Wireshark-bugs: [Wireshark-bugs] [Bug 6700] New: DVB-CI / CI+ decrypt SAC messages

Date: Thu, 29 Dec 2011 08:47:02 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6700

           Summary: DVB-CI / CI+ decrypt SAC messages
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: wireshark@xxxxxxxxx


Created an attachment (id=7625)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7625)
decrypt sac messages

Build Information:
TShark 1.7.1 (SVN Rev 40325 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.24.2, with libpcap (version unknown), with libz
1.2.3.4, without POSIX capabilities, without SMI, without c-ares, without ADNS,
without Lua, without Python, with GnuTLS 2.8.6, with Gcrypt 1.4.5, with MIT
Kerberos, without GeoIP.

Running on Linux 2.6.32-5-amd64, with locale en_US.UTF-8, with libpcap version
1.1.1, with libz 1.2.3.4.

Built using gcc 4.4.5.

--
CI+ uses a secure authenticated channel (sac) to encrypt some of the protocol
messages. The attached patch decrypts these messages. The user must provide the
key and init vector, I added two preferences for this.

The ssl dissector served as an example, my code should not be very different.
I call strlen() on a non-NULL preference string, is this ok, i.e. is a
non-empty preference always 0-terminated?
Like everybody else, I am not checking the return value of 
prefs_register_protocol().

The clear sac message body is not dissected any further for now, I'll submit
code for this when the current patch is accepted.

The sample capture contains one sac message where both key and init vector are
00000000000000000000000000000000 (32 zeroes).

As usual, thanks for your review and for merging the patch.

   Martin

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.