Wireshark-bugs: [Wireshark-bugs] [Bug 3745] New: Support of non-96-bit ICVs for IPsec ESP
Date: Thu, 16 Jul 2009 01:32:45 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3745

           Summary: Support of non-96-bit ICVs for IPsec ESP
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: dahlberg@xxxxxxx



David Dahlberg <dahlberg@xxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3351|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=3351)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3351)
Patch for the ESP dissector

Build Information:
Version 1.3.0-SVN-29100
--
As for now, Wireshark supports only 96-bit (or 0-bit for NULL authentication)
integrity control values (ICVs) for IPsec ESP. While the autentication field is
of variable length, this may lead to situations where the whole packet is not
parsable.

To solve this, I added generic classes (not checked) for 128, 192 and 256 bit
ICVs to the ESP dissector. I also split the HMAC-SHA-256 autentication
algorithm to HMAC-SHA-256-128 (128 bit as defined in RFC 4868) and
HMAC-SHA-256-96 (from the very first draft, nevertheless unpatched Linux and
BSDs do it this way).


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.