}
return;
}
+
+/* borrowed from heimdal */
+static int
+rrc_rotate(void *data, int len, guint16 rrc, int unrotate)
+{
+ u_char *tmp, buf[256];
+ size_t left;
+
+ if (len == 0)
+ return 0;
+
+ rrc %= len;
+
+ if (rrc == 0)
+ return 0;
+
+ left = len - rrc;
+
+ if (rrc <= sizeof(buf)) {
+ tmp = buf;
+ } else {
+ tmp = malloc(rrc);
+ if (tmp == NULL)
+ return -1;
+ }
+
+ if (unrotate) {
+ memcpy(tmp, data, rrc);
+ memmove(data, (u_char *)data + rrc, left);
+ memcpy((u_char *)data + left, tmp, rrc);
+ } else {
+ memcpy(tmp, (u_char *)data + left, rrc);
+ memmove((u_char *)data + rrc, data, left);
+ memcpy(data, tmp, rrc);
+ }
+
+ if (rrc > sizeof(buf))
+ free(tmp);
+
+ return 0;
+}
+
+
+#define KRB5_KU_USAGE_ACCEPTOR_SEAL 22
+#define KRB5_KU_USAGE_ACCEPTOR_SIGN 23
+#define KRB5_KU_USAGE_INITIATOR_SEAL 24
+#define KRB5_KU_USAGE_INITIATOR_SIGN 25
+
+static void
+decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff_t *tvb _U_, guint16 ec _U_, guint16 rrc _U_, int keytype, unsigned int usage)
+{
+ int res;
+ char *rotated;
+ char *output;
+ int datalen;
+
+ /* dont do anything if we are not attempting to decrypt data */
+ if(!krb_decrypt){
+ return;
+ }
+
+ rotated = ep_alloc(tvb_length(tvb));
+
+ tvb_memcpy(tvb, rotated, 0, tvb_length(tvb));
+ res = rrc_rotate(rotated, tvb_length(tvb), rrc, TRUE);
+
+ output = decrypt_krb5_data(tree, pinfo, usage, tvb_length(tvb),
+ rotated, keytype, &datalen);
+
+ if (output) {
+ char *outdata;
+
+ outdata = ep_alloc(tvb_length(tvb));
+ memcpy(outdata, output, tvb_length(tvb));
+ g_free(output);
+
+ pinfo->gssapi_decrypted_tvb=tvb_new_real_data(
+ outdata,
+ datalen-16,
+ datalen-16);
+ tvb_set_child_real_data_tvbuff(tvb, pinfo->gssapi_decrypted_tvb);
+ add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
+ return;
+ }
+ return;
+}
+
#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
#endif
/*
- * XXX - This is for GSSAPI Wrap tokens ...
+ * This is for GSSAPI Wrap tokens ...
*/
static int
dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
}
/*
- * XXX - This is for GSSAPI CFX Wrap tokens ...
+ * This is for GSSAPI CFX Wrap tokens ...
*/
static int
dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
}
}
+#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
+ pinfo->gssapi_encrypted_tvb = tvb_new_subset(tvb, 16, -1, -1);
+
+ if (flags & 0x0002) {
+ if(pinfo->gssapi_encrypted_tvb){
+ decrypt_gssapi_krb_cfx_wrap(tree,
+ pinfo,
+ pinfo->gssapi_encrypted_tvb,
+ ec,
+ rrc,
+ -1,
+ (flags & 0x0001)?
+ KRB5_KU_USAGE_ACCEPTOR_SEAL:
+ KRB5_KU_USAGE_INITIATOR_SEAL);
+ }
+ }
+#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
+
/*
* Return the offset past the checksum, so that we know where
* the data we're wrapped around starts. Also, set the length
#ifdef HAVE_KERBEROS
/* Decrypt Kerberos blobs */
-static gboolean krb_decrypt = FALSE;
+gboolean krb_decrypt = FALSE;
/* keytab filename */
static const char *keytab_filename = "insert filename here";
if(pinfo->fd->flags.visited){
return;
}
-printf("added key in %u\n",pinfo->fd->num);
+printf("added key in %u keytype:%d len:%d\n",pinfo->fd->num, keytype, keylength);
new_key=g_malloc(sizeof(enc_key_t));
g_snprintf(new_key->key_origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %u",origin,pinfo->fd->num);
int usage,
int length,
const guint8 *cryptotext,
- int keytype)
+ int keytype,
+ int *datalen)
{
static int first_time=1;
krb5_error_code ret;
krb5_enc_data input;
/* shortcircuit and bail out if enctypes are not matching */
- if(ek->keytype!=keytype){
+ if((keytype != -1) && (ek->keytype != keytype)) {
continue;
}
if((ret == 0) && (length>0)){
char *user_data;
-printf("woohoo decrypted keytype:%d in frame:%u\n", keytype, pinfo->fd->num);
+printf("woohoo decrypted keytype:%d in frame:%u\n", ek->keytype, pinfo->fd->num);
proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
/* return a private g_malloced blob to the caller */
user_data=g_malloc(data.length);
memcpy(user_data, data.data, data.length);
+ if (datalen) {
+ *datalen = data.length;
+ }
return user_data;
}
}
krb5_keytab keytab;
krb5_error_code ret;
krb5_keytab_entry key;
- krb5_error_code ret;
krb5_kt_cursor cursor;
enc_key_t *new_key;
static int first_time=1;
int usage,
int length,
const guint8 *cryptotext,
- int keytype)
+ int keytype,
+ int *datalen)
{
static int first_time=1;
krb5_error_code ret;
guint8 *cryptocopy; /* workaround for pre-0.6.1 heimdal bug */
/* shortcircuit and bail out if enctypes are not matching */
- if(ek->keytype!=keytype){
+ if((keytype != -1) && (ek->keytype != keytype)) {
continue;
}
if((ret == 0) && (length>0)){
char *user_data;
-printf("woohoo decrypted keytype:%d in frame:%u\n", keytype, pinfo->fd->num);
+printf("woohoo decrypted keytype:%d in frame:%u\n", ek->keytype, pinfo->fd->num);
proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
krb5_crypto_destroy(krb5_ctx, crypto);
/* return a private g_malloced blob to the caller */
user_data=g_malloc(data.length);
memcpy(user_data, data.data, data.length);
+ if (datalen) {
+ *datalen = data.length;
+ }
return user_data;
}
krb5_crypto_destroy(krb5_ctx, crypto);
int _U_ usage,
int length,
const guint8 *cryptotext,
- int keytype)
+ int keytype,
+ int *datalen)
{
tvbuff_t *encr_tvb;
guint8 *decrypted_data = NULL, *plaintext = NULL;
tvb_memcpy(encr_tvb, plaintext, CONFOUNDER_PLUS_CHECKSUM, data_len);
tvb_free(encr_tvb);
+ if (datalen) {
+ *datalen = data_len;
+ }
g_free(decrypted_data);
return(plaintext);
}
* == 1
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 1, length, tvb_get_ptr(tvb, offset, length), PA_ENC_TIMESTAMP_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 1, length, tvb_get_ptr(tvb, offset, length), PA_ENC_TIMESTAMP_etype, NULL);
}
if(plaintext){
length=tvb_length_remaining(tvb, offset);
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 13, length, tvb_get_ptr(tvb, offset, length), PRIV_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 13, length, tvb_get_ptr(tvb, offset, length), PRIV_etype, NULL);
}
if(plaintext){
* == 14
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 14, length, tvb_get_ptr(tvb, offset, length), EncKrbCredPart_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 14, length, tvb_get_ptr(tvb, offset, length), EncKrbCredPart_etype, NULL);
}
if(plaintext){
if a sub-session key is used, or 4 if the session key is used.
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 4, length, tvb_get_ptr(tvb, offset, length), enc_authorization_data_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 4, length, tvb_get_ptr(tvb, offset, length), enc_authorization_data_etype, NULL);
}
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 5, length, tvb_get_ptr(tvb, offset, length), enc_authorization_data_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 5, length, tvb_get_ptr(tvb, offset, length), enc_authorization_data_etype, NULL);
}
if(plaintext){
* == 11
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 7, length, tvb_get_ptr(tvb, offset, length), authenticator_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 7, length, tvb_get_ptr(tvb, offset, length), authenticator_etype, NULL);
}
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 11, length, tvb_get_ptr(tvb, offset, length), authenticator_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 11, length, tvb_get_ptr(tvb, offset, length), authenticator_etype, NULL);
}
if(plaintext){
* 7.5.1
* All Ticket encrypted parts use usage == 2
*/
- if( (plaintext=decrypt_krb5_data(tree, actx->pinfo, 2, length, tvb_get_ptr(tvb, offset, length), Ticket_etype)) ){
+ if( (plaintext=decrypt_krb5_data(tree, actx->pinfo, 2, length, tvb_get_ptr(tvb, offset, length), Ticket_etype, NULL)) ){
tvbuff_t *next_tvb;
next_tvb = tvb_new_real_data (plaintext,
length,
* == 11
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 12, length, tvb_get_ptr(tvb, offset, length), AP_REP_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 12, length, tvb_get_ptr(tvb, offset, length), AP_REP_etype, NULL);
}
if(plaintext){
* == 9
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 3, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 3, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype, NULL);
}
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 8, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 8, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype, NULL);
}
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 9, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 9, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype, NULL);
}
if(plaintext){
}
return;
}
+
+/* borrowed from heimdal */
+static int
+rrc_rotate(void *data, int len, guint16 rrc, int unrotate)
+{
+ u_char *tmp, buf[256];
+ size_t left;
+
+ if (len == 0)
+ return 0;
+
+ rrc %= len;
+
+ if (rrc == 0)
+ return 0;
+
+ left = len - rrc;
+
+ if (rrc <= sizeof(buf)) {
+ tmp = buf;
+ } else {
+ tmp = malloc(rrc);
+ if (tmp == NULL)
+ return -1;
+ }
+
+ if (unrotate) {
+ memcpy(tmp, data, rrc);
+ memmove(data, (u_char *)data + rrc, left);
+ memcpy((u_char *)data + left, tmp, rrc);
+ } else {
+ memcpy(tmp, (u_char *)data + left, rrc);
+ memmove((u_char *)data + rrc, data, left);
+ memcpy(data, tmp, rrc);
+ }
+
+ if (rrc > sizeof(buf))
+ free(tmp);
+
+ return 0;
+}
+
+
+#define KRB5_KU_USAGE_ACCEPTOR_SEAL 22
+#define KRB5_KU_USAGE_ACCEPTOR_SIGN 23
+#define KRB5_KU_USAGE_INITIATOR_SEAL 24
+#define KRB5_KU_USAGE_INITIATOR_SIGN 25
+
+static void
+decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff_t *tvb _U_, guint16 ec _U_, guint16 rrc _U_, int keytype, unsigned int usage)
+{
+ int res;
+ char *rotated;
+ char *output;
+ int datalen;
+
+ /* dont do anything if we are not attempting to decrypt data */
+ if(!krb_decrypt){
+ return;
+ }
+
+ rotated = ep_alloc(tvb_length(tvb));
+
+ tvb_memcpy(tvb, rotated, 0, tvb_length(tvb));
+ res = rrc_rotate(rotated, tvb_length(tvb), rrc, TRUE);
+
+ output = decrypt_krb5_data(tree, pinfo, usage, tvb_length(tvb),
+ rotated, keytype, &datalen);
+
+ if (output) {
+ char *outdata;
+
+ outdata = ep_alloc(tvb_length(tvb));
+ memcpy(outdata, output, tvb_length(tvb));
+ g_free(output);
+
+ pinfo->gssapi_decrypted_tvb=tvb_new_real_data(
+ outdata,
+ datalen-16,
+ datalen-16);
+ tvb_set_child_real_data_tvbuff(tvb, pinfo->gssapi_decrypted_tvb);
+ add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
+ return;
+ }
+ return;
+}
+
#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
#endif
/*
- * XXX - This is for GSSAPI Wrap tokens ...
+ * This is for GSSAPI Wrap tokens ...
*/
static int
dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
}
/*
- * XXX - This is for GSSAPI CFX Wrap tokens ...
+ * This is for GSSAPI CFX Wrap tokens ...
*/
static int
dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
}
}
+#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
+ pinfo->gssapi_encrypted_tvb = tvb_new_subset(tvb, 16, -1, -1);
+
+ if (flags & 0x0002) {
+ if(pinfo->gssapi_encrypted_tvb){
+ decrypt_gssapi_krb_cfx_wrap(tree,
+ pinfo,
+ pinfo->gssapi_encrypted_tvb,
+ ec,
+ rrc,
+ -1,
+ (flags & 0x0001)?
+ KRB5_KU_USAGE_ACCEPTOR_SEAL:
+ KRB5_KU_USAGE_INITIATOR_SEAL);
+ }
+ }
+#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
+
/*
* Return the offset past the checksum, so that we know where
* the data we're wrapped around starts. Also, set the length
"", HFILL }},
/*--- End of included file: packet-spnego-hfarr.c ---*/
-#line 1274 "packet-spnego-template.c"
+#line 1379 "packet-spnego-template.c"
};
/* List of subtrees */
&ett_spnego_InitialContextToken_U,
/*--- End of included file: packet-spnego-ettarr.c ---*/
-#line 1284 "packet-spnego-template.c"
+#line 1389 "packet-spnego-template.c"
};
/* Register protocol */