osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

From Martin Kaiser: 

RSASSA-PSS support for X.509 certificates.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6541

svn path=/trunk/; revision=39785
This commit is contained in:
Anders Broman 2011-11-10 20:52:44 +00:00
parent 252f3f34b1
commit 1f9b1347d6
3 changed files with 142 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
asn1/pkcs1/PKIXAlgs-2009.asn
View File

@ -37,7 +37,8 @@ PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6)
pk-rsa |
pk-dsa |
pk-dh |
pk-kea,
pk-kea |
pk-rsaSSA-PSS,
...,
pk-ec |
pk-ecDH |
@ -60,7 +61,9 @@ PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6)
sa-ecdsaWithSHA224 |
sa-ecdsaWithSHA256 |
sa-ecdsaWithSHA384 |
sa-ecdsaWithSHA512
sa-ecdsaWithSHA512,
...,
sa-rsaSSA-PSS
}
--
@ -201,6 +204,62 @@ Digest ::= OCTET STRING
KEA-Params-Id ::= OCTET STRING
-- RSASSA-PSS (RFC 4055)
-- pk-rsaSSA-PSS PUBLIC-KEY ::= {
-- IDENTIFIER id-RSASSA-PSS
-- KEY RSAPublicKey
-- PARAMS TYPE RSASSA-PSS-params ARE optional
-- CERT-KEY-USAGE { nonRepudiation, digitalSignature, keyCertSign, cRLSign }
-- }
id-mgf1 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-1(1) 8 }
id-RSASSA-PSS OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-1(1) 10 }
HashAlgorithm ::= AlgorithmIdentifier{DIGEST-ALGORITHM,
{HashAlgorithms}}
HashAlgorithms DIGEST-ALGORITHM ::= {
{ IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent },
...
}
-- sha1Identifier AlgorithmIdentifier ::= {
-- algorithmId id-sha1,
-- parameters NULL
-- }
MaskGenAlgorithm ::= AlgorithmIdentifier{ALGORITHM,
{PKCS1MGFAlgorithms}}
-- mgf1SHA1 MaskGenAlgorithm ::= {
-- algorithmId id-mgf1,
-- parameters HashAlgorithm : sha1Identifier
-- }
PKCS1MGFAlgorithms ALGORITHM ::= {
{ IDENTIFIER id-mgf1 PARAMS TYPE HashAlgorithm ARE required },
...
}
-- AlgorithmIdentifier parameters for id-RSASSA-PSS.
-- Note that the tags in this Sequence are explicit.
-- Note: The hash algorithm in hashAlgorithm and in
-- maskGenAlgorithm should be the same.
RSASSA-PSS-params ::= SEQUENCE {
hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
saltLength [2] INTEGER DEFAULT 20,
trailerField [3] INTEGER DEFAULT 1
}
-- Elliptic Curve (EC) Signatures: Unrestricted Algorithms
-- (Section 2.1.1 of RFC 5480)
--

2
asn1/pkcs1/pkcs1.cnf
View File

@ -24,6 +24,8 @@ KEA-Params-Id B "2.16.840.1.101.2.1.1.22" "id-keyExchangeAlgorithm"
ECParameters B "1.2.840.10045.2.1" "id-ecPublicKey"
ECParameters B "1.3.132.1.12" "id-ecDH"
ECParameters B "1.2.840.10045.2.13" "id-ecMQV"
RSASSA-PSS-params B "1.2.840.113549.1.1.10" "id-RSASSA-PSS"
HashAlgorithm B "1.2.840.113549.1.1.8" "id-mgf1"
#.NO_EMIT
DSAPublicKey

79
epan/dissectors/packet-pkcs1.c
View File

@ -56,6 +56,8 @@ static int proto_pkcs1 = -1;
static int hf_pkcs1_DSA_Params_PDU = -1; /* DSA_Params */
static int hf_pkcs1_DomainParameters_PDU = -1; /* DomainParameters */
static int hf_pkcs1_KEA_Params_Id_PDU = -1; /* KEA_Params_Id */
static int hf_pkcs1_HashAlgorithm_PDU = -1; /* HashAlgorithm */
static int hf_pkcs1_RSASSA_PSS_params_PDU = -1; /* RSASSA_PSS_params */
static int hf_pkcs1_ECParameters_PDU = -1; /* ECParameters */
static int hf_pkcs1_modulus = -1; /* INTEGER */
static int hf_pkcs1_publicExponent = -1; /* INTEGER */
@ -75,6 +77,10 @@ static int hf_pkcs1_j = -1; /* INTEGER */
static int hf_pkcs1_validationParams = -1; /* ValidationParams */
static int hf_pkcs1_seed = -1; /* BIT_STRING */
static int hf_pkcs1_pgenCounter = -1; /* INTEGER */
static int hf_pkcs1_hashAlgorithm = -1; /* HashAlgorithm */
static int hf_pkcs1_maskGenAlgorithm = -1; /* MaskGenAlgorithm */
static int hf_pkcs1_saltLength = -1; /* INTEGER */
static int hf_pkcs1_trailerField = -1; /* INTEGER */
static int hf_pkcs1_namedCurve = -1; /* OBJECT_IDENTIFIER */
static int hf_pkcs1_r = -1; /* INTEGER */
static int hf_pkcs1_s = -1; /* INTEGER */
@ -92,6 +98,7 @@ static gint ett_pkcs1_DigestInfo = -1;
static gint ett_pkcs1_DSA_Params = -1;
static gint ett_pkcs1_DomainParameters = -1;
static gint ett_pkcs1_ValidationParams = -1;
static gint ett_pkcs1_RSASSA_PSS_params = -1;
static gint ett_pkcs1_ECParameters = -1;
static gint ett_pkcs1_DSA_Sig_Value = -1;
static gint ett_pkcs1_ECDSA_Sig_Value = -1;
@ -267,6 +274,41 @@ dissect_pkcs1_KEA_Params_Id(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
static int
dissect_pkcs1_HashAlgorithm(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_x509af_AlgorithmIdentifier(implicit_tag, tvb, offset, actx, tree, hf_index);
return offset;
}
static int
dissect_pkcs1_MaskGenAlgorithm(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_x509af_AlgorithmIdentifier(implicit_tag, tvb, offset, actx, tree, hf_index);
return offset;
}
static const ber_sequence_t RSASSA_PSS_params_sequence[] = {
{ &hf_pkcs1_hashAlgorithm , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_pkcs1_HashAlgorithm },
{ &hf_pkcs1_maskGenAlgorithm, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_pkcs1_MaskGenAlgorithm },
{ &hf_pkcs1_saltLength , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_pkcs1_INTEGER },
{ &hf_pkcs1_trailerField , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_pkcs1_INTEGER },
{ NULL, 0, 0, 0, NULL }
};
static int
dissect_pkcs1_RSASSA_PSS_params(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
RSASSA_PSS_params_sequence, hf_index, ett_pkcs1_RSASSA_PSS_params);
return offset;
}
static int
dissect_pkcs1_OBJECT_IDENTIFIER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
@ -314,6 +356,16 @@ static void dissect_KEA_Params_Id_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_,
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
dissect_pkcs1_KEA_Params_Id(FALSE, tvb, 0, &asn1_ctx, tree, hf_pkcs1_KEA_Params_Id_PDU);
}
static void dissect_HashAlgorithm_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
asn1_ctx_t asn1_ctx;
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
dissect_pkcs1_HashAlgorithm(FALSE, tvb, 0, &asn1_ctx, tree, hf_pkcs1_HashAlgorithm_PDU);
}
static void dissect_RSASSA_PSS_params_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
asn1_ctx_t asn1_ctx;
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
dissect_pkcs1_RSASSA_PSS_params(FALSE, tvb, 0, &asn1_ctx, tree, hf_pkcs1_RSASSA_PSS_params_PDU);
}
static void dissect_ECParameters_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
asn1_ctx_t asn1_ctx;
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
@ -344,6 +396,14 @@ void proto_register_pkcs1(void) {
{ "KEA-Params-Id", "pkcs1.KEA_Params_Id",
FT_BYTES, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_pkcs1_HashAlgorithm_PDU,
{ "HashAlgorithm", "pkcs1.HashAlgorithm",
FT_NONE, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_pkcs1_RSASSA_PSS_params_PDU,
{ "RSASSA-PSS-params", "pkcs1.RSASSA_PSS_params",
FT_NONE, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_pkcs1_ECParameters_PDU,
{ "ECParameters", "pkcs1.ECParameters",
FT_UINT32, BASE_DEC, VALS(pkcs1_ECParameters_vals), 0,
@ -420,6 +480,22 @@ void proto_register_pkcs1(void) {
{ "pgenCounter", "pkcs1.pgenCounter",
FT_INT32, BASE_DEC, NULL, 0,
"INTEGER", HFILL }},
{ &hf_pkcs1_hashAlgorithm,
{ "hashAlgorithm", "pkcs1.hashAlgorithm",
FT_NONE, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_pkcs1_maskGenAlgorithm,
{ "maskGenAlgorithm", "pkcs1.maskGenAlgorithm",
FT_NONE, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_pkcs1_saltLength,
{ "saltLength", "pkcs1.saltLength",
FT_INT32, BASE_DEC, NULL, 0,
"INTEGER", HFILL }},
{ &hf_pkcs1_trailerField,
{ "trailerField", "pkcs1.trailerField",
FT_INT32, BASE_DEC, NULL, 0,
"INTEGER", HFILL }},
{ &hf_pkcs1_namedCurve,
{ "namedCurve", "pkcs1.namedCurve",
FT_OID, BASE_NONE, NULL, 0,
@ -448,6 +524,7 @@ void proto_register_pkcs1(void) {
&ett_pkcs1_DSA_Params,
&ett_pkcs1_DomainParameters,
&ett_pkcs1_ValidationParams,
&ett_pkcs1_RSASSA_PSS_params,
&ett_pkcs1_ECParameters,
&ett_pkcs1_DSA_Sig_Value,
&ett_pkcs1_ECDSA_Sig_Value,
@ -477,6 +554,8 @@ void proto_reg_handoff_pkcs1(void) {
register_ber_oid_dissector("1.2.840.10045.2.1", dissect_ECParameters_PDU, proto_pkcs1, "id-ecPublicKey");
register_ber_oid_dissector("1.3.132.1.12", dissect_ECParameters_PDU, proto_pkcs1, "id-ecDH");
register_ber_oid_dissector("1.2.840.10045.2.13", dissect_ECParameters_PDU, proto_pkcs1, "id-ecMQV");
register_ber_oid_dissector("1.2.840.113549.1.1.10", dissect_RSASSA_PSS_params_PDU, proto_pkcs1, "id-RSASSA-PSS");
register_ber_oid_dissector("1.2.840.113549.1.1.8", dissect_HashAlgorithm_PDU, proto_pkcs1, "id-mgf1");
/*--- End of included file: packet-pkcs1-dis-tab.c ---*/