Add a Kerberos decryption test.

Test Kerberos decryption using files from krb-816.zip on the SampleCaptures page. Change-Id: Ic1360b637ca6a1f6cb86d09a6aebfd7f5ff89419 Reviewed-on: https://code.wireshark.org/review/18275 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Gerald Combs <gerald@wireshark.org> 2016-10-18 15:54:43 +0200
committer: Anders Broman <a.broman58@gmail.com> 2016-10-19 10:07:13 +0000
commit: 59c370440423131e3ef460ca3b8f1f55ca319926 (patch)
tree: cdb19863feefb775c68c3448f06e717bbd96f637
parent: a0e1d282f2d8c87b985a8896a5418dda2894f48c (diff)
4 files changed, 33 insertions, 2 deletions
diff --git a/test/captures/krb-816.pcap.gz b/test/captures/krb-816.pcap.gz
new file mode 100644
index 0000000000..59002a6279
--- /dev/null
+++ b/test/captures/krb-816.pcap.gz
diff --git a/test/config.sh b/test/config.sh
index 36ed52ffad..7a59ecdeec 100755
--- a/test/config.sh
+++ b/test/config.sh
@@ -111,10 +111,15 @@ CAPTURE_DIR="$TESTS_DIR/captures/"
 $TSHARK -v | grep -q "with Lua"
 HAVE_LUA=$?
 
-# Check whether we need to skip a certain decryption test.
+# Check whether we need to skip the HTTP2/HPACK decryption test.
 $TSHARK -v | tr '\n' ' '| grep -q "with nghttp2"
 HAVE_NGHTTP2=$?
 
+# Check whether we need to skip a certain decryption test.
+# XXX What do we print for Nettle?
+$TSHARK -v | tr '\n' ' '| egrep -q "with MIT Kerberos|with Heimdal Kerberos"
+HAVE_KERBEROS=$?
+
 HAVE_ICONV="False"
 hash iconv 2>/dev/null && HAVE_ICONV="True"
 
diff --git a/test/keys/krb-816.keytab b/test/keys/krb-816.keytab
new file mode 100644
index 0000000000..aa0b8f13ff
--- /dev/null
+++ b/test/keys/krb-816.keytab
diff --git a/test/suite-decryption.sh b/test/suite-decryption.sh
index 00e4bf3ce3..8e9e6546f6 100755
--- a/test/suite-decryption.sh
+++ b/test/suite-decryption.sh
@@ -27,7 +27,6 @@
 #   PKCS#12
 #   SNMP
 #   DCERPC NETLOGON
-#   Kerberos
 #   KINK
 #   LDAP
 #   NTLMSSP
@@ -499,6 +498,31 @@ decryption_step_http2() {
 	test_step_ok
 }
 
+# Kerberos
+# Files are from krb-816.zip on the SampleCaptures page.
+KEYTAB_FILE="$TESTS_DIR/keys/krb-816.keytab"
+if [ "$WS_SYSTEM" == "Windows" ] ; then
+	KEYTAB_FILE="`cygpath -w $KEYTAB_FILE`"
+fi
+decryption_step_kerberos() {
+	if [ $HAVE_KERBEROS -ne 0 ]; then
+		test_step_skipped
+		return
+	fi
+	# keyvalue: ccda7d48219f73c3b28311c4ba7242b3
+	$TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
+		-Tfields -e kerberos.keyvalue \
+		-o "kerberos.decrypt: TRUE" \
+		-o "kerberos.file: $KEYTAB_FILE" \
+		-r "$CAPTURE_DIR/krb-816.pcap.gz" \
+		| grep "cc:da:7d:48:21:9f:73:c3:b2:83:11:c4:ba:72:42:b3" > /dev/null 2>&1
+	RETURNVALUE=$?
+	if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+		test_step_failed "Failed to decrypt encrypted with AES-256-GCM-8 packet of IKEv2 exchange"
+		return
+	fi
+	test_step_ok
+}
 
 tshark_decryption_suite() {
 	test_step_add "IEEE 802.11 WPA PSK Decryption" decryption_step_80211_wpa_psk
@@ -531,6 +555,8 @@ tshark_decryption_suite() {
 	test_step_add "IKEv2 Decryption (AES-256-GCM-8)" decryption_step_ikev2_aes256gcm8
 
 	test_step_add "HTTP2 (HPACK)" decryption_step_http2
+
+	test_step_add "Kerberos" decryption_step_kerberos
 }
 
 decryption_cleanup_step() {
author	Gerald Combs <gerald@wireshark.org>	2016-10-18 15:54:43 +0200
committer	Anders Broman <a.broman58@gmail.com>	2016-10-19 10:07:13 +0000
commit	59c370440423131e3ef460ca3b8f1f55ca319926 (patch)
tree	cdb19863feefb775c68c3448f06e717bbd96f637
parent	a0e1d282f2d8c87b985a8896a5418dda2894f48c (diff)