Add a Kerberos decryption test.
authorGerald Combs <gerald@wireshark.org>
Tue, 18 Oct 2016 13:54:43 +0000 (15:54 +0200)
committerAnders Broman <a.broman58@gmail.com>
Wed, 19 Oct 2016 10:07:13 +0000 (10:07 +0000)
Test Kerberos decryption using files from krb-816.zip on the
SampleCaptures page.

Change-Id: Ic1360b637ca6a1f6cb86d09a6aebfd7f5ff89419
Reviewed-on: https://code.wireshark.org/review/18275
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
test/captures/krb-816.pcap.gz [new file with mode: 0644]
test/config.sh
test/keys/krb-816.keytab [new file with mode: 0644]
test/suite-decryption.sh

diff --git a/test/captures/krb-816.pcap.gz b/test/captures/krb-816.pcap.gz
new file mode 100644 (file)
index 0000000..59002a6
Binary files /dev/null and b/test/captures/krb-816.pcap.gz differ
index 36ed52ffad84b0a8a0855782a8d05556b860899b..7a59ecdeecb4c87ff5468940cea4f5569695abb9 100755 (executable)
@@ -111,10 +111,15 @@ CAPTURE_DIR="$TESTS_DIR/captures/"
 $TSHARK -v | grep -q "with Lua"
 HAVE_LUA=$?
 
-# Check whether we need to skip a certain decryption test.
+# Check whether we need to skip the HTTP2/HPACK decryption test.
 $TSHARK -v | tr '\n' ' '| grep -q "with nghttp2"
 HAVE_NGHTTP2=$?
 
+# Check whether we need to skip a certain decryption test.
+# XXX What do we print for Nettle?
+$TSHARK -v | tr '\n' ' '| egrep -q "with MIT Kerberos|with Heimdal Kerberos"
+HAVE_KERBEROS=$?
+
 HAVE_ICONV="False"
 hash iconv 2>/dev/null && HAVE_ICONV="True"
 
diff --git a/test/keys/krb-816.keytab b/test/keys/krb-816.keytab
new file mode 100644 (file)
index 0000000..aa0b8f1
Binary files /dev/null and b/test/keys/krb-816.keytab differ
index 00e4bf3ce311302998a87ed458031d56c26d1909..8e9e6546f6a7ad85ee8705d4639174351bcad32d 100755 (executable)
@@ -27,7 +27,6 @@
 #   PKCS#12
 #   SNMP
 #   DCERPC NETLOGON
-#   Kerberos
 #   KINK
 #   LDAP
 #   NTLMSSP
@@ -499,6 +498,31 @@ decryption_step_http2() {
        test_step_ok
 }
 
+# Kerberos
+# Files are from krb-816.zip on the SampleCaptures page.
+KEYTAB_FILE="$TESTS_DIR/keys/krb-816.keytab"
+if [ "$WS_SYSTEM" == "Windows" ] ; then
+       KEYTAB_FILE="`cygpath -w $KEYTAB_FILE`"
+fi
+decryption_step_kerberos() {
+       if [ $HAVE_KERBEROS -ne 0 ]; then
+               test_step_skipped
+               return
+       fi
+       # keyvalue: ccda7d48219f73c3b28311c4ba7242b3
+       $TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
+               -Tfields -e kerberos.keyvalue \
+               -o "kerberos.decrypt: TRUE" \
+               -o "kerberos.file: $KEYTAB_FILE" \
+               -r "$CAPTURE_DIR/krb-816.pcap.gz" \
+               | grep "cc:da:7d:48:21:9f:73:c3:b2:83:11:c4:ba:72:42:b3" > /dev/null 2>&1
+       RETURNVALUE=$?
+       if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+               test_step_failed "Failed to decrypt encrypted with AES-256-GCM-8 packet of IKEv2 exchange"
+               return
+       fi
+       test_step_ok
+}
 
 tshark_decryption_suite() {
        test_step_add "IEEE 802.11 WPA PSK Decryption" decryption_step_80211_wpa_psk
@@ -531,6 +555,8 @@ tshark_decryption_suite() {
        test_step_add "IKEv2 Decryption (AES-256-GCM-8)" decryption_step_ikev2_aes256gcm8
 
        test_step_add "HTTP2 (HPACK)" decryption_step_http2
+
+       test_step_add "Kerberos" decryption_step_kerberos
 }
 
 decryption_cleanup_step() {