2 * Routines for X.509 Authentication Framework packet dissection
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include <epan/packet.h>
32 #include <epan/conversation.h>
37 #include "packet-ber.h"
38 #include "packet-x509af.h"
39 #include "packet-x509ce.h"
40 #include "packet-x509if.h"
41 #include "packet-x509sat.h"
42 #include "packet-ldap.h"
44 #define PNAME "X.509 Authentication Framework"
45 #define PSNAME "X509AF"
46 #define PFNAME "x509af"
48 /* Initialize the protocol and registered fields */
49 static int proto_x509af = -1;
50 static int hf_x509af_algorithm_id = -1;
51 static int hf_x509af_extension_id = -1;
52 #include "packet-x509af-hf.c"
54 /* Initialize the subtree pointers */
55 static gint ett_pkix_crl = -1;
56 #include "packet-x509af-ett.c"
58 static const char *algorithm_id;
59 static const char *extension_id;
61 #include "packet-x509af-fn.c"
63 const char *x509af_get_last_algorithm_id(void) {
69 dissect_pkix_crl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
71 proto_item *item=NULL;
72 proto_tree *tree=NULL;
74 if (check_col(pinfo->cinfo, COL_PROTOCOL))
75 col_set_str(pinfo->cinfo, COL_PROTOCOL, "PKIX-CRL");
77 if (check_col(pinfo->cinfo, COL_INFO)) {
78 col_clear(pinfo->cinfo, COL_INFO);
80 col_add_fstr(pinfo->cinfo, COL_INFO, "Certificate Revocation List");
85 item=proto_tree_add_text(parent_tree, tvb, 0, -1, "Certificate Revocation List");
86 tree = proto_item_add_subtree(item, ett_pkix_crl);
89 return dissect_x509af_CertificateList(FALSE, tvb, 0, pinfo, tree, -1);
92 /*--- proto_register_x509af ----------------------------------------------*/
93 void proto_register_x509af(void) {
96 static hf_register_info hf[] = {
97 { &hf_x509af_algorithm_id,
98 { "Algorithm Id", "x509af.algorithm.id",
99 FT_OID, BASE_NONE, NULL, 0,
100 "Algorithm Id", HFILL }},
101 { &hf_x509af_extension_id,
102 { "Extension Id", "x509af.extension.id",
103 FT_OID, BASE_NONE, NULL, 0,
104 "Extension Id", HFILL }},
105 #include "packet-x509af-hfarr.c"
108 /* List of subtrees */
109 static gint *ett[] = {
111 #include "packet-x509af-ettarr.c"
114 /* Register protocol */
115 proto_x509af = proto_register_protocol(PNAME, PSNAME, PFNAME);
117 /* Register fields and subtrees */
118 proto_register_field_array(proto_x509af, hf, array_length(hf));
119 proto_register_subtree_array(ett, array_length(ett));
124 /*--- proto_reg_handoff_x509af -------------------------------------------*/
125 void proto_reg_handoff_x509af(void) {
126 dissector_handle_t pkix_crl_handle;
128 pkix_crl_handle = new_create_dissector_handle(dissect_pkix_crl, proto_x509af);
129 dissector_add_string("media_type", "application/pkix-crl", pkix_crl_handle);
131 #include "packet-x509af-dis-tab.c"
133 /*XXX these should really go to a better place but since that
134 I have not that ITU standard, ill put it here for the time
136 Only implemented those algorithms that take no parameters
137 for the time being, ronnie
139 /* from http://www.alvestrand.no/objectid/1.3.14.3.2.html */
140 register_ber_oid_dissector("1.3.14.3.2.2", dissect_ber_oid_NULL_callback, proto_x509af, "md4WithRSA");
141 register_ber_oid_dissector("1.3.14.3.2.3", dissect_ber_oid_NULL_callback, proto_x509af, "md5WithRSA");
142 register_ber_oid_dissector("1.3.14.3.2.4", dissect_ber_oid_NULL_callback, proto_x509af, "md4WithRSAEncryption");
143 register_ber_oid_dissector("1.3.14.3.2.6", dissect_ber_oid_NULL_callback, proto_x509af, "desECB");
144 register_ber_oid_dissector("1.3.14.3.2.11", dissect_ber_oid_NULL_callback, proto_x509af, "rsaSignature");
145 register_ber_oid_dissector("1.3.14.3.2.14", dissect_ber_oid_NULL_callback, proto_x509af, "mdc2WithRSASignature");
146 register_ber_oid_dissector("1.3.14.3.2.15", dissect_ber_oid_NULL_callback, proto_x509af, "shaWithRSASignature");
147 register_ber_oid_dissector("1.3.14.3.2.16", dissect_ber_oid_NULL_callback, proto_x509af, "dhWithCommonModulus");
148 register_ber_oid_dissector("1.3.14.3.2.17", dissect_ber_oid_NULL_callback, proto_x509af, "desEDE");
149 register_ber_oid_dissector("1.3.14.3.2.18", dissect_ber_oid_NULL_callback, proto_x509af, "sha");
150 register_ber_oid_dissector("1.3.14.3.2.19", dissect_ber_oid_NULL_callback, proto_x509af, "mdc-2");
151 register_ber_oid_dissector("1.3.14.3.2.20", dissect_ber_oid_NULL_callback, proto_x509af, "dsaCommon");
152 register_ber_oid_dissector("1.3.14.3.2.21", dissect_ber_oid_NULL_callback, proto_x509af, "dsaCommonWithSHA");
153 register_ber_oid_dissector("1.3.14.3.2.22", dissect_ber_oid_NULL_callback, proto_x509af, "rsaKeyTransport");
154 register_ber_oid_dissector("1.3.14.3.2.23", dissect_ber_oid_NULL_callback, proto_x509af, "keyed-hash-seal");
155 register_ber_oid_dissector("1.3.14.3.2.24", dissect_ber_oid_NULL_callback, proto_x509af, "md2WithRSASignature");
156 register_ber_oid_dissector("1.3.14.3.2.25", dissect_ber_oid_NULL_callback, proto_x509af, "md5WithRSASignature");
157 register_ber_oid_dissector("1.3.14.3.2.26", dissect_ber_oid_NULL_callback, proto_x509af, "SHA-1");
159 /* these will generally be encoded as ";binary" in LDAP */
161 register_ldap_name_dissector("cACertificate", dissect_Certificate_PDU, proto_x509af);
162 register_ldap_name_dissector("certificate", dissect_Certificate_PDU, proto_x509af);
164 register_ldap_name_dissector("certificateRevocationList", dissect_CertificateList_PDU, proto_x509af);
165 register_ldap_name_dissector("crl", dissect_CertificateList_PDU, proto_x509af);
167 register_ldap_name_dissector("authorityRevocationList", dissect_CertificateList_PDU, proto_x509af);
168 register_ldap_name_dissector("arl", dissect_CertificateList_PDU, proto_x509af);
170 register_ldap_name_dissector("crossCertificatePair", dissect_CertificatePair_PDU, proto_x509af);