summaryrefslogtreecommitdiffstats
path: root/epan/dissectors/asn1/cms
diff options
context:
space:
mode:
Diffstat (limited to 'epan/dissectors/asn1/cms')
-rw-r--r--epan/dissectors/asn1/cms/AttributeCertificateVersion1.asn51
-rw-r--r--epan/dissectors/asn1/cms/CMSFirmwareWrapper.asn220
-rw-r--r--epan/dissectors/asn1/cms/CMakeLists.txt52
-rw-r--r--epan/dissectors/asn1/cms/CryptographicMessageSyntax.asn485
-rw-r--r--epan/dissectors/asn1/cms/cms.cnf293
-rw-r--r--epan/dissectors/asn1/cms/packet-cms-template.c211
-rw-r--r--epan/dissectors/asn1/cms/packet-cms-template.h20
7 files changed, 1332 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/cms/AttributeCertificateVersion1.asn b/epan/dissectors/asn1/cms/AttributeCertificateVersion1.asn
new file mode 100644
index 00000000..1187616e
--- /dev/null
+++ b/epan/dissectors/asn1/cms/AttributeCertificateVersion1.asn
@@ -0,0 +1,51 @@
+-- Extracted from RFC5652
+AttributeCertificateVersion1
+ { iso(1) member-body(2) us(840) rsadsi(113549)
+ pkcs(1) pkcs-9(9) smime(16) modules(0) v1AttrCert(15) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+-- EXPORTS All
+
+IMPORTS
+ -- Directory Authentication Framework (X.509)
+ AttCertValidityPeriod, Extensions, IssuerSerial
+ FROM AuthenticationFramework { joint-iso-itu-t ds(5)
+ module(1) authenticationFramework(7) 3 }
+
+ GeneralNames
+ FROM CertificateExtensions { joint-iso-ccitt ds(5)
+ module(1) certificateExtensions(26) 0 }
+
+ UniqueIdentifier
+ FROM SelectedAttributeTypes { joint-iso-itu-t ds(5) module(1)
+ selectedAttributeTypes(5) 3 };
+
+
+-- Definition extracted from X.509-1997 [X.509-97], but
+-- different type names are used to avoid collisions.
+
+AttributeCertificateV1 ::= SEQUENCE {
+ acInfo AttributeCertificateInfoV1,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING }
+
+AttributeCertificateInfoV1 ::= SEQUENCE {
+ version AttCertVersionV1 DEFAULT v1,
+ subject CHOICE {
+ baseCertificateID [0] IssuerSerial,
+ -- associated with a Public Key Certificate
+ subjectName [1] GeneralNames },
+ -- associated with a name
+ issuer GeneralNames,
+ signature AlgorithmIdentifier,
+ serialNumber CertificateSerialNumber,
+ attCertValidityPeriod AttCertValidityPeriod,
+ attributes SEQUENCE OF Attribute,
+ issuerUniqueID UniqueIdentifier OPTIONAL,
+ extensions Extensions OPTIONAL }
+
+AttCertVersionV1 ::= INTEGER { v1(0) }
+
+END -- of AttributeCertificateVersion1
diff --git a/epan/dissectors/asn1/cms/CMSFirmwareWrapper.asn b/epan/dissectors/asn1/cms/CMSFirmwareWrapper.asn
new file mode 100644
index 00000000..7842d648
--- /dev/null
+++ b/epan/dissectors/asn1/cms/CMSFirmwareWrapper.asn
@@ -0,0 +1,220 @@
+-- Verbatim copy of Appendix A of RFC 4108 followed by Errata ID 4093
+
+CMSFirmwareWrapper
+ { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+ pkcs-9(9) smime(16) modules(0) cms-firmware-wrap(22) }
+
+DEFINITIONS IMPLICIT TAGS ::= BEGIN
+
+IMPORTS
+ EnvelopedData
+ FROM CryptographicMessageSyntax -- [CMS]
+ { iso(1) member-body(2) us(840) rsadsi(113549)
+ pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) };
+
+
+-- Firmware Package Content Type and Object Identifier
+
+id-ct-firmwarePackage OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+ smime(16) ct(1) 16 }
+
+FirmwarePkgData ::= OCTET STRING
+
+
+-- Firmware Package Signed Attributes and Object Identifiers
+
+id-aa-firmwarePackageID OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+ smime(16) aa(2) 35 }
+
+FirmwarePackageIdentifier ::= SEQUENCE {
+ name PreferredOrLegacyPackageIdentifier,
+ stale PreferredOrLegacyStalePackageIdentifier OPTIONAL }
+
+PreferredOrLegacyPackageIdentifier ::= CHOICE {
+ preferred PreferredPackageIdentifier,
+ legacy OCTET STRING }
+
+PreferredPackageIdentifier ::= SEQUENCE {
+ fwPkgID OBJECT IDENTIFIER,
+ verNum INTEGER (0..MAX) }
+
+PreferredOrLegacyStalePackageIdentifier ::= CHOICE {
+ preferredStaleVerNum INTEGER (0..MAX),
+ legacyStaleVersion OCTET STRING }
+
+
+id-aa-targetHardwareIDs OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+ smime(16) aa(2) 36 }
+
+TargetHardwareIdentifiers ::= SEQUENCE OF OBJECT IDENTIFIER
+
+
+id-aa-decryptKeyID OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+ smime(16) aa(2) 37 }
+
+DecryptKeyIdentifier ::= OCTET STRING
+
+
+id-aa-implCryptoAlgs OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+ smime(16) aa(2) 38 }
+
+ImplementedCryptoAlgorithms ::= SEQUENCE OF OBJECT IDENTIFIER
+
+id-aa-implCompressAlgs OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+ smime(16) aa(2) 43 }
+
+ImplementedCompressAlgorithms ::= SEQUENCE OF OBJECT IDENTIFIER
+
+
+id-aa-communityIdentifiers OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+ smime(16) aa(2) 40 }
+
+CommunityIdentifiers ::= SEQUENCE OF CommunityIdentifier
+
+CommunityIdentifier ::= CHOICE {
+ communityOID OBJECT IDENTIFIER,
+ hwModuleList HardwareModules }
+
+HardwareModules ::= SEQUENCE {
+ hwType OBJECT IDENTIFIER,
+ hwSerialEntries SEQUENCE OF HardwareSerialEntry }
+
+
+HardwareSerialEntry ::= CHOICE {
+ all NULL,
+ single OCTET STRING,
+ block SEQUENCE {
+ low OCTET STRING,
+ high OCTET STRING } }
+
+
+id-aa-firmwarePackageInfo OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+ smime(16) aa(2) 42 }
+
+FirmwarePackageInfo ::= SEQUENCE {
+ fwPkgType INTEGER OPTIONAL,
+ dependencies SEQUENCE OF
+ PreferredOrLegacyPackageIdentifier OPTIONAL }
+
+
+-- Firmware Package Unsigned Attributes and Object Identifiers
+
+id-aa-wrappedFirmwareKey OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+ smime(16) aa(2) 39 }
+
+WrappedFirmwareKey ::= EnvelopedData
+
+
+-- Firmware Package Load Receipt Content Type and Object Identifier
+
+id-ct-firmwareLoadReceipt OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+ smime(16) ct(1) 17 }
+
+FirmwarePackageLoadReceipt ::= SEQUENCE {
+ version FWReceiptVersion DEFAULT v1,
+ hwType OBJECT IDENTIFIER,
+ hwSerialNum OCTET STRING,
+ fwPkgName PreferredOrLegacyPackageIdentifier,
+ trustAnchorKeyID OCTET STRING OPTIONAL,
+ decryptKeyID [1] OCTET STRING OPTIONAL }
+
+FWReceiptVersion ::= INTEGER { v1(1) }
+
+
+-- Firmware Package Load Error Report Content Type
+-- and Object Identifier
+
+id-ct-firmwareLoadError OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+ smime(16) ct(1) 18 }
+
+FirmwarePackageLoadError ::= SEQUENCE {
+ version FWErrorVersion DEFAULT v1,
+ hwType OBJECT IDENTIFIER,
+ hwSerialNum OCTET STRING,
+ errorCode FirmwarePackageLoadErrorCode,
+ vendorErrorCode VendorLoadErrorCode OPTIONAL,
+ fwPkgName PreferredOrLegacyPackageIdentifier OPTIONAL,
+ config [1] SEQUENCE OF CurrentFWConfig OPTIONAL }
+
+FWErrorVersion ::= INTEGER { v1(1) }
+
+CurrentFWConfig ::= SEQUENCE {
+ fwPkgType INTEGER OPTIONAL,
+ fwPkgName PreferredOrLegacyPackageIdentifier }
+
+FirmwarePackageLoadErrorCode ::= ENUMERATED {
+ decodeFailure (1),
+ badContentInfo (2),
+ badSignedData (3),
+ badEncapContent (4),
+ badCertificate (5),
+ badSignerInfo (6),
+ badSignedAttrs (7),
+ badUnsignedAttrs (8),
+ missingContent (9),
+ noTrustAnchor (10),
+ notAuthorized (11),
+ badDigestAlgorithm (12),
+ badSignatureAlgorithm (13),
+ unsupportedKeySize (14),
+ signatureFailure (15),
+ contentTypeMismatch (16),
+ badEncryptedData (17),
+ unprotectedAttrsPresent (18),
+ badEncryptContent (19),
+ badEncryptAlgorithm (20),
+ missingCiphertext (21),
+ noDecryptKey (22),
+ decryptFailure (23),
+ badCompressAlgorithm (24),
+ missingCompressedContent (25),
+ decompressFailure (26),
+ wrongHardware (27),
+ stalePackage (28),
+ notInCommunity (29),
+ unsupportedPackageType (30),
+ missingDependency (31),
+ wrongDependencyVersion (32),
+ insufficientMemory (33),
+ badFirmware (34),
+ unsupportedParameters (35),
+ breaksDependency (36),
+ otherError (99) }
+
+VendorLoadErrorCode ::= INTEGER
+
+
+-- Other Name syntax for Hardware Module Name
+
+id-on-hardwareModuleName OBJECT IDENTIFIER ::= {
+ iso(1) identified-organization(3) dod(6) internet(1) security(5)
+ mechanisms(5) pkix(7) on(8) 4 }
+
+HardwareModuleName ::= SEQUENCE {
+ hwType OBJECT IDENTIFIER,
+ hwSerialNum OCTET STRING }
+
+
+
+-- From Errata ID 4093: Elements defined Section 2.2.10 and missing in the appendix
+
+id-aa-fwPkgMessageDigest OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+ smime(16) aa(2) 41 }
+
+FirmwarePackageMessageDigest ::= SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ msgDigest OCTET STRING }
+
+END
diff --git a/epan/dissectors/asn1/cms/CMakeLists.txt b/epan/dissectors/asn1/cms/CMakeLists.txt
new file mode 100644
index 00000000..6fc91bd2
--- /dev/null
+++ b/epan/dissectors/asn1/cms/CMakeLists.txt
@@ -0,0 +1,52 @@
+# CMakeLists.txt
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+
+set( PROTOCOL_NAME cms )
+
+set( PROTO_OPT )
+
+set( EXPORT_FILES
+ ${PROTOCOL_NAME}-exp.cnf
+)
+
+set( EXT_ASN_FILE_LIST
+)
+
+set( ASN_FILE_LIST
+ CryptographicMessageSyntax.asn
+ AttributeCertificateVersion1.asn
+ CMSFirmwareWrapper.asn
+)
+
+set( EXTRA_DIST
+ ${ASN_FILE_LIST}
+ packet-${PROTOCOL_NAME}-template.c
+ packet-${PROTOCOL_NAME}-template.h
+ ${PROTOCOL_NAME}.cnf
+)
+
+set( SRC_FILES
+ ${EXTRA_DIST}
+ ${EXT_ASN_FILE_LIST}
+)
+
+set( A2W_FLAGS -b -C )
+
+set( EXTRA_CNF
+ "${CMAKE_CURRENT_BINARY_DIR}/../x509af/x509af-exp.cnf"
+ "${CMAKE_CURRENT_BINARY_DIR}/../x509ce/x509ce-exp.cnf"
+ "${CMAKE_CURRENT_BINARY_DIR}/../x509if/x509if-exp.cnf"
+ "${CMAKE_CURRENT_BINARY_DIR}/../x509sat/x509sat-exp.cnf"
+)
+
+set ( EXPORT_DEPENDS
+ "${CMAKE_CURRENT_BINARY_DIR}/../x509af/x509af-exp.cnf"
+)
+
+ASN2WRS()
diff --git a/epan/dissectors/asn1/cms/CryptographicMessageSyntax.asn b/epan/dissectors/asn1/cms/CryptographicMessageSyntax.asn
new file mode 100644
index 00000000..a2b9d921
--- /dev/null
+++ b/epan/dissectors/asn1/cms/CryptographicMessageSyntax.asn
@@ -0,0 +1,485 @@
+-- Extracted from RFC5652
+-- and massaged/modified so it passes through our asn2wrs compiler
+
+CryptographicMessageSyntax
+ { iso(1) member-body(2) us(840) rsadsi(113549)
+ pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use
+-- in the other ASN.1 modules. Other applications may use them for
+-- their own purposes.
+
+IMPORTS
+ -- Directory Information Framework (X.501)
+ Name
+ FROM InformationFramework { joint-iso-itu-t ds(5) modules(1)
+ informationFramework(1) 3 }
+
+ -- Directory Authentication Framework (X.509)
+ AlgorithmIdentifier, AttributeCertificate, Certificate,
+ CertificateList, CertificateSerialNumber
+ FROM AuthenticationFramework { joint-iso-itu-t ds(5)
+ module(1) authenticationFramework(7) 3 } ;
+
+
+-- Cryptographic Message Syntax
+
+ContentInfo ::= SEQUENCE {
+ contentType ContentType,
+ content [0] EXPLICIT ANY DEFINED BY contentType }
+
+ContentType ::= OBJECT IDENTIFIER
+
+SignedData ::= SEQUENCE {
+ version CMSVersion,
+ digestAlgorithms DigestAlgorithmIdentifiers,
+ encapContentInfo EncapsulatedContentInfo,
+ certificates [0] IMPLICIT CertificateSet OPTIONAL,
+ crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
+ signerInfos SignerInfos }
+
+DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+
+SignerInfos ::= SET OF SignerInfo
+
+-- Implemented by hand in the template
+EncapsulatedContentInfo ::= SEQUENCE {
+ eContentType ContentType,
+ eContent [0] EXPLICIT OCTET STRING OPTIONAL }
+
+SignerInfo ::= SEQUENCE {
+ version CMSVersion,
+ sid SignerIdentifier,
+ digestAlgorithm DigestAlgorithmIdentifier,
+ signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
+ signatureAlgorithm SignatureAlgorithmIdentifier,
+ signature SignatureValue,
+ unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
+
+SignerIdentifier ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ subjectKeyIdentifier [0] SubjectKeyIdentifier }
+
+SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+Attribute ::= SEQUENCE {
+ attrType OBJECT IDENTIFIER,
+ attrValues SET OF AttributeValue }
+
+AttributeValue ::= ANY
+
+SignatureValue ::= OCTET STRING
+
+EnvelopedData ::= SEQUENCE {
+ version CMSVersion,
+ originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+ recipientInfos RecipientInfos,
+ encryptedContentInfo EncryptedContentInfo,
+ unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
+
+OriginatorInfo ::= SEQUENCE {
+ certs [0] IMPLICIT CertificateSet OPTIONAL,
+ crls [1] IMPLICIT RevocationInfoChoices OPTIONAL }
+
+RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo
+
+EncryptedContentInfo ::= SEQUENCE {
+ contentType ContentType,
+ contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
+ encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
+
+EncryptedContent ::= OCTET STRING
+
+UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+RecipientInfo ::= CHOICE {
+ ktri KeyTransRecipientInfo,
+ kari [1] KeyAgreeRecipientInfo,
+ kekri [2] KEKRecipientInfo,
+ pwri [3] PasswordRecipientInfo,
+ ori [4] OtherRecipientInfo }
+
+EncryptedKey ::= OCTET STRING
+
+KeyTransRecipientInfo ::= SEQUENCE {
+ version CMSVersion, -- always set to 0 or 2
+ rid RecipientIdentifier,
+ keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+ encryptedKey EncryptedKey }
+
+RecipientIdentifier ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ subjectKeyIdentifier [0] SubjectKeyIdentifier }
+
+KeyAgreeRecipientInfo ::= SEQUENCE {
+ version CMSVersion, -- always set to 3
+ originator [0] EXPLICIT OriginatorIdentifierOrKey,
+ ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
+ keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+ recipientEncryptedKeys RecipientEncryptedKeys }
+
+OriginatorIdentifierOrKey ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ subjectKeyIdentifier [0] SubjectKeyIdentifier,
+ originatorKey [1] OriginatorPublicKey }
+
+OriginatorPublicKey ::= SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ publicKey BIT STRING }
+
+RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
+
+RecipientEncryptedKey ::= SEQUENCE {
+ rid KeyAgreeRecipientIdentifier,
+ encryptedKey EncryptedKey }
+
+KeyAgreeRecipientIdentifier ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ rKeyId [0] IMPLICIT RecipientKeyIdentifier }
+
+RecipientKeyIdentifier ::= SEQUENCE {
+ subjectKeyIdentifier SubjectKeyIdentifier,
+ date GeneralizedTime OPTIONAL,
+ other OtherKeyAttribute OPTIONAL }
+
+SubjectKeyIdentifier ::= OCTET STRING
+
+KEKRecipientInfo ::= SEQUENCE {
+ version CMSVersion, -- always set to 4
+ kekid KEKIdentifier,
+ keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+ encryptedKey EncryptedKey }
+
+KEKIdentifier ::= SEQUENCE {
+ keyIdentifier OCTET STRING,
+ date GeneralizedTime OPTIONAL,
+ other OtherKeyAttribute OPTIONAL }
+
+PasswordRecipientInfo ::= SEQUENCE {
+ version CMSVersion, -- always set to 0
+ keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
+ OPTIONAL,
+ keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+ encryptedKey EncryptedKey }
+
+OtherRecipientInfo ::= SEQUENCE {
+ oriType OBJECT IDENTIFIER,
+ oriValue ANY DEFINED BY oriType }
+
+DigestedData ::= SEQUENCE {
+ version CMSVersion,
+ digestAlgorithm DigestAlgorithmIdentifier,
+ encapContentInfo EncapsulatedContentInfo,
+ digest Digest }
+
+Digest ::= OCTET STRING
+
+EncryptedData ::= SEQUENCE {
+ version CMSVersion,
+ encryptedContentInfo EncryptedContentInfo,
+ unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
+
+AuthenticatedData ::= SEQUENCE {
+ version CMSVersion,
+ originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+ recipientInfos RecipientInfos,
+ macAlgorithm MessageAuthenticationCodeAlgorithm,
+ digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
+ encapContentInfo EncapsulatedContentInfo,
+ authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
+ mac MessageAuthenticationCode,
+ unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
+
+AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+MessageAuthenticationCode ::= OCTET STRING
+
+DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+
+SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
+
+KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
+
+KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier
+
+RevocationInfoChoices ::= SET OF RevocationInfoChoice
+
+RevocationInfoChoice ::= CHOICE {
+ crl CertificateList,
+ other [1] IMPLICIT OtherRevocationInfoFormat }
+
+OtherRevocationInfoFormat ::= SEQUENCE {
+ otherRevInfoFormat OBJECT IDENTIFIER,
+ otherRevInfo ANY DEFINED BY otherRevInfoFormat }
+
+CertificateChoices ::= CHOICE {
+ certificate Certificate,
+ extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
+ v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete
+ v2AttrCert [2] IMPLICIT AttributeCertificateV2 }
+
+AttributeCertificateV2 ::= AttributeCertificate
+
+CertificateSet ::= SET OF CertificateChoices
+
+IssuerAndSerialNumber ::= SEQUENCE {
+ issuer Name,
+ serialNumber CertificateSerialNumber }
+
+CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
+
+UserKeyingMaterial ::= OCTET STRING
+
+OtherKeyAttribute ::= SEQUENCE {
+ keyAttrId OBJECT IDENTIFIER,
+ keyAttr ANY DEFINED BY keyAttrId OPTIONAL }
+
+-- Content Type Object Identifiers
+
+id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 }
+
+id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
+
+id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
+
+id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }
+
+id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
+
+id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
+
+id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 }
+
+-- The CMS Attributes
+
+MessageDigest ::= OCTET STRING
+
+SigningTime ::= Time
+
+Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+Countersignature ::= SignerInfo
+
+-- Algorithm Identifiers
+--
+-- sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
+-- oiw(14) secsig(3) algorithm(2) 26 }
+--
+-- md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+-- rsadsi(113549) digestAlgorithm(2) 5 }
+--
+-- id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+-- us(840) x9-57 (10040) x9cm(4) 3 }
+--
+-- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+-- us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
+--
+-- dh-public-number OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+-- us(840) ansi-x942(10046) number-type(2) 1 }
+--
+-- id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+-- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
+--
+-- id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
+--
+-- id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
+--
+-- des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+-- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
+--
+-- rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+-- rsadsi(113549) encryptionAlgorithm(3) 2 }
+--
+-- hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
+-- dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
+--
+--
+-- Algorithm Parameters
+--
+KeyWrapAlgorithm ::= AlgorithmIdentifier
+
+RC2WrapParameter ::= RC2ParameterVersion
+
+RC2ParameterVersion ::= INTEGER
+
+CBCParameter ::= IV
+
+IV ::= OCTET STRING
+
+RC2CBCParameter ::= SEQUENCE {
+ rc2ParameterVersion INTEGER,
+ iv OCTET STRING }
+
+-- Attribute Object Identifiers
+
+id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }
+
+id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }
+
+id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
+
+id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
+
+-- Obsolete Extended Certificate syntax from PKCS #6
+
+ExtendedCertificateOrCertificate ::= CHOICE {
+ certificate Certificate,
+ extendedCertificate [0] IMPLICIT ExtendedCertificate }
+
+ExtendedCertificate ::= SEQUENCE {
+ extendedCertificateInfo ExtendedCertificateInfo,
+ signatureAlgorithm SignatureAlgorithmIdentifier,
+ signature Signature }
+
+ExtendedCertificateInfo ::= SEQUENCE {
+ version CMSVersion,
+ certificate Certificate,
+ attributes UnauthAttributes }
+
+Signature ::= BIT STRING
+
+-- PKCS #7 type that was removed from CMS
+
+DigestInfo ::= SEQUENCE {
+ digestAlgorithm DigestAlgorithmIdentifier,
+ digest Digest }
+
+-- From S/MIME
+
+SMIMECapabilities ::= SEQUENCE OF SMIMECapability
+
+SMIMECapability ::= SEQUENCE {
+ capability OBJECT IDENTIFIER,
+ parameters ANY OPTIONAL
+}
+
+SMIMEEncryptionKeyPreference ::= CHOICE {
+ issuerAndSerialNumber [0] IssuerAndSerialNumber,
+ recipientKeyId [1] RecipientKeyIdentifier,
+ subjectAltKeyIdentifier [2] SubjectKeyIdentifier
+
+}
+
+-- some implememtations do not seem to use the RC2CBCParameter with 1.2.840.113549.3.2 as per RFC 2630 12.4.2
+-- so we create this CHOICE to workaround this problem until we understand what is really the correct solution
+
+RC2CBCParameters ::= CHOICE {
+ rc2WrapParameter RC2WrapParameter,
+ rc2CBCParameter RC2CBCParameter
+
+}
+
+
+END -- of CryptographicMessageSyntax2004
+
+CMS-AuthEnvelopedData-2007 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+ pkcs-9(9) smime(16) modules(0) cms-authEnvelopedData(31) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use
+-- in the other ASN.1 modules. Other applications may use them for
+-- their own purposes.
+
+-- IMPORTS
+
+-- Imports from RFC 3852 [CMS], Section 12.1
+-- AuthAttributes,
+-- CMSVersion,
+-- EncryptedContentInfo,
+-- MessageAuthenticationCode,
+-- OriginatorInfo,
+-- RecipientInfos,
+-- UnauthAttributes
+-- FROM CryptographicMessageSyntax2004
+-- { iso(1) member-body(2) us(840) rsadsi(113549)
+-- pkcs(1) pkcs-9(9) smime(16) modules(0)
+-- cms-2004(24) } ;
+
+
+AuthEnvelopedData ::= SEQUENCE {
+ version CMSVersion,
+ originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+ recipientInfos RecipientInfos,
+ authEncryptedContentInfo EncryptedContentInfo,
+ authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
+ mac MessageAuthenticationCode,
+ unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
+
+id-ct-authEnvelopedData OBJECT IDENTIFIER ::= { iso(1)
+ member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+ smime(16) ct(1) 23 }
+
+END -- of CMS-AuthEnvelopedData-2007
+
+CMS-AES-CCM-and-AES-GCM
+ { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+ pkcs-9(9) smime(16) modules(0) cms-aes-ccm-and-gcm(32) }
+
+DEFINITIONS IMPLICIT TAGS ::= BEGIN
+
+-- EXPORTS All
+
+-- Object Identifiers
+
+aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840)
+ organization(1) gov(101) csor(3) nistAlgorithm(4) 1 }
+
+id-aes128-CCM OBJECT IDENTIFIER ::= { aes 7 }
+
+id-aes192-CCM OBJECT IDENTIFIER ::= { aes 27 }
+
+id-aes256-CCM OBJECT IDENTIFIER ::= { aes 47 }
+
+id-aes128-GCM OBJECT IDENTIFIER ::= { aes 6 }
+
+id-aes192-GCM OBJECT IDENTIFIER ::= { aes 26 }
+
+id-aes256-GCM OBJECT IDENTIFIER ::= { aes 46 }
+
+
+-- Parameters for AigorithmIdentifier
+
+CCMParameters ::= SEQUENCE {
+ aes-nonce OCTET STRING (SIZE(7..13)),
+ aes-ICVlen AES-CCM-ICVlen DEFAULT 12 }
+
+AES-CCM-ICVlen ::= INTEGER (4 | 6 | 8 | 10 | 12 | 14 | 16)
+
+GCMParameters ::= SEQUENCE {
+ aes-nonce OCTET STRING, -- recommended size is 12 octets
+ aes-ICVlen AES-GCM-ICVlen DEFAULT 12 }
+
+AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16)
+
+END
+
diff --git a/epan/dissectors/asn1/cms/cms.cnf b/epan/dissectors/asn1/cms/cms.cnf
new file mode 100644
index 00000000..77da3143
--- /dev/null
+++ b/epan/dissectors/asn1/cms/cms.cnf
@@ -0,0 +1,293 @@
+# CMS.cnf
+# CMS conformation file
+
+#.IMPORT ../x509af/x509af-exp.cnf
+#.IMPORT ../x509ce/x509ce-exp.cnf
+#.IMPORT ../x509if/x509if-exp.cnf
+#.IMPORT ../x509sat/x509sat-exp.cnf
+
+#.OMIT_ASSIGNMENT
+CBCParameter
+ExtendedCertificateOrCertificate
+#.END
+
+#.EXPORTS
+ContentInfo
+ContentType
+Countersignature
+Digest
+DigestAlgorithmIdentifier
+DigestAlgorithmIdentifiers
+DigestInfo
+EncapsulatedContentInfo
+EnvelopedData
+AuthEnvelopedData
+IssuerAndSerialNumber
+SignedAttributes
+SignedData
+SignerIdentifier
+SignerInfo
+SignerInfos
+SignatureValue
+UnsignedAttributes
+
+#.REGISTER
+ContentInfo B "1.2.840.113549.1.9.16.1.6" "id-ct-contentInfo"
+#OctetString B "1.2.840.113549.1.7.1" "id-data" see x509sat.cnf
+SignedData B "1.2.840.113549.1.7.2" "id-signedData"
+EnvelopedData B "1.2.840.113549.1.7.3" "id-envelopedData"
+DigestedData B "1.2.840.113549.1.7.5" "id-digestedData"
+EncryptedData B "1.2.840.113549.1.7.6" "id-encryptedData"
+AuthenticatedData B "1.2.840.113549.1.9.16.1.2" "id-ct-authenticatedData"
+EncryptedContentInfo B "1.2.840.113549.1.9.16.1.9" "id-ct-compressedData"
+AuthEnvelopedData B "1.2.840.113549.1.9.16.1.23" "id-ct-authEnvelopedData"
+
+ContentType B "1.2.840.113549.1.9.3" "id-contentType"
+MessageDigest B "1.2.840.113549.1.9.4" "id-messageDigest"
+SigningTime B "1.2.840.113549.1.9.5" "id-signingTime"
+Countersignature B "1.2.840.113549.1.9.6" "id-counterSignature"
+
+ContentInfo B "2.6.1.4.18" "id-et-pkcs7"
+
+IssuerAndSerialNumber B "1.3.6.1.4.1.311.16.4" "ms-oe-encryption-key-preference"
+SMIMECapabilities B "1.2.840.113549.1.9.15" "id-smime-capabilities"
+SMIMEEncryptionKeyPreference B "1.2.840.113549.1.9.16.2.11" "id-encryption-key-preference"
+
+# I think the following should be RC2CBCParameter - but that appears to be incorrect
+RC2CBCParameters B "1.2.840.113549.3.4" "id-alg-rc4"
+
+KeyEncryptionAlgorithmIdentifier B "0.4.0.127.0.7.1.1.5.1.1.3" "ecka-eg-X963KDF-SHA256"
+KeyEncryptionAlgorithmIdentifier B "0.4.0.127.0.7.1.1.5.1.1.4" "ecka-eg-X963KDF-SHA384"
+KeyEncryptionAlgorithmIdentifier B "0.4.0.127.0.7.1.1.5.1.1.5" "ecka-eg-X963KDF-SHA512"
+
+KeyEncryptionAlgorithmIdentifier B "2.16.840.1.101.3.4.1.5" "id-aes128-wrap"
+KeyEncryptionAlgorithmIdentifier B "2.16.840.1.101.3.4.1.25" "id-aes192-wrap"
+KeyEncryptionAlgorithmIdentifier B "2.16.840.1.101.3.4.1.45" "id-aes256-wrap"
+
+GCMParameters B "2.16.840.1.101.3.4.1.6" "id-aes128-GCM"
+GCMParameters B "2.16.840.1.101.3.4.1.26" "id-aes192-GCM"
+GCMParameters B "2.16.840.1.101.3.4.1.46" "id-aes256-GCM"
+
+CCMParameters B "2.16.840.1.101.3.4.1.7" "id-aes128-CCM"
+CCMParameters B "2.16.840.1.101.3.4.1.27" "id-aes192-CCM"
+CCMParameters B "2.16.840.1.101.3.4.1.44" "id-aes256-CCM"
+
+# EC algorithms from RFC 3278 / RFC 5753
+KeyWrapAlgorithm B "1.3.133.16.840.63.0.2" "dhSinglePass-stdDH-sha1kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.11.0" "dhSinglePass-stdDH-sha224kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.11.1" "dhSinglePass-stdDH-sha256kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.11.2" "dhSinglePass-stdDH-sha384kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.11.3" "dhSinglePass-stdDH-sha512kdf-scheme"
+KeyWrapAlgorithm B "1.3.133.16.840.63.0.3" "dhSinglePass-cofactorDH-sha1kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.14.0" "dhSinglePass-cofactorDH-sha224kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.14.1" "dhSinglePass-cofactorDH-sha256kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.14.2" "dhSinglePass-cofactorDH-sha384kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.14.3" "dhSinglePass-cofactorDH-sha512kdf-scheme"
+KeyWrapAlgorithm B "1.3.133.16.840.63.0.16" "mqvSinglePass-sha1kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.15.0" "mqvSinglePass-sha224kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.15.1" "mqvSinglePass-sha256kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.15.2" "mqvSinglePass-sha384kdf-scheme"
+KeyWrapAlgorithm B "1.3.132.1.15.3" "mqvSinglePass-sha512kdf-scheme"
+
+# RFC 3370 [CMS-ASN] (and RFC 5911 section 3)
+# - section 4.3.1 - registered in packet-cms-template.c
+# NULL B "1.2.840.113549.1.9.16.3.6" "id-alg-CMS3DESwrap"
+# - section 4.3.2
+RC2WrapParameter B "1.2.840.113549.1.9.16.3.7" "id-alg-CMSRC2-wrap"
+# - section 4.4.1 - PBKDF2-params defined in PKCS#5 / RFC 8018 - not yet implemented
+# PBKDF2-params B "1.2.840.113549.1.5.12" "id-PBKDF2"
+# - section 5.1
+IV B "1.2.840.113549.3.7" "des-ede3-cbc"
+# - section 5.2
+RC2CBCParameters B "1.2.840.113549.3.2" "rc2-cbc"
+
+# RFC 2798 Attributes - see master list in x509sat.cnf
+SignedData B "2.16.840.1.113730.3.1.40" "userSMIMECertificate"
+
+# RFC 4108 Attributes (in CMSFirmwareWrapper.asn)
+FirmwarePkgData B "1.2.840.113549.1.9.16.1.16" "id-ct-firmwarePackage"
+FirmwarePackageIdentifier B "1.2.840.113549.1.9.16.2.35" "id-aa-firmwarePackageID"
+TargetHardwareIdentifiers B "1.2.840.113549.1.9.16.2.36" "id-aa-targetHardwareIDs"
+DecryptKeyIdentifier B "1.2.840.113549.1.9.16.2.37" "id-aa-decryptKeyID"
+ImplementedCryptoAlgorithms B "1.2.840.113549.1.9.16.2.38" "id-aa-implCryptoAlgs"
+ImplementedCompressAlgorithms B "1.2.840.113549.1.9.16.2.43" "id-aa-implCompressAlgs"
+CommunityIdentifiers B "1.2.840.113549.1.9.16.2.40" "id-aa-communityIdentifiers"
+FirmwarePackageInfo B "1.2.840.113549.1.9.16.2.42" "id-aa-firmwarePackageInfo"
+WrappedFirmwareKey B "1.2.840.113549.1.9.16.2.39" "id-aa-wrappedFirmwareKey"
+FirmwarePackageLoadReceipt B "1.2.840.113549.1.9.16.1.17" "id-ct-firmwareLoadReceipt"
+FirmwarePackageLoadError B "1.2.840.113549.1.9.16.1.18" "id-ct-firmwareLoadError"
+HardwareModuleName B "1.3.6.1.5.5.7.8.4" "id-on-hardwareModuleName"
+FirmwarePackageMessageDigest B "1.2.840.113549.1.9.16.2.41" "id-aa-fwPkgMessageDigest"
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+
+#.FIELD_RENAME
+SignerInfo/signature signatureValue
+RecipientEncryptedKey/rid rekRid
+EncryptedContentInfo/contentType encryptedContentType
+AttributeCertificateV1/signature signatureValue_v1
+AttributeCertificateV1/signatureAlgorithm signatureAlgorithm_v1
+AttributeCertificateInfoV1/attributes attributes_v1
+AttributeCertificateInfoV1/issuer issuer_v1
+AttributeCertificateInfoV1/signature signature_v1
+AttributeCertificateInfoV1/version version_v1
+RevocationInfoChoice/other otherRIC
+FirmwarePackageLoadReceipt/version fwReceiptVersion
+FirmwarePackageLoadError/version fwErrorVersion
+
+#.FN_BODY ContentInfo
+ top_tree = tree;
+ %(DEFAULT_BODY)s
+ top_tree = NULL;
+
+#.FN_PARS ContentType
+ FN_VARIANT = _str VAL_PTR = &cms_data->object_identifier_id
+
+#.FN_BODY ContentType
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+ cms_data->object_identifier_id = NULL;
+ const char *name = NULL;
+
+ %(DEFAULT_BODY)s
+
+ if(cms_data->object_identifier_id) {
+ name = oid_resolved_from_string(actx->pinfo->pool, cms_data->object_identifier_id);
+ proto_item_append_text(tree, " (%%s)", name ? name : cms_data->object_identifier_id);
+ }
+
+#.FN_BODY ContentInfo/content
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+ offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+
+#.FN_BODY EncapsulatedContentInfo/eContent
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+ cms_data->content_tvb = NULL;
+ offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &cms_data->content_tvb);
+
+ if(cms_data->content_tvb) {
+ proto_item_set_text(actx->created_item, "eContent (%%u bytes)", tvb_reported_length(cms_data->content_tvb));
+
+ call_ber_oid_callback(cms_data->object_identifier_id, cms_data->content_tvb, 0, actx->pinfo, top_tree ? top_tree : tree, NULL);
+ }
+
+#.FN_PARS OtherRecipientInfo/oriType
+ FN_VARIANT = _str VAL_PTR = &cms_data->object_identifier_id
+
+#.FN_HDR OtherRecipientInfo/oriType
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+ cms_data->object_identifier_id = NULL;
+
+#.FN_BODY OtherRecipientInfo/oriValue
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+ offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS OtherKeyAttribute/keyAttrId
+ FN_VARIANT = _str HF_INDEX = hf_cms_ci_contentType VAL_PTR = &cms_data->object_identifier_id
+
+#.FN_HDR OtherKeyAttribute/keyAttrId
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+ cms_data->object_identifier_id = NULL;
+
+#.FN_BODY OtherKeyAttribute/keyAttr
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+ offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS OtherRevocationInfoFormat/otherRevInfoFormat
+ FN_VARIANT = _str VAL_PTR = &cms_data->object_identifier_id
+
+#.FN_HDR OtherRevocationInfoFormat/otherRevInfoFormat
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+ cms_data->object_identifier_id = NULL;
+
+#.FN_BODY OtherRevocationInfoFormat/otherRevInfo
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+ offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS Attribute/attrType
+ FN_VARIANT = _str HF_INDEX = hf_cms_attrType VAL_PTR = &cms_data->object_identifier_id
+
+#.FN_BODY Attribute/attrType
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+ cms_data->object_identifier_id = NULL;
+ const char *name = NULL;
+
+ %(DEFAULT_BODY)s
+
+ if(cms_data->object_identifier_id) {
+ name = oid_resolved_from_string(actx->pinfo->pool, cms_data->object_identifier_id);
+ proto_item_append_text(tree, " (%%s)", name ? name : cms_data->object_identifier_id);
+ }
+
+#.FN_BODY AttributeValue
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+
+ offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_BODY MessageDigest
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+ proto_item *pi;
+ int old_offset = offset;
+
+ %(DEFAULT_BODY)s
+
+ pi = actx->created_item;
+
+ /* move past TLV */
+ old_offset = get_ber_identifier(tvb, old_offset, NULL, NULL, NULL);
+ old_offset = get_ber_length(tvb, old_offset, NULL, NULL);
+
+ if(cms_data->content_tvb)
+ cms_verify_msg_digest(pi, cms_data->content_tvb, x509af_get_last_algorithm_id(), tvb, old_offset);
+
+#.FN_PARS SMIMECapability/capability
+ FN_VARIANT = _str HF_INDEX = hf_cms_attrType VAL_PTR = &cms_data->object_identifier_id
+
+#.FN_BODY SMIMECapability/capability
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+ cms_data->object_identifier_id = NULL;
+ const char *name = NULL;
+
+ %(DEFAULT_BODY)s
+
+ if(cms_data->object_identifier_id) {
+ name = oid_resolved_from_string(actx->pinfo->pool, cms_data->object_identifier_id);
+ proto_item_append_text(tree, " %%s", name ? name : cms_data->object_identifier_id);
+ cap_tree = tree;
+ }
+
+#.FN_BODY SMIMECapability/parameters
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+
+ offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS RC2ParameterVersion
+ VAL_PTR = &length
+
+#.FN_BODY RC2ParameterVersion
+ guint32 length = 0;
+
+ %(DEFAULT_BODY)s
+
+ if(cap_tree != NULL)
+ proto_item_append_text(cap_tree, " (%%d bits)", length);
+
+#.FN_PARS EncryptedContent VAL_PTR = &encrypted_tvb
+
+#.FN_HDR EncryptedContent
+ tvbuff_t *encrypted_tvb;
+ proto_item *item;
+#.END
+
+#.FN_FTR EncryptedContent
+ struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
+
+ item = actx->created_item;
+
+ PBE_decrypt_data(cms_data->object_identifier_id, encrypted_tvb, actx->pinfo, actx, item);
+
+#.END
+
+
diff --git a/epan/dissectors/asn1/cms/packet-cms-template.c b/epan/dissectors/asn1/cms/packet-cms-template.c
new file mode 100644
index 00000000..aca1ecb0
--- /dev/null
+++ b/epan/dissectors/asn1/cms/packet-cms-template.c
@@ -0,0 +1,211 @@
+/* packet-cms.c
+ * Routines for RFC5652 Cryptographic Message Syntax packet dissection
+ * Ronnie Sahlberg 2004
+ * Stig Bjorlykke 2010
+ * Uwe Heuert 2022
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include <epan/oids.h>
+#include <epan/asn1.h>
+#include <epan/proto_data.h>
+#include <wsutil/wsgcrypt.h>
+
+#include "packet-ber.h"
+#include "packet-cms.h"
+#include "packet-x509af.h"
+#include "packet-x509ce.h"
+#include "packet-x509if.h"
+#include "packet-x509sat.h"
+#include "packet-pkcs12.h"
+
+#define PNAME "Cryptographic Message Syntax"
+#define PSNAME "CMS"
+#define PFNAME "cms"
+
+void proto_register_cms(void);
+void proto_reg_handoff_cms(void);
+
+/* Initialize the protocol and registered fields */
+static int proto_cms = -1;
+static int hf_cms_ci_contentType = -1;
+#include "packet-cms-hf.c"
+
+/* Initialize the subtree pointers */
+static gint ett_cms = -1;
+#include "packet-cms-ett.c"
+
+static dissector_handle_t cms_handle = NULL;
+
+static int dissect_cms_OCTET_STRING(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) ; /* XXX kill a compiler warning until asn2wrs stops generating these silly wrappers */
+
+struct cms_private_data {
+ const char *object_identifier_id;
+ tvbuff_t *content_tvb;
+};
+
+static proto_tree *top_tree=NULL;
+static proto_tree *cap_tree=NULL;
+
+#define HASH_SHA1 "1.3.14.3.2.26"
+
+#define HASH_MD5 "1.2.840.113549.2.5"
+
+
+/* SHA-2 variants */
+#define HASH_SHA224 "2.16.840.1.101.3.4.2.4"
+#define SHA224_BUFFER_SIZE 32 /* actually 28 */
+#define HASH_SHA256 "2.16.840.1.101.3.4.2.1"
+#define SHA256_BUFFER_SIZE 32
+
+unsigned char digest_buf[MAX(HASH_SHA1_LENGTH, HASH_MD5_LENGTH)];
+
+/*
+* Dissect CMS PDUs inside a PPDU.
+*/
+static int
+dissect_cms(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_)
+{
+ int offset = 0;
+ proto_item *item=NULL;
+ proto_tree *tree=NULL;
+ asn1_ctx_t asn1_ctx;
+ asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+
+ if(parent_tree){
+ item = proto_tree_add_item(parent_tree, proto_cms, tvb, 0, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_cms);
+ }
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "CMS");
+ col_clear(pinfo->cinfo, COL_INFO);
+
+ while (tvb_reported_length_remaining(tvb, offset) > 0){
+ offset=dissect_cms_ContentInfo(FALSE, tvb, offset, &asn1_ctx , tree, -1);
+ }
+ return tvb_captured_length(tvb);
+}
+
+static struct cms_private_data*
+cms_get_private_data(packet_info *pinfo)
+{
+ struct cms_private_data *cms_data = (struct cms_private_data*)p_get_proto_data(pinfo->pool, pinfo, proto_cms, 0);
+ if (!cms_data) {
+ cms_data = wmem_new0(pinfo->pool, struct cms_private_data);
+ p_add_proto_data(pinfo->pool, pinfo, proto_cms, 0, cms_data);
+ }
+ return cms_data;
+}
+
+static void
+cms_verify_msg_digest(proto_item *pi, tvbuff_t *content, const char *alg, tvbuff_t *tvb, int offset)
+{
+ int i= 0, buffer_size = 0;
+
+ /* we only support two algorithms at the moment - if we do add SHA2
+ we should add a registration process to use a registration process */
+
+ if(strcmp(alg, HASH_SHA1) == 0) {
+ gcry_md_hash_buffer(GCRY_MD_SHA1, digest_buf, tvb_get_ptr(content, 0, tvb_captured_length(content)), tvb_captured_length(content));
+ buffer_size = HASH_SHA1_LENGTH;
+
+ } else if(strcmp(alg, HASH_MD5) == 0) {
+ gcry_md_hash_buffer(GCRY_MD_MD5, digest_buf, tvb_get_ptr(content, 0, tvb_captured_length(content)), tvb_captured_length(content));
+ buffer_size = HASH_MD5_LENGTH;
+ }
+
+ if(buffer_size) {
+ /* compare our computed hash with what we have received */
+
+ if(tvb_bytes_exist(tvb, offset, buffer_size) &&
+ (tvb_memeql(tvb, offset, digest_buf, buffer_size) != 0)) {
+ proto_item_append_text(pi, " [incorrect, should be ");
+ for(i = 0; i < buffer_size; i++)
+ proto_item_append_text(pi, "%02X", digest_buf[i]);
+
+ proto_item_append_text(pi, "]");
+ }
+ else
+ proto_item_append_text(pi, " [correct]");
+ } else {
+ proto_item_append_text(pi, " [unable to verify]");
+ }
+
+}
+
+#include "packet-cms-fn.c"
+
+/*--- proto_register_cms ----------------------------------------------*/
+void proto_register_cms(void) {
+
+ /* List of fields */
+ static hf_register_info hf[] = {
+ { &hf_cms_ci_contentType,
+ { "contentType", "cms.contentInfo.contentType",
+ FT_OID, BASE_NONE, NULL, 0,
+ NULL, HFILL }},
+#include "packet-cms-hfarr.c"
+ };
+
+ /* List of subtrees */
+ static gint *ett[] = {
+ &ett_cms,
+#include "packet-cms-ettarr.c"
+ };
+
+ /* Register protocol */
+ proto_cms = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+ cms_handle = register_dissector(PFNAME, dissect_cms, proto_cms);
+
+ /* Register fields and subtrees */
+ proto_register_field_array(proto_cms, hf, array_length(hf));
+ proto_register_subtree_array(ett, array_length(ett));
+
+ register_ber_syntax_dissector("ContentInfo", proto_cms, dissect_ContentInfo_PDU);
+ register_ber_syntax_dissector("SignedData", proto_cms, dissect_SignedData_PDU);
+ register_ber_oid_syntax(".p7s", NULL, "ContentInfo");
+ register_ber_oid_syntax(".p7m", NULL, "ContentInfo");
+ register_ber_oid_syntax(".p7c", NULL, "ContentInfo");
+
+
+}
+
+
+/*--- proto_reg_handoff_cms -------------------------------------------*/
+void proto_reg_handoff_cms(void) {
+ dissector_handle_t content_info_handle;
+#include "packet-cms-dis-tab.c"
+
+ /* RFC 3370 [CMS-ASN} section 4.3.1 */
+ register_ber_oid_dissector("1.2.840.113549.1.9.16.3.6", dissect_ber_oid_NULL_callback, proto_cms, "id-alg-CMS3DESwrap");
+
+ oid_add_from_string("id-data","1.2.840.113549.1.7.1");
+ oid_add_from_string("id-alg-des-ede3-cbc","1.2.840.113549.3.7");
+ oid_add_from_string("id-alg-des-cbc","1.3.14.3.2.7");
+
+ oid_add_from_string("id-ct-authEnvelopedData","1.2.840.113549.1.9.16.1.23");
+ oid_add_from_string("id-aes-CBC-CMAC-128","0.4.0.127.0.7.1.3.1.1.2");
+ oid_add_from_string("id-aes-CBC-CMAC-192","0.4.0.127.0.7.1.3.1.1.3");
+ oid_add_from_string("id-aes-CBC-CMAC-256","0.4.0.127.0.7.1.3.1.1.4");
+ oid_add_from_string("ecdsaWithSHA256","1.2.840.10045.4.3.2");
+ oid_add_from_string("ecdsaWithSHA384","1.2.840.10045.4.3.3");
+ oid_add_from_string("ecdsaWithSHA512","1.2.840.10045.4.3.4");
+
+ content_info_handle = create_dissector_handle (dissect_ContentInfo_PDU, proto_cms);
+
+ dissector_add_string("media_type", "application/pkcs7-mime", content_info_handle);
+ dissector_add_string("media_type", "application/pkcs7-signature", content_info_handle);
+
+ dissector_add_string("media_type", "application/vnd.de-dke-k461-ic1+xml", content_info_handle);
+ dissector_add_string("media_type", "application/vnd.de-dke-k461-ic1+xml; encap=cms-tr03109", content_info_handle);
+ dissector_add_string("media_type", "application/vnd.de-dke-k461-ic1+xml; encap=cms-tr03109-zlib", content_info_handle);
+ dissector_add_string("media_type", "application/hgp;encap=cms", content_info_handle);
+}
diff --git a/epan/dissectors/asn1/cms/packet-cms-template.h b/epan/dissectors/asn1/cms/packet-cms-template.h
new file mode 100644
index 00000000..eb1f45fb
--- /dev/null
+++ b/epan/dissectors/asn1/cms/packet-cms-template.h
@@ -0,0 +1,20 @@
+/* packet-cms.h
+ * Routines for RFC5652 Cryptographic Message Syntax packet dissection
+ * Ronnie Sahlberg 2004
+ * Stig Bjorlykke 2010
+ * Uwe Heuert 2022
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef PACKET_CMS_H
+#define PACKET_CMS_H
+
+#include "packet-cms-exp.h"
+
+#endif /* PACKET_CMS_H */
+