packet-kerberos: split out a decrypt_krb5_data_private() function

This allows passing 'kerberos_private_data_t' down to used_encryption_key(). This will be used in order to implement Kerberos FAST decryption. For now we'll pass a zeroed kerberos_private_data_t, but in future code can use decrypt_krb5_data_private() directly and pass in the result of kerberos_get_private_data(actx). Change-Id: Iffdd3c3168eca3ed90cfa0a924248df9fac98a0c Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/36490 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Stefan Metzmacher <metze@samba.org> 2020-03-17 10:22:29 +0100
committer: Anders Broman <a.broman58@gmail.com> 2020-03-19 07:34:08 +0000
commit: 1579ad0d245f520e7b886d5afcc38034299ba169 (patch)
tree: 181a196277d4df6a0fea67bada15211356b047c3
parent: 1716352f6f904d688f66c034222b5a86046cf653 (diff)
2 files changed, 61 insertions, 19 deletions
diff --git a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c
index b77f2296d2..9be4c2e19a 100644
--- a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c
+++ b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c
@@ -333,6 +333,7 @@ add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *k
 }
 
 static void used_encryption_key(proto_tree *tree, packet_info *pinfo,
+				kerberos_private_data_t *private_data _U_,
 				enc_key_t *ek, int usage, tvbuff_t *cryptotvb)
 {
 	proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype,
@@ -449,6 +450,7 @@ read_keytab_file(const char *filename)
 static krb5_error_code
 decrypt_krb5_with_cb(proto_tree *tree,
 		     packet_info *pinfo,
+		     kerberos_private_data_t *private_data,
 		     int usage,
 		     int keytype,
 		     tvbuff_t *cryptotvb,
@@ -475,7 +477,8 @@ decrypt_krb5_with_cb(proto_tree *tree,
 		key.key.contents=ek->keyvalue;
 		ret = decrypt_cb_fn(&(key.key), usage, decrypt_cb_data);
 		if(ret == 0) {
-			used_encryption_key(tree, pinfo, ek, usage, cryptotvb);
+			used_encryption_key(tree, pinfo, private_data,
+					    ek, usage, cryptotvb);
 			return 0;
 		}
 	}
@@ -509,12 +512,11 @@ decrypt_krb5_data_cb(const krb5_keyblock *key,
 			      &state->output);
 }
 
-guint8 *
-decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
-					int usage,
-					tvbuff_t *cryptotvb,
-					int keytype,
-					int *datalen)
+static guint8 *
+decrypt_krb5_data_private(proto_tree *tree _U_, packet_info *pinfo,
+			  kerberos_private_data_t *private_data,
+			  int usage, tvbuff_t *cryptotvb, int keytype,
+			  int *datalen)
 {
 	struct decrypt_krb5_data_state state;
 	krb5_error_code ret;
@@ -539,6 +541,7 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
 
 	ret = decrypt_krb5_with_cb(tree,
 				   pinfo,
+				   private_data,
 				   usage,
 				   keytype,
 				   cryptotvb,
@@ -553,6 +556,20 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
 	}
 	return (guint8 *)state.output.data;
 }
+
+guint8 *
+decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
+					int usage,
+					tvbuff_t *cryptotvb,
+					int keytype,
+					int *datalen)
+{
+	kerberos_private_data_t zero_private = { .msg_type = 0, };
+	return decrypt_krb5_data_private(tree, pinfo, &zero_private,
+					 usage, cryptotvb, keytype,
+					 datalen);
+}
+
 USES_APPLE_RST
 
 #ifdef KRB5_CRYPTO_TYPE_SIGN_ONLY
@@ -697,6 +714,7 @@ decrypt_krb5_krb_cfx_dce(proto_tree *tree,
 			 tvbuff_t *checksum_tvb)
 {
 	struct decrypt_krb5_krb_cfx_dce_state state;
+	kerberos_private_data_t zero_private = { .msg_type = 0, };
 	tvbuff_t *gssapi_decrypted_tvb = NULL;
 	krb5_error_code ret;
 
@@ -750,6 +768,7 @@ decrypt_krb5_krb_cfx_dce(proto_tree *tree,
 
 	ret = decrypt_krb5_with_cb(tree,
 				   pinfo,
+				   &zero_private,
 				   usage,
 				   keytype,
 				   gssapi_encrypted_tvb,
@@ -975,6 +994,7 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
 					int keytype,
 					int *datalen)
 {
+	kerberos_private_data_t zero_private = { .msg_type = 0, };
 	krb5_error_code ret;
 	krb5_data data;
 	enc_key_t *ek;
@@ -1025,7 +1045,8 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
 		if((ret == 0) && (length>0)){
 			char *user_data;
 
-			used_encryption_key(tree, pinfo, ek, usage, cryptotvb);
+			used_encryption_key(tree, pinfo, &zero_private,
+					    ek, usage, cryptotvb);
 
 			krb5_crypto_destroy(krb5_ctx, crypto);
 			/* return a private wmem_alloced blob to the caller */
diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c
index e671933c9c..debeef2be8 100644
--- a/epan/dissectors/packet-kerberos.c
+++ b/epan/dissectors/packet-kerberos.c
@@ -742,6 +742,7 @@ add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *k
 }
 
 static void used_encryption_key(proto_tree *tree, packet_info *pinfo,
+				kerberos_private_data_t *private_data _U_,
 				enc_key_t *ek, int usage, tvbuff_t *cryptotvb)
 {
 	proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype,
@@ -858,6 +859,7 @@ read_keytab_file(const char *filename)
 static krb5_error_code
 decrypt_krb5_with_cb(proto_tree *tree,
 		     packet_info *pinfo,
+		     kerberos_private_data_t *private_data,
 		     int usage,
 		     int keytype,
 		     tvbuff_t *cryptotvb,
@@ -884,7 +886,8 @@ decrypt_krb5_with_cb(proto_tree *tree,
 		key.key.contents=ek->keyvalue;
 		ret = decrypt_cb_fn(&(key.key), usage, decrypt_cb_data);
 		if(ret == 0) {
-			used_encryption_key(tree, pinfo, ek, usage, cryptotvb);
+			used_encryption_key(tree, pinfo, private_data,
+					    ek, usage, cryptotvb);
 			return 0;
 		}
 	}
@@ -918,12 +921,11 @@ decrypt_krb5_data_cb(const krb5_keyblock *key,
 			      &state->output);
 }
 
-guint8 *
-decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
-					int usage,
-					tvbuff_t *cryptotvb,
-					int keytype,
-					int *datalen)
+static guint8 *
+decrypt_krb5_data_private(proto_tree *tree _U_, packet_info *pinfo,
+			  kerberos_private_data_t *private_data,
+			  int usage, tvbuff_t *cryptotvb, int keytype,
+			  int *datalen)
 {
 	struct decrypt_krb5_data_state state;
 	krb5_error_code ret;
@@ -948,6 +950,7 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
 
 	ret = decrypt_krb5_with_cb(tree,
 				   pinfo,
+				   private_data,
 				   usage,
 				   keytype,
 				   cryptotvb,
@@ -962,6 +965,20 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
 	}
 	return (guint8 *)state.output.data;
 }
+
+guint8 *
+decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
+					int usage,
+					tvbuff_t *cryptotvb,
+					int keytype,
+					int *datalen)
+{
+	kerberos_private_data_t zero_private = { .msg_type = 0, };
+	return decrypt_krb5_data_private(tree, pinfo, &zero_private,
+					 usage, cryptotvb, keytype,
+					 datalen);
+}
+
 USES_APPLE_RST
 
 #ifdef KRB5_CRYPTO_TYPE_SIGN_ONLY
@@ -1106,6 +1123,7 @@ decrypt_krb5_krb_cfx_dce(proto_tree *tree,
 			 tvbuff_t *checksum_tvb)
 {
 	struct decrypt_krb5_krb_cfx_dce_state state;
+	kerberos_private_data_t zero_private = { .msg_type = 0, };
 	tvbuff_t *gssapi_decrypted_tvb = NULL;
 	krb5_error_code ret;
 
@@ -1159,6 +1177,7 @@ decrypt_krb5_krb_cfx_dce(proto_tree *tree,
 
 	ret = decrypt_krb5_with_cb(tree,
 				   pinfo,
+				   &zero_private,
 				   usage,
 				   keytype,
 				   gssapi_encrypted_tvb,
@@ -1384,6 +1403,7 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
 					int keytype,
 					int *datalen)
 {
+	kerberos_private_data_t zero_private = { .msg_type = 0, };
 	krb5_error_code ret;
 	krb5_data data;
 	enc_key_t *ek;
@@ -1434,7 +1454,8 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
 		if((ret == 0) && (length>0)){
 			char *user_data;
 
-			used_encryption_key(tree, pinfo, ek, usage, cryptotvb);
+			used_encryption_key(tree, pinfo, &zero_private,
+					    ek, usage, cryptotvb);
 
 			krb5_crypto_destroy(krb5_ctx, crypto);
 			/* return a private wmem_alloced blob to the caller */
@@ -5387,7 +5408,7 @@ dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_
 
 
 /*--- End of included file: packet-kerberos-fn.c ---*/
-#line 2423 "./asn1/kerberos/packet-kerberos-template.c"
+#line 2444 "./asn1/kerberos/packet-kerberos-template.c"
 
 /* Make wrappers around exported functions for now */
 int
@@ -6675,7 +6696,7 @@ void proto_register_kerberos(void) {
         NULL, HFILL }},
 
 /*--- End of included file: packet-kerberos-hfarr.c ---*/
-#line 2870 "./asn1/kerberos/packet-kerberos-template.c"
+#line 2891 "./asn1/kerberos/packet-kerberos-template.c"
 	};
 
 	/* List of subtrees */
@@ -6771,7 +6792,7 @@ void proto_register_kerberos(void) {
     &ett_kerberos_KrbFastArmoredRep,
 
 /*--- End of included file: packet-kerberos-ettarr.c ---*/
-#line 2889 "./asn1/kerberos/packet-kerberos-template.c"
+#line 2910 "./asn1/kerberos/packet-kerberos-template.c"
 	};
 
 	static ei_register_info ei[] = {
author	Stefan Metzmacher <metze@samba.org>	2020-03-17 10:22:29 +0100
committer	Anders Broman <a.broman58@gmail.com>	2020-03-19 07:34:08 +0000
commit	1579ad0d245f520e7b886d5afcc38034299ba169 (patch)
tree	181a196277d4df6a0fea67bada15211356b047c3
parent	1716352f6f904d688f66c034222b5a86046cf653 (diff)