Nice. Maybe uploading the example to the other examples on the wiki? I have made some very minor cosmetic changes to the dissector of yours that anders checked in.
I also changed it so that the payload inside ah/esp is displayed at the root of the tree. (look at the screenshot at the ESP_preferences in the wiki, it is confusing when the source/dest ip addresses in the summary line are different from what is shown in the dissect pane (before we open any of the expansions.)) On 9/7/06, Frédéric Roudaut <[EMAIL PROTECTED]> wrote: > > Hi, > > as requested here is a patch in order to take into account Encryption > and Authentication keys for ESP in hexa. > You only have to write your key with 0x first. In this case if the key > is not in 8-bit unit, it will be considered as starting with a "0" (4 bits). > Excepted this case, the key should be completely written, even if it > starts with "0x00". > > Nevertheless, if the box contains a key with white spaces before "0x", > it will be taken into account. Ie if the ESP preference contains > " 0xffffff", it will not be considered as an hexadecimal key (4 > white spaces before 0x). I do not think it is a problem but please tell > me if it is, I will correct this. > > Moreover I noticed an editorial issue in the Author files ;-). IPsec > should be written like this and not IP-sec. > could you please update this ? > > best regards, > > ps : in attachment, you will also get some examples for using > Hexadecimal keys (preference and capture files, IPsec policy for setkey). > ps2 : sorry for the off-by-one errors ;-( > > --- > Frederic Roudaut > > > > Filonenko Alexander-AAF013 wrote: > > Frederic, > > > > Thank you for the response. While adding this feature, do you plan to > > add another checkbox in the ESP preferences so the user can switch > > between ASCII/hex modes for encryption keys? > > > > Thank you, > > Alex Filonenko > > > > > > > > ------------------------------------------------------------------------ > > *From:* Frédéric Roudaut [mailto:[EMAIL PROTECTED] > > *Sent:* Tuesday, August 01, 2006 5:19 AM > > *To:* Filonenko Alexander-AAF013 > > *Cc:* Ethereal development; Developer support list for Wireshark > > *Subject:* Re: IPsec Dissector to decrypt ESP Payload > > > > Hi, > > > > sorry for my late answer. You're right for the key. To enter binary > > keys you need to modify the dissector. It should easy to adapt. If > > needed, I could easily add this but however not before the beginning > > of september. > > Sorry for that. > > > > best regards, > > > > -- > > Frederic Roudaut > > > > > > Filonenko Alexander-AAF013 a écrit : > >> Frederic, > >> > >> I am using ESP decryption features of your dissector and it is very > useful. > >> I have one question though. How can I use arbitrary (non-ASCII) > encryption key with preferences available for ESP? Is the key limited to > ASCII characters only? > >> > >> Thank you, > >> Alex > >> > >> -----Original Message----- > >> From: Filonenko Alexander-AAF013 > >> Sent: Friday, February 24, 2006 4:43 PM > >> To: 'Ethereal development' > >> Subject: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload > >> > >> Frederic, > >> > >> I find IPsec functionality you have added to the dissector very useful. > >> Hope I can provide you with some feedback in a few weeks. > >> > >> Thank you, > >> Alex Filonenko > >> > >> > >>> -----Original Message----- > >>> From: [EMAIL PROTECTED] > >>> [mailto:[EMAIL PROTECTED] On Behalf Of Frederic > >>> Roudaut > >>> Sent: Friday, February 24, 2006 10:01 AM > >>> To: Ethereal development > >>> Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload > >>> > >>> > >>> Hi, > >>> > >>> finally, I have updated my dissector using libgcrypt. > >>> It does not use openssl anymore. > >>> If gnutls is installed, all should work. > >>> Thus, now it should decrypt and dissect (transport/tunnel/several > >>> encapsulations ...) : > >>> > >>> - NULL Encryption Algorithm > >>> - TripleDES-CBC [RFC2451] : keylen 192 bits. > >>> - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits. > >>> - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining > >>> 32 bits will be used as nonce. > >>> - DES-CBC [RFC2405] : keylen 64 bits > >>> > >>> I also have added : > >>> > >>> - BLOWFISH-CBC : keylen 128 bits. > >>> - TWOFISH-CBC : keylen 128/256 bits. > >>> > >>> You have to indicate the Authentication algorithm even if all > >>> Algorithms since it uses 12 bytes in the Auth field should work (have > >>> a look to the README to understand why I put it > >>> ;-) ). If you consider I have to throw it away please tell me. > >>> > >>> HMAC-SHA1-96 [RFC2404] > >>> NULL > >>> AES-XCBC-MAC-96 [RFC3566] > >>> HMAC-MD5-96 [RFC2403] > >>> > >>> In the attachment you will get : > >>> - this dissector > >>> - a new README > >>> - some example capture files with associated preferences files (and > >>> setkey config files) > >>> > >>> > >>> Best Regards, > >>> > >>> > >>> ---- > >>> Frederic > >>> > >>> > >>> > >>> > >>> > >>> > >>> -- > >>> Frédéric ROUDAUT > >>> IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France > >>> Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71 > >>> > >>> > >>> > >> _______________________________________________ > >> Ethereal-dev mailing list > >> [email protected] > >> http://www.ethereal.com/mailman/listinfo/ethereal-dev > >> > >> > >> > > > > > > _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
