Adding upstream version 4.2.2.upstream/4.2.2

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-10 20:34:10 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-10 20:34:10 +0000
commit: e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc (patch)
tree: 68cb5ef9081156392f1dd62a00c6ccc1451b93df /epan/dissectors/asn1/cms
parent: Initial commit. (diff)
download: wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.tar.xz
wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.zip
7 files changed, 1332 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/cms/AttributeCertificateVersion1.asn b/epan/dissectors/asn1/cms/AttributeCertificateVersion1.asn
new file mode 100644
index 00000000..1187616e
--- /dev/null
+++ b/epan/dissectors/asn1/cms/AttributeCertificateVersion1.asn
@@ -0,0 +1,51 @@
+-- Extracted from RFC5652
+AttributeCertificateVersion1
+    { iso(1) member-body(2) us(840) rsadsi(113549)
+      pkcs(1) pkcs-9(9) smime(16) modules(0) v1AttrCert(15) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+-- EXPORTS All
+
+IMPORTS
+  -- Directory Authentication Framework (X.509)
+        AttCertValidityPeriod, Extensions, IssuerSerial
+           FROM AuthenticationFramework { joint-iso-itu-t ds(5)
+                module(1) authenticationFramework(7) 3 }
+
+        GeneralNames
+           FROM CertificateExtensions { joint-iso-ccitt ds(5)
+                module(1) certificateExtensions(26) 0 }
+
+        UniqueIdentifier
+           FROM SelectedAttributeTypes { joint-iso-itu-t ds(5) module(1)
+                selectedAttributeTypes(5) 3 };
+
+
+-- Definition extracted from X.509-1997 [X.509-97], but
+-- different type names are used to avoid collisions.
+
+AttributeCertificateV1 ::= SEQUENCE {
+  acInfo AttributeCertificateInfoV1,
+  signatureAlgorithm AlgorithmIdentifier,
+  signature BIT STRING }
+
+AttributeCertificateInfoV1 ::= SEQUENCE {
+  version AttCertVersionV1 DEFAULT v1,
+  subject CHOICE {
+    baseCertificateID [0] IssuerSerial,
+      -- associated with a Public Key Certificate
+    subjectName [1] GeneralNames },
+      -- associated with a name
+  issuer GeneralNames,
+  signature AlgorithmIdentifier,
+  serialNumber CertificateSerialNumber,
+  attCertValidityPeriod AttCertValidityPeriod,
+  attributes SEQUENCE OF Attribute,
+  issuerUniqueID UniqueIdentifier OPTIONAL,
+  extensions Extensions OPTIONAL }
+
+AttCertVersionV1 ::= INTEGER { v1(0) }
+
+END -- of AttributeCertificateVersion1
diff --git a/epan/dissectors/asn1/cms/CMSFirmwareWrapper.asn b/epan/dissectors/asn1/cms/CMSFirmwareWrapper.asn
new file mode 100644
index 00000000..7842d648
--- /dev/null
+++ b/epan/dissectors/asn1/cms/CMSFirmwareWrapper.asn
@@ -0,0 +1,220 @@
+-- Verbatim copy of Appendix A of RFC 4108 followed by Errata ID 4093
+
+CMSFirmwareWrapper
+	{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+		pkcs-9(9) smime(16) modules(0) cms-firmware-wrap(22) }
+
+DEFINITIONS IMPLICIT TAGS ::= BEGIN
+
+IMPORTS
+	EnvelopedData
+	FROM CryptographicMessageSyntax -- [CMS]
+		{ iso(1) member-body(2) us(840) rsadsi(113549)
+			pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) };
+
+
+-- Firmware Package Content Type and Object Identifier
+
+id-ct-firmwarePackage OBJECT IDENTIFIER ::= {
+	iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+	smime(16) ct(1) 16 }
+
+FirmwarePkgData ::= OCTET STRING
+
+
+-- Firmware Package Signed Attributes and Object Identifiers
+
+id-aa-firmwarePackageID OBJECT IDENTIFIER ::= {
+	iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+	smime(16) aa(2) 35 }
+
+FirmwarePackageIdentifier ::= SEQUENCE {
+	name PreferredOrLegacyPackageIdentifier,
+	stale PreferredOrLegacyStalePackageIdentifier OPTIONAL }
+
+PreferredOrLegacyPackageIdentifier ::= CHOICE {
+	preferred PreferredPackageIdentifier,
+	legacy OCTET STRING }
+
+PreferredPackageIdentifier ::= SEQUENCE {
+	fwPkgID OBJECT IDENTIFIER,
+	verNum INTEGER (0..MAX) }
+
+PreferredOrLegacyStalePackageIdentifier ::= CHOICE {
+	preferredStaleVerNum INTEGER (0..MAX),
+	legacyStaleVersion OCTET STRING }
+
+
+id-aa-targetHardwareIDs OBJECT IDENTIFIER ::= {
+	iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+	smime(16) aa(2) 36 }
+
+TargetHardwareIdentifiers ::= SEQUENCE OF OBJECT IDENTIFIER
+
+
+id-aa-decryptKeyID OBJECT IDENTIFIER ::= {
+	iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+	smime(16) aa(2) 37 }
+
+DecryptKeyIdentifier ::= OCTET STRING
+
+
+id-aa-implCryptoAlgs OBJECT IDENTIFIER ::= {
+	iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+	smime(16) aa(2) 38 }
+
+ImplementedCryptoAlgorithms ::= SEQUENCE OF OBJECT IDENTIFIER
+
+id-aa-implCompressAlgs OBJECT IDENTIFIER ::= {
+	iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+	smime(16) aa(2) 43 }
+
+ImplementedCompressAlgorithms ::= SEQUENCE OF OBJECT IDENTIFIER
+
+
+id-aa-communityIdentifiers OBJECT IDENTIFIER ::= {
+	iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+	smime(16) aa(2) 40 }
+
+CommunityIdentifiers ::= SEQUENCE OF CommunityIdentifier
+
+CommunityIdentifier ::= CHOICE {
+	communityOID OBJECT IDENTIFIER,
+	hwModuleList HardwareModules }
+
+HardwareModules ::= SEQUENCE {
+	hwType OBJECT IDENTIFIER,
+	hwSerialEntries SEQUENCE OF HardwareSerialEntry }
+
+
+HardwareSerialEntry ::= CHOICE {
+	all NULL,
+	single OCTET STRING,
+	block SEQUENCE {
+	low OCTET STRING,
+	high OCTET STRING } }
+
+
+id-aa-firmwarePackageInfo OBJECT IDENTIFIER ::= {
+	iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+	smime(16) aa(2) 42 }
+
+FirmwarePackageInfo ::= SEQUENCE {
+	fwPkgType INTEGER OPTIONAL,
+	dependencies SEQUENCE OF
+	PreferredOrLegacyPackageIdentifier OPTIONAL }
+
+
+-- Firmware Package Unsigned Attributes and Object Identifiers
+
+id-aa-wrappedFirmwareKey OBJECT IDENTIFIER ::= {
+	iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+	smime(16) aa(2) 39 }
+
+WrappedFirmwareKey ::= EnvelopedData
+
+
+-- Firmware Package Load Receipt Content Type and Object Identifier
+
+id-ct-firmwareLoadReceipt OBJECT IDENTIFIER ::= {
+	iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+	smime(16) ct(1) 17 }
+
+FirmwarePackageLoadReceipt ::= SEQUENCE {
+	version FWReceiptVersion DEFAULT v1,
+	hwType OBJECT IDENTIFIER,
+	hwSerialNum OCTET STRING,
+	fwPkgName PreferredOrLegacyPackageIdentifier,
+	trustAnchorKeyID OCTET STRING OPTIONAL,
+	decryptKeyID [1] OCTET STRING OPTIONAL }
+
+FWReceiptVersion ::= INTEGER { v1(1) }
+
+
+-- Firmware Package Load Error Report Content Type
+-- and Object Identifier
+
+id-ct-firmwareLoadError OBJECT IDENTIFIER ::= {
+	iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+	smime(16) ct(1) 18 }
+
+FirmwarePackageLoadError ::= SEQUENCE {
+	version FWErrorVersion DEFAULT v1,
+	hwType OBJECT IDENTIFIER,
+	hwSerialNum OCTET STRING,
+	errorCode FirmwarePackageLoadErrorCode,
+	vendorErrorCode VendorLoadErrorCode OPTIONAL,
+	fwPkgName PreferredOrLegacyPackageIdentifier OPTIONAL,
+	config [1] SEQUENCE OF CurrentFWConfig OPTIONAL }
+
+FWErrorVersion ::= INTEGER { v1(1) }
+
+CurrentFWConfig ::= SEQUENCE {
+	fwPkgType INTEGER OPTIONAL,
+	fwPkgName PreferredOrLegacyPackageIdentifier }
+
+FirmwarePackageLoadErrorCode ::= ENUMERATED {
+	decodeFailure                (1),
+	badContentInfo               (2),
+	badSignedData                (3),
+	badEncapContent              (4),
+	badCertificate               (5),
+	badSignerInfo                (6),
+	badSignedAttrs               (7),
+	badUnsignedAttrs             (8),
+	missingContent               (9),
+	noTrustAnchor               (10),
+	notAuthorized               (11),
+	badDigestAlgorithm          (12),
+	badSignatureAlgorithm       (13),
+	unsupportedKeySize          (14),
+	signatureFailure            (15),
+	contentTypeMismatch         (16),
+	badEncryptedData            (17),
+	unprotectedAttrsPresent     (18),
+	badEncryptContent           (19),
+	badEncryptAlgorithm         (20),
+	missingCiphertext           (21),
+	noDecryptKey                (22),
+	decryptFailure              (23),
+	badCompressAlgorithm        (24),
+	missingCompressedContent    (25),
+	decompressFailure           (26),
+	wrongHardware               (27),
+	stalePackage                (28),
+	notInCommunity              (29),
+	unsupportedPackageType      (30),
+	missingDependency           (31),
+	wrongDependencyVersion      (32),
+	insufficientMemory          (33),
+	badFirmware                 (34),
+	unsupportedParameters       (35),
+	breaksDependency            (36),
+	otherError                  (99) }
+
+VendorLoadErrorCode ::= INTEGER
+
+
+-- Other Name syntax for Hardware Module Name
+
+id-on-hardwareModuleName OBJECT IDENTIFIER ::= {
+	iso(1) identified-organization(3) dod(6) internet(1) security(5)
+	mechanisms(5) pkix(7) on(8) 4 }
+
+HardwareModuleName ::= SEQUENCE {
+	hwType OBJECT IDENTIFIER,
+	hwSerialNum OCTET STRING }
+
+
+
+-- From Errata ID 4093: Elements defined Section 2.2.10 and missing in the appendix
+
+id-aa-fwPkgMessageDigest OBJECT IDENTIFIER ::= {
+	iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+	smime(16) aa(2) 41 }
+
+FirmwarePackageMessageDigest ::= SEQUENCE {
+	algorithm AlgorithmIdentifier,
+	msgDigest OCTET STRING }
+
+END
diff --git a/epan/dissectors/asn1/cms/CMakeLists.txt b/epan/dissectors/asn1/cms/CMakeLists.txt
new file mode 100644
index 00000000..6fc91bd2
--- /dev/null
+++ b/epan/dissectors/asn1/cms/CMakeLists.txt
@@ -0,0 +1,52 @@
+# CMakeLists.txt
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+
+set( PROTOCOL_NAME cms )
+
+set( PROTO_OPT )
+
+set( EXPORT_FILES
+	${PROTOCOL_NAME}-exp.cnf
+)
+
+set( EXT_ASN_FILE_LIST
+)
+
+set( ASN_FILE_LIST
+	CryptographicMessageSyntax.asn
+	AttributeCertificateVersion1.asn
+	CMSFirmwareWrapper.asn
+)
+
+set( EXTRA_DIST
+	${ASN_FILE_LIST}
+	packet-${PROTOCOL_NAME}-template.c
+	packet-${PROTOCOL_NAME}-template.h
+	${PROTOCOL_NAME}.cnf
+)
+
+set( SRC_FILES
+	${EXTRA_DIST}
+	${EXT_ASN_FILE_LIST}
+)
+
+set( A2W_FLAGS -b -C )
+
+set( EXTRA_CNF
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509af/x509af-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509ce/x509ce-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509if/x509if-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509sat/x509sat-exp.cnf"
+)
+
+set ( EXPORT_DEPENDS
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509af/x509af-exp.cnf"
+)
+
+ASN2WRS()
diff --git a/epan/dissectors/asn1/cms/CryptographicMessageSyntax.asn b/epan/dissectors/asn1/cms/CryptographicMessageSyntax.asn
new file mode 100644
index 00000000..a2b9d921
--- /dev/null
+++ b/epan/dissectors/asn1/cms/CryptographicMessageSyntax.asn
@@ -0,0 +1,485 @@
+-- Extracted from RFC5652
+-- and massaged/modified so it passes through our asn2wrs compiler
+
+CryptographicMessageSyntax
+  { iso(1) member-body(2) us(840) rsadsi(113549)
+    pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use
+-- in the other ASN.1 modules.  Other applications may use them for
+-- their own purposes.
+
+IMPORTS
+  -- Directory Information Framework (X.501)
+        Name
+           FROM InformationFramework { joint-iso-itu-t ds(5) modules(1)
+                informationFramework(1) 3 }
+
+  -- Directory Authentication Framework (X.509)
+        AlgorithmIdentifier, AttributeCertificate, Certificate,
+        CertificateList, CertificateSerialNumber
+           FROM AuthenticationFramework { joint-iso-itu-t ds(5)
+                module(1) authenticationFramework(7) 3 } ;
+
+
+-- Cryptographic Message Syntax
+
+ContentInfo ::= SEQUENCE {
+  contentType ContentType,
+  content [0] EXPLICIT ANY DEFINED BY contentType }
+
+ContentType ::= OBJECT IDENTIFIER
+
+SignedData ::= SEQUENCE {
+  version CMSVersion,
+  digestAlgorithms DigestAlgorithmIdentifiers,
+  encapContentInfo EncapsulatedContentInfo,
+  certificates [0] IMPLICIT CertificateSet OPTIONAL,
+  crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
+  signerInfos SignerInfos }
+
+DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+
+SignerInfos ::= SET OF SignerInfo
+
+--             Implemented by hand in the template
+EncapsulatedContentInfo ::= SEQUENCE {
+  eContentType ContentType,
+  eContent [0] EXPLICIT OCTET STRING OPTIONAL }
+
+SignerInfo ::= SEQUENCE {
+  version CMSVersion,
+  sid SignerIdentifier,
+  digestAlgorithm DigestAlgorithmIdentifier,
+  signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
+  signatureAlgorithm SignatureAlgorithmIdentifier,
+  signature SignatureValue,
+  unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
+
+SignerIdentifier ::= CHOICE {
+  issuerAndSerialNumber IssuerAndSerialNumber,
+  subjectKeyIdentifier [0] SubjectKeyIdentifier }
+
+SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+Attribute ::= SEQUENCE {
+  attrType OBJECT IDENTIFIER,
+  attrValues SET OF AttributeValue }
+
+AttributeValue ::= ANY
+
+SignatureValue ::= OCTET STRING
+
+EnvelopedData ::= SEQUENCE {
+  version CMSVersion,
+  originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+  recipientInfos RecipientInfos,
+  encryptedContentInfo EncryptedContentInfo,
+  unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
+
+OriginatorInfo ::= SEQUENCE {
+  certs [0] IMPLICIT CertificateSet OPTIONAL,
+  crls [1] IMPLICIT RevocationInfoChoices OPTIONAL }
+
+RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo
+
+EncryptedContentInfo ::= SEQUENCE {
+  contentType ContentType,
+  contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
+  encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
+
+EncryptedContent ::= OCTET STRING
+
+UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+RecipientInfo ::= CHOICE {
+  ktri KeyTransRecipientInfo,
+  kari [1] KeyAgreeRecipientInfo,
+  kekri [2] KEKRecipientInfo,
+  pwri [3] PasswordRecipientInfo,
+  ori [4] OtherRecipientInfo }
+
+EncryptedKey ::= OCTET STRING
+
+KeyTransRecipientInfo ::= SEQUENCE {
+  version CMSVersion,  -- always set to 0 or 2
+  rid RecipientIdentifier,
+  keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+  encryptedKey EncryptedKey }
+
+RecipientIdentifier ::= CHOICE {
+  issuerAndSerialNumber IssuerAndSerialNumber,
+  subjectKeyIdentifier [0] SubjectKeyIdentifier }
+
+KeyAgreeRecipientInfo ::= SEQUENCE {
+  version CMSVersion,  -- always set to 3
+  originator [0] EXPLICIT OriginatorIdentifierOrKey,
+  ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
+  keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+  recipientEncryptedKeys RecipientEncryptedKeys }
+
+OriginatorIdentifierOrKey ::= CHOICE {
+  issuerAndSerialNumber IssuerAndSerialNumber,
+  subjectKeyIdentifier [0] SubjectKeyIdentifier,
+  originatorKey [1] OriginatorPublicKey }
+
+OriginatorPublicKey ::= SEQUENCE {
+  algorithm AlgorithmIdentifier,
+  publicKey BIT STRING }
+
+RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
+
+RecipientEncryptedKey ::= SEQUENCE {
+  rid KeyAgreeRecipientIdentifier,
+  encryptedKey EncryptedKey }
+
+KeyAgreeRecipientIdentifier ::= CHOICE {
+  issuerAndSerialNumber IssuerAndSerialNumber,
+  rKeyId [0] IMPLICIT RecipientKeyIdentifier }
+
+RecipientKeyIdentifier ::= SEQUENCE {
+  subjectKeyIdentifier SubjectKeyIdentifier,
+  date GeneralizedTime OPTIONAL,
+  other OtherKeyAttribute OPTIONAL }
+
+SubjectKeyIdentifier ::= OCTET STRING
+
+KEKRecipientInfo ::= SEQUENCE {
+  version CMSVersion,  -- always set to 4
+  kekid KEKIdentifier,
+  keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+  encryptedKey EncryptedKey }
+
+KEKIdentifier ::= SEQUENCE {
+  keyIdentifier OCTET STRING,
+  date GeneralizedTime OPTIONAL,
+  other OtherKeyAttribute OPTIONAL }
+
+PasswordRecipientInfo ::= SEQUENCE {
+  version CMSVersion,   -- always set to 0
+  keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
+                             OPTIONAL,
+  keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+  encryptedKey EncryptedKey }
+
+OtherRecipientInfo ::= SEQUENCE {
+  oriType OBJECT IDENTIFIER,
+  oriValue ANY DEFINED BY oriType }
+
+DigestedData ::= SEQUENCE {
+  version CMSVersion,
+  digestAlgorithm DigestAlgorithmIdentifier,
+  encapContentInfo EncapsulatedContentInfo,
+  digest Digest }
+
+Digest ::= OCTET STRING
+
+EncryptedData ::= SEQUENCE {
+  version CMSVersion,
+  encryptedContentInfo EncryptedContentInfo,
+  unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
+
+AuthenticatedData ::= SEQUENCE {
+  version CMSVersion,
+  originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+  recipientInfos RecipientInfos,
+  macAlgorithm MessageAuthenticationCodeAlgorithm,
+  digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
+  encapContentInfo EncapsulatedContentInfo,
+  authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
+  mac MessageAuthenticationCode,
+  unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
+
+AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+MessageAuthenticationCode ::= OCTET STRING
+
+DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+
+SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
+
+KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
+
+KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier
+
+RevocationInfoChoices ::= SET OF RevocationInfoChoice
+
+RevocationInfoChoice ::= CHOICE {
+  crl CertificateList,
+  other [1] IMPLICIT OtherRevocationInfoFormat }
+
+OtherRevocationInfoFormat ::= SEQUENCE {
+  otherRevInfoFormat OBJECT IDENTIFIER,
+  otherRevInfo ANY DEFINED BY otherRevInfoFormat }
+
+CertificateChoices ::= CHOICE {
+  certificate Certificate,
+  extendedCertificate [0] IMPLICIT ExtendedCertificate,  -- Obsolete
+  v1AttrCert [1] IMPLICIT AttributeCertificateV1,        -- Obsolete
+  v2AttrCert [2] IMPLICIT AttributeCertificateV2 }
+
+AttributeCertificateV2 ::= AttributeCertificate
+
+CertificateSet ::= SET OF CertificateChoices
+
+IssuerAndSerialNumber ::= SEQUENCE {
+  issuer Name,
+  serialNumber CertificateSerialNumber }
+
+CMSVersion ::= INTEGER  { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
+
+UserKeyingMaterial ::= OCTET STRING
+
+OtherKeyAttribute ::= SEQUENCE {
+  keyAttrId OBJECT IDENTIFIER,
+  keyAttr ANY DEFINED BY keyAttrId OPTIONAL }
+
+-- Content Type Object Identifiers
+
+id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 }
+
+id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
+
+id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
+
+id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }
+
+id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
+
+id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
+
+id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 }
+
+-- The CMS Attributes
+
+MessageDigest ::= OCTET STRING
+
+SigningTime  ::= Time
+
+Time ::= CHOICE {
+  utcTime UTCTime,
+  generalTime GeneralizedTime }
+
+Countersignature ::= SignerInfo
+
+-- Algorithm Identifiers
+-- 
+-- sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
+--     oiw(14) secsig(3) algorithm(2) 26 }
+-- 
+-- md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+--     rsadsi(113549) digestAlgorithm(2) 5 }
+-- 
+-- id-dsa-with-sha1 OBJECT IDENTIFIER ::=  { iso(1) member-body(2)
+--     us(840) x9-57 (10040) x9cm(4) 3 }
+-- 
+-- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
+-- 
+-- dh-public-number OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) ansi-x942(10046) number-type(2) 1 }
+-- 
+-- id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+--     rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
+-- 
+-- id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
+-- 
+-- id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
+-- 
+-- des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
+-- 
+-- rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+--     rsadsi(113549) encryptionAlgorithm(3) 2 }
+-- 
+-- hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
+--     dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
+-- 
+-- 
+-- Algorithm Parameters
+-- 
+KeyWrapAlgorithm ::= AlgorithmIdentifier
+
+RC2WrapParameter ::= RC2ParameterVersion
+
+RC2ParameterVersion ::= INTEGER
+ 
+CBCParameter ::= IV
+ 
+IV ::= OCTET STRING
+ 
+RC2CBCParameter ::= SEQUENCE {
+   rc2ParameterVersion INTEGER,
+   iv OCTET STRING  }
+
+-- Attribute Object Identifiers
+
+id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }
+
+id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }
+
+id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
+
+id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
+
+-- Obsolete Extended Certificate syntax from PKCS #6
+
+ExtendedCertificateOrCertificate ::= CHOICE {
+  certificate Certificate,
+  extendedCertificate [0] IMPLICIT ExtendedCertificate }
+
+ExtendedCertificate ::= SEQUENCE {
+  extendedCertificateInfo ExtendedCertificateInfo,
+  signatureAlgorithm SignatureAlgorithmIdentifier,
+  signature Signature }
+
+ExtendedCertificateInfo ::= SEQUENCE {
+  version CMSVersion,
+  certificate Certificate,
+  attributes UnauthAttributes }
+
+Signature ::= BIT STRING
+
+-- PKCS #7 type that was removed from CMS
+
+DigestInfo ::= SEQUENCE {
+  digestAlgorithm DigestAlgorithmIdentifier,
+  digest Digest }
+
+-- From S/MIME
+
+SMIMECapabilities ::= SEQUENCE OF SMIMECapability
+
+SMIMECapability ::= SEQUENCE {
+  capability OBJECT IDENTIFIER,
+  parameters ANY OPTIONAL
+}
+
+SMIMEEncryptionKeyPreference ::= CHOICE {
+  issuerAndSerialNumber 	[0] IssuerAndSerialNumber,
+  recipientKeyId		[1] RecipientKeyIdentifier,
+  subjectAltKeyIdentifier	[2] SubjectKeyIdentifier
+
+}
+
+-- some implememtations do not seem to use the RC2CBCParameter with 1.2.840.113549.3.2 as per RFC 2630 12.4.2
+-- so we create this CHOICE to workaround this problem until we understand what is really the correct solution
+
+RC2CBCParameters ::= CHOICE {
+  rc2WrapParameter  RC2WrapParameter,
+  rc2CBCParameter   RC2CBCParameter
+
+}
+
+
+END -- of CryptographicMessageSyntax2004
+
+CMS-AuthEnvelopedData-2007 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+    pkcs-9(9) smime(16) modules(0) cms-authEnvelopedData(31) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use
+-- in the other ASN.1 modules.  Other applications may use them for
+-- their own purposes.
+
+-- IMPORTS
+
+-- Imports from RFC 3852 [CMS], Section 12.1
+--   AuthAttributes,
+--   CMSVersion,
+--   EncryptedContentInfo,
+--   MessageAuthenticationCode,
+--   OriginatorInfo,
+--   RecipientInfos,
+--   UnauthAttributes
+--      FROM CryptographicMessageSyntax2004
+--           { iso(1) member-body(2) us(840) rsadsi(113549)
+--             pkcs(1) pkcs-9(9) smime(16) modules(0)
+--             cms-2004(24) } ;
+
+
+AuthEnvelopedData ::= SEQUENCE {
+  version CMSVersion,
+  originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+  recipientInfos RecipientInfos,
+  authEncryptedContentInfo EncryptedContentInfo,
+  authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
+  mac MessageAuthenticationCode,
+  unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
+
+id-ct-authEnvelopedData OBJECT IDENTIFIER ::= { iso(1)
+  member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+  smime(16) ct(1) 23 }
+
+END -- of CMS-AuthEnvelopedData-2007
+
+CMS-AES-CCM-and-AES-GCM
+    { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+      pkcs-9(9) smime(16) modules(0) cms-aes-ccm-and-gcm(32) }
+
+DEFINITIONS IMPLICIT TAGS ::= BEGIN
+
+-- EXPORTS All
+
+-- Object Identifiers
+
+aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840)
+    organization(1) gov(101) csor(3) nistAlgorithm(4) 1 }
+
+id-aes128-CCM OBJECT IDENTIFIER ::= { aes 7 }
+
+id-aes192-CCM OBJECT IDENTIFIER ::= { aes 27 }
+
+id-aes256-CCM OBJECT IDENTIFIER ::= { aes 47 }
+
+id-aes128-GCM OBJECT IDENTIFIER ::= { aes 6 }
+
+id-aes192-GCM OBJECT IDENTIFIER ::= { aes 26 }
+
+id-aes256-GCM OBJECT IDENTIFIER ::= { aes 46 }
+
+
+-- Parameters for AigorithmIdentifier
+
+CCMParameters ::= SEQUENCE {
+  aes-nonce         OCTET STRING (SIZE(7..13)),
+  aes-ICVlen        AES-CCM-ICVlen DEFAULT 12 }
+
+AES-CCM-ICVlen ::= INTEGER (4 | 6 | 8 | 10 | 12 | 14 | 16)
+
+GCMParameters ::= SEQUENCE {
+  aes-nonce        OCTET STRING, -- recommended size is 12 octets
+  aes-ICVlen       AES-GCM-ICVlen DEFAULT 12 }
+
+AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16)
+
+END
+
diff --git a/epan/dissectors/asn1/cms/cms.cnf b/epan/dissectors/asn1/cms/cms.cnf
new file mode 100644
index 00000000..77da3143
--- /dev/null
+++ b/epan/dissectors/asn1/cms/cms.cnf
@@ -0,0 +1,293 @@
+# CMS.cnf
+# CMS conformation file
+
+#.IMPORT ../x509af/x509af-exp.cnf
+#.IMPORT ../x509ce/x509ce-exp.cnf
+#.IMPORT ../x509if/x509if-exp.cnf
+#.IMPORT ../x509sat/x509sat-exp.cnf
+
+#.OMIT_ASSIGNMENT
+CBCParameter
+ExtendedCertificateOrCertificate
+#.END
+
+#.EXPORTS
+ContentInfo
+ContentType
+Countersignature
+Digest
+DigestAlgorithmIdentifier
+DigestAlgorithmIdentifiers
+DigestInfo
+EncapsulatedContentInfo
+EnvelopedData
+AuthEnvelopedData
+IssuerAndSerialNumber
+SignedAttributes
+SignedData
+SignerIdentifier
+SignerInfo
+SignerInfos
+SignatureValue
+UnsignedAttributes
+
+#.REGISTER
+ContentInfo			B "1.2.840.113549.1.9.16.1.6" "id-ct-contentInfo"
+#OctetString		B "1.2.840.113549.1.7.1"      "id-data"			 see x509sat.cnf
+SignedData			B "1.2.840.113549.1.7.2"      "id-signedData"
+EnvelopedData		B "1.2.840.113549.1.7.3"      "id-envelopedData"
+DigestedData		B "1.2.840.113549.1.7.5"      "id-digestedData"
+EncryptedData		B "1.2.840.113549.1.7.6"      "id-encryptedData"
+AuthenticatedData	B "1.2.840.113549.1.9.16.1.2" "id-ct-authenticatedData"
+EncryptedContentInfo	B "1.2.840.113549.1.9.16.1.9" "id-ct-compressedData"
+AuthEnvelopedData	B "1.2.840.113549.1.9.16.1.23" "id-ct-authEnvelopedData"
+
+ContentType			B "1.2.840.113549.1.9.3"	"id-contentType"
+MessageDigest		B "1.2.840.113549.1.9.4"	"id-messageDigest"
+SigningTime			B "1.2.840.113549.1.9.5"	"id-signingTime"
+Countersignature	B "1.2.840.113549.1.9.6"	"id-counterSignature"
+
+ContentInfo			B "2.6.1.4.18" "id-et-pkcs7"
+
+IssuerAndSerialNumber	B "1.3.6.1.4.1.311.16.4" "ms-oe-encryption-key-preference"
+SMIMECapabilities 	B "1.2.840.113549.1.9.15" "id-smime-capabilities"
+SMIMEEncryptionKeyPreference B "1.2.840.113549.1.9.16.2.11" "id-encryption-key-preference"
+
+# I think the following should be RC2CBCParameter - but that appears to be incorrect
+RC2CBCParameters 	B "1.2.840.113549.3.4" "id-alg-rc4"
+
+KeyEncryptionAlgorithmIdentifier	B "0.4.0.127.0.7.1.1.5.1.1.3"	"ecka-eg-X963KDF-SHA256"
+KeyEncryptionAlgorithmIdentifier	B "0.4.0.127.0.7.1.1.5.1.1.4"	"ecka-eg-X963KDF-SHA384"
+KeyEncryptionAlgorithmIdentifier	B "0.4.0.127.0.7.1.1.5.1.1.5"	"ecka-eg-X963KDF-SHA512"
+
+KeyEncryptionAlgorithmIdentifier	B "2.16.840.1.101.3.4.1.5"	"id-aes128-wrap"
+KeyEncryptionAlgorithmIdentifier	B "2.16.840.1.101.3.4.1.25"	"id-aes192-wrap"
+KeyEncryptionAlgorithmIdentifier	B "2.16.840.1.101.3.4.1.45"	"id-aes256-wrap"
+
+GCMParameters		B "2.16.840.1.101.3.4.1.6"	"id-aes128-GCM"
+GCMParameters		B "2.16.840.1.101.3.4.1.26"	"id-aes192-GCM"
+GCMParameters		B "2.16.840.1.101.3.4.1.46"	"id-aes256-GCM"
+
+CCMParameters		B "2.16.840.1.101.3.4.1.7"	"id-aes128-CCM"
+CCMParameters		B "2.16.840.1.101.3.4.1.27"	"id-aes192-CCM"
+CCMParameters		B "2.16.840.1.101.3.4.1.44"	"id-aes256-CCM"
+
+# EC algorithms from RFC 3278 / RFC 5753
+KeyWrapAlgorithm B "1.3.133.16.840.63.0.2"  "dhSinglePass-stdDH-sha1kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.11.0"         "dhSinglePass-stdDH-sha224kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.11.1"         "dhSinglePass-stdDH-sha256kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.11.2"         "dhSinglePass-stdDH-sha384kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.11.3"         "dhSinglePass-stdDH-sha512kdf-scheme"
+KeyWrapAlgorithm B "1.3.133.16.840.63.0.3"  "dhSinglePass-cofactorDH-sha1kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.14.0"         "dhSinglePass-cofactorDH-sha224kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.14.1"         "dhSinglePass-cofactorDH-sha256kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.14.2"         "dhSinglePass-cofactorDH-sha384kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.14.3"         "dhSinglePass-cofactorDH-sha512kdf-scheme"
+KeyWrapAlgorithm B "1.3.133.16.840.63.0.16" "mqvSinglePass-sha1kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.15.0"         "mqvSinglePass-sha224kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.15.1"         "mqvSinglePass-sha256kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.15.2"         "mqvSinglePass-sha384kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.15.3"         "mqvSinglePass-sha512kdf-scheme"
+
+# RFC 3370 [CMS-ASN] (and RFC 5911 section 3)
+# - section 4.3.1 - registered in packet-cms-template.c
+# NULL B "1.2.840.113549.1.9.16.3.6" "id-alg-CMS3DESwrap"
+# - section 4.3.2
+RC2WrapParameter	B "1.2.840.113549.1.9.16.3.7" "id-alg-CMSRC2-wrap"
+# - section 4.4.1 - PBKDF2-params defined in PKCS#5 / RFC 8018 - not yet implemented
+# PBKDF2-params	B "1.2.840.113549.1.5.12" "id-PBKDF2"
+# - section 5.1
+IV 	B "1.2.840.113549.3.7" "des-ede3-cbc"
+# - section 5.2
+RC2CBCParameters 	B "1.2.840.113549.3.2" "rc2-cbc"
+
+# RFC 2798 Attributes - see master list in x509sat.cnf
+SignedData		B "2.16.840.1.113730.3.1.40"      "userSMIMECertificate"
+
+# RFC 4108 Attributes (in CMSFirmwareWrapper.asn)
+FirmwarePkgData		              B "1.2.840.113549.1.9.16.1.16"	"id-ct-firmwarePackage"
+FirmwarePackageIdentifier		    B "1.2.840.113549.1.9.16.2.35"	"id-aa-firmwarePackageID"
+TargetHardwareIdentifiers		    B "1.2.840.113549.1.9.16.2.36"	"id-aa-targetHardwareIDs"
+DecryptKeyIdentifier		        B "1.2.840.113549.1.9.16.2.37"	"id-aa-decryptKeyID"
+ImplementedCryptoAlgorithms		  B "1.2.840.113549.1.9.16.2.38"	"id-aa-implCryptoAlgs"
+ImplementedCompressAlgorithms		B "1.2.840.113549.1.9.16.2.43"	"id-aa-implCompressAlgs"
+CommunityIdentifiers		        B "1.2.840.113549.1.9.16.2.40"	"id-aa-communityIdentifiers"
+FirmwarePackageInfo		          B "1.2.840.113549.1.9.16.2.42"	"id-aa-firmwarePackageInfo"
+WrappedFirmwareKey		          B "1.2.840.113549.1.9.16.2.39"	"id-aa-wrappedFirmwareKey"
+FirmwarePackageLoadReceipt	    B "1.2.840.113549.1.9.16.1.17"	"id-ct-firmwareLoadReceipt"
+FirmwarePackageLoadError		    B "1.2.840.113549.1.9.16.1.18"	"id-ct-firmwareLoadError"
+HardwareModuleName		          B "1.3.6.1.5.5.7.8.4"	          "id-on-hardwareModuleName"
+FirmwarePackageMessageDigest		B "1.2.840.113549.1.9.16.2.41"	"id-aa-fwPkgMessageDigest"
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+
+#.FIELD_RENAME
+SignerInfo/signature	signatureValue
+RecipientEncryptedKey/rid	rekRid
+EncryptedContentInfo/contentType	encryptedContentType
+AttributeCertificateV1/signature	signatureValue_v1
+AttributeCertificateV1/signatureAlgorithm	signatureAlgorithm_v1
+AttributeCertificateInfoV1/attributes	attributes_v1
+AttributeCertificateInfoV1/issuer	issuer_v1
+AttributeCertificateInfoV1/signature	signature_v1
+AttributeCertificateInfoV1/version	version_v1
+RevocationInfoChoice/other		otherRIC
+FirmwarePackageLoadReceipt/version		fwReceiptVersion
+FirmwarePackageLoadError/version		fwErrorVersion
+
+#.FN_BODY ContentInfo
+  top_tree = tree;
+  %(DEFAULT_BODY)s
+  top_tree = NULL;
+
+#.FN_PARS ContentType
+  FN_VARIANT = _str VAL_PTR = &cms_data->object_identifier_id
+
+#.FN_BODY ContentType
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+  cms_data->object_identifier_id = NULL;
+  const char *name = NULL;
+
+  %(DEFAULT_BODY)s
+
+  if(cms_data->object_identifier_id) {
+    name = oid_resolved_from_string(actx->pinfo->pool, cms_data->object_identifier_id);
+    proto_item_append_text(tree, " (%%s)", name ? name : cms_data->object_identifier_id);
+  }
+
+#.FN_BODY ContentInfo/content
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+  offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+
+#.FN_BODY EncapsulatedContentInfo/eContent
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+  cms_data->content_tvb = NULL;
+  offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &cms_data->content_tvb);
+
+  if(cms_data->content_tvb) {
+    proto_item_set_text(actx->created_item, "eContent (%%u bytes)", tvb_reported_length(cms_data->content_tvb));
+
+    call_ber_oid_callback(cms_data->object_identifier_id, cms_data->content_tvb, 0, actx->pinfo, top_tree ? top_tree : tree, NULL);
+  }
+
+#.FN_PARS OtherRecipientInfo/oriType
+  FN_VARIANT = _str  VAL_PTR = &cms_data->object_identifier_id
+
+#.FN_HDR OtherRecipientInfo/oriType
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+  cms_data->object_identifier_id = NULL;
+
+#.FN_BODY OtherRecipientInfo/oriValue
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+  offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS OtherKeyAttribute/keyAttrId
+  FN_VARIANT = _str  HF_INDEX = hf_cms_ci_contentType  VAL_PTR = &cms_data->object_identifier_id
+
+#.FN_HDR OtherKeyAttribute/keyAttrId
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+  cms_data->object_identifier_id = NULL;
+
+#.FN_BODY OtherKeyAttribute/keyAttr
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+  offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS OtherRevocationInfoFormat/otherRevInfoFormat
+  FN_VARIANT = _str  VAL_PTR = &cms_data->object_identifier_id
+
+#.FN_HDR OtherRevocationInfoFormat/otherRevInfoFormat
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+  cms_data->object_identifier_id = NULL;
+
+#.FN_BODY OtherRevocationInfoFormat/otherRevInfo
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+  offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS Attribute/attrType
+  FN_VARIANT = _str  HF_INDEX = hf_cms_attrType  VAL_PTR = &cms_data->object_identifier_id
+
+#.FN_BODY Attribute/attrType
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+  cms_data->object_identifier_id = NULL;
+  const char *name = NULL;
+
+  %(DEFAULT_BODY)s
+
+  if(cms_data->object_identifier_id) {
+    name = oid_resolved_from_string(actx->pinfo->pool, cms_data->object_identifier_id);
+    proto_item_append_text(tree, " (%%s)", name ? name : cms_data->object_identifier_id);
+  }
+
+#.FN_BODY AttributeValue
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+
+  offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_BODY MessageDigest
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+  proto_item *pi;
+  int old_offset = offset;
+
+  %(DEFAULT_BODY)s
+
+  pi = actx->created_item;
+
+  /* move past TLV */
+  old_offset = get_ber_identifier(tvb, old_offset, NULL, NULL, NULL);
+  old_offset = get_ber_length(tvb, old_offset, NULL, NULL);
+
+  if(cms_data->content_tvb)
+    cms_verify_msg_digest(pi, cms_data->content_tvb, x509af_get_last_algorithm_id(), tvb, old_offset);
+
+#.FN_PARS SMIMECapability/capability
+  FN_VARIANT = _str  HF_INDEX = hf_cms_attrType  VAL_PTR = &cms_data->object_identifier_id
+
+#.FN_BODY SMIMECapability/capability
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+  cms_data->object_identifier_id = NULL;
+  const char *name = NULL;
+
+  %(DEFAULT_BODY)s
+
+  if(cms_data->object_identifier_id) {
+    name = oid_resolved_from_string(actx->pinfo->pool, cms_data->object_identifier_id);
+    proto_item_append_text(tree, " %%s", name ? name : cms_data->object_identifier_id);
+    cap_tree = tree;
+  }
+
+#.FN_BODY SMIMECapability/parameters
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+
+  offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS RC2ParameterVersion
+  VAL_PTR = &length
+
+#.FN_BODY RC2ParameterVersion
+  guint32 length = 0;
+
+  %(DEFAULT_BODY)s
+
+  if(cap_tree != NULL)
+    proto_item_append_text(cap_tree, " (%%d bits)", length);
+
+#.FN_PARS EncryptedContent VAL_PTR = &encrypted_tvb
+
+#.FN_HDR EncryptedContent
+	tvbuff_t *encrypted_tvb;
+	proto_item *item;
+#.END
+
+#.FN_FTR EncryptedContent
+  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+
+  item = actx->created_item;
+
+  PBE_decrypt_data(cms_data->object_identifier_id, encrypted_tvb, actx->pinfo, actx, item);
+
+#.END
+
+
diff --git a/epan/dissectors/asn1/cms/packet-cms-template.c b/epan/dissectors/asn1/cms/packet-cms-template.c
new file mode 100644
index 00000000..aca1ecb0
--- /dev/null
+++ b/epan/dissectors/asn1/cms/packet-cms-template.c
@@ -0,0 +1,211 @@
+/* packet-cms.c
+ * Routines for RFC5652 Cryptographic Message Syntax packet dissection
+ *   Ronnie Sahlberg 2004
+ *   Stig Bjorlykke 2010
+ *   Uwe Heuert 2022
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include <epan/oids.h>
+#include <epan/asn1.h>
+#include <epan/proto_data.h>
+#include <wsutil/wsgcrypt.h>
+
+#include "packet-ber.h"
+#include "packet-cms.h"
+#include "packet-x509af.h"
+#include "packet-x509ce.h"
+#include "packet-x509if.h"
+#include "packet-x509sat.h"
+#include "packet-pkcs12.h"
+
+#define PNAME  "Cryptographic Message Syntax"
+#define PSNAME "CMS"
+#define PFNAME "cms"
+
+void proto_register_cms(void);
+void proto_reg_handoff_cms(void);
+
+/* Initialize the protocol and registered fields */
+static int proto_cms = -1;
+static int hf_cms_ci_contentType = -1;
+#include "packet-cms-hf.c"
+
+/* Initialize the subtree pointers */
+static gint ett_cms = -1;
+#include "packet-cms-ett.c"
+
+static dissector_handle_t cms_handle = NULL;
+
+static int dissect_cms_OCTET_STRING(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) ; /* XXX kill a compiler warning until asn2wrs stops generating these silly wrappers */
+
+struct cms_private_data {
+  const char *object_identifier_id;
+  tvbuff_t *content_tvb;
+};
+
+static proto_tree *top_tree=NULL;
+static proto_tree *cap_tree=NULL;
+
+#define HASH_SHA1 "1.3.14.3.2.26"
+
+#define HASH_MD5 "1.2.840.113549.2.5"
+
+
+/* SHA-2 variants */
+#define HASH_SHA224 "2.16.840.1.101.3.4.2.4"
+#define SHA224_BUFFER_SIZE  32 /* actually 28 */
+#define HASH_SHA256 "2.16.840.1.101.3.4.2.1"
+#define SHA256_BUFFER_SIZE  32
+
+unsigned char digest_buf[MAX(HASH_SHA1_LENGTH, HASH_MD5_LENGTH)];
+
+/*
+* Dissect CMS PDUs inside a PPDU.
+*/
+static int
+dissect_cms(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_)
+{
+	int offset = 0;
+	proto_item *item=NULL;
+	proto_tree *tree=NULL;
+	asn1_ctx_t asn1_ctx;
+	asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+
+	if(parent_tree){
+		item = proto_tree_add_item(parent_tree, proto_cms, tvb, 0, -1, ENC_NA);
+		tree = proto_item_add_subtree(item, ett_cms);
+	}
+	col_set_str(pinfo->cinfo, COL_PROTOCOL, "CMS");
+	col_clear(pinfo->cinfo, COL_INFO);
+
+	while (tvb_reported_length_remaining(tvb, offset) > 0){
+		offset=dissect_cms_ContentInfo(FALSE, tvb, offset, &asn1_ctx , tree, -1);
+	}
+	return tvb_captured_length(tvb);
+}
+
+static struct cms_private_data*
+cms_get_private_data(packet_info *pinfo)
+{
+  struct cms_private_data *cms_data = (struct cms_private_data*)p_get_proto_data(pinfo->pool, pinfo, proto_cms, 0);
+  if (!cms_data) {
+    cms_data = wmem_new0(pinfo->pool, struct cms_private_data);
+    p_add_proto_data(pinfo->pool, pinfo, proto_cms, 0, cms_data);
+  }
+  return cms_data;
+}
+
+static void
+cms_verify_msg_digest(proto_item *pi, tvbuff_t *content, const char *alg, tvbuff_t *tvb, int offset)
+{
+  int i= 0, buffer_size = 0;
+
+  /* we only support two algorithms at the moment  - if we do add SHA2
+     we should add a registration process to use a registration process */
+
+  if(strcmp(alg, HASH_SHA1) == 0) {
+    gcry_md_hash_buffer(GCRY_MD_SHA1, digest_buf, tvb_get_ptr(content, 0, tvb_captured_length(content)), tvb_captured_length(content));
+    buffer_size = HASH_SHA1_LENGTH;
+
+  } else if(strcmp(alg, HASH_MD5) == 0) {
+    gcry_md_hash_buffer(GCRY_MD_MD5, digest_buf, tvb_get_ptr(content, 0, tvb_captured_length(content)), tvb_captured_length(content));
+    buffer_size = HASH_MD5_LENGTH;
+  }
+
+  if(buffer_size) {
+    /* compare our computed hash with what we have received */
+
+    if(tvb_bytes_exist(tvb, offset, buffer_size) &&
+       (tvb_memeql(tvb, offset, digest_buf, buffer_size) != 0)) {
+      proto_item_append_text(pi, " [incorrect, should be ");
+      for(i = 0; i < buffer_size; i++)
+	proto_item_append_text(pi, "%02X", digest_buf[i]);
+
+      proto_item_append_text(pi, "]");
+    }
+    else
+      proto_item_append_text(pi, " [correct]");
+  } else {
+    proto_item_append_text(pi, " [unable to verify]");
+  }
+
+}
+
+#include "packet-cms-fn.c"
+
+/*--- proto_register_cms ----------------------------------------------*/
+void proto_register_cms(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] = {
+    { &hf_cms_ci_contentType,
+      { "contentType", "cms.contentInfo.contentType",
+        FT_OID, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+#include "packet-cms-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+	  &ett_cms,
+#include "packet-cms-ettarr.c"
+  };
+
+  /* Register protocol */
+  proto_cms = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  cms_handle = register_dissector(PFNAME, dissect_cms, proto_cms);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_cms, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+  register_ber_syntax_dissector("ContentInfo", proto_cms, dissect_ContentInfo_PDU);
+  register_ber_syntax_dissector("SignedData", proto_cms, dissect_SignedData_PDU);
+  register_ber_oid_syntax(".p7s", NULL, "ContentInfo");
+  register_ber_oid_syntax(".p7m", NULL, "ContentInfo");
+  register_ber_oid_syntax(".p7c", NULL, "ContentInfo");
+
+
+}
+
+
+/*--- proto_reg_handoff_cms -------------------------------------------*/
+void proto_reg_handoff_cms(void) {
+  dissector_handle_t content_info_handle;
+#include "packet-cms-dis-tab.c"
+
+  /* RFC 3370 [CMS-ASN} section 4.3.1 */
+  register_ber_oid_dissector("1.2.840.113549.1.9.16.3.6", dissect_ber_oid_NULL_callback, proto_cms, "id-alg-CMS3DESwrap");
+
+  oid_add_from_string("id-data","1.2.840.113549.1.7.1");
+  oid_add_from_string("id-alg-des-ede3-cbc","1.2.840.113549.3.7");
+  oid_add_from_string("id-alg-des-cbc","1.3.14.3.2.7");
+
+  oid_add_from_string("id-ct-authEnvelopedData","1.2.840.113549.1.9.16.1.23");
+  oid_add_from_string("id-aes-CBC-CMAC-128","0.4.0.127.0.7.1.3.1.1.2");
+  oid_add_from_string("id-aes-CBC-CMAC-192","0.4.0.127.0.7.1.3.1.1.3");
+  oid_add_from_string("id-aes-CBC-CMAC-256","0.4.0.127.0.7.1.3.1.1.4");
+  oid_add_from_string("ecdsaWithSHA256","1.2.840.10045.4.3.2");
+  oid_add_from_string("ecdsaWithSHA384","1.2.840.10045.4.3.3");
+  oid_add_from_string("ecdsaWithSHA512","1.2.840.10045.4.3.4");
+
+  content_info_handle = create_dissector_handle (dissect_ContentInfo_PDU, proto_cms);
+
+  dissector_add_string("media_type", "application/pkcs7-mime", content_info_handle);
+  dissector_add_string("media_type", "application/pkcs7-signature", content_info_handle);
+
+  dissector_add_string("media_type", "application/vnd.de-dke-k461-ic1+xml", content_info_handle);
+  dissector_add_string("media_type", "application/vnd.de-dke-k461-ic1+xml; encap=cms-tr03109", content_info_handle);
+  dissector_add_string("media_type", "application/vnd.de-dke-k461-ic1+xml; encap=cms-tr03109-zlib", content_info_handle);
+  dissector_add_string("media_type", "application/hgp;encap=cms", content_info_handle);
+}
diff --git a/epan/dissectors/asn1/cms/packet-cms-template.h b/epan/dissectors/asn1/cms/packet-cms-template.h
new file mode 100644
index 00000000..eb1f45fb
--- /dev/null
+++ b/epan/dissectors/asn1/cms/packet-cms-template.h
@@ -0,0 +1,20 @@
+/* packet-cms.h
+ * Routines for RFC5652 Cryptographic Message Syntax packet dissection
+ *   Ronnie Sahlberg 2004
+ *   Stig Bjorlykke 2010
+ *   Uwe Heuert 2022
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef PACKET_CMS_H
+#define PACKET_CMS_H
+
+#include "packet-cms-exp.h"
+
+#endif  /* PACKET_CMS_H */
+
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-10 20:34:10 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-10 20:34:10 +0000
commit	e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc (patch)
tree	68cb5ef9081156392f1dd62a00c6ccc1451b93df /epan/dissectors/asn1/cms
parent	Initial commit. (diff)
download	wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.tar.xz wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.zip