1 /* packet-cmp.c
2 *
3 * Routines for RFC2510 Certificate Management Protocol packet dissection
4 * Ronnie Sahlberg 2004
5 * Updated to RFC4210 CMPv2 and associated "Transport Protocols for CMP" draft
6 * Martin Peylo 2008
7 *
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
11 *
12 * SPDX-License-Identifier: GPL-2.0-or-later
13 */
14
15 #include "config.h"
16
17 #include <epan/packet.h>
18
19 #include <epan/oids.h>
20 #include <epan/asn1.h>
21 #include "packet-ber.h"
22 #include "packet-cmp.h"
23 #include "packet-crmf.h"
24 #include "packet-pkix1explicit.h"
25 #include "packet-pkix1implicit.h"
26 #include "packet-pkcs10.h"
27 #include "packet-tcp.h"
28 #include "packet-http.h"
29 #include <epan/prefs.h>
30
31 #define PNAME "Certificate Management Protocol"
32 #define PSNAME "CMP"
33 #define PFNAME "cmp"
34
35 #define TCP_PORT_CMP 829
36
37 void proto_register_cmp(void);
38
39 /* desegmentation of CMP over TCP */
40 static gboolean cmp_desegment = TRUE;
41
42 static guint cmp_alternate_http_port = 0;
43 static guint cmp_alternate_tcp_style_http_port = 0;
44
45 /* Initialize the protocol and registered fields */
46 static int proto_cmp = -1;
47 static int hf_cmp_type_oid = -1;
48 static int hf_cmp_tcptrans_len = -1;
49 static int hf_cmp_tcptrans_type = -1;
50 static int hf_cmp_tcptrans_poll_ref = -1;
51 static int hf_cmp_tcptrans_next_poll_ref = -1;
52 static int hf_cmp_tcptrans_ttcb = -1;
53 static int hf_cmp_tcptrans10_version = -1;
54 static int hf_cmp_tcptrans10_flags = -1;
55 #include "packet-cmp-hf.c"
56
57 /* Initialize the subtree pointers */
58 static gint ett_cmp = -1;
59 #include "packet-cmp-ett.c"
60 #include "packet-cmp-fn.c"
61
62 static int
dissect_cmp_pdu(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data _U_)63 dissect_cmp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
64 {
65 asn1_ctx_t asn1_ctx;
66 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
67
68 return dissect_cmp_PKIMessage(FALSE, tvb, 0, &asn1_ctx, tree, -1);
69 }
70
71 #define CMP_TYPE_PKIMSG 0
72 #define CMP_TYPE_POLLREP 1
73 #define CMP_TYPE_POLLREQ 2
74 #define CMP_TYPE_NEGPOLLREP 3
75 #define CMP_TYPE_PARTIALMSGREP 4
76 #define CMP_TYPE_FINALMSGREP 5
77 #define CMP_TYPE_ERRORMSGREP 6
78 static const value_string cmp_pdu_types[] = {
79 { CMP_TYPE_PKIMSG, "pkiMsg" },
80 { CMP_TYPE_POLLREP, "pollRep" },
81 { CMP_TYPE_POLLREQ, "pollReq" },
82 { CMP_TYPE_NEGPOLLREP, "negPollRep" },
83 { CMP_TYPE_PARTIALMSGREP, "partialMsgRep" },
84 { CMP_TYPE_FINALMSGREP, "finalMsgRep" },
85 { CMP_TYPE_ERRORMSGREP, "errorMsgRep" },
86 { 0, NULL },
87 };
88
89
dissect_cmp_tcp_pdu(tvbuff_t * tvb,packet_info * pinfo,proto_tree * parent_tree,void * data _U_)90 static int dissect_cmp_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void *data _U_)
91 {
92 tvbuff_t *next_tvb;
93 guint32 pdu_len;
94 guint8 pdu_type;
95 proto_item *item=NULL;
96 proto_item *ti=NULL;
97 proto_tree *tree=NULL;
98 proto_tree *tcptrans_tree=NULL;
99 int offset=0;
100
101 col_set_str(pinfo->cinfo, COL_PROTOCOL, "CMP");
102 col_set_str(pinfo->cinfo, COL_INFO, "PKIXCMP");
103
104 if(parent_tree){
105 item=proto_tree_add_item(parent_tree, proto_cmp, tvb, 0, -1, ENC_NA);
106 tree = proto_item_add_subtree(item, ett_cmp);
107 }
108
109 pdu_len=tvb_get_ntohl(tvb, 0);
110 pdu_type=tvb_get_guint8(tvb, 4);
111
112 if (pdu_type < 10) {
113 /* RFC2510 TCP transport */
114 ti = proto_tree_add_item(tree, proto_cmp, tvb, offset, 5, ENC_NA);
115 tcptrans_tree = proto_item_add_subtree(ti, ett_cmp);
116 proto_tree_add_item(tree, hf_cmp_tcptrans_len, tvb, offset, 4, ENC_BIG_ENDIAN);
117 offset += 4;
118 proto_tree_add_item(tree, hf_cmp_tcptrans_type, tvb, offset++, 1, ENC_BIG_ENDIAN);
119 } else {
120 /* post RFC2510 TCP transport - the former "type" field is now "version" */
121 tcptrans_tree = proto_tree_add_subtree(tree, tvb, offset, 7, ett_cmp, NULL, "TCP transport");
122 pdu_type=tvb_get_guint8(tvb, 6);
123 proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans_len, tvb, offset, 4, ENC_BIG_ENDIAN);
124 offset += 4;
125 proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans10_version, tvb, offset++, 1, ENC_BIG_ENDIAN);
126 proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans10_flags, tvb, offset++, 1, ENC_BIG_ENDIAN);
127 proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans_type, tvb, offset++, 1, ENC_BIG_ENDIAN);
128 }
129
130 col_add_str (pinfo->cinfo, COL_INFO, val_to_str (pdu_type, cmp_pdu_types, "0x%x"));
131
132 switch(pdu_type){
133 case CMP_TYPE_PKIMSG:
134 next_tvb = tvb_new_subset_length_caplen(tvb, offset, tvb_reported_length_remaining(tvb, offset), pdu_len);
135 dissect_cmp_pdu(next_tvb, pinfo, tree, NULL);
136 offset += tvb_reported_length_remaining(tvb, offset);
137 break;
138 case CMP_TYPE_POLLREP:
139 proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans_poll_ref, tvb, offset, 4, ENC_BIG_ENDIAN);
140 offset += 4;
141
142 proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans_ttcb, tvb, offset, 4, ENC_TIME_SECS|ENC_BIG_ENDIAN);
143 offset += 4;
144 break;
145 case CMP_TYPE_POLLREQ:
146 proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans_poll_ref, tvb, offset, 4, ENC_BIG_ENDIAN);
147 offset += 4;
148 break;
149 case CMP_TYPE_NEGPOLLREP:
150 break;
151 case CMP_TYPE_PARTIALMSGREP:
152 proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans_next_poll_ref, tvb, offset, 4, ENC_BIG_ENDIAN);
153 offset += 4;
154
155 proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans_ttcb, tvb, offset, 4, ENC_TIME_SECS|ENC_BIG_ENDIAN);
156 offset += 4;
157
158 next_tvb = tvb_new_subset_length_caplen(tvb, offset, tvb_reported_length_remaining(tvb, offset), pdu_len);
159 dissect_cmp_pdu(next_tvb, pinfo, tree, NULL);
160 offset += tvb_reported_length_remaining(tvb, offset);
161 break;
162 case CMP_TYPE_FINALMSGREP:
163 next_tvb = tvb_new_subset_length_caplen(tvb, offset, tvb_reported_length_remaining(tvb, offset), pdu_len);
164 dissect_cmp_pdu(next_tvb, pinfo, tree, NULL);
165 offset += tvb_reported_length_remaining(tvb, offset);
166 break;
167 case CMP_TYPE_ERRORMSGREP:
168 /*XXX to be added*/
169 break;
170 }
171
172 return offset;
173 }
174
get_cmp_pdu_len(packet_info * pinfo _U_,tvbuff_t * tvb,int offset,void * data _U_)175 static guint get_cmp_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
176 int offset, void *data _U_)
177 {
178 guint32 plen;
179
180 /*
181 * Get the length of the CMP-over-TCP packet.
182 */
183 plen = tvb_get_ntohl(tvb, offset);
184
185 return plen+4;
186 }
187
188
189 /* CMP over TCP: RFC2510 section 5.2 and "Transport Protocols for CMP" draft */
190 static int
dissect_cmp_tcp(tvbuff_t * tvb,packet_info * pinfo,proto_tree * parent_tree,void * data)191 dissect_cmp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void *data)
192 {
193 guint32 pdu_len;
194 guint8 pdu_type;
195 int offset=4; /* RFC2510 TCP transport header length */
196
197 /* only attempt to dissect it as CMP over TCP if we have
198 * at least 5 bytes.
199 */
200 if (!tvb_bytes_exist(tvb, 0, 5)) {
201 return 0;
202 }
203
204 pdu_len=tvb_get_ntohl(tvb, 0);
205 pdu_type=tvb_get_guint8(tvb, 4);
206
207 if(pdu_type == 10) {
208 /* post RFC2510 TCP transport */
209 pdu_type = tvb_get_guint8(tvb, 7);
210 offset = 7; /* post RFC2510 TCP transport header length */
211 /* arbitrary limit: assume a CMP over TCP pdu is never >10000 bytes
212 * in size.
213 * It is definitely at least 3 byte for post RFC2510 TCP transport
214 */
215 if((pdu_len<=2)||(pdu_len>10000)){
216 return 0;
217 }
218 } else {
219 /* RFC2510 TCP transport */
220 /* type is between 0 and 6 */
221 if(pdu_type>6){
222 return 0;
223 }
224 /* arbitrary limit: assume a CMP over TCP pdu is never >10000 bytes
225 * in size.
226 * It is definitely at least 1 byte to accommodate the flags byte
227 */
228 if((pdu_len<=0)||(pdu_len>10000)){
229 return 0;
230 }
231 }
232
233 /* type 0 contains a PKI message and must therefore be >= 3 bytes
234 * long (flags + BER TAG + BER LENGTH
235 */
236 if((pdu_type==0)&&(pdu_len<3)){
237 return 0;
238 }
239
240 tcp_dissect_pdus(tvb, pinfo, parent_tree, cmp_desegment, offset, get_cmp_pdu_len,
241 dissect_cmp_tcp_pdu, data);
242
243 return tvb_captured_length(tvb);
244 }
245
246
247 static int
dissect_cmp_http(tvbuff_t * tvb,packet_info * pinfo,proto_tree * parent_tree,void * data _U_)248 dissect_cmp_http(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void *data _U_)
249 {
250 proto_item *item=NULL;
251 proto_tree *tree=NULL;
252
253 col_set_str(pinfo->cinfo, COL_PROTOCOL, "CMP");
254 col_set_str(pinfo->cinfo, COL_INFO, "PKIXCMP");
255
256 if(parent_tree){
257 item=proto_tree_add_item(parent_tree, proto_cmp, tvb, 0, -1, ENC_NA);
258 tree = proto_item_add_subtree(item, ett_cmp);
259 }
260
261 return dissect_cmp_pdu(tvb, pinfo, tree, NULL);
262 }
263
264
265 /*--- proto_register_cmp ----------------------------------------------*/
proto_register_cmp(void)266 void proto_register_cmp(void) {
267
268 /* List of fields */
269 static hf_register_info hf[] = {
270 { &hf_cmp_type_oid,
271 { "InfoType", "cmp.type.oid",
272 FT_STRING, BASE_NONE, NULL, 0,
273 "Type of InfoTypeAndValue", HFILL }},
274 { &hf_cmp_tcptrans_len,
275 { "Length", "cmp.tcptrans.length",
276 FT_UINT32, BASE_DEC, NULL, 0,
277 "TCP transport Length of PDU in bytes", HFILL }},
278 { &hf_cmp_tcptrans_type,
279 { "Type", "cmp.tcptrans.type",
280 FT_UINT8, BASE_DEC, VALS(cmp_pdu_types), 0,
281 "TCP transport PDU Type", HFILL }},
282 { &hf_cmp_tcptrans_poll_ref,
283 { "Polling Reference", "cmp.tcptrans.poll_ref",
284 FT_UINT32, BASE_HEX, NULL, 0,
285 "TCP transport Polling Reference", HFILL }},
286 { &hf_cmp_tcptrans_next_poll_ref,
287 { "Next Polling Reference", "cmp.tcptrans.next_poll_ref",
288 FT_UINT32, BASE_HEX, NULL, 0,
289 "TCP transport Next Polling Reference", HFILL }},
290 { &hf_cmp_tcptrans_ttcb,
291 { "Time to check Back", "cmp.tcptrans.ttcb",
292 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0,
293 "TCP transport Time to check Back", HFILL }},
294 { &hf_cmp_tcptrans10_version,
295 { "Version", "cmp.tcptrans10.version",
296 FT_UINT8, BASE_DEC, NULL, 0,
297 "TCP transport version", HFILL }},
298 { &hf_cmp_tcptrans10_flags,
299 { "Flags", "cmp.tcptrans10.flags",
300 FT_UINT8, BASE_DEC, NULL, 0,
301 "TCP transport flags", HFILL }},
302 #include "packet-cmp-hfarr.c"
303 };
304
305 /* List of subtrees */
306 static gint *ett[] = {
307 &ett_cmp,
308 #include "packet-cmp-ettarr.c"
309 };
310 module_t *cmp_module;
311
312 /* Register protocol */
313 proto_cmp = proto_register_protocol(PNAME, PSNAME, PFNAME);
314
315 /* Register fields and subtrees */
316 proto_register_field_array(proto_cmp, hf, array_length(hf));
317 proto_register_subtree_array(ett, array_length(ett));
318
319 cmp_module = prefs_register_protocol(proto_cmp, proto_reg_handoff_cmp);
320 prefs_register_bool_preference(cmp_module, "desegment",
321 "Reassemble CMP-over-TCP messages spanning multiple TCP segments",
322 "Whether the CMP-over-TCP dissector should reassemble messages spanning multiple TCP segments. "
323 "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
324 &cmp_desegment);
325
326 prefs_register_uint_preference(cmp_module, "http_alternate_port",
327 "Alternate HTTP port",
328 "Decode this TCP port\'s traffic as CMP-over-HTTP. Set to \"0\" to disable. "
329 "Use this if the Content-Type is not set correctly.",
330 10,
331 &cmp_alternate_http_port);
332
333 prefs_register_uint_preference(cmp_module, "tcp_style_http_alternate_port",
334 "Alternate TCP-style-HTTP port",
335 "Decode this TCP port\'s traffic as TCP-transport-style CMP-over-HTTP. Set to \"0\" to disable. "
336 "Use this if the Content-Type is not set correctly.",
337 10,
338 &cmp_alternate_tcp_style_http_port);
339
340 register_ber_syntax_dissector("PKIMessage", proto_cmp, dissect_cmp_pdu);
341 }
342
343
344 /*--- proto_reg_handoff_cmp -------------------------------------------*/
proto_reg_handoff_cmp(void)345 void proto_reg_handoff_cmp(void) {
346 static gboolean inited = FALSE;
347 static dissector_handle_t cmp_http_handle;
348 static dissector_handle_t cmp_tcp_style_http_handle;
349 static dissector_handle_t cmp_tcp_handle;
350 static guint cmp_alternate_http_port_prev = 0;
351 static guint cmp_alternate_tcp_style_http_port_prev = 0;
352
353 if (!inited) {
354 cmp_http_handle = create_dissector_handle(dissect_cmp_http, proto_cmp);
355 dissector_add_string("media_type", "application/pkixcmp", cmp_http_handle);
356 dissector_add_string("media_type", "application/x-pkixcmp", cmp_http_handle);
357
358 cmp_tcp_style_http_handle = create_dissector_handle(dissect_cmp_tcp_pdu, proto_cmp);
359 dissector_add_string("media_type", "application/pkixcmp-poll", cmp_tcp_style_http_handle);
360 dissector_add_string("media_type", "application/x-pkixcmp-poll", cmp_tcp_style_http_handle);
361
362 cmp_tcp_handle = create_dissector_handle(dissect_cmp_tcp, proto_cmp);
363 dissector_add_uint_with_preference("tcp.port", TCP_PORT_CMP, cmp_tcp_handle);
364
365 oid_add_from_string("Cryptlib-presence-check","1.3.6.1.4.1.3029.3.1.1");
366 oid_add_from_string("Cryptlib-PKIBoot","1.3.6.1.4.1.3029.3.1.2");
367
368 oid_add_from_string("HMAC MD5","1.3.6.1.5.5.8.1.1");
369 oid_add_from_string("HMAC SHA-1","1.3.6.1.5.5.8.1.2");
370 oid_add_from_string("HMAC TIGER","1.3.6.1.5.5.8.1.3");
371 oid_add_from_string("HMAC RIPEMD-160","1.3.6.1.5.5.8.1.4");
372
373 #include "packet-cmp-dis-tab.c"
374 inited = TRUE;
375 }
376
377 /* change alternate HTTP port if changed in the preferences */
378 if (cmp_alternate_http_port != cmp_alternate_http_port_prev) {
379 if (cmp_alternate_http_port_prev != 0) {
380 http_tcp_dissector_delete(cmp_alternate_http_port_prev);
381 }
382 if (cmp_alternate_http_port != 0)
383 http_tcp_dissector_add( cmp_alternate_http_port, cmp_http_handle);
384 cmp_alternate_http_port_prev = cmp_alternate_http_port;
385 }
386
387 /* change alternate TCP-style-HTTP port if changed in the preferences */
388 if (cmp_alternate_tcp_style_http_port != cmp_alternate_tcp_style_http_port_prev) {
389 if (cmp_alternate_tcp_style_http_port_prev != 0) {
390 http_tcp_dissector_delete(cmp_alternate_tcp_style_http_port_prev);
391 }
392 if (cmp_alternate_tcp_style_http_port != 0)
393 http_tcp_dissector_add( cmp_alternate_tcp_style_http_port, cmp_tcp_style_http_handle);
394 cmp_alternate_tcp_style_http_port_prev = cmp_alternate_tcp_style_http_port;
395 }
396
397 }
398
399