--- /dev/null
+/* -*-c-*-
+ *
+ * $Id$
+ *
+ * TrIPE protocol dissector for Wireshark
+ *
+ * (c) 2003 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Trivial IP Encryption (TrIPE).
+ *
+ * TrIPE is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * TrIPE is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with TrIPE; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+/*----- Header files ------------------------------------------------------*/
+
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netinet/in.h>
+
+#include <glib.h>
+#include <gmodule.h>
+#include <wireshark/config.h>
+#include <wireshark/epan/packet.h>
+#include <wireshark/epan/prefs.h>
+
+#include "tripe-protocol.h"
+
+/*----- Static variables --------------------------------------------------*/
+
+static int proto_tripe = -1;
+
+static guint hashsz = 20, tagsz = 10, ivsz = 8;
+
+typedef struct hfmp {
+ int hf, hf_len, hf_val, tt;
+} hfmp;
+typedef struct hfge {
+ int hf, hf_len, hf_val, hfx_len, hfx_val, hfy_len, hfy_val, tt;
+} hfge;
+
+static int hf_tripe_cat = -1;
+static int hf_tripe_packet_type = -1;
+static int hf_tripe_ct = -1;
+static int hf_tripe_ct_seq = -1;
+static int hf_tripe_ct_iv = -1;
+static int hf_tripe_ct_ct = -1;
+static int hf_tripe_ct_tag = -1;
+static int hf_tripe_misc_type = -1;
+static int hf_tripe_misc_payload = -1;
+static int hf_tripe_kx_type = -1;
+static hfge hf_tripe_kx_mychal = { -1, -1, -1, -1, -1, -1, -1, -1 };
+static int hf_tripe_kx_mycookie = -1;
+static int hf_tripe_kx_yourcookie = -1;
+static hfmp hf_tripe_kx_check = { -1, -1, -1, -1 };
+static int hf_tripe_huh = -1;
+
+static int tt_tripe = -1;
+static int tt_tripe_ct = -1;
+
+G_MODULE_EXPORT const gchar version[] = VERSION;
+
+/*----- Main code ---------------------------------------------------------*/
+
+static void prefcb(void) { }
+
+static gint gethash(proto_tree *tt, int hf, tvbuff_t *b, gint off)
+{
+ proto_tree_add_item(tt, hf, b, off, hashsz, FALSE);
+ return (off + hashsz);
+}
+
+static gint getmp(proto_tree *tt, const hfmp *hf, tvbuff_t *b, gint off)
+{
+ guint16 len = tvb_get_ntohs(b, off);
+ proto_item *ti = proto_tree_add_item(tt, hf->hf, b, off, len + 2, FALSE);
+ tt = proto_item_add_subtree(ti, hf->tt);
+ proto_tree_add_item(tt, hf->hf_len, b, off, 2, FALSE);
+ proto_tree_add_item(tt, hf->hf_val, b, off + 2, len, FALSE);
+ return (off + 2 + len);
+}
+
+static gint getge(proto_tree *tt, const hfge *hf, tvbuff_t *b, gint off)
+{
+ guint16 len = tvb_get_ntohs(b, off), len2;
+ guint r;
+ proto_item *ti;
+ r = tvb_length_remaining(b, off);
+ if (r < 4 + len ||
+ (len2 = tvb_get_ntohs(b, off + 2 + len), r < 4 + len + len2)) {
+ ti = proto_tree_add_item(tt, hf->hf, b, off, len + 2, FALSE);
+ tt = proto_item_add_subtree(ti, hf->tt);
+ proto_tree_add_item(tt, hf->hf_len, b, off, 2, FALSE);
+ proto_tree_add_item(tt, hf->hf_val, b, off + 2, len, FALSE);
+ r = off + len + 2;
+ } else {
+ ti = proto_tree_add_item(tt, hf->hf, b, off, len + len2 + 4, FALSE);
+ tt = proto_item_add_subtree(ti, hf->tt);
+ proto_tree_add_item(tt, hf->hfx_len, b, off, 2, FALSE);
+ proto_tree_add_item(tt, hf->hfx_val, b, off + 2, len, FALSE);
+ proto_tree_add_item(tt, hf->hfy_len, b, off + 2 + len, 2, FALSE);
+ proto_tree_add_item(tt, hf->hfy_val, b, off + 4 + len, len2, FALSE);
+ r = off + len + len2 + 4;
+ }
+ return (r);
+}
+
+static void dissect_tripe(tvbuff_t *b, packet_info *p, proto_tree *t)
+{
+ proto_item *ti;
+ proto_tree *tt;
+ guint8 ty;
+ gint off = 0;
+ guint32 seq;
+
+ /* --- Initialize the summary cells --- */
+
+ if (check_col(p->cinfo, COL_PROTOCOL))
+ col_set_str(p->cinfo, COL_PROTOCOL, "TrIPE");
+ if (check_col(p->cinfo, COL_INFO))
+ col_clear(p->cinfo, COL_INFO);
+ ty = tvb_get_guint8(b, 0);
+ if (check_col(p->cinfo, COL_INFO)) {
+ col_clear(p->cinfo, COL_INFO);
+ switch (ty & MSG_CATMASK) {
+ case MSG_PACKET:
+ switch (ty & MSG_TYPEMASK) {
+ case 0:
+ col_set_str(p->cinfo, COL_INFO, "Packet data");
+ break;
+ default:
+ col_add_fstr(p->cinfo, COL_INFO,
+ "Packet data, unknown type code %u",
+ ty & MSG_TYPEMASK);
+ break;
+ }
+ break;
+ case MSG_KEYEXCH:
+ switch (ty & MSG_TYPEMASK) {
+ case KX_PRECHAL:
+ col_set_str(p->cinfo, COL_INFO, "Key exchange, prechallenge");
+ break;
+ case KX_CHAL:
+ col_set_str(p->cinfo, COL_INFO, "Key exchange, challenge");
+ break;
+ case KX_REPLY:
+ col_set_str(p->cinfo, COL_INFO, "Key exchange, reply");
+ break;
+ case KX_SWITCH:
+ col_set_str(p->cinfo, COL_INFO, "Key exchange, switch request");
+ break;
+ case KX_SWITCHOK:
+ col_set_str(p->cinfo, COL_INFO, "Key exchange, switch response");
+ break;
+ default:
+ col_add_fstr(p->cinfo, COL_INFO,
+ "Key exchange, unknown type code %u",
+ ty & MSG_TYPEMASK);
+ break;
+ }
+ break;
+ case MSG_MISC:
+ switch (ty & MSG_TYPEMASK) {
+ case MISC_NOP:
+ col_set_str(p->cinfo, COL_INFO, "Miscellaneous, no-operation");
+ break;
+ case MISC_PING:
+ col_set_str(p->cinfo, COL_INFO, "Miscellaneous, transport ping");
+ break;
+ case MISC_PONG:
+ col_set_str(p->cinfo, COL_INFO,
+ "Miscellaneous, transport ping reply");
+ break;
+ case MISC_EPING:
+ col_set_str(p->cinfo, COL_INFO, "Miscellaneous, encrypted ping");
+ break;
+ case MISC_EPONG:
+ col_set_str(p->cinfo, COL_INFO,
+ "Miscellaneous, encrypted ping reply");
+ break;
+ case MISC_GREET:
+ col_set_str(p->cinfo, COL_INFO,
+ "Miscellaneous, greeting");
+ break;
+ default:
+ col_add_fstr(p->cinfo, COL_INFO,
+ "Miscellaneous, unknown type code %u",
+ ty & MSG_TYPEMASK);
+ break;
+ }
+ break;
+ default:
+ col_add_fstr(p->cinfo, COL_INFO,
+ "Unknown category code %u, unknown type code %u",
+ ty & MSG_CATMASK, ty & MSG_TYPEMASK);
+ break;
+ }
+ }
+
+ /* --- Fill in the tree --- */
+
+ if (t) {
+ ti = proto_tree_add_item(t, proto_tripe, b, 0, -1, FALSE);
+ tt = proto_item_add_subtree(ti, tt_tripe);
+
+ proto_tree_add_item(tt, hf_tripe_cat, b, 0, 1, FALSE);
+
+ off = 1;
+ switch (ty & MSG_CATMASK) {
+ case MSG_PACKET:
+ proto_tree_add_item(tt, hf_tripe_packet_type, b, 0, 1, FALSE);
+ switch (ty & MSG_TYPEMASK) {
+ case 0:
+ goto ct;
+ default:
+ goto huh;
+ }
+ break;
+ case MSG_KEYEXCH:
+ proto_tree_add_item(tt, hf_tripe_kx_type, b, 0, 1, FALSE);
+ switch (ty & MSG_TYPEMASK) {
+ case KX_PRECHAL:
+ off = getge(tt, &hf_tripe_kx_mychal, b, off);
+ goto tail;
+ case KX_CHAL:
+ off = getge(tt, &hf_tripe_kx_mychal, b, off);
+ off = gethash(tt, hf_tripe_kx_yourcookie, b, off);
+ off = getmp(tt, &hf_tripe_kx_check, b, off);
+ goto tail;
+ case KX_REPLY:
+ off = getge(tt, &hf_tripe_kx_mychal, b, off);
+ off = gethash(tt, hf_tripe_kx_yourcookie, b, off);
+ off = getmp(tt, &hf_tripe_kx_check, b, off);
+ goto ct;
+ case KX_SWITCH:
+ off = gethash(tt, hf_tripe_kx_mycookie, b, off);
+ off = gethash(tt, hf_tripe_kx_yourcookie, b, off);
+ goto ct;
+ case KX_SWITCHOK:
+ goto ct;
+ default:
+ goto huh;
+ }
+ break;
+ case MSG_MISC:
+ proto_tree_add_item(tt, hf_tripe_misc_type, b, 0, 1, FALSE);
+ switch (ty & MSG_TYPEMASK) {
+ case MISC_NOP:
+ case MISC_PING:
+ case MISC_PONG:
+ case MISC_GREET:
+ proto_tree_add_item(tt, hf_tripe_misc_payload,
+ b, off, -1, FALSE);
+ goto done;
+ case MISC_EPING:
+ case MISC_EPONG:
+ goto ct;
+ default:
+ goto huh;
+ }
+ break;
+ default:
+ goto huh;
+ }
+ tail:
+ if (tvb_offset_exists(b, off))
+ goto huh;
+ goto done;
+ huh:
+ proto_tree_add_item(tt, hf_tripe_huh, b, off, -1, FALSE);
+ goto done;
+ ct:
+ ti = proto_tree_add_item(tt, hf_tripe_ct, b, off, -1, FALSE);
+ seq = tvb_get_ntohl(b, off + tagsz);
+ proto_item_set_text(ti, "Encrypted ciphertext (sequence number %lu)",
+ (unsigned long)seq);
+ tt = proto_item_add_subtree(ti, tt_tripe_ct);
+ if (tagsz) {
+ proto_tree_add_item(tt, hf_tripe_ct_tag, b, off, tagsz, FALSE);
+ off += tagsz;
+ }
+ proto_tree_add_item(tt, hf_tripe_ct_seq, b, off, 4, FALSE);
+ off += 4;
+ if (ivsz) {
+ proto_tree_add_item(tt, hf_tripe_ct_iv, b, off, ivsz, FALSE);
+ off += ivsz;
+ }
+ proto_tree_add_item(ti, hf_tripe_ct_ct, b, off, -1, FALSE);
+ goto done;
+ done:;
+ }
+}
+
+void proto_register_tripe(void)
+{
+ module_t *mod;
+
+ static value_string vs_kxtype[] = {
+ { KX_PRECHAL, "KX_PRECHAL (prechallenge)" },
+ { KX_CHAL, "KX_CHAL (challenge)" },
+ { KX_REPLY, "KX_REPLY (reply)" },
+ { KX_SWITCH, "KX_SWITCH (switch request)" },
+ { KX_SWITCHOK, "KX_SWITCHOK (switch response)" },
+ { 0, 0 }
+ };
+
+ static hf_register_info hfs[] = {
+ { &hf_tripe_cat, {
+ "Message category", "tripe.cat",
+ FT_UINT8, BASE_HEX, 0, MSG_CATMASK
+ } },
+ { &hf_tripe_packet_type, {
+ "Packet message type", "tripe.packet.type",
+ FT_UINT8, BASE_HEX, 0, MSG_TYPEMASK,
+ "This is the TrIPE packet type subcode."
+ } },
+ { &hf_tripe_ct, {
+ "Encrypted ciphertext", "tripe.ct",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is an encrypted message."
+ } },
+ { &hf_tripe_ct_seq, {
+ "Ciphertext sequence number", "tripe.ct.seq",
+ FT_UINT32, BASE_DEC, 0, 0,
+ "This is the unique sequence number for the ciphertext."
+ } },
+ { &hf_tripe_ct_iv, {
+ "Ciphertext initialization vector", "tripe.ct.iv",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the initialization vector used for the actual encryption."
+ } },
+ { &hf_tripe_ct_ct, {
+ "Actual encrypted data", "tripe.ct.ct",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the encrypted message. Reading it ought to be hard."
+ } },
+ { &hf_tripe_ct_tag, {
+ "Message authentication code", "tripe.ct.tag",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the message authentication code tag for the ciphertext."
+ } },
+ { &hf_tripe_misc_type, {
+ "Miscellaneous message type", "tripe.misc.type",
+ FT_UINT8, BASE_HEX, 0, MSG_TYPEMASK,
+ "This is the TrIPE miscellaneous message type subcode."
+ } },
+ { &hf_tripe_misc_payload, {
+ "Miscellaneous message payload", "tripe.misc.payload",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the miscellaneous message payload."
+ } },
+ { &hf_tripe_kx_type, {
+ "Key-exchange message type", "tripe.kx.type",
+ FT_UINT8, BASE_HEX, vs_kxtype, MSG_TYPEMASK,
+ "This is the TrIPE key-exchange type subcode."
+ } },
+ { &hf_tripe_kx_mychal.hf, {
+ "Sender's challenge data", "tripe.kx.mychal",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the sender's challenge."
+ } },
+ { &hf_tripe_kx_mychal.hf_len, {
+ "Challenge length", "tripe.kx.mychal.len",
+ FT_UINT16, BASE_DEC, 0, 0,
+ "This is the length of the sender's challenge."
+ } },
+ { &hf_tripe_kx_mychal.hf_val, {
+ "Challenge", "tripe.kx.mychal.val",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the value of the sender's challenge."
+ } },
+ { &hf_tripe_kx_mychal.hfx_len, {
+ "Challenge x length", "tripe.kx.mychal.x.len",
+ FT_UINT16, BASE_DEC, 0, 0,
+ "This is the length of the sender's challenge x-coordinate."
+ } },
+ { &hf_tripe_kx_mychal.hfx_val, {
+ "Challenge x value", "tripe.kx.mychal.x.val",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the value of the sender's challenge x-coordinate."
+ } },
+ { &hf_tripe_kx_mychal.hfy_len, {
+ "Challenge y length", "tripe.kx.mychal.y.len",
+ FT_UINT16, BASE_DEC, 0, 0,
+ "This is the length of the sender's challenge x-coordinate."
+ } },
+ { &hf_tripe_kx_mychal.hfy_val, {
+ "Challenge y value", "tripe.kx.mychal.y.val",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the value of the sender's challenge x-coordinate."
+ } },
+ { &hf_tripe_kx_mycookie, {
+ "Sender's hashed cookie", "tripe.kx.mycookie",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the hash of the sender's challenge."
+ } },
+ { &hf_tripe_kx_yourcookie, {
+ "Recipient's hashed cookie", "tripe.kx.yourcookie",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the hash of the recipient's challenge."
+ } },
+ { &hf_tripe_kx_check.hf, {
+ "Challenge check-value", "tripe.kx.check",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is an encrypted check-value which proves that the sender "
+ "knows the answer to the challenge, and that it is therefore honest."
+ } },
+ { &hf_tripe_kx_check.hf_len, {
+ "Check-value length", "tripe.kx.check.len",
+ FT_UINT16, BASE_DEC, 0, 0,
+ "This is the length of the encrypted check-value."
+ } },
+ { &hf_tripe_kx_check.hf_val, {
+ "Check-value data", "tripe.kx.check.val",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the actual encrypted check-value."
+ } },
+ { &hf_tripe_huh, {
+ "Unknown data", "tripe.huh",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "I don't know what's meant to appear here."
+ } },
+ };
+
+ static gint *tts[] = {
+ &tt_tripe,
+ &tt_tripe_ct,
+ &hf_tripe_kx_mychal.tt,
+ &hf_tripe_kx_check.tt,
+ };
+
+ proto_tripe = proto_register_protocol("TrIPE", "TrIPE", "tripe");
+ proto_register_field_array(proto_tripe, hfs, array_length(hfs));
+ proto_register_subtree_array(tts, array_length(tts));
+
+ mod = prefs_register_protocol(proto_tripe, prefcb);
+ prefs_register_uint_preference(mod, "hashsz", "Hash length",
+ "hash function output length (in octets)",
+ 10, &hashsz);
+ prefs_register_uint_preference(mod, "tagsz", "MAC tag length",
+ "MAC tag length (in octets)", 10, &tagsz);
+ prefs_register_uint_preference(mod, "ivsz", "IV length",
+ "block cipher initialization vector length"
+ " (in octets)",
+ 10, &ivsz);
+}
+
+void proto_reg_handoff_tripe(void)
+{
+ dissector_handle_t dh;
+
+ dh = create_dissector_handle(dissect_tripe, proto_tripe);
+ dissector_add("udp.port", 22003, dh);
+}
+
+G_MODULE_EXPORT void plugin_reg_handoff(void)
+{
+ proto_reg_handoff_tripe();
+}
+
+G_MODULE_EXPORT void plugin_register(void)
+{
+ if (proto_tripe == -1)
+ proto_register_tripe();
+}
+
+/*----- That's all, folks -------------------------------------------------*/