diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 20:34:10 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 20:34:10 +0000 |
| commit | e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc (patch) | |
| tree | 68cb5ef9081156392f1dd62a00c6ccc1451b93df /epan/dissectors/packet-ber.c | |
| parent | Initial commit. (diff) | |
| download | wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.tar.xz wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.zip | |
Adding upstream version 4.2.2.upstream/4.2.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'epan/dissectors/packet-ber.c')
| -rw-r--r-- | epan/dissectors/packet-ber.c | 4614 |
1 files changed, 4614 insertions, 0 deletions
diff --git a/epan/dissectors/packet-ber.c b/epan/dissectors/packet-ber.c new file mode 100644 index 00000000..5d01d055 --- /dev/null +++ b/epan/dissectors/packet-ber.c @@ -0,0 +1,4614 @@ +/* packet-ber.c + * Helpers for ASN.1/BER dissection + * Ronnie Sahlberg (C) 2004 + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +/* + * ITU-T Recommendation X.690 (07/2002), + * Information technology ASN.1 encoding rules: + * Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) + * + */ +/* TODO: change #.REGISTER signature to dissector_t and + * update call_ber_oid_callback() accordingly. + * + * Since we don't pass the TAG/LENGTH from the CHOICE/SEQUENCE/SEQUENCE OF/ + * SET OF helpers through the callbacks to the next pabket-ber helper + * when the tags are IMPLICIT, this causes a problem when we also have + * indefinite length at the same time as the tags are implicit. + * + * While the proper fix is to change the signatures for packet-ber.c helpers + * as well as the signatures for the callbacks to include the indefinite length + * indication that would be a major job. + * + * Originally we used a kludge - we set a global variable in the + * CHOICE/SEQUENCE [OF]/SET [OF] helpers to indicate to the next helper + * whether the length is indefinite or not. + * That had currently only been implemented for {SEQUENCE|SET} [OF] but not + * CHOICE. + * + * This version attacks the problem(s) in a different way. If we see + * indefinite length the get_ber_length traverses the tags within the + * compound value and then we return the true length of the compound value + * including the EOC. Thus the tvb length is now always correct even for + * indefinite length, then if we get implicit tags they can be handled as + * if they were definite length. + */ + +//#define DEBUG_BER 1 + +#include "config.h" + +#include <epan/packet.h> +#include <epan/exceptions.h> +#include <epan/reassemble.h> +#include <epan/oids.h> +#include <epan/expert.h> +#include <epan/uat.h> +#include <epan/decode_as.h> +#include <wiretap/wtap.h> +#ifdef DEBUG_BER +#include <epan/ws_printf.h> +#endif + +#include "packet-ber.h" + +/* + * Set a limit on recursion so we don't blow away the stack. Another approach + * would be to remove recursion completely but then we'd exhaust CPU+memory + * trying to read a hellabyte of nested indefinite lengths. + + * XXX - Max nesting in the ASN.1 plugin is 32. Should they match? + */ +#define BER_MAX_NESTING 500 + +void proto_register_ber(void); +void proto_reg_handoff_ber(void); + +static gint proto_ber = -1; +static gint hf_ber_id_class = -1; +static gint hf_ber_id_pc = -1; +static gint hf_ber_id_uni_tag = -1; +static gint hf_ber_id_uni_tag_ext = -1; +static gint hf_ber_id_tag = -1; +static gint hf_ber_id_tag_ext = -1; +static gint hf_ber_length = -1; +static gint hf_ber_length_octets = -1; +static gint hf_ber_bitstring_padding = -1; +static gint hf_ber_bitstring_empty = -1; +static gint hf_ber_unknown_OID = -1; +static gint hf_ber_unknown_relative_OID = -1; +static gint hf_ber_unknown_BOOLEAN = -1; +static gint hf_ber_unknown_OCTETSTRING = -1; +static gint hf_ber_unknown_BER_OCTETSTRING = -1; +static gint hf_ber_unknown_BER_primitive = -1; +static gint hf_ber_unknown_GraphicString = -1; +static gint hf_ber_unknown_NumericString = -1; +static gint hf_ber_unknown_PrintableString = -1; +static gint hf_ber_unknown_TeletexString = -1; +static gint hf_ber_unknown_VisibleString = -1; +static gint hf_ber_unknown_GeneralString = -1; +static gint hf_ber_unknown_UniversalString = -1; +static gint hf_ber_unknown_BMPString = -1; +static gint hf_ber_unknown_IA5String = -1; +static gint hf_ber_unknown_UTCTime = -1; +static gint hf_ber_unknown_UTF8String = -1; +static gint hf_ber_unknown_GeneralizedTime = -1; +static gint hf_ber_unknown_INTEGER = -1; +static gint hf_ber_unknown_REAL = -1; +static gint hf_ber_unknown_BITSTRING = -1; +static gint hf_ber_unknown_ENUMERATED = -1; +static gint hf_ber_direct_reference = -1; /* OBJECT_IDENTIFIER */ +static gint hf_ber_indirect_reference = -1; /* INTEGER */ +static gint hf_ber_data_value_descriptor = -1; /* ObjectDescriptor */ +static gint hf_ber_encoding = -1; /* T_encoding */ +static gint hf_ber_single_ASN1_type = -1; /* T_single_ASN1_type */ +static gint hf_ber_octet_aligned = -1; /* OCTET_STRING */ +static gint hf_ber_arbitrary = -1; /* BIT_STRING */ +static gint hf_ber_extra_data = -1; +static gint hf_ber_encoding_boiler_plate = -1; + +/* Generated from convert_proto_tree_add_text.pl */ +static int hf_ber_seq_of_eoc = -1; +static int hf_ber_64bit_uint_as_bytes = -1; +static int hf_ber_choice_eoc = -1; +static int hf_ber_seq_field_eoc = -1; +static int hf_ber_seq_eoc = -1; +static int hf_ber_set_field_eoc = -1; +static int hf_ber_set_eoc = -1; +static int hf_ber_null_tag = -1; +static int hf_ber_unknown_octetstring = -1; +static int hf_ber_unknown_data = -1; + +static int hf_ber_fragments = -1; +static int hf_ber_fragment = -1; +static int hf_ber_fragment_overlap = -1; +static int hf_ber_fragment_overlap_conflicts = -1; +static int hf_ber_fragment_multiple_tails = -1; +static int hf_ber_fragment_too_long_fragment = -1; +static int hf_ber_fragment_error = -1; +static int hf_ber_fragment_count = -1; +static int hf_ber_reassembled_in = -1; +static int hf_ber_reassembled_length = -1; + +static gint ett_ber_octet_string = -1; +static gint ett_ber_reassembled_octet_string = -1; +static gint ett_ber_primitive = -1; +static gint ett_ber_unknown = -1; +static gint ett_ber_SEQUENCE = -1; +static gint ett_ber_EXTERNAL = -1; +static gint ett_ber_T_encoding = -1; +static gint ett_ber_fragment = -1; +static gint ett_ber_fragments = -1; + +static expert_field ei_ber_size_constraint_string = EI_INIT; +static expert_field ei_ber_size_constraint_value = EI_INIT; +static expert_field ei_ber_size_constraint_items = EI_INIT; +static expert_field ei_ber_sequence_field_wrong = EI_INIT; +static expert_field ei_ber_expected_octet_string = EI_INIT; +static expert_field ei_ber_expected_null = EI_INIT; +static expert_field ei_ber_expected_null_zero_length = EI_INIT; +static expert_field ei_ber_expected_sequence = EI_INIT; +static expert_field ei_ber_expected_set = EI_INIT; +static expert_field ei_ber_expected_string = EI_INIT; +static expert_field ei_ber_expected_object_identifier = EI_INIT; +static expert_field ei_ber_expected_generalized_time = EI_INIT; +static expert_field ei_ber_expected_utc_time = EI_INIT; +static expert_field ei_ber_expected_bitstring = EI_INIT; +static expert_field ei_ber_error_length = EI_INIT; +static expert_field ei_ber_wrong_tag_in_tagged_type = EI_INIT; +static expert_field ei_ber_universal_tag_unknown = EI_INIT; +static expert_field ei_ber_no_oid = EI_INIT; +static expert_field ei_ber_syntax_not_implemented = EI_INIT; +static expert_field ei_ber_oid_not_implemented = EI_INIT; +static expert_field ei_ber_value_too_many_bytes = EI_INIT; +static expert_field ei_ber_unknown_field_sequence = EI_INIT; +static expert_field ei_ber_unknown_field_set = EI_INIT; +static expert_field ei_ber_missing_field_set = EI_INIT; +static expert_field ei_ber_empty_choice = EI_INIT; +static expert_field ei_ber_choice_not_found = EI_INIT; +static expert_field ei_ber_bits_unknown = EI_INIT; +static expert_field ei_ber_bits_set_padded = EI_INIT; +static expert_field ei_ber_illegal_padding = EI_INIT; +static expert_field ei_ber_invalid_format_generalized_time = EI_INIT; +static expert_field ei_ber_invalid_format_utctime = EI_INIT; +static expert_field ei_hf_field_not_integer_type = EI_INIT; +static expert_field ei_ber_constr_bitstr = EI_INIT; +static expert_field ei_ber_real_not_primitive = EI_INIT; + +static dissector_handle_t ber_handle; +static dissector_handle_t ber_file_handle; + +static gboolean show_internal_ber_fields = FALSE; +static gboolean decode_octetstring_as_ber = FALSE; +static gboolean decode_primitive_as_ber = FALSE; +static gboolean decode_unexpected = FALSE; +static gboolean decode_warning_leading_zero_bits = FALSE; + +static gchar *decode_as_syntax = NULL; + +static dissector_table_t ber_oid_dissector_table = NULL; +static dissector_table_t ber_syntax_dissector_table = NULL; + +static GHashTable *syntax_table = NULL; + +static gint8 last_class; +static bool last_pc; +static gint32 last_tag; +static guint32 last_length; +static tvbuff_t *last_length_tvb; +static int last_length_offset; +static int last_length_len; +static bool last_ind; + +static const value_string ber_class_codes[] = { + { BER_CLASS_UNI, "UNIVERSAL" }, + { BER_CLASS_APP, "APPLICATION" }, + { BER_CLASS_CON, "CONTEXT" }, + { BER_CLASS_PRI, "PRIVATE" }, + { 0, NULL } +}; + +static const true_false_string ber_pc_codes = { + "Constructed Encoding", + "Primitive Encoding" +}; + + +static const value_string ber_uni_tag_codes[] = { + { BER_UNI_TAG_EOC, "'end-of-content'" }, + { BER_UNI_TAG_BOOLEAN, "BOOLEAN" }, + { BER_UNI_TAG_INTEGER, "INTEGER" }, + { BER_UNI_TAG_BITSTRING, "BIT STRING" }, + { BER_UNI_TAG_OCTETSTRING, "OCTET STRING" }, + { BER_UNI_TAG_NULL, "NULL" }, + { BER_UNI_TAG_OID, "OBJECT IDENTIFIER" }, + { BER_UNI_TAG_ObjectDescriptor, "ObjectDescriptor" }, + { BER_UNI_TAG_EXTERNAL, "EXTERNAL" }, + { BER_UNI_TAG_REAL, "REAL" }, + { BER_UNI_TAG_ENUMERATED, "ENUMERATED" }, + { BER_UNI_TAG_EMBEDDED_PDV, "EMBEDDED PDV" }, + { BER_UNI_TAG_UTF8String, "UTF8String" }, + { BER_UNI_TAG_RELATIVE_OID, "RELATIVE-OID" }, + /* UNIVERSAL 14-15 + * Reserved for future editions of this + * Recommendation | International Standard + */ + { 14, "Reserved for future editions" }, + { 15 , "Reserved for future editions" }, + + { BER_UNI_TAG_SEQUENCE, "SEQUENCE" }, + { BER_UNI_TAG_SET, "SET" }, + { BER_UNI_TAG_NumericString, "NumericString" }, + { BER_UNI_TAG_PrintableString, "PrintableString" }, + { BER_UNI_TAG_TeletexString, "TeletexString, T61String" }, + { BER_UNI_TAG_VideotexString, "VideotexString" }, + { BER_UNI_TAG_IA5String, "IA5String" }, + { BER_UNI_TAG_UTCTime, "UTCTime" }, + { BER_UNI_TAG_GeneralizedTime, "GeneralizedTime" }, + { BER_UNI_TAG_GraphicString, "GraphicString" }, + { BER_UNI_TAG_VisibleString, "VisibleString, ISO64String" }, + { BER_UNI_TAG_GeneralString, "GeneralString" }, + { BER_UNI_TAG_UniversalString, "UniversalString" }, + { BER_UNI_TAG_CHARACTERSTRING, "CHARACTER STRING" }, + { BER_UNI_TAG_BMPString, "BMPString" }, + { 31, "Continued" }, + { 0, NULL } +}; +static value_string_ext ber_uni_tag_codes_ext = VALUE_STRING_EXT_INIT(ber_uni_tag_codes); + +#if 0 +static const true_false_string ber_real_binary_vals = { + "Binary encoding", + "Decimal encoding" +}; + +static const true_false_string ber_real_decimal_vals = { + "SpecialRealValue", + "Decimal encoding" +}; +#endif + +typedef struct _da_data { + GHFunc func; + gpointer user_data; +} da_data; + +typedef struct _oid_user_t { + char *oid; + char *name; + char *syntax; +} oid_user_t; + +UAT_CSTRING_CB_DEF(oid_users, oid, oid_user_t) +UAT_CSTRING_CB_DEF(oid_users, name, oid_user_t) +UAT_VS_CSTRING_DEF(oid_users, syntax, oid_user_t, 0, "") + +static oid_user_t *oid_users; +static guint num_oid_users; + +#define MAX_SYNTAX_NAMES 128 +/* Define non_const_value_string as a hack to prevent chackAPIs.pl from complaining */ +#define non_const_value_string value_string +static non_const_value_string syntax_names[MAX_SYNTAX_NAMES+1] = { + {0, ""}, + {0, NULL} +}; + +static const fragment_items octet_string_frag_items = { + /* Fragment subtrees */ + &ett_ber_fragment, + &ett_ber_fragments, + /* Fragment fields */ + &hf_ber_fragments, + &hf_ber_fragment, + &hf_ber_fragment_overlap, + &hf_ber_fragment_overlap_conflicts, + &hf_ber_fragment_multiple_tails, + &hf_ber_fragment_too_long_fragment, + &hf_ber_fragment_error, + &hf_ber_fragment_count, + /* Reassembled in field */ + &hf_ber_reassembled_in, + /* Reassembled length field */ + &hf_ber_reassembled_length, + /* Reassembled data field */ + NULL, + /* Tag */ + "OCTET STRING fragments" +}; + +void +add_ber_encoded_label(tvbuff_t* tvb, packet_info* pinfo _U_, proto_tree* tree) +{ + proto_item *ti; + + ti = proto_tree_add_item(tree, hf_ber_encoding_boiler_plate, tvb, 0, -1, ENC_NA); + proto_item_set_generated(ti); + +} + +static void * +oid_copy_cb(void *dest, const void *orig, size_t len _U_) +{ + oid_user_t *u = (oid_user_t *)dest; + const oid_user_t *o = (const oid_user_t *)orig; + + u->oid = g_strdup(o->oid); + u->name = g_strdup(o->name); + u->syntax = o->syntax; + + return dest; +} + +static void +oid_free_cb(void *r) +{ + oid_user_t *u = (oid_user_t *)r; + + g_free(u->oid); + g_free(u->name); +} + +static int +cmp_value_string(const void *v1, const void *v2) +{ + const value_string *vs1 = (const value_string *)v1; + const value_string *vs2 = (const value_string *)v2; + + return strcmp(vs1->strptr, vs2->strptr); +} + +static uat_field_t users_flds[] = { + UAT_FLD_OID(oid_users, oid, "OID", "Object Identifier"), + UAT_FLD_CSTRING(oid_users, name, "Name", "Human readable name for the OID"), + UAT_FLD_VS(oid_users, syntax, "Syntax", syntax_names, "Syntax of values associated with the OID"), + UAT_END_FIELDS +}; + + +static void ber_prompt(packet_info *pinfo _U_, gchar* result) +{ + snprintf(result, MAX_DECODE_AS_PROMPT_LEN, "Decode ASN.1 file as"); +} + +static gpointer ber_value(packet_info *pinfo _U_) +{ + /* Not used */ + return NULL; +} + +struct ber_decode_as_populate +{ + decode_as_add_to_list_func add_to_list; + gpointer ui_element; +}; + +static void +decode_ber_add_to_list(gpointer key, gpointer value, gpointer user_data) +{ + struct ber_decode_as_populate* populate = (struct ber_decode_as_populate*)user_data; + populate->add_to_list("ASN.1", (gchar *)key, value, populate->ui_element); +} + +static void ber_populate_list(const gchar *table_name _U_, decode_as_add_to_list_func add_to_list, gpointer ui_element) +{ + struct ber_decode_as_populate populate; + + populate.add_to_list = add_to_list; + populate.ui_element = ui_element; + + ber_decode_as_foreach(decode_ber_add_to_list, &populate); +} + +static gboolean ber_decode_as_reset(const char *name _U_, gconstpointer pattern _U_) +{ + g_free(decode_as_syntax); + decode_as_syntax = NULL; + return FALSE; +} + +static gboolean ber_decode_as_change(const char *name _U_, gconstpointer pattern _U_, gconstpointer handle _U_, const gchar* list_name) +{ + g_free(decode_as_syntax); + decode_as_syntax = g_strdup(list_name); + return FALSE; +} + +int +dissect_ber_oid_NULL_callback(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void* data _U_) +{ + return tvb_captured_length(tvb); +} + + +void +register_ber_oid_dissector_handle(const char *oid, dissector_handle_t dissector, int proto _U_, const char *name) +{ + dissector_add_string("ber.oid", oid, dissector); + oid_add_from_string(name, oid); +} + +void +register_ber_oid_dissector(const char *oid, dissector_t dissector, int proto, const char *name) +{ + dissector_handle_t dissector_handle; + + dissector_handle = create_dissector_handle(dissector, proto); + dissector_add_string("ber.oid", oid, dissector_handle); + oid_add_from_string(name, oid); +} + +void +register_ber_syntax_dissector(const char *syntax, int proto, dissector_t dissector) +{ + dissector_handle_t dissector_handle; + + dissector_handle = create_dissector_handle(dissector, proto); + dissector_add_string("ber.syntax", syntax, dissector_handle); + +} + +void +register_ber_oid_syntax(const char *oid, const char *name, const char *syntax) +{ + + if (syntax && *syntax) + g_hash_table_insert(syntax_table, (gpointer)g_strdup(oid), (gpointer)g_strdup(syntax)); + + if (name && *name) + register_ber_oid_name(oid, name); +} + +/* Register the oid name to get translation in proto dissection */ +void +register_ber_oid_name(const char *oid, const char *name) +{ + oid_add_from_string(name, oid); +} + +static void +ber_add_syntax_name(gpointer key, gpointer value _U_, gpointer user_data) +{ + guint *i = (guint*)user_data; + + if (*i < MAX_SYNTAX_NAMES) { + syntax_names[*i].value = *i; + syntax_names[*i].strptr = (const gchar*)key; + + (*i)++; + } + +} + +static void +ber_decode_as_dt(const gchar *table_name _U_, ftenum_t selector_type _U_, gpointer key, gpointer value, gpointer user_data) +{ + da_data *decode_as_data; + + decode_as_data = (da_data *)user_data; + + decode_as_data->func(key, value, decode_as_data->user_data); +} + +void +ber_decode_as_foreach(GHFunc func, gpointer user_data) +{ + da_data decode_as_data; + + decode_as_data.func = func; + decode_as_data.user_data = user_data; + + dissector_table_foreach("ber.syntax", ber_decode_as_dt, &decode_as_data); + +} + +/* Get oid syntax from hash table to get translation in proto dissection(packet-per.c) */ +static const gchar * +get_ber_oid_syntax(const char *oid) +{ + return (const char *)g_hash_table_lookup(syntax_table, oid); +} + +static void +ber_update_oids(void) +{ + guint i; + + for (i = 0; i < num_oid_users; i++) + register_ber_oid_syntax(oid_users[i].oid, oid_users[i].name, oid_users[i].syntax); +} + +static void +ber_check_length (guint32 length, gint32 min_len, gint32 max_len, asn1_ctx_t *actx, proto_item *item, bool bit) +{ + if ((min_len != -1) && (length < (guint32)min_len)) { + expert_add_info_format( + actx->pinfo, item, &ei_ber_size_constraint_string, + "Size constraint: %sstring too short: %d (%d .. %d)", + bit ? "bit " : "", length, min_len, max_len); + } else if ((max_len != -1) && (length > (guint32)max_len)) { + expert_add_info_format( + actx->pinfo, item, &ei_ber_size_constraint_string, + "Size constraint: %sstring too long: %d (%d .. %d)", + bit ? "bit " : "", length, min_len, max_len); + } +} + +static void +ber_check_value64 (gint64 value, gint64 min_len, gint64 max_len, asn1_ctx_t *actx, proto_item *item) +{ + if ((min_len != -1) && (value < min_len)) { + expert_add_info_format( + actx->pinfo, item, &ei_ber_size_constraint_value, + "Size constraint: value too small: %" PRId64 " (%" PRId64" .. %" PRId64 ")", + value, min_len, max_len); + } else if ((max_len != -1) && (value > max_len)) { + expert_add_info_format( + actx->pinfo, item, &ei_ber_size_constraint_value, + "Size constraint: value too big: %" PRId64 " (%" PRId64 " .. %" PRId64 ")", + value, min_len, max_len); + } +} + +static void +ber_check_value (guint32 value, gint32 min_len, gint32 max_len, asn1_ctx_t *actx, proto_item *item) +{ + if ((min_len != -1) && (value < (guint32)min_len)) { + expert_add_info_format( + actx->pinfo, item, &ei_ber_size_constraint_value, + "Size constraint: value too small: %d (%d .. %d)", + value, min_len, max_len); + } else if ((max_len != -1) && (value > (guint32)max_len)) { + expert_add_info_format( + actx->pinfo, item, &ei_ber_size_constraint_value, + "Size constraint: value too big: %d (%d .. %d)", + value, min_len, max_len); + } +} + +static void +ber_check_items (int cnt, gint32 min_len, gint32 max_len, asn1_ctx_t *actx, proto_item *item) +{ + if ((min_len != -1) && (cnt < min_len)) { + expert_add_info_format( + actx->pinfo, item, &ei_ber_size_constraint_items, + "Size constraint: too few items: %d (%d .. %d)", + cnt, min_len, max_len); + } else if ((max_len != -1) && (cnt > max_len)) { + expert_add_info_format( + actx->pinfo, item, &ei_ber_size_constraint_items, + "Size constraint: too many items: %d (%d .. %d)", + cnt, min_len, max_len); + } +} + +/* + * XXX - if the specified length is less than the remaining length + * of data in the tvbuff, either 1) the specified length is bad and + * we should report that with an expert info or 2) the tvbuff is + * unreassembled and we should make the new tvbuff also be an + * unreassembled tvbuff. + */ +static tvbuff_t * +ber_tvb_new_subset_length(tvbuff_t *tvb, const gint backing_offset, const gint backing_length) +{ + gint length_remaining; + + length_remaining = tvb_reported_length_remaining(tvb, backing_offset); + return tvb_new_subset_length(tvb, backing_offset, (length_remaining > backing_length) ? backing_length : length_remaining); +} + +int +dissect_ber_tagged_type(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, gint8 tag_cls, gint32 tag_tag, bool tag_impl, ber_type_fn type) +{ + gint8 tmp_cls; + gint32 tmp_tag; + int identifier_offset; + int identifier_len; + guint32 tmp_len; + tvbuff_t *next_tvb = tvb; + +#ifdef DEBUG_BER +{ +const char *name; +header_field_info *hfinfo; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +if (tvb_reported_length_remaining(tvb, offset) > 3) { +proto_tree_add_debug_text(tree, "dissect_ber_tagged_type(%s) entered implicit_tag:%d offset:%d len:%d %02x:%02x:%02x\n", name, implicit_tag, offset, tvb_reported_length_remaining(tvb, offset), tvb_get_guint8(tvb, offset), tvb_get_guint8(tvb, offset+1), tvb_get_guint8(tvb, offset+2)); +} else { +proto_tree_add_debug_text(tree, "dissect_ber_tagged_type(%s) entered\n", name); +} +} +#endif + + if (implicit_tag) { + offset = type(tag_impl, tvb, offset, actx, tree, hf_id); + return offset; + } + + identifier_offset = offset; + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &tmp_cls, NULL, &tmp_tag); + identifier_len = offset - identifier_offset; + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &tmp_len, NULL); + + if ((tmp_cls != tag_cls) || (tmp_tag != tag_tag)) { + proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_wrong_tag_in_tagged_type, + tvb, identifier_offset, identifier_len, + "BER Error: Wrong tag in tagged type - expected class:%s(%d) tag:%d (%s) but found class:%s(%d) tag:%d", + val_to_str_const(tag_cls, ber_class_codes, "Unknown"), + tag_cls, + tag_tag, + val_to_str_ext_const(tag_tag, &ber_uni_tag_codes_ext, "Unknown"), + val_to_str_const(tmp_cls, ber_class_codes, "Unknown"), + tmp_cls, + tmp_tag); + } + + if (tag_impl) { + next_tvb = ber_tvb_new_subset_length(tvb, offset, tmp_len); + type(tag_impl, next_tvb, 0, actx, tree, hf_id); + offset += tmp_len; + } else { + offset = type(tag_impl, tvb, offset, actx, tree, hf_id); + } + + return offset; +} + +/* + * Add a "length bogus" error. + */ +static proto_item * +ber_add_bad_length_error(packet_info *pinfo, proto_tree *tree, + const char *name, tvbuff_t *tvb, const gint start, + gint length) +{ + proto_item *ti; + + ti = proto_tree_add_expert_format( + tree, pinfo, &ei_ber_error_length, tvb, start, length, + "BER Error: %s: length of item (%d) is not valid", + name, length); + return ti; +} + +/* + * Add an "exceeds tvb length" error. + */ +static void +ber_add_large_length_error(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, + int offset, int length, tvbuff_t *len_tvb, + const gint len_offset, const guint32 len_length) +{ + proto_tree_add_expert_format( + tree, pinfo, &ei_ber_error_length, len_tvb, len_offset, len_length, + "BER Error: length %u longer than tvb_reported_length_remaining: %d", + length, + tvb_reported_length_remaining(tvb, offset)); +} + +/* + * Like proto_tree_add_item(), but checks whether the length of the item + * being added is appropriate for the type of the item being added, so + * if it's not, we report an error rather than a dissector bug. + * + * This is for use when a field that's nominally an OCTET STRING but + * where we want the string further interpreted, e.g. as a number or + * a network address or a UN*X-style time stamp. + * + * XXX - this duplicates the length checking in proto_tree_add_item() + * and the routines it calls; that should really be done in one + * place. We *do* want to report a dissector bug in proto_tree_add_item() + * if the dissector explicitly says, for example, "this IPv4 address is + * 7 bytes long", but we don't want to report a dissector bug if the + * *packet* says "this IPv4 address is 7 bytes long", we want to report + * a malformed packet. + */ +static proto_item * +ber_proto_tree_add_item(packet_info *pinfo, proto_tree *tree, + const int hfindex, tvbuff_t *tvb, const gint start, + gint length, const guint encoding) +{ + header_field_info *hfinfo; + + hfinfo = proto_registrar_get_nth((guint)hfindex); + if (hfinfo != NULL) { + switch (hfinfo->type) { + + case FT_BOOLEAN: + case FT_UINT8: + case FT_UINT16: + case FT_UINT24: + case FT_UINT32: + case FT_INT8: + case FT_INT16: + case FT_INT24: + case FT_INT32: + if ((length != 1) && (length != 2) && (length != 3) && + (length != 4)) + return ber_add_bad_length_error(pinfo, tree, + hfinfo->name, tvb, start, length); + break; + + case FT_IPv4: + if (length != FT_IPv4_LEN) + return ber_add_bad_length_error(pinfo, tree, + hfinfo->name, tvb, start, length); + break; + + case FT_IPXNET: + if (length != FT_IPXNET_LEN) + return ber_add_bad_length_error(pinfo, tree, + hfinfo->name, tvb, start, length); + break; + + case FT_IPv6: + if ((length < 0) || (length > FT_IPv6_LEN)) + return ber_add_bad_length_error(pinfo, tree, + hfinfo->name, tvb, start, length); + break; + + case FT_ETHER: + if (length != FT_ETHER_LEN) + return ber_add_bad_length_error(pinfo, tree, + hfinfo->name, tvb, start, length); + break; + + case FT_GUID: + if (length != FT_GUID_LEN) + return ber_add_bad_length_error(pinfo, tree, + hfinfo->name, tvb, start, length); + break; + + case FT_FLOAT: + if (length != 4) + return ber_add_bad_length_error(pinfo, tree, + hfinfo->name, tvb, start, length); + break; + + case FT_DOUBLE: + if (length != 8) + return ber_add_bad_length_error(pinfo, tree, + hfinfo->name, tvb, start, length); + break; + + case FT_ABSOLUTE_TIME: + case FT_RELATIVE_TIME: + if ((length != 4) && (length != 8)) + return ber_add_bad_length_error(pinfo, tree, + hfinfo->name, tvb, start, length); + break; + + default: + break; + } + } + return proto_tree_add_item(tree, hfindex, tvb, start, length, encoding); +} + +static int +try_dissect_unknown_ber(packet_info *pinfo, tvbuff_t *tvb, volatile int offset, proto_tree *tree, gint nest_level) +{ + int start_offset; + gint8 ber_class; + bool pc, ind; + gint32 tag; + int identifier_offset; + int identifier_len; + guint32 len; + int len_offset; + int len_len; + int hdr_len; + proto_item *item = NULL; + proto_tree *next_tree = NULL; + guint8 c; + guint32 i; + bool is_printable; + volatile bool is_decoded_as; + proto_item *pi; + asn1_ctx_t asn1_ctx; + + if (nest_level > BER_MAX_NESTING) { + /* Assume that we have a malformed packet. */ + THROW(ReportedBoundsError); + } + + start_offset = offset; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + + offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag); + len_offset = offset; + offset = get_ber_length(tvb, offset, &len, &ind); + len_len = offset - len_offset; + + if (len > (guint32)tvb_reported_length_remaining(tvb, offset)) { + /* hmm maybe something bad happened or the frame is short; + since these are not vital outputs just return instead of + throwing an exception. + */ + + if (show_internal_ber_fields) { + offset = dissect_ber_identifier(pinfo, tree, tvb, start_offset, &ber_class, &pc, &tag); + offset = dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL); + } + ber_add_large_length_error(pinfo, tree, tvb, offset, len, tvb, len_offset, len_len); + return tvb_reported_length(tvb); + } +/* we don't care about the class only on the constructor flag */ + if (pc != TRUE) { + + /* this is not constructed */ + + switch (ber_class) { /* we do care about the class */ + case BER_CLASS_UNI: /* it a Universal tag - we can decode it */ + switch (tag) { + case BER_UNI_TAG_EOC: + /* XXX: shouldn't really get here */ + break; + case BER_UNI_TAG_INTEGER: + offset = dissect_ber_integer(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_INTEGER, NULL); + break; + case BER_UNI_TAG_REAL: + offset = dissect_ber_real(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_REAL, NULL); + break; + case BER_UNI_TAG_BITSTRING: + offset = dissect_ber_bitstring(FALSE, &asn1_ctx, tree, tvb, start_offset, NULL, 0, hf_ber_unknown_BITSTRING, -1, NULL); + break; + case BER_UNI_TAG_ENUMERATED: + offset = dissect_ber_integer(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_ENUMERATED, NULL); + break; + case BER_UNI_TAG_GraphicString: + offset = dissect_ber_octet_string(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_GraphicString, NULL); + break; + case BER_UNI_TAG_OCTETSTRING: + is_decoded_as = FALSE; + if (decode_octetstring_as_ber && (len >= 2)) { + volatile int ber_offset = 0; + guint32 ber_len = 0; + TRY{ + ber_offset = get_ber_identifier(tvb, offset, NULL, &pc, NULL); + ber_offset = get_ber_length(tvb, ber_offset, &ber_len, NULL); + } CATCH_ALL { + } + ENDTRY; + if (pc && (ber_len > 0) && (ber_len + (ber_offset - offset) == len)) { + /* Decoded a constructed ASN.1 tag with a length indicating this + * could be BER encoded data. Try dissecting as unknown BER. + */ + is_decoded_as = TRUE; + if (show_internal_ber_fields) { + offset = dissect_ber_identifier(pinfo, tree, tvb, start_offset, NULL, NULL, NULL); + offset = dissect_ber_length(pinfo, tree, tvb, offset, NULL, NULL); + } + item = ber_proto_tree_add_item(pinfo, tree, hf_ber_unknown_BER_OCTETSTRING, tvb, offset, len, ENC_NA); + next_tree = proto_item_add_subtree(item, ett_ber_octet_string); + offset = try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level + 1); + } + } + if (!is_decoded_as) { + offset = dissect_ber_octet_string(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_OCTETSTRING, NULL); + } + break; + case BER_UNI_TAG_OID: + offset = dissect_ber_object_identifier_str(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_OID, NULL); + break; + case BER_UNI_TAG_RELATIVE_OID: + offset = dissect_ber_relative_oid_str(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_relative_OID, NULL); + break; + case BER_UNI_TAG_NumericString: + offset = dissect_ber_octet_string(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_NumericString, NULL); + break; + case BER_UNI_TAG_PrintableString: + offset = dissect_ber_octet_string(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_PrintableString, NULL); + break; + case BER_UNI_TAG_TeletexString: + offset = dissect_ber_octet_string(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_TeletexString, NULL); + break; + case BER_UNI_TAG_VisibleString: + offset = dissect_ber_octet_string(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_VisibleString, NULL); + break; + case BER_UNI_TAG_GeneralString: + offset = dissect_ber_GeneralString(&asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_GeneralString, NULL, 0); + break; + case BER_UNI_TAG_BMPString: + offset = dissect_ber_octet_string(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_BMPString, NULL); + break; + case BER_UNI_TAG_UniversalString: + offset = dissect_ber_octet_string(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_UniversalString, NULL); + break; + case BER_UNI_TAG_IA5String: + offset = dissect_ber_octet_string(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_IA5String, NULL); + break; + case BER_UNI_TAG_UTCTime: + offset = dissect_ber_octet_string(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_UTCTime, NULL); + break; + case BER_UNI_TAG_NULL: + proto_tree_add_item(tree, hf_ber_null_tag, tvb, offset, len, ENC_NA); + break; + case BER_UNI_TAG_UTF8String: + offset = dissect_ber_octet_string(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_UTF8String, NULL); + break; + case BER_UNI_TAG_GeneralizedTime: + offset = dissect_ber_octet_string(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_GeneralizedTime, NULL); + break; + case BER_UNI_TAG_BOOLEAN: + offset = dissect_ber_boolean(FALSE, &asn1_ctx, tree, tvb, start_offset, hf_ber_unknown_BOOLEAN, NULL); + break; + default: + identifier_offset = start_offset; + offset = dissect_ber_identifier(pinfo, tree, tvb, start_offset, &ber_class, &pc, &tag); + identifier_len = offset - identifier_offset; + offset = dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL); + proto_tree_add_expert_format( + tree, pinfo, &ei_ber_universal_tag_unknown, + tvb, identifier_offset, identifier_len, + "BER Error: can not handle universal tag:%d", + tag); + offset += len; + } + break; + case BER_CLASS_APP: + case BER_CLASS_CON: + case BER_CLASS_PRI: + default: + /* we dissect again if show_internal_ber_fields is set */ + if (show_internal_ber_fields) { + offset = dissect_ber_identifier(pinfo, tree, tvb, start_offset, &ber_class, &pc, &tag); + offset = dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL); + } + + /* we can't dissect this directly as it is specific */ + pi = proto_tree_add_none_format(tree, hf_ber_unknown_BER_primitive, tvb, offset, len, + "[%s %d] ", val_to_str_const(ber_class, ber_class_codes, "Unknown"), tag); + + is_decoded_as = FALSE; + if (decode_primitive_as_ber && (len >= 2)) { + volatile int ber_offset = 0; + guint32 ber_len = 0; + TRY{ + ber_offset = get_ber_identifier(tvb, offset, NULL, &pc, NULL); + ber_offset = get_ber_length(tvb, ber_offset, &ber_len, NULL); + } CATCH_ALL { + } + ENDTRY; + if (pc && (ber_len > 0) && (ber_len + (ber_offset - offset) == len)) { + /* Decoded a constructed ASN.1 tag with a length indicating this + * could be BER encoded data. Try dissecting as unknown BER. + */ + is_decoded_as = TRUE; + proto_item_append_text(pi, "[BER encoded]"); + next_tree = proto_item_add_subtree(pi, ett_ber_primitive); + offset = try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level + 1); + } + } + + if (!is_decoded_as && len) { + /* we may want to do better and show the bytes */ + is_printable = TRUE; + for (i = 0; i < len; i++) { + c = tvb_get_guint8(tvb, offset + i); + + if (is_printable && !g_ascii_isprint(c)) + is_printable = FALSE; + + proto_item_append_text(pi, "%02x", c); + } + + if (is_printable) { /* give a nicer representation if it looks like a string */ + proto_item_append_text(pi, " ("); + for (i = 0; i < len; i++) { + proto_item_append_text(pi, "%c", tvb_get_guint8(tvb, offset + i)); + } + proto_item_append_text(pi, ")"); + } + offset += len; + } + + break; + } + } else { + /* this is constructed */ + + /* we dissect again if show_internal_ber_fields is set */ + if (show_internal_ber_fields) { + offset = dissect_ber_identifier(pinfo, tree, tvb, start_offset, &ber_class, &pc, &tag); + offset = dissect_ber_length(pinfo, tree, tvb, offset, &len, NULL); + } + + hdr_len = offset-start_offset; + + switch (ber_class) { + case BER_CLASS_UNI: + next_tree = proto_tree_add_subtree(tree, tvb, offset, len, ett_ber_SEQUENCE, NULL, + val_to_str_ext_const(tag, &ber_uni_tag_codes_ext, "Unknown")); + while (offset < (int)(start_offset + len + hdr_len)) + offset = try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1); + break; + case BER_CLASS_APP: + case BER_CLASS_CON: + case BER_CLASS_PRI: + default: + next_tree = proto_tree_add_subtree_format(tree, tvb, offset, len, ett_ber_SEQUENCE, NULL, + "[%s %d]", val_to_str_const(ber_class, ber_class_codes, "Unknown"), tag); + while (offset < (int)(start_offset + len + hdr_len)) + offset = try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1); + break; + + } + } + + return offset; +} + +int +dissect_unknown_ber(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree) +{ + return try_dissect_unknown_ber(pinfo, tvb, offset, tree, 1); +} + +int +call_ber_oid_callback(const char *oid, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, void* data) +{ + tvbuff_t *next_tvb; + const char *syntax = NULL; + int len = 0; + + if (!tvb) { + return offset; + } + + next_tvb = tvb_new_subset_remaining(tvb, offset); + if (oid == NULL || + ((((syntax = get_ber_oid_syntax(oid)) == NULL) || + /* First see if a syntax has been registered for this oid (user defined) */ + (len = dissector_try_string(ber_syntax_dissector_table, syntax, next_tvb, pinfo, tree, data)) == 0) && + /* Then try registered oid's */ + (len = dissector_try_string(ber_oid_dissector_table, oid, next_tvb, pinfo, tree, data)) == 0)) + { + proto_item *item = NULL; + proto_tree *next_tree = NULL; + gint length_remaining; + + /* XXX we should probably use get_ber_length() here */ + length_remaining = tvb_reported_length_remaining(tvb, offset); + + if (oid == NULL) { + item = proto_tree_add_expert(tree, pinfo, &ei_ber_no_oid, next_tvb, 0, length_remaining); + } else if (tvb_get_ntohs (tvb, offset) != 0x0500) { /* Not NULL tag */ + if (syntax) { + item = proto_tree_add_expert_format( + tree, pinfo, &ei_ber_syntax_not_implemented, next_tvb, 0, length_remaining, + "BER: Dissector for syntax:%s not implemented." + " Contact Wireshark developers if you want this supported", + syntax); + } else { + item = proto_tree_add_expert(tree, pinfo, &ei_ber_oid_not_implemented, next_tvb, 0, length_remaining); + } + } else { + next_tree = tree; + } + if (decode_unexpected) { + int ber_offset; + gint32 ber_len; + + if (item) { + next_tree = proto_item_add_subtree(item, ett_ber_unknown); + } + ber_offset = get_ber_identifier(next_tvb, 0, NULL, NULL, NULL); + ber_offset = get_ber_length(next_tvb, ber_offset, &ber_len, NULL); + if ((ber_len + ber_offset) == length_remaining) { + /* Decoded an ASN.1 tag with a length indicating this + * could be BER encoded data. Try dissecting as unknown BER. + */ + dissect_unknown_ber(pinfo, next_tvb, 0, next_tree); + } else { + proto_tree_add_item(next_tree, hf_ber_unknown_data, next_tvb, 0, length_remaining, ENC_NA); + } + } + len = length_remaining; + } + + offset += len; + + return offset; +} + +static int +call_ber_syntax_callback(const char *syntax, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) +{ + tvbuff_t *next_tvb; + int len = 0; + + next_tvb = tvb_new_subset_remaining(tvb, offset); + if (syntax == NULL || + (len = dissector_try_string(ber_syntax_dissector_table, syntax, next_tvb, pinfo, tree, NULL)) == 0) + { + proto_item *item = NULL; + + if (syntax == NULL) { + item = proto_tree_add_expert_format( + tree, pinfo, &ei_ber_no_oid, next_tvb, 0, tvb_reported_length_remaining(tvb, offset), + "BER Error: No syntax supplied to call_ber_syntax_callback"); + } else { + item = proto_tree_add_expert_format( + tree, pinfo, &ei_ber_syntax_not_implemented, next_tvb, 0, tvb_reported_length_remaining(tvb, offset), + "BER: Dissector for syntax:%s not implemented." + " Contact Wireshark developers if you want this supported", + syntax); + } + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(item, ett_ber_unknown); + dissect_unknown_ber(pinfo, next_tvb, 0, unknown_tree); + } + len = tvb_reported_length_remaining(tvb, offset); + } + + offset += len; + + return offset; +} + + +/* 8.1 General rules for encoding */ + +/* 8.1.2 Identifier octets */ +int +get_ber_identifier(tvbuff_t *tvb, int offset, gint8 *ber_class, bool *pc, gint32 *tag) { + guint8 id, t; + gint8 tmp_class; + bool tmp_pc; + gint32 tmp_tag; + + id = tvb_get_guint8(tvb, offset); + offset += 1; +#ifdef DEBUG_BER +ws_debug_printf("BER ID=%02x", id); +#endif + /* 8.1.2.2 */ + tmp_class = (id >> 6) & 0x03; + tmp_pc = (id >> 5) & 0x01; + tmp_tag = id & 0x1F; + /* 8.1.2.4 */ + if (tmp_tag == 0x1F) { + tmp_tag = 0; + while (tvb_reported_length_remaining(tvb, offset) > 0) { + t = tvb_get_guint8(tvb, offset); +#ifdef DEBUG_BER +ws_debug_printf(" %02x", t); +#endif + offset += 1; + tmp_tag <<= 7; + tmp_tag |= t & 0x7F; + if (!(t & 0x80)) + break; + } + } + +#ifdef DEBUG_BER +ws_debug_printf("\n"); +#endif + if (ber_class) + *ber_class = tmp_class; + if (pc) + *pc = tmp_pc; + if (tag) + *tag = tmp_tag; + + last_class = tmp_class; + last_pc = tmp_pc; + last_tag = tmp_tag; + + return offset; +} + +static void +get_last_ber_identifier(gint8 *ber_class, bool *pc, gint32 *tag) +{ + if (ber_class) + *ber_class = last_class; + if (pc) + *pc = last_pc; + if (tag) + *tag = last_tag; + +} + +int +dissect_ber_identifier(packet_info *pinfo _U_, proto_tree *tree, tvbuff_t *tvb, int offset, gint8 *ber_class, bool *pc, gint32 *tag) +{ + int old_offset = offset; + gint8 tmp_class; + bool tmp_pc; + gint32 tmp_tag; + + offset = get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag); + + if (show_internal_ber_fields) { + proto_tree_add_uint(tree, hf_ber_id_class, tvb, old_offset, 1, tmp_class << 6); + proto_tree_add_boolean(tree, hf_ber_id_pc, tvb, old_offset, 1, (tmp_pc) ? 0x20 : 0x00); + if (tmp_tag > 0x1F) { + if (tmp_class == BER_CLASS_UNI) { + proto_tree_add_uint(tree, hf_ber_id_uni_tag_ext, tvb, old_offset + 1, offset - (old_offset + 1), tmp_tag); + } else { + proto_tree_add_uint(tree, hf_ber_id_tag_ext, tvb, old_offset + 1, offset - (old_offset + 1), tmp_tag); + } + } else { + if (tmp_class == BER_CLASS_UNI) { + proto_tree_add_uint(tree, hf_ber_id_uni_tag, tvb, old_offset, 1, tmp_tag); + } else { + proto_tree_add_uint(tree, hf_ber_id_tag, tvb, old_offset, 1, tmp_tag); + } + } + } + + if (ber_class) + *ber_class = tmp_class; + if (pc) + *pc = tmp_pc; + if (tag) + *tag = tmp_tag; + + return offset; +} + +/** Try to get the length octets of the BER TLV. + * Only (TAGs and) LENGTHs that fit inside 32 bit integers are supported. + * + * @return TRUE if we have the entire length, FALSE if we're in the middle of + * an indefinite length and haven't reached EOC. + */ +/* 8.1.3 Length octets */ + +static int +try_get_ber_length(tvbuff_t *tvb, int offset, guint32 *length, bool *ind, gint nest_level) { + guint8 oct, len; + guint32 indef_len; + guint32 tmp_length; + bool tmp_ind; + int tmp_offset, s_offset; + gint8 tclass; + bool tpc; + gint32 ttag; + + tmp_length = 0; + tmp_ind = FALSE; + + if (nest_level > BER_MAX_NESTING) { + /* Assume that we have a malformed packet. */ + THROW(ReportedBoundsError); + } + + oct = tvb_get_guint8(tvb, offset); + offset += 1; + + if (!(oct & 0x80)) { + /* 8.1.3.4 */ + tmp_length = oct; + } else { + len = oct & 0x7F; + if (len) { + /* 8.1.3.5 */ + while (len--) { + oct = tvb_get_guint8(tvb, offset); + offset++; + tmp_length = (tmp_length<<8) + oct; + } + } else { + /* 8.1.3.6 */ + + tmp_offset = offset; + /* ok in here we can traverse the BER to find the length, this will fix most indefinite length issues */ + /* Assumption here is that indefinite length is always used on constructed types*/ + /* check for EOC */ + while (tvb_get_guint8(tvb, offset) || tvb_get_guint8(tvb, offset+1)) { + /* not an EOC at offset */ + s_offset = offset; + offset= get_ber_identifier(tvb, offset, &tclass, &tpc, &ttag); + offset= try_get_ber_length(tvb, offset, &indef_len, NULL, nest_level+1); + tmp_length += indef_len+(offset-s_offset); /* length + tag and length */ + offset += indef_len; + /* Make sure we've moved forward in the packet */ + if (offset <= s_offset) + THROW(ReportedBoundsError); + } + tmp_length += 2; + tmp_ind = TRUE; + offset = tmp_offset; + } + } + + /* Several users treat the length as signed value, clamp the value to avoid + * an overflow to negative values. */ + if (tmp_length > (guint32)G_MAXINT32) + tmp_length = (guint32)G_MAXINT32; + + if (length) + *length = tmp_length; + if (ind) + *ind = tmp_ind; + +#ifdef DEBUG_BER +ws_debug_printf("get BER length %d, offset %d (remaining %d)\n", tmp_length, offset, tvb_reported_length_remaining(tvb, offset)); +#endif + + return offset; +} + +int +get_ber_length(tvbuff_t *tvb, int offset, guint32 *length, bool *ind) +{ + return try_get_ber_length(tvb, offset, length, ind, 1); +} + +static void +get_last_ber_length(guint32 *length, bool *ind, tvbuff_t **len_tvb, int *len_offset, int *len_len) +{ + if (length) + *length = last_length; + if (ind) + *ind = last_ind; + if (len_tvb) + *len_tvb = last_length_tvb; + if (len_offset) + *len_offset = last_length_offset; + if (len_len) + *len_len = last_length_len; +} + +/* this function dissects the length octets of the BER TLV. + * We only handle (TAGs and) LENGTHs that fit inside 32 bit integers. + */ +int +dissect_ber_length(packet_info *pinfo _U_, proto_tree *tree, tvbuff_t *tvb, int offset, guint32 *length, bool *ind) +{ + int old_offset = offset; + guint32 tmp_length; + bool tmp_ind; + + offset = get_ber_length(tvb, offset, &tmp_length, &tmp_ind); + + if (show_internal_ber_fields) { + if (tmp_ind) { + proto_tree_add_uint_format_value(tree, hf_ber_length, tvb, old_offset, 1, tmp_length, "Indefinite length %d", tmp_length); + } else { + if ((offset - old_offset) > 1) { + proto_tree_add_uint(tree, hf_ber_length_octets, tvb, old_offset, 1, (tvb_get_guint8(tvb, old_offset) & 0x7f)); + proto_tree_add_uint(tree, hf_ber_length, tvb, old_offset+1, offset - (old_offset+1), tmp_length); + } else { + proto_tree_add_uint(tree, hf_ber_length, tvb, old_offset, offset - old_offset, tmp_length); + } + } + } + if (length) + *length = tmp_length; + if (ind) + *ind = tmp_ind; + +#ifdef DEBUG_BER +proto_tree_add_debug_text(tree, "dissect BER length %d, offset %d (remaining %d)\n", tmp_length, offset, tvb_reported_length_remaining(tvb, offset)); +#endif + + last_length = tmp_length; + last_ind = tmp_ind; + last_length_tvb = tvb; + last_length_offset = old_offset; + last_length_len = offset - old_offset; + + return offset; +} + +static reassembly_table octet_segment_reassembly_table; + +static int +dissect_ber_constrained_octet_string_impl(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint32 min_len, gint32 max_len, gint hf_id, tvbuff_t **out_tvb, guint nest_level, guint encoding); + +static int +reassemble_octet_string(asn1_ctx_t *actx, proto_tree *tree, gint hf_id, tvbuff_t *tvb, int offset, guint32 con_len, bool ind, tvbuff_t **out_tvb, guint nest_level) +{ + fragment_head *fd_head = NULL; + tvbuff_t *next_tvb = NULL; + tvbuff_t *reassembled_tvb = NULL; + guint16 dst_ref = 0; + int start_offset = offset; + bool fragment = TRUE; + bool firstFragment = TRUE; + + if (nest_level > BER_MAX_NESTING) { + /* Assume that we have a malformed packet. */ + THROW(ReportedBoundsError); + } + + /* so we need to consume octet strings for the given length */ + + if (out_tvb) + *out_tvb = NULL; + + if (con_len == 0) /* Zero encodings (8.7.3) */ + return offset; + + /* not sure we need this */ + actx->pinfo->fragmented = TRUE; + + while(!fd_head) { + + offset = dissect_ber_constrained_octet_string_impl(FALSE, actx, NULL, + tvb, offset, NO_BOUND, NO_BOUND, hf_id, &next_tvb, nest_level + 1, 0); + + if (next_tvb == NULL) { + /* Assume that we have a malformed packet. */ + THROW(ReportedBoundsError); + } + + if (ind) { + /* this was indefinite length - so check for EOC */ + + if ((tvb_get_guint8(tvb, offset) == 0) && (tvb_get_guint8(tvb, offset+1) == 0)) { + fragment = FALSE; + /* skip past EOC */ + offset +=2; + } + } else { + + if ((guint32)(offset - start_offset) >= con_len) + fragment = FALSE; + } + + if (!fragment && firstFragment) { + /* there is only one fragment (I'm sure there's a reason it was constructed) */ + /* anyway, we can get out of here */ + bool pc; + get_ber_identifier(tvb, start_offset, NULL, &pc, NULL); + if (!pc && tree) { + /* Only display here if not constructed */ + dissect_ber_octet_string(FALSE, actx, tree, tvb, start_offset, hf_id, NULL); + } + reassembled_tvb = next_tvb; + break; + } + + + if (tvb_reported_length(next_tvb) < 1) { + /* Don't cause an assertion in the reassembly code. */ + THROW(ReportedBoundsError); + } + fd_head = fragment_add_seq_next(&octet_segment_reassembly_table, + next_tvb, 0, actx->pinfo, + (dst_ref | nest_level << 16), NULL, + tvb_reported_length(next_tvb), + fragment); + + firstFragment = FALSE; + } + + if (fd_head) { + if (fd_head->next) { + /* not sure I really want to do this here - should be nearer the application where we can give it a better name*/ + proto_tree *next_tree; + proto_item *frag_tree_item; + + reassembled_tvb = tvb_new_chain(next_tvb, fd_head->tvb_data); + + actx->created_item = proto_tree_add_item(tree, hf_id, reassembled_tvb, 0, -1, ENC_BIG_ENDIAN); + next_tree = proto_item_add_subtree (actx->created_item, ett_ber_reassembled_octet_string); + + add_new_data_source(actx->pinfo, reassembled_tvb, "Reassembled OCTET STRING"); + show_fragment_seq_tree(fd_head, &octet_string_frag_items, next_tree, actx->pinfo, reassembled_tvb, &frag_tree_item); + } + } + + if (out_tvb) + *out_tvb = reassembled_tvb; + + /* again - not sure we need this */ + actx->pinfo->fragmented = FALSE; + + return offset; + +} + +/* 8.7 Encoding of an octetstring value */ +int +dissect_ber_constrained_octet_string(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint32 min_len, gint32 max_len, gint hf_id, tvbuff_t **out_tvb) { + return dissect_ber_constrained_octet_string_impl(implicit_tag, actx, tree, tvb, offset, min_len, max_len, hf_id, out_tvb, 0, 0); +} + +static int +dissect_ber_constrained_octet_string_impl(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint32 min_len, gint32 max_len, gint hf_id, tvbuff_t **out_tvb, guint nest_level, guint encoding) { + gint8 ber_class; + bool pc, ind; + gint32 tag; + int identifier_offset; + int identifier_len; + guint32 len; + tvbuff_t *len_tvb; + int len_offset; + int len_len; + int hoffset; + int end_offset; + proto_item *it, *cause; + guint32 len_remain; + +#ifdef DEBUG_BER +{ +const char *name; +header_field_info *hfinfo; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +if (tvb_reported_length_remaining(tvb, offset) > 3) { +proto_tree_add_debug_text(tree, "OCTET STRING dissect_ber_octet string(%s) entered implicit_tag:%d offset:%d len:%d %02x:%02x:%02x\n", name, implicit_tag, offset, tvb_reported_length_remaining(tvb, offset), tvb_get_guint8(tvb, offset), tvb_get_guint8(tvb, offset+1), tvb_get_guint8(tvb, offset+2)); +} else { +proto_tree_add_debug_text(tree, "OCTET STRING dissect_ber_octet_string(%s) entered\n", name); +} +} +#endif + + if (out_tvb) + *out_tvb = NULL; + + if (!implicit_tag) { + hoffset = offset; + /* read header and len for the octet string */ + identifier_offset = offset; + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &ber_class, &pc, &tag); + identifier_len = offset - identifier_offset; + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, &ind); + end_offset = offset+len; + + /* sanity check: we only handle Constructed Universal Sequences */ + if ((ber_class != BER_CLASS_APP) && (ber_class != BER_CLASS_PRI)) { + if ( (ber_class != BER_CLASS_UNI) + || ((tag < BER_UNI_TAG_NumericString) && (tag != BER_UNI_TAG_OCTETSTRING) && (tag != BER_UNI_TAG_UTF8String)) ) { + tvb_ensure_bytes_exist(tvb, hoffset, 2); + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_expected_octet_string, + tvb, identifier_offset, identifier_len, + "BER Error: OctetString expected but class:%s(%d) %s tag:%d was unexpected", + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, + tfs_get_string(pc, &tfs_constructed_primitive), + tag); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + return end_offset; + } + } + } else { + /* implicit tag so get from last tag/length */ + + get_last_ber_identifier(&ber_class, &pc, &tag); + get_last_ber_length(&len, &ind, &len_tvb, &len_offset, &len_len); + + end_offset = offset+len; + + /* caller may have created new buffer for indefinite length data Verify via length */ + len_remain = (guint32)tvb_reported_length_remaining(tvb, offset); + if (ind && (len_remain == (len - 2))) { + /* new buffer received so adjust length and indefinite flag */ + len -= 2; + end_offset -= 2; + ind = FALSE; + } else if (len_remain < len) { + /* + * error - short frame, or this item runs past the + * end of the item containing it + */ + ber_add_large_length_error(actx->pinfo, tree, tvb, offset, len, len_tvb, len_offset, len_len); + return end_offset; + } + + } + + actx->created_item = NULL; + + if (pc) { + /* constructed */ + end_offset = reassemble_octet_string(actx, tree, hf_id, tvb, offset, len, ind, out_tvb, nest_level); + } else { + /* primitive */ + gint length_remaining; + + length_remaining = tvb_reported_length_remaining(tvb, offset); +#if 0 + if (length_remaining < 1) { + return end_offset; + } +#endif + + if (len <= (guint32)length_remaining) { + length_remaining = len; + } + if (hf_id >= 0) { + /* + * Strings are special. See X.680 section 41 "Definition of + * restricted character string types" and X.690 section 8.20 + * "Encoding for values of the restricted character string + * types". + * + * Some restricted character string types are defined in X.680 + * "by reference to a registration number in the ISO International + * Register of Character Sets" - or, in Table 8, by multiple + * registration numbers, or one or more registration numbers + * plus some characters such as SPACE and/or DELETE, or a + * reference to "all G sets" or "all G sets and all C sets". + * Presumably this indicates which characters are allowed + * in strings of those character types, with "all {G,C} sets" + * meaning the only restriction is to character sets registered + * in said registry. + * + * The encodings of those types are specified in X.690 as + * containing "the octets specified in ISO/IEC 2022 for + * encodings in an 8-bit environment, using the escape sequence + * and character codings registered in accordance with ISO/IEC + * 2375". + * + * ISO/IEC 2022 is also ECMA-35: + * + * http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-035.pdf + * + * ISO/IEC 2375 is the procedure for registering character + * codings in the ISO International Register of Character Sets. + * See + * + * http://kikaku.itscj.ipsj.or.jp/ISO-IR/ + * + * and + * + * http://kikaku.itscj.ipsj.or.jp/ISO-IR/overview.htm + * + * for that registry. + * + * If we've been provided with a non-zero encoding, use + * that; otherwise, calculate it based on the tag. (A + * zero encoding is ENC_ASCII|ENC_NA/ENC_BIG_ENDIAN, which + * is the default, so it's OK to use here; this is for + * protcols such as LDAP that use OCTET STRING for UTF-8 + * strings.) + */ + if (encoding == 0) { + switch (tag) { + + case BER_UNI_TAG_UTF8String: + /* + * UTF-8, obviously. + */ + encoding = ENC_UTF_8|ENC_NA; + break; + + case BER_UNI_TAG_NumericString: + case BER_UNI_TAG_PrintableString: + case BER_UNI_TAG_VisibleString: + case BER_UNI_TAG_IA5String: + /* + * (Subsets of) Boring Old ASCII, with no(?) ISO 2022 + * escape sequences. + */ + encoding = ENC_ASCII|ENC_NA; + break; + + case BER_UNI_TAG_TeletexString: + encoding = ENC_T61|ENC_NA; + break; + + case BER_UNI_TAG_VideotexString: + encoding = ENC_T61|ENC_NA; + break; + + case BER_UNI_TAG_GraphicString: + case BER_UNI_TAG_GeneralString: + /* + * One of the types defined in terms of character sets + * in the ISO International Register of Character Sets, + * with the BER encoding being ISO 2022-based. + * + * XXX - treat as ASCII for now. + */ + encoding = ENC_ASCII|ENC_NA; + break; + + case BER_UNI_TAG_UniversalString: + /* + * UCS-4. + */ + encoding = ENC_UCS_4|ENC_BIG_ENDIAN; + break; + + case BER_UNI_TAG_CHARACTERSTRING: + /* + * XXX - what's the transfer syntax? + * Treat as ASCII for now. + */ + encoding = ENC_ASCII|ENC_NA; + break; + + case BER_UNI_TAG_BMPString: + /* + * UCS-2, not UTF-16; as it says, BMP, as in Basic + * Multilingual Plane. + */ + encoding = ENC_UCS_2|ENC_BIG_ENDIAN; + break; + + default: + encoding = ENC_BIG_ENDIAN; + break; + } + } + it = ber_proto_tree_add_item(actx->pinfo, tree, hf_id, tvb, offset, length_remaining, encoding); + actx->created_item = it; + ber_check_length(length_remaining, min_len, max_len, actx, it, FALSE); + } else { + + proto_tree_add_item(tree, hf_ber_unknown_octetstring, tvb, offset, len, ENC_NA); + } + + if (out_tvb) { + *out_tvb = ber_tvb_new_subset_length(tvb, offset, len); + } + } + return end_offset; +} + +int +dissect_ber_octet_string(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, tvbuff_t **out_tvb) { + return dissect_ber_constrained_octet_string_impl(implicit_tag, actx, tree, tvb, offset, NO_BOUND, NO_BOUND, hf_id, out_tvb, 0, 0); +} + +int +dissect_ber_octet_string_with_encoding(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, tvbuff_t **out_tvb, guint encoding) { + return dissect_ber_constrained_octet_string_impl(implicit_tag, actx, tree, tvb, offset, NO_BOUND, NO_BOUND, hf_id, out_tvb, 0, encoding); +} + +int +dissect_ber_octet_string_wcb(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, ber_callback func) +{ + tvbuff_t *out_tvb = NULL; + + offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_id, (func) ? &out_tvb : NULL); + if (func && out_tvb && (tvb_reported_length(out_tvb) > 0)) { + if (hf_id >= 0) + tree = proto_item_add_subtree(actx->created_item, ett_ber_octet_string); + /* TODO Should hf_id2 be pased as last parameter???*/ + func(FALSE, out_tvb, 0, actx, tree, -1); + } + return offset; +} + +/* 8.8 Encoding of a null value */ +int +dissect_ber_null(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id) { + gint8 ber_class; + bool pc; + gint32 tag; + int identifier_offset; + int identifier_len; + guint32 len; + int len_offset; + int len_len; + + if (!implicit_tag) { + identifier_offset = offset; + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &ber_class, &pc, &tag); + identifier_len = offset - identifier_offset; + if (pc || + ((ber_class != BER_CLASS_UNI) || (tag != BER_UNI_TAG_NULL))) { + proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_expected_null, + tvb, identifier_offset, identifier_len, + "BER Error: NULL expected but class:%s(%d) %s tag:%d was unexpected", + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, + tfs_get_string(pc, &tfs_constructed_primitive), + tag); + } + + len_offset = offset; + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); + len_len = offset - len_offset; + if (len) { + proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_expected_null_zero_length, + tvb, len_offset, len_len, + "BER Error: NULL type expects zero length data but Length=%d", + len); + proto_tree_add_item(tree, hf_ber_extra_data, tvb, offset, len, ENC_NA); + offset += len; + } + } + if (hf_id >= 0) + proto_tree_add_item(tree, hf_id, tvb, offset, 0, ENC_BIG_ENDIAN); + return offset; +} + +int +dissect_ber_integer64(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, gint64 *value) +{ + gint8 ber_class; + bool pc; + gint32 tag; + guint32 len; + gint64 val; + guint32 i; + bool used_too_many_bytes = FALSE; + guint8 first = 0; +#ifdef DEBUG_BER +{ +const char *name; +header_field_info *hfinfo; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +if (tvb_reported_length_remaining(tvb, offset) > 3) { +proto_tree_add_debug_text(tree, "INTEGERnew dissect_ber_integer(%s) entered implicit_tag:%d offset:%d len:%d %02x:%02x:%02x\n", name, implicit_tag, offset, tvb_reported_length_remaining(tvb, offset), tvb_get_guint8(tvb, offset), tvb_get_guint8(tvb, offset+1), tvb_get_guint8(tvb, offset+2)); +} else { +proto_tree_add_debug_text(tree, "INTEGERnew dissect_ber_integer(%s) entered implicit_tag:%d \n", name, implicit_tag); +} +} +#endif + + + if (value) { + *value = 0; + } + + if (!implicit_tag) { + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &ber_class, &pc, &tag); + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); + } else { + gint32 remaining = tvb_reported_length_remaining(tvb, offset); + len = remaining>0 ? remaining : 0; + } + + val = 0; + if (len > 0) { + + first = tvb_get_guint8(tvb, offset); + /* we can't handle integers > 64 bits */ + /* take into account the use case of a 64bits unsigned integer: you will have a 9th byte set to 0 */ + if ((len > 9) || ((len == 9) && (first != 0))) { + if (hf_id >= 0) { + header_field_info *hfinfo = proto_registrar_get_nth(hf_id); + + /* use the original field only if it is suitable for bytes */ + if (hfinfo->type != FT_BYTES) + hf_id = hf_ber_64bit_uint_as_bytes; + + proto_tree_add_bytes_format(tree, hf_id, tvb, offset, len, NULL, + "%s: 0x%s", hfinfo->name, tvb_bytes_to_str(wmem_packet_scope(), tvb, offset, len)); + } + + offset += len; + return offset; + } + /* extend sign bit for signed fields */ + enum ftenum type = FT_INT32; /* Default to signed, is this correct? */ + if (hf_id >= 0) { + type = proto_registrar_get_ftype(hf_id); + } + if (first & 0x80 && FT_IS_INT(type)) { + val = -1; + } + if ((len > 1) && decode_warning_leading_zero_bits) { + guint8 second = tvb_get_guint8(tvb, offset+1); + if (((first == 0x00) && ((second & 0x80) == 0)) || + ((first == 0xff) && ((second & 0x80) != 0))) { + used_too_many_bytes = TRUE; + } + } + for (i=0; i<len; i++) { + val = ((guint64)val<<8) | tvb_get_guint8(tvb, offset); + offset++; + } + } + + actx->created_item = NULL; + + if (hf_id >= 0) { + /* */ + header_field_info* hfi; + + hfi = proto_registrar_get_nth(hf_id); + if ((len < 1) || (len > 9) || ((len == 9) && (first != 0))) { + proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_error_length, tvb, offset-len, len, + "BER Error: %s: length of item (%u) is not valid", hfi->name, len); + } else { + switch (hfi->type) { + case FT_UINT8: + case FT_UINT16: + case FT_UINT24: + case FT_UINT32: + actx->created_item = proto_tree_add_uint(tree, hf_id, tvb, offset-len, len, (guint32)val); + break; + case FT_INT8: + case FT_INT16: + case FT_INT24: + case FT_INT32: + actx->created_item = proto_tree_add_int(tree, hf_id, tvb, offset-len, len, (gint32)val); + break; + case FT_INT64: + actx->created_item = proto_tree_add_int64(tree, hf_id, tvb, offset-len, len, val); + break; + case FT_UINT64: + actx->created_item = proto_tree_add_uint64(tree, hf_id, tvb, offset-len, len, (guint64)val); + break; + case FT_BYTES: + /* + * Some protocols have INTEGER fields that can store values + * larger than 64 bits and therefore have to use FT_BYTES. + * Values larger than 64 bits are handled above while smaller + * values are handled here. + */ + actx->created_item = proto_tree_add_bytes_format(tree, hf_id, tvb, offset-len, len, NULL, + "%s: 0x%s", hfi->name, tvb_bytes_to_str(wmem_packet_scope(), tvb, offset-len, len)); + break; + default: + DISSECTOR_ASSERT_NOT_REACHED(); + } + + if (used_too_many_bytes) { + expert_add_info_format( + actx->pinfo, actx->created_item, &ei_ber_value_too_many_bytes, + "Value is encoded with too many bytes(9 leading zero or one bits), hf_abbr: %s", + hfi->abbrev); + } + } + } + + if (value) { + *value = val; + } + + return offset; +} + +int +dissect_ber_constrained_integer64(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint64 min_len, gint64 max_len, gint hf_id, gint64 *value) +{ + gint64 val; + + offset = dissect_ber_integer64(implicit_tag, actx, tree, tvb, offset, hf_id, &val); + if (value) { + *value = val; + } + + ber_check_value64 (val, min_len, max_len, actx, actx->created_item); + + return offset; +} + +int +dissect_ber_integer(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, guint32 *value) +{ + gint64 val; + + offset = dissect_ber_integer64(implicit_tag, actx, tree, tvb, offset, hf_id, &val); + if (value) { + *value = (guint32)val; + } + + return offset; +} + +int +dissect_ber_constrained_integer(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint32 min_len, gint32 max_len, gint hf_id, guint32 *value) +{ + gint64 val; + + offset = dissect_ber_integer64(implicit_tag, actx, tree, tvb, offset, hf_id, &val); + if (value) { + *value = (guint32)val; + } + + ber_check_value ((guint32)val, min_len, max_len, actx, actx->created_item); + + return offset; +} + +int +dissect_ber_boolean(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, bool *value) +{ + gint8 ber_class; + bool pc; + gint32 tag; + guint32 len; + guint8 val; + header_field_info *hfi; + + if (!implicit_tag) { + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &ber_class, &pc, &tag); + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); + /*if (ber_class != BER_CLASS_UNI)*/ + } else { + gint32 remaining = tvb_reported_length_remaining(tvb, offset); + len = remaining > 0 ? remaining : 0; + } + + if (len == 1) + { + val = tvb_get_guint8(tvb, offset); + offset += 1; + + actx->created_item = NULL; + + if (hf_id >= 0) { + hfi = proto_registrar_get_nth(hf_id); + if (hfi->type == FT_BOOLEAN) + actx->created_item = proto_tree_add_boolean(tree, hf_id, tvb, offset-1, 1, val); + else + actx->created_item = proto_tree_add_uint(tree, hf_id, tvb, offset-1, 1, val ? 1 : 0); + } + } else { + val = 0; + actx->created_item = NULL; + + if (hf_id >= 0) { + hfi = proto_registrar_get_nth(hf_id); + proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_error_length, tvb, offset, len, + "BER Error: %s: length of item (%u) is not valid", hfi->name, len); + } + } + + if (value) { + *value = (val ? TRUE : FALSE); + } + + return offset; +} + + +/* 8.5 Encoding of a real value */ +/* Somewhat tested */ +int +dissect_ber_real(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, double *value) +{ + gint8 ber_class; + bool pc; + gint32 tag; + guint32 val_length = 0, len_remain, end_offset; + tvbuff_t *len_tvb; + int len_offset; + int len_len; + double val = 0; + + if (!implicit_tag) { + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &ber_class, &pc, &tag); + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &val_length, NULL); + + end_offset = offset + val_length; + } else { + /* implicit tag so get from last tag/length */ + get_last_ber_identifier(&ber_class, &pc, &tag); + get_last_ber_length(&val_length, NULL, &len_tvb, &len_offset, &len_len); + + end_offset = offset + val_length; + + /* Check is buffer has (at least) the expected length */ + len_remain = (guint32)tvb_reported_length_remaining(tvb, offset); + if (len_remain < val_length) { + /* error - this item runs past the end of the item containing it */ + ber_add_large_length_error(actx->pinfo, tree, tvb, offset, val_length, len_tvb, len_offset, len_len); + return end_offset; + } + } + /* 8.5.1 The encoding of a real value shall be primitive. */ + if(pc) { + /* Constructed (not primitive) */ + proto_tree_add_expert( + tree, actx->pinfo, &ei_ber_real_not_primitive, tvb, offset - 2, 1); + } + + val = asn1_get_real(tvb_get_ptr(tvb, offset, val_length), val_length); + actx->created_item = proto_tree_add_double(tree, hf_id, tvb, end_offset - val_length, val_length, val); + + if (value) + *value = val; + + return end_offset; + +} +/* this function dissects a BER sequence + */ +int +dissect_ber_sequence(bool implicit_tag, asn1_ctx_t *actx, proto_tree *parent_tree, tvbuff_t *tvb, int offset, const ber_sequence_t *seq, gint hf_id, gint ett_id) { + gint8 classx; + bool pcx, ind = 0, ind_field, imp_tag = FALSE; + gint32 tagx; + int identifier_offset; + int identifier_len; + guint32 lenx; + proto_tree *tree = parent_tree; + proto_item *item = NULL; + proto_item *cause; + int end_offset = 0; + int hoffset; + tvbuff_t *next_tvb; + +#ifdef DEBUG_BER +{ +const char *name; +header_field_info *hfinfo; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +if (tvb_reported_length_remaining(tvb, offset) > 3) { +proto_tree_add_debug_text(tree, "SEQUENCE dissect_ber_sequence(%s) entered offset:%d len:%d %02x:%02x:%02x\n", name, offset, tvb_reported_length_remaining(tvb, offset), tvb_get_guint8(tvb, offset), tvb_get_guint8(tvb, offset+1), tvb_get_guint8(tvb, offset+2)); +} else { +proto_tree_add_debug_text(tree, "SEQUENCE dissect_ber_sequence(%s) entered\n", name); +} +} +#endif + hoffset = offset; + if (!implicit_tag) { + offset = get_ber_identifier(tvb, offset, NULL, NULL, NULL); + offset = get_ber_length(tvb, offset, &lenx, NULL); + } else { + /* was implicit tag so just use the length of the tvb */ + lenx = tvb_reported_length_remaining(tvb, offset); + end_offset = offset+lenx; + } + /* create subtree */ + if (hf_id >= 0) { + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_id, tvb, hoffset, lenx + offset - hoffset, ENC_BIG_ENDIAN); + tree = proto_item_add_subtree(item, ett_id); + } + } + offset = hoffset; + + if (!implicit_tag) { + /* first we must read the sequence header */ + identifier_offset = offset; + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &classx, &pcx, &tagx); + identifier_len = offset - identifier_offset; + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &lenx, &ind); + if (ind) { + /* Fixed the length is correctly returned from dissect ber_length + end_offset = tvb_reported_length(tvb);*/ + end_offset = offset + lenx -2; + } else { + end_offset = offset + lenx; + } + + /* sanity check: we only handle Constructed Universal Sequences */ + if ((classx != BER_CLASS_APP) && (classx != BER_CLASS_PRI)) { + if (!pcx + || ((classx != BER_CLASS_UNI) || (tagx != BER_UNI_TAG_SEQUENCE))) { + tvb_ensure_bytes_exist(tvb, hoffset, 2); + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_expected_sequence, + tvb, identifier_offset, identifier_len, + "BER Error: Sequence expected but class:%s(%d) %s tag:%d was unexpected", + val_to_str_const(classx, ber_class_codes, "Unknown"), + classx, + tfs_get_string(pcx, &tfs_constructed_primitive), + tagx); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + return end_offset; + } + } + } + if(offset == end_offset){ + proto_item_append_text(item, " [0 length]"); + } + /* loop over all entries until we reach the end of the sequence */ + while (offset < end_offset) { + gint8 ber_class; + bool pc; + gint32 tag; + guint32 len; + int eoffset, count; + + /*if (ind) { this sequence was of indefinite length, if this is implicit indefinite impossible maybe + but ber dissector uses this to eat the tag length then pass into here... EOC still on there...*/ + if ((tvb_get_guint8(tvb, offset) == 0) && (tvb_get_guint8(tvb, offset+1) == 0)) { + /* If the first bytes is 00 00 of a indefenert length field it's a zero length field*/ + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &ber_class, &pc, &tag); + dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, &ind); + proto_item_append_text(item, " 0 items"); + return end_offset; + /* + if (show_internal_ber_fields) { + proto_tree_add_expert(tree, pinfo, &ei_ber_error_seq_eoc, tvb, s_offset, offset+2, "ERROR WRONG SEQ EOC"); + } + return end_offset; + */ + } + /* } */ + hoffset = offset; + /* read header and len for next field */ + offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag); + offset = get_ber_length(tvb, offset, &len, &ind_field); + eoffset = offset + len; + /* Make sure we move forward */ + if (eoffset <= hoffset) + THROW(ReportedBoundsError); + + /*if (ind_field && (len == 2)) { + / disgusting indefinite length zero length field, what are these people doing / + offset = eoffset; + continue; + } + */ + +ber_sequence_try_again: + /* have we run out of known entries in the sequence ?*/ + if (!seq->func) { + /* it was not, move to the next one and try again */ + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, hoffset, NULL, NULL, NULL); + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_unknown_field_sequence, + tvb, hoffset, ((offset - hoffset) + len), + "BER Error: This field lies beyond the end of the known sequence definition."); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + offset = eoffset; + continue; + } + + /* Verify that this one is the one we want. + * Skip check completely if ber_class == ANY + * of if NOCHKTAG is set + */ +/* XXX Bug in asn2wrs, + * for scope [7] Scope OPTIONAL, + * it generates + * { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_NOTCHKTAG, dissect_scope }, + * and there should not be a NOTCHKTAG here + */ + if ( ((seq->ber_class == BER_CLASS_CON) || (seq->ber_class == BER_CLASS_APP) || (seq->ber_class == BER_CLASS_PRI)) + && (!(seq->flags & BER_FLAGS_NOOWNTAG)) ) { + if ( (seq->ber_class != BER_CLASS_ANY) + && (seq->tag != -1) + && ( (seq->ber_class != ber_class) + || (seq->tag != tag) ) ) { + /* it was not, move to the next one and try again */ + if (seq->flags & BER_FLAGS_OPTIONAL) { + /* well this one was optional so just skip to the next one and try again. */ + seq++; + goto ber_sequence_try_again; + } + identifier_offset = hoffset; + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, hoffset, NULL, NULL, NULL); + identifier_len = offset - identifier_offset; + dissect_ber_length(actx->pinfo, tree, tvb, offset, NULL, NULL); + if (seq->ber_class == BER_CLASS_UNI) { + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_sequence_field_wrong, + tvb, identifier_offset, identifier_len, + "BER Error: Wrong field in SEQUENCE: expected class:%s(%d) tag:%d (%s) but found class:%s(%d) tag:%d", + val_to_str_const(seq->ber_class, ber_class_codes, "Unknown"), + seq->ber_class, + seq->tag, + val_to_str_ext_const(seq->tag, &ber_uni_tag_codes_ext, "Unknown"), + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, + tag); + } else { + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_sequence_field_wrong, + tvb, identifier_offset, identifier_len, + "BER Error: Wrong field in SEQUENCE: expected class:%s(%d) tag:%d but found class:%s(%d) tag:%d", + val_to_str_const(seq->ber_class, ber_class_codes, "Unknown"), + seq->ber_class, + seq->tag, + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, + tag); + } + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + seq++; + offset = eoffset; + continue; + } + } else if (!(seq->flags & BER_FLAGS_NOTCHKTAG)) { + if ( (seq->ber_class != BER_CLASS_ANY) + && (seq->tag != -1) + && ( (seq->ber_class != ber_class) + || (seq->tag != tag) ) ) { + /* it was not, move to the next one and try again */ + if (seq->flags & BER_FLAGS_OPTIONAL) { + /* well this one was optional so just skip to the next one and try again. */ + seq++; + goto ber_sequence_try_again; + } + + identifier_offset = hoffset; + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, hoffset, NULL, NULL, NULL); + identifier_len = offset - identifier_offset; + dissect_ber_length(actx->pinfo, tree, tvb, offset, NULL, NULL); + if ( seq->ber_class == BER_CLASS_UNI) { + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_sequence_field_wrong, + tvb, identifier_offset, identifier_len, + "BER Error: Wrong field in SEQUENCE: expected class:%s(%d) tag:%d(%s) but found class:%s(%d) tag:%d", + val_to_str_const(seq->ber_class, ber_class_codes, "Unknown"), + seq->ber_class, + seq->tag, + val_to_str_ext_const(seq->tag, &ber_uni_tag_codes_ext, "Unknown"), + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, tag); + } else { + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_sequence_field_wrong, + tvb, identifier_offset, identifier_len, + "BER Error: Wrong field in SEQUENCE: expected class:%s(%d) tag:%d but found class:%s(%d) tag:%d", + val_to_str_const(seq->ber_class, ber_class_codes, "Unknown"), + seq->ber_class, + seq->tag, + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, + tag); + } + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + seq++; + offset = eoffset; + continue; + } + } + + if (!(seq->flags & BER_FLAGS_NOOWNTAG) ) { + /* dissect header and len for field */ + if (ind_field && (len == 2)) { + /* This is a Zero length field */ + next_tvb = ber_tvb_new_subset_length(tvb, offset, len); + hoffset = eoffset; + } else { + hoffset = dissect_ber_identifier(actx->pinfo, tree, tvb, hoffset, NULL, NULL, NULL); + hoffset = dissect_ber_length(actx->pinfo, tree, tvb, hoffset, NULL, NULL); + next_tvb = ber_tvb_new_subset_length(tvb, hoffset, eoffset - hoffset - (2 * ind_field)); + } + } else { + next_tvb = ber_tvb_new_subset_length(tvb, hoffset, eoffset - hoffset); + } + +#if 0 + /* call the dissector for this field */ + if ((eoffset-hoffset) > length_remaining) { + /* If the field is indefinite (i.e. we don't know the + * length) of if the tvb is short, then just + * give it all of the tvb and hope for the best. + */ + next_tvb = tvb_new_subset_remaining(tvb, hoffset); + } else { + + } +#endif + +#ifdef DEBUG_BER +{ +const char *name; +header_field_info *hfinfo; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +if (tvb_reported_length_remaining(next_tvb, 0) > 3) { +proto_tree_add_debug_text(tree, "SEQUENCE dissect_ber_sequence(%s) calling subdissector offset:%d len:%d %02x:%02x:%02x\n", name, offset, tvb_reported_length_remaining(next_tvb, 0), tvb_get_guint8(next_tvb, 0), tvb_get_guint8(next_tvb, 1), tvb_get_guint8(next_tvb, 2)); +} else { +proto_tree_add_debug_text(tree, "SEQUENCE dissect_ber_sequence(%s) calling subdissector\n", name); +} +} +#endif + if (next_tvb == NULL) { + /* Assume that we have a malformed packet. */ + THROW(ReportedBoundsError); + } + imp_tag = FALSE; + if (seq->flags & BER_FLAGS_IMPLTAG) { + imp_tag = TRUE; + } + + count = seq->func(imp_tag, next_tvb, 0, actx, tree, *seq->p_id); + +#ifdef DEBUG_BER +{ +const char *name; +header_field_info *hfinfo; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +proto_tree_add_debug_text(tree, "SEQUENCE dissect_ber_sequence(%s) subdissector ate %d bytes\n", name, count); +} +#endif + /* if it was optional and no bytes were eaten and it was */ + /* supposed to (len <> 0), just try again. */ + if ((len != 0) && (count == 0) && (seq->flags & BER_FLAGS_OPTIONAL)) { + seq++; + goto ber_sequence_try_again; + /* move the offset to the beginning of the next sequenced item */ + } + offset = eoffset; + if (!(seq->flags & BER_FLAGS_NOOWNTAG) ) { + /* if we stripped the tag and length we should also strip the EOC is ind_len + * Unless it's a zero length field (len = 2) + */ + if ((ind_field == 1) && (len > 2)) + { + /* skip over EOC */ + if (show_internal_ber_fields) { + proto_tree_add_item(tree, hf_ber_seq_field_eoc, tvb, offset-2, 2, ENC_NA); + } + } + } + seq++; + } + + /* if we didn't end up at exactly offset, then we ate too many bytes */ + if (offset != end_offset) { + tvb_ensure_bytes_exist(tvb, offset-2, 2); + proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_error_length, tvb, offset-2, 2, + "BER Error: SEQUENCE is %d too many bytes long", + offset - end_offset); + } + if (ind) { + /* need to eat this EOC + end_offset = tvb_reported_length(tvb);*/ + end_offset += 2; + if (show_internal_ber_fields) { + proto_tree_add_item(tree, hf_ber_seq_eoc, tvb, end_offset-2, 2, ENC_NA); + } + } + return end_offset; +} + +/* This function dissects a BER set + */ +int +dissect_ber_set(bool implicit_tag, asn1_ctx_t *actx, proto_tree *parent_tree, tvbuff_t *tvb, int offset, const ber_sequence_t *set, gint hf_id, gint ett_id) { + gint8 classx; + bool pcx, ind = 0, ind_field, imp_tag; + gint32 tagx; + int identifier_offset; + int identifier_len; + guint32 lenx; + int len_offset; + int len_len; + proto_tree *tree = parent_tree; + proto_item *item = NULL; + proto_item *cause; + int end_offset, s_offset; + int hoffset; + tvbuff_t *next_tvb; + guint32 mandatory_fields = 0; + guint8 set_idx; + bool first_pass; + const ber_sequence_t *cset = NULL; + +#define MAX_SET_ELEMENTS 32 + + s_offset = offset; + +#ifdef DEBUG_BER + { +const char *name; +header_field_info *hfinfo; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +if (tvb_reported_length_remaining(tvb, offset) > 3) { +proto_tree_add_debug_text(tree, "SET dissect_ber_set(%s) entered offset:%d len:%d %02x:%02x:%02x\n", name, offset, tvb_reported_length_remaining(tvb, offset), tvb_get_guint8(tvb, offset), tvb_get_guint8(tvb, offset+1), tvb_get_guint8(tvb, offset+2)); +} else { +proto_tree_add_debug_text(tree, "SET dissect_ber_set(%s) entered\n", name); +} +} +#endif + + if (!implicit_tag) { + hoffset = offset; + /* first we must read the sequence header */ + identifier_offset = offset; + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &classx, &pcx, &tagx); + identifier_len = offset - identifier_offset; + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &lenx, &ind); + if (ind) { + /* Fixed the length is correctly returned from dissect ber_length + end_offset = tvb_reported_length(tvb);*/ + end_offset = offset + lenx -2; + } else { + end_offset = offset + lenx; + } + + /* sanity check: we only handle Constructed Universal Sets */ + if ((classx != BER_CLASS_APP) && (classx != BER_CLASS_PRI)) { + if (!pcx + || ((classx != BER_CLASS_UNI) || (tagx != BER_UNI_TAG_SET))) { + tvb_ensure_bytes_exist(tvb, hoffset, 2); + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_expected_set, + tvb, identifier_offset, identifier_len, + "BER Error: SET expected but class:%s(%d) %s tag:%d was found", + val_to_str_const(classx, ber_class_codes, "Unknown"), + classx, + tfs_get_string(pcx, &tfs_constructed_primitive), + tagx); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + return end_offset; + } + } + } else { + /* was implicit tag so just use the length of the tvb */ + lenx = tvb_reported_length_remaining(tvb, offset); + end_offset = offset+lenx; + identifier_offset = 0; + identifier_len = 0; + } + + /* create subtree */ + if (hf_id >= 0) { + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_id, tvb, offset, lenx, ENC_BIG_ENDIAN); + tree = proto_item_add_subtree(item, ett_id); + } + } + + /* record the mandatory elements of the set so we can check we found everything at the end + we can only record 32 elements for now ... */ + for (set_idx = 0; (set_idx < MAX_SET_ELEMENTS) && (cset = &set[set_idx])->func; set_idx++) { + + if (!(cset->flags & BER_FLAGS_OPTIONAL)) + mandatory_fields |= 1 << set_idx; + + } + + /* loop over all entries until we reach the end of the set */ + while (offset < end_offset) { + gint8 ber_class; + bool pc; + gint32 tag; + guint32 len; + int eoffset, count; + + /*if (ind) { this sequence was of indefinite length, if this is implicit indefinite impossible maybe + but ber dissector uses this to eat the tag length then pass into here... EOC still on there...*/ + + if ((tvb_get_guint8(tvb, offset) == 0) && (tvb_get_guint8(tvb, offset+1) == 0)) { + if (show_internal_ber_fields) { + proto_tree_add_item(tree, hf_ber_seq_eoc, tvb, s_offset, offset+2, ENC_NA); + } + return end_offset; + } + /* } */ + hoffset = offset; + /* read header and len for next field */ + identifier_offset = offset; + offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag); + identifier_len = offset - identifier_offset; + len_offset = offset; + offset = get_ber_length(tvb, offset, &len, &ind_field); + len_len = offset - len_offset; + eoffset = offset + len; + + if (len > (guint32)(end_offset - offset) || len > (guint32) tvb_reported_length_remaining(tvb, offset)) { + ber_add_large_length_error(actx->pinfo, tree, tvb, offset, len, tvb, len_offset, len_len); + return end_offset; + } + + /* Look through the Set to see if this class/id exists and + * hasn't been seen before + * Skip check completely if ber_class == ANY + * of if NOCHKTAG is set + */ + + for (first_pass = TRUE, cset = set, set_idx = 0; cset->func || first_pass; cset++, set_idx++) { + + /* we reset for a second pass when we will look for choices */ + if (!cset->func) { + first_pass = FALSE; + + cset = set; /* reset to the beginning */ + set_idx = 0; + /* If the set has no values, there is no point in trying again. */ + if (!cset->func) { + break; + } + } + + if ((first_pass && ((cset->ber_class == ber_class) && (cset->tag == tag))) || + (!first_pass && ((cset->ber_class == BER_CLASS_ANY) && (cset->tag == -1))) ) /* choices */ + { + if (!(cset->flags & BER_FLAGS_NOOWNTAG) ) { + /* dissect header and len for field */ + hoffset = dissect_ber_identifier(actx->pinfo, tree, tvb, hoffset, NULL, NULL, NULL); + hoffset = dissect_ber_length(actx->pinfo, tree, tvb, hoffset, NULL, NULL); + next_tvb = ber_tvb_new_subset_length(tvb, hoffset, eoffset - hoffset - (2 * ind_field)); + } else { + next_tvb = ber_tvb_new_subset_length(tvb, hoffset, eoffset - hoffset); + } + + +#if 0 + /* call the dissector for this field */ + if ((eoffset-hoffset)>length_remaining) { + /* If the field is indefinite (i.e. we don't know the + * length) of if the tvb is short, then just + * give it all of the tvb and hope for the best. + */ + next_tvb = tvb_new_subset_remaining(tvb, hoffset); + } else { + + } +#endif + +#ifdef DEBUG_BER +{ +const char *name; +header_field_info *hfinfo; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +if (tvb_reported_length_remaining(next_tvb, 0) > 3) { +proto_tree_add_debug_text(tree, "SET dissect_ber_set(%s) calling subdissector offset:%d len:%d %02x:%02x:%02x\n", name, offset, tvb_reported_length_remaining(next_tvb, 0), tvb_get_guint8(next_tvb, 0), tvb_get_guint8(next_tvb, 1), tvb_get_guint8(next_tvb, 2)); +} else { +proto_tree_add_debug_text(tree, "SET dissect_ber_set(%s) calling subdissector\n", name); +} +} +#endif + if (next_tvb == NULL) { + /* Assume that we have a malformed packet. */ + THROW(ReportedBoundsError); + } + imp_tag = FALSE; + if ((cset->flags & BER_FLAGS_IMPLTAG)) + imp_tag = TRUE; + count = cset->func(imp_tag, next_tvb, 0, actx, tree, *cset->p_id); + + /* if we consumed some bytes, + or we knew the length was zero (during the first pass only) */ + if (count || (first_pass && ((len == 0) || ((ind_field == 1) && (len == 2))))) { + /* we found it! */ + if (set_idx < MAX_SET_ELEMENTS) + mandatory_fields &= ~(1 << set_idx); + + offset = eoffset; + + if (!(cset->flags & BER_FLAGS_NOOWNTAG) ) { + /* if we stripped the tag and length we should also strip the EOC is ind_len */ + if (ind_field == 1) { + /* skip over EOC */ + if (show_internal_ber_fields) { + proto_tree_add_item(tree, hf_ber_set_field_eoc, tvb, offset, count, ENC_NA); + } + } + } + break; + } + } + } + + if (!cset->func) { + /* we didn't find a match */ + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_unknown_field_set, + tvb, identifier_offset, identifier_len, + "BER Error: Unknown field in SET class:%s(%d) tag:%d", + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, + tag); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + offset = eoffset; + } + } + + if (mandatory_fields) { + + /* OK - we didn't find some of the elements we expected */ + + for (set_idx = 0; (set_idx < MAX_SET_ELEMENTS) && (cset = &set[set_idx])->func; set_idx++) { + if (mandatory_fields & (1U << set_idx)) { + /* here is something we should have seen - but didn't! */ + proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_missing_field_set, + tvb, identifier_offset, identifier_len, + "BER Error: Missing field in SET class:%s(%d) tag:%d expected", + val_to_str_const(cset->ber_class, ber_class_codes, "Unknown"), + cset->ber_class, + cset->tag); + } + + } + } + + /* if we didn't end up at exactly offset, then we ate too many bytes */ + if (offset != end_offset) { + tvb_ensure_bytes_exist(tvb, offset-2, 2); + proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_error_length, tvb, offset-2, 2, + "BER Error: SET is %d too many bytes long", + offset - end_offset); + } + + if (ind) { + /* need to eat this EOC + end_offset = tvb_reported_length(tvb);*/ + end_offset += 2; + if (show_internal_ber_fields) { + proto_tree_add_item(tree, hf_ber_set_eoc, tvb, end_offset-2, 2, ENC_NA); + } + } + + return end_offset; + +} + +#ifdef DEBUG_BER +#define DEBUG_BER_CHOICE +#endif + +int +dissect_ber_choice(asn1_ctx_t *actx, proto_tree *parent_tree, tvbuff_t *tvb, int offset, const ber_choice_t *choice, gint hf_id, gint ett_id, gint *branch_taken) +{ + gint8 ber_class; + bool pc, ind, imp_tag = FALSE; + gint32 tag; + int identifier_offset; + int identifier_len; + guint32 len; + proto_tree *tree = parent_tree; + proto_item *item = NULL; + int end_offset, start_offset, count; + int hoffset = offset; + gint length; + tvbuff_t *next_tvb; + bool first_pass; + header_field_info *hfinfo; + const ber_choice_t *ch; + +#ifdef DEBUG_BER_CHOICE +{ +const char *name; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +if (tvb_reported_length_remaining(tvb, offset) > 3) { +proto_tree_add_debug_text(tree, "CHOICE dissect_ber_choice(%s) entered offset:%d len:%d %02x:%02x:%02x\n", name, offset, tvb_reported_length_remaining(tvb, offset), tvb_get_guint8(tvb, offset), tvb_get_guint8(tvb, offset+1), tvb_get_guint8(tvb, offset+2)); +} else { +proto_tree_add_debug_text(tree, "CHOICE dissect_ber_choice(%s) entered len:%d\n", name, tvb_reported_length_remaining(tvb, offset)); +} +} +#endif + + start_offset = offset; + + if (branch_taken) { + *branch_taken = -1; + } + + if (tvb_reported_length_remaining(tvb, offset) == 0) { + proto_tree_add_expert( + parent_tree, actx->pinfo, &ei_ber_empty_choice, tvb, offset, 0); + return offset; + } + + /* read header and len for choice field */ + identifier_offset = offset; + offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag); + identifier_len = offset - identifier_offset; + offset = get_ber_length(tvb, offset, &len, &ind); + end_offset = offset + len ; + + /* Some sanity checks. + * The hf field passed to us MUST be an integer type + */ + if (hf_id >= 0) { + hfinfo = proto_registrar_get_nth(hf_id); + switch (hfinfo->type) { + case FT_UINT8: + case FT_UINT16: + case FT_UINT24: + case FT_UINT32: + break; + default: + proto_tree_add_expert_format( + tree, actx->pinfo, &ei_hf_field_not_integer_type, + tvb, identifier_offset, identifier_len, + "BER Error: dissect_ber_choice(): frame:%u offset:%d Was passed an HF field that was not integer type : %s", + actx->pinfo->num, offset, hfinfo->abbrev); + return end_offset; + } + } + + /* loop over all entries until we find the right choice or + run out of entries */ + ch = choice; + first_pass = TRUE; + while (ch->func || first_pass) { + if (branch_taken) { + (*branch_taken)++; + } + /* we reset for a second pass when we will look for choices */ + if (!ch->func) { + first_pass = FALSE; + ch = choice; /* reset to the beginning */ + if (branch_taken) { + *branch_taken = -1; + } + continue; + } + +#ifdef DEBUG_BER_CHOICE +proto_tree_add_debug_text(tree, "CHOICE testing potential subdissector class[%p]:%d:(expected)%d tag:%d:(expected)%d flags:%d\n", ch, ber_class, ch->ber_class, tag, ch->tag, ch->flags); +#endif + if ( (first_pass + && (((ch->ber_class == ber_class) && (ch->tag == tag)) + || ((ch->ber_class == ber_class) && (ch->tag == -1) && (ch->flags & BER_FLAGS_NOOWNTAG)))) + || (!first_pass && (((ch->ber_class == BER_CLASS_ANY) && (ch->tag == -1)))) /* we failed on the first pass so now try any choices */ + ) { + if (!(ch->flags & BER_FLAGS_NOOWNTAG)) { + /* dissect header and len for field */ + hoffset = dissect_ber_identifier(actx->pinfo, tree, tvb, start_offset, NULL, NULL, NULL); + hoffset = dissect_ber_length(actx->pinfo, tree, tvb, hoffset, NULL, NULL); + start_offset = hoffset; + if (ind) { + length = len - 2; + } else { + length = len; + } + } else { + length = end_offset- hoffset; + } + /* create subtree */ + if (hf_id >= 0) { + if (parent_tree) { + item = proto_tree_add_uint(parent_tree, hf_id, tvb, hoffset, end_offset - hoffset, ch->value); + tree = proto_item_add_subtree(item, ett_id); + } + } + +#ifdef REMOVED + /* This is bogus and makes the OID_1.0.9506.1.1.cap file + * in Steven J Schaeffer's email of 2005-09-12 fail to dissect + * properly. Maybe we should get rid of 'first_pass' + * completely. + * It was added as a qad workaround for some problem CMIP + * traces anyway. + * God, this file is a mess and it is my fault. /ronnie + */ + if (first_pass) + next_tvb = ber_tvb_new_subset_length(tvb, hoffset, length); + else + next_tvb = tvb; /* we didn't make selection on this class/tag so pass it on */ +#endif + next_tvb = ber_tvb_new_subset_length(tvb, hoffset, length); + + +#ifdef DEBUG_BER_CHOICE +{ +const char *name; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +if (tvb_reported_length_remaining(next_tvb, 0) > 3) { +proto_tree_add_debug_text(tree, "CHOICE dissect_ber_choice(%s) calling subdissector start_offset:%d offset:%d len:%d %02x:%02x:%02x\n", name, start_offset, offset, tvb_reported_length_remaining(next_tvb, 0), tvb_get_guint8(next_tvb, 0), tvb_get_guint8(next_tvb, 1), tvb_get_guint8(next_tvb, 2)); +} else { +proto_tree_add_debug_text(tree, "CHOICE dissect_ber_choice(%s) calling subdissector len:%d\n", name, tvb_reported_length(next_tvb)); +} +} +#endif + if (next_tvb == NULL) { + /* Assume that we have a malformed packet. */ + THROW(ReportedBoundsError); + } + imp_tag = FALSE; + if ((ch->flags & BER_FLAGS_IMPLTAG)) + imp_tag = TRUE; + count = ch->func(imp_tag, next_tvb, 0, actx, tree, *ch->p_id); +#ifdef DEBUG_BER_CHOICE +{ +const char *name; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +proto_tree_add_debug_text(tree, "CHOICE dissect_ber_choice(%s) subdissector ate %d bytes\n", name, count); +} +#endif + if ((count == 0) && (((ch->ber_class == ber_class) && (ch->tag == -1) && (ch->flags & BER_FLAGS_NOOWNTAG)) || !first_pass)) { + /* wrong one, break and try again */ + ch++; +#ifdef DEBUG_BER_CHOICE +{ +const char *name; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +proto_tree_add_debug_text(tree, "CHOICE dissect_ber_choice(%s) trying again\n", name); +} +#endif + continue; + } + if (!(ch->flags & BER_FLAGS_NOOWNTAG)) { + if (ind) { + /* we are traversing a indfinite length choice where we did not pass the tag length */ + /* we need to eat the EOC */ + if (show_internal_ber_fields) { + proto_tree_add_item(tree, hf_ber_choice_eoc, tvb, end_offset-2, 2, ENC_NA); + } + } + } + return end_offset; + } + ch++; + } + if (branch_taken) { + /* none of the branches were taken so set the param + back to -1 */ + *branch_taken = -1; + } + +#ifdef REMOVED + /*XXX here we should have another flag to the CHOICE to distinguish + * between the case when we know it is a mandatory or if the CHOICE is optional == no arm matched */ + + /* oops no more entries and we still haven't found + * our guy :-( + */ + proto_tree_add_expert( + tree, actx->pinfo, &ei_ber_choice_not_found, tvb, offset, len); + return end_offset; +#endif + + return start_offset; +} + +#if 0 +/* this function dissects a BER GeneralString + */ +int +dissect_ber_GeneralString(asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, char *name_string, int name_len) +{ + gint8 ber_class; + bool pc; + gint32 tag; + int identifier_offset; + int identifier_len; + guint32 len; + int end_offset; + int hoffset; + char str_arr[256]; + guint32 max_len; + char *str; + proto_item *cause; + + str = str_arr; + max_len = 255; + if (name_string) { + str = name_string; + max_len = name_len; + } + + hoffset = offset; + /* first we must read the GeneralString header */ + identifier_offset = offset; + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &ber_class, &pc, &tag); + identifier_len = offset - identifier_offset; + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); + end_offset = offset + len; + + /* sanity check: we only handle Universal GeneralString*/ + if ( (ber_class != BER_CLASS_UNI) + || (tag != BER_UNI_TAG_GENSTR) ) { + tvb_ensure_bytes_exist(tvb, hoffset, 2); + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_expected_general_string, + tvb, identifier_offset, identifier_len, + "BER Error: GeneralString expected but class:%s(%d) %s tag:%d was unexpected", + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, tfs_get_string(pc, &tfs_constructed_primitive), + tag); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + return end_offset; + } + + if (len >= (max_len - 1)) { + len = max_len - 1; + } + + tvb_memcpy(tvb, str, offset, len); + str[len]=0; + + if (hf_id >= 0) { + proto_tree_add_string(tree, hf_id, tvb, offset, len, str); + } + + return end_offset; +} +#endif + +int +dissect_ber_constrained_restricted_string(bool implicit_tag, gint32 type, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint32 min_len, gint32 max_len, gint hf_id, tvbuff_t **out_tvb) { + gint8 ber_class; + bool pc; + gint32 tag; + int identifier_offset; + int identifier_len; + guint32 len; + int eoffset; + int hoffset = offset; + proto_item *cause; + +#ifdef DEBUG_BER +{ +const char *name; +header_field_info *hfinfo; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +if (tvb_reported_length_remaining(tvb, offset) > 3) { +proto_tree_add_debug_text(tree, "RESTRICTED STRING dissect_ber_octet string(%s) entered implicit_tag:%d offset:%d len:%d %02x:%02x:%02x\n", name, implicit_tag, offset, tvb_reported_length_remaining(tvb, offset), tvb_get_guint8(tvb, offset), tvb_get_guint8(tvb, offset+1), tvb_get_guint8(tvb, offset+2)); +} else { +proto_tree_add_debug_text(tree, "RESTRICTED STRING dissect_ber_octet_string(%s) entered\n", name); +} +} +#endif + + if (!implicit_tag) { + identifier_offset = offset; + offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag); + identifier_len = offset - identifier_offset; + offset = get_ber_length(tvb, offset, &len, NULL); + eoffset = offset + len; + + /* sanity check */ + if ( (ber_class != BER_CLASS_UNI) + || (tag != type) ) { + tvb_ensure_bytes_exist(tvb, hoffset, 2); + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_expected_string, + tvb, identifier_offset, identifier_len, + "BER Error: String with tag=%d expected but class:%s(%d) %s tag:%d was unexpected", + type, + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, tfs_get_string(pc, &tfs_constructed_primitive), + tag); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + return eoffset; + } + } + + /* 8.21.3 */ + return dissect_ber_constrained_octet_string(implicit_tag, actx, tree, tvb, hoffset, min_len, max_len, hf_id, out_tvb); +} + +int dissect_ber_restricted_string(bool implicit_tag, gint32 type, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, tvbuff_t **out_tvb) +{ + return dissect_ber_constrained_restricted_string(implicit_tag, type, actx, tree, tvb, offset, NO_BOUND, NO_BOUND, hf_id, out_tvb); +} + +int +dissect_ber_GeneralString(asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, char *name_string, guint name_len) +{ + tvbuff_t *out_tvb = NULL; + gint tvb_len; + + offset = dissect_ber_restricted_string(FALSE, BER_UNI_TAG_GeneralString, actx, tree, tvb, offset, hf_id, (name_string) ? &out_tvb : NULL); + + if (name_string) { + /* + * XXX - do we want to just get what's left in the tvbuff + * if the full length isn't available in the tvbuff, or + * do we want to throw an exception? + */ + if (out_tvb) { + tvb_len = tvb_reported_length(out_tvb); + if ((guint)tvb_len >= name_len) { + tvb_memcpy(out_tvb, (guint8*)name_string, 0, name_len-1); + name_string[name_len-1] = '\0'; + } else { + tvb_memcpy(out_tvb, (guint8*)name_string, 0, tvb_len); + name_string[tvb_len] = '\0'; + } + } + } + + return offset; +} + +/* 8.19 Encoding of a relative or absolute object identifier value. + */ +static int +dissect_ber_any_oid(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, tvbuff_t **value_tvb, bool is_absolute) +{ + gint8 ber_class; + bool pc; + gint32 tag; + int identifier_offset; + int identifier_len; + guint32 len; + int eoffset; + int hoffset; + const char *str; + proto_item *cause; + const gchar *name; + header_field_info *hfi; + +#ifdef DEBUG_BER +{ +header_field_info *hfinfo; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +if (tvb_reported_length_remaining(tvb, offset) > 3) { +proto_tree_add_debug_text(tree, "OBJECT IDENTIFIER dissect_ber_any_oid(%s) entered implicit_tag:%d offset:%d len:%d %02x:%02x:%02x\n", name, implicit_tag, offset, tvb_reported_length_remaining(tvb, offset), tvb_get_guint8(tvb, offset), tvb_get_guint8(tvb, offset+1), tvb_get_guint8(tvb, offset+2)); +} else { +proto_tree_add_debug_text(tree, "OBJECT IDENTIFIER dissect_ber_any_oid(%s) entered\n", name); +} +} +#endif + + if (!implicit_tag) { + hoffset = offset; + /* sanity check */ + identifier_offset = offset; + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &ber_class, &pc, &tag); + identifier_len = offset - identifier_offset; + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); + eoffset = offset + len; + if ( (ber_class != BER_CLASS_UNI) + || (is_absolute && tag != BER_UNI_TAG_OID) + || (!is_absolute && tag != BER_UNI_TAG_RELATIVE_OID) ) { + tvb_ensure_bytes_exist(tvb, hoffset, 2); + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_expected_object_identifier, + tvb, identifier_offset, identifier_len, + "BER Error: Object Identifier expected but class:%s(%d) %s tag:%d was unexpected", + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, + tfs_get_string(pc, &tfs_constructed_primitive), + tag); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + return eoffset; + } + } else { + len = tvb_reported_length_remaining(tvb, offset); + eoffset = offset+len; + } + + actx->created_item = NULL; + hfi = proto_registrar_get_nth(hf_id); + if ((is_absolute && hfi->type == FT_OID) || (!is_absolute && hfi->type == FT_REL_OID)) { + actx->created_item = proto_tree_add_item(tree, hf_id, tvb, offset, len, ENC_BIG_ENDIAN); + } else if (FT_IS_STRING(hfi->type)) { + str = oid_encoded2string(wmem_packet_scope(), tvb_get_ptr(tvb, offset, len), len); + actx->created_item = proto_tree_add_string(tree, hf_id, tvb, offset, len, str); + if (actx->created_item) { + /* see if we know the name of this oid */ + name = oid_resolved_from_encoded(wmem_packet_scope(), tvb_get_ptr(tvb, offset, len), len); + if (name) { + proto_item_append_text(actx->created_item, " (%s)", name); + } + } + } else { + DISSECTOR_ASSERT_NOT_REACHED(); + } + + if (value_tvb) + *value_tvb = ber_tvb_new_subset_length(tvb, offset, len); + + return eoffset; +} + +static int +dissect_ber_any_oid_str(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, const char **value_stringx, bool is_absolute) +{ + tvbuff_t *value_tvb = NULL; + guint length; + + offset = dissect_ber_any_oid(implicit_tag, actx, tree, tvb, offset, hf_id, (value_stringx) ? &value_tvb : NULL, is_absolute); + + if (value_stringx) { + if (value_tvb && (length = tvb_reported_length(value_tvb))) { + *value_stringx = oid_encoded2string(wmem_packet_scope(), tvb_get_ptr(value_tvb, 0, length), length); + } else { + *value_stringx = ""; + } + } + + return offset; +} + +/* 8.19 Encoding of a relative object identifier value. + */ +int +dissect_ber_relative_oid(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, tvbuff_t **value_tvb) +{ + return dissect_ber_any_oid(implicit_tag, actx, tree, tvb, offset, hf_id, value_tvb, FALSE); +} + +int +dissect_ber_relative_oid_str(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, const char **value_stringx) +{ + return dissect_ber_any_oid_str(implicit_tag, actx, tree, tvb, offset, hf_id, value_stringx, FALSE); +} + +/* 8.19 Encoding of an object identifier value. + */ +int +dissect_ber_object_identifier(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, tvbuff_t **value_tvb) +{ + return dissect_ber_any_oid(implicit_tag, actx, tree, tvb, offset, hf_id, value_tvb, TRUE); +} + +int +dissect_ber_object_identifier_str(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, const char **value_stringx) +{ + return dissect_ber_any_oid_str(implicit_tag, actx, tree, tvb, offset, hf_id, value_stringx, TRUE); +} + +#ifdef DEBUG_BER +#define DEBUG_BER_SQ_OF +#endif + +static int +dissect_ber_sq_of(bool implicit_tag, gint32 type, asn1_ctx_t *actx, proto_tree *parent_tree, tvbuff_t *tvb, int offset, gint32 min_len, gint32 max_len, const ber_sequence_t *seq, gint hf_id, gint ett_id) { + gint8 classx; + bool pcx, ind = FALSE, ind_field; + gint32 tagx; + int identifier_offset; + int identifier_len; + guint32 lenx; + + proto_tree *tree = parent_tree; + proto_item *item = NULL; + proto_item *causex; + int cnt, hoffsetx, end_offset; + bool have_cnt; + header_field_info *hfi; + tvbuff_t *next_tvb; + +#ifdef DEBUG_BER_SQ_OF +{ +const char *name; +header_field_info *hfinfo; +if (hf_id >= 0) { +hfinfo = proto_registrar_get_nth(hf_id); +name = hfinfo->name; +} else { +name = "unnamed"; +} +if (tvb_reported_length_remaining(tvb,offset) > 3) { +proto_tree_add_debug_text(tree, "SQ OF dissect_ber_sq_of(%s) entered implicit_tag:%d offset:%d len:%d %02x:%02x:%02x\n", name, implicit_tag, offset, tvb_reported_length_remaining(tvb, offset), tvb_get_guint8(tvb, offset), tvb_get_guint8(tvb, offset+1), tvb_get_guint8(tvb, offset+2)); +} else { +proto_tree_add_debug_text(tree, "SQ OF dissect_ber_sq_of(%s) entered\n", name); +} +} +#endif + + if (!implicit_tag) { + hoffsetx = offset; + /* first we must read the sequence header */ + identifier_offset = offset; + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &classx, &pcx, &tagx); + identifier_len = offset - identifier_offset; + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &lenx, &ind); + end_offset = offset + lenx; + + /* sanity check: we only handle Constructed Universal Sequences */ + if ((classx != BER_CLASS_APP) && (classx != BER_CLASS_PRI)) { + if (!pcx + || ((classx != BER_CLASS_UNI) || (tagx != type))) { + tvb_ensure_bytes_exist(tvb, hoffsetx, 2); + causex = proto_tree_add_expert_format( + tree, actx->pinfo, + (type == BER_UNI_TAG_SEQUENCE) ? &ei_ber_expected_set : &ei_ber_expected_sequence, + tvb, identifier_offset, identifier_len, + "BER Error: %s OF expected but class:%s(%d) %s tag:%d was unexpected", + (type == BER_UNI_TAG_SEQUENCE) ? "SET" : "SEQUENCE", + val_to_str_const(classx, ber_class_codes, "Unknown"), + classx, tfs_get_string(pcx, &tfs_constructed_primitive), + tagx); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(causex, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffsetx, unknown_tree); + } + return end_offset; + } + } + } else { + /* the tvb length should be correct now nope we could be coming from an implicit choice or sequence, thus we + read the items we match and return the length*/ + lenx = tvb_reported_length_remaining(tvb, offset); + end_offset = offset + lenx; + } + + /* count number of items */ + cnt = 0; + have_cnt = FALSE; + hoffsetx = offset; + /* only count the number of items IFF we have the full blob, + * else this will just generate a [short frame] before we even start + * dissecting a single item. + */ + /* XXX Do we really need to count them at all ? ronnie */ + if (tvb_captured_length_remaining(tvb, offset) == tvb_reported_length_remaining(tvb, offset)) { + have_cnt = TRUE; + while (offset < end_offset) { + guint32 len; + gint s_offset; + + s_offset = offset; + + /*if (ind) { this sequence of was of indefinite length, if this is implicit indefinite impossible maybe + but ber dissector uses this to eat the tag length then pass into here... EOC still on there...*/ + if ((tvb_get_guint8(tvb, offset) == 0) && (tvb_get_guint8(tvb, offset+1) == 0)) { + break; + } + /* } */ + + /* read header and len for next field */ + offset = get_ber_identifier(tvb, offset, NULL, NULL, NULL); + offset = get_ber_length(tvb, offset, &len, &ind); + /* best place to get real length of implicit sequence of or set of is here... */ + /* adjust end_offset if we find somthing that doesn't match */ + offset += len; + cnt++; + if (offset <= s_offset) { + /* Underflow - give up; this can happen with a very large + * length. + */ + have_cnt = FALSE; + cnt = 0; + break; + } + } + } + offset = hoffsetx; + + /* create subtree */ + if (hf_id >= 0) { + hfi = proto_registrar_get_nth(hf_id); + if (parent_tree) { + if (hfi->type == FT_NONE) { + item = proto_tree_add_item(parent_tree, hf_id, tvb, offset, lenx, ENC_BIG_ENDIAN); + proto_item_append_text(item, ":"); + } else { + if (have_cnt) { + item = proto_tree_add_uint(parent_tree, hf_id, tvb, offset, lenx, cnt); + proto_item_append_text(item, (cnt == 1) ? " item" : " items"); + } else + item = proto_tree_add_uint_format_value(parent_tree, hf_id, tvb, offset, lenx, cnt, "unknown number of items"); + } + tree = proto_item_add_subtree(item, ett_id); + ber_check_items (cnt, min_len, max_len, actx, item); + } + } + + /* loop over all entries until we reach the end of the sequence */ + while (offset < end_offset) { + gint8 ber_class; + bool pc; + gint32 tag; + guint32 len; + int eoffset; + int hoffset; + proto_item *cause; + bool imp_tag; + + hoffset = offset; + /*if (ind) { this sequence was of indefinite length, if this is implicit indefinite impossible maybe + but ber dissector uses this to eat the tag length then pass into here... EOC still on there...*/ + if ((tvb_get_guint8(tvb, offset) == 0) && (tvb_get_guint8(tvb, offset+1) == 0)) { + if (show_internal_ber_fields) { + proto_tree_add_item(tree, hf_ber_seq_of_eoc, tvb, hoffset, end_offset-hoffset, ENC_NA); + } + return offset+2; + } + /*}*/ + /* read header and len for next field */ + identifier_offset = offset; + offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag); + identifier_len = offset - identifier_offset; + offset = get_ber_length(tvb, offset, &len, &ind_field); + eoffset = offset + len; + /* Make sure we move forward */ + if (eoffset <= hoffset) + THROW(ReportedBoundsError); + + if ((ber_class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_EOC)) { + /* This is a zero length sequence of*/ + hoffset = dissect_ber_identifier(actx->pinfo, tree, tvb, hoffset, NULL, NULL, NULL); + dissect_ber_length(actx->pinfo, tree, tvb, hoffset, NULL, NULL); + return eoffset; + } + /* verify that this one is the one we want */ + /* ahup if we are implicit then we return to the upper layer how much we have used */ + if (seq->ber_class != BER_CLASS_ANY) { + if ((seq->ber_class != ber_class) + || (seq->tag != tag) ) { + if (!(seq->flags & BER_FLAGS_NOTCHKTAG)) { + if ( seq->ber_class == BER_CLASS_UNI) { + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_sequence_field_wrong, + tvb, identifier_offset, identifier_len, + "BER Error: Wrong field in SEQUENCE OF: expected class:%s(%d) tag:%d(%s) but found class:%s(%d) tag:%d", + val_to_str_const(seq->ber_class, ber_class_codes, "Unknown"), + seq->ber_class, + seq->tag, + val_to_str_ext_const(seq->tag, &ber_uni_tag_codes_ext, "Unknown"), + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, tag); + } else { + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_sequence_field_wrong, + tvb, identifier_offset, identifier_len, + "BER Error: Wrong field in SEQUENCE OF: expected class:%s(%d) tag:%d but found class:%s(%d) tag:%d", + val_to_str_const(seq->ber_class, ber_class_codes, "Unknown"), + seq->ber_class, + seq->tag, + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, + tag); + } + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + offset = eoffset; + continue; + /* wrong.... */ + } + } + } + + if (!(seq->flags & BER_FLAGS_NOOWNTAG) && !(seq->flags & BER_FLAGS_IMPLTAG)) { + /* dissect header and len for field */ + hoffset = dissect_ber_identifier(actx->pinfo, tree, tvb, hoffset, NULL, NULL, NULL); + hoffset = dissect_ber_length(actx->pinfo, tree, tvb, hoffset, NULL, NULL); + } + if ((seq->flags == BER_FLAGS_IMPLTAG) && (seq->ber_class == BER_CLASS_CON)) { + /* Constructed sequence of with a tag */ + /* dissect header and len for field */ + hoffset = dissect_ber_identifier(actx->pinfo, tree, tvb, hoffset, NULL, NULL, NULL); + hoffset = dissect_ber_length(actx->pinfo, tree, tvb, hoffset, NULL, NULL); + /* Function has IMPLICIT TAG */ + } + + next_tvb = ber_tvb_new_subset_length(tvb, hoffset, eoffset-hoffset); + + imp_tag = FALSE; + if (seq->flags == BER_FLAGS_IMPLTAG) + imp_tag = TRUE; + /* call the dissector for this field */ + seq->func(imp_tag, next_tvb, 0, actx, tree, *seq->p_id); + /* hold on if we are implicit and the result is zero, i.e. the item in the sequence of + doesn't match the next item, thus this implicit sequence is over, return the number of bytes + we have eaten to allow the possible upper sequence continue... */ + cnt++; /* rubbish*/ + offset = eoffset; + } + + /* if we didn't end up at exactly offset, then we ate too many bytes */ + if (offset != end_offset) { + tvb_ensure_bytes_exist(tvb, offset-2, 2); + proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_error_length, tvb, offset-2, 2, + "BER Error: %s OF contained %d too many bytes", + (type == BER_UNI_TAG_SEQUENCE) ? "SEQUENCE" : "SET", + offset - end_offset); + } + + return end_offset; +} + +int +dissect_ber_constrained_sequence_of(bool implicit_tag, asn1_ctx_t *actx, proto_tree *parent_tree, tvbuff_t *tvb, int offset, gint32 min_len, gint32 max_len, const ber_sequence_t *seq, gint hf_id, gint ett_id) { + return dissect_ber_sq_of(implicit_tag, BER_UNI_TAG_SEQUENCE, actx, parent_tree, tvb, offset, min_len, max_len, seq, hf_id, ett_id); +} + +int +dissect_ber_sequence_of(bool implicit_tag, asn1_ctx_t *actx, proto_tree *parent_tree, tvbuff_t *tvb, int offset, const ber_sequence_t *seq, gint hf_id, gint ett_id) { + return dissect_ber_sq_of(implicit_tag, BER_UNI_TAG_SEQUENCE, actx, parent_tree, tvb, offset, NO_BOUND, NO_BOUND, seq, hf_id, ett_id); +} + +int +dissect_ber_constrained_set_of(bool implicit_tag, asn1_ctx_t *actx, proto_tree *parent_tree, tvbuff_t *tvb, int offset, gint32 min_len, gint32 max_len, const ber_sequence_t *seq, gint hf_id, gint ett_id) { + return dissect_ber_sq_of(implicit_tag, BER_UNI_TAG_SET, actx, parent_tree, tvb, offset, min_len, max_len, seq, hf_id, ett_id); +} + +int +dissect_ber_set_of(bool implicit_tag, asn1_ctx_t *actx, proto_tree *parent_tree, tvbuff_t *tvb, int offset, const ber_sequence_t *seq, gint hf_id, gint ett_id) { + return dissect_ber_sq_of(implicit_tag, BER_UNI_TAG_SET, actx, parent_tree, tvb, offset, NO_BOUND, NO_BOUND, seq, hf_id, ett_id); +} + +int +dissect_ber_GeneralizedTime(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id) +{ + nstime_t ts; + const guint8 *tmpstr; + gint8 ber_class; + bool pc; + gint32 tag; + int identifier_offset; + int identifier_len; + guint32 len; + int len_offset; + int len_len; + int end_offset; + int hoffset; + proto_item *cause; + + if (!implicit_tag) { + hoffset = offset; + identifier_offset = offset; + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &ber_class, &pc, &tag); + identifier_len = offset - identifier_offset; + len_offset = offset; + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); + len_len = offset - len_offset; + end_offset = offset+len; + + /* sanity check. we only handle universal/generalized time */ + if ( (ber_class != BER_CLASS_UNI) || (tag != BER_UNI_TAG_GeneralizedTime)) { + tvb_ensure_bytes_exist(tvb, hoffset, 2); + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_expected_generalized_time, + tvb, identifier_offset, identifier_len, + "BER Error: GeneralizedTime expected but class:%s(%d) %s tag:%d was unexpected", + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, + tfs_get_string(pc, &tfs_constructed_primitive), + tag); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + return end_offset; + } + } else { + len = tvb_reported_length_remaining(tvb, offset); + len_offset = 0; + len_len = 0; + end_offset = offset+len; + } + + /* ASN.1 GeneralizedTime is a ISO 8601 Basic profile that omits the T + * between date and time. BER allows accuracy of hours, minutes, seconds, + * fractions of a second "to any degree of accuracy", and even + * fractional minutes or hours (see ITU-T X.680 46.2 and ITU-T X.690 8.25.) + * + * CER/DER (and PER) require that the seconds field be present (cf. + * ITU-T X.690 11.7 and ITU-T X.691 10.6.5), that the decimal point + * element be ".", that fractional seconds trailing zeros MUST be omitted, + * and that the decimal point shall also be omitted if the entire fractional + * second is 0 (in order to have a unique representation.) + * + * RFC 5280 says that X.509 certificate validity dates after 2050, which + * MUST use GeneralizedTime, MUST be expressed in Z and MUST include + * seconds but MUST NOT include fractional seconds. + * + * The minimum that iso8601_to_nstime() handles currently is + * YYYYMMDDhhmm = 12 digits + * and the maximimum is + * YYYYMMDDhhmmss.sssssssss+hhmm = 29 digits + * + * That doesn't handle everything that BER technically supports, but + * everything seen in practice. For the protocols that are more restrictive + * if someone really wants to validate and complain about e.g. fractional + * seconds in a X.509 certificate, that could be added to the conformance + * file. + */ + if ((len < 12) || (len > 29)) { + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_error_length, + tvb, len_offset, len_len, + "BER Error: GeneralizedTime invalid length: %u", + len); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, offset, unknown_tree); + } + return end_offset; + } + + tmpstr = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, len, ENC_ASCII); + if (!iso8601_to_nstime(&ts, tmpstr, ISO8601_DATETIME_BASIC)) { + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_invalid_format_generalized_time, + tvb, offset, len, + "BER Error: GeneralizedTime invalid format: %s", + tmpstr); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, offset, unknown_tree); + } + return end_offset; + } + + if (hf_id >= 0) { + proto_tree_add_time(tree, hf_id, tvb, offset, len, &ts); + } + + offset+=len; + return offset; + +} + +/* datestrptr: if not NULL return datetime string instead of adding to tree or NULL when packet is malformed + * tvblen: if not NULL return consumed packet bytes + */ +int +dissect_ber_UTCTime(bool implicit_tag, asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, int offset, gint hf_id, char **datestrptr, guint32 *tvblen) +{ + char *outstr, *outstrptr; + const guint8 *instr; + gint8 ber_class; + bool pc; + gint32 tag; + int identifier_offset; + int identifier_len; + guint32 len, i, n; + int hoffset; + proto_item *cause; + proto_tree *error_tree; + const gchar *error_str = NULL; + + outstrptr = outstr = (char *)wmem_alloc(wmem_packet_scope(), 29); + + if (datestrptr) *datestrptr = NULL; /* mark invalid */ + if (tvblen) *tvblen = 0; + + if (!implicit_tag) { + hoffset = offset; + identifier_offset = offset; + offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &ber_class, &pc, &tag); + identifier_len = offset - identifier_offset; + offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); + + /* sanity check: we only handle UTCTime */ + if ( (ber_class != BER_CLASS_UNI) || (tag != BER_UNI_TAG_UTCTime) ) { + tvb_ensure_bytes_exist(tvb, hoffset, 2); + cause = proto_tree_add_expert_format( + tree, actx->pinfo, &ei_ber_expected_utc_time, + tvb, identifier_offset, identifier_len, + "BER Error: UTCTime expected but class:%s(%d) %s tag:%d was unexpected", + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, + tfs_get_string(pc, &tfs_constructed_primitive), + tag); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + return offset+len; + } + } else { + len = tvb_reported_length_remaining(tvb, offset); + } + + if ((len < 10) || (len > 19)) { + error_str = wmem_strdup_printf(wmem_packet_scope(), "BER Error: UTCTime invalid length: %u", len); + instr = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, len > 19 ? 19 : len, ENC_ASCII); + goto malformed; + } + + instr = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, len, ENC_ASCII); + + /* YYMMDDhhmm */ + for (i=0; i<10; i++) { + if ((instr[i] < '0') || (instr[i] > '9')) { + error_str = "BER Error: malformed UTCTime encoding, " + "first 10 octets have to contain YYMMDDhhmm in digits"; + goto malformed; + } + } + snprintf(outstrptr, 15, "%.2s-%.2s-%.2s %.2s:%.2s", instr, instr+2, instr+4, instr+6, instr+8); + outstrptr+= 14; + + /* (ss)? */ + if (len >= 12) { + if ((instr[i] >= '0') && (instr[i] <= '9')) { + i++; + if ((instr[i] >= '0') && (instr[i] <= '9')) { + i++; + snprintf(outstrptr, 4, ":%.2s", instr+10); + outstrptr+=3; + } else { + error_str = "BER Error: malformed UTCTime encoding, " + "if 11th octet is a digit for seconds, " + "the 12th octet has to be a digit, too"; + goto malformed; + } + } + } + + /* Z|([+-]hhmm) */ + switch (instr[i]) { + case 'Z': + if (len != (i+1)) { + error_str = "BER Error: malformed UTCTime encoding, " + "there must be no further octets after \'Z\'"; + goto malformed; + } + snprintf(outstrptr, 7, " (UTC)"); + i++; + break; + case '-': + case '+': + if (len != (i+5)) { + error_str = "BER Error: malformed UTCTime encoding, " + "4 digits must follow on \'+\' resp. \'-\'"; + goto malformed; + } + for (n=i+1; n<i+5; n++) { + if ((instr[n] < '0') || (instr[n] > '9')) { + error_str = "BER Error: malformed UTCTime encoding, " + "4 digits must follow on \'+\' resp. \'-\'"; + goto malformed; + } + } + snprintf(outstrptr, 12, " (UTC%c%.4s)", instr[i], instr+i+1); + i+=5; + break; + default: + error_str = wmem_strdup_printf(wmem_packet_scope(), + "BER Error: malformed UTCTime encoding, " + "unexpected character in %dth octet, " + "must be \'Z\', \'+\' or \'-\'", i+1); + goto malformed; + break; + } + + if (len != i) { + error_str = wmem_strdup_printf(wmem_packet_scope(), + "BER Error: malformed UTCTime encoding, %d unexpected character%s after %dth octet", + len - i, + (len == (i - 1) ? "s" : ""), + i); + goto malformed; + } + + if (datestrptr) { + *datestrptr = outstr; /* mark as valid */ + } else { + if (hf_id >= 0) { + proto_tree_add_string(tree, hf_id, tvb, offset, len, outstr); + } + } + if (tvblen) *tvblen = len; + + return offset+len; +malformed: + if (hf_id >= 0) { + cause = proto_tree_add_string(tree, hf_id, tvb, offset, len, instr); + error_tree = proto_item_add_subtree(cause, ett_ber_unknown); + } else { + error_tree = tree; + } + + proto_tree_add_expert_format( + error_tree, actx->pinfo, &ei_ber_invalid_format_utctime, + tvb, offset, len, + "%s", + error_str); + + if (tvblen) *tvblen = len; + + return offset+len; +} + +/* 8.6 Encoding of a bitstring value */ + +int +dissect_ber_constrained_bitstring(bool implicit_tag, asn1_ctx_t *actx, proto_tree *parent_tree, tvbuff_t *tvb, int offset, gint32 min_len, gint32 max_len, int * const *named_bits, int num_named_bits, gint hf_id, gint ett_id, tvbuff_t **out_tvb) +{ + gint8 ber_class; + bool pc, ind; + gint32 tag; + int identifier_offset; + int identifier_len; + gint len; + guint8 pad = 0; + int end_offset; + int hoffset; + proto_item *item = NULL; + proto_item *cause; + proto_tree *tree = NULL; + /*const char *sep;*/ + /*const int **nb;*/ + + if (!implicit_tag) { + hoffset = offset; + /* read header and len for the octet string */ + identifier_offset = offset; + offset = dissect_ber_identifier(actx->pinfo, parent_tree, tvb, offset, &ber_class, &pc, &tag); + identifier_len = offset - identifier_offset; + offset = dissect_ber_length(actx->pinfo, parent_tree, tvb, offset, &len, &ind); + end_offset = offset + len; + + /* sanity check: we only handle Universal BitStrings */ + + /* for an IMPLICIT APPLICATION tag asn2wrs seems to call this + function with implicit_tag = FALSE. BER_FLAGS_NOOWNTAG was + set so the APPLICATION tag was still present. + So here we relax it for APPLICATION tags. CONTEXT tags may + still cause a problem. */ + + if (ber_class != BER_CLASS_APP) { + if ((ber_class != BER_CLASS_UNI) + || (tag != BER_UNI_TAG_BITSTRING)) { + tvb_ensure_bytes_exist(tvb, hoffset, 2); + cause = proto_tree_add_expert_format( + parent_tree, actx->pinfo, &ei_ber_expected_bitstring, + tvb, identifier_offset, identifier_len, + "BER Error: BitString expected but class:%s(%d) %s tag:%d was unexpected", + val_to_str_const(ber_class, ber_class_codes, "Unknown"), + ber_class, tfs_get_string(pc, &tfs_constructed_primitive), + tag); + if (decode_unexpected) { + proto_tree *unknown_tree = proto_item_add_subtree(cause, ett_ber_unknown); + dissect_unknown_ber(actx->pinfo, tvb, hoffset, unknown_tree); + } + return end_offset; + } + } + } else { + pc = 0; + len = tvb_reported_length_remaining(tvb, offset); + end_offset = offset + len; + } + if ((int)len <= 0) { + proto_tree_add_expert_format( + parent_tree, actx->pinfo, &ei_ber_constr_bitstr, tvb, offset, len, + "BER Error: dissect_ber_constrained_bitstring(): frame:%u offset:%d Was passed an illegal length of %d", + actx->pinfo->num, offset, len); + return offset; + } + actx->created_item = NULL; + + if (pc) { + /* constructed */ + /* TO DO */ + } else { + /* primitive */ + pad = tvb_get_guint8(tvb, offset); + /* 8.6.2.4 If a bitstring value has no 1 bits, then an encoder (as a sender's option) + * may encode the value with a length of 1 and with an initial octet set to 0 + * or may encode it as a bit string with one or more 0 bits following the initial octet. + */ + if ((pad == 0) && (len == 1)) { + /* empty */ + item = proto_tree_add_item(parent_tree, hf_id, tvb, offset, len, ENC_BIG_ENDIAN); + actx->created_item = item; + proto_tree_add_item(parent_tree, hf_ber_bitstring_empty, tvb, offset, 1, ENC_BIG_ENDIAN); + if (out_tvb) { + *out_tvb = ber_tvb_new_subset_length(tvb, offset, len); + } + ber_check_length(8 * len - pad, min_len, max_len, actx, item, TRUE); + return end_offset; + } else { + /* padding */ + proto_item *pad_item = proto_tree_add_item(parent_tree, hf_ber_bitstring_padding, tvb, offset, 1, ENC_BIG_ENDIAN); + if (pad > 7) { + expert_add_info_format( + actx->pinfo, pad_item, &ei_ber_illegal_padding, + "Illegal padding (0 .. 7): %d", pad); + } + } + offset++; + len--; + if (hf_id >= 0) { + item = proto_tree_add_item(parent_tree, hf_id, tvb, offset, len, ENC_NA); + actx->created_item = item; + if (named_bits) { + guint8 *bitstring = (guint8 *)tvb_memdup(wmem_packet_scope(), tvb, offset, len); + const int named_bits_bytelen = (num_named_bits + 7) / 8; + if (show_internal_ber_fields) { + if (len < named_bits_bytelen) { + guint zero_bits_omitted = num_named_bits - ((len * 8) - pad); + proto_item_append_text(item, " [%u zero bits not encoded, but displayed]", zero_bits_omitted); + } + } + if (ett_id != -1) { + tree = proto_item_add_subtree(item, ett_id); + } + for (int i = 0; i < named_bits_bytelen; i++) { + // Process 8 bits at a time instead of 64, each field masks a + // single byte. + const int bit_offset = 8 * i; + int* const* section_named_bits = named_bits + bit_offset; + int* flags[9]; + if (num_named_bits - bit_offset > 8) { + memcpy(&flags[0], named_bits + bit_offset, 8 * sizeof(int*)); + flags[8] = NULL; + section_named_bits = (int* const*)flags; + } + + // If less data is available than the number of named bits, then + // the trailing (right) bits are assumed to be 0. + guint64 value = 0; + if (i < len) { + value = bitstring[i]; + if (num_named_bits - bit_offset > 7) { + bitstring[i] = 0; + } else { + bitstring[i] &= 0xff >> (num_named_bits - bit_offset); + } + } + + // TODO should non-zero pad bits be masked from the value? + // When trailing zeroes are not present in the data, mark the + // last byte for the lack of a better alternative. + proto_tree_add_bitmask_list_value(tree, tvb, offset + MIN(i, len - 1), 1, section_named_bits, value); + } + // If more data is available than the number of named bits, then + // either the spec was updated or the packet is malformed. + for (int i = 0; i < len; i++) { + if (bitstring[i]) { + expert_add_info_format(actx->pinfo, item, &ei_ber_bits_unknown, "Unknown bit(s): 0x%s", + bytes_to_str(wmem_packet_scope(), bitstring, len)); + break; + } + } + } + } + if (out_tvb) { + *out_tvb = ber_tvb_new_subset_length(tvb, offset, len); + } + } + + + if ((pad > 0) && (pad < 8) && (len > 0)) { + guint8 bits_in_pad = tvb_get_guint8(tvb, offset + len - 1) & (0xFF >> (8 - pad)); + if (bits_in_pad) { + expert_add_info_format( + actx->pinfo, item, &ei_ber_bits_set_padded, + "Bits set in padded area: 0x%02x", bits_in_pad); + } + } + + ber_check_length(8 * len - pad, min_len, max_len, actx, item, TRUE); + + return end_offset; +} + + +int +dissect_ber_bitstring(bool implicit_tag, asn1_ctx_t *actx, proto_tree *parent_tree, tvbuff_t *tvb, int offset, int * const *named_bits, gint num_named_bits, gint hf_id, gint ett_id, tvbuff_t **out_tvb) +{ + return dissect_ber_constrained_bitstring(implicit_tag, actx, parent_tree, tvb, offset, -1, -1, named_bits, num_named_bits, hf_id, ett_id, out_tvb); +} + +/* + * 8.18 Encoding of a value of the external type + * 8.18.1 The encoding of a value of the external type shall be the BER encoding of the following + * sequence type, assumed to be defined in an environment of EXPLICIT TAGS, + * with a value as specified in the subclauses below: + * + * [UNIVERSAL 8] IMPLICIT SEQUENCE { + * direct-reference OBJECT IDENTIFIER OPTIONAL, + * indirect-reference INTEGER OPTIONAL, + * data-value-descriptor ObjectDescriptor OPTIONAL, + * encoding CHOICE { + * single-ASN1-type [0] ABSTRACT-SYNTAX.&Type, + * octet-aligned [1] IMPLICIT OCTET STRING, + * arbitrary [2] IMPLICIT BIT STRING } } + * + */ + +static int +dissect_ber_INTEGER(bool implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index) { + offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, + &actx->external.indirect_reference); + actx->external.indirect_ref_present = TRUE; + + return offset; +} + +static int +dissect_ber_T_octet_aligned(bool implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index) +{ + if (actx->external.u.ber.ber_callback) { + offset = actx->external.u.ber.ber_callback(FALSE, tvb, offset, actx, tree, hf_index); + } else if (actx->external.direct_ref_present && + dissector_get_string_handle(ber_oid_dissector_table, actx->external.direct_reference)) { + offset = call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); + } else { + offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, &actx->external.octet_aligned); + } + + return offset; +} +static int +dissect_ber_OBJECT_IDENTIFIER(bool implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index) +{ + DISSECTOR_ASSERT(actx); + offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_index, &actx->external.direct_reference); + actx->external.direct_ref_present = TRUE; + + return offset; +} + +static int +dissect_ber_ObjectDescriptor(bool implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index) +{ + DISSECTOR_ASSERT(actx); + offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_ObjectDescriptor, + actx, tree, tvb, offset, hf_index, + &actx->external.data_value_descriptor); + + return offset; +} + +static int +dissect_ber_T_single_ASN1_type(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index) +{ + if (actx->external.u.ber.ber_callback) { + offset = actx->external.u.ber.ber_callback(FALSE, tvb, offset, actx, tree, hf_index); + } else { + offset = call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); + } + + return offset; +} + +static int +dissect_ber_T_arbitrary(bool implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index) +{ + if (actx->external.u.ber.ber_callback) { + offset = actx->external.u.ber.ber_callback(FALSE, tvb, offset, actx, tree, hf_index); + } else { + offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, + NULL, 0, hf_index, -1, &actx->external.arbitrary); + } + + return offset; +} + +static const value_string ber_T_encoding_vals[] = { + { 0, "single-ASN1-type" }, + { 1, "octet-aligned" }, + { 2, "arbitrary" }, + { 0, NULL } +}; + +static const ber_choice_t T_encoding_choice[] = { + { 0, &hf_ber_single_ASN1_type, BER_CLASS_CON, 0, 0, dissect_ber_T_single_ASN1_type }, + { 1, &hf_ber_octet_aligned , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ber_T_octet_aligned }, + { 2, &hf_ber_arbitrary , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ber_T_arbitrary }, + { 0, NULL, 0, 0, 0, NULL } +}; + + +static int +dissect_ber_T_encoding(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index) { + // This assertion is used to remove clang's warning. + DISSECTOR_ASSERT(actx); + offset = dissect_ber_choice(actx, tree, tvb, offset, + T_encoding_choice, hf_index, ett_ber_T_encoding, + &actx->external.encoding); + + return offset; +} + + +static const ber_sequence_t external_U_sequence[] = { + { &hf_ber_direct_reference, BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ber_OBJECT_IDENTIFIER }, + { &hf_ber_indirect_reference, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ber_INTEGER }, + { &hf_ber_data_value_descriptor, BER_CLASS_UNI, BER_UNI_TAG_ObjectDescriptor, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ber_ObjectDescriptor }, + { &hf_ber_encoding, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ber_T_encoding }, + { NULL, 0, 0, 0, NULL } +}; +static int +dissect_ber_external_U(bool implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx , proto_tree *tree, int hf_index) +{ + offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, + external_U_sequence, hf_index, ett_ber_EXTERNAL); + + return offset; +} + +int +dissect_ber_external_type(bool implicit_tag, proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, gint hf_id, ber_callback func) { + + actx->external.u.ber.ber_callback = func; + + offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, + hf_id, BER_CLASS_UNI, BER_UNI_TAG_EXTERNAL, TRUE, dissect_ber_external_U); + + asn1_ctx_clean_external(actx); + + return offset; +} +/* Experimental */ +int +dissect_ber_EmbeddedPDV_Type(bool implicit_tag, proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, gint hf_id, ber_callback func _U_) { + + + offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, + hf_id, BER_CLASS_UNI, BER_UNI_TAG_EMBEDDED_PDV, TRUE, dissect_ber_external_U); + + return offset; +} + +static int +dissect_ber_syntax(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) +{ + return dissect_unknown_ber(pinfo, tvb, 0, tree); +} + +static int +dissect_ber_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const char *syntax) +{ + const char *name; + int offset; + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "BER"); + + col_set_str(pinfo->cinfo, COL_DEF_SRC, "BER encoded value"); + + if (!syntax) { + + /* if we got here we couldn't find anything better */ + col_set_str(pinfo->cinfo, COL_INFO, "Unknown BER"); + + offset = dissect_unknown_ber(pinfo, tvb, 0, tree); + + } else { + + offset = call_ber_syntax_callback(syntax, tvb, 0, pinfo, tree); + + /* see if we have a better name */ + name = get_ber_oid_syntax(syntax); + col_add_fstr(pinfo->cinfo, COL_INFO, "Decoded as %s", name ? name : syntax); + } + + return offset; +} + +static int +dissect_ber(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + return dissect_ber_common(tvb, pinfo, tree, decode_as_syntax); +} + +static int +dissect_ber_file(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + struct ber_phdr *ber = (struct ber_phdr *)data; + const char *ptr; + const char *file_syntax = NULL; + + if ((ptr = strrchr(ber->pathname, '.')) != NULL) + file_syntax = get_ber_oid_syntax(ptr); + return dissect_ber_common(tvb, pinfo, tree, file_syntax); +} + +bool +oid_has_dissector(const char *oid) { + return(dissector_get_string_handle(ber_oid_dissector_table, oid) != NULL); +} + +static void +ber_shutdown(void) +{ + g_hash_table_destroy(syntax_table); +} + +void +proto_register_ber(void) +{ + static hf_register_info hf[] = { + { &hf_ber_id_class, { + "Class", "ber.id.class", FT_UINT8, BASE_DEC, + VALS(ber_class_codes), 0xc0, "Class of BER TLV Identifier", HFILL }}, + { &hf_ber_bitstring_padding, { + "Padding", "ber.bitstring.padding", FT_UINT8, BASE_DEC, + NULL, 0x0, "Number of unused bits in the last octet of the bitstring", HFILL }}, + { &hf_ber_bitstring_empty, { + "Empty", "ber.bitstring.empty", FT_UINT8, BASE_DEC, + NULL, 0x0, "This is an empty bitstring", HFILL }}, + { &hf_ber_id_pc, { + "P/C", "ber.id.pc", FT_BOOLEAN, 8, + TFS(&ber_pc_codes), 0x20, "Primitive or Constructed BER encoding", HFILL }}, + { &hf_ber_id_uni_tag, { + "Tag", "ber.id.uni_tag", FT_UINT8, BASE_DEC|BASE_EXT_STRING, + &ber_uni_tag_codes_ext, 0x1f, "Universal tag type", HFILL }}, + { &hf_ber_id_uni_tag_ext, { + "Tag", "ber.id.uni_tag", FT_UINT32, BASE_DEC, + NULL, 0, "Universal tag type", HFILL }}, + { &hf_ber_id_tag, { + "Tag", "ber.id.tag", FT_UINT8, BASE_DEC, + NULL, 0x1f, "Tag value for non-Universal classes", HFILL }}, + { &hf_ber_id_tag_ext, { + "Tag", "ber.id.tag", FT_UINT32, BASE_DEC, + NULL, 0, "Tag value for non-Universal classes", HFILL }}, + { &hf_ber_length_octets, { + "Length Octets", "ber.length_octets", FT_UINT8, BASE_DEC, + NULL, 0, "Number of length octets", HFILL }}, + { &hf_ber_length, { + "Length", "ber.length", FT_UINT32, BASE_DEC, + NULL, 0, "Length of contents", HFILL }}, + { &hf_ber_unknown_OCTETSTRING, { + "OCTETSTRING", "ber.unknown.OCTETSTRING", FT_BYTES, BASE_NONE, + NULL, 0, "This is an unknown OCTETSTRING", HFILL }}, + { &hf_ber_unknown_BER_OCTETSTRING, { + "OCTETSTRING [BER encoded]", "ber.unknown.OCTETSTRING", FT_NONE, BASE_NONE, + NULL, 0, "This is an BER encoded OCTETSTRING", HFILL }}, + { &hf_ber_unknown_BER_primitive, { + "Primitive [BER encoded]", "ber.unknown.primitive", FT_NONE, BASE_NONE, + NULL, 0, "This is a BER encoded Primitive", HFILL }}, + { &hf_ber_unknown_OID, { + "OID", "ber.unknown.OID", FT_OID, BASE_NONE, + NULL, 0, "This is an unknown Object Identifier", HFILL }}, + { &hf_ber_unknown_relative_OID, { + "OID", "ber.unknown.relative_OID", FT_REL_OID, BASE_NONE, + NULL, 0, "This is an unknown relative Object Identifier", HFILL }}, + { &hf_ber_unknown_GraphicString, { + "GRAPHICSTRING", "ber.unknown.GRAPHICSTRING", FT_STRING, BASE_NONE, + NULL, 0, "This is an unknown GRAPHICSTRING", HFILL }}, + { &hf_ber_unknown_NumericString, { + "NumericString", "ber.unknown.NumericString", FT_STRING, BASE_NONE, + NULL, 0, "This is an unknown NumericString", HFILL }}, + { &hf_ber_unknown_PrintableString, { + "PrintableString", "ber.unknown.PrintableString", FT_STRING, BASE_NONE, + NULL, 0, "This is an unknown PrintableString", HFILL }}, + { &hf_ber_unknown_TeletexString, { + "TeletexString", "ber.unknown.TeletexString", FT_STRING, BASE_NONE, + NULL, 0, "This is an unknown TeletexString", HFILL }}, + { &hf_ber_unknown_VisibleString, { + "VisibleString", "ber.unknown.VisibleString", FT_STRING, BASE_NONE, + NULL, 0, "This is an unknown VisibleString", HFILL }}, + { &hf_ber_unknown_GeneralString, { + "GeneralString", "ber.unknown.GeneralString", FT_STRING, BASE_NONE, + NULL, 0, "This is an unknown GeneralString", HFILL }}, + { &hf_ber_unknown_UniversalString, { + "UniversalString", "ber.unknown.UniversalString", FT_STRING, BASE_NONE, + NULL, 0, "This is an unknown UniversalString", HFILL }}, + { &hf_ber_unknown_BMPString, { + "BMPString", "ber.unknown.BMPString", FT_STRING, BASE_NONE, + NULL, 0, "This is an unknown BMPString", HFILL }}, + { &hf_ber_unknown_IA5String, { + "IA5String", "ber.unknown.IA5String", FT_STRING, BASE_NONE, + NULL, 0, "This is an unknown IA5String", HFILL }}, + { &hf_ber_unknown_UTCTime, { + "UTCTime", "ber.unknown.UTCTime", FT_STRING, BASE_NONE, + NULL, 0, "This is an unknown UTCTime", HFILL }}, + { &hf_ber_unknown_UTF8String, { + "UTF8String", "ber.unknown.UTF8String", FT_STRING, BASE_NONE, + NULL, 0, "This is an unknown UTF8String", HFILL }}, + { &hf_ber_unknown_GeneralizedTime, { + "GeneralizedTime", "ber.unknown.GeneralizedTime", FT_STRING, BASE_NONE, + NULL, 0, "This is an unknown GeneralizedTime", HFILL }}, + { &hf_ber_unknown_INTEGER, { + "INTEGER", "ber.unknown.INTEGER", FT_INT64, BASE_DEC, + NULL, 0, "This is an unknown INTEGER", HFILL }}, + { &hf_ber_unknown_REAL, { + "REAL", "ber.unknown.REAL", FT_DOUBLE, BASE_NONE, + NULL, 0, "This is an unknown REAL", HFILL }}, + { &hf_ber_unknown_BITSTRING, { + "BITSTRING", "ber.unknown.BITSTRING", FT_BYTES, BASE_NONE, + NULL, 0, "This is an unknown BITSTRING", HFILL }}, + { &hf_ber_unknown_BOOLEAN, { + "BOOLEAN", "ber.unknown.BOOLEAN", FT_UINT8, BASE_HEX, + NULL, 0, "This is an unknown BOOLEAN", HFILL }}, + { &hf_ber_unknown_ENUMERATED, { + "ENUMERATED", "ber.unknown.ENUMERATED", FT_UINT32, BASE_DEC, + NULL, 0, "This is an unknown ENUMERATED", HFILL }}, + { &hf_ber_direct_reference, + { "direct-reference", "ber.direct_reference", + FT_OID, BASE_NONE, NULL, 0, + "ber.OBJECT_IDENTIFIER", HFILL }}, + { &hf_ber_indirect_reference, + { "indirect-reference", "ber.indirect_reference", + FT_INT32, BASE_DEC, NULL, 0, + "ber.INTEGER", HFILL }}, + { &hf_ber_data_value_descriptor, + { "data-value-descriptor", "ber.data_value_descriptor", + FT_STRING, BASE_NONE, NULL, 0, + "ber.ObjectDescriptor", HFILL }}, + { &hf_ber_encoding, + { "encoding", "ber.encoding", + FT_UINT32, BASE_DEC, VALS(ber_T_encoding_vals), 0, + "ber.T_encoding", HFILL }}, + { &hf_ber_octet_aligned, + { "octet-aligned", "ber.octet_aligned", + FT_BYTES, BASE_NONE, NULL, 0, + "ber.T_octet_aligned", HFILL }}, + { &hf_ber_arbitrary, + { "arbitrary", "ber.arbitrary", + FT_BYTES, BASE_NONE, NULL, 0, + "ber.T_arbitrary", HFILL }}, + { &hf_ber_single_ASN1_type, + { "single-ASN1-type", "ber.single_ASN1_type", + FT_NONE, BASE_NONE, NULL, 0, + "ber.T_single_ASN1_type", HFILL }}, + { &hf_ber_extra_data, + { "Extra data", "ber.extra_data", + FT_BYTES, BASE_NONE, NULL, 0, + NULL, HFILL }}, + + /* Fragment entries */ + { &hf_ber_fragments, + { "OCTET STRING fragments", "ber.octet_string.fragments", FT_NONE, BASE_NONE, + NULL, 0x00, NULL, HFILL } }, + { &hf_ber_fragment, + { "OCTET STRING fragment", "ber.octet_string.fragment", FT_FRAMENUM, BASE_NONE, + NULL, 0x00, NULL, HFILL } }, + { &hf_ber_fragment_overlap, + { "OCTET STRING fragment overlap", "ber.octet_string.fragment.overlap", FT_BOOLEAN, + BASE_NONE, NULL, 0x0, NULL, HFILL } }, + { &hf_ber_fragment_overlap_conflicts, + { "OCTET STRING fragment overlapping with conflicting data", + "ber.octet_string.fragment.overlap.conflicts", FT_BOOLEAN, BASE_NONE, NULL, + 0x0, NULL, HFILL } }, + { &hf_ber_fragment_multiple_tails, + { "OCTET STRING has multiple tail fragments", + "ber.octet_string.fragment.multiple_tails", FT_BOOLEAN, BASE_NONE, + NULL, 0x0, NULL, HFILL } }, + { &hf_ber_fragment_too_long_fragment, + { "OCTET STRING fragment too long", "ber.octet_string.fragment.too_long_fragment", + FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, + HFILL } }, + { &hf_ber_fragment_error, + { "OCTET STRING defragmentation error", "ber.octet_string.fragment.error", FT_FRAMENUM, + BASE_NONE, NULL, 0x00, NULL, HFILL } }, + { &hf_ber_fragment_count, + { "OCTET STRING fragment count", "ber.octet_string.fragment.count", FT_UINT32, BASE_DEC, + NULL, 0x00, NULL, HFILL } }, + { &hf_ber_reassembled_in, + { "Reassembled in", "ber.octet_string.reassembled.in", FT_FRAMENUM, BASE_NONE, + NULL, 0x00, NULL, HFILL } }, + { &hf_ber_reassembled_length, + { "Reassembled OCTET STRING length", "ber.octet_string.reassembled.length", FT_UINT32, BASE_DEC, + NULL, 0x00, NULL, HFILL } }, + + /* Generated from convert_proto_tree_add_text.pl */ + { &hf_ber_null_tag, { "NULL tag", "ber.null_tag", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + { &hf_ber_unknown_data, { "Unknown Data", "ber.unknown_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + { &hf_ber_unknown_octetstring, { "Unknown OctetString", "ber.unknown_octetstring", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + { &hf_ber_seq_field_eoc, { "SEQ FIELD EOC", "ber.seq_field_eoc", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + { &hf_ber_seq_eoc, { "SEQ EOC", "ber.seq_eoc", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + { &hf_ber_set_field_eoc, { "SET FIELD EOC", "ber.set_field_eoc", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + { &hf_ber_set_eoc, { "SET EOC", "ber.set_eoc", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + { &hf_ber_choice_eoc, { "CHOICE EOC", "ber.choice_eoc", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + { &hf_ber_seq_of_eoc, { "SEQ OF EOC", "ber.seq_of_eoc", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + { &hf_ber_64bit_uint_as_bytes, { "64bits unsigned integer", "ber.64bit_uint_as_bytes", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + { &hf_ber_encoding_boiler_plate, { "BER encoded protocol, to see BER internal fields set protocol BER preferences", "ber.encoding_boiler_plate", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + }; + + static gint *ett[] = { + &ett_ber_octet_string, + &ett_ber_reassembled_octet_string, + &ett_ber_primitive, + &ett_ber_unknown, + &ett_ber_SEQUENCE, + &ett_ber_EXTERNAL, + &ett_ber_T_encoding, + &ett_ber_fragment, + &ett_ber_fragments + }; + static ei_register_info ei[] = { + { &ei_ber_size_constraint_string, { "ber.size_constraint.string", PI_PROTOCOL, PI_WARN, "Size constraint: string", EXPFILL }}, + { &ei_ber_size_constraint_value, { "ber.size_constraint.value", PI_PROTOCOL, PI_WARN, "Size constraint: values", EXPFILL }}, + { &ei_ber_size_constraint_items, { "ber.size_constraint.items", PI_PROTOCOL, PI_WARN, "Size constraint: items", EXPFILL }}, + { &ei_ber_sequence_field_wrong, { "ber.error.sequence.field_wrong", PI_MALFORMED, PI_WARN, "BER Error: Wrong field in SEQUENCE", EXPFILL }}, + { &ei_ber_expected_octet_string, { "ber.error.expected.octet_string", PI_MALFORMED, PI_WARN, "BER Error: OctetString expected", EXPFILL }}, + { &ei_ber_expected_null, { "ber.error.expected.null", PI_MALFORMED, PI_WARN, "BER Error: NULL expected", EXPFILL }}, + { &ei_ber_expected_null_zero_length, { "ber.error.expected.null_zero_length", PI_MALFORMED, PI_WARN, "BER Error: NULL type expects zero length data", EXPFILL }}, + { &ei_ber_expected_sequence, { "ber.error.expected.sequence", PI_MALFORMED, PI_WARN, "BER Error: Sequence expected", EXPFILL }}, + { &ei_ber_expected_set, { "ber.error.expected.set", PI_MALFORMED, PI_WARN, "BER Error: SET expected", EXPFILL }}, + { &ei_ber_expected_string, { "ber.error.expected.string", PI_MALFORMED, PI_WARN, "BER Error: String expected", EXPFILL }}, + { &ei_ber_expected_object_identifier, { "ber.error.expected.object_identifier", PI_MALFORMED, PI_WARN, "BER Error: Object Identifier expected", EXPFILL }}, + { &ei_ber_expected_generalized_time, { "ber.error.expected.generalized_time", PI_MALFORMED, PI_WARN, "BER Error: GeneralizedTime expected", EXPFILL }}, + { &ei_ber_expected_utc_time, { "ber.error.expected.utc_time", PI_MALFORMED, PI_WARN, "BER Error: UTCTime expected", EXPFILL }}, + { &ei_ber_expected_bitstring, { "ber.error.expected.bitstring", PI_MALFORMED, PI_WARN, "BER Error: BitString expected", EXPFILL }}, + { &ei_ber_error_length, { "ber.error.length", PI_MALFORMED, PI_WARN, "BER Error: length is not valid", EXPFILL }}, + { &ei_ber_wrong_tag_in_tagged_type, { "ber.error.wrong_tag_in_tagged_type", PI_MALFORMED, PI_WARN, "BER Error: Wrong tag in tagged type", EXPFILL }}, + { &ei_ber_universal_tag_unknown, { "ber.error.universal_tag_unknown", PI_MALFORMED, PI_WARN, "BER Error: can not handle universal", EXPFILL }}, + { &ei_ber_no_oid, { "ber.error.no_oid", PI_MALFORMED, PI_WARN, "BER Error: No OID supplied to call_ber_oid_callback", EXPFILL }}, + { &ei_ber_oid_not_implemented, { "ber.error.oid_not_implemented", PI_UNDECODED, PI_WARN, "BER: Dissector for OID not implemented. Contact Wireshark developers if you want this supported", EXPFILL }}, + { &ei_ber_syntax_not_implemented, { "ber.error.syntax_not_implemented", PI_UNDECODED, PI_WARN, "BER: Dissector for syntax not implemented", EXPFILL }}, + { &ei_ber_value_too_many_bytes, { "ber.error.value_too_many_bytes", PI_MALFORMED, PI_WARN, "Value is encoded with too many bytes", EXPFILL }}, + { &ei_ber_unknown_field_sequence, { "ber.error.unknown_field.sequence", PI_MALFORMED, PI_WARN, "BER Error: Unknown field in Sequence", EXPFILL }}, + { &ei_ber_unknown_field_set, { "ber.error.unknown_field.set", PI_MALFORMED, PI_WARN, "BER Error: Unknown field in SET", EXPFILL }}, + { &ei_ber_missing_field_set, { "ber.error.missing_field.set", PI_MALFORMED, PI_WARN, "BER Error: Missing field in SET", EXPFILL }}, + { &ei_ber_empty_choice, { "ber.error.empty_choice", PI_MALFORMED, PI_WARN, "BER Error: Empty choice was found", EXPFILL }}, + { &ei_ber_choice_not_found, { "ber.error.choice_not_found", PI_MALFORMED, PI_WARN, "BER Error: This choice field was not found", EXPFILL }}, + { &ei_ber_bits_unknown, { "ber.error.bits_unknown", PI_UNDECODED, PI_WARN, "BER Error: Bits unknown", EXPFILL }}, + { &ei_ber_bits_set_padded, { "ber.error.bits_set_padded", PI_UNDECODED, PI_WARN, "BER Error: Bits set in padded area", EXPFILL }}, + { &ei_ber_illegal_padding, { "ber.error.illegal_padding", PI_UNDECODED, PI_WARN, "Illegal padding", EXPFILL }}, + { &ei_ber_invalid_format_generalized_time, { "ber.error.invalid_format.generalized_time", PI_MALFORMED, PI_WARN, "BER Error: GeneralizedTime invalid format", EXPFILL }}, + { &ei_ber_invalid_format_utctime, { "ber.error.invalid_format.utctime", PI_MALFORMED, PI_WARN, "BER Error: malformed UTCTime encoding", EXPFILL }}, + { &ei_hf_field_not_integer_type, { "ber.error.hf_field_not_integer_type", PI_PROTOCOL, PI_ERROR, "Was passed a HF field that was not integer type", EXPFILL }}, + { &ei_ber_constr_bitstr,{ "ber.error.constr_bitstr.len", PI_MALFORMED, PI_WARN, "BER Error: malformed Bitstring encoding", EXPFILL } }, + { &ei_ber_real_not_primitive,{ "ber.error.not_primitive.real", PI_MALFORMED, PI_WARN, "BER Error: REAL class not encoded as primitive", EXPFILL } }, + }; + + /* Decode As handling */ + static build_valid_func ber_da_build_value[1] = {ber_value}; + static decode_as_value_t ber_da_values = {ber_prompt, 1, ber_da_build_value}; + static decode_as_t ber_da = {"ber", "ber.syntax", 1, 0, &ber_da_values, NULL, NULL, + ber_populate_list, ber_decode_as_reset, ber_decode_as_change, NULL}; + + module_t *ber_module; + expert_module_t* expert_ber; + uat_t* users_uat = uat_new("OID Tables", + sizeof(oid_user_t), + "oid", + FALSE, + &oid_users, + &num_oid_users, + UAT_AFFECTS_DISSECTION, /* affects dissection of packets, but not set of named fields */ + "ChObjectIdentifiers", + oid_copy_cb, + NULL, + oid_free_cb, + ber_update_oids, + NULL, + users_flds); + + proto_ber = proto_register_protocol("Basic Encoding Rules (ASN.1 X.690)", "BER", "ber"); + + ber_handle = register_dissector("ber", dissect_ber, proto_ber); + ber_file_handle = register_dissector("ber_file", dissect_ber_file, proto_ber); + + proto_register_field_array(proto_ber, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + expert_ber = expert_register_protocol(proto_ber); + expert_register_field_array(expert_ber, ei, array_length(ei)); + + proto_set_cant_toggle(proto_ber); + + /* Register preferences */ + ber_module = prefs_register_protocol(proto_ber, NULL); + + prefs_register_bool_preference(ber_module, "show_internals", + "Show internal BER encapsulation tokens", + "Whether the dissector should also display internal" + " ASN.1 BER details such as Identifier and Length fields", &show_internal_ber_fields); + prefs_register_bool_preference(ber_module, "decode_unexpected", + "Decode unexpected tags as BER encoded data", + "Whether the dissector should decode unexpected tags as" + " ASN.1 BER encoded data", &decode_unexpected); + prefs_register_bool_preference(ber_module, "decode_octetstring", + "Decode OCTET STRING as BER encoded data", + "Whether the dissector should try decoding OCTET STRINGs as" + " constructed ASN.1 BER encoded data", &decode_octetstring_as_ber); + + prefs_register_bool_preference(ber_module, "decode_primitive", + "Decode Primitive as BER encoded data", + "Whether the dissector should try decoding unknown primitive as" + " constructed ASN.1 BER encoded data", &decode_primitive_as_ber); + + prefs_register_bool_preference(ber_module, "warn_too_many_bytes", + "Warn if too many leading zero bits in encoded data", + "Whether the dissector should warn if excessive leading zero (0) bits", + &decode_warning_leading_zero_bits); + + prefs_register_uat_preference(ber_module, "oid_table", "Object Identifiers", + "A table that provides names for object identifiers" + " and the syntax of any associated values", + users_uat); + + ber_oid_dissector_table = register_dissector_table("ber.oid", "BER OID", proto_ber, FT_STRING, STRING_CASE_SENSITIVE); + ber_syntax_dissector_table = register_dissector_table("ber.syntax", "BER syntax", proto_ber, FT_STRING, STRING_CASE_SENSITIVE); + syntax_table = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free); /* oid to syntax */ + + register_ber_syntax_dissector("ASN.1", proto_ber, dissect_ber_syntax); + + reassembly_table_register(&octet_segment_reassembly_table, + &addresses_reassembly_table_functions); + + register_shutdown_routine(ber_shutdown); + + register_decode_as(&ber_da); +} + +void +proto_reg_handoff_ber(void) +{ + guint i = 1; + + oid_add_from_string("asn1", "2.1"); + oid_add_from_string("basic-encoding", "2.1.1"); + + ber_decode_as_foreach(ber_add_syntax_name, &i); + + if (i > 1) + qsort(&syntax_names[1], i - 1, sizeof(value_string), cmp_value_string); + syntax_names[i].value = 0; + syntax_names[i].strptr = NULL; + + /* allow the dissection of BER/DER carried over a TCP/UDP transport + by using "Decode As..." */ + dissector_add_for_decode_as_with_preference("tcp.port", ber_handle); + dissector_add_for_decode_as_with_preference("udp.port", ber_handle); + + ber_update_oids(); + + dissector_add_uint("wtap_encap", WTAP_ENCAP_BER, ber_file_handle); +} + +/* + * Editor modelines - https://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 4 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * vi: set shiftwidth=4 tabstop=8 expandtab: + * :indentSize=4:tabSize=8:noTabs=true: + */ |