From e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 10 Apr 2024 22:34:10 +0200 Subject: Adding upstream version 4.2.2. Signed-off-by: Daniel Baumann --- epan/dissectors/asn1/pkixac/CMakeLists.txt | 42 +++++ .../asn1/pkixac/PKIXAttributeCertificate.asn | 200 +++++++++++++++++++++ .../asn1/pkixac/packet-pkixac-template.c | 74 ++++++++ .../asn1/pkixac/packet-pkixac-template.h | 20 +++ epan/dissectors/asn1/pkixac/pkixac.cnf | 63 +++++++ 5 files changed, 399 insertions(+) create mode 100644 epan/dissectors/asn1/pkixac/CMakeLists.txt create mode 100644 epan/dissectors/asn1/pkixac/PKIXAttributeCertificate.asn create mode 100644 epan/dissectors/asn1/pkixac/packet-pkixac-template.c create mode 100644 epan/dissectors/asn1/pkixac/packet-pkixac-template.h create mode 100644 epan/dissectors/asn1/pkixac/pkixac.cnf (limited to 'epan/dissectors/asn1/pkixac') diff --git a/epan/dissectors/asn1/pkixac/CMakeLists.txt b/epan/dissectors/asn1/pkixac/CMakeLists.txt new file mode 100644 index 00000000..a6efdb01 --- /dev/null +++ b/epan/dissectors/asn1/pkixac/CMakeLists.txt @@ -0,0 +1,42 @@ +# CMakeLists.txt +# +# Wireshark - Network traffic analyzer +# By Gerald Combs +# Copyright 1998 Gerald Combs +# +# SPDX-License-Identifier: GPL-2.0-or-later +# + +set( PROTOCOL_NAME pkixac ) + +set( PROTO_OPT ) + +set( EXT_ASN_FILE_LIST +) + +set( ASN_FILE_LIST + PKIXAttributeCertificate.asn +) + +set( EXTRA_DIST + ${ASN_FILE_LIST} + packet-${PROTOCOL_NAME}-template.c + packet-${PROTOCOL_NAME}-template.h + ${PROTOCOL_NAME}.cnf +) + +set( SRC_FILES + ${EXTRA_DIST} + ${EXT_ASN_FILE_LIST} +) + +set( A2W_FLAGS -b ) + +set( EXTRA_CNF + ../pkix1explicit/pkix1explicit_exp.cnf + ../pkix1implicit/pkix1implicit_exp.cnf + "${CMAKE_CURRENT_BINARY_DIR}/../x509af/x509af-exp.cnf" + "${CMAKE_CURRENT_BINARY_DIR}/../x509ce/x509ce-exp.cnf" +) + +ASN2WRS() diff --git a/epan/dissectors/asn1/pkixac/PKIXAttributeCertificate.asn b/epan/dissectors/asn1/pkixac/PKIXAttributeCertificate.asn new file mode 100644 index 00000000..5a99c7dd --- /dev/null +++ b/epan/dissectors/asn1/pkixac/PKIXAttributeCertificate.asn @@ -0,0 +1,200 @@ +PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-attribute-cert(12)} + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL -- + +IMPORTS + + -- IMPORTed module OIDs MAY change if [PKIXPROF] changes + -- PKIX Certificate Extensions + Attribute, AlgorithmIdentifier, CertificateSerialNumber, + Extensions, UniqueIdentifier, + id-pkix, id-pe, id-kp, id-ad, id-at + FROM PKIX1Explicit88 {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) + pkix(7) id-mod(0) id-pkix1-explicit-88(1)} + + GeneralName, GeneralNames, id-ce + FROM CertificateExtensions {joint-iso-itu-t ds(5) module(1) + certificateExtensions(26) 5} ; +-- FROM PKIX1Implicit88 {iso(1) identified-organization(3) +-- dod(6) internet(1) security(5) mechanisms(5) +-- pkix(7) id-mod(0) id-pkix1-implicit-88(2)} ; + +id-pe-ac-auditIdentity OBJECT IDENTIFIER ::= { id-pe 4 } +id-pe-aaControls OBJECT IDENTIFIER ::= { id-pe 6 } +id-pe-ac-proxying OBJECT IDENTIFIER ::= { id-pe 10 } +id-ce-targetInformation OBJECT IDENTIFIER ::= { id-ce 55 } + +id-aca OBJECT IDENTIFIER ::= { id-pkix 10 } +id-aca-authenticationInfo OBJECT IDENTIFIER ::= { id-aca 1 } +id-aca-accessIdentity OBJECT IDENTIFIER ::= { id-aca 2 } +id-aca-chargingIdentity OBJECT IDENTIFIER ::= { id-aca 3 } +id-aca-group OBJECT IDENTIFIER ::= { id-aca 4 } +-- { id-aca 5 } is reserved +id-aca-encAttrs OBJECT IDENTIFIER ::= { id-aca 6 } + +id-at-role OBJECT IDENTIFIER ::= { id-at 72} +id-at-clearance OBJECT IDENTIFIER ::= + { joint-iso-ccitt(2) ds(5) module(1) + selected-attribute-types(5) clearance (55) } + + -- Uncomment this if using a 1988 level ASN.1 compiler + -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING + + AttributeCertificate ::= SEQUENCE { + acinfo AttributeCertificateInfo, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING + } + + AttributeCertificateInfo ::= SEQUENCE { + version AttCertVersion, -- version is v2 + holder Holder, + issuer AttCertIssuer, + signature AlgorithmIdentifier, + serialNumber CertificateSerialNumber, + attrCertValidityPeriod AttCertValidityPeriod, + attributes SEQUENCE OF Attribute, + issuerUniqueID UniqueIdentifier OPTIONAL, + extensions Extensions OPTIONAL + } + + AttCertVersion ::= INTEGER { v2(1) } + + Holder ::= SEQUENCE { + baseCertificateID [0] IssuerSerial OPTIONAL, + -- the issuer and serial number of + -- the holder's Public Key Certificate + entityName [1] GeneralNames OPTIONAL, + -- the name of the claimant or role + objectDigestInfo [2] ObjectDigestInfo OPTIONAL + -- used to directly authenticate the + -- holder, for example, an executable + } + + ObjectDigestInfo ::= SEQUENCE { + digestedObjectType ENUMERATED { + publicKey (0), + publicKeyCert (1), + otherObjectTypes (2) }, + -- otherObjectTypes MUST NOT + -- MUST NOT be used in this profile + otherObjectTypeID OBJECT IDENTIFIER OPTIONAL, + digestAlgorithm AlgorithmIdentifier, + objectDigest BIT STRING + } + + AttCertIssuer ::= CHOICE { + v1Form GeneralNames, -- MUST NOT be used in this + -- profile + v2Form [0] V2Form -- v2 only + } + + V2Form ::= SEQUENCE { + issuerName GeneralNames OPTIONAL, + baseCertificateID [0] IssuerSerial OPTIONAL, + objectDigestInfo [1] ObjectDigestInfo OPTIONAL + -- issuerName MUST be present in this profile + -- baseCertificateID and objectDigestInfo MUST + -- NOT be present in this profile + } + + IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serial CertificateSerialNumber, + issuerUID UniqueIdentifier OPTIONAL + } + + AttCertValidityPeriod ::= SEQUENCE { + notBeforeTime GeneralizedTime, + notAfterTime GeneralizedTime + } + + Targets ::= SEQUENCE OF Target + + Target ::= CHOICE { + targetName [0] GeneralName, + targetGroup [1] GeneralName, + targetCert [2] TargetCert + } + + TargetCert ::= SEQUENCE { + targetCertificate IssuerSerial, + targetName GeneralName OPTIONAL, + certDigestInfo ObjectDigestInfo OPTIONAL + } + + IetfAttrSyntax ::= SEQUENCE { + policyAuthority[0] GeneralNames OPTIONAL, + values SEQUENCE OF CHOICE { + octets OCTET STRING, + oid OBJECT IDENTIFIER, + string UTF8String + } + } + + SvceAuthInfo ::= SEQUENCE { + service GeneralName, + ident GeneralName, + authInfo OCTET STRING OPTIONAL + } + + RoleSyntax ::= SEQUENCE { + roleAuthority [0] GeneralNames OPTIONAL, + roleName [1] GeneralName + } + + Clearance ::= SEQUENCE { + policyId OBJECT IDENTIFIER, + classList ClassList DEFAULT {unclassified}, + securityCategories + SET OF SecurityCategory OPTIONAL + } + + RFC3281Clearance ::= SEQUENCE { + policyId [0] OBJECT IDENTIFIER, + classList [1] ClassList DEFAULT {unclassified}, + securityCategories + [2] SET OF SecurityCategory OPTIONAL + } + + + ClassList ::= BIT STRING { + unmarked (0), + unclassified (1), + restricted (2), + confidential (3), + secret (4), + topSecret (5) + } + + SecurityCategory ::= SEQUENCE { + type [0] IMPLICIT OBJECT IDENTIFIER, + value [1] ANY DEFINED BY type + } + + AAControls ::= SEQUENCE { + pathLenConstraint INTEGER (0..MAX) OPTIONAL, + permittedAttrs [0] AttrSpec OPTIONAL, + excludedAttrs [1] AttrSpec OPTIONAL, + permitUnSpecified BOOLEAN DEFAULT TRUE + } + + AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER + + ACClearAttrs ::= SEQUENCE { + acIssuer GeneralName, + acSerial INTEGER, + attrs SEQUENCE OF Attribute + } + + ProxyInfo ::= SEQUENCE OF Targets + +END + diff --git a/epan/dissectors/asn1/pkixac/packet-pkixac-template.c b/epan/dissectors/asn1/pkixac/packet-pkixac-template.c new file mode 100644 index 00000000..e66153fa --- /dev/null +++ b/epan/dissectors/asn1/pkixac/packet-pkixac-template.c @@ -0,0 +1,74 @@ +/* packet-pkixac.c + * + * Routines for PKIXAttributeCertificate (RFC3281) packet dissection. + * + * Copyright 2010, Stig Bjorlykke + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "config.h" + +#include + +#include +#include "packet-ber.h" +#include "packet-pkixac.h" +#include "packet-pkix1explicit.h" +#include "packet-pkix1implicit.h" +#include "packet-x509ce.h" + +#define PNAME "PKIX Attribute Certificate" +#define PSNAME "PKIXAC" +#define PFNAME "pkixac" + +void proto_register_pkixac(void); +void proto_reg_handoff_pkixac(void); + +/* Initialize the protocol and registered fields */ +static int proto_pkixac = -1; +#include "packet-pkixac-hf.c" + +/* Initialize the subtree pointers */ +static gint ett_pkixac = -1; +#include "packet-pkixac-ett.c" + +static const char *object_identifier_id; + +#include "packet-pkixac-fn.c" + +/*--- proto_register_pkixac ----------------------------------------------*/ +void proto_register_pkixac(void) { + + /* List of fields */ + static hf_register_info hf[] = { +#include "packet-pkixac-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + &ett_pkixac, +#include "packet-pkixac-ettarr.c" + }; + + /* Register protocol */ + proto_pkixac = proto_register_protocol(PNAME, PSNAME, PFNAME); + + /* Register fields and subtrees */ + proto_register_field_array(proto_pkixac, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + +#include "packet-pkixac-syn-reg.c" + +} + + +/*--- proto_reg_handoff_pkixac -------------------------------------------*/ +void proto_reg_handoff_pkixac(void) { +#include "packet-pkixac-dis-tab.c" +} + diff --git a/epan/dissectors/asn1/pkixac/packet-pkixac-template.h b/epan/dissectors/asn1/pkixac/packet-pkixac-template.h new file mode 100644 index 00000000..ee14e4eb --- /dev/null +++ b/epan/dissectors/asn1/pkixac/packet-pkixac-template.h @@ -0,0 +1,20 @@ +/* packet-pkixac.h + * + * Routines for PKIXAttributeCertificate (RFC3281) packet dissection. + * + * Copyright 2010, Stig Bjorlykke + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef PACKET_PKIXAC_H +#define PACKET_PKIXAC_H + +/*#include "packet-pkixac-exp.h"*/ + +#endif /* PACKET_PKIXAC_H */ + diff --git a/epan/dissectors/asn1/pkixac/pkixac.cnf b/epan/dissectors/asn1/pkixac/pkixac.cnf new file mode 100644 index 00000000..0ff6ed52 --- /dev/null +++ b/epan/dissectors/asn1/pkixac/pkixac.cnf @@ -0,0 +1,63 @@ +# pkixac.cnf +# An Internet Attribute Certificate (RFC3281) conformation file + +#.MODULE_IMPORT +PKIX1Explicit88 pkix1explicit +PKIX1Implicit88 pkix1implicit +CertificateExtensions x509ce + +#.IMPORT ../pkix1explicit/pkix1explicit_exp.cnf +#.IMPORT ../pkix1implicit/pkix1implicit_exp.cnf +#.IMPORT ../x509ce/x509ce-exp.cnf + +#.OMIT_ASSIGNMENT +ACClearAttrs +AttributeCertificate +AttributeCertificateInfo +AttCertVersion +Holder +AttCertIssuer +AttCertValidityPeriod +V2Form + +#.EXPORTS + +#.PDU + +#.NO_EMIT + +#.TYPE_RENAME + +#.FIELD_RENAME + +#.SYNTAX +Clearance +RFC3281Clearance + +#.REGISTER +AAControls B "1.3.6.1.5.5.7.1.6" "id-pe-aaControls" +ProxyInfo B "1.3.6.1.5.5.7.1.10" "id-pe-ac-proxying" +SvceAuthInfo B "1.3.6.1.5.5.7.10.1" "id-aca-authenticationInfo" +SvceAuthInfo B "1.3.6.1.5.5.7.10.2" "id-aca-accessIdentity" +IetfAttrSyntax B "1.3.6.1.5.5.7.10.3" "id-aca-chargingIdentity" +IetfAttrSyntax B "1.3.6.1.5.5.7.10.4" "id-aca-group" +Clearance B "2.5.1.5.55" "id-at-clearance" +Clearance B "2.5.4.55" "id-at-clearance" +#AttributeCertificate B "2.5.4.58" "id-at-attributeCertificate" +RoleSyntax B "2.5.4.72" "id-at-role" +Targets B "2.5.29.55" "id-ce-targetInformation" +#AuthorityKeyIdentifier B "2.5.29.35" "id-ce-authorityKeyIdentifier" + +#.FN_BODY SecurityCategory + object_identifier_id = NULL; + %(DEFAULT_BODY)s + +#.FN_PARS SecurityCategory/type + FN_VARIANT = _str VAL_PTR = &object_identifier_id + +#.FN_BODY SecurityCategory/value + if (object_identifier_id) + offset = call_ber_oid_callback (object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); + +#.END + -- cgit v1.2.3