← Back to branch summary

~ubuntu-branches/ubuntu/gutsy/wireshark/gutsy-security

« back to all changes in this revision

Viewing changes to asn1/spnego/packet-spnego-template.c

  • Committer: Bazaar Package Importer
  • Author(s): Frederic Peters
  • Date: 2007-04-01 08:58:40 UTC
  • mfrom: (1.1.3 upstream)
  • Revision ID: james.westby@ubuntu.com-20070401085840-or3qhrpv8alt1bwg
Tags: 0.99.5-1
* New upstream release.
* debian/patches/09_idl2wrs.dpatch: updated to patch idl2wrs.sh.in.

Show diffs side-by-side

added added

removed removed

Lines of Context:
asn1/spnego/packet-spnego-template.c
7
7
 * Copyright 2005, Ronnie Sahlberg (krb decryption)
8
8
 * Copyright 2005, Anders Broman (converted to asn2wrs generated dissector)
9
9
 *
10
 
 * $Id: packet-spnego-template.c 18214 2006-05-23 15:17:14Z kukosa $
 
10
 * $Id: packet-spnego-template.c 20359 2007-01-09 22:14:07Z gerald $
11
11
 *
12
12
 * Wireshark - Network traffic analyzer
13
13
 * By Gerald Combs <gerald@wireshark.org>
40
40
#include "packet-dcerpc.h"
41
41
#include "packet-gssapi.h"
42
42
#include "packet-kerberos.h"
43
 
#include <epan/crypt-rc4.h>
 
43
#include <epan/crypt/crypt-rc4.h>
44
44
#include <epan/conversation.h>
45
45
#include <epan/emem.h>
46
46
 
99
99
#include "packet-spnego-fn.c"
100
100
/*
101
101
 * This is the SPNEGO KRB5 dissector. It is not true KRB5, but some ASN.1
102
 
 * wrapped blob with an OID, USHORT token ID, and a Ticket, that is also 
 
102
 * wrapped blob with an OID, USHORT token ID, and a Ticket, that is also
103
103
 * ASN.1 wrapped by the looks of it. It conforms to RFC1964.
104
 
 */ 
 
104
 */
105
105
 
106
106
#define KRB_TOKEN_AP_REQ                0x0001
107
107
#define KRB_TOKEN_AP_REP                0x0002
171
171
        gint32 tag;
172
172
        guint32 len;
173
173
 
174
 
        item = proto_tree_add_item(tree, hf_spnego_krb5, tvb, offset, 
 
174
        item = proto_tree_add_item(tree, hf_spnego_krb5, tvb, offset,
175
175
                                   -1, FALSE);
176
176
 
177
177
        subtree = proto_item_add_subtree(item, ett_spnego_krb5);
181
181
         * [APPLICATION 0] {
182
182
         *   OID,
183
183
         *   USHORT (0x0001 == AP-REQ, 0x0002 == AP-REP, 0x0003 == ERROR),
184
 
         *   OCTET STRING } 
 
184
         *   OCTET STRING }
185
185
         *
186
186
         * However, for some protocols, the KRB5 blob starts at the SHORT
187
187
         * and has no DER encoded header etc.
264
264
        case KRB_TOKEN_AP_REQ:
265
265
        case KRB_TOKEN_AP_REP:
266
266
        case KRB_TOKEN_AP_ERR:
267
 
          krb5_tvb = tvb_new_subset(tvb, offset, -1, -1); 
 
267
          krb5_tvb = tvb_new_subset(tvb, offset, -1, -1);
268
268
          offset = dissect_kerberos_main(krb5_tvb, pinfo, subtree, FALSE, NULL);
269
269
          break;
270
270
 
271
271
        case KRB_TOKEN_GETMIC:
272
 
          offset = dissect_spnego_krb5_getmic_base(tvb, offset, pinfo, subtree); 
 
272
          offset = dissect_spnego_krb5_getmic_base(tvb, offset, pinfo, subtree);
273
273
          break;
274
274
 
275
275
        case KRB_TOKEN_WRAP:
290
290
}
291
291
 
292
292
#ifdef HAVE_KERBEROS
293
 
#include <epan/crypt-md5.h>
 
293
#include <epan/crypt/crypt-md5.h>
294
294
 
295
295
#ifndef KEYTYPE_ARCFOUR_56
296
296
# define KEYTYPE_ARCFOUR_56 24
315
315
 
316
316
        memcpy(L40 + 10, T, sizeof(T));
317
317
        md5_hmac(
318
 
                L40, 14,  
 
318
                L40, 14,
319
319
                key_data,
320
 
                key_size, 
 
320
                key_size,
321
321
                k5_data);
322
322
        memset(&k5_data[7], 0xAB, 9);
323
323
    } else {
324
324
        md5_hmac(
325
 
                T, 4,  
 
325
                T, 4,
326
326
                key_data,
327
327
                key_size,
328
328
                k5_data);
329
329
    }
330
330
 
331
331
    md5_hmac(
332
 
        cksum_data, cksum_size,  
 
332
        cksum_data, cksum_size,
333
333
        k5_data,
334
 
        16, 
 
334
        16,
335
335
        key6_data);
336
336
 
337
337
    return 0;
370
370
    unsigned char digest[16];
371
371
    int rc4_usage;
372
372
    guint8 cksum[16];
373
 
    
 
373
 
374
374
    rc4_usage=usage2arcfour(usage);
375
 
    md5_hmac(signature, sizeof(signature), 
376
 
                key_data, key_length, 
 
375
    md5_hmac(signature, sizeof(signature),
 
376
                key_data, key_length,
377
377
                ksign_c);
378
378
    md5_init(&ms);
379
379
    t[0] = (rc4_usage >>  0) & 0xFF;
396
396
 * Verify padding of a gss wrapped message and return its length.
397
397
 */
398
398
static int
399
 
gssapi_verify_pad(unsigned char *wrapped_data, int wrapped_length, 
 
399
gssapi_verify_pad(unsigned char *wrapped_data, int wrapped_length,
400
400
                   size_t datalen,
401
401
                   size_t *padlen)
402
402
{
460
460
 
461
461
    {
462
462
        rc4_state_struct rc4_state;
463
 
        
 
463
 
464
464
        crypt_rc4_init(&rc4_state, k6_data, sizeof(k6_data));
465
465
        memcpy(SND_SEQ, (unsigned char *)tvb_get_ptr(pinfo->gssapi_wrap_tvb, 8, 8), 8);
466
466
        crypt_rc4(&rc4_state, SND_SEQ, 8);
502
502
        memcpy(output_message_buffer, input_message_buffer, datalen);
503
503
        crypt_rc4(&rc4_state, output_message_buffer, datalen);
504
504
    } else {
505
 
        memcpy(Confounder, 
506
 
                tvb_get_ptr(pinfo->gssapi_wrap_tvb, 24, 8), 
 
505
        memcpy(Confounder,
 
506
                tvb_get_ptr(pinfo->gssapi_wrap_tvb, 24, 8),
507
507
                8); /* Confounder */
508
 
        memcpy(output_message_buffer, 
509
 
                input_message_buffer, 
 
508
        memcpy(output_message_buffer,
 
509
                input_message_buffer,
510
510
                datalen);
511
511
    }
512
512
    memset(k6_data, 0, sizeof(k6_data));
524
524
    if(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_NORMAL){
525
525
        ret = arcfour_mic_cksum(key_value, key_size,
526
526
                            KRB5_KU_USAGE_SEAL,
527
 
                            cksum_data, 
 
527
                            cksum_data,
528
528
                            tvb_get_ptr(pinfo->gssapi_wrap_tvb, 0, 8), 8,
529
529
                            Confounder, sizeof(Confounder),
530
 
                            output_message_buffer, 
 
530
                            output_message_buffer,
531
531
                            datalen + padlen);
532
532
        if (ret) {
533
533
            return -10;
534
534
        }
535
535
 
536
 
        cmp = memcmp(cksum_data, 
 
536
        cmp = memcmp(cksum_data,
537
537
            tvb_get_ptr(pinfo->gssapi_wrap_tvb, 16, 8),
538
538
            8); /* SGN_CKSUM */
539
539
        if (cmp) {
646
646
        /*
647
647
         * The KRB5 blob conforms to RFC1964:
648
648
         *   USHORT (0x0102 == GSS_Wrap)
649
 
         *   and so on } 
 
649
         *   and so on }
650
650
         */
651
651
 
652
652
        /* Now, the sign and seal algorithms ... */
707
707
                        int len;
708
708
                        len=tvb_reported_length_remaining(tvb,offset);
709
709
                        if(len>tvb_length_remaining(tvb, offset)){
710
 
                                /* no point in trying to decrypt, 
 
710
                                /* no point in trying to decrypt,
711
711
                                   we dont have the full pdu.
712
712
                                */
713
713
                                return offset;
715
715
                        pinfo->gssapi_encrypted_tvb = tvb_new_subset(
716
716
                                        tvb, offset, len, len);
717
717
                }
718
 
                        
 
718
 
719
719
                /* if this is KRB5 wrapped rc4-hmac */
720
720
                if((token_id==KRB_TOKEN_WRAP)
721
721
                 &&(sgn_alg==KRB_SGN_ALG_HMAC)
736
736
                                23 /* rc4-hmac */);
737
737
#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
738
738
                }
739
 
        }       
 
739
        }
740
740
#endif
741
741
        /*
742
742
         * Return the offset past the checksum, so that we know where
743
743
         * the data we're wrapped around starts.  Also, set the length
744
744
         * of our top-level item to that offset, so it doesn't cover
745
745
         * the data we're wrapped around.
746
 
         * 
 
746
         *
747
747
         * Note that for DCERPC the GSSAPI blobs comes after the data it wraps,
748
748
         * not before.
749
749
         */
761
761
        /*
762
762
         * The KRB5 blob conforms to RFC1964:
763
763
         *   USHORT (0x0101 == GSS_GetMIC)
764
 
         *   and so on } 
 
764
         *   and so on }
765
765
         */
766
766
 
767
767
        /* Now, the sign algorithm ... */
842
842
        /*
843
843
         * The KRB5 blob conforms to RFC1964:
844
844
         *   USHORT (0x0102 == GSS_Wrap)
845
 
         *   and so on } 
 
845
         *   and so on }
846
846
         */
847
847
 
848
848
        /* First, the token ID ... */
883
883
         */
884
884
 
885
885
 
886
 
        item = proto_tree_add_item(tree, hf_spnego, tvb, offset, 
 
886
        item = proto_tree_add_item(tree, hf_spnego, tvb, offset,
887
887
                                   -1, FALSE);
888
888
 
889
889
        subtree = proto_item_add_subtree(item, ett_spnego);
927
927
                                             pinfo->destport, 0);
928
928
 
929
929
            if (conversation) {
930
 
                next_level_value = conversation_get_proto_data(conversation, 
 
930
                next_level_value = conversation_get_proto_data(conversation,
931
931
                                                               proto_spnego);
932
932
                if (next_level_value)
933
933
                    p_add_proto_data(pinfo->fd, proto_spnego, next_level_value);
934
934
            }
935
935
        }
936
936
 
937
 
        item = proto_tree_add_item(parent_tree, hf_spnego, tvb, offset, 
 
937
        item = proto_tree_add_item(parent_tree, hf_spnego, tvb, offset,
938
938
                                   -1, FALSE);
939
939
 
940
940
        subtree = proto_item_add_subtree(item, ett_spnego);
986
986
                  { "krb5_blob", "spnego.krb5.blob", FT_BYTES,
987
987
                    BASE_NONE, NULL, 0, "krb5_blob", HFILL }},
988
988
                { &hf_spnego_krb5_oid,
989
 
                  { "KRB5 OID", "spnego.krb5_oid", FT_STRING, 
 
989
                  { "KRB5 OID", "spnego.krb5_oid", FT_STRING,
990
990
                    BASE_NONE, NULL, 0, "KRB5 OID", HFILL }},
991
991
                { &hf_spnego_krb5_tok_id,
992
992
                  { "krb5_tok_id", "spnego.krb5.tok_id", FT_UINT16, BASE_HEX,