diff options
author | João Valverde <joao.valverde@tecnico.ulisboa.pt> | 2016-03-09 03:17:51 +0000 |
---|---|---|
committer | João Valverde <j@v6e.pt> | 2016-03-13 21:30:24 +0000 |
commit | 54a520d4a1151c68d0b4e5f09a8d82466fa499f3 (patch) | |
tree | 7aacae160382098ce651ac862a5dfd5de4beff94 /epan/dissectors/asn1/pkcs1 | |
parent | c1f3c935bdd33090c87f0d2f84842ce9729b747a (diff) |
Move /asn1 to /epan/dissectors
Change-Id: I1208fe3c2ba428995526f561e8f792b8d871e9a9
Reviewed-on: https://code.wireshark.org/review/14388
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
Diffstat (limited to 'epan/dissectors/asn1/pkcs1')
-rw-r--r-- | epan/dissectors/asn1/pkcs1/CMakeLists.txt | 52 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkcs1/Makefile.am | 23 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkcs1/Makefile.common | 47 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkcs1/Makefile.nmake | 26 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkcs1/PKIXAlgs-2009.asn | 616 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkcs1/packet-pkcs1-template.c | 122 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkcs1/packet-pkcs1-template.h | 30 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkcs1/pkcs1.cnf | 39 |
8 files changed, 955 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/pkcs1/CMakeLists.txt b/epan/dissectors/asn1/pkcs1/CMakeLists.txt new file mode 100644 index 0000000000..9aab3819e4 --- /dev/null +++ b/epan/dissectors/asn1/pkcs1/CMakeLists.txt @@ -0,0 +1,52 @@ +# CMakeLists.txt +# +# Wireshark - Network traffic analyzer +# By Gerald Combs <gerald@wireshark.org> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# + +set( PROTOCOL_NAME pkcs1 ) + +set( PROTO_OPT ) + +set( EXT_ASN_FILE_LIST +) + +set( ASN_FILE_LIST + PKIXAlgs-2009.asn +) + +set( EXTRA_DIST + ${ASN_FILE_LIST} + packet-${PROTOCOL_NAME}-template.c + packet-${PROTOCOL_NAME}-template.h + ${PROTOCOL_NAME}.cnf +) + +set( SRC_FILES + ${EXTRA_DIST} + ${EXT_ASN_FILE_LIST} +) + +set( A2W_FLAGS -b ) + +set( EXTRA_CNF + "${CMAKE_CURRENT_BINARY_DIR}/../x509af/x509af-exp.cnf" +) + +ASN2WRS() + diff --git a/epan/dissectors/asn1/pkcs1/Makefile.am b/epan/dissectors/asn1/pkcs1/Makefile.am new file mode 100644 index 0000000000..72d28e600b --- /dev/null +++ b/epan/dissectors/asn1/pkcs1/Makefile.am @@ -0,0 +1,23 @@ +# Wireshark - Network traffic analyzer +# By Gerald Combs <gerald@wireshark.org> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +include ../Makefile.preinc +include Makefile.common +include ../Makefile.inc + diff --git a/epan/dissectors/asn1/pkcs1/Makefile.common b/epan/dissectors/asn1/pkcs1/Makefile.common new file mode 100644 index 0000000000..d03a3bc563 --- /dev/null +++ b/epan/dissectors/asn1/pkcs1/Makefile.common @@ -0,0 +1,47 @@ +# Wireshark - Network traffic analyzer +# By Gerald Combs <gerald@wireshark.org> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +PROTOCOL_NAME=pkcs1 + +EXT_ASN_FILE_LIST = + +ASN_FILE_LIST = \ + PKIXAlgs-2009.asn + +# The packet-$(PROTOCOL_NAME)-template.h and $(PROTOCOL_NAME).asn +# files do not exist for all protocols: Please add/remove as required. +EXTRA_DIST = \ + $(EXTRA_DIST_COMMON) \ + $(ASN_FILE_LIST) \ + packet-$(PROTOCOL_NAME)-template.c \ + packet-$(PROTOCOL_NAME)-template.h \ + $(PROTOCOL_NAME).cnf + +SRC_FILES = \ + $(EXTRA_DIST) \ + $(EXT_ASN_FILE_LIST) + +A2W_FLAGS= -b + +EXTRA_CNF= \ + $(builddir)/../x509af/x509af-exp.cnf + +$(builddir)/../x509af/x509af-exp.cnf: + (cd $(builddir)/../x509af && $(MAKE_CNF_EXPORT)) + diff --git a/epan/dissectors/asn1/pkcs1/Makefile.nmake b/epan/dissectors/asn1/pkcs1/Makefile.nmake new file mode 100644 index 0000000000..d296638ddd --- /dev/null +++ b/epan/dissectors/asn1/pkcs1/Makefile.nmake @@ -0,0 +1,26 @@ +## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake +# +# Wireshark - Network traffic analyzer +# By Gerald Combs <gerald@wireshark.org> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +include ../../../../config.nmake +include ../Makefile.preinc.nmake +include Makefile.common +include ../Makefile.inc.nmake + diff --git a/epan/dissectors/asn1/pkcs1/PKIXAlgs-2009.asn b/epan/dissectors/asn1/pkcs1/PKIXAlgs-2009.asn new file mode 100644 index 0000000000..910a674f17 --- /dev/null +++ b/epan/dissectors/asn1/pkcs1/PKIXAlgs-2009.asn @@ -0,0 +1,616 @@ +-- +-- Transcribed from RFC 5912 +-- + +PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-algorithms2008-02(56) } + + DEFINITIONS EXPLICIT TAGS ::= + BEGIN + IMPORTS + + PUBLIC-KEY, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, SMIME-CAPS + FROM AlgorithmInformation-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) + id-mod-algorithmInformation-02(58)} + + mda-sha224, mda-sha256, mda-sha384, mda-sha512 + FROM PKIX1-PSS-OAEP-Algorithms-2009 + {iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-rsa-pkalgs-02(54)} + +-- Additional IMPORT for Wireshark + AlgorithmIdentifier + FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) + authenticationFramework(7) 4}; + + + -- + -- Public Key (pk-) Algorithms + -- + + PublicKeys PUBLIC-KEY ::= { + pk-rsa | + pk-dsa | + pk-dh | + pk-kea | + pk-rsaSSA-PSS, + ..., + pk-ec | + pk-ecDH | + pk-ecMQV + } + + -- + -- Signature Algorithms (sa-) + -- + + SignatureAlgs SIGNATURE-ALGORITHM ::= { + sa-rsaWithMD2 | + sa-rsaWithMD5 | + sa-rsaWithSHA1 | + sa-dsaWithSHA1 | + sa-ecdsaWithSHA1, + ..., -- Extensible + sa-dsaWithSHA224 | + sa-dsaWithSHA256 | + sa-ecdsaWithSHA224 | + sa-ecdsaWithSHA256 | + sa-ecdsaWithSHA384 | + sa-ecdsaWithSHA512, + ..., + sa-rsaSSA-PSS + } + + -- + -- S/MIME CAPS for algorithms in this document + -- + -- For all of the algorithms laid out in this document, the + -- parameters field for the S/MIME capabilities is defined as + -- ABSENT as there are no specific values that need to be known + -- by the receiver for negotiation. + + -- + + SMimeCaps SMIME-CAPS ::= { + sa-rsaWithMD2.&smimeCaps | + sa-rsaWithMD5.&smimeCaps | + sa-rsaWithSHA1.&smimeCaps | + sa-dsaWithSHA1.&smimeCaps | + sa-dsaWithSHA224.&smimeCaps | + sa-dsaWithSHA256.&smimeCaps | + sa-ecdsaWithSHA1.&smimeCaps | + sa-ecdsaWithSHA224.&smimeCaps | + sa-ecdsaWithSHA256.&smimeCaps | + sa-ecdsaWithSHA384.&smimeCaps | + sa-ecdsaWithSHA512.&smimeCaps, + ... } + + -- RSA PK Algorithm, Parameters, and Keys + +-- pk-rsa PUBLIC-KEY ::= { +-- IDENTIFIER rsaEncryption +-- KEY RSAPublicKey +-- PARAMS TYPE NULL ARE absent + -- Private key format not in this module -- +-- CERT-KEY-USAGE {digitalSignature, nonRepudiation, +-- keyEncipherment, dataEncipherment, keyCertSign, cRLSign} +-- } + + rsaEncryption OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-1(1) 1 } + + RSAPublicKey ::= SEQUENCE { + modulus INTEGER, -- n + publicExponent INTEGER -- e + } + +-- Wireshark additions to ensure compatibility with the original PKCS1.asn + +DigestInfo ::= SEQUENCE { + digestAlgorithm DigestAlgorithmIdentifier, + digest Digest +} + +DigestAlgorithmIdentifier ::= AlgorithmIdentifier + +Digest ::= OCTET STRING + +-- End of Wireshark additions + + -- DSA PK Algorithm, Parameters, and Keys + +-- pk-dsa PUBLIC-KEY ::= { +-- IDENTIFIER id-dsa +-- KEY DSAPublicKey +-- PARAMS TYPE DSA-Params ARE inheritable + -- Private key format not in this module -- +-- CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyCertSign, +-- cRLSign } +-- } + + id-dsa OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 } + + DSA-Params ::= SEQUENCE { + p INTEGER, + q INTEGER, + g INTEGER + } + + DSAPublicKey ::= INTEGER -- public key, y + + -- Diffie-Hellman PK Algorithm, Parameters, and Keys + +-- pk-dh PUBLIC-KEY ::= { +-- IDENTIFIER dhpublicnumber +-- KEY DHPublicKey +-- PARAMS TYPE DomainParameters ARE inheritable + -- Private key format not in this module -- +-- CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly } +-- } + + dhpublicnumber OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-x942(10046) + number-type(2) 1 } + + DomainParameters ::= SEQUENCE { + p INTEGER, -- odd prime, p=jq +1 + g INTEGER, -- generator, g + q INTEGER, -- factor of p-1 + j INTEGER OPTIONAL, -- subgroup factor, j>= 2 + validationParams ValidationParams OPTIONAL + } + + ValidationParams ::= SEQUENCE { + seed BIT STRING, + pgenCounter INTEGER + } + + DHPublicKey ::= INTEGER -- public key, y = g^x mod p + + -- KEA PK Algorithm and Parameters + +-- pk-kea PUBLIC-KEY ::= { +-- IDENTIFIER id-keyExchangeAlgorithm + -- key is not encoded -- +-- PARAMS TYPE KEA-Params-Id ARE required + -- Private key format not in this module -- +-- CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly } +-- } + + id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) country(16) us(840) organization(1) + gov(101) dod(2) infosec(1) algorithms(1) 22 } + + KEA-Params-Id ::= OCTET STRING + + -- RSASSA-PSS (RFC 4055) + +-- pk-rsaSSA-PSS PUBLIC-KEY ::= { +-- IDENTIFIER id-RSASSA-PSS +-- KEY RSAPublicKey +-- PARAMS TYPE RSASSA-PSS-params ARE optional +-- CERT-KEY-USAGE { nonRepudiation, digitalSignature, keyCertSign, cRLSign } +-- } + + id-mgf1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-1(1) 8 } + + id-RSASSA-PSS OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-1(1) 10 } + + HashAlgorithm ::= AlgorithmIdentifier{DIGEST-ALGORITHM, + {HashAlgorithms}} + + HashAlgorithms DIGEST-ALGORITHM ::= { + { IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent }, + ... + } + + -- sha1Identifier AlgorithmIdentifier ::= { + -- algorithmId id-sha1, + -- parameters NULL + -- } + + MaskGenAlgorithm ::= AlgorithmIdentifier{ALGORITHM, + {PKCS1MGFAlgorithms}} + + -- mgf1SHA1 MaskGenAlgorithm ::= { + -- algorithmId id-mgf1, + -- parameters HashAlgorithm : sha1Identifier + -- } + + PKCS1MGFAlgorithms ALGORITHM ::= { + { IDENTIFIER id-mgf1 PARAMS TYPE HashAlgorithm ARE required }, + ... + } + + -- AlgorithmIdentifier parameters for id-RSASSA-PSS. + -- Note that the tags in this Sequence are explicit. + -- Note: The hash algorithm in hashAlgorithm and in + -- maskGenAlgorithm should be the same. + + RSASSA-PSS-params ::= SEQUENCE { + hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier, + maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, + saltLength [2] INTEGER DEFAULT 20, + trailerField [3] INTEGER DEFAULT 1 + } + + + -- Elliptic Curve (EC) Signatures: Unrestricted Algorithms + -- (Section 2.1.1 of RFC 5480) + -- + -- EC Unrestricted Algorithm ID -- -- this is used for ECDSA + +-- pk-ec PUBLIC-KEY ::= { +-- IDENTIFIER id-ecPublicKey +-- KEY ECPoint +-- PARAMS TYPE ECParameters ARE required + -- Private key format not in this module -- +-- CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyAgreement, +-- keyCertSign, cRLSign } +-- } + + ECPoint ::= OCTET STRING -- see RFC 5480 for syntax and restrictions + + id-ecPublicKey OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } + + -- Elliptic Curve (EC) Signatures: Restricted Algorithms + -- (Section 2.1.2 of RFC 5480) + -- + -- EC Diffie-Hellman Algorithm ID + +-- pk-ecDH PUBLIC-KEY ::= { +-- IDENTIFIER id-ecDH +-- KEY ECPoint +-- PARAMS TYPE ECParameters ARE required + -- Private key format not in this module -- +-- CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly } +-- } + + id-ecDH OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) schemes(1) + ecdh(12) } + + -- EC Menezes-Qu-Vanstone Algorithm ID + +-- pk-ecMQV PUBLIC-KEY ::= { +-- IDENTIFIER id-ecMQV +-- KEY ECPoint +-- PARAMS TYPE ECParameters ARE required + -- Private key format not in this module -- +-- CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly } +-- } + + id-ecMQV OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) schemes(1) + ecmqv(13) } + + -- Parameters and Keys for both Restricted and Unrestricted EC + + ECParameters ::= CHOICE { + namedCurve --CURVE.&id({NamedCurve}) -- OBJECT IDENTIFIER + -- implicitCurve NULL + -- implicitCurve MUST NOT be used in PKIX + -- specifiedCurve SpecifiedCurve + -- specifiedCurve MUST NOT be used in PKIX + -- Details for specifiedCurve can be found in [X9.62] + -- Any future additions to this CHOICE should be coordinated + -- with ANSI X.9. + } + -- If you need to be able to decode ANSI X.9 parameter structures, + -- uncomment the implicitCurve and specifiedCurve above, and also + -- uncomment the following: + -- (WITH COMPONENTS {namedCurve PRESENT}) + + -- Sec 2.1.1.1 Named Curve + + CURVE ::= CLASS { &id OBJECT IDENTIFIER UNIQUE } + WITH SYNTAX { ID &id } + + NamedCurve CURVE ::= { + { ID secp192r1 } | { ID sect163k1 } | { ID sect163r2 } | + { ID secp224r1 } | { ID sect233k1 } | { ID sect233r1 } | + { ID secp256r1 } | { ID sect283k1 } | { ID sect283r1 } | + { ID secp384r1 } | { ID sect409k1 } | { ID sect409r1 } | + { ID secp521r1 } | { ID sect571k1 } | { ID sect571r1 }, + ... -- Extensible + } + + -- Note in [X9.62] the curves are referred to as 'ansiX9' as + -- opposed to 'sec'. For example, secp192r1 is the same curve as + -- ansix9p192r1. + + -- Note that in [PKI-ALG] the secp192r1 curve was referred to as + -- prime192v1 and the secp256r1 curve was referred to as + -- prime256v1. + + -- Note that [FIPS186-3] refers to secp192r1 as P-192, + -- secp224r1 as P-224, secp256r1 as P-256, secp384r1 as P-384, + -- and secp521r1 as P-521. + + secp192r1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) + prime(1) 1 } + + sect163k1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) curve(0) 1 } + + sect163r2 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) curve(0) 15 } + + secp224r1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) curve(0) 33 } + + sect233k1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) curve(0) 26 } + + sect233r1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) curve(0) 27 } + + secp256r1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) + prime(1) 7 } + + sect283k1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) curve(0) 16 } + + sect283r1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) curve(0) 17 } + + secp384r1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) curve(0) 34 } + + sect409k1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) curve(0) 36 } + + sect409r1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) curve(0) 37 } + + secp521r1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) curve(0) 35 } + + sect571k1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) curve(0) 38 } + + sect571r1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) curve(0) 39 } + + -- RSA with MD-2 + +-- sa-rsaWithMD2 SIGNATURE-ALGORITHM ::= { +-- IDENTIFIER md2WithRSAEncryption +-- PARAMS TYPE NULL ARE required +-- HASHES { mda-md2 } +-- PUBLIC-KEYS { pk-rsa } +-- SMIME-CAPS { IDENTIFIED BY md2WithRSAEncryption } +-- } + + md2WithRSAEncryption OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-1(1) 2 } + + -- RSA with MD-5 + +-- sa-rsaWithMD5 SIGNATURE-ALGORITHM ::= { +-- IDENTIFIER md5WithRSAEncryption +-- PARAMS TYPE NULL ARE required +-- HASHES { mda-md5 } +-- PUBLIC-KEYS { pk-rsa } +-- SMIME-CAPS { IDENTIFIED BY md5WithRSAEncryption } +-- } + + md5WithRSAEncryption OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-1(1) 4 } + + -- RSA with SHA-1 + +-- sa-rsaWithSHA1 SIGNATURE-ALGORITHM ::= { +-- IDENTIFIER sha1WithRSAEncryption +-- PARAMS TYPE NULL ARE required +-- HASHES { mda-sha1 } +-- PUBLIC-KEYS { pk-rsa } +-- SMIME-CAPS {IDENTIFIED BY sha1WithRSAEncryption } +-- } + + sha1WithRSAEncryption OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-1(1) 5 } + + -- DSA with SHA-1 + +-- sa-dsaWithSHA1 SIGNATURE-ALGORITHM ::= { +-- IDENTIFIER dsa-with-sha1 +-- VALUE DSA-Sig-Value +-- PARAMS TYPE NULL ARE absent +-- HASHES { mda-sha1 } +-- PUBLIC-KEYS { pk-dsa } +-- SMIME-CAPS { IDENTIFIED BY dsa-with-sha1 } +-- } + + dsa-with-sha1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 3 } + + -- DSA with SHA-224 + +-- sa-dsaWithSHA224 SIGNATURE-ALGORITHM ::= { +-- IDENTIFIER dsa-with-sha224 +-- VALUE DSA-Sig-Value +-- PARAMS TYPE NULL ARE absent +-- HASHES { mda-sha224 } +-- PUBLIC-KEYS { pk-dsa } +-- SMIME-CAPS { IDENTIFIED BY dsa-with-sha224 } +-- } + + dsa-with-sha224 OBJECT IDENTIFIER ::= { + joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) + csor(3) algorithms(4) id-dsa-with-sha2(3) 1 } + + -- DSA with SHA-256 + +-- sa-dsaWithSHA256 SIGNATURE-ALGORITHM ::= { +-- IDENTIFIER dsa-with-sha256 +-- VALUE DSA-Sig-Value +-- PARAMS TYPE NULL ARE absent +-- HASHES { mda-sha256 } +-- PUBLIC-KEYS { pk-dsa } +-- SMIME-CAPS { IDENTIFIED BY dsa-with-sha256 } +-- } + + dsa-with-sha256 OBJECT IDENTIFIER ::= { + joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) + csor(3) algorithms(4) id-dsa-with-sha2(3) 2 } + + -- ECDSA with SHA-1 + +-- sa-ecdsaWithSHA1 SIGNATURE-ALGORITHM ::= { +-- IDENTIFIER ecdsa-with-SHA1 +-- VALUE ECDSA-Sig-Value +-- PARAMS TYPE NULL ARE absent +-- HASHES { mda-sha1 } +-- PUBLIC-KEYS { pk-ec } +-- SMIME-CAPS {IDENTIFIED BY ecdsa-with-SHA1 } +-- } + + ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) + signatures(4) 1 } + + -- ECDSA with SHA-224 + +-- sa-ecdsaWithSHA224 SIGNATURE-ALGORITHM ::= { +-- IDENTIFIER ecdsa-with-SHA224 +-- VALUE ECDSA-Sig-Value +-- PARAMS TYPE NULL ARE absent +-- HASHES { mda-sha224 } +-- PUBLIC-KEYS { pk-ec } +-- SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA224 } +-- } + + ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + ecdsa-with-SHA2(3) 1 } + + -- ECDSA with SHA-256 + +-- sa-ecdsaWithSHA256 SIGNATURE-ALGORITHM ::= { +-- IDENTIFIER ecdsa-with-SHA256 +-- VALUE ECDSA-Sig-Value +-- PARAMS TYPE NULL ARE absent +-- HASHES { mda-sha256 } +-- PUBLIC-KEYS { pk-ec } +-- SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA256 } +-- } + + ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + ecdsa-with-SHA2(3) 2 } + + -- ECDSA with SHA-384 + +-- sa-ecdsaWithSHA384 SIGNATURE-ALGORITHM ::= { +-- IDENTIFIER ecdsa-with-SHA384 +-- VALUE ECDSA-Sig-Value +-- PARAMS TYPE NULL ARE absent +-- HASHES { mda-sha384 } +-- PUBLIC-KEYS { pk-ec } +-- SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA384 } +-- } + + ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + ecdsa-with-SHA2(3) 3 } + + -- ECDSA with SHA-512 + +-- sa-ecdsaWithSHA512 SIGNATURE-ALGORITHM ::= { +-- IDENTIFIER ecdsa-with-SHA512 +-- VALUE ECDSA-Sig-Value +-- PARAMS TYPE NULL ARE absent +-- HASHES { mda-sha512 } +-- PUBLIC-KEYS { pk-ec } +-- SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA512 } +-- } + + ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + ecdsa-with-SHA2(3) 4 } + + -- + -- Signature Values + -- + + -- DSA + + DSA-Sig-Value ::= SEQUENCE { + r INTEGER, + s INTEGER + } + + -- ECDSA + + ECDSA-Sig-Value ::= SEQUENCE { + r INTEGER, + s INTEGER + } + + -- + -- Message Digest Algorithms (mda-) + -- + + HashAlgs DIGEST-ALGORITHM ::= { + mda-md2 | + mda-md5 | + mda-sha1, + ... -- Extensible + } + -- MD-2 + +-- mda-md2 DIGEST-ALGORITHM ::= { +-- IDENTIFIER id-md2 +-- PARAMS TYPE NULL ARE preferredAbsent +-- } + + id-md2 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) + digestAlgorithm(2) 2 } + + -- MD-5 + +-- mda-md5 DIGEST-ALGORITHM ::= { +-- IDENTIFIER id-md5 +-- PARAMS TYPE NULL ARE preferredAbsent +-- } + + id-md5 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) + digestAlgorithm(2) 5 } + + -- SHA-1 + +-- mda-sha1 DIGEST-ALGORITHM ::= { +-- IDENTIFIER id-sha1 +-- PARAMS TYPE NULL ARE preferredAbsent +-- } + + id-sha1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) oiw(14) secsig(3) + algorithm(2) 26 } + + -- SHA-2 family (from RFC 3447) + + id-sha256 OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) country(16) us(840) organization(1) + gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } + + END diff --git a/epan/dissectors/asn1/pkcs1/packet-pkcs1-template.c b/epan/dissectors/asn1/pkcs1/packet-pkcs1-template.c new file mode 100644 index 0000000000..8ea89414a3 --- /dev/null +++ b/epan/dissectors/asn1/pkcs1/packet-pkcs1-template.c @@ -0,0 +1,122 @@ +/* packet-pkcs1.c + * Routines for PKCS#1/RFC2313 packet dissection + * Ronnie Sahlberg 2004 + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#include <epan/packet.h> +#include <epan/oids.h> +#include <epan/asn1.h> + +#include "packet-ber.h" +#include "packet-pkcs1.h" +#include "packet-x509af.h" + +#define PNAME "PKCS#1" +#define PSNAME "PKCS-1" +#define PFNAME "pkcs-1" + +void proto_register_pkcs1(void); +void proto_reg_handoff_pkcs1(void); + +/* Initialize the protocol and registered fields */ +static int proto_pkcs1 = -1; +#include "packet-pkcs1-hf.c" + +/* Initialize the subtree pointers */ +#include "packet-pkcs1-ett.c" + +#include "packet-pkcs1-fn.c" + +/*--- proto_register_pkcs1 ----------------------------------------------*/ +void proto_register_pkcs1(void) { + + /* List of fields */ + static hf_register_info hf[] = { +#include "packet-pkcs1-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { +#include "packet-pkcs1-ettarr.c" + }; + + /* Register protocol */ + proto_pkcs1 = proto_register_protocol(PNAME, PSNAME, PFNAME); + + /* Register fields and subtrees */ + proto_register_field_array(proto_pkcs1, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + +} + + +/*--- proto_reg_handoff_pkcs1 -------------------------------------------*/ +void proto_reg_handoff_pkcs1(void) { +#include "packet-pkcs1-dis-tab.c" + + register_ber_oid_dissector("1.2.840.113549.2.2", dissect_ber_oid_NULL_callback, proto_pkcs1, "md2"); + register_ber_oid_dissector("1.2.840.113549.2.4", dissect_ber_oid_NULL_callback, proto_pkcs1, "md4"); + register_ber_oid_dissector("1.2.840.113549.2.5", dissect_ber_oid_NULL_callback, proto_pkcs1, "md5"); + + register_ber_oid_dissector("1.2.840.113549.1.1.1", dissect_ber_oid_NULL_callback, proto_pkcs1, "rsaEncryption"); + register_ber_oid_dissector("1.2.840.113549.1.1.2", dissect_ber_oid_NULL_callback, proto_pkcs1, "md2WithRSAEncryption"); + register_ber_oid_dissector("1.2.840.113549.1.1.3", dissect_ber_oid_NULL_callback, proto_pkcs1, "md4WithRSAEncryption"); + register_ber_oid_dissector("1.2.840.113549.1.1.4", dissect_ber_oid_NULL_callback, proto_pkcs1, "md5WithRSAEncryption"); + + + /* these two are not from RFC2313 but pulled in from + http://www.alvestrand.no/objectid/1.2.840.113549.1.1.html + */ + register_ber_oid_dissector("1.2.840.113549.1.1.5", dissect_ber_oid_NULL_callback, proto_pkcs1, "sha1WithRSAEncryption"); + register_ber_oid_dissector("1.2.840.113549.1.1.6", dissect_ber_oid_NULL_callback, proto_pkcs1, "rsaOAEPEncryptionSET"); + + /* these sha2 algorithms are from RFC3447 */ + register_ber_oid_dissector("1.2.840.113549.1.1.11", dissect_ber_oid_NULL_callback, proto_pkcs1, "sha256WithRSAEncryption"); + register_ber_oid_dissector("1.2.840.113549.1.1.12", dissect_ber_oid_NULL_callback, proto_pkcs1, "sha384WithRSAEncryption"); + register_ber_oid_dissector("1.2.840.113549.1.1.13", dissect_ber_oid_NULL_callback, proto_pkcs1, "sha512WithRSAEncryption"); + register_ber_oid_dissector("1.2.840.113549.1.1.14", dissect_ber_oid_NULL_callback, proto_pkcs1, "sha224WithRSAEncryption"); + + oid_add_from_string("secp192r1","1.2.840.10045.3.1.1"); + oid_add_from_string("sect163k1","1.3.132.0.1"); + oid_add_from_string("sect163r2","1.3.132.0.15"); + oid_add_from_string("secp224r1","1.3.132.0.33"); + oid_add_from_string("sect233k1","1.3.132.0.26"); + oid_add_from_string("sect233r1","1.3.132.0.27"); + oid_add_from_string("secp256r1","1.2.840.10045.3.1.7"); + oid_add_from_string("sect283k1","1.3.132.0.16"); + oid_add_from_string("sect283r1","1.3.132.0.17"); + oid_add_from_string("secp384r1","1.3.132.0.34"); + oid_add_from_string("sect409k1","1.3.132.0.36"); + oid_add_from_string("sect409r1","1.3.132.0.37"); + oid_add_from_string("secp521r1","1.3.132.0.35"); + oid_add_from_string("sect571k1","1.3.132.0.38"); + oid_add_from_string("sect571r1","1.3.132.0.39"); + + /* sha2 family, see RFC3447 and http://www.oid-info.com/get/2.16.840.1.101.3.4.2 */ + oid_add_from_string("sha256", "2.16.840.1.101.3.4.2.1"); + oid_add_from_string("sha384", "2.16.840.1.101.3.4.2.2"); + oid_add_from_string("sha512", "2.16.840.1.101.3.4.2.3"); + oid_add_from_string("sha224", "2.16.840.1.101.3.4.2.4"); + +} + diff --git a/epan/dissectors/asn1/pkcs1/packet-pkcs1-template.h b/epan/dissectors/asn1/pkcs1/packet-pkcs1-template.h new file mode 100644 index 0000000000..f47af554c1 --- /dev/null +++ b/epan/dissectors/asn1/pkcs1/packet-pkcs1-template.h @@ -0,0 +1,30 @@ +/* packet-pkcs1.h + * Routines for PKCS#1/RFC2313 packet dissection + * Ronnie Sahlberg 2004 + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef PACKET_PKCS1_H +#define PACKET_PKCS1_H + +#include "packet-pkcs1-exp.h" + +#endif /* PACKET_PKCS1_H */ + diff --git a/epan/dissectors/asn1/pkcs1/pkcs1.cnf b/epan/dissectors/asn1/pkcs1/pkcs1.cnf new file mode 100644 index 0000000000..ed0c7e8dd1 --- /dev/null +++ b/epan/dissectors/asn1/pkcs1/pkcs1.cnf @@ -0,0 +1,39 @@ +# pkcs1.cnf +# PKCS#1 conformation file + +#.IMPORT ../x509af/x509af-exp.cnf + +#.EXPORTS + +RSAPublicKey +DigestInfo + +#.NO_EMIT + +#.TYPE_RENAME + +#.FIELD_RENAME + +#.REGISTER +DSA-Params B "1.2.840.10040.4.1" "id-dsa" +DomainParameters B "1.2.840.10046.2.1" "dhpublicnumber" +KEA-Params-Id B "2.16.840.1.101.2.1.1.22" "id-keyExchangeAlgorithm" +ECParameters B "1.2.840.10045.2.1" "id-ecPublicKey" +ECParameters B "1.3.132.1.12" "id-ecDH" +ECParameters B "1.2.840.10045.2.13" "id-ecMQV" +RSASSA-PSS-params B "1.2.840.113549.1.1.10" "id-RSASSA-PSS" +HashAlgorithm B "1.2.840.113549.1.1.8" "id-mgf1" + +#.NO_EMIT +DSAPublicKey +DHPublicKey +ECPoint +DSA-Sig-Value +ECDSA-Sig-Value + +#.TYPE_ATTR +RSAPublicKey/modulus TYPE = FT_BYTES DISPLAY = BASE_NONE + +#.END + + |