scapy icon indicating copy to clipboard operation
scapy copied to clipboard
verified publisher icon secdev

Spacy failed to parse a certificate

Open eldadcool opened this issue 1 year ago • 0 comments

Brief description

In the TLS workshop in ScapyCon scapy failed to parse a certificate I download from the browser. the certificate was constructed by my company vpn provider (Cato Networks)

It seems the issue was in an unsupported string type for the authority description part

Scapy version

2.6.0rc2.dev2

Python version

3.10.11 64-bit

Operating system

Windows 11

Additional environment information

No response

How to reproduce

Attempt to parse the provided example certificate using scapy:

load_layer("tls")
Cert(cert_path="example_cert.pem")

Actual result

load_layer("tls")
Cert(cert_path="example_cert.pem")

BER_BadTag_Decoding_Error                 Traceback (most recent call last)
File ~\work\Training\Scapycon_TSL_workshop\pyenv\lib\site-packages\scapy\layers\tls\cert.py:675, in _CertMaker.__call__(cls, cert_path)
    674 try:
--> 675     cert = X509_Cert(obj.der)
    676 except Exception:

File ~\work\Training\Scapycon_TSL_workshop\pyenv\lib\site-packages\scapy\base_classes.py:481, in Packet_metaclass.__call__(cls, *args, **kargs)
    475 i = cls.__new__(
    476     cls,  # type: ignore
    477     cls.__name__,
    478     cls.__bases__,
    479     cls.__dict__  # type: ignore
    480 )
--> 481 i.__init__(*args, **kargs)
    482 return i

File ~\work\Training\Scapycon_TSL_workshop\pyenv\lib\site-packages\scapy\packet.py:186, in Packet.__init__(self, _pkt, post_transform, _internal, _underlayer, _parent, stop_dissection_after, **fields)
    185 if _pkt:
--> 186     self.dissect(_pkt)
    187     if not _internal:

File ~\work\Training\Scapycon_TSL_workshop\pyenv\lib\site-packages\scapy\packet.py:1084, in Packet.dissect(self, s)     
   1082 s = self.pre_dissect(s)
-> 1084 s = self.do_dissect(s)
   1086 s = self.post_dissect(s)

File ~\work\Training\Scapycon_TSL_workshop\pyenv\lib\site-packages\scapy\asn1packet.py:55, in ASN1_Packet.do_dissect(self, x)
     53 def do_dissect(self, x):
     54     # type: (bytes) -> bytes
---> 55     return self.ASN1_root.dissect(self, x)

File ~\work\Training\Scapycon_TSL_workshop\pyenv\lib\site-packages\scapy\asn1fields.py:502, in ASN1F_SEQUENCE.dissect(self, pkt, s)
    500 def dissect(self, pkt, s):
    501     # type: (Any, bytes) -> bytes
--> 502     _, x = self.m2i(pkt, s)
    503     return x

File ~\work\Training\Scapycon_TSL_workshop\pyenv\lib\site-packages\scapy\asn1fields.py:486, in ASN1F_SEQUENCE.m2i(self, pkt, s)
    485 codec = self.ASN1_tag.get_codec(pkt.ASN1_codec)
--> 486 i, s, remain = codec.check_type_check_len(s)
    487 if len(s) == 0:

File ~\work\Training\Scapycon_TSL_workshop\pyenv\lib\site-packages\scapy\asn1\ber.py:331, in BERcodec_Object.check_type_check_len(cls, s)
    328 @classmethod
    329 def check_type_check_len(cls, s):
    330     # type: (bytes) -> Tuple[int, bytes, bytes]
--> 331     l, s3 = cls.check_type_get_len(s)
    332     if len(s3) < l:

File ~\work\Training\Scapycon_TSL_workshop\pyenv\lib\site-packages\scapy\asn1\ber.py:322, in BERcodec_Object.check_type_get_len(cls, s)
    319 @classmethod
    320 def check_type_get_len(cls, s):
    321     # type: (bytes) -> Tuple[int, bytes]
--> 322     s2 = cls.check_type(s)
    323     if not s2:

File ~\work\Training\Scapycon_TSL_workshop\pyenv\lib\site-packages\scapy\asn1\ber.py:313, in BERcodec_Object.check_type(cls, s)
    312 if not isinstance(tag, int) or cls.tag != tag:
--> 313     raise BER_BadTag_Decoding_Error(
    314         "%s: Got tag [%i/%#x] while expecting %r" %
    315         (cls.__name__, tag, tag, cls.tag), remaining=s
    316     )
    317 return remainder

BER_BadTag_Decoding_Error: BERcodec_SEQUENCE: Got tag [101/0x65] while expecting <ASN1Tag SEQUENCE[48]>
### Already decoded ###
None
### Remaining ###
b'example_cert.pem'

During handling of the above exception, another exception occurred:

Exception                                 Traceback (most recent call last)
Cell In[1], line 2
      1 load_layer("tls")
----> 2 Cert(cert_path="example_cert.pem")

File ~\work\Training\Scapycon_TSL_workshop\pyenv\lib\site-packages\scapy\layers\tls\cert.py:679, in _CertMaker.__call__(cls, cert_path)
    677     if conf.debug_dissector:
    678         raise
--> 679     raise Exception("Unable to import certificate")
    680 obj.import_from_asn1pkt(cert)
    681 return obj

Exception: Unable to import certificate
>>>

Expected result

load_layer("tls")
Cert(cert_path="example_cert.pem")

[X.509 Cert. Subject:/C=US/ST=California/L=Los Gatos/O=Websense, Inc./OU=Websense Triton Advance Protection Endpoint/CN=stackoverflow.com, Issuer:/C=US/ST=CA/L=LG/O=Websense, Inc./OU=Websense Endpoint/CN=Websense Public Primary Certificate Authority/[email protected]/[email protected]]

Related resources

example_cert.pem.txt

eldadcool avatar Sep 20 '24 08:09 eldadcool