smb2: add support for AES-128-GCM decryption

epan/dissectors/packet-smb2.c:

- factor out decryption code from transform header dissector
- rewrite CCM decryption to use the proper gcrypt cipher
- add GCM support
- change weird 1 element CCM bitmask to value_string

test/suite_decryption.py: add smb2 GCM decryption test

- add one test
- add a new capture to test smb3.1.1 AES-128-GCM decryption

Change-Id: Id5ab75e1830bc24ace9f9b2f2dbd5a3c20666d52
Reviewed-on: https://code.wireshark.org/review/33600
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

2 files changed, 14 insertions, 0 deletions

diff --git a/test/captures/smb311-aes-128-gcm.pcap.gz b/test/captures/smb311-aes-128-gcm.pcap.gz
new file mode 100644
index 0000000000..02e34a90da
--- /dev/null
+++ b/test/captures/smb311-aes-128-gcm.pcap.gz
diff --git a/test/suite_decryption.py b/test/suite_decryption.py
index 06cca6367e..568e095a43 100644
--- a/test/suite_decryption.py
+++ b/test/suite_decryption.py
@@ -1107,3 +1107,17 @@ class case_decrypt_smb2(subprocesstest.SubprocessTestCase):
                 '-Y', 'smb2.tree == "{}"'.format(tree.replace('\\', '\\\\')),
         ))
         self.assertEqual(tree, proc.stdout_str.strip())
+
+    def test_smb311_aes128gcm(self, cmd_tshark, capture_file):
+        '''Check SMB 3.1.1 AES128GCM decryption.'''
+        sesid = '3900000000400000'
+        seskey = 'e79161ded03bda1449b2c8e58f753953'
+        tree = r'\\dfsroot1.foo.test\IPC$'
+        proc = self.assertRun((cmd_tshark,
+                '-r', capture_file('smb311-aes-128-gcm.pcap.gz'),
+                '-o', 'uat:smb2_seskey_list:{},{}'.format(sesid, seskey),
+                '-Tfields',
+                '-e', 'smb2.tree',
+                '-Y', 'smb2.tree == "{}"'.format(tree.replace('\\', '\\\\')),
+        ))
+        self.assertEqual(tree, proc.stdout_str.strip())