diff options
author | João Valverde <joao.valverde@tecnico.ulisboa.pt> | 2016-03-09 03:17:51 +0000 |
---|---|---|
committer | João Valverde <j@v6e.pt> | 2016-03-13 21:30:24 +0000 |
commit | 54a520d4a1151c68d0b4e5f09a8d82466fa499f3 (patch) | |
tree | 7aacae160382098ce651ac862a5dfd5de4beff94 /epan/dissectors/asn1/pkixac | |
parent | c1f3c935bdd33090c87f0d2f84842ce9729b747a (diff) |
Move /asn1 to /epan/dissectors
Change-Id: I1208fe3c2ba428995526f561e8f792b8d871e9a9
Reviewed-on: https://code.wireshark.org/review/14388
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
Diffstat (limited to 'epan/dissectors/asn1/pkixac')
-rw-r--r-- | epan/dissectors/asn1/pkixac/CMakeLists.txt | 55 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkixac/Makefile.am | 23 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkixac/Makefile.common | 53 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkixac/Makefile.nmake | 26 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkixac/PKIXAttributeCertificate.asn | 200 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkixac/packet-pkixac-template.c | 86 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkixac/packet-pkixac-template.h | 32 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkixac/pkixac.cnf | 63 |
8 files changed, 538 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/pkixac/CMakeLists.txt b/epan/dissectors/asn1/pkixac/CMakeLists.txt new file mode 100644 index 0000000000..70d87940bb --- /dev/null +++ b/epan/dissectors/asn1/pkixac/CMakeLists.txt @@ -0,0 +1,55 @@ +# CMakeLists.txt +# +# Wireshark - Network traffic analyzer +# By Gerald Combs <gerald@wireshark.org> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# + +set( PROTOCOL_NAME pkixac ) + +set( PROTO_OPT ) + +set( EXT_ASN_FILE_LIST +) + +set( ASN_FILE_LIST + PKIXAttributeCertificate.asn +) + +set( EXTRA_DIST + ${ASN_FILE_LIST} + packet-${PROTOCOL_NAME}-template.c + packet-${PROTOCOL_NAME}-template.h + ${PROTOCOL_NAME}.cnf +) + +set( SRC_FILES + ${EXTRA_DIST} + ${EXT_ASN_FILE_LIST} +) + +set( A2W_FLAGS -b ) + +set( EXTRA_CNF + ../pkix1explicit/pkix1explicit_exp.cnf + ../pkix1implicit/pkix1implicit_exp.cnf + "${CMAKE_CURRENT_BINARY_DIR}/../x509af/x509af-exp.cnf" + "${CMAKE_CURRENT_BINARY_DIR}/../x509ce/x509ce-exp.cnf" +) + +ASN2WRS() + diff --git a/epan/dissectors/asn1/pkixac/Makefile.am b/epan/dissectors/asn1/pkixac/Makefile.am new file mode 100644 index 0000000000..72d28e600b --- /dev/null +++ b/epan/dissectors/asn1/pkixac/Makefile.am @@ -0,0 +1,23 @@ +# Wireshark - Network traffic analyzer +# By Gerald Combs <gerald@wireshark.org> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +include ../Makefile.preinc +include Makefile.common +include ../Makefile.inc + diff --git a/epan/dissectors/asn1/pkixac/Makefile.common b/epan/dissectors/asn1/pkixac/Makefile.common new file mode 100644 index 0000000000..422894cc1b --- /dev/null +++ b/epan/dissectors/asn1/pkixac/Makefile.common @@ -0,0 +1,53 @@ +# Wireshark - Network traffic analyzer +# By Gerald Combs <gerald@wireshark.org> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +PROTOCOL_NAME=pkixac + +EXT_ASN_FILE_LIST = + +ASN_FILE_LIST = \ + PKIXAttributeCertificate.asn + +# The packet-$(PROTOCOL_NAME)-template.h and $(PROTOCOL_NAME).asn +# files do not exist for all protocols: Please add/remove as required. +EXTRA_DIST = \ + $(EXTRA_DIST_COMMON) \ + $(ASN_FILE_LIST) \ + packet-$(PROTOCOL_NAME)-template.c \ + packet-$(PROTOCOL_NAME)-template.h \ + $(PROTOCOL_NAME).cnf + +SRC_FILES = \ + $(EXTRA_DIST) \ + $(EXT_ASN_FILE_LIST) + +A2W_FLAGS= -b + +EXTRA_CNF= \ + $(builddir)/../pkix1explicit/pkix1explicit_exp.cnf \ + $(builddir)/../pkix1implicit/pkix1implicit_exp.cnf \ + $(builddir)/../x509af/x509af-exp.cnf \ + $(builddir)/../x509ce/x509ce-exp.cnf + +$(builddir)/../x509af/x509af-exp.cnf: + (cd $(builddir)/../x509af && $(MAKE_CNF_EXPORT)) + +$(builddir)/../x509ce/x509ce-exp.cnf: + (cd $(builddir)/../x509ce && $(MAKE_CNF_EXPORT)) + diff --git a/epan/dissectors/asn1/pkixac/Makefile.nmake b/epan/dissectors/asn1/pkixac/Makefile.nmake new file mode 100644 index 0000000000..d296638ddd --- /dev/null +++ b/epan/dissectors/asn1/pkixac/Makefile.nmake @@ -0,0 +1,26 @@ +## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake +# +# Wireshark - Network traffic analyzer +# By Gerald Combs <gerald@wireshark.org> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +include ../../../../config.nmake +include ../Makefile.preinc.nmake +include Makefile.common +include ../Makefile.inc.nmake + diff --git a/epan/dissectors/asn1/pkixac/PKIXAttributeCertificate.asn b/epan/dissectors/asn1/pkixac/PKIXAttributeCertificate.asn new file mode 100644 index 0000000000..5a99c7ddb1 --- /dev/null +++ b/epan/dissectors/asn1/pkixac/PKIXAttributeCertificate.asn @@ -0,0 +1,200 @@ +PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-attribute-cert(12)} + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL -- + +IMPORTS + + -- IMPORTed module OIDs MAY change if [PKIXPROF] changes + -- PKIX Certificate Extensions + Attribute, AlgorithmIdentifier, CertificateSerialNumber, + Extensions, UniqueIdentifier, + id-pkix, id-pe, id-kp, id-ad, id-at + FROM PKIX1Explicit88 {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) + pkix(7) id-mod(0) id-pkix1-explicit-88(1)} + + GeneralName, GeneralNames, id-ce + FROM CertificateExtensions {joint-iso-itu-t ds(5) module(1) + certificateExtensions(26) 5} ; +-- FROM PKIX1Implicit88 {iso(1) identified-organization(3) +-- dod(6) internet(1) security(5) mechanisms(5) +-- pkix(7) id-mod(0) id-pkix1-implicit-88(2)} ; + +id-pe-ac-auditIdentity OBJECT IDENTIFIER ::= { id-pe 4 } +id-pe-aaControls OBJECT IDENTIFIER ::= { id-pe 6 } +id-pe-ac-proxying OBJECT IDENTIFIER ::= { id-pe 10 } +id-ce-targetInformation OBJECT IDENTIFIER ::= { id-ce 55 } + +id-aca OBJECT IDENTIFIER ::= { id-pkix 10 } +id-aca-authenticationInfo OBJECT IDENTIFIER ::= { id-aca 1 } +id-aca-accessIdentity OBJECT IDENTIFIER ::= { id-aca 2 } +id-aca-chargingIdentity OBJECT IDENTIFIER ::= { id-aca 3 } +id-aca-group OBJECT IDENTIFIER ::= { id-aca 4 } +-- { id-aca 5 } is reserved +id-aca-encAttrs OBJECT IDENTIFIER ::= { id-aca 6 } + +id-at-role OBJECT IDENTIFIER ::= { id-at 72} +id-at-clearance OBJECT IDENTIFIER ::= + { joint-iso-ccitt(2) ds(5) module(1) + selected-attribute-types(5) clearance (55) } + + -- Uncomment this if using a 1988 level ASN.1 compiler + -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING + + AttributeCertificate ::= SEQUENCE { + acinfo AttributeCertificateInfo, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING + } + + AttributeCertificateInfo ::= SEQUENCE { + version AttCertVersion, -- version is v2 + holder Holder, + issuer AttCertIssuer, + signature AlgorithmIdentifier, + serialNumber CertificateSerialNumber, + attrCertValidityPeriod AttCertValidityPeriod, + attributes SEQUENCE OF Attribute, + issuerUniqueID UniqueIdentifier OPTIONAL, + extensions Extensions OPTIONAL + } + + AttCertVersion ::= INTEGER { v2(1) } + + Holder ::= SEQUENCE { + baseCertificateID [0] IssuerSerial OPTIONAL, + -- the issuer and serial number of + -- the holder's Public Key Certificate + entityName [1] GeneralNames OPTIONAL, + -- the name of the claimant or role + objectDigestInfo [2] ObjectDigestInfo OPTIONAL + -- used to directly authenticate the + -- holder, for example, an executable + } + + ObjectDigestInfo ::= SEQUENCE { + digestedObjectType ENUMERATED { + publicKey (0), + publicKeyCert (1), + otherObjectTypes (2) }, + -- otherObjectTypes MUST NOT + -- MUST NOT be used in this profile + otherObjectTypeID OBJECT IDENTIFIER OPTIONAL, + digestAlgorithm AlgorithmIdentifier, + objectDigest BIT STRING + } + + AttCertIssuer ::= CHOICE { + v1Form GeneralNames, -- MUST NOT be used in this + -- profile + v2Form [0] V2Form -- v2 only + } + + V2Form ::= SEQUENCE { + issuerName GeneralNames OPTIONAL, + baseCertificateID [0] IssuerSerial OPTIONAL, + objectDigestInfo [1] ObjectDigestInfo OPTIONAL + -- issuerName MUST be present in this profile + -- baseCertificateID and objectDigestInfo MUST + -- NOT be present in this profile + } + + IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serial CertificateSerialNumber, + issuerUID UniqueIdentifier OPTIONAL + } + + AttCertValidityPeriod ::= SEQUENCE { + notBeforeTime GeneralizedTime, + notAfterTime GeneralizedTime + } + + Targets ::= SEQUENCE OF Target + + Target ::= CHOICE { + targetName [0] GeneralName, + targetGroup [1] GeneralName, + targetCert [2] TargetCert + } + + TargetCert ::= SEQUENCE { + targetCertificate IssuerSerial, + targetName GeneralName OPTIONAL, + certDigestInfo ObjectDigestInfo OPTIONAL + } + + IetfAttrSyntax ::= SEQUENCE { + policyAuthority[0] GeneralNames OPTIONAL, + values SEQUENCE OF CHOICE { + octets OCTET STRING, + oid OBJECT IDENTIFIER, + string UTF8String + } + } + + SvceAuthInfo ::= SEQUENCE { + service GeneralName, + ident GeneralName, + authInfo OCTET STRING OPTIONAL + } + + RoleSyntax ::= SEQUENCE { + roleAuthority [0] GeneralNames OPTIONAL, + roleName [1] GeneralName + } + + Clearance ::= SEQUENCE { + policyId OBJECT IDENTIFIER, + classList ClassList DEFAULT {unclassified}, + securityCategories + SET OF SecurityCategory OPTIONAL + } + + RFC3281Clearance ::= SEQUENCE { + policyId [0] OBJECT IDENTIFIER, + classList [1] ClassList DEFAULT {unclassified}, + securityCategories + [2] SET OF SecurityCategory OPTIONAL + } + + + ClassList ::= BIT STRING { + unmarked (0), + unclassified (1), + restricted (2), + confidential (3), + secret (4), + topSecret (5) + } + + SecurityCategory ::= SEQUENCE { + type [0] IMPLICIT OBJECT IDENTIFIER, + value [1] ANY DEFINED BY type + } + + AAControls ::= SEQUENCE { + pathLenConstraint INTEGER (0..MAX) OPTIONAL, + permittedAttrs [0] AttrSpec OPTIONAL, + excludedAttrs [1] AttrSpec OPTIONAL, + permitUnSpecified BOOLEAN DEFAULT TRUE + } + + AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER + + ACClearAttrs ::= SEQUENCE { + acIssuer GeneralName, + acSerial INTEGER, + attrs SEQUENCE OF Attribute + } + + ProxyInfo ::= SEQUENCE OF Targets + +END + diff --git a/epan/dissectors/asn1/pkixac/packet-pkixac-template.c b/epan/dissectors/asn1/pkixac/packet-pkixac-template.c new file mode 100644 index 0000000000..f48b6eec15 --- /dev/null +++ b/epan/dissectors/asn1/pkixac/packet-pkixac-template.c @@ -0,0 +1,86 @@ +/* packet-pkixac.c + * + * Routines for PKIXAttributeCertificate (RFC3281) packet dissection. + * + * Copyright 2010, Stig Bjorlykke <stig@bjorlykke.org> + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#include <epan/packet.h> + +#include <epan/asn1.h> +#include "packet-ber.h" +#include "packet-pkixac.h" +#include "packet-pkix1explicit.h" +#include "packet-pkix1implicit.h" +#include "packet-x509ce.h" + +#define PNAME "PKIX Attribute Certificate" +#define PSNAME "PKIXAC" +#define PFNAME "pkixac" + +void proto_register_pkixac(void); +void proto_reg_handoff_pkixac(void); + +/* Initialize the protocol and registered fields */ +static int proto_pkixac = -1; +#include "packet-pkixac-hf.c" + +/* Initialize the subtree pointers */ +static gint ett_pkixac = -1; +#include "packet-pkixac-ett.c" + +static const char *object_identifier_id; + +#include "packet-pkixac-fn.c" + +/*--- proto_register_pkixac ----------------------------------------------*/ +void proto_register_pkixac(void) { + + /* List of fields */ + static hf_register_info hf[] = { +#include "packet-pkixac-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + &ett_pkixac, +#include "packet-pkixac-ettarr.c" + }; + + /* Register protocol */ + proto_pkixac = proto_register_protocol(PNAME, PSNAME, PFNAME); + + /* Register fields and subtrees */ + proto_register_field_array(proto_pkixac, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + +#include "packet-pkixac-syn-reg.c" + +} + + +/*--- proto_reg_handoff_pkixac -------------------------------------------*/ +void proto_reg_handoff_pkixac(void) { +#include "packet-pkixac-dis-tab.c" +} + diff --git a/epan/dissectors/asn1/pkixac/packet-pkixac-template.h b/epan/dissectors/asn1/pkixac/packet-pkixac-template.h new file mode 100644 index 0000000000..a78793cdfc --- /dev/null +++ b/epan/dissectors/asn1/pkixac/packet-pkixac-template.h @@ -0,0 +1,32 @@ +/* packet-pkixac.h + * + * Routines for PKIXAttributeCertificate (RFC3281) packet dissection. + * + * Copyright 2010, Stig Bjorlykke <stig@bjorlykke.org> + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef PACKET_PKIXAC_H +#define PACKET_PKIXAC_H + +/*#include "packet-pkixac-exp.h"*/ + +#endif /* PACKET_PKIXAC_H */ + diff --git a/epan/dissectors/asn1/pkixac/pkixac.cnf b/epan/dissectors/asn1/pkixac/pkixac.cnf new file mode 100644 index 0000000000..0ff6ed5262 --- /dev/null +++ b/epan/dissectors/asn1/pkixac/pkixac.cnf @@ -0,0 +1,63 @@ +# pkixac.cnf +# An Internet Attribute Certificate (RFC3281) conformation file + +#.MODULE_IMPORT +PKIX1Explicit88 pkix1explicit +PKIX1Implicit88 pkix1implicit +CertificateExtensions x509ce + +#.IMPORT ../pkix1explicit/pkix1explicit_exp.cnf +#.IMPORT ../pkix1implicit/pkix1implicit_exp.cnf +#.IMPORT ../x509ce/x509ce-exp.cnf + +#.OMIT_ASSIGNMENT +ACClearAttrs +AttributeCertificate +AttributeCertificateInfo +AttCertVersion +Holder +AttCertIssuer +AttCertValidityPeriod +V2Form + +#.EXPORTS + +#.PDU + +#.NO_EMIT + +#.TYPE_RENAME + +#.FIELD_RENAME + +#.SYNTAX +Clearance +RFC3281Clearance + +#.REGISTER +AAControls B "1.3.6.1.5.5.7.1.6" "id-pe-aaControls" +ProxyInfo B "1.3.6.1.5.5.7.1.10" "id-pe-ac-proxying" +SvceAuthInfo B "1.3.6.1.5.5.7.10.1" "id-aca-authenticationInfo" +SvceAuthInfo B "1.3.6.1.5.5.7.10.2" "id-aca-accessIdentity" +IetfAttrSyntax B "1.3.6.1.5.5.7.10.3" "id-aca-chargingIdentity" +IetfAttrSyntax B "1.3.6.1.5.5.7.10.4" "id-aca-group" +Clearance B "2.5.1.5.55" "id-at-clearance" +Clearance B "2.5.4.55" "id-at-clearance" +#AttributeCertificate B "2.5.4.58" "id-at-attributeCertificate" +RoleSyntax B "2.5.4.72" "id-at-role" +Targets B "2.5.29.55" "id-ce-targetInformation" +#AuthorityKeyIdentifier B "2.5.29.35" "id-ce-authorityKeyIdentifier" + +#.FN_BODY SecurityCategory + object_identifier_id = NULL; + %(DEFAULT_BODY)s + +#.FN_PARS SecurityCategory/type + FN_VARIANT = _str VAL_PTR = &object_identifier_id + +#.FN_BODY SecurityCategory/value + if (object_identifier_id) + offset = call_ber_oid_callback (object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); + +#.END + |