diff options
author | Anders Broman <anders.broman@ericsson.com> | 2021-02-25 10:21:24 +0100 |
---|---|---|
committer | Anders Broman <anders.broman@ericsson.com> | 2021-02-25 10:21:24 +0100 |
commit | 8ccbdb786aac52851e2120ae2167e85ea8d132eb (patch) | |
tree | 80caca5f36922c1c3baf156afc3ad20d147a9fb4 | |
parent | e2ee14ae0379b590b2731488b2161dcd7d7ae5e2 (diff) |
Add support for SRVName SAN extension for TLS certificates
Closes #17256
-rw-r--r-- | epan/dissectors/asn1/pkixqualified/CMakeLists.txt | 2 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN88.asn | 32 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN93.asn | 39 | ||||
-rw-r--r-- | epan/dissectors/asn1/pkixqualified/pkixqualified.cnf | 1 | ||||
-rw-r--r-- | epan/dissectors/packet-pkixqualified.c | 28 | ||||
-rw-r--r-- | epan/dissectors/packet-pkixqualified.h | 2 |
6 files changed, 101 insertions, 3 deletions
diff --git a/epan/dissectors/asn1/pkixqualified/CMakeLists.txt b/epan/dissectors/asn1/pkixqualified/CMakeLists.txt index 1d5d03e3ea..1faf35af22 100644 --- a/epan/dissectors/asn1/pkixqualified/CMakeLists.txt +++ b/epan/dissectors/asn1/pkixqualified/CMakeLists.txt @@ -16,6 +16,8 @@ set( EXT_ASN_FILE_LIST set( ASN_FILE_LIST PKIXqualified.asn + PKIXServiceNameSAN88.asn + PKIXServiceNameSAN93.asn ) set( EXTRA_DIST diff --git a/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN88.asn b/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN88.asn new file mode 100644 index 0000000000..80e1da5e2a --- /dev/null +++ b/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN88.asn @@ -0,0 +1,32 @@ +-- Extracted from RFC 4985 Appendix A.1. 1988 ASN.1 Module +-- + PKIXServiceNameSAN88 {iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-dns-srv-name-88(39) } + + DEFINITIONS EXPLICIT TAGS ::= + + BEGIN + + -- EXPORTS ALL -- + + IMPORTS + + -- UTF8String, / move hyphens before slash if UTF8String does not + -- resolve with your compiler + + id-pkix + FROM PKIX1Explicit88 { iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-pkix1-explicit(18) } ; + -- from RFC3280 [N2] + -- Service Name Object Identifier and Syntax + -- id-pkix OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7} + + id-on OBJECT IDENTIFIER ::= { id-pkix 8 } + + id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 } + + SRVName ::= IA5String (SIZE (1..MAX)) + + END diff --git a/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN93.asn b/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN93.asn new file mode 100644 index 0000000000..ce4b994304 --- /dev/null +++ b/epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN93.asn @@ -0,0 +1,39 @@ +-- Extracted from RFC 4985 Appendix A.2. 1993 ASN.1 Module +-- + PKIXServiceNameSAN93 {iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-dns-srv-name-93(40) } + + DEFINITIONS EXPLICIT TAGS ::= + + BEGIN + + -- EXPORTS ALL -- + + IMPORTS + + id-pkix + FROM PKIX1Explicit88 { iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-pkix1-explicit(18) } ; + -- from RFC 3280 [N2] + + + -- In the GeneralName definition using the 1993 ASN.1 syntax + -- includes: + + OTHER-NAME ::= TYPE-IDENTIFIER + + + -- Service Name Object Identifier + +-- id-on OBJECT IDENTIFIER ::= { id-pkix 8 } + +-- id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 } + -- Service Name + + srvName OTHER-NAME ::= { SRVName IDENTIFIED BY { id-on-dnsSRV }} + +-- SRVName ::= IA5String (SIZE (1..MAX)) + + END
\ No newline at end of file diff --git a/epan/dissectors/asn1/pkixqualified/pkixqualified.cnf b/epan/dissectors/asn1/pkixqualified/pkixqualified.cnf index 0e3315efc6..36f71f9e97 100644 --- a/epan/dissectors/asn1/pkixqualified/pkixqualified.cnf +++ b/epan/dissectors/asn1/pkixqualified/pkixqualified.cnf @@ -18,6 +18,7 @@ Directorystring B "1.3.6.1.5.5.7.9.2" "id-pda-placeOfBirth" Printablestring B "1.3.6.1.5.5.7.9.3" "id-pda-gender" Printablestring B "1.3.6.1.5.5.7.9.4" "id-pda-countryOfCitizenship" Printablestring B "1.3.6.1.5.5.7.9.5" "id-pda-countryOfResidence" +SRVName B "1.3.6.1.5.5.7.8.7" "id-on-dnsSRV" #.NO_EMIT diff --git a/epan/dissectors/packet-pkixqualified.c b/epan/dissectors/packet-pkixqualified.c index 564db0e447..fcd44a30dc 100644 --- a/epan/dissectors/packet-pkixqualified.c +++ b/epan/dissectors/packet-pkixqualified.c @@ -1,7 +1,7 @@ /* Do not modify this file. Changes will be overwritten. */ /* Generated automatically by the ASN.1 to Wireshark dissector compiler */ /* packet-pkixqualified.c */ -/* asn2wrs.py -b -p pkixqualified -c ./pkixqualified.cnf -s ./packet-pkixqualified-template -D . -O ../.. PKIXqualified.asn */ +/* asn2wrs.py -b -p pkixqualified -c ./pkixqualified.cnf -s ./packet-pkixqualified-template -D . -O ../.. PKIXqualified.asn PKIXServiceNameSAN88.asn PKIXServiceNameSAN93.asn */ /* Input file: packet-pkixqualified-template.c */ @@ -48,6 +48,7 @@ static int hf_pkixqualified_BiometricSyntax_PDU = -1; /* BiometricSyntax */ static int hf_pkixqualified_QCStatements_PDU = -1; /* QCStatements */ static int hf_pkixqualified_SemanticsInformation_PDU = -1; /* SemanticsInformation */ static int hf_pkixqualified_XmppAddr_PDU = -1; /* XmppAddr */ +static int hf_pkixqualified_SRVName_PDU = -1; /* SRVName */ static int hf_pkixqualified_BiometricSyntax_item = -1; /* BiometricData */ static int hf_pkixqualified_typeOfBiometricData = -1; /* TypeOfBiometricData */ static int hf_pkixqualified_hashAlgorithm = -1; /* AlgorithmIdentifier */ @@ -225,7 +226,7 @@ dissect_pkixqualified_T_statementId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_ static int dissect_pkixqualified_T_statementInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 32 "./asn1/pkixqualified/pkixqualified.cnf" +#line 33 "./asn1/pkixqualified/pkixqualified.cnf" offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); @@ -300,6 +301,17 @@ dissect_pkixqualified_XmppAddr(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int return offset; } + + +static int +dissect_pkixqualified_SRVName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_IA5String, + actx, tree, tvb, offset, hf_index, + NULL); + + return offset; +} + /*--- PDUs ---*/ static int dissect_Generalizedtime_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { @@ -351,6 +363,13 @@ static int dissect_XmppAddr_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto offset = dissect_pkixqualified_XmppAddr(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkixqualified_XmppAddr_PDU); return offset; } +static int dissect_SRVName_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { + int offset = 0; + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + offset = dissect_pkixqualified_SRVName(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkixqualified_SRVName_PDU); + return offset; +} /*--- End of included file: packet-pkixqualified-fn.c ---*/ @@ -393,6 +412,10 @@ void proto_register_pkixqualified(void) { { "XmppAddr", "pkixqualified.XmppAddr", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_pkixqualified_SRVName_PDU, + { "SRVName", "pkixqualified.SRVName", + FT_STRING, BASE_NONE, NULL, 0, + NULL, HFILL }}, { &hf_pkixqualified_BiometricSyntax_item, { "BiometricData", "pkixqualified.BiometricData_element", FT_NONE, BASE_NONE, NULL, 0, @@ -492,6 +515,7 @@ void proto_reg_handoff_pkixqualified(void) { register_ber_oid_dissector("1.3.6.1.5.5.7.9.3", dissect_Printablestring_PDU, proto_pkixqualified, "id-pda-gender"); register_ber_oid_dissector("1.3.6.1.5.5.7.9.4", dissect_Printablestring_PDU, proto_pkixqualified, "id-pda-countryOfCitizenship"); register_ber_oid_dissector("1.3.6.1.5.5.7.9.5", dissect_Printablestring_PDU, proto_pkixqualified, "id-pda-countryOfResidence"); + register_ber_oid_dissector("1.3.6.1.5.5.7.8.7", dissect_SRVName_PDU, proto_pkixqualified, "id-on-dnsSRV"); /*--- End of included file: packet-pkixqualified-dis-tab.c ---*/ diff --git a/epan/dissectors/packet-pkixqualified.h b/epan/dissectors/packet-pkixqualified.h index abf36b3f7a..d28524e110 100644 --- a/epan/dissectors/packet-pkixqualified.h +++ b/epan/dissectors/packet-pkixqualified.h @@ -1,7 +1,7 @@ /* Do not modify this file. Changes will be overwritten. */ /* Generated automatically by the ASN.1 to Wireshark dissector compiler */ /* packet-pkixqualified.h */ -/* asn2wrs.py -b -p pkixqualified -c ./pkixqualified.cnf -s ./packet-pkixqualified-template -D . -O ../.. PKIXqualified.asn */ +/* asn2wrs.py -b -p pkixqualified -c ./pkixqualified.cnf -s ./packet-pkixqualified-template -D . -O ../.. PKIXqualified.asn PKIXServiceNameSAN88.asn PKIXServiceNameSAN93.asn */ /* Input file: packet-pkixqualified-template.h */ |