From a792248d0b4d20475434004c3fcfa41c8df8a4a3 Mon Sep 17 00:00:00 2001 From: Kovarththanan Rajaratnam Date: Sat, 10 Oct 2009 13:08:09 +0000 Subject: pkixcmp -> cmp to make directory name consistent with filenames svn path=/trunk/; revision=30473 --- asn1/cmp/CMP.asn | 524 +++++++++++++++++++++++++++++++++++++++++ asn1/cmp/Makefile.am | 26 ++ asn1/cmp/Makefile.common | 55 +++++ asn1/cmp/Makefile.nmake | 29 +++ asn1/cmp/cmp.cnf | 116 +++++++++ asn1/cmp/packet-cmp-template.c | 456 +++++++++++++++++++++++++++++++++++ asn1/cmp/packet-cmp-template.h | 34 +++ 7 files changed, 1240 insertions(+) create mode 100644 asn1/cmp/CMP.asn create mode 100644 asn1/cmp/Makefile.am create mode 100644 asn1/cmp/Makefile.common create mode 100644 asn1/cmp/Makefile.nmake create mode 100644 asn1/cmp/cmp.cnf create mode 100644 asn1/cmp/packet-cmp-template.c create mode 100644 asn1/cmp/packet-cmp-template.h (limited to 'asn1/cmp') diff --git a/asn1/cmp/CMP.asn b/asn1/cmp/CMP.asn new file mode 100644 index 0000000000..94e80dde5e --- /dev/null +++ b/asn1/cmp/CMP.asn @@ -0,0 +1,524 @@ +-- Extracted from RFC4210 +-- by Martin Peylo +-- +-- Changes to the original ASN.1 source: +-- - Commented out the import of UTF8String which is not needed +-- - Commented out PKIBody/p10cr since PKCS-10 is not implemented +-- - Uncommented the definitions for the OIDs used in InfoTypeAndValue +-- +-- The copyright statement from the original description in RFC4211 +-- follows below: +-- +-- Full Copyright Statement +-- +-- Copyright (C) The Internet Society (2005). +-- +-- This document is subject to the rights, licenses and restrictions +-- contained in BCP 78, and except as set forth therein, the authors +-- retain all their rights. +-- +-- This document and the information contained herein are provided on an +-- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS +-- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET +-- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, +-- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE +-- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED +-- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + + PKIXCMP {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-mod-cmp2000(16)} + + DEFINITIONS EXPLICIT TAGS ::= + + BEGIN + + -- EXPORTS ALL -- + + IMPORTS + + Certificate, CertificateList, Extensions, AlgorithmIdentifier --, + -- UTF8String + -- if required; otherwise, comment out + FROM PKIX1Explicit88 {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-pkix1-explicit-88(1)} + + GeneralName, KeyIdentifier + FROM PKIX1Implicit88 {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-pkix1-implicit-88(2)} + + CertTemplate, PKIPublicationInfo, EncryptedValue, CertId, + CertReqMessages + FROM PKIXCRMF-2005 {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-mod-crmf2005(36)} + + -- see also the behavioral clarifications to CRMF codified in + -- Appendix C of this specification + + CertificationRequest + FROM PKCS-10 {iso(1) member-body(2) + us(840) rsadsi(113549) + pkcs(1) pkcs-10(10) modules(1) pkcs-10(1)} + + -- (specified in RFC 2986 with 1993 ASN.1 syntax and IMPLICIT + -- tags). Alternatively, implementers may directly include + -- the [PKCS10] syntax in this module + + ; + + -- the rest of the module contains locally-defined OIDs and + -- constructs + + CMPCertificate ::= CHOICE { + x509v3PKCert Certificate + } + -- This syntax, while bits-on-the-wire compatible with the + -- standard X.509 definition of "Certificate", allows the + -- possibility of future certificate types (such as X.509 + -- attribute certificates, WAP WTLS certificates, or other kinds + -- of certificates) within this certificate management protocol, + -- should a need ever arise to support such generality. Those + -- implementations that do not foresee a need to ever support + -- other certificate types MAY, if they wish, comment out the + -- above structure and "un-comment" the following one prior to + -- compiling this ASN.1 module. (Note that interoperability + -- with implementations that don't do this will be unaffected by + -- this change.) + + -- CMPCertificate ::= Certificate + + PKIMessage ::= SEQUENCE { + header PKIHeader, + body PKIBody, + protection [0] PKIProtection OPTIONAL, + extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate + OPTIONAL + } + + PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage + + PKIHeader ::= SEQUENCE { + pvno INTEGER { cmp1999(1), cmp2000(2) }, + sender GeneralName, + -- identifies the sender + recipient GeneralName, + -- identifies the intended recipient + messageTime [0] GeneralizedTime OPTIONAL, + -- time of production of this message (used when sender + -- believes that the transport will be "suitable"; i.e., + -- that the time will still be meaningful upon receipt) + protectionAlg [1] AlgorithmIdentifier OPTIONAL, + -- algorithm used for calculation of protection bits + senderKID [2] KeyIdentifier OPTIONAL, + recipKID [3] KeyIdentifier OPTIONAL, + -- to identify specific keys used for protection + transactionID [4] OCTET STRING OPTIONAL, + -- identifies the transaction; i.e., this will be the same in + -- corresponding request, response, certConf, and PKIConf + -- messages + senderNonce [5] OCTET STRING OPTIONAL, + recipNonce [6] OCTET STRING OPTIONAL, + -- nonces used to provide replay protection, senderNonce + -- is inserted by the creator of this message; recipNonce + -- is a nonce previously inserted in a related message by + -- the intended recipient of this message + freeText [7] PKIFreeText OPTIONAL, + -- this may be used to indicate context-specific instructions + -- (this field is intended for human consumption) + generalInfo [8] SEQUENCE SIZE (1..MAX) OF + InfoTypeAndValue OPTIONAL + -- this may be used to convey context-specific information + -- (this field not primarily intended for human consumption) + } + + PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String + -- text encoded as UTF-8 String [RFC3629] (note: each + -- UTF8String MAY include an [RFC3066] language tag + -- to indicate the language of the contained text + -- see [RFC2482] for details) + + PKIBody ::= CHOICE { -- message-specific body elements + ir [0] CertReqMessages, --Initialization Request + ip [1] CertRepMessage, --Initialization Response + cr [2] CertReqMessages, --Certification Request + cp [3] CertRepMessage, --Certification Response + -- p10cr [4] CertificationRequest, + --imported from [PKCS10] + p10cr [4] NULL, -- added for Wireshark to avoid miscounting of the branch_taken + popdecc [5] POPODecKeyChallContent, --pop Challenge + popdecr [6] POPODecKeyRespContent, --pop Response + kur [7] CertReqMessages, --Key Update Request + kup [8] CertRepMessage, --Key Update Response + krr [9] CertReqMessages, --Key Recovery Request + krp [10] KeyRecRepContent, --Key Recovery Response + rr [11] RevReqContent, --Revocation Request + rp [12] RevRepContent, --Revocation Response + ccr [13] CertReqMessages, --Cross-Cert. Request + ccp [14] CertRepMessage, --Cross-Cert. Response + ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. + cann [16] CertAnnContent, --Certificate Ann. + rann [17] RevAnnContent, --Revocation Ann. + crlann [18] CRLAnnContent, --CRL Announcement + pkiconf [19] PKIConfirmContent, --Confirmation + nested [20] NestedMessageContent, --Nested Message + genm [21] GenMsgContent, --General Message + genp [22] GenRepContent, --General Response + error [23] ErrorMsgContent, --Error Message + certConf [24] CertConfirmContent, --Certificate confirm + pollReq [25] PollReqContent, --Polling request + pollRep [26] PollRepContent --Polling response + } + + PKIProtection ::= BIT STRING + + ProtectedPart ::= SEQUENCE { + header PKIHeader, + body PKIBody + } + + id-PasswordBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 13} + PBMParameter ::= SEQUENCE { + salt OCTET STRING, + -- note: implementations MAY wish to limit acceptable sizes + -- of this string to values appropriate for their environment + -- in order to reduce the risk of denial-of-service attacks + owf AlgorithmIdentifier, + -- AlgId for a One-Way Function (SHA-1 recommended) + iterationCount INTEGER, + -- number of times the OWF is applied + -- note: implementations MAY wish to limit acceptable sizes + -- of this integer to values appropriate for their environment + -- in order to reduce the risk of denial-of-service attacks + mac AlgorithmIdentifier + -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], + } -- or HMAC [RFC2104, RFC2202]) + + id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30} + DHBMParameter ::= SEQUENCE { + owf AlgorithmIdentifier, + -- AlgId for a One-Way Function (SHA-1 recommended) + mac AlgorithmIdentifier + -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], + } -- or HMAC [RFC2104, RFC2202]) + + + NestedMessageContent ::= PKIMessages + + PKIStatus ::= INTEGER { + accepted (0), + -- you got exactly what you asked for + grantedWithMods (1), + -- you got something like what you asked for; the + -- requester is responsible for ascertaining the differences + rejection (2), + -- you don't get it, more information elsewhere in the message + waiting (3), + -- the request body part has not yet been processed; expect to + -- hear more later (note: proper handling of this status + -- response MAY use the polling req/rep PKIMessages specified + -- in Section 5.3.22; alternatively, polling in the underlying + -- transport layer MAY have some utility in this regard) + revocationWarning (4), + -- this message contains a warning that a revocation is + -- imminent + revocationNotification (5), + -- notification that a revocation has occurred + keyUpdateWarning (6) + -- update already done for the oldCertId specified in + -- CertReqMsg + } + + PKIFailureInfo ::= BIT STRING { + -- since we can fail in more than one way! + -- More codes may be added in the future if/when required. + badAlg (0), + -- unrecognized or unsupported Algorithm Identifier + badMessageCheck (1), + -- integrity check failed (e.g., signature did not verify) + badRequest (2), + -- transaction not permitted or supported + badTime (3), + -- messageTime was not sufficiently close to the system time, + -- as defined by local policy + badCertId (4), + -- no certificate could be found matching the provided criteria + badDataFormat (5), + -- the data submitted has the wrong format + wrongAuthority (6), + -- the authority indicated in the request is different from the + -- one creating the response token + incorrectData (7), + -- the requester's data is incorrect (for notary services) + missingTimeStamp (8), + -- when the timestamp is missing but should be there + -- (by policy) + badPOP (9), + -- the proof-of-possession failed + certRevoked (10), + -- the certificate has already been revoked + certConfirmed (11), + -- the certificate has already been confirmed + wrongIntegrity (12), + -- invalid integrity, password based instead of signature or + -- vice versa + badRecipientNonce (13), + -- invalid recipient nonce, either missing or wrong value + timeNotAvailable (14), + -- the TSA's time source is not available + unacceptedPolicy (15), + -- the requested TSA policy is not supported by the TSA. + unacceptedExtension (16), + -- the requested extension is not supported by the TSA. + addInfoNotAvailable (17), + -- the additional information requested could not be + -- understood or is not available + badSenderNonce (18), + -- invalid sender nonce, either missing or wrong size + badCertTemplate (19), + -- invalid cert. template or missing mandatory information + signerNotTrusted (20), + -- signer of the message unknown or not trusted + transactionIdInUse (21), + -- the transaction identifier is already in use + unsupportedVersion (22), + -- the version of the message is not supported + notAuthorized (23), + -- the sender was not authorized to make the preceding + -- request or perform the preceding action + systemUnavail (24), + -- the request cannot be handled due to system unavailability + systemFailure (25), + -- the request cannot be handled due to system failure + duplicateCertReq (26) + -- certificate cannot be issued because a duplicate + -- certificate already exists + } + + PKIStatusInfo ::= SEQUENCE { + status PKIStatus, + statusString PKIFreeText OPTIONAL, + failInfo PKIFailureInfo OPTIONAL + } + + OOBCert ::= CMPCertificate + + OOBCertHash ::= SEQUENCE { + hashAlg [0] AlgorithmIdentifier OPTIONAL, + certId [1] CertId OPTIONAL, + hashVal BIT STRING + -- hashVal is calculated over the DER encoding of the + -- self-signed certificate with the identifier certID. + } + + POPODecKeyChallContent ::= SEQUENCE OF Challenge + -- One Challenge per encryption key certification request (in the + -- same order as these requests appear in CertReqMessages). + + Challenge ::= SEQUENCE { + owf AlgorithmIdentifier OPTIONAL, + + -- MUST be present in the first Challenge; MAY be omitted in + -- any subsequent Challenge in POPODecKeyChallContent (if + -- omitted, then the owf used in the immediately preceding + -- Challenge is to be used). + + witness OCTET STRING, + -- the result of applying the one-way function (owf) to a + -- randomly-generated INTEGER, A. [Note that a different + -- INTEGER MUST be used for each Challenge.] + challenge OCTET STRING + -- the encryption (under the public key for which the cert. + -- request is being made) of Rand, where Rand is specified as + -- Rand ::= SEQUENCE { + -- int INTEGER, + -- - the randomly-generated INTEGER A (above) + -- sender GeneralName + -- - the sender's name (as included in PKIHeader) + -- } + } + + POPODecKeyRespContent ::= SEQUENCE OF INTEGER + -- One INTEGER per encryption key certification request (in the + -- same order as these requests appear in CertReqMessages). The + -- retrieved INTEGER A (above) is returned to the sender of the + -- corresponding Challenge. + + CertRepMessage ::= SEQUENCE { + caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate + OPTIONAL, + response SEQUENCE OF CertResponse + } + + CertResponse ::= SEQUENCE { + certReqId INTEGER, + -- to match this response with corresponding request (a value + -- of -1 is to be used if certReqId is not specified in the + -- corresponding request) + status PKIStatusInfo, + certifiedKeyPair CertifiedKeyPair OPTIONAL, + rspInfo OCTET STRING OPTIONAL + -- analogous to the id-regInfo-utf8Pairs string defined + -- for regInfo in CertReqMsg [CRMF] + } + + CertifiedKeyPair ::= SEQUENCE { + certOrEncCert CertOrEncCert, + privateKey [0] EncryptedValue OPTIONAL, + -- see [CRMF] for comment on encoding + publicationInfo [1] PKIPublicationInfo OPTIONAL + } + + CertOrEncCert ::= CHOICE { + certificate [0] CMPCertificate, + encryptedCert [1] EncryptedValue + } + + KeyRecRepContent ::= SEQUENCE { + status PKIStatusInfo, + newSigCert [0] CMPCertificate OPTIONAL, + caCerts [1] SEQUENCE SIZE (1..MAX) OF + CMPCertificate OPTIONAL, + keyPairHist [2] SEQUENCE SIZE (1..MAX) OF + CertifiedKeyPair OPTIONAL + } + + RevReqContent ::= SEQUENCE OF RevDetails + + RevDetails ::= SEQUENCE { + certDetails CertTemplate, + -- allows requester to specify as much as they can about + -- the cert. for which revocation is requested + -- (e.g., for cases in which serialNumber is not available) + crlEntryDetails Extensions OPTIONAL + -- requested crlEntryExtensions + } + + RevRepContent ::= SEQUENCE { + status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, + -- in same order as was sent in RevReqContent + revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId + OPTIONAL, + -- IDs for which revocation was requested + -- (same order as status) + crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList + -- the resulting CRLs (there may be more than one) + } + + CAKeyUpdAnnContent ::= SEQUENCE { + oldWithNew CMPCertificate, -- old pub signed with new priv + newWithOld CMPCertificate, -- new pub signed with old priv + newWithNew CMPCertificate -- new pub signed with new priv + } + + CertAnnContent ::= CMPCertificate + + RevAnnContent ::= SEQUENCE { + status PKIStatus, + certId CertId, + willBeRevokedAt GeneralizedTime, + badSinceDate GeneralizedTime, + crlDetails Extensions OPTIONAL + -- extra CRL details (e.g., crl number, reason, location, etc.) + } + + CRLAnnContent ::= SEQUENCE OF CertificateList + + CertConfirmContent ::= SEQUENCE OF CertStatus + + CertStatus ::= SEQUENCE { + certHash OCTET STRING, + -- the hash of the certificate, using the same hash algorithm + -- as is used to create and verify the certificate signature + certReqId INTEGER, + -- to match this confirmation with the corresponding req/rep + statusInfo PKIStatusInfo OPTIONAL + } + + PKIConfirmContent ::= NULL + + InfoTypeAndValue ::= SEQUENCE { + infoType OBJECT IDENTIFIER, + infoValue ANY DEFINED BY infoType OPTIONAL + } + -- Example InfoTypeAndValue contents include, but are not limited + -- to, the following (un-comment in this ASN.1 module and use as + -- appropriate for a given environment): + -- + -- id-it-caProtEncCert OBJECT IDENTIFIER ::= {id-it 1} + CAProtEncCertValue ::= CMPCertificate + -- id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2} + SignKeyPairTypesValue ::= SEQUENCE OF AlgorithmIdentifier + -- id-it-encKeyPairTypes OBJECT IDENTIFIER ::= {id-it 3} + EncKeyPairTypesValue ::= SEQUENCE OF AlgorithmIdentifier + -- id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4} + PreferredSymmAlgValue ::= AlgorithmIdentifier + -- id-it-caKeyUpdateInfo OBJECT IDENTIFIER ::= {id-it 5} + CAKeyUpdateInfoValue ::= CAKeyUpdAnnContent + -- id-it-currentCRL OBJECT IDENTIFIER ::= {id-it 6} + CurrentCRLValue ::= CertificateList + -- id-it-unsupportedOIDs OBJECT IDENTIFIER ::= {id-it 7} + UnsupportedOIDsValue ::= SEQUENCE OF OBJECT IDENTIFIER + -- id-it-keyPairParamReq OBJECT IDENTIFIER ::= {id-it 10} + KeyPairParamReqValue ::= OBJECT IDENTIFIER + -- id-it-keyPairParamRep OBJECT IDENTIFIER ::= {id-it 11} + KeyPairParamRepValue ::= AlgorithmIdentifier + -- id-it-revPassphrase OBJECT IDENTIFIER ::= {id-it 12} + RevPassphraseValue ::= EncryptedValue + -- id-it-implicitConfirm OBJECT IDENTIFIER ::= {id-it 13} + ImplicitConfirmValue ::= NULL + -- id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14} + ConfirmWaitTimeValue ::= GeneralizedTime + -- id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15} + OrigPKIMessageValue ::= PKIMessages + -- id-it-suppLangTags OBJECT IDENTIFIER ::= {id-it 16} + SuppLangTagsValue ::= SEQUENCE OF UTF8String + -- + -- where + -- + -- id-pkix OBJECT IDENTIFIER ::= { + -- iso(1) identified-organization(3) + -- dod(6) internet(1) security(5) mechanisms(5) pkix(7)} + -- and + -- id-it OBJECT IDENTIFIER ::= {id-pkix 4} + -- + -- + -- This construct MAY also be used to define new PKIX Certificate + -- Management Protocol request and response messages, or general- + -- purpose (e.g., announcement) messages for future needs or for + -- specific environments. + + GenMsgContent ::= SEQUENCE OF InfoTypeAndValue + + -- May be sent by EE, RA, or CA (depending on message content). + -- The OPTIONAL infoValue parameter of InfoTypeAndValue will + -- typically be omitted for some of the examples given above. + -- The receiver is free to ignore any contained OBJ. IDs that it + -- does not recognize. If sent from EE to CA, the empty set + -- indicates that the CA may send + -- any/all information that it wishes. + GenRepContent ::= SEQUENCE OF InfoTypeAndValue + -- Receiver MAY ignore any contained OIDs that it does not + -- recognize. + + ErrorMsgContent ::= SEQUENCE { + pKIStatusInfo PKIStatusInfo, + errorCode INTEGER OPTIONAL, + -- implementation-specific error codes + errorDetails PKIFreeText OPTIONAL + -- implementation-specific error details + } + + PollReqContent ::= SEQUENCE OF SEQUENCE { + certReqId INTEGER + } + + PollRepContent ::= SEQUENCE OF SEQUENCE { + certReqId INTEGER, + checkAfter INTEGER, -- time in seconds + reason PKIFreeText OPTIONAL + } + + END -- of CMP module diff --git a/asn1/cmp/Makefile.am b/asn1/cmp/Makefile.am new file mode 100644 index 0000000000..462af31e88 --- /dev/null +++ b/asn1/cmp/Makefile.am @@ -0,0 +1,26 @@ +# $Id$ +# +# +# Wireshark - Network traffic analyzer +# By Gerald Combs +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + +include ../Makefile.preinc +include Makefile.common +include ../Makefile.inc + diff --git a/asn1/cmp/Makefile.common b/asn1/cmp/Makefile.common new file mode 100644 index 0000000000..fcee4d0a6b --- /dev/null +++ b/asn1/cmp/Makefile.common @@ -0,0 +1,55 @@ +# $Id$ +# +# +# Wireshark - Network traffic analyzer +# By Gerald Combs +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + +PROTOCOL_NAME=cmp + +DISSECTOR_FILES=packet-$(PROTOCOL_NAME).c \ + packet-$(PROTOCOL_NAME).h + + +EXT_ASN_FILE_LIST = + +ASN_FILE_LIST = CMP.asn + +# The packet-$(PROTOCOL_NAME)-template.h and $(PROTOCOL_NAME).asn +# files do not exist for all protocols: Please add/remove as required. +EXTRA_DIST = \ + Makefile.nmake \ + $(ASN_FILE_LIST) \ + packet-$(PROTOCOL_NAME)-template.c \ + packet-$(PROTOCOL_NAME)-template.h \ + $(PROTOCOL_NAME).cnf + +SRC_FILES = \ + $(EXTRA_DIST) \ + $(EXT_ASN_FILE_LIST) + +A2W_FLAGS= -b + +EXTRA_CNF= \ + ../pkix1explicit/pkix1explicit_exp.cnf \ + ../pkix1implicit/pkix1implicit_exp.cnf \ + ../crmf/crmf-exp.cnf + +../crmf/crmf-exp.cnf: + (cd ../crmf && $(MAKE_CNF_EXPORT)) + diff --git a/asn1/cmp/Makefile.nmake b/asn1/cmp/Makefile.nmake new file mode 100644 index 0000000000..5a32997c60 --- /dev/null +++ b/asn1/cmp/Makefile.nmake @@ -0,0 +1,29 @@ +## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake +# +# $Id$ +# +# +# Wireshark - Network traffic analyzer +# By Gerald Combs +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + +include ../../config.nmake +include ../Makefile.preinc.nmake +include Makefile.common +include ../Makefile.inc.nmake + diff --git a/asn1/cmp/cmp.cnf b/asn1/cmp/cmp.cnf new file mode 100644 index 0000000000..60209d49da --- /dev/null +++ b/asn1/cmp/cmp.cnf @@ -0,0 +1,116 @@ +# CMP.cnf +# CMP conformation file + +# $Id$ + +#.MODULE_IMPORT +PKIX1Explicit88 pkix1explicit +PKIX1Implicit88 pkix1implicit +PKIXCRMF-2005 crmf + +#.INCLUDE ../pkix1explicit/pkix1explicit_exp.cnf +#.INCLUDE ../pkix1implicit/pkix1implicit_exp.cnf +#.IMPORT ../crmf/crmf-exp.cnf + +#.EXPORTS +CAKeyUpdAnnContent +CMPCertificate +CRLAnnContent +CertAnnContent +CertConfirmContent +CertOrEncCert +CertRepMessage +CertResponse +CertStatus +CertifiedKeyPair +Challenge +DHBMParameter +ErrorMsgContent +GenMsgContent +InfoTypeAndValue +KeyRecRepContent +NestedMessageContent +OOBCert +OOBCertHash +PBMParameter +PKIBody +PKIConfirmContent +PKIFailureInfo +PKIFreeText +PKIHeader +PKIMessage +PKIMessages +PKIProtection +PKIStatus +PKIStatusInfo +POPODecKeyRespContent +PollRepContent +PollReqContent +ProtectedPart +RevAnnContent +RevDetails +RevRepContent +RevReqContent + +#.REGISTER +PBMParameter B "1.2.840.113533.7.66.13" "id-PasswordBasedMac" +DHBMParameter B "1.2.640.113533.7.66.30" "id-DHBasedMac" +CAProtEncCertValue B "1.3.6.1.5.5.7.4.1" "id-it-caProtEncCert" +SignKeyPairTypesValue B "1.3.6.1.5.5.7.4.2" "id-it-signKeyPairTypes" +EncKeyPairTypesValue B "1.3.6.1.5.5.7.4.3" "id-it-encKeyPairTypes" +PreferredSymmAlgValue B "1.3.6.1.5.5.7.4.4" "id-it-preferredSymmAlg" +CAKeyUpdateInfoValue B "1.3.6.1.5.5.7.4.5" "id-it-caKeyUpdateInfo" +CurrentCRLValue B "1.3.6.1.5.5.7.4.6" "id-it-currentCRL" +UnsupportedOIDsValue B "1.3.6.1.5.5.7.4.7" "id-it-unsupportedOIDs" +KeyPairParamReqValue B "1.3.6.1.5.5.7.4.10" "id-it-keyPairParamReq" +KeyPairParamRepValue B "1.3.6.1.5.5.7.4.11" "id-it-keyPairParamRep" +RevPassphraseValue B "1.3.6.1.5.5.7.4.12" "id-it-revPassphrase" +ImplicitConfirmValue B "1.3.6.1.5.5.7.4.13" "id-it-implicitConfirm" +ConfirmWaitTimeValue B "1.3.6.1.5.5.7.4.14" "id-it-confirmWaitTime" +OrigPKIMessageValue B "1.3.6.1.5.5.7.4.15" "id-it-origPKIMessage" +SuppLangTagsValue B "1.3.6.1.5.5.7.4.16" "id-it-suppLangTags" + + +#.NO_EMIT + +#.TYPE_RENAME + +#.FIELD_RENAME +RevRepContent/status rvrpcnt_status +CertResponse/status pkistatusinf +KeyRecRepContent/status pkistatusinf +PKIStatusInfo/status pkistatus +RevAnnContent/status pkistatus + + +#.FN_PARS InfoTypeAndValue/infoType + FN_VARIANT = _str HF_INDEX = hf_cmp_type_oid VAL_PTR = &object_identifier_id + +#.FN_BODY InfoTypeAndValue/infoValue + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + +#.FN_PARS PKIBody + VAL_PTR = &branch_taken + +#.FN_BODY PKIBody + gint branch_taken; + + %(DEFAULT_BODY)s + + if (check_col(actx->pinfo->cinfo, COL_INFO)) { + col_append_fstr(actx->pinfo->cinfo, COL_INFO, " Body=%%s", val_to_str(branch_taken, cmp_PKIBody_vals, "unknown")); + } + +#.FN_PARS PKIStatus + VAL_PTR = &value + +#.FN_BODY PKIStatus + guint32 value; + + %(DEFAULT_BODY)s + + if (check_col(actx->pinfo->cinfo, COL_INFO)) { + col_append_fstr(actx->pinfo->cinfo, COL_INFO, " Status=%%s", val_to_str(value, cmp_PKIStatus_vals, "unknown")); + } + +#.END_OF_CNF diff --git a/asn1/cmp/packet-cmp-template.c b/asn1/cmp/packet-cmp-template.c new file mode 100644 index 0000000000..1fa3a5f922 --- /dev/null +++ b/asn1/cmp/packet-cmp-template.c @@ -0,0 +1,456 @@ +/* packet-cmp.c + * + * Routines for RFC2510 Certificate Management Protocol packet dissection + * Ronnie Sahlberg 2004 + * Updated to RFC4210 CMPv2 and associated "Transport Protocols for CMP" draft + * Martin Peylo 2008 + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include + +#include +#include + +#include +#include +#include "packet-ber.h" +#include "packet-cmp.h" +#include "packet-crmf.h" +#include "packet-pkix1explicit.h" +#include "packet-pkix1implicit.h" +#include "packet-tcp.h" +#include "packet-http.h" +#include +#include + +#define PNAME "Certificate Management Protocol" +#define PSNAME "CMP" +#define PFNAME "cmp" + +#define TCP_PORT_CMP 829 + +/* desegmentation of CMP over TCP */ +static gboolean cmp_desegment = TRUE; + +static guint cmp_alternate_tcp_port = 0; +static guint cmp_alternate_http_port = 0; +static guint cmp_alternate_tcp_style_http_port = 0; + +/* Initialize the protocol and registered fields */ +int proto_cmp = -1; +static int hf_cmp_type_oid = -1; +static int hf_cmp_tcptrans_len = -1; +static int hf_cmp_tcptrans_type = -1; +static int hf_cmp_tcptrans_poll_ref = -1; +static int hf_cmp_tcptrans_next_poll_ref = -1; +static int hf_cmp_tcptrans_ttcb = -1; +static int hf_cmp_tcptrans10_version = -1; +static int hf_cmp_tcptrans10_flags = -1; +#include "packet-cmp-hf.c" + +/* Initialize the subtree pointers */ +static gint ett_cmp = -1; +#include "packet-cmp-ett.c" + +static const char *object_identifier_id; + + +#include "packet-cmp-fn.c" + +static int +dissect_cmp_pdu(tvbuff_t *tvb, proto_tree *tree, asn1_ctx_t *actx) +{ + return dissect_cmp_PKIMessage(FALSE, tvb, 0, actx,tree, -1); +} + +#define CMP_TYPE_PKIMSG 0 +#define CMP_TYPE_POLLREP 1 +#define CMP_TYPE_POLLREQ 2 +#define CMP_TYPE_NEGPOLLREP 3 +#define CMP_TYPE_PARTIALMSGREP 4 +#define CMP_TYPE_FINALMSGREP 5 +#define CMP_TYPE_ERRORMSGREP 6 +static const value_string cmp_pdu_types[] = { + { CMP_TYPE_PKIMSG, "pkiMsg" }, + { CMP_TYPE_POLLREP, "pollRep" }, + { CMP_TYPE_POLLREQ, "pollReq" }, + { CMP_TYPE_NEGPOLLREP, "negPollRep" }, + { CMP_TYPE_PARTIALMSGREP, "partialMsgRep" }, + { CMP_TYPE_FINALMSGREP, "finalMsgRep" }, + { CMP_TYPE_ERRORMSGREP, "errorMsgRep" }, + { 0, NULL }, +}; + + +static int dissect_cmp_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) +{ + tvbuff_t *next_tvb; + guint32 pdu_len; + guint8 pdu_type; + nstime_t ts; + proto_item *item=NULL; + proto_item *ti=NULL; + proto_tree *tree=NULL; + proto_tree *tcptrans_tree=NULL; + asn1_ctx_t asn1_ctx; + int offset=0; + + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "CMP"); + + col_set_str(pinfo->cinfo, COL_INFO, "PKIXCMP"); + + if(parent_tree){ + item=proto_tree_add_item(parent_tree, proto_cmp, tvb, 0, -1, FALSE); + tree = proto_item_add_subtree(item, ett_cmp); + } + + pdu_len=tvb_get_ntohl(tvb, 0); + pdu_type=tvb_get_guint8(tvb, 4); + + if (pdu_type < 10) { + /* RFC2510 TCP transport */ + ti = proto_tree_add_item(tree, proto_cmp, tvb, offset, 5, FALSE); + tcptrans_tree = proto_item_add_subtree(ti, ett_cmp); + proto_tree_add_item(tree, hf_cmp_tcptrans_len, tvb, offset, 4, FALSE); + offset += 4; + proto_tree_add_item(tree, hf_cmp_tcptrans_type, tvb, offset++, 1, FALSE); + } else { + /* post RFC2510 TCP transport - the former "type" field is now "version" */ + ti = proto_tree_add_text(tree, tvb, offset, 7, "TCP transport"); + tcptrans_tree = proto_item_add_subtree(ti, ett_cmp); + pdu_type=tvb_get_guint8(tvb, 6); + proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans_len, tvb, offset, 4, FALSE); + offset += 4; + proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans10_version, tvb, offset++, 1, FALSE); + proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans10_flags, tvb, offset++, 1, FALSE); + proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans_type, tvb, offset++, 1, FALSE); + } + + if (check_col (pinfo->cinfo, COL_INFO)) { + col_add_str (pinfo->cinfo, COL_INFO, val_to_str (pdu_type, cmp_pdu_types, "0x%x")); + } + + switch(pdu_type){ + case CMP_TYPE_PKIMSG: + next_tvb = tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), pdu_len); + dissect_cmp_pdu(next_tvb, tree, &asn1_ctx); + offset += tvb_length_remaining(tvb, offset); + break; + case CMP_TYPE_POLLREP: + proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans_poll_ref, tvb, offset, 4, FALSE); + offset += 4; + + ts.secs = tvb_get_ntohl(tvb, 4); + ts.nsecs = 0; + proto_tree_add_time(tcptrans_tree, hf_cmp_tcptrans_ttcb, tvb, offset, 4, &ts); + offset += 4; + break; + case CMP_TYPE_POLLREQ: + proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans_poll_ref, tvb, offset, 4, FALSE); + offset += 4; + break; + case CMP_TYPE_NEGPOLLREP: + break; + case CMP_TYPE_PARTIALMSGREP: + proto_tree_add_item(tcptrans_tree, hf_cmp_tcptrans_next_poll_ref, tvb, offset, 4, FALSE); + offset += 4; + + ts.secs = tvb_get_ntohl(tvb, 4); + ts.nsecs = 0; + proto_tree_add_time(tcptrans_tree, hf_cmp_tcptrans_ttcb, tvb, offset, 4, &ts); + offset += 4; + + next_tvb = tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), pdu_len); + dissect_cmp_pdu(next_tvb, tree, &asn1_ctx); + offset += tvb_length_remaining(tvb, offset); + break; + case CMP_TYPE_FINALMSGREP: + next_tvb = tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), pdu_len); + dissect_cmp_pdu(next_tvb, tree, &asn1_ctx); + offset += tvb_length_remaining(tvb, offset); + break; + case CMP_TYPE_ERRORMSGREP: + /*XXX to be added*/ + break; + } + + return offset; +} + +static void dissect_cmp_tcp_pdu_no_return(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) +{ + dissect_cmp_tcp_pdu(tvb, pinfo, parent_tree); +} + +static guint get_cmp_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset) +{ + guint32 plen; + + /* + * Get the length of the CMP-over-TCP packet. + */ + plen = tvb_get_ntohl(tvb, offset); + + return plen+4; +} + + +/* CMP over TCP: RFC2510 section 5.2 and "Transport Protocols for CMP" draft */ + static int +dissect_cmp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) +{ + guint32 pdu_len; + guint8 pdu_type; + int offset=4; /* RFC2510 TCP transport header length */ + + /* only attempt to dissect it as CMP over TCP if we have + * at least 5 bytes. + */ + if (!tvb_bytes_exist(tvb, 0, 5)) { + return 0; + } + + pdu_len=tvb_get_ntohl(tvb, 0); + pdu_type=tvb_get_guint8(tvb, 4); + + if(pdu_type == 10) { + /* post RFC2510 TCP transport */ + pdu_type = tvb_get_guint8(tvb, 7); + offset = 7; /* post RFC2510 TCP transport header length */ + /* arbitrary limit: assume a CMP over TCP pdu is never >10000 bytes + * in size. + * It is definitely at least 3 byte for post RFC2510 TCP transport + */ + if((pdu_len<=2)||(pdu_len>10000)){ + return 0; + } + } else { + /* RFC2510 TCP transport */ + /* type is between 0 and 6 */ + if(pdu_type>6){ + return 0; + } + /* arbitrary limit: assume a CMP over TCP pdu is never >10000 bytes + * in size. + * It is definitely at least 1 byte to accomodate the flags byte + */ + if((pdu_len<=0)||(pdu_len>10000)){ + return 0; + } + } + + /* type 0 contains a PKI message and must therefore be >= 3 bytes + * long (flags + BER TAG + BER LENGTH + */ + if((pdu_type==0)&&(pdu_len<3)){ + return 0; + } + + tcp_dissect_pdus(tvb, pinfo, parent_tree, cmp_desegment, offset, get_cmp_pdu_len, + dissect_cmp_tcp_pdu_no_return); + + return tvb_length(tvb); +} + + + static int +dissect_cmp_http(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) +{ + proto_item *item=NULL; + proto_tree *tree=NULL; + asn1_ctx_t asn1_ctx; + + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "CMP"); + + col_set_str(pinfo->cinfo, COL_INFO, "PKIXCMP"); + + if(parent_tree){ + item=proto_tree_add_item(parent_tree, proto_cmp, tvb, 0, -1, FALSE); + tree = proto_item_add_subtree(item, ett_cmp); + } + + return dissect_cmp_pdu(tvb, tree, &asn1_ctx); +} + + +/*--- proto_register_cmp ----------------------------------------------*/ +void proto_register_cmp(void) { + + /* List of fields */ + static hf_register_info hf[] = { + { &hf_cmp_type_oid, + { "InfoType", "cmp.type.oid", + FT_STRING, BASE_NONE, NULL, 0, + "Type of InfoTypeAndValue", HFILL }}, + { &hf_cmp_tcptrans_len, + { "Length", "cmp.tcptrans.length", + FT_UINT32, BASE_DEC, NULL, 0, + "TCP transport Length of PDU in bytes", HFILL }}, + { &hf_cmp_tcptrans_type, + { "Type", "cmp.tcptrans.type", + FT_UINT8, BASE_DEC, VALS(cmp_pdu_types), 0, + "TCP transport PDU Type", HFILL }}, + { &hf_cmp_tcptrans_poll_ref, + { "Polling Reference", "cmp.tcptrans.poll_ref", + FT_UINT32, BASE_HEX, NULL, 0, + "TCP transport Polling Reference", HFILL }}, + { &hf_cmp_tcptrans_next_poll_ref, + { "Next Polling Reference", "cmp.tcptrans.next_poll_ref", + FT_UINT32, BASE_HEX, NULL, 0, + "TCP transport Next Polling Reference", HFILL }}, + { &hf_cmp_tcptrans_ttcb, + { "Time to check Back", "cmp.tcptrans.ttcb", + FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0, + "TCP transport Time to check Back", HFILL }}, + { &hf_cmp_tcptrans10_version, + { "Version", "cmp.tcptrans10.version", + FT_UINT8, BASE_DEC, NULL, 0, + "TCP transport version", HFILL }}, + { &hf_cmp_tcptrans10_flags, + { "Flags", "cmp.tcptrans10.flags", + FT_UINT8, BASE_DEC, NULL, 0, + "TCP transport flags", HFILL }}, +#include "packet-cmp-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + &ett_cmp, +#include "packet-cmp-ettarr.c" + }; + module_t *cmp_module; + + /* Register protocol */ + proto_cmp = proto_register_protocol(PNAME, PSNAME, PFNAME); + + /* Register fields and subtrees */ + proto_register_field_array(proto_cmp, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + cmp_module = prefs_register_protocol(proto_cmp, proto_reg_handoff_cmp); + prefs_register_bool_preference(cmp_module, "desegment", + "Reassemble CMP-over-TCP messages spanning multiple TCP segments", + "Whether the CMP-over-TCP dissector should reassemble messages spanning multiple TCP segments. " + "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", + &cmp_desegment); + + prefs_register_uint_preference(cmp_module, "tcp_alternate_port", + "Alternate TCP port", + "Decode this TCP port\'s traffic as CMP. Set to \"0\" to disable.", + 10, + &cmp_alternate_tcp_port); + + prefs_register_uint_preference(cmp_module, "http_alternate_port", + "Alternate HTTP port", + "Decode this TCP port\'s traffic as CMP-over-HTTP. Set to \"0\" to disable. " + "Use this if the Content-Type is not set correctly.", + 10, + &cmp_alternate_http_port); + + prefs_register_uint_preference(cmp_module, "tcp_style_http_alternate_port", + "Alternate TCP-style-HTTP port", + "Decode this TCP port\'s traffic as TCP-transport-style CMP-over-HTTP. Set to \"0\" to disable. " + "Use this if the Content-Type is not set correctly.", + 10, + &cmp_alternate_tcp_style_http_port); +} + + +/*--- proto_reg_handoff_cmp -------------------------------------------*/ +void proto_reg_handoff_cmp(void) { + static gboolean inited = FALSE; + static dissector_handle_t cmp_http_handle; + static dissector_handle_t cmp_tcp_style_http_handle; + static dissector_handle_t cmp_tcp_handle; + static guint cmp_alternate_tcp_port_prev = 0; + static guint cmp_alternate_http_port_prev = 0; + static guint cmp_alternate_tcp_style_http_port_prev = 0; + + if (!inited) { + cmp_http_handle = new_create_dissector_handle(dissect_cmp_http, proto_cmp); + dissector_add_string("media_type", "application/pkixcmp", cmp_http_handle); + dissector_add_string("media_type", "application/x-pkixcmp", cmp_http_handle); + + cmp_tcp_style_http_handle = new_create_dissector_handle(dissect_cmp_tcp_pdu, proto_cmp); + dissector_add_string("media_type", "application/pkixcmp-poll", cmp_tcp_style_http_handle); + dissector_add_string("media_type", "application/x-pkixcmp-poll", cmp_tcp_style_http_handle); + + cmp_tcp_handle = new_create_dissector_handle(dissect_cmp_tcp, proto_cmp); + dissector_add("tcp.port", TCP_PORT_CMP, cmp_tcp_handle); + + oid_add_from_string("Cryptlib-presence-check","1.3.6.1.4.1.3029.3.1.1"); + oid_add_from_string("Cryptlib-PKIBoot","1.3.6.1.4.1.3029.3.1.2"); + + oid_add_from_string("HMAC MD5","1.3.6.1.5.5.8.1.1"); + oid_add_from_string("HMAC SHA-1","1.3.6.1.5.5.8.1.2"); + oid_add_from_string("HMAC TIGER","1.3.6.1.5.5.8.1.3"); + oid_add_from_string("HMAC RIPEMD-160","1.3.6.1.5.5.8.1.4"); + + oid_add_from_string("sha256WithRSAEncryption","1.2.840.113549.1.1.11"); + +#include "packet-cmp-dis-tab.c" + inited = TRUE; + } + + /* change alternate TCP port if changed in the preferences */ + if (cmp_alternate_tcp_port != cmp_alternate_tcp_port_prev) { + if (cmp_alternate_tcp_port_prev != 0) + dissector_delete("tcp.port", cmp_alternate_tcp_port_prev, cmp_tcp_handle); + if (cmp_alternate_tcp_port != 0) + dissector_add("tcp.port", cmp_alternate_tcp_port, cmp_tcp_handle); + cmp_alternate_tcp_port_prev = cmp_alternate_tcp_port; + } + + /* change alternate HTTP port if changed in the preferences */ + if (cmp_alternate_http_port != cmp_alternate_http_port_prev) { + if (cmp_alternate_http_port_prev != 0) { + dissector_delete("tcp.port", cmp_alternate_http_port_prev, NULL); + dissector_delete("http.port", cmp_alternate_http_port_prev, NULL); + } + if (cmp_alternate_http_port != 0) + http_dissector_add( cmp_alternate_http_port, cmp_http_handle); + cmp_alternate_http_port_prev = cmp_alternate_http_port; + } + + /* change alternate TCP-style-HTTP port if changed in the preferences */ + if (cmp_alternate_tcp_style_http_port != cmp_alternate_tcp_style_http_port_prev) { + if (cmp_alternate_tcp_style_http_port_prev != 0) { + dissector_delete("tcp.port", cmp_alternate_tcp_style_http_port_prev, NULL); + dissector_delete("http.port", cmp_alternate_tcp_style_http_port_prev, NULL); + } + if (cmp_alternate_tcp_style_http_port != 0) + http_dissector_add( cmp_alternate_tcp_style_http_port, cmp_tcp_style_http_handle); + cmp_alternate_tcp_style_http_port_prev = cmp_alternate_tcp_style_http_port; + } + +} + diff --git a/asn1/cmp/packet-cmp-template.h b/asn1/cmp/packet-cmp-template.h new file mode 100644 index 0000000000..a5d80a819d --- /dev/null +++ b/asn1/cmp/packet-cmp-template.h @@ -0,0 +1,34 @@ +/* packet-cmp.h + * Routines for RFC2510 Certificate Management Protocol packet dissection + * Ronnie Sahlberg 2004 + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifndef PACKET_CMP_H +#define PACKET_CMP_H + +void proto_reg_handoff_cmp(void); + +#include "packet-cmp-exp.h" + +#endif /* PACKET_CMP_H */ + -- cgit v1.2.3