diff options
-rw-r--r-- | asn1/pkcs1/pkcs1.cnf | 6 | ||||
-rw-r--r-- | asn1/x509af/packet-x509af-template.c | 1 | ||||
-rw-r--r-- | asn1/x509af/x509af.cnf | 29 | ||||
-rw-r--r-- | epan/dissectors/packet-pkcs1.c | 18 | ||||
-rw-r--r-- | epan/dissectors/packet-pkcs1.h | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-x509af.c | 71 |
6 files changed, 109 insertions, 18 deletions
diff --git a/asn1/pkcs1/pkcs1.cnf b/asn1/pkcs1/pkcs1.cnf index 1a66217dec..187b10580e 100644 --- a/asn1/pkcs1/pkcs1.cnf +++ b/asn1/pkcs1/pkcs1.cnf @@ -8,6 +8,10 @@ RSAPrivateKey RSAPublicKey DigestInfo +# Note: Only RSA is part of PKCS#1, DSA and DH are not. These are exported +# anyway such that the X.509 Authentication Framework module can make use of it. +DSAPublicKey +DHPublicKey #.NO_EMIT @@ -26,8 +30,6 @@ RSASSA-PSS-params B "1.2.840.113549.1.1.10" "id-RSASSA-PSS" HashAlgorithm B "1.2.840.113549.1.1.8" "id-mgf1" #.NO_EMIT -DSAPublicKey -DHPublicKey ECPoint DSA-Sig-Value ECDSA-Sig-Value diff --git a/asn1/x509af/packet-x509af-template.c b/asn1/x509af/packet-x509af-template.c index 21211401ff..20484b7e08 100644 --- a/asn1/x509af/packet-x509af-template.c +++ b/asn1/x509af/packet-x509af-template.c @@ -33,6 +33,7 @@ #include "packet-x509if.h" #include "packet-x509sat.h" #include "packet-ldap.h" +#include "packet-pkcs1.h" #define PNAME "X.509 Authentication Framework" #define PSNAME "X509AF" diff --git a/asn1/x509af/x509af.cnf b/asn1/x509af/x509af.cnf index e0e6a82166..1b173f0513 100644 --- a/asn1/x509af/x509af.cnf +++ b/asn1/x509af/x509af.cnf @@ -81,6 +81,35 @@ CertificateList/signedCertificateList/revokedCertificates/_item/userCertificate #.FN_BODY AlgorithmIdentifier/parameters offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); +#.FN_BODY SubjectPublicKeyInfo/subjectPublicKey + tvbuff_t *bs_tvb; + + /* subjectPublicKey is a BIT STRING with an explicit tag. It is DER-encoded, + * meaning that the length field consists of hex 8n followed by n octets. */ + /* TODO: drop dissect_ber_bitstring and use above assumptions? */ + /* -1 for hf_index and NULL for tree as this only attempts to parse the + * bitstring without creating a tree, */ + dissect_ber_bitstring(FALSE, actx, NULL, tvb, offset, + NULL, -1, -1, &bs_tvb); + + /* See RFC 3279 for possible subjectPublicKey values given an Algorithm ID. + * The contents of subjectPublicKey are always explicitly tagged. */ + + if (!strcmp(algorithm_id, "1.2.840.113549.1.1.1")) { /* id-rsa */ + offset += dissect_pkcs1_RSAPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index); + + } else if (!strcmp(algorithm_id, "1.2.840.10040.4.1")) { /* id-dsa */ + offset += dissect_pkcs1_DSAPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index); + + } else if (!strcmp(algorithm_id, "1.2.840.10046.2.1")) { /* dhpublicnumber */ + offset += dissect_pkcs1_DHPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index); + + } else { + /* unknown key type, display raw contents. */ + offset = dissect_ber_bitstring(FALSE, actx, tree, tvb, offset, + NULL, hf_index, -1, NULL); + } + #.FN_PARS Extension/extnId FN_VARIANT = _str HF_INDEX = hf_x509af_extension_id VAL_PTR = &actx->external.direct_reference diff --git a/epan/dissectors/packet-pkcs1.c b/epan/dissectors/packet-pkcs1.c index 8563604551..354a07464f 100644 --- a/epan/dissectors/packet-pkcs1.c +++ b/epan/dissectors/packet-pkcs1.c @@ -216,6 +216,15 @@ dissect_pkcs1_DSA_Params(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse +int +dissect_pkcs1_DSAPublicKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, + NULL); + + return offset; +} + + static int dissect_pkcs1_BIT_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { @@ -261,6 +270,15 @@ dissect_pkcs1_DomainParameters(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int +int +dissect_pkcs1_DHPublicKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, + NULL); + + return offset; +} + + static int dissect_pkcs1_KEA_Params_Id(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { diff --git a/epan/dissectors/packet-pkcs1.h b/epan/dissectors/packet-pkcs1.h index b056fee21a..d7542ff22a 100644 --- a/epan/dissectors/packet-pkcs1.h +++ b/epan/dissectors/packet-pkcs1.h @@ -38,6 +38,8 @@ int dissect_pkcs1_RSAPublicKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_pkcs1_RSAPrivateKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_pkcs1_DigestInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_pkcs1_DSAPublicKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_pkcs1_DHPublicKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); /*--- End of included file: packet-pkcs1-exp.h ---*/ #line 28 "../../asn1/pkcs1/packet-pkcs1-template.h" diff --git a/epan/dissectors/packet-x509af.c b/epan/dissectors/packet-x509af.c index e3cabe6295..ba0a6e6cf9 100644 --- a/epan/dissectors/packet-x509af.c +++ b/epan/dissectors/packet-x509af.c @@ -41,6 +41,7 @@ #include "packet-x509if.h" #include "packet-x509sat.h" #include "packet-ldap.h" +#include "packet-pkcs1.h" #define PNAME "X.509 Authentication Framework" #define PSNAME "X509AF" @@ -80,7 +81,7 @@ static int hf_x509af_parameters = -1; /* T_parameters */ static int hf_x509af_notBefore = -1; /* Time */ static int hf_x509af_notAfter = -1; /* Time */ static int hf_x509af_algorithm = -1; /* AlgorithmIdentifier */ -static int hf_x509af_subjectPublicKey = -1; /* BIT_STRING */ +static int hf_x509af_subjectPublicKey = -1; /* T_subjectPublicKey */ static int hf_x509af_utcTime = -1; /* UTCTime */ static int hf_x509af_generalizedTime = -1; /* GeneralizedTime */ static int hf_x509af_Extensions_item = -1; /* Extension */ @@ -132,7 +133,7 @@ static int hf_x509af_q = -1; /* INTEGER */ static int hf_x509af_g = -1; /* INTEGER */ /*--- End of included file: packet-x509af-hf.c ---*/ -#line 49 "../../asn1/x509af/packet-x509af-template.c" +#line 50 "../../asn1/x509af/packet-x509af-template.c" /* Initialize the subtree pointers */ static gint ett_pkix_crl = -1; @@ -173,7 +174,7 @@ static gint ett_x509af_SET_OF_AttributeType = -1; static gint ett_x509af_DSS_Params = -1; /*--- End of included file: packet-x509af-ett.c ---*/ -#line 53 "../../asn1/x509af/packet-x509af-template.c" +#line 54 "../../asn1/x509af/packet-x509af-template.c" static const char *algorithm_id; /*--- Included file: packet-x509af-fn.c ---*/ @@ -323,7 +324,7 @@ static const ber_choice_t SubjectName_choice[] = { static int dissect_x509af_SubjectName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 109 "../../asn1/x509af/x509af.cnf" +#line 138 "../../asn1/x509af/x509af.cnf" const char* str; offset = dissect_ber_choice(actx, tree, tvb, offset, @@ -342,10 +343,37 @@ dissect_x509af_SubjectName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off static int -dissect_x509af_BIT_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, - NULL, hf_index, -1, - NULL); +dissect_x509af_T_subjectPublicKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +#line 85 "../../asn1/x509af/x509af.cnf" + tvbuff_t *bs_tvb; + + /* subjectPublicKey is a BIT STRING with an explicit tag. It is DER-encoded, + * meaning that the length field consists of hex 8n followed by n octets. */ + /* TODO: drop dissect_ber_bitstring and use above assumptions? */ + /* -1 for hf_index and NULL for tree as this only attempts to parse the + * bitstring without creating a tree, */ + dissect_ber_bitstring(FALSE, actx, NULL, tvb, offset, + NULL, -1, -1, &bs_tvb); + + /* See RFC 3279 for possible subjectPublicKey values given an Algorithm ID. + * The contents of subjectPublicKey are always explicitly tagged. */ + + if (!strcmp(algorithm_id, "1.2.840.113549.1.1.1")) { /* id-rsa */ + offset += dissect_pkcs1_RSAPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index); + + } else if (!strcmp(algorithm_id, "1.2.840.10040.4.1")) { /* id-dsa */ + offset += dissect_pkcs1_DSAPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index); + + } else if (!strcmp(algorithm_id, "1.2.840.10046.2.1")) { /* dhpublicnumber */ + offset += dissect_pkcs1_DHPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index); + + } else { + /* unknown key type, display raw contents. */ + offset = dissect_ber_bitstring(FALSE, actx, tree, tvb, offset, + NULL, hf_index, -1, NULL); + } + + return offset; } @@ -353,7 +381,7 @@ dissect_x509af_BIT_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs static const ber_sequence_t SubjectPublicKeyInfo_sequence[] = { { &hf_x509af_algorithm , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509af_AlgorithmIdentifier }, - { &hf_x509af_subjectPublicKey, BER_CLASS_UNI, BER_UNI_TAG_BITSTRING, BER_FLAGS_NOOWNTAG, dissect_x509af_BIT_STRING }, + { &hf_x509af_subjectPublicKey, BER_CLASS_UNI, BER_UNI_TAG_BITSTRING, BER_FLAGS_NOOWNTAG, dissect_x509af_T_subjectPublicKey }, { NULL, 0, 0, 0, NULL } }; @@ -369,7 +397,7 @@ dissect_x509af_SubjectPublicKeyInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_ static int dissect_x509af_T_extnId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 88 "../../asn1/x509af/x509af.cnf" +#line 117 "../../asn1/x509af/x509af.cnf" const char *name; offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_x509af_extension_id, &actx->external.direct_reference); @@ -399,7 +427,7 @@ dissect_x509af_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_x509af_T_extnValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 99 "../../asn1/x509af/x509af.cnf" +#line 128 "../../asn1/x509af/x509af.cnf" gint8 ber_class; gboolean pc, ind; gint32 tag; @@ -467,6 +495,17 @@ dissect_x509af_T_signedCertificate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, } + +static int +dissect_x509af_BIT_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, + NULL, hf_index, -1, + NULL); + + return offset; +} + + static const ber_sequence_t Certificate_sequence[] = { { &hf_x509af_signedCertificate, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509af_T_signedCertificate }, { &hf_x509af_algorithmIdentifier, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509af_AlgorithmIdentifier }, @@ -896,7 +935,7 @@ static int dissect_DSS_Params_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, pro /*--- End of included file: packet-x509af-fn.c ---*/ -#line 55 "../../asn1/x509af/packet-x509af-template.c" +#line 56 "../../asn1/x509af/packet-x509af-template.c" const char *x509af_get_last_algorithm_id(void) { return algorithm_id; @@ -1035,7 +1074,7 @@ void proto_register_x509af(void) { { &hf_x509af_subjectPublicKey, { "subjectPublicKey", "x509af.subjectPublicKey", FT_BYTES, BASE_NONE, NULL, 0, - "BIT_STRING", HFILL }}, + NULL, HFILL }}, { &hf_x509af_utcTime, { "utcTime", "x509af.utcTime", FT_STRING, BASE_NONE, NULL, 0, @@ -1234,7 +1273,7 @@ void proto_register_x509af(void) { "INTEGER", HFILL }}, /*--- End of included file: packet-x509af-hfarr.c ---*/ -#line 92 "../../asn1/x509af/packet-x509af-template.c" +#line 93 "../../asn1/x509af/packet-x509af-template.c" }; /* List of subtrees */ @@ -1277,7 +1316,7 @@ void proto_register_x509af(void) { &ett_x509af_DSS_Params, /*--- End of included file: packet-x509af-ettarr.c ---*/ -#line 98 "../../asn1/x509af/packet-x509af-template.c" +#line 99 "../../asn1/x509af/packet-x509af-template.c" }; /* Register protocol */ @@ -1320,7 +1359,7 @@ void proto_reg_handoff_x509af(void) { /*--- End of included file: packet-x509af-dis-tab.c ---*/ -#line 126 "../../asn1/x509af/packet-x509af-template.c" +#line 127 "../../asn1/x509af/packet-x509af-template.c" /*XXX these should really go to a better place but since I have not that ITU standard, I'll put it here for the time |