| blob | d48ff616b35903fa0e6cb542d48c0a7c74c4558e |
1 /* packet-dof.c
2 * Routines for Distributed Object Framework (DOF) Wireshark Support
3 * Copyright 2015 Bryant Eastham <bryant.eastham[AT]us.panasonic.com>
4 * See https://opendof.org for more information.
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * SPDX-License-Identifier: GPL-2.0-or-later
11 */
13 /* INTRODUCTION
14 * This very large dissector implements packet decoding for the entire
15 * protocol suite of the OpenDOF Project. The OpenDOF Project
16 * (https://opendof.org) is an open-source IoT platform with
17 * implementations in Java, C#, and C. The protocols are documented
18 * on the web site, and the IP ports referenced are registered with IANA.
19 *
20 * "DOF" stands for Distributed Object Framework. The protocols define
21 * a complete protocol stack that can sit on top of a variety of transports.
22 * The stack itself is called the DPS, or "DOF Protocol Stack". It
23 * is a layered stack including a Network, Presentation, and Application
24 * layer. The underlying transport can be anything, these dissectors
25 * hook in to UDP and TCP. To the Wireshark user, however, this is
26 * referred to as "dof" and not "dps".
27 *
28 * The following protocols are defined in the stack and implemented
29 * here:
30 * DNP - DOF Network Protocol (versions: 0, 1)
31 * DPP - DOF Presentation Protocol (version: 0, 2) [1 is reserved and not supported]
32 * DAP - DOF Application Protocols:
33 * DSP - DOF Session Protocol (versions: 0)
34 * OAP - Object Access Protocol (versions: 1)
35 * TEP - Ticket Exchange Protocol (versions: 128)
36 * TRP - Ticket Request Protocol (versions: 129)
37 * SGMP - Secure Group Management Protocol (versions: 130)
38 * DOFSEC - DOF Security Protocols:
39 * CCM - Chained mode
40 * TUN - A tunneling protocol for embedding DOF in other protocols.
41 */
43 /* VERSIONS AND NAMING
44 * There are several different ways in which "versions" are used
45 * throughout the dissector. First, each of the DNP and DPP layers
46 * has a defined 'version'. The DOF Application Protocols are also
47 * distinguished by versioning, but it is actually the registered
48 * application ID that is the version. This is complicated by
49 * the fact that many of the application IDs represent the same
50 * version of a protocol from a capability perspective (and
51 * a user perspective) with the difference being some attribute
52 * of the protocol - for example the security primitives used.
53 *
54 * Another means of versioning is by specification document.
55 * In this case the document is identified by a year and sequence,
56 * with specifications and PDUs using a name and sequence.
57 * Naming of fields and variables will use these identifiers
58 * as they are the easiest way to tie the code to the specifications.
59 *
60 * The specification documents are also the easiest way (although
61 * maybe not the clearest) to expose fields to the Wireshar user.
62 * A consistent naming is used, which is:
63 *
64 * (spec)-pdu-(seq)-(field)
65 * For example: dof-2009-1-pdu-1-value
66 *
67 * Variable naming includes a protocol name to provide clarity.
68 *
69 * This is not the clearest from a user perspective, but it
70 * has the benefit of tying directly to the specifications
71 * themselves and uniquely identifies each field.
72 *
73 * Routines that dissect are uniformly named by the PDU
74 * that they dissect using the PDU specification document
75 * and PDU name from that document as follows:
76 *
77 * dissect_(spec)_(name)
78 */
80 /* DISSECTOR DESIGN
81 * The original work on these dissectors began over ten years ago, but
82 * shared only within Panasonic. During the opening of the protocols in
83 * March of 2015 the decision was made to contribute the code to the Wireshark
84 * community. During this process the plugin approach was rejected and the
85 * entire set made into standard dissectors, and further to that all of the
86 * dissectors were merged into a single file.
87 *
88 * There are several types of supported dissectors that are part of the DPS family.
89 * At the lowest level are the transport dissectors. The responsibility
90 * of these dissectors is to determine the transport session information, pass
91 * DPS packets to the DPS dissector, and properly maintain the dof_api_data
92 * structure.
93 *
94 * The DPS dissector API comprises:
95 * 1. The structure (dof_api_data) that is passed in the data field to the DPS
96 * dissector. Transport plugins must understand this.
97 * 2. The dof_transport_session structure, which contains all transport
98 * information that is passed to the DPS dissector.
99 * 3. The name of the DPS dissector.
100 *
101 * The DPS dissector API extends to dissectors that are called by the DPS dissectors.
102 *
103 * Finally, there is the DPS Security Mode dissectors. These dissectors are passed
104 * additional security context information and it is their job to decrypt packets
105 * and pass them to higher-level dissectors.
106 *
107 * The DOF Protocol Stack is strictly layered with minimal (and defined) state
108 * exchanged between layers. This allows a fairly structured design, using
109 * dissector tables at each layer. The main DPS dissector receives packets
110 * from the transport hooks, and then dissects the packet layer by layer using
111 * the different dissector tables. Dissectors and the DNP, DPP, and DAP layers.
112 *
113 * In addition to the main protocol stack with its associated protocols there are
114 * additional common data elements that include extensibility. If an extension
115 * is found then it will be used to dissect, otherwise the base dissector will be
116 * used.
117 */
119 /* SESSIONS
120 * DOF defines sessions at many different levels, and state is always associated
121 * with a session. Much of the power (and complexity) of these dissectors relates
122 * to accurately tracking and maintaining context for each session, and displaying
123 * context-related decode information based on the session. This includes, for
124 * example, decoding encrypted data (including multicast group traffic) and
125 * showing full packet information even when the packet data uses aliases or
126 * other context specific data.
127 *
128 * Sessions are an extremely complex part of the dissectors because they occur at
129 * so many different levels, and that they are temporal in nature while wireshark
130 * is not. This means that all data structures that deal with sessions must deal
131 * with both the level and the time of the packet.
132 *
133 * The levels are:
134 * 1. Transport. These sessions are defined by the transport, and transport
135 * addresses. As in the transports, there is no transport information allowed
136 * at the dps level, but transport information is allowed to influence other
137 * decisions. Every dps packet must be part of a transport session. Transport
138 * sessions are usually managed as conversations in Wireshark. Each transport
139 * session is has an identifier that is defined by the DPS plugin the first
140 * time a packet in the transport session is passed to the plugin.
141 * 2. DPS. These sessions are defined by DPS, and are part of the DNP definition.
142 * These sessions are also assigned a unique DPS session identifier.
143 *
144 * 3. Security (Optional). Security sessions always exist inside of
145 * an DPS session. Security sessions are further divided into epochs, keys, etc.
146 *
147 * Temporal information is always associated with packet numbers, which always increase.
148 * This temporal information is used during the first pass to create sessions by
149 * determining that a new packet doesn't belong to a previous session.
150 *
151 * During the first pass the data structures are referenced from the transport
152 * session information up. The goal of the first pass is to create the most specific
153 * session information and associate each packet with the appropriate session. These
154 * sessions refer to more general session information.
155 *
156 * In order to make lookups easier, the most fine-grainded sessions are assigned
157 * unique identifiers. Secure sessions are always born unsecure (during security
158 * negotiation). These use the same session identifiers, but the state for the
159 * secure and unsecured times are separated. Once a session is secured it never
160 * transitions back to unsecured.
161 *
162 * MEMBERSHIP
163 * Each packet is sent by a member of the session. Session members have state related
164 * to the session. Packets are received by either a member of the session or the
165 * session itself (implying all members). This means that packet state can come
166 * from:
167 * 1. The sender.
168 * 2. The receiver (if directed to a receiver).
169 * 3. The session.
170 * The identity of a member is always a combination of transport and dps information.
171 * However, the state of the membership is in the context of the session, keyed by
172 * the sender.
173 *
174 * In order to make lookups easier, each unique sender in the system is
175 * assigned a unique identifier.
176 */
178 #include <config.h>
180 #include <ctype.h>
182 #include <wsutil/wsgcrypt.h>
184 #include <epan/packet.h>
185 #include <epan/proto.h>
186 #include <epan/proto_data.h>
187 #include <epan/prefs.h>
188 #include <epan/conversation.h>
189 #include <epan/expert.h>
190 #include <epan/uat.h>
191 #include <wsutil/str_util.h>
192 #include <epan/tfs.h>
195 /* DEFINES, STRUCTURES, AND SUPPORT METHOD DECLARATIONS
196 * The following sections includes preprocessor definitions, structure definitions,
197 * and method declarations for all dissectors.
198 * The ordering is by DPS stack order, general first and then by protocols.
199 */
201 /**
202 * GENERAL SUPPORT STRUCTURES
203 * The following structures represent state that must be maintained for
204 * the dissectors to operate. They are not directly related to protocol
205 * information.
206 */
208 /**
209 * This structure represents a SID, or Sender ID, in the system.
210 * This is allocated as global memory, and must be freed. SIDs
211 * are Object IDs, and can be displayed in hex but preferably
212 * using the OID output format. Even though the OID contains
213 * a length, we prefix this buffer with a length (which must
214 * be less than 255 by the definition of a SID.
215 * SIDs are not versioned, so they can be used universally in
216 * any protocol version.
217 */
220 /**
221 * This structure encapsulates an OPID, which is the combination of
222 * a source identifier (SID, and OID) and a packet number. This is a separate
223 * structure because some operations actually contain multiple opids, but need
224 * to be placed in the appropriate data structures based on SID lookup. This
225 * structure can be used as a key in different hash tables.
226 */
228 {
230 dof_2009_1_pdu_19_sid op_sid;
234 /**
235 * This structure contains all of the transport session information
236 * related to a particular session, but not related to the packet
237 * within that session. That information is separated to allow
238 * reuse of the structure.
239 */
241 {
242 /**
243 * TRANSPORT ID: This is a unique identifier for each transport,
244 * used to prevent aliasing of the SENDER ID value in the
245 * transport packet structure. It contains the protocol id
246 * assigned by Wireshark (unique per protocol).
247 */
250 /**
251 * For new sessions, this is left zero. The DPS dissector will
252 * set this value.
253 */
256 /**
257 * Timestamp of start of session.
258 */
259 nstime_t session_start_ts;
261 /**
262 * Whether negotiation is required on this session.
263 */
266 /**
267 * The frame number where negotiation was complete, or zero if not complete.
268 */
271 /**
272 * The time when negotiation was complete, or zero if not complete.
273 */
274 nstime_t negotiation_complete_at_ts;
276 /**
277 * Type of transport session.
278 */
281 /**
282 * Cardinality of transport session.
283 */
288 {
289 /**
290 * Source of packet (if known, default is server).
291 */
294 /**
295 * SENDER ID/RECEIVER ID: A unique value that identifies the unique
296 * transport sender/receiver address. This number is based on only
297 * the transport, and not session, information.
298 */
303 /**
304 * This structure maintains security state throughout an DPS session.
305 * It is managed by the key exchange protocol, and becomes effective
306 * at different dps packets in each communication direction. Decrypting
307 * a packet requires that this structure exists.
308 */
310 {
311 /**
312 * The frame at which this becomes valid for initiator packets.
313 */
316 /**
317 * The frame at which this becomes valid for responder packets.
318 */
321 /**
322 * SECURITY MODE: The security mode for a secure session. Set
323 * by the key exchange dissector.
324 */
327 /**
328 * SECURITY MODE INITIALIZATION DATA: Determined by the key exchange
329 * protocol and passed here for the reference of the security mode.
330 */
334 /**
335 * SECURITY MODE DATA: Created and managed by the security mode
336 * dissector.
337 */
340 /**
341 * SESSION KEY: Pointer to seasonal data that holds the encryption key.
342 */
345 /**
346 * The next security data in this session.
347 */
351 /**
352 * This structure contains security keys that should be tried with
353 * sessions that otherwise are not known.
354 */
356 {
360 /**
361 * This structure contains security keys for groups.
362 */
364 {
372 /**
373 * This structure contains security keys for non-group identities.
374 */
376 {
384 /**
385 * This structure exists for global security state. It exposes the
386 * configuration data associated with DPS, and also is a common location
387 * that learned security information is stored. Each dof_packet_data will
388 * contain a pointer to this structure - there is only one for the entire
389 * DPS.
390 */
392 {
393 /* Array of session_keys. */
397 /* Array of group data. */
401 /* Array of identity data. */
405 /* Global sessions. */
406 /*TODO: Figure this out */
407 /* dof_session_list* sessions; */
410 /**
411 * This structure represents a key that is learned for a group and epoch.
412 */
415 {
425 /**
426 * This structure represents a group that is learned about.
427 */
429 {
440 /**
441 * This structure exists for each secure DPS session. This is kept in
442 * addition to the normal session
443 * Each packet that has state will contain a reference to one of these.
444 *
445 * Information in this structure is invariant for the duration of the
446 * session *or* is only used during the initial pass through the packets.
447 * Information that changes (for example, security parameters, keys, etc.)
448 * needs to be maintained separately, although this structure is the
449 * starting place for this information.
450 *
451 * This structure is initialized to zero.
452 */
455 {
456 /**
457 * SSID: Zero is typically used for streaming sessions.
458 */
461 /**
462 * DOMAIN LENGTH: The length of the security domain, greater than
463 * zero for secure sessions. Set by the key exchange dissector.
464 */
467 /**
468 * DOMAIN: The security domain itself, seasonal storage, non-null
469 * for secure sessions. Set by the key exchange dissector.
470 */
473 /**
474 * SESSION SECURITY: This is a list of security data for this
475 * session, created by the key exchange protocol.
476 */
480 /**
481 * NEXT: This is the next secure session related to the parent
482 * unsecure session. Protocols can define new secure sessions and
483 * add them to this list. DPP then finds the correct secure session
484 * for a secure packet and caches it.
485 */
492 /**
493 * This structure exists for each DPS session. Secure sessions have an
494 * additional data structure that includes the secure session information.
495 * Each packet that has state will contain a reference to one of these.
496 *
497 * Information in this structure is invariant for the duration of the
498 * session *or* is only used during the initial pass through the packets.
499 * Information that changes (for example, security parameters, keys, etc.)
500 * needs to be maintained separately, although this structure is the
501 * starting place for this information.
502 *
503 * This structure is initialized to zero.
504 */
506 {
507 /**
508 * SESSION ID: Set when the session is created, required.
509 */
512 /**
513 * DPS ID: The type of DPS SENDER ID (in the packet data) to prevent
514 * aliasing. Since DPS senders identifiers relate to DNP, this is the
515 * DNP version number.
516 */
519 /**
520 * SECURE SESSIONS: When secure sessions are created from this
521 * unsecure session then they are added to this list. Each member
522 * of the list must be distinguished.
523 */
526 /**
527 * Protocol-specific data.
528 */
532 /* DOF Security Structures. */
533 /* Return structures for different packets. */
536 {
541 {
547 {
556 {
562 /**
563 * This structure defines the address for Wireshark transports. There is no
564 * DPS information associated here.
565 */
567 {
568 address addr;
573 {
578 /**
579 * DOF PACKET DATA
580 * This structure exists for each DOF packet. There is ABSOLUTELY NO
581 * transport-specific information here, although there is a session
582 * number which may relate to transport information indirectly through
583 * a transport session.
584 * There will be one of these for each DOF packet, even if the corresponding
585 * Wireshark frame has multiple DOF packets encapsulated in it. The key
586 * to this structure is the operation identifier, and there is a hash
587 * lookup to go from an operation identifier to this structure.
588 */
590 {
591 /**
592 * NON-DPS FIELDS, USED FOR WIRESHARK COMMUNICATION/PROCESSING
593 * Protocol-specific data.
594 */
597 /**
598 * The Wireshark frame. Note that a single frame can have multiple DPS packets.
599 */
602 /**
603 * The DPS frame/packet. This number is unique in the entire trace.
604 */
607 /**
608 * Packet linked list for all dps packets.
609 */
612 /**
613 * DPS FIELDS
614 * Indicator that the packet has already been processed. Processed packets
615 * have all their fields set that can be determined. Further attempts to
616 * determine NULL fields are worthless.
617 */
620 /**
621 * SUMMARY: An operation summary, displayed in the Operation History. This is seasonal
622 * data, managed by the DPP dissector.
623 */
626 /**
627 * SENDER ID/RECEIVER ID: An identifier for each unique sender/receiver according to DPS.
628 * This augments the transport SENDER ID/RECEIVER ID in determining each
629 * unique sender.
630 */
634 /**
635 * DPP INFORMATION - CACHED INFORMATION
636 */
640 /**
641 * SENDER SID ID/RECEIVER SID ID: An identifier for the sid associated with this packet's sender.
642 * Zero indicates that it has not been assigned. Assigned by the DPP
643 * dissector.
644 */
648 /**
649 * SENDER SID/RECEIVER SID: The SID of the sender/receiver, or NULL if not known.
650 */
651 dof_2009_1_pdu_19_sid sender_sid;
652 dof_2009_1_pdu_19_sid receiver_sid;
654 /**
655 * Operation references.
656 */
658 dof_2009_1_pdu_20_opid op;
660 dof_2009_1_pdu_20_opid ref_op;
669 /**
670 * SECURITY INFORMATION - CACHED
671 */
681 /**
682 * OPERATION DATA: Generic data, seasonal, owned by the application protocol dissector
683 * for this packet.
684 */
689 /**
690 * This structure represents globals that are passed to all dissectors.
691 */
693 {
705 /**
706 * This structure contains all information that is passed between
707 * transport dissectors/plugins and the DPS dissector. It is allocated
708 * by the transport plugin, and its fields are set as described here.
709 */
711 {
712 /**
713 * TRANSPORT SESSION: Set by the transport dissector, required.
714 */
717 /**
718 * TRANSPORT PACKET: Set by the transport dissector, required.
719 */
722 /**
723 * DPS SESSION: Set by the DPS dissector.
724 */
727 /**
728 * DPS DATA: Set by the DPS dissector.
729 */
732 /**
733 * DPS SECURE SESSION: Set by the DPP dissector.
734 */
738 /**
739 * This set of types defines the Security Mode dissector API.
740 * This structure identifies the context of the dissection,
741 * allowing a single structure to know what part of the packet
742 * of sequence of packets it is working with.
743 *
744 * Structure for Security Mode of Operation dissectors.
745 */
747 {
748 INITIALIZE,
749 HEADER,
750 TRAILER
753 /* Seasonal, initialized to zero. */
755 {
756 /**
757 * API VERSION: Set by the DPS dissector, required.
758 * MUST BE THE FIRST FIELD.
759 */
762 /**
763 * CONTEXT: Set the DPS dissector, required.
764 */
765 dof_secmode_context context;
767 /**
768 * SECURITY MODE OFFSET: The packet offset from the DPP header of the security mode.
769 */
772 /**
773 * API DATA: Set by the DPS dissector, required.
774 */
777 /**
778 * SECURE SESSION DATA: Controlled by the caller, either associated
779 * with the current packet (HEADER mode) or not (other modes).
780 * Used to access session information.
781 */
784 /**
785 * KEY EXCHANGE: Controlled by the caller, represents the key exchange
786 * for INITIALIZE mode.
787 */
791 /* These should be the only non-static declarations in the file. */
795 /* Dissector routines. */
797 static int dissect_2008_16_security_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
798 static int dissect_2008_16_security_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
799 static int dissect_2008_16_security_3_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
800 static int dissect_2008_16_security_3_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
801 static int dissect_2008_16_security_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
802 static int dissect_2008_16_security_5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
803 static int dissect_2008_16_security_6_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
804 static int dissect_2008_16_security_6_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
805 static int dissect_2008_16_security_6_3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
806 static int dissect_2008_16_security_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
807 static int dissect_2008_16_security_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
808 static int dissect_2008_16_security_9(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
809 static int dissect_2008_16_security_10(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
810 static int dissect_2008_16_security_11(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
811 static int dissect_2008_16_security_12(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
812 static int dissect_2008_16_security_13(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
813 static int dissect_2009_11_type_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
816 static const char* dof_oid_create_standard_string(uint32_t bufferSize, const uint8_t *pOIDBuffer, packet_info *pinfo);
817 static const char* dof_iid_create_standard_string(uint32_t bufferSize, const uint8_t *pIIDBuffer);
827 static int dof_dissect_pdu(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *result);
828 static int dof_dissect_pdu_as_field(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int item, int ett, void *result);
834 #endif
839 /* DOF PROTOCOL STACK */
842 /**
843 * PORTS
844 * The following ports are registered with IANA and used to hook transport
845 * dissectors into the lower-level Wireshark transport dissectors.
846 *
847 * Related to these ports is the usage of conversations for DOF. The goal of
848 * using Wireshark conversations is to guarantee that DPS data is available for
849 * any DPS packet. However, there is no assumption that Wireshark conversations
850 * map in any way to DOF sessions.
851 *
852 * One exception to this use is in discovery of DOF servers. The DOF_MCAST_NEG_SEC_UDP_PORT
853 * is watched for all traffic. A "wildcard" conversation is then created for the
854 * source address, and the DPS dissector is associated with that port. In this
855 * way, servers on non-standard ports will automatically be decoded using DPS.
856 */
858 #define DOF_P2P_NEG_SEC_TCP_PORT 3567
859 /* Reserved UDP port 3568*/
860 #define DOF_TUN_SEC_TCP_PORT 3568
861 #define DOF_P2P_SEC_TCP_PORT 5567
862 /* Reserved UDP port 8567*/
863 #define DOF_TUN_NON_SEC_TCP_PORT 8567
865 /* This is needed to register multicast sessions with the UDP handler. */
881 /* DOF Tunnel Protocol */
883 /* UDP Registrations */
889 /***** TUNNEL *****/
897 /* DOF NETWORK PROTOCOL */
898 #define DNP_MAX_VERSION 1
912 /* DNP V0 */
918 /* DNP V1 */
919 #define DNP_V1_DEFAULT_FLAGS (0)
936 NULL
937 };
939 /* DOF PRESENTATION PROTOCOL */
961 /* DPP V0 */
966 /* DPP V1 - RESERVED, NOT SUPPORTED */
968 /* DPP V2 */
969 #define DPP_V2_DEFAULT_FLAGS (0)
970 #define DPP_V2_SEC_FLAG_E (0x80)
971 #define DPP_V2_SEC_FLAG_D (0x08)
972 #define DPP_V2_SEC_FLAG_P (0x04)
973 #define DPP_V2_SEC_FLAG_A (0x02)
974 #define DPP_V2_SEC_FLAG_S (0x01)
979 /* TODO: The complete on final and final flags are not covered. */
1018 };
1020 #define OP_2009_12_RESPONSE_FLAG (0x80)
1021 #define OP_2009_12_NODE_DOWN_CMD (0)
1022 #define OP_2009_12_NODE_DOWN_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_NODE_DOWN_CMD)
1023 #define OP_2009_12_SOURCE_LOST_CMD (1)
1024 #define OP_2009_12_SOURCE_LOST_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_SOURCE_LOST_CMD)
1025 #define OP_2009_12_RENAME_CMD (2)
1026 #define OP_2009_12_RENAME_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_RENAME_CMD)
1027 #define OP_2009_12_PING_CMD (3)
1028 #define OP_2009_12_PING_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_PING_CMD)
1029 #define OP_2009_12_CANCEL_ALL_CMD (4)
1030 #define OP_2009_12_CANCEL_ALL_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_CANCEL_ALL_CMD)
1031 #define OP_2009_12_HEARTBEAT_CMD (5)
1032 #define OP_2009_12_HEARTBEAT_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_HEARTBEAT_CMD)
1033 #define OP_2009_12_QUERY_CMD (6)
1034 #define OP_2009_12_QUERY_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_QUERY_CMD)
1035 #define OP_2009_12_SOURCE_FOUND_CMD (8)
1036 #define OP_2009_12_SOURCE_FOUND_RSP (OP_2009_12_RESPONSE_FLAG|OP_2009_12_SOURCE_FOUND_CMD)
1056 };
1058 /* DOF APPLICATION PROTOCOL */
1067 /* DAP V0 (DSP - DOF SESSION PROTOCOL) */
1068 /* Note that DSP is *always* appid 0 and so it violates the standard naming rule. */
1084 };
1086 #define DOF_PROTOCOL_DSP 0
1087 #define DSP_OAP_FAMILY 0x010000
1091 #define OP_2008_1_RSP (0x80)
1092 #define OP_2008_1_QUERY_CMD 0
1093 #define OP_2008_1_QUERY_RSP (OP_2008_1_RSP|OP_2008_1_QUERY_CMD)
1094 #define OP_2008_1_CONFIG_REQ 1
1095 #define OP_2008_1_CONFIG_ACK (OP_2008_1_RSP|2)
1096 #define OP_2008_1_CONFIG_NAK (OP_2008_1_RSP|3)
1097 #define OP_2008_1_CONFIG_REJ (OP_2008_1_RSP|4)
1098 #define OP_2008_1_TERMINATE_CMD 5
1099 #define OP_2008_1_TERMINATE_RSP (OP_2008_1_RSP|OP_2008_1_TERMINATE_CMD)
1100 #define OP_2008_1_OPEN_CMD 6
1101 #define OP_2008_1_OPEN_RSP (OP_2008_1_RSP|OP_2008_1_OPEN_CMD)
1102 #define OP_2008_1_OPEN_SECURE_RSP (OP_2008_1_RSP|7)
1117 };
1119 #define DSP_AVP_AUTHENTICATION 0
1120 #define DSP_AVP_APPLICATION 1
1127 };
1133 };
1134 #endif
1140 /* DAP V1 (OAP - OBJECT ACCESS PROTOCOL V1) */
1141 /* This is the defined protocol id for OAP. */
1142 #define DOF_PROTOCOL_OAP_1 1
1143 /* There are two "protocols", one hooks into DSP and the other to DOF. */
1147 /* OAP DSP protocol items. */
1150 /* OAP protocol items. */
1174 #endif
1187 #endif
1213 NULL
1214 };
1220 #define OAP_1_RESPONSE (0x80)
1221 #define OAP_1_CMD_ACTIVATE 28
1222 #define OAP_1_RSP_ACTIVATE (OAP_1_CMD_ACTIVATE|OAP_1_RESPONSE)
1223 #define OAP_1_CMD_ADVERTISE 5
1224 #define OAP_1_RSP_ADVERTISE (OAP_1_CMD_ADVERTISE|OAP_1_RESPONSE)
1225 #define OAP_1_CMD_CHANGE 2
1226 #define OAP_1_RSP_CHANGE (OAP_1_CMD_CHANGE|OAP_1_RESPONSE)
1227 #define OAP_1_CMD_CONNECT 4
1228 #define OAP_1_RSP_CONNECT (OAP_1_CMD_CONNECT|OAP_1_RESPONSE)
1229 #define OAP_1_CMD_DEFINE 6
1230 #define OAP_1_RSP_DEFINE (OAP_1_CMD_DEFINE|OAP_1_RESPONSE)
1231 #define OAP_1_CMD_EXCEPTION 9
1232 #define OAP_1_RSP_EXCEPTION (OAP_1_CMD_EXCEPTION|OAP_1_RESPONSE)
1233 #define OAP_1_CMD_FULL_CONNECT 3
1234 #define OAP_1_RSP_FULL_CONNECT (OAP_1_CMD_FULL_CONNECT|OAP_1_RESPONSE)
1235 #define OAP_1_CMD_GET 10
1236 #define OAP_1_RSP_GET (OAP_1_CMD_GET|OAP_1_RESPONSE)
1237 #define OAP_1_CMD_INVOKE 12
1238 #define OAP_1_RSP_INVOKE (OAP_1_CMD_INVOKE|OAP_1_RESPONSE)
1239 #define OAP_1_CMD_OPEN 14
1240 #define OAP_1_RSP_OPEN (OAP_1_CMD_OPEN|OAP_1_RESPONSE)
1241 #define OAP_1_CMD_PROVIDE 16
1242 #define OAP_1_RSP_PROVIDE (OAP_1_CMD_PROVIDE|OAP_1_RESPONSE)
1243 #define OAP_1_CMD_REGISTER 25
1244 #define OAP_1_RSP_REGISTER (OAP_1_CMD_REGISTER|OAP_1_RESPONSE)
1245 #define OAP_1_CMD_SET 20
1246 #define OAP_1_RSP_SET (OAP_1_CMD_SET|OAP_1_RESPONSE)
1247 #define OAP_1_CMD_SIGNAL 22
1248 #define OAP_1_RSP_SIGNAL (OAP_1_CMD_SIGNAL|OAP_1_RESPONSE)
1249 #define OAP_1_CMD_SUBSCRIBE 24
1250 #define OAP_1_RSP_SUBSCRIBE (OAP_1_CMD_SUBSCRIBE|OAP_1_RESPONSE)
1251 #define OAP_1_CMD_WATCH 30
1252 #define OAP_1_RSP_WATCH (OAP_1_CMD_WATCH|OAP_1_RESPONSE)
1289 };
1292 {
1299 {
1302 }
1305 {
1319 }
1322 {
1331 {
1337 {
1343 static int oap_1_tree_add_alias(dof_api_data *api_data, oap_1_packet_data *oap_packet _U_, dof_packet_data *packet, proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int offset, uint8_t alias_length, uint8_t resolve)
1344 {
1350 /* TODO: Output error. */
1354 /* TODO: Output error. */
1360 {
1362 oap_1_alias_key key;
1376 {
1379 /* Decode the Interface */
1380 ti = proto_tree_add_bytes_format_value(tree, hf_oap_1_interfaceid, tvb, 0, 0, binding->iid, "%s", dof_iid_create_standard_string(binding->iid_length, binding->iid));
1383 /* Decode the Object ID */
1384 ti = proto_tree_add_bytes_format_value(tree, hf_oap_1_objectid, tvb, 0, 0, binding->oid, "%s", dof_oid_create_standard_string(binding->oid_length, binding->oid, pinfo));
1391 }
1392 }
1395 }
1398 {
1406 else
1411 }
1413 static int oap_1_tree_add_binding(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int offset)
1414 {
1416 /* uint8_t cl; */
1422 else
1432 else
1434 #endif
1439 }
1441 static int oap_1_tree_add_cmdcontrol(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
1442 {
1449 ti = proto_tree_add_bitmask(tree, tvb, offset, hf_oap_1_cmdcontrol, ett_oap_1_cmdcontrol_flags, bitmask_oap_1_cmdcontrol_flags, ENC_NA);
1462 {
1463 /* Heuristic */
1469 pi = proto_tree_add_uint_format(opinfo_tree, hf_oap_1_cmdcontrol_heuristic, tvb, offset, heur_len, heur, "Heuristic Value: %hu", heur);
1472 }
1475 {
1476 /* Ack List */
1485 {
1488 }
1489 }
1492 {
1493 /* Cache Delay */
1499 pi = proto_tree_add_uint_format(opinfo_tree, hf_oap_1_cmdcontrol_cache, tvb, offset, cache_len, cache, "Cache Delay: %hu", cache);
1502 }
1505 }
1507 /**
1508 * Define an alias. This routine is called for each Provide operation that includes an alias assignment.
1509 * It is also called for retries of Provide operations.
1510 * The alias is defined for the duration of the Provide. This means that if the operation is cancelled
1511 * then the alias should no longer be valid.
1512 * The alias is associated with an oap_session, an dof_node, and the alias itself. Aliases
1513 * may be reused as long as the previous use has expired, and so the list is stored in reverse
1514 * order.
1515 *
1516 * NOTE: The alias is passed as a structure pointer, and must be reallocated if it is stored in
1517 * the hash.
1518 */
1520 {
1521 /* The definer of an alias is the sender, in the session. */
1526 oap_1_alias_key key;
1541 /* If there isn't an entry for the alias, then we need to create one.
1542 * The first entry will be the binding we are defining.
1543 */
1545 {
1549 }
1550 }
1552 /**
1553 * Given an oap_alias, resolve it to an oap_1_binding. This assumes that the destination of the
1554 * packet is the one that defined the alias.
1555 */
1557 {
1558 /* The first lookup is inside the session based on defining node. */
1560 }
1562 /* DAP V128 (TEP - TICKET EXCHANGE PROTOCOL V1) */
1563 #define DOF_PROTOCOL_TEP 128
1564 #define DSP_TEP_FAMILY 0x000000
1581 /* TEP.2.1 */
1588 /* TEP.2.2 */
1599 /* TEP.2.2.1 */
1615 };
1616 #endif
1618 #define TEP_OPCODE_RSP (0x80)
1619 #define TEP_OPCODE_C (0x20)
1620 #define TEP_OPCODE_K (0x10)
1621 #define TEP_PDU_REJECT (TEP_OPCODE_RSP|0)
1622 #define TEP_PDU_REQUEST (1)
1623 #define TEP_PDU_END_SESSION (5)
1624 #define TEP_PDU_SESSION_ENDING (6)
1626 #define TEP_PDU_REQUEST_KEY (TEP_OPCODE_K|TEP_PDU_REQUEST)
1627 #define TEP_PDU_CONFIRM (TEP_OPCODE_C|TEP_PDU_REQUEST)
1628 #define TEP_PDU_ACCEPT (TEP_OPCODE_RSP|TEP_PDU_REQUEST)
1629 #define TEP_PDU_CONFIRM_ACK (TEP_OPCODE_RSP|TEP_OPCODE_C|TEP_PDU_REQUEST)
1643 };
1652 };
1653 #endif
1655 /* Initialized to zero. */
1657 {
1658 /* Stored from the K bit of the Request PDU. */
1661 /* Stored from the key request for non-secure rekeys. Otherwise 0 and NULL. */
1665 /* Stored from the identity of the Request PDU. Seasonal. */
1669 /* Stored from the nonce of the Request PDU. Seasonal. */
1673 /* Stored from the identity of the Request response PDU. Seasonal. */
1677 /* Stored from the nonce of the Request response PDU. Seasonal. */
1685 /* Security session data for this rekey, if is_rekey is true. */
1689 /* DAP V129 (TRP - TICKET REQUEST PROTOCOL V2) */
1690 #define DOF_PROTOCOL_TRP 129
1691 #define DSP_TRP_FAMILY 0x030000
1693 {
1732 #endif
1761 #endif
1790 #define TRP_RESPONSE (0x80)
1792 #define TRP_RSP_REJECT (TRP_RESPONSE|0)
1793 #define TRP_CMD_REQUEST_KEK (1)
1794 #define TRP_RSP_REQUEST_KEK (TRP_RESPONSE|TRP_CMD_REQUEST_KEK)
1795 #define TRP_CMD_REQUEST_RANDOM (2)
1796 #define TRP_RSP_REQUEST_RANDOM (TRP_RESPONSE|TRP_CMD_REQUEST_RANDOM)
1797 #define TRP_CMD_REQUEST_SESSION (3)
1798 #define TRP_RSP_REQUEST_SESSION (TRP_RESPONSE|TRP_CMD_REQUEST_SESSION)
1799 #define TRP_CMD_REQUEST_SECURITY_SCOPES (4)
1800 #define TRP_RSP_REQUEST_SECURITY_SCOPES (TRP_RESPONSE|TRP_CMD_REQUEST_SECURITY_SCOPES)
1801 #define TRP_CMD_RESOLVE_CREDENTIAL (6)
1802 #define TRP_RSP_RESOLVE_CREDENTIAL (TRP_RESPONSE|TRP_CMD_RESOLVE_CREDENTIAL)
1803 #define TRP_CMD_REQUEST_LOCAL_DOMAIN (7)
1804 #define TRP_RSP_REQUEST_LOCAL_DOMAIN (TRP_RESPONSE|TRP_CMD_REQUEST_LOCAL_DOMAIN)
1805 #define TRP_CMD_REQUEST_REMOTE_DOMAIN (8)
1806 #define TRP_RSP_REQUEST_REMOTE_DOMAIN (TRP_RESPONSE|TRP_CMD_REQUEST_REMOTE_DOMAIN)
1807 #define TRP_RSP_REQUEST_DISCOVERED_REMOTE_DOMAIN (TRP_RESPONSE|0x0A)
1808 #define TRP_CMD_VALIDATE_CREDENTIAL (9)
1809 #define TRP_RSP_VALIDATE_CREDENTIAL (TRP_RESPONSE|TRP_CMD_VALIDATE_CREDENTIAL)
1840 };
1854 };
1856 /* DAP V130 (SGMP - SECURE GROUP MANAGEMENT PROTOCOL V1) */
1857 #define DOF_PROTOCOL_SGMP 130
1859 {
1900 #define SGMP_RESPONSE (0x80)
1901 #define SGMP_CMD_HEARTBEAT (0)
1902 #define SGMP_RSP_HEARTBEAT (SGMP_CMD_HEARTBEAT|SGMP_RESPONSE)
1903 #define SGMP_CMD_EPOCH_CHANGED (1)
1904 #define SGMP_RSP_EPOCH_CHANGED (SGMP_CMD_EPOCH_CHANGED|SGMP_RESPONSE)
1905 #define SGMP_CMD_REKEY (2)
1906 #define SGMP_RSP_REKEY (SGMP_CMD_REKEY|SGMP_RESPONSE)
1907 #define SGMP_CMD_REQUEST_GROUP (3)
1908 #define SGMP_RSP_REQUEST_GROUP (SGMP_CMD_REQUEST_GROUP|SGMP_RESPONSE)
1909 #define SGMP_CMD_REKEY_EPOCH (5)
1910 #define SGMP_RSP_REKEY_EPOCH (SGMP_CMD_REKEY_EPOCH|SGMP_RESPONSE)
1911 #define SGMP_CMD_REKEY_MERGE (7)
1912 #define SGMP_RSP_REKEY_MERGE (SGMP_CMD_REKEY_MERGE|SGMP_RESPONSE)
1929 };
1933 static bool sgmp_validate_session_key(sgmp_packet_data *cmd_data, uint8_t *confirmation, uint8_t *kek, uint8_t *key)
1934 {
1935 gcry_mac_hd_t hmac;
1936 gcry_error_t result;
1948 }
1949 #endif
1951 /* DOF SECURITY PROTOCOL */
1954 #define AS_ASSIGNED_SSID 0x40000000
1956 /* DOFSEC Vxxxx (CCM - COUNTER WITH CBC-MAC PROTOCOL V1) */
1957 #define DOF_PROTOCOL_CCM 24577
1958 #define DSP_CCM_FAMILY 0x020000
1977 };
2002 {
2004 gcry_cipher_hd_t cipher_data;
2006 /* Starts at 1, incrementing for each new key. */
2008 /* Mapping from wire period to absolute periods. */
2018 {
2024 #define CCM_PDU_PROBE (0)
2029 };
2031 /* DOF OBJECT IDENTIFIER (OID) */
2057 /**
2058 * EXPERT INFOS
2059 * Expert infos are related to either a PDU type or a specification, and so
2060 * they are listed separately.
2061 */
2062 #if 0
2064 #endif
2070 #if 0
2072 #endif
2085 /**
2086 * SOURCE IDENTIFIER (SID) SUPPORT
2087 * Source identifiers are used as part of operation tracking in the
2088 * DOF Protocol Stack. They are version independent, and associated with
2089 * a node in the DOF mesh network. Each session is associated with a SID.
2090 *
2091 * DPP Manages the SID information, since it is DPP that learns about SIDs.
2092 * SIDs are complicated because the can be 'unknown' for periods, and then
2093 * learned later. The requirement here is that all SIDs that can be known
2094 * are known by the second pass of the dissector (pinfo->visited != 0).
2095 *
2096 * There are two hash tables to map to an actual SID. The first goes
2097 * from sender information to SID ID. During the first pass multiple SID ID
2098 * may actually refer to the same SID, and so the system must be able to "patch"
2099 * these values as actual SIDs are learned. The second hash table goes from SID ID
2100 * to actual SID. This lookup is only known after a real SID has been learned.
2101 *
2102 * The hash tables are used in order to look up full SID information when only
2103 * partial information is known, and must support looking up in both directions
2104 * based on what is known from a particular PDU.
2105 */
2111 {
2120 {
2131 }
2134 {
2135 /* The sid buffer is a length byte followed by data. */
2144 }
2147 {
2167 }
2170 {
2178 }
2182 /**
2183 * This routine is called for each reset (file load, capture) and is responsible
2184 * for allocating the SID support hash tables. Previous information is freed
2185 * if needed.
2186 */
2188 {
2192 {
2195 }
2198 {
2201 }
2204 {
2207 }
2209 /* The value is not allocated, so does not need to be freed. */
2210 node_key_to_sid_id = g_hash_table_new_full(sender_key_hash_fn, sender_key_equal_fn, g_free, NULL);
2211 sid_buffer_to_sid_id = g_hash_table_new_full(sid_buffer_hash_fn, sid_buffer_equal_fn, g_free, NULL);
2213 }
2215 /**
2216 * OPERATION IDENTIFIER SUPPORT
2217 * Operation identifiers are an extension of a SID, and represent each separate
2218 * operation in the DOF. They are identified by a SID and an operation count.
2219 * Like SIDs, they are indepenent of version (at least in meaning, the formatting
2220 * may change).
2221 *
2222 * The hash is used to look up common operation information each time an operation
2223 * is seen in any packet.
2224 */
2228 {
2231 }
2234 {
2243 }
2246 {
2248 {
2249 /* Clear it out. Note that this calls the destroy functions for each element. */
2252 }
2254 dpp_opid_to_packet_data = g_hash_table_new_full(dpp_opid_hash_fn, dpp_opid_equal_fn, NULL, NULL);
2255 }
2257 /**
2258 * NON-SECURE SESSION LOOKUP SUPPORT
2259 */
2262 /**
2263 * NON-SECURE DPS SESSION
2264 * This is defined by the transport session and the DNP port information.
2265 */
2267 {
2274 static dof_session_data* dof_ns_session_retrieve(unsigned transport_session_id, unsigned client, unsigned server)
2275 {
2276 dof_ns_session_key lookup_key;
2279 /* Build a (non-allocated) key to do the lookup. */
2286 {
2287 /* We found a match. */
2289 }
2292 }
2294 static void dof_ns_session_define(unsigned transport_session_id, unsigned client, unsigned server, dof_session_data *session_data)
2295 {
2298 /* No match, need to add a key. */
2304 /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
2306 }
2308 /* COMMON PDU DISSECTORS */
2310 /* Security.1 */
2324 };
2326 /* Security.2 */
2331 /* Security.3.1 */
2337 /* Security.3.2 */
2343 /* Security.4 */
2353 /* Security.5 */
2357 /* Security.6.1 */
2364 /* Security.6.2 */
2368 /* Security.6.3 */
2377 /* Security.9 */
2381 /* Security.10 */
2385 /* Security.11 */
2390 /* Security.12 */
2399 };
2404 static bool
2405 dof_sessions_destroy_cb(wmem_allocator_t *allocator _U_, wmem_cb_event_t event _U_, void *user_data)
2406 {
2411 }
2412 /* unregister this callback */
2414 }
2417 {
2420 }
2423 {
2429 /* Add the generic representation of the fields. */
2434 /* Append description to the parent. */
2435 proto_item_append_text(parent, " (Code=%s/Data=0x%04x)", val_to_str(attribute_code, strings_2008_1_dsp_attribute_codes, "%u"), attribute_data);
2438 {
2441 /* call the next dissector */
2443 dissector_try_uint(dsp_option_dissectors, (attribute_code << 16) | attribute_data, tvb, pinfo, tree);
2444 }
2446 }
2448 /**
2449 * Security.1: Permission. This is the base type for
2450 * permissions, and supports extension.
2451 */
2452 static int dissect_2008_16_security_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2453 {
2458 /* Permission Type */
2459 {
2466 pi = proto_tree_add_uint(tree, hf_security_1_permission_type, tvb, start, offset - start, value);
2468 }
2473 /* Length */
2474 {
2483 }
2485 /* Data */
2490 }
2492 /**
2493 * Security.2: Permission Request.
2494 */
2495 static int dissect_2008_16_security_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2496 {
2500 /* Count */
2501 {
2510 }
2513 {
2520 }
2523 }
2525 /**
2526 * Security.3.1: Base Credential Format.
2527 * Returns: dof_2008_16_security_3_1
2528 */
2529 static int dissect_2008_16_security_3_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
2530 {
2536 /* Credential Type */
2537 {
2543 pi = proto_tree_add_uint(tree, hf_security_3_1_credential_type, tvb, start, offset - start, value);
2545 }
2547 /* Stage */
2555 /* Security Node Identifier */
2556 {
2560 ti = proto_tree_add_item(tree, hf_security_3_1_security_node_identifier, tvb, offset, 0, ENC_NA);
2568 }
2571 }
2573 /**
2574 * Security.3.2: Identity Resolution.
2575 */
2576 int dissect_2008_16_security_3_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2577 {
2581 /* Credential Type */
2582 {
2588 pi = proto_tree_add_uint(tree, hf_security_3_2_credential_type, tvb, start, offset - start, value);
2590 }
2592 /* Stage */
2596 /* Length */
2597 {
2606 }
2608 /* Public Data */
2613 }
2615 /**
2616 * Security.4: Key Request. Returns: dof_2008_16_security_4
2617 */
2618 static int dissect_2008_16_security_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
2619 {
2633 {
2638 dof_2008_16_security_3_1 return_3_1;
2647 {
2649 }
2650 }
2652 {
2659 }
2661 {
2672 }
2675 }
2677 /**
2678 * Security.5: Key Grant.
2679 */
2680 static int dissect_2008_16_security_5(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
2681 {
2691 }
2693 /**
2694 * Security.6.1: Session Initator Block.
2695 * Returns dof_2008_16_security_6_1
2696 */
2697 static int dissect_2008_16_security_6_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
2698 {
2701 /* Allocate the return structure. */
2704 /* Desired Duration */
2708 /* Desired Security Mode */
2709 {
2724 {
2727 return_data->security_mode_data = (uint8_t *)tvb_memdup(wmem_file_scope(), start, 4, block_length - 4);
2728 }
2729 }
2731 /* Initiator Request */
2732 {
2734 dof_2008_16_security_4 output;
2746 {
2749 }
2750 }
2753 }
2755 /**
2756 * Security.6.2: Session Responder Block.
2757 * Returns dof_2008_16_security_6_2
2758 */
2759 static int dissect_2008_16_security_6_2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
2760 {
2764 /* Responder Request */
2765 {
2767 dof_2008_16_security_4 output;
2779 {
2782 }
2783 }
2786 }
2788 /**
2789 * Security.6.3: Authentication Response Block.
2790 */
2791 static int dissect_2008_16_security_6_3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2792 {
2795 /* Granted Duration */
2799 /* Session Security Scope */
2800 {
2806 ti = proto_tree_add_item(tree, hf_security_6_3_session_security_scope, tvb, offset, 0, ENC_NA);
2811 }
2813 /* Initiator Validation */
2814 {
2825 }
2827 /* Responder Validation */
2828 {
2839 }
2842 }
2844 /**
2845 * Security.7: Security Domain.
2846 */
2847 static int dissect_2008_16_security_7(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2848 {
2849 /* Parse the base type. */
2855 }
2857 /**
2858 * Security.8: Security Node Identifier.
2859 */
2860 static int dissect_2008_16_security_8(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2861 {
2862 /* Parse the base type. */
2868 }
2870 /**
2871 * Security.9: Security Mode of Operation Initialization.
2872 * If the packet info has knowledge of the active security mode
2873 * of operation then this datagram can be further decoded.
2874 */
2875 static int dissect_2008_16_security_9(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2876 {
2880 /* Length */
2881 {
2890 }
2893 {
2896 }
2899 }
2901 /**
2902 * Security.10: Security Scope.
2903 */
2904 static int dissect_2008_16_security_10(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2905 {
2909 /* Count */
2910 {
2919 }
2922 {
2933 {
2943 }
2945 pi = proto_tree_add_uint_format_value(tree, hf_security_10_permission_group_identifier, tvb, start, offset - start, value, "%u%s", value, def);
2947 }
2950 }
2952 /**
2953 * Security.11: Permission Validation.
2954 */
2955 static int dissect_2008_16_security_11(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2956 {
2960 /* Count */
2961 {
2970 }
2973 {
2974 proto_item *ti = proto_tree_add_item(tree, hf_security_11_permission_security_scope, tvb, offset, -1, ENC_NA);
2981 }
2984 }
2986 /**
2987 * Security.12: Permission Security Scope.
2988 */
2989 static int dissect_2008_16_security_12(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2990 {
3004 {
3013 {
3023 }
3025 pi = proto_tree_add_uint_format_value(tree, hf_security_12_permission_group_identifier, tvb, start, offset - start, value, "%u%s", value, def);
3027 }
3030 }
3032 /**
3033 * Security.13: Security Mode of Operation Negotiation.
3034 */
3035 static int dissect_2008_16_security_13(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
3036 {
3037 /* Parse the base type. */
3041 /* TODO: Skipping this first byte means that no other encryption modes can be supported. */
3049 }
3051 /**
3052 * Dissects a buffer that is pointing at an OID.
3053 * Adds a subtree with detailed information about the fields of
3054 * the OID,
3055 * returns the length of the OID,
3056 * and appends text to the tree (really a tree item) that is
3057 * passed in that gives a more accurate description of the OID.
3058 * Note that the tree already shows the bytes of the OID, so if
3059 * no additional information can be displayed then it should not
3060 * be.
3061 *
3062 * If 'tree' is NULL then just return the length.
3063 */
3064 // NOLINTNEXTLINE(misc-no-recursion)
3065 static int dissect_2009_11_type_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
3066 {
3077 {
3079 proto_item_set_text(ti, "Object ID: %s", dof_oid_create_standard_string(tvb_reported_length(tvb), tvb_get_ptr(tvb, 0, tvb_reported_length(tvb)), pinfo));
3080 }
3083 ti = proto_tree_add_uint_format(oid_tree, hf_oid_class, tvb, start_offset, offset - start_offset, oid_class, "Class: %u", oid_class);
3088 offset, 1, oid_len_byte, "Header: 0x%02x (%sLength=%d)", oid_len_byte, oid_len_byte & 0x80 ? "Attribute, " : "", oid_len_byte & 0x3F);
3095 /* Validate the flag byte */
3097 {
3098 /* Type.4 Malformed (bit mandated zero). */
3100 }
3103 {
3104 /* Add the raw data. */
3107 }
3109 /* Check for attributes */
3111 {
3112 /* Read attributes, adding them to oid_tree. */
3115 do
3116 {
3129 }
3131 }
3134 {
3137 }
3139 /* TODO: Add the description. */
3140 /* proto_item_append_text( oid_tree, ": %s", "TODO" ); */
3142 }
3144 /**
3145 * Dissects a buffer that is pointing at an attribute.
3146 * Adds a subtree with detailed information about the fields of
3147 * the attribute,
3148 * returns the new offset,
3149 * and appends text to the tree (really a tree item) that is
3150 * passed in that gives a more accurate description of the
3151 * attribute.
3152 * Note that the tree already shows the bytes of the OID, so if
3153 * no additional information can be displayed then it should not
3154 * be.
3155 *
3156 * If 'tree' is NULL then just return the length.
3157 */
3158 // NOLINTNEXTLINE(misc-no-recursion)
3160 {
3170 offset, 1, attribute_id_byte, "Header: 0x%02x (%sLength=%d)", attribute_id_byte, attribute_id_byte & 0x80 ? "Attribute, " : "", attribute_id_byte & 0x3F);
3182 {
3184 /* TODO: Check length */
3185 proto_tree_add_item(oid_tree, hf_oid_attribute_data, tvb, offset, attribute_length_byte, ENC_NA);
3191 {
3200 }
3204 proto_tree_add_item(oid_tree, hf_oid_attribute_data, tvb, offset, attribute_length_byte, ENC_NA);
3206 }
3209 }
3212 /* Transport Session ID */
3215 /* Static Methods. */
3218 static int dof_dissect_dnp_length(tvbuff_t *tvb, packet_info *pinfo, uint8_t version, int *offset);
3219 #define VALIDHEX(c) ( ((c) >= '0' && (c) <= '9') || ((c) >= 'A' && (c) <= 'F') || ((c) >= 'a' && (c) <= 'f') )
3222 /* Configuration structures. These tables allow for security
3223 * mode templates, security keys, and secrets to be configured.
3224 */
3231 /* Structure for security mode of operation templates. */
3241 /* Structure for security keys. */
3246 /* Structure for secrets (for identities) */
3254 {
3261 {
3262 /* A single TCP frame can contain multiple packets. We must
3263 * be able to keep track of them all.
3264 */
3265 dof_api_data api_data;
3268 dof_transport_packet transport_packet;
3272 /**
3273 * This structure exists for TCP packets and allows matching Wireshark frames to
3274 * DPS packets.
3275 */
3277 {
3278 /* Packets are ignored based on the starting TCP SEQ (sequence of first byte). */
3282 /* DPS packet structures contained within a TCP frame. */
3286 /**
3287 * This structure exists for UDP sessions and allows for advanced stream handling
3288 * and matching Wireshark frames to DPS packets.
3289 */
3291 {
3292 /* This must be the first structure, as a pointer to this type is stored in each DPS packet. */
3293 dof_transport_session common;
3295 /* For the associated TCP conversation, this tracks the client and server
3296 * addresses.
3297 */
3298 ws_node server;
3301 /* This structure exists for TCP sessions and allows for advanced stream handling
3302 * and matching Wireshark frames to DPS packets.
3303 */
3305 {
3306 /* This must be the first structure, as a pointer to this type is stored in each DPS packet. */
3307 dof_transport_session common;
3309 /* This flag is used to determine that an entire TCP session is NOT OpenDOF.
3310 * Because of TCP/IP negotiation in the DPS it is easy to confuse arbitrary
3311 * protocols as OpenDOF. Once it is determined that it is not then this
3312 * flag can be set, which will turn off all the OpenDOF dissectors.
3313 */
3316 /* For the associated TCP conversation, this tracks the client and server
3317 * addresses.
3318 */
3321 /* TCP sequence numbers, used to detect retransmissions. These are only valid
3322 * during the first pass through the packets.
3323 */
3333 /* Global DPS data structures for security keys. */
3337 /* Global DPS data structures for identity secrets. */
3342 /* Callbacks for Configuration security templates. */
3348 {
3349 }
3352 {
3360 {
3363 }
3365 {
3368 }
3372 {
3375 }
3377 {
3380 }
3383 {
3386 }
3388 }
3391 {
3400 }
3403 {
3409 }
3412 /* Callbacks for security keys. */
3416 {
3417 }
3420 {
3425 {
3428 }
3430 }
3433 {
3440 }
3443 {
3447 }
3450 /* Callbacks for identity secrets. */
3456 {
3457 }
3460 {
3468 {
3470 {
3473 }
3474 }
3476 {
3479 }
3483 {
3485 {
3488 }
3489 }
3491 {
3494 }
3497 {
3500 }
3502 }
3505 {
3514 }
3517 {
3523 }
3527 /* The IP transport protocols need to assign SENDER ID based on the
3528 * transport address. This requires a hash lookup from address/port to ID.
3529 */
3534 {
3535 address addr;
3540 {
3549 {
3558 }
3561 }
3564 {
3572 }
3575 {
3579 }
3582 {
3583 /* This routine is called each time the system is reset (file load, capture)
3584 * and so it should take care of freeing any of our persistent stuff.
3585 */
3587 {
3588 /* Clear it out. Note that this calls the destroy functions for each element. */
3591 }
3593 /* The value is not allocated, so does not need to be freed. */
3594 addr_port_to_id = g_hash_table_new_full(addr_port_key_hash_fn, addr_port_key_equal_fn, addr_port_key_free_fn, NULL);
3595 }
3599 #define EP_COPY_ADDRESS(to, from) { \
3600 uint8_t *EP_COPY_ADDRESS_data; \
3601 (to)->type = (from)->type; \
3602 (to)->len = (from)->len; \
3603 EP_COPY_ADDRESS_data = (uint8_t*) wmem_alloc(wmem_packet_scope(),(from)->len); \
3604 memcpy(EP_COPY_ADDRESS_data, (from)->data, (from)->len); \
3605 (to)->priv = EP_COPY_ADDRESS_data; \
3606 (to)->data = (to)->priv; \
3607 }
3609 /* Return the transport ID, a unique number for each transport sender.
3610 */
3612 {
3613 addr_port_key lookup_key;
3617 /* ensure the address contains actual data */
3621 /* Build a (non-allocated) key to do the lookup. */
3628 {
3629 /* We found a match. */
3631 }
3633 /* No match, need to add a key. */
3638 /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
3641 }
3643 /* Wireshark Configuration Dialog Routines*/
3645 static bool identsecret_chk_cb(void *r _U_, const char *p _U_, unsigned len _U_, const void *u1 _U_, const void *u2 _U_, char **err _U_)
3646 {
3647 #if 0
3661 {
3664 }
3667 {
3669 {
3672 }
3673 }
3674 #endif
3676 }
3678 /* Utility Methods */
3681 {
3685 {
3687 {
3690 }
3697 }
3700 }
3703 {
3709 {
3713 {
3716 }
3722 }
3723 }
3725 /* OID and IID Parsing */
3727 static const uint8_t OALString_HexChar[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
3729 #define IS_PRINTABLE(c) ( ((uint8_t)c) >= 32U && ((uint8_t)c) < 127U )
3730 #define IS_ESCAPED(c) ( (c) == '(' || (c) == ')' || (c) == '[' || (c) == ']' || (c) == '{' || (c) == '}' || (c) == '\\' || (c) == '|' )
3731 #define DOFOBJECTID_MAX_CLASS_SIZE (4)
3732 #define MAX_OID_DATA_SIZE (63)
3733 #define OID_DATA_LEN_MASK (MAX_OID_DATA_SIZE)
3735 #define ObjectID_DataToStringLength( data, dataSize ) ObjectID_DataToString( (data), (dataSize), NULL )
3736 #define OALString_HexDigitToChar(c) (OALString_HexChar[(c)])
3737 #define DOFObjectIDAttribute_IsValid( attribute ) ((attribute).id < DOFOBJECTIDATTRIBUTE_INVALID)
3738 #define DOFObjectIDAttribute_GetValueSize( attribute ) ((attribute).dataSize)
3739 #define DOFObjectIDAttribute_GetValue( attribute ) ((attribute).data)
3740 #define DOFObjectIDAttribute_GetType( attribute ) ((DOFObjectIDAttributeType)(attribute).id)
3743 {
3744 /**
3745 * Provider attribute. This attribute identifies an object as being
3746 * provided by a specific service provider. The associated data must
3747 * be an object identifier.
3748 */
3751 /**
3752 * Session attribute. This attribute associates the object with the
3753 * specified session. The associated data must be exactly 16 bytes long.
3754 */
3757 /**
3758 * Group attribute. This attribute is normally used in association
3759 * with the BROADCAST object identifier. It defines a target that is
3760 * a multicast group in the DOF network (as opposed to the transport).
3761 * The associated data must be an object identifier.
3762 */
3765 /**
3766 * Invalid, used to signal that an error has occurred.
3767 */
3773 {
3775 uint16_t len; /* Actual length of oid's wire representation. Max is 32707: 4 + 1 + 63 + (127 * 257). */
3776 uint8_t oid[]; /* Extends beyond end of this defined structure, so oid MUST be last structure member! */
3784 {
3785 uint8_t id; /**< Attribute Identifier. Intentionally defined as uint8 for size, but holds all valid values for DOFObjectIDAttributeType. **/
3790 /**
3791 * Read variable-length value from buffer.
3792 *
3793 * @param maxSize [in] Maximum size of value to be read
3794 * @param bufLength [in,out] Input: size of buffer, output: size of value in buffer
3795 * @param buffer [in] Actual buffer
3796 * @return Uncompressed value if buffer size is valid (or 0 on error)
3797 */
3798 static uint32_t OALMarshal_UncompressValue(uint8_t maxSize, uint32_t *bufLength, const uint8_t *buffer)
3799 {
3806 {
3808 /* Two Bytes */
3811 else
3817 /* Three/Four Bytes */
3820 else
3825 /* One Byte */
3829 }
3831 /* Sanity check */
3841 }
3844 {
3850 }
3853 {
3855 }
3858 {
3861 /* Determine if the data is printable... */
3863 {
3865 nonprintable++;
3867 escaped++;
3868 }
3870 {
3871 /* Printable, so copy as a string, escaping where necessary. */
3873 {
3875 {
3877 {
3880 }
3881 else
3883 }
3884 }
3885 else
3886 {
3888 }
3889 }
3890 else
3891 {
3892 /* Non-printable, so format as hex string. */
3894 {
3897 {
3900 }
3902 }
3903 else
3904 {
3906 }
3907 }
3909 }
3912 {
3914 return (const uint8_t *)self->oid + DOFObjectID_GetClassSize(self) + 1; /* 1: length of length byte. */
3917 }
3920 {
3924 }
3927 {
3931 /* bit 7: next attribute flag. */
3932 return (bool)(((*(const uint8_t *)((const uint8_t *)(self->oid) + DOFObjectID_GetClassSize(self))) & 0x80) != 0);
3933 }
3936 {
3938 }
3941 {
3944 /* Note: No OID can duplicate an attribute ID. Legal attribute IDs can be from 0-126. So max count fits in uint8. */
3946 {
3951 {
3953 pNextAttribute += (2 + *((const uint8_t *)pNextAttribute + 1)); /* 2: attribute marshalling overhead. */
3954 }
3955 }
3958 }
3960 static DOFObjectIDAttribute DOFObjectID_GetAttributeAtIndex(const DOFObjectID self, uint8_t attribute_index)
3961 {
3964 /* Note: No OID can duplicate an attribute ID. Legal attribute IDs can be from 0-127. So max index fits in uint8. */
3966 {
3968 {
3973 {
3975 {
3977 retAttributeDescriptor.dataSize = (DOFObjectIDAttributeDataSize) * ((const uint8_t *)pNextAttribute + 1);
3978 retAttributeDescriptor.data = (const uint8_t *)pNextAttribute + 2; /* 2: attr marshalling overhead. */
3980 }
3984 }
3985 }
3986 }
3989 }
3992 {
3993 /* Ephemeral memory doesn't need to be freed. */
3994 }
3997 {
4000 }
4003 {
4006 /* Legal OID described at buffer must have at least 2 bytes. */
4008 {
4012 /* Legal OID described at buffer must have its class representation be correctly compressed. */
4014 {
4017 /* Above call won't return 3 because DOFOBJECTID_MAX_CLASS_SIZE (4) was passed in. */
4019 /* Legal OID described at buffer must have enough bytes to describe its OID class. */
4021 {
4024 /* Legal OID described at buffer must have its length byte bit 6 be 0. */
4026 {
4030 /* Legal broadcast OID described at buffer must have no base data, though it can have attribute(s)*/
4036 {
4037 /* Legal OID described at buffer must have enough bytes to hold each new found attribute. */
4039 {
4042 }
4043 else
4045 }
4046 /* Legal OID described at buffer must have enough buffer bytes, final check. */
4048 {
4049 DOFObjectID newObjID = (DOFObjectID)wmem_alloc0(wmem_packet_scope(), sizeof(DOFObjectID_t) + (sizeof(uint8_t) * (computedSize + 1)));
4050 /* Adds space for null-terminator, just in case. */
4054 {
4059 }
4060 /* buffer describes valid OID, but due to alloc failure we cannot return the newly created OID*/
4062 }
4063 }
4064 }
4065 }
4066 }
4067 notvalid:
4068 /* buffer does not describe a valid OID, but do not log a message. The caller may have called us to find out if the
4069 buffer does or does not obey the rules of a valid OID. He learns that by our NULL return. */
4070 allocErrorOut :
4074 }
4077 {
4082 {
4084 {
4087 }
4088 }
4090 }
4092 // NOLINTNEXTLINE(misc-no-recursion)
4094 {
4097 /* Note: All these string functions can be exercised with objectid_test.c, which outputs the string to console. */
4107 /* Handle Attributes, if any. */
4109 {
4115 {
4116 DOFObjectID embedOID;
4123 len++;
4125 /* Handle embedded Object IDs. */
4129 {
4130 len += ObjectID_ToStringLength(embedOID, pinfo); /* Recurse to compute string rep length of found OID. */
4132 }
4133 else
4134 {
4135 /* Hex Data. */
4138 }
4140 }
4144 }
4147 {
4165 /* Data */
4167 {
4170 }
4176 }
4178 // NOLINTNEXTLINE(misc-no-recursion)
4180 {
4181 DOFObjectIDClass oidClass;
4186 /* Class */
4189 {
4192 }
4194 {
4197 }
4199 {
4202 }
4207 /* Data */
4208 len += ObjectID_DataToString(DOFObjectID_GetData(oid), DOFObjectID_GetDataSize(oid), &pBuf[len]);
4209 /* Handle Attributes, if any. */
4211 {
4217 {
4218 DOFObjectID embedOID;
4227 pBuf[len++] = OALString_HexDigitToChar((DOFObjectIDAttribute_GetType(avpDescriptor) >> 4) & 0x0F);
4232 /* Handle embedded Object IDs. */
4236 {
4238 len += ObjectID_ToString(embedOID, &pBuf[len], pinfo); /* Recurse to output string rep of found OID. */
4241 }
4242 else
4243 {
4244 /* Hex Data. */
4247 }
4250 }
4254 }
4256 static const char* dof_iid_create_standard_string(uint32_t bufferSize, const uint8_t *pIIDBuffer)
4257 {
4263 {
4266 }
4269 }
4271 static const char* dof_oid_create_standard_string(uint32_t bufferSize, const uint8_t *pOIDBuffer, packet_info *pinfo)
4272 {
4273 DOFObjectID oid;
4282 /* Use PCRMem_Alloc() and not DOFMem_Alloc() because app caller will be freeing memory with PCRMem_Destroy(). */
4285 {
4288 }
4291 }
4293 struct parseCtx
4294 {
4304 /* Operations on OID string */
4305 #define PARSECTX_PEEK_CHAR_OID(ctx) ( (ctx)->oid[(ctx)->currOidPos] )
4306 #define PARSECTX_PEEK_NEXT_CHAR_OID(ctx) ( (ctx)->oid[(ctx)->currOidPos+1] )
4307 #define PARSECTX_READ_CHAR_OID(ctx) ( (ctx)->oid[(ctx)->currOidPos++] )
4308 #define PARSECTX_GET_CURRENT_POS_OID(ctx) ( (ctx)->oid+(ctx)->currOidPos )
4309 #define PARSECTX_STEP_OID(ctx, count)((ctx)->currOidPos+=(count))
4311 /* Operations on DOFObjectID buffer */
4312 #define PARSECTX_GET_CURRENT_POS_BUF(ctx)( ((ctx)->buffer)? (ctx)->buffer+(ctx)->currBufferPos: NULL )
4313 #define PARSECTX_STEP_BUF(ctx, count)( (ctx)->currBufferPos+=(count))
4314 #define PARSECTX_WRITE_AT_POS_BUF(ctx, pos, value) do{ if((ctx)->buffer) *(pos) = (value); } while(0)
4315 #define PARSECTX_OR_AT_POS_BUF(ctx, pos, value) do{ if((ctx)->buffer) *(pos) |= (value); } while(0)
4316 #define PARSECTX_WRITE_BUF(ctx, value)( ((ctx)->buffer)? (ctx)->buffer[(ctx)->currBufferPos++] = (value): (ctx)->currBufferPos++ )
4317 #define PARSECTX_CHECK_LEN(ctx, len) (((ctx)->buffer)? (((ctx)->currBufferPos+len <= (ctx)->buffLen)? 0: 1): 0)
4319 /* Operation to read from OID straight to buffer */
4320 #define PARSECTX_WRITE_BUF_FROM_OID(ctx) (((ctx)->buffer)? (ctx)->buffer[(ctx)->currBufferPos++] = (ctx)->oid[(ctx)->currOidPos]: ((ctx)->currBufferPos++),((ctx)->currOidPos++))
4323 #define DIGIT2VALUE(c) (c-48)
4325 #define HEX2VALUE(c) ( (IS_DIGIT(c))? DIGIT2VALUE(c) : ((c) >= 'A' && (c) <= 'F')? (c-55): (c-87) )
4327 #define VALIDHEX(c) ( ((c) >= '0' && (c) <= '9') || ((c) >= 'A' && (c) <= 'F') || ((c) >= 'a' && (c) <= 'f') )
4328 #define VALIDHEXBYTE(s) ( VALIDHEX((s)[0]) && VALIDHEX((s)[1]) )
4331 #define VALIDASCIICHAR(c) (((uint8_t)c) >= 32 && ((uint8_t)c) <= 126 )
4333 #define IS_ESCAPED(c) ( (c) == '(' || (c) == ')' || (c) == '[' || (c) == ']' || (c) == '{' || (c) == '}' || (c) == '\\' || (c) == '|' )
4338 {
4339 /* Hex fields start with { and end with } can contain space, dash and colon*/
4341 {
4343 {
4345 {
4347 {
4348 PARSECTX_WRITE_BUF(ctx, HEX2VALUE(PARSECTX_PEEK_CHAR_OID(ctx)) << 4 | HEX2VALUE(PARSECTX_PEEK_NEXT_CHAR_OID(ctx)));
4352 {
4354 {
4355 /* no separator after byte block */
4357 }
4359 }
4360 }
4361 else
4362 {
4364 }
4365 }
4366 else
4367 {
4369 }
4370 }
4373 }
4375 }
4378 {
4379 /* Copy into buffer until end or */
4381 {
4384 {
4386 }
4388 {
4389 /* Handle escaped char */
4394 }
4395 else
4396 {
4399 else
4401 }
4402 }
4404 }
4407 {
4412 }
4414 static uint32_t OALMarshal_CompressValue(uint8_t maxSize, uint32_t value, uint32_t bufLength, uint8_t *buffer)
4415 {
4421 {
4437 {
4439 }
4440 else
4441 {
4443 }
4452 /* Invalid computed size! */
4454 }
4456 }
4459 {
4461 {
4462 /* Hex */
4467 {
4469 {
4471 oidClass += (HEX2VALUE(PARSECTX_PEEK_CHAR_OID(ctx)) << 4 | HEX2VALUE(PARSECTX_PEEK_NEXT_CHAR_OID(ctx)));
4475 {
4477 {
4478 /* no separator after byte block */
4480 }
4482 }
4483 }
4484 else
4485 {
4487 }
4488 }
4493 {
4495 classSize = OALMarshal_CompressValue(4, oidClass, classSize, PARSECTX_GET_CURRENT_POS_BUF(ctx));
4498 }
4501 }
4502 else
4503 {
4504 /* Number */
4508 {
4512 }
4516 {
4518 classSize = OALMarshal_CompressValue(4, oidClass, classSize, PARSECTX_GET_CURRENT_POS_BUF(ctx));
4521 }
4524 }
4525 }
4528 {
4530 {
4532 }
4533 else
4534 {
4537 {
4541 }
4544 {
4547 }
4548 }
4550 }
4552 // NOLINTNEXTLINE(misc-no-recursion)
4554 {
4559 {
4561 }
4563 {
4565 }
4566 else
4567 {
4569 }
4572 }
4574 // NOLINTNEXTLINE(misc-no-recursion)
4576 {
4578 {
4579 /* separated by ':' */
4581 {
4589 {
4590 PARSECTX_WRITE_AT_POS_BUF(ctx, length, (uint8_t)(PARSECTX_GET_CURRENT_POS_BUF(ctx) - (length + 1)));
4592 }
4593 }
4594 }
4596 }
4598 // NOLINTNEXTLINE(misc-no-recursion)
4600 {
4601 /* AVPs surrounded by '(' ')' but needs at least an avp */
4603 {
4605 {
4613 /* multiple separated by '|' */
4615 {
4618 }
4619 }
4622 }
4624 }
4626 // NOLINTNEXTLINE(misc-no-recursion)
4628 {
4629 /* oid must start with '[' */
4631 {
4633 /* Get class id */
4635 {
4636 /* separated by ':' */
4638 {
4642 /* Get data */
4644 {
4645 /* hex data */
4648 }
4649 else
4650 {
4651 /* string data */
4654 }
4656 /* Write length */
4659 PARSECTX_WRITE_AT_POS_BUF(ctx, length, (uint8_t)(PARSECTX_GET_CURRENT_POS_BUF(ctx) - (length + 1)));
4661 /* Check if attributes exist */
4663 {
4667 }
4669 /* Ends with ] */
4671 {
4673 }
4674 }
4675 }
4676 }
4678 }
4681 {
4688 {
4690 {
4694 {
4695 /* Format OID */
4697 {
4700 }
4701 }
4703 {
4704 /* HEX OID */
4706 {
4709 }
4710 }
4712 }
4713 }
4715 }
4718 {
4720 {
4724 /* Call parseInternal to find out how big the buffer needs to be. */
4728 {
4729 /* Create the DOFObjectID using the size that was just computed. */
4733 {
4734 /* Now that the size is computed and the DOFObjectID is created, call parseInternal again to fill the oid buffer. */
4738 {
4741 }
4744 }
4745 }
4746 }
4750 }
4752 /* Binary Parsing Support */
4754 /**
4755 * Read a compressed 32-bit quantity (PDU Type.3).
4756 * Since the value is variable length, the new offset is
4757 * returned. The value can also be returned, along with the size, although
4758 * NULL is allowed for those parameters.
4759 */
4761 {
4768 {
4771 }
4773 {
4776 }
4777 else
4778 {
4781 }
4792 }
4794 /**
4795 * Validate PDU Type.3
4796 * Validaes the encoding.
4797 * Add Expert Info if format invalid
4798 * This also validates Spec Type.3.1.
4799 */
4801 {
4803 {
4804 /* SPEC Type.3.1 Violation. */
4805 expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.3.1: Compressed 32-bit Compression Mandatory.");
4806 }
4809 {
4810 /* SPEC Type.3.1 Violation. */
4811 expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.3.1: Compressed 32-bit Compression Mandatory.");
4812 }
4813 }
4815 /**
4816 * Reads a compressed 24-bit quantity (PDU Type.2).
4817 * Since the value is variable length, the new offset is
4818 * returned.
4819 * The value can also be returned, along with the size, although
4820 * NULL is allowed for those parameters.
4821 */
4823 {
4830 {
4833 }
4835 {
4838 }
4839 else
4840 {
4843 }
4854 }
4856 /**
4857 * Validate PDU Type.2
4858 * Validaes the encoding.
4859 * Adds Expert Info if format invalid
4860 * This also validates Spec Type.2.1.
4861 */
4863 {
4865 {
4866 /* SPEC Type.2.1 Violation. */
4867 expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.2.1: Compressed 24-bit Compression Mandatory." );
4868 }
4871 {
4872 /* SPEC Type.2.1 Violation. */
4873 expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.2.1: Compressed 24-bit Compression Mandatory.");
4874 }
4875 }
4877 /**
4878 * Reads a compressed 16-bit quantity (PDU Type.1).
4879 * Since the value is variable length, the new offset is
4880 * returned. The value can also be returned, along with the size, although
4881 * NULL is allowed for those parameters.
4882 */
4884 {
4888 {
4893 }
4894 else
4895 {
4899 }
4904 }
4906 /**
4907 * Validates PDU Type.1
4908 * Validaes the encoding.
4909 * Adds Expert Info if format invalid
4910 * This also validates Spec Type.1.1.
4911 */
4913 {
4915 {
4916 /* SPEC Type.1.1 Violation. */
4917 expert_add_info_format(pinfo, pi, &ei_c2_c3_c4_format, "DOF Violation: Type.1.1: Compressed 16-bit Compression Mandatory." );
4918 }
4919 }
4921 /**
4922 * Given a packet data, and assuming that all of the prerequisite information is known,
4923 * assign a SID ID to the packet if not already assigned.
4924 * A SID ID is the *possibility* of a unique SID, but until the SID is learned the
4925 * association is not made. Further, multiple SID ID may end up referring to the
4926 * same SID, in which case the assignment must be repaired.
4927 */
4929 {
4930 node_key_to_sid_id_key lookup_key;
4936 /* Validate input. These represent dissector misuse, not decoding problems. */
4937 /* TODO: Diagnostic/programmer message. */
4945 /* Check if the sender_sid_id is already assigned, if so we are done. */
4947 {
4948 /* Build a (non-allocated) key to do the lookup. */
4957 {
4961 /* We found a match. */
4964 /* If we know the SID, we must get it now. */
4967 {
4968 /* We found a match. */
4970 }
4971 }
4972 else
4973 {
4974 /* No match, need to add a key. */
4978 /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
4981 }
4982 }
4984 /* Check if the receiver_sid_id is already assigned, if so we are done. */
4986 {
4987 /* Build a (non-allocated) key to do the lookup. */
4996 {
5000 /* We found a match. */
5003 /* If we know the SID, we must get it now. */
5006 {
5007 /* We found a match. */
5009 }
5010 }
5011 else
5012 {
5013 /* No match, need to add a key. */
5017 /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
5020 }
5021 }
5023 }
5025 /**
5026 * Declare that the sender of the packet is known to have a SID
5027 * that is identified by the specified buffer. There are a few
5028 * cases here:
5029 * 1. The sid of the sender is already assigned. This is a NOP.
5030 * 2. The sid has never been seen. This associates the SID with the sender SID ID.
5031 * 3. The sid has been seen, and matches the SID ID of the sender. This just sets the sid field.
5032 * 4. The sid has been seen, but with a different SID ID than ours. Patch up all the packets.
5033 */
5035 {
5041 /* Validate input. */
5043 {
5044 /* TODO: Print error. */
5046 }
5049 {
5050 /* TODO: Print error. */
5052 }
5058 /* Check for sender SID already known. */
5062 /* Check for SID already known (has assigned SID ID) */
5063 /* Build a (non-allocated) key to do the lookup. */
5068 {
5071 /* We found a match. */
5073 {
5074 /* It matches our SID ID. Set the sid field. */
5077 }
5078 else
5079 {
5080 /* There is a mis-match between SID and SID ID. We have to go through
5081 * all the packets that have SID ID (ours) and update them to SID ID (sid).
5082 */
5088 {
5102 }
5103 }
5106 }
5108 /* The SID has never been seen. Associate with the SID ID. */
5112 /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
5116 /* NOTE: We are storing a reference to the SID in the packet data. This memory
5117 * will be freed by the dissector init routine when the SID hash table is destroyed.
5118 * Nothing else should free this SID.
5119 */
5122 /* We have learned the "correct" sid and sid_id, so we can set the sid of
5123 * any packets that have this sid_id (saves hash lookups in the future).
5124 */
5125 {
5129 {
5137 }
5138 }
5139 }
5141 /**
5142 * Learn a SID from an explict operation. This only defines sids and sid ids.
5143 */
5144 static void learn_operation_sid(dof_2009_1_pdu_20_opid *opid, uint8_t length, const uint8_t *sid)
5145 {
5150 /* Check for sender SID already known. */
5154 /* Check for SID already known (has assigned SID ID) */
5155 /* Build a (non-allocated) key to do the lookup. */
5160 {
5166 }
5168 /* The SID has never been seen. Associate with the SID ID. */
5172 /* Assign the op_sid_id. */
5175 /* Note, this is not multithread safe, but Wireshark isn't multithreaded. */
5179 /* NOTE: We are storing a reference to the SID in the packet data. This memory
5180 * will be freed by the dissector init routine when the SID hash table is destroyed.
5181 * Nothing else should free this SID.
5182 */
5184 }
5186 static void generateMac(gcry_cipher_hd_t cipher_state, uint8_t *nonce, const uint8_t *epp, int a_len, uint8_t *data, int len, uint8_t *mac, int mac_len)
5187 {
5191 /* a_len = 1, t = mac_len, q = 4: (t-2)/2 : (q-1) -> 4B */
5205 {
5210 }
5214 {
5219 }
5222 }
5224 static int decrypt(ccm_session_data *session, ccm_packet_data *pdata, uint8_t *nonce, const uint8_t *epp, int a_len, uint8_t *data, int len)
5225 {
5238 /* Check the mac length. */
5244 else
5245 ekey = (uint8_t *)g_hash_table_lookup(session->cipher_data_table, GUINT_TO_POINTER(pdata->period));
5250 /* Determine how many blocks are skipped. */
5256 #endif
5259 /* This is hard-coded for q=4. This can only change with a protocol revision.
5260 Note the value is stored as (q-1). */
5270 {
5272 {
5278 }
5281 }
5295 /* Now we have to generate the MAC... */
5296 generateMac(session->cipher_data, nonce, epp, a_len, data, (int)(len - session->mac_len), computed_mac, session->mac_len);
5300 /* Failure */
5302 }
5304 /* Master Protocol Layer Handlers */
5306 /**
5307 * This dissector is handed a DPP packet of any version. It is responsible for decoding
5308 * the common header fields and then passing off to the specific DPP dissector
5309 */
5311 {
5314 /* Compute the APP control information. This is the version and the flags byte.
5315 * The flags byte is either present, or is based on the version (and can be defaulted).
5316 */
5317 {
5325 /* call the next dissector */
5327 {
5332 }
5333 else
5334 {
5337 }
5338 }
5341 }
5343 /**
5344 * This dissector is handed a DPP packet of any version. It is responsible for decoding
5345 * the common header fields and then passing off to the specific DPP dissector
5346 */
5347 static int dof_dissect_dpp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
5348 {
5356 /* Compute the DPP control information. This is the version and the flags byte.
5357 * The flags byte is either present, or is based on the version (and can be defaulted).
5358 */
5359 {
5370 DOF_PRESENTATION_PROTOCOL " Version %u, Flags: %s", dpp_version, dpp_flags_included ? "Included" : "Default");
5374 dpp_tree = proto_tree_add_subtree(dpp_root, tvb, offset, 1, ett_2008_1_dpp_1_header, NULL, "Header");
5377 /* Version and Flag bit */
5382 /* This may, in some cases, be the end of the packet. This is only valid in some
5383 * situations, which are checked here.
5384 */
5386 {
5387 /* TODO: Complete this logic. */
5395 {
5400 ((api_data->transport_session->negotiation_complete_at == 0) || (api_data->transport_session->negotiation_complete_at_ts.secs - api_data->transport_session->session_start_ts.secs > 10)))
5401 {
5402 /* This is the second pass, so we can check for timeouts. */
5404 }
5407 }
5408 }
5410 /* call the next dissector */
5411 if (dissector_try_uint_with_data(dof_dpp_dissectors, dpp_version, tvb, pinfo, dpp_root, false, data))
5412 {
5417 }
5418 }
5421 }
5423 /**
5424 * This dissector is handed a DNP packet of any version. It is responsible for decoding
5425 * the common header fields and then passing off to the specific DNP dissector
5426 */
5427 static int dof_dissect_dnp_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, dof_api_data *api_data, int offset)
5428 {
5438 DOF_NETWORK_PROTOCOL " Version %u, Flags: %s", dnp_version, dnp_flags_included ? "Included" : "Default");
5442 dnp_tree = proto_tree_add_subtree(dnp_root, tvb, offset, 1, ett_2008_1_dnp_header, NULL, "Header");
5444 /* Version and Flag bit */
5448 /* call the next dissector */
5449 if (dissector_try_uint_with_data(dnp_dissectors, dnp_version, tvb, pinfo, dnp_root, false, api_data))
5450 {
5451 /* Since the transport may have additional packets in this frame, protect our work. */
5454 }
5455 else
5456 {
5459 /* During negotiation, we can move past DNP even if it is not known. */
5460 if (((header & 0x80) == 0) && api_data->transport_session->negotiation_required && ((pinfo->fd->num < api_data->transport_session->negotiation_complete_at) || (api_data->transport_session->negotiation_complete_at == 0)))
5461 {
5462 offset += dof_dissect_dpp_common(tvb_new_subset_remaining(tvb, offset + 1), pinfo, tree, api_data);
5463 }
5464 }
5467 {
5470 }
5473 }
5475 /**
5476 * This dissector is called for each DPS packet. It assumes that the first layer is
5477 * DNP, but it does not know anything about versioning. Further, it only worries
5478 * about decoding DNP (DNP will decode DPP, and so on).
5479 *
5480 * This routine is given the DPS packet for the first packet, but doesn't know anything
5481 * about DPS sessions. It may understand transport sessions, but these are surprisingly
5482 * worthless for DPS.
5483 */
5485 {
5496 /* Create the packet if it doesn't exist. */
5498 {
5502 /* TODO: This is not correct for reversed sessions. */
5504 }
5506 /* Assign the transport sequence if it does not exist. */
5510 /* Compute the DPS information. This is a master holder for general information. */
5511 {
5514 ti = proto_tree_add_protocol_format(tree, proto_2008_1_dof, tvb, 0, tvb_reported_length(tvb), DOF_PROTOCOL_STACK);
5517 /* Add the general packet information. */
5518 {
5519 ti = proto_tree_add_uint(dof_root, hf_2008_1_dof_session_transport, tvb, 0, 0, api_data->transport_session->transport_session_id);
5522 ti = proto_tree_add_boolean(dof_root, hf_2008_1_dof_is_2_node, tvb, 0, 0, api_data->transport_session->is_2_node);
5525 ti = proto_tree_add_boolean(dof_root, hf_2008_1_dof_is_streaming, tvb, 0, 0, api_data->transport_session->is_streaming);
5529 {
5530 ti = proto_tree_add_uint(dof_root, hf_2008_1_dof_session, tvb, 0, 0, api_data->session->session_id);
5532 }
5535 {
5536 ti = proto_tree_add_uint_format(dof_root, hf_2008_1_dof_session, tvb, 0, 0, api_data->secure_session->original_session_id, "DPS Session (Non-secure): %d", api_data->secure_session->original_session_id);
5538 }
5543 ti = proto_tree_add_boolean(dof_root, hf_2008_1_dof_is_from_client, tvb, 0, 0, api_data->transport_packet->is_sent_by_client);
5545 }
5546 }
5552 }
5554 /**
5555 * This dissector is called for each DPS packet. It assumes that the first layer is
5556 * ENP, but it does not know anything about versioning. Further, it only worries
5557 * about decoding ENP (ENP will decode EPP, and so on).
5558 *
5559 * This routine is given the DPS packet for the first packet, but doesn't know anything
5560 * about DPS sessions. It may understand transport sessions, but these are surprisingly
5561 * worthless for DPS.
5562 */
5563 static int dissect_tunnel_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
5564 {
5565 /* The packet data is the private_data, and must exist. */
5571 /* Compute the APP control information. This is the version and the length bytes.
5572 * The flags byte is either present, or is based on the version (and can be defaulted).
5573 */
5574 {
5591 {
5595 }
5596 }
5599 }
5601 static int dissect_tun_app_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
5602 {
5605 /* Compute the APP control information. This is the version and the flags byte.
5606 * The flags byte is either present, or is based on the version (and can be defaulted).
5607 */
5608 {
5618 /* call the next dissector */
5620 {
5625 }
5626 else
5627 {
5630 }
5631 }
5634 }
5636 /* Packet and Session Data Creation */
5638 static udp_session_data* create_udp_session_data(packet_info *pinfo, conversation_t *conversation _U_)
5639 {
5642 /* TODO: Determine if this is valid or not. */
5643 /* WMEM_COPY_ADDRESS( wmem_file_scope(), &packet->server.address, &conversation->key_ptr->addr1 );
5644 packet->server.port = conversation->key_ptr->port1; */
5650 {
5654 else
5656 }
5664 }
5666 static tcp_session_data* create_tcp_session_data(packet_info *pinfo, conversation_t *conversation)
5667 {
5670 copy_address_wmem(wmem_file_scope(), &packet->client.addr, conversation_key_addr1(conversation->key_ptr));
5672 copy_address_wmem(wmem_file_scope(), &packet->server.addr, conversation_key_addr2(conversation->key_ptr));
5685 }
5688 {
5689 /* Create the packet data. */
5696 /* Add the packet into the list of packets. */
5698 {
5701 }
5702 else
5703 {
5706 }
5709 }
5711 /* Dissectors for Transports (UDP/TCP) */
5713 /**
5714 * Dissect a UDP packet. The parent protocol is UDP. No assumptions about DPS
5715 * data structures are made on input, but before calling common they must
5716 * be set up.
5717 * This dissector is registered with the UDP protocol on the standard DPS port.
5718 * It will be used for anything that involves that port (source or destination).
5719 */
5720 static int dissect_dof_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
5721 {
5722 dof_api_data *api_data = (dof_api_data *)p_get_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_udp, 0);
5724 {
5728 /* bool mcast = false; */
5730 /* {
5731 uint8_t* addr = (uint8_t*) pinfo->dst.data;
5732 if ( (pinfo->dst.type == AT_IPv4) && (addr != NULL) && (addr[0] != 224) )
5733 mcast = true;
5734 } */
5736 /* Register the source address as being DPS for the sender UDP port. */
5737 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, conversation_pt_to_conversation_type(pinfo->ptype), pinfo->srcport, pinfo->destport, NO_ADDR_B | NO_PORT_B);
5739 {
5740 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, conversation_pt_to_conversation_type(pinfo->ptype), pinfo->srcport, pinfo->destport, NO_ADDR2 | NO_PORT2);
5742 }
5744 /* Find or create the conversation for this transport session. For UDP, the transport session is determined entirely by the
5745 * server port. This assumes that the first packet seen is from a client to the server.
5746 */
5747 conversation = find_conversation(pinfo->fd->num, &pinfo->dst, &pinfo->src, CONVERSATION_UDP, pinfo->destport, pinfo->srcport, NO_ADDR_B | NO_PORT_B);
5749 {
5750 /* TODO: Determine if this is valid or not. */
5751 /*if ( conversation->key_ptr->port1 != pinfo->destport || ! addresses_equal( &conversation->key_ptr->addr1, &pinfo->dst ) )
5752 conversation = NULL; */
5753 }
5756 conversation = conversation_new(pinfo->fd->num, &pinfo->dst, &pinfo->src, CONVERSATION_UDP, pinfo->destport, pinfo->srcport, NO_ADDR2 | NO_PORT2 | CONVERSATION_TEMPLATE);
5758 transport_session = (udp_session_data *)conversation_get_proto_data(conversation, proto_2008_1_dof_udp);
5760 {
5763 }
5765 /* UDP has no framing or retransmission issues, so the dof_api_data is stored directly on the frame. */
5775 if (addresses_equal(&transport_session->server.addr, &pinfo->src) && (transport_session->server.port == pinfo->srcport))
5784 }
5787 }
5789 /**
5790 * Determine if the current offset has already been processed.
5791 * This is specific to the TCP dissector.
5792 */
5793 static bool is_retransmission(packet_info *pinfo, tcp_session_data *session, tcp_packet_data *packet, struct tcpinfo *tcpinfo)
5794 {
5795 /* TODO: Determine why we get big numbers sometimes... */
5796 /* if ( tcpinfo->seq != 0 && tcpinfo->seq < 1000000) */
5797 {
5801 if (addresses_equal(&pinfo->src, &session->client.addr) && (pinfo->srcport == session->client.port))
5802 {
5804 }
5805 else
5806 {
5808 }
5811 {
5813 }
5819 }
5822 }
5824 /**
5825 * We have found and processed packets starting at offset, so
5826 * don't allow the same (or previous) packets.
5827 * This only applies to TCP dissector conversations.
5828 */
5829 static void remember_offset(packet_info *pinfo, tcp_session_data *session, tcp_packet_data *packet, struct tcpinfo *tcpinfo)
5830 {
5833 /* TODO: Determine why we get big numbers sometimes... */
5834 /* if ( tcpinfo->seq != 0 && tcpinfo->seq < 1000000) */
5835 {
5841 if (addresses_equal(&pinfo->src, &session->client.addr) && (pinfo->srcport == session->client.port))
5842 {
5850 }
5851 else
5852 {
5860 }
5863 {
5866 }
5870 {
5875 }
5876 }
5877 }
5879 /**
5880 * This dissector is registered with TCP using the standard port. It uses registered
5881 * protocols to determine framing, and those dissectors will call into the base
5882 * DPS dissector for each packet.
5883 */
5885 {
5892 /* Get the TCP conversation. TCP creates a new conversation for each TCP connection,12
5893 * so we can "mirror" that by attaching our own data to that conversation. If our
5894 * data cannot be found, then it is a new connection (to us).
5895 */
5897 {
5898 /* This should be impossible - the TCP dissector requires this conversation.
5899 * Bail...
5900 */
5902 }
5905 /* This requires explanation. TCP will call this dissector, and we know
5906 * that the first byte (offset 0 of this tvb) is the first byte of an
5907 * DPS packet. The TCP dissector ensures this.
5908 *
5909 * We do *not* know that this is the only packet, and
5910 * so the dissector that we call below must handle framing. All of
5911 * this state must be stored, and so we store it in a transport
5912 * data structure. DPS packet data is created later and associated
5913 * differently.
5914 *
5915 * Further, this routine MAY be called MULTIPLE times for the SAME
5916 * frame with DIFFERENT sequence numbers. This makes handling
5917 * retransmissions very difficult - we must track each call to this
5918 * routine with its associated offset and ignore flag. However, due
5919 * to the way that Wireshark handles asking for more data we cannot
5920 * mark an offset as "duplicate" until after it has been processed.
5921 */
5923 /* TCP packet data is only associated with TCP frames that hold DPS packets. */
5926 {
5929 }
5934 packet = (tcp_packet_data *)p_get_proto_data(wmem_file_scope(), pinfo, proto_2008_1_dof_tcp, 0);
5936 {
5939 }
5944 /* Loop, checking all the packets in this frame and communicating with the TCP
5945 * desegmenter. The framing dissector entry is used to determine the size
5946 * of the current frame.
5947 */
5948 {
5949 /* Note that we must handle fragmentation on TCP... */
5953 {
5959 /* If we are negotiating, then we do not need the framing dissector
5960 * as we know the packet length is two. Note that for the first byte
5961 * of a TCP session there are only two cases, both handled here. An error
5962 * of not understanding the first byte will trigger that this is not
5963 * a DPS session.
5964 */
5965 if (((header & 0x80) == 0) && session->common.negotiation_required && ((pinfo->fd->num < session->common.negotiation_complete_at) || (session->common.negotiation_complete_at == 0)))
5966 {
5969 {
5972 }
5973 }
5974 else
5975 {
5978 {
5981 }
5982 }
5985 {
5989 }
5992 {
5996 }
6002 /* We have a packet. We have to store the dof_packet_data in a list, as there may be
6003 * multiple DPS packets in a single Wireshark frame.
6004 */
6005 {
6011 /* Get the packet data. This is a list in increasing sequence order. */
6013 {
6020 }
6021 else
6024 /* Find the entry for our offset. */
6026 {
6028 {
6031 }
6033 {
6036 /* This is the default state, NULL and 0. */
6043 }
6044 }
6047 {
6057 }
6061 }
6064 }
6067 }
6068 }
6071 /**
6072 * This dissector is registered with the UDP protocol on the standard DPS port.
6073 * It will be used for anything that involves that port (source or destination).
6074 */
6075 #if 0
6076 static int dissect_tunnel_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
6077 {
6081 /* Initialize the default transport session structure. */
6087 /* Add the packet data. */
6090 {
6098 }
6102 #else
6103 static int dissect_tunnel_udp(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_)
6104 {
6105 #endif
6107 }
6108 #endif
6111 /**
6112 * This dissector is registered with TCP using the standard port. It uses registered
6113 * protocols to determine framing, and those dissectors will call into the base
6114 * DPS dissector for each packet.
6115 */
6117 {
6123 /* Get the TCP conversation. TCP creates a new conversation for each TCP connection,
6124 * so we can "mirror" that by attaching our own data to that conversation. If our
6125 * data cannot be found, then it is a new connection (to us).
6126 */
6128 {
6129 /* This should be impossible - the TCP dissector requires this conversation.
6130 * Bail...
6131 */
6133 }
6136 /* This requires explanation. TCP will call this dissector, and we know
6137 * that the first byte (offset 0 of this tvb) is the first byte of an
6138 * DPS packet. The TCP dissector ensures this.
6139 *
6140 * We do *not* know that this is the only packet, and
6141 * so the dissector that we call below must handle framing. All of
6142 * this state must be stored, and so we store it in a transport
6143 * data structure. DPS packet data is created later and associated
6144 * differently.
6145 *
6146 * Further, this routine MAY be called MULTIPLE times for the SAME
6147 * frame with DIFFERENT sequence numbers. This makes handling
6148 * retransmissions very difficult - we must track each call to this
6149 * routine with its associated offset and ignore flag. However, due
6150 * to the way that Wireshark handles asking for more data we cannot
6151 * mark an offset as "duplicate" until after it has been processed.
6152 */
6154 /* TCP packet data is only associated with TCP frames that hold DPS packets. */
6157 {
6160 }
6162 packet = (tcp_packet_data *)p_get_proto_data(wmem_file_scope(), pinfo, proto_2012_1_tunnel, 0);
6164 {
6167 }
6172 /* Loop, checking all the packets in this TCP frame.
6173 */
6174 {
6175 /* Note that we must handle fragmentation on TCP... */
6179 {
6186 {
6190 }
6201 {
6205 }
6207 /* We have a packet. We have to store the dof_packet_data in a list, as there may be
6208 * multiple DPS packets in a single Wireshark frame.
6209 */
6210 {
6216 /* Get the packet data. This is a list in increasing sequence order. */
6218 {
6225 }
6226 else
6229 /* Find the entry for our offset. */
6231 {
6233 {
6236 }
6238 {
6241 /* This is the default state, NULL and 0. */
6248 }
6249 }
6252 {
6262 }
6264 /* Manage the private data, restoring the existing value. Call the common dissector. */
6265 {
6267 }
6268 }
6271 }
6274 }
6275 }
6277 /* Dissectors */
6280 {
6288 /* Compute the DNP control information. This is the version and the flags byte.
6289 * The flags byte is either present, or is based on the version (and can be defaulted).
6290 */
6291 {
6298 {
6302 {
6303 /* TODO: Protocol violation. */
6304 }
6308 else
6309 {
6312 {
6313 /* Query with padding. */
6316 }
6317 else
6318 {
6319 /* Response. */
6322 {
6329 }
6333 }
6334 }
6335 }
6336 }
6341 }
6343 /**
6344 * Determine the length of the packet in tvb, starting at an offset that is passed as a
6345 * pointer in private_data.
6346 * Return 0 if the length cannot be determined because there is not enough data in
6347 * the buffer, otherwise return the length of the packet.
6348 */
6349 static int determine_packet_length_1(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void *data)
6350 {
6351 /* Note that we must handle fragmentation on TCP... */
6354 {
6368 {
6369 /* The length is fixed in this case... */
6373 }
6374 else
6375 {
6379 }
6388 }
6389 }
6392 {
6410 {
6411 /* TODO: Print error */
6413 }
6416 {
6417 /* TODO: Print error */
6419 }
6426 /* Compute the DNP control information. This is the version and the flags byte.
6427 * The flags byte is either present, or is based on the version (and can be defaulted).
6428 */
6429 {
6440 {
6444 {
6445 /* Including flags always terminates negotiation. */
6446 /* packet->negotiated = true; */
6452 proto_tree_add_bitmask(dnp_tree, tvb, offset, hf_2009_9_dnp_1_flags, ett_2009_9_dnp_1_flags, bitmask_2009_9_dnp_1_flags, ENC_BIG_ENDIAN);
6455 }
6456 else
6459 /* Determine the size of the length field. */
6462 proto_tree_add_item(dnp_tree, hf_2009_9_dnp_1_length, tvb, offset, dnp_length_length, ENC_BIG_ENDIAN);
6464 /* Read the length. */
6469 /* Validate the length. */
6470 #if 0
6472 {
6474 }
6475 #endif
6479 /* If there isn't a length specified then use the packet size. */
6485 /* Read the srcport */
6487 {
6493 item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_srcport, tvb, s_offset, offset - s_offset, dnp_src_port, "Source Address: %u", dnp_src_port);
6496 }
6497 else
6498 {
6499 proto_item *item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_srcport, tvb, 0, 0, 0, "Source Address: %u", 0);
6501 }
6503 /* Read the dstport */
6505 {
6511 item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_dstport, tvb, s_offset, offset - s_offset, dnp_dst_port, "Destination Address: %u", dnp_dst_port);
6514 }
6515 else
6516 {
6517 proto_item *item = proto_tree_add_uint_format(dnp_tree, hf_2009_9_dnp_1_dstport, tvb, 0, 0, 0, "Destination Address: %u", 0);
6519 }
6520 }
6524 /* Given the transport session and the DPS port information, determine the DPS session. */
6526 {
6531 {
6534 }
6535 else
6536 {
6539 }
6541 api_data->session = dof_ns_session_retrieve(api_data->transport_session->transport_session_id, client, server);
6543 {
6545 dof_ns_session_define(api_data->transport_session->transport_session_id, client, server, sdata);
6549 }
6550 }
6555 /* Assuming there is more, it must be DPP. */
6557 /* We have a packet. */
6558 {
6559 tvbuff_t *next_tvb = tvb_new_subset_length_caplen(tvb, offset, encapsulated_length, tvb_reported_length(tvb) - offset);
6561 }
6562 }
6567 }
6570 {
6578 /* Compute the DPP control information. This is the version and the flags byte.
6579 * The flags byte is either present, or is based on the version (and can be defaulted).
6580 */
6581 {
6588 {
6592 {
6593 /* TODO: Protocol violation. */
6594 }
6598 else
6599 {
6601 /* Response. */
6604 {
6611 }
6612 }
6613 }
6614 }
6619 }
6621 static int dissect_dpp_v2_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
6622 {
6634 {
6635 /* TODO: Output error. */
6637 }
6641 {
6642 /* TODO: Output error. */
6644 }
6646 /* Make entries in Protocol column and Info column on summary display */
6649 /* Create the protocol tree. */
6654 /* Add the APPID. */
6660 /* Retrieve the opcode. */
6665 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, strings_2009_12_dpp_common_opcodes, "Unknown Opcode (%d)"));
6667 /* Opcode */
6668 proto_tree_add_uint_format(dpps_tree, hf_2009_12_dpp_2_14_opcode, tvb, offset, 1, opcode & 0x3F, "Opcode: %s (%u)", val_to_str(opcode, strings_2009_12_dpp_common_opcodes, "Unknown Opcode (%d)"), opcode & 0x3F);
6672 {
6678 /* FALL THROUGH */
6683 /* SID */
6684 {
6690 {
6691 opid_tree = proto_tree_add_subtree(dpps_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Operation Identifier");
6692 }
6693 else
6694 {
6696 }
6698 oid_tree = proto_tree_add_subtree(opid_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Source Identifier");
6708 }
6711 {
6717 pi = proto_tree_add_uint_format(opid_tree, hf_2009_12_dpp_2_1_opcnt, tvb, offset, opcnt_len, opcnt, "Operation Count: %u", opcnt);
6722 }
6725 }
6727 }
6730 {
6752 {
6753 /* TODO: Output error. */
6755 }
6759 {
6760 /* TODO: Output error. */
6762 }
6764 /* We should have everything required for determining the SID ID. */
6770 /* Compute the DPP control information. This is the version and the flags byte.
6771 * The flags byte is either present, or is based on the version (and can be defaulted).
6772 */
6773 {
6778 {
6786 {
6787 const char *SID = dof_oid_create_standard_string(packet_data->sender_sid[0], packet_data->sender_sid + 1, pinfo);
6788 ti = proto_tree_add_bytes_format_value(tree, hf_2008_1_dpp_sid_str, tvb, 0, 0, packet_data->sender_sid, "%s", SID);
6790 }
6797 {
6798 const char *SID = dof_oid_create_standard_string(packet_data->receiver_sid[0], packet_data->receiver_sid + 1, pinfo);
6799 ti = proto_tree_add_bytes_format_value(tree, hf_2008_1_dpp_rid_str, tvb, 0, 0, packet_data->receiver_sid, "%s", SID);
6801 }
6804 {
6823 {
6826 }
6829 }
6830 else
6835 /* We are allowed to be complete here if still negotiating. */
6836 /*if ( ! packet->negotiated && (offset == tvb_reported_length(tvb)) )
6837 {
6838 col_set_str( pinfo->cinfo, COL_INFO, "DPS Negotiation" );
6839 return 1;
6840 }*/
6844 {
6864 }
6867 {
6869 opid_tree = proto_tree_add_subtree(dpp_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Operation Identifier");
6870 }
6873 {
6878 {
6883 oid_tree = proto_tree_add_subtree(opid_tree, tvb, offset, 0, ett_2009_12_dpp_2_opid, NULL, "Source Identifier");
6891 /* Warn if Explicit SID could be optimized. */
6898 }
6900 /* FALL THROUGH */
6904 {
6909 /* Display the SID if known. */
6911 {
6914 tvbuff_t *next_tvb = tvb_new_child_real_data(tvb, packet_data->op.op_sid + 1, packet_data->op.op_sid[0], packet_data->op.op_sid[0]);
6915 oid_tree = proto_tree_add_subtree(opid_tree, tvb, 0, 0, ett_2009_12_dpp_2_opid, NULL, "Source Identifier");
6920 }
6923 pi = proto_tree_add_uint_format(opid_tree, hf_2009_12_dpp_2_1_opcnt, tvb, offset, opcnt_len, opcnt, "Operation Count: %u", opcnt);
6931 /* At this point we have a packet with an operation identifier. We need to
6932 * update the master list of operation identifiers, and do any checking that
6933 * we can in order to validate things.
6934 */
6936 {
6937 dof_packet_data *first = (dof_packet_data *)g_hash_table_lookup(dpp_opid_to_packet_data, (const void *) & packet_data->op);
6939 {
6940 /* First reference to this operation. */
6945 /* The first opid must be a command. */
6946 }
6947 else
6948 {
6949 /* Operation exists, time to patch things in. */
6955 {
6957 {
6960 }
6961 else
6962 {
6965 }
6966 }
6967 }
6968 }
6971 /* Add all the reference information to the tree. */
6973 {
6974 proto_tree *ophistory_tree = proto_tree_add_subtree(tree, tvb, 0, 0, ett_2009_12_dpp_2_opid_history, NULL, "Operation History");
7002 /* Determine the window start, then output the number of packets. Output the number of skipped packets before
7003 * and after.
7004 */
7005 {
7009 {
7017 {
7020 }
7021 }
7027 {
7031 {
7034 }
7036 /* (DPS Frame) [ws WS Frame]: (SID)->(RID): (THIS) (SUMMARY) */
7042 THIS,
7048 }
7049 }
7050 }
7051 }
7053 }
7057 {
7059 {
7064 /* Extract SEQ */
7066 {
7068 proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_seq, tvb, offset, 1, dpp_seq, "Sequence: %u", dpp_seq);
7070 }
7072 /* Extract Retry */
7074 {
7076 proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_retry, tvb, offset, 1, dpp_retry, "Retry: %u", dpp_retry);
7078 }
7080 /* Extract Delay */
7081 {
7086 proto_tree_add_uint_format(dpp_tree, hf_2009_12_dpp_2_1_delay, tvb, offset, 1, dpp_delay, "Delay: %u seconds", dpp_delay);
7088 }
7090 packet_data->summary = wmem_strdup_printf(wmem_file_scope(), "command seq %u, retry %u, delay %u", dpp_seq, dpp_retry, dpp_delay);
7091 }
7092 else
7094 }
7096 /* Extract session information. */
7098 {
7106 security_tree = proto_tree_add_subtree(dpp_tree, tvb, offset, -1, ett_2009_12_dpp_2_3_security, NULL, "Security Header");
7113 proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_secure, tvb, offset, 1, ENC_NA);
7115 proto_tree_add_item(sec_flags_tree, hf_2009_12_dpp_2_3_sec_flag_partition, tvb, offset, 1, ENC_NA);
7122 {
7127 pi = proto_tree_add_uint_format(security_tree, hf_2009_12_dpp_2_3_sec_ssid, tvb, s_offset, offset - s_offset, ssid, "Security State Identifier: %u (0x%x)", ssid, ssid);
7129 }
7131 /* At this point we know the transport information, DNP port information, and the
7132 * SSID. This means that we can isolate the session that this communication belongs
7133 * to. Note that all uses of an SSID are scoped by the transport.
7134 */
7139 {
7142 {
7147 }
7150 {
7153 }
7154 }
7157 {
7163 pi = proto_tree_add_uint_format(security_tree, hf_2009_12_dpp_2_3_sec_rdid, tvb, s_offset, offset - s_offset, rdid, "Remote Domain Identifier: %u (0x%x)", rdid, rdid);
7167 offset, hf_2009_12_dpp_2_3_sec_remote_partition, ett_2009_12_dpp_2_3_sec_remote_partition, NULL);
7168 }
7171 {
7174 }
7177 {
7178 /* If we get here without success, then we can only bail. */
7180 {
7184 {
7187 }
7190 }
7193 {
7197 }
7199 /* Security has not failed, and we have a security session. */
7200 {
7202 /* TODO: CCM is hardcoded. We should try all of the sessions, which could mean multiple security modes. */
7203 dissector_handle_t dp = dissector_get_uint_handle(sec_header, 0x6001); /* packet_data->security_session->security_mode); */
7205 {
7206 dof_secmode_api_data sdata;
7217 {
7221 }
7222 }
7223 }
7224 }
7226 }
7228 /* The end of the packet must be called in the original tvb or chaos ensues... */
7230 }
7234 {
7237 }
7239 /* Assuming there is more, it must be DPP. */
7240 /* We have a packet. We must handle the special case of this being *our* application
7241 * protocol (0x7FFF). If it is, then *we* are the dissector...
7242 */
7243 {
7249 {
7251 }
7252 else
7253 {
7255 }
7256 }
7257 }
7262 }
7264 static int dissect_options(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, void *data _U_)
7265 {
7267 {
7268 proto_tree *subtree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_2008_1_dsp_12_option, NULL, "Option");
7273 }
7276 }
7279 {
7291 {
7292 /* TODO: Output error. */
7294 }
7298 {
7299 /* TODO: Output error. */
7301 }
7303 /* Make entries in Protocol column and Info column on summary display */
7306 /* Create the protocol tree. */
7311 /* Add the APPID. */
7316 #if 0
7318 {
7323 else
7324 {
7327 {
7332 }
7333 }
7336 }
7337 #endif
7340 {
7345 }
7347 /* Determine the ESP opcode. */
7353 proto_tree_add_uint_format(dsp_tree, hf_2008_1_dsp_12_opcode, tvb, offset, 1, opcode, "Opcode: %s (%u)", val_to_str(opcode, strings_2008_1_dsp_opcodes, "Unknown Opcode (%d)"), opcode & 0x7F);
7355 col_append_sep_str(pinfo->cinfo, COL_INFO, "/", val_to_str(opcode, strings_2008_1_dsp_opcodes, "Unknown Opcode (%d)"));
7358 {
7364 {
7366 {
7374 }
7375 }
7388 /* This will start a session if not existing... */
7389 /* FALL THROUGH */
7392 {
7395 options_tree = proto_tree_add_subtree_format(dsp_tree, tvb, offset, length, ett_2008_1_dsp_12_options, NULL,
7398 }
7402 /* TODO: Handle reject. */
7407 /* Nothing */
7409 }
7412 }
7414 static int dissect_ccm_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
7415 {
7416 /* We are handed a buffer that starts with an option and our protocol id. Any options follow that. */
7423 /* Append description to the parent. */
7426 /* Compute the version and flags, masking off other bits. */
7446 }
7448 /**
7449 * This is the main entry point for the CCM dissector. It is always called from an DPS
7450 * dissector, and is always passed the dof_secmode_data structure.
7451 */
7453 {
7459 {
7461 }
7465 /* Based on the context of the request, handle the work. */
7467 {
7469 /* Parse off the initialization fields, and if necessary create the security mode state
7470 * that is being initialized. This is passed the DPS data, DPS session data, and Key Exchange Data.
7471 */
7472 {
7479 {
7480 /* We need to parse the initialization data. */
7491 /* TODO: Not sure that these are all right. */
7494 ccm_data->encrypted = key_data->security_mode_data[key_data->security_mode_data_length - 1] & 0x80;
7495 ccm_data->mac_len = (key_data->security_mode_data[key_data->security_mode_data_length - 1] & 0x07) * 2 + 2;
7500 {
7504 }
7509 }
7510 }
7513 {
7515 {
7521 }
7526 }
7528 /* This mode has a fixed size, so we can return here without parsing further. */
7530 }
7533 /* TODO validate C2 */
7537 /* Determine the period, and store the key. */
7538 {
7541 {
7542 gcry_cipher_hd_t ekey;
7545 }
7547 ccm_data->cipher_data_table = g_hash_table_new_full(g_direct_hash, g_direct_equal, NULL, dof_cipher_data_destroy);
7552 {
7557 }
7563 }
7566 }
7567 else
7568 {
7572 {
7573 gcry_cipher_hd_t ekey;
7576 }
7578 {
7583 }
7589 }
7594 }
7595 else
7596 {
7597 uint8_t *in_table = (uint8_t *)g_hash_table_lookup(ccm_data->cipher_data_table, GUINT_TO_POINTER(lookup));
7599 {
7600 gcry_cipher_hd_t ekey;
7603 }
7605 {
7610 }
7616 }
7621 }
7622 }
7623 }
7624 }
7627 }
7630 {
7632 dof_transport_session *transport_session = (dof_transport_session *)secmode_api_data->dof_api->transport_session;
7650 {
7652 {
7653 /* Find the first security data that is applicable - they are in order of packet sequence. */
7656 {
7664 }
7668 else
7669 {
7672 }
7673 }
7674 else
7675 {
7678 }
7679 }
7680 else
7681 {
7683 }
7686 {
7689 }
7694 /* Add a master header for this protocol. */
7717 {
7720 {
7724 {
7726 {
7730 else
7732 }
7733 else
7734 {
7738 else
7740 }
7741 }
7742 else
7743 {
7746 }
7747 }
7748 }
7754 {
7758 /* TODO: Do this right, as offset from BNID. */
7761 pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_nid, tvb, offset, nid_len, nid, "Node ID: %u", nid);
7764 }
7765 else
7766 {
7767 item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_nid, tvb, 0, 0, pdata->nid, "Node ID: %u", pdata->nid);
7769 }
7772 {
7776 pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_slot, tvb, offset, slot_len, slot, "Slot: %hu", slot);
7779 }
7780 else
7781 {
7784 }
7787 {
7791 pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_pn, tvb, offset, pn_len, pn, "Packet Number: %u", pn);
7795 }
7796 else
7797 {
7798 item = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_pn, tvb, 0, 0, pdata->dn, "Packet Number: %u", pdata->dn);
7800 }
7803 {
7807 pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_tnid, tvb, offset, tnid_len, tnid, "Target Node ID: %u", tnid);
7810 }
7813 {
7817 pi = proto_tree_add_uint_format(tree, hf_epp_v1_ccm_nnid, tvb, offset, nnid_len, nnid, "Next Node ID: %u", nnid);
7820 }
7825 {
7829 }
7831 /* We have reached the encryption boundary. At this point the rest of the packet
7832 * is encrypted, and we may or may not be able to decrypt it.
7833 *
7834 * If we can decrypt it (which for now means that it uses a Session Key of [0]
7835 * the we switch to decoding the decrypted PDU. Otherwise we create an entry
7836 * for the encrypted bytes and move on...
7837 */
7839 {
7846 /* The default nonce is a function of whether or not this is the server
7847 * or the client and the packet count. The packet count either comes from
7848 * the PDU or is a function of the previous value (of the sending node).
7849 */
7863 /* Now the hard part. We need to determine the current packet number.
7864 * This is a function of the sending node, the previous state and the
7865 * current PDU.
7866 */
7872 {
7873 /* There is still a MAC involved, and even though we don't need a new
7874 * buffer we need to adjust the length of the existing buffer.
7875 */
7879 }
7880 else
7881 {
7883 {
7884 /* No need to decrypt, but still need to create buffer. */
7885 app = tvb_new_real_data((const uint8_t *)dof_packet->decrypted_buffer, e_len - session->mac_len, e_len - session->mac_len);
7890 }
7891 else
7892 {
7894 {
7895 /* store decrypted buffer in file scope for reuse in next pass */
7904 }
7905 else
7906 {
7907 /* Failure to decrypt or validate the MAC.
7908 * The packet is secure, so there is nothing we can do!
7909 */
7911 }
7912 }
7913 }
7914 }
7917 }
7921 /* TODO check this case */
7924 }
7927 }
7929 static int dissect_ccm_app(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
7930 {
7939 /* Make entries in Protocol column and Info column on summary display */
7942 /* Create the protocol tree. */
7947 /* Add the APPID. */
7952 /* Retrieve the opcode. */
7955 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, ccm_opcode_strings, "Unknown Opcode (%d)"));
7958 {
7959 /* Opcode */
7965 {
7967 {
7968 }
7971 }
7972 #endif
7973 }
7976 }
7979 static int dissect_ccm_validate(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data)
7980 {
7992 {
7995 }
7999 {
8002 }
8005 {
8008 }
8011 {
8014 }
8018 /* The buffer we have been passed includes the entire EPP frame. The packet
8019 * structure gives us the offset to our header.
8020 */
8026 /* TODO validate the C2 and C4 fields below? */
8040 /* We have reached the encryption boundary. At this point the rest of the packet
8041 * is encrypted, and we may or may not be able to decrypt it.
8042 *
8043 * If we can decrypt it (which for now means that it uses a Session Key of [0]
8044 * the we switch to decoding the decrypted PDU. Otherwise we create an entry
8045 * for the encrypted bytes and move on...
8046 */
8048 {
8055 /* The default nonce is a function of whether or not this is the server
8056 * or the client and the packet count. The packet count either comes from
8057 * the PDU or is a function of the previous value (of the sending node).
8058 */
8075 /* Now the hard part. We need to determine the current packet number.
8076 * This is a function of the sending node, the previous state and the
8077 * current PDU.
8078 */
8082 /* TODO: This is hardcoded for a 4-byte MAC */
8085 if (decrypt(session, (ccm_packet_data *)packet->security_packet, nonce, epp_buf, a_len, buf, e_len))
8086 {
8089 }
8090 else
8091 {
8092 /* Failure to decrypt or validate the MAC.
8093 * The packet is secure, so there is nothing we can do!
8094 */
8097 }
8098 }
8099 }
8100 #endif
8102 static int dissect_oap_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
8103 {
8104 /* We are handed a buffer that starts with our protocol id. Any options follow that. */
8107 /* We don't care except for the treeview. */
8111 /* Compute the version and flags, masking off other bits. */
8116 }
8119 {
8136 {
8138 }
8142 {
8144 }
8147 /* Make entries in Protocol column and Info column on summary display */
8150 /* Create the protocol tree. */
8155 /* Add the APPID. */
8161 {
8166 }
8170 {
8173 }
8175 /* Compute the version and flags, masking off other bits. */
8182 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, oap_opcode_strings, "Unknown Opcode (%d)"));
8185 /* Opcode */
8186 {
8194 /* read the bits for the int */
8196 {
8200 bit++;
8204 else
8208 }
8210 proto_tree_add_uint_format(oap_tree, hf_oap_1_opcode, tvb, offset, 1, opcode & 0x1F, "%s = Opcode: %s (%u)", str, val_to_str(opcode, oap_opcode_strings, "Unknown Opcode (%d)"), opcode & 0x1F);
8211 }
8214 /* Flags, based on opcode.
8215 * Each opcode needs to define the flags, however, the fall into major categories...
8216 */
8218 {
8219 /* Both alias and a flag that equals command control. */
8232 {
8235 }
8236 else
8241 /* No alias, but flags for command control. */
8243 /* TODO: Expert info on top two bits.*/
8246 {
8248 }
8249 else
8254 /* No alias, but flag for provider. */
8260 /* TODO: Expert info on top two bits.*/
8263 {
8267 }
8268 else
8271 {
8274 }
8278 /* Alias, but no flags. */
8287 /* Special flags. */
8295 /* No flags. */
8299 /* TODO: Non-zero not allowed.*/
8304 /* TODO: Illegal opcode.*/
8306 }
8308 /* Parse off arguments based on opcodes. */
8310 {
8312 {
8317 /* The item identifier comes first, but it is compressed. */
8318 {
8323 pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id);
8326 }
8329 {
8331 {
8334 }
8335 offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_len, true);
8336 }
8337 else
8340 /* Read the minimum delta. */
8341 {
8347 pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_subscription_delta, tvb, offset, delta_len, delta, "Minimum Delta: %u", delta);
8350 }
8351 }
8355 {
8360 /* The item identifier comes first, but it is compressed. */
8361 {
8366 pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id);
8369 }
8372 {
8374 {
8377 }
8378 offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_len, true);
8379 }
8380 else
8382 }
8386 {
8388 {
8389 /* offset = add_oid( tvb, offset, NULL, oap_tree ); */
8390 }
8392 /* Sequence is next. */
8395 }
8402 {
8408 {
8410 {
8413 }
8414 offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_len, true);
8415 }
8416 else
8418 }
8428 {
8433 /* The item identifier comes first, but it is compressed. */
8434 {
8439 pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id);
8442 }
8445 {
8447 {
8450 }
8451 offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_len, true);
8452 }
8453 else
8457 {
8460 }
8461 }
8465 {
8471 {
8473 {
8476 }
8477 offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_len, true);
8478 }
8479 else
8486 }
8490 {
8501 {
8504 }
8506 {
8509 }
8510 offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_length, false);
8520 {
8539 }
8540 }
8545 {
8550 /* The item identifier comes first, but it is compressed. */
8551 {
8556 pi = proto_tree_add_uint_format(oap_tree, hf_oap_1_itemid, tvb, offset, item_id_len, item_id, "Item ID: %u", item_id);
8559 }
8562 {
8564 {
8567 }
8568 offset = oap_1_tree_add_alias(api_data, oap_packet, packet_data, oap_tree, tvb, pinfo, offset, alias_len, true);
8569 }
8570 else
8573 /* Sequence is next. */
8579 }
8583 {
8585 {
8586 /* offset = add_oid( tvb, offset, NULL, oap_tree );*/
8587 }
8589 /* The response code, compressed. */
8590 {
8594 /* TODO: Validate*/
8596 /* TODO: Add to tree with error codes. */
8598 }
8601 }
8605 /* TODO: Bad opcode!*/
8607 }
8610 }
8613 {
8624 {
8625 /* TODO: Output error. */
8627 }
8631 {
8632 /* TODO: Output error. */
8634 }
8636 /* Make entries in Protocol column and Info column on summary display */
8639 /* Create the protocol tree. */
8644 /* Add the APPID. */
8650 {
8655 }
8658 /* Retrieve the opcode. */
8663 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, sgmp_opcode_strings, "Unknown Opcode (%d)"));
8665 /* Opcode */
8670 {
8672 {
8673 /* TMIN - 2 bytes */
8674 {
8677 }
8679 /* EPOCH - 2 bytes */
8680 {
8683 }
8684 }
8688 {
8691 /* Latest SGMP Version - Type.1 */
8692 {
8699 pi = proto_tree_add_uint(sgmp_tree, hf_latest_version, tvb, start_offset, offset - start_offset, version);
8701 }
8703 /* Desire - 1 byte */
8704 {
8707 }
8709 /* Tie Breaker - 4 bytes */
8710 {
8713 }
8714 }
8720 {
8724 #endif
8727 /* Delay - one byte */
8729 {
8732 }
8734 /* Initial State - Security.9 (not REKEY_MERGE) */
8735 {
8740 #endif
8741 }
8743 /* Epoch - 2 bytes (only REKEY_EPOCH) */
8745 {
8748 }
8750 /* Kgm - 32 bytes */
8751 {
8755 }
8757 /* Handle the initialization block. */
8759 {
8760 /*dof_session_data* session = (dof_session_data*)api_data->session;*/
8762 /* Look up the field-dissector table, and determine if it is registered. */
8765 {
8766 #if 0
8767 dissector_handle_t field_handle = dissector_get_port_handle(field_dissector, packet_data->security_mode);
8769 {
8771 dof_secmode_api_data setup_data;
8778 /* TODO FIX THIS setup_data.session_key = session_key; */
8782 }
8783 #endif
8784 }
8785 }
8786 }
8790 {
8798 /* START OF I BLOCK */
8799 /* Domain - Security.7 */
8800 {
8805 {
8809 }
8810 }
8812 /* Epoch - 2 bytes */
8813 {
8817 }
8819 /* Initiator Block - SGMP.6.3 */
8820 {
8821 /* SGMP Key Request - Security.4 */
8822 {
8823 dof_2008_16_security_4 response;
8827 {
8832 /* Get the buffer. */
8835 {
8849 }
8850 }
8851 }
8852 }
8854 /* Security Scope - Security.10 */
8855 {
8858 }
8860 /* END OF I BLOCK */
8862 {
8866 }
8867 }
8871 {
8877 #endif
8879 /* START OF A BLOCK */
8880 /* Initial State - SGMP.6.2.1 */
8881 {
8882 /* A_offset = offset;*/
8884 /* Initial State - Security.9 */
8885 {
8890 #endif
8891 }
8893 /* Latest SGMP Version - Type.1 */
8894 {
8901 pi = proto_tree_add_uint(sgmp_tree, hf_latest_version, tvb, start_offset, offset - start_offset, version);
8903 }
8905 /* Desire - 1 byte */
8906 {
8909 }
8910 }
8912 /* END OF A BLOCK */
8913 /* A block data handled in first part of the next block. */
8916 #endif
8918 /* Ticket - Security.5 */
8919 {
8922 }
8924 /* Try to match up the information learned here with any groups that exist.
8925 * Note that we do not know the SSID, and so we can only match based on the
8926 * domain and group identifier. We will learn the SSID based on a successful
8927 * match to a secure session.
8928 */
8930 {
8931 #if 0
8932 sgmp_packet_data* cmd_data = (sgmp_packet_data*)dof_packet_get_proto_data(packet_data->opid_first, proto_sgmp);
8938 {
8942 }
8944 /* Search through the appropriate keks to find a match. */
8945 {
8948 struct list
8959 {
8964 {
8969 }
8972 }
8974 /* At this point we may be able to learn the session key. */
8976 {
8982 {
8987 /* It only makes sense to check matching epochs. */
8989 {
8994 {
8998 }
9004 {
9008 }
9009 }
9012 }
9015 }
9017 /* Determine if there is already a secure session for this information. If there is, then
9018 * EPP will find it to decode any packets. If there is not, then we must create a secure
9019 * session and initialize it so that future packets can be decoded.
9020 * NOTE: None of the actual decoding is done here, because this packet is not encrypted
9021 * in the session that it defines.
9022 * NOTE: SGMP secure sessions are always attached to the DPS session, which is always
9023 * associated with the transport session (server address).
9024 */
9026 {
9027 dissector_table_t field_dissector;
9028 dissector_handle_t field_handle;
9033 {
9040 }
9043 {
9057 }
9059 /* This packet represents a new key exchange, and so a new key exchange data
9060 * structure needs to be created.
9061 */
9062 {
9074 /* Insert the new key information at the front of the list. */
9077 else
9081 }
9083 /* Look up the field-dissector table, and determine if it is registered. */
9086 {
9089 {
9090 dof_secmode_api_data setup_data;
9100 }
9101 }
9102 }
9103 }
9104 #endif
9105 }
9106 }
9111 }
9114 }
9116 static bool validate_session_key(tep_rekey_data *rekey, unsigned S_length, uint8_t *S, uint8_t *confirmation, uint8_t *key)
9117 {
9119 gcry_mac_hd_t hmac;
9120 gcry_error_t result;
9136 }
9138 static int dissect_tep_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
9139 {
9140 /* We are handed a buffer that starts with our protocol id. Any options follow that. */
9143 /* We don't care except for the treeview. */
9147 /* Compute the version and flags, masking off other bits. */
9152 }
9154 static int dissect_2008_4_tep_2_2_1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, uint32_t *ssid, void *data)
9155 {
9162 {
9163 /* TODO: Output error. */
9165 }
9169 {
9170 /* TODO: Output error. */
9172 }
9174 /* State Identifier - Only if Unsecured */
9176 {
9181 pi = proto_tree_add_uint(tree, hf_tep_2_2_1_state_identifier, tvb, start, offset - start, *ssid);
9183 }
9185 /* Initial State */
9186 {
9194 }
9197 }
9199 /**
9200 * This is the main entry point for the CCM dissector.
9201 * TEP operations create security periods.
9202 * They can also create sessions when used with "None" sessions.
9203 * In any case, these PDUs need to pass information between
9204 * them.
9205 * They also must maintain state for each rekey request, some of
9206 * which modify the session key, some of which create new
9207 * sessions, and others that determine new session information
9208 * like permission sets.
9209 *
9210 * In order to store information appropriately, the following structures are
9211 * used:
9212 * 1. api_data (dof_api_data*) source for all other state.
9213 * 2. packet (dof_packet_data*) dps packet information.
9214 * 3. rekey_data (tep_rekey_data*) tep information for rekey/accept/confirm.
9215 */
9217 {
9230 {
9231 /* TODO: Output error. */
9233 }
9237 {
9238 /* TODO: Output error. */
9240 }
9242 /* Make entries in Protocol column and Info column on summary display */
9245 /* Create the protocol tree. */
9250 /* Add the APPID. */
9255 /* Check for empty packet. */
9257 {
9262 }
9264 /* Retrieve the opcode. */
9269 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(operation, tep_opcode_strings, "Unknown Opcode (%d)"));
9271 ti = proto_tree_add_uint_format(tep_tree, hf_tep_operation, tvb, offset, 1, operation, "Operation: %s (%u)", val_to_str(operation, tep_opcode_strings, "Unknown Opcode (%d)"), operation);
9277 /* The flags are reserved except for OPCODE=1 & COMMAND */
9279 {
9282 }
9288 {
9290 /* The K bit must be set, so there is a domain ONLY IF NOT SECURED. */
9292 /* Remember the current request. */
9295 {
9297 }
9302 /* The K bit must be set, so there is a domain ONLY IF NOT SECURED. */
9304 {
9311 {
9315 /* Get the buffer. */
9317 }
9318 }
9319 else
9320 {
9321 /* The domain is not present, but this is a secure packet and so the domain can be obtained
9322 * through the session.
9323 */
9325 {
9328 }
9329 }
9331 /* FALL THROUGH */
9335 /* Remember the current request. */
9338 {
9340 {
9341 /* TODO: Output error. */
9343 }
9347 }
9349 /* The C bit must be clear, so there is an Initiator Block. */
9350 {
9351 dof_2008_16_security_6_1 response;
9355 {
9364 rekey_data->i_identity = (uint8_t *)wmem_alloc0(wmem_file_scope(), rekey_data->i_identity_length);
9370 }
9371 }
9375 {
9381 {
9389 {
9390 /* TODO: Print error */
9392 }
9398 /* Initiator Ticket */
9399 {
9408 {
9411 /* Produce a (possibly empty) list of potential keys based on our
9412 * initiator secrets based on identity. These will be validated
9413 * later on.
9414 */
9416 {
9418 gcry_cipher_hd_t rijndael_handle;
9436 }
9438 }
9443 /* Add the key to the list - ep memory. */
9444 {
9450 }
9451 }
9452 }
9453 }
9455 /* Ticket Confirmation */
9456 {
9461 }
9463 /* Add a field to show the session key that has been learned. */
9465 {
9466 ti = proto_tree_add_bytes_with_length(tree, hf_tep_session_key, tvb, 0, 0, rekey_data->key_data->session_key, 32);
9468 }
9470 /* Responder Initialization - present based on whether the command was a rekey */
9471 {
9474 {
9477 ti = proto_tree_add_item(tep_tree, hf_tep_2_2_responder_initialization, tvb, offset, 0, ENC_NA);
9484 {
9488 }
9490 /* TEP can create new sessions when not used inside an existing secure
9491 * session. Each session can use an SSID, present in TEP.2.2.1.
9492 * Note that in this case there may be no existing session, and so
9493 * we need to "backpedal" and create one.
9494 */
9496 {
9497 #if 0
9499 tep_session = (tep_session_data*)dof_session_get_proto_data((dof_session_data*)api_data->session, proto_tep);
9501 {
9504 }
9508 #endif
9509 }
9510 }
9511 }
9513 /* Responder Block */
9514 {
9515 dof_2008_16_security_6_2 response;
9519 {
9528 rekey_data->r_identity = (uint8_t *)wmem_alloc0(wmem_file_scope(), rekey_data->r_identity_length);
9530 }
9531 }
9533 /* Authentication Initialization */
9534 {
9536 offset, hf_tep_2_2_authenticator_initialization, ett_tep_2_2_authenticator_initialization, NULL);
9537 }
9540 /* The request was accepted, and so a new secure session exists. We define the session,
9541 * add it to the list of secure sessions for the unsecure session, and EPP will do the
9542 * rest.
9543 */
9545 {
9546 /* This triggers the creation of the corresponding secure DPS session if it is not already
9547 * created. This allows information to be stored in that session even though no packets
9548 * have used it yet. There is a problem, however, because at this point we do not know
9549 * the SSID that (may) be associated with this session.
9550 */
9551 {
9556 {
9557 /* Determine matching session. The session list already is scoped by transport and DPS
9558 * session, so the only thing remaining is the domain and secure session ID.
9559 */
9566 }
9569 {
9586 else
9590 }
9591 }
9592 }
9594 /* This PDU indicates the beginning of security for the responder. The next PDU
9595 * sent will be encrypted with these settings. This means that we must determine
9596 * the security settings and set them in the session.
9597 */
9599 {
9603 /* We have everything that we need. Determine the session secret if we can. */
9605 /* Check any keys determined above by initiator identity. */
9607 {
9608 if (validate_session_key(rekey_data, S_length, S, confirmation, identity_key_list->session_key))
9609 {
9612 }
9615 }
9617 /* For each key in the global configuration, see if we can validate the confirmation. */
9619 {
9620 if (validate_session_key(rekey_data, S_length, S, confirmation, globals.global_security->session_key[i].session_key))
9622 }
9625 /* Whether or not this can be decrypted, the security mode information
9626 * should be kept with the session.
9627 */
9628 {
9637 {
9638 /* Look up the field-dissector table, and determine if it is registered. */
9641 {
9642 dissector_handle_t field_handle = dissector_get_uint_handle(field_dissector, rekey_data->key_data->security_mode);
9644 {
9645 dof_secmode_api_data setup_data;
9654 }
9655 }
9656 }
9657 }
9658 }
9659 }
9663 {
9664 /* C is set, K is clear. */
9665 /* Ticket Confirmation */
9669 if (!packet->processed && api_data->session && packet->opid_first && packet->opid_first->opid_data)
9670 {
9676 /* TODO: Error if not found or if already set. */
9679 }
9680 }
9688 {
9689 /* Error Code */
9693 /* Error Description */
9696 }
9701 }
9703 }
9705 static int dissect_trp_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
9706 {
9707 /* We are handed a buffer that starts with our protocol id. Any options follow that. */
9710 /* We don't care except for the treeview. */
9714 /* Compute the version and flags, masking off other bits. */
9719 }
9722 {
9733 /* Make entries in Protocol column and Info column on summary display */
9736 /* Create the protocol tree. */
9741 /* Add the APPID. */
9747 {
9750 }
9754 {
9757 }
9762 {
9767 }
9769 /* Retrieve the opcode. */
9774 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", val_to_str(opcode, trp_opcode_strings, "Unknown Opcode (%d)"));
9776 /* Opcode */
9777 ti = proto_tree_add_uint_format(trp_tree, hf_trp_opcode, tvb, offset, 1, opcode & 0x7F, "Opcode: %s (%u)", val_to_str(opcode, trp_opcode_strings, "Unknown Opcode (%d)"), opcode & 0x7F);
9781 {
9783 {
9784 /* Error Code */
9787 }
9791 {
9797 {
9799 }
9801 /* Domain - Security.7 */
9803 offset = dof_dissect_pdu_as_field(dissect_2008_16_security_7, tvb, pinfo, trp_tree, offset, hf_domain, ett_domain, NULL);
9805 {
9809 }
9811 /* Initiator Block - TRP.4.1.1 */
9812 {
9813 dof_2008_16_security_4 response;
9818 /* Initiator Key Request - Security.4 */
9822 {
9828 /* Get the buffer. */
9831 /* Check to see if there is a matching identity. */
9833 {
9842 {
9855 }
9856 }
9857 }
9859 /* Group Identifier - Security.8 */
9860 {
9866 {
9870 }
9871 }
9874 {
9875 /* We need to store the entire block_I for later use. */
9877 trp_pkt_data->block_I = (uint8_t *)wmem_alloc0(wmem_file_scope(), trp_pkt_data->block_I_length);
9879 }
9880 }
9881 }
9885 {
9894 {
9896 }
9898 /* Initiator Ticket - Security.5 */
9902 /* Initialization Block - TRP.4.2.1 */
9903 /* A BLOCK */
9904 {
9907 /* THB */
9908 {
9911 }
9913 /* TMIN */
9914 {
9917 }
9919 /* TMAX */
9920 {
9923 }
9925 /* Epoch */
9926 {
9929 }
9931 /* SIDg - Type.4 */
9932 {
9935 }
9937 /* Initiator Node Security Scope - Security.10 */
9938 {
9941 }
9943 /* Security Mode - Security.13 */
9944 {
9949 {
9953 }
9954 }
9956 /* State Identifier - Type.3 */
9957 {
9963 pi = proto_tree_add_uint_format(trp_tree, hf_ssid, tvb, s_offset, offset - s_offset, ssid, "SSID: %u", ssid);
9965 }
9967 /* PG - Security.2 */
9971 /* Group Validation - Security.11 */
9975 /* Initiator Validation - Security.11 */
9982 }
9984 /* Determine the KEK, if possible. This requires that either the initiator node's secret
9985 * is known or that the group has been configured. In either case this requires knowledge
9986 * from the matching command, including the domain, identity, and group information.
9987 */
9989 {
9990 #if 0
9991 trp_packet_data* cmd_data = (trp_packet_data*)dof_packet_get_proto_data(packet_data->opid_first, proto_trp);
10000 {
10007 {
10011 }
10016 {
10017 OALSecureHMACContext ctx;
10018 OALSecureHMACDigest digest;
10029 {
10033 /* The KEK has been discovered, flag this for output on the PDU. */
10035 {
10038 }
10043 {
10052 }
10055 {
10064 }
10069 {
10074 }
10077 {
10092 }
10093 }
10094 }
10095 }
10096 #endif
10097 }
10098 }
10102 {
10108 {
10110 }
10112 /* Domain - Security.7 */
10117 {
10121 }
10123 /* Initiator Block - TRP.6.1.1 */
10124 {
10125 dof_2008_16_security_4 response;
10130 /* Initiator Key Request - Security.4 */
10134 {
10140 /* Get the buffer. */
10143 /* Check to see if there is a matching identity. */
10145 {
10154 {
10167 }
10168 }
10169 }
10172 {
10173 /* We need to store the entire block_I for later use. */
10175 trp_pkt_data->block_I = (uint8_t *)wmem_alloc0(wmem_file_scope(), trp_pkt_data->block_I_length);
10177 }
10178 }
10179 }
10183 {
10184 /* Initiator Ticket - Security.5 */
10187 }
10191 {
10197 {
10199 }
10201 /* Domain - Security.7 */
10206 {
10210 }
10212 /* Initiator Block - TRP.5.1.1 */
10213 {
10214 dof_2008_16_security_4 response;
10219 /* Initiator Duration Request */
10223 /* Initiator Key Request - Security.4 */
10227 {
10233 /* Get the buffer. */
10236 /* Check to see if there is a matching identity. */
10238 {
10247 {
10260 }
10261 }
10262 }
10264 /* Node - Security.8 */
10265 {
10271 {
10275 }
10276 }
10279 {
10280 /* We need to store the entire block_I for later use. */
10282 trp_pk_data->block_I = (uint8_t *)wmem_alloc0(wmem_file_scope(), trp_pk_data->block_I_length);
10284 }
10285 }
10286 }
10290 {
10295 /* Initiator Ticket - Security.5 */
10299 /* Initialization Block - TRP.5.2.1 */
10300 /* A BLOCK */
10301 {
10304 /* Initiator Duration Request */
10308 /* Initiator Node Security Scope - Security.10 */
10309 {
10312 }
10314 /* Validation - Security.11 */
10321 }
10322 }
10326 {
10331 /* Domain - Security.7 */
10336 {
10340 }
10342 /* Identity Resolution - Security.3.2 */
10345 }
10349 {
10350 /* Identity Resolution - Security.3.2 */
10353 }
10357 {
10363 {
10365 }
10367 /* Domain - Security.7 */
10372 {
10376 }
10378 /* Responder Block - Security.6.2 */
10382 /* Initiator Block - Security.6.1 */
10385 }
10389 {
10394 /* Responder Ticket - Security.5 */
10398 /* Initiator Ticket - Security.5 */
10403 /* Initialization Block - Security.6.3 */
10404 /* A BLOCK */
10405 {
10414 }
10415 }
10419 {
10422 /* Domain - Security.7 */
10430 }
10434 {
10437 }
10439 }
10442 }
10444 /* Initialize Core Tunnel Functionality */
10446 {
10448 {
10451 },
10454 },
10455 };
10459 };
10465 register_dissector_with_description("dof.tunnel", TUNNEL_PROTOCOL_STACK, dissect_tunnel_common, proto_2012_1_tunnel);
10466 dof_tun_app_dissectors = register_dissector_table("dof.tunnel.app", "DOF Tunnel Version", proto_2012_1_tunnel, FT_UINT8, BASE_DEC);
10467 }
10470 {
10471 }
10474 {
10475 }
10477 /* The registration hand-off routine */
10479 {
10482 register_dissector_with_description("dof.app", TUNNEL_APPLICATION_PROTOCOL, dissect_tun_app_common, proto_2008_1_app);
10487 }
10489 /* Main DOF Registration Support */
10492 {
10504 /* Reset the packet counter. */
10507 /* Load the template values for different groups. */
10508 {
10515 {
10521 }
10522 }
10524 /* Load the template values for different secrets. */
10525 {
10529 /* Clear existing. */
10531 {
10534 }
10543 {
10547 }
10548 }
10550 /* Load the template values for different identities. */
10551 {
10555 /* Clear existing. */
10557 {
10562 }
10571 {
10577 {
10579 }
10580 else
10581 {
10585 }
10588 {
10589 parse_hex_string(list[i].identity, &(identity_data->identity), &(identity_data->identity_length));
10590 }
10591 else
10592 {
10596 }
10599 }
10600 }
10601 }
10604 {
10607 /* Clear existing. */
10609 {
10614 }
10620 }
10622 /**
10623 * Initialize Core DPS Functionality
10624 */
10626 {
10628 {
10630 { "Permission Type", "dof.2008.16.security.1.desired-duration", FT_UINT16, BASE_DEC, VALS(dof_2008_16_permission_type), 0, NULL, HFILL } },
10638 /* Security.2 */
10643 { "Permission", "dof.2008.16.security.2.permission", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
10645 /* Security.3.1 */
10647 { "Credential Type", "dof.2008.16.security.3.1.credential_type", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },
10653 { "Security Node Identifier", "dof.2008.16.security.3.1.security_node_identifier", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
10655 /* Security 3.2 */
10657 { "Credential Type", "dof.2008.16.security.3.2.credential_type", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
10666 { "Public Data", "dof.2008.16.security.3.2.public_data", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
10668 /* Security.4 */
10679 { "Identity", "dof.2008.16.security.4.identity", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
10685 { "Permission Set", "dof.2008.16.security.4.permission_set", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
10687 /* Security.5 */
10694 /* Security.6.1 */
10696 { "Desired Duration", "dof.2008.16.security.6.1.desired_duration", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
10699 { "Desired Security Mode", "dof.2008.16.security.6.1.desired_security_mode", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
10702 { "Initiator Request", "dof.2008.16.security.6.1.initiator_request", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
10704 /* Security.6.2 */
10706 { "Responder Request", "dof.2008.16.security.6.2.responder_request", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
10708 /* Security.6.3 */
10710 { "Granted Duration", "dof.2008.16.security.6.3.granted_duration", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
10713 { "Session Security Scope", "dof.2008.16.security.6.3.session_security_scope", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
10716 { "Initiator Validation", "dof.2008.16.security.6.3.initiator_validation", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
10719 { "Responder Validation", "dof.2008.16.security.6.3.responder_validation", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
10721 /* Security.9 */
10726 { "Initial State", "dof.2008.16.security.9.initial_state", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
10728 /* Security.10 */
10733 { "Permission Group Identifier", "dof.2008.16.security.10.permission_group_identifier", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
10735 /* Security.11 */
10740 { "Permission Security Scope", "dof.2008.16.security.11.permission_security_scope", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL } },
10742 /* Security.12 */
10744 { "M", "dof.2008.16.security.12.m", FT_UINT8, BASE_DEC, VALS(dof_2008_16_security_12_m), 0xC0, NULL, HFILL } },
10750 { "Permission Group Identifier", "dof.2008.16.security.12.permission_group_identifier", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
10753 { "Transport Session", "dof.transport_session", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
10754 },
10757 },
10760 },
10763 },
10766 },
10768 { "DPS Is From Client", "dof.is_from_client", FT_BOOLEAN, BASE_NONE, NULL, 0x00, NULL, HFILL }
10769 }
10770 };
10773 /* Security.2 */
10777 /* Security.11 */
10792 };
10795 {
10796 #if 0
10797 { &ei_undecoded, { "dof.undecoded", PI_UNDECODED, PI_WARN, "DOF: Some protocol octets were not decoded", EXPFILL } },
10798 #endif
10800 { &ei_implicit_no_op, { "dof.implicit_no_op", PI_PROTOCOL, PI_COMMENT, "Implicit No-op", EXPFILL } },
10801 { &ei_c2_c3_c4_format, { "dof.c2_c3_c4_format", PI_MALFORMED, PI_WARN, "DOF: Cx IE format", EXPFILL } },
10802 { &ei_security_3_1_invalid_stage, { "dof.security.3.1.invalid_stage", PI_MALFORMED, PI_ERROR, "DPS: Security.3.1: Stage invalid.", EXPFILL } },
10803 { &ei_security_4_invalid_bit, { "dof.security.4.invalid_bit", PI_MALFORMED, PI_WARN, "DPS: Security.4: Reserved bit set.", EXPFILL } },
10804 { &ei_security_13_out_of_range, { "dof.security.13.out_of_range", PI_MALFORMED, PI_ERROR, "DPS: Security.13: Attribute Data out of range.", EXPFILL } },
10805 };
10807 /* Security mode of operation templates. */
10809 UAT_FLD_CSTRING(secmode_list, domain, "Domain", "The domain, coded as hex digits of PDU Security.7."),
10810 UAT_FLD_CSTRING(secmode_list, identity, "Group ID", "The group identifier, coded as hex digits of PDU Security.8."),
10811 UAT_FLD_CSTRING(secmode_list, kek, "KEK", "The KEK, coded as hex digits representing the KEK (256-bit)."),
10812 UAT_END_FIELDS
10813 };
10815 /* Security keys. */
10817 UAT_FLD_CSTRING(seckey_list, key, "Session Key", "The session key to try to use, coded as hex digits representing the key (256-bit)."),
10818 UAT_END_FIELDS
10819 };
10821 /* Identity secrets. */
10823 UAT_FLD_CSTRING(identsecret_list, domain, "Domain", "The domain, coded as hex digits of PDU Security.7."),
10824 UAT_FLD_CSTRING(identsecret_list, identity, "Identity", "The group identifier, coded as hex digits of PDU Security.8."),
10825 UAT_FLD_CSTRING_OTHER(identsecret_list, secret, "Secret", identsecret_chk_cb, "The resolved secret for a given identity, coded as hex digits representing the secret (256-bit)."),
10826 UAT_END_FIELDS
10827 };
10835 dsp_option_dissectors = register_dissector_table("dof.dsp.options", "DSP Protocol Options", proto_2008_1_dsp, FT_UINT32, BASE_DEC);
10836 dof_sec_dissectors = register_dissector_table("dof.secmode", "DOF Security Mode of Operation", proto_2008_1_dof, FT_UINT16, BASE_DEC);
10837 register_dissector_table("dof.2008.1", "DOF Common PDU", proto_2008_1_dof, FT_STRING, BASE_DEC);
10841 proto_2008_1_dof_tcp = proto_register_protocol(DOF_PROTOCOL_STACK" TCP", "DOF-TCP", "dof-tcp");
10842 proto_2008_1_dof_udp = proto_register_protocol(DOF_PROTOCOL_STACK" UDP", "DOF-UDP", "dof-udp");
10858 NULL,
10859 secmode_list_copy_cb,
10860 secmode_list_update_cb,
10861 secmode_list_free_cb,
10862 secmode_list_post_update_cb,
10863 NULL,
10864 secmode_uat_fields
10865 );
10874 NULL,
10875 seckey_list_copy_cb,
10876 seckey_list_update_cb,
10877 seckey_list_free_cb,
10878 seckey_list_post_update_cb,
10879 NULL,
10880 seckey_uat_fields
10881 );
10890 NULL,
10891 identsecret_list_copy_cb,
10892 identsecret_list_update_cb,
10893 identsecret_list_free_cb,
10894 identsecret_list_post_update_cb,
10895 NULL,
10896 identsecret_uat_fields
10897 );
10901 "Specifies that decryption should be attempted on all packets, even if the session initialization wasn't captured.",
10906 "Specifies that operations should be tracked across multiple packets, providing summary lists. This takes time and memory.",
10914 prefs_register_static_text_preference(dof_module, "name4567", "The following are tables not preferences.", "These tables are not controlled by OK, Apply, and Cancel of this dialog.");
10916 prefs_register_uat_preference(dof_module, "custom_dof_secmode_list", "DPS Security Mode Templates",
10917 "A table of security modes and initialization data that will be tried if no security mode is found.",
10918 secmode_uat);
10922 seckey_uat);
10924 prefs_register_uat_preference(dof_module, "custom_dof_identsecret_list", "DPS Identity Secrets",
10926 identsecret_uat);
10927 }
10930 {
10933 dof_oid_handle = register_dissector_with_description("dof.oid", DOF_OBJECT_IDENTIFIER, dissect_2009_11_type_4, oid_proto);
10939 dissector_add_uint_range_with_preference("udp.port", DOF_NEG_SEC_UDP_PORT_RANGE, dof_udp_handle);
10940 }
10942 /* OID Registration Support */
10945 {
10946 }
10949 {
10950 }
10952 /* Initialize OID */
10954 {
10957 { "Class", "dof.oid.class", FT_UINT32, BASE_DEC, NULL, 0, "DPS Object Identifier Class", HFILL }
10958 },
10961 },
10964 },
10967 },
10970 },
10973 },
10976 },
10979 },
10982 },
10985 },
10988 },
10991 },
10992 };
11000 };
11003 {
11004 { &ei_type_4_header_zero, { "dof.oid.header_zero", PI_MALFORMED, PI_ERROR, "DOF Violation: Type.4: Header bit mandated 0.", EXPFILL } },
11005 };
11008 {
11016 }
11017 }
11020 {
11021 }
11023 /* DNP Registration Support */
11026 {
11035 }
11038 {
11052 }
11055 {
11056 dof_ns_session_lookup = g_hash_table_new_full(dof_ns_session_key_hash_fn, dof_ns_session_key_equal_fn, g_free, NULL);
11057 }
11060 {
11063 }
11066 {
11068 {
11071 },
11074 },
11075 };
11078 {
11079 proto_2008_1_dnp_0 = proto_register_protocol(DOF_NETWORK_PROTOCOL " V0", "DPS.DNP.V0", "dof.dnp.v0");
11082 }
11083 }
11085 /**
11086 * The registration hand-off routine
11087 */
11089 {
11090 dissector_handle_t dnp_handle;
11094 }
11097 {
11101 {
11104 },
11106 { "Length Size", "dof.2009_9.dnp_1.flags.lengthsize", FT_UINT8, BASE_DEC, NULL, 0x03, NULL, HFILL }
11107 },
11109 { "Source Port", "dof.2009_9.dnp_1.flags.srcport", FT_UINT8, BASE_DEC, NULL, 0x04, NULL, HFILL }
11110 },
11112 { "Destination Port", "dof.2009_9.dnp_1.flags.dstport", FT_UINT8, BASE_DEC, NULL, 0x08, NULL, HFILL }
11113 },
11117 },
11120 },
11122 { "Destination Port", "dof.2009_9.dnp_1.dstport", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }
11123 },
11124 };
11127 {
11129 };
11132 {
11133 { &ei_dof_10_flags_zero, { "dof.dnp.v1.flags_zero", PI_UNDECODED, PI_ERROR, "DPS-10: Reserved flag bits must be zero.", EXPFILL } },
11134 #if 0
11135 { &ei_dof_13_length_specified, { "dof.dnp.v1.length_specified", PI_UNDECODED, PI_ERROR, "DPS-13: Length must be specified on a connection.", EXPFILL } },
11136 #endif
11137 };
11140 {
11141 proto_2009_9_dnp_1 = proto_register_protocol(DOF_NETWORK_PROTOCOL " V1", "DOF.DNP.V1", "dof.dnp.v1");
11148 }
11149 }
11151 /**
11152 * The registration hand-off routine
11153 */
11155 {
11162 }
11165 {
11168 }
11170 /**
11171 * Initialize Core DNP Functionality
11172 */
11174 {
11176 {
11178 { "Flag", "dof.2008_1.dnp_1.flag", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x80, NULL, HFILL }
11179 },
11182 },
11183 };
11186 {
11189 };
11195 dnp_dissectors = register_dissector_table("dof.dnp", "DOF DNP Version", proto_2008_1_dnp, FT_UINT8, BASE_DEC);
11196 dnp_framing_dissectors = register_dissector_table("dof.dnp.frame", "DOF DNP Framing", proto_2008_1_dnp, FT_UINT8, BASE_DEC);
11200 }
11202 /* DPP Registration Support */
11204 /**
11205 * This routine is called each time the system is reset (file load, capture)
11206 * and so it should take care of freeing any of our persistent stuff.
11207 */
11209 {
11212 }
11215 {
11216 }
11219 {
11221 {
11224 },
11225 };
11228 {
11229 proto_2008_1_dpp_0 = proto_register_protocol(DOF_PRESENTATION_PROTOCOL " V0", "DPS.DPP.V0", "dof.dpp.v0");
11232 }
11233 }
11235 /**
11236 * The registration hand-off routine
11237 */
11239 {
11240 dissector_handle_t dpp_handle;
11244 }
11247 {
11251 {
11254 },
11257 },
11259 { "Operation ID Type", "dof.dpp.v2.flags.opidtype", FT_UINT8, BASE_DEC, VALS(strings_2009_12_dpp_opid_types), 0x60, NULL, HFILL } },
11261 { "Command/Response", "dof.dpp.v2.flags.cmdrsp", FT_BOOLEAN, 8, TFS(&tfs_response_command), 0x10, NULL, HFILL } },
11263 { "Sequence", "dof.dpp.v2.flags.sequence", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x04, NULL, HFILL } },
11265 { "Retry", "dof.dpp.v2.flags.retry", FT_BOOLEAN, 8, TFS(&tfs_present_not_present), 0x02, NULL, HFILL } },
11270 { "Security Mode Header", "dof.dpp.v2.security.flags.securitymodeheader", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } },
11272 { "Remote Domain ID", "dof.dpp.v2.security.flags.rdid", FT_UINT8, BASE_DEC, NULL, 0x08, NULL, HFILL } },
11274 { "Partition Present", "dof.dpp.v2.security.flags.partition", FT_UINT8, BASE_DEC, NULL, 0x04, NULL, HFILL } },
11276 { "SSID Present", "dof.dpp.v2.security.flags.ssid", FT_UINT8, BASE_DEC, NULL, 0x01, NULL, HFILL } },
11278 { "AS Present", "dof.dpp.v2.security.flags.as", FT_UINT8, BASE_DEC, NULL, 0x02, NULL, HFILL } },
11280 { "Security State Identifier", "dof.dpp.v2.security.ssid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
11282 { "Remote Domain Identifier", "dof.dpp.v2.security.rdid", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
11284 { "Remote Security Scope", "dof.dpp.v2.security.remote-scope", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
11286 { "Security Scope", "dof.dpp.v2.security.scope", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
11296 };
11299 {
11301 { "Opcode", "dof.dpp.v2s.opcode", FT_UINT8, BASE_DEC, VALS(strings_2009_12_dpp_common_opcodes), 0x0, NULL, HFILL } },
11302 };
11305 {
11313 };
11316 {
11317 { &ei_dpp2_dof_10_flags_zero, { "dof.dpp.v2.flags_zero", PI_UNDECODED, PI_ERROR, "DPS-10: Reserved flag bits must be zero.", EXPFILL } },
11318 { &ei_dpp_default_flags, { "dof.dpp.v2.flags_included", PI_COMMENTS_GROUP, PI_NOTE, "Default flag value is included explicitly.", EXPFILL } },
11319 { &ei_dpp_explicit_sender_sid_included, { "dof.dpp.v2.sender_sid_included", PI_PROTOCOL, PI_NOTE, "Explicit SID could be optimized, same as sender.", EXPFILL } },
11320 { &ei_dpp_explicit_receiver_sid_included, { "dof.dpp.v2.receiver_sid_included", PI_PROTOCOL, PI_NOTE, "Explicit SID could be optimized, same as receiver.", EXPFILL } },
11321 { &ei_dpp_no_security_context, { "dof.dpp.v2.no_context", PI_UNDECODED, PI_WARN, "No security context to enable packet decryption.", EXPFILL } },
11322 };
11325 {
11327 };
11330 {
11331 proto_2009_12_dpp = proto_register_protocol(DOF_PRESENTATION_PROTOCOL " V2", "DPS.DPP.V2", "dof.dpp.v2");
11334 }
11337 {
11338 proto_2009_12_dpp_common = proto_register_protocol(DOF_PRESENTATION_PROTOCOL " V2 Support", "DPS.DPP.V2S", "dof.dpp.v2s");
11345 }
11346 }
11348 /**
11349 * The registration hand-off routine
11350 */
11352 {
11353 dissector_handle_t dpp_handle;
11356 }
11358 /**
11359 * Initialize Core DPP Functionality
11360 */
11362 {
11364 {
11367 },
11370 },
11373 },
11376 },
11378 { "First Operation", "dof.dpp.v2.first-operation", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
11380 { "Last Operation", "dof.dpp.v2.last-operation", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
11382 { "First Response", "dof.dpp.v2.first-response", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
11384 { "Last Response", "dof.dpp.v2.last-response", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
11386 { "Related Frame", "dof.dpp.v2.related-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
11389 },
11392 },
11393 };
11396 {
11399 };
11402 {
11403 { &ei_dof_6_timeout, { "dof.dpp.timeout", PI_PROTOCOL, PI_ERROR, "DOF Violation: DPS.6: Negotiation not complete within 10 seconds.", EXPFILL } },
11404 };
11407 {
11414 dof_dpp_dissectors = register_dissector_table("dof.dpp", "DOF DPP Version", proto_2008_1_dpp, FT_UINT8, BASE_DEC);
11418 }
11422 }
11425 {
11428 }
11430 /* General Application Registration Support */
11433 {
11434 }
11437 {
11438 }
11440 /**
11441 * Initialize Core DPP Functionality
11442 */
11444 {
11446 {
11448 app_dissectors = register_dissector_table("dof.app", "DOF APP Version", proto_2008_1_app, FT_UINT16, BASE_DEC);
11449 }
11450 }
11453 {
11454 }
11456 /* DSP Registration Support */
11459 {
11460 }
11463 {
11464 }
11467 {
11469 {
11472 },
11475 { "Opcode", "dof.dsp.opcode", FT_UINT8, BASE_DEC, VALS(strings_2008_1_dsp_opcodes), 0x0, NULL, HFILL } },
11478 { "Attribute Code", "dof.dsp.avp.attribute-code", FT_UINT8, BASE_DEC, VALS(strings_2008_1_dsp_attribute_codes), 0x00, NULL, HFILL } },
11481 { "Attribute Data", "dof.dsp.avp.attribute-data", FT_UINT16, BASE_HEX, NULL, 0x00, NULL, HFILL } },
11484 { "Value Length", "dof.dsp.avp.value-length", FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL } },
11488 };
11491 {
11495 };
11501 }
11503 /**
11504 * The registration hand-off routine
11505 */
11507 {
11510 }
11513 {
11515 }
11518 {
11520 }
11522 /* CCM Registration Support */
11525 {
11526 }
11529 {
11530 }
11533 {
11537 {
11541 { "CCM Strength Count", "dof.ccm.strength-count", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
11543 { "CCM Strength", "dof.ccm.strength", FT_UINT8, BASE_DEC, VALS(ccm_strengths), 0x0, NULL, HFILL } },
11545 { "CCM Minimum Encrypt", "dof.ccm.encrypt.min", FT_BOOLEAN, 8, TFS(&tfs_encrypt_do_not_encrypt), 0x80, NULL, HFILL } },
11547 { "CCM Maximum Encrypt", "dof.ccm.encrypt.max", FT_BOOLEAN, 8, TFS(&tfs_encrypt_do_not_encrypt), 0x40, NULL, HFILL } },
11552 };
11555 {
11557 { "Opcode", "dof.ccm.opcode", FT_UINT8, BASE_DEC, VALS(ccm_opcode_strings), 0x0, NULL, HFILL } },
11558 };
11561 {
11565 };
11568 {
11578 { "Next Node Identifier", "dof.epp.v1.ccm.flags.next-nid", FT_UINT8, BASE_DEC, NULL, 0x02, NULL, HFILL } },
11588 { "Target Node ID", "dof.epp.v1.ccm.target", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
11591 };
11594 {
11597 };
11600 {
11601 { &ei_decode_failure, { "dof.ccm.decode_failure", PI_UNDECODED, PI_WARN, "Failure to decrypt packet.", EXPFILL } },
11602 };
11604 /* No Configuration options to register? */
11606 proto_ccm_app = proto_register_protocol("DOF CCM Security Mode App", "DOF.CCM.APP", "dof.ccm.app");
11607 proto_ccm = proto_register_protocol("DOF CCM Security Mode of Operation", "DOF.CCM", "dof.ccm");
11608 proto_ccm_dsp = proto_register_protocol("DOF CCM Security Mode DSP Options", "DOF.CCM.DSP", "dof.ccm.dsp");
11619 }
11621 /**
11622 * The registration hand-off routine
11623 */
11625 {
11637 }
11640 {
11642 }
11645 {
11647 }
11649 /* OAP Registration Support */
11652 {
11653 /* The value is not allocated, so does not need to be freed. */
11654 oap_1_alias_to_binding = g_hash_table_new_full(oap_1_alias_hash_func, oap_1_alias_equal_func, NULL, NULL);
11655 }
11658 {
11661 }
11664 {
11668 {
11670 { "Object Access Protocol", "dof.oap.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
11671 };
11674 {
11676 { "Opcode", "dof.oap.opcode", FT_UINT8, BASE_DEC, VALS(oap_opcode_strings), 0x1F, NULL, HFILL } },
11685 { "Internal Exception", "dof.oap.exception.internal", FT_UINT8, BASE_DEC, NULL, 0x80, NULL, HFILL } },
11688 { "Final Exception", "dof.oap.exception.final", FT_UINT8, BASE_DEC, NULL, 0x40, NULL, HFILL } },
11691 { "Exception Provider", "dof.oap.exception.provider", FT_UINT8, BASE_DEC, NULL, 0x20, NULL, HFILL } },
11697 { "Cache Delay Flag", "dof.oap.cmdcontrol.flag.cache", FT_UINT8, BASE_HEX, NULL, 0x40, NULL, HFILL } },
11703 { "Verbosity Flag", "dof.oap.cmdcontrol.flag.verbosity", FT_UINT8, BASE_HEX, NULL, 0x30, NULL, HFILL } },
11706 { "No Execute Flag", "dof.oap.cmdcontrol.flag.noexecute", FT_UINT8, BASE_HEX, NULL, 0x08, NULL, HFILL } },
11709 { "Ack List Flag", "dof.oap.cmdcontrol.flag.ack", FT_UINT8, BASE_HEX, NULL, 0x04, NULL, HFILL } },
11712 { "Ack List Count", "dof.oap.cmdcontrol.ackcnt", FT_UINT8, BASE_HEX, NULL, 0x00, NULL, HFILL } },
11718 { "Execution Delay Flag", "dof.oap.cmdcontrol.flag.delay", FT_UINT8, BASE_HEX, NULL, 0x02, NULL, HFILL } },
11721 { "Heuristic Flag", "dof.oap.cmdcontrol.flag.heuristic", FT_UINT8, BASE_HEX, NULL, 0x01, NULL, HFILL } },
11724 { "Heuristic", "dof.oap.cmdcontrol.heuristic", FT_UINT8, BASE_HEX, NULL, 0x00, NULL, HFILL } },
11741 #endif
11751 { "Command Frame", "dof.oap.command-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
11754 { "Response Frame", "dof.oap.response-frame", FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } },
11757 { "Operation Timeout", "dof.oap.opid.timeout", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } },
11758 #endif
11761 { "Minimum Delta", "dof.oap.subscription.min-delta", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
11768 };
11771 {
11782 };
11785 {
11786 { &ei_oap_no_session, { "dof.oap.no_session", PI_PROTOCOL, PI_ERROR, "Session not found", EXPFILL } },
11787 };
11790 proto_oap_1_dsp = proto_register_protocol("DOF Object Access Protocol DSP Options", "DOF.OAP.DSP", "dof.oap.dsp");
11798 }
11800 /**
11801 * The registration hand-off routine
11802 */
11804 {
11810 }
11813 {
11815 }
11818 {
11820 }
11822 /* SGMP Registration Support */
11828 {
11829 }
11832 {
11833 }
11836 {
11838 {
11840 { "Opcode", "dof.sgmp.v1.opcode", FT_UINT8, BASE_DEC, VALS(sgmp_opcode_strings), 0x0, NULL, HFILL } },
11849 { "Initiator Block", "dof.sgmp.v1.initiator-block", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
11852 { "Security Scope", "dof.sgmp.v1.security-scope", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
11855 { "Initial State", "dof.sgmp.v1.initial-state", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } },
11858 { "Latest SGMP Version", "dof.sgmp.v1.latest-sgmp-version", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } },
11877 };
11880 {
11887 };
11889 proto_sgmp = proto_register_protocol("DOF Secure Group Management Protocol", "DOF.SGMP", "dof.sgmp");
11893 }
11895 /**
11896 * The registration hand-off routine
11897 */
11899 {
11903 }
11906 {
11908 }
11911 {
11913 }
11915 /* TEP Registration Support */
11918 {
11919 }
11922 {
11923 }
11926 {
11928 {
11930 { "Ticket Exchange Protocol Version 1", "dof.tep1.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
11931 };
11934 {
11936 { "Operation", "dof.tep1.operation", FT_UINT8, BASE_DEC, VALS(tep_opcode_strings), 0x00, NULL, HFILL } },
11939 { "Operation Type", "dof.tep1.operation_type", FT_BOOLEAN, 8, TFS(&tep_optype_vals), TEP_OPCODE_RSP, NULL, HFILL } },
11942 { "Opcode", "dof.tep1.opcode", FT_UINT8, BASE_DEC, VALS(tep_opcode_strings), 0x0F, NULL, HFILL } },
11956 /* TEP.2.1 */
11961 { "Initiator Block", "dof.2008.4.tep1.2.1.initiator_block", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
11964 { "Ticket Confirmation", "dof.2008.4.tep1.2.1.ticket_confirmation", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },
11966 /* TEP.2.2 */
11968 { "Initiator Ticket", "dof.2008.4.tep1.2.2.initiator_ticket", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
11971 { "Ticket Confirmation", "dof.2008.4.tep1.2.2.ticket_confirmation", FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },
11974 { "Responder Initialization", "dof.2008.4.tep1.2.2.responder_initialization", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
11977 { "Responder Block", "dof.2008.4.tep1.2.2.responder_block", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
11980 { "Authenticator Initialization", "dof.2008.4.tep1.2.2.authenticator_initialization", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
11982 /* TEP.2.2.1 */
11984 { "State Identifier", "dof.2008.4.tep1.2.2.1.state_identifier", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
11987 { "Initial State", "dof.2008.4.tep1.2.2.1.initial_state", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
11991 };
11994 {
12009 };
12011 /* module_t *tep_module;*/
12013 /* No Configuration options to register? */
12015 proto_tep = proto_register_protocol("DOF Ticket Exchange Protocol Version 1", "DOF.TEP1", "dof.tep1");
12017 proto_tep_dsp = proto_register_protocol("DOF Ticket Exchange Protocol DSP Options", "DOF.TEP1.DSP", "dof.tep1.dsp");
12023 /* tep_module = prefs_register_protocol( proto_tep, NULL );*/
12024 }
12026 /**
12027 * The registration hand-off routine
12028 */
12030 {
12036 }
12039 {
12041 }
12044 {
12046 }
12048 /* TRP Registration Support */
12051 {
12052 }
12055 {
12056 }
12059 {
12063 {
12065 { "Ticket Request Protocol", "dof.trp.dsp_opt", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12066 };
12069 {
12071 { "Opcode", "dof.trp.opcode", FT_UINT8, BASE_DEC, VALS(trp_opcode_strings), 0x0, NULL, HFILL } },
12077 { "Identity Resolution", "dof.trp.identity_resolution", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12080 { "Initiator Request", "dof.trp.initiator_request", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12083 { "Responder Request", "dof.trp.responder_request", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12086 { "Initiator Ticket", "dof.trp.initiator_ticket", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12089 { "Responder Ticket", "dof.trp.responder_ticket", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12092 { "Authentication Block", "dof.trp.authentication_block", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12095 { "Group Identifier", "dof.trp.group_identifier", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12098 { "Node Identifier", "dof.trp.node_identifier", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12116 { "Security Scope", "dof.trp.security_scope", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12126 { "Initiator Permissions", "dof.trp.initiator_pg", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12127 #endif
12130 { "Initiator Validation", "dof.trp.initiator_validation", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12133 { "Responder Permissions", "dof.trp.responder_pg", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12136 { "Responder Validation", "dof.trp.responder_validation", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12139 { "Error Code", "dof.trp.errorcode", FT_UINT8, BASE_DEC, VALS(trp_error_strings), 0x0, NULL, HFILL } },
12206 { "Provider Key Authenticator", "dof.trp.pka", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
12207 #endif
12208 };
12211 {
12233 };
12236 {
12237 { &ei_trp_initiator_id_known, { "dof.trp.initiator_id_known", PI_PROTOCOL, PI_COMMENT, "Initiator identity known", EXPFILL } },
12238 { &ei_trp_kek_discovered, { "dof.trp.kek_discovered", PI_PROTOCOL, PI_COMMENT, "KEK discovered", EXPFILL } },
12239 };
12241 /* No Configuration options to register? */
12245 proto_trp_dsp = proto_register_protocol("DOF Ticket Request Protocol DSP Options", "DOF.TRP.DSP", "dof.trp.dsp");
12252 }
12254 /**
12255 * The registration hand-off routine
12256 */
12258 {
12264 }
12267 {
12269 }
12272 {
12274 }
12276 /* Wireshark Dissector Registration Proper */
12278 /**
12279 * This is called only during reset (file load, reload, etc.).
12280 */
12282 {
12295 }
12298 {
12311 }
12313 static void
12315 {
12322 }
12329 }
12341 }
12343 /**
12344 * This is the first entry point into the dissector, called on program launch.
12345 */
12347 {
12364 }
12366 /**
12367 * This routine is called after initialization and whenever the preferences are changed.
12368 */
12370 {
12383 }
12385 /**
12386 * Protocol-specific data attached to a conversation_t structure - protocol
12387 * index and opaque pointer.
12388 */
12395 {
12403 else
12405 }
12408 static void dof_session_add_proto_data(dof_session_data *session, int proto, void *proto_data)
12409 {
12415 /* Add it to the list of items for this conversation. */
12418 }
12421 {
12429 p_compare);
12432 {
12435 }
12438 }
12441 {
12442 dof_proto_data temp;
12449 p_compare);
12452 {
12455 }
12456 }
12457 #endif
12460 {
12466 /* Add it to the list of items for this conversation. */
12469 }
12472 {
12480 p_compare);
12483 {
12486 }
12489 }
12491 static int dof_dissect_pdu_as_field(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int item, int ett, void *result)
12492 {
12500 }
12502 static int dof_dissect_pdu(dissector_t dissector, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *result)
12503 {
12508 }
12510 static int dof_dissect_dnp_length(tvbuff_t *tvb, packet_info *pinfo, uint8_t version, int *offset)
12511 {
12512 dissector_handle_t dp;
12519 }
12521 /*
12522 * Editor modelines - https://www.wireshark.org/tools/modelines.html
12523 *
12524 * Local variables:
12525 * c-basic-offset: 4
12526 * tab-width: 8
12527 * indent-tabs-mode: nil
12528 * End:
12529 *
12530 * vi: set shiftwidth=4 tabstop=8 expandtab:
12531 * :indentSize=4:tabSize=8:noTabs=true:
12532 */