diff options
author | Stefan Metzmacher <metze@samba.org> | 2020-03-17 10:22:29 +0100 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2020-03-19 07:34:08 +0000 |
commit | 1579ad0d245f520e7b886d5afcc38034299ba169 (patch) | |
tree | 181a196277d4df6a0fea67bada15211356b047c3 | |
parent | 1716352f6f904d688f66c034222b5a86046cf653 (diff) |
packet-kerberos: split out a decrypt_krb5_data_private() function
This allows passing 'kerberos_private_data_t' down to
used_encryption_key(). This will be used in order
to implement Kerberos FAST decryption.
For now we'll pass a zeroed kerberos_private_data_t,
but in future code can use decrypt_krb5_data_private()
directly and pass in the result of
kerberos_get_private_data(actx).
Change-Id: Iffdd3c3168eca3ed90cfa0a924248df9fac98a0c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36490
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
-rw-r--r-- | epan/dissectors/asn1/kerberos/packet-kerberos-template.c | 37 | ||||
-rw-r--r-- | epan/dissectors/packet-kerberos.c | 43 |
2 files changed, 61 insertions, 19 deletions
diff --git a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c index b77f2296d2..9be4c2e19a 100644 --- a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c +++ b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c @@ -333,6 +333,7 @@ add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *k } static void used_encryption_key(proto_tree *tree, packet_info *pinfo, + kerberos_private_data_t *private_data _U_, enc_key_t *ek, int usage, tvbuff_t *cryptotvb) { proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype, @@ -449,6 +450,7 @@ read_keytab_file(const char *filename) static krb5_error_code decrypt_krb5_with_cb(proto_tree *tree, packet_info *pinfo, + kerberos_private_data_t *private_data, int usage, int keytype, tvbuff_t *cryptotvb, @@ -475,7 +477,8 @@ decrypt_krb5_with_cb(proto_tree *tree, key.key.contents=ek->keyvalue; ret = decrypt_cb_fn(&(key.key), usage, decrypt_cb_data); if(ret == 0) { - used_encryption_key(tree, pinfo, ek, usage, cryptotvb); + used_encryption_key(tree, pinfo, private_data, + ek, usage, cryptotvb); return 0; } } @@ -509,12 +512,11 @@ decrypt_krb5_data_cb(const krb5_keyblock *key, &state->output); } -guint8 * -decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, - int usage, - tvbuff_t *cryptotvb, - int keytype, - int *datalen) +static guint8 * +decrypt_krb5_data_private(proto_tree *tree _U_, packet_info *pinfo, + kerberos_private_data_t *private_data, + int usage, tvbuff_t *cryptotvb, int keytype, + int *datalen) { struct decrypt_krb5_data_state state; krb5_error_code ret; @@ -539,6 +541,7 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, ret = decrypt_krb5_with_cb(tree, pinfo, + private_data, usage, keytype, cryptotvb, @@ -553,6 +556,20 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, } return (guint8 *)state.output.data; } + +guint8 * +decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, + int usage, + tvbuff_t *cryptotvb, + int keytype, + int *datalen) +{ + kerberos_private_data_t zero_private = { .msg_type = 0, }; + return decrypt_krb5_data_private(tree, pinfo, &zero_private, + usage, cryptotvb, keytype, + datalen); +} + USES_APPLE_RST #ifdef KRB5_CRYPTO_TYPE_SIGN_ONLY @@ -697,6 +714,7 @@ decrypt_krb5_krb_cfx_dce(proto_tree *tree, tvbuff_t *checksum_tvb) { struct decrypt_krb5_krb_cfx_dce_state state; + kerberos_private_data_t zero_private = { .msg_type = 0, }; tvbuff_t *gssapi_decrypted_tvb = NULL; krb5_error_code ret; @@ -750,6 +768,7 @@ decrypt_krb5_krb_cfx_dce(proto_tree *tree, ret = decrypt_krb5_with_cb(tree, pinfo, + &zero_private, usage, keytype, gssapi_encrypted_tvb, @@ -975,6 +994,7 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, int keytype, int *datalen) { + kerberos_private_data_t zero_private = { .msg_type = 0, }; krb5_error_code ret; krb5_data data; enc_key_t *ek; @@ -1025,7 +1045,8 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, if((ret == 0) && (length>0)){ char *user_data; - used_encryption_key(tree, pinfo, ek, usage, cryptotvb); + used_encryption_key(tree, pinfo, &zero_private, + ek, usage, cryptotvb); krb5_crypto_destroy(krb5_ctx, crypto); /* return a private wmem_alloced blob to the caller */ diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c index e671933c9c..debeef2be8 100644 --- a/epan/dissectors/packet-kerberos.c +++ b/epan/dissectors/packet-kerberos.c @@ -742,6 +742,7 @@ add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *k } static void used_encryption_key(proto_tree *tree, packet_info *pinfo, + kerberos_private_data_t *private_data _U_, enc_key_t *ek, int usage, tvbuff_t *cryptotvb) { proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype, @@ -858,6 +859,7 @@ read_keytab_file(const char *filename) static krb5_error_code decrypt_krb5_with_cb(proto_tree *tree, packet_info *pinfo, + kerberos_private_data_t *private_data, int usage, int keytype, tvbuff_t *cryptotvb, @@ -884,7 +886,8 @@ decrypt_krb5_with_cb(proto_tree *tree, key.key.contents=ek->keyvalue; ret = decrypt_cb_fn(&(key.key), usage, decrypt_cb_data); if(ret == 0) { - used_encryption_key(tree, pinfo, ek, usage, cryptotvb); + used_encryption_key(tree, pinfo, private_data, + ek, usage, cryptotvb); return 0; } } @@ -918,12 +921,11 @@ decrypt_krb5_data_cb(const krb5_keyblock *key, &state->output); } -guint8 * -decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, - int usage, - tvbuff_t *cryptotvb, - int keytype, - int *datalen) +static guint8 * +decrypt_krb5_data_private(proto_tree *tree _U_, packet_info *pinfo, + kerberos_private_data_t *private_data, + int usage, tvbuff_t *cryptotvb, int keytype, + int *datalen) { struct decrypt_krb5_data_state state; krb5_error_code ret; @@ -948,6 +950,7 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, ret = decrypt_krb5_with_cb(tree, pinfo, + private_data, usage, keytype, cryptotvb, @@ -962,6 +965,20 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, } return (guint8 *)state.output.data; } + +guint8 * +decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, + int usage, + tvbuff_t *cryptotvb, + int keytype, + int *datalen) +{ + kerberos_private_data_t zero_private = { .msg_type = 0, }; + return decrypt_krb5_data_private(tree, pinfo, &zero_private, + usage, cryptotvb, keytype, + datalen); +} + USES_APPLE_RST #ifdef KRB5_CRYPTO_TYPE_SIGN_ONLY @@ -1106,6 +1123,7 @@ decrypt_krb5_krb_cfx_dce(proto_tree *tree, tvbuff_t *checksum_tvb) { struct decrypt_krb5_krb_cfx_dce_state state; + kerberos_private_data_t zero_private = { .msg_type = 0, }; tvbuff_t *gssapi_decrypted_tvb = NULL; krb5_error_code ret; @@ -1159,6 +1177,7 @@ decrypt_krb5_krb_cfx_dce(proto_tree *tree, ret = decrypt_krb5_with_cb(tree, pinfo, + &zero_private, usage, keytype, gssapi_encrypted_tvb, @@ -1384,6 +1403,7 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, int keytype, int *datalen) { + kerberos_private_data_t zero_private = { .msg_type = 0, }; krb5_error_code ret; krb5_data data; enc_key_t *ek; @@ -1434,7 +1454,8 @@ decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, if((ret == 0) && (length>0)){ char *user_data; - used_encryption_key(tree, pinfo, ek, usage, cryptotvb); + used_encryption_key(tree, pinfo, &zero_private, + ek, usage, cryptotvb); krb5_crypto_destroy(krb5_ctx, crypto); /* return a private wmem_alloced blob to the caller */ @@ -5387,7 +5408,7 @@ dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_ /*--- End of included file: packet-kerberos-fn.c ---*/ -#line 2423 "./asn1/kerberos/packet-kerberos-template.c" +#line 2444 "./asn1/kerberos/packet-kerberos-template.c" /* Make wrappers around exported functions for now */ int @@ -6675,7 +6696,7 @@ void proto_register_kerberos(void) { NULL, HFILL }}, /*--- End of included file: packet-kerberos-hfarr.c ---*/ -#line 2870 "./asn1/kerberos/packet-kerberos-template.c" +#line 2891 "./asn1/kerberos/packet-kerberos-template.c" }; /* List of subtrees */ @@ -6771,7 +6792,7 @@ void proto_register_kerberos(void) { &ett_kerberos_KrbFastArmoredRep, /*--- End of included file: packet-kerberos-ettarr.c ---*/ -#line 2889 "./asn1/kerberos/packet-kerberos-template.c" +#line 2910 "./asn1/kerberos/packet-kerberos-template.c" }; static ei_register_info ei[] = { |