488 lines
13 KiB
C
488 lines
13 KiB
C
/* packet-pkcs12.c
|
|
* Routines for PKCS#12: Personal Information Exchange packet dissection
|
|
* Graeme Lunt 2006
|
|
*
|
|
* See "PKCS #12 v1.1: Personal Information Exchange Syntax":
|
|
*
|
|
* http://www.emc.com/emc-plus/rsa-labs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
|
|
*
|
|
* Wireshark - Network traffic analyzer
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
* Copyright 1998 Gerald Combs
|
|
*
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
|
*/
|
|
|
|
#include "config.h"
|
|
|
|
#include <epan/packet.h>
|
|
#include <epan/expert.h>
|
|
#include <epan/oids.h>
|
|
#include <epan/asn1.h>
|
|
#include <epan/prefs.h>
|
|
|
|
#include "packet-ber.h"
|
|
#include "packet-pkcs12.h"
|
|
#include "packet-x509af.h"
|
|
#include "packet-x509if.h"
|
|
#include "packet-cms.h"
|
|
|
|
#include <wsutil/wsgcrypt.h>
|
|
|
|
#define PNAME "PKCS#12: Personal Information Exchange"
|
|
#define PSNAME "PKCS12"
|
|
#define PFNAME "pkcs12"
|
|
|
|
#define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
|
|
#define PKCS12_PBE_3DES_SHA1_OID "1.2.840.113549.1.12.1.3"
|
|
#define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
|
|
|
|
void proto_register_pkcs12(void);
|
|
void proto_reg_handoff_pkcs12(void);
|
|
|
|
/* Initialize the protocol and registered fields */
|
|
static int proto_pkcs12 = -1;
|
|
|
|
static int hf_pkcs12_X509Certificate_PDU = -1;
|
|
static int hf_pkcs12_AuthenticatedSafe_PDU = -1; /* AuthenticatedSafe */
|
|
static gint ett_decrypted_pbe = -1;
|
|
|
|
static expert_field ei_pkcs12_octet_string_expected = EI_INIT;
|
|
|
|
|
|
static const char *object_identifier_id = NULL;
|
|
static int iteration_count = 0;
|
|
static tvbuff_t *salt = NULL;
|
|
static const char *password = NULL;
|
|
static gboolean try_null_password = FALSE;
|
|
|
|
static int dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data);
|
|
static int dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data);
|
|
static int dissect_PrivateKeyInfo_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
|
|
|
|
#include "packet-pkcs12-hf.c"
|
|
|
|
/* Initialize the subtree pointers */
|
|
#include "packet-pkcs12-ett.c"
|
|
|
|
static void append_oid(wmem_allocator_t *pool, proto_tree *tree, const char *oid)
|
|
{
|
|
const char *name = NULL;
|
|
|
|
name = oid_resolved_from_string(pool, oid);
|
|
proto_item_append_text(tree, " (%s)", name ? name : oid);
|
|
}
|
|
|
|
static int
|
|
generate_key_or_iv(packet_info *pinfo, unsigned int id, tvbuff_t *salt_tvb, unsigned int iter,
|
|
const char *pw, unsigned int req_keylen, char * keybuf)
|
|
{
|
|
int rc;
|
|
unsigned int i, j;
|
|
gcry_md_hd_t md;
|
|
gcry_mpi_t num_b1 = NULL;
|
|
size_t pwlen;
|
|
char hash[20], buf_b[64], buf_i[128], *p;
|
|
char *salt_p;
|
|
int salt_size;
|
|
size_t cur_keylen;
|
|
size_t n;
|
|
gcry_error_t err;
|
|
|
|
cur_keylen = 0;
|
|
|
|
salt_size = tvb_captured_length(salt_tvb);
|
|
salt_p = (char *)tvb_memdup(pinfo->pool, salt_tvb, 0, salt_size);
|
|
|
|
if (pw == NULL)
|
|
pwlen = 0;
|
|
else
|
|
pwlen = strlen(pw);
|
|
|
|
if (pwlen > 63 / 2)
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
/* Store salt and password in BUF_I */
|
|
p = buf_i;
|
|
for (i = 0; i < 64; i++)
|
|
*p++ = salt_p[i % salt_size];
|
|
if (pw)
|
|
{
|
|
for (i = j = 0; i < 64; i += 2)
|
|
{
|
|
*p++ = 0;
|
|
*p++ = pw[j];
|
|
if (++j > pwlen) /* Note, that we include the trailing zero */
|
|
j = 0;
|
|
}
|
|
}
|
|
else
|
|
memset (p, 0, 64);
|
|
|
|
for (;;) {
|
|
err = gcry_md_open(&md, GCRY_MD_SHA1, 0);
|
|
if (gcry_err_code(err))
|
|
{
|
|
return FALSE;
|
|
}
|
|
for (i = 0; i < 64; i++)
|
|
{
|
|
unsigned char lid = id & 0xFF;
|
|
gcry_md_write (md, &lid, 1);
|
|
}
|
|
|
|
gcry_md_write(md, buf_i, pw ? 128 : 64);
|
|
|
|
gcry_md_final (md);
|
|
memcpy (hash, gcry_md_read (md, 0), 20);
|
|
|
|
gcry_md_close (md);
|
|
|
|
for (i = 1; i < iter; i++)
|
|
gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20);
|
|
|
|
for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
|
|
keybuf[cur_keylen++] = hash[i];
|
|
|
|
if (cur_keylen == req_keylen)
|
|
{
|
|
gcry_mpi_release (num_b1);
|
|
return TRUE; /* ready */
|
|
}
|
|
|
|
/* need more bytes. */
|
|
for (i = 0; i < 64; i++)
|
|
buf_b[i] = hash[i % 20];
|
|
|
|
n = 64;
|
|
|
|
rc = gcry_mpi_scan (&num_b1, GCRYMPI_FMT_USG, buf_b, n, &n);
|
|
|
|
if (rc != 0)
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
gcry_mpi_add_ui (num_b1, num_b1, 1);
|
|
|
|
for (i = 0; i < 128; i += 64)
|
|
{
|
|
gcry_mpi_t num_ij;
|
|
|
|
n = 64;
|
|
rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, n, &n);
|
|
|
|
if (rc != 0)
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
gcry_mpi_add (num_ij, num_ij, num_b1);
|
|
gcry_mpi_clear_highbit (num_ij, 64 * 8);
|
|
|
|
n = 64;
|
|
|
|
rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, n, &n, num_ij);
|
|
if (rc != 0)
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
gcry_mpi_release (num_ij);
|
|
}
|
|
}
|
|
}
|
|
|
|
void PBE_reset_parameters(void)
|
|
{
|
|
iteration_count = 0;
|
|
salt = NULL;
|
|
}
|
|
|
|
int PBE_decrypt_data(const char *object_identifier_id_param _U_, tvbuff_t *encrypted_tvb _U_, packet_info *pinfo _U_, asn1_ctx_t *actx _U_, proto_item *item _U_)
|
|
{
|
|
const char *encryption_algorithm;
|
|
gcry_cipher_hd_t cipher;
|
|
gcry_error_t err;
|
|
int algo;
|
|
int mode;
|
|
int ivlen = 0;
|
|
int keylen = 0;
|
|
int datalen = 0;
|
|
char *key = NULL;
|
|
char *iv = NULL;
|
|
char *clear_data = NULL;
|
|
tvbuff_t *clear_tvb = NULL;
|
|
const gchar *oidname;
|
|
GString *name;
|
|
proto_tree *tree;
|
|
char byte;
|
|
gboolean decrypt_ok = TRUE;
|
|
|
|
if(((password == NULL) || (*password == '\0')) && (try_null_password == FALSE)) {
|
|
/* we are not configured to decrypt */
|
|
return FALSE;
|
|
}
|
|
|
|
encryption_algorithm = x509af_get_last_algorithm_id();
|
|
|
|
/* these are the only encryption schemes we understand for now */
|
|
if(!strcmp(encryption_algorithm, PKCS12_PBE_3DES_SHA1_OID)) {
|
|
ivlen = 8;
|
|
keylen = 24;
|
|
algo = GCRY_CIPHER_3DES;
|
|
mode = GCRY_CIPHER_MODE_CBC;
|
|
} else if(!strcmp(encryption_algorithm, PKCS12_PBE_ARCFOUR_SHA1_OID)) {
|
|
ivlen = 0;
|
|
keylen = 16;
|
|
algo = GCRY_CIPHER_ARCFOUR;
|
|
mode = GCRY_CIPHER_MODE_NONE;
|
|
} else if(!strcmp(encryption_algorithm, PKCS12_PBE_RC2_40_SHA1_OID)) {
|
|
ivlen = 8;
|
|
keylen = 5;
|
|
algo = GCRY_CIPHER_RFC2268_40;
|
|
mode = GCRY_CIPHER_MODE_CBC;
|
|
} else {
|
|
/* we don't know how to decrypt this */
|
|
|
|
proto_item_append_text(item, " [Unsupported encryption algorithm]");
|
|
return FALSE;
|
|
}
|
|
|
|
if((iteration_count == 0) || (salt == NULL)) {
|
|
proto_item_append_text(item, " [Insufficient parameters]");
|
|
return FALSE;
|
|
}
|
|
|
|
/* allocate buffers */
|
|
key = (char *)wmem_alloc(pinfo->pool, keylen);
|
|
|
|
if(!generate_key_or_iv(pinfo, 1 /*LEY */, salt, iteration_count, password, keylen, key))
|
|
return FALSE;
|
|
|
|
if(ivlen) {
|
|
|
|
iv = (char *)wmem_alloc(pinfo->pool, ivlen);
|
|
|
|
if(!generate_key_or_iv(pinfo, 2 /* IV */, salt, iteration_count, password, ivlen, iv))
|
|
return FALSE;
|
|
}
|
|
|
|
/* now try an internal function */
|
|
err = gcry_cipher_open(&cipher, algo, mode, 0);
|
|
if (gcry_err_code (err))
|
|
return FALSE;
|
|
|
|
err = gcry_cipher_setkey (cipher, key, keylen);
|
|
if (gcry_err_code (err)) {
|
|
gcry_cipher_close (cipher);
|
|
return FALSE;
|
|
}
|
|
|
|
if(ivlen) {
|
|
err = gcry_cipher_setiv (cipher, iv, ivlen);
|
|
if (gcry_err_code (err)) {
|
|
gcry_cipher_close (cipher);
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
datalen = tvb_captured_length(encrypted_tvb);
|
|
clear_data = (char *)wmem_alloc(pinfo->pool, datalen);
|
|
|
|
err = gcry_cipher_decrypt (cipher, clear_data, datalen, (char *)tvb_memdup(pinfo->pool, encrypted_tvb, 0, datalen), datalen);
|
|
if (gcry_err_code (err)) {
|
|
|
|
proto_item_append_text(item, " [Failed to decrypt with password preference]");
|
|
|
|
gcry_cipher_close (cipher);
|
|
return FALSE;
|
|
}
|
|
|
|
gcry_cipher_close (cipher);
|
|
|
|
/* We don't know if we have successfully decrypted the data or not so we:
|
|
a) check the trailing bytes
|
|
b) see if we start with a sequence or a set (is this too constraining?
|
|
*/
|
|
|
|
/* first the trailing bytes */
|
|
byte = clear_data[datalen-1];
|
|
if(byte <= 0x08) {
|
|
int i;
|
|
|
|
for(i = (int)byte; i > 0 ; i--) {
|
|
if(clear_data[datalen - i] != byte) {
|
|
decrypt_ok = FALSE;
|
|
break;
|
|
}
|
|
}
|
|
} else {
|
|
/* XXX: is this a failure? */
|
|
}
|
|
|
|
/* we assume the result is ASN.1 - check it is a SET or SEQUENCE */
|
|
byte = clear_data[0];
|
|
if((byte != 0x30) && (byte != 0x31)) { /* do we need more here? OCTET STRING? */
|
|
decrypt_ok = FALSE;
|
|
}
|
|
|
|
if(!decrypt_ok) {
|
|
proto_item_append_text(item, " [Failed to decrypt with supplied password]");
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
proto_item_append_text(item, " [Decrypted successfully]");
|
|
|
|
tree = proto_item_add_subtree(item, ett_decrypted_pbe);
|
|
|
|
/* OK - so now clear_data contains the decrypted data */
|
|
|
|
clear_tvb = tvb_new_child_real_data(encrypted_tvb,(const guint8 *)clear_data, datalen, datalen);
|
|
|
|
name = g_string_new("");
|
|
oidname = oid_resolved_from_string(pinfo->pool, object_identifier_id_param);
|
|
g_string_printf(name, "Decrypted %s", oidname ? oidname : object_identifier_id_param);
|
|
|
|
/* add it as a new source */
|
|
add_new_data_source(actx->pinfo, clear_tvb, name->str);
|
|
|
|
g_string_free(name, TRUE);
|
|
|
|
/* now try and decode it */
|
|
call_ber_oid_callback(object_identifier_id_param, clear_tvb, 0, actx->pinfo, tree, NULL);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
#include "packet-pkcs12-fn.c"
|
|
|
|
static int strip_octet_string(tvbuff_t *tvb)
|
|
{
|
|
gint8 ber_class;
|
|
gboolean pc, ind;
|
|
gint32 tag;
|
|
guint32 len;
|
|
int offset = 0;
|
|
|
|
/* PKCS#7 encodes the content as OCTET STRING, whereas CMS is just any ANY */
|
|
/* if we use CMS (rather than PKCS#7) - which we are - we need to strip the OCTET STRING tag */
|
|
/* before proceeding */
|
|
|
|
offset = get_ber_identifier(tvb, 0, &ber_class, &pc, &tag);
|
|
offset = get_ber_length(tvb, offset, &len, &ind);
|
|
|
|
if((ber_class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_OCTETSTRING))
|
|
return offset;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
static int dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) {
|
|
int offset = 0;
|
|
asn1_ctx_t asn1_ctx;
|
|
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
|
|
|
|
if((offset = strip_octet_string(tvb)) > 0)
|
|
dissect_pkcs12_AuthenticatedSafe(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_AuthenticatedSafe_PDU);
|
|
else
|
|
proto_tree_add_expert(tree, pinfo, &ei_pkcs12_octet_string_expected, tvb, 0, 1);
|
|
return tvb_captured_length(tvb);
|
|
}
|
|
|
|
static int dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|
{
|
|
int offset = 0;
|
|
asn1_ctx_t asn1_ctx;
|
|
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
|
|
|
|
offset = strip_octet_string(tvb);
|
|
|
|
dissect_pkcs12_SafeContents(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_SafeContents_PDU);
|
|
return tvb_captured_length(tvb);
|
|
}
|
|
|
|
static int dissect_X509Certificate_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
|
|
{
|
|
int offset = 0;
|
|
asn1_ctx_t asn1_ctx;
|
|
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
|
|
|
|
if((offset = strip_octet_string(tvb)) > 0)
|
|
dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_X509Certificate_PDU);
|
|
else
|
|
proto_tree_add_expert(tree, pinfo, &ei_pkcs12_octet_string_expected, tvb, 0, 1);
|
|
|
|
return tvb_captured_length(tvb);
|
|
}
|
|
|
|
/*--- proto_register_pkcs12 ----------------------------------------------*/
|
|
void proto_register_pkcs12(void) {
|
|
|
|
/* List of fields */
|
|
static hf_register_info hf[] = {
|
|
{ &hf_pkcs12_X509Certificate_PDU,
|
|
{ "X509Certificate", "pkcs12.X509Certificate",
|
|
FT_NONE, BASE_NONE, NULL, 0,
|
|
"pkcs12.X509Certificate", HFILL }},
|
|
{ &hf_pkcs12_AuthenticatedSafe_PDU,
|
|
{ "AuthenticatedSafe", "pkcs12.AuthenticatedSafe",
|
|
FT_UINT32, BASE_DEC, NULL, 0,
|
|
NULL, HFILL }},
|
|
|
|
#include "packet-pkcs12-hfarr.c"
|
|
};
|
|
|
|
/* List of subtrees */
|
|
static gint *ett[] = {
|
|
&ett_decrypted_pbe,
|
|
#include "packet-pkcs12-ettarr.c"
|
|
};
|
|
static ei_register_info ei[] = {
|
|
{ &ei_pkcs12_octet_string_expected, { "pkcs12.octet_string_expected", PI_PROTOCOL, PI_WARN, "BER Error: OCTET STRING expected", EXPFILL }},
|
|
};
|
|
|
|
module_t *pkcs12_module;
|
|
expert_module_t* expert_pkcs12;
|
|
|
|
/* Register protocol */
|
|
proto_pkcs12 = proto_register_protocol(PNAME, PSNAME, PFNAME);
|
|
|
|
/* Register fields and subtrees */
|
|
proto_register_field_array(proto_pkcs12, hf, array_length(hf));
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
expert_pkcs12 = expert_register_protocol(proto_pkcs12);
|
|
expert_register_field_array(expert_pkcs12, ei, array_length(ei));
|
|
|
|
/* Register preferences */
|
|
pkcs12_module = prefs_register_protocol(proto_pkcs12, NULL);
|
|
|
|
prefs_register_string_preference(pkcs12_module, "password",
|
|
"Password to decrypt the file with",
|
|
"The password to used to decrypt the encrypted elements within"
|
|
" the PKCS#12 file", &password);
|
|
|
|
prefs_register_bool_preference(pkcs12_module, "try_null_password",
|
|
"Try to decrypt with a empty password",
|
|
"Whether to try and decrypt the encrypted data within the"
|
|
" PKCS#12 with a NULL password", &try_null_password);
|
|
|
|
register_ber_syntax_dissector("PKCS#12", proto_pkcs12, dissect_PFX_PDU);
|
|
register_ber_oid_syntax(".p12", NULL, "PKCS#12");
|
|
register_ber_oid_syntax(".pfx", NULL, "PKCS#12");
|
|
}
|
|
|
|
|
|
/*--- proto_reg_handoff_pkcs12 -------------------------------------------*/
|
|
void proto_reg_handoff_pkcs12(void) {
|
|
#include "packet-pkcs12-dis-tab.c"
|
|
|
|
register_ber_oid_dissector("1.2.840.113549.1.9.22.1", dissect_X509Certificate_OCTETSTRING_PDU, proto_pkcs12, "x509Certificate");
|
|
|
|
}
|
|
|