Update to correct the definition of the clearance attribute used in certificates.

RFC3281 erroneously defined the Clearance attribute to be different to that defined in X.509. This has been recognised and corrected in RFC5755. The RFC3281 syntax is retained and registered as the "RFC3281Clearance" syntax, which can be used to override the correct syntax in the BER oidtables if necessary. svn path=/trunk/; revision=38014
author: Graeme Lunt <graeme.lunt@smhs.co.uk> 2011-07-14 08:47:05 +0000
committer: Graeme Lunt <graeme.lunt@smhs.co.uk> 2011-07-14 08:47:05 +0000
commit: f8a7d85e1c77d9ed771d805a9cd6c1abfa75a210 (patch)
tree: 1f9bae507d43c7c0f97b1ee003e2e2a5a00ad351
parent: 6814cd03ee5134a11cc5faa734d0c97a2a8ec018 (diff)
4 files changed, 57 insertions, 5 deletions
diff --git a/asn1/pkixac/PKIXAttributeCertificate.asn b/asn1/pkixac/PKIXAttributeCertificate.asn
index d41bee1a17..5a99c7ddb1 100644
--- a/asn1/pkixac/PKIXAttributeCertificate.asn
+++ b/asn1/pkixac/PKIXAttributeCertificate.asn
@@ -151,12 +151,20 @@ id-at-clearance              OBJECT IDENTIFIER ::=
        }
 
        Clearance  ::=  SEQUENCE {
+             policyId       OBJECT IDENTIFIER,
+             classList      ClassList DEFAULT {unclassified},
+             securityCategories
+                            SET OF SecurityCategory  OPTIONAL
+       }
+
+       RFC3281Clearance  ::=  SEQUENCE {
              policyId       [0] OBJECT IDENTIFIER,
              classList      [1] ClassList DEFAULT {unclassified},
              securityCategories
                             [2] SET OF SecurityCategory  OPTIONAL
        }
 
+
        ClassList  ::=  BIT STRING {
              unmarked       (0),
              unclassified   (1),
diff --git a/asn1/pkixac/packet-pkixac-template.c b/asn1/pkixac/packet-pkixac-template.c
index e174bebfbd..5639dd546e 100644
--- a/asn1/pkixac/packet-pkixac-template.c
+++ b/asn1/pkixac/packet-pkixac-template.c
@@ -76,6 +76,8 @@ void proto_register_pkixac(void) {
   proto_register_field_array(proto_pkixac, hf, array_length(hf));
   proto_register_subtree_array(ett, array_length(ett));
 
+#include "packet-pkixac-syn-reg.c"
+
 }
 
 
diff --git a/asn1/pkixac/pkixac.cnf b/asn1/pkixac/pkixac.cnf
index dfc0c28682..9e0f5b5c04 100644
--- a/asn1/pkixac/pkixac.cnf
+++ b/asn1/pkixac/pkixac.cnf
@@ -34,6 +34,10 @@ V2Form
 
 #.FIELD_RENAME
 
+#.SYNTAX
+Clearance
+RFC3281Clearance
+
 #.REGISTER
 AAControls              B "1.3.6.1.5.5.7.1.6" "id-pe-aaControls"
 ProxyInfo               B "1.3.6.1.5.5.7.1.10" "id-pe-ac-proxying"
diff --git a/epan/dissectors/packet-pkixac.c b/epan/dissectors/packet-pkixac.c
index a27ab1acfb..091a00d698 100644
--- a/epan/dissectors/packet-pkixac.c
+++ b/epan/dissectors/packet-pkixac.c
@@ -61,6 +61,7 @@ static int hf_pkixac_IetfAttrSyntax_PDU = -1;     /* IetfAttrSyntax */
 static int hf_pkixac_SvceAuthInfo_PDU = -1;       /* SvceAuthInfo */
 static int hf_pkixac_RoleSyntax_PDU = -1;         /* RoleSyntax */
 static int hf_pkixac_Clearance_PDU = -1;          /* Clearance */
+static int hf_pkixac_RFC3281Clearance_PDU = -1;   /* RFC3281Clearance */
 static int hf_pkixac_AAControls_PDU = -1;         /* AAControls */
 static int hf_pkixac_ProxyInfo_PDU = -1;          /* ProxyInfo */
 static int hf_pkixac_digestedObjectType = -1;     /* T_digestedObjectType */
@@ -127,6 +128,7 @@ static gint ett_pkixac_SvceAuthInfo = -1;
 static gint ett_pkixac_RoleSyntax = -1;
 static gint ett_pkixac_Clearance = -1;
 static gint ett_pkixac_SET_OF_SecurityCategory = -1;
+static gint ett_pkixac_RFC3281Clearance = -1;
 static gint ett_pkixac_ClassList = -1;
 static gint ett_pkixac_SecurityCategory = -1;
 static gint ett_pkixac_AAControls = -1;
@@ -401,7 +403,7 @@ dissect_pkixac_T_type(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _
 
 static int
 dissect_pkixac_T_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 59 "../../asn1/pkixac/pkixac.cnf"
+#line 63 "../../asn1/pkixac/pkixac.cnf"
    if (object_identifier_id)
       offset = call_ber_oid_callback (object_identifier_id, tvb, offset, actx->pinfo, tree);
 
@@ -419,7 +421,7 @@ static const ber_sequence_t SecurityCategory_sequence[] = {
 
 static int
 dissect_pkixac_SecurityCategory(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 52 "../../asn1/pkixac/pkixac.cnf"
+#line 56 "../../asn1/pkixac/pkixac.cnf"
   object_identifier_id = NULL;
     offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
                                    SecurityCategory_sequence, hf_index, ett_pkixac_SecurityCategory);
@@ -445,6 +447,22 @@ dissect_pkixac_SET_OF_SecurityCategory(gboolean implicit_tag _U_, tvbuff_t *tvb
 
 
 static const ber_sequence_t Clearance_sequence[] = {
+  { &hf_pkixac_policyId     , BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_pkixac_OBJECT_IDENTIFIER },
+  { &hf_pkixac_classList    , BER_CLASS_UNI, BER_UNI_TAG_BITSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_pkixac_ClassList },
+  { &hf_pkixac_securityCategories, BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_pkixac_SET_OF_SecurityCategory },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_pkixac_Clearance(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   Clearance_sequence, hf_index, ett_pkixac_Clearance);
+
+  return offset;
+}
+
+
+static const ber_sequence_t RFC3281Clearance_sequence[] = {
   { &hf_pkixac_policyId     , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_pkixac_OBJECT_IDENTIFIER },
   { &hf_pkixac_classList    , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_pkixac_ClassList },
   { &hf_pkixac_securityCategories, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_pkixac_SET_OF_SecurityCategory },
@@ -452,9 +470,9 @@ static const ber_sequence_t Clearance_sequence[] = {
 };
 
 static int
-dissect_pkixac_Clearance(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+dissect_pkixac_RFC3281Clearance(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
-                                   Clearance_sequence, hf_index, ett_pkixac_Clearance);
+                                   RFC3281Clearance_sequence, hf_index, ett_pkixac_RFC3281Clearance);
 
   return offset;
 }
@@ -548,6 +566,11 @@ static void dissect_Clearance_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, pro
   asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
   dissect_pkixac_Clearance(FALSE, tvb, 0, &asn1_ctx, tree, hf_pkixac_Clearance_PDU);
 }
+static void dissect_RFC3281Clearance_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
+  asn1_ctx_t asn1_ctx;
+  asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+  dissect_pkixac_RFC3281Clearance(FALSE, tvb, 0, &asn1_ctx, tree, hf_pkixac_RFC3281Clearance_PDU);
+}
 static void dissect_AAControls_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
   asn1_ctx_t asn1_ctx;
   asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
@@ -591,6 +614,10 @@ void proto_register_pkixac(void) {
       { "Clearance", "pkixac.Clearance",
         FT_NONE, BASE_NONE, NULL, 0,
         NULL, HFILL }},
+    { &hf_pkixac_RFC3281Clearance_PDU,
+      { "RFC3281Clearance", "pkixac.RFC3281Clearance",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
     { &hf_pkixac_AAControls_PDU,
       { "AAControls", "pkixac.AAControls",
         FT_NONE, BASE_NONE, NULL, 0,
@@ -790,6 +817,7 @@ void proto_register_pkixac(void) {
     &ett_pkixac_RoleSyntax,
     &ett_pkixac_Clearance,
     &ett_pkixac_SET_OF_SecurityCategory,
+    &ett_pkixac_RFC3281Clearance,
     &ett_pkixac_ClassList,
     &ett_pkixac_SecurityCategory,
     &ett_pkixac_AAControls,
@@ -807,6 +835,16 @@ void proto_register_pkixac(void) {
   proto_register_field_array(proto_pkixac, hf, array_length(hf));
   proto_register_subtree_array(ett, array_length(ett));
 
+
+/*--- Included file: packet-pkixac-syn-reg.c ---*/
+#line 1 "../../asn1/pkixac/packet-pkixac-syn-reg.c"
+  /*--- Syntax registrations ---*/
+  register_ber_syntax_dissector("Clearance", proto_pkixac, dissect_Clearance_PDU);
+  register_ber_syntax_dissector("RFC3281Clearance", proto_pkixac, dissect_RFC3281Clearance_PDU);
+
+/*--- End of included file: packet-pkixac-syn-reg.c ---*/
+#line 80 "../../asn1/pkixac/packet-pkixac-template.c"
+
 }
 
 
@@ -828,6 +866,6 @@ void proto_reg_handoff_pkixac(void) {
 
 
 /*--- End of included file: packet-pkixac-dis-tab.c ---*/
-#line 85 "../../asn1/pkixac/packet-pkixac-template.c"
+#line 87 "../../asn1/pkixac/packet-pkixac-template.c"
 }
author	Graeme Lunt <graeme.lunt@smhs.co.uk>	2011-07-14 08:47:05 +0000
committer	Graeme Lunt <graeme.lunt@smhs.co.uk>	2011-07-14 08:47:05 +0000
commit	f8a7d85e1c77d9ed771d805a9cd6c1abfa75a210 (patch)
tree	1f9bae507d43c7c0f97b1ee003e2e2a5a00ad351
parent	6814cd03ee5134a11cc5faa734d0c97a2a8ec018 (diff)