Rewrite dissectors to use Libgcrypt functions.

As discussed on the mailinglist, rewriting dissectors to use Libgcrypt functions as Libgcrypt will be mandatory after change 20030. Removal of following functions: - crypt_md4 - crypt_rc4* - aes_cmac_encrypt_* - md5_* - sha1_* - sha256_* Further candidates: - aes_* - rijndael_* - ... Added functions: - ws_hmac_buffer Added const macros: - HASH_MD5_LENGTH - HASH_SHA1_LENGTH Changes on epan/crypt/* verified with captures from https://wiki.wireshark.org/HowToDecrypt802.11 Changes on packet-snmp.c and packet-radius.c verified with captures from https://wiki.wireshark.org/SampleCapture Changes on packet-tacacs.c verified with capture from http://ccie-in-3-months.blogspot.nl/2009/04/decoding-login-credentials-regardless.html Change-Id: Iea6ba2bf207cf0f1bf2117068fb1abcfeaafaa46 Link: https://www.wireshark.org/lists/wireshark-dev/201702/msg00011.html Reviewed-on: https://code.wireshark.org/review/20095 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl>
author: Erik de Jong <erikdejong@gmail.com> 2017-02-13 19:31:26 +0100
committer: Peter Wu <peter@lekensteyn.nl> 2017-03-02 23:58:05 +0000
commit: f1c75cf6ef7e9f9de1ec7fd798df941b972ec71c (patch)
tree: 7d7c2f66bf7595e010026d6f4d3b3a53175af824 /epan/crypt
parent: 4bd3c4d44ddcdf8e98fdf08a425e3a68e9b18395 (diff)
3 files changed, 147 insertions, 101 deletions
diff --git a/epan/crypt/airpdcap.c b/epan/crypt/airpdcap.c
index b1f5bdcc3e..fa5fe978f1 100644
--- a/epan/crypt/airpdcap.c
+++ b/epan/crypt/airpdcap.c
@@ -46,13 +46,9 @@
 
 #include <glib.h>
 
+#include <wsutil/wsgcrypt.h>
 #include <wsutil/crc32.h>
-#include <wsutil/rc4.h>
-#include <wsutil/sha1.h>
-#include <wsutil/sha2.h>
-#include <wsutil/md5.h>
 #include <wsutil/pint.h>
-#include <wsutil/aes.h>
 
 #include <epan/tvbuff.h>
 #include <epan/to_str.h>
@@ -379,12 +375,12 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption_
 
     if (key_version == AIRPDCAP_WPA_KEY_VER_NOT_CCMP){
         guint8 new_key[32];
-        guint8 dummy[256];
+        guint8 dummy[256] = { 0 };
         /* TKIP key */
         /* Per 802.11i, Draft 3.0 spec, section 8.5.2, p. 97, line 4-8, */
         /* group key is decrypted using RC4.  Concatenate the IV with the 16 byte EK (PTK+16) to get the decryption key */
 
-        rc4_state_struct rc4_state;
+        gcry_cipher_hd_t  rc4_handle;
 
         /* The WPA group key just contains the GTK bytes so deducing the type is straightforward   */
         /* Note - WPA M3 doesn't contain a group key so we'll only be here for the group handshake */
@@ -395,11 +391,18 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption_
         memcpy(new_key+16, decryption_key, 16);
         DEBUG_DUMP("FullDecrKey:", new_key, 32);
 
-        crypt_rc4_init(&rc4_state, new_key, sizeof(new_key));
+        if (gcry_cipher_open (&rc4_handle, GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM, 0)) {
+          return AIRPDCAP_RET_NO_VALID_HANDSHAKE;
+        }
+        if (gcry_cipher_setkey(rc4_handle, new_key, sizeof(new_key))) {
+          gcry_cipher_close(rc4_handle);
+          return AIRPDCAP_RET_NO_VALID_HANDSHAKE;
+        }
 
         /* Do dummy 256 iterations of the RC4 algorithm (per 802.11i, Draft 3.0, p. 97 line 6) */
-        crypt_rc4(&rc4_state, dummy, 256);
-        crypt_rc4(&rc4_state, szEncryptedKey, key_bytes_len);
+        gcry_cipher_decrypt(rc4_handle, dummy, 256, NULL, 0);
+        gcry_cipher_decrypt(rc4_handle, szEncryptedKey, key_bytes_len, NULL, 0);
+        gcry_cipher_close(rc4_handle);
 
     } else if (key_version == AIRPDCAP_WPA_KEY_VER_AES_CCMP){
         /* AES CCMP key */
@@ -1536,7 +1539,8 @@ AirPDcapRsnaMicCheck(
     USHORT key_ver)
 {
     UCHAR mic[AIRPDCAP_WPA_MICKEY_LEN];
-    UCHAR c_mic[20];  /* MIC 16 byte, the HMAC-SHA1 use a buffer of 20 bytes */
+    UCHAR c_mic[HASH_SHA1_LENGTH] = { 0 };  /* MIC 16 byte, the HMAC-SHA1 use a buffer of 20 bytes */
+    int algo;
 
     /* copy the MIC from the EAPOL packet */
     memcpy(mic, eapol+AIRPDCAP_WPA_MICKEY_OFFSET+4, AIRPDCAP_WPA_MICKEY_LEN);
@@ -1546,13 +1550,18 @@ AirPDcapRsnaMicCheck(
 
     if (key_ver==AIRPDCAP_WPA_KEY_VER_NOT_CCMP) {
         /* use HMAC-MD5 for the EAPOL-Key MIC */
-        md5_hmac(eapol, eapol_len, KCK, AIRPDCAP_WPA_KCK_LEN, c_mic);
+        algo = GCRY_MD_MD5;
     } else if (key_ver==AIRPDCAP_WPA_KEY_VER_AES_CCMP) {
         /* use HMAC-SHA1-128 for the EAPOL-Key MIC */
-        sha1_hmac(KCK, AIRPDCAP_WPA_KCK_LEN, eapol, eapol_len, c_mic);
-    } else
+        algo = GCRY_MD_SHA1;
+    } else {
         /* key descriptor version not recognized */
         return AIRPDCAP_RET_UNSUCCESS;
+    }
+
+    if (ws_hmac_buffer(algo, c_mic, eapol, eapol_len, KCK, AIRPDCAP_WPA_KCK_LEN)) {
+        return AIRPDCAP_RET_UNSUCCESS;
+    }
 
     /* compare calculated MIC with the Key MIC and return result (0 means success) */
     return memcmp(mic, c_mic, AIRPDCAP_WPA_MICKEY_LEN);
@@ -1856,7 +1865,9 @@ AirPDcapRsnaPrfX(
     for(i = 0; i < (x+159)/160; i++)
     {
         R[offset] = i;
-        sha1_hmac(pmk, 32, R, 100, &output[20 * i]);
+        if (ws_hmac_buffer(GCRY_MD_SHA1, &output[HASH_SHA1_LENGTH * i], R, 100, pmk, 32)) {
+          return;
+        }
     }
     memcpy(ptk, output, x/8);
 }
@@ -1873,8 +1884,7 @@ AirPDcapRsnaPwd2PskStep(
     const INT count,
     UCHAR *output)
 {
-    UCHAR digest[MAX_SSID_LENGTH+4];  /* SSID plus 4 bytes of count */
-    UCHAR digest1[SHA1_DIGEST_LEN];
+    UCHAR digest[MAX_SSID_LENGTH+4] = { 0 };  /* SSID plus 4 bytes of count */
     INT i, j;
 
     if (ssidLength > MAX_SSID_LENGTH) {
@@ -1882,26 +1892,26 @@ AirPDcapRsnaPwd2PskStep(
         return AIRPDCAP_RET_UNSUCCESS;
     }
 
-    memset(digest, 0, sizeof digest);
-    memset(digest1, 0, sizeof digest1);
-
     /* U1 = PRF(P, S || INT(i)) */
     memcpy(digest, ssid, ssidLength);
     digest[ssidLength] = (UCHAR)((count>>24) & 0xff);
     digest[ssidLength+1] = (UCHAR)((count>>16) & 0xff);
     digest[ssidLength+2] = (UCHAR)((count>>8) & 0xff);
     digest[ssidLength+3] = (UCHAR)(count & 0xff);
-    sha1_hmac(ppBytes, ppLength, digest, (guint32) ssidLength+4, digest1);
+    if (ws_hmac_buffer(GCRY_MD_SHA1, digest, digest, (guint32) ssidLength + 4, ppBytes, ppLength)) {
+      return AIRPDCAP_RET_UNSUCCESS;
+    }
 
     /* output = U1 */
-    memcpy(output, digest1, SHA1_DIGEST_LEN);
+    memcpy(output, digest, 20);
     for (i = 1; i < iterations; i++) {
         /* Un = PRF(P, Un-1) */
-        sha1_hmac(ppBytes, ppLength, digest1, SHA1_DIGEST_LEN, digest);
+        if (ws_hmac_buffer(GCRY_MD_SHA1, digest, digest, HASH_SHA1_LENGTH, ppBytes, ppLength)) {
+          return AIRPDCAP_RET_UNSUCCESS;
+        }
 
-        memcpy(digest1, digest, SHA1_DIGEST_LEN);
         /* output = output xor Un */
-        for (j = 0; j < SHA1_DIGEST_LEN; j++) {
+        for (j = 0; j < 20; j++) {
             output[j] ^= digest[j];
         }
     }
@@ -1916,18 +1926,16 @@ AirPDcapRsnaPwd2Psk(
     const size_t ssidLength,
     UCHAR *output)
 {
-    UCHAR m_output[2*SHA1_DIGEST_LEN];
+    UCHAR m_output[40] = { 0 };
     GByteArray *pp_ba = g_byte_array_new();
 
-    memset(m_output, 0, 2*SHA1_DIGEST_LEN);
-
     if (!uri_str_to_bytes(passphrase, pp_ba)) {
         g_byte_array_free(pp_ba, TRUE);
         return 0;
     }
 
     AirPDcapRsnaPwd2PskStep(pp_ba->data, pp_ba->len, ssid, ssidLength, 4096, 1, m_output);
-    AirPDcapRsnaPwd2PskStep(pp_ba->data, pp_ba->len, ssid, ssidLength, 4096, 2, &m_output[SHA1_DIGEST_LEN]);
+    AirPDcapRsnaPwd2PskStep(pp_ba->data, pp_ba->len, ssid, ssidLength, 4096, 2, &m_output[20]);
 
     memcpy(output, m_output, AIRPDCAP_WPA_PSK_LEN);
     g_byte_array_free(pp_ba, TRUE);
@@ -2174,66 +2182,88 @@ AirPDcapTDLSDeriveKey(
     guint8 action)
 {
 
-    sha256_hmac_context sha_ctx;
-    aes_cmac_ctx aes_ctx;
+    gcry_md_hd_t sha256_handle;
+    gcry_md_hd_t hmac_handle;
     const guint8 *snonce, *anonce, *initiator, *responder, *bssid;
-    guint8 key_input[SHA256_DIGEST_LEN];
-    guint8 mic[16], iter[2], length[2], seq_num = action + 1;
+    guint8 key_input[32];
+    guint8 mic[16], seq_num = action + 1;
+#if GCRYPT_VERSION_NUMBER >= 0x010600
+    guint8 zeros[16] = { 0 };
+    gcry_mac_hd_t cmac_handle;
+    size_t cmac_len = 16;
+#endif
 
     /* Get key input */
     anonce = &data[offset_fte + 20];
     snonce = &data[offset_fte + 52];
-    sha256_starts(&(sha_ctx.ctx));
+
+    gcry_md_open (&sha256_handle, GCRY_MD_SHA256, 0);
     if (memcmp(anonce, snonce, AIRPDCAP_WPA_NONCE_LEN) < 0) {
-        sha256_update(&(sha_ctx.ctx), anonce, AIRPDCAP_WPA_NONCE_LEN);
-        sha256_update(&(sha_ctx.ctx), snonce, AIRPDCAP_WPA_NONCE_LEN);
+        gcry_md_write(sha256_handle, anonce, AIRPDCAP_WPA_NONCE_LEN);
+        gcry_md_write(sha256_handle, snonce, AIRPDCAP_WPA_NONCE_LEN);
     } else {
-        sha256_update(&(sha_ctx.ctx), snonce, AIRPDCAP_WPA_NONCE_LEN);
-        sha256_update(&(sha_ctx.ctx), anonce, AIRPDCAP_WPA_NONCE_LEN);
+        gcry_md_write(sha256_handle, snonce, AIRPDCAP_WPA_NONCE_LEN);
+        gcry_md_write(sha256_handle, anonce, AIRPDCAP_WPA_NONCE_LEN);
     }
-    sha256_finish(&(sha_ctx.ctx), key_input);
+    memcpy(key_input, gcry_md_read(sha256_handle, 0), 32);
+    gcry_md_close(sha256_handle);
 
     /* Derive key */
     bssid = &data[offset_link + 2];
     initiator = &data[offset_link + 8];
     responder = &data[offset_link + 14];
-    sha256_hmac_starts(&sha_ctx, key_input, SHA256_DIGEST_LEN);
-    iter[0] = 1;
-    iter[1] = 0;
-    sha256_hmac_update(&sha_ctx, (const guint8 *)&iter, 2);
-    sha256_hmac_update(&sha_ctx, "TDLS PMK", 8);
+    if (gcry_md_open(&hmac_handle, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC)) {
+        return AIRPDCAP_RET_UNSUCCESS;
+    }
+    if (gcry_md_setkey(hmac_handle, key_input, 32)) {
+        gcry_md_close(hmac_handle);
+        return AIRPDCAP_RET_UNSUCCESS;
+    }
+    gcry_md_putc(hmac_handle, 1);
+    gcry_md_putc(hmac_handle, 0);
+    gcry_md_write(hmac_handle, "TDLS PMK", 8);
     if (memcmp(initiator, responder, AIRPDCAP_MAC_LEN) < 0) {
-        sha256_hmac_update(&sha_ctx, initiator, AIRPDCAP_MAC_LEN);
-        sha256_hmac_update(&sha_ctx, responder, AIRPDCAP_MAC_LEN);
+          gcry_md_write(hmac_handle, initiator, AIRPDCAP_MAC_LEN);
+          gcry_md_write(hmac_handle, responder, AIRPDCAP_MAC_LEN);
     } else {
-        sha256_hmac_update(&sha_ctx, responder, AIRPDCAP_MAC_LEN);
-        sha256_hmac_update(&sha_ctx, initiator, AIRPDCAP_MAC_LEN);
+          gcry_md_write(hmac_handle, responder, AIRPDCAP_MAC_LEN);
+          gcry_md_write(hmac_handle, initiator, AIRPDCAP_MAC_LEN);
     }
-    sha256_hmac_update(&sha_ctx, bssid, AIRPDCAP_MAC_LEN);
-    length[0] = 256 & 0xff;
-    length[1] = (256 >> 8) & 0xff;
-    sha256_hmac_update(&sha_ctx, (const guint8 *)&length, 2);
-    sha256_hmac_finish(&sha_ctx, key_input);
+    gcry_md_write(hmac_handle, bssid, AIRPDCAP_MAC_LEN);
+    gcry_md_putc(hmac_handle, 0);
+    gcry_md_putc(hmac_handle, 1);
+    memcpy(key_input, gcry_md_read(hmac_handle, 0), 32);
+    gcry_md_close(hmac_handle);
 
     /* Check MIC */
-    aes_cmac_encrypt_starts(&aes_ctx, key_input, 16);
-    aes_cmac_encrypt_update(&aes_ctx, initiator, AIRPDCAP_MAC_LEN);
-    aes_cmac_encrypt_update(&aes_ctx, responder, AIRPDCAP_MAC_LEN);
-    aes_cmac_encrypt_update(&aes_ctx, &seq_num, 1);
-    aes_cmac_encrypt_update(&aes_ctx, &data[offset_link], data[offset_link + 1] + 2);
-    aes_cmac_encrypt_update(&aes_ctx, &data[offset_rsne], data[offset_rsne + 1] + 2);
-    aes_cmac_encrypt_update(&aes_ctx, &data[offset_timeout], data[offset_timeout + 1] + 2);
-    aes_cmac_encrypt_update(&aes_ctx, &data[offset_fte], 4);
-    memset(mic, 0, 16);
-    aes_cmac_encrypt_update(&aes_ctx, mic, 16);
-    aes_cmac_encrypt_update(&aes_ctx, &data[offset_fte + 20], data[offset_fte + 1] + 2 - 20);
-    aes_cmac_encrypt_finish(&aes_ctx, mic);
-
-    if (memcmp(mic, &data[offset_fte + 4],16)) {
+#if GCRYPT_VERSION_NUMBER >= 0x010600
+    if (gcry_mac_open(&cmac_handle, GCRY_MAC_CMAC_AES, 0, NULL)) {
+        return AIRPDCAP_RET_UNSUCCESS;
+    }
+    if (gcry_mac_setkey(cmac_handle, key_input, 16)) {
+        gcry_mac_close(cmac_handle);
+        return AIRPDCAP_RET_UNSUCCESS;
+    }
+    gcry_mac_write(cmac_handle, initiator, AIRPDCAP_MAC_LEN);
+    gcry_mac_write(cmac_handle, responder, AIRPDCAP_MAC_LEN);
+    gcry_mac_write(cmac_handle, &seq_num, 1);
+    gcry_mac_write(cmac_handle, &data[offset_link], data[offset_link + 1] + 2);
+    gcry_mac_write(cmac_handle, &data[offset_rsne], data[offset_rsne + 1] + 2);
+    gcry_mac_write(cmac_handle, &data[offset_timeout], data[offset_timeout + 1] + 2);
+    gcry_mac_write(cmac_handle, &data[offset_fte], 4);
+    gcry_mac_write(cmac_handle, zeros, 16);
+    gcry_mac_write(cmac_handle, &data[offset_fte + 20], data[offset_fte + 1] + 2 - 20);
+    gcry_mac_read(cmac_handle, mic, &cmac_len);
+    if (memcmp(mic, &data[offset_fte + 4], 16)) {
         AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapTDLSDeriveKey", "MIC verification failed", AIRPDCAP_DEBUG_LEVEL_3);
+        gcry_mac_close(cmac_handle);
         return AIRPDCAP_RET_UNSUCCESS;
     }
-
+    gcry_mac_close(cmac_handle);
+#else
+    AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapTDLSDeriveKey", "MIC verification failed, need libgcrypt >= 1.6", AIRPDCAP_DEBUG_LEVEL_3);
+    return AIRPDCAP_RET_UNSUCCESS;
+#endif
     memcpy(AIRPDCAP_GET_TK(sa->wpa.ptk), &key_input[16], 16);
     memcpy(sa->wpa.nonce, snonce, AIRPDCAP_WPA_NONCE_LEN);
     sa->validKey = TRUE;
diff --git a/epan/crypt/airpdcap_ccmp.c b/epan/crypt/airpdcap_ccmp.c
index ac27c26181..40ec32c686 100644
--- a/epan/crypt/airpdcap_ccmp.c
+++ b/epan/crypt/airpdcap_ccmp.c
@@ -38,7 +38,7 @@
 
 /****************************************************************************/
 /* File includes								*/
-
+#include "config.h"
 #include "airpdcap_system.h"
 #include "airpdcap_int.h"
 
@@ -46,7 +46,7 @@
 
 #include "airpdcap_debug.h"
 #include <glib.h>
-#include <wsutil/aes.h>
+#include <wsutil/wsgcrypt.h>
 
 /****************************************************************************/
 /*	Internal definitions							*/
@@ -68,15 +68,15 @@
 /****************************************************************************/
 /* Internal macros								*/
 
-#define CCMP_DECRYPT(_i, _b, _b0, _pos, _a, _len) {		\
-	/* Decrypt, with counter */                             \
-	_b0[14] = (UINT8)((_i >> 8) & 0xff);                    \
-	_b0[15] = (UINT8)(_i & 0xff);                           \
-	rijndael_encrypt(&key, _b0, _b);		        \
-	XOR_BLOCK(_pos, _b, _len);				\
-	/* Authentication */					\
-	XOR_BLOCK(_a, _pos, _len);				\
-	rijndael_encrypt(&key, _a, _a);				\
+#define CCMP_DECRYPT(_i, _b, _b0, _pos, _a, _len) {					\
+	/* Decrypt, with counter */							\
+	_b0[14] = (UINT8)((_i >> 8) & 0xff);						\
+	_b0[15] = (UINT8)(_i & 0xff);							\
+	gcry_cipher_encrypt(rijndael_handle, _b, AES_BLOCK_LEN, _b0, AES_BLOCK_LEN);	\
+	XOR_BLOCK(_pos, _b, _len);							\
+	/* Authentication */								\
+	XOR_BLOCK(_a, _pos, _len);							\
+	gcry_cipher_encrypt(rijndael_handle, _a, AES_BLOCK_LEN, NULL, 0);		\
 }
 
 #define READ_6(b0, b1, b2, b3, b4, b5) \
@@ -89,8 +89,8 @@
 /* Internal function prototypes declarations					*/
 
 static void ccmp_init_blocks(
-	rijndael_ctx *ctx,
-        PAIRPDCAP_MAC_FRAME wh,
+	gcry_cipher_hd_t rijndael_handle,
+	PAIRPDCAP_MAC_FRAME wh,
 	UINT64 pn,
 	size_t dlen,
 	UINT8 b0[AES_BLOCK_LEN],
@@ -103,8 +103,8 @@ static void ccmp_init_blocks(
 /* Function definitions							*/
 
 static void ccmp_init_blocks(
-	rijndael_ctx *ctx,
-        PAIRPDCAP_MAC_FRAME wh,
+	gcry_cipher_hd_t rijndael_handle,
+	PAIRPDCAP_MAC_FRAME wh,
 	UINT64 pn,
 	size_t dlen,
 	UINT8 b0[AES_BLOCK_LEN],
@@ -198,14 +198,14 @@ static void ccmp_init_blocks(
 	}
 
 	/* Start with the first block and AAD */
-	rijndael_encrypt(ctx, b0, a);
+	gcry_cipher_encrypt(rijndael_handle, a, AES_BLOCK_LEN, b0, AES_BLOCK_LEN);
 	XOR_BLOCK(a, aad, AES_BLOCK_LEN);
-	rijndael_encrypt(ctx, a, a);
+	gcry_cipher_encrypt(rijndael_handle, a, AES_BLOCK_LEN, NULL, 0);
 	XOR_BLOCK(a, &aad[AES_BLOCK_LEN], AES_BLOCK_LEN);
-	rijndael_encrypt(ctx, a, a);
+	gcry_cipher_encrypt(rijndael_handle, a, AES_BLOCK_LEN, NULL, 0);
 	b0[0] &= 0x07;
 	b0[14] = b0[15] = 0;
-	rijndael_encrypt(ctx, b0, b);
+	gcry_cipher_encrypt(rijndael_handle, b, AES_BLOCK_LEN, b0, AES_BLOCK_LEN);
 
 	/** //XOR( m + len - 8, b, 8 ); **/
 #undef  IS_QOS_DATA
@@ -214,7 +214,7 @@ static void ccmp_init_blocks(
 
 INT AirPDcapCcmpDecrypt(
 	UINT8 *m,
-        gint mac_header_len,
+	gint mac_header_len,
 	INT len,
 	UCHAR TK1[16])
 {
@@ -227,19 +227,27 @@ INT AirPDcapCcmpDecrypt(
 	UINT8 *pos;
 	UINT space;
 	INT z = mac_header_len;
-	rijndael_ctx key;
+	gcry_cipher_hd_t rijndael_handle;
 	UINT64 PN;
 	UINT8 *ivp=m+z;
 
 	PN = READ_6(ivp[0], ivp[1], ivp[4], ivp[5], ivp[6], ivp[7]);
 
-	/* freebsd	*/
-	rijndael_set_key(&key, TK1, 128);
+	if (gcry_cipher_open(&rijndael_handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) {
+		return 1;
+	}
+	if (gcry_cipher_setkey(rijndael_handle, TK1, 16)) {
+		gcry_cipher_close(rijndael_handle);
+		return 1;
+	}
+
 	wh = (PAIRPDCAP_MAC_FRAME )m;
 	data_len = len - (z + AIRPDCAP_CCMP_HEADER+AIRPDCAP_CCMP_TRAILER);
-	if (data_len < 1)
-	    return 0;
-	ccmp_init_blocks(&key, wh, PN, data_len, b0, aad, a, b);
+	if (data_len < 1) {
+		gcry_cipher_close(rijndael_handle);
+		return 0;
+	}
+	ccmp_init_blocks(rijndael_handle, wh, PN, data_len, b0, aad, a, b);
 	memcpy(mic, m+len-AIRPDCAP_CCMP_TRAILER, AIRPDCAP_CCMP_TRAILER);
 	XOR_BLOCK(mic, b, AIRPDCAP_CCMP_TRAILER);
 
@@ -258,7 +266,8 @@ INT AirPDcapCcmpDecrypt(
 	if (space != 0)         /* short last block */
 		CCMP_DECRYPT(i, b, b0, pos, a, space);
 
-	/*	MIC Key ?= MIC																				*/
+	gcry_cipher_close(rijndael_handle);
+	/* MIC Key ?= MIC */
 	if (memcmp(mic, a, AIRPDCAP_CCMP_TRAILER) == 0) {
 		return 0;
 	}
diff --git a/epan/crypt/airpdcap_rijndael.c b/epan/crypt/airpdcap_rijndael.c
index c7782c3f9e..e5f1f93b4b 100644
--- a/epan/crypt/airpdcap_rijndael.c
+++ b/epan/crypt/airpdcap_rijndael.c
@@ -23,12 +23,12 @@
  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
  * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-
+#include "config.h"
 #include "airpdcap_rijndael.h"
 
-#include	"airpdcap_debug.h"
+#include "airpdcap_debug.h"
 #include <glib.h>
-#include <wsutil/aes.h>
+#include <wsutil/wsgcrypt.h>
 
 /* Based on RFC 3394 and NIST AES Key Wrap Specification pseudo-code.
 
@@ -42,7 +42,7 @@ AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len)
 	UCHAR a[8], b[16];
 	UCHAR *r;
 	gint16 i, j, n;
-	rijndael_ctx  ctx;
+	gcry_cipher_hd_t rijndael_handle;
 
 	if (kek == NULL || cipher_len < 16 || cipher_text == NULL) {
 		return NULL; /* "should not happen" */
@@ -61,6 +61,13 @@ AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len)
 
 	/* Compute intermediate values */
 
+	if (gcry_cipher_open(&rijndael_handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) {
+		return output;
+	}
+	if (gcry_cipher_setkey(rijndael_handle, kek, key_len)) {
+		gcry_cipher_close(rijndael_handle);
+		return output;
+	}
 	for (j=5; j >= 0; --j){
 		r = output + (n - 1) * 8;
 		/* DEBUG_DUMP("r1", (r-8), 8); */
@@ -72,14 +79,14 @@ AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len)
 			b[7] ^= t;
 			/* DEBUG_DUMP("a plus t", b, 8); */
 			memcpy(b+8, r, 8);
-			rijndael_set_key(&ctx, kek, key_len*8 /*bits*/);
-			rijndael_decrypt(&ctx, b, b);  /* NOTE: we are using the same src and dst buffer. It's ok. */
+			gcry_cipher_decrypt(rijndael_handle, b, 16, NULL, 0);
 			/* DEBUG_DUMP("aes decrypt", b, 16) */
 			memcpy(a,b,8);
 			memcpy(r, b+8, 8);
 			r -= 8;
 		}
 	}
+	gcry_cipher_close(rijndael_handle);
 
 	/* DEBUG_DUMP("a", a, 8); */
 	/* DEBUG_DUMP("output", output, cipher_len - 8); */
author	Erik de Jong <erikdejong@gmail.com>	2017-02-13 19:31:26 +0100
committer	Peter Wu <peter@lekensteyn.nl>	2017-03-02 23:58:05 +0000
commit	f1c75cf6ef7e9f9de1ec7fd798df941b972ec71c (patch)
tree	7d7c2f66bf7595e010026d6f4d3b3a53175af824 /epan/crypt
parent	4bd3c4d44ddcdf8e98fdf08a425e3a68e9b18395 (diff)