forked from osmocom/wireshark
libgcrypt: Remove HAVE_GCRYPT_AEAD , _CHACHA20
Libgcrypt 1.8.0 is required now, so these are always defined.
This commit is contained in:
parent
d87b9ca731
commit
45da161430
|
@ -45,7 +45,6 @@ static int hf_http3_priority_update_element_id = -1;
|
|||
static int hf_http3_priority_update_field_value = -1;
|
||||
|
||||
static expert_field ei_http3_unknown_stream_type = EI_INIT;
|
||||
static expert_field ei_http3_data_not_decoded = EI_INIT;
|
||||
|
||||
/* Initialize the subtree pointers */
|
||||
static gint ett_http3 = -1;
|
||||
|
@ -134,7 +133,6 @@ typedef struct _http3_stream_info {
|
|||
guint64 broken_from_offset; /**< Unrecognized stream starting at offset (if non-zero). */
|
||||
} http3_stream_info;
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
/**
|
||||
* Whether this is a reserved code point for Stream Type, Frame Type, Error
|
||||
* Code, etc.
|
||||
|
@ -144,7 +142,6 @@ http3_is_reserved_code(guint64 stream_type)
|
|||
{
|
||||
return (stream_type - 0x21) % 0x1f == 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
static gboolean
|
||||
try_get_quic_varint(tvbuff_t *tvb, int offset, guint64 *value, int *lenvar)
|
||||
|
@ -202,7 +199,6 @@ http3_check_frame_size(tvbuff_t *tvb, packet_info *pinfo, int offset)
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
/* Settings */
|
||||
static int
|
||||
dissect_http3_settings(tvbuff_t* tvb, packet_info* pinfo _U_, proto_tree* http3_tree, guint offset)
|
||||
|
@ -378,7 +374,6 @@ dissect_http3_uni_stream(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, in
|
|||
|
||||
return offset;
|
||||
}
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
|
||||
static int
|
||||
dissect_http3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
|
||||
|
@ -387,9 +382,7 @@ dissect_http3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
|
|||
proto_item *ti;
|
||||
proto_tree *http3_tree;
|
||||
int offset = 0;
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
http3_stream_info *h3_stream;
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
|
||||
if (!stream_info) {
|
||||
return 0;
|
||||
|
@ -420,7 +413,6 @@ dissect_http3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
|
|||
ti = proto_tree_add_item(tree, proto_http3, tvb, 0, -1, ENC_NA);
|
||||
http3_tree = proto_item_add_subtree(ti, ett_http3);
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
h3_stream = (http3_stream_info *)quic_stream_get_proto_data(pinfo, stream_info);
|
||||
if (!h3_stream) {
|
||||
h3_stream = wmem_new0(wmem_file_scope(), http3_stream_info);
|
||||
|
@ -456,10 +448,6 @@ dissect_http3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
|
|||
}
|
||||
offset = dissect_http3_frame(tvb, pinfo, http3_tree, offset);
|
||||
}
|
||||
#else
|
||||
proto_tree_add_expert_format(http3_tree, pinfo, &ei_http3_data_not_decoded, tvb, offset, 0,
|
||||
"Data not decoded, missing LIBGCRYPT AEAD support");
|
||||
#endif
|
||||
|
||||
return tvb_captured_length(tvb);
|
||||
}
|
||||
|
@ -557,10 +545,6 @@ proto_register_http3(void)
|
|||
{ "http3.unknown_stream_type", PI_UNDECODED, PI_WARN,
|
||||
"An unknown stream type was encountered", EXPFILL }
|
||||
},
|
||||
{ &ei_http3_data_not_decoded,
|
||||
{ "http3.data_not_decoded", PI_UNDECODED, PI_WARN,
|
||||
"Data not decoded", EXPFILL }
|
||||
},
|
||||
};
|
||||
|
||||
proto_http3 = proto_register_protocol("Hypertext Transfer Protocol Version 3", "HTTP3", "http3");
|
||||
|
|
|
@ -1765,12 +1765,8 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|||
esp_salt_len = 4;
|
||||
esp_encr_key_len -= esp_salt_len;
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
crypt_mode_libgcrypt =
|
||||
(esp_encr_algo == IPSEC_ENCRYPT_AES_CTR) ? GCRY_CIPHER_MODE_CTR : GCRY_CIPHER_MODE_GCM;
|
||||
#else
|
||||
crypt_mode_libgcrypt = GCRY_CIPHER_MODE_CTR;
|
||||
#endif
|
||||
switch(esp_encr_key_len * 8)
|
||||
{
|
||||
case 128:
|
||||
|
@ -2020,7 +2016,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|||
}
|
||||
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
if (g_esp_enable_authentication_check && icv_type == ICV_TYPE_AEAD) {
|
||||
/* Allocate buffer for ICV */
|
||||
esp_icv = (guint8 *)tvb_memdup(wmem_packet_scope(), tvb, esp_packet_len - esp_icv_len, esp_icv_len);
|
||||
|
@ -2033,7 +2028,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|||
gcry_cipher_algo_name(crypt_algo_libgcrypt), crypt_mode_libgcrypt, gcry_strerror(err));
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!err)
|
||||
{
|
||||
|
@ -2052,7 +2046,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|||
/* Decryption has finished */
|
||||
decrypt_ok = TRUE;
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
if (g_esp_enable_authentication_check && icv_type == ICV_TYPE_AEAD) {
|
||||
guchar *esp_icv_computed;
|
||||
gint tag_len;
|
||||
|
@ -2081,7 +2074,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|||
esp_icv_expected = bytes_to_str(wmem_packet_scope(), esp_icv_computed, esp_icv_len);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1905,7 +1905,6 @@ static ikev2_encr_alg_spec_t ikev2_encr_algs[] = {
|
|||
{IKEV2_ENCR_AES_CTR_192, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 0},
|
||||
{IKEV2_ENCR_AES_CTR_256, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 0},
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
/* GCM algorithms: key length: aes-length + 4 bytes of IV (salt), iv - 8 bytes */
|
||||
{IKEV2_ENCR_AES_GCM_128_16, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, 4, 16},
|
||||
{IKEV2_ENCR_AES_GCM_192_16, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_GCM, 4, 16},
|
||||
|
@ -1931,36 +1930,6 @@ static ikev2_encr_alg_spec_t ikev2_encr_algs[] = {
|
|||
{IKEV2_ENCR_AES_CCM_128_12, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, 3, 12},
|
||||
{IKEV2_ENCR_AES_CCM_192_12, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CCM, 3, 12},
|
||||
{IKEV2_ENCR_AES_CCM_256_12, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, 3, 12},
|
||||
#else
|
||||
/* decrypt using plain ctr mode - special handling for GCM mode of counter initial value 2 inside dis_enc()*/
|
||||
/* GCM algorithms: key length: aes-length + 4 bytes of IV (salt), iv - 8 bytes */
|
||||
{IKEV2_ENCR_AES_GCM_128_16, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 4, 16},
|
||||
{IKEV2_ENCR_AES_GCM_192_16, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 16},
|
||||
{IKEV2_ENCR_AES_GCM_256_16, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 16},
|
||||
|
||||
{IKEV2_ENCR_AES_GCM_128_8, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 4, 8},
|
||||
{IKEV2_ENCR_AES_GCM_192_8, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 8},
|
||||
{IKEV2_ENCR_AES_GCM_256_8, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 8},
|
||||
|
||||
{IKEV2_ENCR_AES_GCM_128_12, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 4, 12},
|
||||
{IKEV2_ENCR_AES_GCM_192_12, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 12},
|
||||
{IKEV2_ENCR_AES_GCM_256_12, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 12},
|
||||
|
||||
/* CCM algorithms: key length: aes-length + 3 bytes of salt, iv - 8 bytes.
|
||||
* Special handling of setting first byte of iv to length of 14 - noncelen inside dis_enc() */
|
||||
{IKEV2_ENCR_AES_CCM_128_16, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 3, 16},
|
||||
{IKEV2_ENCR_AES_CCM_192_16, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 3, 16},
|
||||
{IKEV2_ENCR_AES_CCM_256_16, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 3, 16},
|
||||
|
||||
{IKEV2_ENCR_AES_CCM_128_8, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 3, 8},
|
||||
{IKEV2_ENCR_AES_CCM_192_8, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 3, 8},
|
||||
{IKEV2_ENCR_AES_CCM_256_8, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 3, 8},
|
||||
|
||||
{IKEV2_ENCR_AES_CCM_128_12, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 3, 12},
|
||||
{IKEV2_ENCR_AES_CCM_192_12, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 3, 12},
|
||||
{IKEV2_ENCR_AES_CCM_256_12, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 3, 12},
|
||||
|
||||
#endif
|
||||
|
||||
{0, 0, 0, 0, 0, 0, 0, 0}
|
||||
};
|
||||
|
@ -5847,10 +5816,8 @@ dissect_enc(tvbuff_t *tvb,
|
|||
tvbuff_t *decr_tvb = NULL;
|
||||
gint payloads_len;
|
||||
proto_tree *decr_tree = NULL, *decr_payloads_tree = NULL;
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
guchar *aa_data = NULL, *icv_data = NULL;
|
||||
gint aad_len = 0;
|
||||
#endif
|
||||
|
||||
if (decr_info) {
|
||||
/* Need decryption details to know field lengths. */
|
||||
|
@ -5915,7 +5882,6 @@ dissect_enc(tvbuff_t *tvb,
|
|||
/*
|
||||
* Recalculate ICD value if the specified authentication algorithm allows it.
|
||||
*/
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
if (icv_len) {
|
||||
/* For GCM/CCM algorithms ICD is computed during decryption.
|
||||
Must save offset and length of authenticated additional data (whole ISAKMP header
|
||||
|
@ -5924,7 +5890,6 @@ dissect_enc(tvbuff_t *tvb,
|
|||
aa_data = (guchar *)tvb_memdup(pinfo->pool, tvb, 0, aad_len);
|
||||
icv_data = (guchar *)tvb_memdup(pinfo->pool, tvb, offset, icv_len);
|
||||
} else
|
||||
#endif
|
||||
if (key_info->auth_spec->gcry_alg) {
|
||||
proto_item_append_text(icd_item, " <%s>", val_to_str(key_info->auth_spec->number, vs_ikev2_auth_algs, "Unknown mac algo: %d"));
|
||||
err = gcry_md_open(&md_hd, key_info->auth_spec->gcry_alg, key_info->auth_spec->gcry_flag);
|
||||
|
@ -6036,7 +6001,6 @@ dissect_enc(tvbuff_t *tvb,
|
|||
key_info->encr_spec->gcry_alg, encr_iv_len, gcry_strerror(err));
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CCM) {
|
||||
guint64 ccm_lengths[3];
|
||||
ccm_lengths[0] = encr_data_len;
|
||||
|
@ -6059,7 +6023,6 @@ dissect_enc(tvbuff_t *tvb,
|
|||
key_info->encr_spec->gcry_alg, gcry_strerror(err));
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
err = gcry_cipher_decrypt(cipher_hd, decr_data, decr_data_len, encr_data, encr_data_len);
|
||||
if (err) {
|
||||
|
@ -6068,7 +6031,6 @@ dissect_enc(tvbuff_t *tvb,
|
|||
key_info->encr_spec->gcry_alg, gcry_strerror(err));
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
if (icv_len) {
|
||||
/* gcry_cipher_checktag() doesn't work on 1.6.x version well - requires all of 16 bytes
|
||||
* of ICV, so it won't work with 12 and 8 bytes of ICV.
|
||||
|
@ -6113,7 +6075,6 @@ dissect_enc(tvbuff_t *tvb,
|
|||
expert_add_info(pinfo, icd_item, &ei_isakmp_ikev2_integrity_checksum);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
gcry_cipher_close(cipher_hd);
|
||||
}
|
||||
|
|
|
@ -220,7 +220,6 @@ static dissector_handle_t tls13_handshake_handle;
|
|||
|
||||
static dissector_table_t quic_proto_dissector_table;
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
/* Fields for showing reassembly results for fragments of QUIC stream data. */
|
||||
static const fragment_items quic_stream_fragment_items = {
|
||||
&ett_quic_fragment,
|
||||
|
@ -238,7 +237,6 @@ static const fragment_items quic_stream_fragment_items = {
|
|||
&hf_quic_reassembled_data,
|
||||
"Fragments"
|
||||
};
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
|
||||
/*
|
||||
* PROTECTED PAYLOAD DECRYPTION (done in first pass)
|
||||
|
@ -743,10 +741,8 @@ quic_get_long_packet_type(guint8 first_byte, guint32 version)
|
|||
}
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
static void
|
||||
quic_streams_add(packet_info *pinfo, quic_info_data_t *quic_info, guint64 stream_id);
|
||||
#endif
|
||||
|
||||
static void
|
||||
quic_hp_cipher_reset(quic_hp_cipher *hp_cipher)
|
||||
|
@ -767,7 +763,6 @@ quic_ciphers_reset(quic_ciphers *ciphers)
|
|||
quic_pp_cipher_reset(&ciphers->pp_cipher);
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
static gboolean
|
||||
quic_is_hp_cipher_initialized(quic_hp_cipher *hp_cipher)
|
||||
{
|
||||
|
@ -833,7 +828,6 @@ quic_decrypt_header(tvbuff_t *tvb, guint pn_offset, quic_hp_cipher *hp_cipher, i
|
|||
}
|
||||
memcpy(mask, sample, sizeof(mask));
|
||||
break;
|
||||
#ifdef HAVE_LIBGCRYPT_CHACHA20
|
||||
case GCRY_CIPHER_CHACHA20:
|
||||
/* If Gcrypt receives a 16 byte IV, it will assume the buffer to be
|
||||
* counter || nonce (in little endian), as desired. */
|
||||
|
@ -845,7 +839,6 @@ quic_decrypt_header(tvbuff_t *tvb, guint pn_offset, quic_hp_cipher *hp_cipher, i
|
|||
return FALSE;
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_LIBGCRYPT_CHACHA20 */
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -918,7 +911,6 @@ quic_set_full_packet_number(quic_info_data_t *quic_info, quic_packet_info_t *qui
|
|||
quic_packet->pkn_len = pkn_len;
|
||||
quic_packet->packet_number = pkn_full;
|
||||
}
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
|
||||
static const char *
|
||||
cid_to_string(const quic_cid_t *cid)
|
||||
|
@ -1167,7 +1159,6 @@ quic_connection_update_initial(quic_info_data_t *conn, const quic_cid_t *scid, c
|
|||
}
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
/**
|
||||
* Use the new CID as additional identifier for the specified connection and
|
||||
* remember it for connection tracking.
|
||||
|
@ -1192,7 +1183,6 @@ quic_connection_add_cid(quic_info_data_t *conn, const quic_cid_t *new_cid, gbool
|
|||
|
||||
quic_cids_insert(&new_item->data, conn, from_server);
|
||||
}
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
|
||||
/** Create or update a connection. */
|
||||
static void
|
||||
|
@ -1270,7 +1260,6 @@ quic_connection_destroy(gpointer data, gpointer user_data _U_)
|
|||
/* QUIC Streams tracking and reassembly. {{{ */
|
||||
static reassembly_table quic_reassembly_table;
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
/** Perform sequence analysis for STREAM frames. */
|
||||
static quic_stream_state *
|
||||
quic_get_stream_state(packet_info *pinfo, quic_info_data_t *quic_info, gboolean from_server, guint64 stream_id)
|
||||
|
@ -2523,11 +2512,9 @@ quic_get_pn_cipher_algo(int cipher_algo, int *hp_cipher_mode)
|
|||
case GCRY_CIPHER_AES256:
|
||||
*hp_cipher_mode = GCRY_CIPHER_MODE_ECB;
|
||||
return TRUE;
|
||||
#ifdef HAVE_LIBGCRYPT_CHACHA20
|
||||
case GCRY_CIPHER_CHACHA20:
|
||||
*hp_cipher_mode = GCRY_CIPHER_MODE_STREAM;
|
||||
return TRUE;
|
||||
#endif /* HAVE_LIBGCRYPT_CHACHA20 */
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -2660,13 +2647,7 @@ quic_create_decoders(packet_info *pinfo, quic_info_data_t *quic_info, quic_ciphe
|
|||
{
|
||||
if (!quic_info->hash_algo) {
|
||||
if (!tls_get_cipher_info(pinfo, 0, &quic_info->cipher_algo, &quic_info->cipher_mode, &quic_info->hash_algo)) {
|
||||
#ifndef HAVE_LIBGCRYPT_CHACHA20
|
||||
/* If this stream uses the ChaCha20-Poly1305 cipher, Libgcrypt 1.7.0
|
||||
* or newer is required. */
|
||||
*error = "Unable to retrieve cipher information; try upgrading Libgcrypt >= 1.7.0";
|
||||
#else
|
||||
*error = "Unable to retrieve cipher information";
|
||||
#endif
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
@ -3023,22 +3004,16 @@ quic_verify_retry_token(tvbuff_t *tvb, quic_packet_info_t *quic_packet, const qu
|
|||
}
|
||||
gcry_cipher_close(h);
|
||||
}
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
|
||||
void
|
||||
quic_add_connection(packet_info *pinfo, const quic_cid_t *cid)
|
||||
{
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
quic_datagram *dgram_info;
|
||||
|
||||
dgram_info = (quic_datagram *)p_get_proto_data(wmem_file_scope(), pinfo, proto_quic, 0);
|
||||
if (dgram_info && dgram_info->conn) {
|
||||
quic_connection_add_cid(dgram_info->conn, cid, dgram_info->from_server);
|
||||
}
|
||||
#else
|
||||
(void)pinfo;
|
||||
(void)cid;
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -3181,7 +3156,6 @@ dissect_quic_retry_packet(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
|
|||
// Verify the Retry Integrity Tag according to
|
||||
// https://tools.ietf.org/html/draft-ietf-quic-tls-25#section-5.8
|
||||
ti = proto_tree_add_item(quic_tree, hf_quic_retry_integrity_tag, tvb, offset, 16, ENC_NA);
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
if (!PINFO_FD_VISITED(pinfo) && odcid) {
|
||||
// Skip validation if the Initial Packet is unknown, for example due
|
||||
// to packet loss in the capture file.
|
||||
|
@ -3195,11 +3169,6 @@ dissect_quic_retry_packet(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
|
|||
} else {
|
||||
proto_item_append_text(ti, " [verified]");
|
||||
}
|
||||
#else
|
||||
(void)odcid;
|
||||
expert_add_info_format(pinfo, ti, &ei_quic_bad_retry,
|
||||
"Libgcrypt >= 1.6.0 is required for Retry Packet verification");
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
offset += 16;
|
||||
}
|
||||
|
||||
|
@ -3220,14 +3189,11 @@ dissect_quic_long_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tre
|
|||
guint64 payload_length;
|
||||
guint8 first_byte = 0;
|
||||
quic_info_data_t *conn = dgram_info->conn;
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
const gboolean from_server = dgram_info->from_server;
|
||||
quic_ciphers *ciphers = NULL;
|
||||
proto_item *ti;
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
|
||||
quic_extract_header(tvb, &long_packet_type, &version, &dcid, &scid);
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
if (conn) {
|
||||
if (long_packet_type == QUIC_LPT_INITIAL) {
|
||||
ciphers = !from_server ? &conn->client_initial_ciphers : &conn->server_initial_ciphers;
|
||||
|
@ -3306,7 +3272,6 @@ dissect_quic_long_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tre
|
|||
} else if (conn && quic_packet->pkn_len) {
|
||||
first_byte = quic_packet->first_byte;
|
||||
}
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
|
||||
proto_tree_add_item(quic_tree, hf_quic_fixed_bit, tvb, offset, 1, ENC_NA);
|
||||
if (is_quic_v2(version)) {
|
||||
|
@ -3343,12 +3308,8 @@ dissect_quic_long_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tre
|
|||
return offset;
|
||||
}
|
||||
if (!conn || quic_packet->pkn_len == 0) {
|
||||
#ifndef HAVE_LIBGCRYPT_AEAD
|
||||
expert_add_info_format(pinfo, quic_tree, &ei_quic_decryption_failed, "Libgcrypt >= 1.6.0 is required for QUIC decryption");
|
||||
#else
|
||||
// if not part of a connection, the full PKN cannot be reconstructed.
|
||||
expert_add_info_format(pinfo, quic_tree, &ei_quic_decryption_failed, "Failed to decrypt packet number");
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
@ -3357,13 +3318,8 @@ dissect_quic_long_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tre
|
|||
col_append_fstr(pinfo->cinfo, COL_INFO, ", PKN: %" PRIu64, quic_packet->packet_number);
|
||||
|
||||
/* Payload */
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
ti = proto_tree_add_item(quic_tree, hf_quic_payload, tvb, offset, -1, ENC_NA);
|
||||
#else
|
||||
proto_tree_add_item(quic_tree, hf_quic_payload, tvb, offset, -1, ENC_NA);
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
if (conn) {
|
||||
quic_process_payload(tvb, pinfo, quic_tree, ti, offset,
|
||||
conn, quic_packet, from_server, &ciphers->pp_cipher, first_byte, quic_packet->pkn_len);
|
||||
|
@ -3372,7 +3328,6 @@ dissect_quic_long_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tre
|
|||
// Packet number is verified to be valid, remember it.
|
||||
*quic_max_packet_number(conn, from_server, first_byte) = quic_packet->packet_number;
|
||||
}
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
offset += tvb_reported_length_remaining(tvb, offset);
|
||||
|
||||
return offset;
|
||||
|
@ -3397,10 +3352,8 @@ dissect_quic_short_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
|
|||
quic_cid_t dcid = {.len=0};
|
||||
guint8 first_byte = 0;
|
||||
gboolean key_phase = FALSE;
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
proto_item *ti;
|
||||
quic_pp_cipher *pp_cipher = NULL;
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
quic_info_data_t *conn = dgram_info->conn;
|
||||
const gboolean from_server = dgram_info->from_server;
|
||||
gboolean loss_bits_negotiated = FALSE;
|
||||
|
@ -3413,7 +3366,6 @@ dissect_quic_short_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
|
|||
dcid.len = from_server ? conn->client_cids.data.len : conn->server_cids.data.len;
|
||||
loss_bits_negotiated = quic_loss_bits_negotiated(conn, from_server);
|
||||
}
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
if (!PINFO_FD_VISITED(pinfo) && conn) {
|
||||
const gchar *error = NULL;
|
||||
guint32 pkn32 = 0;
|
||||
|
@ -3428,7 +3380,6 @@ dissect_quic_short_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
|
|||
} else if (conn && quic_packet->pkn_len) {
|
||||
first_byte = quic_packet->first_byte;
|
||||
}
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
proto_tree_add_item(hdr_tree, hf_quic_fixed_bit, tvb, offset, 1, ENC_NA);
|
||||
proto_tree_add_item(hdr_tree, hf_quic_spin_bit, tvb, offset, 1, ENC_NA);
|
||||
/* Q and L bits are not protected by HP cipher */
|
||||
|
@ -3460,11 +3411,9 @@ dissect_quic_short_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
|
|||
proto_item_append_text(pi, " DCID=%s", dcid_str);
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
if (!PINFO_FD_VISITED(pinfo) && conn) {
|
||||
pp_cipher = quic_get_pp_cipher(key_phase, conn, from_server);
|
||||
}
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
|
||||
if (quic_packet->decryption.error) {
|
||||
expert_add_info_format(pinfo, quic_tree, &ei_quic_decryption_failed,
|
||||
|
@ -3482,13 +3431,8 @@ dissect_quic_short_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
|
|||
proto_item_append_text(pi, " PKN=%" PRIu64, quic_packet->packet_number);
|
||||
|
||||
/* Protected Payload */
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
ti = proto_tree_add_item(hdr_tree, hf_quic_protected_payload, tvb, offset, -1, ENC_NA);
|
||||
#else
|
||||
proto_tree_add_item(hdr_tree, hf_quic_protected_payload, tvb, offset, -1, ENC_NA);
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
if (conn) {
|
||||
quic_process_payload(tvb, pinfo, quic_tree, ti, offset,
|
||||
conn, quic_packet, from_server, pp_cipher, first_byte, quic_packet->pkn_len);
|
||||
|
@ -3497,7 +3441,6 @@ dissect_quic_short_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
|
|||
*quic_max_packet_number(conn, from_server, first_byte) = quic_packet->packet_number;
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
offset += tvb_reported_length_remaining(tvb, offset);
|
||||
|
||||
return offset;
|
||||
|
@ -3910,7 +3853,6 @@ quic_cleanup(void)
|
|||
}
|
||||
|
||||
/* Follow QUIC Stream functionality {{{ */
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
static void
|
||||
quic_streams_add(packet_info *pinfo, quic_info_data_t *quic_info, guint64 stream_id)
|
||||
{
|
||||
|
@ -3936,7 +3878,6 @@ quic_streams_add(packet_info *pinfo, quic_info_data_t *quic_info, guint64 stream
|
|||
wmem_map_insert(quic_info->streams_map, GUINT_TO_POINTER(stream->num), stream);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
static quic_info_data_t *
|
||||
get_conn_by_number(guint conn_number)
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
#include "ws_symbol_export.h"
|
||||
|
||||
#include <wsutil/wsgcrypt.h> /* needed to define HAVE_LIBGCRYPT_AEAD */
|
||||
#include <wsutil/wsgcrypt.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
@ -53,10 +53,8 @@ typedef struct quic_cid {
|
|||
|
||||
/** Set/Get protocol-specific data for the QUIC STREAM. */
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
void quic_stream_add_proto_data(struct _packet_info *pinfo, quic_stream_info *stream_info, void *proto_data);
|
||||
void *quic_stream_get_proto_data(struct _packet_info *pinfo, quic_stream_info *stream_info);
|
||||
#endif /* HAVE_LIBGCRYPT_AEAD */
|
||||
|
||||
/** Returns the number of items for quic.connection.number. */
|
||||
WS_DLL_PUBLIC guint32 get_quic_connections_count(void);
|
||||
|
|
|
@ -2883,20 +2883,10 @@ ssl_cipher_init(gcry_cipher_hd_t *cipher, gint algo, guchar* sk,
|
|||
gint gcry_modes[] = {
|
||||
GCRY_CIPHER_MODE_STREAM,
|
||||
GCRY_CIPHER_MODE_CBC,
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
GCRY_CIPHER_MODE_GCM,
|
||||
GCRY_CIPHER_MODE_CCM,
|
||||
GCRY_CIPHER_MODE_CCM,
|
||||
#else
|
||||
GCRY_CIPHER_MODE_CTR,
|
||||
GCRY_CIPHER_MODE_CTR,
|
||||
GCRY_CIPHER_MODE_CTR,
|
||||
#endif
|
||||
#ifdef HAVE_LIBGCRYPT_CHACHA20_POLY1305
|
||||
GCRY_CIPHER_MODE_POLY1305,
|
||||
#else
|
||||
-1, /* AEAD_CHACHA20_POLY1305 is unsupported. */
|
||||
#endif
|
||||
};
|
||||
gint err;
|
||||
if (algo == -1) {
|
||||
|
@ -4778,22 +4768,10 @@ dtls_check_mac(SslDecoder*decoder, gint ct,int ver, guint8* data,
|
|||
|
||||
static gboolean
|
||||
tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
guint8 ct, guint16 record_version,
|
||||
#else
|
||||
guint8 ct _U_, guint16 record_version _U_,
|
||||
#endif
|
||||
gboolean ignore_mac_failed
|
||||
#ifndef HAVE_LIBGCRYPT_AEAD
|
||||
_U_
|
||||
#endif
|
||||
,
|
||||
gboolean ignore_mac_failed,
|
||||
const guchar *in, guint16 inl,
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
const guchar *cid, guint8 cidl,
|
||||
#else
|
||||
const guchar *cid _U_, guint8 cidl _U_,
|
||||
#endif
|
||||
StringInfo *out_str, guint *outl)
|
||||
{
|
||||
/* RFC 5246 (TLS 1.2) 6.2.3.3 defines the TLSCipherText.fragment as:
|
||||
|
@ -4809,16 +4787,12 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
|
|||
guint ciphertext_len, auth_tag_len;
|
||||
guchar nonce[12];
|
||||
const ssl_cipher_mode_t cipher_mode = decoder->cipher_suite->mode;
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
const gboolean is_cid = ct == SSL_ID_TLS12_CID && version == DTLSV1DOT2_VERSION;
|
||||
const guint8 draft_version = ssl->session.tls13_draft_version;
|
||||
const guchar *auth_tag_wire;
|
||||
guchar auth_tag_calc[16];
|
||||
guchar *aad = NULL;
|
||||
guint aad_len = 0;
|
||||
#else
|
||||
guchar nonce_with_counter[16] = { 0 };
|
||||
#endif
|
||||
|
||||
switch (cipher_mode) {
|
||||
case MODE_GCM:
|
||||
|
@ -4855,9 +4829,7 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
|
|||
ssl_debug_printf("%s Unexpected TLS version %#x\n", G_STRFUNC, version);
|
||||
return FALSE;
|
||||
}
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
auth_tag_wire = ciphertext + ciphertext_len;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Nonce construction is version-specific. Note that AEAD_CHACHA20_POLY1305
|
||||
|
@ -4869,25 +4841,6 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
|
|||
memcpy(nonce, decoder->write_iv.data, IMPLICIT_NONCE_LEN);
|
||||
memcpy(nonce + IMPLICIT_NONCE_LEN, explicit_nonce, EXPLICIT_NONCE_LEN);
|
||||
|
||||
#ifndef HAVE_LIBGCRYPT_AEAD
|
||||
if (cipher_mode == MODE_GCM) {
|
||||
/* NIST SP 800-38D, sect. 7.2 says that the 32-bit counter part starts
|
||||
* at 1, and gets incremented before passing to the block cipher. */
|
||||
memcpy(nonce_with_counter, nonce, IMPLICIT_NONCE_LEN + EXPLICIT_NONCE_LEN);
|
||||
nonce_with_counter[IMPLICIT_NONCE_LEN + EXPLICIT_NONCE_LEN + 3] = 2;
|
||||
} else if (cipher_mode == MODE_CCM || cipher_mode == MODE_CCM_8) {
|
||||
/* The nonce for CCM and GCM are the same, but the nonce is used as input
|
||||
* in the CCM algorithm described in RFC 3610. The nonce generated here is
|
||||
* the one from RFC 3610 sect 2.3. Encryption. */
|
||||
/* Flags: (L-1) ; L = 16 - 1 - nonceSize */
|
||||
nonce_with_counter[0] = 3 - 1;
|
||||
memcpy(nonce_with_counter + 1, nonce, IMPLICIT_NONCE_LEN + EXPLICIT_NONCE_LEN);
|
||||
/* struct { opaque salt[4]; opaque nonce_explicit[8] } CCMNonce (RFC 6655) */
|
||||
nonce_with_counter[IMPLICIT_NONCE_LEN + EXPLICIT_NONCE_LEN + 3] = 1;
|
||||
} else {
|
||||
ws_assert_not_reached();
|
||||
}
|
||||
#endif
|
||||
} else if (version == TLSV1DOT3_VERSION || cipher_mode == MODE_POLY1305) {
|
||||
/*
|
||||
* Technically the nonce length must be at least 8 bytes, but for
|
||||
|
@ -4902,7 +4855,6 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
|
|||
}
|
||||
|
||||
/* Set nonce and additional authentication data */
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
gcry_cipher_reset(decoder->evp);
|
||||
ssl_print_data("nonce", nonce, 12);
|
||||
err = gcry_cipher_setiv(decoder->evp, nonce, 12);
|
||||
|
@ -4975,13 +4927,6 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
|
|||
return FALSE;
|
||||
}
|
||||
}
|
||||
#else
|
||||
err = gcry_cipher_setctr(decoder->evp, nonce_with_counter, 16);
|
||||
if (err) {
|
||||
ssl_debug_printf("%s failed: failed to set CTR: %s\n", G_STRFUNC, gcry_strerror(err));
|
||||
return FALSE;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Decrypt now that nonce and AAD are set. */
|
||||
err = gcry_cipher_decrypt(decoder->evp, out_str->data, out_str->data_len, ciphertext, ciphertext_len);
|
||||
|
@ -4991,7 +4936,6 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
|
|||
}
|
||||
|
||||
/* Check authentication tag for authenticity (replaces MAC) */
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
err = gcry_cipher_gettag(decoder->evp, auth_tag_calc, auth_tag_len);
|
||||
if (err == 0 && !memcmp(auth_tag_calc, auth_tag_wire, auth_tag_len)) {
|
||||
ssl_print_data("auth_tag(OK)", auth_tag_calc, auth_tag_len);
|
||||
|
@ -5009,9 +4953,6 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
|
|||
return FALSE;
|
||||
}
|
||||
}
|
||||
#else
|
||||
ssl_debug_printf("Libgcrypt is older than 1.6, unable to verify auth tag!\n");
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Increment the (implicit) sequence number for TLS 1.2/1.3. This is done
|
||||
|
|
|
@ -1097,7 +1097,6 @@ decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, SslDecryp
|
|||
return success;
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
/**
|
||||
* Try to guess the early data cipher using trial decryption.
|
||||
* Requires Libgcrypt 1.6 or newer for verifying that decryption is successful.
|
||||
|
@ -1172,7 +1171,6 @@ decrypt_tls13_early_data(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
|
|||
}
|
||||
return success;
|
||||
}
|
||||
#endif
|
||||
|
||||
static void
|
||||
process_ssl_payload(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
||||
|
@ -1940,9 +1938,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|||
/* Try to decrypt TLS 1.3 early data first */
|
||||
if (session->version == TLSV1DOT3_VERSION && content_type == SSL_ID_APP_DATA &&
|
||||
ssl->has_early_data && !ssl_packet_from_server(session, ssl_associations, pinfo)) {
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
decrypt_ok = decrypt_tls13_early_data(tvb, pinfo, offset, record_length, ssl, curr_layer_num_ssl);
|
||||
#endif
|
||||
if (!decrypt_ok) {
|
||||
/* Either trial decryption failed (e.g. missing key) or end of
|
||||
* early data is reached. Switch to HS secrets if available. */
|
||||
|
@ -3783,20 +3779,10 @@ tls_get_cipher_info(packet_info *pinfo, guint16 cipher_suite, int *cipher_algo,
|
|||
static const gint gcry_modes[] = {
|
||||
GCRY_CIPHER_MODE_STREAM,
|
||||
GCRY_CIPHER_MODE_CBC,
|
||||
#ifdef HAVE_LIBGCRYPT_AEAD
|
||||
GCRY_CIPHER_MODE_GCM,
|
||||
GCRY_CIPHER_MODE_CCM,
|
||||
GCRY_CIPHER_MODE_CCM,
|
||||
#else
|
||||
-1, /* Do not bother with fallback support. */
|
||||
-1,
|
||||
-1,
|
||||
#endif
|
||||
#ifdef HAVE_LIBGCRYPT_CHACHA20_POLY1305
|
||||
GCRY_CIPHER_MODE_POLY1305,
|
||||
#else
|
||||
-1, /* AEAD_CHACHA20_POLY1305 is unsupported. */
|
||||
#endif
|
||||
};
|
||||
static const int gcry_mds[] = {
|
||||
GCRY_MD_MD5,
|
||||
|
|
|
@ -17,27 +17,15 @@
|
|||
|
||||
#include <wireshark.h>
|
||||
|
||||
/* XXX: Turning off warnings here may not be necessary now that libgcrypt
|
||||
* 1.8.0 is the minimum version.
|
||||
*/
|
||||
DIAG_OFF(deprecated-declarations)
|
||||
|
||||
#include <gcrypt.h>
|
||||
|
||||
DIAG_ON(deprecated-declarations)
|
||||
|
||||
/*
|
||||
* Define HAVE_LIBGCRYPT_AEAD here, because it's used in several source
|
||||
* files.
|
||||
*/
|
||||
/* Whether to provide support for authentication in addition to decryption. */
|
||||
#define HAVE_LIBGCRYPT_AEAD
|
||||
|
||||
/*
|
||||
* Define some other "do we have?" items as well.
|
||||
*/
|
||||
/* Whether ChaCh20 PNE can be supported. */
|
||||
#define HAVE_LIBGCRYPT_CHACHA20
|
||||
/* Whether AEAD_CHACHA20_POLY1305 can be supported. */
|
||||
#define HAVE_LIBGCRYPT_CHACHA20_POLY1305
|
||||
|
||||
#define HASH_MD5_LENGTH 16
|
||||
#define HASH_SHA1_LENGTH 20
|
||||
#define HASH_SHA2_224_LENGTH 28
|
||||
|
|
Loading…
Reference in New Issue