osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Allocate the unwrapped key in AES_unwrap(). 

Have it allocate the buffer for the unwrapped key and return a pointer
to it, rather than having it be handed a buffer for that key.

That makes it a bit easier to validate, in AES_unwrap, that we don't
write past the end of the buffer.

Change-Id: Id02852c23054b3ed33eeeb383e7aa6cf12d02ed9
Reviewed-on: https://code.wireshark.org/review/8371
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit is contained in:
Guy Harris 2015-05-09 19:17:57 -07:00
parent acf7985f73
commit 1507b4a417
3 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
epan/crypt/airpdcap.c
View File

@ -390,10 +390,8 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption
else
sa->wpa.key_ver = (key_bytes_len >= (TKIP_GROUP_KEYBYTES_LEN))?AIRPDCAP_WPA_KEY_VER_NOT_CCMP:AIRPDCAP_WPA_KEY_VER_AES_CCMP;
/* This storage is needed for the AES_unwrap function */
decrypted_data = (guint8 *) g_malloc(key_bytes_len);
AES_unwrap(decryption_key, 16, szEncryptedKey, key_bytes_len, decrypted_data);
/* Unwrap the key; the result is key_bytes_len in length */
decrypted_data = AES_unwrap(decryption_key, 16, szEncryptedKey, key_bytes_len);
/* With WPA2 what we get after Broadcast Key decryption is an actual RSN structure.
The key itself is stored as a GTK KDE

19
epan/crypt/airpdcap_rijndael.c
View File

@ -38,26 +38,29 @@
This function is used to unwrap an encrypted AES key. One example of its use is
in the WPA-2 protocol to get the group key.
*/
UCHAR
AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len, UCHAR *output)
UCHAR *
AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len)
{
UCHAR *output;
UCHAR a[8], b[16];
UCHAR *r;
UCHAR *c;
gint16 i, j, n;
rijndael_ctx ctx;
if (! kek || cipher_len < 16 || ! cipher_text || ! output) {
return 1; /* We don't do anything with the return value */
if (kek == NULL || cipher_len < 16 || cipher_text == NULL) {
return NULL; /* "should not happen" */
}
/* Allocate buffer for the unwrapped key */
output = (guint8 *) g_malloc(cipher_len);
/* Initialize variables */
n = (cipher_len/8)-1; /* the algorithm works on 64-bits at a time */
memcpy(a, cipher_text, 8);
r = output;
c = cipher_text;
memcpy(r, c+8, cipher_len - 8);
memcpy(r, cipher_text+8, cipher_len - 8);
/* Compute intermediate values */
@ -84,7 +87,7 @@ AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len, UC
/* DEBUG_DUMP("a", a, 8); */
/* DEBUG_DUMP("output", output, cipher_len - 8); */
return 0;
return output;
}
/* */

2
epan/crypt/airpdcap_rijndael.h
View File

@ -38,7 +38,7 @@
/******************************************************************************/
/* Type definitions */
/* */
UCHAR AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len, UCHAR *output);
UCHAR *AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len);
/* */
/******************************************************************************/