diff options
author | etxrab <etxrab@f5534014-38df-0310-8fa8-9805f1628bb7> | 2007-10-07 16:02:04 +0000 |
---|---|---|
committer | etxrab <etxrab@f5534014-38df-0310-8fa8-9805f1628bb7> | 2007-10-07 16:02:04 +0000 |
commit | b72d71831f98b82412592fd335a1bb16bc918ec9 (patch) | |
tree | 4e88e1cd2000c2c065904438d581b04467e140e3 | |
parent | 63ea4d6e7e9044f4f6a6b66cd2ad50710319f8c0 (diff) |
From Martin Peylo:
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1888
There are new versions of CMP (v2) in RFC4210 and CRMF (v2) in RFC4211. The
right to exist of CRMF is bound to CMP so I don't split that into two bug
reports.
I'll upload the new (slightly handmassaged) ASN.1 files for both protocols,
along with patches for the respective cnf files, where I also added new
#.REGISTER statements.
Additionally I had to export some definitions from pkix1explicit (Attribute,
Time, UniqueIdentifier and Version) and from pkix1implicit (KeyIdentifier).
I'll also upload a patch for that.
I uploaded a CMPv2 sample (with errors in the protocol!) to the wiki.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@23082 f5534014-38df-0310-8fa8-9805f1628bb7
30 files changed, 2100 insertions, 906 deletions
diff --git a/asn1/pkix1explicit/Makefile b/asn1/pkix1explicit/Makefile index 6ed4f2585e..4dc179e2d8 100644 --- a/asn1/pkix1explicit/Makefile +++ b/asn1/pkix1explicit/Makefile @@ -7,7 +7,7 @@ all: generate_dissector generate_dissector: $(DISSECTOR_FILES) $(DISSECTOR_FILES): ../../tools/asn2wrs.py PKIX1EXPLICIT93.asn packet-pkix1explicit-template.c packet-pkix1explicit-template.h pkix1explicit.cnf - python ../../tools/asn2wrs.py -e -b -p pkix1explicit -c pkix1explicit.cnf -s packet-pkix1explicit-template PKIX1EXPLICIT93.asn + python ../../tools/asn2wrs.py -e -b -X -T -p pkix1explicit -c pkix1explicit.cnf -s packet-pkix1explicit-template PKIX1EXPLICIT93.asn clean: rm -f pkix1explicit-exp.cnf parsetab.py $(DISSECTOR_FILES) diff --git a/asn1/pkix1explicit/Makefile.nmake b/asn1/pkix1explicit/Makefile.nmake index 0ddc6bc643..ff589fbd9c 100644 --- a/asn1/pkix1explicit/Makefile.nmake +++ b/asn1/pkix1explicit/Makefile.nmake @@ -15,7 +15,7 @@ generate_dissector: $(DISSECTOR_FILES) $(DISSECTOR_FILES): ../../tools/asn2wrs.py PKIX1EXPLICIT93.asn packet-pkix1explicit-template.c packet-pkix1explicit-template.h pkix1explicit.cnf !IFDEF PYTHON - $(PYTHON) "../../tools/asn2wrs.py" -e -b -p $(PROTOCOL_NAME) -c pkix1explicit.cnf -s packet-pkix1explicit-template PKIX1EXPLICIT93.asn + $(PYTHON) "../../tools/asn2wrs.py" -e -b -X -T -p $(PROTOCOL_NAME) -c pkix1explicit.cnf -s packet-pkix1explicit-template PKIX1EXPLICIT93.asn !ELSE @echo Error: You need Python to use asn2wrs.py @exit 1 diff --git a/asn1/pkix1explicit/PKIX1EXPLICIT93.asn b/asn1/pkix1explicit/PKIX1EXPLICIT93.asn index 86a52ac153..799e820f56 100644 --- a/asn1/pkix1explicit/PKIX1EXPLICIT93.asn +++ b/asn1/pkix1explicit/PKIX1EXPLICIT93.asn @@ -117,9 +117,9 @@ IMPORTS -- } --} -- ---UniqueIdentifier ::= BIT STRING +UniqueIdentifier ::= BIT STRING -- ---Version ::= INTEGER { v1(0), v2(1), v3(2) } +Version ::= INTEGER { v1(0), v2(1), v3(2) } -- This one is defined with .NO_EMIT in the conformance file -- and implemented in the template as just a call to the @@ -130,9 +130,9 @@ CertificateSerialNumber ::= INTEGER -- notBefore Time, -- notAfter Time } -- ---Time ::= CHOICE { --- utcTime UTCTime, --- generalTime GeneralizedTime } +Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } -- @@ -362,6 +362,11 @@ ValidationParms ::= SEQUENCE { -- values SET SIZE (1 .. MAX) OF ATTRIBUTE.&Type -- ({SupportedAttributes}{@type})} +Attribute ::= SEQUENCE { + type OBJECT IDENTIFIER, + values SET SIZE (1 .. MAX) OF ANY + -- at least one value is required -- } + AttributeTypeAndValue ::= SEQUENCE { type OBJECT IDENTIFIER, value ANY diff --git a/asn1/pkix1explicit/pkix1explicit-exp.cnf b/asn1/pkix1explicit/pkix1explicit-exp.cnf index a2dd2fb5c0..c167bde3a0 100644 --- a/asn1/pkix1explicit/pkix1explicit-exp.cnf +++ b/asn1/pkix1explicit/pkix1explicit-exp.cnf @@ -8,9 +8,13 @@ PKIX1Explicit93 pkix1explicit #.END #.IMPORT_TAG +UniqueIdentifier BER_CLASS_UNI BER_UNI_TAG_BITSTRING +Version BER_CLASS_UNI BER_UNI_TAG_INTEGER CertificateSerialNumber BER_CLASS_UNI BER_UNI_TAG_INTEGER +Time BER_CLASS_ANY/*choice*/ -1/*choice*/ Extensions BER_CLASS_UNI BER_UNI_TAG_SEQUENCE Extension BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +Attribute BER_CLASS_UNI BER_UNI_TAG_SEQUENCE AttributeTypeAndValue BER_CLASS_UNI BER_UNI_TAG_SEQUENCE RDNSequence BER_CLASS_UNI BER_UNI_TAG_SEQUENCE RelativeDistinguishedName BER_CLASS_UNI BER_UNI_TAG_SET @@ -20,9 +24,13 @@ TeletexDomainDefinedAttribute BER_CLASS_UNI BER_UNI_TAG_SEQUENCE #.END #.TYPE_ATTR +UniqueIdentifier TYPE = FT_BYTES DISPLAY = BASE_HEX STRINGS = NULL BITMASK = 0 +Version TYPE = FT_INT32 DISPLAY = BASE_DEC STRINGS = VALS(pkix1explicit_Version_vals) BITMASK = 0 CertificateSerialNumber TYPE = FT_INT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 +Time TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(pkix1explicit_Time_vals) BITMASK = 0 Extensions TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 Extension TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +Attribute TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 AttributeTypeAndValue TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 RDNSequence TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 RelativeDistinguishedName TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 diff --git a/asn1/pkix1explicit/pkix1explicit.cnf b/asn1/pkix1explicit/pkix1explicit.cnf index 0e50f5955e..aefafed833 100644 --- a/asn1/pkix1explicit/pkix1explicit.cnf +++ b/asn1/pkix1explicit/pkix1explicit.cnf @@ -6,6 +6,7 @@ #.MODULE_IMPORT #.EXPORTS +Attribute AttributeTypeAndValue CertificateSerialNumber DirectoryString @@ -15,6 +16,9 @@ RelativeDistinguishedName RDNSequence TeletexDomainDefinedAttribute TerminalType +Version +Time +UniqueIdentifier #.REGISTER DirectoryString B "1.3.6.1.5.5.7.2.1" "id-qt-cps" @@ -31,6 +35,12 @@ DomainParameters B "1.2.840.10046.2.1" "dhpublicnumber" #.FN_BODY DirectoryString offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); +#.FN_PARS Attribute/values + FN_VARIANT = _str HF_INDEX = hf_pkix1explicit_object_identifier_id VAL_PTR = &object_identifier_id + +#.FN_BODY Attribute/values/_item + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + #.FN_PARS AttributeTypeAndValue/value FN_VARIANT = _str HF_INDEX = hf_pkix1explicit_object_identifier_id VAL_PTR = &object_identifier_id diff --git a/asn1/pkix1explicit/pkix1explicit_exp.cnf b/asn1/pkix1explicit/pkix1explicit_exp.cnf index 3007121ce4..c7cca6fc50 100644 --- a/asn1/pkix1explicit/pkix1explicit_exp.cnf +++ b/asn1/pkix1explicit/pkix1explicit_exp.cnf @@ -1,6 +1,7 @@ #.IMPORT_TAG AlgorithmIdentifier BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +Attribute BER_CLASS_UNI BER_UNI_TAG_SEQUENCE AttributeTypeAndValue BER_CLASS_UNI BER_UNI_TAG_SEQUENCE Certificate BER_CLASS_UNI BER_UNI_TAG_SEQUENCE CertificateList BER_CLASS_UNI BER_UNI_TAG_SEQUENCE @@ -15,9 +16,13 @@ RelativeDistinguishedName BER_CLASS_UNI BER_UNI_TAG_SET SubjectPublicKeyInfo BER_CLASS_UNI BER_UNI_TAG_SEQUENCE TeletexDomainDefinedAttribute BER_CLASS_UNI BER_UNI_TAG_SEQUENCE TerminalType BER_CLASS_UNI BER_UNI_TAG_INTEGER +Time BER_CLASS_ANY/*choice*/ -1/*choice*/ +UniqueIdentifier BER_CLASS_UNI BER_UNI_TAG_BITSTRING +Version BER_CLASS_UNI BER_UNI_TAG_INTEGER #.END #.TYPE_ATTR +Attribute TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 AttributeTypeAndValue TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 Certificate TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 CertificateList TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 @@ -32,5 +37,8 @@ RelativeDistinguishedName TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL SubjectPublicKeyInfo TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 TeletexDomainDefinedAttribute TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 TerminalType TYPE = FT_INT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 +Time TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(pkix1explicit_Time_vals) BITMASK = 0 +UniqueIdentifier TYPE = FT_BYTES DISPLAY = BASE_HEX STRINGS = NULL BITMASK = 0 +Version TYPE = FT_INT32 DISPLAY = BASE_DEC STRINGS = VALS(pkix1explicit_Version_vals) BITMASK = 0 #.END diff --git a/asn1/pkix1implicit/Makefile b/asn1/pkix1implicit/Makefile index 4283a3566a..6e11985c59 100644 --- a/asn1/pkix1implicit/Makefile +++ b/asn1/pkix1implicit/Makefile @@ -7,7 +7,7 @@ all: generate_dissector generate_dissector: $(DISSECTOR_FILES) $(DISSECTOR_FILES): ../../tools/asn2wrs.py PKIX1IMPLICIT93.asn packet-pkix1implicit-template.c packet-pkix1implicit-template.h pkix1implicit.cnf - python ../../tools/asn2wrs.py -e -b -p pkix1implicit -c pkix1implicit.cnf -s packet-pkix1implicit-template PKIX1IMPLICIT93.asn + python ../../tools/asn2wrs.py -e -b -X -T -p pkix1implicit -c pkix1implicit.cnf -s packet-pkix1implicit-template PKIX1IMPLICIT93.asn clean: rm -f pkix1implicit-exp.cnf parsetab.py $(DISSECTOR_FILES) diff --git a/asn1/pkix1implicit/Makefile.nmake b/asn1/pkix1implicit/Makefile.nmake index b6718cb304..5ed0f4153d 100644 --- a/asn1/pkix1implicit/Makefile.nmake +++ b/asn1/pkix1implicit/Makefile.nmake @@ -15,7 +15,7 @@ generate_dissector: $(DISSECTOR_FILES) $(DISSECTOR_FILES): ../../tools/asn2wrs.py PKIX1IMPLICIT93.asn packet-pkix1implicit-template.c packet-pkix1implicit-template.h pkix1implicit.cnf !IFDEF PYTHON - $(PYTHON) "../../tools/asn2wrs.py" -e -b -p $(PROTOCOL_NAME) -c pkix1implicit.cnf -s packet-pkix1implicit-template PKIX1IMPLICIT93.asn + $(PYTHON) "../../tools/asn2wrs.py" -e -b -X -T -p $(PROTOCOL_NAME) -c pkix1implicit.cnf -s packet-pkix1implicit-template PKIX1IMPLICIT93.asn !ELSE @echo Error: You need Python to use asn2wrs.py @exit 1 diff --git a/asn1/pkix1implicit/PKIX1IMPLICIT93.asn b/asn1/pkix1implicit/PKIX1IMPLICIT93.asn index 487bf84f62..075c8773f9 100644 --- a/asn1/pkix1implicit/PKIX1IMPLICIT93.asn +++ b/asn1/pkix1implicit/PKIX1IMPLICIT93.asn @@ -83,7 +83,7 @@ IMPORTS -- WITH COMPONENTS {..., authorityCertIssuer ABSENT, -- authorityCertSerialNumber ABSENT} ) -- ---KeyIdentifier ::= OCTET STRING +KeyIdentifier ::= OCTET STRING -- --subjectKeyIdentifier EXTENSION ::= { -- SYNTAX SubjectKeyIdentifier diff --git a/asn1/pkix1implicit/pkix1implicit-exp.cnf b/asn1/pkix1implicit/pkix1implicit-exp.cnf index 9190b0e2fc..c3c898e0cc 100644 --- a/asn1/pkix1implicit/pkix1implicit-exp.cnf +++ b/asn1/pkix1implicit/pkix1implicit-exp.cnf @@ -8,11 +8,13 @@ PKIX1Implicit93 pkix1implicit #.END #.IMPORT_TAG +KeyIdentifier BER_CLASS_UNI BER_UNI_TAG_OCTETSTRING AuthorityInfoAccessSyntax BER_CLASS_UNI BER_UNI_TAG_SEQUENCE UserNotice BER_CLASS_UNI BER_UNI_TAG_SEQUENCE #.END #.TYPE_ATTR +KeyIdentifier TYPE = FT_BYTES DISPLAY = BASE_HEX STRINGS = NULL BITMASK = 0 AuthorityInfoAccessSyntax TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 UserNotice TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 #.END diff --git a/asn1/pkix1implicit/pkix1implicit.cnf b/asn1/pkix1implicit/pkix1implicit.cnf index d567a0e4f6..3bfc3d33ad 100644 --- a/asn1/pkix1implicit/pkix1implicit.cnf +++ b/asn1/pkix1implicit/pkix1implicit.cnf @@ -12,6 +12,7 @@ PKIX1Explicit93 pkix1explicit #.EXPORTS AuthorityInfoAccessSyntax +KeyIdentifier UserNotice #.PDU diff --git a/asn1/pkix1implicit/pkix1implicit_exp.cnf b/asn1/pkix1implicit/pkix1implicit_exp.cnf index 982b4642fb..d583aaa454 100644 --- a/asn1/pkix1implicit/pkix1implicit_exp.cnf +++ b/asn1/pkix1implicit/pkix1implicit_exp.cnf @@ -2,6 +2,7 @@ #.IMPORT_TAG AuthorityInfoAccessSyntax BER_CLASS_UNI BER_UNI_TAG_SEQUENCE GeneralName BER_CLASS_CON -1/*choice*/ +KeyIdentifier BER_CLASS_UNI BER_UNI_TAG_OCTETSTRING ReasonFlags BER_CLASS_UNI BER_UNI_TAG_BITSTRING UserNotice BER_CLASS_UNI BER_UNI_TAG_SEQUENCE #.END @@ -9,6 +10,7 @@ UserNotice BER_CLASS_UNI BER_UNI_TAG_SEQUENCE #.TYPE_ATTR AuthorityInfoAccessSyntax TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 GeneralName TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 +KeyIdentifier TYPE = FT_BYTES DISPLAY = BASE_HEX STRINGS = NULL BITMASK = 0 ReasonFlags TYPE = FT_BYTES DISPLAY = BASE_HEX STRINGS = NULL BITMASK = 0 UserNotice TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 #.END diff --git a/asn1/pkixcmp/CMP.asn b/asn1/pkixcmp/CMP.asn index 17ba4f7c88..79d16be9eb 100644 --- a/asn1/pkixcmp/CMP.asn +++ b/asn1/pkixcmp/CMP.asn @@ -1,403 +1,523 @@ --- This ASN.1 definition is taken from RFC2510 and modified to pass --- through the asn2wrs compiler. --- --- The original copyright statement from RFC2510 follows below: --- +-- Extracted from RFC4210 +-- by Martin Peylo <martin.peylo@nsn.com> +-- +-- Changes to the original ASN.1 source: +-- - Commented out the import of UTF8String which is not needed +-- - Commented out PKIBody/p10cr since PKCS-10 is not implemented +-- - Uncommented the definitions for the OIDs used in InfoTypeAndValue +-- +-- The copyright statement from the original description in RFC4211 +-- follows below: +-- -- Full Copyright Statement -- --- Copyright (C) The Internet Society (1999). All Rights Reserved. --- --- This document and translations of it may be copied and furnished to --- others, and derivative works that comment on or otherwise explain it --- or assist in its implementation may be prepared, copied, published --- and distributed, in whole or in part, without restriction of any --- kind, provided that the above copyright notice and this paragraph are --- included on all such copies and derivative works. However, this --- document itself may not be modified in any way, such as by removing --- the copyright notice or references to the Internet Society or other --- Internet organizations, except as needed for the purpose of --- developing Internet standards in which case the procedures for --- copyrights defined in the Internet Standards process must be --- followed, or as required to translate it into languages other than --- English. +-- Copyright (C) The Internet Society (2005). -- --- The limited permissions granted above are perpetual and will not be --- revoked by the Internet Society or its successors or assigns. +-- This document is subject to the rights, licenses and restrictions +-- contained in BCP 78, and except as set forth therein, the authors +-- retain all their rights. -- --- This document and the information contained herein is provided on an --- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING --- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING --- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION --- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF --- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. --- - - ---PKIXCMP {iso(1) identified-organization(3) dod(6) internet(1) --- security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-cmp(9)} - -CMP DEFINITIONS EXPLICIT TAGS ::= - -BEGIN - - -- EXPORTS ALL -- - -IMPORTS - - Certificate, CertificateList, Extensions, AlgorithmIdentifier - FROM PKIX1Explicit88 {iso(1) identified-organization(3) - dod(6) internet(1) security(5) mechanisms(5) pkix(7) - id-mod(0) id-pkix1-explicit-88(1)} - - GeneralName, ReasonFlags - FROM PKIX1Implicit88 {iso(1) identified-organization(3) - dod(6) internet(1) security(5) mechanisms(5) pkix(7) - id-mod(0) id-pkix1-implicit-88(2)} - - CertTemplate, PKIPublicationInfo, EncryptedValue, CertId, - CertReqMessages - FROM PKIXCRMF {iso(1) identified-organization(3) - dod(6) internet(1) security(5) mechanisms(5) pkix(7) - id-mod(0) id-mod-crmf(5)}; - - -- CertificationRequest - -- FROM PKCS10 {no standard ASN.1 module defined; - -- implementers need to create their own module to import - -- from, or directly include the PKCS10 syntax in this module} - -KeyIdentifier ::= OCTET STRING - -PKIMessage ::= SEQUENCE { - header PKIHeader, - body PKIBody, - protection [0] PKIProtection OPTIONAL, - extraCerts [1] SEQUENCE SIZE (1..MAX) OF Certificate OPTIONAL -} - - PKIHeader ::= SEQUENCE { - pvno INTEGER { ietf-version2 (1) }, - sender GeneralName, - -- identifies the sender - recipient GeneralName, - -- identifies the intended recipient - messageTime [0] GeneralizedTime OPTIONAL, - -- time of production of this message (used when sender - -- believes that the transport will be "suitable"; i.e., - -- that the time will still be meaningful upon receipt) - protectionAlg [1] AlgorithmIdentifier OPTIONAL, - -- algorithm used for calculation of protection bits - senderKID [2] KeyIdentifier OPTIONAL, - recipKID [3] KeyIdentifier OPTIONAL, - -- to identify specific keys used for protection - transactionID [4] OCTET STRING OPTIONAL, - -- identifies the transaction; i.e., this will be the same in - -- corresponding request, response and confirmation messages - senderNonce [5] OCTET STRING OPTIONAL, - recipNonce [6] OCTET STRING OPTIONAL, - -- nonces used to provide replay protection, senderNonce - -- is inserted by the creator of this message; recipNonce - -- is a nonce previously inserted in a related message by - -- the intended recipient of this message - freeText [7] PKIFreeText OPTIONAL, - -- this may be used to indicate context-specific instructions - -- (this field is intended for human consumption) - generalInfo [8] SEQUENCE SIZE (1..MAX) OF - InfoTypeAndValue OPTIONAL - -- this may be used to convey context-specific information - -- (this field not primarily intended for human consumption) - } - - PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String - -- text encoded as UTF-8 String (note: each UTF8String SHOULD - -- include an RFC 1766 language tag to indicate the language - -- of the contained text) - - - PKIBody ::= CHOICE { -- message-specific body elements - ir [0] CertReqMessages, --Initialization Request - ip [1] CertRepMessage, --Initialization Response - cr [2] CertReqMessages, --Certification Request - cp [3] CertRepMessage, --Certification Response ---XXX dont know what this one looks like yet --- p10cr [4] CertificationRequest, - --imported from [PKCS10] - popdecc [5] POPODecKeyChallContent, --pop Challenge - popdecr [6] POPODecKeyRespContent, --pop Response - kur [7] CertReqMessages, --Key Update Request - kup [8] CertRepMessage, --Key Update Response - krr [9] CertReqMessages, --Key Recovery Request - krp [10] KeyRecRepContent, --Key Recovery Response - rr [11] RevReqContent, --Revocation Request - rp [12] RevRepContent, --Revocation Response - ccr [13] CertReqMessages, --Cross-Cert. Request - ccp [14] CertRepMessage, --Cross-Cert. Response - ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. - cann [16] CertAnnContent, --Certificate Ann. - rann [17] RevAnnContent, --Revocation Ann. - crlann [18] CRLAnnContent, --CRL Announcement - conf [19] PKIConfirmContent, --Confirmation - nested [20] NestedMessageContent, --Nested Message - genm [21] GenMsgContent, --General Message - genp [22] GenRepContent, --General Response - error [23] ErrorMsgContent --Error Message - } - - PKIProtection ::= BIT STRING - - ProtectedPart ::= SEQUENCE { - header PKIHeader, - body PKIBody - } - - PasswordBasedMac ::= OBJECT IDENTIFIER --{1 2 840 113533 7 66 13} - - PBMParameter ::= SEQUENCE { - salt OCTET STRING, - owf AlgorithmIdentifier, - -- AlgId for a One-Way Function (SHA-1 recommended) - iterationCount INTEGER, - -- number of times the OWF is applied - mac AlgorithmIdentifier - -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], - } -- or HMAC [RFC2104, RFC2202]) - - DHBasedMac ::= OBJECT IDENTIFIER --{1 2 840 113533 7 66 30} - - DHBMParameter ::= SEQUENCE { - owf AlgorithmIdentifier, - -- AlgId for a One-Way Function (SHA-1 recommended) - mac AlgorithmIdentifier - -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], - } -- or HMAC [RFC2104, RFC2202]) - - - NestedMessageContent ::= PKIMessage - - PKIStatus ::= INTEGER { - granted (0), - -- you got exactly what you asked for - grantedWithMods (1), - -- you got something like what you asked for; the - -- requester is responsible for ascertaining the differences - rejection (2), - -- you don't get it, more information elsewhere in the message - waiting (3), - -- the request body part has not yet been processed, - -- expect to hear more later - revocationWarning (4), - -- this message contains a warning that a revocation is - -- imminent - revocationNotification (5), - -- notification that a revocation has occurred - keyUpdateWarning (6) - -- update already done for the oldCertId specified in - -- CertReqMsg - } - - PKIFailureInfo ::= BIT STRING { - -- since we can fail in more than one way! - -- More codes may be added in the future if/when required. - badAlg (0), - -- unrecognized or unsupported Algorithm Identifier - badMessageCheck (1), - -- integrity check failed (e.g., signature did not verify) - badRequest (2), - -- transaction not permitted or supported - badTime (3), - -- messageTime was not sufficiently close to the system time, - -- as defined by local policy - badCertId (4), - -- no certificate could be found matching the provided criteria - badDataFormat (5), - -- the data submitted has the wrong format - wrongAuthority (6), - -- the authority indicated in the request is different from the - -- one creating the response token - incorrectData (7), - -- the requester's data is incorrect (for notary services) - missingTimeStamp (8), - -- when the timestamp is missing but should be there (by policy) - badPOP (9) - -- the proof-of-possession failed - } - - PKIStatusInfo ::= SEQUENCE { - status PKIStatus, - statusString PKIFreeText OPTIONAL, - failInfo PKIFailureInfo OPTIONAL - } - - OOBCert ::= Certificate - - OOBCertHash ::= SEQUENCE { - hashAlg [0] AlgorithmIdentifier OPTIONAL, - certId [1] CertId OPTIONAL, - hashVal BIT STRING - -- hashVal is calculated over DER encoding of the - -- subjectPublicKey field of the corresponding cert. - } - - POPODecKeyChallContent ::= SEQUENCE OF Challenge - -- One Challenge per encryption key certification request (in the - -- same order as these requests appear in CertReqMessages). - - Challenge ::= SEQUENCE { - owf AlgorithmIdentifier OPTIONAL, - -- MUST be present in the first Challenge; MAY be omitted in any - -- subsequent Challenge in POPODecKeyChallContent (if omitted, - -- then the owf used in the immediately preceding Challenge is - -- to be used). - witness OCTET STRING, - -- the result of applying the one-way function (owf) to a - -- randomly-generated INTEGER, A. [Note that a different - -- INTEGER MUST be used for each Challenge.] - challenge OCTET STRING - -- the encryption (under the public key for which the cert. - -- request is being made) of Rand, where Rand is specified as - -- Rand ::= SEQUENCE { - -- int INTEGER, - -- - the randomly-generated INTEGER A (above) - -- sender GeneralName - -- - the sender's name (as included in PKIHeader) - -- } - } - - POPODecKeyRespContent ::= SEQUENCE OF INTEGER - -- One INTEGER per encryption key certification request (in the - -- same order as these requests appear in CertReqMessages). The - -- retrieved INTEGER A (above) is returned to the sender of the - -- corresponding Challenge. - - - CertRepMessage ::= SEQUENCE { - caPubs [1] SEQUENCE SIZE (1..MAX) OF Certificate OPTIONAL, - response SEQUENCE OF CertResponse - } - - CertResponse ::= SEQUENCE { - certReqId INTEGER, - -- to match this response with corresponding request (a value - -- of -1 is to be used if certReqId is not specified in the - -- corresponding request) - status PKIStatusInfo, - certifiedKeyPair CertifiedKeyPair OPTIONAL, - rspInfo OCTET STRING OPTIONAL - -- analogous to the id-regInfo-asciiPairs OCTET STRING defined - -- for regInfo in CertReqMsg [CRMF] - } - - CertifiedKeyPair ::= SEQUENCE { - certOrEncCert CertOrEncCert, - privateKey [0] EncryptedValue OPTIONAL, - publicationInfo [1] PKIPublicationInfo OPTIONAL - } - - CertOrEncCert ::= CHOICE { - certificate [0] Certificate, - encryptedCert [1] EncryptedValue - } - - KeyRecRepContent ::= SEQUENCE { - status PKIStatusInfo, - newSigCert [0] Certificate OPTIONAL, - caCerts [1] SEQUENCE SIZE (1..MAX) OF - Certificate OPTIONAL, - keyPairHist [2] SEQUENCE SIZE (1..MAX) OF - CertifiedKeyPair OPTIONAL - } - - RevReqContent ::= SEQUENCE OF RevDetails - - RevDetails ::= SEQUENCE { - certDetails CertTemplate, - -- allows requester to specify as much as they can about - -- the cert. for which revocation is requested - -- (e.g., for cases in which serialNumber is not available) - revocationReason ReasonFlags OPTIONAL, - -- the reason that revocation is requested - badSinceDate GeneralizedTime OPTIONAL, - -- indicates best knowledge of sender - crlEntryDetails Extensions OPTIONAL - -- requested crlEntryExtensions - } - - RevRepContent ::= SEQUENCE { - status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, - -- in same order as was sent in RevReqContent - revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL, - -- IDs for which revocation was requested (same order as status) - crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL - -- the resulting CRLs (there may be more than one) - } - - - CAKeyUpdAnnContent ::= SEQUENCE { - oldWithNew Certificate, -- old pub signed with new priv - newWithOld Certificate, -- new pub signed with old priv - newWithNew Certificate -- new pub signed with new priv - } - - CertAnnContent ::= Certificate - - RevAnnContent ::= SEQUENCE { - status PKIStatus, - certId CertId, - willBeRevokedAt GeneralizedTime, - badSinceDate GeneralizedTime, - crlDetails Extensions OPTIONAL - -- extra CRL details(e.g., crl number, reason, location, etc.) -} - - CRLAnnContent ::= SEQUENCE OF CertificateList - - PKIConfirmContent ::= NULL - - InfoTypeAndValue ::= SEQUENCE { - infoType OBJECT IDENTIFIER, - infoValue ANY OPTIONAL - } - -- Example InfoTypeAndValue contents include, but are not limited to: - -- { CAProtEncCert = {id-it 1}, Certificate } - -- { SignKeyPairTypes = {id-it 2}, SEQUENCE OF AlgorithmIdentifier } - -- { EncKeyPairTypes = {id-it 3}, SEQUENCE OF AlgorithmIdentifier } - -- { PreferredSymmAlg = {id-it 4}, AlgorithmIdentifier } - -- { CAKeyUpdateInfo = {id-it 5}, CAKeyUpdAnnContent } - -- { CurrentCRL = {id-it 6}, CertificateList } - -- where {id-it} = {id-pkix 4} = {1 3 6 1 5 5 7 4} - -- This construct MAY also be used to define new PKIX Certificate - -- Management Protocol request and response messages, or general- - -- purpose (e.g., announcement) messages for future needs or for - -- specific environments. - - GenMsgContent ::= SEQUENCE OF InfoTypeAndValue - - -- May be sent by EE, RA, or CA (depending on message content). - -- The OPTIONAL infoValue parameter of InfoTypeAndValue will typically - -- be omitted for some of the examples given above. The receiver is - -- free to ignore any contained OBJ. IDs that it does not recognize. - -- If sent from EE to CA, the empty set indicates that the CA may send - -- any/all information that it wishes. - - GenRepContent ::= SEQUENCE OF InfoTypeAndValue - -- The receiver is free to ignore any contained OBJ. IDs that it does - -- not recognize. - - ErrorMsgContent ::= SEQUENCE { - pKIStatusInfo PKIStatusInfo, - errorCode INTEGER OPTIONAL, - -- implementation-specific error codes - errorDetails PKIFreeText OPTIONAL - -- implementation-specific error details - } - - - --- The following definition is provided for compatibility reasons with --- 1988 and 1993 ASN.1 compilers which allow the use of UNIVERSAL class --- tags (not a part of formal ASN.1); 1997 and subsequent compilers --- SHOULD comment out this line. --- ---UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING - -END - +-- This document and the information contained herein are provided on an +-- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS +-- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET +-- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, +-- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE +-- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED +-- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + + PKIXCMP {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-mod-cmp2000(16)} + + DEFINITIONS EXPLICIT TAGS ::= + + BEGIN + + -- EXPORTS ALL -- + + IMPORTS + + Certificate, CertificateList, Extensions, AlgorithmIdentifier --, + -- UTF8String + -- if required; otherwise, comment out + FROM PKIX1Explicit88 {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-pkix1-explicit-88(1)} + + GeneralName, KeyIdentifier + FROM PKIX1Implicit88 {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-pkix1-implicit-88(2)} + + CertTemplate, PKIPublicationInfo, EncryptedValue, CertId, + CertReqMessages + FROM PKIXCRMF-2005 {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-mod-crmf2005(36)} + + -- see also the behavioral clarifications to CRMF codified in + -- Appendix C of this specification + + CertificationRequest + FROM PKCS-10 {iso(1) member-body(2) + us(840) rsadsi(113549) + pkcs(1) pkcs-10(10) modules(1) pkcs-10(1)} + + -- (specified in RFC 2986 with 1993 ASN.1 syntax and IMPLICIT + -- tags). Alternatively, implementers may directly include + -- the [PKCS10] syntax in this module + + ; + + -- the rest of the module contains locally-defined OIDs and + -- constructs + + CMPCertificate ::= CHOICE { + x509v3PKCert Certificate + } + -- This syntax, while bits-on-the-wire compatible with the + -- standard X.509 definition of "Certificate", allows the + -- possibility of future certificate types (such as X.509 + -- attribute certificates, WAP WTLS certificates, or other kinds + -- of certificates) within this certificate management protocol, + -- should a need ever arise to support such generality. Those + -- implementations that do not foresee a need to ever support + -- other certificate types MAY, if they wish, comment out the + -- above structure and "un-comment" the following one prior to + -- compiling this ASN.1 module. (Note that interoperability + -- with implementations that don't do this will be unaffected by + -- this change.) + + -- CMPCertificate ::= Certificate + + PKIMessage ::= SEQUENCE { + header PKIHeader, + body PKIBody, + protection [0] PKIProtection OPTIONAL, + extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate + OPTIONAL + } + + PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage + + PKIHeader ::= SEQUENCE { + pvno INTEGER { cmp1999(1), cmp2000(2) }, + sender GeneralName, + -- identifies the sender + recipient GeneralName, + -- identifies the intended recipient + messageTime [0] GeneralizedTime OPTIONAL, + -- time of production of this message (used when sender + -- believes that the transport will be "suitable"; i.e., + -- that the time will still be meaningful upon receipt) + protectionAlg [1] AlgorithmIdentifier OPTIONAL, + -- algorithm used for calculation of protection bits + senderKID [2] KeyIdentifier OPTIONAL, + recipKID [3] KeyIdentifier OPTIONAL, + -- to identify specific keys used for protection + transactionID [4] OCTET STRING OPTIONAL, + -- identifies the transaction; i.e., this will be the same in + -- corresponding request, response, certConf, and PKIConf + -- messages + senderNonce [5] OCTET STRING OPTIONAL, + recipNonce [6] OCTET STRING OPTIONAL, + -- nonces used to provide replay protection, senderNonce + -- is inserted by the creator of this message; recipNonce + -- is a nonce previously inserted in a related message by + -- the intended recipient of this message + freeText [7] PKIFreeText OPTIONAL, + -- this may be used to indicate context-specific instructions + -- (this field is intended for human consumption) + generalInfo [8] SEQUENCE SIZE (1..MAX) OF + InfoTypeAndValue OPTIONAL + -- this may be used to convey context-specific information + -- (this field not primarily intended for human consumption) + } + + PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String + -- text encoded as UTF-8 String [RFC3629] (note: each + -- UTF8String MAY include an [RFC3066] language tag + -- to indicate the language of the contained text + -- see [RFC2482] for details) + + PKIBody ::= CHOICE { -- message-specific body elements + ir [0] CertReqMessages, --Initialization Request + ip [1] CertRepMessage, --Initialization Response + cr [2] CertReqMessages, --Certification Request + cp [3] CertRepMessage, --Certification Response + -- p10cr [4] CertificationRequest, + --imported from [PKCS10] + popdecc [5] POPODecKeyChallContent, --pop Challenge + popdecr [6] POPODecKeyRespContent, --pop Response + kur [7] CertReqMessages, --Key Update Request + kup [8] CertRepMessage, --Key Update Response + krr [9] CertReqMessages, --Key Recovery Request + krp [10] KeyRecRepContent, --Key Recovery Response + rr [11] RevReqContent, --Revocation Request + rp [12] RevRepContent, --Revocation Response + ccr [13] CertReqMessages, --Cross-Cert. Request + ccp [14] CertRepMessage, --Cross-Cert. Response + ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. + cann [16] CertAnnContent, --Certificate Ann. + rann [17] RevAnnContent, --Revocation Ann. + crlann [18] CRLAnnContent, --CRL Announcement + pkiconf [19] PKIConfirmContent, --Confirmation + nested [20] NestedMessageContent, --Nested Message + genm [21] GenMsgContent, --General Message + genp [22] GenRepContent, --General Response + error [23] ErrorMsgContent, --Error Message + certConf [24] CertConfirmContent, --Certificate confirm + pollReq [25] PollReqContent, --Polling request + pollRep [26] PollRepContent --Polling response + } + + PKIProtection ::= BIT STRING + + ProtectedPart ::= SEQUENCE { + header PKIHeader, + body PKIBody + } + + id-PasswordBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 13} + PBMParameter ::= SEQUENCE { + salt OCTET STRING, + -- note: implementations MAY wish to limit acceptable sizes + -- of this string to values appropriate for their environment + -- in order to reduce the risk of denial-of-service attacks + owf AlgorithmIdentifier, + -- AlgId for a One-Way Function (SHA-1 recommended) + iterationCount INTEGER, + -- number of times the OWF is applied + -- note: implementations MAY wish to limit acceptable sizes + -- of this integer to values appropriate for their environment + -- in order to reduce the risk of denial-of-service attacks + mac AlgorithmIdentifier + -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], + } -- or HMAC [RFC2104, RFC2202]) + + id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30} + DHBMParameter ::= SEQUENCE { + owf AlgorithmIdentifier, + -- AlgId for a One-Way Function (SHA-1 recommended) + mac AlgorithmIdentifier + -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], + } -- or HMAC [RFC2104, RFC2202]) + + + NestedMessageContent ::= PKIMessages + + PKIStatus ::= INTEGER { + accepted (0), + -- you got exactly what you asked for + grantedWithMods (1), + -- you got something like what you asked for; the + -- requester is responsible for ascertaining the differences + rejection (2), + -- you don't get it, more information elsewhere in the message + waiting (3), + -- the request body part has not yet been processed; expect to + -- hear more later (note: proper handling of this status + -- response MAY use the polling req/rep PKIMessages specified + -- in Section 5.3.22; alternatively, polling in the underlying + -- transport layer MAY have some utility in this regard) + revocationWarning (4), + -- this message contains a warning that a revocation is + -- imminent + revocationNotification (5), + -- notification that a revocation has occurred + keyUpdateWarning (6) + -- update already done for the oldCertId specified in + -- CertReqMsg + } + + PKIFailureInfo ::= BIT STRING { + -- since we can fail in more than one way! + -- More codes may be added in the future if/when required. + badAlg (0), + -- unrecognized or unsupported Algorithm Identifier + badMessageCheck (1), + -- integrity check failed (e.g., signature did not verify) + badRequest (2), + -- transaction not permitted or supported + badTime (3), + -- messageTime was not sufficiently close to the system time, + -- as defined by local policy + badCertId (4), + -- no certificate could be found matching the provided criteria + badDataFormat (5), + -- the data submitted has the wrong format + wrongAuthority (6), + -- the authority indicated in the request is different from the + -- one creating the response token + incorrectData (7), + -- the requester's data is incorrect (for notary services) + missingTimeStamp (8), + -- when the timestamp is missing but should be there + -- (by policy) + badPOP (9), + -- the proof-of-possession failed + certRevoked (10), + -- the certificate has already been revoked + certConfirmed (11), + -- the certificate has already been confirmed + wrongIntegrity (12), + -- invalid integrity, password based instead of signature or + -- vice versa + badRecipientNonce (13), + -- invalid recipient nonce, either missing or wrong value + timeNotAvailable (14), + -- the TSA's time source is not available + unacceptedPolicy (15), + -- the requested TSA policy is not supported by the TSA. + unacceptedExtension (16), + -- the requested extension is not supported by the TSA. + addInfoNotAvailable (17), + -- the additional information requested could not be + -- understood or is not available + badSenderNonce (18), + -- invalid sender nonce, either missing or wrong size + badCertTemplate (19), + -- invalid cert. template or missing mandatory information + signerNotTrusted (20), + -- signer of the message unknown or not trusted + transactionIdInUse (21), + -- the transaction identifier is already in use + unsupportedVersion (22), + -- the version of the message is not supported + notAuthorized (23), + -- the sender was not authorized to make the preceding + -- request or perform the preceding action + systemUnavail (24), + -- the request cannot be handled due to system unavailability + systemFailure (25), + -- the request cannot be handled due to system failure + duplicateCertReq (26) + -- certificate cannot be issued because a duplicate + -- certificate already exists + } + + PKIStatusInfo ::= SEQUENCE { + status PKIStatus, + statusString PKIFreeText OPTIONAL, + failInfo PKIFailureInfo OPTIONAL + } + + OOBCert ::= CMPCertificate + + OOBCertHash ::= SEQUENCE { + hashAlg [0] AlgorithmIdentifier OPTIONAL, + certId [1] CertId OPTIONAL, + hashVal BIT STRING + -- hashVal is calculated over the DER encoding of the + -- self-signed certificate with the identifier certID. + } + + POPODecKeyChallContent ::= SEQUENCE OF Challenge + -- One Challenge per encryption key certification request (in the + -- same order as these requests appear in CertReqMessages). + + Challenge ::= SEQUENCE { + owf AlgorithmIdentifier OPTIONAL, + + -- MUST be present in the first Challenge; MAY be omitted in + -- any subsequent Challenge in POPODecKeyChallContent (if + -- omitted, then the owf used in the immediately preceding + -- Challenge is to be used). + + witness OCTET STRING, + -- the result of applying the one-way function (owf) to a + -- randomly-generated INTEGER, A. [Note that a different + -- INTEGER MUST be used for each Challenge.] + challenge OCTET STRING + -- the encryption (under the public key for which the cert. + -- request is being made) of Rand, where Rand is specified as + -- Rand ::= SEQUENCE { + -- int INTEGER, + -- - the randomly-generated INTEGER A (above) + -- sender GeneralName + -- - the sender's name (as included in PKIHeader) + -- } + } + + POPODecKeyRespContent ::= SEQUENCE OF INTEGER + -- One INTEGER per encryption key certification request (in the + -- same order as these requests appear in CertReqMessages). The + -- retrieved INTEGER A (above) is returned to the sender of the + -- corresponding Challenge. + + CertRepMessage ::= SEQUENCE { + caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate + OPTIONAL, + response SEQUENCE OF CertResponse + } + + CertResponse ::= SEQUENCE { + certReqId INTEGER, + -- to match this response with corresponding request (a value + -- of -1 is to be used if certReqId is not specified in the + -- corresponding request) + status PKIStatusInfo, + certifiedKeyPair CertifiedKeyPair OPTIONAL, + rspInfo OCTET STRING OPTIONAL + -- analogous to the id-regInfo-utf8Pairs string defined + -- for regInfo in CertReqMsg [CRMF] + } + + CertifiedKeyPair ::= SEQUENCE { + certOrEncCert CertOrEncCert, + privateKey [0] EncryptedValue OPTIONAL, + -- see [CRMF] for comment on encoding + publicationInfo [1] PKIPublicationInfo OPTIONAL + } + + CertOrEncCert ::= CHOICE { + certificate [0] CMPCertificate, + encryptedCert [1] EncryptedValue + } + + KeyRecRepContent ::= SEQUENCE { + status PKIStatusInfo, + newSigCert [0] CMPCertificate OPTIONAL, + caCerts [1] SEQUENCE SIZE (1..MAX) OF + CMPCertificate OPTIONAL, + keyPairHist [2] SEQUENCE SIZE (1..MAX) OF + CertifiedKeyPair OPTIONAL + } + + RevReqContent ::= SEQUENCE OF RevDetails + + RevDetails ::= SEQUENCE { + certDetails CertTemplate, + -- allows requester to specify as much as they can about + -- the cert. for which revocation is requested + -- (e.g., for cases in which serialNumber is not available) + crlEntryDetails Extensions OPTIONAL + -- requested crlEntryExtensions + } + + RevRepContent ::= SEQUENCE { + status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, + -- in same order as was sent in RevReqContent + revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId + OPTIONAL, + -- IDs for which revocation was requested + -- (same order as status) + crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList + -- the resulting CRLs (there may be more than one) + } + + CAKeyUpdAnnContent ::= SEQUENCE { + oldWithNew CMPCertificate, -- old pub signed with new priv + newWithOld CMPCertificate, -- new pub signed with old priv + newWithNew CMPCertificate -- new pub signed with new priv + } + + CertAnnContent ::= CMPCertificate + + RevAnnContent ::= SEQUENCE { + status PKIStatus, + certId CertId, + willBeRevokedAt GeneralizedTime, + badSinceDate GeneralizedTime, + crlDetails Extensions OPTIONAL + -- extra CRL details (e.g., crl number, reason, location, etc.) + } + + CRLAnnContent ::= SEQUENCE OF CertificateList + + CertConfirmContent ::= SEQUENCE OF CertStatus + + CertStatus ::= SEQUENCE { + certHash OCTET STRING, + -- the hash of the certificate, using the same hash algorithm + -- as is used to create and verify the certificate signature + certReqId INTEGER, + -- to match this confirmation with the corresponding req/rep + statusInfo PKIStatusInfo OPTIONAL + } + + PKIConfirmContent ::= NULL + + InfoTypeAndValue ::= SEQUENCE { + infoType OBJECT IDENTIFIER, + infoValue ANY DEFINED BY infoType OPTIONAL + } + -- Example InfoTypeAndValue contents include, but are not limited + -- to, the following (un-comment in this ASN.1 module and use as + -- appropriate for a given environment): + -- + -- id-it-caProtEncCert OBJECT IDENTIFIER ::= {id-it 1} + CAProtEncCertValue ::= CMPCertificate + -- id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2} + SignKeyPairTypesValue ::= SEQUENCE OF AlgorithmIdentifier + -- id-it-encKeyPairTypes OBJECT IDENTIFIER ::= {id-it 3} + EncKeyPairTypesValue ::= SEQUENCE OF AlgorithmIdentifier + -- id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4} + PreferredSymmAlgValue ::= AlgorithmIdentifier + -- id-it-caKeyUpdateInfo OBJECT IDENTIFIER ::= {id-it 5} + CAKeyUpdateInfoValue ::= CAKeyUpdAnnContent + -- id-it-currentCRL OBJECT IDENTIFIER ::= {id-it 6} + CurrentCRLValue ::= CertificateList + -- id-it-unsupportedOIDs OBJECT IDENTIFIER ::= {id-it 7} + UnsupportedOIDsValue ::= SEQUENCE OF OBJECT IDENTIFIER + -- id-it-keyPairParamReq OBJECT IDENTIFIER ::= {id-it 10} + KeyPairParamReqValue ::= OBJECT IDENTIFIER + -- id-it-keyPairParamRep OBJECT IDENTIFIER ::= {id-it 11} + KeyPairParamRepValue ::= AlgorithmIdentifier + -- id-it-revPassphrase OBJECT IDENTIFIER ::= {id-it 12} + RevPassphraseValue ::= EncryptedValue + -- id-it-implicitConfirm OBJECT IDENTIFIER ::= {id-it 13} + ImplicitConfirmValue ::= NULL + -- id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14} + ConfirmWaitTimeValue ::= GeneralizedTime + -- id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15} + OrigPKIMessageValue ::= PKIMessages + -- id-it-suppLangTags OBJECT IDENTIFIER ::= {id-it 16} + SuppLangTagsValue ::= SEQUENCE OF UTF8String + -- + -- where + -- + -- id-pkix OBJECT IDENTIFIER ::= { + -- iso(1) identified-organization(3) + -- dod(6) internet(1) security(5) mechanisms(5) pkix(7)} + -- and + -- id-it OBJECT IDENTIFIER ::= {id-pkix 4} + -- + -- + -- This construct MAY also be used to define new PKIX Certificate + -- Management Protocol request and response messages, or general- + -- purpose (e.g., announcement) messages for future needs or for + -- specific environments. + + GenMsgContent ::= SEQUENCE OF InfoTypeAndValue + + -- May be sent by EE, RA, or CA (depending on message content). + -- The OPTIONAL infoValue parameter of InfoTypeAndValue will + -- typically be omitted for some of the examples given above. + -- The receiver is free to ignore any contained OBJ. IDs that it + -- does not recognize. If sent from EE to CA, the empty set + -- indicates that the CA may send + -- any/all information that it wishes. + GenRepContent ::= SEQUENCE OF InfoTypeAndValue + -- Receiver MAY ignore any contained OIDs that it does not + -- recognize. + + ErrorMsgContent ::= SEQUENCE { + pKIStatusInfo PKIStatusInfo, + errorCode INTEGER OPTIONAL, + -- implementation-specific error codes + errorDetails PKIFreeText OPTIONAL + -- implementation-specific error details + } + + PollReqContent ::= SEQUENCE OF SEQUENCE { + certReqId INTEGER + } + + PollRepContent ::= SEQUENCE OF SEQUENCE { + certReqId INTEGER, + checkAfter INTEGER, -- time in seconds + reason PKIFreeText OPTIONAL + } + + END -- of CMP module diff --git a/asn1/pkixcmp/Makefile b/asn1/pkixcmp/Makefile index 86b0b27289..bd21be1dd9 100644 --- a/asn1/pkixcmp/Makefile +++ b/asn1/pkixcmp/Makefile @@ -7,7 +7,7 @@ all: generate_dissector generate_dissector: $(DISSECTOR_FILES) $(DISSECTOR_FILES): ../../tools/asn2wrs.py CMP.asn packet-cmp-template.c packet-cmp-template.h cmp.cnf - python ../../tools/asn2wrs.py -b -e -p cmp -c cmp.cnf -s packet-cmp-template CMP.asn + python ../../tools/asn2wrs.py -b -X -T -e -p cmp -c cmp.cnf -s packet-cmp-template CMP.asn clean: rm -f parsetab.py $(DISSECTOR_FILES) diff --git a/asn1/pkixcmp/Makefile.nmake b/asn1/pkixcmp/Makefile.nmake index f5fd271875..4dd7b2f792 100644 --- a/asn1/pkixcmp/Makefile.nmake +++ b/asn1/pkixcmp/Makefile.nmake @@ -15,7 +15,7 @@ generate_dissector: $(DISSECTOR_FILES) $(DISSECTOR_FILES): ../../tools/asn2wrs.py CMP.asn packet-cmp-template.c packet-cmp-template.h cmp.cnf !IFDEF PYTHON - $(PYTHON) "../../tools/asn2wrs.py" -b -e -p $(PROTOCOL_NAME) -c cmp.cnf -s packet-cmp-template CMP.asn + $(PYTHON) "../../tools/asn2wrs.py" -b -X -T -e -p $(PROTOCOL_NAME) -c cmp.cnf -s packet-cmp-template CMP.asn !ELSE @echo Error: You need Python to use asn2wrs.py @exit 1 diff --git a/asn1/pkixcmp/cmp-exp.cnf b/asn1/pkixcmp/cmp-exp.cnf index d09232df9e..0d3611bee7 100644 --- a/asn1/pkixcmp/cmp-exp.cnf +++ b/asn1/pkixcmp/cmp-exp.cnf @@ -4,27 +4,26 @@ # ../../tools/asn2wrs.py -b -e -p cmp -c cmp.cnf -s packet-cmp-template CMP.asn #.MODULE -CMP cmp +PKIXCMP cmp #.END #.IMPORT_TAG +CMPCertificate BER_CLASS_ANY/*choice*/ -1/*choice*/ PKIMessage BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +PKIMessages BER_CLASS_UNI BER_UNI_TAG_SEQUENCE PKIHeader BER_CLASS_UNI BER_UNI_TAG_SEQUENCE PKIFreeText BER_CLASS_UNI BER_UNI_TAG_SEQUENCE PKIBody BER_CLASS_ANY/*choice*/ -1/*choice*/ PKIProtection BER_CLASS_UNI BER_UNI_TAG_BITSTRING ProtectedPart BER_CLASS_UNI BER_UNI_TAG_SEQUENCE -PasswordBasedMac BER_CLASS_UNI BER_UNI_TAG_OID PBMParameter BER_CLASS_UNI BER_UNI_TAG_SEQUENCE -DHBasedMac BER_CLASS_UNI BER_UNI_TAG_OID DHBMParameter BER_CLASS_UNI BER_UNI_TAG_SEQUENCE NestedMessageContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE PKIStatus BER_CLASS_UNI BER_UNI_TAG_INTEGER PKIFailureInfo BER_CLASS_UNI BER_UNI_TAG_BITSTRING PKIStatusInfo BER_CLASS_UNI BER_UNI_TAG_SEQUENCE -OOBCert BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +OOBCert BER_CLASS_ANY/*choice*/ -1/*choice*/ OOBCertHash BER_CLASS_UNI BER_UNI_TAG_SEQUENCE -POPODecKeyChallContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE Challenge BER_CLASS_UNI BER_UNI_TAG_SEQUENCE POPODecKeyRespContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE CertRepMessage BER_CLASS_UNI BER_UNI_TAG_SEQUENCE @@ -36,34 +35,36 @@ RevReqContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE RevDetails BER_CLASS_UNI BER_UNI_TAG_SEQUENCE RevRepContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE CAKeyUpdAnnContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE -CertAnnContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +CertAnnContent BER_CLASS_ANY/*choice*/ -1/*choice*/ RevAnnContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE CRLAnnContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +CertConfirmContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +CertStatus BER_CLASS_UNI BER_UNI_TAG_SEQUENCE PKIConfirmContent BER_CLASS_UNI BER_UNI_TAG_NULL InfoTypeAndValue BER_CLASS_UNI BER_UNI_TAG_SEQUENCE GenMsgContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE -GenRepContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE ErrorMsgContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +PollReqContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +PollRepContent BER_CLASS_UNI BER_UNI_TAG_SEQUENCE #.END #.TYPE_ATTR +CMPCertificate TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(cmp_CMPCertificate_vals) BITMASK = 0 PKIMessage TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +PKIMessages TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 PKIHeader TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 PKIFreeText TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 PKIBody TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(cmp_PKIBody_vals) BITMASK = 0 PKIProtection TYPE = FT_BYTES DISPLAY = BASE_HEX STRINGS = NULL BITMASK = 0 ProtectedPart TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 -PasswordBasedMac TYPE = FT_OID DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 PBMParameter TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 -DHBasedMac TYPE = FT_OID DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 DHBMParameter TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 -NestedMessageContent TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +NestedMessageContent TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 PKIStatus TYPE = FT_INT32 DISPLAY = BASE_DEC STRINGS = VALS(cmp_PKIStatus_vals) BITMASK = 0 PKIFailureInfo TYPE = FT_BYTES DISPLAY = BASE_HEX STRINGS = NULL BITMASK = 0 PKIStatusInfo TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 -OOBCert TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +OOBCert TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(cmp_CMPCertificate_vals) BITMASK = 0 OOBCertHash TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 -POPODecKeyChallContent TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 Challenge TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 POPODecKeyRespContent TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 CertRepMessage TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 @@ -75,13 +76,16 @@ RevReqContent TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL RevDetails TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 RevRepContent TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 CAKeyUpdAnnContent TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 -CertAnnContent TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +CertAnnContent TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(cmp_CMPCertificate_vals) BITMASK = 0 RevAnnContent TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 CRLAnnContent TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 +CertConfirmContent TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 +CertStatus TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 PKIConfirmContent TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 InfoTypeAndValue TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 GenMsgContent TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 -GenRepContent TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 ErrorMsgContent TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +PollReqContent TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 +PollRepContent TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 #.END diff --git a/asn1/pkixcmp/cmp.cnf b/asn1/pkixcmp/cmp.cnf index e572d88425..a57343259c 100644 --- a/asn1/pkixcmp/cmp.cnf +++ b/asn1/pkixcmp/cmp.cnf @@ -6,7 +6,7 @@ #.MODULE_IMPORT PKIX1Explicit88 pkix1explicit PKIX1Implicit88 pkix1implicit -PKIXCRMF crmf +PKIXCRMF-2005 crmf #.INCLUDE ../pkix1explicit/pkix1explicit_exp.cnf #.INCLUDE ../pkix1implicit/pkix1implicit_exp.cnf @@ -14,24 +14,24 @@ PKIXCRMF crmf #.EXPORTS CAKeyUpdAnnContent +CMPCertificate +CRLAnnContent CertAnnContent -CertifiedKeyPair +CertConfirmContent CertOrEncCert CertRepMessage CertResponse +CertStatus +CertifiedKeyPair Challenge -CRLAnnContent -DHBasedMac DHBMParameter ErrorMsgContent GenMsgContent -GenRepContent InfoTypeAndValue KeyRecRepContent NestedMessageContent OOBCert OOBCertHash -PasswordBasedMac PBMParameter PKIBody PKIConfirmContent @@ -39,11 +39,13 @@ PKIFailureInfo PKIFreeText PKIHeader PKIMessage +PKIMessages PKIProtection PKIStatus PKIStatusInfo -POPODecKeyChallContent POPODecKeyRespContent +PollRepContent +PollReqContent ProtectedPart RevAnnContent RevDetails @@ -51,12 +53,34 @@ RevRepContent RevReqContent #.REGISTER +PBMParameter B "1.2.840.113533.7.66.13" "id-PasswordBasedMac" +DHBMParameter B "1.2.640.113533.7.66.30" "id-DHBasedMac" +CAProtEncCertValue B "1.3.6.1.5.5.7.4.1" "id-it-caProtEncCert" +SignKeyPairTypesValue B "1.3.6.1.5.5.7.4.2" "id-it-signKeyPairTypes" +EncKeyPairTypesValue B "1.3.6.1.5.5.7.4.3" "id-it-encKeyPairTypes" +PreferredSymmAlgValue B "1.3.6.1.5.5.7.4.4" "id-it-preferredSymmAlg" +CAKeyUpdateInfoValue B "1.3.6.1.5.5.7.4.5" "id-it-caKeyUpdateInfo" +CurrentCRLValue B "1.3.6.1.5.5.7.4.6" "id-it-currentCRL" +UnsupportedOIDsValue B "1.3.6.1.5.5.7.4.7" "id-it-unsupportedOIDs" +KeyPairParamReqValue B "1.3.6.1.5.5.7.4.10" "id-it-keyPairParamReq" +KeyPairParamRepValue B "1.3.6.1.5.5.7.4.11" "id-it-keyPairParamRep" +RevPassphraseValue B "1.3.6.1.5.5.7.4.12" "id-it-revPassphrase" +ImplicitConfirmValue B "1.3.6.1.5.5.7.4.13" "id-it-implicitConfirm" +ConfirmWaitTimeValue B "1.3.6.1.5.5.7.4.14" "id-it-confirmWaitTime" +OrigPKIMessageValue B "1.3.6.1.5.5.7.4.15" "id-it-origPKIMessage" +SuppLangTagsValue B "1.3.6.1.5.5.7.4.16" "id-it-suppLangTags" + #.NO_EMIT #.TYPE_RENAME #.FIELD_RENAME +RevRepContent/status rvrpcnt_status +CertResponse/status pkistatusinf +KeyRecRepContent/status pkistatusinf +PKIStatusInfo/status pkistatus +RevAnnContent/status pkistatus #.FN_PARS InfoTypeAndValue/infoType @@ -65,6 +89,4 @@ RevReqContent #.FN_BODY InfoTypeAndValue/infoValue offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); -#.END - - +#.END_OF_CNF diff --git a/asn1/pkixcrmf/CRMF.asn b/asn1/pkixcrmf/CRMF.asn index 55ce3a42b4..eb1eb17e61 100644 --- a/asn1/pkixcrmf/CRMF.asn +++ b/asn1/pkixcrmf/CRMF.asn @@ -1,199 +1,191 @@ --- This ASN1 definition is taken from RFC2511 and modified to pass through --- the asn2wrs compiler. +-- Extracted from RFC4211 +-- by Martin Peylo <martin.peylo@nsn.com> -- --- The copyright statement from the original description in RFC2511 +-- Changes to make it work with asn2wrs: +-- - none +-- +-- The copyright statement from the original description in RFC4211 -- follows below: --- --- +-- -- Full Copyright Statement --- --- Copyright (C) The Internet Society (1999). All Rights Reserved. --- --- This document and translations of it may be copied and furnished to --- others, and derivative works that comment on or otherwise explain it --- or assist in its implementation may be prepared, copied, published --- and distributed, in whole or in part, without restriction of any --- kind, provided that the above copyright notice and this paragraph are --- included on all such copies and derivative works. However, this --- document itself may not be modified in any way, such as by removing --- the copyright notice or references to the Internet Society or other --- Internet organizations, except as needed for the purpose of --- developing Internet standards in which case the procedures for --- copyrights defined in the Internet Standards process must be --- followed, or as required to translate it into languages other than --- English. --- --- The limited permissions granted above are perpetual and will not be --- revoked by the Internet Society or its successors or assigns. --- --- This document and the information contained herein is provided on an --- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING --- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING --- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION --- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF --- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - ---PKIXCRMF {iso(1) identified-organization(3) dod(6) internet(1) --- security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-crmf(5)} - -CRMF DEFINITIONS IMPLICIT TAGS ::= +-- +-- Copyright (C) The Internet Society (2005). +-- +-- This document is subject to the rights, licenses and restrictions +-- contained in BCP 78, and except as set forth therein, the authors +-- retain all their rights. +-- +-- This document and the information contained herein are provided on an +-- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS +-- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET +-- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, +-- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE +-- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED +-- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + + +PKIXCRMF-2005 {iso(1) identified-organization(3) dod(6) internet(1) +security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005(36)} + +DEFINITIONS IMPLICIT TAGS ::= BEGIN IMPORTS - -- Directory Authentication Framework (X.509) - AlgorithmIdentifier, Name, - SubjectPublicKeyInfo, Extensions - FROM PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) + -- Directory Authentication Framework (X.509) + Version, AlgorithmIdentifier, Name, Time, + SubjectPublicKeyInfo, Extensions, UniqueIdentifier, Attribute + FROM PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-pkix1-explicit(18)} -- found in [PROFILE] + + -- Certificate Extensions (X.509) + GeneralName + FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) - id-pkix1-explicit-88(1)} + id-pkix1-implicit(19)} -- found in [PROFILE] - -- Certificate Extensions (X.509) - GeneralName - FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) - internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) - id-pkix1-implicit-88(2)} + -- Cryptographic Message Syntax + EnvelopedData + FROM CryptographicMessageSyntax2004 { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) + modules(0) cms-2004(24) }; -- found in [CMS] - -- Cryptographic Message Syntax - EnvelopedData - FROM CryptographicMessageSyntax { iso(1) member-body(2) - us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) - modules(0) cms(1) }; +-- The following definition may be uncommented for use with +-- ASN.1 compilers that do not understand UTF8String. + +-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING + -- The contents of this type correspond to RFC 2279. + +id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) +dod(6) internet(1) security(5) mechanisms(5) 7 } + +-- arc for Internet X.509 PKI protocols and their components +id-pkip OBJECT IDENTIFIER ::= { id-pkix 5 } ---copied in from pkix1explicit -Version ::= INTEGER { v1(0), v2(1), v3(2) } -UniqueIdentifier ::= BIT STRING -Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } +id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 } +id-ct OBJECT IDENTIFIER ::= { id-smime 1 } -- content types +-- Core definitions for this module CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg CertReqMsg ::= SEQUENCE { - certReq CertRequest, - pop ProofOfPossession OPTIONAL, - -- content depends upon key type - regInfo SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL } + certReq CertRequest, + popo ProofOfPossession OPTIONAL, + -- content depends upon key type + regInfo SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL } CertRequest ::= SEQUENCE { - certReqId INTEGER, -- ID for matching request and reply - certTemplate CertTemplate, -- Selected fields of cert to be issued - controls Controls OPTIONAL } -- Attributes affecting issuance + certReqId INTEGER, -- ID for matching request and reply + certTemplate CertTemplate, -- Selected fields of cert to be issued + controls Controls OPTIONAL } -- Attributes affecting issuance CertTemplate ::= SEQUENCE { - version [0] Version OPTIONAL, - serialNumber [1] INTEGER OPTIONAL, - signingAlg [2] AlgorithmIdentifier OPTIONAL, - issuer [3] Name OPTIONAL, - validity [4] OptionalValidity OPTIONAL, - subject [5] Name OPTIONAL, - publicKey [6] SubjectPublicKeyInfo OPTIONAL, - issuerUID [7] UniqueIdentifier OPTIONAL, - subjectUID [8] UniqueIdentifier OPTIONAL, - extensions [9] Extensions OPTIONAL } + version [0] Version OPTIONAL, + serialNumber [1] INTEGER OPTIONAL, + signingAlg [2] AlgorithmIdentifier OPTIONAL, + issuer [3] Name OPTIONAL, + validity [4] OptionalValidity OPTIONAL, + subject [5] Name OPTIONAL, + publicKey [6] SubjectPublicKeyInfo OPTIONAL, + issuerUID [7] UniqueIdentifier OPTIONAL, + subjectUID [8] UniqueIdentifier OPTIONAL, + extensions [9] Extensions OPTIONAL } OptionalValidity ::= SEQUENCE { - notBefore [0] Time OPTIONAL, - notAfter [1] Time OPTIONAL } --at least one MUST be present + notBefore [0] Time OPTIONAL, + notAfter [1] Time OPTIONAL } -- at least one MUST be present Controls ::= SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { - type OBJECT IDENTIFIER, - value ANY } + type OBJECT IDENTIFIER, + value ANY DEFINED BY type } ProofOfPossession ::= CHOICE { - raVerified [0] NULL, - -- used if the RA has already verified that the requester is in - -- possession of the private key - signature [1] POPOSigningKey, - keyEncipherment [2] POPOPrivKey, - keyAgreement [3] POPOPrivKey } + raVerified [0] NULL, + -- used if the RA has already verified that the requester is in + -- possession of the private key + signature [1] POPOSigningKey, + keyEncipherment [2] POPOPrivKey, + keyAgreement [3] POPOPrivKey } POPOSigningKey ::= SEQUENCE { - poposkInput [0] POPOSigningKeyInput OPTIONAL, - algorithmIdentifier AlgorithmIdentifier, - signature BIT STRING } - -- The signature (using "algorithmIdentifier") is on the - -- DER-encoded value of poposkInput. NOTE: If the CertReqMsg - -- certReq CertTemplate contains the subject and publicKey values, - -- then poposkInput MUST be omitted and the signature MUST be - -- computed on the DER-encoded value of CertReqMsg certReq. If - -- the CertReqMsg certReq CertTemplate does not contain the public - -- key and subject values, then poposkInput MUST be present and - -- MUST be signed. This strategy ensures that the public key is - -- not present in both the poposkInput and CertReqMsg certReq - -- CertTemplate fields. + poposkInput [0] POPOSigningKeyInput OPTIONAL, + algorithmIdentifier AlgorithmIdentifier, + signature BIT STRING } + + -- The signature (using "algorithmIdentifier") is on the + -- DER-encoded value of poposkInput. NOTE: If the CertReqMsg + -- certReq CertTemplate contains the subject and publicKey values, + -- then poposkInput MUST be omitted and the signature MUST be + -- computed over the DER-encoded value of CertReqMsg certReq. If + -- the CertReqMsg certReq CertTemplate does not contain both the + -- public key and subject values (i.e., if it contains only one + -- of these, or neither), then poposkInput MUST be present and + -- MUST be signed. POPOSigningKeyInput ::= SEQUENCE { - authInfo CHOICE { - sender [0] GeneralName, - -- used only if an authenticated identity has been - -- established for the sender (e.g., a DN from a - -- previously-issued and currently-valid certificate - publicKeyMAC PKMACValue }, - -- used if no authenticated GeneralName currently exists for - -- the sender; publicKeyMAC contains a password-based MAC - -- on the DER-encoded value of publicKey - publicKey SubjectPublicKeyInfo } -- from CertTemplate + authInfo CHOICE { + sender [0] GeneralName, + -- used only if an authenticated identity has been + -- established for the sender (e.g., a DN from a + -- previously-issued and currently-valid certificate) + publicKeyMAC PKMACValue }, + -- used if no authenticated GeneralName currently exists for + -- the sender; publicKeyMAC contains a password-based MAC + -- on the DER-encoded value of publicKey + publicKey SubjectPublicKeyInfo } -- from CertTemplate PKMACValue ::= SEQUENCE { - algId AlgorithmIdentifier, - -- algorithm value shall be PasswordBasedMac {1 2 840 113533 7 66 13} - -- parameter value is PBMParameter - value BIT STRING } +algId AlgorithmIdentifier, +-- algorithm value shall be PasswordBasedMac {1 2 840 113533 7 66 13} +-- parameter value is PBMParameter +value BIT STRING } PBMParameter ::= SEQUENCE { - salt OCTET STRING, - owf AlgorithmIdentifier, - -- AlgId for a One-Way Function (SHA-1 recommended) - iterationCount INTEGER, - -- number of times the OWF is applied - mac AlgorithmIdentifier - -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], -} -- or HMAC [RFC2104, RFC2202]) + salt OCTET STRING, + owf AlgorithmIdentifier, + -- AlgId for a One-Way Function (SHA-1 recommended) + iterationCount INTEGER, + -- number of times the OWF is applied + mac AlgorithmIdentifier + -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], +} -- or HMAC [HMAC, RFC2202]) POPOPrivKey ::= CHOICE { - thisMessage [0] BIT STRING, - -- posession is proven in this message (which contains the private - -- key itself (encrypted for the CA)) - subsequentMessage [1] SubsequentMessage, - -- possession will be proven in a subsequent message - dhMAC [2] BIT STRING } - -- for keyAgreement (only), possession is proven in this message - -- (which contains a MAC (over the DER-encoded value of the - -- certReq parameter in CertReqMsg, which MUST include both subject - -- and publicKey) based on a key derived from the end entity's - -- private DH key and the CA's public DH key); - -- the dhMAC value MUST be calculated as per the directions given - -- in Appendix A. + thisMessage [0] BIT STRING, -- Deprecated + -- possession is proven in this message (which contains the private + -- key itself (encrypted for the CA)) + subsequentMessage [1] SubsequentMessage, + -- possession will be proven in a subsequent message + dhMAC [2] BIT STRING, -- Deprecated + agreeMAC [3] PKMACValue, + encryptedKey [4] EnvelopedData } + + -- for keyAgreement (only), possession is proven in this message + -- (which contains a MAC (over the DER-encoded value of the + -- certReq parameter in CertReqMsg, which MUST include both subject + -- and publicKey) based on a key derived from the end entity's + -- private DH key and the CA's public DH key); SubsequentMessage ::= INTEGER { - encrCert (0), - -- requests that resulting certificate be encrypted for the - -- end entity (following which, POP will be proven in a - -- confirmation message) - challengeResp (1) } - -- requests that CA engage in challenge-response exchange with - -- end entity in order to prove private key possession + encrCert (0), + -- requests that resulting certificate be encrypted for the + -- end entity (following which, POP will be proven in a + -- confirmation message) + challengeResp (1) } + -- requests that CA engage in challenge-response exchange with + -- end entity in order to prove private key possession -- Object identifier assignments -- -id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) -dod(6) internet(1) security(5) mechanisms(5) 7 } - --- arc for Internet X.509 PKI protocols and their components -id-pkip OBJECT IDENTIFIER ::= { id-pkix 5 } - -- Registration Controls in CRMF id-regCtrl OBJECT IDENTIFIER ::= { id-pkip 1 } --- The following definition may be uncommented for use with --- ASN.1 compilers which do not understand UTF8String. - --- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING id-regCtrl-regToken OBJECT IDENTIFIER ::= { id-regCtrl 1 } --with syntax: @@ -207,57 +199,66 @@ id-regCtrl-pkiPublicationInfo OBJECT IDENTIFIER ::= { id-regCtrl 3 } --with syntax: PKIPublicationInfo ::= SEQUENCE { - action INTEGER { - dontPublish (0), - pleasePublish (1) }, - pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL } - -- pubInfos MUST NOT be present if action is "dontPublish" - -- (if action is "pleasePublish" and pubInfos is omitted, - -- "dontCare" is assumed) +action INTEGER { + dontPublish (0), + pleasePublish (1) }, +pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL } + -- pubInfos MUST NOT be present if action is "dontPublish" + -- (if action is "pleasePublish" and pubInfos is omitted, + -- "dontCare" is assumed) SinglePubInfo ::= SEQUENCE { - pubMethod INTEGER { - dontCare (0), - x500 (1), - web (2), - ldap (3) }, - pubLocation GeneralName OPTIONAL } + pubMethod INTEGER { + dontCare (0), + x500 (1), + web (2), + ldap (3) }, + pubLocation GeneralName OPTIONAL } id-regCtrl-pkiArchiveOptions OBJECT IDENTIFIER ::= { id-regCtrl 4 } --with syntax: PKIArchiveOptions ::= CHOICE { - encryptedPrivKey [0] EncryptedKey, - -- the actual value of the private key - keyGenParameters [1] KeyGenParameters, - -- parameters which allow the private key to be re-generated - archiveRemGenPrivKey [2] BOOLEAN } - -- set to TRUE if sender wishes receiver to archive the private - -- key of a key pair which the receiver generates in response to - -- this request; set to FALSE if no archival is desired. + encryptedPrivKey [0] EncryptedKey, + -- the actual value of the private key + keyGenParameters [1] KeyGenParameters, + -- parameters that allow the private key to be re-generated + archiveRemGenPrivKey [2] BOOLEAN } + -- set to TRUE if sender wishes receiver to archive the private + -- key of a key pair that the receiver generates in response to + -- this request; set to FALSE if no archival is desired. EncryptedKey ::= CHOICE { - encryptedValue EncryptedValue, - envelopedData [0] EnvelopedData } - -- The encrypted private key MUST be placed in the envelopedData - -- encryptedContentInfo encryptedContent OCTET STRING. - + encryptedValue EncryptedValue, -- Deprecated + envelopedData [0] EnvelopedData } + -- The encrypted private key MUST be placed in the envelopedData + -- encryptedContentInfo encryptedContent OCTET STRING. EncryptedValue ::= SEQUENCE { - intendedAlg [0] AlgorithmIdentifier OPTIONAL, - -- the intended algorithm for which the value will be used - symmAlg [1] AlgorithmIdentifier OPTIONAL, - -- the symmetric algorithm used to encrypt the value - encSymmKey [2] BIT STRING OPTIONAL, - -- the (encrypted) symmetric key used to encrypt the value - keyAlg [3] AlgorithmIdentifier OPTIONAL, - -- algorithm used to encrypt the symmetric key - valueHint [4] OCTET STRING OPTIONAL, - -- a brief description or identifier of the encValue content - -- (may be meaningful only to the sending entity, and used only - -- if EncryptedValue might be re-examined by the sending entity - -- in the future) - encValue BIT STRING } - -- the encrypted value itself + intendedAlg [0] AlgorithmIdentifier OPTIONAL, + -- the intended algorithm for which the value will be used + symmAlg [1] AlgorithmIdentifier OPTIONAL, + -- the symmetric algorithm used to encrypt the value + encSymmKey [2] BIT STRING OPTIONAL, + -- the (encrypted) symmetric key used to encrypt the value + keyAlg [3] AlgorithmIdentifier OPTIONAL, + -- algorithm used to encrypt the symmetric key + valueHint [4] OCTET STRING OPTIONAL, + -- a brief description or identifier of the encValue content + -- (may be meaningful only to the sending entity, and used only + -- if EncryptedValue might be re-examined by the sending entity + -- in the future) + encValue BIT STRING } + -- the encrypted value itself +-- When EncryptedValue is used to carry a private key (as opposed to +-- a certificate), implementations MUST support the encValue field +-- containing an encrypted PrivateKeyInfo as defined in [PKCS11], +-- section 12.11. If encValue contains some other format/encoding +-- for the private key, the first octet of valueHint MAY be used +-- to indicate the format/encoding (but note that the possible values +-- of this octet are not specified at this time). In all cases, the +-- intendedAlg field MUST be used to indicate at least the OID of +-- the intended algorithm of the private key, unless this information +-- is known a priori to both sender and receiver by some other means. KeyGenParameters ::= OCTET STRING @@ -266,8 +267,8 @@ id-regCtrl-oldCertID OBJECT IDENTIFIER ::= { id-regCtrl 5 } OldCertId ::= CertId CertId ::= SEQUENCE { - issuer GeneralName, - serialNumber INTEGER } + issuer GeneralName, + serialNumber INTEGER } id-regCtrl-protocolEncrKey OBJECT IDENTIFIER ::= { id-regCtrl 6 } --with syntax: @@ -284,4 +285,27 @@ id-regInfo-certReq OBJECT IDENTIFIER ::= { id-regInfo 2 } --with syntax CertReq ::= CertRequest +-- id-ct-encKeyWithID is a new content type used for CMS objects. +-- it contains both a private key and an identifier for key escrow +-- agents to check against recovery requestors. + +id-ct-encKeyWithID OBJECT IDENTIFIER ::= {id-ct 21} + +EncKeyWithID ::= SEQUENCE { + privateKey PrivateKeyInfo, + identifier CHOICE { + string UTF8String, + generalName GeneralName + } OPTIONAL +} + +PrivateKeyInfo ::= SEQUENCE { + version INTEGER, + privateKeyAlgorithm AlgorithmIdentifier, + privateKey OCTET STRING, + attributes [0] IMPLICIT Attributes OPTIONAL +} + +Attributes ::= SET OF Attribute + END diff --git a/asn1/pkixcrmf/Makefile b/asn1/pkixcrmf/Makefile index f624d00452..3fc2742987 100644 --- a/asn1/pkixcrmf/Makefile +++ b/asn1/pkixcrmf/Makefile @@ -7,7 +7,7 @@ all: generate_dissector generate_dissector: $(DISSECTOR_FILES) $(DISSECTOR_FILES): ../../tools/asn2wrs.py CRMF.asn packet-crmf-template.c packet-crmf-template.h crmf.cnf - python ../../tools/asn2wrs.py -b -e -p crmf -c crmf.cnf -s packet-crmf-template CRMF.asn + python ../../tools/asn2wrs.py -b -X -T -e -p crmf -c crmf.cnf -s packet-crmf-template CRMF.asn clean: rm -f parsetab.py $(DISSECTOR_FILES) diff --git a/asn1/pkixcrmf/Makefile.nmake b/asn1/pkixcrmf/Makefile.nmake index 505677ce94..7aa239d1e6 100644 --- a/asn1/pkixcrmf/Makefile.nmake +++ b/asn1/pkixcrmf/Makefile.nmake @@ -15,7 +15,7 @@ generate_dissector: $(DISSECTOR_FILES) $(DISSECTOR_FILES): ../../tools/asn2wrs.py CRMF.asn packet-crmf-template.c packet-crmf-template.h crmf.cnf !IFDEF PYTHON - $(PYTHON) "../../tools/asn2wrs.py" -b -e -p $(PROTOCOL_NAME) -c crmf.cnf -s packet-crmf-template CRMF.asn + $(PYTHON) "../../tools/asn2wrs.py" -b -X -T -e -p $(PROTOCOL_NAME) -c crmf.cnf -s packet-crmf-template CRMF.asn !ELSE @echo Error: You need Python to use asn2wrs.py @exit 1 diff --git a/asn1/pkixcrmf/crmf-exp.cnf b/asn1/pkixcrmf/crmf-exp.cnf index f47a763ac4..2df5382d8d 100644 --- a/asn1/pkixcrmf/crmf-exp.cnf +++ b/asn1/pkixcrmf/crmf-exp.cnf @@ -4,7 +4,7 @@ # ../../tools/asn2wrs.py -b -e -p crmf -c crmf.cnf -s packet-crmf-template CRMF.asn #.MODULE -CRMF crmf +PKIXCRMF-2005 crmf #.END #.IMPORT_TAG @@ -35,6 +35,9 @@ CertId BER_CLASS_UNI BER_UNI_TAG_SEQUENCE ProtocolEncrKey BER_CLASS_UNI BER_UNI_TAG_SEQUENCE UTF8Pairs BER_CLASS_UNI BER_UNI_TAG_UTF8String CertReq BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +EncKeyWithID BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +PrivateKeyInfo BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +Attributes BER_CLASS_UNI BER_UNI_TAG_SET #.END #.TYPE_ATTR @@ -65,5 +68,8 @@ CertId TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL ProtocolEncrKey TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 UTF8Pairs TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 CertReq TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +EncKeyWithID TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +PrivateKeyInfo TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +Attributes TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = NULL BITMASK = 0 #.END diff --git a/asn1/pkixcrmf/crmf.cnf b/asn1/pkixcrmf/crmf.cnf index 2b902b1f5f..55567b4b72 100644 --- a/asn1/pkixcrmf/crmf.cnf +++ b/asn1/pkixcrmf/crmf.cnf @@ -6,6 +6,7 @@ #.MODULE_IMPORT PKIX1Explicit88 pkix1explicit PKIX1Implicit88 pkix1implicit +CryptographicMessageSyntax2004 cms #.INCLUDE ../cms/cms-exp.cnf #.INCLUDE ../pkix1explicit/pkix1explicit_exp.cnf @@ -13,6 +14,7 @@ PKIX1Implicit88 pkix1implicit #.EXPORTS Authenticator +Attributes AttributeTypeAndValue CertId CertReq @@ -21,6 +23,7 @@ CertReqMsg CertRequest CertTemplate Controls +EncKeyWithID EncryptedKey EncryptedValue KeyGenParameters @@ -33,6 +36,7 @@ PKMACValue POPOPrivKey POPOSigningKey POPOSigningKeyInput +PrivateKeyInfo ProofOfPossession ProtocolEncrKey RegToken @@ -41,7 +45,12 @@ SubsequentMessage UTF8Pairs #.REGISTER -PBMParameter B "1.2.840.113533.7.66.13" "PasswordBasedMac" +CertId B "1.3.6.1.5.5.7.5.1.5" "id-regCtrl-oldCertID" +CertRequest B "1.3.6.1.5.5.7.5.2.2" "id-regInfo-certReq" +EncKeyWithID B "1.2.840.113549.1.9.16.1.21" "id-ct-encKeyWithID" +PBMParameter B "1.2.840.113533.7.66.13" "PasswordBasedMac" +ProtocolEncrKey B "1.3.6.1.5.5.7.5.1.6" "id-regCtrl-protocolEncrKey" +UTF8Pairs B "1.3.6.1.5.5.7.5.2.1" "id-regInfo-utf8Pairs" #.NO_EMIT @@ -51,6 +60,8 @@ PBMParameter B "1.2.840.113533.7.66.13" "PasswordBasedMac" CertTemplate/issuer template_issuer POPOSigningKey/signature sk_signature PKMACValue/value pkmac_value +PrivateKeyInfo/version privkey_version +EncKeyWithID/privateKey enckeywid_privkey #.FN_PARS AttributeTypeAndValue/type FN_VARIANT = _str HF_INDEX = hf_crmf_type_oid VAL_PTR = &object_identifier_id diff --git a/epan/dissectors/packet-cmp.c b/epan/dissectors/packet-cmp.c index d745492b7c..59590524f8 100644 --- a/epan/dissectors/packet-cmp.c +++ b/epan/dissectors/packet-cmp.c @@ -73,11 +73,29 @@ static int hf_cmp_ttcb = -1; /*--- Included file: packet-cmp-hf.c ---*/ #line 1 "packet-cmp-hf.c" +static int hf_cmp_PBMParameter_PDU = -1; /* PBMParameter */ +static int hf_cmp_DHBMParameter_PDU = -1; /* DHBMParameter */ +static int hf_cmp_CAProtEncCertValue_PDU = -1; /* CAProtEncCertValue */ +static int hf_cmp_SignKeyPairTypesValue_PDU = -1; /* SignKeyPairTypesValue */ +static int hf_cmp_EncKeyPairTypesValue_PDU = -1; /* EncKeyPairTypesValue */ +static int hf_cmp_PreferredSymmAlgValue_PDU = -1; /* PreferredSymmAlgValue */ +static int hf_cmp_CAKeyUpdateInfoValue_PDU = -1; /* CAKeyUpdateInfoValue */ +static int hf_cmp_CurrentCRLValue_PDU = -1; /* CurrentCRLValue */ +static int hf_cmp_UnsupportedOIDsValue_PDU = -1; /* UnsupportedOIDsValue */ +static int hf_cmp_KeyPairParamReqValue_PDU = -1; /* KeyPairParamReqValue */ +static int hf_cmp_KeyPairParamRepValue_PDU = -1; /* KeyPairParamRepValue */ +static int hf_cmp_RevPassphraseValue_PDU = -1; /* RevPassphraseValue */ +static int hf_cmp_ImplicitConfirmValue_PDU = -1; /* ImplicitConfirmValue */ +static int hf_cmp_ConfirmWaitTimeValue_PDU = -1; /* ConfirmWaitTimeValue */ +static int hf_cmp_OrigPKIMessageValue_PDU = -1; /* OrigPKIMessageValue */ +static int hf_cmp_SuppLangTagsValue_PDU = -1; /* SuppLangTagsValue */ +static int hf_cmp_x509v3PKCert = -1; /* Certificate */ static int hf_cmp_header = -1; /* PKIHeader */ static int hf_cmp_body = -1; /* PKIBody */ static int hf_cmp_protection = -1; /* PKIProtection */ -static int hf_cmp_extraCerts = -1; /* SEQUENCE_SIZE_1_MAX_OF_Certificate */ -static int hf_cmp_extraCerts_item = -1; /* Certificate */ +static int hf_cmp_extraCerts = -1; /* SEQUENCE_SIZE_1_MAX_OF_CMPCertificate */ +static int hf_cmp_extraCerts_item = -1; /* CMPCertificate */ +static int hf_cmp_PKIMessages_item = -1; /* PKIMessage */ static int hf_cmp_pvno = -1; /* T_pvno */ static int hf_cmp_sender = -1; /* GeneralName */ static int hf_cmp_recipient = -1; /* GeneralName */ @@ -110,16 +128,19 @@ static int hf_cmp_ckuann = -1; /* CAKeyUpdAnnContent */ static int hf_cmp_cann = -1; /* CertAnnContent */ static int hf_cmp_rann = -1; /* RevAnnContent */ static int hf_cmp_crlann = -1; /* CRLAnnContent */ -static int hf_cmp_conf = -1; /* PKIConfirmContent */ +static int hf_cmp_pkiconf = -1; /* PKIConfirmContent */ static int hf_cmp_nested = -1; /* NestedMessageContent */ static int hf_cmp_genm = -1; /* GenMsgContent */ static int hf_cmp_genp = -1; /* GenRepContent */ static int hf_cmp_error = -1; /* ErrorMsgContent */ +static int hf_cmp_certConf = -1; /* CertConfirmContent */ +static int hf_cmp_pollReq = -1; /* PollReqContent */ +static int hf_cmp_pollRep = -1; /* PollRepContent */ static int hf_cmp_salt = -1; /* OCTET_STRING */ static int hf_cmp_owf = -1; /* AlgorithmIdentifier */ static int hf_cmp_iterationCount = -1; /* INTEGER */ static int hf_cmp_mac = -1; /* AlgorithmIdentifier */ -static int hf_cmp_status = -1; /* PKIStatus */ +static int hf_cmp_pkistatus = -1; /* PKIStatus */ static int hf_cmp_statusString = -1; /* PKIFreeText */ static int hf_cmp_failInfo = -1; /* PKIFailureInfo */ static int hf_cmp_hashAlg = -1; /* AlgorithmIdentifier */ @@ -129,48 +150,58 @@ static int hf_cmp_POPODecKeyChallContent_item = -1; /* Challenge */ static int hf_cmp_witness = -1; /* OCTET_STRING */ static int hf_cmp_challenge = -1; /* OCTET_STRING */ static int hf_cmp_POPODecKeyRespContent_item = -1; /* INTEGER */ -static int hf_cmp_caPubs = -1; /* SEQUENCE_SIZE_1_MAX_OF_Certificate */ -static int hf_cmp_caPubs_item = -1; /* Certificate */ +static int hf_cmp_caPubs = -1; /* SEQUENCE_SIZE_1_MAX_OF_CMPCertificate */ +static int hf_cmp_caPubs_item = -1; /* CMPCertificate */ static int hf_cmp_response = -1; /* SEQUENCE_OF_CertResponse */ static int hf_cmp_response_item = -1; /* CertResponse */ static int hf_cmp_certReqId = -1; /* INTEGER */ -static int hf_cmp_status_01 = -1; /* PKIStatusInfo */ +static int hf_cmp_pkistatusinf = -1; /* PKIStatusInfo */ static int hf_cmp_certifiedKeyPair = -1; /* CertifiedKeyPair */ static int hf_cmp_rspInfo = -1; /* OCTET_STRING */ static int hf_cmp_certOrEncCert = -1; /* CertOrEncCert */ static int hf_cmp_privateKey = -1; /* EncryptedValue */ static int hf_cmp_publicationInfo = -1; /* PKIPublicationInfo */ -static int hf_cmp_certificate = -1; /* Certificate */ +static int hf_cmp_certificate = -1; /* CMPCertificate */ static int hf_cmp_encryptedCert = -1; /* EncryptedValue */ -static int hf_cmp_newSigCert = -1; /* Certificate */ -static int hf_cmp_caCerts = -1; /* SEQUENCE_SIZE_1_MAX_OF_Certificate */ -static int hf_cmp_caCerts_item = -1; /* Certificate */ +static int hf_cmp_newSigCert = -1; /* CMPCertificate */ +static int hf_cmp_caCerts = -1; /* SEQUENCE_SIZE_1_MAX_OF_CMPCertificate */ +static int hf_cmp_caCerts_item = -1; /* CMPCertificate */ static int hf_cmp_keyPairHist = -1; /* SEQUENCE_SIZE_1_MAX_OF_CertifiedKeyPair */ static int hf_cmp_keyPairHist_item = -1; /* CertifiedKeyPair */ static int hf_cmp_RevReqContent_item = -1; /* RevDetails */ static int hf_cmp_certDetails = -1; /* CertTemplate */ -static int hf_cmp_revocationReason = -1; /* ReasonFlags */ -static int hf_cmp_badSinceDate = -1; /* GeneralizedTime */ static int hf_cmp_crlEntryDetails = -1; /* Extensions */ -static int hf_cmp_status_02 = -1; /* SEQUENCE_SIZE_1_MAX_OF_PKIStatusInfo */ -static int hf_cmp_status_item = -1; /* PKIStatusInfo */ +static int hf_cmp_rvrpcnt_status = -1; /* SEQUENCE_SIZE_1_MAX_OF_PKIStatusInfo */ +static int hf_cmp_rvrpcnt_status_item = -1; /* PKIStatusInfo */ static int hf_cmp_revCerts = -1; /* SEQUENCE_SIZE_1_MAX_OF_CertId */ static int hf_cmp_revCerts_item = -1; /* CertId */ static int hf_cmp_crls = -1; /* SEQUENCE_SIZE_1_MAX_OF_CertificateList */ static int hf_cmp_crls_item = -1; /* CertificateList */ -static int hf_cmp_oldWithNew = -1; /* Certificate */ -static int hf_cmp_newWithOld = -1; /* Certificate */ -static int hf_cmp_newWithNew = -1; /* Certificate */ +static int hf_cmp_oldWithNew = -1; /* CMPCertificate */ +static int hf_cmp_newWithOld = -1; /* CMPCertificate */ +static int hf_cmp_newWithNew = -1; /* CMPCertificate */ static int hf_cmp_willBeRevokedAt = -1; /* GeneralizedTime */ +static int hf_cmp_badSinceDate = -1; /* GeneralizedTime */ static int hf_cmp_crlDetails = -1; /* Extensions */ static int hf_cmp_CRLAnnContent_item = -1; /* CertificateList */ +static int hf_cmp_CertConfirmContent_item = -1; /* CertStatus */ +static int hf_cmp_certHash = -1; /* OCTET_STRING */ +static int hf_cmp_statusInfo = -1; /* PKIStatusInfo */ static int hf_cmp_infoType = -1; /* T_infoType */ static int hf_cmp_infoValue = -1; /* T_infoValue */ +static int hf_cmp_SignKeyPairTypesValue_item = -1; /* AlgorithmIdentifier */ +static int hf_cmp_EncKeyPairTypesValue_item = -1; /* AlgorithmIdentifier */ +static int hf_cmp_UnsupportedOIDsValue_item = -1; /* OBJECT_IDENTIFIER */ +static int hf_cmp_SuppLangTagsValue_item = -1; /* UTF8String */ static int hf_cmp_GenMsgContent_item = -1; /* InfoTypeAndValue */ static int hf_cmp_GenRepContent_item = -1; /* InfoTypeAndValue */ static int hf_cmp_pKIStatusInfo = -1; /* PKIStatusInfo */ static int hf_cmp_errorCode = -1; /* INTEGER */ static int hf_cmp_errorDetails = -1; /* PKIFreeText */ +static int hf_cmp_PollReqContent_item = -1; /* PollReqContent_item */ +static int hf_cmp_PollRepContent_item = -1; /* PollRepContent_item */ +static int hf_cmp_checkAfter = -1; /* INTEGER */ +static int hf_cmp_reason = -1; /* PKIFreeText */ /* named bits */ static int hf_cmp_PKIFailureInfo_badAlg = -1; static int hf_cmp_PKIFailureInfo_badMessageCheck = -1; @@ -182,6 +213,23 @@ static int hf_cmp_PKIFailureInfo_wrongAuthority = -1; static int hf_cmp_PKIFailureInfo_incorrectData = -1; static int hf_cmp_PKIFailureInfo_missingTimeStamp = -1; static int hf_cmp_PKIFailureInfo_badPOP = -1; +static int hf_cmp_PKIFailureInfo_certRevoked = -1; +static int hf_cmp_PKIFailureInfo_certConfirmed = -1; +static int hf_cmp_PKIFailureInfo_wrongIntegrity = -1; +static int hf_cmp_PKIFailureInfo_badRecipientNonce = -1; +static int hf_cmp_PKIFailureInfo_timeNotAvailable = -1; +static int hf_cmp_PKIFailureInfo_unacceptedPolicy = -1; +static int hf_cmp_PKIFailureInfo_unacceptedExtension = -1; +static int hf_cmp_PKIFailureInfo_addInfoNotAvailable = -1; +static int hf_cmp_PKIFailureInfo_badSenderNonce = -1; +static int hf_cmp_PKIFailureInfo_badCertTemplate = -1; +static int hf_cmp_PKIFailureInfo_signerNotTrusted = -1; +static int hf_cmp_PKIFailureInfo_transactionIdInUse = -1; +static int hf_cmp_PKIFailureInfo_unsupportedVersion = -1; +static int hf_cmp_PKIFailureInfo_notAuthorized = -1; +static int hf_cmp_PKIFailureInfo_systemUnavail = -1; +static int hf_cmp_PKIFailureInfo_systemFailure = -1; +static int hf_cmp_PKIFailureInfo_duplicateCertReq = -1; /*--- End of included file: packet-cmp-hf.c ---*/ #line 66 "packet-cmp-template.c" @@ -191,8 +239,10 @@ static gint ett_cmp = -1; /*--- Included file: packet-cmp-ett.c ---*/ #line 1 "packet-cmp-ett.c" +static gint ett_cmp_CMPCertificate = -1; static gint ett_cmp_PKIMessage = -1; -static gint ett_cmp_SEQUENCE_SIZE_1_MAX_OF_Certificate = -1; +static gint ett_cmp_SEQUENCE_SIZE_1_MAX_OF_CMPCertificate = -1; +static gint ett_cmp_PKIMessages = -1; static gint ett_cmp_PKIHeader = -1; static gint ett_cmp_SEQUENCE_SIZE_1_MAX_OF_InfoTypeAndValue = -1; static gint ett_cmp_PKIFreeText = -1; @@ -222,10 +272,20 @@ static gint ett_cmp_SEQUENCE_SIZE_1_MAX_OF_CertificateList = -1; static gint ett_cmp_CAKeyUpdAnnContent = -1; static gint ett_cmp_RevAnnContent = -1; static gint ett_cmp_CRLAnnContent = -1; +static gint ett_cmp_CertConfirmContent = -1; +static gint ett_cmp_CertStatus = -1; static gint ett_cmp_InfoTypeAndValue = -1; +static gint ett_cmp_SignKeyPairTypesValue = -1; +static gint ett_cmp_EncKeyPairTypesValue = -1; +static gint ett_cmp_UnsupportedOIDsValue = -1; +static gint ett_cmp_SuppLangTagsValue = -1; static gint ett_cmp_GenMsgContent = -1; static gint ett_cmp_GenRepContent = -1; static gint ett_cmp_ErrorMsgContent = -1; +static gint ett_cmp_PollReqContent = -1; +static gint ett_cmp_PollReqContent_item = -1; +static gint ett_cmp_PollRepContent = -1; +static gint ett_cmp_PollRepContent_item = -1; /*--- End of included file: packet-cmp-ett.c ---*/ #line 70 "packet-cmp-template.c" @@ -238,15 +298,18 @@ static const char *object_identifier_id; #line 1 "packet-cmp-fn.c" /*--- Cyclic dependencies ---*/ -/* PKIMessage -> PKIBody -> NestedMessageContent -> PKIMessage */ +/* PKIMessage -> PKIBody -> NestedMessageContent -> PKIMessages -> PKIMessage */ int dissect_cmp_PKIMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +static int dissect_PKIMessages_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_PKIMessage(FALSE, tvb, offset, actx, tree, hf_cmp_PKIMessages_item); +} /*--- Fields for imported types ---*/ -static int dissect_extraCerts_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_pkix1explicit_Certificate(FALSE, tvb, offset, actx, tree, hf_cmp_extraCerts_item); +static int dissect_x509v3PKCert(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_Certificate(FALSE, tvb, offset, actx, tree, hf_cmp_x509v3PKCert); } static int dissect_sender(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_pkix1implicit_GeneralName(FALSE, tvb, offset, actx, tree, hf_cmp_sender); @@ -257,6 +320,12 @@ static int dissect_recipient(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset static int dissect_protectionAlg(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_pkix1explicit_AlgorithmIdentifier(FALSE, tvb, offset, actx, tree, hf_cmp_protectionAlg); } +static int dissect_senderKID(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1implicit_KeyIdentifier(FALSE, tvb, offset, actx, tree, hf_cmp_senderKID); +} +static int dissect_recipKID(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1implicit_KeyIdentifier(FALSE, tvb, offset, actx, tree, hf_cmp_recipKID); +} static int dissect_ir(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_crmf_CertReqMessages(FALSE, tvb, offset, actx, tree, hf_cmp_ir); } @@ -284,33 +353,18 @@ static int dissect_hashAlg(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _ static int dissect_certId(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_crmf_CertId(FALSE, tvb, offset, actx, tree, hf_cmp_certId); } -static int dissect_caPubs_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_pkix1explicit_Certificate(FALSE, tvb, offset, actx, tree, hf_cmp_caPubs_item); -} static int dissect_privateKey(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_crmf_EncryptedValue(FALSE, tvb, offset, actx, tree, hf_cmp_privateKey); } static int dissect_publicationInfo(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_crmf_PKIPublicationInfo(FALSE, tvb, offset, actx, tree, hf_cmp_publicationInfo); } -static int dissect_certificate(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_pkix1explicit_Certificate(FALSE, tvb, offset, actx, tree, hf_cmp_certificate); -} static int dissect_encryptedCert(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_crmf_EncryptedValue(FALSE, tvb, offset, actx, tree, hf_cmp_encryptedCert); } -static int dissect_newSigCert(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_pkix1explicit_Certificate(FALSE, tvb, offset, actx, tree, hf_cmp_newSigCert); -} -static int dissect_caCerts_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_pkix1explicit_Certificate(FALSE, tvb, offset, actx, tree, hf_cmp_caCerts_item); -} static int dissect_certDetails(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_crmf_CertTemplate(FALSE, tvb, offset, actx, tree, hf_cmp_certDetails); } -static int dissect_revocationReason(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_pkix1implicit_ReasonFlags(FALSE, tvb, offset, actx, tree, hf_cmp_revocationReason); -} static int dissect_crlEntryDetails(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_pkix1explicit_Extensions(FALSE, tvb, offset, actx, tree, hf_cmp_crlEntryDetails); } @@ -320,41 +374,67 @@ static int dissect_revCerts_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int of static int dissect_crls_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_pkix1explicit_CertificateList(FALSE, tvb, offset, actx, tree, hf_cmp_crls_item); } -static int dissect_oldWithNew(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_pkix1explicit_Certificate(FALSE, tvb, offset, actx, tree, hf_cmp_oldWithNew); -} -static int dissect_newWithOld(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_pkix1explicit_Certificate(FALSE, tvb, offset, actx, tree, hf_cmp_newWithOld); -} -static int dissect_newWithNew(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_pkix1explicit_Certificate(FALSE, tvb, offset, actx, tree, hf_cmp_newWithNew); -} static int dissect_crlDetails(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_pkix1explicit_Extensions(FALSE, tvb, offset, actx, tree, hf_cmp_crlDetails); } static int dissect_CRLAnnContent_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_pkix1explicit_CertificateList(FALSE, tvb, offset, actx, tree, hf_cmp_CRLAnnContent_item); } +static int dissect_SignKeyPairTypesValue_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_AlgorithmIdentifier(FALSE, tvb, offset, actx, tree, hf_cmp_SignKeyPairTypesValue_item); +} +static int dissect_EncKeyPairTypesValue_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_AlgorithmIdentifier(FALSE, tvb, offset, actx, tree, hf_cmp_EncKeyPairTypesValue_item); +} +const value_string cmp_CMPCertificate_vals[] = { + { 0, "x509v3PKCert" }, + { 0, NULL } +}; -static int -dissect_cmp_KeyIdentifier(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, - NULL); +static const ber_old_choice_t CMPCertificate_choice[] = { + { 0, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509v3PKCert }, + { 0, 0, 0, 0, NULL } +}; + +int +dissect_cmp_CMPCertificate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_choice(actx, tree, tvb, offset, + CMPCertificate_choice, hf_index, ett_cmp_CMPCertificate, + NULL); return offset; } -static int dissect_senderKID(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_cmp_KeyIdentifier(FALSE, tvb, offset, actx, tree, hf_cmp_senderKID); +static int dissect_extraCerts_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_CMPCertificate(FALSE, tvb, offset, actx, tree, hf_cmp_extraCerts_item); } -static int dissect_recipKID(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_cmp_KeyIdentifier(FALSE, tvb, offset, actx, tree, hf_cmp_recipKID); +static int dissect_caPubs_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_CMPCertificate(FALSE, tvb, offset, actx, tree, hf_cmp_caPubs_item); +} +static int dissect_certificate(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_CMPCertificate(FALSE, tvb, offset, actx, tree, hf_cmp_certificate); +} +static int dissect_newSigCert(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_CMPCertificate(FALSE, tvb, offset, actx, tree, hf_cmp_newSigCert); +} +static int dissect_caCerts_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_CMPCertificate(FALSE, tvb, offset, actx, tree, hf_cmp_caCerts_item); +} +static int dissect_oldWithNew(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_CMPCertificate(FALSE, tvb, offset, actx, tree, hf_cmp_oldWithNew); +} +static int dissect_newWithOld(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_CMPCertificate(FALSE, tvb, offset, actx, tree, hf_cmp_newWithOld); +} +static int dissect_newWithNew(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_CMPCertificate(FALSE, tvb, offset, actx, tree, hf_cmp_newWithNew); } static const value_string cmp_T_pvno_vals[] = { - { 1, "ietf-version2" }, + { 1, "cmp1999" }, + { 2, "cmp2000" }, { 0, NULL } }; @@ -381,12 +461,12 @@ dissect_cmp_GeneralizedTime(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of static int dissect_messageTime(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_cmp_GeneralizedTime(FALSE, tvb, offset, actx, tree, hf_cmp_messageTime); } -static int dissect_badSinceDate(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_cmp_GeneralizedTime(FALSE, tvb, offset, actx, tree, hf_cmp_badSinceDate); -} static int dissect_willBeRevokedAt(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_cmp_GeneralizedTime(FALSE, tvb, offset, actx, tree, hf_cmp_willBeRevokedAt); } +static int dissect_badSinceDate(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_GeneralizedTime(FALSE, tvb, offset, actx, tree, hf_cmp_badSinceDate); +} @@ -418,6 +498,9 @@ static int dissect_challenge(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset static int dissect_rspInfo(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_cmp_OCTET_STRING(FALSE, tvb, offset, actx, tree, hf_cmp_rspInfo); } +static int dissect_certHash(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_OCTET_STRING(FALSE, tvb, offset, actx, tree, hf_cmp_certHash); +} @@ -432,6 +515,9 @@ dissect_cmp_UTF8String(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_PKIFreeText_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_cmp_UTF8String(FALSE, tvb, offset, actx, tree, hf_cmp_PKIFreeText_item); } +static int dissect_SuppLangTagsValue_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_UTF8String(FALSE, tvb, offset, actx, tree, hf_cmp_SuppLangTagsValue_item); +} static const ber_old_sequence_t PKIFreeText_sequence_of[1] = { @@ -454,6 +540,9 @@ static int dissect_statusString(proto_tree *tree _U_, tvbuff_t *tvb _U_, int off static int dissect_errorDetails(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_cmp_PKIFreeText(FALSE, tvb, offset, actx, tree, hf_cmp_errorDetails); } +static int dissect_reason(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_PKIFreeText(FALSE, tvb, offset, actx, tree, hf_cmp_reason); +} @@ -471,7 +560,7 @@ static int dissect_infoType(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset static int dissect_cmp_T_infoValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 66 "cmp.cnf" +#line 90 "cmp.cnf" offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); @@ -551,25 +640,25 @@ static int dissect_header(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U } -static const ber_old_sequence_t SEQUENCE_SIZE_1_MAX_OF_Certificate_sequence_of[1] = { - { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_extraCerts_item }, +static const ber_old_sequence_t SEQUENCE_SIZE_1_MAX_OF_CMPCertificate_sequence_of[1] = { + { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_extraCerts_item }, }; static int -dissect_cmp_SEQUENCE_SIZE_1_MAX_OF_Certificate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +dissect_cmp_SEQUENCE_SIZE_1_MAX_OF_CMPCertificate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ber_old_sequence_of(implicit_tag, actx, tree, tvb, offset, - SEQUENCE_SIZE_1_MAX_OF_Certificate_sequence_of, hf_index, ett_cmp_SEQUENCE_SIZE_1_MAX_OF_Certificate); + SEQUENCE_SIZE_1_MAX_OF_CMPCertificate_sequence_of, hf_index, ett_cmp_SEQUENCE_SIZE_1_MAX_OF_CMPCertificate); return offset; } static int dissect_extraCerts(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_cmp_SEQUENCE_SIZE_1_MAX_OF_Certificate(FALSE, tvb, offset, actx, tree, hf_cmp_extraCerts); + return dissect_cmp_SEQUENCE_SIZE_1_MAX_OF_CMPCertificate(FALSE, tvb, offset, actx, tree, hf_cmp_extraCerts); } static int dissect_caPubs(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_cmp_SEQUENCE_SIZE_1_MAX_OF_Certificate(FALSE, tvb, offset, actx, tree, hf_cmp_caPubs); + return dissect_cmp_SEQUENCE_SIZE_1_MAX_OF_CMPCertificate(FALSE, tvb, offset, actx, tree, hf_cmp_caPubs); } static int dissect_caCerts(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_cmp_SEQUENCE_SIZE_1_MAX_OF_Certificate(FALSE, tvb, offset, actx, tree, hf_cmp_caCerts); + return dissect_cmp_SEQUENCE_SIZE_1_MAX_OF_CMPCertificate(FALSE, tvb, offset, actx, tree, hf_cmp_caCerts); } @@ -593,10 +682,13 @@ static int dissect_certReqId(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset static int dissect_errorCode(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_cmp_INTEGER(FALSE, tvb, offset, actx, tree, hf_cmp_errorCode); } +static int dissect_checkAfter(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_INTEGER(FALSE, tvb, offset, actx, tree, hf_cmp_checkAfter); +} const value_string cmp_PKIStatus_vals[] = { - { 0, "granted" }, + { 0, "accepted" }, { 1, "grantedWithMods" }, { 2, "rejection" }, { 3, "waiting" }, @@ -614,8 +706,8 @@ dissect_cmp_PKIStatus(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _ return offset; } -static int dissect_status(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_cmp_PKIStatus(FALSE, tvb, offset, actx, tree, hf_cmp_status); +static int dissect_pkistatus(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_PKIStatus(FALSE, tvb, offset, actx, tree, hf_cmp_pkistatus); } @@ -630,6 +722,23 @@ static const asn_namedbit PKIFailureInfo_bits[] = { { 7, &hf_cmp_PKIFailureInfo_incorrectData, -1, -1, "incorrectData", NULL }, { 8, &hf_cmp_PKIFailureInfo_missingTimeStamp, -1, -1, "missingTimeStamp", NULL }, { 9, &hf_cmp_PKIFailureInfo_badPOP, -1, -1, "badPOP", NULL }, + { 10, &hf_cmp_PKIFailureInfo_certRevoked, -1, -1, "certRevoked", NULL }, + { 11, &hf_cmp_PKIFailureInfo_certConfirmed, -1, -1, "certConfirmed", NULL }, + { 12, &hf_cmp_PKIFailureInfo_wrongIntegrity, -1, -1, "wrongIntegrity", NULL }, + { 13, &hf_cmp_PKIFailureInfo_badRecipientNonce, -1, -1, "badRecipientNonce", NULL }, + { 14, &hf_cmp_PKIFailureInfo_timeNotAvailable, -1, -1, "timeNotAvailable", NULL }, + { 15, &hf_cmp_PKIFailureInfo_unacceptedPolicy, -1, -1, "unacceptedPolicy", NULL }, + { 16, &hf_cmp_PKIFailureInfo_unacceptedExtension, -1, -1, "unacceptedExtension", NULL }, + { 17, &hf_cmp_PKIFailureInfo_addInfoNotAvailable, -1, -1, "addInfoNotAvailable", NULL }, + { 18, &hf_cmp_PKIFailureInfo_badSenderNonce, -1, -1, "badSenderNonce", NULL }, + { 19, &hf_cmp_PKIFailureInfo_badCertTemplate, -1, -1, "badCertTemplate", NULL }, + { 20, &hf_cmp_PKIFailureInfo_signerNotTrusted, -1, -1, "signerNotTrusted", NULL }, + { 21, &hf_cmp_PKIFailureInfo_transactionIdInUse, -1, -1, "transactionIdInUse", NULL }, + { 22, &hf_cmp_PKIFailureInfo_unsupportedVersion, -1, -1, "unsupportedVersion", NULL }, + { 23, &hf_cmp_PKIFailureInfo_notAuthorized, -1, -1, "notAuthorized", NULL }, + { 24, &hf_cmp_PKIFailureInfo_systemUnavail, -1, -1, "systemUnavail", NULL }, + { 25, &hf_cmp_PKIFailureInfo_systemFailure, -1, -1, "systemFailure", NULL }, + { 26, &hf_cmp_PKIFailureInfo_duplicateCertReq, -1, -1, "duplicateCertReq", NULL }, { 0, NULL, 0, 0, NULL, NULL } }; @@ -647,7 +756,7 @@ static int dissect_failInfo(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset static const ber_old_sequence_t PKIStatusInfo_sequence[] = { - { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_status }, + { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_pkistatus }, { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_statusString }, { BER_CLASS_UNI, BER_UNI_TAG_BITSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_failInfo }, { 0, 0, 0, NULL } @@ -660,11 +769,14 @@ dissect_cmp_PKIStatusInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs return offset; } -static int dissect_status_01(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_cmp_PKIStatusInfo(FALSE, tvb, offset, actx, tree, hf_cmp_status_01); +static int dissect_pkistatusinf(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_PKIStatusInfo(FALSE, tvb, offset, actx, tree, hf_cmp_pkistatusinf); +} +static int dissect_rvrpcnt_status_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_PKIStatusInfo(FALSE, tvb, offset, actx, tree, hf_cmp_rvrpcnt_status_item); } -static int dissect_status_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_cmp_PKIStatusInfo(FALSE, tvb, offset, actx, tree, hf_cmp_status_item); +static int dissect_statusInfo(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_PKIStatusInfo(FALSE, tvb, offset, actx, tree, hf_cmp_statusInfo); } static int dissect_pKIStatusInfo(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_cmp_PKIStatusInfo(FALSE, tvb, offset, actx, tree, hf_cmp_pKIStatusInfo); @@ -720,7 +832,7 @@ static int dissect_keyPairHist_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int static const ber_old_sequence_t CertResponse_sequence[] = { { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_certReqId }, - { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_status_01 }, + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_pkistatusinf }, { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_certifiedKeyPair }, { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_rspInfo }, { 0, 0, 0, NULL } @@ -804,7 +916,7 @@ static const ber_old_sequence_t POPODecKeyChallContent_sequence_of[1] = { { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_POPODecKeyChallContent_item }, }; -int +static int dissect_cmp_POPODecKeyChallContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ber_old_sequence_of(implicit_tag, actx, tree, tvb, offset, POPODecKeyChallContent_sequence_of, hf_index, ett_cmp_POPODecKeyChallContent); @@ -849,8 +961,8 @@ static int dissect_keyPairHist(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offs static const ber_old_sequence_t KeyRecRepContent_sequence[] = { - { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_status_01 }, - { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_newSigCert }, + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_pkistatusinf }, + { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_NOTCHKTAG, dissect_newSigCert }, { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_caCerts }, { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_keyPairHist }, { 0, 0, 0, NULL } @@ -870,8 +982,6 @@ static int dissect_krp(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, static const ber_old_sequence_t RevDetails_sequence[] = { { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_certDetails }, - { BER_CLASS_UNI, BER_UNI_TAG_BITSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_revocationReason }, - { BER_CLASS_UNI, BER_UNI_TAG_GeneralizedTime, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_badSinceDate }, { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_crlEntryDetails }, { 0, 0, 0, NULL } }; @@ -905,7 +1015,7 @@ static int dissect_rr(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, a static const ber_old_sequence_t SEQUENCE_SIZE_1_MAX_OF_PKIStatusInfo_sequence_of[1] = { - { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_status_item }, + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_rvrpcnt_status_item }, }; static int @@ -915,8 +1025,8 @@ dissect_cmp_SEQUENCE_SIZE_1_MAX_OF_PKIStatusInfo(gboolean implicit_tag _U_, tvbu return offset; } -static int dissect_status_02(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_cmp_SEQUENCE_SIZE_1_MAX_OF_PKIStatusInfo(FALSE, tvb, offset, actx, tree, hf_cmp_status_02); +static int dissect_rvrpcnt_status(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_SEQUENCE_SIZE_1_MAX_OF_PKIStatusInfo(FALSE, tvb, offset, actx, tree, hf_cmp_rvrpcnt_status); } @@ -953,9 +1063,9 @@ static int dissect_crls(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, static const ber_old_sequence_t RevRepContent_sequence[] = { - { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_status_02 }, + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_rvrpcnt_status }, { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_revCerts }, - { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_crls }, + { BER_CLASS_CON, 1, 0, dissect_crls }, { 0, 0, 0, NULL } }; @@ -972,9 +1082,9 @@ static int dissect_rp(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, a static const ber_old_sequence_t CAKeyUpdAnnContent_sequence[] = { - { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_oldWithNew }, - { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_newWithOld }, - { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_newWithNew }, + { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_oldWithNew }, + { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_newWithOld }, + { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_newWithNew }, { 0, 0, 0, NULL } }; @@ -993,7 +1103,7 @@ static int dissect_ckuann(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U int dissect_cmp_CertAnnContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_pkix1explicit_Certificate(implicit_tag, tvb, offset, actx, tree, hf_index); + offset = dissect_cmp_CMPCertificate(implicit_tag, tvb, offset, actx, tree, hf_index); return offset; } @@ -1003,7 +1113,7 @@ static int dissect_cann(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, static const ber_old_sequence_t RevAnnContent_sequence[] = { - { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_status }, + { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_pkistatus }, { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_certId }, { BER_CLASS_UNI, BER_UNI_TAG_GeneralizedTime, BER_FLAGS_NOOWNTAG, dissect_willBeRevokedAt }, { BER_CLASS_UNI, BER_UNI_TAG_GeneralizedTime, BER_FLAGS_NOOWNTAG, dissect_badSinceDate }, @@ -1046,15 +1156,28 @@ dissect_cmp_PKIConfirmContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int return offset; } -static int dissect_conf(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_cmp_PKIConfirmContent(FALSE, tvb, offset, actx, tree, hf_cmp_conf); +static int dissect_pkiconf(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_PKIConfirmContent(FALSE, tvb, offset, actx, tree, hf_cmp_pkiconf); +} + + +static const ber_old_sequence_t PKIMessages_sequence_of[1] = { + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_PKIMessages_item }, +}; + +int +dissect_cmp_PKIMessages(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence_of(implicit_tag, actx, tree, tvb, offset, + PKIMessages_sequence_of, hf_index, ett_cmp_PKIMessages); + + return offset; } int dissect_cmp_NestedMessageContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_cmp_PKIMessage(implicit_tag, tvb, offset, actx, tree, hf_index); + offset = dissect_cmp_PKIMessages(implicit_tag, tvb, offset, actx, tree, hf_index); return offset; } @@ -1083,7 +1206,7 @@ static const ber_old_sequence_t GenRepContent_sequence_of[1] = { { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_GenRepContent_item }, }; -int +static int dissect_cmp_GenRepContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ber_old_sequence_of(implicit_tag, actx, tree, tvb, offset, GenRepContent_sequence_of, hf_index, ett_cmp_GenRepContent); @@ -1114,6 +1237,109 @@ static int dissect_error(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_ } +static const ber_old_sequence_t CertStatus_sequence[] = { + { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_certHash }, + { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_certReqId }, + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_statusInfo }, + { 0, 0, 0, NULL } +}; + +int +dissect_cmp_CertStatus(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence(implicit_tag, actx, tree, tvb, offset, + CertStatus_sequence, hf_index, ett_cmp_CertStatus); + + return offset; +} +static int dissect_CertConfirmContent_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_CertStatus(FALSE, tvb, offset, actx, tree, hf_cmp_CertConfirmContent_item); +} + + +static const ber_old_sequence_t CertConfirmContent_sequence_of[1] = { + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_CertConfirmContent_item }, +}; + +int +dissect_cmp_CertConfirmContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence_of(implicit_tag, actx, tree, tvb, offset, + CertConfirmContent_sequence_of, hf_index, ett_cmp_CertConfirmContent); + + return offset; +} +static int dissect_certConf(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_CertConfirmContent(FALSE, tvb, offset, actx, tree, hf_cmp_certConf); +} + + +static const ber_old_sequence_t PollReqContent_item_sequence[] = { + { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_certReqId }, + { 0, 0, 0, NULL } +}; + +static int +dissect_cmp_PollReqContent_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence(implicit_tag, actx, tree, tvb, offset, + PollReqContent_item_sequence, hf_index, ett_cmp_PollReqContent_item); + + return offset; +} +static int dissect_PollReqContent_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_PollReqContent_item(FALSE, tvb, offset, actx, tree, hf_cmp_PollReqContent_item); +} + + +static const ber_old_sequence_t PollReqContent_sequence_of[1] = { + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_PollReqContent_item }, +}; + +int +dissect_cmp_PollReqContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence_of(implicit_tag, actx, tree, tvb, offset, + PollReqContent_sequence_of, hf_index, ett_cmp_PollReqContent); + + return offset; +} +static int dissect_pollReq(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_PollReqContent(FALSE, tvb, offset, actx, tree, hf_cmp_pollReq); +} + + +static const ber_old_sequence_t PollRepContent_item_sequence[] = { + { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_certReqId }, + { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_checkAfter }, + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_reason }, + { 0, 0, 0, NULL } +}; + +static int +dissect_cmp_PollRepContent_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence(implicit_tag, actx, tree, tvb, offset, + PollRepContent_item_sequence, hf_index, ett_cmp_PollRepContent_item); + + return offset; +} +static int dissect_PollRepContent_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_PollRepContent_item(FALSE, tvb, offset, actx, tree, hf_cmp_PollRepContent_item); +} + + +static const ber_old_sequence_t PollRepContent_sequence_of[1] = { + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_PollRepContent_item }, +}; + +int +dissect_cmp_PollRepContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence_of(implicit_tag, actx, tree, tvb, offset, + PollRepContent_sequence_of, hf_index, ett_cmp_PollRepContent); + + return offset; +} +static int dissect_pollRep(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_PollRepContent(FALSE, tvb, offset, actx, tree, hf_cmp_pollRep); +} + + const value_string cmp_PKIBody_vals[] = { { 0, "ir" }, { 1, "ip" }, @@ -1133,11 +1359,14 @@ const value_string cmp_PKIBody_vals[] = { { 16, "cann" }, { 17, "rann" }, { 18, "crlann" }, - { 19, "conf" }, + { 19, "pkiconf" }, { 20, "nested" }, { 21, "genm" }, { 22, "genp" }, { 23, "error" }, + { 24, "certConf" }, + { 25, "pollReq" }, + { 26, "pollRep" }, { 0, NULL } }; @@ -1160,11 +1389,14 @@ static const ber_old_choice_t PKIBody_choice[] = { { 16, BER_CLASS_CON, 16, 0, dissect_cann }, { 17, BER_CLASS_CON, 17, 0, dissect_rann }, { 18, BER_CLASS_CON, 18, 0, dissect_crlann }, - { 19, BER_CLASS_CON, 19, 0, dissect_conf }, + { 19, BER_CLASS_CON, 19, 0, dissect_pkiconf }, { 20, BER_CLASS_CON, 20, 0, dissect_nested }, { 21, BER_CLASS_CON, 21, 0, dissect_genm }, { 22, BER_CLASS_CON, 22, 0, dissect_genp }, { 23, BER_CLASS_CON, 23, 0, dissect_error }, + { 24, BER_CLASS_CON, 24, 0, dissect_certConf }, + { 25, BER_CLASS_CON, 25, 0, dissect_pollReq }, + { 26, BER_CLASS_CON, 26, 0, dissect_pollRep }, { 0, 0, 0, 0, NULL } }; @@ -1227,15 +1459,6 @@ dissect_cmp_ProtectedPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs } - -int -dissect_cmp_PasswordBasedMac(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_ber_object_identifier(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); - - return offset; -} - - static const ber_old_sequence_t PBMParameter_sequence[] = { { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_salt }, { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_owf }, @@ -1253,15 +1476,6 @@ dissect_cmp_PBMParameter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse } - -int -dissect_cmp_DHBasedMac(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_ber_object_identifier(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); - - return offset; -} - - static const ber_old_sequence_t DHBMParameter_sequence[] = { { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_owf }, { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_mac }, @@ -1280,7 +1494,7 @@ dissect_cmp_DHBMParameter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs int dissect_cmp_OOBCert(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_pkix1explicit_Certificate(implicit_tag, tvb, offset, actx, tree, hf_index); + offset = dissect_cmp_CMPCertificate(implicit_tag, tvb, offset, actx, tree, hf_index); return offset; } @@ -1316,6 +1530,243 @@ dissect_cmp_OOBCertHash(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset } + +static int +dissect_cmp_CAProtEncCertValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_cmp_CMPCertificate(implicit_tag, tvb, offset, actx, tree, hf_index); + + return offset; +} + + +static const ber_old_sequence_t SignKeyPairTypesValue_sequence_of[1] = { + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_SignKeyPairTypesValue_item }, +}; + +static int +dissect_cmp_SignKeyPairTypesValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence_of(implicit_tag, actx, tree, tvb, offset, + SignKeyPairTypesValue_sequence_of, hf_index, ett_cmp_SignKeyPairTypesValue); + + return offset; +} + + +static const ber_old_sequence_t EncKeyPairTypesValue_sequence_of[1] = { + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_EncKeyPairTypesValue_item }, +}; + +static int +dissect_cmp_EncKeyPairTypesValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence_of(implicit_tag, actx, tree, tvb, offset, + EncKeyPairTypesValue_sequence_of, hf_index, ett_cmp_EncKeyPairTypesValue); + + return offset; +} + + + +static int +dissect_cmp_PreferredSymmAlgValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_pkix1explicit_AlgorithmIdentifier(implicit_tag, tvb, offset, actx, tree, hf_index); + + return offset; +} + + + +static int +dissect_cmp_CAKeyUpdateInfoValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_cmp_CAKeyUpdAnnContent(implicit_tag, tvb, offset, actx, tree, hf_index); + + return offset; +} + + + +static int +dissect_cmp_CurrentCRLValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_pkix1explicit_CertificateList(implicit_tag, tvb, offset, actx, tree, hf_index); + + return offset; +} + + + +static int +dissect_cmp_OBJECT_IDENTIFIER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_object_identifier(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); + + return offset; +} +static int dissect_UnsupportedOIDsValue_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cmp_OBJECT_IDENTIFIER(FALSE, tvb, offset, actx, tree, hf_cmp_UnsupportedOIDsValue_item); +} + + +static const ber_old_sequence_t UnsupportedOIDsValue_sequence_of[1] = { + { BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_UnsupportedOIDsValue_item }, +}; + +static int +dissect_cmp_UnsupportedOIDsValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence_of(implicit_tag, actx, tree, tvb, offset, + UnsupportedOIDsValue_sequence_of, hf_index, ett_cmp_UnsupportedOIDsValue); + + return offset; +} + + + +static int +dissect_cmp_KeyPairParamReqValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_object_identifier(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); + + return offset; +} + + + +static int +dissect_cmp_KeyPairParamRepValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_pkix1explicit_AlgorithmIdentifier(implicit_tag, tvb, offset, actx, tree, hf_index); + + return offset; +} + + + +static int +dissect_cmp_RevPassphraseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_crmf_EncryptedValue(implicit_tag, tvb, offset, actx, tree, hf_index); + + return offset; +} + + + +static int +dissect_cmp_ImplicitConfirmValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_null(implicit_tag, actx, tree, tvb, offset, hf_index); + + return offset; +} + + + +static int +dissect_cmp_ConfirmWaitTimeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_GeneralizedTime(implicit_tag, actx, tree, tvb, offset, hf_index); + + return offset; +} + + + +static int +dissect_cmp_OrigPKIMessageValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_cmp_PKIMessages(implicit_tag, tvb, offset, actx, tree, hf_index); + + return offset; +} + + +static const ber_old_sequence_t SuppLangTagsValue_sequence_of[1] = { + { BER_CLASS_UNI, BER_UNI_TAG_UTF8String, BER_FLAGS_NOOWNTAG, dissect_SuppLangTagsValue_item }, +}; + +static int +dissect_cmp_SuppLangTagsValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence_of(implicit_tag, actx, tree, tvb, offset, + SuppLangTagsValue_sequence_of, hf_index, ett_cmp_SuppLangTagsValue); + + return offset; +} + +/*--- PDUs ---*/ + +static void dissect_PBMParameter_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_PBMParameter(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_PBMParameter_PDU); +} +static void dissect_DHBMParameter_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_DHBMParameter(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_DHBMParameter_PDU); +} +static void dissect_CAProtEncCertValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_CAProtEncCertValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_CAProtEncCertValue_PDU); +} +static void dissect_SignKeyPairTypesValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_SignKeyPairTypesValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_SignKeyPairTypesValue_PDU); +} +static void dissect_EncKeyPairTypesValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_EncKeyPairTypesValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_EncKeyPairTypesValue_PDU); +} +static void dissect_PreferredSymmAlgValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_PreferredSymmAlgValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_PreferredSymmAlgValue_PDU); +} +static void dissect_CAKeyUpdateInfoValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_CAKeyUpdateInfoValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_CAKeyUpdateInfoValue_PDU); +} +static void dissect_CurrentCRLValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_CurrentCRLValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_CurrentCRLValue_PDU); +} +static void dissect_UnsupportedOIDsValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_UnsupportedOIDsValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_UnsupportedOIDsValue_PDU); +} +static void dissect_KeyPairParamReqValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_KeyPairParamReqValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_KeyPairParamReqValue_PDU); +} +static void dissect_KeyPairParamRepValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_KeyPairParamRepValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_KeyPairParamRepValue_PDU); +} +static void dissect_RevPassphraseValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_RevPassphraseValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_RevPassphraseValue_PDU); +} +static void dissect_ImplicitConfirmValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_ImplicitConfirmValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_ImplicitConfirmValue_PDU); +} +static void dissect_ConfirmWaitTimeValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_ConfirmWaitTimeValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_ConfirmWaitTimeValue_PDU); +} +static void dissect_OrigPKIMessageValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_OrigPKIMessageValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_OrigPKIMessageValue_PDU); +} +static void dissect_SuppLangTagsValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_cmp_SuppLangTagsValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_cmp_SuppLangTagsValue_PDU); +} + + /*--- End of included file: packet-cmp-fn.c ---*/ #line 75 "packet-cmp-template.c" @@ -1531,6 +1982,74 @@ void proto_register_cmp(void) { /*--- Included file: packet-cmp-hfarr.c ---*/ #line 1 "packet-cmp-hfarr.c" + { &hf_cmp_PBMParameter_PDU, + { "PBMParameter", "cmp.PBMParameter", + FT_NONE, BASE_NONE, NULL, 0, + "cmp.PBMParameter", HFILL }}, + { &hf_cmp_DHBMParameter_PDU, + { "DHBMParameter", "cmp.DHBMParameter", + FT_NONE, BASE_NONE, NULL, 0, + "cmp.DHBMParameter", HFILL }}, + { &hf_cmp_CAProtEncCertValue_PDU, + { "CAProtEncCertValue", "cmp.CAProtEncCertValue", + FT_UINT32, BASE_DEC, VALS(cmp_CMPCertificate_vals), 0, + "cmp.CAProtEncCertValue", HFILL }}, + { &hf_cmp_SignKeyPairTypesValue_PDU, + { "SignKeyPairTypesValue", "cmp.SignKeyPairTypesValue", + FT_UINT32, BASE_DEC, NULL, 0, + "cmp.SignKeyPairTypesValue", HFILL }}, + { &hf_cmp_EncKeyPairTypesValue_PDU, + { "EncKeyPairTypesValue", "cmp.EncKeyPairTypesValue", + FT_UINT32, BASE_DEC, NULL, 0, + "cmp.EncKeyPairTypesValue", HFILL }}, + { &hf_cmp_PreferredSymmAlgValue_PDU, + { "PreferredSymmAlgValue", "cmp.PreferredSymmAlgValue", + FT_NONE, BASE_NONE, NULL, 0, + "cmp.PreferredSymmAlgValue", HFILL }}, + { &hf_cmp_CAKeyUpdateInfoValue_PDU, + { "CAKeyUpdateInfoValue", "cmp.CAKeyUpdateInfoValue", + FT_NONE, BASE_NONE, NULL, 0, + "cmp.CAKeyUpdateInfoValue", HFILL }}, + { &hf_cmp_CurrentCRLValue_PDU, + { "CurrentCRLValue", "cmp.CurrentCRLValue", + FT_NONE, BASE_NONE, NULL, 0, + "cmp.CurrentCRLValue", HFILL }}, + { &hf_cmp_UnsupportedOIDsValue_PDU, + { "UnsupportedOIDsValue", "cmp.UnsupportedOIDsValue", + FT_UINT32, BASE_DEC, NULL, 0, + "cmp.UnsupportedOIDsValue", HFILL }}, + { &hf_cmp_KeyPairParamReqValue_PDU, + { "KeyPairParamReqValue", "cmp.KeyPairParamReqValue", + FT_OID, BASE_NONE, NULL, 0, + "cmp.KeyPairParamReqValue", HFILL }}, + { &hf_cmp_KeyPairParamRepValue_PDU, + { "KeyPairParamRepValue", "cmp.KeyPairParamRepValue", + FT_NONE, BASE_NONE, NULL, 0, + "cmp.KeyPairParamRepValue", HFILL }}, + { &hf_cmp_RevPassphraseValue_PDU, + { "RevPassphraseValue", "cmp.RevPassphraseValue", + FT_NONE, BASE_NONE, NULL, 0, + "cmp.RevPassphraseValue", HFILL }}, + { &hf_cmp_ImplicitConfirmValue_PDU, + { "ImplicitConfirmValue", "cmp.ImplicitConfirmValue", + FT_NONE, BASE_NONE, NULL, 0, + "cmp.ImplicitConfirmValue", HFILL }}, + { &hf_cmp_ConfirmWaitTimeValue_PDU, + { "ConfirmWaitTimeValue", "cmp.ConfirmWaitTimeValue", + FT_STRING, BASE_NONE, NULL, 0, + "cmp.ConfirmWaitTimeValue", HFILL }}, + { &hf_cmp_OrigPKIMessageValue_PDU, + { "OrigPKIMessageValue", "cmp.OrigPKIMessageValue", + FT_UINT32, BASE_DEC, NULL, 0, + "cmp.OrigPKIMessageValue", HFILL }}, + { &hf_cmp_SuppLangTagsValue_PDU, + { "SuppLangTagsValue", "cmp.SuppLangTagsValue", + FT_UINT32, BASE_DEC, NULL, 0, + "cmp.SuppLangTagsValue", HFILL }}, + { &hf_cmp_x509v3PKCert, + { "x509v3PKCert", "cmp.x509v3PKCert", + FT_NONE, BASE_NONE, NULL, 0, + "pkix1explicit.Certificate", HFILL }}, { &hf_cmp_header, { "header", "cmp.header", FT_NONE, BASE_NONE, NULL, 0, @@ -1546,11 +2065,15 @@ void proto_register_cmp(void) { { &hf_cmp_extraCerts, { "extraCerts", "cmp.extraCerts", FT_UINT32, BASE_DEC, NULL, 0, - "cmp.SEQUENCE_SIZE_1_MAX_OF_Certificate", HFILL }}, + "cmp.SEQUENCE_SIZE_1_MAX_OF_CMPCertificate", HFILL }}, { &hf_cmp_extraCerts_item, { "Item", "cmp.extraCerts_item", + FT_UINT32, BASE_DEC, VALS(cmp_CMPCertificate_vals), 0, + "cmp.CMPCertificate", HFILL }}, + { &hf_cmp_PKIMessages_item, + { "Item", "cmp.PKIMessages_item", FT_NONE, BASE_NONE, NULL, 0, - "pkix1explicit.Certificate", HFILL }}, + "cmp.PKIMessage", HFILL }}, { &hf_cmp_pvno, { "pvno", "cmp.pvno", FT_INT32, BASE_DEC, VALS(cmp_T_pvno_vals), 0, @@ -1574,11 +2097,11 @@ void proto_register_cmp(void) { { &hf_cmp_senderKID, { "senderKID", "cmp.senderKID", FT_BYTES, BASE_HEX, NULL, 0, - "cmp.KeyIdentifier", HFILL }}, + "pkix1implicit.KeyIdentifier", HFILL }}, { &hf_cmp_recipKID, { "recipKID", "cmp.recipKID", FT_BYTES, BASE_HEX, NULL, 0, - "cmp.KeyIdentifier", HFILL }}, + "pkix1implicit.KeyIdentifier", HFILL }}, { &hf_cmp_transactionID, { "transactionID", "cmp.transactionID", FT_BYTES, BASE_HEX, NULL, 0, @@ -1669,7 +2192,7 @@ void proto_register_cmp(void) { "cmp.CAKeyUpdAnnContent", HFILL }}, { &hf_cmp_cann, { "cann", "cmp.cann", - FT_NONE, BASE_NONE, NULL, 0, + FT_UINT32, BASE_DEC, VALS(cmp_CMPCertificate_vals), 0, "cmp.CertAnnContent", HFILL }}, { &hf_cmp_rann, { "rann", "cmp.rann", @@ -1679,13 +2202,13 @@ void proto_register_cmp(void) { { "crlann", "cmp.crlann", FT_UINT32, BASE_DEC, NULL, 0, "cmp.CRLAnnContent", HFILL }}, - { &hf_cmp_conf, - { "conf", "cmp.conf", + { &hf_cmp_pkiconf, + { "pkiconf", "cmp.pkiconf", FT_NONE, BASE_NONE, NULL, 0, "cmp.PKIConfirmContent", HFILL }}, { &hf_cmp_nested, { "nested", "cmp.nested", - FT_NONE, BASE_NONE, NULL, 0, + FT_UINT32, BASE_DEC, NULL, 0, "cmp.NestedMessageContent", HFILL }}, { &hf_cmp_genm, { "genm", "cmp.genm", @@ -1699,6 +2222,18 @@ void proto_register_cmp(void) { { "error", "cmp.error", FT_NONE, BASE_NONE, NULL, 0, "cmp.ErrorMsgContent", HFILL }}, + { &hf_cmp_certConf, + { "certConf", "cmp.certConf", + FT_UINT32, BASE_DEC, NULL, 0, + "cmp.CertConfirmContent", HFILL }}, + { &hf_cmp_pollReq, + { "pollReq", "cmp.pollReq", + FT_UINT32, BASE_DEC, NULL, 0, + "cmp.PollReqContent", HFILL }}, + { &hf_cmp_pollRep, + { "pollRep", "cmp.pollRep", + FT_UINT32, BASE_DEC, NULL, 0, + "cmp.PollRepContent", HFILL }}, { &hf_cmp_salt, { "salt", "cmp.salt", FT_BYTES, BASE_HEX, NULL, 0, @@ -1715,7 +2250,7 @@ void proto_register_cmp(void) { { "mac", "cmp.mac", FT_NONE, BASE_NONE, NULL, 0, "pkix1explicit.AlgorithmIdentifier", HFILL }}, - { &hf_cmp_status, + { &hf_cmp_pkistatus, { "status", "cmp.status", FT_INT32, BASE_DEC, VALS(cmp_PKIStatus_vals), 0, "cmp.PKIStatus", HFILL }}, @@ -1758,11 +2293,11 @@ void proto_register_cmp(void) { { &hf_cmp_caPubs, { "caPubs", "cmp.caPubs", FT_UINT32, BASE_DEC, NULL, 0, - "cmp.SEQUENCE_SIZE_1_MAX_OF_Certificate", HFILL }}, + "cmp.SEQUENCE_SIZE_1_MAX_OF_CMPCertificate", HFILL }}, { &hf_cmp_caPubs_item, { "Item", "cmp.caPubs_item", - FT_NONE, BASE_NONE, NULL, 0, - "pkix1explicit.Certificate", HFILL }}, + FT_UINT32, BASE_DEC, VALS(cmp_CMPCertificate_vals), 0, + "cmp.CMPCertificate", HFILL }}, { &hf_cmp_response, { "response", "cmp.response", FT_UINT32, BASE_DEC, NULL, 0, @@ -1775,7 +2310,7 @@ void proto_register_cmp(void) { { "certReqId", "cmp.certReqId", FT_INT32, BASE_DEC, NULL, 0, "cmp.INTEGER", HFILL }}, - { &hf_cmp_status_01, + { &hf_cmp_pkistatusinf, { "status", "cmp.status", FT_NONE, BASE_NONE, NULL, 0, "cmp.PKIStatusInfo", HFILL }}, @@ -1801,24 +2336,24 @@ void proto_register_cmp(void) { "crmf.PKIPublicationInfo", HFILL }}, { &hf_cmp_certificate, { "certificate", "cmp.certificate", - FT_NONE, BASE_NONE, NULL, 0, - "pkix1explicit.Certificate", HFILL }}, + FT_UINT32, BASE_DEC, VALS(cmp_CMPCertificate_vals), 0, + "cmp.CMPCertificate", HFILL }}, { &hf_cmp_encryptedCert, { "encryptedCert", "cmp.encryptedCert", FT_NONE, BASE_NONE, NULL, 0, "crmf.EncryptedValue", HFILL }}, { &hf_cmp_newSigCert, { "newSigCert", "cmp.newSigCert", - FT_NONE, BASE_NONE, NULL, 0, - "pkix1explicit.Certificate", HFILL }}, + FT_UINT32, BASE_DEC, VALS(cmp_CMPCertificate_vals), 0, + "cmp.CMPCertificate", HFILL }}, { &hf_cmp_caCerts, { "caCerts", "cmp.caCerts", FT_UINT32, BASE_DEC, NULL, 0, - "cmp.SEQUENCE_SIZE_1_MAX_OF_Certificate", HFILL }}, + "cmp.SEQUENCE_SIZE_1_MAX_OF_CMPCertificate", HFILL }}, { &hf_cmp_caCerts_item, { "Item", "cmp.caCerts_item", - FT_NONE, BASE_NONE, NULL, 0, - "pkix1explicit.Certificate", HFILL }}, + FT_UINT32, BASE_DEC, VALS(cmp_CMPCertificate_vals), 0, + "cmp.CMPCertificate", HFILL }}, { &hf_cmp_keyPairHist, { "keyPairHist", "cmp.keyPairHist", FT_UINT32, BASE_DEC, NULL, 0, @@ -1835,23 +2370,15 @@ void proto_register_cmp(void) { { "certDetails", "cmp.certDetails", FT_NONE, BASE_NONE, NULL, 0, "crmf.CertTemplate", HFILL }}, - { &hf_cmp_revocationReason, - { "revocationReason", "cmp.revocationReason", - FT_BYTES, BASE_HEX, NULL, 0, - "pkix1implicit.ReasonFlags", HFILL }}, - { &hf_cmp_badSinceDate, - { "badSinceDate", "cmp.badSinceDate", - FT_STRING, BASE_NONE, NULL, 0, - "cmp.GeneralizedTime", HFILL }}, { &hf_cmp_crlEntryDetails, { "crlEntryDetails", "cmp.crlEntryDetails", FT_UINT32, BASE_DEC, NULL, 0, "pkix1explicit.Extensions", HFILL }}, - { &hf_cmp_status_02, + { &hf_cmp_rvrpcnt_status, { "status", "cmp.status", FT_UINT32, BASE_DEC, NULL, 0, "cmp.SEQUENCE_SIZE_1_MAX_OF_PKIStatusInfo", HFILL }}, - { &hf_cmp_status_item, + { &hf_cmp_rvrpcnt_status_item, { "Item", "cmp.status_item", FT_NONE, BASE_NONE, NULL, 0, "cmp.PKIStatusInfo", HFILL }}, @@ -1873,20 +2400,24 @@ void proto_register_cmp(void) { "pkix1explicit.CertificateList", HFILL }}, { &hf_cmp_oldWithNew, { "oldWithNew", "cmp.oldWithNew", - FT_NONE, BASE_NONE, NULL, 0, - "pkix1explicit.Certificate", HFILL }}, + FT_UINT32, BASE_DEC, VALS(cmp_CMPCertificate_vals), 0, + "cmp.CMPCertificate", HFILL }}, { &hf_cmp_newWithOld, { "newWithOld", "cmp.newWithOld", - FT_NONE, BASE_NONE, NULL, 0, - "pkix1explicit.Certificate", HFILL }}, + FT_UINT32, BASE_DEC, VALS(cmp_CMPCertificate_vals), 0, + "cmp.CMPCertificate", HFILL }}, { &hf_cmp_newWithNew, { "newWithNew", "cmp.newWithNew", - FT_NONE, BASE_NONE, NULL, 0, - "pkix1explicit.Certificate", HFILL }}, + FT_UINT32, BASE_DEC, VALS(cmp_CMPCertificate_vals), 0, + "cmp.CMPCertificate", HFILL }}, { &hf_cmp_willBeRevokedAt, { "willBeRevokedAt", "cmp.willBeRevokedAt", FT_STRING, BASE_NONE, NULL, 0, "cmp.GeneralizedTime", HFILL }}, + { &hf_cmp_badSinceDate, + { "badSinceDate", "cmp.badSinceDate", + FT_STRING, BASE_NONE, NULL, 0, + "cmp.GeneralizedTime", HFILL }}, { &hf_cmp_crlDetails, { "crlDetails", "cmp.crlDetails", FT_UINT32, BASE_DEC, NULL, 0, @@ -1895,6 +2426,18 @@ void proto_register_cmp(void) { { "Item", "cmp.CRLAnnContent_item", FT_NONE, BASE_NONE, NULL, 0, "pkix1explicit.CertificateList", HFILL }}, + { &hf_cmp_CertConfirmContent_item, + { "Item", "cmp.CertConfirmContent_item", + FT_NONE, BASE_NONE, NULL, 0, + "cmp.CertStatus", HFILL }}, + { &hf_cmp_certHash, + { "certHash", "cmp.certHash", + FT_BYTES, BASE_HEX, NULL, 0, + "cmp.OCTET_STRING", HFILL }}, + { &hf_cmp_statusInfo, + { "statusInfo", "cmp.statusInfo", + FT_NONE, BASE_NONE, NULL, 0, + "cmp.PKIStatusInfo", HFILL }}, { &hf_cmp_infoType, { "infoType", "cmp.infoType", FT_OID, BASE_NONE, NULL, 0, @@ -1903,6 +2446,22 @@ void proto_register_cmp(void) { { "infoValue", "cmp.infoValue", FT_NONE, BASE_NONE, NULL, 0, "cmp.T_infoValue", HFILL }}, + { &hf_cmp_SignKeyPairTypesValue_item, + { "Item", "cmp.SignKeyPairTypesValue_item", + FT_NONE, BASE_NONE, NULL, 0, + "pkix1explicit.AlgorithmIdentifier", HFILL }}, + { &hf_cmp_EncKeyPairTypesValue_item, + { "Item", "cmp.EncKeyPairTypesValue_item", + FT_NONE, BASE_NONE, NULL, 0, + "pkix1explicit.AlgorithmIdentifier", HFILL }}, + { &hf_cmp_UnsupportedOIDsValue_item, + { "Item", "cmp.UnsupportedOIDsValue_item", + FT_OID, BASE_NONE, NULL, 0, + "cmp.OBJECT_IDENTIFIER", HFILL }}, + { &hf_cmp_SuppLangTagsValue_item, + { "Item", "cmp.SuppLangTagsValue_item", + FT_STRING, BASE_NONE, NULL, 0, + "cmp.UTF8String", HFILL }}, { &hf_cmp_GenMsgContent_item, { "Item", "cmp.GenMsgContent_item", FT_NONE, BASE_NONE, NULL, 0, @@ -1923,6 +2482,22 @@ void proto_register_cmp(void) { { "errorDetails", "cmp.errorDetails", FT_UINT32, BASE_DEC, NULL, 0, "cmp.PKIFreeText", HFILL }}, + { &hf_cmp_PollReqContent_item, + { "Item", "cmp.PollReqContent_item", + FT_NONE, BASE_NONE, NULL, 0, + "cmp.PollReqContent_item", HFILL }}, + { &hf_cmp_PollRepContent_item, + { "Item", "cmp.PollRepContent_item", + FT_NONE, BASE_NONE, NULL, 0, + "cmp.PollRepContent_item", HFILL }}, + { &hf_cmp_checkAfter, + { "checkAfter", "cmp.checkAfter", + FT_INT32, BASE_DEC, NULL, 0, + "cmp.INTEGER", HFILL }}, + { &hf_cmp_reason, + { "reason", "cmp.reason", + FT_UINT32, BASE_DEC, NULL, 0, + "cmp.PKIFreeText", HFILL }}, { &hf_cmp_PKIFailureInfo_badAlg, { "badAlg", "cmp.badAlg", FT_BOOLEAN, 8, NULL, 0x80, @@ -1963,6 +2538,74 @@ void proto_register_cmp(void) { { "badPOP", "cmp.badPOP", FT_BOOLEAN, 8, NULL, 0x40, "", HFILL }}, + { &hf_cmp_PKIFailureInfo_certRevoked, + { "certRevoked", "cmp.certRevoked", + FT_BOOLEAN, 8, NULL, 0x20, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_certConfirmed, + { "certConfirmed", "cmp.certConfirmed", + FT_BOOLEAN, 8, NULL, 0x10, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_wrongIntegrity, + { "wrongIntegrity", "cmp.wrongIntegrity", + FT_BOOLEAN, 8, NULL, 0x08, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_badRecipientNonce, + { "badRecipientNonce", "cmp.badRecipientNonce", + FT_BOOLEAN, 8, NULL, 0x04, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_timeNotAvailable, + { "timeNotAvailable", "cmp.timeNotAvailable", + FT_BOOLEAN, 8, NULL, 0x02, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_unacceptedPolicy, + { "unacceptedPolicy", "cmp.unacceptedPolicy", + FT_BOOLEAN, 8, NULL, 0x01, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_unacceptedExtension, + { "unacceptedExtension", "cmp.unacceptedExtension", + FT_BOOLEAN, 8, NULL, 0x80, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_addInfoNotAvailable, + { "addInfoNotAvailable", "cmp.addInfoNotAvailable", + FT_BOOLEAN, 8, NULL, 0x40, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_badSenderNonce, + { "badSenderNonce", "cmp.badSenderNonce", + FT_BOOLEAN, 8, NULL, 0x20, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_badCertTemplate, + { "badCertTemplate", "cmp.badCertTemplate", + FT_BOOLEAN, 8, NULL, 0x10, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_signerNotTrusted, + { "signerNotTrusted", "cmp.signerNotTrusted", + FT_BOOLEAN, 8, NULL, 0x08, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_transactionIdInUse, + { "transactionIdInUse", "cmp.transactionIdInUse", + FT_BOOLEAN, 8, NULL, 0x04, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_unsupportedVersion, + { "unsupportedVersion", "cmp.unsupportedVersion", + FT_BOOLEAN, 8, NULL, 0x02, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_notAuthorized, + { "notAuthorized", "cmp.notAuthorized", + FT_BOOLEAN, 8, NULL, 0x01, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_systemUnavail, + { "systemUnavail", "cmp.systemUnavail", + FT_BOOLEAN, 8, NULL, 0x80, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_systemFailure, + { "systemFailure", "cmp.systemFailure", + FT_BOOLEAN, 8, NULL, 0x40, + "", HFILL }}, + { &hf_cmp_PKIFailureInfo_duplicateCertReq, + { "duplicateCertReq", "cmp.duplicateCertReq", + FT_BOOLEAN, 8, NULL, 0x20, + "", HFILL }}, /*--- End of included file: packet-cmp-hfarr.c ---*/ #line 286 "packet-cmp-template.c" @@ -1974,8 +2617,10 @@ void proto_register_cmp(void) { /*--- Included file: packet-cmp-ettarr.c ---*/ #line 1 "packet-cmp-ettarr.c" + &ett_cmp_CMPCertificate, &ett_cmp_PKIMessage, - &ett_cmp_SEQUENCE_SIZE_1_MAX_OF_Certificate, + &ett_cmp_SEQUENCE_SIZE_1_MAX_OF_CMPCertificate, + &ett_cmp_PKIMessages, &ett_cmp_PKIHeader, &ett_cmp_SEQUENCE_SIZE_1_MAX_OF_InfoTypeAndValue, &ett_cmp_PKIFreeText, @@ -2005,10 +2650,20 @@ void proto_register_cmp(void) { &ett_cmp_CAKeyUpdAnnContent, &ett_cmp_RevAnnContent, &ett_cmp_CRLAnnContent, + &ett_cmp_CertConfirmContent, + &ett_cmp_CertStatus, &ett_cmp_InfoTypeAndValue, + &ett_cmp_SignKeyPairTypesValue, + &ett_cmp_EncKeyPairTypesValue, + &ett_cmp_UnsupportedOIDsValue, + &ett_cmp_SuppLangTagsValue, &ett_cmp_GenMsgContent, &ett_cmp_GenRepContent, &ett_cmp_ErrorMsgContent, + &ett_cmp_PollReqContent, + &ett_cmp_PollReqContent_item, + &ett_cmp_PollRepContent, + &ett_cmp_PollRepContent_item, /*--- End of included file: packet-cmp-ettarr.c ---*/ #line 292 "packet-cmp-template.c" diff --git a/epan/dissectors/packet-cmp.h b/epan/dissectors/packet-cmp.h index a9d3c688d6..42fa8feec7 100644 --- a/epan/dissectors/packet-cmp.h +++ b/epan/dissectors/packet-cmp.h @@ -37,18 +37,19 @@ /*--- Included file: packet-cmp-exp.h ---*/ #line 1 "packet-cmp-exp.h" +extern const value_string cmp_CMPCertificate_vals[]; extern const value_string cmp_PKIBody_vals[]; extern const value_string cmp_PKIStatus_vals[]; extern const value_string cmp_CertOrEncCert_vals[]; +int dissect_cmp_CMPCertificate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_PKIMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_cmp_PKIMessages(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_PKIHeader(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_PKIFreeText(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_PKIBody(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_PKIProtection(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_ProtectedPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); -int dissect_cmp_PasswordBasedMac(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_PBMParameter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); -int dissect_cmp_DHBasedMac(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_DHBMParameter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_NestedMessageContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_PKIStatus(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); @@ -56,7 +57,6 @@ int dissect_cmp_PKIFailureInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int int dissect_cmp_PKIStatusInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_OOBCert(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_OOBCertHash(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); -int dissect_cmp_POPODecKeyChallContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_Challenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_POPODecKeyRespContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_CertRepMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); @@ -71,11 +71,14 @@ int dissect_cmp_CAKeyUpdAnnContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int dissect_cmp_CertAnnContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_RevAnnContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_CRLAnnContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_cmp_CertConfirmContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_cmp_CertStatus(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_PKIConfirmContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_InfoTypeAndValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_GenMsgContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); -int dissect_cmp_GenRepContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_cmp_ErrorMsgContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_cmp_PollReqContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_cmp_PollRepContent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); /*--- End of included file: packet-cmp-exp.h ---*/ #line 30 "packet-cmp-template.h" diff --git a/epan/dissectors/packet-crmf.c b/epan/dissectors/packet-crmf.c index 674a882c73..914754e651 100644 --- a/epan/dissectors/packet-crmf.c +++ b/epan/dissectors/packet-crmf.c @@ -59,12 +59,15 @@ static int hf_crmf_type_oid = -1; /*--- Included file: packet-crmf-hf.c ---*/ #line 1 "packet-crmf-hf.c" +static int hf_crmf_CertRequest_PDU = -1; /* CertRequest */ static int hf_crmf_PBMParameter_PDU = -1; /* PBMParameter */ -static int hf_crmf_utcTime = -1; /* UTCTime */ -static int hf_crmf_generalTime = -1; /* GeneralizedTime */ +static int hf_crmf_CertId_PDU = -1; /* CertId */ +static int hf_crmf_ProtocolEncrKey_PDU = -1; /* ProtocolEncrKey */ +static int hf_crmf_UTF8Pairs_PDU = -1; /* UTF8Pairs */ +static int hf_crmf_EncKeyWithID_PDU = -1; /* EncKeyWithID */ static int hf_crmf_CertReqMessages_item = -1; /* CertReqMsg */ static int hf_crmf_certReq = -1; /* CertRequest */ -static int hf_crmf_pop = -1; /* ProofOfPossession */ +static int hf_crmf_popo = -1; /* ProofOfPossession */ static int hf_crmf_regInfo = -1; /* SEQUENCE_SIZE_1_MAX_OF_AttributeTypeAndValue */ static int hf_crmf_regInfo_item = -1; /* AttributeTypeAndValue */ static int hf_crmf_certReqId = -1; /* INTEGER */ @@ -104,6 +107,8 @@ static int hf_crmf_mac = -1; /* AlgorithmIdentifier */ static int hf_crmf_thisMessage = -1; /* BIT_STRING */ static int hf_crmf_subsequentMessage = -1; /* SubsequentMessage */ static int hf_crmf_dhMAC = -1; /* BIT_STRING */ +static int hf_crmf_agreeMAC = -1; /* PKMACValue */ +static int hf_crmf_encryptedKey = -1; /* EnvelopedData */ static int hf_crmf_action = -1; /* T_action */ static int hf_crmf_pubInfos = -1; /* SEQUENCE_SIZE_1_MAX_OF_SinglePubInfo */ static int hf_crmf_pubInfos_item = -1; /* SinglePubInfo */ @@ -121,6 +126,15 @@ static int hf_crmf_keyAlg = -1; /* AlgorithmIdentifier */ static int hf_crmf_valueHint = -1; /* OCTET_STRING */ static int hf_crmf_encValue = -1; /* BIT_STRING */ static int hf_crmf_issuer = -1; /* GeneralName */ +static int hf_crmf_enckeywid_privkey = -1; /* PrivateKeyInfo */ +static int hf_crmf_identifier = -1; /* T_identifier */ +static int hf_crmf_string = -1; /* UTF8String */ +static int hf_crmf_generalName = -1; /* GeneralName */ +static int hf_crmf_privkey_version = -1; /* INTEGER */ +static int hf_crmf_privateKeyAlgorithm = -1; /* AlgorithmIdentifier */ +static int hf_crmf_privateKey = -1; /* OCTET_STRING */ +static int hf_crmf_attributes = -1; /* Attributes */ +static int hf_crmf_Attributes_item = -1; /* Attribute */ /*--- End of included file: packet-crmf-hf.c ---*/ #line 52 "packet-crmf-template.c" @@ -129,7 +143,6 @@ static int hf_crmf_issuer = -1; /* GeneralName */ /*--- Included file: packet-crmf-ett.c ---*/ #line 1 "packet-crmf-ett.c" -static gint ett_crmf_Time = -1; static gint ett_crmf_CertReqMessages = -1; static gint ett_crmf_CertReqMsg = -1; static gint ett_crmf_SEQUENCE_SIZE_1_MAX_OF_AttributeTypeAndValue = -1; @@ -152,6 +165,10 @@ static gint ett_crmf_PKIArchiveOptions = -1; static gint ett_crmf_EncryptedKey = -1; static gint ett_crmf_EncryptedValue = -1; static gint ett_crmf_CertId = -1; +static gint ett_crmf_EncKeyWithID = -1; +static gint ett_crmf_T_identifier = -1; +static gint ett_crmf_PrivateKeyInfo = -1; +static gint ett_crmf_Attributes = -1; /*--- End of included file: packet-crmf-ett.c ---*/ #line 55 "packet-crmf-template.c" @@ -163,6 +180,9 @@ static const char *object_identifier_id; #line 1 "packet-crmf-fn.c" /*--- Fields for imported types ---*/ +static int dissect_version_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_Version(TRUE, tvb, offset, actx, tree, hf_crmf_version); +} static int dissect_signingAlg_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_pkix1explicit_AlgorithmIdentifier(TRUE, tvb, offset, actx, tree, hf_crmf_signingAlg); } @@ -178,9 +198,21 @@ static int dissect_publicKey(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset static int dissect_publicKey_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_pkix1explicit_SubjectPublicKeyInfo(TRUE, tvb, offset, actx, tree, hf_crmf_publicKey); } +static int dissect_issuerUID_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_UniqueIdentifier(TRUE, tvb, offset, actx, tree, hf_crmf_issuerUID); +} +static int dissect_subjectUID_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_UniqueIdentifier(TRUE, tvb, offset, actx, tree, hf_crmf_subjectUID); +} static int dissect_extensions_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_pkix1explicit_Extensions(TRUE, tvb, offset, actx, tree, hf_crmf_extensions); } +static int dissect_notBefore_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_Time(TRUE, tvb, offset, actx, tree, hf_crmf_notBefore); +} +static int dissect_notAfter_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_Time(TRUE, tvb, offset, actx, tree, hf_crmf_notAfter); +} static int dissect_algorithmIdentifier(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_pkix1explicit_AlgorithmIdentifier(FALSE, tvb, offset, actx, tree, hf_crmf_algorithmIdentifier); } @@ -196,6 +228,9 @@ static int dissect_owf(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, static int dissect_mac(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_pkix1explicit_AlgorithmIdentifier(FALSE, tvb, offset, actx, tree, hf_crmf_mac); } +static int dissect_encryptedKey_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_cms_EnvelopedData(TRUE, tvb, offset, actx, tree, hf_crmf_encryptedKey); +} static int dissect_pubLocation(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_pkix1implicit_GeneralName(FALSE, tvb, offset, actx, tree, hf_crmf_pubLocation); } @@ -214,96 +249,14 @@ static int dissect_keyAlg_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offs static int dissect_issuer(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_pkix1implicit_GeneralName(FALSE, tvb, offset, actx, tree, hf_crmf_issuer); } - - -static const value_string crmf_Version_vals[] = { - { 0, "v1" }, - { 1, "v2" }, - { 2, "v3" }, - { 0, NULL } -}; - - -static int -dissect_crmf_Version(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, - NULL); - - return offset; +static int dissect_generalName(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1implicit_GeneralName(FALSE, tvb, offset, actx, tree, hf_crmf_generalName); } -static int dissect_version_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_crmf_Version(TRUE, tvb, offset, actx, tree, hf_crmf_version); +static int dissect_privateKeyAlgorithm(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_AlgorithmIdentifier(FALSE, tvb, offset, actx, tree, hf_crmf_privateKeyAlgorithm); } - - - -static int -dissect_crmf_UniqueIdentifier(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, - NULL, hf_index, -1, - NULL); - - return offset; -} -static int dissect_issuerUID_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_crmf_UniqueIdentifier(TRUE, tvb, offset, actx, tree, hf_crmf_issuerUID); -} -static int dissect_subjectUID_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_crmf_UniqueIdentifier(TRUE, tvb, offset, actx, tree, hf_crmf_subjectUID); -} - - - -static int -dissect_crmf_UTCTime(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_UTCTime, - actx, tree, tvb, offset, hf_index, - NULL); - - return offset; -} -static int dissect_utcTime(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_crmf_UTCTime(FALSE, tvb, offset, actx, tree, hf_crmf_utcTime); -} - - - -static int -dissect_crmf_GeneralizedTime(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_ber_GeneralizedTime(implicit_tag, actx, tree, tvb, offset, hf_index); - - return offset; -} -static int dissect_generalTime(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_crmf_GeneralizedTime(FALSE, tvb, offset, actx, tree, hf_crmf_generalTime); -} - - -static const value_string crmf_Time_vals[] = { - { 0, "utcTime" }, - { 1, "generalTime" }, - { 0, NULL } -}; - -static const ber_old_choice_t Time_choice[] = { - { 0, BER_CLASS_UNI, BER_UNI_TAG_UTCTime, BER_FLAGS_NOOWNTAG, dissect_utcTime }, - { 1, BER_CLASS_UNI, BER_UNI_TAG_GeneralizedTime, BER_FLAGS_NOOWNTAG, dissect_generalTime }, - { 0, 0, 0, 0, NULL } -}; - -static int -dissect_crmf_Time(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_ber_old_choice(actx, tree, tvb, offset, - Time_choice, hf_index, ett_crmf_Time, - NULL); - - return offset; -} -static int dissect_notBefore_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_crmf_Time(TRUE, tvb, offset, actx, tree, hf_crmf_notBefore); -} -static int dissect_notAfter_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_crmf_Time(TRUE, tvb, offset, actx, tree, hf_crmf_notAfter); +static int dissect_Attributes_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_Attribute(FALSE, tvb, offset, actx, tree, hf_crmf_Attributes_item); } @@ -327,11 +280,14 @@ static int dissect_serialNumber_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, in static int dissect_iterationCount(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_crmf_INTEGER(FALSE, tvb, offset, actx, tree, hf_crmf_iterationCount); } +static int dissect_privkey_version(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_crmf_INTEGER(FALSE, tvb, offset, actx, tree, hf_crmf_privkey_version); +} static const ber_old_sequence_t OptionalValidity_sequence[] = { - { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG|BER_FLAGS_NOTCHKTAG, dissect_notBefore_impl }, - { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG|BER_FLAGS_NOTCHKTAG, dissect_notAfter_impl }, + { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_notBefore_impl }, + { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_notAfter_impl }, { 0, 0, 0, NULL } }; @@ -388,7 +344,7 @@ static int dissect_type(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, static int dissect_crmf_T_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 59 "crmf.cnf" +#line 70 "crmf.cnf" offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); @@ -513,6 +469,9 @@ dissect_crmf_PKMACValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_publicKeyMAC(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_crmf_PKMACValue(FALSE, tvb, offset, actx, tree, hf_crmf_publicKeyMAC); } +static int dissect_agreeMAC_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_crmf_PKMACValue(TRUE, tvb, offset, actx, tree, hf_crmf_agreeMAC); +} static const value_string crmf_T_authInfo_vals[] = { @@ -600,6 +559,8 @@ const value_string crmf_POPOPrivKey_vals[] = { { 0, "thisMessage" }, { 1, "subsequentMessage" }, { 2, "dhMAC" }, + { 3, "agreeMAC" }, + { 4, "encryptedKey" }, { 0, NULL } }; @@ -607,6 +568,8 @@ static const ber_old_choice_t POPOPrivKey_choice[] = { { 0, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_thisMessage_impl }, { 1, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_subsequentMessage_impl }, { 2, BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_dhMAC_impl }, + { 3, BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_agreeMAC_impl }, + { 4, BER_CLASS_CON, 4, BER_FLAGS_IMPLTAG, dissect_encryptedKey_impl }, { 0, 0, 0, 0, NULL } }; @@ -650,8 +613,8 @@ dissect_crmf_ProofOfPossession(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int return offset; } -static int dissect_pop(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { - return dissect_crmf_ProofOfPossession(FALSE, tvb, offset, actx, tree, hf_crmf_pop); +static int dissect_popo(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_crmf_ProofOfPossession(FALSE, tvb, offset, actx, tree, hf_crmf_popo); } @@ -673,7 +636,7 @@ static int dissect_regInfo(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _ static const ber_old_sequence_t CertReqMsg_sequence[] = { { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_certReq }, - { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_pop }, + { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_popo }, { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_regInfo }, { 0, 0, 0, NULL } }; @@ -717,6 +680,9 @@ static int dissect_salt(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, static int dissect_valueHint_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { return dissect_crmf_OCTET_STRING(TRUE, tvb, offset, actx, tree, hf_crmf_valueHint); } +static int dissect_privateKey(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_crmf_OCTET_STRING(FALSE, tvb, offset, actx, tree, hf_crmf_privateKey); +} static const ber_old_sequence_t PBMParameter_sequence[] = { @@ -995,13 +961,128 @@ dissect_crmf_CertReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U return offset; } + +static const ber_old_sequence_t Attributes_set_of[1] = { + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_Attributes_item }, +}; + +int +dissect_crmf_Attributes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_set_of(implicit_tag, actx, tree, tvb, offset, + Attributes_set_of, hf_index, ett_crmf_Attributes); + + return offset; +} +static int dissect_attributes_impl(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_crmf_Attributes(TRUE, tvb, offset, actx, tree, hf_crmf_attributes); +} + + +static const ber_old_sequence_t PrivateKeyInfo_sequence[] = { + { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_privkey_version }, + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_privateKeyAlgorithm }, + { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_privateKey }, + { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_attributes_impl }, + { 0, 0, 0, NULL } +}; + +int +dissect_crmf_PrivateKeyInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence(implicit_tag, actx, tree, tvb, offset, + PrivateKeyInfo_sequence, hf_index, ett_crmf_PrivateKeyInfo); + + return offset; +} +static int dissect_enckeywid_privkey(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_crmf_PrivateKeyInfo(FALSE, tvb, offset, actx, tree, hf_crmf_enckeywid_privkey); +} + + + +static int +dissect_crmf_UTF8String(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_UTF8String, + actx, tree, tvb, offset, hf_index, + NULL); + + return offset; +} +static int dissect_string(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_crmf_UTF8String(FALSE, tvb, offset, actx, tree, hf_crmf_string); +} + + +static const value_string crmf_T_identifier_vals[] = { + { 0, "string" }, + { 1, "generalName" }, + { 0, NULL } +}; + +static const ber_old_choice_t T_identifier_choice[] = { + { 0, BER_CLASS_UNI, BER_UNI_TAG_UTF8String, BER_FLAGS_NOOWNTAG, dissect_string }, + { 1, BER_CLASS_CON, -1/*choice*/, BER_FLAGS_NOOWNTAG, dissect_generalName }, + { 0, 0, 0, 0, NULL } +}; + +static int +dissect_crmf_T_identifier(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_choice(actx, tree, tvb, offset, + T_identifier_choice, hf_index, ett_crmf_T_identifier, + NULL); + + return offset; +} +static int dissect_identifier(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_crmf_T_identifier(FALSE, tvb, offset, actx, tree, hf_crmf_identifier); +} + + +static const ber_old_sequence_t EncKeyWithID_sequence[] = { + { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_enckeywid_privkey }, + { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_identifier }, + { 0, 0, 0, NULL } +}; + +int +dissect_crmf_EncKeyWithID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence(implicit_tag, actx, tree, tvb, offset, + EncKeyWithID_sequence, hf_index, ett_crmf_EncKeyWithID); + + return offset; +} + /*--- PDUs ---*/ +static void dissect_CertRequest_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_crmf_CertRequest(FALSE, tvb, 0, &asn1_ctx, tree, hf_crmf_CertRequest_PDU); +} static void dissect_PBMParameter_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { asn1_ctx_t asn1_ctx; asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); dissect_crmf_PBMParameter(FALSE, tvb, 0, &asn1_ctx, tree, hf_crmf_PBMParameter_PDU); } +static void dissect_CertId_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_crmf_CertId(FALSE, tvb, 0, &asn1_ctx, tree, hf_crmf_CertId_PDU); +} +static void dissect_ProtocolEncrKey_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_crmf_ProtocolEncrKey(FALSE, tvb, 0, &asn1_ctx, tree, hf_crmf_ProtocolEncrKey_PDU); +} +static void dissect_UTF8Pairs_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_crmf_UTF8Pairs(FALSE, tvb, 0, &asn1_ctx, tree, hf_crmf_UTF8Pairs_PDU); +} +static void dissect_EncKeyWithID_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_crmf_EncKeyWithID(FALSE, tvb, 0, &asn1_ctx, tree, hf_crmf_EncKeyWithID_PDU); +} /*--- End of included file: packet-crmf-fn.c ---*/ @@ -1020,18 +1101,30 @@ void proto_register_crmf(void) { /*--- Included file: packet-crmf-hfarr.c ---*/ #line 1 "packet-crmf-hfarr.c" + { &hf_crmf_CertRequest_PDU, + { "CertRequest", "crmf.CertRequest", + FT_NONE, BASE_NONE, NULL, 0, + "crmf.CertRequest", HFILL }}, { &hf_crmf_PBMParameter_PDU, { "PBMParameter", "crmf.PBMParameter", FT_NONE, BASE_NONE, NULL, 0, "crmf.PBMParameter", HFILL }}, - { &hf_crmf_utcTime, - { "utcTime", "crmf.utcTime", - FT_STRING, BASE_NONE, NULL, 0, - "crmf.UTCTime", HFILL }}, - { &hf_crmf_generalTime, - { "generalTime", "crmf.generalTime", + { &hf_crmf_CertId_PDU, + { "CertId", "crmf.CertId", + FT_NONE, BASE_NONE, NULL, 0, + "crmf.CertId", HFILL }}, + { &hf_crmf_ProtocolEncrKey_PDU, + { "ProtocolEncrKey", "crmf.ProtocolEncrKey", + FT_NONE, BASE_NONE, NULL, 0, + "crmf.ProtocolEncrKey", HFILL }}, + { &hf_crmf_UTF8Pairs_PDU, + { "UTF8Pairs", "crmf.UTF8Pairs", FT_STRING, BASE_NONE, NULL, 0, - "crmf.GeneralizedTime", HFILL }}, + "crmf.UTF8Pairs", HFILL }}, + { &hf_crmf_EncKeyWithID_PDU, + { "EncKeyWithID", "crmf.EncKeyWithID", + FT_NONE, BASE_NONE, NULL, 0, + "crmf.EncKeyWithID", HFILL }}, { &hf_crmf_CertReqMessages_item, { "Item", "crmf.CertReqMessages_item", FT_NONE, BASE_NONE, NULL, 0, @@ -1040,8 +1133,8 @@ void proto_register_crmf(void) { { "certReq", "crmf.certReq", FT_NONE, BASE_NONE, NULL, 0, "crmf.CertRequest", HFILL }}, - { &hf_crmf_pop, - { "pop", "crmf.pop", + { &hf_crmf_popo, + { "popo", "crmf.popo", FT_UINT32, BASE_DEC, VALS(crmf_ProofOfPossession_vals), 0, "crmf.ProofOfPossession", HFILL }}, { &hf_crmf_regInfo, @@ -1066,8 +1159,8 @@ void proto_register_crmf(void) { "crmf.Controls", HFILL }}, { &hf_crmf_version, { "version", "crmf.version", - FT_INT32, BASE_DEC, VALS(crmf_Version_vals), 0, - "crmf.Version", HFILL }}, + FT_INT32, BASE_DEC, VALS(pkix1explicit_Version_vals), 0, + "pkix1explicit.Version", HFILL }}, { &hf_crmf_serialNumber, { "serialNumber", "crmf.serialNumber", FT_INT32, BASE_DEC, NULL, 0, @@ -1095,23 +1188,23 @@ void proto_register_crmf(void) { { &hf_crmf_issuerUID, { "issuerUID", "crmf.issuerUID", FT_BYTES, BASE_HEX, NULL, 0, - "crmf.UniqueIdentifier", HFILL }}, + "pkix1explicit.UniqueIdentifier", HFILL }}, { &hf_crmf_subjectUID, { "subjectUID", "crmf.subjectUID", FT_BYTES, BASE_HEX, NULL, 0, - "crmf.UniqueIdentifier", HFILL }}, + "pkix1explicit.UniqueIdentifier", HFILL }}, { &hf_crmf_extensions, { "extensions", "crmf.extensions", FT_UINT32, BASE_DEC, NULL, 0, "pkix1explicit.Extensions", HFILL }}, { &hf_crmf_notBefore, { "notBefore", "crmf.notBefore", - FT_UINT32, BASE_DEC, VALS(crmf_Time_vals), 0, - "crmf.Time", HFILL }}, + FT_UINT32, BASE_DEC, VALS(pkix1explicit_Time_vals), 0, + "pkix1explicit.Time", HFILL }}, { &hf_crmf_notAfter, { "notAfter", "crmf.notAfter", - FT_UINT32, BASE_DEC, VALS(crmf_Time_vals), 0, - "crmf.Time", HFILL }}, + FT_UINT32, BASE_DEC, VALS(pkix1explicit_Time_vals), 0, + "pkix1explicit.Time", HFILL }}, { &hf_crmf_Controls_item, { "Item", "crmf.Controls_item", FT_NONE, BASE_NONE, NULL, 0, @@ -1200,6 +1293,14 @@ void proto_register_crmf(void) { { "dhMAC", "crmf.dhMAC", FT_BYTES, BASE_HEX, NULL, 0, "crmf.BIT_STRING", HFILL }}, + { &hf_crmf_agreeMAC, + { "agreeMAC", "crmf.agreeMAC", + FT_NONE, BASE_NONE, NULL, 0, + "crmf.PKMACValue", HFILL }}, + { &hf_crmf_encryptedKey, + { "encryptedKey", "crmf.encryptedKey", + FT_NONE, BASE_NONE, NULL, 0, + "cms.EnvelopedData", HFILL }}, { &hf_crmf_action, { "action", "crmf.action", FT_INT32, BASE_DEC, VALS(crmf_T_action_vals), 0, @@ -1268,6 +1369,42 @@ void proto_register_crmf(void) { { "issuer", "crmf.issuer", FT_UINT32, BASE_DEC, NULL, 0, "pkix1implicit.GeneralName", HFILL }}, + { &hf_crmf_enckeywid_privkey, + { "privateKey", "crmf.privateKey", + FT_NONE, BASE_NONE, NULL, 0, + "crmf.PrivateKeyInfo", HFILL }}, + { &hf_crmf_identifier, + { "identifier", "crmf.identifier", + FT_UINT32, BASE_DEC, VALS(crmf_T_identifier_vals), 0, + "crmf.T_identifier", HFILL }}, + { &hf_crmf_string, + { "string", "crmf.string", + FT_STRING, BASE_NONE, NULL, 0, + "crmf.UTF8String", HFILL }}, + { &hf_crmf_generalName, + { "generalName", "crmf.generalName", + FT_UINT32, BASE_DEC, NULL, 0, + "pkix1implicit.GeneralName", HFILL }}, + { &hf_crmf_privkey_version, + { "version", "crmf.version", + FT_INT32, BASE_DEC, NULL, 0, + "crmf.INTEGER", HFILL }}, + { &hf_crmf_privateKeyAlgorithm, + { "privateKeyAlgorithm", "crmf.privateKeyAlgorithm", + FT_NONE, BASE_NONE, NULL, 0, + "pkix1explicit.AlgorithmIdentifier", HFILL }}, + { &hf_crmf_privateKey, + { "privateKey", "crmf.privateKey", + FT_BYTES, BASE_HEX, NULL, 0, + "crmf.OCTET_STRING", HFILL }}, + { &hf_crmf_attributes, + { "attributes", "crmf.attributes", + FT_UINT32, BASE_DEC, NULL, 0, + "crmf.Attributes", HFILL }}, + { &hf_crmf_Attributes_item, + { "Item", "crmf.Attributes_item", + FT_NONE, BASE_NONE, NULL, 0, + "pkix1explicit.Attribute", HFILL }}, /*--- End of included file: packet-crmf-hfarr.c ---*/ #line 71 "packet-crmf-template.c" @@ -1278,7 +1415,6 @@ void proto_register_crmf(void) { /*--- Included file: packet-crmf-ettarr.c ---*/ #line 1 "packet-crmf-ettarr.c" - &ett_crmf_Time, &ett_crmf_CertReqMessages, &ett_crmf_CertReqMsg, &ett_crmf_SEQUENCE_SIZE_1_MAX_OF_AttributeTypeAndValue, @@ -1301,6 +1437,10 @@ void proto_register_crmf(void) { &ett_crmf_EncryptedKey, &ett_crmf_EncryptedValue, &ett_crmf_CertId, + &ett_crmf_EncKeyWithID, + &ett_crmf_T_identifier, + &ett_crmf_PrivateKeyInfo, + &ett_crmf_Attributes, /*--- End of included file: packet-crmf-ettarr.c ---*/ #line 76 "packet-crmf-template.c" @@ -1321,7 +1461,12 @@ void proto_reg_handoff_crmf(void) { /*--- Included file: packet-crmf-dis-tab.c ---*/ #line 1 "packet-crmf-dis-tab.c" + register_ber_oid_dissector("1.3.6.1.5.5.7.5.1.5", dissect_CertId_PDU, proto_crmf, "id-regCtrl-oldCertID"); + register_ber_oid_dissector("1.3.6.1.5.5.7.5.2.2", dissect_CertRequest_PDU, proto_crmf, "id-regInfo-certReq"); + register_ber_oid_dissector("1.2.840.113549.1.9.16.1.21", dissect_EncKeyWithID_PDU, proto_crmf, "id-ct-encKeyWithID"); register_ber_oid_dissector("1.2.840.113533.7.66.13", dissect_PBMParameter_PDU, proto_crmf, "PasswordBasedMac"); + register_ber_oid_dissector("1.3.6.1.5.5.7.5.1.6", dissect_ProtocolEncrKey_PDU, proto_crmf, "id-regCtrl-protocolEncrKey"); + register_ber_oid_dissector("1.3.6.1.5.5.7.5.2.1", dissect_UTF8Pairs_PDU, proto_crmf, "id-regInfo-utf8Pairs"); /*--- End of included file: packet-crmf-dis-tab.c ---*/ diff --git a/epan/dissectors/packet-crmf.h b/epan/dissectors/packet-crmf.h index 7207924914..5d6428d43c 100644 --- a/epan/dissectors/packet-crmf.h +++ b/epan/dissectors/packet-crmf.h @@ -69,6 +69,9 @@ int dissect_crmf_CertId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset int dissect_crmf_ProtocolEncrKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_crmf_UTF8Pairs(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_crmf_CertReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_crmf_EncKeyWithID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_crmf_PrivateKeyInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_crmf_Attributes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); /*--- End of included file: packet-crmf-exp.h ---*/ #line 30 "packet-crmf-template.h" diff --git a/epan/dissectors/packet-pkix1explicit.c b/epan/dissectors/packet-pkix1explicit.c index d446260653..4813b13b80 100644 --- a/epan/dissectors/packet-pkix1explicit.c +++ b/epan/dissectors/packet-pkix1explicit.c @@ -62,6 +62,8 @@ static int hf_pkix1explicit_object_identifier_id = -1; #line 1 "packet-pkix1explicit-hf.c" static int hf_pkix1explicit_DomainParameters_PDU = -1; /* DomainParameters */ static int hf_pkix1explicit_DirectoryString_PDU = -1; /* DirectoryString */ +static int hf_pkix1explicit_utcTime = -1; /* UTCTime */ +static int hf_pkix1explicit_generalTime = -1; /* GeneralizedTime */ static int hf_pkix1explicit_Extensions_item = -1; /* Extension */ static int hf_pkix1explicit_extnId = -1; /* T_extnId */ static int hf_pkix1explicit_critical = -1; /* BOOLEAN */ @@ -74,6 +76,8 @@ static int hf_pkix1explicit_validationParms = -1; /* ValidationParms */ static int hf_pkix1explicit_seed = -1; /* BIT_STRING */ static int hf_pkix1explicit_pgenCounter = -1; /* INTEGER */ static int hf_pkix1explicit_type = -1; /* OBJECT_IDENTIFIER */ +static int hf_pkix1explicit_values = -1; /* T_values */ +static int hf_pkix1explicit_values_item = -1; /* T_values_item */ static int hf_pkix1explicit_value = -1; /* T_value */ static int hf_pkix1explicit_RDNSequence_item = -1; /* RelativeDistinguishedName */ static int hf_pkix1explicit_RelativeDistinguishedName_item = -1; /* AttributeTypeAndValue */ @@ -87,10 +91,13 @@ static int hf_pkix1explicit_value_01 = -1; /* TeletexString */ /*--- Included file: packet-pkix1explicit-ett.c ---*/ #line 1 "packet-pkix1explicit-ett.c" +static gint ett_pkix1explicit_Time = -1; static gint ett_pkix1explicit_Extensions = -1; static gint ett_pkix1explicit_Extension = -1; static gint ett_pkix1explicit_DomainParameters = -1; static gint ett_pkix1explicit_ValidationParms = -1; +static gint ett_pkix1explicit_Attribute = -1; +static gint ett_pkix1explicit_T_values = -1; static gint ett_pkix1explicit_AttributeTypeAndValue = -1; static gint ett_pkix1explicit_RDNSequence = -1; static gint ett_pkix1explicit_RelativeDistinguishedName = -1; @@ -150,6 +157,34 @@ dissect_pkix1explicit_SubjectPublicKeyInfo(gboolean implicit_tag, tvbuff_t *tvb, int +dissect_pkix1explicit_UniqueIdentifier(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, + NULL, hf_index, -1, + NULL); + + return offset; +} + + +const value_string pkix1explicit_Version_vals[] = { + { 0, "v1" }, + { 1, "v2" }, + { 2, "v3" }, + { 0, NULL } +}; + + +int +dissect_pkix1explicit_Version(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, + NULL); + + return offset; +} + + + +int dissect_pkix1explicit_CertificateSerialNumber(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); @@ -160,6 +195,54 @@ dissect_pkix1explicit_CertificateSerialNumber(gboolean implicit_tag _U_, tvbuff_ static int +dissect_pkix1explicit_UTCTime(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_UTCTime, + actx, tree, tvb, offset, hf_index, + NULL); + + return offset; +} +static int dissect_utcTime(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_UTCTime(FALSE, tvb, offset, actx, tree, hf_pkix1explicit_utcTime); +} + + + +static int +dissect_pkix1explicit_GeneralizedTime(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_GeneralizedTime(implicit_tag, actx, tree, tvb, offset, hf_index); + + return offset; +} +static int dissect_generalTime(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_GeneralizedTime(FALSE, tvb, offset, actx, tree, hf_pkix1explicit_generalTime); +} + + +const value_string pkix1explicit_Time_vals[] = { + { 0, "utcTime" }, + { 1, "generalTime" }, + { 0, NULL } +}; + +static const ber_old_choice_t Time_choice[] = { + { 0, BER_CLASS_UNI, BER_UNI_TAG_UTCTime, BER_FLAGS_NOOWNTAG, dissect_utcTime }, + { 1, BER_CLASS_UNI, BER_UNI_TAG_GeneralizedTime, BER_FLAGS_NOOWNTAG, dissect_generalTime }, + { 0, 0, 0, 0, NULL } +}; + +int +dissect_pkix1explicit_Time(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_choice(actx, tree, tvb, offset, + Time_choice, hf_index, ett_pkix1explicit_Time, + NULL); + + return offset; +} + + + +static int dissect_pkix1explicit_T_extnId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_pkix1explicit_object_identifier_id, &object_identifier_id); @@ -185,7 +268,7 @@ static int dissect_critical(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset static int dissect_pkix1explicit_T_extnValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 44 "pkix1explicit.cnf" +#line 54 "pkix1explicit.cnf" gint8 class; gboolean pc, ind; gint32 tag; @@ -326,8 +409,54 @@ static int dissect_type(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, static int +dissect_pkix1explicit_T_values_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +#line 42 "pkix1explicit.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + + + return offset; +} +static int dissect_values_item(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_T_values_item(FALSE, tvb, offset, actx, tree, hf_pkix1explicit_values_item); +} + + +static const ber_old_sequence_t T_values_set_of[1] = { + { BER_CLASS_ANY, 0, BER_FLAGS_NOOWNTAG, dissect_values_item }, +}; + +static int +dissect_pkix1explicit_T_values(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_set_of(implicit_tag, actx, tree, tvb, offset, + T_values_set_of, hf_pkix1explicit_object_identifier_id, ett_pkix1explicit_T_values); + + return offset; +} +static int dissect_values(proto_tree *tree _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_) { + return dissect_pkix1explicit_T_values(FALSE, tvb, offset, actx, tree, hf_pkix1explicit_values); +} + + +static const ber_old_sequence_t Attribute_sequence[] = { + { BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_type }, + { BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_values }, + { 0, 0, 0, NULL } +}; + +int +dissect_pkix1explicit_Attribute(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_old_sequence(implicit_tag, actx, tree, tvb, offset, + Attribute_sequence, hf_index, ett_pkix1explicit_Attribute); + + return offset; +} + + + +static int dissect_pkix1explicit_T_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 38 "pkix1explicit.cnf" +#line 48 "pkix1explicit.cnf" offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); @@ -389,7 +518,7 @@ dissect_pkix1explicit_RDNSequence(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int dissect_pkix1explicit_DirectoryString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 32 "pkix1explicit.cnf" +#line 36 "pkix1explicit.cnf" offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); @@ -486,6 +615,14 @@ void proto_register_pkix1explicit(void) { { "DirectoryString", "pkix1explicit.DirectoryString", FT_STRING, BASE_NONE, NULL, 0, "pkix1explicit.DirectoryString", HFILL }}, + { &hf_pkix1explicit_utcTime, + { "utcTime", "pkix1explicit.utcTime", + FT_STRING, BASE_NONE, NULL, 0, + "pkix1explicit.UTCTime", HFILL }}, + { &hf_pkix1explicit_generalTime, + { "generalTime", "pkix1explicit.generalTime", + FT_STRING, BASE_NONE, NULL, 0, + "pkix1explicit.GeneralizedTime", HFILL }}, { &hf_pkix1explicit_Extensions_item, { "Item", "pkix1explicit.Extensions_item", FT_NONE, BASE_NONE, NULL, 0, @@ -534,6 +671,14 @@ void proto_register_pkix1explicit(void) { { "type", "pkix1explicit.type", FT_OID, BASE_NONE, NULL, 0, "pkix1explicit.OBJECT_IDENTIFIER", HFILL }}, + { &hf_pkix1explicit_values, + { "values", "pkix1explicit.values", + FT_UINT32, BASE_DEC, NULL, 0, + "pkix1explicit.T_values", HFILL }}, + { &hf_pkix1explicit_values_item, + { "Item", "pkix1explicit.values_item", + FT_NONE, BASE_NONE, NULL, 0, + "pkix1explicit.T_values_item", HFILL }}, { &hf_pkix1explicit_value, { "value", "pkix1explicit.value", FT_NONE, BASE_NONE, NULL, 0, @@ -564,10 +709,13 @@ void proto_register_pkix1explicit(void) { /*--- Included file: packet-pkix1explicit-ettarr.c ---*/ #line 1 "packet-pkix1explicit-ettarr.c" + &ett_pkix1explicit_Time, &ett_pkix1explicit_Extensions, &ett_pkix1explicit_Extension, &ett_pkix1explicit_DomainParameters, &ett_pkix1explicit_ValidationParms, + &ett_pkix1explicit_Attribute, + &ett_pkix1explicit_T_values, &ett_pkix1explicit_AttributeTypeAndValue, &ett_pkix1explicit_RDNSequence, &ett_pkix1explicit_RelativeDistinguishedName, diff --git a/epan/dissectors/packet-pkix1explicit.h b/epan/dissectors/packet-pkix1explicit.h index a8533757ad..af3f92b0f7 100644 --- a/epan/dissectors/packet-pkix1explicit.h +++ b/epan/dissectors/packet-pkix1explicit.h @@ -45,10 +45,16 @@ int dissect_pkix1explicit_SubjectPublicKeyInfo(gboolean implicit_tag, tvbuff_t * /*--- Included file: packet-pkix1explicit-exp.h ---*/ #line 1 "packet-pkix1explicit-exp.h" +extern const value_string pkix1explicit_Version_vals[]; +extern const value_string pkix1explicit_Time_vals[]; extern const value_string pkix1explicit_TerminalType_vals[]; +int dissect_pkix1explicit_UniqueIdentifier(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_pkix1explicit_Version(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_pkix1explicit_CertificateSerialNumber(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_pkix1explicit_Time(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_pkix1explicit_Extensions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_pkix1explicit_Extension(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_pkix1explicit_Attribute(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_pkix1explicit_AttributeTypeAndValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_pkix1explicit_RDNSequence(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_pkix1explicit_RelativeDistinguishedName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); diff --git a/epan/dissectors/packet-pkix1implicit.c b/epan/dissectors/packet-pkix1implicit.c index 744425287a..ef5d5183b4 100644 --- a/epan/dissectors/packet-pkix1implicit.c +++ b/epan/dissectors/packet-pkix1implicit.c @@ -121,6 +121,16 @@ static int dissect_accessLocation(proto_tree *tree _U_, tvbuff_t *tvb _U_, int o +int +dissect_pkix1implicit_KeyIdentifier(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, + NULL); + + return offset; +} + + + static int dissect_pkix1implicit_Dummy(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ber_null(implicit_tag, actx, tree, tvb, offset, hf_index); diff --git a/epan/dissectors/packet-pkix1implicit.h b/epan/dissectors/packet-pkix1implicit.h index e002ee2582..8e599d36ed 100644 --- a/epan/dissectors/packet-pkix1implicit.h +++ b/epan/dissectors/packet-pkix1implicit.h @@ -39,6 +39,7 @@ int dissect_pkix1implicit_ReasonFlags(gboolean implicit_tag _U_, tvbuff_t *tvb, /*--- Included file: packet-pkix1implicit-exp.h ---*/ #line 1 "packet-pkix1implicit-exp.h" +int dissect_pkix1implicit_KeyIdentifier(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_pkix1implicit_AuthorityInfoAccessSyntax(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_pkix1implicit_UserNotice(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |