search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
epan/dissectors/pidl/ C99 drsuapi
[wireshark-sm.git] / epan / dissectors / packet-pktc.c
blob4eecb05f16363da8ded361b80585ca8b30185bb4
1 /* packet-pktc.c
2 * Routines for PacketCable (PKTC) Kerberized Key Management and
3 * PacketCable (PKTC) MTA FQDN packet disassembly
4 *
5 * References:
6 * [1] PacketCable 1.0 Security Specification, PKT-SP-SEC-I11-040730, July 30,
7 * 2004, Cable Television Laboratories, Inc., http://www.PacketCable.com/
8 * http://www.cablelabs.com/wp-content/uploads/specdocs/PKT-SP-SEC-I11-040730.pdf
9 *
10 * Ronnie Sahlberg 2004
11 * Thomas Anders 2004
12 *
13 * Wireshark - Network traffic analyzer
14 * By Gerald Combs <gerald@wireshark.org>
15 * Copyright 1998 Gerald Combs
16 *
17 * SPDX-License-Identifier: GPL-2.0-or-later
18 */
19
20 #include "config.h"
21
22 #include <epan/packet.h>
23 #include <epan/exceptions.h>
24 #include <epan/expert.h>
25 #include <epan/to_str.h>
26 #include <epan/asn1.h>
27 #include "packet-ber.h"
28 #include "packet-kerberos.h"
29 #include "packet-snmp.h"
30
31 #define PKTC_PORT 1293
32 #define PKTC_MTAFQDN_PORT 2246
33
34 void proto_register_pktc(void);
35 void proto_reg_handoff_pktc(void);
36 void proto_register_pktc_mtafqdn(void);
37 void proto_reg_handoff_pktc_mtafqdn(void);
38
39 static dissector_handle_t pktc_handle;
40 static dissector_handle_t pktc_mtafqdn_handle;
41
42 static int proto_pktc;
43 static int proto_pktc_mtafqdn;
44 static int hf_pktc_app_spec_data;
45 static int hf_pktc_list_of_ciphersuites;
46 static int hf_pktc_list_of_ciphersuites_len;
47 static int hf_pktc_kmmid;
48 static int hf_pktc_doi;
49 static int hf_pktc_version_major;
50 static int hf_pktc_version_minor;
51 static int hf_pktc_server_nonce;
52 static int hf_pktc_server_principal;
53 static int hf_pktc_timestamp;
54 static int hf_pktc_snmpEngineID_len;
55 static int hf_pktc_snmpEngineID;
56 static int hf_pktc_snmpEngineBoots;
57 static int hf_pktc_snmpEngineTime;
58 static int hf_pktc_usmUserName_len;
59 static int hf_pktc_usmUserName;
60 static int hf_pktc_ipsec_spi;
61 static int hf_pktc_snmpAuthenticationAlgorithm;
62 static int hf_pktc_snmpEncryptionTransformID;
63 static int hf_pktc_ipsecAuthenticationAlgorithm;
64 static int hf_pktc_ipsecEncryptionTransformID;
65 static int hf_pktc_reestablish_flag;
66 static int hf_pktc_ack_required_flag;
67 static int hf_pktc_sha1_hmac;
68 static int hf_pktc_sec_param_lifetime;
69 static int hf_pktc_grace_period;
70
71 static int hf_pktc_mtafqdn_msgtype;
72 static int hf_pktc_mtafqdn_enterprise;
73 static int hf_pktc_mtafqdn_version;
74 static int hf_pktc_mtafqdn_mac;
75 static int hf_pktc_mtafqdn_pub_key_hash;
76 static int hf_pktc_mtafqdn_manu_cert_revoked;
77 static int hf_pktc_mtafqdn_fqdn;
78 static int hf_pktc_mtafqdn_ip;
79
80 static int ett_pktc;
81 static int ett_pktc_app_spec_data;
82 static int ett_pktc_list_of_ciphersuites;
83 static int ett_pktc_engineid;
84 static int ett_pktc_version;
85
86 static int ett_pktc_mtafqdn;
87
88 static expert_field ei_pktc_unknown_kmmid;
89 static expert_field ei_pktc_unknown_doi;
90 static expert_field ei_pktc_unknown_kerberos_application;
91
92 #define KMMID_WAKEUP 0x01
93 #define KMMID_AP_REQUEST 0x02
94 #define KMMID_AP_REPLY 0x03
95 #define KMMID_SEC_PARAM_REC 0x04
96 #define KMMID_REKEY 0x05
97 #define KMMID_ERROR_REPLY 0x06
98 static const value_string kmmid_types[] = {
99 { KMMID_WAKEUP , "Wake Up" },
100 { KMMID_AP_REQUEST , "AP Request" },
101 { KMMID_AP_REPLY , "AP Reply" },
102 { KMMID_SEC_PARAM_REC , "Security Parameter Recovered" },
103 { KMMID_REKEY , "Rekey" },
104 { KMMID_ERROR_REPLY , "Error Reply" },
105 { 0, NULL }
106 };
107
108 #define DOI_IPSEC 0x01
109 #define DOI_SNMPv3 0x02
110 #define SNMPv3_NULL 0x20
111 #define SNMPv3_DES 0x21
112 #define SNMPv3_HMAC_MD5 0x21
113 #define SNMPv3_HMAC_SHA1 0x22
114 #define ESP_3DES 0x03
115 #define ESP_RC5 0x04
116 #define ESP_IDEA 0x05
117 #define ESP_CAST 0x06
118 #define ESP_BLOWFISH 0x07
119 #define ESP_NULL 0x0b
120 #define ESP_AES 0x0c
121 #define HMAC_MD5_96 0x01
122 #define HMAC_SHA1_96 0x02
123
124
125 /* Domain of Interpretation */
126 static const value_string doi_types[] = {
127 { DOI_IPSEC , "IPsec" },
128 { DOI_SNMPv3 , "SNMPv3" },
129 { 0, NULL }
130 };
131
132 /* SNMPv3 ciphersuites */
133 static const value_string snmp_authentication_algorithm_vals[] = {
134 { SNMPv3_HMAC_MD5 , "HMAC-MD5" },
135 { SNMPv3_HMAC_SHA1 , "HMAC-SHA1" },
136 { 0 , NULL }
137 };
138 static const value_string snmp_transform_id_vals[] = {
139 { SNMPv3_NULL , "NULL" }, /* no encryption */
140 { SNMPv3_DES , "DES" },
141 { 0 , NULL }
142 };
143
144 /* IPsec ciphersuites */
145 static const value_string ipsec_transform_id_vals[] = {
146 { ESP_3DES , "3DES" },
147 { ESP_RC5 , "RC5" },
148 { ESP_IDEA , "IDEA" },
149 { ESP_CAST , "CAST" },
150 { ESP_BLOWFISH , "BLOWFISH" },
151 { ESP_NULL , "NULL" }, /* no encryption, RFC 2410 */
152 { ESP_AES , "AES-128" },
153 { 0 , NULL }
154 };
155
156 static const value_string ipsec_authentication_algorithm_vals[] = {
157 { HMAC_MD5_96 , "HMAC-MD5-96" }, /* RFC 2403 */
158 { HMAC_SHA1_96 , "HMAC-SHA-1-96" }, /* RFC 2404 */
159 { 0 , NULL }
160 };
161
162 /* MTA FQDN Message Types */
163 #define PKTC_MTAFQDN_REQ 0x01
164 #define PKTC_MTAFQDN_REP 0x02
165 #define PKTC_MTAFQDN_ERR 0x03
166 static const value_string pktc_mtafqdn_msgtype_vals[] = {
167 { PKTC_MTAFQDN_REQ, "MTA FQDN Request" },
168 { PKTC_MTAFQDN_REP, "MTA FQDN Reply" },
169 { PKTC_MTAFQDN_ERR, "MTA FQDN Error Reply" },
170 { 0 , NULL }
171 };
172
173 static int
174 dissect_pktc_app_specific_data(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t *tvb, int offset, uint8_t doi, uint8_t kmmid)
175 {
176 int old_offset=offset;
177 proto_tree *tree;
178 proto_tree *engineid_tree = NULL;
179 proto_item *item;
180 proto_item *engineid_item = NULL;
181 uint8_t len;
182
183 item = proto_tree_add_item(parent_tree, hf_pktc_app_spec_data, tvb, offset, -1, ENC_NA);
184 tree = proto_item_add_subtree(item, ett_pktc_app_spec_data);
185
186 switch(doi){
187 case DOI_SNMPv3:
188 switch(kmmid){
189 /* we don't distinguish between manager and agent engineid.
190 feel free to add separation for this if it is imporant enough
191 for you. */
192 case KMMID_AP_REQUEST:
193 case KMMID_AP_REPLY:
194 /* snmpEngineID Length */
195 len=tvb_get_uint8(tvb, offset);
196 proto_tree_add_uint(tree, hf_pktc_snmpEngineID_len, tvb, offset, 1, len);
197 offset+=1;
198
199 /* snmpEngineID */
200 engineid_item = proto_tree_add_item(tree, hf_pktc_snmpEngineID, tvb, offset, len, ENC_NA);
201 engineid_tree = proto_item_add_subtree(engineid_item, ett_pktc_engineid);
202 dissect_snmp_engineid(engineid_tree, pinfo, tvb, offset, len);
203 offset+=len;
204
205 /* boots */
206 proto_tree_add_item(tree, hf_pktc_snmpEngineBoots, tvb, offset, 4, ENC_BIG_ENDIAN);
207 offset+=4;
208
209 /* time */
210 proto_tree_add_item(tree, hf_pktc_snmpEngineTime, tvb, offset, 4, ENC_BIG_ENDIAN);
211 offset+=4;
212
213 /* usmUserName Length */
214 len=tvb_get_uint8(tvb, offset);
215 proto_tree_add_uint(tree, hf_pktc_usmUserName_len, tvb, offset, 1, len);
216 offset+=1;
217
218 /* usmUserName */
219 proto_tree_add_item(tree, hf_pktc_usmUserName, tvb, offset, len, ENC_ASCII);
220 offset+=len;
221
222 break;
223 default:
224 proto_tree_add_expert(tree, pinfo, &ei_pktc_unknown_kmmid, tvb, offset, 1);
225 };
226 break;
227 case DOI_IPSEC:
228 switch(kmmid){
229 /* we don't distinguish between SPIs for inbound Security Associations
230 of the client (AP-REQ) vs. server (AP-REP, REKEY). Feel free to add
231 separation for this if it is imporant enough for you. */
232 case KMMID_AP_REQUEST:
233 case KMMID_AP_REPLY:
234 case KMMID_REKEY:
235 /* Security Parameter Index (SPI) */
236 proto_tree_add_item(tree, hf_pktc_ipsec_spi, tvb, offset, 4, ENC_BIG_ENDIAN);
237 offset+=4;
238
239 break;
240 default:
241 proto_tree_add_expert(tree, pinfo, &ei_pktc_unknown_kmmid, tvb, offset, 1);
242 };
243 break;
244 default:
245 proto_tree_add_expert(tree, pinfo, &ei_pktc_unknown_doi, tvb, offset, 1);
246 }
247
248 proto_item_set_len(item, offset-old_offset);
249 return offset;
250 }
251
252 static int
253 dissect_pktc_list_of_ciphersuites(packet_info *pinfo _U_, proto_tree *parent_tree, tvbuff_t *tvb, int offset, uint8_t doi)
254 {
255 int old_offset=offset;
256 proto_tree *tree;
257 proto_item *item, *hidden_item;
258 uint8_t len, i;
259
260 item = proto_tree_add_item(parent_tree, hf_pktc_list_of_ciphersuites, tvb, offset, -1, ENC_NA);
261 tree = proto_item_add_subtree(item, ett_pktc_list_of_ciphersuites);
262
263 /* number of ciphersuites */
264 len=tvb_get_uint8(tvb, offset);
265 if (len>0) {
266 proto_item_append_text(tree, " (%d):", len);
267 }
268 hidden_item = proto_tree_add_uint(tree, hf_pktc_list_of_ciphersuites_len, tvb, offset, 1, len);
269 proto_item_set_hidden(hidden_item);
270 offset+=1;
271
272 switch(doi){
273 case DOI_SNMPv3:
274 for(i=0;i<len;i++){
275 /* SNMPv3 authentication algorithm */
276 proto_tree_add_item(tree, hf_pktc_snmpAuthenticationAlgorithm, tvb, offset, 1, ENC_BIG_ENDIAN);
277 proto_item_append_text(tree, " %s", val_to_str(tvb_get_uint8(tvb, offset), snmp_authentication_algorithm_vals, "%0x"));
278 offset+=1;
279
280 /* SNMPv3 encryption transform id */
281 proto_tree_add_item(tree, hf_pktc_snmpEncryptionTransformID, tvb, offset, 1, ENC_BIG_ENDIAN);
282 proto_item_append_text(tree, "/%s", val_to_str(tvb_get_uint8(tvb, offset), snmp_transform_id_vals, "%0x"));
283 offset+=1;
284 }
285 break;
286 case DOI_IPSEC:
287 for(i=0;i<len;i++){
288 /* IPsec authentication algorithm */
289 proto_tree_add_item(tree, hf_pktc_ipsecAuthenticationAlgorithm, tvb, offset, 1, ENC_BIG_ENDIAN);
290 proto_item_append_text(tree, " %s", val_to_str(tvb_get_uint8(tvb, offset), ipsec_authentication_algorithm_vals, "%0x"));
291 offset+=1;
292
293 /* IPsec encryption transform id */
294 proto_tree_add_item(tree, hf_pktc_ipsecEncryptionTransformID, tvb, offset, 1, ENC_BIG_ENDIAN);
295 proto_item_append_text(tree, "/%s", val_to_str(tvb_get_uint8(tvb, offset), ipsec_transform_id_vals, "%0x"));
296 offset+=1;
297 }
298 break;
299 default:
300 proto_tree_add_expert(tree, pinfo, &ei_pktc_unknown_doi, tvb, offset, 1);
301 }
302
303 proto_item_set_len(item, offset-old_offset);
304 return offset;
305 }
306
307 static int
308 dissect_pktc_wakeup(proto_tree *tree, tvbuff_t *tvb, int offset)
309 {
310 uint32_t snonce;
311 unsigned string_len;
312
313 /* Server Nonce */
314 snonce=tvb_get_ntohl(tvb, offset);
315 proto_tree_add_uint(tree, hf_pktc_server_nonce, tvb, offset, 4, snonce);
316 offset+=4;
317
318 /* Server Kerberos Principal Identifier */
319 string_len=tvb_strsize(tvb, offset);
320 proto_tree_add_item(tree, hf_pktc_server_principal, tvb, offset, string_len, ENC_ASCII);
321 offset+=string_len;
322
323 return offset;
324 }
325
326 static int
327 dissect_pktc_ap_request(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, uint8_t doi)
328 {
329 tvbuff_t *pktc_tvb;
330 uint32_t snonce;
331
332 /* AP Request kerberos blob */
333 pktc_tvb = tvb_new_subset_remaining(tvb, offset);
334 offset += dissect_kerberos_main(pktc_tvb, pinfo, tree, false, NULL);
335
336 /* Server Nonce */
337 snonce=tvb_get_ntohl(tvb, offset);
338 proto_tree_add_uint(tree, hf_pktc_server_nonce, tvb, offset, 4, snonce);
339 offset+=4;
340
341 /* app specific data */
342 offset=dissect_pktc_app_specific_data(pinfo, tree, tvb, offset, doi, KMMID_AP_REQUEST);
343
344 /* list of ciphersuites */
345 offset=dissect_pktc_list_of_ciphersuites(pinfo, tree, tvb, offset, doi);
346
347 /* re-establish flag */
348 proto_tree_add_item(tree, hf_pktc_reestablish_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
349 offset+=1;
350
351 /* sha-1 hmac */
352 proto_tree_add_item(tree, hf_pktc_sha1_hmac, tvb, offset, 20, ENC_NA);
353 offset+=20;
354
355 return offset;
356 }
357
358 static int
359 dissect_pktc_ap_reply(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, uint8_t doi)
360 {
361 tvbuff_t *pktc_tvb;
362
363 /* AP Reply kerberos blob */
364 pktc_tvb = tvb_new_subset_remaining(tvb, offset);
365 offset += dissect_kerberos_main(pktc_tvb, pinfo, tree, false, NULL);
366
367 /* app specific data */
368 offset=dissect_pktc_app_specific_data(pinfo, tree, tvb, offset, doi, KMMID_AP_REPLY);
369
370 /* selected ciphersuite */
371 offset=dissect_pktc_list_of_ciphersuites(pinfo, tree, tvb, offset, doi);
372
373 /* sec param lifetime */
374 proto_tree_add_uint_format(tree, hf_pktc_sec_param_lifetime, tvb, offset, 4,
375 tvb_get_ntohl(tvb, offset), "%s: %s",
376 proto_registrar_get_name(hf_pktc_sec_param_lifetime),
377 signed_time_secs_to_str(pinfo->pool, tvb_get_ntohl(tvb, offset)));
378 offset+=4;
379
380 /* grace period */
381 proto_tree_add_item(tree, hf_pktc_grace_period, tvb, offset, 4, ENC_BIG_ENDIAN);
382 offset+=4;
383
384 /* re-establish flag */
385 proto_tree_add_item(tree, hf_pktc_reestablish_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
386 offset+=1;
387
388 /* ack required flag */
389 proto_tree_add_item(tree, hf_pktc_ack_required_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
390 offset+=1;
391
392 /* sha-1 hmac */
393 proto_tree_add_item(tree, hf_pktc_sha1_hmac, tvb, offset, 20, ENC_NA);
394 offset+=20;
395
396 return offset;
397 }
398
399 static int
400 dissect_pktc_sec_param_rec(proto_tree *tree, tvbuff_t *tvb, int offset)
401 {
402 /* sha-1 hmac of the subkey of the preceding AP-REP */
403 proto_tree_add_item(tree, hf_pktc_sha1_hmac, tvb, offset, 20, ENC_NA);
404 offset+=20;
405
406 return offset;
407 }
408
409 static int
410 dissect_pktc_rekey(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, uint8_t doi)
411 {
412 uint32_t snonce;
413 unsigned string_len;
414 const uint8_t *timestr;
415 char *display;
416 int yy, mm, dd, hh, _mm, ss;
417
418 /* Server Nonce */
419 snonce=tvb_get_ntohl(tvb, offset);
420 proto_tree_add_uint(tree, hf_pktc_server_nonce, tvb, offset, 4, snonce);
421 offset+=4;
422
423 /* Server Kerberos Principal Identifier */
424 string_len=tvb_strsize(tvb, offset);
425 proto_tree_add_item(tree, hf_pktc_server_principal, tvb, offset, string_len, ENC_ASCII);
426 offset+=string_len;
427
428 /* Timestamp: YYMMDDhhmmssZ */
429 /* They really came up with a two-digit year in late 1990s! =8o */
430 timestr=display=tvb_get_string_enc(pinfo->pool, tvb, offset, 13, ENC_ASCII);
431 if (sscanf(timestr, "%2d%2d%2d%2d%2d%2dZ", &yy, &mm, &dd, &hh, &_mm, &ss) == 6) {
432 display = wmem_strdup_printf(pinfo->pool, "%02d-%02d-%02d %02d:%02d:%02d",
433 yy, mm, dd, hh, _mm, ss);
434 }
435 proto_tree_add_string_format_value(tree, hf_pktc_timestamp, tvb,
436 offset, 13, timestr, "%s", display);
437 offset+=13;
438
439 /* app specific data */
440 offset=dissect_pktc_app_specific_data(pinfo, tree, tvb, offset, doi, KMMID_REKEY);
441
442 /* list of ciphersuites */
443 offset=dissect_pktc_list_of_ciphersuites(pinfo, tree, tvb, offset, doi);
444
445 /* sec param lifetime */
446 proto_tree_add_item(tree, hf_pktc_sec_param_lifetime, tvb, offset, 4, ENC_BIG_ENDIAN);
447 offset+=4;
448
449 /* grace period */
450 proto_tree_add_item(tree, hf_pktc_grace_period, tvb, offset, 4, ENC_BIG_ENDIAN);
451 offset+=4;
452
453 /* re-establish flag */
454 proto_tree_add_item(tree, hf_pktc_reestablish_flag, tvb, offset, 1, ENC_BIG_ENDIAN);
455 offset+=1;
456
457 /* sha-1 hmac */
458 proto_tree_add_item(tree, hf_pktc_sha1_hmac, tvb, offset, 20, ENC_NA);
459 offset+=20;
460
461 return offset;
462 }
463
464 static int
465 dissect_pktc_error_reply(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
466 {
467 tvbuff_t *pktc_tvb;
468
469 /* KRB_ERROR */
470 pktc_tvb = tvb_new_subset_remaining(tvb, offset);
471 offset += dissect_kerberos_main(pktc_tvb, pinfo, tree, false, NULL);
472
473 return offset;
474 }
475
476 static int
477 dissect_pktc_mtafqdn_krbsafeuserdata(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree)
478 {
479 int offset=0, string_len=0;
480 uint8_t msgtype;
481 uint32_t bignum;
482 nstime_t ts;
483
484 /* message type */
485 msgtype = tvb_get_uint8(tvb, offset);
486 proto_tree_add_uint(tree, hf_pktc_mtafqdn_msgtype, tvb, offset, 1, msgtype);
487 offset+=1;
488
489 col_add_str(pinfo->cinfo, COL_INFO,
490 val_to_str(msgtype, pktc_mtafqdn_msgtype_vals, "MsgType %u"));
491
492 /* enterprise */
493 proto_tree_add_item(tree, hf_pktc_mtafqdn_enterprise, tvb, offset, 4, ENC_BIG_ENDIAN);
494 offset+=4;
495
496 /* protocol version */
497 proto_tree_add_item(tree, hf_pktc_mtafqdn_version, tvb, offset, 1, ENC_NA);
498 offset+=1;
499
500 switch(msgtype) {
501 case PKTC_MTAFQDN_REQ:
502 /* MTA MAC address */
503 proto_tree_add_item(tree, hf_pktc_mtafqdn_mac, tvb, offset, 6, ENC_NA);
504 offset+=6;
505
506 /* MTA pub key hash */
507 proto_tree_add_item(tree, hf_pktc_mtafqdn_pub_key_hash, tvb, offset, 20, ENC_NA);
508 offset+=20;
509
510 /* manufacturer cert revocation time */
511 bignum = tvb_get_ntohl(tvb, offset);
512 ts.secs = bignum;
513 if (bignum==0) {
514 proto_tree_add_time_format_value(tree, hf_pktc_mtafqdn_manu_cert_revoked, tvb, offset, 4,
515 &ts, "not revoked");
516 } else {
517 proto_tree_add_time(tree, hf_pktc_mtafqdn_manu_cert_revoked, tvb, offset, 4, &ts);
518 }
519 break;
520
521 case PKTC_MTAFQDN_REP:
522 /* MTA FQDN */
523 string_len = tvb_reported_length_remaining(tvb, offset) - 4;
524 proto_tree_add_item(tree, hf_pktc_mtafqdn_fqdn, tvb, offset, string_len, ENC_ASCII);
525 offset+=string_len;
526
527 /* MTA IP address */
528 tvb_memcpy(tvb, (uint8_t *)&bignum, offset, sizeof(bignum));
529 proto_tree_add_ipv4(tree, hf_pktc_mtafqdn_ip, tvb, offset, 4, bignum);
530
531 break;
532 }
533
534 return offset;
535 }
536
537 static kerberos_callbacks cb[] = {
538 { KRB_CBTAG_SAFE_USER_DATA, dissect_pktc_mtafqdn_krbsafeuserdata },
539 { 0, NULL }
540 };
541
542 static int
543 dissect_pktc_mtafqdn(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
544 {
545 int offset=0;
546 proto_tree *pktc_mtafqdn_tree;
547 proto_item *item;
548 tvbuff_t *pktc_mtafqdn_tvb;
549 int8_t ber_class;
550 bool pc;
551 int32_t tag;
552
553 col_set_str(pinfo->cinfo, COL_PROTOCOL, "PKTC");
554
555 item = proto_tree_add_item(tree, proto_pktc, tvb, 0, 0, ENC_NA);
556 pktc_mtafqdn_tree = proto_item_add_subtree(item, ett_pktc_mtafqdn);
557
558 col_add_fstr(pinfo->cinfo, COL_INFO, "MTA FQDN %s",
559 pinfo->srcport == pinfo->match_uint ? "Reply":"Request");
560
561 /* KRB_AP_RE[QP] */
562 pktc_mtafqdn_tvb = tvb_new_subset_remaining(tvb, offset);
563 get_ber_identifier(pktc_mtafqdn_tvb, 0, &ber_class, &pc, &tag);
564 if ((tag == KERBEROS_APPLICATIONS_AP_REQ) || (tag == KERBEROS_APPLICATIONS_AP_REP)) {
565 offset += dissect_kerberos_main(pktc_mtafqdn_tvb, pinfo, pktc_mtafqdn_tree, false, NULL);
566 } else {
567 expert_add_info_format(pinfo, item, &ei_pktc_unknown_kerberos_application, "Unknown Kerberos application (%d), expected 10 or 11", tag);
568 return tvb_captured_length(tvb);
569 }
570
571 /* KRB_SAFE */
572 pktc_mtafqdn_tvb = tvb_new_subset_remaining(tvb, offset);
573 get_ber_identifier(pktc_mtafqdn_tvb, 0, &ber_class, &pc, &tag);
574 if (tag == KERBEROS_APPLICATIONS_KRB_SAFE) {
575 offset += dissect_kerberos_main(pktc_mtafqdn_tvb, pinfo, pktc_mtafqdn_tree, false, cb);
576 } else {
577 expert_add_info_format(pinfo, item, &ei_pktc_unknown_kerberos_application, "Unknown Kerberos application (%d), expected 20", tag);
578 }
579
580 proto_item_set_len(item, offset);
581 return tvb_captured_length(tvb);
582 }
583
584
585 static int
586 dissect_pktc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
587 {
588 uint8_t kmmid, doi, version;
589 int offset=0;
590 proto_tree *pktc_tree, *version_tree;
591 proto_item *item;
592
593 col_set_str(pinfo->cinfo, COL_PROTOCOL, "PKTC");
594
595 item = proto_tree_add_item(tree, proto_pktc, tvb, 0, 3, ENC_NA);
596 pktc_tree = proto_item_add_subtree(item, ett_pktc);
597
598 /* key management message id */
599 kmmid=tvb_get_uint8(tvb, offset);
600 proto_tree_add_uint(pktc_tree, hf_pktc_kmmid, tvb, offset, 1, kmmid);
601 offset+=1;
602
603 /* domain of interpretation */
604 doi=tvb_get_uint8(tvb, offset);
605 proto_tree_add_uint(pktc_tree, hf_pktc_doi, tvb, offset, 1, doi);
606 offset+=1;
607
608 /* version */
609 version=tvb_get_uint8(tvb, offset);
610 version_tree = proto_tree_add_subtree_format(pktc_tree, tvb, offset, 1, ett_pktc_version, NULL,
611 "Version: %d.%d", (version>>4)&0x0f, (version)&0x0f);
612 proto_tree_add_item(version_tree, hf_pktc_version_major, tvb, offset, 1, ENC_BIG_ENDIAN);
613 proto_tree_add_item(version_tree, hf_pktc_version_minor, tvb, offset, 1, ENC_BIG_ENDIAN);
614 offset+=1;
615
616 /* fill COL_INFO */
617 col_add_str(pinfo->cinfo, COL_INFO,
618 val_to_str(kmmid, kmmid_types, "Unknown KMMID %#x"));
619 col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)",
620 val_to_str(doi, doi_types, "Unknown DOI %#x"));
621
622 switch(kmmid){
623 case KMMID_WAKEUP:
624 offset=dissect_pktc_wakeup(pktc_tree, tvb, offset);
625 break;
626 case KMMID_AP_REQUEST:
627 offset=dissect_pktc_ap_request(pinfo, pktc_tree, tvb, offset, doi);
628 break;
629 case KMMID_AP_REPLY:
630 offset=dissect_pktc_ap_reply(pinfo, pktc_tree, tvb, offset, doi);
631 break;
632 case KMMID_SEC_PARAM_REC:
633 offset=dissect_pktc_sec_param_rec(pktc_tree, tvb, offset);
634 break;
635 case KMMID_REKEY:
636 offset=dissect_pktc_rekey(pinfo, pktc_tree, tvb, offset, doi);
637 break;
638 case KMMID_ERROR_REPLY:
639 offset=dissect_pktc_error_reply(pinfo, pktc_tree, tvb, offset);
640 break;
641 };
642
643 proto_item_set_len(item, offset);
644 return tvb_captured_length(tvb);
645 }
646
647 void
648 proto_register_pktc(void)
649 {
650 static hf_register_info hf[] = {
651 { &hf_pktc_kmmid, {
652 "Key Management Message ID", "pktc.kmmid", FT_UINT8, BASE_HEX,
653 VALS(kmmid_types), 0, NULL, HFILL }},
654 { &hf_pktc_doi, {
655 "Domain of Interpretation", "pktc.doi", FT_UINT8, BASE_DEC,
656 VALS(doi_types), 0, NULL, HFILL }},
657 { &hf_pktc_version_major, {
658 "Major version", "pktc.version.major", FT_UINT8, BASE_DEC,
659 NULL, 0xF0, "Major version of PKTC", HFILL }},
660 { &hf_pktc_version_minor, {
661 "Minor version", "pktc.version.minor", FT_UINT8, BASE_DEC,
662 NULL, 0x0F, "Minor version of PKTC", HFILL }},
663 { &hf_pktc_server_nonce, {
664 "Server Nonce", "pktc.server_nonce", FT_UINT32, BASE_HEX,
665 NULL, 0, "Server Nonce random number", HFILL }},
666 { &hf_pktc_server_principal, {
667 "Server Kerberos Principal Identifier", "pktc.server_principal", FT_STRING, BASE_NONE,
668 NULL, 0, NULL, HFILL }},
669 { &hf_pktc_timestamp, {
670 "Timestamp", "pktc.timestamp", FT_STRING, BASE_NONE,
671 NULL, 0, "Timestamp (UTC)", HFILL }},
672 { &hf_pktc_app_spec_data, {
673 "Application Specific Data", "pktc.asd", FT_NONE, BASE_NONE,
674 NULL, 0, "KMMID/DOI application specific data", HFILL }},
675 { &hf_pktc_list_of_ciphersuites, {
676 "List of Ciphersuites", "pktc.ciphers", FT_NONE, BASE_NONE,
677 NULL, 0, NULL, HFILL }},
678 { &hf_pktc_list_of_ciphersuites_len, {
679 "Number of Ciphersuites", "pktc.ciphers.len", FT_UINT8, BASE_DEC,
680 NULL, 0, NULL, HFILL }},
681 { &hf_pktc_snmpAuthenticationAlgorithm, {
682 "SNMPv3 Authentication Algorithm", "pktc.asd.snmp_auth_alg", FT_UINT8, BASE_HEX,
683 VALS(snmp_authentication_algorithm_vals), 0, NULL, HFILL }},
684 { &hf_pktc_snmpEncryptionTransformID, {
685 "SNMPv3 Encryption Transform ID", "pktc.asd.snmp_enc_alg", FT_UINT8, BASE_HEX,
686 VALS(snmp_transform_id_vals), 0, NULL, HFILL }},
687 { &hf_pktc_ipsecAuthenticationAlgorithm, {
688 "IPsec Authentication Algorithm", "pktc.asd.ipsec_auth_alg", FT_UINT8, BASE_HEX,
689 VALS(ipsec_authentication_algorithm_vals), 0, NULL, HFILL }},
690 { &hf_pktc_ipsecEncryptionTransformID, {
691 "IPsec Encryption Transform ID", "pktc.asd.ipsec_enc_alg", FT_UINT8, BASE_HEX,
692 VALS(ipsec_transform_id_vals), 0, NULL, HFILL }},
693 { &hf_pktc_snmpEngineID_len, {
694 "SNMPv3 Engine ID Length", "pktc.asd.snmp_engine_id.len", FT_UINT8, BASE_DEC,
695 NULL, 0, "Length of SNMPv3 Engine ID", HFILL }},
696 { &hf_pktc_snmpEngineID, {
697 "SNMPv3 Engine ID", "pktc.asd.snmp_engine_id", FT_BYTES, BASE_NONE,
698 NULL, 0, NULL, HFILL }},
699 { &hf_pktc_snmpEngineBoots, {
700 "SNMPv3 Engine Boots", "pktc.asd.snmp_engine_boots", FT_UINT32, BASE_DEC,
701 NULL, 0, NULL, HFILL }},
702 { &hf_pktc_snmpEngineTime, {
703 "SNMPv3 Engine Time", "pktc.asd.snmp_engine_time", FT_UINT32, BASE_DEC,
704 NULL, 0, "SNMPv3 Engine ID Time", HFILL }},
705 { &hf_pktc_usmUserName_len, {
706 "SNMPv3 USM User Name Length", "pktc.asd.snmp_usm_username.len", FT_UINT8, BASE_DEC,
707 NULL, 0, "Length of SNMPv3 USM User Name", HFILL }},
708 { &hf_pktc_usmUserName, {
709 "SNMPv3 USM User Name", "pktc.asd.snmp_usm_username", FT_STRING, BASE_NONE,
710 NULL, 0, NULL, HFILL }},
711 { &hf_pktc_ipsec_spi, {
712 "IPsec Security Parameter Index", "pktc.asd.ipsec_spi", FT_UINT32, BASE_HEX,
713 NULL, 0, "Security Parameter Index for inbound Security Association (IPsec)", HFILL }},
714 { &hf_pktc_reestablish_flag, {
715 "Re-establish Flag", "pktc.reestablish", FT_BOOLEAN, BASE_NONE,
716 NULL, 0x0, NULL, HFILL }},
717 { &hf_pktc_ack_required_flag, {
718 "ACK Required Flag", "pktc.ack_required", FT_BOOLEAN, BASE_NONE,
719 NULL, 0x0, NULL, HFILL }},
720 { &hf_pktc_sec_param_lifetime, {
721 "Security Parameter Lifetime", "pktc.spl", FT_UINT32, BASE_DEC,
722 NULL, 0, "Lifetime in seconds of security parameter", HFILL }},
723 { &hf_pktc_sha1_hmac, {
724 "SHA-1 HMAC", "pktc.sha1_hmac", FT_BYTES, BASE_NONE,
725 NULL, 0, NULL, HFILL }},
726 { &hf_pktc_grace_period, {
727 "Grace Period", "pktc.grace_period", FT_UINT32, BASE_DEC,
728 NULL, 0, "Grace Period in seconds", HFILL }},
729 };
730 static int *ett[] = {
731 &ett_pktc,
732 &ett_pktc_app_spec_data,
733 &ett_pktc_list_of_ciphersuites,
734 &ett_pktc_engineid,
735 &ett_pktc_version,
736 };
737
738 proto_pktc = proto_register_protocol("PacketCable", "PKTC", "pktc");
739 proto_register_field_array(proto_pktc, hf, array_length(hf));
740 proto_register_subtree_array(ett, array_length(ett));
741
742 pktc_handle = register_dissector("pktc", dissect_pktc, proto_pktc);
743 }
744
745 void
746 proto_reg_handoff_pktc(void)
747 {
748 dissector_add_uint_with_preference("udp.port", PKTC_PORT, pktc_handle);
749 }
750
751
752 void
753 proto_register_pktc_mtafqdn(void)
754 {
755 static hf_register_info hf[] = {
756 { &hf_pktc_mtafqdn_msgtype, {
757 "Message Type", "pktc.mtafqdn.msgtype", FT_UINT8, BASE_DEC,
758 VALS(pktc_mtafqdn_msgtype_vals), 0, "MTA FQDN Message Type", HFILL }},
759 { &hf_pktc_mtafqdn_enterprise, {
760 "Enterprise Number", "pktc.mtafqdn.enterprise", FT_UINT32, BASE_DEC,
761 NULL, 0, NULL, HFILL }},
762 { &hf_pktc_mtafqdn_version, {
763 "Protocol Version", "pktc.mtafqdn.version", FT_UINT8, BASE_DEC,
764 NULL, 0, "MTA FQDN Protocol Version", HFILL }},
765 /* MTA FQDN REQ */
766 { &hf_pktc_mtafqdn_mac, {
767 "MTA MAC address", "pktc.mtafqdn.mac", FT_ETHER, BASE_NONE,
768 NULL, 0, NULL, HFILL }},
769 { &hf_pktc_mtafqdn_pub_key_hash, {
770 "MTA Public Key Hash", "pktc.mtafqdn.pub_key_hash", FT_BYTES, BASE_NONE,
771 NULL, 0, "MTA Public Key Hash (SHA-1)", HFILL }},
772 { &hf_pktc_mtafqdn_manu_cert_revoked, {
773 "Manufacturer Cert Revocation Time", "pktc.mtafqdn.manu_cert_revoked", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
774 NULL, 0, "Manufacturer Cert Revocation Time (UTC) or 0 if not revoked", HFILL }},
775 /* MTA FQDN REP */
776 { &hf_pktc_mtafqdn_fqdn, {
777 "MTA FQDN", "pktc.mtafqdn.fqdn", FT_STRING, BASE_NONE,
778 NULL, 0, NULL, HFILL }},
779 { &hf_pktc_mtafqdn_ip, {
780 "MTA IP Address", "pktc.mtafqdn.ip", FT_IPv4, BASE_NONE,
781 NULL, 0, "MTA IP Address (all zeros if not supplied)", HFILL }},
782 };
783 static int *ett[] = {
784 &ett_pktc_mtafqdn,
785 };
786
787 static ei_register_info ei[] = {
788 { &ei_pktc_unknown_kmmid, { "pktc.mtafqdn.unknown_kmmid", PI_PROTOCOL, PI_WARN, "Unknown KMMID", EXPFILL }},
789 { &ei_pktc_unknown_doi, { "pktc.mtafqdn.unknown_doi", PI_PROTOCOL, PI_WARN, "Unknown DOI", EXPFILL }},
790 { &ei_pktc_unknown_kerberos_application, { "pktc.mtafqdn.unknown_kerberos_application", PI_PROTOCOL, PI_WARN, "Unknown Kerberos application", EXPFILL }},
791 };
792
793 expert_module_t* expert_pktc;
794
795 proto_pktc_mtafqdn = proto_register_protocol("PacketCable MTA FQDN", "PKTC MTA FQDN", "pktc.mtafqdn");
796
797 proto_register_field_array(proto_pktc_mtafqdn, hf, array_length(hf));
798 proto_register_subtree_array(ett, array_length(ett));
799 expert_pktc = expert_register_protocol(proto_pktc_mtafqdn);
800 expert_register_field_array(expert_pktc, ei, array_length(ei));
801
802 pktc_mtafqdn_handle = register_dissector("pktc.mtafqdn", dissect_pktc_mtafqdn, proto_pktc_mtafqdn);
803 }
804
805 void
806 proto_reg_handoff_pktc_mtafqdn(void)
807 {
808 dissector_add_uint_with_preference("udp.port", PKTC_MTAFQDN_PORT, pktc_mtafqdn_handle);
809 }
810
811 /*
812 * Editor modelines - https://www.wireshark.org/tools/modelines.html
813 *
814 * Local variables:
815 * c-basic-offset: 4
816 * tab-width: 8
817 * indent-tabs-mode: nil
818 * End:
819 *
820 * vi: set shiftwidth=4 tabstop=8 expandtab:
821 * :indentSize=4:tabSize=8:noTabs=true:
822 */
Metzes wireshark repo