From c7ca0e88df468989647fc272a798bcd038084d99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Skalski?= <mskalski13@gmail.com>
Date: Sun, 21 Aug 2016 22:00:44 +0200
Subject: dissector ISAKMP IKEv2: fixed bug with libgcrypt-1.6.x and AEAD
 ciphers

IKEv2:
Fixed bug with AEAD ciphers with 8- and 12-byte length ICVs and
libgcrypt 1.6.x - gcry_cipher_checktag() returned INVALID_LENGTH.
Fixed for merged changeset https://code.wireshark.org/review/17078


Added support for verification of encrypted data with HMAC_MD5_128
[RFC4595] and HMAC_SHA1_160 [RFC4595] integrity algorithms

Added IKEv2 decryption suite for few combinations of encryption and
integrity algorithms: 3DES-CBC/SHA1_160, AES-128-CCM-12, AES-128-CCM-12
(using CTR mode), AES-192-CTR/SHA2-512, AES-256-CBC/SHA2-256,
AES-256-CCM-16, AES-256-GCM-16, AES-256-GCM-8


Change-Id: Ic564b25f1fd41e913c605322b7b8aa030cf90ddf
Reviewed-on: https://code.wireshark.org/review/17213
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
---
 test/captures/ikev2-decrypt-3des-sha1_160.pcap | Bin 0 -> 1860 bytes
 test/captures/ikev2-decrypt-aes128ccm12-2.pcap | Bin 0 -> 1416 bytes
 test/captures/ikev2-decrypt-aes128ccm12.pcap   | Bin 0 -> 1432 bytes
 test/captures/ikev2-decrypt-aes192ctr.pcap     | Bin 0 -> 1512 bytes
 test/captures/ikev2-decrypt-aes256cbc.pcapng   | Bin 0 -> 1792 bytes
 test/captures/ikev2-decrypt-aes256ccm16.pcapng | Bin 0 -> 1728 bytes
 test/captures/ikev2-decrypt-aes256gcm16.pcap   | Bin 0 -> 1448 bytes
 test/captures/ikev2-decrypt-aes256gcm8.pcap    | Bin 0 -> 1400 bytes
 test/config/ikev2_decryption_table.tmpl        |  10 ++
 test/suite-decryption.sh                       | 124 +++++++++++++++++++++++++
 10 files changed, 134 insertions(+)
 create mode 100644 test/captures/ikev2-decrypt-3des-sha1_160.pcap
 create mode 100644 test/captures/ikev2-decrypt-aes128ccm12-2.pcap
 create mode 100644 test/captures/ikev2-decrypt-aes128ccm12.pcap
 create mode 100644 test/captures/ikev2-decrypt-aes192ctr.pcap
 create mode 100644 test/captures/ikev2-decrypt-aes256cbc.pcapng
 create mode 100644 test/captures/ikev2-decrypt-aes256ccm16.pcapng
 create mode 100644 test/captures/ikev2-decrypt-aes256gcm16.pcap
 create mode 100644 test/captures/ikev2-decrypt-aes256gcm8.pcap
 create mode 100644 test/config/ikev2_decryption_table.tmpl

(limited to 'test')

diff --git a/test/captures/ikev2-decrypt-3des-sha1_160.pcap b/test/captures/ikev2-decrypt-3des-sha1_160.pcap
new file mode 100644
index 0000000000..ffdc7b517c
Binary files /dev/null and b/test/captures/ikev2-decrypt-3des-sha1_160.pcap differ
diff --git a/test/captures/ikev2-decrypt-aes128ccm12-2.pcap b/test/captures/ikev2-decrypt-aes128ccm12-2.pcap
new file mode 100644
index 0000000000..5ffecbee4d
Binary files /dev/null and b/test/captures/ikev2-decrypt-aes128ccm12-2.pcap differ
diff --git a/test/captures/ikev2-decrypt-aes128ccm12.pcap b/test/captures/ikev2-decrypt-aes128ccm12.pcap
new file mode 100644
index 0000000000..66dabfe699
Binary files /dev/null and b/test/captures/ikev2-decrypt-aes128ccm12.pcap differ
diff --git a/test/captures/ikev2-decrypt-aes192ctr.pcap b/test/captures/ikev2-decrypt-aes192ctr.pcap
new file mode 100644
index 0000000000..31f16cb97a
Binary files /dev/null and b/test/captures/ikev2-decrypt-aes192ctr.pcap differ
diff --git a/test/captures/ikev2-decrypt-aes256cbc.pcapng b/test/captures/ikev2-decrypt-aes256cbc.pcapng
new file mode 100644
index 0000000000..ce3d247c8c
Binary files /dev/null and b/test/captures/ikev2-decrypt-aes256cbc.pcapng differ
diff --git a/test/captures/ikev2-decrypt-aes256ccm16.pcapng b/test/captures/ikev2-decrypt-aes256ccm16.pcapng
new file mode 100644
index 0000000000..78874618e4
Binary files /dev/null and b/test/captures/ikev2-decrypt-aes256ccm16.pcapng differ
diff --git a/test/captures/ikev2-decrypt-aes256gcm16.pcap b/test/captures/ikev2-decrypt-aes256gcm16.pcap
new file mode 100644
index 0000000000..1e77424eab
Binary files /dev/null and b/test/captures/ikev2-decrypt-aes256gcm16.pcap differ
diff --git a/test/captures/ikev2-decrypt-aes256gcm8.pcap b/test/captures/ikev2-decrypt-aes256gcm8.pcap
new file mode 100644
index 0000000000..a0d74de8ad
Binary files /dev/null and b/test/captures/ikev2-decrypt-aes256gcm8.pcap differ
diff --git a/test/config/ikev2_decryption_table.tmpl b/test/config/ikev2_decryption_table.tmpl
new file mode 100644
index 0000000000..674564e6d3
--- /dev/null
+++ b/test/config/ikev2_decryption_table.tmpl
@@ -0,0 +1,10 @@
+# This file is automatically generated, DO NOT MODIFY.
+1234567890123456,0987654321098765,,,"NULL [RFC2410]",,,"NONE [RFC4306]"
+19ab98963486359f,78f13157ccd3b3d8,2e0e194070fc658c2bfbfdbf8b956be4b2eaa33d02a43cca,219f3080e631774b8d5836d3a675b099b1e271c9bdcf6e15,"3DES [RFC2451]",c96f5bad08aebbff60509c7495f11c183818b916,e742ac415cdfdd709c9de92769a169e0a5224f79,"HMAC_SHA1_160 [RFC4595]"
+ea684d21597afd36,d9fe2ab22dac23ac,be83fe15f6a9976941870830fe26c014b863b3,79e0f4476861a76e64329e787b1c4ff38d732f,"AES-CCM-128 with 12 octet ICV [RFC5282]",,,"NONE [RFC4306]"
+a2926ae833c6f138,5464c57d0dc5e272,5daf82e6fd7e57d5fbf76cd5af73fd46035db0bc,68848f4a7602b20c7d033cc998b0c097032ac38a,"AES-CTR-128 [RFC5930]",,,"ANY 96-bits of Authentication [No Checking]"
+81f24c0acd8fa55c,192383172724c706,aaa06839eaf0959d486eeecda7a48b23080963b5fd7217928e8fbf58,92dc96ec87076caa84e26b3621c7c469427e2e4bcc1b962362a3dde3,"AES-CTR-192 [RFC5930]",65777be31ee2137f31cf23fa0ee834dfede11cc0adc9a84541026642c09df2bf96056a2036e97a67ce7d3c5b6f37e17e8fe64f4ef23e14f5997fb7671df3adaf,42abd4709f1b94fd8c2270c74aae3fbe61c0b9c109c55f3e3b9ed7e480bc75c3985c15234caa623c8ca0606c303921d7cfd44861df1e798370b2ee95fe712e52,"HMAC_SHA2_512_256 [RFC4868]"
+191ccd371a7a1f7b,bc123d15e4af593f,9096ddd2933620e8f48122c53a3f562cb0222c1cf97ce41fcc874ea2582a89ac,6718c6b2bbef2f234eac4c13832f885d87b574afd2af0111161e99b5dc61b4d4,"AES-CBC-256 [RFC3602]",12d532c3e83c757906af548dfe1ccf223ca5507af77898454e2d55c8ace57a17,30c4ead18c93024b58a86c1e3db60f550221801026853170b4cb0248d3a95329,"HMAC_SHA2_256_128 [RFC4868]"
+cd7ae76304b277e2,74f6080ed799d463,daa0a85a81e6adda7b8c568f1c4cfaa6e9f9edb242e9895f012caaa642eacf4d004903,e02281ba4bb8ed20321faff956b95ce7f841b3039984dad4ed4625e77743fce4a04f32,"AES-CCM-256 with 16 octet ICV [RFC5282]",,,"NONE [RFC4306]"
+5d48bfeeb7d574da,bbb73016c0503640,91b817d036d97db3ace64475cd8d1cbeab186295020211a9cf0c16cec10b92b453ecd24e,d04516586721974d970627d85f7d031433b6558c0ec6faecf9217e5445e17e7eeee6bc68,"AES-GCM-256 with 8 octet ICV [RFC5282]",,,"NONE [RFC4306]"
+0158b8fb90b7623d,13514610cea16160,647075bf167447a1c8683e8dbe4794b4cfe73799cc6bec34905441159ce13705c8dfb3a9,15c9eae6f94631d63068bf44bb69999abc07b3d15e915fd8f0ed99ad481efd75deb02a5e,"AES-GCM-256 with 16 octet ICV [RFC5282]",,,"NONE [RFC4306]"
diff --git a/test/suite-decryption.sh b/test/suite-decryption.sh
index 14a15736cf..975fdab8d3 100755
--- a/test/suite-decryption.sh
+++ b/test/suite-decryption.sh
@@ -45,6 +45,7 @@ UAT_FILES="
 	ssl_keys
 	c1222_decryption_table
 	ikev1_decryption_table
+	ikev2_decryption_table
 "
 
 TEST_KEYS_DIR="$TESTS_DIR/keys/"
@@ -340,6 +341,118 @@ decryption_step_ikev1_unencrypted() {
 	test_step_ok
 }
 
+# IKEv2 decryption test (3DES-CBC/SHA1_160)
+decryption_step_ikev2_3des_sha160() {
+	$TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
+		-Tfields -e isakmp.auth.data \
+		-r "$CAPTURE_DIR/ikev2-decrypt-3des-sha1_160.pcap" \
+		| grep "02:f7:a0:d5:f1:fd:c8:ea:81:03:98:18:c6:5b:b9:bd:09:af:9b:89:17:31:9b:88:7f:f9:ba:30:46:c3:44:c7" > /dev/null 2>&1
+	RETURNVALUE=$?
+	if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+		test_step_failed "Failed to decrypt encrypted with 3_DES_CBC/SHA1_160 packet of IKEv2 exchange"
+		return
+	fi
+	test_step_ok
+}
+
+# IKEv2 decryption test (AES-128-CCM-12) - with CBC-MAC verification
+decryption_step_ikev2_aes128_ccm12() {
+	$TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
+		-Tfields -e isakmp.auth.data \
+		-r "$CAPTURE_DIR/ikev2-decrypt-aes128ccm12.pcap" \
+		| grep "c2:10:43:94:29:9e:1f:fe:79:08:ea:72:0a:d5:d1:37:17:a0:d4:54:e4:fa:0a:21:28:ea:68:94:11:f4:79:c4" > /dev/null 2>&1
+	RETURNVALUE=$?
+	if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+		test_step_failed "Failed to decrypt encrypted with AES_128_CCM_12 packet of IKEv2 exchange"
+		return
+	fi
+	test_step_ok
+}
+
+# IKEv2 decryption test (AES-128-CCM-12 using CTR mode, without checksum)
+decryption_step_ikev2_aes128_ccm12_2() {
+	$TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
+		-Tfields -e isakmp.auth.data \
+		-r "$CAPTURE_DIR/ikev2-decrypt-aes128ccm12-2.pcap" \
+		| grep "aa:a2:81:c8:7b:4a:19:04:6c:57:27:1d:55:74:88:ca:41:3b:57:22:8c:b9:51:f5:fa:96:40:99:2a:02:85:b9" > /dev/null 2>&1
+	RETURNVALUE=$?
+	if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+		test_step_failed "Failed to decrypt (using CTR mode) encrypted with AES_128_CCM_12  packet of IKEv2 exchange"
+		return
+	fi
+	test_step_ok
+}
+
+# IKEv2 decryption test (AES-192-CTR/SHA2-512)
+decryption_step_ikev2_aes192ctr_sha512() {
+	$TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
+		-Tfields -e isakmp.auth.data \
+		-r "$CAPTURE_DIR/ikev2-decrypt-aes192ctr.pcap" \
+		| grep "3e:c2:3d:cf:93:48:48:56:38:40:7c:75:45:47:ae:b3:08:52:90:08:2c:49:f5:83:fd:ba:e5:92:63:a2:0b:4a" > /dev/null 2>&1
+	RETURNVALUE=$?
+	if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+		test_step_failed "Failed to decrypt encrypted with AES-192-CTR/SHA2_512 packet of IKEv2 exchange"
+		return
+	fi
+	test_step_ok
+}
+
+# IKEv2 decryption test (AES-256-CBC/SHA2-256)
+decryption_step_ikev2_aes256cbc_sha256() {
+	$TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
+		-Tfields -e isakmp.auth.data \
+		-r "$CAPTURE_DIR/ikev2-decrypt-aes256cbc.pcapng" \
+		| grep "e1:a8:d5:50:06:42:01:a7:ec:02:4a:85:75:8d:06:73:c6:1c:5c:51:0a:c1:3b:cd:22:5d:63:27:f5:0d:a3:d3" > /dev/null 2>&1
+	RETURNVALUE=$?
+	if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+		test_step_failed "Failed to decrypt encrypted with AES-256-CBC/SHA2-256 packet of IKEv2 exchange"
+		return
+	fi
+	test_step_ok
+}
+
+# IKEv2 decryption test (AES-256-CCM-16)
+decryption_step_ikev2_aes256ccm16() {
+	$TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
+		-Tfields -e isakmp.auth.data \
+		-r "$CAPTURE_DIR/ikev2-decrypt-aes256ccm16.pcapng" \
+		| grep "fa:2e:74:bd:c0:1e:30:fb:0b:3d:dc:97:23:c9:44:90:95:96:9d:a5:1f:69:e5:60:20:9d:2c:2b:79:40:21:0a" > /dev/null 2>&1
+	RETURNVALUE=$?
+	if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+		test_step_failed "Failed to decrypt encrypted with AES-256-CCM-16 packet of IKEv2 exchange"
+		return
+	fi
+	test_step_ok
+}
+
+# IKEv2 decryption test (AES-256-GCM-16)
+decryption_step_ikev2_aes256gcm16() {
+	$TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
+		-Tfields -e isakmp.auth.data \
+		-r "$CAPTURE_DIR/ikev2-decrypt-aes256gcm16.pcap" \
+		| grep "9a:b7:1f:14:ab:55:3c:ad:87:3a:1a:a7:0b:99:df:15:5d:ee:77:cd:cf:36:94:b3:b7:52:7a:cb:b9:71:2d:ed" > /dev/null 2>&1
+	RETURNVALUE=$?
+	if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+		test_step_failed "Failed to decrypt encrypted with AES-256-GCM-16 packet of IKEv2 exchange"
+		return
+	fi
+	test_step_ok
+}
+
+# IKEv2 decryption test (AES-256-GCM-8)
+decryption_step_ikev2_aes256gcm8() {
+	$TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
+		-Tfields -e isakmp.auth.data \
+		-r "$CAPTURE_DIR/ikev2-decrypt-aes256gcm8.pcap" \
+		| grep "4a:66:d8:22:d0:af:bc:22:ad:9a:92:a2:cf:42:87:c9:20:ad:8a:c3:b0:69:a4:a7:e7:5f:e0:a5:d4:99:f9:14" > /dev/null 2>&1
+	RETURNVALUE=$?
+	if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+		test_step_failed "Failed to decrypt encrypted with AES-256-GCM-8 packet of IKEv2 exchange"
+		return
+	fi
+	test_step_ok
+}
+
 # HTTP2 (HPACK)
 decryption_step_http2() {
 	env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
@@ -382,9 +495,20 @@ tshark_decryption_suite() {
 	test_step_add "ZigBee Decryption" decryption_step_zigbee
 	test_step_add "ANSI C12.22 Decryption" decryption_step_c1222
 	test_step_add "DVB-CI Decryption" decryption_step_dvb_ci
+
 	test_step_add "IKEv1 Decryption (certificates)" decryption_step_ikev1_certs
 	test_step_add "IKEv1 Decryption (simultaneous exchanges)" decryption_step_ikev1_simultaneous
 	test_step_add "IKEv1 Decryption (unencrypted phase 1)" decryption_step_ikev1_unencrypted
+
+	test_step_add "IKEv2 Decryption (3DES-CBC/SHA1_160)" decryption_step_ikev2_3des_sha160
+	test_step_add "IKEv2 Decryption (AES-128-CCM-12)" decryption_step_ikev2_aes128_ccm12
+	test_step_add "IKEv2 Decryption (AES-128-CCM-12 using CTR mode)" decryption_step_ikev2_aes128_ccm12_2
+	test_step_add "IKEv2 Decryption (AES-192-CTR/SHA2-512)" decryption_step_ikev2_aes192ctr_sha512
+	test_step_add "IKEv2 Decryption (AES-256-CBC/SHA2-256)" decryption_step_ikev2_aes256cbc_sha256
+	test_step_add "IKEv2 Decryption (AES-256-CCM-16)" decryption_step_ikev2_aes256ccm16
+	test_step_add "IKEv2 Decryption (AES-256-GCM-16)" decryption_step_ikev2_aes256gcm16
+	test_step_add "IKEv2 Decryption (AES-256-GCM-8)" decryption_step_ikev2_aes256gcm8
+
 	test_step_add "HTTP2 (HPACK)" decryption_step_http2
 }
 
-- 
cgit v1.2.1