diff options
author | João Valverde <joao.valverde@tecnico.ulisboa.pt> | 2016-03-09 03:17:51 +0000 |
---|---|---|
committer | João Valverde <j@v6e.pt> | 2016-03-13 21:30:24 +0000 |
commit | 54a520d4a1151c68d0b4e5f09a8d82466fa499f3 (patch) | |
tree | 7aacae160382098ce651ac862a5dfd5de4beff94 /asn1/pkcs12 | |
parent | c1f3c935bdd33090c87f0d2f84842ce9729b747a (diff) |
Move /asn1 to /epan/dissectors
Change-Id: I1208fe3c2ba428995526f561e8f792b8d871e9a9
Reviewed-on: https://code.wireshark.org/review/14388
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
Diffstat (limited to 'asn1/pkcs12')
-rw-r--r-- | asn1/pkcs12/CMakeLists.txt | 54 | ||||
-rw-r--r-- | asn1/pkcs12/Makefile.am | 23 | ||||
-rw-r--r-- | asn1/pkcs12/Makefile.common | 56 | ||||
-rw-r--r-- | asn1/pkcs12/Makefile.nmake | 26 | ||||
-rw-r--r-- | asn1/pkcs12/packet-pkcs12-template.c | 512 | ||||
-rw-r--r-- | asn1/pkcs12/packet-pkcs12-template.h | 31 | ||||
-rw-r--r-- | asn1/pkcs12/pkcs12.asn | 275 | ||||
-rw-r--r-- | asn1/pkcs12/pkcs12.cnf | 159 |
8 files changed, 0 insertions, 1136 deletions
diff --git a/asn1/pkcs12/CMakeLists.txt b/asn1/pkcs12/CMakeLists.txt deleted file mode 100644 index f805707a7c..0000000000 --- a/asn1/pkcs12/CMakeLists.txt +++ /dev/null @@ -1,54 +0,0 @@ -# CMakeLists.txt -# -# Wireshark - Network traffic analyzer -# By Gerald Combs <gerald@wireshark.org> -# Copyright 1998 Gerald Combs -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# - -set( PROTOCOL_NAME pkcs12 ) - -set( PROTO_OPT ) - -set( EXT_ASN_FILE_LIST -) - -set( ASN_FILE_LIST - ${PROTOCOL_NAME}.asn -) - -set( EXTRA_DIST - ${ASN_FILE_LIST} - packet-${PROTOCOL_NAME}-template.c - packet-${PROTOCOL_NAME}-template.h - ${PROTOCOL_NAME}.cnf -) - -set( SRC_FILES - ${EXTRA_DIST} - ${EXT_ASN_FILE_LIST} -) - -set( A2W_FLAGS -b ) - -set( EXTRA_CNF - "${CMAKE_CURRENT_BINARY_DIR}/../x509if/x509if-exp.cnf" - "${CMAKE_CURRENT_BINARY_DIR}/../x509af/x509af-exp.cnf" - "${CMAKE_CURRENT_BINARY_DIR}/../cms/cms-exp.cnf" -) - -ASN2WRS() - diff --git a/asn1/pkcs12/Makefile.am b/asn1/pkcs12/Makefile.am deleted file mode 100644 index 72d28e600b..0000000000 --- a/asn1/pkcs12/Makefile.am +++ /dev/null @@ -1,23 +0,0 @@ -# Wireshark - Network traffic analyzer -# By Gerald Combs <gerald@wireshark.org> -# Copyright 1998 Gerald Combs -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - -include ../Makefile.preinc -include Makefile.common -include ../Makefile.inc - diff --git a/asn1/pkcs12/Makefile.common b/asn1/pkcs12/Makefile.common deleted file mode 100644 index 04226bb180..0000000000 --- a/asn1/pkcs12/Makefile.common +++ /dev/null @@ -1,56 +0,0 @@ -# Wireshark - Network traffic analyzer -# By Gerald Combs <gerald@wireshark.org> -# Copyright 1998 Gerald Combs -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - -PROTOCOL_NAME=pkcs12 - -EXT_ASN_FILE_LIST = - -ASN_FILE_LIST = \ - $(PROTOCOL_NAME).asn - -# The packet-$(PROTOCOL_NAME)-template.h and $(PROTOCOL_NAME).asn -# files do not exist for all protocols: Please add/remove as required. -EXTRA_DIST = \ - $(EXTRA_DIST_COMMON) \ - $(ASN_FILE_LIST) \ - packet-$(PROTOCOL_NAME)-template.c \ - packet-$(PROTOCOL_NAME)-template.h \ - $(PROTOCOL_NAME).cnf - -SRC_FILES = \ - $(EXTRA_DIST) \ - $(EXT_ASN_FILE_LIST) - -A2W_FLAGS= -b - -# Note the order here is important, cms needs at least x509af-exp to be generated first -EXTRA_CNF= \ - $(builddir)/../x509if/x509if-exp.cnf \ - $(builddir)/../x509af/x509af-exp.cnf \ - $(builddir)/../cms/cms-exp.cnf - -$(builddir)/../cms/cms-exp.cnf: - (cd $(builddir)/../cms && $(MAKE_CNF_EXPORT)) - -$(builddir)/../x509af/x509af-exp.cnf: - (cd $(builddir)/../x509af && $(MAKE_CNF_EXPORT)) - -$(builddir)/../x509if/x509if-exp.cnf: - (cd $(builddir)/../x509if && $(MAKE_CNF_EXPORT)) - diff --git a/asn1/pkcs12/Makefile.nmake b/asn1/pkcs12/Makefile.nmake deleted file mode 100644 index fc70f2382f..0000000000 --- a/asn1/pkcs12/Makefile.nmake +++ /dev/null @@ -1,26 +0,0 @@ -## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake -# -# Wireshark - Network traffic analyzer -# By Gerald Combs <gerald@wireshark.org> -# Copyright 1998 Gerald Combs -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - -include ../../config.nmake -include ../Makefile.preinc.nmake -include Makefile.common -include ../Makefile.inc.nmake - diff --git a/asn1/pkcs12/packet-pkcs12-template.c b/asn1/pkcs12/packet-pkcs12-template.c deleted file mode 100644 index 18814039b2..0000000000 --- a/asn1/pkcs12/packet-pkcs12-template.c +++ /dev/null @@ -1,512 +0,0 @@ -/* packet-pkcs12.c - * Routines for PKCS#12: Personal Information Exchange packet dissection - * Graeme Lunt 2006 - * - * See "PKCS #12 v1.1: Personal Information Exchange Syntax": - * - * http://www.emc.com/emc-plus/rsa-labs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf - * - * Wireshark - Network traffic analyzer - * By Gerald Combs <gerald@wireshark.org> - * Copyright 1998 Gerald Combs - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#include "config.h" - -#include <epan/packet.h> -#include <epan/expert.h> -#include <epan/oids.h> -#include <epan/asn1.h> -#include <epan/prefs.h> - -#include "packet-ber.h" -#include "packet-pkcs12.h" -#include "packet-x509af.h" -#include "packet-x509if.h" -#include "packet-cms.h" - -#include <wsutil/wsgcrypt.h> - -#define PNAME "PKCS#12: Personal Information Exchange" -#define PSNAME "PKCS12" -#define PFNAME "pkcs12" - -#define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1" -#define PKCS12_PBE_3DES_SHA1_OID "1.2.840.113549.1.12.1.3" -#define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6" - -void proto_register_pkcs12(void); -void proto_reg_handoff_pkcs12(void); - -/* Initialize the protocol and registered fields */ -static int proto_pkcs12 = -1; - -static int hf_pkcs12_X509Certificate_PDU = -1; -static int hf_pkcs12_AuthenticatedSafe_PDU = -1; /* AuthenticatedSafe */ -static gint ett_decrypted_pbe = -1; - -static expert_field ei_pkcs12_octet_string_expected = EI_INIT; - - -static const char *object_identifier_id = NULL; -static int iteration_count = 0; -static tvbuff_t *salt = NULL; -static const char *password = NULL; -static gboolean try_null_password = FALSE; - -static int dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data); -static int dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data); -static int dissect_PrivateKeyInfo_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); - -#include "packet-pkcs12-hf.c" - -/* Initialize the subtree pointers */ -#include "packet-pkcs12-ett.c" - -static void append_oid(proto_tree *tree, const char *oid) -{ - const char *name = NULL; - - name = oid_resolved_from_string(wmem_packet_scope(), oid); - proto_item_append_text(tree, " (%s)", name ? name : oid); -} - -#ifdef HAVE_LIBGCRYPT - -static int -generate_key_or_iv(unsigned int id, tvbuff_t *salt_tvb, unsigned int iter, - const char *pw, unsigned int req_keylen, char * keybuf) -{ - int rc; - unsigned int i, j; - gcry_md_hd_t md; - gcry_mpi_t num_b1 = NULL; - size_t pwlen; - char hash[20], buf_b[64], buf_i[128], *p; - char *salt_p; - int salt_size; - size_t cur_keylen; - size_t n; - gcry_error_t err; - - cur_keylen = 0; - - salt_size = tvb_captured_length(salt_tvb); - salt_p = (char *)tvb_memdup(wmem_packet_scope(), salt_tvb, 0, salt_size); - - if (pw == NULL) - pwlen = 0; - else - pwlen = strlen(pw); - - if (pwlen > 63 / 2) - { - return FALSE; - } - - /* Store salt and password in BUF_I */ - p = buf_i; - for (i = 0; i < 64; i++) - *p++ = salt_p[i % salt_size]; - if (pw) - { - for (i = j = 0; i < 64; i += 2) - { - *p++ = 0; - *p++ = pw[j]; - if (++j > pwlen) /* Note, that we include the trailing zero */ - j = 0; - } - } - else - memset (p, 0, 64); - - for (;;) { - err = gcry_md_open(&md, GCRY_MD_SHA1, 0); - if (gcry_err_code(err)) - { - return FALSE; - } - for (i = 0; i < 64; i++) - { - unsigned char lid = id & 0xFF; - gcry_md_write (md, &lid, 1); - } - - gcry_md_write(md, buf_i, pw ? 128 : 64); - - gcry_md_final (md); - memcpy (hash, gcry_md_read (md, 0), 20); - - gcry_md_close (md); - - for (i = 1; i < iter; i++) - gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20); - - for (i = 0; i < 20 && cur_keylen < req_keylen; i++) - keybuf[cur_keylen++] = hash[i]; - - if (cur_keylen == req_keylen) - { - gcry_mpi_release (num_b1); - return TRUE; /* ready */ - } - - /* need more bytes. */ - for (i = 0; i < 64; i++) - buf_b[i] = hash[i % 20]; - - n = 64; - - rc = gcry_mpi_scan (&num_b1, GCRYMPI_FMT_USG, buf_b, n, &n); - - if (rc != 0) - { - return FALSE; - } - - gcry_mpi_add_ui (num_b1, num_b1, 1); - - for (i = 0; i < 128; i += 64) - { - gcry_mpi_t num_ij; - - n = 64; - rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, n, &n); - - if (rc != 0) - { - return FALSE; - } - - gcry_mpi_add (num_ij, num_ij, num_b1); - gcry_mpi_clear_highbit (num_ij, 64 * 8); - - n = 64; - - rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, n, &n, num_ij); - if (rc != 0) - { - return FALSE; - } - - gcry_mpi_release (num_ij); - } - } -} - -#endif - -void PBE_reset_parameters(void) -{ - iteration_count = 0; - salt = NULL; -} - -int PBE_decrypt_data(const char *object_identifier_id_param _U_, tvbuff_t *encrypted_tvb _U_, asn1_ctx_t *actx _U_, proto_item *item _U_) -{ -#ifdef HAVE_LIBGCRYPT - const char *encryption_algorithm; - gcry_cipher_hd_t cipher; - gcry_error_t err; - int algo; - int mode; - int ivlen = 0; - int keylen = 0; - int datalen = 0; - char *key = NULL; - char *iv = NULL; - char *clear_data = NULL; - tvbuff_t *clear_tvb = NULL; - const gchar *oidname; - GString *name; - proto_tree *tree; - char byte; - gboolean decrypt_ok = TRUE; - - if(((password == NULL) || (*password == '\0')) && (try_null_password == FALSE)) { - /* we are not configured to decrypt */ - return FALSE; - } - - encryption_algorithm = x509af_get_last_algorithm_id(); - - /* these are the only encryption schemes we understand for now */ - if(!strcmp(encryption_algorithm, PKCS12_PBE_3DES_SHA1_OID)) { - ivlen = 8; - keylen = 24; - algo = GCRY_CIPHER_3DES; - mode = GCRY_CIPHER_MODE_CBC; - } else if(!strcmp(encryption_algorithm, PKCS12_PBE_ARCFOUR_SHA1_OID)) { - ivlen = 0; - keylen = 16; - algo = GCRY_CIPHER_ARCFOUR; - mode = GCRY_CIPHER_MODE_NONE; - } else if(!strcmp(encryption_algorithm, PKCS12_PBE_RC2_40_SHA1_OID)) { - ivlen = 8; - keylen = 5; - algo = GCRY_CIPHER_RFC2268_40; - mode = GCRY_CIPHER_MODE_CBC; - } else { - /* we don't know how to decrypt this */ - - proto_item_append_text(item, " [Unsupported encryption algorithm]"); - return FALSE; - } - - if((iteration_count == 0) || (salt == NULL)) { - proto_item_append_text(item, " [Insufficient parameters]"); - return FALSE; - } - - /* allocate buffers */ - key = (char *)wmem_alloc(wmem_packet_scope(), keylen); - - if(!generate_key_or_iv(1 /*LEY */, salt, iteration_count, password, keylen, key)) - return FALSE; - - if(ivlen) { - - iv = (char *)wmem_alloc(wmem_packet_scope(), ivlen); - - if(!generate_key_or_iv(2 /* IV */, salt, iteration_count, password, ivlen, iv)) - return FALSE; - } - - /* now try an internal function */ - err = gcry_cipher_open(&cipher, algo, mode, 0); - if (gcry_err_code (err)) - return FALSE; - - err = gcry_cipher_setkey (cipher, key, keylen); - if (gcry_err_code (err)) { - gcry_cipher_close (cipher); - return FALSE; - } - - if(ivlen) { - err = gcry_cipher_setiv (cipher, iv, ivlen); - if (gcry_err_code (err)) { - gcry_cipher_close (cipher); - return FALSE; - } - } - - datalen = tvb_captured_length(encrypted_tvb); - clear_data = (char *)g_malloc(datalen); - - err = gcry_cipher_decrypt (cipher, clear_data, datalen, (char *)tvb_memdup(wmem_packet_scope(), encrypted_tvb, 0, datalen), datalen); - if (gcry_err_code (err)) { - - proto_item_append_text(item, " [Failed to decrypt with password preference]"); - - gcry_cipher_close (cipher); - g_free(clear_data); - return FALSE; - } - - gcry_cipher_close (cipher); - - /* We don't know if we have successfully decrypted the data or not so we: - a) check the trailing bytes - b) see if we start with a sequence or a set (is this too constraining? - */ - - /* first the trailing bytes */ - byte = clear_data[datalen-1]; - if(byte <= 0x08) { - int i; - - for(i = (int)byte; i > 0 ; i--) { - if(clear_data[datalen - i] != byte) { - decrypt_ok = FALSE; - break; - } - } - } else { - /* XXX: is this a failure? */ - } - - /* we assume the result is ASN.1 - check it is a SET or SEQUENCE */ - byte = clear_data[0]; - if((byte != 0x30) && (byte != 0x31)) { /* do we need more here? OCTET STRING? */ - decrypt_ok = FALSE; - } - - if(!decrypt_ok) { - g_free(clear_data); - proto_item_append_text(item, " [Failed to decrypt with supplied password]"); - - return FALSE; - } - - proto_item_append_text(item, " [Decrypted successfully]"); - - tree = proto_item_add_subtree(item, ett_decrypted_pbe); - - /* OK - so now clear_data contains the decrypted data */ - - clear_tvb = tvb_new_child_real_data(encrypted_tvb,(const guint8 *)clear_data, datalen, datalen); - tvb_set_free_cb(clear_tvb, g_free); - - name = g_string_new(""); - oidname = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id_param); - g_string_printf(name, "Decrypted %s", oidname ? oidname : object_identifier_id_param); - - /* add it as a new source */ - add_new_data_source(actx->pinfo, clear_tvb, name->str); - - g_string_free(name, TRUE); - - /* now try and decode it */ - call_ber_oid_callback(object_identifier_id_param, clear_tvb, 0, actx->pinfo, tree, NULL); - - return TRUE; -#else - /* we cannot decrypt */ - return FALSE; - -#endif -} - -#include "packet-pkcs12-fn.c" - -static int strip_octet_string(tvbuff_t *tvb) -{ - gint8 ber_class; - gboolean pc, ind; - gint32 tag; - guint32 len; - int offset = 0; - - /* PKCS#7 encodes the content as OCTET STRING, whereas CMS is just any ANY */ - /* if we use CMS (rather than PKCS#7) - which we are - we need to strip the OCTET STRING tag */ - /* before proceeding */ - - offset = get_ber_identifier(tvb, 0, &ber_class, &pc, &tag); - offset = get_ber_length(tvb, offset, &len, &ind); - - if((ber_class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_OCTETSTRING)) - return offset; - - return 0; - -} - -static int dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) { - int offset = 0; - asn1_ctx_t asn1_ctx; - asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); - - if((offset = strip_octet_string(tvb)) > 0) - dissect_pkcs12_AuthenticatedSafe(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_AuthenticatedSafe_PDU); - else - proto_tree_add_expert(tree, pinfo, &ei_pkcs12_octet_string_expected, tvb, 0, 1); - return tvb_captured_length(tvb); -} - -static int dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) -{ - int offset = 0; - asn1_ctx_t asn1_ctx; - asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); - - offset = strip_octet_string(tvb); - - dissect_pkcs12_SafeContents(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_SafeContents_PDU); - return tvb_captured_length(tvb); -} - -static int dissect_X509Certificate_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) -{ - int offset = 0; - asn1_ctx_t asn1_ctx; - asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); - - if((offset = strip_octet_string(tvb)) > 0) - dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_X509Certificate_PDU); - else - proto_tree_add_expert(tree, pinfo, &ei_pkcs12_octet_string_expected, tvb, 0, 1); - - return tvb_captured_length(tvb); -} - -/*--- proto_register_pkcs12 ----------------------------------------------*/ -void proto_register_pkcs12(void) { - - /* List of fields */ - static hf_register_info hf[] = { - { &hf_pkcs12_X509Certificate_PDU, - { "X509Certificate", "pkcs12.X509Certificate", - FT_NONE, BASE_NONE, NULL, 0, - "pkcs12.X509Certificate", HFILL }}, - { &hf_pkcs12_AuthenticatedSafe_PDU, - { "AuthenticatedSafe", "pkcs12.AuthenticatedSafe", - FT_UINT32, BASE_DEC, NULL, 0, - NULL, HFILL }}, - -#include "packet-pkcs12-hfarr.c" - }; - - /* List of subtrees */ - static gint *ett[] = { - &ett_decrypted_pbe, -#include "packet-pkcs12-ettarr.c" - }; - static ei_register_info ei[] = { - { &ei_pkcs12_octet_string_expected, { "pkcs12.octet_string_expected", PI_PROTOCOL, PI_WARN, "BER Error: OCTET STRING expected", EXPFILL }}, - }; - - module_t *pkcs12_module; - expert_module_t* expert_pkcs12; - - /* Register protocol */ - proto_pkcs12 = proto_register_protocol(PNAME, PSNAME, PFNAME); - - /* Register fields and subtrees */ - proto_register_field_array(proto_pkcs12, hf, array_length(hf)); - proto_register_subtree_array(ett, array_length(ett)); - expert_pkcs12 = expert_register_protocol(proto_pkcs12); - expert_register_field_array(expert_pkcs12, ei, array_length(ei)); - - /* Register preferences */ - pkcs12_module = prefs_register_protocol(proto_pkcs12, NULL); - - prefs_register_string_preference(pkcs12_module, "password", - "Password to decrypt the file with", - "The password to used to decrypt the encrypted elements within" - " the PKCS#12 file", &password); - - prefs_register_bool_preference(pkcs12_module, "try_null_password", - "Try to decrypt with a empty password", - "Whether to try and decrypt the encrypted data within the" - " PKCS#12 with a NULL password", &try_null_password); - - register_ber_syntax_dissector("PKCS#12", proto_pkcs12, dissect_PFX_PDU); - register_ber_oid_syntax(".p12", NULL, "PKCS#12"); - register_ber_oid_syntax(".pfx", NULL, "PKCS#12"); -} - - -/*--- proto_reg_handoff_pkcs12 -------------------------------------------*/ -void proto_reg_handoff_pkcs12(void) { -#include "packet-pkcs12-dis-tab.c" - - register_ber_oid_dissector("1.2.840.113549.1.9.22.1", dissect_X509Certificate_OCTETSTRING_PDU, proto_pkcs12, "x509Certificate"); - -} - diff --git a/asn1/pkcs12/packet-pkcs12-template.h b/asn1/pkcs12/packet-pkcs12-template.h deleted file mode 100644 index 4183ca2721..0000000000 --- a/asn1/pkcs12/packet-pkcs12-template.h +++ /dev/null @@ -1,31 +0,0 @@ -/* packet-pkcs12.h - * Routines for PKCS#12 Personal Information Exchange packet dissection - * Graeme Lunt 2006 - * - * Wireshark - Network traffic analyzer - * By Gerald Combs <gerald@wireshark.org> - * Copyright 1998 Gerald Combs - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#ifndef PACKET_PKCS12_H -#define PACKET_PKCS12_H - -void PBE_reset_parameters(void); -int PBE_decrypt_data(const char *object_identifier_id, tvbuff_t *encrypted_tvb, asn1_ctx_t *actx, proto_item *item); - -#endif /* PACKET_PKCS12_H */ - diff --git a/asn1/pkcs12/pkcs12.asn b/asn1/pkcs12/pkcs12.asn deleted file mode 100644 index b55e718b6e..0000000000 --- a/asn1/pkcs12/pkcs12.asn +++ /dev/null @@ -1,275 +0,0 @@ -PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) - pkcs-12(12) modules(0) pkcs-12(1)} - -DEFINITIONS IMPLICIT TAGS ::= - -BEGIN - --- EXPORTS ALL --- All types and values defined in this module is exported for use in --- other ASN.1 modules. - -IMPORTS - -informationFramework - FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) - usefulDefinitions(0) 3} - -Attribute - FROM InformationFramework informationFramework - -ContentInfo, --DigestInfo-- Digest, DigestAlgorithmIdentifier - FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)} - ---PrivateKeyInfo, EncryptedPrivateKeyInfo --- FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) --- pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)} --- ---pkcs-9, friendlyName, localKeyId, certTypes, crlTypes --- FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) --- pkcs(1) pkcs-9(9) modules(0) pkcs-9(1) };-- - --- A PKCS#8 IMPORT from below -AlgorithmIdentifier, ALGORITHM-IDENTIFIER - FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)}; - - --- Object identifiers - ---rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)} ---pkcs OBJECT IDENTIFIER ::= {rsadsi pkcs(1)} ---pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12} ---pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} ---pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} ---pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} ---pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} ---pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} ---pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} ---pbewithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} - ---bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1} - --- The PFX PDU - -PFX ::= SEQUENCE { - version INTEGER {v3(3)}(v3,...), - authSafe ContentInfo, - macData MacData OPTIONAL -} - -MacData ::= SEQUENCE { - mac DigestInfo, - macSalt OCTET STRING, - iterations INTEGER DEFAULT 1 --- Note: The default is for historical reasons and its use is --- deprecated. A higher value, like 1024 is recommended. -} - --- Imported from PKCS#7 -DigestInfo ::= SEQUENCE { - digestAlgorithm DigestAlgorithmIdentifier, - digest Digest -} - -AuthenticatedSafe ::= SEQUENCE OF ContentInfo - -- Data if unencrypted - -- EncryptedData if password-encrypted - -- EnvelopedData if public key-encrypted - -SafeContents ::= SEQUENCE OF SafeBag - -SafeBag ::= SEQUENCE { - bagId -- BAG-TYPE.&id ({PKCS12BagSet}) -- OBJECT IDENTIFIER, - bagValue [0] EXPLICIT --BAG-TYPE.&Type({PKCS12BagSet}{@bagId}) -- ANY, - bagAttributes SET OF PKCS12Attribute OPTIONAL -} - --- Bag types - ---keyBag BAG-TYPE ::= --- {KeyBag IDENTIFIED BY {bagtypes 1}} ---pkcs8ShroudedKeyBag BAG-TYPE ::= --- {PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}} ---certBag BAG-TYPE ::= --- {CertBag IDENTIFIED BY {bagtypes 3}} ---crlBag BAG-TYPE ::= --- {CRLBag IDENTIFIED BY {bagtypes 4}} ---secretBag BAG-TYPE ::= --- {SecretBag IDENTIFIED BY {bagtypes 5}} ---safeContentsBag BAG-TYPE ::= --- {SafeContents IDENTIFIED BY {bagtypes 6}} - ---PKCS12BagSet BAG-TYPE ::= { --- keyBag | --- pkcs8ShroudedKeyBag | --- certBag | --- crlBag | --- secretBag | --- safeContentsBag, --- ... - - For future extensions ---} - ---BAG-TYPE ::= TYPE-IDENTIFIER - --- KeyBag - -KeyBag ::= PrivateKeyInfo - --- Shrouded KeyBag - -PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo - --- CertBag - -CertBag ::= SEQUENCE { - certId --BAG-TYPE.&id ({CertTypes}) -- OBJECT IDENTIFIER, - certValue [0] EXPLICIT --BAG-TYPE.&Type ({CertTypes}{@certId})-- ANY -} - ---x509Certificate BAG-TYPE ::= --- {OCTET STRING IDENTIFIED BY {certTypes 1}} - -- DER-encoded X.509 certificate stored in OCTET STRING ---sdsiCertificate BAG-TYPE ::= --- {IA5String IDENTIFIED BY {certTypes 2}} - -- Base64-encoded SDSI certificate stored in IA5String - ---CertTypes BAG-TYPE ::= { --- x509Certificate | --- sdsiCertificate, --- ... - - For future extensions ---} - --- CRLBag - -CRLBag ::= SEQUENCE { - crlId --BAG-TYPE.&id ({CRLTypes})-- OBJECT IDENTIFIER, - crlValue [0] EXPLICIT --BAG-TYPE.&Type ({CRLTypes}{@crlId})-- ANY -} - ---x509CRL BAG-TYPE ::= --- {OCTET STRING IDENTIFIED BY {crlTypes 1}} - -- DER-encoded X.509 CRL stored in OCTET STRING - ---CRLTypes BAG-TYPE ::= { --- x509CRL, --- ... - - For future extensions ---} - --- Secret Bag - -SecretBag ::= SEQUENCE { - secretTypeId --BAG-TYPE.&id ({SecretTypes})-- OBJECT IDENTIFIER, - secretValue [0] EXPLICIT --BAG-TYPE.&Type ({SecretTypes}{@secretTypeId})-- ANY -} - ---SecretTypes BAG-TYPE ::= { --- ... - - For future extensions ---} - --- Attributes - -PKCS12Attribute ::= SEQUENCE { - attrId --ATTRIBUTE.&id ({PKCS12AttrSet})-- OBJECT IDENTIFIER, - attrValues SET OF --ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})-- ANY -} -- This type is compatible with the X.500 type 'Attribute' - ---PKCS12AttrSet ATTRIBUTE ::= { --- friendlyName | --- localKeyId, --- ... - - Other attributes are allowed ---} - ---END - --- We import PKCS#8 here directly rather than creating another dissector - ---PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-8(8) --- modules(1) pkcs-8(1)} - --- $Revision: 1.5 $ - --- This module has been checked for conformance with the ASN.1 --- standard by the OSS ASN.1 Tools - ---DEFINITIONS IMPLICIT TAGS ::= - ---BEGIN - --- EXPORTS All -- --- All types and values defined in this module is exported for use in other --- ASN.1 modules. - ---IMPORTS - ---informationFramework --- FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) --- usefulDefinitions(0) 3} - ---Attribute --- FROM InformationFramework informationFramework - ---AlgorithmIdentifier, ALGORITHM-IDENTIFIER --- FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549) --- pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)}; - --- Private-key information syntax - -PrivateKeyInfo ::= SEQUENCE { - version Version, - privateKeyAlgorithm AlgorithmIdentifier --{{PrivateKeyAlgorithms}}--, - privateKey PrivateKey, - attributes [0] Attributes OPTIONAL } - -Version ::= INTEGER {v1(0)} (v1,...) - -PrivateKey ::= OCTET STRING - -Attributes ::= SET OF Attribute - --- Encrypted private-key information syntax - -EncryptedPrivateKeyInfo ::= SEQUENCE { - encryptionAlgorithm AlgorithmIdentifier --{{KeyEncryptionAlgorithms}}--, - encryptedData EncryptedData -} - -EncryptedData ::= OCTET STRING - ---PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= { --- ... - - For local profiles ---} - ---KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= { --- ... - - For local profiles ---} - --- From RFC 2898 -PBEParameter ::= SEQUENCE { - salt OCTET STRING, - iterationCount INTEGER -} - - -PBKDF2Params ::= SEQUENCE { - salt CHOICE { - specified OCTET STRING, - otherSource AlgorithmIdentifier --{{PBKDF2-SaltSources}}-- - }, - iterationCount INTEGER --(1..MAX)--, - keyLength INTEGER (1..MAX) OPTIONAL, - prf AlgorithmIdentifier --{{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1-- OPTIONAL } - -PBES2Params ::= SEQUENCE { - keyDerivationFunc AlgorithmIdentifier --{{PBES2-KDFs}}--, - encryptionScheme AlgorithmIdentifier --{{PBES2-Encs}}-- } - -PBMAC1Params ::= SEQUENCE { - keyDerivationFunc AlgorithmIdentifier --{{PBMAC1-KDFs}}--, - messageAuthScheme AlgorithmIdentifier --{{PBMAC1-MACs}}-- } - - -END - - diff --git a/asn1/pkcs12/pkcs12.cnf b/asn1/pkcs12/pkcs12.cnf deleted file mode 100644 index a1b576e5a8..0000000000 --- a/asn1/pkcs12/pkcs12.cnf +++ /dev/null @@ -1,159 +0,0 @@ -# pkcs12.cnf -# PKCS12 conformation file - -#.MODULE_IMPORT -PKCS-7 cms -PKCS-5 x509af - -#.IMPORT ../cms/cms-exp.cnf -#.IMPORT ../x509if/x509if-exp.cnf -#.IMPORT ../x509af/x509af-exp.cnf - -#.EXPORTS - -#.REGISTER -KeyBag B "1.2.840.113549.1.12.10.1.1" "keyBag" -PKCS8ShroudedKeyBag B "1.2.840.113549.1.12.10.1.2" "pkcs8ShroudedKeyBag" -CertBag B "1.2.840.113549.1.12.10.1.3" "certBag" -SecretBag B "1.2.840.113549.1.12.10.1.4" "secretBag" -CRLBag B "1.2.840.113549.1.12.10.1.5" "crlBag" -SafeContents B "1.2.840.113549.1.12.10.1.6" "safeContentsBag" - -# PKCS#9 Attributes - see master list in x509sat.cnf -PFX B "2.16.840.1.113730.3.1.216" "pkcs-9-at-PKCS12" -EncryptedPrivateKeyInfo B "1.2.840.113549.1.9.25.2" "pkcs-9-at-encryptedPrivateKeyInfo" - -# Password Based Encryption -PBEParameter B "1.2.840.113549.1.12.1.1" "pbeWithSHAAnd128BitRC4" -PBEParameter B "1.2.840.113549.1.12.1.2" "pbeWithSHAAnd40BitRC4" -PBEParameter B "1.2.840.113549.1.12.1.3" "pbeWithSHAAnd3-KeyTripleDES-CBC" -PBEParameter B "1.2.840.113549.1.12.1.4" "pbeWithSHAAnd2-KeyTripleDES-CBC" -PBEParameter B "1.2.840.113549.1.12.1.5" "pbeWithSHAAnd128BitRC2-CBC" -PBEParameter B "1.2.840.113549.1.12.1.6" "pbeWithSHAAnd40BitRC2-CBC" - -PBEParameter B "1.2.840.113549.1.5.1" "pbeWithMD2AndDES-CBC" -PBEParameter B "1.2.840.113549.1.5.3" "pbeWithMD5AndDES-CBC" -PBEParameter B "1.2.840.113549.1.5.4" "pbeWithMD2AndRC2-CBC" -PBEParameter B "1.2.840.113549.1.5.6" "pbeWithMD5AndRC2-CBC" -PBEParameter B "1.2.840.113549.1.5.10" "pbeWithSHA1AndDES-CBC" -PBEParameter B "1.2.840.113549.1.5.11" "pbeWithSHA1AndRC2-CBC" - -PBKDF2Params B "1.2.840.113549.1.5.12" "id-PBKDF2" -PBES2Params B "1.2.840.113549.1.5.13" "id-PBES2" -PBMAC1Params B "1.2.840.113549.1.5.14" "id-PBMAC1" - -#.NO_EMIT - -#.TYPE_RENAME - -#.FIELD_RENAME -PrivateKeyInfo/version privateKeyVersion -PBKDF2Params/salt saltChoice - -#.PDU -#AuthenticatedSafe -PrivateKeyInfo - -#.FN_BODY PFX - dissector_handle_t dissector_handle; - - /* we change the CMS id-data dissector to dissect as AuthenticatedSafe - not sure why PKCS#12 couldn't have used its own content type OID for AuthenticatedSafe */ - dissector_handle=create_dissector_handle(dissect_AuthenticatedSafe_OCTETSTRING_PDU, proto_pkcs12); - dissector_change_string("ber.oid", "1.2.840.113549.1.7.1", dissector_handle); - - %(DEFAULT_BODY)s - - /* restore the original dissector */ - dissector_reset_string("ber.oid", "1.2.840.113549.1.7.1"); - -#.FN_BODY AuthenticatedSafe - dissector_handle_t dissector_handle; - - /* we change the CMS id-data dissector to dissect as SafeContents */ - dissector_handle=create_dissector_handle(dissect_SafeContents_OCTETSTRING_PDU, proto_pkcs12); - dissector_change_string("ber.oid", "1.2.840.113549.1.7.1", dissector_handle); - - %(DEFAULT_BODY)s - - /* restore the original dissector */ - dissector_reset_string("ber.oid", "1.2.840.113549.1.7.1"); - -#.FN_PARS SafeBag/bagId FN_VARIANT = _str VAL_PTR = &object_identifier_id -#.FN_FTR SafeBag/bagId - append_oid(tree, object_identifier_id); -#.END - -#.FN_PARS CertBag/certId FN_VARIANT = _str VAL_PTR = &object_identifier_id -#.FN_FTR CertBag/certId - append_oid(tree, object_identifier_id); -#.END - -#.FN_PARS CRLBag/crlId FN_VARIANT = _str VAL_PTR = &object_identifier_id -#.FN_FTR CRLBag/crlId - append_oid(tree, object_identifier_id); -#.END - -#.FN_PARS SecretBag/secretTypeId FN_VARIANT = _str VAL_PTR = &object_identifier_id -#.FN_FTR SecretBag/secretTypeId - append_oid(tree, object_identifier_id); -#.END - -#.FN_PARS PKCS12Attribute/attrId FN_VARIANT = _str VAL_PTR = &object_identifier_id -#.FN_FTR PKCS12Attribute/attrId - append_oid(tree, object_identifier_id); -#.END - -#.FN_BODY SafeBag/bagValue - if(object_identifier_id) - offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); - -#.FN_BODY PKCS12Attribute/attrValues/_item - if(object_identifier_id) - offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); - -#.FN_BODY CertBag/certValue - if(object_identifier_id) - offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); - -#.FN_BODY CRLBag/crlValue - if(object_identifier_id) - offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); - -#.FN_BODY SecretBag/secretValue - if(object_identifier_id) - offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); - -#.FN_HDR PBEParameter - /* initialise the encryption parameters */ - PBE_reset_parameters(); - -#.END - -#.FN_PARS OCTET_STRING VAL_PTR = (hf_index == hf_pkcs12_salt ? &salt : NULL) -#.FN_PARS INTEGER VAL_PTR = (hf_index == hf_pkcs12_iterationCount ? &iteration_count : NULL) - -#.FN_PARS EncryptedData VAL_PTR = &encrypted_tvb - -#.FN_HDR EncryptedData - tvbuff_t *encrypted_tvb; - dissector_handle_t dissector_handle; - -#.END - -#.FN_FTR EncryptedData - - - - dissector_handle=create_dissector_handle(dissect_PrivateKeyInfo_PDU, proto_pkcs12); - dissector_change_string("ber.oid", object_identifier_id, dissector_handle); - - PBE_decrypt_data(object_identifier_id, encrypted_tvb, actx, actx->created_item); - - /* restore the original dissector */ - dissector_reset_string("ber.oid", object_identifier_id); - -#.END - - - |