X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/088f80a16f384041909c6df6c5fbc98c0d76427f..9c6af4eca6bfb7bed6f86b1f32479f933979c080:/secnet-wireshark.lua diff --git a/secnet-wireshark.lua b/secnet-wireshark.lua index 62739bc..5166918 100644 --- a/secnet-wireshark.lua +++ b/secnet-wireshark.lua @@ -162,7 +162,7 @@ end local function dump_algs(algs) -- Dump the algorithms selection ALGS from a site structure. - return "xform=" .. algs.transform + return "xform=" .. algs.transform .. "; dh=" .. algs.dhgroup end local function dump_str(str) return str end @@ -224,6 +224,8 @@ local CAPTAB = { desc = "Deprecated Serpent256-CBC transform" }, [9] = { name = "eaxserpent", kind = "transform", desc = "Serpent256-EAX transform" }, + [10] = { name = "tradzp", kind = "dhgroup", + desc = "Traditional Z_p Diffie--Hellman key agreement" }, [31] = { name = "mobile-priority", kind = "early", desc = "Mobile site takes priority in case of MSG1 crossing" } } @@ -248,10 +250,11 @@ local function notice_alg_selection(st) -- Record the algorithm selections declared in the packet described by ST. local transform = get_algname("transform", st.transform, "serpent256cbc") + local dhgroup = get_algname("dhgroup", st.dhgroup, "tradzp") local site = get_site_create(st.sndname) local peer = get_site_create(st.rcvname) local now = st.pinfo.rel_ts - local algs = { transform = transform } + local algs = { transform = transform, dhgroup = dhgroup } tl_add(get_timeline_create(site.algs, st.rcvname), now, algs) tl_add(get_timeline_create(peer.algs, st.sndname), now, algs) end @@ -302,6 +305,7 @@ local M = { NAK = msgcode( 0, 0), MSG2 = msgcode( 2, 0), MSG3 = msgcode( 3, 0), MSG3BIS = msgcode( 3, 1), + MSG3TER = msgcode( 3, 2), MSG4 = msgcode( 4, 0), MSG5 = msgcode( 5, 0), MSG6 = msgcode( 6, 0), @@ -346,6 +350,7 @@ do -- Firstly, build, in `caps', a list of the capability names and their -- numbers. local i = 1 + caps[i] = { i = 15, cap = "explicit" }; i = 1 + 1 for j, cap in pairs(CAPTAB) do caps[i] = { i = j, cap = cap.name } i = i + 1 @@ -451,6 +456,14 @@ local function dissect_transform(st, buf, tree, pos, sz) return pos end +local function dissect_dhgroup(st, buf, tree, pos, sz) + -- Dissect the selected DH group. Note this in the packet state for later. + + st.dhgroup = buf(pos, 1):uint() + tree:add(PF["secnet.kx.dhgroup"], buf(pos, 1)); pos = pos + 1 + return pos +end + local function dissect_lenstr(st, buf, tree, label, pos, sz) -- Dissect a simple string given its length. local len = buf(pos, 2):uint() @@ -620,6 +633,23 @@ local PKTINFO = { dissect_wtf }, hook = notice_alg_selection }, + [M.MSG3TER] = { + label = "MSG3TER", + info = "MSG3TER", + dissect = { make_dissect_name_xinfo("secnet.kx.sndname", + { dissect_caps, + dissect_mtu, + dissect_wtf }, + notice_sndname), + make_dissect_name_xinfo("secnet.kx.rcvname", + { dissect_wtf }, + notice_rcvname), + dissect_sndnonce, dissect_rcvnonce, + dissect_transform, dissect_dhgroup, + dissect_dhval, dissect_sig, + dissect_wtf }, + hook = notice_alg_selection + }, [M.MSG4] = { label = "MSG4", info = "MSG4", @@ -665,7 +695,7 @@ do local msgtab = { } for i, v in pairs(PKTINFO) do msgtab[i] = v.label end - local capmap = { transform = { }, early = { } } + local capmap = { transform = { }, dhgroup = { }, early = { } } for i, v in pairs(CAPTAB) do capmap[v.kind][i] = v.desc end local ftab = { @@ -726,6 +756,10 @@ do name = "User-assigned capability bits", type = ftypes.UINT32, mask = 0x000000ff, base = base.HEX }, + ["secnet.cap.explicit"] = { + name = "Transforms listed explicitly; all capability bits used", + type = ftypes.BOOLEAN, mask = 0x00008000, base = 32 + }, ["secnet.mtu"] = { name = "Sender's requested MTU", type = ftypes.UINT16, base = base.DEC }, @@ -739,6 +773,10 @@ do name = "Selected bulk-crypto transform", type = ftypes.UINT8, base = base.DEC, tab = capmap.transform }, + ["secnet.kx.dhgroup"] = { + name = "Selected Diffie--Hellman group kind", type = ftypes.UINT8, + base = base.DEC, tab = capmap.dhgroup + }, ["secnet.kx.dhval"] = { name = "Sender's public Diffie--Hellman value", type = ftypes.NONE },