updates to pkix1implicit (we have to think about how to rewrite both pkix1eplicit and pkix1implicit to avoid the crap with duplicate definitions from x509)

New protocol : RFC3161  PKIX TimeStamp Protocol



svn path=/trunk/; revision=12669

10 files changed, 418 insertions, 11 deletions

diff --git a/asn1/pkix1implicit/PKIX1IMPLICIT93.asn b/asn1/pkix1implicit/PKIX1IMPLICIT93.asn
index 828b1898a4..ded089d4c2 100644
--- a/asn1/pkix1implicit/PKIX1IMPLICIT93.asn
+++ b/asn1/pkix1implicit/PKIX1IMPLICIT93.asn
@@ -64,7 +64,9 @@ IMPORTS
                 Attribute, EXTENSION
                 FROM PKIX1Explicit93 {iso(1) identified-organization(3)
                 dod(6) internet(1) security(5) mechanisms(5) pkix(7)
-                id-mod(0) id-pkix1-explicit-93(3)};
+                id-mod(0) id-pkix1-explicit-93(3)}
+	GeneralName FROM CertificateExtensions;
+
 
 -- Key and policy information extensions
 --
@@ -177,17 +179,19 @@ Dummy ::= NULL
 --        IDENTIFIED BY id-ce-subjectAltName }
 --
 --GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-
-GeneralName ::= CHOICE {
+--
+--Imported from X509CE
+--GeneralName ::= CHOICE {
 --        otherName                   [0] INSTANCE OF OTHER-NAME,
-        rfc822Name                  [1] IA5String,
-        dNSName                     [2] IA5String,
+--        rfc822Name                  [1] IA5String,
+--        dNSName                     [2] IA5String,
 --        x400Address                 [3] ORAddress,
-        directoryName               [4] Name,
-        ediPartyName                [5] EDIPartyName,
-        uniformResourceIdentifier   [6] IA5String,
-        iPAddress                   [7] OCTET STRING,
-        registeredID                [8] OBJECT IDENTIFIER }
+--        directoryName               [4] Name,
+--        ediPartyName                [5] EDIPartyName,
+--        uniformResourceIdentifier   [6] IA5String,
+--        iPAddress                   [7] OCTET STRING,
+--        registeredID                [8] OBJECT IDENTIFIER 
+--}
 
 --OTHER-NAME ::= TYPE-IDENTIFIER
 
diff --git a/asn1/pkix1implicit/packet-pkix1implicit-template.c b/asn1/pkix1implicit/packet-pkix1implicit-template.c
index 15763907e4..bc6e0c1d14 100644
--- a/asn1/pkix1implicit/packet-pkix1implicit-template.c
+++ b/asn1/pkix1implicit/packet-pkix1implicit-template.c
@@ -36,6 +36,7 @@
 #include "packet-ber.h"
 #include "packet-pkix1implicit.h"
 #include "packet-pkix1explicit.h"
+#include "packet-x509ce.h"
 
 #define PNAME  "PKIX1Implitit"
 #define PSNAME "PKIX1IMPLICIT"
@@ -49,6 +50,13 @@ static int proto_pkix1implicit = -1;
 #include "packet-pkix1implicit-ett.c"
 
 
+int
+dissect_pkix1implicit_GeneralName(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
+  offset = dissect_x509ce_GeneralName(implicit_tag, tvb, offset, pinfo, tree, hf_index);
+
+  return offset;
+}
+
 #include "packet-pkix1implicit-fn.c"
 
 
diff --git a/asn1/pkix1implicit/packet-pkix1implicit-template.h b/asn1/pkix1implicit/packet-pkix1implicit-template.h
index 12b712b5bc..d6f860cf1f 100644
--- a/asn1/pkix1implicit/packet-pkix1implicit-template.h
+++ b/asn1/pkix1implicit/packet-pkix1implicit-template.h
@@ -25,6 +25,8 @@
 #ifndef PACKET_PKIX1IMPLICIT_H
 #define PACKET_PKIX1IMPLICIT_H
 
+int dissect_pkix1implicit_GeneralName(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_);
+
 #include "packet-pkix1implicit-exp.h"
 
 #endif  /* PACKET_PKIX1IMPLICIT_H */
diff --git a/asn1/pkix1implicit/pkix1implicit.cnf b/asn1/pkix1implicit/pkix1implicit.cnf
index bae9431e17..7aea434712 100644
--- a/asn1/pkix1implicit/pkix1implicit.cnf
+++ b/asn1/pkix1implicit/pkix1implicit.cnf
@@ -5,13 +5,15 @@
 
 #.MODULE_IMPORT
 PKIX1Explicit93 pkix1explicit
+CertificateExtensions x509ce
 
 #.INCLUDE ../pkix1explicit/pkix1explicit_exp.cnf
+#.INCLUDE ../x509ce/x509ce-exp.cnf
 
 #.EXPORTS
 
-UserNotice
 AuthorityInfoAccessSyntax
+UserNotice
 
 #.PDU
 
diff --git a/asn1/pkix1implicit/pkix1implicit_exp.cnf b/asn1/pkix1implicit/pkix1implicit_exp.cnf
index 38d515bca5..849f073b1a 100644
--- a/asn1/pkix1implicit/pkix1implicit_exp.cnf
+++ b/asn1/pkix1implicit/pkix1implicit_exp.cnf
@@ -1,11 +1,13 @@
 
 #.IMPORT_TAG
 AuthorityInfoAccessSyntax BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
+GeneralName              BER_CLASS_CON -1/*choice*/
 UserNotice               BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
 #.END
 
 #.TYPE_ATTR
 AuthorityInfoAccessSyntax TYPE = FT_UINT32  DISPLAY = BASE_DEC   STRINGS = NULL  BITMASK = 0
+GeneralName              TYPE = FT_UINT32  DISPLAY = BASE_DEC   STRINGS = NULL  BITMASK = 0
 UserNotice               TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
 #.END
 
diff --git a/asn1/pkixtsp/Makefile b/asn1/pkixtsp/Makefile
new file mode 100755
index 0000000000..5181ff1160
--- /dev/null
+++ b/asn1/pkixtsp/Makefile
@@ -0,0 +1,5 @@
+
+../../epan/dissectors/packet-pkixtsp.c : ../../tools/asn2eth.py PKIXTSP.asn packet-pkixtsp-template.c packet-pkixtsp-template.h pkixtsp.cnf
+	python ../../tools/asn2eth.py -X -b -k -e -p pkixtsp -c pkixtsp.cnf -s packet-pkixtsp-template PKIXTSP.asn
+	cp packet-pkixtsp.* ../../epan/dissectors
+
diff --git a/asn1/pkixtsp/PKIXTSP.asn b/asn1/pkixtsp/PKIXTSP.asn
new file mode 100644
index 0000000000..306f4a9893
--- /dev/null
+++ b/asn1/pkixtsp/PKIXTSP.asn
@@ -0,0 +1,177 @@
+-- This ASN.1 definition defined the Time-Stamp Protocol
+-- as of RFC3161.
+-- This definition is taken from RFC3161 and modified to pass through
+-- the ASN2ETH compiler.
+-- 
+-- Copyright statement of the original ASN.1 definition of RFC3161 as follows
+-- 
+-- 
+-- Full Copyright Statement
+-- 
+--    Copyright (C) The Internet Society (2001).  All Rights Reserved.
+-- 
+--    This document and translations of it may be copied and furnished to
+--    others, and derivative works that comment on or otherwise explain it
+--    or assist in its implementation may be prepared, copied, published
+--    and distributed, in whole or in part, without restriction of any
+--    kind, provided that the above copyright notice and this paragraph are
+--    included on all such copies and derivative works.  However, this
+--    document itself may not be modified in any way, such as by removing
+--    the copyright notice or references to the Internet Society or other
+--    Internet organizations, except as needed for the purpose of
+--    developing Internet standards in which case the procedures for
+--    copyrights defined in the Internet Standards process must be
+--    followed, or as required to translate it into languages other than
+--    English.
+-- 
+--    The limited permissions granted above are perpetual and will not be
+--    revoked by the Internet Society or its successors or assigns.
+-- 
+--    This document and the information contained herein is provided on an
+--    "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+--    TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+--    BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+--    HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+--    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+PKIXTSP {iso(1) identified-organization(3) dod(6) internet(1)
+   security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-tsp(13)}
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL --
+
+IMPORTS
+
+     Extensions, AlgorithmIdentifier
+     FROM PKIX1Explicit88 {iso(1) identified-organization(3)
+     dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+     id-mod(0) id-pkix1-explicit-88(1)}
+
+     GeneralName FROM PKIX1Implicit88 {iso(1)
+     identified-organization(3) dod(6) internet(1) security(5)
+     mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-88(2)}
+
+     ContentInfo FROM CryptographicMessageSyntax {iso(1)
+     member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+     smime(16) modules(0) cms(1)}
+
+     PKIFreeText FROM PKIXCMP {iso(1) identified-organization(3)
+     dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+     id-mod-cmp(9)} ;
+
+                     --  Locally defined OIDs  --
+
+-- eContentType for a time-stamp token
+
+-- id-ct-TSTInfo  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 4}
+
+-- 2.4.1
+
+TimeStampReq ::= SEQUENCE  {
+   version                  INTEGER  { v1(1) },
+   messageImprint           MessageImprint,
+     --a hash algorithm OID and the hash value of the data to be
+     --time-stamped
+   reqPolicy                TSAPolicyId                OPTIONAL,
+   nonce                    INTEGER                    OPTIONAL,
+   certReq                  BOOLEAN                    DEFAULT FALSE,
+   extensions               [0] IMPLICIT Extensions    OPTIONAL  }
+
+MessageImprint ::= SEQUENCE  {
+     hashAlgorithm                AlgorithmIdentifier,
+     hashedMessage                OCTET STRING  }
+
+TSAPolicyId ::= OBJECT IDENTIFIER
+
+
+-- 2.4.2
+
+TimeStampResp ::= SEQUENCE  {
+     status                  PKIStatusInfo,
+     timeStampToken          TimeStampToken     OPTIONAL  }
+
+-- The status is based on the definition of status
+-- in section 3.2.3 of [RFC2510]
+
+PKIStatusInfo ::= SEQUENCE {
+    status        PKIStatus,
+--XXX dont implement PKIXCMP yet
+--    statusString  PKIFreeText     OPTIONAL,
+    failInfo      PKIFailureInfo  OPTIONAL  }
+
+PKIStatus ::= INTEGER {
+    granted                (0),
+    -- when the PKIStatus contains the value zero a TimeStampToken, as
+    -- requested, is present.
+    grantedWithMods        (1),
+     -- when the PKIStatus contains the value one a TimeStampToken,
+     -- with modifications, is present.
+    rejection              (2),
+    waiting                (3),
+    revocationWarning      (4),
+     -- this message contains a warning that a revocation is
+     -- imminent
+    revocationNotification (5)
+     -- notification that a revocation has occurred   
+}
+
+    -- When the TimeStampToken is not present
+    -- failInfo indicates the reason why the
+    -- time-stamp request was rejected and
+    -- may be one of the following values.
+
+PKIFailureInfo ::= BIT STRING {
+    badAlg               (0),
+      -- unrecognized or unsupported Algorithm Identifier
+    badRequest           (2),
+      -- transaction not permitted or supported
+    badDataFormat        (5),
+      -- the data submitted has the wrong format
+    timeNotAvailable    (14),
+      -- the TSA's time source is not available
+    unacceptedPolicy    (15),
+      -- the requested TSA policy is not supported by the TSA.
+    unacceptedExtension (16),
+      -- the requested extension is not supported by the TSA.
+    addInfoNotAvailable (17),
+      -- the additional information requested could not be understood
+      -- or is not available
+    systemFailure       (25)
+      -- the request cannot be handled due to system failure  
+}
+
+TimeStampToken ::= ContentInfo
+
+     -- contentType is id-signedData as defined in [CMS]
+     -- content is SignedData as defined in([CMS])
+     -- eContentType within SignedData is id-ct-TSTInfo
+     -- eContent within SignedData is TSTInfo
+
+TSTInfo ::= SEQUENCE  {
+    version                      INTEGER  { v1(1) },
+    policy                       TSAPolicyId,
+    messageImprint               MessageImprint,
+      -- MUST have the same value as the similar field in
+      -- TimeStampReq
+    serialNumber                 INTEGER,
+     -- Time-Stamping users MUST be ready to accommodate integers
+     -- up to 160 bits.
+    genTime                      GeneralizedTime,
+    accuracy                     Accuracy                 OPTIONAL,
+    ordering                     BOOLEAN             DEFAULT FALSE,
+    nonce                        INTEGER                  OPTIONAL,
+      -- MUST be present if the similar field was present
+      -- in TimeStampReq.  In that case it MUST have the same value.
+    tsa                          [0] GeneralName          OPTIONAL,
+    extensions                   [1] IMPLICIT Extensions  OPTIONAL   }
+
+Accuracy ::= SEQUENCE {
+                seconds        INTEGER           OPTIONAL,
+                millis     [0] INTEGER  (1..999) OPTIONAL,
+                micros     [1] INTEGER  (1..999) OPTIONAL  }
+
+END
diff --git a/asn1/pkixtsp/packet-pkixtsp-template.c b/asn1/pkixtsp/packet-pkixtsp-template.c
new file mode 100644
index 0000000000..25300f70f7
--- /dev/null
+++ b/asn1/pkixtsp/packet-pkixtsp-template.c
@@ -0,0 +1,144 @@
+/* packet-pkixtsp.c
+ * Routines for RFC2634 Extended Security Services packet dissection
+ *   Ronnie Sahlberg 2004
+ *
+ * $Id: packet-pkixtsp-template.c 12438 2004-10-30 02:36:58Z sahlberg $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <glib.h>
+#include <epan/packet.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include "packet-ber.h"
+#include "packet-pkixtsp.h"
+#include "packet-pkix1explicit.h"
+#include "packet-pkix1implicit.h"
+#include "packet-cms.h"
+
+#define PNAME  "PKIX Time Stamp Protocol"
+#define PSNAME "PKIXTSP"
+#define PFNAME "pkixtsp"
+
+/* Initialize the protocol and registered fields */
+static int proto_pkixtsp = -1;
+#include "packet-pkixtsp-hf.c"
+
+/* Initialize the subtree pointers */
+static gint ett_pkixtsp = -1;
+#include "packet-pkixtsp-ett.c"
+
+
+#include "packet-pkixtsp-fn.c"
+
+
+static int
+dissect_timestamp_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+
+	if (check_col(pinfo->cinfo, COL_PROTOCOL)) 
+		col_set_str(pinfo->cinfo, COL_PROTOCOL, "PKIXTSP");
+
+	if (check_col(pinfo->cinfo, COL_INFO)) {
+		col_clear(pinfo->cinfo, COL_INFO);
+		
+		col_add_fstr(pinfo->cinfo, COL_INFO, "Reply");
+	}
+
+
+	if(parent_tree){
+		item=proto_tree_add_item(parent_tree, proto_pkixtsp, tvb, 0, -1, FALSE);
+		tree = proto_item_add_subtree(item, ett_pkixtsp);
+	}
+
+	return dissect_pkixtsp_TimeStampResp(FALSE, tvb, 0, pinfo, tree, -1);
+}
+
+static int
+dissect_timestamp_query(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
+{
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+
+	if (check_col(pinfo->cinfo, COL_PROTOCOL)) 
+		col_set_str(pinfo->cinfo, COL_PROTOCOL, "PKIXTSP");
+
+	if (check_col(pinfo->cinfo, COL_INFO)) {
+		col_clear(pinfo->cinfo, COL_INFO);
+		
+		col_add_fstr(pinfo->cinfo, COL_INFO, "Query");
+	}
+
+
+	if(parent_tree){
+		item=proto_tree_add_item(parent_tree, proto_pkixtsp, tvb, 0, -1, FALSE);
+		tree = proto_item_add_subtree(item, ett_pkixtsp);
+	}
+
+	return dissect_pkixtsp_TimeStampReq(FALSE, tvb, 0, pinfo, tree, -1);
+}
+
+
+/*--- proto_register_pkixtsp ----------------------------------------------*/
+void proto_register_pkixtsp(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] = {
+#include "packet-pkixtsp-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+	&ett_pkixtsp,
+#include "packet-pkixtsp-ettarr.c"
+  };
+
+  /* Register protocol */
+  proto_pkixtsp = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_pkixtsp, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+}
+
+
+/*--- proto_reg_handoff_pkixtsp -------------------------------------------*/
+void proto_reg_handoff_pkixtsp(void) {
+	dissector_handle_t timestamp_reply_handle;
+	dissector_handle_t timestamp_query_handle;
+
+	timestamp_reply_handle = new_create_dissector_handle(dissect_timestamp_reply, proto_pkixtsp);
+	dissector_add_string("media_type", "application/timestamp-reply", timestamp_reply_handle);
+
+	timestamp_query_handle = new_create_dissector_handle(dissect_timestamp_query, proto_pkixtsp);
+	dissector_add_string("media_type", "application/timestamp-query", timestamp_query_handle);
+
+/*#include "packet-pkixtsp-dis-tab.c"*/
+}
+
diff --git a/asn1/pkixtsp/packet-pkixtsp-template.h b/asn1/pkixtsp/packet-pkixtsp-template.h
new file mode 100644
index 0000000000..7907b56501
--- /dev/null
+++ b/asn1/pkixtsp/packet-pkixtsp-template.h
@@ -0,0 +1,32 @@
+/* packet-pkixtsp.h
+ * Routines for RFC3161 Time-Stamp Protocol packet dissection
+ *    Ronnie Sahlberg 2004
+ *
+ * $Id: packet-pkixtsp-template.h 12437 2004-10-30 02:18:44Z sahlberg $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef PACKET_PKIXTSP_H
+#define PACKET_PKIXTSP_H
+
+/*#include "packet-pkixtsp-exp.h"*/
+
+#endif  /* PACKET_PKIXTSP_H */
+
diff --git a/asn1/pkixtsp/pkixtsp.cnf b/asn1/pkixtsp/pkixtsp.cnf
new file mode 100644
index 0000000000..edfe3b4410
--- /dev/null
+++ b/asn1/pkixtsp/pkixtsp.cnf
@@ -0,0 +1,31 @@
+# pkixtsp.cnf
+# Time-Stamp Protocol (RFC3161) conformation file
+
+# $Id: pkixtsp.cnf 12558 2004-11-21 10:16:06Z sahlberg $
+
+#.MODULE_IMPORT
+PKIX1Explicit88 pkix1explicit
+PKIX1Implicit88 pkix1implicit
+CryptographicMessageSyntax cms
+
+#.INCLUDE ../pkix1explicit/pkix1explicit_exp.cnf
+#.INCLUDE ../pkix1implicit/pkix1implicit_exp.cnf
+#.INCLUDE ../cms/cms-exp.cnf
+
+#.EXPORTS
+
+#.PDU
+
+#.REGISTER
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+TSTInfo/version tst_version
+
+#.FIELD_RENAME
+PKIStatusInfo/status	pki_status
+TSTInfo/version tst_version
+
+#.END
+