x509af: dissect subjectPublicKey for RSA

The subjectPublicKey field of a Certificate (TBSCertificate) is defined as type BIT STRING. The actual contents depend on the Algorithm Identifier which is preceding the subjectPublicKey field. This patch adds support for dissection of the public key for RSA public keys which show up below the subjectPublicKey tree: subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082010a0282010100b7c769e2d0eacaeb929fc08238a9ff... modulus : 0x00b7c769e2d0eacaeb929fc08238a9ffc59cab39c28a2e26... publicExponent: 65537 Change-Id: Ib92645433b0a0078a947ff0ac26c5e6a64877b93 Reviewed-on: https://code.wireshark.org/review/10967 Reviewed-by: Martin Kaiser <wireshark@kaiser.cx> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
author: Peter Wu <peter@lekensteyn.nl> 2015-09-15 23:24:26 +0200
committer: Michael Mann <mmann78@netscape.net> 2015-10-18 03:30:21 +0000
commit: 317af2c68ce1db0599fb0082cf454a451ff74c20 (patch)
tree: 6abe0d7fab3d0483f43acdfc78fe7673d06f2703
parent: 48d46e67fd7938262df658c0b459e2e926faa9ab (diff)
5 files changed, 73 insertions, 17 deletions
diff --git a/asn1/pkcs1/pkcs1.cnf b/asn1/pkcs1/pkcs1.cnf
index 8990fe7e79..a332955f78 100644
--- a/asn1/pkcs1/pkcs1.cnf
+++ b/asn1/pkcs1/pkcs1.cnf
@@ -31,6 +31,9 @@ ECPoint
 DSA-Sig-Value
 ECDSA-Sig-Value
 
+#.TYPE_ATTR
+RSAPublicKey/modulus TYPE = FT_BYTES  DISPLAY = BASE_NONE
+
 #.END
 
 
diff --git a/asn1/x509af/packet-x509af-template.c b/asn1/x509af/packet-x509af-template.c
index c6941421d2..5ce49b3312 100644
--- a/asn1/x509af/packet-x509af-template.c
+++ b/asn1/x509af/packet-x509af-template.c
@@ -33,6 +33,7 @@
 #include "packet-x509if.h"
 #include "packet-x509sat.h"
 #include "packet-ldap.h"
+#include "packet-pkcs1.h"
 #if defined(HAVE_LIBGNUTLS)
 #include <gnutls/gnutls.h>
 #endif
diff --git a/asn1/x509af/x509af.cnf b/asn1/x509af/x509af.cnf
index 5c98d6dbaf..8c299cef6d 100644
--- a/asn1/x509af/x509af.cnf
+++ b/asn1/x509af/x509af.cnf
@@ -87,6 +87,32 @@ CertificateList/signedCertificateList/revokedCertificates/_item/userCertificate
   x509af_export_publickey(tvb, actx, orig_offset, offset - orig_offset);
 #.END
 
+#.FN_BODY SubjectPublicKeyInfo/subjectPublicKey
+  tvbuff_t *bs_tvb;
+# proto_tree *subtree;
+
+  dissect_ber_bitstring(FALSE, actx, NULL, tvb, offset,
+                        NULL, -1, -1, &bs_tvb);
+
+  /* See RFC 3279 for possible subjectPublicKey values given an Algorithm ID.
+   * The contents of subjectPublicKey are always explicitly tagged. */
+  if (!strcmp(algorithm_id, "1.2.840.113549.1.1.1")) { /* id-rsa */
+    offset += dissect_pkcs1_RSAPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index);
+
+# TODO: PKCS#1 only defines RSA; DH and DSA are from PKIX1Algorithms2008
+# } else if (!strcmp(algorithm_id, "1.2.840.10040.4.1")) { /* id-dsa */
+#   subtree = proto_item_add_subtree(actx->created_item, ett_subjectpublickey);
+#   offset += dissect_DSAPublicKey(FALSE, bs_tvb, 0, actx, subtree, hf_dsa_y);
+#
+# } else if (!strcmp(algorithm_id, "1.2.840.10046.2.1")) { /* dhpublicnumber */
+#   subtree = proto_item_add_subtree(actx->created_item, ett_subjectpublickey);
+#   offset += dissect_DHPublicKey(FALSE, bs_tvb, 0, actx, subtree, hf_dh_y);
+#
+  } else {
+    offset = dissect_ber_bitstring(FALSE, actx, tree, tvb, offset,
+                                   NULL, hf_index, -1, NULL);
+  }
+
 #.FN_PARS Extension/extnId
   FN_VARIANT = _str  HF_INDEX = hf_x509af_extension_id  VAL_PTR = &actx->external.direct_reference
 
diff --git a/epan/dissectors/packet-pkcs1.c b/epan/dissectors/packet-pkcs1.c
index af1d2ce813..66779f1578 100644
--- a/epan/dissectors/packet-pkcs1.c
+++ b/epan/dissectors/packet-pkcs1.c
@@ -380,7 +380,7 @@ void proto_register_pkcs1(void) {
         NULL, HFILL }},
     { &hf_pkcs1_modulus,
       { "modulus", "pkcs1.modulus",
-        FT_INT32, BASE_DEC, NULL, 0,
+        FT_BYTES, BASE_NONE, NULL, 0,
         "INTEGER", HFILL }},
     { &hf_pkcs1_publicExponent,
       { "publicExponent", "pkcs1.publicExponent",
diff --git a/epan/dissectors/packet-x509af.c b/epan/dissectors/packet-x509af.c
index a5e686ca82..d4554f2373 100644
--- a/epan/dissectors/packet-x509af.c
+++ b/epan/dissectors/packet-x509af.c
@@ -41,6 +41,7 @@
 #include "packet-x509if.h"
 #include "packet-x509sat.h"
 #include "packet-ldap.h"
+#include "packet-pkcs1.h"
 #if defined(HAVE_LIBGNUTLS)
 #include <gnutls/gnutls.h>
 #endif
@@ -83,7 +84,7 @@ static int hf_x509af_parameters = -1;             /* T_parameters */
 static int hf_x509af_notBefore = -1;              /* Time */
 static int hf_x509af_notAfter = -1;               /* Time */
 static int hf_x509af_algorithm = -1;              /* AlgorithmIdentifier */
-static int hf_x509af_subjectPublicKey = -1;       /* BIT_STRING */
+static int hf_x509af_subjectPublicKey = -1;       /* T_subjectPublicKey */
 static int hf_x509af_utcTime = -1;                /* UTCTime */
 static int hf_x509af_generalizedTime = -1;        /* GeneralizedTime */
 static int hf_x509af_Extensions_item = -1;        /* Extension */
@@ -135,7 +136,7 @@ static int hf_x509af_q = -1;                      /* INTEGER */
 static int hf_x509af_g = -1;                      /* INTEGER */
 
 /*--- End of included file: packet-x509af-hf.c ---*/
-#line 52 "../../asn1/x509af/packet-x509af-template.c"
+#line 53 "../../asn1/x509af/packet-x509af-template.c"
 
 /* Initialize the subtree pointers */
 static gint ett_pkix_crl = -1;
@@ -176,7 +177,7 @@ static gint ett_x509af_SET_OF_AttributeType = -1;
 static gint ett_x509af_DSS_Params = -1;
 
 /*--- End of included file: packet-x509af-ett.c ---*/
-#line 56 "../../asn1/x509af/packet-x509af-template.c"
+#line 57 "../../asn1/x509af/packet-x509af-template.c"
 static const char *algorithm_id;
 static void
 x509af_export_publickey(tvbuff_t *tvb, asn1_ctx_t *actx, int offset, int len);
@@ -328,7 +329,7 @@ static const ber_choice_t SubjectName_choice[] = {
 
 static int
 dissect_x509af_SubjectName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 115 "../../asn1/x509af/x509af.cnf"
+#line 141 "../../asn1/x509af/x509af.cnf"
 
   const char* str;
     offset = dissect_ber_choice(actx, tree, tvb, offset,
@@ -347,10 +348,24 @@ dissect_x509af_SubjectName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
 
 
 static int
-dissect_x509af_BIT_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-  offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
-                                    NULL, hf_index, -1,
-                                    NULL);
+dissect_x509af_T_subjectPublicKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+#line 91 "../../asn1/x509af/x509af.cnf"
+  tvbuff_t *bs_tvb;
+
+  dissect_ber_bitstring(FALSE, actx, NULL, tvb, offset,
+                        NULL, -1, -1, &bs_tvb);
+
+  /* See RFC 3279 for possible subjectPublicKey values given an Algorithm ID.
+   * The contents of subjectPublicKey are always explicitly tagged. */
+  if (!strcmp(algorithm_id, "1.2.840.113549.1.1.1")) { /* id-rsa */
+    offset += dissect_pkcs1_RSAPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index);
+
+  } else {
+    offset = dissect_ber_bitstring(FALSE, actx, tree, tvb, offset,
+                                   NULL, hf_index, -1, NULL);
+  }
+
+
 
   return offset;
 }
@@ -358,7 +373,7 @@ dissect_x509af_BIT_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs
 
 static const ber_sequence_t SubjectPublicKeyInfo_sequence[] = {
   { &hf_x509af_algorithm    , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509af_AlgorithmIdentifier },
-  { &hf_x509af_subjectPublicKey, BER_CLASS_UNI, BER_UNI_TAG_BITSTRING, BER_FLAGS_NOOWNTAG, dissect_x509af_BIT_STRING },
+  { &hf_x509af_subjectPublicKey, BER_CLASS_UNI, BER_UNI_TAG_BITSTRING, BER_FLAGS_NOOWNTAG, dissect_x509af_T_subjectPublicKey },
   { NULL, 0, 0, 0, NULL }
 };
 
@@ -380,7 +395,7 @@ dissect_x509af_SubjectPublicKeyInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_
 
 static int
 dissect_x509af_T_extnId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 94 "../../asn1/x509af/x509af.cnf"
+#line 120 "../../asn1/x509af/x509af.cnf"
   const char *name;
 
     offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_x509af_extension_id, &actx->external.direct_reference);
@@ -410,7 +425,7 @@ dissect_x509af_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
 
 static int
 dissect_x509af_T_extnValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 105 "../../asn1/x509af/x509af.cnf"
+#line 131 "../../asn1/x509af/x509af.cnf"
   gint8 ber_class;
   gboolean pc, ind;
   gint32 tag;
@@ -478,6 +493,17 @@ dissect_x509af_T_signedCertificate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
 }
 
 
+
+static int
+dissect_x509af_BIT_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
+                                    NULL, hf_index, -1,
+                                    NULL);
+
+  return offset;
+}
+
+
 static const ber_sequence_t Certificate_sequence[] = {
   { &hf_x509af_signedCertificate, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509af_T_signedCertificate },
   { &hf_x509af_algorithmIdentifier, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509af_AlgorithmIdentifier },
@@ -907,7 +933,7 @@ static int dissect_DSS_Params_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, pro
 
 
 /*--- End of included file: packet-x509af-fn.c ---*/
-#line 60 "../../asn1/x509af/packet-x509af-template.c"
+#line 61 "../../asn1/x509af/packet-x509af-template.c"
 
 /* Exports the SubjectPublicKeyInfo structure as gnutls_datum_t.
  * actx->private_data is assumed to be a gnutls_datum_t pointer which will be
@@ -1062,7 +1088,7 @@ void proto_register_x509af(void) {
     { &hf_x509af_subjectPublicKey,
       { "subjectPublicKey", "x509af.subjectPublicKey",
         FT_BYTES, BASE_NONE, NULL, 0,
-        "BIT_STRING", HFILL }},
+        NULL, HFILL }},
     { &hf_x509af_utcTime,
       { "utcTime", "x509af.utcTime",
         FT_STRING, BASE_NONE, NULL, 0,
@@ -1261,7 +1287,7 @@ void proto_register_x509af(void) {
         "INTEGER", HFILL }},
 
 /*--- End of included file: packet-x509af-hfarr.c ---*/
-#line 113 "../../asn1/x509af/packet-x509af-template.c"
+#line 114 "../../asn1/x509af/packet-x509af-template.c"
   };
 
   /* List of subtrees */
@@ -1304,7 +1330,7 @@ void proto_register_x509af(void) {
     &ett_x509af_DSS_Params,
 
 /*--- End of included file: packet-x509af-ettarr.c ---*/
-#line 119 "../../asn1/x509af/packet-x509af-template.c"
+#line 120 "../../asn1/x509af/packet-x509af-template.c"
   };
 
   /* Register protocol */
@@ -1347,7 +1373,7 @@ void proto_reg_handoff_x509af(void) {
 
 
 /*--- End of included file: packet-x509af-dis-tab.c ---*/
-#line 147 "../../asn1/x509af/packet-x509af-template.c"
+#line 148 "../../asn1/x509af/packet-x509af-template.c"
 
 	/*XXX these should really go to a better place but since
 	  I have not that ITU standard, I'll put it here for the time
author	Peter Wu <peter@lekensteyn.nl>	2015-09-15 23:24:26 +0200
committer	Michael Mann <mmann78@netscape.net>	2015-10-18 03:30:21 +0000
commit	317af2c68ce1db0599fb0082cf454a451ff74c20 (patch)
tree	6abe0d7fab3d0483f43acdfc78fe7673d06f2703
parent	48d46e67fd7938262df658c0b459e2e926faa9ab (diff)