/* packet-x509af.c
* Routines for X.509 Authentication Framework packet dissection
+ * Ronnie Sahlberg 2004
*
- * $Id: packet-x509af-template.c,v 1.2 2004/05/25 21:07:43 guy Exp $
+ * $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
static int proto_x509af = -1;
static int hf_x509af_algorithm_id = -1;
static int hf_x509af_extension_id = -1;
-static int hf_x509af_critical = -1; /* BOOLEAN */
#include "packet-x509af-hf.c"
/* Initialize the subtree pointers */
+static gint ett_pkix_crl = -1;
#include "packet-x509af-ett.c"
+static const char *algorithm_id;
+static const char *extension_id;
-static char extension_id[64]; /*64 chars should be long enough? */
-static int
-dissect_hf_x509af_extension_id(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
-{
- offset = dissect_ber_object_identifier(FALSE, pinfo, tree, tvb, offset,
- hf_x509af_extension_id, extension_id);
- return offset;
-}
-/* BOOLEAN from template, remove later if the compiler starts generating it */
-static int
-dissect_x509af_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
- offset = dissect_ber_boolean(pinfo, tree, tvb, offset, hf_index);
-
- return offset;
-}
-static int dissect_critical(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
- return dissect_x509af_BOOLEAN(FALSE, tvb, offset, pinfo, tree, hf_x509af_critical);
-}
-
-static int
-dissect_hf_x509af_extension_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
-{
- offset=call_ber_oid_callback(extension_id, tvb, offset, pinfo, tree);
+#include "packet-x509af-fn.c"
- return offset;
+char *x509af_get_last_algorithm_id() {
+ return algorithm_id;
}
-static ber_sequence Extension_sequence[] = {
- { BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_hf_x509af_extension_id },
- { BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_critical },
- { BER_CLASS_ANY, 0, 0, dissect_hf_x509af_extension_type },
- { 0, 0, 0, NULL }
-};
static int
-dissect_x509af_Extension(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
- offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
- Extension_sequence, hf_index, ett_x509af_Extension);
-
- return offset;
-}
-
-static char algorithm_id[64]; /*64 chars should be long enough? */
-static int
-dissect_hf_x509af_algorithm_id(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
+dissect_pkix_crl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
- offset = dissect_ber_object_identifier(FALSE, pinfo, tree, tvb, offset,
- hf_x509af_algorithm_id, algorithm_id);
- return offset;
-}
+ proto_item *item=NULL;
+ proto_tree *tree=NULL;
-static int
-dissect_hf_x509af_algorithm_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset)
-{
- offset=call_ber_oid_callback(algorithm_id, tvb, offset, pinfo, tree);
+ if (check_col(pinfo->cinfo, COL_PROTOCOL))
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "PKIX-CRL");
- return offset;
-}
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_clear(pinfo->cinfo, COL_INFO);
+
+ col_add_fstr(pinfo->cinfo, COL_INFO, "Certificate Revocation List");
+ }
-/* Algorithm Identifier can not yet be handled by the compiler */
-static ber_sequence AlgorithmIdentifier_sequence[] = {
- { BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_hf_x509af_algorithm_id },
- { BER_CLASS_ANY, 0, 0, dissect_hf_x509af_algorithm_type },
- { 0, 0, 0, NULL }
-};
-int
-dissect_x509af_AlgorithmIdentifier(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
- offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
- AlgorithmIdentifier_sequence, hf_index, ett_x509af_AlgorithmIdentifier);
+ if(parent_tree){
+ item=proto_tree_add_text(parent_tree, tvb, 0, -1, "Certificate Revocation List");
+ tree = proto_item_add_subtree(item, ett_pkix_crl);
+ }
- return offset;
+ return dissect_x509af_CertificateList(FALSE, tvb, 0, pinfo, tree, -1);
}
-#include "packet-x509af-fn.c"
-
-
/*--- proto_register_x509af ----------------------------------------------*/
void proto_register_x509af(void) {
{ "Extension Id", "x509af.extension.id",
FT_STRING, BASE_NONE, NULL, 0,
"Extension Id", HFILL }},
- { &hf_x509af_critical,
- { "critical", "x509af.critical",
- FT_BOOLEAN, 8, NULL, 0,
- "Extension/critical", HFILL }},
#include "packet-x509af-hfarr.c"
};
/* List of subtrees */
static gint *ett[] = {
+ &ett_pkix_crl,
#include "packet-x509af-ettarr.c"
};
/*--- proto_reg_handoff_x509af -------------------------------------------*/
void proto_reg_handoff_x509af(void) {
+ dissector_handle_t pkix_crl_handle;
+
+ pkix_crl_handle = new_create_dissector_handle(dissect_pkix_crl, proto_x509af);
+ dissector_add_string("media_type", "application/pkix-crl", pkix_crl_handle);
+
+#include "packet-x509af-dis-tab.c"
+
+ /*XXX these should really go to a better place but since that
+ I have not that ITU standard, ill put it here for the time
+ being.
+ Only implemented those algorithms that take no parameters
+ for the time being, ronnie
+ */
+ /* from http://www.alvestrand.no/objectid/1.3.14.3.2.html */
+ register_ber_oid_dissector("1.3.14.3.2.2", dissect_ber_oid_NULL_callback, proto_x509af, "md4WithRSA");
+ register_ber_oid_dissector("1.3.14.3.2.3", dissect_ber_oid_NULL_callback, proto_x509af, "md5WithRSA");
+ register_ber_oid_dissector("1.3.14.3.2.4", dissect_ber_oid_NULL_callback, proto_x509af, "md4WithRSAEncryption");
+ register_ber_oid_dissector("1.3.14.3.2.6", dissect_ber_oid_NULL_callback, proto_x509af, "desECB");
+ register_ber_oid_dissector("1.3.14.3.2.11", dissect_ber_oid_NULL_callback, proto_x509af, "rsaSignature");
+ register_ber_oid_dissector("1.3.14.3.2.14", dissect_ber_oid_NULL_callback, proto_x509af, "mdc2WithRSASignature");
+ register_ber_oid_dissector("1.3.14.3.2.15", dissect_ber_oid_NULL_callback, proto_x509af, "shaWithRSASignature");
+ register_ber_oid_dissector("1.3.14.3.2.16", dissect_ber_oid_NULL_callback, proto_x509af, "dhWithCommonModulus");
+ register_ber_oid_dissector("1.3.14.3.2.17", dissect_ber_oid_NULL_callback, proto_x509af, "desEDE");
+ register_ber_oid_dissector("1.3.14.3.2.18", dissect_ber_oid_NULL_callback, proto_x509af, "sha");
+ register_ber_oid_dissector("1.3.14.3.2.19", dissect_ber_oid_NULL_callback, proto_x509af, "mdc-2");
+ register_ber_oid_dissector("1.3.14.3.2.20", dissect_ber_oid_NULL_callback, proto_x509af, "dsaCommon");
+ register_ber_oid_dissector("1.3.14.3.2.21", dissect_ber_oid_NULL_callback, proto_x509af, "dsaCommonWithSHA");
+ register_ber_oid_dissector("1.3.14.3.2.22", dissect_ber_oid_NULL_callback, proto_x509af, "rsaKeyTransport");
+ register_ber_oid_dissector("1.3.14.3.2.23", dissect_ber_oid_NULL_callback, proto_x509af, "keyed-hash-seal");
+ register_ber_oid_dissector("1.3.14.3.2.24", dissect_ber_oid_NULL_callback, proto_x509af, "md2WithRSASignature");
+ register_ber_oid_dissector("1.3.14.3.2.25", dissect_ber_oid_NULL_callback, proto_x509af, "md5WithRSASignature");
+ register_ber_oid_dissector("1.3.14.3.2.26", dissect_ber_oid_NULL_callback, proto_x509af, "SHA-1");
}