1 /* packet-kerberos.h 2 * Routines for kerberos packet dissection 3 * Copyright 2007, Anders Broman <anders.broman@ericsson.com> 4 * 5 * Wireshark - Network traffic analyzer 6 * By Gerald Combs <gerald@wireshark.org> 7 * Copyright 1998 Gerald Combs 8 * 9 * SPDX-License-Identifier: GPL-2.0-or-later 10 */ 11 12 #ifndef __PACKET_KERBEROS_H 13 #define __PACKET_KERBEROS_H 14 15 #include "ws_symbol_export.h" 16 17 #ifdef __cplusplus 18 extern "C" { 19 #endif /* __cplusplus */ 20 21 #ifndef KRB5_KU_USAGE_ACCEPTOR_SEAL 22 #define KRB5_KU_USAGE_ACCEPTOR_SEAL 22 23 #endif 24 #ifndef KRB5_KU_USAGE_ACCEPTOR_SIGN 25 #define KRB5_KU_USAGE_ACCEPTOR_SIGN 23 26 #endif 27 #ifndef KRB5_KU_USAGE_INITIATOR_SEAL 28 #define KRB5_KU_USAGE_INITIATOR_SEAL 24 29 #endif 30 #ifndef KRB5_KU_USAGE_INITIATOR_SIGN 31 #define KRB5_KU_USAGE_INITIATOR_SIGN 25 32 #endif 33 34 /* This is a list of callback functions a caller can use to specify that 35 octet strings in kerberos to be passed back to application specific 36 dissectors, outside of kerberos. 37 This is used for dissection of application specific data for PacketCable 38 KRB_SAFE user data and eventually to pass kerberos session keys 39 to future DCERPC decryption and other uses. 40 The list is terminated by {0, NULL } 41 */ 42 #define KRB_CBTAG_SAFE_USER_DATA 1 43 #define KRB_CBTAG_PRIV_USER_DATA 2 44 typedef struct _kerberos_callbacks { 45 int tag; 46 int (*callback)(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree); 47 } kerberos_callbacks; 48 49 /* Function prototypes */ 50 51 gboolean 52 kerberos_is_win2k_pkinit(asn1_ctx_t *actx); 53 54 gint 55 dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean do_col_info, kerberos_callbacks *cb); 56 57 int 58 dissect_krb5_Checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_); 59 60 int 61 dissect_krb5_ctime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_); 62 63 int dissect_krb5_cname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_); 64 int dissect_krb5_realm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_); 65 guint32 kerberos_output_keytype(void); 66 67 guint get_krb_pdu_len(packet_info *, tvbuff_t *tvb, int offset, void *data _U_); 68 69 gint kerberos_rm_to_reclen(guint krb_rm); 70 71 void 72 show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, gint start, guint32 krb_rm); 73 74 int 75 dissect_kerberos_KERB_TICKET_LOGON(tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree); 76 77 #ifdef HAVE_KERBEROS 78 #define KRB_MAX_ORIG_LEN 256 79 #define KRB_MAX_KEY_LENGTH 32 80 /* 81 * "18446744073709551615.18446744073709551615" 82 * sizeof("18446744073709551615") includes '\0', 83 * which is used once for '.' and then for '\0'. 84 */ 85 #define KRB_MAX_ID_STR_LEN (sizeof("18446744073709551615")*2) 86 87 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) 88 typedef struct _enc_key_t { 89 struct _enc_key_t *next; 90 int keytype; 91 int keylength; 92 guint8 keyvalue[KRB_MAX_KEY_LENGTH]; 93 char key_origin[KRB_MAX_ORIG_LEN+1]; 94 int fd_num; /* remember where we learned a key */ 95 guint id; /* a unique id of the key, relative to fd_num */ 96 char id_str[KRB_MAX_ID_STR_LEN+1]; 97 struct _enc_key_t *same_list; 98 guint num_same; 99 struct _enc_key_t *src1; 100 struct _enc_key_t *src2; 101 } enc_key_t; 102 extern enc_key_t *enc_key_list; 103 extern wmem_map_t *kerberos_longterm_keys; 104 105 guint8 * 106 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo, 107 int usage, 108 tvbuff_t *crypototvb, 109 int keytype, 110 int *datalen); 111 112 tvbuff_t * 113 decrypt_krb5_krb_cfx_dce(proto_tree *tree, 114 packet_info *pinfo, 115 int usage, 116 int keytype, 117 tvbuff_t *gssapi_header_tvb, 118 tvbuff_t *gssapi_encrypted_tvb, 119 tvbuff_t *gssapi_trailer_tvb, 120 tvbuff_t *checksum_tvb); 121 122 #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */ 123 124 extern gboolean krb_decrypt; 125 126 #endif /* HAVE_KERBEROS */ 127 128 #ifdef __cplusplus 129 } 130 #endif /* __cplusplus */ 131 132 #include "packet-kerberos-exp.h" 133 134 #endif /* __PACKET_KERBEROS_H */ 135