diff options
author | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2007-01-13 15:26:13 +0000 |
---|---|---|
committer | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2007-01-13 15:26:13 +0000 |
commit | 7d3a4e92643ab8942a44e2dc5bca6e4e427d4bf0 (patch) | |
tree | e79b474786b42d3e673f7bf695c8f4226365ca95 /asn1 | |
parent | d3a85fae38cfbea3ae6ab46892c6c10c7687da98 (diff) |
New protocol dissector for PKCS#12 - Personal Information Exchange Syntax.
Generally found within a file (.p12 or .pfx) or as a directory attribute (userPKCS12 from iNetOrgPerson).
Wiki page and sample file to follow.
svn path=/trunk/; revision=20416
Diffstat (limited to 'asn1')
-rw-r--r-- | asn1/cms/cms-exp.cnf | 4 | ||||
-rw-r--r-- | asn1/cms/cms.cnf | 22 | ||||
-rw-r--r-- | asn1/cms/packet-cms-template.c | 3 | ||||
-rw-r--r-- | asn1/pkcs12/Makefile | 16 | ||||
-rw-r--r-- | asn1/pkcs12/Makefile.nmake | 46 | ||||
-rw-r--r-- | asn1/pkcs12/packet-pkcs12-template.c | 159 | ||||
-rw-r--r-- | asn1/pkcs12/packet-pkcs12-template.h | 30 | ||||
-rw-r--r-- | asn1/pkcs12/pkcs12.asn | 277 | ||||
-rw-r--r-- | asn1/pkcs12/pkcs12.cnf | 117 | ||||
-rw-r--r-- | asn1/x509sat/x509sat-exp.cnf | 2 | ||||
-rw-r--r-- | asn1/x509sat/x509sat.cnf | 28 |
11 files changed, 697 insertions, 7 deletions
diff --git a/asn1/cms/cms-exp.cnf b/asn1/cms/cms-exp.cnf index 5d7aa8672b..0eb30a20a9 100644 --- a/asn1/cms/cms-exp.cnf +++ b/asn1/cms/cms-exp.cnf @@ -20,6 +20,8 @@ SignedAttributes BER_CLASS_UNI BER_UNI_TAG_SET UnsignedAttributes BER_CLASS_UNI BER_UNI_TAG_SET SignatureValue BER_CLASS_UNI BER_UNI_TAG_OCTETSTRING EnvelopedData BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +Digest BER_CLASS_UNI BER_UNI_TAG_OCTETSTRING +DigestAlgorithmIdentifier BER_CLASS_UNI BER_UNI_TAG_SEQUENCE IssuerAndSerialNumber BER_CLASS_UNI BER_UNI_TAG_SEQUENCE Countersignature BER_CLASS_UNI BER_UNI_TAG_SEQUENCE #.END @@ -37,6 +39,8 @@ SignedAttributes TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL UnsignedAttributes TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 SignatureValue TYPE = FT_BYTES DISPLAY = BASE_HEX STRINGS = NULL BITMASK = 0 EnvelopedData TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +Digest TYPE = FT_BYTES DISPLAY = BASE_HEX STRINGS = NULL BITMASK = 0 +DigestAlgorithmIdentifier TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 IssuerAndSerialNumber TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 Countersignature TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 #.END diff --git a/asn1/cms/cms.cnf b/asn1/cms/cms.cnf index 04d2d72217..853c5e0bf0 100644 --- a/asn1/cms/cms.cnf +++ b/asn1/cms/cms.cnf @@ -10,6 +10,8 @@ ContentInfo ContentType Countersignature +Digest +DigestAlgorithmIdentifier DigestAlgorithmIdentifiers EncapsulatedContentInfo EnvelopedData @@ -24,6 +26,7 @@ UnsignedAttributes #.REGISTER ContentInfo B "1.2.840.113549.1.9.16.1.6" "id-ct-contentInfo" +#OctetString B "1.2.840.113549.1.7.1" "id-data" see x509sat.cnf SignedData B "1.2.840.113549.1.7.2" "id-signedData" EnvelopedData B "1.2.840.113549.1.7.3" "id-envelopedData" DigestedData B "1.2.840.113549.1.7.5" "id-digestedData" @@ -52,16 +55,22 @@ EncryptedContentInfo/contentType encryptedContentType content_tvb = NULL; top_tree = NULL; -#.FN_BODY ContentInfo/contentType - offset = dissect_ber_object_identifier_str(FALSE, pinfo, tree, tvb, offset, - hf_cms_ci_contentType, &object_identifier_id); +#.FN_PARS ContentType + FN_VARIANT = _str VAL_PTR = &object_identifier_id + +#.FN_BODY ContentType + const char *name = NULL; + + %(DEFAULT_BODY)s + + if(object_identifier_id) { + name = get_oid_str_name(object_identifier_id); + proto_item_append_text(tree, " (%%s)", name ? name : object_identifier_id); + } #.FN_BODY ContentInfo/content offset=call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree); -#.FN_BODY EncapsulatedContentInfo/eContentType - offset = dissect_ber_object_identifier_str(FALSE, pinfo, tree, tvb, offset, - hf_cms_ci_contentType, &object_identifier_id); #.FN_BODY EncapsulatedContentInfo/eContent gint8 class; @@ -78,6 +87,7 @@ EncryptedContentInfo/contentType encryptedContentType content_offset = pdu_offset = get_ber_length(tree, tvb, pdu_offset, &len, &ind); pdu_offset = call_ber_oid_callback(object_identifier_id, tvb, pdu_offset, pinfo, top_tree ? top_tree : tree); + /* save the content for checking the message digest */ content_tvb = tvb_new_subset(tvb, content_offset, len, -1); #.FN_PARS OtherKeyAttribute/keyAttrId diff --git a/asn1/cms/packet-cms-template.c b/asn1/cms/packet-cms-template.c index 678959149d..6ceb9da072 100644 --- a/asn1/cms/packet-cms-template.c +++ b/asn1/cms/packet-cms-template.c @@ -162,5 +162,8 @@ void proto_register_cms(void) { /*--- proto_reg_handoff_cms -------------------------------------------*/ void proto_reg_handoff_cms(void) { #include "packet-cms-dis-tab.c" + + add_oid_str_name("1.2.840.113549.1.7.1", "id-data"); + } diff --git a/asn1/pkcs12/Makefile b/asn1/pkcs12/Makefile new file mode 100644 index 0000000000..11f1a0e3d0 --- /dev/null +++ b/asn1/pkcs12/Makefile @@ -0,0 +1,16 @@ +# $Id$ + +DISSECTOR_FILES=packet-pkcs12.c packet-pkcs12.h + +all: generate_dissector + +generate_dissector: $(DISSECTOR_FILES) + +$(DISSECTOR_FILES): ../../tools/asn2wrs.py pkcs12.asn packet-pkcs12-template.c packet-pkcs12-template.h pkcs12.cnf ../cms/cms-exp.cnf ../x509af/x509af-exp.cnf ../x509if/x509if-exp.cnf + python ../../tools/asn2wrs.py -b -e -p pkcs12 -c pkcs12.cnf -s packet-pkcs12-template pkcs12.asn + +clean: + rm -f parsetab.py $(DISSECTOR_FILES) *~ + +copy_files: generate_dissector + cp $(DISSECTOR_FILES) ../../epan/dissectors diff --git a/asn1/pkcs12/Makefile.nmake b/asn1/pkcs12/Makefile.nmake new file mode 100644 index 0000000000..8669262858 --- /dev/null +++ b/asn1/pkcs12/Makefile.nmake @@ -0,0 +1,46 @@ +## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake +# +# $Id$ + +include ../../config.nmake + +UNIX2DOS=$(PERL) ../../tools/unix2dos.pl + +PROTOCOL_NAME=pkcs12 +DISSECTOR_FILES=packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).h + +all: generate_dissector + +generate_dissector: $(DISSECTOR_FILES) + +$(DISSECTOR_FILES): ../../tools/asn2wrs.py pkcs12.asn packet-pkcs12-template.c packet-pkcs12-template.h pkcs12.cnf ../cms/cms-exp.cnf ../x509af/x509af-exp.cnf ../x509if/x509if-exp.cnf +!IFDEF PYTHON + $(PYTHON) ../../tools/asn2wrs.py -b -e -p $(PROTOCOL_NAME) -c pkcs12.cnf -s packet-pkcs12-template pkcs12.asn +!ELSE + @echo Error: You need Python to use asn2wrs.py + @exit 1 +!ENDIF + +clean: + rm -f parsetab.py parsetab.pyc $(DISSECTOR_FILES) + +distclean: clean + +maintainer-clean: distclean + +# Fix EOL in generated dissectors. Cygwin's python generates files with +# mixed EOL styles, which can't be commited to the SVN repository. +# Stuff included from template and "cnf" files has "\r\n" on windows, while +# the generated stuff has "\n". + +fix_eol: generate_dissector + move packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).c.tmp + move packet-$(PROTOCOL_NAME).h packet-$(PROTOCOL_NAME).h.tmp + $(UNIX2DOS) < packet-$(PROTOCOL_NAME).c.tmp > packet-$(PROTOCOL_NAME).c + $(UNIX2DOS) < packet-$(PROTOCOL_NAME).h.tmp > packet-$(PROTOCOL_NAME).h + del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp + +copy_files: generate_dissector fix_eol + xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y + xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y + diff --git a/asn1/pkcs12/packet-pkcs12-template.c b/asn1/pkcs12/packet-pkcs12-template.c new file mode 100644 index 0000000000..04997031cd --- /dev/null +++ b/asn1/pkcs12/packet-pkcs12-template.c @@ -0,0 +1,159 @@ +/* packet-pkcs12.c + * Routines for PKCS#12: Personal Information Exchange packet dissection + * Graeme Lunt 2006 + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <glib.h> +#include <epan/packet.h> +#include <epan/conversation.h> +#include <epan/oid_resolv.h> + +#include <stdio.h> +#include <string.h> + +#include "packet-ber.h" +#include "packet-pkcs12.h" +#include "packet-x509af.h" +#include "packet-x509if.h" +#include "packet-cms.h" + +#define PNAME "PKCS#12: Personal Information Exchange" +#define PSNAME "PKCS12" +#define PFNAME "pkcs12" + +/* Initialize the protocol and registered fields */ +int proto_pkcs12 = -1; + +static const char *object_identifier_id = NULL; +static const gchar *pref_password = NULL; + + +static void dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); +static void dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); + +#include "packet-pkcs12-hf.c" + +/* Initialize the subtree pointers */ +#include "packet-pkcs12-ett.c" + +#include "packet-pkcs12-fn.c" + +static int strip_octet_string(tvbuff_t *tvb, proto_tree *tree) +{ + gint8 class; + gboolean pc, ind; + gint32 tag; + guint32 len; + int offset = 0; + + /* PKCS#7 encodes the content as OCTET STRING, whereas CMS is just any ANY */ + /* if we use CMS (rather than PKCS#7) - which we are - we need to strip the OCTET STRING tag */ + /* before proceeding */ + + offset = get_ber_identifier(tvb, 0, &class, &pc, &tag); + offset = get_ber_length(NULL, tvb, offset, &len, &ind); + + if((class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_OCTETSTRING)) + return offset; + + proto_tree_add_text(tree, tvb, 0, 1, "BER Error: OCTET STRING expected"); + + return 0; + +} + +static void dissect_AuthenticatedSafe_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { + int offset = 0; + + if((offset = strip_octet_string(tvb, tree)) > 0) + dissect_pkcs12_AuthenticatedSafe(FALSE, tvb, offset, pinfo, tree, hf_pkcs12_AuthenticatedSafe_PDU); +} + +static void dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + int offset = 0; + + if((offset = strip_octet_string(tvb, tree)) > 0) + dissect_pkcs12_SafeContents(FALSE, tvb, offset, pinfo, tree, hf_pkcs12_SafeContents_PDU); +} + +#if 0 +static int decrypt_data(tvbuff_t *encrypted_data, + /* enc_params */ + gnu_tls_ciper_algorithm cipher, + int iter_count, + /* kdf_params */ + gnutls_datum_t *salt, size_t salt_size, + gnutls_datum_t *iv, size_t iv_size, + size_t key_size, + tvb_buff_t **decrypted_data) +{ + + + + + if(key_size == 0) + key_size = gnutls_cipher_get_key_size(cipher); + + +} + +# endif /* 0 */ + +/*--- proto_register_pkcs12 ----------------------------------------------*/ +void proto_register_pkcs12(void) { + + /* List of fields */ + static hf_register_info hf[] = { + +#include "packet-pkcs12-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { +#include "packet-pkcs12-ettarr.c" + }; + + /* Register protocol */ + proto_pkcs12 = proto_register_protocol(PNAME, PSNAME, PFNAME); + + /* Register fields and subtrees */ + proto_register_field_array(proto_pkcs12, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + register_ber_syntax_dissector("PKCS#12", proto_pkcs12, dissect_PFX_PDU); + register_ber_oid_syntax(".p12", NULL, "PKCS#12"); + register_ber_oid_syntax(".pfx", NULL, "PKCS#12"); +} + + +/*--- proto_reg_handoff_pkcs12 -------------------------------------------*/ +void proto_reg_handoff_pkcs12(void) { +#include "packet-pkcs12-dis-tab.c" + +} + diff --git a/asn1/pkcs12/packet-pkcs12-template.h b/asn1/pkcs12/packet-pkcs12-template.h new file mode 100644 index 0000000000..ec83dd7bca --- /dev/null +++ b/asn1/pkcs12/packet-pkcs12-template.h @@ -0,0 +1,30 @@ +/* packet-pkcs12.h + * Routines for PKCS#12 Personal Information Exchange packet dissection + * Graeme Lunt 2006 + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifndef PACKET_PKCS12_H +#define PACKET_PKCS12_H + +#endif /* PACKET_PKCS12_H */ + diff --git a/asn1/pkcs12/pkcs12.asn b/asn1/pkcs12/pkcs12.asn new file mode 100644 index 0000000000..70c35d6798 --- /dev/null +++ b/asn1/pkcs12/pkcs12.asn @@ -0,0 +1,277 @@ +PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-12(12) modules(0) pkcs-12(1)} + +-- $Revision$ + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL +-- All types and values defined in this module is exported for use in +-- other ASN.1 modules. + +IMPORTS + +--informationFramework +-- FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) +-- usefulDefinitions(0) 3} + +Attribute + FROM InformationFramework informationFramework + +ContentInfo, --DigestInfo-- Digest, DigestAlgorithmIdentifier + FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)} + +--PrivateKeyInfo, EncryptedPrivateKeyInfo +-- FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) +-- pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)} +-- +--pkcs-9, friendlyName, localKeyId, certTypes, crlTypes +-- FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) +-- pkcs(1) pkcs-9(9) modules(0) pkcs-9(1) };-- + +-- A PKCS#8 IMPORT from below +AlgorithmIdentifier, ALGORITHM-IDENTIFIER + FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)}; + + +-- Object identifiers + +--rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)} +--pkcs OBJECT IDENTIFIER ::= {rsadsi pkcs(1)} +--pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12} +--pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} +--pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} +--pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} +--pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} +--pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} +--pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} +--pbewithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} + +--bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1} + +-- The PFX PDU + +PFX ::= SEQUENCE { + version INTEGER {v3(3)}(v3,...), + authSafe ContentInfo, + macData MacData OPTIONAL +} + +MacData ::= SEQUENCE { + mac DigestInfo, + macSalt OCTET STRING, + iterations INTEGER DEFAULT 1 +-- Note: The default is for historical reasons and its use is +-- deprecated. A higher value, like 1024 is recommended. +} + +-- Imported from PKCS#7 +DigestInfo ::= SEQUENCE { + digestAlgorithm DigestAlgorithmIdentifier, + digest Digest +} + +AuthenticatedSafe ::= SEQUENCE OF ContentInfo + -- Data if unencrypted + -- EncryptedData if password-encrypted + -- EnvelopedData if public key-encrypted + +SafeContents ::= SEQUENCE OF SafeBag + +SafeBag ::= SEQUENCE { + bagId -- BAG-TYPE.&id ({PKCS12BagSet}) -- OBJECT IDENTIFIER, + bagValue [0] EXPLICIT --BAG-TYPE.&Type({PKCS12BagSet}{@bagId}) -- ANY, + bagAttributes SET OF PKCS12Attribute OPTIONAL +} + +-- Bag types + +--keyBag BAG-TYPE ::= +-- {KeyBag IDENTIFIED BY {bagtypes 1}} +--pkcs8ShroudedKeyBag BAG-TYPE ::= +-- {PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}} +--certBag BAG-TYPE ::= +-- {CertBag IDENTIFIED BY {bagtypes 3}} +--crlBag BAG-TYPE ::= +-- {CRLBag IDENTIFIED BY {bagtypes 4}} +--secretBag BAG-TYPE ::= +-- {SecretBag IDENTIFIED BY {bagtypes 5}} +--safeContentsBag BAG-TYPE ::= +-- {SafeContents IDENTIFIED BY {bagtypes 6}} + +--PKCS12BagSet BAG-TYPE ::= { +-- keyBag | +-- pkcs8ShroudedKeyBag | +-- certBag | +-- crlBag | +-- secretBag | +-- safeContentsBag, +-- ... - - For future extensions +--} + +--BAG-TYPE ::= TYPE-IDENTIFIER + +-- KeyBag + +KeyBag ::= PrivateKeyInfo + +-- Shrouded KeyBag + +PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo + +-- CertBag + +CertBag ::= SEQUENCE { + certId --BAG-TYPE.&id ({CertTypes}) -- OBJECT IDENTIFIER, + certValue [0] EXPLICIT --BAG-TYPE.&Type ({CertTypes}{@certId})-- ANY +} + +--x509Certificate BAG-TYPE ::= +-- {OCTET STRING IDENTIFIED BY {certTypes 1}} + -- DER-encoded X.509 certificate stored in OCTET STRING +--sdsiCertificate BAG-TYPE ::= +-- {IA5String IDENTIFIED BY {certTypes 2}} + -- Base64-encoded SDSI certificate stored in IA5String + +--CertTypes BAG-TYPE ::= { +-- x509Certificate | +-- sdsiCertificate, +-- ... - - For future extensions +--} + +-- CRLBag + +CRLBag ::= SEQUENCE { + crlId --BAG-TYPE.&id ({CRLTypes})-- OBJECT IDENTIFIER, + crlValue [0] EXPLICIT --BAG-TYPE.&Type ({CRLTypes}{@crlId})-- ANY +} + +--x509CRL BAG-TYPE ::= +-- {OCTET STRING IDENTIFIED BY {crlTypes 1}} + -- DER-encoded X.509 CRL stored in OCTET STRING + +--CRLTypes BAG-TYPE ::= { +-- x509CRL, +-- ... - - For future extensions +--} + +-- Secret Bag + +SecretBag ::= SEQUENCE { + secretTypeId --BAG-TYPE.&id ({SecretTypes})-- OBJECT IDENTIFIER, + secretValue [0] EXPLICIT --BAG-TYPE.&Type ({SecretTypes}{@secretTypeId})-- ANY +} + +--SecretTypes BAG-TYPE ::= { +-- ... - - For future extensions +--} + +-- Attributes + +PKCS12Attribute ::= SEQUENCE { + attrId --ATTRIBUTE.&id ({PKCS12AttrSet})-- OBJECT IDENTIFIER, + attrValues SET OF --ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})-- ANY +} -- This type is compatible with the X.500 type 'Attribute' + +--PKCS12AttrSet ATTRIBUTE ::= { +-- friendlyName | +-- localKeyId, +-- ... - - Other attributes are allowed +--} + +--END + +-- We import PKCS#8 here directly rather than creating another dissector + +--PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-8(8) +-- modules(1) pkcs-8(1)} + +-- $Revision: 1.5 $ + +-- This module has been checked for conformance with the ASN.1 +-- standard by the OSS ASN.1 Tools + +--DEFINITIONS IMPLICIT TAGS ::= + +--BEGIN + +-- EXPORTS All -- +-- All types and values defined in this module is exported for use in other +-- ASN.1 modules. + +--IMPORTS + +--informationFramework +-- FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) +-- usefulDefinitions(0) 3} + +--Attribute +-- FROM InformationFramework informationFramework + +--AlgorithmIdentifier, ALGORITHM-IDENTIFIER +-- FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549) +-- pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)}; + +-- Private-key information syntax + +PrivateKeyInfo ::= SEQUENCE { + version Version, + privateKeyAlgorithm AlgorithmIdentifier --{{PrivateKeyAlgorithms}}--, + privateKey PrivateKey, + attributes [0] Attributes OPTIONAL } + +Version ::= INTEGER {v1(0)} (v1,...) + +PrivateKey ::= OCTET STRING + +Attributes ::= SET OF Attribute + +-- Encrypted private-key information syntax + +EncryptedPrivateKeyInfo ::= SEQUENCE { + encryptionAlgorithm AlgorithmIdentifier --{{KeyEncryptionAlgorithms}}--, + encryptedData EncryptedData +} + +EncryptedData ::= OCTET STRING + +--PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= { +-- ... - - For local profiles +--} + +--KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= { +-- ... - - For local profiles +--} + +-- From RFC 2898 +PBEParameter ::= SEQUENCE { + salt OCTET STRING, + iterationCount INTEGER +} + + +PBKDF2Params ::= SEQUENCE { + salt CHOICE { + specified OCTET STRING, + otherSource AlgorithmIdentifier --{{PBKDF2-SaltSources}}-- + }, + iterationCount INTEGER --(1..MAX)--, + keyLength INTEGER (1..MAX) OPTIONAL, + prf AlgorithmIdentifier --{{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1-- OPTIONAL } + +PBES2Params ::= SEQUENCE { + keyDerivationFunc AlgorithmIdentifier --{{PBES2-KDFs}}--, + encryptionScheme AlgorithmIdentifier --{{PBES2-Encs}}-- } + +PBMAC1Params ::= SEQUENCE { + keyDerivationFunc AlgorithmIdentifier --{{PBMAC1-KDFs}}--, + messageAuthScheme AlgorithmIdentifier --{{PBMAC1-MACs}}-- } + + +END + + diff --git a/asn1/pkcs12/pkcs12.cnf b/asn1/pkcs12/pkcs12.cnf new file mode 100644 index 0000000000..4a86238dc4 --- /dev/null +++ b/asn1/pkcs12/pkcs12.cnf @@ -0,0 +1,117 @@ +# pkcs12.cnf +# PKCS12 conformation file + +# $Id$ + +#.MODULE_IMPORT +PKCS-7 cms +PKCS-5 x509af + +#.INCLUDE ../cms/cms-exp.cnf +#.INCLUDE ../x509if/x509if-exp.cnf +#.INCLUDE ../x509af/x509af-exp.cnf + +#.EXPORTS + + +#.REGISTER +KeyBag B "1.2.840.113549.1.12.10.1.1" "keyBag" +PKCS8ShroudedKeyBag B "1.2.840.113549.1.12.10.1.2" "pkcs8ShroudedKeyBag" +CertBag B "1.2.840.113549.1.12.10.1.3" "certBag" +SecretBag B "1.2.840.113549.1.12.10.1.4" "secretBag" +CRLBag B "1.2.840.113549.1.12.10.1.5" "crlBag" +SafeContents B "1.2.840.113549.1.12.10.1.6" "safeContentsBag" + +# PKCS#9 Attributes - see master list in x509sat.cnf +PFX B "2.16.840.1.113730.3.1.216" "pkcs-9-at-PKCS12" +EncryptedPrivateKeyInfo B "1.2.840.113549.1.9.25.2" "pkcs-9-at-encryptedPrivateKeyInfo" + +# Password Based Encryption +PBEParameter B "1.2.840.113549.1.12.1.1" "pbeWithSHAAnd128BitRC4" +PBEParameter B "1.2.840.113549.1.12.1.2" "pbeWithSHAAnd40BitRC4" +PBEParameter B "1.2.840.113549.1.12.1.3" "pbeWithSHAAnd3-KeyTripleDES-CBC" +PBEParameter B "1.2.840.113549.1.12.1.4" "pbeWithSHAAnd2-KeyTripleDES-CBC" +PBEParameter B "1.2.840.113549.1.12.1.5" "pbeWithSHAAnd128BitRC2-CBC" +PBEParameter B "1.2.840.113549.1.12.1.6" "pbeWithSHAAnd128BitRC2-CBC" + +PBEParameter B "1.2.840.113549.1.5.1" "pbeWithMD2AndDES-CBC" +PBEParameter B "1.2.840.113549.1.5.3" "pbeWithMD5AndDES-CBC" +PBEParameter B "1.2.840.113549.1.5.4" "pbeWithMD2AndRC2-CBC" +PBEParameter B "1.2.840.113549.1.5.6" "pbeWithMD5AndRC2-CBC" +PBEParameter B "1.2.840.113549.1.5.10" "pbeWithSHA1AndDES-CBC" +PBEParameter B "1.2.840.113549.1.5.11" "pbeWithSHA1AndRC2-CBC" + +PBKDF2Params B "1.2.840.113549.1.5.12" "id-PBKDF2" +PBES2Params B "1.2.840.113549.1.5.13" "id-PBES2" +PBMAC1Params B "1.2.840.113549.1.5.14" "id-PBMAC1" + +#.NO_EMIT + +#.TYPE_RENAME + +#.FIELD_RENAME +PrivateKeyInfo/version privateKeyVersion +PBKDF2Params/salt saltChoice + +#.PDU +AuthenticatedSafe + +#.FN_BODY PFX + dissector_handle_t dissector_handle; + + /* we change the CMS id-data dissector to dissect as AuthenticatedSafe + not sure why PKCS#12 couldn't have used its own content type OID for AuthenticatedSafe */ + dissector_handle=create_dissector_handle(dissect_AuthenticatedSafe_OCTETSTRING_PDU, proto_pkcs12); + dissector_change_string("ber.oid", "1.2.840.113549.1.7.1", dissector_handle); + + %(DEFAULT_BODY)s + + /* restore the original dissector */ + dissector_reset_string("ber.oid", "1.2.840.113549.1.7.1"); + +#.FN_BODY AuthenticatedSafe + dissector_handle_t dissector_handle; + + /* we change the CMS id-data dissector to dissect as SafeContents */ + dissector_handle=create_dissector_handle(dissect_SafeContents_OCTETSTRING_PDU, proto_pkcs12); + dissector_change_string("ber.oid", "1.2.840.113549.1.7.1", dissector_handle); + + %(DEFAULT_BODY)s + + /* restore the original dissector */ + dissector_reset_string("ber.oid", "1.2.840.113549.1.7.1"); + +#.FN_PARS OBJECT_IDENTIFIER + FN_VARIANT = _str VAL_PTR = &object_identifier_id + +#.FN_BODY OBJECT_IDENTIFIER + const char *name = NULL; + + %(DEFAULT_BODY)s + + name = get_oid_str_name(object_identifier_id); + proto_item_append_text(tree, " (%%s)", name ? name : object_identifier_id); + +#.FN_BODY T_bagValue + if(object_identifier_id) + offset = call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree); + +#.FN_BODY T_attrValues_item + if(object_identifier_id) + offset = call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree); + +#.FN_BODY T_certValue + if(object_identifier_id) + offset = call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree); + +#.FN_BODY T_crlValue + if(object_identifier_id) + offset = call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree); + +#.FN_BODY T_secretValue + if(object_identifier_id) + offset = call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree); + +#.END + + diff --git a/asn1/x509sat/x509sat-exp.cnf b/asn1/x509sat/x509sat-exp.cnf index 9be756f641..6def1c478d 100644 --- a/asn1/x509sat/x509sat-exp.cnf +++ b/asn1/x509sat/x509sat-exp.cnf @@ -1,6 +1,6 @@ # Do not modify this file. # It is created automatically by the ASN.1 to Wireshark dissector compiler -# .\x509sat-exp.cnf +# ./x509sat-exp.cnf # ../../tools/asn2wrs.py -b -e -p x509sat -c x509sat.cnf -s packet-x509sat-template SelectedAttributeTypes.asn #.MODULE diff --git a/asn1/x509sat/x509sat.cnf b/asn1/x509sat/x509sat.cnf index 8424ff7ba8..d3a8b2c9ed 100644 --- a/asn1/x509sat/x509sat.cnf +++ b/asn1/x509sat/x509sat.cnf @@ -233,6 +233,34 @@ DirectoryString B "2.16.840.1.101.2.2.1.143" "id-at-adminConversion" SyntaxPrintableString B "2.16.840.1.101.2.2.1.144" "id-at-tCCG" DirectoryString B "2.16.840.1.101.2.2.1.145" "id-at-usdConversion" +# PKCS#9 + +SyntaxIA5String B "1.2.840.113549.1.9.1" "pkcs-9-at-emailAddress" +#PKCS9String B "1.2.840.113549.1.9.2" "pkcs-9-at-unstructuredName" - TBD +#ContentType B "1.2.840.113549.1.9.3" "pkcs-9-at-contentType" - see cms.cnf +#MessageDigest B "1.2.840.113549.1.9.4" "pkcs-9-at-messageDigest" - see cms.cnf +#SigningTime B "1.2.840.113549.1.9.5" "pkcs-9-at-signingTime" - see cms.cnf +#Countersignature B "1.2.840.113549.1.9.6" "pkcs-9-at-counterSignature" - see cms.cnf +DirectoryString B "1.2.840.113549.1.9.7" "pkcs-9-at-challengePassword" +DirectoryString B "1.2.840.113549.1.9.8" "pkcs-9-at-unstructuredAddress" +#SETOFAttribute B "1.2.840.113549.1.9.9" "pkcs-9-at-extendedCertificateAttributes" - TBD +DirectoryString B "1.2.840.113549.1.9.13" "pkcs-9-at-signingDescription" +#ExtensionRequest B "1.2.840.113549.1.9.14" "pkcs-9-at-extensionRequest" - TBD +#SMIMECapabiliaties B "1.2.840.113549.1.9.15" "pkcs-9-at-smimeCapabilities" - TBD +SyntaxBMPString B "1.2.840.113549.1.9.20" "pkcs-9-at-friendlyName" +OctetString B "1.2.840.113549.1.9.21" "pkcs-9-at-localKeyId" +#PFX B "2.16.840.1.113730.3.1.216" "pkcs-9-at-PKCS12" - see pkcs12.cnf +#PKCS15Token B "1.2.840.113549.1.9.25.1" "pkcs-9-at-pkcs15Token" - TBD +#EncryptedPrivateKeyInfo B "1.2.840.113549.1.9.25.2" "pkcs-9-at-encryptedPrivateKeyInfo" - see pkcs12.cnf +OctetString B "1.2.840.113549.1.9.25.3" "pkcs-9-at-randomNonce" # move to PKCS#9 when defined +Integer B "1.2.840.113549.1.9.25.4" "pkcs-9-at-sequenceNumber" # move to PKCS#9 when defined +#ContentInfo B "1.2.840.113549.1.9.25.5" "pkcs-9-at-pkcs7PDU" - TBD - not the same as CMS ContentInfo + +SyntaxGeneralizedTime B "1.3.6.1.5.5.7.9.1" "pkcs-9-at-dateOfBirth" +DirectoryString B "1.3.6.1.5.5.7.9.2" "pkcs-9-at-placeOfBirth" +SyntaxPrintableString B "1.3.6.1.5.5.7.9.3" "pkcs-9-at-gender" +SyntaxPrintableString B "1.3.6.1.5.5.7.9.4" "pkcs-9-at-countryOfCitizenship" +SyntaxPrintableString B "1.3.6.1.5.5.7.9.5" "pkcs-9-at-countryOfResidence" #.NO_EMIT |