diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-19 04:14:53 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-19 04:14:53 +0000 |
| commit | a86c5f7cae7ec9a3398300555a0b644689d946a1 (patch) | |
| tree | 39fe4b107c71174fd1e8a8ceb9a4d2aa14116248 /epan/dissectors/packet-zbee-security.c | |
| parent | Releasing progress-linux version 4.2.6-1~progress7.99u1. (diff) | |
| download | wireshark-a86c5f7cae7ec9a3398300555a0b644689d946a1.tar.xz wireshark-a86c5f7cae7ec9a3398300555a0b644689d946a1.zip | |
Merging upstream version 4.4.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'epan/dissectors/packet-zbee-security.c')
| -rw-r--r-- | epan/dissectors/packet-zbee-security.c | 303 |
1 files changed, 158 insertions, 145 deletions
diff --git a/epan/dissectors/packet-zbee-security.c b/epan/dissectors/packet-zbee-security.c index f41d19ba..b4b28fc9 100644 --- a/epan/dissectors/packet-zbee-security.c +++ b/epan/dissectors/packet-zbee-security.c @@ -35,32 +35,33 @@ #include "packet-zbee-security.h" /* Helper Functions */ -static void zbee_sec_key_hash(guint8 *, guint8, guint8 *); -static void zbee_sec_make_nonce (zbee_security_packet *, guint8 *); -static gboolean zbee_sec_decrypt_payload(zbee_security_packet *, const gchar *, const gchar, guint8 *, - guint, guint, guint8 *); -static gboolean zbee_security_parse_key(const gchar *, guint8 *, gboolean); +static void zbee_sec_key_hash(uint8_t *, uint8_t, uint8_t *); +static void zbee_sec_make_nonce (zbee_security_packet *, uint8_t *); +static bool zbee_sec_decrypt_payload(zbee_security_packet *, const char *, const char, uint8_t *, + unsigned, unsigned, uint8_t *); +static bool zbee_security_parse_key(const char *, uint8_t *, bool); /* Field pointers. */ -static int hf_zbee_sec_field = -1; -static int hf_zbee_sec_level = -1; -static int hf_zbee_sec_key_id = -1; -static int hf_zbee_sec_nonce = -1; -static int hf_zbee_sec_counter = -1; -static int hf_zbee_sec_src64 = -1; -static int hf_zbee_sec_key_seqno = -1; -static int hf_zbee_sec_mic = -1; -static int hf_zbee_sec_key = -1; -static int hf_zbee_sec_key_origin = -1; -static int hf_zbee_sec_decryption_key = -1; +static int hf_zbee_sec_field; +static int hf_zbee_sec_level; +static int hf_zbee_sec_key_id; +static int hf_zbee_sec_nonce; +static int hf_zbee_sec_verified_fc; +static int hf_zbee_sec_counter; +static int hf_zbee_sec_src64; +static int hf_zbee_sec_key_seqno; +static int hf_zbee_sec_mic; +static int hf_zbee_sec_key; +static int hf_zbee_sec_key_origin; +static int hf_zbee_sec_decryption_key; /* Subtree pointers. */ -static gint ett_zbee_sec = -1; -static gint ett_zbee_sec_control = -1; +static int ett_zbee_sec; +static int ett_zbee_sec_control; -static expert_field ei_zbee_sec_encrypted_payload = EI_INIT; -static expert_field ei_zbee_sec_encrypted_payload_sliced = EI_INIT; -static expert_field ei_zbee_sec_extended_source_unknown = EI_INIT; +static expert_field ei_zbee_sec_encrypted_payload; +static expert_field ei_zbee_sec_encrypted_payload_sliced; +static expert_field ei_zbee_sec_extended_source_unknown; static const value_string zbee_sec_key_names[] = { { ZBEE_SEC_KEY_LINK, "Link Key" }, @@ -101,7 +102,7 @@ static const enum_val_t zbee_sec_level_enums[] = { { NULL, NULL, 0 } }; -static gint gPREF_zbee_sec_level = ZBEE_SEC_ENC_MIC32; +static int gPREF_zbee_sec_level = ZBEE_SEC_ENC_MIC32; static uat_t *zbee_sec_key_table_uat; static const value_string byte_order_vals[] = { @@ -112,18 +113,18 @@ static const value_string byte_order_vals[] = { /* UAT Key Entry */ typedef struct _uat_key_record_t { - gchar *string; - guint8 byte_order; - gchar *label; + char *string; + uint8_t byte_order; + char *label; } uat_key_record_t; UAT_CSTRING_CB_DEF(uat_key_records, string, uat_key_record_t) -UAT_VS_DEF(uat_key_records, byte_order, uat_key_record_t, guint8, 0, "Normal") +UAT_VS_DEF(uat_key_records, byte_order, uat_key_record_t, uint8_t, 0, "Normal") UAT_CSTRING_CB_DEF(uat_key_records, label, uat_key_record_t) -static GSList *zbee_pc_keyring = NULL; -static uat_key_record_t *uat_key_records = NULL; -static guint num_uat_key_records = 0; +static GSList *zbee_pc_keyring; +static uat_key_record_t *uat_key_records; +static unsigned num_uat_key_records; static void* uat_key_record_copy_cb(void* n, const void* o, size_t siz _U_) { uat_key_record_t* new_key = (uat_key_record_t *)n; @@ -138,11 +139,11 @@ static void* uat_key_record_copy_cb(void* n, const void* o, size_t siz _U_) { static bool uat_key_record_update_cb(void* r, char** err) { uat_key_record_t* rec = (uat_key_record_t *)r; - guint8 key[ZBEE_SEC_CONST_KEYSIZE]; + uint8_t key[ZBEE_SEC_CONST_KEYSIZE]; if (rec->string == NULL) { *err = g_strdup("Key can't be blank"); - return FALSE; + return false; } else { g_strstrip(rec->string); @@ -151,14 +152,14 @@ static bool uat_key_record_update_cb(void* r, char** err) { if ( !zbee_security_parse_key(rec->string, key, rec->byte_order) ) { *err = ws_strdup_printf("Expecting %d hexadecimal bytes or\n" "a %d character double-quoted string", ZBEE_SEC_CONST_KEYSIZE, ZBEE_SEC_CONST_KEYSIZE); - return FALSE; + return false; } } else { *err = g_strdup("Key can't be blank"); - return FALSE; + return false; } } - return TRUE; + return true; } static void uat_key_record_free_cb(void*r) { @@ -168,7 +169,7 @@ static void uat_key_record_free_cb(void*r) { g_free(key->label); } -static void zbee_free_key_record(gpointer ptr) +static void zbee_free_key_record(void *ptr) { key_record_t *k = (key_record_t *)ptr; @@ -177,9 +178,9 @@ static void zbee_free_key_record(gpointer ptr) } static void uat_key_record_post_update(void) { - guint i; + unsigned i; key_record_t key_record; - guint8 key[ZBEE_SEC_CONST_KEYSIZE]; + uint8_t key[ZBEE_SEC_CONST_KEYSIZE]; /* empty the key ring */ if (zbee_pc_keyring) { @@ -237,6 +238,10 @@ void zbee_security_register(module_t *zbee_prefs, int proto) { "Extended Nonce", "zbee.sec.ext_nonce", FT_BOOLEAN, 8, NULL, ZBEE_SEC_CONTROL_NONCE, NULL, HFILL }}, + { &hf_zbee_sec_verified_fc, + { "Require Verified Frame Counter", "zbee.sec.verified_fc", FT_UINT8, BASE_HEX, NULL, + ZBEE_SEC_CONTROL_VERIFIED_FC, NULL, HFILL }}, + { &hf_zbee_sec_counter, { "Frame Counter", "zbee.sec.counter", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, @@ -266,7 +271,7 @@ void zbee_security_register(module_t *zbee_prefs, int proto) NULL, HFILL }} }; - static gint *ett[] = { + static int *ett[] = { &ett_zbee_sec, &ett_zbee_sec_control }; @@ -300,12 +305,12 @@ void zbee_security_register(module_t *zbee_prefs, int proto) "Specifies the security level to use in the\n" "decryption process. This value is ignored\n" "for ZigBee 2004 and unsecured networks.", - &gPREF_zbee_sec_level, zbee_sec_level_enums, FALSE); + &gPREF_zbee_sec_level, zbee_sec_level_enums, false); zbee_sec_key_table_uat = uat_new("Pre-configured Keys", sizeof(uat_key_record_t), "zigbee_pc_keys", - TRUE, + true, &uat_key_records, &num_uat_key_records, UAT_AFFECTS_DISSECTION, /* affects dissection of packets, but not set of named fields */ @@ -338,24 +343,24 @@ void zbee_security_register(module_t *zbee_prefs, int proto) * increasing (normal byte order) or decreasing (reverse byte * order) address. * PARAMETERS - * const gchar *key_str - pointer to the string - * guint8 *key_buf - destination buffer in memory - * gboolean big_end - fill key_buf with incrementing address + * const char *key_str - pointer to the string + * uint8_t *key_buf - destination buffer in memory + * bool big_end - fill key_buf with incrementing address * RETURNS - * gboolean + * bool *--------------------------------------------------------------- */ -static gboolean -zbee_security_parse_key(const gchar *key_str, guint8 *key_buf, gboolean byte_order) +static bool +zbee_security_parse_key(const char *key_str, uint8_t *key_buf, bool byte_order) { int i, j; - gchar temp; - gboolean string_mode = FALSE; + char temp; + bool string_mode = false; /* Clear the key. */ memset(key_buf, 0, ZBEE_SEC_CONST_KEYSIZE); if (key_str == NULL) { - return FALSE; + return false; } /* @@ -365,7 +370,7 @@ zbee_security_parse_key(const gchar *key_str, guint8 *key_buf, gboolean byte_ord * alphanumeric characters after a double-quote. */ if ( (temp = *key_str++) == '"') { - string_mode = TRUE; + string_mode = true; temp = *key_str++; } @@ -376,7 +381,7 @@ zbee_security_parse_key(const gchar *key_str, guint8 *key_buf, gboolean byte_ord key_buf[j] = temp; temp = *key_str++; } else { - return FALSE; + return false; } } else { @@ -385,14 +390,14 @@ zbee_security_parse_key(const gchar *key_str, guint8 *key_buf, gboolean byte_ord /* Process a nibble. */ if ( g_ascii_isxdigit (temp) ) key_buf[j] = g_ascii_xdigit_value(temp)<<4; - else return FALSE; + else return false; /* Get the next nibble. */ temp = *(key_str++); /* Process another nibble. */ if ( g_ascii_isxdigit (temp) ) key_buf[j] |= g_ascii_xdigit_value(temp); - else return FALSE; + else return false; /* Get the next nibble. */ temp = *(key_str++); @@ -408,7 +413,7 @@ zbee_security_parse_key(const gchar *key_str, guint8 *key_buf, gboolean byte_ord } /* for */ /* If we get this far, then the key was good. */ - return TRUE; + return true; } /* zbee_security_parse_key */ /*FUNCTION:------------------------------------------------------ @@ -424,27 +429,27 @@ zbee_security_parse_key(const gchar *key_str, guint8 *key_buf, gboolean byte_ord * tvbuff_t *tvb - pointer to buffer containing raw packet. * packet_info *pinfo - pointer to packet information fields * proto_tree *tree - pointer to data tree Wireshark uses to display packet. - * guint offset - pointer to the start of the auxiliary security header. - * guint64 src64 - extended source address, or 0 if unknown. + * unsigned offset - pointer to the start of the auxiliary security header. + * uint64_t src64 - extended source address, or 0 if unknown. * RETURNS * tvbuff_t * *--------------------------------------------------------------- */ tvbuff_t * -dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint offset) +dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, unsigned offset) { proto_tree *sec_tree; zbee_security_packet packet; - guint mic_len; - gint payload_len; + unsigned mic_len; + int payload_len; tvbuff_t *payload_tvb; proto_item *ti; proto_item *key_item; - guint8 *enc_buffer; - guint8 *dec_buffer; - gboolean decrypted; + uint8_t *enc_buffer; + uint8_t *dec_buffer; + bool decrypted; GSList **nwk_keyring; GSList *GSList_i; key_record_t *key_rec = NULL; @@ -456,6 +461,7 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o &hf_zbee_sec_level, &hf_zbee_sec_key_id, &hf_zbee_sec_nonce, + &hf_zbee_sec_verified_fc, NULL }; @@ -472,7 +478,7 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o sec_tree = proto_tree_add_subtree(tree, tvb, offset, -1, ett_zbee_sec, NULL, "ZigBee Security Header"); /* Get and display the Security control field */ - packet.control = tvb_get_guint8(tvb, offset); + packet.control = tvb_get_uint8(tvb, offset); /* Patch the security level. */ packet.control &= ~ZBEE_SEC_CONTROL_LEVEL; @@ -485,7 +491,7 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o * so we can fix these 3 bits. Memory allocated by tvb_memdup(pinfo->pool,...) * is automatically freed before the next packet is processed. */ - enc_buffer = (guint8 *)tvb_memdup(pinfo->pool, tvb, 0, tvb_captured_length(tvb)); + enc_buffer = (uint8_t *)tvb_memdup(pinfo->pool, tvb, 0, tvb_captured_length(tvb)); /* * Override the const qualifiers and patch the security level field, we * know it is safe to overide the const qualifiers because we just @@ -592,7 +598,7 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o if (packet.key_id == ZBEE_SEC_KEY_NWK) { /* Get and display the key sequence number. */ - packet.key_seqno = tvb_get_guint8(tvb, offset); + packet.key_seqno = tvb_get_uint8(tvb, offset); proto_tree_add_uint(sec_tree, hf_zbee_sec_key_seqno, tvb, offset, 1, packet.key_seqno); offset += 1; } @@ -621,19 +627,10 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o break; } /* switch */ - /* Get and display the MIC. */ - if (mic_len) { - /* Display the MIC. */ - proto_tree_add_item(sec_tree, hf_zbee_sec_mic, tvb, (gint)(tvb_captured_length(tvb)-mic_len), - mic_len, ENC_NA); - } - + /* Empty payload has to be security checked as well, + * since it contains MIC authentication tag */ payload_len = tvb_reported_length_remaining(tvb, offset+mic_len); - /* Check for null payload. */ - if (payload_len == 0) - return NULL; - /********************************************** * Perform Security Operations on the Frame * ********************************************** @@ -648,7 +645,8 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o } /* Have we captured all the payload? */ - if (tvb_captured_length_remaining(tvb, offset+mic_len) < payload_len) { + if (tvb_captured_length_remaining(tvb, offset+mic_len) < payload_len + || !tvb_bytes_exist(tvb, offset+payload_len, mic_len) /* there are at least enough bytes for MIC */ ) { /* * No - don't try to decrypt it. * @@ -667,10 +665,18 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o return NULL; } - /* Allocate memory to decrypt the payload into. */ - dec_buffer = (guint8 *)wmem_alloc(pinfo->pool, payload_len); + /* Get and display the MIC. */ + if (mic_len) { + /* Display the MIC. */ + proto_tree_add_item(sec_tree, hf_zbee_sec_mic, tvb, (int)(tvb_reported_length(tvb)-mic_len), + mic_len, ENC_NA); + } - decrypted = FALSE; + /* Allocate memory to decrypt the payload into. + * If there is no payload, dec_buffer will be NULL */ + dec_buffer = (uint8_t *)wmem_alloc(pinfo->pool, payload_len); + + decrypted = false; if ( packet.src64 ) { if (pinfo->fd->visited) { if ( nwk_hints ) { @@ -754,7 +760,8 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o if ( decrypted ) { if ( tree && key_rec ) { - key_item = proto_tree_add_bytes(sec_tree, hf_zbee_sec_key, tvb, 0, ZBEE_SEC_CONST_KEYSIZE, key_rec->key); + /* Key is not present in decrypted payload, so its length may not match bytes length */ + key_item = proto_tree_add_bytes_with_length(sec_tree, hf_zbee_sec_key, tvb, 0, 0, key_rec->key, ZBEE_SEC_CONST_KEYSIZE); proto_item_set_generated(key_item); if ( key_rec->frame_num == ZBEE_SEC_PC_KEY ) { @@ -767,8 +774,14 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o } /* Found a key that worked, setup the new tvbuff_t and return */ - payload_tvb = tvb_new_child_real_data(tvb, dec_buffer, payload_len, payload_len); - add_new_data_source(pinfo, payload_tvb, "Decrypted ZigBee Payload"); + if(dec_buffer != NULL) { + payload_tvb = tvb_new_child_real_data(tvb, dec_buffer, payload_len, payload_len); + add_new_data_source(pinfo, payload_tvb, "Decrypted ZigBee Payload"); + } + else { + /* Only MIC authentication tag was checked */ + payload_tvb = NULL; + } /* Done! */ return payload_tvb; @@ -790,19 +803,19 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o * DESCRIPTION * Creates a nonce and decrypts a secured payload. * PARAMETERS - * gchar *nonce - Nonce Buffer. + * char *nonce - Nonce Buffer. * zbee_security_packet *packet - Security information. * RETURNS * void *--------------------------------------------------------------- */ -static gboolean -zbee_sec_decrypt_payload(zbee_security_packet *packet, const gchar *enc_buffer, const gchar offset, guint8 *dec_buffer, - guint payload_len, guint mic_len, guint8 *key) +static bool +zbee_sec_decrypt_payload(zbee_security_packet *packet, const char *enc_buffer, const char offset, uint8_t *dec_buffer, + unsigned payload_len, unsigned mic_len, uint8_t *key) { - guint8 nonce[ZBEE_SEC_CONST_NONCE_LEN]; - guint8 buffer[ZBEE_SEC_CONST_BLOCKSIZE+1]; - guint8 *key_buffer = buffer; + uint8_t nonce[ZBEE_SEC_CONST_NONCE_LEN]; + uint8_t buffer[ZBEE_SEC_CONST_BLOCKSIZE+1]; + uint8_t *key_buffer = buffer; switch (packet->key_id) { case ZBEE_SEC_KEY_NWK: @@ -842,9 +855,9 @@ zbee_sec_decrypt_payload(zbee_security_packet *packet, const gchar *enc_buffer, offset, /* l(a) */ payload_len, /* l(m) */ mic_len) ) { /* M */ - return TRUE; + return true; } - else return FALSE; + else return false; } /*FUNCTION:------------------------------------------------------ @@ -855,13 +868,13 @@ zbee_sec_decrypt_payload(zbee_security_packet *packet, const gchar *enc_buffer, * packet structure. * PARAMETERS * zbee_security_packet *packet - Security information. - * gchar *nonce - Nonce Buffer. + * char *nonce - Nonce Buffer. * RETURNS * void *--------------------------------------------------------------- */ static void -zbee_sec_make_nonce(zbee_security_packet *packet, guint8 *nonce) +zbee_sec_make_nonce(zbee_security_packet *packet, uint8_t *nonce) { /* First 8 bytes are the extended source address (little endian). */ phtole64(nonce, packet->src64); @@ -888,44 +901,44 @@ zbee_sec_make_nonce(zbee_security_packet *packet, guint8 *nonce) * payload is in plaintext), and this function will perform * MIC verification only. When l_m is 0, m may be NULL. * PARAMETERS - * gchar *key - ZigBee Security Key (must be ZBEE_SEC_CONST_KEYSIZE) in length. - * gchar *nonce - ZigBee CCM* Nonce (must be ZBEE_SEC_CONST_NONCE_LEN) in length. - * gchar *a - CCM* Parameter a (must be l(a) in length). Additional data covered + * char *key - ZigBee Security Key (must be ZBEE_SEC_CONST_KEYSIZE) in length. + * char *nonce - ZigBee CCM* Nonce (must be ZBEE_SEC_CONST_NONCE_LEN) in length. + * char *a - CCM* Parameter a (must be l(a) in length). Additional data covered * by the authentication process. - * gchar *c - CCM* Parameter c (must be l(c) = l(m) + M in length). Encrypted + * char *c - CCM* Parameter c (must be l(c) = l(m) + M in length). Encrypted * payload + encrypted authentication tag U. - * gchar *m - CCM* Output (must be l(m) in length). Decrypted Payload. - * guint l_a - l(a), length of CCM* parameter a. - * guint l_m - l(m), length of expected payload. - * guint M - M, length of CCM* authentication tag. + * char *m - CCM* Output (must be l(m) in length). Decrypted Payload. + * unsigned l_a - l(a), length of CCM* parameter a. + * unsigned l_m - l(m), length of expected payload. + * unsigned M - M, length of CCM* authentication tag. * RETURNS - * gboolean - TRUE if successful. + * bool - true if successful. *--------------------------------------------------------------- */ -gboolean -zbee_sec_ccm_decrypt(const gchar *key, /* Input */ - const gchar *nonce, /* Input */ - const gchar *a, /* Input */ - const gchar *c, /* Input */ - gchar *m, /* Output */ - guint l_a, /* sizeof(a) */ - guint l_m, /* sizeof(m) */ - guint M) /* sizeof(c) - sizeof(m) = sizeof(MIC) */ +bool +zbee_sec_ccm_decrypt(const char *key, /* Input */ + const char *nonce, /* Input */ + const char *a, /* Input */ + const char *c, /* Input */ + char *m, /* Output */ + unsigned l_a, /* sizeof(a) */ + unsigned l_m, /* sizeof(m) */ + unsigned M) /* sizeof(c) - sizeof(m) = sizeof(MIC) */ { - guint8 cipher_in[ZBEE_SEC_CONST_BLOCKSIZE]; - guint8 cipher_out[ZBEE_SEC_CONST_BLOCKSIZE]; - guint8 decrypted_mic[ZBEE_SEC_CONST_BLOCKSIZE]; - guint i, j; + uint8_t cipher_in[ZBEE_SEC_CONST_BLOCKSIZE]; + uint8_t cipher_out[ZBEE_SEC_CONST_BLOCKSIZE]; + uint8_t decrypted_mic[ZBEE_SEC_CONST_BLOCKSIZE]; + unsigned i, j; /* Cipher Instance. */ gcry_cipher_hd_t cipher_hd; /* Sanity-Check. */ - if (M > ZBEE_SEC_CONST_BLOCKSIZE) return FALSE; + if (M > ZBEE_SEC_CONST_BLOCKSIZE) return false; /* * The CCM* counter is L bytes in length, ensure that the payload * isn't long enough to overflow it. */ - if ((1 + (l_a/ZBEE_SEC_CONST_BLOCKSIZE)) > (1<<(ZBEE_SEC_CONST_L*8))) return FALSE; + if ((1 + (l_a/ZBEE_SEC_CONST_BLOCKSIZE)) > (1<<(ZBEE_SEC_CONST_L*8))) return false; /****************************************************** * Step 1: Encryption/Decryption Transformation @@ -941,17 +954,17 @@ zbee_sec_ccm_decrypt(const gchar *key, /* Input */ * block is the last two bytes, and is big-endian. */ if (gcry_cipher_open(&cipher_hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0)) { - return FALSE; + return false; } /* Set the Key. */ if (gcry_cipher_setkey(cipher_hd, key, ZBEE_SEC_CONST_KEYSIZE)) { gcry_cipher_close(cipher_hd); - return FALSE; + return false; } /* Set the counter. */ if (gcry_cipher_setctr(cipher_hd, cipher_in, ZBEE_SEC_CONST_BLOCKSIZE)) { gcry_cipher_close(cipher_hd); - return FALSE; + return false; } /* * Copy the MIC into the stack buffer. We need to feed the cipher a full @@ -965,12 +978,12 @@ zbee_sec_ccm_decrypt(const gchar *key, /* Input */ /* Encrypt/Decrypt the MIC in-place. */ if (gcry_cipher_encrypt(cipher_hd, decrypted_mic, ZBEE_SEC_CONST_BLOCKSIZE, decrypted_mic, ZBEE_SEC_CONST_BLOCKSIZE)) { gcry_cipher_close(cipher_hd); - return FALSE; + return false; } /* Encrypt/Decrypt the payload. */ if (gcry_cipher_encrypt(cipher_hd, m, l_m, c, l_m)) { gcry_cipher_close(cipher_hd); - return FALSE; + return false; } /* Done with the CTR Cipher. */ gcry_cipher_close(cipher_hd); @@ -981,7 +994,7 @@ zbee_sec_ccm_decrypt(const gchar *key, /* Input */ */ if (M == 0) { /* There is no authentication tag. We're done! */ - return TRUE; + return true; } /* * The authentication process in CCM* operates in CBC-MAC mode, but @@ -997,25 +1010,25 @@ zbee_sec_ccm_decrypt(const gchar *key, /* Input */ */ /* Re-open the cipher in ECB mode. */ if (gcry_cipher_open(&cipher_hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_ECB, 0)) { - return FALSE; + return false; } /* Re-load the key. */ if (gcry_cipher_setkey(cipher_hd, key, ZBEE_SEC_CONST_KEYSIZE)) { gcry_cipher_close(cipher_hd); - return FALSE; + return false; } /* Generate the first cipher block B0. */ cipher_in[0] = ZBEE_SEC_CCM_FLAG_M(M) | ZBEE_SEC_CCM_FLAG_ADATA(l_a) | ZBEE_SEC_CCM_FLAG_L; - memcpy(cipher_in+sizeof(gchar), nonce, ZBEE_SEC_CONST_NONCE_LEN); + memcpy(cipher_in+sizeof(char), nonce, ZBEE_SEC_CONST_NONCE_LEN); for (i=0;i<ZBEE_SEC_CONST_L; i++) { cipher_in[(ZBEE_SEC_CONST_BLOCKSIZE-1)-i] = (l_m >> (8*i)) & 0xff; } /* for */ /* Generate the first cipher block, X1 = E(Key, 0^128 XOR B0). */ if (gcry_cipher_encrypt(cipher_hd, cipher_out, ZBEE_SEC_CONST_BLOCKSIZE, cipher_in, ZBEE_SEC_CONST_BLOCKSIZE)) { gcry_cipher_close(cipher_hd); - return FALSE; + return false; } /* * We avoid mallocing() big chunks of memory by recycling small stack @@ -1050,7 +1063,7 @@ zbee_sec_ccm_decrypt(const gchar *key, /* Input */ if (gcry_cipher_encrypt(cipher_hd, cipher_out, ZBEE_SEC_CONST_BLOCKSIZE, cipher_in, ZBEE_SEC_CONST_BLOCKSIZE)) { gcry_cipher_close(cipher_hd); - return FALSE; + return false; } /* Reset j to point back to the start of the new cipher block. */ j = 0; @@ -1069,7 +1082,7 @@ zbee_sec_ccm_decrypt(const gchar *key, /* Input */ if (gcry_cipher_encrypt(cipher_hd, cipher_out, ZBEE_SEC_CONST_BLOCKSIZE, cipher_in, ZBEE_SEC_CONST_BLOCKSIZE)) { gcry_cipher_close(cipher_hd); - return FALSE; + return false; } /* Reset j to point back to the start of the new cipher block. */ j = 0; @@ -1083,7 +1096,7 @@ zbee_sec_ccm_decrypt(const gchar *key, /* Input */ /* Generate the last cipher block, which will be the MIC tag. */ if (gcry_cipher_encrypt(cipher_hd, cipher_out, ZBEE_SEC_CONST_BLOCKSIZE, cipher_in, ZBEE_SEC_CONST_BLOCKSIZE)) { gcry_cipher_close(cipher_hd); - return FALSE; + return false; } /* Done with the Cipher. */ gcry_cipher_close(cipher_hd); @@ -1111,18 +1124,18 @@ zbee_sec_ccm_decrypt(const gchar *key, /* Input */ * Hash[i] = E(Hash[i-1], M[i]) XOR M[j]; * M[i] = i'th block of text, with some padding and flags concatenated. * PARAMETERS - * guint8 * input - Hash Input (any length). - * guint8 input_len - Hash Input Length. - * guint8 * output - Hash Output (exactly one block in length). + * uint8_t * input - Hash Input (any length). + * uint8_t input_len - Hash Input Length. + * uint8_t * output - Hash Output (exactly one block in length). * RETURNS * void *--------------------------------------------------------------- */ static void -zbee_sec_hash(guint8 *input, guint input_len, guint8 *output) +zbee_sec_hash(uint8_t *input, unsigned input_len, uint8_t *output) { - guint8 cipher_in[ZBEE_SEC_CONST_BLOCKSIZE]; - guint i, j; + uint8_t cipher_in[ZBEE_SEC_CONST_BLOCKSIZE]; + unsigned i, j; /* Cipher Instance. */ gcry_cipher_hd_t cipher_hd; @@ -1214,20 +1227,20 @@ zbee_sec_hash(guint8 *input, guint input_len, guint8 *output) * opad = 0x5c repeated. * H() = ZigBee Cryptographic Hash (B.1.3 and B.6). * PARAMETERS - * guint8 *key - ZigBee Security Key (must be ZBEE_SEC_CONST_KEYSIZE) in length. - * guint8 input - ZigBee CCM* Nonce (must be ZBEE_SEC_CONST_NONCE_LEN) in length. - * guint8 *hash_out - buffer into which the key-hashed output is placed + * uint8_t *key - ZigBee Security Key (must be ZBEE_SEC_CONST_KEYSIZE) in length. + * uint8_t input - ZigBee CCM* Nonce (must be ZBEE_SEC_CONST_NONCE_LEN) in length. + * uint8_t *hash_out - buffer into which the key-hashed output is placed * RETURNS * void *--------------------------------------------------------------- */ static void -zbee_sec_key_hash(guint8 *key, guint8 input, guint8 *hash_out) +zbee_sec_key_hash(uint8_t *key, uint8_t input, uint8_t *hash_out) { - guint8 hash_in[2*ZBEE_SEC_CONST_BLOCKSIZE]; + uint8_t hash_in[2*ZBEE_SEC_CONST_BLOCKSIZE]; int i; - static const guint8 ipad = 0x36; - static const guint8 opad = 0x5c; + static const uint8_t ipad = 0x36; + static const uint8_t opad = 0x5c; /* Copy the key into hash_in and XOR with opad to form: (Key XOR opad) */ for (i=0; i<ZBEE_SEC_CONST_KEYSIZE; i++) hash_in[i] = key[i] ^ opad; @@ -1249,7 +1262,7 @@ zbee_sec_key_hash(guint8 *key, guint8 input, guint8 *hash_out) *@param pinfo pointer to packet information fields *@param key APS or NWK key */ -void zbee_sec_add_key_to_keyring(packet_info *pinfo, const guint8 *key) +void zbee_sec_add_key_to_keyring(packet_info *pinfo, const uint8_t *key) { GSList **nwk_keyring; key_record_t key_record; |