2 * Routines for PKCS#12: Personal Information Exchange packet dissection
5 * See "PKCS #12 v1.1: Personal Information Exchange Syntax":
7 * http://www.emc.com/emc-plus/rsa-labs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
9 * Wireshark - Network traffic analyzer
10 * By Gerald Combs <gerald@wireshark.org>
11 * Copyright 1998 Gerald Combs
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
30 #include <epan/packet.h>
31 #include <epan/expert.h>
32 #include <epan/oids.h>
33 #include <epan/asn1.h>
34 #include <epan/prefs.h>
36 #include "packet-ber.h"
37 #include "packet-pkcs12.h"
38 #include "packet-x509af.h"
39 #include "packet-x509if.h"
40 #include "packet-cms.h"
43 #include <wsutil/wsgcrypt.h>
46 #define PNAME "PKCS#12: Personal Information Exchange"
47 #define PSNAME "PKCS12"
48 #define PFNAME "pkcs12"
50 #define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
51 #define PKCS12_PBE_3DES_SHA1_OID "1.2.840.113549.1.12.1.3"
52 #define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
54 void proto_register_pkcs12(void);
55 void proto_reg_handoff_pkcs12(void);
57 /* Initialize the protocol and registered fields */
58 static int proto_pkcs12 = -1;
60 static int hf_pkcs12_X509Certificate_PDU = -1;
61 static int hf_pkcs12_AuthenticatedSafe_PDU = -1; /* AuthenticatedSafe */
62 static gint ett_decrypted_pbe = -1;
64 static expert_field ei_pkcs12_octet_string_expected = EI_INIT;
67 static const char *object_identifier_id = NULL;
68 static int iteration_count = 0;
69 static tvbuff_t *salt = NULL;
70 static const char *password = NULL;
71 static gboolean try_null_password = FALSE;
73 static void dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
74 static void dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
75 static int dissect_PrivateKeyInfo_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data);
77 #include "packet-pkcs12-hf.c"
79 /* Initialize the subtree pointers */
80 #include "packet-pkcs12-ett.c"
82 static void append_oid(proto_tree *tree, const char *oid)
84 const char *name = NULL;
86 name = oid_resolved_from_string(wmem_packet_scope(), oid);
87 proto_item_append_text(tree, " (%s)", name ? name : oid);
93 generate_key_or_iv(unsigned int id, tvbuff_t *salt_tvb, unsigned int iter,
94 const char *pw, unsigned int req_keylen, char * keybuf)
99 gcry_mpi_t num_b1 = NULL;
101 char hash[20], buf_b[64], buf_i[128], *p;
110 salt_size = tvb_captured_length(salt_tvb);
111 salt_p = (char *)tvb_memdup(wmem_packet_scope(), salt_tvb, 0, salt_size);
123 /* Store salt and password in BUF_I */
125 for (i = 0; i < 64; i++)
126 *p++ = salt_p[i % salt_size];
129 for (i = j = 0; i < 64; i += 2)
133 if (++j > pwlen) /* Note, that we include the trailing zero */
141 err = gcry_md_open(&md, GCRY_MD_SHA1, 0);
142 if (gcry_err_code(err))
146 for (i = 0; i < 64; i++)
148 unsigned char lid = id & 0xFF;
149 gcry_md_write (md, &lid, 1);
152 gcry_md_write(md, buf_i, pw ? 128 : 64);
155 memcpy (hash, gcry_md_read (md, 0), 20);
159 for (i = 1; i < iter; i++)
160 gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20);
162 for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
163 keybuf[cur_keylen++] = hash[i];
165 if (cur_keylen == req_keylen)
167 gcry_mpi_release (num_b1);
168 return TRUE; /* ready */
171 /* need more bytes. */
172 for (i = 0; i < 64; i++)
173 buf_b[i] = hash[i % 20];
177 rc = gcry_mpi_scan (&num_b1, GCRYMPI_FMT_USG, buf_b, n, &n);
184 gcry_mpi_add_ui (num_b1, num_b1, 1);
186 for (i = 0; i < 128; i += 64)
191 rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, n, &n);
198 gcry_mpi_add (num_ij, num_ij, num_b1);
199 gcry_mpi_clear_highbit (num_ij, 64 * 8);
203 rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, n, &n, num_ij);
209 gcry_mpi_release (num_ij);
216 void PBE_reset_parameters(void)
222 int PBE_decrypt_data(const char *object_identifier_id_param _U_, tvbuff_t *encrypted_tvb _U_, asn1_ctx_t *actx _U_, proto_item *item _U_)
224 #ifdef HAVE_LIBGCRYPT
225 const char *encryption_algorithm;
226 gcry_cipher_hd_t cipher;
235 char *clear_data = NULL;
236 tvbuff_t *clear_tvb = NULL;
237 const gchar *oidname;
241 gboolean decrypt_ok = TRUE;
243 if(((password == NULL) || (*password == '\0')) && (try_null_password == FALSE)) {
244 /* we are not configured to decrypt */
248 encryption_algorithm = x509af_get_last_algorithm_id();
250 /* these are the only encryption schemes we understand for now */
251 if(!strcmp(encryption_algorithm, PKCS12_PBE_3DES_SHA1_OID)) {
254 algo = GCRY_CIPHER_3DES;
255 mode = GCRY_CIPHER_MODE_CBC;
256 } else if(!strcmp(encryption_algorithm, PKCS12_PBE_ARCFOUR_SHA1_OID)) {
259 algo = GCRY_CIPHER_ARCFOUR;
260 mode = GCRY_CIPHER_MODE_NONE;
261 } else if(!strcmp(encryption_algorithm, PKCS12_PBE_RC2_40_SHA1_OID)) {
264 algo = GCRY_CIPHER_RFC2268_40;
265 mode = GCRY_CIPHER_MODE_CBC;
267 /* we don't know how to decrypt this */
269 proto_item_append_text(item, " [Unsupported encryption algorithm]");
273 if((iteration_count == 0) || (salt == NULL)) {
274 proto_item_append_text(item, " [Insufficient parameters]");
278 /* allocate buffers */
279 key = (char *)wmem_alloc(wmem_packet_scope(), keylen);
281 if(!generate_key_or_iv(1 /*LEY */, salt, iteration_count, password, keylen, key))
286 iv = (char *)wmem_alloc(wmem_packet_scope(), ivlen);
288 if(!generate_key_or_iv(2 /* IV */, salt, iteration_count, password, ivlen, iv))
292 /* now try an internal function */
293 err = gcry_cipher_open(&cipher, algo, mode, 0);
294 if (gcry_err_code (err))
297 err = gcry_cipher_setkey (cipher, key, keylen);
298 if (gcry_err_code (err)) {
299 gcry_cipher_close (cipher);
304 err = gcry_cipher_setiv (cipher, iv, ivlen);
305 if (gcry_err_code (err)) {
306 gcry_cipher_close (cipher);
311 datalen = tvb_captured_length(encrypted_tvb);
312 clear_data = (char *)g_malloc(datalen);
314 err = gcry_cipher_decrypt (cipher, clear_data, datalen, (char *)tvb_memdup(wmem_packet_scope(), encrypted_tvb, 0, datalen), datalen);
315 if (gcry_err_code (err)) {
317 proto_item_append_text(item, " [Failed to decrypt with password preference]");
319 gcry_cipher_close (cipher);
324 gcry_cipher_close (cipher);
326 /* We don't know if we have successfully decrypted the data or not so we:
327 a) check the trailing bytes
328 b) see if we start with a sequence or a set (is this too constraining?
331 /* first the trailing bytes */
332 byte = clear_data[datalen-1];
336 for(i = (int)byte; i > 0 ; i--) {
337 if(clear_data[datalen - i] != byte) {
343 /* XXX: is this a failure? */
346 /* we assume the result is ASN.1 - check it is a SET or SEQUENCE */
347 byte = clear_data[0];
348 if((byte != 0x30) && (byte != 0x31)) { /* do we need more here? OCTET STRING? */
354 proto_item_append_text(item, " [Failed to decrypt with supplied password]");
359 proto_item_append_text(item, " [Decrypted successfully]");
361 tree = proto_item_add_subtree(item, ett_decrypted_pbe);
363 /* OK - so now clear_data contains the decrypted data */
365 clear_tvb = tvb_new_child_real_data(encrypted_tvb,(const guint8 *)clear_data, datalen, datalen);
366 tvb_set_free_cb(clear_tvb, g_free);
368 name = g_string_new("");
369 oidname = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id_param);
370 g_string_printf(name, "Decrypted %s", oidname ? oidname : object_identifier_id_param);
372 /* add it as a new source */
373 add_new_data_source(actx->pinfo, clear_tvb, name->str);
375 g_string_free(name, TRUE);
377 /* now try and decode it */
378 call_ber_oid_callback(object_identifier_id_param, clear_tvb, 0, actx->pinfo, tree, NULL);
382 /* we cannot decrypt */
388 #include "packet-pkcs12-fn.c"
390 static int strip_octet_string(tvbuff_t *tvb)
398 /* PKCS#7 encodes the content as OCTET STRING, whereas CMS is just any ANY */
399 /* if we use CMS (rather than PKCS#7) - which we are - we need to strip the OCTET STRING tag */
400 /* before proceeding */
402 offset = get_ber_identifier(tvb, 0, &ber_class, &pc, &tag);
403 offset = get_ber_length(tvb, offset, &len, &ind);
405 if((ber_class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_OCTETSTRING))
412 static void dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
415 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
417 if((offset = strip_octet_string(tvb)) > 0)
418 dissect_pkcs12_AuthenticatedSafe(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_AuthenticatedSafe_PDU);
420 proto_tree_add_expert(tree, pinfo, &ei_pkcs12_octet_string_expected, tvb, 0, 1);
423 static void dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
427 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
429 offset = strip_octet_string(tvb);
431 dissect_pkcs12_SafeContents(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_SafeContents_PDU);
434 static void dissect_X509Certificate_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
438 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
440 if((offset = strip_octet_string(tvb)) > 0)
441 dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_X509Certificate_PDU);
443 proto_tree_add_expert(tree, pinfo, &ei_pkcs12_octet_string_expected, tvb, 0, 1);
446 /*--- proto_register_pkcs12 ----------------------------------------------*/
447 void proto_register_pkcs12(void) {
450 static hf_register_info hf[] = {
451 { &hf_pkcs12_X509Certificate_PDU,
452 { "X509Certificate", "pkcs12.X509Certificate",
453 FT_NONE, BASE_NONE, NULL, 0,
454 "pkcs12.X509Certificate", HFILL }},
455 { &hf_pkcs12_AuthenticatedSafe_PDU,
456 { "AuthenticatedSafe", "pkcs12.AuthenticatedSafe",
457 FT_UINT32, BASE_DEC, NULL, 0,
460 #include "packet-pkcs12-hfarr.c"
463 /* List of subtrees */
464 static gint *ett[] = {
466 #include "packet-pkcs12-ettarr.c"
468 static ei_register_info ei[] = {
469 { &ei_pkcs12_octet_string_expected, { "pkcs12.octet_string_expected", PI_PROTOCOL, PI_WARN, "BER Error: OCTET STRING expected", EXPFILL }},
472 module_t *pkcs12_module;
473 expert_module_t* expert_pkcs12;
475 /* Register protocol */
476 proto_pkcs12 = proto_register_protocol(PNAME, PSNAME, PFNAME);
478 /* Register fields and subtrees */
479 proto_register_field_array(proto_pkcs12, hf, array_length(hf));
480 proto_register_subtree_array(ett, array_length(ett));
481 expert_pkcs12 = expert_register_protocol(proto_pkcs12);
482 expert_register_field_array(expert_pkcs12, ei, array_length(ei));
484 /* Register preferences */
485 pkcs12_module = prefs_register_protocol(proto_pkcs12, NULL);
487 prefs_register_string_preference(pkcs12_module, "password",
488 "Password to decrypt the file with",
489 "The password to used to decrypt the encrypted elements within"
490 " the PKCS#12 file", &password);
492 prefs_register_bool_preference(pkcs12_module, "try_null_password",
493 "Try to decrypt with a empty password",
494 "Whether to try and decrypt the encrypted data within the"
495 " PKCS#12 with a NULL password", &try_null_password);
497 new_register_ber_syntax_dissector("PKCS#12", proto_pkcs12, dissect_PFX_PDU);
498 register_ber_oid_syntax(".p12", NULL, "PKCS#12");
499 register_ber_oid_syntax(".pfx", NULL, "PKCS#12");
503 /*--- proto_reg_handoff_pkcs12 -------------------------------------------*/
504 void proto_reg_handoff_pkcs12(void) {
505 #include "packet-pkcs12-dis-tab.c"
507 register_ber_oid_dissector("1.2.840.113549.1.9.22.1", dissect_X509Certificate_OCTETSTRING_PDU, proto_pkcs12, "x509Certificate");