diff options
author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2004-07-19 09:03:28 +0000 |
---|---|---|
committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2004-07-19 09:03:28 +0000 |
commit | 5d366ee1e28624622011633a041fcbacc16dcb12 (patch) | |
tree | b2fe3f26d9d3087a5591540d2180ca9932f6a575 | |
parent | 71b70c924baf8331b9b59fdef7ef9384748ae9b5 (diff) |
work in progress
New protocol CryptogrtaphicMessageSyntax
As the X.509xx protocols this protocol is not yet linked with ethereal but a work in progress.
Within the next few days the changes needed to packet-kerberos and packet-ber will be added to implement an embryonic pkinit implementation inside packet-kerberos which will in turn call cms and the x509 dissectors.
The dissectors are still very incomplete but already relatively useful.
svn path=/trunk/; revision=11432
-rwxr-xr-x | asn1/cms/CryptographicMessageSyntax.asn | 346 | ||||
-rw-r--r-- | asn1/cms/cms.cnf | 22 | ||||
-rw-r--r-- | asn1/cms/packet-cms-template.c | 80 | ||||
-rw-r--r-- | asn1/cms/packet-cms-template.h | 31 |
4 files changed, 479 insertions, 0 deletions
diff --git a/asn1/cms/CryptographicMessageSyntax.asn b/asn1/cms/CryptographicMessageSyntax.asn new file mode 100755 index 0000000000..7456f7a08e --- /dev/null +++ b/asn1/cms/CryptographicMessageSyntax.asn @@ -0,0 +1,346 @@ +-- Extracted from RFC2630 +-- and massaged/modified so it passws through our ASN2ETH compiler + +CryptographicMessageSyntax { iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) } DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in +-- the other ASN.1 modules. Other applications may use them for their +-- own purposes. + +IMPORTS + + -- Directory Information Framework (X.501) + Name + FROM InformationFramework { joint-iso-itu-t ds(5) modules(1) + informationFramework(1) 3 } + + -- Directory Authentication Framework (X.509) + AlgorithmIdentifier, AttributeCertificate, Certificate, + CertificateList, CertificateSerialNumber + FROM AuthenticationFramework { joint-iso-itu-t ds(5) + module(1) authenticationFramework(7) 3 } ; + + +-- Cryptographic Message Syntax +-- +-- ContentInfo ::= SEQUENCE { +--OK contentType ContentType, +-- content [0] EXPLICIT ANY DEFINED BY contentType } + +ContentType ::= OBJECT IDENTIFIER + +SignedData ::= SEQUENCE { + version CMSVersion, + digestAlgorithms DigestAlgorithmIdentifiers, + encapContentInfo EncapsulatedContentInfo, + certificates [0] IMPLICIT CertificateSet OPTIONAL, + crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, + signerInfos SignerInfos } + +DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier + +SignerInfos ::= SET OF SignerInfo + +EncapsulatedContentInfo ::= SEQUENCE { + eContentType ContentType, + eContent [0] EXPLICIT OCTET STRING OPTIONAL } + +SignerInfo ::= SEQUENCE { + version CMSVersion, + sid SignerIdentifier, + digestAlgorithm DigestAlgorithmIdentifier, + signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature SignatureValue, + unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL } + +SignerIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier } + +SignedAttributes ::= SET SIZE (1..MAX) OF Attribute + +UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute + +Attribute ::= SEQUENCE { + attrType OBJECT IDENTIFIER +-- attrValues SET OF AttributeValue +} + +-- AttributeValue ::= ANY + +SignatureValue ::= OCTET STRING + +-- EnvelopedData ::= SEQUENCE { +-- version CMSVersion, +-- originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, +-- recipientInfos RecipientInfos, +-- encryptedContentInfo EncryptedContentInfo, +-- unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL } +-- +-- OriginatorInfo ::= SEQUENCE { +-- certs [0] IMPLICIT CertificateSet OPTIONAL, +--OK crls [1] IMPLICIT CertificateRevocationLists OPTIONAL } +-- +-- RecipientInfos ::= SET OF RecipientInfo +-- +-- EncryptedContentInfo ::= SEQUENCE { +-- contentType ContentType, +-- contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, +-- encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL } +-- +-- EncryptedContent ::= OCTET STRING +-- +-- UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute +-- +-- RecipientInfo ::= CHOICE { +-- ktri KeyTransRecipientInfo, +-- kari [1] KeyAgreeRecipientInfo, +-- kekri [2] KEKRecipientInfo } +-- +-- EncryptedKey ::= OCTET STRING +-- +-- KeyTransRecipientInfo ::= SEQUENCE { +-- version CMSVersion, +-- always set to 0 or 2 +--OK rid RecipientIdentifier, +-- keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, +-- encryptedKey EncryptedKey } + +RecipientIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier } + +-- KeyAgreeRecipientInfo ::= SEQUENCE { +-- version CMSVersion, +-- always set to 3 +-- originator [0] EXPLICIT OriginatorIdentifierOrKey, +-- ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL, +-- keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, +-- recipientEncryptedKeys RecipientEncryptedKeys } +-- +-- OriginatorIdentifierOrKey ::= CHOICE { +--OK issuerAndSerialNumber IssuerAndSerialNumber, +--OK subjectKeyIdentifier [0] SubjectKeyIdentifier, +-- originatorKey [1] OriginatorPublicKey } +-- +-- OriginatorPublicKey ::= SEQUENCE { +-- algorithm AlgorithmIdentifier, +-- publicKey BIT STRING } +-- +-- RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey +-- +-- RecipientEncryptedKey ::= SEQUENCE { +--OK rid KeyAgreeRecipientIdentifier, +-- encryptedKey EncryptedKey } +-- +-- KeyAgreeRecipientIdentifier ::= CHOICE { +--OK issuerAndSerialNumber IssuerAndSerialNumber, +-- rKeyId [0] IMPLICIT RecipientKeyIdentifier } +-- +-- RecipientKeyIdentifier ::= SEQUENCE { +--OK subjectKeyIdentifier SubjectKeyIdentifier, +-- date GeneralizedTime OPTIONAL, +-- other OtherKeyAttribute OPTIONAL } + +SubjectKeyIdentifier ::= OCTET STRING + +-- KEKRecipientInfo ::= SEQUENCE { +-- version CMSVersion, +-- always set to 4 +-- kekid KEKIdentifier, +-- keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, +-- encryptedKey EncryptedKey } +-- +-- KEKIdentifier ::= SEQUENCE { +-- keyIdentifier OCTET STRING, +-- date GeneralizedTime OPTIONAL, +-- other OtherKeyAttribute OPTIONAL } +-- +-- DigestedData ::= SEQUENCE { +--OK version CMSVersion, +--OK digestAlgorithm DigestAlgorithmIdentifier, +--OK encapContentInfo EncapsulatedContentInfo, +--OK digest Digest } + +Digest ::= OCTET STRING + +-- EncryptedData ::= SEQUENCE { +-- version CMSVersion, +-- encryptedContentInfo EncryptedContentInfo, +-- unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL } +-- +-- AuthenticatedData ::= SEQUENCE { +-- version CMSVersion, +-- originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, +-- recipientInfos RecipientInfos, +-- macAlgorithm MessageAuthenticationCodeAlgorithm, +--OK digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL, +--OK encapContentInfo EncapsulatedContentInfo, +-- authenticatedAttributes [2] IMPLICIT AuthAttributes OPTIONAL, +-- mac MessageAuthenticationCode, +-- unauthenticatedAttributes [3] IMPLICIT UnauthAttributes OPTIONAL } + +AuthAttributes ::= SET SIZE (1..MAX) OF Attribute + +UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute + +MessageAuthenticationCode ::= OCTET STRING + +DigestAlgorithmIdentifier ::= AlgorithmIdentifier + +SignatureAlgorithmIdentifier ::= AlgorithmIdentifier + +KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier + +CertificateRevocationLists ::= SET OF CertificateList + +CertificateChoices ::= CHOICE { + certificate Certificate, + extendedCertificate [0] IMPLICIT ExtendedCertificate, + attrCert [1] IMPLICIT AttributeCertificate } + +CertificateSet ::= SET OF CertificateChoices + +IssuerAndSerialNumber ::= SEQUENCE { +--QQQ issuer Name, + serialNumber CertificateSerialNumber } + +CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) } + +-- UserKeyingMaterial ::= OCTET STRING +-- +-- OtherKeyAttribute ::= SEQUENCE { +-- keyAttrId OBJECT IDENTIFIER, +-- keyAttr ANY DEFINED BY keyAttrId OPTIONAL } +-- +-- +-- CMS Attributes +-- +-- MessageDigest ::= OCTET STRING +-- +-- SigningTime ::= Time +-- +-- Time ::= CHOICE { +-- utcTime UTCTime, +-- generalTime GeneralizedTime } + +Countersignature ::= SignerInfo + +-- Algorithm Identifiers +-- +-- sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) +-- oiw(14) secsig(3) algorithm(2) 26 } +-- +-- md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) +-- rsadsi(113549) digestAlgorithm(2) 5 } +-- +-- id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) x9-57 (10040) x9cm(4) 3 } +-- +-- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 } +-- +-- dh-public-number OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) ansi-x942(10046) number-type(2) 1 } +-- +-- id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) +-- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 } +-- +-- id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 } +-- +-- id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 } +-- +-- des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } +-- +-- rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) +-- rsadsi(113549) encryptionAlgorithm(3) 2 } +-- +-- hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) +-- dod(6) internet(1) security(5) mechanisms(5) 8 1 2 } +-- +-- +-- Algorithm Parameters +-- +-- KeyWrapAlgorithm ::= AlgorithmIdentifier +-- +-- RC2wrapParameter ::= RC2ParameterVersion +-- +-- RC2ParameterVersion ::= INTEGER +-- +-- CBCParameter ::= IV +-- +-- IV ::= OCTET STRING +-- +-- RC2CBCParameter ::= SEQUENCE { +-- rc2ParameterVersion INTEGER, +-- iv OCTET STRING } +-- +-- +-- Content Type Object Identifiers +-- +-- id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) +-- ct(1) 6 } +-- +-- id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 } +-- +-- id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 } +-- +-- id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 } +-- +-- id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 } +-- +-- id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 } +-- +-- id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) +-- ct(1) 2 } +-- +-- +-- Attribute Object Identifiers +-- +-- id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 } +-- +-- id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 } +-- +-- id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 } +-- +-- id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 } +-- +-- +-- Obsolete Extended Certificate syntax from PKCS#6 + +ExtendedCertificate ::= SEQUENCE { + extendedCertificateInfo ExtendedCertificateInfo, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature Signature } + +ExtendedCertificateInfo ::= SEQUENCE { + version CMSVersion, + certificate Certificate, + attributes UnauthAttributes } + +Signature ::= BIT STRING + + +END -- of CryptographicMessageSyntax diff --git a/asn1/cms/cms.cnf b/asn1/cms/cms.cnf new file mode 100644 index 0000000000..602601fe31 --- /dev/null +++ b/asn1/cms/cms.cnf @@ -0,0 +1,22 @@ +# CMS.cnf
+# CMS conformation file
+
+# $Id: cms.cnf,v 1.2 2004/06/03 08:35:44 guy Exp $
+
+#.MODULE_IMPORT
+AuthenticationFramework x509af
+
+#.INCLUDE ../x509af/x509af_exp.cnf
+
+#.EXPORTS
+SignedData
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+
+#.FIELD_RENAME
+
+#.END
+
+
diff --git a/asn1/cms/packet-cms-template.c b/asn1/cms/packet-cms-template.c new file mode 100644 index 0000000000..f3f3c0f442 --- /dev/null +++ b/asn1/cms/packet-cms-template.c @@ -0,0 +1,80 @@ +/* packet-cms.c + * Routines for RFC2630 Cryptographic Message Syntax packet dissection + * + * $Id: packet-cms-template.c,v 1.2 2004/05/25 21:07:43 guy Exp $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <glib.h> +#include <epan/packet.h> +#include <epan/conversation.h> + +#include <stdio.h> +#include <string.h> + +#include "packet-ber.h" +#include "packet-cms.h" +#include "packet-x509af.h" + +#define PNAME "Cryptographic Message Syntax" +#define PSNAME "CMS" +#define PFNAME "cms" + +/* Initialize the protocol and registered fields */ +int proto_cms = -1; +#include "packet-cms-hf.c" + +/* Initialize the subtree pointers */ +#include "packet-cms-ett.c" + +#include "packet-cms-fn.c" + + +/*--- proto_register_cms ----------------------------------------------*/ +void proto_register_cms(void) { + + /* List of fields */ + static hf_register_info hf[] = { +#include "packet-cms-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { +#include "packet-cms-ettarr.c" + }; + + /* Register protocol */ + proto_cms = proto_register_protocol(PNAME, PSNAME, PFNAME); + + /* Register fields and subtrees */ + proto_register_field_array(proto_cms, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + +} + + +/*--- proto_reg_handoff_cms -------------------------------------------*/ +void proto_reg_handoff_cms(void) { +} + diff --git a/asn1/cms/packet-cms-template.h b/asn1/cms/packet-cms-template.h new file mode 100644 index 0000000000..69139792be --- /dev/null +++ b/asn1/cms/packet-cms-template.h @@ -0,0 +1,31 @@ +/* packet-cms.h + * Routines for RFC2630 Cryptographic Message Syntax packet dissection + * + * $Id: packet-cms-template.h,v 1.1 2004/05/24 08:42:29 sahlberg Exp $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifndef PACKET_CMS_H +#define PACKET_CMS_H + +#include "packet-cms-exp.h" + +#endif /* PACKET_CMS_H */ + |