diff options
author | Peter Wu <peter@lekensteyn.nl> | 2017-02-09 15:00:19 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2017-02-13 18:35:47 +0000 |
commit | 6b84ddee83e70aff944da084129624226b7a32fa (patch) | |
tree | 7cac052f5b5adb25c301b9974e79a334aa36b13b /epan/dissectors/packet-isakmp.c | |
parent | b5610a0436f332c664a91b86cb5326f24601bbf1 (diff) |
Make Libgcrypt a mandatory dependency
Removed all guards for HAVE_LIBGCRYPT, change autotools and CMake to
error out if it is not available. Update release notes, developer
documentation and README with the new status. Clarify relation with
GnuTLS in macosx-setup.sh. Install Libgcrypt via brew script.
Motivation for this change is that many dissectors depend on Libgcrypt
and having it optional increases the maintenance burden (there have been
several compile issues in the past due to the optional status).
Furthermore, wsutil has crypto code that can be replaced by Libgcrypt.
Change-Id: Idf0021b8c4cd5db70b8766f7dcc2a8b3acbf042f
Link: https://www.wireshark.org/lists/wireshark-dev/201702/msg00011.html
Reviewed-on: https://code.wireshark.org/review/20030
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/dissectors/packet-isakmp.c')
-rw-r--r-- | epan/dissectors/packet-isakmp.c | 105 |
1 files changed, 6 insertions, 99 deletions
diff --git a/epan/dissectors/packet-isakmp.c b/epan/dissectors/packet-isakmp.c index 7c668cdde1..d324d447fa 100644 --- a/epan/dissectors/packet-isakmp.c +++ b/epan/dissectors/packet-isakmp.c @@ -61,7 +61,6 @@ #include "packet-gsm_a_common.h" #include "packet-isakmp.h" -#ifdef HAVE_LIBGCRYPT #include <wsutil/wsgcrypt.h> #include <epan/proto_data.h> #include <epan/strutil.h> @@ -69,7 +68,6 @@ #if GCRYPT_VERSION_NUMBER >= 0x010600 #define HAVE_LIBGCRYPT_AEAD 1 #endif -#endif void proto_register_isakmp(void); void proto_reg_handoff_isakmp(void); @@ -390,11 +388,9 @@ static gint ett_isakmp_attr = -1; static gint ett_isakmp_id = -1; static gint ett_isakmp_notify_data = -1; static gint ett_isakmp_ts = -1; -#ifdef HAVE_LIBGCRYPT /* For decrypted IKEv2 Encrypted payload*/ static gint ett_isakmp_decrypted_data = -1; static gint ett_isakmp_decrypted_payloads = -1; -#endif /* HAVE_LIBGCRYPT */ static expert_field ei_isakmp_enc_iv = EI_INIT; static expert_field ei_isakmp_ikev2_integrity_checksum = EI_INIT; @@ -1644,8 +1640,6 @@ static const range_string rohc_attr_type[] = { #define ISAKMP_HDR_SIZE ((int)sizeof(struct isakmp_hdr) + (2 * COOKIE_SIZE)) -#ifdef HAVE_LIBGCRYPT - #define MAX_KEY_SIZE 256 #define MAX_DIGEST_SIZE 64 #define MAX_OAKLEY_KEY_LEN 32 @@ -2229,8 +2223,6 @@ decrypt_payload(tvbuff_t *tvb, packet_info *pinfo, const guint8 *buf, guint buf_ return encr_tvb; } -#endif /* HAVE_LIBGCRYPT */ - static proto_tree *dissect_payload_header(tvbuff_t *, packet_info *, int, int, int, guint8, guint8 *, guint16 *, proto_tree *); @@ -2263,10 +2255,8 @@ typedef struct ikev2_fragmentation_state_t { guint8 next_payload; } ikev2_fragmentation_state_t; -#ifdef HAVE_LIBGCRYPT /* frame_number -> next_payload. The key will be the frame that completes the original message */ static GHashTable *defrag_next_payload_hash = NULL; -#endif static void dissect_ikev2_fragmentation(tvbuff_t *, int, proto_tree *, packet_info *, guint32 message_id, guint8 next_payload, gboolean is_request, void* decr_info); @@ -3147,13 +3137,11 @@ dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ int isakmp_version; void* decr_data = NULL; guint8 flags; -#ifdef HAVE_LIBGCRYPT guint8 i_cookie[COOKIE_SIZE], *ic_key; decrypt_data_t *decr = NULL; tvbuff_t *decr_tvb; proto_tree *decr_tree; address null_addr; -#endif /* HAVE_LIBGCRYPT */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISAKMP"); col_clear(pinfo->cinfo, COL_INFO); @@ -3184,7 +3172,6 @@ dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ isakmp_version = hi_nibble(hdr.version); /* save the version */ hdr.flags = tvb_get_guint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1 + 1 + 1); -#ifdef HAVE_LIBGCRYPT if (isakmp_version == 1) { clear_address(&null_addr); @@ -3231,7 +3218,6 @@ dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ decr_data = ikev2_dec_data; } } -#endif /* HAVE_LIBGCRYPT */ { proto_tree_add_item(isakmp_tree, hf_isakmp_ispi, tvb, offset, COOKIE_SIZE, ENC_NA); @@ -3327,7 +3313,6 @@ dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ ti = proto_tree_add_item(isakmp_tree, hf_isakmp_enc_data, tvb, offset, len, ENC_NA); proto_item_append_text(ti, " (%d byte%s)", len, plurality(len, "", "s")); -#ifdef HAVE_LIBGCRYPT /* Collect initialization vectors during first pass. */ if (!PINFO_FD_VISITED(pinfo)) if (prepare_decrypt(decr)) @@ -3338,7 +3323,6 @@ dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ dissect_payloads(decr_tvb, decr_tree, isakmp_version, hdr.next_payload, 0, tvb_reported_length(decr_tvb), pinfo, hdr.message_id, !(flags & R_FLAG), decr_data); } -#endif /* HAVE_LIBGCRYPT */ } } else { dissect_payloads(tvb, isakmp_tree, isakmp_version, hdr.next_payload, @@ -3352,7 +3336,7 @@ dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ static proto_tree * dissect_payload_header(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, - int isakmp_version, guint8 payload _U_, guint8 *next_payload_p, + int isakmp_version, guint8 payload, guint8 *next_payload_p, guint16 *payload_length_p, proto_tree *tree) { guint8 next_payload; @@ -3810,10 +3794,7 @@ dissect_resp_lifetime_ipsec_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_t /* Returns the number of bytes consumed by this attribute. */ static int -dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset -#ifdef HAVE_LIBGCRYPT - , decrypt_data_t *decr -#endif +dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, decrypt_data_t *decr ) { guint headerlen, value_len, attr_type; @@ -3837,30 +3818,22 @@ dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int o case IKE_ATTR_ENCRYPTION_ALGORITHM: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_encryption_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN); proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_enc_algo, "Unknown %d")); -#ifdef HAVE_LIBGCRYPT decr->ike_encr_alg = tvb_get_ntohs(tvb, offset); -#endif break; case IKE_ATTR_HASH_ALGORITHM: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_hash_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN); proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_hash_algo, "Unknown %d")); -#ifdef HAVE_LIBGCRYPT decr->ike_hash_alg = tvb_get_ntohs(tvb, offset); -#endif break; case IKE_ATTR_AUTHENTICATION_METHOD: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_authentication_method, tvb, offset, value_len, ENC_BIG_ENDIAN); proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_authmeth, "Unknown %d")); -#ifdef HAVE_LIBGCRYPT decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? TRUE : FALSE; -#endif break; case IKE_ATTR_GROUP_DESCRIPTION: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_description, tvb, offset, value_len, ENC_BIG_ENDIAN); proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), dh_group, "Unknown %d")); -#ifdef HAVE_LIBGCRYPT decr->group = tvb_get_ntohs(tvb, offset); -#endif break; case IKE_ATTR_GROUP_TYPE: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_type, tvb, offset, value_len, ENC_BIG_ENDIAN); @@ -3894,9 +3867,7 @@ dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int o case IKE_ATTR_KEY_LENGTH: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_key_length, tvb, offset, value_len, ENC_BIG_ENDIAN); proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset)); -#ifdef HAVE_LIBGCRYPT decr->ike_encr_keylen = tvb_get_ntohs(tvb, offset); -#endif break; case IKE_ATTR_FIELD_SIZE: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_field_size, tvb, offset, value_len, ENC_NA); @@ -3984,19 +3955,13 @@ dissect_ike2_transform_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree * } static void -dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version, int protocol_id, void* decr_data -#ifndef HAVE_LIBGCRYPT - _U_ -#endif -) +dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version, int protocol_id, void* decr_data) { if (isakmp_version == 1) { guint8 transform_id; guint8 transform_num; -#ifdef HAVE_LIBGCRYPT decrypt_data_t *decr = (decrypt_data_t *)decr_data; -#endif /* HAVE_LIBGCRYPT */ int offset_end = 0; offset_end = offset + length; @@ -4038,20 +4003,14 @@ dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, pro offset += 2; if (protocol_id == 1 && transform_id == 1) { -#ifdef HAVE_LIBGCRYPT /* Allow detection of missing IKE transform attributes: * Make sure their values are not carried over from another transform * dissected previously. */ decr->ike_encr_alg = 0; decr->ike_encr_keylen = 0; decr->ike_hash_alg = 0; -#endif while (offset < offset_end) { - offset += dissect_ike_attribute(tvb, pinfo, tree, offset -#ifdef HAVE_LIBGCRYPT - , decr -#endif - ); + offset += dissect_ike_attribute(tvb, pinfo, tree, offset, decr); } } else { @@ -4103,14 +4062,7 @@ dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, pro static void dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, -#ifdef HAVE_LIBGCRYPT - packet_info* pinfo, - void* decr_data -#else - packet_info* pinfo _U_, - void* decr_data _U_ -#endif -) + packet_info* pinfo, void* decr_data) { if (isakmp_version == 2) { proto_tree_add_item(tree, hf_isakmp_key_exch_dh_group, tvb, offset, 2, ENC_BIG_ENDIAN); @@ -4124,7 +4076,6 @@ dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int is proto_tree_add_item(tree, hf_isakmp_key_exch_data, tvb, offset, length, ENC_NA); -#ifdef HAVE_LIBGCRYPT if (isakmp_version == 1 && decr_data) { decrypt_data_t *decr = (decrypt_data_t *)decr_data; @@ -4138,7 +4089,6 @@ dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int is decr->gr_len = length; } } -#endif /* HAVE_LIBGCRYPT */ } static void @@ -4425,21 +4375,15 @@ dissect_cisco_fragmentation(tvbuff_t *tvb, int offset, int length, proto_tree *t /* This is RFC7383 reassembly. */ static void dissect_ikev2_fragmentation(tvbuff_t *tvb, int offset, proto_tree *tree, -#ifdef HAVE_LIBGCRYPT packet_info *pinfo, guint message_id, guint8 next_payload, gboolean is_request, void* decr_info) -#else - packet_info *pinfo, guint message_id, guint8 next_payload, gboolean is_request _U_, void* decr_info _U_) -#endif { guint16 fragment_number, total_fragments; -#ifdef HAVE_LIBGCRYPT gboolean message_next_payload_set = FALSE; guint8 message_next_payload = 0; gint iv_len, icd_len; gint iv_offset; gint icd_offset; ikev2_decrypt_data_t *key_info; -#endif /* Fragment Number */ fragment_number = tvb_get_ntohs(tvb, offset); @@ -4478,7 +4422,6 @@ dissect_ikev2_fragmentation(tvbuff_t *tvb, int offset, proto_tree *tree, /* Show fragment summary in Info column */ col_append_fstr(pinfo->cinfo, COL_INFO, " (fragment %u/%u)", fragment_number, total_fragments); -#ifdef HAVE_LIBGCRYPT offset += 2; /* If this is the last fragment, need to know what the payload type for the reassembled message is, @@ -4589,7 +4532,6 @@ dissect_ikev2_fragmentation(tvbuff_t *tvb, int offset, proto_tree *tree, pinfo->fragmented = save_fragmented; } /* End Reassembly stuff for IKE2 fragmentation */ -#endif } @@ -5364,21 +5306,12 @@ dissect_enc(tvbuff_t *tvb, int offset, int length, proto_tree *tree, -#ifdef HAVE_LIBGCRYPT packet_info *pinfo, guint8 inner_payload, gboolean is_request, void* decr_info, gboolean dissect_payload_now) -#else - packet_info *pinfo _U_, - guint8 inner_payload _U_, - gboolean is_request _U_, - void* decr_info _U_, - gboolean dissect_payload_now _U_) -#endif { -#ifdef HAVE_LIBGCRYPT ikev2_decrypt_data_t *key_info = NULL; gint iv_len, encr_data_len, icd_len, decr_data_len, md_len, icv_len, encr_key_len, encr_iv_len; guint8 pad_len; @@ -5711,15 +5644,10 @@ dissect_enc(tvbuff_t *tvb, dissect_payloads(decr_tvb, decr_payloads_tree, 2, inner_payload, 0, payloads_len, pinfo, 0, is_request, decr_info); } }else{ -#endif /* HAVE_LIBGCRYPT */ proto_tree_add_item(tree, hf_isakmp_enc_iv, tvb, offset, 4, ENC_NA); proto_tree_add_item(tree, hf_isakmp_enc_data, tvb, offset+4 , length, ENC_NA); -#ifdef HAVE_LIBGCRYPT } return decr_tvb; -#else /* HAVE_LIBGCRYPT */ - return NULL; -#endif } static void @@ -5746,7 +5674,6 @@ dissect_gspm(tvbuff_t *tvb, int offset, int length, proto_tree *tree) * Protocol initialization */ -#ifdef HAVE_LIBGCRYPT static guint isakmp_hash_func(gconstpointer c) { const guint8 *i_cookie = (const guint8 *) c; @@ -5809,9 +5736,7 @@ static gint ikev2_key_equal_func(gconstpointer k1, gconstpointer k2) { return 1; } -#endif /* HAVE_LIBGCRYPT */ -#ifdef HAVE_LIBGCRYPT static void free_cookie_key(gpointer key_arg) { @@ -5828,16 +5753,12 @@ free_cookie_value(gpointer value) g_hash_table_destroy(decr->iv_hash); g_slice_free1(sizeof(decrypt_data_t), decr); } -#endif static void isakmp_init_protocol(void) { -#ifdef HAVE_LIBGCRYPT guint i; decrypt_data_t *decr; guint8 *ic_key; -#endif /* HAVE_LIBGCRYPT */ -#ifdef HAVE_LIBGCRYPT isakmp_hash = g_hash_table_new_full(isakmp_hash_func, isakmp_equal_func, free_cookie_key, free_cookie_value); @@ -5859,20 +5780,15 @@ isakmp_init_protocol(void) { ikev2_uat_data[i].auth_spec = ikev2_decrypt_find_auth_spec(ikev2_uat_data[i].auth_alg); } defrag_next_payload_hash = g_hash_table_new(g_direct_hash, g_direct_equal); -#endif /* HAVE_LIBGCRYPT */ } static void isakmp_cleanup_protocol(void) { -#ifdef HAVE_LIBGCRYPT g_hash_table_destroy(isakmp_hash); g_hash_table_destroy(ikev2_key_hash); g_hash_table_destroy(defrag_next_payload_hash); -#endif /* HAVE_LIBGCRYPT */ } -#ifdef HAVE_LIBGCRYPT - UAT_BUFFER_CB_DEF(ikev1_users, icookie, ikev1_uat_data_key_t, icookie, icookie_len) UAT_BUFFER_CB_DEF(ikev1_users, key, ikev1_uat_data_key_t, key, key_len) @@ -5959,14 +5875,11 @@ static gboolean ikev2_uat_data_update_cb(void* p, char** err) { return TRUE; } -#endif /* HAVE_LIBGCRYPT */ void proto_register_isakmp(void) { -#ifdef HAVE_LIBGCRYPT module_t *isakmp_module; -#endif static hf_register_info hf[] = { { &hf_isakmp_ispi, { "Initiator SPI", "isakmp.ispi", @@ -7194,10 +7107,8 @@ proto_register_isakmp(void) &ett_isakmp_id, &ett_isakmp_notify_data, &ett_isakmp_ts, -#ifdef HAVE_LIBGCRYPT &ett_isakmp_decrypted_data, &ett_isakmp_decrypted_payloads -#endif /* HAVE_LIBGCRYPT */ }; static ei_register_info ei[] = { @@ -7212,7 +7123,6 @@ proto_register_isakmp(void) expert_module_t* expert_isakmp; -#ifdef HAVE_LIBGCRYPT static uat_field_t ikev1_uat_flds[] = { UAT_FLD_BUFFER(ikev1_users, icookie, "Initiator's COOKIE", "Initiator's COOKIE"), UAT_FLD_BUFFER(ikev1_users, key, "Encryption Key", "Encryption Key"), @@ -7230,7 +7140,7 @@ proto_register_isakmp(void) UAT_FLD_VS(ikev2_users, auth_alg, "Integrity algorithm", vs_ikev2_auth_algs, "Integrity algorithm of IKE_SA"), UAT_END_FIELDS }; -#endif /* HAVE_LIBGCRYPT */ + proto_isakmp = proto_register_protocol("Internet Security Association and Key Management Protocol", "ISAKMP", "isakmp"); proto_register_field_array(proto_isakmp, hf, array_length(hf)); @@ -7246,7 +7156,6 @@ proto_register_isakmp(void) isakmp_handle = register_dissector("isakmp", dissect_isakmp, proto_isakmp); -#ifdef HAVE_LIBGCRYPT isakmp_module = prefs_register_protocol(proto_isakmp, NULL); ikev1_uat = uat_new("IKEv1 Decryption Table", sizeof(ikev1_uat_data_key_t), @@ -7289,8 +7198,6 @@ proto_register_isakmp(void) "IKEv2 Decryption Table", "Table of IKE_SA security parameters for decryption of IKEv2 packets", ikev2_uat); - -#endif /* HAVE_LIBGCRYPT */ } void |