aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2019-08-14 15:33:12 +0200
committerAnders Broman <a.broman58@gmail.com>2020-01-07 12:39:32 +0000
commitfe7a0b4b974ca74c133c20f5dc159fb3217385fb (patch)
tree004ef5cd20097db439ff0f1eb5b43c8b123b3366
parent2a8a604a1d8d696c7bd1a3aa4aecaaf495fe3c48 (diff)
packet-dcerpc-netlogon: split out prepare_decryption_cipher[_strong]()
Change-Id: Ie63c2d0311be058c5694245d8576ea75d7e6bc14 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/35591 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
-rw-r--r--epan/dissectors/packet-dcerpc-netlogon.c67
1 files changed, 56 insertions, 11 deletions
diff --git a/epan/dissectors/packet-dcerpc-netlogon.c b/epan/dissectors/packet-dcerpc-netlogon.c
index 502a59ba05..ad270ca190 100644
--- a/epan/dissectors/packet-dcerpc-netlogon.c
+++ b/epan/dissectors/packet-dcerpc-netlogon.c
@@ -7699,6 +7699,49 @@ static guint64 uncrypt_sequence(guint32 flags, guint8* session_key,guint64 check
return 0;
}
+static gcry_error_t prepare_decryption_cipher_strong(const guint8* decryption_key,
+ gcry_cipher_hd_t *_cipher_hd)
+{
+ gcry_error_t err;
+ gcry_cipher_hd_t cipher_hd = NULL;
+
+ /* Open the cipher */
+ err = gcry_cipher_open(&cipher_hd, GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM, 0);
+ if (err != 0) {
+ g_warning("GCRY: chiper open %s/%s\n", gcry_strsource(err), gcry_strerror(err));
+ return err;
+ }
+
+ /* Set the key */
+ err = gcry_cipher_setkey(cipher_hd, decryption_key, 16);
+ if (err != 0) {
+ g_warning("GCRY: setkey %s/%s\n", gcry_strsource(err), gcry_strerror(err));
+ gcry_cipher_close(cipher_hd);
+ return err;
+ }
+
+ *_cipher_hd = cipher_hd;
+ return 0;
+}
+
+static gcry_error_t prepare_decryption_cipher(guint32 flags,
+ const guint8* decryption_key,
+ gcry_cipher_hd_t *_cipher_hd)
+{
+ *_cipher_hd = NULL;
+
+ if (flags & NETLOGON_FLAG_AES) {
+ /* TODO */
+ return GPG_ERR_UNSUPPORTED_ALGORITHM;
+ }
+
+ if (flags & NETLOGON_FLAG_STRONGKEY) {
+ return prepare_decryption_cipher_strong(decryption_key, _cipher_hd);
+ }
+
+ return GPG_ERR_UNSUPPORTED_ALGORITHM;
+}
+
static tvbuff_t *
dissect_packet_data(tvbuff_t *tvb ,tvbuff_t *auth_tvb _U_,
int offset , packet_info *pinfo ,dcerpc_auth_info *auth_info _U_,unsigned char is_server)
@@ -7723,7 +7766,8 @@ dissect_packet_data(tvbuff_t *tvb ,tvbuff_t *auth_tvb _U_,
}
else {
if(vars->can_decrypt == TRUE) {
- gcry_cipher_hd_t rc4_handle;
+ gcry_error_t err;
+ gcry_cipher_hd_t cipher_hd = NULL;
int data_len;
guint64 copyconfounder = vars->confounder;
@@ -7731,18 +7775,19 @@ dissect_packet_data(tvbuff_t *tvb ,tvbuff_t *auth_tvb _U_,
if (data_len < 0) {
return NULL;
}
- if (gcry_cipher_open (&rc4_handle, GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM, 0)) {
- return NULL;
- }
- if (gcry_cipher_setkey(rc4_handle, vars->encryption_key, 16)) {
- gcry_cipher_close(rc4_handle);
- return NULL;
+ err = prepare_decryption_cipher(vars->flags,
+ vars->encryption_key,
+ &cipher_hd);
+ if (err != 0) {
+ g_warning("GCRY: prepare_decryption_cipher %s/%s\n",
+ gcry_strsource(err), gcry_strerror(err));
+ return NULL;
}
- gcry_cipher_decrypt(rc4_handle, (guint8*)&copyconfounder, 8, NULL, 0);
+ gcry_cipher_decrypt(cipher_hd, (guint8*)&copyconfounder, 8, NULL, 0);
decrypted = (guint8*)tvb_memdup(pinfo->pool, tvb, offset,data_len);
- gcry_cipher_reset(rc4_handle);
- gcry_cipher_decrypt(rc4_handle, decrypted, data_len, NULL, 0);
- gcry_cipher_close(rc4_handle);
+ gcry_cipher_reset(cipher_hd);
+ gcry_cipher_decrypt(cipher_hd, decrypted, data_len, NULL, 0);
+ gcry_cipher_close(cipher_hd);
buf = tvb_new_child_real_data(tvb, decrypted, data_len, data_len);
/* Note: caller does add_new_data_source(...) */
}