Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-pkcs12.c
blob53a992a202c780e687b8306a176a218c5ab6010f
1 /* Do not modify this file. Changes will be overwritten. */
2 /* Generated automatically by the ASN.1 to Wireshark dissector compiler */
3 /* packet-pkcs12.c */
4 /* asn2wrs.py -b -q -L -p pkcs12 -c ./pkcs12.cnf -s ./packet-pkcs12-template -D . -O ../.. pkcs12.asn */
6 /* packet-pkcs12.c
7 * Routines for PKCS#12: Personal Information Exchange packet dissection
8 * Graeme Lunt 2006
10 * See "PKCS #12 v1.1: Personal Information Exchange Syntax":
12 * http://www.emc.com/emc-plus/rsa-labs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
14 * Wireshark - Network traffic analyzer
15 * By Gerald Combs <gerald@wireshark.org>
16 * Copyright 1998 Gerald Combs
18 * SPDX-License-Identifier: GPL-2.0-or-later
21 #include "config.h"
23 #include <epan/packet.h>
24 #include <epan/expert.h>
25 #include <epan/oids.h>
26 #include <epan/asn1.h>
27 #include <epan/prefs.h>
28 #include <wsutil/array.h>
30 #include "packet-ber.h"
31 #include "packet-pkcs12.h"
32 #include "packet-x509af.h"
33 #include "packet-x509if.h"
34 #include "packet-cms.h"
36 #include <wsutil/wsgcrypt.h>
38 #define PNAME "PKCS#12: Personal Information Exchange"
39 #define PSNAME "PKCS12"
40 #define PFNAME "pkcs12"
42 #define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
43 #define PKCS12_PBE_3DES_SHA1_OID "1.2.840.113549.1.12.1.3"
44 #define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
46 void proto_register_pkcs12(void);
47 void proto_reg_handoff_pkcs12(void);
49 /* Initialize the protocol and registered fields */
50 static int proto_pkcs12;
52 static int hf_pkcs12_X509Certificate_PDU;
53 static int hf_pkcs12_AuthenticatedSafe_PDU; /* AuthenticatedSafe */
54 static int ett_decrypted_pbe;
56 static expert_field ei_pkcs12_octet_string_expected;
59 static const char *object_identifier_id;
60 static int iteration_count;
61 static tvbuff_t *salt;
62 static const char *password;
63 static bool try_null_password;
65 static int dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data);
66 static int dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data);
67 static int dissect_PrivateKeyInfo_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
69 static int hf_pkcs12_PFX_PDU; /* PFX */
70 static int hf_pkcs12_SafeContents_PDU; /* SafeContents */
71 static int hf_pkcs12_KeyBag_PDU; /* KeyBag */
72 static int hf_pkcs12_PKCS8ShroudedKeyBag_PDU; /* PKCS8ShroudedKeyBag */
73 static int hf_pkcs12_CertBag_PDU; /* CertBag */
74 static int hf_pkcs12_CRLBag_PDU; /* CRLBag */
75 static int hf_pkcs12_SecretBag_PDU; /* SecretBag */
76 static int hf_pkcs12_PrivateKeyInfo_PDU; /* PrivateKeyInfo */
77 static int hf_pkcs12_EncryptedPrivateKeyInfo_PDU; /* EncryptedPrivateKeyInfo */
78 static int hf_pkcs12_PBEParameter_PDU; /* PBEParameter */
79 static int hf_pkcs12_PBKDF2Params_PDU; /* PBKDF2Params */
80 static int hf_pkcs12_PBES2Params_PDU; /* PBES2Params */
81 static int hf_pkcs12_PBMAC1Params_PDU; /* PBMAC1Params */
82 static int hf_pkcs12_version; /* T_version */
83 static int hf_pkcs12_authSafe; /* ContentInfo */
84 static int hf_pkcs12_macData; /* MacData */
85 static int hf_pkcs12_mac; /* DigestInfo */
86 static int hf_pkcs12_macSalt; /* OCTET_STRING */
87 static int hf_pkcs12_iterations; /* INTEGER */
88 static int hf_pkcs12_AuthenticatedSafe_item; /* ContentInfo */
89 static int hf_pkcs12_SafeContents_item; /* SafeBag */
90 static int hf_pkcs12_bagId; /* T_bagId */
91 static int hf_pkcs12_bagValue; /* T_bagValue */
92 static int hf_pkcs12_bagAttributes; /* SET_OF_PKCS12Attribute */
93 static int hf_pkcs12_bagAttributes_item; /* PKCS12Attribute */
94 static int hf_pkcs12_certId; /* T_certId */
95 static int hf_pkcs12_certValue; /* T_certValue */
96 static int hf_pkcs12_crlId; /* T_crlId */
97 static int hf_pkcs12_crlValue; /* T_crlValue */
98 static int hf_pkcs12_secretTypeId; /* T_secretTypeId */
99 static int hf_pkcs12_secretValue; /* T_secretValue */
100 static int hf_pkcs12_attrId; /* T_attrId */
101 static int hf_pkcs12_attrValues; /* T_attrValues */
102 static int hf_pkcs12_attrValues_item; /* T_attrValues_item */
103 static int hf_pkcs12_privateKeyVersion; /* Version */
104 static int hf_pkcs12_privateKeyAlgorithm; /* AlgorithmIdentifier */
105 static int hf_pkcs12_privateKey; /* PrivateKey */
106 static int hf_pkcs12_attributes; /* Attributes */
107 static int hf_pkcs12_Attributes_item; /* Attribute */
108 static int hf_pkcs12_encryptionAlgorithm; /* AlgorithmIdentifier */
109 static int hf_pkcs12_encryptedData; /* EncryptedData */
110 static int hf_pkcs12_salt; /* OCTET_STRING */
111 static int hf_pkcs12_iterationCount; /* INTEGER */
112 static int hf_pkcs12_saltChoice; /* T_saltChoice */
113 static int hf_pkcs12_specified; /* OCTET_STRING */
114 static int hf_pkcs12_otherSource; /* AlgorithmIdentifier */
115 static int hf_pkcs12_keyLength; /* INTEGER_1_MAX */
116 static int hf_pkcs12_prf; /* AlgorithmIdentifier */
117 static int hf_pkcs12_keyDerivationFunc; /* AlgorithmIdentifier */
118 static int hf_pkcs12_encryptionScheme; /* AlgorithmIdentifier */
119 static int hf_pkcs12_messageAuthScheme; /* AlgorithmIdentifier */
121 /* Initialize the subtree pointers */
122 static int ett_pkcs12_PFX;
123 static int ett_pkcs12_MacData;
124 static int ett_pkcs12_AuthenticatedSafe;
125 static int ett_pkcs12_SafeContents;
126 static int ett_pkcs12_SafeBag;
127 static int ett_pkcs12_SET_OF_PKCS12Attribute;
128 static int ett_pkcs12_CertBag;
129 static int ett_pkcs12_CRLBag;
130 static int ett_pkcs12_SecretBag;
131 static int ett_pkcs12_PKCS12Attribute;
132 static int ett_pkcs12_T_attrValues;
133 static int ett_pkcs12_PrivateKeyInfo;
134 static int ett_pkcs12_Attributes;
135 static int ett_pkcs12_EncryptedPrivateKeyInfo;
136 static int ett_pkcs12_PBEParameter;
137 static int ett_pkcs12_PBKDF2Params;
138 static int ett_pkcs12_T_saltChoice;
139 static int ett_pkcs12_PBES2Params;
140 static int ett_pkcs12_PBMAC1Params;
142 static void append_oid(wmem_allocator_t *pool, proto_tree *tree, const char *oid)
144 const char *name = NULL;
146 name = oid_resolved_from_string(pool, oid);
147 proto_item_append_text(tree, " (%s)", name ? name : oid);
150 static int
151 generate_key_or_iv(packet_info *pinfo, unsigned int id, tvbuff_t *salt_tvb, unsigned int iter,
152 const char *pw, unsigned int req_keylen, char * keybuf)
154 int rc;
155 unsigned int i, j;
156 gcry_md_hd_t md;
157 gcry_mpi_t num_b1 = NULL;
158 size_t pwlen;
159 char hash[20], buf_b[64], buf_i[128], *p;
160 char *salt_p;
161 int salt_size;
162 size_t cur_keylen;
163 size_t n;
164 gcry_error_t err;
166 cur_keylen = 0;
168 salt_size = tvb_captured_length(salt_tvb);
169 salt_p = (char *)tvb_memdup(pinfo->pool, salt_tvb, 0, salt_size);
171 if (pw == NULL)
172 pwlen = 0;
173 else
174 pwlen = strlen(pw);
176 if (pwlen > 63 / 2) {
177 return false;
180 /* Store salt and password in BUF_I */
181 p = buf_i;
182 for (i = 0; i < 64; i++)
183 *p++ = salt_p[i % salt_size];
185 if (pw) {
186 for (i = j = 0; i < 64; i += 2) {
187 *p++ = 0;
188 *p++ = pw[j];
189 if (++j > pwlen) /* Note, that we include the trailing zero */
190 j = 0;
193 else
194 memset (p, 0, 64);
196 for (;;) {
197 err = gcry_md_open(&md, GCRY_MD_SHA1, 0);
198 if (gcry_err_code(err)) {
199 return false;
201 for (i = 0; i < 64; i++) {
202 unsigned char lid = id & 0xFF;
203 gcry_md_write (md, &lid, 1);
206 gcry_md_write(md, buf_i, pw ? 128 : 64);
208 gcry_md_final (md);
209 memcpy (hash, gcry_md_read (md, 0), 20);
211 gcry_md_close (md);
213 for (i = 1; i < iter; i++)
214 gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20);
216 for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
217 keybuf[cur_keylen++] = hash[i];
219 if (cur_keylen == req_keylen) {
220 gcry_mpi_release (num_b1);
221 return true; /* ready */
224 /* need more bytes. */
225 for (i = 0; i < 64; i++)
226 buf_b[i] = hash[i % 20];
228 n = 64;
230 rc = gcry_mpi_scan (&num_b1, GCRYMPI_FMT_USG, buf_b, n, &n);
232 if (rc != 0) {
233 return false;
236 gcry_mpi_add_ui (num_b1, num_b1, 1);
238 for (i = 0; i < 128; i += 64) {
239 gcry_mpi_t num_ij;
241 n = 64;
242 rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, n, &n);
244 if (rc != 0) {
245 return false;
248 gcry_mpi_add (num_ij, num_ij, num_b1);
249 gcry_mpi_clear_highbit (num_ij, 64 * 8);
251 n = 64;
253 rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, n, &n, num_ij);
254 if (rc != 0) {
255 return false;
258 gcry_mpi_release (num_ij);
263 void PBE_reset_parameters(void)
265 iteration_count = 0;
266 salt = NULL;
269 int PBE_decrypt_data(const char *object_identifier_id_param _U_, tvbuff_t *encrypted_tvb _U_, packet_info *pinfo _U_, asn1_ctx_t *actx _U_, proto_item *item _U_)
271 const char *encryption_algorithm;
272 gcry_cipher_hd_t cipher;
273 gcry_error_t err;
274 int algo;
275 int mode;
276 int ivlen = 0;
277 int keylen = 0;
278 int datalen = 0;
279 char *key = NULL;
280 char *iv = NULL;
281 char *clear_data = NULL;
282 tvbuff_t *clear_tvb = NULL;
283 const char *oidname;
284 GString *name;
285 proto_tree *tree;
286 char byte;
287 bool decrypt_ok = true;
289 if(((password == NULL) || (*password == '\0')) && (try_null_password == false)) {
290 /* we are not configured to decrypt */
291 return false;
294 encryption_algorithm = x509af_get_last_algorithm_id();
296 /* these are the only encryption schemes we understand for now */
297 if(!strcmp(encryption_algorithm, PKCS12_PBE_3DES_SHA1_OID)) {
298 ivlen = 8;
299 keylen = 24;
300 algo = GCRY_CIPHER_3DES;
301 mode = GCRY_CIPHER_MODE_CBC;
302 } else if(!strcmp(encryption_algorithm, PKCS12_PBE_ARCFOUR_SHA1_OID)) {
303 ivlen = 0;
304 keylen = 16;
305 algo = GCRY_CIPHER_ARCFOUR;
306 mode = GCRY_CIPHER_MODE_NONE;
307 } else if(!strcmp(encryption_algorithm, PKCS12_PBE_RC2_40_SHA1_OID)) {
308 ivlen = 8;
309 keylen = 5;
310 algo = GCRY_CIPHER_RFC2268_40;
311 mode = GCRY_CIPHER_MODE_CBC;
312 } else {
313 /* we don't know how to decrypt this */
315 proto_item_append_text(item, " [Unsupported encryption algorithm]");
316 return false;
319 if((iteration_count == 0) || (salt == NULL)) {
320 proto_item_append_text(item, " [Insufficient parameters]");
321 return false;
324 /* allocate buffers */
325 key = (char *)wmem_alloc(pinfo->pool, keylen);
327 if(!generate_key_or_iv(pinfo, 1 /*LEY */, salt, iteration_count, password, keylen, key))
328 return false;
330 if(ivlen) {
332 iv = (char *)wmem_alloc(pinfo->pool, ivlen);
334 if(!generate_key_or_iv(pinfo, 2 /* IV */, salt, iteration_count, password, ivlen, iv))
335 return false;
338 /* now try an internal function */
339 err = gcry_cipher_open(&cipher, algo, mode, 0);
340 if (gcry_err_code (err))
341 return false;
343 err = gcry_cipher_setkey (cipher, key, keylen);
344 if (gcry_err_code (err)) {
345 gcry_cipher_close (cipher);
346 return false;
349 if(ivlen) {
350 err = gcry_cipher_setiv (cipher, iv, ivlen);
351 if (gcry_err_code (err)) {
352 gcry_cipher_close (cipher);
353 return false;
357 datalen = tvb_captured_length(encrypted_tvb);
358 clear_data = (char *)wmem_alloc(pinfo->pool, datalen);
360 err = gcry_cipher_decrypt (cipher, clear_data, datalen, (char *)tvb_memdup(pinfo->pool, encrypted_tvb, 0, datalen), datalen);
361 if (gcry_err_code (err)) {
363 proto_item_append_text(item, " [Failed to decrypt with password preference]");
365 gcry_cipher_close (cipher);
366 return false;
369 gcry_cipher_close (cipher);
371 /* We don't know if we have successfully decrypted the data or not so we:
372 a) check the trailing bytes
373 b) see if we start with a sequence or a set (is this too constraining?
376 /* first the trailing bytes */
377 byte = clear_data[datalen-1];
378 if(byte <= 0x08) {
379 int i;
381 for(i = (int)byte; i > 0 ; i--) {
382 if(clear_data[datalen - i] != byte) {
383 decrypt_ok = false;
384 break;
387 } else {
388 /* XXX: is this a failure? */
391 /* we assume the result is ASN.1 - check it is a SET or SEQUENCE */
392 byte = clear_data[0];
393 if((byte != 0x30) && (byte != 0x31)) { /* do we need more here? OCTET STRING? */
394 decrypt_ok = false;
397 if(!decrypt_ok) {
398 proto_item_append_text(item, " [Failed to decrypt with supplied password]");
400 return false;
403 proto_item_append_text(item, " [Decrypted successfully]");
405 tree = proto_item_add_subtree(item, ett_decrypted_pbe);
407 /* OK - so now clear_data contains the decrypted data */
409 clear_tvb = tvb_new_child_real_data(encrypted_tvb,(const uint8_t *)clear_data, datalen, datalen);
411 name = g_string_new("");
412 oidname = oid_resolved_from_string(pinfo->pool, object_identifier_id_param);
413 g_string_printf(name, "Decrypted %s", oidname ? oidname : object_identifier_id_param);
415 /* add it as a new source */
416 add_new_data_source(actx->pinfo, clear_tvb, name->str);
418 g_string_free(name, TRUE);
420 /* now try and decode it */
421 call_ber_oid_callback(object_identifier_id_param, clear_tvb, 0, actx->pinfo, tree, NULL);
423 return true;
427 static const value_string pkcs12_T_version_vals[] = {
428 { 3, "v3" },
429 { 0, NULL }
433 static int
434 dissect_pkcs12_T_version(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
435 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
436 NULL);
438 return offset;
443 static int
444 dissect_pkcs12_OCTET_STRING(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
445 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
446 (hf_index == hf_pkcs12_salt ? &salt : NULL));
448 return offset;
453 static int
454 dissect_pkcs12_INTEGER(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
455 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
456 (hf_index == hf_pkcs12_iterationCount ? &iteration_count : NULL));
458 return offset;
462 static const ber_sequence_t MacData_sequence[] = {
463 { &hf_pkcs12_mac , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_cms_DigestInfo },
464 { &hf_pkcs12_macSalt , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_pkcs12_OCTET_STRING },
465 { &hf_pkcs12_iterations , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_pkcs12_INTEGER },
466 { NULL, 0, 0, 0, NULL }
469 static int
470 dissect_pkcs12_MacData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
471 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
472 MacData_sequence, hf_index, ett_pkcs12_MacData);
474 return offset;
478 static const ber_sequence_t PFX_sequence[] = {
479 { &hf_pkcs12_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_pkcs12_T_version },
480 { &hf_pkcs12_authSafe , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_cms_ContentInfo },
481 { &hf_pkcs12_macData , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_pkcs12_MacData },
482 { NULL, 0, 0, 0, NULL }
485 static int
486 dissect_pkcs12_PFX(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
487 dissector_handle_t dissector_handle;
489 /* we change the CMS id-data dissector to dissect as AuthenticatedSafe
490 not sure why PKCS#12 couldn't have used its own content type OID for AuthenticatedSafe */
491 dissector_handle=create_dissector_handle(dissect_AuthenticatedSafe_OCTETSTRING_PDU, proto_pkcs12);
492 dissector_change_string("ber.oid", "1.2.840.113549.1.7.1", dissector_handle);
494 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
495 PFX_sequence, hf_index, ett_pkcs12_PFX);
498 /* restore the original dissector */
499 dissector_reset_string("ber.oid", "1.2.840.113549.1.7.1");
502 return offset;
506 static const ber_sequence_t AuthenticatedSafe_sequence_of[1] = {
507 { &hf_pkcs12_AuthenticatedSafe_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_cms_ContentInfo },
510 static int
511 dissect_pkcs12_AuthenticatedSafe(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
512 dissector_handle_t dissector_handle;
514 /* we change the CMS id-data dissector to dissect as SafeContents */
515 dissector_handle=create_dissector_handle(dissect_SafeContents_OCTETSTRING_PDU, proto_pkcs12);
516 dissector_change_string("ber.oid", "1.2.840.113549.1.7.1", dissector_handle);
518 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
519 AuthenticatedSafe_sequence_of, hf_index, ett_pkcs12_AuthenticatedSafe);
522 /* restore the original dissector */
523 dissector_reset_string("ber.oid", "1.2.840.113549.1.7.1");
526 return offset;
531 static int
532 dissect_pkcs12_T_bagId(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
533 offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &object_identifier_id);
535 append_oid(actx->pinfo->pool, tree, object_identifier_id);
536 return offset;
541 static int
542 dissect_pkcs12_T_bagValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
543 if(object_identifier_id)
544 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
547 return offset;
552 static int
553 dissect_pkcs12_T_attrId(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
554 offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &object_identifier_id);
556 append_oid(actx->pinfo->pool, tree, object_identifier_id);
557 return offset;
562 static int
563 dissect_pkcs12_T_attrValues_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
564 if(object_identifier_id)
565 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
568 return offset;
572 static const ber_sequence_t T_attrValues_set_of[1] = {
573 { &hf_pkcs12_attrValues_item, BER_CLASS_ANY, 0, BER_FLAGS_NOOWNTAG, dissect_pkcs12_T_attrValues_item },
576 static int
577 dissect_pkcs12_T_attrValues(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
578 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
579 T_attrValues_set_of, hf_index, ett_pkcs12_T_attrValues);
581 return offset;
585 static const ber_sequence_t PKCS12Attribute_sequence[] = {
586 { &hf_pkcs12_attrId , BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_pkcs12_T_attrId },
587 { &hf_pkcs12_attrValues , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_pkcs12_T_attrValues },
588 { NULL, 0, 0, 0, NULL }
591 static int
592 dissect_pkcs12_PKCS12Attribute(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
593 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
594 PKCS12Attribute_sequence, hf_index, ett_pkcs12_PKCS12Attribute);
596 return offset;
600 static const ber_sequence_t SET_OF_PKCS12Attribute_set_of[1] = {
601 { &hf_pkcs12_bagAttributes_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_pkcs12_PKCS12Attribute },
604 static int
605 dissect_pkcs12_SET_OF_PKCS12Attribute(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
606 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
607 SET_OF_PKCS12Attribute_set_of, hf_index, ett_pkcs12_SET_OF_PKCS12Attribute);
609 return offset;
613 static const ber_sequence_t SafeBag_sequence[] = {
614 { &hf_pkcs12_bagId , BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_pkcs12_T_bagId },
615 { &hf_pkcs12_bagValue , BER_CLASS_CON, 0, 0, dissect_pkcs12_T_bagValue },
616 { &hf_pkcs12_bagAttributes, BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_pkcs12_SET_OF_PKCS12Attribute },
617 { NULL, 0, 0, 0, NULL }
620 static int
621 dissect_pkcs12_SafeBag(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
622 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
623 SafeBag_sequence, hf_index, ett_pkcs12_SafeBag);
625 return offset;
629 static const ber_sequence_t SafeContents_sequence_of[1] = {
630 { &hf_pkcs12_SafeContents_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_pkcs12_SafeBag },
633 static int
634 dissect_pkcs12_SafeContents(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
635 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
636 SafeContents_sequence_of, hf_index, ett_pkcs12_SafeContents);
638 return offset;
642 static const value_string pkcs12_Version_vals[] = {
643 { 0, "v1" },
644 { 0, NULL }
648 static int
649 dissect_pkcs12_Version(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
650 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
651 NULL);
653 return offset;
658 static int
659 dissect_pkcs12_PrivateKey(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
660 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
661 NULL);
663 return offset;
667 static const ber_sequence_t Attributes_set_of[1] = {
668 { &hf_pkcs12_Attributes_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509if_Attribute },
671 static int
672 dissect_pkcs12_Attributes(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
673 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
674 Attributes_set_of, hf_index, ett_pkcs12_Attributes);
676 return offset;
680 static const ber_sequence_t PrivateKeyInfo_sequence[] = {
681 { &hf_pkcs12_privateKeyVersion, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_pkcs12_Version },
682 { &hf_pkcs12_privateKeyAlgorithm, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509af_AlgorithmIdentifier },
683 { &hf_pkcs12_privateKey , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_pkcs12_PrivateKey },
684 { &hf_pkcs12_attributes , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_pkcs12_Attributes },
685 { NULL, 0, 0, 0, NULL }
688 static int
689 dissect_pkcs12_PrivateKeyInfo(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
690 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
691 PrivateKeyInfo_sequence, hf_index, ett_pkcs12_PrivateKeyInfo);
693 return offset;
698 static int
699 dissect_pkcs12_KeyBag(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
700 offset = dissect_pkcs12_PrivateKeyInfo(implicit_tag, tvb, offset, actx, tree, hf_index);
702 return offset;
707 static int
708 dissect_pkcs12_EncryptedData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
709 tvbuff_t *encrypted_tvb;
710 dissector_handle_t dissector_handle;
712 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
713 &encrypted_tvb);
718 dissector_handle=create_dissector_handle(dissect_PrivateKeyInfo_PDU, proto_pkcs12);
719 dissector_change_string("ber.oid", object_identifier_id, dissector_handle);
721 PBE_decrypt_data(object_identifier_id, encrypted_tvb, actx->pinfo, actx, actx->created_item);
723 /* restore the original dissector */
724 dissector_reset_string("ber.oid", object_identifier_id);
726 return offset;
730 static const ber_sequence_t EncryptedPrivateKeyInfo_sequence[] = {
731 { &hf_pkcs12_encryptionAlgorithm, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509af_AlgorithmIdentifier },
732 { &hf_pkcs12_encryptedData, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_pkcs12_EncryptedData },
733 { NULL, 0, 0, 0, NULL }
736 static int
737 dissect_pkcs12_EncryptedPrivateKeyInfo(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
738 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
739 EncryptedPrivateKeyInfo_sequence, hf_index, ett_pkcs12_EncryptedPrivateKeyInfo);
741 return offset;
746 static int
747 dissect_pkcs12_PKCS8ShroudedKeyBag(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
748 offset = dissect_pkcs12_EncryptedPrivateKeyInfo(implicit_tag, tvb, offset, actx, tree, hf_index);
750 return offset;
755 static int
756 dissect_pkcs12_T_certId(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
757 offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &object_identifier_id);
759 append_oid(actx->pinfo->pool, tree, object_identifier_id);
760 return offset;
765 static int
766 dissect_pkcs12_T_certValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
767 if(object_identifier_id)
768 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
771 return offset;
775 static const ber_sequence_t CertBag_sequence[] = {
776 { &hf_pkcs12_certId , BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_pkcs12_T_certId },
777 { &hf_pkcs12_certValue , BER_CLASS_CON, 0, 0, dissect_pkcs12_T_certValue },
778 { NULL, 0, 0, 0, NULL }
781 static int
782 dissect_pkcs12_CertBag(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
783 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
784 CertBag_sequence, hf_index, ett_pkcs12_CertBag);
786 return offset;
791 static int
792 dissect_pkcs12_T_crlId(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
793 offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &object_identifier_id);
795 append_oid(actx->pinfo->pool, tree, object_identifier_id);
796 return offset;
801 static int
802 dissect_pkcs12_T_crlValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
803 if(object_identifier_id)
804 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
807 return offset;
811 static const ber_sequence_t CRLBag_sequence[] = {
812 { &hf_pkcs12_crlId , BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_pkcs12_T_crlId },
813 { &hf_pkcs12_crlValue , BER_CLASS_CON, 0, 0, dissect_pkcs12_T_crlValue },
814 { NULL, 0, 0, 0, NULL }
817 static int
818 dissect_pkcs12_CRLBag(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
819 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
820 CRLBag_sequence, hf_index, ett_pkcs12_CRLBag);
822 return offset;
827 static int
828 dissect_pkcs12_T_secretTypeId(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
829 offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &object_identifier_id);
831 append_oid(actx->pinfo->pool, tree, object_identifier_id);
832 return offset;
837 static int
838 dissect_pkcs12_T_secretValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
839 if(object_identifier_id)
840 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
843 return offset;
847 static const ber_sequence_t SecretBag_sequence[] = {
848 { &hf_pkcs12_secretTypeId , BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_pkcs12_T_secretTypeId },
849 { &hf_pkcs12_secretValue , BER_CLASS_CON, 0, 0, dissect_pkcs12_T_secretValue },
850 { NULL, 0, 0, 0, NULL }
853 static int
854 dissect_pkcs12_SecretBag(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
855 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
856 SecretBag_sequence, hf_index, ett_pkcs12_SecretBag);
858 return offset;
862 static const ber_sequence_t PBEParameter_sequence[] = {
863 { &hf_pkcs12_salt , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_pkcs12_OCTET_STRING },
864 { &hf_pkcs12_iterationCount, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_pkcs12_INTEGER },
865 { NULL, 0, 0, 0, NULL }
868 static int
869 dissect_pkcs12_PBEParameter(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
870 /* initialise the encryption parameters */
871 PBE_reset_parameters();
873 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
874 PBEParameter_sequence, hf_index, ett_pkcs12_PBEParameter);
876 return offset;
880 static const value_string pkcs12_T_saltChoice_vals[] = {
881 { 0, "specified" },
882 { 1, "otherSource" },
883 { 0, NULL }
886 static const ber_choice_t T_saltChoice_choice[] = {
887 { 0, &hf_pkcs12_specified , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_pkcs12_OCTET_STRING },
888 { 1, &hf_pkcs12_otherSource , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509af_AlgorithmIdentifier },
889 { 0, NULL, 0, 0, 0, NULL }
892 static int
893 dissect_pkcs12_T_saltChoice(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
894 offset = dissect_ber_choice(actx, tree, tvb, offset,
895 T_saltChoice_choice, hf_index, ett_pkcs12_T_saltChoice,
896 NULL);
898 return offset;
903 static int
904 dissect_pkcs12_INTEGER_1_MAX(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
905 offset = dissect_ber_integer64(implicit_tag, actx, tree, tvb, offset, hf_index,
906 NULL);
908 return offset;
912 static const ber_sequence_t PBKDF2Params_sequence[] = {
913 { &hf_pkcs12_saltChoice , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_pkcs12_T_saltChoice },
914 { &hf_pkcs12_iterationCount, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_pkcs12_INTEGER },
915 { &hf_pkcs12_keyLength , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_pkcs12_INTEGER_1_MAX },
916 { &hf_pkcs12_prf , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_x509af_AlgorithmIdentifier },
917 { NULL, 0, 0, 0, NULL }
920 static int
921 dissect_pkcs12_PBKDF2Params(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
922 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
923 PBKDF2Params_sequence, hf_index, ett_pkcs12_PBKDF2Params);
925 return offset;
929 static const ber_sequence_t PBES2Params_sequence[] = {
930 { &hf_pkcs12_keyDerivationFunc, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509af_AlgorithmIdentifier },
931 { &hf_pkcs12_encryptionScheme, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509af_AlgorithmIdentifier },
932 { NULL, 0, 0, 0, NULL }
935 static int
936 dissect_pkcs12_PBES2Params(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
937 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
938 PBES2Params_sequence, hf_index, ett_pkcs12_PBES2Params);
940 return offset;
944 static const ber_sequence_t PBMAC1Params_sequence[] = {
945 { &hf_pkcs12_keyDerivationFunc, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509af_AlgorithmIdentifier },
946 { &hf_pkcs12_messageAuthScheme, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509af_AlgorithmIdentifier },
947 { NULL, 0, 0, 0, NULL }
950 static int
951 dissect_pkcs12_PBMAC1Params(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
952 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
953 PBMAC1Params_sequence, hf_index, ett_pkcs12_PBMAC1Params);
955 return offset;
958 /*--- PDUs ---*/
960 static int dissect_PFX_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
961 int offset = 0;
962 asn1_ctx_t asn1_ctx;
963 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
964 offset = dissect_pkcs12_PFX(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_PFX_PDU);
965 return offset;
967 static int dissect_SafeContents_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
968 int offset = 0;
969 asn1_ctx_t asn1_ctx;
970 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
971 offset = dissect_pkcs12_SafeContents(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_SafeContents_PDU);
972 return offset;
974 static int dissect_KeyBag_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
975 int offset = 0;
976 asn1_ctx_t asn1_ctx;
977 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
978 offset = dissect_pkcs12_KeyBag(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_KeyBag_PDU);
979 return offset;
981 static int dissect_PKCS8ShroudedKeyBag_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
982 int offset = 0;
983 asn1_ctx_t asn1_ctx;
984 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
985 offset = dissect_pkcs12_PKCS8ShroudedKeyBag(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_PKCS8ShroudedKeyBag_PDU);
986 return offset;
988 static int dissect_CertBag_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
989 int offset = 0;
990 asn1_ctx_t asn1_ctx;
991 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
992 offset = dissect_pkcs12_CertBag(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_CertBag_PDU);
993 return offset;
995 static int dissect_CRLBag_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
996 int offset = 0;
997 asn1_ctx_t asn1_ctx;
998 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
999 offset = dissect_pkcs12_CRLBag(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_CRLBag_PDU);
1000 return offset;
1002 static int dissect_SecretBag_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
1003 int offset = 0;
1004 asn1_ctx_t asn1_ctx;
1005 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
1006 offset = dissect_pkcs12_SecretBag(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_SecretBag_PDU);
1007 return offset;
1009 static int dissect_PrivateKeyInfo_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
1010 int offset = 0;
1011 asn1_ctx_t asn1_ctx;
1012 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
1013 offset = dissect_pkcs12_PrivateKeyInfo(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_PrivateKeyInfo_PDU);
1014 return offset;
1016 static int dissect_EncryptedPrivateKeyInfo_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
1017 int offset = 0;
1018 asn1_ctx_t asn1_ctx;
1019 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
1020 offset = dissect_pkcs12_EncryptedPrivateKeyInfo(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_EncryptedPrivateKeyInfo_PDU);
1021 return offset;
1023 static int dissect_PBEParameter_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
1024 int offset = 0;
1025 asn1_ctx_t asn1_ctx;
1026 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
1027 offset = dissect_pkcs12_PBEParameter(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_PBEParameter_PDU);
1028 return offset;
1030 static int dissect_PBKDF2Params_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
1031 int offset = 0;
1032 asn1_ctx_t asn1_ctx;
1033 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
1034 offset = dissect_pkcs12_PBKDF2Params(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_PBKDF2Params_PDU);
1035 return offset;
1037 static int dissect_PBES2Params_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
1038 int offset = 0;
1039 asn1_ctx_t asn1_ctx;
1040 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
1041 offset = dissect_pkcs12_PBES2Params(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_PBES2Params_PDU);
1042 return offset;
1044 static int dissect_PBMAC1Params_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
1045 int offset = 0;
1046 asn1_ctx_t asn1_ctx;
1047 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
1048 offset = dissect_pkcs12_PBMAC1Params(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_PBMAC1Params_PDU);
1049 return offset;
1053 static int strip_octet_string(tvbuff_t *tvb)
1055 int8_t ber_class;
1056 bool pc, ind;
1057 int32_t tag;
1058 uint32_t len;
1059 int offset = 0;
1061 /* PKCS#7 encodes the content as OCTET STRING, whereas CMS is just any ANY */
1062 /* if we use CMS (rather than PKCS#7) - which we are - we need to strip the OCTET STRING tag */
1063 /* before proceeding */
1065 offset = get_ber_identifier(tvb, 0, &ber_class, &pc, &tag);
1066 offset = get_ber_length(tvb, offset, &len, &ind);
1068 if((ber_class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_OCTETSTRING))
1069 return offset;
1071 return 0;
1075 static int dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) {
1076 int offset = 0;
1077 asn1_ctx_t asn1_ctx;
1078 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
1080 if((offset = strip_octet_string(tvb)) > 0)
1081 dissect_pkcs12_AuthenticatedSafe(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_AuthenticatedSafe_PDU);
1082 else
1083 proto_tree_add_expert(tree, pinfo, &ei_pkcs12_octet_string_expected, tvb, 0, 1);
1084 return tvb_captured_length(tvb);
1087 static int dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
1089 int offset = 0;
1090 asn1_ctx_t asn1_ctx;
1091 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
1093 offset = strip_octet_string(tvb);
1095 dissect_pkcs12_SafeContents(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_SafeContents_PDU);
1096 return tvb_captured_length(tvb);
1099 static int dissect_X509Certificate_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
1101 int offset = 0;
1102 asn1_ctx_t asn1_ctx;
1103 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
1105 if((offset = strip_octet_string(tvb)) > 0)
1106 dissect_x509af_Certificate(false, tvb, offset, &asn1_ctx, tree, hf_pkcs12_X509Certificate_PDU);
1107 else
1108 proto_tree_add_expert(tree, pinfo, &ei_pkcs12_octet_string_expected, tvb, 0, 1);
1110 return tvb_captured_length(tvb);
1113 /*--- proto_register_pkcs12 ----------------------------------------------*/
1114 void proto_register_pkcs12(void) {
1116 /* List of fields */
1117 static hf_register_info hf[] = {
1118 { &hf_pkcs12_X509Certificate_PDU,
1119 { "X509Certificate", "pkcs12.X509Certificate",
1120 FT_NONE, BASE_NONE, NULL, 0,
1121 "pkcs12.X509Certificate", HFILL }},
1122 { &hf_pkcs12_AuthenticatedSafe_PDU,
1123 { "AuthenticatedSafe", "pkcs12.AuthenticatedSafe",
1124 FT_UINT32, BASE_DEC, NULL, 0,
1125 NULL, HFILL }},
1127 { &hf_pkcs12_PFX_PDU,
1128 { "PFX", "pkcs12.PFX_element",
1129 FT_NONE, BASE_NONE, NULL, 0,
1130 NULL, HFILL }},
1131 { &hf_pkcs12_SafeContents_PDU,
1132 { "SafeContents", "pkcs12.SafeContents",
1133 FT_UINT32, BASE_DEC, NULL, 0,
1134 NULL, HFILL }},
1135 { &hf_pkcs12_KeyBag_PDU,
1136 { "KeyBag", "pkcs12.KeyBag_element",
1137 FT_NONE, BASE_NONE, NULL, 0,
1138 NULL, HFILL }},
1139 { &hf_pkcs12_PKCS8ShroudedKeyBag_PDU,
1140 { "PKCS8ShroudedKeyBag", "pkcs12.PKCS8ShroudedKeyBag_element",
1141 FT_NONE, BASE_NONE, NULL, 0,
1142 NULL, HFILL }},
1143 { &hf_pkcs12_CertBag_PDU,
1144 { "CertBag", "pkcs12.CertBag_element",
1145 FT_NONE, BASE_NONE, NULL, 0,
1146 NULL, HFILL }},
1147 { &hf_pkcs12_CRLBag_PDU,
1148 { "CRLBag", "pkcs12.CRLBag_element",
1149 FT_NONE, BASE_NONE, NULL, 0,
1150 NULL, HFILL }},
1151 { &hf_pkcs12_SecretBag_PDU,
1152 { "SecretBag", "pkcs12.SecretBag_element",
1153 FT_NONE, BASE_NONE, NULL, 0,
1154 NULL, HFILL }},
1155 { &hf_pkcs12_PrivateKeyInfo_PDU,
1156 { "PrivateKeyInfo", "pkcs12.PrivateKeyInfo_element",
1157 FT_NONE, BASE_NONE, NULL, 0,
1158 NULL, HFILL }},
1159 { &hf_pkcs12_EncryptedPrivateKeyInfo_PDU,
1160 { "EncryptedPrivateKeyInfo", "pkcs12.EncryptedPrivateKeyInfo_element",
1161 FT_NONE, BASE_NONE, NULL, 0,
1162 NULL, HFILL }},
1163 { &hf_pkcs12_PBEParameter_PDU,
1164 { "PBEParameter", "pkcs12.PBEParameter_element",
1165 FT_NONE, BASE_NONE, NULL, 0,
1166 NULL, HFILL }},
1167 { &hf_pkcs12_PBKDF2Params_PDU,
1168 { "PBKDF2Params", "pkcs12.PBKDF2Params_element",
1169 FT_NONE, BASE_NONE, NULL, 0,
1170 NULL, HFILL }},
1171 { &hf_pkcs12_PBES2Params_PDU,
1172 { "PBES2Params", "pkcs12.PBES2Params_element",
1173 FT_NONE, BASE_NONE, NULL, 0,
1174 NULL, HFILL }},
1175 { &hf_pkcs12_PBMAC1Params_PDU,
1176 { "PBMAC1Params", "pkcs12.PBMAC1Params_element",
1177 FT_NONE, BASE_NONE, NULL, 0,
1178 NULL, HFILL }},
1179 { &hf_pkcs12_version,
1180 { "version", "pkcs12.version",
1181 FT_UINT32, BASE_DEC, VALS(pkcs12_T_version_vals), 0,
1182 NULL, HFILL }},
1183 { &hf_pkcs12_authSafe,
1184 { "authSafe", "pkcs12.authSafe_element",
1185 FT_NONE, BASE_NONE, NULL, 0,
1186 "ContentInfo", HFILL }},
1187 { &hf_pkcs12_macData,
1188 { "macData", "pkcs12.macData_element",
1189 FT_NONE, BASE_NONE, NULL, 0,
1190 NULL, HFILL }},
1191 { &hf_pkcs12_mac,
1192 { "mac", "pkcs12.mac_element",
1193 FT_NONE, BASE_NONE, NULL, 0,
1194 "DigestInfo", HFILL }},
1195 { &hf_pkcs12_macSalt,
1196 { "macSalt", "pkcs12.macSalt",
1197 FT_BYTES, BASE_NONE, NULL, 0,
1198 "OCTET_STRING", HFILL }},
1199 { &hf_pkcs12_iterations,
1200 { "iterations", "pkcs12.iterations",
1201 FT_INT32, BASE_DEC, NULL, 0,
1202 "INTEGER", HFILL }},
1203 { &hf_pkcs12_AuthenticatedSafe_item,
1204 { "ContentInfo", "pkcs12.ContentInfo_element",
1205 FT_NONE, BASE_NONE, NULL, 0,
1206 NULL, HFILL }},
1207 { &hf_pkcs12_SafeContents_item,
1208 { "SafeBag", "pkcs12.SafeBag_element",
1209 FT_NONE, BASE_NONE, NULL, 0,
1210 NULL, HFILL }},
1211 { &hf_pkcs12_bagId,
1212 { "bagId", "pkcs12.bagId",
1213 FT_OID, BASE_NONE, NULL, 0,
1214 NULL, HFILL }},
1215 { &hf_pkcs12_bagValue,
1216 { "bagValue", "pkcs12.bagValue_element",
1217 FT_NONE, BASE_NONE, NULL, 0,
1218 NULL, HFILL }},
1219 { &hf_pkcs12_bagAttributes,
1220 { "bagAttributes", "pkcs12.bagAttributes",
1221 FT_UINT32, BASE_DEC, NULL, 0,
1222 "SET_OF_PKCS12Attribute", HFILL }},
1223 { &hf_pkcs12_bagAttributes_item,
1224 { "PKCS12Attribute", "pkcs12.PKCS12Attribute_element",
1225 FT_NONE, BASE_NONE, NULL, 0,
1226 NULL, HFILL }},
1227 { &hf_pkcs12_certId,
1228 { "certId", "pkcs12.certId",
1229 FT_OID, BASE_NONE, NULL, 0,
1230 NULL, HFILL }},
1231 { &hf_pkcs12_certValue,
1232 { "certValue", "pkcs12.certValue_element",
1233 FT_NONE, BASE_NONE, NULL, 0,
1234 NULL, HFILL }},
1235 { &hf_pkcs12_crlId,
1236 { "crlId", "pkcs12.crlId",
1237 FT_OID, BASE_NONE, NULL, 0,
1238 NULL, HFILL }},
1239 { &hf_pkcs12_crlValue,
1240 { "crlValue", "pkcs12.crlValue_element",
1241 FT_NONE, BASE_NONE, NULL, 0,
1242 NULL, HFILL }},
1243 { &hf_pkcs12_secretTypeId,
1244 { "secretTypeId", "pkcs12.secretTypeId",
1245 FT_OID, BASE_NONE, NULL, 0,
1246 NULL, HFILL }},
1247 { &hf_pkcs12_secretValue,
1248 { "secretValue", "pkcs12.secretValue_element",
1249 FT_NONE, BASE_NONE, NULL, 0,
1250 NULL, HFILL }},
1251 { &hf_pkcs12_attrId,
1252 { "attrId", "pkcs12.attrId",
1253 FT_OID, BASE_NONE, NULL, 0,
1254 NULL, HFILL }},
1255 { &hf_pkcs12_attrValues,
1256 { "attrValues", "pkcs12.attrValues",
1257 FT_UINT32, BASE_DEC, NULL, 0,
1258 NULL, HFILL }},
1259 { &hf_pkcs12_attrValues_item,
1260 { "attrValues item", "pkcs12.attrValues_item_element",
1261 FT_NONE, BASE_NONE, NULL, 0,
1262 NULL, HFILL }},
1263 { &hf_pkcs12_privateKeyVersion,
1264 { "version", "pkcs12.privateKeyVersion",
1265 FT_UINT32, BASE_DEC, VALS(pkcs12_Version_vals), 0,
1266 NULL, HFILL }},
1267 { &hf_pkcs12_privateKeyAlgorithm,
1268 { "privateKeyAlgorithm", "pkcs12.privateKeyAlgorithm_element",
1269 FT_NONE, BASE_NONE, NULL, 0,
1270 "AlgorithmIdentifier", HFILL }},
1271 { &hf_pkcs12_privateKey,
1272 { "privateKey", "pkcs12.privateKey",
1273 FT_BYTES, BASE_NONE, NULL, 0,
1274 NULL, HFILL }},
1275 { &hf_pkcs12_attributes,
1276 { "attributes", "pkcs12.attributes",
1277 FT_UINT32, BASE_DEC, NULL, 0,
1278 NULL, HFILL }},
1279 { &hf_pkcs12_Attributes_item,
1280 { "Attribute", "pkcs12.Attribute_element",
1281 FT_NONE, BASE_NONE, NULL, 0,
1282 NULL, HFILL }},
1283 { &hf_pkcs12_encryptionAlgorithm,
1284 { "encryptionAlgorithm", "pkcs12.encryptionAlgorithm_element",
1285 FT_NONE, BASE_NONE, NULL, 0,
1286 "AlgorithmIdentifier", HFILL }},
1287 { &hf_pkcs12_encryptedData,
1288 { "encryptedData", "pkcs12.encryptedData",
1289 FT_BYTES, BASE_NONE, NULL, 0,
1290 NULL, HFILL }},
1291 { &hf_pkcs12_salt,
1292 { "salt", "pkcs12.salt",
1293 FT_BYTES, BASE_NONE, NULL, 0,
1294 "OCTET_STRING", HFILL }},
1295 { &hf_pkcs12_iterationCount,
1296 { "iterationCount", "pkcs12.iterationCount",
1297 FT_INT32, BASE_DEC, NULL, 0,
1298 "INTEGER", HFILL }},
1299 { &hf_pkcs12_saltChoice,
1300 { "salt", "pkcs12.saltChoice",
1301 FT_UINT32, BASE_DEC, VALS(pkcs12_T_saltChoice_vals), 0,
1302 "T_saltChoice", HFILL }},
1303 { &hf_pkcs12_specified,
1304 { "specified", "pkcs12.specified",
1305 FT_BYTES, BASE_NONE, NULL, 0,
1306 "OCTET_STRING", HFILL }},
1307 { &hf_pkcs12_otherSource,
1308 { "otherSource", "pkcs12.otherSource_element",
1309 FT_NONE, BASE_NONE, NULL, 0,
1310 "AlgorithmIdentifier", HFILL }},
1311 { &hf_pkcs12_keyLength,
1312 { "keyLength", "pkcs12.keyLength",
1313 FT_UINT64, BASE_DEC, NULL, 0,
1314 "INTEGER_1_MAX", HFILL }},
1315 { &hf_pkcs12_prf,
1316 { "prf", "pkcs12.prf_element",
1317 FT_NONE, BASE_NONE, NULL, 0,
1318 "AlgorithmIdentifier", HFILL }},
1319 { &hf_pkcs12_keyDerivationFunc,
1320 { "keyDerivationFunc", "pkcs12.keyDerivationFunc_element",
1321 FT_NONE, BASE_NONE, NULL, 0,
1322 "AlgorithmIdentifier", HFILL }},
1323 { &hf_pkcs12_encryptionScheme,
1324 { "encryptionScheme", "pkcs12.encryptionScheme_element",
1325 FT_NONE, BASE_NONE, NULL, 0,
1326 "AlgorithmIdentifier", HFILL }},
1327 { &hf_pkcs12_messageAuthScheme,
1328 { "messageAuthScheme", "pkcs12.messageAuthScheme_element",
1329 FT_NONE, BASE_NONE, NULL, 0,
1330 "AlgorithmIdentifier", HFILL }},
1333 /* List of subtrees */
1334 static int *ett[] = {
1335 &ett_decrypted_pbe,
1336 &ett_pkcs12_PFX,
1337 &ett_pkcs12_MacData,
1338 &ett_pkcs12_AuthenticatedSafe,
1339 &ett_pkcs12_SafeContents,
1340 &ett_pkcs12_SafeBag,
1341 &ett_pkcs12_SET_OF_PKCS12Attribute,
1342 &ett_pkcs12_CertBag,
1343 &ett_pkcs12_CRLBag,
1344 &ett_pkcs12_SecretBag,
1345 &ett_pkcs12_PKCS12Attribute,
1346 &ett_pkcs12_T_attrValues,
1347 &ett_pkcs12_PrivateKeyInfo,
1348 &ett_pkcs12_Attributes,
1349 &ett_pkcs12_EncryptedPrivateKeyInfo,
1350 &ett_pkcs12_PBEParameter,
1351 &ett_pkcs12_PBKDF2Params,
1352 &ett_pkcs12_T_saltChoice,
1353 &ett_pkcs12_PBES2Params,
1354 &ett_pkcs12_PBMAC1Params,
1356 static ei_register_info ei[] = {
1357 { &ei_pkcs12_octet_string_expected, { "pkcs12.octet_string_expected", PI_PROTOCOL, PI_WARN, "BER Error: OCTET STRING expected", EXPFILL }},
1360 module_t *pkcs12_module;
1361 expert_module_t* expert_pkcs12;
1363 /* Register protocol */
1364 proto_pkcs12 = proto_register_protocol(PNAME, PSNAME, PFNAME);
1366 /* Register fields and subtrees */
1367 proto_register_field_array(proto_pkcs12, hf, array_length(hf));
1368 proto_register_subtree_array(ett, array_length(ett));
1369 expert_pkcs12 = expert_register_protocol(proto_pkcs12);
1370 expert_register_field_array(expert_pkcs12, ei, array_length(ei));
1372 /* Register preferences */
1373 pkcs12_module = prefs_register_protocol(proto_pkcs12, NULL);
1375 prefs_register_string_preference(pkcs12_module, "password",
1376 "Password to decrypt the file with",
1377 "The password to used to decrypt the encrypted elements within"
1378 " the PKCS#12 file", &password);
1380 prefs_register_bool_preference(pkcs12_module, "try_null_password",
1381 "Try to decrypt with a empty password",
1382 "Whether to try and decrypt the encrypted data within the"
1383 " PKCS#12 with a NULL password", &try_null_password);
1385 register_ber_syntax_dissector("PKCS#12", proto_pkcs12, dissect_PFX_PDU);
1386 register_ber_oid_syntax(".p12", NULL, "PKCS#12");
1387 register_ber_oid_syntax(".pfx", NULL, "PKCS#12");
1391 /*--- proto_reg_handoff_pkcs12 -------------------------------------------*/
1392 void proto_reg_handoff_pkcs12(void) {
1393 register_ber_oid_dissector("1.2.840.113549.1.12.10.1.1", dissect_KeyBag_PDU, proto_pkcs12, "keyBag");
1394 register_ber_oid_dissector("1.2.840.113549.1.12.10.1.2", dissect_PKCS8ShroudedKeyBag_PDU, proto_pkcs12, "pkcs8ShroudedKeyBag");
1395 register_ber_oid_dissector("1.2.840.113549.1.12.10.1.3", dissect_CertBag_PDU, proto_pkcs12, "certBag");
1396 register_ber_oid_dissector("1.2.840.113549.1.12.10.1.4", dissect_SecretBag_PDU, proto_pkcs12, "secretBag");
1397 register_ber_oid_dissector("1.2.840.113549.1.12.10.1.5", dissect_CRLBag_PDU, proto_pkcs12, "crlBag");
1398 register_ber_oid_dissector("1.2.840.113549.1.12.10.1.6", dissect_SafeContents_PDU, proto_pkcs12, "safeContentsBag");
1399 register_ber_oid_dissector("2.16.840.1.113730.3.1.216", dissect_PFX_PDU, proto_pkcs12, "pkcs-9-at-PKCS12");
1400 register_ber_oid_dissector("1.2.840.113549.1.9.25.2", dissect_EncryptedPrivateKeyInfo_PDU, proto_pkcs12, "pkcs-9-at-encryptedPrivateKeyInfo");
1401 register_ber_oid_dissector("1.2.840.113549.1.12.1.1", dissect_PBEParameter_PDU, proto_pkcs12, "pbeWithSHAAnd128BitRC4");
1402 register_ber_oid_dissector("1.2.840.113549.1.12.1.2", dissect_PBEParameter_PDU, proto_pkcs12, "pbeWithSHAAnd40BitRC4");
1403 register_ber_oid_dissector("1.2.840.113549.1.12.1.3", dissect_PBEParameter_PDU, proto_pkcs12, "pbeWithSHAAnd3-KeyTripleDES-CBC");
1404 register_ber_oid_dissector("1.2.840.113549.1.12.1.4", dissect_PBEParameter_PDU, proto_pkcs12, "pbeWithSHAAnd2-KeyTripleDES-CBC");
1405 register_ber_oid_dissector("1.2.840.113549.1.12.1.5", dissect_PBEParameter_PDU, proto_pkcs12, "pbeWithSHAAnd128BitRC2-CBC");
1406 register_ber_oid_dissector("1.2.840.113549.1.12.1.6", dissect_PBEParameter_PDU, proto_pkcs12, "pbeWithSHAAnd40BitRC2-CBC");
1407 register_ber_oid_dissector("1.2.840.113549.1.5.1", dissect_PBEParameter_PDU, proto_pkcs12, "pbeWithMD2AndDES-CBC");
1408 register_ber_oid_dissector("1.2.840.113549.1.5.3", dissect_PBEParameter_PDU, proto_pkcs12, "pbeWithMD5AndDES-CBC");
1409 register_ber_oid_dissector("1.2.840.113549.1.5.4", dissect_PBEParameter_PDU, proto_pkcs12, "pbeWithMD2AndRC2-CBC");
1410 register_ber_oid_dissector("1.2.840.113549.1.5.6", dissect_PBEParameter_PDU, proto_pkcs12, "pbeWithMD5AndRC2-CBC");
1411 register_ber_oid_dissector("1.2.840.113549.1.5.10", dissect_PBEParameter_PDU, proto_pkcs12, "pbeWithSHA1AndDES-CBC");
1412 register_ber_oid_dissector("1.2.840.113549.1.5.11", dissect_PBEParameter_PDU, proto_pkcs12, "pbeWithSHA1AndRC2-CBC");
1413 register_ber_oid_dissector("1.2.840.113549.1.5.12", dissect_PBKDF2Params_PDU, proto_pkcs12, "id-PBKDF2");
1414 register_ber_oid_dissector("1.2.840.113549.1.5.13", dissect_PBES2Params_PDU, proto_pkcs12, "id-PBES2");
1415 register_ber_oid_dissector("1.2.840.113549.1.5.14", dissect_PBMAC1Params_PDU, proto_pkcs12, "id-PBMAC1");
1418 register_ber_oid_dissector("1.2.840.113549.1.9.22.1", dissect_X509Certificate_OCTETSTRING_PDU, proto_pkcs12, "x509Certificate");