try to decode ESP frames #155
Conversation
|
@PhyxionNL any comment on my PR? Thanks |
PacketDotNet/EspPacket.cs
Outdated
| public ProtocolType NextHeader { get; set; } | ||
|
|
||
| /// <summary>Pad length</summary> | ||
| public int PadLength { get; private set; } | ||
|
|
||
| /// <summary> | ||
| /// Gets or sets the Authentication Data | ||
| /// </summary> | ||
| public byte[] AuthenticationData { get; set; } | ||
|
|
||
| /// <summary> | ||
| /// Gets or sets the Pad | ||
| /// </summary> | ||
| public byte[] Pad { get; private set; } |
There was a problem hiding this comment.
The get and sets should be implemented for all of these.
There was a problem hiding this comment.
Here, I don't actually really know how to do this. The packet type is "Encapsulated Security Payload" and as the name says it, this is encapsulated. So that the "NextHeader", "Pad" and its length and finally the integrity signature are placed after the encrypted payload (even in case of Null Ciphering case, so no encryption). The Packet and ByteArraySegment classes are designed that all fields are stored in the Header which is here not the case, as this is a Suffix.
For decoding, I managed to find a way and use the simple setter/getter only. For encoding, this can't be done without the payload and the corresponding integrity algorithm and its key.
Any suggestion?
There was a problem hiding this comment.
Looking at the header briefly, I think a set would be possible after reading the length of payload/segment? The code right now is also a bit strange as the data would become invalid once you change the payload. For the set, it could alternatively be changed into a method to pass in the required details. DHCP packet is doing something similar with Options, https://github.com/chmorgan/packetnet/blob/master/PacketDotNet/DhcpV4Packet.cs#L299
|
Thanks for the review
With Best Regards,
Julien Gaulon
From: PhyxionNL ***@***.***>
Sent: Friday, October 22, 2021 10:45 AM
To: chmorgan/packetnet ***@***.***>
Cc: Gaulon Julien 1CD4 ***@***.***>; Author ***@***.***>
Subject: *EXT* [Newsletter] Re: [chmorgan/packetnet] try to decode ESP frames (PR #155)
@PhyxionNL commented on this pull request.
________________________________
In PacketDotNet/EspPacket.cs<#155 (comment)>:
+
+ ParentPacket = parentPacket;
+
+ var next = Header.NextSegment();
+
+ // try to decode, assuming a Null ciphering. Get first the last 96 bits (12 bytes) for the Authentication Data
+ // + 1 byte for the Next Header + 1 byte for the pad length
+ if (next.Length > 14)
+ {
+ AuthenticationData = new byte[12];
+
+ // copy the last 12 bytes
+ Array.Copy(next.Bytes, next.BytesLength - 12, AuthenticationData, 0, 12);
+ var nextHeader = next.Bytes[next.BytesLength - 13];
+ // Continue only if next header is Tcp or Udp
+ if (Enum.IsDefined(typeof(ProtocolType), nextHeader) && ((ProtocolType)nextHeader == ProtocolType.Tcp || (ProtocolType)nextHeader == ProtocolType.Udp))
Enum.IsDefined is pointless here.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#155 (review)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AVTNPKCUJ4AOIGHHU4BSIHTUIEQBJANCNFSM5GLU6SZQ>.
Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
Content provided within this e-mail including any attachments, is for the use of the intended recipients and may contain Rohde & Schwarz company restricted information. Any unauthorized use, disclosure, or distribution of this communication in whole or in part is strictly prohibited. If you are not the intended recipient, please notify the sender by reply email or by telephone and delete the communication in its entirety.
|
assuming Null Ciphering and 96 bits Integrity algorithm