search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-isakmp.c
blob7b4fb0c66976dcbaefe45d8eed15a2a0ba399f32
1 /* packet-isakmp.c
2 * Routines for the Internet Security Association and Key Management Protocol
3 * (ISAKMP) (RFC 2408) and the Internet IP Security Domain of Interpretation
4 * for ISAKMP (RFC 2407)
5 * Brad Robel-Forrest <brad.robel-forrest@watchguard.com>
6 *
7 * Added routines for the Internet Key Exchange (IKEv2) Protocol
8 * (draft-ietf-ipsec-ikev2-17.txt)
9 * Shoichi Sakane <sakane@tanu.org>
10 *
11 * Added routines for RFC3947 Negotiation of NAT-Traversal in the IKE
12 * ronnie sahlberg
13 *
14 * 04/2009 Added routines for decryption of IKEv2 Encrypted Payload
15 * Naoyoshi Ueda <piyomaru3141@gmail.com>
16 *
17 * 08/2016 Added decryption using AES-GCM, AES-CCM and AES-CTR
18 * and verification using AES-GCM, AES-CCM
19 * Michal Skalski <mskalski13@gmail.com>
20 *
21 * Wireshark - Network traffic analyzer
22 * By Gerald Combs <gerald@wireshark.org>
23 * Copyright 1998 Gerald Combs
24 *
25 * SPDX-License-Identifier: GPL-2.0-or-later
26 *
27 * References:
28 * IKEv2 https://tools.ietf.org/html/rfc4306
29 * IKEv2bis https://tools.ietf.org/html/rfc5996
30 *
31 * http://www.iana.org/assignments/isakmp-registry (last updated 2011-11-07)
32 * http://www.iana.org/assignments/ipsec-registry (last updated 2011-03-14)
33 * http://www.iana.org/assignments/ikev2-parameters (last updated 2011-12-19)
34 */
35
36 #include "config.h"
37
38 #include <epan/packet.h>
39 #include <epan/ipproto.h>
40 #include <epan/asn1.h>
41 #include <epan/reassemble.h>
42 #include <epan/prefs.h>
43 #include <epan/expert.h>
44 #include <epan/to_str.h>
45 #include <epan/conversation.h>
46 #include <epan/tfs.h>
47 #include <wsutil/str_util.h>
48 #include "packet-x509if.h"
49 #include "packet-x509af.h"
50 #include "packet-gsm_a_common.h"
51 #include "packet-isakmp.h"
52 #include "packet-ber.h"
53
54 #include <wsutil/wsgcrypt.h>
55 #include <wsutil/array.h>
56 #include <epan/proto_data.h>
57 #include <epan/uat.h>
58
59 void proto_register_isakmp(void);
60 void proto_reg_handoff_isakmp(void);
61
62 typedef struct _attribute_common_fields {
63 int all;
64 int format;
65 int type;
66 int length;
67 int value;
68 } attribute_common_fields;
69
70 static int proto_isakmp;
71
72 static int hf_isakmp_nat_keepalive;
73 static int hf_isakmp_nat_hash;
74 static int hf_isakmp_nat_original_address_ipv6;
75 static int hf_isakmp_nat_original_address_ipv4;
76
77 static int hf_isakmp_ispi;
78 static int hf_isakmp_rspi;
79 static int hf_isakmp_typepayload;
80 static int hf_isakmp_nextpayload;
81 static int hf_isakmp_criticalpayload;
82 static int hf_isakmp_reserved2;
83 static int hf_isakmp_reserved7;
84 static int hf_isakmp_reserved;
85 static int hf_isakmp_datapayload;
86 static int hf_isakmp_extradata;
87 static int hf_isakmp_version;
88 static int hf_isakmp_mjver;
89 static int hf_isakmp_mnver;
90 static int hf_isakmp_exchangetype_v1;
91 static int hf_isakmp_exchangetype_v2;
92 static int hf_isakmp_flags;
93 static int hf_isakmp_flag_e;
94 static int hf_isakmp_flag_c;
95 static int hf_isakmp_flag_a;
96 static int hf_isakmp_flag_i;
97 static int hf_isakmp_flag_v;
98 static int hf_isakmp_flag_r;
99 static int hf_isakmp_messageid;
100 static int hf_isakmp_length;
101 static int hf_isakmp_payloadlen;
102 static int hf_isakmp_sa_doi;
103 static int hf_isakmp_sa_situation;
104 static int hf_isakmp_sa_attribute_next_payload;
105 static int hf_isakmp_sa_situation_identity_only;
106 static int hf_isakmp_sa_situation_secrecy;
107 static int hf_isakmp_sa_situation_integrity;
108 static int hf_isakmp_prop_protoid_v1;
109 static int hf_isakmp_prop_protoid_v2;
110 static int hf_isakmp_prop_number;
111 static int hf_isakmp_prop_transforms;
112 static int hf_isakmp_spisize;
113 static int hf_isakmp_spi;
114 static int hf_isakmp_trans_number;
115 static int hf_isakmp_trans_id;
116 static int hf_isakmp_id_type_v1;
117 static int hf_isakmp_id_type_v2;
118 static int hf_isakmp_id_protoid;
119 static int hf_isakmp_id_port;
120 static int hf_isakmp_id_data;
121 static int hf_isakmp_id_data_ipv4_addr;
122 static int hf_isakmp_id_data_fqdn;
123 static int hf_isakmp_id_data_user_fqdn;
124 static int hf_isakmp_id_data_ipv4_subnet;
125 static int hf_isakmp_id_data_ipv4_range_start;
126 static int hf_isakmp_id_data_ipv4_range_end;
127 static int hf_isakmp_id_data_ipv6_addr;
128 static int hf_isakmp_id_data_ipv6_subnet;
129 static int hf_isakmp_id_data_ipv6_range_start;
130 static int hf_isakmp_id_data_ipv6_range_end;
131 static int hf_isakmp_id_data_key_id;
132 static int hf_isakmp_id_data_cert;
133 static int hf_isakmp_cert_encoding_v1;
134 static int hf_isakmp_cert_encoding_v2;
135 static int hf_isakmp_cert_data;
136 static int hf_isakmp_cert_x509_hash;
137 static int hf_isakmp_cert_x509_url;
138 static int hf_isakmp_certreq_type_v1;
139 static int hf_isakmp_certreq_type_v2;
140 static int hf_isakmp_certreq_authority_v1;
141 static int hf_isakmp_certreq_authority_v2;
142 static int hf_isakmp_certreq_authority_sig;
143 static int hf_isakmp_auth_meth;
144 static int hf_isakmp_auth_data;
145 static int hf_isakmp_auth_digital_sig_asn1_len;
146 static int hf_isakmp_auth_digital_sig_asn1_data;
147 static int hf_isakmp_auth_digital_sig_value;
148 static int hf_isakmp_notify_doi;
149 static int hf_isakmp_notify_protoid_v1;
150 static int hf_isakmp_notify_protoid_v2;
151 static int hf_isakmp_notify_msgtype_v1;
152 static int hf_isakmp_notify_msgtype_v2;
153 static int hf_isakmp_notify_data;
154 static int hf_isakmp_notify_data_dpd_are_you_there;
155 static int hf_isakmp_notify_data_dpd_are_you_there_ack;
156 static int hf_isakmp_notify_data_unity_load_balance;
157 static int hf_isakmp_notify_data_fortinet_network_overlay_id;
158 static int hf_isakmp_notify_data_accepted_dh_group;
159 static int hf_isakmp_notify_data_ipcomp_cpi;
160 static int hf_isakmp_notify_data_ipcomp_transform_id;
161 static int hf_isakmp_notify_data_auth_lifetime;
162 static int hf_isakmp_notify_data_redirect_gw_ident_type;
163 static int hf_isakmp_notify_data_redirect_gw_ident_len;
164 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv4;
165 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv6;
166 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident_fqdn;
167 static int hf_isakmp_notify_data_redirect_new_resp_gw_ident;
168 static int hf_isakmp_notify_data_redirect_nonce_data;
169 static int hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv4;
170 static int hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv6;
171 static int hf_isakmp_notify_data_redirect_org_resp_gw_ident;
172 static int hf_isakmp_notify_data_ticket_lifetime;
173 static int hf_isakmp_notify_data_ticket_data;
174
175 static attribute_common_fields hf_isakmp_notify_data_rohc_attr;
176 static int hf_isakmp_notify_data_rohc_attr_max_cid;
177 static int hf_isakmp_notify_data_rohc_attr_profile;
178 static int hf_isakmp_notify_data_rohc_attr_integ;
179 static int hf_isakmp_notify_data_rohc_attr_icv_len;
180 static int hf_isakmp_notify_data_rohc_attr_mrru;
181 static int hf_isakmp_notify_data_qcd_token_secret_data;
182 static int hf_isakmp_notify_data_ha_nonce_data;
183 static int hf_isakmp_notify_data_ha_expected_send_req_msg_id;
184 static int hf_isakmp_notify_data_ha_expected_recv_req_msg_id;
185 static int hf_isakmp_notify_data_ha_incoming_ipsec_sa_delta_value;
186 static int hf_isakmp_notify_data_secure_password_methods;
187 static int hf_isakmp_notify_data_signature_hash_algorithms;
188 static int hf_isakmp_delete_doi;
189 static int hf_isakmp_delete_protoid_v1;
190 static int hf_isakmp_delete_protoid_v2;
191 static int hf_isakmp_delete_spi;
192 static int hf_isakmp_vid_bytes;
193 static int hf_isakmp_vid_string;
194 static int hf_isakmp_vid_cp_product;
195 static int hf_isakmp_vid_cp_version;
196 static int hf_isakmp_vid_cp_timestamp;
197 static int hf_isakmp_vid_cp_reserved;
198 static int hf_isakmp_vid_cp_features;
199 static int hf_isakmp_vid_cisco_unity_major;
200 static int hf_isakmp_vid_cisco_unity_minor;
201 static int hf_isakmp_vid_ms_nt5_isakmpoakley;
202 static int hf_isakmp_vid_aruba_via_auth_profile;
203 static int hf_isakmp_vid_fortinet_fortigate_release;
204 static int hf_isakmp_vid_fortinet_fortigate_build;
205 static int hf_isakmp_ts_number_of_ts;
206 static int hf_isakmp_ts_type;
207 static int hf_isakmp_ts_protoid;
208 static int hf_isakmp_ts_selector_length;
209 static int hf_isakmp_ts_start_port;
210 static int hf_isakmp_ts_end_port;
211 static int hf_isakmp_ts_start_addr_ipv4;
212 static int hf_isakmp_ts_end_addr_ipv4;
213 static int hf_isakmp_ts_start_addr_ipv6;
214 static int hf_isakmp_ts_end_addr_ipv6;
215 static int hf_isakmp_ts_start_addr_fc;
216 static int hf_isakmp_ts_end_addr_fc;
217 static int hf_isakmp_ts_start_r_ctl;
218 static int hf_isakmp_ts_end_r_ctl;
219 static int hf_isakmp_ts_start_type;
220 static int hf_isakmp_ts_end_type;
221 static int hf_isakmp_ts_data;
222 static int hf_isakmp_num_spis;
223 static int hf_isakmp_hash;
224 static int hf_isakmp_sig;
225 static int hf_isakmp_nonce;
226 static int hf_isakmp_symmetric_key;
227
228 static int hf_isakmp_notify_data_3gpp_backoff_timer_len;
229
230 static int hf_isakmp_notify_data_3gpp_device_identity_len;
231 static int hf_isakmp_notify_data_3gpp_device_identity_type;
232 static int hf_isakmp_notify_data_3gpp_device_identity_imei;
233 static int hf_isakmp_notify_data_3gpp_device_identity_imeisv;
234
235 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_len;
236 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_spare;
237 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_element_len;
238 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_flags;
239
240 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b1_police;
241 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b2_ambulance;
242 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b3_fire_brigade;
243 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b4_marine_guard;
244 static int hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b5_mountain_rescue;
245
246 static int hf_iskamp_notify_data_3gpp_emergency_call_number;
247
248 static attribute_common_fields hf_isakmp_tek_key_attr;
249
250 static attribute_common_fields hf_isakmp_ipsec_attr;
251 static int hf_isakmp_ipsec_attr_life_type;
252 static int hf_isakmp_ipsec_attr_life_duration_uint32;
253 static int hf_isakmp_ipsec_attr_life_duration_uint64;
254 static int hf_isakmp_ipsec_attr_life_duration_bytes;
255 static int hf_isakmp_ipsec_attr_group_description;
256 static int hf_isakmp_ipsec_attr_encap_mode;
257 static int hf_isakmp_ipsec_attr_auth_algorithm;
258 static int hf_isakmp_ipsec_attr_key_length;
259 static int hf_isakmp_ipsec_attr_key_rounds;
260 static int hf_isakmp_ipsec_attr_cmpr_dict_size;
261 static int hf_isakmp_ipsec_attr_cmpr_algorithm;
262 static int hf_isakmp_ipsec_attr_ecn_tunnel;
263 static int hf_isakmp_ipsec_attr_ext_seq_nbr;
264 static int hf_isakmp_ipsec_attr_auth_key_length;
265 static int hf_isakmp_ipsec_attr_sig_enco_algorithm;
266 static int hf_isakmp_ipsec_attr_addr_preservation;
267 static int hf_isakmp_ipsec_attr_sa_direction;
268
269 static attribute_common_fields hf_isakmp_resp_lifetime_ipsec_attr;
270 static int hf_isakmp_resp_lifetime_ipsec_attr_life_type;
271 static int hf_isakmp_resp_lifetime_ipsec_attr_life_duration_uint32;
272 static int hf_isakmp_resp_lifetime_ipsec_attr_life_duration_uint64;
273 static int hf_isakmp_resp_lifetime_ipsec_attr_life_duration_bytes;
274
275 static attribute_common_fields hf_isakmp_ike_attr;
276 static int hf_isakmp_ike_attr_encryption_algorithm;
277 static int hf_isakmp_ike_attr_hash_algorithm;
278 static int hf_isakmp_ike_attr_authentication_method;
279 static int hf_isakmp_ike_attr_authentication_method_china;
280 static int hf_isakmp_ike_attr_group_description;
281 static int hf_isakmp_ike_attr_group_type;
282 static int hf_isakmp_ike_attr_group_prime;
283 static int hf_isakmp_ike_attr_group_generator_one;
284 static int hf_isakmp_ike_attr_group_generator_two;
285 static int hf_isakmp_ike_attr_group_curve_a;
286 static int hf_isakmp_ike_attr_group_curve_b;
287 static int hf_isakmp_ike_attr_life_type;
288 static int hf_isakmp_ike_attr_life_duration_uint32;
289 static int hf_isakmp_ike_attr_life_duration_uint64;
290 static int hf_isakmp_ike_attr_life_duration_bytes;
291 static int hf_isakmp_ike_attr_prf;
292 static int hf_isakmp_ike_attr_key_length;
293 static int hf_isakmp_ike_attr_field_size;
294 static int hf_isakmp_ike_attr_group_order;
295 static int hf_isakmp_ike_attr_block_size;
296 static int hf_isakmp_ike_attr_asymmetric_cryptographic_algorithm_type;
297
298 static attribute_common_fields hf_isakmp_resp_lifetime_ike_attr;
299 static int hf_isakmp_resp_lifetime_ike_attr_life_type;
300 static int hf_isakmp_resp_lifetime_ike_attr_life_duration_uint32;
301 static int hf_isakmp_resp_lifetime_ike_attr_life_duration_uint64;
302 static int hf_isakmp_resp_lifetime_ike_attr_life_duration_bytes;
303
304 static int hf_isakmp_trans_type;
305 static int hf_isakmp_trans_encr;
306 static int hf_isakmp_trans_prf;
307 static int hf_isakmp_trans_integ;
308 static int hf_isakmp_trans_dh;
309 static int hf_isakmp_trans_esn;
310 static int hf_isakmp_trans_id_v2;
311
312 static attribute_common_fields hf_isakmp_ike2_attr;
313 static int hf_isakmp_ike2_attr_key_length;
314
315 static int hf_isakmp_fragments;
316 static int hf_isakmp_fragment;
317 static int hf_isakmp_fragment_overlap;
318 static int hf_isakmp_fragment_overlap_conflicts;
319 static int hf_isakmp_fragment_multiple_tails;
320 static int hf_isakmp_fragment_too_long_fragment;
321 static int hf_isakmp_fragment_error;
322 static int hf_isakmp_fragment_count;
323 static int hf_isakmp_reassembled_in;
324 static int hf_isakmp_reassembled_length;
325
326 static int hf_isakmp_ike2_fragment_number;
327 static int hf_isakmp_ike2_total_fragments;
328
329 static int hf_isakmp_cisco_frag_packetid;
330 static int hf_isakmp_cisco_frag_seq;
331 static int hf_isakmp_cisco_frag_last;
332
333 static int hf_isakmp_key_exch_dh_group;
334 static int hf_isakmp_key_exch_data;
335 static int hf_isakmp_eap_data;
336
337 static int hf_isakmp_gspm_data;
338
339 static int hf_isakmp_cfg_type_v1;
340 static int hf_isakmp_cfg_identifier;
341 static int hf_isakmp_cfg_type_v2;
342
343 static attribute_common_fields hf_isakmp_cfg_attr;
344 static int hf_isakmp_cfg_attr_type_v1;
345 static int hf_isakmp_cfg_attr_type_v2;
346
347 static int hf_isakmp_cfg_attr_internal_ip4_address;
348 static int hf_isakmp_cfg_attr_internal_ip4_netmask;
349 static int hf_isakmp_cfg_attr_internal_ip4_dns;
350 static int hf_isakmp_cfg_attr_internal_ip4_nbns;
351 static int hf_isakmp_cfg_attr_internal_address_expiry;
352 static int hf_isakmp_cfg_attr_internal_ip4_dhcp;
353 static int hf_isakmp_cfg_attr_application_version;
354 static int hf_isakmp_cfg_attr_internal_ip6_address_ip;
355 static int hf_isakmp_cfg_attr_internal_ip6_address_prefix;
356 static int hf_isakmp_cfg_attr_internal_ip6_netmask;
357 static int hf_isakmp_cfg_attr_internal_ip6_dns;
358 static int hf_isakmp_cfg_attr_internal_ip6_nbns;
359 static int hf_isakmp_cfg_attr_internal_ip6_dhcp;
360 static int hf_isakmp_cfg_attr_internal_ip4_subnet_ip;
361 static int hf_isakmp_cfg_attr_internal_ip4_subnet_netmask;
362 static int hf_isakmp_cfg_attr_supported_attributes;
363 static int hf_isakmp_cfg_attr_internal_ip6_subnet_ip;
364 static int hf_isakmp_cfg_attr_internal_ip6_subnet_prefix;
365 static int hf_isakmp_cfg_attr_internal_ip6_link_interface;
366 static int hf_isakmp_cfg_attr_internal_ip6_link_id;
367 static int hf_isakmp_cfg_attr_internal_ip6_prefix_ip;
368 static int hf_isakmp_cfg_attr_internal_ip6_prefix_length;
369 static int hf_isakmp_cfg_attr_p_cscf_ip4_address;
370 static int hf_isakmp_cfg_attr_p_cscf_ip6_address;
371 static int hf_isakmp_cfg_attr_xauth_type;
372 static int hf_isakmp_cfg_attr_xauth_user_name;
373 static int hf_isakmp_cfg_attr_xauth_user_password;
374 static int hf_isakmp_cfg_attr_xauth_passcode;
375 static int hf_isakmp_cfg_attr_xauth_message;
376 static int hf_isakmp_cfg_attr_xauth_challenge;
377 static int hf_isakmp_cfg_attr_xauth_domain;
378 static int hf_isakmp_cfg_attr_xauth_status;
379 static int hf_isakmp_cfg_attr_xauth_next_pin;
380 static int hf_isakmp_cfg_attr_xauth_answer;
381 static int hf_isakmp_cfg_attr_unity_banner;
382 static int hf_isakmp_cfg_attr_unity_def_domain;
383
384 static int hf_isakmp_sak_next_payload;
385 static int hf_isakmp_sak_reserved;
386 static int hf_isakmp_sak_payload_len;
387 static int hf_isakmp_sak_protocol;
388 static int hf_isakmp_sak_src_id_type;
389 static int hf_isakmp_sak_src_id_port;
390 static int hf_isakmp_sak_src_id_length;
391 static int hf_isakmp_sak_src_id_data;
392 static int hf_isakmp_sak_dst_id_type;
393 static int hf_isakmp_sak_dst_id_port;
394 static int hf_isakmp_sak_dst_id_length;
395 static int hf_isakmp_sak_dst_id_data;
396 static int hf_isakmp_sak_spi;
397
398 static int hf_isakmp_sat_next_payload;
399 static int hf_isakmp_sat_reserved;
400 static int hf_isakmp_sat_payload_len;
401 static int hf_isakmp_sat_protocol_id;
402 static int hf_isakmp_sat_protocol;
403 static int hf_isakmp_sat_src_id_type;
404 static int hf_isakmp_sat_src_id_port;
405 static int hf_isakmp_sat_src_id_length;
406 static int hf_isakmp_sat_src_id_data;
407 static int hf_isakmp_sat_dst_id_type;
408 static int hf_isakmp_sat_dst_id_port;
409 static int hf_isakmp_sat_dst_id_length;
410 static int hf_isakmp_sat_dst_id_data;
411 static int hf_isakmp_sat_transform_id;
412 static int hf_isakmp_sat_spi;
413 static int hf_isakmp_sat_payload;
414
415 static int hf_isakmp_kd_num_key_pkt;
416 static int hf_isakmp_kd_payload;
417 static int hf_isakmp_kdp_type;
418 static int hf_isakmp_kdp_length;
419 static int hf_isakmp_kdp_spi_size;
420 static int hf_isakmp_kdp_spi;
421
422 static int hf_isakmp_seq_seq;
423
424 static int hf_isakmp_enc_decrypted_data;
425 static int hf_isakmp_enc_contained_data;
426 static int hf_isakmp_enc_pad_length;
427 static int hf_isakmp_enc_padding;
428 static int hf_isakmp_enc_data;
429 static int hf_isakmp_enc_iv;
430 static int hf_isakmp_enc_icd;
431
432 static int ett_isakmp;
433 static int ett_isakmp_version;
434 static int ett_isakmp_flags;
435 static int ett_isakmp_payload;
436 static int ett_isakmp_payload_digital_signature;
437 static int ett_isakmp_payload_digital_signature_asn1_data;
438 static int ett_isakmp_fragment;
439 static int ett_isakmp_fragments;
440 static int ett_isakmp_sa;
441 static int ett_isakmp_attr;
442 static int ett_isakmp_id;
443 static int ett_isakmp_notify_data;
444 static int ett_isakmp_notify_data_3gpp_emergency_call_numbers_main;
445 static int ett_isakmp_notify_data_3gpp_emergency_call_numbers_element;
446 static int ett_isakmp_ts;
447 static int ett_isakmp_kd;
448 /* For decrypted IKEv2 Encrypted payload*/
449 static int ett_isakmp_decrypted_data;
450 static int ett_isakmp_decrypted_payloads;
451
452 static expert_field ei_isakmp_enc_iv;
453 static expert_field ei_isakmp_ikev2_integrity_checksum;
454 static expert_field ei_isakmp_enc_data_length_mult_block_size;
455 static expert_field ei_isakmp_enc_pad_length_big;
456 static expert_field ei_isakmp_attribute_value_empty;
457 static expert_field ei_isakmp_payload_bad_length;
458 static expert_field ei_isakmp_bad_fragment_number;
459 static expert_field ei_isakmp_notify_data_3gpp_unknown_device_identity;
460
461 static dissector_handle_t eap_handle;
462 static dissector_handle_t isakmp_handle;
463
464
465 static reassembly_table isakmp_cisco_reassembly_table;
466 static reassembly_table isakmp_ike2_reassembly_table;
467
468 static const fragment_items isakmp_frag_items = {
469 /* Fragment subtrees */
470 &ett_isakmp_fragment,
471 &ett_isakmp_fragments,
472 /* Fragment fields */
473 &hf_isakmp_fragments,
474 &hf_isakmp_fragment,
475 &hf_isakmp_fragment_overlap,
476 &hf_isakmp_fragment_overlap_conflicts,
477 &hf_isakmp_fragment_multiple_tails,
478 &hf_isakmp_fragment_too_long_fragment,
479 &hf_isakmp_fragment_error,
480 &hf_isakmp_fragment_count,
481 /* Reassembled in field */
482 &hf_isakmp_reassembled_in,
483 /* Reassembled length field */
484 &hf_isakmp_reassembled_length,
485 /* Reassembled data field */
486 NULL,
487 /* Tag */
488 "Message fragments"
489 };
490 /* IKE port number assigned by IANA */
491 #define UDP_PORT_ISAKMP 500
492 #define TCP_PORT_ISAKMP 500
493
494 /*
495 * Identifier Type
496 * RFC2407 for IKEv1
497 * RFC3554 for ID_LIST
498 * RFC4306 for IKEv2
499 * RFC4595 for ID_FC_NAME
500 */
501 #define IKE_ID_IPV4_ADDR 1
502 #define IKE_ID_FQDN 2
503 #define IKE_ID_USER_FQDN 3
504 #define IKE_ID_IPV4_ADDR_SUBNET 4
505 #define IKE_ID_IPV6_ADDR 5
506 #define IKE_ID_IPV6_ADDR_SUBNET 6
507 #define IKE_ID_IPV4_ADDR_RANGE 7
508 #define IKE_ID_IPV6_ADDR_RANGE 8
509 #define IKE_ID_DER_ASN1_DN 9
510 #define IKE_ID_DER_ASN1_GN 10
511 #define IKE_ID_KEY_ID 11
512 #define IKE_ID_LIST 12
513 #define IKE_ID_FC_NAME 12
514 #define IKE_ID_RFC822_ADDR 3
515 /*
516 * Traffic Selector Type
517 * Not in use for IKEv1
518 */
519 #define IKEV2_TS_IPV4_ADDR_RANGE 7
520 #define IKEV2_TS_IPV6_ADDR_RANGE 8
521 #define IKEV2_TS_FC_ADDR_RANGE 9 /* RFC 4595 */
522 /*
523 * Configuration Payload Attribute Types
524 * draft-ietf-ipsec-isakmp-mode-cfg-05.txt for IKEv1
525 * draft-ietf-ipsec-isakmp-xauth-06.txt and draft-beaulieu-ike-xauth-02.txt for XAUTH
526 * RFC4306 for IKEv2
527 * RFC5739 for INTERNAL_IP6_LINK and INTERNAL_IP6_PREFIX
528 * draft-gundavelli-ipsecme-3gpp-ims-options for P_CSCF_IP4_ADDRESS and P_CSCF_IP6_ADDRESS
529 */
530 #define INTERNAL_IP4_ADDRESS 1
531 #define INTERNAL_IP4_NETMASK 2
532 #define INTERNAL_IP4_DNS 3
533 #define INTERNAL_IP4_NBNS 4
534 #define INTERNAL_ADDRESS_EXPIRY 5
535 #define INTERNAL_IP4_DHCP 6
536 #define APPLICATION_VERSION 7
537 #define INTERNAL_IP6_ADDRESS 8
538 #define INTERNAL_IP6_NETMASK 9
539 #define INTERNAL_IP6_DNS 10
540 #define INTERNAL_IP6_NBNS 11
541 #define INTERNAL_IP6_DHCP 12
542 #define INTERNAL_IP4_SUBNET 13
543 #define SUPPORTED_ATTRIBUTES 14
544 #define INTERNAL_IP6_SUBNET 15
545 #define MIP6_HOME_PREFIX 16
546 #define INTERNAL_IP6_LINK 17
547 #define INTERNAL_IP6_PREFIX 18
548 #define P_CSCF_IP4_ADDRESS 20
549 #define P_CSCF_IP6_ADDRESS 21
550 /* checkpoint configuration attributes */
551 #define CHKPT_DEF_DOMAIN 16387
552 #define CHKPT_MAC_ADDRESS 16388
553 #define CHKPT_MARCIPAN_REASON_CODE 16389
554 #define CHKPT_UNKNOWN1 16400
555 #define CHKPT_UNKNOWN2 16401
556 #define CHKPT_UNKNOWN3 16402
557 /* XAUTH configuration attributes */
558 #define XAUTH_TYPE 16520
559 #define XAUTH_USER_NAME 16521
560 #define XAUTH_USER_PASSWORD 16522
561 #define XAUTH_PASSCODE 16523
562 #define XAUTH_MESSAGE 16524
563 #define XAUTH_CHALLENGE 16525
564 #define XAUTH_DOMAIN 16526
565 #define XAUTH_STATUS 16527
566 #define XAUTH_NEXT_PIN 16528
567 #define XAUTH_ANSWER 16529
568 /* unity (CISCO) configuration attributes */
569 #define UNITY_BANNER 28672
570 #define UNITY_SAVE_PASSWD 28673
571 #define UNITY_DEF_DOMAIN 28674
572 #define UNITY_SPLIT_DOMAIN 28675
573 #define UNITY_SPLIT_INCLUDE 28676
574 #define UNITY_NATT_PORT 28677
575 #define UNITY_SPLIT_EXCLUDE 28678
576 #define UNITY_PFS 28679
577 #define UNITY_FW_TYPE 28680
578 #define UNITY_BACKUP_SERVERS 28681
579 #define UNITY_DDNS_HOSTNAME 28682
580
581 /* Payload Type
582 * RFC2408 / RFC3547 for IKEv1
583 * RFC4306 for IKEv2
584 */
585 #define PLOAD_IKE_NONE 0
586 #define PLOAD_IKE_SA 1
587 #define PLOAD_IKE_P 2
588 #define PLOAD_IKE_T 3
589 #define PLOAD_IKE_KE 4
590 #define PLOAD_IKE_ID 5
591 #define PLOAD_IKE_CERT 6
592 #define PLOAD_IKE_CR 7
593 #define PLOAD_IKE_HASH 8
594 #define PLOAD_IKE_SIG 9
595 #define PLOAD_IKE_NONCE 10
596 #define PLOAD_IKE_N 11
597 #define PLOAD_IKE_D 12
598 #define PLOAD_IKE_VID 13
599 #define PLOAD_IKE_A 14
600 #define PLOAD_IKE_SAK 15
601 #define PLOAD_IKE_SAT 16
602 #define PLOAD_IKE_KD 17
603 #define PLOAD_IKE_SEQ 18
604 #define PLOAD_IKE_POP 19
605 #define PLOAD_IKE_NAT_D 20
606 #define PLOAD_IKE_NAT_OA 21
607 #define PLOAD_IKE_GAP 22
608 #define PLOAD_IKE2_SA 33
609 #define PLOAD_IKE2_KE 34
610 #define PLOAD_IKE2_IDI 35
611 #define PLOAD_IKE2_IDR 36
612 #define PLOAD_IKE2_CERT 37
613 #define PLOAD_IKE2_CERTREQ 38
614 #define PLOAD_IKE2_AUTH 39
615 #define PLOAD_IKE2_NONCE 40
616 #define PLOAD_IKE2_N 41
617 #define PLOAD_IKE2_D 42
618 #define PLOAD_IKE2_V 43
619 #define PLOAD_IKE2_TSI 44
620 #define PLOAD_IKE2_TSR 45
621 #define PLOAD_IKE2_SK 46
622 #define PLOAD_IKE2_CP 47
623 #define PLOAD_IKE2_EAP 48
624 #define PLOAD_IKE2_GSPM 49
625 #define PLOAD_IKE2_IDG 50
626 #define PLOAD_IKE2_GSA 51
627 #define PLOAD_IKE2_KD 52
628 #define PLOAD_IKE2_SKF 53
629 #define PLOAD_IKE_SK 128
630 #define PLOAD_IKE_NAT_D13 130
631 #define PLOAD_IKE_NAT_OA14 131
632 #define PLOAD_IKE_CISCO_FRAG 132
633 /*
634 * IPSEC Situation Definition (RFC2407)
635 */
636 #define SIT_IDENTITY_ONLY 0x00000001
637 #define SIT_SECRECY 0x00000002
638 #define SIT_INTEGRITY 0x00000004
639
640
641 static const value_string exchange_v1_type[] = {
642 { 0, "NONE" },
643 { 1, "Base" },
644 { 2, "Identity Protection (Main Mode)" },
645 { 3, "Authentication Only" },
646 { 4, "Aggressive" },
647 { 5, "Informational" },
648 { 6, "Transaction (Config Mode)" },
649 { 32, "Quick Mode" },
650 { 33, "New Group Mode" },
651 { 0, NULL },
652 };
653
654 static const value_string exchange_v2_type[] = {
655 { 34, "IKE_SA_INIT" },
656 { 35, "IKE_AUTH" },
657 { 36, "CREATE_CHILD_SA" },
658 { 37, "INFORMATIONAL" },
659 { 38, "IKE_SESSION_RESUME" }, /* RFC5723 */
660 { 39, "GSA_AUTH" }, /* draft-yeung-g-ikev2 */
661 { 40, "GSA_REGISTRATION" }, /* draft-yeung-g-ikev2 */
662 { 41, "GSA_REKEY " }, /* draft-yeung-g-ikev2 */
663 { 42, "Unassigned" },
664 { 43, "IKE_INTERMEDIATE" }, /* [RFC9242] */
665 { 44, "IKE_FOLLOWUP_KE" }, /* [RFC9370] */
666 { 0, NULL },
667 };
668
669 static const value_string frag_last_vals[] = {
670 { 0, "More fragments" },
671 { 1, "Last fragment" },
672 { 0, NULL },
673 };
674 /* Ex vs_proto */
675 static const value_string protoid_v1_type[] = {
676 { 0, "RESERVED" },
677 { 1, "ISAKMP" },
678 { 2, "IPSEC_AH" },
679 { 3, "IPSEC_ESP" },
680 { 4, "IPCOMP" },
681 { 5, "GIGABEAM_RADIO" }, /* RFC4705 */
682 { 0, NULL },
683 };
684
685 static const value_string protoid_v2_type[] = {
686 { 0, "RESERVED" },
687 { 1, "IKE" },
688 { 2, "AH" },
689 { 3, "ESP" },
690 { 4, "FC_ESP_HEADER" },
691 { 5, "FC_CT_AUTHENTICATION" },
692 { 0, NULL },
693 };
694
695 static const range_string payload_type[] = {
696 { PLOAD_IKE_NONE,PLOAD_IKE_NONE, "NONE / No Next Payload" },
697 { PLOAD_IKE_SA,PLOAD_IKE_SA, "Security Association" },
698 { PLOAD_IKE_P,PLOAD_IKE_P, "Proposal" },
699 { PLOAD_IKE_T,PLOAD_IKE_T, "Transform" },
700 { PLOAD_IKE_KE,PLOAD_IKE_KE, "Key Exchange" },
701 { PLOAD_IKE_ID,PLOAD_IKE_ID, "Identification" },
702 { PLOAD_IKE_CERT,PLOAD_IKE_CERT, "Certificate" },
703 { PLOAD_IKE_CR,PLOAD_IKE_CR, "Certificate Request" },
704 { PLOAD_IKE_HASH,PLOAD_IKE_HASH, "Hash" },
705 { PLOAD_IKE_SIG,PLOAD_IKE_SIG, "Signature" },
706 { PLOAD_IKE_NONCE,PLOAD_IKE_NONCE, "Nonce" },
707 { PLOAD_IKE_N,PLOAD_IKE_N, "Notification" },
708 { PLOAD_IKE_D,PLOAD_IKE_D, "Delete" },
709 { PLOAD_IKE_VID,PLOAD_IKE_VID, "Vendor ID" },
710 { PLOAD_IKE_A,PLOAD_IKE_A, "Attributes" }, /* draft-ietf-ipsec-isakmp-mode-cfg-05.txt */
711 { PLOAD_IKE_SAK,PLOAD_IKE_SAK, "SA KEK Payload" }, /* Reassigned with RFC3547; formerly: draft-ietf-ipsec-nat-t-ike-04 to 08 */
712 { PLOAD_IKE_SAT,PLOAD_IKE_SAT, "SA TEK Payload"}, /* Reassigned with RFC3547; formerly: draft-ietf-ipsec-nat-t-ike-05 to 08*/
713 { PLOAD_IKE_KD,PLOAD_IKE_KD, "Key Download" },
714 { PLOAD_IKE_SEQ,PLOAD_IKE_SEQ, "Sequence Number" },
715 { PLOAD_IKE_POP,PLOAD_IKE_POP, "Proof of Possession" }, /* According to RFC6407 deprecated */
716 { PLOAD_IKE_NAT_D,PLOAD_IKE_NAT_D, "NAT-D (RFC 3947)" },
717 { PLOAD_IKE_NAT_OA,PLOAD_IKE_NAT_OA, "NAT-OA (RFC 3947)"},
718 { PLOAD_IKE_GAP,PLOAD_IKE_GAP, "Group Associated Policy"},
719 { PLOAD_IKE2_SA,PLOAD_IKE2_SA, "Security Association"},
720 { PLOAD_IKE2_KE,PLOAD_IKE2_KE, "Key Exchange"},
721 { PLOAD_IKE2_IDI,PLOAD_IKE2_IDI, "Identification - Initiator"},
722 { PLOAD_IKE2_IDR,PLOAD_IKE2_IDR, "Identification - Responder"},
723 { PLOAD_IKE2_CERT,PLOAD_IKE2_CERT, "Certificate"},
724 { PLOAD_IKE2_CERTREQ,PLOAD_IKE2_CERTREQ, "Certificate Request"},
725 { PLOAD_IKE2_AUTH,PLOAD_IKE2_AUTH, "Authentication"},
726 { PLOAD_IKE2_NONCE,PLOAD_IKE2_NONCE, "Nonce"},
727 { PLOAD_IKE2_N,PLOAD_IKE2_N, "Notify"},
728 { PLOAD_IKE2_D,PLOAD_IKE2_D, "Delete"},
729 { PLOAD_IKE2_V,PLOAD_IKE2_V, "Vendor ID"},
730 { PLOAD_IKE2_TSI,PLOAD_IKE2_TSI, "Traffic Selector - Initiator"},
731 { PLOAD_IKE2_TSR,PLOAD_IKE2_TSR, "Traffic Selector - Responder"},
732 { PLOAD_IKE2_SK,PLOAD_IKE2_SK, "Encrypted and Authenticated"},
733 { PLOAD_IKE2_CP,PLOAD_IKE2_CP, "Configuration"},
734 { PLOAD_IKE2_EAP,PLOAD_IKE2_EAP, "Extensible Authentication"},
735 { PLOAD_IKE2_GSPM,PLOAD_IKE2_GSPM, "Generic Secure Password Method"},
736 { PLOAD_IKE2_IDG,PLOAD_IKE2_IDG, "Group Identification"},
737 { PLOAD_IKE2_GSA,PLOAD_IKE2_GSA, "Group Security Association"},
738 { PLOAD_IKE2_KD,PLOAD_IKE2_KD, "Key Download"},
739 { PLOAD_IKE2_SKF,PLOAD_IKE2_SKF, "Encrypted and Authenticated Fragment"},
740 { 54,127, "Unassigned" },
741 { PLOAD_IKE_SK,PLOAD_IKE_SK, "Symmetric-key"},
742 { 129,129, "Private Use" },
743 { PLOAD_IKE_NAT_D13,PLOAD_IKE_NAT_D13, "NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03)"},
744 { PLOAD_IKE_NAT_OA14,PLOAD_IKE_NAT_OA14, "NAT-OA (draft-ietf-ipsec-nat-t-ike-01 to 03)"},
745 { PLOAD_IKE_CISCO_FRAG,PLOAD_IKE_CISCO_FRAG, "Cisco-Fragmentation"},
746 { 133,256, "Private Use" },
747 { 0,0, NULL },
748 };
749
750 /*
751 * ISAKMP Domain of Interpretation (DOI)
752 * RFC2408 for ISAKMP
753 * RFC2407 for IPSEC
754 * RFC3547 for GDOI
755 */
756 static const value_string doi_type[] = {
757 { 0, "ISAKMP" },
758 { 1, "IPSEC" },
759 { 2, "GDOI" },
760 { 0, NULL },
761 };
762
763 /* Transform Type */
764
765 #define IPSEC_ATTR_LIFE_TYPE 1
766 #define IPSEC_ATTR_LIFE_DURATION 2
767 #define IPSEC_ATTR_GROUP_DESC 3
768 #define IPSEC_ATTR_ENCAP_MODE 4
769 #define IPSEC_ATTR_AUTH_ALGORITHM 5
770 #define IPSEC_ATTR_KEY_LENGTH 6
771 #define IPSEC_ATTR_KEY_ROUNDS 7
772 #define IPSEC_ATTR_CMPR_DICT_SIZE 8
773 #define IPSEC_ATTR_CMPR_ALGORITHM 9
774 #define IPSEC_ATTR_ECN_TUNNEL 10 /* [RFC3168] */
775 #define IPSEC_ATTR_EXT_SEQ_NBR 11 /* [RFC4304] */
776 #define IPSEC_ATTR_AUTH_KEY_LENGTH 12 /* [RFC4359] */
777 #define IPSEC_ATTR_SIG_ENCO_ALGORITHM 13 /* [RFC4359] */
778 #define IPSEC_ATTR_ADDR_PRESERVATION 14 /* [RFC6407] */
779 #define IPSEC_ATTR_SA_DIRECTION 15 /* [RFC6407] */
780
781 static const range_string ipsec_attr_type[] = {
782 { 1,1, "SA-Life-Type" },
783 { 2,2, "SA-Life-Duration" },
784 { 3,3, "Group-Description" },
785 { 4,4, "Encapsulation-Mode" },
786 { 5,5, "Authentication-Algorithm" },
787 { 6,6, "Key-Length" },
788 { 7,7, "Key-Rounds" },
789 { 8,8, "Compress-Dictionary-Size" },
790 { 9,9, "Compress-Private-Algorithm" },
791 { 10,10, "ECN Tunnel" },
792 { 11,11, "Extended (64-bit) Sequence Number" },
793 { 12,12, "Authentication Key Length" },
794 { 13,13, "Signature Encoding Algorithm" },
795 { 14,14, "Address Preservation" },
796 { 15,15, "SA Direction" },
797 { 16,32000, "Unassigned (Future use)" },
798 { 32001,32767, "Private use" },
799 { 0,0, NULL },
800 };
801
802 #define KEY_ATTR_TEK_RSERVED 0
803 #define KEY_ATTR_TEK_ALGORITHM 1
804 #define KEY_ATTR_TEK_INTEGRITY 2
805 #define KEY_ATTR_TEK_SRC_AUTH 3
806
807 static const range_string tek_key_attr_type[] = {
808 { 1,1, "TEK_ALGORITHM_KEY" },
809 { 2,2, "TEK_INTEGRITY_KEY" },
810 { 3,3, "TEK_SOURCE_AUTH_KEY" },
811 { 4,137, "Unassigned (Future use)" },
812 { 128,255, "Private use" },
813 { 256,32767, "Unassigned (Future use)" },
814 { 0,0, NULL },
815 };
816
817 /* Transform IKE Type */
818 #define IKE_ATTR_ENCRYPTION_ALGORITHM 1
819 #define IKE_ATTR_HASH_ALGORITHM 2
820 #define IKE_ATTR_AUTHENTICATION_METHOD 3
821 #define IKE_ATTR_GROUP_DESCRIPTION 4
822 #define IKE_ATTR_GROUP_TYPE 5
823 #define IKE_ATTR_GROUP_PRIME 6
824 #define IKE_ATTR_GROUP_GENERATOR_ONE 7
825 #define IKE_ATTR_GROUP_GENERATOR_TWO 8
826 #define IKE_ATTR_GROUP_CURVE_A 9
827 #define IKE_ATTR_GROUP_CURVE_B 10
828 #define IKE_ATTR_LIFE_TYPE 11
829 #define IKE_ATTR_LIFE_DURATION 12
830 #define IKE_ATTR_PRF 13
831 #define IKE_ATTR_KEY_LENGTH 14
832 #define IKE_ATTR_FIELD_SIZE 15
833 #define IKE_ATTR_GROUP_ORDER 16
834 #define IKE_ATTR_BLOCK_SIZE 17
835 #define IKE_ATTR_ACAT 20
836
837
838
839 static const range_string ike_attr_type[] = {
840 { 1,1, "Encryption-Algorithm" },
841 { 2,2, "Hash-Algorithm" },
842 { 3,3, "Authentication-Method" },
843 { 4,4, "Group-Description" },
844 { 5,5, "Group-Type" },
845 { 6,6, "Group-Prime" },
846 { 7,7, "Group-Generator-One" },
847 { 8,8, "Group-Generator-Two" },
848 { 9,9, "Group-Curve-A" },
849 { 10,10, "Group-Curve-B" },
850 { 11,11, "Life-Type" },
851 { 12,12, "Life-Duration" },
852 { 13,13, "PRF" },
853 { 14,14, "Key-Length" },
854 { 15,15, "Field-Size" },
855 { 16,16, "Group-Order" },
856 { 17,17, "Block-Size" },
857 { 18,19, "Unassigned (Future use)" },
858 { 20,20, "Asymmetric-Cryptographic-Algorithm-Type" },
859 { 21,16383, "Unassigned (Future use)" },
860 { 16384,32767, "Private use" },
861 { 0,0, NULL },
862 };
863
864 #if 0
865 static const value_string vs_v2_sttr[] = {
866 { 1, "SA-Life-Type" },
867 { 2, "SA-Life-Duration" },
868 { 3, "Group-Description" },
869 { 4, "Encapsulation-Mode" },
870 { 5, "Authentication-Algorithm" },
871 { 6, "Key-Length" },
872 { 7, "Key-Rounds" },
873 { 8, "Compress-Dictionary-Size" },
874 { 9, "Compress-Private-Algorithm" },
875 { 10, "ECN Tunnel" },
876 { 0, NULL },
877 };
878 #endif
879
880 static const value_string vs_v1_trans_isakmp[] = {
881 { 0, "RESERVED" },
882 { 1, "KEY_IKE" },
883 { 0, NULL },
884 };
885
886 static const value_string vs_v1_trans_ah[] = {
887 { 0, "RESERVED" },
888 { 1, "RESERVED" },
889 { 2, "MD5" },
890 { 3, "SHA" },
891 { 4, "DES" },
892 { 5, "SHA2-256" },
893 { 6, "SHA2-384" },
894 { 7, "SHA2-512" },
895 { 0, NULL },
896 };
897
898 static const value_string vs_v1_trans_esp[] = {
899 { 0, "RESERVED" },
900 { 1, "DES-IV64" },
901 { 2, "DES" },
902 { 3, "3DES" },
903 { 4, "RC5" },
904 { 5, "IDEA" },
905 { 6, "CAST" },
906 { 7, "BLOWFISH" },
907 { 8, "3IDEA" },
908 { 9, "DES-IV32" },
909 { 10, "RC4" },
910 { 11, "NULL" },
911 { 12, "AES" },
912 { 0, NULL },
913 };
914
915 static const value_string transform_id_ipcomp[] = {
916 { 0, "RESERVED" },
917 { 1, "OUI" },
918 { 2, "DEFLATE" },
919 { 3, "LZS" },
920 { 4, "LZJH" },
921 { 0, NULL },
922 };
923 static const value_string redirect_gateway_identity_type[] = {
924 { 1, "IPv4 address" },
925 { 2, "IPv6 address" },
926 { 3, "FQDN" },
927 { 0, NULL },
928 };
929 static const value_string attr_life_type[] = {
930 { 0, "RESERVED" },
931 { 1, "Seconds" },
932 { 2, "Kilobytes" },
933 { 0, NULL },
934 };
935
936 static const value_string ipsec_attr_encap_mode[] = {
937 { 0, "RESERVED" },
938 { 1, "Tunnel" },
939 { 2, "Transport" },
940 { 3, "UDP-Encapsulated-Tunnel" }, /* RFC3947 */
941 { 4, "UDP-Encapsulated-Transport" }, /* RFC3947 */
942 { 61440, "Check Point IPSec UDP Encapsulation" },
943 { 61443, "UDP-Encapsulated-Tunnel (draft)" },
944 { 61444, "UDP-Encapsulated-Transport (draft)" },
945 { 0, NULL },
946 };
947
948 static const value_string ipsec_attr_auth_algo[] = {
949 { 0, "RESERVED" },
950 { 1, "HMAC-MD5" },
951 { 2, "HMAC-SHA" },
952 { 3, "DES-MAC" },
953 { 4, "KPDK" },
954 { 5, "HMAC-SHA2-256" },
955 { 6, "HMAC-SHA2-384" },
956 { 7, "HMAC-SHA2-512" },
957 { 8, "HMAC-RIPEMD" }, /* [RFC2857] */
958 { 9, "AES-XCBC-MAC" }, /* [RFC3566] */
959 { 10, "SIG-RSA" }, /* [RFC4359] */
960 { 11, "AES-128-GMAC" }, /* [RFC4543][Errata1821] */
961 { 12, "AES-192-GMAC" }, /* [RFC4543][Errata1821] */
962 { 13, "AES-256-GMAC" }, /* [RFC4543][Errata1821] */
963
964 /*
965 Values 11-61439 are reserved to IANA. Values 61440-65535 are
966 for private use.
967 */
968 { 0, NULL },
969 };
970
971 #define ENC_DES_CBC 1
972 #define ENC_IDEA_CBC 2
973 #define ENC_BLOWFISH_CBC 3
974 #define ENC_RC5_R16_B64_CBC 4
975 #define ENC_3DES_CBC 5
976 #define ENC_CAST_CBC 6
977 #define ENC_AES_CBC 7
978 #define ENC_CAMELLIA_CBC 8
979 #define ENC_SM4_CBC_DEPRECATED 127
980 #define ENC_SM1_CBC 128
981 #define ENC_SM4_CBC 129
982
983 static const value_string ike_attr_enc_algo[] = {
984 { 0, "RESERVED" },
985 { ENC_DES_CBC, "DES-CBC" },
986 { ENC_IDEA_CBC, "IDEA-CBC" },
987 { ENC_BLOWFISH_CBC, "BLOWFISH-CBC" },
988 { ENC_RC5_R16_B64_CBC, "RC5-R16-B64-CBC" },
989 { ENC_3DES_CBC, "3DES-CBC" },
990 { ENC_CAST_CBC, "CAST-CBC" },
991 { ENC_AES_CBC, "AES-CBC" },
992 { ENC_CAMELLIA_CBC, "CAMELLIA-CBC" },
993 { ENC_SM4_CBC_DEPRECATED, "SM4-CBC (DEPRECATED)" },
994 { ENC_SM1_CBC, "SM1-CBC" },
995 { ENC_SM4_CBC, "SM4-CBC" },
996 { 0, NULL },
997 };
998
999 #define HMAC_MD5 1
1000 #define HMAC_SHA 2
1001 #define HMAC_TIGER 3
1002 #define HMAC_SHA2_256 4
1003 #define HMAC_SHA2_384 5
1004 #define HMAC_SHA2_512 6
1005 #define HMAC_SM3 20
1006
1007 static const value_string ike_attr_hash_algo[] = {
1008 { 0, "RESERVED" },
1009 { HMAC_MD5, "MD5" },
1010 { HMAC_SHA, "SHA" },
1011 { HMAC_TIGER, "TIGER" },
1012 { HMAC_SHA2_256, "SHA2-256" },
1013 { HMAC_SHA2_384, "SHA2-384" },
1014 { HMAC_SHA2_512, "SHA2-512" },
1015 { HMAC_SM3, "SM3" },
1016 { 0, NULL },
1017 };
1018
1019 #define ASYMMETRIC_RSA 1
1020 #define ASYMMETRIC_SM2 2
1021
1022 static const value_string ike_attr_asym_algo[] = {
1023 { ASYMMETRIC_RSA, "RSA" },
1024 { ASYMMETRIC_SM2, "SM2" },
1025 { 0, NULL },
1026 };
1027
1028 static const value_string ipsec_attr_ecn_tunnel[] = {
1029 { 0, "RESERVED" },
1030 { 1, "Allowed" },
1031 { 2, "Forbidden" },
1032 { 0, NULL },
1033 };
1034
1035 static const value_string ipsec_attr_ext_seq_nbr[] = {
1036 { 0, "RESERVED" },
1037 { 1, "64-bit Sequence Number" },
1038 { 0, NULL },
1039 };
1040
1041 #if 0
1042 static const value_string transform_attr_sig_enco_algo_type[] = {
1043 { 0, "RESERVED" },
1044 { 1, "RSASSA-PKCS1-v1_5" },
1045 { 2, "RSASSA-PSS" },
1046 { 0, NULL },
1047 };
1048 #endif
1049
1050 static const value_string ipsec_attr_addr_preservation[] = {
1051 { 0, "Reserved" },
1052 { 1, "None" },
1053 { 2, "Source-Only" },
1054 { 3, "Destination-Only" },
1055 { 4, "Source-and-Destination" },
1056 { 0, NULL },
1057 };
1058
1059 static const value_string ipsec_attr_sa_direction[] = {
1060 { 0, "Reserved" },
1061 { 1, "Sender-Only" },
1062 { 2, "Receiver-Only" },
1063 { 3, "Symmetric" },
1064 { 0, NULL },
1065 };
1066
1067 static const value_string ike_attr_authmeth[] = {
1068 /* ipsec-registry.xhtml */
1069 { 0, "RESERVED" },
1070 { 1, "Pre-shared key" },
1071 { 2, "DSS signatures" },
1072 { 3, "RSA signatures" },
1073 { 4, "Encryption with RSA" },
1074 { 5, "Revised encryption with RSA" },
1075 { 6, "Reserved (was Encryption with El-Gamal)" },
1076 { 7, "Reserved (was Revised encryption with El-Gamal)" },
1077 { 8, "Reserved (was ECDSA signatures)" },
1078 { 9, "ECDSA with SHA-256 on the P-256 curve" },
1079 { 10, "ECDSA with SHA-384 on the P-384 curve" },
1080 { 11, "ECDSA with SHA-512 on the P-521 curve" },
1081 /* draft-ietf-ipsec-isakmp-hybrid-auth-05 */
1082 { 64221, "HybridInitRSA" },
1083 { 64222, "HybridRespRSA" },
1084 { 64223, "HybridInitDSS" },
1085 { 64224, "HybridRespDSS" },
1086 /* draft-beaulieu-ike-xauth-02 */
1087 { 65001, "XAUTHInitPreShared" },
1088 { 65002, "XAUTHRespPreShared" },
1089 { 65003, "XAUTHInitDSS" },
1090 { 65004, "XAUTHRespDSS" },
1091 { 65005, "XAUTHInitRSA" },
1092 { 65006, "XAUTHRespRSA" },
1093 { 65007, "XAUTHInitRSAEncryption" },
1094 { 65008, "XAUTHRespRSAEncryption" },
1095 { 65009, "XAUTHInitRSARevisedEncryption" },
1096 { 65010, "XAUTHRespRSARevisedEncryption" },
1097 { 0, NULL },
1098 };
1099
1100 /* For GM/T 0022 IPSec VPN specification
1101 This specification only define one value for authmeth
1102 */
1103 static const value_string ike_attr_authmeth_china[] = {
1104 { 10, "Digital Envelope" },
1105 { 0, NULL },
1106 };
1107
1108 static const value_string dh_group[] = {
1109 { 0, "UNDEFINED - 0" },
1110 { 1, "Default 768-bit MODP group" },
1111 { 2, "Alternate 1024-bit MODP group" },
1112 { 3, "EC2N group on GP[2^155] group" },
1113 { 4, "EC2N group on GP[2^185] group" },
1114 { 5, "1536 bit MODP group" },
1115 { 6, "EC2N group over GF[2^163]" },
1116 { 7, "EC2N group over GF[2^163]" },
1117 { 8, "EC2N group over GF[2^283]" },
1118 { 9, "EC2N group over GF[2^283]" },
1119 { 10, "EC2N group over GF[2^409]" },
1120 { 11, "EC2N group over GF[2^409]" },
1121 { 12, "EC2N group over GF[2^571]" },
1122 { 13, "EC2N group over GF[2^571]" },
1123 { 14, "2048 bit MODP group" },
1124 { 15, "3072 bit MODP group" },
1125 { 16, "4096 bit MODP group" },
1126 { 17, "6144 bit MODP group" },
1127 { 18, "8192 bit MODP group" },
1128 { 19, "256-bit random ECP group" },
1129 { 20, "384-bit random ECP group" },
1130 { 21, "521-bit random ECP group" },
1131 { 22, "1024-bit MODP Group with 160-bit Prime Order Subgroup" },
1132 { 23, "2048-bit MODP Group with 224-bit Prime Order Subgroup" },
1133 { 24, "2048-bit MODP Group with 256-bit Prime Order Subgroup" },
1134 { 25, "192-bit Random ECP Group" },
1135 { 26, "224-bit Random ECP Group" },
1136 { 27, "224-bit Brainpool ECP group" },
1137 { 28, "256-bit Brainpool ECP group" },
1138 { 29, "384-bit Brainpool ECP group" },
1139 { 30, "512-bit Brainpool ECP group" },
1140 { 31, "Curve25519" },
1141 { 32, "Curve448" },
1142 { 33, "GOST3410_2012_256" },
1143 { 34, "GOST3410_2012_512" },
1144 { 35, "ML-KEM-512" },
1145 { 36, "ML-KEM-768" },
1146 { 37, "ML-KEM-1024" },
1147 { 0, NULL }
1148 };
1149
1150 static const value_string ike_attr_grp_type[] = {
1151 { 0, "UNDEFINED - 0" },
1152 { 1, "MODP" },
1153 { 2, "ECP" },
1154 { 3, "EC2N" },
1155 { 0, NULL },
1156 };
1157
1158 #define TF_IKE2_ENCR 1
1159 #define TF_IKE2_PRF 2
1160 #define TF_IKE2_INTEG 3
1161 #define TF_IKE2_DH 4
1162 #define TF_IKE2_ESN 5
1163 #define TF_IKE2_ADDKE1 6
1164 #define TF_IKE2_ADDKE2 7
1165 #define TF_IKE2_ADDKE3 8
1166 #define TF_IKE2_ADDKE4 9
1167 #define TF_IKE2_ADDKE5 10
1168 #define TF_IKE2_ADDKE6 11
1169 #define TF_IKE2_ADDKE7 12
1170
1171 static const range_string transform_ike2_type[] = {
1172 { 0,0, "RESERVED" },
1173 { TF_IKE2_ENCR,TF_IKE2_ENCR, "Encryption Algorithm (ENCR)" },
1174 { TF_IKE2_PRF,TF_IKE2_PRF, "Pseudo-random Function (PRF)"},
1175 { TF_IKE2_INTEG,TF_IKE2_INTEG,"Integrity Algorithm (INTEG)"},
1176 { TF_IKE2_DH,TF_IKE2_DH, "Diffie-Hellman Group (D-H)"},
1177 { TF_IKE2_ESN,TF_IKE2_ESN, "Extended Sequence Numbers (ESN)"},
1178 { TF_IKE2_ADDKE1,TF_IKE2_ADDKE1, "ADDKE1"},
1179 { TF_IKE2_ADDKE2,TF_IKE2_ADDKE2, "ADDKE2"},
1180 { TF_IKE2_ADDKE3,TF_IKE2_ADDKE3, "ADDKE3"},
1181 { TF_IKE2_ADDKE4,TF_IKE2_ADDKE4, "ADDKE4"},
1182 { TF_IKE2_ADDKE5,TF_IKE2_ADDKE5, "ADDKE5"},
1183 { TF_IKE2_ADDKE6,TF_IKE2_ADDKE6, "ADDKE6"},
1184 { TF_IKE2_ADDKE7,TF_IKE2_ADDKE7, "ADDKE7"},
1185 { 13,240, "Reserved to IANA"},
1186 { 241,255, "Private Use"},
1187 { 0,0, NULL },
1188 };
1189 /* For Transform Type 1 (Encryption Algorithm), defined Transform IDs */
1190 static const value_string transform_ike2_encr_type[] = {
1191 { 0, "RESERVED" },
1192 { 1, "ENCR_DES_IV64" },
1193 { 2, "ENCR_DES" },
1194 { 3, "ENCR_3DES" },
1195 { 4, "ENCR_RC5" },
1196 { 5, "ENCR_IDEA" },
1197 { 6, "ENCR_CAST" },
1198 { 7, "ENCR_BLOWFISH" },
1199 { 8, "ENCR_3IDEA" },
1200 { 9, "ENCR_DES_IV32" },
1201 { 10, "RESERVED" },
1202 { 11, "ENCR_NULL" },
1203 { 12, "ENCR_AES_CBC" },
1204 { 13, "ENCR_AES_CTR" }, /* [RFC3686] */
1205 { 14, "ENCR_AES-CCM_8" }, /* [RFC4309] */
1206 { 15, "ENCR-AES-CCM_12" }, /* [RFC4309] */
1207 { 16, "ENCR-AES-CCM_16" }, /* [RFC4309] */
1208 { 17, "UNASSIGNED" },
1209 { 18, "AES-GCM with a 8 octet ICV" }, /* [RFC4106] */
1210 { 19, "AES-GCM with a 12 octet ICV" }, /* [RFC4106] */
1211 { 20, "AES-GCM with a 16 octet ICV" }, /* [RFC4106] */
1212 { 21, "ENCR_NULL_AUTH_AES_GMAC" }, /* [RFC4543] */
1213 { 22, "Reserved for IEEE P1619 XTS-AES" }, /* [Ball] */
1214 { 23, "ENCR_CAMELLIA_CBC" }, /* [RFC5529] */
1215 { 24, "ENCR_CAMELLIA_CTR" }, /* [RFC5529] */
1216 { 25, "ENCR_CAMELLIA_CCM with an 8-octet ICV" }, /* [RFC5529] */
1217 { 26, "ENCR_CAMELLIA_CCM with a 12-octet ICV" }, /* [RFC5529] */
1218 { 27, "ENCR_CAMELLIA_CCM with a 16-octet ICV" }, /* [RFC5529] */
1219 { 28, "ENCR_CHACHA20_POLY1305" }, /* [RFC7634] */
1220 /*
1221 * 29-1023 RESERVED TO IANA [RFC4306]
1222 * 1024-65535 PRIVATE USE [RFC4306]
1223 */
1224 { 0, NULL },
1225 };
1226
1227 /* For Transform Type 2 (Pseudo-random Function), defined Transform IDs */
1228 static const value_string transform_ike2_prf_type[] = {
1229 { 0, "RESERVED" },
1230 { 1, "PRF_HMAC_MD5" },
1231 { 2, "PRF_HMAC_SHA1" },
1232 { 3, "PRF_HMAC_TIGER" },
1233 { 4, "PRF_AES128_CBC" },
1234 { 5, "PRF_HMAC_SHA2_256" }, /* [RFC4868] */
1235 { 6, "PRF_HMAC_SHA2_384" }, /* [RFC4868] */
1236 { 7, "PRF_HMAC_SHA2_512" }, /* [RFC4868] */
1237 { 8, "PRF_AES128_CMAC6" }, /* [RFC4615] */
1238 /*
1239 9-1023 RESERVED TO IANA [RFC4306]
1240 1024-65535 PRIVATE USE [RFC4306]
1241 */
1242 { 0, NULL },
1243 };
1244
1245 /* For Transform Type 3 (Integrity Algorithm), defined Transform IDs */
1246 static const value_string transform_ike2_integ_type[] = {
1247 { 0, "NONE" },
1248 { 1, "AUTH_HMAC_MD5_96" },
1249 { 2, "AUTH_HMAC_SHA1_96" },
1250 { 3, "AUTH_DES_MAC" },
1251 { 4, "AUTH_KPDK_MD5" },
1252 { 5, "AUTH_AES_XCBC_96" },
1253 { 6, "AUTH_HMAC_MD5_128" }, /* [RFC4595] */
1254 { 7, "AUTH_HMAC_SHA1_160" }, /* [RFC4595] */
1255 { 8, "AUTH_AES_CMAC_96" }, /* [RFC4494] */
1256 { 9, "AUTH_AES_128_GMAC" }, /* [RFC4543] */
1257 { 10, "AUTH_AES_192_GMAC" }, /* [RFC4543] */
1258 { 11, "AUTH_AES_256_GMAC" }, /* [RFC4543] */
1259 { 12, "AUTH_HMAC_SHA2_256_128" }, /* [RFC4868] */
1260 { 13, "AUTH_HMAC_SHA2_384_192" }, /* [RFC4868] */
1261 { 14, "AUTH_HMAC_SHA2_512_256" }, /* [RFC4868] */
1262 /*
1263 15-1023 RESERVED TO IANA [RFC4306]
1264 1024-65535 PRIVATE USE [RFC4306]
1265 */
1266 { 0, NULL },
1267 };
1268 /* For Transform Type 5 (Extended Sequence Numbers), defined Transform */
1269 static const value_string transform_ike2_esn_type[] = {
1270 { 0, "No Extended Sequence Numbers" },
1271 { 1, "Extended Sequence Numbers" },
1272 { 0, NULL },
1273 };
1274 /* Transform IKE2 Type */
1275 #define IKE2_ATTR_KEY_LENGTH 14
1276
1277 static const range_string transform_ike2_attr_type[] = {
1278 { 0,13, "Reserved" },
1279 { 14,14, "Key Length" },
1280 { 15,17, "Reserved" },
1281 { 18,16383, "Unassigned (Future use)" },
1282 { 16384,32767, "Private use" },
1283 { 0,0, NULL },
1284 };
1285
1286 static const range_string cert_v1_type[] = {
1287 { 0,0, "NONE" },
1288 { 1,1, "PKCS #7 wrapped X.509 certificate" },
1289 { 2,2, "PGP Certificate" },
1290 { 3,3, "DNS Signed Key" },
1291 { 4,4, "X.509 Certificate - Signature" },
1292 { 5,5, "X.509 Certificate - Key Exchange" },
1293 { 6,6, "Kerberos Tokens" },
1294 { 7,7, "Certificate Revocation List (CRL)" },
1295 { 8,8, "Authority Revocation List (ARL)" },
1296 { 9,9, "SPKI Certificate" },
1297 { 10,10, "X.509 Certificate - Attribute" },
1298 { 11,255, "RESERVED" },
1299 { 0,0, NULL },
1300 };
1301
1302 static const range_string cert_v2_type[] = {
1303 { 0,0, "RESERVED" },
1304 { 1,1, "PKCS #7 wrapped X.509 certificate" },
1305 { 2,2, "PGP Certificate" },
1306 { 3,3, "DNS Signed Key" },
1307 { 4,4, "X.509 Certificate - Signature" },
1308 { 5,5, "*undefined by any document*" },
1309 { 6,6, "Kerberos Tokens" },
1310 { 7,7, "Certificate Revocation List (CRL)" },
1311 { 8,8, "Authority Revocation List (ARL)" },
1312 { 9,9, "SPKI Certificate" },
1313 { 10,10, "X.509 Certificate - Attribute" },
1314 { 11,11, "Raw RSA Key" },
1315 { 12,12, "Hash and URL of X.509 certificate" },
1316 { 13,13, "Hash and URL of X.509 bundle" },
1317 { 14,14, "OCSP Content" }, /* [RFC4806] */
1318 { 15,200, "RESERVED to IANA" },
1319 { 201,255, "PRIVATE USE" },
1320 { 0,0, NULL },
1321 };
1322
1323 #define AUTH_METH_DIGITAL_SIGNATURE 14
1324
1325 static const range_string authmeth_v2_type[] = {
1326 { 0,0, "RESERVED TO IANA" },
1327 { 1,1, "RSA Digital Signature" },
1328 { 2,2, "Shared Key Message Integrity Code" },
1329 { 3,3, "DSS Digital Signature" },
1330 { 4,8, "RESERVED TO IANA" },
1331 { 9,9, "ECDSA with SHA-256 on the P-256 curve" }, /* RFC4754 */
1332 { 10,10, "ECDSA with SHA-384 on the P-384 curve" }, /* RFC4754 */
1333 { 11,11, "ECDSA with SHA-512 on the P-521 curve" }, /* RFC4754 */
1334 { 12,12, "Generic Secure Password Authentication Method" }, /* RFC6467 */
1335 { 13,13, "NULL Authentication" }, /* RFC7619 */
1336 { 14,14, "Digital Signature" }, /* RFC7427 */
1337 { 15,200, "RESERVED TO IANA" },
1338 { 201,255, "PRIVATE USE" },
1339 { 0,0, NULL },
1340 };
1341
1342 static const range_string notifmsg_v1_type[] = {
1343 { 0,0, "<UNKNOWN>" },
1344 { 1,1, "INVALID-PAYLOAD-TYPE" },
1345 { 2,2, "DOI-NOT-SUPPORTED" },
1346 { 3,3, "SITUATION-NOT-SUPPORTED" },
1347 { 4,4, "INVALID-COOKIE" },
1348 { 5,5, "INVALID-MAJOR-VERSION" },
1349 { 6,6, "INVALID-MINOR-VERSION" },
1350 { 7,7, "INVALID-EXCHANGE-TYPE" },
1351 { 8,8, "INVALID-FLAGS" },
1352 { 9,9, "INVALID-MESSAGE-ID" },
1353 { 10,10, "INVALID-PROTOCOL-ID" },
1354 { 11,11, "INVALID-SPI" },
1355 { 12,12, "INVALID-TRANSFORM-ID" },
1356 { 13,13, "ATTRIBUTES-NOT-SUPPORTED" },
1357 { 14,14, "NO-PROPOSAL-CHOSEN" },
1358 { 15,15, "BAD-PROPOSAL-SYNTAX" },
1359 { 16,16, "PAYLOAD-MALFORMED" },
1360 { 17,17, "INVALID-KEY-INFORMATION" },
1361 { 18,18, "INVALID-ID-INFORMATION" },
1362 { 19,19, "INVALID-CERT-ENCODING" },
1363 { 20,20, "INVALID-CERTIFICATE" },
1364 { 21,21, "CERT-TYPE-UNSUPPORTED" },
1365 { 22,22, "INVALID-CERT-AUTHORITY" },
1366 { 23,23, "INVALID-HASH-INFORMATION" },
1367 { 24,24, "AUTHENTICATION-FAILED" },
1368 { 25,25, "INVALID-SIGNATURE" },
1369 { 26,26, "ADDRESS-NOTIFICATION" },
1370 { 27,27, "NOTIFY-SA-LIFETIME" },
1371 { 28,28, "CERTIFICATE-UNAVAILABLE" },
1372 { 29,29, "UNSUPPORTED-EXCHANGE-TYPE" },
1373 { 30,30, "UNEQUAL-PAYLOAD-LENGTHS" },
1374 { 31,8191, "RESERVED (Future Use)" },
1375 { 8192,16383, "Private Use" },
1376 { 16384,16384,"CONNECTED" },
1377 { 16385,24575,"RESERVED (Future Use)" },
1378 { 24576,24576,"RESPONDER-LIFETIME" },
1379 { 24577,24577,"REPLAY-STATUS" },
1380 { 24578,24578,"INITIAL-CONTACT" },
1381 { 24579,32767,"DOI-specific codes" },
1382 { 32768,36135,"Private Use" },
1383 { 36136,36136,"R-U-THERE" },
1384 { 36137,36137,"R-U-THERE-ACK" },
1385 { 36138,40500,"Private Use" },
1386 { 40501,40501,"UNITY-LOAD-BALANCE" },
1387 { 40502,40502,"UNITY-UNKNOWN" },
1388 { 40503,40503,"UNITY-GROUP-HASH" },
1389 { 40503,40959,"Private Use" },
1390 { 40960,65535,"RESERVED (Future Use)" },
1391 { 0,0, NULL },
1392 };
1393
1394 static const range_string notifmsg_v2_type[] = {
1395 { 0,0, "RESERVED" },
1396 { 1,1, "UNSUPPORTED_CRITICAL_PAYLOAD" },
1397 { 2,3, "RESERVED" },
1398 { 4,4, "INVALID_IKE_SPI" },
1399 { 5,5, "INVALID_MAJOR_VERSION" },
1400 { 6,6, "RESERVED" },
1401 { 7,7, "INVALID_SYNTAX" },
1402 { 8,8, "RESERVED" },
1403 { 9,9, "INVALID_MESSAGE_ID" },
1404 { 10,10, "RESERVED" },
1405 { 11,11, "INVALID_SPI" },
1406 { 12,13, "RESERVED" },
1407 { 14,14, "NO_PROPOSAL_CHOSEN" },
1408 { 15,16, "RESERVED" },
1409 { 17,17, "INVALID_KE_PAYLOAD" },
1410 { 24,24, "AUTHENTICATION_FAILED" },
1411 { 25,33, "RESERVED" },
1412 { 34,34, "SINGLE_PAIR_REQUIRED" },
1413 { 35,35, "NO_ADDITIONAL_SAS" },
1414 { 36,36, "INTERNAL_ADDRESS_FAILURE" },
1415 { 37,37, "FAILED_CP_REQUIRED" },
1416 { 38,38, "TS_UNACCEPTABLE" },
1417 { 39,39, "INVALID_SELECTORS" },
1418 { 40,40, "UNACCEPTABLE_ADDRESSES" }, /* RFC4555 */
1419 { 41,41, "UNEXPECTED_NAT_DETECTED" }, /* RFC4555 */
1420 { 42,42, "USE_ASSIGNED_HoA" }, /* RFC5026 */
1421 { 43,43, "TEMPORARY_FAILURE" }, /* RFC5996 */
1422 { 44,44, "CHILD_SA_NOT_FOUND" }, /* RFC5996 */
1423 { 45,45, "INVALID_GROUP_ID" }, /* draft-yeung-g-ikev2 */
1424 { 46,46, "CHILD_SA_NOT_FOUND" }, /* draft-yeung-g-ikev2 */
1425 { 47,8191, "RESERVED TO IANA - Error types" },
1426 { 8192,16383, "Private Use - Errors" },
1427 { 16384,16384, "INITIAL_CONTACT" },
1428 { 16385,16385, "SET_WINDOW_SIZE" },
1429 { 16386,16386, "ADDITIONAL_TS_POSSIBLE" },
1430 { 16387,16387, "IPCOMP_SUPPORTED" },
1431 { 16388,16388, "NAT_DETECTION_SOURCE_IP" },
1432 { 16389,16389, "NAT_DETECTION_DESTINATION_IP" },
1433 { 16390,16390, "COOKIE" },
1434 { 16391,16391, "USE_TRANSPORT_MODE" },
1435 { 16392,16392, "HTTP_CERT_LOOKUP_SUPPORTED" },
1436 { 16393,16393, "REKEY_SA" },
1437 { 16394,16394, "ESP_TFC_PADDING_NOT_SUPPORTED" },
1438 { 16395,16395, "NON_FIRST_FRAGMENTS_ALSO" },
1439 { 16396,16396, "MOBIKE_SUPPORTED" }, /* RFC4555 */
1440 { 16397,16397, "ADDITIONAL_IP4_ADDRESS" }, /* RFC4555 */
1441 { 16398,16398, "ADDITIONAL_IP6_ADDRESS" }, /* RFC4555 */
1442 { 16399,16399, "NO_ADDITIONAL_ADDRESSES" }, /* RFC4555 */
1443 { 16400,16400, "UPDATE_SA_ADDRESSES" }, /* RFC4555 */
1444 { 16401,16401, "COOKIE2" }, /* RFC4555 */
1445 { 16402,16402, "NO_NATS_ALLOWED" }, /* RFC4555 */
1446 { 16403,16403, "AUTH_LIFETIME" }, /* RFC4478 */
1447 { 16404,16404, "MULTIPLE_AUTH_SUPPORTED" }, /* RFC4739 */
1448 { 16405,16405, "ANOTHER_AUTH_FOLLOWS" }, /* RFC4739 */
1449 { 16406,16406, "REDIRECT_SUPPORTED" }, /* RFC5685 */
1450 { 16407,16407, "REDIRECT" }, /* RFC5685 */
1451 { 16408,16408, "REDIRECTED_FROM" }, /* RFC5685 */
1452 { 16409,16409, "TICKET_LT_OPAQUE" }, /* RFC5723 */
1453 { 16410,16410, "TICKET_REQUEST" }, /* RFC5723 */
1454 { 16411,16411, "TICKET_ACK" }, /* RFC5723 */
1455 { 16412,16412, "TICKET_NACK" }, /* RFC5723 */
1456 { 16413,16413, "TICKET_OPAQUE" }, /* RFC5723 */
1457 { 16414,16414, "LINK_ID" }, /* RFC5739 */
1458 { 16415,16415, "USE_WESP_MODE" }, /* RFC5840 */
1459 { 16416,16416, "ROHC_SUPPORTED" }, /* RFC5857 */
1460 { 16417,16417, "EAP_ONLY_AUTHENTICATION" }, /* RFC5998 */
1461 { 16418,16418, "CHILDLESS_IKEV2_SUPPORTED" }, /* RFC6023 */
1462 { 16419,16419, "QUICK_CRASH_DETECTION" }, /* RFC6290 */
1463 { 16420,16420, "IKEV2_MESSAGE_ID_SYNC_SUPPORTED" }, /* RFC6311 */
1464 { 16421,16421, "IPSEC_REPLAY_COUNTER_SYNC_SUPPORTED" },/* RFC6311 */
1465 { 16422,16422, "IKEV2_MESSAGE_ID_SYNC" }, /* RFC6311 */
1466 { 16423,16423, "IPSEC_REPLAY_COUNTER_SYNC" }, /* RFC6311 */
1467 { 16424,16424, "SECURE_PASSWORD_METHODS" }, /* RFC6467 */
1468 { 16425,16425, "PSK_PERSIST" }, /* RFC6631 */
1469 { 16426,16426, "PSK_CONFIRM" }, /* RFC6631 */
1470 { 16427,16427, "ERX_SUPPORTED" }, /* RFC6867 */
1471 { 16428,16428, "IFOM_CAPABILITY" }, /* [Frederic_Firmin][3GPP TS 24.303 v10.6.0 annex B.2] */
1472 { 16429,16429, "SENDER_REQUEST_ID" }, /* [draft-yeung-g-ikev2] */
1473 { 16430,16430, "IKEV2_FRAGMENTATION_SUPPORTED" }, /* RFC7383 */
1474 { 16431,16431, "SIGNATURE_HASH_ALGORITHMS" }, /* RFC7427 */
1475 { 16432,16432, "CLONE_IKE_SA_SUPPORTED" }, /* [RFC7791] */
1476 { 16433,16433, "CLONE_IKE_SA" }, /* [RFC7791] */
1477 { 16434,16434, "PUZZLE" }, /* [RFC8019] */
1478 { 16435,16435, "USE_PPK" }, /* [RFC8784] */
1479 { 16436,16436, "PPK_IDENTITY" }, /* [RFC8784] */
1480 { 16437,16437, "NO_PPK_AUTH" },
1481 { 16438,16438, "INTERMEDIATE_EXCHANGE_SUPPORTED" }, /* RFC9242 */
1482 { 16439,16439, "IP4_ALLOWED" }, /* RFC8983 */
1483 { 16440,16440, "IP4_ALLOWED" }, /* RFC8983 */
1484 { 16441,16441, "ADDITIONAL_KEY_EXCHANGE" }, /* RFC9370 */
1485 { 16442,16442, "USE_AGGFRAG" }, /* RFC9347 */
1486 { 16443,40959, "RESERVED TO IANA - STATUS TYPES" },
1487 { 40960,65535, "Private Use - STATUS TYPES" },
1488 { 0,0, NULL },
1489 };
1490
1491 /* 3GPP private error and status types in Notify messages
1492 * 3GPP TS 24.302 V16.0.0 (2019-03)
1493 * 3GPP TS 24.502 V15.3.0 (2019-03)
1494 * Note currently all private data types wil be decoded as 3GPP if that's not good enough a preference must be used
1495 */
1496 static const range_string notifmsg_v2_3gpp_type[] = {
1497 /* PRIVATE ERROR TYPES */
1498 { 8192,8192, "PDN_CONNECTION_REJECTION" }, /* TS 24.302 */
1499 { 8193,8193, "MAX_CONNECTION_REACHED" }, /* TS 24.302 */
1500 { 8194,8240, "Private Use - Errors" },
1501 { 8241,8241, "SEMANTIC_ERROR_IN_THE_TFT_OPERATION" }, /* TS 24.302 */
1502 { 8242,8242, "SYNTACTICAL_ERROR_IN_THE_TFT_OPERATION" }, /* TS 24.302 */
1503 { 8243,8243, "Private Use - Errors" },
1504 { 8244,8244, "SEMANTIC_ERRORS_IN_PACKET_FILTERS" }, /* TS 24.302 */
1505 { 8245,8245, "SYNTACTICAL_ERRORS_IN_PACKET_FILTERS" }, /* TS 24.302 */
1506 { 8246,8999, "Private Use - Errors" },
1507 { 9000,9000, "NON_3GPP_ACCESS_TO_EPC_NOT_ALLOWED" }, /* TS 24.302 */
1508 { 9001,9001, "USER_UNKNOWN" }, /* TS 24.302 */
1509 { 9002,9002, "NO_APN_SUBSCRIPTION" },
1510 { 9003,9003, "AUTHORIZATION_REJECTED" }, /* TS 24.302 */
1511 { 9004,9005, "Private Use - Errors" },
1512 { 9006,9006, "ILLEGAL_ME" }, /* TS 24.302 */
1513 { 9007,10499, "Private Use - Errors" },
1514 { 10500,10500, "NETWORK_FAILURE" }, /* TS 24.302 */
1515 { 10501,11000, "Private Use - Errors" },
1516 { 11001,11001, "RAT_TYPE_NOT_ALLOWED" }, /* TS 24.302 */
1517 { 11002,11004, "Private Use - Errors" },
1518 { 11005,11005, "IMEI_NOT_ACCEPTED" }, /* TS 24.302 */
1519 { 11006,11010, "Private Use - Errors" },
1520 { 11011,11011, "PLMN_NOT_ALLOWED" }, /* TS 24.302 */
1521 { 11012,11054, "Private Use - Errors" },
1522 { 11055,11055, "UNAUTHENTICATED_EMERGENCY_NOT_SUPPORTED" }, /* TS 24.302 */
1523 { 11056,15499, "Private Use - Errors" },
1524 { 15500,15500, "CONGESTION" }, /* TS 24.502 */
1525 { 15501,16383, "Private Use - Errors" },
1526 /* PRIVATE STATUS TYPES */
1527 { 40960,40960, "Private Use - STATUS TYPES" },
1528 { 40961,40961, "REACTIVATION_REQUESTED_CAUSE" }, /* TS 24.302 */
1529 { 40962,41040, "Private Use - STATUS TYPES" },
1530 { 41041,41041, "BACKOFF_TIMER" }, /* TS 24.302 */
1531 { 41042,41049, "Private Use - STATUS TYPES" },
1532 { 41050,41050, "PDN_TYPE_IPv4_ONLY_ALLOWED" }, /* TS 24.302 */
1533 { 41051,41051, "PDN_TYPE_IPv6_ONLY_ALLOWED" }, /* TS 24.302 */
1534 { 41052,41100, "Private Use - STATUS TYPES" },
1535 { 41101,41101, "DEVICE_IDENTITY" }, /* TS 24.302 */
1536 { 41102,41111, "Private Use - STATUS TYPES" },
1537 { 41112,41112, "EMERGENCY_SUPPORT" }, /* TS 24.302 */
1538 { 41113,41133, "Private Use - STATUS TYPES" },
1539 { 41134,41134, "EMERGENCY_CALL_NUMBERS" }, /* TS 24.302 */
1540 { 41135,41287, "Private Use - STATUS TYPES" },
1541 { 41288,41288, "NBIFOM_GENERIC_CONTAINER" }, /* TS 24.302 */
1542 { 41289,41303, "Private Use - STATUS TYPES" },
1543 { 41304,41304, "P-CSCF_RESELECTION_SUPPORT" }, /* TS 24.302 */
1544 { 41305,41500, "Private Use - STATUS TYPES" },
1545 { 41501,41501, "PTI" }, /* TS 24.302 */
1546 { 41502,42010, "Private Use - STATUS TYPES" },
1547 { 42011,42011, "P-IKEV2_MULTIPLE_BEARER_PDN_CONNECTIVITY" }, /* TS 24.302 */
1548 { 42012,42013, "Private Use - STATUS TYPES" },
1549 { 42014,42014, "P-EPS_QOS" }, /* TS 24.302 */
1550 { 42015,42015, "P-EXTENDED_EPS_QOS" }, /* TS 24.302 */
1551 { 42016,42016, "Private Use - STATUS TYPES" },
1552 { 42017,42017, "P-TFT" }, /* TS 24.302 */
1553 { 42018,42019, "Private Use - STATUS TYPES" },
1554 { 42020,42020, "P-MODIFIED_BEARER" }, /* TS 24.302 */
1555 { 42021,42093, "Private Use - STATUS TYPES" },
1556 { 42094,42094, "P-APN_AMBR" }, /* TS 24.302 */
1557 { 42095,42095, "P-EXTENDED_APN_AMBR" }, /* TS 24.302 */
1558 { 42096,51014, "Private Use - STATUS TYPES" },
1559 { 51015,51015, "P-N1_MODE_CAPABILITY" }, /* TS 24.302 */
1560 { 51016,51114, "Private Use - STATUS TYPES" },
1561 { 51115,51115, "P-N1_MODE_INFORMATION" }, /* TS 24.302 */
1562 { 51116,55500, "Private Use - STATUS TYPES" },
1563 { 55501,55501, "5G_QOS_INFO" }, /* TS 24.502 */
1564 { 55502,55502, "NAS_IP4_ADDRESS" }, /* TS 24.502 */
1565 { 55503,55503, "NAS_IP6_ADDRESS" }, /* TS 24.502 */
1566 { 55504,55504, "UP_IP4_ADDRESS" }, /* TS 24.502 */
1567 { 55505,55505, "UP_IP6_ADDRESS" }, /* TS 24.502 */
1568 { 55506,55506, "NAS_TCP_PORT" }, /* TS 24.502 */
1569 { 55507,55507, "N3GPP_BACKOFF_TIMER" }, /* TS 24.502 */
1570 { 55508,61471, "Private Use - STATUS TYPES" },
1571 { 61472,61472, "Auto-Discovery Sender (Fortinet)" },
1572 { 61473,61473, "Auto-Discovery Receiver (Fortinet)" },
1573 { 61474,61519, "Private Use - STATUS TYPES" },
1574 { 61520,61520, "Network Overlay ID (Fortinet" },
1575 { 61521,65535, "Private Use - STATUS TYPES" },
1576 { 0,0, NULL },
1577 };
1578
1579 static const range_string vs_v1_cfgtype[] = {
1580 { 0,0, "Reserved" },
1581 { 1,1, "ISAKMP_CFG_REQUEST" },
1582 { 2,2, "ISAKMP_CFG_REPLY" },
1583 { 3,3, "ISAKMP_CFG_SET" },
1584 { 4,4, "ISAKMP_CFG_ACK" },
1585 { 5,127, "Future use" },
1586 { 128,256, "Private Use" },
1587 { 0,0, NULL },
1588 };
1589
1590
1591 static const range_string vs_v2_cfgtype[] = {
1592 { 0,0, "RESERVED" },
1593 { 1,1, "CFG_REQUEST" },
1594 { 2,2, "CFG_REPLY" },
1595 { 3,3, "CFG_SET" },
1596 { 4,4, "CFG_ACK" },
1597 { 5,127, "Future use" },
1598 { 128,256, "Private Use" },
1599 { 0,0, NULL },
1600 };
1601
1602 static const range_string vs_v1_cfgattr[] = {
1603 { 0,0, "RESERVED" },
1604 { 1,1, "INTERNAL_IP4_ADDRESS" },
1605 { 2,2, "INTERNAL_IP4_NETMASK" },
1606 { 3,3, "INTERNAL_IP4_DNS" },
1607 { 4,4, "INTERNAL_IP4_NBNS" },
1608 { 5,5, "INTERNAL_ADDRESS_EXPIRY" },
1609 { 6,6, "INTERNAL_IP4_DHCP" },
1610 { 7,7, "APPLICATION_VERSION" },
1611 { 8,8, "INTERNAL_IP6_ADDRESS" },
1612 { 9,9, "INTERNAL_IP6_NETMASK" },
1613 { 10,10, "INTERNAL_IP6_DNS" },
1614 { 11,11, "INTERNAL_IP6_NBNS" },
1615 { 12,12, "INTERNAL_IP6_DHCP" },
1616 { 13,13, "INTERNAL_IP4_SUBNET" },
1617 { 14,14, "SUPPORTED_ATTRIBUTES" },
1618 { 15,15, "INTERNAL_IP6_SUBNET" },
1619 { 16,16383, "FUTURE USE"},
1620 { 16384,16386, "PRIVATE USE"},
1621 { 16387,16387, "CHKPT_DEF_DOMAIN" },
1622 { 16388,16388, "CHKPT_MAC_ADDRESS" },
1623 { 16389,16389, "CHKPT_MARCIPAN_REASON_CODE" },
1624 { 16400,16400, "CHKPT_UNKNOWN1" },
1625 { 16401,16401, "CHKPT_UNKNOWN2" },
1626 { 16402,16402, "CHKPT_UNKNOWN3" },
1627 { 16403,16519, "PRIVATE USE"},
1628 { 16520,16520, "XAUTH_TYPE" },
1629 { 16521,16521, "XAUTH_USER_NAME" },
1630 { 16522,16522, "XAUTH_USER_PASSWORD" },
1631 { 16523,16523, "XAUTH_PASSCODE" },
1632 { 16524,16524, "XAUTH_MESSAGE" },
1633 { 16525,16525, "XAUTH_CHALLENGE" },
1634 { 16526,16526, "XAUTH_DOMAIN" },
1635 { 16527,16527, "XAUTH_STATUS" },
1636 { 16528,16528, "XAUTH_NEXT_PIN" },
1637 { 16529,16529, "XAUTH_ANSWER" },
1638 { 16530,28671, "PRIVATE USE"},
1639 { 28672,28672, "UNITY_BANNER" },
1640 { 28673,28673, "UNITY_SAVE_PASSWD" },
1641 { 28674,28674, "UNITY_DEF_DOMAIN" },
1642 { 28675,28675, "UNITY_SPLIT_DOMAIN" },
1643 { 28676,28676, "UNITY_SPLIT_INCLUDE" },
1644 { 28677,28677, "UNITY_NATT_PORT" },
1645 { 28678,28678, "UNITY_SPLIT_EXCLUDE" },
1646 { 28679,28679, "UNITY_PFS" },
1647 { 28680,28680, "UNITY_FW_TYPE" },
1648 { 28681,28681, "UNITY_BACKUP_SERVERS" },
1649 { 28682,28682, "UNITY_DDNS_HOSTNAME" },
1650 { 28683,32767, "PRIVATE USE"},
1651 { 0,0, NULL },
1652 };
1653
1654 static const range_string vs_v2_cfgattr[] = {
1655 { 0,0, "RESERVED" },
1656 { 1,1, "INTERNAL_IP4_ADDRESS" },
1657 { 2,2, "INTERNAL_IP4_NETMASK" },
1658 { 3,3, "INTERNAL_IP4_DNS" },
1659 { 4,4, "INTERNAL_IP4_NBNS" },
1660 { 5,5, "INTERNAL_ADDRESS_EXPIRY" }, /* OBSO */
1661 { 6,6, "INTERNAL_IP4_DHCP" },
1662 { 7,7, "APPLICATION_VERSION" },
1663 { 8,8, "INTERNAL_IP6_ADDRESS" },
1664 { 9,9, "RESERVED" },
1665 { 10,10, "INTERNAL_IP6_DNS" },
1666 { 11,11, "INTERNAL_IP6_NBNS" }, /* OBSO */
1667 { 12,12, "INTERNAL_IP6_DHCP" },
1668 { 13,13, "INTERNAL_IP4_SUBNET" },
1669 { 14,14, "SUPPORTED_ATTRIBUTES" },
1670 { 15,15, "INTERNAL_IP6_SUBNET" },
1671 { 16,16, "MIP6_HOME_PREFIX" },
1672 { 17,17, "INTERNAL_IP6_LINK" },
1673 { 18,18, "INTERNAL_IP6_PREFIX" },
1674 { 19,19, "HOME_AGENT_ADDRESS" }, /* 3GPP TS 24.302 http://www.3gpp.org/ftp/Specs/html-info/24302.htm */
1675 { 20,20, "P_CSCF_IP4_ADDRESS" }, /* 3GPP IMS Option for IKEv2 https://datatracker.ietf.org/doc/draft-gundavelli-ipsecme-3gpp-ims-options/ */
1676 { 21,21, "P_CSCF_IP6_ADDRESS" },
1677 { 22,22, "FTT_KAT" },
1678 { 23,16383, "RESERVED TO IANA"},
1679 { 16384,32767, "PRIVATE USE"},
1680 { 0,0, NULL },
1681 };
1682
1683 static const range_string cfgattr_xauth_type[] = {
1684 { 0,0, "Generic" },
1685 { 1,1, "RADIUS-CHAP" },
1686 { 2,2, "OTP" },
1687 { 3,3, "S/KEY" },
1688 { 4,32767, "Future use" },
1689 { 32768,65535, "Private use" },
1690 { 0,0, NULL },
1691 };
1692
1693
1694 static const value_string cfgattr_xauth_status[] = {
1695 { 0, "Fail" },
1696 { 1, "Success" },
1697 { 0, NULL },
1698 };
1699
1700 static const value_string cp_product[] = {
1701 { 1, "Firewall-1" },
1702 { 2, "SecuRemote/SecureClient" },
1703 { 0, NULL },
1704 };
1705
1706 static const value_string cp_version[] = {
1707 { 2,"4.1" },
1708 { 3,"4.1 SP-1" },
1709 { 4002,"4.1 (SP-2 or above)" },
1710 { 5000,"NG" },
1711 { 5001,"NG Feature Pack 1" },
1712 { 5002,"NG Feature Pack 2" },
1713 { 5003,"NG Feature Pack 3" },
1714 { 5004,"NG with Application Intelligence" },
1715 { 5005,"NG with Application Intelligence R55" },
1716 { 5006,"NG with Application Intelligence R56" },
1717 { 0, NULL },
1718 };
1719 static const range_string traffic_selector_type[] = {
1720 { 0,6, "Reserved" },
1721 { 7,7, "TS_IPV4_ADDR_RANGE" },
1722 { 8,8, "TS_IPV6_ADDR_RANGE" },
1723 { 9,9, "TS_FC_ADDR_RANGE" },
1724 { 10,240, "Future use" },
1725 { 241,255, "Private use" },
1726 { 0,0, NULL },
1727 };
1728 static const value_string ms_nt5_isakmpoakley_type[] = {
1729 { 2, "Windows 2000" },
1730 { 3, "Windows XP SP1" },
1731 { 4, "Windows 2003 and Windows XP SP2" },
1732 { 5, "Windows Vista" },
1733 { 0, NULL }
1734 };
1735 static const range_string vs_v1_id_type[] = {
1736 { 0,0, "RESERVED" },
1737 { IKE_ID_IPV4_ADDR,IKE_ID_IPV4_ADDR, "IPV4_ADDR" },
1738 { IKE_ID_FQDN,IKE_ID_FQDN, "FQDN" },
1739 { IKE_ID_USER_FQDN,IKE_ID_USER_FQDN, "USER_FQDN" },
1740 { IKE_ID_IPV4_ADDR_SUBNET,IKE_ID_IPV4_ADDR_SUBNET, "IPV4_ADDR_SUBNET" },
1741 { IKE_ID_IPV6_ADDR,IKE_ID_IPV6_ADDR, "IPV6_ADDR" },
1742 { IKE_ID_IPV6_ADDR_SUBNET,IKE_ID_IPV6_ADDR_SUBNET, "IPV6_ADDR_SUBNET" },
1743 { IKE_ID_IPV4_ADDR_RANGE,IKE_ID_IPV4_ADDR_RANGE, "IPV4_ADDR_RANGE" },
1744 { IKE_ID_IPV6_ADDR_RANGE,IKE_ID_IPV6_ADDR_RANGE, "IPV6_ADDR_RANGE" },
1745 { IKE_ID_DER_ASN1_DN,IKE_ID_DER_ASN1_DN, "DER_ASN1_DN" },
1746 { IKE_ID_DER_ASN1_GN,IKE_ID_DER_ASN1_GN, "DER_ASN1_GN" },
1747 { IKE_ID_KEY_ID,IKE_ID_KEY_ID, "KEY_ID" },
1748 { IKE_ID_LIST,IKE_ID_LIST, "KEY_LIST" },
1749 { 13,248, "Future use" },
1750 { 249,255, "Private Use" },
1751 { 0,0, NULL },
1752 };
1753 static const range_string vs_v2_id_type[] = {
1754 { 0,0, "RESERVED" },
1755 { IKE_ID_IPV4_ADDR,IKE_ID_IPV4_ADDR, "IPV4_ADDR" },
1756 { IKE_ID_FQDN,IKE_ID_FQDN, "FQDN" },
1757 { IKE_ID_RFC822_ADDR,IKE_ID_RFC822_ADDR, "ID_RFC822_ADDR" },
1758 { 4,4, "Unassigned" },
1759 { IKE_ID_IPV6_ADDR,IKE_ID_IPV6_ADDR, "IPV6_ADDR" },
1760 { 6,8, "Unassigned" },
1761 { IKE_ID_DER_ASN1_DN,IKE_ID_DER_ASN1_DN, "DER_ASN1_DN" },
1762 { IKE_ID_DER_ASN1_GN,IKE_ID_DER_ASN1_GN, "DER_ASN1_GN" },
1763 { IKE_ID_KEY_ID,IKE_ID_KEY_ID, "KEY_ID" },
1764 { IKE_ID_FC_NAME,IKE_ID_FC_NAME, "KEY_LIST" },
1765 { 13,200, "Future use" },
1766 { 201,255, "Private Use" },
1767 { 0,0, NULL },
1768 };
1769 #define COOKIE_SIZE 8
1770
1771 typedef struct isakmp_hdr {
1772 uint8_t next_payload;
1773 uint8_t version;
1774 uint8_t exch_type;
1775 uint8_t flags;
1776 #define E_FLAG 0x01
1777 #define C_FLAG 0x02
1778 #define A_FLAG 0x04
1779 #define I_FLAG 0x08
1780 #define V_FLAG 0x10
1781 #define R_FLAG 0x20
1782 uint32_t message_id;
1783 uint32_t length;
1784 } isakmp_hdr_t;
1785
1786 static const true_false_string attribute_format = {
1787 "Type/Value (TV)",
1788 "Type/Length/Value (TLV)"
1789 };
1790 static const true_false_string flag_e = {
1791 "Encrypted",
1792 "Not encrypted"
1793 };
1794 static const true_false_string flag_c = {
1795 "Commit",
1796 "No commit"
1797 };
1798 static const true_false_string flag_a = {
1799 "Authentication",
1800 "No authentication"
1801 };
1802 static const true_false_string flag_i = {
1803 "Initiator",
1804 "Responder"
1805 };
1806 static const true_false_string flag_v = {
1807 "A higher version enabled",
1808 "No higher version"
1809 };
1810
1811
1812 /* ROHC Attribute Type RFC5857 */
1813
1814 #define ROHC_MAX_CID 1
1815 #define ROHC_PROFILE 2
1816 #define ROHC_INTEG 3
1817 #define ROHC_ICV_LEN 4
1818 #define ROHC_MRRU 5
1819
1820 static const range_string rohc_attr_type[] = {
1821 { 1,1, "Maximum Context Identifier (MAX_CID)" },
1822 { 2,2, "ROHC Profile (ROHC_PROFILE)" },
1823 { 3,3, "ROHC Integrity Algorithm (ROHC_INTEG)" },
1824 { 4,4, "ROHC ICV Length in bytes (ROHC_ICV_LEN)" },
1825 { 5,5, "Maximum Reconstructed Reception Unit (MRRU)" },
1826 { 6,16383, "Unassigned (Future use)" },
1827 { 16384,32767, "Private use" },
1828 { 0,0, NULL },
1829 };
1830
1831 static const range_string signature_hash_algorithms[] = {
1832 { 0,0, "Reserved" },
1833 { 1,1, "SHA1" },
1834 { 2,2, "SHA2-256" },
1835 { 3,3, "SHA2-384" },
1836 { 4,4, "SHA2-512" },
1837 { 5,5, "Identity" },
1838 { 6,1023, "Unassigned" },
1839 { 1024,65535, "Reserved for Private Use" },
1840 {0,0, NULL },
1841 };
1842
1843 static const range_string sat_protocol_ids[] = {
1844 { 0,0, "Reserved" },
1845 { 1,1, "GDOI_PROTO_IPSEC_ESP" },
1846 { 2,2, "GDOI_PROTO_IPSEC_AH" },
1847 { 3,127, "Unassigned" },
1848 { 128, 255, "Private Use" },
1849 { 0,0, NULL },
1850 };
1851
1852 static const range_string key_download_types[] = {
1853 { 0,0, "Reserved" },
1854 { 1,1, "TEK" },
1855 { 2,2, "KEK" },
1856 { 3,3, "LKH" },
1857 { 4,4, "SID" },
1858 { 5,127, "Unassigned" },
1859 { 128, 255, "Private Use" },
1860 { 0,0, NULL },
1861 };
1862
1863 static const value_string device_identity_types[] = {
1864 { 0x01, "IMEI" },
1865 { 0x02, "IMEISV" },
1866 { 0, NULL },
1867 };
1868
1869 #define ISAKMP_HDR_SIZE ((int)sizeof(struct isakmp_hdr) + (2 * COOKIE_SIZE))
1870
1871
1872 #define MAX_KEY_SIZE 256
1873 #define MAX_DIGEST_SIZE 64
1874 #define MAX_OAKLEY_KEY_LEN 32
1875
1876 #define PINFO_CBC_IV 1
1877
1878 #define DECR_PARAMS_INIT 0
1879 #define DECR_PARAMS_READY 1
1880 #define DECR_PARAMS_FAIL 2
1881
1882 typedef struct _ikev1_uat_data_key {
1883 unsigned char *icookie;
1884 unsigned icookie_len;
1885 unsigned char *key;
1886 unsigned key_len;
1887 } ikev1_uat_data_key_t;
1888
1889 typedef struct decrypt_data {
1890 bool is_psk;
1891 address initiator;
1892 unsigned ike_encr_alg;
1893 unsigned ike_encr_keylen;
1894 unsigned ike_hash_alg;
1895 int cipher_algo;
1896 size_t cipher_keylen;
1897 size_t cipher_blklen;
1898 int digest_algo;
1899 unsigned digest_len;
1900 unsigned group;
1901 char *gi;
1902 unsigned gi_len;
1903 char *gr;
1904 unsigned gr_len;
1905 unsigned char secret[MAX_KEY_SIZE];
1906 unsigned secret_len;
1907 GHashTable *iv_hash;
1908 unsigned state;
1909 } decrypt_data_t;
1910
1911 /* IKEv1: Lookup from Initiator-SPI -> decrypt_data_t* */
1912 static GHashTable *isakmp_hash;
1913
1914 static ikev1_uat_data_key_t* ikev1_uat_data;
1915 static uat_t * ikev1_uat;
1916 static unsigned num_ikev1_uat_data;
1917
1918 /* Specifications of encryption algorithms for IKEv2 decryption */
1919 typedef struct _ikev2_encr_alg_spec {
1920 unsigned number;
1921 /* Length of encryption key */
1922 unsigned key_len;
1923 /* Block size of the cipher */
1924 unsigned block_len;
1925 /* Length of initialization vector */
1926 unsigned iv_len;
1927 /* Encryption algorithm ID to be passed to gcry_cipher_open() */
1928 int gcry_alg;
1929 /* Cipher mode to be passed to gcry_cipher_open() */
1930 int gcry_mode;
1931
1932 /* Salt length used in AEAD (GCM/CCM) mode. Salt value is last salt_len bytes of encr_key.
1933 * IV for decryption is the result of concatenating salt value and iv_len bytes of iv.
1934 * For non-AED ciphers salt_len 0 */
1935 unsigned salt_len;
1936 /* Authenticated Encryption TAG length (ICV) - length of data taken from end of encrypted output
1937 * used for integrity checksum, computed during decryption (for AEAD ciphers)*/
1938 unsigned icv_len;
1939
1940 } ikev2_encr_alg_spec_t;
1941
1942 #define IKEV2_ENCR_NULL 1
1943 #define IKEV2_ENCR_3DES 2
1944 #define IKEV2_ENCR_AES_CBC_128 3
1945 #define IKEV2_ENCR_AES_CBC_192 4
1946 #define IKEV2_ENCR_AES_CBC_256 5
1947
1948 #define IKEV2_ENCR_AES_CTR_128 6
1949 #define IKEV2_ENCR_AES_CTR_192 7
1950 #define IKEV2_ENCR_AES_CTR_256 8
1951
1952 /* AEAD algorithms. Require gcrypt_version >= 1.6.0 if integrity verification shall be performed */
1953 #define IKEV2_ENCR_AES_GCM_128_16 101
1954 #define IKEV2_ENCR_AES_GCM_192_16 102
1955 #define IKEV2_ENCR_AES_GCM_256_16 103
1956
1957 #define IKEV2_ENCR_AES_GCM_128_8 104
1958 #define IKEV2_ENCR_AES_GCM_192_8 105
1959 #define IKEV2_ENCR_AES_GCM_256_8 106
1960
1961 #define IKEV2_ENCR_AES_GCM_128_12 107
1962 #define IKEV2_ENCR_AES_GCM_192_12 108
1963 #define IKEV2_ENCR_AES_GCM_256_12 109
1964
1965 #define IKEV2_ENCR_AES_CCM_128_16 111
1966 #define IKEV2_ENCR_AES_CCM_192_16 112
1967 #define IKEV2_ENCR_AES_CCM_256_16 113
1968
1969 #define IKEV2_ENCR_AES_CCM_128_8 114
1970 #define IKEV2_ENCR_AES_CCM_192_8 115
1971 #define IKEV2_ENCR_AES_CCM_256_8 116
1972
1973 #define IKEV2_ENCR_AES_CCM_128_12 117
1974 #define IKEV2_ENCR_AES_CCM_192_12 118
1975 #define IKEV2_ENCR_AES_CCM_256_12 119
1976
1977
1978 static ikev2_encr_alg_spec_t ikev2_encr_algs[] = {
1979 {IKEV2_ENCR_NULL, 0, 1, 0, GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE, 0, 0},
1980 {IKEV2_ENCR_3DES, 24, 8, 8, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0, 0},
1981 {IKEV2_ENCR_AES_CBC_128, 16, 16, 16, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0, 0},
1982 {IKEV2_ENCR_AES_CBC_192, 24, 16, 16, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 0, 0},
1983 {IKEV2_ENCR_AES_CBC_256, 32, 16, 16, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 0, 0},
1984
1985 {IKEV2_ENCR_AES_CTR_128, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 4, 0},
1986 {IKEV2_ENCR_AES_CTR_192, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 0},
1987 {IKEV2_ENCR_AES_CTR_256, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 0},
1988
1989 /* GCM algorithms: key length: aes-length + 4 bytes of IV (salt), iv - 8 bytes */
1990 {IKEV2_ENCR_AES_GCM_128_16, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, 4, 16},
1991 {IKEV2_ENCR_AES_GCM_192_16, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_GCM, 4, 16},
1992 {IKEV2_ENCR_AES_GCM_256_16, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, 4, 16},
1993
1994 {IKEV2_ENCR_AES_GCM_128_8, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, 4, 8},
1995 {IKEV2_ENCR_AES_GCM_192_8, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_GCM, 4, 8},
1996 {IKEV2_ENCR_AES_GCM_256_8, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, 4, 8},
1997
1998 {IKEV2_ENCR_AES_GCM_128_12, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, 4, 12},
1999 {IKEV2_ENCR_AES_GCM_192_12, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_GCM, 4, 12},
2000 {IKEV2_ENCR_AES_GCM_256_12, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_GCM, 4, 12},
2001
2002 /* CCM algorithms: key length: aes-length + 3 bytes of salt, iv - 8 bytes */
2003 {IKEV2_ENCR_AES_CCM_128_16, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, 3, 16},
2004 {IKEV2_ENCR_AES_CCM_192_16, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CCM, 3, 16},
2005 {IKEV2_ENCR_AES_CCM_256_16, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, 3, 16},
2006
2007 {IKEV2_ENCR_AES_CCM_128_8, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, 3, 8},
2008 {IKEV2_ENCR_AES_CCM_192_8, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CCM, 3, 8},
2009 {IKEV2_ENCR_AES_CCM_256_8, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, 3, 8},
2010
2011 {IKEV2_ENCR_AES_CCM_128_12, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, 3, 12},
2012 {IKEV2_ENCR_AES_CCM_192_12, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CCM, 3, 12},
2013 {IKEV2_ENCR_AES_CCM_256_12, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, 3, 12},
2014
2015 {0, 0, 0, 0, 0, 0, 0, 0}
2016 };
2017
2018 /*
2019 * Specifications of authentication algorithms for
2020 * decryption and/or ICD (Integrity Checksum Data) checking of IKEv2
2021 */
2022 typedef struct _ikev2_auth_alg_spec {
2023 unsigned number;
2024 /* Output length of the hash algorithm */
2025 unsigned output_len;
2026 /* Length of the hash key */
2027 unsigned key_len;
2028 /* Actual ICD length after truncation */
2029 unsigned trunc_len;
2030 /* Hash algorithm ID to be passed to gcry_md_open() */
2031 int gcry_alg;
2032 /* Flags to be passed to gcry_md_open() */
2033 unsigned gcry_flag;
2034 } ikev2_auth_alg_spec_t;
2035
2036 #define IKEV2_AUTH_NONE 1
2037 #define IKEV2_AUTH_HMAC_MD5_96 2
2038 #define IKEV2_AUTH_HMAC_SHA1_96 3
2039 #define IKEV2_AUTH_HMAC_SHA2_256_96 4
2040 #define IKEV2_AUTH_HMAC_SHA2_256_128 5
2041 #define IKEV2_AUTH_HMAC_SHA2_384_192 6
2042 #define IKEV2_AUTH_HMAC_SHA2_512_256 7
2043 #define IKEV2_AUTH_ANY_96BITS 8
2044 #define IKEV2_AUTH_ANY_128BITS 9
2045 #define IKEV2_AUTH_ANY_160BITS 10
2046 #define IKEV2_AUTH_ANY_192BITS 11
2047 #define IKEV2_AUTH_ANY_256BITS 12
2048 #define IKEV2_AUTH_ANY_64BITS 13
2049 #define IKEV2_AUTH_HMAC_MD5_128 14
2050 #define IKEV2_AUTH_HMAC_SHA1_160 15
2051
2052 static ikev2_auth_alg_spec_t ikev2_auth_algs[] = {
2053 /*{number, output_len, key_len, trunc_len, gcry_alg, gcry_flag}*/
2054 {IKEV2_AUTH_NONE, 0, 0, 0, GCRY_MD_NONE, 0},
2055 {IKEV2_AUTH_HMAC_MD5_96, 16, 16, 12, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC},
2056 {IKEV2_AUTH_HMAC_SHA1_96, 20, 20, 12, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC},
2057 {IKEV2_AUTH_HMAC_MD5_128, 16, 16, 16, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC},
2058 {IKEV2_AUTH_HMAC_SHA1_160, 20, 20, 20, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC},
2059 {IKEV2_AUTH_HMAC_SHA2_256_96, 32, 32, 12, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC},
2060 {IKEV2_AUTH_HMAC_SHA2_256_128, 32, 32, 16, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC},
2061 {IKEV2_AUTH_HMAC_SHA2_384_192, 48, 48, 24, GCRY_MD_SHA384, GCRY_MD_FLAG_HMAC},
2062 {IKEV2_AUTH_HMAC_SHA2_512_256, 64, 64, 32, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC},
2063 {IKEV2_AUTH_ANY_96BITS, 0, 0, 12, 0, 0},
2064 {IKEV2_AUTH_ANY_128BITS, 0, 0, 16, 0, 0},
2065 {IKEV2_AUTH_ANY_160BITS, 0, 0, 20, 0, 0},
2066 {IKEV2_AUTH_ANY_192BITS, 0, 0, 24, 0, 0},
2067 {IKEV2_AUTH_ANY_256BITS, 0, 0, 32, 0, 0},
2068 {IKEV2_AUTH_ANY_64BITS, 0, 0, 8, 0, 0},
2069
2070 {0, 0, 0, 0, 0, 0}
2071 };
2072
2073 typedef struct _ikev2_decrypt_data {
2074 unsigned char *encr_key;
2075 unsigned char *auth_key;
2076 ikev2_encr_alg_spec_t *encr_spec;
2077 ikev2_auth_alg_spec_t *auth_spec;
2078 } ikev2_decrypt_data_t;
2079
2080 typedef struct _ikev2_uat_data_key {
2081 unsigned char *spii;
2082 unsigned spii_len;
2083 unsigned char *spir;
2084 unsigned spir_len;
2085 } ikev2_uat_data_key_t;
2086
2087 typedef struct _ikev2_uat_data {
2088 ikev2_uat_data_key_t key;
2089 unsigned encr_alg;
2090 unsigned auth_alg;
2091 unsigned char *sk_ei;
2092 unsigned sk_ei_len;
2093 unsigned char *sk_er;
2094 unsigned sk_er_len;
2095 unsigned char *sk_ai;
2096 unsigned sk_ai_len;
2097 unsigned char *sk_ar;
2098 unsigned sk_ar_len;
2099 ikev2_encr_alg_spec_t *encr_spec;
2100 ikev2_auth_alg_spec_t *auth_spec;
2101 } ikev2_uat_data_t;
2102
2103 static ikev2_uat_data_t* ikev2_uat_data;
2104 static unsigned num_ikev2_uat_data;
2105 static uat_t* ikev2_uat;
2106
2107 /* IKEv2: (I-SPI, R-SPI) -> ikev2_uat_data_t* */
2108 static GHashTable *ikev2_key_hash;
2109
2110 #define IKEV2_ENCR_3DES_STR "3DES [RFC2451]"
2111 static const value_string vs_ikev2_encr_algs[] = {
2112 {IKEV2_ENCR_3DES, IKEV2_ENCR_3DES_STR},
2113 {IKEV2_ENCR_AES_CBC_128, "AES-CBC-128 [RFC3602]"},
2114 {IKEV2_ENCR_AES_CBC_192, "AES-CBC-192 [RFC3602]"},
2115 {IKEV2_ENCR_AES_CBC_256, "AES-CBC-256 [RFC3602]"},
2116 {IKEV2_ENCR_NULL, "NULL [RFC2410]"},
2117
2118 {IKEV2_ENCR_AES_CTR_128, "AES-CTR-128 [RFC5930]"},
2119 {IKEV2_ENCR_AES_CTR_192, "AES-CTR-192 [RFC5930]"},
2120 {IKEV2_ENCR_AES_CTR_256, "AES-CTR-256 [RFC5930]"},
2121
2122 {IKEV2_ENCR_AES_GCM_128_16, "AES-GCM-128 with 16 octet ICV [RFC5282]"},
2123 {IKEV2_ENCR_AES_GCM_192_16, "AES-GCM-192 with 16 octet ICV [RFC5282]"},
2124 {IKEV2_ENCR_AES_GCM_256_16, "AES-GCM-256 with 16 octet ICV [RFC5282]"},
2125
2126 {IKEV2_ENCR_AES_GCM_128_8, "AES-GCM-128 with 8 octet ICV [RFC5282]"},
2127 {IKEV2_ENCR_AES_GCM_192_8, "AES-GCM-192 with 8 octet ICV [RFC5282]"},
2128 {IKEV2_ENCR_AES_GCM_256_8, "AES-GCM-256 with 8 octet ICV [RFC5282]"},
2129
2130 {IKEV2_ENCR_AES_GCM_128_12, "AES-GCM-128 with 12 octet ICV [RFC5282]"},
2131 {IKEV2_ENCR_AES_GCM_192_12, "AES-GCM-192 with 12 octet ICV [RFC5282]"},
2132 {IKEV2_ENCR_AES_GCM_256_12, "AES-GCM-256 with 12 octet ICV [RFC5282]"},
2133
2134 {IKEV2_ENCR_AES_CCM_128_16, "AES-CCM-128 with 16 octet ICV [RFC5282]"},
2135 {IKEV2_ENCR_AES_CCM_192_16, "AES-CCM-192 with 16 octet ICV [RFC5282]"},
2136 {IKEV2_ENCR_AES_CCM_256_16, "AES-CCM-256 with 16 octet ICV [RFC5282]"},
2137
2138 {IKEV2_ENCR_AES_CCM_128_8, "AES-CCM-128 with 8 octet ICV [RFC5282]"},
2139 {IKEV2_ENCR_AES_CCM_192_8, "AES-CCM-192 with 8 octet ICV [RFC5282]"},
2140 {IKEV2_ENCR_AES_CCM_256_8, "AES-CCM-256 with 8 octet ICV [RFC5282]"},
2141
2142 {IKEV2_ENCR_AES_CCM_128_12, "AES-CCM-128 with 12 octet ICV [RFC5282]"},
2143 {IKEV2_ENCR_AES_CCM_192_12, "AES-CCM-192 with 12 octet ICV [RFC5282]"},
2144 {IKEV2_ENCR_AES_CCM_256_12, "AES-CCM-256 with 12 octet ICV [RFC5282]"},
2145
2146 {0, NULL}
2147 };
2148
2149 #define IKEV2_AUTH_HMAC_SHA1_96_STR "HMAC_SHA1_96 [RFC2404]"
2150 static const value_string vs_ikev2_auth_algs[] = {
2151 {IKEV2_AUTH_HMAC_MD5_96, "HMAC_MD5_96 [RFC2403]"},
2152 {IKEV2_AUTH_HMAC_SHA1_96, IKEV2_AUTH_HMAC_SHA1_96_STR},
2153 {IKEV2_AUTH_HMAC_MD5_128, "HMAC_MD5_128 [RFC4595]"},
2154 {IKEV2_AUTH_HMAC_SHA1_160, "HMAC_SHA1_160 [RFC4595]"},
2155 {IKEV2_AUTH_HMAC_SHA2_256_96, "HMAC_SHA2_256_96 [draft-ietf-ipsec-ciph-sha-256-00]"},
2156 {IKEV2_AUTH_HMAC_SHA2_256_128, "HMAC_SHA2_256_128 [RFC4868]"},
2157 {IKEV2_AUTH_HMAC_SHA2_384_192, "HMAC_SHA2_384_192 [RFC4868]"},
2158 {IKEV2_AUTH_HMAC_SHA2_512_256, "HMAC_SHA2_512_256 [RFC4868]"},
2159 {IKEV2_AUTH_NONE, "NONE [RFC4306]"},
2160 {IKEV2_AUTH_ANY_64BITS, "ANY 64-bits of Authentication [No Checking]"},
2161 {IKEV2_AUTH_ANY_96BITS, "ANY 96-bits of Authentication [No Checking]"},
2162 {IKEV2_AUTH_ANY_128BITS, "ANY 128-bits of Authentication [No Checking]"},
2163 {IKEV2_AUTH_ANY_160BITS, "ANY 160-bits of Authentication [No Checking]"},
2164 {IKEV2_AUTH_ANY_192BITS, "ANY 192-bits of Authentication [No Checking]"},
2165 {IKEV2_AUTH_ANY_256BITS, "ANY 256-bits of Authentication [No Checking]"},
2166 {0, NULL}
2167 };
2168
2169 static ikev2_encr_alg_spec_t* ikev2_decrypt_find_encr_spec(unsigned num) {
2170 ikev2_encr_alg_spec_t *e;
2171
2172 for (e = ikev2_encr_algs; e->number != 0; e++) {
2173 if (e->number == num) {
2174 return e;
2175 }
2176 }
2177 return NULL;
2178 }
2179
2180 static ikev2_auth_alg_spec_t* ikev2_decrypt_find_auth_spec(unsigned num) {
2181 ikev2_auth_alg_spec_t *a;
2182
2183 for (a = ikev2_auth_algs; a->number != 0; a++) {
2184 if (a->number == num) {
2185 return a;
2186 }
2187 }
2188 return NULL;
2189 }
2190
2191 static int ikev1_find_gcry_cipher_algo(unsigned ike_cipher, unsigned ike_keylen) {
2192 switch(ike_cipher) {
2193 case ENC_3DES_CBC:
2194 return GCRY_CIPHER_3DES;
2195
2196 case ENC_DES_CBC:
2197 return GCRY_CIPHER_DES;
2198
2199 case ENC_AES_CBC:
2200 switch (ike_keylen) {
2201 case 128:
2202 return GCRY_CIPHER_AES128;
2203 case 192:
2204 return GCRY_CIPHER_AES192;
2205 case 256:
2206 return GCRY_CIPHER_AES256;
2207 }
2208 return GCRY_CIPHER_NONE;
2209 }
2210 return GCRY_CIPHER_NONE;
2211 }
2212
2213 static int ikev1_find_gcry_md_algo(unsigned ike_hash) {
2214 switch(ike_hash) {
2215 case HMAC_MD5:
2216 return GCRY_MD_MD5;
2217 case HMAC_SHA:
2218 return GCRY_MD_SHA1;
2219 case HMAC_SHA2_256:
2220 return GCRY_MD_SHA256;
2221 case HMAC_SHA2_384:
2222 return GCRY_MD_SHA384;
2223 case HMAC_SHA2_512:
2224 return GCRY_MD_SHA512;
2225 }
2226 return GCRY_MD_NONE;
2227 }
2228
2229 static void *
2230 generate_iv(const void *b1, size_t b1_len,
2231 const void *b2, size_t b2_len,
2232 int md_algo, size_t iv_len) {
2233
2234 gcry_md_hd_t md_ctx;
2235 void *iv;
2236
2237 if (gcry_md_open(&md_ctx, md_algo, 0) != GPG_ERR_NO_ERROR)
2238 return NULL;
2239
2240 gcry_md_write(md_ctx, b1, b1_len);
2241 gcry_md_write(md_ctx, b2, b2_len);
2242
2243 iv = wmem_alloc(wmem_file_scope(), iv_len);
2244 memcpy(iv, gcry_md_read(md_ctx, md_algo), iv_len);
2245 gcry_md_close(md_ctx);
2246
2247 return iv;
2248 }
2249
2250 /* Get the IV previously stored for the current message ID,
2251 * or create a new IV if the message ID was not seen before.
2252 * The caller owns the result and does not need to copy it.
2253 * This function may return NULL.
2254 */
2255 static gpointer
2256 get_iv(uint32_t message_id, decrypt_data_t *decr) {
2257 gpointer iv, iv1;
2258 size_t cipher_blklen;
2259 void *msgid_key;
2260 uint32_t msgid_net;
2261 bool found;
2262
2263 cipher_blklen = decr->cipher_blklen;
2264
2265 /* Get the current IV for the given message ID,
2266 * and remove it from the hash table without destroying it. */
2267 msgid_key = GINT_TO_POINTER(message_id);
2268 found = g_hash_table_lookup_extended(decr->iv_hash, msgid_key, NULL, &iv);
2269 if (found) {
2270 g_hash_table_steal(decr->iv_hash, msgid_key);
2271 return iv;
2272 }
2273
2274 /* No IV for this message ID was found; a new phase has started.
2275 * Generate the first IV for it from its message ID and the current
2276 * phase 1 IV. The phase 1 IV always exists in the hash table
2277 * and is not NULL.
2278 */
2279 iv1 = g_hash_table_lookup(decr->iv_hash, GINT_TO_POINTER(0));
2280 msgid_net = g_htonl(message_id);
2281 iv = generate_iv(iv1, cipher_blklen,
2282 &msgid_net, sizeof(msgid_net),
2283 decr->digest_algo, cipher_blklen);
2284 return iv;
2285 }
2286
2287 /* Fill in the next IV from the final ciphertext block. */
2288 static void
2289 set_next_iv(const uint8_t *buf, unsigned buf_len, uint32_t message_id, decrypt_data_t *decr) {
2290 void *iv;
2291 size_t cipher_blklen;
2292 void *msgid_key;
2293
2294 cipher_blklen = decr->cipher_blklen;
2295
2296 if (buf_len < cipher_blklen) {
2297 iv = NULL;
2298 } else {
2299 iv = wmem_alloc(wmem_file_scope(), cipher_blklen);
2300 memcpy(iv, buf + buf_len - cipher_blklen, cipher_blklen);
2301 }
2302
2303 msgid_key = GINT_TO_POINTER(message_id);
2304 g_hash_table_insert(decr->iv_hash, msgid_key, iv);
2305 }
2306
2307 static void
2308 update_ivs(packet_info *pinfo, const uint8_t *buf, unsigned buf_len, uint32_t message_id, decrypt_data_t *decr) {
2309 void *iv;
2310
2311 /* Get the current IV and store it as per-packet data. */
2312 iv = get_iv(message_id, decr);
2313 p_add_proto_data(wmem_file_scope(), pinfo, proto_isakmp, PINFO_CBC_IV, iv);
2314
2315 set_next_iv(buf, buf_len, message_id, decr);
2316 }
2317
2318 static bool
2319 prepare_decrypt_params(decrypt_data_t *decr) {
2320 decr->cipher_algo = ikev1_find_gcry_cipher_algo(decr->ike_encr_alg,
2321 decr->ike_encr_keylen);
2322 decr->digest_algo = ikev1_find_gcry_md_algo(decr->ike_hash_alg);
2323
2324 if (decr->cipher_algo == GCRY_CIPHER_NONE ||
2325 decr->digest_algo == GCRY_MD_NONE)
2326 return false;
2327
2328 decr->cipher_keylen = gcry_cipher_get_algo_keylen(decr->cipher_algo);
2329 decr->cipher_blklen = gcry_cipher_get_algo_blklen(decr->cipher_algo);
2330 decr->digest_len = gcry_md_get_algo_dlen(decr->digest_algo);
2331
2332 if (decr->secret_len < decr->cipher_keylen ||
2333 decr->digest_len < decr->cipher_blklen)
2334 return false;
2335
2336 if (decr->gi_len == 0 || decr->gr_len == 0)
2337 return false;
2338
2339 return true;
2340 }
2341
2342 /* Generate phase 1 IV from DH values
2343 * and store it into the IV hash table. */
2344 static bool
2345 prepare_phase1_iv(decrypt_data_t *decr) {
2346 void *iv;
2347
2348 iv = generate_iv(decr->gi, decr->gi_len,
2349 decr->gr, decr->gr_len,
2350 decr->digest_algo, decr->cipher_blklen);
2351 if (!iv)
2352 return false;
2353
2354 g_hash_table_insert(decr->iv_hash, GINT_TO_POINTER(0), iv);
2355 return true;
2356 }
2357
2358 static bool
2359 prepare_decrypt(decrypt_data_t *decr) {
2360 bool result;
2361
2362 if (!decr)
2363 return false;
2364
2365 if (decr->state == DECR_PARAMS_INIT) {
2366 /* Short-circuit evaluation is intended. */
2367 result = prepare_decrypt_params(decr) &&
2368 prepare_phase1_iv(decr);
2369 decr->state = result ? DECR_PARAMS_READY : DECR_PARAMS_FAIL;
2370 }
2371
2372 return (decr->state == DECR_PARAMS_READY);
2373 }
2374
2375 static decrypt_data_t *
2376 create_decrypt_data(void) {
2377 decrypt_data_t *decr;
2378
2379 decr = (decrypt_data_t *)g_slice_alloc(sizeof(decrypt_data_t));
2380 memset(decr, 0, sizeof(decrypt_data_t));
2381 decr->iv_hash = g_hash_table_new(NULL, NULL);
2382 clear_address(&decr->initiator);
2383
2384 return decr;
2385 }
2386
2387 static tvbuff_t *
2388 decrypt_payload(tvbuff_t *tvb, packet_info *pinfo, const uint8_t *buf, unsigned buf_len, decrypt_data_t *decr) {
2389 uint8_t *decrypted_data;
2390 gcry_cipher_hd_t decr_ctx;
2391 tvbuff_t *encr_tvb;
2392 void *iv;
2393 bool error;
2394
2395 if (buf_len < decr->cipher_blklen)
2396 return NULL;
2397
2398 iv = p_get_proto_data(wmem_file_scope(), pinfo, proto_isakmp, PINFO_CBC_IV);
2399 if (!iv)
2400 return NULL;
2401
2402 if (gcry_cipher_open(&decr_ctx, decr->cipher_algo, GCRY_CIPHER_MODE_CBC, 0) != GPG_ERR_NO_ERROR)
2403 return NULL;
2404
2405 decrypted_data = (uint8_t *)wmem_alloc(pinfo->pool, buf_len);
2406
2407 /* Short-circuit evaluation is intended. */
2408 error = gcry_cipher_setiv(decr_ctx, iv, decr->cipher_blklen) ||
2409 gcry_cipher_setkey(decr_ctx, decr->secret, decr->secret_len) ||
2410 gcry_cipher_decrypt(decr_ctx, decrypted_data, buf_len, buf, buf_len);
2411
2412 gcry_cipher_close(decr_ctx);
2413 if (error)
2414 return NULL;
2415
2416 encr_tvb = tvb_new_child_real_data(tvb, decrypted_data, buf_len, buf_len);
2417
2418 /* Add the decrypted data to the data source list. */
2419 add_new_data_source(pinfo, encr_tvb, "Decrypted IKE");
2420
2421 return encr_tvb;
2422 }
2423
2424 static proto_tree *dissect_payload_header(tvbuff_t *, packet_info *, int, int, int, uint8_t,
2425 uint8_t *, uint16_t *, proto_tree *);
2426
2427 static void dissect_sa(tvbuff_t *, int, int, proto_tree *, int, packet_info *, bool, void*);
2428 static void dissect_proposal(tvbuff_t *, packet_info *, int, int, proto_tree *, int, void*);
2429 static void dissect_transform(tvbuff_t *, packet_info *, int, int, proto_tree *, int, int, void*);
2430 static void dissect_key_exch(tvbuff_t *, int, int, proto_tree *, int, packet_info *, void*);
2431 static void dissect_id_type(tvbuff_t *, int, int, uint8_t, proto_tree *, proto_item *, packet_info *);
2432 static void dissect_id(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
2433 static void dissect_cert(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
2434 static void dissect_certreq(tvbuff_t *, int, int, proto_tree *, int, packet_info *);
2435 static void dissect_auth(tvbuff_t *, packet_info *, int, int, proto_tree *);
2436 static void dissect_hash(tvbuff_t *, int, int, proto_tree *);
2437 static void dissect_sig(tvbuff_t *, int, int, proto_tree *);
2438 static void dissect_nonce(tvbuff_t *, int, int, proto_tree *);
2439 static void dissect_notif(tvbuff_t *, packet_info *, int, int, proto_tree *, int);
2440 static void dissect_delete(tvbuff_t *, int, int, proto_tree *, int);
2441 static int dissect_vid(tvbuff_t *, int, int, proto_tree *);
2442 static void dissect_config(tvbuff_t *, packet_info *, int, int, proto_tree *, int, bool);
2443 static void dissect_sa_kek(tvbuff_t *, packet_info *, int, int, proto_tree *);
2444 static void dissect_sa_tek(tvbuff_t *, packet_info *, int, int, proto_tree *);
2445 static void dissect_key_download(tvbuff_t *, packet_info *, int, int, proto_tree *, int);
2446 static void dissect_sequence(tvbuff_t *, packet_info *, int, int, proto_tree *);
2447 static void dissect_nat_discovery(tvbuff_t *, int, int, proto_tree * );
2448 static void dissect_nat_original_address(tvbuff_t *, int, int, proto_tree *, int );
2449 static void dissect_ts_payload(tvbuff_t *, int, int, proto_tree *);
2450 static tvbuff_t * dissect_enc(tvbuff_t *, int, int, proto_tree *, packet_info *, uint8_t, bool, void*, bool);
2451 static void dissect_eap(tvbuff_t *, int, int, proto_tree *, packet_info *);
2452 static void dissect_gspm(tvbuff_t *, int, int, proto_tree *);
2453 static void dissect_symmetric_key(tvbuff_t *, int, int, proto_tree *);
2454 static void dissect_cisco_fragmentation(tvbuff_t *, int, int, proto_tree *, packet_info *);
2455
2456 /* State of current fragmentation within a conversation */
2457 typedef struct ikev2_fragmentation_state_t {
2458 uint32_t message_id;
2459 uint8_t next_payload;
2460 } ikev2_fragmentation_state_t;
2461
2462 /* frame_number -> next_payload. The key will be the frame that completes the original message */
2463 static GHashTable *defrag_next_payload_hash;
2464
2465 static void dissect_ikev2_fragmentation(tvbuff_t *, int, proto_tree *, packet_info *, uint32_t message_id, uint8_t next_payload,
2466 bool is_request, void* decr_info);
2467
2468 static const uint8_t VID_SSH_IPSEC_EXPRESS_1_1_0[] = { /* Ssh Communications Security IPSEC Express version 1.1.0 */
2469 0xfB, 0xF4, 0x76, 0x14, 0x98, 0x40, 0x31, 0xFA,
2470 0x8E, 0x3B, 0xB6, 0x19, 0x80, 0x89, 0xB2, 0x23
2471 };
2472
2473 static const uint8_t VID_SSH_IPSEC_EXPRESS_1_1_1[] = { /* Ssh Communications Security IPSEC Express version 1.1.1 */
2474 0x19, 0x52, 0xDC, 0x91, 0xAC, 0x20, 0xF6, 0x46,
2475 0xFB, 0x01, 0xCF, 0x42, 0xA3, 0x3A, 0xEE, 0x30
2476 };
2477
2478 static const uint8_t VID_SSH_IPSEC_EXPRESS_1_1_2[] = { /* Ssh Communications Security IPSEC Express version 1.1.2 */
2479 0xE8, 0xBF, 0xFA, 0x64, 0x3E, 0x5C, 0x8F, 0x2C,
2480 0xD1, 0x0F, 0xDA, 0x73, 0x70, 0xB6, 0xEB, 0xE5
2481 };
2482
2483 static const uint8_t VID_SSH_IPSEC_EXPRESS_1_2_1[] = { /* Ssh Communications Security IPSEC Express version 1.2.1 */
2484 0xC1, 0x11, 0x1B, 0x2D, 0xEE, 0x8C, 0xBC, 0x3D,
2485 0x62, 0x05, 0x73, 0xEC, 0x57, 0xAA, 0xB9, 0xCB
2486 };
2487
2488 static const uint8_t VID_SSH_IPSEC_EXPRESS_1_2_2[] = { /* Ssh Communications Security IPSEC Express version 1.2.2 */
2489 0x09, 0xEC, 0x27, 0xBF, 0xBC, 0x09, 0xC7, 0x58,
2490 0x23, 0xCF, 0xEC, 0xBF, 0xFE, 0x56, 0x5A, 0x2E
2491 };
2492
2493 static const uint8_t VID_SSH_IPSEC_EXPRESS_2_0_0[] = { /* SSH Communications Security IPSEC Express version 2.0.0 */
2494 0x7F, 0x21, 0xA5, 0x96, 0xE4, 0xE3, 0x18, 0xF0,
2495 0xB2, 0xF4, 0x94, 0x4C, 0x23, 0x84, 0xCB, 0x84
2496 };
2497
2498 static const uint8_t VID_SSH_IPSEC_EXPRESS_2_1_0[] = { /* SSH Communications Security IPSEC Express version 2.1.0 */
2499 0x28, 0x36, 0xD1, 0xFD, 0x28, 0x07, 0xBC, 0x9E,
2500 0x5A, 0xE3, 0x07, 0x86, 0x32, 0x04, 0x51, 0xEC
2501 };
2502
2503 static const uint8_t VID_SSH_IPSEC_EXPRESS_2_1_1[] = { /* SSH Communications Security IPSEC Express version 2.1.1 */
2504 0xA6, 0x8D, 0xE7, 0x56, 0xA9, 0xC5, 0x22, 0x9B,
2505 0xAE, 0x66, 0x49, 0x80, 0x40, 0x95, 0x1A, 0xD5
2506 };
2507
2508 static const uint8_t VID_SSH_IPSEC_EXPRESS_2_1_2[] = { /* SSH Communications Security IPSEC Express version 2.1.2 */
2509 0x3F, 0x23, 0x72, 0x86, 0x7E, 0x23, 0x7C, 0x1C,
2510 0xD8, 0x25, 0x0A, 0x75, 0x55, 0x9C, 0xAE, 0x20
2511 };
2512
2513 static const uint8_t VID_SSH_IPSEC_EXPRESS_3_0_0[] = { /* SSH Communications Security IPSEC Express version 3.0.0 */
2514 0x0E, 0x58, 0xD5, 0x77, 0x4D, 0xF6, 0x02, 0x00,
2515 0x7D, 0x0B, 0x02, 0x44, 0x36, 0x60, 0xF7, 0xEB
2516 };
2517
2518 static const uint8_t VID_SSH_IPSEC_EXPRESS_3_0_1[] = { /* SSH Communications Security IPSEC Express version 3.0.1 */
2519 0xF5, 0xCE, 0x31, 0xEB, 0xC2, 0x10, 0xF4, 0x43,
2520 0x50, 0xCF, 0x71, 0x26, 0x5B, 0x57, 0x38, 0x0F
2521 };
2522
2523 static const uint8_t VID_SSH_IPSEC_EXPRESS_4_0_0[] = { /* SSH Communications Security IPSEC Express version 4.0.0 */
2524 0xF6, 0x42, 0x60, 0xAF, 0x2E, 0x27, 0x42, 0xDA,
2525 0xDD, 0xD5, 0x69, 0x87, 0x06, 0x8A, 0x99, 0xA0
2526 };
2527
2528 static const uint8_t VID_SSH_IPSEC_EXPRESS_4_0_1[] = { /* SSH Communications Security IPSEC Express version 4.0.1 */
2529 0x7A, 0x54, 0xD3, 0xBD, 0xB3, 0xB1, 0xE6, 0xD9,
2530 0x23, 0x89, 0x20, 0x64, 0xBE, 0x2D, 0x98, 0x1C
2531 };
2532
2533 static const uint8_t VID_SSH_IPSEC_EXPRESS_4_1_0[] = { /* SSH Communications Security IPSEC Express version 4.1.0 */
2534 0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D,
2535 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0x0C, 0xF2, 0x14
2536 };
2537
2538 static const uint8_t VID_SSH_IPSEC_EXPRESS_4_1_1[] = { /* SSH Communications Security IPSEC Express version 4.1.1 */
2539 0x89, 0xF7, 0xB7, 0x60, 0xD8, 0x6B, 0x01, 0x2A,
2540 0xCF, 0x26, 0x33, 0x82, 0x39, 0x4D, 0x96, 0x2F
2541 };
2542
2543 static const uint8_t VID_SSH_IPSEC_EXPRESS_4_2_0[] = { /* SSH Communications Security IPSEC Express version 4.2.0 */
2544 0x68, 0x80, 0xC7, 0xD0, 0x26, 0x09, 0x91, 0x14,
2545 0xE4, 0x86, 0xC5, 0x54, 0x30, 0xE7, 0xAB, 0xEE
2546 };
2547
2548 static const uint8_t VID_SSH_IPSEC_EXPRESS_5_0[] = { /* SSH Communications Security IPSEC Express version 5.0 */
2549 0xB0, 0x37, 0xA2, 0x1A, 0xCE, 0xCC, 0xB5, 0x57,
2550 0x0F, 0x60, 0x25, 0x46, 0xF9, 0x7B, 0xDE, 0x8C
2551 };
2552
2553 static const uint8_t VID_SSH_IPSEC_EXPRESS_5_0_0[] = { /* SSH Communications Security IPSEC Express version 5.0.0 */
2554 0x2B, 0x2D, 0xAD, 0x97, 0xC4, 0xD1, 0x40, 0x93,
2555 0x00, 0x53, 0x28, 0x7F, 0x99, 0x68, 0x50, 0xB0
2556 };
2557
2558 static const uint8_t VID_SSH_IPSEC_EXPRESS_5_1_0[] = { /* SSH Communications Security IPSEC Express version 5.1.0 */
2559 0x45, 0xE1, 0x7F, 0x3A, 0xBE, 0x93, 0x94, 0x4C,
2560 0xB2, 0x02, 0x91, 0x0C, 0x59, 0xEF, 0x80, 0x6B
2561 };
2562
2563 static const uint8_t VID_SSH_IPSEC_EXPRESS_5_1_1[] = { /* SSH Communications Security IPSEC Express version 5.1.1 */
2564 0x59, 0x25, 0x85, 0x9F, 0x73, 0x77, 0xED, 0x78,
2565 0x16, 0xD2, 0xFB, 0x81, 0xC0, 0x1F, 0xA5, 0x51
2566 };
2567
2568 static const uint8_t VID_SSH_SENTINEL[] = { /* SSH Sentinel */
2569 0x05, 0x41, 0x82, 0xA0, 0x7C, 0x7A, 0xE2, 0x06,
2570 0xF9, 0xD2, 0xCF, 0x9D, 0x24, 0x32, 0xC4, 0x82
2571 };
2572
2573 static const uint8_t VID_SSH_SENTINEL_1_1[] = { /* SSH Sentinel 1.1 */
2574 0xB9, 0x16, 0x23, 0xE6, 0x93, 0xCA, 0x18, 0xA5,
2575 0x4C, 0x6A, 0x27, 0x78, 0x55, 0x23, 0x05, 0xE8
2576 };
2577
2578 static const uint8_t VID_SSH_SENTINEL_1_2[] = { /* SSH Sentinel 1.2 */
2579 0x54, 0x30, 0x88, 0x8D, 0xE0, 0x1A, 0x31, 0xA6,
2580 0xFA, 0x8F, 0x60, 0x22, 0x4E, 0x44, 0x99, 0x58
2581 };
2582
2583 static const uint8_t VID_SSH_SENTINEL_1_3[] = { /* SSH Sentinel 1.3 */
2584 0x7E, 0xE5, 0xCB, 0x85, 0xF7, 0x1C, 0xE2, 0x59,
2585 0xC9, 0x4A, 0x5C, 0x73, 0x1E, 0xE4, 0xE7, 0x52
2586 };
2587
2588 static const uint8_t VID_SSH_SENTINEL_1_4[] = { /* SSH Sentinel 1.4 */
2589 0x63, 0xD9, 0xA1, 0xA7, 0x00, 0x94, 0x91, 0xB5,
2590 0xA0, 0xA6, 0xFD, 0xEB, 0x2A, 0x82, 0x84, 0xF0
2591 };
2592
2593 static const uint8_t VID_SSH_SENTINEL_1_4_1[] = { /* SSH Sentinel 1.4.1 */
2594 0xEB, 0x4B, 0x0D, 0x96, 0x27, 0x6B, 0x4E, 0x22,
2595 0x0A, 0xD1, 0x62, 0x21, 0xA7, 0xB2, 0xA5, 0xE6
2596 };
2597
2598 static const uint8_t VID_SSH_QUICKSEC_0_9_0[] = { /* SSH Communications Security QuickSec 0.9.0 */
2599 0x37, 0xEB, 0xA0, 0xC4, 0x13, 0x61, 0x84, 0xE7,
2600 0xDA, 0xF8, 0x56, 0x2A, 0x77, 0x06, 0x0B, 0x4A
2601 };
2602
2603 static const uint8_t VID_SSH_QUICKSEC_1_1_0[] = { /* SSH Communications Security QuickSec 1.1.0 */
2604 0x5D, 0x72, 0x92, 0x5E, 0x55, 0x94, 0x8A, 0x96,
2605 0x61, 0xA7, 0xFC, 0x48, 0xFD, 0xEC, 0x7F, 0xF9
2606 };
2607
2608 static const uint8_t VID_SSH_QUICKSEC_1_1_1[] = { /* SSH Communications Security QuickSec 1.1.1 */
2609 0x77, 0x7F, 0xBF, 0x4C, 0x5A, 0xF6, 0xD1, 0xCD,
2610 0xD4, 0xB8, 0x95, 0xA0, 0x5B, 0xF8, 0x25, 0x94
2611 };
2612
2613 static const uint8_t VID_SSH_QUICKSEC_1_1_2[] = { /* SSH Communications Security QuickSec 1.1.2 */
2614 0x2C, 0xDF, 0x08, 0xE7, 0x12, 0xED, 0xE8, 0xA5,
2615 0x97, 0x87, 0x61, 0x26, 0x7C, 0xD1, 0x9B, 0x91
2616 };
2617
2618 static const uint8_t VID_SSH_QUICKSEC_1_1_3[] = { /* SSH Communications Security QuickSec 1.1.3 */
2619 0x59, 0xE4, 0x54, 0xA8, 0xC2, 0xCF, 0x02, 0xA3,
2620 0x49, 0x59, 0x12, 0x1F, 0x18, 0x90, 0xBC, 0x87
2621 };
2622
2623 static const uint8_t VID_draft_huttunen_ipsec_esp_in_udp_00[] = { /* draft-huttunen-ipsec-esp-in-udp-00.txt */
2624 0x6A, 0x74, 0x34, 0xC1, 0x9D, 0x7E, 0x36, 0x34,
2625 0x80, 0x90, 0xA0, 0x23, 0x34, 0xC9, 0xC8, 0x05
2626 };
2627
2628 static const uint8_t VID_draft_huttunen_ipsec_esp_in_udp_01[] = { /* draft-huttunen-ipsec-esp-in-udp-01.txt */
2629 0x50, 0x76, 0x0F, 0x62, 0x4C, 0x63, 0xE5, 0xC5,
2630 0x3E, 0xEA, 0x38, 0x6C, 0x68, 0x5C, 0xA0, 0x83
2631 };
2632
2633 static const uint8_t VID_draft_stenberg_ipsec_nat_traversal_01[] = { /* draft-stenberg-ipsec-nat-traversal-01 */
2634 0x27, 0xBA, 0xB5, 0xDC, 0x01, 0xEA, 0x07, 0x60,
2635 0xEA, 0x4E, 0x31, 0x90, 0xAC, 0x27, 0xC0, 0xD0
2636 };
2637
2638 static const uint8_t VID_draft_stenberg_ipsec_nat_traversal_02[]= { /* draft-stenberg-ipsec-nat-traversal-02 */
2639 0x61, 0x05, 0xC4, 0x22, 0xE7, 0x68, 0x47, 0xE4,
2640 0x3F, 0x96, 0x84, 0x80, 0x12, 0x92, 0xAE, 0xCD
2641 };
2642
2643 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike[]= { /* draft-ietf-ipsec-nat-t-ike */
2644 0x4D, 0xF3, 0x79, 0x28, 0xE9, 0xFC, 0x4F, 0xD1,
2645 0xB3, 0x26, 0x21, 0x70, 0xD5, 0x15, 0xC6, 0x62
2646 };
2647
2648 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_00[]= { /* draft-ietf-ipsec-nat-t-ike-00 */
2649 0x44, 0x85, 0x15, 0x2D, 0x18, 0xB6, 0xBB, 0xCD,
2650 0x0B, 0xE8, 0xA8, 0x46, 0x95, 0x79, 0xDD, 0xCC
2651 };
2652
2653 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_01[]= { /* "draft-ietf-ipsec-nat-t-ike-01" */
2654 0x16, 0xF6, 0xCA, 0x16, 0xE4, 0xA4, 0x06, 0x6D,
2655 0x83, 0x82, 0x1A, 0x0F, 0x0A, 0xEA, 0xA8, 0x62
2656 };
2657
2658 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_02[]= { /* draft-ietf-ipsec-nat-t-ike-02 */
2659 0xCD, 0x60, 0x46, 0x43, 0x35, 0xDF, 0x21, 0xF8,
2660 0x7C, 0xFD, 0xB2, 0xFC, 0x68, 0xB6, 0xA4, 0x48
2661 };
2662
2663 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_02n[]= { /* draft-ietf-ipsec-nat-t-ike-02\n */
2664 0x90, 0xCB, 0x80, 0x91, 0x3E, 0xBB, 0x69, 0x6E,
2665 0x08, 0x63, 0x81, 0xB5, 0xEC, 0x42, 0x7B, 0x1F
2666 };
2667
2668 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_03[] = { /* draft-ietf-ipsec-nat-t-ike-03 */
2669 0x7D, 0x94, 0x19, 0xA6, 0x53, 0x10, 0xCA, 0x6F,
2670 0x2C, 0x17, 0x9D, 0x92, 0x15, 0x52, 0x9d, 0x56
2671 };
2672
2673 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_04[] = { /* draft-ietf-ipsec-nat-t-ike-04 */
2674 0x99, 0x09, 0xb6, 0x4e, 0xed, 0x93, 0x7c, 0x65,
2675 0x73, 0xde, 0x52, 0xac, 0xe9, 0x52, 0xfa, 0x6b
2676 };
2677 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_05[] = { /* draft-ietf-ipsec-nat-t-ike-05 */
2678 0x80, 0xd0, 0xbb, 0x3d, 0xef, 0x54, 0x56, 0x5e,
2679 0xe8, 0x46, 0x45, 0xd4, 0xc8, 0x5c, 0xe3, 0xee
2680 };
2681 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_06[] = { /* draft-ietf-ipsec-nat-t-ike-06 */
2682 0x4d, 0x1e, 0x0e, 0x13, 0x6d, 0xea, 0xfa, 0x34,
2683 0xc4, 0xf3, 0xea, 0x9f, 0x02, 0xec, 0x72, 0x85
2684 };
2685 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_07[] = { /* draft-ietf-ipsec-nat-t-ike-07 */
2686 0x43, 0x9b, 0x59, 0xf8, 0xba, 0x67, 0x6c, 0x4c,
2687 0x77, 0x37, 0xae, 0x22, 0xea, 0xb8, 0xf5, 0x82
2688 };
2689 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_08[] = { /* draft-ietf-ipsec-nat-t-ike-08 */
2690 0x8f, 0x8d, 0x83, 0x82, 0x6d, 0x24, 0x6b, 0x6f,
2691 0xc7, 0xa8, 0xa6, 0xa4, 0x28, 0xc1, 0x1d, 0xe8
2692 };
2693 static const uint8_t VID_draft_ietf_ipsec_nat_t_ike_09[] = { /* draft-ietf-ipsec-nat-t-ike-09 */
2694 0x42, 0xea, 0x5b, 0x6f, 0x89, 0x8d, 0x97, 0x73,
2695 0xa5, 0x75, 0xdf, 0x26, 0xe7, 0xdd, 0x19, 0xe1
2696 };
2697 static const uint8_t VID_testing_nat_t_rfc[] = { /* Testing NAT-T RFC */
2698 0xc4, 0x0f, 0xee, 0x00, 0xd5, 0xd3, 0x9d, 0xdb,
2699 0x1f, 0xc7, 0x62, 0xe0, 0x9b, 0x7c, 0xfe, 0xa7
2700 };
2701
2702 static const uint8_t VID_rfc3947_nat_t[] = { /* RFC 3947 Negotiation of NAT-Traversal in the IKE */
2703 0x4a, 0x13, 0x1c, 0x81, 0x07, 0x03, 0x58, 0x45,
2704 0x5c, 0x57, 0x28, 0xf2, 0x0e, 0x95, 0x45, 0x2f
2705 };
2706 static const uint8_t VID_draft_beaulieu_ike_xauth_02[]= { /* draft-beaulieu-ike-xauth-02.txt 02 or 06 ??*/
2707 0x09, 0x00, 0x26, 0x89, 0xDF, 0xD6, 0xB7, 0x12,
2708 0x80, 0xA2, 0x24, 0xDE, 0xC3, 0x3B, 0x81, 0xE5
2709 };
2710
2711 static const uint8_t VID_xauth[]= { /* XAUTH (truncated MD5 hash of "draft-ietf-ipsra-isakmp-xauth-06.txt") */
2712 0x09, 0x00, 0x26, 0x89, 0xDF, 0xD6, 0xB7, 0x12
2713 };
2714
2715 static const uint8_t VID_rfc3706_dpd[]= { /* RFC 3706 */
2716 0xAF, 0xCA, 0xD7, 0x13, 0x68, 0xA1, 0xF1, 0xC9,
2717 0x6B, 0x86, 0x96, 0xFC, 0x77, 0x57, 0x01, 0x00
2718 };
2719 static const uint8_t VID_draft_ietf_ipsec_antireplay_00[]= { /* draft-ietf-ipsec-antireplay-00.txt */
2720 0x32, 0x5D, 0xF2, 0x9A, 0x23, 0x19, 0xF2, 0xDD
2721 };
2722
2723 static const uint8_t VID_draft_ietf_ipsec_heartbeats_00[]= { /* draft-ietf-ipsec-heartbeats-00.txt */
2724 0x8D, 0xB7, 0xA4, 0x18, 0x11, 0x22, 0x16, 0x60
2725 };
2726 static const uint8_t VID_IKE_CHALLENGE_RESPONSE_1[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys */
2727 0xBA, 0x29, 0x04, 0x99, 0xC2, 0x4E, 0x84, 0xE5,
2728 0x3A, 0x1D, 0x83, 0xA0, 0x5E, 0x5F, 0x00, 0xC9
2729 };
2730
2731 static const uint8_t VID_IKE_CHALLENGE_RESPONSE_2[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys */
2732 0x0D, 0x33, 0x61, 0x1A, 0x5D, 0x52, 0x1B, 0x5E,
2733 0x3C, 0x9C, 0x03, 0xD2, 0xFC, 0x10, 0x7E, 0x12
2734 };
2735
2736 static const uint8_t VID_IKE_CHALLENGE_RESPONSE_REV_1[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
2737
2738 0xAD, 0x32, 0x51, 0x04, 0x2C, 0xDC, 0x46, 0x52,
2739 0xC9, 0xE0, 0x73, 0x4C, 0xE5, 0xDE, 0x4C, 0x7D
2740 };
2741
2742 static const uint8_t VID_IKE_CHALLENGE_RESPONSE_REV_2[]= { /* IKE Challenge/Response for Authenticated Cryptographic Keys (Revised) */
2743 0x01, 0x3F, 0x11, 0x82, 0x3F, 0x96, 0x6F, 0xA9,
2744 0x19, 0x00, 0xF0, 0x24, 0xBA, 0x66, 0xA8, 0x6B
2745 };
2746
2747 static const uint8_t VID_CISCO_FRAG2[]= { /* Cisco Fragmentation - md5("FRAGMENTATION") */
2748 0x40, 0x48, 0xB7, 0xD5, 0x6E, 0xBC, 0xE8, 0x85,
2749 0x25, 0xE7, 0xDE, 0x7F, 0x00, 0xD6, 0xC2, 0xD3
2750 };
2751
2752 static const uint8_t VID_MS_VID_INITIAL_CONTACT[]= { /* Microsoft Vid-Initial-Contact */
2753 0x26, 0x24, 0x4d, 0x38, 0xed, 0xdb, 0x61, 0xb3,
2754 0x17, 0x2a, 0x36, 0xe3, 0xd0, 0xcf, 0xb8, 0x19
2755 };
2756
2757 static const uint8_t VID_GSS_API_1[]= { /* A GSS-API Authentication Method for IKE */
2758 0xB4, 0x6D, 0x89, 0x14, 0xF3, 0xAA, 0xA3, 0xF2,
2759 0xFE, 0xDE, 0xB7, 0xC7, 0xDB, 0x29, 0x43, 0xCA
2760 };
2761
2762 static const uint8_t VID_GSS_API_2[]= { /* A GSS-API Authentication Method for IKE */
2763 0xAD, 0x2C, 0x0D, 0xD0, 0xB9, 0xC3, 0x20, 0x83,
2764 0xCC, 0xBA, 0x25, 0xB8, 0x86, 0x1E, 0xC4, 0x55
2765 };
2766
2767 static const uint8_t VID_GSSAPI[]= { /* GSSAPI */
2768 0x62, 0x1B, 0x04, 0xBB, 0x09, 0x88, 0x2A, 0xC1,
2769 0xE1, 0x59, 0x35, 0xFE, 0xFA, 0x24, 0xAE, 0xEE
2770 };
2771
2772 static const uint8_t VID_MS_NT5_ISAKMPOAKLEY[]= { /* MS NT5 ISAKMPOAKLEY */
2773 0x1E, 0x2B, 0x51, 0x69, 0x05, 0x99, 0x1C, 0x7D,
2774 0x7C, 0x96, 0xFC, 0xBF, 0xB5, 0x87, 0xE4, 0x61
2775 };
2776
2777 static const uint8_t VID_CISCO_UNITY[]= { /* CISCO-UNITY */
2778 0x12, 0xF5, 0xF2, 0x8C, 0x45, 0x71, 0x68, 0xA9,
2779 0x70, 0x2D, 0x9F, 0xE2, 0x74, 0xCC
2780 };
2781
2782
2783 static const uint8_t VID_CISCO_CONCENTRATOR[]= { /* CISCO-CONCENTRATOR */
2784 0x1F, 0x07, 0xF7, 0x0E, 0xAA, 0x65, 0x14, 0xD3,
2785 0xB0, 0xFA, 0x96, 0x54, 0x2A, 0x50, 0x01, 0x00
2786 };
2787 static const uint8_t VID_CISCO_FRAG[] = { /* Cisco Fragmentation */
2788 0x40, 0x48, 0xB7, 0xD5, 0x6E, 0xBC, 0xE8, 0x85,
2789 0x25, 0xE7, 0xDE, 0x7F, 0x00, 0xD6, 0xC2, 0xD3,
2790 0x80, 0x00, 0x00, 0x00
2791 };
2792
2793 static const uint8_t VID_CISCO_FLEXVPN_SUPPORTED[] = { /* FLEXVPN-SUPPORTED */
2794 0x46, 0x4c, 0x45, 0x58, 0x56, 0x50, 0x4e, 0x2d,
2795 0x53, 0x55, 0x50, 0x50, 0x4f, 0x52, 0x54, 0x45,
2796 0x44
2797 };
2798
2799 static const uint8_t VID_CISCO_DELETE_REASON[] = { /* CISCO-DELETE-REASON */
2800 0x43, 0x49, 0x53, 0x43, 0x4f, 0x2d, 0x44, 0x45,
2801 0x4c, 0x45, 0x54, 0x45, 0x2d, 0x52, 0x45, 0x41,
2802 0x53, 0x4f, 0x4e
2803 };
2804
2805 static const uint8_t VID_CISCO_DYNAMIC_ROUTE[] = { /* CISCO-DYNAMIC-ROUTE */
2806 0x43, 0x49, 0x53, 0x43, 0x4f, 0x2d, 0x44, 0x59,
2807 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x2d, 0x52, 0x4f,
2808 0x55, 0x54, 0x45
2809 };
2810
2811 static const uint8_t VID_CISCO_VPN_REV_02[] = { /* CISCO-VPN-REV-02 */
2812 0x43, 0x49, 0x53, 0x43, 0x4f, 0x56, 0x50, 0x4e,
2813 0x2d, 0x52, 0x45, 0x56, 0x2d, 0x30, 0x32
2814 };
2815
2816 /* CISCO(COPYRIGHT)&Copyright (c) 2009 Cisco Systems, Inc. */
2817 static const uint8_t VID_CISCO_COPYRIGHT[] = { /* Cisco Copyright */
2818 0x43, 0x49, 0x53, 0x43, 0x4f, 0x28, 0x43, 0x4f,
2819 0x50, 0x59, 0x52, 0x49, 0x47, 0x48, 0x54, 0x29,
2820 0x26, 0x43, 0x6f, 0x70, 0x79, 0x72, 0x69, 0x67,
2821 0x68, 0x74, 0x20, 0x28, 0x63, 0x29, 0x20, 0x32,
2822 0x30, 0x30, 0x39, 0x20, 0x43, 0x69, 0x73, 0x63,
2823 0x6f, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d,
2824 0x73, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e
2825 };
2826
2827 static const uint8_t VID_CISCO_GRE_MODE[] = { /* CISCO-GRE-MODE */
2828 0x43, 0x49, 0x53, 0x43, 0x4f, 0x2d, 0x47, 0x52,
2829 0x45, 0x2d, 0x4d, 0x4f, 0x44, 0x45
2830 };
2831
2832 static const uint8_t VID_CP_01_R65[] = { /* CryptoPro/GOST 0.1 / Check Point R65 */
2833 0xF4, 0xED, 0x19, 0xE0, 0xC1, 0x14, 0xEB, 0x51,
2834 0x6F, 0xAA, 0xAC, 0x0E, 0xE3, 0x7D, 0xAF, 0x28,
2835 0x7, 0xB4, 0x38, 0x1F
2836 };
2837
2838 static const uint8_t VID_CP_10_R71[] = { /* CryptoPro/GOST 1.0 / Check Point R71 */
2839 0x03, 0x10, 0x17, 0xE0, 0x7F, 0x7A, 0x82, 0xE3,
2840 0xAA, 0x69, 0x50, 0xC9, 0x99, 0x99, 0x01, 0x00
2841 };
2842
2843 static const uint8_t VID_CP_11[] = { /* CryptoPro/GOST 1.1 */
2844 0x03, 0x10, 0x17, 0xE0, 0x7F, 0x7A, 0x82, 0xE3,
2845 0xAA, 0x69, 0x50, 0xC9, 0x99, 0x99, 0x01, 0x01
2846 };
2847
2848 static const uint8_t VID_CYBERGUARD[] = { /* CyberGuard */
2849 0x9A, 0xA1, 0xF3, 0xB4, 0x34, 0x72, 0xA4, 0x5D,
2850 0x5F, 0x50, 0x6A, 0xEB, 0x26, 0xC0, 0xF2, 0x14
2851 };
2852
2853 static const uint8_t VID_SHREWSOFT[] = { /* Shrew Soft */
2854 0xf1, 0x4b, 0x94, 0xb7, 0xbf, 0xf1, 0xfe, 0xf0,
2855 0x27, 0x73, 0xb8, 0xc4, 0x9f, 0xed, 0xed, 0x26
2856 };
2857 static const uint8_t VID_STRONGSWAN[] = { /* strongSwan */
2858 0x88, 0x2f, 0xe5, 0x6d, 0x6f, 0xd2, 0x0d, 0xbc,
2859 0x22, 0x51, 0x61, 0x3b, 0x2e, 0xbe, 0x5b, 0xeb
2860 };
2861 static const uint8_t VID_KAME_RACOON[] = { /* KAME/racoon */
2862 0x70, 0x03, 0xcb, 0xc1, 0x09, 0x7d, 0xbe, 0x9c,
2863 0x26, 0x00, 0xba, 0x69, 0x83, 0xbc, 0x8b, 0x35
2864 };
2865
2866 static const uint8_t VID_IPSEC_TOOLS[] = { /* IPsec-Tools */
2867 0x20, 0xa3, 0x62, 0x2c, 0x1c, 0xea, 0x7c, 0xe3,
2868 0x7b, 0xee, 0x3c, 0xa4, 0x84, 0x42, 0x52, 0x76
2869 };
2870
2871 static const uint8_t VID_NETSCREEN_1[] = { /* Netscreen-1 */
2872 0x29, 0x9e, 0xe8, 0x28, 0x9f, 0x40, 0xa8, 0x97,
2873 0x3b, 0xc7, 0x86, 0x87, 0xe2, 0xe7, 0x22, 0x6b,
2874 0x53, 0x2c, 0x3b, 0x76
2875 };
2876
2877 static const uint8_t VID_NETSCREEN_2[] = { /* Netscreen-2 */
2878 0x3a, 0x15, 0xe1, 0xf3, 0xcf, 0x2a, 0x63, 0x58,
2879 0x2e, 0x3a, 0xc8, 0x2d, 0x1c, 0x64, 0xcb, 0xe3,
2880 0xb6, 0xd7, 0x79, 0xe7
2881 };
2882
2883 static const uint8_t VID_NETSCREEN_3[] = { /* Netscreen-3 */
2884 0x47, 0xd2, 0xb1, 0x26, 0xbf, 0xcd, 0x83, 0x48,
2885 0x97, 0x60, 0xe2, 0xcf, 0x8c, 0x5d, 0x4d, 0x5a,
2886 0x03, 0x49, 0x7c, 0x15
2887 };
2888
2889 static const uint8_t VID_NETSCREEN_4[] = { /* Netscreen-4 */
2890 0x4a, 0x43, 0x40, 0xb5, 0x43, 0xe0, 0x2b, 0x84,
2891 0xc8, 0x8a, 0x8b, 0x96, 0xa8, 0xaf, 0x9e, 0xbe,
2892 0x77, 0xd9, 0xac, 0xcc
2893 };
2894
2895 static const uint8_t VID_NETSCREEN_5[] = { /* Netscreen-5 */
2896 0x64, 0x40, 0x5f, 0x46, 0xf0, 0x3b, 0x76, 0x60,
2897 0xa2, 0x3b, 0xe1, 0x16, 0xa1, 0x97, 0x50, 0x58,
2898 0xe6, 0x9e, 0x83, 0x87
2899 };
2900
2901 static const uint8_t VID_NETSCREEN_6[] = { /* Netscreen-6 */
2902 0x69, 0x93, 0x69, 0x22, 0x87, 0x41, 0xc6, 0xd4,
2903 0xca, 0x09, 0x4c, 0x93, 0xe2, 0x42, 0xc9, 0xde,
2904 0x19, 0xe7, 0xb7, 0xc6
2905 };
2906
2907 static const uint8_t VID_NETSCREEN_7[] = { /* Netscreen-7 */
2908 0x8c, 0x0d, 0xc6, 0xcf, 0x62, 0xa0, 0xef, 0x1b,
2909 0x5c, 0x6e, 0xab, 0xd1, 0xb6, 0x7b, 0xa6, 0x98,
2910 0x66, 0xad, 0xf1, 0x6a
2911 };
2912
2913 static const uint8_t VID_NETSCREEN_8[] = { /* Netscreen-8 */
2914 0x92, 0xd2, 0x7a, 0x9e, 0xcb, 0x31, 0xd9, 0x92,
2915 0x46, 0x98, 0x6d, 0x34, 0x53, 0xd0, 0xc3, 0xd5,
2916 0x7a, 0x22, 0x2a, 0x61
2917 };
2918
2919 static const uint8_t VID_NETSCREEN_9[] = { /* Netscreen-9 */
2920 0x9b, 0x09, 0x6d, 0x9a, 0xc3, 0x27, 0x5a, 0x7d,
2921 0x6f, 0xe8, 0xb9, 0x1c, 0x58, 0x31, 0x11, 0xb0,
2922 0x9e, 0xfe, 0xd1, 0xa0
2923 };
2924
2925 static const uint8_t VID_NETSCREEN_10[] = { /* Netscreen-10 */
2926 0xbf, 0x03, 0x74, 0x61, 0x08, 0xd7, 0x46, 0xc9,
2927 0x04, 0xf1, 0xf3, 0x54, 0x7d, 0xe2, 0x4f, 0x78,
2928 0x47, 0x9f, 0xed, 0x12
2929 };
2930
2931 static const uint8_t VID_NETSCREEN_11[] = { /* Netscreen-11 */
2932 0xc2, 0xe8, 0x05, 0x00, 0xf4, 0xcc, 0x5f, 0xbf,
2933 0x5d, 0xaa, 0xee, 0xd3, 0xbb, 0x59, 0xab, 0xae,
2934 0xee, 0x56, 0xc6, 0x52
2935 };
2936
2937 static const uint8_t VID_NETSCREEN_12[] = { /* Netscreen-12 */
2938 0xc8, 0x66, 0x0a, 0x62, 0xb0, 0x3b, 0x1b, 0x61,
2939 0x30, 0xbf, 0x78, 0x16, 0x08, 0xd3, 0x2a, 0x6a,
2940 0x8d, 0x0f, 0xb8, 0x9f
2941 };
2942
2943 static const uint8_t VID_NETSCREEN_13[] = { /* Netscreen-13 */
2944 0xf8, 0x85, 0xda, 0x40, 0xb1, 0xe7, 0xa9, 0xab,
2945 0xd1, 0x76, 0x55, 0xec, 0x5b, 0xbe, 0xc0, 0xf2,
2946 0x1f, 0x0e, 0xd5, 0x2e
2947 };
2948
2949 static const uint8_t VID_NETSCREEN_14[] = { /* Netscreen-14 */
2950 0x2a, 0x2b, 0xca, 0xc1, 0x9b, 0x8e, 0x91, 0xb4,
2951 0x26, 0x10, 0x78, 0x07, 0xe0, 0x2e, 0x72, 0x49,
2952 0x56, 0x9d, 0x6f, 0xd3
2953 };
2954 static const uint8_t VID_NETSCREEN_15[] = { /* Netscreen-15 */
2955 0x16, 0x6f, 0x93, 0x2d, 0x55, 0xeb, 0x64, 0xd8,
2956 0xe4, 0xdf, 0x4f, 0xd3, 0x7e, 0x23, 0x13, 0xf0,
2957 0xd0, 0xfd, 0x84, 0x51
2958 };
2959
2960 static const uint8_t VID_NETSCREEN_16[] = { /* Netscreen-16 */
2961 0xa3, 0x5b, 0xfd, 0x05, 0xca, 0x1a, 0xc0, 0xb3,
2962 0xd2, 0xf2, 0x4e, 0x9e, 0x82, 0xbf, 0xcb, 0xff,
2963 0x9c, 0x9e, 0x52, 0xb5
2964 };
2965
2966 static const uint8_t VID_ZYWALL[] = { /* ZYWALL */
2967 0x62, 0x50, 0x27, 0x74, 0x9d, 0x5a, 0xb9, 0x7f,
2968 0x56, 0x16, 0xc1, 0x60, 0x27, 0x65, 0xcf, 0x48,
2969 0x0a, 0x3b, 0x7d, 0x0b
2970 };
2971
2972 static const uint8_t VID_SIDEWINDER[] = { /* SIDEWINDER */
2973 0x84, 0x04, 0xad, 0xf9, 0xcd, 0xa0, 0x57, 0x60,
2974 0xb2, 0xca, 0x29, 0x2e, 0x4b, 0xff, 0x53, 0x7b
2975 };
2976
2977 static const uint8_t VID_SONICWALL[] = { /* SonicWALL */
2978 0x40, 0x4B, 0xF4, 0x39, 0x52, 0x2C, 0xA3, 0xF6
2979 };
2980
2981 static const uint8_t VID_HEARTBEAT_NOTIFY[] = { /* Heartbeat Notify */
2982 0x48 ,0x65, 0x61, 0x72, 0x74, 0x42, 0x65, 0x61,
2983 0x74, 0x5f, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79
2984 };
2985
2986 static const uint8_t VID_DWR[] = { /* DWR: Delete with reason */
2987 0x2D, 0x79, 0x22, 0xC6, 0xB3, 0x01, 0xD9, 0xB0,
2988 0xE1, 0x34, 0x27, 0x39, 0xE9, 0xCF, 0xBB, 0xD5
2989 };
2990
2991 static const uint8_t VID_ARUBA_RAP[] = { /* Remote AP (Aruba Networks) */
2992 0xca, 0x3e, 0x2b, 0x85, 0x4b, 0xa8, 0x03, 0x00,
2993 0x17, 0xdc, 0x10, 0x23, 0xa4, 0xfd, 0xe2, 0x04,
2994 0x1f, 0x9f, 0x74, 0x63
2995 };
2996
2997 static const uint8_t VID_ARUBA_CONTROLLER[] = { /* Controller (Aruba Networks) */
2998 0x3c, 0x8e, 0x70, 0xbd, 0xf9, 0xc7, 0xd7, 0x4a,
2999 0xdd, 0x53, 0xe4, 0x10, 0x09, 0x15, 0xdc, 0x2e,
3000 0x4b, 0xb5, 0x12, 0x74
3001 };
3002
3003 static const uint8_t VID_ARUBA_VIA_CLIENT[] = { /* VIA Client (Aruba Networks) */
3004 0x88, 0xf0, 0xe3, 0x14, 0x9b, 0x3f, 0xa4, 0x8b,
3005 0x05, 0xaa, 0x7f, 0x68, 0x5f, 0x0b, 0x76, 0x6b,
3006 0xe1, 0x86, 0xcc, 0xb8
3007 };
3008
3009 static const uint8_t VID_ARUBA_VIA_AUTH_PROFILE[] = { /* VIA Auth Profile (Aruba Networks) */
3010 0x56, 0x49, 0x41, 0x20, 0x41, 0x75, 0x74, 0x68,
3011 0x20, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65,
3012 0x20, 0x3a, 0x20
3013 };
3014
3015 /*
3016 * MS-IKEE Internet Key Exchange Protocol Extensions (v20080212).pdf
3017 * Windows Vista and Windows Server 2008
3018 */
3019 static const uint8_t VID_MS_IKEE_20080212_CGA1[] = { /* IKE CGA Version 1 */
3020 0xe3, 0xa5, 0x96, 0x6a, 0x76, 0x37, 0x9f, 0xe7,
3021 0x07, 0x22, 0x82, 0x31, 0xe5, 0xce, 0x86, 0x52
3022 };
3023
3024 static const uint8_t VID_MS_IKEE_20080212_MS_NDC[] = { /* MS-Negotiation Discovery Capable */
3025 0xfb, 0x1d, 0xe3, 0xcd, 0xf3, 0x41, 0xb7, 0xea,
3026 0x16, 0xb7, 0xe5, 0xbe, 0x08, 0x55, 0xf1, 0x20
3027 };
3028
3029 static const uint8_t VID_FORTINET_FORTIGATE[] = { /* Fortigate (Fortinet) */
3030 0x82, 0x99, 0x03, 0x17, 0x57, 0xA3, 0x60, 0x82,
3031 0xC6, 0xA6, 0x21, 0xDE
3032 };
3033
3034 static const uint8_t VID_FORTINET_FORTICLIENT_CONNECT[] = { /* Forticlient Connect license (Fortinet) */
3035 0x4C, 0x53, 0x42, 0x7B, 0x6D, 0x46, 0x5D, 0x1B,
3036 0x33, 0x7B, 0xB7, 0x55, 0xA3, 0x7A, 0x7F, 0xEF
3037 };
3038
3039 static const uint8_t VID_FORTINET_ENDPOINT_CONTROL[] = { /* Endpoint Control (Fortinet) */
3040 0xB4, 0xF0, 0x1C, 0xA9, 0x51, 0xE9, 0xDA, 0x8D,
3041 0x0B, 0xAF, 0xBB, 0xD3, 0x4A, 0xD3, 0x04, 0x4E
3042 };
3043
3044 static const uint8_t VID_FORTINET_AUTODISCOVERY_RECEIVER[] = { /* Auto-Discovery Receiver (Fortinet) */
3045 0xCA, 0x4A, 0x4C, 0xBB, 0x12, 0xEA, 0xB6, 0xC5,
3046 0x8C, 0x57, 0x06, 0x7C, 0x2E, 0x65, 0x37, 0x86
3047 };
3048
3049 static const uint8_t VID_FORTINET_AUTODISCOVERY_SENDER[] = { /* Auto-Discovery Sender (Fortinet) */
3050 0x9B, 0x15, 0xE6, 0x5A, 0x87, 0x1A, 0xFF, 0x34,
3051 0x26, 0x66, 0x62, 0x3B, 0xA5, 0x02, 0x2E, 0x60
3052 };
3053
3054 static const uint8_t VID_FORTINET_EXCHANGE_INTERFACE_IP[] = { /* Exchange Interface IP (Fortinet) */
3055 0xA5, 0x8F, 0xEC, 0x50, 0x36, 0xF5, 0x7B, 0x21,
3056 0xE8, 0xB4, 0x99, 0xE3, 0x36, 0xC7, 0x6E, 0xE6
3057 };
3058
3059 static const bytes_string vendor_id[] = {
3060 { VID_SSH_IPSEC_EXPRESS_1_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_1_1_0), "Ssh Communications Security IPSEC Express version 1.1.0" },
3061 { VID_SSH_IPSEC_EXPRESS_1_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_1_1_1), "Ssh Communications Security IPSEC Express version 1.1.1" },
3062 { VID_SSH_IPSEC_EXPRESS_1_1_2, sizeof(VID_SSH_IPSEC_EXPRESS_1_1_2), "Ssh Communications Security IPSEC Express version 1.1.2" },
3063 { VID_SSH_IPSEC_EXPRESS_1_2_1, sizeof(VID_SSH_IPSEC_EXPRESS_1_2_1), "Ssh Communications Security IPSEC Express version 1.2.1" },
3064 { VID_SSH_IPSEC_EXPRESS_1_2_2, sizeof(VID_SSH_IPSEC_EXPRESS_1_2_2), "Ssh Communications Security IPSEC Express version 1.2.2" },
3065 { VID_SSH_IPSEC_EXPRESS_2_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_2_0_0), "SSH Communications Security IPSEC Express version 2.0.0" },
3066 { VID_SSH_IPSEC_EXPRESS_2_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_2_1_0), "SSH Communications Security IPSEC Express version 2.1.0" },
3067 { VID_SSH_IPSEC_EXPRESS_2_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_2_1_1), "SSH Communications Security IPSEC Express version 2.1.1" },
3068 { VID_SSH_IPSEC_EXPRESS_2_1_2, sizeof(VID_SSH_IPSEC_EXPRESS_2_1_2), "SSH Communications Security IPSEC Express version 2.1.2" },
3069 { VID_SSH_IPSEC_EXPRESS_3_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_3_0_0), "SSH Communications Security IPSEC Express version 3.0.0" },
3070 { VID_SSH_IPSEC_EXPRESS_3_0_1, sizeof(VID_SSH_IPSEC_EXPRESS_3_0_1), "SSH Communications Security IPSEC Express version 3.0.1" },
3071 { VID_SSH_IPSEC_EXPRESS_4_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_4_0_0), "SSH Communications Security IPSEC Express version 4.0.0" },
3072 { VID_SSH_IPSEC_EXPRESS_4_0_1, sizeof(VID_SSH_IPSEC_EXPRESS_4_0_1), "SSH Communications Security IPSEC Express version 4.0.1" },
3073 { VID_SSH_IPSEC_EXPRESS_4_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_4_1_0), "SSH Communications Security IPSEC Express version 4.1.0" },
3074 { VID_SSH_IPSEC_EXPRESS_4_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_4_1_1), "SSH Communications Security IPSEC Express version 4.1.1" },
3075 { VID_SSH_IPSEC_EXPRESS_4_2_0, sizeof(VID_SSH_IPSEC_EXPRESS_4_2_0), "SSH Communications Security IPSEC Express version 4.2.0" },
3076 { VID_SSH_IPSEC_EXPRESS_5_0, sizeof(VID_SSH_IPSEC_EXPRESS_5_0), "SSH Communications Security IPSEC Express version 5.0" },
3077 { VID_SSH_IPSEC_EXPRESS_5_0_0, sizeof(VID_SSH_IPSEC_EXPRESS_5_0_0), "SSH Communications Security IPSEC Express version 5.0.0" },
3078 { VID_SSH_IPSEC_EXPRESS_5_1_0, sizeof(VID_SSH_IPSEC_EXPRESS_5_1_0), "SSH Communications Security IPSEC Express version 5.1.0" },
3079 { VID_SSH_IPSEC_EXPRESS_5_1_1, sizeof(VID_SSH_IPSEC_EXPRESS_5_1_1), "SSH Communications Security IPSEC Express version 5.1.1" },
3080 { VID_SSH_SENTINEL, sizeof(VID_SSH_SENTINEL), "SSH Sentinel" },
3081 { VID_SSH_SENTINEL_1_1, sizeof(VID_SSH_SENTINEL_1_1), "SSH Sentinel 1.1" },
3082 { VID_SSH_SENTINEL_1_2, sizeof(VID_SSH_SENTINEL_1_2), "SSH Sentinel 1.2" },
3083 { VID_SSH_SENTINEL_1_3, sizeof(VID_SSH_SENTINEL_1_3), "SSH Sentinel 1.3" },
3084 { VID_SSH_SENTINEL_1_4, sizeof(VID_SSH_SENTINEL_1_4), "SSH Sentinel 1.4" },
3085 { VID_SSH_SENTINEL_1_4_1, sizeof(VID_SSH_SENTINEL_1_4_1), "SSH Sentinel 1.4.1" },
3086 { VID_SSH_QUICKSEC_0_9_0, sizeof(VID_SSH_QUICKSEC_0_9_0), "SSH Communications Security QuickSec 0.9.0" },
3087 { VID_SSH_QUICKSEC_1_1_0, sizeof(VID_SSH_QUICKSEC_1_1_0), "SSH Communications Security QuickSec 1.1.0" },
3088 { VID_SSH_QUICKSEC_1_1_1, sizeof(VID_SSH_QUICKSEC_1_1_1), "SSH Communications Security QuickSec 1.1.1" },
3089 { VID_SSH_QUICKSEC_1_1_2, sizeof(VID_SSH_QUICKSEC_1_1_2), "SSH Communications Security QuickSec 1.1.2" },
3090 { VID_SSH_QUICKSEC_1_1_3, sizeof(VID_SSH_QUICKSEC_1_1_3), "SSH Communications Security QuickSec 1.1.3" },
3091 { VID_draft_huttunen_ipsec_esp_in_udp_00, sizeof(VID_draft_huttunen_ipsec_esp_in_udp_00), "draft-huttunen-ipsec-esp-in-udp-00.txt" },
3092 { VID_draft_huttunen_ipsec_esp_in_udp_01, sizeof(VID_draft_huttunen_ipsec_esp_in_udp_01), "draft-huttunen-ipsec-esp-in-udp-01.txt (ESPThruNAT)" },
3093 { VID_draft_stenberg_ipsec_nat_traversal_01, sizeof(VID_draft_stenberg_ipsec_nat_traversal_01), "draft-stenberg-ipsec-nat-traversal-01" },
3094 { VID_draft_stenberg_ipsec_nat_traversal_02, sizeof(VID_draft_stenberg_ipsec_nat_traversal_02), "draft-stenberg-ipsec-nat-traversal-02" },
3095 { VID_draft_ietf_ipsec_nat_t_ike, sizeof(VID_draft_ietf_ipsec_nat_t_ike), "draft-ietf-ipsec-nat-t-ike" },
3096 { VID_draft_ietf_ipsec_nat_t_ike_00, sizeof(VID_draft_ietf_ipsec_nat_t_ike_00), "draft-ietf-ipsec-nat-t-ike-00" },
3097 { VID_draft_ietf_ipsec_nat_t_ike_01, sizeof(VID_draft_ietf_ipsec_nat_t_ike_01), "draft-ietf-ipsec-nat-t-ike-01" },
3098 { VID_draft_ietf_ipsec_nat_t_ike_02, sizeof(VID_draft_ietf_ipsec_nat_t_ike_02), "draft-ietf-ipsec-nat-t-ike-02" },
3099 { VID_draft_ietf_ipsec_nat_t_ike_02n, sizeof(VID_draft_ietf_ipsec_nat_t_ike_02n), "draft-ietf-ipsec-nat-t-ike-02\\n" },
3100 { VID_draft_ietf_ipsec_nat_t_ike_03, sizeof(VID_draft_ietf_ipsec_nat_t_ike_03), "draft-ietf-ipsec-nat-t-ike-03" },
3101 { VID_draft_ietf_ipsec_nat_t_ike_04, sizeof(VID_draft_ietf_ipsec_nat_t_ike_04), "draft-ietf-ipsec-nat-t-ike-04" },
3102 { VID_draft_ietf_ipsec_nat_t_ike_05, sizeof(VID_draft_ietf_ipsec_nat_t_ike_05), "draft-ietf-ipsec-nat-t-ike-05" },
3103 { VID_draft_ietf_ipsec_nat_t_ike_06, sizeof(VID_draft_ietf_ipsec_nat_t_ike_06), "draft-ietf-ipsec-nat-t-ike-06" },
3104 { VID_draft_ietf_ipsec_nat_t_ike_07, sizeof(VID_draft_ietf_ipsec_nat_t_ike_07), "draft-ietf-ipsec-nat-t-ike-07" },
3105 { VID_draft_ietf_ipsec_nat_t_ike_08, sizeof(VID_draft_ietf_ipsec_nat_t_ike_08), "draft-ietf-ipsec-nat-t-ike-08" },
3106 { VID_draft_ietf_ipsec_nat_t_ike_09, sizeof(VID_draft_ietf_ipsec_nat_t_ike_09), "draft-ietf-ipsec-nat-t-ike-09" },
3107 { VID_testing_nat_t_rfc, sizeof(VID_testing_nat_t_rfc), "Testing NAT-T RFC" },
3108 { VID_rfc3947_nat_t, sizeof(VID_rfc3947_nat_t), "RFC 3947 Negotiation of NAT-Traversal in the IKE" },
3109 { VID_draft_beaulieu_ike_xauth_02, sizeof(VID_draft_beaulieu_ike_xauth_02), "draft-beaulieu-ike-xauth-02.txt" },
3110 { VID_xauth, sizeof(VID_xauth), "XAUTH" },
3111 { VID_rfc3706_dpd, sizeof(VID_rfc3706_dpd), "RFC 3706 DPD (Dead Peer Detection)" },
3112 { VID_draft_ietf_ipsec_antireplay_00, sizeof(VID_draft_ietf_ipsec_antireplay_00), "draft-ietf-ipsec-antireplay-00.txt" },
3113 { VID_draft_ietf_ipsec_heartbeats_00, sizeof(VID_draft_ietf_ipsec_heartbeats_00), "draft-ietf-ipsec-heartbeats-00.txt" },
3114 { VID_IKE_CHALLENGE_RESPONSE_1, sizeof(VID_IKE_CHALLENGE_RESPONSE_1), "IKE Challenge/Response for Authenticated Cryptographic Keys" },
3115 { VID_IKE_CHALLENGE_RESPONSE_2, sizeof(VID_IKE_CHALLENGE_RESPONSE_2), "IKE Challenge/Response for Authenticated Cryptographic Keys" },
3116 { VID_IKE_CHALLENGE_RESPONSE_REV_1, sizeof(VID_IKE_CHALLENGE_RESPONSE_REV_1), "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)" },
3117 { VID_IKE_CHALLENGE_RESPONSE_REV_2, sizeof(VID_IKE_CHALLENGE_RESPONSE_REV_2), "IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)" },
3118 { VID_CISCO_FRAG2, sizeof(VID_CISCO_FRAG2), "Cisco Fragmentation" },
3119 { VID_CISCO_FLEXVPN_SUPPORTED, sizeof(VID_CISCO_FLEXVPN_SUPPORTED), "Cisco FlexVPN Supported" },
3120 { VID_CISCO_DELETE_REASON, sizeof(VID_CISCO_DELETE_REASON), "Cisco Delete Reason Supported"},
3121 { VID_CISCO_DYNAMIC_ROUTE, sizeof(VID_CISCO_DYNAMIC_ROUTE), "Cisco Dynamic Route Supported"},
3122 { VID_CISCO_VPN_REV_02, sizeof(VID_CISCO_VPN_REV_02), "Cisco VPN Revision 2"},
3123 { VID_CISCO_COPYRIGHT, sizeof(VID_CISCO_COPYRIGHT), "Cisco Copyright"},
3124 { VID_CISCO_GRE_MODE, sizeof(VID_CISCO_GRE_MODE), "Cisco GRE Mode Supported"},
3125 { VID_MS_VID_INITIAL_CONTACT, sizeof(VID_MS_VID_INITIAL_CONTACT), "Microsoft Vid-Initial-Contact" },
3126 { VID_GSS_API_1, sizeof(VID_GSS_API_1), "A GSS-API Authentication Method for IKE" },
3127 { VID_GSS_API_2, sizeof(VID_GSS_API_2), "A GSS-API Authentication Method for IKE" },
3128 { VID_GSSAPI, sizeof(VID_GSSAPI), "GSSAPI" },
3129 { VID_MS_NT5_ISAKMPOAKLEY, sizeof(VID_MS_NT5_ISAKMPOAKLEY), "MS NT5 ISAKMPOAKLEY" },
3130 { VID_CISCO_UNITY, sizeof(VID_CISCO_UNITY), "CISCO-UNITY" },
3131 { VID_CISCO_CONCENTRATOR, sizeof(VID_CISCO_CONCENTRATOR), "CISCO-CONCENTRATOR" },
3132 { VID_CISCO_FRAG, sizeof(VID_CISCO_FRAG), "Cisco Fragmentation" },
3133 { VID_CP_01_R65, sizeof(VID_CP_01_R65), "CryptoPro/GOST 0.1 / Check Point R65" },
3134 { VID_CP_10_R71, sizeof(VID_CP_10_R71), "CryptoPro/GOST 1.0 / Check Point R71" },
3135 { VID_CP_11, sizeof(VID_CP_11), "CryptoPro/GOST 1.1" },
3136 { VID_CYBERGUARD, sizeof(VID_CYBERGUARD), "CyberGuard" },
3137 { VID_SHREWSOFT, sizeof(VID_SHREWSOFT), "Shrew Soft" },
3138 { VID_STRONGSWAN, sizeof(VID_STRONGSWAN), "strongSwan" },
3139 { VID_KAME_RACOON, sizeof(VID_KAME_RACOON), "KAME/racoon" },
3140 { VID_IPSEC_TOOLS, sizeof(VID_IPSEC_TOOLS), "IPSec-Tools" },
3141 { VID_NETSCREEN_1, sizeof(VID_NETSCREEN_1), "Netscreen-1" },
3142 { VID_NETSCREEN_2, sizeof(VID_NETSCREEN_2), "Netscreen-2" },
3143 { VID_NETSCREEN_3, sizeof(VID_NETSCREEN_3), "Netscreen-3" },
3144 { VID_NETSCREEN_4, sizeof(VID_NETSCREEN_4), "Netscreen-4" },
3145 { VID_NETSCREEN_5, sizeof(VID_NETSCREEN_5), "Netscreen-5" },
3146 { VID_NETSCREEN_6, sizeof(VID_NETSCREEN_6), "Netscreen-6" },
3147 { VID_NETSCREEN_7, sizeof(VID_NETSCREEN_7), "Netscreen-7" },
3148 { VID_NETSCREEN_8, sizeof(VID_NETSCREEN_8), "Netscreen-8" },
3149 { VID_NETSCREEN_9, sizeof(VID_NETSCREEN_9), "Netscreen-9" },
3150 { VID_NETSCREEN_10, sizeof(VID_NETSCREEN_10), "Netscreen-10" },
3151 { VID_NETSCREEN_11, sizeof(VID_NETSCREEN_11), "Netscreen-11" },
3152 { VID_NETSCREEN_12, sizeof(VID_NETSCREEN_12), "Netscreen-12" },
3153 { VID_NETSCREEN_13, sizeof(VID_NETSCREEN_13), "Netscreen-13" },
3154 { VID_NETSCREEN_14, sizeof(VID_NETSCREEN_14), "Netscreen-14" },
3155 { VID_NETSCREEN_15, sizeof(VID_NETSCREEN_15), "Netscreen-15" },
3156 { VID_NETSCREEN_16, sizeof(VID_NETSCREEN_16), "Netscreen-16" },
3157 { VID_ZYWALL, sizeof(VID_ZYWALL), "ZYWALL" },
3158 { VID_SIDEWINDER, sizeof(VID_SIDEWINDER), "SIDEWINDER" },
3159 { VID_SONICWALL, sizeof(VID_SONICWALL), "SonicWALL" },
3160 { VID_HEARTBEAT_NOTIFY, sizeof(VID_HEARTBEAT_NOTIFY), "Heartbeat Notify" },
3161 { VID_DWR, sizeof(VID_DWR), "DWR: Delete with reason" },
3162 { VID_ARUBA_RAP, sizeof(VID_ARUBA_RAP), "Remote AP (Aruba Networks)" },
3163 { VID_ARUBA_CONTROLLER, sizeof(VID_ARUBA_CONTROLLER), "Controller (Aruba Networks)" },
3164 { VID_ARUBA_VIA_CLIENT, sizeof(VID_ARUBA_VIA_CLIENT), "VIA Client (Aruba Networks)" },
3165 { VID_ARUBA_VIA_AUTH_PROFILE, sizeof(VID_ARUBA_VIA_AUTH_PROFILE), "VIA Auth Profile (Aruba Networks)" },
3166 { VID_MS_IKEE_20080212_CGA1, sizeof(VID_MS_IKEE_20080212_CGA1), "IKE CGA Version 1" },
3167 { VID_MS_IKEE_20080212_MS_NDC, sizeof(VID_MS_IKEE_20080212_MS_NDC), "MS-Negotiation Discovery Capable" },
3168 { VID_FORTINET_FORTIGATE, sizeof(VID_FORTINET_FORTIGATE), "Fortigate (Fortinet)" },
3169 { VID_FORTINET_FORTICLIENT_CONNECT, sizeof(VID_FORTINET_FORTICLIENT_CONNECT), "Forticlient connect license (Fortinet)" },
3170 { VID_FORTINET_ENDPOINT_CONTROL, sizeof(VID_FORTINET_ENDPOINT_CONTROL), "Endpoint Control (Fortinet)" },
3171 { VID_FORTINET_AUTODISCOVERY_RECEIVER, sizeof(VID_FORTINET_AUTODISCOVERY_RECEIVER), "Auto-Discovery Receiver (Fortinet)" },
3172 { VID_FORTINET_AUTODISCOVERY_SENDER, sizeof(VID_FORTINET_AUTODISCOVERY_SENDER), "Auto-Discovery Sender (Fortinet)" },
3173 { VID_FORTINET_EXCHANGE_INTERFACE_IP, sizeof(VID_FORTINET_EXCHANGE_INTERFACE_IP), "Exchange Interface IP (Fortinet)" },
3174 { 0, 0, NULL }
3175 };
3176
3177
3178
3179 static void
3180 // NOLINTNEXTLINE(misc-no-recursion)
3181 dissect_payloads(tvbuff_t *tvb, proto_tree *tree,
3182 int isakmp_version, uint8_t initial_payload, int offset, int length,
3183 packet_info *pinfo, uint32_t message_id, bool is_request, void* decr_data)
3184 {
3185 uint8_t payload, next_payload;
3186 uint16_t payload_length;
3187 proto_tree * ntree;
3188
3189 for (payload = initial_payload; length > 0; payload = next_payload) {
3190 if (payload == PLOAD_IKE_NONE) {
3191 /*
3192 * What? There's more stuff in this chunk of data, but the
3193 * previous payload had a "next payload" type of None?
3194 */
3195 proto_tree_add_item(tree, hf_isakmp_extradata, tvb, offset, length, ENC_NA);
3196 break;
3197 }
3198
3199 ntree = dissect_payload_header(tvb, pinfo, offset, length, isakmp_version, payload, &next_payload, &payload_length, tree);
3200 if (payload_length >= 4) { /* XXX = > 4? */
3201 increment_dissection_depth(pinfo);
3202 tvb_ensure_bytes_exist(tvb, offset + 4, payload_length - 4);
3203 switch(payload){
3204 case PLOAD_IKE_SA:
3205 case PLOAD_IKE2_SA:
3206 dissect_sa(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo, is_request, decr_data);
3207 break;
3208 case PLOAD_IKE_P:
3209 dissect_proposal(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version, decr_data );
3210 break;
3211 case PLOAD_IKE_KE:
3212 case PLOAD_IKE2_KE:
3213 dissect_key_exch(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo, decr_data );
3214 break;
3215 case PLOAD_IKE_ID:
3216 case PLOAD_IKE2_IDI:
3217 case PLOAD_IKE2_IDR:
3218 dissect_id(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
3219 break;
3220 case PLOAD_IKE_CERT:
3221 case PLOAD_IKE2_CERT:
3222 dissect_cert(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
3223 break;
3224 case PLOAD_IKE_CR:
3225 case PLOAD_IKE2_CERTREQ:
3226 dissect_certreq(tvb, offset + 4, payload_length - 4, ntree, isakmp_version, pinfo );
3227 break;
3228 case PLOAD_IKE_HASH:
3229 dissect_hash(tvb, offset + 4, payload_length - 4, ntree);
3230 break;
3231 case PLOAD_IKE_SIG:
3232 dissect_sig(tvb, offset + 4, payload_length - 4, ntree);
3233 break;
3234 case PLOAD_IKE_NONCE:
3235 case PLOAD_IKE2_NONCE:
3236 dissect_nonce(tvb, offset + 4, payload_length - 4, ntree);
3237 break;
3238 case PLOAD_IKE_N:
3239 case PLOAD_IKE2_N:
3240 dissect_notif(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version);
3241 break;
3242 case PLOAD_IKE_D:
3243 case PLOAD_IKE2_D:
3244 dissect_delete(tvb, offset + 4, payload_length - 4, ntree, isakmp_version);
3245 break;
3246 case PLOAD_IKE_VID:
3247 case PLOAD_IKE2_V:
3248 dissect_vid(tvb, offset + 4, payload_length - 4, ntree);
3249 break;
3250 case PLOAD_IKE_A:
3251 case PLOAD_IKE2_CP:
3252 dissect_config(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version, is_request);
3253 break;
3254 case PLOAD_IKE_SAK:
3255 dissect_sa_kek(tvb, pinfo, offset + 4, payload_length - 4, ntree);
3256 break;
3257 case PLOAD_IKE_SAT:
3258 dissect_sa_tek(tvb, pinfo, offset + 4, payload_length - 4, ntree);
3259 break;
3260 case PLOAD_IKE_KD:
3261 dissect_key_download(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version);
3262 break;
3263 case PLOAD_IKE_SEQ:
3264 dissect_sequence(tvb, pinfo, offset + 4, payload_length - 4, ntree);
3265 break;
3266 case PLOAD_IKE2_AUTH:
3267 dissect_auth(tvb, pinfo, offset + 4, payload_length - 4, ntree);
3268 break;
3269 case PLOAD_IKE2_TSI:
3270 case PLOAD_IKE2_TSR:
3271 dissect_ts_payload(tvb, offset + 4, payload_length - 4, ntree);
3272 break;
3273 case PLOAD_IKE2_SK:
3274 if(isakmp_version == 2)
3275 dissect_enc(tvb, offset + 4, payload_length - 4, ntree, pinfo, next_payload, is_request, decr_data, true);
3276 break;
3277 case PLOAD_IKE2_EAP:
3278 dissect_eap(tvb, offset + 4, payload_length - 4, ntree, pinfo );
3279 break;
3280 case PLOAD_IKE2_GSPM:
3281 dissect_gspm(tvb, offset + 4, payload_length - 4, ntree);
3282 break;
3283 case PLOAD_IKE_NAT_D:
3284 case PLOAD_IKE_NAT_D13:
3285 dissect_nat_discovery(tvb, offset + 4, payload_length - 4, ntree );
3286 break;
3287 case PLOAD_IKE_NAT_OA:
3288 case PLOAD_IKE_NAT_OA14:
3289 dissect_nat_original_address(tvb, offset + 4, payload_length - 4, ntree, isakmp_version );
3290 break;
3291 case PLOAD_IKE_CISCO_FRAG:
3292 dissect_cisco_fragmentation(tvb, offset + 4, payload_length - 4, ntree, pinfo );
3293 break;
3294 case PLOAD_IKE2_SKF:
3295 if (isakmp_version == 2) {
3296 /* N.B. not passing in length as must be the last payload in the message */
3297 dissect_ikev2_fragmentation(tvb, offset + 4, ntree, pinfo, message_id, next_payload, is_request, decr_data );
3298 }
3299 break;
3300 case PLOAD_IKE_SK:
3301 dissect_symmetric_key(tvb, offset + 4, payload_length - 4, ntree);
3302 break;
3303 default:
3304 proto_tree_add_item(ntree, hf_isakmp_datapayload, tvb, offset + 4, payload_length-4, ENC_NA);
3305 break;
3306 }
3307 increment_dissection_depth(pinfo);
3308 }
3309 else if (payload_length > length) {
3310 proto_tree_add_expert_format(ntree, pinfo, &ei_isakmp_payload_bad_length, tvb, 0, 0,
3311 "Payload (bogus, length is %u, greater than remaining length %d",
3312 payload_length, length);
3313 return;
3314 }
3315 else {
3316 proto_tree_add_expert_format(ntree, pinfo, &ei_isakmp_payload_bad_length, tvb, 0, 0,
3317 "Payload (bogus, length is %u, must be at least 4)",
3318 payload_length);
3319 payload_length = 4;
3320 }
3321
3322 offset += payload_length;
3323 length -= payload_length;
3324 }
3325 }
3326
3327 void
3328 isakmp_dissect_payloads(tvbuff_t *tvb, proto_tree *tree, int isakmp_version,
3329 uint8_t initial_payload, int offset, int length,
3330 packet_info *pinfo)
3331 {
3332 dissect_payloads(tvb, tree, isakmp_version, initial_payload, offset, length,
3333 pinfo, 0, false, NULL);
3334 }
3335
3336 static int
3337 // NOLINTNEXTLINE(misc-no-recursion)
3338 dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
3339 {
3340 int offset = 0, len;
3341 isakmp_hdr_t hdr;
3342 proto_item *ti, *vers_item, *ti_root;
3343 proto_tree *isakmp_tree = NULL, *vers_tree;
3344 int isakmp_version;
3345 void* decr_data = NULL;
3346 uint8_t flags;
3347 uint8_t i_cookie[COOKIE_SIZE], *ic_key;
3348 decrypt_data_t *decr = NULL;
3349 tvbuff_t *decr_tvb;
3350 proto_tree *decr_tree;
3351 address null_addr;
3352
3353 col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISAKMP");
3354 col_clear(pinfo->cinfo, COL_INFO);
3355
3356 /* Some simple heuristics to catch non-isakmp packets */
3357 if (tvb_reported_length(tvb)== 1 && tvb_get_uint8(tvb, offset) !=0xff)
3358 return 0;
3359 else if (tvb_reported_length(tvb) < ISAKMP_HDR_SIZE)
3360 return 0;
3361 else if (tvb_get_ntohl(tvb, ISAKMP_HDR_SIZE-4) < ISAKMP_HDR_SIZE)
3362 return 0;
3363
3364 ti_root = proto_tree_add_item(tree, proto_isakmp, tvb, offset, -1, ENC_NA);
3365 isakmp_tree = proto_item_add_subtree(ti_root, ett_isakmp);
3366
3367 /* RFC3948 2.3 NAT Keepalive packet:
3368 * 1 byte payload with the value 0xff.
3369 */
3370 if ( (tvb_reported_length(tvb)== 1) && (tvb_get_uint8(tvb, offset) == 0xff) ){
3371 col_set_str(pinfo->cinfo, COL_INFO, "NAT Keepalive");
3372 proto_tree_add_item(isakmp_tree, hf_isakmp_nat_keepalive, tvb, offset, 1, ENC_NA);
3373 return 1;
3374 }
3375
3376 hdr.length = tvb_get_ntohl(tvb, offset + ISAKMP_HDR_SIZE - 4);
3377 hdr.exch_type = tvb_get_uint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1 + 1);
3378 hdr.version = tvb_get_uint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1);
3379 isakmp_version = hi_nibble(hdr.version); /* save the version */
3380 hdr.flags = tvb_get_uint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1 + 1 + 1);
3381
3382 if (isakmp_version == 1) {
3383 clear_address(&null_addr);
3384
3385 tvb_memcpy(tvb, i_cookie, offset, COOKIE_SIZE);
3386 decr = (decrypt_data_t*) g_hash_table_lookup(isakmp_hash, i_cookie);
3387
3388 if (! decr) {
3389 ic_key = (uint8_t *)g_slice_alloc(COOKIE_SIZE);
3390 memcpy(ic_key, i_cookie, COOKIE_SIZE);
3391 decr = create_decrypt_data();
3392 g_hash_table_insert(isakmp_hash, ic_key, decr);
3393 }
3394
3395 if (addresses_equal(&decr->initiator, &null_addr)) {
3396 /* XXX - We assume that we're seeing the second packet in an exchange here.
3397 * Is there a way to verify this? */
3398 copy_address_wmem(wmem_file_scope(), &decr->initiator, &pinfo->src);
3399 }
3400
3401 decr_data = decr;
3402 } else if (isakmp_version == 2) {
3403 ikev2_uat_data_key_t hash_key;
3404 ikev2_uat_data_t *ike_sa_data;
3405 ikev2_decrypt_data_t *ikev2_dec_data;
3406 unsigned char spii[COOKIE_SIZE], spir[COOKIE_SIZE];
3407
3408 tvb_memcpy(tvb, spii, offset, COOKIE_SIZE);
3409 tvb_memcpy(tvb, spir, offset + COOKIE_SIZE, COOKIE_SIZE);
3410 hash_key.spii = spii;
3411 hash_key.spir = spir;
3412 hash_key.spii_len = COOKIE_SIZE;
3413 hash_key.spir_len = COOKIE_SIZE;
3414
3415 ike_sa_data = (ikev2_uat_data_t *)g_hash_table_lookup(ikev2_key_hash, &hash_key);
3416 if (ike_sa_data) {
3417 uint8_t initiator_flag;
3418 initiator_flag = hdr.flags & I_FLAG;
3419 ikev2_dec_data = wmem_new(pinfo->pool, ikev2_decrypt_data_t);
3420 ikev2_dec_data->encr_key = initiator_flag ? ike_sa_data->sk_ei : ike_sa_data->sk_er;
3421 ikev2_dec_data->auth_key = initiator_flag ? ike_sa_data->sk_ai : ike_sa_data->sk_ar;
3422 ikev2_dec_data->encr_spec = ike_sa_data->encr_spec;
3423 ikev2_dec_data->auth_spec = ike_sa_data->auth_spec;
3424
3425 decr_data = ikev2_dec_data;
3426 }
3427 }
3428
3429 {
3430 proto_tree_add_item(isakmp_tree, hf_isakmp_ispi, tvb, offset, COOKIE_SIZE, ENC_NA);
3431 offset += COOKIE_SIZE;
3432
3433 proto_tree_add_item(isakmp_tree, hf_isakmp_rspi, tvb, offset, COOKIE_SIZE, ENC_NA);
3434 offset += COOKIE_SIZE;
3435
3436 hdr.next_payload = tvb_get_uint8(tvb, offset);
3437 proto_tree_add_item(isakmp_tree, hf_isakmp_nextpayload, tvb, offset, 1, ENC_BIG_ENDIAN);
3438
3439 offset += 1;
3440
3441 vers_item = proto_tree_add_uint_format_value(isakmp_tree, hf_isakmp_version, tvb, offset,
3442 1, hdr.version, "%u.%u",
3443 hi_nibble(hdr.version), lo_nibble(hdr.version));
3444 vers_tree = proto_item_add_subtree(vers_item, ett_isakmp_version);
3445 proto_tree_add_item(vers_tree, hf_isakmp_mjver, tvb, offset, 1, ENC_BIG_ENDIAN);
3446 proto_tree_add_item(vers_tree, hf_isakmp_mnver, tvb, offset, 1, ENC_BIG_ENDIAN);
3447 offset += 1;
3448
3449 if(isakmp_version == 1) {
3450 proto_tree_add_item(isakmp_tree, hf_isakmp_exchangetype_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
3451 col_add_str(pinfo->cinfo, COL_INFO,val_to_str(hdr.exch_type, exchange_v1_type, "Unknown %d"));
3452 } else if (isakmp_version == 2){
3453 proto_tree_add_item(isakmp_tree, hf_isakmp_exchangetype_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
3454 col_add_str(pinfo->cinfo, COL_INFO,val_to_str(hdr.exch_type, exchange_v2_type, "Unknown %d"));
3455 }
3456 offset += 1;
3457
3458 {
3459 proto_item * fti;
3460 proto_tree * ftree;
3461
3462 fti = proto_tree_add_item(isakmp_tree, hf_isakmp_flags, tvb, offset, 1, ENC_BIG_ENDIAN);
3463 ftree = proto_item_add_subtree(fti, ett_isakmp_flags);
3464 flags = tvb_get_uint8(tvb, offset);
3465
3466 if (isakmp_version == 1) {
3467 proto_tree_add_item(ftree, hf_isakmp_flag_e, tvb, offset, 1, ENC_BIG_ENDIAN);
3468
3469 proto_tree_add_item(ftree, hf_isakmp_flag_c, tvb, offset, 1, ENC_BIG_ENDIAN);
3470
3471 proto_tree_add_item(ftree, hf_isakmp_flag_a, tvb, offset, 1, ENC_BIG_ENDIAN);
3472
3473 } else if (isakmp_version == 2) {
3474 proto_tree_add_item(ftree, hf_isakmp_flag_i, tvb, offset, 1, ENC_BIG_ENDIAN);
3475 proto_tree_add_item(ftree, hf_isakmp_flag_v, tvb, offset, 1, ENC_BIG_ENDIAN);
3476 proto_tree_add_item(ftree, hf_isakmp_flag_r, tvb, offset, 1, ENC_BIG_ENDIAN);
3477
3478 proto_item_append_text(fti, " (%s, %s, %s)",
3479 tfs_get_string(flags & I_FLAG, &flag_i),
3480 tfs_get_string(flags & V_FLAG, &flag_v),
3481 tfs_get_string(flags & R_FLAG, &tfs_response_request));
3482 }
3483 offset += 1;
3484 }
3485
3486 hdr.message_id = tvb_get_ntohl(tvb, offset);
3487 proto_tree_add_item(isakmp_tree, hf_isakmp_messageid, tvb, offset, 4, ENC_BIG_ENDIAN);
3488 offset += 4;
3489
3490 /* Add some summary to the Info column */
3491 if (isakmp_version == 2) {
3492 col_append_fstr(pinfo->cinfo, COL_INFO, " MID=%02u %s %s",
3493 hdr.message_id,
3494 tfs_get_string(flags & I_FLAG, &flag_i),
3495 tfs_get_string(flags & R_FLAG, &tfs_response_request));
3496 }
3497
3498 if (hdr.length < ISAKMP_HDR_SIZE) {
3499 proto_tree_add_uint_format_value(isakmp_tree, hf_isakmp_length, tvb, offset, 4,
3500 hdr.length, "(bogus, length is %u, should be at least %lu)",
3501 hdr.length, (unsigned long)ISAKMP_HDR_SIZE);
3502 return tvb_captured_length(tvb);
3503 }
3504
3505 len = hdr.length - ISAKMP_HDR_SIZE;
3506
3507 if (len < 0) {
3508 proto_tree_add_uint_format_value(isakmp_tree, hf_isakmp_length, tvb, offset, 4,
3509 hdr.length, "(bogus, length is %u, which is too large)",
3510 hdr.length);
3511 return tvb_captured_length(tvb);
3512 }
3513 tvb_ensure_bytes_exist(tvb, offset, len);
3514 proto_tree_add_item(isakmp_tree, hf_isakmp_length, tvb, offset, 4, ENC_BIG_ENDIAN);
3515 offset += 4;
3516
3517 if (isakmp_version == 1 && (hdr.flags & E_FLAG)) {
3518 /* Encrypted flag set (v1 only), so decrypt before dissecting payloads */
3519 if (len) {
3520 ti = proto_tree_add_item(isakmp_tree, hf_isakmp_enc_data, tvb, offset, len, ENC_NA);
3521 proto_item_append_text(ti, " (%d byte%s)", len, plurality(len, "", "s"));
3522
3523 /* Collect initialization vectors during first pass. */
3524 if (!PINFO_FD_VISITED(pinfo))
3525 if (prepare_decrypt(decr))
3526 update_ivs(pinfo, tvb_get_ptr(tvb, offset, len), len, hdr.message_id, decr);
3527 decr_tvb = decrypt_payload(tvb, pinfo, tvb_get_ptr(tvb, offset, len), len, decr);
3528 if (decr_tvb) {
3529 decr_tree = proto_item_add_subtree(ti, ett_isakmp);
3530 dissect_payloads(decr_tvb, decr_tree, isakmp_version,
3531 hdr.next_payload, 0, tvb_reported_length(decr_tvb), pinfo, hdr.message_id, !(flags & R_FLAG), decr_data);
3532 }
3533 }
3534 } else {
3535 dissect_payloads(tvb, isakmp_tree, isakmp_version, hdr.next_payload,
3536 offset, len, pinfo, hdr.message_id, !(flags & R_FLAG), decr_data);
3537 }
3538
3539 offset += len;
3540 }
3541
3542 proto_item_set_end(ti_root, tvb, offset);
3543
3544 return offset;
3545 }
3546
3547
3548 static proto_tree *
3549 dissect_payload_header(tvbuff_t *tvb, packet_info *pinfo, int offset, int length,
3550 int isakmp_version, uint8_t payload, uint8_t *next_payload_p,
3551 uint16_t *payload_length_p, proto_tree *tree)
3552 {
3553 uint8_t next_payload;
3554 uint16_t payload_length;
3555 proto_item * ti;
3556 proto_tree * ntree;
3557
3558 if (length < 4) {
3559 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_payload_bad_length, tvb, offset, length,
3560 "Not enough room in payload for all transforms");
3561 *next_payload_p = 0;
3562 *payload_length_p = 0;
3563 return NULL;
3564 }
3565 next_payload = tvb_get_uint8(tvb, offset);
3566 payload_length = tvb_get_ntohs(tvb, offset + 2);
3567
3568 ti = proto_tree_add_uint(tree, hf_isakmp_typepayload, tvb, offset, payload_length, payload);
3569
3570 ntree = proto_item_add_subtree(ti, ett_isakmp_payload);
3571
3572 proto_tree_add_item(ntree, hf_isakmp_nextpayload, tvb, offset, 1, ENC_BIG_ENDIAN);
3573
3574 /* The critical flag only applies to IKEv2 payloads but not proposals and transforms. */
3575 if (isakmp_version == 1 || payload == PLOAD_IKE_P || payload == PLOAD_IKE_T) {
3576 proto_tree_add_item(ntree, hf_isakmp_reserved, tvb, offset + 1, 1, ENC_NA);
3577 } else if (isakmp_version == 2) {
3578 proto_tree_add_item(ntree, hf_isakmp_criticalpayload, tvb, offset+1, 1, ENC_BIG_ENDIAN);
3579 proto_tree_add_item(ntree, hf_isakmp_reserved7, tvb, offset + 1, 1, ENC_BIG_ENDIAN);
3580 }
3581 proto_tree_add_item(ntree, hf_isakmp_payloadlen, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
3582
3583 *next_payload_p = next_payload;
3584 *payload_length_p = payload_length;
3585 return ntree;
3586 }
3587
3588 static void
3589 // NOLINTNEXTLINE(misc-no-recursion)
3590 dissect_sa(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo, bool is_request, void* decr_data)
3591 {
3592 uint32_t doi;
3593 uint16_t saattr;
3594 proto_item *sti;
3595 proto_tree *stree;
3596 proto_tree *currtree;
3597
3598 /* make a copy of current tree working position which we will use while dissecting other payloads*/
3599 currtree = tree;
3600 if (isakmp_version == 1) {
3601 doi = tvb_get_ntohl(tvb, offset);
3602
3603 proto_tree_add_item(tree, hf_isakmp_sa_doi, tvb, offset, 4, ENC_BIG_ENDIAN);
3604
3605 offset += 4;
3606 length -= 4;
3607
3608 switch(doi) {
3609 case 1: {
3610 /* IPSEC */
3611 if (length < 4) {
3612 proto_tree_add_bytes_format_value(tree, hf_isakmp_sa_situation, tvb, offset, length,
3613 NULL,
3614 "%s (length is %u, should be >= 4)",
3615 tvb_bytes_to_str(pinfo->pool, tvb, offset, length), length);
3616 return;
3617 }
3618 sti = proto_tree_add_item(tree, hf_isakmp_sa_situation, tvb, offset, 4, ENC_NA);
3619 stree = proto_item_add_subtree(sti, ett_isakmp_sa);
3620
3621 proto_tree_add_item(stree, hf_isakmp_sa_situation_identity_only, tvb, offset, 4, ENC_BIG_ENDIAN);
3622 proto_tree_add_item(stree, hf_isakmp_sa_situation_secrecy, tvb, offset, 4, ENC_BIG_ENDIAN);
3623 proto_tree_add_item(stree, hf_isakmp_sa_situation_integrity, tvb, offset, 4, ENC_BIG_ENDIAN);
3624
3625 offset += 4;
3626 length -= 4;
3627
3628 dissect_payloads(tvb, tree, isakmp_version, PLOAD_IKE_P, offset,
3629 length, pinfo, 0, is_request, decr_data);
3630 break;
3631 }
3632 case 2: {
3633 /* add GDOI specific changes here for RFC 6407*/
3634 if (length < 8) { /* situation + next payload + reserved2*/
3635 proto_tree_add_bytes_format_value(tree, hf_isakmp_sa_situation, tvb, offset, length,
3636 NULL,
3637 "%s (length is %u, should be >= 8)",
3638 tvb_bytes_to_str(pinfo->pool, tvb, offset, length), length);
3639 return;
3640 }
3641 proto_tree_add_item(tree, hf_isakmp_sa_situation, tvb, offset, 4, ENC_NA); /* must be always 0 as per RFC 6407 no further decoding required*/
3642 saattr = tvb_get_ntohs(tvb, offset+4);
3643 proto_tree_add_item(tree, hf_isakmp_sa_attribute_next_payload, tvb, offset+4, 2, ENC_NA);
3644 proto_tree_add_item(tree, hf_isakmp_reserved2 , tvb, offset+6, 2, ENC_NA);
3645
3646 offset += 8;
3647 length -= 8;
3648
3649 /* possible attribute values here 15(SAK),16(SAT),18(GAP)*/
3650 switch(saattr) {
3651 case PLOAD_IKE_SAK:
3652 dissect_sa_kek(tvb, pinfo, offset, length, currtree );
3653 break;
3654 case PLOAD_IKE_SAT:
3655 dissect_sa_tek(tvb, pinfo, offset, length, currtree);
3656 break;
3657 }
3658 break;
3659 }
3660 default:
3661 proto_tree_add_item(tree, hf_isakmp_sa_situation, tvb, offset, length, ENC_NA);
3662 break;
3663 }
3664 } else if (isakmp_version == 2) {
3665 dissect_payloads(tvb, tree, isakmp_version, PLOAD_IKE_P, offset,
3666 length, pinfo, 0, is_request, decr_data);
3667 }
3668 }
3669
3670 static void
3671 dissect_proposal(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version, void* decr_data)
3672 {
3673 uint8_t protocol_id;
3674 uint8_t spi_size;
3675 uint8_t num_transforms;
3676 uint8_t next_payload;
3677 uint16_t payload_length;
3678 proto_tree * ntree;
3679 uint8_t proposal_num;
3680
3681 proposal_num = tvb_get_uint8(tvb, offset);
3682
3683 proto_item_append_text(tree, " # %d", proposal_num);
3684
3685 proto_tree_add_item(tree, hf_isakmp_prop_number, tvb, offset, 1, ENC_BIG_ENDIAN);
3686 offset += 1;
3687 length -= 1;
3688
3689 protocol_id = tvb_get_uint8(tvb, offset);
3690
3691 if (isakmp_version == 1)
3692 {
3693 proto_tree_add_item(tree, hf_isakmp_prop_protoid_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
3694 }else if (isakmp_version == 2)
3695 {
3696 proto_tree_add_item(tree, hf_isakmp_prop_protoid_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
3697 }
3698 offset += 1;
3699 length -= 1;
3700
3701 spi_size = tvb_get_uint8(tvb, offset);
3702 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, ENC_BIG_ENDIAN);
3703 offset += 1;
3704 length -= 1;
3705
3706 num_transforms = tvb_get_uint8(tvb, offset);
3707 proto_tree_add_item(tree, hf_isakmp_prop_transforms, tvb, offset, 1, ENC_BIG_ENDIAN);
3708 offset += 1;
3709 length -= 1;
3710
3711 if (spi_size) {
3712 proto_tree_add_item(tree, hf_isakmp_spi, tvb, offset, spi_size, ENC_NA);
3713
3714 offset += spi_size;
3715 length -= spi_size;
3716 }
3717
3718 while (num_transforms > 0) {
3719 ntree = dissect_payload_header(tvb, pinfo, offset, length, isakmp_version,
3720 PLOAD_IKE_T, &next_payload, &payload_length, tree);
3721 if (length < payload_length) {
3722 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_payload_bad_length, tvb, offset + 4, length,
3723 "Payload (bogus, length is %u, greater than remaining length %d", payload_length, length);
3724 break;
3725 } else if (payload_length < 4) {
3726 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_payload_bad_length, tvb, offset + 4, length,
3727 "Payload (bogus, length is %u, must be at least 4)", payload_length);
3728 break;
3729 }
3730 dissect_transform(tvb, pinfo, offset + 4, payload_length - 4, ntree, isakmp_version, protocol_id, decr_data);
3731
3732 offset += payload_length;
3733 length -= payload_length;
3734 num_transforms--;
3735
3736 }
3737 }
3738
3739 /** Dissect an attribute header, which is common to all attributes.
3740 *
3741 * @param [in] tvb The tv buffer of the current data.
3742 * @param [in] tree The tree to append the attribute subtree to.
3743 * @param [in] offset The start of the data in tvb.
3744 * @param [in] hf_attr A struct of indices pointing to attribute header field descriptions.
3745 * @param [in] attr_typenames The table for translation of the attribute type id to a name.
3746 * @param [out] headerlen The length of the attribute header, excluding the value.
3747 * @param [out] value_len The length of the attribute value.
3748 * @param [out] attr_type The attribute type, as read from the attribute header.
3749 * @param [out] attr_item The root item created for this attribute.
3750 * @param [out] subtree The subtree created for this attribute.
3751 */
3752 static void
3753 dissect_attribute_header(tvbuff_t *tvb, proto_tree *tree, int offset,
3754 attribute_common_fields hf_attr, const range_string *attr_typenames,
3755 unsigned *headerlen, unsigned *value_len, unsigned *attr_type,
3756 proto_item **attr_item, proto_tree **subtree)
3757 {
3758 unsigned attr_type_format;
3759 bool has_len;
3760 const char *attr_typename;
3761
3762 attr_type_format = tvb_get_ntohs(tvb, offset);
3763 has_len = !(attr_type_format & 0x8000);
3764 *attr_type = attr_type_format & 0x7fff;
3765
3766 if (has_len) {
3767 /* Type/Length/Value format */
3768 *headerlen = 4;
3769 *value_len = tvb_get_ntohs(tvb, offset + 2);
3770 } else {
3771 /* Type/Value format */
3772 *headerlen = 2;
3773 *value_len = 2;
3774 }
3775
3776 *attr_item = proto_tree_add_item(tree, hf_attr.all, tvb, offset, *headerlen + *value_len, ENC_NA);
3777 attr_typename = rval_to_str(*attr_type, attr_typenames, "Unknown Attribute Type (%02d)");
3778 proto_item_append_text(*attr_item, " (t=%d,l=%d): %s", *attr_type, *value_len, attr_typename);
3779
3780 *subtree = proto_item_add_subtree(*attr_item, ett_isakmp_attr);
3781 proto_tree_add_item(*subtree, hf_attr.format, tvb, offset, 2, ENC_BIG_ENDIAN);
3782 proto_tree_add_uint(*subtree, hf_attr.type, tvb, offset, 2, *attr_type);
3783
3784 if (has_len)
3785 proto_tree_add_item(*subtree, hf_attr.length, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
3786
3787 if (*value_len > 0)
3788 proto_tree_add_item(*subtree, hf_attr.value, tvb, offset + *headerlen, *value_len, ENC_NA);
3789 }
3790
3791 /* Returns the number of bytes consumed by this attribute. */
3792 static int
3793 dissect_rohc_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
3794 {
3795 unsigned headerlen, value_len, attr_type;
3796 proto_item *attr_item;
3797 proto_tree *attr_tree;
3798
3799 dissect_attribute_header(tvb, tree, offset,
3800 hf_isakmp_notify_data_rohc_attr, rohc_attr_type,
3801 &headerlen, &value_len, &attr_type,
3802 &attr_item, &attr_tree);
3803
3804 offset += headerlen;
3805
3806 if (value_len == 0)
3807 {
3808 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
3809 return headerlen;
3810 }
3811
3812 switch(attr_type) {
3813 case ROHC_MAX_CID:
3814 proto_tree_add_item(attr_tree, hf_isakmp_notify_data_rohc_attr_max_cid, tvb, offset, value_len, ENC_BIG_ENDIAN);
3815 break;
3816 case ROHC_PROFILE:
3817 proto_tree_add_item(attr_tree, hf_isakmp_notify_data_rohc_attr_profile, tvb, offset, value_len, ENC_BIG_ENDIAN);
3818 break;
3819 case ROHC_INTEG:
3820 proto_tree_add_item(attr_tree, hf_isakmp_notify_data_rohc_attr_integ, tvb, offset, value_len, ENC_BIG_ENDIAN);
3821 break;
3822 case ROHC_ICV_LEN:
3823 proto_tree_add_item(attr_tree, hf_isakmp_notify_data_rohc_attr_icv_len, tvb, offset, value_len, ENC_BIG_ENDIAN);
3824 break;
3825 case ROHC_MRRU:
3826 proto_tree_add_item(attr_tree, hf_isakmp_notify_data_rohc_attr_mrru, tvb, offset, value_len, ENC_BIG_ENDIAN);
3827 break;
3828
3829 default:
3830 /* No Default Action */
3831 break;
3832 }
3833
3834 return headerlen + value_len;
3835 }
3836
3837 /* Dissect life duration, which is variable-length. Note that this function
3838 * handles both/either the security association life duration as defined in
3839 * section 4.5 of RFC2407 (https://tools.ietf.org/html/rfc2407), as well as the
3840 * life duration according to the attribute classes table in Appendix A of
3841 * RFC2409: https://tools.ietf.org/html/rfc2409#page-33 */
3842 static void
3843 dissect_life_duration(tvbuff_t *tvb, proto_tree *tree, proto_item *ti, int hf_uint32, int hf_uint64, int hf_bytes, int offset, unsigned len)
3844 {
3845 switch (len) {
3846 case 0:
3847 break;
3848 case 1: {
3849 uint8_t val;
3850 val = tvb_get_uint8(tvb, offset);
3851
3852 proto_tree_add_uint(tree, hf_uint32, tvb, offset, len, val);
3853 proto_item_append_text(ti, ": %u", val);
3854 break;
3855 }
3856 case 2: {
3857 uint16_t val;
3858 val = tvb_get_ntohs(tvb, offset);
3859
3860 proto_tree_add_uint(tree, hf_uint32, tvb, offset, len, val);
3861 proto_item_append_text(ti, ": %u", val);
3862 break;
3863 }
3864 case 3: {
3865 uint32_t val;
3866 val = tvb_get_ntoh24(tvb, offset);
3867
3868 proto_tree_add_uint(tree, hf_uint32, tvb, offset, len, val);
3869 proto_item_append_text(ti, ": %u", val);
3870 break;
3871 }
3872 case 4: {
3873 uint32_t val;
3874 val = tvb_get_ntohl(tvb, offset);
3875
3876 proto_tree_add_uint(tree, hf_uint32, tvb, offset, len, val);
3877 proto_item_append_text(ti, ": %u", val);
3878 break;
3879 }
3880 case 5: {
3881 uint64_t val;
3882 val = tvb_get_ntoh40(tvb, offset);
3883
3884 proto_tree_add_uint64_format_value(tree, hf_uint64, tvb, offset, len, val, "%" PRIu64, val);
3885 proto_item_append_text(ti, ": %" PRIu64, val);
3886 break;
3887 }
3888 case 6: {
3889 uint64_t val;
3890 val = tvb_get_ntoh48(tvb, offset);
3891
3892 proto_tree_add_uint64_format_value(tree, hf_uint64, tvb, offset, len, val, "%" PRIu64, val);
3893 proto_item_append_text(ti, ": %" PRIu64, val);
3894 break;
3895 }
3896 case 7: {
3897 uint64_t val;
3898 val = tvb_get_ntoh56(tvb, offset);
3899
3900 proto_tree_add_uint64_format_value(tree, hf_uint64, tvb, offset, len, val, "%" PRIu64, val);
3901 proto_item_append_text(ti, ": %" PRIu64, val);
3902 break;
3903 }
3904 case 8: {
3905 uint64_t val;
3906 val = tvb_get_ntoh64(tvb, offset);
3907
3908 proto_tree_add_uint64_format_value(tree, hf_uint64, tvb, offset, len, val, "%" PRIu64, val);
3909 proto_item_append_text(ti, ": %" PRIu64, val);
3910 break;
3911 }
3912 default:
3913 proto_tree_add_item(tree, hf_bytes, tvb, offset, len, ENC_NA);
3914 proto_item_append_text(ti, ": %" PRIx64 " ...", tvb_get_ntoh64(tvb, offset));
3915 break;
3916 }
3917 }
3918
3919 /* Returns the number of bytes consumed by this attribute. */
3920 static int
3921 dissect_ipsec_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
3922 {
3923 unsigned headerlen, value_len, attr_type;
3924 proto_item *attr_item;
3925 proto_tree *attr_tree;
3926
3927 dissect_attribute_header(tvb, tree, offset,
3928 hf_isakmp_ipsec_attr, ipsec_attr_type,
3929 &headerlen, &value_len, &attr_type,
3930 &attr_item, &attr_tree);
3931
3932 offset += headerlen;
3933
3934 if (value_len == 0)
3935 {
3936 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
3937 return headerlen;
3938 }
3939
3940 switch(attr_type) {
3941 case IPSEC_ATTR_LIFE_TYPE:
3942 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_life_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
3943 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), attr_life_type, "Unknown %d"));
3944 break;
3945 case IPSEC_ATTR_LIFE_DURATION:
3946 dissect_life_duration(tvb, attr_tree, attr_item, hf_isakmp_ipsec_attr_life_duration_uint32, hf_isakmp_ipsec_attr_life_duration_uint64, hf_isakmp_ipsec_attr_life_duration_bytes, offset, value_len);
3947 break;
3948 case IPSEC_ATTR_GROUP_DESC:
3949 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_group_description, tvb, offset, value_len, ENC_BIG_ENDIAN);
3950 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), dh_group, "Unknown %d"));
3951 break;
3952 case IPSEC_ATTR_ENCAP_MODE:
3953 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_encap_mode, tvb, offset, value_len, ENC_BIG_ENDIAN);
3954 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ipsec_attr_encap_mode, "Unknown %d"));
3955 break;
3956 case IPSEC_ATTR_AUTH_ALGORITHM:
3957 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_auth_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN);
3958 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ipsec_attr_auth_algo, "Unknown %d"));
3959 break;
3960 case IPSEC_ATTR_KEY_LENGTH:
3961 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_key_length, tvb, offset, value_len, ENC_BIG_ENDIAN);
3962 proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset));
3963 break;
3964 case IPSEC_ATTR_KEY_ROUNDS:
3965 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_key_rounds, tvb, offset, value_len, ENC_BIG_ENDIAN);
3966 proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset));
3967 break;
3968 case IPSEC_ATTR_CMPR_DICT_SIZE:
3969 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_cmpr_dict_size, tvb, offset, value_len, ENC_BIG_ENDIAN);
3970 break;
3971 case IPSEC_ATTR_CMPR_ALGORITHM:
3972 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_cmpr_algorithm, tvb, offset, value_len, ENC_NA);
3973 break;
3974 case IPSEC_ATTR_ECN_TUNNEL:
3975 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_ecn_tunnel, tvb, offset, value_len, ENC_BIG_ENDIAN);
3976 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ipsec_attr_ecn_tunnel, "Unknown %d"));
3977 break;
3978 case IPSEC_ATTR_EXT_SEQ_NBR:
3979 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_ext_seq_nbr, tvb, offset, value_len, ENC_BIG_ENDIAN);
3980 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ipsec_attr_ext_seq_nbr, "Unknown %d"));
3981 break;
3982 case IPSEC_ATTR_AUTH_KEY_LENGTH:
3983 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_auth_key_length, tvb, offset, value_len, ENC_BIG_ENDIAN);
3984 proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset));
3985 break;
3986 case IPSEC_ATTR_SIG_ENCO_ALGORITHM:
3987 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_sig_enco_algorithm, tvb, offset, value_len, ENC_NA);
3988 break;
3989
3990 case IPSEC_ATTR_ADDR_PRESERVATION:
3991 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_addr_preservation, tvb, offset, value_len, ENC_BIG_ENDIAN);
3992 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ipsec_attr_addr_preservation, "Unknown %d"));
3993 break;
3994
3995 case IPSEC_ATTR_SA_DIRECTION:
3996 proto_tree_add_item(attr_tree, hf_isakmp_ipsec_attr_sa_direction, tvb, offset, value_len, ENC_BIG_ENDIAN);
3997 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ipsec_attr_sa_direction, "Unknown %d"));
3998 default:
3999 /* No Default Action */
4000 break;
4001 }
4002
4003 return headerlen + value_len;
4004 }
4005
4006 /* Returns the number of bytes consumed by this attribute. */
4007 static int
4008 dissect_resp_lifetime_ipsec_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
4009 {
4010 unsigned headerlen, value_len, attr_type;
4011 proto_item *attr_item;
4012 proto_tree *attr_tree;
4013
4014 dissect_attribute_header(tvb, tree, offset,
4015 hf_isakmp_resp_lifetime_ipsec_attr, ipsec_attr_type,
4016 &headerlen, &value_len, &attr_type,
4017 &attr_item, &attr_tree);
4018
4019 offset += headerlen;
4020
4021 if (value_len == 0)
4022 {
4023 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
4024 return headerlen;
4025 }
4026
4027 switch(attr_type) {
4028 case IPSEC_ATTR_LIFE_TYPE:
4029 proto_tree_add_item(attr_tree, hf_isakmp_resp_lifetime_ipsec_attr_life_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
4030 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), attr_life_type, "Unknown %d"));
4031 break;
4032 case IPSEC_ATTR_LIFE_DURATION:
4033 dissect_life_duration(tvb, attr_tree, attr_item, hf_isakmp_resp_lifetime_ipsec_attr_life_duration_uint32, hf_isakmp_resp_lifetime_ipsec_attr_life_duration_uint64, hf_isakmp_resp_lifetime_ipsec_attr_life_duration_bytes, offset, value_len);
4034 break;
4035 default:
4036 /* No Default Action */
4037 break;
4038 }
4039
4040 return headerlen + value_len;
4041 }
4042
4043 /* Returns the number of bytes consumed by this attribute. */
4044 static int
4045 dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, decrypt_data_t *decr)
4046 {
4047 unsigned headerlen, value_len, attr_type;
4048 proto_item *attr_item;
4049 proto_tree *attr_tree;
4050
4051 dissect_attribute_header(tvb, tree, offset,
4052 hf_isakmp_ike_attr, ike_attr_type,
4053 &headerlen, &value_len, &attr_type,
4054 &attr_item, &attr_tree);
4055
4056 offset += headerlen;
4057
4058 if (value_len == 0)
4059 {
4060 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
4061 return headerlen;
4062 }
4063
4064 switch(attr_type) {
4065 case IKE_ATTR_ENCRYPTION_ALGORITHM:
4066 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_encryption_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN);
4067 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_enc_algo, "Unknown %d"));
4068 if (decr) decr->ike_encr_alg = tvb_get_ntohs(tvb, offset);
4069 break;
4070 case IKE_ATTR_HASH_ALGORITHM:
4071 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_hash_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN);
4072 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_hash_algo, "Unknown %d"));
4073 if (decr) decr->ike_hash_alg = tvb_get_ntohs(tvb, offset);
4074 break;
4075 case IKE_ATTR_AUTHENTICATION_METHOD:
4076 /* for GM/T 0022 IPSec VPN specification */
4077 if(decr && (decr->ike_hash_alg == HMAC_SM3 || decr->ike_encr_alg == ENC_SM1_CBC || decr->ike_encr_alg == ENC_SM4_CBC))
4078 {
4079 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_authentication_method_china, tvb, offset, value_len, ENC_BIG_ENDIAN);
4080 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_authmeth_china, "Unknown %d"));
4081
4082 }
4083 else
4084 {
4085 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_authentication_method, tvb, offset, value_len, ENC_BIG_ENDIAN);
4086 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_authmeth, "Unknown %d"));
4087 }
4088 if (decr) decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? true : false;
4089 break;
4090 case IKE_ATTR_GROUP_DESCRIPTION:
4091 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_description, tvb, offset, value_len, ENC_BIG_ENDIAN);
4092 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), dh_group, "Unknown %d"));
4093 if (decr) decr->group = tvb_get_ntohs(tvb, offset);
4094 break;
4095 case IKE_ATTR_GROUP_TYPE:
4096 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
4097 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_grp_type, "Unknown %d"));
4098 break;
4099 case IKE_ATTR_GROUP_PRIME:
4100 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_prime, tvb, offset, value_len, ENC_NA);
4101 break;
4102 case IKE_ATTR_GROUP_GENERATOR_ONE:
4103 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_generator_one, tvb, offset, value_len, ENC_NA);
4104 break;
4105 case IKE_ATTR_GROUP_GENERATOR_TWO:
4106 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_generator_two, tvb, offset, value_len, ENC_NA);
4107 break;
4108 case IKE_ATTR_GROUP_CURVE_A:
4109 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_curve_a, tvb, offset, value_len, ENC_NA);
4110 break;
4111 case IKE_ATTR_GROUP_CURVE_B:
4112 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_curve_b, tvb, offset, value_len, ENC_NA);
4113 break;
4114 case IKE_ATTR_LIFE_TYPE:
4115 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_life_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
4116 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), attr_life_type, "Unknown %d"));
4117 break;
4118 case IKE_ATTR_LIFE_DURATION:
4119 dissect_life_duration(tvb, attr_tree, attr_item, hf_isakmp_ike_attr_life_duration_uint32, hf_isakmp_ike_attr_life_duration_uint64, hf_isakmp_ike_attr_life_duration_bytes, offset, value_len);
4120 break;
4121 case IKE_ATTR_PRF:
4122 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_prf, tvb, offset, value_len, ENC_NA);
4123 break;
4124 case IKE_ATTR_KEY_LENGTH:
4125 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_key_length, tvb, offset, value_len, ENC_BIG_ENDIAN);
4126 proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset));
4127 if (decr) decr->ike_encr_keylen = tvb_get_ntohs(tvb, offset);
4128 break;
4129 case IKE_ATTR_FIELD_SIZE:
4130 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_field_size, tvb, offset, value_len, ENC_NA);
4131 break;
4132 case IKE_ATTR_GROUP_ORDER:
4133 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_order, tvb, offset, value_len, ENC_NA);
4134 break;
4135 case IKE_ATTR_BLOCK_SIZE:
4136 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_block_size, tvb, offset, value_len, ENC_NA);
4137 break;
4138 case IKE_ATTR_ACAT:
4139 proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_asymmetric_cryptographic_algorithm_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
4140 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_asym_algo, "Unknown %d"));
4141 break;
4142 default:
4143 /* No Default Action */
4144 break;
4145 }
4146
4147 return headerlen + value_len;
4148 }
4149
4150 /* Returns the number of bytes consumed by this attribute. */
4151 static int
4152 dissect_resp_lifetime_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
4153 {
4154 unsigned headerlen, value_len, attr_type;
4155 proto_item *attr_item;
4156 proto_tree *attr_tree;
4157
4158 dissect_attribute_header(tvb, tree, offset,
4159 hf_isakmp_resp_lifetime_ike_attr, ike_attr_type,
4160 &headerlen, &value_len, &attr_type,
4161 &attr_item, &attr_tree);
4162
4163 offset += headerlen;
4164
4165 if (value_len == 0)
4166 {
4167 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
4168 return headerlen;
4169 }
4170
4171 switch(attr_type) {
4172 case IKE_ATTR_LIFE_TYPE:
4173 proto_tree_add_item(attr_tree, hf_isakmp_resp_lifetime_ike_attr_life_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
4174 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), attr_life_type, "Unknown %d"));
4175 break;
4176 case IKE_ATTR_LIFE_DURATION:
4177 dissect_life_duration(tvb, attr_tree, attr_item, hf_isakmp_resp_lifetime_ike_attr_life_duration_uint32, hf_isakmp_resp_lifetime_ike_attr_life_duration_uint64, hf_isakmp_resp_lifetime_ike_attr_life_duration_bytes, offset, value_len);
4178 break;
4179 default:
4180 /* No Default Action */
4181 break;
4182 }
4183
4184 return headerlen + value_len;
4185 }
4186
4187 /* Returns the number of bytes consumed by this attribute. */
4188 static int
4189 dissect_ike2_transform_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
4190 {
4191 unsigned headerlen, value_len, attr_type;
4192 proto_item *attr_item;
4193 proto_tree *attr_tree;
4194
4195 dissect_attribute_header(tvb, tree, offset,
4196 hf_isakmp_ike2_attr, transform_ike2_attr_type,
4197 &headerlen, &value_len, &attr_type,
4198 &attr_item, &attr_tree);
4199
4200 offset += headerlen;
4201
4202 if (value_len == 0)
4203 {
4204 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
4205 return headerlen;
4206 }
4207
4208 switch(attr_type) {
4209 case IKE2_ATTR_KEY_LENGTH:
4210 proto_tree_add_item(attr_tree, hf_isakmp_ike2_attr_key_length, tvb, offset, value_len, ENC_BIG_ENDIAN);
4211 proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset));
4212 break;
4213 default:
4214 /* No Default Action */
4215 break;
4216 }
4217
4218 return headerlen + value_len;
4219 }
4220
4221 static void
4222 dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version, int protocol_id, void* decr_data)
4223 {
4224 if (isakmp_version == 1)
4225 {
4226 uint8_t transform_id;
4227 uint8_t transform_num;
4228 decrypt_data_t *decr = (decrypt_data_t *)decr_data;
4229 int offset_end = 0;
4230 offset_end = offset + length;
4231
4232 transform_num = tvb_get_uint8(tvb, offset);
4233 proto_item_append_text(tree," # %d",transform_num);
4234
4235 proto_tree_add_item(tree, hf_isakmp_trans_number, tvb, offset, 1, ENC_BIG_ENDIAN);
4236 offset += 1;
4237
4238 transform_id = tvb_get_uint8(tvb, offset);
4239 switch (protocol_id) {
4240 case 1: /* ISAKMP */
4241 proto_tree_add_uint_format_value(tree, hf_isakmp_trans_id, tvb, offset, 1,
4242 transform_id, "%s (%u)",
4243 val_to_str_const(transform_id, vs_v1_trans_isakmp, "UNKNOWN-TRANS-TYPE"), transform_id);
4244 break;
4245 case 2: /* AH */
4246 proto_tree_add_uint_format_value(tree, hf_isakmp_trans_id, tvb, offset, 1,
4247 transform_id, "%s (%u)",
4248 val_to_str_const(transform_id, vs_v1_trans_ah, "UNKNOWN-AH-TRANS-TYPE"), transform_id);
4249 break;
4250 case 3: /* ESP */
4251 proto_tree_add_uint_format_value(tree, hf_isakmp_trans_id, tvb, offset, 1,
4252 transform_id, "%s (%u)",
4253 val_to_str_const(transform_id, vs_v1_trans_esp, "UNKNOWN-ESP-TRANS-TYPE"), transform_id);
4254 break;
4255 case 4: /* IPCOMP */
4256 proto_tree_add_uint_format_value(tree, hf_isakmp_trans_id, tvb, offset, 1,
4257 transform_id, "%s (%u)",
4258 val_to_str_const(transform_id, transform_id_ipcomp, "UNKNOWN-IPCOMP-TRANS-TYPE"), transform_id);
4259 break;
4260 default:
4261 proto_tree_add_item(tree, hf_isakmp_trans_id, tvb, offset, 1, ENC_BIG_ENDIAN);
4262 break;
4263 }
4264 offset += 1;
4265
4266 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 2, ENC_NA);
4267 offset += 2;
4268
4269 if (protocol_id == 1 && transform_id == 1) {
4270 if (decr) {
4271 /* Allow detection of missing IKE transform attributes:
4272 * Make sure their values are not carried over from another transform
4273 * dissected previously. */
4274 decr->ike_encr_alg = 0;
4275 decr->ike_encr_keylen = 0;
4276 decr->ike_hash_alg = 0;
4277 }
4278 while (offset < offset_end) {
4279 offset += dissect_ike_attribute(tvb, pinfo, tree, offset, decr);
4280 }
4281 }
4282 else {
4283 while (offset < offset_end) {
4284 offset += dissect_ipsec_attribute(tvb, pinfo, tree, offset);
4285 }
4286 }
4287 }
4288 else if(isakmp_version == 2)
4289 {
4290 uint8_t transform_type;
4291 int offset_end = 0;
4292 offset_end = offset + length;
4293
4294 transform_type = tvb_get_uint8(tvb, offset);
4295 proto_tree_add_item(tree, hf_isakmp_trans_type, tvb, offset, 1, ENC_BIG_ENDIAN);
4296 offset += 1;
4297
4298 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 1, ENC_NA);
4299 offset += 1;
4300
4301 switch(transform_type){
4302 case TF_IKE2_ENCR:
4303 proto_tree_add_item(tree, hf_isakmp_trans_encr, tvb, offset, 2, ENC_BIG_ENDIAN);
4304 break;
4305 case TF_IKE2_PRF:
4306 proto_tree_add_item(tree, hf_isakmp_trans_prf, tvb, offset, 2, ENC_BIG_ENDIAN);
4307 break;
4308 case TF_IKE2_INTEG:
4309 proto_tree_add_item(tree, hf_isakmp_trans_integ, tvb, offset, 2, ENC_BIG_ENDIAN);
4310 break;
4311 case TF_IKE2_DH:
4312 proto_tree_add_item(tree, hf_isakmp_trans_dh, tvb, offset, 2, ENC_BIG_ENDIAN);
4313 break;
4314 case TF_IKE2_ESN:
4315 proto_tree_add_item(tree, hf_isakmp_trans_esn, tvb, offset, 2, ENC_BIG_ENDIAN);
4316 break;
4317 default:
4318 proto_tree_add_item(tree, hf_isakmp_trans_id_v2, tvb, offset, 2, ENC_BIG_ENDIAN);
4319 break;
4320 }
4321 offset += 2;
4322
4323 while (offset < offset_end) {
4324 offset += dissect_ike2_transform_attribute(tvb, pinfo, tree, offset);
4325 }
4326 }
4327 }
4328
4329 static void
4330 dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version,
4331 packet_info* pinfo, void* decr_data)
4332 {
4333 if (isakmp_version == 2) {
4334 proto_tree_add_item(tree, hf_isakmp_key_exch_dh_group, tvb, offset, 2, ENC_BIG_ENDIAN);
4335 offset += 2;
4336 length -= 2;
4337
4338 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 2, ENC_NA);
4339 offset += 2;
4340 length -= 2;
4341 }
4342
4343 proto_tree_add_item(tree, hf_isakmp_key_exch_data, tvb, offset, length, ENC_NA);
4344
4345 if (isakmp_version == 1 && decr_data) {
4346 decrypt_data_t *decr = (decrypt_data_t *)decr_data;
4347
4348 if (decr->gi_len == 0 && addresses_equal(&decr->initiator, &pinfo->src)) {
4349 decr->gi = (char *)g_malloc(length);
4350 tvb_memcpy(tvb, decr->gi, offset, length);
4351 decr->gi_len = length;
4352 } else if (decr->gr_len == 0 && !addresses_equal(&decr->initiator, &pinfo->src)) {
4353 decr->gr = (char *)g_malloc(length);
4354 tvb_memcpy(tvb, decr->gr, offset, length);
4355 decr->gr_len = length;
4356 }
4357 }
4358 }
4359
4360 static void
4361 dissect_id_type(tvbuff_t *tvb, int offset, int length, uint8_t id_type, proto_tree *idtree, proto_item *idit, packet_info *pinfo )
4362 {
4363 const uint8_t *str;
4364 asn1_ctx_t asn1_ctx;
4365 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
4366
4367 switch (id_type) {
4368 case IKE_ID_IPV4_ADDR:
4369 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
4370 proto_item_append_text(idit, "%s", tvb_ip_to_str(pinfo->pool, tvb, offset));
4371 break;
4372 case IKE_ID_FQDN:
4373 proto_tree_add_item_ret_string(idtree, hf_isakmp_id_data_fqdn, tvb, offset, length, ENC_ASCII|ENC_NA, pinfo->pool, &str);
4374 proto_item_append_text(idit, "%s", str);
4375 break;
4376 case IKE_ID_USER_FQDN:
4377 proto_tree_add_item_ret_string(idtree, hf_isakmp_id_data_user_fqdn, tvb, offset, length, ENC_ASCII|ENC_NA, pinfo->pool, &str);
4378 proto_item_append_text(idit, "%s", str);
4379 break;
4380 case IKE_ID_IPV4_ADDR_SUBNET:
4381 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
4382 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_subnet, tvb, offset+4, 4, ENC_BIG_ENDIAN);
4383 proto_item_append_text(idit, "%s/%s", tvb_ip_to_str(pinfo->pool, tvb, offset), tvb_ip_to_str(pinfo->pool, tvb, offset+4));
4384 break;
4385 case IKE_ID_IPV4_ADDR_RANGE:
4386 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_range_start, tvb, offset, 4, ENC_BIG_ENDIAN);
4387 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv4_range_end, tvb, offset+4, 4, ENC_BIG_ENDIAN);
4388 proto_item_append_text(idit, "%s/%s", tvb_ip_to_str(pinfo->pool, tvb, offset), tvb_ip_to_str(pinfo->pool, tvb, offset+4));
4389 break;
4390 case IKE_ID_IPV6_ADDR:
4391 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_addr, tvb, offset, 16, ENC_NA);
4392 proto_item_append_text(idit, "%s", tvb_ip6_to_str(pinfo->pool, tvb, offset));
4393 break;
4394 case IKE_ID_IPV6_ADDR_SUBNET:
4395 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_addr, tvb, offset, 16, ENC_NA);
4396 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_subnet, tvb, offset+16, 16, ENC_NA);
4397 proto_item_append_text(idit, "%s/%s", tvb_ip6_to_str(pinfo->pool, tvb, offset), tvb_ip6_to_str(pinfo->pool, tvb, offset+16));
4398 break;
4399 case IKE_ID_IPV6_ADDR_RANGE:
4400 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_range_start, tvb, offset, 16, ENC_NA);
4401 proto_tree_add_item(idtree, hf_isakmp_id_data_ipv6_range_end, tvb, offset+16, 16, ENC_NA);
4402 proto_item_append_text(idit, "%s/%s", tvb_ip6_to_str(pinfo->pool, tvb, offset), tvb_ip6_to_str(pinfo->pool, tvb, offset+16));
4403 break;
4404 case IKE_ID_KEY_ID:
4405 proto_tree_add_item(idtree, hf_isakmp_id_data_key_id, tvb, offset, length, ENC_NA);
4406 break;
4407 case IKE_ID_DER_ASN1_DN:
4408 dissect_x509if_Name(false, tvb, offset, &asn1_ctx, idtree, hf_isakmp_id_data_cert);
4409 break;
4410 default:
4411 proto_item_append_text(idit, "%s", tvb_bytes_to_str(pinfo->pool, tvb,offset,length));
4412 break;
4413 }
4414 }
4415
4416 static void
4417 dissect_id(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
4418 {
4419 uint8_t id_type;
4420 uint8_t protocol_id;
4421 uint16_t port;
4422 proto_item *idit;
4423 proto_tree *idtree;
4424
4425 id_type = tvb_get_uint8(tvb, offset);
4426 if (isakmp_version == 1)
4427 {
4428 proto_tree_add_item(tree, hf_isakmp_id_type_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
4429 }else if (isakmp_version == 2)
4430 {
4431 proto_tree_add_item(tree, hf_isakmp_id_type_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
4432 }
4433 offset += 1;
4434 length -= 1;
4435
4436 if (isakmp_version == 1) {
4437 protocol_id = tvb_get_uint8(tvb, offset);
4438 if (protocol_id == 0)
4439 proto_tree_add_uint_format_value(tree, hf_isakmp_id_protoid, tvb, offset, 1,
4440 protocol_id, "Unused");
4441 else
4442 proto_tree_add_item(tree, hf_isakmp_id_protoid, tvb, offset, 1, ENC_BIG_ENDIAN);
4443
4444 offset += 1;
4445 length -= 1;
4446
4447 port = tvb_get_ntohs(tvb, offset);
4448 if (port == 0)
4449 proto_tree_add_uint_format_value(tree, hf_isakmp_id_port, tvb, offset, 2,
4450 port, "Unused");
4451 else
4452 proto_tree_add_item(tree, hf_isakmp_id_port, tvb, offset, 2, ENC_BIG_ENDIAN);
4453
4454 offset += 2;
4455 length -= 2;
4456
4457 } else if (isakmp_version == 2) {
4458 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 3, ENC_NA);
4459 offset += 3;
4460 length -= 3;
4461 }
4462
4463 /*
4464 * It shows strings of all types though some of types are not
4465 * supported in IKEv2 specification actually.
4466 */
4467 idit = proto_tree_add_item(tree, hf_isakmp_id_data, tvb, offset, length, ENC_NA);
4468 idtree = proto_item_add_subtree(idit, ett_isakmp_id);
4469 dissect_id_type(tvb, offset, length, id_type, idtree, idit, pinfo);
4470 }
4471
4472 static void
4473 dissect_cert(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
4474 {
4475 uint8_t cert_type;
4476 asn1_ctx_t asn1_ctx;
4477 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
4478 cert_type = tvb_get_uint8(tvb, offset);
4479
4480 if (isakmp_version == 1)
4481 {
4482 proto_tree_add_item(tree, hf_isakmp_cert_encoding_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
4483 }else if (isakmp_version == 2)
4484 {
4485 proto_tree_add_item(tree, hf_isakmp_cert_encoding_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
4486 }
4487
4488 offset += 1;
4489 length -= 1;
4490
4491 if (isakmp_version == 1)
4492 {
4493 dissect_x509af_Certificate(false, tvb, offset, &asn1_ctx, tree, hf_isakmp_cert_data);
4494 }else if (isakmp_version == 2)
4495 {
4496 switch(cert_type){
4497 case 12:{
4498 proto_item *ti_url;
4499
4500 proto_tree_add_item(tree, hf_isakmp_cert_x509_hash, tvb, offset, 20, ENC_NA);
4501 offset += 20;
4502 length -= 20;
4503
4504 ti_url = proto_tree_add_item(tree, hf_isakmp_cert_x509_url, tvb, offset, length, ENC_ASCII);
4505 proto_item_set_url(ti_url);
4506 }
4507 break;
4508 default:
4509 dissect_x509af_Certificate(false, tvb, offset, &asn1_ctx, tree, hf_isakmp_cert_data);
4510 break;
4511 }
4512 }
4513
4514 }
4515
4516 static void
4517 dissect_certreq(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, packet_info *pinfo )
4518 {
4519 uint8_t cert_type;
4520 asn1_ctx_t asn1_ctx;
4521 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
4522 cert_type = tvb_get_uint8(tvb, offset);
4523
4524 if (isakmp_version == 1)
4525 {
4526 proto_tree_add_item(tree, hf_isakmp_certreq_type_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
4527 }else if (isakmp_version == 2)
4528 {
4529 proto_tree_add_item(tree, hf_isakmp_certreq_type_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
4530 }
4531
4532 offset += 1;
4533 length -= 1;
4534
4535 if (isakmp_version == 1)
4536 {
4537 if (length == 0)
4538 return;
4539
4540 switch(cert_type){
4541 case 4:
4542 dissect_x509if_Name(false, tvb, offset, &asn1_ctx, tree, hf_isakmp_certreq_authority_sig);
4543 break;
4544 default:
4545 proto_tree_add_item(tree, hf_isakmp_certreq_authority_v1, tvb, offset, length, ENC_NA);
4546 break;
4547 }
4548 }else if (isakmp_version == 2)
4549 {
4550 /* this is a list of 20 byte SHA-1 hashes */
4551 while (length > 0) {
4552 proto_tree_add_item(tree, hf_isakmp_certreq_authority_v2, tvb, offset, 20, ENC_NA);
4553 offset+=20;
4554 length-=20;
4555 }
4556 }
4557 }
4558
4559 static void
4560 dissect_auth(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree)
4561 {
4562 uint32_t auth_meth;
4563 uint32_t asn1_len;
4564 proto_item * ti;
4565 proto_tree * subtree;
4566 proto_tree * asn1tree;
4567
4568 proto_tree_add_item_ret_uint(tree, hf_isakmp_auth_meth, tvb, offset, 1, ENC_BIG_ENDIAN, &auth_meth);
4569 offset += 1;
4570 length -= 1;
4571
4572 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 3, ENC_NA);
4573 offset += 3;
4574 length -= 3;
4575
4576 ti = proto_tree_add_item(tree, hf_isakmp_auth_data, tvb, offset, length, ENC_NA);
4577
4578 if (auth_meth == AUTH_METH_DIGITAL_SIGNATURE) {
4579 subtree = proto_item_add_subtree(ti, ett_isakmp_payload_digital_signature);
4580
4581 proto_tree_add_item_ret_uint(subtree, hf_isakmp_auth_digital_sig_asn1_len, tvb, offset, 1, ENC_BIG_ENDIAN, &asn1_len);
4582 offset += 1;
4583 length -= 1;
4584
4585 /* cast ok, since length was parsed out of one unsigned byte into uint32_t */
4586 if ( (asn1_len > 0) && ((int)asn1_len < length) ) {
4587
4588 ti = proto_tree_add_item(subtree, hf_isakmp_auth_digital_sig_asn1_data, tvb, offset, asn1_len, ENC_NA);
4589 asn1tree = proto_item_add_subtree(ti, ett_isakmp_payload_digital_signature_asn1_data);
4590 dissect_unknown_ber(pinfo, tvb, offset, asn1tree);
4591
4592 offset += asn1_len;
4593 length -= asn1_len;
4594
4595 proto_tree_add_item(subtree, hf_isakmp_auth_digital_sig_value, tvb, offset, length, ENC_NA);
4596 }
4597 }
4598 }
4599
4600 static void
4601 dissect_hash(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
4602 {
4603 proto_tree_add_item(ntree, hf_isakmp_hash, tvb, offset, length, ENC_NA);
4604 }
4605
4606 static void
4607 dissect_sig(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
4608 {
4609 proto_tree_add_item(ntree, hf_isakmp_sig, tvb, offset, length, ENC_NA);
4610 }
4611
4612 static void
4613 dissect_nonce(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
4614 {
4615 proto_tree_add_item(ntree, hf_isakmp_nonce, tvb, offset, length, ENC_NA);
4616 }
4617
4618 static void dissect_symmetric_key(tvbuff_t *tvb, int offset, int length, proto_tree *ntree)
4619 {
4620 proto_tree_add_item(ntree, hf_isakmp_symmetric_key, tvb, offset, length, ENC_NA);
4621 }
4622
4623 static void
4624 // NOLINTNEXTLINE(misc-no-recursion)
4625 dissect_cisco_fragmentation(tvbuff_t *tvb, int offset, int length, proto_tree *tree, packet_info *pinfo)
4626 {
4627 uint8_t seq; /* Packet sequence number, starting from 1 */
4628 uint8_t last;
4629 proto_tree *ptree;
4630 ptree = proto_tree_get_parent(tree);
4631 if (length < 4)
4632 return;
4633
4634 proto_tree_add_item(tree, hf_isakmp_cisco_frag_packetid, tvb, offset, 2, ENC_BIG_ENDIAN);
4635 offset += 2;
4636 seq = tvb_get_uint8(tvb, offset);
4637 proto_tree_add_item(tree, hf_isakmp_cisco_frag_seq, tvb, offset, 1, ENC_BIG_ENDIAN);
4638 offset += 1;
4639 last = tvb_get_uint8(tvb, offset);
4640 proto_tree_add_item(tree, hf_isakmp_cisco_frag_last, tvb, offset, 1, ENC_BIG_ENDIAN);
4641 offset += 1;
4642 /*length-=4;*/
4643
4644 /* Start Reassembly stuff for Cisco IKE fragmentation */
4645 {
4646 bool save_fragmented;
4647 tvbuff_t *defrag_isakmp_tvb;
4648 fragment_head *frag_msg;
4649
4650 save_fragmented = pinfo->fragmented;
4651 pinfo->fragmented = true;
4652 frag_msg = fragment_add_seq_check(&isakmp_cisco_reassembly_table, tvb, offset,
4653 pinfo,
4654 12345, /*FIXME: Fragmented packet id, uint16_t, somehow get CKY here */
4655 NULL,
4656 seq-1, /* fragment sequence number, starting from 0 */
4657 tvb_reported_length_remaining(tvb, offset), /* fragment length - to the end */
4658 !last); /* More fragments? */
4659 defrag_isakmp_tvb = process_reassembled_data(tvb, offset, pinfo,
4660 "Reassembled ISAKMP", frag_msg,
4661 &isakmp_frag_items, /* groups and items, using same as Cisco */
4662 NULL, ptree);
4663
4664 if (last && defrag_isakmp_tvb) { /* take it all */
4665 dissect_isakmp(defrag_isakmp_tvb, pinfo, ptree, NULL);
4666 }
4667 col_append_fstr(pinfo->cinfo, COL_INFO,
4668 " (%sMessage fragment %u%s)",
4669 (last && frag_msg ? "Reassembled + " : ""),
4670 seq, (last ? " - last" : ""));
4671 pinfo->fragmented = save_fragmented;
4672 }
4673 /* End Reassembly stuff for Cisco IKE fragmentation */
4674
4675 }
4676
4677 /* This is RFC7383 reassembly. */
4678 static void
4679 // NOLINTNEXTLINE(misc-no-recursion)
4680 dissect_ikev2_fragmentation(tvbuff_t *tvb, int offset, proto_tree *tree,
4681 packet_info *pinfo, unsigned message_id, uint8_t next_payload, bool is_request, void* decr_info)
4682 {
4683 uint16_t fragment_number, total_fragments;
4684 bool message_next_payload_set = false;
4685 uint8_t message_next_payload = 0;
4686 int iv_len, icd_len;
4687 int iv_offset;
4688 int icd_offset;
4689 ikev2_decrypt_data_t *key_info;
4690
4691 /* Fragment Number */
4692 fragment_number = tvb_get_ntohs(tvb, offset);
4693 total_fragments = tvb_get_ntohs(tvb, offset+2);
4694 proto_tree_add_item(tree, hf_isakmp_ike2_fragment_number, tvb, offset, 2, ENC_BIG_ENDIAN);
4695 offset += 2;
4696 if (fragment_number == 0) {
4697 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_bad_fragment_number, tvb, 0, 0,
4698 "Fragment number must not be zero");
4699 }
4700 else if (fragment_number > total_fragments) {
4701 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_bad_fragment_number, tvb, 0, 0,
4702 "Fragment number (%u) must not be greater than total fragments (%u)",
4703 fragment_number, total_fragments);
4704 }
4705
4706 /* During the first pass, store in the conversation the next_payload */
4707 if (!pinfo->fd->visited && (fragment_number == 1)) {
4708 /* Create/update conversation with message_id -> next_payload */
4709 conversation_t* p_conv = find_or_create_conversation(pinfo);
4710 ikev2_fragmentation_state_t *p_state = wmem_new0(wmem_file_scope(), ikev2_fragmentation_state_t);
4711 p_state->message_id = message_id;
4712 p_state->next_payload = next_payload;
4713
4714 /* Store the state with the conversation */
4715 conversation_add_proto_data(p_conv, proto_isakmp, (void*)p_state);
4716 }
4717
4718 /* Total fragments */
4719 proto_tree_add_item(tree, hf_isakmp_ike2_total_fragments, tvb, offset, 2, ENC_BIG_ENDIAN);
4720 if (total_fragments == 0) {
4721 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_bad_fragment_number, tvb, 0, 0,
4722 "Total fragments must not be zero");
4723 }
4724
4725 /* Show fragment summary in Info column */
4726 col_append_fstr(pinfo->cinfo, COL_INFO, " (fragment %u/%u)", fragment_number, total_fragments);
4727
4728 offset += 2;
4729
4730 /* If this is the last fragment, need to know what the payload type for the reassembled message is,
4731 which was included in the first fragment */
4732 if (fragment_number == total_fragments) {
4733 if (!pinfo->fd->visited) {
4734 /* On first pass, get it from the conversation info */
4735 conversation_t *p_conv = find_conversation_pinfo(pinfo, 0);
4736 if (p_conv != NULL) {
4737 ikev2_fragmentation_state_t *p_state = (ikev2_fragmentation_state_t*)conversation_get_proto_data(p_conv, proto_isakmp);
4738 if (p_state != NULL) {
4739 if (p_state->message_id == message_id) {
4740 message_next_payload = p_state->next_payload;
4741 message_next_payload_set = true;
4742
4743 /* Store in table for this frame for future passes */
4744 g_hash_table_insert(defrag_next_payload_hash, GUINT_TO_POINTER(pinfo->num), GUINT_TO_POINTER((unsigned)message_next_payload));
4745 }
4746 }
4747 }
4748 }
4749 else {
4750 /* On later passes, look up in hash table by frame number */
4751 message_next_payload = (uint8_t)GPOINTER_TO_UINT(g_hash_table_lookup(defrag_next_payload_hash, GUINT_TO_POINTER(pinfo->num)));
4752 if (message_next_payload != 0) {
4753 message_next_payload_set = true;
4754 }
4755 }
4756 }
4757
4758 /* Can only know lengths of following fields if we have the key information */
4759 if (decr_info) {
4760 key_info = (ikev2_decrypt_data_t*)(decr_info);
4761 iv_len = key_info->encr_spec->iv_len;
4762 icd_len = key_info->auth_spec->trunc_len;
4763 }
4764 else {
4765 /* Can't show any more info. */
4766 return;
4767 }
4768
4769 /* Initialization Vector */
4770 iv_offset = offset;
4771 proto_tree_add_item(tree, hf_isakmp_enc_iv, tvb, offset, iv_len, ENC_NA);
4772 offset += iv_len;
4773
4774 icd_offset = offset + tvb_reported_length_remaining(tvb, offset) - icd_len;
4775
4776 /* Encryption data */
4777 proto_tree_add_item(tree, hf_isakmp_enc_data, tvb, offset, icd_offset-offset, ENC_NA);
4778
4779 /* Can only check how much padding there is after decrypting... */
4780
4781 /* Start Reassembly stuff for IKE2 fragmentation */
4782 {
4783 bool save_fragmented;
4784 tvbuff_t *defrag_decrypted_isakmp_tvb;
4785 tvbuff_t *isakmp_decrypted_fragment_tvb;
4786 fragment_head *frag_msg;
4787 uint8_t padding_length;
4788 uint16_t fragment_length;
4789
4790 /* Decrypt but don't dissect this encrypted payload. */
4791 isakmp_decrypted_fragment_tvb = dissect_enc(tvb, iv_offset, tvb_reported_length_remaining(tvb, iv_offset), tree, pinfo,
4792 0, /* Payload type won't be used in this call, and may not know yet */
4793 is_request,
4794 decr_info,
4795 false /* Don't dissect decrypted tvb as not a completed payload */
4796 );
4797
4798 /* Save pinfo->fragmented, will later restore it */
4799 save_fragmented = pinfo->fragmented;
4800 pinfo->fragmented = true;
4801
4802 /* Remove padding length + any padding bytes from reassembled payload */
4803 padding_length = tvb_get_uint8(isakmp_decrypted_fragment_tvb, tvb_reported_length(isakmp_decrypted_fragment_tvb)-1);
4804 fragment_length = tvb_reported_length(isakmp_decrypted_fragment_tvb) - 1 - padding_length;
4805
4806 /* Adding decrypted tvb into reassembly table here */
4807 frag_msg = fragment_add_seq_check(&isakmp_ike2_reassembly_table,
4808 isakmp_decrypted_fragment_tvb,
4809 0, /* offset */
4810 pinfo,
4811 message_id, /* message_id from top-level header */
4812 NULL, /* data? */
4813 fragment_number-1, /* fragment sequence number, starting from 0 */
4814 fragment_length, /* fragment - (padding_length + padding) */
4815 fragment_number < total_fragments); /* More fragments? */
4816
4817 defrag_decrypted_isakmp_tvb = process_reassembled_data(tvb, offset, pinfo,
4818 "Reassembled IKE2 ISAKMP",
4819 frag_msg,
4820 &isakmp_frag_items, /* Tree IDs & items - using same ones as Cisco. */
4821 NULL, tree);
4822
4823 if (defrag_decrypted_isakmp_tvb && key_info && message_next_payload_set) {
4824 /* Completely reassembled - already decrypted - dissect reassembled payload if know next payload type */
4825 col_append_str(pinfo->cinfo, COL_INFO, " (reassembled)");
4826 dissect_payloads(defrag_decrypted_isakmp_tvb, tree,
4827 2, /* Could store with next_payload, but wouldn't be here otherwise.. */
4828 message_next_payload,
4829 0, tvb_reported_length(defrag_decrypted_isakmp_tvb),
4830 pinfo, message_id, is_request, decr_info);
4831 }
4832 /* Restore this flag */
4833 pinfo->fragmented = save_fragmented;
4834 }
4835 /* End Reassembly stuff for IKE2 fragmentation */
4836 }
4837
4838 static void
4839 dissect_notif(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version)
4840 {
4841 uint32_t doi = 0;
4842 uint8_t protocol_id;
4843 uint8_t spi_size;
4844 uint16_t msgtype;
4845 proto_item *data_item;
4846 proto_tree *data_tree;
4847 int offset_end = 0;
4848 offset_end = offset + length;
4849
4850 if (isakmp_version == 1) {
4851 doi = tvb_get_ntohl(tvb, offset);
4852 proto_tree_add_item(tree, hf_isakmp_notify_doi, tvb, offset, 4, ENC_BIG_ENDIAN);
4853 offset += 4;
4854 length -= 4;
4855 }
4856
4857 protocol_id = tvb_get_uint8(tvb, offset);
4858 if (isakmp_version == 1)
4859 {
4860 proto_tree_add_item(tree, hf_isakmp_notify_protoid_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
4861 }else if (isakmp_version == 2)
4862 {
4863 proto_tree_add_item(tree, hf_isakmp_notify_protoid_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
4864 }
4865 offset += 1;
4866 length -= 1;
4867
4868 spi_size = tvb_get_uint8(tvb, offset);
4869 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, ENC_BIG_ENDIAN);
4870 offset += 1;
4871 length -= 1;
4872
4873 msgtype = tvb_get_ntohs(tvb, offset);
4874
4875 if (isakmp_version == 1)
4876 {
4877 proto_tree_add_item(tree, hf_isakmp_notify_msgtype_v1, tvb, offset, 2, ENC_BIG_ENDIAN);
4878 }else if (isakmp_version == 2)
4879 {
4880 if ((msgtype < 8192) || (msgtype > 16383 && msgtype < 40959 )) {
4881 /* Standard error and status types */
4882 proto_tree_add_uint_format_value(tree, hf_isakmp_notify_msgtype_v2, tvb, offset, 2, msgtype, "%s (%u)",
4883 rval_to_str_const(msgtype, notifmsg_v2_type, "Unknown"), msgtype);
4884 proto_item_append_text(tree, " - %s",
4885 rval_to_str_const(msgtype,
4886 notifmsg_v2_type,
4887 "Unknown"));
4888 } else {
4889 /* Private error and status types */
4890 proto_tree_add_uint_format_value(tree, hf_isakmp_notify_msgtype_v2, tvb, offset, 2, msgtype, "%s (%u)",
4891 rval_to_str_const(msgtype, notifmsg_v2_3gpp_type, "Unknown"), msgtype);
4892 proto_item_append_text(tree, " - %s",
4893 rval_to_str_const(msgtype,
4894 notifmsg_v2_3gpp_type,
4895 "Unknown"));
4896 }
4897 }
4898 offset += 2;
4899 length -= 2;
4900
4901 if (spi_size) {
4902 proto_tree_add_item(tree, hf_isakmp_spi, tvb, offset, spi_size, ENC_NA);
4903 offset += spi_size;
4904 length -= spi_size;
4905 }
4906
4907 /* Notification Data */
4908
4909 data_item = proto_tree_add_item(tree, hf_isakmp_notify_data, tvb, offset, length, ENC_NA);
4910 data_tree = proto_item_add_subtree(data_item, ett_isakmp_notify_data);
4911
4912 if (isakmp_version == 1)
4913 {
4914 switch (msgtype) {
4915 case 24576: /* RESPONDER LIFETIME */
4916 if (protocol_id == 1) {
4917 /* Phase 1 */
4918 while (offset < offset_end) {
4919 offset += dissect_resp_lifetime_ike_attribute(tvb, pinfo, data_tree, offset);
4920 }
4921 } else if (protocol_id > 1 && doi == 1) {
4922 /* Phase 2, IPsec DOI */
4923 while (offset < offset_end) {
4924 offset += dissect_resp_lifetime_ipsec_attribute(tvb, pinfo, data_tree, offset);
4925 }
4926 }
4927 break;
4928 case 36136: /* DPD ARE YOU THERE */
4929 proto_tree_add_item(tree, hf_isakmp_notify_data_dpd_are_you_there, tvb, offset, length, ENC_BIG_ENDIAN);
4930 break;
4931 case 36137: /* DPD ARE YOU THERE ACK */
4932 proto_tree_add_item(tree, hf_isakmp_notify_data_dpd_are_you_there_ack, tvb, offset, length, ENC_BIG_ENDIAN);
4933 break;
4934 case 40501: /* UNITY Load Balance */
4935 proto_tree_add_item(tree, hf_isakmp_notify_data_unity_load_balance, tvb, offset, length, ENC_BIG_ENDIAN);
4936 break;
4937 default:
4938 /* No Default Action */
4939 break;
4940 }
4941
4942 } else if (isakmp_version == 2)
4943 {
4944 switch(msgtype){
4945 case 17: /* INVALID_KE_PAYLOAD */
4946 proto_tree_add_item(tree, hf_isakmp_notify_data_accepted_dh_group, tvb, offset, 2, ENC_BIG_ENDIAN);
4947 break;
4948 case 16387: /* IPCOMP_SUPPORTED */
4949 proto_tree_add_item(tree, hf_isakmp_notify_data_ipcomp_cpi, tvb, offset, 2, ENC_BIG_ENDIAN);
4950 proto_tree_add_item(tree, hf_isakmp_notify_data_ipcomp_transform_id, tvb, offset+2, 1, ENC_BIG_ENDIAN);
4951 break;
4952 case 16403: /* AUTH_LIFETIME" */
4953 {
4954 uint32_t hours;
4955 uint32_t minutes;
4956 uint32_t seconds;
4957 uint32_t durations_seconds;
4958
4959 durations_seconds = tvb_get_uint32(tvb, offset, ENC_BIG_ENDIAN);
4960
4961 hours = durations_seconds / 3600;
4962 minutes = (durations_seconds % 3600) / 60;
4963 seconds = (durations_seconds % 3600) % 60;
4964
4965 proto_tree_add_uint_format_value(tree, hf_isakmp_notify_data_auth_lifetime, tvb, offset, length, durations_seconds,
4966 "%u seconds (%u hour(s) %02u minute(s) %02u second(s))", durations_seconds, hours, minutes, seconds);
4967 break;
4968 }
4969 case 16407: /* REDIRECT */
4970 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_type, tvb, offset, 1, ENC_BIG_ENDIAN);
4971 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_len, tvb, offset+1, 1, ENC_BIG_ENDIAN);
4972 switch(tvb_get_uint8(tvb, offset)){ /* Ident Type ? */
4973 case 1:
4974 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv4, tvb, offset+2, 4, ENC_BIG_ENDIAN);
4975 break;
4976 case 2:
4977 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv6, tvb, offset+2, 16, ENC_NA);
4978 break;
4979 case 3:
4980 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident_fqdn, tvb, offset+2, tvb_get_uint8(tvb,offset+1), ENC_ASCII);
4981 break;
4982 default :
4983 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_new_resp_gw_ident, tvb, offset+2, tvb_get_uint8(tvb,offset+1), ENC_NA);
4984 break;
4985 }
4986 length -= tvb_get_uint8(tvb, offset+1) + 2;
4987 offset += tvb_get_uint8(tvb, offset+1) + 2;
4988 if(length)
4989 {
4990 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_nonce_data, tvb, offset, length, ENC_NA);
4991 }
4992 break;
4993 case 16408: /* REDIRECT_FROM */
4994 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_type, tvb, offset, 1, ENC_BIG_ENDIAN);
4995 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_gw_ident_len, tvb, offset+1, 1, ENC_BIG_ENDIAN);
4996 switch(tvb_get_uint8(tvb, offset)){ /* Ident Type ? */
4997 case 1:
4998 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv4, tvb, offset+2, 4, ENC_BIG_ENDIAN);
4999 break;
5000 case 2:
5001 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv6, tvb, offset+2, 16, ENC_NA);
5002 break;
5003 default :
5004 proto_tree_add_item(tree, hf_isakmp_notify_data_redirect_org_resp_gw_ident, tvb, offset+2, tvb_get_uint8(tvb,offset+1), ENC_NA);
5005 break;
5006 }
5007 break;
5008 case 16409: /* TICKET_LT_OPAQUE */
5009 proto_tree_add_item(tree, hf_isakmp_notify_data_ticket_lifetime, tvb, offset, 4, ENC_BIG_ENDIAN);
5010 offset += 4;
5011 length -= 4;
5012 proto_tree_add_item(tree, hf_isakmp_notify_data_ticket_data, tvb, offset, length, ENC_NA);
5013 break;
5014 case 16413: /* TICKET_OPAQUE */
5015 proto_tree_add_item(tree, hf_isakmp_notify_data_ticket_data, tvb, offset, length, ENC_NA);
5016 break;
5017 case 16416: /* ROHC_SUPPORTED */
5018 while (offset < offset_end) {
5019 offset += dissect_rohc_attribute(tvb, pinfo, tree, offset);
5020 }
5021 break;
5022 case 16419: /* QUICK_CRASH_DETECTION */
5023 proto_tree_add_item(tree, hf_isakmp_notify_data_qcd_token_secret_data, tvb, offset, length, ENC_NA);
5024 break;
5025 case 16422: /* IKEV2_MESSAGE_ID_SYNC */
5026 proto_tree_add_item(tree, hf_isakmp_notify_data_ha_nonce_data, tvb, offset, 4, ENC_BIG_ENDIAN);
5027 offset += 4;
5028 proto_tree_add_item(tree, hf_isakmp_notify_data_ha_expected_send_req_msg_id, tvb, offset, 4, ENC_BIG_ENDIAN);
5029 offset += 4;
5030 proto_tree_add_item(tree, hf_isakmp_notify_data_ha_expected_recv_req_msg_id, tvb, offset, 4, ENC_BIG_ENDIAN);
5031 break;
5032 case 16423: /* IPSEC_REPLAY_COUNTER_SYNC */
5033 proto_tree_add_item(tree, hf_isakmp_notify_data_ha_incoming_ipsec_sa_delta_value, tvb, offset, length, ENC_NA);
5034 break;
5035 case 16424: /* SECURE_PASSWORD_METHODS */
5036 proto_tree_add_item(tree, hf_isakmp_notify_data_secure_password_methods, tvb, offset, length, ENC_NA);
5037 break;
5038 case 16431: /*SIGNATURE_HASH_ALGORITHMS*/
5039 while(offset < offset_end) {
5040 proto_tree_add_item(tree, hf_isakmp_notify_data_signature_hash_algorithms, tvb, offset, 2, ENC_BIG_ENDIAN);
5041 offset += 2;
5042 }
5043 break;
5044 case 41041:
5045 /* private status 3GPP BACKOFF_TIMER*/
5046 proto_tree_add_item(tree, hf_isakmp_notify_data_3gpp_backoff_timer_len, tvb, offset, 1, ENC_BIG_ENDIAN);
5047 offset++;
5048 de_gc_timer3(tvb, tree, pinfo, offset, 1, NULL, 0);
5049 break;
5050 case 41101: /* DEVICE_IDENTITY */
5051 if(length>=3) {
5052 uint64_t octet;
5053 uint32_t bit_offset;
5054
5055 /* As specified in 3GPP TS 24.302 (Section 8.2.9.2) */
5056 /* Payload Octet 5,6 - Identity length */
5057 proto_tree_add_item(tree, hf_isakmp_notify_data_3gpp_device_identity_len, tvb, offset, 2, ENC_BIG_ENDIAN);
5058 offset += 2;
5059
5060 bit_offset = offset<<3;
5061 bit_offset += 6;
5062
5063 /* Payload Octet 7 - Identity type */
5064 proto_tree_add_bits_ret_val(tree, hf_isakmp_notify_data_3gpp_device_identity_type, tvb, bit_offset, 2, &octet, ENC_BIG_ENDIAN);
5065
5066 offset += 1;
5067 length -= 3;
5068
5069 if(length==0) {
5070 break;
5071 }
5072
5073 /* Payload Octet 8-n - Identity value */
5074 switch (octet) {
5075 case 1:
5076 /* IMEI */
5077 proto_tree_add_item(tree, hf_isakmp_notify_data_3gpp_device_identity_imei, tvb, offset, length, ENC_BCD_DIGITS_0_9|ENC_LITTLE_ENDIAN);
5078 break;
5079 case 2:
5080 /* IMEISV */
5081 proto_tree_add_item(tree, hf_isakmp_notify_data_3gpp_device_identity_imeisv, tvb, offset, length, ENC_BCD_DIGITS_0_9|ENC_LITTLE_ENDIAN);
5082 break;
5083 default:
5084 proto_tree_add_expert(tree, pinfo, &ei_isakmp_notify_data_3gpp_unknown_device_identity, tvb, offset, length);
5085 break;
5086 }
5087 }
5088 break;
5089 case 41134:
5090 /* private status 3GPP EMERGENCY_CALL_NUMBERS*/
5091 /* If Notify Data is not empty/missing */
5092 if(length>0)
5093 {
5094 /* As specified in 3GPP TS 23.302 (Section 8.1.2.3) and TS 24.008 (Section 10.5.3.13) */
5095 proto_tree *em_call_num_tree;
5096
5097 /* Main Payload Subtree */
5098 em_call_num_tree = proto_tree_add_subtree(tree, tvb, offset, length, ett_isakmp_notify_data_3gpp_emergency_call_numbers_main, NULL, "Emergency Call Numbers");
5099
5100 /* Payload Octet 5 - Length of IE Contents */
5101 proto_tree_add_item(em_call_num_tree, hf_isakmp_notify_data_3gpp_emergency_call_numbers_len, tvb, offset, 1, ENC_BIG_ENDIAN);
5102 offset += 1;
5103
5104 /* Subtree for actual values */
5105 proto_tree *current_emergency_call_number_tree;
5106
5107 while(offset<offset_end){
5108 uint8_t current_em_num_len = tvb_get_uint8(tvb,offset)+1; //Total length including octets 3 and 4 for proper highlighting
5109
5110 /* Subtree for elements*/
5111 current_emergency_call_number_tree = proto_tree_add_subtree(em_call_num_tree, tvb, offset, current_em_num_len, ett_isakmp_notify_data_3gpp_emergency_call_numbers_element, NULL, "Emergency Number");
5112
5113 /*IE Octet 3 Number of octets used to encode the Emergency Service Category Value and the Number digits. */
5114 proto_tree_add_item(current_emergency_call_number_tree, hf_isakmp_notify_data_3gpp_emergency_call_numbers_element_len,tvb,offset,1,ENC_BIG_ENDIAN);
5115 offset += 1;
5116
5117 /*IE Octet 4 |Spare=0|Spare=0|Spare=0|Emergency Service Category Value|
5118 * Bits 1 to 5 are coded as bits 1 to 5 of octet 3 of the Service Category
5119 * information element as specified in subclause 10.5.4.33. (TS 24.008)
5120 */
5121 static int * const isakmp_notify_data_3gpp_emergency_call_numbers_flags[] = {
5122 &hf_isakmp_notify_data_3gpp_emergency_call_numbers_spare,
5123 &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b5_mountain_rescue,
5124 &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b4_marine_guard,
5125 &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b3_fire_brigade,
5126 &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b2_ambulance,
5127 &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b1_police,
5128 NULL
5129 };
5130 proto_tree_add_bitmask_with_flags(current_emergency_call_number_tree, tvb, offset, hf_isakmp_notify_data_3gpp_emergency_call_numbers_flags,
5131 ett_isakmp_notify_data_3gpp_emergency_call_numbers_element, isakmp_notify_data_3gpp_emergency_call_numbers_flags,ENC_BIG_ENDIAN, BMT_NO_FALSE | BMT_NO_INT | BMT_NO_TFS);
5132 offset += 1;
5133
5134 /*IE Octet 5 to j | Digit_N+1 | Digit_N | */
5135 current_em_num_len -= 2; //Not counting octets 3 and 4
5136 proto_tree_add_item(current_emergency_call_number_tree, hf_iskamp_notify_data_3gpp_emergency_call_number, tvb, offset, current_em_num_len, ENC_BCD_DIGITS_0_9|ENC_LITTLE_ENDIAN);
5137 offset += current_em_num_len; //moving to the next number in the list
5138 }
5139 }
5140 break;
5141 case 61520: /* Network Overlay ID (Fortinet) */
5142 proto_tree_add_item(tree, hf_isakmp_notify_data_fortinet_network_overlay_id, tvb, offset, length, ENC_BIG_ENDIAN);
5143 break;
5144 default:
5145 /* No Default Action */
5146 break;
5147 }
5148 }
5149 }
5150
5151 static void
5152 dissect_delete(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version)
5153 {
5154 uint8_t spi_size;
5155
5156 if (isakmp_version == 1) {
5157 proto_tree_add_item(tree, hf_isakmp_delete_doi, tvb, offset, 4, ENC_BIG_ENDIAN);
5158 offset += 4;
5159 length -= 4;
5160 }
5161
5162
5163 if (isakmp_version == 1)
5164 {
5165 proto_tree_add_item(tree, hf_isakmp_delete_protoid_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
5166 }else if (isakmp_version == 2)
5167 {
5168 proto_tree_add_item(tree, hf_isakmp_delete_protoid_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
5169 }
5170
5171 offset += 1;
5172 length -= 1;
5173
5174 spi_size = tvb_get_uint8(tvb, offset);
5175 proto_tree_add_item(tree, hf_isakmp_spisize, tvb, offset, 1, ENC_BIG_ENDIAN);
5176 offset += 1;
5177 length -= 1;
5178
5179 proto_tree_add_item(tree, hf_isakmp_num_spis, tvb, offset, 2, ENC_BIG_ENDIAN);
5180 offset += 2;
5181 length -= 2;
5182
5183 if (spi_size > 0) {
5184 while (length > 0) {
5185 proto_tree_add_item(tree, hf_isakmp_delete_spi, tvb, offset, spi_size, ENC_NA);
5186 offset+=spi_size;
5187 length-=spi_size;
5188 }
5189 }
5190 }
5191
5192
5193 static int
5194 dissect_vid(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
5195 {
5196 const uint8_t * pVID;
5197 const char * vendorstring;
5198
5199 pVID = tvb_get_ptr(tvb, offset, length);
5200
5201 vendorstring = bytesprefix_to_str(pVID, (size_t)length, vendor_id, "Unknown Vendor ID");
5202 proto_tree_add_item(tree, hf_isakmp_vid_bytes, tvb, offset, length, ENC_NA);
5203 proto_tree_add_string(tree, hf_isakmp_vid_string, tvb, offset, length, vendorstring);
5204 proto_item_append_text(tree," : %s", vendorstring);
5205
5206 /* very old CryptPro/GOST (Check Point R65) VID */
5207 if (length >= 24 && memcmp(pVID, VID_CP_01_R65, 20) == 0)
5208 {
5209 offset += 20;
5210 proto_tree_add_item(tree, hf_isakmp_vid_cp_product, tvb, offset, 4, ENC_BIG_ENDIAN);
5211 offset +=4;
5212 proto_tree_add_item(tree, hf_isakmp_vid_cp_version, tvb, offset, 4, ENC_BIG_ENDIAN);
5213 offset +=4;
5214 proto_tree_add_item(tree, hf_isakmp_vid_cp_timestamp, tvb, offset, 4, ENC_BIG_ENDIAN);
5215 offset +=4;
5216 proto_tree_add_item(tree, hf_isakmp_vid_cp_reserved, tvb, offset, 4, ENC_BIG_ENDIAN);
5217 offset +=4;
5218 proto_tree_add_item(tree, hf_isakmp_vid_cp_features, tvb, offset, 4, ENC_BIG_ENDIAN);
5219 offset +=4;
5220 }
5221
5222 /* Cisco Unity VID */
5223 if (length >= 14 && memcmp(pVID, VID_CISCO_UNITY, 14) == 0)
5224 {
5225 offset += 14;
5226 proto_tree_add_item(tree, hf_isakmp_vid_cisco_unity_major, tvb, offset, 1, ENC_BIG_ENDIAN);
5227 proto_item_append_text(tree, " %u", tvb_get_uint8(tvb,offset));
5228 offset += 1;
5229 proto_tree_add_item(tree, hf_isakmp_vid_cisco_unity_minor, tvb, offset, 1, ENC_BIG_ENDIAN);
5230 proto_item_append_text(tree, ".%u", tvb_get_uint8(tvb,offset));
5231 offset += 1;
5232 }
5233
5234 /* VID_MS_NT5_ISAKMPOAKLEY */
5235 if (length >= 16 && memcmp(pVID, VID_MS_NT5_ISAKMPOAKLEY, 16) == 0)
5236 {
5237 offset += 16;
5238 proto_tree_add_item(tree, hf_isakmp_vid_ms_nt5_isakmpoakley, tvb, offset, 4, ENC_BIG_ENDIAN);
5239 offset += 4;
5240 }
5241
5242 /* VID_ARUBA_VIA_AUTH_PROFILE */
5243 if (length >= 19 && memcmp(pVID, VID_ARUBA_VIA_AUTH_PROFILE, 19) == 0)
5244 {
5245 offset += 19;
5246 proto_tree_add_item(tree, hf_isakmp_vid_aruba_via_auth_profile, tvb, offset, length-19, ENC_ASCII);
5247 offset += 4;
5248 }
5249
5250 /* VID_FORTIGATE (Fortinet) */
5251 if (length >= 12 && memcmp(pVID, VID_FORTINET_FORTIGATE, 12) == 0)
5252 {
5253 offset += 12;
5254 proto_tree_add_item(tree, hf_isakmp_vid_fortinet_fortigate_release, tvb, offset, 2, ENC_ASCII|ENC_NA);
5255 offset += 2;
5256 proto_tree_add_item(tree, hf_isakmp_vid_fortinet_fortigate_build, tvb, offset, 2, ENC_ASCII|ENC_NA);
5257 offset += 2;
5258 }
5259 return offset;
5260 }
5261
5262 /* Returns the number of bytes consumed by this attribute. */
5263 static int
5264 dissect_config_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int isakmp_version, bool is_request)
5265 {
5266 const range_string *vs_cfgattr;
5267 unsigned headerlen, value_len, attr_type;
5268 proto_item *attr_item;
5269 proto_tree *attr_tree;
5270 unsigned i;
5271 const uint8_t* str;
5272
5273 if (isakmp_version == 1) {
5274 vs_cfgattr = vs_v1_cfgattr;
5275 hf_isakmp_cfg_attr.type = hf_isakmp_cfg_attr_type_v1;
5276 } else if (isakmp_version == 2) {
5277 vs_cfgattr = vs_v2_cfgattr;
5278 hf_isakmp_cfg_attr.type = hf_isakmp_cfg_attr_type_v2;
5279 } else {
5280 /* Fail gracefully in case of an unsupported isakmp_version. */
5281 return 4;
5282 }
5283
5284 dissect_attribute_header(tvb, tree, offset,
5285 hf_isakmp_cfg_attr, vs_cfgattr,
5286 &headerlen, &value_len, &attr_type,
5287 &attr_item, &attr_tree);
5288
5289 offset += headerlen;
5290
5291 if (value_len == 0)
5292 {
5293 /* Don't complain about zero length if part of a config request - values will be assigned and included in the response message */
5294 if (!is_request) {
5295 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
5296 }
5297 return headerlen;
5298 }
5299
5300 switch (attr_type) {
5301 case INTERNAL_IP4_ADDRESS: /* 1 */
5302 if (value_len % 4 == 0)
5303 {
5304 for (i = 0; i < value_len / 4; i++)
5305 {
5306 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_address, tvb, offset, 4, ENC_BIG_ENDIAN);
5307 offset += 4;
5308 }
5309 }
5310 break;
5311 case INTERNAL_IP4_NETMASK: /* 2 */
5312 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_netmask, tvb, offset, 4, ENC_BIG_ENDIAN);
5313 break;
5314 case INTERNAL_IP4_DNS: /* 3 */
5315 if (value_len % 4 == 0)
5316 {
5317 for (i = 0; i < value_len / 4; i++)
5318 {
5319 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_dns, tvb, offset, 4, ENC_BIG_ENDIAN);
5320 offset += 4;
5321 }
5322 }
5323 break;
5324 case INTERNAL_IP4_NBNS: /* 4 */
5325 if (value_len % 4 == 0)
5326 {
5327 for (i = 0; i < value_len / 4; i++)
5328 {
5329 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_nbns, tvb, offset, 4, ENC_BIG_ENDIAN);
5330 offset += 4;
5331 }
5332 }
5333 break;
5334 case INTERNAL_ADDRESS_EXPIRY: /* 5 */
5335 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_address_expiry, tvb, offset, 4, ENC_BIG_ENDIAN);
5336 break;
5337 case INTERNAL_IP4_DHCP: /* 6 */
5338 if (value_len % 4 == 0)
5339 {
5340 for (i = 0; i < value_len / 4; i++)
5341 {
5342 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_dhcp, tvb, offset, 4, ENC_BIG_ENDIAN);
5343 offset += 4;
5344 }
5345 }
5346 break;
5347 case APPLICATION_VERSION: /* 7 */
5348 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_application_version, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5349 proto_item_append_text(attr_item, ": %s", str);
5350 break;
5351 case INTERNAL_IP6_ADDRESS: /* 8 */
5352 if (value_len % 17 == 0)
5353 {
5354 for (i = 0; i < value_len / 17; i++)
5355 {
5356 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_address_ip, tvb, offset, 16, ENC_NA);
5357 offset += 16;
5358 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_address_prefix, tvb, offset, 1, ENC_BIG_ENDIAN);
5359 offset += 1;
5360 }
5361 }
5362 break;
5363 case INTERNAL_IP6_NETMASK: /* 9 Only in IKEv1 */
5364 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_netmask, tvb, offset, 18, ENC_NA);
5365 break;
5366 case INTERNAL_IP6_DNS: /* 10 */
5367 if (value_len % 16 == 0)
5368 {
5369 for (i = 0; i < value_len / 16; i++)
5370 {
5371 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_dns, tvb, offset, 16, ENC_NA);
5372 offset += 16;
5373 }
5374 }
5375 break;
5376 case INTERNAL_IP6_NBNS: /* 11 */
5377 if (value_len % 16 == 0)
5378 {
5379 for (i = 0; i < value_len / 16; i++)
5380 {
5381 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_nbns, tvb, offset, 16, ENC_NA);
5382 offset += 16;
5383 }
5384 }
5385 break;
5386 case INTERNAL_IP6_DHCP: /* 12 */
5387 if (value_len % 16 == 0)
5388 {
5389 for (i = 0; i < value_len / 16; i++)
5390 {
5391 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_dhcp, tvb, offset, 16, ENC_NA);
5392 offset += 16;
5393 }
5394 }
5395 break;
5396 case INTERNAL_IP4_SUBNET: /* 13 */
5397 if (value_len % 8 == 0)
5398 {
5399 for (i = 0; i < value_len / 8; i++)
5400 {
5401 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_subnet_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
5402 offset += 4;
5403 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip4_subnet_netmask, tvb, offset, 4, ENC_BIG_ENDIAN);
5404 offset += 4;
5405 }
5406 }
5407 break;
5408 case SUPPORTED_ATTRIBUTES: /* 14 */
5409 if (value_len % 2 == 0)
5410 {
5411 for (i = 0; i < value_len / 2; i++)
5412 {
5413 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_supported_attributes, tvb, offset, 2, ENC_BIG_ENDIAN);
5414 offset += 2;
5415 }
5416 }
5417 break;
5418 case INTERNAL_IP6_SUBNET: /* 15 */
5419 if (value_len % 17 == 0)
5420 {
5421 for (i = 0; i < value_len / 17; i++)
5422 {
5423 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_subnet_ip, tvb, offset, 16, ENC_NA);
5424 offset += 16;
5425 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_subnet_prefix, tvb, offset, 1, ENC_BIG_ENDIAN);
5426 offset += 1;
5427 }
5428 }
5429 break;
5430 case INTERNAL_IP6_LINK: /* 17 */
5431 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_link_interface, tvb, offset, 8, ENC_BIG_ENDIAN);
5432 offset += 8;
5433 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_link_id, tvb, offset, value_len - 8, ENC_NA);
5434 break;
5435 case INTERNAL_IP6_PREFIX: /* 18 */
5436 if (value_len % 17 == 0)
5437 {
5438 for (i = 0; i < value_len / 17; i++)
5439 {
5440 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_prefix_ip, tvb, offset, 16, ENC_NA);
5441 offset += 16;
5442 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_internal_ip6_prefix_length, tvb, offset, 1, ENC_BIG_ENDIAN);
5443 offset += 1;
5444 }
5445 }
5446 break;
5447 case P_CSCF_IP4_ADDRESS: /* 20 */
5448 if (value_len % 4 == 0)
5449 {
5450 for (i = 0; i < value_len / 4; i++)
5451 {
5452 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_p_cscf_ip4_address, tvb, offset, 4, ENC_BIG_ENDIAN);
5453 offset += 4;
5454 }
5455 }
5456 break;
5457 case P_CSCF_IP6_ADDRESS: /* 21 */
5458 if (value_len % 16 == 0)
5459 {
5460 for (i = 0; i < value_len / 16; i++)
5461 {
5462 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_p_cscf_ip6_address, tvb, offset, 16, ENC_NA);
5463 offset += 16;
5464 }
5465 }
5466 break;
5467 case XAUTH_TYPE: /* 16520 */
5468 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_xauth_type, tvb, offset, value_len, ENC_BIG_ENDIAN);
5469 proto_item_append_text(attr_item, ": %s", rval_to_str(tvb_get_ntohs(tvb, offset), cfgattr_xauth_type, "Unknown %d"));
5470 break;
5471 case XAUTH_USER_NAME: /* 16521 */
5472 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_user_name, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5473 proto_item_append_text(attr_item, ": %s", str);
5474 break;
5475 case XAUTH_USER_PASSWORD: /* 16522 */
5476 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_user_password, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5477 proto_item_append_text(attr_item, ": %s", str);
5478 break;
5479 case XAUTH_PASSCODE: /* 16523 */
5480 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_passcode, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5481 proto_item_append_text(attr_item, ": %s", str);
5482 break;
5483 case XAUTH_MESSAGE: /* 16524 */
5484 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_message, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5485 proto_item_append_text(attr_item, ": %s", str);
5486 break;
5487 case XAUTH_CHALLENGE: /* 16525 */
5488 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_challenge, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5489 proto_item_append_text(attr_item, ": %s", str);
5490 break;
5491 case XAUTH_DOMAIN: /* 16526 */
5492 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_domain, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5493 proto_item_append_text(attr_item, ": %s", str);
5494 break;
5495 case XAUTH_STATUS: /* 16527 */
5496 proto_tree_add_item(attr_tree, hf_isakmp_cfg_attr_xauth_status, tvb, offset, value_len, ENC_BIG_ENDIAN);
5497 proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), cfgattr_xauth_status, "Unknown %d"));
5498 break;
5499 case XAUTH_NEXT_PIN: /* 16528 */
5500 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_next_pin, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5501 proto_item_append_text(attr_item, ": %s", str);
5502 break;
5503 case XAUTH_ANSWER: /* 16527 */
5504 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_xauth_answer, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5505 proto_item_append_text(attr_item, ": %s", str);
5506 break;
5507
5508 case UNITY_BANNER: /* 28672 */
5509 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_unity_banner, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5510 proto_item_append_text(attr_item, ": %s", str);
5511 break;
5512 case UNITY_DEF_DOMAIN: /* 28674 */
5513 proto_tree_add_item_ret_string(attr_tree, hf_isakmp_cfg_attr_unity_def_domain, tvb, offset, value_len, ENC_ASCII|ENC_NA, pinfo->pool, &str);
5514 proto_item_append_text(attr_item, ": %s", str);
5515 break;
5516 /* TODO: Support other UNITY Attributes ! */
5517 default:
5518 /* No Default Action */
5519 break;
5520 }
5521
5522 return headerlen + value_len;
5523 }
5524
5525 static void
5526 dissect_config(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version, bool is_request)
5527 {
5528 int offset_end = 0;
5529 offset_end = offset + length;
5530 if (isakmp_version == 1) {
5531
5532 proto_tree_add_item(tree, hf_isakmp_cfg_type_v1,tvb, offset, 1, ENC_BIG_ENDIAN);
5533 offset += 1;
5534
5535 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 1, ENC_NA);
5536 offset += 1;
5537
5538 proto_tree_add_item(tree, hf_isakmp_cfg_identifier, tvb, offset, 2, ENC_BIG_ENDIAN);
5539 offset += 2;
5540
5541 } else if (isakmp_version == 2) {
5542
5543 proto_tree_add_item(tree, hf_isakmp_cfg_type_v2,tvb, offset, 1, ENC_BIG_ENDIAN);
5544 offset += 1;
5545
5546 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 3, ENC_NA);
5547 offset += 3;
5548
5549 } else {
5550 /* Skip attribute dissection for unknown IKE versions. */
5551 return;
5552 }
5553
5554 while (offset < offset_end) {
5555 offset += dissect_config_attribute(tvb, pinfo, tree, offset, isakmp_version, is_request);
5556 }
5557 }
5558
5559 static void
5560 dissect_sa_kek(tvbuff_t *tvb, packet_info *pinfo _U_, int offset, int length, proto_tree *tree)
5561 {
5562 int payload_end = 0;
5563 uint32_t src_id_length, dst_id_length;
5564
5565 uint8_t next_payload;
5566 uint16_t payload_length;
5567
5568 next_payload = tvb_get_uint8(tvb, offset);
5569 payload_length = tvb_get_ntohs(tvb, offset + 2);
5570
5571 payload_end = offset + payload_length;
5572 proto_tree_add_item(tree, hf_isakmp_sak_next_payload, tvb, offset, 1, ENC_BIG_ENDIAN);
5573 proto_tree_add_item(tree, hf_isakmp_sak_reserved, tvb, offset+1, 1, ENC_BIG_ENDIAN);
5574 proto_tree_add_item(tree, hf_isakmp_sak_payload_len, tvb, offset+2, 2, ENC_BIG_ENDIAN);
5575 offset += 4;
5576
5577 proto_tree_add_item(tree, hf_isakmp_sak_protocol, tvb, offset, 1, ENC_BIG_ENDIAN);
5578 offset += 1;
5579 proto_tree_add_item(tree, hf_isakmp_sak_src_id_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5580 offset += 1;
5581 proto_tree_add_item(tree, hf_isakmp_sak_src_id_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5582 offset += 2;
5583 proto_tree_add_item_ret_uint(tree, hf_isakmp_sak_src_id_length, tvb, offset, 1, ENC_BIG_ENDIAN, &src_id_length);
5584 offset += 1;
5585 if (src_id_length > 0) {
5586 proto_tree_add_item(tree, hf_isakmp_sak_src_id_data, tvb, offset, src_id_length, ENC_NA);
5587 offset += src_id_length;
5588 }
5589 proto_tree_add_item(tree, hf_isakmp_sak_dst_id_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5590 offset += 1;
5591 proto_tree_add_item(tree, hf_isakmp_sak_dst_id_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5592 offset += 2;
5593 proto_tree_add_item_ret_uint(tree, hf_isakmp_sak_dst_id_length, tvb, offset, 1, ENC_BIG_ENDIAN, &dst_id_length);
5594 offset += 1;
5595 if (dst_id_length > 0) {
5596 proto_tree_add_item(tree, hf_isakmp_sak_dst_id_data, tvb, offset, dst_id_length, ENC_NA);
5597 offset += dst_id_length;
5598 }
5599 proto_tree_add_item(tree, hf_isakmp_sak_spi, tvb, offset, 16, ENC_NA);
5600 offset += 16;
5601 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 4, ENC_NA);
5602 offset += 4;
5603 while (offset < payload_end) {
5604 offset += dissect_ipsec_attribute(tvb, pinfo, tree, offset);
5605 }
5606 if(PLOAD_IKE_SAT == next_payload)
5607 {
5608 dissect_sa_tek(tvb, pinfo, offset, length, tree);
5609 }
5610 /* GAP payload could also be here*/
5611 }
5612
5613 static void
5614 // NOLINTNEXTLINE(misc-no-recursion)
5615 dissect_sa_tek(tvbuff_t *tvb, packet_info *pinfo _U_, int offset, int length, proto_tree *tree)
5616 {
5617 int offset_end = 0, payload_end=0;
5618 uint32_t protocol_id, src_id_length, dst_id_length;
5619 offset_end = offset + length;
5620 uint8_t next_payload, id_type;
5621 uint16_t payload_length;
5622 proto_item * ti;
5623 proto_item * ntree;
5624 proto_item * idit;
5625 proto_tree * idtree;
5626
5627 next_payload = tvb_get_uint8(tvb, offset);
5628 payload_length = tvb_get_ntohs(tvb, offset + 2);
5629
5630 payload_end = offset + payload_length;
5631
5632 ti = proto_tree_add_uint(tree, hf_isakmp_typepayload, tvb, offset, payload_length, PLOAD_IKE_SAT);
5633
5634 ntree = proto_item_add_subtree(ti, ett_isakmp_payload);
5635
5636 proto_tree_add_item(ntree, hf_isakmp_sat_next_payload, tvb, offset, 1, ENC_BIG_ENDIAN);
5637 proto_tree_add_item(ntree, hf_isakmp_sat_reserved, tvb, offset+1, 1, ENC_BIG_ENDIAN);
5638 proto_tree_add_item(ntree, hf_isakmp_sat_payload_len, tvb, offset+2, 2, ENC_BIG_ENDIAN);
5639
5640 offset += 4;
5641 proto_tree_add_item_ret_uint(ntree, hf_isakmp_sat_protocol_id, tvb, offset, 1, ENC_BIG_ENDIAN, &protocol_id);
5642 offset += 1;
5643 if (protocol_id == 1 || protocol_id == 2) {
5644 proto_tree_add_item(ntree, hf_isakmp_sat_protocol, tvb, offset, 1, ENC_BIG_ENDIAN);
5645 offset += 1;
5646 id_type = tvb_get_uint8(tvb, offset);
5647 proto_tree_add_item(ntree, hf_isakmp_sat_src_id_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5648 offset += 1;
5649 proto_tree_add_item(ntree, hf_isakmp_sat_src_id_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5650 offset += 2;
5651 proto_tree_add_item_ret_uint(ntree, hf_isakmp_sat_src_id_length, tvb, offset, 2, ENC_BIG_ENDIAN, &src_id_length);
5652 offset += 2;
5653 if (src_id_length > 0) {
5654 idit = proto_tree_add_item(ntree, hf_isakmp_sat_src_id_data, tvb, offset, src_id_length, ENC_NA);
5655 idtree = proto_item_add_subtree(idit, ett_isakmp_id);
5656 dissect_id_type(tvb, offset, src_id_length, id_type, idtree, idit, pinfo);
5657 offset += src_id_length;
5658 }
5659 id_type = tvb_get_uint8(tvb, offset);
5660 proto_tree_add_item(ntree, hf_isakmp_sat_dst_id_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5661 offset += 1;
5662 proto_tree_add_item(ntree, hf_isakmp_sat_dst_id_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5663 offset += 2;
5664 proto_tree_add_item_ret_uint(ntree, hf_isakmp_sat_dst_id_length, tvb, offset, 2, ENC_BIG_ENDIAN, &dst_id_length);
5665 offset += 2;
5666 if (dst_id_length > 0) {
5667 idit = proto_tree_add_item(ntree, hf_isakmp_sat_dst_id_data, tvb, offset, dst_id_length, ENC_NA);
5668 idtree = proto_item_add_subtree(idit, ett_isakmp_id);
5669 dissect_id_type(tvb, offset, dst_id_length, id_type, idtree, idit, pinfo);
5670 offset += dst_id_length;
5671 }
5672 proto_tree_add_item(ntree, hf_isakmp_sat_transform_id, tvb, offset, 1, ENC_BIG_ENDIAN);
5673 offset += 1;
5674 proto_tree_add_item(ntree, hf_isakmp_sat_spi, tvb, offset, 4, ENC_NA);
5675 offset += 4;
5676 while (offset < payload_end) {
5677 offset += dissect_ipsec_attribute(tvb, pinfo, ntree, offset);
5678 }
5679 if(PLOAD_IKE_SAT == next_payload)
5680 {
5681 increment_dissection_depth(pinfo);
5682 dissect_sa_tek(tvb, pinfo, offset, length, tree);
5683 decrement_dissection_depth(pinfo);
5684 }
5685 } else {
5686 proto_tree_add_item(ntree, hf_isakmp_sat_payload, tvb, offset, offset_end - offset, ENC_NA);
5687 }
5688
5689 }
5690
5691 /* Returns the number of bytes consumed by this attribute. */
5692 static int
5693 dissect_tek_key_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset)
5694 {
5695 unsigned headerlen, value_len, attr_type;
5696 proto_item *attr_item;
5697 proto_tree *attr_tree;
5698
5699 dissect_attribute_header(tvb, tree, offset,
5700 hf_isakmp_tek_key_attr, tek_key_attr_type,
5701 &headerlen, &value_len, &attr_type,
5702 &attr_item, &attr_tree);
5703
5704 if (value_len == 0)
5705 {
5706 expert_add_info(pinfo, attr_item, &ei_isakmp_attribute_value_empty);
5707 return headerlen;
5708 }
5709
5710 return headerlen + value_len;
5711 }
5712
5713 static void
5714 dissect_key_download(tvbuff_t *tvb, packet_info *pinfo _U_, int offset, int length, proto_tree *tree, int isakmp_version)
5715 {
5716 int offset_end = 0, payload_end=0;
5717 uint32_t num_key_pkt, kdp_length, kdp_spi_size;
5718 proto_item *kd_item;
5719 proto_tree *payload_tree;
5720 offset_end = offset + length;
5721
5722 if (isakmp_version == 1) {
5723
5724 proto_tree_add_item_ret_uint(tree, hf_isakmp_kd_num_key_pkt, tvb, offset, 2, ENC_BIG_ENDIAN, &num_key_pkt);
5725 offset += 2;
5726 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 2, ENC_NA);
5727 offset += 2;
5728 while ((num_key_pkt > 0) && (offset_end > offset)) {
5729 kd_item = proto_tree_add_item(tree, hf_isakmp_kd_payload, tvb, offset, tvb_get_ntohs(tvb, offset + 2), ENC_NA);
5730 payload_tree = proto_item_add_subtree(kd_item, ett_isakmp_kd);
5731 proto_tree_add_item(payload_tree, hf_isakmp_kdp_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5732 offset += 1;
5733 proto_tree_add_item(payload_tree, hf_isakmp_reserved, tvb, offset, 1, ENC_NA);
5734 offset += 1;
5735 proto_tree_add_item_ret_uint(payload_tree, hf_isakmp_kdp_length, tvb, offset, 2, ENC_BIG_ENDIAN, &kdp_length);
5736 payload_end = offset + kdp_length -2;
5737 offset += 2;
5738 proto_tree_add_item_ret_uint(payload_tree, hf_isakmp_kdp_spi_size, tvb, offset, 1, ENC_BIG_ENDIAN, &kdp_spi_size);
5739 offset += 1;
5740 if (kdp_spi_size > 0) {
5741 proto_tree_add_item(payload_tree, hf_isakmp_kdp_spi, tvb, offset, kdp_spi_size, ENC_NA);
5742 offset += kdp_spi_size;
5743 }
5744 while (offset < payload_end) {
5745 offset += dissect_tek_key_attribute(tvb, pinfo, payload_tree, offset);
5746 }
5747 num_key_pkt -= 1;
5748 }
5749
5750 } else {
5751 /* TODO: For IKEv2: currently only draft status: draft-yeung-g-ikev2-15 */
5752 /* Skip dissection for unknown IKE versions. */
5753 return;
5754 }
5755 }
5756
5757 static void
5758 dissect_sequence(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree)
5759 {
5760 if (length != 4) {
5761 proto_tree_add_expert_format(tree, pinfo, &ei_isakmp_payload_bad_length, tvb, 0, 0,
5762 "Payload (bogus, length is %u, should be 4", length);
5763 return;
5764 }
5765 proto_tree_add_item(tree, hf_isakmp_seq_seq, tvb, offset, 4, ENC_BIG_ENDIAN);
5766 }
5767
5768 static void
5769 dissect_nat_discovery(tvbuff_t *tvb, int offset, int length, proto_tree *tree )
5770 {
5771 proto_tree_add_item(tree, hf_isakmp_nat_hash, tvb, offset, length, ENC_NA);
5772 }
5773
5774 static void
5775 dissect_nat_original_address(tvbuff_t *tvb, int offset, int length _U_, proto_tree *tree, int isakmp_version)
5776 {
5777 uint8_t id_type;
5778
5779 id_type = tvb_get_uint8(tvb, offset);
5780 if (isakmp_version == 1)
5781 {
5782 proto_tree_add_item(tree, hf_isakmp_id_type_v1, tvb, offset, 1, ENC_BIG_ENDIAN);
5783 }else if (isakmp_version == 2)
5784 {
5785 proto_tree_add_item(tree, hf_isakmp_id_type_v2, tvb, offset, 1, ENC_BIG_ENDIAN);
5786 }
5787 offset += 1;
5788
5789 offset += 3; /* reserved */
5790
5791 switch (id_type) {
5792
5793 case IKE_ID_IPV4_ADDR:
5794 proto_tree_add_item(tree, hf_isakmp_nat_original_address_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
5795 break;
5796
5797 case IKE_ID_IPV6_ADDR:
5798 proto_tree_add_item(tree, hf_isakmp_nat_original_address_ipv6, tvb, offset, 16, ENC_NA);
5799 break;
5800
5801 default:
5802 break;
5803 }
5804 }
5805
5806 static int
5807 dissect_ts(tvbuff_t *tvb, int offset, proto_tree *payload_tree)
5808 {
5809 uint8_t tstype, protocol_id;
5810 uint16_t len;
5811 proto_item *ts_item;
5812 proto_tree *tree;
5813 const char *ts_typename;
5814
5815 len = tvb_get_uint16(tvb, offset + 2, ENC_BIG_ENDIAN);
5816 if (len < 4)
5817 return 4;
5818
5819 ts_item = proto_tree_add_item(payload_tree, hf_isakmp_ts_data, tvb, offset, len, ENC_NA);
5820 tree = proto_item_add_subtree(ts_item, ett_isakmp_ts);
5821
5822 tstype = tvb_get_uint8(tvb, offset);
5823 proto_tree_add_item(tree, hf_isakmp_ts_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5824 ts_typename = rval_to_str(tstype, traffic_selector_type, "Unknown Type (%d)");
5825 proto_item_append_text(ts_item, ": %s", ts_typename);
5826
5827 offset += 1;
5828
5829 switch (tstype) {
5830 case IKEV2_TS_IPV4_ADDR_RANGE:
5831 protocol_id = tvb_get_uint8(tvb, offset);
5832 if (protocol_id == 0)
5833 proto_tree_add_uint_format_value(tree, hf_isakmp_ts_protoid, tvb, offset,1,
5834 protocol_id, "Unused");
5835 else
5836 proto_tree_add_item(tree, hf_isakmp_ts_protoid, tvb, offset, 1, ENC_BIG_ENDIAN);
5837 offset += 1;
5838
5839 proto_tree_add_item(tree, hf_isakmp_ts_selector_length, tvb, offset, 2, ENC_BIG_ENDIAN);
5840 offset += 2;
5841
5842 proto_tree_add_item(tree, hf_isakmp_ts_start_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5843 offset += 2;
5844
5845 proto_tree_add_item(tree, hf_isakmp_ts_end_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5846 offset += 2;
5847
5848 proto_tree_add_item(tree, hf_isakmp_ts_start_addr_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
5849 offset += 4;
5850
5851 proto_tree_add_item(tree, hf_isakmp_ts_end_addr_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
5852 break;
5853
5854 case IKEV2_TS_IPV6_ADDR_RANGE:
5855 protocol_id = tvb_get_uint8(tvb, offset);
5856 if (protocol_id == 0)
5857 proto_tree_add_uint_format_value(tree, hf_isakmp_ts_protoid, tvb, offset,1,
5858 protocol_id, "Unused");
5859 else
5860 proto_tree_add_item(tree, hf_isakmp_ts_protoid, tvb, offset, 1, ENC_BIG_ENDIAN);
5861 offset += 1;
5862
5863 proto_tree_add_item(tree, hf_isakmp_ts_selector_length, tvb, offset, 2, ENC_BIG_ENDIAN);
5864 offset += 2;
5865
5866 proto_tree_add_item(tree, hf_isakmp_ts_start_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5867 offset += 2;
5868
5869 proto_tree_add_item(tree, hf_isakmp_ts_end_port, tvb, offset, 2, ENC_BIG_ENDIAN);
5870 offset += 2;
5871
5872 proto_tree_add_item(tree, hf_isakmp_ts_start_addr_ipv6, tvb, offset, 16, ENC_NA);
5873 offset += 16;
5874
5875 proto_tree_add_item(tree, hf_isakmp_ts_end_addr_ipv6, tvb, offset, 16, ENC_NA);
5876 break;
5877
5878 case IKEV2_TS_FC_ADDR_RANGE:
5879 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 1, ENC_NA);
5880 offset += 1;
5881
5882 proto_tree_add_item(tree, hf_isakmp_ts_selector_length, tvb, offset, 2, ENC_BIG_ENDIAN);
5883 offset += 2;
5884
5885 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 1, ENC_NA);
5886 offset += 1;
5887
5888 proto_tree_add_item(tree, hf_isakmp_ts_start_addr_fc, tvb, offset, 3, ENC_BIG_ENDIAN);
5889 offset += 3;
5890
5891 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 1, ENC_NA);
5892 offset += 1;
5893
5894 proto_tree_add_item(tree, hf_isakmp_ts_end_addr_fc, tvb, offset, 3, ENC_BIG_ENDIAN);
5895 offset += 3;
5896
5897 proto_tree_add_item(tree, hf_isakmp_ts_start_r_ctl, tvb, offset, 1, ENC_BIG_ENDIAN);
5898 offset += 1;
5899
5900 proto_tree_add_item(tree, hf_isakmp_ts_end_r_ctl, tvb, offset, 1, ENC_BIG_ENDIAN);
5901 offset += 1;
5902
5903 proto_tree_add_item(tree, hf_isakmp_ts_start_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5904 offset += 1;
5905
5906 proto_tree_add_item(tree, hf_isakmp_ts_end_type, tvb, offset, 1, ENC_BIG_ENDIAN);
5907 break;
5908 }
5909
5910 return len;
5911 }
5912
5913 static void
5914 dissect_ts_payload(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
5915 {
5916 uint8_t num;
5917 int offset_end = offset + length;
5918
5919 num = tvb_get_uint8(tvb, offset);
5920 proto_item_append_text(tree," # %d", num);
5921 proto_tree_add_item(tree, hf_isakmp_ts_number_of_ts, tvb, offset, 1, ENC_BIG_ENDIAN);
5922 offset += 1;
5923
5924 proto_tree_add_item(tree, hf_isakmp_reserved, tvb, offset, 3, ENC_NA);
5925 offset += 3;
5926
5927 while (offset < offset_end) {
5928 offset += dissect_ts(tvb, offset, tree);
5929 }
5930 }
5931
5932 /* For IKEv2, decrypt payload if necessary and dissect using inner_payload */
5933 /* For RFC 7383 reassembly, only need decrypted payload, so don't set dissect_payload_now .*/
5934 /* TODO: rename? */
5935 static tvbuff_t*
5936 // NOLINTNEXTLINE(misc-no-recursion)
5937 dissect_enc(tvbuff_t *tvb,
5938 int offset,
5939 int length,
5940 proto_tree *tree,
5941 packet_info *pinfo,
5942 uint8_t inner_payload,
5943 bool is_request,
5944 void* decr_info,
5945 bool dissect_payload_now)
5946 {
5947 ikev2_decrypt_data_t *key_info = NULL;
5948 int iv_len, encr_data_len, icd_len, decr_data_len, md_len, icv_len, encr_key_len, encr_iv_len;
5949 uint8_t pad_len;
5950 unsigned char *iv = NULL, *encr_data = NULL, *decr_data = NULL, *entire_message = NULL, *md = NULL, *encr_iv = NULL;
5951 gcry_cipher_hd_t cipher_hd;
5952 gcry_md_hd_t md_hd;
5953 gcry_error_t err = 0;
5954 proto_item *item = NULL, *icd_item = NULL, *encr_data_item = NULL, *padlen_item = NULL, *iv_item = NULL;
5955 tvbuff_t *decr_tvb = NULL;
5956 int payloads_len;
5957 proto_tree *decr_tree = NULL, *decr_payloads_tree = NULL;
5958 unsigned char *aa_data = NULL, *icv_data = NULL;
5959 int aad_len = 0;
5960
5961 if (decr_info) {
5962 /* Need decryption details to know field lengths. */
5963 key_info = (ikev2_decrypt_data_t*)(decr_info);
5964
5965 /* Check if encr/auth specs are set properly (if for some case not, wireshark would crash) */
5966 if (!key_info->encr_spec || !key_info->auth_spec) {
5967 REPORT_DISSECTOR_BUG("IKEv2: decryption/integrity specs not set-up properly: encr_spec: %p, auth_spec: %p",
5968 (void *)key_info->encr_spec, (void*)key_info->auth_spec);
5969 }
5970
5971 iv_len = key_info->encr_spec->iv_len;
5972 icv_len = key_info->encr_spec->icv_len;
5973 icd_len = icv_len ? icv_len : (int)key_info->auth_spec->trunc_len;
5974 encr_data_len = length - iv_len - icd_len;
5975 encr_key_len = key_info->encr_spec->key_len;
5976 encr_iv_len = iv_len;
5977
5978 /*
5979 * Zero or negative length of encrypted data shows that the user specified
5980 * wrong encryption algorithm and/or authentication algorithm.
5981 */
5982 if (encr_data_len <= 0) {
5983 proto_tree_add_expert(tree, pinfo, &ei_isakmp_enc_iv, tvb, offset, length);
5984 return NULL;
5985 }
5986
5987 /*
5988 * Add the IV to the tree and store it in a packet scope buffer for later decryption
5989 * if the specified encryption algorithm uses IV.
5990 */
5991 if (iv_len) {
5992 if (dissect_payload_now) {
5993 iv_item = proto_tree_add_item(tree, hf_isakmp_enc_iv, tvb, offset, iv_len, ENC_NA);
5994 proto_item_append_text(iv_item, " (%d bytes)", iv_len);
5995 }
5996 iv = (unsigned char *)tvb_memdup(pinfo->pool, tvb, offset, iv_len);
5997 encr_iv = iv;
5998
5999 offset += iv_len;
6000 }
6001
6002 /*
6003 * Add the encrypted portion to the tree and store it in a packet scope buffer for later decryption.
6004 */
6005 if (dissect_payload_now) {
6006 encr_data_item = proto_tree_add_item(tree, hf_isakmp_enc_data, tvb, offset, encr_data_len, ENC_NA);
6007 proto_item_append_text(encr_data_item, " (%d bytes)",encr_data_len);
6008 proto_item_append_text(encr_data_item, " <%s>", val_to_str(key_info->encr_spec->number, vs_ikev2_encr_algs, "Unknown cipher: %d"));
6009 }
6010 encr_data = (unsigned char *)tvb_memdup(pinfo->pool, tvb, offset, encr_data_len);
6011 offset += encr_data_len;
6012
6013 /*
6014 * Add the ICD (Integrity Checksum Data) to the tree before decryption to ensure
6015 * the ICD be displayed even if the decryption fails.
6016 */
6017 if (icd_len) {
6018 icd_item = proto_tree_add_item(tree, hf_isakmp_enc_icd, tvb, offset, icd_len, ENC_NA);
6019 proto_item_append_text(icd_item, " (%d bytes)",icd_len);
6020
6021 /*
6022 * Recalculate ICD value if the specified authentication algorithm allows it.
6023 */
6024 if (icv_len) {
6025 /* For GCM/CCM algorithms ICD is computed during decryption.
6026 Must save offset and length of authenticated additional data (whole ISAKMP header
6027 without iv and encrypted data) and ICV for later verification */
6028 aad_len = offset - iv_len - encr_data_len;
6029 aa_data = (unsigned char *)tvb_memdup(pinfo->pool, tvb, 0, aad_len);
6030 icv_data = (unsigned char *)tvb_memdup(pinfo->pool, tvb, offset, icv_len);
6031 } else
6032 if (key_info->auth_spec->gcry_alg) {
6033 proto_item_append_text(icd_item, " <%s>", val_to_str(key_info->auth_spec->number, vs_ikev2_auth_algs, "Unknown mac algo: %d"));
6034 err = gcry_md_open(&md_hd, key_info->auth_spec->gcry_alg, key_info->auth_spec->gcry_flag);
6035 if (err) {
6036 REPORT_DISSECTOR_BUG("IKEv2 hashing error: algorithm %d: gcry_md_open failed: %s",
6037 key_info->auth_spec->gcry_alg, gcry_strerror(err));
6038 }
6039 err = gcry_md_setkey(md_hd, key_info->auth_key, key_info->auth_spec->key_len);
6040 if (err) {
6041 gcry_md_close(md_hd);
6042 REPORT_DISSECTOR_BUG("IKEv2 hashing error: algorithm %s, key length %u: gcry_md_setkey failed: %s",
6043 gcry_md_algo_name(key_info->auth_spec->gcry_alg), key_info->auth_spec->key_len, gcry_strerror(err));
6044 }
6045
6046 /* Calculate hash over the bytes from the beginning of the ISAKMP header to the right before the ICD. */
6047 entire_message = (unsigned char *)tvb_memdup(pinfo->pool, tvb, 0, offset);
6048 gcry_md_write(md_hd, entire_message, offset);
6049 md = gcry_md_read(md_hd, 0);
6050 md_len = gcry_md_get_algo_dlen(key_info->auth_spec->gcry_alg);
6051 if (md_len < icd_len) {
6052 gcry_md_close(md_hd);
6053 REPORT_DISSECTOR_BUG("IKEv2 hashing error: algorithm %s: gcry_md_get_algo_dlen returned %d which is smaller than icd length %d",
6054 gcry_md_algo_name(key_info->auth_spec->gcry_alg), md_len, icd_len);
6055 }
6056 if (tvb_memeql(tvb, offset, md, icd_len) == 0) {
6057 proto_item_append_text(icd_item, "[correct]");
6058 } else {
6059 proto_item_append_text(icd_item, "[incorrect, should be %s]", bytes_to_str(pinfo->pool, md, icd_len));
6060 expert_add_info(pinfo, icd_item, &ei_isakmp_ikev2_integrity_checksum);
6061 }
6062 gcry_md_close(md_hd);
6063 } else {
6064 proto_item_append_text(icd_item, "[not validated]");
6065 }
6066 }
6067
6068 /*
6069 * Confirm encrypted data length is multiple of block size.
6070 */
6071 if (encr_data_len % key_info->encr_spec->block_len != 0) {
6072 proto_item_append_text(encr_data_item, "[Invalid length, should be a multiple of block size (%u)]",
6073 key_info->encr_spec->block_len);
6074 expert_add_info(pinfo, encr_data_item, &ei_isakmp_enc_data_length_mult_block_size);
6075 return NULL;
6076 }
6077
6078 /*
6079 * Allocate buffer for decrypted data.
6080 */
6081 decr_data = (unsigned char*)wmem_alloc(pinfo->pool, encr_data_len);
6082 decr_data_len = encr_data_len;
6083
6084 /*
6085 * If the cipher is NULL, just copy the encrypted data to the decrypted data buffer.
6086 * And otherwise perform decryption with libgcrypt.
6087 */
6088 if (key_info->encr_spec->number == IKEV2_ENCR_NULL) {
6089 memcpy(decr_data, encr_data, decr_data_len);
6090 } else {
6091 err = gcry_cipher_open(&cipher_hd, key_info->encr_spec->gcry_alg, key_info->encr_spec->gcry_mode, 0);
6092 if (err) {
6093 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d, mode %d: gcry_cipher_open failed: %s",
6094 key_info->encr_spec->gcry_alg, key_info->encr_spec->gcry_mode, gcry_strerror(err));
6095 }
6096
6097 /* Handling CTR mode and AEAD ciphers */
6098 if( key_info->encr_spec->salt_len ) {
6099 int encr_iv_offset = 0;
6100 encr_key_len = key_info->encr_spec->key_len - key_info->encr_spec->salt_len;
6101 encr_iv_len = key_info->encr_spec->salt_len + iv_len;
6102 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CTR) {
6103 encr_iv_len = (int)gcry_cipher_get_algo_blklen(key_info->encr_spec->gcry_alg);
6104 if ((key_info->encr_spec->number >= IKEV2_ENCR_AES_CCM_128_16 && key_info->encr_spec->number <= IKEV2_ENCR_AES_CCM_256_12))
6105 encr_iv_offset = 1;
6106 }
6107
6108 if (encr_key_len < 0 || encr_iv_len < encr_iv_offset + (int)key_info->encr_spec->salt_len + iv_len) {
6109 gcry_cipher_close(cipher_hd);
6110 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d, key length %d, salt length %d, input iv length %d, cipher iv length: %d: invalid length(s) of cipher parameters",
6111 key_info->encr_spec->gcry_alg, encr_key_len, key_info->encr_spec->salt_len, iv_len, encr_iv_len);
6112 }
6113
6114 encr_iv = (unsigned char *)wmem_alloc0(pinfo->pool, encr_iv_len);
6115 memcpy( encr_iv + encr_iv_offset, key_info->encr_key + encr_key_len, key_info->encr_spec->salt_len );
6116 if(iv) {
6117 memcpy( encr_iv + encr_iv_offset + key_info->encr_spec->salt_len, iv, iv_len );
6118 }
6119 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CTR) {
6120 encr_iv[encr_iv_len-1] = 1;
6121 /* fallback for gcrypt not having AEAD ciphers */
6122 if ((key_info->encr_spec->number >= IKEV2_ENCR_AES_GCM_128_16 && key_info->encr_spec->number <= IKEV2_ENCR_AES_GCM_256_12))
6123 encr_iv[encr_iv_len-1]++;
6124 if ((key_info->encr_spec->number >= IKEV2_ENCR_AES_CCM_128_16 && key_info->encr_spec->number <= IKEV2_ENCR_AES_CCM_256_12))
6125 encr_iv[0] = (unsigned char)(encr_iv_len - 2 - key_info->encr_spec->salt_len - iv_len);
6126 }
6127 }
6128
6129 err = gcry_cipher_setkey(cipher_hd, key_info->encr_key, encr_key_len);
6130 if (err) {
6131 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d, key length %d: gcry_cipher_setkey failed: %s",
6132 key_info->encr_spec->gcry_alg, encr_key_len, gcry_strerror(err));
6133 }
6134 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CTR)
6135 err = gcry_cipher_setctr(cipher_hd, encr_iv, encr_iv_len);
6136 else
6137 err = gcry_cipher_setiv(cipher_hd, encr_iv, encr_iv_len);
6138 if (err) {
6139 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d, iv length %d: gcry_cipher_setiv/gcry_cipher_setctr failed: %s",
6140 key_info->encr_spec->gcry_alg, encr_iv_len, gcry_strerror(err));
6141 }
6142
6143 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CCM) {
6144 uint64_t ccm_lengths[3];
6145 ccm_lengths[0] = encr_data_len;
6146 ccm_lengths[1] = aad_len;
6147 ccm_lengths[2] = icv_len;
6148
6149 err = gcry_cipher_ctl(cipher_hd, GCRYCTL_SET_CCM_LENGTHS, ccm_lengths, sizeof(ccm_lengths));
6150 if (err) {
6151 gcry_cipher_close(cipher_hd);
6152 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d: gcry_cipher_ctl(GCRYCTL_SET_CCM_LENGTHS) failed: %s",
6153 key_info->encr_spec->gcry_alg, gcry_strerror(err));
6154 }
6155 }
6156
6157 if (aad_len) {
6158 err = gcry_cipher_authenticate(cipher_hd, aa_data, aad_len);
6159 if (err) {
6160 gcry_cipher_close(cipher_hd);
6161 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d: gcry_cipher_authenticate failed: %s",
6162 key_info->encr_spec->gcry_alg, gcry_strerror(err));
6163 }
6164 }
6165
6166 err = gcry_cipher_decrypt(cipher_hd, decr_data, decr_data_len, encr_data, encr_data_len);
6167 if (err) {
6168 gcry_cipher_close(cipher_hd);
6169 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d: gcry_cipher_decrypt failed: %s",
6170 key_info->encr_spec->gcry_alg, gcry_strerror(err));
6171 }
6172
6173 if (icv_len) {
6174 /* gcry_cipher_checktag() doesn't work on 1.6.x version well - requires all of 16 bytes
6175 * of ICV, so it won't work with 12 and 8 bytes of ICV.
6176 * For 1.7.x version of libgcrypt we could use it safely. But for libgcrypt-1.6.x
6177 * we need to read tag from library and compare manually. Using that way we can also show
6178 * correct value if it is not valid.
6179 * CCM mode is not affected, but requires to pass icv_len to cry_cipher_gettag().
6180 *
6181 * Unfortunately gcrypt_cipher_gettag() have nothing similar to gcry_md_read(),
6182 * so we need copy data to buffer here.
6183 * Here, depending on cgrypt version gcm length shall be given differently:
6184 * - in 1.7.x length can be of any aproved length (4,8,12,13,14,15,16 bytes),
6185 * - in 1.6.x length must be equal of cipher block length. Aaargh... :-(
6186 * We use accepted for both versions length of block size for GCM (16 bytes).
6187 * For CCM length given must be the same as given to gcry_cipher_ctl(GCRYCTL_SET_CCM_LENGTHS)
6188 *
6189 * XXX: We now require libgcrypt 1.8.0, so presumably this could
6190 * be updated?
6191 */
6192 unsigned char *tag;
6193 int tag_len = icv_len;
6194 if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_GCM)
6195 tag_len = (int)gcry_cipher_get_algo_blklen(key_info->encr_spec->gcry_alg);
6196
6197 if (tag_len < icv_len) {
6198 gcry_cipher_close(cipher_hd);
6199 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d: gcry_cipher_get_algo_blklen returned %d which is smaller than icv length %d",
6200 key_info->encr_spec->gcry_alg, tag_len, icv_len);
6201 }
6202
6203 tag = (unsigned char *)wmem_alloc(pinfo->pool, tag_len);
6204 err = gcry_cipher_gettag(cipher_hd, tag, tag_len);
6205 if (err) {
6206 gcry_cipher_close(cipher_hd);
6207 REPORT_DISSECTOR_BUG("IKEv2 decryption error: algorithm %d: gcry_cipher_gettag failed: %s",
6208 key_info->encr_spec->gcry_alg, gcry_strerror(err));
6209 }
6210 else if (memcmp(tag, icv_data, icv_len) == 0)
6211 proto_item_append_text(icd_item, "[correct]");
6212 else {
6213 proto_item_append_text(icd_item, "[incorrect, should be %s]", bytes_to_str(pinfo->pool, tag, icv_len));
6214 expert_add_info(pinfo, icd_item, &ei_isakmp_ikev2_integrity_checksum);
6215 }
6216 }
6217
6218 gcry_cipher_close(cipher_hd);
6219 }
6220
6221 decr_tvb = tvb_new_child_real_data(tvb, decr_data, decr_data_len, decr_data_len);
6222 add_new_data_source(pinfo, decr_tvb, "Decrypted Data");
6223 item = proto_tree_add_item(tree, hf_isakmp_enc_decrypted_data, decr_tvb, 0, decr_data_len, ENC_NA);
6224 proto_item_append_text(item, " (%d byte%s)", decr_data_len, plurality(decr_data_len, "", "s"));
6225
6226 /* Move the ICD item to the bottom of the tree. */
6227 if (icd_item) {
6228 proto_tree_move_item(tree, item, icd_item);
6229 }
6230 decr_tree = proto_item_add_subtree(item, ett_isakmp_decrypted_data);
6231
6232 pad_len = tvb_get_uint8(decr_tvb, decr_data_len - 1);
6233 payloads_len = decr_data_len - 1 - pad_len;
6234
6235 if (payloads_len > 0) {
6236 item = proto_tree_add_item(decr_tree, hf_isakmp_enc_contained_data, decr_tvb, 0, payloads_len, ENC_NA);
6237 proto_item_append_text(item, " (%d byte%s)", payloads_len, plurality(payloads_len, "", "s"));
6238 decr_payloads_tree = proto_item_add_subtree(item, ett_isakmp_decrypted_payloads);
6239 }
6240
6241 padlen_item = proto_tree_add_item(decr_tree, hf_isakmp_enc_pad_length, decr_tvb, payloads_len + pad_len, 1, ENC_BIG_ENDIAN);
6242 if (pad_len > 0) {
6243 if (payloads_len < 0) {
6244 proto_item_append_text(padlen_item, " [too long]");
6245 expert_add_info(pinfo, padlen_item, &ei_isakmp_enc_pad_length_big);
6246 } else {
6247 item = proto_tree_add_item(decr_tree, hf_isakmp_enc_padding, decr_tvb, payloads_len, pad_len, ENC_NA);
6248 proto_item_append_text(item, " (%d byte%s)", pad_len, plurality(pad_len, "", "s"));
6249 proto_tree_move_item(decr_tree, item, padlen_item);
6250 }
6251 }
6252
6253 /*
6254 * We dissect the inner payloads at last in order to ensure displaying Padding, Pad Length and ICD
6255 * even if the dissection fails. This may occur when the user specify wrong encryption key.
6256 */
6257 if (dissect_payload_now) {
6258 dissect_payloads(decr_tvb, decr_payloads_tree, 2, inner_payload, 0, payloads_len, pinfo, 0, is_request, decr_info);
6259 }
6260 }else{
6261 proto_tree_add_item(tree, hf_isakmp_enc_iv, tvb, offset, 4, ENC_NA);
6262 proto_tree_add_item(tree, hf_isakmp_enc_data, tvb, offset+4 , length, ENC_NA);
6263 }
6264 return decr_tvb;
6265 }
6266
6267 static void
6268 dissect_eap(tvbuff_t *tvb, int offset, int length, proto_tree *tree, packet_info *pinfo)
6269 {
6270 tvbuff_t *eap_tvb;
6271
6272 eap_tvb = tvb_new_subset_length(tvb, offset, length);
6273 if ((eap_tvb != NULL)&& eap_handle != NULL){
6274 call_dissector(eap_handle, eap_tvb, pinfo, tree);
6275 }else{
6276 proto_tree_add_item(tree, hf_isakmp_eap_data, tvb, offset, length, ENC_NA);
6277 }
6278 }
6279
6280 static void
6281 dissect_gspm(tvbuff_t *tvb, int offset, int length, proto_tree *tree)
6282 {
6283 proto_tree_add_item(tree, hf_isakmp_gspm_data, tvb, offset, length, ENC_NA);
6284
6285 }
6286
6287 /*
6288 * Protocol initialization
6289 */
6290
6291 static unsigned
6292 isakmp_hash_func(const void *c) {
6293 const uint8_t *i_cookie = (const uint8_t *) c;
6294 unsigned val = 0, keychunk, i;
6295
6296 /* XOR our icookie down to the size of a unsigned */
6297 for (i = 0; i < COOKIE_SIZE - (COOKIE_SIZE % (unsigned)sizeof(keychunk)); i += (unsigned)sizeof(keychunk)) {
6298 memcpy(&keychunk, &i_cookie[i], sizeof(keychunk));
6299 val ^= keychunk;
6300 }
6301
6302 return val;
6303 }
6304
6305 static int
6306 isakmp_equal_func(const void *ic1, const void *ic2) {
6307
6308 if (memcmp(ic1, ic2, COOKIE_SIZE) == 0)
6309 return 1;
6310
6311 return 0;
6312 }
6313
6314 static unsigned ikev2_key_hash_func(const void *k) {
6315 const ikev2_uat_data_key_t *key = (const ikev2_uat_data_key_t*)k;
6316 unsigned hash, *key_segs;
6317 size_t key_segcount, i;
6318
6319 hash = 0;
6320
6321 /*
6322 * XOR our icookie down to the size of a unsigned.
6323 *
6324 * The cast to unsigned suppresses a warning 64-bit-to-32-bit narrowing
6325 * from some buggy C compilers (I'm looking at *you*,
6326 * i686-apple-darwin11-llvm-gcc-4.2 (GCC) 4.2.1
6327 * (Based on Apple Inc. build 5658) (LLVM build 2336.11.00).)
6328 */
6329 key_segcount = key->spii_len / (unsigned)sizeof(unsigned);
6330 key_segs = (unsigned *)key->spii;
6331 for (i = 0; i < key_segcount; i++) {
6332 hash ^= key_segs[i];
6333 }
6334 key_segcount = key->spir_len / (unsigned)sizeof(unsigned);
6335 key_segs = (unsigned *)key->spir;
6336 for (i = 0; i < key_segcount; i++) {
6337 hash ^= key_segs[i];
6338 }
6339
6340 return hash;
6341 }
6342
6343 static int ikev2_key_equal_func(const void *k1, const void *k2) {
6344 const ikev2_uat_data_key_t *key1 = (const ikev2_uat_data_key_t *)k1;
6345 const ikev2_uat_data_key_t *key2 = (const ikev2_uat_data_key_t *)k2;
6346 if (key1->spii_len != key2->spii_len) return 0;
6347 if (key1->spir_len != key2->spir_len) return 0;
6348 if (memcmp(key1->spii, key2->spii, key1->spii_len) != 0) return 0;
6349 if (memcmp(key1->spir, key2->spir, key1->spir_len) != 0) return 0;
6350
6351 return 1;
6352 }
6353
6354 static void
6355 free_cookie_key(void *key_arg)
6356 {
6357 uint8_t *ic_key = (uint8_t *)key_arg;
6358
6359 g_slice_free1(COOKIE_SIZE, ic_key);
6360 }
6361
6362 static void
6363 free_cookie_value(void *value)
6364 {
6365 decrypt_data_t *decr = (decrypt_data_t *)value;
6366
6367 g_free(decr->gi);
6368 g_free(decr->gr);
6369 g_hash_table_destroy(decr->iv_hash);
6370 g_slice_free1(sizeof(decrypt_data_t), decr);
6371 }
6372
6373 static void
6374 isakmp_init_protocol(void) {
6375 unsigned i;
6376 decrypt_data_t *decr;
6377 uint8_t *ic_key;
6378 isakmp_hash = g_hash_table_new_full(isakmp_hash_func, isakmp_equal_func,
6379 free_cookie_key, free_cookie_value);
6380
6381 for (i = 0; i < num_ikev1_uat_data; i++) {
6382 ic_key = (uint8_t *)g_slice_alloc(COOKIE_SIZE);
6383 memcpy(ic_key, ikev1_uat_data[i].icookie, COOKIE_SIZE);
6384
6385 decr = create_decrypt_data();
6386 memcpy(decr->secret, ikev1_uat_data[i].key, ikev1_uat_data[i].key_len);
6387 decr->secret_len = ikev1_uat_data[i].key_len;
6388
6389 g_hash_table_insert(isakmp_hash, ic_key, decr);
6390 }
6391 ikev2_key_hash = g_hash_table_new(ikev2_key_hash_func, ikev2_key_equal_func);
6392 for (i = 0; i < num_ikev2_uat_data; i++) {
6393 g_hash_table_insert(ikev2_key_hash, &(ikev2_uat_data[i].key), &(ikev2_uat_data[i]));
6394 /* Need find references to algorithms (as UAT table editing looses data not stored in file) */
6395 ikev2_uat_data[i].encr_spec = ikev2_decrypt_find_encr_spec(ikev2_uat_data[i].encr_alg);
6396 ikev2_uat_data[i].auth_spec = ikev2_decrypt_find_auth_spec(ikev2_uat_data[i].auth_alg);
6397 }
6398 defrag_next_payload_hash = g_hash_table_new(g_direct_hash, g_direct_equal);
6399 }
6400
6401 static void
6402 isakmp_cleanup_protocol(void) {
6403 g_hash_table_destroy(isakmp_hash);
6404 g_hash_table_destroy(ikev2_key_hash);
6405 g_hash_table_destroy(defrag_next_payload_hash);
6406 }
6407
6408 UAT_BUFFER_CB_DEF(ikev1_users, icookie, ikev1_uat_data_key_t, icookie, icookie_len)
6409 UAT_BUFFER_CB_DEF(ikev1_users, key, ikev1_uat_data_key_t, key, key_len)
6410
6411 static bool ikev1_uat_data_update_cb(void* p, char** err) {
6412 ikev1_uat_data_key_t *ud = (ikev1_uat_data_key_t *)p;
6413
6414 if (ud->icookie_len != COOKIE_SIZE) {
6415 *err = ws_strdup_printf("Length of Initiator's COOKIE must be %d octets (%d hex characters).", COOKIE_SIZE, COOKIE_SIZE * 2);
6416 return false;
6417 }
6418
6419 if (ud->key_len == 0) {
6420 *err = g_strdup("Must have Encryption key.");
6421 return false;
6422 }
6423
6424 if (ud->key_len > MAX_KEY_SIZE) {
6425 *err = ws_strdup_printf("Length of Encryption key limited to %d octets (%d hex characters).", MAX_KEY_SIZE, MAX_KEY_SIZE * 2);
6426 return false;
6427 }
6428
6429 return true;
6430 }
6431
6432 static void*
6433 ikev1_uat_data_copy_cb(void *dest, const void *source, size_t len _U_)
6434 {
6435 const ikev1_uat_data_key_t* o = (const ikev1_uat_data_key_t*)source;
6436 ikev1_uat_data_key_t* d = (ikev1_uat_data_key_t*)dest;
6437
6438 d->icookie = (unsigned char *)g_memdup2(o->icookie, o->icookie_len);
6439 d->icookie_len = o->icookie_len;
6440 d->key = (unsigned char *)g_memdup2(o->key, o->key_len);
6441 d->key_len = o->key_len;
6442
6443 return dest;
6444 }
6445
6446 static void
6447 ikev1_uat_data_free_cb(void *r)
6448 {
6449 ikev1_uat_data_key_t *rec = (ikev1_uat_data_key_t *)r;
6450 g_free(rec->icookie);
6451 g_free(rec->key);
6452 }
6453
6454 UAT_BUFFER_CB_DEF(ikev2_users, spii, ikev2_uat_data_t, key.spii, key.spii_len)
6455 UAT_BUFFER_CB_DEF(ikev2_users, spir, ikev2_uat_data_t, key.spir, key.spir_len)
6456 UAT_BUFFER_CB_DEF(ikev2_users, sk_ei, ikev2_uat_data_t, sk_ei, sk_ei_len)
6457 UAT_BUFFER_CB_DEF(ikev2_users, sk_er, ikev2_uat_data_t, sk_er, sk_er_len)
6458 UAT_VS_DEF(ikev2_users, encr_alg, ikev2_uat_data_t, unsigned, IKEV2_ENCR_3DES, IKEV2_ENCR_3DES_STR)
6459 UAT_BUFFER_CB_DEF(ikev2_users, sk_ai, ikev2_uat_data_t, sk_ai, sk_ai_len)
6460 UAT_BUFFER_CB_DEF(ikev2_users, sk_ar, ikev2_uat_data_t, sk_ar, sk_ar_len)
6461 UAT_VS_DEF(ikev2_users, auth_alg, ikev2_uat_data_t, unsigned, IKEV2_AUTH_HMAC_SHA1_96, IKEV2_AUTH_HMAC_SHA1_96_STR)
6462
6463 static void*
6464 ikev2_uat_data_copy_cb(void *dest, const void *source, size_t len _U_)
6465 {
6466 const ikev2_uat_data_t* o = (const ikev2_uat_data_t*)source;
6467 ikev2_uat_data_t* d = (ikev2_uat_data_t*)dest;
6468
6469 d->key.spii = (unsigned char *)g_memdup2(o->key.spii, o->key.spii_len);
6470 d->key.spii_len = o->key.spii_len;
6471
6472 d->key.spir = (unsigned char *)g_memdup2(o->key.spir, o->key.spir_len);
6473 d->key.spir_len = o->key.spir_len;
6474
6475 d->encr_alg = o->encr_alg;
6476 d->auth_alg = o->auth_alg;
6477
6478 d->sk_ei = (unsigned char *)g_memdup2(o->sk_ei, o->sk_ei_len);
6479 d->sk_ei_len = o->sk_ei_len;
6480
6481 d->sk_er = (unsigned char *)g_memdup2(o->sk_er, o->sk_er_len);
6482 d->sk_er_len = o->sk_er_len;
6483
6484 d->sk_ai = (unsigned char *)g_memdup2(o->sk_ai, o->sk_ai_len);
6485 d->sk_ai_len = o->sk_ai_len;
6486
6487 d->sk_ar = (unsigned char *)g_memdup2(o->sk_ar, o->sk_ar_len);
6488 d->sk_ar_len = o->sk_ar_len;
6489
6490 d->encr_spec = (ikev2_encr_alg_spec_t *)g_memdup2(o->encr_spec, sizeof(ikev2_encr_alg_spec_t));
6491 d->auth_spec = (ikev2_auth_alg_spec_t *)g_memdup2(o->auth_spec, sizeof(ikev2_auth_alg_spec_t));
6492
6493 return dest;
6494 }
6495
6496 static bool ikev2_uat_data_update_cb(void* p, char** err) {
6497 ikev2_uat_data_t *ud = (ikev2_uat_data_t *)p;
6498
6499 if (ud->key.spii_len != COOKIE_SIZE) {
6500 *err = ws_strdup_printf("Length of Initiator's SPI must be %d octets (%d hex characters).", COOKIE_SIZE, COOKIE_SIZE * 2);
6501 return false;
6502 }
6503
6504 if (ud->key.spir_len != COOKIE_SIZE) {
6505 *err = ws_strdup_printf("Length of Responder's SPI must be %d octets (%d hex characters).", COOKIE_SIZE, COOKIE_SIZE * 2);
6506 return false;
6507 }
6508
6509 if ((ud->encr_spec = ikev2_decrypt_find_encr_spec(ud->encr_alg)) == NULL) {
6510 REPORT_DISSECTOR_BUG("Couldn't get IKEv2 encryption algorithm spec.");
6511 }
6512
6513 if ((ud->auth_spec = ikev2_decrypt_find_auth_spec(ud->auth_alg)) == NULL) {
6514 REPORT_DISSECTOR_BUG("Couldn't get IKEv2 authentication algorithm spec.");
6515 }
6516
6517 if (ud->encr_spec->icv_len && ud->auth_spec->number != IKEV2_AUTH_NONE) {
6518 *err = ws_strdup_printf("Selected encryption_algorithm %s requires selecting NONE integrity algorithm.",
6519 val_to_str(ud->encr_spec->number, vs_ikev2_encr_algs, "other-%d"));
6520 return false;
6521 }
6522
6523 if (ud->sk_ei_len != ud->encr_spec->key_len) {
6524 *err = ws_strdup_printf("Length of SK_ei (%u octets) does not match the key length (%u octets) of the selected encryption algorithm.",
6525 ud->sk_ei_len, ud->encr_spec->key_len);
6526 return false;
6527 }
6528
6529 if (ud->sk_er_len != ud->encr_spec->key_len) {
6530 *err = ws_strdup_printf("Length of SK_er (%u octets) does not match the key length (%u octets) of the selected encryption algorithm.",
6531 ud->sk_er_len, ud->encr_spec->key_len);
6532 return false;
6533 }
6534
6535 if (ud->sk_ai_len != ud->auth_spec->key_len) {
6536 *err = ws_strdup_printf("Length of SK_ai (%u octets) does not match the key length (%u octets) of the selected integrity algorithm.",
6537 ud->sk_ai_len, ud->auth_spec->key_len);
6538 return false;
6539 }
6540
6541 if (ud->sk_ar_len != ud->auth_spec->key_len) {
6542 *err = ws_strdup_printf("Length of SK_ar (%u octets) does not match the key length (%u octets) of the selected integrity algorithm.",
6543 ud->sk_ar_len, ud->auth_spec->key_len);
6544 return false;
6545 }
6546
6547 return true;
6548 }
6549
6550 static void
6551 ikev2_uat_data_free_cb(void *r)
6552 {
6553 ikev2_uat_data_t *rec = (ikev2_uat_data_t *)r;
6554 g_free(rec->key.spii);
6555 g_free(rec->key.spir);
6556 g_free(rec->sk_ei);
6557 g_free(rec->sk_er);
6558 g_free(rec->sk_ai);
6559 g_free(rec->sk_ar);
6560 }
6561
6562 void
6563 proto_register_isakmp(void)
6564 {
6565 module_t *isakmp_module;
6566 static hf_register_info hf[] = {
6567 { &hf_isakmp_ispi,
6568 { "Initiator SPI", "isakmp.ispi",
6569 FT_BYTES, BASE_NONE, NULL, 0x0,
6570 "ISAKMP Initiator SPI", HFILL }},
6571 { &hf_isakmp_rspi,
6572 { "Responder SPI", "isakmp.rspi",
6573 FT_BYTES, BASE_NONE, NULL, 0x0,
6574 "ISAKMP Responder SPI", HFILL }},
6575 { &hf_isakmp_typepayload,
6576 { "Payload", "isakmp.typepayload",
6577 FT_UINT8,BASE_RANGE_STRING | BASE_DEC, RVALS(payload_type), 0x0,
6578 "ISAKMP Payload Type", HFILL }},
6579 { &hf_isakmp_nextpayload,
6580 { "Next payload", "isakmp.nextpayload",
6581 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(payload_type), 0x0,
6582 "ISAKMP Next Payload", HFILL }},
6583 { &hf_isakmp_criticalpayload,
6584 { "Critical Bit", "isakmp.criticalpayload",
6585 FT_BOOLEAN, 8,TFS(&tfs_critical_not_critical), 0x80,
6586 "IKEv2 Critical Payload", HFILL }},
6587 { &hf_isakmp_reserved7,
6588 { "Reserved", "isakmp.reserved7",
6589 FT_UINT8, BASE_HEX, NULL, 0x7F,
6590 NULL, HFILL }},
6591 { &hf_isakmp_reserved,
6592 { "Reserved", "isakmp.reserved",
6593 FT_BYTES, BASE_NONE, NULL, 0x0,
6594 NULL, HFILL }},
6595 { &hf_isakmp_extradata,
6596 { "Extra data", "isakmp.extradata",
6597 FT_BYTES, BASE_NONE, NULL, 0x0,
6598 "Extra data ??????", HFILL }},
6599 { &hf_isakmp_datapayload,
6600 { "Data Payload", "isakmp.datapayload",
6601 FT_BYTES, BASE_NONE, NULL, 0x0,
6602 "Data Payload (not dissect)", HFILL }},
6603 { &hf_isakmp_version,
6604 { "Version", "isakmp.version",
6605 FT_UINT8, BASE_HEX, NULL, 0x0,
6606 "ISAKMP Version (major + minor)", HFILL }},
6607 { &hf_isakmp_mjver,
6608 { "MjVer", "isakmp.mjver",
6609 FT_UINT8, BASE_HEX, NULL, 0xF0,
6610 "ISAKMP MjVer", HFILL }},
6611 { &hf_isakmp_mnver,
6612 { "MnVer", "isakmp.mnver",
6613 FT_UINT8, BASE_HEX, NULL, 0x0F,
6614 "ISAKMP MnVer", HFILL }},
6615 { &hf_isakmp_exchangetype_v1,
6616 { "Exchange type", "isakmp.exchangetype",
6617 FT_UINT8, BASE_DEC, VALS(exchange_v1_type), 0x0,
6618 "ISAKMP Exchange Type", HFILL }},
6619 { &hf_isakmp_exchangetype_v2,
6620 { "Exchange type", "isakmp.exchangetype",
6621 FT_UINT8, BASE_DEC, VALS(exchange_v2_type), 0x0,
6622 "ISAKMP Exchange Type", HFILL }},
6623 { &hf_isakmp_flags,
6624 { "Flags", "isakmp.flags",
6625 FT_UINT8, BASE_HEX, NULL, 0x0,
6626 "ISAKMP Flags", HFILL }},
6627 { &hf_isakmp_flag_e,
6628 { "Encryption", "isakmp.flag_e",
6629 FT_BOOLEAN, 8, TFS(&flag_e), E_FLAG,
6630 "Encryption Bit", HFILL }},
6631 { &hf_isakmp_flag_c,
6632 { "Commit", "isakmp.flag_c",
6633 FT_BOOLEAN, 8, TFS(&flag_c), C_FLAG,
6634 "Commit Bit", HFILL }},
6635 { &hf_isakmp_flag_a,
6636 { "Authentication", "isakmp.flag_a",
6637 FT_BOOLEAN, 8, TFS(&flag_a), A_FLAG,
6638 "Authentication Bit", HFILL }},
6639 { &hf_isakmp_flag_i,
6640 { "Initiator", "isakmp.flag_i",
6641 FT_BOOLEAN, 8, TFS(&flag_i), I_FLAG,
6642 "Initiator Bit", HFILL }},
6643 { &hf_isakmp_flag_v,
6644 { "Version", "isakmp.flag_v",
6645 FT_BOOLEAN, 8, TFS(&flag_v), V_FLAG,
6646 "Version Bit", HFILL }},
6647 { &hf_isakmp_flag_r,
6648 { "Response", "isakmp.flag_r",
6649 FT_BOOLEAN, 8, TFS(&tfs_response_request), R_FLAG,
6650 "Response Bit", HFILL }},
6651 { &hf_isakmp_messageid,
6652 { "Message ID", "isakmp.messageid",
6653 FT_UINT32, BASE_HEX, NULL, 0x0,
6654 "ISAKMP Message ID", HFILL }},
6655 { &hf_isakmp_length,
6656 { "Length", "isakmp.length",
6657 FT_UINT32, BASE_DEC, NULL, 0x0,
6658 "ISAKMP Length", HFILL }},
6659 { &hf_isakmp_payloadlen,
6660 { "Payload length", "isakmp.payloadlength",
6661 FT_UINT16, BASE_DEC, NULL, 0x0,
6662 "ISAKMP Payload Length", HFILL }},
6663 { &hf_isakmp_sa_doi,
6664 { "Domain of interpretation", "isakmp.sa.doi",
6665 FT_UINT32, BASE_DEC, VALS(doi_type), 0x0,
6666 "ISAKMP Domain of Interpretation", HFILL }},
6667 { &hf_isakmp_sa_situation,
6668 { "Situation", "isakmp.sa.situation",
6669 FT_BYTES, BASE_NONE, NULL, 0x0,
6670 "ISAKMP SA Situation", HFILL }},
6671 { &hf_isakmp_sa_attribute_next_payload,
6672 { "SA Attribute Next Payload", "isakmp.sa.next_attribute_payload",
6673 FT_BYTES, BASE_NONE, NULL, 0x0,
6674 "Payloads that define specific security association attributes for the KEK and/or TEKs", HFILL }},
6675 { &hf_isakmp_reserved2,
6676 { "Reserved2", "isakmp.reserved2",
6677 FT_BYTES, BASE_NONE, NULL, 0x0,
6678 NULL, HFILL }},
6679 { &hf_isakmp_sa_situation_identity_only,
6680 { "Identity Only", "isakmp.sa.situation.identity_only",
6681 FT_BOOLEAN, 32, NULL, SIT_IDENTITY_ONLY,
6682 "The type specifies that the SA will be identified by source identity information present in an associated Identification Payload", HFILL }},
6683 { &hf_isakmp_sa_situation_secrecy,
6684 { "Secrecy", "isakmp.sa.situation.secrecy",
6685 FT_BOOLEAN, 32, NULL, SIT_SECRECY,
6686 "The type specifies that the SA is being negotiated in an environment that requires labeled secrecy.", HFILL }},
6687 { &hf_isakmp_sa_situation_integrity,
6688 { "Integrity", "isakmp.sa.situation.integrity",
6689 FT_BOOLEAN, 32, NULL, SIT_INTEGRITY,
6690 "The type specifies that the SA is being negotiated in an environment that requires labeled integrity", HFILL }},
6691 { &hf_isakmp_prop_protoid_v1,
6692 { "Protocol ID", "isakmp.prop.protoid",
6693 FT_UINT32, BASE_DEC, VALS(protoid_v1_type), 0x0,
6694 "ISAKMP Proposal Protocol ID", HFILL }},
6695 { &hf_isakmp_prop_protoid_v2,
6696 { "Protocol ID", "isakmp.prop.protoid",
6697 FT_UINT32, BASE_DEC, VALS(protoid_v2_type), 0x0,
6698 "IKEv2 Proposal Protocol ID", HFILL }},
6699 { &hf_isakmp_prop_number,
6700 { "Proposal number", "isakmp.prop.number",
6701 FT_UINT8, BASE_DEC, NULL, 0x0,
6702 "ISAKMP Proposal Number", HFILL }},
6703 { &hf_isakmp_spisize,
6704 { "SPI Size", "isakmp.spisize",
6705 FT_UINT8, BASE_DEC, NULL, 0x0,
6706 NULL, HFILL }},
6707 { &hf_isakmp_spi,
6708 { "SPI", "isakmp.spi",
6709 FT_BYTES, BASE_NONE, NULL, 0x0,
6710 NULL, HFILL }},
6711 { &hf_isakmp_prop_transforms,
6712 { "Proposal transforms", "isakmp.prop.transforms",
6713 FT_UINT8, BASE_DEC, NULL, 0x0,
6714 "ISAKMP Proposal Transforms", HFILL }},
6715 { &hf_isakmp_trans_number,
6716 { "Transform number", "isakmp.trans.number",
6717 FT_UINT8, BASE_DEC, NULL, 0x0,
6718 "ISAKMP Transform Number", HFILL }},
6719 { &hf_isakmp_trans_id,
6720 { "Transform ID", "isakmp.trans.id",
6721 FT_UINT8, BASE_DEC, NULL, 0x0,
6722 "ISAKMP Transform ID", HFILL }},
6723 { &hf_isakmp_id_type_v1,
6724 { "ID type", "isakmp.id.type",
6725 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_id_type), 0x0,
6726 "IKEv1 ID Type", HFILL }},
6727 { &hf_isakmp_id_type_v2,
6728 { "ID type", "isakmp.id.type",
6729 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v2_id_type), 0x0,
6730 "IKEv2 ID Type", HFILL }},
6731 { &hf_isakmp_id_protoid,
6732 { "Protocol ID", "isakmp.id.protoid",
6733 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
6734 "ISAKMP ID Protocol ID", HFILL }},
6735 { &hf_isakmp_id_port,
6736 { "Port", "isakmp.id.port",
6737 FT_UINT16, BASE_DEC, NULL, 0x0,
6738 "ISAKMP ID Port", HFILL }},
6739 { &hf_isakmp_id_data,
6740 { "Identification Data:", "isakmp.id.data",
6741 FT_NONE, BASE_NONE, NULL, 0x0,
6742 "ISAKMP ID Data", HFILL }},
6743 { &hf_isakmp_id_data_ipv4_addr,
6744 { "ID_IPV4_ADDR", "isakmp.id.data.ipv4_addr",
6745 FT_IPv4, BASE_NONE, NULL, 0x0,
6746 "The type specifies a single four (4) octet IPv4 address", HFILL }},
6747 { &hf_isakmp_id_data_fqdn,
6748 { "ID_FQDN", "isakmp.id.data.fqdn",
6749 FT_STRING, BASE_NONE, NULL, 0x0,
6750 "The type specifies a fully-qualified domain name string", HFILL }},
6751 { &hf_isakmp_id_data_user_fqdn,
6752 { "ID_FQDN", "isakmp.id.data.user_fqdn",
6753 FT_STRING, BASE_NONE, NULL, 0x0,
6754 "The type specifies a fully-qualified username string", HFILL }},
6755 { &hf_isakmp_id_data_ipv4_subnet,
6756 { "ID_IPV4_SUBNET", "isakmp.id.data.ipv4_subnet",
6757 FT_IPv4, BASE_NONE, NULL, 0x0,
6758 "The second is an IPv4 network mask", HFILL }},
6759 { &hf_isakmp_id_data_ipv4_range_start,
6760 { "ID_IPV4_RANGE (Start)", "isakmp.id.data.ipv4_range_start",
6761 FT_IPv4, BASE_NONE, NULL, 0x0,
6762 "The first value is the beginning IPv4 address (inclusive)", HFILL }},
6763 { &hf_isakmp_id_data_ipv4_range_end,
6764 { "ID_IPV4_RANGE (End)", "isakmp.id.data.ipv4_range_end",
6765 FT_IPv4, BASE_NONE, NULL, 0x0,
6766 "The second value is the ending IPv4 address (inclusive)", HFILL }},
6767 { &hf_isakmp_id_data_ipv6_addr,
6768 { "ID_IPV6_ADDR", "isakmp.id.data.ipv6_addr",
6769 FT_IPv6, BASE_NONE, NULL, 0x0,
6770 "The type specifies a single sixteen (16) octet IPv6 address", HFILL }},
6771 { &hf_isakmp_id_data_ipv6_subnet,
6772 { "ID_IPV6A_ADDR_SUBNET", "isakmp.id.data.ipv6_subnet",
6773 FT_IPv6, BASE_NONE, NULL, 0x0,
6774 "The type specifies a range of IPv6 addresses represented by two sixteen (16) octet values", HFILL }},
6775 { &hf_isakmp_id_data_ipv6_range_start,
6776 { "ID_IPV6_ADDR_RANGE (Start)", "isakmp.id.data.ipv6_range_start",
6777 FT_IPv6, BASE_NONE, NULL, 0x0,
6778 "The first value is the beginning IPv6 address (inclusive)", HFILL }},
6779 { &hf_isakmp_id_data_ipv6_range_end,
6780 { "ID_IPV6_ADDR_RANGE (End)", "isakmp.id.data.ipv6_range_end",
6781 FT_IPv6, BASE_NONE, NULL, 0x0,
6782 "the second value is the ending IPv6 address (inclusive)", HFILL }},
6783 { &hf_isakmp_id_data_key_id,
6784 { "ID_KEY_ID", "isakmp.id.data.key_id",
6785 FT_BYTES, BASE_NONE, NULL, 0x0,
6786 "The type specifies an opaque byte stream which may be used to pass vendor-specific information necessary to identify which pre-shared key should be used to authenticate Aggressive mode negotiations", HFILL }},
6787 { &hf_isakmp_id_data_cert,
6788 { "ID_DER_ASN1_DN", "isakmp.id.data.der_asn1_dn",
6789 FT_UINT32, BASE_DEC, NULL, 0x0,
6790 NULL, HFILL } },
6791 { &hf_isakmp_cert_encoding_v1,
6792 { "Certificate Encoding", "isakmp.cert.encoding",
6793 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(cert_v1_type), 0x0,
6794 "ISAKMP Certificate Encoding", HFILL }},
6795 { &hf_isakmp_cert_encoding_v2,
6796 { "Certificate Encoding", "isakmp.cert.encoding",
6797 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(cert_v2_type), 0x0,
6798 "IKEv2 Certificate Encoding", HFILL }},
6799 { &hf_isakmp_cert_data,
6800 { "Certificate Data", "isakmp.cert.data",
6801 FT_NONE, BASE_NONE, NULL, 0x0,
6802 "ISAKMP Certificate Data", HFILL }},
6803 { &hf_isakmp_cert_x509_hash,
6804 { "Hash", "isakmp.cert.x509.hash",
6805 FT_BYTES, BASE_NONE, NULL, 0x0,
6806 NULL, HFILL }},
6807 { &hf_isakmp_cert_x509_url,
6808 { "URL", "isakmp.cert.x509.url",
6809 FT_STRING, BASE_NONE, NULL, 0x0,
6810 NULL, HFILL }},
6811 { &hf_isakmp_certreq_type_v1,
6812 { "Certificate Type", "isakmp.certreq.type",
6813 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(cert_v1_type), 0x0,
6814 "ISAKMP Certificate Type", HFILL }},
6815 { &hf_isakmp_certreq_type_v2,
6816 { "Certificate Type", "isakmp.certreq.type",
6817 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(cert_v2_type), 0x0,
6818 "IKEv2 Certificate Type", HFILL }},
6819 { &hf_isakmp_auth_meth,
6820 { "Authentication Method", "isakmp.auth.method",
6821 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(authmeth_v2_type), 0x0,
6822 "IKEv2 Authentication Method", HFILL }},
6823 { &hf_isakmp_auth_data,
6824 { "Authentication Data", "isakmp.auth.data",
6825 FT_BYTES, BASE_NONE, NULL, 0x0,
6826 "IKEv2 Authentication Data", HFILL }},
6827 { &hf_isakmp_auth_digital_sig_asn1_len,
6828 { "ASN.1 Length", "isakmp.auth.data.sig.asn1.len",
6829 FT_UINT8, BASE_DEC, NULL, 0x0,
6830 "IKEv2 Authentication Data Digital Signature ASN.1 Length", HFILL } },
6831 { &hf_isakmp_auth_digital_sig_asn1_data,
6832 { "ASN.1 Data", "isakmp.auth.data.sig.asn1.data",
6833 FT_BYTES, BASE_NONE, NULL, 0x0,
6834 "IKEv2 Authentication Data Digital Signature ASN.1 Data", HFILL } },
6835 { &hf_isakmp_auth_digital_sig_value,
6836 { "Signature Value", "isakmp.auth.data.sig.value",
6837 FT_BYTES, BASE_NONE, NULL, 0x0,
6838 "IKEv2 Authentication Data Digital Signature Value", HFILL } },
6839 { &hf_isakmp_notify_doi,
6840 { "Domain of interpretation", "isakmp.notify.doi",
6841 FT_UINT32, BASE_DEC, VALS(doi_type), 0x0,
6842 "ISAKMP Notify Domain of Interpretation", HFILL }},
6843 { &hf_isakmp_notify_protoid_v1,
6844 { "Protocol ID", "isakmp.notify.protoid",
6845 FT_UINT32, BASE_DEC, VALS(protoid_v1_type), 0x0,
6846 "ISAKMP Notify Protocol ID", HFILL }},
6847 { &hf_isakmp_notify_protoid_v2,
6848 { "Protocol ID", "isakmp.notify.protoid",
6849 FT_UINT32, BASE_DEC, VALS(protoid_v2_type), 0x0,
6850 "IKEv2 Notify Protocol ID", HFILL }},
6851 { &hf_isakmp_notify_msgtype_v1,
6852 { "Notify Message Type", "isakmp.notify.msgtype",
6853 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(notifmsg_v1_type), 0x0,
6854 "ISAKMP Notify Message Type", HFILL }},
6855 { &hf_isakmp_notify_msgtype_v2,
6856 { "Notify Message Type", "isakmp.notify.msgtype",
6857 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(notifmsg_v2_type), 0x0,
6858 "ISAKMP Notify Message Type", HFILL }},
6859 { &hf_isakmp_notify_data,
6860 { "Notification DATA", "isakmp.notify.data",
6861 FT_BYTES, BASE_NONE, NULL, 0x0,
6862 NULL, HFILL }},
6863 { &hf_isakmp_notify_data_dpd_are_you_there,
6864 { "DPD ARE-YOU-THERE sequence", "isakmp.notify.data.dpd.are_you_there",
6865 FT_UINT32, BASE_DEC, NULL, 0x0,
6866 NULL, HFILL }},
6867 { &hf_isakmp_notify_data_dpd_are_you_there_ack,
6868 { "DPD ARE-YOU-THERE-ACK sequence", "isakmp.notify.data.dpd.are_you_there_ack",
6869 FT_UINT32, BASE_DEC, NULL, 0x0,
6870 NULL, HFILL }},
6871 { &hf_isakmp_notify_data_unity_load_balance,
6872 { "UNITY LOAD BALANCE", "isakmp.notify.data.unity.load_balance",
6873 FT_IPv4, BASE_NONE, NULL, 0x0,
6874 NULL, HFILL }},
6875 { &hf_isakmp_notify_data_fortinet_network_overlay_id,
6876 { "Network Overlay ID", "isakmp.notify.data.fortinet.network_overlay_id",
6877 FT_UINT8, BASE_DEC_HEX, NULL, 0x0,
6878 NULL, HFILL }},
6879 { &hf_isakmp_notify_data_accepted_dh_group,
6880 { "Accepted DH group number", "isakmp.notify.data.accepted_dh_group",
6881 FT_UINT16, BASE_DEC, VALS(dh_group), 0x0,
6882 NULL, HFILL }},
6883 { &hf_isakmp_notify_data_ipcomp_cpi,
6884 { "IPCOMP CPI", "isakmp.notify.data.ipcomp.cpi",
6885 FT_UINT16, BASE_DEC, NULL, 0x0,
6886 NULL, HFILL }},
6887 { &hf_isakmp_notify_data_ipcomp_transform_id,
6888 { "IPCOMP Transform ID", "isakmp.notify.data.ipcomp.transform_id",
6889 FT_UINT8, BASE_DEC, VALS(transform_id_ipcomp), 0x0,
6890 NULL, HFILL }},
6891 { &hf_isakmp_notify_data_auth_lifetime,
6892 { "Authentication Lifetime", "isakmp.notify.data.auth_lifetime",
6893 FT_UINT32, BASE_DEC, NULL, 0x0,
6894 NULL, HFILL }},
6895 { &hf_isakmp_notify_data_redirect_gw_ident_type,
6896 { "Gateway Identity Type", "isakmp.notify.data.redirect.gw_ident.type",
6897 FT_UINT8, BASE_DEC, VALS(redirect_gateway_identity_type), 0x0,
6898 NULL, HFILL }},
6899 { &hf_isakmp_notify_data_redirect_gw_ident_len,
6900 { "Gateway Identity Length", "isakmp.notify.data.redirect.gw_ident.len",
6901 FT_UINT8, BASE_DEC, NULL, 0x0,
6902 NULL, HFILL }},
6903 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv4,
6904 { "New Responder Gateway Identity (IPv4)", "isakmp.notify.data.redirect.new_resp_gw_ident.ipv4",
6905 FT_IPv4, BASE_NONE, NULL, 0x0,
6906 NULL, HFILL }},
6907 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident_ipv6,
6908 { "New Responder Gateway Identity (IPv6)", "isakmp.notify.data.redirect.new_resp_gw_ident.ipv6",
6909 FT_IPv6, BASE_NONE, NULL, 0x0,
6910 NULL, HFILL }},
6911 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident_fqdn,
6912 { "New Responder Gateway Identity (FQDN)", "isakmp.notify.data.redirect.new_resp_gw_ident.fqdn",
6913 FT_STRING, BASE_NONE, NULL, 0x0,
6914 NULL, HFILL }},
6915 { &hf_isakmp_notify_data_redirect_new_resp_gw_ident,
6916 { "New Responder Gateway Identity (DATA)", "isakmp.notify.data.redirect.new_resp_gw_ident.data",
6917 FT_BYTES, BASE_NONE, NULL, 0x0,
6918 NULL, HFILL }},
6919 { &hf_isakmp_notify_data_redirect_nonce_data,
6920 { "Redirect Nonce Data", "isakmp.notify.data.redirect.nonce_data",
6921 FT_BYTES, BASE_NONE, NULL, 0x0,
6922 NULL, HFILL }},
6923 { &hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv4,
6924 { "Original Responder Gateway Identity (IPv4)", "isakmp.notify.data.redirect.org_resp_gw_ident.ipv4",
6925 FT_IPv4, BASE_NONE, NULL, 0x0,
6926 NULL, HFILL }},
6927 { &hf_isakmp_notify_data_redirect_org_resp_gw_ident_ipv6,
6928 { "Original Responder Gateway Identity (IPv6)", "isakmp.notify.data.redirect.org_resp_gw_ident.ipv6",
6929 FT_IPv6, BASE_NONE, NULL, 0x0,
6930 NULL, HFILL }},
6931 { &hf_isakmp_notify_data_redirect_org_resp_gw_ident,
6932 { "Original Responder Gateway Identity (DATA)", "isakmp.notify.data.redirect.org_resp_gw_ident.data",
6933 FT_BYTES, BASE_NONE, NULL, 0x0,
6934 NULL, HFILL }},
6935
6936 { &hf_isakmp_notify_data_ticket_lifetime,
6937 { "TICKET OPAQUE Lifetime", "isakmp.notify.data.ticket_opaque.lifetime",
6938 FT_UINT32, BASE_DEC, NULL, 0x0,
6939 "The Lifetime field contains a relative time value, the number of seconds until the ticket expires (encoded as an unsigned integer).", HFILL }},
6940 { &hf_isakmp_notify_data_ticket_data,
6941 { "TICKET OPAQUE Data", "isakmp.notify.data.ticket_opaque.data",
6942 FT_BYTES, BASE_NONE, NULL, 0x0,
6943 NULL, HFILL }},
6944
6945 /* ROHC Attributes Type */
6946 { &hf_isakmp_notify_data_rohc_attr.all,
6947 { "ROHC Attribute Type", "isakmp.notify.data.rohc.attr",
6948 FT_NONE, BASE_NONE, NULL, 0x00,
6949 NULL, HFILL }},
6950 { &hf_isakmp_notify_data_rohc_attr.type,
6951 { "ROHC Attribute Type", "isakmp.notify.data.rohc.attr.type",
6952 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(rohc_attr_type), 0x00,
6953 NULL, HFILL }},
6954 { &hf_isakmp_notify_data_rohc_attr.format,
6955 { "ROHC Format", "isakmp.notify.data.rohc.attr.format",
6956 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
6957 NULL, HFILL }},
6958 { &hf_isakmp_notify_data_rohc_attr.length,
6959 { "Length", "isakmp.notify.data.rohc.attr.length",
6960 FT_UINT16, BASE_DEC, NULL, 0x00,
6961 NULL, HFILL }},
6962 { &hf_isakmp_notify_data_rohc_attr.value,
6963 { "Value", "isakmp.notify.data.rohc.attr.value",
6964 FT_BYTES, BASE_NONE, NULL, 0x00,
6965 NULL, HFILL }},
6966 { &hf_isakmp_notify_data_rohc_attr_max_cid,
6967 { "Maximum Context Identifier", "isakmp.notify.data.rohc.attr.max_cid",
6968 FT_UINT16, BASE_DEC, NULL, 0x00,
6969 NULL, HFILL }},
6970 { &hf_isakmp_notify_data_rohc_attr_profile,
6971 { "ROHC Profile", "isakmp.notify.data.rohc.attr.profile",
6972 FT_UINT16, BASE_DEC, NULL, 0x00,
6973 NULL, HFILL }},
6974 { &hf_isakmp_notify_data_rohc_attr_integ,
6975 { "ROHC Integrity Algorithm", "isakmp.notify.data.rohc.attr.integ",
6976 FT_UINT16, BASE_DEC, VALS(transform_ike2_integ_type), 0x00,
6977 NULL, HFILL }},
6978 { &hf_isakmp_notify_data_rohc_attr_icv_len,
6979 { "ROHC ICV Length in bytes", "isakmp.notify.data.rohc.attr.icv_len",
6980 FT_UINT16, BASE_DEC, NULL, 0x00,
6981 NULL, HFILL }},
6982 { &hf_isakmp_notify_data_rohc_attr_mrru,
6983 { "MRRU", "isakmp.notify.data.rohc.attr.mrru",
6984 FT_UINT16, BASE_DEC, NULL, 0x00,
6985 NULL, HFILL }},
6986
6987 { &hf_isakmp_notify_data_qcd_token_secret_data,
6988 { "Token Secret Data", "isakmp.notify.data.qcd.token_secret_data",
6989 FT_BYTES, BASE_NONE, NULL, 0x0,
6990 NULL, HFILL }},
6991
6992 { &hf_isakmp_notify_data_ha_nonce_data,
6993 { "Nonce Data", "isakmp.notify.data.ha.nonce_data",
6994 FT_UINT32, BASE_HEX, NULL, 0x0,
6995 "Random nonce data, the data should be identical in the synchronization request and response", HFILL }},
6996 { &hf_isakmp_notify_data_ha_expected_send_req_msg_id,
6997 { "EXPECTED SEND REQ MESSAGE ID", "isakmp.notify.data.ha.expected_send_req_message_id",
6998 FT_UINT32, BASE_HEX, NULL, 0x0,
6999 "Indicate the Message ID it will use in the next request that it will send to the other protocol peer", HFILL }},
7000 { &hf_isakmp_notify_data_ha_expected_recv_req_msg_id,
7001 { "EXPECTED RECV REQ MESSAGE ID", "isakmp.notify.data.ha.expected_recv_req_message_id",
7002 FT_UINT32, BASE_HEX, NULL, 0x0,
7003 "Indicate the Message ID it is expecting in the next request to be received from the other protocol peer", HFILL }},
7004 { &hf_isakmp_notify_data_ha_incoming_ipsec_sa_delta_value,
7005 { "Incoming IPsec SA delta value", "isakmp.notify.data.ha.incoming_ipsec_sa_delta_value",
7006 FT_BYTES, BASE_NONE, NULL, 0x0,
7007 "The sender requests that the peer should increment all the Child SA Replay Counters for the sender's incomingtraffic by this value", HFILL }},
7008 { &hf_isakmp_notify_data_secure_password_methods,
7009 { "Secure Password Methods", "isakmp.notify.data.secure_password_methods",
7010 FT_BYTES, BASE_NONE, NULL, 0x0,
7011 NULL, HFILL }},
7012 { &hf_isakmp_notify_data_signature_hash_algorithms,
7013 { "Supported Signature Hash Algorithm", "isakmp.notify.data.signature_hash_algorithms",
7014 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(signature_hash_algorithms), 0x0,
7015 NULL, HFILL }},
7016
7017 { &hf_isakmp_delete_doi,
7018 { "Domain of interpretation", "isakmp.delete.doi",
7019 FT_UINT32, BASE_DEC, VALS(doi_type), 0x0,
7020 "ISAKMP Delete Domain of Interpretation", HFILL }},
7021 { &hf_isakmp_delete_protoid_v1,
7022 { "Protocol ID", "isakmp.delete.protoid",
7023 FT_UINT32, BASE_DEC, VALS(protoid_v1_type), 0x0,
7024 "ISAKMP Delete Protocol ID", HFILL }},
7025 { &hf_isakmp_delete_protoid_v2,
7026 { "Protocol ID", "isakmp.delete.protoid",
7027 FT_UINT32, BASE_DEC, VALS(protoid_v2_type), 0x0,
7028 "IKEv2 Delete Protocol ID", HFILL }},
7029 { &hf_isakmp_delete_spi,
7030 { "Delete SPI", "isakmp.delete.spi",
7031 FT_BYTES, BASE_NONE, NULL, 0x0,
7032 "Identifies the specific security association(s) to delete", HFILL }},
7033 { &hf_isakmp_vid_bytes,
7034 { "Vendor ID", "isakmp.vid_bytes",
7035 FT_BYTES, BASE_NONE, NULL, 0x0,
7036 NULL, HFILL }},
7037 { &hf_isakmp_vid_string,
7038 { "Vendor ID", "isakmp.vid_string",
7039 FT_STRING, BASE_NONE, NULL, 0x0,
7040 NULL, HFILL }},
7041 { &hf_isakmp_vid_cp_product,
7042 { "Checkpoint Product", "isakmp.vid.cp.product",
7043 FT_UINT32, BASE_DEC, VALS(cp_product), 0x0,
7044 NULL, HFILL }},
7045 { &hf_isakmp_vid_cp_version,
7046 { "Checkpoint Version", "isakmp.vid.cp.version",
7047 FT_UINT32, BASE_DEC, VALS(cp_version), 0x0,
7048 "Encoded Version number", HFILL }},
7049 { &hf_isakmp_vid_cp_timestamp,
7050 { "Checkpoint Timestamp", "isakmp.vid.cp.timestamp",
7051 FT_UINT32, BASE_DEC, NULL, 0x0,
7052 "Timestamp (NGX only; always zero in 4.1 or NG)", HFILL }},
7053 { &hf_isakmp_vid_cp_reserved,
7054 { "Checkpoint Reserved", "isakmp.vid.cp.reserved",
7055 FT_UINT32, BASE_HEX, NULL, 0x0,
7056 NULL, HFILL }},
7057 { &hf_isakmp_vid_cp_features,
7058 { "Checkpoint Features", "isakmp.vid.cp.features",
7059 FT_UINT32, BASE_HEX, NULL, 0x0,
7060 NULL, HFILL }},
7061
7062 { &hf_isakmp_vid_cisco_unity_major,
7063 { "CISCO-UNITY Major version", "isakmp.vid.cisco_unity.major",
7064 FT_UINT8, BASE_DEC, NULL, 0x0,
7065 NULL, HFILL }},
7066 { &hf_isakmp_vid_cisco_unity_minor,
7067 { "CISCO-UNITY Minor version", "isakmp.vid.cisco_unity.minor",
7068 FT_UINT8, BASE_DEC, NULL, 0x0,
7069 NULL, HFILL }},
7070
7071 { &hf_isakmp_vid_ms_nt5_isakmpoakley,
7072 { "MS NT5 ISAKMPOAKLEY", "isakmp.vid.ms_nt5_isakmpoakley",
7073 FT_UINT32, BASE_DEC, VALS(ms_nt5_isakmpoakley_type), 0x0,
7074 NULL, HFILL }},
7075
7076 { &hf_isakmp_vid_aruba_via_auth_profile,
7077 { "Auth Profile", "isakmp.vid.aruba_via_auth_profile",
7078 FT_STRING, BASE_NONE, NULL, 0x0,
7079 "Aruba Networks Auth Profile for VIA Client", HFILL }},
7080
7081 { &hf_isakmp_vid_fortinet_fortigate_release,
7082 { "Release", "isakmp.vid.fortinet.fortigate.release",
7083 FT_UINT16, BASE_DEC, NULL, 0x0,
7084 "Release of Fortigate", HFILL }},
7085
7086 { &hf_isakmp_vid_fortinet_fortigate_build,
7087 { "Build", "isakmp.vid.fortinet.fortigate.build",
7088 FT_UINT16, BASE_DEC, NULL, 0x0,
7089 "Build of Fortigate", HFILL }},
7090
7091 { &hf_isakmp_ts_number_of_ts,
7092 { "Number of Traffic Selectors", "isakmp.ts.number",
7093 FT_UINT8, BASE_DEC, NULL, 0x0,
7094 NULL, HFILL }},
7095 { &hf_isakmp_ts_type,
7096 { "Traffic Selector Type", "isakmp.ts.type",
7097 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(traffic_selector_type), 0x0,
7098 NULL, HFILL }},
7099 { &hf_isakmp_ts_protoid,
7100 { "Protocol ID", "isakmp.ts.protoid",
7101 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
7102 "IKEv2 Traffic Selector Protocol ID", HFILL }},
7103 { &hf_isakmp_ts_selector_length,
7104 { "Selector Length", "isakmp.ts.selector_length",
7105 FT_UINT16, BASE_DEC, NULL, 0x0,
7106 NULL, HFILL }},
7107 { &hf_isakmp_ts_start_port,
7108 { "Start Port", "isakmp.ts.start_port",
7109 FT_UINT16, BASE_DEC, NULL, 0x0,
7110 NULL, HFILL }},
7111 { &hf_isakmp_ts_end_port,
7112 { "End Port", "isakmp.ts.end_port",
7113 FT_UINT16, BASE_DEC, NULL, 0x0,
7114 NULL, HFILL }},
7115 { &hf_isakmp_ts_start_addr_ipv4,
7116 { "Starting Addr", "isakmp.ts.start_ipv4",
7117 FT_IPv4, BASE_NONE, NULL, 0x0,
7118 NULL, HFILL }},
7119 { &hf_isakmp_ts_end_addr_ipv4,
7120 { "Ending Addr", "isakmp.ts.end_ipv4",
7121 FT_IPv4, BASE_NONE, NULL, 0x0,
7122 NULL, HFILL }},
7123 { &hf_isakmp_ts_start_addr_ipv6,
7124 { "Starting Addr", "isakmp.ts.start_ipv6",
7125 FT_IPv6, BASE_NONE, NULL, 0x0,
7126 NULL, HFILL }},
7127 { &hf_isakmp_ts_end_addr_ipv6,
7128 { "Ending Addr", "isakmp.ts.end_ipv6",
7129 FT_IPv6, BASE_NONE, NULL, 0x0,
7130 NULL, HFILL }},
7131 { &hf_isakmp_ts_start_addr_fc,
7132 { "Starting Addr", "isakmp.ts.start_fc",
7133 FT_UINT32, BASE_DEC, NULL, 0x0,
7134 NULL, HFILL }},
7135 { &hf_isakmp_ts_end_addr_fc,
7136 { "Ending Addr", "isakmp.ts.end_fc",
7137 FT_UINT32, BASE_DEC, NULL, 0x0,
7138 NULL, HFILL }},
7139 { &hf_isakmp_ts_start_r_ctl,
7140 { "Starting R_CTL", "isakmp.ts.start_r_ctl",
7141 FT_UINT8, BASE_DEC, NULL, 0x0,
7142 NULL, HFILL }},
7143 { &hf_isakmp_ts_end_r_ctl,
7144 { "Ending R_CTL", "isakmp.ts.end_r_ctl",
7145 FT_UINT8, BASE_DEC, NULL, 0x0,
7146 NULL, HFILL }},
7147 { &hf_isakmp_ts_start_type,
7148 { "Starting Type", "isakmp.ts.start_type",
7149 FT_UINT8, BASE_DEC, NULL, 0x0,
7150 NULL, HFILL }},
7151 { &hf_isakmp_ts_end_type,
7152 { "Ending Type", "isakmp.ts.end_type",
7153 FT_UINT8, BASE_DEC, NULL, 0x0,
7154 NULL, HFILL }},
7155 { &hf_isakmp_ts_data,
7156 { "Traffic Selector", "isakmp.ts.data",
7157 FT_NONE, BASE_NONE, NULL, 0x0,
7158 "An individual traffic selector", HFILL }},
7159
7160 { &hf_isakmp_num_spis,
7161 { "Number of SPIs", "isakmp.spinum",
7162 FT_UINT16, BASE_DEC, NULL, 0x0,
7163 "ISAKMP Number of SPIs", HFILL }},
7164 { &hf_isakmp_hash,
7165 { "Hash DATA", "isakmp.hash",
7166 FT_BYTES, BASE_NONE, NULL, 0x0,
7167 NULL, HFILL }},
7168 { &hf_isakmp_sig,
7169 { "Signature DATA", "isakmp.sig",
7170 FT_BYTES, BASE_NONE, NULL, 0x0,
7171 NULL, HFILL }},
7172 { &hf_isakmp_nonce,
7173 { "Nonce DATA", "isakmp.nonce",
7174 FT_BYTES, BASE_NONE, NULL, 0x0,
7175 NULL, HFILL }},
7176 { &hf_isakmp_symmetric_key,
7177 { "symmetric key", "isakmp.symmetric_key",
7178 FT_BYTES, BASE_NONE, NULL, 0x0,
7179 NULL, HFILL }},
7180 { &hf_isakmp_ike2_fragment_number,
7181 { "Fragment Number", "isakmp.frag.number",
7182 FT_UINT16, BASE_DEC, NULL, 0x0,
7183 "ISAKMP fragment number", HFILL }},
7184 { &hf_isakmp_ike2_total_fragments,
7185 { "Total Fragments", "isakmp.frag.total",
7186 FT_UINT16, BASE_DEC, NULL, 0x0,
7187 "ISAKMP total number of fragments", HFILL }},
7188
7189 { &hf_isakmp_cisco_frag_packetid,
7190 { "Frag ID", "isakmp.frag.packetid",
7191 FT_UINT16, BASE_HEX, NULL, 0x0,
7192 "ISAKMP fragment packet-id", HFILL }},
7193 { &hf_isakmp_cisco_frag_seq,
7194 { "Frag seq", "isakmp.frag.seq",
7195 FT_UINT8, BASE_DEC, NULL, 0x0,
7196 "ISAKMP fragment number", HFILL }},
7197 { &hf_isakmp_cisco_frag_last,
7198 { "Frag last", "isakmp.frag.last",
7199 FT_UINT8, BASE_DEC, VALS(frag_last_vals), 0x0,
7200 "ISAKMP last fragment", HFILL }},
7201 { &hf_isakmp_fragments,
7202 {"Message fragments", "isakmp.fragments",
7203 FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
7204 { &hf_isakmp_fragment,
7205 {"Message fragment", "isakmp.fragment",
7206 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
7207 { &hf_isakmp_fragment_overlap,
7208 {"Message fragment overlap", "isakmp.fragment.overlap",
7209 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
7210 { &hf_isakmp_fragment_overlap_conflicts,
7211 {"Message fragment overlapping with conflicting data",
7212 "isakmp.fragment.overlap.conflicts",
7213 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
7214 { &hf_isakmp_fragment_multiple_tails,
7215 {"Message has multiple tail fragments",
7216 "isakmp.fragment.multiple_tails",
7217 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
7218 { &hf_isakmp_fragment_too_long_fragment,
7219 {"Message fragment too long", "isakmp.fragment.too_long_fragment",
7220 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } },
7221 { &hf_isakmp_fragment_error,
7222 {"Message defragmentation error", "isakmp.fragment.error",
7223 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
7224 { &hf_isakmp_fragment_count,
7225 {"Message fragment count", "isakmp.fragment.count",
7226 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
7227 { &hf_isakmp_reassembled_in,
7228 {"Reassembled in", "isakmp.reassembled.in",
7229 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
7230 { &hf_isakmp_reassembled_length,
7231 {"Reassembled ISAKMP length", "isakmp.reassembled.length",
7232 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
7233 { &hf_isakmp_certreq_authority_sig,
7234 { "Certificate Authority Signature", "isakmp.ike.certreq.authority.sig",
7235 FT_UINT32, BASE_DEC, NULL, 0x0,
7236 NULL, HFILL } },
7237 { &hf_isakmp_certreq_authority_v1,
7238 { "Certificate Authority Data", "isakmp.ike.certreq.authority",
7239 FT_BYTES, BASE_NONE, NULL, 0x0,
7240 NULL, HFILL } },
7241 { &hf_isakmp_certreq_authority_v2,
7242 { "Certificate Authority Data", "isakmp.ike.certreq.authority",
7243 FT_BYTES, BASE_NONE, NULL, 0x0,
7244 "SHA-1 hash of the Certificate Authority", HFILL } },
7245 { &hf_isakmp_nat_keepalive,
7246 { "NAT Keepalive", "isakmp.ike.nat_keepalive",
7247 FT_NONE, BASE_NONE, NULL, 0x0, "NAT Keepalive packet", HFILL } },
7248 { &hf_isakmp_nat_hash,
7249 { "HASH of the address and port", "isakmp.ike.nat_hash",
7250 FT_BYTES, BASE_NONE, NULL, 0x00,
7251 NULL, HFILL }},
7252 { &hf_isakmp_nat_original_address_ipv4,
7253 { "NAT Original IPv4 Address", "isakmp.ike.nat_original_address_ipv4",
7254 FT_IPv4, BASE_NONE, NULL, 0x00,
7255 NULL, HFILL }},
7256 { &hf_isakmp_nat_original_address_ipv6,
7257 { "NAT Original IPv6 Address", "isakmp.ike.nat_original_address_ipv6",
7258 FT_IPv6, BASE_NONE, NULL, 0x00,
7259 NULL, HFILL }},
7260
7261 /*tek key download type (ISAKMP phase 2 GDOI)*/
7262 { &hf_isakmp_tek_key_attr.all,
7263 { "Key download Tek Attribute", "isakmp.key_download.attr",
7264 FT_NONE, BASE_NONE, NULL, 0x00,
7265 NULL, HFILL }},
7266 { &hf_isakmp_tek_key_attr.type,
7267 { "Type", "isakmp.key_download.attr.type",
7268 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, NULL, 0x00,
7269 "key_download Attribute type", HFILL }},
7270 { &hf_isakmp_tek_key_attr.format,
7271 { "Format", "isakmp.key_download.attr.format",
7272 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7273 "key_download Attribute format", HFILL }},
7274 { &hf_isakmp_tek_key_attr.length,
7275 { "Length", "isakmp.key_download.attr.length",
7276 FT_UINT16, BASE_DEC, NULL, 0x00,
7277 "key_download Attribute length", HFILL }},
7278 { &hf_isakmp_tek_key_attr.value,
7279 { "Value", "isakmp.key_download.attr.value",
7280 FT_BYTES, BASE_NONE, NULL, 0x00,
7281 "key_download Attribute value", HFILL }},
7282 /* IPsec SA Attributes (ISAKMP Phase 2) */
7283 { &hf_isakmp_ipsec_attr.all,
7284 { "IPsec Attribute", "isakmp.ipsec.attr",
7285 FT_NONE, BASE_NONE, NULL, 0x00,
7286 NULL, HFILL }},
7287 { &hf_isakmp_ipsec_attr.type,
7288 { "Type", "isakmp.ipsec.attr.type",
7289 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(ipsec_attr_type), 0x00,
7290 "IPsec Attribute type", HFILL }},
7291 { &hf_isakmp_ipsec_attr.format,
7292 { "Format", "isakmp.ipsec.attr.format",
7293 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7294 "IPsec Attribute format", HFILL }},
7295 { &hf_isakmp_ipsec_attr.length,
7296 { "Length", "isakmp.ipsec.attr.length",
7297 FT_UINT16, BASE_DEC, NULL, 0x00,
7298 "IPsec Attribute length", HFILL }},
7299 { &hf_isakmp_ipsec_attr.value,
7300 { "Value", "isakmp.ipsec.attr.value",
7301 FT_BYTES, BASE_NONE, NULL, 0x00,
7302 "IPsec Attribute value", HFILL }},
7303 { &hf_isakmp_ipsec_attr_life_type,
7304 { "Life Type", "isakmp.ipsec.attr.life_type",
7305 FT_UINT16, BASE_DEC, VALS(attr_life_type), 0x00,
7306 "The unit (seconds or kilobytes) of the associated Life Duration attribute.", HFILL }},
7307 { &hf_isakmp_ipsec_attr_life_duration_uint32,
7308 { "Life Duration", "isakmp.ipsec.attr.life_duration",
7309 FT_UINT32, BASE_DEC, NULL, 0x00,
7310 NULL, HFILL }},
7311 { &hf_isakmp_ipsec_attr_life_duration_uint64,
7312 { "Life Duration", "isakmp.ipsec.attr.life_duration64",
7313 FT_UINT64, BASE_DEC, NULL, 0x00,
7314 NULL, HFILL }},
7315 { &hf_isakmp_ipsec_attr_life_duration_bytes,
7316 { "Life Duration", "isakmp.ipsec.attr.life_duration_bytes",
7317 FT_BYTES, BASE_NONE, NULL, 0x00,
7318 NULL, HFILL }},
7319 { &hf_isakmp_ipsec_attr_group_description,
7320 { "Group Description", "isakmp.ipsec.attr.group_description",
7321 FT_UINT16, BASE_DEC, VALS(dh_group), 0x00,
7322 NULL, HFILL }},
7323 { &hf_isakmp_ipsec_attr_encap_mode,
7324 { "Encapsulation Mode", "isakmp.ipsec.attr.encap_mode",
7325 FT_UINT16, BASE_DEC, VALS(ipsec_attr_encap_mode), 0x00,
7326 NULL, HFILL }},
7327 { &hf_isakmp_ipsec_attr_auth_algorithm,
7328 { "Authentication Algorithm", "isakmp.ipsec.attr.auth_algorithm",
7329 FT_UINT16, BASE_DEC, VALS(ipsec_attr_auth_algo), 0x00,
7330 NULL, HFILL }},
7331 { &hf_isakmp_ipsec_attr_key_length,
7332 { "Key Length", "isakmp.ipsec.attr.key_length",
7333 FT_UINT16, BASE_DEC, NULL, 0x00,
7334 NULL, HFILL }},
7335 { &hf_isakmp_ipsec_attr_key_rounds,
7336 { "Key Rounds", "isakmp.ipsec.attr.key_rounds",
7337 FT_UINT16, BASE_DEC, NULL, 0x00,
7338 NULL, HFILL }},
7339 { &hf_isakmp_ipsec_attr_cmpr_dict_size,
7340 { "Compress Dictionary Size", "isakmp.ipsec.attr.cmpr_dict_size",
7341 FT_UINT16, BASE_DEC, NULL, 0x00,
7342 NULL, HFILL }},
7343 { &hf_isakmp_ipsec_attr_cmpr_algorithm,
7344 { "Compress Private Algorithm", "isakmp.ipsec.attr.cmpr_algorithm",
7345 FT_BYTES, BASE_NONE, NULL, 0x00,
7346 NULL, HFILL }},
7347 { &hf_isakmp_ipsec_attr_ecn_tunnel,
7348 { "ECN Tunnel", "isakmp.ipsec.attr.ecn_tunnel",
7349 FT_UINT16, BASE_DEC, VALS(ipsec_attr_ecn_tunnel), 0x00,
7350 NULL, HFILL }},
7351 { &hf_isakmp_ipsec_attr_ext_seq_nbr,
7352 { "Extended (64-bit) Sequence Number", "isakmp.ipsec.attr.ext_seq_nbr",
7353 FT_UINT16, BASE_DEC, VALS(ipsec_attr_ext_seq_nbr), 0x00,
7354 NULL, HFILL }},
7355 { &hf_isakmp_ipsec_attr_auth_key_length,
7356 { "Authentication Key Length", "isakmp.ipsec.attr.auth_key_length",
7357 FT_UINT16, BASE_DEC, NULL, 0x00,
7358 NULL, HFILL }},
7359 { &hf_isakmp_ipsec_attr_sig_enco_algorithm,
7360 { "Signature Encoding Algorithm", "isakmp.ipsec.attr.sig_enco_algorithm",
7361 FT_BYTES, BASE_NONE, NULL, 0x00,
7362 NULL, HFILL }},
7363 { &hf_isakmp_ipsec_attr_addr_preservation,
7364 { "Address Preservation", "isakmp.ipsec.attr.addr_preservation",
7365 FT_UINT16, BASE_DEC, VALS(ipsec_attr_addr_preservation), 0x00,
7366 NULL, HFILL }},
7367 { &hf_isakmp_ipsec_attr_sa_direction,
7368 { "SA Direction", "isakmp.ipsec.attr.sa_direction",
7369 FT_UINT16, BASE_DEC, VALS(ipsec_attr_sa_direction), 0x00,
7370 NULL, HFILL }},
7371
7372 /* Responder Lifetime Notification for IPsec SA */
7373 { &hf_isakmp_resp_lifetime_ipsec_attr.all,
7374 { "IPsec Attribute", "isakmp.notify.data.resp_lifetime.ipsec.attr",
7375 FT_NONE, BASE_NONE, NULL, 0x00,
7376 NULL, HFILL }},
7377 { &hf_isakmp_resp_lifetime_ipsec_attr.type,
7378 { "Type", "isakmp.notify.data.resp_lifetime.ipsec.attr.type",
7379 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(ipsec_attr_type), 0x00,
7380 "IPsec Attribute type", HFILL }},
7381 { &hf_isakmp_resp_lifetime_ipsec_attr.format,
7382 { "Format", "isakmp.notify.data.resp_lifetime.ipsec.attr.format",
7383 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7384 "IPsec Attribute format", HFILL }},
7385 { &hf_isakmp_resp_lifetime_ipsec_attr.length,
7386 { "Length", "isakmp.notify.data.resp_lifetime.ipsec.attr.length",
7387 FT_UINT16, BASE_DEC, NULL, 0x00,
7388 "IPsec Attribute length", HFILL }},
7389 { &hf_isakmp_resp_lifetime_ipsec_attr.value,
7390 { "Value", "isakmp.notify.data.resp_lifetime.ipsec.attr.value",
7391 FT_BYTES, BASE_NONE, NULL, 0x00,
7392 "IPsec Attribute value", HFILL }},
7393
7394 { &hf_isakmp_resp_lifetime_ipsec_attr_life_type,
7395 { "Life Type", "isakmp.notify.data.resp_lifetime.ipsec.attr.life_type",
7396 FT_UINT16, BASE_DEC, VALS(attr_life_type), 0x00,
7397 "The unit (seconds or kilobytes) of the associated Life Duration attribute.", HFILL }},
7398 { &hf_isakmp_resp_lifetime_ipsec_attr_life_duration_uint32,
7399 { "Life Duration", "isakmp.notify.data.resp_lifetime.ipsec.attr.life_duration",
7400 FT_UINT32, BASE_DEC, NULL, 0x00,
7401 NULL, HFILL }},
7402 { &hf_isakmp_resp_lifetime_ipsec_attr_life_duration_uint64,
7403 { "Life Duration", "isakmp.notify.data.resp_lifetime.ipsec.attr.life_duration64",
7404 FT_UINT64, BASE_DEC, NULL, 0x00,
7405 NULL, HFILL }},
7406 { &hf_isakmp_resp_lifetime_ipsec_attr_life_duration_bytes,
7407 { "Life Duration", "isakmp.notify.data.resp_lifetime.ipsec.attr.life_duration_bytes",
7408 FT_BYTES, BASE_NONE, NULL, 0x00,
7409 NULL, HFILL }},
7410
7411 /* IKEv1 SA Attributes (ISAKMP SA, Phase 1) */
7412 { &hf_isakmp_ike_attr.all,
7413 { "IKE Attribute", "isakmp.ike.attr",
7414 FT_NONE, BASE_NONE, NULL, 0x00,
7415 NULL, HFILL }},
7416 { &hf_isakmp_ike_attr.type,
7417 { "Type", "isakmp.ike.attr.type",
7418 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(ike_attr_type), 0x00,
7419 "IKEv1 Attribute type", HFILL }},
7420 { &hf_isakmp_ike_attr.format,
7421 { "Format", "isakmp.ike.attr.format",
7422 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7423 "IKEv1 Attribute format", HFILL }},
7424 { &hf_isakmp_ike_attr.length,
7425 { "Length", "isakmp.ike.attr.length",
7426 FT_UINT16, BASE_DEC, NULL, 0x00,
7427 "IKEv1 Attribute length", HFILL }},
7428 { &hf_isakmp_ike_attr.value,
7429 { "Value", "isakmp.ike.attr.value",
7430 FT_BYTES, BASE_NONE, NULL, 0x00,
7431 "IKEv1 Attribute value", HFILL }},
7432
7433 { &hf_isakmp_ike_attr_encryption_algorithm,
7434 { "Encryption Algorithm", "isakmp.ike.attr.encryption_algorithm",
7435 FT_UINT16, BASE_DEC, VALS(ike_attr_enc_algo), 0x00,
7436 NULL, HFILL }},
7437 { &hf_isakmp_ike_attr_hash_algorithm,
7438 { "HASH Algorithm", "isakmp.ike.attr.hash_algorithm",
7439 FT_UINT16, BASE_DEC, VALS(ike_attr_hash_algo), 0x00,
7440 NULL, HFILL }},
7441 { &hf_isakmp_ike_attr_authentication_method,
7442 { "Authentication Method", "isakmp.ike.attr.authentication_method",
7443 FT_UINT16, BASE_DEC, VALS(ike_attr_authmeth), 0x00,
7444 NULL, HFILL }},
7445 { &hf_isakmp_ike_attr_authentication_method_china,
7446 { "Authentication Method for China IPsec VPN specification", "isakmp.ike.attr.authentication_method_china",
7447 FT_UINT16, BASE_DEC, VALS(ike_attr_authmeth_china), 0x00,
7448 NULL, HFILL }},
7449 { &hf_isakmp_ike_attr_group_description,
7450 { "Group Description", "isakmp.ike.attr.group_description",
7451 FT_UINT16, BASE_DEC, VALS(dh_group), 0x00,
7452 NULL, HFILL }},
7453 { &hf_isakmp_ike_attr_group_type,
7454 { "Group Type", "isakmp.ike.attr.group_type",
7455 FT_UINT16, BASE_DEC, VALS(ike_attr_grp_type), 0x00,
7456 NULL, HFILL }},
7457 { &hf_isakmp_ike_attr_group_prime,
7458 { "Group Prime", "isakmp.ike.attr.group_prime",
7459 FT_BYTES, BASE_NONE, NULL, 0x00,
7460 NULL, HFILL }},
7461 { &hf_isakmp_ike_attr_group_generator_one,
7462 { "Group Generator One", "isakmp.ike.attr.group_generator_one",
7463 FT_BYTES, BASE_NONE, NULL, 0x00,
7464 NULL, HFILL }},
7465 { &hf_isakmp_ike_attr_group_generator_two,
7466 { "Group Generator Two", "isakmp.ike.attr.group_generator_two",
7467 FT_BYTES, BASE_NONE, NULL, 0x00,
7468 NULL, HFILL }},
7469 { &hf_isakmp_ike_attr_group_curve_a,
7470 { "Group Curve A", "isakmp.ike.attr.group_curve_a",
7471 FT_BYTES, BASE_NONE, NULL, 0x00,
7472 NULL, HFILL }},
7473 { &hf_isakmp_ike_attr_group_curve_b,
7474 { "Group Curve B", "isakmp.ike.attr.group_curve_b",
7475 FT_BYTES, BASE_NONE, NULL, 0x00,
7476 NULL, HFILL }},
7477 { &hf_isakmp_ike_attr_life_type,
7478 { "Life Type", "isakmp.ike.attr.life_type",
7479 FT_UINT16, BASE_DEC, VALS(attr_life_type), 0x00,
7480 "The unit (seconds or kilobytes) of the associated Life Duration attribute.", HFILL }},
7481 { &hf_isakmp_ike_attr_life_duration_uint32,
7482 { "Life Duration", "isakmp.ike.attr.life_duration",
7483 FT_UINT32, BASE_DEC, NULL, 0x00,
7484 NULL, HFILL }},
7485 { &hf_isakmp_ike_attr_life_duration_uint64,
7486 { "Life Duration", "isakmp.ike.attr.life_duration64",
7487 FT_UINT64, BASE_DEC, NULL, 0x00,
7488 NULL, HFILL }},
7489 { &hf_isakmp_ike_attr_life_duration_bytes,
7490 { "Life Duration", "isakmp.ike.attr.life_duration_bytes",
7491 FT_BYTES, BASE_NONE, NULL, 0x00,
7492 NULL, HFILL }},
7493 { &hf_isakmp_ike_attr_prf,
7494 { "PRF", "isakmp.ike.attr.prf",
7495 FT_BYTES, BASE_NONE, NULL, 0x00,
7496 NULL, HFILL }},
7497 { &hf_isakmp_ike_attr_key_length,
7498 { "Key Length", "isakmp.ike.attr.key_length",
7499 FT_UINT16, BASE_DEC, NULL, 0x00,
7500 NULL, HFILL }},
7501 { &hf_isakmp_ike_attr_field_size,
7502 { "Field Size", "isakmp.ike.attr.field_size",
7503 FT_BYTES, BASE_NONE, NULL, 0x00,
7504 NULL, HFILL }},
7505 { &hf_isakmp_ike_attr_group_order,
7506 { "Group Order", "isakmp.ike.attr.group_order",
7507 FT_BYTES, BASE_NONE, NULL, 0x00,
7508 NULL, HFILL }},
7509 { &hf_isakmp_ike_attr_block_size,
7510 { "Block Size", "isakmp.ike.attr.block_size",
7511 FT_BYTES, BASE_NONE, NULL, 0x00,
7512 NULL, HFILL }},
7513 { &hf_isakmp_ike_attr_asymmetric_cryptographic_algorithm_type,
7514 { "Asymmetric Cryptographic Algorithm Type", "isakmp.ike.attr.asymmetric_cryptographic_algorithm_type",
7515 FT_UINT16, BASE_DEC, VALS(ike_attr_asym_algo), 0x00,
7516 NULL, HFILL }},
7517
7518 /* Responder Lifetime Notification for IKEv1 SA */
7519 { &hf_isakmp_resp_lifetime_ike_attr.all,
7520 { "IKE Attribute", "isakmp.notify.data.resp_lifetime.ike.attr",
7521 FT_NONE, BASE_NONE, NULL, 0x00,
7522 NULL, HFILL }},
7523 { &hf_isakmp_resp_lifetime_ike_attr.type,
7524 { "Type", "isakmp.notify.data.resp_lifetime.ike.attr.type",
7525 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(ike_attr_type), 0x00,
7526 "IKEv1 Attribute type", HFILL }},
7527 { &hf_isakmp_resp_lifetime_ike_attr.format,
7528 { "Format", "isakmp.notify.data.resp_lifetime.ike.attr.format",
7529 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7530 "IKEv1 Attribute format", HFILL }},
7531 { &hf_isakmp_resp_lifetime_ike_attr.length,
7532 { "Length", "isakmp.notify.data.resp_lifetime.ike.attr.length",
7533 FT_UINT16, BASE_DEC, NULL, 0x00,
7534 "IKEv1 Attribute length", HFILL }},
7535 { &hf_isakmp_resp_lifetime_ike_attr.value,
7536 { "Value", "isakmp.notify.data.resp_lifetime.ike.attr.value",
7537 FT_BYTES, BASE_NONE, NULL, 0x00,
7538 "IKEv1 Attribute value", HFILL }},
7539
7540 { &hf_isakmp_resp_lifetime_ike_attr_life_type,
7541 { "Life Type", "isakmp.notify.data.resp_lifetime.ike.attr.life_type",
7542 FT_UINT16, BASE_DEC, VALS(attr_life_type), 0x00,
7543 "The unit (seconds or kilobytes) of the associated Life Duration attribute.", HFILL }},
7544 { &hf_isakmp_resp_lifetime_ike_attr_life_duration_uint32,
7545 { "Life Duration", "isakmp.notify.data.resp_lifetime.ike.attr.life_duration",
7546 FT_UINT32, BASE_DEC, NULL, 0x00,
7547 NULL, HFILL }},
7548 { &hf_isakmp_resp_lifetime_ike_attr_life_duration_uint64,
7549 { "Life Duration", "isakmp.notify.data.resp_lifetime.ike.attr.life_duration64",
7550 FT_UINT64, BASE_DEC, NULL, 0x00,
7551 NULL, HFILL }},
7552 { &hf_isakmp_resp_lifetime_ike_attr_life_duration_bytes,
7553 { "Life Duration", "isakmp.notify.data.resp_lifetime.ike.attr.life_duration_bytes",
7554 FT_BYTES, BASE_NONE, NULL, 0x00,
7555 NULL, HFILL }},
7556
7557 /* IKEv2 Transform */
7558 { &hf_isakmp_trans_type,
7559 { "Transform Type", "isakmp.tf.type",
7560 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(transform_ike2_type), 0x00,
7561 NULL, HFILL }},
7562
7563 { &hf_isakmp_trans_encr,
7564 { "Transform ID (ENCR)", "isakmp.tf.id.encr",
7565 FT_UINT16, BASE_DEC, VALS(transform_ike2_encr_type), 0x00,
7566 NULL, HFILL }},
7567 { &hf_isakmp_trans_prf,
7568 { "Transform ID (PRF)", "isakmp.tf.id.prf",
7569 FT_UINT16, BASE_DEC, VALS(transform_ike2_prf_type), 0x00,
7570 NULL, HFILL }},
7571 { &hf_isakmp_trans_integ,
7572 { "Transform ID (INTEG)", "isakmp.tf.id.integ",
7573 FT_UINT16, BASE_DEC, VALS(transform_ike2_integ_type), 0x00,
7574 NULL, HFILL }},
7575 { &hf_isakmp_trans_dh,
7576 { "Transform ID (D-H)", "isakmp.tf.id.dh",
7577 FT_UINT16, BASE_DEC, VALS(dh_group), 0x00,
7578 NULL, HFILL }},
7579 { &hf_isakmp_trans_esn,
7580 { "Transform ID (ESN)", "isakmp.tf.id.esn",
7581 FT_UINT16, BASE_DEC, VALS(transform_ike2_esn_type), 0x00,
7582 NULL, HFILL }},
7583 { &hf_isakmp_trans_id_v2,
7584 { "Transform ID", "isakmp.tf.id",
7585 FT_UINT16, BASE_DEC, NULL, 0x00,
7586 NULL, HFILL }},
7587
7588 /* IKEv2 Transform Attributes */
7589 { &hf_isakmp_ike2_attr.all,
7590 { "Transform Attribute", "isakmp.ike2.attr",
7591 FT_NONE, BASE_NONE, NULL, 0x00,
7592 "IKEv2 Transform Attribute", HFILL }},
7593 { &hf_isakmp_ike2_attr.type,
7594 { "Type", "isakmp.ike2.attr.type",
7595 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(transform_ike2_attr_type), 0x00,
7596 "IKEv2 Transform Attribute type", HFILL }},
7597 { &hf_isakmp_ike2_attr.format,
7598 { "Format", "isakmp.ike2.attr.format",
7599 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7600 "IKEv2 Transform Attribute format", HFILL }},
7601 { &hf_isakmp_ike2_attr.length,
7602 { "Length", "isakmp.ike2.attr.length",
7603 FT_UINT16, BASE_DEC, NULL, 0x00,
7604 "IKEv2 Transform Attribute length", HFILL }},
7605 { &hf_isakmp_ike2_attr.value,
7606 { "Value", "isakmp.ike2.attr.value",
7607 FT_BYTES, BASE_NONE, NULL, 0x00,
7608 "IKEv2 Transform Attribute value", HFILL }},
7609 { &hf_isakmp_ike2_attr_key_length,
7610 { "Key Length", "isakmp.ike2.attr.key_length",
7611 FT_UINT16, BASE_DEC, NULL, 0x00,
7612 NULL, HFILL }},
7613
7614
7615 { &hf_isakmp_key_exch_dh_group,
7616 { "DH Group #", "isakmp.key_exchange.dh_group",
7617 FT_UINT16, BASE_DEC, VALS(dh_group), 0x00,
7618 NULL, HFILL }},
7619 { &hf_isakmp_key_exch_data,
7620 { "Key Exchange Data", "isakmp.key_exchange.data",
7621 FT_BYTES, BASE_NONE, NULL, 0x00,
7622 NULL, HFILL }},
7623 { &hf_isakmp_eap_data,
7624 { "EAP Message", "isakmp.eap.data",
7625 FT_BYTES, BASE_NONE, NULL, 0x00,
7626 NULL, HFILL }},
7627
7628 { &hf_isakmp_gspm_data,
7629 { "GSPM", "isakmp.gspm.data",
7630 FT_BYTES, BASE_NONE, NULL, 0x00,
7631 "Generic Secure Password Method", HFILL }},
7632
7633 /* Config Payload */
7634 { &hf_isakmp_cfg_type_v1,
7635 { "Type", "isakmp.cfg.type",
7636 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_cfgtype), 0x0,
7637 "IKEv1 Config Type", HFILL }},
7638 { &hf_isakmp_cfg_identifier,
7639 { "Identifier", "isakmp.cfg.identifier",
7640 FT_UINT16, BASE_DEC, NULL, 0x0,
7641 "IKEv1 Config Identifier", HFILL }},
7642 { &hf_isakmp_cfg_type_v2,
7643 { "Type", "isakmp.cfg.type",
7644 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v2_cfgtype), 0x0,
7645 "IKEv2 Config Type", HFILL }},
7646
7647 /* Config Attributes */
7648 { &hf_isakmp_cfg_attr.all,
7649 { "Config Attribute", "isakmp.cfg.attr",
7650 FT_NONE, BASE_NONE, NULL, 0x00,
7651 NULL, HFILL }},
7652 { &hf_isakmp_cfg_attr_type_v1,
7653 { "Type", "isakmp.cfg.attr.type",
7654 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_cfgattr), 0x00,
7655 "IKEv1 Config Attribute type", HFILL }},
7656 { &hf_isakmp_cfg_attr_type_v2,
7657 { "Type", "isakmp.cfg.attr.type",
7658 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v2_cfgattr), 0x00,
7659 "IKEv2 Config Attribute type", HFILL }},
7660 { &hf_isakmp_cfg_attr.format,
7661 { "Format", "isakmp.cfg.attr.format",
7662 FT_BOOLEAN, 16, TFS(&attribute_format), 0x8000,
7663 "Config Attribute format", HFILL }},
7664 { &hf_isakmp_cfg_attr.length,
7665 { "Length", "isakmp.cfg.attr.length",
7666 FT_UINT16, BASE_DEC, NULL, 0x00,
7667 "Config Attribute length", HFILL }},
7668 { &hf_isakmp_cfg_attr.value,
7669 { "Value", "isakmp.cfg.attr.value",
7670 FT_BYTES, BASE_NONE, NULL, 0x00,
7671 "Config Attribute value", HFILL }},
7672 { &hf_isakmp_cfg_attr_internal_ip4_address,
7673 { "INTERNAL IP4 ADDRESS", "isakmp.cfg.attr.internal_ip4_address",
7674 FT_IPv4, BASE_NONE, NULL, 0x00,
7675 "An IPv4 address on the internal network", HFILL }},
7676 { &hf_isakmp_cfg_attr_internal_ip4_netmask,
7677 { "INTERNAL IP4 NETMASK", "isakmp.cfg.attr.internal_ip4_netmask",
7678 FT_IPv4, BASE_NETMASK, NULL, 0x00,
7679 "The internal network's netmask", HFILL }},
7680 { &hf_isakmp_cfg_attr_internal_ip4_dns,
7681 { "INTERNAL IP4 DNS", "isakmp.cfg.attr.internal_ip4_dns",
7682 FT_IPv4, BASE_NONE, NULL, 0x00,
7683 "An IPv4 address of a DNS server within the network", HFILL }},
7684 { &hf_isakmp_cfg_attr_internal_ip4_nbns,
7685 { "INTERNAL IP4 NBNS", "isakmp.cfg.attr.internal_ip4_nbns",
7686 FT_IPv4, BASE_NONE, NULL, 0x00,
7687 "An IPv4 address of a NetBios Name Server (WINS) within the network", HFILL }},
7688 { &hf_isakmp_cfg_attr_internal_address_expiry,
7689 { "INTERNAL ADDRESS EXPIRY (Secs)", "isakmp.cfg.attr.internal_address_expiry",
7690 FT_UINT32, BASE_DEC, NULL, 0x00,
7691 "Specifies the number of seconds that the host can use the internal IP address", HFILL }},
7692 { &hf_isakmp_cfg_attr_internal_ip4_dhcp,
7693 { "INTERNAL IP4 DHCP", "isakmp.cfg.attr.internal_ip4_dhcp",
7694 FT_IPv4, BASE_NONE, NULL, 0x00,
7695 "the host to send any internal DHCP requests to the address", HFILL }},
7696 { &hf_isakmp_cfg_attr_application_version,
7697 { "APPLICATION VERSION", "isakmp.cfg.attr.application_version",
7698 FT_STRING, BASE_NONE, NULL, 0x00,
7699 "The version or application information of the IPsec host", HFILL }},
7700 { &hf_isakmp_cfg_attr_internal_ip6_address_ip,
7701 { "INTERNAL IP6 ADDRESS", "isakmp.cfg.attr.internal_ip6_address",
7702 FT_IPv6, BASE_NONE, NULL, 0x00,
7703 "An IPv6 address on the internal network", HFILL }},
7704 { &hf_isakmp_cfg_attr_internal_ip6_address_prefix,
7705 { "INTERNAL IP6 ADDRESS (PREFIX)", "isakmp.cfg.attr.internal_ip6_address.prefix",
7706 FT_UINT8, BASE_DEC, NULL, 0x00,
7707 NULL, HFILL }},
7708 { &hf_isakmp_cfg_attr_internal_ip6_netmask,
7709 { "INTERNAL IP6 NETMASK", "isakmp.cfg.attr.internal_ip6_netmask",
7710 FT_IPv6, BASE_NONE, NULL, 0x00,
7711 "The internal network's netmask", HFILL }},
7712 { &hf_isakmp_cfg_attr_internal_ip6_dns,
7713 { "INTERNAL IP6 DNS", "isakmp.cfg.attr.internal_ip6_dns",
7714 FT_IPv6, BASE_NONE, NULL, 0x00,
7715 "An IPv6 address of a DNS server within the network", HFILL }},
7716 { &hf_isakmp_cfg_attr_internal_ip6_nbns,
7717 { "INTERNAL IP6 NBNS", "isakmp.cfg.attr.internal_ip6_nbns",
7718 FT_IPv6, BASE_NONE, NULL, 0x00,
7719 "An IPv6 address of a NetBios Name Server (WINS) within the network", HFILL }},
7720 { &hf_isakmp_cfg_attr_internal_ip6_dhcp,
7721 { "INTERNAL IP6 DHCP", "isakmp.cfg.attr.internal_ip6_dhcp",
7722 FT_IPv6, BASE_NONE, NULL, 0x00,
7723 "The host to send any internal DHCP requests to the address", HFILL }},
7724 { &hf_isakmp_cfg_attr_internal_ip4_subnet_ip,
7725 { "INTERNAL IP4 SUBNET (IP)", "isakmp.cfg.attr.internal_ip4_subnet_ip",
7726 FT_IPv4, BASE_NONE, NULL, 0x00,
7727 "The protected sub-networks that this edge-device protects (IP)", HFILL }},
7728 { &hf_isakmp_cfg_attr_internal_ip4_subnet_netmask,
7729 { "INTERNAL IP4 SUBNET (NETMASK)", "isakmp.cfg.attr.internal_ip4_subnet_netmask",
7730 FT_IPv4, BASE_NETMASK, NULL, 0x00,
7731 "The protected sub-networks that this edge-device protects (IP)", HFILL }},
7732 { &hf_isakmp_cfg_attr_supported_attributes,
7733 { "SUPPORTED ATTRIBUTES", "isakmp.cfg.attr.supported_attributes",
7734 FT_UINT16, BASE_DEC, NULL, 0x00,
7735 NULL, HFILL }},
7736 { &hf_isakmp_cfg_attr_internal_ip6_subnet_ip,
7737 { "INTERNAL_IP6_SUBNET (IP)", "isakmp.cfg.attr.internal_ip6_subnet_ip",
7738 FT_IPv6, BASE_NONE, NULL, 0x00,
7739 NULL, HFILL }},
7740 { &hf_isakmp_cfg_attr_internal_ip6_subnet_prefix,
7741 { "INTERNAL_IP6_SUBNET (PREFIX)", "isakmp.cfg.attr.internal_ip6_subnet_prefix",
7742 FT_UINT8, BASE_DEC, NULL, 0x00,
7743 NULL, HFILL }},
7744 { &hf_isakmp_cfg_attr_internal_ip6_link_interface,
7745 { "INTERNAL_IP6_LINK (Link-Local Interface ID)", "isakmp.cfg.attr.internal_ip6_link_interface",
7746 FT_UINT64, BASE_DEC, NULL, 0x00,
7747 "The Interface ID used for link-local address (by the party that sent this attribute)", HFILL }},
7748 { &hf_isakmp_cfg_attr_internal_ip6_link_id,
7749 { "INTERNAL_IP6_LINK (IKEv2 Link ID)", "isakmp.cfg.attr.internal_ip6_link_id",
7750 FT_BYTES, BASE_NONE, NULL, 0x00,
7751 "The Link ID is selected by the VPN gateway and is treated as an opaque octet string by the client.", HFILL }},
7752 { &hf_isakmp_cfg_attr_internal_ip6_prefix_ip,
7753 { "INTERNAL_IP6_PREFIX (IP)", "isakmp.cfg.attr.internal_ip6_prefix_ip",
7754 FT_IPv6, BASE_NONE, NULL, 0x00,
7755 "An IPv6 prefix assigned to the virtual link", HFILL }},
7756 { &hf_isakmp_cfg_attr_internal_ip6_prefix_length,
7757 { "INTERNAL_IP6_PREFIX (Length)", "isakmp.cfg.attr.internal_ip6_prefix_length",
7758 FT_UINT8, BASE_DEC, NULL, 0x00,
7759 "The length of the prefix in bits (usually 64)", HFILL }},
7760 { &hf_isakmp_cfg_attr_p_cscf_ip4_address,
7761 { "P_CSCF_IP4_ADDRESS (IP)", "isakmp.cfg.attr.p_cscf_ip4_address",
7762 FT_IPv4, BASE_NONE, NULL, 0x00,
7763 "An IPv4 address of the P-CSCF server", HFILL }},
7764 { &hf_isakmp_cfg_attr_p_cscf_ip6_address,
7765 { "P_CSCF_IP6_ADDRESS (IP)", "isakmp.cfg.attr.p_cscf_ip6_address",
7766 FT_IPv6, BASE_NONE, NULL, 0x00,
7767 "An IPv6 address of the P-CSCF server", HFILL }},
7768
7769 { &hf_isakmp_cfg_attr_xauth_type,
7770 { "XAUTH TYPE", "isakmp.cfg.attr.xauth.type",
7771 FT_UINT16, BASE_RANGE_STRING | BASE_DEC, RVALS(cfgattr_xauth_type), 0x00,
7772 "The type of extended authentication requested", HFILL }},
7773 { &hf_isakmp_cfg_attr_xauth_user_name,
7774 { "XAUTH USER NAME", "isakmp.cfg.attr.xauth.user_name",
7775 FT_STRING, BASE_NONE, NULL, 0x00,
7776 "The user name", HFILL }},
7777 { &hf_isakmp_cfg_attr_xauth_user_password,
7778 { "XAUTH USER PASSWORD", "isakmp.cfg.attr.xauth.user_password",
7779 FT_STRING, BASE_NONE, NULL, 0x00,
7780 "The user's password", HFILL }},
7781 { &hf_isakmp_cfg_attr_xauth_passcode,
7782 { "XAUTH PASSCODE", "isakmp.cfg.attr.xauth.passcode",
7783 FT_STRING, BASE_NONE, NULL, 0x00,
7784 "A token card's passcode", HFILL }},
7785 { &hf_isakmp_cfg_attr_xauth_message,
7786 { "XAUTH MESSAGE", "isakmp.cfg.attr.xauth.message",
7787 FT_STRING, BASE_NONE, NULL, 0x00,
7788 "A textual message from an edge device to an IPSec host", HFILL }},
7789 { &hf_isakmp_cfg_attr_xauth_challenge,
7790 { "XAUTH CHALLENGE", "isakmp.cfg.attr.xauth.challenge",
7791 FT_STRING, BASE_NONE, NULL, 0x00,
7792 "A challenge string sent from the edge device to the IPSec host for it to include in its calculation of a password", HFILL }},
7793 { &hf_isakmp_cfg_attr_xauth_domain,
7794 { "XAUTH DOMAIN", "isakmp.cfg.attr.xauth.domain",
7795 FT_STRING, BASE_NONE, NULL, 0x00,
7796 "The domain to be authenticated in", HFILL }},
7797 { &hf_isakmp_cfg_attr_xauth_status,
7798 { "XAUTH STATUS", "isakmp.cfg.attr.xauth.status",
7799 FT_UINT16, BASE_DEC, VALS(cfgattr_xauth_status), 0x00,
7800 "A variable that is used to denote authentication success or failure", HFILL }},
7801 { &hf_isakmp_cfg_attr_xauth_next_pin,
7802 { "XAUTH TYPE", "isakmp.cfg.attr.xauth.next_pin",
7803 FT_STRING, BASE_NONE, NULL, 0x00,
7804 "A variable which is used when the edge device is requesting that the user choose a new pin number", HFILL }},
7805 { &hf_isakmp_cfg_attr_xauth_answer,
7806 { "XAUTH ANSWER", "isakmp.cfg.attr.xauth.answer",
7807 FT_STRING, BASE_NONE, NULL, 0x00,
7808 "A variable length ASCII string used to send input to the edge device", HFILL }},
7809 { &hf_isakmp_cfg_attr_unity_banner,
7810 { "UNITY BANNER", "isakmp.cfg.attr.unity.banner",
7811 FT_STRING, BASE_NONE, NULL, 0x00,
7812 NULL, HFILL }},
7813 { &hf_isakmp_cfg_attr_unity_def_domain,
7814 { "UNITY DEF DOMAIN", "isakmp.cfg.attr.unity.def_domain",
7815 FT_STRING, BASE_NONE, NULL, 0x00,
7816 NULL, HFILL }},
7817
7818 /* SA KEK Payload */
7819 { &hf_isakmp_sak_next_payload,
7820 { "Next Payload", "isakmp.sak.nextpayload",
7821 FT_UINT8, BASE_DEC, NULL, 0x0,
7822 NULL, HFILL }},
7823 { &hf_isakmp_sak_reserved,
7824 { "Reserved", "isakmp.sak.reserved",
7825 FT_UINT8, BASE_DEC, NULL, 0x0,
7826 NULL, HFILL }},
7827 { &hf_isakmp_sak_payload_len ,
7828 { "Payload length", "isakmp.sak.payload_len",
7829 FT_UINT16, BASE_DEC, NULL, 0x0,
7830 NULL, HFILL }},
7831 { &hf_isakmp_sak_protocol,
7832 { "Protocol ID", "isakmp.sak.protoid",
7833 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
7834 NULL, HFILL }},
7835 { &hf_isakmp_sak_src_id_type,
7836 { "SRC ID Type", "isakmp.sak.src_id_type",
7837 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_id_type), 0x0,
7838 NULL, HFILL }},
7839 { &hf_isakmp_sak_src_id_port,
7840 { "SRC ID Port", "isakmp.sak.src_id_port",
7841 FT_UINT16, BASE_DEC, NULL, 0x0,
7842 NULL, HFILL }},
7843 { &hf_isakmp_sak_src_id_length,
7844 { "SRC ID Data Length", "isakmp.sak.src_id_length",
7845 FT_UINT8, BASE_DEC, NULL, 0x0,
7846 NULL, HFILL }},
7847 { &hf_isakmp_sak_src_id_data,
7848 { "SRC ID Data", "isakmp.sak.src_id_data",
7849 FT_BYTES, BASE_NONE, NULL, 0x0,
7850 NULL, HFILL }},
7851 { &hf_isakmp_sak_dst_id_type,
7852 { "DST ID Type", "isakmp.sak.dst_id_type",
7853 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_id_type), 0x0,
7854 NULL, HFILL }},
7855 { &hf_isakmp_sak_dst_id_port,
7856 { "DST ID Port", "isakmp.sak.dst_id_port",
7857 FT_UINT16, BASE_DEC, NULL, 0x0,
7858 NULL, HFILL }},
7859 { &hf_isakmp_sak_dst_id_length,
7860 { "DST ID Data Length", "isakmp.sak.dst_id_length",
7861 FT_UINT8, BASE_DEC, NULL, 0x0,
7862 NULL, HFILL }},
7863 { &hf_isakmp_sak_dst_id_data,
7864 { "DST ID Data", "isakmp.sak.dst_id_data",
7865 FT_BYTES, BASE_NONE, NULL, 0x0,
7866 NULL, HFILL }},
7867 { &hf_isakmp_sak_spi,
7868 { "SPI", "isakmp.sak.spi",
7869 FT_BYTES, BASE_NONE, NULL, 0x0,
7870 NULL, HFILL }},
7871
7872 /* SA TEK Payload */
7873 { &hf_isakmp_sat_next_payload,
7874 { "Next Payload", "isakmp.sat.nextpayload",
7875 FT_UINT8, BASE_DEC, NULL, 0x0,
7876 NULL, HFILL }},
7877 { &hf_isakmp_sat_reserved,
7878 { "Reserved", "isakmp.sat.reserved",
7879 FT_UINT8, BASE_DEC, NULL, 0x0,
7880 NULL, HFILL }},
7881 { &hf_isakmp_sat_payload_len ,
7882 { "Payload length", "isakmp.sat.payload_len",
7883 FT_UINT16, BASE_DEC, NULL, 0x0,
7884 NULL, HFILL }},
7885 { &hf_isakmp_sat_protocol_id,
7886 { "Protocol ID", "isakmp.sat.protocol_id",
7887 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(sat_protocol_ids), 0x0,
7888 NULL, HFILL }},
7889 { &hf_isakmp_sat_protocol,
7890 { "Internet Protocol", "isakmp.sat.protocol",
7891 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0,
7892 NULL, HFILL }},
7893 { &hf_isakmp_sat_src_id_type,
7894 { "SRC ID Type", "isakmp.sat.src_id_type",
7895 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_id_type), 0x0,
7896 NULL, HFILL }},
7897 { &hf_isakmp_sat_src_id_port,
7898 { "SRC ID Port", "isakmp.sat.src_id_port",
7899 FT_UINT16, BASE_DEC, NULL, 0x0,
7900 NULL, HFILL }},
7901 { &hf_isakmp_sat_src_id_length,
7902 { "SRC ID Data Length", "isakmp.sat.src_id_length",
7903 FT_UINT16, BASE_DEC, NULL, 0x0,
7904 NULL, HFILL }},
7905 { &hf_isakmp_sat_src_id_data,
7906 { "SRC ID Data", "isakmp.sat.src_id_data",
7907 FT_BYTES, BASE_NONE, NULL, 0x0,
7908 NULL, HFILL }},
7909 { &hf_isakmp_sat_dst_id_type,
7910 { "DST ID Type", "isakmp.sat.dst_id_type",
7911 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(vs_v1_id_type), 0x0,
7912 NULL, HFILL }},
7913 { &hf_isakmp_sat_dst_id_port,
7914 { "DST ID Port", "isakmp.sat.dst_id_port",
7915 FT_UINT16, BASE_DEC, NULL, 0x0,
7916 NULL, HFILL }},
7917 { &hf_isakmp_sat_dst_id_length,
7918 { "DST ID Data Length", "isakmp.sat.dst_id_length",
7919 FT_UINT16, BASE_DEC, NULL, 0x0,
7920 NULL, HFILL }},
7921 { &hf_isakmp_sat_dst_id_data,
7922 { "DST ID Data", "isakmp.sat.dst_id_data",
7923 FT_BYTES, BASE_NONE, NULL, 0x0,
7924 NULL, HFILL }},
7925 { &hf_isakmp_sat_transform_id,
7926 { "Transform ID", "isakmp.sat.transform_id",
7927 FT_UINT8, BASE_DEC, NULL, 0x0,
7928 NULL, HFILL }},
7929 { &hf_isakmp_sat_spi,
7930 { "SPI", "isakmp.sat.spi",
7931 FT_BYTES, BASE_NONE, NULL, 0x0,
7932 NULL, HFILL }},
7933 { &hf_isakmp_sat_payload,
7934 { "TEK Payload", "isakmp.sat.payload",
7935 FT_BYTES, BASE_NONE, NULL, 0x0,
7936 NULL, HFILL }},
7937
7938 /* Key Download Payload */
7939 { &hf_isakmp_kd_num_key_pkt,
7940 { "Number of Key Packets", "isakmp.kd.num_pkt",
7941 FT_UINT16, BASE_DEC, NULL, 0x0,
7942 NULL, HFILL }},
7943 { &hf_isakmp_kd_payload,
7944 { "Key Download Payload", "isakmp.kd.payload",
7945 FT_NONE, BASE_NONE, NULL, 0x0,
7946 NULL, HFILL }},
7947 { &hf_isakmp_kdp_type,
7948 { "Type", "isakmp.kd.payload.type",
7949 FT_UINT8, BASE_RANGE_STRING | BASE_DEC, RVALS(key_download_types), 0x0,
7950 NULL, HFILL }},
7951 { &hf_isakmp_kdp_length,
7952 { "Length", "isakmp.kd.payload.length",
7953 FT_UINT16, BASE_DEC, NULL, 0x0,
7954 NULL, HFILL }},
7955 { &hf_isakmp_kdp_spi_size,
7956 { "SPI Size", "isakmp.kd.payload.spi_size",
7957 FT_UINT8, BASE_DEC, NULL, 0x0,
7958 NULL, HFILL }},
7959 { &hf_isakmp_kdp_spi,
7960 { "SPI", "isakmp.kd.payload.spi",
7961 FT_BYTES, BASE_NONE, NULL, 0x0,
7962 NULL, HFILL }},
7963 /* Sequence Payload */
7964 { &hf_isakmp_seq_seq,
7965 { "Sequence Number", "isakmp.seq.seq",
7966 FT_UINT32, BASE_DEC, NULL, 0x0,
7967 NULL, HFILL }},
7968
7969 { &hf_isakmp_enc_decrypted_data,
7970 { "Decrypted Data", "isakmp.enc.decrypted",
7971 FT_NONE, BASE_NONE, NULL, 0x0,
7972 NULL, HFILL }},
7973 { &hf_isakmp_enc_contained_data,
7974 { "Contained Data", "isakmp.enc.contained",
7975 FT_NONE, BASE_NONE, NULL, 0x0,
7976 NULL, HFILL }},
7977 { &hf_isakmp_enc_padding,
7978 { "Padding", "isakmp.enc.padding",
7979 FT_NONE, BASE_NONE, NULL, 0x0,
7980 NULL, HFILL }},
7981 { &hf_isakmp_enc_pad_length,
7982 { "Pad Length", "isakmp.enc.pad_length",
7983 FT_UINT8, BASE_DEC, NULL, 0x0,
7984 NULL, HFILL }},
7985 { &hf_isakmp_enc_data,
7986 { "Encrypted Data", "isakmp.enc.data",
7987 FT_NONE, BASE_NONE, NULL, 0x0,
7988 NULL, HFILL }},
7989 { &hf_isakmp_enc_iv,
7990 { "Initialization Vector", "isakmp.enc.iv",
7991 FT_BYTES, BASE_NONE, NULL, 0x0,
7992 NULL, HFILL }},
7993 { &hf_isakmp_enc_icd,
7994 { "Integrity Checksum Data", "isakmp.enc.icd",
7995 FT_BYTES, BASE_NONE, NULL, 0x0,
7996 NULL, HFILL }},
7997 { &hf_isakmp_notify_data_3gpp_backoff_timer_len,
7998 { "Length", "isakmp.notify.priv.3gpp.backoff_timer_len",
7999 FT_UINT8, BASE_DEC, NULL, 0x0,
8000 NULL, HFILL }},
8001
8002 { &hf_isakmp_notify_data_3gpp_device_identity_len,
8003 { "Identity Length", "isakmp.notify.priv.3gpp.device_identity_len",
8004 FT_UINT16, BASE_DEC, NULL, 0x0,
8005 NULL, HFILL }},
8006 { &hf_isakmp_notify_data_3gpp_device_identity_type,
8007 { "Identity Type", "isakmp.notify.priv.3gpp.device_identity_type",
8008 FT_UINT8, BASE_DEC, VALS(device_identity_types), 0x0,
8009 NULL, HFILL }},
8010 { &hf_isakmp_notify_data_3gpp_device_identity_imei,
8011 { "IMEI", "isakmp.notify.priv.3gpp.device_identity_imei",
8012 FT_STRING, BASE_NONE, NULL, 0,
8013 NULL, HFILL }},
8014 { &hf_isakmp_notify_data_3gpp_device_identity_imeisv,
8015 { "IMEISV", "isakmp.notify.priv.3gpp.device_identity_imeisv",
8016 FT_STRING, BASE_NONE, NULL, 0,
8017 NULL, HFILL }},
8018
8019 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_len,
8020 { "Total Length", "isakmp.notify.priv.3gpp.emergency_call_numbers_len",
8021 FT_UINT8, BASE_DEC, NULL, 0x0,
8022 NULL, HFILL }},
8023 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_spare,
8024 { "Spare", "isakmp.notify.priv.3gpp.emergency_call_numbers_spare",
8025 FT_UINT8, BASE_DEC, NULL, 0xE0,
8026 NULL, HFILL }},
8027 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_element_len,
8028 { "Length", "isakmp.notify.priv.3gpp.emergency_call_numbers_element_len",
8029 FT_UINT8, BASE_DEC, NULL, 0,
8030 NULL, HFILL }},
8031
8032 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flags,
8033 { "Service Category Value", "isakmp.notify.priv.3gpp.emergency_call_numbers_flags",
8034 FT_UINT8, BASE_HEX, NULL, 0x0,
8035 NULL, HFILL }},
8036
8037 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b1_police,
8038 { "Police", "isakmp.notify.priv.3gpp.emergency_call_numbers_flag_b1_police",
8039 FT_UINT8, BASE_DEC, NULL, 0x01,
8040 NULL, HFILL }},
8041 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b2_ambulance,
8042 { "Ambulance", "isakmp.notify.priv.3gpp.emergency_call_numbers_flag_b2_ambulance",
8043 FT_UINT8, BASE_DEC, NULL, 0x02,
8044 NULL, HFILL }},
8045 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b3_fire_brigade,
8046 { "Fire Brigade", "isakmp.notify.priv.3gpp.emergency_call_numbers_flag_b3_fire_brigade",
8047 FT_UINT8, BASE_DEC, NULL, 0x04,
8048 NULL, HFILL }},
8049 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b4_marine_guard,
8050 { "Marine Guard", "isakmp.notify.priv.3gpp.emergency_call_numbers_b4_marine_guard",
8051 FT_UINT8, BASE_DEC, NULL, 0x08,
8052 NULL, HFILL }},
8053 { &hf_isakmp_notify_data_3gpp_emergency_call_numbers_flag_b5_mountain_rescue,
8054 { "Mountain Rescue", "isakmp.notify.priv.3gpp.emergency_call_numbers_flag_b5_mountain_rescue",
8055 FT_UINT8, BASE_DEC, NULL, 0x10,
8056 NULL, HFILL }},
8057 { &hf_iskamp_notify_data_3gpp_emergency_call_number,
8058 { "Emergency Number", "isakmp.notify.priv.3gpp.emergency_call_number",
8059 FT_STRING, BASE_NONE, NULL, 0x0,
8060 NULL, HFILL }}
8061 };
8062
8063
8064 static int *ett[] = {
8065 &ett_isakmp,
8066 &ett_isakmp_version,
8067 &ett_isakmp_flags,
8068 &ett_isakmp_payload,
8069 &ett_isakmp_payload_digital_signature,
8070 &ett_isakmp_payload_digital_signature_asn1_data,
8071 &ett_isakmp_fragment,
8072 &ett_isakmp_fragments,
8073 &ett_isakmp_sa,
8074 &ett_isakmp_attr,
8075 &ett_isakmp_id,
8076 &ett_isakmp_notify_data,
8077 &ett_isakmp_notify_data_3gpp_emergency_call_numbers_main,
8078 &ett_isakmp_notify_data_3gpp_emergency_call_numbers_element,
8079 &ett_isakmp_ts,
8080 &ett_isakmp_kd,
8081 &ett_isakmp_decrypted_data,
8082 &ett_isakmp_decrypted_payloads
8083 };
8084
8085 static ei_register_info ei[] = {
8086 { &ei_isakmp_enc_iv, { "isakmp.enc.iv.not_enough_data", PI_MALFORMED, PI_WARN, "Not enough data in IKEv2 Encrypted payload", EXPFILL }},
8087 { &ei_isakmp_ikev2_integrity_checksum, { "isakmp.ikev2.integrity_checksum", PI_CHECKSUM, PI_WARN, "IKEv2 Integrity Checksum Data is incorrect", EXPFILL }},
8088 { &ei_isakmp_enc_data_length_mult_block_size, { "isakmp.enc_data_length_mult_block_size", PI_MALFORMED, PI_WARN, "Encrypted data length isn't a multiple of block size", EXPFILL }},
8089 { &ei_isakmp_enc_pad_length_big, { "isakmp.enc.pad_length.big", PI_MALFORMED, PI_WARN, "Pad length is too big", EXPFILL }},
8090 { &ei_isakmp_attribute_value_empty, { "isakmp.attribute_value_empty", PI_PROTOCOL, PI_NOTE, "Attribute value is empty", EXPFILL }},
8091 { &ei_isakmp_payload_bad_length, { "isakmp.payloadlength.invalid", PI_MALFORMED, PI_ERROR, "Invalid payload length", EXPFILL }},
8092 { &ei_isakmp_bad_fragment_number, { "isakmp.fragment_number.invalid", PI_MALFORMED, PI_ERROR, "Invalid fragment numbering", EXPFILL }},
8093 { &ei_isakmp_notify_data_3gpp_unknown_device_identity, { "isakmp.notify.priv.3gpp.unknown_device_identity", PI_PROTOCOL, PI_WARN, "Type of device identity not known", EXPFILL }},
8094 };
8095
8096 expert_module_t* expert_isakmp;
8097
8098 static uat_field_t ikev1_uat_flds[] = {
8099 UAT_FLD_BUFFER(ikev1_users, icookie, "Initiator's COOKIE", "Initiator's COOKIE"),
8100 UAT_FLD_BUFFER(ikev1_users, key, "Encryption Key", "Encryption Key"),
8101 UAT_END_FIELDS
8102 };
8103
8104 static uat_field_t ikev2_uat_flds[] = {
8105 UAT_FLD_BUFFER(ikev2_users, spii, "Initiator's SPI", "Initiator's SPI value of the IKE_SA"),
8106 UAT_FLD_BUFFER(ikev2_users, spir, "Responder's SPI", "Responder's SPI value of the IKE_SA"),
8107 UAT_FLD_BUFFER(ikev2_users, sk_ei, "SK_ei", "Key used to encrypt/decrypt IKEv2 packets from initiator to responder"),
8108 UAT_FLD_BUFFER(ikev2_users, sk_er, "SK_er", "Key used to encrypt/decrypt IKEv2 packets from responder to initiator"),
8109 UAT_FLD_VS(ikev2_users, encr_alg, "Encryption algorithm", vs_ikev2_encr_algs, "Encryption algorithm of IKE_SA"),
8110 UAT_FLD_BUFFER(ikev2_users, sk_ai, "SK_ai", "Key used to calculate Integrity Checksum Data for IKEv2 packets from initiator to responder"),
8111 UAT_FLD_BUFFER(ikev2_users, sk_ar, "SK_ar", "Key used to calculate Integrity Checksum Data for IKEv2 packets from responder to initiator"),
8112 UAT_FLD_VS(ikev2_users, auth_alg, "Integrity algorithm", vs_ikev2_auth_algs, "Integrity algorithm of IKE_SA"),
8113 UAT_END_FIELDS
8114 };
8115
8116 proto_isakmp = proto_register_protocol("Internet Security Association and Key Management Protocol",
8117 "ISAKMP", "isakmp");
8118 proto_register_field_array(proto_isakmp, hf, array_length(hf));
8119 proto_register_subtree_array(ett, array_length(ett));
8120 expert_isakmp = expert_register_protocol(proto_isakmp);
8121 expert_register_field_array(expert_isakmp, ei, array_length(ei));
8122 register_init_routine(&isakmp_init_protocol);
8123 register_cleanup_routine(&isakmp_cleanup_protocol);
8124 reassembly_table_register(&isakmp_cisco_reassembly_table,
8125 &addresses_reassembly_table_functions);
8126 reassembly_table_register(&isakmp_ike2_reassembly_table,
8127 &addresses_reassembly_table_functions);
8128
8129 isakmp_handle = register_dissector("isakmp", dissect_isakmp, proto_isakmp);
8130
8131 isakmp_module = prefs_register_protocol(proto_isakmp, NULL);
8132 ikev1_uat = uat_new("IKEv1 Decryption Table",
8133 sizeof(ikev1_uat_data_key_t),
8134 "ikev1_decryption_table",
8135 true,
8136 &ikev1_uat_data,
8137 &num_ikev1_uat_data,
8138 UAT_AFFECTS_DISSECTION, /* affects dissection of packets, but not set of named fields */
8139 "ChIKEv1DecryptionSection",
8140 ikev1_uat_data_copy_cb,
8141 ikev1_uat_data_update_cb,
8142 ikev1_uat_data_free_cb,
8143 NULL,
8144 NULL,
8145 ikev1_uat_flds);
8146
8147 prefs_register_uat_preference(isakmp_module,
8148 "ikev1_decryption_table",
8149 "IKEv1 Decryption Table",
8150 "Table of IKE_SA security parameters for decryption of IKEv1 packets",
8151 ikev1_uat);
8152
8153 ikev2_uat = uat_new("IKEv2 Decryption Table",
8154 sizeof(ikev2_uat_data_t),
8155 "ikev2_decryption_table",
8156 true,
8157 &ikev2_uat_data,
8158 &num_ikev2_uat_data,
8159 UAT_AFFECTS_DISSECTION, /* affects dissection of packets, but not set of named fields */
8160 "ChIKEv2DecryptionSection",
8161 ikev2_uat_data_copy_cb,
8162 ikev2_uat_data_update_cb,
8163 ikev2_uat_data_free_cb,
8164 NULL,
8165 NULL,
8166 ikev2_uat_flds);
8167
8168 prefs_register_uat_preference(isakmp_module,
8169 "ikev2_decryption_table",
8170 "IKEv2 Decryption Table",
8171 "Table of IKE_SA security parameters for decryption of IKEv2 packets",
8172 ikev2_uat);
8173 }
8174
8175 void
8176 proto_reg_handoff_isakmp(void)
8177 {
8178 eap_handle = find_dissector_add_dependency("eap", proto_isakmp);
8179 dissector_add_uint_with_preference("udp.port", UDP_PORT_ISAKMP, isakmp_handle);
8180 dissector_add_uint_with_preference("tcp.port", TCP_PORT_ISAKMP, isakmp_handle);
8181 }
8182
8183 /*
8184 * Editor modelines - https://www.wireshark.org/tools/modelines.html
8185 *
8186 * Local variables:
8187 * c-basic-offset: 2
8188 * tab-width: 8
8189 * indent-tabs-mode: nil
8190 * End:
8191 *
8192 * vi: set shiftwidth=2 tabstop=8 expandtab:
8193 * :indentSize=2:tabSize=8:noTabs=true:
8194 */
Metzes wireshark repo