160 lines
5.1 KiB
INI
160 lines
5.1 KiB
INI
# pkcs12.cnf
|
|
# PKCS12 conformation file
|
|
|
|
#.MODULE_IMPORT
|
|
PKCS-7 cms
|
|
PKCS-5 x509af
|
|
|
|
#.IMPORT ../cms/cms-exp.cnf
|
|
#.IMPORT ../x509if/x509if-exp.cnf
|
|
#.IMPORT ../x509af/x509af-exp.cnf
|
|
|
|
#.EXPORTS
|
|
|
|
#.REGISTER
|
|
KeyBag B "1.2.840.113549.1.12.10.1.1" "keyBag"
|
|
PKCS8ShroudedKeyBag B "1.2.840.113549.1.12.10.1.2" "pkcs8ShroudedKeyBag"
|
|
CertBag B "1.2.840.113549.1.12.10.1.3" "certBag"
|
|
SecretBag B "1.2.840.113549.1.12.10.1.4" "secretBag"
|
|
CRLBag B "1.2.840.113549.1.12.10.1.5" "crlBag"
|
|
SafeContents B "1.2.840.113549.1.12.10.1.6" "safeContentsBag"
|
|
|
|
# PKCS#9 Attributes - see master list in x509sat.cnf
|
|
PFX B "2.16.840.1.113730.3.1.216" "pkcs-9-at-PKCS12"
|
|
EncryptedPrivateKeyInfo B "1.2.840.113549.1.9.25.2" "pkcs-9-at-encryptedPrivateKeyInfo"
|
|
|
|
# Password Based Encryption
|
|
PBEParameter B "1.2.840.113549.1.12.1.1" "pbeWithSHAAnd128BitRC4"
|
|
PBEParameter B "1.2.840.113549.1.12.1.2" "pbeWithSHAAnd40BitRC4"
|
|
PBEParameter B "1.2.840.113549.1.12.1.3" "pbeWithSHAAnd3-KeyTripleDES-CBC"
|
|
PBEParameter B "1.2.840.113549.1.12.1.4" "pbeWithSHAAnd2-KeyTripleDES-CBC"
|
|
PBEParameter B "1.2.840.113549.1.12.1.5" "pbeWithSHAAnd128BitRC2-CBC"
|
|
PBEParameter B "1.2.840.113549.1.12.1.6" "pbeWithSHAAnd40BitRC2-CBC"
|
|
|
|
PBEParameter B "1.2.840.113549.1.5.1" "pbeWithMD2AndDES-CBC"
|
|
PBEParameter B "1.2.840.113549.1.5.3" "pbeWithMD5AndDES-CBC"
|
|
PBEParameter B "1.2.840.113549.1.5.4" "pbeWithMD2AndRC2-CBC"
|
|
PBEParameter B "1.2.840.113549.1.5.6" "pbeWithMD5AndRC2-CBC"
|
|
PBEParameter B "1.2.840.113549.1.5.10" "pbeWithSHA1AndDES-CBC"
|
|
PBEParameter B "1.2.840.113549.1.5.11" "pbeWithSHA1AndRC2-CBC"
|
|
|
|
PBKDF2Params B "1.2.840.113549.1.5.12" "id-PBKDF2"
|
|
PBES2Params B "1.2.840.113549.1.5.13" "id-PBES2"
|
|
PBMAC1Params B "1.2.840.113549.1.5.14" "id-PBMAC1"
|
|
|
|
#.NO_EMIT
|
|
|
|
#.TYPE_RENAME
|
|
|
|
#.FIELD_RENAME
|
|
PrivateKeyInfo/version privateKeyVersion
|
|
PBKDF2Params/salt saltChoice
|
|
|
|
#.PDU
|
|
#AuthenticatedSafe
|
|
PrivateKeyInfo
|
|
|
|
#.FN_BODY PFX
|
|
dissector_handle_t dissector_handle;
|
|
|
|
/* we change the CMS id-data dissector to dissect as AuthenticatedSafe
|
|
not sure why PKCS#12 couldn't have used its own content type OID for AuthenticatedSafe */
|
|
dissector_handle=create_dissector_handle(dissect_AuthenticatedSafe_OCTETSTRING_PDU, proto_pkcs12);
|
|
dissector_change_string("ber.oid", "1.2.840.113549.1.7.1", dissector_handle);
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
/* restore the original dissector */
|
|
dissector_reset_string("ber.oid", "1.2.840.113549.1.7.1");
|
|
|
|
#.FN_BODY AuthenticatedSafe
|
|
dissector_handle_t dissector_handle;
|
|
|
|
/* we change the CMS id-data dissector to dissect as SafeContents */
|
|
dissector_handle=create_dissector_handle(dissect_SafeContents_OCTETSTRING_PDU, proto_pkcs12);
|
|
dissector_change_string("ber.oid", "1.2.840.113549.1.7.1", dissector_handle);
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
/* restore the original dissector */
|
|
dissector_reset_string("ber.oid", "1.2.840.113549.1.7.1");
|
|
|
|
#.FN_PARS SafeBag/bagId FN_VARIANT = _str VAL_PTR = &object_identifier_id
|
|
#.FN_FTR SafeBag/bagId
|
|
append_oid(actx->pinfo->pool, tree, object_identifier_id);
|
|
#.END
|
|
|
|
#.FN_PARS CertBag/certId FN_VARIANT = _str VAL_PTR = &object_identifier_id
|
|
#.FN_FTR CertBag/certId
|
|
append_oid(actx->pinfo->pool, tree, object_identifier_id);
|
|
#.END
|
|
|
|
#.FN_PARS CRLBag/crlId FN_VARIANT = _str VAL_PTR = &object_identifier_id
|
|
#.FN_FTR CRLBag/crlId
|
|
append_oid(actx->pinfo->pool, tree, object_identifier_id);
|
|
#.END
|
|
|
|
#.FN_PARS SecretBag/secretTypeId FN_VARIANT = _str VAL_PTR = &object_identifier_id
|
|
#.FN_FTR SecretBag/secretTypeId
|
|
append_oid(actx->pinfo->pool, tree, object_identifier_id);
|
|
#.END
|
|
|
|
#.FN_PARS PKCS12Attribute/attrId FN_VARIANT = _str VAL_PTR = &object_identifier_id
|
|
#.FN_FTR PKCS12Attribute/attrId
|
|
append_oid(actx->pinfo->pool, tree, object_identifier_id);
|
|
#.END
|
|
|
|
#.FN_BODY SafeBag/bagValue
|
|
if(object_identifier_id)
|
|
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_BODY PKCS12Attribute/attrValues/_item
|
|
if(object_identifier_id)
|
|
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_BODY CertBag/certValue
|
|
if(object_identifier_id)
|
|
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_BODY CRLBag/crlValue
|
|
if(object_identifier_id)
|
|
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_BODY SecretBag/secretValue
|
|
if(object_identifier_id)
|
|
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_HDR PBEParameter
|
|
/* initialise the encryption parameters */
|
|
PBE_reset_parameters();
|
|
|
|
#.END
|
|
|
|
#.FN_PARS OCTET_STRING VAL_PTR = (hf_index == hf_pkcs12_salt ? &salt : NULL)
|
|
#.FN_PARS INTEGER VAL_PTR = (hf_index == hf_pkcs12_iterationCount ? &iteration_count : NULL)
|
|
|
|
#.FN_PARS EncryptedData VAL_PTR = &encrypted_tvb
|
|
|
|
#.FN_HDR EncryptedData
|
|
tvbuff_t *encrypted_tvb;
|
|
dissector_handle_t dissector_handle;
|
|
|
|
#.END
|
|
|
|
#.FN_FTR EncryptedData
|
|
|
|
|
|
|
|
dissector_handle=create_dissector_handle(dissect_PrivateKeyInfo_PDU, proto_pkcs12);
|
|
dissector_change_string("ber.oid", object_identifier_id, dissector_handle);
|
|
|
|
PBE_decrypt_data(object_identifier_id, encrypted_tvb, actx->pinfo, actx, actx->created_item);
|
|
|
|
/* restore the original dissector */
|
|
dissector_reset_string("ber.oid", object_identifier_id);
|
|
|
|
#.END
|
|
|
|
|
|
|