["ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>]

Nice.
Maybe uploading the example to the other examples on the wiki?

I have made some very minor cosmetic changes to the dissector of yours
that anders checked in.

I also changed it so that the payload inside ah/esp is displayed at
the root of the tree.
(look at the screenshot at the ESP_preferences in the wiki,   it is
confusing when the source/dest ip addresses in the summary line are
different from what is shown in the dissect pane (before we open any
of the  expansions.))




On 9/7/06, Frédéric Roudaut <frederic.roudaut@xxxxxxx> wrote:
> Hi,
>
> as requested  here is a patch  in order to take into account  Encryption
> and Authentication keys for ESP in hexa.
> You only have to write your key with 0x first. In this case if the key
> is not in 8-bit unit, it will be considered as starting with a "0" (4 bits).
> Excepted this case, the key should be completely written, even if it
> starts with "0x00".
>
> Nevertheless, if the box contains a key with white spaces before "0x",
> it will be taken into account. Ie if the ESP preference contains
> "    0xffffff",  it will not be considered  as an hexadecimal key (4
> white spaces before 0x). I do not think it is a problem but please tell
> me if it is, I will correct this.
>
> Moreover I noticed an editorial issue in the Author files ;-). IPsec
> should be written like this and not IP-sec.
> could you please update this ?
>
> best regards,
>
> ps : in attachment, you will also get some examples for using
> Hexadecimal keys (preference and capture files, IPsec policy for setkey).
> ps2 : sorry for the off-by-one errors ;-(
>
> ---
> Frederic Roudaut
>
>
>
> Filonenko Alexander-AAF013 wrote:
> > Frederic,
> >
> > Thank you for the response. While adding this feature, do you plan to
> > add another checkbox in the ESP preferences so the user can switch
> > between ASCII/hex modes for encryption keys?
> >
> > Thank you,
> > Alex Filonenko
> >
> >
> >
> > ------------------------------------------------------------------------
> > *From:* Frédéric Roudaut [mailto:roudaut.frederic@xxxxxxx]
> > *Sent:* Tuesday, August 01, 2006 5:19 AM
> > *To:* Filonenko Alexander-AAF013
> > *Cc:* Ethereal development; Developer support list for Wireshark
> > *Subject:* Re: IPsec Dissector to decrypt ESP Payload
> >
> > Hi,
> >
> > sorry for my late answer. You're right for the key. To enter binary
> > keys you need to modify the dissector. It should easy to adapt. If
> > needed, I could easily add this but however not before the beginning
> > of september.
> > Sorry for that.
> >
> > best regards,
> >
> > --
> > Frederic Roudaut
> >
> >
> > Filonenko Alexander-AAF013 a écrit :
> >> Frederic,
> >>
> >> I am using ESP decryption features of your dissector and it is very
> useful.
> >> I have one question though. How can I use arbitrary (non-ASCII)
> encryption key with preferences available for ESP? Is the key limited to
> ASCII characters only?
> >>
> >> Thank you,
> >> Alex
> >>
> >> -----Original Message-----
> >> From: Filonenko Alexander-AAF013
> >> Sent: Friday, February 24, 2006 4:43 PM
> >> To: 'Ethereal development'
> >> Subject: RE: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
> >>
> >> Frederic,
> >>
> >> I find IPsec functionality you have added to the dissector very useful.
> >> Hope I can provide you with some feedback in a few weeks.
> >>
> >> Thank you,
> >> Alex Filonenko
> >>
> >>
> >>> -----Original Message-----
> >>> From: ethereal-dev-bounces@xxxxxxxxxxxx
> >>> [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Frederic
> >>> Roudaut
> >>> Sent: Friday, February 24, 2006 10:01 AM
> >>> To: Ethereal development
> >>> Subject: [Ethereal-dev] IPsec Dissector to decrypt ESP Payload
> >>>
> >>>
> >>> Hi,
> >>>
> >>> finally, I have updated my dissector using libgcrypt.
> >>> It does not use openssl anymore.
> >>> If gnutls is installed, all should work.
> >>> Thus, now it should decrypt and dissect (transport/tunnel/several
> >>> encapsulations ...) :
> >>>
> >>> - NULL Encryption Algorithm
> >>> - TripleDES-CBC [RFC2451] : keylen 192 bits.
> >>> - AES-CBC with 128-bit keys [RFC3602] : keylen 128 and 192/256 bits.
> >>> - AES-CTR [RFC3686] : keylen 160/224/288 bits. The remaining
> >>> 32 bits will be used as nonce.
> >>> - DES-CBC [RFC2405] : keylen 64 bits
> >>>
> >>> I also have added :
> >>>
> >>> - BLOWFISH-CBC : keylen 128 bits.
> >>> - TWOFISH-CBC : keylen 128/256 bits.
> >>>
> >>> You have to indicate the Authentication algorithm even if all
> >>> Algorithms since it uses 12 bytes in the Auth field should work (have
> >>> a look to the README to understand why I put it
> >>> ;-) ). If you consider I have to throw it away please tell me.
> >>>
> >>> HMAC-SHA1-96 [RFC2404]
> >>> NULL
> >>> AES-XCBC-MAC-96 [RFC3566]
> >>> HMAC-MD5-96 [RFC2403]
> >>>
> >>> In the attachment you will get :
> >>> - this dissector
> >>> - a new README
> >>> - some example capture files with associated preferences files (and
> >>> setkey config files)
> >>>
> >>>
> >>> Best Regards,
> >>>
> >>>
> >>> ----
> >>> Frederic
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Frédéric ROUDAUT
> >>> IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
> >>> Tl: +33 (0) 2 99 84 71 44, Fax: +33 (0) 2 99 84 71 71
> >>>
> >>>
> >>>
> >> _______________________________________________
> >> Ethereal-dev mailing list
> >> Ethereal-dev@xxxxxxxxxxxx
> >> http://www.ethereal.com/mailman/listinfo/ethereal-dev
> >>
> >>
> >>
> >