Wireshark-bugs: [Wireshark-bugs] [Bug 7680] New: Added L2TPv3 control message authentication che
Date: Thu, 30 Aug 2012 04:07:23 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7680

           Summary: Added L2TPv3 control message authentication checking
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Dissection engine (libwireshark)
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: celston@xxxxxxxxxxx


Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
L2TPv3 includes an AVP which contains a digest over the control message it is
part of, salted with a nonce generated by LNS and LAC from a shared secret.
(See http://tools.ietf.org/html/rfc3931#section-4.3 for details).

The following patches add support in the L2TP dissector for confirming the
calculation of this message digest in Wireshark.

The change is split into three parts. The first two patches split the
implementation of the SHA1 and MD5 hmac hash algorithms across multiple
functions. This is required so that we can do incremental MD5 and SHA1 hmac, in
the same way that we can do incremental MD5 or SHA1.

i.e. For an MD5 sum we can do:

    md5_init, md5_append [0..*], md5_finish

The new md5_hmac functions allow us to do:

    md5_hmac_init, md5_hmac_append [0..*], md5_hmac_finish

The previous md5_hmac function is then reimplemented using the new incremental
functions.

This is required because the L2TP message digest AVP is calculated on the
incoming tvbuff, but with the content of the message digest AVP zeroed out.
Rather than modifying the tvbuff to zero out the appropriate portion, it seemed
to be cleaner to allow incremental hmac calculation and substitute zeroes for
the digest AVP section.

The third part of the patch modifies the L2TP packet dissector so that it is
able to track conversations and confirm the calculation of the message digest
AVP.

I've added appropriate conversation_new and conversation_find calls, such that
the conversation is successfully tracked whether the LAC or the LNS (or both,
or neither) are using ephemeral ports.  This allows the dissector to associate
the crypto nonces (exchanged in the initial SCCRQ and SCCRP messages) with the
conversation.

In addition, I've added a protocol preference item "Shared Secret", which must
be configured by the user in order to successfully calculate the digest.

Whether the digest matches or not is communicated via an added
expert_add_info_format (PI_CHECKSUM, PI_WARN).

At the moment it only works for UDP encap L2TP (IP encap is also an option),
I'm submitting this now because I'd like to get some early feedback on whether
the approach is valid and likely to be accepted.

There are a number of additional protocol features in the RFC which I'd like to
add support for (hidden AVP decoding, message digest AVP decoding _without_
nonces), which are likely to use this code too.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.