* (draft-ietf-ipsec-ikev2-17.txt)
* Shoichi Sakane <sakane@tanu.org>
*
+ * Added routines for RFC3947 Negotiation of NAT-Traversal in the IKE
+ * ronnie sahlberg
+ *
* $Id$
*
- * Ethereal - Network traffic analyzer
- * By Gerald Combs <gerald@ethereal.com>
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
#include <glib.h>
-#ifdef NEED_SNPRINTF_H
-# include "snprintf.h"
+#ifdef HAVE_LIBNETTLE
+#ifdef _WIN32
+#include <hmac.h>
+#include <des.h>
+#include <cbc.h>
+#else
+#include <nettle/hmac.h>
+#include <nettle/des.h>
+#include <nettle/cbc.h>
+#endif
+#include <epan/strutil.h>
#endif
#include <epan/packet.h>
-#include <epan/ipv6-utils.h>
#include <epan/ipproto.h>
#include <epan/dissectors/packet-x509if.h>
#include <epan/dissectors/packet-isakmp.h>
+#include <epan/prefs.h>
#define isakmp_min(a, b) ((a<b) ? a : b)
static int hf_ike_v2_certificate_authority = -1;
static int hf_ike_nat_keepalive = -1;
+static int hf_isakmp_icookie = -1;
+static int hf_isakmp_rcookie = -1;
+static int hf_isakmp_nextpayload = -1;
+static int hf_isakmp_version = -1;
+static int hf_isakmp_exchangetype = -1;
+static int hf_isakmp_flags = -1;
+static int hf_isakmp_messageid = -1;
+static int hf_isakmp_length = -1;
+static int hf_isakmp_payloadlen = -1;
+static int hf_isakmp_doi = -1;
+static int hf_isakmp_sa_situation = -1;
+static int hf_isakmp_prop_number = -1;
+static int hf_isakmp_spisize = -1;
+static int hf_isakmp_prop_transforms = -1;
+static int hf_isakmp_trans_number = -1;
+static int hf_isakmp_trans_id = -1;
+static int hf_isakmp_id_type = -1;
+static int hf_isakmp_protoid = -1;
+static int hf_isakmp_id_port = -1;
+static int hf_isakmp_cert_encoding = -1;
+static int hf_isakmp_certreq_type = -1;
+static int hf_isakmp_notify_msgtype = -1;
+static int hf_isakmp_num_spis = -1;
+
static gint ett_isakmp = -1;
static gint ett_isakmp_flags = -1;
static gint ett_isakmp_payload = -1;
+/* IKE port number assigned by IANA */
#define UDP_PORT_ISAKMP 500
#define TCP_PORT_ISAKMP 500
+/*
+ * Identifier Type
+ * RFC2407 for IKEv1
+ * draft-ietf-ipsec-ikev2-17.txt for IKEv2
+ */
+#define IKE_ID_IPV4_ADDR 1
+#define IKE_ID_FQDN 2
+#define IKE_ID_USER_FQDN 3
+#define IKE_ID_IPV4_ADDR_SUBNET 4
+#define IKE_ID_IPV6_ADDR 5
+#define IKE_ID_IPV6_ADDR_SUBNET 6
+#define IKE_ID_IPV4_ADDR_RANGE 7
+#define IKE_ID_IPV6_ADDR_RANGE 8
+#define IKE_ID_DER_ASN1_DN 9
+#define IKE_ID_DER_ASN1_GN 10
+#define IKE_ID_KEY_ID 11
+
+/*
+ * Traffic Selector Type
+ * Not in use for IKEv1
+ */
+#define IKEV2_TS_IPV4_ADDR_RANGE 7
+#define IKEV2_TS_IPV6_ADDR_RANGE 8
+
static const value_string vs_proto[] = {
{ 0, "RESERVED" },
{ 1, "ISAKMP" },
{ 0, NULL },
};
-struct isakmp_hdr {
- guint8 icookie[8];
- guint8 rcookie[8];
+#define COOKIE_SIZE 8
+
+typedef struct isakmp_hdr {
guint8 next_payload;
guint8 version;
guint8 exch_type;
#define R_FLAG 0x20
guint32 message_id;
guint32 length;
-};
+} isakmp_hdr_t;
+
+#define ISAKMP_HDR_SIZE (sizeof(struct isakmp_hdr) + (2 * COOKIE_SIZE))
+
+#define ENC_DES_CBC 1
+#define ENC_IDEA_CBC 2
+#define ENC_BLOWFISH_CBC 3
+#define ENC_RC5_R16_B64_CBC 4
+#define ENC_3DES_CBC 5
+#define ENC_CAST_CBC 6
+#define ENC_AES_CBC 7
+
+#define HMAC_MD5 1
+#define HMAC_SHA 2
+#define HMAC_TIGER 3
+#define HMAC_SHA2_256 4
+#define HMAC_SHA2_384 5
+#define HMAC_SHA2_512 6
+
+#ifdef HAVE_LIBNETTLE
+
+#define MAIN_MODE 2
+#define AGGRESSIVE_MODE 4
+#define MAX_KEY_SIZE 256
+#define MAX_DIGEST_SIZE 64
+#define MAX_OAKLEY_KEY_LEN 32
+
+typedef struct decrypt_key {
+ guchar secret[MAX_KEY_SIZE];
+ guint secret_len;
+} decrypt_key_t;
+
+typedef struct iv_data {
+ guchar iv[MAX_DIGEST_SIZE];
+ guint iv_len;
+ guint32 frame_num;
+} iv_data_t;
+
+typedef struct decrypt_data {
+ gboolean is_psk;
+ address initiator;
+ guint encr_alg;
+ guint hash_alg;
+ guint group;
+ gchar *gi;
+ guint gi_len;
+ gchar *gr;
+ guint gr_len;
+ guchar secret[MAX_KEY_SIZE];
+ guint secret_len;
+ GList *iv_list;
+ gchar last_cbc[MAX_DIGEST_SIZE];
+ guint last_cbc_len;
+ gchar last_p1_cbc[MAX_DIGEST_SIZE];
+ guint last_p1_cbc_len;
+ guint32 last_message_id;
+} decrypt_data_t;
+
+static GHashTable *isakmp_hash = NULL;
+static GMemChunk *isakmp_key_data = NULL;
+static GMemChunk *isakmp_decrypt_data = NULL;
+static FILE *logf = NULL;
+static const char *pluto_log_path = "insert pluto log path here";
+
+static void
+scan_pluto_log(void) {
+#define MAX_PLUTO_LINE 500
+ decrypt_data_t *decr;
+ gchar line[MAX_PLUTO_LINE];
+ guint8 i_cookie[COOKIE_SIZE], *ic_key;
+ gboolean got_cookie = FALSE;
+ guchar secret[MAX_KEY_SIZE];
+ guint secret_len = 0;
+ gchar *icookie_pfx = "| ICOOKIE: ";
+ gchar *enc_key_pfx = "| enc key: ";
+ gchar *pos, *endpos;
+ gint icpfx_len = strlen(icookie_pfx);
+ gint ec_len = strlen(enc_key_pfx);
+ gint i;
+ address null_addr;
+ unsigned long hexval;
+
+ SET_ADDRESS(&null_addr, AT_NONE, 0, NULL);
+
+ if (logf) {
+ while (fgets(line, MAX_PLUTO_LINE, logf)) {
+ if (strncmp(line, icookie_pfx, icpfx_len) == 0) {
+ secret_len = 0;
+ pos = line + icpfx_len;
+ for (i = 0; i < COOKIE_SIZE; i++) {
+ hexval = strtoul(pos, &endpos, 16);
+ if (endpos == pos)
+ break;
+ i_cookie[i] = (guint8) hexval;
+ pos = endpos;
+ }
+ if (i == COOKIE_SIZE)
+ got_cookie = TRUE;
+ } else if (strncmp(line, enc_key_pfx, ec_len) == 0) {
+ pos = line + ec_len;
+ for (; secret_len < MAX_KEY_SIZE; secret_len++) {
+ hexval = strtoul(pos, &endpos, 16);
+ if (endpos == pos)
+ break;
+ secret[secret_len] = (guint8) hexval;
+ pos = endpos;
+ }
+ } else if (got_cookie && secret_len > 1) {
+ decr = (decrypt_data_t*) g_hash_table_lookup(isakmp_hash, i_cookie);
+
+ if (! decr) {
+ ic_key = g_mem_chunk_alloc(isakmp_key_data);
+ memcpy(ic_key, i_cookie, COOKIE_SIZE);
+ decr = g_mem_chunk_alloc(isakmp_decrypt_data);
+ memset(decr, 0, sizeof(decrypt_data_t));
+
+ g_hash_table_insert(isakmp_hash, ic_key, decr);
+ }
+
+ memcpy(decr->secret, secret, secret_len);
+ decr->secret_len = secret_len;
+ }
+ }
+ }
+}
+
+static void
+set_transform_vals(decrypt_data_t *decr, int ike_p1, guint16 type, guint32 val) {
+ if (! ike_p1)
+ return;
+
+ if (decr != NULL) {
+ switch (type) {
+ case 1:
+ decr->encr_alg = val;
+ break;
+ case 2:
+ decr->hash_alg = val;
+ break;
+ case 3:
+ if (val == 1)
+ decr->is_psk = TRUE;
+ break;
+ case 4:
+ decr->group = val;
+ break;
+ }
+ }
+}
+
+static tvbuff_t *
+decrypt_payload(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, const guint8 *buf, guint buf_len, isakmp_hdr_t *hdr) {
+ decrypt_data_t *decr = (decrypt_data_t *) pinfo->private_data;
+ gchar *decrypted_data = NULL;
+ struct md5_ctx m_ctx;
+ struct sha1_ctx s_ctx;
+ struct des3_ctx d3_ctx;
+ struct des_ctx d_ctx;
+ tvbuff_t *encr_tvb;
+ iv_data_t *ivd = NULL;
+ GList *ivl;
+ guchar iv[MAX_DIGEST_SIZE];
+ guint iv_len = 0;
+ guint32 message_id, cbc_block_size, digest_size;
+
+ if (!decr ||
+ decr->is_psk == FALSE ||
+ decr->gi_len == 0 ||
+ decr->gr_len == 0)
+ return NULL;
+
+ switch(decr->encr_alg) {
+ case ENC_3DES_CBC:
+ if (decr->secret_len < DES3_KEY_SIZE) return NULL;
+ cbc_block_size = DES_BLOCK_SIZE;
+ break;
+ case ENC_DES_CBC:
+ if (decr->secret_len < DES_KEY_SIZE) return NULL;
+ cbc_block_size = DES_BLOCK_SIZE;
+ break;
+ default:
+ return NULL;
+ break;
+ }
+
+ switch(decr->hash_alg) {
+ case HMAC_MD5:
+ digest_size = MD5_DIGEST_SIZE;
+ break;
+ case HMAC_SHA:
+ digest_size = SHA1_DIGEST_SIZE;
+ break;
+ default:
+ return NULL;
+ break;
+ }
+
+ for (ivl = g_list_first(decr->iv_list); ivl != NULL; ivl = g_list_next(ivl)) {
+ ivd = (iv_data_t *) ivl->data;
+ if (ivd->frame_num == pinfo->fd->num) {
+ iv_len = ivd->iv_len;
+ memcpy(iv, ivd->iv, iv_len);
+ }
+ }
+
+ /*
+ * Set our initialization vector as follows:
+ * - If the IV list is empty, assume we have the first packet in a phase 1
+ * exchange. The IV is built from DH values.
+ * - If our message ID changes, assume we're entering a new mode. The IV
+ * is built from the message ID and the last phase 1 CBC.
+ * - Otherwise, use the last CBC.
+ */
+ if (iv_len == 0) {
+ if (decr->iv_list == NULL) {
+ /* First packet */
+ ivd = g_malloc(sizeof(iv_data_t));
+ ivd->frame_num = pinfo->fd->num;
+ ivd->iv_len = digest_size;
+ decr->last_message_id = hdr->message_id;
+ if (decr->hash_alg == HMAC_MD5) {
+ md5_init(&m_ctx);
+ md5_update(&m_ctx, decr->gi_len, decr->gi);
+ md5_update(&m_ctx, decr->gr_len, decr->gr);
+ md5_digest(&m_ctx, MD5_DIGEST_SIZE, ivd->iv);
+ } else {
+ sha1_init(&s_ctx);
+ sha1_update(&s_ctx, decr->gi_len, decr->gi);
+ sha1_update(&s_ctx, decr->gr_len, decr->gr);
+ sha1_digest(&s_ctx, SHA1_DIGEST_SIZE, ivd->iv);
+ }
+ decr->iv_list = g_list_append(decr->iv_list, ivd);
+ iv_len = ivd->iv_len;
+ memcpy(iv, ivd->iv, iv_len);
+ } else if (decr->last_cbc_len >= cbc_block_size) {
+ ivd = g_malloc(sizeof(iv_data_t));
+ ivd->frame_num = pinfo->fd->num;
+ if (hdr->message_id != decr->last_message_id) {
+ if (decr->last_p1_cbc_len == 0) {
+ memcpy(decr->last_p1_cbc, decr->last_cbc, cbc_block_size);
+ decr->last_p1_cbc_len = cbc_block_size;
+ }
+ ivd->iv_len = digest_size;
+ decr->last_message_id = hdr->message_id;
+ message_id = g_htonl(decr->last_message_id);
+ if (decr->hash_alg == HMAC_MD5) {
+ md5_init(&m_ctx);
+ md5_update(&m_ctx, cbc_block_size, decr->last_p1_cbc);
+ md5_update(&m_ctx, sizeof(message_id), (unsigned char *) &message_id);
+ md5_digest(&m_ctx, MD5_DIGEST_SIZE, ivd->iv);
+ } else {
+ sha1_init(&s_ctx);
+ sha1_update(&s_ctx, cbc_block_size, decr->last_p1_cbc);
+ sha1_update(&s_ctx, sizeof(message_id), (unsigned char *) &message_id);
+ sha1_digest(&s_ctx, SHA1_DIGEST_SIZE, ivd->iv);
+ }
+ } else {
+ ivd->iv_len = cbc_block_size;
+ memcpy(ivd->iv, decr->last_cbc, ivd->iv_len);
+ }
+ decr->iv_list = g_list_append(decr->iv_list, ivd);
+ iv_len = ivd->iv_len;
+ memcpy(iv, ivd->iv, iv_len);
+ }
+ }
+
+ if (ivd == NULL) return NULL;
+
+ decrypted_data = g_malloc(buf_len);
+
+ if (decr->encr_alg = ENC_3DES_CBC) {
+ des_fix_parity(decr->secret_len, decr->secret, decr->secret);
+ des3_set_key(&d3_ctx, decr->secret);
+ cbc_decrypt(&d3_ctx, des3_decrypt, DES_BLOCK_SIZE, iv,
+ buf_len, decrypted_data, buf);
+ } else {
+ des_fix_parity(decr->secret_len, decr->secret, decr->secret);
+ des_set_key(&d_ctx, decr->secret);
+ cbc_decrypt(&d_ctx, des_decrypt, DES_BLOCK_SIZE, iv,
+ buf_len, decrypted_data, buf);
+ }
+
+ encr_tvb = tvb_new_real_data(decrypted_data, buf_len, buf_len);
+
+ tvb_set_child_real_data_tvbuff(tvb, encr_tvb);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(pinfo, encr_tvb, "Decrypted IKE");
+
+ /* Fill in the next IV */
+ if (tvb_length(tvb) > cbc_block_size) {
+ decr->last_cbc_len = cbc_block_size;
+ memcpy(decr->last_cbc, iv, cbc_block_size);
+ } else {
+ decr->last_cbc_len = 0;
+ }
+
+ return encr_tvb;
+}
+
+#endif /* HAVE_LIBNETTLE */
static proto_tree *dissect_payload_header(tvbuff_t *, int, int, int, guint8,
guint8 *, guint16 *, proto_tree *);
{ 14, "Attrib", dissect_config },
{ 15, "NAT-Discovery", dissect_nat_discovery }, /* draft-ietf-ipsec-nat-t-ike-04 */
{ 16, "NAT-Original Address", dissect_nat_original_address }, /* draft-ietf-ipsec-nat-t-ike */
+ { 20, "NAT-D (RFC 3947)", dissect_nat_discovery },
+ { 21, "NAT-OA (RFC 3947)", dissect_nat_original_address },
{ 130, "NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03)", dissect_nat_discovery },
{ 131, "NAT-OA (draft-ietf-ipsec-nat-t-ike-01 to 04)", dissect_nat_original_address },
};
static const guint8 VID_draft_ietf_ipsec_nat_t_ike_03[VID_LEN] = {0x7D, 0x94, 0x19, 0xA6, 0x53, 0x10, 0xCA, 0x6F, 0x2C, 0x17, 0x9D, 0x92, 0x15, 0x52, 0x9d, 0x56}; /* according to http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-03.txt */
+static const guint8 VID_rfc3947[VID_LEN] = {0x4a, 0x13, 0x1c, 0x81, 0x07, 0x03, 0x58, 0x45, 0x5c, 0x57, 0x28, 0xf2, 0x0e, 0x95, 0x45, 0x2f}; /* RFC 3947 Negotiation of NAT-Traversal in the IKE*/
+
static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_0[VID_LEN] = {0xfB, 0xF4, 0x76, 0x14, 0x98, 0x40, 0x31, 0xFA, 0x8E, 0x3B, 0xB6, 0x19, 0x80, 0x89, 0xB2, 0x23}; /* Ssh Communications Security IPSEC Express version 1.1.0 */
static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_1[VID_LEN] = {0x19, 0x52, 0xDC, 0x91, 0xAC, 0x20, 0xF6, 0x46, 0xFB, 0x01, 0xCF, 0x42, 0xA3, 0x3A, 0xEE, 0x30}; /* Ssh Communications Security IPSEC Express version 1.1.1 */
-
+
static const guint8 VID_SSH_IPSEC_EXPRESS_1_1_2[VID_LEN] = {0xE8, 0xBF, 0xFA, 0x64, 0x3E, 0x5C, 0x8F, 0x2C, 0xD1, 0x0F, 0xDA, 0x73, 0x70, 0xB6, 0xEB, 0xE5}; /* Ssh Communications Security IPSEC Express version 1.1.2 */
static const guint8 VID_SSH_IPSEC_EXPRESS_1_2_1[VID_LEN] = {0xC1, 0x11, 0x1B, 0x2D, 0xEE, 0x8C, 0xBC, 0x3D, 0x62, 0x05, 0x73, 0xEC, 0x57, 0xAA, 0xB9, 0xCB}; /* Ssh Communications Security IPSEC Express version 1.2.1 */
static const guint8 VID_SSH_IPSEC_EXPRESS_1_2_2[VID_LEN] = {0x09, 0xEC, 0x27, 0xBF, 0xBC, 0x09, 0xC7, 0x58, 0x23, 0xCF, 0xEC, 0xBF, 0xFE, 0x56, 0x5A, 0x2E}; /* Ssh Communications Security IPSEC Express version 1.2.2 */
-
+
static const guint8 VID_SSH_IPSEC_EXPRESS_2_0_0[VID_LEN] = {0x7F, 0x21, 0xA5, 0x96, 0xE4, 0xE3, 0x18, 0xF0, 0xB2, 0xF4, 0x94, 0x4C, 0x23, 0x84, 0xCB, 0x84}; /* SSH Communications Security IPSEC Express version 2.0.0 */
-
+
static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_0[VID_LEN] = {0x28, 0x36, 0xD1, 0xFD, 0x28, 0x07, 0xBC, 0x9E, 0x5A, 0xE3, 0x07, 0x86, 0x32, 0x04, 0x51, 0xEC}; /* SSH Communications Security IPSEC Express version 2.1.0 */
-
+
static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_1[VID_LEN] = {0xA6, 0x8D, 0xE7, 0x56, 0xA9, 0xC5, 0x22, 0x9B, 0xAE, 0x66, 0x49, 0x80, 0x40, 0x95, 0x1A, 0xD5}; /* SSH Communications Security IPSEC Express version 2.1.1 */
static const guint8 VID_SSH_IPSEC_EXPRESS_2_1_2[VID_LEN] = {0x3F, 0x23, 0x72, 0x86, 0x7E, 0x23, 0x7C, 0x1C, 0xD8, 0x25, 0x0A, 0x75, 0x55, 0x9C, 0xAE, 0x20}; /* SSH Communications Security IPSEC Express version 2.1.2 */
static const guint8 VID_draft_ietf_ipsec_heartbeats_00[VID_LEN_8]= {0x8D, 0xB7, 0xA4, 0x18, 0x11, 0x22, 0x16, 0x60}; /* draft-ietf-ipsec-heartbeats-00.txt */
-/*
+/*
* Seen in Netscreen. Suppose to be ASCII HeartBeat_Notify - but I don't know the rest yet. I suspect it then proceeds with
* 8k10, which means every 8K (?), and version 1.0 of the protocol (?). I won't add it to the code, until I know what it really
* means. ykaul-at-bezeqint.net
*/
-static const guint8 VID_HeartBeat_Notify[VID_LEN] = {0x48, 0x65, 0x61, 0x72, 0x74, 0x42, 0x65, 0x61, 0x74, 0x5f, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79};
+static const guint8 VID_HeartBeat_Notify[VID_LEN] = {0x48, 0x65, 0x61, 0x72, 0x74, 0x42, 0x65, 0x61, 0x74, 0x5f, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79};
void
isakmp_dissect_payloads(tvbuff_t *tvb, proto_tree *tree, int isakmp_version,
static void
dissect_payloads(tvbuff_t *tvb, proto_tree *tree, int isakmp_version,
- guint8 initial_payload, int offset, int length, packet_info *pinfo)
+ guint8 initial_payload, int offset, int length,
+ packet_info *pinfo)
{
guint8 payload, next_payload;
guint16 payload_length;
dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
int offset = 0, len;
- struct isakmp_hdr hdr;
+ isakmp_hdr_t hdr;
proto_item * ti;
proto_tree * isakmp_tree = NULL;
int isakmp_version;
+#ifdef HAVE_LIBNETTLE
+ guint8 zeroes[8] = {0, 0, 0, 0, 0, 0, 0, 0};
+ guint8 i_cookie[COOKIE_SIZE], *ic_key;
+ decrypt_data_t *decr = NULL;
+ tvbuff_t *decr_tvb;
+ proto_tree *decr_tree;
+ void *pd = pinfo->private_data;
+ address null_addr;
+#endif /* HAVE_LIBNETTLE */
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISAKMP");
return;
}
- hdr.length = tvb_get_ntohl(tvb, offset + sizeof(hdr) - sizeof(hdr.length));
- hdr.exch_type = tvb_get_guint8(tvb, sizeof(hdr.icookie) + sizeof(hdr.rcookie) + sizeof(hdr.next_payload) + sizeof(hdr.version));
- hdr.version = tvb_get_guint8(tvb, sizeof(hdr.icookie) + sizeof(hdr.rcookie) + sizeof(hdr.next_payload));
+ hdr.length = tvb_get_ntohl(tvb, offset + ISAKMP_HDR_SIZE - sizeof(hdr.length));
+ hdr.exch_type = tvb_get_guint8(tvb, COOKIE_SIZE + COOKIE_SIZE + sizeof(hdr.next_payload) + sizeof(hdr.version));
+ hdr.version = tvb_get_guint8(tvb, COOKIE_SIZE + COOKIE_SIZE + sizeof(hdr.next_payload));
isakmp_version = hi_nibble(hdr.version); /* save the version */
if (check_col(pinfo->cinfo, COL_INFO))
col_add_str(pinfo->cinfo, COL_INFO,
exchtype2str(isakmp_version, hdr.exch_type));
+#ifdef HAVE_LIBNETTLE
+ SET_ADDRESS(&null_addr, AT_NONE, 0, NULL);
+
+ tvb_memcpy(tvb, i_cookie, offset, COOKIE_SIZE);
+ decr = (decrypt_data_t*) g_hash_table_lookup(isakmp_hash, i_cookie);
+
+ if (! decr) {
+ ic_key = g_mem_chunk_alloc(isakmp_key_data);
+ memcpy(ic_key, i_cookie, COOKIE_SIZE);
+ decr = g_mem_chunk_alloc(isakmp_decrypt_data);
+ memset(decr, 0, sizeof(decrypt_data_t));
+ SET_ADDRESS(&decr->initiator, AT_NONE, 0, NULL);
+
+ g_hash_table_insert(isakmp_hash, ic_key, decr);
+ }
+
+ if (ADDRESSES_EQUAL(&decr->initiator, &null_addr)) {
+ /* XXX - We assume that we're seeing the second packet in an exchange here.
+ * Is there a way to verify this? */
+ COPY_ADDRESS(&decr->initiator, &pinfo->src);
+ }
+
+ pinfo->private_data = decr;
+#endif /* HAVE_LIBNETTLE */
+
if (tree) {
- tvb_memcpy(tvb, (guint8 *)&hdr.icookie, offset, sizeof(hdr.icookie));
- proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.icookie),
- "Initiator cookie: 0x%s", tvb_bytes_to_str(tvb, offset, sizeof(hdr.icookie)));
- offset += sizeof(hdr.icookie);
+ proto_tree_add_item(isakmp_tree, hf_isakmp_icookie, tvb, offset, COOKIE_SIZE, FALSE);
+ offset += COOKIE_SIZE;
- tvb_memcpy(tvb, (guint8 *)&hdr.rcookie, offset, sizeof(hdr.rcookie));
- proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.rcookie),
- "Responder cookie: 0x%s", tvb_bytes_to_str(tvb, offset, sizeof(hdr.rcookie)));
- offset += sizeof(hdr.rcookie);
+ proto_tree_add_item(isakmp_tree, hf_isakmp_rcookie, tvb, offset, COOKIE_SIZE, FALSE);
+ offset += COOKIE_SIZE;
hdr.next_payload = tvb_get_guint8(tvb, offset);
- proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.next_payload),
+ proto_tree_add_uint_format(isakmp_tree, hf_isakmp_nextpayload, tvb, offset,
+ sizeof(hdr.next_payload), hdr.next_payload,
"Next payload: %s (%u)",
payloadtype2str(isakmp_version, hdr.next_payload),
hdr.next_payload);
offset += sizeof(hdr.next_payload);
- proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.version),
- "Version: %u.%u",
+ proto_tree_add_uint_format(isakmp_tree, hf_isakmp_version, tvb, offset,
+ sizeof(hdr.version), hdr.version, "Version: %u.%u",
hi_nibble(hdr.version), lo_nibble(hdr.version));
offset += sizeof(hdr.version);
hdr.exch_type = tvb_get_guint8(tvb, offset);
- proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.exch_type),
+ proto_tree_add_uint_format(isakmp_tree, hf_isakmp_exchangetype, tvb, offset,
+ sizeof(hdr.exch_type), hdr.exch_type,
"Exchange type: %s (%u)",
exchtype2str(isakmp_version, hdr.exch_type),
hdr.exch_type);
proto_tree * ftree;
hdr.flags = tvb_get_guint8(tvb, offset);
- fti = proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.flags), "Flags");
+ fti = proto_tree_add_item(isakmp_tree, hf_isakmp_flags, tvb, offset, sizeof(hdr.flags), FALSE);
ftree = proto_item_add_subtree(fti, ett_isakmp_flags);
if (isakmp_version == 1) {
offset += sizeof(hdr.flags);
}
- proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.message_id),
- "Message ID: 0x%s", tvb_bytes_to_str(tvb, offset, sizeof(hdr.message_id)));
+ hdr.message_id = tvb_get_ntohl(tvb, offset);
+ proto_tree_add_item(isakmp_tree, hf_isakmp_messageid, tvb, offset, sizeof(hdr.message_id), FALSE);
offset += sizeof(hdr.message_id);
- if (hdr.length < sizeof(hdr)) {
- proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.length),
- "Length: (bogus, length is %u, should be at least %lu)",
- hdr.length, (unsigned long)sizeof(hdr));
+ if (hdr.length < ISAKMP_HDR_SIZE) {
+ proto_tree_add_uint_format(isakmp_tree, hf_isakmp_length, tvb, offset, sizeof(hdr.length),
+ hdr.length, "Length: (bogus, length is %u, should be at least %lu)",
+ hdr.length, (unsigned long)ISAKMP_HDR_SIZE);
return;
}
- len = hdr.length - sizeof(hdr);
+ len = hdr.length - ISAKMP_HDR_SIZE;
if (len < 0) {
- proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.length),
- "Length: (bogus, length is %u, which is too large)",
+ proto_tree_add_uint_format(isakmp_tree, hf_isakmp_length, tvb, offset, sizeof(hdr.length),
+ hdr.length, "Length: (bogus, length is %u, which is too large)",
hdr.length);
return;
}
- proto_tree_add_text(isakmp_tree, tvb, offset, sizeof(hdr.length),
- "Length: %u", hdr.length);
+ proto_tree_add_item(isakmp_tree, hf_isakmp_length, tvb, offset, sizeof(hdr.length), FALSE);
offset += sizeof(hdr.length);
if (hdr.flags & E_FLAG) {
if (len && isakmp_tree) {
- proto_tree_add_text(isakmp_tree, tvb, offset, len,
+ ti = proto_tree_add_text(isakmp_tree, tvb, offset, len,
"Encrypted payload (%d byte%s)",
len, plurality(len, "", "s"));
+#ifdef HAVE_LIBNETTLE
+
+ if (decr) {
+ decr_tvb = decrypt_payload(isakmp_tree, tvb, pinfo, tvb_get_ptr(tvb, offset, len), len, &hdr);
+ if (decr_tvb) {
+ decr_tree = proto_item_add_subtree(ti, ett_isakmp);
+ dissect_payloads(decr_tvb, decr_tree, isakmp_version, hdr.next_payload,
+ 0, tvb_length(decr_tvb), pinfo);
+ }
+ }
+#endif /* HAVE_LIBNETTLE */
}
} else
dissect_payloads(tvb, isakmp_tree, isakmp_version, hdr.next_payload,
"%s payload", payloadtype2str(isakmp_version, payload));
ntree = proto_item_add_subtree(ti, ett_isakmp_payload);
- proto_tree_add_text(ntree, tvb, offset, 1,
- "Next payload: %s (%u)",
- payloadtype2str(isakmp_version, next_payload),
- next_payload);
+ proto_tree_add_uint_format(ntree, hf_isakmp_nextpayload, tvb, offset, 1,
+ next_payload, "Next payload: %s (%u)",
+ payloadtype2str(isakmp_version, next_payload),
+ next_payload);
if (isakmp_version == 2) {
proto_tree_add_text(ntree, tvb, offset + 1, 1, "%s",
decode_boolean_bitfield(tvb_get_guint8(tvb, offset + 1), 0x80,
8, "Critical", "Not critical"));
}
- proto_tree_add_text(ntree, tvb, offset + 2, 2, "Length: %u", payload_length);
+ proto_tree_add_item(ntree, hf_isakmp_payloadlen, tvb, offset + 2, 2, FALSE);
*next_payload_p = next_payload;
*payload_length_p = payload_length;
}
static void
-dissect_sa(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
+dissect_sa(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
packet_info *pinfo, int isakmp_version, int unused _U_)
{
guint32 doi;
}
if (isakmp_version == 1) {
doi = tvb_get_ntohl(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 4,
- "Domain of interpretation: %s (%u)",
- doitype2str(doi), doi);
+ proto_tree_add_uint_format(tree, hf_isakmp_doi, tvb, offset, 4,
+ doi, "Domain of interpretation: %s (%u)",
+ doitype2str(doi), doi);
offset += 4;
length -= 4;
if (doi == 1) {
/* IPSEC */
if (length < 4) {
- proto_tree_add_text(tree, tvb, offset, length,
+ proto_tree_add_bytes_format(tree, hf_isakmp_sa_situation, tvb, offset, length,
+ tvb_get_ptr(tvb, offset, length),
"Situation: %s (length is %u, should be >= 4)",
tvb_bytes_to_str(tvb, offset, length), length);
return;
}
situation = tvb_get_ntohl(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 4,
- "Situation: %s (%u)",
+ proto_tree_add_bytes_format(tree, hf_isakmp_sa_situation, tvb, offset, 4,
+ tvb_get_ptr(tvb, offset, 4), "Situation: %s (%u)",
situation2str(situation), situation);
offset += 4;
length -= 4;
length, pinfo);
} else {
/* Unknown */
- proto_tree_add_text(tree, tvb, offset, length,
- "Situation: %s",
- tvb_bytes_to_str(tvb, offset, length));
+ proto_tree_add_item(tree, hf_isakmp_sa_situation, tvb, offset, length, FALSE);
}
} else if (isakmp_version == 2) {
dissect_payloads(tvb, tree, isakmp_version, LOAD_TYPE_PROPOSAL, offset,
proposal_num = tvb_get_guint8(tvb, offset);
- proto_item_append_text(tree, " # %d",proposal_num);
- proto_tree_add_text(tree, tvb, offset, 1,
- "Proposal number: %u", proposal_num);
+ proto_item_append_text(tree, " # %d", proposal_num);
+
+ proto_tree_add_item(tree, hf_isakmp_prop_number, tvb, offset, 1, FALSE);
offset += 1;
length -= 1;
protocol_id = tvb_get_guint8(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 1,
- "Protocol ID: %s (%u)",
- val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
+ proto_tree_add_uint_format(tree, hf_isakmp_protoid, tvb, offset, 1,
+ protocol_id, "Protocol ID: %s (%u)",
+ val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
offset += 1;
length -= 1;
spi_size = tvb_get_guint8(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 1,
- "SPI size: %u", spi_size);
+ proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, FALSE);
offset += 1;
length -= 1;
num_transforms = tvb_get_guint8(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 1,
- "Number of transforms: %u", num_transforms);
+ proto_tree_add_item(tree, hf_isakmp_prop_transforms, tvb, offset, 1, FALSE);
offset += 1;
length -= 1;
if (spi_size) {
- proto_tree_add_text(tree, tvb, offset, spi_size, "SPI: %s",
+ proto_tree_add_text(tree, tvb, offset, spi_size, "SPI: 0x%s",
tvb_bytes_to_str(tvb, offset, spi_size));
offset += spi_size;
length -= spi_size;
guint8 transform_id;
guint8 transform_num;
+#ifdef HAVE_LIBNETTLE
+ decrypt_data_t *decr = (decrypt_data_t *) pinfo->private_data;
+#endif /* HAVE_LIBNETTLE */
transform_num = tvb_get_guint8(tvb, offset);
proto_item_append_text(tree," # %d",transform_num);
- proto_tree_add_text(tree, tvb, offset, 1,
- "Transform number: %u", transform_num);
+ proto_tree_add_item(tree, hf_isakmp_trans_number, tvb, offset, 1, FALSE);
offset += 1;
length -= 1;
transform_id = tvb_get_guint8(tvb, offset);
switch (protocol_id) {
default:
- proto_tree_add_text(tree, tvb, offset, 1,
- "Transform ID: %u", transform_id);
+ proto_tree_add_item(tree, hf_isakmp_trans_id, tvb, offset, 1, FALSE);
break;
case 1: /* ISAKMP */
- proto_tree_add_text(tree, tvb, offset, 1,
- "Transform ID: %s (%u)",
+ proto_tree_add_uint_format(tree, hf_isakmp_trans_id, tvb, offset, 1,
+ transform_id, "Transform ID: %s (%u)",
val_to_str(transform_id, vs_v1_trans_isakmp, "UNKNOWN-TRANS-TYPE"), transform_id);
break;
case 2: /* AH */
- proto_tree_add_text(tree, tvb, offset, 1,
- "Transform ID: %s (%u)",
+ proto_tree_add_uint_format(tree, hf_isakmp_trans_id, tvb, offset, 1,
+ transform_id, "Transform ID: %s (%u)",
val_to_str(transform_id, vs_v1_trans_ah, "UNKNOWN-AH-TRANS-TYPE"), transform_id);
break;
case 3: /* ESP */
- proto_tree_add_text(tree, tvb, offset, 1,
- "Transform ID: %s (%u)",
+ proto_tree_add_uint_format(tree, hf_isakmp_trans_id, tvb, offset, 1,
+ transform_id, "Transform ID: %s (%u)",
val_to_str(transform_id, vs_v1_trans_esp, "UNKNOWN-ESP-TRANS-TYPE"), transform_id);
break;
case 4: /* IPCOMP */
- proto_tree_add_text(tree, tvb, offset, 1,
- "Transform ID: %s (%u)",
+ proto_tree_add_uint_format(tree, hf_isakmp_trans_id, tvb, offset, 1,
+ transform_id, "Transform ID: %s (%u)",
val_to_str(transform_id, vs_v1_trans_ipcomp, "UNKNOWN-IPCOMP-TRANS-TYPE"), transform_id);
break;
}
guint32 val;
guint pack_len;
+ /* XXX - Add header fields */
if (protocol_id == 1 && transform_id == 1) {
ike_phase1 = 1;
str = val_to_str(type, vs_v1_attr, "UNKNOWN-ATTRIBUTE-TYPE");
"%s (%u): %s (%u)",
str, type,
v1_attrval2str(ike_phase1, type, val), val);
+#ifdef HAVE_LIBNETTLE
+ set_transform_vals(decr, ike_phase1, type, val);
+#endif
offset += 4;
length -= 4;
}
"%s (%u): %s (%u)",
str, type,
v1_attrval2str(ike_phase1, type, val), val);
+#ifdef HAVE_LIBNETTLE
+ set_transform_vals(decr, ike_phase1, type, val);
+#endif
}
offset += pack_len;
length -= pack_len;
} v2_tid_func[] = {
{ 0, "RESERVED", NULL, },
{ 1, "Encryption Algorithm (ENCR)", v2_tid2encstr },
- { 2, "Pseudo-random Function (PRF)", v2_tid2prfstr },
+ { 2, "Pseudo-random Function (PRF)", v2_tid2prfstr },
{ 3, "Integrity Algorithm (INTEG)", v2_tid2iastr },
{ 4, "Diffie-Hellman Group (D-H)", v2_tid2dhstr },
{ 5, "Extended Sequence Numbers (ESN)", v2_tid2esnstr },
packet_info *pinfo _U_, int isakmp_version, int unused _U_)
{
guint16 dhgroup;
+#ifdef HAVE_LIBNETTLE
+ decrypt_data_t *decr = (decrypt_data_t *) pinfo->private_data;
+#endif /* HAVE_LIBNETTLE */
if (isakmp_version == 2) {
dhgroup = tvb_get_ntohs(tvb, offset);
length -= 4;
}
- proto_tree_add_text(tree, tvb, offset, length, "Key Exchange Data");
+ proto_tree_add_text(tree, tvb, offset, length, "Key Exchange Data (%d bytes / %d bits)",
+ length, length * 8);
+
+#ifdef HAVE_LIBNETTLE
+ if (decr && decr->gi_len == 0 && ADDRESSES_EQUAL(&decr->initiator, &pinfo->src)) {
+ decr->gi = g_malloc(length);
+ tvb_memcpy(tvb, decr->gi, offset, length);
+ decr->gi_len = length;
+ } else if (decr && decr->gr_len == 0 && !ADDRESSES_EQUAL(&decr->initiator, &pinfo->src)) {
+ decr->gr = g_malloc(length);
+ tvb_memcpy(tvb, decr->gr, offset, length);
+ decr->gr_len = length;
+ }
+#endif /* HAVE_LIBNETTLE */
}
static void
guint16 port;
id_type = tvb_get_guint8(tvb, offset);
+ proto_tree_add_item(tree, hf_isakmp_id_type, tvb, offset, 1, FALSE);
proto_tree_add_text(tree, tvb, offset, 1,
"ID type: %s (%u)",
id2str(isakmp_version, id_type), id_type);
protocol_id = tvb_get_guint8(tvb, offset);
if (protocol_id == 0) {
- proto_tree_add_text(tree, tvb, offset, 1,
- "Protocol ID: Unused");
+ proto_tree_add_uint_format(tree, hf_isakmp_protoid, tvb, offset, 1,
+ protocol_id, "Protocol ID: Unused");
} else {
- proto_tree_add_text(tree, tvb, offset, 1,
- "Protocol ID: %s (%u)",
+ proto_tree_add_uint_format(tree, hf_isakmp_protoid, tvb, offset, 1,
+ protocol_id, "Protocol ID: %s (%u)",
ipprotostr(protocol_id), protocol_id);
}
offset += 1;
port = tvb_get_ntohs(tvb, offset);
if (port == 0)
- proto_tree_add_text(tree, tvb, offset, 2, "Port: Unused");
+ proto_tree_add_uint_format(tree, hf_isakmp_id_port, tvb, offset, 2,
+ port, "Port: Unused");
else
- proto_tree_add_text(tree, tvb, offset, 2, "Port: %u", port);
+ proto_tree_add_item(tree, hf_isakmp_id_port, tvb, offset, 2, FALSE);
offset += 2;
length -= 2;
+ /*
+ * It shows strings of all types though some of types are not
+ * supported in IKEv2 specification actually.
+ */
switch (id_type) {
- case 1:
+ case IKE_ID_IPV4_ADDR:
proto_tree_add_text(tree, tvb, offset, length,
"Identification data: %s",
ip_to_str(tvb_get_ptr(tvb, offset, 4)));
break;
- case 2:
- case 3:
+ case IKE_ID_FQDN:
+ case IKE_ID_USER_FQDN:
proto_tree_add_text(tree, tvb, offset, length,
"Identification data: %.*s", length,
tvb_get_ptr(tvb, offset, length));
break;
- case 4:
+ case IKE_ID_IPV4_ADDR_SUBNET:
+ case IKE_ID_IPV4_ADDR_RANGE:
proto_tree_add_text(tree, tvb, offset, length,
"Identification data: %s/%s",
ip_to_str(tvb_get_ptr(tvb, offset, 4)),
ip_to_str(tvb_get_ptr(tvb, offset+4, 4)));
break;
- case 9:
+ case IKE_ID_IPV6_ADDR:
+ proto_tree_add_text(tree, tvb, offset, length,
+ "Identification data: %s",
+ ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, 16)));
+ break;
+ case IKE_ID_IPV6_ADDR_SUBNET:
+ case IKE_ID_IPV6_ADDR_RANGE:
+ proto_tree_add_text(tree, tvb, offset, length,
+ "Identification data: %s/%s",
+ ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, 16)),
+ ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset+16, 16)));
+ break;
+ case IKE_ID_DER_ASN1_DN:
dissect_x509if_Name(FALSE, tvb, offset, pinfo, tree,
hf_ike_certificate_authority);
break;
guint8 cert_enc;
cert_enc = tvb_get_guint8(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 1,
- "Certificate encoding: %u - %s",
- cert_enc, certtype2str(isakmp_version, cert_enc));
+ proto_tree_add_uint_format(tree, hf_isakmp_cert_encoding, tvb, offset, 1,
+ cert_enc, "Certificate encoding: %u - %s",
+ cert_enc, certtype2str(isakmp_version, cert_enc));
offset += 1;
length -= 1;
guint8 cert_type;
cert_type = tvb_get_guint8(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 1,
- "Certificate type: %u - %s",
- cert_type, certtype2str(isakmp_version, cert_type));
+ proto_tree_add_uint_format(tree, hf_isakmp_certreq_type, tvb, offset, 1,
+ cert_type, "Certificate type: %u - %s",
+ cert_type, certtype2str(isakmp_version, cert_type));
offset += 1;
length -= 1;
length -= 1;
/* this is a list of 20 byte SHA-1 hashes */
- while (length) {
+ while (length > 0) {
proto_tree_add_item(tree, hf_ike_v2_certificate_authority, tvb, offset, 20, FALSE);
length-=20;
}
if (isakmp_version == 1) {
doi = tvb_get_ntohl(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 4,
- "Domain of Interpretation: %s (%u)",
- doitype2str(doi), doi);
+ proto_tree_add_uint_format(tree, hf_isakmp_doi, tvb, offset, 4,
+ doi, "Domain of interpretation: %s (%u)",
+ doitype2str(doi), doi);
offset += 4;
length -= 4;
}
protocol_id = tvb_get_guint8(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 1,
- "Protocol ID: %s (%u)",
- val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
+ proto_tree_add_uint_format(tree, hf_isakmp_protoid, tvb, offset, 1,
+ protocol_id, "Protocol ID: %s (%u)",
+ val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
offset += 1;
length -= 1;
spi_size = tvb_get_guint8(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 1,
- "SPI size: %u", spi_size);
+ proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, FALSE);
offset += 1;
length -= 1;
msgtype = tvb_get_ntohs(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 2,
- "Message type: %s (%u)",
- msgtype2str(isakmp_version, msgtype), msgtype);
+ proto_tree_add_uint_format(tree, hf_isakmp_notify_msgtype, tvb, offset, 2,
+ msgtype, "Message type: %s (%u)",
+ msgtype2str(isakmp_version, msgtype), msgtype);
offset += 2;
length -= 2;
if (spi_size) {
- proto_tree_add_text(tree, tvb, offset, spi_size, "Security Parameter Index");
+ proto_tree_add_text(tree, tvb, offset, spi_size, "SPI: 0x%s",
+ tvb_bytes_to_str(tvb, offset, spi_size));
offset += spi_size;
length -= spi_size;
}
guint16 num_spis;
guint16 i;
- doi = tvb_get_ntohl(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 4,
- "Domain of Interpretation: %s (%u)",
- doitype2str(doi), doi);
- offset += 4;
- length -= 4;
+ if (isakmp_version == 1) {
+ doi = tvb_get_ntohl(tvb, offset);
+ proto_tree_add_text(tree, tvb, offset, 4,
+ "Domain of Interpretation: %s (%u)",
+ doitype2str(doi), doi);
+ offset += 4;
+ length -= 4;
+ }
protocol_id = tvb_get_guint8(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 1,
- "Protocol ID: %s (%u)",
- val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
+ proto_tree_add_uint_format(tree, hf_isakmp_protoid, tvb, offset, 1,
+ protocol_id, "Protocol ID: %s (%u)",
+ val_to_str(protocol_id, vs_proto, "UNKNOWN-PROTO-TYPE"), protocol_id);
offset += 1;
length -= 1;
spi_size = tvb_get_guint8(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 1,
- "SPI size: %u", spi_size);
+ proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, FALSE);
offset += 1;
length -= 1;
num_spis = tvb_get_ntohs(tvb, offset);
- proto_tree_add_text(tree, tvb, offset, 2,
- "Number of SPIs: %u", num_spis);
+ proto_tree_add_item(tree, hf_isakmp_num_spis, tvb, offset, 2, FALSE);
offset += 2;
length -= 2;
"Not enough room in payload for all SPI's");
break;
}
- proto_tree_add_text(tree, tvb, offset, spi_size,
- "SPI (%d)", i);
+ proto_tree_add_text(tree, tvb, offset, spi_size, "SPI: 0x%s",
+ tvb_bytes_to_str(tvb, offset, spi_size));
offset += spi_size;
length -= spi_size;
}
break;
}
offset += sizeof(CPversion);
- proto_tree_add_text(ntree, tvb, offset, length - VID_CP_LEN - sizeof(CPproduct) - sizeof(CPversion),"Check Point Vendor ID parameters");
+ proto_tree_add_text(ntree, tvb, offset, length - VID_CP_LEN - sizeof(CPproduct) - sizeof(CPversion),"Check Point Vendor ID parameters");
}
else
if (memcmp(pVID, VID_CYBERGUARD, isakmp_min(VID_LEN, length)) == 0)
if (memcmp(pVID, VID_draft_ietf_ipsec_nat_t_ike_03, isakmp_min(VID_LEN, length)) == 0)
proto_item_append_text(pt, "draft-ietf-ipsec-nat-t-ike-03");
else
+ if (memcmp(pVID, VID_rfc3947, isakmp_min(VID_LEN, length)) == 0)
+ proto_item_append_text(pt, "RFC 3947 Negotiation of NAT-Traversal in the IKE");
+ else
if (memcmp(pVID, VID_SSH_IPSEC_EXPRESS_1_1_0, isakmp_min(VID_LEN, length)) == 0)
proto_item_append_text(pt, "Ssh Communications Security IPSEC Express version 1.1.0");
else
switch (id_type) {
- case 1: /* ID_IPV4_ADDR */
+ case IKE_ID_IPV4_ADDR:
if (length == 4) {
- tvb_memcpy(tvb, (guint8 *)&addr_ipv4, offset, length);
+ addr_ipv4 = tvb_get_ipv4(tvb, offset);
proto_tree_add_text(tree, tvb, offset, length,
"Original address: %s",
ip_to_str((guint8 *)&addr_ipv4));
}
break;
- case 5: /* ID_IPV6_ADDR */
+ case IKE_ID_IPV6_ADDR:
if (length == 16) {
- tvb_memcpy(tvb, (guint8 *)&addr_ipv6, offset, length);
+ tvb_get_ipv6(tvb, offset, &addr_ipv6);
proto_tree_add_text(tree, tvb, offset, length,
"Original address: %s",
ip6_to_str(&addr_ipv6));
"TS Type: %s (%u)",
v2_tstype2str(tstype), tstype);
switch (tstype) {
- case 7:
+ case IKEV2_TS_IPV4_ADDR_RANGE:
addrlen = 4;
break;
- case 8:
+ case IKEV2_TS_IPV6_ADDR_RANGE:
addrlen = 16;
break;
default:
- addrlen = 255;
+ proto_item_append_text(tree, "unknown TS data (aborted decoding): 0x%s",
+ tvb_bytes_to_str(tvb, offset, length));
+ return;
}
+
/*
* XXX should the remaining of the length check be done here ?
* it seems other routines don't check the length.
offset += 2;
length -= 2;
- proto_tree_add_text(tree, tvb, offset, length,
- "Starting Address: %s",
- ip_to_str(tvb_get_ptr(tvb, offset, addrlen)));
- offset += addrlen;
- length -= addrlen;
-
- proto_tree_add_text(tree, tvb, offset, length,
- "Starting Address: %s",
+ switch (tstype) {
+ case IKEV2_TS_IPV4_ADDR_RANGE:
+ proto_tree_add_text(tree, tvb, offset, length,
+ "Starting Address: %s",
+ ip_to_str(tvb_get_ptr(tvb, offset, addrlen)));
+ offset += addrlen;
+ length -= addrlen;
+ proto_tree_add_text(tree, tvb, offset, length,
+ "Ending Address: %s",
ip_to_str(tvb_get_ptr(tvb, offset, addrlen)));
- offset += addrlen;
- length -= addrlen;
+ offset += addrlen;
+ length -= addrlen;
+ break;
+ case IKEV2_TS_IPV6_ADDR_RANGE:
+ proto_tree_add_text(tree, tvb, offset, length,
+ "Starting Address: %s",
+ ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, addrlen)));
+ offset += addrlen;
+ length -= addrlen;
+ proto_tree_add_text(tree, tvb, offset, length,
+ "Ending Address: %s",
+ ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, addrlen)));
+ offset += addrlen;
+ length -= addrlen;
+ break;
+ }
}
}
if (type >= 40960)
return "Private Use - STATUS TYPES";
return val_to_str(type, vs_v2_notifmsg, "UNKNOWN-NOTIFY-MESSAGE-TYPE");
- }
+ }
return "UNKNOWN-ISAKMP-VERSION";
}
static char msg[SIT_MSG_NUM];
int n = 0;
- char * sep = "";
+ const char * sep = "";
int ret;
if (type & SIT_IDENTITY) {
- ret = snprintf(msg, SIT_MSG_NUM-n, "%sIDENTITY", sep);
+ ret = g_snprintf(msg, SIT_MSG_NUM-n, "%sIDENTITY", sep);
if (ret == -1 || ret >= SIT_MSG_NUM-n) {
/* Truncated. */
- msg[SIT_MSG_NUM-1] = '\0';
return msg;
}
n += ret;
/* No more room. */
return msg;
}
- ret = snprintf(msg, SIT_MSG_NUM-n, "%sSECRECY", sep);
+ ret = g_snprintf(msg, SIT_MSG_NUM-n, "%sSECRECY", sep);
if (ret == -1 || ret >= SIT_MSG_NUM-n) {
/* Truncated. */
- msg[SIT_MSG_NUM-1] = '\0';
return msg;
}
n += ret;
/* No more room. */
return msg;
}
- ret = snprintf(msg, SIT_MSG_NUM-n, "%sINTEGRITY", sep);
+ ret = g_snprintf(msg, SIT_MSG_NUM-n, "%sINTEGRITY", sep);
if (ret == -1 || ret >= SIT_MSG_NUM-n) {
/* Truncated. */
- msg[SIT_MSG_NUM-1] = '\0';
return msg;
}
n += ret;
};
static const value_string vs_v1_attrval_enc[] = {
- { 0, "RESERVED" },
- { 1, "DES-CBC" },
- { 2, "IDEA-CBC" },
- { 3, "BLOWFISH-CBC" },
- { 4, "RC5-R16-B64-CBC" },
- { 5, "3DES-CBC" },
- { 6, "CAST-CBC" },
- { 7, "AES-CBC" },
+ { 0, "RESERVED" },
+ { ENC_DES_CBC, "DES-CBC" },
+ { ENC_IDEA_CBC, "IDEA-CBC" },
+ { ENC_BLOWFISH_CBC, "BLOWFISH-CBC" },
+ { ENC_RC5_R16_B64_CBC, "RC5-R16-B64-CBC" },
+ { ENC_3DES_CBC, "3DES-CBC" },
+ { ENC_CAST_CBC, "CAST-CBC" },
+ { ENC_AES_CBC, "AES-CBC" },
{ 0, NULL },
};
static const value_string vs_v1_attrval_hash[] = {
- { 0, "RESERVED" },
- { 1, "MD5" },
- { 2, "SHA" },
- { 3, "TIGER" },
- { 4, "SHA2-256" },
- { 5, "SHA2-384" },
- { 6, "SHA2-512" },
+ { 0, "RESERVED" },
+ { HMAC_MD5, "MD5" },
+ { HMAC_SHA, "SHA" },
+ { HMAC_TIGER, "TIGER" },
+ { HMAC_SHA2_256, "SHA2-256" },
+ { HMAC_SHA2_384, "SHA2-384" },
+ { HMAC_SHA2_512, "SHA2-512" },
{ 0, NULL },
};
{ 16, "4096 bit MODP group" },
{ 17, "6144 bit MODP group" },
{ 18, "8192 bit MODP group" },
- { 0, NULL },
+ { 19, "256-bit random curve group" },
+ { 20, "384-bit random curve group" },
+ { 21, "521-bit random curve group" },
+ { 22, "192-bit random curve group" },
+ { 23, "EC2N group over GF[2^163]" },
+ { 24, "224-bit random curve group" },
+ { 25, "EC2N group over GF[2^233]" },
+ { 26, "EC2N group over GF[2^233]" },
+ { 0, NULL }
};
static const value_string vs_v1_attrval_grptype[] = {
static const char *
id2str(int isakmp_version, guint8 type)
{
- static const value_string vs_v1_ident[] = {
- { 0, "RESERVED" },
- { 1, "IPV4_ADDR" },
- { 2, "FQDN" },
- { 3, "USER_FQDN" },
- { 4, "IPV4_ADDR_SUBNET" },
- { 5, "IPV6_ADDR" },
- { 6, "IPV6_ADDR_SUBNET" },
- { 7, "IPV4_ADDR_RANGE" },
- { 8, "IPV6_ADDR_RANGE" },
- { 9, "DER_ASN1_DN" },
- { 10, "DER_ASN1_GN" },
- { 11, "KEY_ID" },
- { 0, NULL },
- };
- static const value_string vs_v2_ident[] = {
- { 0, "RESERVED" },
- { 1, "IPV4_ADDR" },
- { 2, "FQDN" },
- { 3, "USER_FQDN" },
- { 4, "IPV4_ADDR_SUBNET" },
- { 5, "IPV6_ADDR" },
- { 9, "DER_ASN1_DN" },
- { 10, "DER_ASN1_GN" },
- { 11, "KEY_ID" },
- { 0, NULL },
+ static const value_string vs_ident[] = {
+ { IKE_ID_IPV4_ADDR, "IPV4_ADDR" },
+ { IKE_ID_FQDN, "FQDN" },
+ { IKE_ID_USER_FQDN, "USER_FQDN" },
+ { IKE_ID_IPV4_ADDR_SUBNET, "IPV4_ADDR_SUBNET" },
+ { IKE_ID_IPV6_ADDR, "IPV6_ADDR" },
+ { IKE_ID_IPV6_ADDR_SUBNET, "IPV6_ADDR_SUBNET" },
+ { IKE_ID_IPV4_ADDR_RANGE, "IPV4_ADDR_RANGE" },
+ { IKE_ID_IPV6_ADDR_RANGE, "IPV6_ADDR_RANGE" },
+ { IKE_ID_DER_ASN1_DN, "DER_ASN1_DN" },
+ { IKE_ID_DER_ASN1_GN, "DER_ASN1_GN" },
+ { IKE_ID_KEY_ID, "KEY_ID" },
+ { 0, NULL },
};
- if (isakmp_version == 1)
- return val_to_str(type, vs_v1_ident, "UNKNOWN-ID-TYPE");
- else if (isakmp_version == 2) {
- if ((type >= 6 && type <=8) || (type >= 12 && type <= 200))
+ if (isakmp_version == 1) {
+ if (type == 0)
+ return "RESERVED";
+ return val_to_str(type, vs_ident, "UNKNOWN-ID-TYPE");
+ } else if (isakmp_version == 2) {
+ if (type == 4 || (type >= 6 && type <=8) || (type >= 12 && type <= 200))
return "Reserved to IANA";
if (type >= 201)
return "Reserved for private use";
- return val_to_str(type, vs_v2_ident, "UNKNOWN-ID-TYPE");
+ if (type == IKE_ID_USER_FQDN)
+ return "RFC822_ADDR";
+ return val_to_str(type, vs_ident, "UNKNOWN-ID-TYPE");
}
return "UNKNOWN-ISAKMP-VERSION";
}
v2_tstype2str(guint8 type)
{
static const value_string vs_v2_tstype[] = {
- { 7, "TS_IPV4_ADDR_RANGE" },
- { 8, "TS_IPV6_ADDR_RANGE" },
+ { IKEV2_TS_IPV4_ADDR_RANGE, "TS_IPV4_ADDR_RANGE" },
+ { IKEV2_TS_IPV6_ADDR_RANGE, "TS_IPV6_ADDR_RANGE" },
{ 0, NULL },
};
return TRUE;
}
+/*
+ * Protocol initialization
+ */
+
+#ifdef HAVE_LIBNETTLE
+static guint
+isakmp_hash_func(gconstpointer c) {
+ guint8 *i_cookie = (guint8 *) c;
+ guint val = 0, keychunk, i;
+
+ /* XOR our icookie down to the size of a guint */
+ for (i = 0; i < COOKIE_SIZE - (COOKIE_SIZE % sizeof(keychunk)); i += sizeof(keychunk)) {
+ memcpy(&keychunk, &i_cookie[i], sizeof(keychunk));
+ val ^= keychunk;
+ }
+
+ return val;
+}
+
+static gint
+isakmp_equal_func(gconstpointer ic1, gconstpointer ic2) {
+
+ if (memcmp(ic1, ic2, COOKIE_SIZE) == 0)
+ return 1;
+
+ return 0;
+}
+#endif
+
+static void
+isakmp_init_protocol(void) {
+#ifdef HAVE_LIBNETTLE
+ if (isakmp_hash) {
+ g_hash_table_destroy(isakmp_hash);
+ }
+ if (isakmp_key_data)
+ g_mem_chunk_destroy(isakmp_key_data);
+ if (isakmp_decrypt_data)
+ g_mem_chunk_destroy(isakmp_decrypt_data);
+
+ isakmp_hash = g_hash_table_new(isakmp_hash_func, isakmp_equal_func);
+ isakmp_key_data = g_mem_chunk_new("isakmp_key_data",
+ COOKIE_SIZE, 5 * COOKIE_SIZE,
+ G_ALLOC_AND_FREE);
+ isakmp_decrypt_data = g_mem_chunk_new("isakmp_decrypt_data",
+ sizeof(decrypt_data_t), 5 * sizeof(decrypt_data_t),
+ G_ALLOC_AND_FREE);
+ if (logf)
+ fclose(logf);
+ logf = fopen(pluto_log_path, "r");
+
+ scan_pluto_log();
+#endif /* HAVE_LIBNETTLE */
+}
+
+static void
+isakmp_prefs_apply_cb(void) {
+#ifdef HAVE_LIBNETTLE
+ isakmp_init_protocol();
+#endif /* HAVE_LIBNETTLE */
+}
+
void
proto_register_isakmp(void)
{
+ module_t *isakmp_module;
+
static hf_register_info hf[] = {
+ { &hf_isakmp_icookie,
+ { "Initiator cookie", "isakmp.icookie",
+ FT_BYTES, BASE_HEX, NULL, 0x0,
+ "ISAKMP Initiator Cookie", HFILL }},
+ { &hf_isakmp_rcookie,
+ { "Responder cookie", "isakmp.rcookie",
+ FT_BYTES, BASE_HEX, NULL, 0x0,
+ "ISAKMP Responder Cookie", HFILL }},
+ { &hf_isakmp_nextpayload,
+ { "Next payload", "isakmp.nextpayload",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ "ISAKMP Next Payload", HFILL }},
+ { &hf_isakmp_version,
+ { "Version", "isakmp.version",
+ FT_UINT8, BASE_HEX, NULL, 0x0,
+ "ISAKMP Version (major + minor)", HFILL }},
+ { &hf_isakmp_exchangetype,
+ { "Exchange type", "isakmp.exchangetype",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ "ISAKMP Exchange Type", HFILL }},
+ { &hf_isakmp_flags,
+ { "Flags", "isakmp.flags",
+ FT_UINT8, BASE_HEX, NULL, 0x0,
+ "ISAKMP Flags", HFILL }},
+ { &hf_isakmp_messageid,
+ { "Message ID", "isakmp.messageid",
+ FT_UINT32, BASE_HEX, NULL, 0x0,
+ "ISAKMP Message ID", HFILL }},
+ { &hf_isakmp_length,
+ { "Length", "isakmp.length",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ "ISAKMP Length", HFILL }},
+ { &hf_isakmp_payloadlen,
+ { "Payload length", "isakmp.payloadlength",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ "ISAKMP Payload Length", HFILL }},
+ { &hf_isakmp_doi,
+ { "Domain of interpretation", "isakmp.doi",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ "ISAKMP Domain of Interpretation", HFILL }},
+ { &hf_isakmp_sa_situation,
+ { "Situation", "isakmp.sa.situation",
+ FT_BYTES, BASE_HEX, NULL, 0x0,
+ "ISAKMP SA Situation", HFILL }},
+ { &hf_isakmp_prop_number,
+ { "Proposal number", "isakmp.prop.number",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ "ISAKMP Proposal Number", HFILL }},
+ { &hf_isakmp_spisize,
+ { "SPI Size", "isakmp.spisize",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ "ISAKMP SPI Size", HFILL }},
+ { &hf_isakmp_prop_transforms,
+ { "Proposal transforms", "isakmp.prop.transforms",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ "ISAKMP Proposal Transforms", HFILL }},
+ { &hf_isakmp_trans_number,
+ { "Transform number", "isakmp.trans.number",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ "ISAKMP Transform Number", HFILL }},
+ { &hf_isakmp_trans_id,
+ { "Transform ID", "isakmp.trans.id",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ "ISAKMP Transform ID", HFILL }},
+ { &hf_isakmp_id_type,
+ { "ID type", "isakmp.id.type",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ "ISAKMP ID Type", HFILL }},
+ { &hf_isakmp_protoid,
+ { "Protocol ID", "isakmp.protoid",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ "ISAKMP Protocol ID", HFILL }},
+ { &hf_isakmp_id_port,
+ { "Port", "isakmp.id.port",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ "ISAKMP ID Port", HFILL }},
+ { &hf_isakmp_cert_encoding,
+ { "Port", "isakmp.cert.encoding",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ "ISAKMP Certificate Encoding", HFILL }},
+ { &hf_isakmp_certreq_type,
+ { "Port", "isakmp.certreq.type",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ "ISAKMP Certificate Request Type", HFILL }},
+ { &hf_isakmp_notify_msgtype,
+ { "Port", "isakmp.notify.msgtype",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ "ISAKMP Notify Message Type", HFILL }},
+ { &hf_isakmp_num_spis,
+ { "Port", "isakmp.spinum",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ "ISAKMP Number of SPIs", HFILL }},
+
{ &hf_ike_certificate_authority,
{ "Certificate Authority Distinguished Name", "ike.cert_authority_dn", FT_UINT32, BASE_DEC, NULL, 0x0, "Certificate Authority Distinguished Name", HFILL }
},
{ "NAT Keepalive", "ike.nat_keepalive", FT_NONE, BASE_HEX, NULL, 0x0, "NAT Keepalive packet", HFILL }
},
};
+
+
static gint *ett[] = {
&ett_isakmp,
&ett_isakmp_flags,
"ISAKMP", "isakmp");
proto_register_field_array(proto_isakmp, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
+ register_init_routine(&isakmp_init_protocol);
register_dissector("isakmp", dissect_isakmp, proto_isakmp);
+
+ isakmp_module = prefs_register_protocol(proto_isakmp, isakmp_prefs_apply_cb);
+#ifdef HAVE_LIBNETTLE
+ prefs_register_string_preference(isakmp_module, "log",
+ "Log Filename",
+ "Path to a pluto log file containing DH secret information",
+ &pluto_log_path);
+#endif /* HAVE_LIBNETTLE */
}
void
git.samba.org / obnox / wireshark / wip.git / blobdiff