forked from osmocom/wireshark
packet-smb2: correctly dissect SMB2 TRANSFORM_HEADER Flags
In the SMB 3.1.1 dialect, this field is interpreted as the Flags field, which indicates how the SMB2 message was transformed:
Encrypted 0x0001
- The message is encrypted using the cipher that was negotiated for this connection.
In the SMB 3.0 and SMB 3.0.2 dialects, this field is interpreted as the EncryptionAlgorithm field,
which contains the algorithm used for encrypting the SMB2 message. This field MUST be set to one of the following values:
SMB2_ENCRYPTION_AES128_CCM 0x0001
- The message is encrypted using the AES128 CCM algorithm.
For dissection it's enough to expect SMB 3.1.1, as the value and the meaning
of 0x0001 is always the same (as AES128 CCM was the only possible algorithm before 3.1.1)
Change-Id: I4bd796bd1be38ed4a6481aa7bf68cb5b2e3637d2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37785
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This commit is contained in:
Stefan Metzmacher
Alexis La Goutte
parent
5b91801a8d
commit
48630d4742
|
|
@ -542,7 +542,8 @@ static int hf_smb2_transform_signature = -1;
|
|||
static int hf_smb2_transform_nonce = -1;
|
||||
static int hf_smb2_transform_msg_size = -1;
|
||||
static int hf_smb2_transform_reserved = -1;
|
||||
static int hf_smb2_transform_enc_alg = -1;
|
||||
static int hf_smb2_transform_flags = -1;
|
||||
static int hf_smb2_transform_flags_encrypted = -1;
|
||||
static int hf_smb2_transform_encrypted_data = -1;
|
||||
static int hf_smb2_protocol_id = -1;
|
||||
static int hf_smb2_comp_transform_orig_size = -1;
|
||||
|
|
@ -698,6 +699,7 @@ static gint ett_smb2_error_redir_context = -1;
|
|||
static gint ett_smb2_error_redir_ip_list = -1;
|
||||
static gint ett_smb2_read_flags = -1;
|
||||
static gint ett_smb2_signature = -1;
|
||||
static gint ett_smb2_transform_flags = -1;
|
||||
|
||||
static expert_field ei_smb2_invalid_length = EI_INIT;
|
||||
static expert_field ei_smb2_bad_response = EI_INIT;
|
||||
|
|
@ -921,6 +923,12 @@ static const value_string smb2_cipher_types[] = {
|
|||
{ 0, NULL }
|
||||
};
|
||||
|
||||
#define SMB2_TRANSFORM_FLAGS_ENCRYPTED 0x0001
|
||||
static int * const smb2_transform_flags[] = {
|
||||
&hf_smb2_transform_flags_encrypted,
|
||||
NULL,
|
||||
};
|
||||
|
||||
#define SMB2_COMP_ALG_NONE 0x0000
|
||||
#define SMB2_COMP_ALG_LZNT1 0x0001
|
||||
#define SMB2_COMP_ALG_LZ77 0x0002
|
||||
|
|
@ -10042,9 +10050,11 @@ dissect_smb2_transform_header(packet_info *pinfo, proto_tree *tree,
|
|||
proto_tree_add_item(tree, hf_smb2_transform_reserved, tvb, offset, 2, ENC_NA);
|
||||
offset += 2;
|
||||
|
||||
/* enc algorithm */
|
||||
proto_tree_add_item(tree, hf_smb2_transform_enc_alg, tvb, offset, 2, ENC_LITTLE_ENDIAN);
|
||||
sti->alg = tvb_get_letohs(tvb, offset);
|
||||
/* flags */
|
||||
proto_tree_add_bitmask(tree, tvb, offset, hf_smb2_transform_flags,
|
||||
ett_smb2_transform_flags,
|
||||
smb2_transform_flags, ENC_LITTLE_ENDIAN);
|
||||
sti->flags = tvb_get_letohs(tvb, offset);
|
||||
offset += 2;
|
||||
|
||||
/* session ID */
|
||||
|
|
@ -10059,7 +10069,9 @@ dissect_smb2_transform_header(packet_info *pinfo, proto_tree *tree,
|
|||
smb2_add_session_info(sesid_tree, sesid_item, tvb, sesid_offset, sti->session);
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
plain_data = decrypt_smb_payload(pinfo, tvb, offset, offset_aad, sti);
|
||||
if (sti->flags & SMB2_TRANSFORM_FLAGS_ENCRYPTED) {
|
||||
plain_data = decrypt_smb_payload(pinfo, tvb, offset, offset_aad, sti);
|
||||
}
|
||||
#else
|
||||
(void) offset_aad;
|
||||
#endif
|
||||
|
|
@ -12888,9 +12900,16 @@ proto_register_smb2(void)
|
|||
NULL, 0, NULL, HFILL }
|
||||
},
|
||||
|
||||
{ &hf_smb2_transform_enc_alg,
|
||||
{ "Encryption ALG", "smb2.header.transform.encryption_alg", FT_UINT16, BASE_HEX,
|
||||
VALS(smb2_cipher_types), 0, NULL, HFILL }
|
||||
/* SMB2 header flags */
|
||||
{ &hf_smb2_transform_flags,
|
||||
{ "Flags", "smb2.header.transform.flags", FT_UINT16, BASE_HEX,
|
||||
NULL, 0, "SMB2 transform flags", HFILL }
|
||||
},
|
||||
|
||||
{ &hf_smb2_transform_flags_encrypted,
|
||||
{ "Encrypted", "smb2.header.transform.flags.encrypted", FT_BOOLEAN, 16,
|
||||
NULL, SMB2_TRANSFORM_FLAGS_ENCRYPTED,
|
||||
"Whether the payload is encrypted", HFILL }
|
||||
},
|
||||
|
||||
{ &hf_smb2_transform_encrypted_data,
|
||||
|
|
@ -13206,6 +13225,7 @@ proto_register_smb2(void)
|
|||
&ett_smb2_error_redir_ip_list,
|
||||
&ett_smb2_read_flags,
|
||||
&ett_smb2_signature,
|
||||
&ett_smb2_transform_flags,
|
||||
};
|
||||
|
||||
static ei_register_info ei[] = {
|
||||
|
|
|
|||
|
|
@ -208,7 +208,7 @@ typedef struct _smb2_info_t {
|
|||
typedef struct _smb2_transform_info_t {
|
||||
guint8 nonce[16];
|
||||
guint32 size;
|
||||
guint16 alg;
|
||||
guint16 flags;
|
||||
guint64 sesid; /* *host* byte order - not necessarily little-endian! */
|
||||
smb2_conv_info_t *conv;
|
||||
smb2_sesid_info_t *session;
|
||||
|
|
|
|||
Loading…
Reference in New Issue