add PKINIT protocol

svn path=/trunk/; revision=12011

5 files changed, 301 insertions, 0 deletions

diff --git a/asn1/pkinit/PKINIT.asn b/asn1/pkinit/PKINIT.asn
new file mode 100644
index 0000000000..88bfe59287
--- /dev/null
+++ b/asn1/pkinit/PKINIT.asn
@@ -0,0 +1,152 @@
+--NOTE: we have to accomodate BOTH existing users of early drafts, such as
+--packetcable as well as new users once the protocol is standardized.
+--
+--This asn1 file is based on draft-ietf-cat-kerberos-pk-init-20.txt
+--but has been modified to acocmodate the ethereal asn2eth compiler
+--and our environment
+--
+--new structures are uncommented and added on demand as they are required
+--
+--Copyright (C) The Internet Society (2004).  This document is subject
+--to the rights, licenses and restrictions contained in BCP 78, and
+--except as set forth therein, the authors retain all their rights.
+--
+--
+--This document and the information contained herein are provided on an
+--"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+--OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+--ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+--INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+--INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+--WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 
+--
+
+KerberosV5-PK-INIT-SPEC {
+           iso(1) identified-organization(3) dod(6) internet(1)
+           security(5) kerberosV5(2) modules(4) pkinit(0) } 
+--           security(5) kerberosV5(2) modules(4) pkinit(TBD) }
+--           TBD makes the asn2eth compiler upset
+DEFINITIONS EXPLICIT TAGS ::= 
+BEGIN
+
+
+    IMPORTS
+        SubjectPublicKeyInfo, AlgorithmIdentifier, Name
+            FROM PKIX1Explicit88 { iso (1) identified-organization (3)
+              dod (6) internet (1) security (5) mechanisms (5)
+              pkix (7) id-mod (0) id-pkix1-explicit (18) }
+
+
+        ContentInfo, IssuerAndSerialNumber
+            FROM CryptographicMessageSyntax { iso(1) member-body(2)
+              us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+              modules(0) cms(1) }
+
+
+        KerberosTime, Checksum, TYPED-DATA, PrincipalName, Realm, EncryptionKey
+            FROM KerberosV5Spec2 { iso(1) identified-organization(3)
+              dod(6) internet(1) security(5) kerberosV5(2) modules(4)
+              krb5spec2(2) } ;
+
+
+--    id-pkinit  OBJECT IDENTIFIER ::=
+--      { iso (1) org (3) dod (6) internet (1) security (5)
+--        kerberosv5 (2) pkinit (3) }
+--
+--
+--    id-pkdhkeydata  OBJECT IDENTIFIER  ::= { id-pkinit 1 }
+--    id-pkdhkeydata  OBJECT IDENTIFIER  ::= { id-pkinit 2 }
+--    id-pkrkeydata  OBJECT IDENTIFIER  ::= { id-pkinit 3 }
+--    id-pkekuoid  OBJECT IDENTIFIER  ::= { id-pkinit 4 }
+--    id-pkkdcekuoid  OBJECT IDENTIFIER  ::= { id-pkinit 5 }
+--
+--
+--    pa-pk-as-req INTEGER ::=                 TBD
+--    pa-pk-as-rep INTEGER ::=                 TBD
+--    pa-pk-ocsp-req INTEGER ::=               TBD
+--    pa-pk-ocsp-rep INTEGER ::=               TBD
+--
+--
+--    ad-initial-verified-cas INTEGER ::=      TBD
+--
+--
+--    td-dh-parameters INTEGER ::=             TBD
+--    td-trusted-certifiers INTEGER ::=        104
+--    td-certificate-index INTEGER ::=         105
+
+
+PaPkAsReq ::= SEQUENCE {
+    signedAuthPack          [0] ContentInfo,
+    trustedCertifiers       [1] SEQUENCE OF TrustedCA OPTIONAL,
+    kdcCert                 [2] IssuerAndSerialNumber OPTIONAL,
+    ...
+}
+
+
+TrustedCA ::= CHOICE {
+    caName                  [0] Name,
+    issuerAndSerial         [2] IssuerAndSerialNumber,
+    ...
+}
+
+--
+--    AuthPack ::= SEQUENCE {
+--        pkAuthenticator         [0] PKAuthenticator,
+--        clientPublicValue       [1] SubjectPublicKeyInfo OPTIONAL,
+--        supportedCMSTypes       [2] SEQUENCE OF AlgorithmIdentifier
+--                                    OPTIONAL,
+--        ...
+--    }
+--
+--
+--    PKAuthenticator ::= SEQUENCE {
+--        cusec                   [0] INTEGER,
+--        ctime                   [1] KerberosTime,
+--        nonce                   [2] INTEGER (0..4294967295),
+--        paChecksum              [3] Checksum,
+--        ...
+--    }
+--
+--
+--    TrustedCertifiers ::= SEQUENCE OF Name
+--
+--
+--    CertificateIndex ::= IssuerAndSerialNumber
+--
+--
+--    KRB5PrincipalName ::= SEQUENCE {
+--        realm                   [0] Realm,
+--        principalName           [1] PrincipalName
+--    }
+--
+--
+--    InitialVerifiedCAs ::= SEQUENCE OF SEQUENCE {
+--        ca                      [0] Name,
+--        validated               [1] BOOLEAN,
+--        ...
+--    }
+--
+--
+--    PA-PK-AS-REP ::= CHOICE {
+--        dhSignedData            [0] ContentInfo,
+--        encKeyPack              [1] ContentInfo,
+--        ...
+--    }
+--
+--
+--    KDCDHKeyInfo ::= SEQUENCE {
+--        subjectPublicKey        [0] BIT STRING,
+--        nonce                   [1] INTEGER,
+--        dhKeyExpiration         [2] KerberosTime OPTIONAL,
+--        ...
+--    }
+--
+--
+--    ReplyKeyPack ::= SEQUENCE {
+--        replyKey                [0] EncryptionKey,
+--        nonce                   [1] INTEGER (0..4294967295),
+--        ...
+--    }
+
+END
+
diff --git a/asn1/pkinit/packet-pkinit-template.c b/asn1/pkinit/packet-pkinit-template.c
new file mode 100644
index 0000000000..e7e92c3271
--- /dev/null
+++ b/asn1/pkinit/packet-pkinit-template.c
@@ -0,0 +1,86 @@
+/* packet-pkinit.c
+ * Routines for PKINIT packet dissection
+ *
+ * $Id: packet-pkinit-template.c,v 1.2 2004/05/25 21:07:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <glib.h>
+#include <epan/packet.h>
+#include <epan/conversation.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include "packet-ber.h"
+#include "packet-pkinit.h"
+
+#define PNAME  "PKINIT"
+#define PSNAME "PKInit"
+#define PFNAME "pkinit"
+
+/* Initialize the protocol and registered fields */
+static int proto_pkinit = -1;
+#include "packet-pkinit-hf.c"
+
+/* Initialize the subtree pointers */
+#include "packet-pkinit-ett.c"
+
+
+#include "packet-pkinit-fn.c"
+
+int
+dissect_pkinit_PA_PK_AS_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  offset = dissect_pkinit_PaPkAsReq(FALSE, tvb, offset, pinfo, tree, -1);
+  return offset;
+}
+
+
+/*--- proto_register_pkinit ----------------------------------------------*/
+void proto_register_pkinit(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] = {
+#include "packet-pkinit-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+#include "packet-pkinit-ettarr.c"
+  };
+
+  /* Register protocol */
+  proto_pkinit = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_pkinit, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+}
+
+
+/*--- proto_reg_handoff_pkinit -------------------------------------------*/
+void proto_reg_handoff_pkinit(void) {
+}
+
diff --git a/asn1/pkinit/packet-pkinit-template.h b/asn1/pkinit/packet-pkinit-template.h
new file mode 100644
index 0000000000..9578a1fb58
--- /dev/null
+++ b/asn1/pkinit/packet-pkinit-template.h
@@ -0,0 +1,33 @@
+/* packet-pkinit.h
+ * Routines for PKINIT packet dissection
+ *
+ * $Id: packet-pkinit-template.h,v 1.1 2004/05/24 08:42:29 sahlberg Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef PACKET_PKINIT_H
+#define PACKET_PKINIT_H
+
+int dissect_pkinit_PA_PK_AS_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset);
+
+/*#include "packet-pkinit-exp.h"*/
+
+#endif  /* PACKET_PKINIT_H */
+
diff --git a/asn1/pkinit/pkinit.cnf b/asn1/pkinit/pkinit.cnf
new file mode 100644
index 0000000000..104f27cd78
--- /dev/null
+++ b/asn1/pkinit/pkinit.cnf
@@ -0,0 +1,24 @@
+# pkinit.cnf

+# pkinit conformation file

+

+# $Id: pkinit.cnf,v 1.2 2004/06/03 08:35:44 guy Exp $

+

+#.MODULE_IMPORT

+PKIX1Explicit88              pkix1explicit

+CryptographicMessageSyntax   cms

+

+#.INCLUDE ../pkix1explicit/pkix1explicit_exp.cnf

+#.INCLUDE ../cms/cms_exp.cnf

+

+#.EXPORTS

+

+#.PDU

+

+#.NO_EMIT

+

+#.TYPE_RENAME

+

+#.FIELD_RENAME

+

+#.END

+

diff --git a/asn1/pkinit/pkinit_exp.cnf b/asn1/pkinit/pkinit_exp.cnf
new file mode 100644
index 0000000000..2d9c452df6
--- /dev/null
+++ b/asn1/pkinit/pkinit_exp.cnf
@@ -0,0 +1,6 @@
+

+#.IMPORT_TAG

+#.END

+

+#.TYPE_ATTR

+#.END