Wireshark · Ethereal-dev: [Ethereal-dev] ESP Patch for Hexadecimal keys

[Frédéric Roudaut <roudaut.frederic@xxxxxxx>]

-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-dev@xxxxxxxxxxxxx.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-dev
-------------------


Hi,

as requested  here is a patch  in order to take into account  Encryption 
and Authentication keys for ESP in hexa. 
You only have to write your key with 0x first. In this case if the key 
is not in 8-bit unit, it will be considered as starting with a "0" (4 bits).
Excepted this case, the key should be completely written, even if it 
starts with "0x00".

Nevertheless, if the box contains a key with white spaces before "0x",  
it will be taken into account. Ie if the ESP preference contains  
"    0xffffff",  it will not be considered  as an hexadecimal key (4 
white spaces before 0x). I do not think it is a problem but please tell 
me if it is, I will correct this.

Moreover I noticed an editorial issue in the Author files ;-). IPsec 
should be written like this and not IP-sec.
could you please update this ?

best regards,

ps : in attachment, you will also get some examples for using 
Hexadecimal keys (preference and capture files, IPsec policy for setkey).
ps2 : sorry for the off-by-one errors ;-(

---
Frederic Roudaut



Filonenko Alexander-AAF013 wrote:
> Frederic,
>  
> Thank you for the response. While adding this feature, do you plan to 
> add another checkbox in the ESP preferences so the user can switch 
> between ASCII/hex modes for encryption keys?
>  
> Thank you,
> Alex Filonenko
>  
>  
>
> ------------------------------------------------------------------------
> *From:* Frédéric Roudaut [mailto:roudaut.frederic@xxxxxxx]
> *Sent:* Tuesday, August 01, 2006 5:19 AM
> *To:* Filonenko Alexander-AAF013
> *Cc:* Ethereal development; Developer support list for Wireshark
> *Subject:* Re: IPsec Dissector to decrypt ESP Payload
>
> Hi,
>
> sorry for my late answer. You're right for the key. To enter binary 
> keys you need to modify the dissector. It should easy to adapt. If 
> needed, I could easily add this but however not before the beginning 
> of september.
> Sorry for that.
>
> best regards,
>
> --
> Frederic Roudaut
>
>
> Filonenko Alexander-AAF013 a écrit :
> > Frederic,
> >
> > I am using ESP decryption features of your dissector and it is very useful. 
> > I have one question though. How can I use arbitrary (non-ASCII) encryption key with preferences available for ESP? Is the key limited to ASCII characters only? 
> >
> > Thank you,
> > Alex
> >
> > -----Original Message-----
> > From: Filonenko Alexander-AAF013 
> > Sent: Friday, February 24, 2006 4:43 PM
> > To: 'Ethereal development'
> > Subject: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
> >
> > Frederic,
> >
> > I find IPsec functionality you have added to the dissector very useful.
> > Hope I can provide you with some feedback in a few weeks.
> >
> > Thank you,
> > Alex Filonenko 
> >
> >   
> > > -----Original Message-----
> > > From: ethereal-dev-bounces@xxxxxxxxxxxx 
> > > [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Frederic 
> > > Roudaut
> > > Sent: Friday, February 24, 2006 10:01 AM
> > > To: Ethereal development
> > > Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
> > >
> > >
> > > Hi,
> > >
> > > finally, I have updated my dissector using libgcrypt.
> > > It does not use openssl anymore.
> > > If gnutls is installed, all should work.
> > > Thus, now it should decrypt and dissect (transport/tunnel/several 
> > > encapsulations ...) :
> > >
> > > - NULL Encryption Algorithm
> > > - TripleDES-CBC [RFC2451] : keylen 192 bits.
> > > - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
> > > - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
> > > 32 bits will be used as nonce.
> > > - DES-CBC [RFC2405] : keylen 64 bits
> > >
> > > I also have added :
> > >
> > > - BLOWFISH-CBC : keylen 128 bits.
> > > - TWOFISH-CBC : keylen 128/256 bits.
> > >
> > > You have to indicate the Authentication algorithm even if all 
> > > Algorithms since it uses 12 bytes in the Auth field should work (have 
> > > a look to the README to understand why I put it
> > > ;-) ). If you consider I have to throw it away please tell me.
> > >
> > > HMAC-SHA1-96 [RFC2404]
> > > NULL
> > > AES-XCBC-MAC-96 [RFC3566]
> > > HMAC-MD5-96 [RFC2403]
> > >
> > > In the attachment you will get :
> > > - this dissector
> > > - a new README
> > > - some example capture files with associated preferences files (and 
> > > setkey config files)
> > >
> > >
> > > Best Regards,
> > >
> > >
> > > ----
> > > Frederic
> > >
> > >
> > >
> > >
> > >
> > >
> > > --
> > > Frédéric ROUDAUT
> > > IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
> > > Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
> > >
> > >
> > >     
> > _______________________________________________
> > Ethereal-dev mailing list
> > Ethereal-dev@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> >
> >
> >

Attachment: ESP_example_hex_keys.tgz
Description: application/compressed-tar

Attachment: packet_ipsec.c.gz
Description: GNU Zip compressed data

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev