pkixcrmf -> crmf to make directory name consistent with filenames

svn path=/trunk/; revision=30472

7 files changed, 618 insertions, 0 deletions

diff --git a/asn1/crmf/CRMF.asn b/asn1/crmf/CRMF.asn
new file mode 100644
index 0000000000..eb1eb17e61
--- /dev/null
+++ b/asn1/crmf/CRMF.asn
@@ -0,0 +1,311 @@
+-- Extracted from RFC4211
+-- by Martin Peylo <martin.peylo@nsn.com>
+-- 
+-- Changes to make it work with asn2wrs:
+--   - none
+--   
+-- The copyright statement from the original description in RFC4211
+-- follows below:
+--
+-- Full Copyright Statement
+--
+--   Copyright (C) The Internet Society (2005).
+--
+--   This document is subject to the rights, licenses and restrictions
+--   contained in BCP 78, and except as set forth therein, the authors
+--   retain all their rights.
+--
+--   This document and the information contained herein are provided on an
+--   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+--   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+--   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+--   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+--   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+--   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+PKIXCRMF-2005 {iso(1) identified-organization(3) dod(6) internet(1)
+security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005(36)}
+
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+IMPORTS
+  -- Directory Authentication Framework (X.509)
+     Version, AlgorithmIdentifier, Name, Time,
+     SubjectPublicKeyInfo, Extensions, UniqueIdentifier, Attribute
+        FROM PKIX1Explicit88 {iso(1) identified-organization(3) dod(6)
+            internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+            id-pkix1-explicit(18)} -- found in [PROFILE]
+
+  -- Certificate Extensions (X.509)
+     GeneralName
+        FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6)
+               internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+               id-pkix1-implicit(19)}  -- found in [PROFILE]
+
+  -- Cryptographic Message Syntax
+     EnvelopedData
+        FROM CryptographicMessageSyntax2004 { iso(1) member-body(2)
+             us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+             modules(0) cms-2004(24) };  -- found in [CMS]
+
+-- The following definition may be uncommented for use with
+-- ASN.1 compilers that do not understand UTF8String.
+
+-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
+       -- The contents of this type correspond to RFC 2279.
+
+id-pkix  OBJECT IDENTIFIER  ::= { iso(1) identified-organization(3)
+dod(6) internet(1) security(5) mechanisms(5) 7 }
+
+-- arc for Internet X.509 PKI protocols and their components
+
+id-pkip  OBJECT IDENTIFIER ::= { id-pkix 5 }
+
+id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+             us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 }
+
+id-ct   OBJECT IDENTIFIER ::= { id-smime  1 }  -- content types
+
+-- Core definitions for this module
+
+CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
+
+CertReqMsg ::= SEQUENCE {
+ certReq   CertRequest,
+ popo       ProofOfPossession  OPTIONAL,
+ -- content depends upon key type
+ regInfo   SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL }
+
+CertRequest ::= SEQUENCE {
+ certReqId     INTEGER,          -- ID for matching request and reply
+ certTemplate  CertTemplate,  -- Selected fields of cert to be issued
+ controls      Controls OPTIONAL }   -- Attributes affecting issuance
+
+CertTemplate ::= SEQUENCE {
+ version      [0] Version               OPTIONAL,
+ serialNumber [1] INTEGER               OPTIONAL,
+ signingAlg   [2] AlgorithmIdentifier   OPTIONAL,
+ issuer       [3] Name                  OPTIONAL,
+ validity     [4] OptionalValidity      OPTIONAL,
+ subject      [5] Name                  OPTIONAL,
+ publicKey    [6] SubjectPublicKeyInfo  OPTIONAL,
+ issuerUID    [7] UniqueIdentifier      OPTIONAL,
+ subjectUID   [8] UniqueIdentifier      OPTIONAL,
+ extensions   [9] Extensions            OPTIONAL }
+
+OptionalValidity ::= SEQUENCE {
+ notBefore  [0] Time OPTIONAL,
+ notAfter   [1] Time OPTIONAL } -- at least one MUST be present
+
+Controls  ::= SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue
+
+AttributeTypeAndValue ::= SEQUENCE {
+ type         OBJECT IDENTIFIER,
+ value        ANY DEFINED BY type }
+
+ProofOfPossession ::= CHOICE {
+ raVerified        [0] NULL,
+ -- used if the RA has already verified that the requester is in
+ -- possession of the private key
+ signature         [1] POPOSigningKey,
+ keyEncipherment   [2] POPOPrivKey,
+ keyAgreement      [3] POPOPrivKey }
+
+POPOSigningKey ::= SEQUENCE {
+ poposkInput           [0] POPOSigningKeyInput OPTIONAL,
+ algorithmIdentifier   AlgorithmIdentifier,
+ signature             BIT STRING }
+
+ -- The signature (using "algorithmIdentifier") is on the
+ -- DER-encoded value of poposkInput.  NOTE: If the CertReqMsg
+ -- certReq CertTemplate contains the subject and publicKey values,
+ -- then poposkInput MUST be omitted and the signature MUST be
+ -- computed over the DER-encoded value of CertReqMsg certReq.  If
+ -- the CertReqMsg certReq CertTemplate does not contain both the
+ -- public key and subject values (i.e., if it contains only one
+ -- of these, or neither), then poposkInput MUST be present and
+ -- MUST be signed.
+
+POPOSigningKeyInput ::= SEQUENCE {
+ authInfo            CHOICE {
+     sender              [0] GeneralName,
+     -- used only if an authenticated identity has been
+     -- established for the sender (e.g., a DN from a
+     -- previously-issued and currently-valid certificate)
+     publicKeyMAC        PKMACValue },
+     -- used if no authenticated GeneralName currently exists for
+     -- the sender; publicKeyMAC contains a password-based MAC
+     -- on the DER-encoded value of publicKey
+ publicKey           SubjectPublicKeyInfo }  -- from CertTemplate
+
+PKMACValue ::= SEQUENCE {
+algId  AlgorithmIdentifier,
+-- algorithm value shall be PasswordBasedMac {1 2 840 113533 7 66 13}
+-- parameter value is PBMParameter
+value  BIT STRING }
+
+PBMParameter ::= SEQUENCE {
+   salt                OCTET STRING,
+   owf                 AlgorithmIdentifier,
+   -- AlgId for a One-Way Function (SHA-1 recommended)
+   iterationCount      INTEGER,
+   -- number of times the OWF is applied
+   mac                 AlgorithmIdentifier
+   -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
+}   -- or HMAC [HMAC, RFC2202])
+
+POPOPrivKey ::= CHOICE {
+ thisMessage       [0] BIT STRING,         -- Deprecated
+ -- possession is proven in this message (which contains the private
+ -- key itself (encrypted for the CA))
+ subsequentMessage [1] SubsequentMessage,
+ -- possession will be proven in a subsequent message
+ dhMAC             [2] BIT STRING,         -- Deprecated
+ agreeMAC          [3] PKMACValue,
+ encryptedKey      [4] EnvelopedData }
+
+ -- for keyAgreement (only), possession is proven in this message
+ -- (which contains a MAC (over the DER-encoded value of the
+ -- certReq parameter in CertReqMsg, which MUST include both subject
+ -- and publicKey) based on a key derived from the end entity's
+ -- private DH key and the CA's public DH key);
+
+SubsequentMessage ::= INTEGER {
+ encrCert (0),
+ -- requests that resulting certificate be encrypted for the
+ -- end entity (following which, POP will be proven in a
+ -- confirmation message)
+ challengeResp (1) }
+ -- requests that CA engage in challenge-response exchange with
+ -- end entity in order to prove private key possession
+
+-- Object identifier assignments --
+
+-- Registration Controls in CRMF
+id-regCtrl OBJECT IDENTIFIER ::= { id-pkip 1 }
+
+
+id-regCtrl-regToken OBJECT IDENTIFIER ::= { id-regCtrl 1 }
+--with syntax:
+RegToken ::= UTF8String
+
+id-regCtrl-authenticator OBJECT IDENTIFIER ::= { id-regCtrl 2 }
+--with syntax:
+Authenticator ::= UTF8String
+
+id-regCtrl-pkiPublicationInfo OBJECT IDENTIFIER ::= { id-regCtrl 3 }
+--with syntax:
+
+PKIPublicationInfo ::= SEQUENCE {
+action     INTEGER {
+             dontPublish (0),
+             pleasePublish (1) },
+pubInfos  SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
+  -- pubInfos MUST NOT be present if action is "dontPublish"
+  -- (if action is "pleasePublish" and pubInfos is omitted,
+  -- "dontCare" is assumed)
+
+SinglePubInfo ::= SEQUENCE {
+ pubMethod    INTEGER {
+     dontCare    (0),
+     x500        (1),
+     web         (2),
+     ldap        (3) },
+ pubLocation  GeneralName OPTIONAL }
+
+id-regCtrl-pkiArchiveOptions     OBJECT IDENTIFIER ::= { id-regCtrl 4 }
+--with syntax:
+PKIArchiveOptions ::= CHOICE {
+ encryptedPrivKey     [0] EncryptedKey,
+ -- the actual value of the private key
+ keyGenParameters     [1] KeyGenParameters,
+ -- parameters that allow the private key to be re-generated
+ archiveRemGenPrivKey [2] BOOLEAN }
+ -- set to TRUE if sender wishes receiver to archive the private
+ -- key of a key pair that the receiver generates in response to
+ -- this request; set to FALSE if no archival is desired.
+
+EncryptedKey ::= CHOICE {
+ encryptedValue        EncryptedValue,   -- Deprecated
+ envelopedData     [0] EnvelopedData }
+ -- The encrypted private key MUST be placed in the envelopedData
+ -- encryptedContentInfo encryptedContent OCTET STRING.
+
+EncryptedValue ::= SEQUENCE {
+ intendedAlg   [0] AlgorithmIdentifier  OPTIONAL,
+ -- the intended algorithm for which the value will be used
+ symmAlg       [1] AlgorithmIdentifier  OPTIONAL,
+ -- the symmetric algorithm used to encrypt the value
+ encSymmKey    [2] BIT STRING           OPTIONAL,
+ -- the (encrypted) symmetric key used to encrypt the value
+ keyAlg        [3] AlgorithmIdentifier  OPTIONAL,
+ -- algorithm used to encrypt the symmetric key
+ valueHint     [4] OCTET STRING         OPTIONAL,
+ -- a brief description or identifier of the encValue content
+ -- (may be meaningful only to the sending entity, and used only
+ -- if EncryptedValue might be re-examined by the sending entity
+ -- in the future)
+ encValue       BIT STRING }
+ -- the encrypted value itself
+-- When EncryptedValue is used to carry a private key (as opposed to
+-- a certificate), implementations MUST support the encValue field
+-- containing an encrypted PrivateKeyInfo as defined in [PKCS11],
+-- section 12.11.  If encValue contains some other format/encoding
+-- for the private key, the first octet of valueHint MAY be used
+-- to indicate the format/encoding (but note that the possible values
+-- of this octet are not specified at this time).  In all cases, the
+-- intendedAlg field MUST be used to indicate at least the OID of
+-- the intended algorithm of the private key, unless this information
+-- is known a priori to both sender and receiver by some other means.
+
+KeyGenParameters ::= OCTET STRING
+
+id-regCtrl-oldCertID          OBJECT IDENTIFIER ::= { id-regCtrl 5 }
+--with syntax:
+OldCertId ::= CertId
+
+CertId ::= SEQUENCE {
+ issuer           GeneralName,
+ serialNumber     INTEGER }
+
+id-regCtrl-protocolEncrKey    OBJECT IDENTIFIER ::= { id-regCtrl 6 }
+--with syntax:
+ProtocolEncrKey ::= SubjectPublicKeyInfo
+
+-- Registration Info in CRMF
+id-regInfo OBJECT IDENTIFIER ::= { id-pkip 2 }
+
+id-regInfo-utf8Pairs    OBJECT IDENTIFIER ::= { id-regInfo 1 }
+--with syntax
+UTF8Pairs ::= UTF8String
+
+id-regInfo-certReq       OBJECT IDENTIFIER ::= { id-regInfo 2 }
+--with syntax
+CertReq ::= CertRequest
+
+-- id-ct-encKeyWithID is a new content type used for CMS objects.
+-- it contains both a private key and an identifier for key escrow
+-- agents to check against recovery requestors.
+
+id-ct-encKeyWithID OBJECT IDENTIFIER ::= {id-ct 21}
+
+EncKeyWithID ::= SEQUENCE {
+  privateKey           PrivateKeyInfo,
+  identifier CHOICE {
+    string             UTF8String,
+    generalName        GeneralName
+  } OPTIONAL
+}
+
+PrivateKeyInfo ::= SEQUENCE {
+   version                   INTEGER,
+   privateKeyAlgorithm       AlgorithmIdentifier,
+   privateKey                OCTET STRING,
+   attributes                [0] IMPLICIT Attributes OPTIONAL
+}
+
+Attributes ::= SET OF Attribute
+
+END
diff --git a/asn1/crmf/Makefile.am b/asn1/crmf/Makefile.am
new file mode 100644
index 0000000000..462af31e88
--- /dev/null
+++ b/asn1/crmf/Makefile.am
@@ -0,0 +1,26 @@
+# $Id$
+#
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+
+include ../Makefile.preinc
+include Makefile.common
+include ../Makefile.inc
+
diff --git a/asn1/crmf/Makefile.common b/asn1/crmf/Makefile.common
new file mode 100644
index 0000000000..86dd8fc959
--- /dev/null
+++ b/asn1/crmf/Makefile.common
@@ -0,0 +1,55 @@
+# $Id$
+#
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+
+PROTOCOL_NAME=crmf
+
+DISSECTOR_FILES=packet-$(PROTOCOL_NAME).c \
+	packet-$(PROTOCOL_NAME).h
+
+
+EXPORT_FILES = $(PROTOCOL_NAME)-exp.cnf
+
+EXT_ASN_FILE_LIST =
+
+ASN_FILE_LIST = CRMF.asn
+
+# The packet-$(PROTOCOL_NAME)-template.h and $(PROTOCOL_NAME).asn
+# files do not exist for all protocols: Please add/remove as required.
+EXTRA_DIST = \
+	Makefile.nmake \
+	$(ASN_FILE_LIST) \
+	packet-$(PROTOCOL_NAME)-template.c \
+	packet-$(PROTOCOL_NAME)-template.h \
+	$(PROTOCOL_NAME).cnf
+
+SRC_FILES = \
+	$(EXTRA_DIST) \
+	$(EXT_ASN_FILE_LIST)
+
+A2W_FLAGS= -b -e 
+
+EXTRA_CNF= \
+	../cms/cms-exp.cnf
+
+../cms/cms-exp.cnf:
+	(cd ../cms && $(MAKE_CNF_EXPORT))
+
diff --git a/asn1/crmf/Makefile.nmake b/asn1/crmf/Makefile.nmake
new file mode 100644
index 0000000000..5a32997c60
--- /dev/null
+++ b/asn1/crmf/Makefile.nmake
@@ -0,0 +1,29 @@
+## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
+#
+# $Id$
+#
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+
+include ../../config.nmake
+include ../Makefile.preinc.nmake
+include Makefile.common
+include ../Makefile.inc.nmake
+
diff --git a/asn1/crmf/crmf.cnf b/asn1/crmf/crmf.cnf
new file mode 100644
index 0000000000..3b28ba8b94
--- /dev/null
+++ b/asn1/crmf/crmf.cnf
@@ -0,0 +1,74 @@
+# CRMF.cnf
+# CRMF conformation file
+
+# $Id$
+
+#.MODULE_IMPORT
+PKIX1Explicit88	pkix1explicit
+PKIX1Implicit88	pkix1implicit
+CryptographicMessageSyntax2004 cms
+		
+#.IMPORT ../cms/cms-exp.cnf
+#.INCLUDE ../pkix1explicit/pkix1explicit_exp.cnf
+#.INCLUDE ../pkix1implicit/pkix1implicit_exp.cnf
+
+#.EXPORTS
+Authenticator
+Attributes
+AttributeTypeAndValue
+CertId
+CertReq
+CertReqMessages
+CertReqMsg
+CertRequest
+CertTemplate
+Controls
+EncKeyWithID
+EncryptedKey
+EncryptedValue
+KeyGenParameters
+OldCertId
+OptionalValidity
+PBMParameter
+PKIArchiveOptions
+PKIPublicationInfo
+PKMACValue
+POPOPrivKey
+POPOSigningKey
+POPOSigningKeyInput
+PrivateKeyInfo
+ProofOfPossession
+ProtocolEncrKey
+RegToken
+SinglePubInfo
+SubsequentMessage
+UTF8Pairs
+
+#.REGISTER
+CertId               B "1.3.6.1.5.5.7.5.1.5"        "id-regCtrl-oldCertID"
+CertRequest          B "1.3.6.1.5.5.7.5.2.2"        "id-regInfo-certReq"
+EncKeyWithID         B "1.2.840.113549.1.9.16.1.21" "id-ct-encKeyWithID"
+PBMParameter         B "1.2.840.113533.7.66.13"     "PasswordBasedMac"
+ProtocolEncrKey      B "1.3.6.1.5.5.7.5.1.6"        "id-regCtrl-protocolEncrKey"
+UTF8Pairs            B "1.3.6.1.5.5.7.5.2.1"        "id-regInfo-utf8Pairs"
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+
+#.FIELD_RENAME
+CertTemplate/issuer		template_issuer
+POPOSigningKey/signature	sk_signature
+PKMACValue/value		pkmac_value
+PrivateKeyInfo/version          privkey_version
+EncKeyWithID/privateKey         enckeywid_privkey
+
+#.FN_PARS AttributeTypeAndValue/type
+  FN_VARIANT = _str  HF_INDEX = hf_crmf_type_oid  VAL_PTR = &object_identifier_id
+
+#.FN_BODY AttributeTypeAndValue/value
+  offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
+
+#.END
+
+
diff --git a/asn1/crmf/packet-crmf-template.c b/asn1/crmf/packet-crmf-template.c
new file mode 100644
index 0000000000..471729e1ac
--- /dev/null
+++ b/asn1/crmf/packet-crmf-template.c
@@ -0,0 +1,91 @@
+/* packet-crmf.c
+ * Routines for RFC2511 Certificate Request Message Format packet dissection
+ *   Ronnie Sahlberg 2004
+ *
+ * $Id$
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <glib.h>
+#include <epan/packet.h>
+#include <epan/asn1.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include "packet-ber.h"
+#include "packet-crmf.h"
+#include "packet-cms.h"
+#include "packet-pkix1explicit.h"
+#include "packet-pkix1implicit.h"
+
+#define PNAME  "Certificate Request Message Format"
+#define PSNAME "CRMF"
+#define PFNAME "crmf"
+
+/* Initialize the protocol and registered fields */
+int proto_crmf = -1;
+static int hf_crmf_type_oid = -1;
+#include "packet-crmf-hf.c"
+
+/* Initialize the subtree pointers */
+#include "packet-crmf-ett.c"
+
+static const char *object_identifier_id;
+
+#include "packet-crmf-fn.c"
+
+
+/*--- proto_register_crmf ----------------------------------------------*/
+void proto_register_crmf(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] = {
+    { &hf_crmf_type_oid,
+      { "Type", "crmf.type.oid",
+        FT_STRING, BASE_NONE, NULL, 0,
+        "Type of AttributeTypeAndValue", HFILL }},
+#include "packet-crmf-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+#include "packet-crmf-ettarr.c"
+  };
+
+  /* Register protocol */
+  proto_crmf = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_crmf, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+}
+
+
+/*--- proto_reg_handoff_crmf -------------------------------------------*/
+void proto_reg_handoff_crmf(void) {
+#include "packet-crmf-dis-tab.c"
+}
+
diff --git a/asn1/crmf/packet-crmf-template.h b/asn1/crmf/packet-crmf-template.h
new file mode 100644
index 0000000000..50f78cc52c
--- /dev/null
+++ b/asn1/crmf/packet-crmf-template.h
@@ -0,0 +1,32 @@
+/* packet-crmf.h
+ * Routines for RFC2511 Certificate Request Message Format packet dissection
+ *   Ronnie Sahlberg 2004
+ *
+ * $Id$
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef PACKET_CRMF_H
+#define PACKET_CRMF_H
+
+#include "packet-crmf-exp.h"
+
+#endif  /* PACKET_CRMF_H */
+