Support for decrypting of PKCS#12 bag contents.

Supports RC2, RC4 and 3DES with SHA1 Password-based Encryption using libgcrypt functions.
Password is provided as a preference, as is trying to decode with a empty/NULL password. 


svn path=/trunk/; revision=22534

5 files changed, 391 insertions, 33 deletions

diff --git a/asn1/pkcs12/Makefile b/asn1/pkcs12/Makefile
index 11f1a0e3d0..cd770bec11 100644
--- a/asn1/pkcs12/Makefile
+++ b/asn1/pkcs12/Makefile
@@ -7,7 +7,7 @@ all: generate_dissector
 generate_dissector: $(DISSECTOR_FILES)
 
 $(DISSECTOR_FILES): ../../tools/asn2wrs.py pkcs12.asn packet-pkcs12-template.c packet-pkcs12-template.h pkcs12.cnf ../cms/cms-exp.cnf ../x509af/x509af-exp.cnf ../x509if/x509if-exp.cnf
-	python ../../tools/asn2wrs.py -b -e -p pkcs12 -c pkcs12.cnf -s packet-pkcs12-template pkcs12.asn
+	python ../../tools/asn2wrs.py -X -T -b -e -p pkcs12 -c pkcs12.cnf -s packet-pkcs12-template pkcs12.asn
 
 clean:
 	rm -f parsetab.py $(DISSECTOR_FILES) *~
diff --git a/asn1/pkcs12/Makefile.nmake b/asn1/pkcs12/Makefile.nmake
index faad458bf0..16a15f745a 100644
--- a/asn1/pkcs12/Makefile.nmake
+++ b/asn1/pkcs12/Makefile.nmake
@@ -15,7 +15,7 @@ generate_dissector: $(DISSECTOR_FILES)
 
 $(DISSECTOR_FILES): ../../tools/asn2wrs.py pkcs12.asn packet-pkcs12-template.c packet-pkcs12-template.h pkcs12.cnf ../cms/cms-exp.cnf ../x509af/x509af-exp.cnf ../x509if/x509if-exp.cnf
 !IFDEF PYTHON
-	$(PYTHON) "../../tools/asn2wrs.py" -b -e -p $(PROTOCOL_NAME) -c pkcs12.cnf -s packet-pkcs12-template pkcs12.asn
+	$(PYTHON) "../../tools/asn2wrs.py" -X -T -b -e -p $(PROTOCOL_NAME) -c pkcs12.cnf -s packet-pkcs12-template pkcs12.asn
 !ELSE
 	@echo Error: You need Python to use asn2wrs.py
 	@exit 1
diff --git a/asn1/pkcs12/packet-pkcs12-template.c b/asn1/pkcs12/packet-pkcs12-template.c
index 2df5f2df33..b09917c14b 100644
--- a/asn1/pkcs12/packet-pkcs12-template.c
+++ b/asn1/pkcs12/packet-pkcs12-template.c
@@ -32,6 +32,7 @@
 #include <epan/conversation.h>
 #include <epan/oid_resolv.h>
 #include <epan/asn1.h>
+#include <epan/prefs.h>
 
 #include <stdio.h>
 #include <string.h>
@@ -42,18 +43,41 @@
 #include "packet-x509if.h"
 #include "packet-cms.h"
 
+#ifdef _WIN32  
+#include <winposixtype.h>
+#else
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/sysinfo.h>
+#endif
+
+#ifdef HAVE_LIBGCRYPT
+#include "gcrypt.h"
+#endif 
+
 #define PNAME  "PKCS#12: Personal Information Exchange"
 #define PSNAME "PKCS12"
 #define PFNAME "pkcs12"
 
+#define PKCS12_PBE_ARCFOUR_SHA1_OID     "1.2.840.113549.1.12.1.1"
+#define PKCS12_PBE_3DES_SHA1_OID	"1.2.840.113549.1.12.1.3"
+#define PKCS12_PBE_RC2_40_SHA1_OID	"1.2.840.113549.1.12.1.6"
+
 /* Initialize the protocol and registered fields */
 int proto_pkcs12 = -1;
 
-static const char *object_identifier_id = NULL; 
+static int hf_pkcs12_X509Certificate_PDU = -1;
+static gint ett_decrypted_pbe = -1;
 
+static const char *object_identifier_id = NULL; 
+static int iteration_count = 0;
+static tvbuff_t *salt = NULL;
+static gchar	*password = NULL;
+static gboolean try_null_password = FALSE;
 
 static void dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
 static void dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
+static void dissect_PrivateKeyInfo_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
 
 #include "packet-pkcs12-hf.c"
 
@@ -65,12 +89,303 @@ static void append_oid(proto_tree *tree, const char *oid)
   	const char *name = NULL;
 
 	name = get_oid_str_name(oid);
-	proto_item_append_text(tree, " (%%s)", name ? name : oid); 
+	proto_item_append_text(tree, " (%s)", name ? name : oid); 
+}
+
+#ifdef HAVE_LIBGCRYPT
+
+int
+generate_key_or_iv(unsigned int id, tvbuff_t *salt_tvb, unsigned int iter,
+		       const char *pw, unsigned int req_keylen, char * keybuf)
+{
+  int rc;
+  unsigned int i, j;
+  gcry_md_hd_t md;
+  gcry_mpi_t num_b1 = NULL;
+  unsigned int pwlen;
+  char hash[20], buf_b[64], buf_i[128], *p;
+  char *salt;
+  int salt_size;
+  size_t cur_keylen;
+  size_t n;
+  gcry_error_t	err;
+
+  cur_keylen = 0;
+
+  salt_size = tvb_length(salt_tvb);
+  salt = tvb_get_ephemeral_string(salt_tvb, 0, salt_size);
+
+  if (pw == NULL)
+    pwlen = 0;
+  else
+    pwlen = strlen (pw);
+
+  if (pwlen > 63 / 2)
+    {
+      return FALSE;
+    }
+
+  /* Store salt and password in BUF_I */
+  p = buf_i;
+  for (i = 0; i < 64; i++)
+    *p++ = salt[i % salt_size];
+  if (pw)
+    {
+      for (i = j = 0; i < 64; i += 2)
+	{
+	  *p++ = 0;
+	  *p++ = pw[j];
+	  if (++j > pwlen)	/* Note, that we include the trailing zero */
+	    j = 0;
+	}
+    }
+  else
+    memset (p, 0, 64);
+
+  for (;;){
+      err = gcry_md_open(&md, GCRY_MD_SHA1, 0);
+      if (gcry_err_code(err)) {
+		  return FALSE;
+	  }
+      for (i = 0; i < 64; i++) {
+		  unsigned char lid = id & 0xFF;
+		  gcry_md_write (md, &lid, 1);
+	  }
+      
+	  gcry_md_write(md, buf_i, pw ? 128 : 64);
+
+      gcry_md_final (md);
+      memcpy (hash, gcry_md_read (md, 0), 20);
+      
+	  gcry_md_close (md);
+      
+	  for (i = 1; i < iter; i++)
+		  gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20);
+
+      for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
+		  keybuf[cur_keylen++] = hash[i];
+
+	  if (cur_keylen == req_keylen) {
+		  gcry_mpi_release (num_b1);
+		  return TRUE;		/* ready */
+	  }
+
+      /* need more bytes. */
+      for (i = 0; i < 64; i++)
+		  buf_b[i] = hash[i % 20];
+
+	  n = 64;
+
+	  rc = gcry_mpi_scan (&num_b1, GCRYMPI_FMT_USG, buf_b, n, &n);
+
+	  if (rc != 0) {
+		  return FALSE;
+	  }
+
+	  gcry_mpi_add_ui (num_b1, num_b1, 1);
+
+	  for (i = 0; i < 128; i += 64)	{
+		  gcry_mpi_t num_ij;
+		  
+		  n = 64;
+		  rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, n, &n);
+
+		  if (rc != 0) {
+			  return FALSE;
+		  }
+	  
+		  gcry_mpi_add (num_ij, num_ij, num_b1);
+		  gcry_mpi_clear_highbit (num_ij, 64 * 8);
+	  
+		  n = 64;
+
+		  rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, n, &n, num_ij);
+		  if (rc != 0){
+			  return FALSE;
+		  }
+
+		  gcry_mpi_release (num_ij);
+	  }
+  }
+}
+
+#endif 
+
+void PBE_reset_parameters()
+{
+	iteration_count = 0;
+	salt = NULL;
+}
+
+int PBE_decrypt_data(const char *object_identifier_id _U_, tvbuff_t *encrypted_tvb _U_, asn1_ctx_t *actx _U_, proto_item *item _U_)
+{
+#ifdef HAVE_LIBGCRYPT
+	const char	*encryption_algorithm;
+	gcry_cipher_hd_t cipher;
+	gcry_error_t	err;
+	int		algo;
+	int		mode;
+	int		ivlen = 0;
+	int		keylen = 0;
+	int		datalen = 0;
+	char		*key = NULL;
+	char		*iv = NULL;
+	char		*clear_data = NULL;
+	tvbuff_t	*clear_tvb = NULL;
+	const gchar     *oidname;
+	GString		*name;
+	proto_tree	*tree;
+	char		byte;
+	gboolean	decrypt_ok = TRUE;
+	
+	if(((password == NULL) || (*password == '\0')) && (try_null_password == FALSE)) {
+		/* we are not configured to decrypt */
+		return FALSE;
+	}
+
+	encryption_algorithm = x509af_get_last_algorithm_id();
+
+	/* these are the only encryption schemes we understand for now */
+	if(!strcmp(encryption_algorithm, PKCS12_PBE_3DES_SHA1_OID)) {
+		ivlen = 8;
+		keylen = 24;
+		algo = GCRY_CIPHER_3DES;
+		mode = GCRY_CIPHER_MODE_CBC;
+	} else if(!strcmp(encryption_algorithm, PKCS12_PBE_ARCFOUR_SHA1_OID)) {
+		ivlen = 0;
+		keylen = 16;
+		algo = GCRY_CIPHER_ARCFOUR;
+		mode = GCRY_CIPHER_MODE_NONE;
+	} else if(!strcmp(encryption_algorithm, PKCS12_PBE_RC2_40_SHA1_OID)) {
+		ivlen = 8;
+		keylen = 5;
+		algo = GCRY_CIPHER_RFC2268_40;
+		mode = GCRY_CIPHER_MODE_CBC;
+	} else {
+		/* we don't know how to decrypt this */
+	
+		proto_item_append_text(item, " [Unsupported encryption algorithm]");
+		return FALSE;
+	}
+
+	if((iteration_count == 0) || (salt == NULL)) {	
+		proto_item_append_text(item, " [Insufficient parameters]");
+		return FALSE;
+	}
+
+	/* allocate buffers */
+	key = ep_alloc(keylen);
+
+	if(!generate_key_or_iv(1 /*LEY */, salt, iteration_count, password, keylen, key))
+		return FALSE;
+
+	if(ivlen) {
+		
+		iv = ep_alloc(ivlen);
+		
+		if(!generate_key_or_iv(2 /* IV */, salt, iteration_count, password, ivlen, iv))
+			return FALSE;
+	}
+
+	/* now try an internal function */
+	err = gcry_cipher_open(&cipher, algo, mode, NULL);
+	if (gcry_err_code (err))
+			return FALSE;
+
+	err = gcry_cipher_setkey (cipher, key, keylen);  
+	if (gcry_err_code (err)) {
+			gcry_cipher_close (cipher);
+			return FALSE;
+	}
+	
+	if(ivlen) {
+		  err = gcry_cipher_setiv (cipher, iv, ivlen);	  
+		  if (gcry_err_code (err)) {
+			  gcry_cipher_close (cipher);
+			  return FALSE;
+		  }
+	}
+
+	datalen = tvb_length(encrypted_tvb);
+	clear_data = g_malloc(datalen);
+
+	err = gcry_cipher_decrypt (cipher, clear_data, datalen, tvb_get_ephemeral_string(encrypted_tvb, 0, datalen), datalen);
+	if (gcry_err_code (err)) {
+
+		proto_item_append_text(item, " [Failed to decrypt with password preference]");
+
+		gcry_cipher_close (cipher);
+		g_free(clear_data);
+		return FALSE;
+	}
+
+	gcry_cipher_close (cipher);
+
+	/* We don't know if we have successfully decrypted the data or not so we:
+		a) check the trailing bytes 
+		b) see if we start with a sequence or a set (is this too constraining?
+		*/
+
+	/* first the trailing bytes */
+	byte = clear_data[datalen-1];
+	if(byte <= 0x08) {
+		int i;
+
+		for(i = (int)byte; i > 0 ; i--) {
+			if(clear_data[datalen - i] != byte) {
+				decrypt_ok = FALSE;
+				break;
+			}
+		}
+	} else {	
+		/* XXX: is this a failure? */
+	}
+
+	/* we assume the result is ASN.1 - check it is a SET or SEQUENCE */
+	byte = clear_data[0];
+	if((byte != 0x30) && (byte != 0x31)) { /* do we need more here? OCTET STRING? */
+		decrypt_ok = FALSE;
+	}
+
+	if(!decrypt_ok) {
+		g_free(clear_data);
+		proto_item_append_text(item, " [Failed to decrypt with supplied password]");
+
+		return FALSE;
+	}
+
+	proto_item_append_text(item, " [Decrypted successfully]");
+
+	tree = proto_item_add_subtree(item, ett_decrypted_pbe);
+
+	/* OK - so now clear_data contains the decrypted data */
+
+	clear_tvb = tvb_new_real_data((const guint8 *)clear_data, datalen, datalen);
+	tvb_set_free_cb(clear_tvb, g_free);
+
+	name = g_string_new("");
+	oidname = get_oid_str_name(object_identifier_id);
+	g_string_sprintf(name, "Decrypted %s", oidname ? oidname : object_identifier_id);
+
+	/* add it as a new source */
+	add_new_data_source(actx->pinfo, clear_tvb, name->str);
+	
+	g_string_free(name, TRUE);
+
+	/* now try and decode it */
+	call_ber_oid_callback(object_identifier_id, clear_tvb, 0, actx->pinfo, tree);
+
+	return TRUE;		
+#else
+	/* we cannot decrypt */
+	return FALSE;
+
+#endif
 }
 
 #include "packet-pkcs12-fn.c"
 
-static int strip_octet_string(tvbuff_t *tvb, proto_tree *tree) 
+static int strip_octet_string(tvbuff_t *tvb) 
 {
   gint8 class;
   gboolean pc, ind;
@@ -88,8 +403,6 @@ static int strip_octet_string(tvbuff_t *tvb, proto_tree *tree)
   if((class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_OCTETSTRING))
     return offset;
 
-  proto_tree_add_text(tree, tvb, 0, 1, "BER Error: OCTET STRING expected");
-
   return 0;
 
 }
@@ -99,8 +412,10 @@ static void dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info
   asn1_ctx_t asn1_ctx;
   asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
 
-  if((offset = strip_octet_string(tvb, tree)) > 0)
+  if((offset = strip_octet_string(tvb)) > 0)
     dissect_pkcs12_AuthenticatedSafe(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_AuthenticatedSafe_PDU);
+  else
+	proto_tree_add_text(tree, tvb, 0, 1, "BER Error: OCTET STRING expected");
 }
 
 static void dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) 
@@ -109,46 +424,41 @@ static void dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pin
   asn1_ctx_t asn1_ctx;
   asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
 
-  if((offset = strip_octet_string(tvb, tree)) > 0)
-    dissect_pkcs12_SafeContents(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_SafeContents_PDU);
+  offset = strip_octet_string(tvb);
+  
+  dissect_pkcs12_SafeContents(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_SafeContents_PDU);
 }
 
-#if 0 
-static int decrypt_data(tvbuff_t *encrypted_data, 
-			/* enc_params */
-			gnu_tls_ciper_algorithm cipher,
-			int iter_count,
-			/* kdf_params */
-			gnutls_datum_t *salt, size_t salt_size,
-			gnutls_datum_t *iv, size_t iv_size,
-			size_t key_size, 
-			tvb_buff_t **decrypted_data)
+static void dissect_X509Certificate_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) 
 {
+  int offset = 0;
+  asn1_ctx_t asn1_ctx;
+  asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
 
-
-  
-
-  if(key_size == 0) 
-    key_size = gnutls_cipher_get_key_size(cipher);
-
-
+  if((offset = strip_octet_string(tvb)) > 0)
+	dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_X509Certificate_PDU);
+  else
+	proto_tree_add_text(tree, tvb, 0, 1, "BER Error: OCTET STRING expected");
 }
-			
-# endif /* 0 */
 
 /*--- proto_register_pkcs12 ----------------------------------------------*/
 void proto_register_pkcs12(void) {
 
   /* List of fields */
   static hf_register_info hf[] = {
-
+	{ &hf_pkcs12_X509Certificate_PDU,
+      { "X509Certificate", "pkcs12.X509Certificate",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "pkcs12.X509Certificate", HFILL }},
 #include "packet-pkcs12-hfarr.c"
   };
 
   /* List of subtrees */
   static gint *ett[] = {
+	  &ett_decrypted_pbe,
 #include "packet-pkcs12-ettarr.c"
   };
+  module_t *pkcs12_module;
 
   /* Register protocol */
   proto_pkcs12 = proto_register_protocol(PNAME, PSNAME, PFNAME);
@@ -157,6 +467,19 @@ void proto_register_pkcs12(void) {
   proto_register_field_array(proto_pkcs12, hf, array_length(hf));
   proto_register_subtree_array(ett, array_length(ett));
 
+  /* Register preferences */
+  pkcs12_module = prefs_register_protocol(proto_pkcs12, NULL);
+
+  prefs_register_string_preference(pkcs12_module, "password",
+	"Password to decrypt the file with",
+	"The password to used to decrypt the encrypted elements within"
+	" the PKCS#12 file", &password);
+
+  prefs_register_bool_preference(pkcs12_module, "try_null_password",
+	"Try to decrypt with a empty password",
+	"Whether to try and decrypt the encrypted data within the"
+	" PKCS#12 with a NULL password", &try_null_password);
+
   register_ber_syntax_dissector("PKCS#12", proto_pkcs12, dissect_PFX_PDU); 
   register_ber_oid_syntax(".p12", NULL, "PKCS#12");
   register_ber_oid_syntax(".pfx", NULL, "PKCS#12");
@@ -167,5 +490,7 @@ void proto_register_pkcs12(void) {
 void proto_reg_handoff_pkcs12(void) {
 #include "packet-pkcs12-dis-tab.c"
 
+	register_ber_oid_dissector("1.2.840.113549.1.9.22.1", dissect_X509Certificate_OCTETSTRING_PDU, proto_pkcs12, "x509Certificate");
+
 }
 
diff --git a/asn1/pkcs12/packet-pkcs12-template.h b/asn1/pkcs12/packet-pkcs12-template.h
index ec83dd7bca..9f46059d12 100644
--- a/asn1/pkcs12/packet-pkcs12-template.h
+++ b/asn1/pkcs12/packet-pkcs12-template.h
@@ -26,5 +26,8 @@
 #ifndef PACKET_PKCS12_H
 #define PACKET_PKCS12_H
 
+void PBE_reset_parameters(void);
+int PBE_decrypt_data(const char *object_identifier_id, tvbuff_t *encrypted_tvb, asn1_ctx_t *actx, proto_item *item);
+
 #endif  /* PACKET_PKCS12_H */
 
diff --git a/asn1/pkcs12/pkcs12.cnf b/asn1/pkcs12/pkcs12.cnf
index 562c9027eb..39e95352ed 100644
--- a/asn1/pkcs12/pkcs12.cnf
+++ b/asn1/pkcs12/pkcs12.cnf
@@ -13,7 +13,6 @@ PKCS-5	x509af
 
 #.EXPORTS
 
-
 #.REGISTER
 KeyBag				B "1.2.840.113549.1.12.10.1.1"	"keyBag"
 PKCS8ShroudedKeyBag	B "1.2.840.113549.1.12.10.1.2"	"pkcs8ShroudedKeyBag"
@@ -55,6 +54,7 @@ PBKDF2Params/salt		saltChoice
 
 #.PDU
 AuthenticatedSafe
+PrivateKeyInfo
 
 #.FN_BODY PFX
 	dissector_handle_t dissector_handle;
@@ -96,8 +96,8 @@ AuthenticatedSafe
   append_oid(tree, object_identifier_id);
 #.END
 
-#.FN_PARS SecretBag/secretId 	FN_VARIANT = _str VAL_PTR = &object_identifier_id
-#.FN_FTR SecretBag/secretId
+#.FN_PARS SecretBag/secretTypeId 	FN_VARIANT = _str VAL_PTR = &object_identifier_id
+#.FN_FTR SecretBag/secretTypeId
   append_oid(tree, object_identifier_id);
 #.END
 
@@ -125,7 +125,37 @@ AuthenticatedSafe
 #.FN_BODY SecretBag/secretValue
 	if(object_identifier_id)
 		offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
+		
+#.FN_HDR PBEParameter
+	/* initialise the encryption parameters */
+	PBE_reset_parameters();
+
+#.END
+
+#.FN_PARS OCTET_STRING VAL_PTR = (hf_index == hf_pkcs12_salt ? &salt : NULL)
+#.FN_PARS INTEGER VAL_PTR = (hf_index == hf_pkcs12_iterationCount ? &iteration_count : NULL)
+
+#.FN_PARS EncryptedData VAL_PTR = &encrypted_tvb
+
+#.FN_HDR EncryptedData
+	tvbuff_t *encrypted_tvb;
+	dissector_handle_t dissector_handle;
+	proto_item *item;
+#.END
+
+#.FN_FTR EncryptedData
 
+	item = get_ber_last_created_item();
+
+	dissector_handle=create_dissector_handle(dissect_PrivateKeyInfo_PDU, proto_pkcs12);
+	dissector_change_string("ber.oid", (gchar*) object_identifier_id, dissector_handle);
+	
+	PBE_decrypt_data(object_identifier_id, encrypted_tvb, actx, item);
+	
+	/* restore the original dissector */
+	dissector_reset_string("ber.oid", object_identifier_id);
+	
 #.END
 
 
+