Add PKINIT structures for AS-REQ

Author: gpotter2

scapy/asn1/mib.py

@@ -260,6 +260,23 @@ def load_mib(filenames):
     "1.3.14.3.2.29": "sha1RSASign",
 }
 
+#       nist        #
+
+nist_oids = {
+    "2.16.840.1.101.3.4.2.1": "sha256",
+    "2.16.840.1.101.3.4.2.2": "sha384",
+    "2.16.840.1.101.3.4.2.3": "sha512",
+    "2.16.840.1.101.3.4.2.4": "sha224",
+    "2.16.840.1.101.3.4.2.5": "sha512-224",
+    "2.16.840.1.101.3.4.2.6": "sba512-256",
+    "2.16.840.1.101.3.4.2.7": "sha3-224",
+    "2.16.840.1.101.3.4.2.8": "sha3-256",
+    "2.16.840.1.101.3.4.2.9": "sha3-384",
+    "2.16.840.1.101.3.4.2.10": "sha3-512",
+    "2.16.840.1.101.3.4.2.11": "shake128",
+    "2.16.840.1.101.3.4.2.12": "shake256",
+}
+
 #       thawte      #
 
 thawte_oids = {
@@ -477,6 +494,7 @@ def load_mib(filenames):
     "2.5.29.69": "id-ce-holderNameConstraints",
     # [MS-WCCE]
     "1.3.6.1.4.1.311.2.1.14": "CERT_EXTENSIONS",
+    "1.3.6.1.4.1.311.10.3.4": "szOID_EFS_CRYPTO",
     "1.3.6.1.4.1.311.20.2": "ENROLL_CERTTYPE",
     "1.3.6.1.4.1.311.25.1": "NTDS_REPLICATION",
     "1.3.6.1.4.1.311.25.2": "NTDS_CA_SECURITY_EXT",
@@ -566,6 +584,12 @@ def load_mib(filenames):
     "1.2.840.10045.4.3.4": "ecdsa-with-SHA512"
 }
 
+#       ansi-x942       #
+
+x942KeyType_oids = {
+    "1.2.840.10046.2.1": "szOID_ANSI_x942_DH",  # RFC3770 sect 4.1.1
+}
+
 #       elliptic curves       #
 
 ansiX962Curve_oids = {
@@ -678,10 +702,27 @@ def load_mib(filenames):
     '1.3.6.1.4.1.311.2.2.30': 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism',
 }
 
+#      kerberos      #
+
+kerberos_oids = {
+    "1.3.6.1.5.2.3.1": "id-pkinit-authData",
+    "1.3.6.1.5.2.3.2": "id-pkinit-DHKeyData",
+    "1.3.6.1.5.2.3.3": "id-pkinit-rkeyData",
+    "1.3.6.1.5.2.3.4": "id-pkinit-KPClientAuth",
+    "1.3.6.1.5.2.3.5": "id-pkinit-KPKdc",
+    # RFC8363
+    "1.3.6.1.5.2.3.6": "id-pkinit-kdf",
+    "1.3.6.1.5.2.3.6.1": "id-pkinit-kdf-sha1",
+    "1.3.6.1.5.2.3.6.2": "id-pkinit-kdf-sha256",
+    "1.3.6.1.5.2.3.6.3": "id-pkinit-kdf-sha512",
+    "1.3.6.1.5.2.3.6.4": "id-pkinit-kdf-sha384",
+}
+
 
 x509_oids_sets = [
     pkcs1_oids,
     secsig_oids,
+    nist_oids,
     thawte_oids,
     pkcs7_oids,
     pkcs9_oids,
@@ -697,9 +738,11 @@ def load_mib(filenames):
     evPolicy_oids,
     x962KeyType_oids,
     x962Signature_oids,
+    x942KeyType_oids,
     ansiX962Curve_oids,
     certicomCurve_oids,
     gssapi_oids,
+    kerberos_oids,
 ]
 
 x509_oids = {}

scapy/asn1fields.py

@@ -606,6 +606,8 @@ def i2repr(self, pkt, x):
         # type: (ASN1_Packet, _I) -> str
         if self.holds_packets:
             return super(ASN1F_SEQUENCE_OF, self).i2repr(pkt, x)  # type: ignore
+        elif x is None:
+            return "[]"
         else:
             return "[%s]" % ", ".join(
                 self.fld.i2repr(pkt, x) for x in x  # type: ignore
@@ -987,3 +989,32 @@ def any2i(self, pkt, x):
         if hasattr(x, "add_underlayer"):
             x.add_underlayer(pkt)
         return super(ASN1F_STRING_PacketField, self).any2i(pkt, x)
+
+
+class ASN1F_STRING_ENCAPS(ASN1F_STRING_PacketField):
+    """
+    ASN1F_STRING that encapsulates a single ASN1 packet.
+    """
+
+    def __init__(self,
+                 name,  # type: str
+                 default,  # type: Optional[ASN1_Packet]
+                 cls,  # type: Type[ASN1_Packet]
+                 context=None,  # type: Optional[Any]
+                 implicit_tag=None,  # type: Optional[int]
+                 explicit_tag=None,  # type: Optional[int]
+                 ):
+        # type: (...) -> None
+        self.cls = cls
+        super(ASN1F_STRING_ENCAPS, self).__init__(  # type: ignore
+            name,
+            default and bytes(default),
+            context=context,
+            implicit_tag=implicit_tag,
+            explicit_tag=explicit_tag
+        )
+
+    def m2i(self, pkt, s):
+        # type: (ASN1_Packet, bytes) -> Tuple[Optional[ASN1_Packet], bytes]
+        val = super(ASN1F_STRING_ENCAPS, self).m2i(pkt, s)
+        return self.cls(val[0].val, _underlayer=pkt), val[1]

scapy/layers/kerberos.py

@@ -13,6 +13,7 @@
 - Kerberos Pre-Authentication: RFC6113 (FAST)
 - Kerberos Principal Name Canonicalization and Cross-Realm Referrals: RFC6806
 - Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols: RFC3244
+- PKINIT and its extensions: RFC4556, RFC8070, RFC8636 and [MS-PKCA]
 - User to User Kerberos Authentication: draft-ietf-cat-user2user-03
 - Public Key Cryptography Based User-to-User Authentication (PKU2U): draft-zhu-pku2u-09
 - Initial and Pass Through Authentication Using Kerberos V5 (IAKERB):
@@ -59,6 +60,7 @@
 import scapy.asn1.mib  # noqa: F401
 from scapy.asn1.ber import BER_id_dec, BER_Decoding_Error
 from scapy.asn1.asn1 import (
+    ASN1_OID,
     ASN1_BIT_STRING,
     ASN1_BOOLEAN,
     ASN1_Class,
@@ -80,6 +82,7 @@
     ASN1F_SEQUENCE,
     ASN1F_SEQUENCE_OF,
     ASN1F_STRING,
+    ASN1F_STRING_ENCAPS,
     ASN1F_STRING_PacketField,
     ASN1F_enum_INTEGER,
     ASN1F_optional,
@@ -142,7 +145,15 @@
 from scapy.layers.smb import _NV_VERSION
 from scapy.layers.smb2 import STATUS_ERREF
 from scapy.layers.tls.cert import Cert, PrivKey
-from scapy.layers.x509 import X509_AlgorithmIdentifier
+from scapy.layers.x509 import (
+    _CMS_ENCAPSULATED,
+    CMS_ContentInfo,
+    CMS_IssuerAndSerialNumber,
+    CMS_SignedData,
+    X509_AlgorithmIdentifier,
+    X509_DirectoryName,
+    X509_SubjectPublicKeyInfo,
+)
 
 # Redirect exports from RFC3961
 try:
@@ -1193,7 +1204,8 @@ class KrbFastResponse(ASN1_Packet):
 
 _PADATA_CLASSES[136] = (PA_FX_FAST_REQUEST, PA_FX_FAST_REPLY)
 
-# RFC 4556
+
+# RFC 4556 - PKINIT
 
 
 # sect 3.2.1
@@ -1203,21 +1215,36 @@ class ExternalPrincipalIdentifier(ASN1_Packet):
     ASN1_codec = ASN1_Codecs.BER
     ASN1_root = ASN1F_SEQUENCE(
         ASN1F_optional(
-            ASN1F_STRING("subjectName", "", implicit_tag=0xA0),
+            ASN1F_STRING_ENCAPS(
+                "subjectName", None, X509_DirectoryName, implicit_tag=0x80
+            ),
         ),
         ASN1F_optional(
-            ASN1F_STRING("issuerAndSerialNumber", "", implicit_tag=0xA1),
+            ASN1F_STRING_ENCAPS(
+                "issuerAndSerialNumber",
+                None,
+                CMS_IssuerAndSerialNumber,
+                implicit_tag=0x81,
+            ),
         ),
         ASN1F_optional(
-            ASN1F_STRING("subjectKeyIdentifier", "", implicit_tag=0xA2),
+            ASN1F_STRING("subjectKeyIdentifier", "", implicit_tag=0x82),
         ),
     )
 
 
 class PA_PK_AS_REQ(ASN1_Packet):
     ASN1_codec = ASN1_Codecs.BER
     ASN1_root = ASN1F_SEQUENCE(
-        ASN1F_STRING("signedAuthpack", "", implicit_tag=0xA0),
+        ASN1F_STRING_ENCAPS(
+            "signedAuthpack",
+            CMS_ContentInfo(
+                contentType=ASN1_OID("id-signedData"),
+                content=CMS_SignedData(),
+            ),
+            CMS_ContentInfo,
+            implicit_tag=0x80,
+        ),
         ASN1F_optional(
             ASN1F_SEQUENCE_OF(
                 "trustedCertifiers",
@@ -1234,6 +1261,96 @@ class PA_PK_AS_REQ(ASN1_Packet):
 
 _PADATA_CLASSES[16] = PA_PK_AS_REQ
 
+
+# [MS-PKCA] sect 2.2.3
+
+
+class PAChecksum2(ASN1_Packet):
+    ASN1_codec = ASN1_Codecs.BER
+    ASN1_root = ASN1F_SEQUENCE(
+        ASN1F_STRING("checksum", "", explicit_tag=0xA0),
+        ASN1F_PACKET(
+            "algorithmIdentifier",
+            X509_AlgorithmIdentifier(),
+            X509_AlgorithmIdentifier,
+            explicit_tag=0xA1,
+        ),
+    )
+
+
+# still RFC 4556 sect 3.2.1
+
+
+class PKAuthenticator(ASN1_Packet):
+    ASN1_codec = ASN1_Codecs.BER
+    ASN1_root = ASN1F_SEQUENCE(
+        Microseconds("cusec", 0, explicit_tag=0xA0),
+        KerberosTime("ctime", GeneralizedTime(), explicit_tag=0xA1),
+        UInt32("nonce", 0, explicit_tag=0xA2),
+        ASN1F_optional(
+            ASN1F_STRING("paChecksum", "", explicit_tag=0xA3),
+        ),
+        # RFC8070 extension
+        ASN1F_optional(
+            ASN1F_STRING("freshnessToken", "", explicit_tag=0xA4),
+        ),
+        # [MS-PKCA] sect 2.2.3
+        ASN1F_optional(
+            ASN1F_PACKET("paChecksum2", None, PAChecksum2, explicit_tag=0xA5),
+        ),
+    )
+
+
+# RFC8636 sect 6
+
+
+class KDFAlgorithmId(ASN1_Packet):
+    ASN1_codec = ASN1_Codecs.BER
+    ASN1_root = ASN1F_SEQUENCE(
+        ASN1F_OID("kdfId", "", explicit_tag=0xA0),
+    )
+
+
+# still RFC 4556 sect 3.2.1
+
+
+class AuthPack(ASN1_Packet):
+    ASN1_codec = ASN1_Codecs.BER
+    ASN1_root = ASN1F_SEQUENCE(
+        ASN1F_PACKET(
+            "pkAuthenticator",
+            PKAuthenticator(),
+            PKAuthenticator,
+            explicit_tag=0xA0,
+        ),
+        ASN1F_optional(
+            ASN1F_PACKET(
+                "clientPublicValue",
+                X509_SubjectPublicKeyInfo(),
+                X509_SubjectPublicKeyInfo,
+                explicit_tag=0xA1,
+            ),
+        ),
+        ASN1F_optional(
+            ASN1F_SEQUENCE_OF(
+                "supportedCMSTypes",
+                [],
+                X509_AlgorithmIdentifier,
+                explicit_tag=0xA2,
+            ),
+        ),
+        ASN1F_optional(
+            ASN1F_STRING("clientDCNonce", None, explicit_tag=0xA3),
+        ),
+        # RFC8636 extension
+        ASN1F_optional(
+            ASN1F_SEQUENCE_OF("supportedKDFs", None, KDFAlgorithmId, explicit_tag=0xA4),
+        ),
+    )
+
+
+_CMS_ENCAPSULATED["1.3.6.1.5.2.3.1"] = AuthPack
+
 # sect 3.2.3
 
 
@@ -1244,6 +1361,10 @@ class DHRepInfo(ASN1_Packet):
         ASN1F_optional(
             ASN1F_STRING("serverDHNonce", "", explicit_tag=0xA1),
         ),
+        # RFC8636 extension
+        ASN1F_optional(
+            ASN1F_PACKET("kdf", None, KDFAlgorithmId, explicit_tag=0xA2),
+        ),
     )
 
 
@@ -1993,6 +2114,8 @@ class KRB_ERROR(ASN1_Packet):
                     91: "KDC_ERR_MORE_PREAUTH_DATA_REQUIRED",
                     92: "KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET",
                     93: "KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS",
+                    # RFC8636
+                    100: "KDC_ERR_NO_ACCEPTABLE_KDF",
                 },
                 explicit_tag=0xA6,
             ),
@@ -3174,11 +3297,9 @@ def as_req(self):
             if self.x509:
                 # Special PKINIT (RFC4556) factor
                 pafactor = PADATA(
-                    padataType=16,  # PA-PK-AS-REQ
-                    padataValue=PA_PK_AS_REQ(
-                        
-                    )
+                    padataType=16, padataValue=PA_PK_AS_REQ()  # PA-PK-AS-REQ
                 )
+                raise NotImplementedError("PKINIT isn't implemented yet !")
             else:
                 # Key-based factor
 
@@ -3209,7 +3330,7 @@ def as_req(self):
                     ts_key,
                     PA_ENC_TS_ENC(patimestamp=ASN1_GENERALIZED_TIME(now_time)),
                 )
-            
+
             # Insert Pre-Authentication data
             padata.insert(
                 0,