We prefer pinfo->pool over the global wmem_packet_scope() now. Convert a
few more asn1 dissectors. After this commit, just three asn1 dissectors
remain.
Part 1/2 as the commits were too big for CI.
Largely find/replace, with a few manual tweaks. Then regenerate the asn1
dissector sources and make sure everything still builds. There are a
handful of cases I skipped as too complex, but this covers most of the
asn1 dissectors.
We use some private functions from MIT kerberos:
- krb5_free_enc_tkt_part()
- decode_krb5_enc_tkt_part()
- encode_krb5_enc_tkt_part()
but we already do that for krb5int_c_mandatory_cksumtype(),
which is newer than the above functions.
We use all of them only under HAVE_KRB5_PAC_VERIFY,
so we don't seem to need additional configure tests.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Improve script by ignoring common contractions, dealing with
e.g. \n within strings, and finding multiple concatenated words even
when no camelCase is used.
Also includes some actual spelling fixes.
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
FreeBSD defines constants such as KRB5_KU_USAGE_ACCEPTOR_SEAL
as part of the krb5_key_usage struct. Having such a defines
causes a clash that breaks the compilation. The struct needs to be
included first.
Error:
In file included from ./asn1/kerberos/packet-kerberos-template.c:413:
/usr/include/krb5.h:255:5: error: expected identifier
KRB5_KU_USAGE_ACCEPTOR_SEAL = 22,
^
./asn1/kerberos/packet-kerberos-template.h:22:41: note: expanded from macro 'KRB5_KU_USAGE_ACCEPTOR_SEAL'
#define KRB5_KU_USAGE_ACCEPTOR_SEAL 22
^
Change-Id: Ic241f2b6a2c01e7bd6c84d05e509f12e738ab2ac
Reviewed-on: https://code.wireshark.org/review/37358
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
FreeBSD shows a combination of define cases that make the function
missing_encryption_key unused. Put it in the right define scope.
Change-Id: Icf226f134ffa7624a7daf709c302c29acfffe95e
Reviewed-on: https://code.wireshark.org/review/37360
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
You are in a twisty little maze of #ifdefs, all different.
Change-Id: I4c82efe27e840919c7bf19a035abe90cd84e0fbd
Reviewed-on: https://code.wireshark.org/review/37367
Reviewed-by: Guy Harris <gharris@sonic.net>
Error:
./asn1/kerberos/packet-kerberos-template.c:109:2: error: unknown type name ‘enc_key_t’
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_EncryptionKey’:
./asn1/kerberos/kerberos.cnf:386:7: error: unused variable ‘start_offset’ [-Werror=unused-variable]
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_authenticator_subkey’:
./asn1/kerberos/kerberos.cnf:406:42: error: ‘save_Authenticator_subkey’ undeclared (first use in this function); did you mean ‘hf_kerberos_authenticator_subkey’?
./asn1/kerberos/kerberos.cnf:406:42: note: each undeclared identifier is reported only once for each function it appears in
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_encTicketPart_key’:
./asn1/kerberos/kerberos.cnf:445:42: error: ‘save_EncTicketPart_key’ undeclared (first use in this function); did you mean ‘hf_kerberos_encTicketPart_key’?
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_encKDCRepPart_key’:
./asn1/kerberos/kerberos.cnf:435:42: error: ‘save_EncKDCRepPart_key’ undeclared (first use in this function); did you mean ‘hf_kerberos_encKDCRepPart_key’?
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_encAPRepPart_subkey’:
./asn1/kerberos/kerberos.cnf:416:42: error: ‘save_EncAPRepPart_subkey’ undeclared (first use in this function); did you mean ‘hf_kerberos_encAPRepPart_subkey’?
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_krbCredInfo_key’:
./asn1/kerberos/kerberos.cnf:455:42: error: ‘save_KrbCredInfo_key’ undeclared (first use in this function); did you mean ‘hf_kerberos_krbCredInfo_key’?
cc1: all warnings being treated as errors
Change-Id: Ib9e38c3d745dd8a12ac8e4691918770a8b876727
Reviewed-on: https://code.wireshark.org/review/37313
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This improves the performance a lot if you have a keytab with a lot of
entries (e.g. for a whole domain).
GSSKRB5 decryption should only try the subkey of the AP-Rep.
We could further optimize this and remember the key
on the cenversation after the first success, but
that's for another day.
Change-Id: I405e41e7d90073d569fcbeec4b4188453a251000
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37323
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have completely separate definitions of krb5_fast_key(); the one used if
we don't have krb5_c_fx_cf2_simple() declares *all* parameters as
unused, as it's a stub routine.
Change-Id: I828c8d8f60634fcf537c2822f1a1c5db33ea2798
Reviewed-on: https://code.wireshark.org/review/37321
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
We already know about the top level message type.
So we only need an autodetection for the TGS-REP.
We could also avoid that, but that would need state to
match TGS-REQ with TGS-REP.
But if we client used FAST and we got a strengthen_key,
we're sure an authenticator subkey was used.
Windows don't use an authenticator subkey without FAST,
but heimdal does.
For now try 8 before 9 in order to avoid overhead and false
positives for the 'kerberos.missing_keytype' filter in pure
windows captures.
Change-Id: If974dda735cd2aa5b1920c26309e5e2081723e4f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37299
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I28bdf176818401c1e4e6ef15cf808e502fcf4989
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37300
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We already know a few details in order to avoid the autodetection.
This avoids overhead and false positives for the
'kerberos.missing_keytype' filter.
Change-Id: I8a15fa41d2a56df3fb26de046a401bf43a876b79
Reviewed-on: https://code.wireshark.org/review/37298
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's useful to see which decryption keys are missing!
The "kerberos.missing_keytype" filter can be used to find all of them.
It's also useful to see which key_map was is in used
and how many decryption attempts were tried.
This should also allow future optimizations in
order to avoid decryption attempts based on the usage
and more detailed key maps.
Change-Id: Ie0302454e29a65aa00ddac79839aac8ec63fa290
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37297
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently this is only available for MIT Kerberos, but it
should be possible to implement the same using
krb5_crypto_fx_cf2() from Heimdal.
Change-Id: Ic3327dfde770f9345485bf97e2ac6045b909b64e
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36472
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This gives a useful overview.
Change-Id: I39aaa8cf5de6fa3788c674355675873f2212b78f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37292
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This way we can avoid zero_private on the stack.
Change-Id: Iea7ed7e1cd6d0616b0e72aeff489549efd13e4f4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37291
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That makes it easier to match them.
Change-Id: I29b9d69415d82a1ea7df275a89a413c2fd460b1f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37289
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For now we use kerberos_all_keys, but in future we may select the
map based on passed usage.
Change-Id: I1f29e97aa60a41be3694b75bc4353b3a5dae0eae
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37288
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will be used temporary in order to replace
enc_key_list until we maintain/use separate lists.
Note that this will use wmem_file_scope(), but it
will get the longterm keys filled in when needed.
In the long run, we'll use more detailed lists
and use optimizations depending on the key usage.
Change-Id: If654dcfbc9ec8742eadbbb82b97a23fe8403022d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37287
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Here it's enough to try longterm keys from the keytab.
Change-Id: I4d98fd7aa456c5cf2ca175cdcefc0ad1a4a8be2d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37286
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will replace enc_key_list in the long run,
but will hold only keytabb entries, as that's what
the consumers outside of packet-kerberos.c are using.
Change-Id: Iba0436a0c1754232f0363cb1e9a905ac7c22986f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37285
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the long run we'll remove enc_key_list and use a wmem_map instead.
Change-Id: I50a0a32eea4cb21bf2bcb5e97ed8eab6b847a75d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37283
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With AES-256 we need 32 bytes, there's no need to use allocated memory.
Change-Id: Ibbb99523c00f167d0b4dce95f038707855964bde
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37282
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The id is relative to the frame number, -1 means "keytab".
A key with a lower value means it was learned before
a key with a higher value.
This will make it easier to match keys, between learning and using.
Change-Id: I7b44626b4724dbd541c4702e3b9aa9350d809b08
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37279
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For the MIT/Heimdal case we'll add much more details in future,
this step just passed down the required information.
Change-Id: I8c2ef732a66ca63931ee0481952014b6c460e0d2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37273
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This constructs more more useful origin names.
It also allows specific handling of each key type in future.
Change-Id: Ife959a39a0e5b3ef806c6f34f66128732b64536e
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37272
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It makes it easier to see what is actually decrypted.
Change-Id: I6c1378f93d32dc31cedc6d901069fa9c30438d61
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37269
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If decrypt_krb5_data_private() is available we use it directly in order
to pass down kerberos_private_data_t.
Change-Id: I864d3e7d9adda454c96384d7b146ec774cd05d5f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36491
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows passing 'kerberos_private_data_t' down to
used_encryption_key(). This will be used in order
to implement Kerberos FAST decryption.
For now we'll pass a zeroed kerberos_private_data_t,
but in future code can use decrypt_krb5_data_private()
directly and pass in the result of
kerberos_get_private_data(actx).
Change-Id: Iffdd3c3168eca3ed90cfa0a924248df9fac98a0c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36490
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I2b95bc257762cc8734386171da1bf574220c4530
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36469
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For now we don't dissect the details, but it's already useful,
if they are not unknown elements.
Change-Id: I38b521262b688ba0afbbb9c58b99c3b50dbd2b24
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36467
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We need to dissect them differently...
Change-Id: Idb6d65800b1787b9cb6fca2630373547b9b7b1bc
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36466
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Evan Huus