Wireshark-bugs: [Wireshark-bugs] [Bug 11543] New: ISAKMP: Type "Hash and URL of X.509 certificat
Date: Wed, 23 Sep 2015 10:50:00 +0000
Bug ID 11543
Summary ISAKMP: Type "Hash and URL of X.509 certificate" is not decoded
Product Wireshark
Version 1.12.7
Hardware x86
OS Red Hat
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter mareko.paliga@gmail.com

Created attachment 13881 [details]
pcap with undecoded CERT payload

Build Information:
TShark 1.12.7 (5e509d0 from master)

Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.44.1, with libpcap, with libz 1.2.3, without
POSIX
capabilities, without libnl, without SMI, without c-ares, without ADNS, without
Lua, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos,
without GeoIP.

Running on Linux 2.6.32-220.7.1.el6.x86_64, with locale en_US.UTF-8, with
libpcap version 1.7.2, with libz 1.2.3.
Intel(R) Xeon(R) CPU           X3440  @ 2.53GHz

Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-3).

--
Certificate Data is not correctly dissected when Certificate encoding is "Hash
and URL of X.509 certificate".

Please see the attached pcap.

In this case we should see 20-bit hash and URL.
According to RFC5996:

   o  Hash and URL encodings allow IKE messages to remain short by
      replacing long data structures with a 20-octet SHA-1 hash (see
      [SHA]) of the replaced value followed by a variable-length URL
      that resolves to the DER-encoded data structure itself.  This
      improves efficiency when the endpoints have certificate data
      cached and makes IKE less subject to DoS attacks that become
      easier to mount when IKE messages are large enough to require IP
      fragmentation [DOSUDPPROT].


You are receiving this mail because:
  • You are watching all bug changes.