summaryrefslogtreecommitdiff
path: root/generate-wireshark-cs
diff options
context:
space:
mode:
authorPeter Wu <lekensteyn@gmail.com>2013-09-15 15:53:33 +0200
committerPeter Wu <lekensteyn@gmail.com>2013-09-15 15:53:33 +0200
commitccf0451930c1335c894af246ba53c3e215549a96 (patch)
tree0c118997205addaee195b92ed637435bc97f789a /generate-wireshark-cs
parent68895b06916fa6d745173ef1d5b918241cdbe7f0 (diff)
downloadwireshark-notes-ccf0451930c1335c894af246ba53c3e215549a96.tar.gz
generate-wireshark-cs: support export, IDEA, DES, RC2
And also support reading suites.txt (generated from IANA's CSV[1]). Not supported are SRP, KRB5, PSK, ARIA and CCM. Suggested usage: grep -vE '_(SRP|KRB5|PSK|ARIA)_|_CCM(_|$)' suites.txt | ./generate-wireshark-cs [1]: http://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv
Diffstat (limited to 'generate-wireshark-cs')
-rwxr-xr-xgenerate-wireshark-cs78
1 files changed, 60 insertions, 18 deletions
diff --git a/generate-wireshark-cs b/generate-wireshark-cs
index 65c4503..b746039 100755
--- a/generate-wireshark-cs
+++ b/generate-wireshark-cs
@@ -4,24 +4,45 @@
set -u
+warn() {
+ local cb= ce=
+
+ # add color only if printing to terminal
+ if [ -t 2 ]; then
+ cb='\e[1;91m' # bright red
+ ce='\e[m'
+ fi
+
+ printf "$cb%s$ce\n" "$*" >&2
+}
+
p() {
- local tmp kex sig keysize dig diglen mode us_export blocksize
+ local tmp kex sig keysize exp_keysize=0 dig diglen mode us_export blocksize hexid
[ $# -gt 0 ] || return
num=$(($2*0x100 + $3))
+ hexid=000$(echo "obase=16;$num" | bc)
+ hexid=0x${hexid: -4}
+
+ # ignore TLS_NULL_WITH_NULL_NULL and TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+ case $hexid in
+ 0x0000|0x00FF) return ;;
+ esac
tmp=${1%%_WITH_*}
+ tmp=${tmp%_EXPORT}
tmp=${tmp#TLS_}
case $tmp in
RSA) kex=RSA ;;
DH_*|DHE_*) kex=DH ;;
ECDH_*|ECDHE_*) kex=DH ;;
*)
- echo "Unknown kex in $1 (tmp=$tmp)" >&2
+ warn "Unknown kex in $hexid $1 (tmp=$tmp)"
return
;;
esac
tmp=${1%%_WITH_*}
+ tmp=${tmp%_EXPORT}
tmp=${tmp#TLS_}
tmp=${tmp#EC}
tmp=${tmp#DH_}
@@ -31,7 +52,7 @@ p() {
ECDSA) sig=DSS ;;
anon) sig=NONE ;;
*)
- echo "Unknown sig in $1 (tmp=$tmp)" >&2
+ warn "Unknown sig in $hexid $1 (tmp=$tmp)"
return
;;
esac
@@ -39,36 +60,44 @@ p() {
# HACK HACK HACK
tmp=${1#*WITH_}
cipher=${tmp%%_*}
+ tmp=${tmp/_CBC_/_}
tmp=${tmp#${cipher}_} # now continue for keysize
keysize=${tmp%%_*}
[[ $keysize != [0-9]* ]] || cipher=$cipher$keysize
case $cipher in
+ RC[24]40) keysize=128; exp_keysize=40 ;;
*128|*256) ;;
- SEED) keysize=128 ;;
+ SEED|IDEA) keysize=128 ;;
NULL) keysize=0 ;;
+ DES) keysize=64 ;;
+ DES40) keysize=64; exp_keysize=40 ;;
3DES)
if [[ $keysize == EDE ]]; then
keysize=192
else
- echo "Invalid keysize in $1 (cipher=$cipher, keysize=$keysize)" >&2
+ warn "Invalid keysize in $hexid $1 (cipher=$cipher, keysize=$keysize)"
#return
fi
;;
*)
- echo "Invalid keysize in $1 (cipher=$cipher, keysize=$keysize)" >&2
- #return
+ warn "Invalid keysize in $hexid $1 (cipher=$cipher, keysize=$keysize)"
+ return
;;
esac
+ # assume same size for actual and algorithm key size
+ [ $exp_keysize -gt 0 ] || exp_keysize=$keysize
case $cipher in
AES128)
cipher=AES
;;
- DES|3DES|RC4|RC2|IDEA|AES256|CAMELLIA128|CAMELLIA256|NULL) ;;
+ DES|3DES|RC4|RC2|IDEA|AES256|CAMELLIA128|CAMELLIA256|NULL|IDEA) ;;
+ DES40) cipher=DES ;;
SEED*) cipher=SEED ;;
- RC4128) cipher=RC4 ;;
+ RC240) cipher=RC2 ;;
+ RC440|RC4128) cipher=RC4 ;;
*)
- echo "Unknown cipher $cipher" >&2
+ warn "Unknown cipher $cipher in $hexid $1"
return
;;
esac
@@ -76,12 +105,14 @@ p() {
case $cipher in
AES|AES256|CAMELLIA128|CAMELLIA256|SEED)
blocksize=16 ;;
- DES|3DES)
+ DES|3DES|IDEA)
blocksize=8 ;;
- RC2|RC4|NULL)
+ RC2)
+ blocksize=8 ;;
+ RC4|NULL)
blocksize=1 ;;
*)
- echo "Unknown cipher $cipher" >&2
+ warn "Unknown cipher $cipher in $hexid $1"
return
;;
esac
@@ -93,35 +124,46 @@ p() {
SHA256) diglen=32 ;;
SHA384) diglen=48 ;;
*)
- echo "Unknown dig in $1 (dig=$dig)" >&2
+ warn "Unknown dig in $hexid $1 (dig=$dig)"
return
;;
esac
us_export=0
+ if [[ $1 == *_EXPORT_* ]]; then
+ us_export=1
+ [ $exp_keysize -lt $keysize ] || \
+ warn "Export cipher, actual keysize may not be accurate: $hexid $1"
+ fi
# mode=STREAM
case $cipher in
- AES|AES256|DES|3DES|CAMELLIA128|CAMELLIA256|SEED)
+ AES|AES256|DES|3DES|CAMELLIA128|CAMELLIA256|SEED|IDEA)
mode=CBC ;;
RC2|RC4|NULL)
mode=STREAM ;;
*)
- echo "Unknown mode in $1 (cipher=$cipher)" >&2
+ warn "Unknown mode in $hexid $1 (cipher=$cipher)"
return
;;
esac
cat <<EOF
- {$num,KEX_$kex,SIG_$sig,ENC_$cipher,$blocksize,$keysize,$keysize,DIG_$dig,$diglen,$us_export, SSL_CIPHER_MODE_$mode}, /* $1 */
+ {$num,KEX_$kex,SIG_$sig,ENC_$cipher,$blocksize,$keysize,$exp_keysize,DIG_$dig,$diglen,$us_export, SSL_CIPHER_MODE_$mode}, /* $1 */
EOF
}
# expects a line like:
# CipherSuite TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x41 };
sed 's/CipherSuite//;s/,/ /g' | grep -v '^[ \t]*$' | tr -d '={};' | while read name n1 n2 rem; do
+ # for <number> <name>, like suites.txt
+ if [ -z "$n2$rem" ] && [[ $name =~ ^[0-9]+|0[Xx][0-9a-fA-F]$ ]]; then
+ p "$n1" 0 "$name"
+ continue
+ fi
+
if [ -n "$rem" ]; then
- echo "Error! Invalid line: $name $n1 $n2 $rem" >&2
+ warn "Error! Invalid line: $name $n1 $n2 $rem"
continue
fi
p "$name" "$n1" "$n2"
generated by cgit v1.2.1 (git 2.18.0) at 2024-04-25 16:56:09 +0000