support exporting decrypted DVB-CI/CI+ SAC messages

using the new export PDU mechanism svn path=/trunk/; revision=51019
author: Martin Kaiser <wireshark@kaiser.cx> 2013-07-29 20:38:20 +0000
committer: Martin Kaiser <wireshark@kaiser.cx> 2013-07-29 20:38:20 +0000
commit: 174fa28a3152efd151023c574cedb0f131bb3860 (patch)
tree: 60532197bcba6d79f744b4b0480cca551d731af9 /epan/dissectors/packet-dvbci.c
parent: 56bf58dce39b5d34c2ecad5a883a1201599c15b2 (diff)
1 files changed, 215 insertions, 108 deletions
diff --git a/epan/dissectors/packet-dvbci.c b/epan/dissectors/packet-dvbci.c
index d17b18ee10..a86f023ed6 100644
--- a/epan/dissectors/packet-dvbci.c
+++ b/epan/dissectors/packet-dvbci.c
@@ -37,10 +37,13 @@
 #include <epan/addr_resolv.h>
 #include <epan/circuit.h>
 #include <epan/packet.h>
+#include <epan/exported_pdu.h>
 #include <epan/reassemble.h>
 #include <epan/prefs.h>
+#include <epan/tap.h>
 #include <epan/expert.h>
 #include <epan/asn1.h>
+#include <epan/dissectors/packet-dvbci.h>
 #include <epan/dissectors/packet-mpeg-descriptor.h>
 #include <epan/dissectors/packet-x509af.h>
 #include <epan/dissectors/packet-x509ce.h>
@@ -55,17 +58,14 @@
 #define AES_BLOCK_LEN 16
 #define AES_KEY_LEN 16
 
-/* event byte in the pseudo-header */
-#define DATA_CAM_TO_HOST  0xFF
-#define DATA_HOST_TO_CAM  0xFE
-#define CIS_READ          0xFD
-#define COR_WRITE         0xFC
-#define HW_EVT            0xFB
+#define EXPORTED_SAC_MSG_PROTO "CI+ SAC message"
 
-#define IS_DATA_TRANSFER(e) (e==DATA_CAM_TO_HOST || e==DATA_HOST_TO_CAM)
+#define IS_DATA_TRANSFER(e) (e==DVBCI_EVT_DATA_CAM_TO_HOST || e==DVBCI_EVT_DATA_HOST_TO_CAM)
 
-/* for [as]pdu_info_t when the message is allowed in either direction */
-#define DIRECTION_ANY 0x0
+/* direction of data transfer in [as]pdu_info_t and elsewhere */
+#define DATA_CAM_TO_HOST  DVBCI_EVT_DATA_CAM_TO_HOST
+#define DATA_HOST_TO_CAM  DVBCI_EVT_DATA_HOST_TO_CAM
+#define DIRECTION_ANY     0x0
 
 /* source/destination address field */
 #define ADDR_HOST "Host"
@@ -329,6 +329,8 @@
 #define CC_STATUS_CICAM_BUSY            0x4
 #define CC_STATUS_REC_MODE_ERR          0x5
 
+#define SAC_MSG_HDR_LEN 8
+
 #define CC_SAC_AUTH_AES128_XCBC_MAC 0x0
 #define CC_SAC_ENC_AES128_CBC       0x0
 
@@ -794,6 +796,8 @@ static dissector_handle_t dvb_nit_handle;
 static dissector_table_t tcp_dissector_table;
 static dissector_table_t udp_dissector_table;
 
+static gint exported_pdu_tap = -1;
+
 static gint ett_dvbci = -1;
 static gint ett_dvbci_hdr = -1;
 static gint ett_dvbci_cis = -1;
@@ -1093,14 +1097,6 @@ typedef struct _spdu_info_t {
     guint8 len_field;
 } spdu_info_t;
 
-static const value_string dvbci_event[] = {
-    { DATA_HOST_TO_CAM,  "data transfer Host -> CAM" },
-    { DATA_CAM_TO_HOST,  "data transfer CAM -> Host" },
-    { CIS_READ,          "read the Card Information Structure (CIS)" },
-    { COR_WRITE,         "write into the Configuration Option Register (COR)" },
-    { HW_EVT,            "hardware event" },
-    { 0, NULL }
-};
 static const value_string dvbci_hw_event[] = {
     { CAM_IN,    "CI Module is inserted" },
     { CAM_OUT,   "CI Module is removed" },
@@ -1513,6 +1509,50 @@ static guint16 buf_size_cam;    /* buffer size proposal by the CAM */
 /* buffer size proposal by the host == negotiated buffer size */
 static guint16 buf_size_host;
 
+
+gint
+dvbci_set_addrs(guint8 event, packet_info *pinfo)
+{
+    if (!IS_DATA_TRANSFER(event))
+        return -1;
+
+    if (event == DVBCI_EVT_DATA_HOST_TO_CAM) {
+        SET_ADDRESS(&pinfo->src, AT_STRINGZ,
+                (int)strlen(ADDR_HOST)+1, ADDR_HOST);
+        SET_ADDRESS(&pinfo->dst, AT_STRINGZ,
+                (int)strlen(ADDR_CAM)+1 , ADDR_CAM);
+    }
+    else {
+        SET_ADDRESS(&pinfo->src, AT_STRINGZ,
+                (int)strlen(ADDR_CAM)+1 , ADDR_CAM);
+        SET_ADDRESS(&pinfo->dst, AT_STRINGZ,
+                (int)strlen(ADDR_HOST)+1, ADDR_HOST);
+    }
+
+    return 1;
+}
+
+
+guint8
+dvbci_get_evt_from_addrs(packet_info *pinfo)
+{
+    /* this should be working from C89 on */
+    static const address a_cam  = { AT_STRINGZ, -1, sizeof(ADDR_CAM), ADDR_CAM };
+    static const address a_host = { AT_STRINGZ, -1, sizeof(ADDR_HOST), ADDR_HOST };
+
+    if ( ADDRESSES_EQUAL(&(pinfo->src), &a_cam) &&
+         ADDRESSES_EQUAL(&(pinfo->dst), &a_host) ) {
+        return DVBCI_EVT_DATA_CAM_TO_HOST;
+    }
+    else if ( ADDRESSES_EQUAL(&(pinfo->src), &a_host) &&
+              ADDRESSES_EQUAL(&(pinfo->dst), &a_cam) ) {
+        return DVBCI_EVT_DATA_HOST_TO_CAM;
+    }
+    else
+        return DVBCI_EVT_INVALID_EVT;
+}
+
+
 /* this must be a function, not a macro,
    so that we can enforce the return type */
 static inline gint16 two_comp_to_int16(guint16 x)
@@ -2976,18 +3016,160 @@ dissect_dvbci_payload_cup(guint32 tag, gint len_field _U_,
 
 
 static void
-dissect_dvbci_payload_cc(guint32 tag, gint len_field _U_,
-        tvbuff_t *tvb, gint offset, circuit_t *circuit _U_,
-        packet_info *pinfo, proto_tree *tree)
+dissect_sac_msg(guint32 tag, tvbuff_t *tvb, gint offset,
+        packet_info *pinfo, proto_tree *tree, gboolean exported)
 {
-    guint8      status;
+    gint        offset_start;
     guint32     msg_ctr;
     guint8      enc_flag, enc_cip;
-    proto_item *pi                   = NULL, *ti;
+    proto_item *enc_flag_pi, *ti;
     guint16     sac_payload_len;          /* payload data and padding */
     gint        sac_payload_data_len = 0; /* just payload data */
     tvbuff_t   *clear_sac_body_tvb;
     proto_tree *sac_tree             = NULL;
+
+    offset_start = offset;
+
+    /* it's not useful to move sac header dissection to a separate
+       function, we need enc/auth cipher etc here to handle the body */
+    msg_ctr = tvb_get_ntohl(tvb, offset);
+    proto_tree_add_item(tree, hf_dvbci_sac_msg_ctr,
+            tvb, offset, 4, ENC_BIG_ENDIAN);
+    col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL,
+            "message #%d", msg_ctr);
+    offset += 4;
+    proto_tree_add_item(tree, hf_dvbci_sac_proto_ver,
+            tvb, offset, 1, ENC_BIG_ENDIAN);
+    proto_tree_add_item(tree, hf_dvbci_sac_auth_cip,
+            tvb, offset, 1, ENC_BIG_ENDIAN);
+    enc_flag = tvb_get_guint8(tvb, offset) & 0x1;
+    enc_flag_pi = proto_tree_add_item(tree, hf_dvbci_sac_payload_enc,
+            tvb, offset, 1, ENC_BIG_ENDIAN);
+    if (exported && enc_flag) {
+        expert_add_info_format(pinfo, enc_flag_pi, PI_PROTOCOL, PI_NOTE,
+        "The original PDU was encrypted, this exported PDU is in the clear");
+        enc_flag = 0;
+    }
+    offset++;
+    enc_cip = (tvb_get_guint8(tvb, offset)&0xE0) >> 5;
+    proto_tree_add_item(tree, hf_dvbci_sac_enc_cip,
+            tvb, offset, 1, ENC_BIG_ENDIAN);
+    offset++;
+    sac_payload_len = tvb_get_ntohs(tvb, offset);
+    proto_tree_add_item(tree, hf_dvbci_sac_payload_len,
+            tvb, offset, 2, ENC_BIG_ENDIAN);
+    offset += 2;
+    if (tvb_reported_length_remaining(tvb, offset) < 0)
+        return;
+    if (enc_flag) {
+        clear_sac_body_tvb = decrypt_sac_msg_body(enc_cip,
+                tvb, offset, tvb_reported_length_remaining(tvb, offset));
+    }
+    else {
+        clear_sac_body_tvb = tvb_new_subset_remaining(tvb, offset);
+    }
+    if (!clear_sac_body_tvb) {
+        /* we could not decrypt (or access) the clear sac message body */
+        proto_tree_add_item(tree, hf_dvbci_sac_enc_body, tvb, offset,
+                tvb_reported_length_remaining(tvb, offset), ENC_NA);
+        return;
+    }
+    if (enc_flag)
+        add_new_data_source(pinfo, clear_sac_body_tvb, "Clear SAC message body");
+    if (sac_payload_len>0) {
+        ti = proto_tree_add_text(tree, clear_sac_body_tvb, 0, sac_payload_len,
+                "SAC message payload");
+        sac_tree = proto_item_add_subtree(ti, ett_dvbci_sac_msg_body);
+        if (tag==T_CC_SAC_DATA_REQ || tag==T_CC_SAC_DATA_CNF) {
+            sac_payload_data_len = dissect_cc_data_payload(tag,
+                    clear_sac_body_tvb, 0, pinfo, sac_tree);
+        }
+        else if (tag==T_CC_SAC_SYNC_REQ) {
+            sac_payload_data_len = 0;
+        }
+        else if (tag==T_CC_SAC_SYNC_CNF) {
+            proto_tree_add_item(sac_tree, hf_dvbci_cc_status_field,
+                    clear_sac_body_tvb, 0, 1, ENC_BIG_ENDIAN);
+            sac_payload_data_len = 1;
+        }
+
+        if (sac_payload_data_len < 0)
+            return;
+        if (sac_payload_len > sac_payload_data_len) {
+            proto_tree_add_text(sac_tree, clear_sac_body_tvb,
+                    sac_payload_data_len,
+                    sac_payload_len-sac_payload_data_len,
+                    "padding");
+        }
+    }
+    proto_tree_add_item(tree, hf_dvbci_sac_signature,
+            clear_sac_body_tvb, sac_payload_len,
+            tvb_reported_length_remaining(clear_sac_body_tvb,
+                sac_payload_len), ENC_NA);
+
+    /* we call this function also to dissect exported SAC messages,
+        dont' try to export them a second time
+       we only export cc_sac_data_req and cc_sac_data_cnf,
+        sync req and cnf contain no encrypted data */
+    if (!exported &&
+        (tag==T_CC_SAC_DATA_REQ || tag==T_CC_SAC_DATA_CNF) &&
+        have_tap_listener(exported_pdu_tap)) {
+
+        tvbuff_t       *clear_sac_msg_tvb;
+        exp_pdu_data_t *exp_pdu_data;
+
+        clear_sac_msg_tvb = tvb_new_composite();
+        tvb_composite_append(clear_sac_msg_tvb,
+                tvb_clone_offset_len(tvb, offset_start, SAC_MSG_HDR_LEN));
+        tvb_composite_append(clear_sac_msg_tvb, clear_sac_body_tvb);
+        tvb_composite_finalize(clear_sac_msg_tvb);
+
+        exp_pdu_data = load_export_pdu_tags(
+                pinfo, EXPORTED_SAC_MSG_PROTO, -1, EXP_PDU_TAG_DVBCI_EVT_BIT);
+
+        exp_pdu_data->tvb_length = tvb_length(clear_sac_msg_tvb); 
+        exp_pdu_data->pdu_tvb = clear_sac_msg_tvb;
+        tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data);
+    }
+}
+
+
+static int
+dissect_dvbci_exported_sac_msg(
+        tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
+{
+    guint8 evt;
+    guint32 tag;
+
+    evt = dvbci_get_evt_from_addrs(pinfo);
+    if (!IS_DATA_TRANSFER(evt))
+        return 0;
+
+    col_append_sep_fstr(pinfo->cinfo, COL_PROTOCOL, NULL, EXPORTED_SAC_MSG_PROTO);
+    col_clear(pinfo->cinfo, COL_INFO);
+
+    /* we only export cc_sac_data_req and _cnf, therefore, the tag can be
+       derived from the direction of the transfer */
+    if (evt== DVBCI_EVT_DATA_CAM_TO_HOST)
+       tag = T_CC_SAC_DATA_REQ;
+    else 
+       tag = T_CC_SAC_DATA_CNF;
+
+    col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL, "%s",
+            val_to_str_const(tag, dvbci_apdu_tag, "unknown"));
+
+    dissect_sac_msg(tag, tvb, 0, pinfo, tree, TRUE);
+    return tvb_reported_length(tvb);
+}
+
+
+static void
+dissect_dvbci_payload_cc(guint32 tag, gint len_field _U_,
+        tvbuff_t *tvb, gint offset, circuit_t *circuit _U_,
+        packet_info *pinfo, proto_tree *tree)
+{
+    guint8      status;
+    proto_item *pi;
     nstime_t    utc_time;
     guint8      pin_stat;
     guint8      evt_cent;
@@ -3012,81 +3194,7 @@ dissect_dvbci_payload_cc(guint32 tag, gint len_field _U_,
         case T_CC_SAC_DATA_CNF:
         case T_CC_SAC_SYNC_REQ:
         case T_CC_SAC_SYNC_CNF:
-            /* it's not useful to move sac header dissection to a separate
-                function, we need enc/auth cipher etc here to handle the body */
-            msg_ctr = tvb_get_ntohl(tvb, offset);
-            proto_tree_add_item(
-                    tree, hf_dvbci_sac_msg_ctr, tvb, offset, 4, ENC_BIG_ENDIAN);
-            col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL,
-                    "message #%d", msg_ctr);
-            offset += 4;
-            proto_tree_add_item(
-                    tree, hf_dvbci_sac_proto_ver, tvb, offset, 1, ENC_BIG_ENDIAN);
-            proto_tree_add_item(
-                    tree, hf_dvbci_sac_auth_cip, tvb, offset, 1, ENC_BIG_ENDIAN);
-            enc_flag = tvb_get_guint8(tvb, offset) & 0x1;
-            proto_tree_add_item(
-                    tree, hf_dvbci_sac_payload_enc, tvb, offset, 1, ENC_BIG_ENDIAN);
-            offset++;
-            enc_cip = (tvb_get_guint8(tvb, offset)&0xE0) >> 5;
-            proto_tree_add_item(
-                    tree, hf_dvbci_sac_enc_cip, tvb, offset, 1, ENC_BIG_ENDIAN);
-            offset++;
-            sac_payload_len = tvb_get_ntohs(tvb, offset);
-            proto_tree_add_item(
-                    tree, hf_dvbci_sac_payload_len, tvb, offset, 2, ENC_BIG_ENDIAN);
-            offset += 2;
-            if (tvb_reported_length_remaining(tvb, offset) < 0)
-                break;
-            if (!enc_flag) {
-                pi = proto_tree_add_text(tree, tvb, offset,
-                        tvb_reported_length_remaining(tvb, offset),
-                        "Invalid CI+ SAC message body");
-                expert_add_info_format(pinfo, pi, PI_MALFORMED, PI_ERROR,
-                        "SAC message body must always be encrypted");
-                break;
-            }
-            clear_sac_body_tvb = decrypt_sac_msg_body(enc_cip,
-                    tvb, offset, tvb_reported_length_remaining(tvb, offset));
-            if (!clear_sac_body_tvb) {
-                /* we could not decrypt the sac message body */
-                proto_tree_add_item(tree, hf_dvbci_sac_enc_body, tvb, offset,
-                        tvb_reported_length_remaining(tvb, offset), ENC_NA);
-                break;
-            }
-            add_new_data_source(pinfo, clear_sac_body_tvb,
-                            "Clear SAC message body");
-            if (sac_payload_len>0) {
-                ti = proto_tree_add_text(tree,
-                        clear_sac_body_tvb, 0, sac_payload_len,
-                        "SAC message payload");
-                sac_tree = proto_item_add_subtree(ti, ett_dvbci_sac_msg_body);
-                if (tag==T_CC_SAC_DATA_REQ || tag==T_CC_SAC_DATA_CNF) {
-                    sac_payload_data_len = dissect_cc_data_payload(tag,
-                        clear_sac_body_tvb, 0, pinfo, sac_tree);
-                }
-                else if (tag==T_CC_SAC_SYNC_REQ) {
-                    sac_payload_data_len = 0;
-                }
-                else if (tag==T_CC_SAC_SYNC_CNF) {
-                    proto_tree_add_item(sac_tree, hf_dvbci_cc_status_field,
-                        clear_sac_body_tvb, 0, 1, ENC_BIG_ENDIAN);
-                    sac_payload_data_len = 1;
-                }
-
-                if (sac_payload_data_len < 0)
-                    break;
-                if (sac_payload_len > sac_payload_data_len) {
-                    proto_tree_add_text(sac_tree, clear_sac_body_tvb,
-                            sac_payload_data_len,
-                            sac_payload_len-sac_payload_data_len,
-                            "padding");
-                }
-            }
-            proto_tree_add_item(tree, hf_dvbci_sac_signature,
-                clear_sac_body_tvb, sac_payload_len,
-                tvb_reported_length_remaining(clear_sac_body_tvb,
-                    sac_payload_len), ENC_NA);
+            dissect_sac_msg(tag, tvb, offset, pinfo, tree, FALSE);
             break;
         case T_CC_PIN_CAPABILITIES_REPLY:
             proto_tree_add_item(tree, hf_dvbci_capability_field,
@@ -4680,14 +4788,7 @@ dissect_dvbci(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U
     }
 
     if (IS_DATA_TRANSFER(event)) {
-        if (event == DATA_HOST_TO_CAM) {
-            SET_ADDRESS(&pinfo->src, AT_STRINGZ, (int)strlen(ADDR_HOST)+1, ADDR_HOST);
-            SET_ADDRESS(&pinfo->dst, AT_STRINGZ, (int)strlen(ADDR_CAM)+1 , ADDR_CAM);
-        }
-        else {
-            SET_ADDRESS(&pinfo->src, AT_STRINGZ, (int)strlen(ADDR_CAM)+1 , ADDR_CAM);
-            SET_ADDRESS(&pinfo->dst, AT_STRINGZ, (int)strlen(ADDR_HOST)+1, ADDR_HOST);
-        }
+        dvbci_set_addrs(event, pinfo);
 
         payload_tvb = tvb_new_subset_remaining( tvb, offset);
         if (len_field == 2) {
@@ -4697,7 +4798,7 @@ dissect_dvbci(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U
             dissect_dvbci_lpdu(payload_tvb, pinfo, dvbci_tree, event);
         }
     }
-    else if (event==COR_WRITE) {
+    else if (event==DVBCI_EVT_COR_WRITE) {
         /* PCAP format for DVB-CI defines COR address as big endian */
         pi = proto_tree_add_item(dvbci_tree, hf_dvbci_cor_addr,
                 tvb, offset, 2, ENC_BIG_ENDIAN);
@@ -4721,10 +4822,10 @@ dissect_dvbci(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U
         col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL,
             "value 0x%x", cor_value);
     }
-    else if (event==CIS_READ) {
+    else if (event==DVBCI_EVT_CIS_READ) {
         dissect_dvbci_cis(tvb, offset, pinfo, dvbci_tree);
     }
-    else if (event==HW_EVT) {
+    else if (event==DVBCI_EVT_HW_EVT) {
         hw_event = tvb_get_guint8(tvb, offset);
         col_set_str(pinfo->cinfo, COL_INFO,
                 val_to_str_const(hw_event, dvbci_hw_event, "Invalid hardware event"));
@@ -5715,6 +5816,10 @@ proto_register_dvbci(void)
                 "SAS application id", FT_STRING, BASE_NONE);
 
     register_init_routine(dvbci_init);
+
+    /* the dissector for decrypted CI+ SAC messages which we can export */
+    new_register_dissector(EXPORTED_SAC_MSG_PROTO,
+        dissect_dvbci_exported_sac_msg, proto_dvbci);
 }
 
 
@@ -5731,6 +5836,8 @@ proto_reg_handoff_dvbci(void)
     dvb_nit_handle = find_dissector("dvb_nit");
     tcp_dissector_table = find_dissector_table("tcp.port");
     udp_dissector_table = find_dissector_table("udp.port");
+
+    exported_pdu_tap = find_tap_id(EXPORT_PDU_TAP_NAME_DVB_CI);
 }
 
 /*
author	Martin Kaiser <wireshark@kaiser.cx>	2013-07-29 20:38:20 +0000
committer	Martin Kaiser <wireshark@kaiser.cx>	2013-07-29 20:38:20 +0000
commit	174fa28a3152efd151023c574cedb0f131bb3860 (patch)
tree	60532197bcba6d79f744b4b0480cca551d731af9 /epan/dissectors/packet-dvbci.c
parent	56bf58dce39b5d34c2ecad5a883a1201599c15b2 (diff)