Add support for SRVName SAN extension for TLS certificates

Closes #17256
author: Anders Broman <anders.broman@ericsson.com> 2021-02-25 10:21:24 +0100
committer: Anders Broman <anders.broman@ericsson.com> 2021-02-25 10:21:24 +0100
commit: 8ccbdb786aac52851e2120ae2167e85ea8d132eb (patch)
tree: 80caca5f36922c1c3baf156afc3ad20d147a9fb4
parent: e2ee14ae0379b590b2731488b2161dcd7d7ae5e2 (diff)
6 files changed, 101 insertions, 3 deletions
diff --git a/epan/dissectors/asn1/pkixqualified/CMakeLists.txt b/epan/dissectors/asn1/pkixqualified/CMakeLists.txt
index 1d5d03e3ea..1faf35af22 100644
--- a/epan/dissectors/asn1/pkixqualified/CMakeLists.txt
+++ b/epan/dissectors/asn1/pkixqualified/CMakeLists.txt
@@ -16,6 +16,8 @@ set( EXT_ASN_FILE_LIST
 
 set( ASN_FILE_LIST
 	PKIXqualified.asn
+	PKIXServiceNameSAN88.asn
+	PKIXServiceNameSAN93.asn
 )
 
 set( EXTRA_DIST
diff --git a/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN88.asn b/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN88.asn
new file mode 100644
index 0000000000..80e1da5e2a
--- /dev/null
+++ b/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN88.asn
@@ -0,0 +1,32 @@
+-- Extracted from RFC 4985 Appendix A.1.  1988 ASN.1 Module
+--
+   PKIXServiceNameSAN88 {iso(1) identified-organization(3) dod(6)
+         internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+         id-mod-dns-srv-name-88(39) }
+
+   DEFINITIONS EXPLICIT TAGS ::=
+
+      BEGIN
+
+      -- EXPORTS ALL --
+
+      IMPORTS
+
+   -- UTF8String, / move hyphens before slash if UTF8String does not
+   -- resolve with your compiler
+
+        id-pkix
+              FROM PKIX1Explicit88 { iso(1) identified-organization(3)
+              dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+              id-mod(0) id-pkix1-explicit(18) } ;
+              -- from RFC3280 [N2]
+     -- Service Name Object Identifier and Syntax
+     -- id-pkix OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7}
+
+     id-on   OBJECT IDENTIFIER ::= { id-pkix 8 }
+
+     id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 }
+
+     SRVName ::= IA5String    (SIZE (1..MAX))
+
+   END
diff --git a/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN93.asn b/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN93.asn
new file mode 100644
index 0000000000..ce4b994304
--- /dev/null
+++ b/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN93.asn
@@ -0,0 +1,39 @@
+-- Extracted from RFC 4985 Appendix A.2.  1993 ASN.1 Module
+--
+   PKIXServiceNameSAN93 {iso(1) identified-organization(3) dod(6)
+       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+       id-mod-dns-srv-name-93(40) }
+
+   DEFINITIONS EXPLICIT TAGS ::=
+
+   BEGIN
+
+   -- EXPORTS ALL --
+
+   IMPORTS
+
+      id-pkix
+            FROM PKIX1Explicit88 { iso(1) identified-organization(3)
+            dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+            id-mod(0) id-pkix1-explicit(18) } ;
+             -- from RFC 3280 [N2]
+
+
+   -- In the GeneralName definition using the 1993 ASN.1 syntax
+   -- includes:
+
+   OTHER-NAME ::= TYPE-IDENTIFIER
+
+
+   -- Service Name Object Identifier
+
+--   id-on   OBJECT IDENTIFIER ::= { id-pkix 8 }
+
+--   id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 }
+   -- Service Name
+
+   srvName OTHER-NAME ::= { SRVName IDENTIFIED BY { id-on-dnsSRV }}
+
+--   SRVName ::= IA5String (SIZE (1..MAX))
+
+   END
+\ No newline at end of file
diff --git a/epan/dissectors/asn1/pkixqualified/pkixqualified.cnf b/epan/dissectors/asn1/pkixqualified/pkixqualified.cnf
index 0e3315efc6..36f71f9e97 100644
--- a/epan/dissectors/asn1/pkixqualified/pkixqualified.cnf
+++ b/epan/dissectors/asn1/pkixqualified/pkixqualified.cnf
@@ -18,6 +18,7 @@ Directorystring         B "1.3.6.1.5.5.7.9.2" "id-pda-placeOfBirth"
 Printablestring         B "1.3.6.1.5.5.7.9.3" "id-pda-gender"
 Printablestring         B "1.3.6.1.5.5.7.9.4" "id-pda-countryOfCitizenship"
 Printablestring         B "1.3.6.1.5.5.7.9.5" "id-pda-countryOfResidence"
+SRVName                 B "1.3.6.1.5.5.7.8.7" "id-on-dnsSRV"
 
 #.NO_EMIT
 
diff --git a/epan/dissectors/packet-pkixqualified.c b/epan/dissectors/packet-pkixqualified.c
index 564db0e447..fcd44a30dc 100644
--- a/epan/dissectors/packet-pkixqualified.c
+++ b/epan/dissectors/packet-pkixqualified.c
@@ -1,7 +1,7 @@
 /* Do not modify this file. Changes will be overwritten.                      */
 /* Generated automatically by the ASN.1 to Wireshark dissector compiler       */
 /* packet-pkixqualified.c                                                     */
-/* asn2wrs.py -b -p pkixqualified -c ./pkixqualified.cnf -s ./packet-pkixqualified-template -D . -O ../.. PKIXqualified.asn */
+/* asn2wrs.py -b -p pkixqualified -c ./pkixqualified.cnf -s ./packet-pkixqualified-template -D . -O ../.. PKIXqualified.asn PKIXServiceNameSAN88.asn PKIXServiceNameSAN93.asn */
 
 /* Input file: packet-pkixqualified-template.c */
 
@@ -48,6 +48,7 @@ static int hf_pkixqualified_BiometricSyntax_PDU = -1;  /* BiometricSyntax */
 static int hf_pkixqualified_QCStatements_PDU = -1;  /* QCStatements */
 static int hf_pkixqualified_SemanticsInformation_PDU = -1;  /* SemanticsInformation */
 static int hf_pkixqualified_XmppAddr_PDU = -1;    /* XmppAddr */
+static int hf_pkixqualified_SRVName_PDU = -1;     /* SRVName */
 static int hf_pkixqualified_BiometricSyntax_item = -1;  /* BiometricData */
 static int hf_pkixqualified_typeOfBiometricData = -1;  /* TypeOfBiometricData */
 static int hf_pkixqualified_hashAlgorithm = -1;   /* AlgorithmIdentifier */
@@ -225,7 +226,7 @@ dissect_pkixqualified_T_statementId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_
 
 static int
 dissect_pkixqualified_T_statementInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 32 "./asn1/pkixqualified/pkixqualified.cnf"
+#line 33 "./asn1/pkixqualified/pkixqualified.cnf"
   offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
 
 
@@ -300,6 +301,17 @@ dissect_pkixqualified_XmppAddr(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
   return offset;
 }
 
+
+
+static int
+dissect_pkixqualified_SRVName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_IA5String,
+                                            actx, tree, tvb, offset, hf_index,
+                                            NULL);
+
+  return offset;
+}
+
 /*--- PDUs ---*/
 
 static int dissect_Generalizedtime_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
@@ -351,6 +363,13 @@ static int dissect_XmppAddr_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto
   offset = dissect_pkixqualified_XmppAddr(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkixqualified_XmppAddr_PDU);
   return offset;
 }
+static int dissect_SRVName_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
+  int offset = 0;
+  asn1_ctx_t asn1_ctx;
+  asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+  offset = dissect_pkixqualified_SRVName(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkixqualified_SRVName_PDU);
+  return offset;
+}
 
 
 /*--- End of included file: packet-pkixqualified-fn.c ---*/
@@ -393,6 +412,10 @@ void proto_register_pkixqualified(void) {
       { "XmppAddr", "pkixqualified.XmppAddr",
         FT_STRING, BASE_NONE, NULL, 0,
         NULL, HFILL }},
+    { &hf_pkixqualified_SRVName_PDU,
+      { "SRVName", "pkixqualified.SRVName",
+        FT_STRING, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
     { &hf_pkixqualified_BiometricSyntax_item,
       { "BiometricData", "pkixqualified.BiometricData_element",
         FT_NONE, BASE_NONE, NULL, 0,
@@ -492,6 +515,7 @@ void proto_reg_handoff_pkixqualified(void) {
   register_ber_oid_dissector("1.3.6.1.5.5.7.9.3", dissect_Printablestring_PDU, proto_pkixqualified, "id-pda-gender");
   register_ber_oid_dissector("1.3.6.1.5.5.7.9.4", dissect_Printablestring_PDU, proto_pkixqualified, "id-pda-countryOfCitizenship");
   register_ber_oid_dissector("1.3.6.1.5.5.7.9.5", dissect_Printablestring_PDU, proto_pkixqualified, "id-pda-countryOfResidence");
+  register_ber_oid_dissector("1.3.6.1.5.5.7.8.7", dissect_SRVName_PDU, proto_pkixqualified, "id-on-dnsSRV");
 
 
 /*--- End of included file: packet-pkixqualified-dis-tab.c ---*/
diff --git a/epan/dissectors/packet-pkixqualified.h b/epan/dissectors/packet-pkixqualified.h
index abf36b3f7a..d28524e110 100644
--- a/epan/dissectors/packet-pkixqualified.h
+++ b/epan/dissectors/packet-pkixqualified.h
@@ -1,7 +1,7 @@
 /* Do not modify this file. Changes will be overwritten.                      */
 /* Generated automatically by the ASN.1 to Wireshark dissector compiler       */
 /* packet-pkixqualified.h                                                     */
-/* asn2wrs.py -b -p pkixqualified -c ./pkixqualified.cnf -s ./packet-pkixqualified-template -D . -O ../.. PKIXqualified.asn */
+/* asn2wrs.py -b -p pkixqualified -c ./pkixqualified.cnf -s ./packet-pkixqualified-template -D . -O ../.. PKIXqualified.asn PKIXServiceNameSAN88.asn PKIXServiceNameSAN93.asn */
 
 /* Input file: packet-pkixqualified-template.h */
author	Anders Broman <anders.broman@ericsson.com>	2021-02-25 10:21:24 +0100
committer	Anders Broman <anders.broman@ericsson.com>	2021-02-25 10:21:24 +0100
commit	8ccbdb786aac52851e2120ae2167e85ea8d132eb (patch)
tree	80caca5f36922c1c3baf156afc3ad20d147a9fb4
parent	e2ee14ae0379b590b2731488b2161dcd7d7ae5e2 (diff)