wireshark/wsutil/wsgcrypt.h

/* wsgcrypt.h
 *
 * Wrapper around libgcrypt's include file gcrypt.h.
 * For libgcrypt 1.5.0, including gcrypt.h directly brings up lots of
 * compiler warnings about deprecated definitions.
 * Try to work around these warnings to ensure a clean build with -Werror.
 *
 * Wireshark - Network traffic analyzer
 * By Gerald Combs <gerald@wireshark.org>
 * Copyright 2007 Gerald Combs
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

#ifndef __WSGCRYPT_H__
#define __WSGCRYPT_H__

#include <ws_diag_control.h>
#include "ws_symbol_export.h"
#include <glib.h>

DIAG_OFF(deprecated-declarations)

#include <gcrypt.h>

DIAG_ON(deprecated-declarations)

#define HASH_MD5_LENGTH      16
#define HASH_SHA1_LENGTH     20
#define HASH_SHA2_224_LENGTH 28
#define HASH_SHA2_256_LENGTH 32
#define HASH_SHA2_384_LENGTH 48
#define HASH_SHA2_512_LENGTH 64

/* Convenience function to calculate the HMAC from the data in BUFFER
   of size LENGTH with key KEY of size KEYLEN using the algorithm ALGO avoiding the creating of a
   hash object. The hash is returned in the caller provided buffer
   DIGEST which must be large enough to hold the digest of the given
   algorithm. */
WS_DLL_PUBLIC gcry_error_t ws_hmac_buffer(int algo, void *digest, const void *buffer, size_t length, const void *key, size_t keylen);

/* Convenience function to encrypt 8 bytes in BUFFER with DES using the 56 bits KEY expanded to
   64 bits as key, encrypted data is returned in OUTPUT which must be at least 8 bytes large */
WS_DLL_PUBLIC void crypt_des_ecb(guint8 *output, const guint8 *buffer, const guint8 *key56);

/* Convenience function for RSA decryption. Returns decrypted length on success, 0 on failure */
WS_DLL_PUBLIC size_t rsa_decrypt_inplace(const guint len, guchar* data, gcry_sexp_t pk, gboolean pkcs1_padding, char **err);


#endif /* __WSGCRYPT_H__ */
add wsutil/wsgcrypt.h as a wrapper around libgcrypt's gcrypt.h (not used for now) svn path=/trunk/; revision=47801 2013-02-21 18:09:18 +00:00			`/* wsgcrypt.h`
			`*`
			`* Wrapper around libgcrypt's include file gcrypt.h.`
use pragma GCC diagnostic to work around gcrypt.h warnings distinguish between different gcc versions this should allow a clean build with libgcrypt 1.5.0 svn path=/trunk/; revision=47803 2013-02-21 18:40:48 +00:00			`* For libgcrypt 1.5.0, including gcrypt.h directly brings up lots of`
			`* compiler warnings about deprecated definitions.`
			`* Try to work around these warnings to ensure a clean build with -Werror.`
add wsutil/wsgcrypt.h as a wrapper around libgcrypt's gcrypt.h (not used for now) svn path=/trunk/; revision=47801 2013-02-21 18:09:18 +00:00			`*`
			`* Wireshark - Network traffic analyzer`
			`* By Gerald Combs <gerald@wireshark.org>`
			`* Copyright 2007 Gerald Combs`
Remove trailing whitespace Change-Id: I8116f63ff88687c8db3fd6e8e23b22ab2f759af0 Reviewed-on: https://code.wireshark.org/review/385 Reviewed-by: Bill Meier <wmeier@newsguy.com> Tested-by: Bill Meier <wmeier@newsguy.com> 2014-02-25 20:42:35 +00:00			`*`
replace SPDX identifier GPL-2.0+ with GPL-2.0-or-later. The first is deprecated, as per https://spdx.org/licenses/. Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed Reviewed-on: https://code.wireshark.org/review/25661 Petri-Dish: Anders Broman <a.broman58@gmail.com> Petri-Dish: Dario Lombardo <lomato@gmail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com> 2018-02-07 11:26:45 +00:00			`* SPDX-License-Identifier: GPL-2.0-or-later`
add wsutil/wsgcrypt.h as a wrapper around libgcrypt's gcrypt.h (not used for now) svn path=/trunk/; revision=47801 2013-02-21 18:09:18 +00:00			`*/`

			`#ifndef __WSGCRYPT_H__`
			`#define __WSGCRYPT_H__`

Include ws_diag_control.h in config.h Change-Id: Ia394071710ecda3b0e6686a51fbca45a8ff20317 Reviewed-on: https://code.wireshark.org/review/14749 Petri-Dish: João Valverde <j@v6e.pt> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: João Valverde <j@v6e.pt> 2016-03-14 19:03:11 +00:00			`#include <ws_diag_control.h>`
Rewrite dissectors to use Libgcrypt functions. As discussed on the mailinglist, rewriting dissectors to use Libgcrypt functions as Libgcrypt will be mandatory after change 20030. Removal of following functions: - crypt_md4 - crypt_rc4* - aes_cmac_encrypt_* - md5_* - sha1_* - sha256_* Further candidates: - aes_* - rijndael_* - ... Added functions: - ws_hmac_buffer Added const macros: - HASH_MD5_LENGTH - HASH_SHA1_LENGTH Changes on epan/crypt/* verified with captures from https://wiki.wireshark.org/HowToDecrypt802.11 Changes on packet-snmp.c and packet-radius.c verified with captures from https://wiki.wireshark.org/SampleCapture Changes on packet-tacacs.c verified with capture from http://ccie-in-3-months.blogspot.nl/2009/04/decoding-login-credentials-regardless.html Change-Id: Iea6ba2bf207cf0f1bf2117068fb1abcfeaafaa46 Link: https://www.wireshark.org/lists/wireshark-dev/201702/msg00011.html Reviewed-on: https://code.wireshark.org/review/20095 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl> 2017-02-13 18:31:26 +00:00			`#include "ws_symbol_export.h"`
Replace aes.c and des.c by Libgcrypt Follow-up of https://code.wireshark.org/review/20095 Rewritten functions: - crypt_des_ecb crypt_des_ecb verified against previous crypt_des_ecb implementation with 4294967295 random keys and input buffers from /dev/random as I cannot find a suitable pcap which uses DES Change-Id: I21ec2572451e0ded4299ffadd8dd687817bc6318 Reviewed-on: https://code.wireshark.org/review/20429 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl> 2017-03-06 21:01:39 +00:00			`#include <glib.h>`
Use pragma diagnostic also when compiling with clang. svn path=/trunk/; revision=48295 2013-03-14 08:42:51 +00:00
Use the <wsutil/ws_diag_control.h> stuff to disable -Wdeprecated-declarations. Change-Id: I4b1fcbf5b25f2515d45015c9e1c4a94d6cfbc79c Reviewed-on: https://code.wireshark.org/review/3883 Reviewed-by: Guy Harris <guy@alum.mit.edu> 2014-08-27 21:56:29 +00:00			`DIAG_OFF(deprecated-declarations)`
use pragma GCC diagnostic to work around gcrypt.h warnings distinguish between different gcc versions this should allow a clean build with libgcrypt 1.5.0 svn path=/trunk/; revision=47803 2013-02-21 18:40:48 +00:00
			`#include <gcrypt.h>`
add wsutil/wsgcrypt.h as a wrapper around libgcrypt's gcrypt.h (not used for now) svn path=/trunk/; revision=47801 2013-02-21 18:09:18 +00:00
Use the <wsutil/ws_diag_control.h> stuff to disable -Wdeprecated-declarations. Change-Id: I4b1fcbf5b25f2515d45015c9e1c4a94d6cfbc79c Reviewed-on: https://code.wireshark.org/review/3883 Reviewed-by: Guy Harris <guy@alum.mit.edu> 2014-08-27 21:56:29 +00:00			`DIAG_ON(deprecated-declarations)`
Use pragma diagnostic also when compiling with clang. svn path=/trunk/; revision=48295 2013-03-14 08:42:51 +00:00
SNMP: add support for USM SHA-2 algorithms (RFC 7860) Generlize the USM handling and add support for HMAC-SHA-2 authentication protocols. Change-Id: I7cca2f24db61620423fded078c680322aff86400 Reviewed-on: https://code.wireshark.org/review/22846 Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com> 2017-07-30 14:07:43 +00:00			`#define HASH_MD5_LENGTH 16`
			`#define HASH_SHA1_LENGTH 20`
			`#define HASH_SHA2_224_LENGTH 28`
			`#define HASH_SHA2_256_LENGTH 32`
			`#define HASH_SHA2_384_LENGTH 48`
			`#define HASH_SHA2_512_LENGTH 64`
Rewrite dissectors to use Libgcrypt functions. As discussed on the mailinglist, rewriting dissectors to use Libgcrypt functions as Libgcrypt will be mandatory after change 20030. Removal of following functions: - crypt_md4 - crypt_rc4* - aes_cmac_encrypt_* - md5_* - sha1_* - sha256_* Further candidates: - aes_* - rijndael_* - ... Added functions: - ws_hmac_buffer Added const macros: - HASH_MD5_LENGTH - HASH_SHA1_LENGTH Changes on epan/crypt/* verified with captures from https://wiki.wireshark.org/HowToDecrypt802.11 Changes on packet-snmp.c and packet-radius.c verified with captures from https://wiki.wireshark.org/SampleCapture Changes on packet-tacacs.c verified with capture from http://ccie-in-3-months.blogspot.nl/2009/04/decoding-login-credentials-regardless.html Change-Id: Iea6ba2bf207cf0f1bf2117068fb1abcfeaafaa46 Link: https://www.wireshark.org/lists/wireshark-dev/201702/msg00011.html Reviewed-on: https://code.wireshark.org/review/20095 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl> 2017-02-13 18:31:26 +00:00
			`/* Convenience function to calculate the HMAC from the data in BUFFER`
			`of size LENGTH with key KEY of size KEYLEN using the algorithm ALGO avoiding the creating of a`
			`hash object. The hash is returned in the caller provided buffer`
			`DIGEST which must be large enough to hold the digest of the given`
			`algorithm. */`
			`WS_DLL_PUBLIC gcry_error_t ws_hmac_buffer(int algo, void digest, const void buffer, size_t length, const void *key, size_t keylen);`

Replace aes.c and des.c by Libgcrypt Follow-up of https://code.wireshark.org/review/20095 Rewritten functions: - crypt_des_ecb crypt_des_ecb verified against previous crypt_des_ecb implementation with 4294967295 random keys and input buffers from /dev/random as I cannot find a suitable pcap which uses DES Change-Id: I21ec2572451e0ded4299ffadd8dd687817bc6318 Reviewed-on: https://code.wireshark.org/review/20429 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl> 2017-03-06 21:01:39 +00:00			`/* Convenience function to encrypt 8 bytes in BUFFER with DES using the 56 bits KEY expanded to`
			`64 bits as key, encrypted data is returned in OUTPUT which must be at least 8 bytes large */`
			`WS_DLL_PUBLIC void crypt_des_ecb(guint8 output, const guint8 buffer, const guint8 *key56);`

Move RSA key loading and decryption functions to wsutil Loading PEM and PKCS#11 keys was being done in static functions in packet-ssl-utils.c. These were moved to wsutil, with prototypes in a new <wsutil/rsa.h> header. This adds gnutls as optional dependency to wsutil. The RSA decryption helper was also moved and is now provided in <wsutil/wsgcrypt.h>. This allows more dissectors to access this functionality. Change-Id: I6cfbbf5203f2881c82bad721747834ccd76e2033 Reviewed-on: https://code.wireshark.org/review/21941 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net> 2017-04-26 05:33:25 +00:00			`/* Convenience function for RSA decryption. Returns decrypted length on success, 0 on failure */`
			`WS_DLL_PUBLIC size_t rsa_decrypt_inplace(const guint len, guchar* data, gcry_sexp_t pk, gboolean pkcs1_padding, char **err);`


add wsutil/wsgcrypt.h as a wrapper around libgcrypt's gcrypt.h (not used for now) svn path=/trunk/; revision=47801 2013-02-21 18:09:18 +00:00			`#endif /* __WSGCRYPT_H__ */`