New protocol PKIXQualified from RFC3739

svn path=/trunk/; revision=12528

7 files changed, 915 insertions, 0 deletions

diff --git a/asn1/pkixqualified/PKIXqualified.asn b/asn1/pkixqualified/PKIXqualified.asn
new file mode 100755
index 0000000000..bd7c778a4e
--- /dev/null
+++ b/asn1/pkixqualified/PKIXqualified.asn
@@ -0,0 +1,220 @@
+-- This ASN definition is taken from (and modified to pass through asn2eth)

+-- RFC3739

+--

+-- RFC3739 contains the followin copyright statements:

+-- 

+-- Full Copyright Statement

+-- 

+--    Copyright (C) The Internet Society (2004).  This document is subject

+--    to the rights, licenses and restrictions contained in BCP 78 and

+--    except as set forth therein, the authors retain all their rights.

+-- 

+--    This document and the information contained herein are provided on an

+--    "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE

+--    REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE

+--    INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR

+--    IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF

+--    THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED

+--    WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

+-- 

+-- Intellectual Property

+-- 

+--    The IETF takes no position regarding the validity or scope of any

+--    Intellectual Property Rights or other rights that might be claimed

+--    to pertain to the implementation or use of the technology

+--    described in this document or the extent to which any license

+--    under such rights might or might not be available; nor does it

+--    represent that it has made any independent effort to identify any

+--    such rights.  Information on the procedures with respect to

+--    rights in RFC documents can be found in BCP 78 and BCP 79.

+-- 

+--    Copies of IPR disclosures made to the IETF Secretariat and any

+--    assurances of licenses to be made available, or the result of an

+--    attempt made to obtain a general license or permission for the use

+--    of such proprietary rights by implementers or users of this

+--    specification can be obtained from the IETF on-line IPR repository

+--    at http://www.ietf.org/ipr.

+-- 

+--    The IETF invites any interested party to bring to its attention

+--    any copyrights, patents or patent applications, or other

+--    proprietary rights that may cover technology that may be required

+--    to implement this standard.  Please address the information to the

+--    IETF at ietf-ipr@ietf.org.

+-- 

+-- Acknowledgement

+-- 

+--    Funding for the RFC Editor function is currently provided by the

+--    Internet Society.

+-- 

+

+

+   PKIXqualified97 {iso(1) identified-organization(3) dod(6)

+       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)

+       id-mod-qualified-cert-97(35) }

+

+   DEFINITIONS EXPLICIT TAGS ::=

+

+   BEGIN

+

+   -- EXPORTS ALL --

+

+   IMPORTS

+

+   informationFramework, certificateExtensions, selectedAttributeTypes,

+       authenticationFramework, upperBounds, id-at

+       FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)

+       usefulDefinitions(0) 3 }

+

+   ub-name

+       FROM UpperBounds upperBounds

+

+   GeneralName

+       FROM CertificateExtensions certificateExtensions

+

+   ATTRIBUTE, AttributeType

+       FROM InformationFramework informationFramework

+

+   DirectoryString

+       FROM SelectedAttributeTypes selectedAttributeTypes

+

+   AlgorithmIdentifier, Extension, EXTENSION

+       FROM AuthenticationFramework authenticationFramework

+

+   id-pkix, id-pe

+       FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6)

+       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)

+       id-pkix1-explicit(18) };

+

+   -- Locally defined OIDs

+

+   -- Arc for QC personal data attributes

+--   id-pda  OBJECT IDENTIFIER ::= { id-pkix 9 }

+

+   -- Arc for QC statements

+--   id-qcs  OBJECT IDENTIFIER ::= { id-pkix 11 }

+

+   -- Personal data attributes

+

+--   id-pda-dateOfBirth          AttributeType ::= { id-pda 1 }

+--   id-pda-placeOfBirth         AttributeType ::= { id-pda 2 }

+--   id-pda-gender               AttributeType ::= { id-pda 3 }

+--   id-pda-countryOfCitizenship AttributeType ::= { id-pda 4 }

+--   id-pda-countryOfResidence   AttributeType ::= { id-pda 5 }

+

+   -- Certificate extensions

+

+--   id-pe-biometricInfo         OBJECT IDENTIFIER ::= { id-pe 2 }

+--   id-pe-qcStatements          OBJECT IDENTIFIER ::= { id-pe 3 }

+

+   -- QC statements

+

+--   id-qcs-pkixQCSyntax-v1      OBJECT IDENTIFIER ::= { id-qcs 1 }

+--   id-qcs-pkixQCSyntax-v2      OBJECT IDENTIFIER ::= { id-qcs 2 }

+

+Generalizedtime ::= GeneralizedTime

+

+Directorystring ::= DirectoryString

+

+Printablestring ::= PrintableString

+

+   -- Personal data attributes

+--

+--   dateOfBirth ATTRIBUTE ::= {

+--       WITH SYNTAX GeneralizedTime

+--       ID          id-pda-dateOfBirth }

+--

+--   placeOfBirth ATTRIBUTE ::= {

+--      WITH SYNTAX DirectoryString {ub-name}

+--      ID          id-pda-placeOfBirth }

+--

+--   gender ATTRIBUTE ::= {

+--       WITH SYNTAX PrintableString (SIZE(1) ^ FROM("M"|"F"|"m"|"f"))

+--       ID          id-pda-gender }

+--

+--   countryOfCitizenship ATTRIBUTE ::= {

+--       WITH SYNTAX PrintableString (SIZE (2))

+--           (CONSTRAINED BY { })

+--       ID          id-pda-countryOfCitizenship }

+--

+--   countryOfResidence ATTRIBUTE ::= {

+--       WITH SYNTAX PrintableString (SIZE (2))

+--           (CONSTRAINED BY { })

+--       ID          id-pda-countryOfResidence }

+--

+   -- Certificate extensions

+

+   -- Biometric info extension

+--

+--   biometricInfo  EXTENSION ::= {

+--       SYNTAX             BiometricSyntax

+--       IDENTIFIED BY      id-pe-biometricInfo }

+

+   BiometricSyntax ::= SEQUENCE OF BiometricData

+

+   BiometricData ::= SEQUENCE {

+       typeOfBiometricData TypeOfBiometricData,

+       hashAlgorithm       AlgorithmIdentifier,

+       biometricDataHash   OCTET STRING,

+       sourceDataUri       IA5String OPTIONAL,

+       ... }

+

+   TypeOfBiometricData ::= CHOICE {

+       predefinedBiometricType PredefinedBiometricType,

+       biometricDataOid        OBJECT IDENTIFIER }

+

+   PredefinedBiometricType ::= INTEGER {

+       picture(0), handwritten-signature(1)}

+

+

+   -- QC Statements Extension

+   -- NOTE: This extension does not allow to mix critical and

+   -- non-critical Qualified Certificate Statements. Either all

+   -- statements must be critical or all statements must be

+   -- non-critical.

+--

+--   qcStatements  EXTENSION ::= {

+--       SYNTAX        QCStatements

+--       IDENTIFIED BY id-pe-qcStatements }

+

+   QCStatements ::= SEQUENCE OF QCStatement

+

+   QCStatement ::= SEQUENCE {

+       statementId   OBJECT IDENTIFIER,

+       statementInfo ANY OPTIONAL }

+

+--   QC-STATEMENT ::= CLASS {

+--       &id   OBJECT IDENTIFIER UNIQUE,

+--       &Type OPTIONAL }

+--       WITH SYNTAX {

+--       [SYNTAX &Type] IDENTIFIED BY &id }

+

+--   qcStatement-1 QC-STATEMENT ::= { SYNTAX SemanticsInformation

+--       IDENTIFIED BY id-qcs-pkixQCSyntax-v1}

+       --  This statement identifies conformance with requirements

+       --  defined in RFC 3039 (Version 1). This statement

+       --  may optionally contain additional semantics information

+       --  as specified below.

+

+--   qcStatement-2 QC-STATEMENT ::= { SYNTAX SemanticsInformation

+--       IDENTIFIED BY id-qcs-pkixQCSyntax-v2}

+       --  This statement identifies conformance with requirements

+       --  defined in this Qualified Certificate profile

+       --  (Version 2). This statement may optionally contain

+       --  additional semantics information as specified below.

+

+   SemanticsInformation ::= SEQUENCE {

+       semanticsIdentifier         OBJECT IDENTIFIER OPTIONAL,

+       nameRegistrationAuthorities NameRegistrationAuthorities OPTIONAL

+       }

+

+   NameRegistrationAuthorities ::= SEQUENCE OF GeneralName

+

+   -- The following information object set is defined to constrain the

+   -- set of attributes applications are required to recognize as QCSs.

+--   SupportedStatements QC-STATEMENT ::= {

+--       qcStatement-1 |

+--       qcStatement-2 , ... }

+

+   END

+

+

diff --git a/asn1/pkixqualified/packet-pkixqualified-template.c b/asn1/pkixqualified/packet-pkixqualified-template.c
new file mode 100644
index 0000000000..ffebc23c72
--- /dev/null
+++ b/asn1/pkixqualified/packet-pkixqualified-template.c
@@ -0,0 +1,86 @@
+/* packet-pkixqualified.c
+ * Routines for RFC3739 PKIXqualified packet dissection
+ *  Ronnie Sahlberg 2004
+ *
+ * $Id: packet-pkixqualified-template.c 12434 2004-10-29 12:11:42Z sahlberg $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <glib.h>
+#include <epan/packet.h>
+#include <epan/conversation.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include "packet-ber.h"
+#include "packet-pkixqualified.h"
+#include "packet-x509af.h"
+#include "packet-x509ce.h"
+#include "packet-x509sat.h"
+
+#define PNAME  "PKIX Qualified"
+#define PSNAME "PKIXQUALIFIED"
+#define PFNAME "pkixqualified"
+
+/* Initialize the protocol and registered fields */
+int proto_pkixqualified = -1;
+#include "packet-pkixqualified-hf.c"
+
+/* Initialize the subtree pointers */
+#include "packet-pkixqualified-ett.c"
+
+static char object_identifier_id[64]; /*64 chars should be long enough? */
+
+#include "packet-pkixqualified-fn.c"
+
+
+/*--- proto_register_pkixqualified ----------------------------------------------*/
+void proto_register_pkixqualified(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] = {
+#include "packet-pkixqualified-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+#include "packet-pkixqualified-ettarr.c"
+  };
+
+  /* Register protocol */
+  proto_pkixqualified = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_pkixqualified, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+}
+
+
+/*--- proto_reg_handoff_pkixqualified -------------------------------------------*/
+void proto_reg_handoff_pkixqualified(void) {
+#include "packet-pkixqualified-dis-tab.c"
+}
+
diff --git a/asn1/pkixqualified/packet-pkixqualified-template.h b/asn1/pkixqualified/packet-pkixqualified-template.h
new file mode 100644
index 0000000000..856f3e631a
--- /dev/null
+++ b/asn1/pkixqualified/packet-pkixqualified-template.h
@@ -0,0 +1,31 @@
+/* packet-pkixqualified.h
+ * Routines for RFC3739 PKIXqualified packet dissection
+ *
+ * $Id: packet-pkixqualified-template.h 12434 2004-10-29 12:11:42Z sahlberg $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef PACKET_PKIXQUALIFIED_H
+#define PACKET_PKIXQUALIFIED_H
+
+/*#include "packet-pkixqualified-exp.h"*/
+
+#endif  /* PACKET_PKIXQUALIFIED_H */
+
diff --git a/asn1/pkixqualified/pkixqualified.cnf b/asn1/pkixqualified/pkixqualified.cnf
new file mode 100644
index 0000000000..bdcc09ab59
--- /dev/null
+++ b/asn1/pkixqualified/pkixqualified.cnf
@@ -0,0 +1,43 @@
+# PKIXqualified.cnf
+# PKIXqualified conformation file
+
+# $Id: pkixqualified.cnf 12434 2004-10-29 12:11:42Z sahlberg $
+
+#.MODULE_IMPORT
+CertificateExtensions x509ce
+AuthenticationFramework x509af
+SelectedAttributeTypes x509sat
+
+#.INCLUDE ../x509ce/x509ce_exp.cnf
+#.INCLUDE ../x509af/x509af_exp.cnf
+#.INCLUDE ../x509sat/x509sat_exp.cnf
+
+#.EXPORTS
+
+#.REGISTER
+BiometricSyntax         B "1.3.6.1.5.5.7.1.2" "id-pe-biometricInfo"
+QCStatements            B "1.3.6.1.5.5.7.1.3" "id-pe-qcStatements"
+SemanticsInformation    B "1.3.6.1.5.5.7.11.1" "id-qcs-pkixQCSyntax-v1"
+SemanticsInformation    B "1.3.6.1.5.5.7.11.2" "id-qcs-pkixQCSyntax-v2"
+Generalizedtime         B "1.3.6.1.5.5.7.9.1" "id-pda-dateOfBirth"
+Directorystring         B "1.3.6.1.5.5.7.9.2" "id-pda-placeOfBirth"
+Printablestring         B "1.3.6.1.5.5.7.9.3" "id-pda-gender"
+Printablestring         B "1.3.6.1.5.5.7.9.4" "id-pda-countryOfCitizenship"
+Printablestring         B "1.3.6.1.5.5.7.9.5" "id-pda-countryOfResidence"
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+
+#.FIELD_RENAME
+
+#.FN_BODY QCStatement/statementId
+  offset = dissect_ber_object_identifier(FALSE, pinfo, tree, tvb, offset,
+                                         hf_pkixqualified_statementId, object_identifier_id);
+
+#.FN_BODY QCStatement/statementInfo
+  offset=call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree);
+
+#.END
+
+
diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common
index 4092d27d24..ac774535c9 100644
--- a/epan/dissectors/Makefile.common
+++ b/epan/dissectors/Makefile.common
@@ -389,6 +389,7 @@ DISSECTOR_SRC =	\
 	packet-pkcs1.c	\
 	packet-pkix1explicit.c	\
 	packet-pkix1implicit.c	\
+	packet-pkixqualified.c	\
 	packet-pkinit.c	\
 	packet-pktc.c	\
 	packet-pop.c	\
@@ -673,6 +674,7 @@ DISSECTOR_INCLUDES =	\
 	packet-pkcs1.h	\
 	packet-pkix1explicit.h	\
 	packet-pkix1implicit.h	\
+	packet-pkixqualified.h	\
 	packet-pkinit.h	\
 	packet-pktc.h	\
 	packet-portmap.h	\
diff --git a/epan/dissectors/packet-pkixqualified.c b/epan/dissectors/packet-pkixqualified.c
new file mode 100644
index 0000000000..00f61b1e9b
--- /dev/null
+++ b/epan/dissectors/packet-pkixqualified.c
@@ -0,0 +1,495 @@
+/* Do not modify this file.                                                   */
+/* It is created automatically by the ASN.1 to Ethereal dissector compiler    */
+/* ./packet-pkixqualified.c                                                   */
+/* ../../tools/asn2eth.py -X -b -e -p pkixqualified -c pkixqualified.cnf -s packet-pkixqualified-template PKIXqualified.asn */
+
+/* Input file: packet-pkixqualified-template.c */
+
+/* packet-pkixqualified.c
+ * Routines for RFC3739 PKIXqualified packet dissection
+ *  Ronnie Sahlberg 2004
+ *
+ * $Id: packet-pkixqualified-template.c 12434 2004-10-29 12:11:42Z sahlberg $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <glib.h>
+#include <epan/packet.h>
+#include <epan/conversation.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include "packet-ber.h"
+#include "packet-pkixqualified.h"
+#include "packet-x509af.h"
+#include "packet-x509ce.h"
+#include "packet-x509sat.h"
+
+#define PNAME  "PKIX Qualified"
+#define PSNAME "PKIXQUALIFIED"
+#define PFNAME "pkixqualified"
+
+/* Initialize the protocol and registered fields */
+int proto_pkixqualified = -1;
+
+/*--- Included file: packet-pkixqualified-hf.c ---*/
+
+static int hf_pkixqualified_Generalizedtime_PDU = -1;  /* Generalizedtime */
+static int hf_pkixqualified_Directorystring_PDU = -1;  /* Directorystring */
+static int hf_pkixqualified_Printablestring_PDU = -1;  /* Printablestring */
+static int hf_pkixqualified_BiometricSyntax_PDU = -1;  /* BiometricSyntax */
+static int hf_pkixqualified_QCStatements_PDU = -1;  /* QCStatements */
+static int hf_pkixqualified_SemanticsInformation_PDU = -1;  /* SemanticsInformation */
+static int hf_pkixqualified_BiometricSyntax_item = -1;  /* BiometricData */
+static int hf_pkixqualified_typeOfBiometricData = -1;  /* TypeOfBiometricData */
+static int hf_pkixqualified_hashAlgorithm = -1;   /* AlgorithmIdentifier */
+static int hf_pkixqualified_biometricDataHash = -1;  /* OCTET_STRING */
+static int hf_pkixqualified_sourceDataUri = -1;   /* IA5String */
+static int hf_pkixqualified_predefinedBiometricType = -1;  /* PredefinedBiometricType */
+static int hf_pkixqualified_biometricDataOid = -1;  /* OBJECT_IDENTIFIER */
+static int hf_pkixqualified_QCStatements_item = -1;  /* QCStatement */
+static int hf_pkixqualified_statementId = -1;     /* T_statementId */
+static int hf_pkixqualified_statementInfo = -1;   /* T_statementInfo */
+static int hf_pkixqualified_semanticsIdentifier = -1;  /* OBJECT_IDENTIFIER */
+static int hf_pkixqualified_nameRegistrationAuthorities = -1;  /* NameRegistrationAuthorities */
+static int hf_pkixqualified_NameRegistrationAuthorities_item = -1;  /* GeneralName */
+
+/*--- End of included file: packet-pkixqualified-hf.c ---*/
+
+
+/* Initialize the subtree pointers */
+
+/*--- Included file: packet-pkixqualified-ett.c ---*/
+
+static gint ett_pkixqualified_BiometricSyntax = -1;
+static gint ett_pkixqualified_BiometricData = -1;
+static gint ett_pkixqualified_TypeOfBiometricData = -1;
+static gint ett_pkixqualified_QCStatements = -1;
+static gint ett_pkixqualified_QCStatement = -1;
+static gint ett_pkixqualified_SemanticsInformation = -1;
+static gint ett_pkixqualified_NameRegistrationAuthorities = -1;
+
+/*--- End of included file: packet-pkixqualified-ett.c ---*/
+
+
+static char object_identifier_id[64]; /*64 chars should be long enough? */
+
+
+/*--- Included file: packet-pkixqualified-fn.c ---*/
+
+/*--- Fields for imported types ---*/
+
+static int dissect_hashAlgorithm(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  return dissect_x509af_AlgorithmIdentifier(FALSE, tvb, offset, pinfo, tree, hf_pkixqualified_hashAlgorithm);
+}
+static int dissect_NameRegistrationAuthorities_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  return dissect_x509ce_GeneralName(FALSE, tvb, offset, pinfo, tree, hf_pkixqualified_NameRegistrationAuthorities_item);
+}
+
+
+static int
+dissect_pkixqualified_Generalizedtime(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_index);
+
+  return offset;
+}
+
+
+static int
+dissect_pkixqualified_Directorystring(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_x509sat_DirectoryString(implicit_tag, tvb, offset, pinfo, tree, hf_index);
+
+  return offset;
+}
+
+
+static int
+dissect_pkixqualified_Printablestring(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_PrintableString,
+                                         pinfo, tree, tvb, offset, hf_index,
+                                         NULL);
+
+  return offset;
+}
+
+
+static const value_string PredefinedBiometricType_vals[] = {
+  {   0, "picture" },
+  {   1, "handwritten-signature" },
+  { 0, NULL }
+};
+
+
+static int
+dissect_pkixqualified_PredefinedBiometricType(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_integer_new(implicit_tag, pinfo, tree, tvb, offset, hf_index, NULL);
+
+  return offset;
+}
+static int dissect_predefinedBiometricType(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  return dissect_pkixqualified_PredefinedBiometricType(FALSE, tvb, offset, pinfo, tree, hf_pkixqualified_predefinedBiometricType);
+}
+
+
+static int
+dissect_pkixqualified_OBJECT_IDENTIFIER(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_object_identifier(implicit_tag, pinfo, tree, tvb, offset,
+                                         hf_index, NULL);
+
+  return offset;
+}
+static int dissect_biometricDataOid(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  return dissect_pkixqualified_OBJECT_IDENTIFIER(FALSE, tvb, offset, pinfo, tree, hf_pkixqualified_biometricDataOid);
+}
+static int dissect_semanticsIdentifier(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  return dissect_pkixqualified_OBJECT_IDENTIFIER(FALSE, tvb, offset, pinfo, tree, hf_pkixqualified_semanticsIdentifier);
+}
+
+
+static const value_string TypeOfBiometricData_vals[] = {
+  {   0, "predefinedBiometricType" },
+  {   1, "biometricDataOid" },
+  { 0, NULL }
+};
+
+static const ber_choice TypeOfBiometricData_choice[] = {
+  {   0, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_predefinedBiometricType },
+  {   1, BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_biometricDataOid },
+  { 0, 0, 0, 0, NULL }
+};
+
+static int
+dissect_pkixqualified_TypeOfBiometricData(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_choice(pinfo, tree, tvb, offset,
+                              TypeOfBiometricData_choice, hf_index, ett_pkixqualified_TypeOfBiometricData);
+
+  return offset;
+}
+static int dissect_typeOfBiometricData(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  return dissect_pkixqualified_TypeOfBiometricData(FALSE, tvb, offset, pinfo, tree, hf_pkixqualified_typeOfBiometricData);
+}
+
+
+static int
+dissect_pkixqualified_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
+                                    NULL);
+
+  return offset;
+}
+static int dissect_biometricDataHash(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  return dissect_pkixqualified_OCTET_STRING(FALSE, tvb, offset, pinfo, tree, hf_pkixqualified_biometricDataHash);
+}
+
+
+static int
+dissect_pkixqualified_IA5String(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_IA5String,
+                                         pinfo, tree, tvb, offset, hf_index,
+                                         NULL);
+
+  return offset;
+}
+static int dissect_sourceDataUri(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  return dissect_pkixqualified_IA5String(FALSE, tvb, offset, pinfo, tree, hf_pkixqualified_sourceDataUri);
+}
+
+static const ber_sequence BiometricData_sequence[] = {
+  { BER_CLASS_UNI, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_typeOfBiometricData },
+  { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_hashAlgorithm },
+  { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_biometricDataHash },
+  { BER_CLASS_UNI, BER_UNI_TAG_IA5String, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_sourceDataUri },
+  { 0, 0, 0, NULL }
+};
+
+static int
+dissect_pkixqualified_BiometricData(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
+                                BiometricData_sequence, hf_index, ett_pkixqualified_BiometricData);
+
+  return offset;
+}
+static int dissect_BiometricSyntax_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  return dissect_pkixqualified_BiometricData(FALSE, tvb, offset, pinfo, tree, hf_pkixqualified_BiometricSyntax_item);
+}
+
+static const ber_sequence BiometricSyntax_sequence_of[1] = {
+  { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_BiometricSyntax_item },
+};
+
+static int
+dissect_pkixqualified_BiometricSyntax(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
+                                   BiometricSyntax_sequence_of, hf_index, ett_pkixqualified_BiometricSyntax);
+
+  return offset;
+}
+
+
+static int
+dissect_pkixqualified_T_statementId(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_object_identifier(FALSE, pinfo, tree, tvb, offset,
+                                         hf_pkixqualified_statementId, object_identifier_id);
+
+
+  return offset;
+}
+static int dissect_statementId(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  return dissect_pkixqualified_T_statementId(FALSE, tvb, offset, pinfo, tree, hf_pkixqualified_statementId);
+}
+
+
+
+static int
+dissect_pkixqualified_T_statementInfo(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset=call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree);
+
+
+  return offset;
+}
+static int dissect_statementInfo(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  return dissect_pkixqualified_T_statementInfo(FALSE, tvb, offset, pinfo, tree, hf_pkixqualified_statementInfo);
+}
+
+static const ber_sequence QCStatement_sequence[] = {
+  { BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_statementId },
+  { BER_CLASS_ANY, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_statementInfo },
+  { 0, 0, 0, NULL }
+};
+
+static int
+dissect_pkixqualified_QCStatement(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
+                                QCStatement_sequence, hf_index, ett_pkixqualified_QCStatement);
+
+  return offset;
+}
+static int dissect_QCStatements_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  return dissect_pkixqualified_QCStatement(FALSE, tvb, offset, pinfo, tree, hf_pkixqualified_QCStatements_item);
+}
+
+static const ber_sequence QCStatements_sequence_of[1] = {
+  { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_QCStatements_item },
+};
+
+static int
+dissect_pkixqualified_QCStatements(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
+                                   QCStatements_sequence_of, hf_index, ett_pkixqualified_QCStatements);
+
+  return offset;
+}
+
+static const ber_sequence NameRegistrationAuthorities_sequence_of[1] = {
+  { BER_CLASS_ANY, -1, BER_FLAGS_NOOWNTAG, dissect_NameRegistrationAuthorities_item },
+};
+
+static int
+dissect_pkixqualified_NameRegistrationAuthorities(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
+                                   NameRegistrationAuthorities_sequence_of, hf_index, ett_pkixqualified_NameRegistrationAuthorities);
+
+  return offset;
+}
+static int dissect_nameRegistrationAuthorities(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
+  return dissect_pkixqualified_NameRegistrationAuthorities(FALSE, tvb, offset, pinfo, tree, hf_pkixqualified_nameRegistrationAuthorities);
+}
+
+static const ber_sequence SemanticsInformation_sequence[] = {
+  { BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_semanticsIdentifier },
+  { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_nameRegistrationAuthorities },
+  { 0, 0, 0, NULL }
+};
+
+static int
+dissect_pkixqualified_SemanticsInformation(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index) {
+  offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
+                                SemanticsInformation_sequence, hf_index, ett_pkixqualified_SemanticsInformation);
+
+  return offset;
+}
+
+/*--- PDUs ---*/
+
+static void dissect_Generalizedtime_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
+  dissect_pkixqualified_Generalizedtime(FALSE, tvb, 0, pinfo, tree, hf_pkixqualified_Generalizedtime_PDU);
+}
+static void dissect_Directorystring_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
+  dissect_pkixqualified_Directorystring(FALSE, tvb, 0, pinfo, tree, hf_pkixqualified_Directorystring_PDU);
+}
+static void dissect_Printablestring_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
+  dissect_pkixqualified_Printablestring(FALSE, tvb, 0, pinfo, tree, hf_pkixqualified_Printablestring_PDU);
+}
+static void dissect_BiometricSyntax_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
+  dissect_pkixqualified_BiometricSyntax(FALSE, tvb, 0, pinfo, tree, hf_pkixqualified_BiometricSyntax_PDU);
+}
+static void dissect_QCStatements_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
+  dissect_pkixqualified_QCStatements(FALSE, tvb, 0, pinfo, tree, hf_pkixqualified_QCStatements_PDU);
+}
+static void dissect_SemanticsInformation_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
+  dissect_pkixqualified_SemanticsInformation(FALSE, tvb, 0, pinfo, tree, hf_pkixqualified_SemanticsInformation_PDU);
+}
+
+
+/*--- End of included file: packet-pkixqualified-fn.c ---*/
+
+
+
+/*--- proto_register_pkixqualified ----------------------------------------------*/
+void proto_register_pkixqualified(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] = {
+
+/*--- Included file: packet-pkixqualified-hfarr.c ---*/
+
+    { &hf_pkixqualified_Generalizedtime_PDU,
+      { "Generalizedtime", "pkixqualified.Generalizedtime",
+        FT_STRING, BASE_NONE, NULL, 0,
+        "Generalizedtime", HFILL }},
+    { &hf_pkixqualified_Directorystring_PDU,
+      { "Directorystring", "pkixqualified.Directorystring",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "Directorystring", HFILL }},
+    { &hf_pkixqualified_Printablestring_PDU,
+      { "Printablestring", "pkixqualified.Printablestring",
+        FT_STRING, BASE_NONE, NULL, 0,
+        "Printablestring", HFILL }},
+    { &hf_pkixqualified_BiometricSyntax_PDU,
+      { "BiometricSyntax", "pkixqualified.BiometricSyntax",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "BiometricSyntax", HFILL }},
+    { &hf_pkixqualified_QCStatements_PDU,
+      { "QCStatements", "pkixqualified.QCStatements",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "QCStatements", HFILL }},
+    { &hf_pkixqualified_SemanticsInformation_PDU,
+      { "SemanticsInformation", "pkixqualified.SemanticsInformation",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "SemanticsInformation", HFILL }},
+    { &hf_pkixqualified_BiometricSyntax_item,
+      { "Item", "pkixqualified.BiometricSyntax_item",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "BiometricSyntax/_item", HFILL }},
+    { &hf_pkixqualified_typeOfBiometricData,
+      { "typeOfBiometricData", "pkixqualified.typeOfBiometricData",
+        FT_UINT32, BASE_DEC, VALS(TypeOfBiometricData_vals), 0,
+        "BiometricData/typeOfBiometricData", HFILL }},
+    { &hf_pkixqualified_hashAlgorithm,
+      { "hashAlgorithm", "pkixqualified.hashAlgorithm",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "BiometricData/hashAlgorithm", HFILL }},
+    { &hf_pkixqualified_biometricDataHash,
+      { "biometricDataHash", "pkixqualified.biometricDataHash",
+        FT_BYTES, BASE_HEX, NULL, 0,
+        "BiometricData/biometricDataHash", HFILL }},
+    { &hf_pkixqualified_sourceDataUri,
+      { "sourceDataUri", "pkixqualified.sourceDataUri",
+        FT_STRING, BASE_NONE, NULL, 0,
+        "BiometricData/sourceDataUri", HFILL }},
+    { &hf_pkixqualified_predefinedBiometricType,
+      { "predefinedBiometricType", "pkixqualified.predefinedBiometricType",
+        FT_INT32, BASE_DEC, VALS(PredefinedBiometricType_vals), 0,
+        "TypeOfBiometricData/predefinedBiometricType", HFILL }},
+    { &hf_pkixqualified_biometricDataOid,
+      { "biometricDataOid", "pkixqualified.biometricDataOid",
+        FT_STRING, BASE_NONE, NULL, 0,
+        "TypeOfBiometricData/biometricDataOid", HFILL }},
+    { &hf_pkixqualified_QCStatements_item,
+      { "Item", "pkixqualified.QCStatements_item",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "QCStatements/_item", HFILL }},
+    { &hf_pkixqualified_statementId,
+      { "statementId", "pkixqualified.statementId",
+        FT_STRING, BASE_NONE, NULL, 0,
+        "QCStatement/statementId", HFILL }},
+    { &hf_pkixqualified_statementInfo,
+      { "statementInfo", "pkixqualified.statementInfo",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "QCStatement/statementInfo", HFILL }},
+    { &hf_pkixqualified_semanticsIdentifier,
+      { "semanticsIdentifier", "pkixqualified.semanticsIdentifier",
+        FT_STRING, BASE_NONE, NULL, 0,
+        "SemanticsInformation/semanticsIdentifier", HFILL }},
+    { &hf_pkixqualified_nameRegistrationAuthorities,
+      { "nameRegistrationAuthorities", "pkixqualified.nameRegistrationAuthorities",
+        FT_UINT32, BASE_DEC, NULL, 0,
+        "SemanticsInformation/nameRegistrationAuthorities", HFILL }},
+    { &hf_pkixqualified_NameRegistrationAuthorities_item,
+      { "Item", "pkixqualified.NameRegistrationAuthorities_item",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "NameRegistrationAuthorities/_item", HFILL }},
+
+/*--- End of included file: packet-pkixqualified-hfarr.c ---*/
+
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+
+/*--- Included file: packet-pkixqualified-ettarr.c ---*/
+
+    &ett_pkixqualified_BiometricSyntax,
+    &ett_pkixqualified_BiometricData,
+    &ett_pkixqualified_TypeOfBiometricData,
+    &ett_pkixqualified_QCStatements,
+    &ett_pkixqualified_QCStatement,
+    &ett_pkixqualified_SemanticsInformation,
+    &ett_pkixqualified_NameRegistrationAuthorities,
+
+/*--- End of included file: packet-pkixqualified-ettarr.c ---*/
+
+  };
+
+  /* Register protocol */
+  proto_pkixqualified = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_pkixqualified, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+}
+
+
+/*--- proto_reg_handoff_pkixqualified -------------------------------------------*/
+void proto_reg_handoff_pkixqualified(void) {
+
+/*--- Included file: packet-pkixqualified-dis-tab.c ---*/
+
+ register_ber_oid_dissector("1.3.6.1.5.5.7.1.2", dissect_BiometricSyntax_PDU, proto_pkixqualified, "id-pe-biometricInfo");
+ register_ber_oid_dissector("1.3.6.1.5.5.7.1.3", dissect_QCStatements_PDU, proto_pkixqualified, "id-pe-qcStatements");
+ register_ber_oid_dissector("1.3.6.1.5.5.7.11.1", dissect_SemanticsInformation_PDU, proto_pkixqualified, "id-qcs-pkixQCSyntax-v1");
+ register_ber_oid_dissector("1.3.6.1.5.5.7.11.2", dissect_SemanticsInformation_PDU, proto_pkixqualified, "id-qcs-pkixQCSyntax-v2");
+ register_ber_oid_dissector("1.3.6.1.5.5.7.9.1", dissect_Generalizedtime_PDU, proto_pkixqualified, "id-pda-dateOfBirth");
+ register_ber_oid_dissector("1.3.6.1.5.5.7.9.2", dissect_Directorystring_PDU, proto_pkixqualified, "id-pda-placeOfBirth");
+ register_ber_oid_dissector("1.3.6.1.5.5.7.9.3", dissect_Printablestring_PDU, proto_pkixqualified, "id-pda-gender");
+ register_ber_oid_dissector("1.3.6.1.5.5.7.9.4", dissect_Printablestring_PDU, proto_pkixqualified, "id-pda-countryOfCitizenship");
+ register_ber_oid_dissector("1.3.6.1.5.5.7.9.5", dissect_Printablestring_PDU, proto_pkixqualified, "id-pda-countryOfResidence");
+
+
+/*--- End of included file: packet-pkixqualified-dis-tab.c ---*/
+
+}
+
diff --git a/epan/dissectors/packet-pkixqualified.h b/epan/dissectors/packet-pkixqualified.h
new file mode 100644
index 0000000000..aae818ceb6
--- /dev/null
+++ b/epan/dissectors/packet-pkixqualified.h
@@ -0,0 +1,38 @@
+/* Do not modify this file.                                                   */
+/* It is created automatically by the ASN.1 to Ethereal dissector compiler    */
+/* ./packet-pkixqualified.h                                                   */
+/* ../../tools/asn2eth.py -X -b -e -p pkixqualified -c pkixqualified.cnf -s packet-pkixqualified-template PKIXqualified.asn */
+
+/* Input file: packet-pkixqualified-template.h */
+
+/* packet-pkixqualified.h
+ * Routines for RFC3739 PKIXqualified packet dissection
+ *
+ * $Id: packet-pkixqualified-template.h 12434 2004-10-29 12:11:42Z sahlberg $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef PACKET_PKIXQUALIFIED_H
+#define PACKET_PKIXQUALIFIED_H
+
+/*#include "packet-pkixqualified-exp.h"*/
+
+#endif  /* PACKET_PKIXQUALIFIED_H */
+