work in progress
New protocol CryptogrtaphicMessageSyntax As the X.509xx protocols this protocol is not yet linked with ethereal but a work in progress. Within the next few days the changes needed to packet-kerberos and packet-ber will be added to implement an embryonic pkinit implementation inside packet-kerberos which will in turn call cms and the x509 dissectors. The dissectors are still very incomplete but already relatively useful. svn path=/trunk/; revision=11432
This commit is contained in:
parent
71b70c924b
commit
5d366ee1e2
|
@ -0,0 +1,346 @@
|
|||
-- Extracted from RFC2630
|
||||
-- and massaged/modified so it passws through our ASN2ETH compiler
|
||||
|
||||
CryptographicMessageSyntax { iso(1) member-body(2) us(840) rsadsi(113549)
|
||||
pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) } DEFINITIONS IMPLICIT TAGS ::=
|
||||
BEGIN
|
||||
|
||||
-- EXPORTS All
|
||||
-- The types and values defined in this module are exported for use in
|
||||
-- the other ASN.1 modules. Other applications may use them for their
|
||||
-- own purposes.
|
||||
|
||||
IMPORTS
|
||||
|
||||
-- Directory Information Framework (X.501)
|
||||
Name
|
||||
FROM InformationFramework { joint-iso-itu-t ds(5) modules(1)
|
||||
informationFramework(1) 3 }
|
||||
|
||||
-- Directory Authentication Framework (X.509)
|
||||
AlgorithmIdentifier, AttributeCertificate, Certificate,
|
||||
CertificateList, CertificateSerialNumber
|
||||
FROM AuthenticationFramework { joint-iso-itu-t ds(5)
|
||||
module(1) authenticationFramework(7) 3 } ;
|
||||
|
||||
|
||||
-- Cryptographic Message Syntax
|
||||
--
|
||||
-- ContentInfo ::= SEQUENCE {
|
||||
--OK contentType ContentType,
|
||||
-- content [0] EXPLICIT ANY DEFINED BY contentType }
|
||||
|
||||
ContentType ::= OBJECT IDENTIFIER
|
||||
|
||||
SignedData ::= SEQUENCE {
|
||||
version CMSVersion,
|
||||
digestAlgorithms DigestAlgorithmIdentifiers,
|
||||
encapContentInfo EncapsulatedContentInfo,
|
||||
certificates [0] IMPLICIT CertificateSet OPTIONAL,
|
||||
crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
|
||||
signerInfos SignerInfos }
|
||||
|
||||
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
|
||||
|
||||
SignerInfos ::= SET OF SignerInfo
|
||||
|
||||
EncapsulatedContentInfo ::= SEQUENCE {
|
||||
eContentType ContentType,
|
||||
eContent [0] EXPLICIT OCTET STRING OPTIONAL }
|
||||
|
||||
SignerInfo ::= SEQUENCE {
|
||||
version CMSVersion,
|
||||
sid SignerIdentifier,
|
||||
digestAlgorithm DigestAlgorithmIdentifier,
|
||||
signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
|
||||
signatureAlgorithm SignatureAlgorithmIdentifier,
|
||||
signature SignatureValue,
|
||||
unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
|
||||
|
||||
SignerIdentifier ::= CHOICE {
|
||||
issuerAndSerialNumber IssuerAndSerialNumber,
|
||||
subjectKeyIdentifier [0] SubjectKeyIdentifier }
|
||||
|
||||
SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
|
||||
|
||||
UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
|
||||
|
||||
Attribute ::= SEQUENCE {
|
||||
attrType OBJECT IDENTIFIER
|
||||
-- attrValues SET OF AttributeValue
|
||||
}
|
||||
|
||||
-- AttributeValue ::= ANY
|
||||
|
||||
SignatureValue ::= OCTET STRING
|
||||
|
||||
-- EnvelopedData ::= SEQUENCE {
|
||||
-- version CMSVersion,
|
||||
-- originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
|
||||
-- recipientInfos RecipientInfos,
|
||||
-- encryptedContentInfo EncryptedContentInfo,
|
||||
-- unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
|
||||
--
|
||||
-- OriginatorInfo ::= SEQUENCE {
|
||||
-- certs [0] IMPLICIT CertificateSet OPTIONAL,
|
||||
--OK crls [1] IMPLICIT CertificateRevocationLists OPTIONAL }
|
||||
--
|
||||
-- RecipientInfos ::= SET OF RecipientInfo
|
||||
--
|
||||
-- EncryptedContentInfo ::= SEQUENCE {
|
||||
-- contentType ContentType,
|
||||
-- contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
|
||||
-- encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
|
||||
--
|
||||
-- EncryptedContent ::= OCTET STRING
|
||||
--
|
||||
-- UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
|
||||
--
|
||||
-- RecipientInfo ::= CHOICE {
|
||||
-- ktri KeyTransRecipientInfo,
|
||||
-- kari [1] KeyAgreeRecipientInfo,
|
||||
-- kekri [2] KEKRecipientInfo }
|
||||
--
|
||||
-- EncryptedKey ::= OCTET STRING
|
||||
--
|
||||
-- KeyTransRecipientInfo ::= SEQUENCE {
|
||||
-- version CMSVersion,
|
||||
-- always set to 0 or 2
|
||||
--OK rid RecipientIdentifier,
|
||||
-- keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
|
||||
-- encryptedKey EncryptedKey }
|
||||
|
||||
RecipientIdentifier ::= CHOICE {
|
||||
issuerAndSerialNumber IssuerAndSerialNumber,
|
||||
subjectKeyIdentifier [0] SubjectKeyIdentifier }
|
||||
|
||||
-- KeyAgreeRecipientInfo ::= SEQUENCE {
|
||||
-- version CMSVersion,
|
||||
-- always set to 3
|
||||
-- originator [0] EXPLICIT OriginatorIdentifierOrKey,
|
||||
-- ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
|
||||
-- keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
|
||||
-- recipientEncryptedKeys RecipientEncryptedKeys }
|
||||
--
|
||||
-- OriginatorIdentifierOrKey ::= CHOICE {
|
||||
--OK issuerAndSerialNumber IssuerAndSerialNumber,
|
||||
--OK subjectKeyIdentifier [0] SubjectKeyIdentifier,
|
||||
-- originatorKey [1] OriginatorPublicKey }
|
||||
--
|
||||
-- OriginatorPublicKey ::= SEQUENCE {
|
||||
-- algorithm AlgorithmIdentifier,
|
||||
-- publicKey BIT STRING }
|
||||
--
|
||||
-- RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
|
||||
--
|
||||
-- RecipientEncryptedKey ::= SEQUENCE {
|
||||
--OK rid KeyAgreeRecipientIdentifier,
|
||||
-- encryptedKey EncryptedKey }
|
||||
--
|
||||
-- KeyAgreeRecipientIdentifier ::= CHOICE {
|
||||
--OK issuerAndSerialNumber IssuerAndSerialNumber,
|
||||
-- rKeyId [0] IMPLICIT RecipientKeyIdentifier }
|
||||
--
|
||||
-- RecipientKeyIdentifier ::= SEQUENCE {
|
||||
--OK subjectKeyIdentifier SubjectKeyIdentifier,
|
||||
-- date GeneralizedTime OPTIONAL,
|
||||
-- other OtherKeyAttribute OPTIONAL }
|
||||
|
||||
SubjectKeyIdentifier ::= OCTET STRING
|
||||
|
||||
-- KEKRecipientInfo ::= SEQUENCE {
|
||||
-- version CMSVersion,
|
||||
-- always set to 4
|
||||
-- kekid KEKIdentifier,
|
||||
-- keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
|
||||
-- encryptedKey EncryptedKey }
|
||||
--
|
||||
-- KEKIdentifier ::= SEQUENCE {
|
||||
-- keyIdentifier OCTET STRING,
|
||||
-- date GeneralizedTime OPTIONAL,
|
||||
-- other OtherKeyAttribute OPTIONAL }
|
||||
--
|
||||
-- DigestedData ::= SEQUENCE {
|
||||
--OK version CMSVersion,
|
||||
--OK digestAlgorithm DigestAlgorithmIdentifier,
|
||||
--OK encapContentInfo EncapsulatedContentInfo,
|
||||
--OK digest Digest }
|
||||
|
||||
Digest ::= OCTET STRING
|
||||
|
||||
-- EncryptedData ::= SEQUENCE {
|
||||
-- version CMSVersion,
|
||||
-- encryptedContentInfo EncryptedContentInfo,
|
||||
-- unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
|
||||
--
|
||||
-- AuthenticatedData ::= SEQUENCE {
|
||||
-- version CMSVersion,
|
||||
-- originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
|
||||
-- recipientInfos RecipientInfos,
|
||||
-- macAlgorithm MessageAuthenticationCodeAlgorithm,
|
||||
--OK digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
|
||||
--OK encapContentInfo EncapsulatedContentInfo,
|
||||
-- authenticatedAttributes [2] IMPLICIT AuthAttributes OPTIONAL,
|
||||
-- mac MessageAuthenticationCode,
|
||||
-- unauthenticatedAttributes [3] IMPLICIT UnauthAttributes OPTIONAL }
|
||||
|
||||
AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
|
||||
|
||||
UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
|
||||
|
||||
MessageAuthenticationCode ::= OCTET STRING
|
||||
|
||||
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
|
||||
|
||||
SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
|
||||
|
||||
KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
||||
|
||||
ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
||||
|
||||
MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
|
||||
|
||||
CertificateRevocationLists ::= SET OF CertificateList
|
||||
|
||||
CertificateChoices ::= CHOICE {
|
||||
certificate Certificate,
|
||||
extendedCertificate [0] IMPLICIT ExtendedCertificate,
|
||||
attrCert [1] IMPLICIT AttributeCertificate }
|
||||
|
||||
CertificateSet ::= SET OF CertificateChoices
|
||||
|
||||
IssuerAndSerialNumber ::= SEQUENCE {
|
||||
--QQQ issuer Name,
|
||||
serialNumber CertificateSerialNumber }
|
||||
|
||||
CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) }
|
||||
|
||||
-- UserKeyingMaterial ::= OCTET STRING
|
||||
--
|
||||
-- OtherKeyAttribute ::= SEQUENCE {
|
||||
-- keyAttrId OBJECT IDENTIFIER,
|
||||
-- keyAttr ANY DEFINED BY keyAttrId OPTIONAL }
|
||||
--
|
||||
--
|
||||
-- CMS Attributes
|
||||
--
|
||||
-- MessageDigest ::= OCTET STRING
|
||||
--
|
||||
-- SigningTime ::= Time
|
||||
--
|
||||
-- Time ::= CHOICE {
|
||||
-- utcTime UTCTime,
|
||||
-- generalTime GeneralizedTime }
|
||||
|
||||
Countersignature ::= SignerInfo
|
||||
|
||||
-- Algorithm Identifiers
|
||||
--
|
||||
-- sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
|
||||
-- oiw(14) secsig(3) algorithm(2) 26 }
|
||||
--
|
||||
-- md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
||||
-- rsadsi(113549) digestAlgorithm(2) 5 }
|
||||
--
|
||||
-- id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) x9-57 (10040) x9cm(4) 3 }
|
||||
--
|
||||
-- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
|
||||
--
|
||||
-- dh-public-number OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) ansi-x942(10046) number-type(2) 1 }
|
||||
--
|
||||
-- id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
||||
-- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
|
||||
--
|
||||
-- id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
|
||||
--
|
||||
-- id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
|
||||
--
|
||||
-- des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
|
||||
--
|
||||
-- rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
||||
-- rsadsi(113549) encryptionAlgorithm(3) 2 }
|
||||
--
|
||||
-- hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
|
||||
-- dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
|
||||
--
|
||||
--
|
||||
-- Algorithm Parameters
|
||||
--
|
||||
-- KeyWrapAlgorithm ::= AlgorithmIdentifier
|
||||
--
|
||||
-- RC2wrapParameter ::= RC2ParameterVersion
|
||||
--
|
||||
-- RC2ParameterVersion ::= INTEGER
|
||||
--
|
||||
-- CBCParameter ::= IV
|
||||
--
|
||||
-- IV ::= OCTET STRING
|
||||
--
|
||||
-- RC2CBCParameter ::= SEQUENCE {
|
||||
-- rc2ParameterVersion INTEGER,
|
||||
-- iv OCTET STRING }
|
||||
--
|
||||
--
|
||||
-- Content Type Object Identifiers
|
||||
--
|
||||
-- id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
|
||||
-- ct(1) 6 }
|
||||
--
|
||||
-- id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
|
||||
--
|
||||
-- id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
|
||||
--
|
||||
-- id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }
|
||||
--
|
||||
-- id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
|
||||
--
|
||||
-- id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
|
||||
--
|
||||
-- id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
|
||||
-- ct(1) 2 }
|
||||
--
|
||||
--
|
||||
-- Attribute Object Identifiers
|
||||
--
|
||||
-- id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }
|
||||
--
|
||||
-- id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }
|
||||
--
|
||||
-- id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
|
||||
--
|
||||
-- id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
-- us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
|
||||
--
|
||||
--
|
||||
-- Obsolete Extended Certificate syntax from PKCS#6
|
||||
|
||||
ExtendedCertificate ::= SEQUENCE {
|
||||
extendedCertificateInfo ExtendedCertificateInfo,
|
||||
signatureAlgorithm SignatureAlgorithmIdentifier,
|
||||
signature Signature }
|
||||
|
||||
ExtendedCertificateInfo ::= SEQUENCE {
|
||||
version CMSVersion,
|
||||
certificate Certificate,
|
||||
attributes UnauthAttributes }
|
||||
|
||||
Signature ::= BIT STRING
|
||||
|
||||
|
||||
END -- of CryptographicMessageSyntax
|
|
@ -0,0 +1,22 @@
|
|||
# CMS.cnf
|
||||
# CMS conformation file
|
||||
|
||||
# $Id: cms.cnf,v 1.2 2004/06/03 08:35:44 guy Exp $
|
||||
|
||||
#.MODULE_IMPORT
|
||||
AuthenticationFramework x509af
|
||||
|
||||
#.INCLUDE ../x509af/x509af_exp.cnf
|
||||
|
||||
#.EXPORTS
|
||||
SignedData
|
||||
|
||||
#.NO_EMIT
|
||||
|
||||
#.TYPE_RENAME
|
||||
|
||||
#.FIELD_RENAME
|
||||
|
||||
#.END
|
||||
|
||||
|
|
@ -0,0 +1,80 @@
|
|||
/* packet-cms.c
|
||||
* Routines for RFC2630 Cryptographic Message Syntax packet dissection
|
||||
*
|
||||
* $Id: packet-cms-template.c,v 1.2 2004/05/25 21:07:43 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#include <glib.h>
|
||||
#include <epan/packet.h>
|
||||
#include <epan/conversation.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "packet-ber.h"
|
||||
#include "packet-cms.h"
|
||||
#include "packet-x509af.h"
|
||||
|
||||
#define PNAME "Cryptographic Message Syntax"
|
||||
#define PSNAME "CMS"
|
||||
#define PFNAME "cms"
|
||||
|
||||
/* Initialize the protocol and registered fields */
|
||||
int proto_cms = -1;
|
||||
#include "packet-cms-hf.c"
|
||||
|
||||
/* Initialize the subtree pointers */
|
||||
#include "packet-cms-ett.c"
|
||||
|
||||
#include "packet-cms-fn.c"
|
||||
|
||||
|
||||
/*--- proto_register_cms ----------------------------------------------*/
|
||||
void proto_register_cms(void) {
|
||||
|
||||
/* List of fields */
|
||||
static hf_register_info hf[] = {
|
||||
#include "packet-cms-hfarr.c"
|
||||
};
|
||||
|
||||
/* List of subtrees */
|
||||
static gint *ett[] = {
|
||||
#include "packet-cms-ettarr.c"
|
||||
};
|
||||
|
||||
/* Register protocol */
|
||||
proto_cms = proto_register_protocol(PNAME, PSNAME, PFNAME);
|
||||
|
||||
/* Register fields and subtrees */
|
||||
proto_register_field_array(proto_cms, hf, array_length(hf));
|
||||
proto_register_subtree_array(ett, array_length(ett));
|
||||
|
||||
}
|
||||
|
||||
|
||||
/*--- proto_reg_handoff_cms -------------------------------------------*/
|
||||
void proto_reg_handoff_cms(void) {
|
||||
}
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
/* packet-cms.h
|
||||
* Routines for RFC2630 Cryptographic Message Syntax packet dissection
|
||||
*
|
||||
* $Id: packet-cms-template.h,v 1.1 2004/05/24 08:42:29 sahlberg Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifndef PACKET_CMS_H
|
||||
#define PACKET_CMS_H
|
||||
|
||||
#include "packet-cms-exp.h"
|
||||
|
||||
#endif /* PACKET_CMS_H */
|
||||
|
Loading…
Reference in New Issue