Adding upstream version 4.2.2.upstream/4.2.2

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

4 files changed, 388 insertions, 0 deletions

diff --git a/epan/dissectors/asn1/novell_pkis/CMakeLists.txt b/epan/dissectors/asn1/novell_pkis/CMakeLists.txt
new file mode 100644
index 00000000..04d4a784
--- /dev/null
+++ b/epan/dissectors/asn1/novell_pkis/CMakeLists.txt
@@ -0,0 +1,33 @@
+# CMakeLists.txt
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+
+set( PROTOCOL_NAME novell_pkis )
+
+set( EXT_ASN_FILE_LIST
+)
+
+set( ASN_FILE_LIST
+	${EXT_ASN_FILE_LIST}
+	${PROTOCOL_NAME}.asn
+)
+
+set( EXTRA_DIST
+	${ASN_FILE_LIST}
+	packet-${PROTOCOL_NAME}-template.c
+	${PROTOCOL_NAME}.cnf
+)
+
+set( SRC_FILES
+	${EXTRA_DIST}
+	${EXT_ASN_FILE_LIST}
+)
+
+set( A2W_FLAGS -b -u )
+
+ASN2WRS()
diff --git a/epan/dissectors/asn1/novell_pkis/novell_pkis.asn b/epan/dissectors/asn1/novell_pkis/novell_pkis.asn
new file mode 100644
index 00000000..fff6c8a9
--- /dev/null
+++ b/epan/dissectors/asn1/novell_pkis/novell_pkis.asn
@@ -0,0 +1,283 @@
+-- from pkisv10.pdf
+-- you can find this document at https://web.archive.org/web/19990224174228/http://www.developer.novell.com/repository/attributes/certattrs_v10.htm
+
+PKIS { joint-iso-ccitt(2) country(16) us(840) organization(1) novell (113719) } DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+-- ASN.1 Definition of Useful Attributes
+
+-- The following are useful Novell OIDs, etc.
+novell OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) country(16) us(840) organization(1) novell (113719)}
+applications OBJECT IDENTIFIER ::= {novell applications(1) }
+pki OBJECT IDENTIFIER ::= {applications pki(9) }
+pkiAttributeType OBJECT IDENTIFIER ::= {pki at(4) }
+pkiAttributeSyntax OBJECT IDENTIFIER ::= {pki at(5) }
+pkiObjectClass OBJECT IDENTIFIER ::= {pki at(6) }
+
+-- The following unique PKI attributes are hereby defined under the novell applications pki arc:
+pa-sa OBJECT IDENTIFIER ::= { pkiAttributeType (1) }
+ -- securityAttributes
+ -- 2.16.840.113719.1.9.4.1
+
+pa-rl OBJECT IDENTIFIER ::= { pkiAttributeType (2) }
+ -- relianceLimit
+ -- 2.16.840.113719.1.9.4.2
+
+SecurityAttributes ::= SEQUENCE {
+ versionNumber OCTET STRING (SIZE (2)),
+  -- The initial value should be (01 00)
+  -- The first octet is the major version,
+  -- the second octet is the minor version number.
+ nSI BOOLEAN (TRUE),
+  -- NSI = “Nonverified Subscriber Information”
+  -- If FALSE, it means that the CA issuing
+  -- a certificate HAS verified the validity
+  -- of ALL of the values contained
+  -- within the Novell Security Attributes
+  -- using appropriate means as defined
+  -- for example in their Certificate Policy
+  -- and/or Certificate Practice Statement
+  -- If TRUE, it means that the subscriber
+  -- requesting the certificate has represented
+  -- to the CA that the extension defined
+  -- is valid and correct, but that the CA
+  -- has not independently validated the accuracy
+  -- of the attribute. Note that in no case may
+  -- the CA issue a certificate containing an
+  -- extension which it has reason to
+  -- believe is not accurate at the time of
+  -- issuance, except for test certificates
+  -- which are identified as such in the
+  -- Certificate class attribute (by setting
+  -- the certificateValid flag to FALSE.)
+ securityTM PrintableString ("Novell Security Attribute(tm)"),
+  -- Note: Since the “Novell Security
+  -- Attribute(tm)” string is trademarked, if
+  -- it is displayed visually to the user it
+  -- must be presented exactly as shown,
+  -- in English, even in non-English
+  -- implementations. A translation of the
+  -- phrase may be displayed to the user
+  -- in addition, if desired.
+  -- Vendors who license the use of the term
+  -- must agree to check for the presence of
+  -- this string in any attribute defined (by its
+  -- OID) as a Novell Security attribute
+ uriReference IA5String,
+  -- The initial value should be set to (“http://developer.novell.com/repository/attributes/certattrs_v10.htm”),
+  -- This attribute will be included in all
+  -- NICI and PKIS certificates.
+  -- Novell will maintain a copy of this
+  -- document or other suitable definition
+  -- at that location.
+ gLBExtensions GLBExtensions
+}
+
+GLBExtensions::=SEQUENCE{
+  -- These are the extensions over which the
+  -- Greatest Lower Bound is computed within NICI.
+ keyQuality [0] IMPLICIT KeyQuality,
+ cryptoProcessQuality [1] IMPLICIT CryptoProcessQuality,
+ certificateClass [2] IMPLICIT CertificateClass,
+ enterpriseId [3] IMPLICIT EnterpriseId
+}
+
+-- ASN.1 Definitions of Key Quality and Crypto Process Quality Attributes:
+KeyQuality ::= Quality
+CryptoProcessQuality ::= Quality
+
+Quality ::= SEQUENCE {
+ enforceQuality BOOLEAN,
+  -- If TRUE, the explicit attributes compusecQuality,
+  -- cryptoQuality, and keyStorageQuality, plus the
+  -- implicit attributes algorithmType and keyLength
+  -- are either enforced at all times, or a dynamic low
+  -- water mark (Greatest Lower Bound)may be maintained.
+  -- I.e., if enforceQuality is TRUE for the
+  -- keyQuality attribute, the key must never be
+  -- allowed to be transported to and/or used on any
+  -- platform that does not meet the minimum
+  -- criteria, and hence enforceQuality must be TRUE for
+  -- the cryptoProcessQuality as well
+  -- If enforceQuality is FALSE for keyQuality, but
+  -- TRUE for cryptoProcessQuality, then the
+  -- operating system has not enforced the criteria
+  -- in any technical sense, but the subscriber
+  -- is nonetheless representing that the minimum
+  -- criteria will be maintained,
+  -- e.g., by manual or procedural controls.
+  -- For PKIS and NICI versions 1.0, enforceQuality
+  -- must be set to FALSE in the keyQuality attribute.
+ compusecQuality     CompusecQuality,
+ cryptoQuality       CryptoQuality,
+ keyStorageQuality   INTEGER (0..255) -- See definitions in Appendix C
+}
+
+CompusecQuality ::= SEQUENCE SIZE (1..1)
+                    OF CompusecQualityPair
+  -- Multiple pairs of {Criteria, Rating} are allowed
+  -- In the first release, only one pair(TCSEC criteria)is provided
+
+CompusecQualityPair ::= SEQUENCE {
+ compusecCriteria INTEGER(0..255),
+  -- The default should be 1, but DEFAULT implies OPTIONAL, which
+  -- is not the intent. So the value has to be coded explicitly.
+  -- 0= Reserved (encoding error)
+  -- 1= Trusted Computer Security Evaluation Criteria (TCSEC)
+  -- 2= International Trusted Security Evaluation Criteria (ITSEC)
+  -- 3= Common Criteria
+  -- all others reserved
+ compusecRating INTEGER (0..255)
+  -- the compusecRating is in accordance with the specified
+  -- compusecCriteria for each pair in the sequence
+  -- Defined values for ratings for components and systems formally
+  -- evaluated in accordance with the Trusted Computer Security
+  -- Evaluation Criteria and the Trusted Network Interpretation
+  -- (Red Book) are provided in Appendix A.
+}
+
+CryptoQuality ::= SEQUENCE SIZE (1..1)
+                  OF CryptoQualityPair
+  -- Multiple pairs of {Criteria, Rating} are allowed.
+  -- In the initial release, only one pair is provided.
+
+CryptoQualityPair ::= SEQUENCE {
+ cryptoModuleCriteria INTEGER(0..255),
+  -- The default should be 1, but DEFAULT implies OPTIONAL, which
+  -- is not the intent. So the value has to be coded explicitly.
+  -- 1 = FIPS 140-1
+  -- all others reserved
+ cryptoModuleRating INTEGER (0..255)
+  -- the cryptoModuleRating value is in accordance with
+  -- the specified cryptoModuleCriteria for each pair
+  -- FIPS 140-1 ratings definitions:
+  -- 0 = Reserved (encoding error)
+  -- 1 = unevaluated/unknown,
+  -- all others—see Appendix B
+}
+
+-- ASN.1 Definition of Certificate Class Attribute:
+
+CertificateClass ::= SEQUENCE {
+ classValue       INTEGER (0..255),
+  -- Defined class values are contained in Appendix C
+ certificateValid       BOOLEAN
+  -- The default should be true, but DEFAULT is OPTIONAL
+  -- which would make the GLB computation awkward.
+  -- See Section 5 and the footnote for a discussion.
+}
+
+-- ASN.1 Definition of Enterprise Identifier Attribute:
+
+EnterpriseId ::= SEQUENCE {
+ rootLabel [0] IMPLICIT SecurityLabelType1,
+ registryLabel [1] IMPLICIT SecurityLabelType1,
+ enterpriseLabel [2] IMPLICIT SEQUENCE SIZE (1..1) OF SecurityLabelType1
+}
+
+SecurityLabelType1 ::= SEQUENCE {
+ labelType1 INTEGER (0..255),
+  -- The default should be 2, but DEFAULT implies OPTIONAL, which
+  -- is not the intent. So the value has to be coded explicitly.
+  -- Note that the label type for Version 1
+  -- of Graded Authentication is 0 or 1.
+  -- Byte sizes and reserved fields are omitted,
+  -- because they are derivable from the ASN.1.
+ secrecyLevel1 INTEGER (0..255),
+  -- The default should be 0, but DEFAULT implies OPTIONAL, which
+  -- is not the intent. So the value has to be coded explicitly.
+  -- 0 = low secrecy, 255 = high secrecy
+  -- It seems highly unlikely anyone would ever
+  -- need more than 255 secrecy levels
+ integrityLevel1      INTEGER (0..255),
+  -- The default should be 0, but DEFAULT implies OPTIONAL, which
+  -- is not the intent. So the value has to be coded explicitly.
+  -- NOTE! 255 = low integrity, 0 = high integrity!
+  -- It seems highly unlikely anyone would ever
+  -- need more than 255 integrity levels
+ secrecyCategories1   BIT STRING (SIZE(96)),
+  -- The default should be FALSE, but DEFAULT implies OPTIONAL,
+  -- which is not the intent. So the value has to be coded
+  -- explicitly.
+  -- 96 secrecy categories, 0 origin indexing
+ integrityCategories1 BIT STRING (SIZE(64)),
+  -- The default should be FALSE, but DEFAULT implies OPTIONAL,
+  -- which is not the intent. So the value has to be coded
+  -- explicitly.
+  -- 64 integrity categories, 0 origin indexing
+ secrecySingletons1 Singletons,
+ integritySingletons1 Singletons
+}
+
+-- (removed the unused definition of SecurityLabelType2)
+
+Singletons ::= SEQUENCE SIZE (1..16) OF SingletonChoice
+  -- Presently up to 16 singletons or singleton ranges
+  -- can be defined within one security label. This
+  -- is completely arbitrary and can be easily changed,
+  -- but it seems reasonable. Note that no more space
+  -- is taken in the ASN.1 DER encoding than is actually
+  -- required.
+
+SingletonChoice ::= CHOICE {
+ uniqueSingleton     INTEGER (0..9223372036854775807),
+  -- The implied value of the singleton being
+  -- specified in this case is TRUE.
+  -- Note that there isn’t any way to set a
+  -- singleton value to FALSE, except by using the
+  -- SingletonRange functions with identical lower
+  -- and upper bounds.
+ singletonRange      SingletonRange
+}
+
+SingletonRange ::= SEQUENCE {
+ singletonLowerBound INTEGER (0..9223372036854775807),
+  -- The default should be 0, but DEFAULT implies OPTIONAL,
+  -- which is not the intent. So the value has to be coded
+  -- explicitly.
+  -- Lower bound of a range of singletons
+  -- to be set to the singletonValue specified
+
+ singletonUpperBound INTEGER (0..9223372036854775807),
+  -- The default should be 9223372036854775807,
+  -- but DEFAULT implies OPTIONAL,
+  -- which is not the intent. So the value has to be coded
+  -- explicitly.
+  -- Upper bound of a range of singletons
+  -- to be set to the singletonValue specified
+ singletonValue BOOLEAN
+  -- An entire range of singletons can be set to
+  -- either TRUE or FALSE.
+  -- Note that singletonRanges are allowed to overlap,
+  -- and in particular that a uniqueSingleton can
+  -- reset a singleton value already set by a
+  -- singletonRange, and vice versa.
+  -- The uniqueSingleton and singletonRanges are applied
+  -- consecutively, from the lower bound of SEQUENCE (1)
+  -- to the upper bound.
+}
+
+-- ASN.1 Definition of Reliance Limit Attribute:
+
+-- relianceLimits EXTENSION ::= { SYNTAX RelianceLimits IDENTIFIED BY {pa-rl) }
+-- 2.16.840.113719.1.9.4.2
+
+RelianceLimits ::= SEQUENCE {
+ perTransactionLimit MonetaryValue,
+ perCertificateLimit MonetaryValue
+}
+
+MonetaryValue ::= SEQUENCE { -- from SET and draft ANSI X9.45
+ currency Currency,
+ amount INTEGER, -- value is amount * (10 ** amtExp10), an exact representation
+ amtExp10 INTEGER
+}
+
+Currency ::= INTEGER (1..999)
+-- currency denomination from ISO 4217
+-- cf. Appendix E for the numeric currency codes and their
+-- alphabetic (display) equivalents.
+-- US Dollar (USD) is 840.
+-- Euro (EUR) is 978.
+
+END
diff --git a/epan/dissectors/asn1/novell_pkis/novell_pkis.cnf b/epan/dissectors/asn1/novell_pkis/novell_pkis.cnf
new file mode 100644
index 00000000..b1f9231f
--- /dev/null
+++ b/epan/dissectors/asn1/novell_pkis/novell_pkis.cnf
@@ -0,0 +1,21 @@
+# novell_pkis.cnf
+
+#.MODULE_IMPORT
+
+#.EXPORTS
+
+#.REGISTER
+SecurityAttributes B "2.16.840.1.113719.1.9.4.1" "pa-sa"
+RelianceLimits     B "2.16.840.1.113719.1.9.4.2" "pa-rl"
+
+#.PDU
+
+# PKIS-MESSAGE
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+
+#.FIELD_RENAME
+
+#.END
diff --git a/epan/dissectors/asn1/novell_pkis/packet-novell_pkis-template.c b/epan/dissectors/asn1/novell_pkis/packet-novell_pkis-template.c
new file mode 100644
index 00000000..5e0b9934
--- /dev/null
+++ b/epan/dissectors/asn1/novell_pkis/packet-novell_pkis-template.c
@@ -0,0 +1,51 @@
+/* packet-novell_pkis.c
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include <epan/expert.h>
+#include <epan/prefs.h>
+#include <epan/oids.h>
+#include <epan/conversation.h>
+#include <epan/asn1.h>
+
+#include "packet-per.h"
+#include "packet-ber.h"
+
+#include "packet-novell_pkis-hf.c"
+#include "packet-novell_pkis-ett.c"
+#include "packet-novell_pkis-fn.c"
+
+void proto_register_novell_pkis (void);
+void proto_reg_handoff_novell_pkis(void);
+
+static int proto_novell_pkis = -1;
+
+void proto_reg_handoff_novell_pkis(void)
+{
+#include "packet-novell_pkis-dis-tab.c"
+}
+
+void proto_register_novell_pkis (void)
+{
+  static hf_register_info hf[] = {
+#include "packet-novell_pkis-hfarr.c"
+  };
+  static gint *ett[] = {
+#include "packet-novell_pkis-ettarr.c"
+  };
+
+  /* execute protocol initialization only once */
+  if (proto_novell_pkis != -1) return;
+
+  proto_novell_pkis = proto_register_protocol("Novell PKIS ASN.1 type", "novell_pkis", "novell_pkis");
+  proto_register_field_array (proto_novell_pkis, hf, array_length (hf));
+  proto_register_subtree_array (ett, array_length (ett));
+}