diff options
author | Anders Broman <anders.broman@ericsson.com> | 2005-11-16 07:13:12 +0000 |
---|---|---|
committer | Anders Broman <anders.broman@ericsson.com> | 2005-11-16 07:13:12 +0000 |
commit | c33182b8982742ece2bbfa298977a5aa09f48377 (patch) | |
tree | 0c7664cef1a075c4ecb3ad5ddc8d364055957829 /asn1/cms/packet-cms-template.c | |
parent | 893ad69c74f54fc9bb7ac7b7ffc3c0e28bd4d418 (diff) |
From Graeme Lunt:
Here are a number of small patches for asn1 based dissectors:
acse:
release request/response column information (many X.400/X.500 unbinds are
empty)
"standardised" PNAME to "ISO 8650-1 OSI Association Control Service"
fix for crash when using EXTERNAL dissector
rtse:
column information when attempting a resume
x509if:
generation of LDAP-style DNs from RDNSequences
new function x509if_get_last_dn() to get the last DN generated.
x509af:
DSS parameters
certificate extension naming
subject naming of certificate
x509sat:
Guide syntax (as SET now supported)
PDU exports.
cms:
verification of message digest attribute (SHA-1 and MD5)
ess:
enumerated/restrictive/permissive/informative security categories
x411:
generation of string encoding of X.400 addresses, trace information and message identifiers.
s4406:
separate types for primary and copy precedence to allow better filtering (e.g. primary precedence = flash)
priority-level-qualifier
svn path=/trunk/; revision=16508
Diffstat (limited to 'asn1/cms/packet-cms-template.c')
-rw-r--r-- | asn1/cms/packet-cms-template.c | 76 |
1 files changed, 75 insertions, 1 deletions
diff --git a/asn1/cms/packet-cms-template.c b/asn1/cms/packet-cms-template.c index c52c79da72..48115551a1 100644 --- a/asn1/cms/packet-cms-template.c +++ b/asn1/cms/packet-cms-template.c @@ -39,6 +39,9 @@ #include "packet-x509af.h" #include "packet-x509if.h" +#include <epan/sha1.h> +#include <epan/crypt-md5.h> + #define PNAME "Cryptographic Message Syntax" #define PSNAME "CMS" #define PFNAME "cms" @@ -55,9 +58,80 @@ static int dissect_cms_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb, in static const char *object_identifier_id; +static tvbuff_t *content_tvb = NULL; -#include "packet-cms-fn.c" +static proto_tree *top_tree=NULL; + +#define HASH_SHA1 "1.3.14.3.2.26" +#define SHA1_BUFFER_SIZE 20 + +#define HASH_MD5 "1.2.840.113549.2.5" +#define MD5_BUFFER_SIZE 16 + + +/* SHA-2 variants */ +#define HASH_SHA224 "2.16.840.1.101.3.4.2.4" +#define SHA224_BUFFER_SIZE 32 /* actually 28 */ +#define HASH_SHA256 "2.16.840.1.101.3.4.2.1" +#define SHA256_BUFFER_SIZE 32 + +unsigned char digest_buf[MAX(SHA1_BUFFER_SIZE, MD5_BUFFER_SIZE)]; + +static void +cms_verify_msg_digest(proto_item *pi, tvbuff_t *content, char *alg, tvbuff_t *tvb, int offset) +{ + sha1_context sha1_ctx; + md5_state_t md5_ctx; + int i= 0, buffer_size = 0; + + /* we only support two algorithms at the moment - if we do add SHA2 + we should add a registration process to use a registration process */ + + if(strcmp(alg, HASH_SHA1) == 0) { + + sha1_starts(&sha1_ctx); + + sha1_update(&sha1_ctx, + (guint8*)tvb_get_ptr(content, 0, tvb_length(content)), + tvb_length(content)); + sha1_finish(&sha1_ctx, digest_buf); + + buffer_size = SHA1_BUFFER_SIZE; + + } else if(strcmp(alg, HASH_MD5) == 0) { + + md5_init(&md5_ctx); + + md5_append(&md5_ctx, + (const guint8*) tvb_get_ptr(content, 0, tvb_length(content)), + tvb_length(content)); + + md5_finish(&md5_ctx, digest_buf); + + buffer_size = MD5_BUFFER_SIZE; + } + + if(buffer_size) { + /* compare our computed hash with what we have received */ + + if(tvb_bytes_exist(tvb, offset, buffer_size) && + (memcmp(tvb_get_ptr(tvb, offset, buffer_size), digest_buf, buffer_size) != 0)) { + proto_item_append_text(pi, " [incorrect, should be "); + for(i = 0; i < buffer_size; i++) + proto_item_append_text(pi, "%02X", digest_buf[i]); + + proto_item_append_text(pi, "]"); + } + else + proto_item_append_text(pi, " [correct]"); + } else { + proto_item_append_text(pi, " [unable to verify]"); + } + +} + +#include "packet-cms-fn.c" /*--- proto_register_cms ----------------------------------------------*/ void proto_register_cms(void) { |