Wireshark mailing list archives
Re: Are AEAD cyphers accepted for IKEv2 decryption table?
From: Peter Wu <peter () lekensteyn nl>
Date: Sat, 6 Aug 2016 11:51:27 +0200
Hi Codrut, On Tue, Aug 02, 2016 at 07:51:47AM +0000, Codrut Grosu wrote:
Hi, I'm working at a strongSwan plugin that will generate a IKEv2 decryption table for wireshark. In IKEv2 decryption table(wireshark) at encryption algorithm field there are only the following algorithms: "3DES[RFC2451]", "AES-CBC-128[RFC3602]", "AES-CBC-192[RFC3602]", "AES-CBC-256[RFC3602]" and "NULL[RFC2410]". But strongSwan accepts AEAD cyphers like: AES_CCM_ICV8, AES_CCM_ICV12, AES_CCM_ICV16, AES_GCM_ICV8, AES_GCM_ICV12, AES_GCM_ICV16, NULL_AUTH_AES_GMAC, CAMELLIA_CCM_ICV8, CAMELLIA_CCM_ICV12, CAMELLIA_CCM_ICV16 and CHACHA20_POLY1305. So, wireshark can decrypt packets that are encrypted with AEAD cyphers?
The available ciphers are listedn in epan/dissectors/packet-isakmp.c, around line 1632 (ikev2_encr_algs). Supported ciphers are the ones you mentioned, but it should be relatively easy to add support for the other ciphers since gcrypt supports it (there are also some examples for this in the SSL dissector). If you start adding support for this, please try to make a packet capture available containing the various ciphers. The libgcrypt docs are at https://gnupg.org/documentation/manuals/gcrypt/Working-with-cipher-handles.html If you want to start working on it, note that there is some related work in this dissector (if it shows empty, then it is already closed): https://code.wireshark.org/review/#/q/status:open+file:epan/dissectors/packet-isakmp.c -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Are AEAD cyphers accepted for IKEv2 decryption table? Codrut Grosu (Aug 02)
- Re: Are AEAD cyphers accepted for IKEv2 decryption table? Peter Wu (Aug 06)