search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
epan/dissectors/pidl/samr/samr.cnf cnf_dissect_lsa_BinaryString => lsarpc_dissect_str...
[wireshark-sm.git] / epan / dissectors / packet-isakmp.c
blob70585e302c48133af3fc7bf106bd0dfb2861a761
1 /* packet-isakmp.c
2 * Routines for the Internet Security Association and Key Management Protocol
3 * (ISAKMP) (RFC 2408) and the Internet IP Security Domain of Interpretation
4 * for ISAKMP (RFC 2407)
5 * Brad Robel-Forrest <brad.robel-forrest@watchguard.com>
6 *
7 * Added routines for the Internet Key Exchange (IKEv2) Protocol
8 * (draft-ietf-ipsec-ikev2-17.txt)
9 * Shoichi Sakane <sakane@tanu.org>
10 *
11 * Added routines for RFC3947 Negotiation of NAT-Traversal in the IKE
12 * ronnie sahlberg
13 *
14 * 04/2009 Added routines for decryption of IKEv2 Encrypted Payload
15 * Naoyoshi Ueda <piyomaru3141@gmail.com>
16 *
17 * 08/2016 Added decryption using AES-GCM, AES-CCM and AES-CTR
18 * and verification using AES-GCM, AES-CCM
19 * Michal Skalski <mskalski13@gmail.com>
20 *
21 * Wireshark - Network traffic analyzer
22 * By Gerald Combs <gerald@wireshark.org>
23 * Copyright 1998 Gerald Combs
24 *
25 * SPDX-License-Identifier: GPL-2.0-or-later
26 *
27 * References:
28 * IKEv2 https://tools.ietf.org/html/rfc4306
29 * IKEv2bis https://tools.ietf.org/html/rfc5996
30 *
31 * http://www.iana.org/assignments/isakmp-registry (last updated 2011-11-07)
32 * http://www.iana.org/assignments/ipsec-registry (last updated 2011-03-14)
33 * http://www.iana.org/assignments/ikev2-parameters (last updated 2011-12-19)
34 */
35
36 #include "config.h"
37
38 #include <epan/packet.h>
39 #include <epan/ipproto.h>
40 #include <epan/asn1.h>
41 #include <epan/reassemble.h>
42 #include <epan/prefs.h>
43 #include <epan/expert.h>
44 #include <epan/to_str.h>
45 #include <epan/conversation.h>
46 #include <epan/tfs.h>
47 #include <wsutil/str_util.h>
48 #include "packet-x509if.h"
49 #include "packet-x509af.h"
50 #include "packet-gsm_a_common.h"
51 #include "packet-isakmp.h"
52 #include "packet-ber.h"
53
54 #include <wsutil/wsgcrypt.h>
55 #include <wsutil/array.h>
56 #include <epan/proto_data.h>
57 #include <epan/uat.h>
58
59 void proto_register_isakmp(void);
60 void proto_reg_handoff_isakmp(void);
61
62 typedef struct _attribute_common_fields {
63 int all;
64 int format;
65 int type;
66 int length;
67 int value;
68 } attribute_common_fields;
69
70 static int proto_isakmp;
71
72 static int hf_isakmp_nat_keepalive;
73 static int hf_isakmp_nat_hash;
74 static int hf_isakmp_nat_original_address_ipv6;
75 static int hf_isakmp_nat_original_address_ipv4;
76
77 static int hf_isakmp_ispi;
78 static int hf_isakmp_rspi;
79 static int hf_isakmp_typepayload;
80 static int hf_isakmp_nextpayload;
81 static int hf_isakmp_criticalpayload;
82 static int hf_isakmp_reserved2;
83 static int hf_isakmp_reserved7;
84 static int hf_isakmp_reserved;
85 static int hf_isakmp_datapayload;
86 static int hf_isakmp_extradata;
87 static int hf_isakmp_version;
88 static int hf_isakmp_mjver;
89 static int hf_isakmp_mnver;
90 static int hf_isakmp_exchangetype_v1;
91 static int hf_isakmp_exchangetype_v2;
92 static int hf_isakmp_flags;
93 static int hf_isakmp_flag_e;
94 static int hf_isakmp_flag_c;
95 static int hf_isakmp_flag_a;
96 static int hf_isakmp_flag_i;
97 static int hf_isakmp_flag_v;
98 static int hf_isakmp_flag_r;
99 static int hf_isakmp_messageid;
100 static int hf_isakmp_length;
101 static int hf_isakmp_payloadlen;
102 static int hf_isakmp_sa_doi;
103 static int hf_isakmp_sa_situation;
104 static int hf_isakmp_sa_attribute_next_payload;
105 static int hf_isakmp_sa_situation_identity_only;
106 static int hf_isakmp_sa_situation_secrecy;
107 static int hf_isakmp_sa_situation_integrity;
108 static int hf_isakmp_prop_protoid_v1;
109 static int hf_isakmp_prop_protoid_v2;
110 static int hf_isakmp_prop_number;
111 static int hf_isakmp_prop_transforms;
112 static int hf_isakmp_spisize;
113 static int hf_isakmp_spi;
114 static int hf_isakmp_trans_number;
115 static int hf_isakmp_trans_id;
116 static int hf_isakmp_id_type_v1;
117 static int hf_isakmp_id_type_v2;
118 static int hf_isakmp_id_protoid;
119 static int hf_isakmp_id_port;
120 static int hf_isakmp_id_data;
121 static int hf_isakmp_id_data_ipv4_addr;
122 static int hf_isakmp_id_data_fqdn;
123 static int hf_isakmp_id_data_user_fqdn;
124 static int hf_isakmp_id_data_ipv4_subnet;
125 static int hf_isakmp_id_data_ipv4_range_start;
126 static int hf_isakmp_id_data_ipv4_range_end;
127 static int hf_isakmp_id_data_ipv6_addr;
128 static int hf_isakmp_id_data_ipv6_subnet;
129 static int hf_isakmp_id_data_ipv6_range_start;
130 static int hf_isakmp_id_data_ipv6_range_end;
131 static int hf_isakmp_id_data_key_id;
132 static int hf_isakmp_id_data_cert;
133 static int hf_isakmp_cert_encoding_v1;
134 static int hf_isakmp_cert_encoding_v2;
135 static int hf_isakmp_cert_data;
136 static int hf_isakmp_cert_x509_hash;
137 static int hf_isakmp_cert_x509_url;
138 static int hf_isakmp_certreq_type_v1;
139 static int hf_isakmp_certreq_type_v2;
140 static int hf_isakmp_certreq_authority_v1;
141 static int hf_isakmp_certreq_authority_v2;
142 static int hf_isakmp_certreq_authority_sig;
143 static int hf_isakmp_auth_meth;
144 static int hf_isakmp_auth_data;
145 static int hf_isakmp_auth_digital_sig_asn1_len;
146 static int hf_isakmp_auth_digital_sig_asn1_data;
147 static int hf_isakmp_auth_digital_sig_value;
148 static int hf_isakmp_notify_doi;
149 static int hf_isakmp_notify_protoid_v1;
150 static int hf_isakmp_notify_protoid_v2;
151 static int hf_isakmp_notify_msgtype_v1;
152 static int hf_isakmp_notify_msgtype_v2;
153 static int hf_isakmp_notify_data;
154 static int hf_isakmp_notify_data_dpd_are_you_there;
155 static int hf_isakmp_notify_data_dpd_are_you_there_ack;
156 static int hf_isakmp_notify_data_unity_load_balance;
157 static int hf_isakmp_notify_data_fortinet_network_overlay_id;
158 static int hf_isakmp_notify_data_accepted_dh_group;
159 static int hf_isakmp_notify_data_ipcomp_cpi;
160 static int hf_isakmp_notify_data_ipcomp_transform_id;
161 static int hf_isakmp_notify_data_auth_lifetime;
162 static int hf_isakmp_notify_data_redirect_gw_ident_type;
163 static int hf_isakmp_notify_data_redirect_gw_ident_len;
164 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv4;
165 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv6;
166 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident_fqdn;
167 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident;
168 static int hf_isakmp_notify_data_redirect_nonce_data;
169 static int hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv4;
170 static int hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv6;
171 static int hf_isakmp_notify_data_redirect_org_resp_gw_ident;
172 static int hf_isakmp_notify_data_ticket_lifetime;
173 static int hf_isakmp_notify_data_ticket_data;
174
175 static attribute_common_fields hf_isakmp_notify_data_rohc_attr;
176 static int hf_isakmp_notify_data_rohc_attr_max_cid;
177 static int hf_isakmp_notify_data_rohc_attr_profile;
178 static int hf_isakmp_notify_data_rohc_attr_integ;
179 static int hf_isakmp_notify_data_rohc_attr_icv_len;
180 static int hf_isakmp_notify_data_rohc_attr_mrru;
181 static int hf_isakmp_notify_data_qcd_token_secret_data;
182 static int hf_isakmp_notify_data_ha_nonce_data;
183 static int hf_isakmp_notify_data_ha_expected_send_req_msg_id;
184 static int hf_isakmp_notify_data_ha_expected_recv_req_msg_id;
185 static int hf_isakmp_notify_data_ha_incoming_ipsec_sa_delta_value;
186 static int hf_isakmp_notify_data_secure_password_methods;
187 static int hf_isakmp_notify_data_signature_hash_algorithms;
188 static int hf_isakmp_delete_doi;
189 static int hf_isakmp_delete_protoid_v1;
190 static int hf_isakmp_delete_protoid_v2;
191 static int hf_isakmp_delete_spi;
192 static int hf_isakmp_vid_bytes;
193 static int hf_isakmp_vid_string;
194 static int hf_isakmp_vid_cp_product;
195 static int hf_isakmp_vid_cp_version;
196 static int hf_isakmp_vid_cp_timestamp;
197 static int hf_isakmp_vid_cp_reserved;
198 static int hf_isakmp_vid_cp_features;
199 static int hf_isakmp_vid_cisco_unity_major;
200 static int hf_isakmp_vid_cisco_unity_minor;
201 static int hf_isakmp_vid_ms_nt5_isakmpoakley;
202 static int hf_isakmp_vid_aruba_via_auth_profile;
203 static int hf_isakmp_vid_fortinet_fortigate_release;
204 static int hf_isakmp_vid_fortinet_fortigate_build;
205 static int hf_isakmp_ts_number_of_ts;
206 static int hf_isakmp_ts_type;
207 static int hf_isakmp_ts_protoid;
208 static int hf_isakmp_ts_selector_length;
209 static int hf_isakmp_ts_start_port;
210 static int hf_isakmp_ts_end_port;
211 static int hf_isakmp_ts_start_addr_ipv4;
212 static int hf_isakmp_ts_end_addr_ipv4;
213 static int hf_isakmp_ts_start_addr_ipv6;
214 static int hf_isakmp_ts_end_addr_ipv6;
215 static int hf_isakmp_ts_start_addr_fc;
216 static int hf_isakmp_ts_end_addr_fc;
217 static int hf_isakmp_ts_start_r_ctl;
218 static int hf_isakmp_ts_end_r_ctl;
219 static int hf_isakmp_ts_start_type;
220 static int hf_isakmp_ts_end_type;
221 static int hf_isakmp_ts_data;
222 static int hf_isakmp_num_spis;
223 static int hf_isakmp_hash;
224 static int hf_isakmp_sig;
225 static int hf_isakmp_nonce;
226 static int hf_isakmp_symmetric_key;
227
228 static int hf_isakmp_notify_data_3gpp_backoff_timer_len;
229
230 static int hf_isakmp_notify_data_3gpp_device_identity_len;
231 static int hf_isakmp_notify_data_3gpp_device_identity_type;
232 static int hf_isakmp_notify_data_3gpp_device_identity_imei;
233 static int hf_isakmp_notify_data_3gpp_device_identity_imeisv;
234
235 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_len;
236 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_spare;
237 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_element_len;
238 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_flags;
239
240 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b1_police;
241 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b2_ambulance;
242 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b3_fire_brigade;
243 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b4_marine_guard;
244 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b5_mountain_rescue;
245
246 static int hf_iskamp_notify_data_3gpp_emergency_call_number;
247
248 static attribute_common_fields hf_isakmp_tek_key_attr;
249
250 static attribute_common_fields hf_isakmp_ipsec_attr;
251 static int hf_isakmp_ipsec_attr_life_type;
252 static int hf_isakmp_ipsec_attr_life_duration_uint32;
253 static int hf_isakmp_ipsec_attr_life_duration_uint64;
254 static int hf_isakmp_ipsec_attr_life_duration_bytes;
255 static int hf_isakmp_ipsec_attr_group_description;
256 static int hf_isakmp_ipsec_attr_encap_mode;
257 static int hf_isakmp_ipsec_attr_auth_algorithm;
258 static int hf_isakmp_ipsec_attr_key_length;
259 static int hf_isakmp_ipsec_attr_key_rounds;
260 static int hf_isakmp_ipsec_attr_cmpr_dict_size;
261 static int hf_isakmp_ipsec_attr_cmpr_algorithm;
262 static int hf_isakmp_ipsec_attr_ecn_tunnel;
263 static int hf_isakmp_ipsec_attr_ext_seq_nbr;
264 static int hf_isakmp_ipsec_attr_auth_key_length;
265 static int hf_isakmp_ipsec_attr_sig_enco_algorithm;
266 static int hf_isakmp_ipsec_attr_addr_preservation;
267 static int hf_isakmp_ipsec_attr_sa_direction;
268
269 static attribute_common_fields hf_isakmp_resp_lifetime_ipsec_attr;
270 static int hf_isakmp_resp_lifetime_ipsec_attr_life_type;
271 static int hf_isakmp_resp_lifetime_ipsec_attr_life_duration_uint32;
272 static int hf_isakmp_resp_lifetime_ipsec_attr_life_duration_uint64;
273 static int hf_isakmp_resp_lifetime_ipsec_attr_life_duration_bytes;
274
275 static attribute_common_fields hf_isakmp_ike_attr;
276 static int hf_isakmp_ike_attr_encryption_algorithm;
277 static int hf_isakmp_ike_attr_hash_algorithm;
278 static int hf_isakmp_ike_attr_authentication_method;
279 static int hf_isakmp_ike_attr_authentication_method_china;
280 static int hf_isakmp_ike_attr_group_description;
281 static int hf_isakmp_ike_attr_group_type;
282 static int hf_isakmp_ike_attr_group_prime;
283 static int hf_isakmp_ike_attr_group_generator_one;
284 static int hf_isakmp_ike_attr_group_generator_two;
285 static int hf_isakmp_ike_attr_group_curve_a;
286 static int hf_isakmp_ike_attr_group_curve_b;
287 static int hf_isakmp_ike_attr_life_type;
288 static int hf_isakmp_ike_attr_life_duration_uint32;
289 static int hf_isakmp_ike_attr_life_duration_uint64;
290 static int hf_isakmp_ike_attr_life_duration_bytes;
291 static int hf_isakmp_ike_attr_prf;
292 static int hf_isakmp_ike_attr_key_length;
293 static int hf_isakmp_ike_attr_field_size;
294 static int hf_isakmp_ike_attr_group_order;
295 static int hf_isakmp_ike_attr_block_size;
296 static int hf_isakmp_ike_attr_asymmetric_cryptographic_algorithm_type;
297
298 static attribute_common_fields hf_isakmp_resp_lifetime_ike_attr;
299 static int hf_isakmp_resp_lifetime_ike_attr_life_type;
300 static int hf_isakmp_resp_lifetime_ike_attr_life_duration_uint32;
301 static int hf_isakmp_resp_lifetime_ike_attr_life_duration_uint64;
302 static int hf_isakmp_resp_lifetime_ike_attr_life_duration_bytes;
303
304 static int hf_isakmp_trans_type;
305 static int hf_isakmp_trans_encr;
306 static int hf_isakmp_trans_prf;
307 static int hf_isakmp_trans_integ;
308 static int hf_isakmp_trans_dh;
309 static int hf_isakmp_trans_esn;
310 static int hf_isakmp_trans_id_v2;
311
312 static attribute_common_fields hf_isakmp_ike2_attr;
313 static int hf_isakmp_ike2_attr_key_length;
314
315 static int hf_isakmp_fragments;
316 static int hf_isakmp_fragment;
317 static int hf_isakmp_fragment_overlap;
318 static int hf_isakmp_fragment_overlap_conflicts;
319 static int hf_isakmp_fragment_multiple_tails;
320 static int hf_isakmp_fragment_too_long_fragment;
321 static int hf_isakmp_fragment_error;
322 static int hf_isakmp_fragment_count;
323 static int hf_isakmp_reassembled_in;
324 static int hf_isakmp_reassembled_length;
325
326 static int hf_isakmp_ike2_fragment_number;
327 static int hf_isakmp_ike2_total_fragments;
328
329 static int hf_isakmp_cisco_frag_packetid;
330 static int hf_isakmp_cisco_frag_seq;
331 static int hf_isakmp_cisco_frag_last;
332
333 static int hf_isakmp_key_exch_dh_group;
334 static int hf_isakmp_key_exch_data;
335 static int hf_isakmp_eap_data;
336
337 static int hf_isakmp_gspm_data;
338
339 static int hf_isakmp_cfg_type_v1;
340 static int hf_isakmp_cfg_identifier;
341 static int hf_isakmp_cfg_type_v2;
342
343 static attribute_common_fields hf_isakmp_cfg_attr;
344 static int hf_isakmp_cfg_attr_type_v1;
345 static int hf_isakmp_cfg_attr_type_v2;
346
347 static int hf_isakmp_cfg_attr_internal_ip4_address;
348 static int hf_isakmp_cfg_attr_internal_ip4_netmask;
349 static int hf_isakmp_cfg_attr_internal_ip4_dns;
350 static int hf_isakmp_cfg_attr_internal_ip4_nbns;
351 static int hf_isakmp_cfg_attr_internal_address_expiry;
352 static int hf_isakmp_cfg_attr_internal_ip4_dhcp;
353 static int hf_isakmp_cfg_attr_application_version;
354 static int hf_isakmp_cfg_attr_internal_ip6_address_ip;
355 static int hf_isakmp_cfg_attr_internal_ip6_address_prefix;
356 static int hf_isakmp_cfg_attr_internal_ip6_netmask;
357 static int hf_isakmp_cfg_attr_internal_ip6_dns;
358 static int hf_isakmp_cfg_attr_internal_ip6_nbns;
359 static int hf_isakmp_cfg_attr_internal_ip6_dhcp;
360 static int hf_isakmp_cfg_attr_internal_ip4_subnet_ip;
361 static int hf_isakmp_cfg_attr_internal_ip4_subnet_netmask;
362 static int hf_isakmp_cfg_attr_supported_attributes;
363 static int hf_isakmp_cfg_attr_internal_ip6_subnet_ip;
364 static int hf_isakmp_cfg_attr_internal_ip6_subnet_prefix;
365 static int hf_isakmp_cfg_attr_internal_ip6_link_interface;
366 static int hf_isakmp_cfg_attr_internal_ip6_link_id;
367 static int hf_isakmp_cfg_attr_internal_ip6_prefix_ip;
368 static int hf_isakmp_cfg_attr_internal_ip6_prefix_length;
369 static int hf_isakmp_cfg_attr_p_cscf_ip4_address;
370 static int hf_isakmp_cfg_attr_p_cscf_ip6_address;
371 static int hf_isakmp_cfg_attr_xauth_type;
372 static int hf_isakmp_cfg_attr_xauth_user_name;
373 static int hf_isakmp_cfg_attr_xauth_user_password;
374 static int hf_isakmp_cfg_attr_xauth_passcode;
375 static int hf_isakmp_cfg_attr_xauth_message;
376 static int hf_isakmp_cfg_attr_xauth_challenge;
377 static int hf_isakmp_cfg_attr_xauth_domain;
378 static int hf_isakmp_cfg_attr_xauth_status;
379 static int hf_isakmp_cfg_attr_xauth_next_pin;
380 static int hf_isakmp_cfg_attr_xauth_answer;
381 static int hf_isakmp_cfg_attr_unity_banner;
382 static int hf_isakmp_cfg_attr_unity_def_domain;
383
384 static int hf_isakmp_sak_next_payload;
385 static int hf_isakmp_sak_reserved;
386 static int hf_isakmp_sak_payload_len;
387 static int hf_isakmp_sak_protocol;
388 static int hf_isakmp_sak_src_id_type;
389 static int hf_isakmp_sak_src_id_port;
390 static int hf_isakmp_sak_src_id_length;
391 static int hf_isakmp_sak_src_id_data;
392 static int hf_isakmp_sak_dst_id_type;
393 static int hf_isakmp_sak_dst_id_port;
394 static int hf_isakmp_sak_dst_id_length;
395 static int hf_isakmp_sak_dst_id_data;
396 static int hf_isakmp_sak_spi;
397
398 static int hf_isakmp_sat_next_payload;
399 static int hf_isakmp_sat_reserved;
400 static int hf_isakmp_sat_payload_len;
401 static int hf_isakmp_sat_protocol_id;
402 static int hf_isakmp_sat_protocol;
403 static int hf_isakmp_sat_src_id_type;
404 static int hf_isakmp_sat_src_id_port;
405 static int hf_isakmp_sat_src_id_length;
406 static int hf_isakmp_sat_src_id_data;
407 static int hf_isakmp_sat_dst_id_type;
408 static int hf_isakmp_sat_dst_id_port;
409 static int hf_isakmp_sat_dst_id_length;
410 static int hf_isakmp_sat_dst_id_data;
411 static int hf_isakmp_sat_transform_id;
412 static int hf_isakmp_sat_spi;
413 static int hf_isakmp_sat_payload;
414
415 static int hf_isakmp_kd_num_key_pkt;
416 static int hf_isakmp_kd_payload;
417 static int hf_isakmp_kdp_type;
418 static int hf_isakmp_kdp_length;
419 static int hf_isakmp_kdp_spi_size;
420 static int hf_isakmp_kdp_spi;
421
422 static int hf_isakmp_seq_seq;
423
424 static int hf_isakmp_enc_decrypted_data;
425 static int hf_isakmp_enc_contained_data;
426 static int hf_isakmp_enc_pad_length;
427 static int hf_isakmp_enc_padding;
428 static int hf_isakmp_enc_data;
429 static int hf_isakmp_enc_iv;
430 static int hf_isakmp_enc_icd;
431
432 static int ett_isakmp;
433 static int ett_isakmp_version;
434 static int ett_isakmp_flags;
435 static int ett_isakmp_payload;
436 static int ett_isakmp_payload_digital_signature;
437 static int ett_isakmp_payload_digital_signature_asn1_data;
438 static int ett_isakmp_fragment;
439 static int ett_isakmp_fragments;
440 static int ett_isakmp_sa;
441 static int ett_isakmp_attr;
442 static int ett_isakmp_id;
443 static int ett_isakmp_notify_data;
444 static int ett_isakmp_notify_data_3gpp_emergency_call_numbers_main;
445 static int ett_isakmp_notify_data_3gpp_emergency_call_numbers_element;
446 static int ett_isakmp_ts;
447 static int ett_isakmp_kd;
448 /* For decrypted IKEv2 Encrypted payload*/
449 static int ett_isakmp_decrypted_data;
450 static int ett_isakmp_decrypted_payloads;
451
452 static expert_field ei_isakmp_enc_iv;
453 static expert_field ei_isakmp_ikev2_integrity_checksum;
454 static expert_field ei_isakmp_enc_data_length_mult_block_size;
455 static expert_field ei_isakmp_enc_pad_length_big;
456 static expert_field ei_isakmp_attribute_value_empty;
457 static expert_field ei_isakmp_payload_bad_length;
458 static expert_field ei_isakmp_bad_fragment_number;
459 static expert_field ei_isakmp_notify_data_3gpp_unknown_device_identity;
460
461 static dissector_handle_t eap_handle;
462 static dissector_handle_t isakmp_handle;
463
464
465 static reassembly_table isakmp_cisco_reassembly_table;
466 static reassembly_table isakmp_ike2_reassembly_table;
467
468 static const fragment_items isakmp_frag_items = {
469 /* Fragment subtrees */
470 &ett_isakmp_fragment,
471 &ett_isakmp_fragments,
472 /* Fragment fields */
473 &hf_isakmp_fragments,
474 &hf_isakmp_fragment,
475 &hf_isakmp_fragment_overlap,
476 &hf_isakmp_fragment_overlap_conflicts,
477 &hf_isakmp_fragment_multiple_tails,
478 &hf_isakmp_fragment_too_long_fragment,
479 &hf_isakmp_fragment_error,
480 &hf_isakmp_fragment_count,
481 /* Reassembled in field */
482 &hf_isakmp_reassembled_in,
483 /* Reassembled length field */
484 &hf_isakmp_reassembled_length,
485 /* Reassembled data field */
486 NULL,
487 /* Tag */
488 "Message fragments"
489 };
490 /* IKE port number assigned by IANA */
491 #define UDP_PORT_ISAKMP 500
492 #define TCP_PORT_ISAKMP 500
493
494 /*
495 * Identifier Type
496 * RFC2407 for IKEv1
497 * RFC3554 for ID_LIST
498 * RFC4306 for IKEv2
499 * RFC4595 for ID_FC_NAME
500 */
501 #define IKE_ID_IPV4_ADDR 1
502 #define IKE_ID_FQDN 2
503 #define IKE_ID_USER_FQDN 3
504 #define IKE_ID_IPV4_ADDR_SUBNET 4
505 #define IKE_ID_IPV6_ADDR 5
506 #define IKE_ID_IPV6_ADDR_SUBNET 6
507 #define IKE_ID_IPV4_ADDR_RANGE 7
508 #define IKE_ID_IPV6_ADDR_RANGE 8
509 #define IKE_ID_DER_ASN1_DN 9
510 #define IKE_ID_DER_ASN1_GN 10
511 #define IKE_ID_KEY_ID 11
512 #define IKE_ID_LIST 12
513 #define IKE_ID_FC_NAME 12
514 #define IKE_ID_RFC822_ADDR 3
515 /*
516 * Traffic Selector Type
517 * Not in use for IKEv1
518 */
519 #define IKEV2_TS_IPV4_ADDR_RANGE 7
520 #define IKEV2_TS_IPV6_ADDR_RANGE 8
521 #define IKEV2_TS_FC_ADDR_RANGE 9 /* RFC 4595 */
522 /*
523 * Configuration Payload Attribute Types
524 * draft-ietf-ipsec-isakmp-mode-cfg-05.txt for IKEv1
525 * draft-ietf-ipsec-isakmp-xauth-06.txt and draft-beaulieu-ike-xauth-02.txt for XAUTH
526 * RFC4306 for IKEv2
527 * RFC5739 for INTERNAL_IP6_LINK and INTERNAL_IP6_PREFIX
528 * draft-gundavelli-ipsecme-3gpp-ims-options for P_CSCF_IP4_ADDRESS and P_CSCF_IP6_ADDRESS
529 */
530 #define INTERNAL_IP4_ADDRESS 1
531 #define INTERNAL_IP4_NETMASK 2
532 #define INTERNAL_IP4_DNS 3
533 #define INTERNAL_IP4_NBNS 4
534 #define INTERNAL_ADDRESS_EXPIRY 5
535 #define INTERNAL_IP4_DHCP 6
536 #define APPLICATION_VERSION 7
537 #define INTERNAL_IP6_ADDRESS 8
538 #define INTERNAL_IP6_NETMASK 9
539 #define INTERNAL_IP6_DNS 10
540 #define INTERNAL_IP6_NBNS 11
541 #define INTERNAL_IP6_DHCP 12
542 #define INTERNAL_IP4_SUBNET 13
543 #define SUPPORTED_ATTRIBUTES 14
544 #define INTERNAL_IP6_SUBNET 15
545 #define MIP6_HOME_PREFIX 16
546 #define INTERNAL_IP6_LINK 17
547 #define INTERNAL_IP6_PREFIX 18
548 #define P_CSCF_IP4_ADDRESS 20
549 #define P_CSCF_IP6_ADDRESS 21
550 /* checkpoint configuration attributes */
551 #define CHKPT_DEF_DOMAIN 16387
552 #define CHKPT_MAC_ADDRESS 16388
553 #define CHKPT_MARCIPAN_REASON_CODE 16389
554 #define CHKPT_UNKNOWN1 16400
555 #define CHKPT_UNKNOWN2 16401
556 #define CHKPT_UNKNOWN3 16402
557 /* XAUTH configuration attributes */
558 #define XAUTH_TYPE 16520
559 #define XAUTH_USER_NAME 16521
560 #define XAUTH_USER_PASSWORD 16522
561 #define XAUTH_PASSCODE 16523
562 #define XAUTH_MESSAGE 16524
563 #define XAUTH_CHALLENGE 16525
564 #define XAUTH_DOMAIN 16526
565 #define XAUTH_STATUS 16527
566 #define XAUTH_NEXT_PIN 16528
567 #define XAUTH_ANSWER 16529
568 /* unity (CISCO) configuration attributes */
569 #define UNITY_BANNER 28672
570 #define UNITY_SAVE_PASSWD 28673
571 #define UNITY_DEF_DOMAIN 28674
572 #define UNITY_SPLIT_DOMAIN 28675
573 #define UNITY_SPLIT_INCLUDE 28676
574 #define UNITY_NATT_PORT 28677
575 #define UNITY_SPLIT_EXCLUDE 28678
576 #define UNITY_PFS 28679
577 #define UNITY_FW_TYPE 28680
578 #define UNITY_BACKUP_SERVERS 28681
579 #define UNITY_DDNS_HOSTNAME 28682
580
581 /* Payload Type
582 * RFC2408 / RFC3547 for IKEv1
583 * RFC4306 for IKEv2
584 */
585 #define PLOAD_IKE_NONE 0
586 #define PLOAD_IKE_SA 1
587 #define PLOAD_IKE_P 2
588 #define PLOAD_IKE_T 3
589 #define PLOAD_IKE_KE 4
590 #define PLOAD_IKE_ID 5
591 #define PLOAD_IKE_CERT 6
592 #define PLOAD_IKE_CR 7
593 #define PLOAD_IKE_HASH 8
594 #define PLOAD_IKE_SIG 9
595 #define PLOAD_IKE_NONCE 10
596 #define PLOAD_IKE_N 11
597 #define PLOAD_IKE_D 12
598 #define PLOAD_IKE_VID 13
599 #define PLOAD_IKE_A 14
600 #define PLOAD_IKE_SAK 15
601 #define PLOAD_IKE_SAT 16
602 #define PLOAD_IKE_KD 17
603 #define PLOAD_IKE_SEQ 18
604 #define PLOAD_IKE_POP 19
605 #define PLOAD_IKE_NAT_D 20
606 #define PLOAD_IKE_NAT_OA 21
607 #define PLOAD_IKE_GAP 22
608 #define PLOAD_IKE2_SA 33
609 #define PLOAD_IKE2_KE 34
610 #define PLOAD_IKE2_IDI 35
611 #define PLOAD_IKE2_IDR 36
612 #define PLOAD_IKE2_CERT 37
613 #define PLOAD_IKE2_CERTREQ 38
614 #define PLOAD_IKE2_AUTH 39
615 #define PLOAD_IKE2_NONCE 40
616 #define PLOAD_IKE2_N 41
617 #define PLOAD_IKE2_D 42
618 #define PLOAD_IKE2_V 43
619 #define PLOAD_IKE2_TSI 44
620 #define PLOAD_IKE2_TSR 45
621 #define PLOAD_IKE2_SK 46
622 #define PLOAD_IKE2_CP 47
623 #define PLOAD_IKE2_EAP 48
624 #define PLOAD_IKE2_GSPM 49
625 #define PLOAD_IKE2_IDG 50
626 #define PLOAD_IKE2_GSA 51
627 #define PLOAD_IKE2_KD 52
628 #define PLOAD_IKE2_SKF 53
629 #define PLOAD_IKE_SK 128
630 #define PLOAD_IKE_NAT_D13 130
631 #define PLOAD_IKE_NAT_OA14 131
632 #define PLOAD_IKE_CISCO_FRAG 132
633 /*
634 * IPSEC Situation Definition (RFC2407)
635 */
636 #define SIT_IDENTITY_ONLY 0x00000001
637 #define SIT_SECRECY 0x00000002
638 #define SIT_INTEGRITY 0x00000004
639
640
641 static const value_string exchange_v1_type[] = {
642 { 0, "NONE" },
643 { 1, "Base" },
644 { 2, "Identity Protection (Main Mode)" },
645 { 3, "Authentication Only" },
646 { 4, "Aggressive" },
647 { 5, "Informational" },
648 { 6, "Transaction (Config Mode)" },
649 { 32, "Quick Mode" },
650 { 33, "New Group Mode" },
651 { 0, NULL },
652 };
653
654 static const value_string exchange_v2_type[] = {
655 { 34, "IKE_SA_INIT" },
656 { 35, "IKE_AUTH" },
657 { 36, "CREATE_CHILD_SA" },
658 { 37, "INFORMATIONAL" },
659 { 38, "IKE_SESSION_RESUME" }, /* RFC5723 */
660 { 39, "GSA_AUTH" }, /* draft-yeung-g-ikev2 */
661 { 40, "GSA_REGISTRATION" }, /* draft-yeung-g-ikev2 */
662 { 41, "GSA_REKEY " }, /* draft-yeung-g-ikev2 */
663 { 42, "Unassigned" },
664 { 43, "IKE_INTERMEDIATE" }, /* [RFC9242] */
665 { 44, "IKE_FOLLOWUP_KE" }, /* [RFC9370] */
666 { 0, NULL },
667 };
668
669 static const value_string frag_last_vals[] = {
670 { 0, "More fragments" },
671 { 1, "Last fragment" },
672 { 0, NULL },
673 };
674 /* Ex vs_proto */
675 static const value_string protoid_v1_type[] = {
676 { 0, "RESERVED" },
677 { 1, "ISAKMP" },
678 { 2, "IPSEC_AH" },
679 { 3, "IPSEC_ESP" },
680 { 4, "IPCOMP" },
681 { 5, "GIGABEAM_RADIO" }, /* RFC4705 */
682 { 0, NULL },
683 };
684
685 static const value_string protoid_v2_type[] = {
686 { 0, "RESERVED" },
687 { 1, "IKE" },
688 { 2, "AH" },
689 { 3, "ESP" },
690 { 4, "FC_ESP_HEADER" },
691 { 5, "FC_CT_AUTHENTICATION" },
692 { 0, NULL },
693 };
694
695 static const range_string payload_type[] = {
696 { PLOAD_IKE_NONE,PLOAD_IKE_NONE, "NONE / No Next Payload" },
697 { PLOAD_IKE_SA,PLOAD_IKE_SA, "Security Association" },
698 { PLOAD_IKE_P,PLOAD_IKE_P, "Proposal" },
699 { PLOAD_IKE_T,PLOAD_IKE_T, "Transform" },
700 { PLOAD_IKE_KE,PLOAD_IKE_KE, "Key Exchange" },
701 { PLOAD_IKE_ID,PLOAD_IKE_ID, "Identification" },
702 { PLOAD_IKE_CERT,PLOAD_IKE_CERT, "Certificate" },
703 { PLOAD_IKE_CR,PLOAD_IKE_CR, "Certificate Request" },
704 { PLOAD_IKE_HASH,PLOAD_IKE_HASH, "Hash" },
705 { PLOAD_IKE_SIG,PLOAD_IKE_SIG, "Signature" },
706 { PLOAD_IKE_NONCE,PLOAD_IKE_NONCE, "Nonce" },
707 { PLOAD_IKE_N,PLOAD_IKE_N, "Notification" },
708 { PLOAD_IKE_D,PLOAD_IKE_D, "Delete" },
709 { PLOAD_IKE_VID,PLOAD_IKE_VID, "Vendor ID" },
710 { PLOAD_IKE_A,PLOAD_IKE_A, "Attributes" }, /* draft-ietf-ipsec-isakmp-mode-cfg-05.txt */
711 { PLOAD_IKE_SAK,PLOAD_IKE_SAK, "SA KEK Payload" }, /* Reassigned with RFC3547; formerly: draft-ietf-ipsec-nat-t-ike-04 to 08 */
712 { PLOAD_IKE_SAT,PLOAD_IKE_SAT, "SA TEK Payload"}, /* Reassigned with RFC3547; formerly: draft-ietf-ipsec-nat-t-ike-05 to 08*/
713 { PLOAD_IKE_KD,PLOAD_IKE_KD, "Key Download" },
714 { PLOAD_IKE_SEQ,PLOAD_IKE_SEQ, "Sequence Number" },
715 { PLOAD_IKE_POP,PLOAD_IKE_POP, "Proof of Possession" }, /* According to RFC6407 deprecated */
716 { PLOAD_IKE_NAT_D,PLOAD_IKE_NAT_D, "NAT-D (RFC 3947)" },
717 { PLOAD_IKE_NAT_OA,PLOAD_IKE_NAT_OA, "NAT-OA (RFC 3947)"},
718 { PLOAD_IKE_GAP,PLOAD_IKE_GAP, "Group Associated Policy"},
719 { PLOAD_IKE2_SA,PLOAD_IKE2_SA, "Security Association"},
720 { PLOAD_IKE2_KE,PLOAD_IKE2_KE, "Key Exchange"},
721 { PLOAD_IKE2_IDI,PLOAD_IKE2_IDI, "Identification - Initiator"},
722 { PLOAD_IKE2_IDR,PLOAD_IKE2_IDR, "Identification - Responder"},
723 { PLOAD_IKE2_CERT,PLOAD_IKE2_CERT, "Certificate"},
724 { PLOAD_IKE2_CERTREQ,PLOAD_IKE2_CERTREQ, "Certificate Request"},
725 { PLOAD_IKE2_AUTH,PLOAD_IKE2_AUTH, "Authentication"},
726 { PLOAD_IKE2_NONCE,PLOAD_IKE2_NONCE, "Nonce"},
727 { PLOAD_IKE2_N,PLOAD_IKE2_N, "Notify"},
728 { PLOAD_IKE2_D,PLOAD_IKE2_D, "Delete"},
729 { PLOAD_IKE2_V,PLOAD_IKE2_V, "Vendor ID"},
730 { PLOAD_IKE2_TSI,PLOAD_IKE2_TSI, "Traffic Selector - Initiator"},
731 { PLOAD_IKE2_TSR,PLOAD_IKE2_TSR, "Traffic Selector - Responder"},
732 { PLOAD_IKE2_SK,PLOAD_IKE2_SK, "Encrypted and Authenticated"},
733 { PLOAD_IKE2_CP,PLOAD_IKE2_CP, "Configuration"},
734 { PLOAD_IKE2_EAP,PLOAD_IKE2_EAP, "Extensible Authentication"},
735 { PLOAD_IKE2_GSPM,PLOAD_IKE2_GSPM, "Generic Secure Password Method"},
736 { PLOAD_IKE2_IDG,PLOAD_IKE2_IDG, "Group Identification"},
737 { PLOAD_IKE2_GSA,PLOAD_IKE2_GSA, "Group Security Association"},
738 { PLOAD_IKE2_KD,PLOAD_IKE2_KD, "Key Download"},
739 { PLOAD_IKE2_SKF,PLOAD_IKE2_SKF, "Encrypted and Authenticated Fragment"},
740 { 54,127, "Unassigned" },
741 { PLOAD_IKE_SK,PLOAD_IKE_SK, "Symmetric-key"},
742 { 129,129, "Private Use" },
743 { PLOAD_IKE_NAT_D13,PLOAD_IKE_NAT_D13, "NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03)"},
744 { PLOAD_IKE_NAT_OA14,PLOAD_IKE_NAT_OA14, "NAT-OA (draft-ietf-ipsec-nat-t-ike-01 to 03)"},
745 { PLOAD_IKE_CISCO_FRAG,PLOAD_IKE_CISCO_FRAG, "Cisco-Fragmentation"},
746 { 133,256, "Private Use" },
747 { 0,0, NULL },
748 };
749
750 /*
751 * ISAKMP Domain of Interpretation (DOI)
752 * RFC2408 for ISAKMP
753 * RFC2407 for IPSEC
754 * RFC3547 for GDOI
755 */
756 static const value_string doi_type[] = {
757 { 0, "ISAKMP" },
758 { 1, "IPSEC" },
759 { 2, "GDOI" },
760 { 0, NULL },
761 };
762
763 /* Transform Type */
764
765 #define IPSEC_ATTR_LIFE_TYPE 1
766 #define IPSEC_ATTR_LIFE_DURATION 2
767 #define IPSEC_ATTR_GROUP_DESC 3
768 #define IPSEC_ATTR_ENCAP_MODE 4
769 #define IPSEC_ATTR_AUTH_ALGORITHM 5
770 #define IPSEC_ATTR_KEY_LENGTH 6
771 #define IPSEC_ATTR_KEY_ROUNDS 7
772 #define IPSEC_ATTR_CMPR_DICT_SIZE 8
773 #define IPSEC_ATTR_CMPR_ALGORITHM 9
774 #define IPSEC_ATTR_ECN_TUNNEL 10 /* [RFC3168] */
775 #define IPSEC_ATTR_EXT_SEQ_NBR 11 /* [RFC4304] */
776 #define IPSEC_ATTR_AUTH_KEY_LENGTH 12 /* [RFC4359] */
777 #define IPSEC_ATTR_SIG_ENCO_ALGORITHM 13 /* [RFC4359] */
778 #define IPSEC_ATTR_ADDR_PRESERVATION 14 /* [RFC6407] */
779 #define IPSEC_ATTR_SA_DIRECTION 15 /* [RFC6407] */
780
781 static const range_string ipsec_attr_type[] = {
782 { 1,1, "SA-Life-Type" },
783 { 2,2, "SA-Life-Duration" },
784 { 3,3, "Group-Description" },
785 { 4,4, "Encapsulation-Mode" },
786 { 5,5, "Authentication-Algorithm" },
787 { 6,6, "Key-Length" },
788 { 7,7, "Key-Rounds" },
789 { 8,8, "Compress-Dictionary-Size" },
790 { 9,9, "Compress-Private-Algorithm" },
791 { 10,10, "ECN Tunnel" },
792 { 11,11, "Extended (64-bit) Sequence Number" },
793 { 12,12, "Authentication Key Length" },
794 { 13,13, "Signature Encoding Algorithm" },
795 { 14,14, "Address Preservation" },
796 { 15,15, "SA Direction" },
797 { 16,32000, "Unassigned (Future use)" },
798 { 32001,32767, "Private use" },
799 { 0,0, NULL },
800 };
801
802 #define KEY_ATTR_TEK_RSERVED 0
803 #define KEY_ATTR_TEK_ALGORITHM 1
804 #define KEY_ATTR_TEK_INTEGRITY 2
805 #define KEY_ATTR_TEK_SRC_AUTH 3
806
807 static const range_string tek_key_attr_type[] = {
808 { 1,1, "TEK_ALGORITHM_KEY" },
809 { 2,2, "TEK_INTEGRITY_KEY" },
810 { 3,3, "TEK_SOURCE_AUTH_KEY" },
811 { 4,137, "Unassigned (Future use)" },
812 { 128,255, "Private use" },
813 { 256,32767, "Unassigned (Future use)" },
814 { 0,0, NULL },
815 };
816
817 /* Transform IKE Type */
818 #define IKE_ATTR_ENCRYPTION_ALGORITHM 1
819 #define IKE_ATTR_HASH_ALGORITHM 2
820 #define IKE_ATTR_AUTHENTICATION_METHOD 3
821 #define IKE_ATTR_GROUP_DESCRIPTION 4
822 #define IKE_ATTR_GROUP_TYPE 5
823 #define IKE_ATTR_GROUP_PRIME 6
824 #define IKE_ATTR_GROUP_GENERATOR_ONE 7
825 #define IKE_ATTR_GROUP_GENERATOR_TWO 8
826 #define IKE_ATTR_GROUP_CURVE_A 9
827 #define IKE_ATTR_GROUP_CURVE_B 10
828 #define IKE_ATTR_LIFE_TYPE 11
829 #define IKE_ATTR_LIFE_DURATION 12
830 #define IKE_ATTR_PRF 13
831 #define IKE_ATTR_KEY_LENGTH 14
832 #define IKE_ATTR_FIELD_SIZE 15
833 #define IKE_ATTR_GROUP_ORDER 16
834 #define IKE_ATTR_BLOCK_SIZE 17
835 #define IKE_ATTR_ACAT 20
836
837
838
839 static const range_string ike_attr_type[] = {
840 { 1,1, "Encryption-Algorithm" },
841 { 2,2, "Hash-Algorithm" },
842 { 3,3, "Authentication-Method" },
843 { 4,4, "Group-Description" },
844 { 5,5, "Group-Type" },
845 { 6,6, "Group-Prime" },
846 { 7,7, "Group-Generator-One" },
847 { 8,8, "Group-Generator-Two" },
848 { 9,9, "Group-Curve-A" },
849 { 10,10, "Group-Curve-B" },
850 { 11,11, "Life-Type" },
851 { 12,12, "Life-Duration" },
852 { 13,13, "PRF" },
853 { 14,14, "Key-Length" },
854 { 15,15, "Field-Size" },
855 { 16,16, "Group-Order" },
856 { 17,17, "Block-Size" },
857 { 18,19, "Unassigned (Future use)" },
858 { 20,20, "Asymmetric-Cryptographic-Algorithm-Type" },
859 { 21,16383, "Unassigned (Future use)" },
860 { 16384,32767, "Private use" },
861 { 0,0, NULL },
862 };
863
864 #if 0
865 static const value_string vs_v2_sttr[] = {
866 { 1, "SA-Life-Type" },
867 { 2, "SA-Life-Duration" },
868 { 3, "Group-Description" },
869 { 4, "Encapsulation-Mode" },
870 { 5, "Authentication-Algorithm" },
871 { 6, "Key-Length" },
872 { 7, "Key-Rounds" },
873 { 8, "Compress-Dictionary-Size" },
874 { 9, "Compress-Private-Algorithm" },
875 { 10, "ECN Tunnel" },
876 { 0, NULL },
877 };
878 #endif
879
880 static const value_string vs_v1_trans_isakmp[] = {
881 { 0, "RESERVED" },
882 { 1, "KEY_IKE" },
883 { 0, NULL },
884 };
885
886 static const value_string vs_v1_trans_ah[] = {
887 { 0, "RESERVED" },
888 { 1, "RESERVED" },
889 { 2, "MD5" },
890 { 3, "SHA" },
891 { 4, "DES" },
892 { 5, "SHA2-256" },
893 { 6, "SHA2-384" },
894 { 7, "SHA2-512" },
895 { 0, NULL },
896 };
897
898 static const value_string vs_v1_trans_esp[] = {
899 { 0, "RESERVED" },
900 { 1, "DES-IV64" },
901 { 2, "DES" },
902 { 3, "3DES" },
903 { 4, "RC5" },
904 { 5, "IDEA" },
905 { 6, "CAST" },
906 { 7, "BLOWFISH" },
907 { 8, "3IDEA" },
908 { 9, "DES-IV32" },
909 { 10, "RC4" },
910 { 11, "NULL" },
911 { 12, "AES" },
912 { 0, NULL },
913 };
914
915 static const value_string transform_id_ipcomp[] = {
916 { 0, "RESERVED" },
917 { 1, "OUI" },
918 { 2, "DEFLATE" },
919 { 3, "LZS" },
920 { 4, "LZJH" },
921 { 0, NULL },
922 };
923 static const value_string redirect_gateway_identity_type[] = {
924 { 1, "IPv4 address" },
925 { 2, "IPv6 address" },
926 { 3, "FQDN" },
927 { 0, NULL },
928 };
929 static const value_string attr_life_type[] = {
930 { 0, "RESERVED" },
931 { 1, "Seconds" },
932 { 2, "Kilobytes" },
933 { 0, NULL },
934 };
935
936 static const value_string ipsec_attr_encap_mode[] = {
937 { 0, "RESERVED" },
938 { 1, "Tunnel" },
939 { 2, "Transport" },
940 { 3, "UDP-Encapsulated-Tunnel" }, /* RFC3947 */
941 { 4, "UDP-Encapsulated-Transport" }, /* RFC3947 */
942 { 61440, "Check Point IPSec UDP Encapsulation" },
943 { 61443, "UDP-Encapsulated-Tunnel (draft)" },
944 { 61444, "UDP-Encapsulated-Transport (draft)" },
945 { 0, NULL },
946 };
947
948 static const value_string ipsec_attr_auth_algo[] = {
949 { 0, "RESERVED" },
950 { 1, "HMAC-MD5" },
951 { 2, "HMAC-SHA" },
952 { 3, "DES-MAC" },
953 { 4, "KPDK" },
954 { 5, "HMAC-SHA2-256" },
955 { 6, "HMAC-SHA2-384" },
956 { 7, "HMAC-SHA2-512" },
957 { 8, "HMAC-RIPEMD" }, /* [RFC2857] */
958 { 9, "AES-XCBC-MAC" }, /* [RFC3566] */
959 { 10, "SIG-RSA" }, /* [RFC4359] */
960 { 11, "AES-128-GMAC" }, /* [RFC4543][Errata1821] */
961 { 12, "AES-192-GMAC" }, /* [RFC4543][Errata1821] */
962 { 13, "AES-256-GMAC" }, /* [RFC4543][Errata1821] */
963
964 /*
965 Values 11-61439 are reserved to IANA. Values 61440-65535 are
966 for private use.
967 */
968 { 0, NULL },
969 };
970
971 #define ENC_DES_CBC 1
972 #define ENC_IDEA_CBC 2
973 #define ENC_BLOWFISH_CBC 3
974 #define ENC_RC5_R16_B64_CBC 4
975 #define ENC_3DES_CBC 5
976 #define ENC_CAST_CBC 6
977 #define ENC_AES_CBC 7
978 #define ENC_CAMELLIA_CBC 8
979 #define ENC_SM4_CBC_DEPRECATED 127
980 #define ENC_SM1_CBC 128
981 #define ENC_SM4_CBC 129
982
983 static const value_string ike_attr_enc_algo[] = {
984 { 0, "RESERVED" },
985 { ENC_DES_CBC, "DES-CBC" },
986 { ENC_IDEA_CBC, "IDEA-CBC" },
987 { ENC_BLOWFISH_CBC, "BLOWFISH-CBC" },
988 { ENC_RC5_R16_B64_CBC, "RC5-R16-B64-CBC" },
989 { ENC_3DES_CBC, "3DES-CBC" },
990 { ENC_CAST_CBC, "CAST-CBC" },
991 { ENC_AES_CBC, "AES-CBC" },
992 { ENC_CAMELLIA_CBC, "CAMELLIA-CBC" },
993 { ENC_SM4_CBC_DEPRECATED, "SM4-CBC (DEPRECATED)" },
994 { ENC_SM1_CBC, "SM1-CBC" },
995 { ENC_SM4_CBC, "SM4-CBC" },
996 { 0, NULL },
997 };
998
999 #define HMAC_MD5 1
1000 #define HMAC_SHA 2
1001 #define HMAC_TIGER 3
1002 #define HMAC_SHA2_256 4
1003 #define HMAC_SHA2_384 5
1004 #define HMAC_SHA2_512 6
1005 #define HMAC_SM3 20
1006
1007 static const value_string ike_attr_hash_algo[] = {
1008 { 0, "RESERVED" },
1009 { HMAC_MD5, "MD5" },
1010 { HMAC_SHA, "SHA" },
1011 { HMAC_TIGER, "TIGER" },
1012 { HMAC_SHA2_256, "SHA2-256" },
1013 { HMAC_SHA2_384, "SHA2-384" },
1014 { HMAC_SHA2_512, "SHA2-512" },
1015 { HMAC_SM3, "SM3" },
1016 { 0, NULL },
1017 };
1018
1019 #define ASYMMETRIC_RSA 1
1020 #define ASYMMETRIC_SM2 2
1021
1022 static const value_string ike_attr_asym_algo[] = {
1023 { ASYMMETRIC_RSA, "RSA" },
1024 { ASYMMETRIC_SM2, "SM2" },
1025 { 0, NULL },
1026 };
1027
1028 static const value_string ipsec_attr_ecn_tunnel[] = {
1029 { 0, "RESERVED" },
1030 { 1, "Allowed" },
1031 { 2, "Forbidden" },
1032 { 0, NULL },
1033 };
1034
1035 static const value_string ipsec_attr_ext_seq_nbr[] = {
1036 { 0, "RESERVED" },
1037 { 1, "64-bit Sequence Number" },
1038 { 0, NULL },
1039 };
1040
1041 #if 0
1042 static const value_string transform_attr_sig_enco_algo_type[] = {
1043 { 0, "RESERVED" },
1044 { 1, "RSASSA-PKCS1-v1_5" },
1045 { 2, "RSASSA-PSS" },
1046 { 0, NULL },
1047 };
1048 #endif
1049
1050 static const value_string ipsec_attr_addr_preservation[] = {
1051 { 0, "Reserved" },
1052 { 1, "None" },
1053 { 2, "Source-Only" },
1054 { 3, "Destination-Only" },
1055 { 4, "Source-and-Destination" },
1056 { 0, NULL },
1057 };
1058
1059 static const value_string ipsec_attr_sa_direction[] = {
1060 { 0, "Reserved" },
1061 { 1, "Sender-Only" },
1062 { 2, "Receiver-Only" },
1063 { 3, "Symmetric" },
1064 { 0, NULL },
1065 };
1066
1067 static const value_string ike_attr_authmeth[] = {
1068 /* ipsec-registry.xhtml */
1069 { 0, "RESERVED" },
1070 { 1, "Pre-shared key" },
1071 { 2, "DSS signatures" },
1072 { 3, "RSA signatures" },
1073 { 4, "Encryption with RSA" },
1074 { 5, "Revised encryption with RSA" },
1075 { 6, "Reserved (was Encryption with El-Gamal)" },
1076 { 7, "Reserved (was Revised encryption with El-Gamal)" },
1077 { 8, "Reserved (was ECDSA signatures)" },
1078 { 9, "ECDSA with SHA-256 on the P-256 curve" },
1079 { 10, "ECDSA with SHA-384 on the P-384 curve" },
1080 { 11, "ECDSA with SHA-512 on the P-521 curve" },
1081 /* draft-ietf-ipsec-isakmp-hybrid-auth-05 */
1082 { 64221, "HybridInitRSA" },
1083 { 64222, "HybridRespRSA" },
1084 { 64223, "HybridInitDSS" },
1085 { 64224, "HybridRespDSS" },
1086 /* draft-beaulieu-ike-xauth-02 */
1087 { 65001, "XAUTHInitPreShared" },
1088 { 65002, "XAUTHRespPreShared" },
1089 { 65003, "XAUTHInitDSS" },
1090 { 65004, "XAUTHRespDSS" },
1091 { 65005, "XAUTHInitRSA" },
1092 { 65006, "XAUTHRespRSA" },
1093 { 65007, "XAUTHInitRSAEncryption" },
1094 { 65008, "XAUTHRespRSAEncryption" },
1095 { 65009, "XAUTHInitRSARevisedEncryption" },
1096 { 65010, "XAUTHRespRSARevisedEncryption" },
1097 { 0, NULL },
1098 };
1099
1100 /* For GM/T 0022 IPSec VPN specification
1101 This specification only define one value for authmeth
1102 */
1103 static const value_string ike_attr_authmeth_china[] = {
1104 { 10, "Digital Envelope" },
1105 { 0, NULL },
1106 };
1107
1108 static const value_string dh_group[] = {
1109 { 0, "UNDEFINED - 0" },
1110 { 1, "Default 768-bit MODP group" },
1111 { 2, "Alternate 1024-bit MODP group" },
1112 { 3, "EC2N group on GP[2^155] group" },
1113 { 4, "EC2N group on GP[2^185] group" },
1114 { 5, "1536 bit MODP group" },
1115 { 6, "EC2N group over GF[2^163]" },
1116 { 7, "EC2N group over GF[2^163]" },
1117 { 8, "EC2N group over GF[2^283]" },
1118 { 9, "EC2N group over GF[2^283]" },
1119 { 10, "EC2N group over GF[2^409]" },
1120 { 11, "EC2N group over GF[2^409]" },
1121 { 12, "EC2N group over GF[2^571]" },
1122 { 13, "EC2N group over GF[2^571]" },
1123 { 14, "2048 bit MODP group" },
1124 { 15, "3072 bit MODP group" },
1125 { 16, "4096 bit MODP group" },
1126 { 17, "6144 bit MODP group" },
1127 { 18, "8192 bit MODP group" },
1128 { 19, "256-bit random ECP group" },
1129 { 20, "384-bit random ECP group" },
1130 { 21, "521-bit random ECP group" },
1131 { 22, "1024-bit MODP Group with 160-bit Prime Order Subgroup" },
1132 { 23, "2048-bit MODP Group with 224-bit Prime Order Subgroup" },
1133 { 24, "2048-bit MODP Group with 256-bit Prime Order Subgroup" },
1134 { 25, "192-bit Random ECP Group" },
1135 { 26, "224-bit Random ECP Group" },
1136 { 27, "224-bit Brainpool ECP group" },
1137 { 28, "256-bit Brainpool ECP group" },
1138 { 29, "384-bit Brainpool ECP group" },
1139 { 30, "512-bit Brainpool ECP group" },
1140 { 31, "Curve25519" },
1141 { 32, "Curve448" },
1142 { 33, "GOST3410_2012_256" },
1143 { 34, "GOST3410_2012_512" },
1144 { 0, NULL }
1145 };
1146
1147 static const value_string ike_attr_grp_type[] = {
1148 { 0, "UNDEFINED - 0" },
1149 { 1, "MODP" },
1150 { 2, "ECP" },
1151 { 3, "EC2N" },
1152 { 0, NULL },
1153 };
1154
1155 #define TF_IKE2_ENCR 1
1156 #define TF_IKE2_PRF 2
1157 #define TF_IKE2_INTEG 3
1158 #define TF_IKE2_DH 4
1159 #define TF_IKE2_ESN 5
1160 #define TF_IKE2_ADDKE1 6
1161 #define TF_IKE2_ADDKE2 7
1162 #define TF_IKE2_ADDKE3 8
1163 #define TF_IKE2_ADDKE4 9
1164 #define TF_IKE2_ADDKE5 10
1165 #define TF_IKE2_ADDKE6 11
1166 #define TF_IKE2_ADDKE7 12
1167
1168 static const range_string transform_ike2_type[] = {
1169 { 0,0, "RESERVED" },
1170 { TF_IKE2_ENCR,TF_IKE2_ENCR, "Encryption Algorithm (ENCR)" },
1171 { TF_IKE2_PRF,TF_IKE2_PRF, "Pseudo-random Function (PRF)"},
1172 { TF_IKE2_INTEG,TF_IKE2_INTEG,"Integrity Algorithm (INTEG)"},
1173 { TF_IKE2_DH,TF_IKE2_DH, "Diffie-Hellman Group (D-H)"},
1174 { TF_IKE2_ESN,TF_IKE2_ESN, "Extended Sequence Numbers (ESN)"},
1175 { TF_IKE2_ADDKE1,TF_IKE2_ADDKE1, "ADDKE1"},
1176 { TF_IKE2_ADDKE2,TF_IKE2_ADDKE2, "ADDKE2"},
1177 { TF_IKE2_ADDKE3,TF_IKE2_ADDKE3, "ADDKE3"},
1178 { TF_IKE2_ADDKE4,TF_IKE2_ADDKE4, "ADDKE4"},
1179 { TF_IKE2_ADDKE5,TF_IKE2_ADDKE5, "ADDKE5"},
1180 { TF_IKE2_ADDKE6,TF_IKE2_ADDKE6, "ADDKE6"},
1181 { TF_IKE2_ADDKE7,TF_IKE2_ADDKE7, "ADDKE7"},
1182 { 13,240, "Reserved to IANA"},
1183 { 241,255, "Private Use"},
1184 { 0,0, NULL },
1185 };
1186 /* For Transform Type 1 (Encryption Algorithm), defined Transform IDs */
1187 static const value_string transform_ike2_encr_type[] = {
1188 { 0, "RESERVED" },
1189 { 1, "ENCR_DES_IV64" },
1190 { 2, "ENCR_DES" },
1191 { 3, "ENCR_3DES" },
1192 { 4, "ENCR_RC5" },
1193 { 5, "ENCR_IDEA" },
1194 { 6, "ENCR_CAST" },
1195 { 7, "ENCR_BLOWFISH" },
1196 { 8, "ENCR_3IDEA" },
1197 { 9, "ENCR_DES_IV32" },
1198 { 10, "RESERVED" },
1199 { 11, "ENCR_NULL" },
1200 { 12, "ENCR_AES_CBC" },
1201 { 13, "ENCR_AES_CTR" }, /* [RFC3686] */
1202 { 14, "ENCR_AES-CCM_8" }, /* [RFC4309] */
1203 { 15, "ENCR-AES-CCM_12" }, /* [RFC4309] */
1204 { 16, "ENCR-AES-CCM_16" }, /* [RFC4309] */
1205 { 17, "UNASSIGNED" },
1206 { 18, "AES-GCM with a 8 octet ICV" }, /* [RFC4106] */
1207 { 19, "AES-GCM with a 12 octet ICV" }, /* [RFC4106] */
1208 { 20, "AES-GCM with a 16 octet ICV" }, /* [RFC4106] */
1209 { 21, "ENCR_NULL_AUTH_AES_GMAC" }, /* [RFC4543] */
1210 { 22, "Reserved for IEEE P1619 XTS-AES" }, /* [Ball] */
1211 { 23, "ENCR_CAMELLIA_CBC" }, /* [RFC5529] */
1212 { 24, "ENCR_CAMELLIA_CTR" }, /* [RFC5529] */
1213 { 25, "ENCR_CAMELLIA_CCM with an 8-octet ICV" }, /* [RFC5529] */
1214 { 26, "ENCR_CAMELLIA_CCM with a 12-octet ICV" }, /* [RFC5529] */
1215 { 27, "ENCR_CAMELLIA_CCM with a 16-octet ICV" }, /* [RFC5529] */
1216 { 28, "ENCR_CHACHA20_POLY1305" }, /* [RFC7634] */
1217 /*
1218 * 29-1023 RESERVED TO IANA [RFC4306]
1219 * 1024-65535 PRIVATE USE [RFC4306]
1220 */
1221 { 0, NULL },
1222 };
1223
1224 /* For Transform Type 2 (Pseudo-random Function), defined Transform IDs */
1225 static const value_string transform_ike2_prf_type[] = {
1226 { 0, "RESERVED" },
1227 { 1, "PRF_HMAC_MD5" },
1228 { 2, "PRF_HMAC_SHA1" },
1229 { 3, "PRF_HMAC_TIGER" },
1230 { 4, "PRF_AES128_CBC" },
1231 { 5, "PRF_HMAC_SHA2_256" }, /* [RFC4868] */
1232 { 6, "PRF_HMAC_SHA2_384" }, /* [RFC4868] */
1233 { 7, "PRF_HMAC_SHA2_512" }, /* [RFC4868] */
1234 { 8, "PRF_AES128_CMAC6" }, /* [RFC4615] */
1235 /*
1236 9-1023 RESERVED TO IANA [RFC4306]
1237 1024-65535 PRIVATE USE [RFC4306]
1238 */
1239 { 0, NULL },
1240 };
1241
1242 /* For Transform Type 3 (Integrity Algorithm), defined Transform IDs */
1243 static const value_string transform_ike2_integ_type[] = {
1244 { 0, "NONE" },
1245 { 1, "AUTH_HMAC_MD5_96" },
1246 { 2, "AUTH_HMAC_SHA1_96" },
1247 { 3, "AUTH_DES_MAC" },
1248 { 4, "AUTH_KPDK_MD5" },
1249 { 5, "AUTH_AES_XCBC_96" },
1250 { 6, "AUTH_HMAC_MD5_128" }, /* [RFC4595] */
1251 { 7, "AUTH_HMAC_SHA1_160" }, /* [RFC4595] */
1252 { 8, "AUTH_AES_CMAC_96" }, /* [RFC4494] */
1253 { 9, "AUTH_AES_128_GMAC" }, /* [RFC4543] */
1254 { 10, "AUTH_AES_192_GMAC" }, /* [RFC4543] */
1255 { 11, "AUTH_AES_256_GMAC" }, /* [RFC4543] */
1256 { 12, "AUTH_HMAC_SHA2_256_128" }, /* [RFC4868] */
1257 { 13, "AUTH_HMAC_SHA2_384_192" }, /* [RFC4868] */
1258 { 14, "AUTH_HMAC_SHA2_512_256" }, /* [RFC4868] */
1259 /*
1260 15-1023 RESERVED TO IANA [RFC4306]
1261 1024-65535 PRIVATE USE [RFC4306]
1262 */
1263 { 0, NULL },
1264 };
1265 /* For Transform Type 5 (Extended Sequence Numbers), defined Transform */
1266 static const value_string transform_ike2_esn_type[] = {
1267 { 0, "No Extended Sequence Numbers" },
1268 { 1, "Extended Sequence Numbers" },
1269 { 0, NULL },
1270 };
1271 /* Transform IKE2 Type */
1272 #define IKE2_ATTR_KEY_LENGTH 14
1273
1274 static const range_string transform_ike2_attr_type[] = {
1275 { 0,13, "Reserved" },
1276 { 14,14, "Key Length" },
1277 { 15,17, "Reserved" },
1278 { 18,16383, "Unassigned (Future use)" },
1279 { 16384,32767, "Private use" },
1280 { 0,0, NULL },
1281 };
1282
1283 static const range_string cert_v1_type[] = {
1284 { 0,0, "NONE" },
1285 { 1,1, "PKCS #7 wrapped X.509 certificate" },
1286 { 2,2, "PGP Certificate" },
1287 { 3,3, "DNS Signed Key" },
1288 { 4,4, "X.509 Certificate - Signature" },
1289 { 5,5, "X.509 Certificate - Key Exchange" },
1290 { 6,6, "Kerberos Tokens" },
1291 { 7,7, "Certificate Revocation List (CRL)" },
1292 { 8,8, "Authority Revocation List (ARL)" },
1293 { 9,9, "SPKI Certificate" },
1294 { 10,10, "X.509 Certificate - Attribute" },
1295 { 11,255, "RESERVED" },
1296 { 0,0, NULL },
1297 };
1298
1299 static const range_string cert_v2_type[] = {
1300 { 0,0, "RESERVED" },
1301 { 1,1, "PKCS #7 wrapped X.509 certificate" },
1302 { 2,2, "PGP Certificate" },
1303 { 3,3, "DNS Signed Key" },
1304 { 4,4, "X.509 Certificate - Signature" },
1305 { 5,5, "*undefined by any document*" },
1306 { 6,6, "Kerberos Tokens" },
1307 { 7,7, "Certificate Revocation List (CRL)" },
1308 { 8,8, "Authority Revocation List (ARL)" },
1309 { 9,9, "SPKI Certificate" },
1310 { 10,10, "X.509 Certificate - Attribute" },
1311 { 11,11, "Raw RSA Key" },
1312 { 12,12, "Hash and URL of X.509 certificate" },
1313 { 13,13, "Hash and URL of X.509 bundle" },
1314 { 14,14, "OCSP Content" }, /* [RFC4806] */
1315 { 15,200, "RESERVED to IANA" },
1316 { 201,255, "PRIVATE USE" },
1317 { 0,0, NULL },
1318 };
1319
1320 #define AUTH_METH_DIGITAL_SIGNATURE 14
1321
1322 static const range_string authmeth_v2_type[] = {
1323 { 0,0, "RESERVED TO IANA" },
1324 { 1,1, "RSA Digital Signature" },
1325 { 2,2, "Shared Key Message Integrity Code" },
1326 { 3,3, "DSS Digital Signature" },
1327 { 4,8, "RESERVED TO IANA" },
1328 { 9,9, "ECDSA with SHA-256 on the P-256 curve" }, /* RFC4754 */
1329 { 10,10, "ECDSA with SHA-384 on the P-384 curve" }, /* RFC4754 */
1330 { 11,11, "ECDSA with SHA-512 on the P-521 curve" }, /* RFC4754 */
1331 { 12,12, "Generic Secure Password Authentication Method" }, /* RFC6467 */
1332 { 13,13, "NULL Authentication" }, /* RFC7619 */
1333 { 14,14, "Digital Signature" }, /* RFC7427 */
1334 { 15,200, "RESERVED TO IANA" },
1335 { 201,255, "PRIVATE USE" },
1336 { 0,0, NULL },
1337 };
1338
1339 static const range_string notifmsg_v1_type[] = {
1340 { 0,0, "<UNKNOWN>" },
1341 { 1,1, "INVALID-PAYLOAD-TYPE" },
1342 { 2,2, "DOI-NOT-SUPPORTED" },
1343 { 3,3, "SITUATION-NOT-SUPPORTED" },
1344 { 4,4, "INVALID-COOKIE" },
1345 { 5,5, "INVALID-MAJOR-VERSION" },
1346 { 6,6, "INVALID-MINOR-VERSION" },
1347 { 7,7, "INVALID-EXCHANGE-TYPE" },
1348 { 8,8, "INVALID-FLAGS" },
1349 { 9,9, "INVALID-MESSAGE-ID" },
1350 { 10,10, "INVALID-PROTOCOL-ID" },
1351 { 11,11, "INVALID-SPI" },
1352 { 12,12, "INVALID-TRANSFORM-ID" },
1353 { 13,13, "ATTRIBUTES-NOT-SUPPORTED" },
1354 { 14,14, "NO-PROPOSAL-CHOSEN" },
1355 { 15,15, "BAD-PROPOSAL-SYNTAX" },
1356 { 16,16, "PAYLOAD-MALFORMED" },
1357 { 17,17, "INVALID-KEY-INFORMATION" },
1358 { 18,18, "INVALID-ID-INFORMATION" },
1359 { 19,19, "INVALID-CERT-ENCODING" },
1360 { 20,20, "INVALID-CERTIFICATE" },
1361 { 21,21, "CERT-TYPE-UNSUPPORTED" },
1362 { 22,22, "INVALID-CERT-AUTHORITY" },
1363 { 23,23, "INVALID-HASH-INFORMATION" },
1364 { 24,24, "AUTHENTICATION-FAILED" },
1365 { 25,25, "INVALID-SIGNATURE" },
1366 { 26,26, "ADDRESS-NOTIFICATION" },
1367 { 27,27, "NOTIFY-SA-LIFETIME" },
1368 { 28,28, "CERTIFICATE-UNAVAILABLE" },
1369 { 29,29, "UNSUPPORTED-EXCHANGE-TYPE" },
1370 { 30,30, "UNEQUAL-PAYLOAD-LENGTHS" },
1371 { 31,8191, "RESERVED (Future Use)" },
1372 { 8192,16383, "Private Use" },
1373 { 16384,16384,"CONNECTED" },
1374 { 16385,24575,"RESERVED (Future Use)" },
1375 { 24576,24576,"RESPONDER-LIFETIME" },
1376 { 24577,24577,"REPLAY-STATUS" },
1377 { 24578,24578,"INITIAL-CONTACT" },
1378 { 24579,32767,"DOI-specific codes" },
1379 { 32768,36135,"Private Use" },
1380 { 36136,36136,"R-U-THERE" },
1381 { 36137,36137,"R-U-THERE-ACK" },
1382 { 36138,40500,"Private Use" },
1383 { 40501,40501,"UNITY-LOAD-BALANCE" },
1384 { 40502,40502,"UNITY-UNKNOWN" },
1385 { 40503,40503,"UNITY-GROUP-HASH" },
1386 { 40503,40959,"Private Use" },
1387 { 40960,65535,"RESERVED (Future Use)" },
1388 { 0,0, NULL },
1389 };
1390
1391 static const range_string notifmsg_v2_type[] = {
1392 { 0,0, "RESERVED" },
1393 { 1,1, "UNSUPPORTED_CRITICAL_PAYLOAD" },
1394 { 2,3, "RESERVED" },
1395 { 4,4, "INVALID_IKE_SPI" },
1396 { 5,5, "INVALID_MAJOR_VERSION" },
1397 { 6,6, "RESERVED" },
1398 { 7,7, "INVALID_SYNTAX" },
1399 { 8,8, "RESERVED" },
1400 { 9,9, "INVALID_MESSAGE_ID" },
1401 { 10,10, "RESERVED" },
1402 { 11,11, "INVALID_SPI" },
1403 { 12,13, "RESERVED" },
1404 { 14,14, "NO_PROPOSAL_CHOSEN" },
1405 { 15,16, "RESERVED" },
1406 { 17,17, "INVALID_KE_PAYLOAD" },
1407 { 24,24, "AUTHENTICATION_FAILED" },
1408 { 25,33, "RESERVED" },
1409 { 34,34, "SINGLE_PAIR_REQUIRED" },
1410 { 35,35, "NO_ADDITIONAL_SAS" },
1411 { 36,36, "INTERNAL_ADDRESS_FAILURE" },
1412 { 37,37, "FAILED_CP_REQUIRED" },
1413 { 38,38, "TS_UNACCEPTABLE" },
1414 { 39,39, "INVALID_SELECTORS" },
1415 { 40,40, "UNACCEPTABLE_ADDRESSES" }, /* RFC4555 */
1416 { 41,41, "UNEXPECTED_NAT_DETECTED" }, /* RFC4555 */
1417 { 42,42, "USE_ASSIGNED_HoA" }, /* RFC5026 */
1418 { 43,43, "TEMPORARY_FAILURE" }, /* RFC5996 */
1419 { 44,44, "CHILD_SA_NOT_FOUND" }, /* RFC5996 */
1420 { 45,45, "INVALID_GROUP_ID" }, /* draft-yeung-g-ikev2 */
1421 { 46,46, "CHILD_SA_NOT_FOUND" }, /* draft-yeung-g-ikev2 */
1422 { 47,8191, "RESERVED TO IANA - Error types" },
1423 { 8192,16383, "Private Use - Errors" },
1424 { 16384,16384, "INITIAL_CONTACT" },
1425 { 16385,16385, "SET_WINDOW_SIZE" },
1426 { 16386,16386, "ADDITIONAL_TS_POSSIBLE" },
1427 { 16387,16387, "IPCOMP_SUPPORTED" },
1428 { 16388,16388, "NAT_DETECTION_SOURCE_IP" },
1429 { 16389,16389, "NAT_DETECTION_DESTINATION_IP" },
1430 { 16390,16390, "COOKIE" },
1431 { 16391,16391, "USE_TRANSPORT_MODE" },
1432 { 16392,16392, "HTTP_CERT_LOOKUP_SUPPORTED" },
1433 { 16393,16393, "REKEY_SA" },
1434 { 16394,16394, "ESP_TFC_PADDING_NOT_SUPPORTED" },
1435 { 16395,16395, "NON_FIRST_FRAGMENTS_ALSO" },
1436 { 16396,16396, "MOBIKE_SUPPORTED" }, /* RFC4555 */
1437 { 16397,16397, "ADDITIONAL_IP4_ADDRESS" }, /* RFC4555 */
1438 { 16398,16398, "ADDITIONAL_IP6_ADDRESS" }, /* RFC4555 */
1439 { 16399,16399, "NO_ADDITIONAL_ADDRESSES" }, /* RFC4555 */
1440 { 16400,16400, "UPDATE_SA_ADDRESSES" }, /* RFC4555 */
1441 { 16401,16401, "COOKIE2" }, /* RFC4555 */
1442 { 16402,16402, "NO_NATS_ALLOWED" }, /* RFC4555 */
1443 { 16403,16403, "AUTH_LIFETIME" }, /* RFC4478 */
1444 { 16404,16404, "MULTIPLE_AUTH_SUPPORTED" }, /* RFC4739 */
1445 { 16405,16405, "ANOTHER_AUTH_FOLLOWS" }, /* RFC4739 */
1446 { 16406,16406, "REDIRECT_SUPPORTED" }, /* RFC5685 */
1447 { 16407,16407, "REDIRECT" }, /* RFC5685 */
1448 { 16408,16408, "REDIRECTED_FROM" }, /* RFC5685 */
1449 { 16409,16409, "TICKET_LT_OPAQUE" }, /* RFC5723 */
1450 { 16410,16410, "TICKET_REQUEST" }, /* RFC5723 */
1451 { 16411,16411, "TICKET_ACK" }, /* RFC5723 */
1452 { 16412,16412, "TICKET_NACK" }, /* RFC5723 */
1453 { 16413,16413, "TICKET_OPAQUE" }, /* RFC5723 */
1454 { 16414,16414, "LINK_ID" }, /* RFC5739 */
1455 { 16415,16415, "USE_WESP_MODE" }, /* RFC5840 */
1456 { 16416,16416, "ROHC_SUPPORTED" }, /* RFC5857 */
1457 { 16417,16417, "EAP_ONLY_AUTHENTICATION" }, /* RFC5998 */
1458 { 16418,16418, "CHILDLESS_IKEV2_SUPPORTED" }, /* RFC6023 */
1459 { 16419,16419, "QUICK_CRASH_DETECTION" }, /* RFC6290 */
1460 { 16420,16420, "IKEV2_MESSAGE_ID_SYNC_SUPPORTED" }, /* RFC6311 */
1461 { 16421,16421, "IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED" },/* RFC6311 */
1462 { 16422,16422, "IKEV2_MESSAGE_ID_SYNC" }, /* RFC6311 */
1463 { 16423,16423, "IPSEC_REPLAY_COUNTER_SYNC" }, /* RFC6311 */
1464 { 16424,16424, "SECURE_PASSWORD_METHODS" }, /* RFC6467 */
1465 { 16425,16425, "PSK_PERSIST" }, /* RFC6631 */
1466 { 16426,16426, "PSK_CONFIRM" }, /* RFC6631 */
1467 { 16427,16427, "ERX_SUPPORTED" }, /* RFC6867 */
1468 { 16428,16428, "IFOM_CAPABILITY" }, /* [Frederic_Firmin][3GPP TS 24.303 v10.6.0 annex B.2] */
1469 { 16429,16429, "SENDER_REQUEST_ID" }, /* [draft-yeung-g-ikev2] */
1470 { 16430,16430, "IKEV2_FRAGMENTATION_SUPPORTED" }, /* RFC7383 */
1471 { 16431,16431, "SIGNATURE_HASH_ALGORITHMS" }, /* RFC7427 */
1472 { 16432,16432, "CLONE_IKE_SA_SUPPORTED" }, /* [RFC7791] */
1473 { 16433,16433, "CLONE_IKE_SA" }, /* [RFC7791] */
1474 { 16434,16434, "PUZZLE" }, /* [RFC8019] */
1475 { 16435,16435, "USE_PPK" }, /* [RFC8784] */
1476 { 16436,16436, "PPK_IDENTITY" }, /* [RFC8784] */
1477 { 16437,16437, "NO_PPK_AUTH" },
1478 { 16438,16438, "INTERMEDIATE_EXCHANGE_SUPPORTED" }, /* RFC9242 */
1479 { 16439,16439, "IP4_ALLOWED" }, /* RFC8983 */
1480 { 16440,16440, "IP4_ALLOWED" }, /* RFC8983 */
1481 { 16441,16441, "ADDITIONAL_KEY_EXCHANGE" }, /* RFC9370 */
1482 { 16442,16442, "USE_AGGFRAG" }, /* RFC9347 */
1483 { 16443,40959, "RESERVED TO IANA - STATUS TYPES" },
1484 { 40960,65535, "Private Use - STATUS TYPES" },
1485 { 0,0, NULL },
1486 };
1487
1488 /* 3GPP private error and status types in Notify messages
1489 * 3GPP TS 24.302 V16.0.0 (2019-03)
1490 * 3GPP TS 24.502 V15.3.0 (2019-03)
1491 * Note currently all private data types wil be decoded as 3GPP if that's not good enough a preference must be used
1492 */
1493 static const range_string notifmsg_v2_3gpp_type[] = {
1494 /* PRIVATE ERROR TYPES */
1495 { 8192,8192, "PDN_CONNECTION_REJECTION" }, /* TS 24.302 */
1496 { 8193,8193, "MAX_CONNECTION_REACHED" }, /* TS 24.302 */
1497 { 8194,8240, "Private Use - Errors" },
1498 { 8241,8241, "SEMANTIC_ERROR_IN_THE_TFT_OPERATION" }, /* TS 24.302 */
1499 { 8242,8242, "SYNTACTICAL_ERROR_IN_THE_TFT_OPERATION" }, /* TS 24.302 */
1500 { 8243,8243, "Private Use - Errors" },
1501 { 8244,8244, "SEMANTIC_ERRORS_IN_PACKET_FILTERS" }, /* TS 24.302 */
1502 { 8245,8245, "SYNTACTICAL_ERRORS_IN_PACKET_FILTERS" }, /* TS 24.302 */
1503 { 8246,8999, "Private Use - Errors" },
1504 { 9000,9000, "NON_3GPP_ACCESS_TO_EPC_NOT_ALLOWED" }, /* TS 24.302 */
1505 { 9001,9001, "USER_UNKNOWN" }, /* TS 24.302 */
1506 { 9002,9002, "NO_APN_SUBSCRIPTION" },
1507 { 9003,9003, "AUTHORIZATION_REJECTED" }, /* TS 24.302 */
1508 { 9004,9005, "Private Use - Errors" },
1509 { 9006,9006, "ILLEGAL_ME" }, /* TS 24.302 */
1510 { 9007,10499, "Private Use - Errors" },
1511 { 10500,10500, "NETWORK_FAILURE" }, /* TS 24.302 */
1512 { 10501,11000, "Private Use - Errors" },
1513 { 11001,11001, "RAT_TYPE_NOT_ALLOWED" }, /* TS 24.302 */
1514 { 11002,11004, "Private Use - Errors" },
1515 { 11005,11005, "IMEI_NOT_ACCEPTED" }, /* TS 24.302 */
1516 { 11006,11010, "Private Use - Errors" },
1517 { 11011,11011, "PLMN_NOT_ALLOWED" }, /* TS 24.302 */
1518 { 11012,11054, "Private Use - Errors" },
1519 { 11055,11055, "UNAUTHENTICATED_EMERGENCY_NOT_SUPPORTED" }, /* TS 24.302 */
1520 { 11056,15499, "Private Use - Errors" },
1521 { 15500,15500, "CONGESTION" }, /* TS 24.502 */
1522 { 15501,16383, "Private Use - Errors" },
1523 /* PRIVATE STATUS TYPES */
1524 { 40960,40960, "Private Use - STATUS TYPES" },
1525 { 40961,40961, "REACTIVATION_REQUESTED_CAUSE" }, /* TS 24.302 */
1526 { 40962,41040, "Private Use - STATUS TYPES" },
1527 { 41041,41041, "BACKOFF_TIMER" }, /* TS 24.302 */
1528 { 41042,41049, "Private Use - STATUS TYPES" },
1529 { 41050,41050, "PDN_TYPE_IPv4_ONLY_ALLOWED" }, /* TS 24.302 */
1530 { 41051,41051, "PDN_TYPE_IPv6_ONLY_ALLOWED" }, /* TS 24.302 */
1531 { 41052,41100, "Private Use - STATUS TYPES" },
1532 { 41101,41101, "DEVICE_IDENTITY" }, /* TS 24.302 */
1533 { 41102,41111, "Private Use - STATUS TYPES" },
1534 { 41112,41112, "EMERGENCY_SUPPORT" }, /* TS 24.302 */
1535 { 41113,41133, "Private Use - STATUS TYPES" },
1536 { 41134,41134, "EMERGENCY_CALL_NUMBERS" }, /* TS 24.302 */
1537 { 41135,41287, "Private Use - STATUS TYPES" },
1538 { 41288,41288, "NBIFOM_GENERIC_CONTAINER" }, /* TS 24.302 */
1539 { 41289,41303, "Private Use - STATUS TYPES" },
1540 { 41304,41304, "P-CSCF_RESELECTION_SUPPORT" }, /* TS 24.302 */
1541 { 41305,41500, "Private Use - STATUS TYPES" },
1542 { 41501,41501, "PTI" }, /* TS 24.302 */
1543 { 41502,42010, "Private Use - STATUS TYPES" },
1544 { 42011,42011, "P-IKEV2_MULTIPLE_BEARER_PDN_CONNECTIVITY" }, /* TS 24.302 */
1545 { 42012,42013, "Private Use - STATUS TYPES" },
1546 { 42014,42014, "P-EPS_QOS" }, /* TS 24.302 */
1547 { 42015,42015, "P-EXTENDED_EPS_QOS" }, /* TS 24.302 */
1548 { 42016,42016, "Private Use - STATUS TYPES" },
1549 { 42017,42017, "P-TFT" }, /* TS 24.302 */
1550 { 42018,42019, "Private Use - STATUS TYPES" },
1551 { 42020,42020, "P-MODIFIED_BEARER" }, /* TS 24.302 */
1552 { 42021,42093, "Private Use - STATUS TYPES" },
1553 { 42094,42094, "P-APN_AMBR" }, /* TS 24.302 */
1554 { 42095,42095, "P-EXTENDED_APN_AMBR" }, /* TS 24.302 */
1555 { 42096,51014, "Private Use - STATUS TYPES" },
1556 { 51015,51015, "P-N1_MODE_CAPABILITY" }, /* TS 24.302 */
1557 { 51016,51114, "Private Use - STATUS TYPES" },
1558 { 51115,51115, "P-N1_MODE_INFORMATION" }, /* TS 24.302 */
1559 { 51116,55500, "Private Use - STATUS TYPES" },
1560 { 55501,55501, "5G_QOS_INFO" }, /* TS 24.502 */
1561 { 55502,55502, "NAS_IP4_ADDRESS" }, /* TS 24.502 */
1562 { 55503,55503, "NAS_IP6_ADDRESS" }, /* TS 24.502 */
1563 { 55504,55504, "UP_IP4_ADDRESS" }, /* TS 24.502 */
1564 { 55505,55505, "UP_IP6_ADDRESS" }, /* TS 24.502 */
1565 { 55506,55506, "NAS_TCP_PORT" }, /* TS 24.502 */
1566 { 55507,55507, "N3GPP_BACKOFF_TIMER" }, /* TS 24.502 */
1567 { 55508,61471, "Private Use - STATUS TYPES" },
1568 { 61472,61472, "Auto-Discovery Sender (Fortinet)" },
1569 { 61473,61473, "Auto-Discovery Receiver (Fortinet)" },
1570 { 61474,61519, "Private Use - STATUS TYPES" },
1571 { 61520,61520, "Network Overlay ID (Fortinet" },
1572 { 61521,65535, "Private Use - STATUS TYPES" },
1573 { 0,0, NULL },
1574 };
1575
1576 static const range_string vs_v1_cfgtype[] = {
1577 { 0,0, "Reserved" },
1578 { 1,1, "ISAKMP_CFG_REQUEST" },
1579 { 2,2, "ISAKMP_CFG_REPLY" },
1580 { 3,3, "ISAKMP_CFG_SET" },
1581 { 4,4, "ISAKMP_CFG_ACK" },
1582 { 5,127, "Future use" },
1583 { 128,256, "Private Use" },
1584 { 0,0, NULL },
1585 };
1586
1587
1588 static const range_string vs_v2_cfgtype[] = {
1589 { 0,0, "RESERVED" },
1590 { 1,1, "CFG_REQUEST" },
1591 { 2,2, "CFG_REPLY" },
1592 { 3,3, "CFG_SET" },
1593 { 4,4, "CFG_ACK" },
1594 { 5,127, "Future use" },
1595 { 128,256, "Private Use" },
1596 { 0,0, NULL },
1597 };
1598
1599 static const range_string vs_v1_cfgattr[] = {
1600 { 0,0, "RESERVED" },
1601 { 1,1, "INTERNAL_IP4_ADDRESS" },
1602 { 2,2, "INTERNAL_IP4_NETMASK" },
1603 { 3,3, "INTERNAL_IP4_DNS" },
1604 { 4,4, "INTERNAL_IP4_NBNS" },
1605 { 5,5, "INTERNAL_ADDRESS_EXPIRY" },
1606 { 6,6, "INTERNAL_IP4_DHCP" },
1607 { 7,7, "APPLICATION_VERSION" },
1608 { 8,8, "INTERNAL_IP6_ADDRESS" },
1609 { 9,9, "INTERNAL_IP6_NETMASK" },
1610 { 10,10, "INTERNAL_IP6_DNS" },
1611 { 11,11, "INTERNAL_IP6_NBNS" },
1612 { 12,12, "INTERNAL_IP6_DHCP" },
1613 { 13,13, "INTERNAL_IP4_SUBNET" },
1614 { 14,14, "SUPPORTED_ATTRIBUTES" },
1615 { 15,15, "INTERNAL_IP6_SUBNET" },
1616 { 16,16383, "FUTURE USE"},
1617 { 16384,16386, "PRIVATE USE"},
1618 { 16387,16387, "CHKPT_DEF_DOMAIN" },
1619 { 16388,16388, "CHKPT_MAC_ADDRESS" },
1620 { 16389,16389, "CHKPT_MARCIPAN_REASON_CODE" },
1621 { 16400,16400, "CHKPT_UNKNOWN1" },
1622 { 16401,16401, "CHKPT_UNKNOWN2" },
1623 { 16402,16402, "CHKPT_UNKNOWN3" },
1624 { 16403,16519, "PRIVATE USE"},
1625 { 16520,16520, "XAUTH_TYPE" },
1626 { 16521,16521, "XAUTH_USER_NAME" },
1627 { 16522,16522, "XAUTH_USER_PASSWORD" },
1628 { 16523,16523, "XAUTH_PASSCODE" },
1629 { 16524,16524, "XAUTH_MESSAGE" },
1630 { 16525,16525, "XAUTH_CHALLENGE" },
1631 { 16526,16526, "XAUTH_DOMAIN" },
1632 { 16527,16527, "XAUTH_STATUS" },
1633 { 16528,16528, "XAUTH_NEXT_PIN" },
1634 { 16529,16529, "XAUTH_ANSWER" },
1635 { 16530,28671, "PRIVATE USE"},
1636 { 28672,28672, "UNITY_BANNER" },
1637 { 28673,28673, "UNITY_SAVE_PASSWD" },
1638 { 28674,28674, "UNITY_DEF_DOMAIN" },
1639 { 28675,28675, "UNITY_SPLIT_DOMAIN" },
1640 { 28676,28676, "UNITY_SPLIT_INCLUDE" },
1641 { 28677,28677, "UNITY_NATT_PORT" },
1642 { 28678,28678, "UNITY_SPLIT_EXCLUDE" },
1643 { 28679,28679, "UNITY_PFS" },
1644 { 28680,28680, "UNITY_FW_TYPE" },
1645 { 28681,28681, "UNITY_BACKUP_SERVERS" },
1646 { 28682,28682, "UNITY_DDNS_HOSTNAME" },
1647 { 28683,32767, "PRIVATE USE"},
1648 { 0,0, NULL },
1649 };
1650
1651 static const range_string vs_v2_cfgattr[] = {
1652 { 0,0, "RESERVED" },
1653 { 1,1, "INTERNAL_IP4_ADDRESS" },
1654 { 2,2, "INTERNAL_IP4_NETMASK" },
1655 { 3,3, "INTERNAL_IP4_DNS" },
1656 { 4,4, "INTERNAL_IP4_NBNS" },
1657 { 5,5, "INTERNAL_ADDRESS_EXPIRY" }, /* OBSO */
1658 { 6,6, "INTERNAL_IP4_DHCP" },
1659 { 7,7, "APPLICATION_VERSION" },
1660 { 8,8, "INTERNAL_IP6_ADDRESS" },
1661 { 9,9, "RESERVED" },
1662 { 10,10, "INTERNAL_IP6_DNS" },
1663 { 11,11, "INTERNAL_IP6_NBNS" }, /* OBSO */
1664 { 12,12, "INTERNAL_IP6_DHCP" },
1665 { 13,13, "INTERNAL_IP4_SUBNET" },
1666 { 14,14, "SUPPORTED_ATTRIBUTES" },
1667 { 15,15, "INTERNAL_IP6_SUBNET" },
1668 { 16,16, "MIP6_HOME_PREFIX" },
1669 { 17,17, "INTERNAL_IP6_LINK" },
1670 { 18,18, "INTERNAL_IP6_PREFIX" },
1671 { 19,19, "HOME_AGENT_ADDRESS" }, /* 3GPP TS 24.302 http://www.3gpp.org/ftp/Specs/html-info/24302.htm */
1672 { 20,20, "P_CSCF_IP4_ADDRESS" }, /* 3GPP IMS Option for IKEv2 https://datatracker.ietf.org/doc/draft-gundavelli-ipsecme-3gpp-ims-options/ */
1673 { 21,21, "P_CSCF_IP6_ADDRESS" },
1674 { 22,22, "FTT_KAT" },
1675 { 23,16383, "RESERVED TO IANA"},
1676 { 16384,32767, "PRIVATE USE"},
1677 { 0,0, NULL },
1678 };
1679
1680 static const range_string cfgattr_xauth_type[] = {
1681 { 0,0, "Generic" },
1682 { 1,1, "RADIUS-CHAP" },
1683 { 2,2, "OTP" },
1684 { 3,3, "S/KEY" },
1685 { 4,32767, "Future use" },
1686 { 32768,65535, "Private use" },
1687 { 0,0, NULL },
1688 };
1689
1690
1691 static const value_string cfgattr_xauth_status[] = {
1692 { 0, "Fail" },
1693 { 1, "Success" },
1694 { 0, NULL },
1695 };
1696
1697 static const value_string cp_product[] = {
1698 { 1, "Firewall-1" },
1699 { 2, "SecuRemote/SecureClient" },
1700 { 0, NULL },
1701 };
1702
1703 static const value_string cp_version[] = {
1704 { 2,"4.1" },
1705 { 3,"4.1 SP-1" },
1706 { 4002,"4.1 (SP-2 or above)" },
1707 { 5000,"NG" },
1708 { 5001,"NG Feature Pack 1" },
1709 { 5002,"NG Feature Pack 2" },
1710 { 5003,"NG Feature Pack 3" },
1711 { 5004,"NG with Application Intelligence" },
1712 { 5005,"NG with Application Intelligence R55" },
1713 { 5006,"NG with Application Intelligence R56" },
1714 { 0, NULL },
1715 };
1716 static const range_string traffic_selector_type[] = {
1717 { 0,6, "Reserved" },
1718 { 7,7, "TS_IPV4_ADDR_RANGE" },
1719 { 8,8, "TS_IPV6_ADDR_RANGE" },
1720 { 9,9, "TS_FC_ADDR_RANGE" },
1721 { 10,240, "Future use" },
1722 { 241,255, "Private use" },
1723 { 0,0, NULL },
1724 };
1725 static const value_string ms_nt5_isakmpoakley_type[] = {
1726 { 2, "Windows 2000" },
1727 { 3, "Windows XP SP1" },
1728 { 4, "Windows 2003 and Windows XP SP2" },
1729 { 5, "Windows Vista" },
1730 { 0, NULL }
1731 };
1732 static const range_string vs_v1_id_type[] = {
1733 { 0,0, "RESERVED" },
1734 { IKE_ID_IPV4_ADDR,IKE_ID_IPV4_ADDR, "IPV4_ADDR" },
1735 { IKE_ID_FQDN,IKE_ID_FQDN, "FQDN" },
1736 { IKE_ID_USER_FQDN,IKE_ID_USER_FQDN, "USER_FQDN" },
1737 { IKE_ID_IPV4_ADDR_SUBNET,IKE_ID_IPV4_ADDR_SUBNET, "IPV4_ADDR_SUBNET" },
1738 { IKE_ID_IPV6_ADDR,IKE_ID_IPV6_ADDR, "IPV6_ADDR" },
1739 { IKE_ID_IPV6_ADDR_SUBNET,IKE_ID_IPV6_ADDR_SUBNET, "IPV6_ADDR_SUBNET" },
1740 { IKE_ID_IPV4_ADDR_RANGE,IKE_ID_IPV4_ADDR_RANGE, "IPV4_ADDR_RANGE" },
1741 { IKE_ID_IPV6_ADDR_RANGE,IKE_ID_IPV6_ADDR_RANGE, "IPV6_ADDR_RANGE" },
1742 { IKE_ID_DER_ASN1_DN,IKE_ID_DER_ASN1_DN, "DER_ASN1_DN" },
1743 { IKE_ID_DER_ASN1_GN,IKE_ID_DER_ASN1_GN, "DER_ASN1_GN" },
1744 { IKE_ID_KEY_ID,IKE_ID_KEY_ID, "KEY_ID" },
1745 { IKE_ID_LIST,IKE_ID_LIST, "KEY_LIST" },
1746 { 13,248, "Future use" },
1747 { 249,255, "Private Use" },
1748 { 0,0, NULL },
1749 };
1750 static const range_string vs_v2_id_type[] = {
1751 { 0,0, "RESERVED" },
1752 { IKE_ID_IPV4_ADDR,IKE_ID_IPV4_ADDR, "IPV4_ADDR" },
1753 { IKE_ID_FQDN,IKE_ID_FQDN, "FQDN" },
1754 { IKE_ID_RFC822_ADDR,IKE_ID_RFC822_ADDR, "ID_RFC822_ADDR" },
1755 { 4,4, "Unassigned" },
1756 { IKE_ID_IPV6_ADDR,IKE_ID_IPV6_ADDR, "IPV6_ADDR" },
1757 { 6,8, "Unassigned" },
1758 { IKE_ID_DER_ASN1_DN,IKE_ID_DER_ASN1_DN, "DER_ASN1_DN" },
1759 { IKE_ID_DER_ASN1_GN,IKE_ID_DER_ASN1_GN, "DER_ASN1_GN" },
1760 { IKE_ID_KEY_ID,IKE_ID_KEY_ID, "KEY_ID" },
1761 { IKE_ID_FC_NAME,IKE_ID_FC_NAME, "KEY_LIST" },
1762 { 13,200, "Future use" },
1763 { 201,255, "Private Use" },
1764 { 0,0, NULL },
1765 };
1766 #define COOKIE_SIZE 8
1767
1768 typedef struct isakmp_hdr {
1769 uint8_t next_payload;
1770 uint8_t version;
1771 uint8_t exch_type;
1772 uint8_t flags;
1773 #define E_FLAG 0x01
1774 #define C_FLAG 0x02
1775 #define A_FLAG 0x04
1776 #define I_FLAG 0x08
1777 #define V_FLAG 0x10
1778 #define R_FLAG 0x20
1779 uint32_t message_id;
1780 uint32_t length;
1781 } isakmp_hdr_t;
1782
1783 static const true_false_string attribute_format = {
1784 "Type/Value (TV)",
1785 "Type/Length/Value (TLV)"
1786 };
1787 static const true_false_string flag_e = {
1788 "Encrypted",
1789 "Not encrypted"
1790 };
1791 static const true_false_string flag_c = {
1792 "Commit",
1793 "No commit"
1794 };
1795 static const true_false_string flag_a = {
1796 "Authentication",
1797 "No authentication"
1798 };
1799 static const true_false_string flag_i = {
1800 "Initiator",
1801 "Responder"
1802 };
1803 static const true_false_string flag_v = {
1804 "A higher version enabled",
1805 "No higher version"
1806 };
1807
1808
1809 /* ROHC Attribute Type RFC5857 */
1810
1811 #define ROHC_MAX_CID 1
1812 #define ROHC_PROFILE 2
1813 #define ROHC_INTEG 3
1814 #define ROHC_ICV_LEN 4
1815 #define ROHC_MRRU 5
1816
1817 static const range_string rohc_attr_type[] = {
1818 { 1,1, "Maximum Context Identifier (MAX_CID)" },
1819 { 2,2, "ROHC Profile (ROHC_PROFILE)" },
1820 { 3,3, "ROHC Integrity Algorithm (ROHC_INTEG)" },
1821 { 4,4, "ROHC ICV Length in bytes (ROHC_ICV_LEN)" },
1822 { 5,5, "Maximum Reconstructed Reception Unit (MRRU)" },
1823 { 6,16383, "Unassigned (Future use)" },
1824 { 16384,32767, "Private use" },
1825 { 0,0, NULL },
1826 };
1827
1828 static const range_string signature_hash_algorithms[] = {
1829 { 0,0, "Reserved" },
1830 { 1,1, "SHA1" },
1831 { 2,2, "SHA2-256" },
1832 { 3,3, "SHA2-384" },
1833 { 4,4, "SHA2-512" },
1834 { 5,5, "Identity" },
1835 { 6,1023, "Unassigned" },
1836 { 1024,65535, "Reserved for Private Use" },
1837 {0,0, NULL },
1838 };
1839
1840 static const range_string sat_protocol_ids[] = {
1841 { 0,0, "Reserved" },
1842 { 1,1, "GDOI_PROTO_IPSEC_ESP" },
1843 { 2,2, "GDOI_PROTO_IPSEC_AH" },
1844 { 3,127, "Unassigned" },
1845 { 128, 255, "Private Use" },
1846 { 0,0, NULL },
1847 };
1848
1849 static const range_string key_download_types[] = {
1850 { 0,0, "Reserved" },
1851 { 1,1, "TEK" },
1852 { 2,2, "KEK" },
1853 { 3,3, "LKH" },
1854 { 4,4, "SID" },
1855 { 5,127, "Unassigned" },
1856 { 128, 255, "Private Use" },
1857 { 0,0, NULL },
1858 };
1859
1860 static const value_string device_identity_types[] = {
1861 { 0x01, "IMEI" },
1862 { 0x02, "IMEISV" },
1863 { 0, NULL },
1864 };
1865
1866 #define ISAKMP_HDR_SIZE ((int)sizeof(struct isakmp_hdr) + (2 * COOKIE_SIZE))
1867
1868
1869 #define MAX_KEY_SIZE 256
1870 #define MAX_DIGEST_SIZE 64
1871 #define MAX_OAKLEY_KEY_LEN 32
1872
1873 #define PINFO_CBC_IV 1
1874
1875 #define DECR_PARAMS_INIT 0
1876 #define DECR_PARAMS_READY 1
1877 #define DECR_PARAMS_FAIL 2
1878
1879 typedef struct _ikev1_uat_data_key {
1880 unsigned char *icookie;
1881 unsigned icookie_len;
1882 unsigned char *key;
1883 unsigned key_len;
1884 } ikev1_uat_data_key_t;
1885
1886 typedef struct decrypt_data {
1887 bool is_psk;
1888 address initiator;
1889 unsigned ike_encr_alg;
1890 unsigned ike_encr_keylen;
1891 unsigned ike_hash_alg;
1892 int cipher_algo;
1893 size_t cipher_keylen;
1894 size_t cipher_blklen;
1895 int digest_algo;
1896 unsigned digest_len;
1897 unsigned group;
1898 char *gi;
1899 unsigned gi_len;
1900 char *gr;
1901 unsigned gr_len;
1902 unsigned char secret[MAX_KEY_SIZE];
1903 unsigned secret_len;
1904 GHashTable *iv_hash;
1905 unsigned state;
1906 } decrypt_data_t;
1907
1908 /* IKEv1: Lookup from Initiator-SPI -> decrypt_data_t* */
1909 static GHashTable *isakmp_hash;
1910
1911 static ikev1_uat_data_key_t* ikev1_uat_data;
1912 static uat_t * ikev1_uat;
1913 static unsigned num_ikev1_uat_data;
1914
1915 /* Specifications of encryption algorithms for IKEv2 decryption */
1916 typedef struct _ikev2_encr_alg_spec {
1917 unsigned number;
1918 /* Length of encryption key */
1919 unsigned key_len;
1920 /* Block size of the cipher */
1921 unsigned block_len;
1922 /* Length of initialization vector */
1923 unsigned iv_len;
1924 /* Encryption algorithm ID to be passed to gcry_cipher_open() */
1925 int gcry_alg;
1926 /* Cipher mode to be passed to gcry_cipher_open() */
1927 int gcry_mode;
1928
1929 /* Salt length used in AEAD (GCM/CCM) mode. Salt value is last salt_len bytes of encr_key.
1930 * IV for decryption is the result of concatenating salt value and iv_len bytes of iv.
1931 * For non-AED ciphers salt_len 0 */
1932 unsigned salt_len;
1933 /* Authenticated Encryption TAG length (ICV) - length of data taken from end of encrypted output
1934 * used for integrity checksum, computed during decryption (for AEAD ciphers)*/
1935 unsigned icv_len;
1936
1937 } ikev2_encr_alg_spec_t;
1938
1939 #define IKEV2_ENCR_NULL 1
1940 #define IKEV2_ENCR_3DES 2
1941 #define IKEV2_ENCR_AES_CBC_128 3
1942 #define IKEV2_ENCR_AES_CBC_192 4
1943 #define IKEV2_ENCR_AES_CBC_256 5
1944
1945 #define IKEV2_ENCR_AES_CTR_128 6
1946 #define IKEV2_ENCR_AES_CTR_192 7
1947 #define IKEV2_ENCR_AES_CTR_256 8
1948
1949 /* AEAD algorithms. Require gcrypt_version >= 1.6.0 if integrity verification shall be performed */
1950 #define IKEV2_ENCR_AES_GCM_128_16 101
1951 #define IKEV2_ENCR_AES_GCM_192_16 102
1952 #define IKEV2_ENCR_AES_GCM_256_16 103
1953
1954 #define IKEV2_ENCR_AES_GCM_128_8 104
1955 #define IKEV2_ENCR_AES_GCM_192_8 105
1956 #define IKEV2_ENCR_AES_GCM_256_8 106
1957
1958 #define IKEV2_ENCR_AES_GCM_128_12 107
1959 #define IKEV2_ENCR_AES_GCM_192_12 108
1960 #define IKEV2_ENCR_AES_GCM_256_12 109
1961
1962 #define IKEV2_ENCR_AES_CCM_128_16 111
1963 #define IKEV2_ENCR_AES_CCM_192_16 112
1964 #define IKEV2_ENCR_AES_CCM_256_16 113
1965
1966 #define IKEV2_ENCR_AES_CCM_128_8 114
1967 #define IKEV2_ENCR_AES_CCM_192_8 115
1968 #define IKEV2_ENCR_AES_CCM_256_8 116
1969
1970 #define IKEV2_ENCR_AES_CCM_128_12 117
1971 #define IKEV2_ENCR_AES_CCM_192_12 118
1972 #define IKEV2_ENCR_AES_CCM_256_12 119
1973
1974
1975 static ikev2_encr_alg_spec_t ikev2_encr_algs[] = {
1976 {IKEV2_ENCR_NULL, 0, 1, 0, GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE, 0, 0},
1977 {IKEV2_ENCR_3DES, 24, 8, 8, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0, 0},
1978 {IKEV2_ENCR_AES_CBC_128, 16, 16, 16, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0, 0},
1979 {IKEV2_ENCR_AES_CBC_192, 24, 16, 16, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 0, 0},
1980 {IKEV2_ENCR_AES_CBC_256, 32, 16, 16, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 0, 0},
1981
1982 {IKEV2_ENCR_AES_CTR_128, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 4, 0},
1983 {IKEV2_ENCR_AES_CTR_192, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 0},
1984 {IKEV2_ENCR_AES_CTR_256, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 0},
1985
1986 /* GCM algorithms: key length: aes-length + 4 bytes of IV (salt), iv - 8 bytes */
1987 {IKEV2_ENCR_AES_GCM_128_16, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, 4, 16},
1988 {IKEV2_ENCR_AES_GCM_192_16, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_GCM, 4, 16},
1989 {IKEV2_ENCR_AES_GCM_256_16, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, 4, 16},
1990
1991 {IKEV2_ENCR_AES_GCM_128_8, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, 4, 8},
1992 {IKEV2_ENCR_AES_GCM_192_8, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_GCM, 4, 8},
1993 {IKEV2_ENCR_AES_GCM_256_8, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, 4, 8},
1994
1995 {IKEV2_ENCR_AES_GCM_128_12, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, 4, 12},
1996 {IKEV2_ENCR_AES_GCM_192_12, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_GCM, 4, 12},
1997 {IKEV2_ENCR_AES_GCM_256_12, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, 4, 12},
1998
1999 /* CCM algorithms: key length: aes-length + 3 bytes of salt, iv - 8 bytes */
2000 {IKEV2_ENCR_AES_CCM_128_16, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, 3, 16},
2001 {IKEV2_ENCR_AES_CCM_192_16, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CCM, 3, 16},
2002 {IKEV2_ENCR_AES_CCM_256_16, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, 3, 16},
2003
2004 {IKEV2_ENCR_AES_CCM_128_8, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, 3, 8},
2005 {IKEV2_ENCR_AES_CCM_192_8, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CCM, 3, 8},
2006 {IKEV2_ENCR_AES_CCM_256_8, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, 3, 8},
2007
2008 {IKEV2_ENCR_AES_CCM_128_12, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, 3, 12},
2009 {IKEV2_ENCR_AES_CCM_192_12, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CCM, 3, 12},
2010 {IKEV2_ENCR_AES_CCM_256_12, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, 3, 12},
2011
2012 {0, 0, 0, 0, 0, 0, 0, 0}
2013 };
2014
2015 /*
2016 * Specifications of authentication algorithms for
2017 * decryption and/or ICD (Integrity Checksum Data) checking of IKEv2
2018 */
2019 typedef struct _ikev2_auth_alg_spec {
2020 unsigned number;
2021 /* Output length of the hash algorithm */
2022 unsigned output_len;
2023 /* Length of the hash key */
2024 unsigned key_len;
2025 /* Actual ICD length after truncation */
2026 unsigned trunc_len;
2027 /* Hash algorithm ID to be passed to gcry_md_open() */
2028 int gcry_alg;
2029 /* Flags to be passed to gcry_md_open() */
2030 unsigned gcry_flag;
2031 } ikev2_auth_alg_spec_t;
2032
2033 #define IKEV2_AUTH_NONE 1
2034 #define IKEV2_AUTH_HMAC_MD5_96 2
2035 #define IKEV2_AUTH_HMAC_SHA1_96 3
2036 #define IKEV2_AUTH_HMAC_SHA2_256_96 4
2037 #define IKEV2_AUTH_HMAC_SHA2_256_128 5
2038 #define IKEV2_AUTH_HMAC_SHA2_384_192 6
2039 #define IKEV2_AUTH_HMAC_SHA2_512_256 7
2040 #define IKEV2_AUTH_ANY_96BITS 8
2041 #define IKEV2_AUTH_ANY_128BITS 9
2042 #define IKEV2_AUTH_ANY_160BITS 10
2043 #define IKEV2_AUTH_ANY_192BITS 11
2044 #define IKEV2_AUTH_ANY_256BITS 12
2045 #define IKEV2_AUTH_ANY_64BITS 13
2046 #define IKEV2_AUTH_HMAC_MD5_128 14
2047 #define IKEV2_AUTH_HMAC_SHA1_160 15
2048
2049 static ikev2_auth_alg_spec_t ikev2_auth_algs[] = {
2050 /*{number, output_len, key_len, trunc_len, gcry_alg, gcry_flag}*/
2051 {IKEV2_AUTH_NONE, 0, 0, 0, GCRY_MD_NONE, 0},
2052 {IKEV2_AUTH_HMAC_MD5_96, 16, 16, 12, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC},
2053 {IKEV2_AUTH_HMAC_SHA1_96, 20, 20, 12, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC},
2054 {IKEV2_AUTH_HMAC_MD5_128, 16, 16, 16, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC},
2055 {IKEV2_AUTH_HMAC_SHA1_160, 20, 20, 20, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC},
2056 {IKEV2_AUTH_HMAC_SHA2_256_96, 32, 32, 12, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC},
2057 {IKEV2_AUTH_HMAC_SHA2_256_128, 32, 32, 16, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC},
2058 {IKEV2_AUTH_HMAC_SHA2_384_192, 48, 48, 24, GCRY_MD_SHA384, GCRY_MD_FLAG_HMAC},
2059 {IKEV2_AUTH_HMAC_SHA2_512_256, 64, 64, 32, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC},
2060 {IKEV2_AUTH_ANY_96BITS, 0, 0, 12, 0, 0},
2061 {IKEV2_AUTH_ANY_128BITS, 0, 0, 16, 0, 0},
2062 {IKEV2_AUTH_ANY_160BITS, 0, 0, 20, 0, 0},
2063 {IKEV2_AUTH_ANY_192BITS, 0, 0, 24, 0, 0},
2064 {IKEV2_AUTH_ANY_256BITS, 0, 0, 32, 0, 0},
2065 {IKEV2_AUTH_ANY_64BITS, 0, 0, 8, 0, 0},
2066
2067 {0, 0, 0, 0, 0, 0}
2068 };
2069
2070 typedef struct _ikev2_decrypt_data {
2071 unsigned char *encr_key;
2072 unsigned char *auth_key;
2073 ikev2_encr_alg_spec_t *encr_spec;
2074 ikev2_auth_alg_spec_t *auth_spec;
2075 } ikev2_decrypt_data_t;
2076
2077 typedef struct _ikev2_uat_data_key {
2078 unsigned char *spii;
2079 unsigned spii_len;
2080 unsigned char *spir;
2081 unsigned spir_len;
2082 } ikev2_uat_data_key_t;
2083
2084 typedef struct _ikev2_uat_data {
2085 ikev2_uat_data_key_t key;
2086 unsigned encr_alg;
2087 unsigned auth_alg;
2088 unsigned char *sk_ei;
2089 unsigned sk_ei_len;
2090 unsigned char *sk_er;
2091 unsigned sk_er_len;
2092 unsigned char *sk_ai;
2093 unsigned sk_ai_len;
2094 unsigned char *sk_ar;
2095 unsigned sk_ar_len;
2096 ikev2_encr_alg_spec_t *encr_spec;
2097 ikev2_auth_alg_spec_t *auth_spec;
2098 } ikev2_uat_data_t;
2099
2100 static ikev2_uat_data_t* ikev2_uat_data;
2101 static unsigned num_ikev2_uat_data;
2102 static uat_t* ikev2_uat;
2103
2104 /* IKEv2: (I-SPI, R-SPI) -> ikev2_uat_data_t* */
2105 static GHashTable *ikev2_key_hash;
2106
2107 #define IKEV2_ENCR_3DES_STR "3DES [RFC2451]"
2108 static const value_string vs_ikev2_encr_algs[] = {
2109 {IKEV2_ENCR_3DES, IKEV2_ENCR_3DES_STR},
2110 {IKEV2_ENCR_AES_CBC_128, "AES-CBC-128 [RFC3602]"},
2111 {IKEV2_ENCR_AES_CBC_192, "AES-CBC-192 [RFC3602]"},
2112 {IKEV2_ENCR_AES_CBC_256, "AES-CBC-256 [RFC3602]"},
2113 {IKEV2_ENCR_NULL, "NULL [RFC2410]"},
2114
2115 {IKEV2_ENCR_AES_CTR_128, "AES-CTR-128 [RFC5930]"},
2116 {IKEV2_ENCR_AES_CTR_192, "AES-CTR-192 [RFC5930]"},
2117 {IKEV2_ENCR_AES_CTR_256, "AES-CTR-256 [RFC5930]"},
2118
2119 {IKEV2_ENCR_AES_GCM_128_16, "AES-GCM-128 with 16 octet ICV [RFC5282]"},
2120 {IKEV2_ENCR_AES_GCM_192_16, "AES-GCM-192 with 16 octet ICV [RFC5282]"},
2121 {IKEV2_ENCR_AES_GCM_256_16, "AES-GCM-256 with 16 octet ICV [RFC5282]"},
2122
2123 {IKEV2_ENCR_AES_GCM_128_8, "AES-GCM-128 with 8 octet ICV [RFC5282]"},
2124 {IKEV2_ENCR_AES_GCM_192_8, "AES-GCM-192 with 8 octet ICV [RFC5282]"},
2125 {IKEV2_ENCR_AES_GCM_256_8, "AES-GCM-256 with 8 octet ICV [RFC5282]"},
2126
2127 {IKEV2_ENCR_AES_GCM_128_12, "AES-GCM-128 with 12 octet ICV [RFC5282]"},
2128 {IKEV2_ENCR_AES_GCM_192_12, "AES-GCM-192 with 12 octet ICV [RFC5282]"},
2129 {IKEV2_ENCR_AES_GCM_256_12, "AES-GCM-256 with 12 octet ICV [RFC5282]"},
2130
2131 {IKEV2_ENCR_AES_CCM_128_16, "AES-CCM-128 with 16 octet ICV [RFC5282]"},
2132 {IKEV2_ENCR_AES_CCM_192_16, "AES-CCM-192 with 16 octet ICV [RFC5282]"},
2133 {IKEV2_ENCR_AES_CCM_256_16, "AES-CCM-256 with 16 octet ICV [RFC5282]"},
2134
2135 {IKEV2_ENCR_AES_CCM_128_8, "AES-CCM-128 with 8 octet ICV [RFC5282]"},
2136 {IKEV2_ENCR_AES_CCM_192_8, "AES-CCM-192 with 8 octet ICV [RFC5282]"},
2137 {IKEV2_ENCR_AES_CCM_256_8, "AES-CCM-256 with 8 octet ICV [RFC5282]"},
2138
2139 {IKEV2_ENCR_AES_CCM_128_12, "AES-CCM-128 with 12 octet ICV [RFC5282]"},
2140 {IKEV2_ENCR_AES_CCM_192_12, "AES-CCM-192 with 12 octet ICV [RFC5282]"},
2141 {IKEV2_ENCR_AES_CCM_256_12, "AES-CCM-256 with 12 octet ICV [RFC5282]"},
2142
2143 {0, NULL}
2144 };
2145
2146 #define IKEV2_AUTH_HMAC_SHA1_96_STR "HMAC_SHA1_96 [RFC2404]"
2147 static const value_string vs_ikev2_auth_algs[] = {
2148 {IKEV2_AUTH_HMAC_MD5_96, "HMAC_MD5_96 [RFC2403]"},
2149 {IKEV2_AUTH_HMAC_SHA1_96, IKEV2_AUTH_HMAC_SHA1_96_STR},
2150 {IKEV2_AUTH_HMAC_MD5_128, "HMAC_MD5_128 [RFC4595]"},
2151 {IKEV2_AUTH_HMAC_SHA1_160, "HMAC_SHA1_160 [RFC4595]"},
2152 {IKEV2_AUTH_HMAC_SHA2_256_96, "HMAC_SHA2_256_96 [draft-ietf-ipsec-ciph-sha-256-00]"},
2153 {IKEV2_AUTH_HMAC_SHA2_256_128, "HMAC_SHA2_256_128 [RFC4868]"},
2154 {IKEV2_AUTH_HMAC_SHA2_384_192, "HMAC_SHA2_384_192 [RFC4868]"},
2155 {IKEV2_AUTH_HMAC_SHA2_512_256, "HMAC_SHA2_512_256 [RFC4868]"},
2156 {IKEV2_AUTH_NONE, "NONE [RFC4306]"},
2157 {IKEV2_AUTH_ANY_64BITS, "ANY 64-bits of Authentication [No Checking]"},
2158 {IKEV2_AUTH_ANY_96BITS, "ANY 96-bits of Authentication [No Checking]"},
2159 {IKEV2_AUTH_ANY_128BITS, "ANY 128-bits of Authentication [No Checking]"},
2160 {IKEV2_AUTH_ANY_160BITS, "ANY 160-bits of Authentication [No Checking]"},
2161 {IKEV2_AUTH_ANY_192BITS, "ANY 192-bits of Authentication [No Checking]"},
2162 {IKEV2_AUTH_ANY_256BITS, "ANY 256-bits of Authentication [No Checking]"},
2163 {0, NULL}
2164 };
2165
2166 static ikev2_encr_alg_spec_t* ikev2_decrypt_find_encr_spec(unsigned num) {
2167 ikev2_encr_alg_spec_t *e;
2168
2169 for (e = ikev2_encr_algs; e->number != 0; e++) {
2170 if (e->number == num) {
2171 return e;
2172 }
2173 }
2174 return NULL;
2175 }
2176
2177 static ikev2_auth_alg_spec_t* ikev2_decrypt_find_auth_spec(unsigned num) {
2178 ikev2_auth_alg_spec_t *a;
2179
2180 for (a = ikev2_auth_algs; a->number != 0; a++) {
2181 if (a->number == num) {
2182 return a;
2183 }
2184 }
2185 return NULL;
2186 }
2187
2188 static int ikev1_find_gcry_cipher_algo(unsigned ike_cipher, unsigned ike_keylen) {
2189 switch(ike_cipher) {
2190 case ENC_3DES_CBC:
2191 return GCRY_CIPHER_3DES;
2192
2193 case ENC_DES_CBC:
2194 return GCRY_CIPHER_DES;
2195
2196 case ENC_AES_CBC:
2197 switch (ike_keylen) {
2198 case 128:
2199 return GCRY_CIPHER_AES128;
2200 case 192:
2201 return GCRY_CIPHER_AES192;
2202 case 256:
2203 return GCRY_CIPHER_AES256;
2204 }
2205 return GCRY_CIPHER_NONE;
2206 }
2207 return GCRY_CIPHER_NONE;
2208 }
2209
2210 static int ikev1_find_gcry_md_algo(unsigned ike_hash) {
2211 switch(ike_hash) {
2212 case HMAC_MD5:
2213 return GCRY_MD_MD5;
2214 case HMAC_SHA:
2215 return GCRY_MD_SHA1;
2216 case HMAC_SHA2_256:
2217 return GCRY_MD_SHA256;
2218 case HMAC_SHA2_384:
2219 return GCRY_MD_SHA384;
2220 case HMAC_SHA2_512:
2221 return GCRY_MD_SHA512;
2222 }
2223 return GCRY_MD_NONE;
2224 }
2225
2226 static void *
2227 generate_iv(const void *b1, size_t b1_len,
2228 const void *b2, size_t b2_len,
2229 int md_algo, size_t iv_len) {
2230
2231 gcry_md_hd_t md_ctx;
2232 void *iv;
2233
2234 if (gcry_md_open(&md_ctx, md_algo, 0) != GPG_ERR_NO_ERROR)
2235 return NULL;
2236
2237 gcry_md_write(md_ctx, b1, b1_len);
2238 gcry_md_write(md_ctx, b2, b2_len);
2239
2240 iv = wmem_alloc(wmem_file_scope(), iv_len);
2241 memcpy(iv, gcry_md_read(md_ctx, md_algo), iv_len);
2242 gcry_md_close(md_ctx);
2243
2244 return iv;
2245 }
2246
2247 /* Get the IV previously stored for the current message ID,
2248 * or create a new IV if the message ID was not seen before.
2249 * The caller owns the result and does not need to copy it.
2250 * This function may return NULL.
2251 */
2252 static gpointer
2253 get_iv(uint32_t message_id, decrypt_data_t *decr) {
2254 gpointer iv, iv1;
2255 size_t cipher_blklen;
2256 void *msgid_key;
2257 uint32_t msgid_net;
2258 bool found;
2259
2260 cipher_blklen = decr->cipher_blklen;
2261
2262 /* Get the current IV for the given message ID,
2263 * and remove it from the hash table without destroying it. */
2264 msgid_key = GINT_TO_POINTER(message_id);
2265 found = g_hash_table_lookup_extended(decr->iv_hash, msgid_key, NULL, &iv);
2266 if (found) {
2267 g_hash_table_steal(decr->iv_hash, msgid_key);
2268 return iv;
2269 }
2270
2271 /* No IV for this message ID was found; a new phase has started.
2272 * Generate the first IV for it from its message ID and the current
2273 * phase 1 IV. The phase 1 IV always exists in the hash table
2274 * and is not NULL.
2275 */
2276 iv1 = g_hash_table_lookup(decr->iv_hash, GINT_TO_POINTER(0));
2277 msgid_net = g_htonl(message_id);
2278 iv = generate_iv(iv1, cipher_blklen,
2279 &msgid_net, sizeof(msgid_net),
2280 decr->digest_algo, cipher_blklen);
2281 return iv;
2282 }
2283
2284 /* Fill in the next IV from the final ciphertext block. */
2285 static void
2286 set_next_iv(const uint8_t *buf, unsigned buf_len, uint32_t message_id, decrypt_data_t *decr) {
2287 void *iv;
2288 size_t cipher_blklen;
2289 void *msgid_key;
2290
2291 cipher_blklen = decr->cipher_blklen;
2292
2293 if (buf_len < cipher_blklen) {
2294 iv = NULL;
2295 } else {
2296 iv = wmem_alloc(wmem_file_scope(), cipher_blklen);
2297 memcpy(iv, buf + buf_len - cipher_blklen, cipher_blklen);
2298 }
2299
2300 msgid_key = GINT_TO_POINTER(message_id);
2301 g_hash_table_insert(decr->iv_hash, msgid_key, iv);
2302 }
2303
2304 static void
2305 update_ivs(packet_info *pinfo, const uint8_t *buf, unsigned buf_len, uint32_t message_id, decrypt_data_t *decr) {
2306 void *iv;
2307
2308 /* Get the current IV and store it as per-packet data. */
2309 iv = get_iv(message_id, decr);
2310 p_add_proto_data(wmem_file_scope(), pinfo, proto_isakmp, PINFO_CBC_IV, iv);
2311
2312 set_next_iv(buf, buf_len, message_id, decr);
2313 }
2314
2315 static bool
2316 prepare_decrypt_params(decrypt_data_t *decr) {
2317 decr->cipher_algo = ikev1_find_gcry_cipher_algo(decr->ike_encr_alg,
2318 decr->ike_encr_keylen);
2319 decr->digest_algo = ikev1_find_gcry_md_algo(decr->ike_hash_alg);
2320
2321 if (decr->cipher_algo == GCRY_CIPHER_NONE ||
2322 decr->digest_algo == GCRY_MD_NONE)
2323 return false;
2324
2325 decr->cipher_keylen = gcry_cipher_get_algo_keylen(decr->cipher_algo);
2326 decr->cipher_blklen = gcry_cipher_get_algo_blklen(decr->cipher_algo);
2327 decr->digest_len = gcry_md_get_algo_dlen(decr->digest_algo);
2328
2329 if (decr->secret_len < decr->cipher_keylen ||
2330 decr->digest_len < decr->cipher_blklen)
2331 return false;
2332
2333 if (decr->gi_len == 0 || decr->gr_len == 0)
2334 return false;
2335
2336 return true;
2337 }
2338
2339 /* Generate phase 1 IV from DH values
2340 * and store it into the IV hash table. */
2341 static bool
2342 prepare_phase1_iv(decrypt_data_t *decr) {
2343 void *iv;
2344
2345 iv = generate_iv(decr->gi, decr->gi_len,
2346 decr->gr, decr->gr_len,
2347 decr->digest_algo, decr->cipher_blklen);
2348 if (!iv)
2349 return false;
2350
2351 g_hash_table_insert(decr->iv_hash, GINT_TO_POINTER(0), iv);
2352 return true;
2353 }
2354
2355 static bool
2356 prepare_decrypt(decrypt_data_t *decr) {
2357 bool result;
2358
2359 if (!decr)
2360 return false;
2361
2362 if (decr->state == DECR_PARAMS_INIT) {
2363 /* Short-circuit evaluation is intended. */
2364 result = prepare_decrypt_params(decr) &&
2365 prepare_phase1_iv(decr);
2366 decr->state = result ? DECR_PARAMS_READY : DECR_PARAMS_FAIL;
2367 }
2368
2369 return (decr->state == DECR_PARAMS_READY);
2370 }
2371
2372 static decrypt_data_t *
2373 create_decrypt_data(void) {
2374 decrypt_data_t *decr;
2375
2376 decr = (decrypt_data_t *)g_slice_alloc(sizeof(decrypt_data_t));
2377 memset(decr, 0, sizeof(decrypt_data_t));
2378 decr->iv_hash = g_hash_table_new(NULL, NULL);
2379 clear_address(&decr->initiator);
2380
2381 return decr;
2382 }
2383
2384 static tvbuff_t *
2385 decrypt_payload(tvbuff_t *tvb, packet_info *pinfo, const uint8_t *buf, unsigned buf_len, decrypt_data_t *decr) {
2386 uint8_t *decrypted_data;
2387 gcry_cipher_hd_t decr_ctx;
2388 tvbuff_t *encr_tvb;
2389 void *iv;
2390 bool error;
2391
2392 if (buf_len < decr->cipher_blklen)
2393 return NULL;
2394
2395 iv = p_get_proto_data(wmem_file_scope(), pinfo, proto_isakmp, PINFO_CBC_IV);
2396 if (!iv)
2397 return NULL;
2398
2399 if (gcry_cipher_open(&decr_ctx, decr->cipher_algo, GCRY_CIPHER_MODE_CBC, 0) != GPG_ERR_NO_ERROR)
2400 return NULL;
2401
2402 decrypted_data = (uint8_t *)wmem_alloc(pinfo->pool, buf_len);
2403
2404 /* Short-circuit evaluation is intended. */
2405 error = gcry_cipher_setiv(decr_ctx, iv, decr->cipher_blklen) ||
2406 gcry_cipher_setkey(decr_ctx, decr->secret, decr->secret_len) ||
2407 gcry_cipher_decrypt(decr_ctx, decrypted_data, buf_len, buf, buf_len);
2408
2409 gcry_cipher_close(decr_ctx);
2410 if (error)
2411 return NULL;
2412
2413 encr_tvb = tvb_new_child_real_data(tvb, decrypted_data, buf_len, buf_len);
2414
2415 /* Add the decrypted data to the data source list. */
2416 add_new_data_source(pinfo, encr_tvb, "Decrypted IKE");
2417
2418 return encr_tvb;
2419 }
2420
2421 static proto_tree *dissect_payload_header(tvbuff_t *, packet_info *, int, int, int, uint8_t,
2422 uint8_t *, uint16_t *, proto_tree *);
2423
2424 static void dissect_sa(tvbuff_t *, int, int, proto_tree *, int, packet_info *, bool, void*);
2425 static void dissect_proposal(tvbuff_t *, packet_info *, int, int, proto_tree *, int, void*);
2426 static void dissect_transform(tvbuff_t *, packet_info *, int, int, proto_tree *, int, int, void*);
2427 static void dissect_key_exch(tvbuff_t *, int, int, proto_tree *, int, packet_info *, void*);
2428 static void dissect_id_type(tvbuff_t *, int, int, uint8_t, proto_tree *, proto_item *, packet_info *);
2429 static void dissect_id(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
2430 static void dissect_cert(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
2431 static void dissect_certreq(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
2432 static void dissect_auth(tvbuff_t *, packet_info *, int, int, proto_tree *);
2433 static void dissect_hash(tvbuff_t *, int, int, proto_tree *);
2434 static void dissect_sig(tvbuff_t *, int, int, proto_tree *);
2435 static void dissect_nonce(tvbuff_t *, int, int, proto_tree *);
2436 static void dissect_notif(tvbuff_t *, packet_info *, int, int, proto_tree *, int);
2437 static void dissect_delete(tvbuff_t *, int, int, proto_tree *, int);
2438 static int dissect_vid(tvbuff_t *, int, int, proto_tree *);
2439 static void dissect_config(tvbuff_t *, packet_info *, int, int, proto_tree *, int, bool);
2440 static void dissect_sa_kek(tvbuff_t *, packet_info *, int, int, proto_tree *);
2441 static void dissect_sa_tek(tvbuff_t *, packet_info *, int, int, proto_tree *);
2442 static void dissect_key_download(tvbuff_t *, packet_info *, int, int, proto_tree *, int);
2443 static void dissect_sequence(tvbuff_t *, packet_info *, int, int, proto_tree *);
2444 static void dissect_nat_discovery(tvbuff_t *, int, int, proto_tree * );
2445 static void dissect_nat_original_address(tvbuff_t *, int, int, proto_tree *, int );
2446 static void dissect_ts_payload(tvbuff_t *, int, int, proto_tree *);
2447 static tvbuff_t * dissect_enc(tvbuff_t *, int, int, proto_tree *, packet_info *, uint8_t, bool, void*, bool);
2448 static void dissect_eap(tvbuff_t *, int, int, proto_tree *, packet_info *);
2449 static void dissect_gspm(tvbuff_t *, int, int, proto_tree *);
2450 static void dissect_symmetric_key(tvbuff_t *, int, int, proto_tree *);
2451 static void dissect_cisco_fragmentation(tvbuff_t *, int, int, proto_tree *, packet_info *);
2452
2453 /* State of current fragmentation within a conversation */
2454 typedef struct ikev2_fragmentation_state_t {
2455 uint32_t message_id;
2456 uint8_t next_payload;
2457 } ikev2_fragmentation_state_t;
2458
2459 /* frame_number -> next_payload. The key will be the frame that completes the original message */
2460 static GHashTable *defrag_next_payload_hash;
2461
2462 static void dissect_ikev2_fragmentation(tvbuff_t *, int, proto_tree *, packet_info *, uint32_t message_id, uint8_t next_payload,
2463 bool is_request, void* decr_info);
2464
2465 static const uint8_t VID_SSH_IPSEC_EXPRESS_1_1_0[] = { /* Ssh Communications Security IPSEC Express version 1.1.0 */
2466 0xfB, 0xF4, 0x76, 0x14, 0x98, 0x40, 0x31, 0xFA,
2467 0x8E, 0x3B, 0xB6, 0x19, 0x80, 0x89, 0xB2, 0x23
2468 };
2469
2470 static const uint8_t VID_SSH_IPSEC_EXPRESS_1_1_1[] = { /* Ssh Communications Security IPSEC Express version 1.1.1 */
2471 0x19, 0x52, 0xDC, 0x91, 0xAC, 0x20, 0xF6, 0x46,
2472 0xFB, 0x01, 0xCF, 0x42, 0xA3, 0x3A, 0xEE, 0x30
2473 };
2474
2475 static const uint8_t VID_SSH_IPSEC_EXPRESS_1_1_2[] = { /* Ssh Communications Security IPSEC Express version 1.1.2 */
2476 0xE8, 0xBF, 0xFA, 0x64, 0x3E, 0x5C, 0x8F, 0x2C,
2477 0xD1, 0x0F, 0xDA, 0x73, 0x70, 0xB6, 0xEB, 0xE5
2478 };
2479
2480 static const uint8_t VID_SSH_IPSEC_EXPRESS_1_2_1[] = { /* Ssh Communications Security IPSEC Express version 1.2.1 */
2481 0xC1, 0x11, 0x1B, 0x2D, 0xEE, 0x8C, 0xBC, 0x3D,
2482 0x62, 0x05, 0x73, 0xEC, 0x57, 0xAA, 0xB9, 0xCB
2483 };
2484
2485 static const uint8_t VID_SSH_IPSEC_EXPRESS_1_2_2[] = { /* Ssh Communications Security IPSEC Express version 1.2.2 */
2486 0x09, 0xEC, 0x27, 0xBF, 0xBC, 0x09, 0xC7, 0x58,
2487 0x23, 0xCF, 0xEC, 0xBF, 0xFE, 0x56, 0x5A, 0x2E
2488 };
2489
2490 static const uint8_t VID_SSH_IPSEC_EXPRESS_2_0_0[] = { /* SSH Communications Security IPSEC Express version 2.0.0 */
2491 0x7F, 0x21, 0xA5, 0x96, 0xE4, 0xE3, 0x18, 0xF0,
2492 0xB2, 0xF4, 0x94, 0x4C, 0x23, 0x84, 0xCB, 0x84
2493 };
2494
2495 static const uint8_t VID_SSH_IPSEC_EXPRESS_2_1_0[] = { /* SSH Communications Security IPSEC Express version 2.1.0 */
2496 0x28, 0x36, 0xD1, 0xFD, 0x28, 0x07, 0xBC, 0x9E,
2497 0x5A, 0xE3, 0x07, 0x86, 0x32, 0x04, 0x51, 0xEC
2498 };
2499
2500 static const uint8_t VID_SSH_IPSEC_EXPRESS_2_1_1[] = { /* SSH Communications Security IPSEC Express version 2.1.1 */
2501 0xA6, 0x8D, 0xE7, 0x56, 0xA9, 0xC5, 0x22, 0x9B,
2502 0xAE, 0x66, 0x49, 0x80, 0x40, 0x95, 0x1A, 0xD5
2503 };
2504
2505 static const uint8_t VID_SSH_IPSEC_EXPRESS_2_1_2[] = { /* SSH Communications Security IPSEC Express version 2.1.2 */
2506 0x3F, 0x23, 0x72, 0x86, 0x7E, 0x23, 0x7C, 0x1C,
2507 0xD8, 0x25, 0x0A, 0x75, 0x55, 0x9C, 0xAE, 0x20
2508 };
2509
2510 static const uint8_t VID_SSH_IPSEC_EXPRESS_3_0_0[] = { /* SSH Communications Security IPSEC Express version 3.0.0 */
2511 0x0E, 0x58, 0xD5, 0x77, 0x4D, 0xF6, 0x02, 0x00,
2512 0x7D, 0x0B, 0x02, 0x44, 0x36, 0x60, 0xF7, 0xEB
2513 };
2514
2515 static const uint8_t VID_SSH_IPSEC_EXPRESS_3_0_1[] = { /* SSH Communications Security IPSEC Express version 3.0.1 */
2516 0xF5, 0xCE, 0x31, 0xEB, 0xC2, 0x10, 0xF4, 0x43,
2517 0x50, 0xCF, 0x71, 0x26, 0x5B, 0x57, 0x38, 0x0F
2518 };
2519
2520 static const uint8_t VID_SSH_IPSEC_EXPRESS_4_0_0[] = { /* SSH Communications Security IPSEC Express version 4.0.0 */
2521 0xF6, 0x42, 0x60, 0xAF, 0x2E, 0x27, 0x42, 0xDA,
2522 0xDD, 0xD5, 0x69, 0x87, 0x06, 0x8A, 0x99, 0xA0
2523 };
2524
2525 static const uint8_t VID_SSH_IPSEC_EXPRESS_4_0_1[] = { /* SSH Communications Security IPSEC Express version 4.0.1 */
2526 0x7A, 0x54, 0xD3, 0xBD, 0xB3, 0xB1, 0xE6, 0xD9,
2527 0x23, 0x89, 0x20, 0x64, 0xBE, 0x2D, 0x98, 0x1C
2528 };
2529
2530 static const uint8_t VID_SSH_IPSEC_EXPRESS_4_1_0[] = { /* SSH Communications Security IPSEC Express version 4.1.0 */
2531 0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D,
2532 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0x0C, 0xF2, 0x14
2533 };
2534
2535 static const uint8_t VID_SSH_IPSEC_EXPRESS_4_1_1[] = { /* SSH Communications Security IPSEC Express version 4.1.1 */
2536 0x89, 0xF7, 0xB7, 0x60, 0xD8, 0x6B, 0x01, 0x2A,
2537 0xCF, 0x26, 0x33, 0x82, 0x39, 0x4D, 0x96, 0x2F
2538 };
2539
2540 static const uint8_t VID_SSH_IPSEC_EXPRESS_4_2_0[] = { /* SSH Communications Security IPSEC Express version 4.2.0 */
2541 0x68, 0x80, 0xC7, 0xD0, 0x26, 0x09, 0x91, 0x14,
2542 0xE4, 0x86, 0xC5, 0x54, 0x30, 0xE7, 0xAB, 0xEE
2543 };
2544
2545 static const uint8_t VID_SSH_IPSEC_EXPRESS_5_0[] = { /* SSH Communications Security IPSEC Express version 5.0 */
2546 0xB0, 0x37, 0xA2, 0x1A, 0xCE, 0xCC, 0xB5, 0x57,
2547 0x0F, 0x60, 0x25, 0x46, 0xF9, 0x7B, 0xDE, 0x8C
2548 };
2549
2550 static const uint8_t VID_SSH_IPSEC_EXPRESS_5_0_0[] = { /* SSH Communications Security IPSEC Express version 5.0.0 */
2551 0x2B, 0x2D, 0xAD, 0x97, 0xC4, 0xD1, 0x40, 0x93,
2552 0x00, 0x53, 0x28, 0x7F, 0x99, 0x68, 0x50, 0xB0
2553 };
2554
2555 static const uint8_t VID_SSH_IPSEC_EXPRESS_5_1_0[] = { /* SSH Communications Security IPSEC Express version 5.1.0 */
2556 0x45, 0xE1, 0x7F, 0x3A, 0xBE, 0x93, 0x94, 0x4C,
2557 0xB2, 0x02, 0x91, 0x0C, 0x59, 0xEF, 0x80, 0x6B
2558 };
2559
2560 static const uint8_t VID_SSH_IPSEC_EXPRESS_5_1_1[] = { /* SSH Communications Security IPSEC Express version 5.1.1 */
2561 0x59, 0x25, 0x85, 0x9F, 0x73, 0x77, 0xED, 0x78,
2562 0x16, 0xD2, 0xFB, 0x81, 0xC0, 0x1F, 0xA5, 0x51
2563 };
2564
2565 static const uint8_t VID_SSH_SENTINEL[] = { /* SSH Sentinel */
2566 0x05, 0x41, 0x82, 0xA0, 0x7C, 0x7A, 0xE2, 0x06,
2567 0xF9, 0xD2, 0xCF, 0x9D, 0x24, 0x32, 0xC4, 0x82
2568 };
2569
2570 static const uint8_t VID_SSH_SENTINEL_1_1[] = { /* SSH Sentinel 1.1 */
2571 0xB9, 0x16, 0x23, 0xE6, 0x93, 0xCA, 0x18, 0xA5,
2572 0x4C, 0x6A, 0x27, 0x78, 0x55, 0x23, 0x05, 0xE8
2573 };
2574
2575 static const uint8_t VID_SSH_SENTINEL_1_2[] = { /* SSH Sentinel 1.2 */
2576 0x54, 0x30, 0x88, 0x8D, 0xE0, 0x1A, 0x31, 0xA6,
2577 0xFA, 0x8F, 0x60, 0x22, 0x4E, 0x44, 0x99, 0x58
2578 };
2579
2580 static const uint8_t VID_SSH_SENTINEL_1_3[] = { /* SSH Sentinel 1.3 */
2581 0x7E, 0xE5, 0xCB, 0x85, 0xF7, 0x1C, 0xE2, 0x59,
2582 0xC9, 0x4A, 0x5C, 0x73, 0x1E, 0xE4, 0xE7, 0x52
2583 };
2584
2585 static const uint8_t VID_SSH_SENTINEL_1_4[] = { /* SSH Sentinel 1.4 */
2586 0x63, 0xD9, 0xA1, 0xA7, 0x00, 0x94, 0x91, 0xB5,
2587 0xA0, 0xA6, 0xFD, 0xEB, 0x2A, 0x82, 0x84, 0xF0
2588 };
2589
2590 static const uint8_t VID_SSH_SENTINEL_1_4_1[] = { /* SSH Sentinel 1.4.1 */
2591 0xEB, 0x4B, 0x0D, 0x96, 0x27, 0x6B, 0x4E, 0x22,
2592 0x0A, 0xD1, 0x62, 0x21, 0xA7, 0xB2, 0xA5, 0xE6
2593 };
2594
2595 static const uint8_t VID_SSH_QUICKSEC_0_9_0[] = { /* SSH Communications Security QuickSec 0.9.0 */
2596 0x37, 0xEB, 0xA0, 0xC4, 0x13, 0x61, 0x84, 0xE7,
2597 0xDA, 0xF8, 0x56, 0x2A, 0x77, 0x06, 0x0B, 0x4A
2598 };
2599
2600 static const uint8_t VID_SSH_QUICKSEC_1_1_0[] = { /* SSH Communications Security QuickSec 1.1.0 */
2601 0x5D, 0x72, 0x92, 0x5E, 0x55, 0x94, 0x8A, 0x96,
2602 0x61, 0xA7, 0xFC, 0x48, 0xFD, 0xEC, 0x7F, 0xF9
2603 };
2604
2605 static const uint8_t VID_SSH_QUICKSEC_1_1_1[] = { /* SSH Communications Security QuickSec 1.1.1 */
2606 0x77, 0x7F, 0xBF, 0x4C, 0x5A, 0xF6, 0xD1, 0xCD,
2607 0xD4, 0xB8, 0x95, 0xA0, 0x5B, 0xF8, 0x25, 0x94
2608 };
2609
2610 static const uint8_t VID_SSH_QUICKSEC_1_1_2[] = { /* SSH Communications Security QuickSec 1.1.2 */
2611 0x2C, 0xDF, 0x08, 0xE7, 0x12, 0xED, 0xE8, 0xA5,
2612 0x97, 0x87, 0x61, 0x26, 0x7C, 0xD1, 0x9B, 0x91
2613 };
2614
2615 static const uint8_t VID_SSH_QUICKSEC_1_1_3[] = { /* SSH Communications Security QuickSec 1.1.3 */
2616 0x59, 0xE4, 0x54, 0xA8, 0xC2, 0xCF, 0x02, 0xA3,
2617 0x49, 0x59, 0x12, 0x1F, 0x18, 0x90, 0xBC, 0x87
2618 };
2619
2620 static const uint8_t VID_draft_huttunen_ipsec_esp_in_udp_00[] = { /* draft-huttunen-ipsec-esp-in-udp-00.txt */
2621 0x6A, 0x74, 0x34, 0xC1, 0x9D, 0x7E, 0x36, 0x34,
2622 0x80, 0x90, 0xA0, 0x23, 0x34, 0xC9, 0xC8, 0x05
2623 };
2624
2625 static const uint8_t VID_draft_huttunen_ipsec_esp_in_udp_01[] = { /* draft-huttunen-ipsec-esp-in-udp-01.txt */
2626 0x50, 0x76, 0x0F, 0x62, 0x4C, 0x63, 0xE5, 0xC5,
2627 0x3E, 0xEA, 0x38, 0x6C, 0x68, 0x5C, 0xA0, 0x83
2628 };
2629
2630 static const uint8_t VID_draft_stenberg_ipsec_nat_traversal_01[] = { /* draft-stenberg-ipsec-nat-traversal-01 */
2631 0x27, 0xBA, 0xB5, 0xDC, 0x01, 0xEA, 0x07, 0x60,
2632 0xEA, 0x4E, 0x31, 0x90, 0xAC, 0x27, 0xC0, 0xD0
2633 };
2634
2635 static const uint8_t VID_draft_stenberg_ipsec_nat_traversal_02[]= { /* draft-stenberg-ipsec-nat-traversal-02 */
2636 0x61, 0x05, 0xC4, 0x22, 0xE7, 0x68, 0x47, 0xE4,
2637 0x3F, 0x96, 0x84, 0x80, 0x12, 0x92, 0xAE, 0xCD
2638 };
2639
2640 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike[]= { /* draft-ietf-ipsec-nat-t-ike */
2641 0x4D, 0xF3, 0x79, 0x28, 0xE9, 0xFC, 0x4F, 0xD1,
2642 0xB3, 0x26, 0x21, 0x70, 0xD5, 0x15, 0xC6, 0x62
2643 };
2644
2645 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_00[]= { /* draft-ietf-ipsec-nat-t-ike-00 */
2646 0x44, 0x85, 0x15, 0x2D, 0x18, 0xB6, 0xBB, 0xCD,
2647 0x0B, 0xE8, 0xA8, 0x46, 0x95, 0x79, 0xDD, 0xCC
2648 };
2649
2650 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_01[]= { /* "draft-ietf-ipsec-nat-t-ike-01" */
2651 0x16, 0xF6, 0xCA, 0x16, 0xE4, 0xA4, 0x06, 0x6D,
2652 0x83, 0x82, 0x1A, 0x0F, 0x0A, 0xEA, 0xA8, 0x62
2653 };
2654
2655 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_02[]= { /* draft-ietf-ipsec-nat-t-ike-02 */
2656 0xCD, 0x60, 0x46, 0x43, 0x35, 0xDF, 0x21, 0xF8,
2657 0x7C, 0xFD, 0xB2, 0xFC, 0x68, 0xB6, 0xA4, 0x48
2658 };
2659
2660 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_02n[]= { /* draft-ietf-ipsec-nat-t-ike-02\n */
2661 0x90, 0xCB, 0x80, 0x91, 0x3E, 0xBB, 0x69, 0x6E,
2662 0x08, 0x63, 0x81, 0xB5, 0xEC, 0x42, 0x7B, 0x1F
2663 };
2664
2665 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_03[] = { /* draft-ietf-ipsec-nat-t-ike-03 */
2666 0x7D, 0x94, 0x19, 0xA6, 0x53, 0x10, 0xCA, 0x6F,
2667 0x2C, 0x17, 0x9D, 0x92, 0x15, 0x52, 0x9d, 0x56
2668 };
2669
2670 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_04[] = { /* draft-ietf-ipsec-nat-t-ike-04 */
2671 0x99, 0x09, 0xb6, 0x4e, 0xed, 0x93, 0x7c, 0x65,
2672 0x73, 0xde, 0x52, 0xac, 0xe9, 0x52, 0xfa, 0x6b
2673 };
2674 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_05[] = { /* draft-ietf-ipsec-nat-t-ike-05 */
2675 0x80, 0xd0, 0xbb, 0x3d, 0xef, 0x54, 0x56, 0x5e,
2676 0xe8, 0x46, 0x45, 0xd4, 0xc8, 0x5c, 0xe3, 0xee
2677 };
2678 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_06[] = { /* draft-ietf-ipsec-nat-t-ike-06 */
2679 0x4d, 0x1e, 0x0e, 0x13, 0x6d, 0xea, 0xfa, 0x34,
2680 0xc4, 0xf3, 0xea, 0x9f, 0x02, 0xec, 0x72, 0x85
2681 };
2682 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_07[] = { /* draft-ietf-ipsec-nat-t-ike-07 */
2683 0x43, 0x9b, 0x59, 0xf8, 0xba, 0x67, 0x6c, 0x4c,
2684 0x77, 0x37, 0xae, 0x22, 0xea, 0xb8, 0xf5, 0x82
2685 };
2686 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_08[] = { /* draft-ietf-ipsec-nat-t-ike-08 */
2687 0x8f, 0x8d, 0x83, 0x82, 0x6d, 0x24, 0x6b, 0x6f,
2688 0xc7, 0xa8, 0xa6, 0xa4, 0x28, 0xc1, 0x1d, 0xe8
2689 };
2690 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_09[] = { /* draft-ietf-ipsec-nat-t-ike-09 */
2691 0x42, 0xea, 0x5b, 0x6f, 0x89, 0x8d, 0x97, 0x73,
2692 0xa5, 0x75, 0xdf, 0x26, 0xe7, 0xdd, 0x19, 0xe1
2693 };
2694 static const uint8_t VID_testing_nat_t_rfc[] = { /* Testing NAT-T RFC */
2695 0xc4, 0x0f, 0xee, 0x00, 0xd5, 0xd3, 0x9d, 0xdb,
2696 0x1f, 0xc7, 0x62, 0xe0, 0x9b, 0x7c, 0xfe, 0xa7
2697 };
2698
2699 static const uint8_t VID_rfc3947_nat_t[] = { /* RFC 3947 Negotiation of NAT-Traversal in the IKE */
2700 0x4a, 0x13, 0x1c, 0x81, 0x07, 0x03, 0x58, 0x45,
2701 0x5c, 0x57, 0x28, 0xf2, 0x0e, 0x95, 0x45, 0x2f
2702 };
2703 static const uint8_t VID_draft_beaulieu_ike_xauth_02[]= { /* draft-beaulieu-ike-xauth-02.txt 02 or 06 ??*/
2704 0x09, 0x00, 0x26, 0x89, 0xDF, 0xD6, 0xB7, 0x12,
2705 0x80, 0xA2, 0x24, 0xDE, 0xC3, 0x3B, 0x81, 0xE5
2706 };
2707
2708 static const uint8_t VID_xauth[]= { /* XAUTH (truncated MD5 hash of "draft-ietf-ipsra-isakmp-xauth-06.txt") */
2709 0x09, 0x00, 0x26, 0x89, 0xDF, 0xD6, 0xB7, 0x12
2710 };
2711
2712 static const uint8_t VID_rfc3706_dpd[]= { /* RFC 3706 */
2713 0xAF, 0xCA, 0xD7, 0x13, 0x68, 0xA1, 0xF1, 0xC9,
2714 0x6B, 0x86, 0x96, 0xFC, 0x77, 0x57, 0x01, 0x00
2715 };
2716 static const uint8_t VID_draft_ietf_ipsec_antireplay_00[]= { /* draft-ietf-ipsec-antireplay-00.txt */
2717 0x32, 0x5D, 0xF2, 0x9A, 0x23, 0x19, 0xF2, 0xDD
2718 };
2719
2720 static const uint8_t VID_draft_ietf_ipsec_heartbeats_00[]= { /* draft-ietf-ipsec-heartbeats-00.txt */
2721 0x8D, 0xB7, 0xA4, 0x18, 0x11, 0x22, 0x16, 0x60
2722 };
2723 static const uint8_t VID_IKE_CHALLENGE_RESPONSE_1[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys */
2724 0xBA, 0x29, 0x04, 0x99, 0xC2, 0x4E, 0x84, 0xE5,
2725 0x3A, 0x1D, 0x83, 0xA0, 0x5E, 0x5F, 0x00, 0xC9
2726 };
2727
2728 static const uint8_t VID_IKE_CHALLENGE_RESPONSE_2[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys */
2729 0x0D, 0x33, 0x61, 0x1A, 0x5D, 0x52, 0x1B, 0x5E,
2730 0x3C, 0x9C, 0x03, 0xD2, 0xFC, 0x10, 0x7E, 0x12
2731 };
2732
2733 static const uint8_t VID_IKE_CHALLENGE_RESPONSE_REV_1[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
2734
2735 0xAD, 0x32, 0x51, 0x04, 0x2C, 0xDC, 0x46, 0x52,
2736 0xC9, 0xE0, 0x73, 0x4C, 0xE5, 0xDE, 0x4C, 0x7D
2737 };
2738
2739 static const uint8_t VID_IKE_CHALLENGE_RESPONSE_REV_2[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
2740 0x01, 0x3F, 0x11, 0x82, 0x3F, 0x96, 0x6F, 0xA9,
2741 0x19, 0x00, 0xF0, 0x24, 0xBA, 0x66, 0xA8, 0x6B
2742 };
2743
2744 static const uint8_t VID_CISCO_FRAG2[]= { /* Cisco Fragmentation - md5("FRAGMENTATION") */
2745 0x40, 0x48, 0xB7, 0xD5, 0x6E, 0xBC, 0xE8, 0x85,
2746 0x25, 0xE7, 0xDE, 0x7F, 0x00, 0xD6, 0xC2, 0xD3
2747 };
2748
2749 static const uint8_t VID_MS_VID_INITIAL_CONTACT[]= { /* Microsoft Vid-Initial-Contact */
2750 0x26, 0x24, 0x4d, 0x38, 0xed, 0xdb, 0x61, 0xb3,
2751 0x17, 0x2a, 0x36, 0xe3, 0xd0, 0xcf, 0xb8, 0x19
2752 };
2753
2754 static const uint8_t VID_GSS_API_1[]= { /* A GSS-API Authentication Method for IKE */
2755 0xB4, 0x6D, 0x89, 0x14, 0xF3, 0xAA, 0xA3, 0xF2,
2756 0xFE, 0xDE, 0xB7, 0xC7, 0xDB, 0x29, 0x43, 0xCA
2757 };
2758
2759 static const uint8_t VID_GSS_API_2[]= { /* A GSS-API Authentication Method for IKE */
2760 0xAD, 0x2C, 0x0D, 0xD0, 0xB9, 0xC3, 0x20, 0x83,
2761 0xCC, 0xBA, 0x25, 0xB8, 0x86, 0x1E, 0xC4, 0x55
2762 };
2763
2764 static const uint8_t VID_GSSAPI[]= { /* GSSAPI */
2765 0x62, 0x1B, 0x04, 0xBB, 0x09, 0x88, 0x2A, 0xC1,
2766 0xE1, 0x59, 0x35, 0xFE, 0xFA, 0x24, 0xAE, 0xEE
2767 };
2768
2769 static const uint8_t VID_MS_NT5_ISAKMPOAKLEY[]= { /* MS NT5 ISAKMPOAKLEY */
2770 0x1E, 0x2B, 0x51, 0x69, 0x05, 0x99, 0x1C, 0x7D,
2771 0x7C, 0x96, 0xFC, 0xBF, 0xB5, 0x87, 0xE4, 0x61
2772 };
2773
2774 static const uint8_t VID_CISCO_UNITY[]= { /* CISCO-UNITY */
2775 0x12, 0xF5, 0xF2, 0x8C, 0x45, 0x71, 0x68, 0xA9,
2776 0x70, 0x2D, 0x9F, 0xE2, 0x74, 0xCC
2777 };
2778
2779
2780 static const uint8_t VID_CISCO_CONCENTRATOR[]= { /* CISCO-CONCENTRATOR */
2781 0x1F, 0x07, 0xF7, 0x0E, 0xAA, 0x65, 0x14, 0xD3,
2782 0xB0, 0xFA, 0x96, 0x54, 0x2A, 0x50, 0x01, 0x00
2783 };
2784 static const uint8_t VID_CISCO_FRAG[] = { /* Cisco Fragmentation */
2785 0x40, 0x48, 0xB7, 0xD5, 0x6E, 0xBC, 0xE8, 0x85,
2786 0x25, 0xE7, 0xDE, 0x7F, 0x00, 0xD6, 0xC2, 0xD3,
2787 0x80, 0x00, 0x00, 0x00
2788 };
2789
2790 static const uint8_t VID_CISCO_FLEXVPN_SUPPORTED[] = { /* FLEXVPN-SUPPORTED */
2791 0x46, 0x4c, 0x45, 0x58, 0x56, 0x50, 0x4e, 0x2d,
2792 0x53, 0x55, 0x50, 0x50, 0x4f, 0x52, 0x54, 0x45,
2793 0x44
2794 };
2795
2796 static const uint8_t VID_CISCO_DELETE_REASON[] = { /* CISCO-DELETE-REASON */
2797 0x43, 0x49, 0x53, 0x43, 0x4f, 0x2d, 0x44, 0x45,
2798 0x4c, 0x45, 0x54, 0x45, 0x2d, 0x52, 0x45, 0x41,
2799 0x53, 0x4f, 0x4e
2800 };
2801
2802 static const uint8_t VID_CISCO_DYNAMIC_ROUTE[] = { /* CISCO-DYNAMIC-ROUTE */
2803 0x43, 0x49, 0x53, 0x43, 0x4f, 0x2d, 0x44, 0x59,
2804 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x2d, 0x52, 0x4f,
2805 0x55, 0x54, 0x45
2806 };
2807
2808 static const uint8_t VID_CISCO_VPN_REV_02[] = { /* CISCO-VPN-REV-02 */
2809 0x43, 0x49, 0x53, 0x43, 0x4f, 0x56, 0x50, 0x4e,
2810 0x2d, 0x52, 0x45, 0x56, 0x2d, 0x30, 0x32
2811 };
2812
2813 /* CISCO(COPYRIGHT)&Copyright (c) 2009 Cisco Systems, Inc. */
2814 static const uint8_t VID_CISCO_COPYRIGHT[] = { /* Cisco Copyright */
2815 0x43, 0x49, 0x53, 0x43, 0x4f, 0x28, 0x43, 0x4f,
2816 0x50, 0x59, 0x52, 0x49, 0x47, 0x48, 0x54, 0x29,
2817 0x26, 0x43, 0x6f, 0x70, 0x79, 0x72, 0x69, 0x67,
2818 0x68, 0x74, 0x20, 0x28, 0x63, 0x29, 0x20, 0x32,
2819 0x30, 0x30, 0x39, 0x20, 0x43, 0x69, 0x73, 0x63,
2820 0x6f, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d,
2821 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e
2822 };
2823
2824 static const uint8_t VID_CISCO_GRE_MODE[] = { /* CISCO-GRE-MODE */
2825 0x43, 0x49, 0x53, 0x43, 0x4f, 0x2d, 0x47, 0x52,
2826 0x45, 0x2d, 0x4d, 0x4f, 0x44, 0x45
2827 };
2828
2829 static const uint8_t VID_CP_01_R65[] = { /* CryptoPro/GOST 0.1 / Check Point R65 */
2830 0xF4, 0xED, 0x19, 0xE0, 0xC1, 0x14, 0xEB, 0x51,
2831 0x6F, 0xAA, 0xAC, 0x0E, 0xE3, 0x7D, 0xAF, 0x28,
2832 0x7, 0xB4, 0x38, 0x1F
2833 };
2834
2835 static const uint8_t VID_CP_10_R71[] = { /* CryptoPro/GOST 1.0 / Check Point R71 */
2836 0x03, 0x10, 0x17, 0xE0, 0x7F, 0x7A, 0x82, 0xE3,
2837 0xAA, 0x69, 0x50, 0xC9, 0x99, 0x99, 0x01, 0x00
2838 };
2839
2840 static const uint8_t VID_CP_11[] = { /* CryptoPro/GOST 1.1 */
2841 0x03, 0x10, 0x17, 0xE0, 0x7F, 0x7A, 0x82, 0xE3,
2842 0xAA, 0x69, 0x50, 0xC9, 0x99, 0x99, 0x01, 0x01
2843 };
2844
2845 static const uint8_t VID_CYBERGUARD[] = { /* CyberGuard */
2846 0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D,
2847 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0xC0, 0xF2, 0x14
2848 };
2849
2850 static const uint8_t VID_SHREWSOFT[] = { /* Shrew Soft */
2851 0xf1, 0x4b, 0x94, 0xb7, 0xbf, 0xf1, 0xfe, 0xf0,
2852 0x27, 0x73, 0xb8, 0xc4, 0x9f, 0xed, 0xed, 0x26
2853 };
2854 static const uint8_t VID_STRONGSWAN[] = { /* strongSwan */
2855 0x88, 0x2f, 0xe5, 0x6d, 0x6f, 0xd2, 0x0d, 0xbc,
2856 0x22, 0x51, 0x61, 0x3b, 0x2e, 0xbe, 0x5b, 0xeb
2857 };
2858 static const uint8_t VID_KAME_RACOON[] = { /* KAME/racoon */
2859 0x70, 0x03, 0xcb, 0xc1, 0x09, 0x7d, 0xbe, 0x9c,
2860 0x26, 0x00, 0xba, 0x69, 0x83, 0xbc, 0x8b, 0x35
2861 };
2862
2863 static const uint8_t VID_IPSEC_TOOLS[] = { /* IPsec-Tools */
2864 0x20, 0xa3, 0x62, 0x2c, 0x1c, 0xea, 0x7c, 0xe3,
2865 0x7b, 0xee, 0x3c, 0xa4, 0x84, 0x42, 0x52, 0x76
2866 };
2867
2868 static const uint8_t VID_NETSCREEN_1[] = { /* Netscreen-1 */
2869 0x29, 0x9e, 0xe8, 0x28, 0x9f, 0x40, 0xa8, 0x97,
2870 0x3b, 0xc7, 0x86, 0x87, 0xe2, 0xe7, 0x22, 0x6b,
2871 0x53, 0x2c, 0x3b, 0x76
2872 };
2873
2874 static const uint8_t VID_NETSCREEN_2[] = { /* Netscreen-2 */
2875 0x3a, 0x15, 0xe1, 0xf3, 0xcf, 0x2a, 0x63, 0x58,
2876 0x2e, 0x3a, 0xc8, 0x2d, 0x1c, 0x64, 0xcb, 0xe3,
2877 0xb6, 0xd7, 0x79, 0xe7
2878 };
2879
2880 static const uint8_t VID_NETSCREEN_3[] = { /* Netscreen-3 */
2881 0x47, 0xd2, 0xb1, 0x26, 0xbf, 0xcd, 0x83, 0x48,
2882 0x97, 0x60, 0xe2, 0xcf, 0x8c, 0x5d, 0x4d, 0x5a,
2883 0x03, 0x49, 0x7c, 0x15
2884 };
2885
2886 static const uint8_t VID_NETSCREEN_4[] = { /* Netscreen-4 */
2887 0x4a, 0x43, 0x40, 0xb5, 0x43, 0xe0, 0x2b, 0x84,
2888 0xc8, 0x8a, 0x8b, 0x96, 0xa8, 0xaf, 0x9e, 0xbe,
2889 0x77, 0xd9, 0xac, 0xcc
2890 };
2891
2892 static const uint8_t VID_NETSCREEN_5[] = { /* Netscreen-5 */
2893 0x64, 0x40, 0x5f, 0x46, 0xf0, 0x3b, 0x76, 0x60,
2894 0xa2, 0x3b, 0xe1, 0x16, 0xa1, 0x97, 0x50, 0x58,
2895 0xe6, 0x9e, 0x83, 0x87
2896 };
2897
2898 static const uint8_t VID_NETSCREEN_6[] = { /* Netscreen-6 */
2899 0x69, 0x93, 0x69, 0x22, 0x87, 0x41, 0xc6, 0xd4,
2900 0xca, 0x09, 0x4c, 0x93, 0xe2, 0x42, 0xc9, 0xde,
2901 0x19, 0xe7, 0xb7, 0xc6
2902 };
2903
2904 static const uint8_t VID_NETSCREEN_7[] = { /* Netscreen-7 */
2905 0x8c, 0x0d, 0xc6, 0xcf, 0x62, 0xa0, 0xef, 0x1b,
2906 0x5c, 0x6e, 0xab, 0xd1, 0xb6, 0x7b, 0xa6, 0x98,
2907 0x66, 0xad, 0xf1, 0x6a
2908 };
2909
2910 static const uint8_t VID_NETSCREEN_8[] = { /* Netscreen-8 */
2911 0x92, 0xd2, 0x7a, 0x9e, 0xcb, 0x31, 0xd9, 0x92,
2912 0x46, 0x98, 0x6d, 0x34, 0x53, 0xd0, 0xc3, 0xd5,
2913 0x7a, 0x22, 0x2a, 0x61
2914 };
2915
2916 static const uint8_t VID_NETSCREEN_9[] = { /* Netscreen-9 */
2917 0x9b, 0x09, 0x6d, 0x9a, 0xc3, 0x27, 0x5a, 0x7d,
2918 0x6f, 0xe8, 0xb9, 0x1c, 0x58, 0x31, 0x11, 0xb0,
2919 0x9e, 0xfe, 0xd1, 0xa0
2920 };
2921
2922 static const uint8_t VID_NETSCREEN_10[] = { /* Netscreen-10 */
2923 0xbf, 0x03, 0x74, 0x61, 0x08, 0xd7, 0x46, 0xc9,
2924 0x04, 0xf1, 0xf3, 0x54, 0x7d, 0xe2, 0x4f, 0x78,
2925 0x47, 0x9f, 0xed, 0x12
2926 };
2927
2928 static const uint8_t VID_NETSCREEN_11[] = { /* Netscreen-11 */
2929 0xc2, 0xe8, 0x05, 0x00, 0xf4, 0xcc, 0x5f, 0xbf,
2930 0x5d, 0xaa, 0xee, 0xd3, 0xbb, 0x59, 0xab, 0xae,
2931 0xee, 0x56, 0xc6, 0x52
2932 };
2933
2934 static const uint8_t VID_NETSCREEN_12[] = { /* Netscreen-12 */
2935 0xc8, 0x66, 0x0a, 0x62, 0xb0, 0x3b, 0x1b, 0x61,
2936 0x30, 0xbf, 0x78, 0x16, 0x08, 0xd3, 0x2a, 0x6a,
2937 0x8d, 0x0f, 0xb8, 0x9f
2938 };
2939
2940 static const uint8_t VID_NETSCREEN_13[] = { /* Netscreen-13 */
2941 0xf8, 0x85, 0xda, 0x40, 0xb1, 0xe7, 0xa9, 0xab,
2942 0xd1, 0x76, 0x55, 0xec, 0x5b, 0xbe, 0xc0, 0xf2,
2943 0x1f, 0x0e, 0xd5, 0x2e
2944 };
2945
2946 static const uint8_t VID_NETSCREEN_14[] = { /* Netscreen-14 */
2947 0x2a, 0x2b, 0xca, 0xc1, 0x9b, 0x8e, 0x91, 0xb4,
2948 0x26, 0x10, 0x78, 0x07, 0xe0, 0x2e, 0x72, 0x49,
2949 0x56, 0x9d, 0x6f, 0xd3
2950 };
2951 static const uint8_t VID_NETSCREEN_15[] = { /* Netscreen-15 */
2952 0x16, 0x6f, 0x93, 0x2d, 0x55, 0xeb, 0x64, 0xd8,
2953 0xe4, 0xdf, 0x4f, 0xd3, 0x7e, 0x23, 0x13, 0xf0,
2954 0xd0, 0xfd, 0x84, 0x51
2955 };
2956
2957 static const uint8_t VID_NETSCREEN_16[] = { /* Netscreen-16 */
2958 0xa3, 0x5b, 0xfd, 0x05, 0xca, 0x1a, 0xc0, 0xb3,
2959 0xd2, 0xf2, 0x4e, 0x9e, 0x82, 0xbf, 0xcb, 0xff,
2960 0x9c, 0x9e, 0x52, 0xb5
2961 };
2962
2963 static const uint8_t VID_ZYWALL[] = { /* ZYWALL */
2964 0x62, 0x50, 0x27, 0x74, 0x9d, 0x5a, 0xb9, 0x7f,
2965 0x56, 0x16, 0xc1, 0x60, 0x27, 0x65, 0xcf, 0x48,
2966 0x0a, 0x3b, 0x7d, 0x0b
2967 };
2968
2969 static const uint8_t VID_SIDEWINDER[] = { /* SIDEWINDER */
2970 0x84, 0x04, 0xad, 0xf9, 0xcd, 0xa0, 0x57, 0x60,
2971 0xb2, 0xca, 0x29, 0x2e, 0x4b, 0xff, 0x53, 0x7b
2972 };
2973
2974 static const uint8_t VID_SONICWALL[] = { /* SonicWALL */
2975 0x40, 0x4B, 0xF4, 0x39, 0x52, 0x2C, 0xA3, 0xF6
2976 };
2977
2978 static const uint8_t VID_HEARTBEAT_NOTIFY[] = { /* Heartbeat Notify */
2979 0x48 ,0x65, 0x61, 0x72, 0x74, 0x42, 0x65, 0x61,
2980 0x74, 0x5f, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79
2981 };
2982
2983 static const uint8_t VID_DWR[] = { /* DWR: Delete with reason */
2984 0x2D, 0x79, 0x22, 0xC6, 0xB3, 0x01, 0xD9, 0xB0,
2985 0xE1, 0x34, 0x27, 0x39, 0xE9, 0xCF, 0xBB, 0xD5
2986 };
2987
2988 static const uint8_t VID_ARUBA_RAP[] = { /* Remote AP (Aruba Networks) */
2989 0xca, 0x3e, 0x2b, 0x85, 0x4b, 0xa8, 0x03, 0x00,
2990 0x17, 0xdc, 0x10, 0x23, 0xa4, 0xfd, 0xe2, 0x04,
2991 0x1f, 0x9f, 0x74, 0x63
2992 };
2993
2994 static const uint8_t VID_ARUBA_CONTROLLER[] = { /* Controller (Aruba Networks) */
2995 0x3c, 0x8e, 0x70, 0xbd, 0xf9, 0xc7, 0xd7, 0x4a,
2996 0xdd, 0x53, 0xe4, 0x10, 0x09, 0x15, 0xdc, 0x2e,
2997 0x4b, 0xb5, 0x12, 0x74
2998 };
2999
3000 static const uint8_t VID_ARUBA_VIA_CLIENT[] = { /* VIA Client (Aruba Networks) */
3001 0x88, 0xf0, 0xe3, 0x14, 0x9b, 0x3f, 0xa4, 0x8b,
3002 0x05, 0xaa, 0x7f, 0x68, 0x5f, 0x0b, 0x76, 0x6b,
3003 0xe1, 0x86, 0xcc, 0xb8
3004 };
3005
3006 static const uint8_t VID_ARUBA_VIA_AUTH_PROFILE[] = { /* VIA Auth Profile (Aruba Networks) */
3007 0x56, 0x49, 0x41, 0x20, 0x41, 0x75, 0x74, 0x68,
3008 0x20, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65,
3009 0x20, 0x3a, 0x20
3010 };
3011
3012 /*
3013 * MS-IKEE Internet Key Exchange Protocol Extensions (v20080212).pdf
3014 * Windows Vista and Windows Server 2008
3015 */
3016 static const uint8_t VID_MS_IKEE_20080212_CGA1[] = { /* IKE CGA Version 1 */
3017 0xe3, 0xa5, 0x96, 0x6a, 0x76, 0x37, 0x9f, 0xe7,
3018 0x07, 0x22, 0x82, 0x31, 0xe5, 0xce, 0x86, 0x52
3019 };
3020
3021 static const uint8_t VID_MS_IKEE_20080212_MS_NDC[] = { /* MS-Negotiation Discovery Capable */
3022 0xfb, 0x1d, 0xe3, 0xcd, 0xf3, 0x41, 0xb7, 0xea,
3023 0x16, 0xb7, 0xe5, 0xbe, 0x08, 0x55, 0xf1, 0x20
3024 };
3025
3026 static const uint8_t VID_FORTINET_FORTIGATE[] = { /* Fortigate (Fortinet) */
3027 0x82, 0x99, 0x03, 0x17, 0x57, 0xA3, 0x60, 0x82,
3028 0xC6, 0xA6, 0x21, 0xDE
3029 };
3030
3031 static const uint8_t VID_FORTINET_FORTICLIENT_CONNECT[] = { /* Forticlient Connect license (Fortinet) */
3032 0x4C, 0x53, 0x42, 0x7B, 0x6D, 0x46, 0x5D, 0x1B,
3033 0x33, 0x7B, 0xB7, 0x55, 0xA3, 0x7A, 0x7F, 0xEF
3034 };
3035
3036 static const uint8_t VID_FORTINET_ENDPOINT_CONTROL[] = { /* Endpoint Control (Fortinet) */
3037 0xB4, 0xF0, 0x1C, 0xA9, 0x51, 0xE9, 0xDA, 0x8D,
3038 0x0B, 0xAF, 0xBB, 0xD3, 0x4A, 0xD3, 0x04, 0x4E
3039 };
3040
3041 static const uint8_t VID_FORTINET_AUTODISCOVERY_RECEIVER[] = { /* Auto-Discovery Receiver (Fortinet) */
3042 0xCA, 0x4A, 0x4C, 0xBB, 0x12, 0xEA, 0xB6, 0xC5,
3043 0x8C, 0x57, 0x06, 0x7C, 0x2E, 0x65, 0x37, 0x86
3044 };
3045
3046 static const uint8_t VID_FORTINET_AUTODISCOVERY_SENDER[] = { /* Auto-Discovery Sender (Fortinet) */
3047 0x9B, 0x15, 0xE6, 0x5A, 0x87, 0x1A, 0xFF, 0x34,
3048 0x26, 0x66, 0x62, 0x3B, 0xA5, 0x02, 0x2E, 0x60
3049 };
3050
3051 static const uint8_t VID_FORTINET_EXCHANGE_INTERFACE_IP[] = { /* Exchange Interface IP (Fortinet) */
3052 0xA5, 0x8F, 0xEC, 0x50, 0x36, 0xF5, 0x7B, 0x21,
3053 0xE8, 0xB4, 0x99, 0xE3, 0x36, 0xC7, 0x6E, 0xE6
3054 };
3055
3056 static const bytes_string vendor_id[] = {
3057 { VID_SSH_IPSEC_EXPRESS_1_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_1_1_0), "Ssh Communications Security IPSEC Express version 1.1.0" },
3058 { VID_SSH_IPSEC_EXPRESS_1_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_1_1_1), "Ssh Communications Security IPSEC Express version 1.1.1" },
3059 { VID_SSH_IPSEC_EXPRESS_1_1_2, sizeof(VID_SSH_IPSEC_EXPRESS_1_1_2), "Ssh Communications Security IPSEC Express version 1.1.2" },
3060 { VID_SSH_IPSEC_EXPRESS_1_2_1, sizeof(VID_SSH_IPSEC_EXPRESS_1_2_1), "Ssh Communications Security IPSEC Express version 1.2.1" },
3061 { VID_SSH_IPSEC_EXPRESS_1_2_2, sizeof(VID_SSH_IPSEC_EXPRESS_1_2_2), "Ssh Communications Security IPSEC Express version 1.2.2" },
3062 { VID_SSH_IPSEC_EXPRESS_2_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_2_0_0), "SSH Communications Security IPSEC Express version 2.0.0" },
3063 { VID_SSH_IPSEC_EXPRESS_2_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_2_1_0), "SSH Communications Security IPSEC Express version 2.1.0" },
3064 { VID_SSH_IPSEC_EXPRESS_2_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_2_1_1), "SSH Communications Security IPSEC Express version 2.1.1" },
3065 { VID_SSH_IPSEC_EXPRESS_2_1_2, sizeof(VID_SSH_IPSEC_EXPRESS_2_1_2), "SSH Communications Security IPSEC Express version 2.1.2" },
3066 { VID_SSH_IPSEC_EXPRESS_3_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_3_0_0), "SSH Communications Security IPSEC Express version 3.0.0" },
3067 { VID_SSH_IPSEC_EXPRESS_3_0_1, sizeof(VID_SSH_IPSEC_EXPRESS_3_0_1), "SSH Communications Security IPSEC Express version 3.0.1" },
3068 { VID_SSH_IPSEC_EXPRESS_4_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_4_0_0), "SSH Communications Security IPSEC Express version 4.0.0" },
3069 { VID_SSH_IPSEC_EXPRESS_4_0_1, sizeof(VID_SSH_IPSEC_EXPRESS_4_0_1), "SSH Communications Security IPSEC Express version 4.0.1" },
3070 { VID_SSH_IPSEC_EXPRESS_4_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_4_1_0), "SSH Communications Security IPSEC Express version 4.1.0" },
3071 { VID_SSH_IPSEC_EXPRESS_4_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_4_1_1), "SSH Communications Security IPSEC Express version 4.1.1" },
3072 { VID_SSH_IPSEC_EXPRESS_4_2_0, sizeof(VID_SSH_IPSEC_EXPRESS_4_2_0), "SSH Communications Security IPSEC Express version 4.2.0" },
3073 { VID_SSH_IPSEC_EXPRESS_5_0, sizeof(VID_SSH_IPSEC_EXPRESS_5_0), "SSH Communications Security IPSEC Express version 5.0" },
3074 { VID_SSH_IPSEC_EXPRESS_5_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_5_0_0), "SSH Communications Security IPSEC Express version 5.0.0" },
3075 { VID_SSH_IPSEC_EXPRESS_5_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_5_1_0), "SSH Communications Security IPSEC Express version 5.1.0" },
3076 { VID_SSH_IPSEC_EXPRESS_5_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_5_1_1), "SSH Communications Security IPSEC Express version 5.1.1" },
3077 { VID_SSH_SENTINEL, sizeof(VID_SSH_SENTINEL), "SSH Sentinel" },
3078 { VID_SSH_SENTINEL_1_1, sizeof(VID_SSH_SENTINEL_1_1), "SSH Sentinel 1.1" },
3079 { VID_SSH_SENTINEL_1_2, sizeof(VID_SSH_SENTINEL_1_2), "SSH Sentinel 1.2" },
3080 { VID_SSH_SENTINEL_1_3, sizeof(VID_SSH_SENTINEL_1_3), "SSH Sentinel 1.3" },
3081 { VID_SSH_SENTINEL_1_4, sizeof(VID_SSH_SENTINEL_1_4), "SSH Sentinel 1.4" },
3082 { VID_SSH_SENTINEL_1_4_1, sizeof(VID_SSH_SENTINEL_1_4_1), "SSH Sentinel 1.4.1" },
3083 { VID_SSH_QUICKSEC_0_9_0, sizeof(VID_SSH_QUICKSEC_0_9_0), "SSH Communications Security QuickSec 0.9.0" },
3084 { VID_SSH_QUICKSEC_1_1_0, sizeof(VID_SSH_QUICKSEC_1_1_0), "SSH Communications Security QuickSec 1.1.0" },
3085 { VID_SSH_QUICKSEC_1_1_1, sizeof(VID_SSH_QUICKSEC_1_1_1), "SSH Communications Security QuickSec 1.1.1" },
3086 { VID_SSH_QUICKSEC_1_1_2, sizeof(VID_SSH_QUICKSEC_1_1_2), "SSH Communications Security QuickSec 1.1.2" },
3087 { VID_SSH_QUICKSEC_1_1_3, sizeof(VID_SSH_QUICKSEC_1_1_3), "SSH Communications Security QuickSec 1.1.3" },
3088 { VID_draft_huttunen_ipsec_esp_in_udp_00, sizeof(VID_draft_huttunen_ipsec_esp_in_udp_00), "draft-huttunen-ipsec-esp-in-udp-00.txt" },
3089 { VID_draft_huttunen_ipsec_esp_in_udp_01, sizeof(VID_draft_huttunen_ipsec_esp_in_udp_01), "draft-huttunen-ipsec-esp-in-udp-01.txt (ESPThruNAT)" },
3090 { VID_draft_stenberg_ipsec_nat_traversal_01, sizeof(VID_draft_stenberg_ipsec_nat_traversal_01), "draft-stenberg-ipsec-nat-traversal-01" },
3091 { VID_draft_stenberg_ipsec_nat_traversal_02, sizeof(VID_draft_stenberg_ipsec_nat_traversal_02), "draft-stenberg-ipsec-nat-traversal-02" },
3092 { VID_draft_ietf_ipsec_nat_t_ike, sizeof(VID_draft_ietf_ipsec_nat_t_ike), "draft-ietf-ipsec-nat-t-ike" },
3093 { VID_draft_ietf_ipsec_nat_t_ike_00, sizeof(VID_draft_ietf_ipsec_nat_t_ike_00), "draft-ietf-ipsec-nat-t-ike-00" },
3094 { VID_draft_ietf_ipsec_nat_t_ike_01, sizeof(VID_draft_ietf_ipsec_nat_t_ike_01), "draft-ietf-ipsec-nat-t-ike-01" },
3095 { VID_draft_ietf_ipsec_nat_t_ike_02, sizeof(VID_draft_ietf_ipsec_nat_t_ike_02), "draft-ietf-ipsec-nat-t-ike-02" },
3096 { VID_draft_ietf_ipsec_nat_t_ike_02n, sizeof(VID_draft_ietf_ipsec_nat_t_ike_02n), "draft-ietf-ipsec-nat-t-ike-02\\n" },
3097 { VID_draft_ietf_ipsec_nat_t_ike_03, sizeof(VID_draft_ietf_ipsec_nat_t_ike_03), "draft-ietf-ipsec-nat-t-ike-03" },
3098 { VID_draft_ietf_ipsec_nat_t_ike_04, sizeof(VID_draft_ietf_ipsec_nat_t_ike_04), "draft-ietf-ipsec-nat-t-ike-04" },
3099 { VID_draft_ietf_ipsec_nat_t_ike_05, sizeof(VID_draft_ietf_ipsec_nat_t_ike_05), "draft-ietf-ipsec-nat-t-ike-05" },
3100 { VID_draft_ietf_ipsec_nat_t_ike_06, sizeof(VID_draft_ietf_ipsec_nat_t_ike_06), "draft-ietf-ipsec-nat-t-ike-06" },
3101 { VID_draft_ietf_ipsec_nat_t_ike_07, sizeof(VID_draft_ietf_ipsec_nat_t_ike_07), "draft-ietf-ipsec-nat-t-ike-07" },
3102 { VID_draft_ietf_ipsec_nat_t_ike_08, sizeof(VID_draft_ietf_ipsec_nat_t_ike_08), "draft-ietf-ipsec-nat-t-ike-08" },
3103 { VID_draft_ietf_ipsec_nat_t_ike_09, sizeof(VID_draft_ietf_ipsec_nat_t_ike_09), "draft-ietf-ipsec-nat-t-ike-09" },
3104 { VID_testing_nat_t_rfc, sizeof(VID_testing_nat_t_rfc), "Testing NAT-T RFC" },
3105 { VID_rfc3947_nat_t, sizeof(VID_rfc3947_nat_t), "RFC 3947 Negotiation of NAT-Traversal in the IKE" },
3106 { VID_draft_beaulieu_ike_xauth_02, sizeof(VID_draft_beaulieu_ike_xauth_02), "draft-beaulieu-ike-xauth-02.txt" },
3107 { VID_xauth, sizeof(VID_xauth), "XAUTH" },
3108 { VID_rfc3706_dpd, sizeof(VID_rfc3706_dpd), "RFC 3706 DPD (Dead Peer Detection)" },
3109 { VID_draft_ietf_ipsec_antireplay_00, sizeof(VID_draft_ietf_ipsec_antireplay_00), "draft-ietf-ipsec-antireplay-00.txt" },
3110 { VID_draft_ietf_ipsec_heartbeats_00, sizeof(VID_draft_ietf_ipsec_heartbeats_00), "draft-ietf-ipsec-heartbeats-00.txt" },
3111 { VID_IKE_CHALLENGE_RESPONSE_1, sizeof(VID_IKE_CHALLENGE_RESPONSE_1), "IKE Challenge/Response for Authenticated Cryptographic Keys" },
3112 { VID_IKE_CHALLENGE_RESPONSE_2, sizeof(VID_IKE_CHALLENGE_RESPONSE_2), "IKE Challenge/Response for Authenticated Cryptographic Keys" },
3113 { VID_IKE_CHALLENGE_RESPONSE_REV_1, sizeof(VID_IKE_CHALLENGE_RESPONSE_REV_1), "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)" },
3114 { VID_IKE_CHALLENGE_RESPONSE_REV_2, sizeof(VID_IKE_CHALLENGE_RESPONSE_REV_2), "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)" },
3115 { VID_CISCO_FRAG2, sizeof(VID_CISCO_FRAG2), "Cisco Fragmentation" },
3116 { VID_CISCO_FLEXVPN_SUPPORTED, sizeof(VID_CISCO_FLEXVPN_SUPPORTED), "Cisco FlexVPN Supported" },
3117 { VID_CISCO_DELETE_REASON, sizeof(VID_CISCO_DELETE_REASON), "Cisco Delete Reason Supported"},
3118 { VID_CISCO_DYNAMIC_ROUTE, sizeof(VID_CISCO_DYNAMIC_ROUTE), "Cisco Dynamic Route Supported"},
3119 { VID_CISCO_VPN_REV_02, sizeof(VID_CISCO_VPN_REV_02), "Cisco VPN Revision 2"},
3120 { VID_CISCO_COPYRIGHT, sizeof(VID_CISCO_COPYRIGHT), "Cisco Copyright"},
3121 { VID_CISCO_GRE_MODE, sizeof(VID_CISCO_GRE_MODE), "Cisco GRE Mode Supported"},
3122 { VID_MS_VID_INITIAL_CONTACT, sizeof(VID_MS_VID_INITIAL_CONTACT), "Microsoft Vid-Initial-Contact" },
3123 { VID_GSS_API_1, sizeof(VID_GSS_API_1), "A GSS-API Authentication Method for IKE" },
3124 { VID_GSS_API_2, sizeof(VID_GSS_API_2), "A GSS-API Authentication Method for IKE" },
3125 { VID_GSSAPI, sizeof(VID_GSSAPI), "GSSAPI" },
3126 { VID_MS_NT5_ISAKMPOAKLEY, sizeof(VID_MS_NT5_ISAKMPOAKLEY), "MS NT5 ISAKMPOAKLEY" },
3127 { VID_CISCO_UNITY, sizeof(VID_CISCO_UNITY), "CISCO-UNITY" },
3128 { VID_CISCO_CONCENTRATOR, sizeof(VID_CISCO_CONCENTRATOR), "CISCO-CONCENTRATOR" },
3129 { VID_CISCO_FRAG, sizeof(VID_CISCO_FRAG), "Cisco Fragmentation" },
3130 { VID_CP_01_R65, sizeof(VID_CP_01_R65), "CryptoPro/GOST 0.1 / Check Point R65" },
3131 { VID_CP_10_R71, sizeof(VID_CP_10_R71), "CryptoPro/GOST 1.0 / Check Point R71" },
3132 { VID_CP_11, sizeof(VID_CP_11), "CryptoPro/GOST 1.1" },
3133 { VID_CYBERGUARD, sizeof(VID_CYBERGUARD), "CyberGuard" },
3134 { VID_SHREWSOFT, sizeof(VID_SHREWSOFT), "Shrew Soft" },
3135 { VID_STRONGSWAN, sizeof(VID_STRONGSWAN), "strongSwan" },
3136 { VID_KAME_RACOON, sizeof(VID_KAME_RACOON), "KAME/racoon" },
3137 { VID_IPSEC_TOOLS, sizeof(VID_IPSEC_TOOLS), "IPSec-Tools" },
3138 { VID_NETSCREEN_1, sizeof(VID_NETSCREEN_1), "Netscreen-1" },
3139 { VID_NETSCREEN_2, sizeof(VID_NETSCREEN_2), "Netscreen-2" },
3140 { VID_NETSCREEN_3, sizeof(VID_NETSCREEN_3), "Netscreen-3" },
3141 { VID_NETSCREEN_4, sizeof(VID_NETSCREEN_4), "Netscreen-4" },
3142 { VID_NETSCREEN_5, sizeof(VID_NETSCREEN_5), "Netscreen-5" },
3143 { VID_NETSCREEN_6, sizeof(VID_NETSCREEN_6), "Netscreen-6" },
3144 { VID_NETSCREEN_7, sizeof(VID_NETSCREEN_7), "Netscreen-7" },
3145 { VID_NETSCREEN_8, sizeof(VID_NETSCREEN_8), "Netscreen-8" },
3146 { VID_NETSCREEN_9, sizeof(VID_NETSCREEN_9), "Netscreen-9" },
3147 { VID_NETSCREEN_10, sizeof(VID_NETSCREEN_10), "Netscreen-10" },
3148 { VID_NETSCREEN_11, sizeof(VID_NETSCREEN_11), "Netscreen-11" },
3149 { VID_NETSCREEN_12, sizeof(VID_NETSCREEN_12), "Netscreen-12" },
3150 { VID_NETSCREEN_13, sizeof(VID_NETSCREEN_13), "Netscreen-13" },
3151 { VID_NETSCREEN_14, sizeof(VID_NETSCREEN_14), "Netscreen-14" },
3152 { VID_NETSCREEN_15, sizeof(VID_NETSCREEN_15), "Netscreen-15" },
3153 { VID_NETSCREEN_16, sizeof(VID_NETSCREEN_16), "Netscreen-16" },
3154 { VID_ZYWALL, sizeof(VID_ZYWALL), "ZYWALL" },
3155 { VID_SIDEWINDER, sizeof(VID_SIDEWINDER), "SIDEWINDER" },
3156 { VID_SONICWALL, sizeof(VID_SONICWALL), "SonicWALL" },
3157 { VID_HEARTBEAT_NOTIFY, sizeof(VID_HEARTBEAT_NOTIFY), "Heartbeat Notify" },
3158 { VID_DWR, sizeof(VID_DWR), "DWR: Delete with reason" },
3159 { VID_ARUBA_RAP, sizeof(VID_ARUBA_RAP), "Remote AP (Aruba Networks)" },
3160 { VID_ARUBA_CONTROLLER, sizeof(VID_ARUBA_CONTROLLER), "Controller (Aruba Networks)" },
3161 { VID_ARUBA_VIA_CLIENT, sizeof(VID_ARUBA_VIA_CLIENT), "VIA Client (Aruba Networks)" },
3162 { VID_ARUBA_VIA_AUTH_PROFILE, sizeof(VID_ARUBA_VIA_AUTH_PROFILE), "VIA Auth Profile (Aruba Networks)" },
3163 { VID_MS_IKEE_20080212_CGA1, sizeof(VID_MS_IKEE_20080212_CGA1), "IKE CGA Version 1" },
3164 { VID_MS_IKEE_20080212_MS_NDC, sizeof(VID_MS_IKEE_20080212_MS_NDC), "MS-Negotiation Discovery Capable" },
3165 { VID_FORTINET_FORTIGATE, sizeof(VID_FORTINET_FORTIGATE), "Fortigate (Fortinet)" },
3166 { VID_FORTINET_FORTICLIENT_CONNECT, sizeof(VID_FORTINET_FORTICLIENT_CONNECT), "Forticlient connect license (Fortinet)" },
3167 { VID_FORTINET_ENDPOINT_CONTROL, sizeof(VID_FORTINET_ENDPOINT_CONTROL), "Endpoint Control (Fortinet)" },
3168 { VID_FORTINET_AUTODISCOVERY_RECEIVER, sizeof(VID_FORTINET_AUTODISCOVERY_RECEIVER), "Auto-Discovery Receiver (Fortinet)" },
3169 { VID_FORTINET_AUTODISCOVERY_SENDER, sizeof(VID_FORTINET_AUTODISCOVERY_SENDER), "Auto-Discovery Sender (Fortinet)" },
3170 { VID_FORTINET_EXCHANGE_INTERFACE_IP, sizeof(VID_FORTINET_EXCHANGE_INTERFACE_IP), "Exchange Interface IP (Fortinet)" },
3171 { 0, 0, NULL }
3172 };
3173
3174
3175
3176 static void
3177 // NOLINTNEXTLINE(misc-no-recursion)
3178 dissect_payloads(tvbuff_t *tvb, proto_tree *tree,
3179 int isakmp_version, uint8_t initial_payload, int offset, int length,
3180 packet_info *pinfo, uint32_t message_id, bool is_request, void* decr_data)
3181 {
3182 uint8_t payload, next_payload;
3183 uint16_t payload_length;
3184 proto_tree * ntree;
3185
3186 for (payload = initial_payload; length > 0; payload = next_payload) {
3187 if (payload == PLOAD_IKE_NONE) {
3188 /*
3189 * What? There's more stuff in this chunk of data, but the
3190 * previous payload had a "next payload" type of None?
3191 */
3192 proto_tree_add_item(tree, hf_isakmp_extradata, tvb, offset, length, ENC_NA);
3193 break;
3194 }
3195
3196 ntree = dissect_payload_header(tvb, pinfo, offset, length, isakmp_version, payload, &next_payload, &payload_length, tree);
3197 if (payload_length >= 4) { /* XXX = > 4? */
3198 increment_dissection_depth(pinfo);
3199 tvb_ensure_bytes_exist(tvb, offset + 4, payload_length - 4);
3200 switch(payload){
3201 case PLOAD_IKE_SA:
3202 case PLOAD_IKE2_SA:
3203 dissect_sa(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo, is_request, decr_data);
3204 break;
3205 case PLOAD_IKE_P:
3206 dissect_proposal(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version, decr_data );
3207 break;
3208 case PLOAD_IKE_KE:
3209 case PLOAD_IKE2_KE:
3210 dissect_key_exch(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo, decr_data );
3211 break;
3212 case PLOAD_IKE_ID:
3213 case PLOAD_IKE2_IDI:
3214 case PLOAD_IKE2_IDR:
3215 dissect_id(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
3216 break;
3217 case PLOAD_IKE_CERT:
3218 case PLOAD_IKE2_CERT:
3219 dissect_cert(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
3220 break;
3221 case PLOAD_IKE_CR:
3222 case PLOAD_IKE2_CERTREQ:
3223 dissect_certreq(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
3224 break;
3225 case PLOAD_IKE_HASH:
3226 dissect_hash(tvb, offset + 4, payload_length - 4, ntree);
3227 break;
3228 case PLOAD_IKE_SIG:
3229 dissect_sig(tvb, offset + 4, payload_length - 4, ntree);
3230 break;
3231 case PLOAD_IKE_NONCE:
3232 case PLOAD_IKE2_NONCE:
3233 dissect_nonce(tvb, offset + 4, payload_length - 4, ntree);
3234 break;
3235 case PLOAD_IKE_N:
3236 case PLOAD_IKE2_N:
3237 dissect_notif(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version);
3238 break;
3239 case PLOAD_IKE_D:
3240 case PLOAD_IKE2_D:
3241 dissect_delete(tvb, offset + 4, payload_length - 4, ntree, isakmp_version);
3242 break;
3243 case PLOAD_IKE_VID:
3244 case PLOAD_IKE2_V:
3245 dissect_vid(tvb, offset + 4, payload_length - 4, ntree);
3246 break;
3247 case PLOAD_IKE_A:
3248 case PLOAD_IKE2_CP:
3249 dissect_config(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version, is_request);
3250 break;
3251 case PLOAD_IKE_SAK:
3252 dissect_sa_kek(tvb, pinfo, offset + 4, payload_length - 4, ntree);
3253 break;
3254 case PLOAD_IKE_SAT:
3255 dissect_sa_tek(tvb, pinfo, offset + 4, payload_length - 4, ntree);
3256 break;
3257 case PLOAD_IKE_KD:
3258 dissect_key_download(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version);
3259 break;
3260 case PLOAD_IKE_SEQ:
3261 dissect_sequence(tvb, pinfo, offset + 4, payload_length - 4, ntree);
3262 break;
3263 case PLOAD_IKE2_AUTH:
3264 dissect_auth(tvb, pinfo, offset + 4, payload_length - 4, ntree);
3265 break;
3266 case PLOAD_IKE2_TSI:
3267 case PLOAD_IKE2_TSR:
3268 dissect_ts_payload(tvb, offset + 4, payload_length - 4, ntree);
3269 break;
3270 case PLOAD_IKE2_SK:
3271 if(isakmp_version == 2)
3272 dissect_enc(tvb, offset + 4, payload_length - 4, ntree, pinfo, next_payload, is_request, decr_data, true);
3273 break;
3274 case PLOAD_IKE2_EAP:
3275 dissect_eap(tvb, offset + 4, payload_length - 4, ntree, pinfo );
3276 break;
3277 case PLOAD_IKE2_GSPM:
3278 dissect_gspm(tvb, offset + 4, payload_length - 4, ntree);
3279 break;
3280 case PLOAD_IKE_NAT_D:
3281 case PLOAD_IKE_NAT_D13:
3282 dissect_nat_discovery(tvb, offset + 4, payload_length - 4, ntree );
3283 break;
3284 case PLOAD_IKE_NAT_OA:
3285 case PLOAD_IKE_NAT_OA14:
3286 dissect_nat_original_address(tvb, offset + 4, payload_length - 4, ntree, isakmp_version );
3287 break;
3288 case PLOAD_IKE_CISCO_FRAG:
3289 dissect_cisco_fragmentation(tvb, offset + 4, payload_length - 4, ntree, pinfo );
3290 break;
3291 case PLOAD_IKE2_SKF:
3292 if (isakmp_version == 2) {
3293 /* N.B. not passing in length as must be the last payload in the message */
3294 dissect_ikev2_fragmentation(tvb, offset + 4, ntree, pinfo, message_id, next_payload, is_request, decr_data );
3295 }
3296 break;
3297 case PLOAD_IKE_SK:
3298 dissect_symmetric_key(tvb, offset + 4, payload_length - 4, ntree);
3299 break;
3300 default:
3301 proto_tree_add_item(ntree, hf_isakmp_datapayload, tvb, offset + 4, payload_length-4, ENC_NA);
3302 break;
3303 }
3304 increment_dissection_depth(pinfo);
3305 }
3306 else if (payload_length > length) {
3307 proto_tree_add_expert_format(ntree, pinfo, &ei_isakmp_payload_bad_length, tvb, 0, 0,
3308 "Payload (bogus, length is %u, greater than remaining length %d",
3309 payload_length, length);
3310 return;
3311 }
3312 else {
3313 proto_tree_add_expert_format(ntree, pinfo, &ei_isakmp_payload_bad_length, tvb, 0, 0,
3314 "Payload (bogus, length is %u, must be at least 4)",
3315 payload_length);
3316 payload_length = 4;
3317 }
3318
3319 offset += payload_length;
3320 length -= payload_length;
3321 }
3322 }
3323
3324 void
3325 isakmp_dissect_payloads(tvbuff_t *tvb, proto_tree *tree, int isakmp_version,
3326 uint8_t initial_payload, int offset, int length,
3327 packet_info *pinfo)
3328 {
3329 dissect_payloads(tvb, tree, isakmp_version, initial_payload, offset, length,
3330 pinfo, 0, false, NULL);
3331 }
3332
3333 static int
3334 // NOLINTNEXTLINE(misc-no-recursion)
3335 dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
3336 {
3337 int offset = 0, len;
3338 isakmp_hdr_t hdr;
3339 proto_item *ti, *vers_item, *ti_root;
3340 proto_tree *isakmp_tree = NULL, *vers_tree;
3341 int isakmp_version;
3342 void* decr_data = NULL;
3343 uint8_t flags;
3344 uint8_t i_cookie[COOKIE_SIZE], *ic_key;
3345 decrypt_data_t *decr = NULL;
3346 tvbuff_t *decr_tvb;
3347 proto_tree *decr_tree;
3348 address null_addr;
3349
3350 col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISAKMP");
3351 col_clear(pinfo->cinfo, COL_INFO);
3352
3353 /* Some simple heuristics to catch non-isakmp packets */
3354 if (tvb_reported_length(tvb)== 1 && tvb_get_uint8(tvb, offset) !=0xff)
3355 return 0;
3356 else if (tvb_reported_length(tvb) < ISAKMP_HDR_SIZE)
3357 return 0;
3358 else if (tvb_get_ntohl(tvb, ISAKMP_HDR_SIZE-4) < ISAKMP_HDR_SIZE)
3359 return 0;
3360
3361 ti_root = proto_tree_add_item(tree, proto_isakmp, tvb, offset, -1, ENC_NA);
3362 isakmp_tree = proto_item_add_subtree(ti_root, ett_isakmp);
3363
3364 /* RFC3948 2.3 NAT Keepalive packet:
3365 * 1 byte payload with the value 0xff.
3366 */
3367 if ( (tvb_reported_length(tvb)== 1) && (tvb_get_uint8(tvb, offset) == 0xff) ){
3368 col_set_str(pinfo->cinfo, COL_INFO, "NAT Keepalive");
3369 proto_tree_add_item(isakmp_tree, hf_isakmp_nat_keepalive, tvb, offset, 1, ENC_NA);
3370 return 1;
3371 }
3372
3373 hdr.length = tvb_get_ntohl(tvb, offset + ISAKMP_HDR_SIZE - 4);
3374 hdr.exch_type = tvb_get_uint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1 + 1);
3375 hdr.version = tvb_get_uint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1);
3376 isakmp_version = hi_nibble(hdr.version); /* save the version */
3377 hdr.flags = tvb_get_uint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1 + 1 + 1);
3378
3379 if (isakmp_version == 1) {
3380 clear_address(&null_addr);
3381
3382 tvb_memcpy(tvb, i_cookie, offset, COOKIE_SIZE);
3383 decr = (decrypt_data_t*) g_hash_table_lookup(isakmp_hash, i_cookie);
3384
3385 if (! decr) {
3386 ic_key = (uint8_t *)g_slice_alloc(COOKIE_SIZE);
3387 memcpy(ic_key, i_cookie, COOKIE_SIZE);
3388 decr = create_decrypt_data();
3389 g_hash_table_insert(isakmp_hash, ic_key, decr);
3390 }
3391
3392 if (addresses_equal(&decr->initiator, &null_addr)) {
3393 /* XXX - We assume that we're seeing the second packet in an exchange here.
3394 * Is there a way to verify this? */
3395 copy_address_wmem(wmem_file_scope(), &decr->initiator, &pinfo->src);
3396 }
3397
3398 decr_data = decr;
3399 } else if (isakmp_version == 2) {
3400 ikev2_uat_data_key_t hash_key;
3401 ikev2_uat_data_t *ike_sa_data;
3402 ikev2_decrypt_data_t *ikev2_dec_data;
3403 unsigned char spii[COOKIE_SIZE], spir[COOKIE_SIZE];
3404
3405 tvb_memcpy(tvb, spii, offset, COOKIE_SIZE);
3406 tvb_memcpy(tvb, spir, offset + COOKIE_SIZE, COOKIE_SIZE);
3407 hash_key.spii = spii;
3408 hash_key.spir = spir;
3409 hash_key.spii_len = COOKIE_SIZE;
3410 hash_key.spir_len = COOKIE_SIZE;
3411
3412 ike_sa_data = (ikev2_uat_data_t *)g_hash_table_lookup(ikev2_key_hash, &hash_key);
3413 if (ike_sa_data) {
3414 uint8_t initiator_flag;
3415 initiator_flag = hdr.flags & I_FLAG;
3416 ikev2_dec_data = wmem_new(pinfo->pool, ikev2_decrypt_data_t);
3417 ikev2_dec_data->encr_key = initiator_flag ? ike_sa_data->sk_ei : ike_sa_data->sk_er;
3418 ikev2_dec_data->auth_key = initiator_flag ? ike_sa_data->sk_ai : ike_sa_data->sk_ar;
3419 ikev2_dec_data->encr_spec = ike_sa_data->encr_spec;
3420 ikev2_dec_data->auth_spec = ike_sa_data->auth_spec;
3421
3422 decr_data = ikev2_dec_data;
3423 }
3424 }
3425
3426 {
3427 proto_tree_add_item(isakmp_tree, hf_isakmp_ispi, tvb, offset, COOKIE_SIZE, ENC_NA);
3428 offset += COOKIE_SIZE;
3429
3430 proto_tree_add_item(isakmp_tree, hf_isakmp_rspi, tvb, offset, COOKIE_SIZE, ENC_NA);
3431 offset += COOKIE_SIZE;
3432
3433 hdr.next_payload = tvb_get_uint8(tvb, offset);
3434 proto_tree_add_item(isakmp_tree, hf_isakmp_nextpayload, tvb, offset, 1, ENC_BIG_ENDIAN);
3435
3436 offset += 1;
3437
3438 vers_item = proto_tree_add_uint_format_value(isakmp_tree, hf_isakmp_version, tvb, offset,
3439 1, hdr.version, "%u.%u",
3440 hi_nibble(hdr.version), lo_nibble(hdr.version));
3441 vers_tree = proto_item_add_subtree(vers_item, ett_isakmp_version);
3442 proto_tree_add_item(vers_tree, hf_isakmp_mjver, tvb, offset, 1, ENC_BIG_ENDIAN);
3443 proto_tree_add_item(vers_tree, hf_isakmp_mnver, tvb, offset, 1, ENC_BIG_ENDIAN);
3444 offset += 1;
3445
3446 if(isakmp_version == 1) {
3447 proto_tree_add_item(isakmp_tree, hf_isakmp_exchangetype_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
3448 col_add_str(pinfo->cinfo, COL_INFO,val_to_str(hdr.exch_type, exchange_v1_type, "Unknown %d"));
3449 } else if (isakmp_version == 2){
3450 proto_tree_add_item(isakmp_tree, hf_isakmp_exchangetype_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
3451 col_add_str(pinfo->cinfo, COL_INFO,val_to_str(hdr.exch_type, exchange_v2_type, "Unknown %d"));
3452 }
3453 offset += 1;
3454
3455 {
3456 proto_item * fti;
3457 proto_tree * ftree;
3458
3459 fti = proto_tree_add_item(isakmp_tree, hf_isakmp_flags, tvb, offset, 1, ENC_BIG_ENDIAN);
3460 ftree = proto_item_add_subtree(fti, ett_isakmp_flags);
3461 flags = tvb_get_uint8(tvb, offset);
3462
3463 if (isakmp_version == 1) {
3464 proto_tree_add_item(ftree, hf_isakmp_flag_e, tvb, offset, 1, ENC_BIG_ENDIAN);
3465
3466 proto_tree_add_item(ftree, hf_isakmp_flag_c, tvb, offset, 1, ENC_BIG_ENDIAN);
3467
3468 proto_tree_add_item(ftree, hf_isakmp_flag_a, tvb, offset, 1, ENC_BIG_ENDIAN);
3469
3470 } else if (isakmp_version == 2) {
3471 proto_tree_add_item(ftree, hf_isakmp_flag_i, tvb, offset, 1, ENC_BIG_ENDIAN);
3472 proto_tree_add_item(ftree, hf_isakmp_flag_v, tvb, offset, 1, ENC_BIG_ENDIAN);
3473 proto_tree_add_item(ftree, hf_isakmp_flag_r, tvb, offset, 1, ENC_BIG_ENDIAN);
3474
3475 proto_item_append_text(fti, " (%s, %s, %s)",
3476 tfs_get_string(flags & I_FLAG, &flag_i),
3477 tfs_get_string(flags & V_FLAG, &flag_v),
3478 tfs_get_string(flags & R_FLAG, &tfs_response_request));
3479 }
3480 offset += 1;
3481 }
3482
3483 hdr.message_id = tvb_get_ntohl(tvb, offset);
3484 proto_tree_add_item(isakmp_tree, hf_isakmp_messageid, tvb, offset, 4, ENC_BIG_ENDIAN);
3485 offset += 4;
3486
3487 /* Add some summary to the Info column */
3488 if (isakmp_version == 2) {
3489 col_append_fstr(pinfo->cinfo, COL_INFO, " MID=%02u %s %s",
3490 hdr.message_id,
3491 tfs_get_string(flags & I_FLAG, &flag_i),
3492 tfs_get_string(flags & R_FLAG, &tfs_response_request));
3493 }
3494
3495 if (hdr.length < ISAKMP_HDR_SIZE) {
3496 proto_tree_add_uint_format_value(isakmp_tree, hf_isakmp_length, tvb, offset, 4,
3497 hdr.length, "(bogus, length is %u, should be at least %lu)",
3498 hdr.length, (unsigned long)ISAKMP_HDR_SIZE);
3499 return tvb_captured_length(tvb);
3500 }
3501
3502 len = hdr.length - ISAKMP_HDR_SIZE;
3503
3504 if (len < 0) {
3505 proto_tree_add_uint_format_value(isakmp_tree, hf_isakmp_length, tvb, offset, 4,
3506 hdr.length, "(bogus, length is %u, which is too large)",
3507 hdr.length);
3508 return tvb_captured_length(tvb);
3509 }
3510 tvb_ensure_bytes_exist(tvb, offset, len);
3511 proto_tree_add_item(isakmp_tree, hf_isakmp_length, tvb, offset, 4, ENC_BIG_ENDIAN);
3512 offset += 4;
3513
3514 if (isakmp_version == 1 && (hdr.flags & E_FLAG)) {
3515 /* Encrypted flag set (v1 only), so decrypt before dissecting payloads */
3516 if (len) {
3517 ti = proto_tree_add_item(isakmp_tree, hf_isakmp_enc_data, tvb, offset, len, ENC_NA);
3518 proto_item_append_text(ti, " (%d byte%s)", len, plurality(len, "", "s"));
3519
3520 /* Collect initialization vectors during first pass. */
3521 if (!PINFO_FD_VISITED(pinfo))
3522 if (prepare_decrypt(decr))
3523 update_ivs(pinfo, tvb_get_ptr(tvb, offset, len), len, hdr.message_id, decr);
3524 decr_tvb = decrypt_payload(tvb, pinfo, tvb_get_ptr(tvb, offset, len), len, decr);
3525 if (decr_tvb) {
3526 decr_tree = proto_item_add_subtree(ti, ett_isakmp);
3527 dissect_payloads(decr_tvb, decr_tree, isakmp_version,
3528 hdr.next_payload, 0, tvb_reported_length(decr_tvb), pinfo, hdr.message_id, !(flags & R_FLAG), decr_data);
3529 }
3530 }
3531 } else {
3532 dissect_payloads(tvb, isakmp_tree, isakmp_version, hdr.next_payload,
3533 offset, len, pinfo, hdr.message_id, !(flags & R_FLAG), decr_data);
3534 }
3535
3536 offset += len;
3537 }
3538
3539 proto_item_set_end(ti_root, tvb, offset);
3540
3541 return offset;
3542 }
3543
3544
3545 static proto_tree *
3546 dissect_payload_header(tvbuff_t *tvb, packet_info *pinfo, int offset, int length,
3547 int isakmp_version, uint8_t payload, uint8_t *next_payload_p,
3548 uint16_t *payload_length_p, proto_tree *tree)
3549 {
3550 uint8_t next_payload;
3551 uint16_t payload_length;
3552 proto_item * ti;
3553 proto_tree * ntree;
3554
3555 if (length < 4) {
3556 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_payload_bad_length, tvb, offset, length,
3557 "Not enough room in payload for all transforms");
3558 *next_payload_p = 0;
3559 *payload_length_p = 0;
3560 return NULL;
3561 }
3562 next_payload = tvb_get_uint8(tvb, offset);
3563 payload_length = tvb_get_ntohs(tvb, offset + 2);
3564
3565 ti = proto_tree_add_uint(tree, hf_isakmp_typepayload, tvb, offset, payload_length, payload);
3566
3567 ntree = proto_item_add_subtree(ti, ett_isakmp_payload);
3568
3569 proto_tree_add_item(ntree, hf_isakmp_nextpayload, tvb, offset, 1, ENC_BIG_ENDIAN);
3570
3571 /* The critical flag only applies to IKEv2 payloads but not proposals and transforms. */
3572 if (isakmp_version == 1 || payload == PLOAD_IKE_P || payload == PLOAD_IKE_T) {
3573 proto_tree_add_item(ntree, hf_isakmp_reserved, tvb, offset + 1, 1, ENC_NA);
3574 } else if (isakmp_version == 2) {
3575 proto_tree_add_item(ntree, hf_isakmp_criticalpayload, tvb, offset+1, 1, ENC_BIG_ENDIAN);
3576 proto_tree_add_item(ntree, hf_isakmp_reserved7, tvb, offset + 1, 1, ENC_BIG_ENDIAN);
3577 }
3578 proto_tree_add_item(ntree, hf_isakmp_payloadlen, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
3579
3580 *next_payload_p = next_payload;
3581 *payload_length_p = payload_length;
3582 return ntree;
3583 }
3584
3585 static void
3586 // NOLINTNEXTLINE(misc-no-recursion)
3587 dissect_sa(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo, bool is_request, void* decr_data)
3588 {
3589 uint32_t doi;
3590 uint16_t saattr;
3591 proto_item *sti;
3592 proto_tree *stree;
3593 proto_tree *currtree;
3594
3595 /* make a copy of current tree working position which we will use while dissecting other payloads*/
3596 currtree = tree;
3597 if (isakmp_version == 1) {
3598 doi = tvb_get_ntohl(tvb, offset);
3599
3600 proto_tree_add_item(tree, hf_isakmp_sa_doi, tvb, offset, 4, ENC_BIG_ENDIAN);
3601
3602 offset += 4;
3603 length -= 4;
3604
3605 switch(doi) {
3606 case 1: {
3607 /* IPSEC */
3608 if (length < 4) {
3609 proto_tree_add_bytes_format_value(tree, hf_isakmp_sa_situation, tvb, offset, length,
3610 NULL,
3611 "%s (length is %u, should be >= 4)",
3612 tvb_bytes_to_str(pinfo->pool, tvb, offset, length), length);
3613 return;
3614 }
3615 sti = proto_tree_add_item(tree, hf_isakmp_sa_situation, tvb, offset, 4, ENC_NA);
3616 stree = proto_item_add_subtree(sti, ett_isakmp_sa);
3617
3618 proto_tree_add_item(stree, hf_isakmp_sa_situation_identity_only, tvb, offset, 4, ENC_BIG_ENDIAN);
3619 proto_tree_add_item(stree, hf_isakmp_sa_situation_secrecy, tvb, offset, 4, ENC_BIG_ENDIAN);
3620 proto_tree_add_item(stree, hf_isakmp_sa_situation_integrity, tvb, offset, 4, ENC_BIG_ENDIAN);
3621
3622 offset += 4;
3623 length -= 4;
3624
3625 dissect_payloads(tvb, tree, isakmp_version, PLOAD_IKE_P, offset,
3626 length, pinfo, 0, is_request, decr_data);
3627 break;
3628 }
3629 case 2: {
3630 /* add GDOI specific changes here for RFC 6407*/
3631 if (length < 8) { /* situation + next payload + reserved2*/
3632 proto_tree_add_bytes_format_value(tree, hf_isakmp_sa_situation, tvb, offset, length,
3633 NULL,
3634 "%s (length is %u, should be >= 8)",
3635 tvb_bytes_to_str(pinfo->pool, tvb, offset, length), length);
3636 return;
3637 }
3638 proto_tree_add_item(tree, hf_isakmp_sa_situation, tvb, offset, 4, ENC_NA); /* must be always 0 as per RFC 6407 no further decoding required*/
3639 saattr = tvb_get_ntohs(tvb, offset+4);
3640 proto_tree_add_item(tree, hf_isakmp_sa_attribute_next_payload, tvb, offset+4, 2, ENC_NA);
3641 proto_tree_add_item(tree, hf_isakmp_reserved2 , tvb, offset+6, 2, ENC_NA);
3642
3643 offset += 8;
3644 length -= 8;
3645
3646 /* possible attribute values here 15(SAK),16(SAT),18(GAP)*/
3647 switch(saattr) {
3648 case PLOAD_IKE_SAK:
3649 dissect_sa_kek(tvb, pinfo, offset, length, currtree );
3650 break;
3651 case PLOAD_IKE_SAT:
3652 dissect_sa_tek(tvb, pinfo, offset, length, currtree);
3653 break;
3654 }
3655 break;
3656 }
3657 default:
3658 proto_tree_add_item(tree, hf_isakmp_sa_situation, tvb, offset, length, ENC_NA);
3659 break;
3660 }
3661 } else if (isakmp_version == 2) {
3662 dissect_payloads(tvb, tree, isakmp_version, PLOAD_IKE_P, offset,
3663 length, pinfo, 0, is_request, decr_data);
3664 }
3665 }
3666
3667 static void
3668 dissect_proposal(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version, void* decr_data)
3669 {
3670 uint8_t protocol_id;
3671 uint8_t spi_size;
3672 uint8_t num_transforms;
3673 uint8_t next_payload;
3674 uint16_t payload_length;
3675 proto_tree * ntree;
3676 uint8_t proposal_num;
3677
3678 proposal_num = tvb_get_uint8(tvb, offset);
3679
3680 proto_item_append_text(tree, " # %d", proposal_num);
3681
3682 proto_tree_add_item(tree, hf_isakmp_prop_number, tvb, offset, 1, ENC_BIG_ENDIAN);
3683 offset += 1;
3684 length -= 1;
3685
3686 protocol_id = tvb_get_uint8(tvb, offset);
3687
3688 if (isakmp_version == 1)
3689 {
3690 proto_tree_add_item(tree, hf_isakmp_prop_protoid_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
3691 }else if (isakmp_version == 2)
3692 {
3693 proto_tree_add_item(tree, hf_isakmp_prop_protoid_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
3694 }
3695 offset += 1;
3696 length -= 1;
3697
3698 spi_size = tvb_get_uint8(tvb, offset);
3699 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, ENC_BIG_ENDIAN);
3700 offset += 1;
3701 length -= 1;
3702
3703 num_transforms = tvb_get_uint8(tvb, offset);
3704 proto_tree_add_item(tree, hf_isakmp_prop_transforms, tvb, offset, 1, ENC_BIG_ENDIAN);
3705 offset += 1;
3706 length -= 1;
3707
3708 if (spi_size) {
3709 proto_tree_add_item(tree, hf_isakmp_spi, tvb, offset, spi_size, ENC_NA);
3710
3711 offset += spi_size;
3712 length -= spi_size;
3713 }
3714
3715 while (num_transforms > 0) {
3716 ntree = dissect_payload_header(tvb, pinfo, offset, length, isakmp_version,
3717 PLOAD_IKE_T, &next_payload, &payload_length, tree);
3718 if (length < payload_length) {
3719 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_payload_bad_length, tvb, offset + 4, length,
3720 "Payload (bogus, length is %u, greater than remaining length %d", payload_length, length);
3721 break;
3722 } else if (payload_length < 4) {
3723 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_payload_bad_length, tvb, offset + 4, length,
3724 "Payload (bogus, length is %u, must be at least 4)", payload_length);
3725 break;
3726 }
3727 dissect_transform(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version, protocol_id, decr_data);
3728
3729 offset += payload_length;
3730 length -= payload_length;
3731 num_transforms--;
3732
3733 }
3734 }
3735
3736 /** Dissect an attribute header, which is common to all attributes.
3737 *
3738 * @param [in] tvb The tv buffer of the current data.
3739 * @param [in] tree The tree to append the attribute subtree to.
3740 * @param [in] offset The start of the data in tvb.
3741 * @param [in] hf_attr A struct of indices pointing to attribute header field descriptions.
3742 * @param [in] attr_typenames The table for translation of the attribute type id to a name.
3743 * @param [out] headerlen The length of the attribute header, excluding the value.
3744 * @param [out] value_len The length of the attribute value.
3745 * @param [out] attr_type The attribute type, as read from the attribute header.
3746 * @param [out] attr_item The root item created for this attribute.
3747 * @param [out] subtree The subtree created for this attribute.
3748 */
3749 static void
3750 dissect_attribute_header(tvbuff_t *tvb, proto_tree *tree, int offset,
3751 attribute_common_fields hf_attr, const range_string *attr_typenames,
3752 unsigned *headerlen, unsigned *value_len, unsigned *attr_type,
3753 proto_item **attr_item, proto_tree **subtree)
3754 {
3755 unsigned attr_type_format;
3756 bool has_len;
3757 const char *attr_typename;
3758
3759 attr_type_format = tvb_get_ntohs(tvb, offset);
3760 has_len = !(attr_type_format & 0x8000);
3761 *attr_type = attr_type_format & 0x7fff;
3762
3763 if (has_len) {
3764 /* Type/Length/Value format */
3765 *headerlen = 4;
3766 *value_len = tvb_get_ntohs(tvb, offset + 2);
3767 } else {
3768 /* Type/Value format */
3769 *headerlen = 2;
3770 *value_len = 2;
3771 }
3772
3773 *attr_item = proto_tree_add_item(tree, hf_attr.all, tvb, offset, *headerlen + *value_len, ENC_NA);
3774 attr_typename = rval_to_str(*attr_type, attr_typenames, "Unknown Attribute Type (%02d)");
3775 proto_item_append_text(*attr_item, " (t=%d,l=%d): %s", *attr_type, *value_len, attr_typename);
3776
3777 *subtree = proto_item_add_subtree(*attr_item, ett_isakmp_attr);
3778 proto_tree_add_item(*subtree, hf_attr.format, tvb, offset, 2, ENC_BIG_ENDIAN);
3779 proto_tree_add_uint(*subtree, hf_attr.type, tvb, offset, 2, *attr_type);
3780
3781 if (has_len)
3782 proto_tree_add_item(*subtree, hf_attr.length, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
3783
3784 if (*value_len > 0)
3785 proto_tree_add_item(*subtree, hf_attr.value, tvb, offset + *headerlen, *value_len, ENC_NA);
3786 }
3787
3788 /* Returns the number of bytes consumed by this attribute. */
3789 static int
3790 dissect_rohc_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
3791 {
3792 unsigned headerlen, value_len, attr_type;
3793 proto_item *attr_item;
3794 proto_tree *attr_tree;
3795
3796 dissect_attribute_header(tvb, tree, offset,
3797 hf_isakmp_notify_data_rohc_attr, rohc_attr_type,
3798 &headerlen, &value_len, &attr_type,
3799 &attr_item, &attr_tree);
3800
3801 offset += headerlen;
3802
3803 if (value_len == 0)
3804 {
3805 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
3806 return headerlen;
3807 }
3808
3809 switch(attr_type) {
3810 case ROHC_MAX_CID:
3811 proto_tree_add_item(attr_tree, hf_isakmp_notify_data_rohc_attr_max_cid, tvb, offset, value_len, ENC_BIG_ENDIAN);
3812 break;
3813 case ROHC_PROFILE:
3814 proto_tree_add_item(attr_tree, hf_isakmp_notify_data_rohc_attr_profile, tvb, offset, value_len, ENC_BIG_ENDIAN);
3815 break;
3816 case ROHC_INTEG:
3817 proto_tree_add_item(attr_tree, hf_isakmp_notify_data_rohc_attr_integ, tvb, offset, value_len, ENC_BIG_ENDIAN);
3818 break;
3819 case ROHC_ICV_LEN:
3820 proto_tree_add_item(attr_tree, hf_isakmp_notify_data_rohc_attr_icv_len, tvb, offset, value_len, ENC_BIG_ENDIAN);
3821 break;
3822 case ROHC_MRRU:
3823 proto_tree_add_item(attr_tree, hf_isakmp_notify_data_rohc_attr_mrru, tvb, offset, value_len, ENC_BIG_ENDIAN);
3824 break;
3825
3826 default:
3827 /* No Default Action */
3828 break;
3829 }
3830
3831 return headerlen + value_len;
3832 }
3833
3834 /* Dissect life duration, which is variable-length. Note that this function
3835 * handles both/either the security association life duration as defined in
3836 * section 4.5 of RFC2407 (https://tools.ietf.org/html/rfc2407), as well as the
3837 * life duration according to the attribute classes table in Appendix A of
3838 * RFC2409: https://tools.ietf.org/html/rfc2409#page-33 */
3839 static void
3840 dissect_life_duration(tvbuff_t *tvb, proto_tree *tree, proto_item *ti, int hf_uint32, int hf_uint64, int hf_bytes, int offset, unsigned len)
3841 {
3842 switch (len) {
3843 case 0:
3844 break;
3845 case 1: {
3846 uint8_t val;
3847 val = tvb_get_uint8(tvb, offset);
3848
3849 proto_tree_add_uint(tree, hf_uint32, tvb, offset, len, val);
3850 proto_item_append_text(ti, ": %u", val);
3851 break;
3852 }
3853 case 2: {
3854 uint16_t val;
3855 val = tvb_get_ntohs(tvb, offset);
3856
3857 proto_tree_add_uint(tree, hf_uint32, tvb, offset, len, val);
3858 proto_item_append_text(ti, ": %u", val);
3859 break;
3860 }
3861 case 3: {
3862 uint32_t val;
3863 val = tvb_get_ntoh24(tvb, offset);
3864
3865 proto_tree_add_uint(tree, hf_uint32, tvb, offset, len, val);
3866 proto_item_append_text(ti, ": %u", val);
3867 break;
3868 }
3869 case 4: {
3870 uint32_t val;
3871 val = tvb_get_ntohl(tvb, offset);
3872
3873 proto_tree_add_uint(tree, hf_uint32, tvb, offset, len, val);
3874 proto_item_append_text(ti, ": %u", val);
3875 break;
3876 }
3877 case 5: {
3878 uint64_t val;
3879 val = tvb_get_ntoh40(tvb, offset);
3880
3881 proto_tree_add_uint64_format_value(tree, hf_uint64, tvb, offset, len, val, "%" PRIu64, val);
3882 proto_item_append_text(ti, ": %" PRIu64, val);
3883 break;
3884 }
3885 case 6: {
3886 uint64_t val;
3887 val = tvb_get_ntoh48(tvb, offset);
3888
3889 proto_tree_add_uint64_format_value(tree, hf_uint64, tvb, offset, len, val, "%" PRIu64, val);
3890 proto_item_append_text(ti, ": %" PRIu64, val);
3891 break;
3892 }
3893 case 7: {
3894 uint64_t val;
3895 val = tvb_get_ntoh56(tvb, offset);
3896
3897 proto_tree_add_uint64_format_value(tree, hf_uint64, tvb, offset, len, val, "%" PRIu64, val);
3898 proto_item_append_text(ti, ": %" PRIu64, val);
3899 break;
3900 }
3901 case 8: {
3902 uint64_t val;
3903 val = tvb_get_ntoh64(tvb, offset);
3904
3905 proto_tree_add_uint64_format_value(tree, hf_uint64, tvb, offset, len, val, "%" PRIu64, val);
3906 proto_item_append_text(ti, ": %" PRIu64, val);
3907 break;
3908 }
3909 default:
3910 proto_tree_add_item(tree, hf_bytes, tvb, offset, len, ENC_NA);
3911 proto_item_append_text(ti, ": %" PRIx64 " ...", tvb_get_ntoh64(tvb, offset));
3912 break;
3913 }
3914 }
3915
3916 /* Returns the number of bytes consumed by this attribute. */
3917 static int
3918 dissect_ipsec_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
3919 {
3920 unsigned headerlen, value_len, attr_type;
3921 proto_item *attr_item;
3922 proto_tree *attr_tree;
3923
3924 dissect_attribute_header(tvb, tree, offset,
3925 hf_isakmp_ipsec_attr, ipsec_attr_type,
3926 &headerlen, &value_len, &attr_type,
3927 &attr_item, &attr_tree);
3928
3929 offset += headerlen;
3930
3931 if (value_len == 0)
3932 {
3933 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
3934 return headerlen;
3935 }
3936
3937 switch(attr_type) {
3938 case IPSEC_ATTR_LIFE_TYPE:
3939 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_life_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
3940 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), attr_life_type, "Unknown %d"));
3941 break;
3942 case IPSEC_ATTR_LIFE_DURATION:
3943 dissect_life_duration(tvb, attr_tree, attr_item, hf_isakmp_ipsec_attr_life_duration_uint32, hf_isakmp_ipsec_attr_life_duration_uint64, hf_isakmp_ipsec_attr_life_duration_bytes, offset, value_len);
3944 break;
3945 case IPSEC_ATTR_GROUP_DESC:
3946 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_group_description, tvb, offset, value_len, ENC_BIG_ENDIAN);
3947 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), dh_group, "Unknown %d"));
3948 break;
3949 case IPSEC_ATTR_ENCAP_MODE:
3950 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_encap_mode, tvb, offset, value_len, ENC_BIG_ENDIAN);
3951 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ipsec_attr_encap_mode, "Unknown %d"));
3952 break;
3953 case IPSEC_ATTR_AUTH_ALGORITHM:
3954 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_auth_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN);
3955 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ipsec_attr_auth_algo, "Unknown %d"));
3956 break;
3957 case IPSEC_ATTR_KEY_LENGTH:
3958 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_key_length, tvb, offset, value_len, ENC_BIG_ENDIAN);
3959 proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset));
3960 break;
3961 case IPSEC_ATTR_KEY_ROUNDS:
3962 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_key_rounds, tvb, offset, value_len, ENC_BIG_ENDIAN);
3963 proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset));
3964 break;
3965 case IPSEC_ATTR_CMPR_DICT_SIZE:
3966 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_cmpr_dict_size, tvb, offset, value_len, ENC_BIG_ENDIAN);
3967 break;
3968 case IPSEC_ATTR_CMPR_ALGORITHM:
3969 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_cmpr_algorithm, tvb, offset, value_len, ENC_NA);
3970 break;
3971 case IPSEC_ATTR_ECN_TUNNEL:
3972 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_ecn_tunnel, tvb, offset, value_len, ENC_BIG_ENDIAN);
3973 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ipsec_attr_ecn_tunnel, "Unknown %d"));
3974 break;
3975 case IPSEC_ATTR_EXT_SEQ_NBR:
3976 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_ext_seq_nbr, tvb, offset, value_len, ENC_BIG_ENDIAN);
3977 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ipsec_attr_ext_seq_nbr, "Unknown %d"));
3978 break;
3979 case IPSEC_ATTR_AUTH_KEY_LENGTH:
3980 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_auth_key_length, tvb, offset, value_len, ENC_BIG_ENDIAN);
3981 proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset));
3982 break;
3983 case IPSEC_ATTR_SIG_ENCO_ALGORITHM:
3984 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_sig_enco_algorithm, tvb, offset, value_len, ENC_NA);
3985 break;
3986
3987 case IPSEC_ATTR_ADDR_PRESERVATION:
3988 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_addr_preservation, tvb, offset, value_len, ENC_BIG_ENDIAN);
3989 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ipsec_attr_addr_preservation, "Unknown %d"));
3990 break;
3991
3992 case IPSEC_ATTR_SA_DIRECTION:
3993 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_sa_direction, tvb, offset, value_len, ENC_BIG_ENDIAN);
3994 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ipsec_attr_sa_direction, "Unknown %d"));
3995 default:
3996 /* No Default Action */
3997 break;
3998 }
3999
4000 return headerlen + value_len;
4001 }
4002
4003 /* Returns the number of bytes consumed by this attribute. */
4004 static int
4005 dissect_resp_lifetime_ipsec_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
4006 {
4007 unsigned headerlen, value_len, attr_type;
4008 proto_item *attr_item;
4009 proto_tree *attr_tree;
4010
4011 dissect_attribute_header(tvb, tree, offset,
4012 hf_isakmp_resp_lifetime_ipsec_attr, ipsec_attr_type,
4013 &headerlen, &value_len, &attr_type,
4014 &attr_item, &attr_tree);
4015
4016 offset += headerlen;
4017
4018 if (value_len == 0)
4019 {
4020 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
4021 return headerlen;
4022 }
4023
4024 switch(attr_type) {
4025 case IPSEC_ATTR_LIFE_TYPE:
4026 proto_tree_add_item(attr_tree, hf_isakmp_resp_lifetime_ipsec_attr_life_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
4027 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), attr_life_type, "Unknown %d"));
4028 break;
4029 case IPSEC_ATTR_LIFE_DURATION:
4030 dissect_life_duration(tvb, attr_tree, attr_item, hf_isakmp_resp_lifetime_ipsec_attr_life_duration_uint32, hf_isakmp_resp_lifetime_ipsec_attr_life_duration_uint64, hf_isakmp_resp_lifetime_ipsec_attr_life_duration_bytes, offset, value_len);
4031 break;
4032 default:
4033 /* No Default Action */
4034 break;
4035 }
4036
4037 return headerlen + value_len;
4038 }
4039
4040 /* Returns the number of bytes consumed by this attribute. */
4041 static int
4042 dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, decrypt_data_t *decr)
4043 {
4044 unsigned headerlen, value_len, attr_type;
4045 proto_item *attr_item;
4046 proto_tree *attr_tree;
4047
4048 dissect_attribute_header(tvb, tree, offset,
4049 hf_isakmp_ike_attr, ike_attr_type,
4050 &headerlen, &value_len, &attr_type,
4051 &attr_item, &attr_tree);
4052
4053 offset += headerlen;
4054
4055 if (value_len == 0)
4056 {
4057 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
4058 return headerlen;
4059 }
4060
4061 switch(attr_type) {
4062 case IKE_ATTR_ENCRYPTION_ALGORITHM:
4063 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_encryption_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN);
4064 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_enc_algo, "Unknown %d"));
4065 if (decr) decr->ike_encr_alg = tvb_get_ntohs(tvb, offset);
4066 break;
4067 case IKE_ATTR_HASH_ALGORITHM:
4068 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_hash_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN);
4069 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_hash_algo, "Unknown %d"));
4070 if (decr) decr->ike_hash_alg = tvb_get_ntohs(tvb, offset);
4071 break;
4072 case IKE_ATTR_AUTHENTICATION_METHOD:
4073 /* for GM/T 0022 IPSec VPN specification */
4074 if(decr && (decr->ike_hash_alg == HMAC_SM3 || decr->ike_encr_alg == ENC_SM1_CBC || decr->ike_encr_alg == ENC_SM4_CBC))
4075 {
4076 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_authentication_method_china, tvb, offset, value_len, ENC_BIG_ENDIAN);
4077 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_authmeth_china, "Unknown %d"));
4078
4079 }
4080 else
4081 {
4082 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_authentication_method, tvb, offset, value_len, ENC_BIG_ENDIAN);
4083 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_authmeth, "Unknown %d"));
4084 }
4085 if (decr) decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? true : false;
4086 break;
4087 case IKE_ATTR_GROUP_DESCRIPTION:
4088 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_description, tvb, offset, value_len, ENC_BIG_ENDIAN);
4089 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), dh_group, "Unknown %d"));
4090 if (decr) decr->group = tvb_get_ntohs(tvb, offset);
4091 break;
4092 case IKE_ATTR_GROUP_TYPE:
4093 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
4094 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_grp_type, "Unknown %d"));
4095 break;
4096 case IKE_ATTR_GROUP_PRIME:
4097 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_prime, tvb, offset, value_len, ENC_NA);
4098 break;
4099 case IKE_ATTR_GROUP_GENERATOR_ONE:
4100 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_generator_one, tvb, offset, value_len, ENC_NA);
4101 break;
4102 case IKE_ATTR_GROUP_GENERATOR_TWO:
4103 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_generator_two, tvb, offset, value_len, ENC_NA);
4104 break;
4105 case IKE_ATTR_GROUP_CURVE_A:
4106 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_curve_a, tvb, offset, value_len, ENC_NA);
4107 break;
4108 case IKE_ATTR_GROUP_CURVE_B:
4109 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_curve_b, tvb, offset, value_len, ENC_NA);
4110 break;
4111 case IKE_ATTR_LIFE_TYPE:
4112 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_life_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
4113 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), attr_life_type, "Unknown %d"));
4114 break;
4115 case IKE_ATTR_LIFE_DURATION:
4116 dissect_life_duration(tvb, attr_tree, attr_item, hf_isakmp_ike_attr_life_duration_uint32, hf_isakmp_ike_attr_life_duration_uint64, hf_isakmp_ike_attr_life_duration_bytes, offset, value_len);
4117 break;
4118 case IKE_ATTR_PRF:
4119 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_prf, tvb, offset, value_len, ENC_NA);
4120 break;
4121 case IKE_ATTR_KEY_LENGTH:
4122 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_key_length, tvb, offset, value_len, ENC_BIG_ENDIAN);
4123 proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset));
4124 if (decr) decr->ike_encr_keylen = tvb_get_ntohs(tvb, offset);
4125 break;
4126 case IKE_ATTR_FIELD_SIZE:
4127 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_field_size, tvb, offset, value_len, ENC_NA);
4128 break;
4129 case IKE_ATTR_GROUP_ORDER:
4130 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_order, tvb, offset, value_len, ENC_NA);
4131 break;
4132 case IKE_ATTR_BLOCK_SIZE:
4133 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_block_size, tvb, offset, value_len, ENC_NA);
4134 break;
4135 case IKE_ATTR_ACAT:
4136 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_asymmetric_cryptographic_algorithm_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
4137 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_asym_algo, "Unknown %d"));
4138 break;
4139 default:
4140 /* No Default Action */
4141 break;
4142 }
4143
4144 return headerlen + value_len;
4145 }
4146
4147 /* Returns the number of bytes consumed by this attribute. */
4148 static int
4149 dissect_resp_lifetime_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
4150 {
4151 unsigned headerlen, value_len, attr_type;
4152 proto_item *attr_item;
4153 proto_tree *attr_tree;
4154
4155 dissect_attribute_header(tvb, tree, offset,
4156 hf_isakmp_resp_lifetime_ike_attr, ike_attr_type,
4157 &headerlen, &value_len, &attr_type,
4158 &attr_item, &attr_tree);
4159
4160 offset += headerlen;
4161
4162 if (value_len == 0)
4163 {
4164 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
4165 return headerlen;
4166 }
4167
4168 switch(attr_type) {
4169 case IKE_ATTR_LIFE_TYPE:
4170 proto_tree_add_item(attr_tree, hf_isakmp_resp_lifetime_ike_attr_life_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
4171 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), attr_life_type, "Unknown %d"));
4172 break;
4173 case IKE_ATTR_LIFE_DURATION:
4174 dissect_life_duration(tvb, attr_tree, attr_item, hf_isakmp_resp_lifetime_ike_attr_life_duration_uint32, hf_isakmp_resp_lifetime_ike_attr_life_duration_uint64, hf_isakmp_resp_lifetime_ike_attr_life_duration_bytes, offset, value_len);
4175 break;
4176 default:
4177 /* No Default Action */
4178 break;
4179 }
4180
4181 return headerlen + value_len;
4182 }
4183
4184 /* Returns the number of bytes consumed by this attribute. */
4185 static int
4186 dissect_ike2_transform_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
4187 {
4188 unsigned headerlen, value_len, attr_type;
4189 proto_item *attr_item;
4190 proto_tree *attr_tree;
4191
4192 dissect_attribute_header(tvb, tree, offset,
4193 hf_isakmp_ike2_attr, transform_ike2_attr_type,
4194 &headerlen, &value_len, &attr_type,
4195 &attr_item, &attr_tree);
4196
4197 offset += headerlen;
4198
4199 if (value_len == 0)
4200 {
4201 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
4202 return headerlen;
4203 }
4204
4205 switch(attr_type) {
4206 case IKE2_ATTR_KEY_LENGTH:
4207 proto_tree_add_item(attr_tree, hf_isakmp_ike2_attr_key_length, tvb, offset, value_len, ENC_BIG_ENDIAN);
4208 proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset));
4209 break;
4210 default:
4211 /* No Default Action */
4212 break;
4213 }
4214
4215 return headerlen + value_len;
4216 }
4217
4218 static void
4219 dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version, int protocol_id, void* decr_data)
4220 {
4221 if (isakmp_version == 1)
4222 {
4223 uint8_t transform_id;
4224 uint8_t transform_num;
4225 decrypt_data_t *decr = (decrypt_data_t *)decr_data;
4226 int offset_end = 0;
4227 offset_end = offset + length;
4228
4229 transform_num = tvb_get_uint8(tvb, offset);
4230 proto_item_append_text(tree," # %d",transform_num);
4231
4232 proto_tree_add_item(tree, hf_isakmp_trans_number, tvb, offset, 1, ENC_BIG_ENDIAN);
4233 offset += 1;
4234
4235 transform_id = tvb_get_uint8(tvb, offset);
4236 switch (protocol_id) {
4237 case 1: /* ISAKMP */
4238 proto_tree_add_uint_format_value(tree, hf_isakmp_trans_id, tvb, offset, 1,
4239 transform_id, "%s (%u)",
4240 val_to_str_const(transform_id, vs_v1_trans_isakmp, "UNKNOWN-TRANS-TYPE"), transform_id);
4241 break;
4242 case 2: /* AH */
4243 proto_tree_add_uint_format_value(tree, hf_isakmp_trans_id, tvb, offset, 1,
4244 transform_id, "%s (%u)",
4245 val_to_str_const(transform_id, vs_v1_trans_ah, "UNKNOWN-AH-TRANS-TYPE"), transform_id);
4246 break;
4247 case 3: /* ESP */
4248 proto_tree_add_uint_format_value(tree, hf_isakmp_trans_id, tvb, offset, 1,
4249 transform_id, "%s (%u)",
4250 val_to_str_const(transform_id, vs_v1_trans_esp, "UNKNOWN-ESP-TRANS-TYPE"), transform_id);
4251 break;
4252 case 4: /* IPCOMP */
4253 proto_tree_add_uint_format_value(tree, hf_isakmp_trans_id, tvb, offset, 1,
4254 transform_id, "%s (%u)",
4255 val_to_str_const(transform_id, transform_id_ipcomp, "UNKNOWN-IPCOMP-TRANS-TYPE"), transform_id);
4256 break;
4257 default:
4258 proto_tree_add_item(tree, hf_isakmp_trans_id, tvb, offset, 1, ENC_BIG_ENDIAN);
4259 break;
4260 }
4261 offset += 1;
4262
4263 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 2, ENC_NA);
4264 offset += 2;
4265
4266 if (protocol_id == 1 && transform_id == 1) {
4267 if (decr) {
4268 /* Allow detection of missing IKE transform attributes:
4269 * Make sure their values are not carried over from another transform
4270 * dissected previously. */
4271 decr->ike_encr_alg = 0;
4272 decr->ike_encr_keylen = 0;
4273 decr->ike_hash_alg = 0;
4274 }
4275 while (offset < offset_end) {
4276 offset += dissect_ike_attribute(tvb, pinfo, tree, offset, decr);
4277 }
4278 }
4279 else {
4280 while (offset < offset_end) {
4281 offset += dissect_ipsec_attribute(tvb, pinfo, tree, offset);
4282 }
4283 }
4284 }
4285 else if(isakmp_version == 2)
4286 {
4287 uint8_t transform_type;
4288 int offset_end = 0;
4289 offset_end = offset + length;
4290
4291 transform_type = tvb_get_uint8(tvb, offset);
4292 proto_tree_add_item(tree, hf_isakmp_trans_type, tvb, offset, 1, ENC_BIG_ENDIAN);
4293 offset += 1;
4294
4295 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 1, ENC_NA);
4296 offset += 1;
4297
4298 switch(transform_type){
4299 case TF_IKE2_ENCR:
4300 proto_tree_add_item(tree, hf_isakmp_trans_encr, tvb, offset, 2, ENC_BIG_ENDIAN);
4301 break;
4302 case TF_IKE2_PRF:
4303 proto_tree_add_item(tree, hf_isakmp_trans_prf, tvb, offset, 2, ENC_BIG_ENDIAN);
4304 break;
4305 case TF_IKE2_INTEG:
4306 proto_tree_add_item(tree, hf_isakmp_trans_integ, tvb, offset, 2, ENC_BIG_ENDIAN);
4307 break;
4308 case TF_IKE2_DH:
4309 proto_tree_add_item(tree, hf_isakmp_trans_dh, tvb, offset, 2, ENC_BIG_ENDIAN);
4310 break;
4311 case TF_IKE2_ESN:
4312 proto_tree_add_item(tree, hf_isakmp_trans_esn, tvb, offset, 2, ENC_BIG_ENDIAN);
4313 break;
4314 default:
4315 proto_tree_add_item(tree, hf_isakmp_trans_id_v2, tvb, offset, 2, ENC_BIG_ENDIAN);
4316 break;
4317 }
4318 offset += 2;
4319
4320 while (offset < offset_end) {
4321 offset += dissect_ike2_transform_attribute(tvb, pinfo, tree, offset);
4322 }
4323 }
4324 }
4325
4326 static void
4327 dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version,
4328 packet_info* pinfo, void* decr_data)
4329 {
4330 if (isakmp_version == 2) {
4331 proto_tree_add_item(tree, hf_isakmp_key_exch_dh_group, tvb, offset, 2, ENC_BIG_ENDIAN);
4332 offset += 2;
4333 length -= 2;
4334
4335 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 2, ENC_NA);
4336 offset += 2;
4337 length -= 2;
4338 }
4339
4340 proto_tree_add_item(tree, hf_isakmp_key_exch_data, tvb, offset, length, ENC_NA);
4341
4342 if (isakmp_version == 1 && decr_data) {
4343 decrypt_data_t *decr = (decrypt_data_t *)decr_data;
4344
4345 if (decr->gi_len == 0 && addresses_equal(&decr->initiator, &pinfo->src)) {
4346 decr->gi = (char *)g_malloc(length);
4347 tvb_memcpy(tvb, decr->gi, offset, length);
4348 decr->gi_len = length;
4349 } else if (decr->gr_len == 0 && !addresses_equal(&decr->initiator, &pinfo->src)) {
4350 decr->gr = (char *)g_malloc(length);
4351 tvb_memcpy(tvb, decr->gr, offset, length);
4352 decr->gr_len = length;
4353 }
4354 }
4355 }
4356
4357 static void
4358 dissect_id_type(tvbuff_t *tvb, int offset, int length, uint8_t id_type, proto_tree *idtree, proto_item *idit, packet_info *pinfo )
4359 {
4360 const uint8_t *str;
4361 asn1_ctx_t asn1_ctx;
4362 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
4363
4364 switch (id_type) {
4365 case IKE_ID_IPV4_ADDR:
4366 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
4367 proto_item_append_text(idit, "%s", tvb_ip_to_str(pinfo->pool, tvb, offset));
4368 break;
4369 case IKE_ID_FQDN:
4370 proto_tree_add_item_ret_string(idtree, hf_isakmp_id_data_fqdn, tvb, offset, length, ENC_ASCII|ENC_NA, pinfo->pool, &str);
4371 proto_item_append_text(idit, "%s", str);
4372 break;
4373 case IKE_ID_USER_FQDN:
4374 proto_tree_add_item_ret_string(idtree, hf_isakmp_id_data_user_fqdn, tvb, offset, length, ENC_ASCII|ENC_NA, pinfo->pool, &str);
4375 proto_item_append_text(idit, "%s", str);
4376 break;
4377 case IKE_ID_IPV4_ADDR_SUBNET:
4378 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
4379 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_subnet, tvb, offset+4, 4, ENC_BIG_ENDIAN);
4380 proto_item_append_text(idit, "%s/%s", tvb_ip_to_str(pinfo->pool, tvb, offset), tvb_ip_to_str(pinfo->pool, tvb, offset+4));
4381 break;
4382 case IKE_ID_IPV4_ADDR_RANGE:
4383 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_range_start, tvb, offset, 4, ENC_BIG_ENDIAN);
4384 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_range_end, tvb, offset+4, 4, ENC_BIG_ENDIAN);
4385 proto_item_append_text(idit, "%s/%s", tvb_ip_to_str(pinfo->pool, tvb, offset), tvb_ip_to_str(pinfo->pool, tvb, offset+4));
4386 break;
4387 case IKE_ID_IPV6_ADDR:
4388 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_addr, tvb, offset, 16, ENC_NA);
4389 proto_item_append_text(idit, "%s", tvb_ip6_to_str(pinfo->pool, tvb, offset));
4390 break;
4391 case IKE_ID_IPV6_ADDR_SUBNET:
4392 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_addr, tvb, offset, 16, ENC_NA);
4393 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_subnet, tvb, offset+16, 16, ENC_NA);
4394 proto_item_append_text(idit, "%s/%s", tvb_ip6_to_str(pinfo->pool, tvb, offset), tvb_ip6_to_str(pinfo->pool, tvb, offset+16));
4395 break;
4396 case IKE_ID_IPV6_ADDR_RANGE:
4397 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_range_start, tvb, offset, 16, ENC_NA);
4398 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_range_end, tvb, offset+16, 16, ENC_NA);
4399 proto_item_append_text(idit, "%s/%s", tvb_ip6_to_str(pinfo->pool, tvb, offset), tvb_ip6_to_str(pinfo->pool, tvb, offset+16));
4400 break;
4401 case IKE_ID_KEY_ID:
4402 proto_tree_add_item(idtree, hf_isakmp_id_data_key_id, tvb, offset, length, ENC_NA);
4403 break;
4404 case IKE_ID_DER_ASN1_DN:
4405 dissect_x509if_Name(false, tvb, offset, &asn1_ctx, idtree, hf_isakmp_id_data_cert);
4406 break;
4407 default:
4408 proto_item_append_text(idit, "%s", tvb_bytes_to_str(pinfo->pool, tvb,offset,length));
4409 break;
4410 }
4411 }
4412
4413 static void
4414 dissect_id(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
4415 {
4416 uint8_t id_type;
4417 uint8_t protocol_id;
4418 uint16_t port;
4419 proto_item *idit;
4420 proto_tree *idtree;
4421
4422 id_type = tvb_get_uint8(tvb, offset);
4423 if (isakmp_version == 1)
4424 {
4425 proto_tree_add_item(tree, hf_isakmp_id_type_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
4426 }else if (isakmp_version == 2)
4427 {
4428 proto_tree_add_item(tree, hf_isakmp_id_type_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
4429 }
4430 offset += 1;
4431 length -= 1;
4432
4433 if (isakmp_version == 1) {
4434 protocol_id = tvb_get_uint8(tvb, offset);
4435 if (protocol_id == 0)
4436 proto_tree_add_uint_format_value(tree, hf_isakmp_id_protoid, tvb, offset, 1,
4437 protocol_id, "Unused");
4438 else
4439 proto_tree_add_item(tree, hf_isakmp_id_protoid, tvb, offset, 1, ENC_BIG_ENDIAN);
4440
4441 offset += 1;
4442 length -= 1;
4443
4444 port = tvb_get_ntohs(tvb, offset);
4445 if (port == 0)
4446 proto_tree_add_uint_format_value(tree, hf_isakmp_id_port, tvb, offset, 2,
4447 port, "Unused");
4448 else
4449 proto_tree_add_item(tree, hf_isakmp_id_port, tvb, offset, 2, ENC_BIG_ENDIAN);
4450
4451 offset += 2;
4452 length -= 2;
4453
4454 } else if (isakmp_version == 2) {
4455 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 3, ENC_NA);
4456 offset += 3;
4457 length -= 3;
4458 }
4459
4460 /*
4461 * It shows strings of all types though some of types are not
4462 * supported in IKEv2 specification actually.
4463 */
4464 idit = proto_tree_add_item(tree, hf_isakmp_id_data, tvb, offset, length, ENC_NA);
4465 idtree = proto_item_add_subtree(idit, ett_isakmp_id);
4466 dissect_id_type(tvb, offset, length, id_type, idtree, idit, pinfo);
4467 }
4468
4469 static void
4470 dissect_cert(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
4471 {
4472 uint8_t cert_type;
4473 asn1_ctx_t asn1_ctx;
4474 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
4475 cert_type = tvb_get_uint8(tvb, offset);
4476
4477 if (isakmp_version == 1)
4478 {
4479 proto_tree_add_item(tree, hf_isakmp_cert_encoding_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
4480 }else if (isakmp_version == 2)
4481 {
4482 proto_tree_add_item(tree, hf_isakmp_cert_encoding_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
4483 }
4484
4485 offset += 1;
4486 length -= 1;
4487
4488 if (isakmp_version == 1)
4489 {
4490 dissect_x509af_Certificate(false, tvb, offset, &asn1_ctx, tree, hf_isakmp_cert_data);
4491 }else if (isakmp_version == 2)
4492 {
4493 switch(cert_type){
4494 case 12:{
4495 proto_item *ti_url;
4496
4497 proto_tree_add_item(tree, hf_isakmp_cert_x509_hash, tvb, offset, 20, ENC_NA);
4498 offset += 20;
4499 length -= 20;
4500
4501 ti_url = proto_tree_add_item(tree, hf_isakmp_cert_x509_url, tvb, offset, length, ENC_ASCII);
4502 proto_item_set_url(ti_url);
4503 }
4504 break;
4505 default:
4506 dissect_x509af_Certificate(false, tvb, offset, &asn1_ctx, tree, hf_isakmp_cert_data);
4507 break;
4508 }
4509 }
4510
4511 }
4512
4513 static void
4514 dissect_certreq(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
4515 {
4516 uint8_t cert_type;
4517 asn1_ctx_t asn1_ctx;
4518 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
4519 cert_type = tvb_get_uint8(tvb, offset);
4520
4521 if (isakmp_version == 1)
4522 {
4523 proto_tree_add_item(tree, hf_isakmp_certreq_type_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
4524 }else if (isakmp_version == 2)
4525 {
4526 proto_tree_add_item(tree, hf_isakmp_certreq_type_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
4527 }
4528
4529 offset += 1;
4530 length -= 1;
4531
4532 if (isakmp_version == 1)
4533 {
4534 if (length == 0)
4535 return;
4536
4537 switch(cert_type){
4538 case 4:
4539 dissect_x509if_Name(false, tvb, offset, &asn1_ctx, tree, hf_isakmp_certreq_authority_sig);
4540 break;
4541 default:
4542 proto_tree_add_item(tree, hf_isakmp_certreq_authority_v1, tvb, offset, length, ENC_NA);
4543 break;
4544 }
4545 }else if (isakmp_version == 2)
4546 {
4547 /* this is a list of 20 byte SHA-1 hashes */
4548 while (length > 0) {
4549 proto_tree_add_item(tree, hf_isakmp_certreq_authority_v2, tvb, offset, 20, ENC_NA);
4550 offset+=20;
4551 length-=20;
4552 }
4553 }
4554 }
4555
4556 static void
4557 dissect_auth(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree)
4558 {
4559 uint32_t auth_meth;
4560 uint32_t asn1_len;
4561 proto_item * ti;
4562 proto_tree * subtree;
4563 proto_tree * asn1tree;
4564
4565 proto_tree_add_item_ret_uint(tree, hf_isakmp_auth_meth, tvb, offset, 1, ENC_BIG_ENDIAN, &auth_meth);
4566 offset += 1;
4567 length -= 1;
4568
4569 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 3, ENC_NA);
4570 offset += 3;
4571 length -= 3;
4572
4573 ti = proto_tree_add_item(tree, hf_isakmp_auth_data, tvb, offset, length, ENC_NA);
4574
4575 if (auth_meth == AUTH_METH_DIGITAL_SIGNATURE) {
4576 subtree = proto_item_add_subtree(ti, ett_isakmp_payload_digital_signature);
4577
4578 proto_tree_add_item_ret_uint(subtree, hf_isakmp_auth_digital_sig_asn1_len, tvb, offset, 1, ENC_BIG_ENDIAN, &asn1_len);
4579 offset += 1;
4580 length -= 1;
4581
4582 /* cast ok, since length was parsed out of one unsigned byte into uint32_t */
4583 if ( (asn1_len > 0) && ((int)asn1_len < length) ) {
4584
4585 ti = proto_tree_add_item(subtree, hf_isakmp_auth_digital_sig_asn1_data, tvb, offset, asn1_len, ENC_NA);
4586 asn1tree = proto_item_add_subtree(ti, ett_isakmp_payload_digital_signature_asn1_data);
4587 dissect_unknown_ber(pinfo, tvb, offset, asn1tree);
4588
4589 offset += asn1_len;
4590 length -= asn1_len;
4591
4592 proto_tree_add_item(subtree, hf_isakmp_auth_digital_sig_value, tvb, offset, length, ENC_NA);
4593 }
4594 }
4595 }
4596
4597 static void
4598 dissect_hash(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
4599 {
4600 proto_tree_add_item(ntree, hf_isakmp_hash, tvb, offset, length, ENC_NA);
4601 }
4602
4603 static void
4604 dissect_sig(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
4605 {
4606 proto_tree_add_item(ntree, hf_isakmp_sig, tvb, offset, length, ENC_NA);
4607 }
4608
4609 static void
4610 dissect_nonce(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
4611 {
4612 proto_tree_add_item(ntree, hf_isakmp_nonce, tvb, offset, length, ENC_NA);
4613 }
4614
4615 static void dissect_symmetric_key(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
4616 {
4617 proto_tree_add_item(ntree, hf_isakmp_symmetric_key, tvb, offset, length, ENC_NA);
4618 }
4619
4620 static void
4621 // NOLINTNEXTLINE(misc-no-recursion)
4622 dissect_cisco_fragmentation(tvbuff_t *tvb, int offset, int length, proto_tree *tree, packet_info *pinfo)
4623 {
4624 uint8_t seq; /* Packet sequence number, starting from 1 */
4625 uint8_t last;
4626 proto_tree *ptree;
4627 ptree = proto_tree_get_parent(tree);
4628 if (length < 4)
4629 return;
4630
4631 proto_tree_add_item(tree, hf_isakmp_cisco_frag_packetid, tvb, offset, 2, ENC_BIG_ENDIAN);
4632 offset += 2;
4633 seq = tvb_get_uint8(tvb, offset);
4634 proto_tree_add_item(tree, hf_isakmp_cisco_frag_seq, tvb, offset, 1, ENC_BIG_ENDIAN);
4635 offset += 1;
4636 last = tvb_get_uint8(tvb, offset);
4637 proto_tree_add_item(tree, hf_isakmp_cisco_frag_last, tvb, offset, 1, ENC_BIG_ENDIAN);
4638 offset += 1;
4639 /*length-=4;*/
4640
4641 /* Start Reassembly stuff for Cisco IKE fragmentation */
4642 {
4643 bool save_fragmented;
4644 tvbuff_t *defrag_isakmp_tvb;
4645 fragment_head *frag_msg;
4646
4647 save_fragmented = pinfo->fragmented;
4648 pinfo->fragmented = true;
4649 frag_msg = fragment_add_seq_check(&isakmp_cisco_reassembly_table, tvb, offset,
4650 pinfo,
4651 12345, /*FIXME: Fragmented packet id, uint16_t, somehow get CKY here */
4652 NULL,
4653 seq-1, /* fragment sequence number, starting from 0 */
4654 tvb_reported_length_remaining(tvb, offset), /* fragment length - to the end */
4655 !last); /* More fragments? */
4656 defrag_isakmp_tvb = process_reassembled_data(tvb, offset, pinfo,
4657 "Reassembled ISAKMP", frag_msg,
4658 &isakmp_frag_items, /* groups and items, using same as Cisco */
4659 NULL, ptree);
4660
4661 if (last && defrag_isakmp_tvb) { /* take it all */
4662 dissect_isakmp(defrag_isakmp_tvb, pinfo, ptree, NULL);
4663 }
4664 col_append_fstr(pinfo->cinfo, COL_INFO,
4665 " (%sMessage fragment %u%s)",
4666 (last && frag_msg ? "Reassembled + " : ""),
4667 seq, (last ? " - last" : ""));
4668 pinfo->fragmented = save_fragmented;
4669 }
4670 /* End Reassembly stuff for Cisco IKE fragmentation */
4671
4672 }
4673
4674 /* This is RFC7383 reassembly. */
4675 static void
4676 // NOLINTNEXTLINE(misc-no-recursion)
4677 dissect_ikev2_fragmentation(tvbuff_t *tvb, int offset, proto_tree *tree,
4678 packet_info *pinfo, unsigned message_id, uint8_t next_payload, bool is_request, void* decr_info)
4679 {
4680 uint16_t fragment_number, total_fragments;
4681 bool message_next_payload_set = false;
4682 uint8_t message_next_payload = 0;
4683 int iv_len, icd_len;
4684 int iv_offset;
4685 int icd_offset;
4686 ikev2_decrypt_data_t *key_info;
4687
4688 /* Fragment Number */
4689 fragment_number = tvb_get_ntohs(tvb, offset);
4690 total_fragments = tvb_get_ntohs(tvb, offset+2);
4691 proto_tree_add_item(tree, hf_isakmp_ike2_fragment_number, tvb, offset, 2, ENC_BIG_ENDIAN);
4692 offset += 2;
4693 if (fragment_number == 0) {
4694 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_bad_fragment_number, tvb, 0, 0,
4695 "Fragment number must not be zero");
4696 }
4697 else if (fragment_number > total_fragments) {
4698 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_bad_fragment_number, tvb, 0, 0,
4699 "Fragment number (%u) must not be greater than total fragments (%u)",
4700 fragment_number, total_fragments);
4701 }
4702
4703 /* During the first pass, store in the conversation the next_payload */
4704 if (!pinfo->fd->visited && (fragment_number == 1)) {
4705 /* Create/update conversation with message_id -> next_payload */
4706 conversation_t* p_conv = find_or_create_conversation(pinfo);
4707 ikev2_fragmentation_state_t *p_state = wmem_new0(wmem_file_scope(), ikev2_fragmentation_state_t);
4708 p_state->message_id = message_id;
4709 p_state->next_payload = next_payload;
4710
4711 /* Store the state with the conversation */
4712 conversation_add_proto_data(p_conv, proto_isakmp, (void*)p_state);
4713 }
4714
4715 /* Total fragments */
4716 proto_tree_add_item(tree, hf_isakmp_ike2_total_fragments, tvb, offset, 2, ENC_BIG_ENDIAN);
4717 if (total_fragments == 0) {
4718 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_bad_fragment_number, tvb, 0, 0,
4719 "Total fragments must not be zero");
4720 }
4721
4722 /* Show fragment summary in Info column */
4723 col_append_fstr(pinfo->cinfo, COL_INFO, " (fragment %u/%u)", fragment_number, total_fragments);
4724
4725 offset += 2;
4726
4727 /* If this is the last fragment, need to know what the payload type for the reassembled message is,
4728 which was included in the first fragment */
4729 if (fragment_number == total_fragments) {
4730 if (!pinfo->fd->visited) {
4731 /* On first pass, get it from the conversation info */
4732 conversation_t *p_conv = find_conversation_pinfo(pinfo, 0);
4733 if (p_conv != NULL) {
4734 ikev2_fragmentation_state_t *p_state = (ikev2_fragmentation_state_t*)conversation_get_proto_data(p_conv, proto_isakmp);
4735 if (p_state != NULL) {
4736 if (p_state->message_id == message_id) {
4737 message_next_payload = p_state->next_payload;
4738 message_next_payload_set = true;
4739
4740 /* Store in table for this frame for future passes */
4741 g_hash_table_insert(defrag_next_payload_hash, GUINT_TO_POINTER(pinfo->num), GUINT_TO_POINTER((unsigned)message_next_payload));
4742 }
4743 }
4744 }
4745 }
4746 else {
4747 /* On later passes, look up in hash table by frame number */
4748 message_next_payload = (uint8_t)GPOINTER_TO_UINT(g_hash_table_lookup(defrag_next_payload_hash, GUINT_TO_POINTER(pinfo->num)));
4749 if (message_next_payload != 0) {
4750 message_next_payload_set = true;
4751 }
4752 }
4753 }
4754
4755 /* Can only know lengths of following fields if we have the key information */
4756 if (decr_info) {
4757 key_info = (ikev2_decrypt_data_t*)(decr_info);
4758 iv_len = key_info->encr_spec->iv_len;
4759 icd_len = key_info->auth_spec->trunc_len;
4760 }
4761 else {
4762 /* Can't show any more info. */
4763 return;
4764 }
4765
4766 /* Initialization Vector */
4767 iv_offset = offset;
4768 proto_tree_add_item(tree, hf_isakmp_enc_iv, tvb, offset, iv_len, ENC_NA);
4769 offset += iv_len;
4770
4771 icd_offset = offset + tvb_reported_length_remaining(tvb, offset) - icd_len;
4772
4773 /* Encryption data */
4774 proto_tree_add_item(tree, hf_isakmp_enc_data, tvb, offset, icd_offset-offset, ENC_NA);
4775
4776 /* Can only check how much padding there is after decrypting... */
4777
4778 /* Start Reassembly stuff for IKE2 fragmentation */
4779 {
4780 bool save_fragmented;
4781 tvbuff_t *defrag_decrypted_isakmp_tvb;
4782 tvbuff_t *isakmp_decrypted_fragment_tvb;
4783 fragment_head *frag_msg;
4784 uint8_t padding_length;
4785 uint16_t fragment_length;
4786
4787 /* Decrypt but don't dissect this encrypted payload. */
4788 isakmp_decrypted_fragment_tvb = dissect_enc(tvb, iv_offset, tvb_reported_length_remaining(tvb, iv_offset), tree, pinfo,
4789 0, /* Payload type won't be used in this call, and may not know yet */
4790 is_request,
4791 decr_info,
4792 false /* Don't dissect decrypted tvb as not a completed payload */
4793 );
4794
4795 /* Save pinfo->fragmented, will later restore it */
4796 save_fragmented = pinfo->fragmented;
4797 pinfo->fragmented = true;
4798
4799 /* Remove padding length + any padding bytes from reassembled payload */
4800 padding_length = tvb_get_uint8(isakmp_decrypted_fragment_tvb, tvb_reported_length(isakmp_decrypted_fragment_tvb)-1);
4801 fragment_length = tvb_reported_length(isakmp_decrypted_fragment_tvb) - 1 - padding_length;
4802
4803 /* Adding decrypted tvb into reassembly table here */
4804 frag_msg = fragment_add_seq_check(&isakmp_ike2_reassembly_table,
4805 isakmp_decrypted_fragment_tvb,
4806 0, /* offset */
4807 pinfo,
4808 message_id, /* message_id from top-level header */
4809 NULL, /* data? */
4810 fragment_number-1, /* fragment sequence number, starting from 0 */
4811 fragment_length, /* fragment - (padding_length + padding) */
4812 fragment_number < total_fragments); /* More fragments? */
4813
4814 defrag_decrypted_isakmp_tvb = process_reassembled_data(tvb, offset, pinfo,
4815 "Reassembled IKE2 ISAKMP",
4816 frag_msg,
4817 &isakmp_frag_items, /* Tree IDs & items - using same ones as Cisco. */
4818 NULL, tree);
4819
4820 if (defrag_decrypted_isakmp_tvb && key_info && message_next_payload_set) {
4821 /* Completely reassembled - already decrypted - dissect reassembled payload if know next payload type */
4822 col_append_str(pinfo->cinfo, COL_INFO, " (reassembled)");
4823 dissect_payloads(defrag_decrypted_isakmp_tvb, tree,
4824 2, /* Could store with next_payload, but wouldn't be here otherwise.. */
4825 message_next_payload,
4826 0, tvb_reported_length(defrag_decrypted_isakmp_tvb),
4827 pinfo, message_id, is_request, decr_info);
4828 }
4829 /* Restore this flag */
4830 pinfo->fragmented = save_fragmented;
4831 }
4832 /* End Reassembly stuff for IKE2 fragmentation */
4833 }
4834
4835 static void
4836 dissect_notif(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version)
4837 {
4838 uint32_t doi = 0;
4839 uint8_t protocol_id;
4840 uint8_t spi_size;
4841 uint16_t msgtype;
4842 proto_item *data_item;
4843 proto_tree *data_tree;
4844 int offset_end = 0;
4845 offset_end = offset + length;
4846
4847 if (isakmp_version == 1) {
4848 doi = tvb_get_ntohl(tvb, offset);
4849 proto_tree_add_item(tree, hf_isakmp_notify_doi, tvb, offset, 4, ENC_BIG_ENDIAN);
4850 offset += 4;
4851 length -= 4;
4852 }
4853
4854 protocol_id = tvb_get_uint8(tvb, offset);
4855 if (isakmp_version == 1)
4856 {
4857 proto_tree_add_item(tree, hf_isakmp_notify_protoid_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
4858 }else if (isakmp_version == 2)
4859 {
4860 proto_tree_add_item(tree, hf_isakmp_notify_protoid_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
4861 }
4862 offset += 1;
4863 length -= 1;
4864
4865 spi_size = tvb_get_uint8(tvb, offset);
4866 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, ENC_BIG_ENDIAN);
4867 offset += 1;
4868 length -= 1;
4869
4870 msgtype = tvb_get_ntohs(tvb, offset);
4871
4872 if (isakmp_version == 1)
4873 {
4874 proto_tree_add_item(tree, hf_isakmp_notify_msgtype_v1, tvb, offset, 2, ENC_BIG_ENDIAN);
4875 }else if (isakmp_version == 2)
4876 {
4877 if ((msgtype < 8192) || (msgtype > 16383 && msgtype < 40959 )) {
4878 /* Standard error and status types */
4879 proto_tree_add_uint_format_value(tree, hf_isakmp_notify_msgtype_v2, tvb, offset, 2, msgtype, "%s (%u)",
4880 rval_to_str_const(msgtype, notifmsg_v2_type, "Unknown"), msgtype);
4881 proto_item_append_text(tree, " - %s",
4882 rval_to_str_const(msgtype,
4883 notifmsg_v2_type,
4884 "Unknown"));
4885 } else {
4886 /* Private error and status types */
4887 proto_tree_add_uint_format_value(tree, hf_isakmp_notify_msgtype_v2, tvb, offset, 2, msgtype, "%s (%u)",
4888 rval_to_str_const(msgtype, notifmsg_v2_3gpp_type, "Unknown"), msgtype);
4889 proto_item_append_text(tree, " - %s",
4890 rval_to_str_const(msgtype,
4891 notifmsg_v2_3gpp_type,
4892 "Unknown"));
4893 }
4894 }
4895 offset += 2;
4896 length -= 2;
4897
4898 if (spi_size) {
4899 proto_tree_add_item(tree, hf_isakmp_spi, tvb, offset, spi_size, ENC_NA);
4900 offset += spi_size;
4901 length -= spi_size;
4902 }
4903
4904 /* Notification Data */
4905
4906 data_item = proto_tree_add_item(tree, hf_isakmp_notify_data, tvb, offset, length, ENC_NA);
4907 data_tree = proto_item_add_subtree(data_item, ett_isakmp_notify_data);
4908
4909 if (isakmp_version == 1)
4910 {
4911 switch (msgtype) {
4912 case 24576: /* RESPONDER LIFETIME */
4913 if (protocol_id == 1) {
4914 /* Phase 1 */
4915 while (offset < offset_end) {
4916 offset += dissect_resp_lifetime_ike_attribute(tvb, pinfo, data_tree, offset);
4917 }
4918 } else if (protocol_id > 1 && doi == 1) {
4919 /* Phase 2, IPsec DOI */
4920 while (offset < offset_end) {
4921 offset += dissect_resp_lifetime_ipsec_attribute(tvb, pinfo, data_tree, offset);
4922 }
4923 }
4924 break;
4925 case 36136: /* DPD ARE YOU THERE */
4926 proto_tree_add_item(tree, hf_isakmp_notify_data_dpd_are_you_there, tvb, offset, length, ENC_BIG_ENDIAN);
4927 break;
4928 case 36137: /* DPD ARE YOU THERE ACK */
4929 proto_tree_add_item(tree, hf_isakmp_notify_data_dpd_are_you_there_ack, tvb, offset, length, ENC_BIG_ENDIAN);
4930 break;
4931 case 40501: /* UNITY Load Balance */
4932 proto_tree_add_item(tree, hf_isakmp_notify_data_unity_load_balance, tvb, offset, length, ENC_BIG_ENDIAN);
4933 break;
4934 default:
4935 /* No Default Action */
4936 break;
4937 }
4938
4939 } else if (isakmp_version == 2)
4940 {
4941 switch(msgtype){
4942 case 17: /* INVALID_KE_PAYLOAD */
4943 proto_tree_add_item(tree, hf_isakmp_notify_data_accepted_dh_group, tvb, offset, 2, ENC_BIG_ENDIAN);
4944 break;
4945 case 16387: /* IPCOMP_SUPPORTED */
4946 proto_tree_add_item(tree, hf_isakmp_notify_data_ipcomp_cpi, tvb, offset, 2, ENC_BIG_ENDIAN);
4947 proto_tree_add_item(tree, hf_isakmp_notify_data_ipcomp_transform_id, tvb, offset+2, 1, ENC_BIG_ENDIAN);
4948 break;
4949 case 16403: /* AUTH_LIFETIME" */
4950 {
4951 uint32_t hours;
4952 uint32_t minutes;
4953 uint32_t seconds;
4954 uint32_t durations_seconds;
4955
4956 durations_seconds = tvb_get_uint32(tvb, offset, ENC_BIG_ENDIAN);
4957
4958 hours = durations_seconds / 3600;
4959 minutes = (durations_seconds % 3600) / 60;
4960 seconds = (durations_seconds % 3600) % 60;
4961
4962 proto_tree_add_uint_format_value(tree, hf_isakmp_notify_data_auth_lifetime, tvb, offset, length, durations_seconds,
4963 "%u seconds (%u hour(s) %02u minute(s) %02u second(s))", durations_seconds, hours, minutes, seconds);
4964 break;
4965 }
4966 case 16407: /* REDIRECT */
4967 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_type, tvb, offset, 1, ENC_BIG_ENDIAN);
4968 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_len, tvb, offset+1, 1, ENC_BIG_ENDIAN);
4969 switch(tvb_get_uint8(tvb, offset)){ /* Ident Type ? */
4970 case 1:
4971 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv4, tvb, offset+2, 4, ENC_BIG_ENDIAN);
4972 break;
4973 case 2:
4974 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv6, tvb, offset+2, 16, ENC_NA);
4975 break;
4976 case 3:
4977 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident_fqdn, tvb, offset+2, tvb_get_uint8(tvb,offset+1), ENC_ASCII);
4978 break;
4979 default :
4980 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident, tvb, offset+2, tvb_get_uint8(tvb,offset+1), ENC_NA);
4981 break;
4982 }
4983 length -= tvb_get_uint8(tvb, offset+1) + 2;
4984 offset += tvb_get_uint8(tvb, offset+1) + 2;
4985 if(length)
4986 {
4987 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_nonce_data, tvb, offset, length, ENC_NA);
4988 }
4989 break;
4990 case 16408: /* REDIRECT_FROM */
4991 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_type, tvb, offset, 1, ENC_BIG_ENDIAN);
4992 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_len, tvb, offset+1, 1, ENC_BIG_ENDIAN);
4993 switch(tvb_get_uint8(tvb, offset)){ /* Ident Type ? */
4994 case 1:
4995 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv4, tvb, offset+2, 4, ENC_BIG_ENDIAN);
4996 break;
4997 case 2:
4998 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv6, tvb, offset+2, 16, ENC_NA);
4999 break;
5000 default :
5001 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_org_resp_gw_ident, tvb, offset+2, tvb_get_uint8(tvb,offset+1), ENC_NA);
5002 break;
5003 }
5004 break;
5005 case 16409: /* TICKET_LT_OPAQUE */
5006 proto_tree_add_item(tree, hf_isakmp_notify_data_ticket_lifetime, tvb, offset, 4, ENC_BIG_ENDIAN);
5007 offset += 4;
5008 length -= 4;
5009 proto_tree_add_item(tree, hf_isakmp_notify_data_ticket_data, tvb, offset, length, ENC_NA);
5010 break;
5011 case 16413: /* TICKET_OPAQUE */
5012 proto_tree_add_item(tree, hf_isakmp_notify_data_ticket_data, tvb, offset, length, ENC_NA);
5013 break;
5014 case 16416: /* ROHC_SUPPORTED */
5015 while (offset < offset_end) {
5016 offset += dissect_rohc_attribute(tvb, pinfo, tree, offset);
5017 }
5018 break;
5019 case 16419: /* QUICK_CRASH_DETECTION */
5020 proto_tree_add_item(tree, hf_isakmp_notify_data_qcd_token_secret_data, tvb, offset, length, ENC_NA);
5021 break;
5022 case 16422: /* IKEV2_MESSAGE_ID_SYNC */
5023 proto_tree_add_item(tree, hf_isakmp_notify_data_ha_nonce_data, tvb, offset, 4, ENC_BIG_ENDIAN);
5024 offset += 4;
5025 proto_tree_add_item(tree, hf_isakmp_notify_data_ha_expected_send_req_msg_id, tvb, offset, 4, ENC_BIG_ENDIAN);
5026 offset += 4;
5027 proto_tree_add_item(tree, hf_isakmp_notify_data_ha_expected_recv_req_msg_id, tvb, offset, 4, ENC_BIG_ENDIAN);
5028 break;
5029 case 16423: /* IPSEC_REPLAY_COUNTER_SYNC */
5030 proto_tree_add_item(tree, hf_isakmp_notify_data_ha_incoming_ipsec_sa_delta_value, tvb, offset, length, ENC_NA);
5031 break;
5032 case 16424: /* SECURE_PASSWORD_METHODS */
5033 proto_tree_add_item(tree, hf_isakmp_notify_data_secure_password_methods, tvb, offset, length, ENC_NA);
5034 break;
5035 case 16431: /*SIGNATURE_HASH_ALGORITHMS*/
5036 while(offset < offset_end) {
5037 proto_tree_add_item(tree, hf_isakmp_notify_data_signature_hash_algorithms, tvb, offset, 2, ENC_BIG_ENDIAN);
5038 offset += 2;
5039 }
5040 break;
5041 case 41041:
5042 /* private status 3GPP BACKOFF_TIMER*/
5043 proto_tree_add_item(tree, hf_isakmp_notify_data_3gpp_backoff_timer_len, tvb, offset, 1, ENC_BIG_ENDIAN);
5044 offset++;
5045 de_gc_timer3(tvb, tree, pinfo, offset, 1, NULL, 0);
5046 break;
5047 case 41101: /* DEVICE_IDENTITY */
5048 if(length>=3) {
5049 uint64_t octet;
5050 uint32_t bit_offset;
5051
5052 /* As specified in 3GPP TS 24.302 (Section 8.2.9.2) */
5053 /* Payload Octet 5,6 - Identity length */
5054 proto_tree_add_item(tree, hf_isakmp_notify_data_3gpp_device_identity_len, tvb, offset, 2, ENC_BIG_ENDIAN);
5055 offset += 2;
5056
5057 bit_offset = offset<<3;
5058 bit_offset += 6;
5059
5060 /* Payload Octet 7 - Identity type */
5061 proto_tree_add_bits_ret_val(tree, hf_isakmp_notify_data_3gpp_device_identity_type, tvb, bit_offset, 2, &octet, ENC_BIG_ENDIAN);
5062
5063 offset += 1;
5064 length -= 3;
5065
5066 if(length==0) {
5067 break;
5068 }
5069
5070 /* Payload Octet 8-n - Identity value */
5071 switch (octet) {
5072 case 1:
5073 /* IMEI */
5074 proto_tree_add_item(tree, hf_isakmp_notify_data_3gpp_device_identity_imei, tvb, offset, length, ENC_BCD_DIGITS_0_9|ENC_LITTLE_ENDIAN);
5075 break;
5076 case 2:
5077 /* IMEISV */
5078 proto_tree_add_item(tree, hf_isakmp_notify_data_3gpp_device_identity_imeisv, tvb, offset, length, ENC_BCD_DIGITS_0_9|ENC_LITTLE_ENDIAN);
5079 break;
5080 default:
5081 proto_tree_add_expert(tree, pinfo, &ei_isakmp_notify_data_3gpp_unknown_device_identity, tvb, offset, length);
5082 break;
5083 }
5084 }
5085 break;
5086 case 41134:
5087 /* private status 3GPP EMERGENCY_CALL_NUMBERS*/
5088 /* If Notify Data is not empty/missing */
5089 if(length>0)
5090 {
5091 /* As specified in 3GPP TS 23.302 (Section 8.1.2.3) and TS 24.008 (Section 10.5.3.13) */
5092 proto_tree *em_call_num_tree;
5093
5094 /* Main Payload Subtree */
5095 em_call_num_tree = proto_tree_add_subtree(tree, tvb, offset, length, ett_isakmp_notify_data_3gpp_emergency_call_numbers_main, NULL, "Emergency Call Numbers");
5096
5097 /* Payload Octet 5 - Length of IE Contents */
5098 proto_tree_add_item(em_call_num_tree, hf_isakmp_notify_data_3gpp_emergency_call_numbers_len, tvb, offset, 1, ENC_BIG_ENDIAN);
5099 offset += 1;
5100
5101 /* Subtree for actual values */
5102 proto_tree *current_emergency_call_number_tree;
5103
5104 while(offset<offset_end){
5105 uint8_t current_em_num_len = tvb_get_uint8(tvb,offset)+1; //Total length including octets 3 and 4 for proper highlighting
5106
5107 /* Subtree for elements*/
5108 current_emergency_call_number_tree = proto_tree_add_subtree(em_call_num_tree, tvb, offset, current_em_num_len, ett_isakmp_notify_data_3gpp_emergency_call_numbers_element, NULL, "Emergency Number");
5109
5110 /*IE Octet 3 Number of octets used to encode the Emergency Service Category Value and the Number digits. */
5111 proto_tree_add_item(current_emergency_call_number_tree, hf_isakmp_notify_data_3gpp_emergency_call_numbers_element_len,tvb,offset,1,ENC_BIG_ENDIAN);
5112 offset += 1;
5113
5114 /*IE Octet 4 |Spare=0|Spare=0|Spare=0|Emergency Service Category Value|
5115 * Bits 1 to 5 are coded as bits 1 to 5 of octet 3 of the Service Category
5116 * information element as specified in subclause 10.5.4.33. (TS 24.008)
5117 */
5118 static int * const isakmp_notify_data_3gpp_emergency_call_numbers_flags[] = {
5119 &hf_isakmp_notify_data_3gpp_emergency_call_numbers_spare,
5120 &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b5_mountain_rescue,
5121 &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b4_marine_guard,
5122 &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b3_fire_brigade,
5123 &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b2_ambulance,
5124 &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b1_police,
5125 NULL
5126 };
5127 proto_tree_add_bitmask_with_flags(current_emergency_call_number_tree, tvb, offset, hf_isakmp_notify_data_3gpp_emergency_call_numbers_flags,
5128 ett_isakmp_notify_data_3gpp_emergency_call_numbers_element, isakmp_notify_data_3gpp_emergency_call_numbers_flags,ENC_BIG_ENDIAN, BMT_NO_FALSE | BMT_NO_INT | BMT_NO_TFS);
5129 offset += 1;
5130
5131 /*IE Octet 5 to j | Digit_N+1 | Digit_N | */
5132 current_em_num_len -= 2; //Not counting octets 3 and 4
5133 proto_tree_add_item(current_emergency_call_number_tree, hf_iskamp_notify_data_3gpp_emergency_call_number, tvb, offset, current_em_num_len, ENC_BCD_DIGITS_0_9|ENC_LITTLE_ENDIAN);
5134 offset += current_em_num_len; //moving to the next number in the list
5135 }
5136 }
5137 break;
5138 case 61520: /* Network Overlay ID (Fortinet) */
5139 proto_tree_add_item(tree, hf_isakmp_notify_data_fortinet_network_overlay_id, tvb, offset, length, ENC_BIG_ENDIAN);
5140 break;
5141 default:
5142 /* No Default Action */
5143 break;
5144 }
5145 }
5146 }
5147
5148 static void
5149 dissect_delete(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version)
5150 {
5151 uint8_t spi_size;
5152
5153 if (isakmp_version == 1) {
5154 proto_tree_add_item(tree, hf_isakmp_delete_doi, tvb, offset, 4, ENC_BIG_ENDIAN);
5155 offset += 4;
5156 length -= 4;
5157 }
5158
5159
5160 if (isakmp_version == 1)
5161 {
5162 proto_tree_add_item(tree, hf_isakmp_delete_protoid_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
5163 }else if (isakmp_version == 2)
5164 {
5165 proto_tree_add_item(tree, hf_isakmp_delete_protoid_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
5166 }
5167
5168 offset += 1;
5169 length -= 1;
5170
5171 spi_size = tvb_get_uint8(tvb, offset);
5172 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, ENC_BIG_ENDIAN);
5173 offset += 1;
5174 length -= 1;
5175
5176 proto_tree_add_item(tree, hf_isakmp_num_spis, tvb, offset, 2, ENC_BIG_ENDIAN);
5177 offset += 2;
5178 length -= 2;
5179
5180 if (spi_size > 0) {
5181 while (length > 0) {
5182 proto_tree_add_item(tree, hf_isakmp_delete_spi, tvb, offset, spi_size, ENC_NA);
5183 offset+=spi_size;
5184 length-=spi_size;
5185 }
5186 }
5187 }
5188
5189
5190 static int
5191 dissect_vid(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
5192 {
5193 const uint8_t * pVID;
5194 const char * vendorstring;
5195
5196 pVID = tvb_get_ptr(tvb, offset, length);
5197
5198 vendorstring = bytesprefix_to_str(pVID, (size_t)length, vendor_id, "Unknown Vendor ID");
5199 proto_tree_add_item(tree, hf_isakmp_vid_bytes, tvb, offset, length, ENC_NA);
5200 proto_tree_add_string(tree, hf_isakmp_vid_string, tvb, offset, length, vendorstring);
5201 proto_item_append_text(tree," : %s", vendorstring);
5202
5203 /* very old CryptPro/GOST (Check Point R65) VID */
5204 if (length >= 24 && memcmp(pVID, VID_CP_01_R65, 20) == 0)
5205 {
5206 offset += 20;
5207 proto_tree_add_item(tree, hf_isakmp_vid_cp_product, tvb, offset, 4, ENC_BIG_ENDIAN);
5208 offset +=4;
5209 proto_tree_add_item(tree, hf_isakmp_vid_cp_version, tvb, offset, 4, ENC_BIG_ENDIAN);
5210 offset +=4;
5211 proto_tree_add_item(tree, hf_isakmp_vid_cp_timestamp, tvb, offset, 4, ENC_BIG_ENDIAN);
5212 offset +=4;
5213 proto_tree_add_item(tree, hf_isakmp_vid_cp_reserved, tvb, offset, 4, ENC_BIG_ENDIAN);
5214 offset +=4;
5215 proto_tree_add_item(tree, hf_isakmp_vid_cp_features, tvb, offset, 4, ENC_BIG_ENDIAN);
5216 offset +=4;
5217 }
5218
5219 /* Cisco Unity VID */
5220 if (length >= 14 && memcmp(pVID, VID_CISCO_UNITY, 14) == 0)
5221 {
5222 offset += 14;
5223 proto_tree_add_item(tree, hf_isakmp_vid_cisco_unity_major, tvb, offset, 1, ENC_BIG_ENDIAN);
5224 proto_item_append_text(tree, " %u", tvb_get_uint8(tvb,offset));
5225 offset += 1;
5226 proto_tree_add_item(tree, hf_isakmp_vid_cisco_unity_minor, tvb, offset, 1, ENC_BIG_ENDIAN);
5227 proto_item_append_text(tree, ".%u", tvb_get_uint8(tvb,offset));
5228 offset += 1;
5229 }
5230
5231 /* VID_MS_NT5_ISAKMPOAKLEY */
5232 if (length >= 16 && memcmp(pVID, VID_MS_NT5_ISAKMPOAKLEY, 16) == 0)
5233 {
5234 offset += 16;
5235 proto_tree_add_item(tree, hf_isakmp_vid_ms_nt5_isakmpoakley, tvb, offset, 4, ENC_BIG_ENDIAN);
5236 offset += 4;
5237 }
5238
5239 /* VID_ARUBA_VIA_AUTH_PROFILE */
5240 if (length >= 19 && memcmp(pVID, VID_ARUBA_VIA_AUTH_PROFILE, 19) == 0)
5241 {
5242 offset += 19;
5243 proto_tree_add_item(tree, hf_isakmp_vid_aruba_via_auth_profile, tvb, offset, length-19, ENC_ASCII);
5244 offset += 4;
5245 }
5246
5247 /* VID_FORTIGATE (Fortinet) */
5248 if (length >= 12 && memcmp(pVID, VID_FORTINET_FORTIGATE, 12) == 0)
5249 {
5250 offset += 12;
5251 proto_tree_add_item(tree, hf_isakmp_vid_fortinet_fortigate_release, tvb, offset, 2, ENC_ASCII|ENC_NA);
5252 offset += 2;
5253 proto_tree_add_item(tree, hf_isakmp_vid_fortinet_fortigate_build, tvb, offset, 2, ENC_ASCII|ENC_NA);
5254 offset += 2;
5255 }
5256 return offset;
5257 }
5258
5259 /* Returns the number of bytes consumed by this attribute. */
5260 static int
5261 dissect_config_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int isakmp_version, bool is_request)
5262 {
5263 const range_string *vs_cfgattr;
5264 unsigned headerlen, value_len, attr_type;
5265 proto_item *attr_item;
5266 proto_tree *attr_tree;
5267 unsigned i;
5268 const uint8_t* str;
5269
5270 if (isakmp_version == 1) {
5271 vs_cfgattr = vs_v1_cfgattr;
5272 hf_isakmp_cfg_attr.type = hf_isakmp_cfg_attr_type_v1;
5273 } else if (isakmp_version == 2) {
5274 vs_cfgattr = vs_v2_cfgattr;
5275 hf_isakmp_cfg_attr.type = hf_isakmp_cfg_attr_type_v2;
5276 } else {
5277 /* Fail gracefully in case of an unsupported isakmp_version. */
5278 return 4;
5279 }
5280
5281 dissect_attribute_header(tvb, tree, offset,
5282 hf_isakmp_cfg_attr, vs_cfgattr,
5283 &headerlen, &value_len, &attr_type,
5284 &attr_item, &attr_tree);
5285
5286 offset += headerlen;
5287
5288 if (value_len == 0)
5289 {
5290 /* Don't complain about zero length if part of a config request - values will be assigned and included in the response message */
5291 if (!is_request) {
5292 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
5293 }
5294 return headerlen;
5295 }
5296
5297 switch (attr_type) {
5298 case INTERNAL_IP4_ADDRESS: /* 1 */
5299 if (value_len % 4 == 0)
5300 {
5301 for (i = 0; i < value_len / 4; i++)
5302 {
5303 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_address, tvb, offset, 4, ENC_BIG_ENDIAN);
5304 offset += 4;
5305 }
5306 }
5307 break;
5308 case INTERNAL_IP4_NETMASK: /* 2 */
5309 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_netmask, tvb, offset, 4, ENC_BIG_ENDIAN);
5310 break;
5311 case INTERNAL_IP4_DNS: /* 3 */
5312 if (value_len % 4 == 0)
5313 {
5314 for (i = 0; i < value_len / 4; i++)
5315 {
5316 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_dns, tvb, offset, 4, ENC_BIG_ENDIAN);
5317 offset += 4;
5318 }
5319 }
5320 break;
5321 case INTERNAL_IP4_NBNS: /* 4 */
5322 if (value_len % 4 == 0)
5323 {
5324 for (i = 0; i < value_len / 4; i++)
5325 {
5326 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_nbns, tvb, offset, 4, ENC_BIG_ENDIAN);
5327 offset += 4;
5328 }
5329 }
5330 break;
5331 case INTERNAL_ADDRESS_EXPIRY: /* 5 */
5332 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_address_expiry, tvb, offset, 4, ENC_BIG_ENDIAN);
5333 break;
5334 case INTERNAL_IP4_DHCP: /* 6 */
5335 if (value_len % 4 == 0)
5336 {
5337 for (i = 0; i < value_len / 4; i++)
5338 {
5339 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_dhcp, tvb, offset, 4, ENC_BIG_ENDIAN);
5340 offset += 4;
5341 }
5342 }
5343 break;
5344 case APPLICATION_VERSION: /* 7 */
5345 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_application_version, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5346 proto_item_append_text(attr_item, ": %s", str);
5347 break;
5348 case INTERNAL_IP6_ADDRESS: /* 8 */
5349 if (value_len % 17 == 0)
5350 {
5351 for (i = 0; i < value_len / 17; i++)
5352 {
5353 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_address_ip, tvb, offset, 16, ENC_NA);
5354 offset += 16;
5355 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_address_prefix, tvb, offset, 1, ENC_BIG_ENDIAN);
5356 offset += 1;
5357 }
5358 }
5359 break;
5360 case INTERNAL_IP6_NETMASK: /* 9 Only in IKEv1 */
5361 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_netmask, tvb, offset, 18, ENC_NA);
5362 break;
5363 case INTERNAL_IP6_DNS: /* 10 */
5364 if (value_len % 16 == 0)
5365 {
5366 for (i = 0; i < value_len / 16; i++)
5367 {
5368 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_dns, tvb, offset, 16, ENC_NA);
5369 offset += 16;
5370 }
5371 }
5372 break;
5373 case INTERNAL_IP6_NBNS: /* 11 */
5374 if (value_len % 16 == 0)
5375 {
5376 for (i = 0; i < value_len / 16; i++)
5377 {
5378 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_nbns, tvb, offset, 16, ENC_NA);
5379 offset += 16;
5380 }
5381 }
5382 break;
5383 case INTERNAL_IP6_DHCP: /* 12 */
5384 if (value_len % 16 == 0)
5385 {
5386 for (i = 0; i < value_len / 16; i++)
5387 {
5388 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_dhcp, tvb, offset, 16, ENC_NA);
5389 offset += 16;
5390 }
5391 }
5392 break;
5393 case INTERNAL_IP4_SUBNET: /* 13 */
5394 if (value_len % 8 == 0)
5395 {
5396 for (i = 0; i < value_len / 8; i++)
5397 {
5398 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_subnet_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
5399 offset += 4;
5400 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_subnet_netmask, tvb, offset, 4, ENC_BIG_ENDIAN);
5401 offset += 4;
5402 }
5403 }
5404 break;
5405 case SUPPORTED_ATTRIBUTES: /* 14 */
5406 if (value_len % 2 == 0)
5407 {
5408 for (i = 0; i < value_len / 2; i++)
5409 {
5410 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_supported_attributes, tvb, offset, 2, ENC_BIG_ENDIAN);
5411 offset += 2;
5412 }
5413 }
5414 break;
5415 case INTERNAL_IP6_SUBNET: /* 15 */
5416 if (value_len % 17 == 0)
5417 {
5418 for (i = 0; i < value_len / 17; i++)
5419 {
5420 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_subnet_ip, tvb, offset, 16, ENC_NA);
5421 offset += 16;
5422 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_subnet_prefix, tvb, offset, 1, ENC_BIG_ENDIAN);
5423 offset += 1;
5424 }
5425 }
5426 break;
5427 case INTERNAL_IP6_LINK: /* 17 */
5428 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_link_interface, tvb, offset, 8, ENC_BIG_ENDIAN);
5429 offset += 8;
5430 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_link_id, tvb, offset, value_len - 8, ENC_NA);
5431 break;
5432 case INTERNAL_IP6_PREFIX: /* 18 */
5433 if (value_len % 17 == 0)
5434 {
5435 for (i = 0; i < value_len / 17; i++)
5436 {
5437 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_prefix_ip, tvb, offset, 16, ENC_NA);
5438 offset += 16;
5439 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_prefix_length, tvb, offset, 1, ENC_BIG_ENDIAN);
5440 offset += 1;
5441 }
5442 }
5443 break;
5444 case P_CSCF_IP4_ADDRESS: /* 20 */
5445 if (value_len % 4 == 0)
5446 {
5447 for (i = 0; i < value_len / 4; i++)
5448 {
5449 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_p_cscf_ip4_address, tvb, offset, 4, ENC_BIG_ENDIAN);
5450 offset += 4;
5451 }
5452 }
5453 break;
5454 case P_CSCF_IP6_ADDRESS: /* 21 */
5455 if (value_len % 16 == 0)
5456 {
5457 for (i = 0; i < value_len / 16; i++)
5458 {
5459 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_p_cscf_ip6_address, tvb, offset, 16, ENC_NA);
5460 offset += 16;
5461 }
5462 }
5463 break;
5464 case XAUTH_TYPE: /* 16520 */
5465 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_xauth_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
5466 proto_item_append_text(attr_item, ": %s", rval_to_str(tvb_get_ntohs(tvb, offset), cfgattr_xauth_type, "Unknown %d"));
5467 break;
5468 case XAUTH_USER_NAME: /* 16521 */
5469 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_user_name, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5470 proto_item_append_text(attr_item, ": %s", str);
5471 break;
5472 case XAUTH_USER_PASSWORD: /* 16522 */
5473 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_user_password, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5474 proto_item_append_text(attr_item, ": %s", str);
5475 break;
5476 case XAUTH_PASSCODE: /* 16523 */
5477 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_passcode, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5478 proto_item_append_text(attr_item, ": %s", str);
5479 break;
5480 case XAUTH_MESSAGE: /* 16524 */
5481 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_message, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5482 proto_item_append_text(attr_item, ": %s", str);
5483 break;
5484 case XAUTH_CHALLENGE: /* 16525 */
5485 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_challenge, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5486 proto_item_append_text(attr_item, ": %s", str);
5487 break;
5488 case XAUTH_DOMAIN: /* 16526 */
5489 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_domain, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5490 proto_item_append_text(attr_item, ": %s", str);
5491 break;
5492 case XAUTH_STATUS: /* 16527 */
5493 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_xauth_status, tvb, offset, value_len, ENC_BIG_ENDIAN);
5494 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), cfgattr_xauth_status, "Unknown %d"));
5495 break;
5496 case XAUTH_NEXT_PIN: /* 16528 */
5497 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_next_pin, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5498 proto_item_append_text(attr_item, ": %s", str);
5499 break;
5500 case XAUTH_ANSWER: /* 16527 */
5501 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_answer, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5502 proto_item_append_text(attr_item, ": %s", str);
5503 break;
5504
5505 case UNITY_BANNER: /* 28672 */
5506 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_unity_banner, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5507 proto_item_append_text(attr_item, ": %s", str);
5508 break;
5509 case UNITY_DEF_DOMAIN: /* 28674 */
5510 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_unity_def_domain, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5511 proto_item_append_text(attr_item, ": %s", str);
5512 break;
5513 /* TODO: Support other UNITY Attributes ! */
5514 default:
5515 /* No Default Action */
5516 break;
5517 }
5518
5519 return headerlen + value_len;
5520 }
5521
5522 static void
5523 dissect_config(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version, bool is_request)
5524 {
5525 int offset_end = 0;
5526 offset_end = offset + length;
5527 if (isakmp_version == 1) {
5528
5529 proto_tree_add_item(tree, hf_isakmp_cfg_type_v1,tvb, offset, 1, ENC_BIG_ENDIAN);
5530 offset += 1;
5531
5532 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 1, ENC_NA);
5533 offset += 1;
5534
5535 proto_tree_add_item(tree, hf_isakmp_cfg_identifier, tvb, offset, 2, ENC_BIG_ENDIAN);
5536 offset += 2;
5537
5538 } else if (isakmp_version == 2) {
5539
5540 proto_tree_add_item(tree, hf_isakmp_cfg_type_v2,tvb, offset, 1, ENC_BIG_ENDIAN);
5541 offset += 1;
5542
5543 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 3, ENC_NA);
5544 offset += 3;
5545
5546 } else {
5547 /* Skip attribute dissection for unknown IKE versions. */
5548 return;
5549 }
5550
5551 while (offset < offset_end) {
5552 offset += dissect_config_attribute(tvb, pinfo, tree, offset, isakmp_version, is_request);
5553 }
5554 }
5555
5556 static void
5557 dissect_sa_kek(tvbuff_t *tvb, packet_info *pinfo _U_, int offset, int length, proto_tree *tree)
5558 {
5559 int payload_end = 0;
5560 uint32_t src_id_length, dst_id_length;
5561
5562 uint8_t next_payload;
5563 uint16_t payload_length;
5564
5565 next_payload = tvb_get_uint8(tvb, offset);
5566 payload_length = tvb_get_ntohs(tvb, offset + 2);
5567
5568 payload_end = offset + payload_length;
5569 proto_tree_add_item(tree, hf_isakmp_sak_next_payload, tvb, offset, 1, ENC_BIG_ENDIAN);
5570 proto_tree_add_item(tree, hf_isakmp_sak_reserved, tvb, offset+1, 1, ENC_BIG_ENDIAN);
5571 proto_tree_add_item(tree, hf_isakmp_sak_payload_len, tvb, offset+2, 2, ENC_BIG_ENDIAN);
5572 offset += 4;
5573
5574 proto_tree_add_item(tree, hf_isakmp_sak_protocol, tvb, offset, 1, ENC_BIG_ENDIAN);
5575 offset += 1;
5576 proto_tree_add_item(tree, hf_isakmp_sak_src_id_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5577 offset += 1;
5578 proto_tree_add_item(tree, hf_isakmp_sak_src_id_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5579 offset += 2;
5580 proto_tree_add_item_ret_uint(tree, hf_isakmp_sak_src_id_length, tvb, offset, 1, ENC_BIG_ENDIAN, &src_id_length);
5581 offset += 1;
5582 if (src_id_length > 0) {
5583 proto_tree_add_item(tree, hf_isakmp_sak_src_id_data, tvb, offset, src_id_length, ENC_NA);
5584 offset += src_id_length;
5585 }
5586 proto_tree_add_item(tree, hf_isakmp_sak_dst_id_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5587 offset += 1;
5588 proto_tree_add_item(tree, hf_isakmp_sak_dst_id_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5589 offset += 2;
5590 proto_tree_add_item_ret_uint(tree, hf_isakmp_sak_dst_id_length, tvb, offset, 1, ENC_BIG_ENDIAN, &dst_id_length);
5591 offset += 1;
5592 if (dst_id_length > 0) {
5593 proto_tree_add_item(tree, hf_isakmp_sak_dst_id_data, tvb, offset, dst_id_length, ENC_NA);
5594 offset += dst_id_length;
5595 }
5596 proto_tree_add_item(tree, hf_isakmp_sak_spi, tvb, offset, 16, ENC_NA);
5597 offset += 16;
5598 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 4, ENC_NA);
5599 offset += 4;
5600 while (offset < payload_end) {
5601 offset += dissect_ipsec_attribute(tvb, pinfo, tree, offset);
5602 }
5603 if(PLOAD_IKE_SAT == next_payload)
5604 {
5605 dissect_sa_tek(tvb, pinfo, offset, length, tree);
5606 }
5607 /* GAP payload could also be here*/
5608 }
5609
5610 static void
5611 // NOLINTNEXTLINE(misc-no-recursion)
5612 dissect_sa_tek(tvbuff_t *tvb, packet_info *pinfo _U_, int offset, int length, proto_tree *tree)
5613 {
5614 int offset_end = 0, payload_end=0;
5615 uint32_t protocol_id, src_id_length, dst_id_length;
5616 offset_end = offset + length;
5617 uint8_t next_payload, id_type;
5618 uint16_t payload_length;
5619 proto_item * ti;
5620 proto_item * ntree;
5621 proto_item * idit;
5622 proto_tree * idtree;
5623
5624 next_payload = tvb_get_uint8(tvb, offset);
5625 payload_length = tvb_get_ntohs(tvb, offset + 2);
5626
5627 payload_end = offset + payload_length;
5628
5629 ti = proto_tree_add_uint(tree, hf_isakmp_typepayload, tvb, offset, payload_length, PLOAD_IKE_SAT);
5630
5631 ntree = proto_item_add_subtree(ti, ett_isakmp_payload);
5632
5633 proto_tree_add_item(ntree, hf_isakmp_sat_next_payload, tvb, offset, 1, ENC_BIG_ENDIAN);
5634 proto_tree_add_item(ntree, hf_isakmp_sat_reserved, tvb, offset+1, 1, ENC_BIG_ENDIAN);
5635 proto_tree_add_item(ntree, hf_isakmp_sat_payload_len, tvb, offset+2, 2, ENC_BIG_ENDIAN);
5636
5637 offset += 4;
5638 proto_tree_add_item_ret_uint(ntree, hf_isakmp_sat_protocol_id, tvb, offset, 1, ENC_BIG_ENDIAN, &protocol_id);
5639 offset += 1;
5640 if (protocol_id == 1 || protocol_id == 2) {
5641 proto_tree_add_item(ntree, hf_isakmp_sat_protocol, tvb, offset, 1, ENC_BIG_ENDIAN);
5642 offset += 1;
5643 id_type = tvb_get_uint8(tvb, offset);
5644 proto_tree_add_item(ntree, hf_isakmp_sat_src_id_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5645 offset += 1;
5646 proto_tree_add_item(ntree, hf_isakmp_sat_src_id_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5647 offset += 2;
5648 proto_tree_add_item_ret_uint(ntree, hf_isakmp_sat_src_id_length, tvb, offset, 2, ENC_BIG_ENDIAN, &src_id_length);
5649 offset += 2;
5650 if (src_id_length > 0) {
5651 idit = proto_tree_add_item(ntree, hf_isakmp_sat_src_id_data, tvb, offset, src_id_length, ENC_NA);
5652 idtree = proto_item_add_subtree(idit, ett_isakmp_id);
5653 dissect_id_type(tvb, offset, src_id_length, id_type, idtree, idit, pinfo);
5654 offset += src_id_length;
5655 }
5656 id_type = tvb_get_uint8(tvb, offset);
5657 proto_tree_add_item(ntree, hf_isakmp_sat_dst_id_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5658 offset += 1;
5659 proto_tree_add_item(ntree, hf_isakmp_sat_dst_id_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5660 offset += 2;
5661 proto_tree_add_item_ret_uint(ntree, hf_isakmp_sat_dst_id_length, tvb, offset, 2, ENC_BIG_ENDIAN, &dst_id_length);
5662 offset += 2;
5663 if (dst_id_length > 0) {
5664 idit = proto_tree_add_item(ntree, hf_isakmp_sat_dst_id_data, tvb, offset, dst_id_length, ENC_NA);
5665 idtree = proto_item_add_subtree(idit, ett_isakmp_id);
5666 dissect_id_type(tvb, offset, dst_id_length, id_type, idtree, idit, pinfo);
5667 offset += dst_id_length;
5668 }
5669 proto_tree_add_item(ntree, hf_isakmp_sat_transform_id, tvb, offset, 1, ENC_BIG_ENDIAN);
5670 offset += 1;
5671 proto_tree_add_item(ntree, hf_isakmp_sat_spi, tvb, offset, 4, ENC_NA);
5672 offset += 4;
5673 while (offset < payload_end) {
5674 offset += dissect_ipsec_attribute(tvb, pinfo, ntree, offset);
5675 }
5676 if(PLOAD_IKE_SAT == next_payload)
5677 {
5678 increment_dissection_depth(pinfo);
5679 dissect_sa_tek(tvb, pinfo, offset, length, tree);
5680 decrement_dissection_depth(pinfo);
5681 }
5682 } else {
5683 proto_tree_add_item(ntree, hf_isakmp_sat_payload, tvb, offset, offset_end - offset, ENC_NA);
5684 }
5685
5686 }
5687
5688 /* Returns the number of bytes consumed by this attribute. */
5689 static int
5690 dissect_tek_key_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
5691 {
5692 unsigned headerlen, value_len, attr_type;
5693 proto_item *attr_item;
5694 proto_tree *attr_tree;
5695
5696 dissect_attribute_header(tvb, tree, offset,
5697 hf_isakmp_tek_key_attr, tek_key_attr_type,
5698 &headerlen, &value_len, &attr_type,
5699 &attr_item, &attr_tree);
5700
5701 if (value_len == 0)
5702 {
5703 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
5704 return headerlen;
5705 }
5706
5707 return headerlen + value_len;
5708 }
5709
5710 static void
5711 dissect_key_download(tvbuff_t *tvb, packet_info *pinfo _U_, int offset, int length, proto_tree *tree, int isakmp_version)
5712 {
5713 int offset_end = 0, payload_end=0;
5714 uint32_t num_key_pkt, kdp_length, kdp_spi_size;
5715 proto_item *kd_item;
5716 proto_tree *payload_tree;
5717 offset_end = offset + length;
5718
5719 if (isakmp_version == 1) {
5720
5721 proto_tree_add_item_ret_uint(tree, hf_isakmp_kd_num_key_pkt, tvb, offset, 2, ENC_BIG_ENDIAN, &num_key_pkt);
5722 offset += 2;
5723 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 2, ENC_NA);
5724 offset += 2;
5725 while ((num_key_pkt > 0) && (offset_end > offset)) {
5726 kd_item = proto_tree_add_item(tree, hf_isakmp_kd_payload, tvb, offset, tvb_get_ntohs(tvb, offset + 2), ENC_NA);
5727 payload_tree = proto_item_add_subtree(kd_item, ett_isakmp_kd);
5728 proto_tree_add_item(payload_tree, hf_isakmp_kdp_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5729 offset += 1;
5730 proto_tree_add_item(payload_tree, hf_isakmp_reserved, tvb, offset, 1, ENC_NA);
5731 offset += 1;
5732 proto_tree_add_item_ret_uint(payload_tree, hf_isakmp_kdp_length, tvb, offset, 2, ENC_BIG_ENDIAN, &kdp_length);
5733 payload_end = offset + kdp_length -2;
5734 offset += 2;
5735 proto_tree_add_item_ret_uint(payload_tree, hf_isakmp_kdp_spi_size, tvb, offset, 1, ENC_BIG_ENDIAN, &kdp_spi_size);
5736 offset += 1;
5737 if (kdp_spi_size > 0) {
5738 proto_tree_add_item(payload_tree, hf_isakmp_kdp_spi, tvb, offset, kdp_spi_size, ENC_NA);
5739 offset += kdp_spi_size;
5740 }
5741 while (offset < payload_end) {
5742 offset += dissect_tek_key_attribute(tvb, pinfo, payload_tree, offset);
5743 }
5744 num_key_pkt -= 1;
5745 }
5746
5747 } else {
5748 /* TODO: For IKEv2: currently only draft status: draft-yeung-g-ikev2-15 */
5749 /* Skip dissection for unknown IKE versions. */
5750 return;
5751 }
5752 }
5753
5754 static void
5755 dissect_sequence(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree)
5756 {
5757 if (length != 4) {
5758 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_payload_bad_length, tvb, 0, 0,
5759 "Payload (bogus, length is %u, should be 4", length);
5760 return;
5761 }
5762 proto_tree_add_item(tree, hf_isakmp_seq_seq, tvb, offset, 4, ENC_BIG_ENDIAN);
5763 }
5764
5765 static void
5766 dissect_nat_discovery(tvbuff_t *tvb, int offset, int length, proto_tree *tree )
5767 {
5768 proto_tree_add_item(tree, hf_isakmp_nat_hash, tvb, offset, length, ENC_NA);
5769 }
5770
5771 static void
5772 dissect_nat_original_address(tvbuff_t *tvb, int offset, int length _U_, proto_tree *tree, int isakmp_version)
5773 {
5774 uint8_t id_type;
5775
5776 id_type = tvb_get_uint8(tvb, offset);
5777 if (isakmp_version == 1)
5778 {
5779 proto_tree_add_item(tree, hf_isakmp_id_type_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
5780 }else if (isakmp_version == 2)
5781 {
5782 proto_tree_add_item(tree, hf_isakmp_id_type_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
5783 }
5784 offset += 1;
5785
5786 offset += 3; /* reserved */
5787
5788 switch (id_type) {
5789
5790 case IKE_ID_IPV4_ADDR:
5791 proto_tree_add_item(tree, hf_isakmp_nat_original_address_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
5792 break;
5793
5794 case IKE_ID_IPV6_ADDR:
5795 proto_tree_add_item(tree, hf_isakmp_nat_original_address_ipv6, tvb, offset, 16, ENC_NA);
5796 break;
5797
5798 default:
5799 break;
5800 }
5801 }
5802
5803 static int
5804 dissect_ts(tvbuff_t *tvb, int offset, proto_tree *payload_tree)
5805 {
5806 uint8_t tstype, protocol_id;
5807 uint16_t len;
5808 proto_item *ts_item;
5809 proto_tree *tree;
5810 const char *ts_typename;
5811
5812 len = tvb_get_uint16(tvb, offset + 2, ENC_BIG_ENDIAN);
5813 if (len < 4)
5814 return 4;
5815
5816 ts_item = proto_tree_add_item(payload_tree, hf_isakmp_ts_data, tvb, offset, len, ENC_NA);
5817 tree = proto_item_add_subtree(ts_item, ett_isakmp_ts);
5818
5819 tstype = tvb_get_uint8(tvb, offset);
5820 proto_tree_add_item(tree, hf_isakmp_ts_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5821 ts_typename = rval_to_str(tstype, traffic_selector_type, "Unknown Type (%d)");
5822 proto_item_append_text(ts_item, ": %s", ts_typename);
5823
5824 offset += 1;
5825
5826 switch (tstype) {
5827 case IKEV2_TS_IPV4_ADDR_RANGE:
5828 protocol_id = tvb_get_uint8(tvb, offset);
5829 if (protocol_id == 0)
5830 proto_tree_add_uint_format_value(tree, hf_isakmp_ts_protoid, tvb, offset,1,
5831 protocol_id, "Unused");
5832 else
5833 proto_tree_add_item(tree, hf_isakmp_ts_protoid, tvb, offset, 1, ENC_BIG_ENDIAN);
5834 offset += 1;
5835
5836 proto_tree_add_item(tree, hf_isakmp_ts_selector_length, tvb, offset, 2, ENC_BIG_ENDIAN);
5837 offset += 2;
5838
5839 proto_tree_add_item(tree, hf_isakmp_ts_start_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5840 offset += 2;
5841
5842 proto_tree_add_item(tree, hf_isakmp_ts_end_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5843 offset += 2;
5844
5845 proto_tree_add_item(tree, hf_isakmp_ts_start_addr_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
5846 offset += 4;
5847
5848 proto_tree_add_item(tree, hf_isakmp_ts_end_addr_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
5849 break;
5850
5851 case IKEV2_TS_IPV6_ADDR_RANGE:
5852 protocol_id = tvb_get_uint8(tvb, offset);
5853 if (protocol_id == 0)
5854 proto_tree_add_uint_format_value(tree, hf_isakmp_ts_protoid, tvb, offset,1,
5855 protocol_id, "Unused");
5856 else
5857 proto_tree_add_item(tree, hf_isakmp_ts_protoid, tvb, offset, 1, ENC_BIG_ENDIAN);
5858 offset += 1;
5859
5860 proto_tree_add_item(tree, hf_isakmp_ts_selector_length, tvb, offset, 2, ENC_BIG_ENDIAN);
5861 offset += 2;
5862
5863 proto_tree_add_item(tree, hf_isakmp_ts_start_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5864 offset += 2;
5865
5866 proto_tree_add_item(tree, hf_isakmp_ts_end_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5867 offset += 2;
5868
5869 proto_tree_add_item(tree, hf_isakmp_ts_start_addr_ipv6, tvb, offset, 16, ENC_NA);
5870 offset += 16;
5871
5872 proto_tree_add_item(tree, hf_isakmp_ts_end_addr_ipv6, tvb, offset, 16, ENC_NA);
5873 break;
5874
5875 case IKEV2_TS_FC_ADDR_RANGE:
5876 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 1, ENC_NA);
5877 offset += 1;
5878
5879 proto_tree_add_item(tree, hf_isakmp_ts_selector_length, tvb, offset, 2, ENC_BIG_ENDIAN);
5880 offset += 2;
5881
5882 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 1, ENC_NA);
5883 offset += 1;
5884
5885 proto_tree_add_item(tree, hf_isakmp_ts_start_addr_fc, tvb, offset, 3, ENC_BIG_ENDIAN);
5886 offset += 3;
5887
5888 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 1, ENC_NA);
5889 offset += 1;
5890
5891 proto_tree_add_item(tree, hf_isakmp_ts_end_addr_fc, tvb, offset, 3, ENC_BIG_ENDIAN);
5892 offset += 3;
5893
5894 proto_tree_add_item(tree, hf_isakmp_ts_start_r_ctl, tvb, offset, 1, ENC_BIG_ENDIAN);
5895 offset += 1;
5896
5897 proto_tree_add_item(tree, hf_isakmp_ts_end_r_ctl, tvb, offset, 1, ENC_BIG_ENDIAN);
5898 offset += 1;
5899
5900 proto_tree_add_item(tree, hf_isakmp_ts_start_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5901 offset += 1;
5902
5903 proto_tree_add_item(tree, hf_isakmp_ts_end_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5904 break;
5905 }
5906
5907 return len;
5908 }
5909
5910 static void
5911 dissect_ts_payload(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
5912 {
5913 uint8_t num;
5914 int offset_end = offset + length;
5915
5916 num = tvb_get_uint8(tvb, offset);
5917 proto_item_append_text(tree," # %d", num);
5918 proto_tree_add_item(tree, hf_isakmp_ts_number_of_ts, tvb, offset, 1, ENC_BIG_ENDIAN);
5919 offset += 1;
5920
5921 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 3, ENC_NA);
5922 offset += 3;
5923
5924 while (offset < offset_end) {
5925 offset += dissect_ts(tvb, offset, tree);
5926 }
5927 }
5928
5929 /* For IKEv2, decrypt payload if necessary and dissect using inner_payload */
5930 /* For RFC 7383 reassembly, only need decrypted payload, so don't set dissect_payload_now .*/
5931 /* TODO: rename? */
5932 static tvbuff_t*
5933 // NOLINTNEXTLINE(misc-no-recursion)
5934 dissect_enc(tvbuff_t *tvb,
5935 int offset,
5936 int length,
5937 proto_tree *tree,
5938 packet_info *pinfo,
5939 uint8_t inner_payload,
5940 bool is_request,
5941 void* decr_info,
5942 bool dissect_payload_now)
5943 {
5944 ikev2_decrypt_data_t *key_info = NULL;
5945 int iv_len, encr_data_len, icd_len, decr_data_len, md_len, icv_len, encr_key_len, encr_iv_len;
5946 uint8_t pad_len;
5947 unsigned char *iv = NULL, *encr_data = NULL, *decr_data = NULL, *entire_message = NULL, *md = NULL, *encr_iv = NULL;
5948 gcry_cipher_hd_t cipher_hd;
5949 gcry_md_hd_t md_hd;
5950 gcry_error_t err = 0;
5951 proto_item *item = NULL, *icd_item = NULL, *encr_data_item = NULL, *padlen_item = NULL, *iv_item = NULL;
5952 tvbuff_t *decr_tvb = NULL;
5953 int payloads_len;
5954 proto_tree *decr_tree = NULL, *decr_payloads_tree = NULL;
5955 unsigned char *aa_data = NULL, *icv_data = NULL;
5956 int aad_len = 0;
5957
5958 if (decr_info) {
5959 /* Need decryption details to know field lengths. */
5960 key_info = (ikev2_decrypt_data_t*)(decr_info);
5961
5962 /* Check if encr/auth specs are set properly (if for some case not, wireshark would crash) */
5963 if (!key_info->encr_spec || !key_info->auth_spec) {
5964 REPORT_DISSECTOR_BUG("IKEv2: decryption/integrity specs not set-up properly: encr_spec: %p, auth_spec: %p",
5965 (void *)key_info->encr_spec, (void*)key_info->auth_spec);
5966 }
5967
5968 iv_len = key_info->encr_spec->iv_len;
5969 icv_len = key_info->encr_spec->icv_len;
5970 icd_len = icv_len ? icv_len : (int)key_info->auth_spec->trunc_len;
5971 encr_data_len = length - iv_len - icd_len;
5972 encr_key_len = key_info->encr_spec->key_len;
5973 encr_iv_len = iv_len;
5974
5975 /*
5976 * Zero or negative length of encrypted data shows that the user specified
5977 * wrong encryption algorithm and/or authentication algorithm.
5978 */
5979 if (encr_data_len <= 0) {
5980 proto_tree_add_expert(tree, pinfo, &ei_isakmp_enc_iv, tvb, offset, length);
5981 return NULL;
5982 }
5983
5984 /*
5985 * Add the IV to the tree and store it in a packet scope buffer for later decryption
5986 * if the specified encryption algorithm uses IV.
5987 */
5988 if (iv_len) {
5989 if (dissect_payload_now) {
5990 iv_item = proto_tree_add_item(tree, hf_isakmp_enc_iv, tvb, offset, iv_len, ENC_NA);
5991 proto_item_append_text(iv_item, " (%d bytes)", iv_len);
5992 }
5993 iv = (unsigned char *)tvb_memdup(pinfo->pool, tvb, offset, iv_len);
5994 encr_iv = iv;
5995
5996 offset += iv_len;
5997 }
5998
5999 /*
6000 * Add the encrypted portion to the tree and store it in a packet scope buffer for later decryption.
6001 */
6002 if (dissect_payload_now) {
6003 encr_data_item = proto_tree_add_item(tree, hf_isakmp_enc_data, tvb, offset, encr_data_len, ENC_NA);
6004 proto_item_append_text(encr_data_item, " (%d bytes)",encr_data_len);
6005 proto_item_append_text(encr_data_item, " <%s>", val_to_str(key_info->encr_spec->number, vs_ikev2_encr_algs, "Unknown cipher: %d"));
6006 }
6007 encr_data = (unsigned char *)tvb_memdup(pinfo->pool, tvb, offset, encr_data_len);
6008 offset += encr_data_len;
6009
6010 /*
6011 * Add the ICD (Integrity Checksum Data) to the tree before decryption to ensure
6012 * the ICD be displayed even if the decryption fails.
6013 */
6014 if (icd_len) {
6015 icd_item = proto_tree_add_item(tree, hf_isakmp_enc_icd, tvb, offset, icd_len, ENC_NA);
6016 proto_item_append_text(icd_item, " (%d bytes)",icd_len);
6017
6018 /*
6019 * Recalculate ICD value if the specified authentication algorithm allows it.
6020 */
6021 if (icv_len) {
6022 /* For GCM/CCM algorithms ICD is computed during decryption.
6023 Must save offset and length of authenticated additional data (whole ISAKMP header
6024 without iv and encrypted data) and ICV for later verification */
6025 aad_len = offset - iv_len - encr_data_len;
6026 aa_data = (unsigned char *)tvb_memdup(pinfo->pool, tvb, 0, aad_len);
6027 icv_data = (unsigned char *)tvb_memdup(pinfo->pool, tvb, offset, icv_len);
6028 } else
6029 if (key_info->auth_spec->gcry_alg) {
6030 proto_item_append_text(icd_item, " <%s>", val_to_str(key_info->auth_spec->number, vs_ikev2_auth_algs, "Unknown mac algo: %d"));
6031 err = gcry_md_open(&md_hd, key_info->auth_spec->gcry_alg, key_info->auth_spec->gcry_flag);
6032 if (err) {
6033 REPORT_DISSECTOR_BUG("IKEv2 hashing error: algorithm %d: gcry_md_open failed: %s",
6034 key_info->auth_spec->gcry_alg, gcry_strerror(err));
6035 }
6036 err = gcry_md_setkey(md_hd, key_info->auth_key, key_info->auth_spec->key_len);
6037 if (err) {
6038 gcry_md_close(md_hd);
6039 REPORT_DISSECTOR_BUG("IKEv2 hashing error: algorithm %s, key length %u: gcry_md_setkey failed: %s",
6040 gcry_md_algo_name(key_info->auth_spec->gcry_alg), key_info->auth_spec->key_len, gcry_strerror(err));
6041 }
6042
6043 /* Calculate hash over the bytes from the beginning of the ISAKMP header to the right before the ICD. */
6044 entire_message = (unsigned char *)tvb_memdup(pinfo->pool, tvb, 0, offset);
6045 gcry_md_write(md_hd, entire_message, offset);
6046 md = gcry_md_read(md_hd, 0);
6047 md_len = gcry_md_get_algo_dlen(key_info->auth_spec->gcry_alg);
6048 if (md_len < icd_len) {
6049 gcry_md_close(md_hd);
6050 REPORT_DISSECTOR_BUG("IKEv2 hashing error: algorithm %s: gcry_md_get_algo_dlen returned %d which is smaller than icd length %d",
6051 gcry_md_algo_name(key_info->auth_spec->gcry_alg), md_len, icd_len);
6052 }
6053 if (tvb_memeql(tvb, offset, md, icd_len) == 0) {
6054 proto_item_append_text(icd_item, "[correct]");
6055 } else {
6056 proto_item_append_text(icd_item, "[incorrect, should be %s]", bytes_to_str(pinfo->pool, md, icd_len));
6057 expert_add_info(pinfo, icd_item, &ei_isakmp_ikev2_integrity_checksum);
6058 }
6059 gcry_md_close(md_hd);
6060 } else {
6061 proto_item_append_text(icd_item, "[not validated]");
6062 }
6063 }
6064
6065 /*
6066 * Confirm encrypted data length is multiple of block size.
6067 */
6068 if (encr_data_len % key_info->encr_spec->block_len != 0) {
6069 proto_item_append_text(encr_data_item, "[Invalid length, should be a multiple of block size (%u)]",
6070 key_info->encr_spec->block_len);
6071 expert_add_info(pinfo, encr_data_item, &ei_isakmp_enc_data_length_mult_block_size);
6072 return NULL;
6073 }
6074
6075 /*
6076 * Allocate buffer for decrypted data.
6077 */
6078 decr_data = (unsigned char*)wmem_alloc(pinfo->pool, encr_data_len);
6079 decr_data_len = encr_data_len;
6080
6081 /*
6082 * If the cipher is NULL, just copy the encrypted data to the decrypted data buffer.
6083 * And otherwise perform decryption with libgcrypt.
6084 */
6085 if (key_info->encr_spec->number == IKEV2_ENCR_NULL) {
6086 memcpy(decr_data, encr_data, decr_data_len);
6087 } else {
6088 err = gcry_cipher_open(&cipher_hd, key_info->encr_spec->gcry_alg, key_info->encr_spec->gcry_mode, 0);
6089 if (err) {
6090 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d, mode %d: gcry_cipher_open failed: %s",
6091 key_info->encr_spec->gcry_alg, key_info->encr_spec->gcry_mode, gcry_strerror(err));
6092 }
6093
6094 /* Handling CTR mode and AEAD ciphers */
6095 if( key_info->encr_spec->salt_len ) {
6096 int encr_iv_offset = 0;
6097 encr_key_len = key_info->encr_spec->key_len - key_info->encr_spec->salt_len;
6098 encr_iv_len = key_info->encr_spec->salt_len + iv_len;
6099 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CTR) {
6100 encr_iv_len = (int)gcry_cipher_get_algo_blklen(key_info->encr_spec->gcry_alg);
6101 if ((key_info->encr_spec->number >= IKEV2_ENCR_AES_CCM_128_16 && key_info->encr_spec->number <= IKEV2_ENCR_AES_CCM_256_12))
6102 encr_iv_offset = 1;
6103 }
6104
6105 if (encr_key_len < 0 || encr_iv_len < encr_iv_offset + (int)key_info->encr_spec->salt_len + iv_len) {
6106 gcry_cipher_close(cipher_hd);
6107 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d, key length %d, salt length %d, input iv length %d, cipher iv length: %d: invalid length(s) of cipher parameters",
6108 key_info->encr_spec->gcry_alg, encr_key_len, key_info->encr_spec->salt_len, iv_len, encr_iv_len);
6109 }
6110
6111 encr_iv = (unsigned char *)wmem_alloc0(pinfo->pool, encr_iv_len);
6112 memcpy( encr_iv + encr_iv_offset, key_info->encr_key + encr_key_len, key_info->encr_spec->salt_len );
6113 if(iv) {
6114 memcpy( encr_iv + encr_iv_offset + key_info->encr_spec->salt_len, iv, iv_len );
6115 }
6116 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CTR) {
6117 encr_iv[encr_iv_len-1] = 1;
6118 /* fallback for gcrypt not having AEAD ciphers */
6119 if ((key_info->encr_spec->number >= IKEV2_ENCR_AES_GCM_128_16 && key_info->encr_spec->number <= IKEV2_ENCR_AES_GCM_256_12))
6120 encr_iv[encr_iv_len-1]++;
6121 if ((key_info->encr_spec->number >= IKEV2_ENCR_AES_CCM_128_16 && key_info->encr_spec->number <= IKEV2_ENCR_AES_CCM_256_12))
6122 encr_iv[0] = (unsigned char)(encr_iv_len - 2 - key_info->encr_spec->salt_len - iv_len);
6123 }
6124 }
6125
6126 err = gcry_cipher_setkey(cipher_hd, key_info->encr_key, encr_key_len);
6127 if (err) {
6128 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d, key length %d: gcry_cipher_setkey failed: %s",
6129 key_info->encr_spec->gcry_alg, encr_key_len, gcry_strerror(err));
6130 }
6131 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CTR)
6132 err = gcry_cipher_setctr(cipher_hd, encr_iv, encr_iv_len);
6133 else
6134 err = gcry_cipher_setiv(cipher_hd, encr_iv, encr_iv_len);
6135 if (err) {
6136 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d, iv length %d: gcry_cipher_setiv/gcry_cipher_setctr failed: %s",
6137 key_info->encr_spec->gcry_alg, encr_iv_len, gcry_strerror(err));
6138 }
6139
6140 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CCM) {
6141 uint64_t ccm_lengths[3];
6142 ccm_lengths[0] = encr_data_len;
6143 ccm_lengths[1] = aad_len;
6144 ccm_lengths[2] = icv_len;
6145
6146 err = gcry_cipher_ctl(cipher_hd, GCRYCTL_SET_CCM_LENGTHS, ccm_lengths, sizeof(ccm_lengths));
6147 if (err) {
6148 gcry_cipher_close(cipher_hd);
6149 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d: gcry_cipher_ctl(GCRYCTL_SET_CCM_LENGTHS) failed: %s",
6150 key_info->encr_spec->gcry_alg, gcry_strerror(err));
6151 }
6152 }
6153
6154 if (aad_len) {
6155 err = gcry_cipher_authenticate(cipher_hd, aa_data, aad_len);
6156 if (err) {
6157 gcry_cipher_close(cipher_hd);
6158 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d: gcry_cipher_authenticate failed: %s",
6159 key_info->encr_spec->gcry_alg, gcry_strerror(err));
6160 }
6161 }
6162
6163 err = gcry_cipher_decrypt(cipher_hd, decr_data, decr_data_len, encr_data, encr_data_len);
6164 if (err) {
6165 gcry_cipher_close(cipher_hd);
6166 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d: gcry_cipher_decrypt failed: %s",
6167 key_info->encr_spec->gcry_alg, gcry_strerror(err));
6168 }
6169
6170 if (icv_len) {
6171 /* gcry_cipher_checktag() doesn't work on 1.6.x version well - requires all of 16 bytes
6172 * of ICV, so it won't work with 12 and 8 bytes of ICV.
6173 * For 1.7.x version of libgcrypt we could use it safely. But for libgcrypt-1.6.x
6174 * we need to read tag from library and compare manually. Using that way we can also show
6175 * correct value if it is not valid.
6176 * CCM mode is not affected, but requires to pass icv_len to cry_cipher_gettag().
6177 *
6178 * Unfortunately gcrypt_cipher_gettag() have nothing similar to gcry_md_read(),
6179 * so we need copy data to buffer here.
6180 * Here, depending on cgrypt version gcm length shall be given differently:
6181 * - in 1.7.x length can be of any aproved length (4,8,12,13,14,15,16 bytes),
6182 * - in 1.6.x length must be equal of cipher block length. Aaargh... :-(
6183 * We use accepted for both versions length of block size for GCM (16 bytes).
6184 * For CCM length given must be the same as given to gcry_cipher_ctl(GCRYCTL_SET_CCM_LENGTHS)
6185 *
6186 * XXX: We now require libgcrypt 1.8.0, so presumably this could
6187 * be updated?
6188 */
6189 unsigned char *tag;
6190 int tag_len = icv_len;
6191 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_GCM)
6192 tag_len = (int)gcry_cipher_get_algo_blklen(key_info->encr_spec->gcry_alg);
6193
6194 if (tag_len < icv_len) {
6195 gcry_cipher_close(cipher_hd);
6196 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d: gcry_cipher_get_algo_blklen returned %d which is smaller than icv length %d",
6197 key_info->encr_spec->gcry_alg, tag_len, icv_len);
6198 }
6199
6200 tag = (unsigned char *)wmem_alloc(pinfo->pool, tag_len);
6201 err = gcry_cipher_gettag(cipher_hd, tag, tag_len);
6202 if (err) {
6203 gcry_cipher_close(cipher_hd);
6204 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d: gcry_cipher_gettag failed: %s",
6205 key_info->encr_spec->gcry_alg, gcry_strerror(err));
6206 }
6207 else if (memcmp(tag, icv_data, icv_len) == 0)
6208 proto_item_append_text(icd_item, "[correct]");
6209 else {
6210 proto_item_append_text(icd_item, "[incorrect, should be %s]", bytes_to_str(pinfo->pool, tag, icv_len));
6211 expert_add_info(pinfo, icd_item, &ei_isakmp_ikev2_integrity_checksum);
6212 }
6213 }
6214
6215 gcry_cipher_close(cipher_hd);
6216 }
6217
6218 decr_tvb = tvb_new_child_real_data(tvb, decr_data, decr_data_len, decr_data_len);
6219 add_new_data_source(pinfo, decr_tvb, "Decrypted Data");
6220 item = proto_tree_add_item(tree, hf_isakmp_enc_decrypted_data, decr_tvb, 0, decr_data_len, ENC_NA);
6221 proto_item_append_text(item, " (%d byte%s)", decr_data_len, plurality(decr_data_len, "", "s"));
6222
6223 /* Move the ICD item to the bottom of the tree. */
6224 if (icd_item) {
6225 proto_tree_move_item(tree, item, icd_item);
6226 }
6227 decr_tree = proto_item_add_subtree(item, ett_isakmp_decrypted_data);
6228
6229 pad_len = tvb_get_uint8(decr_tvb, decr_data_len - 1);
6230 payloads_len = decr_data_len - 1 - pad_len;
6231
6232 if (payloads_len > 0) {
6233 item = proto_tree_add_item(decr_tree, hf_isakmp_enc_contained_data, decr_tvb, 0, payloads_len, ENC_NA);
6234 proto_item_append_text(item, " (%d byte%s)", payloads_len, plurality(payloads_len, "", "s"));
6235 decr_payloads_tree = proto_item_add_subtree(item, ett_isakmp_decrypted_payloads);
6236 }
6237
6238 padlen_item = proto_tree_add_item(decr_tree, hf_isakmp_enc_pad_length, decr_tvb, payloads_len + pad_len, 1, ENC_BIG_ENDIAN);
6239 if (pad_len > 0) {
6240 if (payloads_len < 0) {
6241 proto_item_append_text(padlen_item, " [too long]");
6242 expert_add_info(pinfo, padlen_item, &ei_isakmp_enc_pad_length_big);
6243 } else {
6244 item = proto_tree_add_item(decr_tree, hf_isakmp_enc_padding, decr_tvb, payloads_len, pad_len, ENC_NA);
6245 proto_item_append_text(item, " (%d byte%s)", pad_len, plurality(pad_len, "", "s"));
6246 proto_tree_move_item(decr_tree, item, padlen_item);
6247 }
6248 }
6249
6250 /*
6251 * We dissect the inner payloads at last in order to ensure displaying Padding, Pad Length and ICD
6252 * even if the dissection fails. This may occur when the user specify wrong encryption key.
6253 */
6254 if (dissect_payload_now) {
6255 dissect_payloads(decr_tvb, decr_payloads_tree, 2, inner_payload, 0, payloads_len, pinfo, 0, is_request, decr_info);
6256 }
6257 }else{
6258 proto_tree_add_item(tree, hf_isakmp_enc_iv, tvb, offset, 4, ENC_NA);
6259 proto_tree_add_item(tree, hf_isakmp_enc_data, tvb, offset+4 , length, ENC_NA);
6260 }
6261 return decr_tvb;
6262 }
6263
6264 static void
6265 dissect_eap(tvbuff_t *tvb, int offset, int length, proto_tree *tree, packet_info *pinfo)
6266 {
6267 tvbuff_t *eap_tvb;
6268
6269 eap_tvb = tvb_new_subset_length(tvb, offset, length);
6270 if ((eap_tvb != NULL)&& eap_handle != NULL){
6271 call_dissector(eap_handle, eap_tvb, pinfo, tree);
6272 }else{
6273 proto_tree_add_item(tree, hf_isakmp_eap_data, tvb, offset, length, ENC_NA);
6274 }
6275 }
6276
6277 static void
6278 dissect_gspm(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
6279 {
6280 proto_tree_add_item(tree, hf_isakmp_gspm_data, tvb, offset, length, ENC_NA);
6281
6282 }
6283
6284 /*
6285 * Protocol initialization
6286 */
6287
6288 static unsigned
6289 isakmp_hash_func(const void *c) {
6290 const uint8_t *i_cookie = (const uint8_t *) c;
6291 unsigned val = 0, keychunk, i;
6292
6293 /* XOR our icookie down to the size of a unsigned */
6294 for (i = 0; i < COOKIE_SIZE - (COOKIE_SIZE % (unsigned)sizeof(keychunk)); i += (unsigned)sizeof(keychunk)) {
6295 memcpy(&keychunk, &i_cookie[i], sizeof(keychunk));
6296 val ^= keychunk;
6297 }
6298
6299 return val;
6300 }
6301
6302 static int
6303 isakmp_equal_func(const void *ic1, const void *ic2) {
6304
6305 if (memcmp(ic1, ic2, COOKIE_SIZE) == 0)
6306 return 1;
6307
6308 return 0;
6309 }
6310
6311 static unsigned ikev2_key_hash_func(const void *k) {
6312 const ikev2_uat_data_key_t *key = (const ikev2_uat_data_key_t*)k;
6313 unsigned hash, *key_segs;
6314 size_t key_segcount, i;
6315
6316 hash = 0;
6317
6318 /*
6319 * XOR our icookie down to the size of a unsigned.
6320 *
6321 * The cast to unsigned suppresses a warning 64-bit-to-32-bit narrowing
6322 * from some buggy C compilers (I'm looking at *you*,
6323 * i686-apple-darwin11-llvm-gcc-4.2 (GCC) 4.2.1
6324 * (Based on Apple Inc. build 5658) (LLVM build 2336.11.00).)
6325 */
6326 key_segcount = key->spii_len / (unsigned)sizeof(unsigned);
6327 key_segs = (unsigned *)key->spii;
6328 for (i = 0; i < key_segcount; i++) {
6329 hash ^= key_segs[i];
6330 }
6331 key_segcount = key->spir_len / (unsigned)sizeof(unsigned);
6332 key_segs = (unsigned *)key->spir;
6333 for (i = 0; i < key_segcount; i++) {
6334 hash ^= key_segs[i];
6335 }
6336
6337 return hash;
6338 }
6339
6340 static int ikev2_key_equal_func(const void *k1, const void *k2) {
6341 const ikev2_uat_data_key_t *key1 = (const ikev2_uat_data_key_t *)k1;
6342 const ikev2_uat_data_key_t *key2 = (const ikev2_uat_data_key_t *)k2;
6343 if (key1->spii_len != key2->spii_len) return 0;
6344 if (key1->spir_len != key2->spir_len) return 0;
6345 if (memcmp(key1->spii, key2->spii, key1->spii_len) != 0) return 0;
6346 if (memcmp(key1->spir, key2->spir, key1->spir_len) != 0) return 0;
6347
6348 return 1;
6349 }
6350
6351 static void
6352 free_cookie_key(void *key_arg)
6353 {
6354 uint8_t *ic_key = (uint8_t *)key_arg;
6355
6356 g_slice_free1(COOKIE_SIZE, ic_key);
6357 }
6358
6359 static void
6360 free_cookie_value(void *value)
6361 {
6362 decrypt_data_t *decr = (decrypt_data_t *)value;
6363
6364 g_free(decr->gi);
6365 g_free(decr->gr);
6366 g_hash_table_destroy(decr->iv_hash);
6367 g_slice_free1(sizeof(decrypt_data_t), decr);
6368 }
6369
6370 static void
6371 isakmp_init_protocol(void) {
6372 unsigned i;
6373 decrypt_data_t *decr;
6374 uint8_t *ic_key;
6375 isakmp_hash = g_hash_table_new_full(isakmp_hash_func, isakmp_equal_func,
6376 free_cookie_key, free_cookie_value);
6377
6378 for (i = 0; i < num_ikev1_uat_data; i++) {
6379 ic_key = (uint8_t *)g_slice_alloc(COOKIE_SIZE);
6380 memcpy(ic_key, ikev1_uat_data[i].icookie, COOKIE_SIZE);
6381
6382 decr = create_decrypt_data();
6383 memcpy(decr->secret, ikev1_uat_data[i].key, ikev1_uat_data[i].key_len);
6384 decr->secret_len = ikev1_uat_data[i].key_len;
6385
6386 g_hash_table_insert(isakmp_hash, ic_key, decr);
6387 }
6388 ikev2_key_hash = g_hash_table_new(ikev2_key_hash_func, ikev2_key_equal_func);
6389 for (i = 0; i < num_ikev2_uat_data; i++) {
6390 g_hash_table_insert(ikev2_key_hash, &(ikev2_uat_data[i].key), &(ikev2_uat_data[i]));
6391 /* Need find references to algorithms (as UAT table editing looses data not stored in file) */
6392 ikev2_uat_data[i].encr_spec = ikev2_decrypt_find_encr_spec(ikev2_uat_data[i].encr_alg);
6393 ikev2_uat_data[i].auth_spec = ikev2_decrypt_find_auth_spec(ikev2_uat_data[i].auth_alg);
6394 }
6395 defrag_next_payload_hash = g_hash_table_new(g_direct_hash, g_direct_equal);
6396 }
6397
6398 static void
6399 isakmp_cleanup_protocol(void) {
6400 g_hash_table_destroy(isakmp_hash);
6401 g_hash_table_destroy(ikev2_key_hash);
6402 g_hash_table_destroy(defrag_next_payload_hash);
6403 }
6404
6405 UAT_BUFFER_CB_DEF(ikev1_users, icookie, ikev1_uat_data_key_t, icookie, icookie_len)
6406 UAT_BUFFER_CB_DEF(ikev1_users, key, ikev1_uat_data_key_t, key, key_len)
6407
6408 static bool ikev1_uat_data_update_cb(void* p, char** err) {
6409 ikev1_uat_data_key_t *ud = (ikev1_uat_data_key_t *)p;
6410
6411 if (ud->icookie_len != COOKIE_SIZE) {
6412 *err = ws_strdup_printf("Length of Initiator's COOKIE must be %d octets (%d hex characters).", COOKIE_SIZE, COOKIE_SIZE * 2);
6413 return false;
6414 }
6415
6416 if (ud->key_len == 0) {
6417 *err = g_strdup("Must have Encryption key.");
6418 return false;
6419 }
6420
6421 if (ud->key_len > MAX_KEY_SIZE) {
6422 *err = ws_strdup_printf("Length of Encryption key limited to %d octets (%d hex characters).", MAX_KEY_SIZE, MAX_KEY_SIZE * 2);
6423 return false;
6424 }
6425
6426 return true;
6427 }
6428
6429 static void*
6430 ikev1_uat_data_copy_cb(void *dest, const void *source, size_t len _U_)
6431 {
6432 const ikev1_uat_data_key_t* o = (const ikev1_uat_data_key_t*)source;
6433 ikev1_uat_data_key_t* d = (ikev1_uat_data_key_t*)dest;
6434
6435 d->icookie = (unsigned char *)g_memdup2(o->icookie, o->icookie_len);
6436 d->icookie_len = o->icookie_len;
6437 d->key = (unsigned char *)g_memdup2(o->key, o->key_len);
6438 d->key_len = o->key_len;
6439
6440 return dest;
6441 }
6442
6443 static void
6444 ikev1_uat_data_free_cb(void *r)
6445 {
6446 ikev1_uat_data_key_t *rec = (ikev1_uat_data_key_t *)r;
6447 g_free(rec->icookie);
6448 g_free(rec->key);
6449 }
6450
6451 UAT_BUFFER_CB_DEF(ikev2_users, spii, ikev2_uat_data_t, key.spii, key.spii_len)
6452 UAT_BUFFER_CB_DEF(ikev2_users, spir, ikev2_uat_data_t, key.spir, key.spir_len)
6453 UAT_BUFFER_CB_DEF(ikev2_users, sk_ei, ikev2_uat_data_t, sk_ei, sk_ei_len)
6454 UAT_BUFFER_CB_DEF(ikev2_users, sk_er, ikev2_uat_data_t, sk_er, sk_er_len)
6455 UAT_VS_DEF(ikev2_users, encr_alg, ikev2_uat_data_t, unsigned, IKEV2_ENCR_3DES, IKEV2_ENCR_3DES_STR)
6456 UAT_BUFFER_CB_DEF(ikev2_users, sk_ai, ikev2_uat_data_t, sk_ai, sk_ai_len)
6457 UAT_BUFFER_CB_DEF(ikev2_users, sk_ar, ikev2_uat_data_t, sk_ar, sk_ar_len)
6458 UAT_VS_DEF(ikev2_users, auth_alg, ikev2_uat_data_t, unsigned, IKEV2_AUTH_HMAC_SHA1_96, IKEV2_AUTH_HMAC_SHA1_96_STR)
6459
6460 static void*
6461 ikev2_uat_data_copy_cb(void *dest, const void *source, size_t len _U_)
6462 {
6463 const ikev2_uat_data_t* o = (const ikev2_uat_data_t*)source;
6464 ikev2_uat_data_t* d = (ikev2_uat_data_t*)dest;
6465
6466 d->key.spii = (unsigned char *)g_memdup2(o->key.spii, o->key.spii_len);
6467 d->key.spii_len = o->key.spii_len;
6468
6469 d->key.spir = (unsigned char *)g_memdup2(o->key.spir, o->key.spir_len);
6470 d->key.spir_len = o->key.spir_len;
6471
6472 d->encr_alg = o->encr_alg;
6473 d->auth_alg = o->auth_alg;
6474
6475 d->sk_ei = (unsigned char *)g_memdup2(o->sk_ei, o->sk_ei_len);
6476 d->sk_ei_len = o->sk_ei_len;
6477
6478 d->sk_er = (unsigned char *)g_memdup2(o->sk_er, o->sk_er_len);
6479 d->sk_er_len = o->sk_er_len;
6480
6481 d->sk_ai = (unsigned char *)g_memdup2(o->sk_ai, o->sk_ai_len);
6482 d->sk_ai_len = o->sk_ai_len;
6483
6484 d->sk_ar = (unsigned char *)g_memdup2(o->sk_ar, o->sk_ar_len);
6485 d->sk_ar_len = o->sk_ar_len;
6486
6487 d->encr_spec = (ikev2_encr_alg_spec_t *)g_memdup2(o->encr_spec, sizeof(ikev2_encr_alg_spec_t));
6488 d->auth_spec = (ikev2_auth_alg_spec_t *)g_memdup2(o->auth_spec, sizeof(ikev2_auth_alg_spec_t));
6489
6490 return dest;
6491 }
6492
6493 static bool ikev2_uat_data_update_cb(void* p, char** err) {
6494 ikev2_uat_data_t *ud = (ikev2_uat_data_t *)p;
6495
6496 if (ud->key.spii_len != COOKIE_SIZE) {
6497 *err = ws_strdup_printf("Length of Initiator's SPI must be %d octets (%d hex characters).", COOKIE_SIZE, COOKIE_SIZE * 2);
6498 return false;
6499 }
6500
6501 if (ud->key.spir_len != COOKIE_SIZE) {
6502 *err = ws_strdup_printf("Length of Responder's SPI must be %d octets (%d hex characters).", COOKIE_SIZE, COOKIE_SIZE * 2);
6503 return false;
6504 }
6505
6506 if ((ud->encr_spec = ikev2_decrypt_find_encr_spec(ud->encr_alg)) == NULL) {
6507 REPORT_DISSECTOR_BUG("Couldn't get IKEv2 encryption algorithm spec.");
6508 }
6509
6510 if ((ud->auth_spec = ikev2_decrypt_find_auth_spec(ud->auth_alg)) == NULL) {
6511 REPORT_DISSECTOR_BUG("Couldn't get IKEv2 authentication algorithm spec.");
6512 }
6513
6514 if (ud->encr_spec->icv_len && ud->auth_spec->number != IKEV2_AUTH_NONE) {
6515 *err = ws_strdup_printf("Selected encryption_algorithm %s requires selecting NONE integrity algorithm.",
6516 val_to_str(ud->encr_spec->number, vs_ikev2_encr_algs, "other-%d"));
6517 return false;
6518 }
6519
6520 if (ud->sk_ei_len != ud->encr_spec->key_len) {
6521 *err = ws_strdup_printf("Length of SK_ei (%u octets) does not match the key length (%u octets) of the selected encryption algorithm.",
6522 ud->sk_ei_len, ud->encr_spec->key_len);
6523 return false;
6524 }
6525
6526 if (ud->sk_er_len != ud->encr_spec->key_len) {
6527 *err = ws_strdup_printf("Length of SK_er (%u octets) does not match the key length (%u octets) of the selected encryption algorithm.",
6528 ud->sk_er_len, ud->encr_spec->key_len);
6529 return false;
6530 }
6531
6532 if (ud->sk_ai_len != ud->auth_spec->key_len) {
6533 *err = ws_strdup_printf("Length of SK_ai (%u octets) does not match the key length (%u octets) of the selected integrity algorithm.",
6534 ud->sk_ai_len, ud->auth_spec->key_len);
6535 return false;
6536 }
6537
6538 if (ud->sk_ar_len != ud->auth_spec->key_len) {
6539 *err = ws_strdup_printf("Length of SK_ar (%u octets) does not match the key length (%u octets) of the selected integrity algorithm.",
6540 ud->sk_ar_len, ud->auth_spec->key_len);
6541 return false;
6542 }
6543
6544 return true;
6545 }
6546
6547 static void
6548 ikev2_uat_data_free_cb(void *r)
6549 {
6550 ikev2_uat_data_t *rec = (ikev2_uat_data_t *)r;
6551 g_free(rec->key.spii);
6552 g_free(rec->key.spir);
6553 g_free(rec->sk_ei);
6554 g_free(rec->sk_er);
6555 g_free(rec->sk_ai);
6556 g_free(rec->sk_ar);
6557 }
6558
6559 void
6560 proto_register_isakmp(void)
6561 {
6562 module_t *isakmp_module;
6563 static hf_register_info hf[] = {
6564 { &hf_isakmp_ispi,
6565 { "Initiator SPI", "isakmp.ispi",
6566 FT_BYTES, BASE_NONE, NULL, 0x0,
6567 "ISAKMP Initiator SPI", HFILL }},
6568 { &hf_isakmp_rspi,
6569 { "Responder SPI", "isakmp.rspi",
6570 FT_BYTES, BASE_NONE, NULL, 0x0,
6571 "ISAKMP Responder SPI", HFILL }},
6572 { &hf_isakmp_typepayload,
6573 { "Payload", "isakmp.typepayload",
6574 FT_UINT8,BASE_RANGE_STRING | BASE_DEC, RVALS(payload_type), 0x0,
6575 "ISAKMP Payload Type", HFILL }},
6576 { &hf_isakmp_nextpayload,
6577 { "Next payload", "isakmp.nextpayload",
6578 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(payload_type), 0x0,
6579 "ISAKMP Next Payload", HFILL }},
6580 { &hf_isakmp_criticalpayload,
6581 { "Critical Bit", "isakmp.criticalpayload",
6582 FT_BOOLEAN, 8,TFS(&tfs_critical_not_critical), 0x80,
6583 "IKEv2 Critical Payload", HFILL }},
6584 { &hf_isakmp_reserved7,
6585 { "Reserved", "isakmp.reserved7",
6586 FT_UINT8, BASE_HEX, NULL, 0x7F,
6587 NULL, HFILL }},
6588 { &hf_isakmp_reserved,
6589 { "Reserved", "isakmp.reserved",
6590 FT_BYTES, BASE_NONE, NULL, 0x0,
6591 NULL, HFILL }},
6592 { &hf_isakmp_extradata,
6593 { "Extra data", "isakmp.extradata",
6594 FT_BYTES, BASE_NONE, NULL, 0x0,
6595 "Extra data ??????", HFILL }},
6596 { &hf_isakmp_datapayload,
6597 { "Data Payload", "isakmp.datapayload",
6598 FT_BYTES, BASE_NONE, NULL, 0x0,
6599 "Data Payload (not dissect)", HFILL }},
6600 { &hf_isakmp_version,
6601 { "Version", "isakmp.version",
6602 FT_UINT8, BASE_HEX, NULL, 0x0,
6603 "ISAKMP Version (major + minor)", HFILL }},
6604 { &hf_isakmp_mjver,
6605 { "MjVer", "isakmp.mjver",
6606 FT_UINT8, BASE_HEX, NULL, 0xF0,
6607 "ISAKMP MjVer", HFILL }},
6608 { &hf_isakmp_mnver,
6609 { "MnVer", "isakmp.mnver",
6610 FT_UINT8, BASE_HEX, NULL, 0x0F,
6611 "ISAKMP MnVer", HFILL }},
6612 { &hf_isakmp_exchangetype_v1,
6613 { "Exchange type", "isakmp.exchangetype",
6614 FT_UINT8, BASE_DEC, VALS(exchange_v1_type), 0x0,
6615 "ISAKMP Exchange Type", HFILL }},
6616 { &hf_isakmp_exchangetype_v2,
6617 { "Exchange type", "isakmp.exchangetype",
6618 FT_UINT8, BASE_DEC, VALS(exchange_v2_type), 0x0,
6619 "ISAKMP Exchange Type", HFILL }},
6620 { &hf_isakmp_flags,
6621 { "Flags", "isakmp.flags",
6622 FT_UINT8, BASE_HEX, NULL, 0x0,
6623 "ISAKMP Flags", HFILL }},
6624 { &hf_isakmp_flag_e,
6625 { "Encryption", "isakmp.flag_e",
6626 FT_BOOLEAN, 8, TFS(&flag_e), E_FLAG,
6627 "Encryption Bit", HFILL }},
6628 { &hf_isakmp_flag_c,
6629 { "Commit", "isakmp.flag_c",
6630 FT_BOOLEAN, 8, TFS(&flag_c), C_FLAG,
6631 "Commit Bit", HFILL }},
6632 { &hf_isakmp_flag_a,
6633 { "Authentication", "isakmp.flag_a",
6634 FT_BOOLEAN, 8, TFS(&flag_a), A_FLAG,
6635 "Authentication Bit", HFILL }},
6636 { &hf_isakmp_flag_i,
6637 { "Initiator", "isakmp.flag_i",
6638 FT_BOOLEAN, 8, TFS(&flag_i), I_FLAG,
6639 "Initiator Bit", HFILL }},
6640 { &hf_isakmp_flag_v,
6641 { "Version", "isakmp.flag_v",
6642 FT_BOOLEAN, 8, TFS(&flag_v), V_FLAG,
6643 "Version Bit", HFILL }},
6644 { &hf_isakmp_flag_r,
6645 { "Response", "isakmp.flag_r",
6646 FT_BOOLEAN, 8, TFS(&tfs_response_request), R_FLAG,
6647 "Response Bit", HFILL }},
6648 { &hf_isakmp_messageid,
6649 { "Message ID", "isakmp.messageid",
6650 FT_UINT32, BASE_HEX, NULL, 0x0,
6651 "ISAKMP Message ID", HFILL }},
6652 { &hf_isakmp_length,
6653 { "Length", "isakmp.length",
6654 FT_UINT32, BASE_DEC, NULL, 0x0,
6655 "ISAKMP Length", HFILL }},
6656 { &hf_isakmp_payloadlen,
6657 { "Payload length", "isakmp.payloadlength",
6658 FT_UINT16, BASE_DEC, NULL, 0x0,
6659 "ISAKMP Payload Length", HFILL }},
6660 { &hf_isakmp_sa_doi,
6661 { "Domain of interpretation", "isakmp.sa.doi",
6662 FT_UINT32, BASE_DEC, VALS(doi_type), 0x0,
6663 "ISAKMP Domain of Interpretation", HFILL }},
6664 { &hf_isakmp_sa_situation,
6665 { "Situation", "isakmp.sa.situation",
6666 FT_BYTES, BASE_NONE, NULL, 0x0,
6667 "ISAKMP SA Situation", HFILL }},
6668 { &hf_isakmp_sa_attribute_next_payload,
6669 { "SA Attribute Next Payload", "isakmp.sa.next_attribute_payload",
6670 FT_BYTES, BASE_NONE, NULL, 0x0,
6671 "Payloads that define specific security association attributes for the KEK and/or TEKs", HFILL }},
6672 { &hf_isakmp_reserved2,
6673 { "Reserved2", "isakmp.reserved2",
6674 FT_BYTES, BASE_NONE, NULL, 0x0,
6675 NULL, HFILL }},
6676 { &hf_isakmp_sa_situation_identity_only,
6677 { "Identity Only", "isakmp.sa.situation.identity_only",
6678 FT_BOOLEAN, 32, NULL, SIT_IDENTITY_ONLY,
6679 "The type specifies that the SA will be identified by source identity information present in an associated Identification Payload", HFILL }},
6680 { &hf_isakmp_sa_situation_secrecy,
6681 { "Secrecy", "isakmp.sa.situation.secrecy",
6682 FT_BOOLEAN, 32, NULL, SIT_SECRECY,
6683 "The type specifies that the SA is being negotiated in an environment that requires labeled secrecy.", HFILL }},
6684 { &hf_isakmp_sa_situation_integrity,
6685 { "Integrity", "isakmp.sa.situation.integrity",
6686 FT_BOOLEAN, 32, NULL, SIT_INTEGRITY,
6687 "The type specifies that the SA is being negotiated in an environment that requires labeled integrity", HFILL }},
6688 { &hf_isakmp_prop_protoid_v1,
6689 { "Protocol ID", "isakmp.prop.protoid",
6690 FT_UINT32, BASE_DEC, VALS(protoid_v1_type), 0x0,
6691 "ISAKMP Proposal Protocol ID", HFILL }},
6692 { &hf_isakmp_prop_protoid_v2,
6693 { "Protocol ID", "isakmp.prop.protoid",
6694 FT_UINT32, BASE_DEC, VALS(protoid_v2_type), 0x0,
6695 "IKEv2 Proposal Protocol ID", HFILL }},
6696 { &hf_isakmp_prop_number,
6697 { "Proposal number", "isakmp.prop.number",
6698 FT_UINT8, BASE_DEC, NULL, 0x0,
6699 "ISAKMP Proposal Number", HFILL }},
6700 { &hf_isakmp_spisize,
6701 { "SPI Size", "isakmp.spisize",
6702 FT_UINT8, BASE_DEC, NULL, 0x0,
6703 NULL, HFILL }},
6704 { &hf_isakmp_spi,
6705 { "SPI", "isakmp.spi",
6706 FT_BYTES, BASE_NONE, NULL, 0x0,
6707 NULL, HFILL }},
6708 { &hf_isakmp_prop_transforms,
6709 { "Proposal transforms", "isakmp.prop.transforms",
6710 FT_UINT8, BASE_DEC, NULL, 0x0,
6711 "ISAKMP Proposal Transforms", HFILL }},
6712 { &hf_isakmp_trans_number,
6713 { "Transform number", "isakmp.trans.number",
6714 FT_UINT8, BASE_DEC, NULL, 0x0,
6715 "ISAKMP Transform Number", HFILL }},
6716 { &hf_isakmp_trans_id,
6717 { "Transform ID", "isakmp.trans.id",
6718 FT_UINT8, BASE_DEC, NULL, 0x0,
6719 "ISAKMP Transform ID", HFILL }},
6720 { &hf_isakmp_id_type_v1,
6721 { "ID type", "isakmp.id.type",
6722 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_id_type), 0x0,
6723 "IKEv1 ID Type", HFILL }},
6724 { &hf_isakmp_id_type_v2,
6725 { "ID type", "isakmp.id.type",
6726 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v2_id_type), 0x0,
6727 "IKEv2 ID Type", HFILL }},
6728 { &hf_isakmp_id_protoid,
6729 { "Protocol ID", "isakmp.id.protoid",
6730 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
6731 "ISAKMP ID Protocol ID", HFILL }},
6732 { &hf_isakmp_id_port,
6733 { "Port", "isakmp.id.port",
6734 FT_UINT16, BASE_DEC, NULL, 0x0,
6735 "ISAKMP ID Port", HFILL }},
6736 { &hf_isakmp_id_data,
6737 { "Identification Data:", "isakmp.id.data",
6738 FT_NONE, BASE_NONE, NULL, 0x0,
6739 "ISAKMP ID Data", HFILL }},
6740 { &hf_isakmp_id_data_ipv4_addr,
6741 { "ID_IPV4_ADDR", "isakmp.id.data.ipv4_addr",
6742 FT_IPv4, BASE_NONE, NULL, 0x0,
6743 "The type specifies a single four (4) octet IPv4 address", HFILL }},
6744 { &hf_isakmp_id_data_fqdn,
6745 { "ID_FQDN", "isakmp.id.data.fqdn",
6746 FT_STRING, BASE_NONE, NULL, 0x0,
6747 "The type specifies a fully-qualified domain name string", HFILL }},
6748 { &hf_isakmp_id_data_user_fqdn,
6749 { "ID_FQDN", "isakmp.id.data.user_fqdn",
6750 FT_STRING, BASE_NONE, NULL, 0x0,
6751 "The type specifies a fully-qualified username string", HFILL }},
6752 { &hf_isakmp_id_data_ipv4_subnet,
6753 { "ID_IPV4_SUBNET", "isakmp.id.data.ipv4_subnet",
6754 FT_IPv4, BASE_NONE, NULL, 0x0,
6755 "The second is an IPv4 network mask", HFILL }},
6756 { &hf_isakmp_id_data_ipv4_range_start,
6757 { "ID_IPV4_RANGE (Start)", "isakmp.id.data.ipv4_range_start",
6758 FT_IPv4, BASE_NONE, NULL, 0x0,
6759 "The first value is the beginning IPv4 address (inclusive)", HFILL }},
6760 { &hf_isakmp_id_data_ipv4_range_end,
6761 { "ID_IPV4_RANGE (End)", "isakmp.id.data.ipv4_range_end",
6762 FT_IPv4, BASE_NONE, NULL, 0x0,
6763 "The second value is the ending IPv4 address (inclusive)", HFILL }},
6764 { &hf_isakmp_id_data_ipv6_addr,
6765 { "ID_IPV6_ADDR", "isakmp.id.data.ipv6_addr",
6766 FT_IPv6, BASE_NONE, NULL, 0x0,
6767 "The type specifies a single sixteen (16) octet IPv6 address", HFILL }},
6768 { &hf_isakmp_id_data_ipv6_subnet,
6769 { "ID_IPV6A_ADDR_SUBNET", "isakmp.id.data.ipv6_subnet",
6770 FT_IPv6, BASE_NONE, NULL, 0x0,
6771 "The type specifies a range of IPv6 addresses represented by two sixteen (16) octet values", HFILL }},
6772 { &hf_isakmp_id_data_ipv6_range_start,
6773 { "ID_IPV6_ADDR_RANGE (Start)", "isakmp.id.data.ipv6_range_start",
6774 FT_IPv6, BASE_NONE, NULL, 0x0,
6775 "The first value is the beginning IPv6 address (inclusive)", HFILL }},
6776 { &hf_isakmp_id_data_ipv6_range_end,
6777 { "ID_IPV6_ADDR_RANGE (End)", "isakmp.id.data.ipv6_range_end",
6778 FT_IPv6, BASE_NONE, NULL, 0x0,
6779 "the second value is the ending IPv6 address (inclusive)", HFILL }},
6780 { &hf_isakmp_id_data_key_id,
6781 { "ID_KEY_ID", "isakmp.id.data.key_id",
6782 FT_BYTES, BASE_NONE, NULL, 0x0,
6783 "The type specifies an opaque byte stream which may be used to pass vendor-specific information necessary to identify which pre-shared key should be used to authenticate Aggressive mode negotiations", HFILL }},
6784 { &hf_isakmp_id_data_cert,
6785 { "ID_DER_ASN1_DN", "isakmp.id.data.der_asn1_dn",
6786 FT_UINT32, BASE_DEC, NULL, 0x0,
6787 NULL, HFILL } },
6788 { &hf_isakmp_cert_encoding_v1,
6789 { "Certificate Encoding", "isakmp.cert.encoding",
6790 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(cert_v1_type), 0x0,
6791 "ISAKMP Certificate Encoding", HFILL }},
6792 { &hf_isakmp_cert_encoding_v2,
6793 { "Certificate Encoding", "isakmp.cert.encoding",
6794 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(cert_v2_type), 0x0,
6795 "IKEv2 Certificate Encoding", HFILL }},
6796 { &hf_isakmp_cert_data,
6797 { "Certificate Data", "isakmp.cert.data",
6798 FT_NONE, BASE_NONE, NULL, 0x0,
6799 "ISAKMP Certificate Data", HFILL }},
6800 { &hf_isakmp_cert_x509_hash,
6801 { "Hash", "isakmp.cert.x509.hash",
6802 FT_BYTES, BASE_NONE, NULL, 0x0,
6803 NULL, HFILL }},
6804 { &hf_isakmp_cert_x509_url,
6805 { "URL", "isakmp.cert.x509.url",
6806 FT_STRING, BASE_NONE, NULL, 0x0,
6807 NULL, HFILL }},
6808 { &hf_isakmp_certreq_type_v1,
6809 { "Certificate Type", "isakmp.certreq.type",
6810 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(cert_v1_type), 0x0,
6811 "ISAKMP Certificate Type", HFILL }},
6812 { &hf_isakmp_certreq_type_v2,
6813 { "Certificate Type", "isakmp.certreq.type",
6814 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(cert_v2_type), 0x0,
6815 "IKEv2 Certificate Type", HFILL }},
6816 { &hf_isakmp_auth_meth,
6817 { "Authentication Method", "isakmp.auth.method",
6818 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(authmeth_v2_type), 0x0,
6819 "IKEv2 Authentication Method", HFILL }},
6820 { &hf_isakmp_auth_data,
6821 { "Authentication Data", "isakmp.auth.data",
6822 FT_BYTES, BASE_NONE, NULL, 0x0,
6823 "IKEv2 Authentication Data", HFILL }},
6824 { &hf_isakmp_auth_digital_sig_asn1_len,
6825 { "ASN.1 Length", "isakmp.auth.data.sig.asn1.len",
6826 FT_UINT8, BASE_DEC, NULL, 0x0,
6827 "IKEv2 Authentication Data Digital Signature ASN.1 Length", HFILL } },
6828 { &hf_isakmp_auth_digital_sig_asn1_data,
6829 { "ASN.1 Data", "isakmp.auth.data.sig.asn1.data",
6830 FT_BYTES, BASE_NONE, NULL, 0x0,
6831 "IKEv2 Authentication Data Digital Signature ASN.1 Data", HFILL } },
6832 { &hf_isakmp_auth_digital_sig_value,
6833 { "Signature Value", "isakmp.auth.data.sig.value",
6834 FT_BYTES, BASE_NONE, NULL, 0x0,
6835 "IKEv2 Authentication Data Digital Signature Value", HFILL } },
6836 { &hf_isakmp_notify_doi,
6837 { "Domain of interpretation", "isakmp.notify.doi",
6838 FT_UINT32, BASE_DEC, VALS(doi_type), 0x0,
6839 "ISAKMP Notify Domain of Interpretation", HFILL }},
6840 { &hf_isakmp_notify_protoid_v1,
6841 { "Protocol ID", "isakmp.notify.protoid",
6842 FT_UINT32, BASE_DEC, VALS(protoid_v1_type), 0x0,
6843 "ISAKMP Notify Protocol ID", HFILL }},
6844 { &hf_isakmp_notify_protoid_v2,
6845 { "Protocol ID", "isakmp.notify.protoid",
6846 FT_UINT32, BASE_DEC, VALS(protoid_v2_type), 0x0,
6847 "IKEv2 Notify Protocol ID", HFILL }},
6848 { &hf_isakmp_notify_msgtype_v1,
6849 { "Notify Message Type", "isakmp.notify.msgtype",
6850 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(notifmsg_v1_type), 0x0,
6851 "ISAKMP Notify Message Type", HFILL }},
6852 { &hf_isakmp_notify_msgtype_v2,
6853 { "Notify Message Type", "isakmp.notify.msgtype",
6854 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(notifmsg_v2_type), 0x0,
6855 "ISAKMP Notify Message Type", HFILL }},
6856 { &hf_isakmp_notify_data,
6857 { "Notification DATA", "isakmp.notify.data",
6858 FT_BYTES, BASE_NONE, NULL, 0x0,
6859 NULL, HFILL }},
6860 { &hf_isakmp_notify_data_dpd_are_you_there,
6861 { "DPD ARE-YOU-THERE sequence", "isakmp.notify.data.dpd.are_you_there",
6862 FT_UINT32, BASE_DEC, NULL, 0x0,
6863 NULL, HFILL }},
6864 { &hf_isakmp_notify_data_dpd_are_you_there_ack,
6865 { "DPD ARE-YOU-THERE-ACK sequence", "isakmp.notify.data.dpd.are_you_there_ack",
6866 FT_UINT32, BASE_DEC, NULL, 0x0,
6867 NULL, HFILL }},
6868 { &hf_isakmp_notify_data_unity_load_balance,
6869 { "UNITY LOAD BALANCE", "isakmp.notify.data.unity.load_balance",
6870 FT_IPv4, BASE_NONE, NULL, 0x0,
6871 NULL, HFILL }},
6872 { &hf_isakmp_notify_data_fortinet_network_overlay_id,
6873 { "Network Overlay ID", "isakmp.notify.data.fortinet.network_overlay_id",
6874 FT_UINT8, BASE_DEC_HEX, NULL, 0x0,
6875 NULL, HFILL }},
6876 { &hf_isakmp_notify_data_accepted_dh_group,
6877 { "Accepted DH group number", "isakmp.notify.data.accepted_dh_group",
6878 FT_UINT16, BASE_DEC, VALS(dh_group), 0x0,
6879 NULL, HFILL }},
6880 { &hf_isakmp_notify_data_ipcomp_cpi,
6881 { "IPCOMP CPI", "isakmp.notify.data.ipcomp.cpi",
6882 FT_UINT16, BASE_DEC, NULL, 0x0,
6883 NULL, HFILL }},
6884 { &hf_isakmp_notify_data_ipcomp_transform_id,
6885 { "IPCOMP Transform ID", "isakmp.notify.data.ipcomp.transform_id",
6886 FT_UINT8, BASE_DEC, VALS(transform_id_ipcomp), 0x0,
6887 NULL, HFILL }},
6888 { &hf_isakmp_notify_data_auth_lifetime,
6889 { "Authentication Lifetime", "isakmp.notify.data.auth_lifetime",
6890 FT_UINT32, BASE_DEC, NULL, 0x0,
6891 NULL, HFILL }},
6892 { &hf_isakmp_notify_data_redirect_gw_ident_type,
6893 { "Gateway Identity Type", "isakmp.notify.data.redirect.gw_ident.type",
6894 FT_UINT8, BASE_DEC, VALS(redirect_gateway_identity_type), 0x0,
6895 NULL, HFILL }},
6896 { &hf_isakmp_notify_data_redirect_gw_ident_len,
6897 { "Gateway Identity Length", "isakmp.notify.data.redirect.gw_ident.len",
6898 FT_UINT8, BASE_DEC, NULL, 0x0,
6899 NULL, HFILL }},
6900 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv4,
6901 { "New Responder Gateway Identity (IPv4)", "isakmp.notify.data.redirect.new_resp_gw_ident.ipv4",
6902 FT_IPv4, BASE_NONE, NULL, 0x0,
6903 NULL, HFILL }},
6904 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv6,
6905 { "New Responder Gateway Identity (IPv6)", "isakmp.notify.data.redirect.new_resp_gw_ident.ipv6",
6906 FT_IPv6, BASE_NONE, NULL, 0x0,
6907 NULL, HFILL }},
6908 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident_fqdn,
6909 { "New Responder Gateway Identity (FQDN)", "isakmp.notify.data.redirect.new_resp_gw_ident.fqdn",
6910 FT_STRING, BASE_NONE, NULL, 0x0,
6911 NULL, HFILL }},
6912 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident,
6913 { "New Responder Gateway Identity (DATA)", "isakmp.notify.data.redirect.new_resp_gw_ident.data",
6914 FT_BYTES, BASE_NONE, NULL, 0x0,
6915 NULL, HFILL }},
6916 { &hf_isakmp_notify_data_redirect_nonce_data,
6917 { "Redirect Nonce Data", "isakmp.notify.data.redirect.nonce_data",
6918 FT_BYTES, BASE_NONE, NULL, 0x0,
6919 NULL, HFILL }},
6920 { &hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv4,
6921 { "Original Responder Gateway Identity (IPv4)", "isakmp.notify.data.redirect.org_resp_gw_ident.ipv4",
6922 FT_IPv4, BASE_NONE, NULL, 0x0,
6923 NULL, HFILL }},
6924 { &hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv6,
6925 { "Original Responder Gateway Identity (IPv6)", "isakmp.notify.data.redirect.org_resp_gw_ident.ipv6",
6926 FT_IPv6, BASE_NONE, NULL, 0x0,
6927 NULL, HFILL }},
6928 { &hf_isakmp_notify_data_redirect_org_resp_gw_ident,
6929 { "Original Responder Gateway Identity (DATA)", "isakmp.notify.data.redirect.org_resp_gw_ident.data",
6930 FT_BYTES, BASE_NONE, NULL, 0x0,
6931 NULL, HFILL }},
6932
6933 { &hf_isakmp_notify_data_ticket_lifetime,
6934 { "TICKET OPAQUE Lifetime", "isakmp.notify.data.ticket_opaque.lifetime",
6935 FT_UINT32, BASE_DEC, NULL, 0x0,
6936 "The Lifetime field contains a relative time value, the number of seconds until the ticket expires (encoded as an unsigned integer).", HFILL }},
6937 { &hf_isakmp_notify_data_ticket_data,
6938 { "TICKET OPAQUE Data", "isakmp.notify.data.ticket_opaque.data",
6939 FT_BYTES, BASE_NONE, NULL, 0x0,
6940 NULL, HFILL }},
6941
6942 /* ROHC Attributes Type */
6943 { &hf_isakmp_notify_data_rohc_attr.all,
6944 { "ROHC Attribute Type", "isakmp.notify.data.rohc.attr",
6945 FT_NONE, BASE_NONE, NULL, 0x00,
6946 NULL, HFILL }},
6947 { &hf_isakmp_notify_data_rohc_attr.type,
6948 { "ROHC Attribute Type", "isakmp.notify.data.rohc.attr.type",
6949 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(rohc_attr_type), 0x00,
6950 NULL, HFILL }},
6951 { &hf_isakmp_notify_data_rohc_attr.format,
6952 { "ROHC Format", "isakmp.notify.data.rohc.attr.format",
6953 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
6954 NULL, HFILL }},
6955 { &hf_isakmp_notify_data_rohc_attr.length,
6956 { "Length", "isakmp.notify.data.rohc.attr.length",
6957 FT_UINT16, BASE_DEC, NULL, 0x00,
6958 NULL, HFILL }},
6959 { &hf_isakmp_notify_data_rohc_attr.value,
6960 { "Value", "isakmp.notify.data.rohc.attr.value",
6961 FT_BYTES, BASE_NONE, NULL, 0x00,
6962 NULL, HFILL }},
6963 { &hf_isakmp_notify_data_rohc_attr_max_cid,
6964 { "Maximum Context Identifier", "isakmp.notify.data.rohc.attr.max_cid",
6965 FT_UINT16, BASE_DEC, NULL, 0x00,
6966 NULL, HFILL }},
6967 { &hf_isakmp_notify_data_rohc_attr_profile,
6968 { "ROHC Profile", "isakmp.notify.data.rohc.attr.profile",
6969 FT_UINT16, BASE_DEC, NULL, 0x00,
6970 NULL, HFILL }},
6971 { &hf_isakmp_notify_data_rohc_attr_integ,
6972 { "ROHC Integrity Algorithm", "isakmp.notify.data.rohc.attr.integ",
6973 FT_UINT16, BASE_DEC, VALS(transform_ike2_integ_type), 0x00,
6974 NULL, HFILL }},
6975 { &hf_isakmp_notify_data_rohc_attr_icv_len,
6976 { "ROHC ICV Length in bytes", "isakmp.notify.data.rohc.attr.icv_len",
6977 FT_UINT16, BASE_DEC, NULL, 0x00,
6978 NULL, HFILL }},
6979 { &hf_isakmp_notify_data_rohc_attr_mrru,
6980 { "MRRU", "isakmp.notify.data.rohc.attr.mrru",
6981 FT_UINT16, BASE_DEC, NULL, 0x00,
6982 NULL, HFILL }},
6983
6984 { &hf_isakmp_notify_data_qcd_token_secret_data,
6985 { "Token Secret Data", "isakmp.notify.data.qcd.token_secret_data",
6986 FT_BYTES, BASE_NONE, NULL, 0x0,
6987 NULL, HFILL }},
6988
6989 { &hf_isakmp_notify_data_ha_nonce_data,
6990 { "Nonce Data", "isakmp.notify.data.ha.nonce_data",
6991 FT_UINT32, BASE_HEX, NULL, 0x0,
6992 "Random nonce data, the data should be identical in the synchronization request and response", HFILL }},
6993 { &hf_isakmp_notify_data_ha_expected_send_req_msg_id,
6994 { "EXPECTED SEND REQ MESSAGE ID", "isakmp.notify.data.ha.expected_send_req_message_id",
6995 FT_UINT32, BASE_HEX, NULL, 0x0,
6996 "Indicate the Message ID it will use in the next request that it will send to the other protocol peer", HFILL }},
6997 { &hf_isakmp_notify_data_ha_expected_recv_req_msg_id,
6998 { "EXPECTED RECV REQ MESSAGE ID", "isakmp.notify.data.ha.expected_recv_req_message_id",
6999 FT_UINT32, BASE_HEX, NULL, 0x0,
7000 "Indicate the Message ID it is expecting in the next request to be received from the other protocol peer", HFILL }},
7001 { &hf_isakmp_notify_data_ha_incoming_ipsec_sa_delta_value,
7002 { "Incoming IPsec SA delta value", "isakmp.notify.data.ha.incoming_ipsec_sa_delta_value",
7003 FT_BYTES, BASE_NONE, NULL, 0x0,
7004 "The sender requests that the peer should increment all the Child SA Replay Counters for the sender's incomingtraffic by this value", HFILL }},
7005 { &hf_isakmp_notify_data_secure_password_methods,
7006 { "Secure Password Methods", "isakmp.notify.data.secure_password_methods",
7007 FT_BYTES, BASE_NONE, NULL, 0x0,
7008 NULL, HFILL }},
7009 { &hf_isakmp_notify_data_signature_hash_algorithms,
7010 { "Supported Signature Hash Algorithm", "isakmp.notify.data.signature_hash_algorithms",
7011 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(signature_hash_algorithms), 0x0,
7012 NULL, HFILL }},
7013
7014 { &hf_isakmp_delete_doi,
7015 { "Domain of interpretation", "isakmp.delete.doi",
7016 FT_UINT32, BASE_DEC, VALS(doi_type), 0x0,
7017 "ISAKMP Delete Domain of Interpretation", HFILL }},
7018 { &hf_isakmp_delete_protoid_v1,
7019 { "Protocol ID", "isakmp.delete.protoid",
7020 FT_UINT32, BASE_DEC, VALS(protoid_v1_type), 0x0,
7021 "ISAKMP Delete Protocol ID", HFILL }},
7022 { &hf_isakmp_delete_protoid_v2,
7023 { "Protocol ID", "isakmp.delete.protoid",
7024 FT_UINT32, BASE_DEC, VALS(protoid_v2_type), 0x0,
7025 "IKEv2 Delete Protocol ID", HFILL }},
7026 { &hf_isakmp_delete_spi,
7027 { "Delete SPI", "isakmp.delete.spi",
7028 FT_BYTES, BASE_NONE, NULL, 0x0,
7029 "Identifies the specific security association(s) to delete", HFILL }},
7030 { &hf_isakmp_vid_bytes,
7031 { "Vendor ID", "isakmp.vid_bytes",
7032 FT_BYTES, BASE_NONE, NULL, 0x0,
7033 NULL, HFILL }},
7034 { &hf_isakmp_vid_string,
7035 { "Vendor ID", "isakmp.vid_string",
7036 FT_STRING, BASE_NONE, NULL, 0x0,
7037 NULL, HFILL }},
7038 { &hf_isakmp_vid_cp_product,
7039 { "Checkpoint Product", "isakmp.vid.cp.product",
7040 FT_UINT32, BASE_DEC, VALS(cp_product), 0x0,
7041 NULL, HFILL }},
7042 { &hf_isakmp_vid_cp_version,
7043 { "Checkpoint Version", "isakmp.vid.cp.version",
7044 FT_UINT32, BASE_DEC, VALS(cp_version), 0x0,
7045 "Encoded Version number", HFILL }},
7046 { &hf_isakmp_vid_cp_timestamp,
7047 { "Checkpoint Timestamp", "isakmp.vid.cp.timestamp",
7048 FT_UINT32, BASE_DEC, NULL, 0x0,
7049 "Timestamp (NGX only; always zero in 4.1 or NG)", HFILL }},
7050 { &hf_isakmp_vid_cp_reserved,
7051 { "Checkpoint Reserved", "isakmp.vid.cp.reserved",
7052 FT_UINT32, BASE_HEX, NULL, 0x0,
7053 NULL, HFILL }},
7054 { &hf_isakmp_vid_cp_features,
7055 { "Checkpoint Features", "isakmp.vid.cp.features",
7056 FT_UINT32, BASE_HEX, NULL, 0x0,
7057 NULL, HFILL }},
7058
7059 { &hf_isakmp_vid_cisco_unity_major,
7060 { "CISCO-UNITY Major version", "isakmp.vid.cisco_unity.major",
7061 FT_UINT8, BASE_DEC, NULL, 0x0,
7062 NULL, HFILL }},
7063 { &hf_isakmp_vid_cisco_unity_minor,
7064 { "CISCO-UNITY Minor version", "isakmp.vid.cisco_unity.minor",
7065 FT_UINT8, BASE_DEC, NULL, 0x0,
7066 NULL, HFILL }},
7067
7068 { &hf_isakmp_vid_ms_nt5_isakmpoakley,
7069 { "MS NT5 ISAKMPOAKLEY", "isakmp.vid.ms_nt5_isakmpoakley",
7070 FT_UINT32, BASE_DEC, VALS(ms_nt5_isakmpoakley_type), 0x0,
7071 NULL, HFILL }},
7072
7073 { &hf_isakmp_vid_aruba_via_auth_profile,
7074 { "Auth Profile", "isakmp.vid.aruba_via_auth_profile",
7075 FT_STRING, BASE_NONE, NULL, 0x0,
7076 "Aruba Networks Auth Profile for VIA Client", HFILL }},
7077
7078 { &hf_isakmp_vid_fortinet_fortigate_release,
7079 { "Release", "isakmp.vid.fortinet.fortigate.release",
7080 FT_UINT16, BASE_DEC, NULL, 0x0,
7081 "Release of Fortigate", HFILL }},
7082
7083 { &hf_isakmp_vid_fortinet_fortigate_build,
7084 { "Build", "isakmp.vid.fortinet.fortigate.build",
7085 FT_UINT16, BASE_DEC, NULL, 0x0,
7086 "Build of Fortigate", HFILL }},
7087
7088 { &hf_isakmp_ts_number_of_ts,
7089 { "Number of Traffic Selectors", "isakmp.ts.number",
7090 FT_UINT8, BASE_DEC, NULL, 0x0,
7091 NULL, HFILL }},
7092 { &hf_isakmp_ts_type,
7093 { "Traffic Selector Type", "isakmp.ts.type",
7094 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(traffic_selector_type), 0x0,
7095 NULL, HFILL }},
7096 { &hf_isakmp_ts_protoid,
7097 { "Protocol ID", "isakmp.ts.protoid",
7098 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
7099 "IKEv2 Traffic Selector Protocol ID", HFILL }},
7100 { &hf_isakmp_ts_selector_length,
7101 { "Selector Length", "isakmp.ts.selector_length",
7102 FT_UINT16, BASE_DEC, NULL, 0x0,
7103 NULL, HFILL }},
7104 { &hf_isakmp_ts_start_port,
7105 { "Start Port", "isakmp.ts.start_port",
7106 FT_UINT16, BASE_DEC, NULL, 0x0,
7107 NULL, HFILL }},
7108 { &hf_isakmp_ts_end_port,
7109 { "End Port", "isakmp.ts.end_port",
7110 FT_UINT16, BASE_DEC, NULL, 0x0,
7111 NULL, HFILL }},
7112 { &hf_isakmp_ts_start_addr_ipv4,
7113 { "Starting Addr", "isakmp.ts.start_ipv4",
7114 FT_IPv4, BASE_NONE, NULL, 0x0,
7115 NULL, HFILL }},
7116 { &hf_isakmp_ts_end_addr_ipv4,
7117 { "Ending Addr", "isakmp.ts.end_ipv4",
7118 FT_IPv4, BASE_NONE, NULL, 0x0,
7119 NULL, HFILL }},
7120 { &hf_isakmp_ts_start_addr_ipv6,
7121 { "Starting Addr", "isakmp.ts.start_ipv6",
7122 FT_IPv6, BASE_NONE, NULL, 0x0,
7123 NULL, HFILL }},
7124 { &hf_isakmp_ts_end_addr_ipv6,
7125 { "Ending Addr", "isakmp.ts.end_ipv6",
7126 FT_IPv6, BASE_NONE, NULL, 0x0,
7127 NULL, HFILL }},
7128 { &hf_isakmp_ts_start_addr_fc,
7129 { "Starting Addr", "isakmp.ts.start_fc",
7130 FT_UINT32, BASE_DEC, NULL, 0x0,
7131 NULL, HFILL }},
7132 { &hf_isakmp_ts_end_addr_fc,
7133 { "Ending Addr", "isakmp.ts.end_fc",
7134 FT_UINT32, BASE_DEC, NULL, 0x0,
7135 NULL, HFILL }},
7136 { &hf_isakmp_ts_start_r_ctl,
7137 { "Starting R_CTL", "isakmp.ts.start_r_ctl",
7138 FT_UINT8, BASE_DEC, NULL, 0x0,
7139 NULL, HFILL }},
7140 { &hf_isakmp_ts_end_r_ctl,
7141 { "Ending R_CTL", "isakmp.ts.end_r_ctl",
7142 FT_UINT8, BASE_DEC, NULL, 0x0,
7143 NULL, HFILL }},
7144 { &hf_isakmp_ts_start_type,
7145 { "Starting Type", "isakmp.ts.start_type",
7146 FT_UINT8, BASE_DEC, NULL, 0x0,
7147 NULL, HFILL }},
7148 { &hf_isakmp_ts_end_type,
7149 { "Ending Type", "isakmp.ts.end_type",
7150 FT_UINT8, BASE_DEC, NULL, 0x0,
7151 NULL, HFILL }},
7152 { &hf_isakmp_ts_data,
7153 { "Traffic Selector", "isakmp.ts.data",
7154 FT_NONE, BASE_NONE, NULL, 0x0,
7155 "An individual traffic selector", HFILL }},
7156
7157 { &hf_isakmp_num_spis,
7158 { "Number of SPIs", "isakmp.spinum",
7159 FT_UINT16, BASE_DEC, NULL, 0x0,
7160 "ISAKMP Number of SPIs", HFILL }},
7161 { &hf_isakmp_hash,
7162 { "Hash DATA", "isakmp.hash",
7163 FT_BYTES, BASE_NONE, NULL, 0x0,
7164 NULL, HFILL }},
7165 { &hf_isakmp_sig,
7166 { "Signature DATA", "isakmp.sig",
7167 FT_BYTES, BASE_NONE, NULL, 0x0,
7168 NULL, HFILL }},
7169 { &hf_isakmp_nonce,
7170 { "Nonce DATA", "isakmp.nonce",
7171 FT_BYTES, BASE_NONE, NULL, 0x0,
7172 NULL, HFILL }},
7173 { &hf_isakmp_symmetric_key,
7174 { "symmetric key", "isakmp.symmetric_key",
7175 FT_BYTES, BASE_NONE, NULL, 0x0,
7176 NULL, HFILL }},
7177 { &hf_isakmp_ike2_fragment_number,
7178 { "Fragment Number", "isakmp.frag.number",
7179 FT_UINT16, BASE_DEC, NULL, 0x0,
7180 "ISAKMP fragment number", HFILL }},
7181 { &hf_isakmp_ike2_total_fragments,
7182 { "Total Fragments", "isakmp.frag.total",
7183 FT_UINT16, BASE_DEC, NULL, 0x0,
7184 "ISAKMP total number of fragments", HFILL }},
7185
7186 { &hf_isakmp_cisco_frag_packetid,
7187 { "Frag ID", "isakmp.frag.packetid",
7188 FT_UINT16, BASE_HEX, NULL, 0x0,
7189 "ISAKMP fragment packet-id", HFILL }},
7190 { &hf_isakmp_cisco_frag_seq,
7191 { "Frag seq", "isakmp.frag.seq",
7192 FT_UINT8, BASE_DEC, NULL, 0x0,
7193 "ISAKMP fragment number", HFILL }},
7194 { &hf_isakmp_cisco_frag_last,
7195 { "Frag last", "isakmp.frag.last",
7196 FT_UINT8, BASE_DEC, VALS(frag_last_vals), 0x0,
7197 "ISAKMP last fragment", HFILL }},
7198 { &hf_isakmp_fragments,
7199 {"Message fragments", "isakmp.fragments",
7200 FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
7201 { &hf_isakmp_fragment,
7202 {"Message fragment", "isakmp.fragment",
7203 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
7204 { &hf_isakmp_fragment_overlap,
7205 {"Message fragment overlap", "isakmp.fragment.overlap",
7206 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
7207 { &hf_isakmp_fragment_overlap_conflicts,
7208 {"Message fragment overlapping with conflicting data",
7209 "isakmp.fragment.overlap.conflicts",
7210 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
7211 { &hf_isakmp_fragment_multiple_tails,
7212 {"Message has multiple tail fragments",
7213 "isakmp.fragment.multiple_tails",
7214 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
7215 { &hf_isakmp_fragment_too_long_fragment,
7216 {"Message fragment too long", "isakmp.fragment.too_long_fragment",
7217 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
7218 { &hf_isakmp_fragment_error,
7219 {"Message defragmentation error", "isakmp.fragment.error",
7220 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
7221 { &hf_isakmp_fragment_count,
7222 {"Message fragment count", "isakmp.fragment.count",
7223 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
7224 { &hf_isakmp_reassembled_in,
7225 {"Reassembled in", "isakmp.reassembled.in",
7226 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
7227 { &hf_isakmp_reassembled_length,
7228 {"Reassembled ISAKMP length", "isakmp.reassembled.length",
7229 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
7230 { &hf_isakmp_certreq_authority_sig,
7231 { "Certificate Authority Signature", "isakmp.ike.certreq.authority.sig",
7232 FT_UINT32, BASE_DEC, NULL, 0x0,
7233 NULL, HFILL } },
7234 { &hf_isakmp_certreq_authority_v1,
7235 { "Certificate Authority Data", "isakmp.ike.certreq.authority",
7236 FT_BYTES, BASE_NONE, NULL, 0x0,
7237 NULL, HFILL } },
7238 { &hf_isakmp_certreq_authority_v2,
7239 { "Certificate Authority Data", "isakmp.ike.certreq.authority",
7240 FT_BYTES, BASE_NONE, NULL, 0x0,
7241 "SHA-1 hash of the Certificate Authority", HFILL } },
7242 { &hf_isakmp_nat_keepalive,
7243 { "NAT Keepalive", "isakmp.ike.nat_keepalive",
7244 FT_NONE, BASE_NONE, NULL, 0x0, "NAT Keepalive packet", HFILL } },
7245 { &hf_isakmp_nat_hash,
7246 { "HASH of the address and port", "isakmp.ike.nat_hash",
7247 FT_BYTES, BASE_NONE, NULL, 0x00,
7248 NULL, HFILL }},
7249 { &hf_isakmp_nat_original_address_ipv4,
7250 { "NAT Original IPv4 Address", "isakmp.ike.nat_original_address_ipv4",
7251 FT_IPv4, BASE_NONE, NULL, 0x00,
7252 NULL, HFILL }},
7253 { &hf_isakmp_nat_original_address_ipv6,
7254 { "NAT Original IPv6 Address", "isakmp.ike.nat_original_address_ipv6",
7255 FT_IPv6, BASE_NONE, NULL, 0x00,
7256 NULL, HFILL }},
7257
7258 /*tek key download type (ISAKMP phase 2 GDOI)*/
7259 { &hf_isakmp_tek_key_attr.all,
7260 { "Key download Tek Attribute", "isakmp.key_download.attr",
7261 FT_NONE, BASE_NONE, NULL, 0x00,
7262 NULL, HFILL }},
7263 { &hf_isakmp_tek_key_attr.type,
7264 { "Type", "isakmp.key_download.attr.type",
7265 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, NULL, 0x00,
7266 "key_download Attribute type", HFILL }},
7267 { &hf_isakmp_tek_key_attr.format,
7268 { "Format", "isakmp.key_download.attr.format",
7269 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7270 "key_download Attribute format", HFILL }},
7271 { &hf_isakmp_tek_key_attr.length,
7272 { "Length", "isakmp.key_download.attr.length",
7273 FT_UINT16, BASE_DEC, NULL, 0x00,
7274 "key_download Attribute length", HFILL }},
7275 { &hf_isakmp_tek_key_attr.value,
7276 { "Value", "isakmp.key_download.attr.value",
7277 FT_BYTES, BASE_NONE, NULL, 0x00,
7278 "key_download Attribute value", HFILL }},
7279 /* IPsec SA Attributes (ISAKMP Phase 2) */
7280 { &hf_isakmp_ipsec_attr.all,
7281 { "IPsec Attribute", "isakmp.ipsec.attr",
7282 FT_NONE, BASE_NONE, NULL, 0x00,
7283 NULL, HFILL }},
7284 { &hf_isakmp_ipsec_attr.type,
7285 { "Type", "isakmp.ipsec.attr.type",
7286 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(ipsec_attr_type), 0x00,
7287 "IPsec Attribute type", HFILL }},
7288 { &hf_isakmp_ipsec_attr.format,
7289 { "Format", "isakmp.ipsec.attr.format",
7290 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7291 "IPsec Attribute format", HFILL }},
7292 { &hf_isakmp_ipsec_attr.length,
7293 { "Length", "isakmp.ipsec.attr.length",
7294 FT_UINT16, BASE_DEC, NULL, 0x00,
7295 "IPsec Attribute length", HFILL }},
7296 { &hf_isakmp_ipsec_attr.value,
7297 { "Value", "isakmp.ipsec.attr.value",
7298 FT_BYTES, BASE_NONE, NULL, 0x00,
7299 "IPsec Attribute value", HFILL }},
7300 { &hf_isakmp_ipsec_attr_life_type,
7301 { "Life Type", "isakmp.ipsec.attr.life_type",
7302 FT_UINT16, BASE_DEC, VALS(attr_life_type), 0x00,
7303 "The unit (seconds or kilobytes) of the associated Life Duration attribute.", HFILL }},
7304 { &hf_isakmp_ipsec_attr_life_duration_uint32,
7305 { "Life Duration", "isakmp.ipsec.attr.life_duration",
7306 FT_UINT32, BASE_DEC, NULL, 0x00,
7307 NULL, HFILL }},
7308 { &hf_isakmp_ipsec_attr_life_duration_uint64,
7309 { "Life Duration", "isakmp.ipsec.attr.life_duration64",
7310 FT_UINT64, BASE_DEC, NULL, 0x00,
7311 NULL, HFILL }},
7312 { &hf_isakmp_ipsec_attr_life_duration_bytes,
7313 { "Life Duration", "isakmp.ipsec.attr.life_duration_bytes",
7314 FT_BYTES, BASE_NONE, NULL, 0x00,
7315 NULL, HFILL }},
7316 { &hf_isakmp_ipsec_attr_group_description,
7317 { "Group Description", "isakmp.ipsec.attr.group_description",
7318 FT_UINT16, BASE_DEC, VALS(dh_group), 0x00,
7319 NULL, HFILL }},
7320 { &hf_isakmp_ipsec_attr_encap_mode,
7321 { "Encapsulation Mode", "isakmp.ipsec.attr.encap_mode",
7322 FT_UINT16, BASE_DEC, VALS(ipsec_attr_encap_mode), 0x00,
7323 NULL, HFILL }},
7324 { &hf_isakmp_ipsec_attr_auth_algorithm,
7325 { "Authentication Algorithm", "isakmp.ipsec.attr.auth_algorithm",
7326 FT_UINT16, BASE_DEC, VALS(ipsec_attr_auth_algo), 0x00,
7327 NULL, HFILL }},
7328 { &hf_isakmp_ipsec_attr_key_length,
7329 { "Key Length", "isakmp.ipsec.attr.key_length",
7330 FT_UINT16, BASE_DEC, NULL, 0x00,
7331 NULL, HFILL }},
7332 { &hf_isakmp_ipsec_attr_key_rounds,
7333 { "Key Rounds", "isakmp.ipsec.attr.key_rounds",
7334 FT_UINT16, BASE_DEC, NULL, 0x00,
7335 NULL, HFILL }},
7336 { &hf_isakmp_ipsec_attr_cmpr_dict_size,
7337 { "Compress Dictionary Size", "isakmp.ipsec.attr.cmpr_dict_size",
7338 FT_UINT16, BASE_DEC, NULL, 0x00,
7339 NULL, HFILL }},
7340 { &hf_isakmp_ipsec_attr_cmpr_algorithm,
7341 { "Compress Private Algorithm", "isakmp.ipsec.attr.cmpr_algorithm",
7342 FT_BYTES, BASE_NONE, NULL, 0x00,
7343 NULL, HFILL }},
7344 { &hf_isakmp_ipsec_attr_ecn_tunnel,
7345 { "ECN Tunnel", "isakmp.ipsec.attr.ecn_tunnel",
7346 FT_UINT16, BASE_DEC, VALS(ipsec_attr_ecn_tunnel), 0x00,
7347 NULL, HFILL }},
7348 { &hf_isakmp_ipsec_attr_ext_seq_nbr,
7349 { "Extended (64-bit) Sequence Number", "isakmp.ipsec.attr.ext_seq_nbr",
7350 FT_UINT16, BASE_DEC, VALS(ipsec_attr_ext_seq_nbr), 0x00,
7351 NULL, HFILL }},
7352 { &hf_isakmp_ipsec_attr_auth_key_length,
7353 { "Authentication Key Length", "isakmp.ipsec.attr.auth_key_length",
7354 FT_UINT16, BASE_DEC, NULL, 0x00,
7355 NULL, HFILL }},
7356 { &hf_isakmp_ipsec_attr_sig_enco_algorithm,
7357 { "Signature Encoding Algorithm", "isakmp.ipsec.attr.sig_enco_algorithm",
7358 FT_BYTES, BASE_NONE, NULL, 0x00,
7359 NULL, HFILL }},
7360 { &hf_isakmp_ipsec_attr_addr_preservation,
7361 { "Address Preservation", "isakmp.ipsec.attr.addr_preservation",
7362 FT_UINT16, BASE_DEC, VALS(ipsec_attr_addr_preservation), 0x00,
7363 NULL, HFILL }},
7364 { &hf_isakmp_ipsec_attr_sa_direction,
7365 { "SA Direction", "isakmp.ipsec.attr.sa_direction",
7366 FT_UINT16, BASE_DEC, VALS(ipsec_attr_sa_direction), 0x00,
7367 NULL, HFILL }},
7368
7369 /* Responder Lifetime Notification for IPsec SA */
7370 { &hf_isakmp_resp_lifetime_ipsec_attr.all,
7371 { "IPsec Attribute", "isakmp.notify.data.resp_lifetime.ipsec.attr",
7372 FT_NONE, BASE_NONE, NULL, 0x00,
7373 NULL, HFILL }},
7374 { &hf_isakmp_resp_lifetime_ipsec_attr.type,
7375 { "Type", "isakmp.notify.data.resp_lifetime.ipsec.attr.type",
7376 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(ipsec_attr_type), 0x00,
7377 "IPsec Attribute type", HFILL }},
7378 { &hf_isakmp_resp_lifetime_ipsec_attr.format,
7379 { "Format", "isakmp.notify.data.resp_lifetime.ipsec.attr.format",
7380 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7381 "IPsec Attribute format", HFILL }},
7382 { &hf_isakmp_resp_lifetime_ipsec_attr.length,
7383 { "Length", "isakmp.notify.data.resp_lifetime.ipsec.attr.length",
7384 FT_UINT16, BASE_DEC, NULL, 0x00,
7385 "IPsec Attribute length", HFILL }},
7386 { &hf_isakmp_resp_lifetime_ipsec_attr.value,
7387 { "Value", "isakmp.notify.data.resp_lifetime.ipsec.attr.value",
7388 FT_BYTES, BASE_NONE, NULL, 0x00,
7389 "IPsec Attribute value", HFILL }},
7390
7391 { &hf_isakmp_resp_lifetime_ipsec_attr_life_type,
7392 { "Life Type", "isakmp.notify.data.resp_lifetime.ipsec.attr.life_type",
7393 FT_UINT16, BASE_DEC, VALS(attr_life_type), 0x00,
7394 "The unit (seconds or kilobytes) of the associated Life Duration attribute.", HFILL }},
7395 { &hf_isakmp_resp_lifetime_ipsec_attr_life_duration_uint32,
7396 { "Life Duration", "isakmp.notify.data.resp_lifetime.ipsec.attr.life_duration",
7397 FT_UINT32, BASE_DEC, NULL, 0x00,
7398 NULL, HFILL }},
7399 { &hf_isakmp_resp_lifetime_ipsec_attr_life_duration_uint64,
7400 { "Life Duration", "isakmp.notify.data.resp_lifetime.ipsec.attr.life_duration64",
7401 FT_UINT64, BASE_DEC, NULL, 0x00,
7402 NULL, HFILL }},
7403 { &hf_isakmp_resp_lifetime_ipsec_attr_life_duration_bytes,
7404 { "Life Duration", "isakmp.notify.data.resp_lifetime.ipsec.attr.life_duration_bytes",
7405 FT_BYTES, BASE_NONE, NULL, 0x00,
7406 NULL, HFILL }},
7407
7408 /* IKEv1 SA Attributes (ISAKMP SA, Phase 1) */
7409 { &hf_isakmp_ike_attr.all,
7410 { "IKE Attribute", "isakmp.ike.attr",
7411 FT_NONE, BASE_NONE, NULL, 0x00,
7412 NULL, HFILL }},
7413 { &hf_isakmp_ike_attr.type,
7414 { "Type", "isakmp.ike.attr.type",
7415 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(ike_attr_type), 0x00,
7416 "IKEv1 Attribute type", HFILL }},
7417 { &hf_isakmp_ike_attr.format,
7418 { "Format", "isakmp.ike.attr.format",
7419 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7420 "IKEv1 Attribute format", HFILL }},
7421 { &hf_isakmp_ike_attr.length,
7422 { "Length", "isakmp.ike.attr.length",
7423 FT_UINT16, BASE_DEC, NULL, 0x00,
7424 "IKEv1 Attribute length", HFILL }},
7425 { &hf_isakmp_ike_attr.value,
7426 { "Value", "isakmp.ike.attr.value",
7427 FT_BYTES, BASE_NONE, NULL, 0x00,
7428 "IKEv1 Attribute value", HFILL }},
7429
7430 { &hf_isakmp_ike_attr_encryption_algorithm,
7431 { "Encryption Algorithm", "isakmp.ike.attr.encryption_algorithm",
7432 FT_UINT16, BASE_DEC, VALS(ike_attr_enc_algo), 0x00,
7433 NULL, HFILL }},
7434 { &hf_isakmp_ike_attr_hash_algorithm,
7435 { "HASH Algorithm", "isakmp.ike.attr.hash_algorithm",
7436 FT_UINT16, BASE_DEC, VALS(ike_attr_hash_algo), 0x00,
7437 NULL, HFILL }},
7438 { &hf_isakmp_ike_attr_authentication_method,
7439 { "Authentication Method", "isakmp.ike.attr.authentication_method",
7440 FT_UINT16, BASE_DEC, VALS(ike_attr_authmeth), 0x00,
7441 NULL, HFILL }},
7442 { &hf_isakmp_ike_attr_authentication_method_china,
7443 { "Authentication Method for China IPsec VPN specification", "isakmp.ike.attr.authentication_method_china",
7444 FT_UINT16, BASE_DEC, VALS(ike_attr_authmeth_china), 0x00,
7445 NULL, HFILL }},
7446 { &hf_isakmp_ike_attr_group_description,
7447 { "Group Description", "isakmp.ike.attr.group_description",
7448 FT_UINT16, BASE_DEC, VALS(dh_group), 0x00,
7449 NULL, HFILL }},
7450 { &hf_isakmp_ike_attr_group_type,
7451 { "Group Type", "isakmp.ike.attr.group_type",
7452 FT_UINT16, BASE_DEC, VALS(ike_attr_grp_type), 0x00,
7453 NULL, HFILL }},
7454 { &hf_isakmp_ike_attr_group_prime,
7455 { "Group Prime", "isakmp.ike.attr.group_prime",
7456 FT_BYTES, BASE_NONE, NULL, 0x00,
7457 NULL, HFILL }},
7458 { &hf_isakmp_ike_attr_group_generator_one,
7459 { "Group Generator One", "isakmp.ike.attr.group_generator_one",
7460 FT_BYTES, BASE_NONE, NULL, 0x00,
7461 NULL, HFILL }},
7462 { &hf_isakmp_ike_attr_group_generator_two,
7463 { "Group Generator Two", "isakmp.ike.attr.group_generator_two",
7464 FT_BYTES, BASE_NONE, NULL, 0x00,
7465 NULL, HFILL }},
7466 { &hf_isakmp_ike_attr_group_curve_a,
7467 { "Group Curve A", "isakmp.ike.attr.group_curve_a",
7468 FT_BYTES, BASE_NONE, NULL, 0x00,
7469 NULL, HFILL }},
7470 { &hf_isakmp_ike_attr_group_curve_b,
7471 { "Group Curve B", "isakmp.ike.attr.group_curve_b",
7472 FT_BYTES, BASE_NONE, NULL, 0x00,
7473 NULL, HFILL }},
7474 { &hf_isakmp_ike_attr_life_type,
7475 { "Life Type", "isakmp.ike.attr.life_type",
7476 FT_UINT16, BASE_DEC, VALS(attr_life_type), 0x00,
7477 "The unit (seconds or kilobytes) of the associated Life Duration attribute.", HFILL }},
7478 { &hf_isakmp_ike_attr_life_duration_uint32,
7479 { "Life Duration", "isakmp.ike.attr.life_duration",
7480 FT_UINT32, BASE_DEC, NULL, 0x00,
7481 NULL, HFILL }},
7482 { &hf_isakmp_ike_attr_life_duration_uint64,
7483 { "Life Duration", "isakmp.ike.attr.life_duration64",
7484 FT_UINT64, BASE_DEC, NULL, 0x00,
7485 NULL, HFILL }},
7486 { &hf_isakmp_ike_attr_life_duration_bytes,
7487 { "Life Duration", "isakmp.ike.attr.life_duration_bytes",
7488 FT_BYTES, BASE_NONE, NULL, 0x00,
7489 NULL, HFILL }},
7490 { &hf_isakmp_ike_attr_prf,
7491 { "PRF", "isakmp.ike.attr.prf",
7492 FT_BYTES, BASE_NONE, NULL, 0x00,
7493 NULL, HFILL }},
7494 { &hf_isakmp_ike_attr_key_length,
7495 { "Key Length", "isakmp.ike.attr.key_length",
7496 FT_UINT16, BASE_DEC, NULL, 0x00,
7497 NULL, HFILL }},
7498 { &hf_isakmp_ike_attr_field_size,
7499 { "Field Size", "isakmp.ike.attr.field_size",
7500 FT_BYTES, BASE_NONE, NULL, 0x00,
7501 NULL, HFILL }},
7502 { &hf_isakmp_ike_attr_group_order,
7503 { "Group Order", "isakmp.ike.attr.group_order",
7504 FT_BYTES, BASE_NONE, NULL, 0x00,
7505 NULL, HFILL }},
7506 { &hf_isakmp_ike_attr_block_size,
7507 { "Block Size", "isakmp.ike.attr.block_size",
7508 FT_BYTES, BASE_NONE, NULL, 0x00,
7509 NULL, HFILL }},
7510 { &hf_isakmp_ike_attr_asymmetric_cryptographic_algorithm_type,
7511 { "Asymmetric Cryptographic Algorithm Type", "isakmp.ike.attr.asymmetric_cryptographic_algorithm_type",
7512 FT_UINT16, BASE_DEC, VALS(ike_attr_asym_algo), 0x00,
7513 NULL, HFILL }},
7514
7515 /* Responder Lifetime Notification for IKEv1 SA */
7516 { &hf_isakmp_resp_lifetime_ike_attr.all,
7517 { "IKE Attribute", "isakmp.notify.data.resp_lifetime.ike.attr",
7518 FT_NONE, BASE_NONE, NULL, 0x00,
7519 NULL, HFILL }},
7520 { &hf_isakmp_resp_lifetime_ike_attr.type,
7521 { "Type", "isakmp.notify.data.resp_lifetime.ike.attr.type",
7522 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(ike_attr_type), 0x00,
7523 "IKEv1 Attribute type", HFILL }},
7524 { &hf_isakmp_resp_lifetime_ike_attr.format,
7525 { "Format", "isakmp.notify.data.resp_lifetime.ike.attr.format",
7526 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7527 "IKEv1 Attribute format", HFILL }},
7528 { &hf_isakmp_resp_lifetime_ike_attr.length,
7529 { "Length", "isakmp.notify.data.resp_lifetime.ike.attr.length",
7530 FT_UINT16, BASE_DEC, NULL, 0x00,
7531 "IKEv1 Attribute length", HFILL }},
7532 { &hf_isakmp_resp_lifetime_ike_attr.value,
7533 { "Value", "isakmp.notify.data.resp_lifetime.ike.attr.value",
7534 FT_BYTES, BASE_NONE, NULL, 0x00,
7535 "IKEv1 Attribute value", HFILL }},
7536
7537 { &hf_isakmp_resp_lifetime_ike_attr_life_type,
7538 { "Life Type", "isakmp.notify.data.resp_lifetime.ike.attr.life_type",
7539 FT_UINT16, BASE_DEC, VALS(attr_life_type), 0x00,
7540 "The unit (seconds or kilobytes) of the associated Life Duration attribute.", HFILL }},
7541 { &hf_isakmp_resp_lifetime_ike_attr_life_duration_uint32,
7542 { "Life Duration", "isakmp.notify.data.resp_lifetime.ike.attr.life_duration",
7543 FT_UINT32, BASE_DEC, NULL, 0x00,
7544 NULL, HFILL }},
7545 { &hf_isakmp_resp_lifetime_ike_attr_life_duration_uint64,
7546 { "Life Duration", "isakmp.notify.data.resp_lifetime.ike.attr.life_duration64",
7547 FT_UINT64, BASE_DEC, NULL, 0x00,
7548 NULL, HFILL }},
7549 { &hf_isakmp_resp_lifetime_ike_attr_life_duration_bytes,
7550 { "Life Duration", "isakmp.notify.data.resp_lifetime.ike.attr.life_duration_bytes",
7551 FT_BYTES, BASE_NONE, NULL, 0x00,
7552 NULL, HFILL }},
7553
7554 /* IKEv2 Transform */
7555 { &hf_isakmp_trans_type,
7556 { "Transform Type", "isakmp.tf.type",
7557 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(transform_ike2_type), 0x00,
7558 NULL, HFILL }},
7559
7560 { &hf_isakmp_trans_encr,
7561 { "Transform ID (ENCR)", "isakmp.tf.id.encr",
7562 FT_UINT16, BASE_DEC, VALS(transform_ike2_encr_type), 0x00,
7563 NULL, HFILL }},
7564 { &hf_isakmp_trans_prf,
7565 { "Transform ID (PRF)", "isakmp.tf.id.prf",
7566 FT_UINT16, BASE_DEC, VALS(transform_ike2_prf_type), 0x00,
7567 NULL, HFILL }},
7568 { &hf_isakmp_trans_integ,
7569 { "Transform ID (INTEG)", "isakmp.tf.id.integ",
7570 FT_UINT16, BASE_DEC, VALS(transform_ike2_integ_type), 0x00,
7571 NULL, HFILL }},
7572 { &hf_isakmp_trans_dh,
7573 { "Transform ID (D-H)", "isakmp.tf.id.dh",
7574 FT_UINT16, BASE_DEC, VALS(dh_group), 0x00,
7575 NULL, HFILL }},
7576 { &hf_isakmp_trans_esn,
7577 { "Transform ID (ESN)", "isakmp.tf.id.esn",
7578 FT_UINT16, BASE_DEC, VALS(transform_ike2_esn_type), 0x00,
7579 NULL, HFILL }},
7580 { &hf_isakmp_trans_id_v2,
7581 { "Transform ID", "isakmp.tf.id",
7582 FT_UINT16, BASE_DEC, NULL, 0x00,
7583 NULL, HFILL }},
7584
7585 /* IKEv2 Transform Attributes */
7586 { &hf_isakmp_ike2_attr.all,
7587 { "Transform Attribute", "isakmp.ike2.attr",
7588 FT_NONE, BASE_NONE, NULL, 0x00,
7589 "IKEv2 Transform Attribute", HFILL }},
7590 { &hf_isakmp_ike2_attr.type,
7591 { "Type", "isakmp.ike2.attr.type",
7592 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(transform_ike2_attr_type), 0x00,
7593 "IKEv2 Transform Attribute type", HFILL }},
7594 { &hf_isakmp_ike2_attr.format,
7595 { "Format", "isakmp.ike2.attr.format",
7596 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7597 "IKEv2 Transform Attribute format", HFILL }},
7598 { &hf_isakmp_ike2_attr.length,
7599 { "Length", "isakmp.ike2.attr.length",
7600 FT_UINT16, BASE_DEC, NULL, 0x00,
7601 "IKEv2 Transform Attribute length", HFILL }},
7602 { &hf_isakmp_ike2_attr.value,
7603 { "Value", "isakmp.ike2.attr.value",
7604 FT_BYTES, BASE_NONE, NULL, 0x00,
7605 "IKEv2 Transform Attribute value", HFILL }},
7606 { &hf_isakmp_ike2_attr_key_length,
7607 { "Key Length", "isakmp.ike2.attr.key_length",
7608 FT_UINT16, BASE_DEC, NULL, 0x00,
7609 NULL, HFILL }},
7610
7611
7612 { &hf_isakmp_key_exch_dh_group,
7613 { "DH Group #", "isakmp.key_exchange.dh_group",
7614 FT_UINT16, BASE_DEC, VALS(dh_group), 0x00,
7615 NULL, HFILL }},
7616 { &hf_isakmp_key_exch_data,
7617 { "Key Exchange Data", "isakmp.key_exchange.data",
7618 FT_BYTES, BASE_NONE, NULL, 0x00,
7619 NULL, HFILL }},
7620 { &hf_isakmp_eap_data,
7621 { "EAP Message", "isakmp.eap.data",
7622 FT_BYTES, BASE_NONE, NULL, 0x00,
7623 NULL, HFILL }},
7624
7625 { &hf_isakmp_gspm_data,
7626 { "GSPM", "isakmp.gspm.data",
7627 FT_BYTES, BASE_NONE, NULL, 0x00,
7628 "Generic Secure Password Method", HFILL }},
7629
7630 /* Config Payload */
7631 { &hf_isakmp_cfg_type_v1,
7632 { "Type", "isakmp.cfg.type",
7633 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_cfgtype), 0x0,
7634 "IKEv1 Config Type", HFILL }},
7635 { &hf_isakmp_cfg_identifier,
7636 { "Identifier", "isakmp.cfg.identifier",
7637 FT_UINT16, BASE_DEC, NULL, 0x0,
7638 "IKEv1 Config Identifier", HFILL }},
7639 { &hf_isakmp_cfg_type_v2,
7640 { "Type", "isakmp.cfg.type",
7641 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v2_cfgtype), 0x0,
7642 "IKEv2 Config Type", HFILL }},
7643
7644 /* Config Attributes */
7645 { &hf_isakmp_cfg_attr.all,
7646 { "Config Attribute", "isakmp.cfg.attr",
7647 FT_NONE, BASE_NONE, NULL, 0x00,
7648 NULL, HFILL }},
7649 { &hf_isakmp_cfg_attr_type_v1,
7650 { "Type", "isakmp.cfg.attr.type",
7651 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_cfgattr), 0x00,
7652 "IKEv1 Config Attribute type", HFILL }},
7653 { &hf_isakmp_cfg_attr_type_v2,
7654 { "Type", "isakmp.cfg.attr.type",
7655 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v2_cfgattr), 0x00,
7656 "IKEv2 Config Attribute type", HFILL }},
7657 { &hf_isakmp_cfg_attr.format,
7658 { "Format", "isakmp.cfg.attr.format",
7659 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7660 "Config Attribute format", HFILL }},
7661 { &hf_isakmp_cfg_attr.length,
7662 { "Length", "isakmp.cfg.attr.length",
7663 FT_UINT16, BASE_DEC, NULL, 0x00,
7664 "Config Attribute length", HFILL }},
7665 { &hf_isakmp_cfg_attr.value,
7666 { "Value", "isakmp.cfg.attr.value",
7667 FT_BYTES, BASE_NONE, NULL, 0x00,
7668 "Config Attribute value", HFILL }},
7669 { &hf_isakmp_cfg_attr_internal_ip4_address,
7670 { "INTERNAL IP4 ADDRESS", "isakmp.cfg.attr.internal_ip4_address",
7671 FT_IPv4, BASE_NONE, NULL, 0x00,
7672 "An IPv4 address on the internal network", HFILL }},
7673 { &hf_isakmp_cfg_attr_internal_ip4_netmask,
7674 { "INTERNAL IP4 NETMASK", "isakmp.cfg.attr.internal_ip4_netmask",
7675 FT_IPv4, BASE_NETMASK, NULL, 0x00,
7676 "The internal network's netmask", HFILL }},
7677 { &hf_isakmp_cfg_attr_internal_ip4_dns,
7678 { "INTERNAL IP4 DNS", "isakmp.cfg.attr.internal_ip4_dns",
7679 FT_IPv4, BASE_NONE, NULL, 0x00,
7680 "An IPv4 address of a DNS server within the network", HFILL }},
7681 { &hf_isakmp_cfg_attr_internal_ip4_nbns,
7682 { "INTERNAL IP4 NBNS", "isakmp.cfg.attr.internal_ip4_nbns",
7683 FT_IPv4, BASE_NONE, NULL, 0x00,
7684 "An IPv4 address of a NetBios Name Server (WINS) within the network", HFILL }},
7685 { &hf_isakmp_cfg_attr_internal_address_expiry,
7686 { "INTERNAL ADDRESS EXPIRY (Secs)", "isakmp.cfg.attr.internal_address_expiry",
7687 FT_UINT32, BASE_DEC, NULL, 0x00,
7688 "Specifies the number of seconds that the host can use the internal IP address", HFILL }},
7689 { &hf_isakmp_cfg_attr_internal_ip4_dhcp,
7690 { "INTERNAL IP4 DHCP", "isakmp.cfg.attr.internal_ip4_dhcp",
7691 FT_IPv4, BASE_NONE, NULL, 0x00,
7692 "the host to send any internal DHCP requests to the address", HFILL }},
7693 { &hf_isakmp_cfg_attr_application_version,
7694 { "APPLICATION VERSION", "isakmp.cfg.attr.application_version",
7695 FT_STRING, BASE_NONE, NULL, 0x00,
7696 "The version or application information of the IPsec host", HFILL }},
7697 { &hf_isakmp_cfg_attr_internal_ip6_address_ip,
7698 { "INTERNAL IP6 ADDRESS", "isakmp.cfg.attr.internal_ip6_address",
7699 FT_IPv6, BASE_NONE, NULL, 0x00,
7700 "An IPv6 address on the internal network", HFILL }},
7701 { &hf_isakmp_cfg_attr_internal_ip6_address_prefix,
7702 { "INTERNAL IP6 ADDRESS (PREFIX)", "isakmp.cfg.attr.internal_ip6_address.prefix",
7703 FT_UINT8, BASE_DEC, NULL, 0x00,
7704 NULL, HFILL }},
7705 { &hf_isakmp_cfg_attr_internal_ip6_netmask,
7706 { "INTERNAL IP6 NETMASK", "isakmp.cfg.attr.internal_ip6_netmask",
7707 FT_IPv6, BASE_NONE, NULL, 0x00,
7708 "The internal network's netmask", HFILL }},
7709 { &hf_isakmp_cfg_attr_internal_ip6_dns,
7710 { "INTERNAL IP6 DNS", "isakmp.cfg.attr.internal_ip6_dns",
7711 FT_IPv6, BASE_NONE, NULL, 0x00,
7712 "An IPv6 address of a DNS server within the network", HFILL }},
7713 { &hf_isakmp_cfg_attr_internal_ip6_nbns,
7714 { "INTERNAL IP6 NBNS", "isakmp.cfg.attr.internal_ip6_nbns",
7715 FT_IPv6, BASE_NONE, NULL, 0x00,
7716 "An IPv6 address of a NetBios Name Server (WINS) within the network", HFILL }},
7717 { &hf_isakmp_cfg_attr_internal_ip6_dhcp,
7718 { "INTERNAL IP6 DHCP", "isakmp.cfg.attr.internal_ip6_dhcp",
7719 FT_IPv6, BASE_NONE, NULL, 0x00,
7720 "The host to send any internal DHCP requests to the address", HFILL }},
7721 { &hf_isakmp_cfg_attr_internal_ip4_subnet_ip,
7722 { "INTERNAL IP4 SUBNET (IP)", "isakmp.cfg.attr.internal_ip4_subnet_ip",
7723 FT_IPv4, BASE_NONE, NULL, 0x00,
7724 "The protected sub-networks that this edge-device protects (IP)", HFILL }},
7725 { &hf_isakmp_cfg_attr_internal_ip4_subnet_netmask,
7726 { "INTERNAL IP4 SUBNET (NETMASK)", "isakmp.cfg.attr.internal_ip4_subnet_netmask",
7727 FT_IPv4, BASE_NETMASK, NULL, 0x00,
7728 "The protected sub-networks that this edge-device protects (IP)", HFILL }},
7729 { &hf_isakmp_cfg_attr_supported_attributes,
7730 { "SUPPORTED ATTRIBUTES", "isakmp.cfg.attr.supported_attributes",
7731 FT_UINT16, BASE_DEC, NULL, 0x00,
7732 NULL, HFILL }},
7733 { &hf_isakmp_cfg_attr_internal_ip6_subnet_ip,
7734 { "INTERNAL_IP6_SUBNET (IP)", "isakmp.cfg.attr.internal_ip6_subnet_ip",
7735 FT_IPv6, BASE_NONE, NULL, 0x00,
7736 NULL, HFILL }},
7737 { &hf_isakmp_cfg_attr_internal_ip6_subnet_prefix,
7738 { "INTERNAL_IP6_SUBNET (PREFIX)", "isakmp.cfg.attr.internal_ip6_subnet_prefix",
7739 FT_UINT8, BASE_DEC, NULL, 0x00,
7740 NULL, HFILL }},
7741 { &hf_isakmp_cfg_attr_internal_ip6_link_interface,
7742 { "INTERNAL_IP6_LINK (Link-Local Interface ID)", "isakmp.cfg.attr.internal_ip6_link_interface",
7743 FT_UINT64, BASE_DEC, NULL, 0x00,
7744 "The Interface ID used for link-local address (by the party that sent this attribute)", HFILL }},
7745 { &hf_isakmp_cfg_attr_internal_ip6_link_id,
7746 { "INTERNAL_IP6_LINK (IKEv2 Link ID)", "isakmp.cfg.attr.internal_ip6_link_id",
7747 FT_BYTES, BASE_NONE, NULL, 0x00,
7748 "The Link ID is selected by the VPN gateway and is treated as an opaque octet string by the client.", HFILL }},
7749 { &hf_isakmp_cfg_attr_internal_ip6_prefix_ip,
7750 { "INTERNAL_IP6_PREFIX (IP)", "isakmp.cfg.attr.internal_ip6_prefix_ip",
7751 FT_IPv6, BASE_NONE, NULL, 0x00,
7752 "An IPv6 prefix assigned to the virtual link", HFILL }},
7753 { &hf_isakmp_cfg_attr_internal_ip6_prefix_length,
7754 { "INTERNAL_IP6_PREFIX (Length)", "isakmp.cfg.attr.internal_ip6_prefix_length",
7755 FT_UINT8, BASE_DEC, NULL, 0x00,
7756 "The length of the prefix in bits (usually 64)", HFILL }},
7757 { &hf_isakmp_cfg_attr_p_cscf_ip4_address,
7758 { "P_CSCF_IP4_ADDRESS (IP)", "isakmp.cfg.attr.p_cscf_ip4_address",
7759 FT_IPv4, BASE_NONE, NULL, 0x00,
7760 "An IPv4 address of the P-CSCF server", HFILL }},
7761 { &hf_isakmp_cfg_attr_p_cscf_ip6_address,
7762 { "P_CSCF_IP6_ADDRESS (IP)", "isakmp.cfg.attr.p_cscf_ip6_address",
7763 FT_IPv6, BASE_NONE, NULL, 0x00,
7764 "An IPv6 address of the P-CSCF server", HFILL }},
7765
7766 { &hf_isakmp_cfg_attr_xauth_type,
7767 { "XAUTH TYPE", "isakmp.cfg.attr.xauth.type",
7768 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(cfgattr_xauth_type), 0x00,
7769 "The type of extended authentication requested", HFILL }},
7770 { &hf_isakmp_cfg_attr_xauth_user_name,
7771 { "XAUTH USER NAME", "isakmp.cfg.attr.xauth.user_name",
7772 FT_STRING, BASE_NONE, NULL, 0x00,
7773 "The user name", HFILL }},
7774 { &hf_isakmp_cfg_attr_xauth_user_password,
7775 { "XAUTH USER PASSWORD", "isakmp.cfg.attr.xauth.user_password",
7776 FT_STRING, BASE_NONE, NULL, 0x00,
7777 "The user's password", HFILL }},
7778 { &hf_isakmp_cfg_attr_xauth_passcode,
7779 { "XAUTH PASSCODE", "isakmp.cfg.attr.xauth.passcode",
7780 FT_STRING, BASE_NONE, NULL, 0x00,
7781 "A token card's passcode", HFILL }},
7782 { &hf_isakmp_cfg_attr_xauth_message,
7783 { "XAUTH MESSAGE", "isakmp.cfg.attr.xauth.message",
7784 FT_STRING, BASE_NONE, NULL, 0x00,
7785 "A textual message from an edge device to an IPSec host", HFILL }},
7786 { &hf_isakmp_cfg_attr_xauth_challenge,
7787 { "XAUTH CHALLENGE", "isakmp.cfg.attr.xauth.challenge",
7788 FT_STRING, BASE_NONE, NULL, 0x00,
7789 "A challenge string sent from the edge device to the IPSec host for it to include in its calculation of a password", HFILL }},
7790 { &hf_isakmp_cfg_attr_xauth_domain,
7791 { "XAUTH DOMAIN", "isakmp.cfg.attr.xauth.domain",
7792 FT_STRING, BASE_NONE, NULL, 0x00,
7793 "The domain to be authenticated in", HFILL }},
7794 { &hf_isakmp_cfg_attr_xauth_status,
7795 { "XAUTH STATUS", "isakmp.cfg.attr.xauth.status",
7796 FT_UINT16, BASE_DEC, VALS(cfgattr_xauth_status), 0x00,
7797 "A variable that is used to denote authentication success or failure", HFILL }},
7798 { &hf_isakmp_cfg_attr_xauth_next_pin,
7799 { "XAUTH TYPE", "isakmp.cfg.attr.xauth.next_pin",
7800 FT_STRING, BASE_NONE, NULL, 0x00,
7801 "A variable which is used when the edge device is requesting that the user choose a new pin number", HFILL }},
7802 { &hf_isakmp_cfg_attr_xauth_answer,
7803 { "XAUTH ANSWER", "isakmp.cfg.attr.xauth.answer",
7804 FT_STRING, BASE_NONE, NULL, 0x00,
7805 "A variable length ASCII string used to send input to the edge device", HFILL }},
7806 { &hf_isakmp_cfg_attr_unity_banner,
7807 { "UNITY BANNER", "isakmp.cfg.attr.unity.banner",
7808 FT_STRING, BASE_NONE, NULL, 0x00,
7809 NULL, HFILL }},
7810 { &hf_isakmp_cfg_attr_unity_def_domain,
7811 { "UNITY DEF DOMAIN", "isakmp.cfg.attr.unity.def_domain",
7812 FT_STRING, BASE_NONE, NULL, 0x00,
7813 NULL, HFILL }},
7814
7815 /* SA KEK Payload */
7816 { &hf_isakmp_sak_next_payload,
7817 { "Next Payload", "isakmp.sak.nextpayload",
7818 FT_UINT8, BASE_DEC, NULL, 0x0,
7819 NULL, HFILL }},
7820 { &hf_isakmp_sak_reserved,
7821 { "Reserved", "isakmp.sak.reserved",
7822 FT_UINT8, BASE_DEC, NULL, 0x0,
7823 NULL, HFILL }},
7824 { &hf_isakmp_sak_payload_len ,
7825 { "Payload length", "isakmp.sak.payload_len",
7826 FT_UINT16, BASE_DEC, NULL, 0x0,
7827 NULL, HFILL }},
7828 { &hf_isakmp_sak_protocol,
7829 { "Protocol ID", "isakmp.sak.protoid",
7830 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
7831 NULL, HFILL }},
7832 { &hf_isakmp_sak_src_id_type,
7833 { "SRC ID Type", "isakmp.sak.src_id_type",
7834 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_id_type), 0x0,
7835 NULL, HFILL }},
7836 { &hf_isakmp_sak_src_id_port,
7837 { "SRC ID Port", "isakmp.sak.src_id_port",
7838 FT_UINT16, BASE_DEC, NULL, 0x0,
7839 NULL, HFILL }},
7840 { &hf_isakmp_sak_src_id_length,
7841 { "SRC ID Data Length", "isakmp.sak.src_id_length",
7842 FT_UINT8, BASE_DEC, NULL, 0x0,
7843 NULL, HFILL }},
7844 { &hf_isakmp_sak_src_id_data,
7845 { "SRC ID Data", "isakmp.sak.src_id_data",
7846 FT_BYTES, BASE_NONE, NULL, 0x0,
7847 NULL, HFILL }},
7848 { &hf_isakmp_sak_dst_id_type,
7849 { "DST ID Type", "isakmp.sak.dst_id_type",
7850 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_id_type), 0x0,
7851 NULL, HFILL }},
7852 { &hf_isakmp_sak_dst_id_port,
7853 { "DST ID Port", "isakmp.sak.dst_id_port",
7854 FT_UINT16, BASE_DEC, NULL, 0x0,
7855 NULL, HFILL }},
7856 { &hf_isakmp_sak_dst_id_length,
7857 { "DST ID Data Length", "isakmp.sak.dst_id_length",
7858 FT_UINT8, BASE_DEC, NULL, 0x0,
7859 NULL, HFILL }},
7860 { &hf_isakmp_sak_dst_id_data,
7861 { "DST ID Data", "isakmp.sak.dst_id_data",
7862 FT_BYTES, BASE_NONE, NULL, 0x0,
7863 NULL, HFILL }},
7864 { &hf_isakmp_sak_spi,
7865 { "SPI", "isakmp.sak.spi",
7866 FT_BYTES, BASE_NONE, NULL, 0x0,
7867 NULL, HFILL }},
7868
7869 /* SA TEK Payload */
7870 { &hf_isakmp_sat_next_payload,
7871 { "Next Payload", "isakmp.sat.nextpayload",
7872 FT_UINT8, BASE_DEC, NULL, 0x0,
7873 NULL, HFILL }},
7874 { &hf_isakmp_sat_reserved,
7875 { "Reserved", "isakmp.sat.reserved",
7876 FT_UINT8, BASE_DEC, NULL, 0x0,
7877 NULL, HFILL }},
7878 { &hf_isakmp_sat_payload_len ,
7879 { "Payload length", "isakmp.sat.payload_len",
7880 FT_UINT16, BASE_DEC, NULL, 0x0,
7881 NULL, HFILL }},
7882 { &hf_isakmp_sat_protocol_id,
7883 { "Protocol ID", "isakmp.sat.protocol_id",
7884 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(sat_protocol_ids), 0x0,
7885 NULL, HFILL }},
7886 { &hf_isakmp_sat_protocol,
7887 { "Internet Protocol", "isakmp.sat.protocol",
7888 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
7889 NULL, HFILL }},
7890 { &hf_isakmp_sat_src_id_type,
7891 { "SRC ID Type", "isakmp.sat.src_id_type",
7892 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_id_type), 0x0,
7893 NULL, HFILL }},
7894 { &hf_isakmp_sat_src_id_port,
7895 { "SRC ID Port", "isakmp.sat.src_id_port",
7896 FT_UINT16, BASE_DEC, NULL, 0x0,
7897 NULL, HFILL }},
7898 { &hf_isakmp_sat_src_id_length,
7899 { "SRC ID Data Length", "isakmp.sat.src_id_length",
7900 FT_UINT16, BASE_DEC, NULL, 0x0,
7901 NULL, HFILL }},
7902 { &hf_isakmp_sat_src_id_data,
7903 { "SRC ID Data", "isakmp.sat.src_id_data",
7904 FT_BYTES, BASE_NONE, NULL, 0x0,
7905 NULL, HFILL }},
7906 { &hf_isakmp_sat_dst_id_type,
7907 { "DST ID Type", "isakmp.sat.dst_id_type",
7908 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_id_type), 0x0,
7909 NULL, HFILL }},
7910 { &hf_isakmp_sat_dst_id_port,
7911 { "DST ID Port", "isakmp.sat.dst_id_port",
7912 FT_UINT16, BASE_DEC, NULL, 0x0,
7913 NULL, HFILL }},
7914 { &hf_isakmp_sat_dst_id_length,
7915 { "DST ID Data Length", "isakmp.sat.dst_id_length",
7916 FT_UINT16, BASE_DEC, NULL, 0x0,
7917 NULL, HFILL }},
7918 { &hf_isakmp_sat_dst_id_data,
7919 { "DST ID Data", "isakmp.sat.dst_id_data",
7920 FT_BYTES, BASE_NONE, NULL, 0x0,
7921 NULL, HFILL }},
7922 { &hf_isakmp_sat_transform_id,
7923 { "Transform ID", "isakmp.sat.transform_id",
7924 FT_UINT8, BASE_DEC, NULL, 0x0,
7925 NULL, HFILL }},
7926 { &hf_isakmp_sat_spi,
7927 { "SPI", "isakmp.sat.spi",
7928 FT_BYTES, BASE_NONE, NULL, 0x0,
7929 NULL, HFILL }},
7930 { &hf_isakmp_sat_payload,
7931 { "TEK Payload", "isakmp.sat.payload",
7932 FT_BYTES, BASE_NONE, NULL, 0x0,
7933 NULL, HFILL }},
7934
7935 /* Key Download Payload */
7936 { &hf_isakmp_kd_num_key_pkt,
7937 { "Number of Key Packets", "isakmp.kd.num_pkt",
7938 FT_UINT16, BASE_DEC, NULL, 0x0,
7939 NULL, HFILL }},
7940 { &hf_isakmp_kd_payload,
7941 { "Key Download Payload", "isakmp.kd.payload",
7942 FT_NONE, BASE_NONE, NULL, 0x0,
7943 NULL, HFILL }},
7944 { &hf_isakmp_kdp_type,
7945 { "Type", "isakmp.kd.payload.type",
7946 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(key_download_types), 0x0,
7947 NULL, HFILL }},
7948 { &hf_isakmp_kdp_length,
7949 { "Length", "isakmp.kd.payload.length",
7950 FT_UINT16, BASE_DEC, NULL, 0x0,
7951 NULL, HFILL }},
7952 { &hf_isakmp_kdp_spi_size,
7953 { "SPI Size", "isakmp.kd.payload.spi_size",
7954 FT_UINT8, BASE_DEC, NULL, 0x0,
7955 NULL, HFILL }},
7956 { &hf_isakmp_kdp_spi,
7957 { "SPI", "isakmp.kd.payload.spi",
7958 FT_BYTES, BASE_NONE, NULL, 0x0,
7959 NULL, HFILL }},
7960 /* Sequence Payload */
7961 { &hf_isakmp_seq_seq,
7962 { "Sequence Number", "isakmp.seq.seq",
7963 FT_UINT32, BASE_DEC, NULL, 0x0,
7964 NULL, HFILL }},
7965
7966 { &hf_isakmp_enc_decrypted_data,
7967 { "Decrypted Data", "isakmp.enc.decrypted",
7968 FT_NONE, BASE_NONE, NULL, 0x0,
7969 NULL, HFILL }},
7970 { &hf_isakmp_enc_contained_data,
7971 { "Contained Data", "isakmp.enc.contained",
7972 FT_NONE, BASE_NONE, NULL, 0x0,
7973 NULL, HFILL }},
7974 { &hf_isakmp_enc_padding,
7975 { "Padding", "isakmp.enc.padding",
7976 FT_NONE, BASE_NONE, NULL, 0x0,
7977 NULL, HFILL }},
7978 { &hf_isakmp_enc_pad_length,
7979 { "Pad Length", "isakmp.enc.pad_length",
7980 FT_UINT8, BASE_DEC, NULL, 0x0,
7981 NULL, HFILL }},
7982 { &hf_isakmp_enc_data,
7983 { "Encrypted Data", "isakmp.enc.data",
7984 FT_NONE, BASE_NONE, NULL, 0x0,
7985 NULL, HFILL }},
7986 { &hf_isakmp_enc_iv,
7987 { "Initialization Vector", "isakmp.enc.iv",
7988 FT_BYTES, BASE_NONE, NULL, 0x0,
7989 NULL, HFILL }},
7990 { &hf_isakmp_enc_icd,
7991 { "Integrity Checksum Data", "isakmp.enc.icd",
7992 FT_BYTES, BASE_NONE, NULL, 0x0,
7993 NULL, HFILL }},
7994 { &hf_isakmp_notify_data_3gpp_backoff_timer_len,
7995 { "Length", "isakmp.notify.priv.3gpp.backoff_timer_len",
7996 FT_UINT8, BASE_DEC, NULL, 0x0,
7997 NULL, HFILL }},
7998
7999 { &hf_isakmp_notify_data_3gpp_device_identity_len,
8000 { "Identity Length", "isakmp.notify.priv.3gpp.device_identity_len",
8001 FT_UINT16, BASE_DEC, NULL, 0x0,
8002 NULL, HFILL }},
8003 { &hf_isakmp_notify_data_3gpp_device_identity_type,
8004 { "Identity Type", "isakmp.notify.priv.3gpp.device_identity_type",
8005 FT_UINT8, BASE_DEC, VALS(device_identity_types), 0x0,
8006 NULL, HFILL }},
8007 { &hf_isakmp_notify_data_3gpp_device_identity_imei,
8008 { "IMEI", "isakmp.notify.priv.3gpp.device_identity_imei",
8009 FT_STRING, BASE_NONE, NULL, 0,
8010 NULL, HFILL }},
8011 { &hf_isakmp_notify_data_3gpp_device_identity_imeisv,
8012 { "IMEISV", "isakmp.notify.priv.3gpp.device_identity_imeisv",
8013 FT_STRING, BASE_NONE, NULL, 0,
8014 NULL, HFILL }},
8015
8016 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_len,
8017 { "Total Length", "isakmp.notify.priv.3gpp.emergency_call_numbers_len",
8018 FT_UINT8, BASE_DEC, NULL, 0x0,
8019 NULL, HFILL }},
8020 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_spare,
8021 { "Spare", "isakmp.notify.priv.3gpp.emergency_call_numbers_spare",
8022 FT_UINT8, BASE_DEC, NULL, 0xE0,
8023 NULL, HFILL }},
8024 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_element_len,
8025 { "Length", "isakmp.notify.priv.3gpp.emergency_call_numbers_element_len",
8026 FT_UINT8, BASE_DEC, NULL, 0,
8027 NULL, HFILL }},
8028
8029 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flags,
8030 { "Service Category Value", "isakmp.notify.priv.3gpp.emergency_call_numbers_flags",
8031 FT_UINT8, BASE_HEX, NULL, 0x0,
8032 NULL, HFILL }},
8033
8034 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b1_police,
8035 { "Police", "isakmp.notify.priv.3gpp.emergency_call_numbers_flag_b1_police",
8036 FT_UINT8, BASE_DEC, NULL, 0x01,
8037 NULL, HFILL }},
8038 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b2_ambulance,
8039 { "Ambulance", "isakmp.notify.priv.3gpp.emergency_call_numbers_flag_b2_ambulance",
8040 FT_UINT8, BASE_DEC, NULL, 0x02,
8041 NULL, HFILL }},
8042 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b3_fire_brigade,
8043 { "Fire Brigade", "isakmp.notify.priv.3gpp.emergency_call_numbers_flag_b3_fire_brigade",
8044 FT_UINT8, BASE_DEC, NULL, 0x04,
8045 NULL, HFILL }},
8046 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b4_marine_guard,
8047 { "Marine Guard", "isakmp.notify.priv.3gpp.emergency_call_numbers_b4_marine_guard",
8048 FT_UINT8, BASE_DEC, NULL, 0x08,
8049 NULL, HFILL }},
8050 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b5_mountain_rescue,
8051 { "Mountain Rescue", "isakmp.notify.priv.3gpp.emergency_call_numbers_flag_b5_mountain_rescue",
8052 FT_UINT8, BASE_DEC, NULL, 0x10,
8053 NULL, HFILL }},
8054 { &hf_iskamp_notify_data_3gpp_emergency_call_number,
8055 { "Emergency Number", "isakmp.notify.priv.3gpp.emergency_call_number",
8056 FT_STRING, BASE_NONE, NULL, 0x0,
8057 NULL, HFILL }}
8058 };
8059
8060
8061 static int *ett[] = {
8062 &ett_isakmp,
8063 &ett_isakmp_version,
8064 &ett_isakmp_flags,
8065 &ett_isakmp_payload,
8066 &ett_isakmp_payload_digital_signature,
8067 &ett_isakmp_payload_digital_signature_asn1_data,
8068 &ett_isakmp_fragment,
8069 &ett_isakmp_fragments,
8070 &ett_isakmp_sa,
8071 &ett_isakmp_attr,
8072 &ett_isakmp_id,
8073 &ett_isakmp_notify_data,
8074 &ett_isakmp_notify_data_3gpp_emergency_call_numbers_main,
8075 &ett_isakmp_notify_data_3gpp_emergency_call_numbers_element,
8076 &ett_isakmp_ts,
8077 &ett_isakmp_kd,
8078 &ett_isakmp_decrypted_data,
8079 &ett_isakmp_decrypted_payloads
8080 };
8081
8082 static ei_register_info ei[] = {
8083 { &ei_isakmp_enc_iv, { "isakmp.enc.iv.not_enough_data", PI_MALFORMED, PI_WARN, "Not enough data in IKEv2 Encrypted payload", EXPFILL }},
8084 { &ei_isakmp_ikev2_integrity_checksum, { "isakmp.ikev2.integrity_checksum", PI_CHECKSUM, PI_WARN, "IKEv2 Integrity Checksum Data is incorrect", EXPFILL }},
8085 { &ei_isakmp_enc_data_length_mult_block_size, { "isakmp.enc_data_length_mult_block_size", PI_MALFORMED, PI_WARN, "Encrypted data length isn't a multiple of block size", EXPFILL }},
8086 { &ei_isakmp_enc_pad_length_big, { "isakmp.enc.pad_length.big", PI_MALFORMED, PI_WARN, "Pad length is too big", EXPFILL }},
8087 { &ei_isakmp_attribute_value_empty, { "isakmp.attribute_value_empty", PI_PROTOCOL, PI_NOTE, "Attribute value is empty", EXPFILL }},
8088 { &ei_isakmp_payload_bad_length, { "isakmp.payloadlength.invalid", PI_MALFORMED, PI_ERROR, "Invalid payload length", EXPFILL }},
8089 { &ei_isakmp_bad_fragment_number, { "isakmp.fragment_number.invalid", PI_MALFORMED, PI_ERROR, "Invalid fragment numbering", EXPFILL }},
8090 { &ei_isakmp_notify_data_3gpp_unknown_device_identity, { "isakmp.notify.priv.3gpp.unknown_device_identity", PI_PROTOCOL, PI_WARN, "Type of device identity not known", EXPFILL }},
8091 };
8092
8093 expert_module_t* expert_isakmp;
8094
8095 static uat_field_t ikev1_uat_flds[] = {
8096 UAT_FLD_BUFFER(ikev1_users, icookie, "Initiator's COOKIE", "Initiator's COOKIE"),
8097 UAT_FLD_BUFFER(ikev1_users, key, "Encryption Key", "Encryption Key"),
8098 UAT_END_FIELDS
8099 };
8100
8101 static uat_field_t ikev2_uat_flds[] = {
8102 UAT_FLD_BUFFER(ikev2_users, spii, "Initiator's SPI", "Initiator's SPI value of the IKE_SA"),
8103 UAT_FLD_BUFFER(ikev2_users, spir, "Responder's SPI", "Responder's SPI value of the IKE_SA"),
8104 UAT_FLD_BUFFER(ikev2_users, sk_ei, "SK_ei", "Key used to encrypt/decrypt IKEv2 packets from initiator to responder"),
8105 UAT_FLD_BUFFER(ikev2_users, sk_er, "SK_er", "Key used to encrypt/decrypt IKEv2 packets from responder to initiator"),
8106 UAT_FLD_VS(ikev2_users, encr_alg, "Encryption algorithm", vs_ikev2_encr_algs, "Encryption algorithm of IKE_SA"),
8107 UAT_FLD_BUFFER(ikev2_users, sk_ai, "SK_ai", "Key used to calculate Integrity Checksum Data for IKEv2 packets from initiator to responder"),
8108 UAT_FLD_BUFFER(ikev2_users, sk_ar, "SK_ar", "Key used to calculate Integrity Checksum Data for IKEv2 packets from responder to initiator"),
8109 UAT_FLD_VS(ikev2_users, auth_alg, "Integrity algorithm", vs_ikev2_auth_algs, "Integrity algorithm of IKE_SA"),
8110 UAT_END_FIELDS
8111 };
8112
8113 proto_isakmp = proto_register_protocol("Internet Security Association and Key Management Protocol",
8114 "ISAKMP", "isakmp");
8115 proto_register_field_array(proto_isakmp, hf, array_length(hf));
8116 proto_register_subtree_array(ett, array_length(ett));
8117 expert_isakmp = expert_register_protocol(proto_isakmp);
8118 expert_register_field_array(expert_isakmp, ei, array_length(ei));
8119 register_init_routine(&isakmp_init_protocol);
8120 register_cleanup_routine(&isakmp_cleanup_protocol);
8121 reassembly_table_register(&isakmp_cisco_reassembly_table,
8122 &addresses_reassembly_table_functions);
8123 reassembly_table_register(&isakmp_ike2_reassembly_table,
8124 &addresses_reassembly_table_functions);
8125
8126 isakmp_handle = register_dissector("isakmp", dissect_isakmp, proto_isakmp);
8127
8128 isakmp_module = prefs_register_protocol(proto_isakmp, NULL);
8129 ikev1_uat = uat_new("IKEv1 Decryption Table",
8130 sizeof(ikev1_uat_data_key_t),
8131 "ikev1_decryption_table",
8132 true,
8133 &ikev1_uat_data,
8134 &num_ikev1_uat_data,
8135 UAT_AFFECTS_DISSECTION, /* affects dissection of packets, but not set of named fields */
8136 "ChIKEv1DecryptionSection",
8137 ikev1_uat_data_copy_cb,
8138 ikev1_uat_data_update_cb,
8139 ikev1_uat_data_free_cb,
8140 NULL,
8141 NULL,
8142 ikev1_uat_flds);
8143
8144 prefs_register_uat_preference(isakmp_module,
8145 "ikev1_decryption_table",
8146 "IKEv1 Decryption Table",
8147 "Table of IKE_SA security parameters for decryption of IKEv1 packets",
8148 ikev1_uat);
8149
8150 ikev2_uat = uat_new("IKEv2 Decryption Table",
8151 sizeof(ikev2_uat_data_t),
8152 "ikev2_decryption_table",
8153 true,
8154 &ikev2_uat_data,
8155 &num_ikev2_uat_data,
8156 UAT_AFFECTS_DISSECTION, /* affects dissection of packets, but not set of named fields */
8157 "ChIKEv2DecryptionSection",
8158 ikev2_uat_data_copy_cb,
8159 ikev2_uat_data_update_cb,
8160 ikev2_uat_data_free_cb,
8161 NULL,
8162 NULL,
8163 ikev2_uat_flds);
8164
8165 prefs_register_uat_preference(isakmp_module,
8166 "ikev2_decryption_table",
8167 "IKEv2 Decryption Table",
8168 "Table of IKE_SA security parameters for decryption of IKEv2 packets",
8169 ikev2_uat);
8170 }
8171
8172 void
8173 proto_reg_handoff_isakmp(void)
8174 {
8175 eap_handle = find_dissector_add_dependency("eap", proto_isakmp);
8176 dissector_add_uint_with_preference("udp.port", UDP_PORT_ISAKMP, isakmp_handle);
8177 dissector_add_uint_with_preference("tcp.port", TCP_PORT_ISAKMP, isakmp_handle);
8178 }
8179
8180 /*
8181 * Editor modelines - https://www.wireshark.org/tools/modelines.html
8182 *
8183 * Local variables:
8184 * c-basic-offset: 2
8185 * tab-width: 8
8186 * indent-tabs-mode: nil
8187 * End:
8188 *
8189 * vi: set shiftwidth=2 tabstop=8 expandtab:
8190 * :indentSize=2:tabSize=8:noTabs=true:
8191 */
Metzes wireshark repo