I am working on a custom dissector for Wireshark in lua.
Certain PDUs in the protocol is encrypted using AES and I would like to decrypt these so that I can show the clear content in Wireshark. Is this possible with a lua dissector and what APIs can I use to make the decryption?
Or do I need to make a c/c++ dissector to make a dissector that decrypts data?
Personally i use lua-crypto but it requires OpenSSL.
You can check lua-wiki.
Recently i create wrapper for this AES implementation called bgcrypto.
It has no external dependencies but i really do not use it yet in real work.
At the moment Wireshark (2.0) does not expose a crypto API to LUA dissectors, so you have to implement it in the Lua dissector.
For a pure Lua solution you can use lua-lockbox (as mentioned on the Lua wiki). This is not recommended if you need performance, but might be useful for prototyping.
Faster AES decryption implementations typically use a native library, for example:
LuaCrypto - uses OpenSSL, though it does not seem maintained
lcrypt - uses libtomcrypt, but there seems to be no development either
Since none of these libraries satisfied my needs, I developed a new one based on Libgcrypt for these reasons:
Wireshark already links to Libgcrypt for things like SSL decryption.
The Libgcrypt library supports sufficiently many ciphers and hashes.
Libgcrypt is widely available and has an active development team.
The Luagcrypt API is simple enough and documented.
The result is luagcrypt which works on the platforms supported by Wireshark (Linux, OS X, Windows). It is used in the KDNET dissector, this commit shows the transformation from lua-lockbox to luagcrypt.
Related
I know that Qt has SSL/TLS support to TCP communications, and I wanted to leverage the cross-platform high-level API to encrypt communications not based on TCP. If possibly keeping Diffie–Hellman protocol to establish the secured communication.
Now I've been looking at the classes sources, and where data is encrypted for instance, and it appears to be all private and not easily reusable.
Is there an easy way to use what was developed by Qt for something else than TCP, at least for simple encryption? full SSL support?
I guess you can always open a local TCP port, and build a TCP-to-Other local proxy, but that looks a bit silly, just to be able to reuse Qt implementation.
I found the Hacking on Qt SSL Support in the Wiki, which gives some perspective but not exactly how to leverage existing implementation.
I was looking to enable chacha/poly algorithm in the openssl 1.1.0 version. I googled alot but couldn't get the resolution. please help me if any one knows
How do I enable chacha/poly in openssl1.1.0
ChaCha20/Poly1305 is enabled by default in OpenSSL 1.1.0. With all other things being equal, you will use it if its a common cipher and its selected by the client or server.
If you are not seeing ChaCha20/Poly1305 as the cipher suite, then check the server. It probably lacks support for curve25519 or the cipher suite. You should still see the cipher suite advertised in the ClientHello.
A disappointing thing about ChaCha and Poly1305 is they are only available as a unit via EVP_chacha20_poly1305. You cannot use just ChaCha or just Poly1305. (And ChaCha is TLS's ChaCha, and not Bernstein's ChaCha).
Also see How to use Poly1305 with EVP interfaces? on the OpenSSL Users mailing list.
I am currently working on a Hadoop project that requires data encryption (because the data will be stored in S3). While I primarily expect to access the data though Hive, it would be nice to be able to access it via Pig and any other MapReduce methods.
I know Hadoop has built-in support for compression codecs like gzip, snappy, etc... Is there any support for encryption codecs as well (specifically, GPG)? Has anyone written a GPG SerDe (or anything similar) that is publicly available?
Last I knew Hadoop has no internal support for encryption whatsoever. Seems like you could overload the CompressionCodec with your GPG code, ala http://www.mail-archive.com/common-user#hadoop.apache.org/msg06229.html
Happy Hacking & let us know if you find a solution!
Does Node.JS support sending binary data? or does it require a Base64 layer?
Also, how best would I create an encryption layer? I am expecting I will create a module that acts exactly like the net module (as it pertains to tcp client/server communication) and then just call an underlying net module.
However, I would like the encryption layer to be easily added to a file I/O stream. Would those two operations have to work different?
I know little about Node.JS but I know Java and browser based JavaScript very well.
Yes, Node.js supports binary data.
For encrypted communication it has built-in support for SSL / TLS.
I'm building a Qt application that needs to use libssh, a SSH client library. libssh (understandably) performs its own network connections, however Qt has its own infrastructure for network connections (QTcpSocket etc).
Should I worry about these differences? Should I be trying to make libssh make network connections via QTcpSocket... Or if it works fine on the platforms I'm targeting, is that good enough?
The only downside is that you have another library that your code depends on.
The primary rule though is if it works, go with it.
I think it depends on how the abstraction you get from libssh looks like. If it is a socket-like API, you could create an QAbstractSocket implementation for it. If it is just some structure or handle to read from and write to, you could create a QIODevice subclass. Most I/O can be implemented generically operating on QIODevices (instead of explicitely operating on QFile, sockets, etc.).