diff options
| author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2005-07-14 08:10:30 +0000 |
|---|---|---|
| committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2005-07-14 08:10:30 +0000 |
| commit | 98a0c9a590a415d8f27127ec4057892f4833efd7 (patch) | |
| tree | 59cb4fdaf7543cc2c2fc75e418833bb59e393ed7 /epan/dissectors/packet-isakmp.c | |
| parent | b05a2365f8abb9c2296a26e84bc81a66d0d1a02f (diff) | |
| download | wireshark-98a0c9a590a415d8f27127ec4057892f4833efd7.tar.gz | |
ISAKMP version2 has changed the payload format of a CertificateRequest.
In version 2 this is just a concatenation of 20 byte SHA-1 hashes with no other encxapsulation.
this resolves bug 281
svn path=/trunk/; revision=14917
Diffstat (limited to 'epan/dissectors/packet-isakmp.c')
| -rw-r--r-- | epan/dissectors/packet-isakmp.c | 42 |
1 files changed, 34 insertions, 8 deletions
diff --git a/epan/dissectors/packet-isakmp.c b/epan/dissectors/packet-isakmp.c index 8b2804b166..834f70c006 100644 --- a/epan/dissectors/packet-isakmp.c +++ b/epan/dissectors/packet-isakmp.c @@ -53,6 +53,8 @@ #define ARLEN(a) (sizeof(a)/sizeof(a[0])) static int proto_isakmp = -1; +static int hf_ike_certificate_authority = -1; +static int hf_ike_v2_certificate_authority = -1; static gint ett_isakmp = -1; static gint ett_isakmp_flags = -1; @@ -104,7 +106,9 @@ static void dissect_id(tvbuff_t *, int, int, proto_tree *, packet_info *, int, int); static void dissect_cert(tvbuff_t *, int, int, proto_tree *, packet_info *, int, int); -static void dissect_certreq(tvbuff_t *, int, int, proto_tree *, +static void dissect_certreq_v1(tvbuff_t *, int, int, proto_tree *, + packet_info *, int, int); +static void dissect_certreq_v2(tvbuff_t *, int, int, proto_tree *, packet_info *, int, int); static void dissect_hash(tvbuff_t *, int, int, proto_tree *, packet_info *, int, int); @@ -173,7 +177,7 @@ static struct payload_func v1_plfunc[] = { { 4, "Key Exchange", dissect_key_exch }, { 5, "Identification", dissect_id }, { 6, "Certificate", dissect_cert }, - { 7, "Certificate Request", dissect_certreq }, + { 7, "Certificate Request", dissect_certreq_v1}, { 8, "Hash", dissect_hash }, { 9, "Signature", dissect_sig }, { 10, "Nonce", dissect_nonce }, @@ -195,7 +199,7 @@ static struct payload_func v2_plfunc[] = { { 35, "Identification - I", dissect_id }, { 36, "Identification - R", dissect_id }, { 37, "Certificate", dissect_cert }, - { 38, "Certificate Request", dissect_certreq }, + { 38, "Certificate Request", dissect_certreq_v2}, { 39, "Authentication", dissect_auth }, { 40, "Nonce", dissect_nonce }, { 41, "Notification", dissect_notif }, @@ -326,8 +330,6 @@ static const guint8 VID_draft_ietf_ipsec_heartbeats_00[VID_LEN_8]= {0x8D, 0xB7, */ static const guint8 VID_HeartBeat_Notify[VID_LEN] = {0x48, 0x65, 0x61, 0x72, 0x74, 0x42, 0x65, 0x61, 0x74, 0x5f, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79}; -static int hf_ike_certificate_authority = -1; - void isakmp_dissect_payloads(tvbuff_t *tvb, proto_tree *tree, int isakmp_version, guint8 initial_payload, int offset, int length, @@ -1150,7 +1152,7 @@ dissect_cert(tvbuff_t *tvb, int offset, int length, proto_tree *tree, } static void -dissect_certreq(tvbuff_t *tvb, int offset, int length, proto_tree *tree, +dissect_certreq_v1(tvbuff_t *tvb, int offset, int length, proto_tree *tree, packet_info *pinfo, int isakmp_version, int unused _U_) { guint8 cert_type; @@ -1163,16 +1165,37 @@ dissect_certreq(tvbuff_t *tvb, int offset, int length, proto_tree *tree, length -= 1; if (length) { - if (cert_type == 4) + if (cert_type == 4){ dissect_x509if_Name(FALSE, tvb, offset, pinfo, tree, hf_ike_certificate_authority); - else + } else { proto_tree_add_text(tree, tvb, offset, length, "Certificate Authority"); + } } else proto_tree_add_text(tree, tvb, offset, length, "Certificate Authority (empty)"); } static void +dissect_certreq_v2(tvbuff_t *tvb, int offset, int length, proto_tree *tree, + packet_info *pinfo _U_, int isakmp_version, int unused _U_) +{ + guint8 cert_type; + + cert_type = tvb_get_guint8(tvb, offset); + proto_tree_add_text(tree, tvb, offset, 1, + "Certificate type: %u - %s", + cert_type, certtype2str(isakmp_version, cert_type)); + offset += 1; + length -= 1; + + /* this is a list of 20 byte SHA-1 hashes */ + while (length) { + proto_tree_add_item(tree, hf_ike_v2_certificate_authority, tvb, offset, 20, FALSE); + length-=20; + } +} + +static void dissect_hash(tvbuff_t *tvb, int offset, int length, proto_tree *tree, packet_info *pinfo _U_, int isakmp_version _U_, int unused _U_) { @@ -2456,6 +2479,9 @@ proto_register_isakmp(void) { &hf_ike_certificate_authority, { "Certificate Authority Distinguished Name", "ike.cert_authority_dn", FT_UINT32, BASE_DEC, NULL, 0x0, "Certificate Authority Distinguished Name", HFILL } }, + { &hf_ike_v2_certificate_authority, + { "Certificate Authority", "ike.cert_authority", FT_BYTES, BASE_HEX, NULL, 0x0, "SHA-1 hash of the Certificate Authority", HFILL } + }, }; static gint *ett[] = { &ett_isakmp, |