 0xB0}; /* SSH Communications Security IPSEC Express version 5.0.0 */
828 static const guint8 VID_SSH_IPSEC_EXPRESS_5_1_0[VID_LEN] = {0x45, 0xE1, 0x7F, 0x3A, 0xBE, 0x93, 0x94, 0x4C, 0xB2, 0x02, 0x91, 0x0C, 0x59, 0xEF, 0x80, 0x6B}; /* SSH Communications Security IPSEC Express version 5.1.0 */
830 static const guint8 VID_SSH_IPSEC_EXPRESS_5_1_1[VID_LEN] = {0x59, 0x25, 0x85, 0x9F, 0x73, 0x77, 0xED, 0x78, 0x16, 0xD2, 0xFB, 0x81, 0xC0, 0x1F, 0xA5, 0x51}; /* SSH Communications Security IPSEC Express version 5.1.1 */
832 static const guint8 VID_SSH_SENTINEL[VID_LEN] = {0x05, 0x41, 0x82, 0xA0, 0x7C, 0x7A, 0xE2, 0x06, 0xF9, 0xD2, 0xCF, 0x9D, 0x24, 0x32, 0xC4, 0x82}; /* SSH Sentinel */
834 static const guint8 VID_SSH_SENTINEL_1_1[VID_LEN] = {0xB9, 0x16, 0x23, 0xE6, 0x93, 0xCA, 0x18, 0xA5, 0x4C, 0x6A, 0x27, 0x78, 0x55, 0x23, 0x05, 0xE8}; /* SSH Sentinel 1.1 */
836 static const guint8 VID_SSH_SENTINEL_1_2[VID_LEN] = {0x54, 0x30, 0x88, 0x8D, 0xE0, 0x1A, 0x31, 0xA6, 0xFA, 0x8F, 0x60, 0x22, 0x4E, 0x44, 0x99, 0x58}; /* SSH Sentinel 1.2 */
838 static const guint8 VID_SSH_SENTINEL_1_3[VID_LEN] = {0x7E, 0xE5, 0xCB, 0x85, 0xF7, 0x1C, 0xE2, 0x59, 0xC9, 0x4A, 0x5C, 0x73, 0x1E, 0xE4, 0xE7, 0x52}; /* SSH Sentinel 1.3 */
840 static const guint8 VID_SSH_QUICKSEC_0_9_0[VID_LEN] = {0x37, 0xEB, 0xA0, 0xC4, 0x13, 0x61, 0x84, 0xE7, 0xDA, 0xF8, 0x56, 0x2A, 0x77, 0x06, 0x0B, 0x4A}; /* SSH Communications Security QuickSec 0.9.0 */
842 static const guint8 VID_SSH_QUICKSEC_1_1_0[VID_LEN] = {0x5D, 0x72, 0x92, 0x5E, 0x55, 0x94, 0x8A, 0x96, 0x61, 0xA7, 0xFC, 0x48, 0xFD, 0xEC, 0x7F, 0xF9}; /* SSH Communications Security QuickSec 1.1.0 */
844 static const guint8 VID_SSH_QUICKSEC_1_1_1[VID_LEN] = {0x77, 0x7F, 0xBF, 0x4C, 0x5A, 0xF6, 0xD1, 0xCD, 0xD4, 0xB8, 0x95, 0xA0, 0x5B, 0xF8, 0x25, 0x94}; /* SSH Communications Security QuickSec 1.1.1 */
846 static const guint8 VID_SSH_QUICKSEC_1_1_2[VID_LEN] = {0x2C, 0xDF, 0x08, 0xE7, 0x12, 0xED, 0xE8, 0xA5, 0x97, 0x87, 0x61, 0x26, 0x7C, 0xD1, 0x9B, 0x91}; /* SSH Communications Security QuickSec 1.1.2 */
848 static const guint8 VID_SSH_QUICKSEC_1_1_3[VID_LEN] = {0x59, 0xE4, 0x54, 0xA8, 0xC2, 0xCF, 0x02, 0xA3, 0x49, 0x59, 0x12, 0x1F, 0x18, 0x90, 0xBC, 0x87}; /* SSH Communications Security QuickSec 1.1.3 */
850 static const guint8 VID_draft_huttunen_ipsec_esp_in_udp_01[VID_LEN] = {0x50, 0x76, 0x0F, 0x62, 0x4C, 0x63, 0xE5, 0xC5, 0x3E, 0xEA, 0x38, 0x6C, 0x68, 0x5C, 0xA0, 0x83}; /* draft-huttunen-ipsec-esp-in-udp-01.txt */
852 static const guint8 VID_draft_stenberg_ipsec_nat_traversal_01[VID_LEN] = {0x27, 0xBA, 0xB5, 0xDC, 0x01, 0xEA, 0x07, 0x60, 0xEA, 0x4E, 0x31, 0x90, 0xAC, 0x27, 0xC0, 0xD0}; /* draft-stenberg-ipsec-nat-traversal-01 */
854 static const guint8 VID_draft_stenberg_ipsec_nat_traversal_02[VID_LEN]= {0x61, 0x05, 0xC4, 0x22, 0xE7, 0x68, 0x47, 0xE4, 0x3F, 0x96, 0x84, 0x80, 0x12, 0x92, 0xAE, 0xCD}; /* draft-stenberg-ipsec-nat-traversal-02 */
856 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_00[VID_LEN]= {0x44, 0x85, 0x15, 0x2D, 0x18, 0xB6, 0xBB, 0xCD, 0x0B, 0xE8, 0xA8, 0x46, 0x95, 0x79, 0xDD, 0xCC}; /* draft-ietf-ipsec-nat-t-ike-00 */
858 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_01[VID_LEN]= {0x16, 0xf6, 0xca, 0x16, 0xe4, 0xa4, 0x06, 0x6d, 0x83, 0x82, 0x1a, 0x0f, 0x0a, 0xea, 0xa8, 0x62 }; /* "draft-ietf-ipsec-nat-t-ike-01" */
860 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_02a[VID_LEN]= {0xCD, 0x60, 0x46, 0x43, 0x35, 0xDF, 0x21, 0xF8, 0x7C, 0xFD, 0xB2, 0xFC, 0x68, 0xB6, 0xA4, 0x48}; /* draft-ietf-ipsec-nat-t-ike-02 */
862 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_02b[VID_LEN]= {0x90, 0xCB, 0x80, 0x91, 0x3E, 0xBB, 0x69, 0x6E, 0x08, 0x63, 0x81, 0xB5, 0xEC, 0x42, 0x7B, 0x1F}; /* draft-ietf-ipsec-nat-t-ike-02 */
864 static const guint8 VID_draft_ietf_ipsec_nat_t_ike_03[VID_LEN] = {0x7D, 0x94, 0x19, 0xA6, 0x53, 0x10, 0xCA, 0x6F, 0x2C, 0x17, 0x9D, 0x92, 0x15, 0x52, 0x9d, 0x56}; /* according to http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-03.txt */
866 static const guint8 VID_draft_beaulieu_ike_xauth_02[VID_LEN]= {0x09, 0x00, 0x26, 0x89, 0xDF, 0xD6, 0xB7, 0x12, 0x80, 0xA2, 0x24, 0xDE, 0xC3, 0x3B, 0x81, 0xE5}; /* draft-beaulieu-ike-xauth-02.txt */
869 static const guint8 VID_rfc3706_dpd[VID_LEN]= {0xAF, 0xCA,0xD7, 0x13, 0x68, 0xA1, 0xF1, 0xC9, 0x6B, 0x86, 0x96, 0xFC, 0x77, 0x57, 0x01, 0x00}; /* RFC 3706 */
871 static const guint8 VID_IKE_CHALLENGE_RESPONSE_1[VID_LEN]= {0xBA, 0x29, 0x04, 0x99, 0xC2, 0x4E, 0x84, 0xE5, 0x3A, 0x1D, 0x83, 0xA0, 0x5E, 0x5F, 0x00, 0xC9}; /* IKE Challenge/Response for Authenticated Cryptographic Keys */
873 static const guint8 VID_IKE_CHALLENGE_RESPONSE_2[VID_LEN]= {0x0D, 0x33, 0x61, 0x1A, 0x5D, 0x52, 0x1B, 0x5E, 0x3C, 0x9C, 0x03, 0xD2, 0xFC, 0x10, 0x7E, 0x12}; /* IKE Challenge/Response for Authenticated Cryptographic Keys */
875 static const guint8 VID_IKE_CHALLENGE_RESPONSE_REV_1[VID_LEN]= {0xAD, 0x32, 0x51, 0x04, 0x2C, 0xDC, 0x46, 0x52, 0xC9, 0xE0, 0x73, 0x4C, 0xE5, 0xDE, 0x4C, 0x7D}; /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
877 static const guint8 VID_IKE_CHALLENGE_RESPONSE_REV_2[VID_LEN]= {0x01, 0x3F, 0x11, 0x82, 0x3F, 0x96, 0x6F, 0xA9, 0x19, 0x00, 0xF0, 0x24, 0xBA, 0x66, 0xA8, 0x6B}; /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
879 static const guint8 VID_MS_L2TP_IPSEC_VPN_CLIENT[VID_LEN]= {0x40, 0x48, 0xB7, 0xD5, 0x6E, 0xBC, 0xE8, 0x85, 0x25, 0xE7, 0xDE, 0x7F, 0x00, 0xD6, 0xC2, 0xD3}; /* Microsoft L2TP/IPSec VPN Client */
881 static const guint8 VID_GSS_API_1[VID_LEN]= {0xB4, 0x6D, 0x89, 0x14, 0xF3, 0xAA, 0xA3, 0xF2, 0xFE, 0xDE, 0xB7, 0xC7, 0xDB, 0x29, 0x43, 0xCA}; /* A GSS-API Authentication Method for IKE */
883 static const guint8 VID_GSS_API_2[VID_LEN]= {0xAD, 0x2C, 0x0D, 0xD0, 0xB9, 0xC3, 0x20, 0x83, 0xCC, 0xBA, 0x25, 0xB8, 0x86, 0x1E, 0xC4, 0x55}; /* A GSS-API Authentication Method for IKE */
885 static const guint8 VID_GSSAPI[VID_LEN]= {0x62, 0x1B, 0x04, 0xBB, 0x09, 0x88, 0x2A, 0xC1, 0xE1, 0x59, 0x35, 0xFE, 0xFA, 0x24, 0xAE, 0xEE}; /* GSSAPI */
887 static const guint8 VID_MS_NT5_ISAKMPOAKLEY[VID_LEN]= {0x1E, 0x2B, 0x51, 0x69, 0x05, 0x99, 0x1C, 0x7D, 0x7C, 0x96, 0xFC, 0xBF, 0xB5, 0x87, 0xE4, 0x61}; /* MS NT5 ISAKMPOAKLEY */
889 static const guint8 VID_CISCO_UNITY[VID_LEN]= {0x12, 0xF5, 0xF2, 0x8C, 0x45, 0x71, 0x68, 0xA9, 0x70, 0x2D, 0x9F, 0xE2, 0x74, 0xCC, 0x02, 0xD4}; /* CISCO-UNITY */
891 static const guint8 VID_CISCO_UNITY_10[VID_LEN]= {0x12, 0xF5, 0xF2, 0x8C, 0x45, 0x71, 0x68, 0xA9, 0x70, 0x2D, 0x9F, 0xE2, 0x74, 0xCC, 0x01, 0x00}; /* CISCO-UNITY 1.0 */
893 static const guint8 VID_CISCO_CONCENTRATOR[VID_LEN]= {0x1F, 0x07, 0xF7, 0x0E, 0xAA, 0x65, 0x14, 0xD3, 0xB0, 0xFA, 0x96, 0x54, 0x2A, 0x50, 0x01, 0x00}; /* CISCO-CONCENTRATOR */
896 static const guint8 VID_draft_ietf_ipsec_antireplay_00[VID_LEN_8]= {0x32, 0x5D, 0xF2, 0x9A, 0x23, 0x19, 0xF2, 0xDD}; /* draft-ietf-ipsec-antireplay-00.txt */
898 static const guint8 VID_draft_ietf_ipsec_heartbeats_00[VID_LEN_8]= {0x8D, 0xB7, 0xA4, 0x18, 0x11, 0x22, 0x16, 0x60}; /* draft-ietf-ipsec-heartbeats-00.txt */
901 * Seen in Netscreen. Suppose to be ASCII HeartBeat_Notify - but I don't know the rest yet. I suspect it then proceeds with
902 * 8k10, which means every 8K (?), and version 1.0 of the protocol (?). I won't add it to the code, until I know what it really
903 * means. ykaul-at-bezeqint.net
905 static const guint8 VID_HeartBeat_Notify[VID_LEN] _U_ = {0x48, 0x65, 0x61, 0x72, 0x74, 0x42, 0x65, 0x61, 0x74, 0x5f, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79};
908 dissect_payloads(tvbuff_t *tvb, proto_tree *tree, proto_tree *parent_tree,
909 int isakmp_version, guint8 initial_payload, int offset, int length,
912 guint8 payload, next_payload;
913 guint16 payload_length;
915 struct payload_func * f;
917 for (payload = initial_payload; length > 0; payload = next_payload) {
918 if (payload == LOAD_TYPE_NONE) {
920 * What? There's more stuff in this chunk of data, but the
921 * previous payload had a "next payload" type of None?
923 proto_tree_add_text(tree, tvb, offset, length,
925 tvb_bytes_to_str(tvb, offset, length));
928 ntree = dissect_payload_header(tvb, offset, length, isakmp_version,
929 payload, &next_payload, &payload_length, tree);
932 if (payload_length >= 4) { /* XXX = > 4? */
933 tvb_ensure_bytes_exist(tvb, offset + 4, payload_length - 4);
934 if ((f = getpayload_func(payload, isakmp_version)) != NULL && f->func != NULL)
935 (*f->func)(tvb, offset + 4, payload_length - 4, ntree, parent_tree,
936 pinfo, isakmp_version, -1, next_payload);
938 proto_tree_add_text(ntree, tvb, offset + 4, payload_length - 4,
942 else if (payload_length > length) {
943 proto_tree_add_text(ntree, tvb, 0, 0,
944 "Payload (bogus, length is %u, greater than remaining length %d",
945 payload_length, length);
949 proto_tree_add_text(ntree, tvb, 0, 0,
950 "Payload (bogus, length is %u, must be at least 4)",
954 offset += payload_length;
955 length -= payload_length;
960 isakmp_dissect_payloads(tvbuff_t *tvb, proto_tree *tree, int isakmp_version,
961 guint8 initial_payload, int offset, int length,
964 dissect_payloads(tvb, tree, tree, isakmp_version, initial_payload, offset, length,
968 static struct payload_func *
969 getpayload_func(guint8 payload, int isakmp_version)
971 struct payload_func *f = 0;
974 if (isakmp_version == 1) {
976 len = ARLEN(v1_plfunc);
977 } else if (isakmp_version == 2) {
979 len = ARLEN(v2_plfunc);
982 for (i = 0; i < len; i++) {
983 if (f[i].type == payload)
990 dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
995 proto_tree * isakmp_tree = NULL;
997 #ifdef HAVE_LIBGCRYPT
998 guint8 i_cookie[COOKIE_SIZE], *ic_key;
999 decrypt_data_t *decr = NULL;
1001 proto_tree *decr_tree;
1003 void *pd_save = NULL;
1004 gboolean pd_changed = FALSE;
1005 #endif /* HAVE_LIBGCRYPT */
1007 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1008 col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISAKMP");
1009 if (check_col(pinfo->cinfo, COL_INFO))
1010 col_clear(pinfo->cinfo, COL_INFO);
1013 ti = proto_tree_add_item(tree, proto_isakmp, tvb, offset, -1, FALSE);
1014 isakmp_tree = proto_item_add_subtree(ti, ett_isakmp);
1017 /* RFC3948 2.3 NAT Keepalive packet:
1018 * 1 byte payload with the value 0xff.
1020 if( (tvb_length(tvb)==1) && (tvb_get_guint8(tvb, offset)==0xff) ){
1021 if (check_col(pinfo->cinfo, COL_INFO)){
1022 col_set_str(pinfo->cinfo, COL_INFO, "NAT Keepalive");
1024 proto_tree_add_item(isakmp_tree, hf_isakmp_nat_keepalive, tvb, offset, 1, FALSE);
1028 hdr.length = tvb_get_ntohl(tvb, offset + ISAKMP_HDR_SIZE - sizeof(hdr.length));
1029 hdr.exch_type = tvb_get_guint8(tvb, COOKIE_SIZE + COOKIE_SIZE + sizeof(hdr.next_payload) + sizeof(hdr.version));
1030 hdr.version = tvb_get_guint8(tvb, COOKIE_SIZE + COOKIE_SIZE + sizeof(hdr.next_payload));
1031 isakmp_version = hi_nibble(hdr.version); /* save the version */
1032 hdr.flags = tvb_get_guint8(tvb, COOKIE_SIZE + COOKIE_SIZE + sizeof(hdr.next_payload) + sizeof(hdr.version) + sizeof(hdr.exch_type));
1033 if (check_col(pinfo->cinfo, COL_INFO))
1034 col_add_str(pinfo->cinfo, COL_INFO,
1035 exchtype2str(isakmp_version, hdr.exch_type));
1037 #ifdef HAVE_LIBGCRYPT
1038 if (isakmp_version == 1) {
1039 SET_ADDRESS(&null_addr, AT_NONE, 0, NULL);
1041 tvb_memcpy(tvb, i_cookie, offset, COOKIE_SIZE);
1042 decr = (decrypt_data_t*) g_hash_table_lookup(isakmp_hash, i_cookie);
1045 ic_key = g_mem_chunk_alloc(isakmp_key_data);
1046 memcpy(ic_key, i_cookie, COOKIE_SIZE);
1047 decr = g_mem_chunk_alloc(isakmp_decrypt_data);
1048 memset(decr, 0, sizeof(decrypt_data_t));
1049 SET_ADDRESS(&decr->initiator, AT_NONE, 0, NULL);
1051 g_hash_table_insert(isakmp_hash, ic_key, decr);
1054 if (ADDRESSES_EQUAL(&decr->initiator, &null_addr)) {
1055 /* XXX - We assume that we're seeing the second packet in an exchange here.
1056 * Is there a way to verify this? */
1057 SE_COPY_ADDRESS(&decr->initiator, &pinfo->src);
1060 pd_save = pinfo->private_data;
1061 pinfo->private_data = decr;
1063 } else if (isakmp_version == 2) {
1064 ikev2_uat_data_key_t hash_key;
1065 ikev2_uat_data_t *ike_sa_data = NULL;
1066 ikev2_decrypt_data_t *ikev2_dec_data;
1067 guchar spii[COOKIE_SIZE], spir[COOKIE_SIZE];
1069 tvb_memcpy(tvb, spii, offset, COOKIE_SIZE);
1070 tvb_memcpy(tvb, spir, offset + COOKIE_SIZE, COOKIE_SIZE);
1071 hash_key.spii = spii;
1072 hash_key.spir = spir;
1073 hash_key.spii_len = COOKIE_SIZE;
1074 hash_key.spir_len = COOKIE_SIZE;
1076 ike_sa_data = g_hash_table_lookup(ikev2_key_hash, &hash_key);
1078 guint8 initiator_flag;
1079 initiator_flag = hdr.flags & I_FLAG;
1080 ikev2_dec_data = ep_alloc(sizeof(ikev2_decrypt_data_t));
1081 ikev2_dec_data->encr_key = initiator_flag ? ike_sa_data->sk_ei : ike_sa_data->sk_er;
1082 ikev2_dec_data->auth_key = initiator_flag ? ike_sa_data->sk_ai : ike_sa_data->sk_ar;
1083 ikev2_dec_data->encr_spec = ike_sa_data->encr_spec;
1084 ikev2_dec_data->auth_spec = ike_sa_data->auth_spec;
1086 pd_save = pinfo->private_data;
1087 pinfo->private_data = ikev2_dec_data;
1091 #endif /* HAVE_LIBGCRYPT */
1094 proto_tree_add_item(isakmp_tree, hf_isakmp_icookie, tvb, offset, COOKIE_SIZE, FALSE);
1095 offset += COOKIE_SIZE;
1097 proto_tree_add_item(isakmp_tree, hf_isakmp_rcookie, tvb, offset, COOKIE_SIZE, FALSE);
1098 offset += COOKIE_SIZE;
1100 hdr.next_payload = tvb_get_guint8(tvb, offset);
1101 proto_tree_add_uint_format(isakmp_tree, hf_isakmp_nextpayload, tvb, offset,
1102 sizeof(hdr.next_payload), hdr.next_payload,
1103 "Next payload: %s (%u)",
1104 payloadtype2str(isakmp_version, hdr.next_payload),
1106 offset += sizeof(hdr.next_payload);
1108 proto_tree_add_uint_format(isakmp_tree, hf_isakmp_version, tvb, offset,
1109 sizeof(hdr.version), hdr.version, "Version: %u.%u",
1110 hi_nibble(hdr.version), lo_nibble(hdr.version));
1111 offset += sizeof(hdr.version);
1113 hdr.exch_type = tvb_get_guint8(tvb, offset);
1114 proto_tree_add_uint_format(isakmp_tree, hf_isakmp_exchangetype, tvb, offset,
1115 sizeof(hdr.exch_type), hdr.exch_type,
1116 "Exchange type: %s (%u)",
1117 exchtype2str(isakmp_version, hdr.exch_type),
1119 offset += sizeof(hdr.exch_type);
1125 fti = proto_tree_add_item(isakmp_tree, hf_isakmp_flags, tvb, offset, sizeof(hdr.flags), FALSE);
1126 ftree = proto_item_add_subtree(fti, ett_isakmp_flags);
1128 if (isakmp_version == 1) {
1129 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
1130 decode_boolean_bitfield(hdr.flags, E_FLAG, sizeof(hdr.flags)*8,
1131 "Encrypted", "Not encrypted"));
1132 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
1133 decode_boolean_bitfield(hdr.flags, C_FLAG, sizeof(hdr.flags)*8,
1134 "Commit", "No commit"));
1135 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
1136 decode_boolean_bitfield(hdr.flags, A_FLAG, sizeof(hdr.flags)*8,
1137 "Authentication", "No authentication"));
1138 } else if (isakmp_version == 2) {
1139 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
1140 decode_boolean_bitfield(hdr.flags, I_FLAG, sizeof(hdr.flags)*8,
1141 "Initiator", "Responder"));
1142 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
1143 decode_boolean_bitfield(hdr.flags, V_FLAG, sizeof(hdr.flags)*8,
1144 "A higher version enabled", ""));
1145 proto_tree_add_text(ftree, tvb, offset, 1, "%s",
1146 decode_boolean_bitfield(hdr.flags, R_FLAG, sizeof(hdr.flags)*8,
1147 "Response", "Request"));
1149 offset += sizeof(hdr.flags);
1152 hdr.message_id = tvb_get_ntohl(tvb, offset);
1153 proto_tree_add_item(isakmp_tree, hf_isakmp_messageid, tvb, offset, sizeof(hdr.message_id), FALSE);
1154 offset += sizeof(hdr.message_id);
1156 if (hdr.length < ISAKMP_HDR_SIZE) {
1157 proto_tree_add_uint_format(isakmp_tree, hf_isakmp_length, tvb, offset, sizeof(hdr.length),
1158 hdr.length, "Length: (bogus, length is %u, should be at least %lu)",
1159 hdr.length, (unsigned long)ISAKMP_HDR_SIZE);
1160 #ifdef HAVE_LIBGCRYPT
1161 if (pd_changed) pinfo->private_data = pd_save;
1162 #endif /* HAVE_LIBGCRYPT */
1166 len = hdr.length - ISAKMP_HDR_SIZE;
1169 proto_tree_add_uint_format(isakmp_tree, hf_isakmp_length, tvb, offset, sizeof(hdr.length),
1170 hdr.length, "Length: (bogus, length is %u, which is too large)",
1172 #ifdef HAVE_LIBGCRYPT
1173 if (pd_changed) pinfo->private_data = pd_save;
1174 #endif /* HAVE_LIBGCRYPT */
1178 proto_tree_add_item(isakmp_tree, hf_isakmp_length, tvb, offset, sizeof(hdr.length), FALSE);
1179 offset += sizeof(hdr.length);
1181 if (hdr.flags & E_FLAG) {
1182 if (len && isakmp_tree) {
1183 ti = proto_tree_add_text(isakmp_tree, tvb, offset, len,
1184 "Encrypted payload (%d byte%s)",
1185 len, plurality(len, "", "s"));
1186 #ifdef HAVE_LIBGCRYPT
1189 decr_tvb = decrypt_payload(tvb, pinfo, tvb_get_ptr(tvb, offset, len), len, &hdr);
1191 decr_tree = proto_item_add_subtree(ti, ett_isakmp);
1192 dissect_payloads(decr_tvb, decr_tree, tree, isakmp_version,
1193 hdr.next_payload, 0, tvb_length(decr_tvb), pinfo);
1196 #endif /* HAVE_LIBGCRYPT */
1199 dissect_payloads(tvb, isakmp_tree, tree, isakmp_version, hdr.next_payload,
1200 offset, len, pinfo);
1202 #ifdef HAVE_LIBGCRYPT
1203 if (pd_changed) pinfo->private_data = pd_save;
1204 #endif /* HAVE_LIBGCRYPT */
1208 dissect_payload_header(tvbuff_t *tvb, int offset, int length,
1209 int isakmp_version, guint8 payload, guint8 *next_payload_p,
1210 guint16 *payload_length_p, proto_tree *tree)
1212 guint8 next_payload;
1213 guint16 payload_length;
1218 proto_tree_add_text(tree, tvb, offset, length,
1219 "Not enough room in payload for all transforms");
1222 next_payload = tvb_get_guint8(tvb, offset);
1223 payload_length = tvb_get_ntohs(tvb, offset + 2);
1225 /* This is ugly, but the code is too inflexible to handle this at the
1226 * proper place (dissect_vid)
1228 if (payload == 13) { /* Vendor ID */
1229 ti = proto_tree_add_text(tree, tvb, offset, payload_length,
1230 "%s: %s", payloadtype2str(isakmp_version, payload),
1231 vid_to_str(tvb, offset + 4, payload_length - 4));
1233 ti = proto_tree_add_text(tree, tvb, offset, payload_length,
1234 "%s payload", payloadtype2str(isakmp_version, payload));
1236 ntree = proto_item_add_subtree(ti, ett_isakmp_payload);
1238 proto_tree_add_uint_format(ntree, hf_isakmp_nextpayload, tvb, offset, 1,
1239 next_payload, "Next payload: %s (%u)",
1240 payloadtype2str(isakmp_version, next_payload),
1242 if (isakmp_version == 2) {
1243 proto_tree_add_text(ntree, tvb, offset + 1, 1, "%s",
1244 decode_boolean_bitfield(tvb_get_guint8(tvb, offset + 1), 0x80,
1245 8, "Critical", "Not critical"));
1247 proto_tree_add_item(ntree, hf_isakmp_payloadlen, tvb, offset + 2, 2, FALSE);
1249 *next_payload_p = next_payload;
1250 *payload_length_p = payload_length;
1255 dissect_sa(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1256 proto_tree *p _U_, packet_info *pinfo, int isakmp_version, int unused _U_, guint8 inner_payload _U_)
1262 proto_tree_add_text(tree, tvb, offset, length,
1263 "DOI %s (length is %u, should be >= 4)",
1264 tvb_bytes_to_str(tvb, offset, length), length);
1267 if (isakmp_version == 1) {
1268 doi = tvb_get_ntohl(tvb, offset);
1269 proto_tree_add_uint_format(tree, hf_isakmp_doi, tvb, offset, 4,
1270 doi, "Domain of interpretation: %s (%u)",
1271 doitype2str(doi), doi);
1278 proto_tree_add_bytes_format(tree, hf_isakmp_sa_situation, tvb, offset, length,
1279 tvb_get_ptr(tvb, offset, length),
1280 "Situation: %s (length is %u, should be >= 4)",
1281 tvb_bytes_to_str(tvb, offset, length), length);
1284 situation = tvb_get_ntohl(tvb, offset);
1285 proto_tree_add_bytes_format(tree, hf_isakmp_sa_situation, tvb, offset, 4,
1286 tvb_get_ptr(tvb, offset, 4), "Situation: %s (%u)",
1287 situation2str(situation), situation);
1291 dissect_payloads(tvb, tree, tree, isakmp_version, LOAD_TYPE_PROPOSAL, offset,
1295 proto_tree_add_item(tree, hf_isakmp_sa_situation, tvb, offset, length, FALSE);
1297 } else if (isakmp_version == 2) {
1298 dissect_payloads(tvb, tree, tree, isakmp_version, LOAD_TYPE_PROPOSAL, offset,
1304 dissect_proposal(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1305 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version, int unused _U_, guint8 inner_payload _U_)
1309 guint8 num_transforms;
1310 guint8 next_payload;
1311 guint16 payload_length;
1313 guint8 proposal_num;
1315 proposal_num = tvb_get_guint8(tvb, offset);
1317 proto_item_append_text(tree, " # %d", proposal_num);
1319 proto_tree_add_item(tree, hf_isakmp_prop_number, tvb, offset, 1, FALSE);
1323 protocol_id = tvb_get_guint8(tvb, offset);
1324 proto_tree_add_uint_format(tree, hf_isakmp_protoid, tvb, offset, 1,
1325 protocol_id, "Protocol ID: %s (%u)",
1326 val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
1330 spi_size = tvb_get_guint8(tvb, offset);
1331 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, FALSE);
1335 num_transforms = tvb_get_guint8(tvb, offset);
1336 proto_tree_add_item(tree, hf_isakmp_prop_transforms, tvb, offset, 1, FALSE);
1341 proto_tree_add_text(tree, tvb, offset, spi_size, "SPI: 0x%s",
1342 tvb_bytes_to_str(tvb, offset, spi_size));
1347 while (num_transforms > 0) {
1348 ntree = dissect_payload_header(tvb, offset, length, isakmp_version,
1349 LOAD_TYPE_TRANSFORM, &next_payload, &payload_length, tree);
1352 if (length < payload_length) {
1353 proto_tree_add_text(tree, tvb, offset + 4, length,
1354 "Not enough room in payload for all transforms");
1357 if (payload_length >= 4) {
1358 if (isakmp_version == 1)
1359 dissect_transform(tvb, offset + 4, payload_length - 4, ntree,
1360 ntree, pinfo, isakmp_version, protocol_id, 0);
1361 else if (isakmp_version == 2)
1362 dissect_transform2(tvb, offset + 4, payload_length - 4, ntree,
1363 ntree, pinfo, isakmp_version, protocol_id, 0);
1366 proto_tree_add_text(ntree, tvb, offset + 4, payload_length - 4, "Payload");
1367 offset += payload_length;
1368 length -= payload_length;
1374 dissect_transform(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1375 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version _U_, int protocol_id, guint8 inner_payload _U_)
1377 static const value_string vs_v1_attr[] = {
1378 { 1, "Encryption-Algorithm" },
1379 { 2, "Hash-Algorithm" },
1380 { 3, "Authentication-Method" },
1381 { 4, "Group-Description" },
1382 { 5, "Group-Type" },
1383 { 6, "Group-Prime" },
1384 { 7, "Group-Generator-One" },
1385 { 8, "Group-Generator-Two" },
1386 { 9, "Group-Curve-A" },
1387 { 10, "Group-Curve-B" },
1388 { 11, "Life-Type" },
1389 { 12, "Life-Duration" },
1391 { 14, "Key-Length" },
1392 { 15, "Field-Size" },
1393 { 16, "Group-Order" },
1397 static const value_string vs_v2_sttr[] = {
1398 { 1, "SA-Life-Type" },
1399 { 2, "SA-Life-Duration" },
1400 { 3, "Group-Description" },
1401 { 4, "Encapsulation-Mode" },
1402 { 5, "Authentication-Algorithm" },
1403 { 6, "Key-Length" },
1404 { 7, "Key-Rounds" },
1405 { 8, "Compress-Dictionary-Size" },
1406 { 9, "Compress-Private-Algorithm" },
1407 { 10, "ECN Tunnel" },
1411 static const value_string vs_v1_trans_isakmp[] = {
1417 static const value_string vs_v1_trans_ah[] = {
1429 static const value_string vs_v1_trans_esp[] = {
1446 static const value_string vs_v1_trans_ipcomp[] = {
1455 guint8 transform_id;
1456 guint8 transform_num;
1457 #ifdef HAVE_LIBGCRYPT
1458 decrypt_data_t *decr = (decrypt_data_t *) pinfo->private_data;
1459 #endif /* HAVE_LIBGCRYPT */
1461 transform_num = tvb_get_guint8(tvb, offset);
1462 proto_item_append_text(tree," # %d",transform_num);
1463 proto_tree_add_item(tree, hf_isakmp_trans_number, tvb, offset, 1, FALSE);
1467 transform_id = tvb_get_guint8(tvb, offset);
1468 switch (protocol_id) {
1470 proto_tree_add_item(tree, hf_isakmp_trans_id, tvb, offset, 1, FALSE);
1472 case 1: /* ISAKMP */
1473 proto_tree_add_uint_format(tree, hf_isakmp_trans_id, tvb, offset, 1,
1474 transform_id, "Transform ID: %s (%u)",
1475 val_to_str(transform_id, vs_v1_trans_isakmp, "UNKNOWN-TRANS-TYPE"), transform_id);
1478 proto_tree_add_uint_format(tree, hf_isakmp_trans_id, tvb, offset, 1,
1479 transform_id, "Transform ID: %s (%u)",
1480 val_to_str(transform_id, vs_v1_trans_ah, "UNKNOWN-AH-TRANS-TYPE"), transform_id);
1483 proto_tree_add_uint_format(tree, hf_isakmp_trans_id, tvb, offset, 1,
1484 transform_id, "Transform ID: %s (%u)",
1485 val_to_str(transform_id, vs_v1_trans_esp, "UNKNOWN-ESP-TRANS-TYPE"), transform_id);
1487 case 4: /* IPCOMP */
1488 proto_tree_add_uint_format(tree, hf_isakmp_trans_id, tvb, offset, 1,
1489 transform_id, "Transform ID: %s (%u)",
1490 val_to_str(transform_id, vs_v1_trans_ipcomp, "UNKNOWN-IPCOMP-TRANS-TYPE"), transform_id);
1499 guint16 aft = tvb_get_ntohs(tvb, offset);
1500 guint16 type = aft & 0x7fff;
1505 /* XXX - Add header fields */
1506 if (protocol_id == 1 && transform_id == 1) {
1508 str = val_to_str(type, vs_v1_attr, "UNKNOWN-ATTRIBUTE-TYPE");
1511 str = val_to_str(type, vs_v2_sttr, "UNKNOWN-ATTRIBUTE-TYPE");
1515 val = tvb_get_ntohs(tvb, offset + 2);
1516 proto_tree_add_text(tree, tvb, offset, 4,
1519 v1_attrval2str(ike_phase1, type, val), val);
1520 #ifdef HAVE_LIBGCRYPT
1521 set_transform_vals(decr, ike_phase1, type, val);
1527 len = tvb_get_ntohs(tvb, offset + 2);
1529 if (!get_num(tvb, offset + 4, len, &val)) {
1530 proto_tree_add_text(tree, tvb, offset, pack_len,
1531 "%s (%u): <too big (%u bytes)>",
1534 proto_tree_add_text(tree, tvb, offset, pack_len,
1537 v1_attrval2str(ike_phase1, type, val), val);
1538 #ifdef HAVE_LIBGCRYPT
1539 set_transform_vals(decr, ike_phase1, type, val);
1548 /* For Transform Type 1 (Encryption Algorithm), defined Transform IDs */
1550 v2_tid2encstr(guint16 tid)
1552 static const value_string vs_v2_trans_enc[] = {
1554 { 1, "ENCR_DES_IV64" },
1560 { 7, "ENCR_BLOWFISH" },
1561 { 8, "ENCR_3IDEA" },
1562 { 9, "ENCR_DES_IV32" },
1564 { 11, "ENCR_NULL" },
1565 { 12, "ENCR_AES_CBC" },
1566 { 13, "ENCR_AES_CTR" }, /* [RFC3686] */
1567 { 14, "ENCR_AES-CCM_8" }, /* [RFC4309] */
1568 { 15, "ENCR-AES-CCM_12" }, /* [RFC4309] */
1569 { 16, "ENCR-AES-CCM_16" }, /* [RFC4309] */
1570 { 17, "UNASSIGNED" },
1571 { 18, "AES-GCM with a 8 octet ICV" }, /* [RFC4106] */
1572 { 19, "AES-GCM with a 12 octet ICV" }, /* [RFC4106] */
1573 { 20, "AES-GCM with a 16 octet ICV" }, /* [RFC4106] */
1574 { 21, "ENCR_NULL_AUTH_AES_GMAC" }, /* [RFC4543] */
1576 * 22-1023 RESERVED TO IANA [RFC4306]
1577 * 1024-65535 PRIVATE USE [RFC4306]
1582 return val_to_str(tid, vs_v2_trans_enc, "UNKNOWN-ENC-ALG");
1585 /* For Transform Type 2 (Pseudo-random Function), defined Transform IDs */
1587 v2_tid2prfstr(guint16 tid)
1589 static const value_string vs_v2_trans_prf[] = {
1591 { 1, "PRF_HMAC_MD5" },
1592 { 2, "PRF_HMAC_SHA1" },
1593 { 3, "PRF_HMAC_TIGER" },
1594 { 4, "PRF_AES128_CBC" },
1595 { 5, "RESERVED TO IANA" }, /* [RFC4306] */
1596 { 6, "RESERVED TO IANA" }, /* [RFC4306] */
1597 { 7, "RESERVED TO IANA" }, /* [RFC4306] */
1598 { 8, "PRF_AES128_CMAC6" }, /* [RFC4615] */
1600 9-1023 RESERVED TO IANA [RFC4306]
1601 1024-65535 PRIVATE USE [RFC4306]
1605 return val_to_str(tid, vs_v2_trans_prf, "UNKNOWN-PRF");
1608 /* For Transform Type 3 (Integrity Algorithm), defined Transform IDs */
1610 v2_tid2iastr(guint16 tid)
1612 static const value_string vs_v2_trans_integrity[] = {
1614 { 1, "AUTH_HMAC_MD5_96" },
1615 { 2, "AUTH_HMAC_SHA1_96" },
1616 { 3, "AUTH_DES_MAC" },
1617 { 4, "AUTH_KPDK_MD5" },
1618 { 5, "AUTH_AES_XCBC_96" },
1619 { 6, "AUTH_HMAC_MD5_128" }, /* [RFC-maino-fcsp-02.txt] */
1620 { 7, "AUTH_HMAC_SHA1_160" }, /* [RFC-maino-fcsp-02.txt] */
1621 { 8, "AUTH_AES_CMAC_96" }, /* [RFC4494] */
1622 { 9, "AUTH_AES_128_GMAC" }, /* [RFC4543] */
1623 { 10, "AUTH_AES_192_GMAC" }, /* [RFC4543] */
1624 { 11, "AUTH_AES_256_GMAC" }, /* [RFC4543] */
1626 12-1023 RESERVED TO IANA [RFC4306]
1627 1024-65535 PRIVATE USE [RFC4306]
1631 return val_to_str(tid, vs_v2_trans_integrity, "UNKNOWN-INTEGRITY-ALG");
1634 /* For Transform Type 4 (Diffie-Hellman Group), defined Transform IDs */
1636 v2_tid2dhstr(guint16 tid)
1638 static const value_string vs_v2_trans_dhgroup[] = {
1640 { 1, "Group 1 - 768 Bit MODP" },
1641 { 2, "Group 2 - 1024 Bit MODP" },
1644 { 5, "group 5 - 1536 Bit MODP" },
1645 /* 6-13 RESERVED TO IANA [RFC4306] */
1646 { 14, "2048-bit MODP Group" },
1647 { 15, "3072-bit MODP Group" },
1648 { 16, "4096-bit MODP Group" },
1649 { 17, "6144-bit MODP Group" },
1650 { 18, "8192-bit MODP Group" },
1651 { 19, "256-bit random ECP group" }, /* [RFC-ietf-ipsec-ike-ecp-groups-02.txt]*/
1652 { 20, "384-bit random ECP group" }, /* [RFC-ietf-ipsec-ike-ecp-groups-02.txt]*/
1653 { 21, "521-bit random ECP group" }, /* [RFC-ietf-ipsec-ike-ecp-groups-02.txt]*/
1655 22-1023 RESERVED TO IANA [RFC4306]
1656 1024-65535 PRIVATE USE [RFC4306]
1661 if ((tid >= 6 && tid <= 13) || (tid >= 22 && tid <= 1023))
1662 return "RESERVED TO IANA";
1664 return "PRIVATE USE";
1665 return val_to_str(tid, vs_v2_trans_dhgroup, "UNKNOWN-DH-GROUP");
1668 /* For Transform Type 5 (Extended Sequence Numbers), defined Transform */
1670 v2_tid2esnstr(guint16 tid)
1672 static const value_string vs_v2_trans_esn[] = {
1673 { 0, "No Extended Sequence Numbers" },
1674 { 1, "Extended Sequence Numbers" },
1678 return val_to_str(tid, vs_v2_trans_esn, "UNKNOWN-ESN-TYPE");
1684 const char *(*func)(guint16);
1686 { 0, "RESERVED", NULL, },
1687 { 1, "Encryption Algorithm (ENCR)", v2_tid2encstr },
1688 { 2, "Pseudo-random Function (PRF)", v2_tid2prfstr },
1689 { 3, "Integrity Algorithm (INTEG)", v2_tid2iastr },
1690 { 4, "Diffie-Hellman Group (D-H)", v2_tid2dhstr },
1691 { 5, "Extended Sequence Numbers (ESN)", v2_tid2esnstr },
1695 v2_trans2str(guint8 type)
1697 if (type < ARLEN(v2_tid_func)) return v2_tid_func[type].str;
1698 if (type < 240) return "RESERVED TO IANA";
1699 return "PRIVATE USE";
1703 v2_tid2str(guint8 type, guint16 tid)
1705 if (type < ARLEN(v2_tid_func) && v2_tid_func[type].func != NULL) {
1706 return (v2_tid_func[type].func)(tid);
1712 v2_aft2str(guint16 aft)
1714 if (aft < 14 || (aft > 14 && aft < 18)) return "RESERVED";
1715 if (aft == 14) return "Key Length (in bits)";
1716 if (aft >= 18 && aft < 16384) return "RESERVED TO IANA";
1717 return "PRIVATE USE";
1721 dissect_transform2(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1722 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_, guint8 inner_payload _U_)
1724 guint8 transform_type;
1725 guint16 transform_id;
1727 transform_type = tvb_get_guint8(tvb, offset);
1728 proto_tree_add_text(tree, tvb, offset, 1,
1729 "Transform type: %s (%u)", v2_trans2str(transform_type), transform_type);
1733 transform_id = tvb_get_ntohs(tvb, offset);
1734 proto_tree_add_text(tree, tvb, offset, 2,
1735 "Transform ID: %s (%u)", v2_tid2str(transform_type, transform_id),
1742 guint16 aft = tvb_get_ntohs(tvb, offset);
1743 guint16 type = aft & 0x7fff;
1748 str = v2_aft2str(type);
1751 val = tvb_get_ntohs(tvb, offset + 2);
1752 proto_tree_add_text(tree, tvb, offset, 4,
1755 v2_attrval2str(type, val), val);
1760 len = tvb_get_ntohs(tvb, offset + 2);
1762 if (!get_num(tvb, offset + 4, len, &val)) {
1763 proto_tree_add_text(tree, tvb, offset, pack_len,
1764 "%s (%u): <too big (%u bytes)>",
1767 proto_tree_add_text(tree, tvb, offset, pack_len,
1770 v2_attrval2str(type, val), val);
1779 dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1780 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version, int unused _U_, guint8 inner_payload _U_)
1783 #ifdef HAVE_LIBGCRYPT
1784 decrypt_data_t *decr = (decrypt_data_t *) pinfo->private_data;
1785 #endif /* HAVE_LIBGCRYPT */
1787 if (isakmp_version == 2) {
1788 dhgroup = tvb_get_ntohs(tvb, offset);
1789 proto_tree_add_text(tree, tvb, offset, 2,
1790 "DH Group #: %u", dhgroup);
1795 proto_tree_add_text(tree, tvb, offset, length, "Key Exchange Data (%d bytes / %d bits)",
1796 length, length * 8);
1798 #ifdef HAVE_LIBGCRYPT
1799 if (decr && decr->gi_len == 0 && ADDRESSES_EQUAL(&decr->initiator, &pinfo->src)) {
1800 decr->gi = g_malloc(length);
1801 tvb_memcpy(tvb, decr->gi, offset, length);
1802 decr->gi_len = length;
1803 } else if (decr && decr->gr_len == 0 && !ADDRESSES_EQUAL(&decr->initiator, &pinfo->src)) {
1804 decr->gr = g_malloc(length);
1805 tvb_memcpy(tvb, decr->gr, offset, length);
1806 decr->gr_len = length;
1808 #endif /* HAVE_LIBGCRYPT */
1812 dissect_id(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1813 proto_tree *p _U_, packet_info *pinfo, int isakmp_version, int unused _U_, guint8 inner_payload _U_)
1818 asn1_ctx_t asn1_ctx;
1819 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
1821 id_type = tvb_get_guint8(tvb, offset);
1822 proto_tree_add_item(tree, hf_isakmp_id_type, tvb, offset, 1, FALSE);
1823 proto_tree_add_text(tree, tvb, offset, 1,
1825 id2str(isakmp_version, id_type), id_type);
1829 protocol_id = tvb_get_guint8(tvb, offset);
1830 if (protocol_id == 0) {
1831 proto_tree_add_uint_format(tree, hf_isakmp_protoid, tvb, offset, 1,
1832 protocol_id, "Protocol ID: Unused");
1834 proto_tree_add_uint_format(tree, hf_isakmp_protoid, tvb, offset, 1,
1835 protocol_id, "Protocol ID: %s (%u)",
1836 ipprotostr(protocol_id), protocol_id);
1841 port = tvb_get_ntohs(tvb, offset);
1843 proto_tree_add_uint_format(tree, hf_isakmp_id_port, tvb, offset, 2,
1844 port, "Port: Unused");
1846 proto_tree_add_item(tree, hf_isakmp_id_port, tvb, offset, 2, FALSE);
1851 * It shows strings of all types though some of types are not
1852 * supported in IKEv2 specification actually.
1855 case IKE_ID_IPV4_ADDR:
1856 proto_tree_add_text(tree, tvb, offset, length,
1857 "Identification data: %s",
1858 ip_to_str(tvb_get_ptr(tvb, offset, 4)));
1861 case IKE_ID_USER_FQDN:
1862 proto_tree_add_text(tree, tvb, offset, length,
1863 "Identification data: %.*s", length,
1864 tvb_get_ptr(tvb, offset, length));
1866 case IKE_ID_IPV4_ADDR_SUBNET:
1867 case IKE_ID_IPV4_ADDR_RANGE:
1868 proto_tree_add_text(tree, tvb, offset, length,
1869 "Identification data: %s/%s",
1870 ip_to_str(tvb_get_ptr(tvb, offset, 4)),
1871 ip_to_str(tvb_get_ptr(tvb, offset+4, 4)));
1873 case IKE_ID_IPV6_ADDR:
1874 proto_tree_add_text(tree, tvb, offset, length,
1875 "Identification data: %s",
1876 ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, 16)));
1878 case IKE_ID_IPV6_ADDR_SUBNET:
1879 case IKE_ID_IPV6_ADDR_RANGE:
1880 proto_tree_add_text(tree, tvb, offset, length,
1881 "Identification data: %s/%s",
1882 ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, 16)),
1883 ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset+16, 16)));
1885 case IKE_ID_DER_ASN1_DN:
1886 dissect_x509if_Name(FALSE, tvb, offset, &asn1_ctx, tree,
1887 hf_isakmp_certificate_authority);
1890 proto_tree_add_text(tree, tvb, offset, length, "Identification Data");
1896 dissect_cert(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1897 proto_tree *p _U_, packet_info *pinfo, int isakmp_version, int unused _U_, guint8 inner_payload _U_)
1900 asn1_ctx_t asn1_ctx;
1901 asn1_ctx_init(&asn1_ctx, ASN1_ENC_PER, TRUE, pinfo);
1903 cert_enc = tvb_get_guint8(tvb, offset);
1904 proto_tree_add_uint_format(tree, hf_isakmp_cert_encoding, tvb, offset, 1,
1905 cert_enc, "Certificate encoding: %u - %s",
1906 cert_enc, certtype2str(isakmp_version, cert_enc));
1910 dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, tree, hf_isakmp_certificate);
1914 dissect_certreq_v1(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1915 proto_tree *p _U_, packet_info *pinfo, int isakmp_version, int unused _U_, guint8 inner_payload _U_)
1918 asn1_ctx_t asn1_ctx;
1919 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
1921 cert_type = tvb_get_guint8(tvb, offset);
1922 proto_tree_add_uint_format(tree, hf_isakmp_certreq_type, tvb, offset, 1,
1923 cert_type, "Certificate type: %u - %s",
1924 cert_type, certtype2str(isakmp_version, cert_type));
1929 if (cert_type == 4){
1930 dissect_x509if_Name(FALSE, tvb, offset, &asn1_ctx, tree, hf_isakmp_certificate_authority);
1932 proto_tree_add_text(tree, tvb, offset, length, "Certificate Authority");
1936 proto_tree_add_text(tree, tvb, offset, length, "Certificate Authority (empty)");
1940 dissect_certreq_v2(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1941 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version, int unused _U_, guint8 inner_payload _U_)
1945 cert_type = tvb_get_guint8(tvb, offset);
1946 proto_tree_add_text(tree, tvb, offset, 1,
1947 "Certificate type: %u - %s",
1948 cert_type, certtype2str(isakmp_version, cert_type));
1952 /* this is a list of 20 byte SHA-1 hashes */
1953 while (length > 0) {
1954 proto_tree_add_item(tree, hf_isakmp_v2_certificate_authority, tvb, offset, 20, FALSE);
1961 dissect_hash(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1962 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_, guint8 inner_payload _U_)
1964 proto_tree_add_text(tree, tvb, offset, length, "Hash Data");
1968 dissect_auth(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1969 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_, guint8 inner_payload _U_)
1973 auth = tvb_get_guint8(tvb, offset);
1974 proto_tree_add_text(tree, tvb, offset, 1,
1975 "Auth Method: %s (%u)", v2_auth2str(auth), auth);
1979 proto_tree_add_text(tree, tvb, offset, length, "Authentication Data");
1983 dissect_sig(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1984 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_, guint8 inner_payload _U_)
1986 proto_tree_add_text(tree, tvb, offset, length, "Signature Data");
1990 dissect_cisco_fragmentation(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
1991 proto_tree *ptree, packet_info *pinfo, int isakmp_version _U_, int unused _U_, guint8 inner_payload _U_)
1994 guint8 seq; /* Packet sequence number, starting from 1 */
2000 proto_tree_add_item(tree, hf_isakmp_cisco_frag_packetid, tvb, offset, 2, FALSE);
2002 seq = tvb_get_guint8(tvb, offset);
2003 proto_tree_add_item(tree, hf_isakmp_cisco_frag_seq, tvb, offset, 1, FALSE);
2005 last = tvb_get_guint8(tvb, offset);
2006 proto_tree_add_item(tree, hf_isakmp_cisco_frag_last, tvb, offset, 1, FALSE);
2010 /* Start Reassembly stuff for Cisco IKE fragmentation */
2012 gboolean save_fragmented;
2013 tvbuff_t *defrag_isakmp_tvb = NULL;
2014 fragment_data *frag_msg = NULL;
2016 save_fragmented = pinfo->fragmented;
2017 pinfo->fragmented = TRUE;
2018 frag_msg = fragment_add_seq_check(tvb, offset, pinfo,
2019 12345, /*FIXME: Fragmented packet id, guint16, somehow get CKY here */
2020 isakmp_fragment_table, /* list of message fragments */
2021 isakmp_reassembled_table, /* list of reassembled messages */
2022 seq-1, /* fragment sequence number, starting from 0 */
2023 tvb_length_remaining(tvb, offset), /* fragment length - to the end */
2024 last); /* More fragments? */
2025 defrag_isakmp_tvb = process_reassembled_data(tvb, offset, pinfo,
2026 "Reassembled Message", frag_msg, &isakmp_frag_items,
2029 if (defrag_isakmp_tvb) { /* take it all */
2030 dissect_isakmp(defrag_isakmp_tvb, pinfo, ptree);
2032 if (check_col(pinfo->cinfo, COL_INFO))
2033 col_append_fstr(pinfo->cinfo, COL_INFO,
2034 " (%sMessage fragment %u%s)",
2035 (frag_msg ? "Reassembled + " : ""),
2036 seq, (last ? " - last" : ""));
2037 pinfo->fragmented = save_fragmented;
2039 /* End Reassembly stuff for Cisco IKE fragmentation */
2044 dissect_nonce(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
2045 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_, guint8 inner_payload _U_)
2047 proto_tree_add_text(tree, tvb, offset, length, "Nonce Data");
2051 v2_ipcomptype2str(guint8 type)
2053 static const value_string vs_v2_ipcomptype[] = {
2055 { 1, "IPCOMP_OUI" },
2056 { 2, "IPCOMP_DEFLATE" },
2057 { 3, "IPCOMP_LZS" },
2058 { 4, "IPCOMP_LZJH" },
2062 if (type >= 5 && type <= 240)
2063 return "RESERVED TO IANA";
2065 return "PRIVATE USE";
2066 return val_to_str(type, vs_v2_ipcomptype, "UNKNOWN-IPCOMP-TYPE");
2070 dissect_notif(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
2071 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version, int unused _U_, guint8 inner_payload _U_)
2079 if (isakmp_version == 1) {
2080 doi = tvb_get_ntohl(tvb, offset);
2081 proto_tree_add_uint_format(tree, hf_isakmp_doi, tvb, offset, 4,
2082 doi, "Domain of interpretation: %s (%u)",
2083 doitype2str(doi), doi);
2088 protocol_id = tvb_get_guint8(tvb, offset);
2089 proto_tree_add_uint_format(tree, hf_isakmp_protoid, tvb, offset, 1,
2090 protocol_id, "Protocol ID: %s (%u)",
2091 val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
2095 spi_size = tvb_get_guint8(tvb, offset);
2096 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, FALSE);
2100 msgtype = tvb_get_ntohs(tvb, offset);
2101 proto_tree_add_uint_format(tree, hf_isakmp_notify_msgtype, tvb, offset, 2,
2102 msgtype, "Message type: %s (%u)",
2103 msgtype2str(isakmp_version, msgtype), msgtype);
2108 proto_tree_add_text(tree, tvb, offset, spi_size, "SPI: 0x%s",
2109 tvb_bytes_to_str(tvb, offset, spi_size));
2115 proto_tree_add_text(tree, tvb, offset, length, "Notification Data");
2117 /* notification data */
2118 if (isakmp_version == 2 && msgtype == 16387) {
2119 /* IPCOMP_SUPPORTED */
2120 proto_tree_add_text(tree, tvb, offset, 2,
2121 "IPComp CPI (%u)", tvb_get_ntohs(tvb, offset));
2122 ipcomptype = tvb_get_guint8(tvb, offset + 2);
2123 proto_tree_add_text(tree, tvb, offset + 2, 1,
2124 "Transform ID: %s (%u)",
2125 v2_ipcomptype2str(ipcomptype), ipcomptype);
2133 dissect_delete(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
2134 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_, guint8 inner_payload _U_)
2142 if (isakmp_version == 1) {
2143 doi = tvb_get_ntohl(tvb, offset);
2144 proto_tree_add_text(tree, tvb, offset, 4,
2145 "Domain of Interpretation: %s (%u)",
2146 doitype2str(doi), doi);
2151 protocol_id = tvb_get_guint8(tvb, offset);
2152 proto_tree_add_uint_format(tree, hf_isakmp_protoid, tvb, offset, 1,
2153 protocol_id, "Protocol ID: %s (%u)",
2154 val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
2158 spi_size = tvb_get_guint8(tvb, offset);
2159 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, FALSE);
2163 num_spis = tvb_get_ntohs(tvb, offset);
2164 proto_tree_add_item(tree, hf_isakmp_num_spis, tvb, offset, 2, FALSE);
2168 for (i = 0; i < num_spis; ++i) {
2169 if (length < spi_size) {
2170 proto_tree_add_text(tree, tvb, offset, length,
2171 "Not enough room in payload for all SPI's");
2174 proto_tree_add_text(tree, tvb, offset, spi_size, "SPI: 0x%s",
2175 tvb_bytes_to_str(tvb, offset, spi_size));
2182 vid_to_str(tvbuff_t* tvb, int offset, int length)
2184 const char * vendorstring;
2185 const guint8 * pVID;
2187 pVID = tvb_get_ptr(tvb, offset, length);
2189 if (length == VID_CISCO_FRAG_LEN
2190 && memcmp(pVID, VID_CISCO_FRAG, length) == 0)
2191 vendorstring = "Cisco Fragmentation";
2193 if (length == VID_MS_LEN
2194 && memcmp(pVID, VID_MS_W2K_WXP, length) == 0)
2195 vendorstring = "Microsoft Win2K/WinXP";
2197 if (memcmp(pVID, VID_CP, isakmp_min(VID_CP_LEN, length)) == 0)
2198 vendorstring = "Check Point";
2200 if (memcmp(pVID, VID_CYBERGUARD, isakmp_min(VID_LEN, length)) == 0)
2201 vendorstring = "Cyber Guard";
2203 if (memcmp(pVID, VID_rfc3947, isakmp_min(VID_LEN, length)) == 0)
2204 vendorstring = "RFC 3947 Negotiation of NAT-Traversal in the IKE";
2206 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_1_0, isakmp_min(VID_LEN, length)) == 0)
2207 vendorstring = "Ssh Communications Security IPSEC Express version 1.1.0";
2209 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_1_1, isakmp_min(VID_LEN, length)) == 0)
2210 vendorstring = "Ssh Communications Security IPSEC Express version 1.1.1";
2212 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_1_2, isakmp_min(VID_LEN, length)) == 0)
2213 vendorstring = "Ssh Communications Security IPSEC Express version 1.1.2";
2215 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_2_1, isakmp_min(VID_LEN, length)) == 0)
2216 vendorstring = "Ssh Communications Security IPSEC Express version 1.2.1";
2218 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_2_2, isakmp_min(VID_LEN, length)) == 0)
2219 vendorstring = "Ssh Communications Security IPSEC Express version 1.2.2";
2221 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_2_0_0, isakmp_min(VID_LEN, length)) == 0)
2222 vendorstring = "Ssh Communications Security IPSEC Express version 2.0.0";
2224 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_2_1_0, isakmp_min(VID_LEN, length)) == 0)
2225 vendorstring = "Ssh Communications Security IPSEC Express version 2.1.0";
2227 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_2_1_1, isakmp_min(VID_LEN, length)) == 0)
2228 vendorstring = "Ssh Communications Security IPSEC Express version 2.1.1";
2230 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_2_1_2, isakmp_min(VID_LEN, length)) == 0)
2231 vendorstring = "Ssh Communications Security IPSEC Express version 2.1.2";
2233 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_3_0_0, isakmp_min(VID_LEN, length)) == 0)
2234 vendorstring = "Ssh Communications Security IPSEC Express version 3.0.0";
2236 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_3_0_1, isakmp_min(VID_LEN, length)) == 0)
2237 vendorstring = "Ssh Communications Security IPSEC Express version 3.0.1";
2239 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_4_0_0, isakmp_min(VID_LEN, length)) == 0)
2240 vendorstring = "Ssh Communications Security IPSEC Express version 4.0.0";
2242 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_4_0_1, isakmp_min(VID_LEN, length)) == 0)
2243 vendorstring = "Ssh Communications Security IPSEC Express version 4.0.1";
2245 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_4_1_0, isakmp_min(VID_LEN, length)) == 0)
2246 vendorstring = "Ssh Communications Security IPSEC Express version 4.1.0";
2248 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_4_1_1, isakmp_min(VID_LEN, length)) == 0)
2249 vendorstring = "Ssh Communications Security IPSEC Express version 4.1.1";
2251 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_5_0, isakmp_min(VID_LEN, length)) == 0)
2252 vendorstring = "Ssh Communications Security IPSEC Express version 5.0";
2254 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_5_0_0, isakmp_min(VID_LEN, length)) == 0)
2255 vendorstring = "Ssh Communications Security IPSEC Express version 5.0.0";
2257 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_5_1_0, isakmp_min(VID_LEN, length)) == 0)
2258 vendorstring = "Ssh Communications Security IPSEC Express version 5.1.0";
2260 if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_5_1_1, isakmp_min(VID_LEN, length)) == 0)
2261 vendorstring = "Ssh Communications Security IPSEC Express version 5.1.1";
2263 if (memcmp(pVID, VID_SSH_SENTINEL, isakmp_min(VID_LEN, length)) == 0)
2264 vendorstring = "SSH Sentinel";
2266 if (memcmp(pVID, VID_SSH_SENTINEL_1_1, isakmp_min(VID_LEN, length)) == 0)
2267 vendorstring = "SSH Sentinel 1.1";
2269 if (memcmp(pVID, VID_SSH_SENTINEL_1_2, isakmp_min(VID_LEN, length)) == 0)
2270 vendorstring = "SSH Sentinel 1.2";
2272 if (memcmp(pVID, VID_SSH_SENTINEL_1_3, isakmp_min(VID_LEN, length)) == 0)
2273 vendorstring = "SSH Sentinel 1.3";
2275 if (memcmp(pVID, VID_SSH_QUICKSEC_0_9_0, isakmp_min(VID_LEN, length)) == 0)
2276 vendorstring = "SSH Communications Security QuickSec 0.9.0";
2278 if (memcmp(pVID, VID_SSH_QUICKSEC_1_1_0, isakmp_min(VID_LEN, length)) == 0)
2279 vendorstring = "SSH Communications Security QuickSec 1.1.0";
2281 if (memcmp(pVID, VID_SSH_QUICKSEC_1_1_1, isakmp_min(VID_LEN, length)) == 0)
2282 vendorstring = "SSH Communications Security QuickSec 1.1.1";
2284 if (memcmp(pVID, VID_SSH_QUICKSEC_1_1_2, isakmp_min(VID_LEN, length)) == 0)
2285 vendorstring = "SSH Communications Security QuickSec 1.1.2";
2287 if (memcmp(pVID, VID_SSH_QUICKSEC_1_1_3, isakmp_min(VID_LEN, length)) == 0)
2288 vendorstring = "SSH Communications Security QuickSec 1.1.3";
2290 if (memcmp(pVID, VID_draft_huttunen_ipsec_esp_in_udp_01, isakmp_min(VID_LEN, length)) == 0)
2291 vendorstring = "draft-huttunen-ipsec-esp-in-udp-01.txt";
2293 if (memcmp(pVID, VID_draft_stenberg_ipsec_nat_traversal_01, isakmp_min(VID_LEN, length)) == 0)
2294 vendorstring = "draft-stenberg-ipsec-nat-traversal-01";
2296 if (memcmp(pVID, VID_draft_stenberg_ipsec_nat_traversal_02, isakmp_min(VID_LEN, length)) == 0)
2297 vendorstring = "draft-stenberg-ipsec-nat-traversal-02";
2299 if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_00, isakmp_min(VID_LEN, length)) == 0)
2300 vendorstring = "draft-ietf-ipsec-nat-t-ike-00";
2302 if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_01, isakmp_min(VID_LEN, length)) == 0)
2303 vendorstring = "draft-ietf-ipsec-nat-t-ike-01";
2305 if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_02a, isakmp_min(VID_LEN, length)) == 0)
2306 vendorstring = "draft-ietf-ipsec-nat-t-ike-02";
2308 if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_02b, isakmp_min(VID_LEN, length)) == 0)
2309 vendorstring = "draft-ietf-ipsec-nat-t-ike-02\\n"; /* \n intentional */
2311 if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_03, isakmp_min(VID_LEN, length)) == 0)
2312 vendorstring = "draft-ietf-ipsec-nat-t-ike-03";
2314 if (memcmp(pVID, VID_draft_beaulieu_ike_xauth_02, isakmp_min(VID_LEN, length)) == 0)
2315 vendorstring = "draft-beaulieu-ike-xauth-02.txt";
2317 if (memcmp(pVID, VID_rfc3706_dpd, isakmp_min(VID_LEN, length)) == 0)
2318 vendorstring = "RFC 3706 Detecting Dead IKE Peers (DPD)";
2320 if (memcmp(pVID, VID_IKE_CHALLENGE_RESPONSE_1, isakmp_min(VID_LEN, length)) == 0)
2321 vendorstring = "IKE Challenge/Response for Authenticated Cryptographic Keys";
2323 if (memcmp(pVID, VID_IKE_CHALLENGE_RESPONSE_2, isakmp_min(VID_LEN, length)) == 0)
2324 vendorstring = "IKE Challenge/Response for Authenticated Cryptographic Keys";
2326 if (memcmp(pVID, VID_IKE_CHALLENGE_RESPONSE_REV_1, isakmp_min(VID_LEN, length)) == 0)
2327 vendorstring = "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)";
2329 if (memcmp(pVID, VID_IKE_CHALLENGE_RESPONSE_REV_2, isakmp_min(VID_LEN, length)) == 0)
2330 vendorstring = "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)";
2332 if (memcmp(pVID, VID_MS_L2TP_IPSEC_VPN_CLIENT, isakmp_min(VID_LEN, length)) == 0)
2333 vendorstring = "Microsoft L2TP/IPSec VPN Client";
2335 if (memcmp(pVID, VID_GSS_API_1, isakmp_min(VID_LEN, length)) == 0)
2336 vendorstring = "A GSS-API Authentication Method for IKE";
2338 if (memcmp(pVID, VID_GSS_API_2, isakmp_min(VID_LEN, length)) == 0)
2339 vendorstring = "A GSS-API Authentication Method for IKE";
2341 if (memcmp(pVID, VID_GSSAPI, isakmp_min(VID_LEN, length)) == 0)
2342 vendorstring = "GSSAPI";
2344 if (memcmp(pVID, VID_MS_NT5_ISAKMPOAKLEY, isakmp_min(VID_LEN, length)) == 0)
2345 vendorstring = "MS NT5 ISAKMPOAKLEY";
2347 if (memcmp(pVID, VID_CISCO_CONCENTRATOR, isakmp_min(VID_LEN, length)) == 0)
2348 vendorstring = "CISCO-CONCENTRATOR";
2350 if (memcmp(pVID, VID_CISCO_UNITY_10, isakmp_min(VID_LEN, length)) == 0)
2351 vendorstring = "CISCO-UNITY-1.0";
2353 if (memcmp(pVID, VID_CISCO_UNITY, isakmp_min(VID_LEN, length)) == 0)
2354 vendorstring = "CISCO-UNITY";
2356 if (memcmp(pVID, VID_draft_ietf_ipsec_antireplay_00, isakmp_min(VID_LEN_8, length)) == 0)
2357 vendorstring = "draft-ietf-ipsec-antireplay-00.txt";
2359 if (memcmp(pVID, VID_draft_ietf_ipsec_heartbeats_00, isakmp_min(VID_LEN_8, length)) == 0)
2360 vendorstring = "draft-ietf-ipsec-heartbeats-00.txt";
2362 vendorstring = tvb_bytes_to_str(tvb, offset, length);
2364 return vendorstring;
2368 dissect_vid(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
2369 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_, guint8 inner_payload _U_)
2371 guint32 CPproduct, CPversion;
2372 const guint8 * pVID;
2376 pVID = tvb_get_ptr(tvb, offset, length);
2377 pt = proto_tree_add_text(tree, tvb, offset, length, "Vendor ID: %s",
2378 vid_to_str(tvb, offset, length));
2380 if (memcmp(pVID, VID_CP, isakmp_min(VID_CP_LEN, length)) == 0)
2382 offset += VID_CP_LEN;
2383 CPproduct = tvb_get_ntohl(tvb, offset);
2384 ntree = proto_item_add_subtree(pt, ett_isakmp_payload);
2385 pt = proto_tree_add_text(ntree, tvb, offset, sizeof(CPproduct), "Check Point Product: ");
2386 switch (CPproduct) {
2387 case 1: proto_item_append_text(pt, "VPN-1");
2389 case 2: proto_item_append_text(pt, "SecuRemote/SecureClient");
2391 default: proto_item_append_text(pt, "Unknown CP product!");
2394 offset += sizeof(CPproduct);
2395 CPversion = tvb_get_ntohl(tvb, offset);
2396 pt = proto_tree_add_text(ntree, tvb, offset, sizeof(CPversion), "Version: ");
2397 switch (CPversion) {
2398 case 2: proto_item_append_text(pt, "4.1");
2400 case 3: proto_item_append_text(pt, "4.1 SP-1");
2402 case 4002: proto_item_append_text(pt, "4.1 (SP-2 or above)");
2404 case 5000: proto_item_append_text(pt, "NG");
2406 case 5001: proto_item_append_text(pt, "NG Feature Pack 1");
2408 case 5002: proto_item_append_text(pt, "NG Feature Pack 2");
2410 case 5003: proto_item_append_text(pt, "NG Feature Pack 3");
2412 case 5004: proto_item_append_text(pt, "NG with Application Intelligence");
2414 case 5005: proto_item_append_text(pt, "NG with Application Intelligence R55");
2416 default: proto_item_append_text(pt, " Unknown CP version!");
2419 offset += sizeof(CPversion);
2420 proto_tree_add_text(ntree, tvb, offset, length - VID_CP_LEN - sizeof(CPproduct) - sizeof(CPversion),"Check Point Vendor ID parameters");
2425 dissect_config(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
2426 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version, int unused _U_, guint8 inner_payload _U_)
2430 if (isakmp_version == 1) {
2431 type = tvb_get_guint8(tvb, offset);
2432 proto_tree_add_text(tree, tvb, offset, 1,
2434 cfgtype2str(isakmp_version, type), type);
2438 proto_tree_add_text(tree, tvb, offset, 2,
2439 "Identifier: %u", tvb_get_ntohs(tvb, offset));
2442 } else if (isakmp_version == 2) {
2443 type = tvb_get_guint8(tvb, offset);
2444 proto_tree_add_text(tree, tvb, offset, 1,
2446 cfgtype2str(isakmp_version, type), type);
2452 guint16 aft = tvb_get_ntohs(tvb, offset);
2453 guint16 type = aft & 0x7fff;
2459 val = tvb_get_ntohs(tvb, offset + 2);
2460 proto_tree_add_text(tree, tvb, offset, 4,
2462 cfgattr2str(isakmp_version, type), val);
2467 len = tvb_get_ntohs(tvb, offset + 2);
2469 if (!get_num(tvb, offset + 4, len, &val)) {
2470 proto_tree_add_text(tree, tvb, offset, pack_len,
2471 "%s: <too big (%u bytes)>",
2472 cfgattr2str(isakmp_version, type), len);
2474 proto_tree_add_text(tree, tvb, offset, 4,
2476 cfgattr2str(isakmp_version, type), val);
2485 dissect_nat_discovery(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
2486 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_, guint8 inner_payload _U_)
2488 proto_tree_add_text(tree, tvb, offset, length,
2489 "Hash of address and port: %s",
2490 tvb_bytes_to_str(tvb, offset, length));
2494 dissect_nat_original_address(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
2495 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version, int unused _U_, guint8 inner_payload _U_)
2499 struct e_in6_addr addr_ipv6;
2501 id_type = tvb_get_guint8(tvb, offset);
2502 proto_tree_add_text(tree, tvb, offset, 1,
2504 id2str(isakmp_version, id_type), id_type);
2508 offset += 3; /* reserved */
2513 case IKE_ID_IPV4_ADDR:
2515 addr_ipv4 = tvb_get_ipv4(tvb, offset);
2516 proto_tree_add_text(tree, tvb, offset, length,
2517 "Original address: %s",
2518 ip_to_str((guint8 *)&addr_ipv4));
2520 proto_tree_add_text(tree, tvb, offset, length,
2521 "Original address: bad length, should be 4, is %u",
2526 case IKE_ID_IPV6_ADDR:
2528 tvb_get_ipv6(tvb, offset, &addr_ipv6);
2529 proto_tree_add_text(tree, tvb, offset, length,
2530 "Original address: %s",
2531 ip6_to_str(&addr_ipv6));
2533 proto_tree_add_text(tree, tvb, offset, length,
2534 "Original address: bad length, should be 16, is %u",
2540 proto_tree_add_text(tree, tvb, offset, length,
2541 "Original address: bad address type");
2547 dissect_ts(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
2548 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_, guint8 inner_payload _U_)
2550 guint8 num, tstype, protocol_id, addrlen;
2553 proto_tree_add_text(tree, tvb, offset, length, "Traffic Selector");
2555 num = tvb_get_guint8(tvb, offset);
2556 proto_item_append_text(tree," # %d", num);
2557 proto_tree_add_text(tree, tvb, offset, 1,
2558 "Number of TSs: %u", num);
2562 while (length > 0) {
2563 tstype = tvb_get_guint8(tvb, offset);
2564 proto_tree_add_text(tree, tvb, offset, 1,
2566 v2_tstype2str(tstype), tstype);
2568 case IKEV2_TS_IPV4_ADDR_RANGE:
2571 case IKEV2_TS_IPV6_ADDR_RANGE:
2575 proto_item_append_text(tree, "unknown TS data (aborted decoding): 0x%s",
2576 tvb_bytes_to_str(tvb, offset, length));
2581 * XXX should the remaining of the length check be done here ?
2582 * it seems other routines don't check the length.
2584 if (length < (8 + addrlen * 2)) {
2585 proto_tree_add_text(tree, tvb, offset, length,
2586 "Length mismatch (%u)", length);
2592 protocol_id = tvb_get_guint8(tvb, offset);
2593 proto_tree_add_text(tree, tvb, offset, 1,
2594 "Protocol ID: (%u)", protocol_id);
2598 len = tvb_get_ntohs(tvb, offset);
2599 proto_tree_add_text(tree, tvb, offset, 2,
2600 "Selector Length: %u", len);
2604 port = tvb_get_ntohs(tvb, offset);
2605 proto_tree_add_text(tree, tvb, offset, 2,
2606 "Start Port: (%u)", port);
2610 port = tvb_get_ntohs(tvb, offset);
2611 proto_tree_add_text(tree, tvb, offset, 2,
2612 "End Port: (%u)", port);
2617 case IKEV2_TS_IPV4_ADDR_RANGE:
2618 proto_tree_add_text(tree, tvb, offset, length,
2619 "Starting Address: %s",
2620 ip_to_str(tvb_get_ptr(tvb, offset, addrlen)));
2623 proto_tree_add_text(tree, tvb, offset, length,
2624 "Ending Address: %s",
2625 ip_to_str(tvb_get_ptr(tvb, offset, addrlen)));
2629 case IKEV2_TS_IPV6_ADDR_RANGE:
2630 proto_tree_add_text(tree, tvb, offset, length,
2631 "Starting Address: %s",
2632 ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, addrlen)));
2635 proto_tree_add_text(tree, tvb, offset, length,
2636 "Ending Address: %s",
2637 ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, addrlen)));
2646 dissect_enc(tvbuff_t *tvb,
2651 #ifdef HAVE_LIBGCRYPT
2654 packet_info *pinfo _U_,
2656 int isakmp_version _U_,
2658 #ifdef HAVE_LIBGCRYPT
2659 guint8 inner_payload)
2661 guint8 inner_payload _U_)
2664 #ifdef HAVE_LIBGCRYPT
2665 ikev2_decrypt_data_t *key_info = NULL;
2666 gint iv_len, encr_data_len, icd_len, encr_key_len, decr_data_len, md_len;
2668 guchar *iv = NULL, *encr_data = NULL, *decr_data = NULL, *entire_message = NULL, *md = NULL;
2669 gcry_cipher_hd_t cipher_hd;
2671 gcry_error_t err = 0;
2672 proto_item *item = NULL, *icd_item = NULL, *encr_data_item = NULL, *padlen_item = NULL;
2673 tvbuff_t *decr_tvb = NULL;
2675 proto_tree *decr_tree = NULL, *decr_payloads_tree = NULL;
2678 if (pinfo->private_data) {
2679 key_info = (ikev2_decrypt_data_t*)(pinfo->private_data);
2680 encr_key_len = key_info->encr_spec->key_len;
2681 iv_len = key_info->encr_spec->iv_len;
2682 icd_len = key_info->auth_spec->trunc_len;
2683 encr_data_len = length - iv_len - icd_len;
2686 * Zero or negative length of encrypted data shows that the user specified
2687 * wrong encryption algorithm and/or authentication algorithm.
2689 if (encr_data_len <= 0) {
2690 item = proto_tree_add_text(tree, tvb, offset, length, "Not enough data for IV, Encrypted data and ICD.");
2691 expert_add_info_format(pinfo, item, PI_MALFORMED, PI_WARN, "Not enough data in IKEv2 Encrypted payload");
2692 PROTO_ITEM_SET_GENERATED(item);
2697 * Add the IV to the tree and store it in a packet scope buffer for later decryption
2698 * if the specified encryption algorithm uses IV.
2701 proto_tree_add_text(tree, tvb, offset, iv_len, "Initialization Vector (%d bytes): 0x%s",
2702 iv_len, tvb_bytes_to_str(tvb, offset, iv_len));
2703 iv = ep_tvb_memdup(tvb, offset, iv_len);
2709 * Add the encrypted portion to the tree and store it in a packet scope buffer for later decryption.
2711 encr_data_item = proto_tree_add_text(tree, tvb, offset, encr_data_len, "Encrypted Data (%d bytes)", encr_data_len);
2712 encr_data = ep_tvb_memdup(tvb, offset, encr_data_len);
2713 offset += encr_data_len;
2716 * Add the ICD (Integrity Checksum Data) to the tree before decryption to ensure
2717 * the ICD be displayed even if the decryption fails.
2720 icd_item = proto_tree_add_text(tree, tvb, offset, icd_len, "Integrity Checksum Data (%d bytes) ", icd_len);
2723 * Recalculate ICD value if the specified authentication algorithm allows it.
2725 if (key_info->auth_spec->gcry_alg) {
2726 err = gcry_md_open(&md_hd, key_info->auth_spec->gcry_alg, key_info->auth_spec->gcry_flag);
2728 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 hashing error: algorithm %d: gcry_md_open failed: %s",
2729 key_info->auth_spec->gcry_alg, gcry_strerror(err)));
2731 err = gcry_md_setkey(md_hd, key_info->auth_key, key_info->auth_spec->key_len);
2733 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 hashing error: algorithm %s, key length %u: gcry_md_setkey failed: %s",
2734 gcry_md_algo_name(key_info->auth_spec->gcry_alg), key_info->auth_spec->key_len, gcry_strerror(err)));
2737 /* Calculate hash over the bytes from the beginning of the ISAKMP header to the right before the ICD. */
2738 entire_message = ep_tvb_memdup(tvb, 0, offset);
2739 gcry_md_write(md_hd, entire_message, offset);
2740 md = gcry_md_read(md_hd, 0);
2741 md_len = gcry_md_get_algo_dlen(key_info->auth_spec->gcry_alg);
2742 if (md_len < icd_len) {
2743 gcry_md_close(md_hd);
2744 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 hashing error: algorithm %s: gcry_md_get_algo_dlen returned %d which is smaller than icd length %d",
2745 gcry_md_algo_name(key_info->auth_spec->gcry_alg), md_len, icd_len));
2747 if (tvb_memeql(tvb, offset, md, icd_len) == 0) {
2748 proto_item_append_text(icd_item, "[correct]");
2750 proto_item_append_text(icd_item, "[incorrect, should be %s]", bytes_to_str(md, icd_len));
2751 expert_add_info_format(pinfo, icd_item, PI_CHECKSUM, PI_WARN, "IKEv2 Integrity Checksum Data is incorrect");
2753 gcry_md_close(md_hd);
2755 proto_item_append_text(icd_item, "[not validated]");
2761 * Confirm encrypted data length is multiple of block size.
2763 if (encr_data_len % key_info->encr_spec->block_len != 0) {
2764 proto_item_append_text(encr_data_item, "[Invalid length, should be a multiple of block size (%u)]",
2765 key_info->encr_spec->block_len);
2766 expert_add_info_format(pinfo, encr_data_item, PI_MALFORMED, PI_WARN, "Encrypted data length isn't a multiple of block size");
2771 * Allocate buffer for decrypted data.
2773 decr_data = (guchar*)g_malloc(encr_data_len);
2774 decr_data_len = encr_data_len;
2777 * If the cipher is NULL, just copy the encrypted data to the decrypted data buffer.
2778 * And otherwise perform decryption with libgcrypt.
2780 if (key_info->encr_spec->number == IKEV2_ENCR_NULL) {
2781 memcpy(decr_data, encr_data, decr_data_len);
2783 err = gcry_cipher_open(&cipher_hd, key_info->encr_spec->gcry_alg, key_info->encr_spec->gcry_mode, 0);
2786 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 decryption error: algorithm %d, mode %d: gcry_cipher_open failed: %s",
2787 key_info->encr_spec->gcry_alg, key_info->encr_spec->gcry_mode, gcry_strerror(err)));
2789 err = gcry_cipher_setkey(cipher_hd, key_info->encr_key, key_info->encr_spec->key_len);
2792 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 decryption error: algorithm %d, key length %d: gcry_cipher_setkey failed: %s",
2793 key_info->encr_spec->gcry_alg, key_info->encr_spec->key_len, gcry_strerror(err)));
2795 err = gcry_cipher_setiv(cipher_hd, iv, iv_len);
2798 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 decryption error: algorithm %d, iv length %d: gcry_cipher_setiv failed: %s",
2799 key_info->encr_spec->gcry_alg, iv_len, gcry_strerror(err)));
2801 err = gcry_cipher_decrypt(cipher_hd, decr_data, decr_data_len, encr_data, encr_data_len);
2804 REPORT_DISSECTOR_BUG(ep_strdup_printf("IKEv2 decryption error: algorithm %d: gcry_cipher_decrypt failed: %s",
2805 key_info->encr_spec->gcry_alg, gcry_strerror(err)));
2807 gcry_cipher_close(cipher_hd);
2811 decr_tvb = tvb_new_real_data(decr_data, decr_data_len, decr_data_len);
2812 tvb_set_free_cb(decr_tvb, g_free);
2813 tvb_set_child_real_data_tvbuff(tvb, decr_tvb);
2814 add_new_data_source(pinfo, decr_tvb, "Decrypted Data");
2815 item = proto_tree_add_text(tree, decr_tvb, 0, decr_data_len, "Decrypted Data (%d bytes)", decr_data_len);
2816 /* Move the ICD item to the bottom of the tree. */
2818 proto_tree_move_item(tree, item, icd_item);
2820 decr_tree = proto_item_add_subtree(item, ett_isakmp_decrypted_data);
2822 pad_len = tvb_get_guint8(decr_tvb, decr_data_len - 1);
2823 payloads_len = decr_data_len - 1 - pad_len;
2825 if (payloads_len > 0) {
2826 item = proto_tree_add_text(decr_tree, decr_tvb, 0, payloads_len, "Contained Payloads (total %d bytes)", payloads_len);
2827 decr_payloads_tree = proto_item_add_subtree(item, ett_isakmp_decrypted_payloads);
2830 padlen_item = proto_tree_add_text(decr_tree, decr_tvb, payloads_len + pad_len, 1, "Pad Length: %d", pad_len);
2832 if (payloads_len < 0) {
2833 proto_item_append_text(padlen_item, " [too long]");
2834 expert_add_info_format(pinfo, padlen_item, PI_MALFORMED, PI_WARN, "Pad length is too big");
2836 item = proto_tree_add_text(decr_tree, decr_tvb, payloads_len, pad_len, "Padding (%d bytes)", pad_len);
2837 proto_tree_move_item(decr_tree, item, padlen_item);
2842 * We dissect the inner payloads at last in order to ensure displaying Padding, Pad Length and ICD
2843 * even if the dissection fails. This may occur when the user specify wrong encryption key.
2845 if (decr_payloads_tree) {
2846 dissect_payloads(decr_tvb, decr_payloads_tree, decr_tree, isakmp_version, inner_payload, 0, payloads_len, pinfo);
2849 #endif /* HAVE_LIBGCRYPT */
2850 proto_tree_add_text(tree, tvb, offset, 4, "Initialization Vector: 0x%s",
2851 tvb_bytes_to_str(tvb, offset, 4));
2852 proto_tree_add_text(tree, tvb, offset + 4, length, "Encrypted Data");
2853 #ifdef HAVE_LIBGCRYPT
2855 #endif /* HAVE_LIBGCRYPT */
2859 dissect_eap(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
2860 proto_tree *p _U_, packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_, guint8 inner_payload _U_)
2862 tvbuff_t *eap_tvb = NULL;
2864 eap_tvb = tvb_new_subset(tvb, offset,length, length );
2865 if ((eap_tvb != NULL)&& eap_handle != NULL){
2866 call_dissector(eap_handle, eap_tvb, pinfo, tree);
2868 proto_tree_add_text(tree, tvb, offset, length, "EAP Message");
2873 payloadtype2str(int isakmp_version, guint8 type)
2875 struct payload_func *f;
2877 if ((f = getpayload_func(type, isakmp_version)) != NULL)
2880 if (isakmp_version == 1) {
2883 return "Private USE";
2884 } else if (isakmp_version == 2) {
2886 return "PRIVATE USE";
2888 return "RESERVED TO IANA";
2891 return "UNKNOWN-ISAKMP-VERSION";
2895 exchtype2str(int isakmp_version, guint8 type)
2897 static const value_string vs_v1_exchange[] = {
2900 { 2, "Identity Protection (Main Mode)" },
2901 { 3, "Authentication Only" },
2902 { 4, "Aggressive" },
2903 { 5, "Informational" },
2904 { 6, "Transaction (Config Mode)" },
2905 { 32, "Quick Mode" },
2906 { 33, "New Group Mode" },
2910 static const value_string vs_v2_exchange[] = {
2911 { 34, "IKE_SA_INIT" },
2912 { 35, "IKE_AUTH " },
2913 { 36, "CREATE_CHILD_SA" },
2914 { 37, "INFORMATIONAL" },
2918 if (isakmp_version == 1) {
2919 if (type > 6 && type < 32)
2920 return "ISAKMP Future Use";
2921 if (type > 33 && type < 240)
2922 return "DOI Specific Use";
2923 return val_to_str(type, vs_v1_exchange, "Private Use");
2924 } else if (isakmp_version == 2) {
2927 if (type > 37 && type < 240)
2928 return "Reserved for IKEv2+";
2929 return val_to_str(type, vs_v2_exchange, "Reserved for private use");
2931 return "UNKNOWN-ISAKMP-VERSION";
2935 doitype2str(guint32 type)
2937 if (type == 1) return "IPSEC";
2938 return "Unknown DOI Type";
2942 msgtype2str(int isakmp_version, guint16 type)
2944 static const value_string vs_v1_notifmsg[] = {
2946 { 1, "INVALID-PAYLOAD-TYPE" },
2947 { 2, "DOI-NOT-SUPPORTED" },
2948 { 3, "SITUATION-NOT-SUPPORTED" },
2949 { 4, "INVALID-COOKIE" },
2950 { 5, "INVALID-MAJOR-VERSION" },
2951 { 6, "INVALID-MINOR-VERSION" },
2952 { 7, "INVALID-EXCHANGE-TYPE" },
2953 { 8, "INVALID-FLAGS" },
2954 { 9, "INVALID-MESSAGE-ID" },
2955 { 10, "INVALID-PROTOCOL-ID" },
2956 { 11, "INVALID-SPI" },
2957 { 12, "INVALID-TRANSFORM-ID" },
2958 { 13, "ATTRIBUTES-NOT-SUPPORTED" },
2959 { 14, "NO-PROPOSAL-CHOSEN" },
2960 { 15, "BAD-PROPOSAL-SYNTAX" },
2961 { 16, "PAYLOAD-MALFORMED" },
2962 { 17, "INVALID-KEY-INFORMATION" },
2963 { 18, "INVALID-ID-INFORMATION" },
2964 { 19, "INVALID-CERT-ENCODING" },
2965 { 20, "INVALID-CERTIFICATE" },
2966 { 21, "CERT-TYPE-UNSUPPORTED" },
2967 { 22, "INVALID-CERT-AUTHORITY" },
2968 { 23, "INVALID-HASH-INFORMATION" },
2969 { 24, "AUTHENTICATION-FAILED" },
2970 { 25, "INVALID-SIGNATURE" },
2971 { 26, "ADDRESS-NOTIFICATION" },
2972 { 27, "NOTIFY-SA-LIFETIME" },
2973 { 28, "CERTIFICATE-UNAVAILABLE" },
2974 { 29, "UNSUPPORTED-EXCHANGE-TYPE" },
2975 { 30, "UNEQUAL-PAYLOAD-LENGTHS" },
2976 { 8192, "RESERVED" },
2977 { 16384, "CONNECTED" },
2978 { 24576, "RESPONDER-LIFETIME" },
2979 { 24577, "REPLAY-STATUS" },
2980 { 24578, "INITIAL-CONTACT" },
2984 static const value_string vs_v2_notifmsg[] = {
2986 { 4, "INVALID_IKE_SPI" },
2987 { 5, "INVALID_MAJOR_VERSION" },
2988 { 7, "INVALID_SYNTAX" },
2989 { 9, "INVALID_MESSAGE_ID" },
2990 { 11, "INVALID_SPI" },
2991 { 14, "NO_PROPOSAL_CHOSEN" },
2992 { 17, "INVALID_KE_PAYLOAD" },
2993 { 24, "AUTHENTICATION_FAILED" },
2994 { 34, "SINGLE_PAIR_REQUIRED" },
2995 { 35, "NO_ADDITIONAL_SAS" },
2996 { 36, "INTERNAL_ADDRESS_FAILURE" },
2997 { 37, "FAILED_CP_REQUIRED" },
2998 { 38, "TS_UNACCEPTABLE" },
2999 { 39, "INVALID_SELECTORS" },
3000 { 40, "UNACCEPTABLE_ADDRESSES" },
3001 { 41, "UNEXPECTED_NAT_DETECTED" },
3002 { 16384, "INITIAL_CONTACT" },
3003 { 16385, "SET_WINDOW_SIZE" },
3004 { 16386, "ADDITIONAL_TS_POSSIBLE" },
3005 { 16387, "IPCOMP_SUPPORTED" },
3006 { 16388, "NAT_DETECTION_SOURCE_IP" },
3007 { 16389, "NAT_DETECTION_DESTINATION_IP" },
3008 { 16390, "COOKIE" },
3009 { 16391, "USE_TRANSPORT_MODE" },
3010 { 16392, "HTTP_CERT_LOOKUP_SUPPORTED" },
3011 { 16393, "REKEY_SA" },
3012 { 16394, "ESP_TFC_PADDING_NOT_SUPPORTED" },
3013 { 16395, "NON_FIRST_FRAGMENTS_ALSO" },
3014 { 16396, "MOBIKE_SUPPORTED" },
3015 { 16397, "ADDITIONAL_IP4_ADDRESS" },
3016 { 16398, "ADDITIONAL_IP6_ADDRESS" },
3017 { 16399, "NO_ADDITIONAL_ADDRESSES" },
3018 { 16400, "UPDATE_SA_ADDRESSES" },
3019 { 16401, "COOKIE2" },
3020 { 16402, "NO_NATS_ALLOWED" },
3024 if (isakmp_version == 1) {
3025 if (type > 30 && type < 8192)
3026 return "RESERVED (Future Use)";
3027 if (type > 8192 && type < 16384)
3028 return "Private Use";
3029 if (type > 16384 && type < 24576)
3030 return "RESERVED (Future Use) - status";
3031 if (type > 24578 && type < 32768)
3032 return "DOI-specific codes";
3033 if (type > 32767 && type < 40960)
3034 return "Private Use - status";
3035 if (type > 40959 && type < 65535)
3036 return "RESERVED (Future Use) - status (2)";
3037 return val_to_str(type, vs_v1_notifmsg, "UNKNOWN-NOTIFY-MESSAGE-TYPE");
3038 } else if (isakmp_version == 2) {
3039 if (type >= 42 && type <= 8191)
3040 return "RESERVED TO IANA - Error types";
3041 if (type >= 16403 && type <= 40959)
3042 return "RESERVED TO IANA - STATUS TYPES";
3043 if (type >= 8192 && type <= 16383)
3044 return "Private Use - Errors";
3046 return "Private Use - STATUS TYPES";
3047 return val_to_str(type, vs_v2_notifmsg, "UNKNOWN-NOTIFY-MESSAGE-TYPE");
3049 return "UNKNOWN-ISAKMP-VERSION";
3053 situation2str(guint32 type)
3056 #define SIT_MSG_NUM 1024
3057 #define SIT_IDENTITY 0x01
3058 #define SIT_SECRECY 0x02
3059 #define SIT_INTEGRITY 0x04
3061 static char msg[SIT_MSG_NUM];
3063 const char * sep = "";
3066 if (type & SIT_IDENTITY) {
3067 ret = g_snprintf(msg, SIT_MSG_NUM-n, "%sIDENTITY", sep);
3068 if (ret >= SIT_MSG_NUM-n) {
3075 if (type & SIT_SECRECY) {
3076 if (n >= SIT_MSG_NUM) {
3080 ret = g_snprintf(msg, SIT_MSG_NUM-n, "%sSECRECY", sep);
3081 if (ret >= SIT_MSG_NUM-n) {
3088 if (type & SIT_INTEGRITY) {
3089 if (n >= SIT_MSG_NUM) {
3093 ret = g_snprintf(msg, SIT_MSG_NUM-n, "%sINTEGRITY", sep);
3094 if (ret >= SIT_MSG_NUM-n) {
3106 v2_attrval2str(guint16 att_type, guint32 value)
3108 value = 0; /* dummy to be less warning in compiling it */
3111 return "Key-Length";
3113 return "UNKNOWN-ATTRIBUTE-TYPE";
3118 v1_attrval2str(int ike_p1, guint16 att_type, guint32 value)
3120 static const value_string vs_v1_attrval_lttype[] = {
3127 static const value_string vs_v1_attrval_encap[] = {
3131 { 3, "UDP-Encapsulated-Tunnel" }, /* http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-05.txt */
3132 { 4, "UDP-Encapsulated-Transport" }, /* http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-05.txt */
3133 { 61440, "Check Point IPSec UDP Encapsulation" },
3134 { 61443, "UDP-Encapsulated-Tunnel (draft)" },
3135 { 61444, "UDP-Encapsulated-Transport (draft)" },
3139 static const value_string vs_v1_attrval_auth[] = {
3145 { 5, "HMAC-SHA2-256" },
3146 { 6, "HMAC-SHA2-384" },
3147 { 7, "HMAC-SHA2-512" },
3151 static const value_string vs_v1_attrval_enc[] = {
3153 { ENC_DES_CBC, "DES-CBC" },
3154 { ENC_IDEA_CBC, "IDEA-CBC" },
3155 { ENC_BLOWFISH_CBC, "BLOWFISH-CBC" },
3156 { ENC_RC5_R16_B64_CBC, "RC5-R16-B64-CBC" },
3157 { ENC_3DES_CBC, "3DES-CBC" },
3158 { ENC_CAST_CBC, "CAST-CBC" },
3159 { ENC_AES_CBC, "AES-CBC" },
3163 static const value_string vs_v1_attrval_hash[] = {
3165 { HMAC_MD5, "MD5" },
3166 { HMAC_SHA, "SHA" },
3167 { HMAC_TIGER, "TIGER" },
3168 { HMAC_SHA2_256, "SHA2-256" },
3169 { HMAC_SHA2_384, "SHA2-384" },
3170 { HMAC_SHA2_512, "SHA2-512" },
3174 static const value_string vs_v1_attrval_authmeth[] = {
3180 { 5, "RSA-Revised-ENC" },
3181 { 6, "Encryption with El-Gamal" },
3182 { 7, "Revised encryption with El-Gamal" },
3183 { 8, "ECDSA signatures" },
3184 { 9, "AES-XCBC-MAC" },
3185 { 64221, "HybridInitRSA" },
3186 { 64222, "HybridRespRSA" },
3187 { 64223, "HybridInitDSS" },
3188 { 64224, "HybridRespDSS" },
3189 { 65001, "XAUTHInitPreShared" },
3190 { 65002, "XAUTHRespPreShared" },
3191 { 65003, "XAUTHInitDSS" },
3192 { 65004, "XAUTHRespDSS" },
3193 { 65005, "XAUTHInitRSA" },
3194 { 65006, "XAUTHRespRSA" },
3195 { 65007, "XAUTHInitRSAEncryption" },
3196 { 65008, "XAUTHRespRSAEncryption" },
3197 { 65009, "XAUTHInitRSARevisedEncryption" },
3198 { 65010, "XAUTHRespRSARevisedEncryption" },
3202 static const value_string vs_v1_attrval_grpdesc[] = {
3203 { 0, "UNDEFINED - 0" },
3204 { 1, "Default 768-bit MODP group" },
3205 { 2, "Alternate 1024-bit MODP group" },
3206 { 3, "EC2N group on GP[2^155] group" },
3207 { 4, "EC2N group on GP[2^185] group" },
3208 { 5, "1536 bit MODP group" },
3209 { 6, "EC2N group over GF[2^163]" },
3210 { 7, "EC2N group over GF[2^163]" },
3211 { 8, "EC2N group over GF[2^283]" },
3212 { 9, "EC2N group over GF[2^283]" },
3213 { 10, "EC2N group over GF[2^409]" },
3214 { 11, "EC2N group over GF[2^409]" },
3215 { 12, "EC2N group over GF[2^571]" },
3216 { 13, "EC2N group over GF[2^571]" },
3217 { 14, "2048 bit MODP group" },
3218 { 15, "3072 bit MODP group" },
3219 { 16, "4096 bit MODP group" },
3220 { 17, "6144 bit MODP group" },
3221 { 18, "8192 bit MODP group" },
3222 { 19, "256-bit random curve group" },
3223 { 20, "384-bit random curve group" },
3224 { 21, "521-bit random curve group" },
3225 { 22, "192-bit random curve group" },
3226 { 23, "EC2N group over GF[2^163]" },
3227 { 24, "224-bit random curve group" },
3228 { 25, "EC2N group over GF[2^233]" },
3229 { 26, "EC2N group over GF[2^233]" },
3233 static const value_string vs_v1_attrval_grptype[] = {
3234 { 0, "UNDEFINED - 0" },
3241 static const value_string vs_v1_attrval_lifetype[] = {
3242 { 0, "UNDEFINED - 0" },
3248 if (value == 0) return "RESERVED";
3253 return val_to_str(value, vs_v1_attrval_lttype, "UNKNOWN-LIFETIME-TYPE");
3255 return "Duration-Value";
3257 return "Group-Value";
3259 return val_to_str(value, vs_v1_attrval_encap, "UNKNOWN-ENCAPSULATION-VALUE");
3261 return val_to_str(value, vs_v1_attrval_auth, "UNKNOWN-AUTHENTICATION-VALUE");
3263 return "Key-Length";
3265 return "Key-Rounds";
3267 return "Compress-Dictionary-size";
3269 return "Compress Private Algorithm";
3271 return "UNKNOWN-ATTRIBUTE-TYPE";
3277 return val_to_str(value, vs_v1_attrval_enc, "UNKNOWN-ENCRYPTION-ALG");
3279 return val_to_str(value, vs_v1_attrval_hash, "UNKNOWN-HASH-ALG");
3281 return val_to_str(value, vs_v1_attrval_authmeth, "UNKNOWN-AUTH-METHOD");
3283 return val_to_str(value, vs_v1_attrval_grpdesc, "UNKNOWN-GROUP-DESCRIPTION");
3290 return "Group-Value";
3292 return val_to_str(value, vs_v1_attrval_grptype, "UNKNOWN-GROUP-TYPE");
3294 return val_to_str(value, vs_v1_attrval_lifetype, "UNKNOWN-LIFE-TYPE");
3296 return "Duration-Value";
3300 return "Key-Length";
3302 return "Field-Size";
3304 return "UNKNOWN-ATTRIBUTE-TYPE";
3310 cfgtype2str(int isakmp_version, guint8 type)
3312 static const value_string vs_v1_cfgtype[] = {
3314 { 1, "ISAKMP_CFG_REQUEST" },
3315 { 2, "ISAKMP_CFG_REPLY" },
3316 { 3, "ISAKMP_CFG_SET" },
3317 { 4, "ISAKMP_CFG_ACK" },
3322 static const value_string vs_v2_cfgtype[] = {
3324 { 1, "CFG_REQUEST" },
3332 if (isakmp_version == 1) {
3333 if (type >= 5 && type <= 127)
3334 return "Future use";
3336 return "Private Use";
3337 return val_to_str(type, vs_v1_cfgtype, "UNKNOWN-CFG-TYPE");
3338 } else if (isakmp_version == 2) {
3339 if (type >= 5 && type <= 127)
3340 return "RESERVED TO IANA";
3342 return "PRIVATE USE";
3343 return val_to_str(type, vs_v1_cfgtype, "UNKNOWN-CFG-TYPE");
3345 return "UNKNOWN-ISAKMP-VERSION";
3349 id2str(int isakmp_version, guint8 type)
3351 static const value_string vs_ident[] = {
3352 { IKE_ID_IPV4_ADDR, "IPV4_ADDR" },
3353 { IKE_ID_FQDN, "FQDN" },
3354 { IKE_ID_USER_FQDN, "USER_FQDN" },
3355 { IKE_ID_IPV4_ADDR_SUBNET, "IPV4_ADDR_SUBNET" },
3356 { IKE_ID_IPV6_ADDR, "IPV6_ADDR" },
3357 { IKE_ID_IPV6_ADDR_SUBNET, "IPV6_ADDR_SUBNET" },
3358 { IKE_ID_IPV4_ADDR_RANGE, "IPV4_ADDR_RANGE" },
3359 { IKE_ID_IPV6_ADDR_RANGE, "IPV6_ADDR_RANGE" },
3360 { IKE_ID_DER_ASN1_DN, "DER_ASN1_DN" },
3361 { IKE_ID_DER_ASN1_GN, "DER_ASN1_GN" },
3362 { IKE_ID_KEY_ID, "KEY_ID" },
3366 if (isakmp_version == 1) {
3369 return val_to_str(type, vs_ident, "UNKNOWN-ID-TYPE");
3370 } else if (isakmp_version == 2) {
3371 if (type == 4 || (type >= 6 && type <=8) || (type >= 12 && type <= 200))
3372 return "Reserved to IANA";
3374 return "Reserved for private use";
3375 if (type == IKE_ID_USER_FQDN)
3376 return "RFC822_ADDR";
3377 return val_to_str(type, vs_ident, "UNKNOWN-ID-TYPE");
3379 return "UNKNOWN-ISAKMP-VERSION";
3383 v2_tstype2str(guint8 type)
3385 static const value_string vs_v2_tstype[] = {
3386 { IKEV2_TS_IPV4_ADDR_RANGE, "TS_IPV4_ADDR_RANGE" },
3387 { IKEV2_TS_IPV6_ADDR_RANGE, "TS_IPV6_ADDR_RANGE" },
3393 if (type >= 9 && type <= 240)
3394 return "RESERVED TO IANA";
3396 return "PRIVATE USE";
3397 return val_to_str(type, vs_v2_tstype, "UNKNOWN-TS-TYPE");
3401 v2_auth2str(guint8 type)
3403 static const value_string vs_v2_authmeth[] = {
3404 { 0, "RESERVED TO IANA" },
3405 { 1, "RSA Digital Signature" },
3406 { 2, "Shared Key Message Integrity Code" },
3407 { 3, "DSS Digital Signature" },
3411 if (type >= 4 && type <= 200)
3412 return "RESERVED TO IANA";
3414 return "PRIVATE USE";
3415 return val_to_str(type, vs_v2_authmeth, "UNKNOWN-AUTHMETHOD-TYPE");
3419 cfgattr2str(int isakmp_version, guint16 ident)
3421 static const value_string vs_v1_cfgattr[] = {
3423 { 1, "INTERNAL_IP4_ADDRESS" },
3424 { 2, "INTERNAL_IP4_NETMASK" },
3425 { 3, "INTERNAL_IP4_DNS" },
3426 { 4, "INTERNAL_IP4_NBNS" },
3427 { 5, "INTERNAL_ADDRESS_EXPIREY" },
3428 { 6, "INTERNAL_IP4_DHCP" },
3429 { 7, "APPLICATION_VERSION" },
3430 { 8, "INTERNAL_IP6_ADDRESS" },
3431 { 9, "INTERNAL_IP6_NETMASK" },
3432 { 10, "INTERNAL_IP6_DNS" },
3433 { 11, "INTERNAL_IP6_NBNS" },
3434 { 12, "INTERNAL_IP6_DHCP" },
3435 { 13, "INTERNAL_IP4_SUBNET" },
3436 { 14, "SUPPORTED_ATTRIBUTES" },
3437 { 16520, "XAUTH_TYPE" },
3438 { 16521, "XAUTH_USER_NAME" },
3439 { 16522, "XAUTH_USER_PASSWORD" },
3440 { 16523, "XAUTH_PASSCODE" },
3441 { 16524, "XAUTH_MESSAGE" },
3442 { 16525, "XAUTH_CHALLANGE" },
3443 { 16526, "XAUTH_DOMAIN" },
3444 { 16527, "XAUTH_STATUS" },
3445 { 16528, "XAUTH_NEXT_PIN" },
3446 { 16529, "XAUTH_ANSWER" },
3450 static const value_string vs_v2_cfgattr[] = {
3452 { 1, "INTERNAL_IP4_ADDRESS" },
3453 { 2, "INTERNAL_IP4_NETMASK" },
3454 { 3, "INTERNAL_IP4_DNS" },
3455 { 4, "INTERNAL_IP4_NBNS" },
3456 { 5, "INTERNAL_ADDRESS_EXPIREY" },
3457 { 6, "INTERNAL_IP4_DHCP" },
3458 { 7, "APPLICATION_VERSION" },
3459 { 8, "INTERNAL_IP6_ADDRESS" },
3461 { 10, "INTERNAL_IP6_DNS" },
3462 { 11, "INTERNAL_IP6_NBNS" },
3463 { 12, "INTERNAL_IP6_DHCP" },
3464 { 13, "INTERNAL_IP4_SUBNET" },
3465 { 14, "SUPPORTED_ATTRIBUTES" },
3466 { 15, "INTERNAL_IP6_SUBNET" },
3470 if (isakmp_version == 1) {
3471 if (ident >= 15 && ident <= 16383)
3472 return "Future use";
3473 if (ident >= 16384 && ident <= 16519)
3474 return "PRIVATE USE";
3475 if (ident >= 16530 && ident <= 32767)
3476 return "PRIVATE USE";
3477 return val_to_str(ident, vs_v1_cfgattr, "UNKNOWN-CFG-ATTRIBUTE");
3478 } else if (isakmp_version == 2) {
3479 if (ident >= 16 && ident <= 16383)
3480 return "RESERVED TO IANA";
3481 if (ident >= 16384 && ident <= 32767)
3482 return "PRIVATE USE";
3483 return val_to_str(ident, vs_v2_cfgattr, "UNKNOWN-CFG-ATTRIBUTE");
3485 return "UNKNOWN-ISAKMP-VERSION";
3489 certtype2str(int isakmp_version, guint8 type)
3491 static const value_string vs_v1_certtype[] = {
3493 { 1, "PKCS #7 wrapped X.509 certificate" },
3494 { 2, "PGP Certificate" },
3495 { 3, "DNS Signed Key" },
3496 { 4, "X.509 Certificate - Signature" },
3497 { 5, "X.509 Certificate - Key Exchange" },
3498 { 6, "Kerberos Tokens" },
3499 { 7, "Certificate Revocation List (CRL)" },
3500 { 8, "Authority Revocation List (ARL)" },
3501 { 9, "SPKI Certificate" },
3502 { 10, "X.509 Certificate - Attribute" },
3506 static const value_string vs_v2_certtype[] = {
3508 { 1, "PKCS #7 wrapped X.509 certificate" },
3509 { 2, "PGP Certificate" },
3510 { 3, "DNS Signed Key" },
3511 { 4, "X.509 Certificate - Signature" },
3512 { 5, "*undefined by any document*" },
3513 { 6, "Kerberos Tokens" },
3514 { 7, "Certificate Revocation List (CRL)" },
3515 { 8, "Authority Revocation List (ARL)" },
3516 { 9, "SPKI Certificate" },
3517 { 10, "X.509 Certificate - Attribute" },
3518 { 11, "Raw RSA Key" },
3519 { 12, "Hash and URL of X.509 certificate" },
3520 { 13, "Hash and URL of X.509 bundle" },
3524 if (isakmp_version == 1)
3525 return val_to_str(type, vs_v1_certtype, "RESERVED");
3526 else if (isakmp_version == 2) {
3527 if (type >= 14 && type <= 200)
3528 return "RESERVED to IANA";
3530 return "PRIVATE USE";
3531 return val_to_str(type, vs_v2_certtype, "RESERVED");
3533 return "UNKNOWN-ISAKMP-VERSION";
3537 get_num(tvbuff_t *tvb, int offset, guint16 len, guint32 *num_p)
3541 *num_p = tvb_get_guint8(tvb, offset);
3544 *num_p = tvb_get_ntohs(tvb, offset);
3547 *num_p = tvb_get_ntoh24(tvb, offset);
3550 *num_p = tvb_get_ntohl(tvb, offset);
3560 * Protocol initialization
3563 #ifdef HAVE_LIBGCRYPT
3565 isakmp_hash_func(gconstpointer c) {
3566 guint8 *i_cookie = (guint8 *) c;
3567 guint val = 0, keychunk, i;
3569 /* XOR our icookie down to the size of a guint */
3570 for (i = 0; i < COOKIE_SIZE - (COOKIE_SIZE % sizeof(keychunk)); i += sizeof(keychunk)) {
3571 memcpy(&keychunk, &i_cookie[i], sizeof(keychunk));
3579 isakmp_equal_func(gconstpointer ic1, gconstpointer ic2) {
3581 if (memcmp(ic1, ic2, COOKIE_SIZE) == 0)
3587 static guint ikev2_key_hash_func(gconstpointer k) {
3588 const ikev2_uat_data_key_t *key = (const ikev2_uat_data_key_t*)k;
3589 guint hash = 0, keychunk, i;
3591 /* XOR our icookie down to the size of a guint */
3592 for (i = 0; i < key->spii_len - (key->spii_len % sizeof(keychunk)); i += sizeof(keychunk)) {
3593 memcpy(&keychunk, &key->spii[i], sizeof(keychunk));
3596 for (i = 0; i < key->spir_len - (key->spir_len % sizeof(keychunk)); i += sizeof(keychunk)) {
3597 memcpy(&keychunk, &key->spir[i], sizeof(keychunk));
3604 static gint ikev2_key_equal_func(gconstpointer k1, gconstpointer k2) {
3605 const ikev2_uat_data_key_t *key1 = k1, *key2 = k2;
3606 if (key1->spii_len != key2->spii_len) return 0;
3607 if (key1->spir_len != key2->spir_len) return 0;
3608 if (memcmp(key1->spii, key2->spii, key1->spii_len) != 0) return 0;
3609 if (memcmp(key1->spir, key2->spir, key1->spir_len) != 0) return 0;
3613 #endif /* HAVE_LIBGCRYPT */
3616 isakmp_init_protocol(void) {
3617 #ifdef HAVE_LIBGCRYPT
3619 #endif /* HAVE_LIBGCRYPT */
3620 fragment_table_init(&isakmp_fragment_table);
3621 reassembled_table_init(&isakmp_reassembled_table);
3623 #ifdef HAVE_LIBGCRYPT
3625 g_hash_table_destroy(isakmp_hash);
3627 if (isakmp_key_data)
3628 g_mem_chunk_destroy(isakmp_key_data);
3629 if (isakmp_decrypt_data)
3630 g_mem_chunk_destroy(isakmp_decrypt_data);
3632 isakmp_hash = g_hash_table_new(isakmp_hash_func, isakmp_equal_func);
3633 isakmp_key_data = g_mem_chunk_new("isakmp_key_data",
3634 COOKIE_SIZE, 5 * COOKIE_SIZE,
3636 isakmp_decrypt_data = g_mem_chunk_new("isakmp_decrypt_data",
3637 sizeof(decrypt_data_t), 5 * sizeof(decrypt_data_t),
3641 logf = ws_fopen(pluto_log_path, "r");
3645 if (ikev2_key_hash) {
3646 g_hash_table_destroy(ikev2_key_hash);
3649 ikev2_key_hash = g_hash_table_new(ikev2_key_hash_func, ikev2_key_equal_func);
3650 for (i = 0; i < num_ikev2_uat_data; i++) {
3651 g_hash_table_insert(ikev2_key_hash, &(ikev2_uat_data[i].key), &(ikev2_uat_data[i]));
3653 #endif /* HAVE_LIBGCRYPT */
3657 isakmp_prefs_apply_cb(void) {
3658 #ifdef HAVE_LIBGCRYPT
3659 isakmp_init_protocol();
3660 #endif /* HAVE_LIBGCRYPT */
3663 #ifdef HAVE_LIBGCRYPT
3664 UAT_BUFFER_CB_DEF(ikev2_users, spii, ikev2_uat_data_t, key.spii, key.spii_len)
3665 UAT_BUFFER_CB_DEF(ikev2_users, spir, ikev2_uat_data_t, key.spir, key.spir_len)
3666 UAT_BUFFER_CB_DEF(ikev2_users, sk_ei, ikev2_uat_data_t, sk_ei, sk_ei_len)
3667 UAT_BUFFER_CB_DEF(ikev2_users, sk_er, ikev2_uat_data_t, sk_er, sk_er_len)
3668 UAT_VS_DEF(ikev2_users, encr_alg, ikev2_uat_data_t, IKEV2_ENCR_3DES, "3DES")
3669 UAT_BUFFER_CB_DEF(ikev2_users, sk_ai, ikev2_uat_data_t, sk_ai, sk_ai_len)
3670 UAT_BUFFER_CB_DEF(ikev2_users, sk_ar, ikev2_uat_data_t, sk_ar, sk_ar_len)
3671 UAT_VS_DEF(ikev2_users, auth_alg, ikev2_uat_data_t, IKEV2_AUTH_HMAC_SHA1_96, "HMAC_SHA1_96")
3673 static void ikev2_uat_data_update_cb(void* p, const char** err) {
3674 ikev2_uat_data_t *ud = p;
3676 if (ud->key.spii_len != COOKIE_SIZE) {
3677 *err = ep_strdup_printf("Length of Initiator's SPI must be %d octets (%d hex charactors).", COOKIE_SIZE, COOKIE_SIZE * 2);
3681 if (ud->key.spir_len != COOKIE_SIZE) {
3682 *err = ep_strdup_printf("Length of Responder's SPI must be %d octets (%d hex charactors).", COOKIE_SIZE, COOKIE_SIZE * 2);
3686 if ((ud->encr_spec = ikev2_decrypt_find_encr_spec(ud->encr_alg)) == NULL) {
3687 REPORT_DISSECTOR_BUG("Couldn't get IKEv2 encryption algorithm spec.");
3690 if ((ud->auth_spec = ikev2_decrypt_find_auth_spec(ud->auth_alg)) == NULL) {
3691 REPORT_DISSECTOR_BUG("Couldn't get IKEv2 authentication algorithm spec.");
3694 if (ud->sk_ei_len != ud->encr_spec->key_len) {
3695 *err = ep_strdup_printf("Length of SK_ei (%u octets) does not match the key length (%u octets) of the selected encryption algorithm.",
3696 ud->sk_ei_len, ud->encr_spec->key_len);
3700 if (ud->sk_er_len != ud->encr_spec->key_len) {
3701 *err = ep_strdup_printf("Length of SK_er (%u octets) does not match the key length (%u octets) of the selected encryption algorithm.",
3702 ud->sk_er_len, ud->encr_spec->key_len);
3706 if (ud->sk_ai_len != ud->auth_spec->key_len) {
3707 *err = ep_strdup_printf("Length of SK_ai (%u octets) does not match the key length (%u octets) of the selected integrity algorithm.",
3708 ud->sk_ai_len, ud->auth_spec->key_len);
3712 if (ud->sk_ar_len != ud->auth_spec->key_len) {
3713 *err = ep_strdup_printf("Length of SK_ar (%u octets) does not match the key length (%u octets) of the selected integrity algorithm.",
3714 ud->sk_ar_len, ud->auth_spec->key_len);
3718 #endif /* HAVE_LIBGCRYPT */
3721 proto_register_isakmp(void)
3723 module_t *isakmp_module;
3725 static hf_register_info hf[] = {
3726 { &hf_isakmp_icookie,
3727 { "Initiator cookie", "isakmp.icookie",
3728 FT_BYTES, BASE_NONE, NULL, 0x0,
3729 "ISAKMP Initiator Cookie", HFILL }},
3730 { &hf_isakmp_rcookie,
3731 { "Responder cookie", "isakmp.rcookie",
3732 FT_BYTES, BASE_NONE, NULL, 0x0,
3733 "ISAKMP Responder Cookie", HFILL }},
3734 { &hf_isakmp_nextpayload,
3735 { "Next payload", "isakmp.nextpayload",
3736 FT_UINT8, BASE_DEC, NULL, 0x0,
3737 "ISAKMP Next Payload", HFILL }},
3738 { &hf_isakmp_version,
3739 { "Version", "isakmp.version",
3740 FT_UINT8, BASE_HEX, NULL, 0x0,
3741 "ISAKMP Version (major + minor)", HFILL }},
3742 { &hf_isakmp_exchangetype,
3743 { "Exchange type", "isakmp.exchangetype",
3744 FT_UINT8, BASE_DEC, NULL, 0x0,
3745 "ISAKMP Exchange Type", HFILL }},
3747 { "Flags", "isakmp.flags",
3748 FT_UINT8, BASE_HEX, NULL, 0x0,
3749 "ISAKMP Flags", HFILL }},
3750 { &hf_isakmp_messageid,
3751 { "Message ID", "isakmp.messageid",
3752 FT_UINT32, BASE_HEX, NULL, 0x0,
3753 "ISAKMP Message ID", HFILL }},
3754 { &hf_isakmp_length,
3755 { "Length", "isakmp.length",
3756 FT_UINT32, BASE_DEC, NULL, 0x0,
3757 "ISAKMP Length", HFILL }},
3758 { &hf_isakmp_payloadlen,
3759 { "Payload length", "isakmp.payloadlength",
3760 FT_UINT16, BASE_DEC, NULL, 0x0,
3761 "ISAKMP Payload Length", HFILL }},
3763 { "Domain of interpretation", "isakmp.doi",
3764 FT_UINT32, BASE_DEC, NULL, 0x0,
3765 "ISAKMP Domain of Interpretation", HFILL }},
3766 { &hf_isakmp_sa_situation,
3767 { "Situation", "isakmp.sa.situation",
3768 FT_BYTES, BASE_NONE, NULL, 0x0,
3769 "ISAKMP SA Situation", HFILL }},
3770 { &hf_isakmp_prop_number,
3771 { "Proposal number", "isakmp.prop.number",
3772 FT_UINT8, BASE_DEC, NULL, 0x0,
3773 "ISAKMP Proposal Number", HFILL }},
3774 { &hf_isakmp_spisize,
3775 { "SPI Size", "isakmp.spisize",
3776 FT_UINT8, BASE_DEC, NULL, 0x0,
3777 "ISAKMP SPI Size", HFILL }},
3778 { &hf_isakmp_prop_transforms,
3779 { "Proposal transforms", "isakmp.prop.transforms",
3780 FT_UINT8, BASE_DEC, NULL, 0x0,
3781 "ISAKMP Proposal Transforms", HFILL }},
3782 { &hf_isakmp_trans_number,
3783 { "Transform number", "isakmp.trans.number",
3784 FT_UINT8, BASE_DEC, NULL, 0x0,
3785 "ISAKMP Transform Number", HFILL }},
3786 { &hf_isakmp_trans_id,
3787 { "Transform ID", "isakmp.trans.id",
3788 FT_UINT8, BASE_DEC, NULL, 0x0,
3789 "ISAKMP Transform ID", HFILL }},
3790 { &hf_isakmp_id_type,
3791 { "ID type", "isakmp.id.type",
3792 FT_UINT8, BASE_DEC, NULL, 0x0,
3793 "ISAKMP ID Type", HFILL }},
3794 { &hf_isakmp_protoid,
3795 { "Protocol ID", "isakmp.protoid",
3796 FT_UINT8, BASE_DEC, NULL, 0x0,
3797 "ISAKMP Protocol ID", HFILL }},
3798 { &hf_isakmp_id_port,
3799 { "Port", "isakmp.id.port",
3800 FT_UINT16, BASE_DEC, NULL, 0x0,
3801 "ISAKMP ID Port", HFILL }},
3802 { &hf_isakmp_cert_encoding,
3803 { "Port", "isakmp.cert.encoding",
3804 FT_UINT8, BASE_DEC, NULL, 0x0,
3805 "ISAKMP Certificate Encoding", HFILL }},
3806 { &hf_isakmp_certificate,
3807 { "Certificate", "isakmp.certificate",
3808 FT_NONE, BASE_NONE, NULL, 0x0,
3809 "ISAKMP Certificate Encoding", HFILL }},
3810 { &hf_isakmp_certreq_type,
3811 { "Port", "isakmp.certreq.type",
3812 FT_UINT8, BASE_DEC, NULL, 0x0,
3813 "ISAKMP Certificate Request Type", HFILL }},
3814 { &hf_isakmp_notify_msgtype,
3815 { "Port", "isakmp.notify.msgtype",
3816 FT_UINT8, BASE_DEC, NULL, 0x0,
3817 "ISAKMP Notify Message Type", HFILL }},
3818 { &hf_isakmp_num_spis,
3819 { "Port", "isakmp.spinum",
3820 FT_UINT16, BASE_DEC, NULL, 0x0,
3821 "ISAKMP Number of SPIs", HFILL }},
3822 { &hf_isakmp_cisco_frag_packetid,
3823 { "Frag ID", "isakmp.frag.packetid",
3824 FT_UINT16, BASE_HEX, NULL, 0x0,
3825 "ISAKMP fragment packet-id", HFILL }},
3826 { &hf_isakmp_cisco_frag_seq,
3827 { "Frag seq", "isakmp.frag.packetid",
3828 FT_UINT8, BASE_DEC, NULL, 0x0,
3829 "ISAKMP fragment number", HFILL }},
3830 { &hf_isakmp_cisco_frag_last,
3831 { "Frag last", "isakmp.frag.last",
3832 FT_UINT8, BASE_DEC, VALS(frag_last_vals), 0x0,
3833 "ISAKMP last fragment", HFILL }},
3834 { &hf_isakmp_fragments,
3835 {"Message fragments", "msg.fragments",
3836 FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
3837 { &hf_isakmp_fragment,
3838 {"Message fragment", "msg.fragment",
3839 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
3840 { &hf_isakmp_fragment_overlap,
3841 {"Message fragment overlap", "msg.fragment.overlap",
3842 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
3843 { &hf_isakmp_fragment_overlap_conflicts,
3844 {"Message fragment overlapping with conflicting data",
3845 "msg.fragment.overlap.conflicts",
3846 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
3847 { &hf_isakmp_fragment_multiple_tails,
3848 {"Message has multiple tail fragments",
3849 "msg.fragment.multiple_tails",
3850 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
3851 { &hf_isakmp_fragment_too_long_fragment,
3852 {"Message fragment too long", "msg.fragment.too_long_fragment",
3853 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
3854 { &hf_isakmp_fragment_error,
3855 {"Message defragmentation error", "msg.fragment.error",
3856 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
3857 { &hf_isakmp_reassembled_in,
3858 {"Reassembled in", "msg.reassembled.in",
3859 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
3860 { &hf_isakmp_certificate_authority,
3861 { "Certificate Authority Distinguished Name", "ike.cert_authority_dn", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }
3863 { &hf_isakmp_v2_certificate_authority,
3864 { "Certificate Authority", "ike.cert_authority", FT_BYTES, BASE_NONE, NULL, 0x0, "SHA-1 hash of the Certificate Authority", HFILL }
3866 { &hf_isakmp_nat_keepalive,
3867 { "NAT Keepalive", "ike.nat_keepalive", FT_NONE, BASE_NONE, NULL, 0x0, "NAT Keepalive packet", HFILL }
3872 static gint *ett[] = {
3875 &ett_isakmp_payload,
3876 &ett_isakmp_fragment,
3877 &ett_isakmp_fragments,
3878 #ifdef HAVE_LIBGCRYPT
3879 &ett_isakmp_decrypted_data,
3880 &ett_isakmp_decrypted_payloads
3881 #endif /* HAVE_LIBGCRYPT */
3883 #ifdef HAVE_LIBGCRYPT
3884 static uat_field_t ikev2_uat_flds[] = {
3885 UAT_FLD_BUFFER(ikev2_users, spii, "Initiator's SPI", "Initiator's SPI value of the IKE_SA"),
3886 UAT_FLD_BUFFER(ikev2_users, spir, "Responder's SPI", "Responder's SPI value of the IKE_SA"),
3887 UAT_FLD_BUFFER(ikev2_users, sk_ei, "SK_ei", "Key used to encrypt/decrypt IKEv2 packets from initiator to responder"),
3888 UAT_FLD_BUFFER(ikev2_users, sk_er, "SK_er", "Key used to encrypt/decrypt IKEv2 packets from responder to initiator"),
3889 UAT_FLD_VS(ikev2_users, encr_alg, "Encryption algorithm", vs_ikev2_encr_algs, "Encryption algorithm of IKE_SA"),
3890 UAT_FLD_BUFFER(ikev2_users, sk_ai, "SK_ai", "Key used to calculate Integrity Checksum Data for IKEv2 packets from initiator to responder"),
3891 UAT_FLD_BUFFER(ikev2_users, sk_ar, "SK_ar", "Key used to calculate Integrity Checksum Data for IKEv2 packets from responder to initiator"),
3892 UAT_FLD_VS(ikev2_users, auth_alg, "Integrity algorithm", vs_ikev2_auth_algs, "Integrity algorithm of IKE_SA"),
3895 #endif /* HAVE_LIBGCRYPT */
3896 proto_isakmp = proto_register_protocol("Internet Security Association and Key Management Protocol",
3897 "ISAKMP", "isakmp");
3898 proto_register_field_array(proto_isakmp, hf, array_length(hf));
3899 proto_register_subtree_array(ett, array_length(ett));
3900 register_init_routine(&isakmp_init_protocol);
3902 register_dissector("isakmp", dissect_isakmp, proto_isakmp);
3904 isakmp_module = prefs_register_protocol(proto_isakmp, isakmp_prefs_apply_cb);
3905 #ifdef HAVE_LIBGCRYPT
3906 prefs_register_string_preference(isakmp_module, "log",
3908 "Path to a pluto log file containing DH secret information",
3911 ikev2_uat = uat_new("IKEv2 Decryption Table",
3912 sizeof(ikev2_uat_data_t),
3913 "ikev2_decryption_table",
3915 (void*)&ikev2_uat_data,
3916 &num_ikev2_uat_data,
3918 "ChIKEv2DecryptionSection",
3920 ikev2_uat_data_update_cb,
3924 prefs_register_uat_preference(isakmp_module,
3925 "ikev2_decryption_table",
3926 "IKEv2 Decryption Table",
3927 "Table of IKE_SA security parameters for decryption of IKEv2 packets",
3930 #endif /* HAVE_LIBGCRYPT */
3934 proto_reg_handoff_isakmp(void)
3936 dissector_handle_t isakmp_handle;
3938 isakmp_handle = find_dissector("isakmp");
3939 eap_handle = find_dissector("eap");
3940 dissector_add("udp.port", UDP_PORT_ISAKMP, isakmp_handle);
3941 dissector_add("tcp.port", TCP_PORT_ISAKMP, isakmp_handle);