search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / asn1 / pkcs12 / packet-pkcs12-template.c
blob661f1b5f8ed83246eeb8e6ea8765b2f68bf3e07f
1 /* packet-pkcs12.c
2 * Routines for PKCS#12: Personal Information Exchange packet dissection
3 * Graeme Lunt 2006
4 *
5 * See "PKCS #12 v1.1: Personal Information Exchange Syntax":
6 *
7 * http://www.emc.com/emc-plus/rsa-labs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
8 *
9 * Wireshark - Network traffic analyzer
10 * By Gerald Combs <gerald@wireshark.org>
11 * Copyright 1998 Gerald Combs
12 *
13 * SPDX-License-Identifier: GPL-2.0-or-later
14 */
15
16 #include "config.h"
17
18 #include <epan/packet.h>
19 #include <epan/expert.h>
20 #include <epan/oids.h>
21 #include <epan/asn1.h>
22 #include <epan/prefs.h>
23 #include <wsutil/array.h>
24
25 #include "packet-ber.h"
26 #include "packet-pkcs12.h"
27 #include "packet-x509af.h"
28 #include "packet-x509if.h"
29 #include "packet-cms.h"
30
31 #include <wsutil/wsgcrypt.h>
32
33 #define PNAME "PKCS#12: Personal Information Exchange"
34 #define PSNAME "PKCS12"
35 #define PFNAME "pkcs12"
36
37 #define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
38 #define PKCS12_PBE_3DES_SHA1_OID "1.2.840.113549.1.12.1.3"
39 #define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
40
41 void proto_register_pkcs12(void);
42 void proto_reg_handoff_pkcs12(void);
43
44 /* Initialize the protocol and registered fields */
45 static int proto_pkcs12;
46
47 static int hf_pkcs12_X509Certificate_PDU;
48 static int hf_pkcs12_AuthenticatedSafe_PDU; /* AuthenticatedSafe */
49 static int ett_decrypted_pbe;
50
51 static expert_field ei_pkcs12_octet_string_expected;
52
53
54 static const char *object_identifier_id;
55 static int iteration_count;
56 static tvbuff_t *salt;
57 static const char *password;
58 static bool try_null_password;
59
60 static int dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data);
61 static int dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data);
62 static int dissect_PrivateKeyInfo_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
63
64 #include "packet-pkcs12-hf.c"
65
66 /* Initialize the subtree pointers */
67 #include "packet-pkcs12-ett.c"
68
69 static void append_oid(wmem_allocator_t *pool, proto_tree *tree, const char *oid)
70 {
71 const char *name = NULL;
72
73 name = oid_resolved_from_string(pool, oid);
74 proto_item_append_text(tree, " (%s)", name ? name : oid);
75 }
76
77 static int
78 generate_key_or_iv(packet_info *pinfo, unsigned int id, tvbuff_t *salt_tvb, unsigned int iter,
79 const char *pw, unsigned int req_keylen, char * keybuf)
80 {
81 int rc;
82 unsigned int i, j;
83 gcry_md_hd_t md;
84 gcry_mpi_t num_b1 = NULL;
85 size_t pwlen;
86 char hash[20], buf_b[64], buf_i[128], *p;
87 char *salt_p;
88 int salt_size;
89 size_t cur_keylen;
90 size_t n;
91 gcry_error_t err;
92
93 cur_keylen = 0;
94
95 salt_size = tvb_captured_length(salt_tvb);
96 salt_p = (char *)tvb_memdup(pinfo->pool, salt_tvb, 0, salt_size);
97
98 if (pw == NULL)
99 pwlen = 0;
100 else
101 pwlen = strlen(pw);
102
103 if (pwlen > 63 / 2) {
104 return false;
105 }
106
107 /* Store salt and password in BUF_I */
108 p = buf_i;
109 for (i = 0; i < 64; i++)
110 *p++ = salt_p[i % salt_size];
111
112 if (pw) {
113 for (i = j = 0; i < 64; i += 2) {
114 *p++ = 0;
115 *p++ = pw[j];
116 if (++j > pwlen) /* Note, that we include the trailing zero */
117 j = 0;
118 }
119 }
120 else
121 memset (p, 0, 64);
122
123 for (;;) {
124 err = gcry_md_open(&md, GCRY_MD_SHA1, 0);
125 if (gcry_err_code(err)) {
126 return false;
127 }
128 for (i = 0; i < 64; i++) {
129 unsigned char lid = id & 0xFF;
130 gcry_md_write (md, &lid, 1);
131 }
132
133 gcry_md_write(md, buf_i, pw ? 128 : 64);
134
135 gcry_md_final (md);
136 memcpy (hash, gcry_md_read (md, 0), 20);
137
138 gcry_md_close (md);
139
140 for (i = 1; i < iter; i++)
141 gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20);
142
143 for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
144 keybuf[cur_keylen++] = hash[i];
145
146 if (cur_keylen == req_keylen) {
147 gcry_mpi_release (num_b1);
148 return true; /* ready */
149 }
150
151 /* need more bytes. */
152 for (i = 0; i < 64; i++)
153 buf_b[i] = hash[i % 20];
154
155 n = 64;
156
157 rc = gcry_mpi_scan (&num_b1, GCRYMPI_FMT_USG, buf_b, n, &n);
158
159 if (rc != 0) {
160 return false;
161 }
162
163 gcry_mpi_add_ui (num_b1, num_b1, 1);
164
165 for (i = 0; i < 128; i += 64) {
166 gcry_mpi_t num_ij;
167
168 n = 64;
169 rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, n, &n);
170
171 if (rc != 0) {
172 return false;
173 }
174
175 gcry_mpi_add (num_ij, num_ij, num_b1);
176 gcry_mpi_clear_highbit (num_ij, 64 * 8);
177
178 n = 64;
179
180 rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, n, &n, num_ij);
181 if (rc != 0) {
182 return false;
183 }
184
185 gcry_mpi_release (num_ij);
186 }
187 }
188 }
189
190 void PBE_reset_parameters(void)
191 {
192 iteration_count = 0;
193 salt = NULL;
194 }
195
196 int PBE_decrypt_data(const char *object_identifier_id_param _U_, tvbuff_t *encrypted_tvb _U_, packet_info *pinfo _U_, asn1_ctx_t *actx _U_, proto_item *item _U_)
197 {
198 const char *encryption_algorithm;
199 gcry_cipher_hd_t cipher;
200 gcry_error_t err;
201 int algo;
202 int mode;
203 int ivlen = 0;
204 int keylen = 0;
205 int datalen = 0;
206 char *key = NULL;
207 char *iv = NULL;
208 char *clear_data = NULL;
209 tvbuff_t *clear_tvb = NULL;
210 const char *oidname;
211 GString *name;
212 proto_tree *tree;
213 char byte;
214 bool decrypt_ok = true;
215
216 if(((password == NULL) || (*password == '\0')) && (try_null_password == false)) {
217 /* we are not configured to decrypt */
218 return false;
219 }
220
221 encryption_algorithm = x509af_get_last_algorithm_id();
222
223 /* these are the only encryption schemes we understand for now */
224 if(!strcmp(encryption_algorithm, PKCS12_PBE_3DES_SHA1_OID)) {
225 ivlen = 8;
226 keylen = 24;
227 algo = GCRY_CIPHER_3DES;
228 mode = GCRY_CIPHER_MODE_CBC;
229 } else if(!strcmp(encryption_algorithm, PKCS12_PBE_ARCFOUR_SHA1_OID)) {
230 ivlen = 0;
231 keylen = 16;
232 algo = GCRY_CIPHER_ARCFOUR;
233 mode = GCRY_CIPHER_MODE_NONE;
234 } else if(!strcmp(encryption_algorithm, PKCS12_PBE_RC2_40_SHA1_OID)) {
235 ivlen = 8;
236 keylen = 5;
237 algo = GCRY_CIPHER_RFC2268_40;
238 mode = GCRY_CIPHER_MODE_CBC;
239 } else {
240 /* we don't know how to decrypt this */
241
242 proto_item_append_text(item, " [Unsupported encryption algorithm]");
243 return false;
244 }
245
246 if((iteration_count == 0) || (salt == NULL)) {
247 proto_item_append_text(item, " [Insufficient parameters]");
248 return false;
249 }
250
251 /* allocate buffers */
252 key = (char *)wmem_alloc(pinfo->pool, keylen);
253
254 if(!generate_key_or_iv(pinfo, 1 /*LEY */, salt, iteration_count, password, keylen, key))
255 return false;
256
257 if(ivlen) {
258
259 iv = (char *)wmem_alloc(pinfo->pool, ivlen);
260
261 if(!generate_key_or_iv(pinfo, 2 /* IV */, salt, iteration_count, password, ivlen, iv))
262 return false;
263 }
264
265 /* now try an internal function */
266 err = gcry_cipher_open(&cipher, algo, mode, 0);
267 if (gcry_err_code (err))
268 return false;
269
270 err = gcry_cipher_setkey (cipher, key, keylen);
271 if (gcry_err_code (err)) {
272 gcry_cipher_close (cipher);
273 return false;
274 }
275
276 if(ivlen) {
277 err = gcry_cipher_setiv (cipher, iv, ivlen);
278 if (gcry_err_code (err)) {
279 gcry_cipher_close (cipher);
280 return false;
281 }
282 }
283
284 datalen = tvb_captured_length(encrypted_tvb);
285 clear_data = (char *)wmem_alloc(pinfo->pool, datalen);
286
287 err = gcry_cipher_decrypt (cipher, clear_data, datalen, (char *)tvb_memdup(pinfo->pool, encrypted_tvb, 0, datalen), datalen);
288 if (gcry_err_code (err)) {
289
290 proto_item_append_text(item, " [Failed to decrypt with password preference]");
291
292 gcry_cipher_close (cipher);
293 return false;
294 }
295
296 gcry_cipher_close (cipher);
297
298 /* We don't know if we have successfully decrypted the data or not so we:
299 a) check the trailing bytes
300 b) see if we start with a sequence or a set (is this too constraining?
301 */
302
303 /* first the trailing bytes */
304 byte = clear_data[datalen-1];
305 if(byte <= 0x08) {
306 int i;
307
308 for(i = (int)byte; i > 0 ; i--) {
309 if(clear_data[datalen - i] != byte) {
310 decrypt_ok = false;
311 break;
312 }
313 }
314 } else {
315 /* XXX: is this a failure? */
316 }
317
318 /* we assume the result is ASN.1 - check it is a SET or SEQUENCE */
319 byte = clear_data[0];
320 if((byte != 0x30) && (byte != 0x31)) { /* do we need more here? OCTET STRING? */
321 decrypt_ok = false;
322 }
323
324 if(!decrypt_ok) {
325 proto_item_append_text(item, " [Failed to decrypt with supplied password]");
326
327 return false;
328 }
329
330 proto_item_append_text(item, " [Decrypted successfully]");
331
332 tree = proto_item_add_subtree(item, ett_decrypted_pbe);
333
334 /* OK - so now clear_data contains the decrypted data */
335
336 clear_tvb = tvb_new_child_real_data(encrypted_tvb,(const uint8_t *)clear_data, datalen, datalen);
337
338 name = g_string_new("");
339 oidname = oid_resolved_from_string(pinfo->pool, object_identifier_id_param);
340 g_string_printf(name, "Decrypted %s", oidname ? oidname : object_identifier_id_param);
341
342 /* add it as a new source */
343 add_new_data_source(actx->pinfo, clear_tvb, name->str);
344
345 g_string_free(name, TRUE);
346
347 /* now try and decode it */
348 call_ber_oid_callback(object_identifier_id_param, clear_tvb, 0, actx->pinfo, tree, NULL);
349
350 return true;
351 }
352
353 #include "packet-pkcs12-fn.c"
354
355 static int strip_octet_string(tvbuff_t *tvb)
356 {
357 int8_t ber_class;
358 bool pc, ind;
359 int32_t tag;
360 uint32_t len;
361 int offset = 0;
362
363 /* PKCS#7 encodes the content as OCTET STRING, whereas CMS is just any ANY */
364 /* if we use CMS (rather than PKCS#7) - which we are - we need to strip the OCTET STRING tag */
365 /* before proceeding */
366
367 offset = get_ber_identifier(tvb, 0, &ber_class, &pc, &tag);
368 offset = get_ber_length(tvb, offset, &len, &ind);
369
370 if((ber_class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_OCTETSTRING))
371 return offset;
372
373 return 0;
374
375 }
376
377 static int dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) {
378 int offset = 0;
379 asn1_ctx_t asn1_ctx;
380 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
381
382 if((offset = strip_octet_string(tvb)) > 0)
383 dissect_pkcs12_AuthenticatedSafe(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_AuthenticatedSafe_PDU);
384 else
385 proto_tree_add_expert(tree, pinfo, &ei_pkcs12_octet_string_expected, tvb, 0, 1);
386 return tvb_captured_length(tvb);
387 }
388
389 static int dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
390 {
391 int offset = 0;
392 asn1_ctx_t asn1_ctx;
393 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
394
395 offset = strip_octet_string(tvb);
396
397 dissect_pkcs12_SafeContents(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_SafeContents_PDU);
398 return tvb_captured_length(tvb);
399 }
400
401 static int dissect_X509Certificate_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
402 {
403 int offset = 0;
404 asn1_ctx_t asn1_ctx;
405 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
406
407 if((offset = strip_octet_string(tvb)) > 0)
408 dissect_x509af_Certificate(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_X509Certificate_PDU);
409 else
410 proto_tree_add_expert(tree, pinfo, &ei_pkcs12_octet_string_expected, tvb, 0, 1);
411
412 return tvb_captured_length(tvb);
413 }
414
415 /*--- proto_register_pkcs12 ----------------------------------------------*/
416 void proto_register_pkcs12(void) {
417
418 /* List of fields */
419 static hf_register_info hf[] = {
420 { &hf_pkcs12_X509Certificate_PDU,
421 { "X509Certificate", "pkcs12.X509Certificate",
422 FT_NONE, BASE_NONE, NULL, 0,
423 "pkcs12.X509Certificate", HFILL }},
424 { &hf_pkcs12_AuthenticatedSafe_PDU,
425 { "AuthenticatedSafe", "pkcs12.AuthenticatedSafe",
426 FT_UINT32, BASE_DEC, NULL, 0,
427 NULL, HFILL }},
428
429 #include "packet-pkcs12-hfarr.c"
430 };
431
432 /* List of subtrees */
433 static int *ett[] = {
434 &ett_decrypted_pbe,
435 #include "packet-pkcs12-ettarr.c"
436 };
437 static ei_register_info ei[] = {
438 { &ei_pkcs12_octet_string_expected, { "pkcs12.octet_string_expected", PI_PROTOCOL, PI_WARN, "BER Error: OCTET STRING expected", EXPFILL }},
439 };
440
441 module_t *pkcs12_module;
442 expert_module_t* expert_pkcs12;
443
444 /* Register protocol */
445 proto_pkcs12 = proto_register_protocol(PNAME, PSNAME, PFNAME);
446
447 /* Register fields and subtrees */
448 proto_register_field_array(proto_pkcs12, hf, array_length(hf));
449 proto_register_subtree_array(ett, array_length(ett));
450 expert_pkcs12 = expert_register_protocol(proto_pkcs12);
451 expert_register_field_array(expert_pkcs12, ei, array_length(ei));
452
453 /* Register preferences */
454 pkcs12_module = prefs_register_protocol(proto_pkcs12, NULL);
455
456 prefs_register_string_preference(pkcs12_module, "password",
457 "Password to decrypt the file with",
458 "The password to used to decrypt the encrypted elements within"
459 " the PKCS#12 file", &password);
460
461 prefs_register_bool_preference(pkcs12_module, "try_null_password",
462 "Try to decrypt with a empty password",
463 "Whether to try and decrypt the encrypted data within the"
464 " PKCS#12 with a NULL password", &try_null_password);
465
466 register_ber_syntax_dissector("PKCS#12", proto_pkcs12, dissect_PFX_PDU);
467 register_ber_oid_syntax(".p12", NULL, "PKCS#12");
468 register_ber_oid_syntax(".pfx", NULL, "PKCS#12");
469 }
470
471
472 /*--- proto_reg_handoff_pkcs12 -------------------------------------------*/
473 void proto_reg_handoff_pkcs12(void) {
474 #include "packet-pkcs12-dis-tab.c"
475
476 register_ber_oid_dissector("1.2.840.113549.1.9.22.1", dissect_X509Certificate_OCTETSTRING_PDU, proto_pkcs12, "x509Certificate");
477
478 }
479
Metzes wireshark repo