Wireshark-dev: Re: [Wireshark-dev] OSCORE dissector
From: Michael Mann <mmann78@xxxxxxxxxxxx>
Date: Tue, 19 Dec 2017 22:30:26 -0500
Mališa,
I think you are approaching this correctly in making OSCORE a separate protocol for now. The deciding point may be overall size of "OSCORE only" code and how much of the CoAP dissector API you have to put in a header file. Remember dissectors don't always equal protocols, so you may need a few dissectors to get the proper layering that you desire.
You can always submit a patch for review even if it's just a "WIP" (work in progress). Reviewers may be able to better steer you in a direction by seeing the code itself (I know I work better that way, anyway).
Michael
-----Original Message-----
From: Mališa Vučinić <malishav@xxxxxxxxx>
To: wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>
Sent: Tue, Dec 19, 2017 10:48 am
Subject: [Wireshark-dev] OSCORE dissector
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
From: Mališa Vučinić <malishav@xxxxxxxxx>
To: wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>
Sent: Tue, Dec 19, 2017 10:48 am
Subject: [Wireshark-dev] OSCORE dissector
Hello all,
I am looking for an advice how to organize the dissector code of OSCORE (https://tools.ietf.org/html/draft-ietf-core-object-security-07).
OSCORE is a mechanism to encrypt *part* of CoAP-RFC7252 message, leaving CoAP header in the clear. Encryption is signaled with a special CoAP option called Object-Security. The plaintext of OSCORE contains CoAP code, *some* CoAP options and CoAP payload. This means that once decryption has taken place, functions specific to CoAP dissector are needed to dissect it.
OSCORE message can also be carried with HTTP, in order to support HTTP-to-CoAP proxies, and is signaled by the presence of a special HTTP header.
Another data point is that IETF CORE has also standardized CoAP to be used over TCP and Websockets (https://tools.ietf.org/html/draft-ietf-core-coap-tcp-tls-11) with a different on-the-wire format from CoAP over UDP currently implemented in Wireshark. I do not intend to implement this now but would like to organize my OSCORE dissection code in a way that will facilitate this extension of CoAP.
I started implementing OSCORE as a separate dissector, explicitly called from CoAP for now. To dissect OSCORE plaintext after decryption, I plan on exporting some CoAP functions and calling them from the OSCORE dissector. I will need to refactor the CoAP dissector code a bit to facilitate this. CoAP over TCP can then be implemented as a separate dissector using the same exported CoAP functions.
I would like to check whether this is the right approach and if I should pursue it. Another option is to put everything within the CoAP dissector but I am not sure if that would cover OSCORE over HTTP case.
Any feedback would be greatly appreciated.
Mališa
- Follow-Ups:
- Re: [Wireshark-dev] OSCORE dissector
- From: Mališa Vučinić
- Re: [Wireshark-dev] OSCORE dissector
- References:
- [Wireshark-dev] OSCORE dissector
- From: Mališa Vučinić
- [Wireshark-dev] OSCORE dissector
- Prev by Date: [Wireshark-dev] OSCORE dissector
- Next by Date: Re: [Wireshark-dev] OSCORE dissector
- Previous by thread: [Wireshark-dev] OSCORE dissector
- Next by thread: Re: [Wireshark-dev] OSCORE dissector
- Index(es):