osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

libgcrypt: Remove HAVE_GCRYPT_AEAD , _CHACHA20 

Libgcrypt 1.8.0 is required now, so these are always defined.
This commit is contained in:
John Thacker 2022-04-21 07:09:18 -04:00
parent d87b9ca731
commit 45da161430
8 changed files with 5 additions and 214 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
epan/dissectors/packet-http3.c
View File

@ -45,7 +45,6 @@ static int hf_http3_priority_update_element_id = -1;
static int hf_http3_priority_update_field_value = -1;
static expert_field ei_http3_unknown_stream_type = EI_INIT;
static expert_field ei_http3_data_not_decoded = EI_INIT;
/* Initialize the subtree pointers */
static gint ett_http3 = -1;
@ -134,7 +133,6 @@ typedef struct _http3_stream_info {
guint64 broken_from_offset; /**< Unrecognized stream starting at offset (if non-zero). */
} http3_stream_info;
#ifdef HAVE_LIBGCRYPT_AEAD
/**
* Whether this is a reserved code point for Stream Type, Frame Type, Error
* Code, etc.
@ -144,7 +142,6 @@ http3_is_reserved_code(guint64 stream_type)
{
return (stream_type - 0x21) % 0x1f == 0;
}
#endif
static gboolean
try_get_quic_varint(tvbuff_t *tvb, int offset, guint64 *value, int *lenvar)
@ -202,7 +199,6 @@ http3_check_frame_size(tvbuff_t *tvb, packet_info *pinfo, int offset)
return FALSE;
}
#ifdef HAVE_LIBGCRYPT_AEAD
/* Settings */
static int
dissect_http3_settings(tvbuff_t* tvb, packet_info* pinfo _U_, proto_tree* http3_tree, guint offset)
@ -378,7 +374,6 @@ dissect_http3_uni_stream(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, in
return offset;
}
#endif /* HAVE_LIBGCRYPT_AEAD */
static int
dissect_http3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
@ -387,9 +382,7 @@ dissect_http3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
proto_item *ti;
proto_tree *http3_tree;
int offset = 0;
#ifdef HAVE_LIBGCRYPT_AEAD
http3_stream_info *h3_stream;
#endif /* HAVE_LIBGCRYPT_AEAD */
if (!stream_info) {
return 0;
@ -420,7 +413,6 @@ dissect_http3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
ti = proto_tree_add_item(tree, proto_http3, tvb, 0, -1, ENC_NA);
http3_tree = proto_item_add_subtree(ti, ett_http3);
#ifdef HAVE_LIBGCRYPT_AEAD
h3_stream = (http3_stream_info *)quic_stream_get_proto_data(pinfo, stream_info);
if (!h3_stream) {
h3_stream = wmem_new0(wmem_file_scope(), http3_stream_info);
@ -456,10 +448,6 @@ dissect_http3(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
}
offset = dissect_http3_frame(tvb, pinfo, http3_tree, offset);
}
#else
proto_tree_add_expert_format(http3_tree, pinfo, &ei_http3_data_not_decoded, tvb, offset, 0,
"Data not decoded, missing LIBGCRYPT AEAD support");
#endif
return tvb_captured_length(tvb);
}
@ -557,10 +545,6 @@ proto_register_http3(void)
{ "http3.unknown_stream_type", PI_UNDECODED, PI_WARN,
"An unknown stream type was encountered", EXPFILL }
},
{ &ei_http3_data_not_decoded,
{ "http3.data_not_decoded", PI_UNDECODED, PI_WARN,
"Data not decoded", EXPFILL }
},
};
proto_http3 = proto_register_protocol("Hypertext Transfer Protocol Version 3", "HTTP3", "http3");

8
epan/dissectors/packet-ipsec.c
View File

@ -1765,12 +1765,8 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
esp_salt_len = 4;
esp_encr_key_len -= esp_salt_len;
#ifdef HAVE_LIBGCRYPT_AEAD
crypt_mode_libgcrypt =
(esp_encr_algo == IPSEC_ENCRYPT_AES_CTR) ? GCRY_CIPHER_MODE_CTR : GCRY_CIPHER_MODE_GCM;
#else
crypt_mode_libgcrypt = GCRY_CIPHER_MODE_CTR;
#endif
switch(esp_encr_key_len * 8)
{
case 128:
@ -2020,7 +2016,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
}
#ifdef HAVE_LIBGCRYPT_AEAD
if (g_esp_enable_authentication_check && icv_type == ICV_TYPE_AEAD) {
/* Allocate buffer for ICV */
esp_icv = (guint8 *)tvb_memdup(wmem_packet_scope(), tvb, esp_packet_len - esp_icv_len, esp_icv_len);
@ -2033,7 +2028,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
gcry_cipher_algo_name(crypt_algo_libgcrypt), crypt_mode_libgcrypt, gcry_strerror(err));
}
}
#endif
if (!err)
{
@ -2052,7 +2046,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
/* Decryption has finished */
decrypt_ok = TRUE;
#ifdef HAVE_LIBGCRYPT_AEAD
if (g_esp_enable_authentication_check && icv_type == ICV_TYPE_AEAD) {
guchar *esp_icv_computed;
gint tag_len;
@ -2081,7 +2074,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
esp_icv_expected = bytes_to_str(wmem_packet_scope(), esp_icv_computed, esp_icv_len);
}
}
#endif
}
}
}

39
epan/dissectors/packet-isakmp.c
View File

@ -1905,7 +1905,6 @@ static ikev2_encr_alg_spec_t ikev2_encr_algs[] = {
{IKEV2_ENCR_AES_CTR_192, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 0},
{IKEV2_ENCR_AES_CTR_256, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 0},
#ifdef HAVE_LIBGCRYPT_AEAD
/* GCM algorithms: key length: aes-length + 4 bytes of IV (salt), iv - 8 bytes */
{IKEV2_ENCR_AES_GCM_128_16, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, 4, 16},
{IKEV2_ENCR_AES_GCM_192_16, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_GCM, 4, 16},
@ -1931,36 +1930,6 @@ static ikev2_encr_alg_spec_t ikev2_encr_algs[] = {
{IKEV2_ENCR_AES_CCM_128_12, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CCM, 3, 12},
{IKEV2_ENCR_AES_CCM_192_12, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CCM, 3, 12},
{IKEV2_ENCR_AES_CCM_256_12, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CCM, 3, 12},
#else
/* decrypt using plain ctr mode - special handling for GCM mode of counter initial value 2 inside dis_enc()*/
/* GCM algorithms: key length: aes-length + 4 bytes of IV (salt), iv - 8 bytes */
{IKEV2_ENCR_AES_GCM_128_16, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 4, 16},
{IKEV2_ENCR_AES_GCM_192_16, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 16},
{IKEV2_ENCR_AES_GCM_256_16, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 16},
{IKEV2_ENCR_AES_GCM_128_8, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 4, 8},
{IKEV2_ENCR_AES_GCM_192_8, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 8},
{IKEV2_ENCR_AES_GCM_256_8, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 8},
{IKEV2_ENCR_AES_GCM_128_12, 20, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 4, 12},
{IKEV2_ENCR_AES_GCM_192_12, 28, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 4, 12},
{IKEV2_ENCR_AES_GCM_256_12, 36, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 4, 12},
/* CCM algorithms: key length: aes-length + 3 bytes of salt, iv - 8 bytes.
* Special handling of setting first byte of iv to length of 14 - noncelen inside dis_enc() */
{IKEV2_ENCR_AES_CCM_128_16, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 3, 16},
{IKEV2_ENCR_AES_CCM_192_16, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 3, 16},
{IKEV2_ENCR_AES_CCM_256_16, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 3, 16},
{IKEV2_ENCR_AES_CCM_128_8, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 3, 8},
{IKEV2_ENCR_AES_CCM_192_8, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 3, 8},
{IKEV2_ENCR_AES_CCM_256_8, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 3, 8},
{IKEV2_ENCR_AES_CCM_128_12, 19, 1, 8, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 3, 12},
{IKEV2_ENCR_AES_CCM_192_12, 27, 1, 8, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 3, 12},
{IKEV2_ENCR_AES_CCM_256_12, 35, 1, 8, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 3, 12},
#endif
{0, 0, 0, 0, 0, 0, 0, 0}
};
@ -5847,10 +5816,8 @@ dissect_enc(tvbuff_t *tvb,
tvbuff_t *decr_tvb = NULL;
gint payloads_len;
proto_tree *decr_tree = NULL, *decr_payloads_tree = NULL;
#ifdef HAVE_LIBGCRYPT_AEAD
guchar *aa_data = NULL, *icv_data = NULL;
gint aad_len = 0;
#endif
if (decr_info) {
/* Need decryption details to know field lengths. */
@ -5915,7 +5882,6 @@ dissect_enc(tvbuff_t *tvb,
/*
* Recalculate ICD value if the specified authentication algorithm allows it.
*/
#ifdef HAVE_LIBGCRYPT_AEAD
if (icv_len) {
/* For GCM/CCM algorithms ICD is computed during decryption.
Must save offset and length of authenticated additional data (whole ISAKMP header
@ -5924,7 +5890,6 @@ dissect_enc(tvbuff_t *tvb,
aa_data = (guchar *)tvb_memdup(pinfo->pool, tvb, 0, aad_len);
icv_data = (guchar *)tvb_memdup(pinfo->pool, tvb, offset, icv_len);
} else
#endif
if (key_info->auth_spec->gcry_alg) {
proto_item_append_text(icd_item, " <%s>", val_to_str(key_info->auth_spec->number, vs_ikev2_auth_algs, "Unknown mac algo: %d"));
err = gcry_md_open(&md_hd, key_info->auth_spec->gcry_alg, key_info->auth_spec->gcry_flag);
@ -6036,7 +6001,6 @@ dissect_enc(tvbuff_t *tvb,
key_info->encr_spec->gcry_alg, encr_iv_len, gcry_strerror(err));
}
#ifdef HAVE_LIBGCRYPT_AEAD
if (key_info->encr_spec->gcry_mode == GCRY_CIPHER_MODE_CCM) {
guint64 ccm_lengths[3];
ccm_lengths[0] = encr_data_len;
@ -6059,7 +6023,6 @@ dissect_enc(tvbuff_t *tvb,
key_info->encr_spec->gcry_alg, gcry_strerror(err));
}
}
#endif
err = gcry_cipher_decrypt(cipher_hd, decr_data, decr_data_len, encr_data, encr_data_len);
if (err) {
@ -6068,7 +6031,6 @@ dissect_enc(tvbuff_t *tvb,
key_info->encr_spec->gcry_alg, gcry_strerror(err));
}
#ifdef HAVE_LIBGCRYPT_AEAD
if (icv_len) {
/* gcry_cipher_checktag() doesn't work on 1.6.x version well - requires all of 16 bytes
* of ICV, so it won't work with 12 and 8 bytes of ICV.
@ -6113,7 +6075,6 @@ dissect_enc(tvbuff_t *tvb,
expert_add_info(pinfo, icd_item, &ei_isakmp_ikev2_integrity_checksum);
}
}
#endif
gcry_cipher_close(cipher_hd);
}

59
epan/dissectors/packet-quic.c
View File

@ -220,7 +220,6 @@ static dissector_handle_t tls13_handshake_handle;
static dissector_table_t quic_proto_dissector_table;
#ifdef HAVE_LIBGCRYPT_AEAD
/* Fields for showing reassembly results for fragments of QUIC stream data. */
static const fragment_items quic_stream_fragment_items = {
&ett_quic_fragment,
@ -238,7 +237,6 @@ static const fragment_items quic_stream_fragment_items = {
&hf_quic_reassembled_data,
"Fragments"
};
#endif /* HAVE_LIBGCRYPT_AEAD */
/*
* PROTECTED PAYLOAD DECRYPTION (done in first pass)
@ -743,10 +741,8 @@ quic_get_long_packet_type(guint8 first_byte, guint32 version)
}
}
#ifdef HAVE_LIBGCRYPT_AEAD
static void
quic_streams_add(packet_info *pinfo, quic_info_data_t *quic_info, guint64 stream_id);
#endif
static void
quic_hp_cipher_reset(quic_hp_cipher *hp_cipher)
@ -767,7 +763,6 @@ quic_ciphers_reset(quic_ciphers *ciphers)
quic_pp_cipher_reset(&ciphers->pp_cipher);
}
#ifdef HAVE_LIBGCRYPT_AEAD
static gboolean
quic_is_hp_cipher_initialized(quic_hp_cipher *hp_cipher)
{
@ -833,7 +828,6 @@ quic_decrypt_header(tvbuff_t *tvb, guint pn_offset, quic_hp_cipher *hp_cipher, i
}
memcpy(mask, sample, sizeof(mask));
break;
#ifdef HAVE_LIBGCRYPT_CHACHA20
case GCRY_CIPHER_CHACHA20:
/* If Gcrypt receives a 16 byte IV, it will assume the buffer to be
* counter || nonce (in little endian), as desired. */
@ -845,7 +839,6 @@ quic_decrypt_header(tvbuff_t *tvb, guint pn_offset, quic_hp_cipher *hp_cipher, i
return FALSE;
}
break;
#endif /* HAVE_LIBGCRYPT_CHACHA20 */
default:
return FALSE;
}
@ -918,7 +911,6 @@ quic_set_full_packet_number(quic_info_data_t *quic_info, quic_packet_info_t *qui
quic_packet->pkn_len = pkn_len;
quic_packet->packet_number = pkn_full;
}
#endif /* HAVE_LIBGCRYPT_AEAD */
static const char *
cid_to_string(const quic_cid_t *cid)
@ -1167,7 +1159,6 @@ quic_connection_update_initial(quic_info_data_t *conn, const quic_cid_t *scid, c
}
}
#ifdef HAVE_LIBGCRYPT_AEAD
/**
* Use the new CID as additional identifier for the specified connection and
* remember it for connection tracking.
@ -1192,7 +1183,6 @@ quic_connection_add_cid(quic_info_data_t *conn, const quic_cid_t *new_cid, gbool
quic_cids_insert(&new_item->data, conn, from_server);
}
#endif /* HAVE_LIBGCRYPT_AEAD */
/** Create or update a connection. */
static void
@ -1270,7 +1260,6 @@ quic_connection_destroy(gpointer data, gpointer user_data _U_)
/* QUIC Streams tracking and reassembly. {{{ */
static reassembly_table quic_reassembly_table;
#ifdef HAVE_LIBGCRYPT_AEAD
/** Perform sequence analysis for STREAM frames. */
static quic_stream_state *
quic_get_stream_state(packet_info *pinfo, quic_info_data_t *quic_info, gboolean from_server, guint64 stream_id)
@ -2523,11 +2512,9 @@ quic_get_pn_cipher_algo(int cipher_algo, int *hp_cipher_mode)
case GCRY_CIPHER_AES256:
*hp_cipher_mode = GCRY_CIPHER_MODE_ECB;
return TRUE;
#ifdef HAVE_LIBGCRYPT_CHACHA20
case GCRY_CIPHER_CHACHA20:
*hp_cipher_mode = GCRY_CIPHER_MODE_STREAM;
return TRUE;
#endif /* HAVE_LIBGCRYPT_CHACHA20 */
default:
return FALSE;
}
@ -2660,13 +2647,7 @@ quic_create_decoders(packet_info *pinfo, quic_info_data_t *quic_info, quic_ciphe
{
if (!quic_info->hash_algo) {
if (!tls_get_cipher_info(pinfo, 0, &quic_info->cipher_algo, &quic_info->cipher_mode, &quic_info->hash_algo)) {
#ifndef HAVE_LIBGCRYPT_CHACHA20
/* If this stream uses the ChaCha20-Poly1305 cipher, Libgcrypt 1.7.0
* or newer is required. */
*error = "Unable to retrieve cipher information; try upgrading Libgcrypt >= 1.7.0";
#else
*error = "Unable to retrieve cipher information";
#endif
return FALSE;
}
}
@ -3023,22 +3004,16 @@ quic_verify_retry_token(tvbuff_t *tvb, quic_packet_info_t *quic_packet, const qu
}
gcry_cipher_close(h);
}
#endif /* HAVE_LIBGCRYPT_AEAD */
void
quic_add_connection(packet_info *pinfo, const quic_cid_t *cid)
{
#ifdef HAVE_LIBGCRYPT_AEAD
quic_datagram *dgram_info;
dgram_info = (quic_datagram *)p_get_proto_data(wmem_file_scope(), pinfo, proto_quic, 0);
if (dgram_info && dgram_info->conn) {
quic_connection_add_cid(dgram_info->conn, cid, dgram_info->from_server);
}
#else
(void)pinfo;
(void)cid;
#endif /* HAVE_LIBGCRYPT_AEAD */
}
void
@ -3181,7 +3156,6 @@ dissect_quic_retry_packet(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
// Verify the Retry Integrity Tag according to
// https://tools.ietf.org/html/draft-ietf-quic-tls-25#section-5.8
ti = proto_tree_add_item(quic_tree, hf_quic_retry_integrity_tag, tvb, offset, 16, ENC_NA);
#ifdef HAVE_LIBGCRYPT_AEAD
if (!PINFO_FD_VISITED(pinfo) && odcid) {
// Skip validation if the Initial Packet is unknown, for example due
// to packet loss in the capture file.
@ -3195,11 +3169,6 @@ dissect_quic_retry_packet(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
} else {
proto_item_append_text(ti, " [verified]");
}
#else
(void)odcid;
expert_add_info_format(pinfo, ti, &ei_quic_bad_retry,
"Libgcrypt >= 1.6.0 is required for Retry Packet verification");
#endif /* HAVE_LIBGCRYPT_AEAD */
offset += 16;
}
@ -3220,14 +3189,11 @@ dissect_quic_long_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tre
guint64 payload_length;
guint8 first_byte = 0;
quic_info_data_t *conn = dgram_info->conn;
#ifdef HAVE_LIBGCRYPT_AEAD
const gboolean from_server = dgram_info->from_server;
quic_ciphers *ciphers = NULL;
proto_item *ti;
#endif /* HAVE_LIBGCRYPT_AEAD */
quic_extract_header(tvb, &long_packet_type, &version, &dcid, &scid);
#ifdef HAVE_LIBGCRYPT_AEAD
if (conn) {
if (long_packet_type == QUIC_LPT_INITIAL) {
ciphers = !from_server ? &conn->client_initial_ciphers : &conn->server_initial_ciphers;
@ -3306,7 +3272,6 @@ dissect_quic_long_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tre
} else if (conn && quic_packet->pkn_len) {
first_byte = quic_packet->first_byte;
}
#endif /* HAVE_LIBGCRYPT_AEAD */
proto_tree_add_item(quic_tree, hf_quic_fixed_bit, tvb, offset, 1, ENC_NA);
if (is_quic_v2(version)) {
@ -3343,12 +3308,8 @@ dissect_quic_long_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tre
return offset;
}
if (!conn || quic_packet->pkn_len == 0) {
#ifndef HAVE_LIBGCRYPT_AEAD
expert_add_info_format(pinfo, quic_tree, &ei_quic_decryption_failed, "Libgcrypt >= 1.6.0 is required for QUIC decryption");
#else
// if not part of a connection, the full PKN cannot be reconstructed.
expert_add_info_format(pinfo, quic_tree, &ei_quic_decryption_failed, "Failed to decrypt packet number");
#endif /* HAVE_LIBGCRYPT_AEAD */
return offset;
}
@ -3357,13 +3318,8 @@ dissect_quic_long_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tre
col_append_fstr(pinfo->cinfo, COL_INFO, ", PKN: %" PRIu64, quic_packet->packet_number);
/* Payload */
#ifdef HAVE_LIBGCRYPT_AEAD
ti = proto_tree_add_item(quic_tree, hf_quic_payload, tvb, offset, -1, ENC_NA);
#else
proto_tree_add_item(quic_tree, hf_quic_payload, tvb, offset, -1, ENC_NA);
#endif /* HAVE_LIBGCRYPT_AEAD */
#ifdef HAVE_LIBGCRYPT_AEAD
if (conn) {
quic_process_payload(tvb, pinfo, quic_tree, ti, offset,
conn, quic_packet, from_server, &ciphers->pp_cipher, first_byte, quic_packet->pkn_len);
@ -3372,7 +3328,6 @@ dissect_quic_long_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tre
// Packet number is verified to be valid, remember it.
*quic_max_packet_number(conn, from_server, first_byte) = quic_packet->packet_number;
}
#endif /* HAVE_LIBGCRYPT_AEAD */
offset += tvb_reported_length_remaining(tvb, offset);
return offset;
@ -3397,10 +3352,8 @@ dissect_quic_short_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
quic_cid_t dcid = {.len=0};
guint8 first_byte = 0;
gboolean key_phase = FALSE;
#ifdef HAVE_LIBGCRYPT_AEAD
proto_item *ti;
quic_pp_cipher *pp_cipher = NULL;
#endif /* HAVE_LIBGCRYPT_AEAD */
quic_info_data_t *conn = dgram_info->conn;
const gboolean from_server = dgram_info->from_server;
gboolean loss_bits_negotiated = FALSE;
@ -3413,7 +3366,6 @@ dissect_quic_short_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
dcid.len = from_server ? conn->client_cids.data.len : conn->server_cids.data.len;
loss_bits_negotiated = quic_loss_bits_negotiated(conn, from_server);
}
#ifdef HAVE_LIBGCRYPT_AEAD
if (!PINFO_FD_VISITED(pinfo) && conn) {
const gchar *error = NULL;
guint32 pkn32 = 0;
@ -3428,7 +3380,6 @@ dissect_quic_short_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
} else if (conn && quic_packet->pkn_len) {
first_byte = quic_packet->first_byte;
}
#endif /* HAVE_LIBGCRYPT_AEAD */
proto_tree_add_item(hdr_tree, hf_quic_fixed_bit, tvb, offset, 1, ENC_NA);
proto_tree_add_item(hdr_tree, hf_quic_spin_bit, tvb, offset, 1, ENC_NA);
/* Q and L bits are not protected by HP cipher */
@ -3460,11 +3411,9 @@ dissect_quic_short_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
proto_item_append_text(pi, " DCID=%s", dcid_str);
}
#ifdef HAVE_LIBGCRYPT_AEAD
if (!PINFO_FD_VISITED(pinfo) && conn) {
pp_cipher = quic_get_pp_cipher(key_phase, conn, from_server);
}
#endif /* HAVE_LIBGCRYPT_AEAD */
if (quic_packet->decryption.error) {
expert_add_info_format(pinfo, quic_tree, &ei_quic_decryption_failed,
@ -3482,13 +3431,8 @@ dissect_quic_short_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
proto_item_append_text(pi, " PKN=%" PRIu64, quic_packet->packet_number);
/* Protected Payload */
#ifdef HAVE_LIBGCRYPT_AEAD
ti = proto_tree_add_item(hdr_tree, hf_quic_protected_payload, tvb, offset, -1, ENC_NA);
#else
proto_tree_add_item(hdr_tree, hf_quic_protected_payload, tvb, offset, -1, ENC_NA);
#endif /* HAVE_LIBGCRYPT_AEAD */
#ifdef HAVE_LIBGCRYPT_AEAD
if (conn) {
quic_process_payload(tvb, pinfo, quic_tree, ti, offset,
conn, quic_packet, from_server, pp_cipher, first_byte, quic_packet->pkn_len);
@ -3497,7 +3441,6 @@ dissect_quic_short_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *quic_tr
*quic_max_packet_number(conn, from_server, first_byte) = quic_packet->packet_number;
}
}
#endif /* HAVE_LIBGCRYPT_AEAD */
offset += tvb_reported_length_remaining(tvb, offset);
return offset;
@ -3910,7 +3853,6 @@ quic_cleanup(void)
}
/* Follow QUIC Stream functionality {{{ */
#ifdef HAVE_LIBGCRYPT_AEAD
static void
quic_streams_add(packet_info *pinfo, quic_info_data_t *quic_info, guint64 stream_id)
{
@ -3936,7 +3878,6 @@ quic_streams_add(packet_info *pinfo, quic_info_data_t *quic_info, guint64 stream
wmem_map_insert(quic_info->streams_map, GUINT_TO_POINTER(stream->num), stream);
}
}
#endif
static quic_info_data_t *
get_conn_by_number(guint conn_number)

4
epan/dissectors/packet-quic.h
View File

@ -12,7 +12,7 @@
#include "ws_symbol_export.h"
#include <wsutil/wsgcrypt.h> /* needed to define HAVE_LIBGCRYPT_AEAD */
#include <wsutil/wsgcrypt.h>
#ifdef __cplusplus
extern "C" {
@ -53,10 +53,8 @@ typedef struct quic_cid {
/** Set/Get protocol-specific data for the QUIC STREAM. */
#ifdef HAVE_LIBGCRYPT_AEAD
void quic_stream_add_proto_data(struct _packet_info *pinfo, quic_stream_info *stream_info, void *proto_data);
void *quic_stream_get_proto_data(struct _packet_info *pinfo, quic_stream_info *stream_info);
#endif /* HAVE_LIBGCRYPT_AEAD */
/** Returns the number of items for quic.connection.number. */
WS_DLL_PUBLIC guint32 get_quic_connections_count(void);

61
epan/dissectors/packet-tls-utils.c
View File

@ -2883,20 +2883,10 @@ ssl_cipher_init(gcry_cipher_hd_t *cipher, gint algo, guchar* sk,
gint gcry_modes[] = {
GCRY_CIPHER_MODE_STREAM,
GCRY_CIPHER_MODE_CBC,
#ifdef HAVE_LIBGCRYPT_AEAD
GCRY_CIPHER_MODE_GCM,
GCRY_CIPHER_MODE_CCM,
GCRY_CIPHER_MODE_CCM,
#else
GCRY_CIPHER_MODE_CTR,
GCRY_CIPHER_MODE_CTR,
GCRY_CIPHER_MODE_CTR,
#endif
#ifdef HAVE_LIBGCRYPT_CHACHA20_POLY1305
GCRY_CIPHER_MODE_POLY1305,
#else
-1, /* AEAD_CHACHA20_POLY1305 is unsupported. */
#endif
};
gint err;
if (algo == -1) {
@ -4778,22 +4768,10 @@ dtls_check_mac(SslDecoder*decoder, gint ct,int ver, guint8* data,
static gboolean
tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
#ifdef HAVE_LIBGCRYPT_AEAD
guint8 ct, guint16 record_version,
#else
guint8 ct _U_, guint16 record_version _U_,
#endif
gboolean ignore_mac_failed
#ifndef HAVE_LIBGCRYPT_AEAD
_U_
#endif
,
gboolean ignore_mac_failed,
const guchar *in, guint16 inl,
#ifdef HAVE_LIBGCRYPT_AEAD
const guchar *cid, guint8 cidl,
#else
const guchar *cid _U_, guint8 cidl _U_,
#endif
StringInfo *out_str, guint *outl)
{
/* RFC 5246 (TLS 1.2) 6.2.3.3 defines the TLSCipherText.fragment as:
@ -4809,16 +4787,12 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
guint ciphertext_len, auth_tag_len;
guchar nonce[12];
const ssl_cipher_mode_t cipher_mode = decoder->cipher_suite->mode;
#ifdef HAVE_LIBGCRYPT_AEAD
const gboolean is_cid = ct == SSL_ID_TLS12_CID && version == DTLSV1DOT2_VERSION;
const guint8 draft_version = ssl->session.tls13_draft_version;
const guchar *auth_tag_wire;
guchar auth_tag_calc[16];
guchar *aad = NULL;
guint aad_len = 0;
#else
guchar nonce_with_counter[16] = { 0 };
#endif
switch (cipher_mode) {
case MODE_GCM:
@ -4855,9 +4829,7 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
ssl_debug_printf("%s Unexpected TLS version %#x\n", G_STRFUNC, version);
return FALSE;
}
#ifdef HAVE_LIBGCRYPT_AEAD
auth_tag_wire = ciphertext + ciphertext_len;
#endif
/*
* Nonce construction is version-specific. Note that AEAD_CHACHA20_POLY1305
@ -4869,25 +4841,6 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
memcpy(nonce, decoder->write_iv.data, IMPLICIT_NONCE_LEN);
memcpy(nonce + IMPLICIT_NONCE_LEN, explicit_nonce, EXPLICIT_NONCE_LEN);
#ifndef HAVE_LIBGCRYPT_AEAD
if (cipher_mode == MODE_GCM) {
/* NIST SP 800-38D, sect. 7.2 says that the 32-bit counter part starts
* at 1, and gets incremented before passing to the block cipher. */
memcpy(nonce_with_counter, nonce, IMPLICIT_NONCE_LEN + EXPLICIT_NONCE_LEN);
nonce_with_counter[IMPLICIT_NONCE_LEN + EXPLICIT_NONCE_LEN + 3] = 2;
} else if (cipher_mode == MODE_CCM || cipher_mode == MODE_CCM_8) {
/* The nonce for CCM and GCM are the same, but the nonce is used as input
* in the CCM algorithm described in RFC 3610. The nonce generated here is
* the one from RFC 3610 sect 2.3. Encryption. */
/* Flags: (L-1) ; L = 16 - 1 - nonceSize */
nonce_with_counter[0] = 3 - 1;
memcpy(nonce_with_counter + 1, nonce, IMPLICIT_NONCE_LEN + EXPLICIT_NONCE_LEN);
/* struct { opaque salt[4]; opaque nonce_explicit[8] } CCMNonce (RFC 6655) */
nonce_with_counter[IMPLICIT_NONCE_LEN + EXPLICIT_NONCE_LEN + 3] = 1;
} else {
ws_assert_not_reached();
}
#endif
} else if (version == TLSV1DOT3_VERSION || cipher_mode == MODE_POLY1305) {
/*
* Technically the nonce length must be at least 8 bytes, but for
@ -4902,7 +4855,6 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
}
/* Set nonce and additional authentication data */
#ifdef HAVE_LIBGCRYPT_AEAD
gcry_cipher_reset(decoder->evp);
ssl_print_data("nonce", nonce, 12);
err = gcry_cipher_setiv(decoder->evp, nonce, 12);
@ -4975,13 +4927,6 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
return FALSE;
}
}
#else
err = gcry_cipher_setctr(decoder->evp, nonce_with_counter, 16);
if (err) {
ssl_debug_printf("%s failed: failed to set CTR: %s\n", G_STRFUNC, gcry_strerror(err));
return FALSE;
}
#endif
/* Decrypt now that nonce and AAD are set. */
err = gcry_cipher_decrypt(decoder->evp, out_str->data, out_str->data_len, ciphertext, ciphertext_len);
@ -4991,7 +4936,6 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
}
/* Check authentication tag for authenticity (replaces MAC) */
#ifdef HAVE_LIBGCRYPT_AEAD
err = gcry_cipher_gettag(decoder->evp, auth_tag_calc, auth_tag_len);
if (err == 0 && !memcmp(auth_tag_calc, auth_tag_wire, auth_tag_len)) {
ssl_print_data("auth_tag(OK)", auth_tag_calc, auth_tag_len);
@ -5009,9 +4953,6 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,
return FALSE;
}
}
#else
ssl_debug_printf("Libgcrypt is older than 1.6, unable to verify auth tag!\n");
#endif
/*
* Increment the (implicit) sequence number for TLS 1.2/1.3. This is done

14
epan/dissectors/packet-tls.c
View File

@ -1097,7 +1097,6 @@ decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, SslDecryp
return success;
}
#ifdef HAVE_LIBGCRYPT_AEAD
/**
* Try to guess the early data cipher using trial decryption.
* Requires Libgcrypt 1.6 or newer for verifying that decryption is successful.
@ -1172,7 +1171,6 @@ decrypt_tls13_early_data(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
}
return success;
}
#endif
static void
process_ssl_payload(tvbuff_t *tvb, int offset, packet_info *pinfo,
@ -1940,9 +1938,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
/* Try to decrypt TLS 1.3 early data first */
if (session->version == TLSV1DOT3_VERSION && content_type == SSL_ID_APP_DATA &&
ssl->has_early_data && !ssl_packet_from_server(session, ssl_associations, pinfo)) {
#ifdef HAVE_LIBGCRYPT_AEAD
decrypt_ok = decrypt_tls13_early_data(tvb, pinfo, offset, record_length, ssl, curr_layer_num_ssl);
#endif
if (!decrypt_ok) {
/* Either trial decryption failed (e.g. missing key) or end of
* early data is reached. Switch to HS secrets if available. */
@ -3783,20 +3779,10 @@ tls_get_cipher_info(packet_info *pinfo, guint16 cipher_suite, int *cipher_algo,
static const gint gcry_modes[] = {
GCRY_CIPHER_MODE_STREAM,
GCRY_CIPHER_MODE_CBC,
#ifdef HAVE_LIBGCRYPT_AEAD
GCRY_CIPHER_MODE_GCM,
GCRY_CIPHER_MODE_CCM,
GCRY_CIPHER_MODE_CCM,
#else
-1, /* Do not bother with fallback support. */
-1,
-1,
#endif
#ifdef HAVE_LIBGCRYPT_CHACHA20_POLY1305
GCRY_CIPHER_MODE_POLY1305,
#else
-1, /* AEAD_CHACHA20_POLY1305 is unsupported. */
#endif
};
static const int gcry_mds[] = {
GCRY_MD_MD5,

18
wsutil/wsgcrypt.h
View File

@ -17,27 +17,15 @@
#include <wireshark.h>
/* XXX: Turning off warnings here may not be necessary now that libgcrypt
* 1.8.0 is the minimum version.
*/
DIAG_OFF(deprecated-declarations)
#include <gcrypt.h>
DIAG_ON(deprecated-declarations)
/*
* Define HAVE_LIBGCRYPT_AEAD here, because it's used in several source
* files.
*/
/* Whether to provide support for authentication in addition to decryption. */
#define HAVE_LIBGCRYPT_AEAD
/*
* Define some other "do we have?" items as well.
*/
/* Whether ChaCh20 PNE can be supported. */
#define HAVE_LIBGCRYPT_CHACHA20
/* Whether AEAD_CHACHA20_POLY1305 can be supported. */
#define HAVE_LIBGCRYPT_CHACHA20_POLY1305
#define HASH_MD5_LENGTH 16
#define HASH_SHA1_LENGTH 20
#define HASH_SHA2_224_LENGTH 28