--- /dev/null
+/* -*-c-*-
+ *
+ * $Id: packet-tripe.c,v 1.1 2003/10/15 09:30:19 mdw Exp $
+ *
+ * TrIPE protocol dissector for Ethereal
+ *
+ * (c) 2003 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Trivial IP Encryption (TrIPE).
+ *
+ * TrIPE is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * TrIPE is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with TrIPE; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+/*----- Revision history --------------------------------------------------*
+ *
+ * $Log: packet-tripe.c,v $
+ * Revision 1.1 2003/10/15 09:30:19 mdw
+ * Add support for Ethereal protocol analysis.
+ *
+ */
+
+/*----- Header files ------------------------------------------------------*/
+
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netinet/in.h>
+
+#include <glib.h>
+#include <gmodule.h>
+#include <epan/packet.h>
+
+#ifdef ETHEREAL_BUGGERED
+# define plugin_address_table_t void
+# define plugin_address_table_init(x)
+#else
+# include <plugins/plugin_api.h>
+#endif
+
+#include "tripe-protocol.h"
+
+/*----- Static variables --------------------------------------------------*/
+
+static int proto_tripe = -1;
+
+typedef struct hfmp { int hf, hf_len, hf_val, tt; } hfmp;
+
+static int hf_tripe_cat = -1;
+static int hf_tripe_packet_type = -1;
+static int hf_tripe_ct = -1;
+static int hf_tripe_ct_seq = -1;
+static int hf_tripe_ct_iv = -1;
+static int hf_tripe_ct_cbc = -1;
+static int hf_tripe_ct_mac = -1;
+static int hf_tripe_kx_type = -1;
+static hfmp hf_tripe_kx_mychal = { -1, -1, -1, -1 };
+static int hf_tripe_kx_mycookie = -1;
+static int hf_tripe_kx_yourcookie = -1;
+static hfmp hf_tripe_kx_check = { -1, -1, -1, -1 };
+static int hf_tripe_huh = -1;
+
+static int tt_tripe = -1;
+static int tt_tripe_ct = -1;
+
+G_MODULE_EXPORT const gchar version[] = VERSION;
+
+/*----- Main code ---------------------------------------------------------*/
+
+static gint gethash(proto_tree *tt, int hf, tvbuff_t *b, gint off)
+{
+ proto_tree_add_item(tt, hf, b, off, 20, FALSE);
+ return (off + 20);
+}
+
+static gint getmp(proto_tree *tt, const hfmp *hf, tvbuff_t *b, gint off)
+{
+ guint16 len = tvb_get_ntohs(b, off);
+ proto_item *ti = proto_tree_add_item(tt, hf->hf, b, off, len + 2, FALSE);
+ tt = proto_item_add_subtree(ti, hf->tt);
+ proto_tree_add_item(tt, hf->hf_len, b, off, 2, FALSE);
+ proto_tree_add_item(tt, hf->hf_val, b, off + 2, len, FALSE);
+ return (off + 2 + len);
+}
+
+static void dissect_tripe(tvbuff_t *b, packet_info *p, proto_tree *t)
+{
+ proto_item *ti;
+ proto_tree *tt;
+ guint8 ty;
+ gint off = tvb_raw_offset(b);
+ guint32 seq;
+
+ /* --- Initialize the summary cells --- */
+
+ if (check_col(p->cinfo, COL_PROTOCOL))
+ col_set_str(p->cinfo, COL_PROTOCOL, "TrIPE");
+ ty = tvb_get_guint8(b, 0);
+ if (check_col(p->cinfo, COL_INFO)) {
+ col_clear(p->cinfo, COL_INFO);
+ switch (ty & MSG_CATMASK) {
+ case MSG_PACKET:
+ switch (ty & MSG_TYPEMASK) {
+ case 0:
+ col_set_str(p->cinfo, COL_INFO, "Packet data");
+ break;
+ default:
+ col_add_fstr(p->cinfo, COL_INFO,
+ "Packet data, unknown type code %u",
+ ty & MSG_TYPEMASK);
+ break;
+ }
+ break;
+ case MSG_KEYEXCH:
+ switch (ty & MSG_TYPEMASK) {
+ case KX_PRECHAL:
+ col_set_str(p->cinfo, COL_INFO, "Key exchange, prechallenge");
+ break;
+ case KX_COOKIE:
+ col_set_str(p->cinfo, COL_INFO, "Key exchange, cookie");
+ break;
+ case KX_CHAL:
+ col_set_str(p->cinfo, COL_INFO, "Key exchange, challenge");
+ break;
+ case KX_REPLY:
+ col_set_str(p->cinfo, COL_INFO, "Key exchange, reply");
+ break;
+ case KX_SWITCH:
+ col_set_str(p->cinfo, COL_INFO, "Key exchange, switch request");
+ break;
+ case KX_SWITCHOK:
+ col_set_str(p->cinfo, COL_INFO, "Key exchange, switch response");
+ break;
+ default:
+ col_add_fstr(p->cinfo, COL_INFO,
+ "Key exchange, unknown type code %u",
+ ty & MSG_TYPEMASK);
+ break;
+ }
+ break;
+ default:
+ col_add_fstr(p->cinfo, COL_INFO,
+ "Unknown category code %u, unknown type code %u",
+ ty & MSG_CATMASK, ty & MSG_TYPEMASK);
+ break;
+ }
+ }
+
+ /* --- Fill in the tree --- */
+
+ if (t) {
+ ti = proto_tree_add_item(t, proto_tripe, b, 0, -1, FALSE);
+ tt = proto_item_add_subtree(ti, tt_tripe);
+
+ proto_tree_add_item(tt, hf_tripe_cat, b, 0, 1, FALSE);
+
+ off = 1;
+ switch (ty & MSG_CATMASK) {
+ case MSG_PACKET:
+ proto_tree_add_item(tt, hf_tripe_packet_type, b, 0, 1, FALSE);
+ switch (ty & MSG_TYPEMASK) {
+ case 0:
+ goto ct;
+ default:
+ goto huh;
+ }
+ break;
+ case MSG_KEYEXCH:
+ proto_tree_add_item(tt, hf_tripe_kx_type, b, 0, 1, FALSE);
+ switch (ty & MSG_TYPEMASK) {
+ case KX_PRECHAL:
+ off = getmp(tt, &hf_tripe_kx_mychal, b, off);
+ goto tail;
+ case KX_COOKIE:
+ off = getmp(tt, &hf_tripe_kx_mychal, b, off);
+ off = gethash(tt, hf_tripe_kx_yourcookie, b, off);
+ goto tail;
+ case KX_CHAL:
+ off = getmp(tt, &hf_tripe_kx_mychal, b, off);
+ off = gethash(tt, hf_tripe_kx_yourcookie, b, off);
+ off = getmp(tt, &hf_tripe_kx_check, b, off);
+ goto tail;
+ case KX_REPLY:
+ off = gethash(tt, hf_tripe_kx_mycookie, b, off);
+ off = gethash(tt, hf_tripe_kx_yourcookie, b, off);
+ off = getmp(tt, &hf_tripe_kx_check, b, off);
+ goto ct;
+ case KX_SWITCH:
+ off = gethash(tt, hf_tripe_kx_mycookie, b, off);
+ off = gethash(tt, hf_tripe_kx_yourcookie, b, off);
+ goto ct;
+ case KX_SWITCHOK:
+ goto ct;
+ default:
+ goto huh;
+ }
+ break;
+ default:
+ goto huh;
+ }
+ tail:
+ if (tvb_offset_exists(b, off))
+ goto huh;
+ goto done;
+ huh:
+ proto_tree_add_item(tt, hf_tripe_huh, b, off, -1, FALSE);
+ goto done;
+ ct:
+ ti = proto_tree_add_item(tt, hf_tripe_ct, b, off, -1, FALSE);
+ seq = tvb_get_ntohl(b, off + 10);
+ proto_item_set_text(ti, "Encrypted ciphertext (sequence number %lu)",
+ (unsigned long)seq);
+ tt = proto_item_add_subtree(ti, tt_tripe_ct);
+ proto_tree_add_item(tt, hf_tripe_ct_mac, b, off, 10, FALSE);
+ off += 10;
+ proto_tree_add_item(tt, hf_tripe_ct_seq, b, off, 4, FALSE);
+ off += 4;
+ proto_tree_add_item(tt, hf_tripe_ct_iv, b, off, 8, FALSE);
+ off += 8;
+ proto_tree_add_item(ti, hf_tripe_ct_cbc, b, off, -1, FALSE);
+ goto done;
+ done:;
+ }
+}
+
+void proto_register_tripe(void)
+{
+ static value_string vs_kxtype[] = {
+ { KX_PRECHAL, "KX_PRECHAL (prechallenge)" },
+ { KX_COOKIE, "KX_COOKIE (cookie)" },
+ { KX_CHAL, "KX_CHAL (challenge)" },
+ { KX_REPLY, "KX_REPLY (reply)" },
+ { KX_SWITCH, "KX_SWITCH (switch request)" },
+ { KX_SWITCHOK, "KX_SWITCHOK (switch response)" },
+ { 0, 0 }
+ };
+
+ static hf_register_info hfs[] = {
+ &hf_tripe_cat, {
+ "Message category", "tripe.cat",
+ FT_UINT8, BASE_HEX, 0, MSG_CATMASK
+ },
+ &hf_tripe_packet_type, {
+ "Packet message type", "tripe.packet.type",
+ FT_UINT8, BASE_HEX, 0, MSG_TYPEMASK,
+ "This is the TrIPE packet type subcode."
+ },
+ &hf_tripe_ct, {
+ "Encrypted ciphertext", "tripe.ct",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is an encrypted message."
+ },
+ &hf_tripe_ct_seq, {
+ "Ciphertext sequence number", "tripe.ct.seq",
+ FT_UINT32, BASE_DEC, 0, 0,
+ "This is the unique sequence number for the ciphertext."
+ },
+ &hf_tripe_ct_iv, {
+ "Ciphertext initialization vector", "tripe.ct.iv",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the initialization vector used for the actual encryption."
+ },
+ &hf_tripe_ct_cbc, {
+ "CBC-encrypted data", "tripe.ct.cbc",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the CBC-encrypted message. Reading it ought to be hard."
+ },
+ &hf_tripe_ct_mac, {
+ "Message authentication code", "tripe.ct.mac",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the message authentication code for the ciphertext."
+ },
+ &hf_tripe_kx_type, {
+ "Key-exchange message type", "tripe.kx.type",
+ FT_UINT8, BASE_HEX, vs_kxtype, MSG_TYPEMASK,
+ "This is the TrIPE key-exchange type subcode."
+ },
+ &hf_tripe_kx_mychal.hf, {
+ "Sender's challenge data", "tripe.kx.mychal",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the sender's challenge value."
+ },
+ &hf_tripe_kx_mychal.hf_len, {
+ "Challenge length", "tripe.kx.mychal.len",
+ FT_UINT16, BASE_DEC, 0, 0,
+ "This is the length of the sender's challenge value."
+ },
+ &hf_tripe_kx_mychal.hf_val, {
+ "Challenge value", "tripe.kx.mychal.val",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the value of the sender's challenge value."
+ },
+ &hf_tripe_kx_mycookie, {
+ "Sender's hashed cookie", "tripe.kx.mycookie",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the hash of the sender's challenge."
+ },
+ &hf_tripe_kx_yourcookie, {
+ "Recipient's hashed cookie", "tripe.kx.yourcookie",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the hash of the recipient's challenge."
+ },
+ &hf_tripe_kx_check.hf, {
+ "Challenge check-value", "tripe.kx.check",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is an encrypted check-value which proves that the sender "
+ "knows the answer to the challenge, and that it is therefore honest."
+ },
+ &hf_tripe_kx_check.hf_len, {
+ "Check-value length", "tripe.kx.check.len",
+ FT_UINT16, BASE_DEC, 0, 0,
+ "This is the length of the encrypted check-value."
+ },
+ &hf_tripe_kx_check.hf_val, {
+ "Check-value data", "tripe.kx.check.val",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "This is the actual encrypted check-value."
+ },
+ &hf_tripe_huh, {
+ "Unknown data", "tripe.huh",
+ FT_BYTES, BASE_NONE, 0, 0,
+ "I don't know what's meant to appear here."
+ },
+ };
+
+ static gint *tts[] = {
+ &tt_tripe,
+ &tt_tripe_ct,
+ &hf_tripe_kx_mychal.tt,
+ &hf_tripe_kx_check.tt,
+ };
+
+ proto_tripe = proto_register_protocol("TrIPE", "TrIPE", "tripe");
+ proto_register_field_array(proto_tripe, hfs, array_length(hfs));
+ proto_register_subtree_array(tts, array_length(tts));
+}
+
+void proto_reg_handoff_tripe(void)
+{
+ dissector_handle_t dh;
+
+ dh = create_dissector_handle(dissect_tripe, proto_tripe);
+ dissector_add("udp.port", 22003, dh);
+}
+
+G_MODULE_EXPORT void plugin_reg_handoff(void)
+{
+ proto_reg_handoff_tripe();
+}
+
+G_MODULE_EXPORT void plugin_init(plugin_address_table_t *pat)
+{
+ plugin_address_table_init(pat);
+ if (proto_tripe == -1)
+ proto_register_tripe();
+}
+
+/*----- That's all, folks -------------------------------------------------*/
--- /dev/null
+/* -*-c-*-
+ *
+ * $Id: tripe-protocol.h,v 1.1 2003/10/15 09:30:18 mdw Exp $
+ *
+ * Protocol definition for TrIPE
+ *
+ * (c) 2003 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Trivial IP Encryption (TrIPE).
+ *
+ * TrIPE is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * TrIPE is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with TrIPE; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+/*----- Revision history --------------------------------------------------*
+ *
+ * $Log: tripe-protocol.h,v $
+ * Revision 1.1 2003/10/15 09:30:18 mdw
+ * Add support for Ethereal protocol analysis.
+ *
+ */
+
+#ifndef TRIPE_PROTOCOL_H
+#define TRIPE_PROTOCOL_H
+
+/*----- TrIPE protocol ----------------------------------------------------*/
+
+/* --- TrIPE message format --- *
+ *
+ * A packet begins with a single-byte message type. The top four bits are a
+ * category code used to send the message to the right general place in the
+ * code; the bottom bits identify the actual message type.
+ */
+
+#define MSG_CATMASK 0xf0
+#define MSG_TYPEMASK 0x0f
+
+/* --- Encrypted message packets --- *
+ *
+ * Messages of category @MSG_PACKET@ contain encrypted network packets. The
+ * message content is a symmetric-encrypted block (see below). Reception of
+ * a packet encrypted under a new key implicitly permits that key to be used
+ * to send further packets.
+ *
+ * The only packet type accepted is zero.
+ *
+ * Packets may be encrypted under any live keyset, but should use the most
+ * recent one.
+ */
+
+#define MSG_PACKET 0x00
+
+/* --- Key exchange packets --- */
+
+#define MSG_KEYEXCH 0x10
+
+#define KX_PRECHAL 0u
+#define KX_COOKIE 1u
+#define KX_CHAL 2u
+#define KX_REPLY 3u
+#define KX_SWITCH 4u
+#define KX_SWITCHOK 5u
+#define KX_NMSG 6u
+
+/* --- Symmetric encryption and keysets --- *
+ *
+ * Packets consist of an 80-bit MAC, a 32-bit sequence number, and the
+ * encrypted payload.
+ *
+ * The plaintext is encrypted using Blowfish in CBC mode with ciphertext
+ * stealing (as described in [Schneier]. The initialization vector is
+ * selected randomly, and prepended to the actual ciphertext.
+ *
+ * The MAC is computed using the HMAC construction with RIPEMD160 over the
+ * sequence number and the ciphertext (with IV); the first 80 bits of the
+ * output are used. (This is the minimum allowed by the draft FIPS for HMAC,
+ * and the recommended truncation.)
+ *
+ * A keyset consists of
+ *
+ * * an integrity (MAC) key;
+ * * a confidentiality (encryption) key; and
+ * * a sequence numbering space
+ *
+ * in each direction. The packets sent by a host encrypted under a
+ * particular keyset are assigned consecutive sequence numbers starting from
+ * zero. The receiving host must ensure that it only accepts each packet at
+ * most once. It should maintain a window of sequence numbers: packets with
+ * numbers beyond the end of the window are accepted and cause the window to
+ * be advanced; packets with numbers before the start of the window are
+ * rejected; packets with numbers which appear within the window are accepted
+ * only if the number has not been seen before.
+ *
+ * When a host sends a @KX_SWITCH@ or @KX_SWITCHOK@ message, it installs the
+ * newly-negotiated keyset in a `listen-only' state: it may not send a packet
+ * encrypted under the keyset until either it has received a @KX_SWITCH@ or
+ * @KX_SWITCHOK@ message, or a @MSG_PACKET@ encrypted under the keyset, from
+ * its peer.
+ */
+
+/*----- That's all, folks -------------------------------------------------*/
+
+#endif
/* -*-c-*-
*
- * $Id: tripe.h,v 1.16 2003/07/13 11:19:49 mdw Exp $
+ * $Id: tripe.h,v 1.17 2003/10/15 09:30:18 mdw Exp $
*
* Main header file for TrIPE
*
/*----- Revision history --------------------------------------------------*
*
* $Log: tripe.h,v $
+ * Revision 1.17 2003/10/15 09:30:18 mdw
+ * Add support for Ethereal protocol analysis.
+ *
* Revision 1.16 2003/07/13 11:19:49 mdw
- * Incopatible protocol fix! Include message type code under MAC tag to prevent
- * cut-and-paste from key-exchange messages to general packet transport.
+ * Incompatible protocol fix! Include message type code under MAC tag to
+ * prevent cut-and-paste from key-exchange messages to general packet
+ * transport.
*
* Revision 1.15 2003/05/16 12:09:03 mdw
* Allow binding to a chosen address.
#include <mLib/sub.h>
#include <mLib/trace.h>
+#include <catacomb/buf.h>
+
#include <catacomb/gcipher.h>
#include <catacomb/gmac.h>
#include <catacomb/grand.h>
#include <catacomb/mprand.h>
#include <catacomb/dh.h>
-#include "buf.h"
+#include "tripe-protocol.h"
#include "util.h"
#undef sun
#define PKBUFSZ 65536
-/*----- TrIPE protocol ----------------------------------------------------*/
-
-/* --- TrIPE message format --- *
- *
- * A packet begins with a single-byte message type. The top four bits are a
- * category code used to send the message to the right general place in the
- * code; the bottom bits identify the actual message type.
- */
-
-#define MSG_CATMASK 0xf0
-#define MSG_TYPEMASK 0x0f
-
-/* --- Encrypted message packets --- *
- *
- * Messages of category @MSG_PACKET@ contain encrypted network packets. The
- * message content is a symmetric-encrypted block (see below). Reception of
- * a packet encrypted under a new key implicitly permits that key to be used
- * to send further packets.
- *
- * The only packet type accepted is zero.
- *
- * Packets may be encrypted under any live keyset, but should use the most
- * recent one.
- */
-
-#define MSG_PACKET 0x00
-
-/* --- Key exchange packets --- */
-
-#define MSG_KEYEXCH 0x10
-
-#define KX_PRECHAL 0u
-#define KX_COOKIE 1u
-#define KX_CHAL 2u
-#define KX_REPLY 3u
-#define KX_SWITCH 4u
-#define KX_SWITCHOK 5u
-#define KX_NMSG 6u
-
-/* --- Symmetric encryption and keysets --- *
- *
- * Packets consist of an 80-bit MAC, a 32-bit sequence number, and the
- * encrypted payload.
- *
- * The plaintext is encrypted using Blowfish in CBC mode with ciphertext
- * stealing (as described in [Schneier]. The initialization vector is
- * selected randomly, and prepended to the actual ciphertext.
- *
- * The MAC is computed using the HMAC construction with RIPEMD160 over the
- * sequence number and the ciphertext (with IV); the first 80 bits of the
- * output are used. (This is the minimum allowed by the draft FIPS for HMAC,
- * and the recommended truncation.)
- *
- * A keyset consists of
- *
- * * an integrity (MAC) key;
- * * a confidentiality (encryption) key; and
- * * a sequence numbering space
- *
- * in each direction. The packets sent by a host encrypted under a
- * particular keyset are assigned consecutive sequence numbers starting from
- * zero. The receiving host must ensure that it only accepts each packet at
- * most once. It should maintain a window of sequence numbers: packets with
- * numbers beyond the end of the window are accepted and cause the window to
- * be advanced; packets with numbers before the start of the window are
- * rejected; packets with numbers which appear within the window are accepted
- * only if the number has not been seen before.
- *
- * When a host sends a @KX_SWITCH@ or @KX_SWITCHOK@ message, it installs the
- * newly-negotiated keyset in a `listen-only' state: it may not send a packet
- * encrypted under the keyset until either it has received a @KX_SWITCH@ or
- * @KX_SWITCHOK@ message, or a @MSG_PACKET@ encrypted under the keyset, from
- * its peer.
- */
-
/*----- Cipher selections -------------------------------------------------*/
#include <catacomb/blowfish.h>