summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2008-04-16 13:14:52 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2008-04-16 13:14:52 +0200
commitca6ee8cbd87328c92b8a71d8abf8ffe099056fb5 (patch)
tree77ffb539b693a4667eba39d6724424e97e1cab55
parent1f761fdb5fb2a3b37a6383a8a1491de9f002e2ba (diff)
PhotoRec: add recovery of pfx files holding PKCS#12 keys
-rw-r--r--src/Makefile.am2
-rw-r--r--src/file_pfx.c93
-rw-r--r--src/photorec.c2
3 files changed, 96 insertions, 1 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 49047ca..e931ebb 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -19,7 +19,7 @@ fs_H = analyse.h bfs.h bsd.h cramfs.h fat.h fatx.h ext2.h jfs_superblock.h jfs
testdisk_SOURCES = testdisk.c $(base_C) $(base_H) $(fs_C) $(fs_H) testdisk.h adv.c adv.h dir.c dir.h dirpart.c dirpart.h edit.c edit.h ext2_dir.c ext2_dir.h ext2_inc.h fat_adv.c fat_adv.h fat_dir.c fat_dir.h geometry.c godmode.c godmode.h intrface.c intrface.h ntfs_adv.c ntfs_dir.c ntfs_dir.h ntfs_fix.c ntfs_inc.h rfs_dir.c rfs_dir.h $(ICON_TESTDISK) next.c next.h dimage.c dimage.h
#ntfs_udl.c ntfs_udl.h
-photorec_SOURCES = photorec.c photorec.h phcfg.c phcfg.h phrecn.c phrecn.h dir.c dir.h ext2p.c ext2p.h ext2_dir.c ext2_dir.h ext2_inc.h fat_dir.c fat_dir.h fatp.c fatp.h filegen.c filegen.h file_7z.c file_a.c file_ab.c file_ace.c file_aif.c file_all.c file_asf.c file_au.c file_bkf.c file_bld.c file_bmp.c file_bz2.c file_cab.c file_cam.c file_cm.c file_crw.c file_ctg.c file_cwk.c file_dat.c file_dbf.c file_dim.c file_dir.c file_djv.c file_doc.c file_dpx.c file_dsc.c file_dss.c file_dta.c file_dump.c file_dv.c file_dwg.c file_elf.c file_emf.c file_evt.c file_exe.c pe.h file_ext.c file_fcp.c file_fcs.c file_fh10.c file_fh5.c file_flac.c file_flv.c file_fs.c file_gho.c file_gif.c file_gz.c file_imb.c file_indd.c file_iso.c file_itu.c file_jpg.c file_jpg.h file_kdb.c file_lnk.c file_max.c file_mb.c file_mcd.c file_mdb.c file_mdf.c file_mid.c file_mkv.c file_mov.c file_mp3.c file_mpg.c file_mrw.c file_mus.c file_mysql.c file_njx.c file_ogg.c file_one.c file_orf.c file_pap.c file_pct.c file_pcx.c file_pdf.c file_png.c file_prc.c file_ps.c file_psd.c file_pst.c file_ptb.c file_qbb.c file_qdf.c file_qxd.c file_ra.c file_raf.c file_rar.c file_raw.c file_rdc.c file_reg.c file_res.c file_riff.c file_rm.c file_rns.c file_rpm.c file_sit.c file_skp.c file_spe.c file_spss.c file_stu.c file_swf.c file_tar.c file_tar.h file_tib.c file_tiff.c file_txt.c file_vmdk.c file_wpd.c file_wmf.c file_x3f.c file_xcf.c file_xm.c file_xsv.c file_zip.c memmem.h geometry.c list.c list.h ole.h ntfs_dir.c ntfs_dir.h ntfsp.c ntfsp.h ntfs_inc.h sessionp.c sessionp.h $(base_C) $(base_H) $(fs_C) $(fs_H) $(ICON_PHOTOREC)
+photorec_SOURCES = photorec.c photorec.h phcfg.c phcfg.h phrecn.c phrecn.h dir.c dir.h ext2p.c ext2p.h ext2_dir.c ext2_dir.h ext2_inc.h fat_dir.c fat_dir.h fatp.c fatp.h filegen.c filegen.h file_7z.c file_a.c file_ab.c file_ace.c file_aif.c file_all.c file_asf.c file_au.c file_bkf.c file_bld.c file_bmp.c file_bz2.c file_cab.c file_cam.c file_cm.c file_crw.c file_ctg.c file_cwk.c file_dat.c file_dbf.c file_dim.c file_dir.c file_djv.c file_doc.c file_dpx.c file_dsc.c file_dss.c file_dta.c file_dump.c file_dv.c file_dwg.c file_elf.c file_emf.c file_evt.c file_exe.c pe.h file_ext.c file_fcp.c file_fcs.c file_fh10.c file_fh5.c file_flac.c file_flv.c file_fs.c file_gho.c file_gif.c file_gz.c file_imb.c file_indd.c file_iso.c file_itu.c file_jpg.c file_jpg.h file_kdb.c file_lnk.c file_max.c file_mb.c file_mcd.c file_mdb.c file_mdf.c file_mid.c file_mkv.c file_mov.c file_mp3.c file_mpg.c file_mrw.c file_mus.c file_mysql.c file_njx.c file_ogg.c file_one.c file_orf.c file_pap.c file_pct.c file_pcx.c file_pdf.c file_pfx.c file_png.c file_prc.c file_ps.c file_psd.c file_pst.c file_ptb.c file_qbb.c file_qdf.c file_qxd.c file_ra.c file_raf.c file_rar.c file_raw.c file_rdc.c file_reg.c file_res.c file_riff.c file_rm.c file_rns.c file_rpm.c file_sit.c file_skp.c file_spe.c file_spss.c file_stu.c file_swf.c file_tar.c file_tar.h file_tib.c file_tiff.c file_txt.c file_vmdk.c file_wpd.c file_wmf.c file_x3f.c file_xcf.c file_xm.c file_xsv.c file_zip.c memmem.h geometry.c list.c list.h ole.h ntfs_dir.c ntfs_dir.h ntfsp.c ntfsp.h ntfs_inc.h sessionp.c sessionp.h $(base_C) $(base_H) $(fs_C) $(fs_H) $(ICON_PHOTOREC)
#diskcp_SOURCES = diskcp.c types.h
diff --git a/src/file_pfx.c b/src/file_pfx.c
new file mode 100644
index 0000000..cb92f8b
--- /dev/null
+++ b/src/file_pfx.c
@@ -0,0 +1,93 @@
+/*
+
+ File: file_pfx.c
+
+ Copyright (C) 2008 Christophe GRENIER <grenier@cgsecurity.org>
+
+ This software is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write the Free Software Foundation, Inc., 51
+ Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+#include <stdio.h>
+#include "types.h"
+#include "filegen.h"
+
+static void register_header_check_pfx(file_stat_t *file_stat);
+static int header_check_pfx(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
+
+const file_hint_t file_hint_pfx= {
+ .extension="pfx",
+ .description="PKCS#12 keys",
+ .min_header_distance=0,
+ .max_filesize=PHOTOREC_MAX_FILE_SIZE,
+ .recover=1,
+ .enable_by_default=1,
+ .register_header_check=&register_header_check_pfx
+};
+
+static const unsigned char pfx_header[11]= {
+ 0x06, 0x09,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01
+};
+
+static void register_header_check_pfx(file_stat_t *file_stat)
+{
+ register_header_check(11, pfx_header,sizeof(pfx_header), &header_check_pfx, file_stat);
+}
+
+/* A pfx file are PKCS#12 data encoded following ASN.1 DER
+ *
+ * PKCS #12: Personal Information Exchange Syntax Standard
+ * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf
+ *
+ * For the recovery PhotoRec assumes
+ * - the file is smaller than 65535+4 bytes
+ * - PKCS #7 ContentInfo contentType=data
+ *
+ * 0:d=0 hl=4 l=XXXX cons: SEQUENCE
+ * 30 82 XX XX XXXX + 4 = filesize
+ * 4:d=1 hl=2 l= 1 prim: INTEGER
+ * 02 01 03 version 3
+ * 7:d=1 hl=4 l=XXXX cons: SEQUENCE
+ * 30 82 XX XX
+ * 11:d=2 hl=2 l= 9 prim: OBJECT :pkcs7-data
+ * 06 09 2a 86 48 86 f7 0d 01 07 01
+ * A PKCS #7 ContentInfo, whose contentType is signedData in
+ * public-key integrity mode and data in password integrity mode.
+ * Here, contentType=data
+ */
+
+static int header_check_pfx(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
+{
+ if(buffer[0]==0x30 && buffer[1]==0x82 &&
+ buffer[4]==0x02 && buffer[5]==0x01 && buffer[6]==0x03 &&
+ buffer[7]==0x30 && buffer[8]==0x82 &&
+ memcmp(&buffer[11], pfx_header, sizeof(pfx_header))==0)
+ {
+ reset_file_recovery(file_recovery_new);
+ file_recovery_new->extension=file_hint_pfx.extension;
+ file_recovery_new->calculated_file_size=(((uint64_t)buffer[2])<<8) + (uint64_t)buffer[3] + 4;
+ file_recovery_new->data_check=&data_check_size;
+ file_recovery_new->file_check=&file_check_size;
+ return 1;
+ }
+ return 0;
+}
diff --git a/src/photorec.c b/src/photorec.c
index 56a0da6..b8071e7 100644
--- a/src/photorec.c
+++ b/src/photorec.c
@@ -172,6 +172,7 @@ extern const file_hint_t file_hint_pap;
extern const file_hint_t file_hint_pct;
extern const file_hint_t file_hint_pcx;
extern const file_hint_t file_hint_pdf;
+extern const file_hint_t file_hint_pfx;
extern const file_hint_t file_hint_png;
extern const file_hint_t file_hint_prc;
extern const file_hint_t file_hint_ps;
@@ -855,6 +856,7 @@ int main( int argc, char **argv )
{ .enable=0, .file_hint=&file_hint_pct },
{ .enable=0, .file_hint=&file_hint_pcx },
{ .enable=0, .file_hint=&file_hint_pdf },
+ { .enable=0, .file_hint=&file_hint_pfx },
{ .enable=0, .file_hint=&file_hint_png },
{ .enable=0, .file_hint=&file_hint_prc },
{ .enable=0, .file_hint=&file_hint_ps },