From 2a8a604a1d8d696c7bd1a3aa4aecaaf495fe3c48 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 14 Aug 2019 14:55:14 +0200
Subject: packet-dcerpc-netlogon: split out uncrypt_sequence_strong()

Change-Id: Ie58377b319632c74ad61c2df42e690466b5c5608
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/35590
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 epan/dissectors/packet-dcerpc-netlogon.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/epan/dissectors/packet-dcerpc-netlogon.c b/epan/dissectors/packet-dcerpc-netlogon.c
index 46107b6eba..502a59ba05 100644
--- a/epan/dissectors/packet-dcerpc-netlogon.c
+++ b/epan/dissectors/packet-dcerpc-netlogon.c
@@ -7651,7 +7651,7 @@ static int get_seal_key(const guint8 *session_key,int key_len,guint64 sequence,g
 
 }
 
-static guint64 uncrypt_sequence(guint8* session_key,guint64 checksum,guint64 enc_seq,unsigned char is_server _U_)
+static guint64 uncrypt_sequence_strong(guint8* session_key,guint64 checksum,guint64 enc_seq,unsigned char is_server _U_)
 {
     guint8 zeros[4] = { 0 };
     guint8 buf[HASH_MD5_LENGTH];
@@ -7685,6 +7685,20 @@ static guint64 uncrypt_sequence(guint8* session_key,guint64 checksum,guint64 enc
     return enc_seq;
 }
 
+static guint64 uncrypt_sequence(guint32 flags, guint8* session_key,guint64 checksum,guint64 enc_seq,unsigned char is_server _U_)
+{
+    if (flags & NETLOGON_FLAG_AES) {
+        /* TODO */
+        return 0;
+    }
+
+    if (flags & NETLOGON_FLAG_STRONGKEY) {
+        return uncrypt_sequence_strong(session_key, checksum, enc_seq, is_server);
+    }
+
+    return 0;
+}
+
 static tvbuff_t *
 dissect_packet_data(tvbuff_t *tvb ,tvbuff_t *auth_tvb _U_,
                     int offset , packet_info *pinfo ,dcerpc_auth_info *auth_info _U_,unsigned char is_server)
@@ -7813,7 +7827,7 @@ dissect_secchan_verf(tvbuff_t *tvb, int offset, packet_info *pinfo,
         else {
             if(update_vars) {
                 vars->confounder = confounder;
-                vars->seq = uncrypt_sequence(vars->session_key,digest,encrypted_seq,is_server);
+                vars->seq = uncrypt_sequence(vars->flags,vars->session_key,digest,encrypted_seq,is_server);
             }
 
             if(get_seal_key(vars->session_key,16,vars->seq,vars->encryption_key))
-- 
cgit v1.2.3