diff options
| author | Stefan Metzmacher <metze@samba.org> | 2020-03-17 10:50:15 +0100 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2020-03-19 07:57:44 +0000 |
| commit | e59c89b58f36621c690c8171cc0e6b93beaae422 (patch) | |
| tree | 476705ad0a0751a6f272ff86ee6e67218aa12bd4 | |
| parent | 1579ad0d245f520e7b886d5afcc38034299ba169 (diff) | |
packet-kerberos: split out a decrypt_krb5_data_asn1() helper function
If decrypt_krb5_data_private() is available we use it directly in order
to pass down kerberos_private_data_t.
Change-Id: I864d3e7d9adda454c96384d7b146ec774cd05d5f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36491
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
| -rw-r--r-- | epan/dissectors/asn1/kerberos/packet-kerberos-template.c | 50 | ||||
| -rw-r--r-- | epan/dissectors/packet-kerberos.c | 56 |
2 files changed, 63 insertions, 43 deletions
diff --git a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c index 9be4c2e19a..a53f1c3f62 100644 --- a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c +++ b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c @@ -518,6 +518,7 @@ decrypt_krb5_data_private(proto_tree *tree _U_, packet_info *pinfo, int usage, tvbuff_t *cryptotvb, int keytype, int *datalen) { +#define HAVE_DECRYPT_KRB5_DATA_PRIVATE 1 struct decrypt_krb5_data_state state; krb5_error_code ret; int length = tvb_captured_length(cryptotvb); @@ -1580,13 +1581,29 @@ static const true_false_string tfs_gss_flags_dce_style = { }; #ifdef HAVE_KERBEROS +static guint8 * +decrypt_krb5_data_asn1(proto_tree *tree, asn1_ctx_t *actx, + int usage, tvbuff_t *cryptotvb, int *datalen) +{ + kerberos_private_data_t *private_data = kerberos_get_private_data(actx); + +#ifdef HAVE_DECRYPT_KRB5_DATA_PRIVATE + return decrypt_krb5_data_private(tree, actx->pinfo, private_data, + usage, cryptotvb, + private_data->etype, + datalen); +#else + return decrypt_krb5_data(tree, actx->pinfo, usage, cryptotvb, + private_data->etype, datalen); +#endif +} + static int dissect_krb5_decrypt_ticket_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -1596,7 +1613,7 @@ dissect_krb5_decrypt_ticket_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offse * 7.5.1 * All Ticket encrypted parts use usage == 2 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 2, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 2, next_tvb, NULL); if(plaintext){ tvbuff_t *child_tvb; @@ -1616,7 +1633,6 @@ dissect_krb5_decrypt_authenticator_data (gboolean imp_tag _U_, tvbuff_t *tvb, in { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -1628,10 +1644,10 @@ dissect_krb5_decrypt_authenticator_data (gboolean imp_tag _U_, tvbuff_t *tvb, in * == 7 or * == 11 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 7, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 7, next_tvb, NULL); if(!plaintext){ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 11, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 11, next_tvb, NULL); } if(plaintext){ @@ -1652,7 +1668,6 @@ dissect_krb5_decrypt_authorization_data(gboolean imp_tag _U_, tvbuff_t *tvb, int { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -1664,10 +1679,10 @@ dissect_krb5_decrypt_authorization_data(gboolean imp_tag _U_, tvbuff_t *tvb, int * == 5 or * == 4 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 5, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 5, next_tvb, NULL); if(!plaintext){ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 4, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 4, next_tvb, NULL); } if(plaintext){ @@ -1688,7 +1703,6 @@ dissect_krb5_decrypt_KDC_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offs { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -1701,14 +1715,14 @@ dissect_krb5_decrypt_KDC_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offs * == 8 or * == 9 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 3, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 3, next_tvb, NULL); if(!plaintext){ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 8, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 8, next_tvb, NULL); } if(!plaintext){ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 9, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 9, next_tvb, NULL); } if(plaintext){ @@ -1729,7 +1743,6 @@ dissect_krb5_decrypt_PA_ENC_TIMESTAMP (gboolean imp_tag _U_, tvbuff_t *tvb, int { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -1740,7 +1753,7 @@ dissect_krb5_decrypt_PA_ENC_TIMESTAMP (gboolean imp_tag _U_, tvbuff_t *tvb, int * AS-REQ PA_ENC_TIMESTAMP are encrypted with usage * == 1 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 1, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 1, next_tvb, NULL); if(plaintext){ tvbuff_t *child_tvb; @@ -1760,7 +1773,6 @@ dissect_krb5_decrypt_AP_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offse { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -1770,7 +1782,7 @@ dissect_krb5_decrypt_AP_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offse * 7.5.1 * AP-REP are encrypted with usage == 12 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 12, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 12, next_tvb, NULL); if(plaintext){ tvbuff_t *child_tvb; @@ -1790,7 +1802,6 @@ dissect_krb5_decrypt_PRIV_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -1800,7 +1811,7 @@ dissect_krb5_decrypt_PRIV_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, * EncKrbPrivPart encrypted with usage * == 13 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 13, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 13, next_tvb, NULL); if(plaintext){ tvbuff_t *child_tvb; @@ -1820,7 +1831,6 @@ dissect_krb5_decrypt_CRED_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -1830,7 +1840,7 @@ dissect_krb5_decrypt_CRED_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, * EncKrbCredPart encrypted with usage * == 14 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 14, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 14, next_tvb, NULL); if(plaintext){ tvbuff_t *child_tvb; diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c index debeef2be8..544c976299 100644 --- a/epan/dissectors/packet-kerberos.c +++ b/epan/dissectors/packet-kerberos.c @@ -927,6 +927,7 @@ decrypt_krb5_data_private(proto_tree *tree _U_, packet_info *pinfo, int usage, tvbuff_t *cryptotvb, int keytype, int *datalen) { +#define HAVE_DECRYPT_KRB5_DATA_PRIVATE 1 struct decrypt_krb5_data_state state; krb5_error_code ret; int length = tvb_captured_length(cryptotvb); @@ -1989,13 +1990,29 @@ static const true_false_string tfs_gss_flags_dce_style = { }; #ifdef HAVE_KERBEROS +static guint8 * +decrypt_krb5_data_asn1(proto_tree *tree, asn1_ctx_t *actx, + int usage, tvbuff_t *cryptotvb, int *datalen) +{ + kerberos_private_data_t *private_data = kerberos_get_private_data(actx); + +#ifdef HAVE_DECRYPT_KRB5_DATA_PRIVATE + return decrypt_krb5_data_private(tree, actx->pinfo, private_data, + usage, cryptotvb, + private_data->etype, + datalen); +#else + return decrypt_krb5_data(tree, actx->pinfo, usage, cryptotvb, + private_data->etype, datalen); +#endif +} + static int dissect_krb5_decrypt_ticket_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -2005,7 +2022,7 @@ dissect_krb5_decrypt_ticket_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offse * 7.5.1 * All Ticket encrypted parts use usage == 2 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 2, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 2, next_tvb, NULL); if(plaintext){ tvbuff_t *child_tvb; @@ -2025,7 +2042,6 @@ dissect_krb5_decrypt_authenticator_data (gboolean imp_tag _U_, tvbuff_t *tvb, in { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -2037,10 +2053,10 @@ dissect_krb5_decrypt_authenticator_data (gboolean imp_tag _U_, tvbuff_t *tvb, in * == 7 or * == 11 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 7, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 7, next_tvb, NULL); if(!plaintext){ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 11, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 11, next_tvb, NULL); } if(plaintext){ @@ -2061,7 +2077,6 @@ dissect_krb5_decrypt_authorization_data(gboolean imp_tag _U_, tvbuff_t *tvb, int { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -2073,10 +2088,10 @@ dissect_krb5_decrypt_authorization_data(gboolean imp_tag _U_, tvbuff_t *tvb, int * == 5 or * == 4 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 5, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 5, next_tvb, NULL); if(!plaintext){ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 4, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 4, next_tvb, NULL); } if(plaintext){ @@ -2097,7 +2112,6 @@ dissect_krb5_decrypt_KDC_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offs { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -2110,14 +2124,14 @@ dissect_krb5_decrypt_KDC_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offs * == 8 or * == 9 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 3, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 3, next_tvb, NULL); if(!plaintext){ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 8, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 8, next_tvb, NULL); } if(!plaintext){ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 9, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 9, next_tvb, NULL); } if(plaintext){ @@ -2138,7 +2152,6 @@ dissect_krb5_decrypt_PA_ENC_TIMESTAMP (gboolean imp_tag _U_, tvbuff_t *tvb, int { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -2149,7 +2162,7 @@ dissect_krb5_decrypt_PA_ENC_TIMESTAMP (gboolean imp_tag _U_, tvbuff_t *tvb, int * AS-REQ PA_ENC_TIMESTAMP are encrypted with usage * == 1 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 1, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 1, next_tvb, NULL); if(plaintext){ tvbuff_t *child_tvb; @@ -2169,7 +2182,6 @@ dissect_krb5_decrypt_AP_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offse { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -2179,7 +2191,7 @@ dissect_krb5_decrypt_AP_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offse * 7.5.1 * AP-REP are encrypted with usage == 12 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 12, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 12, next_tvb, NULL); if(plaintext){ tvbuff_t *child_tvb; @@ -2199,7 +2211,6 @@ dissect_krb5_decrypt_PRIV_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -2209,7 +2220,7 @@ dissect_krb5_decrypt_PRIV_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, * EncKrbPrivPart encrypted with usage * == 13 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 13, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 13, next_tvb, NULL); if(plaintext){ tvbuff_t *child_tvb; @@ -2229,7 +2240,6 @@ dissect_krb5_decrypt_CRED_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, { guint8 *plaintext; int length; - kerberos_private_data_t *private_data = kerberos_get_private_data(actx); tvbuff_t *next_tvb; next_tvb=tvb_new_subset_remaining(tvb, offset); @@ -2239,7 +2249,7 @@ dissect_krb5_decrypt_CRED_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, * EncKrbCredPart encrypted with usage * == 14 */ - plaintext=decrypt_krb5_data(tree, actx->pinfo, 14, next_tvb, private_data->etype, NULL); + plaintext=decrypt_krb5_data_asn1(tree, actx, 14, next_tvb, NULL); if(plaintext){ tvbuff_t *child_tvb; @@ -5408,7 +5418,7 @@ dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_ /*--- End of included file: packet-kerberos-fn.c ---*/ -#line 2444 "./asn1/kerberos/packet-kerberos-template.c" +#line 2454 "./asn1/kerberos/packet-kerberos-template.c" /* Make wrappers around exported functions for now */ int @@ -6696,7 +6706,7 @@ void proto_register_kerberos(void) { NULL, HFILL }}, /*--- End of included file: packet-kerberos-hfarr.c ---*/ -#line 2891 "./asn1/kerberos/packet-kerberos-template.c" +#line 2901 "./asn1/kerberos/packet-kerberos-template.c" }; /* List of subtrees */ @@ -6792,7 +6802,7 @@ void proto_register_kerberos(void) { &ett_kerberos_KrbFastArmoredRep, /*--- End of included file: packet-kerberos-ettarr.c ---*/ -#line 2910 "./asn1/kerberos/packet-kerberos-template.c" +#line 2920 "./asn1/kerberos/packet-kerberos-template.c" }; static ei_register_info ei[] = { |