Thanks for your response Michael, that is helpful. I've just pushed some first CoAP-related changes that have been tested and are ready for review (https://code.wireshark.org/review/#/c/24910/2 <https://code.wireshark.org/review/#/c/24910/2>). I will build OSCORE dissector on top of these and submit WIP changes as I progress.
Mališa > On 20 Dec 2017, at 04:30, Michael Mann via Wireshark-dev > <wireshark-dev@wireshark.org> wrote: > > Mališa, > > I think you are approaching this correctly in making OSCORE a separate > protocol for now. The deciding point may be overall size of "OSCORE only" > code and how much of the CoAP dissector API you have to put in a header file. > Remember dissectors don't always equal protocols, so you may need a few > dissectors to get the proper layering that you desire. > You can always submit a patch for review even if it's just a "WIP" (work in > progress). Reviewers may be able to better steer you in a direction by > seeing the code itself (I know I work better that way, anyway). > > Michael > > > -----Original Message----- > From: Mališa Vučinić <malis...@gmail.com> > To: wireshark-dev <wireshark-dev@wireshark.org> > Sent: Tue, Dec 19, 2017 10:48 am > Subject: [Wireshark-dev] OSCORE dissector > > Hello all, > > I am looking for an advice how to organize the dissector code of OSCORE > (https://tools.ietf.org/html/draft-ietf-core-object-security-07 > <https://tools.ietf.org/html/draft-ietf-core-object-security-07>). > > OSCORE is a mechanism to encrypt *part* of CoAP-RFC7252 message, leaving CoAP > header in the clear. Encryption is signaled with a special CoAP option called > Object-Security. The plaintext of OSCORE contains CoAP code, *some* CoAP > options and CoAP payload. This means that once decryption has taken place, > functions specific to CoAP dissector are needed to dissect it. > > OSCORE message can also be carried with HTTP, in order to support > HTTP-to-CoAP proxies, and is signaled by the presence of a special HTTP > header. > > Another data point is that IETF CORE has also standardized CoAP to be used > over TCP and Websockets > (https://tools.ietf.org/html/draft-ietf-core-coap-tcp-tls-11 > <https://tools.ietf.org/html/draft-ietf-core-coap-tcp-tls-11>) with a > different on-the-wire format from CoAP over UDP currently implemented in > Wireshark. I do not intend to implement this now but would like to organize > my OSCORE dissection code in a way that will facilitate this extension of > CoAP. > > I started implementing OSCORE as a separate dissector, explicitly called from > CoAP for now. To dissect OSCORE plaintext after decryption, I plan on > exporting some CoAP functions and calling them from the OSCORE dissector. I > will need to refactor the CoAP dissector code a bit to facilitate this. CoAP > over TCP can then be implemented as a separate dissector using the same > exported CoAP functions. > > I would like to check whether this is the right approach and if I should > pursue it. Another option is to put everything within the CoAP dissector but > I am not sure if that would cover OSCORE over HTTP case. > > Any feedback would be greatly appreciated. > > Mališa > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org > <mailto:d...@wireshark.org>> Archives: > https://www.wireshark.org/lists/wireshark-dev > <https://www.wireshark.org/lists/wireshark-dev> Unsubscribe: > https://www.wireshark.org/mailman/options/wireshark-dev > <https://www.wireshark.org/mailman/options/wireshark-dev> > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe > <mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe>___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
