work in progress

New protocol CryptogrtaphicMessageSyntax As the X.509xx protocols this protocol is not yet linked with ethereal but a work in progress. Within the next few days the changes needed to packet-kerberos and packet-ber will be added to implement an embryonic pkinit implementation inside packet-kerberos which will in turn call cms and the x509 dissectors. The dissectors are still very incomplete but already relatively useful. svn path=/trunk/; revision=11432
2004-07-19 09:03:28 +00:00 · 2004-07-19 09:03:28 +00:00 · 5d366ee1e2
parent 71b70c924b
commit 5d366ee1e2
4 changed files with 479 additions and 0 deletions
--- a/asn1/cms/CryptographicMessageSyntax.asn
+++ b/asn1/cms/CryptographicMessageSyntax.asn
@ -0,0 +1,346 @@
+-- Extracted from RFC2630
+-- and massaged/modified so it passws through our ASN2ETH compiler
+
+CryptographicMessageSyntax { iso(1) member-body(2) us(840) rsadsi(113549)
+      pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) } DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in
+-- the other ASN.1 modules.  Other applications may use them for their
+-- own purposes.
+
+IMPORTS
+
+  -- Directory Information Framework (X.501)
+        Name
+           FROM InformationFramework { joint-iso-itu-t ds(5) modules(1)
+                informationFramework(1) 3 }
+
+  -- Directory Authentication Framework (X.509)
+        AlgorithmIdentifier, AttributeCertificate, Certificate,
+        CertificateList, CertificateSerialNumber
+           FROM AuthenticationFramework { joint-iso-itu-t ds(5)
+                module(1) authenticationFramework(7) 3 } ;
+
+
+-- Cryptographic Message Syntax
+-- 
+-- ContentInfo ::= SEQUENCE {
+--OK   contentType ContentType,
+--   content [0] EXPLICIT ANY DEFINED BY contentType }
+
+ContentType ::= OBJECT IDENTIFIER
+
+SignedData ::= SEQUENCE {
+  version CMSVersion,
+  digestAlgorithms DigestAlgorithmIdentifiers,
+  encapContentInfo EncapsulatedContentInfo,
+  certificates [0] IMPLICIT CertificateSet OPTIONAL,
+  crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
+  signerInfos SignerInfos }
+
+DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+
+SignerInfos ::= SET OF SignerInfo
+
+EncapsulatedContentInfo ::= SEQUENCE {
+  eContentType ContentType,
+  eContent [0] EXPLICIT OCTET STRING OPTIONAL }
+
+SignerInfo ::= SEQUENCE {
+  version CMSVersion,
+  sid SignerIdentifier,
+  digestAlgorithm DigestAlgorithmIdentifier,
+  signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
+  signatureAlgorithm SignatureAlgorithmIdentifier,
+  signature SignatureValue,
+  unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
+
+SignerIdentifier ::= CHOICE {
+  issuerAndSerialNumber IssuerAndSerialNumber,
+  subjectKeyIdentifier [0] SubjectKeyIdentifier }
+
+SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+Attribute ::= SEQUENCE {
+  attrType OBJECT IDENTIFIER
+--   attrValues SET OF AttributeValue 
+}
+
+-- AttributeValue ::= ANY
+
+SignatureValue ::= OCTET STRING
+
+-- EnvelopedData ::= SEQUENCE {
+--   version CMSVersion,
+--   originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+--   recipientInfos RecipientInfos,
+--   encryptedContentInfo EncryptedContentInfo,
+--   unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
+-- 
+-- OriginatorInfo ::= SEQUENCE {
+--   certs [0] IMPLICIT CertificateSet OPTIONAL,
+--OK   crls [1] IMPLICIT CertificateRevocationLists OPTIONAL }
+-- 
+-- RecipientInfos ::= SET OF RecipientInfo
+-- 
+-- EncryptedContentInfo ::= SEQUENCE {
+--   contentType ContentType,
+--   contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
+--   encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
+-- 
+-- EncryptedContent ::= OCTET STRING
+-- 
+-- UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
+-- 
+-- RecipientInfo ::= CHOICE {
+--   ktri KeyTransRecipientInfo,
+--   kari [1] KeyAgreeRecipientInfo,
+--   kekri [2] KEKRecipientInfo }
+-- 
+-- EncryptedKey ::= OCTET STRING
+-- 
+-- KeyTransRecipientInfo ::= SEQUENCE {
+--   version CMSVersion,  
+--            always set to 0 or 2
+--OK   rid RecipientIdentifier,
+--   keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+--   encryptedKey EncryptedKey }
+
+RecipientIdentifier ::= CHOICE {
+  issuerAndSerialNumber IssuerAndSerialNumber,
+  subjectKeyIdentifier [0] SubjectKeyIdentifier }
+
+-- KeyAgreeRecipientInfo ::= SEQUENCE {
+--   version CMSVersion,  
+--              always set to 3
+--   originator [0] EXPLICIT OriginatorIdentifierOrKey,
+--   ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
+--   keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+--   recipientEncryptedKeys RecipientEncryptedKeys }
+-- 
+-- OriginatorIdentifierOrKey ::= CHOICE {
+--OK   issuerAndSerialNumber IssuerAndSerialNumber,
+--OK   subjectKeyIdentifier [0] SubjectKeyIdentifier,
+--   originatorKey [1] OriginatorPublicKey }
+-- 
+-- OriginatorPublicKey ::= SEQUENCE {
+--   algorithm AlgorithmIdentifier,
+--   publicKey BIT STRING }
+-- 
+-- RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
+-- 
+-- RecipientEncryptedKey ::= SEQUENCE {
+--OK   rid KeyAgreeRecipientIdentifier,
+--   encryptedKey EncryptedKey }
+-- 
+-- KeyAgreeRecipientIdentifier ::= CHOICE {
+--OK   issuerAndSerialNumber IssuerAndSerialNumber,
+--   rKeyId [0] IMPLICIT RecipientKeyIdentifier }
+-- 
+-- RecipientKeyIdentifier ::= SEQUENCE {
+--OK   subjectKeyIdentifier SubjectKeyIdentifier,
+--   date GeneralizedTime OPTIONAL,
+--   other OtherKeyAttribute OPTIONAL }
+
+SubjectKeyIdentifier ::= OCTET STRING
+
+-- KEKRecipientInfo ::= SEQUENCE {
+--   version CMSVersion,
+--              always set to 4
+--   kekid KEKIdentifier,
+--   keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+--   encryptedKey EncryptedKey }
+-- 
+-- KEKIdentifier ::= SEQUENCE {
+--   keyIdentifier OCTET STRING,
+--   date GeneralizedTime OPTIONAL,
+--   other OtherKeyAttribute OPTIONAL }
+-- 
+-- DigestedData ::= SEQUENCE {
+--OK   version CMSVersion,
+--OK   digestAlgorithm DigestAlgorithmIdentifier,
+--OK   encapContentInfo EncapsulatedContentInfo,
+--OK   digest Digest }
+
+Digest ::= OCTET STRING
+
+-- EncryptedData ::= SEQUENCE {
+--   version CMSVersion,
+--   encryptedContentInfo EncryptedContentInfo,
+--   unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
+-- 
+-- AuthenticatedData ::= SEQUENCE {
+--   version CMSVersion,
+--   originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+--   recipientInfos RecipientInfos,
+--   macAlgorithm MessageAuthenticationCodeAlgorithm,
+--OK   digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
+--OK   encapContentInfo EncapsulatedContentInfo,
+--   authenticatedAttributes [2] IMPLICIT AuthAttributes OPTIONAL,
+--   mac MessageAuthenticationCode,
+--   unauthenticatedAttributes [3] IMPLICIT UnauthAttributes OPTIONAL }
+
+AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+MessageAuthenticationCode ::= OCTET STRING
+
+DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+
+SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
+
+KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
+
+CertificateRevocationLists ::= SET OF CertificateList
+
+CertificateChoices ::= CHOICE {
+  certificate Certificate,
+  extendedCertificate [0] IMPLICIT ExtendedCertificate,
+  attrCert [1] IMPLICIT AttributeCertificate }
+
+CertificateSet ::= SET OF CertificateChoices
+
+IssuerAndSerialNumber ::= SEQUENCE {
+--QQQ   issuer Name,
+  serialNumber CertificateSerialNumber }
+
+CMSVersion ::= INTEGER  { v0(0), v1(1), v2(2), v3(3), v4(4) }
+
+-- UserKeyingMaterial ::= OCTET STRING
+-- 
+-- OtherKeyAttribute ::= SEQUENCE {
+--   keyAttrId OBJECT IDENTIFIER,
+--   keyAttr ANY DEFINED BY keyAttrId OPTIONAL }
+-- 
+-- 
+-- CMS Attributes
+-- 
+-- MessageDigest ::= OCTET STRING
+-- 
+-- SigningTime  ::= Time
+-- 
+-- Time ::= CHOICE {
+--   utcTime UTCTime,
+--   generalTime GeneralizedTime }
+
+Countersignature ::= SignerInfo
+
+-- Algorithm Identifiers
+-- 
+-- sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
+--     oiw(14) secsig(3) algorithm(2) 26 }
+-- 
+-- md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+--     rsadsi(113549) digestAlgorithm(2) 5 }
+-- 
+-- id-dsa-with-sha1 OBJECT IDENTIFIER ::=  { iso(1) member-body(2)
+--     us(840) x9-57 (10040) x9cm(4) 3 }
+-- 
+-- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
+-- 
+-- dh-public-number OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) ansi-x942(10046) number-type(2) 1 }
+-- 
+-- id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+--     rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
+-- 
+-- id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
+-- 
+-- id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
+-- 
+-- des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
+-- 
+-- rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+--     rsadsi(113549) encryptionAlgorithm(3) 2 }
+-- 
+-- hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
+--     dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
+-- 
+-- 
+-- Algorithm Parameters
+-- 
+-- KeyWrapAlgorithm ::= AlgorithmIdentifier
+-- 
+-- RC2wrapParameter ::= RC2ParameterVersion
+-- 
+-- RC2ParameterVersion ::= INTEGER
+-- 
+-- CBCParameter ::= IV
+-- 
+-- IV ::= OCTET STRING
+-- 
+-- RC2CBCParameter ::= SEQUENCE {
+--   rc2ParameterVersion INTEGER,
+--   iv OCTET STRING  }
+-- 
+-- 
+-- Content Type Object Identifiers
+-- 
+-- id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+--     ct(1) 6 }
+-- 
+-- id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
+-- 
+-- id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
+-- 
+-- id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }
+-- 
+-- id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
+-- 
+-- id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
+-- 
+-- id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+--     ct(1) 2 }
+-- 
+-- 
+-- Attribute Object Identifiers
+-- 
+-- id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }
+-- 
+-- id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }
+-- 
+-- id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
+-- 
+-- id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
+-- 
+-- 
+-- Obsolete Extended Certificate syntax from PKCS#6
+
+ExtendedCertificate ::= SEQUENCE {
+  extendedCertificateInfo ExtendedCertificateInfo,
+  signatureAlgorithm SignatureAlgorithmIdentifier,
+  signature Signature }
+
+ExtendedCertificateInfo ::= SEQUENCE {
+  version CMSVersion,
+  certificate Certificate,
+  attributes UnauthAttributes }
+
+Signature ::= BIT STRING
+
+
+END -- of CryptographicMessageSyntax
--- a/asn1/cms/cms.cnf
+++ b/asn1/cms/cms.cnf
@ -0,0 +1,22 @@
+# CMS.cnf
+# CMS conformation file
+
+# $Id: cms.cnf,v 1.2 2004/06/03 08:35:44 guy Exp $
+
+#.MODULE_IMPORT
+AuthenticationFramework x509af
+
+#.INCLUDE ../x509af/x509af_exp.cnf
+
+#.EXPORTS
+SignedData
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+
+#.FIELD_RENAME
+
+#.END
+
+
--- a/asn1/cms/packet-cms-template.c
+++ b/asn1/cms/packet-cms-template.c
@ -0,0 +1,80 @@
+/* packet-cms.c
+ * Routines for RFC2630 Cryptographic Message Syntax packet dissection
+ *
+ * $Id: packet-cms-template.c,v 1.2 2004/05/25 21:07:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <glib.h>
+#include <epan/packet.h>
+#include <epan/conversation.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include "packet-ber.h"
+#include "packet-cms.h"
+#include "packet-x509af.h"
+
+#define PNAME  "Cryptographic Message Syntax"
+#define PSNAME "CMS"
+#define PFNAME "cms"
+
+/* Initialize the protocol and registered fields */
+int proto_cms = -1;
+#include "packet-cms-hf.c"
+
+/* Initialize the subtree pointers */
+#include "packet-cms-ett.c"
+
+#include "packet-cms-fn.c"
+
+
+/*--- proto_register_cms ----------------------------------------------*/
+void proto_register_cms(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] = {
+#include "packet-cms-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+#include "packet-cms-ettarr.c"
+  };
+
+  /* Register protocol */
+  proto_cms = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_cms, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+}
+
+
+/*--- proto_reg_handoff_cms -------------------------------------------*/
+void proto_reg_handoff_cms(void) {
+}
+
--- a/asn1/cms/packet-cms-template.h
+++ b/asn1/cms/packet-cms-template.h
@ -0,0 +1,31 @@
+/* packet-cms.h
+ * Routines for RFC2630 Cryptographic Message Syntax packet dissection
+ *
+ * $Id: packet-cms-template.h,v 1.1 2004/05/24 08:42:29 sahlberg Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef PACKET_CMS_H
+#define PACKET_CMS_H
+
+#include "packet-cms-exp.h"
+
+#endif  /* PACKET_CMS_H */
+