New "protocol" the support functions from RFC2511 Certificate Request Message Format CRMF

svn path=/trunk/; revision=12825

asn1/pkixcrmf/CRMF.asn

@@ -0,0 +1,287 @@
+-- This ASN1 definition is taken from RFC2511 and modified to pass through 
+-- the ASN2ETH compiler.
+-- 
+-- The copyright statement from the original description in RFC2511
+-- follows below:
+-- 
+-- 
+-- Full Copyright Statement
+-- 
+--    Copyright (C) The Internet Society (1999).  All Rights Reserved.
+-- 
+--    This document and translations of it may be copied and furnished to
+--    others, and derivative works that comment on or otherwise explain it
+--    or assist in its implementation may be prepared, copied, published
+--    and distributed, in whole or in part, without restriction of any
+--    kind, provided that the above copyright notice and this paragraph are
+--    included on all such copies and derivative works.  However, this
+--    document itself may not be modified in any way, such as by removing
+--    the copyright notice or references to the Internet Society or other
+--    Internet organizations, except as needed for the purpose of
+--    developing Internet standards in which case the procedures for
+--    copyrights defined in the Internet Standards process must be
+--    followed, or as required to translate it into languages other than
+--    English.
+-- 
+--    The limited permissions granted above are perpetual and will not be
+--    revoked by the Internet Society or its successors or assigns.
+-- 
+--    This document and the information contained herein is provided on an
+--    "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+--    TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+--    BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+--    HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+--    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+--PKIXCRMF {iso(1) identified-organization(3) dod(6) internet(1)
+--   security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-crmf(5)}
+
+CRMF DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+IMPORTS
+     -- Directory Authentication Framework (X.509)
+        AlgorithmIdentifier, Name,
+        SubjectPublicKeyInfo, Extensions
+           FROM PKIX1Explicit88 {iso(1) identified-organization(3) dod(6)
+               internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+               id-pkix1-explicit-88(1)}
+
+     -- Certificate Extensions (X.509)
+        GeneralName
+           FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6)
+                  internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+                  id-pkix1-implicit-88(2)}
+
+     -- Cryptographic Message Syntax
+        EnvelopedData
+           FROM CryptographicMessageSyntax { iso(1) member-body(2)
+                us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+                modules(0) cms(1) };
+
+
+--copied in from pkix1explicit
+Version                 ::=  INTEGER { v1(0), v2(1), v3(2) }
+UniqueIdentifier        ::=  BIT STRING
+Time ::= CHOICE {
+        utcTime         UTCTime,
+        generalTime             GeneralizedTime }
+
+
+
+CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
+
+CertReqMsg ::= SEQUENCE {
+    certReq   CertRequest,
+    pop       ProofOfPossession  OPTIONAL,
+    -- content depends upon key type
+    regInfo   SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL }
+
+CertRequest ::= SEQUENCE {
+    certReqId     INTEGER,          -- ID for matching request and reply
+    certTemplate  CertTemplate,  -- Selected fields of cert to be issued
+    controls      Controls OPTIONAL }   -- Attributes affecting issuance
+
+CertTemplate ::= SEQUENCE {
+    version      [0] Version               OPTIONAL,
+    serialNumber [1] INTEGER               OPTIONAL,
+    signingAlg   [2] AlgorithmIdentifier   OPTIONAL,
+    issuer       [3] Name                  OPTIONAL,
+    validity     [4] OptionalValidity      OPTIONAL,
+    subject      [5] Name                  OPTIONAL,
+    publicKey    [6] SubjectPublicKeyInfo  OPTIONAL,
+    issuerUID    [7] UniqueIdentifier      OPTIONAL,
+    subjectUID   [8] UniqueIdentifier      OPTIONAL,
+    extensions   [9] Extensions            OPTIONAL }
+
+OptionalValidity ::= SEQUENCE {
+    notBefore  [0] Time OPTIONAL,
+    notAfter   [1] Time OPTIONAL } --at least one MUST be present
+
+Controls  ::= SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue
+
+AttributeTypeAndValue ::= SEQUENCE {
+    type         OBJECT IDENTIFIER,
+    value        ANY }
+
+ProofOfPossession ::= CHOICE {
+    raVerified        [0] NULL,
+    -- used if the RA has already verified that the requester is in
+    -- possession of the private key
+    signature         [1] POPOSigningKey,
+    keyEncipherment   [2] POPOPrivKey,
+    keyAgreement      [3] POPOPrivKey }
+
+POPOSigningKey ::= SEQUENCE {
+    poposkInput           [0] POPOSigningKeyInput OPTIONAL,
+    algorithmIdentifier   AlgorithmIdentifier,
+    signature             BIT STRING }
+    -- The signature (using "algorithmIdentifier") is on the
+    -- DER-encoded value of poposkInput.  NOTE: If the CertReqMsg
+    -- certReq CertTemplate contains the subject and publicKey values,
+    -- then poposkInput MUST be omitted and the signature MUST be
+    -- computed on the DER-encoded value of CertReqMsg certReq.  If
+    -- the CertReqMsg certReq CertTemplate does not contain the public
+    -- key and subject values, then poposkInput MUST be present and
+    -- MUST be signed.  This strategy ensures that the public key is
+    -- not present in both the poposkInput and CertReqMsg certReq
+    -- CertTemplate fields.
+
+POPOSigningKeyInput ::= SEQUENCE {
+    authInfo            CHOICE {
+        sender              [0] GeneralName,
+        -- used only if an authenticated identity has been
+        -- established for the sender (e.g., a DN from a
+        -- previously-issued and currently-valid certificate
+        publicKeyMAC        PKMACValue },
+        -- used if no authenticated GeneralName currently exists for
+        -- the sender; publicKeyMAC contains a password-based MAC
+        -- on the DER-encoded value of publicKey
+    publicKey           SubjectPublicKeyInfo }  -- from CertTemplate
+
+PKMACValue ::= SEQUENCE {
+   algId  AlgorithmIdentifier,
+   -- algorithm value shall be PasswordBasedMac {1 2 840 113533 7 66 13}
+   -- parameter value is PBMParameter
+   value  BIT STRING }
+
+PBMParameter ::= SEQUENCE {
+      salt                OCTET STRING,
+      owf                 AlgorithmIdentifier,
+      -- AlgId for a One-Way Function (SHA-1 recommended)
+      iterationCount      INTEGER,
+      -- number of times the OWF is applied
+      mac                 AlgorithmIdentifier
+      -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
+}   -- or HMAC [RFC2104, RFC2202])
+
+POPOPrivKey ::= CHOICE {
+    thisMessage       [0] BIT STRING,
+    -- posession is proven in this message (which contains the private
+    -- key itself (encrypted for the CA))
+    subsequentMessage [1] SubsequentMessage,
+    -- possession will be proven in a subsequent message
+    dhMAC             [2] BIT STRING }
+    -- for keyAgreement (only), possession is proven in this message
+    -- (which contains a MAC (over the DER-encoded value of the
+    -- certReq parameter in CertReqMsg, which MUST include both subject
+    -- and publicKey) based on a key derived from the end entity's
+    -- private DH key and the CA's public DH key);
+    -- the dhMAC value MUST be calculated as per the directions given
+    -- in Appendix A.
+
+SubsequentMessage ::= INTEGER {
+    encrCert (0),
+    -- requests that resulting certificate be encrypted for the
+    -- end entity (following which, POP will be proven in a
+    -- confirmation message)
+    challengeResp (1) }
+    -- requests that CA engage in challenge-response exchange with
+    -- end entity in order to prove private key possession
+
+-- Object identifier assignments --
+
+id-pkix  OBJECT IDENTIFIER  ::= { iso(1) identified-organization(3)
+dod(6) internet(1) security(5) mechanisms(5) 7 }
+
+-- arc for Internet X.509 PKI protocols and their components
+id-pkip  OBJECT IDENTIFIER ::= { id-pkix 5 }
+
+-- Registration Controls in CRMF
+id-regCtrl OBJECT IDENTIFIER ::= { id-pkip 1 }
+
+-- The following definition may be uncommented for use with
+-- ASN.1 compilers which do not understand UTF8String.
+
+-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
+
+id-regCtrl-regToken OBJECT IDENTIFIER ::= { id-regCtrl 1 }
+--with syntax:
+RegToken ::= UTF8String
+
+id-regCtrl-authenticator OBJECT IDENTIFIER ::= { id-regCtrl 2 }
+--with syntax:
+Authenticator ::= UTF8String
+
+id-regCtrl-pkiPublicationInfo OBJECT IDENTIFIER ::= { id-regCtrl 3 }
+--with syntax:
+
+PKIPublicationInfo ::= SEQUENCE {
+   action     INTEGER {
+                dontPublish (0),
+                pleasePublish (1) },
+   pubInfos  SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
+     -- pubInfos MUST NOT be present if action is "dontPublish"
+     -- (if action is "pleasePublish" and pubInfos is omitted,
+     -- "dontCare" is assumed)
+
+SinglePubInfo ::= SEQUENCE {
+    pubMethod    INTEGER {
+        dontCare    (0),
+        x500        (1),
+        web         (2),
+        ldap        (3) },
+    pubLocation  GeneralName OPTIONAL }
+
+id-regCtrl-pkiArchiveOptions     OBJECT IDENTIFIER ::= { id-regCtrl 4 }
+--with syntax:
+PKIArchiveOptions ::= CHOICE {
+    encryptedPrivKey     [0] EncryptedKey,
+    -- the actual value of the private key
+    keyGenParameters     [1] KeyGenParameters,
+    -- parameters which allow the private key to be re-generated
+    archiveRemGenPrivKey [2] BOOLEAN }
+    -- set to TRUE if sender wishes receiver to archive the private
+    -- key of a key pair which the receiver generates in response to
+    -- this request; set to FALSE if no archival is desired.
+
+EncryptedKey ::= CHOICE {
+    encryptedValue        EncryptedValue,
+    envelopedData     [0] EnvelopedData }
+    -- The encrypted private key MUST be placed in the envelopedData
+    -- encryptedContentInfo encryptedContent OCTET STRING.
+
+
+EncryptedValue ::= SEQUENCE {
+    intendedAlg   [0] AlgorithmIdentifier  OPTIONAL,
+    -- the intended algorithm for which the value will be used
+    symmAlg       [1] AlgorithmIdentifier  OPTIONAL,
+    -- the symmetric algorithm used to encrypt the value
+    encSymmKey    [2] BIT STRING           OPTIONAL,
+    -- the (encrypted) symmetric key used to encrypt the value
+    keyAlg        [3] AlgorithmIdentifier  OPTIONAL,
+    -- algorithm used to encrypt the symmetric key
+    valueHint     [4] OCTET STRING         OPTIONAL,
+    -- a brief description or identifier of the encValue content
+    -- (may be meaningful only to the sending entity, and used only
+    -- if EncryptedValue might be re-examined by the sending entity
+    -- in the future)
+    encValue       BIT STRING }
+    -- the encrypted value itself
+
+KeyGenParameters ::= OCTET STRING
+
+id-regCtrl-oldCertID          OBJECT IDENTIFIER ::= { id-regCtrl 5 }
+--with syntax:
+OldCertId ::= CertId
+
+CertId ::= SEQUENCE {
+    issuer           GeneralName,
+    serialNumber     INTEGER }
+
+id-regCtrl-protocolEncrKey    OBJECT IDENTIFIER ::= { id-regCtrl 6 }
+--with syntax:
+ProtocolEncrKey ::= SubjectPublicKeyInfo
+
+-- Registration Info in CRMF
+id-regInfo OBJECT IDENTIFIER ::= { id-pkip 2 }
+
+id-regInfo-utf8Pairs    OBJECT IDENTIFIER ::= { id-regInfo 1 }
+--with syntax
+UTF8Pairs ::= UTF8String
+
+id-regInfo-certReq       OBJECT IDENTIFIER ::= { id-regInfo 2 }
+--with syntax
+CertReq ::= CertRequest
+
+END

asn1/pkixcrmf/Makefile

@@ -0,0 +1,5 @@
+
+../../epan/dissectors/packet-crmf.c : ../../tools/asn2eth.py CRMF.asn packet-crmf-template.c packet-crmf-template.h crmf.cnf 
+	python ../../tools/asn2eth.py -X -b -e -p crmf -c crmf.cnf -s packet-crmf-template CRMF.asn
+	cp packet-crmf.* ../../epan/dissectors
+

asn1/pkixcrmf/crmf-exp.cnf

@@ -0,0 +1,60 @@
+#.IMPORT_TAG
+CertReqMessages          BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+CertReqMsg               BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+CertRequest              BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+CertTemplate             BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+OptionalValidity         BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+Controls                 BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+AttributeTypeAndValue    BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+ProofOfPossession        BER_CLASS_CON -1/*choice*/
+POPOSigningKey           BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+POPOSigningKeyInput      BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+PKMACValue               BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+PBMParameter             BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+POPOPrivKey              BER_CLASS_CON -1/*choice*/
+SubsequentMessage        BER_CLASS_UNI BER_UNI_TAG_INTEGER
+RegToken                 BER_CLASS_UNI BER_UNI_TAG_UTF8String
+Authenticator            BER_CLASS_UNI BER_UNI_TAG_UTF8String
+PKIPublicationInfo       BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+SinglePubInfo            BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+PKIArchiveOptions        BER_CLASS_CON -1/*choice*/
+EncryptedKey             -1/*choice*/ -1/*choice*/
+EncryptedValue           BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+KeyGenParameters         BER_CLASS_UNI BER_UNI_TAG_OCTETSTRING
+OldCertId                BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+CertId                   BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+ProtocolEncrKey          BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+UTF8Pairs                BER_CLASS_UNI BER_UNI_TAG_UTF8String
+CertReq                  BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+#.END
+
+#.TYPE_ATTR
+CertReqMessages          TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+CertReqMsg               TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+CertRequest              TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+CertTemplate             TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+OptionalValidity         TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+Controls                 TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+AttributeTypeAndValue    TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+ProofOfPossession        TYPE = FT_UINT32  DISPLAY = BASE_DEC   STRINGS = VALS(ProofOfPossession_vals)  BITMASK = 0
+POPOSigningKey           TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+POPOSigningKeyInput      TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+PKMACValue               TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+PBMParameter             TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+POPOPrivKey              TYPE = FT_UINT32  DISPLAY = BASE_DEC   STRINGS = VALS(POPOPrivKey_vals)  BITMASK = 0
+SubsequentMessage        TYPE = FT_INT32   DISPLAY = BASE_DEC   STRINGS = VALS(SubsequentMessage_vals)  BITMASK = 0
+RegToken                 TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+Authenticator            TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+PKIPublicationInfo       TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+SinglePubInfo            TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+PKIArchiveOptions        TYPE = FT_UINT32  DISPLAY = BASE_DEC   STRINGS = VALS(PKIArchiveOptions_vals)  BITMASK = 0
+EncryptedKey             TYPE = FT_UINT32  DISPLAY = BASE_DEC   STRINGS = VALS(EncryptedKey_vals)  BITMASK = 0
+EncryptedValue           TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+KeyGenParameters         TYPE = FT_BYTES   DISPLAY = BASE_HEX   STRINGS = NULL  BITMASK = 0
+OldCertId                TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+CertId                   TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+ProtocolEncrKey          TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+UTF8Pairs                TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+CertReq                  TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
+#.END
+

asn1/pkixcrmf/crmf.cnf

@@ -0,0 +1,64 @@
+# CRMF.cnf
+# CRMF conformation file
+
+# $Id: cmrf.cnf 12740 2004-12-13 08:15:34Z sahlberg $
+
+#.MODULE_IMPORT
+CryptographicMessageSyntax cms
+PKIX1Explicit88	pkix1explicit
+PKIX1Implicit88	pkix1implicit
+		
+#.INCLUDE ../cms/cms-exp.cnf
+#.INCLUDE ../pkix1explicit/pkix1explicit_exp.cnf
+#.INCLUDE ../pkix1implicit/pkix1implicit_exp.cnf
+
+#.EXPORTS
+Authenticator
+AttributeTypeAndValue
+CertId
+CertReq
+CertReqMessages
+CertReqMsg
+CertRequest
+CertTemplate
+Controls
+EncryptedKey
+EncryptedValue
+KeyGenParameters
+OldCertId
+OptionalValidity
+PBMParameter
+PKIArchiveOptions
+PKIPublicationInfo
+PKMACValue
+POPOPrivKey
+POPOSigningKey
+POPOSigningKeyInput
+ProofOfPossession
+ProtocolEncrKey
+RegToken
+SinglePubInfo
+SubsequentMessage
+UTF8Pairs
+
+#.REGISTER
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+
+#.FIELD_RENAME
+CertTemplate/issuer		template_issuer
+POPOSigningKey/signature	sk_signature
+PKMACValue/value		pkmac_value
+
+#.FN_BODY AttributeTypeAndValue/type
+  offset = dissect_ber_object_identifier(FALSE, pinfo, tree, tvb, offset,
+                                         hf_crmf_type_oid, object_identifier_id);
+
+#.FN_BODY AttributeTypeAndValue/value
+  offset=call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree);
+
+#.END
+
+

asn1/pkixcrmf/packet-crmf-template.c

@@ -0,0 +1,91 @@
+/* packet-crmf.c
+ * Routines for RFC2511 Certificate Request Message Format packet dissection
+ *   Ronnie Sahlberg 2004
+ *
+ * $Id: packet-crmf-template.c 12740 2004-12-13 08:15:34Z sahlberg $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <glib.h>
+#include <epan/packet.h>
+#include <epan/conversation.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include "packet-ber.h"
+#include "packet-crmf.h"
+#include "packet-cms.h"
+#include "packet-pkix1explicit.h"
+#include "packet-pkix1implicit.h"
+
+#define PNAME  "Certificate Request Message Format"
+#define PSNAME "CRMF"
+#define PFNAME "crmf"
+
+/* Initialize the protocol and registered fields */
+int proto_crmf = -1;
+static int hf_crmf_type_oid = -1;
+#include "packet-crmf-hf.c"
+
+/* Initialize the subtree pointers */
+#include "packet-crmf-ett.c"
+
+static char object_identifier_id[64]; /*64 chars should be long enough? */
+
+#include "packet-crmf-fn.c"
+
+
+/*--- proto_register_crmf ----------------------------------------------*/
+void proto_register_crmf(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] = {
+    { &hf_crmf_type_oid,
+      { "Type", "crmf.type.oid",
+        FT_STRING, BASE_NONE, NULL, 0,
+        "Type of AttributeTypeAndValue", HFILL }},
+#include "packet-crmf-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+#include "packet-crmf-ettarr.c"
+  };
+
+  /* Register protocol */
+  proto_crmf = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_crmf, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+}
+
+
+/*--- proto_reg_handoff_crmf -------------------------------------------*/
+void proto_reg_handoff_crmf(void) {
+/*#include "packet-crmf-dis-tab.c"*/
+}
+

asn1/pkixcrmf/packet-crmf-template.h

@@ -0,0 +1,32 @@
+/* packet-crmf.h
+ * Routines for RFC2511 Certificate Request Message Format packet dissection
+ *   Ronnie Sahlberg 2004
+ *
+ * $Id: packet-crmf-template.h 12573 2004-11-22 03:36:26Z sahlberg $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef PACKET_CRMF_H
+#define PACKET_CRMF_H
+
+#include "packet-crmf-exp.h"
+
+#endif  /* PACKET_CRMF_H */
+

epan/dissectors/Makefile.common

@@ -112,6 +112,7 @@ DISSECTOR_SRC =	\
 	packet-cosine.c	\
 	packet-cpfi.c	\
 	packet-cpha.c	\
+	packet-crmf.c	\
 	packet-cups.c	\
 	packet-daap.c	\
 	packet-data.c	\
@@ -576,6 +577,7 @@ DISSECTOR_INCLUDES =	\
 	packet-clip.h	\
 	packet-cmip.h \
 	packet-cms.h	\
+	packet-crmf.h	\
 	packet-data.h	\
 	packet-dccp.h	\
 	packet-dcerpc-atsvc.h	\

epan/dissectors/packet-crmf.h

@@ -0,0 +1,76 @@
+/* Do not modify this file.                                                   */
+/* It is created automatically by the ASN.1 to Ethereal dissector compiler    */
+/* ./packet-crmf.h                                                            */
+/* ../../tools/asn2eth.py -X -b -e -p crmf -c crmf.cnf -s packet-crmf-template CRMF.asn */
+
+/* Input file: packet-crmf-template.h */
+
+/* packet-crmf.h
+ * Routines for RFC2511 Certificate Request Message Format packet dissection
+ *   Ronnie Sahlberg 2004
+ *
+ * $Id: packet-crmf-template.h 12573 2004-11-22 03:36:26Z sahlberg $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef PACKET_CRMF_H
+#define PACKET_CRMF_H
+
+
+/*--- Included file: packet-crmf-exp.h ---*/
+
+extern const value_string ProofOfPossession_vals[];
+extern const value_string POPOPrivKey_vals[];
+extern const value_string SubsequentMessage_vals[];
+extern const value_string PKIArchiveOptions_vals[];
+extern const value_string EncryptedKey_vals[];
+int dissect_crmf_CertReqMessages(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_CertReqMsg(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_CertRequest(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_CertTemplate(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_OptionalValidity(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_Controls(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_AttributeTypeAndValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_ProofOfPossession(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_POPOSigningKey(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_POPOSigningKeyInput(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_PKMACValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_PBMParameter(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_POPOPrivKey(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_SubsequentMessage(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_RegToken(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_Authenticator(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_PKIPublicationInfo(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_SinglePubInfo(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_PKIArchiveOptions(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_EncryptedKey(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_EncryptedValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_KeyGenParameters(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_OldCertId(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_CertId(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_ProtocolEncrKey(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_UTF8Pairs(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+int dissect_crmf_CertReq(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
+
+/*--- End of included file: packet-crmf-exp.h ---*/
+
+
+#endif  /* PACKET_CRMF_H */
+