search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-pkinit.c
blobfceef1cbe271858a1fe77c9b1b35958264ca87a4
1 /* Do not modify this file. Changes will be overwritten. */
2 /* Generated automatically by the ASN.1 to Wireshark dissector compiler */
3 /* packet-pkinit.c */
4 /* asn2wrs.py -b -q -L -p pkinit -c ./pkinit.cnf -s ./packet-pkinit-template -D . -O ../.. PKINIT_RFC_4556.asn */
5
6 /* packet-pkinit.c
7 * Routines for PKINIT packet dissection
8 * Ronnie Sahlberg 2004
9 *
10 * Wireshark - Network traffic analyzer
11 * By Gerald Combs <gerald@wireshark.org>
12 * Copyright 1998 Gerald Combs
13 *
14 * SPDX-License-Identifier: GPL-2.0-or-later
15 */
16
17 #include "config.h"
18
19 #include <epan/packet.h>
20 #include <epan/oids.h>
21 #include <epan/asn1.h>
22 #include <epan/proto_data.h>
23 #include <wsutil/array.h>
24
25 #include "packet-ber.h"
26 #include "packet-pkinit.h"
27 #include "packet-cms.h"
28 #include "packet-pkix1explicit.h"
29 #include "packet-kerberos.h"
30
31 #define PNAME "PKINIT"
32 #define PSNAME "PKInit"
33 #define PFNAME "pkinit"
34
35 void proto_register_pkinit(void);
36 void proto_reg_handoff_pkinit(void);
37
38 /* Initialize the protocol and registered fields */
39 static int proto_pkinit;
40 static int hf_pkinit_AuthPack_PDU; /* AuthPack */
41 static int hf_pkinit_KRB5PrincipalName_PDU; /* KRB5PrincipalName */
42 static int hf_pkinit_KDCDHKeyInfo_PDU; /* KDCDHKeyInfo */
43 static int hf_pkinit_signedAuthPack; /* ContentInfo */
44 static int hf_pkinit_trustedCertifiers; /* SEQUENCE_OF_ExternalPrincipalIdentifier */
45 static int hf_pkinit_trustedCertifiers_item; /* ExternalPrincipalIdentifier */
46 static int hf_pkinit_kdcPkId; /* OCTET_STRING */
47 static int hf_pkinit_kdf_id; /* OBJECT_IDENTIFIER */
48 static int hf_pkinit_subjectName; /* Name */
49 static int hf_pkinit_issuerAndSerialNumber; /* IssuerAndSerialNumber */
50 static int hf_pkinit_subjectKeyIdentifier; /* OCTET_STRING */
51 static int hf_pkinit_pkAuthenticator; /* PKAuthenticator */
52 static int hf_pkinit_clientPublicValue; /* SubjectPublicKeyInfo */
53 static int hf_pkinit_supportedCMSTypes; /* SEQUENCE_OF_AlgorithmIdentifier */
54 static int hf_pkinit_supportedCMSTypes_item; /* AlgorithmIdentifier */
55 static int hf_pkinit_clientDHNonce; /* DHNonce */
56 static int hf_pkinit_supportedKDFs; /* SEQUENCE_OF_KDFAlgorithmId */
57 static int hf_pkinit_supportedKDFs_item; /* KDFAlgorithmId */
58 static int hf_pkinit_cusec; /* INTEGER_0_999999 */
59 static int hf_pkinit_ctime; /* KerberosTime */
60 static int hf_pkinit_paNonce; /* INTEGER_0_4294967295 */
61 static int hf_pkinit_paChecksum; /* OCTET_STRING */
62 static int hf_pkinit_freshnessToken; /* OCTET_STRING */
63 static int hf_pkinit_TD_TRUSTED_CERTIFIERS_item; /* ExternalPrincipalIdentifier */
64 static int hf_pkinit_TD_INVALID_CERTIFICATES_item; /* ExternalPrincipalIdentifier */
65 static int hf_pkinit_realm; /* Realm */
66 static int hf_pkinit_principalName; /* PrincipalName */
67 static int hf_pkinit_AD_INITIAL_VERIFIED_CAS_item; /* ExternalPrincipalIdentifier */
68 static int hf_pkinit_dhInfo; /* DHRepInfo */
69 static int hf_pkinit_encKeyPack; /* ContentInfo */
70 static int hf_pkinit_dhSignedData; /* ContentInfo */
71 static int hf_pkinit_serverDHNonce; /* DHNonce */
72 static int hf_pkinit_kdf; /* KDFAlgorithmId */
73 static int hf_pkinit_subjectPublicKey; /* BIT_STRING */
74 static int hf_pkinit_dhNonce; /* INTEGER_0_4294967295 */
75 static int hf_pkinit_dhKeyExpiration; /* KerberosTime */
76 static int hf_pkinit_TD_DH_PARAMETERS_item; /* AlgorithmIdentifier */
77 static int hf_pkinit_kdcName; /* PrincipalName */
78 static int hf_pkinit_kdcRealm; /* Realm */
79 static int hf_pkinit_cusecWin2k; /* INTEGER_0_4294967295 */
80 static int hf_pkinit_paNonceWin2k; /* INTEGER_M2147483648_2147483647 */
81 static int hf_pkinit_signed_auth_pack; /* ContentInfo */
82 static int hf_pkinit_trusted_certifiers; /* SEQUENCE_OF_TrustedCA */
83 static int hf_pkinit_trusted_certifiers_item; /* TrustedCA */
84 static int hf_pkinit_kdc_cert; /* OCTET_STRING */
85 static int hf_pkinit_encryption_cert; /* OCTET_STRING */
86 static int hf_pkinit_caName; /* Name */
87 static int hf_pkinit_issuerAndSerial; /* IssuerAndSerialNumber */
88
89 /* Initialize the subtree pointers */
90 static int ett_pkinit_PA_PK_AS_REQ;
91 static int ett_pkinit_SEQUENCE_OF_ExternalPrincipalIdentifier;
92 static int ett_pkinit_KDFAlgorithmId;
93 static int ett_pkinit_ExternalPrincipalIdentifier;
94 static int ett_pkinit_AuthPack;
95 static int ett_pkinit_SEQUENCE_OF_AlgorithmIdentifier;
96 static int ett_pkinit_SEQUENCE_OF_KDFAlgorithmId;
97 static int ett_pkinit_PKAuthenticator;
98 static int ett_pkinit_TD_TRUSTED_CERTIFIERS;
99 static int ett_pkinit_TD_INVALID_CERTIFICATES;
100 static int ett_pkinit_KRB5PrincipalName;
101 static int ett_pkinit_AD_INITIAL_VERIFIED_CAS;
102 static int ett_pkinit_PA_PK_AS_REP;
103 static int ett_pkinit_DHRepInfo;
104 static int ett_pkinit_KDCDHKeyInfo;
105 static int ett_pkinit_TD_DH_PARAMETERS;
106 static int ett_pkinit_PKAuthenticator_Win2k;
107 static int ett_pkinit_PA_PK_AS_REQ_Win2k;
108 static int ett_pkinit_SEQUENCE_OF_TrustedCA;
109 static int ett_pkinit_TrustedCA;
110
111 static int dissect_KerberosV5Spec2_KerberosTime(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_);
112 static int dissect_KerberosV5Spec2_Realm(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_);
113 static int dissect_KerberosV5Spec2_PrincipalName(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_);
114 static int dissect_pkinit_PKAuthenticator_Win2k(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
115
116
117
118 static int
119 dissect_pkinit_OCTET_STRING(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
120 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
121 NULL);
122
123 return offset;
124 }
125
126
127 static const ber_sequence_t ExternalPrincipalIdentifier_sequence[] = {
128 { &hf_pkinit_subjectName , BER_CLASS_CON, 0, 0, dissect_pkix1explicit_Name },
129 { &hf_pkinit_issuerAndSerialNumber, BER_CLASS_CON, 1, 0, dissect_cms_IssuerAndSerialNumber },
130 { &hf_pkinit_subjectKeyIdentifier, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_pkinit_OCTET_STRING },
131 { NULL, 0, 0, 0, NULL }
132 };
133
134 static int
135 dissect_pkinit_ExternalPrincipalIdentifier(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
136 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
137 ExternalPrincipalIdentifier_sequence, hf_index, ett_pkinit_ExternalPrincipalIdentifier);
138
139 return offset;
140 }
141
142
143 static const ber_sequence_t SEQUENCE_OF_ExternalPrincipalIdentifier_sequence_of[1] = {
144 { &hf_pkinit_trustedCertifiers_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_pkinit_ExternalPrincipalIdentifier },
145 };
146
147 static int
148 dissect_pkinit_SEQUENCE_OF_ExternalPrincipalIdentifier(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
149 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
150 SEQUENCE_OF_ExternalPrincipalIdentifier_sequence_of, hf_index, ett_pkinit_SEQUENCE_OF_ExternalPrincipalIdentifier);
151
152 return offset;
153 }
154
155
156 static const ber_sequence_t PA_PK_AS_REQ_sequence[] = {
157 { &hf_pkinit_signedAuthPack, BER_CLASS_CON, 0, 0, dissect_cms_ContentInfo },
158 { &hf_pkinit_trustedCertifiers, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_pkinit_SEQUENCE_OF_ExternalPrincipalIdentifier },
159 { &hf_pkinit_kdcPkId , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_pkinit_OCTET_STRING },
160 { NULL, 0, 0, 0, NULL }
161 };
162
163 int
164 dissect_pkinit_PA_PK_AS_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
165 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
166 PA_PK_AS_REQ_sequence, hf_index, ett_pkinit_PA_PK_AS_REQ);
167
168 return offset;
169 }
170
171
172
173 static int
174 dissect_pkinit_DHNonce(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
175 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
176 NULL);
177
178 return offset;
179 }
180
181
182
183 static int
184 dissect_pkinit_OBJECT_IDENTIFIER(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
185 offset = dissect_ber_object_identifier(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
186
187 return offset;
188 }
189
190
191 static const ber_sequence_t KDFAlgorithmId_sequence[] = {
192 { &hf_pkinit_kdf_id , BER_CLASS_CON, 0, 0, dissect_pkinit_OBJECT_IDENTIFIER },
193 { NULL, 0, 0, 0, NULL }
194 };
195
196 static int
197 dissect_pkinit_KDFAlgorithmId(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
198 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
199 KDFAlgorithmId_sequence, hf_index, ett_pkinit_KDFAlgorithmId);
200
201 return offset;
202 }
203
204
205
206 static int
207 dissect_pkinit_INTEGER_0_999999(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
208 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
209 NULL);
210
211 return offset;
212 }
213
214
215
216 static int
217 dissect_pkinit_INTEGER_0_4294967295(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
218 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
219 NULL);
220
221 return offset;
222 }
223
224
225 static const ber_sequence_t PKAuthenticator_sequence[] = {
226 { &hf_pkinit_cusec , BER_CLASS_CON, 0, 0, dissect_pkinit_INTEGER_0_999999 },
227 { &hf_pkinit_ctime , BER_CLASS_CON, 1, 0, dissect_KerberosV5Spec2_KerberosTime },
228 { &hf_pkinit_paNonce , BER_CLASS_CON, 2, 0, dissect_pkinit_INTEGER_0_4294967295 },
229 { &hf_pkinit_paChecksum , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_pkinit_OCTET_STRING },
230 { &hf_pkinit_freshnessToken, BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_pkinit_OCTET_STRING },
231 { NULL, 0, 0, 0, NULL }
232 };
233
234 static int
235 dissect_pkinit_PKAuthenticator(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
236
237 if (p_get_proto_data(actx->pinfo->pool, actx->pinfo, proto_pkinit, 0)) {
238 return dissect_pkinit_PKAuthenticator_Win2k(implicit_tag, tvb, offset, actx, tree, hf_index);
239 }
240 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
241 PKAuthenticator_sequence, hf_index, ett_pkinit_PKAuthenticator);
242
243
244
245 return offset;
246 }
247
248
249 static const ber_sequence_t SEQUENCE_OF_AlgorithmIdentifier_sequence_of[1] = {
250 { &hf_pkinit_supportedCMSTypes_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_pkix1explicit_AlgorithmIdentifier },
251 };
252
253 static int
254 dissect_pkinit_SEQUENCE_OF_AlgorithmIdentifier(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
255 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
256 SEQUENCE_OF_AlgorithmIdentifier_sequence_of, hf_index, ett_pkinit_SEQUENCE_OF_AlgorithmIdentifier);
257
258 return offset;
259 }
260
261
262 static const ber_sequence_t SEQUENCE_OF_KDFAlgorithmId_sequence_of[1] = {
263 { &hf_pkinit_supportedKDFs_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_pkinit_KDFAlgorithmId },
264 };
265
266 static int
267 dissect_pkinit_SEQUENCE_OF_KDFAlgorithmId(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
268 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
269 SEQUENCE_OF_KDFAlgorithmId_sequence_of, hf_index, ett_pkinit_SEQUENCE_OF_KDFAlgorithmId);
270
271 return offset;
272 }
273
274
275 static const ber_sequence_t AuthPack_sequence[] = {
276 { &hf_pkinit_pkAuthenticator, BER_CLASS_CON, 0, 0, dissect_pkinit_PKAuthenticator },
277 { &hf_pkinit_clientPublicValue, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_pkix1explicit_SubjectPublicKeyInfo },
278 { &hf_pkinit_supportedCMSTypes, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_pkinit_SEQUENCE_OF_AlgorithmIdentifier },
279 { &hf_pkinit_clientDHNonce, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_pkinit_DHNonce },
280 { &hf_pkinit_supportedKDFs, BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_pkinit_SEQUENCE_OF_KDFAlgorithmId },
281 { NULL, 0, 0, 0, NULL }
282 };
283
284 static int
285 dissect_pkinit_AuthPack(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
286 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
287 AuthPack_sequence, hf_index, ett_pkinit_AuthPack);
288
289 return offset;
290 }
291
292
293
294
295 static const ber_sequence_t KRB5PrincipalName_sequence[] = {
296 { &hf_pkinit_realm , BER_CLASS_CON, 0, 0, dissect_KerberosV5Spec2_Realm },
297 { &hf_pkinit_principalName, BER_CLASS_CON, 1, 0, dissect_KerberosV5Spec2_PrincipalName },
298 { NULL, 0, 0, 0, NULL }
299 };
300
301 static int
302 dissect_pkinit_KRB5PrincipalName(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
303 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
304 KRB5PrincipalName_sequence, hf_index, ett_pkinit_KRB5PrincipalName);
305
306 return offset;
307 }
308
309
310
311 static const ber_sequence_t DHRepInfo_sequence[] = {
312 { &hf_pkinit_dhSignedData , BER_CLASS_CON, 0, 0, dissect_cms_ContentInfo },
313 { &hf_pkinit_serverDHNonce, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_pkinit_DHNonce },
314 { &hf_pkinit_kdf , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_pkinit_KDFAlgorithmId },
315 { NULL, 0, 0, 0, NULL }
316 };
317
318 static int
319 dissect_pkinit_DHRepInfo(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
320 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
321 DHRepInfo_sequence, hf_index, ett_pkinit_DHRepInfo);
322
323 return offset;
324 }
325
326
327 const value_string pkinit_PA_PK_AS_REP_vals[] = {
328 { 0, "dhInfo" },
329 { 1, "encKeyPack" },
330 { 0, NULL }
331 };
332
333 static const ber_choice_t PA_PK_AS_REP_choice[] = {
334 { 0, &hf_pkinit_dhInfo , BER_CLASS_CON, 0, 0, dissect_pkinit_DHRepInfo },
335 { 1, &hf_pkinit_encKeyPack , BER_CLASS_CON, 1, 0, dissect_cms_ContentInfo },
336 { 0, NULL, 0, 0, 0, NULL }
337 };
338
339 int
340 dissect_pkinit_PA_PK_AS_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
341 offset = dissect_ber_choice(actx, tree, tvb, offset,
342 PA_PK_AS_REP_choice, hf_index, ett_pkinit_PA_PK_AS_REP,
343 NULL);
344
345 return offset;
346 }
347
348
349
350 static int
351 dissect_pkinit_BIT_STRING(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
352 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
353 NULL, 0, hf_index, -1,
354 NULL);
355
356 return offset;
357 }
358
359
360 static const ber_sequence_t KDCDHKeyInfo_sequence[] = {
361 { &hf_pkinit_subjectPublicKey, BER_CLASS_CON, 0, 0, dissect_pkinit_BIT_STRING },
362 { &hf_pkinit_dhNonce , BER_CLASS_CON, 1, 0, dissect_pkinit_INTEGER_0_4294967295 },
363 { &hf_pkinit_dhKeyExpiration, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_KerberosV5Spec2_KerberosTime },
364 { NULL, 0, 0, 0, NULL }
365 };
366
367 static int
368 dissect_pkinit_KDCDHKeyInfo(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
369 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
370 KDCDHKeyInfo_sequence, hf_index, ett_pkinit_KDCDHKeyInfo);
371
372 return offset;
373 }
374
375
376
377
378 static int
379 dissect_pkinit_INTEGER_M2147483648_2147483647(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
380 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
381 NULL);
382
383 return offset;
384 }
385
386
387 static const ber_sequence_t PKAuthenticator_Win2k_sequence[] = {
388 { &hf_pkinit_kdcName , BER_CLASS_CON, 0, 0, dissect_KerberosV5Spec2_PrincipalName },
389 { &hf_pkinit_kdcRealm , BER_CLASS_CON, 1, 0, dissect_KerberosV5Spec2_Realm },
390 { &hf_pkinit_cusecWin2k , BER_CLASS_CON, 2, 0, dissect_pkinit_INTEGER_0_4294967295 },
391 { &hf_pkinit_ctime , BER_CLASS_CON, 3, 0, dissect_KerberosV5Spec2_KerberosTime },
392 { &hf_pkinit_paNonceWin2k , BER_CLASS_CON, 4, 0, dissect_pkinit_INTEGER_M2147483648_2147483647 },
393 { NULL, 0, 0, 0, NULL }
394 };
395
396 static int
397 dissect_pkinit_PKAuthenticator_Win2k(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
398 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
399 PKAuthenticator_Win2k_sequence, hf_index, ett_pkinit_PKAuthenticator_Win2k);
400
401 return offset;
402 }
403
404
405 static const value_string pkinit_TrustedCA_vals[] = {
406 { 0, "caName" },
407 { 2, "issuerAndSerial" },
408 { 0, NULL }
409 };
410
411 static const ber_choice_t TrustedCA_choice[] = {
412 { 0, &hf_pkinit_caName , BER_CLASS_CON, 0, 0, dissect_pkix1explicit_Name },
413 { 2, &hf_pkinit_issuerAndSerial, BER_CLASS_CON, 2, 0, dissect_cms_IssuerAndSerialNumber },
414 { 0, NULL, 0, 0, 0, NULL }
415 };
416
417 static int
418 dissect_pkinit_TrustedCA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
419 offset = dissect_ber_choice(actx, tree, tvb, offset,
420 TrustedCA_choice, hf_index, ett_pkinit_TrustedCA,
421 NULL);
422
423 return offset;
424 }
425
426
427 static const ber_sequence_t SEQUENCE_OF_TrustedCA_sequence_of[1] = {
428 { &hf_pkinit_trusted_certifiers_item, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_pkinit_TrustedCA },
429 };
430
431 static int
432 dissect_pkinit_SEQUENCE_OF_TrustedCA(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
433 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
434 SEQUENCE_OF_TrustedCA_sequence_of, hf_index, ett_pkinit_SEQUENCE_OF_TrustedCA);
435
436 return offset;
437 }
438
439
440 static const ber_sequence_t PA_PK_AS_REQ_Win2k_sequence[] = {
441 { &hf_pkinit_signed_auth_pack, BER_CLASS_CON, 0, 0, dissect_cms_ContentInfo },
442 { &hf_pkinit_trusted_certifiers, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_pkinit_SEQUENCE_OF_TrustedCA },
443 { &hf_pkinit_kdc_cert , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_pkinit_OCTET_STRING },
444 { &hf_pkinit_encryption_cert, BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_pkinit_OCTET_STRING },
445 { NULL, 0, 0, 0, NULL }
446 };
447
448 int
449 dissect_pkinit_PA_PK_AS_REQ_Win2k(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
450 uint8_t v = 1;
451
452 if (kerberos_is_win2k_pkinit(actx)) {
453 p_set_proto_data(actx->pinfo->pool, actx->pinfo, proto_pkinit, 0, &v);
454 }
455 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
456 PA_PK_AS_REQ_Win2k_sequence, hf_index, ett_pkinit_PA_PK_AS_REQ_Win2k);
457
458 if (kerberos_is_win2k_pkinit(actx)) {
459 p_remove_proto_data(actx->pinfo->pool, actx->pinfo, proto_pkinit, 0);
460 }
461
462
463 return offset;
464 }
465
466
467
468 int
469 dissect_pkinit_PA_PK_AS_REP_Win2k(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
470 offset = dissect_pkinit_PA_PK_AS_REP(implicit_tag, tvb, offset, actx, tree, hf_index);
471
472 return offset;
473 }
474
475 /*--- PDUs ---*/
476
477 static int dissect_AuthPack_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
478 int offset = 0;
479 asn1_ctx_t asn1_ctx;
480 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
481 offset = dissect_pkinit_AuthPack(false, tvb, offset, &asn1_ctx, tree, hf_pkinit_AuthPack_PDU);
482 return offset;
483 }
484 static int dissect_KRB5PrincipalName_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
485 int offset = 0;
486 asn1_ctx_t asn1_ctx;
487 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
488 offset = dissect_pkinit_KRB5PrincipalName(false, tvb, offset, &asn1_ctx, tree, hf_pkinit_KRB5PrincipalName_PDU);
489 return offset;
490 }
491 static int dissect_KDCDHKeyInfo_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
492 int offset = 0;
493 asn1_ctx_t asn1_ctx;
494 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
495 offset = dissect_pkinit_KDCDHKeyInfo(false, tvb, offset, &asn1_ctx, tree, hf_pkinit_KDCDHKeyInfo_PDU);
496 return offset;
497 }
498
499
500 static int
501 dissect_KerberosV5Spec2_KerberosTime(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) {
502 offset = dissect_krb5_ctime(tree, tvb, offset, actx);
503 return offset;
504 }
505
506 static int
507 dissect_KerberosV5Spec2_Realm(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) {
508 offset = dissect_krb5_realm(tree, tvb, offset, actx);
509 return offset;
510 }
511
512 static int
513 dissect_KerberosV5Spec2_PrincipalName(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) {
514 offset = dissect_krb5_cname(tree, tvb, offset, actx);
515 return offset;
516 }
517
518
519 /*--- proto_register_pkinit ----------------------------------------------*/
520 void proto_register_pkinit(void) {
521
522 /* List of fields */
523 static hf_register_info hf[] = {
524 { &hf_pkinit_AuthPack_PDU,
525 { "AuthPack", "pkinit.AuthPack_element",
526 FT_NONE, BASE_NONE, NULL, 0,
527 NULL, HFILL }},
528 { &hf_pkinit_KRB5PrincipalName_PDU,
529 { "KRB5PrincipalName", "pkinit.KRB5PrincipalName_element",
530 FT_NONE, BASE_NONE, NULL, 0,
531 NULL, HFILL }},
532 { &hf_pkinit_KDCDHKeyInfo_PDU,
533 { "KDCDHKeyInfo", "pkinit.KDCDHKeyInfo_element",
534 FT_NONE, BASE_NONE, NULL, 0,
535 NULL, HFILL }},
536 { &hf_pkinit_signedAuthPack,
537 { "signedAuthPack", "pkinit.signedAuthPack_element",
538 FT_NONE, BASE_NONE, NULL, 0,
539 "ContentInfo", HFILL }},
540 { &hf_pkinit_trustedCertifiers,
541 { "trustedCertifiers", "pkinit.trustedCertifiers",
542 FT_UINT32, BASE_DEC, NULL, 0,
543 "SEQUENCE_OF_ExternalPrincipalIdentifier", HFILL }},
544 { &hf_pkinit_trustedCertifiers_item,
545 { "ExternalPrincipalIdentifier", "pkinit.ExternalPrincipalIdentifier_element",
546 FT_NONE, BASE_NONE, NULL, 0,
547 NULL, HFILL }},
548 { &hf_pkinit_kdcPkId,
549 { "kdcPkId", "pkinit.kdcPkId",
550 FT_BYTES, BASE_NONE, NULL, 0,
551 "OCTET_STRING", HFILL }},
552 { &hf_pkinit_kdf_id,
553 { "kdf-id", "pkinit.kdf_id",
554 FT_OID, BASE_NONE, NULL, 0,
555 "OBJECT_IDENTIFIER", HFILL }},
556 { &hf_pkinit_subjectName,
557 { "subjectName", "pkinit.subjectName",
558 FT_UINT32, BASE_DEC, NULL, 0,
559 "Name", HFILL }},
560 { &hf_pkinit_issuerAndSerialNumber,
561 { "issuerAndSerialNumber", "pkinit.issuerAndSerialNumber_element",
562 FT_NONE, BASE_NONE, NULL, 0,
563 NULL, HFILL }},
564 { &hf_pkinit_subjectKeyIdentifier,
565 { "subjectKeyIdentifier", "pkinit.subjectKeyIdentifier",
566 FT_BYTES, BASE_NONE, NULL, 0,
567 "OCTET_STRING", HFILL }},
568 { &hf_pkinit_pkAuthenticator,
569 { "pkAuthenticator", "pkinit.pkAuthenticator_element",
570 FT_NONE, BASE_NONE, NULL, 0,
571 NULL, HFILL }},
572 { &hf_pkinit_clientPublicValue,
573 { "clientPublicValue", "pkinit.clientPublicValue_element",
574 FT_NONE, BASE_NONE, NULL, 0,
575 "SubjectPublicKeyInfo", HFILL }},
576 { &hf_pkinit_supportedCMSTypes,
577 { "supportedCMSTypes", "pkinit.supportedCMSTypes",
578 FT_UINT32, BASE_DEC, NULL, 0,
579 "SEQUENCE_OF_AlgorithmIdentifier", HFILL }},
580 { &hf_pkinit_supportedCMSTypes_item,
581 { "AlgorithmIdentifier", "pkinit.AlgorithmIdentifier_element",
582 FT_NONE, BASE_NONE, NULL, 0,
583 NULL, HFILL }},
584 { &hf_pkinit_clientDHNonce,
585 { "clientDHNonce", "pkinit.clientDHNonce",
586 FT_BYTES, BASE_NONE, NULL, 0,
587 "DHNonce", HFILL }},
588 { &hf_pkinit_supportedKDFs,
589 { "supportedKDFs", "pkinit.supportedKDFs",
590 FT_UINT32, BASE_DEC, NULL, 0,
591 "SEQUENCE_OF_KDFAlgorithmId", HFILL }},
592 { &hf_pkinit_supportedKDFs_item,
593 { "KDFAlgorithmId", "pkinit.KDFAlgorithmId_element",
594 FT_NONE, BASE_NONE, NULL, 0,
595 NULL, HFILL }},
596 { &hf_pkinit_cusec,
597 { "cusec", "pkinit.cusec",
598 FT_UINT32, BASE_DEC, NULL, 0,
599 "INTEGER_0_999999", HFILL }},
600 { &hf_pkinit_ctime,
601 { "ctime", "pkinit.ctime_element",
602 FT_NONE, BASE_NONE, NULL, 0,
603 "KerberosTime", HFILL }},
604 { &hf_pkinit_paNonce,
605 { "nonce", "pkinit.nonce",
606 FT_UINT32, BASE_DEC, NULL, 0,
607 "INTEGER_0_4294967295", HFILL }},
608 { &hf_pkinit_paChecksum,
609 { "paChecksum", "pkinit.paChecksum",
610 FT_BYTES, BASE_NONE, NULL, 0,
611 "OCTET_STRING", HFILL }},
612 { &hf_pkinit_freshnessToken,
613 { "freshnessToken", "pkinit.freshnessToken",
614 FT_BYTES, BASE_NONE, NULL, 0,
615 "OCTET_STRING", HFILL }},
616 { &hf_pkinit_TD_TRUSTED_CERTIFIERS_item,
617 { "ExternalPrincipalIdentifier", "pkinit.ExternalPrincipalIdentifier_element",
618 FT_NONE, BASE_NONE, NULL, 0,
619 NULL, HFILL }},
620 { &hf_pkinit_TD_INVALID_CERTIFICATES_item,
621 { "ExternalPrincipalIdentifier", "pkinit.ExternalPrincipalIdentifier_element",
622 FT_NONE, BASE_NONE, NULL, 0,
623 NULL, HFILL }},
624 { &hf_pkinit_realm,
625 { "realm", "pkinit.realm_element",
626 FT_NONE, BASE_NONE, NULL, 0,
627 NULL, HFILL }},
628 { &hf_pkinit_principalName,
629 { "principalName", "pkinit.principalName_element",
630 FT_NONE, BASE_NONE, NULL, 0,
631 NULL, HFILL }},
632 { &hf_pkinit_AD_INITIAL_VERIFIED_CAS_item,
633 { "ExternalPrincipalIdentifier", "pkinit.ExternalPrincipalIdentifier_element",
634 FT_NONE, BASE_NONE, NULL, 0,
635 NULL, HFILL }},
636 { &hf_pkinit_dhInfo,
637 { "dhInfo", "pkinit.dhInfo_element",
638 FT_NONE, BASE_NONE, NULL, 0,
639 "DHRepInfo", HFILL }},
640 { &hf_pkinit_encKeyPack,
641 { "encKeyPack", "pkinit.encKeyPack_element",
642 FT_NONE, BASE_NONE, NULL, 0,
643 "ContentInfo", HFILL }},
644 { &hf_pkinit_dhSignedData,
645 { "dhSignedData", "pkinit.dhSignedData_element",
646 FT_NONE, BASE_NONE, NULL, 0,
647 "ContentInfo", HFILL }},
648 { &hf_pkinit_serverDHNonce,
649 { "serverDHNonce", "pkinit.serverDHNonce",
650 FT_BYTES, BASE_NONE, NULL, 0,
651 "DHNonce", HFILL }},
652 { &hf_pkinit_kdf,
653 { "kdf", "pkinit.kdf_element",
654 FT_NONE, BASE_NONE, NULL, 0,
655 "KDFAlgorithmId", HFILL }},
656 { &hf_pkinit_subjectPublicKey,
657 { "subjectPublicKey", "pkinit.subjectPublicKey",
658 FT_BYTES, BASE_NONE, NULL, 0,
659 "BIT_STRING", HFILL }},
660 { &hf_pkinit_dhNonce,
661 { "nonce", "pkinit.nonce",
662 FT_UINT32, BASE_DEC, NULL, 0,
663 "INTEGER_0_4294967295", HFILL }},
664 { &hf_pkinit_dhKeyExpiration,
665 { "dhKeyExpiration", "pkinit.dhKeyExpiration_element",
666 FT_NONE, BASE_NONE, NULL, 0,
667 "KerberosTime", HFILL }},
668 { &hf_pkinit_TD_DH_PARAMETERS_item,
669 { "AlgorithmIdentifier", "pkinit.AlgorithmIdentifier_element",
670 FT_NONE, BASE_NONE, NULL, 0,
671 NULL, HFILL }},
672 { &hf_pkinit_kdcName,
673 { "kdcName", "pkinit.kdcName_element",
674 FT_NONE, BASE_NONE, NULL, 0,
675 "PrincipalName", HFILL }},
676 { &hf_pkinit_kdcRealm,
677 { "kdcRealm", "pkinit.kdcRealm_element",
678 FT_NONE, BASE_NONE, NULL, 0,
679 "Realm", HFILL }},
680 { &hf_pkinit_cusecWin2k,
681 { "cusec", "pkinit.cusec",
682 FT_UINT32, BASE_DEC, NULL, 0,
683 "INTEGER_0_4294967295", HFILL }},
684 { &hf_pkinit_paNonceWin2k,
685 { "nonce", "pkinit.nonce",
686 FT_INT32, BASE_DEC, NULL, 0,
687 "INTEGER_M2147483648_2147483647", HFILL }},
688 { &hf_pkinit_signed_auth_pack,
689 { "signed-auth-pack", "pkinit.signed_auth_pack_element",
690 FT_NONE, BASE_NONE, NULL, 0,
691 "ContentInfo", HFILL }},
692 { &hf_pkinit_trusted_certifiers,
693 { "trusted-certifiers", "pkinit.trusted_certifiers",
694 FT_UINT32, BASE_DEC, NULL, 0,
695 "SEQUENCE_OF_TrustedCA", HFILL }},
696 { &hf_pkinit_trusted_certifiers_item,
697 { "TrustedCA", "pkinit.TrustedCA",
698 FT_UINT32, BASE_DEC, VALS(pkinit_TrustedCA_vals), 0,
699 NULL, HFILL }},
700 { &hf_pkinit_kdc_cert,
701 { "kdc-cert", "pkinit.kdc_cert",
702 FT_BYTES, BASE_NONE, NULL, 0,
703 "OCTET_STRING", HFILL }},
704 { &hf_pkinit_encryption_cert,
705 { "encryption-cert", "pkinit.encryption_cert",
706 FT_BYTES, BASE_NONE, NULL, 0,
707 "OCTET_STRING", HFILL }},
708 { &hf_pkinit_caName,
709 { "caName", "pkinit.caName",
710 FT_UINT32, BASE_DEC, NULL, 0,
711 "Name", HFILL }},
712 { &hf_pkinit_issuerAndSerial,
713 { "issuerAndSerial", "pkinit.issuerAndSerial_element",
714 FT_NONE, BASE_NONE, NULL, 0,
715 "IssuerAndSerialNumber", HFILL }},
716 };
717
718 /* List of subtrees */
719 static int *ett[] = {
720 &ett_pkinit_PA_PK_AS_REQ,
721 &ett_pkinit_SEQUENCE_OF_ExternalPrincipalIdentifier,
722 &ett_pkinit_KDFAlgorithmId,
723 &ett_pkinit_ExternalPrincipalIdentifier,
724 &ett_pkinit_AuthPack,
725 &ett_pkinit_SEQUENCE_OF_AlgorithmIdentifier,
726 &ett_pkinit_SEQUENCE_OF_KDFAlgorithmId,
727 &ett_pkinit_PKAuthenticator,
728 &ett_pkinit_TD_TRUSTED_CERTIFIERS,
729 &ett_pkinit_TD_INVALID_CERTIFICATES,
730 &ett_pkinit_KRB5PrincipalName,
731 &ett_pkinit_AD_INITIAL_VERIFIED_CAS,
732 &ett_pkinit_PA_PK_AS_REP,
733 &ett_pkinit_DHRepInfo,
734 &ett_pkinit_KDCDHKeyInfo,
735 &ett_pkinit_TD_DH_PARAMETERS,
736 &ett_pkinit_PKAuthenticator_Win2k,
737 &ett_pkinit_PA_PK_AS_REQ_Win2k,
738 &ett_pkinit_SEQUENCE_OF_TrustedCA,
739 &ett_pkinit_TrustedCA,
740 };
741
742 /* Register protocol */
743 proto_pkinit = proto_register_protocol(PNAME, PSNAME, PFNAME);
744
745 /* Register fields and subtrees */
746 proto_register_field_array(proto_pkinit, hf, array_length(hf));
747 proto_register_subtree_array(ett, array_length(ett));
748
749 }
750
751
752 /*--- proto_reg_handoff_pkinit -------------------------------------------*/
753 void proto_reg_handoff_pkinit(void) {
754 register_ber_oid_dissector("1.3.6.1.5.2.3.1", dissect_AuthPack_PDU, proto_pkinit, "id-pkauthdata");
755 register_ber_oid_dissector("1.3.6.1.5.2.3.2", dissect_KDCDHKeyInfo_PDU, proto_pkinit, "id-pkdhkeydata");
756 register_ber_oid_dissector("1.3.6.1.5.2.2", dissect_KRB5PrincipalName_PDU, proto_pkinit, "id-pkinit-san");
757
758
759 /* It would seem better to get these from REGISTER declarations in
760 pkinit.cnf rather than putting them in the template this way,
761 but I had trouble with that, and other existing examples are
762 done this way. [res Fri Aug 2 23:55:30 2024]
763
764 RFC-8636 "PKINIT Algorithm Agility"
765 */
766 oid_add_from_string("id-pkinit-kdf-ah-sha1" , "1.3.6.1.5.2.3.6.1");
767 oid_add_from_string("id-pkinit-kdf-ah-sha256" , "1.3.6.1.5.2.3.6.2");
768 oid_add_from_string("id-pkinit-kdf-ah-sha512" , "1.3.6.1.5.2.3.6.3");
769 oid_add_from_string("id-pkinit-kdf-ah-sha384" , "1.3.6.1.5.2.3.6.4");
770 }
Metzes wireshark repo