Skip to content

Instantly share code, notes, and snippets.

@Lekensteyn

Lekensteyn/generate-wireshark-cs

Created September 12, 2013 23:54
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Lekensteyn/6545354 to your computer and use it in GitHub Desktop.
Save Lekensteyn/6545354 to your computer and use it in GitHub Desktop.
Download ZIP
helper for adding new cipher suites to wireshark (resulting code is for Wireshark 1.10.2)
Raw
generate-wireshark-cs
#!/bin/bash
# Quick 'n' dirty generator for extending wireshark cipher suites
# Author: Peter Wu <lekensteyn@gmail.com>
p() {
local tmp kex sig keysize dig diglen
[ $# -gt 0 ] || return
num=$(($2*0x100 + $3))
tmp=${1%%_WITH_*}
tmp=${tmp#TLS_}
case $tmp in
RSA) kex=RSA ;;
DH_*|DHE_*) kex=DH ;;
ECDH_*|ECDHE_*) kex=DH ;;
*)
echo "Unknown kex in $1 (tmp=$tmp)" >&2
return
;;
esac
tmp=${1%%_WITH_*}
tmp=${tmp#TLS_}
tmp=${tmp#EC}
tmp=${tmp#DH_}
tmp=${tmp#DHE_}
case $tmp in
RSA|DSS) sig=$tmp ;;
ECDSA) sig=DSS ;;
anon) sig=NONE ;;
*)
echo "Unknown sig in $1 (tmp=$tmp)" >&2
return
;;
esac
# HACK HACK HACK
tmp=${1#*WITH_}
cipher=${tmp%%_*}
tmp=${tmp#${cipher}_} # now continue for keysize
keysize=${tmp%%_*}
case $keysize in
128|256) ;;
*)
echo "Invalid keysize in $1 (tmp=$tmp, keysize=$keysize)" >&2
#return
;;
esac
# HACK HACK HACK
cipher=$cipher$keysize
case $cipher in
AES128) cipher=AES ;;
DES|3DES|RC4|RC2|IDEA|AES256|CAMELLIA128|CAMELLIA256|NULL) ;;
*)
echo "Unknown cipher $cipher" >&2
return
;;
esac
dig=${1##*_}
case $dig in
MD5) diglen=16 ;;
SHA) diglen=20 ;;
SHA256) diglen=32 ;;
SHA384) diglen=48 ;;
*)
echo "Unknown dig in $1 (dig=$dig)" >&2
return
;;
esac
if ! [[ $1 == *_CBC_* ]]; then
echo "Not CBC mode in $1" >&2
return
fi
cat <<EOF
{$num,KEX_$kex,SIG_$sig,ENC_$cipher,16,$keysize,$keysize,DIG_$dig,$diglen,0, SSL_CIPHER_MODE_CBC}, /* $1 */
EOF
}
# expects a line like:
# CipherSuite TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x41 };
sed 's/CipherSuite//;s/,/ /g' | tr -d '={};' | while read name n1 n2 rem; do
if [ -n "$rem" ]; then
echo "Error! Invalid line: $name $n1 $n2 $rem" >&2
continue
fi
p "$name" "$n1" "$n2"
done
exit
# from http://tools.ietf.org/html/rfc5932, Proposed Cipher Suites
p TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x00 0x41
p TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x00 0x42
p TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x00 0x43
p TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x00 0x44
p TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x00 0x45
p TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x00 0x46
p
p TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x00 0x84
p TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x00 0x85
p TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x00 0x86
p TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x00 0x87
p TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x00 0x88
p TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x00 0x89
p
p
p TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x00 0xBA
p TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x00 0xBB
p TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x00 0xBC
p TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x00 0xBD
p TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x00 0xBE
p TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 0x00 0xBF
p
p TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x00 0xC0
p TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x00 0xC1
p TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x00 0xC2
p TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x00 0xC3
p TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x00 0xC4
p TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 0x00 0xC5
@Lekensteyn
Copy link
Author

Updated version is available at
https://git.lekensteyn.nl/peter/wireshark-notes/tree/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment