/* packet-dof.c * Routines for Distributed Object Framework (DOF) Wireshark Support * Copyright 2015 Bryant Eastham * See https://opendof.org for more information. * * Wireshark - Network traffic analyzer * By Gerald Combs * Copyright 1998 Gerald Combs * * SPDX-License-Identifier: GPL-2.0-or-later */ /* INTRODUCTION * This very large dissector implements packet decoding for the entire * protocol suite of the OpenDOF Project. The OpenDOF Project * (https://opendof.org) is an open-source IoT platform with * implementations in Java, C#, and C. The protocols are documented * on the web site, and the IP ports referenced are registered with IANA. * * "DOF" stands for Distributed Object Framework. The protocols define * a complete protocol stack that can sit on top of a variety of transports. * The stack itself is called the DPS, or "DOF Protocol Stack". It * is a layered stack including a Network, Presentation, and Application * layer. The underlying transport can be anything, these dissectors * hook in to UDP and TCP. To the Wireshark user, however, this is * referred to as "dof" and not "dps". * * The following protocols are defined in the stack and implemented * here: * DNP - DOF Network Protocol (versions: 0, 1) * DPP - DOF Presentation Protocol (version: 0, 2) [1 is reserved and not supported] * DAP - DOF Application Protocols: * DSP - DOF Session Protocol (versions: 0) * OAP - Object Access Protocol (versions: 1) * TEP - Ticket Exchange Protocol (versions: 128) * TRP - Ticket Request Protocol (versions: 129) * SGMP - Secure Group Management Protocol (versions: 130) * DOFSEC - DOF Security Protocols: * CCM - Chained mode * TUN - A tunneling protocol for embedding DOF in other protocols. */ /* VERSIONS AND NAMING * There are several different ways in which "versions" are used * throughout the dissector. First, each of the DNP and DPP layers * has a defined 'version'. The DOF Application Protocols are also * distinguished by versioning, but it is actually the registered * application ID that is the version. This is complicated by * the fact that many of the application IDs represent the same * version of a protocol from a capability perspective (and * a user perspective) with the difference being some attribute * of the protocol - for example the security primitives used. * * Another means of versioning is by specification document. * In this case the document is identified by a year and sequence, * with specifications and PDUs using a name and sequence. * Naming of fields and variables will use these identifiers * as they are the easiest way to tie the code to the specifications. * * The specification documents are also the easiest way (although * maybe not the clearest) to expose fields to the Wireshar user. * A consistent naming is used, which is: * * (spec)-pdu-(seq)-(field) * For example: dof-2009-1-pdu-1-value * * Variable naming includes a protocol name to provide clarity. * * This is not the clearest from a user perspective, but it * has the benefit of tying directly to the specifications * themselves and uniquely identifies each field. * * Routines that dissect are uniformly named by the PDU * that they dissect using the PDU specification document * and PDU name from that document as follows: * * dissect_(spec)_(name) */ /* DISSECTOR DESIGN * The original work on these dissectors began over ten years ago, but * shared only within Panasonic. During the opening of the protocols in * March of 2015 the decision was made to contribute the code to the Wireshark * community. During this process the plugin approach was rejected and the * entire set made into standard dissectors, and further to that all of the * dissectors were merged into a single file. * * There are several types of supported dissectors that are part of the DPS family. * At the lowest level are the transport dissectors. The responsibility * of these dissectors is to determine the transport session information, pass * DPS packets to the DPS dissector, and properly maintain the dof_api_data * structure. * * The DPS dissector API comprises: * 1. The structure (dof_api_data) that is passed in the data field to the DPS * dissector. Transport plugins must understand this. * 2. The dof_transport_session structure, which contains all transport * information that is passed to the DPS dissector. * 3. The name of the DPS dissector. * * The DPS dissector API extends to dissectors that are called by the DPS dissectors. * * Finally, there is the DPS Security Mode dissectors. These dissectors are passed * additional security context information and it is their job to decrypt packets * and pass them to higher-level dissectors. * * The DOF Protocol Stack is strictly layered with minimal (and defined) state * exchanged between layers. This allows a fairly structured design, using * dissector tables at each layer. The main DPS dissector receives packets * from the transport hooks, and then dissects the packet layer by layer using * the different dissector tables. Dissectors and the DNP, DPP, and DAP layers. * * In addition to the main protocol stack with its associated protocols there are * additional common data elements that include extensibility. If an extension * is found then it will be used to dissect, otherwise the base dissector will be * used. */ /* SESSIONS * DOF defines sessions at many different levels, and state is always associated * with a session. Much of the power (and complexity) of these dissectors relates * to accurately tracking and maintaining context for each session, and displaying * context-related decode information based on the session. This includes, for * example, decoding encrypted data (including multicast group traffic) and * showing full packet information even when the packet data uses aliases or * other context specific data. * * Sessions are an extremely complex part of the dissectors because they occur at * so many different levels, and that they are temporal in nature while wireshark * is not. This means that all data structures that deal with sessions must deal * with both the level and the time of the packet. * * The levels are: * 1. Transport. These sessions are defined by the transport, and transport * addresses. As in the transports, there is no transport information allowed * at the dps level, but transport information is allowed to influence other * decisions. Every dps packet must be part of a transport session. Transport * sessions are usually managed as conversations in Wireshark. Each transport * session is has an identifier that is defined by the DPS plugin the first * time a packet in the transport session is passed to the plugin. * 2. DPS. These sessions are defined by DPS, and are part of the DNP definition. * These sessions are also assigned a unique DPS session identifier. * * 3. Security (Optional). Security sessions always exist inside of * an DPS session. Security sessions are further divided into epochs, keys, etc. * * Temporal information is always associated with packet numbers, which always increase. * This temporal information is used during the first pass to create sessions by * determining that a new packet doesn't belong to a previous session. * * During the first pass the data structures are referenced from the transport * session information up. The goal of the first pass is to create the most specific * session information and associate each packet with the appropriate session. These * sessions refer to more general session information. * * In order to make lookups easier, the most fine-grainded sessions are assigned * unique identifiers. Secure sessions are always born unsecure (during security * negotiation). These use the same session identifiers, but the state for the * secure and unsecured times are separated. Once a session is secured it never * transitions back to unsecured. * * MEMBERSHIP * Each packet is sent by a member of the session. Session members have state related * to the session. Packets are received by either a member of the session or the * session itself (implying all members). This means that packet state can come * from: * 1. The sender. * 2. The receiver (if directed to a receiver). * 3. The session. * The identity of a member is always a combination of transport and dps information. * However, the state of the membership is in the context of the session, keyed by * the sender. * * In order to make lookups easier, each unique sender in the system is * assigned a unique identifier. */ #include #include #include #include #include #include #include #include #include #include #include #include #include "packet-tcp.h" /* DEFINES, STRUCTURES, AND SUPPORT METHOD DECLARATIONS * The following sections includes preprocessor definitions, structure definitions, * and method declarations for all dissectors. * The ordering is by DPS stack order, general first and then by protocols. */ /** * GENERAL SUPPORT STRUCTURES * The following structures represent state that must be maintained for * the dissectors to operate. They are not directly related to protocol * information. */ /** * This structure represents a SID, or Sender ID, in the system. * This is allocated as global memory, and must be freed. SIDs * are Object IDs, and can be displayed in hex but preferrably * using the OID output format. Even though the OID contains * a length, we prefix this buffer with a length (which must * be less than 255 by the definition of a SID. * SIDs are not versioned, so they can be used universally in * any protocol version. */ typedef guint8 *dof_2009_1_pdu_19_sid; /** * This structure encapsulates an OPID, which is the combination of * a source identifier (SID, and OID) and a packet number. This is a separate * structure because some operations actually contain multiple opids, but need * to be placed in the appropriate data structures based on SID lookup. This * structure can be used as a key in different hash tables. */ typedef struct _dpp_opid { guint op_sid_id; dof_2009_1_pdu_19_sid op_sid; guint op_cnt; } dof_2009_1_pdu_20_opid; /** * This structure contains all of the transport session information * related to a particular session, but not related to the packet * within that session. That information is separated to allow * reuse of the structure. */ typedef struct _dof_transport_session { /** * TRANSPORT ID: This is a unique identifier for each transport, * used to prevent aliasing of the SENDER ID value in the * transport packet structure. It contains the protocol id * assigned by Wireshark (unique per protocol). */ gint transport_id; /** * For new sessions, this is left zero. The DPS dissector will * set this value. */ guint32 transport_session_id; /** * Timestamp of start of session. */ nstime_t session_start_ts; /** * Whether negotiation is required on this session. */ gboolean negotiation_required; /** * The frame number where negotiation was complete, or zero if not complete. */ guint32 negotiation_complete_at; /** * The time when negotiation was complete, or zero if not complete. */ nstime_t negotiation_complete_at_ts; /** * Type of transport session. */ gboolean is_streaming; /* Inverse is 'is_datagram'. */ /** * Cardinality of transport session. */ gboolean is_2_node; /* Inverse is 'is_n_node'. */ } dof_transport_session; typedef struct _dof_transport_packet { /** * Source of packet (if known, default is server). */ gboolean is_sent_by_client; /* Inverse is 'is_sent_by_server'. */ /** * SENDER ID/RECEIVER ID: A unique value that identifies the unique * transport sender/receiver address. This number is based on only * the transport, and not session, information. */ guint sender_id; guint receiver_id; } dof_transport_packet; /** * This structure maintains security state throughout an DPS session. * It is managed by the key exchange protocol, and becomes effective * at different dps packets in each communication direction. Decrypting * a packet requires that this structure exists. */ typedef struct _dof_session_key_exchange_data { /** * The frame at which this becomes valid for initiator packets. */ guint32 i_valid; /** * The frame at which this becomes valid for responder packets. */ guint32 r_valid; /** * SECURITY MODE: The security mode for a secure session. Set * by the key exchange dissector. */ guint32 security_mode; /** * SECURITY MODE INITIALIZATION DATA: Determined by the key exchange * protocol and passed here for the reference of the security mode. */ guint32 security_mode_data_length; guint8 *security_mode_data; /** * SECURITY MODE DATA: Created and managed by the security mode * dissector. */ void *security_mode_key_data; /** * SESSION KEY: Pointer to seasonal data that holds the encryption key. */ guint8 *session_key; /** * The next security data in this session. */ struct _dof_session_key_exchange_data *next; } dof_session_key_exchange_data; /** * This structure contains security keys that should be tried with * sessions that otherwise are not known. */ typedef struct _dof_session_key_data { guint8 *session_key; } dof_session_key_data; /** * This structure contains security keys for groups. */ typedef struct _dof_group_data { guint8 *domain; guint8 domain_length; guint8 *identity; guint8 identity_length; guint8 *kek; } dof_group_data; /** * This structure contains security keys for non-group identities. */ typedef struct _dof_identity_data { guint8 *domain; guint8 domain_length; guint8 *identity; guint8 identity_length; guint8 *secret; } dof_identity_data; /** * This structure exists for global security state. It exposes the * configuration data associated with DPS, and also is a common location * that learned security information is stored. Each dof_packet_data will * contain a pointer to this structure - there is only one for the entire * DPS. */ typedef struct _dof_security_data { /* Array of session_keys. */ dof_session_key_data *session_key; guint16 session_key_count; /* Array of group data. */ dof_group_data *group_data; guint16 group_data_count; /* Array of identity data. */ dof_identity_data *identity_data; guint16 identity_data_count; /* Global sessions. */ /*TODO: Figure this out */ /* dof_session_list* sessions; */ } dof_security_data; /** * This structure represents a key that is learned for a group and epoch. */ struct _dof_learned_group_data; typedef struct _dof_learned_group_auth_data { guint32 epoch; guint8 *kek; guint mode_length; guint8 *mode; guint16 security_mode; struct _dof_learned_group_data *parent; struct _dof_learned_group_auth_data *next; } dof_learned_group_auth_data; /** * This structure represents a group that is learned about. */ typedef struct _dof_learned_group_data { guint8 domain_length; guint8 *domain; guint8 group_length; guint8 *group; guint32 ssid; dof_learned_group_auth_data *keys; struct _dof_learned_group_data *next; } dof_learned_group_data; /** * This structure exists for each secure DPS session. This is kept in * addition to the normal session * Each packet that has state will contain a reference to one of these. * * Information in this structure is invariant for the duration of the * session *or* is only used during the initial pass through the packets. * Information that changes (for example, security parameters, keys, etc.) * needs to be maintained separately, although this structure is the * starting place for this information. * * This structure is initialized to zero. */ struct _dof_session_data; typedef struct _dof_secure_session_data { /** * SSID: Zero is typically used for streaming sessions. */ guint32 ssid; /** * DOMAIN LENGTH: The length of the security domain, greater than * zero for secure sessions. Set by the key exchange dissector. */ guint8 domain_length; /** * DOMAIN: The security domain itself, seasonal storage, non-null * for secure sessions. Set by the key exchange dissector. */ guint8 *domain; /** * SESSION SECURITY: This is a list of security data for this * session, created by the key exchange protocol. */ dof_session_key_exchange_data *session_security_data; dof_session_key_exchange_data *session_security_data_last; /** * NEXT: This is the next secure session related to the parent * unsecure session. Protocols can define new secure sessions and * add them to this list. DPP then finds the correct secure session * for a secure packet and caches it. */ struct _dof_secure_session_data *next; struct _dof_session_data *parent; guint32 original_session_id; gboolean is_2_node; } dof_secure_session_data; /** * This structure exists for each DPS session. Secure sessions have an * additional data structure that includes the secure session information. * Each packet that has state will contain a reference to one of these. * * Information in this structure is invariant for the duration of the * session *or* is only used during the initial pass through the packets. * Information that changes (for example, security parameters, keys, etc.) * needs to be maintained separately, although this structure is the * starting place for this information. * * This structure is initialized to zero. */ typedef struct _dof_session_data { /** * SESSION ID: Set when the session is created, required. */ guint32 session_id; /** * DPS ID: The type of DPS SENDER ID (in the packet data) to prevent * aliasing. Since DPS senders identifiers relate to DNP, this is the * DNP version number. */ guint8 dof_id; /** * SECURE SESSIONS: When secure sessions are created from this * unsecure session then they are added to this list. Each member * of the list must be distinguished. */ dof_secure_session_data *secure_sessions; /** * Protocol-specific data. */ GSList *data_list; } dof_session_data; /* DOF Security Structures. */ /* Return structures for different packets. */ typedef struct _dof_2008_16_security_3_1 { tvbuff_t *identity; } dof_2008_16_security_3_1; typedef struct _dof_2008_16_security_4 { tvbuff_t *identity; tvbuff_t *nonce; } dof_2008_16_security_4; typedef struct _dof_2008_16_security_6_1 { tvbuff_t *i_identity; tvbuff_t *i_nonce; guint16 security_mode; guint32 security_mode_data_length; guint8 *security_mode_data; } dof_2008_16_security_6_1; typedef struct _dof_2008_16_security_6_2 { tvbuff_t *r_identity; tvbuff_t *r_nonce; } dof_2008_16_security_6_2; /** * This structure defines the address for Wireshark transports. There is no * DPS information associated here. */ typedef struct _ws_node { address addr; guint32 port; } ws_node; typedef struct _dof_session_list { dof_session_data *session; struct _dof_session_list *next; } dof_session_list; /** * DOF PACKET DATA * This structure exists for each DOF packet. There is ABSOLUTELY NO * transport-specific information here, although there is a session * number which may relate to transport information indirectly through * a transport session. * There will be one of these for each DOF packet, even if the corresponding * Wireshark frame has multiple DOF packets encapsulated in it. The key * to this structure is the operation identifier, and there is a hash * lookup to go from an operation identifier to this structure. */ typedef struct _dof_packet_data { /** * NON-DPS FIELDS, USED FOR WIRESHARK COMMUNICATION/PROCESSING * Protocol-specific data. */ wmem_list_t *data_list; /** * The Wireshark frame. Note that a single frame can have multiple DPS packets. */ guint32 frame; /** * The DPS frame/packet. This number is unique in the entire trace. */ guint32 dof_frame; /** * Packet linked list for all dps packets. */ struct _dof_packet_data *next; /** * DPS FIELDS * Indicator that the packet has already been processed. Processed packets * have all their fields set that can be determined. Further attempts to * determine NULL fields are worthless. */ gboolean processed; /** * SUMMARY: An operation summary, displayed in the Operation History. This is seasonal * data, managed by the DPP dissector. */ const gchar *summary; /** * SENDER ID/RECEIVER ID: An identifier for each unique sender/receiver according to DPS. * This augments the transport SENDER ID/RECEIVER ID in determining each * unique sender. */ gint sender_id; gint receiver_id; /** * DPP INFORMATION - CACHED INFORMATION */ gboolean is_command; /* Inverse is 'is_response'. */ gboolean is_sent_by_initiator; /** * SENDER SID ID/RECEIVER SID ID: An identifier for the sid associated with this packet's sender. * Zero indicates that it has not been assigned. Assigned by the DPP * dissector. */ guint sender_sid_id; guint receiver_sid_id; /** * SENDER SID/RECEIVER SID: The SID of the sender/receiver, or NULL if not known. */ dof_2009_1_pdu_19_sid sender_sid; dof_2009_1_pdu_19_sid receiver_sid; /** * Operation references. */ gboolean has_opid; dof_2009_1_pdu_20_opid op; gboolean has_referenced_opid; dof_2009_1_pdu_20_opid ref_op; struct _dof_packet_data *opid_first; struct _dof_packet_data *opid_next; struct _dof_packet_data *opid_last; struct _dof_packet_data *opid_first_response; struct _dof_packet_data *opid_next_response; struct _dof_packet_data *opid_last_response; /** * SECURITY INFORMATION - CACHED */ const gchar *security_session_error; dof_session_key_exchange_data *security_session; void *security_packet; guint8 *decrypted_buffer; tvbuff_t *decrypted_tvb; guint16 decrypted_offset; gchar *decrypted_buffer_error; /** * OPERATION DATA: Generic data, seasonal, owned by the application protocol dissector * for this packet. */ void *opid_data; } dof_packet_data; /** * This structure represents globals that are passed to all dissectors. */ typedef struct _dof_globals { guint32 next_transport_session; guint32 next_session; dof_packet_data *dof_packet_head; dof_packet_data *dof_packet_tail; dof_security_data *global_security; dof_learned_group_data *learned_group_data; gboolean decrypt_all_packets; gboolean track_operations; guint track_operations_window; } dof_globals; /** * This structure contains all information that is passed between * transport dissectors/plugins and the DPS dissector. It is allocated * by the transport plugin, and its fields are set as described here. */ typedef struct _dof_api_data { /** * TRANSPORT SESSION: Set by the transport dissector, required. */ dof_transport_session *transport_session; /** * TRANSPORT PACKET: Set by the transport dissector, required. */ dof_transport_packet *transport_packet; /** * DPS SESSION: Set by the DPS dissector. */ dof_session_data *session; /** * DPS DATA: Set by the DPS dissector. */ dof_packet_data *packet; /** * DPS SECURE SESSION: Set by the DPP dissector. */ dof_secure_session_data *secure_session; } dof_api_data; /** * This set of types defines the Security Mode dissector API. * This structure identifies the context of the dissection, * allowing a single structure to know what part of the packet * of sequence of packets it is working with. * * Structure for Security Mode of Operation dissectors. */ typedef enum _dof_secmode_context { INITIALIZE, HEADER, TRAILER } dof_secmode_context; /* Seasonal, initialized to zero. */ typedef struct _dof_secmode_api_data { /** * API VERSION: Set by the DPS dissector, required. * MUST BE THE FIRST FIELD. */ guint8 version; /** * CONTEXT: Set the DPS dissector, required. */ dof_secmode_context context; /** * SECURITY MODE OFFSET: The packet offset from the DPP header of the security mode. */ guint security_mode_offset; /** * API DATA: Set by the DPS dissector, required. */ dof_api_data *dof_api; /** * SECURE SESSION DATA: Controlled by the caller, either associated * with the current packet (HEADER mode) or not (other modes). * Used to access session information. */ dof_secure_session_data *secure_session; /** * KEY EXCHANGE: Controlled by the caller, represents the key exchange * for INITIALIZE mode. */ dof_session_key_exchange_data *session_key_data; } dof_secmode_api_data; /* These should be the only non-static declarations in the file. */ void proto_register_dof(void); void proto_reg_handoff_dof(void); /* Dissector routines. */ static int dissect_2008_1_dsp_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); static int dissect_2008_16_security_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_3_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_3_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_6_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_6_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_6_3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_9(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_10(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_11(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_12(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2008_16_security_13(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2009_11_type_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_2009_11_type_5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); static const gchar* dof_oid_create_standard_string(guint32 bufferSize, const guint8 *pOIDBuffer); static const gchar* dof_iid_create_standard_string(guint32 bufferSize, const guint8 *pIIDBuffer); static guint8 dof_oid_create_internal(const char *oid, guint32 *size, guint8 *buffer); static void dof_oid_new_standard_string(const char *data, guint32 *rsize, guint8 **oid); static gint read_c4(tvbuff_t *tvb, gint offset, guint32 *v, gint *len); static void validate_c4(packet_info *pinfo, proto_item *pi, guint32, gint len); static gint read_c3(tvbuff_t *tvb, gint offset, guint32 *v, gint *len); static void validate_c3(packet_info *pinfo, proto_item *pi, guint32, gint len); static gint read_c2(tvbuff_t *tvb, gint offset, guint16 *v, gint *len); static void validate_c2(packet_info *pinfo, proto_item *pi, guint16, gint len); static gint dof_dissect_pdu(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *result); static gint dof_dissect_pdu_as_field(dissector_t disector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int item, int ett, void *result); #if 0 /* TODO not used yet */ static void dof_session_add_proto_data(dof_session_data *session, int proto, void *proto_data); static void* dof_session_get_proto_data(dof_session_data *session, int proto); static void dof_session_delete_proto_data(dof_session_data *session, int proto); #endif static void dof_packet_add_proto_data(dof_packet_data *packet, int proto, void *proto_data); static void* dof_packet_get_proto_data(dof_packet_data *packet, int proto); /* DOF PROTOCOL STACK */ #define DOF_PROTOCOL_STACK "DOF Protocol Stack" /** * PORTS * The following ports are registered with IANA and used to hook transport * dissectors into the lower-level Wireshark transport dissectors. * * Related to these ports is the usage of conversations for DOF. The goal of * using Wireshark conversations is to guarantee that DPS data is available for * any DPS packet. However, there is no assumption that Wireshark conversations * map in any way to DOF sessions. * * One exception to this use is in discovery of DOF servers. The DOF_MCAST_NEG_SEC_UDP_PORT * is watched for all traffic. A "wildcard" conversation is then created for the * source address, and the DPS dissector is associated with that port. In this * way, servers on non-standard ports will automatically be decoded using DPS. */ #define DOF_NEG_SEC_UDP_PORT_RANGE "3567,5567" /* P2P + Multicast */ #define DOF_P2P_NEG_SEC_TCP_PORT 3567 /* Reserved UDP port 3568*/ #define DOF_TUN_SEC_TCP_PORT 3568 #define DOF_P2P_SEC_TCP_PORT 5567 /* Reserved UDP port 8567*/ #define DOF_TUN_NON_SEC_TCP_PORT 8567 /* This is needed to register multicast sessions with the UDP handler. */ static dissector_handle_t dof_udp_handle; static int proto_2008_1_dof = -1; static int proto_2008_1_dof_tcp = -1; static int proto_2008_1_dof_udp = -1; static int hf_2008_1_dof_session = -1; static int hf_2008_1_dof_is_2_node = -1; static int hf_2008_1_dof_is_streaming = -1; static int hf_2008_1_dof_is_from_client = -1; static int hf_2008_1_dof_frame = -1; static int hf_2008_1_dof_session_transport = -1; static int ett_2008_1_dof = -1; /* DOF Tunnel Protocol */ /* UDP Registrations */ #define TUNNEL_PROTOCOL_STACK "DOF Tunnel Protocol Stack" #define TUNNEL_APPLICATION_PROTOCOL "DOF Tunnel Protocol" static dissector_table_t dof_tun_app_dissectors; /***** TUNNEL *****/ static int proto_2012_1_tunnel = -1; static int ett_2012_1_tunnel = -1; static int hf_2012_1_tunnel_1_version = -1; static int hf_2012_1_tunnel_1_length = -1; /* DOF NETWORK PROTOCOL */ #define DNP_MAX_VERSION 1 #define DOF_NETWORK_PROTOCOL "DOF Network Protocol" static dissector_table_t dnp_dissectors; static dissector_table_t dnp_framing_dissectors; static int proto_2008_1_dnp = -1; static int hf_2008_1_dnp_1_version = -1; static int hf_2008_1_dnp_1_flag = -1; static int ett_2008_1_dnp = -1; static int ett_2008_1_dnp_header = -1; /* DNP V0 */ static int proto_2008_1_dnp_0 = -1; static int hf_2008_1_dnp_0_1_1_padding = -1; static int hf_2008_1_dnp_0_1_1_version = -1; /* DNP V1 */ #define DNP_V1_DEFAULT_FLAGS (0) static int proto_2009_9_dnp_1 = -1; static int hf_2009_9_dnp_1_flags = -1; static int hf_2009_9_dnp_1_flag_length = -1; static int hf_2009_9_dnp_1_length = -1; static int hf_2009_9_dnp_1_flag_srcport = -1; static int hf_2009_9_dnp_1_srcport = -1; static int hf_2009_9_dnp_1_flag_dstport = -1; static int hf_2009_9_dnp_1_dstport = -1; static int ett_2009_9_dnp_1_flags = -1; static int * const bitmask_2009_9_dnp_1_flags[] = { &hf_2009_9_dnp_1_flag_length, &hf_2009_9_dnp_1_flag_srcport, &hf_2009_9_dnp_1_flag_dstport, NULL }; /* DOF PRESENTATION PROTOCOL */ #define DOF_PRESENTATION_PROTOCOL "DOF Presentation Protocol" static dissector_table_t dof_dpp_dissectors; static int proto_2008_1_dpp = -1; static int hf_2008_1_dpp_sid_num = -1; static int hf_2008_1_dpp_rid_num = -1; static int hf_2008_1_dpp_sid_str = -1; static int hf_2008_1_dpp_rid_str = -1; static int hf_2008_1_dpp_first_command = -1; static int hf_2008_1_dpp_last_command = -1; static int hf_2008_1_dpp_first_response = -1; static int hf_2008_1_dpp_last_response = -1; static int hf_2008_1_dpp_related_frame = -1; static int hf_2008_1_dpp_1_version = -1; static int hf_2008_1_dpp_1_flag = -1; static int ett_2008_1_dpp = -1; static int ett_2008_1_dpp_1_header = -1; /* DPP V0 */ static int proto_2008_1_dpp_0 = -1; static int hf_2008_1_dpp_0_1_1_version = -1; /* DPP V1 - RESERVED, NOT SUPPORTED */ /* DPP V2 */ #define DPP_V2_DEFAULT_FLAGS (0) #define DPP_V2_SEC_FLAG_E (0x80) #define DPP_V2_SEC_FLAG_D (0x08) #define DPP_V2_SEC_FLAG_P (0x04) #define DPP_V2_SEC_FLAG_A (0x02) #define DPP_V2_SEC_FLAG_S (0x01) static int proto_2009_12_dpp = -1; static int proto_2009_12_dpp_common = -1; /* TODO: The complete on final and final flags are not covered. */ static int hf_2009_12_dpp_2_1_flags = -1; static int hf_2009_12_dpp_2_1_flag_security = -1; static int hf_2009_12_dpp_2_1_flag_opid = -1; static int hf_2009_12_dpp_2_1_flag_seq = -1; static int hf_2009_12_dpp_2_1_flag_retry = -1; static int hf_2009_12_dpp_2_1_flag_cmdrsp = -1; static int hf_2009_12_dpp_2_3_sec_flags = -1; static int hf_2009_12_dpp_2_3_sec_flag_secure = -1; static int hf_2009_12_dpp_2_3_sec_flag_rdid = -1; static int hf_2009_12_dpp_2_3_sec_flag_partition = -1; static int hf_2009_12_dpp_2_3_sec_flag_ssid = -1; static int hf_2009_12_dpp_2_3_sec_flag_as = -1; static int hf_2009_12_dpp_2_3_sec_ssid = -1; static int hf_2009_12_dpp_2_3_sec_rdid = -1; static int hf_2009_12_dpp_2_3_sec_remote_partition = -1; static int hf_2009_12_dpp_2_3_sec_partition = -1; static int hf_2009_12_dpp_2_1_opcnt = -1; static int hf_2009_12_dpp_2_1_seq = -1; static int hf_2009_12_dpp_2_1_retry = -1; static int hf_2009_12_dpp_2_1_delay = -1; static int hf_2009_12_dpp_2_14_opcode = -1; static int ett_2009_12_dpp_2_1_flags = -1; static int ett_2009_12_dpp_2_3_security = -1; static int ett_2009_12_dpp_2_3_sec_flags = -1; static int ett_2009_12_dpp_2_3_sec_remote_partition = -1; static int ett_2009_12_dpp_2_3_sec_partition = -1; static int ett_2009_12_dpp_2_opid = -1; static int ett_2009_12_dpp_2_opid_history = -1; static int ett_2009_12_dpp_common = -1; static const value_string strings_2009_12_dpp_opid_types[] = { { 0, "Not Present" }, { 1, "SID [Sender]" }, { 2, "SID [Receiver]" }, { 3, "SID [Explicit]" }, { 0, NULL } }; #define OP_2009_12_RESPONSE_FLAG (0x80) #define OP_2009_12_NODE_DOWN_CMD (0) #define OP_2009_12_NODE_DOWN_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_NODE_DOWN_CMD) #define OP_2009_12_SOURCE_LOST_CMD (1) #define OP_2009_12_SOURCE_LOST_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_SOURCE_LOST_CMD) #define OP_2009_12_RENAME_CMD (2) #define OP_2009_12_RENAME_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_RENAME_CMD) #define OP_2009_12_PING_CMD (3) #define OP_2009_12_PING_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_PING_CMD) #define OP_2009_12_CANCEL_ALL_CMD (4) #define OP_2009_12_CANCEL_ALL_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_CANCEL_ALL_CMD) #define OP_2009_12_HEARTBEAT_CMD (5) #define OP_2009_12_HEARTBEAT_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_HEARTBEAT_CMD) #define OP_2009_12_QUERY_CMD (6) #define OP_2009_12_QUERY_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_QUERY_CMD) #define OP_2009_12_SOURCE_FOUND_CMD (8) #define OP_2009_12_SOURCE_FOUND_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_SOURCE_FOUND_CMD) static const value_string strings_2009_12_dpp_common_opcodes[] = { { OP_2009_12_NODE_DOWN_CMD, "DPP Node Down" }, { OP_2009_12_NODE_DOWN_RSP, "DPP Node Down Response (Illegal)" }, { OP_2009_12_SOURCE_LOST_CMD, "DPP Source Lost" }, { OP_2009_12_SOURCE_LOST_RSP, "DPP Source Lost Response (Illegal)" }, { OP_2009_12_SOURCE_FOUND_CMD, "DPP Source Found" }, { OP_2009_12_SOURCE_FOUND_RSP, "DPP Source Found Response (Illegal)" }, { OP_2009_12_RENAME_CMD, "DPP Rename" }, { OP_2009_12_RENAME_RSP, "DPP Rename Response (Illegal)" }, { OP_2009_12_PING_CMD, "DPP Ping" }, { OP_2009_12_PING_RSP, "DPP Ping Response" }, { OP_2009_12_HEARTBEAT_CMD, "DPP Heartbeat" }, { OP_2009_12_HEARTBEAT_RSP, "DPP Heartbeat Response (Illegal)" }, { OP_2009_12_QUERY_CMD, "DPP Query" }, { OP_2009_12_QUERY_RSP, "DPP Query Response" }, { OP_2009_12_CANCEL_ALL_CMD, "DPP Cancel All" }, { OP_2009_12_CANCEL_ALL_RSP, "DPP Cancel All Response (Illegal)" }, { 0, NULL } }; /* DOF APPLICATION PROTOCOL */ #define DOF_APPLICATION_PROTOCOL "DOF Application Protocol" static dissector_table_t app_dissectors; static int proto_2008_1_app = -1; static int hf_2008_1_app_version = -1; /* DAP V0 (DSP - DOF SESSION PROTOCOL) */ /* Note that DSP is *always* appid 0 and so it violates the standard naming rule. */ static dissector_table_t dsp_option_dissectors; static int hf_2008_1_dsp_12_opcode = -1; static int hf_2008_1_dsp_attribute_code = -1; static int hf_2008_1_dsp_attribute_data = -1; static int hf_2008_1_dsp_value_length = -1; static int hf_2008_1_dsp_value_data = -1; static const value_string strings_2008_1_dsp_attribute_codes[] = { { 0, "TEP Family" }, { 1, "OAP Family" }, { 2, "CCM Family" }, { 3, "TRP Family" }, { 255, "General" }, { 0, NULL } }; #define DOF_PROTOCOL_DSP 0 #define DSP_OAP_FAMILY 0x010000 static int proto_2008_1_dsp = -1; #define OP_2008_1_RSP (0x80) #define OP_2008_1_QUERY_CMD 0 #define OP_2008_1_QUERY_RSP (OP_2008_1_RSP|OP_2008_1_QUERY_CMD) #define OP_2008_1_CONFIG_REQ 1 #define OP_2008_1_CONFIG_ACK (OP_2008_1_RSP|2) #define OP_2008_1_CONFIG_NAK (OP_2008_1_RSP|3) #define OP_2008_1_CONFIG_REJ (OP_2008_1_RSP|4) #define OP_2008_1_TERMINATE_CMD 5 #define OP_2008_1_TERMINATE_RSP (OP_2008_1_RSP|OP_2008_1_TERMINATE_CMD) #define OP_2008_1_OPEN_CMD 6 #define OP_2008_1_OPEN_RSP (OP_2008_1_RSP|OP_2008_1_OPEN_CMD) #define OP_2008_1_OPEN_SECURE_RSP (OP_2008_1_RSP|7) static const value_string strings_2008_1_dsp_opcodes[] = { { OP_2008_1_QUERY_CMD, "DSP Query" }, { OP_2008_1_QUERY_RSP, "DSP Query Response" }, { OP_2008_1_CONFIG_REQ, "DSP Request" }, { OP_2008_1_CONFIG_ACK, "DSP ACK Response" }, { OP_2008_1_CONFIG_NAK, "DSP NAK Response" }, { OP_2008_1_CONFIG_REJ, "DSP REJ Response" }, { OP_2008_1_TERMINATE_CMD, "DSP Terminate/Close Request" }, { OP_2008_1_TERMINATE_RSP, "DSP Terminate/Close Response" }, { OP_2008_1_OPEN_CMD, "DSP Open" }, { OP_2008_1_OPEN_RSP, "DSP Open Response" }, { OP_2008_1_OPEN_SECURE_RSP, "DSP Open Secure Response" }, { 0, NULL } }; #define DSP_AVP_AUTHENTICATION 0 #define DSP_AVP_APPLICATION 1 #if 0 /* not used yet */ static const value_string strings_2008_1_dsp_attributes[] = { { DSP_AVP_AUTHENTICATION, "Authentication Protocol" }, { DSP_AVP_APPLICATION, "Application Protocol" }, { 0, NULL } }; static const value_string strings_2008_1_dsp_values[] = { { 1, "DOF Object Access Protocol (version 1)" }, { 3, "DOF Ticket Exchange Protocol (version 1)" }, { 0, NULL } }; #endif static int ett_2008_1_dsp_12 = -1; static int ett_2008_1_dsp_12_options = -1; static int ett_2008_1_dsp_12_option = -1; /* DAP V1 (OAP - OBJECT ACCESS PROTOCOL V1) */ /* This is the defined protocol id for OAP. */ #define DOF_PROTOCOL_OAP_1 1 /* There are two "protocols", one hooks into DSP and the other to DOF. */ static int proto_oap_1 = -1; static int proto_oap_1_dsp = -1; /* OAP DSP protocol items. */ static int hf_oap_1_dsp_option = -1; /* OAP protocol items. */ static int hf_oap_1_opcode = -1; static int hf_oap_1_alias_size = -1; static int hf_oap_1_flags = -1; static int hf_oap_1_exception_internal_flag = -1; static int hf_oap_1_exception_final_flag = -1; static int hf_oap_1_exception_provider_flag = -1; static int hf_oap_1_cmdcontrol = -1; static int hf_oap_1_cmdcontrol_cache_flag = -1; static int hf_oap_1_cmdcontrol_verbosity_flag = -1; static int hf_oap_1_cmdcontrol_noexecute_flag = -1; static int hf_oap_1_cmdcontrol_ack_flag = -1; static int hf_oap_1_cmdcontrol_delay_flag = -1; static int hf_oap_1_cmdcontrol_heuristic_flag = -1; static int hf_oap_1_cmdcontrol_heuristic = -1; static int hf_oap_1_cmdcontrol_cache = -1; static int hf_oap_1_cmdcontrol_ackcnt = -1; static int hf_oap_1_cmdcontrol_ack = -1; #if 0 /* not used yet */ static int hf_oap_1_opinfo_start_frame = -1; static int hf_oap_1_opinfo_end_frame = -1; static int hf_oap_1_opinfo_timeout = -1; #endif static int hf_oap_1_providerid = -1; static int ett_oap_1_1_providerid = -1; static int hf_oap_1_objectid = -1; static int ett_oap_1_objectid = -1; static int hf_oap_1_interfaceid = -1; static int hf_oap_1_itemid = -1; #if 0 /* not used yet */ static int hf_oap_1_distance = -1; #endif static int hf_oap_1_alias = -1; static int hf_oap_1_alias_frame = -1; static int hf_oap_1_subscription_delta = -1; static int hf_oap_1_update_sequence = -1; static int hf_oap_1_value_list = -1; static int ett_oap_1_dsp = -1; static int ett_oap_1_dsp_options = -1; static int ett_oap_1 = -1; static int ett_oap_1_opinfo = -1; static int ett_oap_1_cmdcontrol = -1; static int ett_oap_1_cmdcontrol_flags = -1; static int ett_oap_1_cmdcontrol_ack = -1; static int ett_oap_1_alias = -1; static int * const bitmask_oap_1_cmdcontrol_flags[] = { &hf_oap_1_cmdcontrol_cache_flag, &hf_oap_1_cmdcontrol_verbosity_flag, &hf_oap_1_cmdcontrol_noexecute_flag, &hf_oap_1_cmdcontrol_ack_flag, &hf_oap_1_cmdcontrol_delay_flag, &hf_oap_1_cmdcontrol_heuristic_flag, NULL }; static expert_field ei_oap_no_session = EI_INIT; static GHashTable *oap_1_alias_to_binding = NULL; #define OAP_1_RESPONSE (0x80) #define OAP_1_CMD_ACTIVATE 28 #define OAP_1_RSP_ACTIVATE (OAP_1_CMD_ACTIVATE|OAP_1_RESPONSE) #define OAP_1_CMD_ADVERTISE 5 #define OAP_1_RSP_ADVERTISE (OAP_1_CMD_ADVERTISE|OAP_1_RESPONSE) #define OAP_1_CMD_CHANGE 2 #define OAP_1_RSP_CHANGE (OAP_1_CMD_CHANGE|OAP_1_RESPONSE) #define OAP_1_CMD_CONNECT 4 #define OAP_1_RSP_CONNECT (OAP_1_CMD_CONNECT|OAP_1_RESPONSE) #define OAP_1_CMD_DEFINE 6 #define OAP_1_RSP_DEFINE (OAP_1_CMD_DEFINE|OAP_1_RESPONSE) #define OAP_1_CMD_EXCEPTION 9 #define OAP_1_RSP_EXCEPTION (OAP_1_CMD_EXCEPTION|OAP_1_RESPONSE) #define OAP_1_CMD_FULL_CONNECT 3 #define OAP_1_RSP_FULL_CONNECT (OAP_1_CMD_FULL_CONNECT|OAP_1_RESPONSE) #define OAP_1_CMD_GET 10 #define OAP_1_RSP_GET (OAP_1_CMD_GET|OAP_1_RESPONSE) #define OAP_1_CMD_INVOKE 12 #define OAP_1_RSP_INVOKE (OAP_1_CMD_INVOKE|OAP_1_RESPONSE) #define OAP_1_CMD_OPEN 14 #define OAP_1_RSP_OPEN (OAP_1_CMD_OPEN|OAP_1_RESPONSE) #define OAP_1_CMD_PROVIDE 16 #define OAP_1_RSP_PROVIDE (OAP_1_CMD_PROVIDE|OAP_1_RESPONSE) #define OAP_1_CMD_REGISTER 25 #define OAP_1_RSP_REGISTER (OAP_1_CMD_REGISTER|OAP_1_RESPONSE) #define OAP_1_CMD_SET 20 #define OAP_1_RSP_SET (OAP_1_CMD_SET|OAP_1_RESPONSE) #define OAP_1_CMD_SIGNAL 22 #define OAP_1_RSP_SIGNAL (OAP_1_CMD_SIGNAL|OAP_1_RESPONSE) #define OAP_1_CMD_SUBSCRIBE 24 #define OAP_1_RSP_SUBSCRIBE (OAP_1_CMD_SUBSCRIBE|OAP_1_RESPONSE) #define OAP_1_CMD_WATCH 30 #define OAP_1_RSP_WATCH (OAP_1_CMD_WATCH|OAP_1_RESPONSE) static const value_string oap_opcode_strings[] = { { OAP_1_CMD_ACTIVATE, "OAP Activate" }, { OAP_1_RSP_ACTIVATE, "OAP Activate Response (Illegal)" }, { OAP_1_CMD_ADVERTISE, "OAP Advertise" }, { OAP_1_RSP_ADVERTISE, "OAP Advertise Response (Illegal)" }, { OAP_1_CMD_CHANGE, "OAP Change" }, { OAP_1_RSP_CHANGE, "OAP Change Response (Illegal)" }, { OAP_1_CMD_CONNECT, "OAP Connect" }, { OAP_1_RSP_CONNECT, "OAP Connect Response (Illegal)" }, { OAP_1_CMD_DEFINE, "OAP Define" }, { OAP_1_RSP_DEFINE, "OAP Define Response" }, { OAP_1_CMD_EXCEPTION, "OAP Exception (Illegal)" }, { OAP_1_RSP_EXCEPTION, "OAP Exception Response" }, { OAP_1_CMD_FULL_CONNECT, "OAP Full Connect" }, { OAP_1_RSP_FULL_CONNECT, "OAP Full Connect Response (Illegal)" }, { OAP_1_CMD_GET, "OAP Get" }, { OAP_1_RSP_GET, "OAP Get Response" }, { OAP_1_CMD_INVOKE, "OAP Invoke" }, { OAP_1_RSP_INVOKE, "OAP Invoke Response" }, { OAP_1_CMD_OPEN, "OAP Open" }, { OAP_1_RSP_OPEN, "OAP Open Response" }, { OAP_1_CMD_PROVIDE, "OAP Provide" }, { OAP_1_RSP_PROVIDE, "OAP Provide Response (Illegal)" }, { OAP_1_CMD_REGISTER, "OAP Register" }, { OAP_1_RSP_REGISTER, "OAP Register Response" }, { OAP_1_CMD_SET, "OAP Set" }, { OAP_1_RSP_SET, "OAP Set Response" }, { OAP_1_CMD_SIGNAL, "OAP Signal" }, { OAP_1_RSP_SIGNAL, "OAP Signal Response (Illegal)" }, { OAP_1_CMD_SUBSCRIBE, "OAP Subscribe" }, { OAP_1_RSP_SUBSCRIBE, "OAP Subscribe Response" }, { OAP_1_CMD_WATCH, "OAP Watch" }, { OAP_1_RSP_WATCH, "OAP Watch Response (Illegal)" }, { 0, NULL } }; typedef struct _alias_key { guint32 session; guint32 sender; guint32 alias; } oap_1_alias_key; static guint oap_1_alias_hash_func(gconstpointer ptr) { const oap_1_alias_key *key = (const oap_1_alias_key *)ptr; return g_int_hash(&key->session) + g_int_hash(&key->sender) + g_int_hash(&key->alias); } static int oap_1_alias_equal_func(gconstpointer ptr1, gconstpointer ptr2) { const oap_1_alias_key *key1 = (const oap_1_alias_key *)ptr1; const oap_1_alias_key *key2 = (const oap_1_alias_key *)ptr2; if (key1->session != key2->session) return 0; if (key1->sender != key2->sender) return 0; if (key1->alias != key2->alias) return 0; return 1; } typedef struct { guint8 *oid; guint16 oid_length; guint8 *iid; guint16 iid_length; guint32 frame; } oap_1_binding; typedef struct oap_1_binding_list { oap_1_binding *binding; struct oap_1_binding_list *next; } oap_1_binding_list; typedef struct { oap_1_binding *resolved_alias; } oap_1_packet_data; static oap_1_binding* oap_1_resolve_alias(oap_1_alias_key *key); static int oap_1_tree_add_alias(dof_api_data *api_data, oap_1_packet_data *oap_packet _U_, dof_packet_data *packet, proto_tree *tree, tvbuff_t *tvb, gint offset, guint8 alias_length, guint8 resolve) { dof_session_data *session = api_data->session; proto_item *ti; proto_tree *options_tree; if (alias_length == 0) /* TODO: Output error. */ return offset; if (session == NULL) /* TODO: Output error. */ return offset; ti = proto_tree_add_item(tree, hf_oap_1_alias, tvb, offset, alias_length, ENC_BIG_ENDIAN); if (resolve) { oap_1_binding *binding = NULL; oap_1_alias_key key; int i; guint32 alias; alias = 0; for (i = 0; i < alias_length; i++) alias = (alias << 8) | tvb_get_guint8(tvb, offset + i); key.session = session->session_id; key.sender = packet->sender_id; key.alias = alias; binding = oap_1_resolve_alias(&key); if (binding) { options_tree = proto_item_add_subtree(ti, ett_oap_1_alias); /* Decode the Interface */ ti = proto_tree_add_bytes_format_value(tree, hf_oap_1_interfaceid, tvb, 0, 0, binding->iid, "%s", dof_iid_create_standard_string(binding->iid_length, binding->iid)); proto_item_set_generated(ti); /* Decode the Object ID */ ti = proto_tree_add_bytes_format_value(tree, hf_oap_1_objectid, tvb, 0, 0, binding->oid, "%s", dof_oid_create_standard_string(binding->oid_length, binding->oid)); proto_item_set_generated(ti); proto_tree_add_uint_format(options_tree, hf_oap_1_alias_frame, tvb, 0, 0, binding->frame, "This alias is defined in frame %u", binding->frame); } } return offset + alias_length; } static int oap_1_tree_add_interface(proto_tree *tree, tvbuff_t *tvb, int offset) { guint8 registry; guint8 len; registry = tvb_get_guint8(tvb, offset); len = registry & 0x03; if (len == 0) len = 16; else len = 1 << (len - 1); proto_tree_add_item(tree, hf_oap_1_interfaceid, tvb, offset, 1 + len, ENC_NA); return offset + 1 + len; } static int oap_1_tree_add_binding(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int offset) { guint8 len; /* guint8 cl; */ len = tvb_get_guint8(tvb, offset); len = len & 0x03; if (len == 0) len = 16; else len = 1 << (len - 1); proto_tree_add_item(tree, hf_oap_1_interfaceid, tvb, offset, 1 + len, ENC_NA); offset += 1 + len; #if 0 /* this seems to be dead code - check! */ cl = tvb_get_guint8(tvb, offset); if (cl & 0x80) len = tvb_get_guint8(tvb, offset + 2); else len = tvb_get_guint8(tvb, offset + 1); #endif offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, tree, offset, hf_oap_1_objectid, ett_oap_1_objectid, NULL); return offset; } static int oap_1_tree_add_cmdcontrol(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) { proto_item *ti; proto_tree *opinfo_tree; guint8 flags; flags = tvb_get_guint8(tvb, offset); ti = proto_tree_add_bitmask(tree, tvb, offset, hf_oap_1_cmdcontrol, ett_oap_1_cmdcontrol_flags, bitmask_oap_1_cmdcontrol_flags, ENC_NA); opinfo_tree = proto_item_add_subtree(ti, ett_oap_1_cmdcontrol); proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_cache_flag, tvb, offset, 1, ENC_NA); proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_verbosity_flag, tvb, offset, 1, ENC_NA); proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_noexecute_flag, tvb, offset, 1, ENC_NA); proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_ack_flag, tvb, offset, 1, ENC_NA); proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_delay_flag, tvb, offset, 1, ENC_NA); proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_heuristic_flag, tvb, offset, 1, ENC_NA); offset += 1; if (flags & 0x01) { /* Heuristic */ gint heur_len; guint16 heur; proto_item *pi; read_c2(tvb, offset, &heur, &heur_len); pi = proto_tree_add_uint_format(opinfo_tree, hf_oap_1_cmdcontrol_heuristic, tvb, offset, heur_len, heur, "Heuristic Value: %hu", heur); validate_c2(pinfo, pi, heur, heur_len); offset += heur_len; } if (flags & 0x04) { /* Ack List */ guint8 ackcnt; guint8 i; ackcnt = tvb_get_guint8(tvb, offset); proto_tree_add_item(opinfo_tree, hf_oap_1_cmdcontrol_ackcnt, tvb, offset, 1, ENC_NA); offset += 1; for (i = 0; i < ackcnt; i++) { offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, opinfo_tree, offset, hf_oap_1_cmdcontrol_ack, ett_oap_1_cmdcontrol_ack, NULL); } } if (flags & 0x40) { /* Cache Delay */ gint cache_len; guint16 cache; proto_item *pi; read_c2(tvb, offset, &cache, &cache_len); pi = proto_tree_add_uint_format(opinfo_tree, hf_oap_1_cmdcontrol_cache, tvb, offset, cache_len, cache, "Cache Delay: %hu", cache); validate_c2(pinfo, pi, cache, cache_len); offset += cache_len; } return offset; } /** * Define an alias. This routine is called for each Provide operation that includes an alias assignment. * It is also called for retries of Provide operations. * The alias is defined for the duration of the Provide. This means that if the operation is cancelled * then the alias should no longer be valid. * The alias is associated with an oap_session, an dof_node, and the alias itself. Aliases * may be reused as long as the previous use has expired, and so the list is stored in reverse * order. * * NOTE: The alias is passed as a structure pointer, and must be reallocated if it is stored in * the hash. */ static void oap_1_define_alias(dof_api_data *api_data, guint32 alias, oap_1_binding *binding) { /* The definer of an alias is the sender, in the session. */ dof_session_data *session = api_data->session; dof_packet_data *packet = (dof_packet_data *)api_data->packet; guint32 session_id; guint32 sender_id; oap_1_alias_key key; if (!session) return; session_id = session->session_id; sender_id = packet->sender_id; if (!binding) return; key.session = session_id; key.sender = sender_id; key.alias = alias; /* If there isn't an entry for the alias, then we need to create one. * The first entry will be the binding we are defining. */ if (!g_hash_table_lookup(oap_1_alias_to_binding, &key)) { oap_1_alias_key *alias_ptr = wmem_new0(wmem_file_scope(), oap_1_alias_key); memcpy(alias_ptr, &key, sizeof(oap_1_alias_key)); g_hash_table_insert(oap_1_alias_to_binding, alias_ptr, binding); } } /** * Given an oap_alias, resolve it to an oap_1_binding. This assumes that the destination of the * packet is the one that defined the alias. */ static oap_1_binding* oap_1_resolve_alias(oap_1_alias_key *key) { /* The first lookup is inside the session based on defining node. */ return (oap_1_binding *)g_hash_table_lookup(oap_1_alias_to_binding, key); } /* DAP V128 (TEP - TICKET EXCHANGE PROTOCOL V1) */ #define DOF_PROTOCOL_TEP 128 #define DSP_TEP_FAMILY 0x000000 static int proto_tep = -1; static int proto_tep_dsp = -1; static int hf_dsp_option = -1; static int ett_tep_operation = -1; static int hf_tep_operation = -1; static int hf_tep_operation_type = -1; static int hf_tep_opcode = -1; static int hf_tep_k = -1; static int hf_tep_c = -1; static int hf_tep_reject_code = -1; static int hf_tep_reject_data = -1; static const true_false_string tep_optype_vals = { "DPP Response", "DPP Command" }; /* TEP.2.1 */ static int ett_tep_2_1_domain = -1; static int hf_tep_2_1_domain = -1; static int ett_tep_2_1_initiator_block = -1; static int hf_tep_2_1_initiator_block = -1; static int hf_tep_2_1_ticket_confirmation = -1; /* TEP.2.2 */ static int ett_tep_2_2_initiator_ticket = -1; static int hf_tep_2_2_initiator_ticket = -1; static int hf_tep_2_2_ticket_confirmation = -1; static int ett_tep_2_2_responder_initialization = -1; static int hf_tep_2_2_responder_initialization = -1; static int ett_tep_2_2_responder_block = -1; static int hf_tep_2_2_responder_block = -1; static int ett_tep_2_2_authenticator_initialization = -1; static int hf_tep_2_2_authenticator_initialization = -1; /* TEP.2.2.1 */ static int hf_tep_2_2_1_state_identifier = -1; static int ett_tep_2_2_1_initial_state = -1; static int hf_tep_2_2_1_initial_state = -1; static int hf_tep_session_key = -1; static int ett_tep_dsp = -1; static int ett_tep_dsp_options = -1; static int ett_tep = -1; #if 0 /* not used yet */ static const value_string tep_filter_existing[] = { { 1, "Include Existing Matches" }, { 0, "Exclude Existing Matches" }, { 0, NULL } }; #endif #define TEP_OPCODE_RSP (0x80) #define TEP_OPCODE_C (0x20) #define TEP_OPCODE_K (0x10) #define TEP_PDU_REJECT (TEP_OPCODE_RSP|0) #define TEP_PDU_REQUEST (1) #define TEP_PDU_END_SESSION (5) #define TEP_PDU_SESSION_ENDING (6) #define TEP_PDU_REQUEST_KEY (TEP_OPCODE_K|TEP_PDU_REQUEST) #define TEP_PDU_CONFIRM (TEP_OPCODE_C|TEP_PDU_REQUEST) #define TEP_PDU_ACCEPT (TEP_OPCODE_RSP|TEP_PDU_REQUEST) #define TEP_PDU_CONFIRM_ACK (TEP_OPCODE_RSP|TEP_OPCODE_C|TEP_PDU_REQUEST) static const value_string tep_opcode_strings[] = { { TEP_PDU_REJECT, "TEP Reject" }, { TEP_PDU_REQUEST, "TEP Request" }, { TEP_PDU_END_SESSION, "TEP End Session" }, { TEP_PDU_SESSION_ENDING, "TEP Session Ending" }, { TEP_PDU_REQUEST_KEY, "TEP Rekey" }, { TEP_PDU_CONFIRM, "TEP Confirm" }, { TEP_PDU_ACCEPT, "TEP Accept" }, { TEP_PDU_CONFIRM_ACK, "TEP Confirm Ack" }, { 0, NULL } }; #if 0 /* not use yet */ static const value_string tep_error_strings[] = { { 1, "Parse Error" }, { 2, "Access Denied" }, { 3, "Duration Not Supported" }, { 4, "Authentication Failed" }, { 0, NULL } }; #endif /* Initialized to zero. */ typedef struct tep_rekey_data { /* Stored from the K bit of the Request PDU. */ gboolean is_rekey; /* Stored from the key request for non-secure rekeys. Otherwise 0 and NULL. */ guint8 domain_length; guint8 *domain; /* Stored from the identity of the Request PDU. Seasonal. */ guint8 *i_identity; guint8 i_identity_length; /* Stored from the nonce of the Request PDU. Seasonal. */ guint8 *i_nonce; guint8 i_nonce_length; /* Stored from the identity of the Request response PDU. Seasonal. */ guint8 *r_identity; guint8 r_identity_length; /* Stored from the nonce of the Request response PDU. Seasonal. */ guint8 *r_nonce; guint8 r_nonce_length; guint16 security_mode; guint32 security_mode_data_length; guint8 *security_mode_data; /* Security session data for this rekey, if is_rekey is TRUE. */ dof_session_key_exchange_data *key_data; } tep_rekey_data; /* DAP V129 (TRP - TICKET REQUEST PROTOCOL V2) */ #define DOF_PROTOCOL_TRP 129 #define DSP_TRP_FAMILY 0x030000 typedef struct _trp_packet_data { guint8 *domain; guint8 domain_length; guint8 *identity; guint8 identity_length; guint8 *group; guint8 group_length; guint8 *block_I; guint16 block_I_length; guint8 *secret; gboolean kek_known; } trp_packet_data; static int proto_trp = -1; static int proto_trp_dsp = -1; static int hf_trp_dsp_option = -1; static int hf_trp_opcode = -1; static int hf_domain = -1; static int hf_identity_resolution = -1; static int hf_initiator_request = -1; static int hf_responder_request = -1; static int hf_initiator_ticket = -1; static int hf_responder_ticket = -1; static int hf_authentication_block = -1; static int hf_group_identifier = -1; static int hf_node_identifier = -1; static int hf_thb = -1; static int hf_tmin = -1; static int hf_tmax = -1; static int hf_trp_epoch = -1; static int hf_sidg = -1; static int hf_security_scope = -1; static int hf_security_mode = -1; static int hf_ssid = -1; #if 0 /* not used yet */ static int hf_initiator_pg = -1; #endif static int hf_initiator_validation = -1; static int hf_responder_pg = -1; static int hf_responder_validation = -1; static int hf_trp_errorcode = -1; static int hf_trp_duration = -1; #if 0 /* not used yet */ static int hf_trp_rnonce = -1; static int hf_trp_pnonce = -1; static int hf_trp_reqid = -1; static int hf_trp_provid = -1; static int hf_trp_perm_count = -1; static int hf_trp_perm_type = -1; static int hf_trp_perm_rcache = -1; static int hf_trp_perm_rsrp = -1; static int hf_trp_perm_rsrp_a = -1; static int hf_trp_perm_rsrp_u = -1; static int hf_trp_perm_rflags = -1; static int hf_trp_perm_pcache = -1; static int hf_trp_perm_psrp = -1; static int hf_trp_perm_psrp_a = -1; static int hf_trp_perm_psrp_u = -1; static int hf_trp_perm_psrp_b = -1; static int hf_trp_perm_psrp_s = -1; static int hf_trp_perm_pflags = -1; static int hf_trp_confirmation = -1; static int hf_trp_perm_pke = -1; static int hf_trp_perm_pka = -1; #endif static int ett_trp_dsp = -1; static int ett_trp = -1; static int ett_domain = -1; static int ett_identity_resolution = -1; static int ett_initiator_request = -1; static int ett_initiator_ticket = -1; static int ett_responder_request = -1; static int ett_responder_ticket = -1; static int ett_authentication_block = -1; static int ett_group_identifier = -1; static int ett_node_identifier = -1; static int ett_sidg = -1; static int ett_security_scope = -1; static int ett_security_mode = -1; static int ett_initiator_pg = -1; static int ett_initiator_validation = -1; static int ett_responder_pg = -1; static int ett_responder_validation = -1; static int ett_trp_permset = -1; static int ett_srp_flags = -1; static int ett_trp_ticket = -1; static expert_field ei_trp_initiator_id_known = EI_INIT; static expert_field ei_trp_kek_discovered = EI_INIT; #define TRP_RESPONSE (0x80) #define TRP_RSP_REJECT (TRP_RESPONSE|0) #define TRP_CMD_REQUEST_KEK (1) #define TRP_RSP_REQUEST_KEK (TRP_RESPONSE|TRP_CMD_REQUEST_KEK) #define TRP_CMD_REQUEST_RANDOM (2) #define TRP_RSP_REQUEST_RANDOM (TRP_RESPONSE|TRP_CMD_REQUEST_RANDOM) #define TRP_CMD_REQUEST_SESSION (3) #define TRP_RSP_REQUEST_SESSION (TRP_RESPONSE|TRP_CMD_REQUEST_SESSION) #define TRP_CMD_REQUEST_SECURITY_SCOPES (4) #define TRP_RSP_REQUEST_SECURITY_SCOPES (TRP_RESPONSE|TRP_CMD_REQUEST_SECURITY_SCOPES) #define TRP_CMD_RESOLVE_CREDENTIAL (6) #define TRP_RSP_RESOLVE_CREDENTIAL (TRP_RESPONSE|TRP_CMD_RESOLVE_CREDENTIAL) #define TRP_CMD_REQUEST_LOCAL_DOMAIN (7) #define TRP_RSP_REQUEST_LOCAL_DOMAIN (TRP_RESPONSE|TRP_CMD_REQUEST_LOCAL_DOMAIN) #define TRP_CMD_REQUEST_REMOTE_DOMAIN (8) #define TRP_RSP_REQUEST_REMOTE_DOMAIN (TRP_RESPONSE|TRP_CMD_REQUEST_REMOTE_DOMAIN) #define TRP_RSP_REQUEST_DISCOVERED_REMOTE_DOMAIN (TRP_RESPONSE|0x0A) #define TRP_CMD_VALIDATE_CREDENTIAL (9) #define TRP_RSP_VALIDATE_CREDENTIAL (TRP_RESPONSE|TRP_CMD_VALIDATE_CREDENTIAL) static const value_string trp_opcode_strings[] = { { TRP_RSP_REJECT, "Reject" }, { TRP_CMD_REQUEST_KEK, "TRP Request KEK" }, { TRP_RSP_REQUEST_KEK, "TRP Request KEK Response" }, { TRP_CMD_REQUEST_RANDOM, "TRP Request Random" }, { TRP_RSP_REQUEST_RANDOM, "TRP Request Random Response" }, { TRP_CMD_REQUEST_SESSION, "TRP Request Session" }, { TRP_RSP_REQUEST_SESSION, "TRP Request Session Response" }, { TRP_CMD_REQUEST_SECURITY_SCOPES, "TRP Request Security Scopes" }, { TRP_RSP_REQUEST_SECURITY_SCOPES, "TRP Request Security Scopes Response" }, { TRP_CMD_RESOLVE_CREDENTIAL, "TRP Resolve Credential" }, { TRP_RSP_RESOLVE_CREDENTIAL, "TRP Resolve Credential Response" }, { TRP_CMD_REQUEST_LOCAL_DOMAIN, "TRP Request Local Domain" }, { TRP_RSP_REQUEST_LOCAL_DOMAIN, "TRP Request Local Domain Response" }, { TRP_CMD_REQUEST_REMOTE_DOMAIN, "TRP Request Remote Domain" }, { TRP_RSP_REQUEST_REMOTE_DOMAIN, "TRP Request Remote Domain Response" }, { TRP_RSP_REQUEST_DISCOVERED_REMOTE_DOMAIN, "TRP Request Discovered Remote Domain Response" }, { TRP_CMD_VALIDATE_CREDENTIAL, "TRP Validate Credential" }, { TRP_RSP_VALIDATE_CREDENTIAL, "TRP Validate Credential Response" }, { 0, NULL } }; static const value_string trp_error_strings[] = { { 1, "Parse Error" }, { 2, "Access Denied" }, { 3, "Unknown Initiator" }, { 4, "Unknown Responder" }, { 5, "Unknown Domain" }, { 6, "High Load" }, { 7, "Bad Mode" }, { 8, "Incompatible Security Identifiers" }, { 127, "Internal Error" }, { 0, NULL } }; /* DAP V130 (SGMP - SECURE GROUP MANAGEMENT PROTOCOL V1) */ #define DOF_PROTOCOL_SGMP 130 typedef struct _sgmp_packet_data { guint8 domain_length; guint8 *domain; guint8 group_length; guint8 *group; guint16 epoch; guint8 *kek; guint I_length; guint8 *I; guint A_length; guint8 *A; dof_session_data *request_session; } sgmp_packet_data; static int proto_sgmp = -1; static int hf_opcode = -1; static int hf_sgmp_domain = -1; static int hf_sgmp_epoch = -1; static int hf_initiator_block = -1; static int hf_sgmp_security_scope = -1; static int hf_initial_state = -1; static int hf_latest_version = -1; static int hf_desire = -1; static int hf_ticket = -1; static int hf_sgmp_tmin = -1; static int hf_tie_breaker = -1; static int hf_delay = -1; static int hf_key = -1; static int ett_sgmp = -1; static int ett_sgmp_domain = -1; static int ett_initiator_block = -1; static int ett_sgmp_security_scope = -1; static int ett_initial_state = -1; static int ett_ticket = -1; #define SGMP_RESPONSE (0x80) #define SGMP_CMD_HEARTBEAT (0) #define SGMP_RSP_HEARTBEAT (SGMP_CMD_HEARTBEAT|SGMP_RESPONSE) #define SGMP_CMD_EPOCH_CHANGED (1) #define SGMP_RSP_EPOCH_CHANGED (SGMP_CMD_EPOCH_CHANGED|SGMP_RESPONSE) #define SGMP_CMD_REKEY (2) #define SGMP_RSP_REKEY (SGMP_CMD_REKEY|SGMP_RESPONSE) #define SGMP_CMD_REQUEST_GROUP (3) #define SGMP_RSP_REQUEST_GROUP (SGMP_CMD_REQUEST_GROUP|SGMP_RESPONSE) #define SGMP_CMD_REKEY_EPOCH (5) #define SGMP_RSP_REKEY_EPOCH (SGMP_CMD_REKEY_EPOCH|SGMP_RESPONSE) #define SGMP_CMD_REKEY_MERGE (7) #define SGMP_RSP_REKEY_MERGE (SGMP_CMD_REKEY_MERGE|SGMP_RESPONSE) static const value_string sgmp_opcode_strings[] = { { SGMP_CMD_HEARTBEAT, "SGMP Heartbeat" }, { SGMP_RSP_HEARTBEAT, "SGMP Heartbeat Response (Illegal)" }, { SGMP_CMD_EPOCH_CHANGED, "SGMP Epoch Changed" }, { SGMP_RSP_EPOCH_CHANGED, "SGMP Epoch Changed Response (Illegal)" }, { SGMP_CMD_REKEY, "SGMP Rekey" }, { SGMP_RSP_REKEY, "SGMP Rekey Response (Illegal)" }, { SGMP_CMD_REQUEST_GROUP, "SGMP Request Group" }, { SGMP_RSP_REQUEST_GROUP, "SGMP Request Group Response" }, { SGMP_CMD_REKEY_EPOCH, "SGMP Rekey Epoch" }, { SGMP_RSP_REKEY_EPOCH, "SGMP Rekey Epoch Response (Illegal)" }, { SGMP_CMD_REKEY_MERGE, "SGMP Rekey Merge" }, { SGMP_RSP_REKEY_MERGE, "SGMP Rekey Merge Response (Illegal)" }, { 0, NULL } }; #if 0 /* TODO not used yet */ static bool sgmp_validate_session_key(sgmp_packet_data *cmd_data, guint8 *confirmation, guint8 *kek, guint8 *key) { gcry_mac_hd_t hmac; gcry_error_t result; result = gcry_mac_open(&hmac, GCRY_MAC_HMAC_SHA256, 0, NULL); if (result != 0) return FALSE; gcry_mac_setkey(hmac, kek, 32); gcry_mac_write(hmac, cmd_data->I, cmd_data->I_length); gcry_mac_write(hmac, cmd_data->A, cmd_data->A_length); gcry_mac_write(hmac, key, 32); result = gcry_mac_verify(hmac, confirmation, sizeof(confirmation)); return result == 0; } #endif /* DOF SECURITY PROTOCOL */ #define DOF_SECURITY_PROTOCOL "DOF Security Protocol" static dissector_table_t dof_sec_dissectors; #define AS_ASSIGNED_SSID 0x40000000 /* DOFSEC Vxxxx (CCM - COUNTER WITH CBC-MAC PROTOCOL V1) */ #define DOF_PROTOCOL_CCM 24577 #define DSP_CCM_FAMILY 0x020000 static int proto_ccm_app = -1; static int proto_ccm = -1; static int proto_ccm_dsp = -1; static int hf_ccm_dsp_option = -1; static int hf_ccm_dsp_strength_count = -1; static int hf_ccm_dsp_strength = -1; static int hf_ccm_dsp_e_flag = -1; static int hf_ccm_dsp_m_flag = -1; static int hf_ccm_dsp_tmax = -1; static int hf_ccm_dsp_tmin = -1; static const value_string ccm_strengths[] = { { 1, "256-bit" }, { 2, "192-bit" }, { 3, "128-bit" }, { 0, NULL } }; static int hf_ccm_opcode = -1; static int hf_epp_v1_ccm_flags = -1; static int hf_epp_v1_ccm_flags_manager = -1; static int hf_epp_v1_ccm_flags_period = -1; static int hf_epp_v1_ccm_flags_target = -1; static int hf_epp_v1_ccm_flags_next_nid = -1; static int hf_epp_v1_ccm_flags_packet = -1; static int hf_epp_v1_ccm_tnid = -1; static int hf_epp_v1_ccm_nnid = -1; static int hf_epp_v1_ccm_nid = -1; static int hf_epp_v1_ccm_slot = -1; static int hf_epp_v1_ccm_pn = -1; static int ett_header = -1; static int ett_epp_v1_ccm_flags = -1; static int ett_ccm_dsp_option = -1; static int ett_ccm_dsp = -1; static int ett_ccm = -1; static expert_field ei_decode_failure = EI_INIT; typedef struct _ccm_session_data { guint protocol_id; gcry_cipher_hd_t cipher_data; GHashTable *cipher_data_table; /* Starts at 1, incrementing for each new key. */ guint32 period; /* Mapping from wire period to absolute periods. */ guint8 periods[8]; guint8 cipher; gboolean encrypted; guint8 mac_len; guint32 client_datagram_number; guint32 server_datagram_number; } ccm_session_data; typedef struct _ccm_packet_data { guint32 nid; guint32 dn; guint32 period; } ccm_packet_data; #define CCM_PDU_PROBE (0) static const value_string ccm_opcode_strings[] = { { CCM_PDU_PROBE, "Probe" }, { 0, NULL } }; /* DOF OBJECT IDENTIFIER (OID) */ #define DOF_OBJECT_IDENTIFIER "DOF Object Identifier" static dissector_handle_t dof_oid_handle; static int oid_proto = -1; static int hf_oid_class = -1; static int hf_oid_header = -1; static int hf_oid_attribute = -1; static int hf_oid_length = -1; static int hf_oid_data = -1; static int hf_oid_all_attribute_data = -1; static int hf_oid_attribute_header = -1; static int hf_oid_attribute_attribute = -1; static int hf_oid_attribute_id = -1; static int hf_oid_attribute_length = -1; static int hf_oid_attribute_data = -1; static int hf_oid_attribute_oid = -1; static int ett_oid = -1; static int ett_oid_header = -1; static int ett_oid_attribute = -1; static int ett_oid_attribute_header = -1; static int ett_oid_attribute_oid = -1; /** * EXPERT INFOS * Expert infos are related to either a PDU type or a specification, and so * they are listed separately. */ #if 0 static expert_field ei_undecoded = EI_INIT; #endif static expert_field ei_malformed = EI_INIT; static expert_field ei_implicit_no_op = EI_INIT; static expert_field ei_c2_c3_c4_format = EI_INIT; static expert_field ei_type_4_header_zero = EI_INIT; static expert_field ei_dof_10_flags_zero = EI_INIT; #if 0 static expert_field ei_dof_13_length_specified = EI_INIT; #endif static expert_field ei_dpp2_dof_10_flags_zero = EI_INIT; static expert_field ei_dpp_default_flags = EI_INIT; static expert_field ei_dpp_explicit_sender_sid_included = EI_INIT; static expert_field ei_dpp_explicit_receiver_sid_included = EI_INIT; static expert_field ei_dpp_no_security_context = EI_INIT; static expert_field ei_dof_6_timeout = EI_INIT; static expert_field ei_security_3_1_invalid_stage = EI_INIT; static expert_field ei_security_4_invalid_bit = EI_INIT; static expert_field ei_security_13_out_of_range = EI_INIT; /** * SOURCE IDENTIFIER (SID) SUPPORT * Source identifiers are used as part of operation tracking in the * DOF Protocol Stack. They are version independent, and associated with * a node in the DOF mesh network. Each session is associated with a SID. * * DPP Manages the SID information, since it is DPP that learns about SIDs. * SIDs are complicated because the can be 'unknown' for periods, and then * learned later. The requirement here is that all SIDs that can be known * are known by the second pass of the dissector (pinfo->visited != 0). * * There are two hash tables to map to an actual SID. The first goes * from sender information to SID ID. During the first pass multiple SID ID * may actually refer to the same SID, and so the system must be able to "patch" * these values as actual SIDs are learned. The second hash table goes from SID ID * to actual SID. This lookup is only known after a real SID has been learned. * * The hash tables are used in order to look up full SID information when only * partial information is known, and must support looking up in both directions * based on what is known from a particular PDU. */ static GHashTable *node_key_to_sid_id = NULL; static GHashTable *sid_buffer_to_sid_id = NULL; static GHashTable *sid_id_to_sid_buffer = NULL; typedef struct _node_key_to_sid_id_key { gint transport_id; gint transport_node_id; gint dof_id; gint dof_node_id; gint dof_session_id; } node_key_to_sid_id_key; static guint sender_key_hash_fn(gconstpointer key) { const node_key_to_sid_id_key *sid_key_ptr = (const node_key_to_sid_id_key *)key; guint result = 0; result += g_int_hash(&(sid_key_ptr->transport_id)); result += g_int_hash(&(sid_key_ptr->transport_node_id)); result += g_int_hash(&(sid_key_ptr->dof_id)); result += g_int_hash(&(sid_key_ptr->dof_node_id)); result += g_int_hash(&(sid_key_ptr->dof_session_id)); return result; } static guint sid_buffer_hash_fn(gconstpointer key) { /* The sid buffer is a length byte followed by data. */ guint hash = 5381; const guint8 *str = (const guint8 *)key; guint16 i; for (i = 0; i <= str[0]; i++) hash = ((hash << 5) + hash) + str[i]; /* hash * 33 + c */ return hash; } static gboolean sender_key_equal_fn(gconstpointer key1, gconstpointer key2) { const node_key_to_sid_id_key *sid_key_ptr1 = (const node_key_to_sid_id_key *)key1; const node_key_to_sid_id_key *sid_key_ptr2 = (const node_key_to_sid_id_key *)key2; if (sid_key_ptr1->transport_id != sid_key_ptr2->transport_id) return FALSE; if (sid_key_ptr1->transport_node_id != sid_key_ptr2->transport_node_id) return FALSE; if (sid_key_ptr1->dof_id != sid_key_ptr2->dof_id) return FALSE; if (sid_key_ptr1->dof_node_id != sid_key_ptr2->dof_node_id) return FALSE; if (sid_key_ptr1->dof_session_id != sid_key_ptr2->dof_session_id) return FALSE; return TRUE; } static gboolean sid_buffer_equal_fn(gconstpointer key1, gconstpointer key2) { const guint8 *sb1 = (const guint8 *)key1; const guint8 *sb2 = (const guint8 *)key2; if (sb1[0] != sb2[0]) return FALSE; return memcmp(sb1 + 1, sb2 + 1, sb1[0]) == 0; } static guint dpp_next_sid_id = 1; /** * This routine is called for each reset (file load, capture) and is responsible * for allocating the SID support hash tables. Previous information is freed * if needed. */ static void dpp_reset_sid_support(void) { dpp_next_sid_id = 1; if (node_key_to_sid_id != NULL) { g_hash_table_destroy(node_key_to_sid_id); node_key_to_sid_id = NULL; } if (sid_buffer_to_sid_id != NULL) { g_hash_table_destroy(sid_buffer_to_sid_id); sid_buffer_to_sid_id = NULL; } if (sid_id_to_sid_buffer != NULL) { g_hash_table_destroy(sid_id_to_sid_buffer); sid_id_to_sid_buffer = NULL; } /* The value is not allocated, so does not need to be freed. */ node_key_to_sid_id = g_hash_table_new_full(sender_key_hash_fn, sender_key_equal_fn, g_free, NULL); sid_buffer_to_sid_id = g_hash_table_new_full(sid_buffer_hash_fn, sid_buffer_equal_fn, g_free, NULL); sid_id_to_sid_buffer = g_hash_table_new_full(g_direct_hash, g_direct_equal, NULL, NULL); } /** * OPERATION IDENTIFIER SUPPORT * Operation identifiers are an extension of a SID, and represent each separate * operation in the DOF. They are identified by a SID and an operation count. * Like SIDs, they are indepenent of version (at least in meaning, the formatting * may change). * * The hash is used to look up common operation information each time an operation * is seen in any packet. */ static GHashTable *dpp_opid_to_packet_data = NULL; static guint dpp_opid_hash_fn(gconstpointer opid) { const dof_2009_1_pdu_20_opid *ptr = (const dof_2009_1_pdu_20_opid *)opid; return g_int_hash(&ptr->op_sid_id) + g_int_hash(&ptr->op_cnt); } static gboolean dpp_opid_equal_fn(gconstpointer opid1, gconstpointer opid2) { const dof_2009_1_pdu_20_opid *ptr1 = (const dof_2009_1_pdu_20_opid *)opid1; const dof_2009_1_pdu_20_opid *ptr2 = (const dof_2009_1_pdu_20_opid *)opid2; if (ptr1->op_cnt != ptr2->op_cnt) return FALSE; if (ptr1->op_sid_id != ptr2->op_sid_id) return FALSE; return TRUE; } static void dpp_reset_opid_support(void) { if (dpp_opid_to_packet_data != NULL) { /* Clear it out. Note that this calls the destroy functions for each element. */ g_hash_table_destroy(dpp_opid_to_packet_data); dpp_opid_to_packet_data = NULL; } dpp_opid_to_packet_data = g_hash_table_new_full(dpp_opid_hash_fn, dpp_opid_equal_fn, NULL, NULL); } /** * NON-SECURE SESSION LOOKUP SUPPORT */ static GHashTable *dof_ns_session_lookup = NULL; /** * NON-SECURE DPS SESSION * This is defined by the transport session and the DNP port information. */ typedef struct _dof_ns_session_key { guint transport_session_id; guint client; guint server; gboolean is_secure; } dof_ns_session_key; static dof_session_data* dof_ns_session_retrieve(guint transport_session_id, guint client, guint server) { dof_ns_session_key lookup_key; dof_session_data *value; /* Build a (non-allocated) key to do the lookup. */ lookup_key.transport_session_id = transport_session_id; lookup_key.client = client; lookup_key.server = server; value = (dof_session_data *)g_hash_table_lookup(dof_ns_session_lookup, &lookup_key); if (value) { /* We found a match. */ return value; } return NULL; } static void dof_ns_session_define(guint transport_session_id, guint client, guint server, dof_session_data *session_data) { dof_ns_session_key *key; /* No match, need to add a key. */ key = g_new0(dof_ns_session_key, 1); key->transport_session_id = transport_session_id; key->client = client; key->server = server; /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */ g_hash_table_insert(dof_ns_session_lookup, key, session_data); } /* COMMON PDU DISSECTORS */ /* Security.1 */ static int hf_security_1_permission_type = -1; static int hf_security_1_length = -1; static int hf_security_1_data = -1; static const value_string dof_2008_16_permission_type[] = { { 1, "Binding" }, { 3, "IAM" }, { 5, "ACTAS" }, { 128, "Requestor" }, { 130, "Provider" }, { 131, "Define" }, { 133, "Tunnel Domain" }, { 0, NULL } }; /* Security.2 */ static int hf_security_2_count = -1; static int ett_security_2_permission = -1; static int hf_security_2_permission = -1; /* Security.3.1 */ static int hf_security_3_1_credential_type = -1; static int hf_security_3_1_stage = -1; static int ett_security_3_1_security_node_identifier = -1; static int hf_security_3_1_security_node_identifier = -1; /* Security.3.2 */ static int hf_security_3_2_credential_type = -1; static int hf_security_3_2_stage = -1; static int hf_security_3_2_length = -1; static int hf_security_3_2_public_data = -1; /* Security.4 */ static int hf_security_4_l = -1; static int hf_security_4_f = -1; static int hf_security_4_ln = -1; static int ett_security_4_identity = -1; static int hf_security_4_identity = -1; static int hf_security_4_nonce = -1; static int ett_security_4_permission_set = -1; static int hf_security_4_permission_set = -1; /* Security.5 */ static int hf_security_5_mac = -1; static int hf_security_5_key = -1; /* Security.6.1 */ static int hf_security_6_1_desired_duration = -1; static int ett_security_6_1_desired_security_mode = -1; static int hf_security_6_1_desired_security_mode = -1; static int ett_security_6_1_initiator_request = -1; static int hf_security_6_1_initiator_request = -1; /* Security.6.2 */ static int ett_security_6_2_responder_request = -1; static int hf_security_6_2_responder_request = -1; /* Security.6.3 */ static int hf_security_6_3_granted_duration = -1; static int ett_security_6_3_session_security_scope = -1; static int hf_security_6_3_session_security_scope = -1; static int ett_security_6_3_initiator_validation = -1; static int hf_security_6_3_initiator_validation = -1; static int ett_security_6_3_responder_validation = -1; static int hf_security_6_3_responder_validation = -1; /* Security.9 */ static int hf_security_9_length = -1; static int hf_security_9_initial_state = -1; /* Security.10 */ static int hf_security_10_count = -1; static int hf_security_10_permission_group_identifier = -1; /* Security.11 */ static int hf_security_11_count = -1; static int ett_security_11_permission_security_scope = -1; static int hf_security_11_permission_security_scope = -1; /* Security.12 */ static int hf_security_12_m = -1; static const value_string dof_2008_16_security_12_m[] = { { 0, "Reference" }, { 1, "Relative" }, { 2, "Absolute" }, { 3, "Continued" }, { 0, NULL } }; static int hf_security_12_count = -1; static int hf_security_12_permission_group_identifier = -1; static bool dof_sessions_destroy_cb(wmem_allocator_t *allocator _U_, wmem_cb_event_t event _U_, void *user_data) { ccm_session_data *ccm_data = (ccm_session_data*) user_data; gcry_cipher_close(ccm_data->cipher_data); if (ccm_data->cipher_data_table) { g_hash_table_destroy(ccm_data->cipher_data_table); } /* unregister this callback */ return FALSE; } static void dof_cipher_data_destroy (gpointer data) { gcry_cipher_hd_t cipher_data = (gcry_cipher_hd_t) data; gcry_cipher_close(cipher_data); } static int dissect_2008_1_dsp_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_item *parent = proto_tree_get_parent(tree); guint8 attribute_code = tvb_get_guint8(tvb, 0); guint16 attribute_data = tvb_get_ntohs(tvb, 1); guint8 option_length = tvb_get_guint8(tvb, 3); /* Add the generic representation of the fields. */ proto_tree_add_item(tree, hf_2008_1_dsp_attribute_code, tvb, 0, 1, ENC_NA); proto_tree_add_item(tree, hf_2008_1_dsp_attribute_data, tvb, 1, 2, ENC_BIG_ENDIAN); proto_tree_add_item(tree, hf_2008_1_dsp_value_length, tvb, 3, 1, ENC_NA); /* Append description to the parent. */ proto_item_append_text(parent, " (Code=%s/Data=0x%04x)", val_to_str(attribute_code, strings_2008_1_dsp_attribute_codes, "%u"), attribute_data); if (option_length) { proto_tree_add_item(tree, hf_2008_1_dsp_value_data, tvb, 4, option_length, ENC_NA); /* call the next dissector */ tvb_set_reported_length(tvb, option_length + 4); dissector_try_uint(dsp_option_dissectors, (attribute_code << 16) | attribute_data, tvb, pinfo, tree); } return option_length + 4; } /** * Security.1: Permission. This is the base type for * permissions, and supports extension. */ static int dissect_2008_16_security_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { gint offset = 0; gboolean has_length; guint16 length; /* Permission Type */ { gint start = offset; guint16 value; gint val_len; proto_item *pi; offset = read_c2(tvb, offset, &value, &val_len); has_length = (gboolean)(value % 2); pi = proto_tree_add_uint(tree, hf_security_1_permission_type, tvb, start, offset - start, value); validate_c2(pinfo, pi, value, val_len); } if (!has_length) return offset; /* Length */ { gint start = offset; guint16 value; gint value_len; proto_item *pi; offset = read_c2(tvb, offset, &value, &value_len); length = value; pi = proto_tree_add_uint(tree, hf_security_1_length, tvb, start, offset - start, value); validate_c2(pinfo, pi, value, value_len); } /* Data */ proto_tree_add_item(tree, hf_security_1_data, tvb, offset, length, ENC_NA); offset += length; return offset; } /** * Security.2: Permission Request. */ static int dissect_2008_16_security_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { gint offset = 0; guint16 count; /* Count */ { gint start = offset; guint16 value; gint length; proto_item *pi; offset = read_c2(tvb, offset, &value, &length); count = value; pi = proto_tree_add_uint(tree, hf_security_2_count, tvb, start, offset - start, value); validate_c2(pinfo, pi, value, length); } while (count--) { proto_item *ti = proto_tree_add_item(tree, hf_security_2_permission, tvb, offset, -1, ENC_NA); proto_tree *subtree = proto_item_add_subtree(ti, ett_security_2_permission); tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset); gint len = dissect_2008_16_security_1(next_tvb, pinfo, subtree, NULL); proto_item_set_len(ti, len); offset += len; } return offset; } /** * Security.3.1: Base Credential Format. * Returns: dof_2008_16_security_3_1 */ static int dissect_2008_16_security_3_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { gint offset = 0; guint8 stage; proto_item *ti; dof_2008_16_security_3_1 *return_data = (dof_2008_16_security_3_1 *)data; /* Credential Type */ { gint start = offset; guint16 value; gint length; proto_item *pi; offset = read_c2(tvb, offset, &value, &length); pi = proto_tree_add_uint(tree, hf_security_3_1_credential_type, tvb, start, offset - start, value); validate_c2(pinfo, pi, value, length); } /* Stage */ stage = tvb_get_guint8(tvb, offset); ti = proto_tree_add_item(tree, hf_security_3_1_stage, tvb, offset, 1, ENC_NA); offset += 1; if (stage != 0) expert_add_info(pinfo, ti, &ei_security_3_1_invalid_stage); /* Security Node Identifier */ { int block_length; tvbuff_t *start = tvb_new_subset_remaining(tvb, offset); proto_tree *subtree; ti = proto_tree_add_item(tree, hf_security_3_1_security_node_identifier, tvb, offset, 0, ENC_NA); subtree = proto_item_add_subtree(ti, ett_security_3_1_security_node_identifier); block_length = dissect_2008_16_security_8(start, pinfo, subtree, NULL); proto_item_set_len(ti, block_length); offset += block_length; tvb_set_reported_length(start, block_length); if (return_data) return_data->identity = start; } return offset; } /** * Security.3.2: Identity Resolution. */ int dissect_2008_16_security_3_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { gint offset = 0; guint16 length; /* Credential Type */ { gint start = offset; guint16 value; gint val_len; proto_item *pi; offset = read_c2(tvb, offset, &value, &val_len); pi = proto_tree_add_uint(tree, hf_security_3_2_credential_type, tvb, start, offset - start, value); validate_c2(pinfo, pi, value, val_len); } /* Stage */ proto_tree_add_item(tree, hf_security_3_2_stage, tvb, offset, 1, ENC_NA); offset += 1; /* Length */ { gint start = offset; guint16 value; gint value_len; proto_item *pi; offset = read_c2(tvb, offset, &value, &value_len); length = value; pi = proto_tree_add_uint(tree, hf_security_3_2_length, tvb, start, offset - start, value); validate_c2(pinfo, pi, value, value_len); } /* Public Data */ proto_tree_add_item(tree, hf_security_3_2_public_data, tvb, offset, length, ENC_NA); offset += length; return offset; } /** * Security.4: Key Request. Returns: dof_2008_16_security_4 */ static int dissect_2008_16_security_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { gint offset = 0; guint8 flag; dof_2008_16_security_4 *return_data = (dof_2008_16_security_4 *)data; flag = tvb_get_guint8(tvb, offset); if (flag & 0x30) expert_add_info(pinfo, tree, &ei_security_4_invalid_bit); proto_tree_add_item(tree, hf_security_4_l, tvb, offset, 1, ENC_NA); proto_tree_add_item(tree, hf_security_4_f, tvb, offset, 1, ENC_NA); proto_tree_add_item(tree, hf_security_4_ln, tvb, offset, 1, ENC_NA); offset += 1; { int block_length; tvbuff_t *start = tvb_new_subset_remaining(tvb, offset); proto_item *ti; proto_tree *subtree; dof_2008_16_security_3_1 return_3_1; ti = proto_tree_add_item(tree, hf_security_4_identity, tvb, offset, 0, ENC_NA); subtree = proto_item_add_subtree(ti, ett_security_4_identity); block_length = dissect_2008_16_security_3_1(start, pinfo, subtree, &return_3_1); proto_item_set_len(ti, block_length); offset += block_length; if (return_data) { return_data->identity = return_3_1.identity; } } { tvbuff_t *start = tvb_new_subset_length(tvb, offset, (flag & 0x0F) + 1); if (return_data) return_data->nonce = start; proto_tree_add_item(tree, hf_security_4_nonce, start, 0, (flag & 0x0F) + 1, ENC_NA); offset += (flag & 0x0F) + 1; } { int block_length; tvbuff_t *start = tvb_new_subset_remaining(tvb, offset); proto_item *ti; proto_tree *subtree; ti = proto_tree_add_item(tree, hf_security_4_permission_set, tvb, offset, 0, ENC_NA); subtree = proto_item_add_subtree(ti, ett_security_4_permission_set); block_length = dissect_2008_16_security_2(start, pinfo, subtree, NULL); proto_item_set_len(ti, block_length); offset += block_length; } return offset; } /** * Security.5: Key Grant. */ static int dissect_2008_16_security_5(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_) { gint offset = 0; proto_tree_add_item(tree, hf_security_5_mac, tvb, offset, 32, ENC_NA); offset += 32; proto_tree_add_item(tree, hf_security_5_key, tvb, offset, 32, ENC_NA); offset += 32; return offset; } /** * Security.6.1: Session Initator Block. * Returns dof_2008_16_security_6_1 */ static int dissect_2008_16_security_6_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { gint offset = 0; /* Allocate the return structure. */ dof_2008_16_security_6_1 *return_data = (dof_2008_16_security_6_1 *)data; /* Desired Duration */ proto_tree_add_item(tree, hf_security_6_1_desired_duration, tvb, offset, 1, ENC_NA); offset += 1; /* Desired Security Mode */ { int block_length; tvbuff_t *start = tvb_new_subset_remaining(tvb, offset); proto_item *ti; proto_tree *subtree; ti = proto_tree_add_item(tree, hf_security_6_1_desired_security_mode, tvb, offset, 0, ENC_NA); subtree = proto_item_add_subtree(ti, ett_security_6_1_desired_security_mode); block_length = dissect_2008_16_security_13(start, pinfo, subtree, NULL); offset += block_length; tvb_set_reported_length(start, block_length); proto_item_set_len(ti, block_length); if (return_data) { return_data->security_mode = tvb_get_ntohs(start, 1); return_data->security_mode_data_length = block_length - 4; return_data->security_mode_data = (guint8 *)tvb_memdup(wmem_file_scope(), start, 4, block_length - 4); } } /* Initiator Request */ { int block_length; dof_2008_16_security_4 output; tvbuff_t *start = tvb_new_subset_remaining(tvb, offset); proto_item *ti; proto_tree *subtree; ti = proto_tree_add_item(tree, hf_security_6_1_initiator_request, tvb, offset, 0, ENC_NA); subtree = proto_item_add_subtree(ti, ett_security_6_1_initiator_request); block_length = dissect_2008_16_security_4(start, pinfo, subtree, &output); proto_item_set_len(ti, block_length); offset += block_length; if (return_data) { return_data->i_identity = output.identity; return_data->i_nonce = output.nonce; } } return offset; } /** * Security.6.2: Session Responder Block. * Returns dof_2008_16_security_6_2 */ static int dissect_2008_16_security_6_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { gint offset = 0; dof_2008_16_security_6_2 *return_data = (dof_2008_16_security_6_2 *)data; /* Responder Request */ { int block_length; dof_2008_16_security_4 output; tvbuff_t *start = tvb_new_subset_remaining(tvb, offset); proto_item *ti; proto_tree *subtree; ti = proto_tree_add_item(tree, hf_security_6_2_responder_request, tvb, offset, 0, ENC_NA); subtree = proto_item_add_subtree(ti, ett_security_6_2_responder_request); block_length = dissect_2008_16_security_4(start, pinfo, subtree, &output); proto_item_set_len(ti, block_length); offset += block_length; if (return_data) { return_data->r_identity = output.identity; return_data->r_nonce = output.nonce; } } return offset; } /** * Security.6.3: Authentication Response Block. */ static int dissect_2008_16_security_6_3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { gint offset = 0; /* Granted Duration */ proto_tree_add_item(tree, hf_security_6_3_granted_duration, tvb, offset, 1, ENC_NA); offset += 1; /* Session Security Scope */ { int block_length; tvbuff_t *start = tvb_new_subset_remaining(tvb, offset); proto_item *ti; proto_tree *subtree; ti = proto_tree_add_item(tree, hf_security_6_3_session_security_scope, tvb, offset, 0, ENC_NA); subtree = proto_item_add_subtree(ti, ett_security_6_3_session_security_scope); block_length = dissect_2008_16_security_10(start, pinfo, subtree, NULL); proto_item_set_len(ti, block_length); offset += block_length; } /* Initiator Validation */ { int block_length; tvbuff_t *start = tvb_new_subset_remaining(tvb, offset); proto_item *ti; proto_tree *subtree; ti = proto_tree_add_item(tree, hf_security_6_3_initiator_validation, tvb, offset, 0, ENC_NA); subtree = proto_item_add_subtree(ti, ett_security_6_3_initiator_validation); block_length = dissect_2008_16_security_11(start, pinfo, subtree, NULL); proto_item_set_len(ti, block_length); offset += block_length; } /* Responder Validation */ { int block_length; tvbuff_t *start = tvb_new_subset_remaining(tvb, offset); proto_item *ti; proto_tree *subtree; ti = proto_tree_add_item(tree, hf_security_6_3_responder_validation, tvb, offset, 0, ENC_NA); subtree = proto_item_add_subtree(ti, ett_security_6_3_responder_validation); block_length = dissect_2008_16_security_11(start, pinfo, subtree, NULL); proto_item_set_len(ti, block_length); offset += block_length; } return offset; } /** * Security.7: Security Domain. */ static int dissect_2008_16_security_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { /* Parse the base type. */ gint block_length; block_length = dissect_2009_11_type_4(tvb, pinfo, tree, NULL); return block_length; } /** * Security.8: Security Node Identifier. */ static int dissect_2008_16_security_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { /* Parse the base type. */ gint block_length; block_length = dissect_2009_11_type_4(tvb, pinfo, tree, NULL); return block_length; } /** * Security.9: Security Mode of Operation Initialization. * If the packet info has knowledge of the active security mode * of operation then this datagram can be further decoded. */ static int dissect_2008_16_security_9(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { gint offset = 0; guint16 length; /* Length */ { gint start = offset; guint16 value; gint value_len; proto_item *pi; offset = read_c2(tvb, offset, &value, &value_len); length = value; pi = proto_tree_add_uint(tree, hf_security_9_length, tvb, start, offset - start, value); validate_c2(pinfo, pi, value, value_len); } if (length > 0) { proto_tree_add_item(tree, hf_security_9_initial_state, tvb, offset, length, ENC_NA); offset += length; } return offset; } /** * Security.10: Security Scope. */ static int dissect_2008_16_security_10(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { gint offset = 0; guint16 count; /* Count */ { gint start = offset; guint16 value; gint length; proto_item *pi; offset = read_c2(tvb, offset, &value, &length); count = value; pi = proto_tree_add_uint(tree, hf_security_10_count, tvb, start, offset - start, value); validate_c2(pinfo, pi, value, length); } while (count--) { const char *def = ""; gint start = offset; guint32 value; gint length; proto_item *pi; offset = read_c4(tvb, offset, &value, &length); switch (value) { case 0x3FFFFFFF: def = " (all scopes)"; break; case 0x3FFFFFFE: def = " (doesn't mask)"; break; case 0x3FFFFFFD: def = " (session scope)"; break; } pi = proto_tree_add_uint_format_value(tree, hf_security_10_permission_group_identifier, tvb, start, offset - start, value, "%u%s", value, def); validate_c4(pinfo, pi, value, length); } return offset; } /** * Security.11: Permission Validation. */ static int dissect_2008_16_security_11(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { gint offset = 0; guint16 count; /* Count */ { gint start = offset; guint16 value; gint length; proto_item *pi; offset = read_c2(tvb, offset, &value, &length); count = value; pi = proto_tree_add_uint(tree, hf_security_11_count, tvb, start, offset - start, value); validate_c2(pinfo, pi, value, length); } while (count--) { proto_item *ti = proto_tree_add_item(tree, hf_security_11_permission_security_scope, tvb, offset, -1, ENC_NA); proto_tree *subtree = proto_item_add_subtree(ti, ett_security_11_permission_security_scope); tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset); gint len; len = dissect_2008_16_security_12(next_tvb, pinfo, subtree, NULL); proto_item_set_len(ti, len); offset += len; } return offset; } /** * Security.12: Permission Security Scope. */ static int dissect_2008_16_security_12(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { gint offset = 0; guint8 m = tvb_get_guint8(tvb, offset) >> 6; guint16 count = tvb_get_guint8(tvb, offset) & 0x3F; proto_item *pi; proto_tree_add_item(tree, hf_security_12_m, tvb, offset, 1, ENC_NA); proto_tree_add_item(tree, hf_security_12_count, tvb, offset, 1, ENC_NA); offset += 1; if (m == 0) return offset; while (count--) { const char *def = ""; gint start = offset; guint32 value; gint length; offset = read_c4(tvb, offset, &value, &length); switch (value) { case 0x3FFFFFFF: def = " (all scopes)"; break; case 0x3FFFFFFE: def = " (doesn't mask)"; break; case 0x3FFFFFFD: def = " (session scope)"; break; } pi = proto_tree_add_uint_format_value(tree, hf_security_12_permission_group_identifier, tvb, start, offset - start, value, "%u%s", value, def); validate_c4(pinfo, pi, value, length); } return offset; } /** * Security.13: Security Mode of Operation Negotiation. */ static int dissect_2008_16_security_13(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { /* Parse the base type. */ gint block_length; guint16 attribute_data; /* TODO: Skipping this first byte means that no other encryption modes can be supported. */ attribute_data = tvb_get_ntohs(tvb, 1); if (attribute_data < 0x6000 || attribute_data >= 0x7000) expert_add_info(pinfo, tree, &ei_security_13_out_of_range); block_length = dissect_2008_1_dsp_1(tvb, pinfo, tree); return block_length; } /** * Dissects a buffer that is pointing at an OID. * Adds a subtree with detailed information about the fields of * the OID, * returns the length of the OID, * and appends text to the tree (really a tree item) that is * passed in that gives a more accurate description of the OID. * Note that the tree already shows the bytes of the OID, so if * no additional information can be displayed then it should not * be. * * If 'tree' is NULL then just return the length. */ static gint dissect_2009_11_type_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { proto_item *ti; gint start_offset = 0; gint offset = 0; guint32 oid_class; gint oid_class_len; guint8 oid_len_byte; proto_tree *oid_tree = tree; proto_tree *header_tree; if (tree) { ti = proto_tree_get_parent(tree); proto_item_set_text(ti, "Object ID: %s", dof_oid_create_standard_string(tvb_reported_length(tvb), tvb_get_ptr(tvb, 0, tvb_reported_length(tvb)))); } offset = read_c4(tvb, offset, &oid_class, &oid_class_len); ti = proto_tree_add_uint_format(oid_tree, hf_oid_class, tvb, start_offset, offset - start_offset, oid_class, "Class: %u", oid_class); validate_c4(pinfo, ti, oid_class, oid_class_len); oid_len_byte = tvb_get_guint8(tvb, offset); ti = proto_tree_add_uint_format(oid_tree, hf_oid_header, tvb, offset, 1, oid_len_byte, "Header: 0x%02x (%sLength=%d)", oid_len_byte, oid_len_byte & 0x80 ? "Attribute, " : "", oid_len_byte & 0x3F); header_tree = proto_item_add_subtree(ti, ett_oid_header); proto_tree_add_item(header_tree, hf_oid_attribute, tvb, offset, 1, ENC_NA); proto_tree_add_item(header_tree, hf_oid_length, tvb, offset, 1, ENC_NA); offset += 1; /* Validate the flag byte */ if (oid_len_byte & 0x40) { /* Type.4 Malformed (bit mandated zero). */ expert_add_info(pinfo, ti, &ei_type_4_header_zero); } if ((oid_len_byte & 0x3F) > 0) { /* Add the raw data. */ proto_tree_add_item(oid_tree, hf_oid_data, tvb, offset, oid_len_byte & 0x3F, ENC_NA); offset += oid_len_byte & 0x3F; } /* Check for attributes */ if (oid_len_byte & 0x80) { /* Read attributes, adding them to oid_tree. */ guint8 flag; do { tvbuff_t *packet = tvb_new_subset_remaining(tvb, offset); proto_tree *attribute_tree; gint attribute_length; ti = proto_tree_add_item(tree, hf_oid_all_attribute_data, tvb, offset, -1, ENC_NA); attribute_tree = proto_item_add_subtree(ti, ett_oid_attribute); flag = tvb_get_guint8(tvb, offset); attribute_length = dissect_2009_11_type_5(packet, pinfo, attribute_tree); proto_item_set_len(ti, (const gint)attribute_length); offset += attribute_length; } while (flag & 0x80); } if (tree) { ti = proto_tree_get_parent(tree); proto_item_set_len(ti, offset - start_offset); } /* TODO: Add the description. */ /* proto_item_append_text( oid_tree, ": %s", "TODO" ); */ return offset; } /** * Dissects a buffer that is pointing at an attribute. * Adds a subtree with detailed information about the fields of * the attribute, * returns the new offset, * and appends text to the tree (really a tree item) that is * passed in that gives a more accurate description of the * attribute. * Note that the tree already shows the bytes of the OID, so if * no additional information can be displayed then it should not * be. * * If 'tree' is NULL then just return the length. */ static int dissect_2009_11_type_5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { proto_item *ti; gint offset = 0; guint8 attribute_id_byte; guint8 attribute_length_byte; proto_tree *oid_tree = tree; proto_tree *header_tree; attribute_id_byte = tvb_get_guint8(tvb, offset); ti = proto_tree_add_uint_format(oid_tree, hf_oid_attribute_header, tvb, offset, 1, attribute_id_byte, "Header: 0x%02x (%sLength=%d)", attribute_id_byte, attribute_id_byte & 0x80 ? "Attribute, " : "", attribute_id_byte & 0x3F); header_tree = proto_item_add_subtree(ti, ett_oid_attribute_header); proto_tree_add_item(header_tree, hf_oid_attribute_attribute, tvb, offset, 1, ENC_NA); proto_tree_add_item(header_tree, hf_oid_attribute_id, tvb, offset, 1, ENC_NA); offset += 1; attribute_length_byte = tvb_get_guint8(tvb, offset); proto_tree_add_item(oid_tree, hf_oid_attribute_length, tvb, offset, 1, ENC_NA); offset += 1; switch (attribute_id_byte & 0x7F) { case 1: /* TODO: Check length */ proto_tree_add_item(oid_tree, hf_oid_attribute_data, tvb, offset, attribute_length_byte, ENC_NA); offset += attribute_length_byte; break; case 0: case 2: { tvbuff_t *packet = tvb_new_subset_length(tvb, offset, attribute_length_byte); proto_tree *attribute_tree; ti = proto_tree_add_item(tree, hf_oid_attribute_oid, tvb, offset, -1, ENC_NA); attribute_tree = proto_item_add_subtree(ti, ett_oid_attribute_oid); offset += dissect_2009_11_type_4(packet, pinfo, attribute_tree, NULL); } break; default: proto_tree_add_item(oid_tree, hf_oid_attribute_data, tvb, offset, attribute_length_byte, ENC_NA); offset += attribute_length_byte; } return offset; } /* Transport Session ID */ static dof_globals globals; /* Static Methods. */ static dof_packet_data* create_packet_data(packet_info *pinfo); static int dof_dissect_dnp_length(tvbuff_t *tvb, packet_info *pinfo, guint8 version, gint *offset); #define VALIDHEX(c) ( ((c) >= '0' && (c) <= '9') || ((c) >= 'A' && (c) <= 'F') || ((c) >= 'a' && (c) <= 'f') ) /* Configuration structures. These tables allow for security * mode templates, security keys, and secrets to be configured. */ static gboolean decrypt_all_packets = FALSE; static gboolean track_operations = FALSE; static guint track_operations_window = 5; static guint32 next_dof_frame = 1; /* Structure for security mode of operation templates. */ typedef struct _secmode_field_t { gchar *domain; gchar *identity; gchar *kek; } secmode_field_t; static secmode_field_t *secmode_list = NULL; static guint num_secmode_list = 0; /* Structure for security keys. */ typedef struct _seckey_field_t { gchar *key; } seckey_field_t; /* Structure for secrets (for identities) */ typedef struct _identsecret_field_t { gchar *domain; gchar *identity; gchar *secret; } identsecret_field_t; typedef struct _tcp_ignore_data { guint32 sequence; gboolean ignore; struct _tcp_ignore_data *next; } tcp_ignore_data; typedef struct _tcp_dof_packet_ref { /* A single TCP frame can contain multiple packets. We must * be able to keep track of them all. */ dof_api_data api_data; guint16 start_offset; dof_transport_packet transport_packet; struct _tcp_dof_packet_ref *next; } tcp_dof_packet_ref; /** * This structure exists for TCP packets and allows matching Wireshark frames to * DPS packets. */ typedef struct _tcp_packet_data { /* Packets are ignored based on the starting TCP SEQ (sequence of first byte). */ tcp_ignore_data *from_client_ignore_list; tcp_ignore_data *from_server_ignore_list; /* DPS packet structures contained within a TCP frame. */ tcp_dof_packet_ref *dof_packets; } tcp_packet_data; /** * This structure exists for UDP sessions and allows for advanced stream handling * and matching Wireshark frames to DPS packets. */ typedef struct _udp_session_data { /* This must be the first structure, as a pointer to this type is stored in each DPS packet. */ dof_transport_session common; /* For the associated TCP conversation, this tracks the client and server * addresses. */ ws_node server; } udp_session_data; /* This structure exists for TCP sessions and allows for advanced stream handling * and matching Wireshark frames to DPS packets. */ typedef struct _tcp_session_data { /* This must be the first structure, as a pointer to this type is stored in each DPS packet. */ dof_transport_session common; /* This flag is used to determine that an entire TCP session is NOT OpenDOF. * Because of TCP/IP negotation in the DPS it is easy to confuse arbitrary * protocols as OpenDOF. Once it is determined that it is not then this * flag can be set, which will turn off all the OpenDOF dissectors. */ gboolean not_dps; /* For the associated TCP conversation, this tracks the client and server * addresses. */ ws_node client, server; /* TCP sequence numbers, used to detect retransmissions. These are only valid * during the first pass through the packets. */ guint32 from_client_seq; guint32 from_server_seq; } tcp_session_data; static dof_security_data global_security; static guint8 count_hex_bytes(gchar *str); /* Global DPS data structures for security keys. */ static seckey_field_t *seckey_list = NULL; static guint num_seckey_list = 0; /* Global DPS data structures for identity secrets. */ static identsecret_field_t *identsecret_list = NULL; static guint num_identsecret_list = 0; /* Callbacks for Configuration security templates. */ UAT_CSTRING_CB_DEF(secmode_list, domain, secmode_field_t) UAT_CSTRING_CB_DEF(secmode_list, identity, secmode_field_t) UAT_CSTRING_CB_DEF(secmode_list, kek, secmode_field_t) static void secmode_list_post_update_cb(void) { } static bool secmode_list_update_cb(void *r, char **err) { secmode_field_t *rec = (secmode_field_t *)r; guint32 size; *err = NULL; size = (guint32)strlen(rec->domain); if (!VALIDHEX(rec->domain[0]) && !dof_oid_create_internal(rec->domain, &size, NULL)) { *err = g_strdup("Invalid domain [must be valid OID]."); return FALSE; } else if (!count_hex_bytes(rec->domain)) { *err = g_strdup("Invalid domain [must be valid OID]."); return FALSE; } size = (guint32)strlen(rec->identity); if (!VALIDHEX(rec->identity[0]) && !dof_oid_create_internal(rec->identity, &size, NULL)) { *err = g_strdup("Invalid identity [must be valid OID]."); return FALSE; } else if (!count_hex_bytes(rec->identity)) { *err = g_strdup("Invalid identity [must be valid OID]."); return FALSE; } if (count_hex_bytes(rec->kek) != 32) { *err = g_strdup("Invalid KEK [must be 32 byte key]."); return FALSE; } return TRUE; } static void* secmode_list_copy_cb(void *n, const void *o, size_t siz _U_) { secmode_field_t *new_rec = (secmode_field_t *)n; const secmode_field_t *old_rec = (const secmode_field_t *)o; new_rec->domain = g_strdup(old_rec->domain); new_rec->identity = g_strdup(old_rec->identity); new_rec->kek = g_strdup(old_rec->kek); return new_rec; } static void secmode_list_free_cb(void *r) { secmode_field_t *rec = (secmode_field_t *)r; g_free(rec->domain); g_free(rec->identity); g_free(rec->kek); } /* Callbacks for security keys. */ UAT_CSTRING_CB_DEF(seckey_list, key, seckey_field_t) static void seckey_list_post_update_cb(void) { } static bool seckey_list_update_cb(void *r, char **err) { seckey_field_t *rec = (seckey_field_t *)r; *err = NULL; if (count_hex_bytes(rec->key) != 32) { *err = g_strdup("Invalid secret [must be 32 bytes]."); return FALSE; } return TRUE; } static void* seckey_list_copy_cb(void *n, const void *o, size_t siz _U_) { seckey_field_t *new_rec = (seckey_field_t *)n; const seckey_field_t *old_rec = (const seckey_field_t *)o; new_rec->key = g_strdup(old_rec->key); return new_rec; } static void seckey_list_free_cb(void *r) { seckey_field_t *rec = (seckey_field_t *)r; g_free(rec->key); } /* Callbacks for identity secrets. */ UAT_CSTRING_CB_DEF(identsecret_list, domain, identsecret_field_t) UAT_CSTRING_CB_DEF(identsecret_list, identity, identsecret_field_t) UAT_CSTRING_CB_DEF(identsecret_list, secret, identsecret_field_t) static void identsecret_list_post_update_cb(void) { } static bool identsecret_list_update_cb(void *r, char **err) { identsecret_field_t *rec = (identsecret_field_t *)r; guint32 size; *err = NULL; size = (guint32)strlen(rec->domain); if (!VALIDHEX(rec->domain[0])) { if (dof_oid_create_internal(rec->domain, &size, NULL)) { *err = g_strdup("Invalid domain [must be valid OID]."); return FALSE; } } else if (!count_hex_bytes(rec->domain)) { *err = g_strdup("Invalid domain [must be valid OID]."); return FALSE; } size = (guint32)strlen(rec->identity); if (!VALIDHEX(rec->identity[0])) { if (dof_oid_create_internal(rec->identity, &size, NULL)) { *err = g_strdup("Invalid identity [must be valid OID]."); return FALSE; } } else if (!count_hex_bytes(rec->identity)) { *err = g_strdup("Invalid identity [must be valid OID]."); return FALSE; } if (count_hex_bytes(rec->secret) != 32) { *err = g_strdup("Invalid secret [must be 32 byte key]."); return FALSE; } return TRUE; } static void* identsecret_list_copy_cb(void *n, const void *o, size_t siz _U_) { identsecret_field_t *new_rec = (identsecret_field_t *)n; const identsecret_field_t *old_rec = (const identsecret_field_t *)o; new_rec->domain = g_strdup(old_rec->domain); new_rec->identity = g_strdup(old_rec->identity); new_rec->secret = g_strdup(old_rec->secret); return new_rec; } static void identsecret_list_free_cb(void *r) { identsecret_field_t *rec = (identsecret_field_t *)r; g_free(rec->domain); g_free(rec->identity); g_free(rec->secret); } static void init_addr_port_tables(void); /* The IP transport protocols need to assign SENDER ID based on the * transport address. This requires a hash lookup from address/port to ID. */ static GHashTable *addr_port_to_id = NULL; typedef struct _addr_port_key { address addr; guint16 port; } addr_port_key; static guint addr_port_key_hash_fn(gconstpointer key) { const addr_port_key *addr_key = (const addr_port_key *)key; guint result = 0; guint port_as_int = addr_key->port; guint type_as_int = addr_key->addr.type; result += g_int_hash(&port_as_int); result += g_int_hash(&type_as_int); { guint hash = 5381; const guint8 *str = (const guint8 *)addr_key->addr.data; guint8 i; for (i = 0; i < addr_key->addr.len; i++) hash = ((hash << 5) + hash) + str[i]; /* hash * 33 + c */ result += hash; } return result; } static gboolean addr_port_key_equal_fn(gconstpointer key1, gconstpointer key2) { const addr_port_key *addr_key_ptr1 = (const addr_port_key *)key1; const addr_port_key *addr_key_ptr2 = (const addr_port_key *)key2; if (addr_key_ptr1->port != addr_key_ptr2->port) return FALSE; return addresses_equal(&addr_key_ptr1->addr, &addr_key_ptr2->addr); } static void addr_port_key_free_fn(gpointer key) { addr_port_key *addr_port = (addr_port_key *)key; g_free(addr_port->addr.priv); g_free(addr_port); } static void init_addr_port_tables(void) { /* This routine is called each time the system is reset (file load, capture) * and so it should take care of freeing any of our persistent stuff. */ if (addr_port_to_id != NULL) { /* Clear it out. Note that this calls the destroy functions for each element. */ g_hash_table_destroy(addr_port_to_id); addr_port_to_id = NULL; } /* The value is not allocated, so does not need to be freed. */ addr_port_to_id = g_hash_table_new_full(addr_port_key_hash_fn, addr_port_key_equal_fn, addr_port_key_free_fn, NULL); } static guint next_addr_port_id = 1; #define EP_COPY_ADDRESS(to, from) { \ guint8 *EP_COPY_ADDRESS_data; \ (to)->type = (from)->type; \ (to)->len = (from)->len; \ EP_COPY_ADDRESS_data = (guint8*) wmem_alloc(wmem_packet_scope(),(from)->len); \ memcpy(EP_COPY_ADDRESS_data, (from)->data, (from)->len); \ (to)->priv = EP_COPY_ADDRESS_data; \ (to)->data = (to)->priv; \ } /* Return the transport ID, a unique number for each transport sender. */ static guint assign_addr_port_id(address *addr, guint16 port) { addr_port_key lookup_key; addr_port_key *key; guint value; /* ensure the address contains actual data */ if (addr->type == AT_NONE) return 0; /* Build a (non-allocated) key to do the lookup. */ EP_COPY_ADDRESS(&lookup_key.addr, addr); lookup_key.port = port; value = GPOINTER_TO_UINT(g_hash_table_lookup(addr_port_to_id, &lookup_key)); if (value) { /* We found a match. */ return value; } /* No match, need to add a key. */ key = g_new0(addr_port_key, 1); copy_address(&key->addr, addr); key->port = port; /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */ g_hash_table_insert(addr_port_to_id, key, GUINT_TO_POINTER(next_addr_port_id)); return next_addr_port_id++; } /* Wireshark Configuration Dialog Routines*/ static bool identsecret_chk_cb(void *r _U_, const char *p _U_, unsigned len _U_, const void *u1 _U_, const void *u2 _U_, char **err _U_) { #if 0 gchar** protos; gchar* line = ep_strndup(p, len); guint num_protos, i; g_strstrip(line); ascii_strdown_inplace(line); protos = ep_strsplit(line, ":", 0); for (num_protos = 0; protos[num_protos]; num_protos++) g_strstrip(protos[num_protos]); if (!num_protos) { *err = g_strdup("No protocols given"); return FALSE; } for (i = 0; i < num_protos; i++) { if (!find_dissector(protos[i])) { *err = g_strdup("Could not find dissector for: '%s'", protos[i]); return FALSE; } } #endif return TRUE; } /* Utility Methods */ static guint8 count_hex_bytes(gchar *str) { guint8 total = 0; while (str != NULL && *str != '\0' && *str != '#') { if (!g_ascii_isxdigit(*str)) { str += 1; continue; } if (!g_ascii_isxdigit(str[1])) return 0; total += 1; str += 2; } return total; } static void parse_hex_string(gchar *str, guint8 **ptr, guint8 *len) { guint8 j = 0; *len = count_hex_bytes(str); *ptr = (guint8 *)g_malloc0(*len); while (j < *len) { int high, low; if (!g_ascii_isxdigit(*str)) { str += 1; continue; } high = ws_xton(str[0]); low = ws_xton(str[1]); (*ptr)[j++] = (high << 4) | low; str += 2; } } /* OID and IID Parsing */ static const guint8 OALString_HexChar[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; #define IS_PRINTABLE(c) ( ((guint8)c) >= 32U && ((guint8)c) < 127U ) #define IS_ESCAPED(c) ( (c) == '(' || (c) == ')' || (c) == '[' || (c) == ']' || (c) == '{' || (c) == '}' || (c) == '\\' || (c) == '|' ) #define DOFOBJECTID_MAX_CLASS_SIZE (4) #define MAX_OID_DATA_SIZE (63) #define OID_DATA_LEN_MASK (MAX_OID_DATA_SIZE) #define ObjectID_DataToStringLength( data, dataSize ) ObjectID_DataToString( (data), (dataSize), NULL ) #define OALString_HexDigitToChar(c) (OALString_HexChar[(c)]) #define DOFObjectIDAttribute_IsValid( attribute ) ((attribute).id < DOFOBJECTIDATTRIBUTE_INVALID) #define DOFOBJECTID_HEADER_SIZE (offsetof( DOFObjectID_t, oid )) #define DOFObjectIDAttribute_GetValueSize( attribute ) ((attribute).dataSize) #define DOFObjectIDAttribute_GetValue( attribute ) ((attribute).data) #define DOFObjectIDAttribute_GetType( attribute ) ((DOFObjectIDAttributeType)(attribute).id) typedef enum DOFObjectIDAttributeID_t { /** * Provider attribute. This attribute identifies an object as being * provided by a specific service provider. The associated data must * be an object identifier. */ DOFOBJECTIDATTRIBUTE_PROVIDER = 0, /** * Session attribute. This attribute associates the object with the * specified session. The associated data must be exactly 16 bytes long. */ DOFOBJECTIDATTRIBUTE_SESSION = 1, /** * Group attribute. This attribute is normally used in association * with the BROADCAST object identifier. It defines a target that is * a multicast group in the DOF network (as opposed to the transport). * The associated data must be an object identifier. */ DOFOBJECTIDATTRIBUTE_GROUP = 2, /** * Invalid, used to signal that an error has occurred. */ DOFOBJECTIDATTRIBUTE_INVALID = 128 } DOFObjectIDAttributeType; typedef guint32 DOFObjectIDClass; typedef struct DOFObjectID_t { guint32 refCount; guint16 len; /* Actual length of oid's wire representation. Max is 32707: 4 + 1 + 63 + (127 * 257). */ guint8 oid[1]; /* Extends beyond end of this defined structure, so oid MUST be last structure member! */ } DOFObjectID_t; typedef DOFObjectID_t *DOFObjectID; typedef guint8 DOFObjectIDAttributeDataSize; typedef struct DOFObjectIDAttribute_t { guint8 id; /**< Attribute Identifier. Intentionally defined as uint8 for size, but holds all valid values for DOFObjectIDAttributeType. **/ DOFObjectIDAttributeDataSize dataSize; /**< Size of the attribute data. **/ const guint8 *data; /**< Attribute data. **/ } DOFObjectIDAttribute; /** * Read variable-length value from buffer. * * @param maxSize [in] Maximum size of value to be read * @param bufLength [in,out] Input: size of buffer, output: size of value in buffer * @param buffer [in] Actual buffer * @return Uncompressed value if buffer size is valid (or 0 on error) */ static guint32 OALMarshal_UncompressValue(guint8 maxSize, guint32 *bufLength, const guint8 *buffer) { guint32 value = 0; guint8 used = 0; guint8 size = maxSize; guint8 mask; switch (buffer[0] >> 6) { case 0x02: /* Two Bytes */ if (maxSize > 2) mask = 0x3F; else mask = 0x7F; size = 2; break; case 0x03: /* Three/Four Bytes */ if (maxSize > 2) mask = 0x3F; else mask = 0x7F; break; default: /* One Byte */ size = 1; mask = 0x7F; break; } /* Sanity check */ if (size > *bufLength) return 0; value = buffer[used++] & mask; while (used < size) value = (value << 8) | buffer[used++]; *bufLength = used; return (value); } static guint32 DOFObjectID_GetClassSize(DOFObjectID self) { guint32 size = self->len; (void)OALMarshal_UncompressValue(DOFOBJECTID_MAX_CLASS_SIZE, &size, self->oid); return size; } static guint32 DOFObjectID_GetDataSize(const DOFObjectID self) { return ((*((const guint8 *)self->oid + DOFObjectID_GetClassSize(self))) & OID_DATA_LEN_MASK); } static guint32 ObjectID_DataToString(const guint8 *data, guint32 dataSize, char *pBuf) { guint32 len = 0, i, nonprintable, escaped; /* Determine if the data is printable... */ for (i = 0, nonprintable = 0, escaped = 0; i < dataSize; i++) { if (!IS_PRINTABLE(data[i])) nonprintable++; else if (IS_ESCAPED(data[i])) escaped++; } if (nonprintable == 0) { /* Printable, so copy as a string, escaping where necessary. */ if (pBuf) { for (i = 0; i < dataSize; i++) { if (IS_ESCAPED(data[i])) { pBuf[len++] = '\\'; pBuf[len++] = data[i]; } else pBuf[len++] = data[i]; } } else { len = dataSize + escaped; /* Count escaped characters twice. */ } } else { /* Non-printable, so format as hex string. */ if (pBuf) { pBuf[len++] = '{'; for (i = 0; i < dataSize; i++) { pBuf[len++] = OALString_HexDigitToChar((data[i] >> 4) & 0x0F); pBuf[len++] = OALString_HexDigitToChar((data[i]) & 0x0F); } pBuf[len++] = '}'; } else { len = dataSize * 2 + 2; } } return len; } static const guint8* DOFObjectID_GetData(const DOFObjectID self) { if (DOFObjectID_GetDataSize(self) > 0) return (const guint8 *)self->oid + DOFObjectID_GetClassSize(self) + 1; /* 1: length of length byte. */ return NULL; } static guint32 DOFObjectID_GetIDClass(const DOFObjectID self) { guint32 size = 4; return OALMarshal_UncompressValue(DOFOBJECTID_MAX_CLASS_SIZE, &size, self->oid); } static gboolean DOFObjectID_HasAttributes(const DOFObjectID self) { if (!self) return FALSE; /* bit 7: next attribute flag. */ return (gboolean)(((*(const guint8 *)((const guint8 *)(self->oid) + DOFObjectID_GetClassSize(self))) & 0x80) != 0); } static guint8 DOFObjectID_GetBaseSize(const DOFObjectID oid) { return DOFObjectID_GetClassSize(oid) + 1 + DOFObjectID_GetDataSize(oid); } static guint8 DOFObjectID_GetAttributeCount(const DOFObjectID self) { guint8 retVal = 0; /* Note: No OID can duplicate an attribute ID. Legal attribute IDs can be from 0-126. So max count fits in uint8. */ if (self && DOFObjectID_HasAttributes(self)) { const guint8 *pNextAttribute = (const guint8 *)self->oid + DOFObjectID_GetBaseSize(self); ++retVal; while (*pNextAttribute & 0x80) /* bit 7: next attribute present flag. */ { ++retVal; pNextAttribute += (2 + *((const guint8 *)pNextAttribute + 1)); /* 2: attribute marshalling overhead. */ } } return retVal; } static DOFObjectIDAttribute DOFObjectID_GetAttributeAtIndex(const DOFObjectID self, guint8 attribute_index) { DOFObjectIDAttribute retAttributeDescriptor = { DOFOBJECTIDATTRIBUTE_INVALID, 0, NULL }; /* Note: No OID can duplicate an attribute ID. Legal attribute IDs can be from 0-127. So max index fits in uint8. */ if (self && attribute_index < DOFOBJECTIDATTRIBUTE_INVALID) { if (DOFObjectID_HasAttributes(self)) { guint8 count = 0; const guint8 *pNextAttribute = (const guint8 *)self->oid + DOFObjectID_GetBaseSize(self); while (1) /* Parse through the N Attributes. */ { if (attribute_index == count++) { retAttributeDescriptor.id = *pNextAttribute & 0x7F; retAttributeDescriptor.dataSize = (DOFObjectIDAttributeDataSize) * ((const guint8 *)pNextAttribute + 1); retAttributeDescriptor.data = (const guint8 *)pNextAttribute + 2; /* 2: attr marshalling overhead. */ break; /* Success. */ } if (!(*pNextAttribute & 0x80)) break; /* Fail: no more Attributes */ pNextAttribute += (2 + *((const guint8 *)pNextAttribute + 1)); } } } return retAttributeDescriptor; } static void DOFObjectID_Destroy(DOFObjectID self _U_) { /* Ephemeral memory doesn't need to be freed. */ } static void DOFObjectID_InitStruct(DOFObjectID newObjID, guint32 dataLen) { newObjID->refCount = 1; newObjID->len = dataLen; } static DOFObjectID DOFObjectID_Create_Unmarshal(guint32 *length, const guint8 *buffer) { guint32 len = *length; /* Legal OID described at buffer must have at least 2 bytes. */ if (buffer && len >= 2) { guint32 classSize = len; guint32 classv = OALMarshal_UncompressValue(DOFOBJECTID_MAX_CLASS_SIZE, &classSize, buffer); /* Legal OID described at buffer must have its class representation be correctly compressed. */ if (1) { guint32 computedSize; /* Above call won't return 3 because DOFOBJECTID_MAX_CLASS_SIZE (4) was passed in. */ computedSize = classSize + 1; /* 1: length of length byte. */ /* Legal OID described at buffer must have enough bytes to describe its OID class. */ if (len >= computedSize) { guint8 lenByte = buffer[classSize]; /* Legal OID described at buffer must have its length byte bit 6 be 0. */ if (!(lenByte & 0x40)) { gboolean hasAttr; guint8 dataLen = lenByte & OID_DATA_LEN_MASK; /* Legal broadcast OID described at buffer must have no base data, though it can have attribute(s)*/ if ((classv == 0) && (dataLen > 0)) goto notvalid; computedSize += dataLen; hasAttr = lenByte & 0x80; /* Valid OID base; check attributes. */ while (hasAttr) { /* Legal OID described at buffer must have enough bytes to hold each new found attribute. */ if (len >= computedSize + 2) /* 2: attribute marshalling overhead. */ { hasAttr = buffer[computedSize] & 0x80; /* bit 7: next attribute present flag. */ computedSize += (2 + buffer[computedSize + 1]); } else goto notvalid; } /* Legal OID described at buffer must have enough buffer bytes, final check. */ if (len >= computedSize) { DOFObjectID newObjID = (DOFObjectID)wmem_alloc0(wmem_packet_scope(), DOFOBJECTID_HEADER_SIZE + computedSize + 1); /* Adds space for null-terminator, just in case. */ *length = computedSize; if (newObjID) { DOFObjectID_InitStruct(newObjID, computedSize); memcpy(newObjID->oid, buffer, computedSize); newObjID->oid[computedSize] = 0; return newObjID; /* Success. */ } /* buffer describes valid OID, but due to alloc failure we cannot return the newly created OID*/ goto allocErrorOut; } } } } } notvalid: /* buffer does not describe a valid OID, but do not log a message. The caller may have called us to find out if the buffer does or does not obey the rules of a valid OID. He learns that by our NULL return. */ allocErrorOut : *length = 0; return NULL; } static DOFObjectID DOFObjectID_Create_Bytes(guint32 bufferSize, const guint8 *pOIDBuffer) { guint32 len = bufferSize; DOFObjectID rval = DOFObjectID_Create_Unmarshal(&len, pOIDBuffer); if (rval) { if (len != bufferSize) { DOFObjectID_Destroy(rval); rval = NULL; } } return rval; } static guint32 ObjectID_ToStringLength(const DOFObjectID oid) { guint32 len = 0; /* Note: All these string functions can be exercised with objectid_test.c, which outputs the string to console. */ len = 7 /* [{xx}: and trailing ] */ + ObjectID_DataToStringLength(DOFObjectID_GetData(oid), DOFObjectID_GetDataSize(oid)); if (DOFObjectID_GetIDClass(oid) & 0xFF000000) len += 6; /* Six more hex digits. */ else if (DOFObjectID_GetIDClass(oid) & 0xFF0000) len += 4; /* Four more hex digits. */ else if (DOFObjectID_GetIDClass(oid) & 0xFF00) len += 2; /* Two more hex digits. */ /* Handle Attributes, if any. */ if (DOFObjectID_HasAttributes(oid)) { guint8 i; /* Max attribute count is under uint8. */ guint8 attributeCount = DOFObjectID_GetAttributeCount(oid); len += 2; /* surrounding ( ) */ for (i = 0; i < attributeCount; i++) { DOFObjectID embedOID; DOFObjectIDAttribute avpDescriptor = DOFObjectID_GetAttributeAtIndex(oid, i); if (!DOFObjectIDAttribute_IsValid(avpDescriptor)) break; /* Done with Attributes. If here, some error took place. */ if (i) len++; len += 5; /* {xx}: */ /* Handle embedded Object IDs. */ embedOID = DOFObjectID_Create_Bytes(DOFObjectIDAttribute_GetValueSize(avpDescriptor), DOFObjectIDAttribute_GetValue(avpDescriptor)); if (embedOID) { len += ObjectID_ToStringLength(embedOID); /* Recurse to compute string rep length of found OID. */ DOFObjectID_Destroy(embedOID); } else { /* Hex Data. */ len += ObjectID_DataToStringLength(DOFObjectIDAttribute_GetValue(avpDescriptor), DOFObjectIDAttribute_GetValueSize(avpDescriptor)); } } /* end for(). */ } return len; } static guint32 InterfaceID_ToString(const guint8 *iid, char *pBuf) { guint32 len = 0; guint iid_len = iid[0] & 0x03; guint i; if (iid_len == 3) iid_len = 4; pBuf[len++] = '['; pBuf[len++] = '{'; pBuf[len++] = OALString_HexDigitToChar((iid[0] >> 6) & 0x0F); pBuf[len++] = OALString_HexDigitToChar((iid[0] >> 2) & 0x0F); pBuf[len++] = '}'; pBuf[len++] = ':'; pBuf[len++] = '{'; /* Data */ for (i = 0; i < iid_len; i++) { pBuf[len++] = OALString_HexDigitToChar((iid[i + 1] >> 4) & 0x0F); pBuf[len++] = OALString_HexDigitToChar(iid[i + 1] & 0x0F); } pBuf[len++] = '}'; pBuf[len++] = ']'; return len; } static guint32 ObjectID_ToString(const DOFObjectID oid, char *pBuf) { DOFObjectIDClass oidClass; guint32 len = 0; pBuf[len++] = '['; pBuf[len++] = '{'; /* Class */ oidClass = DOFObjectID_GetIDClass(oid); if (oidClass & 0xFF000000) { pBuf[len++] = OALString_HexDigitToChar((oidClass >> 28) & 0x0F); pBuf[len++] = OALString_HexDigitToChar((oidClass >> 24) & 0x0F); } if (oidClass & 0xFFFF0000) { pBuf[len++] = OALString_HexDigitToChar((oidClass >> 20) & 0x0F); pBuf[len++] = OALString_HexDigitToChar((oidClass >> 16) & 0x0F); } if (oidClass & 0xFFFFFF00) { pBuf[len++] = OALString_HexDigitToChar((oidClass >> 12) & 0x0F); pBuf[len++] = OALString_HexDigitToChar((oidClass >> 8) & 0x0F); } pBuf[len++] = OALString_HexDigitToChar((oidClass >> 4) & 0x0F); pBuf[len++] = OALString_HexDigitToChar((oidClass) & 0x0F); pBuf[len++] = '}'; pBuf[len++] = ':'; /* Data */ len += ObjectID_DataToString(DOFObjectID_GetData(oid), DOFObjectID_GetDataSize(oid), &pBuf[len]); /* Handle Attributes, if any. */ if (DOFObjectID_HasAttributes(oid)) { guint8 i; guint8 attributeCount = DOFObjectID_GetAttributeCount(oid); pBuf[len++] = '('; for (i = 0; i < attributeCount; i++) { DOFObjectID embedOID; DOFObjectIDAttribute avpDescriptor = DOFObjectID_GetAttributeAtIndex(oid, i); if (!DOFObjectIDAttribute_IsValid(avpDescriptor)) break; /* Done with Attributes. If here, some error took place. */ if (i) pBuf[len++] = '|'; pBuf[len++] = '{'; pBuf[len++] = OALString_HexDigitToChar((DOFObjectIDAttribute_GetType(avpDescriptor) >> 4) & 0x0F); pBuf[len++] = OALString_HexDigitToChar((DOFObjectIDAttribute_GetType(avpDescriptor)) & 0x0F); pBuf[len++] = '}'; pBuf[len++] = ':'; /* Handle embedded Object IDs. */ embedOID = DOFObjectID_Create_Bytes(DOFObjectIDAttribute_GetValueSize(avpDescriptor), DOFObjectIDAttribute_GetValue(avpDescriptor)); if (embedOID) { len += ObjectID_ToString(embedOID, &pBuf[len]); /* Recurse to output string rep of found OID. */ DOFObjectID_Destroy(embedOID); } else { /* Hex Data. */ len += ObjectID_DataToString(DOFObjectIDAttribute_GetValue(avpDescriptor), DOFObjectIDAttribute_GetValueSize(avpDescriptor), &pBuf[len]); } } /* end for(). */ pBuf[len++] = ')'; } pBuf[len++] = ']'; return len; } static const gchar* dof_iid_create_standard_string(guint32 bufferSize, const guint8 *pIIDBuffer) { gchar *pRetval; guint len = 9 + (bufferSize - 1) * 2; /* Alias is always [{AA}:{01234567}] */ pRetval = (gchar *)wmem_alloc(wmem_packet_scope(), len + 1); if (pRetval) { InterfaceID_ToString(pIIDBuffer, pRetval); pRetval[len] = 0; } return pRetval; } static const gchar* dof_oid_create_standard_string(guint32 bufferSize, const guint8 *pOIDBuffer) { DOFObjectID oid; gchar *pRetval; guint32 len = bufferSize; oid = DOFObjectID_Create_Unmarshal(&len, pOIDBuffer); if (!oid) return "Illegal OID"; len = ObjectID_ToStringLength(oid); /* Use PCRMem_Alloc() and not DOFMem_Alloc() because app caller will be freeing memory with PCRMem_Destroy(). */ pRetval = (gchar *)wmem_alloc(wmem_packet_scope(), len + 1); if (pRetval) { ObjectID_ToString(oid, pRetval); pRetval[len] = 0; } return pRetval; } struct parseCtx { const char *oid; guint8 *buffer; guint32 buffLen; guint32 oidLen; guint32 currOidPos; guint32 currBufferPos; }parseCtx; /* Operations on OID string */ #define PARSECTX_PEEK_CHAR_OID(ctx) ( (ctx)->oid[(ctx)->currOidPos] ) #define PARSECTX_PEEK_NEXT_CHAR_OID(ctx) ( (ctx)->oid[(ctx)->currOidPos+1] ) #define PARSECTX_READ_CHAR_OID(ctx) ( (ctx)->oid[(ctx)->currOidPos++] ) #define PARSECTX_GET_CURRENT_POS_OID(ctx) ( (ctx)->oid+(ctx)->currOidPos ) #define PARSECTX_STEP_OID(ctx, count)((ctx)->currOidPos+=(count)) /* Operations on DOFObjectID buffer */ #define PARSECTX_GET_CURRENT_POS_BUF(ctx)( ((ctx)->buffer)? (ctx)->buffer+(ctx)->currBufferPos: NULL ) #define PARSECTX_STEP_BUF(ctx, count)( (ctx)->currBufferPos+=(count)) #define PARSECTX_WRITE_AT_POS_BUF(ctx, pos, value) do{ if((ctx)->buffer) *(pos) = (value); } while(0) #define PARSECTX_OR_AT_POS_BUF(ctx, pos, value) do{ if((ctx)->buffer) *(pos) |= (value); } while(0) #define PARSECTX_WRITE_BUF(ctx, value)( ((ctx)->buffer)? (ctx)->buffer[(ctx)->currBufferPos++] = (value): (ctx)->currBufferPos++ ) #define PARSECTX_CHECK_LEN(ctx, len) (((ctx)->buffer)? (((ctx)->currBufferPos+len <= (ctx)->buffLen)? 0: 1): 0) /* Operation to read from OID straight to buffer */ #define PARSECTX_WRITE_BUF_FROM_OID(ctx) (((ctx)->buffer)? (ctx)->buffer[(ctx)->currBufferPos++] = (ctx)->oid[(ctx)->currOidPos]: ((ctx)->currBufferPos++),((ctx)->currOidPos++)) #define IS_DIGIT(c) (((c) >= '0' && (c) <= '9')) #define DIGIT2VALUE(c) (c-48) #define HEX2VALUE(c) ( (IS_DIGIT(c))? DIGIT2VALUE(c) : ((c) >= 'A' && (c) <= 'F')? (c-55): (c-87) ) #define VALIDHEXSEP(c) ( (c) == ' ' || (c) == ':' || (c) == '-' ) #define VALIDHEX(c) ( ((c) >= '0' && (c) <= '9') || ((c) >= 'A' && (c) <= 'F') || ((c) >= 'a' && (c) <= 'f') ) #define VALIDHEXBYTE(s) ( VALIDHEX((s)[0]) && VALIDHEX((s)[1]) ) #define VALIDNUMBER(c) ((c) >= '0' && (c) <= '9') #define VALIDASCIICHAR(c) (((guint8)c) >= 32 && ((guint8)c) <= 126 ) #define IS_ESCAPED(c) ( (c) == '(' || (c) == ')' || (c) == '[' || (c) == ']' || (c) == '{' || (c) == '}' || (c) == '\\' || (c) == '|' ) static guint8 parseFormatOID(struct parseCtx *ctx); static guint8 parseHexField(struct parseCtx *ctx) { /* Hex fields start with { and end with } can contain space, dash and colon*/ if (PARSECTX_READ_CHAR_OID(ctx) == '{' && PARSECTX_PEEK_CHAR_OID(ctx) != '}') { while (PARSECTX_PEEK_CHAR_OID(ctx) != '}') { if (VALIDHEXBYTE(PARSECTX_GET_CURRENT_POS_OID(ctx))) { if (PARSECTX_CHECK_LEN(ctx, 1) == 0) { PARSECTX_WRITE_BUF(ctx, HEX2VALUE(PARSECTX_PEEK_CHAR_OID(ctx)) << 4 | HEX2VALUE(PARSECTX_PEEK_NEXT_CHAR_OID(ctx))); PARSECTX_STEP_OID(ctx, 2); if (VALIDHEXSEP(PARSECTX_PEEK_CHAR_OID(ctx))) { if (PARSECTX_PEEK_NEXT_CHAR_OID(ctx) == '}') { /* no seperator after byte block */ return 1; } PARSECTX_STEP_OID(ctx, 1); } } else { return 1; } } else { return 1; } } PARSECTX_STEP_OID(ctx, 1); return 0; } return 1; } static guint8 parseStringField(struct parseCtx *ctx) { /* Copy into buffer until end or */ while (ctx->currOidPos < (ctx->oidLen - 1)) { char curr = PARSECTX_PEEK_CHAR_OID(ctx); if (curr == ']' || curr == '(') { break; /* End of string field */ } else if (curr == '\\') { /* Handle escaped char */ PARSECTX_STEP_OID(ctx, 1); if (!IS_ESCAPED(PARSECTX_PEEK_CHAR_OID(ctx)) || PARSECTX_CHECK_LEN(ctx, 1) != 0) return 1; PARSECTX_WRITE_BUF_FROM_OID(ctx); } else { if (VALIDASCIICHAR(curr) && PARSECTX_CHECK_LEN(ctx, 1) == 0) PARSECTX_WRITE_BUF_FROM_OID(ctx); else return 1; } } return 0; } static guint8 OALMarshal_GetCompressedValueSize(guint8 maxSize, guint32 value) { guint8 lenbytes = (1 + (value > 0x7F) + (value > 0x3FFF)); if (lenbytes > 2) return (maxSize); return (lenbytes); } static guint32 OALMarshal_CompressValue(guint8 maxSize, guint32 value, guint32 bufLength, guint8 *buffer) { guint8 lenSize = OALMarshal_GetCompressedValueSize(maxSize, value); if (bufLength < lenSize) return 0; switch (lenSize) { case 4: *(buffer++) = (guint8)((value >> 24) & 0x3F) | 0xC0; *(buffer++) = (guint8)((value >> 16) & 0xFF); *(buffer++) = (guint8)((value >> 8) & 0xFF); *(buffer++) = (guint8)(value & 0xFF); break; case 3: *(buffer++) = (guint8)((value >> 16) & 0x3F) | 0xC0; *(buffer++) = (guint8)((value >> 8) & 0xFF); *(buffer++) = (guint8)(value & 0xFF); break; case 2: if (maxSize == 2) { *(buffer++) = (guint8)((value >> 8) & 0x7F) | 0x80; } else { *(buffer++) = (guint8)((value >> 8) & 0x3F) | 0x80; } *(buffer++) = (guint8)(value & 0xFF); break; case 1: *(buffer++) = (guint8)(value & 0x7F); break; default: /* Invalid computed size! */ break; } return (lenSize); } static guint8 parseOIDClass(struct parseCtx *ctx) { if (PARSECTX_PEEK_CHAR_OID(ctx) == '{' && PARSECTX_PEEK_NEXT_CHAR_OID(ctx) != '}') { /* Hex */ guint8 classSize = 0; guint32 oidClass = 0; PARSECTX_STEP_OID(ctx, 1); while (PARSECTX_PEEK_CHAR_OID(ctx) != '}') { if (VALIDHEXBYTE(PARSECTX_GET_CURRENT_POS_OID(ctx))) { oidClass <<= 8; oidClass += (HEX2VALUE(PARSECTX_PEEK_CHAR_OID(ctx)) << 4 | HEX2VALUE(PARSECTX_PEEK_NEXT_CHAR_OID(ctx))); PARSECTX_STEP_OID(ctx, 2); if (VALIDHEXSEP(PARSECTX_PEEK_CHAR_OID(ctx))) { if (PARSECTX_PEEK_NEXT_CHAR_OID(ctx) == '}') { /* no seperator after byte block */ return 1; } PARSECTX_STEP_OID(ctx, 1); } } else { return 1; } } PARSECTX_STEP_OID(ctx, 1); classSize = OALMarshal_GetCompressedValueSize(4, oidClass); if (PARSECTX_CHECK_LEN(ctx, classSize) == 0) { if (PARSECTX_GET_CURRENT_POS_BUF(ctx)) classSize = OALMarshal_CompressValue(4, oidClass, classSize, PARSECTX_GET_CURRENT_POS_BUF(ctx)); PARSECTX_STEP_BUF(ctx, classSize); } return 0; } else { /* Number */ guint8 classSize = 0; guint32 oidClass = 0; while (IS_DIGIT(PARSECTX_PEEK_CHAR_OID(ctx))) { oidClass *= 10; oidClass += DIGIT2VALUE(PARSECTX_PEEK_CHAR_OID(ctx)); PARSECTX_STEP_OID(ctx, 1); } classSize = OALMarshal_GetCompressedValueSize(4, oidClass); if (PARSECTX_CHECK_LEN(ctx, classSize) == 0) { if (PARSECTX_GET_CURRENT_POS_BUF(ctx)) classSize = OALMarshal_CompressValue(4, oidClass, classSize, PARSECTX_GET_CURRENT_POS_BUF(ctx)); PARSECTX_STEP_BUF(ctx, classSize); } return 0; } } static guint8 parseAttributeID(struct parseCtx *ctx) { if (PARSECTX_PEEK_CHAR_OID(ctx) == '{') { return parseHexField(ctx); } else { guint8 avpid = 0; while (IS_DIGIT(PARSECTX_PEEK_CHAR_OID(ctx))) { avpid *= 10; avpid += DIGIT2VALUE(PARSECTX_PEEK_CHAR_OID(ctx)); PARSECTX_STEP_OID(ctx, 1); } if (PARSECTX_CHECK_LEN(ctx, 1) == 0) { PARSECTX_WRITE_BUF(ctx, avpid); return 0; } } return 1; } static guint8 parseAttributeData(struct parseCtx *ctx) { if (PARSECTX_PEEK_CHAR_OID(ctx) == '[') { return parseFormatOID(ctx); } else if (PARSECTX_PEEK_CHAR_OID(ctx) == '{') { return parseHexField(ctx); } else { return parseStringField(ctx); } } static guint8 parseAttribute(struct parseCtx *ctx) { if (parseAttributeID(ctx) == 0) { /* seperated by ':' */ if (PARSECTX_READ_CHAR_OID(ctx) == ':' && PARSECTX_CHECK_LEN(ctx, 1) == 0) { guint8 *length = PARSECTX_GET_CURRENT_POS_BUF(ctx); if (length == NULL) return 0; PARSECTX_STEP_BUF(ctx, 1); if (parseAttributeData(ctx) == 0) { PARSECTX_WRITE_AT_POS_BUF(ctx, length, (guint8)(PARSECTX_GET_CURRENT_POS_BUF(ctx) - (length + 1))); return 0; } } } return 1; } static guint8 parseAttributes(struct parseCtx *ctx) { /* AVPs surrounded by '(' ')' but needs at least an avp */ if (PARSECTX_READ_CHAR_OID(ctx) == '(' && PARSECTX_PEEK_CHAR_OID(ctx) != ')') { while (PARSECTX_PEEK_CHAR_OID(ctx) != ')') { guint8 *avpID = PARSECTX_GET_CURRENT_POS_BUF(ctx); if (avpID == NULL) return 0; if (parseAttribute(ctx) != 0) return 1; /* multiple seperated by '|' */ if (PARSECTX_PEEK_CHAR_OID(ctx) == '|' && PARSECTX_PEEK_NEXT_CHAR_OID(ctx) != ')') { PARSECTX_OR_AT_POS_BUF(ctx, avpID, 0x80); /* set that there is a next attribute */ PARSECTX_STEP_OID(ctx, 1); } } PARSECTX_STEP_OID(ctx, 1); return 0; } return 1; } static guint8 parseFormatOID(struct parseCtx *ctx) { /* oid must start with '[' */ if (PARSECTX_PEEK_CHAR_OID(ctx) == '[') { PARSECTX_STEP_OID(ctx, 1); /* Get class id */ if (parseOIDClass(ctx) == 0) { /* seperated by ':' */ if (PARSECTX_READ_CHAR_OID(ctx) == ':' && PARSECTX_CHECK_LEN(ctx, 1) == 0) { guint8 *length = PARSECTX_GET_CURRENT_POS_BUF(ctx); PARSECTX_STEP_BUF(ctx, 1); /* Get data */ if (PARSECTX_PEEK_CHAR_OID(ctx) == '{') { /* hex data */ if (parseHexField(ctx) != 0) return 1; } else { /* string data */ if (parseStringField(ctx) != 0) return 1; } /* Write length */ if (length == NULL) return 0; PARSECTX_WRITE_AT_POS_BUF(ctx, length, (guint8)(PARSECTX_GET_CURRENT_POS_BUF(ctx) - (length + 1))); /* Check if attributes exist */ if (PARSECTX_PEEK_CHAR_OID(ctx) == '(') { PARSECTX_OR_AT_POS_BUF(ctx, length, 0x80); /* set that there are attributes */ if (parseAttributes(ctx) != 0) return 1; } /* Ends with ] */ if (PARSECTX_READ_CHAR_OID(ctx) == ']') { return 0; } } } } return 1; } static guint8 dof_oid_create_internal(const char *oid, guint32 *size, guint8 *buffer) { struct parseCtx ctx; ctx.oid = oid; ctx.buffer = buffer; ctx.currOidPos = 0; ctx.currBufferPos = 0; if (oid) { if (size) { ctx.buffLen = (*size); ctx.oidLen = (guint32)strlen(oid); if (PARSECTX_PEEK_CHAR_OID(&ctx) == '[') { /* Format OID */ if (parseFormatOID(&ctx) == 0) { (*size) = ctx.currBufferPos; return 0; } } else if (PARSECTX_PEEK_CHAR_OID(&ctx) == '{') { /* HEX OID */ if (parseHexField(&ctx) == 0) { (*size) = ctx.currBufferPos; return 0; } } (*size) = 0; } } return 1; } static void dof_oid_new_standard_string(const char *data, guint32 *rsize, guint8 **oid) { if (data) { guint8 err; guint32 size = 0; /* Call parseInternal to find out how big the buffer needs to be. */ err = dof_oid_create_internal(data, &size, NULL); if (err == 0) { /* Create the DOFObjectID using the size that was just computed. */ *oid = (guint8 *)g_malloc(size + 1); /* Adds space for null-terminator, just in case. */ if (*oid) { /* Now that the size is computed and the DOFObjectID is created, call parseInternal again to fill the oid buffer. */ err = dof_oid_create_internal(data, &size, *oid); if (err == 0) { *rsize = size; return; } g_free(*oid); } } } *rsize = 0; *oid = NULL; } /* Binary Parsing Support */ /** * Read a compressed 32-bit quantity (PDU Type.3). * Since the value is variable length, the new offset is * returned. The value can also be returned, along with the size, although * NULL is allowed for those parameters. */ static gint read_c4(tvbuff_t *tvb, gint offset, guint32 *v, gint *L) { guint32 val = 0; guint8 len = 0; guint8 b = tvb_get_guint8(tvb, offset++); int i; if ((b & 0x80) == 0) { len = 1; b = b & 0x7F; } else if ((b & 0x40) == 0) { len = 2; b = b & 0x3F; } else { len = 4; b = b & 0x3F; } val = b; for (i = 1; i < len; i++) val = (val << 8) | tvb_get_guint8(tvb, offset++); if (L) *L = len; if (v) *v = val; return offset; } /** * Validate PDU Type.3 * Validaes the encoding. * Add Expert Info if format invalid * This also validates Spec Type.3.1. */ static void validate_c4(packet_info *pinfo, proto_item *pi, guint32 val, gint len) { if (len > 1 && val < 0x80) { /* SPEC Type.3.1 Violation. */ expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.3.1: Compressed 32-bit Compression Mandatory."); } if (len > 2 && val < 0x4000) { /* SPEC Type.3.1 Violation. */ expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.3.1: Compressed 32-bit Compression Mandatory."); } } /** * Reads a compressed 24-bit quantity (PDU Type.2). * Since the value is variable length, the new offset is * returned. * The value can also be returned, along with the size, although * NULL is allowed for those parameters. */ static gint read_c3(tvbuff_t *tvb, gint offset, guint32 *v, gint *L) { guint32 val = 0; guint8 len = 0; guint8 b = tvb_get_guint8(tvb, offset++); int i; if ((b & 0x80) == 0) { len = 1; b = b & 0x7F; } else if ((b & 0x40) == 0) { len = 2; b = b & 0x3F; } else { len = 3; b = b & 0x3F; } val = b; for (i = 1; i < len; i++) val = (val << 8) | tvb_get_guint8(tvb, offset++); if (L) *L = len; if (v) *v = val; return offset; } /** * Validate PDU Type.2 * Validaes the encoding. * Adds Expert Info if format invalid * This also validates Spec Type.2.1. */ static void validate_c3(packet_info *pinfo, proto_item *pi, guint32 val, gint len) { if (len > 1 && val < 0x80) { /* SPEC Type.2.1 Violation. */ expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.2.1: Compressed 24-bit Compression Mandatory." ); } if (len > 2 && val < 0x4000) { /* SPEC Type.2.1 Violation. */ expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.2.1: Compressed 24-bit Compression Mandatory."); } } /** * Reads a compressed 16-bit quantity (PDU Type.1). * Since the value is variable length, the new offset is * returned. The value can also be returned, along with the size, although * NULL is allowed for those parameters. */ static gint read_c2(tvbuff_t *tvb, gint offset, guint16 *v, gint *L) { guint16 val = 0; guint8 b = tvb_get_guint8(tvb, offset++); if (b & 0x80) { b = b & 0x7F; val = (b << 8) | tvb_get_guint8(tvb, offset++); if (L) *L = 2; } else { val = b; if (L) *L = 1; } if (v) *v = val; return offset; } /** * Validates PDU Type.1 * Validaes the encoding. * Adds Expert Info if format invalid * This also validates Spec Type.1.1. */ static void validate_c2(packet_info *pinfo, proto_item *pi, guint16 val, gint len) { if (len > 1 && val < 0x80) { /* SPEC Type.1.1 Violation. */ expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.1.1: Compressed 16-bit Compression Mandatory." ); } } /** * Given a packet data, and assuming that all of the prerequisite information is known, * assign a SID ID to the packet if not already assigned. * A SID ID is the *possibility* of a unique SID, but until the SID is learned the * association is not made. Further, multiple SID ID may end up referring to the * same SID, in which case the assignment must be repaired. */ static void assign_sid_id(dof_api_data *api_data) { node_key_to_sid_id_key lookup_key; node_key_to_sid_id_key *key; dof_session_data *session; dof_packet_data *packet; guint value; /* Validate input. These represent dissector misuse, not decoding problems. */ /* TODO: Diagnostic/programmer message. */ if (!api_data || !api_data->packet || !api_data->session) return; session = api_data->session; packet = (dof_packet_data *)api_data->packet; /* Check if the sender_sid_id is already assigned, if so we are done. */ if (!packet->sender_sid_id) { /* Build a (non-allocated) key to do the lookup. */ lookup_key.transport_id = api_data->transport_session->transport_id; lookup_key.transport_node_id = api_data->transport_packet->sender_id; lookup_key.dof_id = session->dof_id; lookup_key.dof_node_id = packet->sender_id; lookup_key.dof_session_id = session->session_id; value = GPOINTER_TO_UINT(g_hash_table_lookup(node_key_to_sid_id, &lookup_key)); if (value) { gpointer sid_id_key = GUINT_TO_POINTER(value); gpointer sid_buffer; /* We found a match. */ packet->sender_sid_id = value; /* If we know the SID, we must get it now. */ sid_buffer = g_hash_table_lookup(sid_id_to_sid_buffer, sid_id_key); if (sid_buffer) { /* We found a match. */ packet->sender_sid = (dof_2009_1_pdu_19_sid)sid_buffer; } } else { /* No match, need to add a key. */ key = g_new0(node_key_to_sid_id_key, 1); memcpy(key, &lookup_key, sizeof(node_key_to_sid_id_key)); /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */ g_hash_table_insert(node_key_to_sid_id, key, GUINT_TO_POINTER(dpp_next_sid_id)); packet->sender_sid_id = dpp_next_sid_id++; } } /* Check if the receiver_sid_id is already assigned, if so we are done. */ if (!packet->receiver_sid_id) { /* Build a (non-allocated) key to do the lookup. */ lookup_key.transport_id = api_data->transport_session->transport_id; lookup_key.transport_node_id = api_data->transport_packet->receiver_id; lookup_key.dof_id = session->dof_id; lookup_key.dof_node_id = packet->receiver_id; lookup_key.dof_session_id = session->session_id; value = GPOINTER_TO_UINT(g_hash_table_lookup(node_key_to_sid_id, &lookup_key)); if (value) { gpointer sid_id_key = GUINT_TO_POINTER(value); gpointer sid_buffer; /* We found a match. */ packet->receiver_sid_id = value; /* If we know the SID, we must get it now. */ sid_buffer = g_hash_table_lookup(sid_id_to_sid_buffer, sid_id_key); if (sid_buffer) { /* We found a match. */ packet->receiver_sid = (dof_2009_1_pdu_19_sid)sid_buffer; } } else { /* No match, need to add a key. */ key = g_new0(node_key_to_sid_id_key, 1); memcpy(key, &lookup_key, sizeof(node_key_to_sid_id_key)); /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */ g_hash_table_insert(node_key_to_sid_id, key, GUINT_TO_POINTER(dpp_next_sid_id)); packet->receiver_sid_id = dpp_next_sid_id++; } } } /** * Declare that the sender of the packet is known to have a SID * that is identified by the specified buffer. There are a few * cases here: * 1. The sid of the sender is already assigned. This is a NOP. * 2. The sid has never been seen. This associates the SID with the sender SID ID. * 3. The sid has been seen, and matches the SID ID of the sender. This just sets the sid field. * 4. The sid has been seen, but with a different SID ID than ours. Patch up all the packets. */ static void learn_sender_sid(dof_api_data *api_data, guint8 length, const guint8 *sid) { dof_packet_data *packet; guint8 lookup_key[256]; guint8 *key; gpointer value; /* Validate input. */ if (!api_data) { /* TODO: Print error. */ return; } if (!api_data->packet) { /* TODO: Print error. */ return; } packet = (dof_packet_data *)api_data->packet; if (!packet->sender_sid_id) return; /* Check for sender SID already known. */ if (packet->sender_sid) return; /* Check for SID already known (has assigned SID ID) */ /* Build a (non-allocated) key to do the lookup. */ lookup_key[0] = length; memcpy(lookup_key + 1, sid, length); if (g_hash_table_lookup_extended(sid_buffer_to_sid_id, &lookup_key, (gpointer *)&key, &value)) { guint sid_id = GPOINTER_TO_UINT(value); /* We found a match. */ if (packet->sender_sid_id == sid_id) { /* It matches our SID ID. Set the sid field. */ packet->sender_sid = key; return; } else { /* There is a mis-match between SID and SID ID. We have to go through * all the packets that have SID ID (ours) and update them to SID ID (sid). */ guint sid_id_correct = sid_id; guint sid_id_incorrect = packet->sender_sid_id; dof_packet_data *ptr = globals.dof_packet_head; while (ptr) { if (ptr->sender_sid_id == sid_id_incorrect) ptr->sender_sid_id = sid_id_correct; if (ptr->receiver_sid_id == sid_id_incorrect) ptr->receiver_sid_id = sid_id_correct; if (ptr->op.op_sid_id == sid_id_incorrect) ptr->op.op_sid_id = sid_id_correct; if (ptr->ref_op.op_sid_id == sid_id_incorrect) ptr->ref_op.op_sid_id = sid_id_correct; ptr = ptr->next; } } return; } /* The SID has never been seen. Associate with the SID ID. */ key = (dof_2009_1_pdu_19_sid)g_malloc0(length + 1); memcpy(key, lookup_key, length + 1); /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */ g_hash_table_insert(sid_buffer_to_sid_id, key, GUINT_TO_POINTER(packet->sender_sid_id)); g_hash_table_insert(sid_id_to_sid_buffer, GUINT_TO_POINTER(packet->sender_sid_id), key); /* NOTE: We are storing a reference to the SID in the packet data. This memory * will be freed by the dissector init routine when the SID hash table is destroyed. * Nothing else should free this SID. */ packet->sender_sid = (dof_2009_1_pdu_19_sid)key; /* We have learned the "correct" sid and sid_id, so we can set the sid of * any packets that have this sid_id (saves hash lookups in the future). */ { dof_packet_data *ptr = globals.dof_packet_head; while (ptr) { if (ptr->sender_sid_id == packet->sender_sid_id) ptr->sender_sid = key; if (ptr->receiver_sid_id == packet->sender_sid_id) ptr->receiver_sid = key; ptr = ptr->next; } } } /** * Learn a SID from an explict operation. This only defines sids and sid ids. */ static void learn_operation_sid(dof_2009_1_pdu_20_opid *opid, guint8 length, const guint8 *sid) { guint8 lookup_key[256]; guint8 *key; gpointer value; /* Check for sender SID already known. */ if (opid->op_sid) return; /* Check for SID already known (has assigned SID ID) */ /* Build a (non-allocated) key to do the lookup. */ lookup_key[0] = length; memcpy(lookup_key + 1, sid, length); if (g_hash_table_lookup_extended(sid_buffer_to_sid_id, &lookup_key, (gpointer *)&key, &value)) { guint sid_id = GPOINTER_TO_UINT(value); opid->op_sid_id = sid_id; opid->op_sid = key; return; } /* The SID has never been seen. Associate with the SID ID. */ key = (dof_2009_1_pdu_19_sid)g_malloc0(length + 1); memcpy(key, lookup_key, length + 1); /* Assign the op_sid_id. */ opid->op_sid_id = dpp_next_sid_id++; /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */ g_hash_table_insert(sid_buffer_to_sid_id, key, GUINT_TO_POINTER(opid->op_sid_id)); g_hash_table_insert(sid_id_to_sid_buffer, GUINT_TO_POINTER(opid->op_sid_id), key); /* NOTE: We are storing a reference to the SID in the packet data. This memory * will be freed by the dissector init routine when the SID hash table is destroyed. * Nothing else should free this SID. */ opid->op_sid = (dof_2009_1_pdu_19_sid)key; } static void generateMac(gcry_cipher_hd_t cipher_state, guint8 *nonce, const guint8 *epp, gint a_len, guint8 *data, gint len, guint8 *mac, gint mac_len) { guint16 i; guint16 cnt; /* a_len = 1, t = mac_len, q = 4: (t-2)/2 : (q-1) -> 4B */ mac[0] = 0x43 | (((mac_len - 2) / 2) << 3); memcpy(mac + 1, nonce, 11); memset(mac + 12, 0, 4); mac[14] = len >> 8; mac[15] = len & 0xFF; gcry_cipher_encrypt(cipher_state, mac, 16, NULL, 0); mac[0] ^= (a_len >> 8); mac[1] ^= (a_len); i = 2; for (cnt = 0; cnt < a_len; cnt++, i++) { if (i % 16 == 0) gcry_cipher_encrypt(cipher_state, mac, 16, NULL, 0); mac[i % 16] ^= epp[cnt]; } i = 0; for (cnt = 0; cnt < len; cnt++, i++) { if (i % 16 == 0) gcry_cipher_encrypt(cipher_state, mac, 16, NULL, 0); mac[i % 16] ^= data[cnt]; } gcry_cipher_encrypt(cipher_state, mac, 16, NULL, 0); } static int decrypt(ccm_session_data *session, ccm_packet_data *pdata, guint8 *nonce, const guint8 *epp, gint a_len, guint8 *data, gint len) { unsigned short i; unsigned char ctr[16]; unsigned char encrypted_ctr[16]; unsigned char mac[16]; unsigned char computed_mac[16]; unsigned int skip; guint8 *ekey; if (data == NULL || len == 0) return 0; /* Check the mac length. */ if (session->mac_len < 4 || session->mac_len > 16) return 0; if (pdata->period == 0) ekey = (guint8 *)session->cipher_data; else ekey = (guint8 *)g_hash_table_lookup(session->cipher_data_table, GUINT_TO_POINTER(pdata->period)); if (!ekey) return 0; /* Determine how many blocks are skipped. */ #if 0 /* seems to be dead code... check this! */ skip = a_len + 2; skip /= 16; if ((a_len + 2) % 16) skip += 1; #endif skip = 0; /* This is hard-coded for q=4. This can only change with a protocol revision. Note the value is stored as (q-1). */ ctr[0] = 0x03; memcpy(ctr + 1, nonce, 11); ctr[12] = 0; ctr[13] = 0; ctr[14] = 0; ctr[15] = skip; /* Preincremented below. */ for (i = 0; i < len - session->mac_len; i++) { if (i % 16 == 0) { if (ctr[15] == 255) ctr[14] += 1; ctr[15] += 1; memcpy(encrypted_ctr, ctr, 16); gcry_cipher_encrypt(session->cipher_data, encrypted_ctr, 16, NULL, 0); } data[i] ^= encrypted_ctr[i % 16]; } memcpy(mac, data + i, session->mac_len); ctr[12] = 0; ctr[13] = 0; ctr[14] = 0; ctr[15] = 0; memcpy(encrypted_ctr, ctr, 16); gcry_cipher_encrypt(session->cipher_data, encrypted_ctr, 16, NULL, 0); for (i = 0; i < session->mac_len; i++) mac[i] ^= encrypted_ctr[i]; /* Now we have to generate the MAC... */ generateMac(session->cipher_data, nonce, epp, a_len, data, (gint)(len - session->mac_len), computed_mac, session->mac_len); if (!memcmp(mac, computed_mac, session->mac_len)) return 1; /* Failure */ return 0; } /* Master Protocol Layer Handlers */ /** * This dissector is handed a DPP packet of any version. It is responsible for decoding * the common header fields and then passing off to the specific DPP dissector */ static int dissect_app_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { col_clear(pinfo->cinfo, COL_INFO); /* Compute the APP control information. This is the version and the flags byte. * The flags byte is either present, or is based on the version (and can be defaulted). */ { guint16 app; gint app_len; read_c2(tvb, 0, &app, &app_len); col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "APP(%u)", app); /* call the next dissector */ if (dissector_try_uint_new(app_dissectors, app, tvb, pinfo, tree, TRUE, data)) { col_set_fence(pinfo->cinfo, COL_PROTOCOL); col_set_fence(pinfo->cinfo, COL_INFO); return tvb_reported_length(tvb); } else { proto_tree_add_protocol_format(tree, proto_2008_1_app, tvb, 0, app_len, DOF_APPLICATION_PROTOCOL ", Version: %u", app); } } return 0; } /** * This dissector is handed a DPP packet of any version. It is responsible for decoding * the common header fields and then passing off to the specific DPP dissector */ static int dof_dissect_dpp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { dof_api_data *api_data = (dof_api_data *)data; guint offset = 0; DISSECTOR_ASSERT(api_data != NULL); col_clear(pinfo->cinfo, COL_INFO); /* Compute the DPP control information. This is the version and the flags byte. * The flags byte is either present, or is based on the version (and can be defaulted). */ { guint8 header = tvb_get_guint8(tvb, offset); guint8 dpp_version = header & 0x7F; guint8 dpp_flags_included = header & 0x80; proto_item *hi; proto_tree * dpp_root,*dpp_tree; col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "DPPv%u", dpp_version); hi = proto_tree_add_protocol_format(tree, proto_2008_1_dpp, tvb, offset, 0, DOF_PRESENTATION_PROTOCOL " Version %u, Flags: %s", dpp_version, dpp_flags_included ? "Included" : "Default"); dpp_root = proto_item_add_subtree(hi, ett_2008_1_dpp); dpp_tree = proto_tree_add_subtree(dpp_root, tvb, offset, 1, ett_2008_1_dpp_1_header, NULL, "Header"); /* Version and Flag bit */ proto_tree_add_item(dpp_tree, hf_2008_1_dpp_1_flag, tvb, offset, 1, ENC_NA); proto_tree_add_item(dpp_tree, hf_2008_1_dpp_1_version, tvb, offset, 1, ENC_NA); offset += 1; /* This may, in some cases, be the end of the packet. This is only valid in some * situations, which are checked here. */ if (offset == tvb_reported_length(tvb)) { /* TODO: Complete this logic. */ proto_item_set_len(hi, offset); if (!api_data) return offset; if (api_data->transport_session->is_streaming) { col_append_fstr(pinfo->cinfo, COL_INFO, "DNP/DPP Negotiation"); if (pinfo->fd->visited && api_data->transport_session->negotiation_required && ((api_data->transport_session->negotiation_complete_at == 0) || (api_data->transport_session->negotiation_complete_at_ts.secs - api_data->transport_session->session_start_ts.secs > 10))) { /* This is the second pass, so we can check for timeouts. */ expert_add_info(pinfo, hi, &ei_dof_6_timeout); } return offset; } } /* call the next dissector */ if (dissector_try_uint_new(dof_dpp_dissectors, dpp_version, tvb, pinfo, dpp_root, FALSE, data)) { col_set_fence(pinfo->cinfo, COL_PROTOCOL); col_set_fence(pinfo->cinfo, COL_INFO); return tvb_reported_length(tvb); } } return 0; } /** * This dissector is handed a DNP packet of any version. It is responsible for decoding * the common header fields and then passing off to the specific DNP dissector */ static int dof_dissect_dnp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, dof_api_data *api_data, gint offset) { guint8 header = tvb_get_guint8(tvb, offset); guint8 dnp_version = header & 0x7F; guint8 dnp_flags_included = header & 0x80; proto_item *main_ti; proto_tree * dnp_root,*dnp_tree; col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "DNPv%u", dnp_version); main_ti = proto_tree_add_protocol_format(tree, proto_2008_1_dnp, tvb, offset, 0, DOF_NETWORK_PROTOCOL " Version %u, Flags: %s", dnp_version, dnp_flags_included ? "Included" : "Default"); dnp_root = proto_item_add_subtree(main_ti, ett_2008_1_dnp); dnp_tree = proto_tree_add_subtree(dnp_root, tvb, offset, 1, ett_2008_1_dnp_header, NULL, "Header"); /* Version and Flag bit */ proto_tree_add_item(dnp_tree, hf_2008_1_dnp_1_flag, tvb, offset, 1, ENC_NA); proto_tree_add_item(dnp_tree, hf_2008_1_dnp_1_version, tvb, offset, 1, ENC_NA); /* call the next dissector */ if (dissector_try_uint_new(dnp_dissectors, dnp_version, tvb, pinfo, dnp_root, FALSE, api_data)) { /* Since the transport may have additional packets in this frame, protect our work. */ col_set_fence(pinfo->cinfo, COL_PROTOCOL); col_set_fence(pinfo->cinfo, COL_INFO); } else { proto_item_set_end(main_ti, tvb, 1); /* During negotiation, we can move past DNP even if it is not known. */ if (((header & 0x80) == 0) && api_data->transport_session->negotiation_required && ((pinfo->fd->num < api_data->transport_session->negotiation_complete_at) || (api_data->transport_session->negotiation_complete_at == 0))) { offset += dof_dissect_dpp_common(tvb_new_subset_remaining(tvb, offset + 1), pinfo, tree, api_data); } } if (dnp_flags_included && !api_data->transport_session->negotiation_complete_at) { api_data->transport_session->negotiation_complete_at = pinfo->fd->num; api_data->transport_session->negotiation_complete_at_ts = pinfo->abs_ts; } return offset; } /** * This dissector is called for each DPS packet. It assumes that the first layer is * DNP, but it does not know anything about versioning. Further, it only worries * about decoding DNP (DNP will decode DPP, and so on). * * This routine is given the DPS packet for the first packet, but doesn't know anything * about DPS sessions. It may understand transport sessions, but these are surprisingly * worthless for DPS. */ static int dissect_dof_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { dof_api_data *api_data = (dof_api_data *)data; proto_tree *dof_root; dof_packet_data *packet; DISSECTOR_ASSERT(api_data != NULL); DISSECTOR_ASSERT(api_data->transport_session != NULL); DISSECTOR_ASSERT(api_data->transport_packet != NULL); packet = (dof_packet_data *)api_data->packet; /* Create the packet if it doesn't exist. */ if (packet == NULL) { api_data->packet = packet = create_packet_data(pinfo); DISSECTOR_ASSERT(packet != NULL); /* TODO: This is not correct for reversed sessions. */ packet->is_sent_by_initiator = api_data->transport_packet->is_sent_by_client; } /* Assign the transport sequence if it does not exist. */ if (api_data->transport_session->transport_session_id == 0) api_data->transport_session->transport_session_id = globals.next_transport_session++; /* Compute the DPS information. This is a master holder for general information. */ { proto_item *ti; ti = proto_tree_add_protocol_format(tree, proto_2008_1_dof, tvb, 0, tvb_reported_length(tvb), DOF_PROTOCOL_STACK); dof_root = proto_item_add_subtree(ti, ett_2008_1_dof); /* Add the general packet information. */ { ti = proto_tree_add_uint(dof_root, hf_2008_1_dof_session_transport, tvb, 0, 0, api_data->transport_session->transport_session_id); proto_item_set_generated(ti); ti = proto_tree_add_boolean(dof_root, hf_2008_1_dof_is_2_node, tvb, 0, 0, api_data->transport_session->is_2_node); proto_item_set_generated(ti); ti = proto_tree_add_boolean(dof_root, hf_2008_1_dof_is_streaming, tvb, 0, 0, api_data->transport_session->is_streaming); proto_item_set_generated(ti); if (api_data->session) { ti = proto_tree_add_uint(dof_root, hf_2008_1_dof_session, tvb, 0, 0, api_data->session->session_id); proto_item_set_generated(ti); } if (api_data->secure_session) { ti = proto_tree_add_uint_format(dof_root, hf_2008_1_dof_session, tvb, 0, 0, api_data->secure_session->original_session_id, "DPS Session (Non-secure): %d", api_data->secure_session->original_session_id); proto_item_set_generated(ti); } ti = proto_tree_add_uint(dof_root, hf_2008_1_dof_frame, tvb, 0, 0, packet->dof_frame); proto_item_set_generated(ti); ti = proto_tree_add_boolean(dof_root, hf_2008_1_dof_is_from_client, tvb, 0, 0, api_data->transport_packet->is_sent_by_client); proto_item_set_generated(ti); } } dof_dissect_dnp_common(tvb, pinfo, tree, api_data, 0); packet->processed = TRUE; return tvb_reported_length(tvb); } /** * This dissector is called for each DPS packet. It assumes that the first layer is * ENP, but it does not know anything about versioning. Further, it only worries * about decoding ENP (ENP will decode EPP, and so on). * * This routine is given the DPS packet for the first packet, but doesn't know anything * about DPS sessions. It may understand transport sessions, but these are surprisingly * worthless for DPS. */ static int dissect_tunnel_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { /* The packet data is the private_data, and must exist. */ tcp_dof_packet_ref *ref = (tcp_dof_packet_ref *)data; gint offset = 0; offset = 0; /* Compute the APP control information. This is the version and the length bytes. * The flags byte is either present, or is based on the version (and can be defaulted). */ { guint8 version = tvb_get_guint8(tvb, offset); guint8 opcode; proto_item *ti; proto_tree *app_root; col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "TUNv%u", version); ti = proto_tree_add_protocol_format(tree, proto_2012_1_tunnel, tvb, offset, 0, "DOF Tunnel Protocol, Version: %u", version); app_root = proto_item_add_subtree(ti, ett_2012_1_tunnel); proto_tree_add_item(app_root, hf_2012_1_tunnel_1_version, tvb, offset, 1, ENC_NA); proto_tree_add_item(app_root, hf_2012_1_tunnel_1_length, tvb, offset + 1, 2, ENC_BIG_ENDIAN); opcode = tvb_get_guint8(tvb, offset + 3); if (opcode == 3) { tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset + 5); dissect_dof_common(next_tvb, pinfo, tree, &ref->api_data); } } return tvb_captured_length(tvb); } static int dissect_tun_app_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { col_clear(pinfo->cinfo, COL_INFO); /* Compute the APP control information. This is the version and the flags byte. * The flags byte is either present, or is based on the version (and can be defaulted). */ { guint16 app; gint app_len; app = tvb_get_guint8(tvb, 0); app_len = 1; col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "APP(%u)", app); /* call the next dissector */ if (dissector_try_uint(dof_tun_app_dissectors, app, tvb, pinfo, tree)) { col_set_fence(pinfo->cinfo, COL_PROTOCOL); col_set_fence(pinfo->cinfo, COL_INFO); return tvb_captured_length(tvb); } else { proto_tree_add_protocol_format(tree, proto_2012_1_tunnel, tvb, 0, app_len, DOF_APPLICATION_PROTOCOL ", Version: %u", app); } } return 0; } /* Packet and Session Data Creation */ static udp_session_data* create_udp_session_data(packet_info *pinfo, conversation_t *conversation _U_) { udp_session_data *packet = wmem_new0(wmem_file_scope(), udp_session_data); /* TODO: Determine if this is valid or not. */ /* WMEM_COPY_ADDRESS( wmem_file_scope(), &packet->server.address, &conversation->key_ptr->addr1 ); packet->server.port = conversation->key_ptr->port1; */ copy_address_wmem(wmem_file_scope(), &packet->server.addr, &pinfo->dst); packet->server.port = pinfo->destport; packet->common.transport_id = proto_2008_1_dof_udp; { const guint8 *addr = (const guint8 *)packet->server.addr.data; if ((packet->server.addr.type == AT_IPv4) && (addr != NULL) && (addr[0] != 224)) packet->common.is_2_node = TRUE; else packet->common.is_2_node = FALSE; } packet->common.is_streaming = FALSE; packet->common.session_start_ts = pinfo->abs_ts; packet->common.negotiation_required = FALSE; packet->common.negotiation_complete_at = 0; return packet; } static tcp_session_data* create_tcp_session_data(packet_info *pinfo, conversation_t *conversation) { tcp_session_data *packet = wmem_new0(wmem_file_scope(), tcp_session_data); copy_address_wmem(wmem_file_scope(), &packet->client.addr, conversation_key_addr1(conversation->key_ptr)); packet->client.port = conversation_key_port1(conversation->key_ptr); copy_address_wmem(wmem_file_scope(), &packet->server.addr, conversation_key_addr2(conversation->key_ptr)); packet->server.port = conversation_key_port2(conversation->key_ptr); packet->not_dps = FALSE; packet->common.transport_id = proto_2008_1_dof_tcp; packet->common.is_2_node = TRUE; packet->common.is_streaming = TRUE; packet->common.session_start_ts = pinfo->abs_ts; packet->common.negotiation_required = TRUE; packet->common.negotiation_complete_at = 0; return packet; } static dof_packet_data* create_packet_data(packet_info *pinfo) { /* Create the packet data. */ dof_packet_data *packet = wmem_new0(wmem_file_scope(), dof_packet_data); packet->data_list = wmem_list_new(wmem_file_scope()); packet->frame = pinfo->fd->num; packet->dof_frame = next_dof_frame++; /* Add the packet into the list of packets. */ if (!globals.dof_packet_head) { globals.dof_packet_head = packet; globals.dof_packet_tail = packet; } else { globals.dof_packet_tail->next = packet; globals.dof_packet_tail = packet; } return packet; } /* Dissectors for Transports (UDP/TCP) */ /** * Dissect a UDP packet. The parent protocol is UDP. No assumptions about DPS * data structures are made on input, but before calling common they must * be set up. * This dissector is registered with the UDP protocol on the standard DPS port. * It will be used for anything that involves that port (source or destination). */ static int dissect_dof_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { dof_api_data *api_data = (dof_api_data *)p_get_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_udp, 0); if (api_data == NULL) { conversation_t *conversation; udp_session_data *transport_session; dof_transport_packet *transport_packet; /* gboolean mcast = FALSE; */ /* { guint8* addr = (guint8*) pinfo->dst.data; if ( (pinfo->dst.type == AT_IPv4) && (addr != NULL) && (addr[0] != 224) ) mcast = TRUE; } */ /* Register the source address as being DPS for the sender UDP port. */ conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, conversation_pt_to_conversation_type(pinfo->ptype), pinfo->srcport, pinfo->destport, NO_ADDR_B | NO_PORT_B); if (!conversation) { conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, conversation_pt_to_conversation_type(pinfo->ptype), pinfo->srcport, pinfo->destport, NO_ADDR2 | NO_PORT2); conversation_set_dissector(conversation, dof_udp_handle); } /* Find or create the conversation for this transport session. For UDP, the transport session is determined entirely by the * server port. This assumes that the first packet seen is from a client to the server. */ conversation = find_conversation(pinfo->fd->num, &pinfo->dst, &pinfo->src, CONVERSATION_UDP, pinfo->destport, pinfo->srcport, NO_ADDR_B | NO_PORT_B); if (conversation) { /* TODO: Determine if this is valid or not. */ /*if ( conversation->key_ptr->port1 != pinfo->destport || ! addresses_equal( &conversation->key_ptr->addr1, &pinfo->dst ) ) conversation = NULL; */ } if (!conversation) conversation = conversation_new(pinfo->fd->num, &pinfo->dst, &pinfo->src, CONVERSATION_UDP, pinfo->destport, pinfo->srcport, NO_ADDR2 | NO_PORT2 | CONVERSATION_TEMPLATE); transport_session = (udp_session_data *)conversation_get_proto_data(conversation, proto_2008_1_dof_udp); if (transport_session == NULL) { transport_session = create_udp_session_data(pinfo, conversation); conversation_add_proto_data(conversation, proto_2008_1_dof_udp, transport_session); } /* UDP has no framing or retransmission issues, so the dof_api_data is stored directly on the frame. */ api_data = wmem_new0(wmem_file_scope(), dof_api_data); if (api_data == NULL) return 0; transport_packet = wmem_new0(wmem_file_scope(), dof_transport_packet); if (transport_packet == NULL) return 0; transport_packet->is_sent_by_client = TRUE; if (addresses_equal(&transport_session->server.addr, &pinfo->src) && (transport_session->server.port == pinfo->srcport)) transport_packet->is_sent_by_client = FALSE; transport_packet->sender_id = assign_addr_port_id(&pinfo->src, pinfo->srcport); transport_packet->receiver_id = assign_addr_port_id(&pinfo->dst, pinfo->destport); api_data->transport_session = &transport_session->common; api_data->transport_packet = transport_packet; p_add_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_udp, 0, api_data); } return dissect_dof_common(tvb, pinfo, tree, api_data); } /** * Determine if the current offset has already been processed. * This is specific to the TCP dissector. */ static gboolean is_retransmission(packet_info *pinfo, tcp_session_data *session, tcp_packet_data *packet, struct tcpinfo *tcpinfo) { /* TODO: Determine why we get big numbers sometimes... */ /* if ( tcpinfo->seq != 0 && tcpinfo->seq < 1000000) */ { tcp_ignore_data *id; guint32 sequence = tcpinfo->seq; if (addresses_equal(&pinfo->src, &session->client.addr) && (pinfo->srcport == session->client.port)) { id = packet->from_client_ignore_list; } else { id = packet->from_server_ignore_list; } while (id != NULL && id->sequence != sequence) { id = id->next; } if (id == NULL) return FALSE; return id->ignore; } return FALSE; } /** * We have found and processed packets starting at offset, so * don't allow the same (or previous) packets. * This only applies to TCP dissector conversations. */ static void remember_offset(packet_info *pinfo, tcp_session_data *session, tcp_packet_data *packet, struct tcpinfo *tcpinfo) { gboolean ignore = FALSE; /* TODO: Determine why we get big numbers sometimes... */ /* if ( tcpinfo->seq != 0 && tcpinfo->seq < 1000000) */ { tcp_ignore_data **last; tcp_ignore_data *id; guint32 sequence; guint32 *seqptr = NULL; if (addresses_equal(&pinfo->src, &session->client.addr) && (pinfo->srcport == session->client.port)) { last = &(packet->from_client_ignore_list); id = packet->from_client_ignore_list; sequence = tcpinfo->seq; seqptr = &session->from_client_seq; if (LE_SEQ(tcpinfo->seq, session->from_client_seq)) ignore = TRUE; } else { last = &(packet->from_server_ignore_list); id = packet->from_server_ignore_list; sequence = tcpinfo->seq; seqptr = &session->from_server_seq; if (LE_SEQ(tcpinfo->seq, session->from_server_seq)) ignore = TRUE; } while (id != NULL && id->sequence != tcpinfo->seq) { last = &(id->next); id = id->next; } *seqptr = sequence; if (id == NULL) { *last = wmem_new0(wmem_file_scope(), tcp_ignore_data); id = *last; id->ignore = ignore; id->sequence = tcpinfo->seq; } } } /** * This dissector is registered with TCP using the standard port. It uses registered * protocols to determine framing, and those dissectors will call into the base * DPS dissector for each packet. */ static int dissect_dof_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { conversation_t *conversation; tcp_session_data *session; tcp_packet_data *packet; struct tcpinfo *tcpinfo = (struct tcpinfo *)data; guint8 header; /* Get the TCP conversation. TCP creates a new conversation for each TCP connection,12 * so we can "mirror" that by attaching our own data to that conversation. If our * data cannot be found, then it is a new connection (to us). */ conversation = find_conversation_pinfo(pinfo, 0); { /* This should be impossible - the TCP dissector requires this conversation. * Bail... */ DISSECTOR_ASSERT(conversation != NULL); } /* This requires explanation. TCP will call this dissector, and we know * that the first byte (offset 0 of this tvb) is the first byte of an * DPS packet. The TCP dissector ensures this. * * We do *not* know that this is the only packet, and * so the dissector that we call below must handle framing. All of * this state must be stored, and so we store it in a transport * data structure. DPS packet data is created later and associated * differently. * * Further, this routine MAY be called MULTIPLE times for the SAME * frame with DIFFERENT sequence numbers. This makes handling * retransmissions very difficult - we must track each call to this * routine with its associated offset and ignore flag. However, due * to the way that Wireshark handles asking for more data we cannot * mark an offset as "duplicate" until after it has been processed. */ /* TCP packet data is only associated with TCP frames that hold DPS packets. */ session = (tcp_session_data *)conversation_get_proto_data(conversation, proto_2008_1_dof_tcp); if (session == NULL) { session = create_tcp_session_data(pinfo, conversation); conversation_add_proto_data(conversation, proto_2008_1_dof_tcp, session); } if (session->not_dps) return 0; packet = (tcp_packet_data *)p_get_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_tcp, 0); if (packet == NULL) { packet = wmem_new0(wmem_file_scope(), tcp_packet_data); p_add_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_tcp, 0, packet); } if (is_retransmission(pinfo, session, packet, tcpinfo)) return 0; /* Loop, checking all the packets in this frame and communicating with the TCP * desegmenter. The framing dissector entry is used to determine the size * of the current frame. */ { /* Note that we must handle fragmentation on TCP... */ gint offset = 0; while (offset < (gint)tvb_reported_length(tvb)) { gint available = tvb_ensure_captured_length_remaining(tvb, offset); int packet_length; header = tvb_get_guint8(tvb, offset); /* If we are negotiating, then we do not need the framing dissector * as we know the packet length is two. Note that for the first byte * of a TCP session there are only two cases, both handled here. An error * of not understanding the first byte will trigger that this is not * a DPS session. */ if (((header & 0x80) == 0) && session->common.negotiation_required && ((pinfo->fd->num < session->common.negotiation_complete_at) || (session->common.negotiation_complete_at == 0))) { packet_length = 2; if (header > DNP_MAX_VERSION) { session->not_dps = TRUE; return 0; } } else { packet_length = dof_dissect_dnp_length(tvb, pinfo, header & 0x7F, &offset); if (packet_length < 0) { session->not_dps = TRUE; return offset; } } if (packet_length == 0) { pinfo->desegment_offset = offset; pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT; return offset + available; } if (available < packet_length) { pinfo->desegment_offset = offset; pinfo->desegment_len = packet_length - available; return offset + available; } remember_offset(pinfo, session, packet, tcpinfo); if (is_retransmission(pinfo, session, packet, tcpinfo)) return 0; /* We have a packet. We have to store the dof_packet_data in a list, as there may be * multiple DPS packets in a single Wireshark frame. */ { tvbuff_t *next_tvb = tvb_new_subset_length(tvb, offset, packet_length); tcp_dof_packet_ref *ref; gint raw_offset = tvb_raw_offset(tvb) + offset; gboolean ref_is_new = FALSE; /* Get the packet data. This is a list in increasing sequence order. */ if (packet->dof_packets == NULL) { ref_is_new = TRUE; ref = wmem_new0(wmem_file_scope(), tcp_dof_packet_ref); ref->transport_packet.sender_id = assign_addr_port_id(&pinfo->src, pinfo->srcport); ref->transport_packet.receiver_id = assign_addr_port_id(&pinfo->dst, pinfo->destport); packet->dof_packets = ref; ref->start_offset = raw_offset; } else ref = packet->dof_packets; /* Find the entry for our offset. */ while (ref->start_offset != raw_offset) { if (ref->next) { ref = ref->next; continue; } { tcp_dof_packet_ref *last = ref; /* This is the default state, NULL and 0. */ ref_is_new = TRUE; ref = wmem_new0(wmem_file_scope(), tcp_dof_packet_ref); ref->transport_packet.sender_id = last->transport_packet.sender_id; ref->transport_packet.receiver_id = last->transport_packet.receiver_id; ref->start_offset = raw_offset; last->next = ref; } } if (ref_is_new) { dof_transport_packet *tp = &(ref->transport_packet); tp->is_sent_by_client = FALSE; if (addresses_equal(&session->client.addr, &pinfo->src) && (session->client.port == pinfo->srcport)) tp->is_sent_by_client = TRUE; ref->api_data.transport_session = (dof_transport_session *)&(session->common); ref->api_data.transport_packet = tp; } dissect_dof_common(next_tvb, pinfo, tree, &ref->api_data); } offset += packet_length; } return offset; } } #if 0 /* TODO not used yet */ /** * This dissector is registered with the UDP protocol on the standard DPS port. * It will be used for anything that involves that port (source or destination). */ #if 0 static int dissect_tunnel_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { conversation_t *conversation; dof_packet_data *packet; /* Initialize the default transport session structure. */ if (!udp_transport_session) udp_transport_session = se_alloc0(sizeof(*udp_transport_session)); conversation = find_or_create_conversation(pinfo); /* Add the packet data. */ packet = p_get_proto_data(wmem_file_scope(), proto_2012_1_tunnel, 0); if (!packet) { packet = wmem_alloc0(wmem_file_scope(), sizeof(dof_packet_data)); packet->frame = pinfo->fd->num; packet->next = NULL; packet->start_offset = 0; packet->session_counter = &session_counter; packet->transport_session = udp_transport_session; p_add_proto_data(wmem_file_scope(), proto_2012_1_tunnel, 0, packet); } pinfo->private_data = packet; return dissect_tunnel_common(tvb, pinfo, tree); #else static int dissect_tunnel_udp(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { #endif return 0; } #endif /** * This dissector is registered with TCP using the standard port. It uses registered * protocols to determine framing, and those dissectors will call into the base * DPS dissector for each packet. */ static int dissect_tunnel_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { conversation_t *conversation; tcp_session_data *session; tcp_packet_data *packet; struct tcpinfo *tcpinfo = (struct tcpinfo *)data; /* Get the TCP conversation. TCP creates a new conversation for each TCP connection, * so we can "mirror" that by attaching our own data to that conversation. If our * data cannot be found, then it is a new connection (to us). */ conversation = find_conversation_pinfo(pinfo, 0); { /* This should be impossible - the TCP dissector requires this conversation. * Bail... */ DISSECTOR_ASSERT(conversation != NULL); } /* This requires explanation. TCP will call this dissector, and we know * that the first byte (offset 0 of this tvb) is the first byte of an * DPS packet. The TCP dissector ensures this. * * We do *not* know that this is the only packet, and * so the dissector that we call below must handle framing. All of * this state must be stored, and so we store it in a transport * data structure. DPS packet data is created later and associated * differently. * * Further, this routine MAY be called MULTIPLE times for the SAME * frame with DIFFERENT sequence numbers. This makes handling * retransmissions very difficult - we must track each call to this * routine with its associated offset and ignore flag. However, due * to the way that Wireshark handles asking for more data we cannot * mark an offset as "duplicate" until after it has been processed. */ /* TCP packet data is only associated with TCP frames that hold DPS packets. */ session = (tcp_session_data *)conversation_get_proto_data(conversation, proto_2012_1_tunnel); if (session == NULL) { session = create_tcp_session_data(pinfo, conversation); conversation_add_proto_data(conversation, proto_2012_1_tunnel, session); } packet = (tcp_packet_data *)p_get_proto_data(wmem_file_scope(), pinfo, proto_2012_1_tunnel, 0); if (packet == NULL) { packet = wmem_new0(wmem_file_scope(), tcp_packet_data); p_add_proto_data(wmem_file_scope(), pinfo, proto_2012_1_tunnel, 0, packet); } if (is_retransmission(pinfo, session, packet, tcpinfo)) return 0; /* Loop, checking all the packets in this TCP frame. */ { /* Note that we must handle fragmentation on TCP... */ gint offset = 0; while (offset < (gint)tvb_reported_length(tvb)) { gint available = tvb_reported_length_remaining(tvb, offset); int packet_length; int header_length; int i; if (available < 3) { pinfo->desegment_offset = offset; pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT; return offset + available; } packet_length = 0; header_length = 3; for (i = 0; i < 2; i++) packet_length = packet_length * 256 + tvb_get_guint8(tvb, offset + 1 + i); packet_length += header_length; if (available < packet_length) { pinfo->desegment_offset = offset; pinfo->desegment_len = packet_length - available; return offset + available; } /* We have a packet. We have to store the dof_packet_data in a list, as there may be * multiple DPS packets in a single Wireshark frame. */ { tvbuff_t *next_tvb = tvb_new_subset_length(tvb, offset, packet_length); tcp_dof_packet_ref *ref; gint raw_offset = tvb_raw_offset(tvb) + offset; gboolean ref_is_new = FALSE; /* Get the packet data. This is a list in increasing sequence order. */ if (packet->dof_packets == NULL) { ref_is_new = TRUE; ref = wmem_new0(wmem_file_scope(), tcp_dof_packet_ref); ref->transport_packet.sender_id = assign_addr_port_id(&pinfo->src, pinfo->srcport); ref->transport_packet.receiver_id = assign_addr_port_id(&pinfo->dst, pinfo->destport); packet->dof_packets = ref; ref->start_offset = raw_offset; } else ref = packet->dof_packets; /* Find the entry for our offset. */ while (ref->start_offset != raw_offset) { if (ref->next) { ref = ref->next; continue; } { tcp_dof_packet_ref *last = ref; /* This is the default state, NULL and 0. */ ref_is_new = TRUE; ref = wmem_new0(wmem_file_scope(), tcp_dof_packet_ref); ref->transport_packet.sender_id = last->transport_packet.sender_id; ref->transport_packet.receiver_id = last->transport_packet.receiver_id; ref->start_offset = raw_offset; last->next = ref; } } if (ref_is_new) { dof_transport_packet *tp = &(ref->transport_packet); tp->is_sent_by_client = FALSE; if (addresses_equal(&session->client.addr, &pinfo->src) && (session->client.port == pinfo->srcport)) tp->is_sent_by_client = TRUE; ref->api_data.transport_session = (dof_transport_session *)&(session->common); ref->api_data.transport_packet = tp; } /* Manage the private data, restoring the existing value. Call the common dissector. */ { dissect_tunnel_common(next_tvb, pinfo, tree, ref); } } offset += packet_length; } return tvb_captured_length(tvb); } } /* Dissectors */ static int dissect_dnp_0(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { guint offset = 0; guint8 dnp_flags_included = 0; offset = 0; col_clear(pinfo->cinfo, COL_INFO); /* Compute the DNP control information. This is the version and the flags byte. * The flags byte is either present, or is based on the version (and can be defaulted). */ { guint8 header = tvb_get_guint8(tvb, offset); dnp_flags_included = (header & 0x80) != 0; offset += 1; { col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNPv0 "); if (dnp_flags_included) { /* TODO: Protocol violation. */ } if (tvb_reported_length(tvb) == offset) col_set_str(pinfo->cinfo, COL_INFO, "Query"); else { guint8 first = tvb_get_guint8(tvb, offset); if (first == 0) { /* Query with padding. */ col_set_str(pinfo->cinfo, COL_INFO, "Query"); proto_tree_add_item(tree, hf_2008_1_dnp_0_1_1_padding, tvb, offset, -1, ENC_NA); } else { /* Response. */ col_set_str(pinfo->cinfo, COL_INFO, "Query Response"); while (first) { proto_tree_add_item(tree, hf_2008_1_dnp_0_1_1_version, tvb, offset, 1, ENC_NA); offset += 1; if (offset == tvb_reported_length(tvb)) break; first = tvb_get_guint8(tvb, offset); } if (offset < tvb_reported_length(tvb)) proto_tree_add_item(tree, hf_2008_1_dnp_0_1_1_padding, tvb, offset, -1, ENC_NA); } } } } col_set_fence(pinfo->cinfo, COL_PROTOCOL); col_set_fence(pinfo->cinfo, COL_INFO); return tvb_reported_length(tvb); } /** * Determine the length of the packet in tvb, starting at an offset that is passed as a * pointer in private_data. * Return 0 if the length cannot be determined because there is not enough data in * the buffer, otherwise return the length of the packet. */ static int determine_packet_length_1(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void *data) { /* Note that we must handle fragmentation on TCP... */ gint offset = *((gint *)data); { gint available = tvb_ensure_captured_length_remaining(tvb, offset); guint8 header, flags; guint8 size; guint8 i; gint data_len, header_len; if (available < 2) return 0; header = tvb_get_guint8(tvb, offset); data_len = 0; if ((header & 0x80) == 0) { /* The length is fixed in this case... */ data_len = 0; header_len = 2; size = 0; } else { flags = tvb_get_guint8(tvb, offset + 1); size = flags & 0x03; header_len = 2 + size; } if (available < header_len) return 0; for (i = 0; i < size; i++) data_len = data_len * 256 + tvb_get_guint8(tvb, offset + 2 + i); return header_len + data_len; } } static int dissect_dnp_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { gint offset = 0; dof_api_data *api_data = (dof_api_data *)data; dof_packet_data *packet; gint8 dnp_version = -1; guint8 dnp_flags_included = 0; guint8 dnp_length_length = 0; guint32 dnp_flags = 0; guint length = 0; guint encapsulated_length = 0; int i; proto_tree *dnp_tree = tree; if (!api_data) { /* TODO: Print error */ return 0; } if (!api_data->packet) { /* TODO: Print error */ return 0; } packet = api_data->packet; offset = 0; col_clear(pinfo->cinfo, COL_INFO); /* Compute the DNP control information. This is the version and the flags byte. * The flags byte is either present, or is based on the version (and can be defaulted). */ { guint8 header = tvb_get_guint8(tvb, offset); guint32 dnp_src_port = 0; guint32 dnp_dst_port = 0; dnp_version = header & 0x7F; dnp_flags_included = (header & 0x80) != 0; offset += 1; { col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNPv1 "); if (dnp_flags_included) { /* Including flags always terminates negotiation. */ /* packet->negotiated = TRUE; */ dnp_flags = tvb_get_guint8(tvb, offset); if ((dnp_flags & 0xF0) != 0) expert_add_info(pinfo, NULL, &ei_dof_10_flags_zero); proto_tree_add_bitmask(dnp_tree, tvb, offset, hf_2009_9_dnp_1_flags, ett_2009_9_dnp_1_flags, bitmask_2009_9_dnp_1_flags, ENC_BIG_ENDIAN); offset += 1; } else dnp_flags = DNP_V1_DEFAULT_FLAGS; /* Determine the size of the length field. */ dnp_length_length = dnp_flags & 0x03; if (dnp_length_length) proto_tree_add_item(dnp_tree, hf_2009_9_dnp_1_length, tvb, offset, dnp_length_length, ENC_BIG_ENDIAN); /* Read the length. */ length = 0; for (i = 0; i < dnp_length_length; i++) length = (length << 8) | tvb_get_guint8(tvb, offset + i); /* Validate the length. */ #if 0 if ( (length == 0) && packet->negotiated && session && ! session->connectionless ) { expert_add_info( pinfo, NULL, &ei_dof_13_length_specified ); } #endif offset += dnp_length_length; /* If there isn't a length specified then use the packet size. */ if (dnp_length_length == 0) length = tvb_reported_length(tvb) - offset; encapsulated_length = length; /* Read the srcport */ if (dnp_flags & 0x04) { gint s_offset = offset; proto_item *item; gint dnp_src_port_len; offset = read_c3(tvb, offset, &dnp_src_port, &dnp_src_port_len); item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_srcport, tvb, s_offset, offset - s_offset, dnp_src_port, "Source Address: %u", dnp_src_port); validate_c3(pinfo, item, dnp_src_port, dnp_src_port_len); encapsulated_length -= (offset - s_offset); } else { proto_item *item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_srcport, tvb, 0, 0, 0, "Source Address: %u", 0); proto_item_set_generated(item); } /* Read the dstport */ if (dnp_flags & 0x08) { gint s_offset = offset; gint dnp_dst_port_len; proto_item *item; offset = read_c3(tvb, offset, &dnp_dst_port, &dnp_dst_port_len); item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_dstport, tvb, s_offset, offset - s_offset, dnp_dst_port, "Destination Address: %u", dnp_dst_port); validate_c3(pinfo, item, dnp_dst_port, dnp_dst_port_len); encapsulated_length -= (offset - s_offset); } else { proto_item *item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_dstport, tvb, 0, 0, 0, "Destination Address: %u", 0); proto_item_set_generated(item); } } proto_item_set_end(tree, tvb, offset); /* Given the transport session and the DPS port information, determine the DPS session. */ if (api_data->session == NULL) { guint32 client; guint32 server; if (api_data->transport_packet->is_sent_by_client) { client = dnp_src_port; server = dnp_dst_port; } else { client = dnp_dst_port; server = dnp_src_port; } api_data->session = dof_ns_session_retrieve(api_data->transport_session->transport_session_id, client, server); if (api_data->session == NULL) { dof_session_data *sdata = wmem_new0(wmem_file_scope(), dof_session_data); dof_ns_session_define(api_data->transport_session->transport_session_id, client, server, sdata); sdata->session_id = globals.next_session++; sdata->dof_id = dnp_version; api_data->session = sdata; } } packet->sender_id = dnp_src_port; packet->receiver_id = dnp_dst_port; /* Assuming there is more, it must be DPP. */ /* We have a packet. */ { tvbuff_t *next_tvb = tvb_new_subset_length_caplen(tvb, offset, encapsulated_length, tvb_reported_length(tvb) - offset); offset += dof_dissect_dpp_common(next_tvb, pinfo, proto_item_get_parent(tree), data); } } col_set_fence(pinfo->cinfo, COL_PROTOCOL); col_set_fence(pinfo->cinfo, COL_INFO); return offset; } static int dissect_dpp_0(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { guint offset = 0; guint8 dpp_flags_included = 0; offset = 0; col_clear(pinfo->cinfo, COL_INFO); /* Compute the DPP control information. This is the version and the flags byte. * The flags byte is either present, or is based on the version (and can be defaulted). */ { guint8 header = tvb_get_guint8(tvb, offset); dpp_flags_included = (header & 0x80) != 0; offset += 1; { col_set_str(pinfo->cinfo, COL_PROTOCOL, "DPPv0 "); if (dpp_flags_included) { /* TODO: Protocol violation. */ } if (tvb_reported_length(tvb) == offset) col_set_str(pinfo->cinfo, COL_INFO, "Query"); else { guint8 first = tvb_get_guint8(tvb, offset); /* Response. */ col_set_str(pinfo->cinfo, COL_INFO, "Query Response"); while (first) { proto_tree_add_item(tree, hf_2008_1_dpp_0_1_1_version, tvb, offset, 1, ENC_NA); offset += 1; if (offset == tvb_reported_length(tvb)) break; first = tvb_get_guint8(tvb, offset); } } } } col_set_fence(pinfo->cinfo, COL_PROTOCOL); col_set_fence(pinfo->cinfo, COL_INFO); return tvb_reported_length(tvb); } static int dissect_dpp_v2_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { dof_api_data *api_data = (dof_api_data *)data; dof_packet_data *packet_data; gint offset = 0; guint8 opcode; guint16 app; gint app_len; proto_item *ti; proto_tree *dpps_tree; proto_tree *opid_tree; if (api_data == NULL) { /* TODO: Output error. */ return 0; } packet_data = api_data->packet; if (packet_data == NULL) { /* TODO: Output error. */ return 0; } /* Make entries in Protocol column and Info column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "DPPs "); /* Create the protocol tree. */ offset = 0; ti = proto_tree_add_item(tree, proto_2009_12_dpp_common, tvb, offset, -1, ENC_NA); dpps_tree = proto_item_add_subtree(ti, ett_2009_12_dpp_common); /* Add the APPID. */ offset = read_c2(tvb, offset, &app, &app_len); ti = proto_tree_add_uint(dpps_tree, hf_2008_1_app_version, tvb, 0, app_len, app); validate_c2(pinfo, ti, app, app_len); /* Retrieve the opcode. */ opcode = tvb_get_guint8(tvb, offset); if (!packet_data->is_command) opcode |= OP_2009_12_RESPONSE_FLAG; col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, strings_2009_12_dpp_common_opcodes, "Unknown Opcode (%d)")); /* Opcode */ proto_tree_add_uint_format(dpps_tree, hf_2009_12_dpp_2_14_opcode, tvb, offset, 1, opcode & 0x3F, "Opcode: %s (%u)", val_to_str(opcode, strings_2009_12_dpp_common_opcodes, "Unknown Opcode (%d)"), opcode & 0x3F); offset += 1; switch (opcode) { case OP_2009_12_SOURCE_LOST_CMD: case OP_2009_12_SOURCE_FOUND_CMD: case OP_2009_12_RENAME_CMD: packet_data->has_referenced_opid = TRUE; /* FALL THROUGH */ case OP_2009_12_CANCEL_ALL_CMD: case OP_2009_12_NODE_DOWN_CMD: case OP_2009_12_QUERY_RSP: /* SID */ { proto_tree *oid_tree; gint opid_len; tvbuff_t *next_tvb; if (packet_data->has_referenced_opid) { opid_tree = proto_tree_add_subtree(dpps_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Operation Identifier"); } else { opid_tree = dpps_tree; } oid_tree = proto_tree_add_subtree(opid_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Source Identifier"); next_tvb = tvb_new_subset_length(tvb, offset, tvb_reported_length(tvb) - offset); opid_len = call_dissector_only(dof_oid_handle, next_tvb, pinfo, oid_tree, NULL); learn_sender_sid(api_data, opid_len, tvb_get_ptr(next_tvb, 0, opid_len)); if (packet_data->has_referenced_opid) learn_operation_sid(&packet_data->ref_op, opid_len, tvb_get_ptr(next_tvb, 0, opid_len)); offset += opid_len; } if (packet_data->has_referenced_opid) { guint32 opcnt; gint opcnt_len; proto_item *pi; read_c4(tvb, offset, &opcnt, &opcnt_len); pi = proto_tree_add_uint_format(opid_tree, hf_2009_12_dpp_2_1_opcnt, tvb, offset, opcnt_len, opcnt, "Operation Count: %u", opcnt); validate_c4(pinfo, pi, opcnt, opcnt_len); offset += opcnt_len; packet_data->ref_op.op_cnt = opcnt; } break; } return offset; } static int dissect_dpp_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { dof_api_data *api_data = (dof_api_data *)data; dof_packet_data *packet_data; proto_item *ti = NULL; proto_item *tf = NULL; proto_item *opid = NULL; gint opid_start = -1; guint8 dpp_flags_included = 0; guint32 dpp_flags = 0; guint8 dpp_opid_keytype = 0; proto_tree *dpp_flags_tree; proto_tree *opid_tree = NULL; gint offset = 0; proto_tree *dpp_tree = tree; if (api_data == NULL) { /* TODO: Output error. */ return 0; } packet_data = api_data->packet; if (packet_data == NULL) { /* TODO: Output error. */ return 0; } /* We should have everything required for determining the SID ID. */ assign_sid_id(api_data); offset = 0; col_clear(pinfo->cinfo, COL_INFO); /* Compute the DPP control information. This is the version and the flags byte. * The flags byte is either present, or is based on the version (and can be defaulted). */ { guint8 header = tvb_get_guint8(tvb, offset); dpp_flags_included = (header & 0x80) != 0; offset += 1; { col_set_str(pinfo->cinfo, COL_PROTOCOL, "DPPv2 "); ti = proto_tree_add_uint_format(tree, hf_2008_1_dpp_sid_num, tvb, 0, 0, packet_data->sender_sid_id, "SID ID: %d", packet_data->sender_sid_id); proto_item_set_generated(ti); if (packet_data->sender_sid) { const gchar *SID = dof_oid_create_standard_string(packet_data->sender_sid[0], packet_data->sender_sid + 1); ti = proto_tree_add_bytes_format_value(tree, hf_2008_1_dpp_sid_str, tvb, 0, 0, packet_data->sender_sid, "%s", SID); proto_item_set_generated(ti); } ti = proto_tree_add_uint_format(tree, hf_2008_1_dpp_rid_num, tvb, 0, 0, packet_data->receiver_sid_id, "RID ID: %d", packet_data->receiver_sid_id); proto_item_set_generated(ti); if (packet_data->receiver_sid) { const gchar *SID = dof_oid_create_standard_string(packet_data->receiver_sid[0], packet_data->receiver_sid + 1); ti = proto_tree_add_bytes_format_value(tree, hf_2008_1_dpp_rid_str, tvb, 0, 0, packet_data->receiver_sid, "%s", SID); proto_item_set_generated(ti); } if (dpp_flags_included) { dpp_flags = tvb_get_guint8(tvb, offset); if (((dpp_flags & 0x10) != 0) && ((dpp_flags & 0x0F) != 0)) expert_add_info(pinfo, NULL, &ei_dpp2_dof_10_flags_zero); if (((dpp_flags & 0x10) == 0) && ((dpp_flags & 0x09) != 0)) expert_add_info(pinfo, NULL, &ei_dpp2_dof_10_flags_zero); tf = proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_flags, tvb, offset, 1, dpp_flags, "Flags: 0x%02x", dpp_flags); dpp_flags_tree = proto_item_add_subtree(tf, ett_2009_12_dpp_2_1_flags); if (dpp_flags == DPP_V2_DEFAULT_FLAGS) expert_add_info(pinfo, dpp_flags_tree, &ei_dpp_default_flags); proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_security, tvb, offset, 1, ENC_NA); proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_opid, tvb, offset, 1, ENC_NA); proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_cmdrsp, tvb, offset, 1, ENC_NA); if ((dpp_flags & 0x10) == 0) { proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_seq, tvb, offset, 1, ENC_NA); proto_tree_add_item(dpp_flags_tree, hf_2009_12_dpp_2_1_flag_retry, tvb, offset, 1, ENC_NA); } offset += 1; } else dpp_flags = DPP_V2_DEFAULT_FLAGS; packet_data->is_command = (dpp_flags & 0x10) == 0; /* We are allowed to be complete here if still negotiating. */ /*if ( ! packet->negotiated && (offset == tvb_reported_length(tvb)) ) { col_set_str( pinfo->cinfo, COL_INFO, "DPS Negotiation" ); return 1; }*/ dpp_opid_keytype = (dpp_flags & 0x60) >> 5; switch (dpp_opid_keytype) { case 0: /* No OPID */ packet_data->has_opid = FALSE; break; case 1: /* Implied sender. */ packet_data->has_opid = TRUE; packet_data->op.op_sid_id = packet_data->sender_sid_id; packet_data->op.op_sid = packet_data->sender_sid; break; case 2: /* Implied receiver. */ packet_data->has_opid = TRUE; packet_data->op.op_sid_id = packet_data->receiver_sid_id; packet_data->op.op_sid = packet_data->receiver_sid; break; case 3: /* Explicit. */ packet_data->has_opid = TRUE; break; } if (dpp_opid_keytype != 0) { opid_start = offset; opid_tree = proto_tree_add_subtree(dpp_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Operation Identifier"); } switch (dpp_opid_keytype) { case 0: /* We have no opid. */ break; case 3: /* Explicit. */ { proto_tree *oid_tree; tvbuff_t *next_tvb; gint opid_len; oid_tree = proto_tree_add_subtree(opid_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Source Identifier"); next_tvb = tvb_new_subset_length(tvb, offset, tvb_reported_length(tvb) - offset); opid_len = call_dissector_only(dof_oid_handle, next_tvb, pinfo, oid_tree, NULL); proto_item_set_len(oid_tree, opid_len); learn_operation_sid(&packet_data->op, opid_len, tvb_get_ptr(next_tvb, 0, opid_len)); /* Warn if Explicit SID could be optimized. */ if (packet_data->op.op_sid_id == packet_data->sender_sid_id) expert_add_info(pinfo, ti, &ei_dpp_explicit_sender_sid_included); if (packet_data->op.op_sid_id == packet_data->receiver_sid_id) expert_add_info(pinfo, ti, &ei_dpp_explicit_receiver_sid_included); offset += opid_len; } /* FALL THROUGH */ case 1: /* Implied sender. */ case 2: /* Implied receiver. */ { guint32 opcnt; gint opcnt_len; proto_item *pi; /* Display the SID if known. */ if ((dpp_opid_keytype != 3) && packet_data->op.op_sid) { proto_tree *oid_tree; tvbuff_t *next_tvb = tvb_new_child_real_data(tvb, packet_data->op.op_sid + 1, packet_data->op.op_sid[0], packet_data->op.op_sid[0]); oid_tree = proto_tree_add_subtree(opid_tree, tvb, 0, 0, ett_2009_12_dpp_2_opid, NULL, "Source Identifier"); call_dissector_only(dof_oid_handle, next_tvb, pinfo, oid_tree, NULL); proto_item_set_generated(ti); } read_c4(tvb, offset, &opcnt, &opcnt_len); pi = proto_tree_add_uint_format(opid_tree, hf_2009_12_dpp_2_1_opcnt, tvb, offset, opcnt_len, opcnt, "Operation Count: %u", opcnt); validate_c4(pinfo, pi, opcnt, opcnt_len); offset += opcnt_len; proto_item_set_len(opid, offset - opid_start); packet_data->op.op_cnt = opcnt; /* At this point we have a packet with an operation identifier. We need to * update the master list of operation identifiers, and do any checking that * we can in order to validate things. */ if (packet_data->has_opid && !packet_data->opid_first) { dof_packet_data *first = (dof_packet_data *)g_hash_table_lookup(dpp_opid_to_packet_data, (gconstpointer) & packet_data->op); if (first == NULL) { /* First reference to this operation. */ g_hash_table_insert(dpp_opid_to_packet_data, (gpointer) & packet_data->op, (gpointer)packet_data); packet_data->opid_first = packet_data; packet_data->opid_last = packet_data; /* The first opid must be a command. */ } else { /* Operation exists, time to patch things in. */ packet_data->opid_first = first; first->opid_last->opid_next = packet_data; first->opid_last = packet_data; if (!packet_data->is_command) { if (!first->opid_first_response) { first->opid_first_response = packet_data; first->opid_last_response = packet_data; } else { first->opid_last_response->opid_next_response = packet_data; first->opid_last_response = packet_data; } } } } /* Add all the reference information to the tree. */ if (globals.track_operations && tree) { proto_tree *ophistory_tree = proto_tree_add_subtree(tree, tvb, 0, 0, ett_2009_12_dpp_2_opid_history, NULL, "Operation History"); dof_packet_data *ptr = packet_data->opid_first; if (ptr) proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_first_command, tvb, 0, 0, ptr->frame, "First Operation: %u", ptr->frame); if (ptr->opid_last && ptr->opid_last != ptr) proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_last_command, tvb, 0, 0, ptr->opid_last->frame, "Last Operation: %u", ptr->opid_last->frame); if (ptr->opid_first_response) proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_first_response, tvb, 0, 0, ptr->opid_first_response->frame, "First Response: %u", ptr->opid_first_response->frame); if (ptr->opid_last_response && ptr->opid_last_response != ptr->opid_first_response) proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_last_response, tvb, 0, 0, ptr->opid_last_response->frame, "Last Response: %u", ptr->opid_last_response->frame); /* Determine the window start, then output the number of packets. Output the number of skipped packets before * and after. */ { dof_packet_data *start = packet_data->opid_first; guint diff = 0; while (ptr) { if (ptr == packet_data) break; ptr = ptr->opid_next; diff += 1; if (diff > globals.track_operations_window) { start = start->opid_next; diff -= 1; } } ptr = start; diff = 0; while (ptr) { const char *THIS = ""; if (ptr == packet_data) { THIS = "this "; diff = globals.track_operations_window + 1; } /* (DPS Frame) [ws WS Frame]: (SID)->(RID): (THIS) (SUMMARY) */ proto_tree_add_uint_format(ophistory_tree, hf_2008_1_dpp_related_frame, tvb, 0, 0, ptr->frame, "%u[ws %u]: %u->%u: %s%s", ptr->dof_frame, ptr->frame, ptr->sender_sid_id, ptr->receiver_sid_id, THIS, ptr->summary ? ptr->summary : ""); ptr = ptr->opid_next; if (diff && !--diff) break; } } } } break; } proto_item_set_len(opid_tree, offset - opid_start); { if ((dpp_flags & 0x10) == 0) { guint8 dpp_seq = 0; guint8 dpp_retry = 0; guint16 dpp_delay = 0; /* Extract SEQ */ if (dpp_flags & 0x04) { dpp_seq = tvb_get_guint8(tvb, offset); proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_seq, tvb, offset, 1, dpp_seq, "Sequence: %u", dpp_seq); offset += 1; } /* Extract Retry */ if (dpp_flags & 0x02) { dpp_retry = tvb_get_guint8(tvb, offset); proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_retry, tvb, offset, 1, dpp_retry, "Retry: %u", dpp_retry); offset += 1; } /* Extract Delay */ { dpp_delay = tvb_get_guint8(tvb, offset); if (dpp_delay > 128) dpp_delay = 128 + ((dpp_delay - 128) * 32); proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_delay, tvb, offset, 1, dpp_delay, "Delay: %u seconds", dpp_delay); offset += 1; } packet_data->summary = wmem_strdup_printf(wmem_file_scope(), "command seq %u, retry %u, delay %u", dpp_seq, dpp_retry, dpp_delay); } else packet_data->summary = "response"; } /* Extract session information. */ if (dpp_flags & 0x80) { guint32 sec_offset = offset; guint8 sh_flags; guint32 ssid; proto_tree *security_tree; proto_tree *sec_flags_tree; proto_item *item; security_tree = proto_tree_add_subtree(dpp_tree, tvb, offset, -1, ett_2009_12_dpp_2_3_security, NULL, "Security Header"); sh_flags = tvb_get_guint8(tvb, offset); item = proto_tree_add_uint_format(security_tree, hf_2009_12_dpp_2_3_sec_flags, tvb, offset, 1, sh_flags, "Flags: 0x%02x", sh_flags); sec_flags_tree = proto_item_add_subtree(item, ett_2009_12_dpp_2_3_sec_flags); proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_secure, tvb, offset, 1, ENC_NA); proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_rdid, tvb, offset, 1, ENC_NA); proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_partition, tvb, offset, 1, ENC_NA); proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_as, tvb, offset, 1, ENC_NA); proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_ssid, tvb, offset, 1, ENC_NA); offset += 1; ssid = 0; if (sh_flags & DPP_V2_SEC_FLAG_S) { gint s_offset = offset; gint ssid_len; proto_item *pi; offset = read_c4(tvb, offset, &ssid, &ssid_len); pi = proto_tree_add_uint_format(security_tree, hf_2009_12_dpp_2_3_sec_ssid, tvb, s_offset, offset - s_offset, ssid, "Security State Identifier: %u (0x%x)", ssid, ssid); validate_c4(pinfo, pi, ssid, ssid_len); } /* At this point we know the transport information, DNP port information, and the * SSID. This means that we can isolate the session that this communication belongs * to. Note that all uses of an SSID are scoped by the transport. */ if (sh_flags & DPP_V2_SEC_FLAG_A) ssid |= AS_ASSIGNED_SSID; if (api_data->session && !api_data->secure_session) { dof_secure_session_data *search = api_data->session->secure_sessions; while (search) { if (ssid == search->ssid) break; search = search->next; } if (search) { api_data->session = search->parent; api_data->secure_session = search; } } if (sh_flags & DPP_V2_SEC_FLAG_D) { gint s_offset = offset; guint32 rdid; gint rdid_len; proto_item *pi; offset = read_c4(tvb, offset, &rdid, &rdid_len); pi = proto_tree_add_uint_format(security_tree, hf_2009_12_dpp_2_3_sec_rdid, tvb, s_offset, offset - s_offset, rdid, "Remote Domain Identifier: %u (0x%x)", rdid, rdid); validate_c4(pinfo, pi, rdid, rdid_len); offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, security_tree, offset, hf_2009_12_dpp_2_3_sec_remote_partition, ett_2009_12_dpp_2_3_sec_remote_partition, NULL); } if (sh_flags & DPP_V2_SEC_FLAG_P) { offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, security_tree, offset, hf_2009_12_dpp_2_3_sec_partition, ett_2009_12_dpp_2_3_sec_partition, NULL); } if (sh_flags & DPP_V2_SEC_FLAG_E) { /* If we get here without success, then we can only bail. */ if (packet_data->security_session_error) { col_set_str(pinfo->cinfo, COL_INFO, packet_data->security_session_error); proto_item_set_end(tree, tvb, offset); expert_add_info(pinfo, security_tree, &ei_dpp_no_security_context); { tvbuff_t *data_tvb = tvb_new_subset_remaining(tvb, offset); call_data_dissector(data_tvb, pinfo, tree); } proto_item_set_len(security_tree, offset - sec_offset); return offset; } if (!api_data->secure_session) { packet_data->security_session_error = "[Encrypted - No Session Available]"; proto_item_set_len(security_tree, offset - sec_offset); return offset; } /* Security has not failed, and we have a security session. */ { dissector_table_t sec_header = find_dissector_table("dof.secmode"); /* TODO: CCM is hardcoded. We should try all of the sessions, which could mean multiple security modes. */ dissector_handle_t dp = dissector_get_uint_handle(sec_header, 0x6001); /* packet_data->security_session->security_mode); */ if (dp) { dof_secmode_api_data sdata; sdata.context = HEADER; sdata.security_mode_offset = offset; sdata.dof_api = api_data; sdata.secure_session = api_data->secure_session; sdata.session_key_data = NULL; offset += call_dissector_only(dp, tvb, pinfo, security_tree, &sdata); if (!packet_data->decrypted_buffer) { proto_item_set_end(tree, tvb, offset); proto_item_set_len(security_tree, offset - sec_offset); return offset; } } } } proto_item_set_len(security_tree, offset - sec_offset); } /* The end of the packet must be called in the original tvb or chaos ensues... */ proto_item_set_end(tree, tvb, offset); } if (packet_data->decrypted_tvb) { tvb = packet_data->decrypted_tvb; offset = packet_data->decrypted_offset; } /* Assuming there is more, it must be DPP. */ /* We have a packet. We must handle the special case of this being *our* application * protocol (0x7FFF). If it is, then *we* are the dissector... */ { guint16 app; tvbuff_t *next_tvb = tvb_new_subset_length(tvb, offset, tvb_reported_length(tvb) - offset); read_c2(tvb, offset, &app, NULL); if (app == 0x7FFF) { offset += dissect_dpp_v2_common(next_tvb, pinfo, proto_item_get_parent(tree), data); } else { offset += dissect_app_common(next_tvb, pinfo, proto_item_get_parent(tree), data); } } } col_set_fence(pinfo->cinfo, COL_PROTOCOL); col_set_fence(pinfo->cinfo, COL_INFO); return offset; } static int dissect_options(tvbuff_t *tvb, gint offset, packet_info *pinfo, proto_tree *tree, void *data _U_) { while (offset < (gint)tvb_captured_length(tvb)) { proto_tree *subtree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_2008_1_dsp_12_option, NULL, "Option"); tvbuff_t *next_tvb = tvb_new_subset_remaining(tvb, offset); gint len = dissect_2008_1_dsp_1(next_tvb, pinfo, subtree); proto_item_set_len(proto_tree_get_parent(subtree), len); offset += len; } return offset; } static int dissect_dsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { dof_api_data *api_data = (dof_api_data *)data; dof_packet_data *packet_data; guint offset = 0; guint8 opcode; guint16 app; gint app_len; proto_item *ti; proto_tree *dsp_tree; proto_tree *options_tree; if (api_data == NULL) { /* TODO: Output error. */ return 0; } packet_data = api_data->packet; if (packet_data == NULL) { /* TODO: Output error. */ return 0; } /* Make entries in Protocol column and Info column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "DSPv2 "); /* Create the protocol tree. */ offset = 0; ti = proto_tree_add_item(tree, proto_2008_1_dsp, tvb, offset, -1, ENC_NA); dsp_tree = proto_item_add_subtree(ti, ett_2008_1_dsp_12); /* Add the APPID. */ offset = read_c2(tvb, offset, &app, &app_len); ti = proto_tree_add_uint(dsp_tree, hf_2008_1_app_version, tvb, 0, app_len, app); validate_c2(pinfo, ti, app, app_len); #if 0 if (!packet->is_streaming) { col_set_str(pinfo->cinfo, COL_PROTOCOL, "DSPv2 "); if (tvb_captured_length(tvb) == offset) col_set_str(pinfo->cinfo, COL_INFO, "Query"); else { col_set_str(pinfo->cinfo, COL_INFO, "Query Response"); while (offset < tvb_captured_length(tvb)) { guint16 app; gint start = offset; offset = read_c2(tvb, offset, &app, NULL); proto_tree_add_uint(dsp_tree, hf_2008_1_app_version, tvb, start, offset - start, app); } } return offset; } #endif if (offset == tvb_captured_length(tvb)) { col_append_str(pinfo->cinfo, COL_INFO, "DSP [nop]"); expert_add_info(pinfo, dsp_tree, &ei_implicit_no_op); return offset; } /* Determine the ESP opcode. */ opcode = tvb_get_guint8(tvb, offset); if (!packet_data->is_command) opcode |= OP_2008_1_RSP; proto_tree_add_uint_format(dsp_tree, hf_2008_1_dsp_12_opcode, tvb, offset, 1, opcode, "Opcode: %s (%u)", val_to_str(opcode, strings_2008_1_dsp_opcodes, "Unknown Opcode (%d)"), opcode & 0x7F); offset += 1; col_append_sep_str(pinfo->cinfo, COL_INFO, "/", val_to_str(opcode, strings_2008_1_dsp_opcodes, "Unknown Opcode (%d)")); switch (opcode) { case OP_2008_1_OPEN_CMD: /* 2008.1 DSP.14.1 */ break; case OP_2008_1_OPEN_RSP: /* 2008.1 DSP.14.2 */ case OP_2008_1_OPEN_SECURE_RSP: /* 2008.1 DSP.14.3 */ { while (offset < tvb_captured_length(tvb)) { guint16 ap; gint length; proto_item *pi; gint start = offset; offset = read_c2(tvb, offset, &ap, &length); pi = proto_tree_add_uint(dsp_tree, hf_2008_1_app_version, tvb, start, offset - start, ap); validate_c2(pinfo, pi, ap, length); } } break; case OP_2008_1_QUERY_CMD: break; case OP_2008_1_QUERY_RSP: break; case OP_2008_1_CONFIG_ACK: break; case OP_2008_1_CONFIG_REQ: /* This will start a session if not existing... */ /* FALL THROUGH */ case OP_2008_1_CONFIG_NAK: { gint length = tvb_captured_length(tvb) - offset; options_tree = proto_tree_add_subtree_format(dsp_tree, tvb, offset, length, ett_2008_1_dsp_12_options, NULL, "DSP Options: (%d byte%s)", length, plurality(length, "", "s")); offset = dissect_options(tvb, offset, pinfo, options_tree, NULL); } break; case OP_2008_1_CONFIG_REJ: /* TODO: Handle reject. */ break; case OP_2008_1_TERMINATE_CMD: case OP_2008_1_TERMINATE_RSP: /* Nothing */ break; } return offset; } static int dissect_ccm_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_) { /* We are handed a buffer that starts with an option and our protocol id. Any options follow that. */ gint offset = 0; proto_item *parent = proto_tree_get_parent(tree); guint8 len, strength_count, i; proto_item *ti; proto_tree *ccm_tree; /* Append description to the parent. */ proto_item_append_text(parent, " (CCM)"); /* Compute the version and flags, masking off other bits. */ offset += 3; /* Skip the type and protocol. */ len = tvb_get_guint8(tvb, offset++); ti = proto_tree_add_item(tree, hf_ccm_dsp_option, tvb, offset, len, ENC_NA); ccm_tree = proto_item_add_subtree(ti, ett_ccm_dsp_option); strength_count = tvb_get_guint8(tvb, offset); proto_tree_add_item(ccm_tree, hf_ccm_dsp_strength_count, tvb, offset++, 1, ENC_NA); for (i = 0; i < strength_count; i++) proto_tree_add_item(ccm_tree, hf_ccm_dsp_strength, tvb, offset++, 1, ENC_NA); proto_tree_add_item(ccm_tree, hf_ccm_dsp_e_flag, tvb, offset, 1, ENC_NA); proto_tree_add_item(ccm_tree, hf_ccm_dsp_m_flag, tvb, offset, 1, ENC_NA); proto_tree_add_item(ccm_tree, hf_ccm_dsp_tmax, tvb, offset, 1, ENC_NA); proto_tree_add_item(ccm_tree, hf_ccm_dsp_tmin, tvb, offset, 1, ENC_NA); offset += 1; return offset; } /** * This is the main entry point for the CCM dissector. It is always called from an DPS * dissector, and is always passed the dof_secmode_data structure. */ static int dissect_ccm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { dof_secmode_api_data *secmode_api_data; dof_session_key_exchange_data *key_data; secmode_api_data = (dof_secmode_api_data *)data; if (secmode_api_data == NULL) { return 0; } key_data = secmode_api_data->session_key_data; /* Based on the context of the request, handle the work. */ switch (secmode_api_data->context) { case INITIALIZE: /* Parse off the initialization fields, and if necessary create the security mode state * that is being initialized. This is passed the DPS data, DPS session data, and Key Exchange Data. */ { ccm_session_data *ccm_data = (ccm_session_data *)key_data->security_mode_key_data; gint offset = 0; guint8 header; guint16 length; if (!ccm_data) { /* We need to parse the initialization data. */ ccm_data = wmem_new0(wmem_file_scope(), ccm_session_data); if (!ccm_data) return 0; wmem_register_callback(wmem_file_scope(), dof_sessions_destroy_cb, ccm_data); key_data->security_mode_key_data = ccm_data; if (!key_data->security_mode_data || key_data->security_mode_data_length < 3) return 0; /* TODO: Not sure that these are all right. */ ccm_data->protocol_id = DOF_PROTOCOL_CCM; ccm_data->cipher = key_data->security_mode_data[1]; ccm_data->encrypted = key_data->security_mode_data[key_data->security_mode_data_length - 1] & 0x80; ccm_data->mac_len = (key_data->security_mode_data[key_data->security_mode_data_length - 1] & 0x07) * 2 + 2; ccm_data->client_datagram_number = 0; ccm_data->server_datagram_number = 0; switch (ccm_data->protocol_id) { case DOF_PROTOCOL_CCM: if (gcry_cipher_open(&ccm_data->cipher_data, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) { return 0; } break; default: return 0; } } if (secmode_api_data->dof_api->transport_session->is_2_node) { switch (ccm_data->protocol_id) { case DOF_PROTOCOL_CCM: if (gcry_cipher_setkey(ccm_data->cipher_data, key_data->session_key, 32)) { gcry_cipher_close(ccm_data->cipher_data); ccm_data->cipher_data = NULL; return 0; } break; default: return 0; } /* This mode has a fixed size, so we can return here without parsing further. */ return 2; } offset = read_c2(tvb, offset, &length, NULL); /* TODO validate C2 */ header = tvb_get_guint8(tvb, offset); offset += 1; /* Determine the period, and store the key. */ { guint8 period = (header & 0x70) >> 4; if (ccm_data->cipher_data_table == NULL) { gcry_cipher_hd_t ekey; if (gcry_cipher_open(&ekey, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) { return 0; } ccm_data->cipher_data_table = g_hash_table_new_full(g_direct_hash, g_direct_equal, NULL, dof_cipher_data_destroy); ccm_data->period = 1; ccm_data->periods[period] = ccm_data->period; switch (ccm_data->protocol_id) { case DOF_PROTOCOL_CCM: if (gcry_cipher_setkey(ekey, key_data->session_key, 32)) { gcry_cipher_close(ekey); return 0; } break; default: gcry_cipher_close(ekey); return 0; } g_hash_table_insert(ccm_data->cipher_data_table, GUINT_TO_POINTER(ccm_data->period), ekey); } else { guint32 lookup = ccm_data->periods[period]; if (!lookup) { gcry_cipher_hd_t ekey; if (gcry_cipher_open(&ekey, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) { return 0; } switch (ccm_data->protocol_id) { case DOF_PROTOCOL_CCM: if (gcry_cipher_setkey(ekey, key_data->session_key, 32)) { gcry_cipher_close(ekey); return 0; } break; default: gcry_cipher_close(ekey); return 0; } ccm_data->period += 1; ccm_data->periods[period] = ccm_data->period; g_hash_table_insert(ccm_data->cipher_data_table, GUINT_TO_POINTER(ccm_data->period), ekey); } else { guint8 *in_table = (guint8 *)g_hash_table_lookup(ccm_data->cipher_data_table, GUINT_TO_POINTER(lookup)); if (memcmp(key_data->session_key, in_table, 32) != 0) { gcry_cipher_hd_t ekey; if (gcry_cipher_open(&ekey, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) { return 0; } switch (ccm_data->protocol_id) { case DOF_PROTOCOL_CCM: if (gcry_cipher_setkey(ekey, key_data->session_key, 32)) { gcry_cipher_close(ekey); return 0; } break; default: gcry_cipher_close(ekey); return 0; } ccm_data->period += 1; ccm_data->periods[period] = ccm_data->period; g_hash_table_insert(ccm_data->cipher_data_table, GUINT_TO_POINTER(ccm_data->period), ekey); } } } } return offset + length - 1; } case HEADER: { ccm_session_data *session; dof_transport_session *transport_session = (dof_transport_session *)secmode_api_data->dof_api->transport_session; dof_secure_session_data *secure_session = secmode_api_data->secure_session; dof_session_key_exchange_data *security_data = NULL; dof_packet_data *dof_packet = secmode_api_data->dof_api->packet; guint8 ccm_flags; guint32 nid; guint16 slot = 0; guint32 pn = 0; gboolean pn_present = FALSE; guint32 tnid; guint32 nnid; proto_tree *ccm_flags_tree; proto_tree *header_tree; proto_item * item,*header; ccm_packet_data *pdata; gint offset = 0; if (!dof_packet->security_session) { if (transport_session->is_streaming) { /* Find the first security data that is applicable - they are in order of packet sequence. */ security_data = secure_session->session_security_data; while (security_data) { if (dof_packet->is_sent_by_initiator && (dof_packet->dof_frame > security_data->i_valid)) break; if (!dof_packet->is_sent_by_initiator && (dof_packet->dof_frame > security_data->r_valid)) break; security_data = security_data->next; } if (security_data) dof_packet->security_session = security_data; else { dof_packet->security_session_error = "[Encrypted - No Session Available]"; return offset; } } else { dof_packet->security_session = secure_session->session_security_data; security_data = dof_packet->security_session; } } else { security_data = dof_packet->security_session; } if (!security_data || !security_data->session_key || !security_data->security_mode_key_data) { dof_packet->security_session_error = "[Encrypted - No Session Available]"; return offset; } session = (ccm_session_data *)security_data->security_mode_key_data; offset = secmode_api_data->security_mode_offset; /* Add a master header for this protocol. */ header = proto_tree_add_protocol_format(tree, proto_ccm, tvb, offset, 0, "CCM Security Mode, Version: 1"); header_tree = proto_item_add_subtree(header, ett_header); tree = header_tree; ccm_flags = tvb_get_guint8(tvb, offset); item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_flags, tvb, offset, 1, ccm_flags, "Flags: 0x%02x", ccm_flags); ccm_flags_tree = proto_item_add_subtree(item, ett_epp_v1_ccm_flags); proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_manager, tvb, offset, 1, ENC_NA); proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_period, tvb, offset, 1, ENC_NA); proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_target, tvb, offset, 1, ENC_NA); proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_next_nid, tvb, offset, 1, ENC_NA); proto_tree_add_item(ccm_flags_tree, hf_epp_v1_ccm_flags_packet, tvb, offset, 1, ENC_NA); offset += 1; if (ccm_flags & 0x01) pn_present = TRUE; pdata = (ccm_packet_data *)dof_packet->security_packet; if (!pdata) { pdata = wmem_new0(wmem_file_scope(), ccm_packet_data); if (pdata) { dof_packet->security_packet = pdata; if (transport_session->is_2_node) { if (dof_packet->is_sent_by_initiator) { pdata->nid = 0; if (pn_present == FALSE) pdata->dn = ++session->client_datagram_number; else pdata->dn = pn; } else { pdata->nid = 1; if (pn_present == 0) pdata->dn = ++session->server_datagram_number; else pdata->dn = pn; } } else { guint8 packet_period = (ccm_flags & 0x70) >> 4; pdata->period = session->periods[packet_period]; } } } if (!pdata) return offset - secmode_api_data->security_mode_offset; if (!secure_session->is_2_node) { gint nid_len; proto_item *pi; read_c4(tvb, offset, &nid, &nid_len); /* TODO: Do this right, as offset from BNID. */ nid /= 2; pdata->nid = nid; pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_nid, tvb, offset, nid_len, nid, "Node ID: %u", nid); validate_c4(pinfo, pi, nid, nid_len); offset += nid_len; } else { item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_nid, tvb, 0, 0, pdata->nid, "Node ID: %u", pdata->nid); proto_item_set_generated(item); } if (!secure_session->is_2_node) { gint slot_len; proto_item *pi; read_c2(tvb, offset, &slot, &slot_len); pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_slot, tvb, offset, slot_len, slot, "Slot: %hu", slot); validate_c2(pinfo, pi, slot, slot_len); offset += slot_len; } else { item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_slot, tvb, 0, 0, 0, "Slot: %u", 0); proto_item_set_generated(item); } if (ccm_flags & 0x01) { gint pn_len; proto_item *pi; read_c4(tvb, offset, &pn, &pn_len); pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_pn, tvb, offset, pn_len, pn, "Packet Number: %u", pn); validate_c4(pinfo, pi, pn, pn_len); pdata->dn = pn; offset += pn_len; } else { item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_pn, tvb, 0, 0, pdata->dn, "Packet Number: %u", pdata->dn); proto_item_set_generated(item); } if (ccm_flags & 0x08) { gint tnid_len; proto_item *pi; read_c4(tvb, offset, &tnid, &tnid_len); pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_tnid, tvb, offset, tnid_len, tnid, "Target Node ID: %u", tnid); validate_c4(pinfo, pi, tnid, tnid_len); offset += tnid_len; } if (ccm_flags & 0x02) { gint nnid_len; proto_item *pi; read_c4(tvb, offset, &nnid, &nnid_len); pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_nnid, tvb, offset, nnid_len, nnid, "Next Node ID: %u", nnid); validate_c4(pinfo, pi, nnid, nnid_len); offset += nnid_len; } proto_item_set_len(header, offset - secmode_api_data->security_mode_offset); if (dof_packet->decrypted_buffer_error) { col_set_str(pinfo->cinfo, COL_INFO, dof_packet->decrypted_buffer_error); expert_add_info(pinfo, tree, &ei_decode_failure); return offset - secmode_api_data->security_mode_offset; } /* We have reached the encryption boundary. At this point the rest of the packet * is encrypted, and we may or may not be able to decrypt it. * * If we can decrypt it (which for now means that it uses a Session Key of [0] * the we switch to decoding the decrypted PDU. Otherwise we create an entry * for the encrypted bytes and move on... */ { gint e_len = tvb_captured_length(tvb) - offset; const guint8 *epp_buf = tvb_get_ptr(tvb, 0, -1); guint a_len = offset; guint8 *buf = (guint8 *)tvb_memdup(pinfo->pool, tvb, offset, e_len); tvbuff_t *app; /* The default nonce is a function of whether or not this is the server * or the client and the packet count. The packet count either comes from * the PDU or is a function of the previous value (of the sending node). */ guint8 nonce[11]; nonce[0] = (pdata->nid) >> 24; nonce[1] = (pdata->nid) >> 16; nonce[2] = (pdata->nid) >> 8; nonce[3] = (guint8)(pdata->nid); nonce[4] = slot >> 8; nonce[5] = (guint8)slot; nonce[7] = (pdata->dn) >> 24; nonce[8] = (pdata->dn) >> 16; nonce[9] = (pdata->dn) >> 8; nonce[10] = (guint8)(pdata->dn); /* Now the hard part. We need to determine the current packet number. * This is a function of the sending node, the previous state and the * current PDU. */ app = NULL; proto_item_set_end(tree, tvb, offset); if (!session->encrypted) { /* There is still a MAC involved, and even though we don't need a new * buffer we need to adjust the length of the existing buffer. */ app = tvb_new_subset_length(tvb, offset, e_len - session->mac_len); dof_packet->decrypted_tvb = app; dof_packet->decrypted_offset = 0; } else { if (dof_packet->decrypted_buffer) { /* No need to decrypt, but still need to create buffer. */ app = tvb_new_real_data((const guint8 *)dof_packet->decrypted_buffer, e_len - session->mac_len, e_len - session->mac_len); tvb_set_child_real_data_tvbuff(tvb, app); add_new_data_source(pinfo, app, "Decrypted DOF"); dof_packet->decrypted_tvb = app; dof_packet->decrypted_offset = 0; } else { if (decrypt(session, pdata, nonce, epp_buf, a_len, buf, e_len)) { /* store decrypted buffer in file scope for reuse in next pass */ guint8 *cache = (guint8 *)wmem_alloc0(wmem_file_scope(), e_len - session->mac_len); memcpy(cache, buf, e_len - session->mac_len); app = tvb_new_real_data(cache, e_len - session->mac_len, e_len - session->mac_len); tvb_set_child_real_data_tvbuff(tvb, app); add_new_data_source(pinfo, app, "Decrypted DOF"); dof_packet->decrypted_buffer = cache; dof_packet->decrypted_offset = 0; dof_packet->decrypted_tvb = app; } else { /* Failure to decrypt or validate the MAC. * The packet is secure, so there is nothing we can do! */ dof_packet->decrypted_buffer_error = "[Encrypted packet - decryption failure]"; } } } } return offset - secmode_api_data->security_mode_offset; } break; case TRAILER: /* TODO check this case */ break; } return 0; } static int dissect_ccm_app(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) { gint offset = 0; guint8 opcode = 0; guint16 app; gint app_len; proto_item *ti; proto_tree *ccm_tree; /* Make entries in Protocol column and Info column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "CCM "); /* Create the protocol tree. */ offset = 0; ti = proto_tree_add_item(tree, proto_ccm_app, tvb, offset, -1, ENC_NA); ccm_tree = proto_item_add_subtree(ti, ett_ccm); /* Add the APPID. */ offset = read_c2(tvb, offset, &app, &app_len); ti = proto_tree_add_uint(ccm_tree, hf_2008_1_app_version, tvb, 0, app_len, app); validate_c2(pinfo, ti, app, app_len); /* Retrieve the opcode. */ opcode = tvb_get_guint8(tvb, offset); col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, ccm_opcode_strings, "Unknown Opcode (%d)")); if (tree) { /* Opcode */ proto_tree_add_item(ccm_tree, hf_ccm_opcode, tvb, offset, 1, ENC_NA); #if 0 /* this needs completion */ offset += 1; switch (opcode) { case CCM_PDU_PROBE: { } break; } #endif } return 1; } #if 0 /* TODO not used yet */ static int dissect_ccm_validate(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data) { dof_api_data *api_data = (dof_api_data *)data; dof_packet_data *packet; ccm_session_data *session; gint offset; guint8 ccm_flags; guint32 nid; guint16 slot; guint32 pn; guint32 tnid; if (api_data == NULL) { fprintf(stderr, "api_data is NULL."); return 0; } packet = api_data->packet; if (packet == NULL) { fprintf(stderr, "api_data->packet is NULL."); return 0; } if (!packet->security_session) { fprintf(stderr, "packet->security_session is NULL"); return 0; } if (packet->security_session->security_mode != DOF_PROTOCOL_CCM) { fprintf(stderr, "packet->security_session->security_mode != DOF_PROTOCOL_CCM"); return 0; } session = (ccm_session_data *)packet->security_session->security_mode_key_data; /* The buffer we have been passed includes the entire EPP frame. The packet * structure gives us the offset to our header. */ offset = 0; ccm_flags = tvb_get_guint8(tvb, offset); offset += 1; /* TODO validate the C2 and C4 fields below? */ if (ccm_flags & 0x04) offset = read_c4(tvb, offset, &nid, NULL); if (ccm_flags & 0x02) offset = read_c2(tvb, offset, &slot, NULL); if (ccm_flags & 0x01) offset = read_c4(tvb, offset, &pn, NULL); if (ccm_flags & 0x08) offset = read_c4(tvb, offset, &tnid, NULL); /* We have reached the encryption boundary. At this point the rest of the packet * is encrypted, and we may or may not be able to decrypt it. * * If we can decrypt it (which for now means that it uses a Session Key of [0] * the we switch to decoding the decrypted PDU. Otherwise we create an entry * for the encrypted bytes and move on... */ { gint e_len = tvb_captured_length(tvb) - offset; const guint8 *epp_buf = tvb_get_ptr(tvb, 0, -1); guint a_len = offset - 0; guint16 e_off; guint8 *buf = (guint8 *)g_malloc(e_len); /* The default nonce is a function of whether or not this is the server * or the client and the packet count. The packet count either comes from * the PDU or is a function of the previous value (of the sending node). */ guint8 nonce[] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; nonce[0] = nid >> 24; nonce[1] = nid >> 16; nonce[2] = nid >> 8; nonce[3] = (guint8)nid; nonce[4] = slot >> 8; nonce[5] = (guint8)slot; nonce[7] = pn >> 24; nonce[8] = pn >> 16; nonce[9] = pn >> 8; nonce[10] = (guint8)pn; /* Now the hard part. We need to determine the current packet number. * This is a function of the sending node, the previous state and the * current PDU. */ for (e_off = 0; e_off < e_len; e_off++) buf[e_off] = tvb_get_guint8(tvb, offset + e_off); /* TODO: This is hardcoded for a 4-byte MAC */ proto_item_set_end(tree, tvb, offset); if (decrypt(session, (ccm_packet_data *)packet->security_packet, nonce, epp_buf, a_len, buf, e_len)) { g_free(buf); return 1; } else { /* Failure to decrypt or validate the MAC. * The packet is secure, so there is nothing we can do! */ g_free(buf); return 1; } } } #endif static int dissect_oap_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_) { /* We are handed a buffer that starts with our protocol id. Any options follow that. */ gint offset = 0; /* We don't care except for the treeview. */ if (!tree) return 0; /* Compute the version and flags, masking off other bits. */ offset += 4; /* Skip the type and protocol. */ proto_tree_add_item(tree, hf_oap_1_dsp_option, tvb, 0, -1, ENC_NA); return offset; } static int dissect_oap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { dof_api_data *api_data = (dof_api_data *)data; dof_packet_data *packet_data; gint offset = 0; guint8 opcode = 0; guint8 flags = 0; guint16 item_id = 0; guint16 app; guint app_len; oap_1_packet_data *oap_packet = NULL; proto_item *ti; proto_tree *oap_tree; if (api_data == NULL) { return 0; } packet_data = api_data->packet; if (packet_data == NULL) { return 0; } /* Make entries in Protocol column and Info column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "OAPv1 "); /* Create the protocol tree. */ offset = 0; ti = proto_tree_add_item(tree, proto_oap_1, tvb, offset, -1, ENC_NA); oap_tree = proto_item_add_subtree(ti, ett_oap_1); /* Add the APPID. */ offset = read_c2(tvb, offset, &app, &app_len); ti = proto_tree_add_uint(oap_tree, hf_2008_1_app_version, tvb, 0, app_len, app); validate_c2(pinfo, ti, app, app_len); if (app_len == tvb_captured_length(tvb)) { col_append_str(pinfo->cinfo, COL_INFO, "OAP [nop]"); expert_add_info(pinfo, oap_tree, &ei_implicit_no_op); return app_len; } oap_packet = (oap_1_packet_data *)dof_packet_get_proto_data(packet_data, proto_oap_1); if (!oap_packet) { oap_packet = wmem_new0(wmem_file_scope(), oap_1_packet_data); dof_packet_add_proto_data(packet_data, proto_oap_1, oap_packet); } /* Compute the version and flags, masking off other bits. */ opcode = tvb_get_guint8(tvb, offset) & 0x1F; if (!packet_data->is_command) opcode |= OAP_1_RESPONSE; flags = tvb_get_guint8(tvb, offset) & 0xE0; col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, oap_opcode_strings, "Unknown Opcode (%d)")); /* Opcode */ { guint8 mask = 0x10; char str[20]; guint8 no_of_bits = 5; guint8 i; guint8 bit = 3; (void) g_strlcpy(str, "...", 20); /* read the bits for the int */ for (i = 0; i < no_of_bits; i++) { if (bit && (!(bit % 4))) (void) g_strlcat(str, " ", 20); bit++; if (opcode & mask) (void) g_strlcat(str, "1", 20); else (void) g_strlcat(str, "0", 20); mask = mask >> 1; } proto_tree_add_uint_format(oap_tree, hf_oap_1_opcode, tvb, offset, 1, opcode & 0x1F, "%s = Opcode: %s (%u)", str, val_to_str(opcode, oap_opcode_strings, "Unknown Opcode (%d)"), opcode & 0x1F); } /* Flags, based on opcode. * Each opcode needs to define the flags, however, the fall into major categories... */ switch (opcode) { /* Both alias and a flag that equals command control. */ case OAP_1_CMD_ACTIVATE: case OAP_1_CMD_CONNECT: case OAP_1_CMD_FULL_CONNECT: case OAP_1_CMD_GET: case OAP_1_CMD_INVOKE: case OAP_1_CMD_REGISTER: case OAP_1_CMD_SET: case OAP_1_CMD_SUBSCRIBE: case OAP_1_CMD_WATCH: proto_tree_add_item(oap_tree, hf_oap_1_alias_size, tvb, offset, 1, ENC_NA); proto_tree_add_item(oap_tree, hf_oap_1_flags, tvb, offset, 1, ENC_NA); if (flags & 0x20) { offset += 1; offset = oap_1_tree_add_cmdcontrol(pinfo, oap_tree, tvb, offset); } else offset += 1; break; /* No alias, but flags for command control. */ case OAP_1_CMD_ADVERTISE: /* TODO: Expert info on top two bits.*/ proto_tree_add_item(oap_tree, hf_oap_1_flags, tvb, offset, 1, ENC_NA); if (flags & 0x20) { offset = oap_1_tree_add_cmdcontrol(pinfo, oap_tree, tvb, ENC_BIG_ENDIAN); } else offset += 1; break; /* No alias, but flag for provider. */ case OAP_1_RSP_GET: case OAP_1_RSP_INVOKE: case OAP_1_RSP_REGISTER: case OAP_1_RSP_SET: case OAP_1_RSP_SUBSCRIBE: /* TODO: Expert info on top two bits.*/ proto_tree_add_item(oap_tree, hf_oap_1_flags, tvb, offset, 1, ENC_NA); if (flags & 0x20) { offset += 1; offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, oap_tree, offset, hf_oap_1_providerid, ett_oap_1_1_providerid, NULL); } else offset += 1; if ((opcode == OAP_1_RSP_GET) || (opcode == OAP_1_RSP_INVOKE)) { proto_tree_add_item(oap_tree, hf_oap_1_value_list, tvb, offset, -1, ENC_NA); offset += tvb_reported_length_remaining(tvb, offset); } break; /* Alias, but no flags. */ case OAP_1_CMD_CHANGE: case OAP_1_CMD_OPEN: case OAP_1_CMD_PROVIDE: case OAP_1_CMD_SIGNAL: proto_tree_add_item(oap_tree, hf_oap_1_alias_size, tvb, offset, 1, ENC_NA); offset += 1; break; /* Special flags. */ case OAP_1_RSP_EXCEPTION: proto_tree_add_item(oap_tree, hf_oap_1_exception_internal_flag, tvb, offset, 1, ENC_NA); proto_tree_add_item(oap_tree, hf_oap_1_exception_final_flag, tvb, offset, 1, ENC_NA); proto_tree_add_item(oap_tree, hf_oap_1_exception_provider_flag, tvb, offset, 1, ENC_NA); offset += 1; break; /* No flags. */ case OAP_1_CMD_DEFINE: case OAP_1_RSP_DEFINE: case OAP_1_RSP_OPEN: /* TODO: Non-zero not allowed.*/ offset += 1; break; default: /* TODO: Illegal opcode.*/ return offset; } /* Parse off arguments based on opcodes. */ switch (opcode) { case OAP_1_CMD_SUBSCRIBE: { guint8 alias_len = (flags & 0xC0) >> 6; if (alias_len == 3) alias_len = 4; /* The item identifier comes first, but it is compressed. */ { gint item_id_len; proto_item *pi; read_c2(tvb, offset, &item_id, &item_id_len); pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id); validate_c2(pinfo, pi, item_id, item_id_len); offset += item_id_len; } if (alias_len > 0) { if (api_data->session == NULL) { expert_add_info(pinfo, ti, &ei_oap_no_session); return offset; } offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_len, TRUE); } else offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset); /* Read the miniumum delta. */ { gint delta_len; guint16 delta; proto_item *pi; read_c2(tvb, offset, &delta, &delta_len); pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_subscription_delta, tvb, offset, delta_len, delta, "Minimum Delta: %u", delta); validate_c2(pinfo, pi, delta, delta_len); offset += delta_len; } } break; case OAP_1_CMD_REGISTER: { guint8 alias_len = (flags & 0xC0) >> 6; if (alias_len == 3) alias_len = 4; /* The item identifier comes first, but it is compressed. */ { gint item_id_len; proto_item *pi; read_c2(tvb, offset, &item_id, &item_id_len); pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id); validate_c2(pinfo, pi, item_id, item_id_len); offset += item_id_len; } if (alias_len > 0) { if (api_data->session == NULL) { expert_add_info(pinfo, ti, &ei_oap_no_session); return offset; } offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_len, TRUE); } else offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset); } break; case OAP_1_RSP_REGISTER: { if (flags & 0x20) { /* offset = add_oid( tvb, offset, NULL, oap_tree ); */ } /* Sequence is next. */ proto_tree_add_item(oap_tree, hf_oap_1_update_sequence, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; } break; case OAP_1_CMD_WATCH: case OAP_1_CMD_ACTIVATE: case OAP_1_CMD_CONNECT: case OAP_1_CMD_FULL_CONNECT: { guint8 alias_len = (flags & 0xC0) >> 6; if (alias_len == 3) alias_len = 4; if (alias_len > 0) { if (api_data->session == NULL) { expert_add_info(pinfo, ti, &ei_oap_no_session); return offset; } offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_len, TRUE); } else offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset); } break; case OAP_1_CMD_ADVERTISE: offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset); break; case OAP_1_CMD_GET: case OAP_1_CMD_INVOKE: case OAP_1_CMD_SET: { guint8 alias_len = (flags & 0xC0) >> 6; if (alias_len == 3) alias_len = 4; /* The item identifier comes first, but it is compressed. */ { gint item_id_len; proto_item *pi; read_c2(tvb, offset, &item_id, &item_id_len); pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id); validate_c2(pinfo, pi, item_id, item_id_len); offset += item_id_len; } if (alias_len > 0) { if (api_data->session == NULL) { expert_add_info(pinfo, ti, &ei_oap_no_session); return offset; } offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_len, TRUE); } else offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset); if ((opcode == OAP_1_CMD_SET) || (opcode == OAP_1_CMD_INVOKE)) { proto_tree_add_item(oap_tree, hf_oap_1_value_list, tvb, offset, -1, ENC_NA); offset += tvb_reported_length_remaining(tvb, offset); } } break; case OAP_1_CMD_OPEN: { guint8 alias_len = (flags & 0xC0) >> 6; if (alias_len == 3) alias_len = 4; if (alias_len > 0) { if (api_data->session == NULL) { expert_add_info(pinfo, ti, &ei_oap_no_session); return offset; } offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_len, TRUE); } else offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset); offset = oap_1_tree_add_interface(oap_tree, tvb, offset); offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, oap_tree, offset, hf_oap_1_objectid, ett_oap_1_objectid, NULL); } break; case OAP_1_CMD_PROVIDE: { guint8 alias_length = flags >> 6; gint alias_offset; gint iid_offset; gint oid_offset; if (alias_length == 3) alias_length = 4; alias_offset = offset; if (alias_length == 0) { expert_add_info_format(pinfo, ti, &ei_malformed, "alias_length == 0"); return offset; } if (api_data->session == NULL) { expert_add_info(pinfo, ti, &ei_oap_no_session); return offset; } offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_length, FALSE); iid_offset = offset; offset = oap_1_tree_add_interface(oap_tree, tvb, offset); oid_offset = offset; offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, oap_tree, offset, hf_oap_1_objectid, ett_oap_1_objectid, NULL); if (alias_length && !packet_data->processed) { guint32 alias; oap_1_binding *binding = wmem_new0(wmem_file_scope(), oap_1_binding); int i; alias = 0; for (i = 0; i < alias_length; i++) alias = (alias << 8) | tvb_get_guint8(tvb, alias_offset + i); binding->iid_length = oid_offset - iid_offset; binding->iid = (guint8 *)wmem_alloc0(wmem_file_scope(), binding->iid_length); tvb_memcpy(tvb, binding->iid, iid_offset, binding->iid_length); binding->oid_length = offset - oid_offset; binding->oid = (guint8 *)wmem_alloc0(wmem_file_scope(), binding->oid_length); tvb_memcpy(tvb, binding->oid, oid_offset, binding->oid_length); binding->frame = pinfo->fd->num; oap_1_define_alias(api_data, alias, binding); } } break; case OAP_1_CMD_CHANGE: case OAP_1_CMD_SIGNAL: { guint8 alias_len = (flags & 0xC0) >> 6; if (alias_len == 3) alias_len = 4; /* The item identifier comes first, but it is compressed. */ { gint item_id_len; proto_item *pi; read_c2(tvb, offset, &item_id, &item_id_len); pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id); validate_c2(pinfo, pi, item_id, item_id_len); offset += item_id_len; } if (alias_len > 0) { if (api_data->session == NULL) { expert_add_info(pinfo, ti, &ei_oap_no_session); return offset; } offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, offset, alias_len, TRUE); } else offset = oap_1_tree_add_binding(oap_tree, pinfo, tvb, offset); /* Sequence is next. */ proto_tree_add_item(oap_tree, hf_oap_1_update_sequence, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; proto_tree_add_item(oap_tree, hf_oap_1_value_list, tvb, offset, -1, ENC_NA); offset += tvb_reported_length_remaining(tvb, offset); } break; case OAP_1_RSP_EXCEPTION: { if (flags & 0x20) { /* offset = add_oid( tvb, offset, NULL, oap_tree );*/ } /* The response code, compressed. */ { gint rsp_len; guint16 rsp; /* TODO: Validate*/ read_c2(tvb, offset, &rsp, &rsp_len); /* TODO: Add to tree with error codes. */ offset += rsp_len; } proto_tree_add_item(oap_tree, hf_oap_1_value_list, tvb, offset, -1, ENC_NA); offset += tvb_reported_length_remaining(tvb, offset); } break; default: /* TODO: Bad opcode!*/ break; } return offset; } static int dissect_sgmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { dof_api_data *api_data = (dof_api_data *)data; dof_packet_data *packet_data; guint offset = 0; guint8 opcode; guint16 app; gint app_len; proto_item *ti; proto_tree *sgmp_tree; if (api_data == NULL) { /* TODO: Output error. */ return 0; } packet_data = api_data->packet; if (packet_data == NULL) { /* TODO: Output error. */ return 0; } /* Make entries in Protocol column and Info column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "SGMPv1 "); /* Create the protocol tree. */ offset = 0; ti = proto_tree_add_item(tree, proto_sgmp, tvb, offset, -1, ENC_NA); sgmp_tree = proto_item_add_subtree(ti, ett_sgmp); /* Add the APPID. */ offset = read_c2(tvb, offset, &app, &app_len); ti = proto_tree_add_uint(sgmp_tree, hf_2008_1_app_version, tvb, 0, app_len, app); validate_c2(pinfo, ti, app, app_len); if (offset == tvb_captured_length(tvb)) { col_append_str(pinfo->cinfo, COL_INFO, "SGMP [nop]"); expert_add_info(pinfo, sgmp_tree, &ei_implicit_no_op); return offset; } /* Retrieve the opcode. */ opcode = tvb_get_guint8(tvb, offset); if (!packet_data->is_command) opcode |= SGMP_RESPONSE; col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, sgmp_opcode_strings, "Unknown Opcode (%d)")); /* Opcode */ proto_tree_add_item(sgmp_tree, hf_opcode, tvb, offset, 1, ENC_NA); offset += 1; switch (opcode) { case SGMP_CMD_EPOCH_CHANGED: { /* TMIN - 2 bytes */ { proto_tree_add_item(sgmp_tree, hf_sgmp_tmin, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; } /* EPOCH - 2 bytes */ { proto_tree_add_item(sgmp_tree, hf_sgmp_epoch, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; } } break; case SGMP_CMD_HEARTBEAT: { gint start_offset; /* Latest SGMP Version - Type.1 */ { guint16 version; gint length; proto_item *pi; start_offset = offset; offset = read_c2(tvb, offset, &version, &length); pi = proto_tree_add_uint(sgmp_tree, hf_latest_version, tvb, start_offset, offset - start_offset, version); validate_c2(pinfo, pi, version, length); } /* Desire - 1 byte */ { proto_tree_add_item(sgmp_tree, hf_desire, tvb, offset, 1, ENC_NA); offset += 1; } /* Tie Breaker - 4 bytes */ { proto_tree_add_item(sgmp_tree, hf_tie_breaker, tvb, offset, 4, ENC_BIG_ENDIAN); offset += 4; } } break; case SGMP_CMD_REKEY: case SGMP_CMD_REKEY_EPOCH: case SGMP_CMD_REKEY_MERGE: { #if 0 /*TODO check this */ gint start_offset; tvbuff_t *initial_state; #endif guint8 key[32]; /* Delay - one byte */ if (opcode != SGMP_CMD_REKEY_MERGE) { proto_tree_add_item(sgmp_tree, hf_delay, tvb, offset, 1, ENC_NA); offset += 1; } /* Initial State - Security.9 (not REKEY_MERGE) */ { offset = dof_dissect_pdu_as_field(dissect_2008_16_security_9, tvb, pinfo, sgmp_tree, offset, hf_initial_state, ett_initial_state, NULL); #if 0 /*TODO check this */ initial_state = tvb_new_subset_length(tvb, start_offset, offset - start_offset); #endif } /* Epoch - 2 bytes (only REKEY_EPOCH) */ if (opcode == SGMP_CMD_REKEY_EPOCH) { proto_tree_add_item(sgmp_tree, hf_sgmp_epoch, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; } /* Kgm - 32 bytes */ { proto_tree_add_item(sgmp_tree, hf_key, tvb, offset, 32, ENC_NA); tvb_memcpy(tvb, key, offset, 32); offset += 32; } /* Handle the initialization block. */ if (!packet_data->processed && api_data->session) { /*dof_session_data* session = (dof_session_data*)api_data->session;*/ /* Look up the field-dissector table, and determine if it is registered. */ dissector_table_t field_dissector = find_dissector_table("dof.secmode"); if (field_dissector != NULL) { #if 0 dissector_handle_t field_handle = dissector_get_port_handle(field_dissector, packet_data->security_mode); if (field_handle != NULL) { void *saved_private = pinfo->private_data; dof_secmode_api_data setup_data; gint block_length; setup_data.version = DOF_API_VERSION; setup_data.context = INITIALIZE; setup_data.dof_api = api_data; setup_data.secure_session = rekey_data->security_session; /* TODO FIX THIS setup_data.session_key = session_key; */ pinfo->private_data = &setup_data; block_length = call_dissector_only(field_handle, NULL, pinfo, NULL); pinfo->private_data = saved_private; } #endif } } } break; case SGMP_CMD_REQUEST_GROUP: { guint8 *domain_buf = NULL; guint8 domain_length = 0; gint start_offset; guint I_offset = offset; sgmp_packet_data *sgmp_data = NULL; guint16 epoch; /* START OF I BLOCK */ /* Domain - Security.7 */ { start_offset = offset; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, sgmp_tree, offset, hf_sgmp_domain, ett_sgmp_domain, NULL); if (!packet_data->processed) { domain_length = offset - start_offset; domain_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), domain_length); tvb_memcpy(tvb, domain_buf, start_offset, domain_length); } } /* Epoch - 2 bytes */ { epoch = tvb_get_ntohs(tvb, offset); proto_tree_add_item(sgmp_tree, hf_sgmp_epoch, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; } /* Initiator Block - SGMP.6.3 */ { /* SGMP Key Request - Security.4 */ { dof_2008_16_security_4 response; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, sgmp_tree, offset, hf_initiator_block, ett_initiator_block, &response); if (!packet_data->processed) { tvbuff_t *identity = response.identity; guint8 identity_length = tvb_reported_length(identity); guint8 *identity_buf = (guint8 *)wmem_alloc0(wmem_file_scope(), identity_length); /* Get the buffer. */ tvb_memcpy(identity, identity_buf, 0, identity_length); { sgmp_data = wmem_new0(wmem_file_scope(), sgmp_packet_data); dof_packet_add_proto_data(packet_data, proto_sgmp, sgmp_data); sgmp_data->domain_length = domain_length; sgmp_data->domain = (guint8 *)wmem_alloc0(wmem_file_scope(), domain_length); memcpy(sgmp_data->domain, domain_buf, domain_length); sgmp_data->group_length = identity_length; sgmp_data->group = (guint8 *)wmem_alloc0(wmem_file_scope(), identity_length); memcpy(sgmp_data->group, identity_buf, identity_length); sgmp_data->epoch = epoch; sgmp_data->request_session = api_data->session; } } } } /* Security Scope - Security.10 */ { offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, sgmp_tree, offset, hf_sgmp_security_scope, ett_sgmp_security_scope, NULL); } /* END OF I BLOCK */ if (sgmp_data && !sgmp_data->I) { sgmp_data->I_length = offset - I_offset; sgmp_data->I = (guint8 *)wmem_alloc0(wmem_file_scope(), sgmp_data->I_length); tvb_memcpy(tvb, sgmp_data->I, I_offset, sgmp_data->I_length); } } break; case SGMP_RSP_REQUEST_GROUP: { gint start_offset; #if 0 /*TODO check this */ guint A_offset; tvbuff_t *initial_state; guint A_end; #endif /* START OF A BLOCK */ /* Initial State - SGMP.6.2.1 */ { /* A_offset = offset;*/ /* Initial State - Security.9 */ { offset = dof_dissect_pdu_as_field(dissect_2008_16_security_9, tvb, pinfo, sgmp_tree, offset, hf_initial_state, ett_initial_state, NULL); #if 0 /*TODO check this */ initial_state = tvb_new_subset_length(tvb, start_offset, offset - start_offset); #endif } /* Latest SGMP Version - Type.1 */ { guint16 version; gint length; proto_item *pi; start_offset = offset; offset = read_c2(tvb, offset, &version, &length); pi = proto_tree_add_uint(sgmp_tree, hf_latest_version, tvb, start_offset, offset - start_offset, version); validate_c2(pinfo, pi, version, length); } /* Desire - 1 byte */ { proto_tree_add_item(sgmp_tree, hf_desire, tvb, offset, 1, ENC_NA); offset += 1; } } /* END OF A BLOCK */ /* A block data handled in first part of the next block. */ #if 0 /*TODO check this */ A_end = offset; #endif /* Ticket - Security.5 */ { offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, sgmp_tree, offset, hf_ticket, ett_ticket, NULL); } /* Try to match up the information learned here with any groups that exist. * Note that we do not know the SSID, and so we can only match based on the * domain and group identifier. We will learn the SSID based on a successful * match to a secure session. */ if (packet_data->opid_first && !api_data->secure_session) { #if 0 sgmp_packet_data* cmd_data = (sgmp_packet_data*)dof_packet_get_proto_data(packet_data->opid_first, proto_sgmp); extern struct BlockCipher BlockCipher_AES_256; struct BlockCipher* cipher = &BlockCipher_AES_256; guint8* ekey = (guint8*)ep_alloc(cipher->keyStateSize); if (cmd_data && !cmd_data->A) { cmd_data->A_length = A_end - A_offset; cmd_data->A = (guint8*)wmem_alloc0(wmem_file_scope(), cmd_data->A_length); tvb_memcpy(tvb, cmd_data->A, A_offset, cmd_data->A_length); } /* Search through the appropriate keks to find a match. */ { dof_learned_group_data* group = globals.learned_group_data; struct list; struct list { dof_learned_group_data *group; struct list *next; }; struct list *to_try = NULL; guint8 confirmation[32]; guint8* discovered_kek = NULL; dof_learned_group_auth_data *auth = NULL; tvb_memcpy(tvb, confirmation, start_offset, 32); while (group) { if ((cmd_data->domain_length == group->domain_length) && (memcmp(cmd_data->domain, group->domain, group->domain_length) == 0) && (cmd_data->group_length == group->group_length) && (memcmp(cmd_data->group, group->group, group->group_length) == 0)) { struct list *n = (struct list *) ep_alloc0(sizeof(struct list)); n->group = group; n->next = to_try; to_try = n; } group = group->next; } /* At this point we may be able to learn the session key. */ while (to_try && !discovered_kek) { group = to_try->group; auth = group->keys; while (auth && !discovered_kek) { guint8 mac[32]; guint8 key[32]; int j; /* It only makes sense to check matching epochs. */ if (auth->epoch == cmd_data->epoch) { tvb_memcpy(tvb, mac, start_offset, 32); tvb_memcpy(tvb, key, start_offset + 32, 32); if (cipher != NULL) { cipher->GenerateKeyState(ekey, auth->kek); cipher->Encrypt(ekey, mac); cipher->Encrypt(ekey, mac + 16); } for (j = 0; j < 32; j++) key[j] ^= mac[j]; if (sgmp_validate_session_key(cmd_data, confirmation, auth->kek, key)) { discovered_kek = (guint8*)se_alloc0(32); memcpy(discovered_kek, key, 32); break; } } auth = auth->next; } to_try = to_try->next; } /* Determine if there is already a secure session for this information. If there is, then * EPP will find it to decode any packets. If there is not, then we must create a secure * session and initialize it so that future packets can be decoded. * NOTE: None of the actual decoding is done here, because this packet is not encrypted * in the session that it defines. * NOTE: SGMP secure sessions are always attached to the DPS session, which is always * associated with the transport session (server address). */ if (discovered_kek) { dissector_table_t field_dissector; dissector_handle_t field_handle; dof_session_key_exchange_data *key_exchange = NULL; dof_secure_session_data *dof_secure_session = cmd_data->request_session->secure_sessions; while (dof_secure_session) { if ((dof_secure_session->ssid == group->ssid) && (dof_secure_session->domain_length == group->domain_length) && (memcmp(dof_secure_session->domain, group->domain, group->domain_length) == 0)) break; dof_secure_session = dof_secure_session->next; } if (!dof_secure_session) { dof_session_data *dof_session = wmem_alloc0(wmem_file_scope(), sizeof(dof_session_data)); dof_session->session_id = globals.next_session++; dof_session->dof_id = api_data->session->dof_id; dof_secure_session = wmem_alloc0(wmem_file_scope(), sizeof(dof_secure_session_data)); dof_secure_session->ssid = group->ssid; dof_secure_session->domain_length = group->domain_length; dof_secure_session->domain = group->domain; dof_secure_session->original_session_id = cmd_data->request_session->session_id; dof_secure_session->parent = dof_session; dof_secure_session->is_2_node = FALSE; dof_secure_session->next = cmd_data->request_session->secure_sessions; cmd_data->request_session->secure_sessions = dof_secure_session; } /* This packet represents a new key exchange, and so a new key exchange data * structure needs to be created. */ { key_exchange = wmem_alloc0(wmem_file_scope(), sizeof(dof_session_key_exchange_data)); if (!key_exchange) return offset; key_exchange->i_valid = packet_data->opid_first->dof_frame; key_exchange->r_valid = packet_data->dof_frame; key_exchange->security_mode = auth->security_mode; key_exchange->security_mode_data = auth->mode; key_exchange->security_mode_data_length = auth->mode_length; key_exchange->session_key = discovered_kek; /* Insert the new key information at the front of the list. */ if (!dof_secure_session->session_security_data_last) dof_secure_session->session_security_data = key_exchange; else dof_secure_session->session_security_data_last->next = key_exchange; dof_secure_session->session_security_data_last = key_exchange; } /* Look up the field-dissector table, and determine if it is registered. */ field_dissector = find_dissector_table("dps.secmode"); if (field_dissector != NULL) { field_handle = dissector_get_uint_handle(field_dissector, auth->security_mode); if (field_handle != NULL) { dof_secmode_api_data setup_data; gint block_length; tvbuff_t *ntvb = tvb_new_subset_remaining(tvb, A_offset); setup_data.context = INITIALIZE; setup_data.security_mode_offset = 0; setup_data.dof_api = api_data; setup_data.secure_session = dof_secure_session; setup_data.session_key_data = key_exchange; block_length = call_dissector_only(field_handle, ntvb, pinfo, tree, &setup_data); } } } } #endif } } break; default: break; } return offset; } static gboolean validate_session_key(tep_rekey_data *rekey, guint S_length, guint8 *S, guint8 *confirmation, guint8 *key) { guint8 pad[16]; gcry_mac_hd_t hmac; gcry_error_t result; memset(pad, 0, sizeof(pad)); result = gcry_mac_open(&hmac, GCRY_MAC_HMAC_SHA256, 0, NULL); if (result != 0) return FALSE; gcry_mac_setkey(hmac, key, 32); gcry_mac_write(hmac, pad, 16 - rekey->i_nonce_length); gcry_mac_write(hmac, rekey->i_nonce, rekey->i_nonce_length); gcry_mac_write(hmac, pad, 16 - rekey->r_nonce_length); gcry_mac_write(hmac, rekey->r_nonce, rekey->r_nonce_length); gcry_mac_write(hmac, S, S_length); gcry_mac_write(hmac, rekey->r_identity, rekey->r_identity_length); result = gcry_mac_verify(hmac, confirmation, 32); return result == 0; } static int dissect_tep_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_) { /* We are handed a buffer that starts with our protocol id. Any options follow that. */ gint offset = 0; /* We don't care except for the treeview. */ if (!tree) return 0; /* Compute the version and flags, masking off other bits. */ offset += 4; /* Skip the type and protocol. */ proto_tree_add_item(tree, hf_dsp_option, tvb, 0, -1, ENC_NA); return offset; } static int dissect_2008_4_tep_2_2_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 *ssid, void *data) { gint offset = 0; proto_item *ti; dof_api_data *api_data = (dof_api_data *)data; dof_packet_data *packet_data; if (api_data == NULL) { /* TODO: Output error. */ return 0; } packet_data = api_data->packet; if (packet_data == NULL) { /* TODO: Output error. */ return 0; } /* State Identifier - Only if Unsecured */ if (packet_data->decrypted_buffer == NULL) { proto_item *pi; gint ssid_len; gint start = offset; offset = read_c4(tvb, offset, ssid, &ssid_len); pi = proto_tree_add_uint(tree, hf_tep_2_2_1_state_identifier, tvb, start, offset - start, *ssid); validate_c4(pinfo, pi, *ssid, ssid_len); } /* Initial State */ { int block_length; tvbuff_t *start = tvb_new_subset_remaining(tvb, offset); ti = proto_tree_add_item(tree, hf_tep_2_2_1_initial_state, tvb, offset, 0, ENC_NA); ti = proto_item_add_subtree(ti, ett_tep_2_2_1_initial_state); block_length = dof_dissect_pdu(dissect_2008_16_security_9, start, pinfo, ti, NULL); proto_item_set_len(ti, block_length); offset += block_length; } return offset; } /** * This is the main entry point for the CCM dissector. * TEP operations create security periods. * They can also create sessions when used with "None" sessions. * In any case, these PDUs need to pass information between * them. * They also must maintain state for each rekey request, some of * which modify the session key, some of which create new * sessions, and others that determine new session information * like permission sets. * * In order to store information appropriately, the following structures are * used: * 1. api_data (dof_api_data*) source for all other state. * 2. packet (dof_packet_data*) dps packet information. * 3. rekey_data (tep_rekey_data*) tep information for rekey/accept/confirm. */ static int dissect_tep(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { dof_api_data *api_data = (dof_api_data *)data; dof_packet_data *packet; tep_rekey_data *rekey_data; guint offset = 0; guint8 operation; guint16 app; gint app_len; proto_item *ti; proto_tree *tep_tree, *operation_tree; if (api_data == NULL) { /* TODO: Output error. */ return 0; } packet = api_data->packet; if (packet == NULL) { /* TODO: Output error. */ return 0; } /* Make entries in Protocol column and Info column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "TEPv1 "); /* Create the protocol tree. */ offset = 0; ti = proto_tree_add_item(tree, proto_tep, tvb, offset, -1, ENC_NA); tep_tree = proto_item_add_subtree(ti, ett_tep); /* Add the APPID. */ offset = read_c2(tvb, offset, &app, &app_len); ti = proto_tree_add_uint(tep_tree, hf_2008_1_app_version, tvb, 0, app_len, app); validate_c2(pinfo,ti, app, app_len); /* Check for empty packet. */ if (offset == tvb_captured_length(tvb)) { col_append_str(pinfo->cinfo, COL_INFO, "TEP [nop]"); expert_add_info(pinfo, tep_tree, &ei_implicit_no_op); return offset; } /* Retrieve the opcode. */ operation = tvb_get_guint8(tvb, offset); if (!packet->is_command) operation |= TEP_OPCODE_RSP; col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(operation, tep_opcode_strings, "Unknown Opcode (%d)")); ti = proto_tree_add_uint_format(tep_tree, hf_tep_operation, tvb, offset, 1, operation, "Operation: %s (%u)", val_to_str(operation, tep_opcode_strings, "Unknown Opcode (%d)"), operation); operation_tree = proto_item_add_subtree(ti, ett_tep_operation); ti = proto_tree_add_boolean(operation_tree, hf_tep_operation_type, tvb, offset, 0, operation); proto_item_set_generated(ti); /* The flags are reserved except for OPCODE=1 & COMMAND */ if ((operation & 0x8F) == 0x01) { proto_tree_add_item(operation_tree, hf_tep_c, tvb, offset, 1, ENC_NA); proto_tree_add_item(operation_tree, hf_tep_k, tvb, offset, 1, ENC_NA); } proto_tree_add_item(operation_tree, hf_tep_opcode, tvb, offset, 1, ENC_NA); offset += 1; switch (operation) { case TEP_PDU_REQUEST_KEY: /* The K bit must be set, so there is a domain ONLY IF NOT SECURED. */ /* Remember the current request. */ rekey_data = (tep_rekey_data *)packet->opid_data; if (!rekey_data) { packet->opid_data = rekey_data = wmem_new0(wmem_file_scope(), tep_rekey_data); } rekey_data->key_data = wmem_new0(wmem_file_scope(), dof_session_key_exchange_data); rekey_data->is_rekey = TRUE; /* The K bit must be set, so there is a domain ONLY IF NOT SECURED. */ if (packet->decrypted_buffer == NULL) { gint start_offset = offset; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, tep_tree, offset, hf_tep_2_1_domain, ett_tep_2_1_domain, NULL); if (!rekey_data->domain) { rekey_data->domain_length = offset - start_offset; rekey_data->domain = (guint8 *)wmem_alloc0(wmem_file_scope(), rekey_data->domain_length); /* Get the buffer. */ tvb_memcpy(tvb, rekey_data->domain, start_offset, rekey_data->domain_length); } } else { /* The domain is not present, but this is a secure packet and so the domain can be obtained * through the session. */ if (!rekey_data->domain) { rekey_data->domain_length = api_data->secure_session->domain_length; rekey_data->domain = api_data->secure_session->domain; } } /* FALL THROUGH */ case TEP_PDU_REQUEST: /* Remember the current request. */ rekey_data = (tep_rekey_data *)packet->opid_data; if (!rekey_data) { if (api_data->secure_session == NULL) { /* TODO: Output error. */ return 0; } packet->opid_data = rekey_data = wmem_new0(wmem_file_scope(), tep_rekey_data); rekey_data->domain_length = api_data->secure_session->domain_length; rekey_data->domain = api_data->secure_session->domain; } /* The C bit must be clear, so there is an Initiator Block. */ { dof_2008_16_security_6_1 response; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_1, tvb, pinfo, tep_tree, offset, hf_tep_2_1_initiator_block, ett_tep_2_1_initiator_block, &response); if (!packet->processed) { tvbuff_t *inonce = response.i_nonce; tvbuff_t *iidentity = response.i_identity; rekey_data->i_nonce_length = tvb_reported_length(inonce); rekey_data->i_nonce = (guint8 *)wmem_alloc0(wmem_file_scope(), rekey_data->i_nonce_length); tvb_memcpy(inonce, rekey_data->i_nonce, 0, rekey_data->i_nonce_length); rekey_data->i_identity_length = tvb_reported_length(iidentity); rekey_data->i_identity = (guint8 *)wmem_alloc0(wmem_file_scope(), rekey_data->i_identity_length); tvb_memcpy(iidentity, rekey_data->i_identity, 0, rekey_data->i_identity_length); rekey_data->security_mode = response.security_mode; rekey_data->security_mode_data_length = response.security_mode_data_length; rekey_data->security_mode_data = response.security_mode_data; } } break; case TEP_PDU_ACCEPT: { guint32 ssid = 0; guint8 *S = NULL; guint8 S_length = 0; guint8 confirmation[32]; typedef struct identity_key { guint8 *session_key; struct identity_key *next; } identity_key; identity_key *identity_key_list = NULL; dof_secure_session_data *dof_secure_session = NULL; if (!packet->opid_first) { /* TODO: Print error */ return 0; } rekey_data = (tep_rekey_data *)packet->opid_first->opid_data; if (!rekey_data) return tvb_captured_length(tvb); /* Initiator Ticket */ { gint start_offset; guint8 ticket[64]; start_offset = offset; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, tep_tree, offset, hf_tep_2_2_initiator_ticket, ett_tep_2_2_initiator_ticket, NULL); if (!packet->processed && rekey_data) { int i; /* Produce a (possibly empty) list of potential keys based on our * initiator secrets based on identity. These will be validated * later on. */ for (i = 0; i < globals.global_security->identity_data_count; i++) { dof_identity_data *identity = globals.global_security->identity_data + i; gcry_cipher_hd_t rijndael_handle; int j; if (identity->domain_length != rekey_data->domain_length) continue; if (memcmp(identity->domain, rekey_data->domain, identity->domain_length) != 0) continue; if (identity->identity_length != rekey_data->i_identity_length) continue; if (memcmp(identity->identity, rekey_data->i_identity, identity->identity_length) != 0) continue; tvb_memcpy(tvb, ticket, start_offset, 64); if (!gcry_cipher_open(&rijndael_handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) { if (!gcry_cipher_setkey(rijndael_handle, identity->secret, 32)) { gcry_cipher_encrypt(rijndael_handle, ticket, 16, NULL, 0); gcry_cipher_encrypt(rijndael_handle, ticket + 16, 16, NULL, 0); } gcry_cipher_close(rijndael_handle); } for (j = 0; j < 32; j++) ticket[j + 32] = ticket[j + 32] ^ ticket[j]; /* Add the key to the list - ep memory. */ { identity_key *key = (identity_key *)wmem_alloc0(wmem_file_scope(), sizeof(*key)); key->session_key = (guint8 *)wmem_alloc0(wmem_file_scope(), 32); memcpy(key->session_key, ticket + 32, 32); key->next = identity_key_list; identity_key_list = key; } } } } /* Ticket Confirmation */ { if (!packet->processed) tvb_memcpy(tvb, confirmation, offset, sizeof(confirmation)); proto_tree_add_item(tep_tree, hf_tep_2_2_ticket_confirmation, tvb, offset, 32, ENC_NA); offset += 32; } /* Add a field to show the session key that has been learned. */ if (rekey_data->key_data && rekey_data->key_data->session_key && tep_tree) { ti = proto_tree_add_bytes_with_length(tree, hf_tep_session_key, tvb, 0, 0, rekey_data->key_data->session_key, 32); proto_item_set_generated(ti); } /* Responder Initialization - present based on whether the command was a rekey */ { if (rekey_data && rekey_data->is_rekey) { int block_length; tvbuff_t *start = tvb_new_subset_remaining(tvb, offset); ti = proto_tree_add_item(tep_tree, hf_tep_2_2_responder_initialization, tvb, offset, 0, ENC_NA); ti = proto_item_add_subtree(ti, ett_tep_2_2_responder_initialization); block_length = dissect_2008_4_tep_2_2_1(start, pinfo, ti, &ssid, data); proto_item_set_len(ti, block_length); offset += block_length; if (!packet->processed) { S_length = block_length; S = (guint8 *)wmem_alloc0(wmem_file_scope(), S_length); tvb_memcpy(start, S, 0, S_length); } /* TEP can create new sessions when not used inside an existing secure * session. Each session can use an SSID, present in TEP.2.2.1. * Note that in this case there may be no existing session, and so * we need to "backpedal" and create one. */ if (packet->decrypted_buffer == NULL && !packet->processed) { #if 0 if (api_data->session) tep_session = (tep_session_data*)dof_session_get_proto_data((dof_session_data*)api_data->session, proto_tep); if (!tep_session && api_data->session) { tep_session = (tep_session_data*)se_alloc0(sizeof(*tep_session)); dof_session_add_proto_data((dof_session_data*)api_data->session, proto_tep, tep_session); } tep_session->pending_rekey = cmd; tep_session->pending_confirm = packet; #endif } } } /* Responder Block */ { dof_2008_16_security_6_2 response; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_2, tvb, pinfo, tep_tree, offset, hf_tep_2_2_responder_block, ett_tep_2_2_responder_block, &response); if (!packet->processed) { tvbuff_t *rnonce = response.r_nonce; tvbuff_t *ridentity = response.r_identity; rekey_data->r_nonce_length = tvb_reported_length(rnonce); rekey_data->r_nonce = (guint8 *)wmem_alloc0(wmem_file_scope(), rekey_data->r_nonce_length); tvb_memcpy(rnonce, rekey_data->r_nonce, 0, rekey_data->r_nonce_length); rekey_data->r_identity_length = tvb_reported_length(ridentity); rekey_data->r_identity = (guint8 *)wmem_alloc0(wmem_file_scope(), rekey_data->r_identity_length); tvb_memcpy(ridentity, rekey_data->r_identity, 0, rekey_data->r_identity_length); } } /* Authentication Initialization */ { offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_3, tvb, pinfo, tep_tree, offset, hf_tep_2_2_authenticator_initialization, ett_tep_2_2_authenticator_initialization, NULL); } /* The request was accepted, and so a new secure session exists. We define the session, * add it to the list of secure sessions for the unsecure session, and EPP will do the * rest. */ if (packet->decrypted_buffer == NULL) { /* This triggers the creation of the corresponding secure DPS session if it is not already * created. This allows information to be stored in that session even though no packets * have used it yet. There is a problem, however, because at this point we do not know * the SSID that (may) be associated with this session. */ { dof_session_data *dof_session = api_data->session; dof_secure_session = dof_session->secure_sessions; while (dof_secure_session != NULL) { /* Determine matching session. The session list already is scoped by transport and DPS * session, so the only thing remaining is the domain and secure session ID. */ if ((dof_secure_session->ssid == ssid) && (dof_secure_session->domain_length == rekey_data->domain_length) && (memcmp(dof_secure_session->domain, rekey_data->domain, rekey_data->domain_length) == 0)) break; dof_secure_session = dof_secure_session->next; } if (!dof_secure_session) { dof_session = wmem_new0(wmem_file_scope(), dof_session_data); dof_session->session_id = globals.next_session++; dof_session->dof_id = api_data->session->dof_id; dof_secure_session = wmem_new0(wmem_file_scope(), dof_secure_session_data); dof_secure_session->ssid = ssid; dof_secure_session->domain_length = rekey_data->domain_length; dof_secure_session->domain = rekey_data->domain; dof_secure_session->original_session_id = api_data->session->session_id; dof_secure_session->parent = dof_session; dof_secure_session->is_2_node = TRUE; dof_secure_session->next = api_data->session->secure_sessions; api_data->session->secure_sessions = dof_secure_session; if (!dof_secure_session->session_security_data_last) dof_secure_session->session_security_data = rekey_data->key_data; else dof_secure_session->session_security_data_last->next = rekey_data->key_data; dof_secure_session->session_security_data_last = rekey_data->key_data; } } } /* This PDU indicates the beginning of security for the responder. The next PDU * sent will be encrypted with these settings. This means that we must determine * the security settings and set them in the session. */ if (!packet->processed && rekey_data->is_rekey) { int i; guint8 *session_key = NULL; /* We have everything that we need. Determine the session secret if we can. */ /* Check any keys determined above by initiator identity. */ while (session_key == NULL && identity_key_list) { if (validate_session_key(rekey_data, S_length, S, confirmation, identity_key_list->session_key)) { session_key = (guint8 *)wmem_alloc0(wmem_file_scope(), 32); memcpy(session_key, identity_key_list->session_key, 32); } identity_key_list = identity_key_list->next; } /* For each key in the global configuration, see if we can validate the confirmation. */ for (i = 0; session_key == NULL && i < globals.global_security->session_key_count; i++) { if (validate_session_key(rekey_data, S_length, S, confirmation, globals.global_security->session_key[i].session_key)) session_key = globals.global_security->session_key[i].session_key; } /* Whether or not this can be decrypted, the security mode infomation * should be kept with the session. */ { rekey_data->key_data->r_valid = packet->dof_frame; rekey_data->key_data->i_valid = G_MAXUINT32; rekey_data->key_data->session_key = session_key; rekey_data->key_data->security_mode = rekey_data->security_mode; rekey_data->key_data->security_mode_data_length = rekey_data->security_mode_data_length; rekey_data->key_data->security_mode_data = rekey_data->security_mode_data; if (session_key && dof_secure_session) { /* Look up the field-dissector table, and determine if it is registered. */ dissector_table_t field_dissector = find_dissector_table("dof.secmode"); if (field_dissector != NULL) { dissector_handle_t field_handle = dissector_get_uint_handle(field_dissector, rekey_data->key_data->security_mode); if (field_handle != NULL) { dof_secmode_api_data setup_data; setup_data.context = INITIALIZE; setup_data.security_mode_offset = 0; setup_data.dof_api = api_data; setup_data.secure_session = dof_secure_session; setup_data.session_key_data = rekey_data->key_data; call_dissector_only(field_handle, NULL, pinfo, NULL, &setup_data); } } } } } } break; case TEP_PDU_CONFIRM: { /* C is set, K is clear. */ /* Ticket Confirmation */ proto_tree_add_item(tep_tree, hf_tep_2_1_ticket_confirmation, tvb, offset, 32, ENC_NA); offset += 32; if (!packet->processed && api_data->session && packet->opid_first && packet->opid_first->opid_data) { dof_session_key_exchange_data *sk_data; rekey_data = (tep_rekey_data *)packet->opid_first->opid_data; sk_data = rekey_data->key_data; /* TODO: Error if not found or if already set. */ if (sk_data) sk_data->i_valid = packet->dof_frame; } } break; case TEP_PDU_END_SESSION: case TEP_PDU_SESSION_ENDING: break; case TEP_PDU_REJECT: { /* Error Code */ proto_tree_add_item(tep_tree, hf_tep_reject_code, tvb, offset, 1, ENC_NA); offset += 1; /* Error Description */ if (tvb_captured_length(tvb) > offset) proto_tree_add_item(tep_tree, hf_tep_reject_data, tvb, offset, -1, ENC_NA); } break; default: break; } return offset; } static int dissect_trp_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_) { /* We are handed a buffer that starts with our protocol id. Any options follow that. */ gint offset = 0; /* We don't care except for the treeview. */ if (!tree) return 0; /* Compute the version and flags, masking off other bits. */ offset += 4; /* Skip the type and protocol. */ proto_tree_add_item(tree, hf_trp_dsp_option, tvb, 0, -1, ENC_NA); return offset; } static int dissect_trp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { dof_api_data *api_data = (dof_api_data *)data; dof_packet_data *packet_data; guint offset = 0; guint8 opcode; guint16 app; gint app_len; proto_item *ti; proto_tree *trp_tree; trp_packet_data *trp_data; /* Make entries in Protocol column and Info column on summary display */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "TRP "); /* Create the protocol tree. */ offset = 0; ti = proto_tree_add_item(tree, proto_trp, tvb, offset, -1, ENC_NA); trp_tree = proto_item_add_subtree(ti, ett_trp); /* Add the APPID. */ offset = read_c2(tvb, offset, &app, &app_len); ti = proto_tree_add_uint(trp_tree, hf_2008_1_app_version, tvb, 0, app_len, app); validate_c2(pinfo, ti, app, app_len); if (api_data == NULL) { expert_add_info_format(pinfo, ti, &ei_malformed, "api_data == NULL"); return offset; } packet_data = api_data->packet; if (packet_data == NULL) { expert_add_info_format(pinfo, ti, &ei_malformed, "api_data == NULL"); return offset; } trp_data = (trp_packet_data *)dof_packet_get_proto_data(packet_data, proto_trp); if (offset == tvb_captured_length(tvb)) { col_append_str(pinfo->cinfo, COL_INFO, "TRP [nop]"); expert_add_info(pinfo, trp_tree, &ei_implicit_no_op); return offset; } /* Retrieve the opcode. */ opcode = tvb_get_guint8(tvb, offset); if (!packet_data->is_command) opcode |= TRP_RESPONSE; col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, trp_opcode_strings, "Unknown Opcode (%d)")); /* Opcode */ ti = proto_tree_add_uint_format(trp_tree, hf_trp_opcode, tvb, offset, 1, opcode & 0x7F, "Opcode: %s (%u)", val_to_str(opcode, trp_opcode_strings, "Unknown Opcode (%d)"), opcode & 0x7F); offset += 1; switch (opcode) { case TRP_RSP_REJECT: { /* Error Code */ proto_tree_add_item(trp_tree, hf_trp_errorcode, tvb, offset, 1, ENC_NA); offset += 1; } break; case TRP_CMD_REQUEST_KEK: { guint8 *domain_buf = NULL; guint8 domain_length = 0; gint start_offset; if (trp_data && trp_data->identity_length) { expert_add_info(pinfo, ti, &ei_trp_initiator_id_known); } /* Domain - Security.7 */ start_offset = offset; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree, offset, hf_domain, ett_domain, NULL); if (!packet_data->processed) { domain_length = offset - start_offset; domain_buf = (guint8 *)wmem_alloc0(wmem_file_scope(), domain_length); tvb_memcpy(tvb, domain_buf, start_offset, domain_length); } /* Initiator Block - TRP.4.1.1 */ { dof_2008_16_security_4 response; trp_packet_data *trp_pkt_data = NULL; start_offset = offset; /* Initiator Key Request - Security.4 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, trp_tree, offset, hf_initiator_request, ett_initiator_request, &response); if (!packet_data->processed) { tvbuff_t *identity = response.identity; guint8 identity_length = tvb_reported_length(identity); guint8 *identity_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), identity_length); int i; /* Get the buffer. */ tvb_memcpy(identity, identity_buf, 0, identity_length); /* Check to see if there is a matching identity. */ for (i = 0; i < globals.global_security->identity_data_count; i++) { dof_identity_data *gidentity = globals.global_security->identity_data + i; if (domain_length != gidentity->domain_length || memcmp(domain_buf, gidentity->domain, domain_length) != 0) continue; if (identity_length == gidentity->identity_length && memcmp(identity_buf, gidentity->identity, identity_length) == 0) { trp_pkt_data = wmem_new0(wmem_file_scope(), trp_packet_data); dof_packet_add_proto_data(packet_data, proto_trp, trp_pkt_data); trp_pkt_data->domain_length = domain_length; trp_pkt_data->domain = (guint8 *)wmem_alloc0(wmem_file_scope(), domain_length); memcpy(trp_pkt_data->domain, domain_buf, domain_length); trp_pkt_data->identity_length = identity_length; trp_pkt_data->identity = (guint8 *)wmem_alloc0(wmem_file_scope(), identity_length); memcpy(trp_pkt_data->identity, identity_buf, identity_length); trp_pkt_data->secret = gidentity->secret; } } } /* Group Identifier - Security.8 */ { gint gid_start = offset; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_8, tvb, pinfo, trp_tree, offset, hf_group_identifier, ett_group_identifier, NULL); if (trp_pkt_data) { trp_pkt_data->group_length = offset - gid_start; trp_pkt_data->group = (guint8 *)wmem_alloc0(wmem_file_scope(), trp_pkt_data->group_length); tvb_memcpy(tvb, trp_pkt_data->group, gid_start, trp_pkt_data->group_length); } } if (trp_pkt_data) { /* We need to store the entire block_I for later use. */ trp_pkt_data->block_I_length = offset - start_offset; trp_pkt_data->block_I = (guint8 *)wmem_alloc0(wmem_file_scope(), trp_pkt_data->block_I_length); tvb_memcpy(tvb, trp_pkt_data->block_I, start_offset, trp_pkt_data->block_I_length); } } } break; case TRP_RSP_REQUEST_KEK: { gint start_offset; guint32 ssid; guint8 *mode; guint8 mode_length; guint8 *block_A; guint8 block_A_length; if (trp_data && trp_data->kek_known) { expert_add_info(pinfo, ti, &ei_trp_kek_discovered); } /* Initiator Ticket - Security.5 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree, offset, hf_initiator_ticket, ett_initiator_ticket, NULL); /* Initialization Block - TRP.4.2.1 */ /* A BLOCK */ { start_offset = offset; /* THB */ { proto_tree_add_item(trp_tree, hf_thb, tvb, offset, 1, ENC_NA); offset += 1; } /* TMIN */ { proto_tree_add_item(trp_tree, hf_tmin, tvb, offset, 1, ENC_NA); offset += 1; } /* TMAX */ { proto_tree_add_item(trp_tree, hf_tmax, tvb, offset, 1, ENC_NA); offset += 1; } /* Epoch */ { proto_tree_add_item(trp_tree, hf_trp_epoch, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; } /* SIDg - Type.4 */ { offset = dof_dissect_pdu_as_field(dissect_2009_11_type_4, tvb, pinfo, trp_tree, offset, hf_sidg, ett_sidg, NULL); } /* Initiator Node Security Scope - Security.10 */ { offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, trp_tree, offset, hf_security_scope, ett_security_scope, NULL); } /* Security Mode - Security.13 */ { gint mode_start = offset; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_13, tvb, pinfo, trp_tree, offset, hf_security_mode, ett_security_mode, NULL); if (!packet_data->processed) { mode_length = offset - mode_start; mode = (guint8 *)wmem_alloc0(wmem_packet_scope(), mode_length); tvb_memcpy(tvb, mode, mode_start, mode_length); } } /* State Identifier - Type.3 */ { gint s_offset = offset; gint ssid_len; proto_item *pi; offset = read_c4(tvb, offset, &ssid, &ssid_len); ssid |= AS_ASSIGNED_SSID; /* TRP SSID are *always* assigned by the AS. */ pi = proto_tree_add_uint_format(trp_tree, hf_ssid, tvb, s_offset, offset - s_offset, ssid, "SSID: %u", ssid); validate_c4(pinfo, pi, ssid, ssid_len); } /* PG - Security.2 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_2, tvb, pinfo, trp_tree, offset, hf_responder_pg, ett_responder_pg, NULL); /* Group Validation - Security.11 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_11, tvb, pinfo, trp_tree, offset, hf_responder_validation, ett_responder_validation, NULL); /* Initiator Validation - Security.11 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_11, tvb, pinfo, trp_tree, offset, hf_initiator_validation, ett_initiator_validation, NULL); block_A_length = offset - start_offset; block_A = (guint8 *)wmem_alloc0(wmem_packet_scope(), block_A_length); tvb_memcpy(tvb, block_A, start_offset, block_A_length); } /* Determine the KEK, if possible. This requires that either the initiator node's secret * is known or that the group has been configured. In either case this requires knowledge * from the matching command, including the domain, identity, and group information. */ if (packet_data->opid_first && !packet_data->processed) { #if 0 trp_packet_data* cmd_data = (trp_packet_data*)dof_packet_get_proto_data(packet_data->opid_first, proto_trp); guint8 mac[32]; extern struct BlockCipher BlockCipher_AES_256; struct BlockCipher* cipher = &BlockCipher_AES_256; guint8* ekey = (guint8*)ep_alloc(cipher->keyStateSize); int i; if (cmd_data) { guint8 kek[32]; tvb_memcpy(tvb, mac, mac_offset, 32); tvb_memcpy(tvb, kek, mac_offset + 32, 32); if (cipher != NULL) { cipher->GenerateKeyState(ekey, cmd_data->secret); cipher->Encrypt(ekey, mac); cipher->Encrypt(ekey, mac + 16); } for (i = 0; i < 32; i++) kek[i] ^= mac[i]; { OALSecureHMACContext ctx; OALSecureHMACDigest digest; OALSecureHMAC_Start(&ctx, cmd_data->secret); OALSecureHMAC_Digest(&ctx, cmd_data->domain_length, cmd_data->domain); OALSecureHMAC_Digest(&ctx, cmd_data->block_I_length, cmd_data->block_I); OALSecureHMAC_Digest(&ctx, block_A_length, block_A); OALSecureHMAC_Digest(&ctx, 32, kek); OALSecureHMAC_Finish(&ctx, digest); tvb_memcpy(tvb, mac, mac_offset, 32); if (memcmp(mac, digest, 32) == 0) { dof_learned_group_data* group = globals.learned_group_data; dof_learned_group_auth_data *auth = NULL; /* The KEK has been discovered, flag this for output on the PDU. */ if (!trp_data) { trp_data = wmem_alloc0(wmem_file_scope(), sizeof(trp_packet_data)); dof_packet_add_proto_data(packet_data, proto_trp, trp_data); } trp_data->kek_known = TRUE; while (group) { if ((cmd_data->domain_length == group->domain_length) && (memcmp(cmd_data->domain, group->domain, group->domain_length) == 0) && (cmd_data->group_length == group->group_length) && (memcmp(cmd_data->group, group->group, group->group_length) == 0) && (ssid == group->ssid)) break; group = group->next; } if (group == NULL) { group = wmem_alloc0(wmem_file_scope, sizeof(dof_learned_group_data)); group->domain_length = cmd_data->domain_length; group->domain = cmd_data->domain; group->group_length = cmd_data->group_length; group->group = cmd_data->group; group->ssid = ssid; group->next = globals.learned_group_data; globals.learned_group_data = group; } auth = group->keys; while (auth) { if (epoch == auth->epoch) break; auth = auth->next; } if (auth == NULL) { auth = wmem_alloc0(wmem_file_scope(), sizeof(dof_learned_group_auth_data)); auth->epoch = epoch; auth->next = group->keys; group->keys = auth; auth->kek = (guint8*)wmem_alloc0(wmem_file_scope(), 32); memcpy(auth->kek, kek, 32); auth->mode_length = mode_length; auth->mode = (guint8*)wmem_alloc0(wmem_file_scope(), mode_length); memcpy(auth->mode, mode, mode_length); auth->security_mode = (mode[1] * 256) | mode[2]; auth->parent = group; } } } } #endif } } break; case TRP_CMD_REQUEST_RANDOM: { guint8 *domain_buf = NULL; guint8 domain_length = 0; gint start_offset; if (trp_data && trp_data->identity_length) { expert_add_info(pinfo, ti, &ei_trp_initiator_id_known); } /* Domain - Security.7 */ start_offset = offset; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree, offset, hf_domain, ett_domain, NULL); if (!packet_data->processed) { domain_length = offset - start_offset; domain_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), domain_length); tvb_memcpy(tvb, domain_buf, start_offset, domain_length); } /* Initiator Block - TRP.6.1.1 */ { dof_2008_16_security_4 response; trp_packet_data *trp_pkt_data = NULL; start_offset = offset; /* Initiator Key Request - Security.4 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, trp_tree, offset, hf_initiator_request, ett_initiator_request, &response); if (!packet_data->processed) { tvbuff_t *identity = response.identity; guint8 identity_length = tvb_reported_length(identity); guint8 *identity_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), identity_length); int i; /* Get the buffer. */ tvb_memcpy(identity, identity_buf, 0, identity_length); /* Check to see if there is a matching identity. */ for (i = 0; i < globals.global_security->identity_data_count; i++) { dof_identity_data *gidentity = globals.global_security->identity_data + i; if (domain_length != gidentity->domain_length || memcmp(domain_buf, gidentity->domain, domain_length) != 0) continue; if (identity_length == gidentity->identity_length && memcmp(identity_buf, gidentity->identity, identity_length) == 0) { trp_pkt_data = wmem_new0(wmem_file_scope(), trp_packet_data); dof_packet_add_proto_data(packet_data, proto_trp, trp_pkt_data); trp_pkt_data->domain_length = domain_length; trp_pkt_data->domain = (guint8 *)wmem_alloc0(wmem_file_scope(), domain_length); memcpy(trp_pkt_data->domain, domain_buf, domain_length); trp_pkt_data->identity_length = identity_length; trp_pkt_data->identity = (guint8 *)wmem_alloc0(wmem_file_scope(), identity_length); memcpy(trp_pkt_data->identity, identity_buf, identity_length); trp_pkt_data->secret = gidentity->secret; } } } if (trp_pkt_data) { /* We need to store the entire block_I for later use. */ trp_pkt_data->block_I_length = offset - start_offset; trp_pkt_data->block_I = (guint8 *)wmem_alloc0(wmem_file_scope(), trp_pkt_data->block_I_length); tvb_memcpy(tvb, trp_pkt_data->block_I, start_offset, trp_pkt_data->block_I_length); } } } break; case TRP_RSP_REQUEST_RANDOM: { /* Initiator Ticket - Security.5 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree, offset, hf_initiator_ticket, ett_initiator_ticket, NULL); } break; case TRP_CMD_REQUEST_SECURITY_SCOPES: { guint8 *domain_buf = NULL; guint8 domain_length = 0; gint start_offset; if (trp_data && trp_data->identity_length) { expert_add_info(pinfo, ti, &ei_trp_initiator_id_known); } /* Domain - Security.7 */ start_offset = offset; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree, offset, hf_domain, ett_domain, NULL); if (!packet_data->processed) { domain_length = offset - start_offset; domain_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), domain_length); tvb_memcpy(tvb, domain_buf, start_offset, domain_length); } /* Initiator Block - TRP.5.1.1 */ { dof_2008_16_security_4 response; trp_packet_data *trp_pk_data = NULL; start_offset = offset; /* Initiator Duration Request */ proto_tree_add_item(trp_tree, hf_trp_duration, tvb, offset, 1, ENC_NA); offset += 1; /* Initiator Key Request - Security.4 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_4, tvb, pinfo, trp_tree, offset, hf_initiator_request, ett_initiator_request, &response); if (!packet_data->processed) { tvbuff_t *identity = response.identity; guint8 identity_length = tvb_reported_length(identity); guint8 *identity_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), identity_length); int i; /* Get the buffer. */ tvb_memcpy(identity, identity_buf, 0, identity_length); /* Check to see if there is a matching identity. */ for (i = 0; i < globals.global_security->identity_data_count; i++) { dof_identity_data *gidentity = globals.global_security->identity_data + i; if (domain_length != gidentity->domain_length || memcmp(domain_buf, gidentity->domain, domain_length) != 0) continue; if (identity_length == gidentity->identity_length && memcmp(identity_buf, gidentity->identity, identity_length) == 0) { trp_pk_data = wmem_new0(wmem_file_scope(), trp_packet_data); dof_packet_add_proto_data(packet_data, proto_trp, trp_pk_data); trp_pk_data->domain_length = domain_length; trp_pk_data->domain = (guint8 *)wmem_alloc0(wmem_file_scope(), domain_length); memcpy(trp_pk_data->domain, domain_buf, domain_length); trp_pk_data->identity_length = identity_length; trp_pk_data->identity = (guint8 *)wmem_alloc0(wmem_file_scope(), identity_length); memcpy(trp_pk_data->identity, identity_buf, identity_length); trp_pk_data->secret = gidentity->secret; } } } /* Node - Security.8 */ { gint gid_start = offset; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_8, tvb, pinfo, trp_tree, offset, hf_node_identifier, ett_node_identifier, NULL); if (trp_pk_data) { trp_pk_data->group_length = offset - gid_start; trp_pk_data->group = (guint8 *)wmem_alloc0(wmem_file_scope(), trp_pk_data->group_length); tvb_memcpy(tvb, trp_pk_data->group, gid_start, trp_pk_data->group_length); } } if (trp_pk_data) { /* We need to store the entire block_I for later use. */ trp_pk_data->block_I_length = offset - start_offset; trp_pk_data->block_I = (guint8 *)wmem_alloc0(wmem_file_scope(), trp_pk_data->block_I_length); tvb_memcpy(tvb, trp_pk_data->block_I, start_offset, trp_pk_data->block_I_length); } } } break; case TRP_RSP_REQUEST_SECURITY_SCOPES: { gint start_offset; guint8 *block_A; guint8 block_A_length; /* Initiator Ticket - Security.5 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree, offset, hf_initiator_ticket, ett_initiator_ticket, NULL); /* Initialization Block - TRP.5.2.1 */ /* A BLOCK */ { start_offset = offset; /* Initiator Duration Request */ proto_tree_add_item(trp_tree, hf_trp_duration, tvb, offset, 1, ENC_NA); offset += 1; /* Initiator Node Security Scope - Security.10 */ { offset = dof_dissect_pdu_as_field(dissect_2008_16_security_10, tvb, pinfo, trp_tree, offset, hf_security_scope, ett_security_scope, NULL); } /* Validation - Security.11 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_11, tvb, pinfo, trp_tree, offset, hf_initiator_validation, ett_initiator_validation, NULL); block_A_length = offset - start_offset; block_A = (guint8 *)wmem_alloc0(wmem_packet_scope(), block_A_length); tvb_memcpy(tvb, block_A, start_offset, block_A_length); } } break; case TRP_CMD_RESOLVE_CREDENTIAL: { guint8 *domain_buf = NULL; guint8 domain_length = 0; gint start_offset; /* Domain - Security.7 */ start_offset = offset; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree, offset, hf_domain, ett_domain, NULL); if (!packet_data->processed) { domain_length = offset - start_offset; domain_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), domain_length); tvb_memcpy(tvb, domain_buf, start_offset, domain_length); } /* Identity Resolution - Security.3.2 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_3_2, tvb, pinfo, trp_tree, offset, hf_identity_resolution, ett_identity_resolution, NULL); } break; case TRP_RSP_RESOLVE_CREDENTIAL: { /* Identity Resolution - Security.3.2 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_3_2, tvb, pinfo, trp_tree, offset, hf_identity_resolution, ett_identity_resolution, NULL); } break; case TRP_CMD_REQUEST_SESSION: { guint8 *domain_buf = NULL; guint8 domain_length = 0; gint start_offset; if (trp_data && trp_data->identity_length) { expert_add_info(pinfo, ti, &ei_trp_initiator_id_known); } /* Domain - Security.7 */ start_offset = offset; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree, offset, hf_domain, ett_domain, NULL); if (!packet_data->processed) { domain_length = offset - start_offset; domain_buf = (guint8 *)wmem_alloc0(wmem_packet_scope(), domain_length); tvb_memcpy(tvb, domain_buf, start_offset, domain_length); } /* Responder Block - Security.6.2 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_2, tvb, pinfo, trp_tree, offset, hf_responder_request, ett_responder_request, NULL); /* Initiator Block - Security.6.1 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_1, tvb, pinfo, trp_tree, offset, hf_initiator_request, ett_initiator_request, NULL); } break; case TRP_RSP_REQUEST_SESSION: { gint start_offset; guint8 *block_A; guint8 block_A_length; /* Responder Ticket - Security.5 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree, offset, hf_responder_ticket, ett_responder_ticket, NULL); /* Initiator Ticket - Security.5 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_5, tvb, pinfo, trp_tree, offset, hf_initiator_ticket, ett_initiator_ticket, NULL); /* Initialization Block - Security.6.3 */ /* A BLOCK */ { start_offset = offset; offset = dof_dissect_pdu_as_field(dissect_2008_16_security_6_3, tvb, pinfo, trp_tree, offset, hf_authentication_block, ett_authentication_block, NULL); block_A_length = offset - start_offset; block_A = (guint8 *)wmem_alloc0(wmem_packet_scope(), block_A_length); tvb_memcpy(tvb, block_A, start_offset, block_A_length); } } break; case TRP_CMD_VALIDATE_CREDENTIAL: { tvbuff_t *data_tvb; /* Domain - Security.7 */ offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree, offset, hf_domain, ett_domain, NULL); offset = dof_dissect_pdu_as_field(dissect_2008_16_security_3_1, tvb, pinfo, trp_tree, offset, hf_identity_resolution, ett_identity_resolution, NULL); data_tvb = tvb_new_subset_remaining(tvb, offset); call_data_dissector(data_tvb, pinfo, trp_tree); } break; case TRP_RSP_VALIDATE_CREDENTIAL: { tvbuff_t *data_tvb = tvb_new_subset_remaining(tvb, offset); call_data_dissector(data_tvb, pinfo, trp_tree); } break; } return offset; } /* Initialize Core Tunnel Functionality */ static void dof_tun_register(void) { static hf_register_info hf[] = { { &hf_2012_1_tunnel_1_version, { "Version", "dof.2012_1.tunnel_1.version", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_2012_1_tunnel_1_length, { "Length", "dof.2012_1.tunnel_1.length", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } }, }; static gint *ett[] = { &ett_2012_1_tunnel, }; proto_2012_1_tunnel = proto_register_protocol(TUNNEL_PROTOCOL_STACK, "DTPS", "dtps"); proto_register_field_array(proto_2012_1_tunnel, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); register_dissector_with_description("dof.tunnel", TUNNEL_PROTOCOL_STACK, dissect_tunnel_common, proto_2012_1_tunnel); dof_tun_app_dissectors = register_dissector_table("dof.tunnel.app", "DOF Tunnel Version", proto_2012_1_tunnel, FT_UINT8, BASE_DEC); } static void dof_tun_reset(void) { } static void dof_tun_cleanup(void) { } /* The registration hand-off routine */ static void dof_tun_handoff(void) { static dissector_handle_t tcp_handle; register_dissector_with_description("dof.app", TUNNEL_APPLICATION_PROTOCOL, dissect_tun_app_common, proto_2008_1_app); tcp_handle = create_dissector_handle(dissect_tunnel_tcp, proto_2012_1_tunnel); dissector_add_uint_with_preference("tcp.port", DOF_TUN_NON_SEC_TCP_PORT, tcp_handle); } /* Main DOF Registration Support */ static void dof_reset(void) { globals.next_session = 1; globals.next_transport_session = 1; globals.dof_packet_head = globals.dof_packet_tail = NULL; globals.global_security = &global_security; globals.learned_group_data = NULL; globals.decrypt_all_packets = decrypt_all_packets; globals.track_operations = track_operations; globals.track_operations_window = track_operations_window; init_addr_port_tables(); /* Reset the packet counter. */ next_dof_frame = 1; /* Load the template values for different groups. */ { secmode_field_t *list = secmode_list; guint i; global_security.group_data = g_new0(dof_group_data, num_secmode_list); global_security.group_data_count = num_secmode_list; for (i = 0; i < num_secmode_list; i++) { guint8 kek_len; dof_group_data *group_data = global_security.group_data + i; parse_hex_string(list[i].domain, &(group_data->domain), &(group_data->domain_length)); parse_hex_string(list[i].identity, &(group_data->identity), &(group_data->identity_length)); parse_hex_string(list[i].kek, &(group_data->kek), &kek_len); } } /* Load the template values for different secrets. */ { seckey_field_t *list = seckey_list; guint i; /* Clear existing. */ for (i = 0; i < global_security.session_key_count; i++) { dof_session_key_data *session_data = &global_security.session_key[i]; g_free(session_data->session_key); } g_free(global_security.session_key); global_security.session_key = NULL; global_security.session_key_count = 0; global_security.session_key = g_new0(dof_session_key_data, num_seckey_list); global_security.session_key_count = num_seckey_list; for (i = 0; i < num_seckey_list; i++) { guint8 key_len; dof_session_key_data *session_data = global_security.session_key + i; parse_hex_string(list[i].key, &(session_data->session_key), &key_len); } } /* Load the template values for different identities. */ { identsecret_field_t *list = identsecret_list; guint i; /* Clear existing. */ for (i = 0; i < global_security.identity_data_count; i++) { dof_identity_data *identity_data = &global_security.identity_data[i]; g_free(identity_data->domain); g_free(identity_data->identity); g_free(identity_data->secret); } g_free(global_security.identity_data); global_security.identity_data = NULL; global_security.identity_data_count = 0; global_security.identity_data = g_new0(dof_identity_data, num_identsecret_list); global_security.identity_data_count = num_identsecret_list; for (i = 0; i < num_identsecret_list; i++) { guint8 key_len; guint32 size; dof_identity_data *identity_data = global_security.identity_data + i; if (VALIDHEX(list[i].domain[0])) { parse_hex_string(list[i].domain, &(identity_data->domain), &(identity_data->domain_length)); } else { size = (guint32)strlen(list[i].domain); dof_oid_new_standard_string(list[i].domain, &size, &(identity_data->domain)); identity_data->domain_length = size; } if (VALIDHEX(list[i].identity[0])) { parse_hex_string(list[i].identity, &(identity_data->identity), &(identity_data->identity_length)); } else { size = (guint32)strlen(list[i].identity); dof_oid_new_standard_string(list[i].identity, &size, &(identity_data->identity)); identity_data->identity_length = size; } parse_hex_string(list[i].secret, &(identity_data->secret), &key_len); } } } static void dof_cleanup(void) { guint i; /* Clear existing. */ for (i = 0; i < global_security.group_data_count; i++) { dof_group_data *group_data = &global_security.group_data[i]; g_free(group_data->domain); g_free(group_data->identity); g_free(group_data->kek); } g_free(global_security.group_data); global_security.group_data = NULL; global_security.group_data_count = 0; } /** * Initialize Core DPS Functionality */ static void dof_register(void) { static hf_register_info hf[] = { { &hf_security_1_permission_type, { "Permission Type", "dof.2008.16.security.1.desired-duration", FT_UINT16, BASE_DEC, VALS(dof_2008_16_permission_type), 0, NULL, HFILL } }, { &hf_security_1_length, { "Length", "dof.2008.16.security.1.length", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_security_1_data, { "Data", "dof.2008.16.security.1.data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, /* Security.2 */ { &hf_security_2_count, { "Count", "dof.2008.16.security.2.count", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_security_2_permission, { "Permission", "dof.2008.16.security.2.permission", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, /* Security.3.1 */ { &hf_security_3_1_credential_type, { "Credential Type", "dof.2008.16.security.3.1.credential_type", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_security_3_1_stage, { "Stage", "dof.2008.16.security.3.1.stage", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_security_3_1_security_node_identifier, { "Security Node Identifier", "dof.2008.16.security.3.1.security_node_identifier", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, /* Security 3.2 */ { &hf_security_3_2_credential_type, { "Credential Type", "dof.2008.16.security.3.2.credential_type", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_security_3_2_stage, { "Stage", "dof.2008.16.security.3.2.stage", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_security_3_2_length, { "Length", "dof.2008.16.security.3.2.length", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_security_3_2_public_data, { "Public Data", "dof.2008.16.security.3.2.public_data", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, /* Security.4 */ { &hf_security_4_l, { "L", "dof.2008.16.security.4.l", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } }, { &hf_security_4_f, { "F", "dof.2008.16.security.4.f", FT_UINT8, BASE_DEC, NULL, 0x40, NULL, HFILL } }, { &hf_security_4_ln, { "Ln", "dof.2008.16.security.4.ln", FT_UINT8, BASE_DEC, NULL, 0x0F, NULL, HFILL } }, { &hf_security_4_identity, { "Identity", "dof.2008.16.security.4.identity", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_security_4_nonce, { "Nonce", "dof.2008.16.security.4.nonce", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_security_4_permission_set, { "Permission Set", "dof.2008.16.security.4.permission_set", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, /* Security.5 */ { &hf_security_5_mac, { "MAC", "dof.2008.16.security.5.mac", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_security_5_key, { "KEY", "dof.2008.16.security.5.key", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, /* Security.6.1 */ { &hf_security_6_1_desired_duration, { "Desired Duration", "dof.2008.16.security.6.1.desired_duration", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_security_6_1_desired_security_mode, { "Desired Security Mode", "dof.2008.16.security.6.1.desired_security_mode", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_security_6_1_initiator_request, { "Initiator Request", "dof.2008.16.security.6.1.initiator_request", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, /* Security.6.2 */ { &hf_security_6_2_responder_request, { "Responder Request", "dof.2008.16.security.6.2.responder_request", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, /* Security.6.3 */ { &hf_security_6_3_granted_duration, { "Granted Duration", "dof.2008.16.security.6.3.granted_duration", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_security_6_3_session_security_scope, { "Session Security Scope", "dof.2008.16.security.6.3.session_security_scope", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_security_6_3_initiator_validation, { "Initiator Validation", "dof.2008.16.security.6.3.initiator_validation", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_security_6_3_responder_validation, { "Responder Validation", "dof.2008.16.security.6.3.responder_validation", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, /* Security.9 */ { &hf_security_9_length, { "Length", "dof.2008.16.security.9.length", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_security_9_initial_state, { "Initial State", "dof.2008.16.security.9.initial_state", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, /* Security.10 */ { &hf_security_10_count, { "Count", "dof.2008.16.security.10.count", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_security_10_permission_group_identifier, { "Permission Group Identifier", "dof.2008.16.security.10.permission_group_identifier", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, /* Security.11 */ { &hf_security_11_count, { "Count", "dof.2008.16.security.11.count", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_security_11_permission_security_scope, { "Permission Security Scope", "dof.2008.16.security.11.permission_security_scope", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } }, /* Security.12 */ { &hf_security_12_m, { "M", "dof.2008.16.security.12.m", FT_UINT8, BASE_DEC, VALS(dof_2008_16_security_12_m), 0xC0, NULL, HFILL } }, { &hf_security_12_count, { "Count", "dof.2008.16.security.12.count", FT_UINT8, BASE_DEC, NULL, 0x3F, NULL, HFILL } }, { &hf_security_12_permission_group_identifier, { "Permission Group Identifier", "dof.2008.16.security.12.permission_group_identifier", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_2008_1_dof_session_transport, { "Transport Session", "dof.transport_session", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_2008_1_dof_session, { "DPS Session", "dof.session", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_2008_1_dof_frame, { "DPS Frame", "dof.frame", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_2008_1_dof_is_2_node, { "DPS Is 2 Node", "dof.is_2_node", FT_BOOLEAN, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_2008_1_dof_is_streaming, { "DPS Is Streaming", "dof.is_streaming", FT_BOOLEAN, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_2008_1_dof_is_from_client, { "DPS Is From Client", "dof.is_from_client", FT_BOOLEAN, BASE_DEC, NULL, 0x00, NULL, HFILL } } }; static gint *ett[] = { /* Security.2 */ &ett_security_2_permission, &ett_security_3_1_security_node_identifier, /* Security.11 */ &ett_security_11_permission_security_scope, &ett_security_6_1_desired_security_mode, &ett_security_6_1_initiator_request, &ett_security_6_2_responder_request, &ett_security_6_3_session_security_scope, &ett_security_6_3_initiator_validation, &ett_security_6_3_responder_validation, &ett_security_4_identity, &ett_security_4_permission_set, &ett_2008_1_dof, }; static ei_register_info ei[] = { #if 0 { &ei_undecoded, { "dof.undecoded", PI_UNDECODED, PI_WARN, "DOF: Some protocol octets were not decoded", EXPFILL } }, #endif { &ei_malformed, { "dof.malformed", PI_MALFORMED, PI_ERROR, "Malformed:", EXPFILL } }, { &ei_implicit_no_op, { "dof.implicit_no_op", PI_PROTOCOL, PI_COMMENT, "Implicit No-op", EXPFILL } }, { &ei_c2_c3_c4_format, { "dof.c2_c3_c4_format", PI_MALFORMED, PI_WARN, "DOF: Cx IE format", EXPFILL } }, { &ei_security_3_1_invalid_stage, { "dof.security.3.1.invalid_stage", PI_MALFORMED, PI_ERROR, "DPS: Security.3.1: Stage invalid.", EXPFILL } }, { &ei_security_4_invalid_bit, { "dof.security.4.invalid_bit", PI_MALFORMED, PI_WARN, "DPS: Security.4: Reserved bit set.", EXPFILL } }, { &ei_security_13_out_of_range, { "dof.security.13.out_of_range", PI_MALFORMED, PI_ERROR, "DPS: Security.13: Attribute Data out of range.", EXPFILL } }, }; /* Security mode of operation templates. */ static uat_field_t secmode_uat_fields[] = { UAT_FLD_CSTRING(secmode_list, domain, "Domain", "The domain, coded as hex digits of PDU Security.7."), UAT_FLD_CSTRING(secmode_list, identity, "Group ID", "The group identifier, coded as hex digits of PDU Security.8."), UAT_FLD_CSTRING(secmode_list, kek, "KEK", "The KEK, coded as hex digits representing the KEK (256-bit)."), UAT_END_FIELDS }; /* Security keys. */ static uat_field_t seckey_uat_fields[] = { UAT_FLD_CSTRING(seckey_list, key, "Session Key", "The session key to try to use, coded as hex digits representing the key (256-bit)."), UAT_END_FIELDS }; /* Identity secrets. */ static uat_field_t identsecret_uat_fields[] = { UAT_FLD_CSTRING(identsecret_list, domain, "Domain", "The domain, coded as hex digits of PDU Security.7."), UAT_FLD_CSTRING(identsecret_list, identity, "Identity", "The group identifier, coded as hex digits of PDU Security.8."), UAT_FLD_CSTRING_OTHER(identsecret_list, secret, "Secret", identsecret_chk_cb, "The resolved secret for a given identity, coded as hex digits representing the secret (256-bit)."), UAT_END_FIELDS }; module_t *dof_module; uat_t *secmode_uat; uat_t *seckey_uat; uat_t *identsecret_uat; expert_module_t *expert_security; dsp_option_dissectors = register_dissector_table("dof.dsp.options", "DSP Protocol Options", proto_2008_1_dsp, FT_UINT32, BASE_DEC); dof_sec_dissectors = register_dissector_table("dof.secmode", "DOF Security Mode of Operation", proto_2008_1_dof, FT_UINT16, BASE_DEC); register_dissector_table("dof.2008.1", "DOF Common PDU", proto_2008_1_dof, FT_STRING, BASE_DEC); proto_2008_1_dof = proto_register_protocol(DOF_PROTOCOL_STACK, "DOF", "dof"); proto_2008_1_dof_tcp = proto_register_protocol(DOF_PROTOCOL_STACK" TCP", "DOF-TCP", "dof-tcp"); proto_2008_1_dof_udp = proto_register_protocol(DOF_PROTOCOL_STACK" UDP", "DOF-UDP", "dof-udp"); proto_register_field_array(proto_2008_1_dof, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); expert_security = expert_register_protocol(proto_2008_1_dof); expert_register_field_array(expert_security, ei, array_length(ei)); dof_module = prefs_register_protocol(proto_2008_1_dof, dof_reset); secmode_uat = uat_new("DPS Security Mode Templates", sizeof(secmode_field_t), "custom_dof_secmode_list", TRUE, &secmode_list, &num_secmode_list, (UAT_AFFECTS_DISSECTION | UAT_AFFECTS_FIELDS), NULL, secmode_list_copy_cb, secmode_list_update_cb, secmode_list_free_cb, secmode_list_post_update_cb, NULL, secmode_uat_fields ); seckey_uat = uat_new("DPS Session Keys", sizeof(seckey_field_t), "custom_dof_seckey_list", TRUE, &seckey_list, &num_seckey_list, (UAT_AFFECTS_DISSECTION | UAT_AFFECTS_FIELDS), NULL, seckey_list_copy_cb, seckey_list_update_cb, seckey_list_free_cb, seckey_list_post_update_cb, NULL, seckey_uat_fields ); identsecret_uat = uat_new("DPS Identity Secrets", sizeof(identsecret_field_t), "custom_dof_identsecret_list", TRUE, &identsecret_list, &num_identsecret_list, (UAT_AFFECTS_DISSECTION | UAT_AFFECTS_FIELDS), NULL, identsecret_list_copy_cb, identsecret_list_update_cb, identsecret_list_free_cb, identsecret_list_post_update_cb, NULL, identsecret_uat_fields ); prefs_register_bool_preference(dof_module, "custom_dof_decrypt_all", "Attempt to decrypt all packets", "Specifies that decryption should be attempted on all packets, even if the session initialization wasn't captured.", &decrypt_all_packets); prefs_register_bool_preference(dof_module, "custom_dof_track_operations", "Track DPS operations", "Specifies that operations should be tracked across multiple packets, providing summary lists. This takes time and memory.", &track_operations); prefs_register_uint_preference(dof_module, "custom_dof_track_operations_window", "Track DPS window", "Limits the number of operations shown before and after the current operations", 10, &track_operations_window); prefs_register_static_text_preference(dof_module, "name4567", "The following are tables not preferences.", "These tables are not controlled by OK, Apply, and Cancel of this dialog."); prefs_register_uat_preference(dof_module, "custom_dof_secmode_list", "DPS Security Mode Templates", "A table of security modes and initialization data that will be tried if no security mode is found.", secmode_uat); prefs_register_uat_preference(dof_module, "custom_dof_seckey_list", "DPS Session Keys", "A table of session keys to attempt if none is known.", seckey_uat); prefs_register_uat_preference(dof_module, "custom_dof_identsecret_list", "DPS Identity Secrets", "A table of secrets for different identities.", identsecret_uat); } static void dof_handoff(void) { static dissector_handle_t tcp_handle; dof_oid_handle = register_dissector_with_description("dof.oid", DOF_OBJECT_IDENTIFIER, dissect_2009_11_type_4, oid_proto); tcp_handle = create_dissector_handle(dissect_dof_tcp, proto_2008_1_dof); dof_udp_handle = create_dissector_handle(dissect_dof_udp, proto_2008_1_dof); dissector_add_uint_with_preference("tcp.port", DOF_P2P_NEG_SEC_TCP_PORT, tcp_handle); dissector_add_uint_range_with_preference("udp.port", DOF_NEG_SEC_UDP_PORT_RANGE, dof_udp_handle); } /* OID Registration Support */ static void oid_reset(void) { } static void oid_cleanup(void) { } /* Initialize OID */ static void oid_register(void) { static hf_register_info hf[] = { { &hf_oid_class, { "Class", "dof.oid.class", FT_UINT32, BASE_DEC, NULL, 0, "DPS Object Identifier Class", HFILL } }, { &hf_oid_header, { "Header", "dof.oid.header", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } }, { &hf_oid_attribute, { "Attribute", "dof.oid.attribute", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } }, { &hf_oid_length, { "Length", "dof.oid.length", FT_UINT8, BASE_DEC, NULL, 0x3F, NULL, HFILL } }, { &hf_oid_data, { "Data", "dof.oid.data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_oid_all_attribute_data, { "Attribute Data", "dof.oid.attribute-data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_oid_attribute_header, { "Header", "dof.attribute.header", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } }, { &hf_oid_attribute_attribute, { "Attribute", "dof.attribute.attribute", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } }, { &hf_oid_attribute_id, { "ID", "dof.attribute.id", FT_UINT8, BASE_DEC, NULL, 0x7F, NULL, HFILL } }, { &hf_oid_attribute_length, { "Length", "dof.attribute.length", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_oid_attribute_data, { "Data", "dof.attribute.data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_oid_attribute_oid, { "OID", "dof.attribute.oid", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, }; static gint *ett[] = { &ett_oid, &ett_oid_header, &ett_oid_attribute, &ett_oid_attribute_header, &ett_oid_attribute_oid, }; static ei_register_info ei[] = { { &ei_type_4_header_zero, { "dof.oid.header_zero", PI_MALFORMED, PI_ERROR, "DOF Violation: Type.4: Header bit mandated 0.", EXPFILL } }, }; if (oid_proto == -1) { expert_module_t *expert_oid; oid_proto = proto_register_protocol(DOF_OBJECT_IDENTIFIER, "DPS.OID", "dof.oid"); proto_register_field_array(oid_proto, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); expert_oid = expert_register_protocol(oid_proto); expert_register_field_array(expert_oid, ei, array_length(ei)); } } static void oid_handoff(void) { } /* DNP Registration Support */ static guint dof_ns_session_key_hash_fn(gconstpointer key) { const dof_ns_session_key *session_key = (const dof_ns_session_key *)key; guint result = 0; result += g_int_hash(&session_key->transport_session_id); result += g_int_hash(&session_key->client); result += g_int_hash(&session_key->server); return result; } static gboolean dof_ns_session_key_equal_fn(gconstpointer key1, gconstpointer key2) { const dof_ns_session_key *session_key_ptr1 = (const dof_ns_session_key *)key1; const dof_ns_session_key *session_key_ptr2 = (const dof_ns_session_key *)key2; if (session_key_ptr1->transport_session_id != session_key_ptr2->transport_session_id) return FALSE; if (session_key_ptr1->client != session_key_ptr2->client) return FALSE; if (session_key_ptr1->server != session_key_ptr2->server) return FALSE; return TRUE; } static void dof_dnp_reset(void) { dof_ns_session_lookup = g_hash_table_new_full(dof_ns_session_key_hash_fn, dof_ns_session_key_equal_fn, g_free, NULL); } static void dof_dnp_cleanup(void) { g_hash_table_destroy(dof_ns_session_lookup); dof_ns_session_lookup = NULL; } static void dof_register_dnp_0(void) { static hf_register_info hf[] = { { &hf_2008_1_dnp_0_1_1_padding, { "Padding", "dof.dnp.v0.padding", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_2008_1_dnp_0_1_1_version, { "Version", "dof.dnp.v0.version", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } }, }; if (proto_2008_1_dnp_0 == -1) { proto_2008_1_dnp_0 = proto_register_protocol(DOF_NETWORK_PROTOCOL " V0", "DPS.DNP.V0", "dof.dnp.v0"); proto_register_field_array(proto_2008_1_dnp_0, hf, array_length(hf)); } } /** * The registration hand-off routine */ static void dof_reg_handoff_dnp_0(void) { dissector_handle_t dnp_handle; dnp_handle = create_dissector_handle(dissect_dnp_0, proto_2008_1_dnp_0); dissector_add_uint("dof.dnp", 0, dnp_handle); } static void dof_register_dnp_1(void) { expert_module_t *expert_dnp; static hf_register_info hf[] = { { &hf_2009_9_dnp_1_flags, { "Flags", "dof.2009_9.dnp_1.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } }, { &hf_2009_9_dnp_1_flag_length, { "Length Size", "dof.2009_9.dnp_1.flags.lengthsize", FT_UINT8, BASE_DEC, NULL, 0x03, NULL, HFILL } }, { &hf_2009_9_dnp_1_flag_srcport, { "Source Port", "dof.2009_9.dnp_1.flags.srcport", FT_UINT8, BASE_DEC, NULL, 0x04, NULL, HFILL } }, { &hf_2009_9_dnp_1_flag_dstport, { "Destination Port", "dof.2009_9.dnp_1.flags.dstport", FT_UINT8, BASE_DEC, NULL, 0x08, NULL, HFILL } }, { &hf_2009_9_dnp_1_length, { "Length", "dof.2009_9.dnp_1.length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_2009_9_dnp_1_srcport, { "Source Port", "dof.2009_9.dnp_1.srcport", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_2009_9_dnp_1_dstport, { "Destination Port", "dof.2009_9.dnp_1.dstport", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, }; static gint *ett[] = { &ett_2009_9_dnp_1_flags, }; static ei_register_info ei[] = { { &ei_dof_10_flags_zero, { "dof.dnp.v1.flags_zero", PI_UNDECODED, PI_ERROR, "DPS-10: Reserved flag bits must be zero.", EXPFILL } }, #if 0 { &ei_dof_13_length_specified, { "dof.dnp.v1.length_specified", PI_UNDECODED, PI_ERROR, "DPS-13: Length must be specified on a connection.", EXPFILL } }, #endif }; if (proto_2009_9_dnp_1 == -1) { proto_2009_9_dnp_1 = proto_register_protocol(DOF_NETWORK_PROTOCOL " V1", "DOF.DNP.V1", "dof.dnp.v1"); proto_register_field_array(proto_2009_9_dnp_1, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); expert_dnp = expert_register_protocol(proto_2009_9_dnp_1); expert_register_field_array(expert_dnp, ei, array_length(ei)); } } /** * The registration hand-off routine */ static void dof_reg_handoff_dnp_1(void) { dissector_handle_t dnp_handle, dnp_frame_handle; dnp_handle = create_dissector_handle(dissect_dnp_1, proto_2009_9_dnp_1); dnp_frame_handle = create_dissector_handle(determine_packet_length_1, proto_2009_9_dnp_1); dissector_add_uint("dof.dnp", 1, dnp_handle); dissector_add_uint("dof.dnp.frame", 1, dnp_frame_handle); } static void dof_dnp_handoff(void) { dof_reg_handoff_dnp_0(); dof_reg_handoff_dnp_1(); } /** * Initialize Core DNP Functionality */ static void dof_dnp_register(void) { static hf_register_info hf[] = { { &hf_2008_1_dnp_1_flag, { "Flag", "dof.2008_1.dnp_1.flag", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x80, NULL, HFILL } }, { &hf_2008_1_dnp_1_version, { "Version", "dof.2008_1.dnp_1.version", FT_UINT8, BASE_DEC, NULL, 0x7F, NULL, HFILL } }, }; static gint *ett[] = { &ett_2008_1_dnp, &ett_2008_1_dnp_header, }; proto_2008_1_dnp = proto_register_protocol(DOF_NETWORK_PROTOCOL, "DPS.DNP", "dof.dnp"); proto_register_field_array(proto_2008_1_dnp, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); dnp_dissectors = register_dissector_table("dof.dnp", "DOF DNP Version", proto_2008_1_dnp, FT_UINT8, BASE_DEC); dnp_framing_dissectors = register_dissector_table("dof.dnp.frame", "DOF DNP Framing", proto_2008_1_dnp, FT_UINT8, BASE_DEC); dof_register_dnp_0(); dof_register_dnp_1(); } /* DPP Registration Support */ /** * This routine is called each time the system is reset (file load, capture) * and so it should take care of freeing any of our persistent stuff. */ static void dof_dpp_reset(void) { dpp_reset_opid_support(); dpp_reset_sid_support(); } static void dof_dpp_cleanup(void) { } static void dof_register_dpp_0(void) { static hf_register_info hf[] = { { &hf_2008_1_dpp_0_1_1_version, { "Version", "dof.dpp.v0.version", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } }, }; if (proto_2008_1_dpp_0 == -1) { proto_2008_1_dpp_0 = proto_register_protocol(DOF_PRESENTATION_PROTOCOL " V0", "DPS.DPP.V0", "dof.dpp.v0"); proto_register_field_array(proto_2008_1_dpp_0, hf, array_length(hf)); } } /** * The registration hand-off routine */ static void dof_reg_handoff_dpp_0(void) { dissector_handle_t dpp_handle; dpp_handle = create_dissector_handle(dissect_dpp_0, proto_2008_1_dpp_0); dissector_add_uint("dof.dpp", 0, dpp_handle); } static void dof_register_dpp_2(void) { expert_module_t *expert_dpp; static hf_register_info hf[] = { { &hf_2009_12_dpp_2_1_flags, { "Flags", "dof.dpp.v2.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } }, { &hf_2009_12_dpp_2_1_flag_security, { "Secure", "dof.dpp.v2.flags.security", FT_BOOLEAN, 8, NULL, 0x80, NULL, HFILL } }, { &hf_2009_12_dpp_2_1_flag_opid, { "Operation ID Type", "dof.dpp.v2.flags.opidtype", FT_UINT8, BASE_DEC, VALS(strings_2009_12_dpp_opid_types), 0x60, NULL, HFILL } }, { &hf_2009_12_dpp_2_1_flag_cmdrsp, { "Command/Response", "dof.dpp.v2.flags.cmdrsp", FT_BOOLEAN, 8, TFS(&tfs_response_command), 0x10, NULL, HFILL } }, { &hf_2009_12_dpp_2_1_flag_seq, { "Sequence", "dof.dpp.v2.flags.sequence", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x04, NULL, HFILL } }, { &hf_2009_12_dpp_2_1_flag_retry, { "Retry", "dof.dpp.v2.flags.retry", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x02, NULL, HFILL } }, { &hf_2009_12_dpp_2_3_sec_flags, { "Flags", "dof.dpp.v2.security.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } }, { &hf_2009_12_dpp_2_3_sec_flag_secure, { "Security Mode Header", "dof.dpp.v2.security.flags.securitymodeheader", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } }, { &hf_2009_12_dpp_2_3_sec_flag_rdid, { "Remote Domain ID", "dof.dpp.v2.security.flags.rdid", FT_UINT8, BASE_DEC, NULL, 0x08, NULL, HFILL } }, { &hf_2009_12_dpp_2_3_sec_flag_partition, { "Partition Present", "dof.dpp.v2.security.flags.partition", FT_UINT8, BASE_DEC, NULL, 0x04, NULL, HFILL } }, { &hf_2009_12_dpp_2_3_sec_flag_ssid, { "SSID Present", "dof.dpp.v2.security.flags.ssid", FT_UINT8, BASE_DEC, NULL, 0x01, NULL, HFILL } }, { &hf_2009_12_dpp_2_3_sec_flag_as, { "AS Present", "dof.dpp.v2.security.flags.as", FT_UINT8, BASE_DEC, NULL, 0x02, NULL, HFILL } }, { &hf_2009_12_dpp_2_3_sec_ssid, { "Security State Identifier", "dof.dpp.v2.security.ssid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_2009_12_dpp_2_3_sec_rdid, { "Remote Domain Identifier", "dof.dpp.v2.security.rdid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_2009_12_dpp_2_3_sec_remote_partition, { "Remote Security Scope", "dof.dpp.v2.security.remote-scope", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_2009_12_dpp_2_3_sec_partition, { "Security Scope", "dof.dpp.v2.security.scope", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_2009_12_dpp_2_1_opcnt, { "Operation Count", "dof.dpp.v2.opcnt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_2009_12_dpp_2_1_seq, { "Sequence", "dof.dpp.v2.sequence", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_2009_12_dpp_2_1_retry, { "Retry", "dof.dpp.v2.retry", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_2009_12_dpp_2_1_delay, { "Delay", "dof.dpp.v2.delay", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } }, }; static hf_register_info shf[] = { { &hf_2009_12_dpp_2_14_opcode, { "Opcode", "dof.dpp.v2s.opcode", FT_UINT8, BASE_DEC, VALS(strings_2009_12_dpp_common_opcodes), 0x0, NULL, HFILL } }, }; static gint *ett[] = { &ett_2009_12_dpp_2_1_flags, &ett_2009_12_dpp_2_opid, &ett_2009_12_dpp_2_opid_history, &ett_2009_12_dpp_2_3_security, &ett_2009_12_dpp_2_3_sec_flags, &ett_2009_12_dpp_2_3_sec_remote_partition, &ett_2009_12_dpp_2_3_sec_partition, }; static ei_register_info ei[] = { { &ei_dpp2_dof_10_flags_zero, { "dof.dpp.v2.flags_zero", PI_UNDECODED, PI_ERROR, "DPS-10: Reserved flag bits must be zero.", EXPFILL } }, { &ei_dpp_default_flags, { "dof.dpp.v2.flags_included", PI_COMMENTS_GROUP, PI_NOTE, "Default flag value is included explicitly.", EXPFILL } }, { &ei_dpp_explicit_sender_sid_included, { "dof.dpp.v2.sender_sid_included", PI_PROTOCOL, PI_NOTE, "Explicit SID could be optimized, same as sender.", EXPFILL } }, { &ei_dpp_explicit_receiver_sid_included, { "dof.dpp.v2.receiver_sid_included", PI_PROTOCOL, PI_NOTE, "Explicit SID could be optimized, same as receiver.", EXPFILL } }, { &ei_dpp_no_security_context, { "dof.dpp.v2.no_context", PI_UNDECODED, PI_WARN, "No security context to enable packet decryption.", EXPFILL } }, }; static gint *sett[] = { &ett_2009_12_dpp_common, }; if (proto_2009_12_dpp == -1) { proto_2009_12_dpp = proto_register_protocol(DOF_PRESENTATION_PROTOCOL " V2", "DPS.DPP.V2", "dof.dpp.v2"); proto_register_field_array(proto_2009_12_dpp, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); } if (proto_2009_12_dpp_common == -1) { proto_2009_12_dpp_common = proto_register_protocol(DOF_PRESENTATION_PROTOCOL " V2 Support", "DPS.DPP.V2S", "dof.dpp.v2s"); proto_register_field_array(proto_2009_12_dpp, shf, array_length(shf)); proto_register_subtree_array(sett, array_length(sett)); expert_dpp = expert_register_protocol(proto_2009_12_dpp); expert_register_field_array(expert_dpp, ei, array_length(ei)); } } /** * The registration hand-off routine */ static void dof_reg_handoff_dpp_2(void) { dissector_handle_t dpp_handle; dpp_handle = create_dissector_handle(dissect_dpp_2, proto_2009_12_dpp); dissector_add_uint("dof.dpp", 2, dpp_handle); } /** * Initialize Core DPP Functionality */ static void dof_dpp_register(void) { static hf_register_info hf[] = { { &hf_2008_1_dpp_sid_num, { "SID ID", "dof.dpp.v2.sid-id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_2008_1_dpp_sid_str, { "SID", "dof.dpp.v2.sid", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_2008_1_dpp_rid_num, { "RID ID", "dof.dpp.v2.rid-id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_2008_1_dpp_rid_str, { "RID", "dof.dpp.v2.rid", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_2008_1_dpp_first_command, { "First Operation", "dof.dpp.v2.first-operation", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_2008_1_dpp_last_command, { "Last Operation", "dof.dpp.v2.last-operation", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_2008_1_dpp_first_response, { "First Response", "dof.dpp.v2.first-response", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_2008_1_dpp_last_response, { "Last Response", "dof.dpp.v2.last-response", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_2008_1_dpp_related_frame, { "Related Frame", "dof.dpp.v2.related-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_2008_1_dpp_1_flag, { "Flags", "dof.dpp.flag", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x80, NULL, HFILL } }, { &hf_2008_1_dpp_1_version, { "Version", "dof.dpp.version", FT_UINT8, BASE_DEC, NULL, 0x7F, NULL, HFILL } }, }; static gint *ett[] = { &ett_2008_1_dpp, &ett_2008_1_dpp_1_header, }; static ei_register_info ei[] = { { &ei_dof_6_timeout, { "dof.dpp.timeout", PI_PROTOCOL, PI_ERROR, "DOF Violation: DPS.6: Negotiation not complete within 10 seconds.", EXPFILL } }, }; if (proto_2008_1_dpp == -1) { expert_module_t *expert_dpp; proto_2008_1_dpp = proto_register_protocol(DOF_PRESENTATION_PROTOCOL, "DPS.DPP", "dof.dpp"); proto_register_field_array(proto_2008_1_dpp, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); dof_dpp_dissectors = register_dissector_table("dof.dpp", "DOF DPP Version", proto_2008_1_dpp, FT_UINT8, BASE_DEC); expert_dpp = expert_register_protocol(proto_2008_1_dpp); expert_register_field_array(expert_dpp, ei, array_length(ei)); } dof_register_dpp_0(); dof_register_dpp_2(); } static void dof_dpp_handoff(void) { dof_reg_handoff_dpp_0(); dof_reg_handoff_dpp_2(); } /* General Application Registration Support */ static void app_reset(void) { } static void app_cleanup(void) { } /** * Initialize Core DPP Functionality */ static void app_register(void) { if (proto_2008_1_app == -1) { proto_2008_1_app = proto_register_protocol(DOF_APPLICATION_PROTOCOL, "DPS.APP", "dof.app"); app_dissectors = register_dissector_table("dof.app", "DOF APP Version", proto_2008_1_app, FT_UINT16, BASE_DEC); } } static void app_handoff(void) { } /* DSP Registration Support */ static void dof_dsp_reset(void) { } static void dof_dsp_cleanup(void) { } static void dof_register_dsp_0(void) { static hf_register_info hf[] = { { &hf_2008_1_app_version, { "APPID", "dof.app.v0.appid", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL } }, { &hf_2008_1_dsp_12_opcode, { "Opcode", "dof.dsp.opcode", FT_UINT8, BASE_DEC, VALS(strings_2008_1_dsp_opcodes), 0x0, NULL, HFILL } }, { &hf_2008_1_dsp_attribute_code, { "Attribute Code", "dof.dsp.avp.attribute-code", FT_UINT8, BASE_DEC, VALS(strings_2008_1_dsp_attribute_codes), 0x00, NULL, HFILL } }, { &hf_2008_1_dsp_attribute_data, { "Attribute Data", "dof.dsp.avp.attribute-data", FT_UINT16, BASE_HEX, NULL, 0x00, NULL, HFILL } }, { &hf_2008_1_dsp_value_length, { "Value Length", "dof.dsp.avp.value-length", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_2008_1_dsp_value_data, { "Value Data", "dof.dsp.avp.value-data", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } }, }; static gint *ett[] = { &ett_2008_1_dsp_12, &ett_2008_1_dsp_12_options, &ett_2008_1_dsp_12_option, }; proto_2008_1_dsp = proto_register_protocol("DOF Session Protocol", "DOF.ESP", "dof.esp"); proto_register_field_array(proto_2008_1_dsp, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); } /** * The registration hand-off routine */ static void dof_reg_handoff_dsp_0(void) { dissector_handle_t dsp_handle = create_dissector_handle(dissect_dsp, proto_2008_1_dsp); dissector_add_uint("dof.app", 0, dsp_handle); } static void dof_dsp_register(void) { dof_register_dsp_0(); } static void dof_dsp_handoff(void) { dof_reg_handoff_dsp_0(); } /* CCM Registration Support */ static void dof_ccm_reset(void) { } static void dof_ccm_cleanup(void) { } static void dof_register_ccm_24577(void) { expert_module_t *expert_ccm; static hf_register_info hfdsp[] = { { &hf_ccm_dsp_option, { "CCM Security Mode", "dof.ccm.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_ccm_dsp_strength_count, { "CCM Strength Count", "dof.ccm.strength-count", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_ccm_dsp_strength, { "CCM Strength", "dof.ccm.strength", FT_UINT8, BASE_DEC, VALS(ccm_strengths), 0x0, NULL, HFILL } }, { &hf_ccm_dsp_e_flag, { "CCM Minimum Encrypt", "dof.ccm.encrypt.min", FT_BOOLEAN, 8, TFS(&tfs_encrypt_do_not_encrypt), 0x80, NULL, HFILL } }, { &hf_ccm_dsp_m_flag, { "CCM Maximum Encrypt", "dof.ccm.encrypt.max", FT_BOOLEAN, 8, TFS(&tfs_encrypt_do_not_encrypt), 0x40, NULL, HFILL } }, { &hf_ccm_dsp_tmax, { "CCM Maximum MAC", "dof.ccm.mac.max", FT_UINT8, BASE_DEC, NULL, 0x38, NULL, HFILL } }, { &hf_ccm_dsp_tmin, { "CCM Minimum MAC", "dof.ccm.mac.min", FT_UINT8, BASE_DEC, NULL, 0x07, NULL, HFILL } }, }; static hf_register_info hf[] = { { &hf_ccm_opcode, { "Opcode", "dof.ccm.opcode", FT_UINT8, BASE_DEC, VALS(ccm_opcode_strings), 0x0, NULL, HFILL } }, }; static gint *ett[] = { &ett_ccm_dsp_option, &ett_ccm_dsp, &ett_ccm, }; static hf_register_info hfheader[] = { { &hf_epp_v1_ccm_flags, { "Flags", "dof.epp.v1.ccm.flags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } }, { &hf_epp_v1_ccm_flags_manager, { "Manager", "dof.epp.v1.ccm.flags.manager", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } }, { &hf_epp_v1_ccm_flags_period, { "Period", "dof.epp.v1.ccm.flags.period", FT_UINT8, BASE_DEC, NULL, 0x70, NULL, HFILL } }, { &hf_epp_v1_ccm_flags_target, { "Target", "dof.epp.v1.ccm.flags.target", FT_UINT8, BASE_DEC, NULL, 0x08, NULL, HFILL } }, { &hf_epp_v1_ccm_flags_next_nid, { "Next Node Identifier", "dof.epp.v1.ccm.flags.next-nid", FT_UINT8, BASE_DEC, NULL, 0x02, NULL, HFILL } }, { &hf_epp_v1_ccm_flags_packet, { "Packet", "dof.epp.v1.ccm.flags.packet", FT_UINT8, BASE_DEC, NULL, 0x01, NULL, HFILL } }, { &hf_epp_v1_ccm_nid, { "Node ID", "dof.epp.v1.ccm.nodeid", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_epp_v1_ccm_slot, { "Slot", "dof.epp.v1.ccm.slot", FT_UINT16, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_epp_v1_ccm_pn, { "Packet", "dof.epp.v1.ccm.packet", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_epp_v1_ccm_tnid, { "Target Node ID", "dof.epp.v1.ccm.target", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_epp_v1_ccm_nnid, { "Next Node ID", "dof.epp.v1.ccm.nnid", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, }; static gint *ettheader[] = { &ett_epp_v1_ccm_flags, &ett_header, }; static ei_register_info ei[] = { { &ei_decode_failure, { "dof.ccm.decode_failure", PI_UNDECODED, PI_WARN, "Failure to decrypt packet.", EXPFILL } }, }; /* No Configuration options to register? */ proto_ccm_app = proto_register_protocol("DOF CCM Security Mode App", "DOF.CCM.APP", "dof.ccm.app"); proto_ccm = proto_register_protocol("DOF CCM Security Mode of Operation", "DOF.CCM", "dof.ccm"); proto_ccm_dsp = proto_register_protocol("DOF CCM Security Mode DSP Options", "DOF.CCM.DSP", "dof.ccm.dsp"); proto_register_field_array(proto_ccm_app, hf, array_length(hf)); proto_register_field_array(proto_ccm_dsp, hfdsp, array_length(hfdsp)); proto_register_subtree_array(ett, array_length(ett)); proto_register_field_array(proto_ccm, hfheader, array_length(hfheader)); proto_register_subtree_array(ettheader, array_length(ettheader)); expert_ccm = expert_register_protocol(proto_ccm); expert_register_field_array(expert_ccm, ei, array_length(ei)); } /** * The registration hand-off routine */ static void dof_reg_handoff_ccm_24577(void) { static dissector_handle_t ccm_app_handle; static dissector_handle_t dsp_handle; static dissector_handle_t ccm_handle; ccm_app_handle = create_dissector_handle(dissect_ccm_app, proto_ccm_app); dsp_handle = create_dissector_handle(dissect_ccm_dsp, proto_ccm_dsp); ccm_handle = create_dissector_handle(dissect_ccm, proto_ccm); dissector_add_uint("dof.app", DOF_PROTOCOL_CCM, ccm_app_handle); dissector_add_uint("dof.dsp.options", DSP_CCM_FAMILY | DOF_PROTOCOL_CCM, dsp_handle); dissector_add_uint("dof.secmode", DOF_PROTOCOL_CCM, ccm_handle); } static void dof_ccm_register(void) { dof_register_ccm_24577(); } static void dof_ccm_handoff(void) { dof_reg_handoff_ccm_24577(); } /* OAP Registration Support */ static void dof_oap_reset(void) { /* The value is not allocated, so does not need to be freed. */ oap_1_alias_to_binding = g_hash_table_new_full(oap_1_alias_hash_func, oap_1_alias_equal_func, NULL, NULL); } static void dof_oap_cleanup(void) { g_hash_table_destroy(oap_1_alias_to_binding); oap_1_alias_to_binding = NULL; } static void dof_register_oap_1(void) { expert_module_t *expert_oap; static hf_register_info hfdsp[] = { { &hf_oap_1_dsp_option, { "Object Access Protocol", "dof.oap.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } }, }; static hf_register_info hf[] = { { &hf_oap_1_opcode, { "Opcode", "dof.oap.opcode", FT_UINT8, BASE_DEC, VALS(oap_opcode_strings), 0x1F, NULL, HFILL } }, { &hf_oap_1_alias_size, { "Alias Length", "dof.oap.aliaslen", FT_UINT8, BASE_DEC, NULL, 0xC0, NULL, HFILL } }, { &hf_oap_1_flags, { "Flags", "dof.oap.flags", FT_UINT8, BASE_DEC, NULL, 0x20, NULL, HFILL } }, { &hf_oap_1_exception_internal_flag, { "Internal Exception", "dof.oap.exception.internal", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } }, { &hf_oap_1_exception_final_flag, { "Final Exception", "dof.oap.exception.final", FT_UINT8, BASE_DEC, NULL, 0x40, NULL, HFILL } }, { &hf_oap_1_exception_provider_flag, { "Exception Provider", "dof.oap.exception.provider", FT_UINT8, BASE_DEC, NULL, 0x20, NULL, HFILL } }, { &hf_oap_1_cmdcontrol, { "Command Control", "dof.oap.cmdcontrol", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } }, { &hf_oap_1_cmdcontrol_cache_flag, { "Cache Delay Flag", "dof.oap.cmdcontrol.flag.cache", FT_UINT8, BASE_HEX, NULL, 0x40, NULL, HFILL } }, { &hf_oap_1_cmdcontrol_cache, { "Cache Delay", "dof.oap.cmdcontrol.cache", FT_UINT8, BASE_HEX, NULL, 0x00, NULL, HFILL } }, { &hf_oap_1_cmdcontrol_verbosity_flag, { "Verbosity Flag", "dof.oap.cmdcontrol.flag.verbosity", FT_UINT8, BASE_HEX, NULL, 0x30, NULL, HFILL } }, { &hf_oap_1_cmdcontrol_noexecute_flag, { "No Execute Flag", "dof.oap.cmdcontrol.flag.noexecute", FT_UINT8, BASE_HEX, NULL, 0x08, NULL, HFILL } }, { &hf_oap_1_cmdcontrol_ack_flag, { "Ack List Flag", "dof.oap.cmdcontrol.flag.ack", FT_UINT8, BASE_HEX, NULL, 0x04, NULL, HFILL } }, { &hf_oap_1_cmdcontrol_ackcnt, { "Ack List Count", "dof.oap.cmdcontrol.ackcnt", FT_UINT8, BASE_HEX, NULL, 0x00, NULL, HFILL } }, { &hf_oap_1_cmdcontrol_ack, { "Ack", "dof.oap.cmdcontrol.ack", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } }, { &hf_oap_1_cmdcontrol_delay_flag, { "Execution Delay Flag", "dof.oap.cmdcontrol.flag.delay", FT_UINT8, BASE_HEX, NULL, 0x02, NULL, HFILL } }, { &hf_oap_1_cmdcontrol_heuristic_flag, { "Heuristic Flag", "dof.oap.cmdcontrol.flag.heuristic", FT_UINT8, BASE_HEX, NULL, 0x01, NULL, HFILL } }, { &hf_oap_1_cmdcontrol_heuristic, { "Heuristic", "dof.oap.cmdcontrol.heuristic", FT_UINT8, BASE_HEX, NULL, 0x00, NULL, HFILL } }, { &hf_oap_1_providerid, { "Provider ID", "dof.oap.provider-id", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_oap_1_objectid, { "Object ID", "dof.oap.object-id", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_oap_1_interfaceid, { "Interface ID", "dof.oap.interface-id", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_oap_1_itemid, { "Item ID", "dof.oap.item-id", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } }, #if 0 /* not used yet */ { &hf_oap_1_distance, { "Distance", "dof.oap.distance", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } }, #endif { &hf_oap_1_alias, { "Alias", "dof.oap.alias", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_oap_1_alias_frame, { "Alias Frame", "dof.oap.alias-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } }, #if 0 /* not used yet */ { &hf_oap_1_opinfo_start_frame, { "Command Frame", "dof.oap.command-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_oap_1_opinfo_end_frame, { "Response Frame", "dof.oap.response-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_oap_1_opinfo_timeout, { "Operation Timeout", "dof.oap.opid.timeout", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } }, #endif { &hf_oap_1_subscription_delta, { "Minimum Delta", "dof.oap.subscription.min-delta", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_oap_1_update_sequence, { "Sequence", "dof.oap.sequence", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_oap_1_value_list, { "OAP Value List", "dof.oap.value_list", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, }; static gint *ett[] = { &ett_oap_1_dsp, &ett_oap_1_dsp_options, &ett_oap_1, &ett_oap_1_opinfo, &ett_oap_1_cmdcontrol, &ett_oap_1_cmdcontrol_flags, &ett_oap_1_cmdcontrol_ack, &ett_oap_1_alias, &ett_oap_1_objectid, &ett_oap_1_1_providerid, }; static ei_register_info ei[] = { { &ei_oap_no_session, { "dof.oap.no_session", PI_PROTOCOL, PI_ERROR, "Session not found", EXPFILL } }, }; proto_oap_1 = proto_register_protocol("DOF Object Access Protocol", "DOF.OAP", "dof.oap"); proto_oap_1_dsp = proto_register_protocol("DOF Object Access Protocol DSP Options", "DOF.OAP.DSP", "dof.oap.dsp"); proto_register_field_array(proto_oap_1, hf, array_length(hf)); proto_register_field_array(proto_oap_1_dsp, hfdsp, array_length(hfdsp)); proto_register_subtree_array(ett, array_length(ett)); expert_oap = expert_register_protocol(proto_oap_1); expert_register_field_array(expert_oap, ei, array_length(ei)); } /** * The registration hand-off routine */ static void dof_reg_handoff_oap_1(void) { dissector_handle_t oap_handle = create_dissector_handle(dissect_oap, proto_oap_1); dissector_handle_t dsp_handle = create_dissector_handle(dissect_oap_dsp, proto_oap_1_dsp); dissector_add_uint("dof.app", DOF_PROTOCOL_OAP_1, oap_handle); dissector_add_uint("dof.dsp.options", DSP_OAP_FAMILY | DOF_PROTOCOL_OAP_1, dsp_handle); } static void dof_oap_register(void) { dof_register_oap_1(); } static void dof_oap_handoff(void) { dof_reg_handoff_oap_1(); } /* SGMP Registration Support */ static void dof_register_sgmp_130(void); static void dof_reg_handoff_sgmp_130(void); static void dof_sgmp_reset(void) { } static void dof_sgmp_cleanup(void) { } static void dof_register_sgmp_130(void) { static hf_register_info hf[] = { { &hf_opcode, { "Opcode", "dof.sgmp.v1.opcode", FT_UINT8, BASE_DEC, VALS(sgmp_opcode_strings), 0x0, NULL, HFILL } }, { &hf_sgmp_domain, { "Domain", "dof.sgmp.v1.domain", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_sgmp_epoch, { "Epoch", "dof.sgmp.v1.epoch", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } }, { &hf_initiator_block, { "Initiator Block", "dof.sgmp.v1.initiator-block", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_sgmp_security_scope, { "Security Scope", "dof.sgmp.v1.security-scope", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_initial_state, { "Initial State", "dof.sgmp.v1.initial-state", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_latest_version, { "Latest SGMP Version", "dof.sgmp.v1.latest-sgmp-version", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } }, { &hf_desire, { "Desire", "dof.sgmp.v1.desire", FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL } }, { &hf_ticket, { "Ticket", "dof.sgmp.v1.ticket", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_sgmp_tmin, { "TMIN", "dof.sgmp.v1.tmin", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } }, { &hf_tie_breaker, { "Tie Breaker", "dof.sgmp.v1.tie-breaker", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } }, { &hf_delay, { "Delay", "dof.sgmp.v1.delay", FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL } }, { &hf_key, { "Key", "dof.sgmp.v1.key", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, }; static gint *ett[] = { &ett_sgmp, &ett_sgmp_domain, &ett_initiator_block, &ett_sgmp_security_scope, &ett_initial_state, &ett_ticket, }; proto_sgmp = proto_register_protocol("DOF Secure Group Management Protocol", "DOF.SGMP", "dof.sgmp"); proto_register_field_array(proto_sgmp, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); } /** * The registration hand-off routine */ static void dof_reg_handoff_sgmp_130(void) { dissector_handle_t sgmp_handle = create_dissector_handle(dissect_sgmp, proto_sgmp); dissector_add_uint("dof.app", DOF_PROTOCOL_SGMP, sgmp_handle); } static void dof_sgmp_register(void) { dof_register_sgmp_130(); } static void dof_sgmp_handoff(void) { dof_reg_handoff_sgmp_130(); } /* TEP Registration Support */ static void dof_tep_reset(void) { } static void dof_tep_cleanup(void) { } static void dof_register_tep_128(void) { static hf_register_info hfdsp[] = { { &hf_dsp_option, { "Ticket Exchange Protocol Version 1", "dof.tep1.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } }, }; static hf_register_info hf[] = { { &hf_tep_operation, { "Operation", "dof.tep1.operation", FT_UINT8, BASE_DEC, VALS(tep_opcode_strings), 0x00, NULL, HFILL } }, { &hf_tep_operation_type, { "Operation Type", "dof.tep1.operation_type", FT_BOOLEAN, 8, TFS(&tep_optype_vals), TEP_OPCODE_RSP, NULL, HFILL } }, { &hf_tep_opcode, { "Opcode", "dof.tep1.opcode", FT_UINT8, BASE_DEC, VALS(tep_opcode_strings), 0x0F, NULL, HFILL } }, { &hf_tep_k, { "K", "dof.tep1.k", FT_UINT8, BASE_DEC, NULL, 0x10, NULL, HFILL } }, { &hf_tep_c, { "C", "dof.tep1.c", FT_UINT8, BASE_DEC, NULL, 0x20, NULL, HFILL } }, { &hf_tep_reject_code, { "Code", "dof.tep1.reject.code", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_tep_reject_data, { "Data", "dof.tep1.reject.data", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } }, /* TEP.2.1 */ { &hf_tep_2_1_domain, { "Domain", "dof.2008.4.tep1.2.1.domain", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_tep_2_1_initiator_block, { "Initiator Block", "dof.2008.4.tep1.2.1.initiator_block", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } }, { &hf_tep_2_1_ticket_confirmation, { "Ticket Confirmation", "dof.2008.4.tep1.2.1.ticket_confirmation", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } }, /* TEP.2.2 */ { &hf_tep_2_2_initiator_ticket, { "Initiator Ticket", "dof.2008.4.tep1.2.2.initiator_ticket", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } }, { &hf_tep_2_2_ticket_confirmation, { "Ticket Confirmation", "dof.2008.4.tep1.2.2.ticket_confirmation", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } }, { &hf_tep_2_2_responder_initialization, { "Responder Initialization", "dof.2008.4.tep1.2.2.responder_initialization", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } }, { &hf_tep_2_2_responder_block, { "Responder Block", "dof.2008.4.tep1.2.2.responder_block", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } }, { &hf_tep_2_2_authenticator_initialization, { "Authenticator Initialization", "dof.2008.4.tep1.2.2.authenticator_initialization", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } }, /* TEP.2.2.1 */ { &hf_tep_2_2_1_state_identifier, { "State Identifier", "dof.2008.4.tep1.2.2.1.state_identifier", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_tep_2_2_1_initial_state, { "Initial State", "dof.2008.4.tep1.2.2.1.initial_state", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } }, { &hf_tep_session_key, { "Session Key", "dof.session_key", FT_BYTES, SEP_COLON, NULL, 0x00, NULL, HFILL } }, }; static gint *ett[] = { &ett_tep_dsp, &ett_tep_dsp_options, &ett_tep, &ett_tep_operation, &ett_tep_2_1_domain, &ett_tep_2_1_initiator_block, &ett_tep_2_2_initiator_ticket, &ett_tep_2_2_responder_initialization, &ett_tep_2_2_responder_block, &ett_tep_2_2_authenticator_initialization, &ett_tep_2_2_1_initial_state, }; /* module_t *tep_module;*/ /* No Configuration options to register? */ proto_tep = proto_register_protocol("DOF Ticket Exchange Protocol Version 1", "DOF.TEP1", "dof.tep1"); proto_tep_dsp = proto_register_protocol("DOF Ticket Exchange Protocol DSP Options", "DOF.TEP1.DSP", "dof.tep1.dsp"); proto_register_field_array(proto_tep, hf, array_length(hf)); proto_register_field_array(proto_tep_dsp, hfdsp, array_length(hfdsp)); proto_register_subtree_array(ett, array_length(ett)); /* tep_module = prefs_register_protocol( proto_tep, NULL );*/ } /** * The registration hand-off routine */ static void dof_reg_handoff_tep_128(void) { dissector_handle_t tep_handle = create_dissector_handle(dissect_tep, proto_tep); dissector_handle_t dsp_handle = create_dissector_handle(dissect_tep_dsp, proto_tep_dsp); dissector_add_uint("dof.app", DOF_PROTOCOL_TEP, tep_handle); dissector_add_uint("dof.dsp.options", DSP_TEP_FAMILY | DOF_PROTOCOL_TEP, dsp_handle); } static void dof_tep_register(void) { dof_register_tep_128(); } static void dof_tep_handoff(void) { dof_reg_handoff_tep_128(); } /* TRP Registration Support */ static void dof_trp_reset(void) { } static void dof_trp_cleanup(void) { } static void dof_register_trp_129(void) { expert_module_t *expert_trp; static hf_register_info hfdsp[] = { { &hf_trp_dsp_option, { "Ticket Request Protocol", "dof.trp.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } }, }; static hf_register_info hf[] = { { &hf_trp_opcode, { "Opcode", "dof.trp.opcode", FT_UINT8, BASE_DEC, VALS(trp_opcode_strings), 0x0, NULL, HFILL } }, { &hf_domain, { "Domain", "dof.trp.domain", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_identity_resolution, { "Identity Resolution", "dof.trp.identity_resolution", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_initiator_request, { "Initiator Request", "dof.trp.initiator_request", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_responder_request, { "Responder Request", "dof.trp.responder_request", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_initiator_ticket, { "Initiator Ticket", "dof.trp.initiator_ticket", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_responder_ticket, { "Responder Ticket", "dof.trp.responder_ticket", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_authentication_block, { "Authentication Block", "dof.trp.authentication_block", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_group_identifier, { "Group Identifier", "dof.trp.group_identifier", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_node_identifier, { "Node Identifier", "dof.trp.node_identifier", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_thb, { "Thb", "dof.trp.thb", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_tmin, { "Tmin", "dof.trp.tmin", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_tmax, { "Tmax", "dof.trp.tmax", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_trp_epoch, { "Epoch", "dof.trp.epoch", FT_UINT16, BASE_DEC, NULL, 0x00, NULL, HFILL } }, { &hf_sidg, { "SIDg", "dof.trp.sid_g", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_security_scope, { "Security Scope", "dof.trp.security_scope", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_security_mode, { "Security Mode", "dof.trp.security_mode", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_ssid, { "SSID", "dof.trp.ssid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, #if 0 /* not used yet */ { &hf_initiator_pg, { "Initiator Permissions", "dof.trp.initiator_pg", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, #endif { &hf_initiator_validation, { "Initiator Validation", "dof.trp.initiator_validation", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_responder_pg, { "Responder Permissions", "dof.trp.responder_pg", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_responder_validation, { "Responder Validation", "dof.trp.responder_validation", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_trp_errorcode, { "Error Code", "dof.trp.errorcode", FT_UINT8, BASE_DEC, VALS(trp_error_strings), 0x0, NULL, HFILL } }, { &hf_trp_duration, { "Duration", "dof.trp.duration", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } }, #if 0 /* not used yet */ { &hf_trp_rnonce, { "Requestor Nonce", "dof.trp.rnonce", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_trp_pnonce, { "Provider Nonce", "dof.trp.pnonce", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_trp_reqid, { "Requestor ID", "dof.trp.reqid", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_trp_provid, { "Provider ID", "dof.trp.provid", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_trp_perm_count, { "Permission Count", "dof.trp.perm.count", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_trp_perm_type, { "Permission Type", "dof.trp.perm.type", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_trp_perm_rflags, { "Requestor SRP Flags", "dof.trp.rflags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } }, { &hf_trp_perm_rcache, { "Requestor SRP Cache", "dof.trp.rcache", FT_BOOLEAN, 8, NULL, 0x2, NULL, HFILL } }, { &hf_trp_perm_rsrp, { "Requestor SRP", "dof.trp.rsrp", FT_BOOLEAN, 8, NULL, 0x1, NULL, HFILL } }, { &hf_trp_perm_rsrp_a, { "Requestor SRP A", "dof.trp.rsrp.a", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_trp_perm_rsrp_u, { "Requestor SRP u", "dof.trp.rsrp.u", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_trp_perm_pflags, { "Provider SRP Flags", "dof.trp.pflags", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } }, { &hf_trp_perm_pcache, { "Provider SRP Cache", "dof.trp.pcache", FT_BOOLEAN, 8, NULL, 0x2, NULL, HFILL } }, { &hf_trp_perm_psrp, { "Provider SRP", "dof.trp.psrp", FT_BOOLEAN, 8, NULL, 0x1, NULL, HFILL } }, { &hf_trp_perm_psrp_a, { "Provider SRP A", "dof.trp.psrp.a", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_trp_perm_psrp_u, { "Provider SRP u", "dof.trp.psrp.u", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_trp_perm_psrp_b, { "Provider SRP B", "dof.trp.psrp.b", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_trp_perm_psrp_s, { "Provider SRP S", "dof.trp.psrp.s", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_trp_confirmation, { "Confirmation", "dof.trp.confirmation", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_trp_perm_pke, { "Provider Key Expression", "dof.trp.pke", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_trp_perm_pka, { "Provider Key Authenticator", "dof.trp.pka", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, #endif }; static gint *ett[] = { &ett_trp_dsp, &ett_trp, &ett_domain, &ett_identity_resolution, &ett_initiator_request, &ett_initiator_ticket, &ett_responder_request, &ett_responder_ticket, &ett_authentication_block, &ett_group_identifier, &ett_node_identifier, &ett_sidg, &ett_security_scope, &ett_security_mode, &ett_initiator_pg, &ett_initiator_validation, &ett_responder_pg, &ett_responder_validation, &ett_trp_permset, &ett_srp_flags, &ett_trp_ticket, }; static ei_register_info ei[] = { { &ei_trp_initiator_id_known, { "dof.trp.initiator_id_known", PI_PROTOCOL, PI_COMMENT, "Initiator identity known", EXPFILL } }, { &ei_trp_kek_discovered, { "dof.trp.kek_discovered", PI_PROTOCOL, PI_COMMENT, "KEK discovered", EXPFILL } }, }; /* No Configuration options to register? */ proto_trp = proto_register_protocol("DOF Ticket Request Protocol", "DOF.TRP", "dof.trp"); proto_trp_dsp = proto_register_protocol("DOF Ticket Request Protocol DSP Options", "DOF.TRP.DSP", "dof.trp.dsp"); proto_register_field_array(proto_trp, hf, array_length(hf)); proto_register_field_array(proto_trp_dsp, hfdsp, array_length(hfdsp)); proto_register_subtree_array(ett, array_length(ett)); expert_trp = expert_register_protocol(proto_trp); expert_register_field_array(expert_trp, ei, array_length(ei)); } /** * The registration hand-off routine */ static void dof_reg_handoff_trp_129(void) { dissector_handle_t trp_handle = create_dissector_handle(dissect_trp, proto_trp); dissector_handle_t dsp_handle = create_dissector_handle(dissect_trp_dsp, proto_trp_dsp); dissector_add_uint("dof.app", DOF_PROTOCOL_TRP, trp_handle); dissector_add_uint("dof.dsp.options", DSP_TRP_FAMILY | DOF_PROTOCOL_TRP, dsp_handle); } static void dof_trp_register(void) { dof_register_trp_129(); } static void dof_trp_handoff(void) { dof_reg_handoff_trp_129(); } /* Wireshark Dissector Registration Proper */ /** * This is called only during reset (file load, reload, etc.). */ static void dof_reset_routine(void) { dof_tun_reset(); dof_reset(); oid_reset(); dof_dnp_reset(); dof_dpp_reset(); app_reset(); dof_dsp_reset(); dof_ccm_reset(); dof_oap_reset(); dof_sgmp_reset(); dof_tep_reset(); dof_trp_reset(); } static void dof_cleanup_routine(void) { dof_tun_cleanup(); dof_cleanup(); oid_cleanup(); dof_dnp_cleanup(); dof_dpp_cleanup(); app_cleanup(); dof_dsp_cleanup(); dof_ccm_cleanup(); dof_oap_cleanup(); dof_sgmp_cleanup(); dof_tep_cleanup(); dof_trp_cleanup(); } static void dof_shutdown_routine(void) { guint i; for (i = 0; i < global_security.identity_data_count; i++) { g_free(global_security.identity_data[i].identity); g_free(global_security.identity_data[i].domain); g_free(global_security.identity_data[i].secret); } g_free(global_security.identity_data); for (i = 0; i < global_security.group_data_count; i++) { g_free(global_security.group_data[i].domain); g_free(global_security.group_data[i].identity); g_free(global_security.group_data[i].kek); } if (addr_port_to_id) g_hash_table_destroy(addr_port_to_id); if (dpp_opid_to_packet_data) g_hash_table_destroy(dpp_opid_to_packet_data); if (node_key_to_sid_id) g_hash_table_destroy(node_key_to_sid_id); if (sid_buffer_to_sid_id) g_hash_table_destroy(sid_buffer_to_sid_id); if (sid_id_to_sid_buffer) g_hash_table_destroy(sid_id_to_sid_buffer); } /** * This is the first entry point into the dissector, called on program launch. */ void proto_register_dof(void) { dof_tun_register(); dof_register(); oid_register(); dof_dnp_register(); dof_dpp_register(); app_register(); dof_dsp_register(); dof_ccm_register(); dof_oap_register(); dof_sgmp_register(); dof_tep_register(); dof_trp_register(); register_init_routine(&dof_reset_routine); register_cleanup_routine(&dof_cleanup_routine); register_shutdown_routine(&dof_shutdown_routine); } /** * This routine is called after initialization and whenever the preferences are changed. */ void proto_reg_handoff_dof(void) { dof_tun_handoff(); dof_handoff(); oid_handoff(); dof_dnp_handoff(); dof_dpp_handoff(); app_handoff(); dof_dsp_handoff(); dof_ccm_handoff(); dof_oap_handoff(); dof_sgmp_handoff(); dof_tep_handoff(); dof_trp_handoff(); } /** * Protocol-specific data attached to a conversation_t structure - protocol * index and opaque pointer. */ typedef struct _dof_proto_data { int proto; void *proto_data; } dof_proto_data; static gint p_compare(gconstpointer a, gconstpointer b) { const dof_proto_data *ap = (const dof_proto_data *)a; const dof_proto_data *bp = (const dof_proto_data *)b; if (ap->proto > bp->proto) return 1; else if (ap->proto == bp->proto) return 0; else return -1; } #if 0 /* TODO not used yet */ static void dof_session_add_proto_data(dof_session_data *session, int proto, void *proto_data) { dof_proto_data *p1 = wmem_new0(wmem_packet_scope(), dof_proto_data); p1->proto = proto; p1->proto_data = proto_data; /* Add it to the list of items for this conversation. */ session->data_list = g_slist_insert_sorted(session->data_list, (gpointer *)p1, p_compare); } static void *dof_session_get_proto_data(dof_session_data *session, int proto) { dof_proto_data temp, *p1; GSList *item; temp.proto = proto; temp.proto_data = NULL; item = g_slist_find_custom(session->data_list, (gpointer *)&temp, p_compare); if (item != NULL) { p1 = (dof_proto_data *)item->data; return p1->proto_data; } return NULL; } static void dof_session_delete_proto_data(dof_session_data *session, int proto) { dof_proto_data temp; GSList *item; temp.proto = proto; temp.proto_data = NULL; item = g_slist_find_custom(session->data_list, (gpointer *)&temp, p_compare); while (item) { session->data_list = g_slist_remove(session->data_list, item->data); item = item->next; } } #endif static void dof_packet_add_proto_data(dof_packet_data *packet, int proto, void *proto_data) { dof_proto_data *p1 = wmem_new0(wmem_file_scope(), dof_proto_data); p1->proto = proto; p1->proto_data = proto_data; /* Add it to the list of items for this conversation. */ wmem_list_insert_sorted(packet->data_list, (gpointer *)p1, p_compare); } static void *dof_packet_get_proto_data(dof_packet_data *packet, int proto) { dof_proto_data temp, *p1; wmem_list_frame_t *item; temp.proto = proto; temp.proto_data = NULL; item = wmem_list_find_custom(packet->data_list, (gpointer *)&temp, p_compare); if (item != NULL) { p1 = (dof_proto_data *)wmem_list_frame_data(item); return p1->proto_data; } return NULL; } static gint dof_dissect_pdu_as_field(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int item, int ett, void *result) { int block_length; tvbuff_t *start = tvb_new_subset_remaining(tvb, offset); proto_tree *my_tree; proto_item *ti = proto_tree_add_item(tree, item, tvb, offset, -1, ENC_NA); my_tree = proto_item_add_subtree(ti, ett); block_length = dof_dissect_pdu(dissector, start, pinfo, my_tree, result); return offset + block_length; } static gint dof_dissect_pdu(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *result) { gint len = dissector(tvb, pinfo, tree, result); proto_item_set_len(proto_tree_get_parent(tree), len); return len; } static int dof_dissect_dnp_length(tvbuff_t *tvb, packet_info *pinfo, guint8 version, gint *offset) { dissector_handle_t dp; dp = dissector_get_uint_handle(dnp_framing_dissectors, version); if (!dp) return -1; return call_dissector_only(dp, tvb, pinfo, NULL, offset); } /* * Editor modelines - https://www.wireshark.org/tools/modelines.html * * Local variables: * c-basic-offset: 4 * tab-width: 8 * indent-tabs-mode: nil * End: * * vi: set shiftwidth=4 tabstop=8 expandtab: * :indentSize=4:tabSize=8:noTabs=true: */