decrypt
authorStefan Metzmacher <metze@samba.org>
Fri, 24 Nov 2017 17:08:44 +0000 (18:08 +0100)
committerStefan Metzmacher <metze@samba.org>
Wed, 17 Oct 2018 14:09:07 +0000 (16:09 +0200)
Change-Id: Ie39ca944a7adfecdfd0ae74afff7fbec746147d6

epan/dissectors/packet-nmf.c

index 44710e37c199badb73511d0bc8b756cd9cfd9ffd..217388e46ceba6a2dad0d5c0974aa1c69cf89a12 100644 (file)
@@ -22,6 +22,7 @@
 
 #include "config.h"
 
+#include <wsutil/str_util.h>
 #include <epan/packet.h>
 #include <epan/prefs.h>
 #include <epan/proto_data.h>
@@ -40,6 +41,7 @@ static dissector_handle_t gssapi_wrap_handle;
 static int proto_nmf = -1;
 
 static gint ett_nmf = -1;
+static gint ett_nmf_payload = -1;
 
 static int hf_nmf_record = -1;
 static int hf_nmf_record_type = -1;
@@ -367,20 +369,97 @@ dissect_nmf_pdu(tvbuff_t *tvb, packet_info *pinfo,
                proto_item *item = proto_tree_get_parent(tree);
                guint32 len = 0;
                int offset = 0;
+               tvbuff_t *gssapi_tvb = NULL;
 
                len = tvb_get_guint32(tvb, offset, ENC_LITTLE_ENDIAN);
                proto_tree_add_item(tree, hf_nmf_negotiate_length,
                                    tvb, offset, 4, ENC_LITTLE_ENDIAN);
                offset += 4;
 
-               col_set_str(pinfo->cinfo, COL_INFO, "NMF Protected");
+               col_set_str(pinfo->cinfo, COL_INFO, "NMF GSSAPI");
                col_add_fstr(pinfo->cinfo, COL_INFO,
                             "Protected Packet len: %u (0x%x)",
                             (unsigned)len, (unsigned)len);
                proto_item_append_text(item, ", Protected Packet len: %u (0x%x)",
                                (unsigned)len, (unsigned)len);
 
+               gssapi_tvb = tvb_new_subset_length(tvb, offset, len);
                offset += len;
+       {
+        tvbuff_t *plain_tvb = NULL, *decr_tvb= NULL;
+        int ver_len;
+        gssapi_encrypt_info_t gssapi_encrypt;
+
+        /* Attempt decryption of the GSSAPI wrapped data if possible */
+        gssapi_encrypt.gssapi_data_encrypted = FALSE;
+        gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
+        gssapi_encrypt.gssapi_wrap_tvb=NULL;
+        gssapi_encrypt.gssapi_encrypted_tvb=NULL;
+        gssapi_encrypt.gssapi_decrypted_tvb=NULL;
+        ver_len = call_dissector_with_data(gssapi_wrap_handle, gssapi_tvb,
+                                          pinfo, tree, &gssapi_encrypt);
+        /* if we could unwrap, do a tvb shuffle */
+        if(gssapi_encrypt.gssapi_decrypted_tvb){
+          decr_tvb=gssapi_encrypt.gssapi_decrypted_tvb;
+        } else if (gssapi_encrypt.gssapi_wrap_tvb) {
+          plain_tvb=gssapi_encrypt.gssapi_wrap_tvb;
+        }
+
+        /*
+        * if len is 0 it probably mean that we got a PDU that is not
+        * aligned to the start of the segment.
+        */
+        if(ver_len==0){
+//          return;
+        }
+
+        /*
+        * if we don't have unwrapped data,
+        * see if the wrapping involved encryption of the
+        * data; if not, just use the plaintext data.
+        */
+        if (!decr_tvb && !plain_tvb) {
+          if(!gssapi_encrypt.gssapi_data_encrypted){
+            plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len);
+          }
+        }
+
+        if (decr_tvb) {
+          proto_tree *enc_tree = NULL;
+          guint decr_len = tvb_reported_length(decr_tvb);
+
+          col_set_str(pinfo->cinfo, COL_INFO, "NMF GSS-API Privacy (decrypted): ");
+
+          if (tree) {
+            enc_tree = proto_tree_add_subtree_format(tree, decr_tvb, 0, -1,
+              ett_nmf_payload, NULL, "GSS-API Encrypted payload (%d byte%s)",
+              decr_len, plurality(decr_len, "", "s"));
+          }
+         proto_tree_add_format_text(enc_tree, decr_tvb, 0, decr_len);
+          //dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, is_mscldap);
+        } else if (plain_tvb) {
+          proto_tree *plain_tree = NULL;
+          guint plain_len = tvb_reported_length(plain_tvb);
+
+          col_set_str(pinfo->cinfo, COL_INFO, "NMF GSS-API Integrity: ");
+
+          if (tree) {
+            plain_tree = proto_tree_add_subtree_format(tree, plain_tvb, 0, -1,
+              ett_nmf_payload, NULL, "GSS-API payload (%d byte%s)",
+              plain_len, plurality(plain_len, "", "s"));
+          }
+
+         proto_tree_add_format_text(plain_tree, plain_tvb, 0, plain_len);
+          //dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, is_mscldap);
+        } else {
+          col_add_fstr(pinfo->cinfo, COL_INFO, "NMF GSS-API Privacy: payload (%d byte%s)",
+            len,
+            plurality(len, "", "s"));
+
+         proto_tree_add_format_text(tree, gssapi_tvb, 0, len);
+//          proto_tree_add_item(sasl_tree, hf_ldap_gssapi_encrypted_payload, gssapi_tvb, ver_len, -1, ENC_NA);
+        }
+    }
                return offset;
        }
 
@@ -464,6 +543,7 @@ void proto_register_nmf(void)
 {
        static gint *ett[] = {
                &ett_nmf,
+               &ett_nmf_payload,
        };
        static hf_register_info hf[] = {
        { &hf_nmf_record,