X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/9235c5a43b4744f3dabe15573275ae87e9ed9497..HEAD:/wireshark/tripe.lua diff --git a/wireshark/tripe.lua b/wireshark/tripe.lua index f950aefa..a3544e9d 100644 --- a/wireshark/tripe.lua +++ b/wireshark/tripe.lua @@ -57,7 +57,7 @@ local CONFIG = { -- order. { var = "bulk", name = "Bulk transform", - type = "enum", allowed = { "v0", "iiv", "naclbox" }, + type = "enum", allowed = { "v0", "iiv", "naclbox", "aead" }, descr = "Bulk cryptographic transform", default = "v0" }, { var = "hashsz", name = "Hash length", type = "int", min = 0, descr = "Hash length (bytes)", default = 20 }, @@ -184,6 +184,11 @@ end -- Dissect a ciphertext of some particular kind. local dissect_ct = { } +function dissect_ct.aead(buf, tree, pos, sz) + tree:add(PF["tripe.ciphertext.tag"], buf(pos, C.tagsz)); pos = pos + C.tagsz + tree:add(PF["tripe.ciphertext.seq"], buf(pos, 4)); pos = pos + 4 + tree:add(PF["tripe.ciphertext.body"], buf(pos, sz - pos)) +end function dissect_ct.naclbox(buf, tree, pos, sz) tree:add(PF["tripe.ciphertext.tag"], buf(pos, 16)); pos = pos + 16 tree:add(PF["tripe.ciphertext.seq"], buf(pos, 4)); pos = pos + 4 @@ -289,6 +294,37 @@ local function dissect_misc_ciphertext(buf, tree, pos, sz) return dissect_ciphertext(buf, tree, "tripe.misc.ciphertext", pos, sz) end +local function dissect_chal(buf, tree, label, pos, sz) + local len = buf(pos, 2):uint() + local t = tree:add(PF[label], buf(pos, len + 2)) + t:add(PF["tripe.chal.len"], buf(pos, 2)); pos = pos + 2 + t:add(PF["tripe.chal.sequence"], buf(pos, 4)); pos = pos + 4; len = len - 4 + t:add(PF["tripe.chal.tag"], buf(pos, len)) + return pos + len +end + +local function dissect_my_chal(buf, tree, pos, sz) + return dissect_chal(buf, tree, "tripe.knock.mychal", pos, sz) +end + +local function dissect_your_chal(buf, tree, pos, sz) + return dissect_chal(buf, tree, "tripe.knock.yourchal", pos, sz) +end + +local function dissect_keyid(buf, tree, pos, sz) + tree:add(PF["tripe.knock.keyid"], buf(pos, 4)) + return pos + 4 +end + +local function dissect_ies(buf, tree, pos, sz) + local len = buf(pos, 2):uint() + local lim = pos + len + 2 + local t = tree:add(PF["tripe.knock.ies"], buf(pos, len + 2)) + t:add(PF["tripe.ies.len"], buf(pos, 2)); pos = pos + 2 + pos = dissect_ge[C.kx](buf, t, pos, sz) + return dissect_ciphertext(buf, t, "tripe.ies.ciphertext", pos, lim) +end + ----------------------------------------------------------------------------- --- The protocol information table. @@ -345,6 +381,19 @@ local PKTINFO = { dissect_switch } }, [4] = { label = "KX_SWITCHOK", info = "switch-ok", dissect = { dissect_switchok } }, + [5] = { label = "KX_TOKENRQ", info = "token-rq", + dissect = { dissect_my_chal, + dissect_keyid, + dissect_ies } }, + [6] = { label = "KX_TOKEN", info = "token", + dissect = { dissect_your_chal, + dissect_my_chal, + dissect_ies } }, + [7] = { label = "KX_KNOCK", info = "knock", + dissect = { dissect_your_chal, + dissect_keyid, + dissect_ies, + dissect_my_challenge } } } }, @@ -364,6 +413,8 @@ local PKTINFO = { dissect = { dissect_misc_ciphertext } }, [5] = { label = "MISC_GREET", info = "greeting", dissect = { dissect_misc_payload } }, + [6] = { label = "MISC_BYE", info = "disconnect notification", + dissect = { dissect_misc_ciphertext } }, } } } @@ -415,6 +466,40 @@ do ["tripe.packet.payload"] = { name = "Encrypted packet", type = ftypes.NONE }, + ["tripe.knock.keyid"] = { + name = "Short key indicator", type = ftypes.UINT32, base = base.HEX + }, + ["tripe.knock.mychal"] = { + name = "Sender's one-time challenge", type = ftypes.NONE + }, + ["tripe.knock.yourchal"] = { + name = "Recipient's one-time challenge", type = ftypes.NONE + }, + ["tripe.chal.len"] = { + name = "Challenge length", type = ftypes.UINT16, base = base.DEC + }, + ["tripe.chal.sequence"] = { + name = "Challenge sequence number", + type = ftypes.UINT32, base = base.DEC + }, + ["tripe.chal.tag"] = { + name = "Challenge tag", type = ftypes.BYTES, base = base.SPACE + }, + ["tripe.knock.ies"] = { + name = "Encrypted message", type = ftypes.NONE + }, + ["tripe.ies.len"] = { + name = "Encrypted message length", + type = ftypes.UINT16, base = base.DEC + }, + ["tripe.ies.clue"] = { + name = "Encrypted message KEM clue", + type = ftypes.BYTES, base = base.SPACE + }, + ["tripe.ies.ciphertext"] = { + name = "Encrypted message ciphertext", + type = ftypes.BYTES, base = base.SPACE + }, ["tripe.keyexch.type"] = { name = "Key-exchange subcode", type = ftypes.UINT8, base = base.DEC, mask = 0x0f, tab = subtab[1]