diff options
author | Gtker <wireshark@gtker.com> | 2021-07-16 13:29:58 +0200 |
---|---|---|
committer | Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2021-07-20 20:46:57 +0000 |
commit | 3f4ac5539b4c6305f7e86b0fcf1d128fd426a9fa (patch) | |
tree | dc751a3ac839387771a3d52e7a1166444c51870b /epan/dissectors/packet-woww.c | |
parent | e37f6599b0a8e33c64ba0c1ef81462bc92803bef (diff) |
WOWW: Move header decryption into separate function
Diffstat (limited to 'epan/dissectors/packet-woww.c')
-rw-r--r-- | epan/dissectors/packet-woww.c | 149 |
1 files changed, 84 insertions, 65 deletions
diff --git a/epan/dissectors/packet-woww.c b/epan/dissectors/packet-woww.c index 79a5fb29fd..c24fcbc42a 100644 --- a/epan/dissectors/packet-woww.c +++ b/epan/dissectors/packet-woww.c @@ -1967,6 +1967,86 @@ session_key_is_fully_deduced(const bool known_indices[WOWW_SESSION_KEY_LENGTH], return fully_deduced; } +static guint8* +handle_packet_header(packet_info* pinfo, + tvbuff_t* tvb, + WowwParticipant_t* participant, + WowwConversation_t* wowwConversation, + guint8 headerSize) { + + guint8* decrypted_header = wmem_tree_lookup32(wowwConversation->decrypted_headers, pinfo->num); + + if (decrypted_header) { + // Header has already been decrypted + return decrypted_header; + } + + // First time we see this header, we need to decrypt it + guint8* header = wmem_alloc0(wmem_packet_scope(), WOWW_HEADER_ARRAY_ALLOC_SIZE); + for (int i = 0; i < headerSize; i++) { + header[i] = tvb_get_guint8(tvb, i); + } + + // If we're seeing the first header + if (!participant->unencrypted_packet_encountered) { + // Packet is unencrypted, no need to do anything + + // There is only one unencrypted header each for server and client + participant->unencrypted_packet_encountered = true; + + decrypted_header = wmem_alloc0(wmem_file_scope(), WOWW_HEADER_ARRAY_ALLOC_SIZE); + memcpy(decrypted_header, header, headerSize); + + wmem_tree_insert32(wowwConversation->decrypted_headers, pinfo->num, decrypted_header); + + return decrypted_header; + } + + // If we aren't ready to fully decrypt this header yet + if (!session_key_is_fully_deduced(wowwConversation->known_indices, headerSize, participant)) { + // Packet isn't decrypted, make sure to do it later + guint8 *array_index = wmem_alloc(wmem_file_scope(), 2); + array_index[0] = participant->index; + array_index[1] = participant->last_encrypted_value; + wmem_tree_insert32(wowwConversation->headers_need_decryption, pinfo->num, array_index); + + if (WOWW_CLIENT_TO_SERVER) { + deduce_header(wowwConversation->session_key, wowwConversation->known_indices, header, participant); + } else { + // Skip the packet, but remember to acknowledge that values changed + participant->index = (participant->index + headerSize) % WOWW_SESSION_KEY_LENGTH; + participant->last_encrypted_value = header[headerSize - 1]; + } + + return NULL; + } + + guint8* old_index = wmem_tree_lookup32(wowwConversation->headers_need_decryption, pinfo->num); + + guint8 new_index = participant->index; + guint8 new_last_encrypted = participant->last_encrypted_value; + + // If this is an out of order packet we must use the original state + if (old_index) { + participant->index = old_index[0]; + participant->last_encrypted_value = old_index[1]; + } + + decrypted_header = get_decrypted_header(wowwConversation->session_key, participant, header, headerSize); + + if (old_index) { + participant->index = new_index; + participant->last_encrypted_value = new_last_encrypted; + + wmem_tree_remove32(wowwConversation->headers_need_decryption, pinfo->num); + } + + // The header has been fully decrypted + wmem_tree_insert32(wowwConversation->decrypted_headers, pinfo->num, decrypted_header); + + return decrypted_header; +} + static int dissect_woww(tvbuff_t *tvb, packet_info *pinfo, @@ -2033,70 +2113,9 @@ dissect_woww(tvbuff_t *tvb, headerSize = 6; } - guint8* decrypted_header = wmem_tree_lookup32(wowwConversation->decrypted_headers, pinfo->num); - - gint offset = 0; - - // First time we see this header, we need to decrypt it - if (decrypted_header == NULL) { - guint8* header = wmem_alloc0(wmem_packet_scope(), WOWW_HEADER_ARRAY_ALLOC_SIZE); - for (int i = 0; i < headerSize; i++) { - header[i] = tvb_get_guint8(tvb, offset); - offset += 1; - } - - // Only first packet is unencrypted, all the rest are encrypted - if (participant->unencrypted_packet_encountered) { - if (session_key_is_fully_deduced(wowwConversation->known_indices, headerSize, participant)) { - guint8* old_index = wmem_tree_lookup32(wowwConversation->headers_need_decryption, pinfo->num); - - guint8 new_index = participant->index; - guint8 new_last_encrypted = participant->last_encrypted_value; - - if (old_index) { - // Set Index - participant->index = old_index[0]; - participant->last_encrypted_value = old_index[1]; - } - - decrypted_header = get_decrypted_header(wowwConversation->session_key, participant, header, headerSize); - - if (old_index) { - participant->index = new_index; - participant->last_encrypted_value = new_last_encrypted; - wmem_tree_remove32(wowwConversation->headers_need_decryption, pinfo->num); - } - - wmem_tree_insert32(wowwConversation->decrypted_headers, pinfo->num, decrypted_header); - } - else { - // Packet isn't decrypted, make sure to do it later - - // Add to kept packets with index - guint8 *array_index = wmem_alloc(wmem_file_scope(), 2); - array_index[0] = participant->index; - array_index[1] = participant->last_encrypted_value; - wmem_tree_insert32(wowwConversation->headers_need_decryption, pinfo->num, array_index); - - if (WOWW_CLIENT_TO_SERVER) { - deduce_header(wowwConversation->session_key, wowwConversation->known_indices, header, participant); - return tvb_captured_length(tvb); - } else { - participant->index = (participant->index + headerSize) % WOWW_SESSION_KEY_LENGTH; - participant->last_encrypted_value = header[headerSize - 1]; - - return tvb_captured_length(tvb); - } - } - } else { - // Packet is unencrypted, no need to do anything other than copy - participant->unencrypted_packet_encountered = true; - - decrypted_header = wmem_alloc0(wmem_file_scope(), WOWW_HEADER_ARRAY_ALLOC_SIZE); - memcpy(decrypted_header, header, headerSize); - - wmem_tree_insert32(wowwConversation->decrypted_headers, pinfo->num, decrypted_header); - } + guint8* decrypted_header = handle_packet_header(pinfo, tvb, participant, wowwConversation, headerSize); + if (!decrypted_header) { + return tvb_captured_length(tvb); } // Add to tree @@ -2106,7 +2125,7 @@ dissect_woww(tvbuff_t *tvb, /* Add an item to the subtree, see section 1.5 of README.dissector for more * information. */ // We're indexing into another tvb - offset = 0; + gint offset = 0; gint len = 2; proto_tree_add_item(woww_tree, hf_woww_size_field, next_tvb, offset, len, ENC_BIG_ENDIAN); |