From Graeme Lunt:

Here are a number of small patches for asn1 based dissectors:

acse:
  release request/response column information (many X.400/X.500 unbinds are
empty)
  "standardised" PNAME to "ISO 8650-1 OSI Association Control Service"
  fix for crash when using EXTERNAL dissector

rtse:
  column information when attempting a resume

x509if:
  generation of LDAP-style DNs from RDNSequences 
  new function x509if_get_last_dn() to get the last DN generated.

x509af:
  DSS parameters
  certificate extension naming
  subject naming of certificate

x509sat:
  Guide syntax (as SET now supported)
  PDU exports.
  
cms:
  verification of message digest attribute (SHA-1 and MD5)
  
ess:
  enumerated/restrictive/permissive/informative security categories

x411:
  generation of string encoding of X.400 addresses, trace information and message identifiers.

s4406:
  separate types for primary and copy precedence to allow better filtering (e.g. primary precedence = flash)
  priority-level-qualifier


svn path=/trunk/; revision=16508

1 files changed, 75 insertions, 1 deletions

diff --git a/asn1/cms/packet-cms-template.c b/asn1/cms/packet-cms-template.c
index c52c79da72..48115551a1 100644
--- a/asn1/cms/packet-cms-template.c
+++ b/asn1/cms/packet-cms-template.c
@@ -39,6 +39,9 @@
 #include "packet-x509af.h"
 #include "packet-x509if.h"
 
+#include <epan/sha1.h>
+#include <epan/crypt-md5.h>
+
 #define PNAME  "Cryptographic Message Syntax"
 #define PSNAME "CMS"
 #define PFNAME "cms"
@@ -55,9 +58,80 @@ static int dissect_cms_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb, in
 
 
 static const char *object_identifier_id;
+static tvbuff_t *content_tvb = NULL;
 
-#include "packet-cms-fn.c"
+static proto_tree *top_tree=NULL;
+
+#define HASH_SHA1 "1.3.14.3.2.26"
+#define SHA1_BUFFER_SIZE  20
+
+#define HASH_MD5 "1.2.840.113549.2.5"
+#define MD5_BUFFER_SIZE  16
+
+
+/* SHA-2 variants */
+#define HASH_SHA224 "2.16.840.1.101.3.4.2.4"
+#define SHA224_BUFFER_SIZE  32 /* actually 28 */
+#define HASH_SHA256 "2.16.840.1.101.3.4.2.1"
+#define SHA256_BUFFER_SIZE  32
+
+unsigned char digest_buf[MAX(SHA1_BUFFER_SIZE, MD5_BUFFER_SIZE)];
+
+static void
+cms_verify_msg_digest(proto_item *pi, tvbuff_t *content, char *alg, tvbuff_t *tvb, int offset)
+{
+  sha1_context sha1_ctx;
+  md5_state_t md5_ctx;
+  int i= 0, buffer_size = 0;
+
+  /* we only support two algorithms at the moment  - if we do add SHA2
+     we should add a registration process to use a registration process */
+
+  if(strcmp(alg, HASH_SHA1) == 0) {
+
+    sha1_starts(&sha1_ctx);
+
+    sha1_update(&sha1_ctx, 
+		(guint8*)tvb_get_ptr(content, 0, tvb_length(content)), 
+		tvb_length(content));
 
+    sha1_finish(&sha1_ctx, digest_buf);
+
+    buffer_size = SHA1_BUFFER_SIZE;
+
+  } else if(strcmp(alg, HASH_MD5) == 0) {
+
+    md5_init(&md5_ctx);
+
+    md5_append(&md5_ctx, 
+	       (const guint8*) tvb_get_ptr(content, 0, tvb_length(content)), 
+	       tvb_length(content));
+    
+    md5_finish(&md5_ctx, digest_buf);
+
+    buffer_size = MD5_BUFFER_SIZE;
+  }
+
+  if(buffer_size) {
+    /* compare our computed hash with what we have received */  
+
+    if(tvb_bytes_exist(tvb, offset, buffer_size) &&
+       (memcmp(tvb_get_ptr(tvb, offset, buffer_size), digest_buf, buffer_size) != 0)) { 
+      proto_item_append_text(pi, " [incorrect, should be ");
+      for(i = 0; i < buffer_size; i++)
+	proto_item_append_text(pi, "%02X", digest_buf[i]);
+
+      proto_item_append_text(pi, "]");
+    }
+    else
+      proto_item_append_text(pi, " [correct]");
+  } else {
+    proto_item_append_text(pi, " [unable to verify]");
+  }
+
+}
+
+#include "packet-cms-fn.c"
 
 /*--- proto_register_cms ----------------------------------------------*/
 void proto_register_cms(void) {