osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Move sha1.[ch] to epan/crypt/crypt-sha1.[ch]. Remove duplicate code. 

svn path=/trunk/; revision=20399
This commit is contained in:
Gerald Combs 2007-01-12 00:33:32 +00:00
parent dd5a89ec49
commit f67fdf4865
14 changed files with 375 additions and 804 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
asn1/cms/packet-cms-template.c
View File

@ -40,7 +40,7 @@
#include "packet-x509af.h"
#include "packet-x509if.h"
#include <epan/sha1.h>
#include <epan/crypt/crypt-sha1.h>
#include <epan/crypt/crypt-md5.h>
#define PNAME "Cryptographic Message Syntax"

192
asn1/snmp/packet-snmp-template.c
View File

@ -96,7 +96,7 @@
#include "packet-snmp.h"
#include "format-oid.h"
#include <epan/sha1.h>
#include <epan/crypt/crypt-sha1.h>
#include <epan/crypt/crypt-md5.h>
#include <epan/expert.h>
#include <epan/report_err.h>
@ -1067,14 +1067,14 @@ static void renew_ue_cache(void) {
localized_ues = NULL;
unlocalized_ues = NULL;
for(a = ue_assocs; a->user.userName.data; a++) {
if (a->engine.data) {
CACHE_INSERT(localized_ues,a);
} else {
CACHE_INSERT(unlocalized_ues,a);
}
}
}
}
@ -1083,10 +1083,10 @@ static void renew_ue_cache(void) {
static snmp_ue_assoc_t* localize_ue( snmp_ue_assoc_t* o, const guint8* engine, guint engine_len ) {
snmp_ue_assoc_t* n = se_memdup(o,sizeof(snmp_ue_assoc_t));
guint key_size = n->user.authModel->key_size;
n->engine.data = se_memdup(engine,engine_len);
n->engine.len = engine_len;
n->user.authKey.data = se_alloc(key_size);
n->user.authKey.len = key_size;
n->user.authModel->pass2key(n->user.authPassword.data,
@ -1122,22 +1122,22 @@ static snmp_ue_assoc_t* get_user_assoc(tvbuff_t* engine_tvb, tvbuff_t* user_tvb)
guint8* given_username;
guint given_engine_len;
guint8* given_engine;
if ( ! (localized_ues || unlocalized_ues ) ) return NULL;
if (! ( user_tvb && engine_tvb ) ) return NULL;
given_username_len = tvb_length_remaining(user_tvb,0);
given_username = ep_tvb_memdup(user_tvb,0,-1);
given_engine_len = tvb_length_remaining(engine_tvb,0);
given_engine = ep_tvb_memdup(engine_tvb,0,-1);
for (a = localized_ues; a; a = a->next) {
if ( localized_match(a, given_username, given_username_len, given_engine, given_engine_len) ) {
return a;
}
}
for (a = unlocalized_ues; a; a = a->next) {
if ( unlocalized_match(a, given_username, given_username_len) ) {
snmp_ue_assoc_t* n = localize_ue( a, given_engine, given_engine_len );
@ -1145,21 +1145,21 @@ static snmp_ue_assoc_t* get_user_assoc(tvbuff_t* engine_tvb, tvbuff_t* user_tvb)
return n;
}
}
return NULL;
}
static void destroy_ue_assocs(snmp_ue_assoc_t* assocs) {
if (assocs) {
snmp_ue_assoc_t* a;
for(a = assocs; a->user.userName.data; a++) {
g_free(a->user.userName.data);
if (a->user.authKey.data) g_free(a->user.authKey.data);
if (a->user.privKey.data) g_free(a->user.privKey.data);
if (a->engine.data) g_free(a->engine.data);
}
g_free(ue_assocs);
}
}
@ -1176,31 +1176,31 @@ gboolean snmp_usm_auth_md5(snmp_usm_params_t* p, guint8** calc_auth_p, guint* ca
guint start;
guint end;
guint i;
if (!p->auth_tvb) {
*error = "No Authenticator";
return FALSE;
return FALSE;
}
key = p->user_assoc->user.authKey.data;
key_len = p->user_assoc->user.authKey.len;
if (! key ) {
*error = "User has no authKey";
return FALSE;
}
auth_len = tvb_length_remaining(p->auth_tvb,0);
if (auth_len != 12) {
*error = "Authenticator length wrong";
return FALSE;
}
msg_len = tvb_length_remaining(p->msg_tvb,0);
msg = ep_tvb_memdup(p->msg_tvb,0,msg_len);
auth = ep_tvb_memdup(p->auth_tvb,0,auth_len);
@ -1213,7 +1213,7 @@ gboolean snmp_usm_auth_md5(snmp_usm_params_t* p, guint8** calc_auth_p, guint* ca
}
md5_hmac(msg, msg_len, key, key_len, calc_auth);
if (calc_auth_p) *calc_auth_p = calc_auth;
if (calc_auth_len_p) *calc_auth_len_p = 12;
@ -1232,47 +1232,47 @@ gboolean snmp_usm_auth_sha1(snmp_usm_params_t* p _U_, guint8** calc_auth_p, guin
guint start;
guint end;
guint i;
if (!p->auth_tvb) {
*error = "No Authenticator";
return FALSE;
return FALSE;
}
key = p->user_assoc->user.authKey.data;
key_len = p->user_assoc->user.authKey.len;
if (! key ) {
*error = "User has no authKey";
return FALSE;
}
auth_len = tvb_length_remaining(p->auth_tvb,0);
if (auth_len != 12) {
*error = "Authenticator length wrong";
return FALSE;
}
msg_len = tvb_length_remaining(p->msg_tvb,0);
msg = ep_tvb_memdup(p->msg_tvb,0,msg_len);
auth = ep_tvb_memdup(p->auth_tvb,0,auth_len);
start = p->auth_offset - p->start_offset;
end = start + auth_len;
/* fill the authenticator with zeros */
for ( i = start ; i < end ; i++ ) {
msg[i] = '\0';
}
sha1_hmac(key, key_len, msg, msg_len, calc_auth);
if (calc_auth_p) *calc_auth_p = calc_auth;
if (calc_auth_len_p) *calc_auth_len_p = 12;
return ( memcmp(auth,calc_auth,12) != 0 ) ? FALSE : TRUE;
}
@ -1280,7 +1280,7 @@ tvbuff_t* snmp_usm_priv_des(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U
#ifdef HAVE_LIBGCRYPT
gcry_error_t err;
gcry_cipher_hd_t hd = NULL;
guint8* cleartext;
guint8* des_key = p->user_assoc->user.privKey.data; /* first 8 bytes */
guint8* pre_iv = &(p->user_assoc->user.privKey.data[8]); /* last 8 bytes */
@ -1291,14 +1291,14 @@ tvbuff_t* snmp_usm_priv_des(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U
tvbuff_t* clear_tvb;
guint8 iv[8];
guint i;
salt_len = tvb_length_remaining(p->priv_tvb,0);
if (salt_len != 8) {
*error = "decryptionError: msgPrivacyParameters lenght != 8";
return NULL;
}
}
salt = ep_tvb_memdup(p->priv_tvb,0,salt_len);
@ -1315,29 +1315,29 @@ tvbuff_t* snmp_usm_priv_des(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U
*error = "decryptionError: the length of the encrypted data is not a mutiple of 8 octets";
return NULL;
}
cryptgrm = ep_tvb_memdup(encryptedData,0,-1);
cleartext = ep_alloc(cryptgrm_len);
err = gcry_cipher_open(&hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_setiv(hd, iv, 8);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_setkey(hd,des_key,8);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_decrypt(hd, cleartext, cryptgrm_len, cryptgrm, cryptgrm_len);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
gcry_cipher_close(hd);
clear_tvb = tvb_new_real_data(cleartext, cryptgrm_len, cryptgrm_len);
return clear_tvb;
on_gcry_error:
*error = (void*)gpg_strerror(err);
if (hd) gcry_cipher_close(hd);
@ -1352,7 +1352,7 @@ tvbuff_t* snmp_usm_priv_aes(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U
#ifdef HAVE_LIBGCRYPT
gcry_error_t err;
gcry_cipher_hd_t hd = NULL;
guint8* cleartext;
guint8* aes_key = p->user_assoc->user.privKey.data; /* first 16 bytes */
guint8 iv[16];
@ -1362,12 +1362,12 @@ tvbuff_t* snmp_usm_priv_aes(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U
tvbuff_t* clear_tvb;
priv_len = tvb_length_remaining(p->priv_tvb,0);
if (priv_len != 8) {
*error = "decryptionError: msgPrivacyParameters lenght != 8";
return NULL;
}
}
iv[0] = (p->boots & 0xff000000) >> 24;
iv[1] = (p->boots & 0x00ff0000) >> 16;
iv[2] = (p->boots & 0x0000ff00) >> 8;
@ -1377,30 +1377,30 @@ tvbuff_t* snmp_usm_priv_aes(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U
iv[6] = (p->time & 0x0000ff00) >> 8;
iv[7] = (p->time & 0x000000ff);
tvb_memcpy(p->priv_tvb,&(iv[8]),0,8);
cryptgrm_len = tvb_length_remaining(encryptedData,0);
cryptgrm = ep_tvb_memdup(encryptedData,0,-1);
cleartext = ep_alloc(cryptgrm_len);
err = gcry_cipher_open(&hd, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 0);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_setiv(hd, iv, 16);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_setkey(hd,aes_key,16);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_decrypt(hd, cleartext, cryptgrm_len, cryptgrm, cryptgrm_len);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
gcry_cipher_close(hd);
clear_tvb = tvb_new_real_data(cleartext, cryptgrm_len, cryptgrm_len);
return clear_tvb;
on_gcry_error:
*error = (void*)gpg_strerror(err);
if (hd) gcry_cipher_close(hd);
@ -1422,29 +1422,29 @@ gboolean check_ScopedPdu(tvbuff_t* tvb) {
offset = get_ber_identifier(tvb, 0, &class, &pc, &tag);
offset = get_ber_length(NULL, tvb, offset, NULL, NULL);
if ( ! (((class!=BER_CLASS_APP) && (class!=BER_CLASS_PRI) )
&& ( (!pc) || (class!=BER_CLASS_UNI) || (tag!=BER_UNI_TAG_ENUMERATED) )
)) return FALSE;
if((tvb_get_guint8(tvb, offset)==0)&&(tvb_get_guint8(tvb, offset+1)==0))
return TRUE;
hoffset = offset;
offset = get_ber_identifier(tvb, offset, &class, &pc, &tag);
offset = get_ber_length(NULL, tvb, offset, &len, NULL);
eoffset = offset + len;
if (eoffset <= hoffset) return FALSE;
if ((class!=BER_CLASS_APP)&&(class!=BER_CLASS_PRI))
if( (class!=BER_CLASS_UNI)
||((tag<BER_UNI_TAG_NumericString)&&(tag!=BER_UNI_TAG_OCTETSTRING)&&(tag!=BER_UNI_TAG_UTF8String)) )
return FALSE;
return TRUE;
}
#include "packet-snmp-fn.c"
@ -1481,7 +1481,7 @@ dissect_snmp_pdu(tvbuff_t *tvb, int offset, packet_info *pinfo,
usm_p.boots = 0;
usm_p.time = 0;
usm_p.authOK = FALSE;
/*
* This will throw an exception if we don't have any data left.
* That's what we want. (See "tcp_dissect_pdus()", which is
@ -1714,7 +1714,7 @@ dissect_smux(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
/*
MD5 Password to Key Algorithm
from RFC 3414 A.2.1
from RFC 3414 A.2.1
*/
void snmp_usm_password_to_key_md5(const guint8 *password,
guint passwordlen,
@ -1727,7 +1727,7 @@ void snmp_usm_password_to_key_md5(const guint8 *password,
guint32 count = 0, i;
guint8 key1[16];
md5_init(&MD); /* initialize MD5 */
/**********************************************/
/* Use while loop until we've done 1 Megabyte */
/**********************************************/
@ -1744,31 +1744,31 @@ void snmp_usm_password_to_key_md5(const guint8 *password,
count += 64;
}
md5_finish(&MD, key1); /* tell MD5 we're done */
/*****************************************************/
/* Now localize the key with the engineID and pass */
/* through MD5 to produce final key */
/* May want to ensure that engineLength <= 32, */
/* otherwise need to use a buffer larger than 64 */
/*****************************************************/
md5_init(&MD);
md5_append(&MD, key1, 16);
md5_append(&MD, engineID, engineLength);
md5_append(&MD, key1, 16);
md5_finish(&MD, key);
return;
}
/*
SHA1 Password to Key Algorithm COPIED from RFC 3414 A.2.2
*/
void snmp_usm_password_to_key_sha1(const guint8 *password,
void snmp_usm_password_to_key_sha1(const guint8 *password,
guint passwordlen,
const guint8 *engineID,
guint engineLength,
@ -1777,9 +1777,9 @@ void snmp_usm_password_to_key_sha1(const guint8 *password,
guint8 *cp, password_buf[72];
guint32 password_index = 0;
guint32 count = 0, i;
sha1_starts(&SH); /* initialize SHA */
/**********************************************/
/* Use while loop until we've done 1 Megabyte */
/**********************************************/
@ -1796,7 +1796,7 @@ void snmp_usm_password_to_key_sha1(const guint8 *password,
count += 64;
}
sha1_finish(&SH, key);
/*****************************************************/
/* Now localize the key with the engineID and pass */
/* through SHA to produce final key */
@ -1806,14 +1806,14 @@ void snmp_usm_password_to_key_sha1(const guint8 *password,
memcpy(password_buf, key, 20);
memcpy(password_buf+20, engineID, engineLength);
memcpy(password_buf+20+engineLength, key, 20);
sha1_starts(&SH);
sha1_update(&SH, password_buf, 40+engineLength);
sha1_finish(&SH, key);
return;
}
static void
process_prefs(void)
{
@ -1868,12 +1868,12 @@ process_prefs(void)
read_configs();
mibs_loaded = TRUE;
#endif /* HAVE_NET_SNMP */
if ( g_str_equal(ue_assocs_filename_loaded,ue_assocs_filename) ) return;
ue_assocs_filename_loaded = ue_assocs_filename;
if (ue_assocs) destroy_ue_assocs(ue_assocs);
if ( *ue_assocs_filename ) {
gchar* err = load_snmp_users_file(ue_assocs_filename,&ue_assocs);
if (err) report_failure("Error while loading SNMP's users file:\n%s",err);
@ -1881,18 +1881,18 @@ process_prefs(void)
ue_assocs = NULL;
}
}
/*--- proto_register_snmp -------------------------------------------*/
void proto_register_snmp(void) {
void proto_register_snmp(void) {
#if defined(_WIN32) && defined(HAVE_NET_SNMP)
char *mib_path;
int mib_path_len;
#define MIB_PATH_APPEND "snmp\\mibs"
#endif
gchar *tmp_mib_modules;
/* List of fields */
static hf_register_info hf[] = {
{ &hf_snmp_v3_flags_auth,
@ -1940,7 +1940,7 @@ void proto_register_snmp(void) {
{ &hf_snmp_decryptedPDU, {
"Decrypted ScopedPDU", "snmp.decrypted_pdu", FT_BYTES, BASE_HEX,
NULL, 0, "Decrypted PDU", HFILL }},
#include "packet-snmp-hfarr.c"
};
@ -1952,7 +1952,7 @@ void proto_register_snmp(void) {
&ett_encryptedPDU,
&ett_decrypted,
&ett_authParameters,
#include "packet-snmp-ettarr.c"
};
module_t *snmp_module;
@ -2032,11 +2032,11 @@ void proto_register_snmp(void) {
"USMuserTable file",
"The filename of the user table used for authentication and decryption",
&ue_assocs_filename);
variable_oid_dissector_table =
register_dissector_table("snmp.variable_oid",
"SNMP Variable OID", FT_STRING, BASE_NONE);
register_init_routine(renew_ue_cache);
}

2
epan/Makefile.common
View File

@ -72,7 +72,6 @@ LIBWIRESHARK_SRC = \
reassemble.c \
reedsolomon.c \
req_resp_hdrs.c \
sha1.c \
sigcomp_state_hdlr.c \
sigcomp-udvm.c \
sminmpec.c \
@ -168,7 +167,6 @@ LIBWIRESHARK_INCLUDES = \
req_resp_hdrs.h \
rtp_pt.h \
sctpppids.h \
sha1.h \
sigcomp_state_hdlr.h \
sigcomp-udvm.h \
slab.h \

6
epan/crypt/Makefile.common
View File

@ -28,20 +28,19 @@ LIBAIRPDCAP_SRC = \
airpdcap_ccmp.c \
airpdcap_debug.c \
airpdcap_rijndael.c \
airpdcap_sha1.c \
airpdcap_tkip.c \
airpdcap_wep.c \
crypt-des.c \
crypt-md4.c \
crypt-md5.c \
crypt-rc4.c
crypt-rc4.c \
crypt-sha1.c
LIBAIRPDCAP_INCLUDES = \
airpdcap_debug.h \
airpdcap_interop.h \
airpdcap_int.h \
airpdcap_rijndael.h \
airpdcap_sha1.h \
airpdcap_system.h \
airpdcap_user.h \
airpdcap_ws.h \
@ -49,4 +48,5 @@ LIBAIRPDCAP_INCLUDES = \
crypt-md4.h \
crypt-md5.h \
crypt-rc4.h \
crypt-sha1.h \
wep-wpadefs.h

10
epan/crypt/airpdcap.c
View File

@ -8,7 +8,7 @@
#include "airpdcap_system.h"
#include "airpdcap_int.h"
#include "airpdcap_sha1.h"
#include "crypt-sha1.h"
#include "crypt-md5.h"
#include "airpdcap_debug.h"
@ -985,7 +985,7 @@ INT AirPDcapRsnaMicCheck(
md5_hmac(eapol, eapol_len, KCK, AIRPDCAP_WPA_KCK_LEN, c_mic);
} else if (key_ver==AIRPDCAP_WPA_KEY_VER_AES_CCMP) {
/* use HMAC-SHA1-128 for the EAPOL-Key MIC */
AirPDcapAlgHmacSha1(KCK, AIRPDCAP_WPA_KCK_LEN, eapol, eapol_len, c_mic);
sha1_hmac(KCK, AIRPDCAP_WPA_KCK_LEN, eapol, eapol_len, c_mic);
} else
/* key descriptor version not recognized */
return AIRPDCAP_RET_UNSUCCESS;
@ -1226,7 +1226,7 @@ void AirPDcapRsnaPrfX(
for(i = 0; i < (x+159)/160; i++)
{
R[offset] = i;
AirPDcapAlgHmacSha1(pmk, 32, R, 100, ptk + i * 20);
sha1_hmac(pmk, 32, R, 100, ptk + i * 20);
}
}
@ -1247,13 +1247,13 @@ INT AirPDcapRsnaPwd2PskStep(
digest[ssidLength+1] = (UCHAR)((count>>16) & 0xff);
digest[ssidLength+2] = (UCHAR)((count>>8) & 0xff);
digest[ssidLength+3] = (UCHAR)(count & 0xff);
AirPDcapAlgHmacSha1((UCHAR *)password, strlen(password), digest, ssidLength+4, digest1);
sha1_hmac((UCHAR *)password, strlen(password), digest, ssidLength+4, digest1);
/* output = U1 */
memcpy(output, digest1, AIRPDCAP_SHA_DIGEST_LEN);
for (i = 1; i < iterations; i++) {
/* Un = PRF(P, Un-1) */
AirPDcapAlgHmacSha1((UCHAR *)password, strlen(password), digest1, AIRPDCAP_SHA_DIGEST_LEN, digest);
sha1_hmac((UCHAR *)password, strlen(password), digest1, AIRPDCAP_SHA_DIGEST_LEN, digest);
memcpy(digest1, digest, AIRPDCAP_SHA_DIGEST_LEN);
/* output = output xor Un */

366
epan/crypt/airpdcap_sha1.c
View File

@ -1,366 +0,0 @@
/* airpdcap_sha1.c
*
* $Id$
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/******************************************************************************/
/* File includes */
/* */
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include "airpdcap_sha1.h"
#include "airpdcap_debug.h"
/* */
/******************************************************************************/
#if WORDS_BIGENDIAN == 1
#define BIG_ENDIAN
#else
#define LITTLE_ENDIAN
#endif
/******************************************************************************/
/* Internal definitions */
/* */
/* Definition used in HMAC-SHA1 algorithm */
/* Note: copied from FreeBSD source code, RELENG 6, sys/opencrypto/cryptodev.h*/
#define HMAC_IPAD_VAL 0x36
#define HMAC_OPAD_VAL 0x5C
/* HMAC values */
#define SHA1_HMAC_BLOCK_LEN (64/8)
#define SHA2_512_HMAC_BLOCK_LEN (128/8)
/* Maximum HMAC block length */
#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN
/* */
/******************************************************************************/
/******************************************************************************/
/* Internal macros */
/* */
/* Shortcuts used in HMAC-SHA1 */
/* Note: copied from FreeBSD source code, RELENG 6, sys/crypto/sha1.c */
#define H(n) (ctxt->h.b32[(n)])
#define COUNT (ctxt->count)
#define BCOUNT (ctxt->c.b64[0] / 8)
#define W(n) (ctxt->m.b32[(n)])
static UINT32 _K[] = { 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 };
#define K(t) _K[(t) / 20]
#define F0(b, c, d) (((b) & (c)) | ((~(b)) & (d)))
#define F1(b, c, d) (((b) ^ (c)) ^ (d))
#define F2(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
#define F3(b, c, d) (((b) ^ (c)) ^ (d))
#define S(n, x) (((x) << (n)) | ((x) >> (32 - n)))
#define PUTPAD(x) { \
ctxt->m.b8[(COUNT % 64)] = (x); \
COUNT++; \
COUNT %= 64; \
if (COUNT % 64 == 0) \
sha1_step(ctxt); \
}
/* */
/******************************************************************************/
/******************************************************************************/
/* Function prototypes used internally */
/* */
void sha1_pad(
SHA1_CONTEXT *ctxt)
;
static void sha1_step(
SHA1_CONTEXT *ctxt)
;
/* */
/******************************************************************************/
/* TODO: check for little-endian, big-endian */
/******************************************************************************/
/* Function definitions */
/* */
/* Note: copied from FreeBSD source code, RELENG 6, sys/crypto/sha1.c, 176 */
void sha1_init(
SHA1_CONTEXT *ctxt)
{
memset(ctxt, 0, sizeof(SHA1_CONTEXT));
H(0) = 0x67452301;
H(1) = 0xefcdab89;
H(2) = 0x98badcfe;
H(3) = 0x10325476;
H(4) = 0xc3d2e1f0;
}
/* Note: copied from FreeBSD source code, RELENG 6, sys/crypto/sha1.c, 223 */
void sha1_loop(
SHA1_CONTEXT *ctxt,
const UCHAR *input,
size_t len)
{
size_t gaplen;
size_t gapstart;
size_t off;
size_t copysiz;
off = 0;
while (off < len) {
gapstart = COUNT % 64;
gaplen = 64 - gapstart;
copysiz = (gaplen < len - off) ? gaplen : len - off;
memcpy(&ctxt->m.b8[gapstart], input+off, copysiz);
COUNT += copysiz;
COUNT %= 64;
ctxt->c.b64[0] += copysiz * 8;
if (COUNT % 64 == 0)
sha1_step(ctxt);
off += copysiz;
}
}
/* Note: copied from FreeBSD source code, RELENG 6, sys/crypto/sha1.c, 91 */
static void sha1_step(
SHA1_CONTEXT *ctxt)
{
UINT32 a, b, c, d, e;
size_t t, s;
UINT32 tmp;
#ifdef LITTLE_ENDIAN
SHA1_CONTEXT tctxt;
memcpy(&tctxt.m.b8[0], &ctxt->m.b8[0], 64);
ctxt->m.b8[0] = tctxt.m.b8[3]; ctxt->m.b8[1] = tctxt.m.b8[2];
ctxt->m.b8[2] = tctxt.m.b8[1]; ctxt->m.b8[3] = tctxt.m.b8[0];
ctxt->m.b8[4] = tctxt.m.b8[7]; ctxt->m.b8[5] = tctxt.m.b8[6];
ctxt->m.b8[6] = tctxt.m.b8[5]; ctxt->m.b8[7] = tctxt.m.b8[4];
ctxt->m.b8[8] = tctxt.m.b8[11]; ctxt->m.b8[9] = tctxt.m.b8[10];
ctxt->m.b8[10] = tctxt.m.b8[9]; ctxt->m.b8[11] = tctxt.m.b8[8];
ctxt->m.b8[12] = tctxt.m.b8[15]; ctxt->m.b8[13] = tctxt.m.b8[14];
ctxt->m.b8[14] = tctxt.m.b8[13]; ctxt->m.b8[15] = tctxt.m.b8[12];
ctxt->m.b8[16] = tctxt.m.b8[19]; ctxt->m.b8[17] = tctxt.m.b8[18];
ctxt->m.b8[18] = tctxt.m.b8[17]; ctxt->m.b8[19] = tctxt.m.b8[16];
ctxt->m.b8[20] = tctxt.m.b8[23]; ctxt->m.b8[21] = tctxt.m.b8[22];
ctxt->m.b8[22] = tctxt.m.b8[21]; ctxt->m.b8[23] = tctxt.m.b8[20];
ctxt->m.b8[24] = tctxt.m.b8[27]; ctxt->m.b8[25] = tctxt.m.b8[26];
ctxt->m.b8[26] = tctxt.m.b8[25]; ctxt->m.b8[27] = tctxt.m.b8[24];
ctxt->m.b8[28] = tctxt.m.b8[31]; ctxt->m.b8[29] = tctxt.m.b8[30];
ctxt->m.b8[30] = tctxt.m.b8[29]; ctxt->m.b8[31] = tctxt.m.b8[28];
ctxt->m.b8[32] = tctxt.m.b8[35]; ctxt->m.b8[33] = tctxt.m.b8[34];
ctxt->m.b8[34] = tctxt.m.b8[33]; ctxt->m.b8[35] = tctxt.m.b8[32];
ctxt->m.b8[36] = tctxt.m.b8[39]; ctxt->m.b8[37] = tctxt.m.b8[38];
ctxt->m.b8[38] = tctxt.m.b8[37]; ctxt->m.b8[39] = tctxt.m.b8[36];
ctxt->m.b8[40] = tctxt.m.b8[43]; ctxt->m.b8[41] = tctxt.m.b8[42];
ctxt->m.b8[42] = tctxt.m.b8[41]; ctxt->m.b8[43] = tctxt.m.b8[40];
ctxt->m.b8[44] = tctxt.m.b8[47]; ctxt->m.b8[45] = tctxt.m.b8[46];
ctxt->m.b8[46] = tctxt.m.b8[45]; ctxt->m.b8[47] = tctxt.m.b8[44];
ctxt->m.b8[48] = tctxt.m.b8[51]; ctxt->m.b8[49] = tctxt.m.b8[50];
ctxt->m.b8[50] = tctxt.m.b8[49]; ctxt->m.b8[51] = tctxt.m.b8[48];
ctxt->m.b8[52] = tctxt.m.b8[55]; ctxt->m.b8[53] = tctxt.m.b8[54];
ctxt->m.b8[54] = tctxt.m.b8[53]; ctxt->m.b8[55] = tctxt.m.b8[52];
ctxt->m.b8[56] = tctxt.m.b8[59]; ctxt->m.b8[57] = tctxt.m.b8[58];
ctxt->m.b8[58] = tctxt.m.b8[57]; ctxt->m.b8[59] = tctxt.m.b8[56];
ctxt->m.b8[60] = tctxt.m.b8[63]; ctxt->m.b8[61] = tctxt.m.b8[62];
ctxt->m.b8[62] = tctxt.m.b8[61]; ctxt->m.b8[63] = tctxt.m.b8[60];
#else
#warning BIG ENDIAN 1
#endif
a = H(0); b = H(1); c = H(2); d = H(3); e = H(4);
for (t = 0; t < 20; t++) {
s = t & 0x0f;
if (t >= 16) {
W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
}
tmp = S(5, a) + F0(b, c, d) + e + W(s) + K(t);
e = d; d = c; c = S(30, b); b = a; a = tmp;
}
for (t = 20; t < 40; t++) {
s = t & 0x0f;
W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
tmp = S(5, a) + F1(b, c, d) + e + W(s) + K(t);
e = d; d = c; c = S(30, b); b = a; a = tmp;
}
for (t = 40; t < 60; t++) {
s = t & 0x0f;
W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
tmp = S(5, a) + F2(b, c, d) + e + W(s) + K(t);
e = d; d = c; c = S(30, b); b = a; a = tmp;
}
for (t = 60; t < 80; t++) {
s = t & 0x0f;
W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s));
tmp = S(5, a) + F3(b, c, d) + e + W(s) + K(t);
e = d; d = c; c = S(30, b); b = a; a = tmp;
}
H(0) = H(0) + a;
H(1) = H(1) + b;
H(2) = H(2) + c;
H(3) = H(3) + d;
H(4) = H(4) + e;
memset(&ctxt->m.b8[0], 0, 64);
}
/* Note: copied from FreeBSD source code, RELENG 6, sys/crypto/sha1.c, 188 */
void sha1_pad(
SHA1_CONTEXT *ctxt)
{
size_t padlen; /*pad length in bytes*/
size_t padstart;
PUTPAD(0x80);
padstart = COUNT % 64;
padlen = 64 - padstart;
if (padlen < 8) {
memset(&ctxt->m.b8[padstart], 0, padlen);
COUNT += padlen;
COUNT %= 64;
sha1_step(ctxt);
padstart = COUNT % 64; /* should be 0 */
padlen = 64 - padstart; /* should be 64 */
}
memset(&ctxt->m.b8[padstart], 0, padlen - 8);
COUNT += (padlen - 8);
COUNT %= 64;
#ifdef BIG_ENDIAN
#warning BIG ENDIAN 2
PUTPAD(ctxt->c.b8[0]); PUTPAD(ctxt->c.b8[1]);
PUTPAD(ctxt->c.b8[2]); PUTPAD(ctxt->c.b8[3]);
PUTPAD(ctxt->c.b8[4]); PUTPAD(ctxt->c.b8[5]);
PUTPAD(ctxt->c.b8[6]); PUTPAD(ctxt->c.b8[7]);
#else
PUTPAD(ctxt->c.b8[7]); PUTPAD(ctxt->c.b8[6]);
PUTPAD(ctxt->c.b8[5]); PUTPAD(ctxt->c.b8[4]);
PUTPAD(ctxt->c.b8[3]); PUTPAD(ctxt->c.b8[2]);
PUTPAD(ctxt->c.b8[1]); PUTPAD(ctxt->c.b8[0]);
#endif
}
/* Note: copied from FreeBSD source code, RELENG 6, sys/crypto/sha1.c, 251 */
void sha1_result(
SHA1_CONTEXT *ctxt,
UCHAR *digest0)
{
UINT8 *digest;
digest = (UINT8 *)digest0;
sha1_pad(ctxt);
#ifdef BIG_ENDIAN
#warning BIG ENDIAN 3
bcopy(&ctxt->h.b8[0], digest, 20);
#else
digest[0] = ctxt->h.b8[3]; digest[1] = ctxt->h.b8[2];
digest[2] = ctxt->h.b8[1]; digest[3] = ctxt->h.b8[0];
digest[4] = ctxt->h.b8[7]; digest[5] = ctxt->h.b8[6];
digest[6] = ctxt->h.b8[5]; digest[7] = ctxt->h.b8[4];
digest[8] = ctxt->h.b8[11]; digest[9] = ctxt->h.b8[10];
digest[10] = ctxt->h.b8[9]; digest[11] = ctxt->h.b8[8];
digest[12] = ctxt->h.b8[15]; digest[13] = ctxt->h.b8[14];
digest[14] = ctxt->h.b8[13]; digest[15] = ctxt->h.b8[12];
digest[16] = ctxt->h.b8[19]; digest[17] = ctxt->h.b8[18];
digest[18] = ctxt->h.b8[17]; digest[19] = ctxt->h.b8[16];
#endif
}
void AirPDcapAlgHmacSha1(
const UCHAR *key_len,
const size_t keylen,
UCHAR *buffer,
const size_t digest_len,
UCHAR digest[20])
{
//INT i;
//SHA1_CONTEXT ictx;
//SHA1_CONTEXT octx;
//UCHAR tmpkey[64];
//UCHAR tmp[HMAC_MAX_BLOCK_LEN];
//memset(tmpkey, 0, sizeof(tmpkey));
//memset(tmp, 0, sizeof(tmp));
//memcpy(tmpkey, key_len, keylen);
//for(i = 0; i<keylen; i++)
// tmpkey[i] ^= HMAC_IPAD_VAL;
//sha1_init(&ictx);
//sha1_loop(&ictx, tmpkey, keylen);
//sha1_loop(&ictx, tmp, HMAC_MAX_BLOCK_LEN-keylen);
//for(i = 0; i<keylen; i++)
// tmpkey[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
//sha1_init(&octx);
//sha1_loop(&octx, tmpkey, keylen);
//sha1_loop(&octx, tmp, HMAC_MAX_BLOCK_LEN-keylen);
//for(i = 0; i<keylen; i++)
// tmpkey[i] ^= HMAC_OPAD_VAL;
//sha1_loop(&ictx, buffer, digest_len);
//sha1_result(&ictx, digest);
//sha1_loop(&octx, digest, 20);
//sha1_result(&octx, digest);
INT i;
SHA1_CONTEXT ictx, octx;
UCHAR tmpkey[64];
UCHAR tmp[20];
memset(tmpkey, 0, sizeof(tmpkey));
memcpy(tmpkey, key_len, keylen);
for(i = 0; i<64; i++)
tmpkey[i] ^= HMAC_IPAD_VAL;
sha1_init(&ictx);
sha1_loop(&ictx, tmpkey, 64);
for(i = 0; i<64; i++)
tmpkey[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL);
sha1_init(&octx);
sha1_loop(&octx, tmpkey, 64);
sha1_loop(&ictx, buffer, digest_len);
sha1_result(&ictx, tmp);
sha1_loop(&octx, tmp, 20);
sha1_result(&octx, digest);
}
/* */
/******************************************************************************/

53
epan/crypt/airpdcap_sha1.h
View File

@ -1,53 +0,0 @@
#ifndef _AIRPDCAP_SHA1
#define _AIRPDCAP_SHA1
/******************************************************************************/
/* File includes */
/* */
#include "airpdcap_interop.h"
/* */
/* */
/******************************************************************************/
/******************************************************************************/
/* Definitions */
/* */
/* Maximum HMAC block length */
#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN
#define HMAC_IPAD_VAL 0x36
#define HMAC_OPAD_VAL 0x5C
/* */
/******************************************************************************/
typedef /******************************************************************************/
/* Type definitions */
/* */
/* Note: copied from FreeBSD source code, RELENG 6, sys/crypto/sha1.h, 41 */
struct _SHA1_CONTEXT {
union {
UCHAR b8[20];
UINT b32[5];
} h;
union {
UCHAR b8[8];
ULONGLONG b64[1];
} c;
union {
UCHAR b8[64];
UINT b32[16];
} m;
size_t count;
} SHA1_CONTEXT;
/* */
/******************************************************************************/
/******************************************************************************/
/* External function prototypes declarations */
/* */
/* */
/******************************************************************************/
void sha1_init(SHA1_CONTEXT *ctxt);
void sha1_result(SHA1_CONTEXT *ctxt, UCHAR *digest0);
void sha1_loop(SHA1_CONTEXT *ctxt, const UCHAR *input, size_t len);
#endif

8
epan/crypt/airpdcap_system.h
View File

@ -312,14 +312,6 @@ extern INT AirPDcapTkipDecrypt(
UCHAR TA[AIRPDCAP_MAC_LEN],
UCHAR TK[AIRPDCAP_TK_LEN])
;
extern void AirPDcapAlgHmacSha1(
const UCHAR *key_len,
const size_t keylen,
UCHAR *buffer,
const size_t digest_len,
UCHAR digest[20])
;
#ifdef __cplusplus
}

16
epan/sha1.c → epan/crypt/crypt-sha1.c
View File

@ -27,7 +27,7 @@
#include <string.h>
#include <glib.h>
#include <epan/sha1.h>
#include <epan/crypt/crypt-sha1.h>
#define GET_UINT32(n,b,i) \
{ \
@ -301,28 +301,28 @@ void sha1_hmac( const guint8 *key, guint keylen, const guint8 *buf, guint buflen
guint8 k_ipad[64];
guint8 k_opad[64];
guint8 tmpbuf[20];
memset( k_ipad, 0x36, 64 );
memset( k_opad, 0x5C, 64 );
for( i = 0; i < keylen; i++ )
{
if( i >= 64 ) break;
k_ipad[i] ^= key[i];
k_opad[i] ^= key[i];
}
sha1_starts( &ctx );
sha1_update( &ctx, k_ipad, 64 );
sha1_update( &ctx, buf, buflen );
sha1_finish( &ctx, tmpbuf );
sha1_starts( &ctx );
sha1_update( &ctx, k_opad, 64 );
sha1_update( &ctx, tmpbuf, 20 );
sha1_finish( &ctx, digest );
memset( k_ipad, 0, 64 );
memset( k_opad, 0, 64 );
memset( tmpbuf, 0, 20 );
@ -339,7 +339,7 @@ void sha1_hmac( const guint8 *key, guint keylen, const guint8 *buf, guint buflen
* those are the standard FIPS-180-1 test vectors
*/
static char *msg[] =
static char *msg[] =
{
"abc",
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",

6
epan/sha1.h → epan/crypt/crypt-sha1.h
View File

@ -24,8 +24,8 @@
* References: http://www.ietf.org/rfc/rfc3174.txt?number=3174
*/
#ifndef _SHA1_H
#define _SHA1_H
#ifndef _CRYPT_SHA1_H
#define _CRYPT_SHA1_H
typedef struct
@ -42,4 +42,4 @@ void sha1_finish( sha1_context *ctx, guint8 digest[20] );
void sha1_hmac( const guint8 *key, guint keylen, const guint8 *buf, guint buflen,
guint8 digest[20] );
#endif /* sha1.h */
#endif /* crypt-sha1.h */

12
epan/dissectors/packet-cms.c
View File

@ -1,6 +1,6 @@
/* Do not modify this file. */
/* It is created automatically by the ASN.1 to Wireshark dissector compiler */
/* .\packet-cms.c */
/* ./packet-cms.c */
/* ../../tools/asn2wrs.py -b -e -p cms -c cms.cnf -s packet-cms-template CryptographicMessageSyntax.asn */
/* Input file: packet-cms-template.c */
@ -48,7 +48,7 @@
#include "packet-x509af.h"
#include "packet-x509if.h"
#include <epan/sha1.h>
#include <epan/crypt/crypt-sha1.h>
#include <epan/crypt/crypt-md5.h>
#define PNAME "Cryptographic Message Syntax"
@ -453,7 +453,7 @@ dissect_cms_T_eContent(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, pac
pdu_offset = get_ber_identifier(tvb, pdu_offset, &class, &pc, &tag);
content_offset = pdu_offset = get_ber_length(tree, tvb, pdu_offset, &len, &ind);
pdu_offset = call_ber_oid_callback(object_identifier_id, tvb, pdu_offset, pinfo, top_tree ? top_tree : tree);
content_tvb = tvb_new_subset(tvb, content_offset, len, -1);
@ -494,7 +494,7 @@ dissect_cms_T_attrType(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, pac
if(object_identifier_id) {
name = get_oid_str_name(object_identifier_id);
proto_item_append_text(tree, " (%s)", name ? name : object_identifier_id);
proto_item_append_text(tree, " (%s)", name ? name : object_identifier_id);
}
@ -1487,14 +1487,14 @@ dissect_cms_MessageDigest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset,
offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
NULL);
pi = get_ber_last_created_item();
/* move past TLV */
old_offset = get_ber_identifier(tvb, old_offset, NULL, NULL, NULL);
old_offset = get_ber_length(tree, tvb, old_offset, NULL, NULL);
if(content_tvb)
if(content_tvb)
cms_verify_msg_digest(pi, content_tvb, x509af_get_last_algorithm_id(), tvb, old_offset);

2
epan/dissectors/packet-cms.h
View File

@ -1,6 +1,6 @@
/* Do not modify this file. */
/* It is created automatically by the ASN.1 to Wireshark dissector compiler */
/* .\packet-cms.h */
/* ./packet-cms.h */
/* ../../tools/asn2wrs.py -b -e -p cms -c cms.cnf -s packet-cms-template CryptographicMessageSyntax.asn */
/* Input file: packet-cms-template.h */

192
epan/dissectors/packet-snmp.c
View File

@ -104,7 +104,7 @@
#include "packet-snmp.h"
#include "format-oid.h"
#include <epan/sha1.h>
#include <epan/crypt/crypt-sha1.h>
#include <epan/crypt/crypt-md5.h>
#include <epan/expert.h>
#include <epan/report_err.h>
@ -1192,14 +1192,14 @@ static void renew_ue_cache(void) {
localized_ues = NULL;
unlocalized_ues = NULL;
for(a = ue_assocs; a->user.userName.data; a++) {
if (a->engine.data) {
CACHE_INSERT(localized_ues,a);
} else {
CACHE_INSERT(unlocalized_ues,a);
}
}
}
}
@ -1208,10 +1208,10 @@ static void renew_ue_cache(void) {
static snmp_ue_assoc_t* localize_ue( snmp_ue_assoc_t* o, const guint8* engine, guint engine_len ) {
snmp_ue_assoc_t* n = se_memdup(o,sizeof(snmp_ue_assoc_t));
guint key_size = n->user.authModel->key_size;
n->engine.data = se_memdup(engine,engine_len);
n->engine.len = engine_len;
n->user.authKey.data = se_alloc(key_size);
n->user.authKey.len = key_size;
n->user.authModel->pass2key(n->user.authPassword.data,
@ -1247,22 +1247,22 @@ static snmp_ue_assoc_t* get_user_assoc(tvbuff_t* engine_tvb, tvbuff_t* user_tvb)
guint8* given_username;
guint given_engine_len;
guint8* given_engine;
if ( ! (localized_ues || unlocalized_ues ) ) return NULL;
if (! ( user_tvb && engine_tvb ) ) return NULL;
given_username_len = tvb_length_remaining(user_tvb,0);
given_username = ep_tvb_memdup(user_tvb,0,-1);
given_engine_len = tvb_length_remaining(engine_tvb,0);
given_engine = ep_tvb_memdup(engine_tvb,0,-1);
for (a = localized_ues; a; a = a->next) {
if ( localized_match(a, given_username, given_username_len, given_engine, given_engine_len) ) {
return a;
}
}
for (a = unlocalized_ues; a; a = a->next) {
if ( unlocalized_match(a, given_username, given_username_len) ) {
snmp_ue_assoc_t* n = localize_ue( a, given_engine, given_engine_len );
@ -1270,21 +1270,21 @@ static snmp_ue_assoc_t* get_user_assoc(tvbuff_t* engine_tvb, tvbuff_t* user_tvb)
return n;
}
}
return NULL;
}
static void destroy_ue_assocs(snmp_ue_assoc_t* assocs) {
if (assocs) {
snmp_ue_assoc_t* a;
for(a = assocs; a->user.userName.data; a++) {
g_free(a->user.userName.data);
if (a->user.authKey.data) g_free(a->user.authKey.data);
if (a->user.privKey.data) g_free(a->user.privKey.data);
if (a->engine.data) g_free(a->engine.data);
}
g_free(ue_assocs);
}
}
@ -1301,31 +1301,31 @@ gboolean snmp_usm_auth_md5(snmp_usm_params_t* p, guint8** calc_auth_p, guint* ca
guint start;
guint end;
guint i;
if (!p->auth_tvb) {
*error = "No Authenticator";
return FALSE;
return FALSE;
}
key = p->user_assoc->user.authKey.data;
key_len = p->user_assoc->user.authKey.len;
if (! key ) {
*error = "User has no authKey";
return FALSE;
}
auth_len = tvb_length_remaining(p->auth_tvb,0);
if (auth_len != 12) {
*error = "Authenticator length wrong";
return FALSE;
}
msg_len = tvb_length_remaining(p->msg_tvb,0);
msg = ep_tvb_memdup(p->msg_tvb,0,msg_len);
auth = ep_tvb_memdup(p->auth_tvb,0,auth_len);
@ -1338,7 +1338,7 @@ gboolean snmp_usm_auth_md5(snmp_usm_params_t* p, guint8** calc_auth_p, guint* ca
}
md5_hmac(msg, msg_len, key, key_len, calc_auth);
if (calc_auth_p) *calc_auth_p = calc_auth;
if (calc_auth_len_p) *calc_auth_len_p = 12;
@ -1357,47 +1357,47 @@ gboolean snmp_usm_auth_sha1(snmp_usm_params_t* p _U_, guint8** calc_auth_p, guin
guint start;
guint end;
guint i;
if (!p->auth_tvb) {
*error = "No Authenticator";
return FALSE;
return FALSE;
}
key = p->user_assoc->user.authKey.data;
key_len = p->user_assoc->user.authKey.len;
if (! key ) {
*error = "User has no authKey";
return FALSE;
}
auth_len = tvb_length_remaining(p->auth_tvb,0);
if (auth_len != 12) {
*error = "Authenticator length wrong";
return FALSE;
}
msg_len = tvb_length_remaining(p->msg_tvb,0);
msg = ep_tvb_memdup(p->msg_tvb,0,msg_len);
auth = ep_tvb_memdup(p->auth_tvb,0,auth_len);
start = p->auth_offset - p->start_offset;
end = start + auth_len;
/* fill the authenticator with zeros */
for ( i = start ; i < end ; i++ ) {
msg[i] = '\0';
}
sha1_hmac(key, key_len, msg, msg_len, calc_auth);
if (calc_auth_p) *calc_auth_p = calc_auth;
if (calc_auth_len_p) *calc_auth_len_p = 12;
return ( memcmp(auth,calc_auth,12) != 0 ) ? FALSE : TRUE;
}
@ -1405,7 +1405,7 @@ tvbuff_t* snmp_usm_priv_des(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U
#ifdef HAVE_LIBGCRYPT
gcry_error_t err;
gcry_cipher_hd_t hd = NULL;
guint8* cleartext;
guint8* des_key = p->user_assoc->user.privKey.data; /* first 8 bytes */
guint8* pre_iv = &(p->user_assoc->user.privKey.data[8]); /* last 8 bytes */
@ -1416,14 +1416,14 @@ tvbuff_t* snmp_usm_priv_des(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U
tvbuff_t* clear_tvb;
guint8 iv[8];
guint i;
salt_len = tvb_length_remaining(p->priv_tvb,0);
if (salt_len != 8) {
*error = "decryptionError: msgPrivacyParameters lenght != 8";
return NULL;
}
}
salt = ep_tvb_memdup(p->priv_tvb,0,salt_len);
@ -1440,29 +1440,29 @@ tvbuff_t* snmp_usm_priv_des(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U
*error = "decryptionError: the length of the encrypted data is not a mutiple of 8 octets";
return NULL;
}
cryptgrm = ep_tvb_memdup(encryptedData,0,-1);
cleartext = ep_alloc(cryptgrm_len);
err = gcry_cipher_open(&hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_setiv(hd, iv, 8);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_setkey(hd,des_key,8);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_decrypt(hd, cleartext, cryptgrm_len, cryptgrm, cryptgrm_len);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
gcry_cipher_close(hd);
clear_tvb = tvb_new_real_data(cleartext, cryptgrm_len, cryptgrm_len);
return clear_tvb;
on_gcry_error:
*error = (void*)gpg_strerror(err);
if (hd) gcry_cipher_close(hd);
@ -1477,7 +1477,7 @@ tvbuff_t* snmp_usm_priv_aes(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U
#ifdef HAVE_LIBGCRYPT
gcry_error_t err;
gcry_cipher_hd_t hd = NULL;
guint8* cleartext;
guint8* aes_key = p->user_assoc->user.privKey.data; /* first 16 bytes */
guint8 iv[16];
@ -1487,12 +1487,12 @@ tvbuff_t* snmp_usm_priv_aes(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U
tvbuff_t* clear_tvb;
priv_len = tvb_length_remaining(p->priv_tvb,0);
if (priv_len != 8) {
*error = "decryptionError: msgPrivacyParameters lenght != 8";
return NULL;
}
}
iv[0] = (p->boots & 0xff000000) >> 24;
iv[1] = (p->boots & 0x00ff0000) >> 16;
iv[2] = (p->boots & 0x0000ff00) >> 8;
@ -1502,30 +1502,30 @@ tvbuff_t* snmp_usm_priv_aes(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U
iv[6] = (p->time & 0x0000ff00) >> 8;
iv[7] = (p->time & 0x000000ff);
tvb_memcpy(p->priv_tvb,&(iv[8]),0,8);
cryptgrm_len = tvb_length_remaining(encryptedData,0);
cryptgrm = ep_tvb_memdup(encryptedData,0,-1);
cleartext = ep_alloc(cryptgrm_len);
err = gcry_cipher_open(&hd, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 0);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_setiv(hd, iv, 16);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_setkey(hd,aes_key,16);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
err = gcry_cipher_decrypt(hd, cleartext, cryptgrm_len, cryptgrm, cryptgrm_len);
if (err != GPG_ERR_NO_ERROR) goto on_gcry_error;
gcry_cipher_close(hd);
clear_tvb = tvb_new_real_data(cleartext, cryptgrm_len, cryptgrm_len);
return clear_tvb;
on_gcry_error:
*error = (void*)gpg_strerror(err);
if (hd) gcry_cipher_close(hd);
@ -1547,29 +1547,29 @@ gboolean check_ScopedPdu(tvbuff_t* tvb) {
offset = get_ber_identifier(tvb, 0, &class, &pc, &tag);
offset = get_ber_length(NULL, tvb, offset, NULL, NULL);
if ( ! (((class!=BER_CLASS_APP) && (class!=BER_CLASS_PRI) )
&& ( (!pc) || (class!=BER_CLASS_UNI) || (tag!=BER_UNI_TAG_ENUMERATED) )
)) return FALSE;
if((tvb_get_guint8(tvb, offset)==0)&&(tvb_get_guint8(tvb, offset+1)==0))
return TRUE;
hoffset = offset;
offset = get_ber_identifier(tvb, offset, &class, &pc, &tag);
offset = get_ber_length(NULL, tvb, offset, &len, NULL);
eoffset = offset + len;
if (eoffset <= hoffset) return FALSE;
if ((class!=BER_CLASS_APP)&&(class!=BER_CLASS_PRI))
if( (class!=BER_CLASS_UNI)
||((tag<BER_UNI_TAG_NumericString)&&(tag!=BER_UNI_TAG_OCTETSTRING)&&(tag!=BER_UNI_TAG_UTF8String)) )
return FALSE;
return TRUE;
}
@ -3238,7 +3238,7 @@ dissect_snmp_pdu(tvbuff_t *tvb, int offset, packet_info *pinfo,
usm_p.boots = 0;
usm_p.time = 0;
usm_p.authOK = FALSE;
/*
* This will throw an exception if we don't have any data left.
* That's what we want. (See "tcp_dissect_pdus()", which is
@ -3471,7 +3471,7 @@ dissect_smux(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
/*
MD5 Password to Key Algorithm
from RFC 3414 A.2.1
from RFC 3414 A.2.1
*/
void snmp_usm_password_to_key_md5(const guint8 *password,
guint passwordlen,
@ -3484,7 +3484,7 @@ void snmp_usm_password_to_key_md5(const guint8 *password,
guint32 count = 0, i;
guint8 key1[16];
md5_init(&MD); /* initialize MD5 */
/**********************************************/
/* Use while loop until we've done 1 Megabyte */
/**********************************************/
@ -3501,31 +3501,31 @@ void snmp_usm_password_to_key_md5(const guint8 *password,
count += 64;
}
md5_finish(&MD, key1); /* tell MD5 we're done */
/*****************************************************/
/* Now localize the key with the engineID and pass */
/* through MD5 to produce final key */
/* May want to ensure that engineLength <= 32, */
/* otherwise need to use a buffer larger than 64 */
/*****************************************************/
md5_init(&MD);
md5_append(&MD, key1, 16);
md5_append(&MD, engineID, engineLength);
md5_append(&MD, key1, 16);
md5_finish(&MD, key);
return;
}
/*
SHA1 Password to Key Algorithm COPIED from RFC 3414 A.2.2
*/
void snmp_usm_password_to_key_sha1(const guint8 *password,
void snmp_usm_password_to_key_sha1(const guint8 *password,
guint passwordlen,
const guint8 *engineID,
guint engineLength,
@ -3534,9 +3534,9 @@ void snmp_usm_password_to_key_sha1(const guint8 *password,
guint8 *cp, password_buf[72];
guint32 password_index = 0;
guint32 count = 0, i;
sha1_starts(&SH); /* initialize SHA */
/**********************************************/
/* Use while loop until we've done 1 Megabyte */
/**********************************************/
@ -3553,7 +3553,7 @@ void snmp_usm_password_to_key_sha1(const guint8 *password,
count += 64;
}
sha1_finish(&SH, key);
/*****************************************************/
/* Now localize the key with the engineID and pass */
/* through SHA to produce final key */
@ -3563,14 +3563,14 @@ void snmp_usm_password_to_key_sha1(const guint8 *password,
memcpy(password_buf, key, 20);
memcpy(password_buf+20, engineID, engineLength);
memcpy(password_buf+20+engineLength, key, 20);
sha1_starts(&SH);
sha1_update(&SH, password_buf, 40+engineLength);
sha1_finish(&SH, key);
return;
}
static void
process_prefs(void)
{
@ -3625,12 +3625,12 @@ process_prefs(void)
read_configs();
mibs_loaded = TRUE;
#endif /* HAVE_NET_SNMP */
if ( g_str_equal(ue_assocs_filename_loaded,ue_assocs_filename) ) return;
ue_assocs_filename_loaded = ue_assocs_filename;
if (ue_assocs) destroy_ue_assocs(ue_assocs);
if ( *ue_assocs_filename ) {
gchar* err = load_snmp_users_file(ue_assocs_filename,&ue_assocs);
if (err) report_failure("Error while loading SNMP's users file:\n%s",err);
@ -3638,18 +3638,18 @@ process_prefs(void)
ue_assocs = NULL;
}
}
/*--- proto_register_snmp -------------------------------------------*/
void proto_register_snmp(void) {
void proto_register_snmp(void) {
#if defined(_WIN32) && defined(HAVE_NET_SNMP)
char *mib_path;
int mib_path_len;
#define MIB_PATH_APPEND "snmp\\mibs"
#endif
gchar *tmp_mib_modules;
/* List of fields */
static hf_register_info hf[] = {
{ &hf_snmp_v3_flags_auth,
@ -3697,7 +3697,7 @@ void proto_register_snmp(void) {
{ &hf_snmp_decryptedPDU, {
"Decrypted ScopedPDU", "snmp.decrypted_pdu", FT_BYTES, BASE_HEX,
NULL, 0, "Decrypted PDU", HFILL }},
/*--- Included file: packet-snmp-hfarr.c ---*/
#line 1 "packet-snmp-hfarr.c"
@ -4046,7 +4046,7 @@ void proto_register_snmp(void) {
&ett_encryptedPDU,
&ett_decrypted,
&ett_authParameters,
/*--- Included file: packet-snmp-ettarr.c ---*/
#line 1 "packet-snmp-ettarr.c"
@ -4155,11 +4155,11 @@ void proto_register_snmp(void) {
"USMuserTable file",
"The filename of the user table used for authentication and decryption",
&ue_assocs_filename);
variable_oid_dissector_table =
register_dissector_table("snmp.variable_oid",
"SNMP Variable OID", FT_STRING, BASE_NONE);
register_init_routine(renew_ue_cache);
}

312
epan/sigcomp-udvm.c
View File

File diff suppressed because it is too large Load Diff