forked from osmocom/wireshark
libgcrypt: Require version 1.8.0
Libgcrypt 1.8.x is required for a large amount of decryption support and is the current LTS version of libgcrypt. The 1.6 and 1.7 series have been end-of-life since 2017-06-30 and 2019-06-30, respectively. The Linux distributions that have versions of libgcrypt before 1.8.0 are nearing or at end of support (RHEL7, SLES 12, Debian stretch, Ubuntu 16.04LTS) and can be supported by the Wireshark 3.6 LTS release series. Remove an enormous amount of ifdefs based on libgcrypt versions 1.6.0, 1.7.0, and 1.8.0. There will be a second pass for the commons defines HAVE_LIBGCRYPT_AEAD, HAVE_LIBGCRYPT_CHACHA20, and HAVE_LIBGCRYPT_CHACHA20_POLY1305, which are now always defined. The ISAKMP dissector has some comments noting that some workarounds were used for libgcrypt 1.6 that aren't needed with 1.7; perhaps that could be updated now.
This commit is contained in:
parent
9c115d0ed5
commit
b80cdaa243
|
@ -1141,7 +1141,7 @@ find_package(GMODULE2)
|
|||
reset_find_package(GTHREAD2)
|
||||
find_package(GTHREAD2 REQUIRED)
|
||||
reset_find_package(GCRYPT GCRYPT_ERROR_LIBRARY)
|
||||
find_package(GCRYPT "1.5.0" REQUIRED)
|
||||
find_package(GCRYPT "1.8.0" REQUIRED)
|
||||
# C Asynchronous resolver
|
||||
reset_find_package(CARES)
|
||||
find_package(CARES "1.5.0" REQUIRED)
|
||||
|
@ -1852,31 +1852,6 @@ endif()
|
|||
|
||||
feature_summary(WHAT ALL)
|
||||
|
||||
# Newer Libgcrypt versions may be required for certain functionality:
|
||||
# 1.6
|
||||
# - IEEE 802.11 TDLS, AES-GCMP-128 and AES-GCMP-256 decryption
|
||||
# - IEEE 802.11 WPA3-Personal / SAE decryption
|
||||
# - BT Mesh decryption
|
||||
# - Distributed Object Framework (DOF) decryption
|
||||
# - IKEv2 integrity check
|
||||
# - LoRaWAN integrity check
|
||||
# - LTE PDCP EIA2 integrity check
|
||||
# - QUIC decryption support
|
||||
# - SMB3 AES-128-CCM/GCM decryption
|
||||
# - TLS 1.3 0-RTT decryption
|
||||
# - TLS GCM/CCM ciphers integrity check
|
||||
# 1.7
|
||||
# - QUIC ChaCha20-Poly1305 decryption
|
||||
# - TLS 1.3 ChaCha20-Poly1305 decryption
|
||||
# 1.8
|
||||
# - dcerpc-netlogon NETLOGON_FLAG_AES decryption
|
||||
# - WireGuard decryption
|
||||
if(GCRYPT_VERSION VERSION_LESS 1.6.0)
|
||||
message(WARNING "Libgcrypt version 1.6.0 or newer is strongly recommended for improved decryption support, found ${GCRYPT_VERSION}")
|
||||
elseif(GCRYPT_VERSION VERSION_LESS 1.8.0)
|
||||
message(WARNING "Libgcrypt version 1.8.0 or newer is recommended for full decryption functionality, found ${GCRYPT_VERSION}")
|
||||
endif()
|
||||
|
||||
# Should this be part of libui?
|
||||
if(WIN32)
|
||||
set(PLATFORM_UI_SRC
|
||||
|
|
|
@ -28,16 +28,10 @@ set(CRYPT_FILES
|
|||
${CUSTOM_CRYPT_SRC}
|
||||
)
|
||||
|
||||
if (GCRYPT_VERSION VERSION_LESS 1.6.0)
|
||||
list(APPEND CRYPT_FILES
|
||||
dot11decrypt_ccmp_compat.c
|
||||
)
|
||||
else()
|
||||
list(APPEND CRYPT_FILES
|
||||
dot11decrypt_ccmp.c
|
||||
dot11decrypt_gcmp.c
|
||||
)
|
||||
endif()
|
||||
list(APPEND CRYPT_FILES
|
||||
dot11decrypt_ccmp.c
|
||||
dot11decrypt_gcmp.c
|
||||
)
|
||||
|
||||
source_group(crypt FILES ${CRYPT_FILES})
|
||||
|
||||
|
|
|
@ -200,13 +200,11 @@ static INT Dot11DecryptRsnaMicCheck(
|
|||
int akm)
|
||||
;
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600
|
||||
static gint
|
||||
Dot11DecryptFtMicCheck(
|
||||
const PDOT11DECRYPT_ASSOC_PARSED assoc_parsed,
|
||||
const guint8 *kck,
|
||||
size_t kck_len);
|
||||
#endif
|
||||
|
||||
static PDOT11DECRYPT_SEC_ASSOCIATION
|
||||
Dot11DecryptGetSa(
|
||||
|
@ -1814,7 +1812,6 @@ Dot11DecryptRsna4WHandshake(
|
|||
}
|
||||
|
||||
/* Refer to IEEE 802.11-2016 Chapeter 13.8 FT authentication sequence */
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600
|
||||
gint
|
||||
Dot11DecryptScanFtAssocForKeys(
|
||||
const PDOT11DECRYPT_CONTEXT ctx,
|
||||
|
@ -1974,18 +1971,6 @@ Dot11DecryptScanFtAssocForKeys(
|
|||
Dot11DecryptCopyKey(sa, used_key);
|
||||
return DOT11DECRYPT_RET_SUCCESS_HANDSHAKE;
|
||||
}
|
||||
#else
|
||||
gint
|
||||
Dot11DecryptScanFtAssocForKeys(
|
||||
const PDOT11DECRYPT_CONTEXT ctx _U_,
|
||||
const PDOT11DECRYPT_ASSOC_PARSED assoc_parsed _U_,
|
||||
guint8 *decrypted_gtk _U_, size_t *decrypted_len _U_,
|
||||
DOT11DECRYPT_KEY_ITEM* used_item _U_)
|
||||
{
|
||||
ws_info("Skipped Dot11DecryptScanFtAssocForKeys, libgcrypt >= 1.6");
|
||||
return DOT11DECRYPT_RET_UNSUCCESS;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* From IEEE 802.11-2016 Table 12-8 Integrity and key-wrap algorithms */
|
||||
static int
|
||||
|
@ -1998,7 +1983,6 @@ Dot11DecryptGetIntegrityAlgoFromAkm(int akm, int *algo, gboolean *hmac)
|
|||
*algo = GCRY_MD_SHA1;
|
||||
*hmac = TRUE;
|
||||
break;
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600
|
||||
case 3:
|
||||
case 4:
|
||||
case 5:
|
||||
|
@ -2010,7 +1994,6 @@ Dot11DecryptGetIntegrityAlgoFromAkm(int akm, int *algo, gboolean *hmac)
|
|||
*algo = GCRY_MAC_CMAC_AES;
|
||||
*hmac = FALSE;
|
||||
break;
|
||||
#endif
|
||||
case 11:
|
||||
case 18:
|
||||
*algo = GCRY_MD_SHA256;
|
||||
|
@ -2105,7 +2088,6 @@ Dot11DecryptRsnaMicCheck(
|
|||
* — FTE, with the MIC field of the FTE set to 0
|
||||
* — Contents of the RIC-Response (if present)
|
||||
*/
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600
|
||||
static gint
|
||||
Dot11DecryptFtMicCheck(
|
||||
const PDOT11DECRYPT_ASSOC_PARSED assoc_parsed,
|
||||
|
@ -2182,7 +2164,6 @@ Dot11DecryptFtMicCheck(
|
|||
gcry_mac_close(handle);
|
||||
return DOT11DECRYPT_RET_SUCCESS;
|
||||
}
|
||||
#endif
|
||||
|
||||
static INT
|
||||
Dot11DecryptValidateKey(
|
||||
|
@ -2986,36 +2967,22 @@ static INT
|
|||
Dot11DecryptTDLSDeriveKey(
|
||||
PDOT11DECRYPT_SEC_ASSOCIATION sa,
|
||||
const guint8 *data,
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600
|
||||
guint offset_rsne,
|
||||
#else
|
||||
guint offset_rsne _U_,
|
||||
#endif
|
||||
guint offset_fte,
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600
|
||||
guint offset_timeout,
|
||||
#else
|
||||
guint offset_timeout _U_,
|
||||
#endif
|
||||
guint offset_link,
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600
|
||||
guint8 action)
|
||||
#else
|
||||
guint8 action _U_)
|
||||
#endif
|
||||
{
|
||||
|
||||
gcry_md_hd_t sha256_handle;
|
||||
gcry_md_hd_t hmac_handle;
|
||||
const guint8 *snonce, *anonce, *initiator, *responder, *bssid;
|
||||
guint8 key_input[32];
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600
|
||||
guint8 mic[16], seq_num = action + 1;
|
||||
guint8 zeros[16] = { 0 };
|
||||
gcry_mac_hd_t cmac_handle;
|
||||
size_t cmac_len = 16;
|
||||
size_t cmac_write_len;
|
||||
#endif
|
||||
|
||||
/* Get key input */
|
||||
anonce = &data[offset_fte + 20];
|
||||
|
@ -3060,7 +3027,6 @@ Dot11DecryptTDLSDeriveKey(
|
|||
gcry_md_close(hmac_handle);
|
||||
|
||||
/* Check MIC */
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600
|
||||
if (gcry_mac_open(&cmac_handle, GCRY_MAC_CMAC_AES, 0, NULL)) {
|
||||
return DOT11DECRYPT_RET_UNSUCCESS;
|
||||
}
|
||||
|
@ -3094,10 +3060,6 @@ Dot11DecryptTDLSDeriveKey(
|
|||
return DOT11DECRYPT_RET_UNSUCCESS;
|
||||
}
|
||||
gcry_mac_close(cmac_handle);
|
||||
#else
|
||||
ws_info("MIC verification failed, need libgcrypt >= 1.6");
|
||||
return DOT11DECRYPT_RET_UNSUCCESS;
|
||||
#endif
|
||||
/* TODO support other akm and ciphers? */
|
||||
sa->wpa.akm = 2;
|
||||
sa->wpa.cipher = 4;
|
||||
|
|
|
@ -1,262 +0,0 @@
|
|||
/* dot11decrypt_ccmp_compat.c
|
||||
*
|
||||
* Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
|
||||
* Copyright (c) 2006 CACE Technologies, Davis (California)
|
||||
* All rights reserved.
|
||||
*
|
||||
* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0-only)
|
||||
*/
|
||||
|
||||
/*
|
||||
* This file is only used for backwards compatibility with libgcrypt
|
||||
* versions < 1.6.0 that don't support AEAD. When building towards later
|
||||
* versions dot11decrypt_ccmp.c file is used instead
|
||||
*/
|
||||
|
||||
/*
|
||||
* Note: This file was derived from the FreeBSD source code, RELENG 6,
|
||||
* sys/net80211/ieee80211_crypto_ccmp.c
|
||||
*/
|
||||
|
||||
/****************************************************************************/
|
||||
/* File includes */
|
||||
#include "config.h"
|
||||
#include "dot11decrypt_system.h"
|
||||
#include "dot11decrypt_int.h"
|
||||
|
||||
#include "dot11decrypt_debug.h"
|
||||
#include <glib.h>
|
||||
#include <wsutil/wsgcrypt.h>
|
||||
|
||||
/****************************************************************************/
|
||||
/* Internal definitions */
|
||||
|
||||
#define AES_BLOCK_LEN 16
|
||||
|
||||
#define FC1_AAD_MASK 0xc7
|
||||
#define FC1_AAD_QOS_MASK 0x47
|
||||
|
||||
/****************************************************************************/
|
||||
/* Internal macros */
|
||||
|
||||
#define XOR_BLOCK(b, a, len) { \
|
||||
INT __i__; \
|
||||
for (__i__ = 0; __i__ < (INT)(len); __i__++) \
|
||||
(b)[__i__] ^= (a)[__i__]; \
|
||||
}
|
||||
|
||||
#define CCMP_DECRYPT(_i, _b, _b0, _pos, _a, _len) { \
|
||||
/* Decrypt, with counter */ \
|
||||
_b0[14] = (UINT8)((_i >> 8) & 0xff); \
|
||||
_b0[15] = (UINT8)(_i & 0xff); \
|
||||
gcry_cipher_encrypt(rijndael_handle, _b, AES_BLOCK_LEN, _b0, AES_BLOCK_LEN); \
|
||||
XOR_BLOCK(_pos, _b, _len); \
|
||||
/* Authentication */ \
|
||||
XOR_BLOCK(_a, _pos, _len); \
|
||||
gcry_cipher_encrypt(rijndael_handle, _a, AES_BLOCK_LEN, NULL, 0); \
|
||||
}
|
||||
|
||||
#define READ_6(b0, b1, b2, b3, b4, b5) \
|
||||
((((UINT64)((UINT16)((b4 << 0) | (b5 << 8)))) << 32) | \
|
||||
((UINT32)((b0 << 0) | (b1 << 8) | (b2 << 16) | (b3 << 24))))
|
||||
|
||||
/****************************************************************************/
|
||||
/* Internal function prototypes declarations */
|
||||
|
||||
static void ccmp_init_blocks(
|
||||
gcry_cipher_hd_t rijndael_handle,
|
||||
PDOT11DECRYPT_MAC_FRAME wh,
|
||||
UINT64 pn,
|
||||
size_t dlen,
|
||||
UINT8 b0[AES_BLOCK_LEN],
|
||||
UINT8 aad[2 * AES_BLOCK_LEN],
|
||||
UINT8 a[AES_BLOCK_LEN],
|
||||
UINT8 b[AES_BLOCK_LEN])
|
||||
;
|
||||
|
||||
/****************************************************************************/
|
||||
/* Function definitions */
|
||||
|
||||
static void ccmp_init_blocks(
|
||||
gcry_cipher_hd_t rijndael_handle,
|
||||
PDOT11DECRYPT_MAC_FRAME wh,
|
||||
UINT64 pn,
|
||||
size_t dlen,
|
||||
UINT8 b0[AES_BLOCK_LEN],
|
||||
UINT8 aad[2 * AES_BLOCK_LEN],
|
||||
UINT8 a[AES_BLOCK_LEN],
|
||||
UINT8 b[AES_BLOCK_LEN])
|
||||
{
|
||||
UINT8 mgmt = (DOT11DECRYPT_TYPE(wh->fc[0]) == DOT11DECRYPT_TYPE_MANAGEMENT);
|
||||
|
||||
memset(aad, 0, 2*AES_BLOCK_LEN);
|
||||
|
||||
/* CCM Initial Block:
|
||||
* Flag (Include authentication header, M=3 (8-octet MIC),
|
||||
* L=1 (2-octet Dlen))
|
||||
* Nonce: 0x00 | A2 | PN
|
||||
* Dlen */
|
||||
b0[0] = 0x59;
|
||||
/* NB: b0[1] set below */
|
||||
DOT11DECRYPT_ADDR_COPY(b0 + 2, wh->addr2);
|
||||
b0[8] = (UINT8)(pn >> 40);
|
||||
b0[9] = (UINT8)(pn >> 32);
|
||||
b0[10] = (UINT8)(pn >> 24);
|
||||
b0[11] = (UINT8)(pn >> 16);
|
||||
b0[12] = (UINT8)(pn >> 8);
|
||||
b0[13] = (UINT8)(pn >> 0);
|
||||
b0[14] = (UINT8)((UINT8)(dlen >> 8) & 0xff);
|
||||
b0[15] = (UINT8)(dlen & 0xff);
|
||||
|
||||
/* AAD:
|
||||
* FC with bits 4..6 and 11..13 masked to zero; 14 is always one; 15 zero when QoS Control field present
|
||||
* A1 | A2 | A3
|
||||
* SC with bits 4..15 (seq#) masked to zero
|
||||
* A4 (if present)
|
||||
* QC (if present)
|
||||
*/
|
||||
aad[0] = 0; /* AAD length >> 8 */
|
||||
/* NB: aad[1] set below */
|
||||
if (!mgmt)
|
||||
aad[2] = (UINT8)(wh->fc[0] & 0x8f); /* XXX magic #s */
|
||||
else
|
||||
aad[2] = wh->fc[0];
|
||||
if (DOT11DECRYPT_IS_QOS_DATA(wh)) {
|
||||
aad[3] = (UINT8)((wh->fc[1] & FC1_AAD_QOS_MASK) | 0x40);
|
||||
} else {
|
||||
aad[3] = (UINT8)((wh->fc[1] & FC1_AAD_MASK) | 0x40);
|
||||
}
|
||||
|
||||
/* NB: we know 3 addresses are contiguous */
|
||||
memcpy(aad + 4, (guint8 *)wh->addr1, 3 * DOT11DECRYPT_MAC_LEN);
|
||||
aad[22] = (UINT8)(wh->seq[0] & DOT11DECRYPT_SEQ_FRAG_MASK);
|
||||
aad[23] = 0; /* all bits masked */
|
||||
/*
|
||||
* Construct variable-length portion of AAD based
|
||||
* on whether this is a 4-address frame/QOS frame.
|
||||
* We always zero-pad to 32 bytes before running it
|
||||
* through the cipher.
|
||||
*
|
||||
* We also fill in the priority bits of the CCM
|
||||
* initial block as we know whether or not we have
|
||||
* a QOS frame.
|
||||
*/
|
||||
if (DOT11DECRYPT_IS_4ADDRESS(wh)) {
|
||||
DOT11DECRYPT_ADDR_COPY(aad + 24,
|
||||
((PDOT11DECRYPT_MAC_FRAME_ADDR4)wh)->addr4);
|
||||
if (DOT11DECRYPT_IS_QOS_DATA(wh)) {
|
||||
PDOT11DECRYPT_MAC_FRAME_ADDR4_QOS qwh4 =
|
||||
(PDOT11DECRYPT_MAC_FRAME_ADDR4_QOS) wh;
|
||||
aad[30] = (UINT8)(qwh4->qos[0] & 0x0f);/* just priority bits */
|
||||
aad[31] = 0;
|
||||
b0[1] = aad[30];
|
||||
aad[1] = 22 + DOT11DECRYPT_MAC_LEN + 2;
|
||||
} else {
|
||||
memset(&aad[30], 0, 2);
|
||||
b0[1] = 0;
|
||||
aad[1] = 22 + DOT11DECRYPT_MAC_LEN;
|
||||
}
|
||||
} else {
|
||||
if (DOT11DECRYPT_IS_QOS_DATA(wh)) {
|
||||
PDOT11DECRYPT_MAC_FRAME_QOS qwh =
|
||||
(PDOT11DECRYPT_MAC_FRAME_QOS) wh;
|
||||
aad[24] = (UINT8)(qwh->qos[0] & 0x0f); /* just priority bits */
|
||||
aad[25] = 0;
|
||||
b0[1] = aad[24];
|
||||
aad[1] = 22 + 2;
|
||||
} else {
|
||||
memset(&aad[24], 0, 2);
|
||||
b0[1] = 0;
|
||||
aad[1] = 22;
|
||||
}
|
||||
if (mgmt)
|
||||
b0[1] |= 0x10; /* set MGMT flag */
|
||||
memset(&aad[26], 0, 4);
|
||||
}
|
||||
|
||||
/* Start with the first block and AAD */
|
||||
gcry_cipher_encrypt(rijndael_handle, a, AES_BLOCK_LEN, b0, AES_BLOCK_LEN);
|
||||
XOR_BLOCK(a, aad, AES_BLOCK_LEN);
|
||||
gcry_cipher_encrypt(rijndael_handle, a, AES_BLOCK_LEN, NULL, 0);
|
||||
XOR_BLOCK(a, &aad[AES_BLOCK_LEN], AES_BLOCK_LEN);
|
||||
gcry_cipher_encrypt(rijndael_handle, a, AES_BLOCK_LEN, NULL, 0);
|
||||
b0[0] &= 0x07;
|
||||
b0[14] = b0[15] = 0;
|
||||
gcry_cipher_encrypt(rijndael_handle, b, AES_BLOCK_LEN, b0, AES_BLOCK_LEN);
|
||||
|
||||
/** //XOR( m + len - 8, b, 8 ); **/
|
||||
}
|
||||
|
||||
int Dot11DecryptCcmpDecrypt(
|
||||
guint8 *m,
|
||||
int mac_header_len,
|
||||
int len,
|
||||
guint8 *TK1,
|
||||
int tk_len,
|
||||
int mic_len)
|
||||
{
|
||||
PDOT11DECRYPT_MAC_FRAME wh;
|
||||
UINT8 aad[2 * AES_BLOCK_LEN];
|
||||
UINT8 b0[AES_BLOCK_LEN], b[AES_BLOCK_LEN], a[AES_BLOCK_LEN];
|
||||
UINT8 mic[AES_BLOCK_LEN];
|
||||
ssize_t data_len;
|
||||
UINT i;
|
||||
UINT8 *pos;
|
||||
UINT space;
|
||||
INT z = mac_header_len;
|
||||
gcry_cipher_hd_t rijndael_handle;
|
||||
UINT64 PN;
|
||||
UINT8 *ivp=m+z;
|
||||
|
||||
if (tk_len > 16 || mic_len > 8) {
|
||||
/* NOT SUPPORTED*/
|
||||
return 1;
|
||||
}
|
||||
|
||||
PN = READ_6(ivp[0], ivp[1], ivp[4], ivp[5], ivp[6], ivp[7]);
|
||||
|
||||
if (gcry_cipher_open(&rijndael_handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) {
|
||||
return 1;
|
||||
}
|
||||
if (gcry_cipher_setkey(rijndael_handle, TK1, 16)) {
|
||||
gcry_cipher_close(rijndael_handle);
|
||||
return 1;
|
||||
}
|
||||
|
||||
wh = (PDOT11DECRYPT_MAC_FRAME )m;
|
||||
data_len = len - (z + DOT11DECRYPT_CCMP_HEADER+DOT11DECRYPT_CCMP_TRAILER);
|
||||
if (data_len < 1) {
|
||||
gcry_cipher_close(rijndael_handle);
|
||||
return 0;
|
||||
}
|
||||
ccmp_init_blocks(rijndael_handle, wh, PN, data_len, b0, aad, a, b);
|
||||
memcpy(mic, m+len-DOT11DECRYPT_CCMP_TRAILER, DOT11DECRYPT_CCMP_TRAILER);
|
||||
XOR_BLOCK(mic, b, DOT11DECRYPT_CCMP_TRAILER);
|
||||
|
||||
i = 1;
|
||||
pos = (UINT8 *)m + z + DOT11DECRYPT_CCMP_HEADER;
|
||||
space = len - (z + DOT11DECRYPT_CCMP_HEADER);
|
||||
|
||||
if (space > data_len)
|
||||
space = (UINT)data_len;
|
||||
while (space >= AES_BLOCK_LEN) {
|
||||
CCMP_DECRYPT(i, b, b0, pos, a, AES_BLOCK_LEN);
|
||||
pos += AES_BLOCK_LEN;
|
||||
space -= AES_BLOCK_LEN;
|
||||
i++;
|
||||
}
|
||||
|
||||
if (space != 0) /* short last block */
|
||||
CCMP_DECRYPT(i, b, b0, pos, a, space);
|
||||
|
||||
gcry_cipher_close(rijndael_handle);
|
||||
/* MIC Key ?= MIC */
|
||||
if (memcmp(mic, a, DOT11DECRYPT_CCMP_TRAILER) == 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* TODO replay check (IEEE 802.11i-2004, pg. 62) */
|
||||
/* TODO PN must be incremental (IEEE 802.11i-2004, pg. 62) */
|
||||
|
||||
return 1;
|
||||
}
|
|
@ -177,24 +177,12 @@ int Dot11DecryptCcmpDecrypt(
|
|||
int tk_len,
|
||||
int mic_len);
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
int Dot11DecryptGcmpDecrypt(
|
||||
guint8 *m,
|
||||
int mac_header_len,
|
||||
int len,
|
||||
guint8 *TK1,
|
||||
int tk_len);
|
||||
#else
|
||||
static inline int Dot11DecryptGcmpDecrypt(
|
||||
guint8 *m _U_,
|
||||
int mac_header_len _U_,
|
||||
int len _U_,
|
||||
guint8 *TK1 _U_,
|
||||
int tk_len _U_)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
INT Dot11DecryptTkipDecrypt(
|
||||
UCHAR *tkip_mpdu,
|
||||
|
|
|
@ -155,8 +155,6 @@ static guint32 sequence_counter[E_BTMESH_PROXY_SIDE_LAST];
|
|||
static guint32 fragment_counter[E_BTMESH_PROXY_SIDE_LAST];
|
||||
static gboolean first_pass;
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
|
||||
static gint
|
||||
dissect_btmesh_proxy_configuration_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
|
||||
{
|
||||
|
@ -281,17 +279,6 @@ dissect_btmesh_proxy_configuration_msg(tvbuff_t *tvb, packet_info *pinfo, proto_
|
|||
return offset;
|
||||
}
|
||||
|
||||
#else /* GCRYPT_VERSION_NUMBER >= 0x010600 */
|
||||
|
||||
static gint
|
||||
dissect_btmesh_proxy_configuration_msg(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
|
||||
{
|
||||
proto_tree_add_item(tree, hf_btmesh_proxy_data, tvb, 0, tvb_reported_length(tvb), ENC_NA);
|
||||
return tvb_reported_length(tvb);
|
||||
}
|
||||
|
||||
#endif/* GCRYPT_VERSION_NUMBER >= 0x010600 */
|
||||
|
||||
static gint
|
||||
dissect_btmesh_proxy_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *proxy_data)
|
||||
{
|
||||
|
|
|
@ -1740,7 +1740,6 @@ static int hf_bt_characteristic_percentage_8 = -1;
|
|||
static int hf_bt_characteristic_time_millisecond_24 = -1;
|
||||
static int hf_bt_characteristic_time_second_16 = -1;
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
static const
|
||||
bt_property_raw_value_entry_t sensor_column_status_hfs = {
|
||||
.hf_raw_value_a = &hf_btmesh_sensor_column_status_raw_value_a,
|
||||
|
@ -1796,7 +1795,6 @@ bt_property_columns_raw_value_t sensor_series_get_hfs = {
|
|||
.hf_raw_value_a1 = &hf_btmesh_sensor_series_get_raw_value_a1,
|
||||
.hf_raw_value_a2 = &hf_btmesh_sensor_series_get_raw_value_a2
|
||||
};
|
||||
#endif
|
||||
|
||||
static int ett_btmesh = -1;
|
||||
static int ett_btmesh_net_pdu = -1;
|
||||
|
@ -2414,8 +2412,6 @@ static const value_string btmesh_defined_or_dash_vals[] = {
|
|||
{ 0, NULL }
|
||||
};
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
|
||||
static int * const config_composition_data_status_features_headers[] = {
|
||||
&hf_btmesh_config_composition_data_status_features_relay,
|
||||
&hf_btmesh_config_composition_data_status_features_proxy,
|
||||
|
@ -2481,8 +2477,6 @@ static const fragment_items btmesh_segmented_control_frag_items = {
|
|||
"fragments"
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
static const value_string btmesh_status_code_vals[] = {
|
||||
{ 0x00, "Success" },
|
||||
{ 0x01, "Invalid Address" },
|
||||
|
@ -2785,7 +2779,6 @@ static const value_string btmesh_properties_vals[] = {
|
|||
{ PROPERTY_OUTPUT_CURRENT_PERCENT , "Output Current Percent" },
|
||||
{ 0, NULL }
|
||||
};
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
|
||||
static const btmesh_property_t btmesh_properties[] = {
|
||||
{ PHONY_PROPERTY_PERCENTAGE_CHANGE_16 , PHONY_CHARACTERISTIC_PERCENTAGE_CHANGE_16 },
|
||||
|
@ -3072,7 +3065,6 @@ static const bt_gatt_characteristic_t bt_gatt_characteristics[] = {
|
|||
{ CHARACTERISTIC_WIND_CHILL , 1, NULL , DISSECTOR_SIMPLE },
|
||||
{ 0, 0, NULL, 0},
|
||||
};
|
||||
#endif /* GCRYPT_VERSION_NUMBER >= 0x010600 */
|
||||
|
||||
/* Upper Transport Message reassembly */
|
||||
|
||||
|
@ -3180,7 +3172,6 @@ upper_transport_init_routine(void)
|
|||
}
|
||||
|
||||
/* A BT Mesh dissector is not realy useful without decryption as all packets are encrypted. Just leave a stub dissector outside of */
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
|
||||
/* BT Mesh s1 function */
|
||||
static gboolean
|
||||
|
@ -3630,8 +3621,6 @@ btmesh_deobfuscate(tvbuff_t *tvb, packet_info *pinfo, int offset _U_, uat_btmesh
|
|||
return de_obf_tvb;
|
||||
}
|
||||
|
||||
#endif /* GCRYPT_VERSION_NUMBER >= 0x010600 */
|
||||
|
||||
static const gchar *period_interval_unit[] = {"ms", "s", "s", "min"};
|
||||
static const guint32 period_interval_multiplier[] = {100, 1, 10, 10};
|
||||
|
||||
|
@ -4395,8 +4384,6 @@ format_time_second_16(gchar *buf, guint32 value) {
|
|||
}
|
||||
}
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
|
||||
static guint16
|
||||
find_characteristic_id(guint16 property_id)
|
||||
{
|
||||
|
@ -8123,56 +8110,6 @@ dissect_btmesh_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *da
|
|||
return offset;
|
||||
}
|
||||
|
||||
#else /* GCRYPT_VERSION_NUMBER >= 0x010600 */
|
||||
|
||||
static gboolean
|
||||
create_master_security_keys(uat_btmesh_record_t * net_key_set _U_)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
static gboolean
|
||||
k4(uat_btmesh_record_t *key_set _U_)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
static gboolean
|
||||
label_uuid_hash(uat_btmesh_label_uuid_record_t *label_uuid_record _U_)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* Stub dissector if decryption not available on build system */
|
||||
static gint
|
||||
dissect_btmesh_msg(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
|
||||
{
|
||||
proto_item *item;
|
||||
proto_tree *sub_tree;
|
||||
int offset = 0;
|
||||
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "BT Mesh");
|
||||
col_clear(pinfo->cinfo, COL_INFO);
|
||||
|
||||
item = proto_tree_add_item(tree, proto_btmesh, tvb, offset, -1, ENC_NA);
|
||||
sub_tree = proto_item_add_subtree(item, ett_btmesh);
|
||||
|
||||
/* First byte in plaintext */
|
||||
/* IVI 1 bit Least significant bit of IV Index */
|
||||
proto_tree_add_item(sub_tree, hf_btmesh_ivi, tvb, offset, 1, ENC_BIG_ENDIAN);
|
||||
proto_tree_add_item(sub_tree, hf_btmesh_nid, tvb, offset, 1, ENC_BIG_ENDIAN);
|
||||
offset++;
|
||||
|
||||
proto_tree_add_item(sub_tree, hf_btmesh_obfuscated, tvb, offset, 6, ENC_NA);
|
||||
offset += 6;
|
||||
|
||||
proto_tree_add_item(sub_tree, hf_btmesh_encrypted, tvb, offset, -1, ENC_NA);
|
||||
|
||||
return tvb_reported_length(tvb);
|
||||
}
|
||||
|
||||
#endif /* GCRYPT_VERSION_NUMBER >= 0x010600 */
|
||||
|
||||
static gint
|
||||
compute_ascii_key(guchar **ascii_key, const gchar *key, const gchar *key_name, guint expected_octets, char **err)
|
||||
{
|
||||
|
|
|
@ -6802,7 +6802,6 @@ netlogon_dissect_netrserverauthenticate023_reply(tvbuff_t *tvb, int offset,
|
|||
debugprintf("Found %d passwords \n",list_size);
|
||||
if( flags & NETLOGON_FLAG_AES )
|
||||
{
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010800 /* 1.8.0 */
|
||||
guint8 salt_buf[16] = { 0 };
|
||||
guint8 sha256[HASH_SHA2_256_LENGTH];
|
||||
guint64 calculated_cred;
|
||||
|
@ -6872,7 +6871,6 @@ netlogon_dissect_netrserverauthenticate023_reply(tvbuff_t *tvb, int offset,
|
|||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
} else if ( flags & NETLOGON_FLAG_STRONGKEY ) {
|
||||
guint8 zeros[4] = { 0 };
|
||||
guint8 md5[HASH_MD5_LENGTH];
|
||||
|
@ -7877,7 +7875,6 @@ static int get_seal_key(const guint8 *session_key,int key_len,guint8* seal_key)
|
|||
|
||||
}
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010800 /* 1.8.0 */
|
||||
static guint64 uncrypt_sequence_aes(guint8* session_key,guint64 checksum,guint64 enc_seq,unsigned char is_server _U_)
|
||||
{
|
||||
gcry_error_t err;
|
||||
|
@ -7920,7 +7917,6 @@ static guint64 uncrypt_sequence_aes(guint8* session_key,guint64 checksum,guint64
|
|||
gcry_cipher_close(cipher_hd);
|
||||
return enc_seq;
|
||||
}
|
||||
#endif
|
||||
|
||||
static guint64 uncrypt_sequence_strong(guint8* session_key,guint64 checksum,guint64 enc_seq,unsigned char is_server _U_)
|
||||
{
|
||||
|
@ -7958,11 +7954,9 @@ static guint64 uncrypt_sequence_strong(guint8* session_key,guint64 checksum,guin
|
|||
|
||||
static guint64 uncrypt_sequence(guint32 flags, guint8* session_key,guint64 checksum,guint64 enc_seq,unsigned char is_server _U_)
|
||||
{
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010800 /* 1.8.0 */
|
||||
if (flags & NETLOGON_FLAG_AES) {
|
||||
return uncrypt_sequence_aes(session_key, checksum, enc_seq, is_server);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (flags & NETLOGON_FLAG_STRONGKEY) {
|
||||
return uncrypt_sequence_strong(session_key, checksum, enc_seq, is_server);
|
||||
|
@ -7971,7 +7965,6 @@ static guint64 uncrypt_sequence(guint32 flags, guint8* session_key,guint64 check
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010800 /* 1.8.0 */
|
||||
static gcry_error_t prepare_decryption_cipher_aes(netlogon_auth_vars *vars,
|
||||
gcry_cipher_hd_t *_cipher_hd)
|
||||
{
|
||||
|
@ -8010,7 +8003,6 @@ static gcry_error_t prepare_decryption_cipher_aes(netlogon_auth_vars *vars,
|
|||
*_cipher_hd = cipher_hd;
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
static gcry_error_t prepare_decryption_cipher_strong(netlogon_auth_vars *vars,
|
||||
gcry_cipher_hd_t *_cipher_hd)
|
||||
|
@ -8057,11 +8049,9 @@ static gcry_error_t prepare_decryption_cipher(netlogon_auth_vars *vars,
|
|||
{
|
||||
*_cipher_hd = NULL;
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010800 /* 1.8.0 */
|
||||
if (vars->flags & NETLOGON_FLAG_AES) {
|
||||
return prepare_decryption_cipher_aes(vars, _cipher_hd);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (vars->flags & NETLOGON_FLAG_STRONGKEY) {
|
||||
return prepare_decryption_cipher_strong(vars, _cipher_hd);
|
||||
|
|
|
@ -180,9 +180,6 @@
|
|||
#include <ctype.h>
|
||||
|
||||
#include <wsutil/wsgcrypt.h>
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
#define LIBGCRYPT_OK
|
||||
#endif
|
||||
|
||||
#include <epan/packet.h>
|
||||
#include <epan/proto.h>
|
||||
|
@ -1938,7 +1935,6 @@ static const value_string sgmp_opcode_strings[] = {
|
|||
#if 0 /* TODO not used yet */
|
||||
static gboolean sgmp_validate_session_key(sgmp_packet_data *cmd_data, guint8 *confirmation, guint8 *kek, guint8 *key)
|
||||
{
|
||||
#ifdef LIBGCRYPT_OK
|
||||
gcry_mac_hd_t hmac;
|
||||
gcry_error_t result;
|
||||
|
||||
|
@ -1952,9 +1948,6 @@ static gboolean sgmp_validate_session_key(sgmp_packet_data *cmd_data, guint8 *co
|
|||
gcry_mac_write(hmac, key, 32);
|
||||
result = gcry_mac_verify(hmac, confirmation, sizeof(confirmation));
|
||||
return result == 0;
|
||||
#else
|
||||
return FALSE;
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -9103,7 +9096,6 @@ static int dissect_sgmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, voi
|
|||
return offset;
|
||||
}
|
||||
|
||||
#ifdef LIBGCRYPT_OK
|
||||
static gboolean validate_session_key(tep_rekey_data *rekey, guint S_length, guint8 *S, guint8 *confirmation, guint8 *key)
|
||||
{
|
||||
guint8 pad[16];
|
||||
|
@ -9125,12 +9117,6 @@ static gboolean validate_session_key(tep_rekey_data *rekey, guint S_length, guin
|
|||
result = gcry_mac_verify(hmac, confirmation, 32);
|
||||
return result == 0;
|
||||
}
|
||||
#else
|
||||
static gboolean validate_session_key(tep_rekey_data *rekey _U_, guint S_length _U_, guint8 *S _U_, guint8 *confirmation _U_, guint8 *key _U_)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
#endif
|
||||
|
||||
static int dissect_tep_dsp(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
|
||||
{
|
||||
|
@ -11315,11 +11301,7 @@ static void dof_register_dpp_2(void)
|
|||
{ &ei_dpp_default_flags, { "dof.dpp.v2.flags_included", PI_COMMENTS_GROUP, PI_NOTE, "Default flag value is included explicitly.", EXPFILL } },
|
||||
{ &ei_dpp_explicit_sender_sid_included, { "dof.dpp.v2.sender_sid_included", PI_PROTOCOL, PI_NOTE, "Explicit SID could be optimized, same as sender.", EXPFILL } },
|
||||
{ &ei_dpp_explicit_receiver_sid_included, { "dof.dpp.v2.receiver_sid_included", PI_PROTOCOL, PI_NOTE, "Explicit SID could be optimized, same as receiver.", EXPFILL } },
|
||||
#ifdef LIBGCRYPT_OK
|
||||
{ &ei_dpp_no_security_context, { "dof.dpp.v2.no_context", PI_UNDECODED, PI_WARN, "No security context to enable packet decryption.", EXPFILL } },
|
||||
#else
|
||||
{ &ei_dpp_no_security_context, { "dof.dpp.v2.no_context", PI_UNDECODED, PI_WARN, "This version of wireshark was built without DOF decryption capability", EXPFILL } },
|
||||
#endif
|
||||
};
|
||||
|
||||
static gint *sett[] =
|
||||
|
|
|
@ -6084,6 +6084,9 @@ dissect_enc(tvbuff_t *tvb,
|
|||
* - in 1.6.x length must be equal of cipher block length. Aaargh... :-(
|
||||
* We use accepted for both versions length of block size for GCM (16 bytes).
|
||||
* For CCM length given must be the same as given to gcry_cipher_ctl(GCRYCTL_SET_CCM_LENGTHS)
|
||||
*
|
||||
* XXX: We now require libgcrypt 1.8.0, so presumably this could
|
||||
* be updated?
|
||||
*/
|
||||
guchar *tag;
|
||||
gint tag_len = icv_len;
|
||||
|
|
|
@ -406,7 +406,6 @@ static device_encryption_keys_t *get_encryption_keys_dev_address(guint32 dev_add
|
|||
return NULL;
|
||||
}
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
static device_encryption_keys_t *get_encryption_keys_app_eui(const guint8 *appeui)
|
||||
{
|
||||
guint i;
|
||||
|
@ -452,7 +451,6 @@ calculate_mic(const guint8 *in, guint8 length, const guint8 *key)
|
|||
gcry_mac_close(mac_hd);
|
||||
return mac;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* length should be a multiple of 16, in should be padded to get to a multiple of 16 */
|
||||
static gboolean
|
||||
|
@ -648,9 +646,7 @@ dissect_lorawan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *d
|
|||
guint8 fport;
|
||||
guint32 dev_address;
|
||||
guint32 fcnt;
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
proto_item *checksum_item;
|
||||
#endif
|
||||
gboolean uplink = TRUE;
|
||||
device_encryption_keys_t *encryption_keys = NULL;
|
||||
|
||||
|
@ -693,7 +689,6 @@ dissect_lorawan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *d
|
|||
* cmac = aes128_cmac(AppKey, msg)
|
||||
* MIC = cmac[0..3]
|
||||
*/
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
encryption_keys = get_encryption_keys_app_eui(tvb_get_ptr(tvb, current_offset - 18, 8));
|
||||
if (encryption_keys) {
|
||||
proto_tree_add_checksum(lorawan_tree, tvb, current_offset, hf_lorawan_mic_type, hf_lorawan_mic_status_type, &ei_lorawan_mic, pinfo,
|
||||
|
@ -703,10 +698,6 @@ dissect_lorawan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *d
|
|||
0, ENC_LITTLE_ENDIAN, PROTO_CHECKSUM_NO_FLAGS);
|
||||
expert_add_info(pinfo, checksum_item, &ei_lorawan_unverified_mic);
|
||||
}
|
||||
#else
|
||||
proto_tree_add_checksum(lorawan_tree, tvb, current_offset, hf_lorawan_mic_type, hf_lorawan_mic_status_type, NULL, pinfo,
|
||||
0, ENC_LITTLE_ENDIAN, PROTO_CHECKSUM_NO_FLAGS);
|
||||
#endif
|
||||
return tvb_captured_length(tvb);
|
||||
} else if (mac_mtype == LORAWAN_MAC_MTYPE_JOINACCEPT) {
|
||||
tf = proto_tree_add_item(lorawan_tree, hf_lorawan_join_accept_type, tvb, current_offset, 12, ENC_NA);
|
||||
|
@ -733,7 +724,6 @@ dissect_lorawan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *d
|
|||
* cmac = aes128_cmac(AppKey, msg)
|
||||
* MIC = cmac[0..3]
|
||||
*/
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
encryption_keys = get_encryption_keys_dev_address(dev_address);
|
||||
if (encryption_keys) {
|
||||
proto_tree_add_checksum(lorawan_tree, tvb, current_offset, hf_lorawan_mic_type, hf_lorawan_mic_status_type, &ei_lorawan_mic, pinfo, calculate_mic(tvb_get_ptr(tvb, 0, current_offset), current_offset, encryption_keys->appskey->data), ENC_LITTLE_ENDIAN, PROTO_CHECKSUM_VERIFY);
|
||||
|
@ -742,10 +732,6 @@ dissect_lorawan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *d
|
|||
0, ENC_LITTLE_ENDIAN, PROTO_CHECKSUM_NO_FLAGS);
|
||||
expert_add_info(pinfo, checksum_item, &ei_lorawan_unverified_mic);
|
||||
}
|
||||
#else
|
||||
proto_tree_add_checksum(lorawan_tree, tvb, current_offset, hf_lorawan_mic_type, hf_lorawan_mic_status_type, NULL, pinfo,
|
||||
0, ENC_LITTLE_ENDIAN, PROTO_CHECKSUM_NO_FLAGS);
|
||||
#endif
|
||||
return tvb_captured_length(tvb);
|
||||
} else if ((mac_mtype >= LORAWAN_MAC_MTYPE_UNCONFIRMEDDATAUP) && (mac_mtype <= LORAWAN_MAC_MTYPE_CONFIRMEDDATADOWN)) {
|
||||
if (mac_mtype & 1) {
|
||||
|
@ -823,7 +809,6 @@ dissect_lorawan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *d
|
|||
* MIC = cmac[0..3]
|
||||
* B0 = 0x49 | 0x00 | 0x00 | 0x00 | 0x00 | dir | devAddr | fcntup/fcntdown | len(msg)
|
||||
*/
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
if (encryption_keys) {
|
||||
gint frame_length = current_offset;
|
||||
guint8 *msg = (guint8 *)wmem_alloc0(pinfo->pool, frame_length + 16);
|
||||
|
@ -839,10 +824,6 @@ dissect_lorawan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *d
|
|||
0, ENC_LITTLE_ENDIAN, PROTO_CHECKSUM_NO_FLAGS);
|
||||
expert_add_info(pinfo, checksum_item, &ei_lorawan_unverified_mic);
|
||||
}
|
||||
#else
|
||||
proto_tree_add_checksum(lorawan_tree, tvb, current_offset, hf_lorawan_mic_type, hf_lorawan_mic_status_type, NULL, pinfo,
|
||||
0, ENC_LITTLE_ENDIAN, PROTO_CHECKSUM_NO_FLAGS);
|
||||
#endif
|
||||
return tvb_captured_length(tvb);
|
||||
}
|
||||
|
||||
|
|
|
@ -1700,8 +1700,6 @@ static tvbuff_t *decipher_payload(tvbuff_t *tvb, packet_info *pinfo, int *offset
|
|||
|
||||
|
||||
/* Try to calculate digest to compare with that found in frame. */
|
||||
#if defined(HAVE_SNOW3G) || GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */ || defined(HAVE_ZUC)
|
||||
/* We can calculate it for at least some integrity types */
|
||||
static guint32 calculate_digest(pdu_security_settings_t *pdu_security_settings, guint8 header,
|
||||
tvbuff_t *tvb, packet_info *pinfo, gint offset, gboolean *calculated)
|
||||
{
|
||||
|
@ -1753,7 +1751,6 @@ static guint32 calculate_digest(pdu_security_settings_t *pdu_security_settings,
|
|||
}
|
||||
#endif
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
case eia2:
|
||||
{
|
||||
/* AES */
|
||||
|
@ -1813,7 +1810,6 @@ static guint32 calculate_digest(pdu_security_settings_t *pdu_security_settings,
|
|||
*calculated = TRUE;
|
||||
return ((mac[0] << 24) | (mac[1] << 16) | (mac[2] << 8) | mac[3]);
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_ZUC
|
||||
case eia3:
|
||||
{
|
||||
|
@ -1846,22 +1842,6 @@ static guint32 calculate_digest(pdu_security_settings_t *pdu_security_settings,
|
|||
return 0;
|
||||
}
|
||||
}
|
||||
#else /* defined(HAVE_SNOW3G) || GCRYPT_VERSION_NUMBER >= 0x010600 || defined(HAVE_ZUC) */
|
||||
/* We can't calculate it for any integrity types other than eia0 */
|
||||
static guint32 calculate_digest(pdu_security_settings_t *pdu_security_settings, guint8 header _U_,
|
||||
tvbuff_t *tvb _U_, packet_info *pinfo _U_, gint offset _U_, gboolean *calculated)
|
||||
{
|
||||
*calculated = FALSE;
|
||||
|
||||
if (pdu_security_settings->integrity == eia0) {
|
||||
/* Should be zero in this case */
|
||||
*calculated = TRUE;
|
||||
}
|
||||
|
||||
/* Otherwise, we can't calculate it */
|
||||
return 0;
|
||||
}
|
||||
#endif /* defined(HAVE_SNOW3G) || GCRYPT_VERSION_NUMBER >= 0x010600 || defined(HAVE_ZUC) */
|
||||
|
||||
/******************************/
|
||||
/* Main dissection function. */
|
||||
|
|
|
@ -1739,7 +1739,6 @@ static guint32 calculate_digest(pdu_security_settings_t *pdu_security_settings,
|
|||
}
|
||||
#endif
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
case nia2:
|
||||
{
|
||||
/* AES */
|
||||
|
@ -1802,7 +1801,6 @@ static guint32 calculate_digest(pdu_security_settings_t *pdu_security_settings,
|
|||
*calculated = TRUE;
|
||||
return ((mac[0] << 24) | (mac[1] << 16) | (mac[2] << 8) | mac[3]);
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_ZUC
|
||||
case nia3:
|
||||
{
|
||||
|
|
|
@ -10100,7 +10100,6 @@ static smb2_function smb2_dissector[256] = {
|
|||
#define SMB3_AES128CCM_NONCE 11
|
||||
#define SMB3_AES128GCM_NONCE 12
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
static gboolean is_decrypted_header_ok(guint8 *p, size_t size)
|
||||
{
|
||||
if (size < 4)
|
||||
|
@ -10362,7 +10361,6 @@ decrypt_smb_payload(packet_info *pinfo,
|
|||
sti->session->server_port = pinfo->srcport;
|
||||
return data;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
Append tvb[offset:offset+length] to out
|
||||
|
@ -10668,13 +10666,9 @@ dissect_smb2_transform_header(packet_info *pinfo, proto_tree *tree,
|
|||
sti->session = smb2_get_session(sti->conv, sti->sesid, NULL, NULL);
|
||||
smb2_add_session_info(sesid_tree, sesid_item, tvb, sesid_offset, sti->session);
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
if (sti->flags & SMB2_TRANSFORM_FLAGS_ENCRYPTED) {
|
||||
plain_data = decrypt_smb_payload(pinfo, tvb, offset, offset_aad, sti);
|
||||
}
|
||||
#else
|
||||
(void) offset_aad;
|
||||
#endif
|
||||
*enc_tvb = tvb_new_subset_length(tvb, offset, sti->size);
|
||||
|
||||
if (plain_data != NULL) {
|
||||
|
@ -10829,7 +10823,7 @@ dissect_smb2_tid_sesid(packet_info *pinfo _U_, proto_tree *tree, tvbuff_t *tvb,
|
|||
|
||||
return offset;
|
||||
}
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600
|
||||
|
||||
static void
|
||||
dissect_smb2_signature(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree, smb2_info_t *si)
|
||||
{
|
||||
|
@ -10896,7 +10890,6 @@ dissect_smb2_signature(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree
|
|||
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
static int
|
||||
dissect_smb2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, gboolean first_in_chain)
|
||||
|
@ -11063,11 +11056,7 @@ dissect_smb2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, gboolea
|
|||
offset = dissect_smb2_tid_sesid(pinfo, header_tree, tvb, offset, si);
|
||||
|
||||
/* Signature */
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600
|
||||
dissect_smb2_signature(pinfo, tvb, offset, header_tree, si);
|
||||
#else
|
||||
proto_tree_add_item(header_tree, hf_smb2_signature, tvb, offset, 16, ENC_NA);
|
||||
#endif
|
||||
offset += 16;
|
||||
proto_item_set_len(header_item, offset);
|
||||
|
||||
|
|
|
@ -83,11 +83,6 @@ void proto_reg_handoff_ssh(void);
|
|||
|
||||
/* proto data */
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010700 /* 1.7.0 */
|
||||
#define SSH_DECRYPTION_SUPPORTED
|
||||
#endif
|
||||
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
typedef struct {
|
||||
guint8 *data;
|
||||
guint length;
|
||||
|
@ -114,7 +109,6 @@ typedef struct {
|
|||
gboolean from_server;
|
||||
ssh_message_info_t * messages;
|
||||
} ssh_packet_info_t;
|
||||
#endif
|
||||
|
||||
typedef struct _ssh_channel_info_t {
|
||||
guint client_channel_number;
|
||||
|
@ -152,12 +146,10 @@ struct ssh_peer_data {
|
|||
|
||||
gint length_is_plaintext;
|
||||
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
// see libgcrypt source, gcrypt.h:gcry_cipher_algos
|
||||
guint cipher_id;
|
||||
// chacha20 needs two cipher handles
|
||||
gcry_cipher_hd_t cipher, cipher_2;
|
||||
#endif
|
||||
guint sequence_number;
|
||||
guint32 seq_num_kex_init;
|
||||
// union ??? -- begin
|
||||
|
@ -173,9 +165,7 @@ struct ssh_peer_data {
|
|||
guint32 seq_num_dh_rep;
|
||||
// union ??? -- end
|
||||
guint32 seq_num_new_key;
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
ssh_bignum *bn_cookie;
|
||||
#endif
|
||||
struct ssh_flow_data * global_data;
|
||||
};
|
||||
|
||||
|
@ -192,7 +182,6 @@ struct ssh_flow_data {
|
|||
#define SERVER_PEER_DATA 1
|
||||
struct ssh_peer_data peer_data[2];
|
||||
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
gchar *session_id;
|
||||
guint session_id_length;
|
||||
ssh_bignum *kex_e;
|
||||
|
@ -206,13 +195,10 @@ struct ssh_flow_data {
|
|||
wmem_array_t *kex_shared_secret;
|
||||
gboolean do_decrypt;
|
||||
ssh_bignum new_keys[6];
|
||||
#endif
|
||||
ssh_channel_info_t *channel_info;
|
||||
};
|
||||
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
static GHashTable * ssh_master_key_map = NULL;
|
||||
#endif
|
||||
|
||||
static int proto_ssh = -1;
|
||||
|
||||
|
@ -391,12 +377,10 @@ static gboolean ssh_desegment = TRUE;
|
|||
static dissector_handle_t ssh_handle;
|
||||
static dissector_handle_t sftp_handle=NULL;
|
||||
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
static const char *pref_keylog_file;
|
||||
static FILE *ssh_keylog_file;
|
||||
|
||||
#define SSH_DECRYPT_DEBUG
|
||||
#endif
|
||||
|
||||
#ifdef SSH_DECRYPT_DEBUG
|
||||
static const gchar *ssh_debug_file_name = NULL;
|
||||
|
@ -569,7 +553,6 @@ static void ssh_choose_algo(gchar *client, gchar *server, gchar **result);
|
|||
static void ssh_set_mac_length(struct ssh_peer_data *peer_data);
|
||||
static void ssh_set_kex_specific_dissector(struct ssh_flow_data *global_data);
|
||||
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
static void ssh_keylog_read_file(void);
|
||||
static void ssh_keylog_process_line(const char *line);
|
||||
static void ssh_keylog_process_lines(const guint8 *data, guint datalen);
|
||||
|
@ -629,8 +612,6 @@ static void set_subdissector_for_channel(struct ssh_peer_data *peer_data, guint
|
|||
|
||||
#define SSH_DEBUG_USE_STDERR "-"
|
||||
|
||||
#endif /* SSH_DECRYPTION_SUPPORTED */
|
||||
|
||||
#ifdef SSH_DECRYPT_DEBUG
|
||||
static void
|
||||
ssh_debug_printf(const gchar* fmt,...) G_GNUC_PRINTF(1,2);
|
||||
|
@ -680,7 +661,6 @@ dissect_ssh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|||
global_data->kex_specific_dissector = ssh_dissect_kex_dh;
|
||||
global_data->peer_data[CLIENT_PEER_DATA].mac_length = -1;
|
||||
global_data->peer_data[SERVER_PEER_DATA].mac_length = -1;
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
global_data->peer_data[CLIENT_PEER_DATA].sequence_number = 0;
|
||||
global_data->peer_data[SERVER_PEER_DATA].sequence_number = 0;
|
||||
global_data->peer_data[CLIENT_PEER_DATA].seq_num_kex_init = 0;
|
||||
|
@ -715,7 +695,6 @@ dissect_ssh(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|||
global_data->kex_server_host_key_blob = wmem_array_new(wmem_file_scope(), 1);
|
||||
global_data->kex_shared_secret = wmem_array_new(wmem_file_scope(), 1);
|
||||
global_data->do_decrypt = TRUE;
|
||||
#endif
|
||||
|
||||
conversation_add_proto_data(conversation, proto_ssh, global_data);
|
||||
}
|
||||
|
@ -854,13 +833,11 @@ ssh_dissect_ssh2(tvbuff_t *tvb, packet_info *pinfo,
|
|||
offset, ssh2_tree, is_response,
|
||||
need_desegmentation);
|
||||
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
if (!*need_desegmentation) {
|
||||
ssh_increment_message_number(pinfo, global_data, is_response);
|
||||
}else{
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
if(!*need_desegmentation){
|
||||
offset = ssh_try_dissect_encrypted_packet(tvb, pinfo,
|
||||
|
@ -1041,13 +1018,8 @@ ssh_tree_add_hostkey(tvbuff_t *tvb, int offset, proto_tree *parent_tree,
|
|||
proto_tree_add_uint(tree, hf_ssh_hostkey_length, tvb, last_offset, 4, key_len);
|
||||
|
||||
// server host key (K_S / Q)
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
gchar *data = (gchar *)tvb_memdup(wmem_packet_scope(), tvb, last_offset + 4, key_len);
|
||||
ssh_hash_buffer_put_string(global_data->kex_server_host_key_blob, data, key_len);
|
||||
#else
|
||||
// ignore unused parameter complaint
|
||||
(void)global_data;
|
||||
#endif
|
||||
|
||||
last_offset += 4;
|
||||
proto_tree_add_uint(tree, hf_ssh_hostkey_type_length, tvb, last_offset, 4, type_len);
|
||||
|
@ -1239,13 +1211,11 @@ ssh_dissect_key_exchange(tvbuff_t *tvb, packet_info *pinfo,
|
|||
if ((peer_data->frame_key_start == 0) || (peer_data->frame_key_start == pinfo->num)) {
|
||||
if (!PINFO_FD_VISITED(pinfo)) {
|
||||
peer_data->frame_key_start = pinfo->num;
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
if(global_data->peer_data[is_response].seq_num_kex_init == 0){
|
||||
global_data->peer_data[is_response].seq_num_kex_init = global_data->peer_data[is_response].sequence_number;
|
||||
global_data->peer_data[is_response].sequence_number++;
|
||||
ssh_debug_printf("%s->sequence_number{SSH_MSG_KEXINIT=%d}++ > %d\n", is_response?"server":"client", global_data->peer_data[is_response].seq_num_kex_init, global_data->peer_data[is_response].sequence_number);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
}
|
||||
seq_num = global_data->peer_data[is_response].seq_num_kex_init;
|
||||
|
@ -1258,13 +1228,11 @@ ssh_dissect_key_exchange(tvbuff_t *tvb, packet_info *pinfo,
|
|||
global_data->peer_data[SERVER_PEER_DATA].enc_proposals[is_response],
|
||||
&peer_data->enc);
|
||||
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
if(global_data->peer_data[is_response].seq_num_new_key == 0){
|
||||
global_data->peer_data[is_response].seq_num_new_key = global_data->peer_data[is_response].sequence_number;
|
||||
global_data->peer_data[is_response].sequence_number++;
|
||||
ssh_debug_printf("%s->sequence_number{SSH_MSG_NEWKEYS=%d}++ > %d\n", is_response?"server":"client", global_data->peer_data[is_response].seq_num_new_key, global_data->peer_data[is_response].sequence_number);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* some ciphers have their own MAC so the "negotiated" one is meaningless */
|
||||
if(peer_data->enc && (0 == strcmp(peer_data->enc, "aes128-gcm@openssh.com") ||
|
||||
|
@ -1289,7 +1257,6 @@ ssh_dissect_key_exchange(tvbuff_t *tvb, packet_info *pinfo,
|
|||
&peer_data->comp);
|
||||
|
||||
// the client sent SSH_MSG_NEWKEYS
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
if (!is_response) {
|
||||
ssh_decryption_set_cipher_id(&global_data->peer_data[CLIENT_PEER_DATA]);
|
||||
ssh_debug_printf("Activating new keys for CLIENT => SERVER\n");
|
||||
|
@ -1299,7 +1266,6 @@ ssh_dissect_key_exchange(tvbuff_t *tvb, packet_info *pinfo,
|
|||
ssh_debug_printf("Activating new keys for SERVER => CLIENT\n");
|
||||
ssh_decryption_setup_cipher(&global_data->peer_data[SERVER_PEER_DATA], &global_data->new_keys[1], &global_data->new_keys[3]);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
seq_num = global_data->peer_data[is_response].seq_num_new_key;
|
||||
|
||||
|
@ -1334,13 +1300,11 @@ static int ssh_dissect_kex_dh(guint8 msg_code, tvbuff_t *tvb,
|
|||
|
||||
switch (msg_code) {
|
||||
case SSH_MSG_KEXDH_INIT:
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
// e (client ephemeral key public part)
|
||||
if (!ssh_read_e(tvb, offset, global_data)) {
|
||||
proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
|
||||
"Invalid key length: %u", tvb_get_ntohl(tvb, offset));
|
||||
}
|
||||
#endif
|
||||
|
||||
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_e);
|
||||
if(global_data->peer_data[CLIENT_PEER_DATA].seq_num_dh_ini == 0){
|
||||
|
@ -1355,14 +1319,12 @@ static int ssh_dissect_kex_dh(guint8 msg_code, tvbuff_t *tvb,
|
|||
offset += ssh_tree_add_hostkey(tvb, offset, tree, "KEX host key",
|
||||
ett_key_exchange_host_key, global_data);
|
||||
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
// f (server ephemeral key public part), K_S (host key)
|
||||
if (!ssh_read_f(tvb, offset, global_data)) {
|
||||
proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
|
||||
"Invalid key length: %u", tvb_get_ntohl(tvb, offset));
|
||||
}
|
||||
ssh_keylog_hash_write_secret(global_data);
|
||||
#endif
|
||||
|
||||
offset += ssh_tree_add_mpint(tvb, offset, tree, hf_ssh_dh_f);
|
||||
offset += ssh_tree_add_hostsignature(tvb, pinfo, offset, tree, "KEX host signature",
|
||||
|
@ -1464,7 +1426,6 @@ ssh_dissect_kex_ecdh(guint8 msg_code, tvbuff_t *tvb,
|
|||
|
||||
switch (msg_code) {
|
||||
case SSH_MSG_KEX_ECDH_INIT:
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
if (!ssh_read_e(tvb, offset, global_data)) {
|
||||
proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
|
||||
"Invalid key length: %u", tvb_get_ntohl(tvb, offset));
|
||||
|
@ -1478,10 +1439,6 @@ ssh_dissect_kex_ecdh(guint8 msg_code, tvbuff_t *tvb,
|
|||
}
|
||||
}
|
||||
*seq_num = global_data->peer_data[CLIENT_PEER_DATA].seq_num_ecdh_ini;
|
||||
#else
|
||||
// ignore unused parameter complaint
|
||||
(void)seq_num;
|
||||
#endif
|
||||
|
||||
offset += ssh_tree_add_string(tvb, offset, tree, hf_ssh_ecdh_q_c, hf_ssh_ecdh_q_c_length);
|
||||
break;
|
||||
|
@ -1490,7 +1447,6 @@ ssh_dissect_kex_ecdh(guint8 msg_code, tvbuff_t *tvb,
|
|||
offset += ssh_tree_add_hostkey(tvb, offset, tree, "KEX host key",
|
||||
ett_key_exchange_host_key, global_data);
|
||||
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
if (!ssh_read_f(tvb, offset, global_data)){
|
||||
proto_tree_add_expert_format(tree, pinfo, &ei_ssh_invalid_keylen, tvb, offset, 2,
|
||||
"Invalid key length: %u", tvb_get_ntohl(tvb, offset));
|
||||
|
@ -1503,7 +1459,6 @@ ssh_dissect_kex_ecdh(guint8 msg_code, tvbuff_t *tvb,
|
|||
ssh_debug_printf("%s->sequence_number{SSH_MSG_KEX_ECDH_REPLY=%d}++ > %d\n", SERVER_PEER_DATA?"server":"client", global_data->peer_data[SERVER_PEER_DATA].seq_num_ecdh_rep, global_data->peer_data[SERVER_PEER_DATA].sequence_number);
|
||||
}
|
||||
*seq_num = global_data->peer_data[SERVER_PEER_DATA].seq_num_ecdh_rep;
|
||||
#endif
|
||||
|
||||
offset += ssh_tree_add_string(tvb, offset, tree, hf_ssh_ecdh_q_s, hf_ssh_ecdh_q_s_length);
|
||||
offset += ssh_tree_add_hostsignature(tvb, pinfo, offset, tree, "KEX host signature",
|
||||
|
@ -1518,13 +1473,11 @@ static int
|
|||
ssh_try_dissect_encrypted_packet(tvbuff_t *tvb, packet_info *pinfo,
|
||||
struct ssh_peer_data *peer_data, int offset, proto_tree *tree)
|
||||
{
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
gboolean can_decrypt = peer_data->cipher != NULL;
|
||||
|
||||
if (can_decrypt) {
|
||||
return ssh_decrypt_packet(tvb, pinfo, peer_data, offset, tree);
|
||||
}
|
||||
#endif
|
||||
|
||||
return ssh_dissect_encrypted_packet(tvb, pinfo, peer_data, offset, tree);
|
||||
}
|
||||
|
@ -1634,7 +1587,6 @@ ssh_dissect_protocol(tvbuff_t *tvb, packet_info *pinfo,
|
|||
|
||||
// V_C / V_S (client and server identification strings) RFC4253 4.2
|
||||
// format: SSH-protoversion-softwareversion SP comments [CR LF not incl.]
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
if (!PINFO_FD_VISITED(pinfo)) {
|
||||
gchar *data = (gchar *)tvb_memdup(wmem_packet_scope(), tvb, offset, protolen);
|
||||
if(!is_response){
|
||||
|
@ -1643,7 +1595,6 @@ ssh_dissect_protocol(tvbuff_t *tvb, packet_info *pinfo,
|
|||
ssh_hash_buffer_put_string(global_data->kex_server_version, data, protolen);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
proto_tree_add_item(tree, hf_ssh_protocol,
|
||||
tvb, offset, protolen, ENC_ASCII);
|
||||
|
@ -1760,11 +1711,7 @@ ssh_choose_algo(gchar *client, gchar *server, gchar **result)
|
|||
}
|
||||
|
||||
static int
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
ssh_dissect_key_init(tvbuff_t *tvb, packet_info *pinfo, int offset,
|
||||
#else
|
||||
ssh_dissect_key_init(tvbuff_t *tvb, packet_info *pinfo _U_, int offset,
|
||||
#endif
|
||||
proto_tree *tree, int is_response, struct ssh_flow_data *global_data)
|
||||
{
|
||||
int start_offset = offset;
|
||||
|
@ -1778,11 +1725,9 @@ ssh_dissect_key_init(tvbuff_t *tvb, packet_info *pinfo _U_, int offset,
|
|||
struct ssh_peer_data *peer_data = &global_data->peer_data[is_response];
|
||||
|
||||
key_init_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_key_init, &tf, "Algorithms");
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
if (!PINFO_FD_VISITED(pinfo)) {
|
||||
peer_data->bn_cookie = ssh_kex_make_bignum(tvb_get_ptr(tvb, offset, 16), 16);
|
||||
}
|
||||
#endif
|
||||
proto_tree_add_item(key_init_tree, hf_ssh_cookie,
|
||||
tvb, offset, 16, ENC_NA);
|
||||
offset += 16;
|
||||
|
@ -1871,7 +1816,6 @@ ssh_dissect_key_init(tvbuff_t *tvb, packet_info *pinfo _U_, int offset,
|
|||
proto_item_set_len(tf, payload_length);
|
||||
}
|
||||
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
// I_C / I_S (client and server SSH_MSG_KEXINIT payload) RFC4253 4.2
|
||||
if (!PINFO_FD_VISITED(pinfo)) {
|
||||
gchar *data = (gchar *)wmem_alloc(wmem_packet_scope(), payload_length + 1);
|
||||
|
@ -1883,7 +1827,6 @@ ssh_dissect_key_init(tvbuff_t *tvb, packet_info *pinfo _U_, int offset,
|
|||
ssh_hash_buffer_put_string(global_data->kex_client_key_exchange_init, data, payload_length + 1);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
@ -1905,7 +1848,6 @@ ssh_dissect_proposal(tvbuff_t *tvb, int offset, proto_tree *tree,
|
|||
return offset;
|
||||
}
|
||||
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
static void
|
||||
ssh_keylog_read_file(void)
|
||||
{
|
||||
|
@ -3346,8 +3288,6 @@ ssh_hash (gconstpointer v)
|
|||
}
|
||||
/* Functions for SSH random hashtables. }}} */
|
||||
|
||||
#endif /* SSH_DECRYPTION_SUPPORTED */
|
||||
|
||||
void
|
||||
proto_register_ssh(void)
|
||||
{
|
||||
|
@ -4062,7 +4002,6 @@ proto_register_ssh(void)
|
|||
"To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
|
||||
&ssh_desegment);
|
||||
|
||||
#ifdef SSH_DECRYPTION_SUPPORTED
|
||||
ssh_master_key_map = g_hash_table_new(ssh_hash, ssh_equal);
|
||||
prefs_register_filename_preference(ssh_module, "keylog_file", "Key log filename",
|
||||
"The path to the file which contains a list of key exchange secrets in the following format:\n"
|
||||
|
@ -4075,7 +4014,6 @@ proto_register_ssh(void)
|
|||
&ssh_debug_file_name, TRUE);
|
||||
|
||||
secrets_register_type(SECRETS_TYPE_SSH, ssh_secrets_block_callback);
|
||||
#endif
|
||||
|
||||
ssh_handle = register_dissector("ssh", dissect_ssh, proto_ssh);
|
||||
}
|
||||
|
|
|
@ -3920,7 +3920,6 @@ tls_get_alpn(packet_info *pinfo)
|
|||
}
|
||||
|
||||
/* TLS Exporters {{{ */
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
/**
|
||||
* Computes the TLS 1.3 Exporter value (RFC 8446 Section 7.5).
|
||||
*
|
||||
|
@ -4009,7 +4008,6 @@ tls13_exporter(packet_info *pinfo, gboolean is_early,
|
|||
|
||||
return tls13_exporter_common(hash_algo, secret, label, context, context_length, key_length, out);
|
||||
}
|
||||
#endif
|
||||
/* }}} */
|
||||
|
||||
|
||||
|
|
|
@ -33,11 +33,6 @@
|
|||
#include <epan/secrets.h>
|
||||
#include <wiretap/secrets-types.h>
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010800 /* 1.8.0 */
|
||||
/* Decryption requires Curve25519, ChaCha20-Poly1305 (1.7) and Blake2s (1.8). */
|
||||
#define WG_DECRYPTION_SUPPORTED
|
||||
#endif
|
||||
|
||||
void proto_reg_handoff_wg(void);
|
||||
void proto_register_wg(void);
|
||||
|
||||
|
@ -78,12 +73,10 @@ static expert_field ei_wg_bad_packet_length = EI_INIT;
|
|||
static expert_field ei_wg_keepalive = EI_INIT;
|
||||
static expert_field ei_wg_decryption_error = EI_INIT;
|
||||
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
static gboolean pref_dissect_packet = TRUE;
|
||||
static const char *pref_keylog_file;
|
||||
|
||||
static dissector_handle_t ip_handle;
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
static dissector_handle_t wg_handle;
|
||||
|
||||
|
||||
|
@ -105,7 +98,6 @@ static const value_string wg_type_names[] = {
|
|||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
/* Decryption types. {{{ */
|
||||
/*
|
||||
* Most operations operate on 32 byte units (keys and hash output).
|
||||
|
@ -237,7 +229,6 @@ static wg_qqword hash_of_construction;
|
|||
/** Hash(Hash(CONSTRUCTION) || IDENTIFIER), initialized by wg_decrypt_init. */
|
||||
static wg_qqword hash_of_c_identifier;
|
||||
/* Decryption types. }}} */
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
|
||||
/*
|
||||
* Information required to process and link messages as required on the first
|
||||
|
@ -263,9 +254,7 @@ typedef struct {
|
|||
guint32 initiator_frame;
|
||||
guint32 response_frame; /* Responder or Cookie Reply message. */
|
||||
wg_initial_info_t initial; /* Valid only on the first pass. */
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
wg_handshake_state_t *hs; /* Handshake state to enable decryption. */
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
} wg_session_t;
|
||||
|
||||
/* Per-packet state. */
|
||||
|
@ -279,7 +268,6 @@ static wmem_map_t *sessions;
|
|||
static guint32 wg_session_count;
|
||||
|
||||
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
/* Key conversion routines. {{{ */
|
||||
/* Import external random data as private key. */
|
||||
static void
|
||||
|
@ -1018,7 +1006,6 @@ wg_process_response(tvbuff_t *tvb, wg_handshake_state_t *hs)
|
|||
hs->initiator_recv_cipher = wg_create_cipher(&transport_keys[1]);
|
||||
hs->responder_recv_cipher = wg_create_cipher(&transport_keys[0]);
|
||||
}
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
|
||||
|
||||
static void
|
||||
|
@ -1129,7 +1116,6 @@ wg_sessions_lookup(packet_info *pinfo, guint32 receiver_id, gboolean *receiver_i
|
|||
return NULL;
|
||||
}
|
||||
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
/*
|
||||
* Finds the static public key for the receiver of this message based on the
|
||||
* MAC1 value.
|
||||
|
@ -1248,7 +1234,6 @@ wg_dissect_key_extra(proto_tree *tree, tvbuff_t *tvb, const wg_qqword *pubkey, g
|
|||
ti = proto_tree_add_boolean(tree, hf_known_privkey, tvb, 0, 0, has_private);
|
||||
proto_item_set_generated(ti);
|
||||
}
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
|
||||
|
||||
static void
|
||||
|
@ -1260,16 +1245,11 @@ wg_dissect_pubkey(proto_tree *tree, tvbuff_t *tvb, int offset, gboolean is_ephem
|
|||
g_free(str);
|
||||
|
||||
int hf_id = is_ephemeral ? hf_wg_ephemeral : hf_wg_static;
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
proto_item *ti = proto_tree_add_string(tree, hf_id, tvb, offset, 32, key_str);
|
||||
proto_tree *key_tree = proto_item_add_subtree(ti, ett_key_info);
|
||||
wg_dissect_key_extra(key_tree, tvb, (const wg_qqword *)pubkey, is_ephemeral);
|
||||
#else
|
||||
proto_tree_add_string(tree, hf_id, tvb, offset, 32, key_str);
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
static void
|
||||
wg_dissect_decrypted_static(tvbuff_t *tvb, packet_info *pinfo, proto_tree *wg_tree, wg_handshake_state_t *hs)
|
||||
{
|
||||
|
@ -1358,7 +1338,6 @@ wg_dissect_mac1_pubkey(proto_tree *tree, tvbuff_t *tvb, const wg_skey_t *skey)
|
|||
ti = proto_tree_add_boolean(key_tree, hf_wg_receiver_pubkey_known_privkey, tvb, 0, 0, !!has_private_key(&skey->priv_key));
|
||||
proto_item_set_generated(ti);
|
||||
}
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
|
||||
static int
|
||||
wg_dissect_handshake_initiation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *wg_tree, wg_packet_info_t *wg_pinfo)
|
||||
|
@ -1366,7 +1345,6 @@ wg_dissect_handshake_initiation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *w
|
|||
guint32 sender_id;
|
||||
proto_item *ti;
|
||||
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
wg_keylog_read();
|
||||
const wg_skey_t *skey_r = wg_mac1_key_probe(tvb, TRUE);
|
||||
wg_handshake_state_t *hs = NULL;
|
||||
|
@ -1381,23 +1359,16 @@ wg_dissect_handshake_initiation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *w
|
|||
} else if (wg_pinfo && wg_pinfo->session) {
|
||||
hs = wg_pinfo->session->hs;
|
||||
}
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
|
||||
proto_tree_add_item_ret_uint(wg_tree, hf_wg_sender, tvb, 4, 4, ENC_LITTLE_ENDIAN, &sender_id);
|
||||
col_append_fstr(pinfo->cinfo, COL_INFO, ", sender=0x%08X", sender_id);
|
||||
wg_dissect_pubkey(wg_tree, tvb, 8, TRUE);
|
||||
proto_tree_add_item(wg_tree, hf_wg_encrypted_static, tvb, 40, 32 + AUTH_TAG_LENGTH, ENC_NA);
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
wg_dissect_decrypted_static(tvb, pinfo, wg_tree, hs);
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
proto_tree_add_item(wg_tree, hf_wg_encrypted_timestamp, tvb, 88, 12 + AUTH_TAG_LENGTH, ENC_NA);
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
wg_dissect_decrypted_timestamp(tvb, pinfo, wg_tree, hs);
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
proto_tree_add_item(wg_tree, hf_wg_mac1, tvb, 116, 16, ENC_NA);
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
wg_dissect_mac1_pubkey(wg_tree, tvb, skey_r);
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
proto_tree_add_item(wg_tree, hf_wg_mac2, tvb, 132, 16, ENC_NA);
|
||||
|
||||
if (!PINFO_FD_VISITED(pinfo)) {
|
||||
|
@ -1406,9 +1377,7 @@ wg_dissect_handshake_initiation(tvbuff_t *tvb, packet_info *pinfo, proto_tree *w
|
|||
wg_session_t *session = wg_session_new();
|
||||
session->initiator_frame = pinfo->num;
|
||||
wg_session_update_address(session, pinfo, TRUE);
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
session->hs = hs;
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
wg_sessions_insert(sender_id, session);
|
||||
wg_pinfo->session = session;
|
||||
}
|
||||
|
@ -1432,10 +1401,8 @@ wg_dissect_handshake_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *wg_
|
|||
proto_item *ti;
|
||||
wg_session_t *session;
|
||||
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
wg_keylog_read();
|
||||
const wg_skey_t *skey_i = wg_mac1_key_probe(tvb, FALSE);
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
|
||||
proto_tree_add_item_ret_uint(wg_tree, hf_wg_sender, tvb, 4, 4, ENC_LITTLE_ENDIAN, &sender_id);
|
||||
col_append_fstr(pinfo->cinfo, COL_INFO, ", sender=0x%08X", sender_id);
|
||||
|
@ -1444,28 +1411,22 @@ wg_dissect_handshake_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *wg_
|
|||
|
||||
if (!PINFO_FD_VISITED(pinfo)) {
|
||||
session = wg_sessions_lookup_initiation(pinfo, receiver_id);
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
if (session && session->hs) {
|
||||
wg_prepare_handshake_responder_keys(session->hs, tvb);
|
||||
wg_process_response(tvb, session->hs);
|
||||
}
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
} else {
|
||||
session = wg_pinfo ? wg_pinfo->session : NULL;
|
||||
}
|
||||
|
||||
wg_dissect_pubkey(wg_tree, tvb, 12, TRUE);
|
||||
proto_tree_add_item(wg_tree, hf_wg_encrypted_empty, tvb, 44, 16, ENC_NA);
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
if (session && session->hs) {
|
||||
ti = proto_tree_add_boolean(wg_tree, hf_wg_handshake_ok, tvb, 0, 0, !!session->hs->empty_ok);
|
||||
proto_item_set_generated(ti);
|
||||
}
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
proto_tree_add_item(wg_tree, hf_wg_mac1, tvb, 60, 16, ENC_NA);
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
wg_dissect_mac1_pubkey(wg_tree, tvb, skey_i);
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
proto_tree_add_item(wg_tree, hf_wg_mac2, tvb, 76, 16, ENC_NA);
|
||||
|
||||
if (!PINFO_FD_VISITED(pinfo)) {
|
||||
|
@ -1566,11 +1527,9 @@ wg_dissect_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *wg_tree, wg_packe
|
|||
proto_item_set_generated(ti);
|
||||
}
|
||||
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
if (session && session->hs) {
|
||||
wg_dissect_decrypted_packet(tvb, pinfo, wg_tree, wg_pinfo, counter, packet_length - AUTH_TAG_LENGTH);
|
||||
}
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
|
||||
return 16 + packet_length;
|
||||
}
|
||||
|
@ -1712,9 +1671,7 @@ wg_init(void)
|
|||
void
|
||||
proto_register_wg(void)
|
||||
{
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
module_t *wg_module;
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
expert_module_t *expert_wg;
|
||||
|
||||
static hf_register_info hf[] = {
|
||||
|
@ -1888,14 +1845,12 @@ proto_register_wg(void)
|
|||
},
|
||||
};
|
||||
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
/* UAT for header fields */
|
||||
static uat_field_t wg_key_uat_fields[] = {
|
||||
UAT_FLD_VS(wg_key_uat, key_type, "Key type", wg_key_uat_type_vals, "Public or Private"),
|
||||
UAT_FLD_CSTRING(wg_key_uat, key, "Key", "Base64-encoded key"),
|
||||
UAT_END_FIELDS
|
||||
};
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
|
||||
proto_wg = proto_register_protocol("WireGuard Protocol", "WireGuard", "wg");
|
||||
|
||||
|
@ -1907,7 +1862,6 @@ proto_register_wg(void)
|
|||
|
||||
wg_handle = register_dissector("wg", dissect_wg, proto_wg);
|
||||
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
wg_module = prefs_register_protocol(proto_wg, NULL);
|
||||
|
||||
uat_t *wg_keys_uat = uat_new("WireGuard static keys",
|
||||
|
@ -1949,12 +1903,9 @@ proto_register_wg(void)
|
|||
secrets_register_type(SECRETS_TYPE_WIREGUARD, wg_keylog_process_lines);
|
||||
|
||||
wg_ephemeral_keys = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), g_int_hash, wg_pubkey_equal);
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
|
||||
register_init_routine(wg_init);
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
register_cleanup_routine(wg_keylog_reset);
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
sessions = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), g_direct_hash, g_direct_equal);
|
||||
}
|
||||
|
||||
|
@ -1964,9 +1915,7 @@ proto_reg_handoff_wg(void)
|
|||
dissector_add_uint_with_preference("udp.port", 0, wg_handle);
|
||||
heur_dissector_add("udp", dissect_wg_heur, "WireGuard", "wg", proto_wg, HEURISTIC_ENABLE);
|
||||
|
||||
#ifdef WG_DECRYPTION_SUPPORTED
|
||||
ip_handle = find_dissector("ip");
|
||||
#endif /* WG_DECRYPTION_SUPPORTED */
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -13,11 +13,6 @@
|
|||
#include "curve25519.h"
|
||||
#include "ws_attributes.h"
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010700 /* 1.7.0 */
|
||||
#define HAVE_X25519
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_X25519
|
||||
static inline void
|
||||
copy_and_reverse(unsigned char *dest, const unsigned char *src, size_t n)
|
||||
{
|
||||
|
@ -105,17 +100,3 @@ crypto_scalarmult_curve25519_base(unsigned char *q, const unsigned char *n)
|
|||
gcry_mpi_release(mpi_basepoint_x);
|
||||
return r;
|
||||
}
|
||||
#else
|
||||
int
|
||||
crypto_scalarmult_curve25519(unsigned char *q _U_, const unsigned char *n _U_,
|
||||
const unsigned char *p _U_)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
int
|
||||
crypto_scalarmult_curve25519_base(unsigned char *q _U_, const unsigned char *n _U_)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
#endif /* HAVE_X25519 */
|
||||
|
|
|
@ -10,10 +10,6 @@
|
|||
* SPDX-License-Identifier: GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
/*
|
||||
* Callers MUST check GCRYPT_VERSION_NUMBER >= 0x010700 before using this API.
|
||||
*/
|
||||
|
||||
#ifndef __CURVE25519_H__
|
||||
#define __CURVE25519_H__
|
||||
|
||||
|
|
|
@ -30,7 +30,6 @@ gcry_error_t ws_hmac_buffer(int algo, void *digest, const void *buffer, size_t l
|
|||
return GPG_ERR_NO_ERROR;
|
||||
}
|
||||
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600
|
||||
gcry_error_t ws_cmac_buffer(int algo, void *digest, const void *buffer, size_t length, const void *key, size_t keylen)
|
||||
{
|
||||
gcry_mac_hd_t cmac_handle;
|
||||
|
@ -48,12 +47,6 @@ gcry_error_t ws_cmac_buffer(int algo, void *digest, const void *buffer, size_t l
|
|||
gcry_mac_close(cmac_handle);
|
||||
return result;
|
||||
}
|
||||
#else
|
||||
gcry_error_t ws_cmac_buffer(int algo _U_, void *digest _U_, const void *buffer _U_, size_t length _U_, const void *key _U_, size_t keylen _U_)
|
||||
{
|
||||
return GPG_ERR_UNSUPPORTED_ALGORITHM;
|
||||
}
|
||||
#endif
|
||||
|
||||
void crypt_des_ecb(guint8 *output, const guint8 *buffer, const guint8 *key56)
|
||||
{
|
||||
|
|
|
@ -27,20 +27,16 @@ DIAG_ON(deprecated-declarations)
|
|||
* Define HAVE_LIBGCRYPT_AEAD here, because it's used in several source
|
||||
* files.
|
||||
*/
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||
/* Whether to provide support for authentication in addition to decryption. */
|
||||
#define HAVE_LIBGCRYPT_AEAD
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Define some other "do we have?" items as well.
|
||||
*/
|
||||
#if GCRYPT_VERSION_NUMBER >= 0x010700 /* 1.7.0 */
|
||||
/* Whether ChaCh20 PNE can be supported. */
|
||||
#define HAVE_LIBGCRYPT_CHACHA20
|
||||
/* Whether AEAD_CHACHA20_POLY1305 can be supported. */
|
||||
#define HAVE_LIBGCRYPT_CHACHA20_POLY1305
|
||||
#endif
|
||||
|
||||
#define HASH_MD5_LENGTH 16
|
||||
#define HASH_SHA1_LENGTH 20
|
||||
|
|
Loading…
Reference in New Issue