*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
+#include "config.h"
#include <glib.h>
#include <epan/packet.h>
-#include <epan/conversation.h>
-#include <epan/oid_resolv.h>
+#include <epan/oids.h>
#include <epan/asn1.h>
#include <epan/prefs.h>
-#include <stdio.h>
-#include <string.h>
-
#include "packet-ber.h"
#include "packet-pkcs12.h"
#include "packet-x509af.h"
#include "packet-x509if.h"
#include "packet-cms.h"
-#ifdef _WIN32
-#include <winposixtype.h>
-#else
+#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
+#endif
+
+#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#endif
#ifdef HAVE_LIBGCRYPT
-#include "gcrypt.h"
-#endif
+#include <wsutil/wsgcrypt.h>
+#endif
#define PNAME "PKCS#12: Personal Information Exchange"
#define PSNAME "PKCS12"
#define PKCS12_PBE_3DES_SHA1_OID "1.2.840.113549.1.12.1.3"
#define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
+void proto_register_pkcs12(void);
+void proto_reg_handoff_pkcs12(void);
+
/* Initialize the protocol and registered fields */
-int proto_pkcs12 = -1;
+static int proto_pkcs12 = -1;
static int hf_pkcs12_X509Certificate_PDU = -1;
static gint ett_decrypted_pbe = -1;
-static const char *object_identifier_id = NULL;
+static const char *object_identifier_id = NULL;
static int iteration_count = 0;
static tvbuff_t *salt = NULL;
static const char *password = NULL;
{
const char *name = NULL;
- name = get_oid_str_name(oid);
- proto_item_append_text(tree, " (%s)", name ? name : oid);
+ name = oid_resolved_from_string(oid);
+ proto_item_append_text(tree, " (%s)", name ? name : oid);
}
#ifdef HAVE_LIBGCRYPT
-int
+static int
generate_key_or_iv(unsigned int id, tvbuff_t *salt_tvb, unsigned int iter,
const char *pw, unsigned int req_keylen, char * keybuf)
{
unsigned int i, j;
gcry_md_hd_t md;
gcry_mpi_t num_b1 = NULL;
- unsigned int pwlen;
+ size_t pwlen;
char hash[20], buf_b[64], buf_i[128], *p;
- char *salt;
+ char *salt_p;
int salt_size;
size_t cur_keylen;
size_t n;
cur_keylen = 0;
salt_size = tvb_length(salt_tvb);
- salt = tvb_get_ephemeral_string(salt_tvb, 0, salt_size);
+ salt_p = tvb_get_ephemeral_string(salt_tvb, 0, salt_size);
if (pw == NULL)
pwlen = 0;
/* Store salt and password in BUF_I */
p = buf_i;
for (i = 0; i < 64; i++)
- *p++ = salt[i % salt_size];
+ *p++ = salt_p[i % salt_size];
if (pw)
{
for (i = j = 0; i < 64; i += 2)
unsigned char lid = id & 0xFF;
gcry_md_write (md, &lid, 1);
}
-
+
gcry_md_write(md, buf_i, pw ? 128 : 64);
gcry_md_final (md);
memcpy (hash, gcry_md_read (md, 0), 20);
-
+
gcry_md_close (md);
-
+
for (i = 1; i < iter; i++)
gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20);
for (i = 0; i < 128; i += 64) {
gcry_mpi_t num_ij;
-
+
n = 64;
rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, n, &n);
if (rc != 0) {
return FALSE;
}
-
+
gcry_mpi_add (num_ij, num_ij, num_b1);
gcry_mpi_clear_highbit (num_ij, 64 * 8);
-
+
n = 64;
rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, n, &n, num_ij);
}
}
-#endif
+#endif
-void PBE_reset_parameters()
+void PBE_reset_parameters(void)
{
iteration_count = 0;
salt = NULL;
}
-int PBE_decrypt_data(const char *object_identifier_id _U_, tvbuff_t *encrypted_tvb _U_, asn1_ctx_t *actx _U_, proto_item *item _U_)
+int PBE_decrypt_data(const char *object_identifier_id_param, tvbuff_t *encrypted_tvb, asn1_ctx_t *actx, proto_item *item)
{
#ifdef HAVE_LIBGCRYPT
const char *encryption_algorithm;
proto_tree *tree;
char byte;
gboolean decrypt_ok = TRUE;
-
+
if(((password == NULL) || (*password == '\0')) && (try_null_password == FALSE)) {
/* we are not configured to decrypt */
return FALSE;
mode = GCRY_CIPHER_MODE_CBC;
} else {
/* we don't know how to decrypt this */
-
+
proto_item_append_text(item, " [Unsupported encryption algorithm]");
return FALSE;
}
- if((iteration_count == 0) || (salt == NULL)) {
+ if((iteration_count == 0) || (salt == NULL)) {
proto_item_append_text(item, " [Insufficient parameters]");
return FALSE;
}
/* allocate buffers */
- key = ep_alloc(keylen);
+ key = (char *)ep_alloc(keylen);
if(!generate_key_or_iv(1 /*LEY */, salt, iteration_count, password, keylen, key))
return FALSE;
if(ivlen) {
-
- iv = ep_alloc(ivlen);
-
+
+ iv = (char *)ep_alloc(ivlen);
+
if(!generate_key_or_iv(2 /* IV */, salt, iteration_count, password, ivlen, iv))
return FALSE;
}
/* now try an internal function */
- err = gcry_cipher_open(&cipher, algo, mode, NULL);
+ err = gcry_cipher_open(&cipher, algo, mode, 0);
if (gcry_err_code (err))
return FALSE;
- err = gcry_cipher_setkey (cipher, key, keylen);
+ err = gcry_cipher_setkey (cipher, key, keylen);
if (gcry_err_code (err)) {
gcry_cipher_close (cipher);
return FALSE;
}
-
+
if(ivlen) {
- err = gcry_cipher_setiv (cipher, iv, ivlen);
+ err = gcry_cipher_setiv (cipher, iv, ivlen);
if (gcry_err_code (err)) {
gcry_cipher_close (cipher);
return FALSE;
}
datalen = tvb_length(encrypted_tvb);
- clear_data = g_malloc(datalen);
+ clear_data = (char *)g_malloc(datalen);
err = gcry_cipher_decrypt (cipher, clear_data, datalen, tvb_get_ephemeral_string(encrypted_tvb, 0, datalen), datalen);
if (gcry_err_code (err)) {
gcry_cipher_close (cipher);
/* We don't know if we have successfully decrypted the data or not so we:
- a) check the trailing bytes
+ a) check the trailing bytes
b) see if we start with a sequence or a set (is this too constraining?
*/
break;
}
}
- } else {
+ } else {
/* XXX: is this a failure? */
}
/* OK - so now clear_data contains the decrypted data */
- clear_tvb = tvb_new_real_data((const guint8 *)clear_data, datalen, datalen);
+ clear_tvb = tvb_new_child_real_data(encrypted_tvb,(const guint8 *)clear_data, datalen, datalen);
tvb_set_free_cb(clear_tvb, g_free);
name = g_string_new("");
- oidname = get_oid_str_name(object_identifier_id);
- g_string_sprintf(name, "Decrypted %s", oidname ? oidname : object_identifier_id);
+ oidname = oid_resolved_from_string(object_identifier_id_param);
+ g_string_printf(name, "Decrypted %s", oidname ? oidname : object_identifier_id_param);
/* add it as a new source */
add_new_data_source(actx->pinfo, clear_tvb, name->str);
-
+
g_string_free(name, TRUE);
/* now try and decode it */
- call_ber_oid_callback(object_identifier_id, clear_tvb, 0, actx->pinfo, tree);
+ call_ber_oid_callback(object_identifier_id_param, clear_tvb, 0, actx->pinfo, tree);
- return TRUE;
+ return TRUE;
#else
/* we cannot decrypt */
return FALSE;
#include "packet-pkcs12-fn.c"
-static int strip_octet_string(tvbuff_t *tvb)
+static int strip_octet_string(tvbuff_t *tvb)
{
- gint8 class;
+ gint8 ber_class;
gboolean pc, ind;
gint32 tag;
guint32 len;
/* if we use CMS (rather than PKCS#7) - which we are - we need to strip the OCTET STRING tag */
/* before proceeding */
- offset = get_ber_identifier(tvb, 0, &class, &pc, &tag);
+ offset = get_ber_identifier(tvb, 0, &ber_class, &pc, &tag);
offset = get_ber_length(tvb, offset, &len, &ind);
- if((class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_OCTETSTRING))
+ if((ber_class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_OCTETSTRING))
return offset;
return 0;
proto_tree_add_text(tree, tvb, 0, 1, "BER Error: OCTET STRING expected");
}
-static void dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+static void dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
int offset = 0;
asn1_ctx_t asn1_ctx;
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
offset = strip_octet_string(tvb);
-
+
dissect_pkcs12_SafeContents(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_SafeContents_PDU);
}
-static void dissect_X509Certificate_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+static void dissect_X509Certificate_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
int offset = 0;
asn1_ctx_t asn1_ctx;
"Whether to try and decrypt the encrypted data within the"
" PKCS#12 with a NULL password", &try_null_password);
- register_ber_syntax_dissector("PKCS#12", proto_pkcs12, dissect_PFX_PDU);
+ register_ber_syntax_dissector("PKCS#12", proto_pkcs12, dissect_PFX_PDU);
register_ber_oid_syntax(".p12", NULL, "PKCS#12");
register_ber_oid_syntax(".pfx", NULL, "PKCS#12");
}