From Matthias St. Pierre:

Add full rfc4868 support to both dissectors. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7873 svn path=/trunk/; revision=45708
author: Anders Broman <anders.broman@ericsson.com> 2012-10-22 12:34:01 +0000
committer: Anders Broman <anders.broman@ericsson.com> 2012-10-22 12:34:01 +0000
commit: 007a0b28aec261bf54559d5ac84672c67f82e8b0 (patch)
tree: 781967825e40675b002fffb68a58f9842ded9885 /epan
parent: e9f13d771c0e175743c323b596ec61f4c8bec99f (diff)
2 files changed, 34 insertions, 11 deletions
diff --git a/epan/dissectors/packet-ipsec.c b/epan/dissectors/packet-ipsec.c
index f0bdc477d6..7e39557e4b 100644
--- a/epan/dissectors/packet-ipsec.c
+++ b/epan/dissectors/packet-ipsec.c
@@ -135,13 +135,15 @@ static dissector_table_t ip_dissector_table;
 #define IPSEC_AUTH_HMAC_SHA1_96 1
 #define IPSEC_AUTH_HMAC_SHA256_96 2
 #define IPSEC_AUTH_HMAC_SHA256_128 3
-#define IPSEC_AUTH_HMAC_MD5_96 4
-#define IPSEC_AUTH_HMAC_RIPEMD160_96 5
+#define IPSEC_AUTH_HMAC_SHA384_192 4
+#define IPSEC_AUTH_HMAC_SHA512_256 5
+#define IPSEC_AUTH_HMAC_MD5_96 6
+#define IPSEC_AUTH_HMAC_RIPEMD160_96 7
 /* define IPSEC_AUTH_AES_XCBC_MAC_96 6 */
-#define IPSEC_AUTH_ANY_96BIT 7
-#define IPSEC_AUTH_ANY_128BIT 8
-#define IPSEC_AUTH_ANY_192BIT 9
-#define IPSEC_AUTH_ANY_256BIT 10
+#define IPSEC_AUTH_ANY_96BIT 8
+#define IPSEC_AUTH_ANY_128BIT 9
+#define IPSEC_AUTH_ANY_192BIT 10
+#define IPSEC_AUTH_ANY_256BIT 11
 
 #define IPSEC_IPV6_ADDR_LEN 128
 #define IPSEC_IPV4_ADDR_LEN 32
@@ -1166,10 +1168,12 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
                     esp_auth_len = 16;
                     break;
 
+				case IPSEC_AUTH_HMAC_SHA512_256:
                 case IPSEC_AUTH_ANY_256BIT:
                     esp_auth_len = 32;
                     break;
 
+				case IPSEC_AUTH_HMAC_SHA384_192:
                 case IPSEC_AUTH_ANY_192BIT:
                     esp_auth_len = 24;
                     break;
@@ -1226,6 +1230,16 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
                         authentication_check_using_hmac_libgcrypt = TRUE;
                         break;
 
+					case IPSEC_AUTH_HMAC_SHA384_192:
+                        auth_algo_libgcrypt = GCRY_MD_SHA384;
+                        authentication_check_using_hmac_libgcrypt = TRUE;
+                        break;
+
+					case IPSEC_AUTH_HMAC_SHA512_256:
+                        auth_algo_libgcrypt = GCRY_MD_SHA512;
+                        authentication_check_using_hmac_libgcrypt = TRUE;
+                        break;
+
                     case IPSEC_AUTH_HMAC_MD5_96:
                         /*
                         RFC 2403 : HMAC-MD5-96 is a secret key algorithm.
@@ -2074,6 +2088,8 @@ proto_register_ipsec(void)
     { IPSEC_AUTH_HMAC_SHA1_96, "HMAC-SHA-1-96 [RFC2404]" },
     { IPSEC_AUTH_HMAC_SHA256_96, "HMAC-SHA-256-96 [draft-ietf-ipsec-ciph-sha-256-00]" },
     { IPSEC_AUTH_HMAC_SHA256_128, "HMAC-SHA-256-128 [RFC4868]" },
+    { IPSEC_AUTH_HMAC_SHA384_192, "HMAC-SHA-384-192 [RFC4868]" },
+    { IPSEC_AUTH_HMAC_SHA512_256, "HMAC-SHA-512-256 [RFC4868]" },
     { IPSEC_AUTH_HMAC_MD5_96, "HMAC-MD5-96 [RFC2403]" },
     { IPSEC_AUTH_HMAC_RIPEMD160_96, "MAC-RIPEMD-160-96 [RFC2857]" },
 /*    { IPSEC_AUTH_AES_XCBC_MAC_96, "AES-XCBC-MAC-96 [RFC3566]" }, */
diff --git a/epan/dissectors/packet-isakmp.c b/epan/dissectors/packet-isakmp.c
index b0cc773798..8343e54d3d 100644
--- a/epan/dissectors/packet-isakmp.c
+++ b/epan/dissectors/packet-isakmp.c
@@ -1614,18 +1614,23 @@ typedef struct _ikev2_auth_alg_spec {
 #define IKEV2_AUTH_HMAC_SHA1_96 3
 #define IKEV2_AUTH_HMAC_SHA2_256_96 4
 #define IKEV2_AUTH_HMAC_SHA2_256_128 5
-#define IKEV2_AUTH_ANY_96BITS   6
-#define IKEV2_AUTH_ANY_128BITS  7
-#define IKEV2_AUTH_ANY_160BITS  8
-#define IKEV2_AUTH_ANY_192BITS  9
-#define IKEV2_AUTH_ANY_256BITS  10
+#define IKEV2_AUTH_HMAC_SHA2_384_192 6
+#define IKEV2_AUTH_HMAC_SHA2_512_256 7
+#define IKEV2_AUTH_ANY_96BITS   8
+#define IKEV2_AUTH_ANY_128BITS  9
+#define IKEV2_AUTH_ANY_160BITS  10
+#define IKEV2_AUTH_ANY_192BITS  11
+#define IKEV2_AUTH_ANY_256BITS  12
 
 static ikev2_auth_alg_spec_t ikev2_auth_algs[] = {
+/*{number, output_len, key_len, trunc_len, gcry_alg, gcry_flag}*/
   {IKEV2_AUTH_NONE, 0, 0, 0, GCRY_MD_NONE, 0},
   {IKEV2_AUTH_HMAC_MD5_96, 16, 16, 12, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC},
   {IKEV2_AUTH_HMAC_SHA1_96, 20, 20, 12, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC},
   {IKEV2_AUTH_HMAC_SHA2_256_96, 32, 32, 12, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC},
   {IKEV2_AUTH_HMAC_SHA2_256_128, 32, 32, 16, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC},
+  {IKEV2_AUTH_HMAC_SHA2_384_192, 48, 48, 24, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC},
+  {IKEV2_AUTH_HMAC_SHA2_512_256, 64, 64, 32, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC},
   {IKEV2_AUTH_ANY_96BITS, 0, 0, 12, 0, 0},
   {IKEV2_AUTH_ANY_128BITS, 0, 0, 16, 0, 0},
   {IKEV2_AUTH_ANY_160BITS, 0, 0, 20, 0, 0},
@@ -1686,6 +1691,8 @@ static const value_string vs_ikev2_auth_algs[] = {
   {IKEV2_AUTH_HMAC_SHA1_96, IKEV2_AUTH_HMAC_SHA1_96_STR},
   {IKEV2_AUTH_HMAC_SHA2_256_96, "HMAC_SHA2_256_96 [draft-ietf-ipsec-ciph-sha-256-00]"},
   {IKEV2_AUTH_HMAC_SHA2_256_128, "HMAC_SHA2_256_128 [RFC4868]"},
+  {IKEV2_AUTH_HMAC_SHA2_384_192, "HMAC_SHA2_384_192 [RFC4868]"},
+  {IKEV2_AUTH_HMAC_SHA2_512_256, "HMAC_SHA2_512_256 [RFC4868]"},
   {IKEV2_AUTH_NONE,         "NONE [RFC4306]"},
   {IKEV2_AUTH_ANY_96BITS,   "ANY 96-bits of Authentication [No Checking]"},
   {IKEV2_AUTH_ANY_128BITS,  "ANY 128-bits of Authentication [No Checking]"},
author	Anders Broman <anders.broman@ericsson.com>	2012-10-22 12:34:01 +0000
committer	Anders Broman <anders.broman@ericsson.com>	2012-10-22 12:34:01 +0000
commit	007a0b28aec261bf54559d5ac84672c67f82e8b0 (patch)
tree	781967825e40675b002fffb68a58f9842ded9885 /epan
parent	e9f13d771c0e175743c323b596ec61f4c8bec99f (diff)