typedef struct {
guint32 msg_type;
+ GSList *used_keys;
+ GSList *derived_keys;
+ GSList *ticket_keys;
+ GSList *kdc_session_keys;
gboolean is_win2k_pkinit;
guint32 errorcode;
gboolean try_nt_status;
static expert_field ei_kerberos_missing_keytype = EI_INIT;
static expert_field ei_kerberos_decrypted_keytype = EI_INIT;
static expert_field ei_kerberos_learnt_keytype = EI_INIT;
+static expert_field ei_kerberos_derived_keytype = EI_INIT;
+static expert_field ei_kerberos_ticket_key = EI_INIT;
+static expert_field ei_kerberos_kdc_session_key = EI_INIT;
+static expert_field ei_kerberos_app_session_key = EI_INIT;
static expert_field ei_kerberos_address = EI_INIT;
static expert_field ei_krb_gssapi_dlglen = EI_INIT;
int parent_hf_index,
int hf_index)
{
+ kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+
save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
+
+ if (private_data->last_added_key == NULL) {
+ return;
+ }
+
+ switch (private_data->msg_type) {
+ case KERBEROS_APPLICATIONS_AS_REP:
+ private_data->kdc_session_keys = g_slist_append(private_data->kdc_session_keys,
+ private_data->last_added_key);
+ break;
+ case KERBEROS_APPLICATIONS_TGS_REP:
+ private_data->kdc_session_keys = g_slist_append(private_data->kdc_session_keys,
+ private_data->last_added_key);
+ break;
+ }
}
static void
int parent_hf_index,
int hf_index)
{
+ kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+
save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
+
+ if (private_data->last_added_key != NULL) {
+ private_data->ticket_keys = g_slist_append(private_data->ticket_keys,
+ private_data->last_added_key);
+ }
}
static void
proto_item *item = NULL;
enc_key_t *sek = NULL;
+ if (ek->src1 != NULL) {
+ sek = ek->src1;
+ proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_derived_keytype,
+ cryptotvb, 0, 0,
+ "SRC1 %s keytype %d (%02x%02x%02x%02x...)",
+ sek->key_origin,
+ sek->keytype,
+ sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
+ sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
+ private_data->used_keys = g_slist_append(private_data->used_keys, sek);
+ }
+ if (ek->src2 != NULL) {
+ sek = ek->src2;
+ proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_derived_keytype,
+ cryptotvb, 0, 0,
+ "SRC2 %s keytype %d (%02x%02x%02x%02x...)",
+ sek->key_origin,
+ sek->keytype,
+ sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
+ sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
+ private_data->used_keys = g_slist_append(private_data->used_keys, sek);
+ }
item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype,
cryptotvb, 0, 0,
"Decrypted keytype %d usage %d "
{ &ei_kerberos_missing_keytype, { "kerberos.missing_keytype", PI_DECRYPTION, PI_WARN, "Missing keytype", EXPFILL }},
{ &ei_kerberos_decrypted_keytype, { "kerberos.decrypted_keytype", PI_SECURITY, PI_CHAT, "Decryted keytype", EXPFILL }},
{ &ei_kerberos_learnt_keytype, { "kerberos.learnt_keytype", PI_SECURITY, PI_CHAT, "Learnt keytype", EXPFILL }},
+ { &ei_kerberos_derived_keytype, { "kerberos.derived_keytype", PI_SECURITY, PI_CHAT, "Derived keytype", EXPFILL }},
+ { &ei_kerberos_ticket_key, { "kerberos.ticket_keytype", PI_SECURITY, PI_CHAT, "Ticket keytype", EXPFILL }},
+ { &ei_kerberos_kdc_session_key, { "kerberos.kdc_session_keytype", PI_SECURITY, PI_CHAT, "KDC keytype", EXPFILL }},
+ { &ei_kerberos_app_session_key, { "kerberos.app_session_keytype", PI_SECURITY, PI_CHAT, "Application keytype", EXPFILL }},
{ &ei_kerberos_address, { "kerberos.address.unknown", PI_UNDECODED, PI_WARN, "KRB Address: I don't know how to parse this type of address yet", EXPFILL }},
{ &ei_krb_gssapi_dlglen, { "kerberos.gssapi.dlglen.error", PI_MALFORMED, PI_ERROR, "DlgLen is not the same as number of bytes remaining", EXPFILL }},
};