This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Are AEAD cyphers accepted for IKEv2 decryption table?

0

Hi,

I'm working at a strongSwan plugin that will generate a IKEv2 decryption table for wireshark.

In IKEv2 decryption table(wireshark) at encryption algorithm field there are only the following algorithms: "3DES[RFC2451]", "AES-CBC-128[RFC3602]", "AES-CBC-192[RFC3602]", "AES-CBC-256[RFC3602]" and "NULL[RFC2410]".

But strongSwan accepts AEAD cyphers like: AES_CCM_ICV8, AES_CCM_ICV12, AES_CCM_ICV16, AES_GCM_ICV8, AES_GCM_ICV12, AES_GCM_ICV16, NULL_AUTH_AES_GMAC, CAMELLIA_CCM_ICV8, CAMELLIA_CCM_ICV12, CAMELLIA_CCM_ICV16 and CHACHA20_POLY1305.

So, wireshark can decrypt packets that are encrypted with AEAD cyphers?

Thanks, Codrut

asked 02 Aug '16, 00:49

Codrut%20Cristian%20Grosu's gravatar image

Codrut Crist...
6335
accept rate: 0%


One Answer:

0

Once the ISAKMP dissector is adapted to setup the decryption parameters for those it would be able to do so. Currently it's not. You could file an enhancement request to this effect referencing this question and providing a sample capture would help things along.

answered 02 Aug '16, 05:09

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%