diff options
Diffstat (limited to 'epan/dissectors/asn1/x509af/packet-x509af-template.c')
-rw-r--r-- | epan/dissectors/asn1/x509af/packet-x509af-template.c | 198 |
1 files changed, 198 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/x509af/packet-x509af-template.c b/epan/dissectors/asn1/x509af/packet-x509af-template.c new file mode 100644 index 0000000000..e6d675ccea --- /dev/null +++ b/epan/dissectors/asn1/x509af/packet-x509af-template.c @@ -0,0 +1,198 @@ +/* packet-x509af.c + * Routines for X.509 Authentication Framework packet dissection + * Ronnie Sahlberg 2004 + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#include <epan/packet.h> +#include <epan/oids.h> +#include <epan/asn1.h> + +#include "packet-ber.h" +#include "packet-x509af.h" +#include "packet-x509ce.h" +#include "packet-x509if.h" +#include "packet-x509sat.h" +#include "packet-ldap.h" +#include "packet-pkcs1.h" +#if defined(HAVE_LIBGNUTLS) +#include <gnutls/gnutls.h> +#endif + +#define PNAME "X.509 Authentication Framework" +#define PSNAME "X509AF" +#define PFNAME "x509af" + +void proto_register_x509af(void); +void proto_reg_handoff_x509af(void); + +/* Initialize the protocol and registered fields */ +static int proto_x509af = -1; +static int hf_x509af_algorithm_id = -1; +static int hf_x509af_extension_id = -1; +#include "packet-x509af-hf.c" + +/* Initialize the subtree pointers */ +static gint ett_pkix_crl = -1; +#include "packet-x509af-ett.c" +static const char *algorithm_id = NULL; +static void +x509af_export_publickey(tvbuff_t *tvb, asn1_ctx_t *actx, int offset, int len); +#include "packet-x509af-fn.c" + +/* Exports the SubjectPublicKeyInfo structure as gnutls_datum_t. + * actx->private_data is assumed to be a gnutls_datum_t pointer which will be + * filled in if non-NULL. */ +static void +x509af_export_publickey(tvbuff_t *tvb _U_, asn1_ctx_t *actx _U_, int offset _U_, int len _U_) +{ +#if defined(HAVE_LIBGNUTLS) + gnutls_datum_t *subjectPublicKeyInfo = (gnutls_datum_t *)actx->private_data; + if (subjectPublicKeyInfo) { + subjectPublicKeyInfo->data = (guchar *) tvb_get_ptr(tvb, offset, len); + subjectPublicKeyInfo->size = len; + actx->private_data = NULL; + } +#endif +} + +const char *x509af_get_last_algorithm_id(void) { + return algorithm_id; +} + + +static int +dissect_pkix_crl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void *data _U_) +{ + proto_tree *tree; + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "PKIX-CRL"); + + col_set_str(pinfo->cinfo, COL_INFO, "Certificate Revocation List"); + + + tree=proto_tree_add_subtree(parent_tree, tvb, 0, -1, ett_pkix_crl, NULL, "Certificate Revocation List"); + + return dissect_x509af_CertificateList(FALSE, tvb, 0, &asn1_ctx, tree, -1); +} + +static void +x509af_cleanup_protocol(void) +{ + algorithm_id = NULL; +} + +/*--- proto_register_x509af ----------------------------------------------*/ +void proto_register_x509af(void) { + + /* List of fields */ + static hf_register_info hf[] = { + { &hf_x509af_algorithm_id, + { "Algorithm Id", "x509af.algorithm.id", + FT_OID, BASE_NONE, NULL, 0, + NULL, HFILL }}, + { &hf_x509af_extension_id, + { "Extension Id", "x509af.extension.id", + FT_OID, BASE_NONE, NULL, 0, + NULL, HFILL }}, +#include "packet-x509af-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + &ett_pkix_crl, +#include "packet-x509af-ettarr.c" + }; + + /* Register protocol */ + proto_x509af = proto_register_protocol(PNAME, PSNAME, PFNAME); + + /* Register fields and subtrees */ + proto_register_field_array(proto_x509af, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + register_cleanup_routine(&x509af_cleanup_protocol); + + register_ber_syntax_dissector("Certificate", proto_x509af, dissect_x509af_Certificate_PDU); + register_ber_syntax_dissector("CertificateList", proto_x509af, dissect_CertificateList_PDU); + register_ber_syntax_dissector("CrossCertificatePair", proto_x509af, dissect_CertificatePair_PDU); + + register_ber_oid_syntax(".cer", NULL, "Certificate"); + register_ber_oid_syntax(".crt", NULL, "Certificate"); + register_ber_oid_syntax(".crl", NULL, "CertificateList"); +} + + +/*--- proto_reg_handoff_x509af -------------------------------------------*/ +void proto_reg_handoff_x509af(void) { + dissector_handle_t pkix_crl_handle; + + pkix_crl_handle = create_dissector_handle(dissect_pkix_crl, proto_x509af); + dissector_add_string("media_type", "application/pkix-crl", pkix_crl_handle); + +#include "packet-x509af-dis-tab.c" + + /*XXX these should really go to a better place but since + I have not that ITU standard, I'll put it here for the time + being. + Only implemented those algorithms that take no parameters + for the time being, ronnie + */ + /* from http://www.alvestrand.no/objectid/1.3.14.3.2.html */ + register_ber_oid_dissector("1.3.14.3.2.2", dissect_ber_oid_NULL_callback, proto_x509af, "md4WithRSA"); + register_ber_oid_dissector("1.3.14.3.2.3", dissect_ber_oid_NULL_callback, proto_x509af, "md5WithRSA"); + register_ber_oid_dissector("1.3.14.3.2.4", dissect_ber_oid_NULL_callback, proto_x509af, "md4WithRSAEncryption"); + register_ber_oid_dissector("1.3.14.3.2.6", dissect_ber_oid_NULL_callback, proto_x509af, "desECB"); + register_ber_oid_dissector("1.3.14.3.2.11", dissect_ber_oid_NULL_callback, proto_x509af, "rsaSignature"); + register_ber_oid_dissector("1.3.14.3.2.14", dissect_ber_oid_NULL_callback, proto_x509af, "mdc2WithRSASignature"); + register_ber_oid_dissector("1.3.14.3.2.15", dissect_ber_oid_NULL_callback, proto_x509af, "shaWithRSASignature"); + register_ber_oid_dissector("1.3.14.3.2.16", dissect_ber_oid_NULL_callback, proto_x509af, "dhWithCommonModulus"); + register_ber_oid_dissector("1.3.14.3.2.17", dissect_ber_oid_NULL_callback, proto_x509af, "desEDE"); + register_ber_oid_dissector("1.3.14.3.2.18", dissect_ber_oid_NULL_callback, proto_x509af, "sha"); + register_ber_oid_dissector("1.3.14.3.2.19", dissect_ber_oid_NULL_callback, proto_x509af, "mdc-2"); + register_ber_oid_dissector("1.3.14.3.2.20", dissect_ber_oid_NULL_callback, proto_x509af, "dsaCommon"); + register_ber_oid_dissector("1.3.14.3.2.21", dissect_ber_oid_NULL_callback, proto_x509af, "dsaCommonWithSHA"); + register_ber_oid_dissector("1.3.14.3.2.22", dissect_ber_oid_NULL_callback, proto_x509af, "rsaKeyTransport"); + register_ber_oid_dissector("1.3.14.3.2.23", dissect_ber_oid_NULL_callback, proto_x509af, "keyed-hash-seal"); + register_ber_oid_dissector("1.3.14.3.2.24", dissect_ber_oid_NULL_callback, proto_x509af, "md2WithRSASignature"); + register_ber_oid_dissector("1.3.14.3.2.25", dissect_ber_oid_NULL_callback, proto_x509af, "md5WithRSASignature"); + register_ber_oid_dissector("1.3.14.3.2.26", dissect_ber_oid_NULL_callback, proto_x509af, "SHA-1"); + register_ber_oid_dissector("1.3.14.3.2.27", dissect_ber_oid_NULL_callback, proto_x509af, "dsaWithSHA1"); + register_ber_oid_dissector("1.3.14.3.2.28", dissect_ber_oid_NULL_callback, proto_x509af, "dsaWithCommonSHA1"); + register_ber_oid_dissector("1.3.14.3.2.29", dissect_ber_oid_NULL_callback, proto_x509af, "sha-1WithRSAEncryption"); + + /* these will generally be encoded as ";binary" in LDAP */ + + dissector_add_string("ldap.name", "cACertificate", create_dissector_handle(dissect_x509af_Certificate_PDU, proto_x509af)); + dissector_add_string("ldap.name", "userCertificate", create_dissector_handle(dissect_x509af_Certificate_PDU, proto_x509af)); + + dissector_add_string("ldap.name", "certificateRevocationList", create_dissector_handle(dissect_CertificateList_PDU, proto_x509af)); + dissector_add_string("ldap.name", "crl", create_dissector_handle(dissect_CertificateList_PDU, proto_x509af)); + + dissector_add_string("ldap.name", "authorityRevocationList", create_dissector_handle(dissect_CertificateList_PDU, proto_x509af)); + dissector_add_string("ldap.name", "arl", create_dissector_handle(dissect_CertificateList_PDU, proto_x509af)); + + dissector_add_string("ldap.name", "crossCertificatePair", create_dissector_handle(dissect_CertificatePair_PDU, proto_x509af)); +} + |