2 * Routines for Baseline Privacy Key Management Attributes dissection
3 * Copyright 2002, Anand V. Narwani <anand[AT]narwani.org>
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
30 #include <epan/packet.h>
32 /* BPKM Attributes defined in:
33 * http://www.cablemodem.com/downloads/specs/SP-BPI+_I10-030730.pdf
35 #define BPKM_RESERVED 0
36 #define BPKM_SERIAL_NUM 1
37 #define BPKM_MANUFACTURER_ID 2
38 #define BPKM_MAC_ADDR 3
39 #define BPKM_RSA_PUB_KEY 4
41 #define BPKM_DISPLAY_STR 6
42 #define BPKM_AUTH_KEY 7
44 #define BPKM_KEY_LIFETIME 9
45 #define BPKM_KEY_SEQ_NUM 10
46 #define BPKM_HMAC_DIGEST 11
48 #define BPKM_TEK_PARAM 13
49 #define BPKM_OBSOLETED 14
50 #define BPKM_CBC_IV 15
51 #define BPKM_ERROR_CODE 16
52 #define BPKM_CA_CERT 17
53 #define BPKM_CM_CERT 18
54 #define BPKM_SEC_CAPABILITIES 19
55 #define BPKM_CRYPTO_SUITE 20
56 #define BPKM_CRYPTO_SUITE_LIST 21
57 #define BPKM_BPI_VERSION 22
58 #define BPKM_SA_DESCRIPTOR 23
59 #define BPKM_SA_TYPE 24
60 #define BPKM_SA_QUERY 25
61 #define BPKM_SA_QUERY_TYPE 26
62 #define BPKM_IP_ADDRESS 27
63 #define BPKM_DNLD_PARAMS 28
64 #define BPKM_VENDOR_DEFINED 127
66 /* Initialize the protocol and registered fields */
67 static int proto_docsis_bpkmattr = -1;
68 static int hf_docsis_bpkmattr_serial_num = -1;
69 static int hf_docsis_bpkmattr_manf_id = -1;
70 static int hf_docsis_bpkmattr_mac_addr = -1;
71 static int hf_docsis_bpkmattr_rsa_pub_key = -1;
72 static int hf_docsis_bpkmattr_cm_id = -1;
73 static int hf_docsis_bpkmattr_display_str = -1;
74 static int hf_docsis_bpkmattr_auth_key = -1;
75 static int hf_docsis_bpkmattr_tek = -1;
76 static int hf_docsis_bpkmattr_key_life = -1;
77 static int hf_docsis_bpkmattr_key_seq = -1;
78 static int hf_docsis_bpkmattr_hmac_digest = -1;
79 static int hf_docsis_bpkmattr_said = -1;
80 static int hf_docsis_bpkmattr_tek_params = -1;
81 static int hf_docsis_bpkmattr_cbc_iv = -1;
82 static int hf_docsis_bpkmattr_error_code = -1;
83 static int hf_docsis_bpkmattr_vendor_def = -1;
84 static int hf_docsis_bpkmattr_ca_cert = -1;
85 static int hf_docsis_bpkmattr_cm_cert = -1;
86 static int hf_docsis_bpkmattr_security_cap = -1;
87 static int hf_docsis_bpkmattr_crypto_suite = -1;
88 static int hf_docsis_bpkmattr_crypto_suite_list = -1;
89 static int hf_docsis_bpkmattr_bpi_version = -1;
90 static int hf_docsis_bpkmattr_sa_descr = -1;
91 static int hf_docsis_bpkmattr_sa_type = -1;
92 static int hf_docsis_bpkmattr_sa_query = -1;
93 static int hf_docsis_bpkmattr_sa_query_type = -1;
94 static int hf_docsis_bpkmattr_ip_address = -1;
95 static int hf_docsis_bpkmattr_download_param = -1;
99 /* Initialize the subtree pointers */
100 static gint ett_docsis_bpkmattr = -1;
101 static gint ett_docsis_bpkmattr_cmid = -1;
102 static gint ett_docsis_bpkmattr_scap = -1;
103 static gint ett_docsis_bpkmattr_tekp = -1;
104 static gint ett_docsis_bpkmattr_sadsc = -1;
105 static gint ett_docsis_bpkmattr_saqry = -1;
106 static gint ett_docsis_bpkmattr_dnld = -1;
109 static const value_string error_code_vals[] = {
110 {0, "no information"},
111 {1, "Unauthorized CM"},
112 {2, "Unauthorized SAID"},
114 {4, "Invalid Key Sequence Number"},
115 {5, "Key Request authentication failure"},
116 {6, "Permanent Authorization Failure"},
117 {7, "Not authorized for requested downstream traffic flow"},
118 {8, "Downstream traffic flow not mapped to BPI+ SAID"},
119 {9, "Time of day not acquired"},
123 static const value_string crypto_suite_attr_vals[] = {
124 {0x0100, "CBC Mode, 56 Bit DES & no Data Authentication"},
125 {0x0200, "CBC Mode, 40 Bit DES & no Data Authentication"},
129 static const value_string bpi_ver_vals[] = {
135 /* Code to actually dissect the packets */
137 /* The dissect_attrs() function does the actual work to dissect the
138 * attributes. It's called recursively, to dissect embedded attributes
141 dissect_attrs (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree)
147 proto_item *cmid_it, *tekp_it, *scap_it;
148 proto_item *saqry_it, *dnld_it, *sadsc_it;
149 proto_tree *cmid_tree, *tekp_tree, *scap_tree;
150 proto_tree *saqry_tree, *dnld_tree, *sadsc_tree;
151 tvbuff_t *cmid_tvb, *tekp_tvb, *scap_tvb;
152 tvbuff_t *saqry_tvb, *dnld_tvb, *sadsc_tvb;
154 total_len = tvb_reported_length_remaining (tvb, 0);
155 while (pos < total_len)
157 type = tvb_get_guint8 (tvb, pos++);
158 length = tvb_get_ntohs (tvb, pos);
164 case BPKM_SERIAL_NUM:
165 proto_tree_add_item (tree, hf_docsis_bpkmattr_serial_num, tvb, pos,
168 case BPKM_MANUFACTURER_ID:
170 proto_tree_add_item (tree, hf_docsis_bpkmattr_manf_id, tvb, pos,
173 THROW (ReportedBoundsError);
177 proto_tree_add_item (tree, hf_docsis_bpkmattr_mac_addr, tvb, pos,
180 THROW (ReportedBoundsError);
182 case BPKM_RSA_PUB_KEY:
183 proto_tree_add_item (tree, hf_docsis_bpkmattr_rsa_pub_key, tvb, pos,
188 proto_tree_add_text (tree, tvb, pos, length,
189 "5 CM Identification");
191 proto_item_add_subtree (cmid_it, ett_docsis_bpkmattr_cmid);
192 cmid_tvb = tvb_new_subset (tvb, pos, length, length);
193 dissect_attrs (cmid_tvb, pinfo, cmid_tree);
195 case BPKM_DISPLAY_STR:
196 proto_tree_add_item (tree, hf_docsis_bpkmattr_display_str, tvb, pos,
200 if ((length == 96) || (length == 128))
201 proto_tree_add_item (tree, hf_docsis_bpkmattr_auth_key, tvb, pos,
204 THROW (ReportedBoundsError);
208 proto_tree_add_item (tree, hf_docsis_bpkmattr_tek, tvb, pos,
211 THROW (ReportedBoundsError);
213 case BPKM_KEY_LIFETIME:
215 proto_tree_add_item (tree, hf_docsis_bpkmattr_key_life, tvb, pos,
218 THROW (ReportedBoundsError);
220 case BPKM_KEY_SEQ_NUM:
222 proto_tree_add_item (tree, hf_docsis_bpkmattr_key_seq, tvb, pos,
225 THROW (ReportedBoundsError);
227 case BPKM_HMAC_DIGEST:
229 proto_tree_add_item (tree, hf_docsis_bpkmattr_hmac_digest, tvb,
232 THROW (ReportedBoundsError);
236 proto_tree_add_item (tree, hf_docsis_bpkmattr_said, tvb, pos,
239 THROW (ReportedBoundsError);
243 proto_tree_add_text (tree, tvb, pos, length, "13 TEK Parameters");
245 proto_item_add_subtree (tekp_it, ett_docsis_bpkmattr_tekp);
246 tekp_tvb = tvb_new_subset (tvb, pos, length, length);
247 dissect_attrs (tekp_tvb, pinfo, tekp_tree);
253 proto_tree_add_item (tree, hf_docsis_bpkmattr_cbc_iv, tvb, pos,
256 THROW (ReportedBoundsError);
258 case BPKM_ERROR_CODE:
260 proto_tree_add_item (tree, hf_docsis_bpkmattr_error_code, tvb,
263 THROW (ReportedBoundsError);
266 proto_tree_add_item (tree, hf_docsis_bpkmattr_ca_cert, tvb, pos,
270 proto_tree_add_item (tree, hf_docsis_bpkmattr_cm_cert, tvb, pos,
273 case BPKM_SEC_CAPABILITIES:
275 proto_tree_add_text (tree, tvb, pos, length,
276 "19 Security Capabilities");
278 proto_item_add_subtree (scap_it, ett_docsis_bpkmattr_scap);
279 scap_tvb = tvb_new_subset (tvb, pos, length, length);
280 dissect_attrs (scap_tvb, pinfo, scap_tree);
282 case BPKM_CRYPTO_SUITE:
284 proto_tree_add_item (tree, hf_docsis_bpkmattr_crypto_suite, tvb,
287 THROW (ReportedBoundsError);
289 case BPKM_CRYPTO_SUITE_LIST:
290 proto_tree_add_item (tree, hf_docsis_bpkmattr_crypto_suite_list,
291 tvb, pos, length, FALSE);
293 case BPKM_BPI_VERSION:
295 proto_tree_add_item (tree, hf_docsis_bpkmattr_bpi_version, tvb,
298 THROW (ReportedBoundsError);
300 case BPKM_SA_DESCRIPTOR:
302 proto_tree_add_text (tree, tvb, pos, length, "23 SA Descriptor");
304 proto_item_add_subtree (sadsc_it, ett_docsis_bpkmattr_sadsc);
305 sadsc_tvb = tvb_new_subset (tvb, pos, length, length);
306 dissect_attrs (sadsc_tvb, pinfo, sadsc_tree);
310 proto_tree_add_item (tree, hf_docsis_bpkmattr_sa_type, tvb, pos,
313 THROW (ReportedBoundsError);
317 proto_tree_add_text (tree, tvb, pos, length, "25 SA Query");
319 proto_item_add_subtree (saqry_it, ett_docsis_bpkmattr_saqry);
320 saqry_tvb = tvb_new_subset (tvb, pos, length, length);
321 dissect_attrs (saqry_tvb, pinfo, saqry_tree);
323 case BPKM_SA_QUERY_TYPE:
325 proto_tree_add_item (tree, hf_docsis_bpkmattr_sa_query_type, tvb,
328 THROW (ReportedBoundsError);
330 case BPKM_IP_ADDRESS:
332 proto_tree_add_item (tree, hf_docsis_bpkmattr_ip_address, tvb,
335 THROW (ReportedBoundsError);
337 case BPKM_VENDOR_DEFINED:
338 proto_tree_add_item (tree, hf_docsis_bpkmattr_vendor_def, tvb, pos,
340 case BPKM_DNLD_PARAMS:
342 proto_tree_add_text (tree, tvb, pos, length,
343 "28 Download Parameters");
345 proto_item_add_subtree (dnld_it, ett_docsis_bpkmattr_dnld);
346 dnld_tvb = tvb_new_subset (tvb, pos, length, length);
347 dissect_attrs (dnld_tvb, pinfo, dnld_tree);
350 proto_tree_add_item (tree, hf_docsis_bpkmattr_vendor_def, tvb, pos,
354 pos += length; /* switch */
359 dissect_bpkmattr (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree)
363 proto_tree *bpkmattr_tree;
368 proto_tree_add_protocol_format (tree, proto_docsis_bpkmattr, tvb, 0, -1,
370 bpkmattr_tree = proto_item_add_subtree (it, ett_docsis_bpkmattr);
371 dissect_attrs (tvb, pinfo, bpkmattr_tree);
378 /* Register the protocol with Wireshark */
380 /* this format is require because a script is used to build the C function
381 that calls all the protocol registration.
386 proto_register_docsis_bpkmattr (void)
389 /* Setup list of header fields See Section 1.6.1 for details*/
390 static hf_register_info hf[] = {
391 {&hf_docsis_bpkmattr_serial_num,
392 {"1 Serial Number", "docsis_bpkmattr.serialnum",
393 FT_STRING, BASE_NONE, NULL, 0x0,
394 "Serial Number", HFILL}
396 {&hf_docsis_bpkmattr_manf_id,
397 {"2 Manufacturer Id", "docsis_bpkmattr.manfid",
398 FT_BYTES, BASE_NONE, NULL, 0x0,
399 "Manufacturer Id", HFILL}
401 {&hf_docsis_bpkmattr_mac_addr,
402 {"3 Mac Address", "docsis_bpkmattr.macaddr",
403 FT_ETHER, BASE_NONE, NULL, 0x0,
404 "Mac Address", HFILL}
406 {&hf_docsis_bpkmattr_rsa_pub_key,
407 {"4 RSA Public Key", "docsis_bpkmattr.rsa_pub_key",
408 FT_BYTES, BASE_NONE, NULL, 0x0,
409 "RSA Public Key", HFILL}
411 {&hf_docsis_bpkmattr_cm_id,
412 {"5 CM Identification", "docsis_bpkmattr.cmid",
413 FT_BYTES, BASE_NONE, NULL, 0x0,
414 "CM Identification", HFILL}
416 {&hf_docsis_bpkmattr_display_str,
417 {"6 Display String", "docsis_bpkmattr.dispstr",
418 FT_STRING, BASE_NONE, NULL, 0x0,
419 "Display String", HFILL}
421 {&hf_docsis_bpkmattr_auth_key,
422 {"7 Auth Key", "docsis_bpkmattr.auth_key",
423 FT_BYTES, BASE_NONE, NULL, 0x0,
426 {&hf_docsis_bpkmattr_tek,
427 {"8 Traffic Encryption Key", "docsis_bpkmattr.tek",
428 FT_BYTES, BASE_NONE, NULL, 0x0,
429 "Traffic Encryption Key", HFILL}
431 {&hf_docsis_bpkmattr_key_life,
432 {"9 Key Lifetime (s)", "docsis_bpkmattr.keylife",
433 FT_UINT32, BASE_DEC, NULL, 0x0,
434 "Key Lifetime (s)", HFILL}
436 {&hf_docsis_bpkmattr_key_seq,
437 {"10 Key Sequence Number", "docsis_bpkmattr.keyseq",
438 FT_UINT8, BASE_DEC, NULL, 0x0,
439 "Key Sequence Number", HFILL}
441 {&hf_docsis_bpkmattr_hmac_digest,
442 {"11 HMAC Digest", "docsis_bpkmattr.hmacdigest",
443 FT_BYTES, BASE_NONE, NULL, 0x0,
444 "HMAC Digest", HFILL}
446 {&hf_docsis_bpkmattr_said,
447 {"12 SAID", "docsis_bpkmattr.said",
448 FT_UINT16, BASE_DEC, NULL, 0x0,
449 "Security Association ID", HFILL}
451 {&hf_docsis_bpkmattr_tek_params,
452 {"13 TEK Parameters", "docsis_bpkmattr.tekparams",
453 FT_BYTES, BASE_NONE, NULL, 0x0,
454 "TEK Parameters", HFILL}
456 {&hf_docsis_bpkmattr_cbc_iv,
457 {"14 CBC IV", "docsis_bpkmattr.cbciv",
458 FT_BYTES, BASE_NONE, NULL, 0x0,
459 "Cypher Block Chaining", HFILL}
461 {&hf_docsis_bpkmattr_error_code,
462 {"16 Error Code", "docsis_bpkmattr.errcode",
463 FT_UINT8, BASE_DEC, VALS (error_code_vals), 0x0,
466 {&hf_docsis_bpkmattr_vendor_def,
467 {"127 Vendor Defined", "docsis_bpkmattr.vendordef",
468 FT_BYTES, BASE_NONE, NULL, 0x0,
469 "Vendor Defined", HFILL}
471 {&hf_docsis_bpkmattr_ca_cert,
472 {"17 CA Certificate", "docsis_bpkmattr.cacert",
473 FT_BYTES, BASE_NONE, NULL, 0x0,
474 "CA Certificate", HFILL}
476 {&hf_docsis_bpkmattr_cm_cert,
477 {"18 CM Certificate", "docsis_bpkmattr.cmcert",
478 FT_BYTES, BASE_NONE, NULL, 0x0,
479 "CM Certificate", HFILL}
481 {&hf_docsis_bpkmattr_security_cap,
482 {"19 Security Capabilities", "docsis_bpkmattr.seccap",
483 FT_BYTES, BASE_NONE, NULL, 0x0,
484 "Security Capabilities", HFILL}
486 {&hf_docsis_bpkmattr_crypto_suite,
487 {"20 Cryptographic Suite", "docsis_bpkmattr.cryptosuite",
488 FT_UINT16, BASE_HEX, VALS(crypto_suite_attr_vals), 0x0,
489 "Cryptographic Suite", HFILL}
491 {&hf_docsis_bpkmattr_crypto_suite_list,
492 {"21 Cryptographic Suite List", "docsis_bpkmattr.crypto_suite_lst",
493 FT_BYTES, BASE_NONE, NULL, 0x0,
494 "Cryptographic Suite", HFILL}
496 {&hf_docsis_bpkmattr_bpi_version,
497 {"22 BPI Version", "docsis_bpkmattr.bpiver",
498 FT_UINT8, BASE_DEC, VALS (bpi_ver_vals), 0x0,
499 "BPKM Attributes", HFILL}
501 {&hf_docsis_bpkmattr_sa_descr,
502 {"23 SA Descriptor", "docsis_bpkmattr.sadescr",
503 FT_BYTES, BASE_NONE, NULL, 0x0,
504 "SA Descriptor", HFILL}
506 {&hf_docsis_bpkmattr_sa_type,
507 {"24 SA Type", "docsis_bpkmattr.satype",
508 FT_UINT8, BASE_DEC, NULL, 0x0,
511 {&hf_docsis_bpkmattr_sa_query,
512 {"25 SA Query", "docsis_bpkmattr.saquery",
513 FT_BYTES, BASE_NONE, NULL, 0x0,
516 {&hf_docsis_bpkmattr_sa_query_type,
517 {"26 SA Query Type", "docsis_bpkmattr.saquery_type",
518 FT_UINT8, BASE_HEX, NULL, 0x0,
519 "SA Query Type", HFILL}
521 {&hf_docsis_bpkmattr_ip_address,
522 {"27 IP Address", "docsis_bpkmattr.ipaddr",
523 FT_IPv4, BASE_NONE, NULL, 0x0,
526 {&hf_docsis_bpkmattr_download_param,
527 {"28 Download Parameters", "docsis_bpkmattr.dnld_params",
528 FT_BYTES, BASE_NONE, NULL, 0x0,
529 "Download Parameters", HFILL}
533 /* Setup protocol subtree array */
534 static gint *ett[] = {
535 &ett_docsis_bpkmattr,
536 &ett_docsis_bpkmattr_cmid,
537 &ett_docsis_bpkmattr_scap,
538 &ett_docsis_bpkmattr_tekp,
539 &ett_docsis_bpkmattr_sadsc,
540 &ett_docsis_bpkmattr_saqry,
541 &ett_docsis_bpkmattr_dnld
544 /* Register the protocol name and description */
545 proto_docsis_bpkmattr =
546 proto_register_protocol
547 ("DOCSIS Baseline Privacy Key Management Attributes", "DOCSIS BPKM-ATTR",
550 /* Required function calls to register the header fields and subtrees used */
551 proto_register_field_array (proto_docsis_bpkmattr, hf, array_length (hf));
552 proto_register_subtree_array (ett, array_length (ett));
554 register_dissector ("docsis_bpkmattr", dissect_bpkmattr,
555 proto_docsis_bpkmattr);
559 /* If this dissector uses sub-dissector registration add a registration routine.
560 This format is required because a script is used to find these routines and
561 create the code that calls these routines.
564 proto_reg_handoff_docsis_bpkmattr (void)
566 dissector_handle_t docsis_bpkmattr_handle;
568 docsis_bpkmattr_handle = find_dissector ("docsis_bpkmattr");
569 dissector_add ("docsis", 0xFE, docsis_bpkmattr_handle);