From 165db1a8d131ee6f8244ca392c7ae2074b030774 Mon Sep 17 00:00:00 2001 Message-Id: <165db1a8d131ee6f8244ca392c7ae2074b030774.1714605873.git.mdw@distorted.org.uk> From: Mark Wooding Date: Wed, 15 Oct 2003 09:30:53 +0000 Subject: [PATCH] Add support for Ethereal protocol analysis. Organization: Straylight/Edgeware From: mdw --- acconfig.h | 10 +- configure.in | 74 +++++++- ethereal/.cvsignore | 1 + ethereal/Makefile.am | 46 +++++ ethereal/cap | Bin 0 -> 9609 bytes ethereal/packet-tripe.c | 375 ++++++++++++++++++++++++++++++++++++++++ setup | 1 + tripe-protocol.h | 117 +++++++++++++ tripe.h | 89 ++-------- 9 files changed, 629 insertions(+), 84 deletions(-) create mode 100644 ethereal/.cvsignore create mode 100644 ethereal/Makefile.am create mode 100644 ethereal/cap create mode 100644 ethereal/packet-tripe.c create mode 100644 tripe-protocol.h diff --git a/acconfig.h b/acconfig.h index 84e4a148..f7462e36 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: acconfig.h,v 1.3 2003/07/13 11:38:39 mdw Exp $ + * $Id: acconfig.h,v 1.4 2003/10/15 09:30:18 mdw Exp $ * * Configuration header for TrIPE * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: acconfig.h,v $ + * Revision 1.4 2003/10/15 09:30:18 mdw + * Add support for Ethereal protocol analysis. + * * Revision 1.3 2003/07/13 11:38:39 mdw * Fix formatting. * @@ -67,6 +70,11 @@ * built-in `tun' devices. */ #undef TUN_TYPE +/* Define if your Ethereal plugin headers are broken (e.g., Debian 3.0) but + * you're running some sensible ELF system, and I should try to bodge around + * the damage. */ +#undef ETHEREAL_BUGGERED + @BOTTOM@ /*----- That's all, folks -------------------------------------------------*/ diff --git a/configure.in b/configure.in index af41f1f8..b2049dcd 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ -dnl -*-fundamental-*- +dnl -*-autoconf-*- dnl -dnl $Id: configure.in,v 1.12 2003/07/13 11:54:40 mdw Exp $ +dnl $Id: configure.in,v 1.13 2003/10/15 09:30:18 mdw Exp $ dnl dnl Configuration script for TrIPE dnl @@ -28,6 +28,9 @@ dnl Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. dnl ----- Revision history -------------------------------------------------- dnl dnl $Log: configure.in,v $ +dnl Revision 1.13 2003/10/15 09:30:18 mdw +dnl Add support for Ethereal protocol analysis. +dnl dnl Revision 1.12 2003/07/13 11:54:40 mdw dnl Version bump. dnl @@ -67,7 +70,9 @@ AM_INIT_AUTOMAKE(tripe, 1.0.0pre5) AM_CONFIG_HEADER(config.h) AC_CANONICAL_HOST +AC_PROG_MAKE_SET AC_PROG_CC +AM_PROG_LIBTOOL mdw_GCC_FLAGS([-Wall]) mdw_OPT_TRACE @@ -77,6 +82,16 @@ AC_ARG_WITH([linux-includes], [CFLAGS="$CFLAGS -I$withval"], [:]) +DIRS="" +AC_ARG_WITH([ethereal], +[ --with-ethereal build and install Ethereal plugin], +[case "$withval" in + no) ethereal=false;; + yes) ethereal='${prefix}/lib/ethereal/plugins';; + *) ethereal=$withval;; +esac], +[ethereal=false]) + case $host_os in linux*) case `uname -r` in @@ -103,8 +118,59 @@ esac AC_SUBST(tun) mdw_MLIB(2.0.0) -mdw_CATACOMB(2.0.0, [CFLAGS="$CFLAGS $CATACOMB_CFLAGS"]) +mdw_CATACOMB(2.0.1, [CFLAGS="$CFLAGS $CATACOMB_CFLAGS"]) + +if test "$ethereal" != false; then + AM_PATH_GLIB([1.2.0], [], AC_MSG_ERROR([failed to find GLib]), [gmodule]) + bad=true + mdw_CFLAGS=$CFLAGS + AC_CACHE_CHECK([how to find the Ethereal headers], + [mdw_cv_ethereal_includes], [ + for i in "" "-I/usr/include/ethereal"; do + CFLAGS="$GLIB_CFLAGS $i" + AC_TRY_COMPILE([ +#include +#include +#include +], [ + dissector_handle_t dh; + dh = creat_dissector_handle(0, 0); + ], [bad=false; break]) + done + if $bad; then + AC_MSG_ERROR([failed to find Ethereal headers]) + fi + mdw_cv_ethereal_includes=$i + CFLAGS=$mdw_CFLAGS + ]) + AC_CACHE_CHECK([whether the Ethereal headers are broken], + [mdw_cv_ethereal_buggered], [ + CFLAGS="$GLIB_CFLAGS $i" + AC_TRY_COMPILE([ +#include +#include +#include +#include +], [ + G_MODULE_EXPORT void plugin_init(plugin_address_table_t *pat) + { + plugin_address_table_init(pat); + } + ], [mdw_cv_ethereal_buggered=no], [mdw_cv_ethereal_buggered=yes]) + CFLAGS=$mdw_CFLAGS + ]) + if test $mdw_cv_ethereal_buggered = yes; then + AC_DEFINE(ETHEREAL_BUGGERED) + fi + + ETHEREAL_CFLAGS="$CFLAGS $GLIB_CFLAGS $mdw_cv_ethereal_includes" + ETHEREAL_PLUGIN_DIR=$ethereal + AC_SUBST(ETHEREAL_CFLAGS) + AC_SUBST(ETHEREAL_PLUGIN_DIR) + DIRS="$DIRS ethereal" +fi -AC_OUTPUT(Makefile doc/Makefile tripe-init) +AC_SUBST(DIRS) +AC_OUTPUT(Makefile doc/Makefile ethereal/Makefile tripe-init) dnl ----- That's all, folks ------------------------------------------------- diff --git a/ethereal/.cvsignore b/ethereal/.cvsignore new file mode 100644 index 00000000..70845e08 --- /dev/null +++ b/ethereal/.cvsignore @@ -0,0 +1 @@ +Makefile.in diff --git a/ethereal/Makefile.am b/ethereal/Makefile.am new file mode 100644 index 00000000..a2c43ee3 --- /dev/null +++ b/ethereal/Makefile.am @@ -0,0 +1,46 @@ +## -*-makefile-*- +## +## $Id: Makefile.am,v 1.1 2003/10/15 09:30:19 mdw Exp $ +## +## Makefile fragment for Ethereal plugin +## +## (c) 2003 Straylight/Edgeware +## + +##----- Licensing notice ---------------------------------------------------- +## +## This file is part of Trivial IP Encryption (TrIPE). +## +## TrIPE is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. +## +## TrIPE is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with TrIPE; if not, write to the Free Software Foundation, +## Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +##----- Revision history ---------------------------------------------------- +## +## $Log: Makefile.am,v $ +## Revision 1.1 2003/10/15 09:30:19 mdw +## Add support for Ethereal protocol analysis. +## + +AUTOMAKE_OPTIONS = foreign + +CFLAGS = -I$(top_srcdir) -I$(top_builddir) @ETHEREAL_CFLAGS@ + +plugindir = @ETHEREAL_PLUGIN_DIR@ +plugin_LTLIBRARIES = tripe.la + +tripe_la_SOURCES = packet-tripe.c +tripe_la_LDFLAGS = -module -avoid-version +LIBS = + +##----- That's all, folks --------------------------------------------------- diff --git a/ethereal/cap b/ethereal/cap new file mode 100644 index 0000000000000000000000000000000000000000..04dec611dd65edb5612d828c1e5e38daffe6af5a GIT binary patch literal 9609 zcma*s1yEJrz6bD4cb6dDAt4e{64KovNcSN`Qb4+tF6oqRMY@p&k?t<(4(Yeg|GhVJ z@64U|jx%dE&YU@)@A|E^*Is*_iJ#wd-~mM7fB!8Y0RSfWA442R(N0lJz!Cf#+NA!u zhylEKPEj4feV3WZCG%QmT4#WMw*>H6NbGcJIiuI08~h}-p3L@vK;lm!o!J`T!$LXL zkZl4|-gBJoHolUm#?{teLtUDFtS{>|t5mUc2vy_}Iz?kM8c^>`hcGo(JR8N9=~A+&)!co74{@GNtoG&I6Lyv!pCK*XBKm~~jN$3+ExlEQLz@{ZD#hxzC- zMuWQ6{90k22)mva?)Sdm6qk(B)Zf1E(T|nSMZ_9r)6=?|Ev%r_)(=>EY8eG|@?b=a zwsAjlKtPJdk!(i&=OXUc{13_oC7N~s33djWlp%3IwJPpA9)|7f=&yFfHm_JXs%FQY z_9MN;)l1R)H8~m+^y`zwi%Sy{44JbvY$)$k3rkNge1X4m_rA0fhv@qmAW!Lqy~VQ;B8{p((jirK^B~Rh)hYd64}uJ(p0HxUFs57! zz_QvGHg2+`7~67?qHT*V>CQ)P7&g1KNJ|L3--FM+;P^@XP+&Ni{3tJg$Z79YJmP!5 zl{*Z}e6V*3OH96D7Rrb{H;CpWr-Z-)ga)2^6{py@a=?vS@Fo8eS5Td zZ6V0hkLOm}r2ew18p+uYZuQ;@k2zRcZU7+yUmS z3oWCER|-hc90-e~R^S*S1zqPGEgxRNq1PLPwOu~mP<70_2}aZ!k=l@5oC%D7*OyC? z>Hom@5=t#G;J`4ZQ9FRP?3oLQSk^Qy~@{C-#t~YDq{&MN8vckBE@7~lBzTJNl)=#{il{M5RC8?_S z4Vw-(LUhdKl}tS2Sb_O|u2iya5xdGCukOF8q~4lpss0O4{-6LB{@orB6S*dP6;8ns z#scz8%X9%4J}G~&{QPApD%=&5zK8>C;l2-C(g`yuoyX?&h{i#@ga=hol7e)ZHf8MC zx9^<=S`n-6fDeUWf}rBt&&4D!s6OCH?jh`cE8jW$ns97@c4FH^9I{h;iXT=7dYl&AwaeNI$)@?_F| ztMJRvx&w}ibQ&*I9qk+YqoqJb~IV1wzy4e#+g2X7~$ zhV1Edh@iuBwclz9xSq0)(b!(N2T_%~MY-{T%rC{!==`zu_j|qNk|_c{YFC(meBVAS z3ulE0Q0${^%4u|{Z~YhKS*`u%Mhj88ZU&oA&1HqjW<#t@_kPPaQSp6CIM3I|K^v-R z8OAy3zj~F#flLD5<~<_Y(wg|A0U!OYoKak+U$8O_rPxK7UG9EkI;}*W03)1# z_fCnh4tHl*j_YM`En2Y-eAf*Ily7Fl0m8vAgf{S53|{_u7Qg?uXR-Sp7clyMm7PB} zjb;`4fTT_QYCjSJKYPkWw1M!BY*%_l?)cznbA2O?y?~@>e4~k)nkXXEFkg}2yNWVd+PC;LJdXYQAA<Gyz{&Zdl49pyJP}q~_T5tUD_h?OALO>x*Anlbs`_wp5D9 z_R)ccZh}T{#jSOd2$`MkRtQfHl=woEB37_@<}0PCdPZTf^%_oF4q(>u|AL*DYv3gehtbUnj3H-W@GIvfN${VI^A#^B&EM1@=tQ+_JMwN1~R?G~yZr^vA z>rc~BH4R7uSI)VWf8E-d(yBAkUGcm{>??2uz0pc8P3pA(#Z0FBQJQcR{Q1E!@9ihF zjnjp@x2Ff6%xtUJH(4W#8tV{`oT1S?{9uWu7zJ#!?fp)>GF3{(0HZOAnR_;!mp40) zWBmF;Umhyo@SWEn$B#QiBS43Xc=_7JbhC+^wdJD8h0}LWX-a@yLxBXR+2x^$xbtqG zrmohLW~=FAhkletjsOR#4^t3oXHQkwgo;@Zm*Qq7Dqw5ggzG3OAB+M}!GYT`ut@=M z;BFhb2v{ur>mmS$@r48z4xsaDXYIFuzf}%)aJD?=Uq+<1A^v8lEEvB@A(+YWG@_EU zEafI%hS+at%KZ&j-rG$?bV==en()!FIF7PFI>mV<+};Fv*@p`hBl1L7^fHZbcfUCQ z$&vlKY_IHHzLNRx*O;gsI1>?5p54igUy^qIbZ$!@&mNjvwIjq)$IUg3V88r}HBD^G z8tZsK@LWVuSRwT`uT0v92%;3)RK3!a9guXIFw&$Gh}f?Y6Q}f8cKELL?7k}OEaSTb zS6UvywX!v%iSDfuwvzvqjGnd38!yQF*)XO|Z9%ThkMZ`zI8&lhLeULl+`lDvXoV{k z7{YC2=(2pXu{XZnN{OpCgXMY}1OQrKsh|xkmlm{Kym;@5{`K_|wJGLcS+J`~7mcI)Ic$CYvUAeK(jPEsJ%zl^_q zed50W$158{ELAzYUdx>c;lH6cR?m^_Pz>&LC+26!v3iMfI;H+vxr-@1Q8X*#i$S%g z^4c6dNj;*&YqUmrMOiUL^{?%7M3rd>oAj=MA&)n4G=!m8(-rrRCW!xs`bcMKqC41{)3lqMC)B+{rZOl)XWg_b7_3jpt(A=@Cg}o z&ai=cF?c-IAQcmz-5xqwncVJAjTJco+ffXkt^3IYZShjfb*cjH?Z)p4FUb%_*dP1H z32{o^Qa0Ll7h&uI)SerWotFNnAD5X_5z%r)t=>kAW1A{RXkEUi*!~%@=?N`z^g0IM z3lEWe+Huk77eZ0WJ=7{D9#W;Q&y4cR`vq&X z9@L7kDmh0ckyf+C6&;4~^QK>mZ4Gab{E*5#pG?-0F?%wl(}h9jKZn?{v6|%UxQa?( zu;7+*dr>cKUZw3pZiagG@?htBF@S+r&99ry% zfDbzN!ph88#cxs0h_M*jqe6uzt`Cr;>&i5l z%8iir3W%2(n=c;?>L*T#uWvDT>-0xIrN2EaX%$JE!Y|Mo=mF3%Mby;wTHV(rwHQXm)M`zTyTF?gy!#0{L%*dIXo+Y4Cu z%{;)7Ka!6dd690x4CE164q9dkjbk!K%-!FjN?@xoaO%{39o{o`aWk!}m?oW}OsNQ~ zG$G%TQknd{-byy$B81#P+HyAdu_4v-V5jOFh^jMy@@x=T_G;h=x%CEFaWmeSKbHl0 zBzVdAfRyaKxmG$fQTdFi&fR_Pii#}W_^Huh0As1;ESF_1QRG)P@*rnAT!538IYs11 zaiXx=#%w2fm7@i^vCvp76_n>dfaSd}k`ka-$FD08lbzrA2=d5k!_TF>cba~lo9LIl zx)NwEmHRo7a8J?uBh*#AbxdP3g80*7q{th}dv6T?z^~1zmIg}ZS z^5C@o>AeRM5)20^Un&7egeT<5indzMBgn&-F^i)11X-x0Eh0S!Is^{RufOJ2~Cjih~na@66^uo5H|`_Vl|X1`N~e&=hDjH5^-rUi1A?1X3ve`cwuT zSx4fNE#pz`Y(!=H@A6rFyGY3r?}Re|^NAHEt)? z5P5z_jNKARZFsBiIWZd2y#w(g&5~AW-iVxw-*J=$sdHOcrWCgm@Y1-0kf!DGq8)k+ zh?=eK=Vk2u+;AaLMREzbp%&vcs_3BEcg)-|<=iw3RIfd*2WejEUTedMw+wTJd?|Qw zR<4$%sV7gw5%pP(V&p@(FX^GYryV>DJ%ytMn&pU!=^D~#`ujj0@mOnD91fL-lk4%0 zGQhcJzQ8Jc=}|7$Qi=P@0&1&*Ka}D^L4aXQHHrc6wKuP0 zM{6;St3e74l}}CuFAyb;Kg5`M@bzl4C{>#nZ$q|5LELS<8B>yB7t0Z{0&Q`njpi}= zkKIGP-cR4X1!YBi9#!a55_iTl-}wj4K=}$(1Q>d%cmeQsy-bl87}$AA2l7a(svbNO zZxtl{qg*MZ$pUmAzO@At-@dfA=zgMhF!Q1yFt6x!RCdA?X4%V+jO?gixq!;xX=sSPRcD_9p@ zKKp0i$~DNNTp?&JTBwdCEe`QZJM;F_iSR!`^@}Y;|E2XsbKZhIcOknJ?&f@oY0Pb6 zZ_m7P6iQ{%pux~n2o2B;x9=iZ+Qs0S08*G=Q1S*|&ptWrn|Ygr=_3y@x?2hS%n9Ti zJ%*zepc{F36ieh|S2<_h+_z1@XbN0Yoeo*|d~Y194uE!eUddLKOC);V&aFnCn|ZVzhSB z&cLPP$$^T~x>13L{Mtd`I{sks`Aa&AIdh_~Xbg@YoDre? zcp@zP>rp^EPpS)ff?|?ZkADQr5B{a5)J$C_FK6#W?ka@=2|*96Bs#0g1s`h4t^* z&t##;F=(~HQ)UC-@G6ejtYeRb3K_!#e%pL_a%{~S;MV3`mhyb8I{FzRz^}Y+v#m0x z#0eQ{ns-uh;Cg4RddC)B(iH6-zii}THa$f{KQJ^bo2@lsQ`4X?)@=Vr;@Q5T+}~4Z zw1_rXqH%2jYcZ69x1mx<_AS-rS3R zb4K24WmvL|MSODRI7q0y!EF9_*&AP=)hWGq<&&8hR+e4Q6FHggb-h4^LK^w}D3^U! zA}B9j2n#>A3EYZ|GX73{+DB{-^0?uUhroCsh0LdWvSajB6T9nr2qvap1?fa(d5=|> zAU2RPa?T|t5|Z11KS?#Ry8dxDs9L!;IpP(tbMxu7P|z2Q8E+_WO%BU5e8U!q$*Gum z>FeyImksiG)K|EZh8C(+$Ytkz8=5Z@WyE>vqSty9{Huq1#g{VnpAi_qPy2N@ZY5tI z#JReeBd8+{p7#&;vq_^%#+&evl%{e2GcV#|;bAz!V?6`{MWpUL^jk0?(4`5ZHZmcZ zVU`hH5yFrytV&1aULhKLpfqZMyEdBoVMs&7<=YS2cAK>$3uA#d!Hz%dvjw-#T1X=G z^H+=ZIGufQ{A*2zaKe1fFo?Hx{RTecr~#bo5O^(vw)K`!FlojpDq$8 z1C%-Q@R1X#Pp7BAXqX={)15ZtKAJuqGhcR3?fRhY<^AqO3x5LRwe=y(dvt8&SZ_-a z!8AE}^I&_dK97rg?4oTwL_oq^(9qz{OQ$tbr1%pTlCUr2W;M>>zQrI;e@UWh+7sU} zYGF+p=^X(yT9rR6(f&*V3fOVM#q@Xw6t-YAEX0WIV}<9<)J)=nZu#eHi`650aztn4 zT{_96I@_ z>t_T)9^sPGzJG3Kw<`OUpJWnG)z*PnzN-!CvQbtzelL3Zo-r7$bRL$Cxl$USKd6a= zMPDPRT?|IUKgIfZ{@^})iPu}pXa8|`S!{#hI}KCC)K1h+Su2Sk25G%iPnB!+bYH7h zxu!n)WQAt*HrGU(jRbZ3h=S*g_=zxj6_h7i#(<$R^H%_8h!C@Y*m-=?GRWho%jcp% z^b3^A6PA!Jel-_NI^4>q?aU;th+l+FZpi}LHIy#CsX};cYQLG4iYeUZ$KrBtH1@l8 zO^Mug$=<@PHab#Kt{Ca01~%MDb}pB=WmOmjH?{e+00Hejv!BUyASzzE# zU3rp7!nG(47>z)C2ghI9?MoP)R$h9RnK~UAztuM*>h*~k?Ky!Ps(vxI=~!|?%9p0& zxWhW)y7s6-}?RmM=)-i4j#Y{x&S{1izUc4373OoP!G82Q(E|;}ll%+2O z0&=-e*j-)tXM9gYi6K@;@~zemYu)oF!q&TJ^TrVA0h|f-Ee-XbbqT{9b6K z4k+1&xN_u@9HqE`(FjFyTRsXq@*B?f^!X19O8=10`+HZ6J?6Yos4bi8a@~QW)h$70 z`Y;VJ@3RIv;JICOO#2gSC?ve#d8%As_leb&6hjiqYZ76>FlQ1TfUo8pR1hvpc_|f; z#~Utlif_?oTkqX|na&wqO~N2tscVsU6Bt8?vy8doMhQlTYcCS72{W60}bu0)IepH#LeB<4+e4KolhTC5!k z44X5q?fU~|Imp>HJvL>IO@A#EA+uw>v`o(qeabieEKvZ2H%HKMmz)%@l6~N#x@+%L` zHlzpWZ$J2GVQ|Vox4uTzU82paZg{(IiMA&C7fpNo{kj%X_7`}eX-`81 +#include +#include + +#include + +#include +#include +#include + +#ifdef ETHEREAL_BUGGERED +# define plugin_address_table_t void +# define plugin_address_table_init(x) +#else +# include +#endif + +#include "tripe-protocol.h" + +/*----- Static variables --------------------------------------------------*/ + +static int proto_tripe = -1; + +typedef struct hfmp { int hf, hf_len, hf_val, tt; } hfmp; + +static int hf_tripe_cat = -1; +static int hf_tripe_packet_type = -1; +static int hf_tripe_ct = -1; +static int hf_tripe_ct_seq = -1; +static int hf_tripe_ct_iv = -1; +static int hf_tripe_ct_cbc = -1; +static int hf_tripe_ct_mac = -1; +static int hf_tripe_kx_type = -1; +static hfmp hf_tripe_kx_mychal = { -1, -1, -1, -1 }; +static int hf_tripe_kx_mycookie = -1; +static int hf_tripe_kx_yourcookie = -1; +static hfmp hf_tripe_kx_check = { -1, -1, -1, -1 }; +static int hf_tripe_huh = -1; + +static int tt_tripe = -1; +static int tt_tripe_ct = -1; + +G_MODULE_EXPORT const gchar version[] = VERSION; + +/*----- Main code ---------------------------------------------------------*/ + +static gint gethash(proto_tree *tt, int hf, tvbuff_t *b, gint off) +{ + proto_tree_add_item(tt, hf, b, off, 20, FALSE); + return (off + 20); +} + +static gint getmp(proto_tree *tt, const hfmp *hf, tvbuff_t *b, gint off) +{ + guint16 len = tvb_get_ntohs(b, off); + proto_item *ti = proto_tree_add_item(tt, hf->hf, b, off, len + 2, FALSE); + tt = proto_item_add_subtree(ti, hf->tt); + proto_tree_add_item(tt, hf->hf_len, b, off, 2, FALSE); + proto_tree_add_item(tt, hf->hf_val, b, off + 2, len, FALSE); + return (off + 2 + len); +} + +static void dissect_tripe(tvbuff_t *b, packet_info *p, proto_tree *t) +{ + proto_item *ti; + proto_tree *tt; + guint8 ty; + gint off = tvb_raw_offset(b); + guint32 seq; + + /* --- Initialize the summary cells --- */ + + if (check_col(p->cinfo, COL_PROTOCOL)) + col_set_str(p->cinfo, COL_PROTOCOL, "TrIPE"); + ty = tvb_get_guint8(b, 0); + if (check_col(p->cinfo, COL_INFO)) { + col_clear(p->cinfo, COL_INFO); + switch (ty & MSG_CATMASK) { + case MSG_PACKET: + switch (ty & MSG_TYPEMASK) { + case 0: + col_set_str(p->cinfo, COL_INFO, "Packet data"); + break; + default: + col_add_fstr(p->cinfo, COL_INFO, + "Packet data, unknown type code %u", + ty & MSG_TYPEMASK); + break; + } + break; + case MSG_KEYEXCH: + switch (ty & MSG_TYPEMASK) { + case KX_PRECHAL: + col_set_str(p->cinfo, COL_INFO, "Key exchange, prechallenge"); + break; + case KX_COOKIE: + col_set_str(p->cinfo, COL_INFO, "Key exchange, cookie"); + break; + case KX_CHAL: + col_set_str(p->cinfo, COL_INFO, "Key exchange, challenge"); + break; + case KX_REPLY: + col_set_str(p->cinfo, COL_INFO, "Key exchange, reply"); + break; + case KX_SWITCH: + col_set_str(p->cinfo, COL_INFO, "Key exchange, switch request"); + break; + case KX_SWITCHOK: + col_set_str(p->cinfo, COL_INFO, "Key exchange, switch response"); + break; + default: + col_add_fstr(p->cinfo, COL_INFO, + "Key exchange, unknown type code %u", + ty & MSG_TYPEMASK); + break; + } + break; + default: + col_add_fstr(p->cinfo, COL_INFO, + "Unknown category code %u, unknown type code %u", + ty & MSG_CATMASK, ty & MSG_TYPEMASK); + break; + } + } + + /* --- Fill in the tree --- */ + + if (t) { + ti = proto_tree_add_item(t, proto_tripe, b, 0, -1, FALSE); + tt = proto_item_add_subtree(ti, tt_tripe); + + proto_tree_add_item(tt, hf_tripe_cat, b, 0, 1, FALSE); + + off = 1; + switch (ty & MSG_CATMASK) { + case MSG_PACKET: + proto_tree_add_item(tt, hf_tripe_packet_type, b, 0, 1, FALSE); + switch (ty & MSG_TYPEMASK) { + case 0: + goto ct; + default: + goto huh; + } + break; + case MSG_KEYEXCH: + proto_tree_add_item(tt, hf_tripe_kx_type, b, 0, 1, FALSE); + switch (ty & MSG_TYPEMASK) { + case KX_PRECHAL: + off = getmp(tt, &hf_tripe_kx_mychal, b, off); + goto tail; + case KX_COOKIE: + off = getmp(tt, &hf_tripe_kx_mychal, b, off); + off = gethash(tt, hf_tripe_kx_yourcookie, b, off); + goto tail; + case KX_CHAL: + off = getmp(tt, &hf_tripe_kx_mychal, b, off); + off = gethash(tt, hf_tripe_kx_yourcookie, b, off); + off = getmp(tt, &hf_tripe_kx_check, b, off); + goto tail; + case KX_REPLY: + off = gethash(tt, hf_tripe_kx_mycookie, b, off); + off = gethash(tt, hf_tripe_kx_yourcookie, b, off); + off = getmp(tt, &hf_tripe_kx_check, b, off); + goto ct; + case KX_SWITCH: + off = gethash(tt, hf_tripe_kx_mycookie, b, off); + off = gethash(tt, hf_tripe_kx_yourcookie, b, off); + goto ct; + case KX_SWITCHOK: + goto ct; + default: + goto huh; + } + break; + default: + goto huh; + } + tail: + if (tvb_offset_exists(b, off)) + goto huh; + goto done; + huh: + proto_tree_add_item(tt, hf_tripe_huh, b, off, -1, FALSE); + goto done; + ct: + ti = proto_tree_add_item(tt, hf_tripe_ct, b, off, -1, FALSE); + seq = tvb_get_ntohl(b, off + 10); + proto_item_set_text(ti, "Encrypted ciphertext (sequence number %lu)", + (unsigned long)seq); + tt = proto_item_add_subtree(ti, tt_tripe_ct); + proto_tree_add_item(tt, hf_tripe_ct_mac, b, off, 10, FALSE); + off += 10; + proto_tree_add_item(tt, hf_tripe_ct_seq, b, off, 4, FALSE); + off += 4; + proto_tree_add_item(tt, hf_tripe_ct_iv, b, off, 8, FALSE); + off += 8; + proto_tree_add_item(ti, hf_tripe_ct_cbc, b, off, -1, FALSE); + goto done; + done:; + } +} + +void proto_register_tripe(void) +{ + static value_string vs_kxtype[] = { + { KX_PRECHAL, "KX_PRECHAL (prechallenge)" }, + { KX_COOKIE, "KX_COOKIE (cookie)" }, + { KX_CHAL, "KX_CHAL (challenge)" }, + { KX_REPLY, "KX_REPLY (reply)" }, + { KX_SWITCH, "KX_SWITCH (switch request)" }, + { KX_SWITCHOK, "KX_SWITCHOK (switch response)" }, + { 0, 0 } + }; + + static hf_register_info hfs[] = { + &hf_tripe_cat, { + "Message category", "tripe.cat", + FT_UINT8, BASE_HEX, 0, MSG_CATMASK + }, + &hf_tripe_packet_type, { + "Packet message type", "tripe.packet.type", + FT_UINT8, BASE_HEX, 0, MSG_TYPEMASK, + "This is the TrIPE packet type subcode." + }, + &hf_tripe_ct, { + "Encrypted ciphertext", "tripe.ct", + FT_BYTES, BASE_NONE, 0, 0, + "This is an encrypted message." + }, + &hf_tripe_ct_seq, { + "Ciphertext sequence number", "tripe.ct.seq", + FT_UINT32, BASE_DEC, 0, 0, + "This is the unique sequence number for the ciphertext." + }, + &hf_tripe_ct_iv, { + "Ciphertext initialization vector", "tripe.ct.iv", + FT_BYTES, BASE_NONE, 0, 0, + "This is the initialization vector used for the actual encryption." + }, + &hf_tripe_ct_cbc, { + "CBC-encrypted data", "tripe.ct.cbc", + FT_BYTES, BASE_NONE, 0, 0, + "This is the CBC-encrypted message. Reading it ought to be hard." + }, + &hf_tripe_ct_mac, { + "Message authentication code", "tripe.ct.mac", + FT_BYTES, BASE_NONE, 0, 0, + "This is the message authentication code for the ciphertext." + }, + &hf_tripe_kx_type, { + "Key-exchange message type", "tripe.kx.type", + FT_UINT8, BASE_HEX, vs_kxtype, MSG_TYPEMASK, + "This is the TrIPE key-exchange type subcode." + }, + &hf_tripe_kx_mychal.hf, { + "Sender's challenge data", "tripe.kx.mychal", + FT_BYTES, BASE_NONE, 0, 0, + "This is the sender's challenge value." + }, + &hf_tripe_kx_mychal.hf_len, { + "Challenge length", "tripe.kx.mychal.len", + FT_UINT16, BASE_DEC, 0, 0, + "This is the length of the sender's challenge value." + }, + &hf_tripe_kx_mychal.hf_val, { + "Challenge value", "tripe.kx.mychal.val", + FT_BYTES, BASE_NONE, 0, 0, + "This is the value of the sender's challenge value." + }, + &hf_tripe_kx_mycookie, { + "Sender's hashed cookie", "tripe.kx.mycookie", + FT_BYTES, BASE_NONE, 0, 0, + "This is the hash of the sender's challenge." + }, + &hf_tripe_kx_yourcookie, { + "Recipient's hashed cookie", "tripe.kx.yourcookie", + FT_BYTES, BASE_NONE, 0, 0, + "This is the hash of the recipient's challenge." + }, + &hf_tripe_kx_check.hf, { + "Challenge check-value", "tripe.kx.check", + FT_BYTES, BASE_NONE, 0, 0, + "This is an encrypted check-value which proves that the sender " + "knows the answer to the challenge, and that it is therefore honest." + }, + &hf_tripe_kx_check.hf_len, { + "Check-value length", "tripe.kx.check.len", + FT_UINT16, BASE_DEC, 0, 0, + "This is the length of the encrypted check-value." + }, + &hf_tripe_kx_check.hf_val, { + "Check-value data", "tripe.kx.check.val", + FT_BYTES, BASE_NONE, 0, 0, + "This is the actual encrypted check-value." + }, + &hf_tripe_huh, { + "Unknown data", "tripe.huh", + FT_BYTES, BASE_NONE, 0, 0, + "I don't know what's meant to appear here." + }, + }; + + static gint *tts[] = { + &tt_tripe, + &tt_tripe_ct, + &hf_tripe_kx_mychal.tt, + &hf_tripe_kx_check.tt, + }; + + proto_tripe = proto_register_protocol("TrIPE", "TrIPE", "tripe"); + proto_register_field_array(proto_tripe, hfs, array_length(hfs)); + proto_register_subtree_array(tts, array_length(tts)); +} + +void proto_reg_handoff_tripe(void) +{ + dissector_handle_t dh; + + dh = create_dissector_handle(dissect_tripe, proto_tripe); + dissector_add("udp.port", 22003, dh); +} + +G_MODULE_EXPORT void plugin_reg_handoff(void) +{ + proto_reg_handoff_tripe(); +} + +G_MODULE_EXPORT void plugin_init(plugin_address_table_t *pat) +{ + plugin_address_table_init(pat); + if (proto_tripe == -1) + proto_register_tripe(); +} + +/*----- That's all, folks -------------------------------------------------*/ diff --git a/setup b/setup index 7e4b406a..a74f9dae 100755 --- a/setup +++ b/setup @@ -3,6 +3,7 @@ set -e mklinks mkaclocal +libtoolize autoheader autoconf automake diff --git a/tripe-protocol.h b/tripe-protocol.h new file mode 100644 index 00000000..bce8f1dc --- /dev/null +++ b/tripe-protocol.h @@ -0,0 +1,117 @@ +/* -*-c-*- + * + * $Id: tripe-protocol.h,v 1.1 2003/10/15 09:30:18 mdw Exp $ + * + * Protocol definition for TrIPE + * + * (c) 2003 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Trivial IP Encryption (TrIPE). + * + * TrIPE is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * TrIPE is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with TrIPE; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +/*----- Revision history --------------------------------------------------* + * + * $Log: tripe-protocol.h,v $ + * Revision 1.1 2003/10/15 09:30:18 mdw + * Add support for Ethereal protocol analysis. + * + */ + +#ifndef TRIPE_PROTOCOL_H +#define TRIPE_PROTOCOL_H + +/*----- TrIPE protocol ----------------------------------------------------*/ + +/* --- TrIPE message format --- * + * + * A packet begins with a single-byte message type. The top four bits are a + * category code used to send the message to the right general place in the + * code; the bottom bits identify the actual message type. + */ + +#define MSG_CATMASK 0xf0 +#define MSG_TYPEMASK 0x0f + +/* --- Encrypted message packets --- * + * + * Messages of category @MSG_PACKET@ contain encrypted network packets. The + * message content is a symmetric-encrypted block (see below). Reception of + * a packet encrypted under a new key implicitly permits that key to be used + * to send further packets. + * + * The only packet type accepted is zero. + * + * Packets may be encrypted under any live keyset, but should use the most + * recent one. + */ + +#define MSG_PACKET 0x00 + +/* --- Key exchange packets --- */ + +#define MSG_KEYEXCH 0x10 + +#define KX_PRECHAL 0u +#define KX_COOKIE 1u +#define KX_CHAL 2u +#define KX_REPLY 3u +#define KX_SWITCH 4u +#define KX_SWITCHOK 5u +#define KX_NMSG 6u + +/* --- Symmetric encryption and keysets --- * + * + * Packets consist of an 80-bit MAC, a 32-bit sequence number, and the + * encrypted payload. + * + * The plaintext is encrypted using Blowfish in CBC mode with ciphertext + * stealing (as described in [Schneier]. The initialization vector is + * selected randomly, and prepended to the actual ciphertext. + * + * The MAC is computed using the HMAC construction with RIPEMD160 over the + * sequence number and the ciphertext (with IV); the first 80 bits of the + * output are used. (This is the minimum allowed by the draft FIPS for HMAC, + * and the recommended truncation.) + * + * A keyset consists of + * + * * an integrity (MAC) key; + * * a confidentiality (encryption) key; and + * * a sequence numbering space + * + * in each direction. The packets sent by a host encrypted under a + * particular keyset are assigned consecutive sequence numbers starting from + * zero. The receiving host must ensure that it only accepts each packet at + * most once. It should maintain a window of sequence numbers: packets with + * numbers beyond the end of the window are accepted and cause the window to + * be advanced; packets with numbers before the start of the window are + * rejected; packets with numbers which appear within the window are accepted + * only if the number has not been seen before. + * + * When a host sends a @KX_SWITCH@ or @KX_SWITCHOK@ message, it installs the + * newly-negotiated keyset in a `listen-only' state: it may not send a packet + * encrypted under the keyset until either it has received a @KX_SWITCH@ or + * @KX_SWITCHOK@ message, or a @MSG_PACKET@ encrypted under the keyset, from + * its peer. + */ + +/*----- That's all, folks -------------------------------------------------*/ + +#endif diff --git a/tripe.h b/tripe.h index 8d70c1f6..385c45a2 100644 --- a/tripe.h +++ b/tripe.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tripe.h,v 1.16 2003/07/13 11:19:49 mdw Exp $ + * $Id: tripe.h,v 1.17 2003/10/15 09:30:18 mdw Exp $ * * Main header file for TrIPE * @@ -29,9 +29,13 @@ /*----- Revision history --------------------------------------------------* * * $Log: tripe.h,v $ + * Revision 1.17 2003/10/15 09:30:18 mdw + * Add support for Ethereal protocol analysis. + * * Revision 1.16 2003/07/13 11:19:49 mdw - * Incopatible protocol fix! Include message type code under MAC tag to prevent - * cut-and-paste from key-exchange messages to general packet transport. + * Incompatible protocol fix! Include message type code under MAC tag to + * prevent cut-and-paste from key-exchange messages to general packet + * transport. * * Revision 1.15 2003/05/16 12:09:03 mdw * Allow binding to a chosen address. @@ -137,6 +141,8 @@ #include #include +#include + #include #include #include @@ -151,7 +157,7 @@ #include #include -#include "buf.h" +#include "tripe-protocol.h" #include "util.h" #undef sun @@ -188,81 +194,6 @@ #define PKBUFSZ 65536 -/*----- TrIPE protocol ----------------------------------------------------*/ - -/* --- TrIPE message format --- * - * - * A packet begins with a single-byte message type. The top four bits are a - * category code used to send the message to the right general place in the - * code; the bottom bits identify the actual message type. - */ - -#define MSG_CATMASK 0xf0 -#define MSG_TYPEMASK 0x0f - -/* --- Encrypted message packets --- * - * - * Messages of category @MSG_PACKET@ contain encrypted network packets. The - * message content is a symmetric-encrypted block (see below). Reception of - * a packet encrypted under a new key implicitly permits that key to be used - * to send further packets. - * - * The only packet type accepted is zero. - * - * Packets may be encrypted under any live keyset, but should use the most - * recent one. - */ - -#define MSG_PACKET 0x00 - -/* --- Key exchange packets --- */ - -#define MSG_KEYEXCH 0x10 - -#define KX_PRECHAL 0u -#define KX_COOKIE 1u -#define KX_CHAL 2u -#define KX_REPLY 3u -#define KX_SWITCH 4u -#define KX_SWITCHOK 5u -#define KX_NMSG 6u - -/* --- Symmetric encryption and keysets --- * - * - * Packets consist of an 80-bit MAC, a 32-bit sequence number, and the - * encrypted payload. - * - * The plaintext is encrypted using Blowfish in CBC mode with ciphertext - * stealing (as described in [Schneier]. The initialization vector is - * selected randomly, and prepended to the actual ciphertext. - * - * The MAC is computed using the HMAC construction with RIPEMD160 over the - * sequence number and the ciphertext (with IV); the first 80 bits of the - * output are used. (This is the minimum allowed by the draft FIPS for HMAC, - * and the recommended truncation.) - * - * A keyset consists of - * - * * an integrity (MAC) key; - * * a confidentiality (encryption) key; and - * * a sequence numbering space - * - * in each direction. The packets sent by a host encrypted under a - * particular keyset are assigned consecutive sequence numbers starting from - * zero. The receiving host must ensure that it only accepts each packet at - * most once. It should maintain a window of sequence numbers: packets with - * numbers beyond the end of the window are accepted and cause the window to - * be advanced; packets with numbers before the start of the window are - * rejected; packets with numbers which appear within the window are accepted - * only if the number has not been seen before. - * - * When a host sends a @KX_SWITCH@ or @KX_SWITCHOK@ message, it installs the - * newly-negotiated keyset in a `listen-only' state: it may not send a packet - * encrypted under the keyset until either it has received a @KX_SWITCH@ or - * @KX_SWITCHOK@ message, or a @MSG_PACKET@ encrypted under the keyset, from - * its peer. - */ - /*----- Cipher selections -------------------------------------------------*/ #include -- [mdw]