Adding upstream version 4.2.2.upstream/4.2.2

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

7 files changed, 466 insertions, 0 deletions

diff --git a/epan/dissectors/asn1/pkixqualified/CMakeLists.txt b/epan/dissectors/asn1/pkixqualified/CMakeLists.txt
new file mode 100644
index 00000000..1faf35af
--- /dev/null
+++ b/epan/dissectors/asn1/pkixqualified/CMakeLists.txt
@@ -0,0 +1,43 @@
+# CMakeLists.txt
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+
+set( PROTOCOL_NAME pkixqualified )
+
+set( PROTO_OPT )
+
+set( EXT_ASN_FILE_LIST
+)
+
+set( ASN_FILE_LIST
+	PKIXqualified.asn
+	PKIXServiceNameSAN88.asn
+	PKIXServiceNameSAN93.asn
+)
+
+set( EXTRA_DIST
+	${ASN_FILE_LIST}
+	packet-${PROTOCOL_NAME}-template.c
+	packet-${PROTOCOL_NAME}-template.h
+	${PROTOCOL_NAME}.cnf
+)
+
+set( SRC_FILES
+	${EXTRA_DIST}
+	${EXT_ASN_FILE_LIST}
+)
+
+set( A2W_FLAGS -b )
+
+set( EXTRA_CNF
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509af/x509af-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509ce/x509ce-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509sat/x509sat-exp.cnf"
+)
+
+ASN2WRS()
diff --git a/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN88.asn b/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN88.asn
new file mode 100644
index 00000000..80e1da5e
--- /dev/null
+++ b/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN88.asn
@@ -0,0 +1,32 @@
+-- Extracted from RFC 4985 Appendix A.1.  1988 ASN.1 Module
+--
+   PKIXServiceNameSAN88 {iso(1) identified-organization(3) dod(6)
+         internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+         id-mod-dns-srv-name-88(39) }
+
+   DEFINITIONS EXPLICIT TAGS ::=
+
+      BEGIN
+
+      -- EXPORTS ALL --
+
+      IMPORTS
+
+   -- UTF8String, / move hyphens before slash if UTF8String does not
+   -- resolve with your compiler
+
+        id-pkix
+              FROM PKIX1Explicit88 { iso(1) identified-organization(3)
+              dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+              id-mod(0) id-pkix1-explicit(18) } ;
+              -- from RFC3280 [N2]
+     -- Service Name Object Identifier and Syntax
+     -- id-pkix OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7}
+
+     id-on   OBJECT IDENTIFIER ::= { id-pkix 8 }
+
+     id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 }
+
+     SRVName ::= IA5String    (SIZE (1..MAX))
+
+   END
diff --git a/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN93.asn b/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN93.asn
new file mode 100644
index 00000000..ce4b9943
--- /dev/null
+++ b/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN93.asn
@@ -0,0 +1,39 @@
+-- Extracted from RFC 4985 Appendix A.2.  1993 ASN.1 Module
+--
+   PKIXServiceNameSAN93 {iso(1) identified-organization(3) dod(6)
+       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+       id-mod-dns-srv-name-93(40) }
+
+   DEFINITIONS EXPLICIT TAGS ::=
+
+   BEGIN
+
+   -- EXPORTS ALL --
+
+   IMPORTS
+
+      id-pkix
+            FROM PKIX1Explicit88 { iso(1) identified-organization(3)
+            dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+            id-mod(0) id-pkix1-explicit(18) } ;
+             -- from RFC 3280 [N2]
+
+
+   -- In the GeneralName definition using the 1993 ASN.1 syntax
+   -- includes:
+
+   OTHER-NAME ::= TYPE-IDENTIFIER
+
+
+   -- Service Name Object Identifier
+
+--   id-on   OBJECT IDENTIFIER ::= { id-pkix 8 }
+
+--   id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 }
+   -- Service Name
+
+   srvName OTHER-NAME ::= { SRVName IDENTIFIED BY { id-on-dnsSRV }}
+
+--   SRVName ::= IA5String (SIZE (1..MAX))
+
+   END
\ No newline at end of file
diff --git a/epan/dissectors/asn1/pkixqualified/PKIXqualified.asn b/epan/dissectors/asn1/pkixqualified/PKIXqualified.asn
new file mode 100644
index 00000000..50c3200b
--- /dev/null
+++ b/epan/dissectors/asn1/pkixqualified/PKIXqualified.asn
@@ -0,0 +1,224 @@
+-- This ASN definition is taken from (and modified to pass through asn2wrs)
+-- RFC3739
+--
+-- RFC3739 contains the followin copyright statements:
+-- 
+-- Full Copyright Statement
+-- 
+--    Copyright (C) The Internet Society (2004).  This document is subject
+--    to the rights, licenses and restrictions contained in BCP 78 and
+--    except as set forth therein, the authors retain all their rights.
+-- 
+--    This document and the information contained herein are provided on an
+--    "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
+--    REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
+--    INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
+--    IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+--    THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+--    WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+-- 
+-- Intellectual Property
+-- 
+--    The IETF takes no position regarding the validity or scope of any
+--    Intellectual Property Rights or other rights that might be claimed
+--    to pertain to the implementation or use of the technology
+--    described in this document or the extent to which any license
+--    under such rights might or might not be available; nor does it
+--    represent that it has made any independent effort to identify any
+--    such rights.  Information on the procedures with respect to
+--    rights in RFC documents can be found in BCP 78 and BCP 79.
+-- 
+--    Copies of IPR disclosures made to the IETF Secretariat and any
+--    assurances of licenses to be made available, or the result of an
+--    attempt made to obtain a general license or permission for the use
+--    of such proprietary rights by implementers or users of this
+--    specification can be obtained from the IETF on-line IPR repository
+--    at http://www.ietf.org/ipr.
+-- 
+--    The IETF invites any interested party to bring to its attention
+--    any copyrights, patents or patent applications, or other
+--    proprietary rights that may cover technology that may be required
+--    to implement this standard.  Please address the information to the
+--    IETF at ietf-ipr@ietf.org.
+-- 
+-- Acknowledgement
+-- 
+--    Funding for the RFC Editor function is currently provided by the
+--    Internet Society.
+-- 
+
+
+   PKIXqualified97 {iso(1) identified-organization(3) dod(6)
+       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+       id-mod-qualified-cert-97(35) }
+
+   DEFINITIONS EXPLICIT TAGS ::=
+
+   BEGIN
+
+   -- EXPORTS ALL --
+
+   IMPORTS
+
+   informationFramework, certificateExtensions, selectedAttributeTypes,
+       authenticationFramework, upperBounds, id-at
+       FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
+       usefulDefinitions(0) 3 }
+
+   ub-name
+       FROM UpperBounds upperBounds
+
+   GeneralName
+       FROM CertificateExtensions certificateExtensions
+
+   ATTRIBUTE, AttributeType
+       FROM InformationFramework informationFramework
+
+   DirectoryString
+       FROM SelectedAttributeTypes selectedAttributeTypes
+
+   AlgorithmIdentifier, Extension, EXTENSION
+       FROM AuthenticationFramework authenticationFramework
+
+   id-pkix, id-pe
+       FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6)
+       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+       id-pkix1-explicit(18) };
+
+   -- Locally defined OIDs
+
+   -- Arc for QC personal data attributes
+--   id-pda  OBJECT IDENTIFIER ::= { id-pkix 9 }
+
+   -- Arc for QC statements
+--   id-qcs  OBJECT IDENTIFIER ::= { id-pkix 11 }
+
+   -- Personal data attributes
+
+--   id-pda-dateOfBirth          AttributeType ::= { id-pda 1 }
+--   id-pda-placeOfBirth         AttributeType ::= { id-pda 2 }
+--   id-pda-gender               AttributeType ::= { id-pda 3 }
+--   id-pda-countryOfCitizenship AttributeType ::= { id-pda 4 }
+--   id-pda-countryOfResidence   AttributeType ::= { id-pda 5 }
+
+   -- Certificate extensions
+
+--   id-pe-biometricInfo         OBJECT IDENTIFIER ::= { id-pe 2 }
+--   id-pe-qcStatements          OBJECT IDENTIFIER ::= { id-pe 3 }
+
+   -- QC statements
+
+--   id-qcs-pkixQCSyntax-v1      OBJECT IDENTIFIER ::= { id-qcs 1 }
+--   id-qcs-pkixQCSyntax-v2      OBJECT IDENTIFIER ::= { id-qcs 2 }
+
+Generalizedtime ::= GeneralizedTime
+
+Directorystring ::= DirectoryString
+
+Printablestring ::= PrintableString
+
+   -- Personal data attributes
+--
+--   dateOfBirth ATTRIBUTE ::= {
+--       WITH SYNTAX GeneralizedTime
+--       ID          id-pda-dateOfBirth }
+--
+--   placeOfBirth ATTRIBUTE ::= {
+--      WITH SYNTAX DirectoryString {ub-name}
+--      ID          id-pda-placeOfBirth }
+--
+--   gender ATTRIBUTE ::= {
+--       WITH SYNTAX PrintableString (SIZE(1) ^ FROM("M"|"F"|"m"|"f"))
+--       ID          id-pda-gender }
+--
+--   countryOfCitizenship ATTRIBUTE ::= {
+--       WITH SYNTAX PrintableString (SIZE (2))
+--           (CONSTRAINED BY { })
+--       ID          id-pda-countryOfCitizenship }
+--
+--   countryOfResidence ATTRIBUTE ::= {
+--       WITH SYNTAX PrintableString (SIZE (2))
+--           (CONSTRAINED BY { })
+--       ID          id-pda-countryOfResidence }
+--
+   -- Certificate extensions
+
+   -- Biometric info extension
+--
+--   biometricInfo  EXTENSION ::= {
+--       SYNTAX             BiometricSyntax
+--       IDENTIFIED BY      id-pe-biometricInfo }
+
+   BiometricSyntax ::= SEQUENCE OF BiometricData
+
+   BiometricData ::= SEQUENCE {
+       typeOfBiometricData TypeOfBiometricData,
+       hashAlgorithm       AlgorithmIdentifier,
+       biometricDataHash   OCTET STRING,
+       sourceDataUri       IA5String OPTIONAL,
+       ... }
+
+   TypeOfBiometricData ::= CHOICE {
+       predefinedBiometricType PredefinedBiometricType,
+       biometricDataOid        OBJECT IDENTIFIER }
+
+   PredefinedBiometricType ::= INTEGER {
+       picture(0), handwritten-signature(1)}
+
+
+   -- QC Statements Extension
+   -- NOTE: This extension does not allow to mix critical and
+   -- non-critical Qualified Certificate Statements. Either all
+   -- statements must be critical or all statements must be
+   -- non-critical.
+--
+--   qcStatements  EXTENSION ::= {
+--       SYNTAX        QCStatements
+--       IDENTIFIED BY id-pe-qcStatements }
+
+   QCStatements ::= SEQUENCE OF QCStatement
+
+   QCStatement ::= SEQUENCE {
+       statementId   OBJECT IDENTIFIER,
+       statementInfo ANY OPTIONAL }
+
+--   QC-STATEMENT ::= CLASS {
+--       &id   OBJECT IDENTIFIER UNIQUE,
+--       &Type OPTIONAL }
+--       WITH SYNTAX {
+--       [SYNTAX &Type] IDENTIFIED BY &id }
+
+--   qcStatement-1 QC-STATEMENT ::= { SYNTAX SemanticsInformation
+--       IDENTIFIED BY id-qcs-pkixQCSyntax-v1}
+       --  This statement identifies conformance with requirements
+       --  defined in RFC 3039 (Version 1). This statement
+       --  may optionally contain additional semantics information
+       --  as specified below.
+
+--   qcStatement-2 QC-STATEMENT ::= { SYNTAX SemanticsInformation
+--       IDENTIFIED BY id-qcs-pkixQCSyntax-v2}
+       --  This statement identifies conformance with requirements
+       --  defined in this Qualified Certificate profile
+       --  (Version 2). This statement may optionally contain
+       --  additional semantics information as specified below.
+
+   SemanticsInformation ::= SEQUENCE {
+       semanticsIdentifier         OBJECT IDENTIFIER OPTIONAL,
+       nameRegistrationAuthorities NameRegistrationAuthorities OPTIONAL
+       }
+
+   NameRegistrationAuthorities ::= SEQUENCE OF GeneralName
+
+   -- The following information object set is defined to constrain the
+   -- set of attributes applications are required to recognize as QCSs.
+--   SupportedStatements QC-STATEMENT ::= {
+--       qcStatement-1 |
+--       qcStatement-2 , ... }
+
+-- RFC 3920 added
+
+   XmppAddr ::= UTF8String
+
+   END
+
+
diff --git a/epan/dissectors/asn1/pkixqualified/packet-pkixqualified-template.c b/epan/dissectors/asn1/pkixqualified/packet-pkixqualified-template.c
new file mode 100644
index 00000000..2d4ebc3f
--- /dev/null
+++ b/epan/dissectors/asn1/pkixqualified/packet-pkixqualified-template.c
@@ -0,0 +1,70 @@
+/* packet-pkixqualified.c
+ * Routines for RFC3739 PKIXqualified packet dissection
+ *  Ronnie Sahlberg 2004
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include <epan/asn1.h>
+
+#include "packet-ber.h"
+#include "packet-pkixqualified.h"
+#include "packet-x509af.h"
+#include "packet-x509ce.h"
+#include "packet-x509sat.h"
+
+#define PNAME  "PKIX Qualified"
+#define PSNAME "PKIXQUALIFIED"
+#define PFNAME "pkixqualified"
+
+void proto_register_pkixqualified(void);
+void proto_reg_handoff_pkixqualified(void);
+
+
+/* Initialize the protocol and registered fields */
+static int proto_pkixqualified = -1;
+#include "packet-pkixqualified-hf.c"
+
+/* Initialize the subtree pointers */
+#include "packet-pkixqualified-ett.c"
+
+static const char *object_identifier_id;
+
+#include "packet-pkixqualified-fn.c"
+
+
+/*--- proto_register_pkixqualified ----------------------------------------------*/
+void proto_register_pkixqualified(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] = {
+#include "packet-pkixqualified-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+#include "packet-pkixqualified-ettarr.c"
+  };
+
+  /* Register protocol */
+  proto_pkixqualified = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_pkixqualified, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+}
+
+
+/*--- proto_reg_handoff_pkixqualified -------------------------------------------*/
+void proto_reg_handoff_pkixqualified(void) {
+#include "packet-pkixqualified-dis-tab.c"
+}
+
diff --git a/epan/dissectors/asn1/pkixqualified/packet-pkixqualified-template.h b/epan/dissectors/asn1/pkixqualified/packet-pkixqualified-template.h
new file mode 100644
index 00000000..24d343ae
--- /dev/null
+++ b/epan/dissectors/asn1/pkixqualified/packet-pkixqualified-template.h
@@ -0,0 +1,18 @@
+/* packet-pkixqualified.h
+ * Routines for RFC3739 PKIXqualified packet dissection
+ *  Ronnie Sahlberg 2004
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef PACKET_PKIXQUALIFIED_H
+#define PACKET_PKIXQUALIFIED_H
+
+/*#include "packet-pkixqualified-exp.h"*/
+
+#endif  /* PACKET_PKIXQUALIFIED_H */
+
diff --git a/epan/dissectors/asn1/pkixqualified/pkixqualified.cnf b/epan/dissectors/asn1/pkixqualified/pkixqualified.cnf
new file mode 100644
index 00000000..a162dc7f
--- /dev/null
+++ b/epan/dissectors/asn1/pkixqualified/pkixqualified.cnf
@@ -0,0 +1,40 @@
+# PKIXqualified.cnf
+# PKIXqualified conformation file
+
+#.IMPORT ../x509ce/x509ce-exp.cnf
+#.IMPORT ../x509af/x509af-exp.cnf
+#.IMPORT ../x509sat/x509sat-exp.cnf
+
+#.EXPORTS
+
+#.REGISTER
+BiometricSyntax         B "1.3.6.1.5.5.7.1.2" "id-pe-biometricInfo"
+QCStatements            B "1.3.6.1.5.5.7.1.3" "id-pe-qcStatements"
+SemanticsInformation    B "1.3.6.1.5.5.7.11.1" "id-qcs-pkixQCSyntax-v1"
+SemanticsInformation    B "1.3.6.1.5.5.7.11.2" "id-qcs-pkixQCSyntax-v2"
+XmppAddr			    B "1.3.6.1.5.5.7.8.5" "id-on-xmppAddr"
+Generalizedtime         B "1.3.6.1.5.5.7.9.1" "id-pda-dateOfBirth"
+Directorystring         B "1.3.6.1.5.5.7.9.2" "id-pda-placeOfBirth"
+Printablestring         B "1.3.6.1.5.5.7.9.3" "id-pda-gender"
+Printablestring         B "1.3.6.1.5.5.7.9.4" "id-pda-countryOfCitizenship"
+Printablestring         B "1.3.6.1.5.5.7.9.5" "id-pda-countryOfResidence"
+SRVName                 B "1.3.6.1.5.5.7.8.7" "id-on-dnsSRV"
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+
+#.FIELD_RENAME
+
+#.FN_HDR QCStatement
+  object_identifier_id = NULL;
+
+#.FN_PARS QCStatement/statementId
+  FN_VARIANT = _str  HF_INDEX = hf_pkixqualified_statementId  VAL_PTR = &object_identifier_id
+
+#.FN_BODY QCStatement/statementInfo
+  offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+#.END
+
+