forked from osmocom/wireshark
From Martin Kaiser:
RSASSA-PSS support for X.509 certificates. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6541 svn path=/trunk/; revision=39785
This commit is contained in:
parent
252f3f34b1
commit
1f9b1347d6
|
@ -37,7 +37,8 @@ PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6)
|
|||
pk-rsa |
|
||||
pk-dsa |
|
||||
pk-dh |
|
||||
pk-kea,
|
||||
pk-kea |
|
||||
pk-rsaSSA-PSS,
|
||||
...,
|
||||
pk-ec |
|
||||
pk-ecDH |
|
||||
|
@ -60,7 +61,9 @@ PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6)
|
|||
sa-ecdsaWithSHA224 |
|
||||
sa-ecdsaWithSHA256 |
|
||||
sa-ecdsaWithSHA384 |
|
||||
sa-ecdsaWithSHA512
|
||||
sa-ecdsaWithSHA512,
|
||||
...,
|
||||
sa-rsaSSA-PSS
|
||||
}
|
||||
|
||||
--
|
||||
|
@ -201,6 +204,62 @@ Digest ::= OCTET STRING
|
|||
|
||||
KEA-Params-Id ::= OCTET STRING
|
||||
|
||||
-- RSASSA-PSS (RFC 4055)
|
||||
|
||||
-- pk-rsaSSA-PSS PUBLIC-KEY ::= {
|
||||
-- IDENTIFIER id-RSASSA-PSS
|
||||
-- KEY RSAPublicKey
|
||||
-- PARAMS TYPE RSASSA-PSS-params ARE optional
|
||||
-- CERT-KEY-USAGE { nonRepudiation, digitalSignature, keyCertSign, cRLSign }
|
||||
-- }
|
||||
|
||||
id-mgf1 OBJECT IDENTIFIER ::= {
|
||||
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
|
||||
pkcs-1(1) 8 }
|
||||
|
||||
id-RSASSA-PSS OBJECT IDENTIFIER ::= {
|
||||
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
|
||||
pkcs-1(1) 10 }
|
||||
|
||||
HashAlgorithm ::= AlgorithmIdentifier{DIGEST-ALGORITHM,
|
||||
{HashAlgorithms}}
|
||||
|
||||
HashAlgorithms DIGEST-ALGORITHM ::= {
|
||||
{ IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent },
|
||||
...
|
||||
}
|
||||
|
||||
-- sha1Identifier AlgorithmIdentifier ::= {
|
||||
-- algorithmId id-sha1,
|
||||
-- parameters NULL
|
||||
-- }
|
||||
|
||||
MaskGenAlgorithm ::= AlgorithmIdentifier{ALGORITHM,
|
||||
{PKCS1MGFAlgorithms}}
|
||||
|
||||
-- mgf1SHA1 MaskGenAlgorithm ::= {
|
||||
-- algorithmId id-mgf1,
|
||||
-- parameters HashAlgorithm : sha1Identifier
|
||||
-- }
|
||||
|
||||
PKCS1MGFAlgorithms ALGORITHM ::= {
|
||||
{ IDENTIFIER id-mgf1 PARAMS TYPE HashAlgorithm ARE required },
|
||||
...
|
||||
}
|
||||
|
||||
-- AlgorithmIdentifier parameters for id-RSASSA-PSS.
|
||||
-- Note that the tags in this Sequence are explicit.
|
||||
-- Note: The hash algorithm in hashAlgorithm and in
|
||||
-- maskGenAlgorithm should be the same.
|
||||
|
||||
RSASSA-PSS-params ::= SEQUENCE {
|
||||
hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
|
||||
maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
|
||||
saltLength [2] INTEGER DEFAULT 20,
|
||||
trailerField [3] INTEGER DEFAULT 1
|
||||
}
|
||||
|
||||
|
||||
-- Elliptic Curve (EC) Signatures: Unrestricted Algorithms
|
||||
-- (Section 2.1.1 of RFC 5480)
|
||||
--
|
||||
|
|
|
@ -24,6 +24,8 @@ KEA-Params-Id B "2.16.840.1.101.2.1.1.22" "id-keyExchangeAlgorithm"
|
|||
ECParameters B "1.2.840.10045.2.1" "id-ecPublicKey"
|
||||
ECParameters B "1.3.132.1.12" "id-ecDH"
|
||||
ECParameters B "1.2.840.10045.2.13" "id-ecMQV"
|
||||
RSASSA-PSS-params B "1.2.840.113549.1.1.10" "id-RSASSA-PSS"
|
||||
HashAlgorithm B "1.2.840.113549.1.1.8" "id-mgf1"
|
||||
|
||||
#.NO_EMIT
|
||||
DSAPublicKey
|
||||
|
|
|
@ -56,6 +56,8 @@ static int proto_pkcs1 = -1;
|
|||
static int hf_pkcs1_DSA_Params_PDU = -1; /* DSA_Params */
|
||||
static int hf_pkcs1_DomainParameters_PDU = -1; /* DomainParameters */
|
||||
static int hf_pkcs1_KEA_Params_Id_PDU = -1; /* KEA_Params_Id */
|
||||
static int hf_pkcs1_HashAlgorithm_PDU = -1; /* HashAlgorithm */
|
||||
static int hf_pkcs1_RSASSA_PSS_params_PDU = -1; /* RSASSA_PSS_params */
|
||||
static int hf_pkcs1_ECParameters_PDU = -1; /* ECParameters */
|
||||
static int hf_pkcs1_modulus = -1; /* INTEGER */
|
||||
static int hf_pkcs1_publicExponent = -1; /* INTEGER */
|
||||
|
@ -75,6 +77,10 @@ static int hf_pkcs1_j = -1; /* INTEGER */
|
|||
static int hf_pkcs1_validationParams = -1; /* ValidationParams */
|
||||
static int hf_pkcs1_seed = -1; /* BIT_STRING */
|
||||
static int hf_pkcs1_pgenCounter = -1; /* INTEGER */
|
||||
static int hf_pkcs1_hashAlgorithm = -1; /* HashAlgorithm */
|
||||
static int hf_pkcs1_maskGenAlgorithm = -1; /* MaskGenAlgorithm */
|
||||
static int hf_pkcs1_saltLength = -1; /* INTEGER */
|
||||
static int hf_pkcs1_trailerField = -1; /* INTEGER */
|
||||
static int hf_pkcs1_namedCurve = -1; /* OBJECT_IDENTIFIER */
|
||||
static int hf_pkcs1_r = -1; /* INTEGER */
|
||||
static int hf_pkcs1_s = -1; /* INTEGER */
|
||||
|
@ -92,6 +98,7 @@ static gint ett_pkcs1_DigestInfo = -1;
|
|||
static gint ett_pkcs1_DSA_Params = -1;
|
||||
static gint ett_pkcs1_DomainParameters = -1;
|
||||
static gint ett_pkcs1_ValidationParams = -1;
|
||||
static gint ett_pkcs1_RSASSA_PSS_params = -1;
|
||||
static gint ett_pkcs1_ECParameters = -1;
|
||||
static gint ett_pkcs1_DSA_Sig_Value = -1;
|
||||
static gint ett_pkcs1_ECDSA_Sig_Value = -1;
|
||||
|
@ -267,6 +274,41 @@ dissect_pkcs1_KEA_Params_Id(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
|
|||
|
||||
|
||||
|
||||
static int
|
||||
dissect_pkcs1_HashAlgorithm(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
offset = dissect_x509af_AlgorithmIdentifier(implicit_tag, tvb, offset, actx, tree, hf_index);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
||||
|
||||
static int
|
||||
dissect_pkcs1_MaskGenAlgorithm(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
offset = dissect_x509af_AlgorithmIdentifier(implicit_tag, tvb, offset, actx, tree, hf_index);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
||||
static const ber_sequence_t RSASSA_PSS_params_sequence[] = {
|
||||
{ &hf_pkcs1_hashAlgorithm , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_pkcs1_HashAlgorithm },
|
||||
{ &hf_pkcs1_maskGenAlgorithm, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_pkcs1_MaskGenAlgorithm },
|
||||
{ &hf_pkcs1_saltLength , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_pkcs1_INTEGER },
|
||||
{ &hf_pkcs1_trailerField , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_pkcs1_INTEGER },
|
||||
{ NULL, 0, 0, 0, NULL }
|
||||
};
|
||||
|
||||
static int
|
||||
dissect_pkcs1_RSASSA_PSS_params(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
||||
RSASSA_PSS_params_sequence, hf_index, ett_pkcs1_RSASSA_PSS_params);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
static int
|
||||
dissect_pkcs1_OBJECT_IDENTIFIER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
|
@ -314,6 +356,16 @@ static void dissect_KEA_Params_Id_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_,
|
|||
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
|
||||
dissect_pkcs1_KEA_Params_Id(FALSE, tvb, 0, &asn1_ctx, tree, hf_pkcs1_KEA_Params_Id_PDU);
|
||||
}
|
||||
static void dissect_HashAlgorithm_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
|
||||
asn1_ctx_t asn1_ctx;
|
||||
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
|
||||
dissect_pkcs1_HashAlgorithm(FALSE, tvb, 0, &asn1_ctx, tree, hf_pkcs1_HashAlgorithm_PDU);
|
||||
}
|
||||
static void dissect_RSASSA_PSS_params_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
|
||||
asn1_ctx_t asn1_ctx;
|
||||
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
|
||||
dissect_pkcs1_RSASSA_PSS_params(FALSE, tvb, 0, &asn1_ctx, tree, hf_pkcs1_RSASSA_PSS_params_PDU);
|
||||
}
|
||||
static void dissect_ECParameters_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
|
||||
asn1_ctx_t asn1_ctx;
|
||||
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
|
||||
|
@ -344,6 +396,14 @@ void proto_register_pkcs1(void) {
|
|||
{ "KEA-Params-Id", "pkcs1.KEA_Params_Id",
|
||||
FT_BYTES, BASE_NONE, NULL, 0,
|
||||
NULL, HFILL }},
|
||||
{ &hf_pkcs1_HashAlgorithm_PDU,
|
||||
{ "HashAlgorithm", "pkcs1.HashAlgorithm",
|
||||
FT_NONE, BASE_NONE, NULL, 0,
|
||||
NULL, HFILL }},
|
||||
{ &hf_pkcs1_RSASSA_PSS_params_PDU,
|
||||
{ "RSASSA-PSS-params", "pkcs1.RSASSA_PSS_params",
|
||||
FT_NONE, BASE_NONE, NULL, 0,
|
||||
NULL, HFILL }},
|
||||
{ &hf_pkcs1_ECParameters_PDU,
|
||||
{ "ECParameters", "pkcs1.ECParameters",
|
||||
FT_UINT32, BASE_DEC, VALS(pkcs1_ECParameters_vals), 0,
|
||||
|
@ -420,6 +480,22 @@ void proto_register_pkcs1(void) {
|
|||
{ "pgenCounter", "pkcs1.pgenCounter",
|
||||
FT_INT32, BASE_DEC, NULL, 0,
|
||||
"INTEGER", HFILL }},
|
||||
{ &hf_pkcs1_hashAlgorithm,
|
||||
{ "hashAlgorithm", "pkcs1.hashAlgorithm",
|
||||
FT_NONE, BASE_NONE, NULL, 0,
|
||||
NULL, HFILL }},
|
||||
{ &hf_pkcs1_maskGenAlgorithm,
|
||||
{ "maskGenAlgorithm", "pkcs1.maskGenAlgorithm",
|
||||
FT_NONE, BASE_NONE, NULL, 0,
|
||||
NULL, HFILL }},
|
||||
{ &hf_pkcs1_saltLength,
|
||||
{ "saltLength", "pkcs1.saltLength",
|
||||
FT_INT32, BASE_DEC, NULL, 0,
|
||||
"INTEGER", HFILL }},
|
||||
{ &hf_pkcs1_trailerField,
|
||||
{ "trailerField", "pkcs1.trailerField",
|
||||
FT_INT32, BASE_DEC, NULL, 0,
|
||||
"INTEGER", HFILL }},
|
||||
{ &hf_pkcs1_namedCurve,
|
||||
{ "namedCurve", "pkcs1.namedCurve",
|
||||
FT_OID, BASE_NONE, NULL, 0,
|
||||
|
@ -448,6 +524,7 @@ void proto_register_pkcs1(void) {
|
|||
&ett_pkcs1_DSA_Params,
|
||||
&ett_pkcs1_DomainParameters,
|
||||
&ett_pkcs1_ValidationParams,
|
||||
&ett_pkcs1_RSASSA_PSS_params,
|
||||
&ett_pkcs1_ECParameters,
|
||||
&ett_pkcs1_DSA_Sig_Value,
|
||||
&ett_pkcs1_ECDSA_Sig_Value,
|
||||
|
@ -477,6 +554,8 @@ void proto_reg_handoff_pkcs1(void) {
|
|||
register_ber_oid_dissector("1.2.840.10045.2.1", dissect_ECParameters_PDU, proto_pkcs1, "id-ecPublicKey");
|
||||
register_ber_oid_dissector("1.3.132.1.12", dissect_ECParameters_PDU, proto_pkcs1, "id-ecDH");
|
||||
register_ber_oid_dissector("1.2.840.10045.2.13", dissect_ECParameters_PDU, proto_pkcs1, "id-ecMQV");
|
||||
register_ber_oid_dissector("1.2.840.113549.1.1.10", dissect_RSASSA_PSS_params_PDU, proto_pkcs1, "id-RSASSA-PSS");
|
||||
register_ber_oid_dissector("1.2.840.113549.1.1.8", dissect_HashAlgorithm_PDU, proto_pkcs1, "id-mgf1");
|
||||
|
||||
|
||||
/*--- End of included file: packet-pkcs1-dis-tab.c ---*/
|
||||
|
|
Loading…
Reference in New Issue