https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4838
Summary: AES-CTR decoding not working,
(dissectors/packet_ipsec.c using gcrypt)
Product: Wireshark
Version: 1.2.8
Platform: Other
OS/Version: All
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: john_fitzgibbon@xxxxxxxxx
Build Information:
wireshark 1.2.8
Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.10.4, (32-bit) with GLib 2.12.3, with libpcap 0.9.4, with
libz 1.2.3, with POSIX capabilities (Linux), with libpcre 6.6, with SMI 0.4.5,
without c-ares, with ADNS, with Lua 5.1, with GnuTLS 1.4.1, with Gcrypt 1.4.4,
with MIT Kerberos, without GeoIP, without PortAudio, without AirPcap.
Running on Linux 2.6.18-194.3.1.el5, with libpcap version 0.9.4, GnuTLS 1.4.1,
Gcrypt 1.4.4.
Built using gcc 4.1.2 20080704 (Red Hat 4.1.2-48).
--
Decoding IPsec (ESP) using AES-CTR fails.
When specifying SA keys for AES-CTR, wireshark expects a key length of 160, 224
or 288 bits, (i.e. 128, 192 or 256 bits, followed by the 32 bit nonce value),
but gcry_cipher_setkey() in packet_ipsec.c fails, as it expects 128, 192 or 256
bits.
Omitting the nonce won't work -- even if wireshark liked those key lengths,
gcrypt wouldn't be able to decrypt without it.
Looking at gcrypt.h, I'm guessing what's missing may be a call to
gcry_cipher_setctr()? Once gcrypt has the nonce, the key len could be
decremented by 4, (32 bits), for the call to gcry_cipher_setkey() and things
should work from there.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.