1 /* packet-ipsec.c
2 * Routines for IPsec/IPComp packet disassembly
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10
11
12 /*
13
14 Addon: ESP Decryption and Authentication Checking
15
16 Frederic ROUDAUT (frederic.roudaut@free.fr)
17 Copyright 2006 Frederic ROUDAUT
18
19 - Decrypt ESP Payload for the following Algorithms defined in RFC 4305:
20
21 Encryption Algorithm
22 --------------------
23 NULL
24 TripleDES-CBC [RFC2451] : keylen 192 bits.
25 AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
26 AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining 32 bits will be used as nonce.
27 DES-CBC [RFC2405] : keylen 64 bits
28
29 - Add ESP Payload Decryption support for the following Encryption Algorithms :
30 BLOWFISH-CBC : keylen 128 bits.
31 TWOFISH-CBC : keylen 128/256 bits.
32 CAST5-CBC : keylen 128
33
34 - Check ESP Authentication for the following Algorithms defined in RFC 4305:
35
36 Authentication Algorithm
37 ------------------------
38 NULL
39 HMAC-SHA1-96 [RFC2404] : any keylen
40 HMAC-MD5-96 [RFC2403] : any keylen
41 AES-XCBC-MAC-96 [RFC3566] : Not available because no implementation found.
42
43 - Add ESP Authentication checking for the following Authentication Algorithm :
44 HMAC-SHA256 : any keylen
45 HMAC-RIPEMD160-96 [RFC2857] : any keylen
46
47 - Added/Modified Authentication checking (David Dahlberg <dahlberg@fgan.de>):
48 CHG: HMAC-SHA256 is now HMAC-SHA-256-96 [draft-ietf-ipsec-ciph-sha-256-00]
49 -> It is implemented this way in USAGI/KAME (Linux/BSD).
50 ADD: HMAC-SHA-256-128 [RFC4868]
51 ICV length of HMAC-SHA-256 was changed in draft-ietf-ipsec-ciph-sha-256-01
52 to 128 bit. This is "SHOULD" be the standard now!
53 ADD: Additional generic (non-checked) ICV length of 128, 192 and 256.
54 This follows RFC 4868 for the SHA-256+ family.
55
56 */
57
58 #include "config.h"
59
60
61 #include <epan/packet.h>
62 #include <epan/addr_resolv.h>
63 #include <epan/ipproto.h>
64 #include <epan/prefs.h>
65 #include <epan/expert.h>
66 #include <epan/tap.h>
67 #include <epan/exported_pdu.h>
68 #include <epan/proto_data.h>
69 #include <epan/decode_as.h>
70 #include <epan/capture_dissectors.h>
71
72 #include <stdio.h>
73 #include <epan/uat.h>
74 #include <wsutil/str_util.h>
75 #include <wsutil/wsgcrypt.h>
76
77 #include "packet-ipsec.h"
78 #include "packet-ip.h"
79
80 void proto_register_ipsec(void);
81 void proto_reg_handoff_ipsec(void);
82
83 static int proto_ah = -1;
84 static int hf_ah_next_header = -1;
85 static int hf_ah_length = -1;
86 static int hf_ah_reserved = -1;
87 static int hf_ah_spi = -1;
88 static int hf_ah_iv = -1;
89 static int hf_ah_sequence = -1;
90 static int proto_esp = -1;
91 static int hf_esp_spi = -1;
92 static int hf_esp_iv = -1;
93 static int hf_esp_icv = -1;
94 static int hf_esp_icv_good = -1;
95 static int hf_esp_icv_bad = -1;
96 static int hf_esp_sequence = -1;
97 static int hf_esp_encrypted_data = -1;
98 static int hf_esp_decrypted_data = -1;
99 static int hf_esp_contained_data = -1;
100 static int hf_esp_pad = -1;
101 static int hf_esp_pad_len = -1;
102 static int hf_esp_protocol = -1;
103 static int hf_esp_sequence_analysis_expected_sn = -1;
104 static int hf_esp_sequence_analysis_previous_frame = -1;
105
106 static int proto_ipcomp = -1;
107 static int hf_ipcomp_next_header = -1;
108 static int hf_ipcomp_flags = -1;
109 static int hf_ipcomp_cpi = -1;
110
111 static gint ett_ah = -1;
112 static gint ett_esp = -1;
113 static gint ett_esp_icv = -1;
114 static gint ett_esp_decrypted_data = -1;
115 static gint ett_ipcomp = -1;
116
117 static expert_field ei_esp_sequence_analysis_wrong_sequence_number = EI_INIT;
118
119
120 static gint exported_pdu_tap = -1;
121
122 static dissector_handle_t data_handle;
123
124 static dissector_table_t ip_dissector_table;
125
126 /* Encryption algorithms defined in RFC 4305 */
127 #define IPSEC_ENCRYPT_NULL 0
128 #define IPSEC_ENCRYPT_3DES_CBC 1
129 #define IPSEC_ENCRYPT_AES_CBC 2
130 #define IPSEC_ENCRYPT_AES_CTR 3
131 #define IPSEC_ENCRYPT_DES_CBC 4
132 #define IPSEC_ENCRYPT_BLOWFISH_CBC 5
133 #define IPSEC_ENCRYPT_TWOFISH_CBC 6
134
135 /* Encryption algorithm defined in RFC 2144 */
136 #define IPSEC_ENCRYPT_CAST5_CBC 7
137
138 /* Encryption algorithms defined in RFC 4106 */
139 #define IPSEC_ENCRYPT_AES_GCM 8
140 #define IPSEC_ENCRYPT_AES_GCM_8 9
141 #define IPSEC_ENCRYPT_AES_GCM_12 10
142 #define IPSEC_ENCRYPT_AES_GCM_16 11
143
144 /* Authentication algorithms defined in RFC 4305 */
145 #define IPSEC_AUTH_NULL 0
146 #define IPSEC_AUTH_HMAC_SHA1_96 1
147 #define IPSEC_AUTH_HMAC_SHA256_96 2
148 #define IPSEC_AUTH_HMAC_SHA256_128 3
149 #define IPSEC_AUTH_HMAC_SHA384_192 4
150 #define IPSEC_AUTH_HMAC_SHA512_256 5
151 #define IPSEC_AUTH_HMAC_MD5_96 6
152 #define IPSEC_AUTH_HMAC_RIPEMD160_96 7
153 /* define IPSEC_AUTH_AES_XCBC_MAC_96 6 */
154 #define IPSEC_AUTH_ANY_64BIT 8
155 #define IPSEC_AUTH_ANY_96BIT 9
156 #define IPSEC_AUTH_ANY_128BIT 10
157 #define IPSEC_AUTH_ANY_192BIT 11
158 #define IPSEC_AUTH_ANY_256BIT 12
159
160 /* ICV types (not an RFC classification) */
161 #define ICV_TYPE_UNCHECKED 0 /* ICV is not verified */
162 #define ICV_TYPE_HMAC 1 /* ICV is verified before decryption using an HMAC */
163 #define ICV_TYPE_AEAD 2 /* ICV is verified during decryption using an AEAD cipher */
164
165 #define IPSEC_IPV6_ADDR_LEN 128
166 #define IPSEC_IPV4_ADDR_LEN 32
167 #define IPSEC_STRLEN_IPV6 32
168 #define IPSEC_STRLEN_IPV4 8
169 #define IPSEC_SA_IPV4 1
170 #define IPSEC_SA_IPV6 2
171 #define IPSEC_SA_UNKNOWN -1
172 #define IPSEC_SA_WILDCARDS_ANY '*'
173 /* the maximum number of bytes (10)(including the terminating nul character(11)) */
174 #define IPSEC_SPI_LEN_MAX 11
175
176
177 /* well-known algorithm number (in CPI), from RFC2409 */
178 #define IPCOMP_OUI 1 /* vendor specific */
179 #define IPCOMP_DEFLATE 2 /* RFC2394 */
180 #define IPCOMP_LZS 3 /* RFC2395 */
181 #define IPCOMP_MAX 4
182
183
184 static const value_string cpi2val[] = {
185 { IPCOMP_OUI, "OUI" },
186 { IPCOMP_DEFLATE, "DEFLATE" },
187 { IPCOMP_LZS, "LZS" },
188 { 0, NULL },
189 };
190
191 /* The length of the two fields (SPI and Sequence Number) preceding the Payload Data */
192 #define ESP_HEADER_LEN 8
193
194
195 static const value_string esp_encryption_type_vals[] = {
196 { IPSEC_ENCRYPT_NULL, "NULL" },
197 { IPSEC_ENCRYPT_3DES_CBC, "TripleDES-CBC [RFC2451]" },
198 { IPSEC_ENCRYPT_AES_CBC, "AES-CBC [RFC3602]" },
199 { IPSEC_ENCRYPT_AES_CTR, "AES-CTR [RFC3686]" },
200 { IPSEC_ENCRYPT_DES_CBC, "DES-CBC [RFC2405]" },
201 { IPSEC_ENCRYPT_CAST5_CBC, "CAST5-CBC [RFC2144]" },
202 { IPSEC_ENCRYPT_BLOWFISH_CBC, "BLOWFISH-CBC [RFC2451]" },
203 { IPSEC_ENCRYPT_TWOFISH_CBC, "TWOFISH-CBC" },
204 { IPSEC_ENCRYPT_AES_GCM, "AES-GCM [RFC4106]" }, /* deprecated; (no ICV length specified) */
205 { IPSEC_ENCRYPT_AES_GCM_8, "AES-GCM with 8 octet ICV [RFC4106]" },
206 { IPSEC_ENCRYPT_AES_GCM_12, "AES-GCM with 12 octet ICV [RFC4106]" },
207 { IPSEC_ENCRYPT_AES_GCM_16, "AES-GCM with 16 octet ICV [RFC4106]" },
208 { 0x00, NULL }
209 };
210
211 static const char *
esp_get_encr_algo_name(gint esp_encr_algo)212 esp_get_encr_algo_name(gint esp_encr_algo)
213 {
214 return esp_encryption_type_vals[esp_encr_algo].strptr;
215 }
216
217
218 static const value_string esp_authentication_type_vals[] = {
219 { IPSEC_AUTH_NULL, "NULL" },
220 { IPSEC_AUTH_HMAC_SHA1_96, "HMAC-SHA-1-96 [RFC2404]" },
221 { IPSEC_AUTH_HMAC_SHA256_96, "HMAC-SHA-256-96 [draft-ietf-ipsec-ciph-sha-256-00]" },
222 { IPSEC_AUTH_HMAC_SHA256_128, "HMAC-SHA-256-128 [RFC4868]" },
223 { IPSEC_AUTH_HMAC_SHA384_192, "HMAC-SHA-384-192 [RFC4868]" },
224 { IPSEC_AUTH_HMAC_SHA512_256, "HMAC-SHA-512-256 [RFC4868]" },
225 { IPSEC_AUTH_HMAC_MD5_96, "HMAC-MD5-96 [RFC2403]" },
226 { IPSEC_AUTH_HMAC_RIPEMD160_96, "MAC-RIPEMD-160-96 [RFC2857]" },
227 /* { IPSEC_AUTH_AES_XCBC_MAC_96, "AES-XCBC-MAC-96 [RFC3566]" }, */
228 { IPSEC_AUTH_ANY_64BIT, "ANY 64 bit authentication [no checking]" },
229 { IPSEC_AUTH_ANY_96BIT, "ANY 96 bit authentication [no checking]" },
230 { IPSEC_AUTH_ANY_128BIT, "ANY 128 bit authentication [no checking]" },
231 { IPSEC_AUTH_ANY_192BIT, "ANY 192 bit authentication [no checking]" },
232 { IPSEC_AUTH_ANY_256BIT, "ANY 256 bit authentication [no checking]" },
233 { 0x00, NULL }
234 };
235
236 static const char *
esp_get_auth_algo_name(gint esp_auth_algo)237 esp_get_auth_algo_name(gint esp_auth_algo)
238 {
239 return esp_authentication_type_vals[esp_auth_algo].strptr;
240 }
241
242
243 /*-------------------------------------
244 * UAT for ESP
245 *-------------------------------------
246 */
247 /* UAT entry structure. */
248 typedef struct {
249 guint8 protocol;
250 gchar *srcIP;
251 gchar *dstIP;
252 gchar *spi;
253
254 guint8 encryption_algo; /* see values in esp_encryption_type_vals */
255 gchar *encryption_key_string;
256 gchar *encryption_key;
257 gint encryption_key_length;
258 gboolean cipher_hd_created;
259 gcry_cipher_hd_t cipher_hd; /* Key is stored here and closed with the SA */
260
261 guint8 authentication_algo; /* see values in esp_authentication_type_vals */
262 gchar *authentication_key_string;
263 gchar *authentication_key;
264 gint authentication_key_length;
265 } uat_esp_sa_record_t;
266
267 static uat_esp_sa_record_t *uat_esp_sa_records = NULL;
268
269 /* Extra SA records that may be set programmatically */
270 /* 'records' array is now allocated on the heap */
271 #define MAX_EXTRA_SA_RECORDS 16
272 typedef struct extra_esp_sa_records_t {
273 guint num_records;
274 uat_esp_sa_record_t *records;
275 } extra_esp_sa_records_t;
276 static extra_esp_sa_records_t extra_esp_sa_records;
277
278 static uat_t * esp_uat = NULL;
279 static guint num_sa_uat = 0;
280
281 /*
282 Name : static gint compute_ascii_key(gchar **ascii_key, gchar *key)
283 Description : Allocate memory for the key and transform the key if it is hexadecimal
284 Return : Return the key length
285 Params:
286 - gchar **ascii_key : the resulting ascii key allocated here
287 - gchar *key : the key to compute
288 - char **err : an error string to report if the input is found to be invalid
289 */
290 static gint
compute_ascii_key(gchar ** ascii_key,const gchar * key,char ** err)291 compute_ascii_key(gchar **ascii_key, const gchar *key, char **err)
292 {
293 guint key_len = 0, raw_key_len;
294 gint hex_digit;
295 guchar key_byte;
296 guint i, j;
297
298 if(key != NULL)
299 {
300 raw_key_len = (guint)strlen(key);
301 if((raw_key_len > 2) && (key[0] == '0') && ((key[1] == 'x') || (key[1] == 'X')))
302 {
303 /*
304 * Key begins with "0x" or "0X"; skip that and treat the rest
305 * as a sequence of hex digits.
306 */
307 i = 2; /* first character after "0[Xx]" */
308 j = 0;
309 if(raw_key_len %2 == 1)
310 {
311 /*
312 * Key has an odd number of characters; we act as if the
313 * first character had a 0 in front of it, making the
314 * number of characters even.
315 */
316 key_len = (raw_key_len - 2) / 2 + 1;
317 *ascii_key = (gchar *) g_malloc ((key_len + 1)* sizeof(gchar));
318 hex_digit = g_ascii_xdigit_value(key[i]);
319 if (hex_digit == -1)
320 {
321 g_free(*ascii_key);
322 *ascii_key = NULL;
323 *err = g_strdup_printf("Key %s begins with an invalid hex char (%c)", key, key[i]);
324 return -1; /* not a valid hex digit */
325 }
326 (*ascii_key)[j] = (guchar)hex_digit;
327 j++;
328 i++;
329 }
330 else
331 {
332 /*
333 * Key has an even number of characters, so we treat each
334 * pair of hex digits as a single byte value.
335 */
336 key_len = (raw_key_len - 2) / 2;
337 *ascii_key = (gchar *) g_malloc ((key_len + 1)* sizeof(gchar));
338 }
339
340 while(i < (raw_key_len -1))
341 {
342 hex_digit = g_ascii_xdigit_value(key[i]);
343 i++;
344 if (hex_digit == -1)
345 {
346 g_free(*ascii_key);
347 *ascii_key = NULL;
348 *err = g_strdup_printf("Key %s has an invalid hex char (%c)",
349 key, key[i-1]);
350 return -1; /* not a valid hex digit */
351 }
352 key_byte = ((guchar)hex_digit) << 4;
353 hex_digit = g_ascii_xdigit_value(key[i]);
354 i++;
355 if (hex_digit == -1)
356 {
357 g_free(*ascii_key);
358 *ascii_key = NULL;
359 *err = g_strdup_printf("Key %s has an invalid hex char (%c)", key, key[i-1]);
360 return -1; /* not a valid hex digit */
361 }
362 key_byte |= (guchar)hex_digit;
363 (*ascii_key)[j] = key_byte;
364 j++;
365 }
366 (*ascii_key)[j] = '\0';
367 }
368
369 else if((raw_key_len == 2) && (key[0] == '0') && ((key[1] == 'x') || (key[1] == 'X')))
370 {
371 /* A valid null key */
372 *ascii_key = NULL;
373 return 0;
374 }
375 else
376 {
377 /* Doesn't begin with 0X or 0x... */
378 key_len = raw_key_len;
379 *ascii_key = g_strdup(key);
380 }
381 }
382
383 return key_len;
384 }
385
386
uat_esp_sa_record_update_cb(void * r,char ** err)387 static gboolean uat_esp_sa_record_update_cb(void* r, char** err) {
388 uat_esp_sa_record_t* rec = (uat_esp_sa_record_t *)r;
389
390 /* Compute keys & lengths once and for all */
391 g_free(rec->encryption_key);
392 if (rec->cipher_hd_created) {
393 gcry_cipher_close(rec->cipher_hd);
394 rec->cipher_hd_created = FALSE;
395 }
396 if (rec->encryption_key_string) {
397 rec->encryption_key_length = compute_ascii_key(&rec->encryption_key, rec->encryption_key_string, err);
398 }
399 else {
400 rec->encryption_key_length = 0;
401 rec->encryption_key = NULL;
402 }
403
404 g_free(rec->authentication_key);
405 if (rec->authentication_key_string) {
406 rec->authentication_key_length = compute_ascii_key(&rec->authentication_key, rec->authentication_key_string, err);
407 }
408 else {
409 rec->authentication_key_length = 0;
410 rec->authentication_key = NULL;
411 }
412
413 /* TODO: Make sure IP addresses have a valid conversion */
414 /* Unfortunately, return value of get_full_ipv4_addr() or get_full_ipv6_addr() (depending upon rec->protocol)
415 is not sufficient */
416
417 /* TODO: check format of spi */
418
419 /* Return TRUE only if *err has not been set by checking code. */
420 return *err == NULL;
421 }
422
uat_esp_sa_record_copy_cb(void * n,const void * o,size_t siz _U_)423 static void* uat_esp_sa_record_copy_cb(void* n, const void* o, size_t siz _U_) {
424 uat_esp_sa_record_t* new_rec = (uat_esp_sa_record_t *)n;
425 const uat_esp_sa_record_t* old_rec = (const uat_esp_sa_record_t *)o;
426
427 /* Copy UAT fields */
428 new_rec->protocol = old_rec->protocol;
429 new_rec->srcIP = g_strdup(old_rec->srcIP);
430 new_rec->dstIP = g_strdup(old_rec->dstIP);
431 new_rec->spi = g_strdup(old_rec->spi);
432 new_rec->encryption_algo = old_rec->encryption_algo;
433 new_rec->encryption_key_string = g_strdup(old_rec->encryption_key_string);
434 new_rec->encryption_key = NULL;
435 new_rec->cipher_hd_created = FALSE;
436 new_rec->authentication_algo = old_rec->authentication_algo;
437 new_rec->authentication_key_string = g_strdup(old_rec->authentication_key_string);
438 new_rec->authentication_key = NULL;
439
440 /* Parse keys as in an update */
441 char *err = NULL;
442 uat_esp_sa_record_update_cb(new_rec, &err);
443 if (err) {
444 g_free(err);
445 }
446
447 return new_rec;
448 }
449
uat_esp_sa_record_free_cb(void * r)450 static void uat_esp_sa_record_free_cb(void*r) {
451 uat_esp_sa_record_t* rec = (uat_esp_sa_record_t*)r;
452
453 g_free(rec->srcIP);
454 g_free(rec->dstIP);
455 g_free(rec->spi);
456 g_free(rec->encryption_key_string);
457 g_free(rec->encryption_key);
458 g_free(rec->authentication_key_string);
459 g_free(rec->authentication_key);
460
461 if (rec->cipher_hd_created) {
462 gcry_cipher_close(rec->cipher_hd);
463 rec->cipher_hd_created = FALSE;
464 }
465 }
466
467 UAT_VS_DEF(uat_esp_sa_records, protocol, uat_esp_sa_record_t, guint8, IPSEC_SA_IPV4, "IPv4")
UAT_CSTRING_CB_DEF(uat_esp_sa_records,srcIP,uat_esp_sa_record_t)468 UAT_CSTRING_CB_DEF(uat_esp_sa_records, srcIP, uat_esp_sa_record_t)
469 UAT_CSTRING_CB_DEF(uat_esp_sa_records, dstIP, uat_esp_sa_record_t)
470 UAT_CSTRING_CB_DEF(uat_esp_sa_records, spi, uat_esp_sa_record_t)
471 UAT_VS_DEF(uat_esp_sa_records, encryption_algo, uat_esp_sa_record_t, guint8, 0, "FIXX")
472 UAT_CSTRING_CB_DEF(uat_esp_sa_records, encryption_key_string, uat_esp_sa_record_t)
473 UAT_VS_DEF(uat_esp_sa_records, authentication_algo, uat_esp_sa_record_t, guint8, 0, "FIXX")
474 UAT_CSTRING_CB_DEF(uat_esp_sa_records, authentication_key_string, uat_esp_sa_record_t)
475
476
477 /* Configure a new SA (programmatically, most likely from a private dissector).
478 The arguments here are deliberately in the same string formats as the UAT fields
479 in order to keep code paths common.
480 Note that an attempt to match with these entries will be made *before* entries
481 added through the UAT entry interface/file. */
482 void esp_sa_record_add_from_dissector(guint8 protocol, const gchar *srcIP, const char *dstIP,
483 gchar *spi,
484 guint8 encryption_algo, /* values from esp_encryption_type_vals */
485 const gchar *encryption_key,
486 guint8 authentication_algo, /* values from esp_authentication_type_vals */
487 const gchar *authentication_key)
488 {
489 uat_esp_sa_record_t* record = NULL;
490 if (extra_esp_sa_records.num_records == 0) {
491 extra_esp_sa_records.records = g_new(uat_esp_sa_record_t, MAX_EXTRA_SA_RECORDS);
492 }
493 /* Add new entry */
494 if (extra_esp_sa_records.num_records < MAX_EXTRA_SA_RECORDS) {
495 record = &extra_esp_sa_records.records[extra_esp_sa_records.num_records++];
496 }
497 else {
498 /* No room left!! */
499 REPORT_DISSECTOR_BUG("<IPsec/ESP Dissector> Failed to add UE as already have max (%d) configured\n",
500 MAX_EXTRA_SA_RECORDS);
501 return;
502 }
503
504 /* Copy key fields */
505 record->protocol = protocol;
506 record->srcIP = g_strdup(srcIP);
507 record->dstIP = g_strdup(dstIP);
508 record->spi = g_strdup(spi);
509
510 /* Encryption */
511 record->encryption_algo = encryption_algo;
512 record->encryption_key_string = g_strdup(encryption_key);
513 record->encryption_key = NULL;
514 record->cipher_hd_created = FALSE;
515
516 /* Authentication */
517 record->authentication_algo = authentication_algo;
518 record->authentication_key_string = g_strdup(authentication_key);
519 record->authentication_key = NULL;
520
521 /* Parse keys */
522 char *err = NULL;
523 uat_esp_sa_record_update_cb(record, &err);
524 if (err) {
525 /* Free (but ignore) any error string set */
526 g_free(err);
527 }
528 }
529
530 /*************************************/
531 /* Preference settings */
532
533 /* Default ESP payload decode to off */
534 static gboolean g_esp_enable_encryption_decode = FALSE;
535
536 /* Default ESP payload Authentication Checking to off */
537 static gboolean g_esp_enable_authentication_check = FALSE;
538
539 /**************************************************/
540 /* Sequence number analysis */
541
542 /* SPI state, key is just 32-bit SPI */
543 typedef struct
544 {
545 guint32 previousSequenceNumber;
546 guint32 previousFrameNum;
547 } spi_status;
548
549 /* The sequence analysis SPI hash table.
550 Maps SPI -> spi_status */
551 static wmem_map_t *esp_sequence_analysis_hash = NULL;
552
553 /* Results are stored here: framenum -> spi_status */
554 /* N.B. only store entries for out-of-order frames, if there is no entry for
555 a given frame, it was found to be in-order */
556 static wmem_map_t *esp_sequence_analysis_report_hash = NULL;
557
558 /* During the first pass, update the SPI state. If the sequence numbers
559 are out of order, add an entry to the report table */
check_esp_sequence_info(guint32 spi,guint32 sequence_number,packet_info * pinfo)560 static void check_esp_sequence_info(guint32 spi, guint32 sequence_number, packet_info *pinfo)
561 {
562 /* Do the table lookup */
563 spi_status *status = (spi_status*)wmem_map_lookup(esp_sequence_analysis_hash,
564 GUINT_TO_POINTER((guint)spi));
565 if (status == NULL) {
566 /* Create an entry for this SPI */
567 status = wmem_new0(wmem_file_scope(), spi_status);
568 status->previousSequenceNumber = sequence_number;
569 status->previousFrameNum = pinfo->num;
570
571 /* And add it to the table */
572 wmem_map_insert(esp_sequence_analysis_hash, GUINT_TO_POINTER((guint)spi), status);
573 }
574 else {
575 spi_status *frame_status;
576
577 /* Entry already existed, so check that we got the sequence number we expected. */
578 if (sequence_number != status->previousSequenceNumber+1) {
579 /* Create report entry */
580 frame_status = wmem_new0(wmem_file_scope(), spi_status);
581 /* Copy what was expected */
582 *frame_status = *status;
583 /* And add it into the report table */
584 wmem_map_insert(esp_sequence_analysis_report_hash, GUINT_TO_POINTER(pinfo->num), frame_status);
585 }
586 /* Adopt this setting as 'current' regardless of whether expected */
587 status->previousSequenceNumber = sequence_number;
588 status->previousFrameNum = pinfo->num;
589 }
590 }
591
592 /* Check to see if there is a report stored for this frame. If there is,
593 add it to the tree and report using expert info */
show_esp_sequence_info(guint32 spi,guint32 sequence_number,tvbuff_t * tvb,proto_tree * tree,packet_info * pinfo)594 static void show_esp_sequence_info(guint32 spi, guint32 sequence_number,
595 tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo)
596 {
597 /* Look up this frame in the report table. */
598 spi_status *status = (spi_status*)wmem_map_lookup(esp_sequence_analysis_report_hash,
599 GUINT_TO_POINTER(pinfo->num));
600 if (status != NULL) {
601 proto_item *sn_ti, *frame_ti;
602
603 /* Expected sequence number */
604 sn_ti = proto_tree_add_uint(tree, hf_esp_sequence_analysis_expected_sn,
605 tvb, 0, 0, status->previousSequenceNumber+1);
606 if (sequence_number > (status->previousSequenceNumber+1)) {
607 proto_item_append_text(sn_ti, " (%u SNs missing)",
608 sequence_number - (status->previousSequenceNumber+1));
609 }
610 proto_item_set_generated(sn_ti);
611
612 /* Link back to previous frame for SPI */
613 frame_ti = proto_tree_add_uint(tree, hf_esp_sequence_analysis_previous_frame,
614 tvb, 0, 0, status->previousFrameNum);
615 proto_item_set_generated(frame_ti);
616
617 /* Expert info */
618 if (sequence_number == status->previousSequenceNumber) {
619 expert_add_info_format(pinfo, sn_ti, &ei_esp_sequence_analysis_wrong_sequence_number,
620 "Wrong Sequence Number for SPI %08x - %u repeated",
621 spi, sequence_number);
622 }
623 else if (sequence_number > status->previousSequenceNumber+1) {
624 expert_add_info_format(pinfo, sn_ti, &ei_esp_sequence_analysis_wrong_sequence_number,
625 "Wrong Sequence Number for SPI %08x - %u missing",
626 spi,
627 sequence_number - (status->previousSequenceNumber+1));
628 }
629 else {
630 expert_add_info_format(pinfo, sn_ti, &ei_esp_sequence_analysis_wrong_sequence_number,
631 "Wrong Sequence Number for SPI %08x - %u less than expected",
632 spi,
633 (status->previousSequenceNumber+1) - sequence_number);
634 }
635 }
636 }
637
638 /*
639 Default ESP payload heuristic decode to off
640 (only works if payload is NULL encrypted and ESP payload decode is off or payload is NULL encrypted
641 and the packet does not match a Security Association).
642 */
643 static gboolean g_esp_enable_null_encryption_decode_heuristic = FALSE;
644
645 /* Default to doing ESP sequence analysis */
646 static gboolean g_esp_do_sequence_analysis = TRUE;
647
648
649
650 /*
651 Name : static int get_ipv6_suffix(char* ipv6_suffix, char *ipv6_address)
652 Description : Get the extended IPv6 Suffix of an IPv6 Address
653 Return : Return the number of char of the IPv6 address suffix parsed
654 Params:
655 - char *ipv6_address : the valid ipv6 address to parse in char *
656 - char *ipv6_suffix : the ipv6 suffix associated in char *
657
658 ex: if IPv6 address is "3ffe::1" the IPv6 suffix will be "0001" and the function will return 3
659 */
get_ipv6_suffix(char * ipv6_suffix,char * ipv6_address)660 static int get_ipv6_suffix(char* ipv6_suffix, char *ipv6_address)
661 {
662 char suffix[IPSEC_STRLEN_IPV6 + 1];
663 int cpt = 0;
664 int cpt_suffix = 0;
665 int cpt_seg = 0;
666 int j =0;
667 int ipv6_len = 0;
668 gboolean found = FALSE;
669
670 ipv6_len = (int) strlen(ipv6_address);
671 if(ipv6_len != 0)
672 {
673 while ( (cpt_suffix < IPSEC_STRLEN_IPV6) && (ipv6_len - cpt -1 >= 0) && (found == FALSE))
674 {
675 if(ipv6_address[ipv6_len - cpt - 1] == ':')
676 {
677 /* Add some 0 to the prefix; */
678 for(j = cpt_seg; j < 4; j++)
679 {
680 suffix[IPSEC_STRLEN_IPV6 -1 -cpt_suffix] = '0';
681 cpt_suffix ++;
682 }
683 cpt_seg = 0;
684
685 if(ipv6_len - cpt - 1 == 0)
686 {
687 /* Found a suffix */
688 found = TRUE;
689 }
690 else
691 if(ipv6_address[ipv6_len - cpt - 2] == ':')
692 {
693 /* found a suffix */
694 cpt +=2;
695 found = TRUE;
696 }
697
698 else
699 {
700 cpt++;
701 }
702 }
703 else
704 {
705 suffix[IPSEC_STRLEN_IPV6 -1 -cpt_suffix] = g_ascii_toupper(ipv6_address[ipv6_len - cpt - 1]);
706 cpt_seg ++;
707 cpt_suffix ++;
708 cpt++;
709 }
710 }
711
712 if(cpt_suffix % 4 != 0)
713 {
714 for(j = cpt_seg; j < 4; j++)
715 {
716 suffix[IPSEC_STRLEN_IPV6 -1 -cpt_suffix] = '0';
717 cpt_suffix ++;
718 }
719 }
720
721 }
722
723 for(j = 0 ; j < cpt_suffix ; j ++)
724 {
725 suffix[j] = suffix[j + IPSEC_STRLEN_IPV6 - cpt_suffix] ;
726 }
727
728 suffix[j] = '\0';
729 memcpy(ipv6_suffix,suffix,j + 1);
730 return cpt;
731 }
732
733 /*
734 Name : static int get_full_ipv6_addr(char* ipv6_addr_expanded, char *ipv6_addr)
735 Description : Get the extended IPv6 Address of an IPv6 Address
736 Return : Return the remaining number of char of the IPv6 address parsed
737 Params:
738 - char *ipv6_addr : the valid ipv6 address to parse in char *
739 - char *ipv6_addr_expanded : the expanded ipv6 address associated in char *
740
741 ex: if IPv6 address is "3ffe::1" the IPv6 expanded address
742 will be "3FFE0000000000000000000000000001" and the function will return 0
743 if IPV6 address is "3ffe::*" the IPv6 expanded address
744 will be "3FFE000000000000000000000000****" and the function will return 0
745 */
746 static int
get_full_ipv6_addr(char * ipv6_addr_expanded,char * ipv6_addr)747 get_full_ipv6_addr(char* ipv6_addr_expanded, char *ipv6_addr)
748 {
749 char suffix[IPSEC_STRLEN_IPV6 + 1];
750 char prefix[IPSEC_STRLEN_IPV6 + 1];
751 char *prefix_addr;
752
753 int suffix_cpt = 0;
754 int suffix_len = 0;
755 int prefix_remaining = 0;
756 int prefix_len = 0;
757 int j = 0;
758 guint i = 0;
759 guint addr_byte = 0;
760 guint mask = IPSEC_IPV6_ADDR_LEN;
761 char* mask_begin = NULL;
762
763
764 if((ipv6_addr == NULL) || (strcmp(ipv6_addr, "") == 0)) return -1;
765
766 memset(ipv6_addr_expanded, 0x0, IPSEC_STRLEN_IPV6);
767
768 mask_begin = strchr(ipv6_addr, '/');
769 if(mask_begin)
770 {
771 if(sscanf(mask_begin, "/%u", &mask) == EOF)
772 mask = IPSEC_IPV6_ADDR_LEN;
773 mask_begin[0] = '\0';
774 }
775
776 if((strlen(ipv6_addr) == 1) && (ipv6_addr[0] == IPSEC_SA_WILDCARDS_ANY))
777 {
778 for(j = 0; j < IPSEC_STRLEN_IPV6; j++)
779 {
780 ipv6_addr_expanded[j] = IPSEC_SA_WILDCARDS_ANY;
781 }
782 ipv6_addr_expanded[IPSEC_STRLEN_IPV6] = '\0';
783 return 0;
784 }
785
786 suffix_cpt = get_ipv6_suffix(suffix,ipv6_addr);
787 suffix_len = (int) strlen(suffix);
788
789 if(suffix_len < IPSEC_STRLEN_IPV6)
790 {
791 prefix_addr = wmem_strndup(wmem_packet_scope(), ipv6_addr,strlen(ipv6_addr) - suffix_cpt);
792 prefix_remaining = get_ipv6_suffix(prefix,prefix_addr);
793 prefix_len = (int) strlen(prefix);
794 memcpy(ipv6_addr_expanded,prefix,prefix_len);
795 }
796
797
798 for(j = 0; j <= IPSEC_STRLEN_IPV6 - prefix_len - suffix_len; j++)
799 {
800 ipv6_addr_expanded[j + prefix_len] = '0';
801 }
802
803 memcpy(ipv6_addr_expanded + IPSEC_STRLEN_IPV6 - suffix_len, suffix,suffix_len + 1);
804
805 for(i = 0; i < IPSEC_STRLEN_IPV6; i++)
806 {
807 if(4 * (i + 1) > mask)
808 {
809 if(mask <= 4 * i || ipv6_addr_expanded[i] == '*')
810 ipv6_addr_expanded[i] = '*';
811 else {
812 if(sscanf(ipv6_addr_expanded + i, "%X", &addr_byte) == EOF)
813 break;
814 addr_byte &= (0x0F << (4 * (i + 1) - mask));
815 addr_byte &= 0x0F;
816 g_snprintf(ipv6_addr_expanded + i, 4, "%X", addr_byte);
817 }
818 }
819 }
820
821 if(suffix_len < IPSEC_STRLEN_IPV6)
822 return (int) strlen(ipv6_addr) - suffix_cpt - prefix_remaining;
823 else
824 return (int) strlen(ipv6_addr) - suffix_cpt;
825 }
826
827
828 /*
829 Name : static gboolean get_full_ipv4_addr(char* ipv4_addr_expanded, char *ipv4_addr)
830 Description : Get the extended IPv4 Address of an IPv4 Address
831 Return : Return true if it can derive an IPv4 address. It does not mean that
832 the previous one was valid.
833 Params:
834 - char *ipv4_addr : the valid ipv4 address to parse in char *
835 - char *ipv4_addr_expanded : the expanded ipv4 address associated in char *
836
837 ex: if IPv4 address is "190.*.*.1" the IPv4 expanded address will be "BE****01" and
838 the function will return 0
839 if IPv4 address is "*" the IPv4 expanded address will be "********" and
840 the function will return 0
841 */
842 static gboolean
get_full_ipv4_addr(char * ipv4_address_expanded,char * ipv4_address)843 get_full_ipv4_addr(char* ipv4_address_expanded, char *ipv4_address)
844 {
845 char addr_byte_string_tmp[4];
846 char addr_byte_string[4];
847
848 guint addr_byte = 0;
849 guint i = 0;
850 guint j = 0;
851 guint k = 0;
852 guint cpt = 0;
853 gboolean done_flag = FALSE;
854 guint mask = IPSEC_IPV4_ADDR_LEN;
855 char* mask_begin = NULL;
856
857 if((ipv4_address == NULL) || (strcmp(ipv4_address, "") == 0)) return done_flag;
858
859 mask_begin = strchr(ipv4_address, '/');
860 if(mask_begin)
861 {
862 if(sscanf(mask_begin, "/%u", &mask) == EOF)
863 mask = IPSEC_IPV4_ADDR_LEN;
864 mask_begin[0] = '\0';
865 }
866
867 if((strlen(ipv4_address) == 1) && (ipv4_address[0] == IPSEC_SA_WILDCARDS_ANY))
868 {
869 for(i = 0; i <= IPSEC_STRLEN_IPV4; i++)
870 {
871 ipv4_address_expanded[i] = IPSEC_SA_WILDCARDS_ANY;
872 }
873 ipv4_address_expanded[IPSEC_STRLEN_IPV4] = '\0';
874 done_flag = TRUE;
875 }
876
877 else {
878 j = 0;
879 cpt = 0;
880 k = 0;
881 while((done_flag == FALSE) && (j <= strlen(ipv4_address)) && (cpt < IPSEC_STRLEN_IPV4))
882 {
883 if(j == strlen(ipv4_address))
884 {
885 addr_byte_string_tmp[k] = '\0';
886 if((strlen(addr_byte_string_tmp) == 1) && (addr_byte_string_tmp[0] == IPSEC_SA_WILDCARDS_ANY))
887 {
888 for(i = 0; i < 2; i++)
889 {
890 ipv4_address_expanded[cpt] = IPSEC_SA_WILDCARDS_ANY;
891 cpt ++;
892 }
893 }
894 else
895 {
896 if (sscanf(addr_byte_string_tmp,"%u",&addr_byte) == EOF)
897 return FALSE;
898
899 if(addr_byte < 16)
900 g_snprintf(addr_byte_string,4,"0%X",addr_byte);
901 else
902 g_snprintf(addr_byte_string,4,"%X",addr_byte);
903 for(i = 0; i < strlen(addr_byte_string); i++)
904 {
905 ipv4_address_expanded[cpt] = addr_byte_string[i];
906 cpt ++;
907 }
908 }
909 done_flag = TRUE;
910 }
911
912 else if(ipv4_address[j] == '.')
913 {
914 addr_byte_string_tmp[k] = '\0';
915 if((strlen(addr_byte_string_tmp) == 1) && (addr_byte_string_tmp[0] == IPSEC_SA_WILDCARDS_ANY))
916 {
917 for(i = 0; i < 2; i++)
918 {
919 ipv4_address_expanded[cpt] = IPSEC_SA_WILDCARDS_ANY;
920 cpt ++;
921 }
922 }
923 else
924 {
925 if (sscanf(addr_byte_string_tmp,"%u",&addr_byte) == EOF)
926 return FALSE;
927
928 if(addr_byte < 16)
929 g_snprintf(addr_byte_string,4,"0%X",addr_byte);
930 else
931 g_snprintf(addr_byte_string,4,"%X",addr_byte);
932 for(i = 0; i < strlen(addr_byte_string); i++)
933 {
934 ipv4_address_expanded[cpt] = addr_byte_string[i];
935 cpt ++;
936 }
937 }
938 k = 0;
939 j++;
940 }
941 else
942 {
943 if(k >= 3)
944 {
945 /* Incorrect IPv4 Address. Erase previous Values in the Byte. (LRU mechanism) */
946 addr_byte_string_tmp[0] = ipv4_address[j];
947 k = 1;
948 j++;
949 }
950 else
951 {
952 addr_byte_string_tmp[k] = ipv4_address[j];
953 k++;
954 j++;
955 }
956 }
957
958 }
959
960 for(i = 0; i < IPSEC_STRLEN_IPV4; i++)
961 {
962 if(4 * (i + 1) > mask)
963 {
964 if(mask <= 4 * i || ipv4_address_expanded[i] == '*')
965 ipv4_address_expanded[i] = '*';
966 else {
967 if(sscanf(ipv4_address_expanded + i, "%X", &addr_byte) == EOF)
968 return FALSE;
969 addr_byte &= (0x0F << (4 * (i + 1) - mask));
970 addr_byte &= 0x0F;
971 g_snprintf(ipv4_address_expanded + i, 4, "%X", addr_byte);
972 }
973 }
974 }
975 ipv4_address_expanded[cpt] = '\0';
976 }
977
978 return done_flag;
979 }
980
981 /*
982 Name : static goolean filter_address_match(gchar *addr, gchar *filter, gint len, gint typ)
983 Description : check the matching of an address with a filter
984 Return : Return TRUE if the filter and the address match
985 Params:
986 - gchar *addr : the address to check
987 - gchar *filter : the filter
988 - gint typ : the Address type : either IPv6 or IPv4 (IPSEC_SA_IPV6, IPSEC_SA_IPV4)
989 */
990 static gboolean
filter_address_match(gchar * addr,gchar * filter,gint typ)991 filter_address_match(gchar *addr, gchar *filter, gint typ)
992 {
993 guint i;
994 char addr_hex[IPSEC_STRLEN_IPV6 + 1];
995 char filter_hex[IPSEC_STRLEN_IPV6 + 1];
996 guint addr_len;
997 guint filter_len;
998
999 if (typ == IPSEC_SA_IPV4) {
1000 if (!get_full_ipv4_addr(addr_hex, addr))
1001 return FALSE;
1002 if (!get_full_ipv4_addr(filter_hex, filter))
1003 return FALSE;
1004 } else {
1005 if (get_full_ipv6_addr(addr_hex, addr))
1006 return FALSE;
1007 if (get_full_ipv6_addr(filter_hex, filter))
1008 return FALSE;
1009 }
1010
1011 addr_len = (guint)strlen(addr_hex);
1012 filter_len = (guint)strlen(filter_hex);
1013
1014 if((filter_len == 1) && (filter[0] == IPSEC_SA_WILDCARDS_ANY)){
1015 return TRUE;
1016 }
1017
1018 if(addr_len != filter_len)
1019 return FALSE;
1020
1021 /* No length specified */
1022 if( ((typ == IPSEC_SA_IPV6) && (filter_len == IPSEC_STRLEN_IPV6)) ||
1023 ((typ == IPSEC_SA_IPV4) && (filter_len == IPSEC_STRLEN_IPV4)))
1024 {
1025 /* Check byte by byte ... */
1026 for(i = 0; i < addr_len; i++)
1027 {
1028 if((filter_hex[i] != IPSEC_SA_WILDCARDS_ANY) && (filter_hex[i] != addr_hex[i]))
1029 return FALSE;
1030 }
1031 return TRUE;
1032 }
1033 else
1034 return FALSE;
1035 return TRUE;
1036
1037 }
1038
1039
1040 /*
1041 Name : static goolean filter_spi_match(gchar *spi, gchar *filter)
1042 Description : check the matching of a spi with a filter
1043 Return : Return TRUE if the filter matches the spi.
1044 Params:
1045 - guint spi : the spi to check
1046 - gchar *filter : the filter
1047 */
1048 static gboolean
filter_spi_match(guint spi,gchar * filter)1049 filter_spi_match(guint spi, gchar *filter)
1050 {
1051 guint i;
1052 guint filter_len = (guint)strlen(filter);
1053
1054 /* "*" matches against anything */
1055 if((filter_len == 1) && (filter[0] == IPSEC_SA_WILDCARDS_ANY))
1056 return TRUE;
1057
1058 /* If the filter has a wildcard, treat SPI as a string */
1059 if (strchr(filter, IPSEC_SA_WILDCARDS_ANY) != NULL) {
1060 gchar spi_string[IPSEC_SPI_LEN_MAX];
1061
1062 g_snprintf(spi_string, IPSEC_SPI_LEN_MAX,"0x%08x", spi);
1063
1064 /* Lengths need to match exactly... */
1065 if(strlen(spi_string) != filter_len)
1066 return FALSE;
1067
1068 /* ... which means '*' can only appear in the last position of the filter? */
1069 /* Start at 2, don't compare "0x" each time */
1070 for(i = 2; filter[i]; i++)
1071 if((filter[i] != IPSEC_SA_WILDCARDS_ANY) && (filter[i] != spi_string[i]))
1072 return FALSE;
1073 } else if (strtoul(filter, NULL, 0) != spi) {
1074 return FALSE;
1075 }
1076 return TRUE;
1077 }
1078
1079
1080 /*
1081 Name : static goolean get_esp_sa(g_esp_sa_database *sad, gint protocol_typ, gchar *src, gchar *dst, guint spi,
1082 gint *encryption_algo,
1083 gint *authentication_algo,
1084 gchar **encryption_key,
1085 guint *encryption_key_len,
1086 gchar **authentication_key,
1087 guint *authentication_key_len,
1088 gcry_cipher_hd_t **cipher_hd,
1089 gboolean **cipher_hd_created
1090
1091 Description : Give Encryption Algo, Key and Authentication Algo for a Packet if a corresponding SA is available in a Security Association database
1092 Return: If the SA is not present, FALSE is then returned.
1093 Params:
1094 - g_esp_sa_database *sad : the Security Association Database
1095 - gint *pt_protocol_typ : the protocol type
1096 - gchar *src : the source address
1097 - gchar *dst : the destination address
1098 - gchar *spi : the spi of the SA
1099 - gint *encryption_algo : the Encryption Algorithm to apply the packet
1100 - gint *authentication_algo : the Authentication Algorithm to apply to the packet
1101 - gchar **encryption_key : the Encryption Key to apply to the packet
1102 - guint *encryption_key_len : the Encryption Key length to apply to the packet
1103 - gchar **authentication_key : the Authentication Key to apply to the packet
1104 - guint *authentication_key_len : the Authentication Key len to apply to the packet
1105 - gcry_cipher_hd_t **cipher_hd : pointer handle to be used for ciphering
1106 - gboolean **cipher_hd_created: points to boolean indicating that cipher handle has
1107 been created. If FALSE, should assign handle to
1108 *cipher_hd and set this to TRUE.
1109
1110 */
1111 static gboolean
get_esp_sa(gint protocol_typ,gchar * src,gchar * dst,guint spi,gint * encryption_algo,gint * authentication_algo,gchar ** encryption_key,guint * encryption_key_len,gchar ** authentication_key,guint * authentication_key_len,gcry_cipher_hd_t ** cipher_hd,gboolean ** cipher_hd_created)1112 get_esp_sa(gint protocol_typ, gchar *src, gchar *dst, guint spi,
1113 gint *encryption_algo,
1114 gint *authentication_algo,
1115 gchar **encryption_key,
1116 guint *encryption_key_len,
1117 gchar **authentication_key,
1118 guint *authentication_key_len,
1119 gcry_cipher_hd_t **cipher_hd,
1120 gboolean **cipher_hd_created
1121 )
1122 {
1123 gboolean found = FALSE;
1124 guint i, j;
1125
1126 *cipher_hd = NULL;
1127 *cipher_hd_created = NULL;
1128
1129 /* Check each known SA in turn */
1130 for (i = 0, j=0; (found == FALSE) && ((i < num_sa_uat) || (j < extra_esp_sa_records.num_records)); )
1131 {
1132 /* Get the next record to try */
1133 uat_esp_sa_record_t *record;
1134 if (j < extra_esp_sa_records.num_records) {
1135 /* Extra ones checked first */
1136 record = &extra_esp_sa_records.records[j++];
1137 }
1138 else {
1139 /* Then UAT ones */
1140 record = &uat_esp_sa_records[i++];
1141 }
1142
1143 if((protocol_typ == record->protocol)
1144 && filter_address_match(src, record->srcIP, protocol_typ)
1145 && filter_address_match(dst, record->dstIP, protocol_typ)
1146 && filter_spi_match(spi, record->spi))
1147 {
1148 found = TRUE;
1149
1150 *encryption_algo = record->encryption_algo;
1151 *authentication_algo = record->authentication_algo;
1152 *authentication_key = record->authentication_key;
1153 if (record->authentication_key_length == -1)
1154 {
1155 /* Bad key; XXX - report this */
1156 *authentication_key_len = 0;
1157 found = FALSE;
1158 }
1159 else {
1160 *authentication_key_len = record->authentication_key_length;
1161 }
1162
1163 *encryption_key = record->encryption_key;
1164 if (record->encryption_key_length == -1)
1165 {
1166 /* Bad key; XXX - report this */
1167 *encryption_key_len = 0;
1168 found = FALSE;
1169 }
1170 else {
1171 *encryption_key_len = record->encryption_key_length;
1172 }
1173
1174 /* Tell the caller whether cipher_hd has been created yet and a pointer.
1175 Pass pointer to created flag so that caller can set if/when
1176 it opens the cipher_hd. */
1177 *cipher_hd = &record->cipher_hd;
1178 *cipher_hd_created = &record->cipher_hd_created;
1179 }
1180 }
1181
1182 return found;
1183 }
1184
ah_prompt(packet_info * pinfo,gchar * result)1185 static void ah_prompt(packet_info *pinfo, gchar *result)
1186 {
1187 g_snprintf(result, MAX_DECODE_AS_PROMPT_LEN, "IP protocol %u as",
1188 GPOINTER_TO_UINT(p_get_proto_data(pinfo->pool, pinfo, proto_ah, pinfo->curr_layer_num)));
1189 }
1190
ah_value(packet_info * pinfo)1191 static gpointer ah_value(packet_info *pinfo)
1192 {
1193 return p_get_proto_data(pinfo->pool, pinfo, proto_ah, pinfo->curr_layer_num);
1194 }
1195
1196 static void
export_ipsec_pdu(dissector_handle_t dissector_handle,packet_info * pinfo,tvbuff_t * tvb)1197 export_ipsec_pdu(dissector_handle_t dissector_handle, packet_info *pinfo, tvbuff_t *tvb)
1198 {
1199 if (have_tap_listener(exported_pdu_tap)) {
1200 exp_pdu_data_t *exp_pdu_data = export_pdu_create_common_tags(pinfo, dissector_handle_get_dissector_name(dissector_handle), EXP_PDU_TAG_PROTO_NAME);
1201
1202 exp_pdu_data->tvb_captured_length = tvb_captured_length(tvb);
1203 exp_pdu_data->tvb_reported_length = tvb_reported_length(tvb);
1204 exp_pdu_data->pdu_tvb = tvb;
1205
1206 tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data);
1207 }
1208 }
1209
1210 static gboolean
capture_ah(const guchar * pd,int offset,int len,capture_packet_info_t * cpinfo,const union wtap_pseudo_header * pseudo_header)1211 capture_ah(const guchar *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header)
1212 {
1213 guint8 nxt;
1214 int advance;
1215
1216 if (!BYTES_ARE_IN_FRAME(offset, len, 2))
1217 return FALSE;
1218 nxt = pd[offset];
1219 advance = 8 + ((pd[offset+1] - 1) << 2);
1220 if (!BYTES_ARE_IN_FRAME(offset, len, advance))
1221 return FALSE;
1222 offset += advance;
1223
1224 return try_capture_dissector("ip.proto", nxt, pd, offset, len, cpinfo, pseudo_header);
1225 }
1226
1227 static int
dissect_ah(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data)1228 dissect_ah(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
1229 {
1230 proto_tree *ah_tree, *root_tree;
1231 proto_item *pi, *ti;
1232 guint ah_nxt; /* Next header */
1233 guint8 ah_len; /* Length of header in 32bit words minus 2 */
1234 guint ah_hdr_len; /* Length of header in octets */
1235 guint ah_icv_len; /* Length of ICV header field in octets */
1236 guint32 ah_spi; /* Security parameter index */
1237 tvbuff_t *next_tvb;
1238 dissector_handle_t dissector_handle;
1239 guint32 saved_match_uint;
1240
1241 col_set_str(pinfo->cinfo, COL_PROTOCOL, "AH");
1242 col_clear(pinfo->cinfo, COL_INFO);
1243
1244 ah_nxt = tvb_get_guint8(tvb, 0);
1245 ah_len = tvb_get_guint8(tvb, 1);
1246 ah_hdr_len = (ah_len + 2) * 4;
1247 ah_icv_len = ah_len ? (ah_len - 1) * 4 : 0;
1248
1249 root_tree = p_ipv6_pinfo_select_root(pinfo, tree);
1250 p_ipv6_pinfo_add_len(pinfo, ah_hdr_len);
1251
1252 pi = proto_tree_add_item(root_tree, proto_ah, tvb, 0, -1, ENC_NA);
1253 ah_tree = proto_item_add_subtree(pi, ett_ah);
1254
1255 proto_tree_add_item(ah_tree, hf_ah_next_header, tvb, 0, 1, ENC_BIG_ENDIAN);
1256 ti = proto_tree_add_item(ah_tree, hf_ah_length, tvb, 1, 1, ENC_BIG_ENDIAN);
1257 proto_item_append_text(ti, " (%u bytes)", ah_hdr_len);
1258 proto_tree_add_item(ah_tree, hf_ah_reserved, tvb, 2, 2, ENC_NA);
1259 proto_tree_add_item_ret_uint(ah_tree, hf_ah_spi, tvb, 4, 4, ENC_BIG_ENDIAN, &ah_spi);
1260
1261 col_add_fstr(pinfo->cinfo, COL_INFO, "AH (SPI=0x%08x)", ah_spi);
1262
1263 proto_tree_add_item(ah_tree, hf_ah_sequence, tvb, 8, 4, ENC_BIG_ENDIAN);
1264 proto_tree_add_item(ah_tree, hf_ah_iv, tvb, 12, ah_icv_len, ENC_NA);
1265
1266 proto_item_set_len(pi, ah_hdr_len);
1267
1268 /* Save next header value for Decode As dialog */
1269 p_add_proto_data(pinfo->pool, pinfo, proto_ah,
1270 pinfo->curr_layer_num, GUINT_TO_POINTER(ah_nxt));
1271
1272 next_tvb = tvb_new_subset_remaining(tvb, ah_hdr_len);
1273
1274 if (pinfo->dst.type == AT_IPv6) {
1275 ipv6_dissect_next(ah_nxt, next_tvb, pinfo, tree, (ws_ip6 *)data);
1276 } else {
1277 /* do lookup with the subdissector table */
1278 saved_match_uint = pinfo->match_uint;
1279 dissector_handle = dissector_get_uint_handle(ip_dissector_table, ah_nxt);
1280 if (dissector_handle) {
1281 pinfo->match_uint = ah_nxt;
1282 } else {
1283 dissector_handle = data_handle;
1284 }
1285 export_ipsec_pdu(dissector_handle, pinfo, next_tvb);
1286 call_dissector(dissector_handle, next_tvb, pinfo, tree);
1287 pinfo->match_uint = saved_match_uint;
1288 }
1289 return tvb_captured_length(tvb);
1290 }
1291
1292 static int
dissect_esp(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data _U_)1293 dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
1294 {
1295 proto_tree *esp_tree = NULL, *decr_tree = NULL, *icv_tree = NULL;
1296 proto_item *item = NULL;
1297 proto_item *iv_item = NULL, *encr_data_item = NULL, *icv_item = NULL;
1298
1299 /* Packet Variables related */
1300 gchar *ip_src = NULL;
1301 gchar *ip_dst = NULL;
1302
1303 guint32 spi = 0;
1304 guint encapsulated_protocol = 0;
1305 gboolean decrypt_dissect_ok = FALSE;
1306 tvbuff_t *next_tvb;
1307 dissector_handle_t dissector_handle;
1308 guint32 saved_match_uint;
1309
1310 gboolean null_encryption_decode_heuristic = FALSE;
1311 guint8 *esp_iv = NULL;
1312 guint8 *esp_encr_data = NULL;
1313 guint8 *esp_decr_data = NULL;
1314 guint8 *esp_icv = NULL;
1315 tvbuff_t *tvb_decrypted = NULL;
1316
1317 /* IPSEC encryption Variables related */
1318 gint protocol_typ = IPSEC_SA_UNKNOWN;
1319 gint esp_encr_algo = IPSEC_ENCRYPT_NULL;
1320 gint esp_auth_algo = IPSEC_AUTH_NULL;
1321 gint icv_type = ICV_TYPE_UNCHECKED;
1322 gchar *esp_encr_key = NULL;
1323 gchar *esp_auth_key = NULL;
1324 guint esp_encr_key_len = 0;
1325 guint esp_auth_key_len = 0;
1326 gcry_cipher_hd_t *cipher_hd;
1327 gboolean *cipher_hd_created;
1328
1329 gint offset = 0;
1330 gint esp_packet_len = 0;
1331 gint esp_iv_len = 0;
1332 gint esp_block_len = 0;
1333 gint esp_encr_data_len = 0;
1334 gint esp_decr_data_len = 0;
1335 gint esp_icv_len = 0;
1336 gint esp_salt_len = 0;
1337 gboolean decrypt_ok = FALSE;
1338 gboolean decrypt_using_libgcrypt = FALSE;
1339 gboolean icv_checked = FALSE;
1340 gboolean icv_correct = FALSE;
1341 gboolean sad_is_present = FALSE;
1342 gint esp_pad_len = 0;
1343
1344
1345 /* Variables for decryption and authentication checking used for libgrypt */
1346 gcry_md_hd_t md_hd;
1347 int md_len = 0;
1348 gcry_error_t err = 0;
1349 int crypt_algo_libgcrypt = 0;
1350 int crypt_mode_libgcrypt = 0;
1351 int auth_algo_libgcrypt = 0;
1352 gchar *esp_icv_expected = NULL; /* as readable hex string, for error messages */
1353 unsigned char ctr_block[16];
1354
1355
1356 guint32 sequence_number;
1357
1358 /*
1359 * load the top pane info. This should be overwritten by
1360 * the next protocol in the stack
1361 */
1362
1363 col_set_str(pinfo->cinfo, COL_PROTOCOL, "ESP");
1364 col_clear(pinfo->cinfo, COL_INFO);
1365
1366 /*
1367 * populate a tree in the second pane with the status of the link layer
1368 * (ie none)
1369 */
1370 item = proto_tree_add_item(tree, proto_esp, tvb, 0, -1, ENC_NA);
1371 esp_tree = proto_item_add_subtree(item, ett_esp);
1372 proto_tree_add_item_ret_uint(esp_tree, hf_esp_spi, tvb,
1373 0, 4, ENC_BIG_ENDIAN, &spi);
1374 proto_tree_add_item_ret_uint(esp_tree, hf_esp_sequence, tvb,
1375 4, 4, ENC_BIG_ENDIAN, &sequence_number);
1376
1377 col_add_fstr(pinfo->cinfo, COL_INFO, "ESP (SPI=0x%08x)", spi);
1378
1379 /* Sequence number analysis */
1380 if (g_esp_do_sequence_analysis) {
1381 if (!pinfo->fd->visited) {
1382 check_esp_sequence_info(spi, sequence_number, pinfo);
1383 }
1384 show_esp_sequence_info(spi, sequence_number,
1385 tvb, esp_tree, pinfo);
1386 }
1387
1388 esp_packet_len = tvb_reported_length(tvb);
1389
1390 /* Get length of remaining ESP packet (without the header) */
1391 esp_encr_data_len = esp_packet_len - ESP_HEADER_LEN;
1392 if (esp_encr_data_len <= 0)
1393 return tvb_captured_length(tvb);
1394
1395 offset = ESP_HEADER_LEN;
1396
1397 /* The SAD is not activated */
1398 if(g_esp_enable_null_encryption_decode_heuristic &&
1399 !g_esp_enable_encryption_decode)
1400 null_encryption_decode_heuristic = TRUE;
1401
1402 if(g_esp_enable_encryption_decode || g_esp_enable_authentication_check)
1403 {
1404 /* Get Source & Destination Addresses in gchar * with all the bytes available. */
1405
1406 if (pinfo->src.type == AT_IPv4){
1407 protocol_typ = IPSEC_SA_IPV4;
1408 }else if (pinfo->src.type == AT_IPv6){
1409 protocol_typ = IPSEC_SA_IPV6;
1410 }
1411
1412 /* Create strings for src, dst addresses */
1413 ip_src = address_to_str(wmem_packet_scope(), &pinfo->src);
1414 ip_dst = address_to_str(wmem_packet_scope(), &pinfo->dst);
1415
1416 /* Get the SPI */
1417 if (tvb_captured_length(tvb) >= 4)
1418 {
1419 spi = tvb_get_ntohl(tvb, 0);
1420 }
1421
1422
1423 /*
1424 PARSE the SAD and fill it. It may take some time since it will
1425 be called every times an ESP Payload is found.
1426 */
1427
1428 if((sad_is_present = get_esp_sa(protocol_typ, ip_src, ip_dst, spi,
1429 &esp_encr_algo, &esp_auth_algo,
1430 &esp_encr_key, &esp_encr_key_len, &esp_auth_key, &esp_auth_key_len,
1431 &cipher_hd, &cipher_hd_created)))
1432 {
1433
1434 switch(esp_auth_algo)
1435 {
1436 case IPSEC_AUTH_NULL:
1437 esp_icv_len = 0;
1438 break;
1439
1440 case IPSEC_AUTH_ANY_64BIT:
1441 esp_icv_len = 8;
1442 break;
1443
1444 case IPSEC_AUTH_HMAC_SHA256_128:
1445 case IPSEC_AUTH_ANY_128BIT:
1446 esp_icv_len = 16;
1447 break;
1448
1449 case IPSEC_AUTH_HMAC_SHA512_256:
1450 case IPSEC_AUTH_ANY_256BIT:
1451 esp_icv_len = 32;
1452 break;
1453
1454 case IPSEC_AUTH_HMAC_SHA384_192:
1455 case IPSEC_AUTH_ANY_192BIT:
1456 esp_icv_len = 24;
1457 break;
1458
1459 case IPSEC_AUTH_HMAC_SHA1_96:
1460 case IPSEC_AUTH_HMAC_SHA256_96:
1461 /* case IPSEC_AUTH_AES_XCBC_MAC_96: */
1462 case IPSEC_AUTH_HMAC_MD5_96:
1463 case IPSEC_AUTH_HMAC_RIPEMD160_96:
1464 case IPSEC_AUTH_ANY_96BIT:
1465 default:
1466 esp_icv_len = 12;
1467 break;
1468 }
1469
1470 switch(esp_encr_algo)
1471 {
1472 case IPSEC_ENCRYPT_AES_GCM_8:
1473 esp_encr_algo = IPSEC_ENCRYPT_AES_GCM;
1474 esp_icv_len = 8;
1475 break;
1476
1477 case IPSEC_ENCRYPT_AES_GCM_12:
1478 esp_encr_algo = IPSEC_ENCRYPT_AES_GCM;
1479 esp_icv_len = 12;
1480 break;
1481
1482 case IPSEC_ENCRYPT_AES_GCM_16:
1483 esp_encr_algo = IPSEC_ENCRYPT_AES_GCM;
1484 esp_icv_len = 16;
1485 break;
1486
1487 case IPSEC_ENCRYPT_AES_GCM:
1488 esp_icv_len = 0;
1489 }
1490
1491 if(g_esp_enable_authentication_check)
1492 {
1493 switch(esp_auth_algo)
1494 {
1495 case IPSEC_AUTH_HMAC_SHA1_96:
1496 /*
1497 RFC 2404 : HMAC-SHA-1-96 is a secret key algorithm.
1498 While no fixed key length is specified in [RFC-2104],
1499 for use with either ESP or AH a fixed key length of
1500 160-bits MUST be supported. Key lengths other than
1501 160-bits MUST NOT be supported (i.e. only 160-bit keys
1502 are to be used by HMAC-SHA-1-96). A key length of
1503 160-bits was chosen based on the recommendations in
1504 [RFC-2104] (i.e. key lengths less than the
1505 authentication length decrease security strength and
1506 keys longer than the authentication length do not
1507 significantly increase security strength).
1508 */
1509 auth_algo_libgcrypt = GCRY_MD_SHA1;
1510 icv_type = ICV_TYPE_HMAC;
1511 break;
1512
1513 case IPSEC_AUTH_NULL:
1514 break;
1515
1516 /*
1517 case IPSEC_AUTH_AES_XCBC_MAC_96:
1518 auth_algo_libgcrypt =
1519 authentication_check_using_libgcrypt = TRUE;
1520 break;
1521 */
1522
1523 case IPSEC_AUTH_HMAC_SHA256_96:
1524 case IPSEC_AUTH_HMAC_SHA256_128:
1525 auth_algo_libgcrypt = GCRY_MD_SHA256;
1526 icv_type = ICV_TYPE_HMAC;
1527 break;
1528
1529 case IPSEC_AUTH_HMAC_SHA384_192:
1530 auth_algo_libgcrypt = GCRY_MD_SHA384;
1531 icv_type = ICV_TYPE_HMAC;
1532 break;
1533
1534 case IPSEC_AUTH_HMAC_SHA512_256:
1535 auth_algo_libgcrypt = GCRY_MD_SHA512;
1536 icv_type = ICV_TYPE_HMAC;
1537 break;
1538
1539 case IPSEC_AUTH_HMAC_MD5_96:
1540 /*
1541 RFC 2403 : HMAC-MD5-96 is a secret key algorithm.
1542 While no fixed key length is specified in [RFC-2104],
1543 for use with either ESP or AH a fixed key length of
1544 128-bits MUST be supported. Key lengths other than
1545 128-bits MUST NOT be supported (i.e. only 128-bit keys
1546 are to be used by HMAC-MD5-96). A key length of
1547 128-bits was chosen based on the recommendations in
1548 [RFC-2104] (i.e. key lengths less than the
1549 authentication code length decrease security strength and
1550 keys longer than the authentication code length do not
1551 significantly increase security strength).
1552 */
1553 auth_algo_libgcrypt = GCRY_MD_MD5;
1554 icv_type = ICV_TYPE_HMAC;
1555 break;
1556
1557 case IPSEC_AUTH_HMAC_RIPEMD160_96:
1558 /*
1559 RFC 2857 : HMAC-RIPEMD-160-96 produces a 160-bit
1560 authentication code. This 160-bit value can be
1561 truncated as described in RFC2104. For use with
1562 either ESP or AH, a truncated value using the first
1563 96 bits MUST be supported.
1564 */
1565 auth_algo_libgcrypt = GCRY_MD_RMD160;
1566 icv_type = ICV_TYPE_HMAC;
1567 break;
1568
1569 case IPSEC_AUTH_ANY_64BIT:
1570 case IPSEC_AUTH_ANY_96BIT:
1571 case IPSEC_AUTH_ANY_128BIT:
1572 case IPSEC_AUTH_ANY_192BIT:
1573 case IPSEC_AUTH_ANY_256BIT:
1574 default:
1575 break;
1576 }
1577
1578 if(icv_type == ICV_TYPE_HMAC)
1579 {
1580 /* Allocate buffer for ICV */
1581 esp_icv = (guint8 *)tvb_memdup(wmem_packet_scope(), tvb, esp_packet_len - esp_icv_len, esp_icv_len);
1582
1583 err = gcry_md_open (&md_hd, auth_algo_libgcrypt, GCRY_MD_FLAG_HMAC);
1584 if (err)
1585 {
1586 gcry_md_close(md_hd);
1587 REPORT_DISSECTOR_BUG("<IPsec/ESP Dissector> Error in Algorithm %s, gcry_md_open failed: %s\n",
1588 gcry_md_algo_name(auth_algo_libgcrypt), gcry_strerror(err));
1589 }
1590 else
1591 {
1592 md_len = gcry_md_get_algo_dlen (auth_algo_libgcrypt);
1593 if (md_len < 1 || md_len < esp_icv_len)
1594 {
1595 gcry_md_close(md_hd);
1596 REPORT_DISSECTOR_BUG("<IPsec/ESP Dissector> Error in Algorithm %s, grcy_md_get_algo_dlen failed: %d\n",
1597 gcry_md_algo_name(auth_algo_libgcrypt), md_len);
1598 }
1599 else
1600 {
1601 unsigned char *esp_icv_computed;
1602
1603 gcry_md_setkey( md_hd, esp_auth_key, esp_auth_key_len );
1604
1605 gcry_md_write (md_hd, tvb_get_ptr(tvb, 0, esp_packet_len - esp_icv_len), esp_packet_len - esp_icv_len);
1606
1607 esp_icv_computed = gcry_md_read (md_hd, auth_algo_libgcrypt);
1608 if (esp_icv_computed == 0)
1609 {
1610 gcry_md_close(md_hd);
1611 REPORT_DISSECTOR_BUG("<IPsec/ESP Dissector> Error in Algorithm %s, gcry_md_read failed\n",
1612 gcry_md_algo_name(auth_algo_libgcrypt));
1613 }
1614
1615 if(memcmp (esp_icv_computed, esp_icv, esp_icv_len) == 0) {
1616 icv_checked = TRUE;
1617 icv_correct = TRUE;
1618 } else {
1619 icv_checked = TRUE;
1620 icv_correct = FALSE;
1621 esp_icv_expected = bytes_to_str(wmem_packet_scope(), esp_icv_computed, esp_icv_len);
1622 }
1623 }
1624
1625 gcry_md_close(md_hd);
1626 }
1627 }
1628 }
1629
1630 if(g_esp_enable_encryption_decode)
1631 {
1632 /* Deactivation of the Heuristic to decrypt using the NULL encryption algorithm since the packet is matching a SA */
1633 null_encryption_decode_heuristic = FALSE;
1634
1635 switch(esp_encr_algo)
1636 {
1637 case IPSEC_ENCRYPT_3DES_CBC :
1638 /* RFC 2451 says :
1639 3DES CBC uses a key of 192 bits.
1640 The first 3DES key is taken from the first 64 bits,
1641 the second from the next 64 bits, and the third
1642 from the last 64 bits.
1643 Implementations MUST take into consideration the
1644 parity bits when initially accepting a new set of
1645 keys. Each of the three keys is really 56 bits in
1646 length with the extra 8 bits used for parity. */
1647
1648 /* Fix parameters for 3DES-CBC */
1649 esp_iv_len = esp_block_len = 8;
1650 crypt_algo_libgcrypt = GCRY_CIPHER_3DES;
1651 crypt_mode_libgcrypt = GCRY_CIPHER_MODE_CBC;
1652
1653 if (esp_encr_key_len != gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt))
1654 {
1655 REPORT_DISSECTOR_BUG("<ESP Preferences> Error in Encryption Algorithm 3DES-CBC : Bad Keylen (got %u Bits, need %lu)\n",
1656 esp_encr_key_len * 8,
1657 (unsigned long) gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt) * 8);
1658 decrypt_ok = FALSE;
1659 }
1660 else
1661 decrypt_using_libgcrypt = TRUE;
1662
1663 break;
1664
1665 case IPSEC_ENCRYPT_AES_CBC :
1666 /* RFC 3602 says :
1667 AES supports three key sizes: 128 bits, 192 bits,
1668 and 256 bits. The default key size is 128 bits,
1669 and all implementations MUST support this key size.
1670 Implementations MAY also support key sizes of 192
1671 bits and 256 bits. */
1672
1673 /* Fix parameters for AES-CBC */
1674 esp_iv_len = esp_block_len = 16;
1675 crypt_mode_libgcrypt = GCRY_CIPHER_MODE_CBC;
1676
1677 switch(esp_encr_key_len * 8)
1678 {
1679 case 128:
1680 crypt_algo_libgcrypt = GCRY_CIPHER_AES128;
1681 decrypt_using_libgcrypt = TRUE;
1682 break;
1683
1684 case 192:
1685 crypt_algo_libgcrypt = GCRY_CIPHER_AES192;
1686 decrypt_using_libgcrypt = TRUE;
1687 break;
1688
1689 case 256:
1690 crypt_algo_libgcrypt = GCRY_CIPHER_AES256;
1691 decrypt_using_libgcrypt = TRUE;
1692 break;
1693
1694 default:
1695 REPORT_DISSECTOR_BUG("<ESP Preferences> Error in Encryption Algorithm AES-CBC : Bad Keylen (%u Bits)\n",
1696 esp_encr_key_len * 8);
1697 decrypt_ok = FALSE;
1698 }
1699
1700 break;
1701
1702 case IPSEC_ENCRYPT_CAST5_CBC :
1703 /* RFC 2144 says :
1704 The CAST-128 encryption algorithm has been designed to allow a key
1705 size that can vary from 40 bits to 128 bits, in 8-bit increments
1706 (that is, the allowable key sizes are 40, 48, 56, 64, ..., 112, 120,
1707 and 128 bits.)
1708 We support only 128 bits. */
1709
1710 /* Fix parameters for CAST5-CBC */
1711 esp_iv_len = esp_block_len = 8;
1712 crypt_mode_libgcrypt = GCRY_CIPHER_MODE_CBC;
1713
1714 switch(esp_encr_key_len * 8)
1715 {
1716 case 128:
1717 crypt_algo_libgcrypt = GCRY_CIPHER_CAST5;
1718 decrypt_using_libgcrypt = TRUE;
1719 break;
1720 default:
1721 REPORT_DISSECTOR_BUG("<ESP Preferences> Error in Encryption Algorithm CAST5-CBC : Bad Keylen (%u Bits)\n",
1722 esp_encr_key_len * 8);
1723 decrypt_ok = FALSE;
1724 }
1725 break;
1726
1727 case IPSEC_ENCRYPT_DES_CBC :
1728 /* RFC 2405 says :
1729 DES-CBC is a symmetric secret key algorithm.
1730 The key size is 64-bits.
1731 [It is commonly known as a 56-bit key as the key
1732 has 56 significant bits; the least significant
1733 bit in every byte is the parity bit.] */
1734
1735 /* Fix parameters for DES-CBC */
1736 esp_iv_len = esp_block_len = 8;
1737 crypt_algo_libgcrypt = GCRY_CIPHER_DES;
1738 crypt_mode_libgcrypt = GCRY_CIPHER_MODE_CBC;
1739
1740 if (esp_encr_key_len != gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt))
1741 {
1742 REPORT_DISSECTOR_BUG("<ESP Preferences> Error in Encryption Algorithm DES-CBC : Bad Keylen (%u Bits, need %lu)\n",
1743 esp_encr_key_len * 8, (unsigned long) gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt) * 8);
1744 decrypt_ok = FALSE;
1745 }
1746 else
1747 decrypt_using_libgcrypt = TRUE;
1748
1749 break;
1750
1751 case IPSEC_ENCRYPT_AES_CTR :
1752 case IPSEC_ENCRYPT_AES_GCM :
1753 /* RFC 3686 says :
1754 AES supports three key sizes: 128 bits, 192 bits,
1755 and 256 bits. The default key size is 128 bits,
1756 and all implementations MUST support this key
1757 size. Implementations MAY also support key sizes
1758 of 192 bits and 256 bits. The remaining 32 bits
1759 will be used as nonce. */
1760
1761 /* Fix parameters for AES-CTR/AES-GCM */
1762 esp_iv_len = 8;
1763 esp_block_len = 1;
1764 /* The counter mode key includes a 4 byte nonce following the key, which is used as the salt */
1765 esp_salt_len = 4;
1766 esp_encr_key_len -= esp_salt_len;
1767
1768 #ifdef HAVE_LIBGCRYPT_AEAD
1769 crypt_mode_libgcrypt =
1770 (esp_encr_algo == IPSEC_ENCRYPT_AES_CTR) ? GCRY_CIPHER_MODE_CTR : GCRY_CIPHER_MODE_GCM;
1771 #else
1772 crypt_mode_libgcrypt = GCRY_CIPHER_MODE_CTR;
1773 #endif
1774 switch(esp_encr_key_len * 8)
1775 {
1776 case 128:
1777 crypt_algo_libgcrypt = GCRY_CIPHER_AES128;
1778 decrypt_using_libgcrypt = TRUE;
1779 break;
1780
1781 case 192:
1782 crypt_algo_libgcrypt = GCRY_CIPHER_AES192;
1783 decrypt_using_libgcrypt = TRUE;
1784 break;
1785
1786 case 256:
1787 crypt_algo_libgcrypt = GCRY_CIPHER_AES256;
1788 decrypt_using_libgcrypt = TRUE;
1789 break;
1790
1791 default:
1792 REPORT_DISSECTOR_BUG("<ESP Preferences> Error in Encryption Algorithm %s : Bad Keylen (%u Bits)\n",
1793 (esp_encr_algo == IPSEC_ENCRYPT_AES_CTR) ? "AES-CTR" : "AES-GCM",
1794 esp_encr_key_len * 8);
1795 decrypt_ok = FALSE;
1796 }
1797
1798 if (esp_encr_algo == IPSEC_ENCRYPT_AES_GCM) {
1799 if (esp_auth_algo != IPSEC_AUTH_NULL) {
1800 REPORT_DISSECTOR_BUG("<ESP Preferences> Error: AES-GCM encryption can only be used with NULL authentication\n");
1801 }
1802 icv_type = ICV_TYPE_AEAD;
1803 }
1804
1805 break;
1806
1807 case IPSEC_ENCRYPT_TWOFISH_CBC :
1808 /* Twofish is a 128-bit block cipher developed by
1809 Counterpane Labs that accepts a variable-length
1810 key up to 256 bits.
1811 We will only accept key sizes of 128 and 256 bits.
1812 */
1813
1814 /* Fix parameters for TWOFISH-CBC */
1815 esp_iv_len = 16;
1816 crypt_mode_libgcrypt = GCRY_CIPHER_MODE_CBC;
1817
1818 switch(esp_encr_key_len * 8)
1819 {
1820 case 128:
1821 crypt_algo_libgcrypt = GCRY_CIPHER_TWOFISH128;
1822 decrypt_using_libgcrypt = TRUE;
1823 break;
1824
1825 case 256:
1826 crypt_algo_libgcrypt = GCRY_CIPHER_TWOFISH;
1827 decrypt_using_libgcrypt = TRUE;
1828 break;
1829
1830 default:
1831 REPORT_DISSECTOR_BUG("<ESP Preferences> Error in Encryption Algorithm TWOFISH-CBC : Bad Keylen (%u Bits)\n",
1832 esp_encr_key_len * 8);
1833 decrypt_ok = FALSE;
1834 }
1835
1836 break;
1837
1838 case IPSEC_ENCRYPT_BLOWFISH_CBC :
1839 /* Bruce Schneier of Counterpane Systems developed
1840 the Blowfish block cipher algorithm.
1841 RFC 2451 shows that Blowfish uses key sizes from
1842 40 to 448 bits. The Default size is 128 bits.
1843 We will only accept key sizes of 128 bits, because
1844 libgrypt only accept this key size.
1845 */
1846
1847 /* Fix parameters for BLOWFISH-CBC */
1848 esp_iv_len = esp_block_len = 8;
1849 crypt_algo_libgcrypt = GCRY_CIPHER_BLOWFISH;
1850 crypt_mode_libgcrypt = GCRY_CIPHER_MODE_CBC;
1851
1852 if (esp_encr_key_len != gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt))
1853 {
1854 REPORT_DISSECTOR_BUG("<ESP Preferences> Error in Encryption Algorithm BLOWFISH-CBC : Bad Keylen (%u Bits, need %lu)\n",
1855 esp_encr_key_len * 8, (unsigned long) gcry_cipher_get_algo_keylen (crypt_algo_libgcrypt) * 8);
1856 decrypt_ok = FALSE;
1857 }
1858 else
1859 decrypt_using_libgcrypt = TRUE;
1860
1861 break;
1862
1863 case IPSEC_ENCRYPT_NULL :
1864 default :
1865 /* Fix parameters */
1866 esp_iv_len = 0;
1867 esp_block_len = 1;
1868
1869 /* Allocate buffer for decrypted data */
1870 esp_decr_data = (guint8 *)wmem_alloc(wmem_packet_scope(), esp_encr_data_len);
1871 esp_decr_data_len = esp_encr_data_len;
1872
1873 tvb_memcpy(tvb, esp_decr_data, ESP_HEADER_LEN, esp_encr_data_len);
1874
1875 decrypt_ok = TRUE;
1876
1877 break;
1878 }
1879
1880 esp_encr_data_len -= (esp_iv_len + esp_icv_len);
1881
1882 /*
1883 * Zero or negative length of encrypted data shows that the user specified
1884 * wrong encryption algorithm and/or authentication algorithm.
1885 */
1886 if (esp_encr_data_len <= 0) {
1887 return esp_packet_len;
1888 }
1889
1890 /*
1891 * Add the IV to the tree and store it in a packet scope buffer for later decryption
1892 * if the specified encryption algorithm uses IV.
1893 */
1894 if (esp_iv_len) {
1895 tvb_ensure_bytes_exist(tvb, offset, esp_iv_len);
1896
1897 iv_item = proto_tree_add_item(esp_tree, hf_esp_iv, tvb, offset, esp_iv_len, ENC_NA);
1898 proto_item_append_text(iv_item, " (%d bytes)", esp_iv_len);
1899 esp_iv = (guchar *)tvb_memdup(wmem_packet_scope(), tvb, offset, esp_iv_len);
1900
1901 offset += esp_iv_len;
1902 }
1903
1904 /*
1905 * Add the encrypted portion to the tree and store it in a packet scope buffer for later decryption.
1906 */
1907 if (esp_encr_data_len) {
1908 encr_data_item = proto_tree_add_item(esp_tree, hf_esp_encrypted_data, tvb, offset, esp_encr_data_len, ENC_NA);
1909 proto_item_append_text(encr_data_item, " (%d bytes) <%s>",
1910 esp_encr_data_len,
1911 esp_get_encr_algo_name(esp_encr_algo));
1912
1913 esp_encr_data = (guchar *)tvb_memdup(wmem_packet_scope(), tvb, offset, esp_encr_data_len);
1914 offset += esp_encr_data_len;
1915
1916 /*
1917 * Verify that the encrypted payload data is properly aligned: The ciphertext length
1918 * needs to be a multiple of the of block size (which equals 1 for 'stream ciphers'
1919 * like AES-GCM and AES-CTR) and the ciphertext needs to terminate on a 4-byte boundary,
1920 * according to RFC 2406, section 2.4. Given the fact that all current block sizes are
1921 * powers of 2, only the stricter alignment requirement needs to be checked:
1922 */
1923 if (esp_block_len > 4 && esp_encr_data_len % esp_block_len != 0) {
1924 proto_item_append_text(encr_data_item, "[Invalid length, ciphertext should be a multiple of block size (%u)]",
1925 esp_block_len);
1926 decrypt_using_libgcrypt = FALSE;
1927 } else if (esp_encr_data_len % 4 != 0) {
1928 proto_item_append_text(encr_data_item, "[Invalid length, ciphertext should terminate at 4-byte boundary]");
1929 decrypt_using_libgcrypt = FALSE;
1930 }
1931 }
1932
1933
1934 /*
1935 * Add the ICV (Integrity Check Value) to the tree before decryption to ensure
1936 * the ICV be displayed even if the decryption fails.
1937 */
1938
1939 if (esp_icv_len) {
1940 icv_item = proto_tree_add_item(esp_tree, hf_esp_icv, tvb, offset, esp_icv_len, ENC_NA);
1941 proto_item_append_text(icv_item, " (%d bytes) <%s>",
1942 esp_icv_len,
1943 icv_type == ICV_TYPE_AEAD ?
1944 esp_get_encr_algo_name(esp_encr_algo) :
1945 esp_get_auth_algo_name(esp_auth_algo));
1946
1947 }
1948
1949 if (decrypt_using_libgcrypt)
1950 {
1951 /*
1952 * Allocate buffer for decrypted data.
1953 */
1954 esp_decr_data = (guchar*)wmem_alloc(pinfo->pool, esp_encr_data_len);
1955 esp_decr_data_len = esp_encr_data_len;
1956
1957 tvb_memcpy(tvb, esp_decr_data, ESP_HEADER_LEN, esp_encr_data_len);
1958
1959 /* (Lazily) create the cipher_hd */
1960 if (!(*cipher_hd_created)) {
1961 err = gcry_cipher_open(cipher_hd, crypt_algo_libgcrypt, crypt_mode_libgcrypt, 0);
1962 if (err) {
1963 REPORT_DISSECTOR_BUG("<IPsec/ESP Dissector> Error in Algorithm %s Mode %d, grcy_open_cipher failed: %s\n",
1964 gcry_cipher_algo_name(crypt_algo_libgcrypt), crypt_mode_libgcrypt, gcry_strerror(err));
1965 }
1966 else
1967 {
1968 /* OK, set the key */
1969 if (*cipher_hd_created == FALSE)
1970 {
1971 err = gcry_cipher_setkey(*cipher_hd, esp_encr_key, esp_encr_key_len);
1972
1973 if (err) {
1974 gcry_cipher_close(*cipher_hd);
1975 REPORT_DISSECTOR_BUG("<IPsec/ESP Dissector> Error in Algorithm %s Mode %d, gcry_cipher_setkey(key_len=%u) failed: %s\n",
1976 gcry_cipher_algo_name(crypt_algo_libgcrypt), crypt_mode_libgcrypt, esp_encr_key_len, gcry_strerror(err));
1977 }
1978 }
1979
1980 /* Key is created and has its key set now */
1981 *cipher_hd_created = TRUE;
1982 }
1983 }
1984
1985 /* Now try to decrypt */
1986 if (esp_encr_algo == IPSEC_ENCRYPT_AES_CTR || esp_encr_algo == IPSEC_ENCRYPT_AES_GCM)
1987 {
1988 unsigned int ctr_block_size = sizeof(ctr_block);
1989
1990 /* Set CTR first */
1991 memset(ctr_block, 0, ctr_block_size);
1992 memcpy(ctr_block, esp_encr_key + esp_encr_key_len, esp_salt_len);
1993 memcpy(ctr_block + esp_salt_len, esp_iv, esp_iv_len);
1994
1995 if (crypt_mode_libgcrypt == GCRY_CIPHER_MODE_CTR) {
1996 ctr_block[ctr_block_size-1] = 1;
1997 if (esp_encr_algo == IPSEC_ENCRYPT_AES_GCM) {
1998 /* AES-CTR is used as fallback for AES-GCM (only) if gcrypt does not have AEAD ciphers.
1999 * The extra increment is necessary because AES-GCM reserves counter 0 for the final
2000 * step to create the authentication tag and starts encryption with counter 1.
2001 */
2002 ctr_block[ctr_block_size-1]++;
2003 }
2004 err = gcry_cipher_setctr(*cipher_hd, ctr_block, 16);
2005 } else {
2006 err = gcry_cipher_setiv(*cipher_hd, ctr_block, esp_salt_len + esp_iv_len);
2007 }
2008 }
2009 else
2010 {
2011 err = gcry_cipher_setiv(*cipher_hd, esp_iv, esp_iv_len);
2012 }
2013
2014 if (err) {
2015 gcry_cipher_close(*cipher_hd);
2016 REPORT_DISSECTOR_BUG("<IPsec/ESP Dissector> Error in Algorithm %s Mode %d, gcry_cipher_set%s() failed: %s\n",
2017 gcry_cipher_algo_name(crypt_algo_libgcrypt), crypt_mode_libgcrypt,
2018 (crypt_mode_libgcrypt == GCRY_CIPHER_MODE_CTR) ? "ctr" : "iv",
2019 gcry_strerror(err));
2020 }
2021
2022
2023 #ifdef HAVE_LIBGCRYPT_AEAD
2024 if (g_esp_enable_authentication_check && icv_type == ICV_TYPE_AEAD) {
2025 /* Allocate buffer for ICV */
2026 esp_icv = (guint8 *)tvb_memdup(wmem_packet_scope(), tvb, esp_packet_len - esp_icv_len, esp_icv_len);
2027
2028 err = gcry_cipher_authenticate(*cipher_hd, tvb_get_ptr(tvb, 0, ESP_HEADER_LEN), ESP_HEADER_LEN);
2029
2030 if (err) {
2031 gcry_cipher_close(*cipher_hd);
2032 REPORT_DISSECTOR_BUG("<IPsec/ESP Dissector> Error in Algorithm %s Mode %d, gcry_cipher_authenticate() failed: %s\n",
2033 gcry_cipher_algo_name(crypt_algo_libgcrypt), crypt_mode_libgcrypt, gcry_strerror(err));
2034 }
2035 }
2036 #endif
2037
2038 if (!err)
2039 {
2040 err = gcry_cipher_decrypt(*cipher_hd, esp_decr_data, esp_decr_data_len, esp_encr_data, esp_encr_data_len);
2041 }
2042
2043 if (err)
2044 {
2045 REPORT_DISSECTOR_BUG("<IPsec/ESP Dissector> Error in Algorithm %s, Mode %d, gcry_cipher_decrypt failed: %s\n",
2046 gcry_cipher_algo_name(crypt_algo_libgcrypt), crypt_mode_libgcrypt, gcry_strerror(err));
2047 gcry_cipher_close(*cipher_hd);
2048 decrypt_ok = FALSE;
2049 }
2050 else
2051 {
2052 /* Decryption has finished */
2053 decrypt_ok = TRUE;
2054
2055 #ifdef HAVE_LIBGCRYPT_AEAD
2056 if (g_esp_enable_authentication_check && icv_type == ICV_TYPE_AEAD) {
2057 guchar *esp_icv_computed;
2058 gint tag_len;
2059
2060 tag_len = (gint)gcry_cipher_get_algo_blklen(crypt_algo_libgcrypt);
2061
2062 if (tag_len < esp_icv_len) {
2063 fprintf (stderr, "<IPsec/ESP Dissector> Error in Algorithm %s, tag length (%d) is less than icv length (%d)\n",
2064 gcry_md_algo_name(crypt_algo_libgcrypt), tag_len, esp_icv_len);
2065 }
2066
2067 esp_icv_computed = (guchar *)wmem_alloc(wmem_packet_scope(), tag_len);
2068 err = gcry_cipher_gettag(*cipher_hd, esp_icv_computed, tag_len);
2069 if (err) {
2070 gcry_cipher_close(*cipher_hd);
2071 REPORT_DISSECTOR_BUG("<IPsec/ESP Dissector> Error in Algorithm %s: gcry_cipher_gettag failed: %s",
2072 gcry_md_algo_name(crypt_algo_libgcrypt), gcry_strerror(err));
2073 }
2074
2075 if (memcmp(esp_icv_computed, esp_icv, esp_icv_len) == 0) {
2076 icv_checked = TRUE;
2077 icv_correct = TRUE;
2078 } else {
2079 icv_checked = TRUE;
2080 icv_correct = FALSE;
2081 esp_icv_expected = bytes_to_str(wmem_packet_scope(), esp_icv_computed, esp_icv_len);
2082 }
2083 }
2084 #endif
2085 }
2086 }
2087 }
2088 }
2089 else if(g_esp_enable_null_encryption_decode_heuristic)
2090 {
2091 /* The packet does not belong to a Security Association */
2092 null_encryption_decode_heuristic = TRUE;
2093 }
2094
2095 if(decrypt_ok)
2096 {
2097 tvb_decrypted = tvb_new_child_real_data(tvb, (guint8 *)wmem_memdup(pinfo->pool, esp_decr_data, esp_decr_data_len),
2098 esp_decr_data_len, esp_decr_data_len);
2099
2100 add_new_data_source(pinfo, tvb_decrypted, "Decrypted Data");
2101 item = proto_tree_add_item(esp_tree, hf_esp_decrypted_data, tvb_decrypted, 0, esp_decr_data_len, ENC_NA);
2102 proto_item_append_text(item, " (%d byte%s)", esp_decr_data_len, plurality(esp_decr_data_len, "", "s"));
2103
2104 decr_tree = proto_item_add_subtree(item, ett_esp_decrypted_data);
2105
2106 /* Make sure the packet is not truncated before the fields
2107 * we need to read to determine the encapsulated protocol */
2108 if(tvb_bytes_exist(tvb_decrypted, esp_decr_data_len - 2, 2))
2109 {
2110 gint esp_contained_data_len;
2111
2112 esp_pad_len = tvb_get_guint8(tvb_decrypted, esp_decr_data_len - 2);
2113 esp_contained_data_len = esp_decr_data_len - esp_pad_len - 2;
2114
2115 if(esp_contained_data_len > 0)
2116 {
2117 item = proto_tree_add_item(decr_tree, hf_esp_contained_data, tvb_decrypted, 0, esp_contained_data_len, ENC_NA);
2118 proto_item_append_text(item, " (%d byte%s)", esp_contained_data_len, plurality(esp_contained_data_len, "", "s"));
2119
2120 /* Get the encapsulated protocol */
2121 encapsulated_protocol = tvb_get_guint8(tvb_decrypted, esp_decr_data_len - 1);
2122
2123 dissector_handle = dissector_get_uint_handle(ip_dissector_table, encapsulated_protocol);
2124 if (dissector_handle) {
2125 /*
2126 * Recursively dissect the decrypted frame
2127 *
2128 * Note that the dissection restarts at the top level 'tree' here, not
2129 * at 'decr_tree', which is hidden inside the ESP subtree. This has
2130 * the effect that the protocol layers of the decrypted packet show up
2131 * in the protocol stack of the Packet Details Pane immediately below
2132 * the ESP layer, which is more intuitive and practical for the user.
2133 */
2134 saved_match_uint = pinfo->match_uint;
2135 pinfo->match_uint = encapsulated_protocol;
2136 next_tvb = tvb_new_subset_length(tvb_decrypted, 0, esp_contained_data_len);
2137 export_ipsec_pdu(dissector_handle, pinfo, next_tvb);
2138 call_dissector(dissector_handle, next_tvb, pinfo, tree);
2139 pinfo->match_uint = saved_match_uint;
2140 decrypt_dissect_ok = TRUE;
2141 }
2142 }
2143 }
2144
2145 if(decrypt_dissect_ok)
2146 {
2147 if(decr_tree)
2148 {
2149 if(esp_pad_len !=0)
2150 proto_tree_add_item(decr_tree, hf_esp_pad,
2151 tvb_decrypted,
2152 esp_decr_data_len - esp_pad_len - 2,
2153 esp_pad_len, ENC_NA);
2154
2155 proto_tree_add_uint(decr_tree, hf_esp_pad_len, tvb_decrypted,
2156 esp_decr_data_len - 2, 1,
2157 esp_pad_len);
2158
2159 proto_tree_add_uint_format(decr_tree, hf_esp_protocol, tvb_decrypted,
2160 esp_decr_data_len - 1, 1,
2161 encapsulated_protocol,
2162 "Next header: %s (0x%02x)",
2163 ipprotostr(encapsulated_protocol), encapsulated_protocol);
2164 }
2165 }
2166 else
2167 {
2168 next_tvb = tvb_new_subset_length(tvb_decrypted, 0,
2169 esp_decr_data_len);
2170 export_ipsec_pdu(data_handle, pinfo, next_tvb);
2171 call_dissector(data_handle, next_tvb, pinfo, decr_tree);
2172 }
2173 }
2174 }
2175
2176 /*
2177 If the packet is present in the security association database and the field g_esp_enable_authentication_check set.
2178 */
2179 if(!g_esp_enable_encryption_decode && g_esp_enable_authentication_check && sad_is_present)
2180 {
2181 next_tvb = tvb_new_subset_length_caplen(tvb, ESP_HEADER_LEN, esp_packet_len - ESP_HEADER_LEN - esp_icv_len, -1);
2182 export_ipsec_pdu(data_handle, pinfo, next_tvb);
2183 call_dissector(data_handle, next_tvb, pinfo, esp_tree);
2184 }
2185 /* The packet does not belong to a security association and the field g_esp_enable_null_encryption_decode_heuristic is set */
2186 else if(null_encryption_decode_heuristic)
2187 {
2188 if(g_esp_enable_null_encryption_decode_heuristic)
2189 {
2190 /* Make sure the packet is not truncated before the fields
2191 * we need to read to determine the encapsulated protocol.
2192 * (Note: we assume an ICV of 12 byte length.)
2193 */
2194 if(tvb_bytes_exist(tvb, esp_packet_len - 14, 2))
2195 {
2196 esp_pad_len = tvb_get_guint8(tvb, esp_packet_len - 14);
2197 encapsulated_protocol = tvb_get_guint8(tvb, esp_packet_len - 13);
2198 dissector_handle = dissector_get_uint_handle(ip_dissector_table, encapsulated_protocol);
2199 if (dissector_handle) {
2200 saved_match_uint = pinfo->match_uint;
2201 pinfo->match_uint = encapsulated_protocol;
2202 next_tvb = tvb_new_subset_length(tvb, ESP_HEADER_LEN, esp_packet_len - ESP_HEADER_LEN - 14 - esp_pad_len);
2203 export_ipsec_pdu(dissector_handle, pinfo, next_tvb);
2204 call_dissector(dissector_handle, next_tvb, pinfo, tree);
2205 pinfo->match_uint = saved_match_uint;
2206 decrypt_dissect_ok = TRUE;
2207 }
2208 }
2209 }
2210
2211 if(decrypt_dissect_ok)
2212 {
2213 if(esp_tree)
2214 {
2215 proto_tree_add_uint(esp_tree, hf_esp_pad_len, tvb,
2216 esp_packet_len - 14, 1,
2217 esp_pad_len);
2218
2219 proto_tree_add_uint_format(esp_tree, hf_esp_protocol, tvb,
2220 esp_packet_len - 13, 1,
2221 encapsulated_protocol,
2222 "Next header: %s (0x%02x)",
2223 ipprotostr(encapsulated_protocol), encapsulated_protocol);
2224
2225 /* Make sure we have the auth trailer data */
2226 if(tvb_bytes_exist(tvb, esp_packet_len - 12, 12))
2227 {
2228 proto_tree_add_item(esp_tree, hf_esp_icv, tvb, esp_packet_len - 12, 12, ENC_NA);
2229 }
2230 else
2231 {
2232 /* Truncated so just display what we have */
2233 proto_tree_add_bytes_format(esp_tree, hf_esp_icv, tvb, esp_packet_len - 12,
2234 12 - (esp_packet_len - tvb_captured_length(tvb)),
2235 NULL, "Integrity Check Value (truncated)");
2236 }
2237 }
2238 }
2239 }
2240
2241 if(icv_item != NULL) {
2242
2243 gboolean good = FALSE, bad = FALSE;
2244
2245 icv_tree = proto_item_add_subtree(icv_item, ett_esp_icv);
2246
2247 if(icv_checked) {
2248 if (icv_correct) {
2249 proto_item_append_text(icv_item, " [correct]");
2250 good = TRUE;
2251 } else {
2252 proto_item_append_text(icv_item, " [incorrect, should be %s]", esp_icv_expected);
2253 bad = TRUE;
2254 }
2255 } else {
2256 proto_item_append_text(icv_item, " [unchecked]");
2257 }
2258
2259 item = proto_tree_add_boolean(icv_tree, hf_esp_icv_good,
2260 tvb, offset, esp_icv_len, good);
2261 proto_item_set_generated(item);
2262
2263 item = proto_tree_add_boolean(icv_tree, hf_esp_icv_bad,
2264 tvb, offset, esp_icv_len, bad);
2265 proto_item_set_generated(item);
2266 }
2267
2268 return tvb_captured_length(tvb);
2269 }
2270
2271
2272 static int
dissect_ipcomp(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * dissector_data _U_)2273 dissect_ipcomp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* dissector_data _U_)
2274 {
2275 proto_tree *ipcomp_tree;
2276 proto_item *ti;
2277 guint8 comp_nxt; /* Next Header */
2278 guint32 comp_cpi; /* Compression parameter index */
2279 dissector_handle_t dissector_handle;
2280 guint32 saved_match_uint;
2281 tvbuff_t *data, *decomp;
2282
2283 /*
2284 * load the top pane info. This should be overwritten by
2285 * the next protocol in the stack
2286 */
2287 col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPComp");
2288 col_clear(pinfo->cinfo, COL_INFO);
2289
2290 comp_nxt = tvb_get_guint8(tvb, 0);
2291
2292 /*
2293 * populate a tree in the second pane with the status of the link layer
2294 * (ie none)
2295 */
2296 ti = proto_tree_add_item(tree, proto_ipcomp, tvb, 0, -1, ENC_NA);
2297 ipcomp_tree = proto_item_add_subtree(ti, ett_ipcomp);
2298
2299 proto_tree_add_uint_format_value(ipcomp_tree, hf_ipcomp_next_header, tvb,
2300 0, 1, comp_nxt, "%s (0x%02x)", ipprotostr(comp_nxt), comp_nxt);
2301 proto_tree_add_item(ipcomp_tree, hf_ipcomp_flags, tvb, 1, 1, ENC_NA);
2302 proto_tree_add_item_ret_uint(ipcomp_tree, hf_ipcomp_cpi, tvb, 2, 2, ENC_BIG_ENDIAN, &comp_cpi);
2303
2304 col_add_fstr(pinfo->cinfo, COL_INFO, "IPComp (CPI=%s)", val_to_str(comp_cpi, cpi2val, "0x%04x"));
2305
2306 data = tvb_new_subset_remaining(tvb, 4);
2307 export_ipsec_pdu(data_handle, pinfo, data);
2308 call_dissector(data_handle, data, pinfo, ipcomp_tree);
2309
2310 /*
2311 * try to uncompress as if it were DEFLATEd. With negotiated
2312 * CPIs, we don't know the algorithm beforehand; if we get it
2313 * wrong, tvb_uncompress() returns NULL and nothing is displayed.
2314 */
2315 decomp = tvb_child_uncompress(data, data, 0, tvb_captured_length(data));
2316 if (decomp) {
2317 add_new_data_source(pinfo, decomp, "IPcomp inflated data");
2318 saved_match_uint = pinfo->match_uint;
2319 dissector_handle = dissector_get_uint_handle(ip_dissector_table, comp_nxt);
2320 if (dissector_handle) {
2321 pinfo->match_uint = comp_nxt;
2322 } else {
2323 dissector_handle = data_handle;
2324 }
2325 export_ipsec_pdu(dissector_handle, pinfo, decomp);
2326 call_dissector(dissector_handle, decomp, pinfo, tree);
2327 pinfo->match_uint = saved_match_uint;
2328 }
2329
2330 return tvb_captured_length(tvb);
2331 }
2332
ipsec_cleanup_protocol(void)2333 static void ipsec_cleanup_protocol(void)
2334 {
2335 /* Free any SA records added by other dissectors */
2336 guint n;
2337 for (n=0; n < extra_esp_sa_records.num_records; n++) {
2338 uat_esp_sa_record_free_cb(&(extra_esp_sa_records.records[n]));
2339 }
2340
2341 /* Free overall block of records */
2342 g_free(extra_esp_sa_records.records);
2343 extra_esp_sa_records.records = NULL;
2344 extra_esp_sa_records.num_records = 0;
2345 }
2346
2347 void
proto_register_ipsec(void)2348 proto_register_ipsec(void)
2349 {
2350 static hf_register_info hf_ah[] = {
2351 { &hf_ah_next_header,
2352 { "Next header", "ah.next_header", FT_UINT8, BASE_DEC | BASE_EXT_STRING, &ipproto_val_ext, 0x0,
2353 NULL, HFILL }},
2354 { &hf_ah_length,
2355 { "Length", "ah.length", FT_UINT8, BASE_DEC, NULL, 0x0,
2356 NULL, HFILL }},
2357 { &hf_ah_reserved,
2358 { "Reserved", "ah.reserved", FT_BYTES, BASE_NONE, NULL, 0x0,
2359 NULL, HFILL }},
2360 { &hf_ah_spi,
2361 { "AH SPI", "ah.spi", FT_UINT32, BASE_HEX, NULL, 0x0,
2362 "IP Authentication Header Security Parameters Index", HFILL }},
2363 { &hf_ah_iv,
2364 { "AH ICV", "ah.icv", FT_BYTES, BASE_NONE, NULL, 0x0,
2365 "IP Authentication Header Integrity Check Value", HFILL }},
2366 { &hf_ah_sequence,
2367 { "AH Sequence", "ah.sequence", FT_UINT32, BASE_DEC, NULL, 0x0,
2368 "IP Authentication Header Sequence Number", HFILL }}
2369 };
2370
2371 static hf_register_info hf_esp[] = {
2372 { &hf_esp_spi,
2373 { "ESP SPI", "esp.spi", FT_UINT32, BASE_HEX_DEC, NULL, 0x0,
2374 "IP Encapsulating Security Payload Security Parameters Index", HFILL }},
2375 { &hf_esp_sequence,
2376 { "ESP Sequence", "esp.sequence", FT_UINT32, BASE_DEC, NULL, 0x0,
2377 "IP Encapsulating Security Payload Sequence Number", HFILL }},
2378 { &hf_esp_pad,
2379 { "Pad", "esp.pad", FT_BYTES, BASE_NONE, NULL, 0x0,
2380 NULL, HFILL }},
2381 { &hf_esp_pad_len,
2382 { "ESP Pad Length", "esp.pad_len", FT_UINT8, BASE_DEC, NULL, 0x0,
2383 "IP Encapsulating Security Payload Pad Length", HFILL }},
2384 { &hf_esp_protocol,
2385 { "ESP Next Header", "esp.protocol", FT_UINT8, BASE_HEX, NULL, 0x0,
2386 "IP Encapsulating Security Payload Next Header", HFILL }},
2387 { &hf_esp_iv,
2388 { "ESP IV", "esp.iv", FT_BYTES, BASE_NONE, NULL, 0x0,
2389 "IP Encapsulating Security Payload Initialization Vector", HFILL }},
2390 { &hf_esp_encrypted_data,
2391 { "ESP Encrypted Data", "esp.encrypted_data", FT_BYTES, BASE_NONE, NULL, 0x0,
2392 "IP Encapsulating Security Payload Encrypted Data", HFILL }},
2393 { &hf_esp_decrypted_data,
2394 { "ESP Decrypted Data", "esp.decrypted_data", FT_BYTES, BASE_NONE, NULL, 0x0,
2395 "IP Encapsulating Security Payload Decrypted Data", HFILL }},
2396 { &hf_esp_contained_data,
2397 { "ESP Contained Data", "esp.contained_data", FT_BYTES, BASE_NONE, NULL, 0x0,
2398 "IP Encapsulating Security Payload Contained Data", HFILL }},
2399 { &hf_esp_icv,
2400 { "ESP ICV", "esp.icv", FT_BYTES, BASE_NONE, NULL, 0x0,
2401 "IP Encapsulating Security Payload Integrity Check Value", HFILL }},
2402 { &hf_esp_icv_good,
2403 { "Good", "esp.icv_good", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2404 "True: ICV matches packet content; False: doesn't match content or not checked", HFILL }},
2405 { &hf_esp_icv_bad,
2406 { "Bad", "esp.icv_bad", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2407 "True: ICV doesn't match packet content; False: matches content or not checked", HFILL }},
2408 { &hf_esp_sequence_analysis_expected_sn,
2409 { "Expected SN", "esp.sequence-analysis.expected-sn", FT_UINT32, BASE_DEC, NULL, 0x0,
2410 NULL, HFILL }},
2411 { &hf_esp_sequence_analysis_previous_frame,
2412 { "Previous Frame", "esp.sequence-analysis.previous-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0,
2413 NULL, HFILL }},
2414 };
2415
2416 static hf_register_info hf_ipcomp[] = {
2417 { &hf_ipcomp_next_header,
2418 { "Next Header", "ipcomp.next_header", FT_UINT8, BASE_HEX, NULL, 0x0,
2419 NULL, HFILL }},
2420 { &hf_ipcomp_flags,
2421 { "IPComp Flags", "ipcomp.flags", FT_UINT8, BASE_HEX, NULL, 0x0,
2422 "IP Payload Compression Protocol Flags", HFILL }},
2423 { &hf_ipcomp_cpi,
2424 { "IPComp CPI", "ipcomp.cpi", FT_UINT16, BASE_HEX, VALS(cpi2val), 0x0,
2425 "IP Payload Compression Protocol Compression Parameter Index", HFILL }},
2426 };
2427
2428 static gint *ett[] = {
2429 &ett_ah,
2430 &ett_esp,
2431 &ett_esp_icv,
2432 &ett_esp_decrypted_data,
2433 &ett_ipcomp,
2434 };
2435
2436 static ei_register_info ei[] = {
2437 { &ei_esp_sequence_analysis_wrong_sequence_number, { "esp.sequence-analysis.wrong-sequence-number", PI_SEQUENCE, PI_WARN, "Wrong Sequence Number", EXPFILL }}
2438 };
2439
2440 static const value_string esp_proto_type_vals[] = {
2441 { IPSEC_SA_IPV4, "IPv4" },
2442 { IPSEC_SA_IPV6, "IPv6" },
2443 { 0x00, NULL }
2444 };
2445
2446 static uat_field_t esp_uat_flds[] = {
2447 UAT_FLD_VS(uat_esp_sa_records, protocol, "Protocol", esp_proto_type_vals, "Protocol used"),
2448 UAT_FLD_CSTRING(uat_esp_sa_records, srcIP, "Src IP", "Source Address"),
2449 UAT_FLD_CSTRING(uat_esp_sa_records, dstIP, "Dest IP", "Destination Address"),
2450 UAT_FLD_CSTRING(uat_esp_sa_records, spi, "SPI", "SPI"),
2451 UAT_FLD_VS(uat_esp_sa_records, encryption_algo, "Encryption", esp_encryption_type_vals, "Encryption algorithm"),
2452 UAT_FLD_CSTRING(uat_esp_sa_records, encryption_key_string, "Encryption Key", "Encryption Key"),
2453 UAT_FLD_VS(uat_esp_sa_records, authentication_algo, "Authentication", esp_authentication_type_vals, "Authentication algorithm"),
2454 UAT_FLD_CSTRING(uat_esp_sa_records, authentication_key_string, "Authentication Key", "Authentication Key"),
2455 UAT_END_FIELDS
2456 };
2457
2458 static build_valid_func ah_da_build_value[1] = {ah_value};
2459 static decode_as_value_t ah_da_values = {ah_prompt, 1, ah_da_build_value};
2460 static decode_as_t ah_da = {"ah", "ip.proto", 1, 0, &ah_da_values, NULL, NULL,
2461 decode_as_default_populate_list, decode_as_default_reset, decode_as_default_change, NULL};
2462
2463 module_t *ah_module;
2464 module_t *esp_module;
2465
2466 expert_module_t* expert_esp;
2467
2468 proto_ah = proto_register_protocol("Authentication Header", "AH", "ah");
2469 proto_register_field_array(proto_ah, hf_ah, array_length(hf_ah));
2470
2471 proto_esp = proto_register_protocol("Encapsulating Security Payload",
2472 "ESP", "esp");
2473 proto_register_field_array(proto_esp, hf_esp, array_length(hf_esp));
2474
2475 proto_ipcomp = proto_register_protocol("IP Payload Compression",
2476 "IPComp", "ipcomp");
2477 proto_register_field_array(proto_ipcomp, hf_ipcomp, array_length(hf_ipcomp));
2478
2479 proto_register_subtree_array(ett, array_length(ett));
2480
2481 expert_esp = expert_register_protocol(proto_esp);
2482 expert_register_field_array(expert_esp, ei, array_length(ei));
2483
2484 ah_module = prefs_register_protocol_obsolete(proto_ah);
2485
2486 prefs_register_obsolete_preference(ah_module, "place_ah_payload_in_subtree");
2487
2488 esp_module = prefs_register_protocol(proto_esp, NULL);
2489
2490 prefs_register_bool_preference(esp_module, "enable_null_encryption_decode_heuristic",
2491 "Attempt to detect/decode NULL encrypted ESP payloads",
2492 "This is done only if the Decoding is not SET or the packet does not belong to a SA. "
2493 "Assumes a 12 byte auth (HMAC-SHA1-96/HMAC-MD5-96/AES-XCBC-MAC-96) "
2494 "and attempts decode based on the ethertype 13 bytes from packet end",
2495 &g_esp_enable_null_encryption_decode_heuristic);
2496
2497 prefs_register_bool_preference(esp_module, "do_esp_sequence_analysis",
2498 "Check sequence numbers of ESP frames",
2499 "Check that successive frames increase sequence number by 1 within an SPI. This should work OK when only one host is sending frames on an SPI",
2500 &g_esp_do_sequence_analysis);
2501
2502 prefs_register_bool_preference(esp_module, "enable_encryption_decode",
2503 "Attempt to detect/decode encrypted ESP payloads",
2504 "Attempt to decode based on the SAD described hereafter.",
2505 &g_esp_enable_encryption_decode);
2506
2507 prefs_register_bool_preference(esp_module, "enable_authentication_check",
2508 "Attempt to Check ESP Authentication",
2509 "Attempt to Check ESP Authentication based on the SAD described hereafter.",
2510 &g_esp_enable_authentication_check);
2511
2512 esp_uat = uat_new("ESP SAs",
2513 sizeof(uat_esp_sa_record_t), /* record size */
2514 "esp_sa", /* filename */
2515 TRUE, /* from_profile */
2516 &uat_esp_sa_records, /* data_ptr */
2517 &num_sa_uat, /* numitems_ptr */
2518 UAT_AFFECTS_DISSECTION, /* affects dissection of packets, but not set of named fields */
2519 NULL, /* help */
2520 uat_esp_sa_record_copy_cb, /* copy callback */
2521 uat_esp_sa_record_update_cb, /* update callback */
2522 uat_esp_sa_record_free_cb, /* free callback */
2523 NULL, /* post update callback */
2524 NULL, /* reset callback */
2525 esp_uat_flds); /* UAT field definitions */
2526
2527 prefs_register_uat_preference(esp_module,
2528 "sa_table",
2529 "ESP SAs",
2530 "Preconfigured ESP Security Associations",
2531 esp_uat);
2532
2533 esp_sequence_analysis_hash = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), g_direct_hash, g_direct_equal);
2534 esp_sequence_analysis_report_hash = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), g_direct_hash, g_direct_equal);
2535 register_cleanup_routine(&ipsec_cleanup_protocol);
2536
2537 register_dissector("esp", dissect_esp, proto_esp);
2538 register_dissector("ah", dissect_ah, proto_ah);
2539
2540 register_decode_as(&ah_da);
2541 }
2542
2543 void
proto_reg_handoff_ipsec(void)2544 proto_reg_handoff_ipsec(void)
2545 {
2546 dissector_handle_t esp_handle, ah_handle, ipcomp_handle;
2547 capture_dissector_handle_t ah_cap_handle;
2548
2549 data_handle = find_dissector("data");
2550 ah_handle = find_dissector("ah");
2551 dissector_add_uint("ip.proto", IP_PROTO_AH, ah_handle);
2552 esp_handle = find_dissector("esp");
2553 dissector_add_uint("ip.proto", IP_PROTO_ESP, esp_handle);
2554 ipcomp_handle = create_dissector_handle(dissect_ipcomp, proto_ipcomp);
2555 dissector_add_uint("ip.proto", IP_PROTO_IPCOMP, ipcomp_handle);
2556
2557 ip_dissector_table = find_dissector_table("ip.proto");
2558
2559 ah_cap_handle = create_capture_dissector_handle(capture_ah, proto_ah);
2560 capture_dissector_add_uint("ip.proto", IP_PROTO_AH, ah_cap_handle);
2561
2562 exported_pdu_tap = find_tap_id(EXPORT_PDU_TAP_NAME_LAYER_3);
2563 }
2564
2565 /*
2566 * Editor modelines
2567 *
2568 * Local Variables:
2569 * c-basic-offset: 2
2570 * tab-width: 8
2571 * indent-tabs-mode: nil
2572 * End:
2573 *
2574 * ex: set shiftwidth=2 tabstop=8 expandtab:
2575 * :indentSize=2:tabSize=8:noTabs=true:
2576 */
2577