-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathspicy-noise.spicy
101 lines (82 loc) · 9.66 KB
/
spicy-noise.spicy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# This Spicy protocol analyzer will identify WireGuard traffic and extract details for Initiation, Respoinse, Cookie, and Transport packets.
#
#
# Copyright 2020, Verizon Media
# Licensed under the terms of the Apache 2.0 license. See LICENSE file in github.com/theparanoids/spicy-noise root directory for terms
module WireGuard;
import spicy;
public type WG_MSG = unit {
msg_type: uint8;
reserved_zero: bytes &size=3;
#on %done {
# print "WG_TYPE: %X" % self.msg_type;
# print "RESERVED: %x" % self.reserved_zero;
# print "";
#}
switch ( self.msg_type) {
1 -> wg1: INITIATION;
2 -> wg2: RESPONSE;
3 -> wg3: COOKIE;
4 -> wg4: TRANSPORT;
};
};
type INITIATION = unit {
sender_index: uint32 &byte-order=spicy::ByteOrder::Little;
unenc_ephemeral: bytes &size=32;
enc_static: bytes &size=48;
enc_timestamp: bytes &size=28;
mac1: bytes &size=16;
mac2: bytes &size=16;
#on %done {
# print "";
# print "SPICY - INITIATION";
# print "SENDER_INDEX: %02X" % self.sender_index;
# print "UNENC_EPHEMERAL: %x" % self.unenc_ephemeral;
# print "ENC_STATIC_ARRAY: %s" % self.enc_static;
# print "ENC_TIMESTAMP %X" % self.enc_timestamp;
# print "MAC1: %X" % self.mac1;
# print "MAC2: %X" % self.mac2;
#}
};
type RESPONSE = unit {
sender_index: uint32 &byte-order=spicy::ByteOrder::Little;
receiver_index: uint32 &byte-order=spicy::ByteOrder::Little;
unenc_ephemeral: bytes &size=32;
enc_nothing: bytes &size=16;
mac1: bytes &size=16;
mac2: bytes &size=16;
#on %done {
# print "";
# print "SPICY - RESPONSE";
# print "RESPONSE";
# print "SENDER_INDEX: %02X" % self.sender_index;
# print "RECEIVER_INDEX: %02X" % self.receiver_index;
# print "UNENC_EPHEMERAL: %x" % self.unenc_ephemeral;
# print "ENC_NOTHING: %x" % self.enc_nothing;
# print "MAC1: %X" % self.mac1;
# print "MAC2: %X" % self.mac2;
#}
};
type COOKIE = unit {
receiver_index: uint32 &byte-order=spicy::ByteOrder::Little;
nonce: uint8[24];
encrypted_cookie: uint8[32];
};
type TRANSPORT = unit {
receiver_index: uint32 &byte-order=spicy::ByteOrder::Little;
counter: uint64 &byte-order=spicy::ByteOrder::Little;
enc_packet: bytes &eod;
#on %done {
# print "";
# print "SPICY - TRANSPORT";
# print "RECEIVER_INDEX: %x" % self.receiver_index;
# print "COUNTER: %x" % self.counter;
# print "ENCRYPTED_PACKET: %x" % self.enc_packet;
#}
};
# To Test HANDSHAKE_INITIATION
#printf '\x01\x00\x00\x00\x02\x9c\x03\xc1\xf3\x0c\xeb\x67\x14\x8d\xd2\x7c\x78\xd5\x2d\x01\x96\xb6\xb7\x8b\x71\x54\x29\x86\xf5\x63\xac\x89\x88\x79\x35\x3f\x02\x2f\x17\x47\x70\c5\b3\d4\33\cf\b4\9f\d3\31\16\88\28\4c\e6\7e\c7\21\11\e6\55\12\9f\c5\f6\be\d2\e0\a4\4b\8d\28\c2\22\c6\e1\47\9a\08\33\c7\a1\f6\41\7b\73\3c\1e\f0\49\fa\b5\e4\51\af\f5\61\ea\42\8c\21\16\f7\d1\02\3c\cd\ac\2b\2a\00\ec\be\02\73\c9\f8\4b\1c\69\50\32\08\4b\58\e7\d2\ff\9f\cf\19\fd\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00' | spicy-driver wg.spicy
#To Test HANDSHAKE_RESPONSE
#printf '\x02\x00\x00\x00\x01\xfa\xe3\xdc\x02\x9c\x03\xc1\x39\x4c\xe1\x06\x7f\xac\xcd\xff\x74\xd7\x1d\xdd\xe6\x45\x0c\xce\xdb\x94\x83\x90\x08\xa7\xa2\xc0\xcd\xb0\xb4\xab\xe0\x80\x56\x5b\x96\xd1\x67\x52\xc3\x2e\x60\xba\xab\xfb\x54\x13\xfb\xa2\x42\x76\xbe\xae\x31\xec\xe9\x18\xc0\x17\x00\xe5\xdf\xe6\x6c\xa3\xc7\xb9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | spicy-driver wg.spicy
# TEST ENCRYPTED_ENCODED_PACKET
# printf '\x04\x00\x00\x00\xb9\x9e\xde\x26\x03\x00\x00\x00\x00\x00\x00\x00\xad\x12\x98\x79\xd3\x4f\x4e\x7a\x15\x11\xcf\x31\xde\xba\x59\x83\x65\x08\x34\xf0\xbc\x98\x64\x27\x1e\xfd\x47\x9a\x6c\xae\x5f\x9f\x2f\xff\x3d\x80\x16\x58\x1c\xbd\xa6\x8d\x3f\x42\xfb\x9e\x6d\x26\xe5\x15\x8c\x75\xd8\x28\xc6\x1d\x11\x58\x27\xda\x17\xbc\xa7\xae\x56\xec\x18\x5e\x2a\x9a\x41\x9a\xad\xe6\x29\xf4\x5e\xce\xcf\x29\x46\x98\x06\x54\xee\x32\x23\x4d\xed\xe4\x1a\x68\x9c\x66\x27\xf3\x10\xbb\xd5\x5b\x4c\x3d\x6c\x69\x05\x87\x72\xf4\x7b\x07\x36\x26\x63\xe2\x31\x93\xdf\x43\xbe\x58\xfa\xdd\x41\x32\xf5\xd1\xb7\xae\xe9\xaa\x3e\xa8\x45\xd4\x50\x3d\x61\x54\x74\x8a\x72\x98\x0e\x1a\x9f\xf1\x96\x5e\xc0\x8c\xf6\x2c\xd4\xe1\x2d\xeb\x87\xb1\x01\xf3\xbc\xa4\x57\x99\xb5\x04\xe9\xd7\xa7\x0b\xba\x23\xcd\xa8\xc9\x5d\xdc\x46\x21\xda\x9e\xe5\x17\xf4\x72\xf4\x63\xb7\x94\x1f\x6c\xa7\xf3\xc1\xe9\xc7\xd2\x38\xeb\xcb\x56\x26\x77\xc2\xc8\x82\x17\xf4\x3b\x6b\x06\x2a\x16\xe0\xab\x70\xc8\xd4\xd5\x14\x2c\xed\x13\xc6\x5b\x87\xe1\x88\x56\xb3\x97\xd3\x6c\xbd\x2b\x81\xbd\x63\x08\x23\x8f\x24\x79\x40\xad\x90\xb9\xdb\xaa\xff\x5d\x05\x93\x3b\x04\xf0\x95\x78\xf0\x30\x15\x6e\x62\x3d\x93\x9a\xee\xf9\x31\x68\xf1\x7a\xa6\xa5\x83\x4a\x04\xf0\x46\x22\xc8\x0a\x28\xb1\xe7\x04\x0b\xd1\xad\x1c\x06\x98\x0c\xc6\xbc\x8d\x0b\x19\xaf\xc9\x12\x94\xc9\x17\x68\xd5\x11\x4c\x6b\x27\xd7\x14\xea\x7e\xe8\x3a\xa6\x52\xb3\x5b\x06\xbd\xdd\x9c\x31\x84\xf3\xb5\xee\x02\x43\xa7\xc7\xd9\xbf\x0d\x1f\xf2\x04\x8f\xe2\x89\xe3\xd2\x0a\x7b\x31\x7b\x22\x55\xc2\xd0\x55\x25\xe0\xdd\xcf\x06\x40\xca\xb5\x51\xf6\xf6\x05\x7f\x25\x51\x1f\x83\x22\xad\x96\x2e\xc3\x7d\xd5\x91\x30\x3d\xf0\xe1\x17\x72\xaa\xdd\x4d\x23\xaf\xb1\x39\xf4\xe0\x92\xff\xd4\x39\x8a\x4e\x37\x63\xf0\x71\xe3\xb6\xe0\x62\xb2\x6e\xaf\x3a\x87\xdd\xac\x54\x66\x55\x24\x44\x02\x21\x39\xb4\x8e\x07\x79\xc2\x24\x65\x5f\xe2\xbb\x6d\xf8\xe4\x92\x1e\xf0\x54\xd6\x65\x95\x5f\xbc\x85\x46\xf5\x56\xa6\x90\x73\xcb\x7b\x48\x01\x41\x1e\x1e\x78\xb7\xd4\x58\x89\x51\x42\xb5\x3e\x6a\x25\x90\x05\xa6\x4a\x33\x1a\x28\xc9\x8c\x19\x3d\x91\x93\x95\x4b\x4a\x99\x4f\xd0\xd7\xf7\x09\xf4\x67\x81\x2a\xe0\xfa\x4f\x18\x1e\xfb\xfa\x24\x3a\x5a\xaf\x3d\x78\x02\x1d\xec\xa2\x02\x24\x87\x54\x9f\xf6\x95\x61\xd3\x2b\xb0\x4f\xc8\xfc\x1c\x22\x29\x37\xab\xe7\x48\x52\x92\x30\x2f\x9f\xfb\x76\x86\x03\x71\xec\xe9\x9e\xc7\x01\xe6\x8f\xca\x8c\x0b\xc1\xc3\x76\x30\xa8\x0b\x8d\x2f\x25\x6e\xa8\x5a\xcc\x1a\xd8\xb5\x78\x24\xe2\xd6\x59\x74\xd7\xab\x25\x08\x46\xc3\x19\x1b\xc7\x62\x27\xa5\x0a\xd7\x73\x93\x0e\xef\x62\x12\x0f\x13\xe9\x37\xec\x5c\x57\x07\x2a\x09\xde\x38\x39\x36\x53\xab\x6d\x1a\x15\xbc\xed\xb9\x1f\x2d\xab\x3f\x84\x98\x32\x64\x37\x74\x44\x0d\x44\x35\x64\x0b\x2f\x32\xbd\x04\x52\x00\x8d\x54\x3a\x49\xd7\x9e\x90\xe8\xf9\x25\x39\xd0\x52\x9c\x99\xd0\x7d\xe2\x1b\x69\x44\xcf\x9d\x74\x00\xcd\x52\x62\x4f\x0f\xb2\x49\x00\x8f\x00\x16\x09\x0c\x37\xb6\x6e\x8e\x0a\xbb\xbf\x66\x52\x5c\xd8\x69\x0d\x7d\x4c\x0f\xee\xf3\x75\x85\x30\xbb\xc1\xac\x95\xd3\x0a\x4d\x8b\x73\xf8\x16\x92\x86\x82\x6d\x71\x24\xa6\x5d\x87\x40\xba\x9f\x22\xd7\x69\x46\x06\xd2\x49\x7f\xb1\x71\x00\xd4\xb0\x7a\x0e\x5b\x1e\x0a\xf7\x38\x4f\x55\x2c\x96\x6a\xe4\x92\x0a\x85\x8f\xb4\x70\x82\x91\x17\xcc\xa6\x23\x9a\x1f\xf6\xf5\xc4\x4c\x64\xfb\x25\x07\xb6\xe9\x05\x67\xf3\x37\xa4\x7a\xf2\x35\xf3\x7c\xa2\xa9\x2e\x6a\x6f\x1a\x9d\xb7\xde\x9e\x4f\x5f\xd6\xf2\x61\x7f\xd9\x33\x42\x60\x18\x22\x3f\x5d\xf9\x80\xac\x15\xa1\x2d\xd9\x63\xfd\x24\x5a\xbc\x79\xa0\xdd\x13\x5d\x21\xa3\x32\x44\x67\x86\xe7\x04\x8e\xcc\x39\x5b\x5f\x02\x14\x9a\x3e\x95\xa6\xc7\x92\x6b\x99\x50\x9f\xab\x75\x57\xc4\xbe\x26\x9d\xcb\x6e\xc4\xc2\x02\x1c\x53\x6b\x06\x58\xf5\xa7\xee\x3c\x3e\x58\xf3\x86\xfb\xbd\x3d\x08\x11\xad\x7f\x0e\xff\x2d\xde\x8c\x0e\x63\x6c\xbd\x3f\x66\xee\x6b\xd3\x28\xe5\x48\x1f\x12\x72\x6a\x20\x3d\xf7\xbc\xbd\x3f\x81\x43\xe2\x68\xe3\x94\x76\xed\x9d\xc2\x51\xb5\x47\xaa\xad\x6e\x06\x5e\xb4\x28\xb8\x5f\x6e\xaf\x6f\x8e\x20\xc0\x24\x9a\x8d\x63\xcf\x9d\x63\xe9\x46\xf2\x4f\x64\x54\xc2\xbf\x80\x05\x67\xf0\x7c\x75\x31\x0f\x3c\x31\x46\xe8\x63\xd2\xba\x1d\xc3\x76\xb7\x66\x21\x6d\x1a\xa2\x17\x61\xe0\xda\xbc\xc3\x84\xdc\xe9\x27\xff\x34\x86\x11\x32\x07\x3a\x77\xd3\xb9\xf1\x81\x75\xdc\x52\x45\xa3\x94\x18\x63\x2f\xeb\x10\x57\xcf\x3a\xbe\xaa\x36\xba\x24\xc2\xf1\xfc\xcd\x79\xca\x14\xd0\x13\x63\x69\x56\xb3\x5e\xbd\xba\xcc\x04\x11\x3b\x4d\xd3\x95\xc9\x93\xf8\x01\xdb\xd0\x38\x1c\x8e\xd4\x07\x13\x8c\xab\x4e\x80\xa6\x8f\x7d\x44\x1e\x1e\x39\xf6\xd7\xfe\x37\x54\xef\x55\x86\x73\x6a\xa3\x39\x54\xe6\x7d\x6e\x77\xec\x71\x13\xe0\x8a\xc2\xde\xe4\x43\xd4\xce\x9f\x85\x15\x17\xfc\x78\xa6\x82\x09\x75\x5f\x39\xd6\x32\x1e\x84\x16\x4d\x47\xe9\xed\x58\x53\xeb\xe3\x07\x3a\x58\xc8\x20\x38\x9d\xff\xfd\x45\x8a\x88\x0b\xca\x5e\xbb\x0a\x93\x76\x2c\x24\xb7\x55\x28\x8a\x81\x9d\x70\xf7\xb5\xec\x29\x6f\x7d\xb8\x2d\x59\x22\xcc\x86\x94\x34\x7d\x59\x59\x60\x31\x65\xaf\xc1\xd5\x19\xf7\x2b\xc7\xf0\x2a\x5e\xf7\x1b\xe7\x7a\x23\xab\x8d\x73\x3d\x11\x8a\x20\x04\x60\xaa\x04\x90\xde\xd6\x79\xbd\xca\x98\x84\x18\x23\x24\xf8\x50\xdd\x88\xe0\x77\xe3\x47\x2d\x22\xd2\xb5\xc4\xb8\x47\xaf\x0d\xaa\xc1\x6d\xfc\x30\xf9\xf8\x1e\x7d\x87\xfd\x96\xed\xe1\x82\xb7\xb8\xfd\x73\x2e\xba\xe0\x67\x8c\xa2\xb8\xfb\x70\x4d\x91\x3f\x62\xa6\x63\xb3\x9b\x48\x07\xdc\xb4\xf8\xef\x43\x96\x10\x31\x6a\x9b\xe4\x9a\x21\x55\xbf\xfd\x57\x62\x8c\x7b\x16\x26\x41\x62\x49\xd0\xfc\x40\x56\x10\xb6\x38\x08\x23\x5f\x9d\xd5\x75\x97\x99\x97\x68\x71\x69\xb6\x88\x38\xde\xfb\x80\x97\xff\x5e\x1b\xf9\x94\x20\xa5\x65\xa0\x1c\x9f\x91\x89\x83\xa3\x11\x69\xcd\xcd\x1b\x4d\xcb\x2f\x45\xae\x44\x31\xcf\x39\x42\x22\x0c\xfa\x86\xef\x84\xf1\xe0\xd0\x13\x13\xfb\xaa\xe9\xe7\x88\x1e\x94\x04\xf4\xe4\x9a\xeb\x5a\x68\xd5\xe1\xac\x6e\x3f\xa1\x64\xf8\xc8\x1c\x74\x1c\x09\x88\xfd\x5a\xc0\xfc\xcf\xc0\x9a\xc0\xe5\x46\x9a\x7c\x30\xed\x33\xc0\x54\x2e\x2d\xb6\xfa\x69\x79\xb5\x08\xef\x3c\x4c\x87\x82\x91\x76\xc2\xb1\x88\xb2\xd7\x77\x9d\x7c\x96\xdf\xd0\x5b\x0b\x84\x8a\x78\x3f\xd6\x6a\x5f\x4e\xd4\x83\xa4\x8a\x71\x3f\x19\x8c\x79\x1c' | spicy-driver wg.spicy