osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

IEEE 802.15.4: fix decryption results based on uninitialized data 

Refactor ieee802154_set_mac_key to return the number of keys set and
only try to decrypt with the alt_key if actually provided

Bug: 14522
Change-Id: I40802dff8c08f7f82b792fb16f5f91aa3b9e20cc
Reviewed-on: https://code.wireshark.org/review/26677
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
Robert Sauter 2018-03-28 22:49:58 +02:00 committed by Anders Broman
parent afede5f867
commit a67082d354
5 changed files with 30 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
epan/dissectors/packet-ieee802154.c
View File

@ -282,7 +282,7 @@ static void dissect_ieee802154_gtsreq (tvbuff_t *, packet_info *, proto
/* Decryption helpers. */
static tvbuff_t *dissect_ieee802154_decrypt(tvbuff_t *, guint, packet_info *, ieee802154_packet *, ieee802154_decrypt_info_t*);
static gboolean ieee802154_set_mac_key(ieee802154_packet *packet, unsigned char *key, unsigned char *alt_key, ieee802154_key_t* uat_key);
static guint ieee802154_set_mac_key(ieee802154_packet *packet, unsigned char *key, unsigned char *alt_key, ieee802154_key_t *uat_key);
/* Initialize Protocol and Registered fields */
static int proto_ieee802154_nonask_phy = -1;
@ -996,7 +996,7 @@ dissect_ieee802154_fcf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, ieee
*offset += 2;
} /* dissect_ieee802154_fcf */
void register_ieee802154_mac_key_hash_handler(guint hash_identifier, ieee802154_set_mac_key_func key_func)
void register_ieee802154_mac_key_hash_handler(guint hash_identifier, ieee802154_set_key_func key_func)
{
/* Ensure no duplication */
DISSECTOR_ASSERT(wmem_tree_lookup32(mac_key_hash_handlers, hash_identifier) == NULL);
@ -1086,14 +1086,17 @@ tvbuff_t *decrypt_ieee802154_payload(tvbuff_t * tvb, guint offset, packet_info *
/* Lookup the key. */
for (decrypt_info->key_number = 0; decrypt_info->key_number < num_ieee802154_keys; decrypt_info->key_number++) {
if (set_key_func(packet, key, alt_key, &ieee802154_keys[decrypt_info->key_number])) {
guint nkeys = set_key_func(packet, key, alt_key, &ieee802154_keys[decrypt_info->key_number]);
if (nkeys >= 1) {
/* Try with the initial key */
decrypt_info->key = key;
payload_tvb = decrypt_func(tvb, offset, pinfo, packet, decrypt_info);
if (!((*decrypt_info->status == DECRYPT_PACKET_MIC_CHECK_FAILED) || (*decrypt_info->status == DECRYPT_PACKET_DECRYPT_FAILED))) {
break;
}
/* Try with the alternate key */
}
if (nkeys >= 2) {
/* Try also with the alternate key */
decrypt_info->key = alt_key;
payload_tvb = decrypt_func(tvb, offset, pinfo, packet, decrypt_info);
if (!((*decrypt_info->status == DECRYPT_PACKET_MIC_CHECK_FAILED) || (*decrypt_info->status == DECRYPT_PACKET_DECRYPT_FAILED))) {
@ -3982,9 +3985,9 @@ gboolean ieee802154_long_addr_equal(gconstpointer a, gconstpointer b)
}
/* Set MAC key function. */
static gboolean ieee802154_set_mac_key(ieee802154_packet *packet, unsigned char *key, unsigned char *alt_key, ieee802154_key_t* uat_key)
static guint ieee802154_set_mac_key(ieee802154_packet *packet, unsigned char *key, unsigned char *alt_key, ieee802154_key_t *uat_key)
{
ieee802154_set_mac_key_func func = (ieee802154_set_mac_key_func)wmem_tree_lookup32(mac_key_hash_handlers, uat_key->hash_type);
ieee802154_set_key_func func = (ieee802154_set_key_func)wmem_tree_lookup32(mac_key_hash_handlers, uat_key->hash_type);
if (func != NULL)
return func(packet, key, alt_key, uat_key);
@ -3994,10 +3997,10 @@ static gboolean ieee802154_set_mac_key(ieee802154_packet *packet, unsigned char
if (packet->key_index == uat_key->key_index)
{
memcpy(key, uat_key->key, IEEE802154_CIPHER_SIZE);
return TRUE;
return 1;
}
return FALSE;
return 0;
}
/**

12
epan/dissectors/packet-ieee802154.h
View File

@ -542,19 +542,19 @@ typedef struct {
ieee802154_decrypt_status* status;
} ieee802154_decrypt_info_t;
/** Fill key and alt_key based on the provided information from the frame and an IEEE 802.15.4 preference table entry */
typedef gboolean (*ieee802154_set_key_func) (ieee802154_packet * packet, unsigned char* key, unsigned char* alt_key, ieee802154_key_t* key_info);
/** Fill key and alt_key based on the provided information from the frame and an IEEE 802.15.4 preference table entry
* and return the number of keys set (0: none, 1: just key, 2: key and alt_key) */
typedef guint (*ieee802154_set_key_func) (ieee802154_packet *packet, unsigned char *key, unsigned char *alt_key, ieee802154_key_t *uat_key);
/** Decrypt the payload with the provided information */
typedef tvbuff_t* (*ieee802154_decrypt_func) (tvbuff_t *, guint, packet_info *, ieee802154_packet *, ieee802154_decrypt_info_t*);
/** Loop over the keys specified in the IEEE 802.15.4 preferences, try to use them with the specified set_key_func
* and try to decrypt with the specified decrypt_func
*/
tvbuff_t *decrypt_ieee802154_payload(tvbuff_t * tvb, guint offset, packet_info * pinfo, proto_tree* key_tree, ieee802154_packet * packet,
ieee802154_decrypt_info_t* decrypt_info, ieee802154_set_key_func set_key_func, ieee802154_decrypt_func decrypt_func);
tvbuff_t *decrypt_ieee802154_payload(tvbuff_t *tvb, guint offset, packet_info *pinfo, proto_tree *key_tree, ieee802154_packet *packet,
ieee802154_decrypt_info_t *decrypt_info, ieee802154_set_key_func set_key_func, ieee802154_decrypt_func decrypt_func);
typedef gboolean (*ieee802154_set_mac_key_func) (ieee802154_packet * packet, unsigned char* key, unsigned char* alt_key, ieee802154_key_t* uat_key);
extern void register_ieee802154_mac_key_hash_handler(guint hash_identifier, ieee802154_set_mac_key_func key_func);
extern void register_ieee802154_mac_key_hash_handler(guint hash_identifier, ieee802154_set_key_func key_func);
/* Short to Extended Address Prototypes */
extern ieee802154_map_rec *ieee802154_addr_update(ieee802154_map_tab_t *, guint16, guint16, guint64,

10
epan/dissectors/packet-mle.c
View File

@ -497,7 +497,7 @@ dissect_mle_decrypt(tvbuff_t * tvb,
return ptext_tvb;
} /* dissect_mle_decrypt */
void register_mle_key_hash_handler(guint hash_identifier, ieee802154_set_mac_key_func key_func)
void register_mle_key_hash_handler(guint hash_identifier, ieee802154_set_key_func key_func)
{
/* Ensure no duplication */
DISSECTOR_ASSERT(wmem_tree_lookup32(mle_key_hash_handlers, hash_identifier) == NULL);
@ -506,9 +506,9 @@ void register_mle_key_hash_handler(guint hash_identifier, ieee802154_set_mac_key
}
/* Set MLE key function. */
static gboolean ieee802154_set_mle_key(ieee802154_packet *packet, unsigned char *key, unsigned char *alt_key, ieee802154_key_t* uat_key)
static guint ieee802154_set_mle_key(ieee802154_packet *packet, unsigned char *key, unsigned char *alt_key, ieee802154_key_t *uat_key)
{
mle_set_mle_key_func func = (mle_set_mle_key_func)wmem_tree_lookup32(mle_key_hash_handlers, uat_key->hash_type);
ieee802154_set_key_func func = (ieee802154_set_key_func)wmem_tree_lookup32(mle_key_hash_handlers, uat_key->hash_type);
if (func != NULL)
return func(packet, key, alt_key, uat_key);
@ -518,10 +518,10 @@ static gboolean ieee802154_set_mle_key(ieee802154_packet *packet, unsigned char
if (packet->key_index == uat_key->key_index)
{
memcpy(key, uat_key->key, IEEE802154_CIPHER_SIZE);
return TRUE;
return 1;
}
return FALSE;
return 0;
}
static int

3
epan/dissectors/packet-mle.h
View File

@ -14,7 +14,6 @@
#include "packet-ieee802154.h"
typedef gboolean (*mle_set_mle_key_func) (ieee802154_packet * packet, unsigned char* key, unsigned char* alt_key, ieee802154_key_t* uat_key);
extern void register_mle_key_hash_handler(guint hash_identifier, mle_set_mle_key_func key_func);
extern void register_mle_key_hash_handler(guint hash_identifier, ieee802154_set_key_func key_func);
#endif

14
epan/dissectors/packet-thread.c
View File

@ -766,7 +766,7 @@ static void create_thread_temp_keys(GByteArray *seq_ctr_bytes, guint16 src_pan,
}
/* Set MAC key for Thread hash */
static gboolean set_thread_mac_key(ieee802154_packet * packet, unsigned char* key, unsigned char* alt_key, ieee802154_key_t* uat_key)
static guint set_thread_mac_key(ieee802154_packet *packet, unsigned char *key, unsigned char *alt_key, ieee802154_key_t *uat_key)
{
GByteArray *seq_ctr_bytes = NULL;
@ -778,7 +778,7 @@ static gboolean set_thread_mac_key(ieee802154_packet * packet, unsigned char* ke
{
/* This is the well-known Thread key. No need for an alternative key */
memcpy(key, thread_well_known_key, IEEE802154_CIPHER_SIZE);
return TRUE;
return 1;
}
if (seq_ctr_bytes != NULL) {
create_thread_temp_keys(seq_ctr_bytes, packet->src_pan, uat_key, key, NULL);
@ -786,14 +786,14 @@ static gboolean set_thread_mac_key(ieee802154_packet * packet, unsigned char* ke
seq_ctr_bytes->data[3] ^= 0x80;
create_thread_temp_keys(seq_ctr_bytes, packet->src_pan, uat_key, alt_key, NULL);
g_byte_array_free(seq_ctr_bytes, TRUE);
return TRUE;
return 2;
}
return FALSE;
return 0;
}
/* Set MLE key for Thread hash */
static gboolean set_thread_mle_key(ieee802154_packet * packet, unsigned char* key, unsigned char* alt_key, ieee802154_key_t* uat_key)
static guint set_thread_mle_key(ieee802154_packet *packet, unsigned char *key, unsigned char *alt_key, ieee802154_key_t *uat_key)
{
GByteArray *seq_ctr_bytes = NULL;
if (packet->key_id_mode == KEY_ID_MODE_KEY_INDEX) {
@ -819,10 +819,10 @@ static gboolean set_thread_mle_key(ieee802154_packet * packet, unsigned char* ke
seq_ctr_bytes->data[3] ^= 0x80;
create_thread_temp_keys(seq_ctr_bytes, packet->src_pan, uat_key, NULL, alt_key);
g_byte_array_free(seq_ctr_bytes, TRUE);
return TRUE;
return 2;
}
return FALSE;
return 0;
}
static guint