#define KRB5_KU_USAGE_INITIATOR_SIGN 25
static void
-decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff_t *tvb _U_, guint16 ec _U_, guint16 rrc _U_, int keytype, unsigned int usage)
+decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
+ packet_info *pinfo,
+ tvbuff_t *checksum_tvb,
+ tvbuff_t *encrypted_tvb,
+ guint16 ec,
+ guint16 rrc,
+ gboolean is_dce,
+ int keytype,
+ unsigned int usage)
{
int res;
char *rotated;
return;
}
- rotated = ep_alloc(tvb_length(tvb));
+ datalen = tvb_length(checksum_tvb) + tvb_length(encrypted_tvb);
+ rotated = ep_alloc(datalen);
- tvb_memcpy(tvb, rotated, 0, tvb_length(tvb));
- res = rrc_rotate(rotated, tvb_length(tvb), rrc, TRUE);
+ tvb_memcpy(checksum_tvb, rotated,
+ 0, tvb_length(checksum_tvb));
+ tvb_memcpy(encrypted_tvb, rotated + tvb_length(checksum_tvb),
+ 0, tvb_length(encrypted_tvb));
- next_tvb=tvb_new_child_real_data(tvb, rotated, tvb_length(tvb), tvb_reported_length(tvb));
+ if (is_dce) {
+ rrc += ec;
+ }
+
+ res = rrc_rotate(rotated, datalen, rrc, TRUE);
+
+ next_tvb=tvb_new_child_real_data(encrypted_tvb, rotated,
+ datalen, datalen);
add_new_data_source(pinfo, next_tvb, "GSSAPI CFX");
output = decrypt_krb5_data(tree, pinfo, usage, next_tvb,
if (output) {
char *outdata;
- outdata = ep_alloc(tvb_length(tvb));
- memcpy(outdata, output, tvb_length(tvb));
+ outdata = ep_alloc(tvb_length(encrypted_tvb));
+ memcpy(outdata, output, tvb_length(encrypted_tvb));
g_free(output);
- pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb,
+ pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(encrypted_tvb,
outdata,
- datalen-16,
- datalen-16);
+ tvb_length(encrypted_tvb),
+ tvb_length(encrypted_tvb));
add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
return;
}
}
#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
- pinfo->gssapi_encrypted_tvb = tvb_new_subset_remaining(tvb, 16);
+{
+ tvbuff_t *checksum_tvb = tvb_new_subset(tvb, 16, checksum_size, checksum_size);
- if (flags & 0x0002) {
+ if (pinfo->gssapi_data_encrypted) {
if(pinfo->gssapi_encrypted_tvb){
decrypt_gssapi_krb_cfx_wrap(tree,
pinfo,
+ checksum_tvb,
pinfo->gssapi_encrypted_tvb,
ec,
rrc,
+ (pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE)?TRUE:FALSE,
-1,
(flags & 0x0001)?
KRB5_KU_USAGE_ACCEPTOR_SEAL:
KRB5_KU_USAGE_INITIATOR_SEAL);
}
}
+}
#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
/*
git.samba.org / metze / wireshark / wip.git / blobdiff