diff options
author | Erik de Jong <erikdejong@gmail.com> | 2017-02-13 19:31:26 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2017-03-02 23:58:05 +0000 |
commit | f1c75cf6ef7e9f9de1ec7fd798df941b972ec71c (patch) | |
tree | 7d7c2f66bf7595e010026d6f4d3b3a53175af824 /epan/crypt | |
parent | 4bd3c4d44ddcdf8e98fdf08a425e3a68e9b18395 (diff) |
Rewrite dissectors to use Libgcrypt functions.
As discussed on the mailinglist, rewriting dissectors to use Libgcrypt
functions as Libgcrypt will be mandatory after change 20030.
Removal of following functions:
- crypt_md4
- crypt_rc4*
- aes_cmac_encrypt_*
- md5_*
- sha1_*
- sha256_*
Further candidates:
- aes_*
- rijndael_*
- ...
Added functions:
- ws_hmac_buffer
Added const macros:
- HASH_MD5_LENGTH
- HASH_SHA1_LENGTH
Changes on epan/crypt/* verified with captures from
https://wiki.wireshark.org/HowToDecrypt802.11
Changes on packet-snmp.c and packet-radius.c verified with captures from
https://wiki.wireshark.org/SampleCapture
Changes on packet-tacacs.c verified with capture from
http://ccie-in-3-months.blogspot.nl/2009/04/decoding-login-credentials-regardless.html
Change-Id: Iea6ba2bf207cf0f1bf2117068fb1abcfeaafaa46
Link: https://www.wireshark.org/lists/wireshark-dev/201702/msg00011.html
Reviewed-on: https://code.wireshark.org/review/20095
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/crypt')
-rw-r--r-- | epan/crypt/airpdcap.c | 166 | ||||
-rw-r--r-- | epan/crypt/airpdcap_ccmp.c | 63 | ||||
-rw-r--r-- | epan/crypt/airpdcap_rijndael.c | 19 |
3 files changed, 147 insertions, 101 deletions
diff --git a/epan/crypt/airpdcap.c b/epan/crypt/airpdcap.c index b1f5bdcc3e..fa5fe978f1 100644 --- a/epan/crypt/airpdcap.c +++ b/epan/crypt/airpdcap.c @@ -46,13 +46,9 @@ #include <glib.h> +#include <wsutil/wsgcrypt.h> #include <wsutil/crc32.h> -#include <wsutil/rc4.h> -#include <wsutil/sha1.h> -#include <wsutil/sha2.h> -#include <wsutil/md5.h> #include <wsutil/pint.h> -#include <wsutil/aes.h> #include <epan/tvbuff.h> #include <epan/to_str.h> @@ -379,12 +375,12 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption_ if (key_version == AIRPDCAP_WPA_KEY_VER_NOT_CCMP){ guint8 new_key[32]; - guint8 dummy[256]; + guint8 dummy[256] = { 0 }; /* TKIP key */ /* Per 802.11i, Draft 3.0 spec, section 8.5.2, p. 97, line 4-8, */ /* group key is decrypted using RC4. Concatenate the IV with the 16 byte EK (PTK+16) to get the decryption key */ - rc4_state_struct rc4_state; + gcry_cipher_hd_t rc4_handle; /* The WPA group key just contains the GTK bytes so deducing the type is straightforward */ /* Note - WPA M3 doesn't contain a group key so we'll only be here for the group handshake */ @@ -395,11 +391,18 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption_ memcpy(new_key+16, decryption_key, 16); DEBUG_DUMP("FullDecrKey:", new_key, 32); - crypt_rc4_init(&rc4_state, new_key, sizeof(new_key)); + if (gcry_cipher_open (&rc4_handle, GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM, 0)) { + return AIRPDCAP_RET_NO_VALID_HANDSHAKE; + } + if (gcry_cipher_setkey(rc4_handle, new_key, sizeof(new_key))) { + gcry_cipher_close(rc4_handle); + return AIRPDCAP_RET_NO_VALID_HANDSHAKE; + } /* Do dummy 256 iterations of the RC4 algorithm (per 802.11i, Draft 3.0, p. 97 line 6) */ - crypt_rc4(&rc4_state, dummy, 256); - crypt_rc4(&rc4_state, szEncryptedKey, key_bytes_len); + gcry_cipher_decrypt(rc4_handle, dummy, 256, NULL, 0); + gcry_cipher_decrypt(rc4_handle, szEncryptedKey, key_bytes_len, NULL, 0); + gcry_cipher_close(rc4_handle); } else if (key_version == AIRPDCAP_WPA_KEY_VER_AES_CCMP){ /* AES CCMP key */ @@ -1536,7 +1539,8 @@ AirPDcapRsnaMicCheck( USHORT key_ver) { UCHAR mic[AIRPDCAP_WPA_MICKEY_LEN]; - UCHAR c_mic[20]; /* MIC 16 byte, the HMAC-SHA1 use a buffer of 20 bytes */ + UCHAR c_mic[HASH_SHA1_LENGTH] = { 0 }; /* MIC 16 byte, the HMAC-SHA1 use a buffer of 20 bytes */ + int algo; /* copy the MIC from the EAPOL packet */ memcpy(mic, eapol+AIRPDCAP_WPA_MICKEY_OFFSET+4, AIRPDCAP_WPA_MICKEY_LEN); @@ -1546,13 +1550,18 @@ AirPDcapRsnaMicCheck( if (key_ver==AIRPDCAP_WPA_KEY_VER_NOT_CCMP) { /* use HMAC-MD5 for the EAPOL-Key MIC */ - md5_hmac(eapol, eapol_len, KCK, AIRPDCAP_WPA_KCK_LEN, c_mic); + algo = GCRY_MD_MD5; } else if (key_ver==AIRPDCAP_WPA_KEY_VER_AES_CCMP) { /* use HMAC-SHA1-128 for the EAPOL-Key MIC */ - sha1_hmac(KCK, AIRPDCAP_WPA_KCK_LEN, eapol, eapol_len, c_mic); - } else + algo = GCRY_MD_SHA1; + } else { /* key descriptor version not recognized */ return AIRPDCAP_RET_UNSUCCESS; + } + + if (ws_hmac_buffer(algo, c_mic, eapol, eapol_len, KCK, AIRPDCAP_WPA_KCK_LEN)) { + return AIRPDCAP_RET_UNSUCCESS; + } /* compare calculated MIC with the Key MIC and return result (0 means success) */ return memcmp(mic, c_mic, AIRPDCAP_WPA_MICKEY_LEN); @@ -1856,7 +1865,9 @@ AirPDcapRsnaPrfX( for(i = 0; i < (x+159)/160; i++) { R[offset] = i; - sha1_hmac(pmk, 32, R, 100, &output[20 * i]); + if (ws_hmac_buffer(GCRY_MD_SHA1, &output[HASH_SHA1_LENGTH * i], R, 100, pmk, 32)) { + return; + } } memcpy(ptk, output, x/8); } @@ -1873,8 +1884,7 @@ AirPDcapRsnaPwd2PskStep( const INT count, UCHAR *output) { - UCHAR digest[MAX_SSID_LENGTH+4]; /* SSID plus 4 bytes of count */ - UCHAR digest1[SHA1_DIGEST_LEN]; + UCHAR digest[MAX_SSID_LENGTH+4] = { 0 }; /* SSID plus 4 bytes of count */ INT i, j; if (ssidLength > MAX_SSID_LENGTH) { @@ -1882,26 +1892,26 @@ AirPDcapRsnaPwd2PskStep( return AIRPDCAP_RET_UNSUCCESS; } - memset(digest, 0, sizeof digest); - memset(digest1, 0, sizeof digest1); - /* U1 = PRF(P, S || INT(i)) */ memcpy(digest, ssid, ssidLength); digest[ssidLength] = (UCHAR)((count>>24) & 0xff); digest[ssidLength+1] = (UCHAR)((count>>16) & 0xff); digest[ssidLength+2] = (UCHAR)((count>>8) & 0xff); digest[ssidLength+3] = (UCHAR)(count & 0xff); - sha1_hmac(ppBytes, ppLength, digest, (guint32) ssidLength+4, digest1); + if (ws_hmac_buffer(GCRY_MD_SHA1, digest, digest, (guint32) ssidLength + 4, ppBytes, ppLength)) { + return AIRPDCAP_RET_UNSUCCESS; + } /* output = U1 */ - memcpy(output, digest1, SHA1_DIGEST_LEN); + memcpy(output, digest, 20); for (i = 1; i < iterations; i++) { /* Un = PRF(P, Un-1) */ - sha1_hmac(ppBytes, ppLength, digest1, SHA1_DIGEST_LEN, digest); + if (ws_hmac_buffer(GCRY_MD_SHA1, digest, digest, HASH_SHA1_LENGTH, ppBytes, ppLength)) { + return AIRPDCAP_RET_UNSUCCESS; + } - memcpy(digest1, digest, SHA1_DIGEST_LEN); /* output = output xor Un */ - for (j = 0; j < SHA1_DIGEST_LEN; j++) { + for (j = 0; j < 20; j++) { output[j] ^= digest[j]; } } @@ -1916,18 +1926,16 @@ AirPDcapRsnaPwd2Psk( const size_t ssidLength, UCHAR *output) { - UCHAR m_output[2*SHA1_DIGEST_LEN]; + UCHAR m_output[40] = { 0 }; GByteArray *pp_ba = g_byte_array_new(); - memset(m_output, 0, 2*SHA1_DIGEST_LEN); - if (!uri_str_to_bytes(passphrase, pp_ba)) { g_byte_array_free(pp_ba, TRUE); return 0; } AirPDcapRsnaPwd2PskStep(pp_ba->data, pp_ba->len, ssid, ssidLength, 4096, 1, m_output); - AirPDcapRsnaPwd2PskStep(pp_ba->data, pp_ba->len, ssid, ssidLength, 4096, 2, &m_output[SHA1_DIGEST_LEN]); + AirPDcapRsnaPwd2PskStep(pp_ba->data, pp_ba->len, ssid, ssidLength, 4096, 2, &m_output[20]); memcpy(output, m_output, AIRPDCAP_WPA_PSK_LEN); g_byte_array_free(pp_ba, TRUE); @@ -2174,66 +2182,88 @@ AirPDcapTDLSDeriveKey( guint8 action) { - sha256_hmac_context sha_ctx; - aes_cmac_ctx aes_ctx; + gcry_md_hd_t sha256_handle; + gcry_md_hd_t hmac_handle; const guint8 *snonce, *anonce, *initiator, *responder, *bssid; - guint8 key_input[SHA256_DIGEST_LEN]; - guint8 mic[16], iter[2], length[2], seq_num = action + 1; + guint8 key_input[32]; + guint8 mic[16], seq_num = action + 1; +#if GCRYPT_VERSION_NUMBER >= 0x010600 + guint8 zeros[16] = { 0 }; + gcry_mac_hd_t cmac_handle; + size_t cmac_len = 16; +#endif /* Get key input */ anonce = &data[offset_fte + 20]; snonce = &data[offset_fte + 52]; - sha256_starts(&(sha_ctx.ctx)); + + gcry_md_open (&sha256_handle, GCRY_MD_SHA256, 0); if (memcmp(anonce, snonce, AIRPDCAP_WPA_NONCE_LEN) < 0) { - sha256_update(&(sha_ctx.ctx), anonce, AIRPDCAP_WPA_NONCE_LEN); - sha256_update(&(sha_ctx.ctx), snonce, AIRPDCAP_WPA_NONCE_LEN); + gcry_md_write(sha256_handle, anonce, AIRPDCAP_WPA_NONCE_LEN); + gcry_md_write(sha256_handle, snonce, AIRPDCAP_WPA_NONCE_LEN); } else { - sha256_update(&(sha_ctx.ctx), snonce, AIRPDCAP_WPA_NONCE_LEN); - sha256_update(&(sha_ctx.ctx), anonce, AIRPDCAP_WPA_NONCE_LEN); + gcry_md_write(sha256_handle, snonce, AIRPDCAP_WPA_NONCE_LEN); + gcry_md_write(sha256_handle, anonce, AIRPDCAP_WPA_NONCE_LEN); } - sha256_finish(&(sha_ctx.ctx), key_input); + memcpy(key_input, gcry_md_read(sha256_handle, 0), 32); + gcry_md_close(sha256_handle); /* Derive key */ bssid = &data[offset_link + 2]; initiator = &data[offset_link + 8]; responder = &data[offset_link + 14]; - sha256_hmac_starts(&sha_ctx, key_input, SHA256_DIGEST_LEN); - iter[0] = 1; - iter[1] = 0; - sha256_hmac_update(&sha_ctx, (const guint8 *)&iter, 2); - sha256_hmac_update(&sha_ctx, "TDLS PMK", 8); + if (gcry_md_open(&hmac_handle, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC)) { + return AIRPDCAP_RET_UNSUCCESS; + } + if (gcry_md_setkey(hmac_handle, key_input, 32)) { + gcry_md_close(hmac_handle); + return AIRPDCAP_RET_UNSUCCESS; + } + gcry_md_putc(hmac_handle, 1); + gcry_md_putc(hmac_handle, 0); + gcry_md_write(hmac_handle, "TDLS PMK", 8); if (memcmp(initiator, responder, AIRPDCAP_MAC_LEN) < 0) { - sha256_hmac_update(&sha_ctx, initiator, AIRPDCAP_MAC_LEN); - sha256_hmac_update(&sha_ctx, responder, AIRPDCAP_MAC_LEN); + gcry_md_write(hmac_handle, initiator, AIRPDCAP_MAC_LEN); + gcry_md_write(hmac_handle, responder, AIRPDCAP_MAC_LEN); } else { - sha256_hmac_update(&sha_ctx, responder, AIRPDCAP_MAC_LEN); - sha256_hmac_update(&sha_ctx, initiator, AIRPDCAP_MAC_LEN); + gcry_md_write(hmac_handle, responder, AIRPDCAP_MAC_LEN); + gcry_md_write(hmac_handle, initiator, AIRPDCAP_MAC_LEN); } - sha256_hmac_update(&sha_ctx, bssid, AIRPDCAP_MAC_LEN); - length[0] = 256 & 0xff; - length[1] = (256 >> 8) & 0xff; - sha256_hmac_update(&sha_ctx, (const guint8 *)&length, 2); - sha256_hmac_finish(&sha_ctx, key_input); + gcry_md_write(hmac_handle, bssid, AIRPDCAP_MAC_LEN); + gcry_md_putc(hmac_handle, 0); + gcry_md_putc(hmac_handle, 1); + memcpy(key_input, gcry_md_read(hmac_handle, 0), 32); + gcry_md_close(hmac_handle); /* Check MIC */ - aes_cmac_encrypt_starts(&aes_ctx, key_input, 16); - aes_cmac_encrypt_update(&aes_ctx, initiator, AIRPDCAP_MAC_LEN); - aes_cmac_encrypt_update(&aes_ctx, responder, AIRPDCAP_MAC_LEN); - aes_cmac_encrypt_update(&aes_ctx, &seq_num, 1); - aes_cmac_encrypt_update(&aes_ctx, &data[offset_link], data[offset_link + 1] + 2); - aes_cmac_encrypt_update(&aes_ctx, &data[offset_rsne], data[offset_rsne + 1] + 2); - aes_cmac_encrypt_update(&aes_ctx, &data[offset_timeout], data[offset_timeout + 1] + 2); - aes_cmac_encrypt_update(&aes_ctx, &data[offset_fte], 4); - memset(mic, 0, 16); - aes_cmac_encrypt_update(&aes_ctx, mic, 16); - aes_cmac_encrypt_update(&aes_ctx, &data[offset_fte + 20], data[offset_fte + 1] + 2 - 20); - aes_cmac_encrypt_finish(&aes_ctx, mic); - - if (memcmp(mic, &data[offset_fte + 4],16)) { +#if GCRYPT_VERSION_NUMBER >= 0x010600 + if (gcry_mac_open(&cmac_handle, GCRY_MAC_CMAC_AES, 0, NULL)) { + return AIRPDCAP_RET_UNSUCCESS; + } + if (gcry_mac_setkey(cmac_handle, key_input, 16)) { + gcry_mac_close(cmac_handle); + return AIRPDCAP_RET_UNSUCCESS; + } + gcry_mac_write(cmac_handle, initiator, AIRPDCAP_MAC_LEN); + gcry_mac_write(cmac_handle, responder, AIRPDCAP_MAC_LEN); + gcry_mac_write(cmac_handle, &seq_num, 1); + gcry_mac_write(cmac_handle, &data[offset_link], data[offset_link + 1] + 2); + gcry_mac_write(cmac_handle, &data[offset_rsne], data[offset_rsne + 1] + 2); + gcry_mac_write(cmac_handle, &data[offset_timeout], data[offset_timeout + 1] + 2); + gcry_mac_write(cmac_handle, &data[offset_fte], 4); + gcry_mac_write(cmac_handle, zeros, 16); + gcry_mac_write(cmac_handle, &data[offset_fte + 20], data[offset_fte + 1] + 2 - 20); + gcry_mac_read(cmac_handle, mic, &cmac_len); + if (memcmp(mic, &data[offset_fte + 4], 16)) { AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapTDLSDeriveKey", "MIC verification failed", AIRPDCAP_DEBUG_LEVEL_3); + gcry_mac_close(cmac_handle); return AIRPDCAP_RET_UNSUCCESS; } - + gcry_mac_close(cmac_handle); +#else + AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapTDLSDeriveKey", "MIC verification failed, need libgcrypt >= 1.6", AIRPDCAP_DEBUG_LEVEL_3); + return AIRPDCAP_RET_UNSUCCESS; +#endif memcpy(AIRPDCAP_GET_TK(sa->wpa.ptk), &key_input[16], 16); memcpy(sa->wpa.nonce, snonce, AIRPDCAP_WPA_NONCE_LEN); sa->validKey = TRUE; diff --git a/epan/crypt/airpdcap_ccmp.c b/epan/crypt/airpdcap_ccmp.c index ac27c26181..40ec32c686 100644 --- a/epan/crypt/airpdcap_ccmp.c +++ b/epan/crypt/airpdcap_ccmp.c @@ -38,7 +38,7 @@ /****************************************************************************/ /* File includes */ - +#include "config.h" #include "airpdcap_system.h" #include "airpdcap_int.h" @@ -46,7 +46,7 @@ #include "airpdcap_debug.h" #include <glib.h> -#include <wsutil/aes.h> +#include <wsutil/wsgcrypt.h> /****************************************************************************/ /* Internal definitions */ @@ -68,15 +68,15 @@ /****************************************************************************/ /* Internal macros */ -#define CCMP_DECRYPT(_i, _b, _b0, _pos, _a, _len) { \ - /* Decrypt, with counter */ \ - _b0[14] = (UINT8)((_i >> 8) & 0xff); \ - _b0[15] = (UINT8)(_i & 0xff); \ - rijndael_encrypt(&key, _b0, _b); \ - XOR_BLOCK(_pos, _b, _len); \ - /* Authentication */ \ - XOR_BLOCK(_a, _pos, _len); \ - rijndael_encrypt(&key, _a, _a); \ +#define CCMP_DECRYPT(_i, _b, _b0, _pos, _a, _len) { \ + /* Decrypt, with counter */ \ + _b0[14] = (UINT8)((_i >> 8) & 0xff); \ + _b0[15] = (UINT8)(_i & 0xff); \ + gcry_cipher_encrypt(rijndael_handle, _b, AES_BLOCK_LEN, _b0, AES_BLOCK_LEN); \ + XOR_BLOCK(_pos, _b, _len); \ + /* Authentication */ \ + XOR_BLOCK(_a, _pos, _len); \ + gcry_cipher_encrypt(rijndael_handle, _a, AES_BLOCK_LEN, NULL, 0); \ } #define READ_6(b0, b1, b2, b3, b4, b5) \ @@ -89,8 +89,8 @@ /* Internal function prototypes declarations */ static void ccmp_init_blocks( - rijndael_ctx *ctx, - PAIRPDCAP_MAC_FRAME wh, + gcry_cipher_hd_t rijndael_handle, + PAIRPDCAP_MAC_FRAME wh, UINT64 pn, size_t dlen, UINT8 b0[AES_BLOCK_LEN], @@ -103,8 +103,8 @@ static void ccmp_init_blocks( /* Function definitions */ static void ccmp_init_blocks( - rijndael_ctx *ctx, - PAIRPDCAP_MAC_FRAME wh, + gcry_cipher_hd_t rijndael_handle, + PAIRPDCAP_MAC_FRAME wh, UINT64 pn, size_t dlen, UINT8 b0[AES_BLOCK_LEN], @@ -198,14 +198,14 @@ static void ccmp_init_blocks( } /* Start with the first block and AAD */ - rijndael_encrypt(ctx, b0, a); + gcry_cipher_encrypt(rijndael_handle, a, AES_BLOCK_LEN, b0, AES_BLOCK_LEN); XOR_BLOCK(a, aad, AES_BLOCK_LEN); - rijndael_encrypt(ctx, a, a); + gcry_cipher_encrypt(rijndael_handle, a, AES_BLOCK_LEN, NULL, 0); XOR_BLOCK(a, &aad[AES_BLOCK_LEN], AES_BLOCK_LEN); - rijndael_encrypt(ctx, a, a); + gcry_cipher_encrypt(rijndael_handle, a, AES_BLOCK_LEN, NULL, 0); b0[0] &= 0x07; b0[14] = b0[15] = 0; - rijndael_encrypt(ctx, b0, b); + gcry_cipher_encrypt(rijndael_handle, b, AES_BLOCK_LEN, b0, AES_BLOCK_LEN); /** //XOR( m + len - 8, b, 8 ); **/ #undef IS_QOS_DATA @@ -214,7 +214,7 @@ static void ccmp_init_blocks( INT AirPDcapCcmpDecrypt( UINT8 *m, - gint mac_header_len, + gint mac_header_len, INT len, UCHAR TK1[16]) { @@ -227,19 +227,27 @@ INT AirPDcapCcmpDecrypt( UINT8 *pos; UINT space; INT z = mac_header_len; - rijndael_ctx key; + gcry_cipher_hd_t rijndael_handle; UINT64 PN; UINT8 *ivp=m+z; PN = READ_6(ivp[0], ivp[1], ivp[4], ivp[5], ivp[6], ivp[7]); - /* freebsd */ - rijndael_set_key(&key, TK1, 128); + if (gcry_cipher_open(&rijndael_handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) { + return 1; + } + if (gcry_cipher_setkey(rijndael_handle, TK1, 16)) { + gcry_cipher_close(rijndael_handle); + return 1; + } + wh = (PAIRPDCAP_MAC_FRAME )m; data_len = len - (z + AIRPDCAP_CCMP_HEADER+AIRPDCAP_CCMP_TRAILER); - if (data_len < 1) - return 0; - ccmp_init_blocks(&key, wh, PN, data_len, b0, aad, a, b); + if (data_len < 1) { + gcry_cipher_close(rijndael_handle); + return 0; + } + ccmp_init_blocks(rijndael_handle, wh, PN, data_len, b0, aad, a, b); memcpy(mic, m+len-AIRPDCAP_CCMP_TRAILER, AIRPDCAP_CCMP_TRAILER); XOR_BLOCK(mic, b, AIRPDCAP_CCMP_TRAILER); @@ -258,7 +266,8 @@ INT AirPDcapCcmpDecrypt( if (space != 0) /* short last block */ CCMP_DECRYPT(i, b, b0, pos, a, space); - /* MIC Key ?= MIC */ + gcry_cipher_close(rijndael_handle); + /* MIC Key ?= MIC */ if (memcmp(mic, a, AIRPDCAP_CCMP_TRAILER) == 0) { return 0; } diff --git a/epan/crypt/airpdcap_rijndael.c b/epan/crypt/airpdcap_rijndael.c index c7782c3f9e..e5f1f93b4b 100644 --- a/epan/crypt/airpdcap_rijndael.c +++ b/epan/crypt/airpdcap_rijndael.c @@ -23,12 +23,12 @@ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - +#include "config.h" #include "airpdcap_rijndael.h" -#include "airpdcap_debug.h" +#include "airpdcap_debug.h" #include <glib.h> -#include <wsutil/aes.h> +#include <wsutil/wsgcrypt.h> /* Based on RFC 3394 and NIST AES Key Wrap Specification pseudo-code. @@ -42,7 +42,7 @@ AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len) UCHAR a[8], b[16]; UCHAR *r; gint16 i, j, n; - rijndael_ctx ctx; + gcry_cipher_hd_t rijndael_handle; if (kek == NULL || cipher_len < 16 || cipher_text == NULL) { return NULL; /* "should not happen" */ @@ -61,6 +61,13 @@ AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len) /* Compute intermediate values */ + if (gcry_cipher_open(&rijndael_handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0)) { + return output; + } + if (gcry_cipher_setkey(rijndael_handle, kek, key_len)) { + gcry_cipher_close(rijndael_handle); + return output; + } for (j=5; j >= 0; --j){ r = output + (n - 1) * 8; /* DEBUG_DUMP("r1", (r-8), 8); */ @@ -72,14 +79,14 @@ AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len) b[7] ^= t; /* DEBUG_DUMP("a plus t", b, 8); */ memcpy(b+8, r, 8); - rijndael_set_key(&ctx, kek, key_len*8 /*bits*/); - rijndael_decrypt(&ctx, b, b); /* NOTE: we are using the same src and dst buffer. It's ok. */ + gcry_cipher_decrypt(rijndael_handle, b, 16, NULL, 0); /* DEBUG_DUMP("aes decrypt", b, 16) */ memcpy(a,b,8); memcpy(r, b+8, 8); r -= 8; } } + gcry_cipher_close(rijndael_handle); /* DEBUG_DUMP("a", a, 8); */ /* DEBUG_DUMP("output", output, cipher_len - 8); */ |