Adding upstream version 4.2.2.upstream/4.2.2

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-10 20:34:10 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-10 20:34:10 +0000
commit: e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc (patch)
tree: 68cb5ef9081156392f1dd62a00c6ccc1451b93df /epan/dissectors/asn1/pkcs1
parent: Initial commit. (diff)
download: wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.tar.xz
wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.zip
5 files changed, 925 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/pkcs1/CMakeLists.txt b/epan/dissectors/asn1/pkcs1/CMakeLists.txt
new file mode 100644
index 00000000..31df28c8
--- /dev/null
+++ b/epan/dissectors/asn1/pkcs1/CMakeLists.txt
@@ -0,0 +1,39 @@
+# CMakeLists.txt
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+
+set( PROTOCOL_NAME pkcs1 )
+
+set( PROTO_OPT )
+
+set( EXT_ASN_FILE_LIST
+)
+
+set( ASN_FILE_LIST
+	PKIXAlgs-2009.asn
+)
+
+set( EXTRA_DIST
+	${ASN_FILE_LIST}
+	packet-${PROTOCOL_NAME}-template.c
+	packet-${PROTOCOL_NAME}-template.h
+	${PROTOCOL_NAME}.cnf
+)
+
+set( SRC_FILES
+	${EXTRA_DIST}
+	${EXT_ASN_FILE_LIST}
+)
+
+set( A2W_FLAGS -b )
+
+set( EXTRA_CNF
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509af/x509af-exp.cnf"
+)
+
+ASN2WRS()
diff --git a/epan/dissectors/asn1/pkcs1/PKIXAlgs-2009.asn b/epan/dissectors/asn1/pkcs1/PKIXAlgs-2009.asn
new file mode 100644
index 00000000..b19dcfbf
--- /dev/null
+++ b/epan/dissectors/asn1/pkcs1/PKIXAlgs-2009.asn
@@ -0,0 +1,649 @@
+--
+-- Transcribed from RFC 5912
+--
+
+PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6)
+     internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+     id-mod-pkix1-algorithms2008-02(56) }
+     
+   DEFINITIONS EXPLICIT TAGS ::=
+   BEGIN
+   IMPORTS
+
+   PUBLIC-KEY, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, SMIME-CAPS
+   FROM AlgorithmInformation-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0)
+       id-mod-algorithmInformation-02(58)}
+
+   mda-sha224, mda-sha256, mda-sha384, mda-sha512
+   FROM PKIX1-PSS-OAEP-Algorithms-2009
+       {iso(1) identified-organization(3) dod(6) internet(1)
+       security(5) mechanisms(5) pkix(7) id-mod(0)
+       id-mod-pkix1-rsa-pkalgs-02(54)} 
+
+-- Additional IMPORT for Wireshark 
+   AlgorithmIdentifier
+   FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
+      authenticationFramework(7) 4};
+
+
+   --
+   -- Public Key (pk-) Algorithms
+   --
+
+   PublicKeys PUBLIC-KEY ::= {
+    pk-rsa  |
+    pk-dsa  |
+    pk-dh   |
+    pk-kea  |
+    pk-rsaSSA-PSS,
+    ...,
+    pk-ec   |
+    pk-ecDH |
+    pk-ecMQV
+   }
+
+   --
+   -- Signature Algorithms (sa-)
+   --
+
+   SignatureAlgs SIGNATURE-ALGORITHM ::= {
+    sa-rsaWithMD2      |
+    sa-rsaWithMD5      |
+    sa-rsaWithSHA1     |
+    sa-dsaWithSHA1     |
+    sa-ecdsaWithSHA1,
+    ..., -- Extensible
+    sa-dsaWithSHA224   |
+    sa-dsaWithSHA256   |
+    sa-ecdsaWithSHA224 |
+    sa-ecdsaWithSHA256 |
+    sa-ecdsaWithSHA384 |
+    sa-ecdsaWithSHA512,
+    ...,
+    sa-rsaSSA-PSS
+   }
+
+   --
+   -- S/MIME CAPS for algorithms in this document
+   --
+   -- For all of the algorithms laid out in this document, the
+   -- parameters field for the S/MIME capabilities is defined as
+   -- ABSENT as there are no specific values that need to be known
+   -- by the receiver for negotiation.
+
+   --
+
+   SMimeCaps SMIME-CAPS ::= {
+    sa-rsaWithMD2.&smimeCaps      |
+    sa-rsaWithMD5.&smimeCaps      |
+    sa-rsaWithSHA1.&smimeCaps     |
+    sa-dsaWithSHA1.&smimeCaps     |
+    sa-dsaWithSHA224.&smimeCaps   |
+    sa-dsaWithSHA256.&smimeCaps   |
+    sa-ecdsaWithSHA1.&smimeCaps   |
+    sa-ecdsaWithSHA224.&smimeCaps |
+    sa-ecdsaWithSHA256.&smimeCaps |
+    sa-ecdsaWithSHA384.&smimeCaps |
+    sa-ecdsaWithSHA512.&smimeCaps,
+    ... }
+
+   -- RSA PK Algorithm, Parameters, and Keys
+
+--   pk-rsa PUBLIC-KEY ::= {
+--    IDENTIFIER rsaEncryption
+--    KEY RSAPublicKey
+--    PARAMS TYPE NULL ARE absent
+    -- Private key format not in this module --
+--    CERT-KEY-USAGE {digitalSignature, nonRepudiation,
+--    keyEncipherment, dataEncipherment, keyCertSign, cRLSign}
+--   }
+
+   rsaEncryption OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+    pkcs-1(1) 1 }
+
+   RSAPublicKey ::= SEQUENCE {
+    modulus         INTEGER, -- n
+    publicExponent  INTEGER  -- e
+   }
+
+-- Wireshark additions to ensure compatibility with the original PKCS1.asn
+
+DigestInfo ::= SEQUENCE {
+     digestAlgorithm DigestAlgorithmIdentifier,
+     digest Digest 
+}
+
+DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+
+Digest ::= OCTET STRING
+
+-- End of Wireshark additions
+
+   -- DSA PK Algorithm, Parameters, and Keys
+
+--   pk-dsa PUBLIC-KEY ::= {
+--    IDENTIFIER id-dsa
+--    KEY DSAPublicKey
+--    PARAMS TYPE DSA-Params ARE inheritable
+    -- Private key format not in this module --
+--    CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyCertSign,
+--                        cRLSign }
+--   }
+
+   id-dsa OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
+
+   DSA-Params ::= SEQUENCE {
+    p  INTEGER,
+    q  INTEGER,
+    g  INTEGER
+   }
+
+   DSAPublicKey ::= INTEGER --  public key, y
+
+   -- Diffie-Hellman PK Algorithm, Parameters, and Keys
+
+--   pk-dh PUBLIC-KEY ::= {
+--    IDENTIFIER dhpublicnumber
+--    KEY DHPublicKey
+--    PARAMS TYPE DomainParameters ARE inheritable
+    -- Private key format not in this module --
+--    CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly }
+--   }
+
+   dhpublicnumber OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-x942(10046)
+    number-type(2) 1 }
+
+   DomainParameters ::= SEQUENCE {
+    p                INTEGER,           -- odd prime, p=jq +1
+    g                INTEGER,           -- generator, g
+    q                INTEGER,           -- factor of p-1
+    j                INTEGER OPTIONAL,  -- subgroup factor, j>= 2
+    validationParams  ValidationParams OPTIONAL
+   }
+
+   ValidationParams ::= SEQUENCE {
+    seed         BIT STRING,
+    pgenCounter  INTEGER
+   }
+
+   DHPublicKey ::= INTEGER  -- public key, y = g^x mod p
+
+   -- KEA PK Algorithm and Parameters
+
+--   pk-kea PUBLIC-KEY ::= {
+--    IDENTIFIER id-keyExchangeAlgorithm
+    -- key is not encoded --
+--    PARAMS TYPE KEA-Params-Id ARE required
+    -- Private key format not in this module --
+--    CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly }
+--   }
+
+   id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= {
+       joint-iso-itu-t(2) country(16) us(840) organization(1)
+       gov(101) dod(2) infosec(1) algorithms(1) 22 }
+
+   KEA-Params-Id ::= OCTET STRING
+
+   -- RSASSA-PSS (RFC 4055)
+
+--   pk-rsaSSA-PSS PUBLIC-KEY ::= {
+--      IDENTIFIER id-RSASSA-PSS
+--      KEY RSAPublicKey
+--      PARAMS TYPE RSASSA-PSS-params ARE optional
+--      CERT-KEY-USAGE { nonRepudiation, digitalSignature, keyCertSign, cRLSign }
+--   }
+
+   id-mgf1  OBJECT IDENTIFIER  ::=  {
+       iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+       pkcs-1(1) 8 }
+
+   id-RSASSA-PSS OBJECT IDENTIFIER ::= {
+       iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+       pkcs-1(1) 10 }
+
+    HashAlgorithm  ::=  AlgorithmIdentifier{DIGEST-ALGORITHM,
+                           {HashAlgorithms}}
+
+    HashAlgorithms DIGEST-ALGORITHM ::=  {
+       { IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent },
+       ...
+    }
+
+    -- sha1Identifier AlgorithmIdentifier ::= {
+       -- algorithmId id-sha1,
+       -- parameters NULL
+    -- }
+
+    MaskGenAlgorithm ::= AlgorithmIdentifier{ALGORITHM,
+                            {PKCS1MGFAlgorithms}}
+
+    -- mgf1SHA1 MaskGenAlgorithm ::= {
+       -- algorithmId id-mgf1,
+       -- parameters HashAlgorithm : sha1Identifier
+    -- }
+
+    PKCS1MGFAlgorithms ALGORITHM ::= {
+       { IDENTIFIER id-mgf1 PARAMS TYPE HashAlgorithm ARE required },
+       ...
+    }
+
+    -- AlgorithmIdentifier parameters for id-RSASSA-PSS.
+    -- Note that the tags in this Sequence are explicit.
+    -- Note: The hash algorithm in hashAlgorithm and in
+    -- maskGenAlgorithm should be the same.
+
+    RSASSA-PSS-params  ::=  SEQUENCE  {
+       hashAlgorithm     [0] HashAlgorithm DEFAULT sha1Identifier,
+       maskGenAlgorithm  [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
+       saltLength        [2] INTEGER DEFAULT 20,
+       trailerField      [3] INTEGER DEFAULT 1
+    }
+
+
+   -- Elliptic Curve (EC) Signatures: Unrestricted Algorithms
+   --  (Section 2.1.1 of RFC 5480)
+   --
+   -- EC Unrestricted Algorithm ID -- -- this is used for ECDSA
+
+--   pk-ec PUBLIC-KEY ::= {
+--    IDENTIFIER id-ecPublicKey
+--    KEY ECPoint
+--    PARAMS TYPE ECParameters ARE required
+    -- Private key format not in this module --
+--    CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyAgreement,
+--                         keyCertSign, cRLSign }
+--   }
+
+   ECPoint ::= OCTET STRING -- see RFC 5480 for syntax and restrictions
+
+   id-ecPublicKey OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
+
+   -- Elliptic Curve (EC) Signatures: Restricted Algorithms
+   --  (Section 2.1.2 of RFC 5480)
+   --
+   -- EC Diffie-Hellman Algorithm ID
+
+--   pk-ecDH PUBLIC-KEY ::= {
+--    IDENTIFIER id-ecDH
+--    KEY ECPoint
+--    PARAMS TYPE ECParameters ARE required
+    -- Private key format not in this module --
+--    CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly }
+--   }
+
+   id-ecDH OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) schemes(1)
+    ecdh(12) }
+
+   -- EC Menezes-Qu-Vanstone Algorithm ID
+
+--   pk-ecMQV PUBLIC-KEY ::= {
+--    IDENTIFIER id-ecMQV
+--    KEY ECPoint
+--    PARAMS TYPE ECParameters ARE required
+    -- Private key format not in this module --
+--    CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly }
+--   }
+
+   id-ecMQV OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) schemes(1)
+    ecmqv(13) }
+
+   -- Parameters and Keys for both Restricted and Unrestricted EC
+
+   ECParameters ::= CHOICE {
+    specifiedCurve  SpecifiedECDomain,  -- From RFC 3279 / SEC 1
+    namedCurve      OBJECT IDENTIFIER
+    -- implicitlyCA    NULL
+
+    -- Wireshark note: the PKIXAlgs-2009 module from RFC 5912 only allows
+    -- namedCurve to be used. This ECParameters type is however a subset of
+    -- the type defined in X9.62 and RFC 3279 which additionally defines
+    -- 'specified' and 'implicitlyCA'. Since the explicitly specified curve
+    -- parameters were spotted in the wild as part of exploiting CVE-2020-0601,
+    -- we will include it here anyway. We do not include implicitlyCA, it does
+    -- not appear to be supported by OpenSSL, unlike the other two fields.
+   }
+    (WITH COMPONENTS {namedCurve PRESENT})
+
+   -- ECParameters from RFC 3279, but renamed to SpecifiedECDomain (RFC 5480).
+   -- Adapted from https://tools.ietf.org/html/rfc3279#page-14
+
+   SpecifiedECDomain ::= SEQUENCE {
+      version   ECPVer,          -- version is always 1
+      fieldID   FieldID,         -- identifies the finite field over
+                                 -- which the curve is defined
+      curve     Curve,           -- coefficients a and b of the
+                                 -- elliptic curve
+      base      ECPoint,         -- specifies the base point P
+                                 -- on the elliptic curve
+      order     INTEGER,         -- the order n of the base point
+      cofactor  INTEGER OPTIONAL -- The integer h = #E(Fq)/n
+      }
+
+   ECPVer ::= INTEGER {ecpVer1(1)}
+
+   FieldID ::= SEQUENCE {
+      fieldType   OBJECT IDENTIFIER,
+      parameters  ANY DEFINED BY fieldType }
+
+   Curve ::= SEQUENCE {
+      a         FieldElement,
+      b         FieldElement,
+      seed      BIT STRING OPTIONAL }
+
+   FieldElement ::= OCTET STRING
+
+   -- FieldID.parameters definitions, OIDs are listed in pkcs1.cnf
+   -- https://tools.ietf.org/html/rfc3279#page-21
+
+   Prime-p ::= INTEGER -- Finite field F(p), where p is an odd prime
+
+   -- Sec 2.1.1.1 Named Curve
+
+   CURVE ::= CLASS { &id OBJECT IDENTIFIER UNIQUE }
+    WITH SYNTAX { ID &id }
+
+   NamedCurve CURVE ::= {
+   { ID secp192r1 } | { ID sect163k1 } | { ID sect163r2 } |
+   { ID secp224r1 } | { ID sect233k1 } | { ID sect233r1 } |
+   { ID secp256r1 } | { ID sect283k1 } | { ID sect283r1 } |
+   { ID secp384r1 } | { ID sect409k1 } | { ID sect409r1 } |
+   { ID secp521r1 } | { ID sect571k1 } | { ID sect571r1 },
+   ... -- Extensible
+   }
+
+   -- Note in [X9.62] the curves are referred to as 'ansiX9' as
+   -- opposed to 'sec'.  For example, secp192r1 is the same curve as
+   -- ansix9p192r1.
+
+   -- Note that in [PKI-ALG] the secp192r1 curve was referred to as
+   -- prime192v1 and the secp256r1 curve was referred to as
+   -- prime256v1.
+
+   -- Note that [FIPS186-3] refers to secp192r1 as P-192,
+   -- secp224r1 as P-224, secp256r1 as P-256, secp384r1 as P-384,
+   -- and secp521r1 as P-521.
+
+   secp192r1 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
+    prime(1) 1 }
+
+   sect163k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 1 }
+
+   sect163r2 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 15 }
+
+   secp224r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 33 }
+
+   sect233k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 26 }
+
+   sect233r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 27 }
+
+   secp256r1 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
+    prime(1) 7 }
+
+   sect283k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 16 }
+
+   sect283r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 17 }
+
+   secp384r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 34 }
+
+   sect409k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 36 }
+
+   sect409r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 37 }
+
+   secp521r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 35 }
+
+   sect571k1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 38 }
+
+   sect571r1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) certicom(132) curve(0) 39 }
+
+   -- RSA with MD-2
+
+--   sa-rsaWithMD2 SIGNATURE-ALGORITHM ::= {
+--    IDENTIFIER md2WithRSAEncryption
+--    PARAMS TYPE NULL ARE required
+--    HASHES { mda-md2 }
+--    PUBLIC-KEYS { pk-rsa }
+--    SMIME-CAPS { IDENTIFIED BY md2WithRSAEncryption }
+--   }
+
+   md2WithRSAEncryption OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+    pkcs-1(1) 2 }
+
+   -- RSA with MD-5
+
+--   sa-rsaWithMD5 SIGNATURE-ALGORITHM ::= {
+--    IDENTIFIER md5WithRSAEncryption
+--    PARAMS TYPE NULL ARE required
+--    HASHES { mda-md5 }
+--    PUBLIC-KEYS { pk-rsa }
+--    SMIME-CAPS { IDENTIFIED BY md5WithRSAEncryption }
+--   }
+
+   md5WithRSAEncryption OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+    pkcs-1(1) 4 }
+
+   -- RSA with SHA-1
+
+--   sa-rsaWithSHA1 SIGNATURE-ALGORITHM ::= {
+--    IDENTIFIER sha1WithRSAEncryption
+--    PARAMS TYPE NULL ARE required
+--    HASHES { mda-sha1 }
+--    PUBLIC-KEYS { pk-rsa }
+--    SMIME-CAPS {IDENTIFIED BY sha1WithRSAEncryption }
+--   }
+
+   sha1WithRSAEncryption OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+    pkcs-1(1) 5 }
+
+   -- DSA with SHA-1
+
+--   sa-dsaWithSHA1 SIGNATURE-ALGORITHM ::= {
+--    IDENTIFIER dsa-with-sha1
+--    VALUE DSA-Sig-Value
+--    PARAMS TYPE NULL ARE absent
+--    HASHES { mda-sha1 }
+--    PUBLIC-KEYS { pk-dsa }
+--    SMIME-CAPS { IDENTIFIED BY dsa-with-sha1 }
+--   }
+
+   dsa-with-sha1 OBJECT IDENTIFIER ::=  {
+    iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 3 }
+
+   -- DSA with SHA-224
+
+--   sa-dsaWithSHA224 SIGNATURE-ALGORITHM ::= {
+--    IDENTIFIER dsa-with-sha224
+--    VALUE DSA-Sig-Value
+--    PARAMS TYPE NULL ARE absent
+--    HASHES { mda-sha224 }
+--    PUBLIC-KEYS { pk-dsa }
+--    SMIME-CAPS { IDENTIFIED BY dsa-with-sha224 }
+--   }
+
+   dsa-with-sha224 OBJECT IDENTIFIER  ::=  {
+    joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
+    csor(3) algorithms(4) id-dsa-with-sha2(3) 1 }
+
+   -- DSA with SHA-256
+
+--   sa-dsaWithSHA256 SIGNATURE-ALGORITHM ::= {
+--    IDENTIFIER dsa-with-sha256
+--    VALUE DSA-Sig-Value
+--    PARAMS TYPE NULL ARE absent
+--    HASHES { mda-sha256 }
+--    PUBLIC-KEYS { pk-dsa }
+--    SMIME-CAPS { IDENTIFIED BY dsa-with-sha256 }
+--   }
+
+   dsa-with-sha256 OBJECT IDENTIFIER  ::=  {
+    joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
+    csor(3) algorithms(4) id-dsa-with-sha2(3) 2 }
+
+   -- ECDSA with SHA-1
+
+--   sa-ecdsaWithSHA1 SIGNATURE-ALGORITHM ::= {
+--    IDENTIFIER ecdsa-with-SHA1
+--    VALUE ECDSA-Sig-Value
+--    PARAMS TYPE NULL ARE absent
+--    HASHES { mda-sha1 }
+--    PUBLIC-KEYS { pk-ec }
+--    SMIME-CAPS {IDENTIFIED BY ecdsa-with-SHA1 }
+--   }
+
+   ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045)
+    signatures(4) 1 }
+
+   -- ECDSA with SHA-224
+
+--   sa-ecdsaWithSHA224 SIGNATURE-ALGORITHM ::= {
+--    IDENTIFIER ecdsa-with-SHA224
+--    VALUE ECDSA-Sig-Value
+--    PARAMS TYPE NULL ARE absent
+--    HASHES { mda-sha224 }
+--    PUBLIC-KEYS { pk-ec }
+--    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA224 }
+--   }
+
+   ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+    ecdsa-with-SHA2(3) 1 }
+
+   -- ECDSA with SHA-256
+
+--   sa-ecdsaWithSHA256 SIGNATURE-ALGORITHM ::= {
+--    IDENTIFIER ecdsa-with-SHA256
+--    VALUE ECDSA-Sig-Value
+--    PARAMS TYPE NULL ARE absent
+--    HASHES { mda-sha256 }
+--    PUBLIC-KEYS { pk-ec }
+--    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA256 }
+--   }
+
+   ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+    ecdsa-with-SHA2(3) 2 }
+
+   -- ECDSA with SHA-384
+
+--   sa-ecdsaWithSHA384 SIGNATURE-ALGORITHM ::= {
+--    IDENTIFIER ecdsa-with-SHA384
+--    VALUE ECDSA-Sig-Value
+--    PARAMS TYPE NULL ARE absent
+--    HASHES { mda-sha384 }
+--    PUBLIC-KEYS { pk-ec }
+--    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA384 }
+--   }
+
+   ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+    ecdsa-with-SHA2(3) 3 }
+
+   -- ECDSA with SHA-512
+
+--   sa-ecdsaWithSHA512 SIGNATURE-ALGORITHM ::= {
+--    IDENTIFIER ecdsa-with-SHA512
+--    VALUE ECDSA-Sig-Value
+--    PARAMS TYPE NULL ARE absent
+--    HASHES { mda-sha512 }
+--    PUBLIC-KEYS { pk-ec }
+--    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA512 }
+--   }
+
+   ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+    ecdsa-with-SHA2(3) 4 }
+
+   --
+   -- Signature Values
+   --
+
+   -- DSA
+
+   DSA-Sig-Value ::= SEQUENCE {
+    r  INTEGER,
+    s  INTEGER
+   }
+
+   -- ECDSA
+
+   ECDSA-Sig-Value ::= SEQUENCE {
+    r  INTEGER,
+    s  INTEGER
+   }
+
+   --
+   -- Message Digest Algorithms (mda-)
+   --
+
+   HashAlgs DIGEST-ALGORITHM ::= {
+    mda-md2    |
+    mda-md5    |
+    mda-sha1,
+    ... -- Extensible
+   }
+   -- MD-2
+
+--   mda-md2 DIGEST-ALGORITHM ::= {
+--    IDENTIFIER id-md2
+--    PARAMS TYPE NULL ARE preferredAbsent
+--   }
+
+   id-md2  OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549)
+    digestAlgorithm(2) 2 }
+
+   -- MD-5
+
+--   mda-md5 DIGEST-ALGORITHM ::= {
+--    IDENTIFIER id-md5
+--    PARAMS TYPE NULL ARE preferredAbsent
+--   }
+
+   id-md5  OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549)
+    digestAlgorithm(2) 5 }
+
+   -- SHA-1
+
+--   mda-sha1 DIGEST-ALGORITHM ::= {
+--    IDENTIFIER id-sha1
+--    PARAMS TYPE NULL ARE preferredAbsent
+--   }
+
+   id-sha1 OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) oiw(14) secsig(3)
+    algorithm(2) 26 }
+
+   -- SHA-2 family (from RFC 3447)
+
+   id-sha256    OBJECT IDENTIFIER ::= {
+    joint-iso-itu-t(2) country(16) us(840) organization(1)
+    gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 }
+
+   END
diff --git a/epan/dissectors/asn1/pkcs1/packet-pkcs1-template.c b/epan/dissectors/asn1/pkcs1/packet-pkcs1-template.c
new file mode 100644
index 00000000..4254adb2
--- /dev/null
+++ b/epan/dissectors/asn1/pkcs1/packet-pkcs1-template.c
@@ -0,0 +1,174 @@
+/* packet-pkcs1.c
+ * Routines for PKCS#1/RFC2313 packet dissection
+ *  Ronnie Sahlberg 2004
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include <epan/oids.h>
+#include <epan/asn1.h>
+
+#include "packet-ber.h"
+#include "packet-pkcs1.h"
+#include "packet-x509af.h"
+
+#define PNAME  "PKCS#1"
+#define PSNAME "PKCS-1"
+#define PFNAME "pkcs-1"
+
+void proto_register_pkcs1(void);
+void proto_reg_handoff_pkcs1(void);
+
+/* Initialize the protocol and registered fields */
+static int proto_pkcs1 = -1;
+#include "packet-pkcs1-hf.c"
+
+/* Initialize the subtree pointers */
+#include "packet-pkcs1-ett.c"
+
+#include "packet-pkcs1-fn.c"
+
+/*--- proto_register_pkcs1 ----------------------------------------------*/
+void proto_register_pkcs1(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] = {
+#include "packet-pkcs1-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+#include "packet-pkcs1-ettarr.c"
+  };
+
+  /* Register protocol */
+  proto_pkcs1 = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_pkcs1, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+}
+
+
+/*--- proto_reg_handoff_pkcs1 -------------------------------------------*/
+void proto_reg_handoff_pkcs1(void) {
+#include "packet-pkcs1-dis-tab.c"
+
+	register_ber_oid_dissector("1.2.840.113549.2.2", dissect_ber_oid_NULL_callback, proto_pkcs1, "md2");
+	register_ber_oid_dissector("1.2.840.113549.2.4", dissect_ber_oid_NULL_callback, proto_pkcs1, "md4");
+	register_ber_oid_dissector("1.2.840.113549.2.5", dissect_ber_oid_NULL_callback, proto_pkcs1, "md5");
+
+	register_ber_oid_dissector("1.2.840.113549.1.1.1", dissect_ber_oid_NULL_callback, proto_pkcs1, "rsaEncryption");
+	register_ber_oid_dissector("1.2.840.113549.1.1.2", dissect_ber_oid_NULL_callback, proto_pkcs1, "md2WithRSAEncryption");
+	register_ber_oid_dissector("1.2.840.113549.1.1.3", dissect_ber_oid_NULL_callback, proto_pkcs1, "md4WithRSAEncryption");
+	register_ber_oid_dissector("1.2.840.113549.1.1.4", dissect_ber_oid_NULL_callback, proto_pkcs1, "md5WithRSAEncryption");
+
+
+	/* these two are not from RFC2313  but pulled in from
+ 	   http://www.alvestrand.no/objectid/1.2.840.113549.1.1.html
+	*/
+	register_ber_oid_dissector("1.2.840.113549.1.1.5", dissect_ber_oid_NULL_callback, proto_pkcs1, "sha1WithRSAEncryption");
+	register_ber_oid_dissector("1.2.840.113549.1.1.6", dissect_ber_oid_NULL_callback, proto_pkcs1, "rsaOAEPEncryptionSET");
+
+	/* these sha2 algorithms are from RFC3447 */
+	register_ber_oid_dissector("1.2.840.113549.1.1.11", dissect_ber_oid_NULL_callback, proto_pkcs1, "sha256WithRSAEncryption");
+	register_ber_oid_dissector("1.2.840.113549.1.1.12", dissect_ber_oid_NULL_callback, proto_pkcs1, "sha384WithRSAEncryption");
+	register_ber_oid_dissector("1.2.840.113549.1.1.13", dissect_ber_oid_NULL_callback, proto_pkcs1, "sha512WithRSAEncryption");
+	register_ber_oid_dissector("1.2.840.113549.1.1.14", dissect_ber_oid_NULL_callback, proto_pkcs1, "sha224WithRSAEncryption");
+
+	/* ECDSA SHA-1 algorithm from RFC 3279 */
+	register_ber_oid_dissector("1.2.840.10045.4.1", dissect_ber_oid_NULL_callback, proto_pkcs1, "ecdsa-with-SHA1");
+
+	/* SM2-with-SM3 from GM/T 0006 Cryptographic application identifier criterion specification */
+	register_ber_oid_dissector("1.2.156.10197.1.501", dissect_ber_oid_NULL_callback, proto_pkcs1, "SM2-with-SM3");
+
+	/* ECDSA SHA2 algorithms from X9.62, RFC5480, RFC 5758, RFC 5912 */
+	register_ber_oid_dissector("1.2.840.10045.4.3.1", dissect_ber_oid_NULL_callback, proto_pkcs1, "ecdsa-with-SHA224");
+	register_ber_oid_dissector("1.2.840.10045.4.3.2", dissect_ber_oid_NULL_callback, proto_pkcs1, "ecdsa-with-SHA256");
+	register_ber_oid_dissector("1.2.840.10045.4.3.3", dissect_ber_oid_NULL_callback, proto_pkcs1, "ecdsa-with-SHA384");
+	register_ber_oid_dissector("1.2.840.10045.4.3.4", dissect_ber_oid_NULL_callback, proto_pkcs1, "ecdsa-with-SHA512");
+
+	/* DSA SHA2 algorithms from FIPS186-3, RFC5480, RFC 5758, RFC 5912 */
+	register_ber_oid_dissector("2.16.840.1.101.3.4.3.1", dissect_ber_oid_NULL_callback, proto_pkcs1, "id-dsa-with-sha224");
+	register_ber_oid_dissector("2.16.840.1.101.3.4.3.2", dissect_ber_oid_NULL_callback, proto_pkcs1, "id-dsa-with-sha256");
+
+	oid_add_from_string("secp192r1","1.2.840.10045.3.1.1");
+	oid_add_from_string("sect163k1","1.3.132.0.1");
+	oid_add_from_string("sect163r2","1.3.132.0.15");
+	oid_add_from_string("secp224r1","1.3.132.0.33");
+	oid_add_from_string("sect233k1","1.3.132.0.26");
+	oid_add_from_string("sect233r1","1.3.132.0.27");
+	oid_add_from_string("secp256r1","1.2.840.10045.3.1.7");
+	oid_add_from_string("sect283k1","1.3.132.0.16");
+	oid_add_from_string("sect283r1","1.3.132.0.17");
+	oid_add_from_string("secp384r1","1.3.132.0.34");
+	oid_add_from_string("sect409k1","1.3.132.0.36");
+	oid_add_from_string("sect409r1","1.3.132.0.37");
+	oid_add_from_string("secp521r1","1.3.132.0.35");
+	oid_add_from_string("sect571k1","1.3.132.0.38");
+	oid_add_from_string("sect571r1","1.3.132.0.39");
+
+	/* SM2 from GM/T 0006 Cryptographic application identifier criterion specification */
+	oid_add_from_string("sm2","1.2.156.10197.1.301");
+
+	/* sha2 family, see RFC3447 and http://www.oid-info.com/get/2.16.840.1.101.3.4.2 */
+	oid_add_from_string("sha256", "2.16.840.1.101.3.4.2.1");
+	oid_add_from_string("sha384", "2.16.840.1.101.3.4.2.2");
+	oid_add_from_string("sha512", "2.16.840.1.101.3.4.2.3");
+	oid_add_from_string("sha224", "2.16.840.1.101.3.4.2.4");
+
+	/* SM3 from GM/T 0006 Cryptographic application identifier criterion specification */
+	oid_add_from_string("sm3","1.2.156.10197.1.401");
+
+	/* PQC digital signature algorithms from OQS-OpenSSL,
+		see https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/oqs-template/oqs-sig-info.md */
+	oid_add_from_string("dilithium2", "1.3.6.1.4.1.2.267.7.4.4");
+	oid_add_from_string("p256_dilithium2", "1.3.9999.2.7.1");
+	oid_add_from_string("rsa3072_dilithium2", "1.3.9999.2.7.2");
+	oid_add_from_string("dilithium3", "1.3.6.1.4.1.2.267.7.6.5");
+	oid_add_from_string("p384_dilithium3", "1.3.9999.2.7.3");
+	oid_add_from_string("dilithium5", "1.3.6.1.4.1.2.267.7.8.7");
+	oid_add_from_string("p521_dilithium5", "1.3.9999.2.7.4");
+	oid_add_from_string("dilithium2_aes", "1.3.6.1.4.1.2.267.11.4.4");
+	oid_add_from_string("p256_dilithium2_aes", "1.3.9999.2.11.1");
+	oid_add_from_string("rsa3072_dilithium2_aes", "1.3.9999.2.11.2");
+	oid_add_from_string("dilithium3_aes", "1.3.6.1.4.1.2.267.11.6.5");
+	oid_add_from_string("p384_dilithium3_aes", "1.3.9999.2.11.3");
+	oid_add_from_string("dilithium5_aes", "1.3.6.1.4.1.2.267.11.8.7");
+	oid_add_from_string("p521_dilithium5_aes", "1.3.9999.2.11.4");
+	oid_add_from_string("falcon512", "1.3.9999.3.1");
+	oid_add_from_string("p256_falcon512", "1.3.9999.3.2");
+	oid_add_from_string("rsa3072_falcon512", "1.3.9999.3.3");
+	oid_add_from_string("falcon1024", "1.3.9999.3.4");
+	oid_add_from_string("p521_falcon1024", "1.3.9999.3.5");
+	oid_add_from_string("picnicl1full", "1.3.6.1.4.1.311.89.2.1.7");
+	oid_add_from_string("p256_picnicl1full", "1.3.6.1.4.1.311.89.2.1.8");
+	oid_add_from_string("rsa3072_picnicl1full", "1.3.6.1.4.1.311.89.2.1.9");
+	oid_add_from_string("picnic3l1", "1.3.6.1.4.1.311.89.2.1.21");
+	oid_add_from_string("p256_picnic3l1", "1.3.6.1.4.1.311.89.2.1.22");
+	oid_add_from_string("rsa3072_picnic3l1", "1.3.6.1.4.1.311.89.2.1.23");
+	oid_add_from_string("rainbowIclassic", "1.3.9999.5.1.1.1");
+	oid_add_from_string("p256_rainbowIclassic", "1.3.9999.5.1.2.1");
+	oid_add_from_string("rsa3072_rainbowIclassic", "1.3.9999.5.1.3.1");
+	oid_add_from_string("rainbowVclassic", "1.3.9999.5.3.1.1");
+	oid_add_from_string("p521_rainbowVclassic", "1.3.9999.5.3.2.1");
+	oid_add_from_string("sphincsharaka128frobust", "1.3.9999.6.1.1");
+	oid_add_from_string("p256_sphincsharaka128frobust", "1.3.9999.6.1.2");
+	oid_add_from_string("rsa3072_sphincsharaka128frobust", "1.3.9999.6.1.3");
+	oid_add_from_string("sphincssha256128frobust", "1.3.9999.6.4.1");
+	oid_add_from_string("p256_sphincssha256128frobust", "1.3.9999.6.4.2");
+	oid_add_from_string("rsa3072_sphincssha256128frobust", "1.3.9999.6.4.3");
+	oid_add_from_string("sphincsshake256128frobust", "1.3.9999.6.7.1");
+	oid_add_from_string("p256_sphincsshake256128frobust", "1.3.9999.6.7.2");
+	oid_add_from_string("rsa3072_sphincsshake256128frobust", "1.3.9999.6.7.3");
+
+}
+
diff --git a/epan/dissectors/asn1/pkcs1/packet-pkcs1-template.h b/epan/dissectors/asn1/pkcs1/packet-pkcs1-template.h
new file mode 100644
index 00000000..c93ccfe1
--- /dev/null
+++ b/epan/dissectors/asn1/pkcs1/packet-pkcs1-template.h
@@ -0,0 +1,18 @@
+/* packet-pkcs1.h
+ * Routines for PKCS#1/RFC2313 packet dissection
+ *  Ronnie Sahlberg 2004
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef PACKET_PKCS1_H
+#define PACKET_PKCS1_H
+
+#include "packet-pkcs1-exp.h"
+
+#endif  /* PACKET_PKCS1_H */
+
diff --git a/epan/dissectors/asn1/pkcs1/pkcs1.cnf b/epan/dissectors/asn1/pkcs1/pkcs1.cnf
new file mode 100644
index 00000000..55622890
--- /dev/null
+++ b/epan/dissectors/asn1/pkcs1/pkcs1.cnf
@@ -0,0 +1,45 @@
+# pkcs1.cnf
+# PKCS#1 conformation file
+
+#.IMPORT ../x509af/x509af-exp.cnf
+
+#.EXPORTS
+
+RSAPublicKey
+DigestInfo
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+
+#.FIELD_RENAME
+
+#.FN_PARS FieldID/fieldType
+  FN_VARIANT = _str  VAL_PTR = &actx->external.direct_reference
+
+#.FN_BODY FieldID/parameters
+  offset = call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
+
+#.REGISTER
+DSA-Params B "1.2.840.10040.4.1" "id-dsa"
+DomainParameters B "1.2.840.10046.2.1" "dhpublicnumber"
+KEA-Params-Id B "2.16.840.1.101.2.1.1.22" "id-keyExchangeAlgorithm"
+ECParameters B "1.2.840.10045.2.1" "id-ecPublicKey"
+ECParameters B "1.3.132.1.12" "id-ecDH"
+ECParameters B "1.2.840.10045.2.13" "id-ecMQV"
+RSASSA-PSS-params B "1.2.840.113549.1.1.10" "id-RSASSA-PSS"
+HashAlgorithm B "1.2.840.113549.1.1.8" "id-mgf1"
+Prime-p B "1.2.840.10045.1.1" "prime-field"
+
+#.NO_EMIT
+DSAPublicKey
+DHPublicKey
+DSA-Sig-Value
+ECDSA-Sig-Value
+
+#.TYPE_ATTR
+RSAPublicKey/modulus TYPE = FT_BYTES  DISPLAY = BASE_NONE
+
+#.END
+
+
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-10 20:34:10 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-10 20:34:10 +0000
commit	e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc (patch)
tree	68cb5ef9081156392f1dd62a00c6ccc1451b93df /epan/dissectors/asn1/pkcs1
parent	Initial commit. (diff)
download	wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.tar.xz wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.zip