From d697faf7ded0c279954dad247a02516b40f89347 Mon Sep 17 00:00:00 2001 From: Peter Wu Date: Sat, 14 Sep 2013 23:13:48 +0200 Subject: Initial commit of notes, dumps and scripts --- generate-wireshark-cs | 160 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100755 generate-wireshark-cs (limited to 'generate-wireshark-cs') diff --git a/generate-wireshark-cs b/generate-wireshark-cs new file mode 100755 index 0000000..65c4503 --- /dev/null +++ b/generate-wireshark-cs @@ -0,0 +1,160 @@ +#!/bin/bash +# Quick 'n' dirty generator for extending wireshark cipher suites +# Author: Peter Wu + +set -u + +p() { + local tmp kex sig keysize dig diglen mode us_export blocksize + [ $# -gt 0 ] || return + num=$(($2*0x100 + $3)) + + tmp=${1%%_WITH_*} + tmp=${tmp#TLS_} + case $tmp in + RSA) kex=RSA ;; + DH_*|DHE_*) kex=DH ;; + ECDH_*|ECDHE_*) kex=DH ;; + *) + echo "Unknown kex in $1 (tmp=$tmp)" >&2 + return + ;; + esac + + tmp=${1%%_WITH_*} + tmp=${tmp#TLS_} + tmp=${tmp#EC} + tmp=${tmp#DH_} + tmp=${tmp#DHE_} + case $tmp in + RSA|DSS) sig=$tmp ;; + ECDSA) sig=DSS ;; + anon) sig=NONE ;; + *) + echo "Unknown sig in $1 (tmp=$tmp)" >&2 + return + ;; + esac + + # HACK HACK HACK + tmp=${1#*WITH_} + cipher=${tmp%%_*} + tmp=${tmp#${cipher}_} # now continue for keysize + keysize=${tmp%%_*} + [[ $keysize != [0-9]* ]] || cipher=$cipher$keysize + case $cipher in + *128|*256) ;; + SEED) keysize=128 ;; + NULL) keysize=0 ;; + 3DES) + if [[ $keysize == EDE ]]; then + keysize=192 + else + echo "Invalid keysize in $1 (cipher=$cipher, keysize=$keysize)" >&2 + #return + fi + ;; + *) + echo "Invalid keysize in $1 (cipher=$cipher, keysize=$keysize)" >&2 + #return + ;; + esac + + case $cipher in + AES128) + cipher=AES + ;; + DES|3DES|RC4|RC2|IDEA|AES256|CAMELLIA128|CAMELLIA256|NULL) ;; + SEED*) cipher=SEED ;; + RC4128) cipher=RC4 ;; + *) + echo "Unknown cipher $cipher" >&2 + return + ;; + esac + + case $cipher in + AES|AES256|CAMELLIA128|CAMELLIA256|SEED) + blocksize=16 ;; + DES|3DES) + blocksize=8 ;; + RC2|RC4|NULL) + blocksize=1 ;; + *) + echo "Unknown cipher $cipher" >&2 + return + ;; + esac + + dig=${1##*_} + case $dig in + MD5) diglen=16 ;; + SHA) diglen=20 ;; + SHA256) diglen=32 ;; + SHA384) diglen=48 ;; + *) + echo "Unknown dig in $1 (dig=$dig)" >&2 + return + ;; + esac + + us_export=0 + + # mode=STREAM + case $cipher in + AES|AES256|DES|3DES|CAMELLIA128|CAMELLIA256|SEED) + mode=CBC ;; + RC2|RC4|NULL) + mode=STREAM ;; + *) + echo "Unknown mode in $1 (cipher=$cipher)" >&2 + return + ;; + esac + +cat <&2 + continue + fi + p "$name" "$n1" "$n2" +done +exit + +# from http://tools.ietf.org/html/rfc5932, Proposed Cipher Suites + +p TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x00 0x41 +p TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x00 0x42 +p TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x00 0x43 +p TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x00 0x44 +p TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x00 0x45 +p TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x00 0x46 +p +p TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x00 0x84 +p TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x00 0x85 +p TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x00 0x86 +p TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x00 0x87 +p TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x00 0x88 +p TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x00 0x89 +p +p +p TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x00 0xBA +p TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x00 0xBB +p TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x00 0xBC +p TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x00 0xBD +p TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x00 0xBE +p TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 0x00 0xBF +p +p TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x00 0xC0 +p TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x00 0xC1 +p TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x00 0xC2 +p TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x00 0xC3 +p TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x00 0xC4 +p TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 0x00 0xC5 -- cgit v1.2.1