From b6b8880340ea349f416666edf94f491fe1cdd4aa Mon Sep 17 00:00:00 2001 From: =?utf8?q?Micha=C5=82=20Skalski?= Date: Mon, 22 Feb 2021 16:41:23 +0100 Subject: [PATCH] save-keys: Add support for full-length HMAC-SHA256 for ESP Wireshark doesn't really support it, but this way it at least decodes the ESP packets correctly and the encryption keys are saved and the packets can be decrypted. The full-length versions of SHA-384 and SHA-512 are not supported by Wireshark as 256-bit is the longest ICV it is able to decode currently. --- src/libcharon/plugins/save_keys/save_keys_listener.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libcharon/plugins/save_keys/save_keys_listener.c b/src/libcharon/plugins/save_keys/save_keys_listener.c index fc16f20..60b75fd 100644 --- a/src/libcharon/plugins/save_keys/save_keys_listener.c +++ b/src/libcharon/plugins/save_keys/save_keys_listener.c @@ -234,6 +234,7 @@ static algo_map_t esp_integ[] = { { AUTH_HMAC_SHA2_384_192, -1, "HMAC-SHA-384-192 [RFC4868]" }, { AUTH_HMAC_SHA2_512_256, -1, "HMAC-SHA-512-256 [RFC4868]" }, { AUTH_HMAC_SHA2_256_96, -1, "HMAC-SHA-256-96 [draft-ietf-ipsec-ciph-sha-256-00]" }, + { AUTH_HMAC_SHA2_256_256, -1, "ANY 256 bit authentication [no checking]" }, { AUTH_UNDEFINED, 64, "ANY 64 bit authentication [no checking]" }, { AUTH_UNDEFINED, 96, "ANY 96 bit authentication [no checking]" }, { AUTH_UNDEFINED, 128, "ANY 128 bit authentication [no checking]" }, -- 2.7.4