diff options
author | Anders Broman <anders.broman@ericsson.com> | 2012-06-25 21:16:43 +0000 |
---|---|---|
committer | Anders Broman <anders.broman@ericsson.com> | 2012-06-25 21:16:43 +0000 |
commit | b160466dd2c446265d660a0ab7311c61ab079222 (patch) | |
tree | 3a6a574f902b65124d6ddf4434229bae1528127b | |
parent | 3814106d7e5333e887dcd9d4c8ced0c2e10cd22c (diff) |
From Martin Kaiser:
add X.509 certificate extensions for DVB-CI/CI+
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7397
svn path=/trunk/; revision=43485
-rw-r--r-- | asn1/x509ce/CertificateExtensionsCiplus.asn | 47 | ||||
-rw-r--r-- | asn1/x509ce/Makefile.common | 3 | ||||
-rw-r--r-- | asn1/x509ce/packet-x509ce-template.c | 25 | ||||
-rw-r--r-- | asn1/x509ce/packet-x509ce-template.h | 3 | ||||
-rw-r--r-- | asn1/x509ce/x509ce.cnf | 9 | ||||
-rw-r--r-- | epan/dissectors/packet-dvbci.c | 6 | ||||
-rw-r--r-- | epan/dissectors/packet-x509ce.c | 119 | ||||
-rw-r--r-- | epan/dissectors/packet-x509ce.h | 8 |
8 files changed, 210 insertions, 10 deletions
diff --git a/asn1/x509ce/CertificateExtensionsCiplus.asn b/asn1/x509ce/CertificateExtensionsCiplus.asn new file mode 100644 index 0000000000..3bae673751 --- /dev/null +++ b/asn1/x509ce/CertificateExtensionsCiplus.asn @@ -0,0 +1,47 @@ +-- $Id$ +-- Module CertificateExtensionsCiplus +-- X.509 certificate extensions defined by CI+ (www.ci-plus.com) +CertificateExtensionsCiplus DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +-- EXPORTS ALL +IMPORTS + id-pkix + FROM PKIX1Explicit93 {iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-93(3)} + EXTENSION + FROM AuthenticationFramework { joint-iso-itu-t ds(5) + module(1) authenticationFramework(7) 3 }; + +scramblerCapabilities EXTENSION ::= { + SYNTAX ScramblerCapabilities + IDENTIFIED BY id-pe-scramblerCapabilities +} + +ScramblerCapabilities ::= SEQUENCE { + capability INTEGER (0..MAX), + version INTEGER (0..MAX) +} + + +ciplusInfo EXTENSION ::= { + SYNTAX CiplusInfo + IDENTIFIED BY id-pe-ciplusInfo +} + +CiplusInfo ::= BIT STRING + + +cicamBrandId EXTENSION ::= { + SYNTAX CicamBrandId + IDENTIFIED BY id-pe-cicamBrandId +} + +CicamBrandId ::= INTEGER(1..65535) + +-- Object identifier assignments +id-pe-scramblerCapabilities OBJECT IDENTIFIER ::= { id-pkix id-pe(1) 25 } +id-pe-ciplusInfo OBJECT IDENTIFIER ::= { id-pkix id-pe(1) 26 } +id-pe-cicamBrandId OBJECT IDENTIFIER ::= { id-pkix id-pe(1) 27 } + +END diff --git a/asn1/x509ce/Makefile.common b/asn1/x509ce/Makefile.common index c170347732..39f0120077 100644 --- a/asn1/x509ce/Makefile.common +++ b/asn1/x509ce/Makefile.common @@ -26,7 +26,8 @@ EXPORT_FILES = $(PROTOCOL_NAME)-exp.cnf EXT_ASN_FILE_LIST = -ASN_FILE_LIST = CertificateExtensions.asn +ASN_FILE_LIST = CertificateExtensions.asn \ + CertificateExtensionsCiplus.asn # The packet-$(PROTOCOL_NAME)-template.h and $(PROTOCOL_NAME).asn # files do not exist for all protocols: Please add/remove as required. diff --git a/asn1/x509ce/packet-x509ce-template.c b/asn1/x509ce/packet-x509ce-template.c index 3a6eeab9bc..7a9f501174 100644 --- a/asn1/x509ce/packet-x509ce-template.c +++ b/asn1/x509ce/packet-x509ce-template.c @@ -57,6 +57,31 @@ static const char *object_identifier_id; #include "packet-x509ce-fn.c" +/* CI+ (www.ci-plus.com) defines some X.509 certificate extensions + that use OIDs which are not officially assigned + dissection of these extensions can be enabled temporarily using the + functions below */ +void +x509ce_enable_ciplus(void) +{ + dissector_handle_t dh25, dh26, dh27; + + dh25 = create_dissector_handle(dissect_ScramblerCapabilities_PDU, proto_x509ce); + dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.25", dh25); + dh26 = create_dissector_handle(dissect_CiplusInfo_PDU, proto_x509ce); + dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.26", dh26); + dh27 = create_dissector_handle(dissect_CicamBrandId_PDU, proto_x509ce); + dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.27", dh27); +} + +void +x509ce_disable_ciplus(void) +{ + dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.25"); + dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.26"); + dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.27"); +} + static void dissect_x509ce_invalidityDate_callback(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) diff --git a/asn1/x509ce/packet-x509ce-template.h b/asn1/x509ce/packet-x509ce-template.h index bf11cec3a2..985dcc28f0 100644 --- a/asn1/x509ce/packet-x509ce-template.h +++ b/asn1/x509ce/packet-x509ce-template.h @@ -28,5 +28,8 @@ #include "packet-x509ce-exp.h" +void x509ce_enable_ciplus(void); +void x509ce_disable_ciplus(void); + #endif /* PACKET_X509CE_H */ diff --git a/asn1/x509ce/x509ce.cnf b/asn1/x509ce/x509ce.cnf index b2eda8ff63..31ee0ae38e 100644 --- a/asn1/x509ce/x509ce.cnf +++ b/asn1/x509ce/x509ce.cnf @@ -87,6 +87,15 @@ SkipCerts StatusReferral StatusReferrals SubjectKeyIdentifier +ScramblerCapabilities +CiplusInfo +CicamBrandId + +#.PDU +ScramblerCapabilities +CiplusInfo +CicamBrandId + #.REGISTER CertificatePoliciesSyntax B "2.5.29.3" "id-ce-certificatePolicies" diff --git a/epan/dissectors/packet-dvbci.c b/epan/dissectors/packet-dvbci.c index 11d921c010..1dc2a50eae 100644 --- a/epan/dissectors/packet-dvbci.c +++ b/epan/dissectors/packet-dvbci.c @@ -45,6 +45,7 @@ #include <epan/asn1.h> #include <epan/dissectors/packet-mpeg-descriptor.h> #include <epan/dissectors/packet-x509af.h> +#include <epan/dissectors/packet-x509ce.h> #include "packet-ber.h" @@ -1757,8 +1758,13 @@ dissect_cc_item(tvbuff_t *tvb, gint offset, hf_cert_index = (dat_id==CC_ID_HOST_BRAND_CERT || dat_id==CC_ID_CICAM_BRAND_CERT) ? hf_dvbci_brand_cert : hf_dvbci_dev_cert; + + /* enable dissection of CI+ specific X.509 extensions + only for our certificates */ + x509ce_enable_ciplus(); dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, cc_item_tree, hf_cert_index); + x509ce_disable_ciplus(); break; case CC_ID_URI: col_append_sep_fstr(pinfo->cinfo, COL_INFO, NULL, "URI"); diff --git a/epan/dissectors/packet-x509ce.c b/epan/dissectors/packet-x509ce.c index 54e60b9ef3..5cf30e9991 100644 --- a/epan/dissectors/packet-x509ce.c +++ b/epan/dissectors/packet-x509ce.c @@ -1,7 +1,7 @@ /* Do not modify this file. */ /* It is created automatically by the ASN.1 to Wireshark dissector compiler */ /* packet-x509ce.c */ -/* ../../tools/asn2wrs.py -b -p x509ce -c ./x509ce.cnf -s ./packet-x509ce-template -D . -O ../../epan/dissectors CertificateExtensions.asn */ +/* ../../tools/asn2wrs.py -b -p x509ce -c ./x509ce.cnf -s ./packet-x509ce-template -D . -O ../../epan/dissectors CertificateExtensions.asn CertificateExtensionsCiplus.asn */ /* Input file: packet-x509ce-template.c */ @@ -96,6 +96,9 @@ static int hf_x509ce_PkiPathMatchSyntax_PDU = -1; /* PkiPathMatchSyntax */ static int hf_x509ce_EnhancedCertificateAssertion_PDU = -1; /* EnhancedCertificateAssertion */ static int hf_x509ce_CertificateTemplate_PDU = -1; /* CertificateTemplate */ static int hf_x509ce_EntrustVersionInfo_PDU = -1; /* EntrustVersionInfo */ +static int hf_x509ce_ScramblerCapabilities_PDU = -1; /* ScramblerCapabilities */ +static int hf_x509ce_CiplusInfo_PDU = -1; /* CiplusInfo */ +static int hf_x509ce_CicamBrandId_PDU = -1; /* CicamBrandId */ static int hf_x509ce_keyIdentifier = -1; /* KeyIdentifier */ static int hf_x509ce_authorityCertIssuer = -1; /* GeneralNames */ static int hf_x509ce_authorityCertSerialNumber = -1; /* CertificateSerialNumber */ @@ -223,6 +226,8 @@ static int hf_x509ce_templateMajorVersion = -1; /* INTEGER */ static int hf_x509ce_templateMinorVersion = -1; /* INTEGER */ static int hf_x509ce_entrustVers = -1; /* GeneralString */ static int hf_x509ce_entrustVersInfoFlags = -1; /* EntrustInfoFlags */ +static int hf_x509ce_capability = -1; /* INTEGER_0_MAX */ +static int hf_x509ce_version = -1; /* INTEGER_0_MAX */ /* named bits */ static int hf_x509ce_KeyUsage_digitalSignature = -1; static int hf_x509ce_KeyUsage_contentCommitment = -1; @@ -318,6 +323,7 @@ static gint ett_x509ce_AltName = -1; static gint ett_x509ce_CertificateTemplate = -1; static gint ett_x509ce_EntrustVersionInfo = -1; static gint ett_x509ce_EntrustInfoFlags = -1; +static gint ett_x509ce_ScramblerCapabilities = -1; /*--- End of included file: packet-x509ce-ett.c ---*/ #line 55 "../../asn1/x509ce/packet-x509ce-template.c" @@ -350,7 +356,7 @@ dissect_x509ce_OtherNameType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o static int dissect_x509ce_OtherNameValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 172 "../../asn1/x509ce/x509ce.cnf" +#line 181 "../../asn1/x509ce/x509ce.cnf" offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); @@ -407,7 +413,7 @@ dissect_x509ce_T_uniformResourceIdentifier(gboolean implicit_tag _U_, tvbuff_t * actx, tree, tvb, offset, hf_index, NULL); -#line 175 "../../asn1/x509ce/x509ce.cnf" +#line 184 "../../asn1/x509ce/x509ce.cnf" PROTO_ITEM_SET_URL(actx->created_item); @@ -419,7 +425,7 @@ dissect_x509ce_T_uniformResourceIdentifier(gboolean implicit_tag _U_, tvbuff_t * static int dissect_x509ce_T_iPAddress(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 165 "../../asn1/x509ce/x509ce.cnf" +#line 174 "../../asn1/x509ce/x509ce.cnf" proto_tree_add_item(tree, hf_x509ce_IPAddress, tvb, offset, 4, ENC_BIG_ENDIAN); offset+=4; @@ -602,7 +608,7 @@ dissect_x509ce_T_policyQualifierId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, static int dissect_x509ce_T_qualifier(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 162 "../../asn1/x509ce/x509ce.cnf" +#line 171 "../../asn1/x509ce/x509ce.cnf" offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); @@ -1624,6 +1630,42 @@ dissect_x509ce_EntrustVersionInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, return offset; } + +static const ber_sequence_t ScramblerCapabilities_sequence[] = { + { &hf_x509ce_capability , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_x509ce_INTEGER_0_MAX }, + { &hf_x509ce_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_x509ce_INTEGER_0_MAX }, + { NULL, 0, 0, 0, NULL } +}; + +int +dissect_x509ce_ScramblerCapabilities(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, + ScramblerCapabilities_sequence, hf_index, ett_x509ce_ScramblerCapabilities); + + return offset; +} + + + +int +dissect_x509ce_CiplusInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, + NULL, hf_index, -1, + NULL); + + return offset; +} + + + +int +dissect_x509ce_CicamBrandId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, + NULL); + + return offset; +} + /*--- PDUs ---*/ static void dissect_AuthorityKeyIdentifier_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { @@ -1811,11 +1853,51 @@ static void dissect_EntrustVersionInfo_PDU(tvbuff_t *tvb _U_, packet_info *pinfo asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); dissect_x509ce_EntrustVersionInfo(FALSE, tvb, 0, &asn1_ctx, tree, hf_x509ce_EntrustVersionInfo_PDU); } +static void dissect_ScramblerCapabilities_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_x509ce_ScramblerCapabilities(FALSE, tvb, 0, &asn1_ctx, tree, hf_x509ce_ScramblerCapabilities_PDU); +} +static void dissect_CiplusInfo_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_x509ce_CiplusInfo(FALSE, tvb, 0, &asn1_ctx, tree, hf_x509ce_CiplusInfo_PDU); +} +static void dissect_CicamBrandId_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) { + asn1_ctx_t asn1_ctx; + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + dissect_x509ce_CicamBrandId(FALSE, tvb, 0, &asn1_ctx, tree, hf_x509ce_CicamBrandId_PDU); +} /*--- End of included file: packet-x509ce-fn.c ---*/ #line 59 "../../asn1/x509ce/packet-x509ce-template.c" +/* CI+ (www.ci-plus.com) defines some X.509 certificate extensions + that use OIDs which are not officially assigned + dissection of these extensions can be enabled temporarily using the + functions below */ +void +x509ce_enable_ciplus(void) +{ + dissector_handle_t dh25, dh26, dh27; + + dh25 = create_dissector_handle(dissect_ScramblerCapabilities_PDU, proto_x509ce); + dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.25", dh25); + dh26 = create_dissector_handle(dissect_CiplusInfo_PDU, proto_x509ce); + dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.26", dh26); + dh27 = create_dissector_handle(dissect_CicamBrandId_PDU, proto_x509ce); + dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.27", dh27); +} + +void +x509ce_disable_ciplus(void) +{ + dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.25"); + dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.26"); + dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.27"); +} + static void dissect_x509ce_invalidityDate_callback(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) @@ -2005,6 +2087,18 @@ void proto_register_x509ce(void) { { "EntrustVersionInfo", "x509ce.EntrustVersionInfo", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_x509ce_ScramblerCapabilities_PDU, + { "ScramblerCapabilities", "x509ce.ScramblerCapabilities", + FT_NONE, BASE_NONE, NULL, 0, + NULL, HFILL }}, + { &hf_x509ce_CiplusInfo_PDU, + { "CiplusInfo", "x509ce.CiplusInfo", + FT_BYTES, BASE_NONE, NULL, 0, + NULL, HFILL }}, + { &hf_x509ce_CicamBrandId_PDU, + { "CicamBrandId", "x509ce.CicamBrandId", + FT_UINT32, BASE_DEC, NULL, 0, + NULL, HFILL }}, { &hf_x509ce_keyIdentifier, { "keyIdentifier", "x509ce.keyIdentifier", FT_BYTES, BASE_NONE, NULL, 0, @@ -2513,6 +2607,14 @@ void proto_register_x509ce(void) { { "entrustVersInfoFlags", "x509ce.entrustVersInfoFlags", FT_BYTES, BASE_NONE, NULL, 0, "EntrustInfoFlags", HFILL }}, + { &hf_x509ce_capability, + { "capability", "x509ce.capability", + FT_UINT32, BASE_DEC, NULL, 0, + "INTEGER_0_MAX", HFILL }}, + { &hf_x509ce_version, + { "version", "x509ce.version", + FT_UINT32, BASE_DEC, NULL, 0, + "INTEGER_0_MAX", HFILL }}, { &hf_x509ce_KeyUsage_digitalSignature, { "digitalSignature", "x509ce.digitalSignature", FT_BOOLEAN, 8, NULL, 0x80, @@ -2623,7 +2725,7 @@ void proto_register_x509ce(void) { NULL, HFILL }}, /*--- End of included file: packet-x509ce-hfarr.c ---*/ -#line 99 "../../asn1/x509ce/packet-x509ce-template.c" +#line 124 "../../asn1/x509ce/packet-x509ce-template.c" }; /* List of subtrees */ @@ -2690,9 +2792,10 @@ void proto_register_x509ce(void) { &ett_x509ce_CertificateTemplate, &ett_x509ce_EntrustVersionInfo, &ett_x509ce_EntrustInfoFlags, + &ett_x509ce_ScramblerCapabilities, /*--- End of included file: packet-x509ce-ettarr.c ---*/ -#line 104 "../../asn1/x509ce/packet-x509ce-template.c" +#line 129 "../../asn1/x509ce/packet-x509ce-template.c" }; /* Register protocol */ @@ -2755,7 +2858,7 @@ void proto_reg_handoff_x509ce(void) { /*--- End of included file: packet-x509ce-dis-tab.c ---*/ -#line 119 "../../asn1/x509ce/packet-x509ce-template.c" +#line 144 "../../asn1/x509ce/packet-x509ce-template.c" register_ber_oid_dissector("2.5.29.24", dissect_x509ce_invalidityDate_callback, proto_x509ce, "id-ce-invalidityDate"); register_ber_oid_dissector("2.5.29.51", dissect_x509ce_baseUpdateTime_callback, proto_x509ce, "id-ce-baseUpdateTime"); } diff --git a/epan/dissectors/packet-x509ce.h b/epan/dissectors/packet-x509ce.h index 41c72f0df4..64860301e0 100644 --- a/epan/dissectors/packet-x509ce.h +++ b/epan/dissectors/packet-x509ce.h @@ -1,7 +1,7 @@ /* Do not modify this file. */ /* It is created automatically by the ASN.1 to Wireshark dissector compiler */ /* packet-x509ce.h */ -/* ../../tools/asn2wrs.py -b -p x509ce -c ./x509ce.cnf -s ./packet-x509ce-template -D . -O ../../epan/dissectors CertificateExtensions.asn */ +/* ../../tools/asn2wrs.py -b -p x509ce -c ./x509ce.cnf -s ./packet-x509ce-template -D . -O ../../epan/dissectors CertificateExtensions.asn CertificateExtensionsCiplus.asn */ /* Input file: packet-x509ce-template.h */ @@ -95,9 +95,15 @@ int dissect_x509ce_CertificatePairAssertion(gboolean implicit_tag _U_, tvbuff_t int dissect_x509ce_CertificateListExactAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_x509ce_CertificateListAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); int dissect_x509ce_PkiPathMatchSyntax(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_x509ce_ScramblerCapabilities(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_x509ce_CiplusInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +int dissect_x509ce_CicamBrandId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); /*--- End of included file: packet-x509ce-exp.h ---*/ #line 30 "../../asn1/x509ce/packet-x509ce-template.h" +void x509ce_enable_ciplus(void); +void x509ce_disable_ciplus(void); + #endif /* PACKET_X509CE_H */ |