Update to RFC3369.

svn path=/trunk/; revision=31500

5 files changed, 97 insertions, 10 deletions

diff --git a/asn1/cms/AttributeCertificateVersion1.asn b/asn1/cms/AttributeCertificateVersion1.asn
new file mode 100644
index 0000000000..33dfbba7cf
--- /dev/null
+++ b/asn1/cms/AttributeCertificateVersion1.asn
@@ -0,0 +1,52 @@
+-- Extracted from RFC3369
+-- $Id$
+AttributeCertificateVersion1
+    { iso(1) member-body(2) us(840) rsadsi(113549)
+      pkcs(1) pkcs-9(9) smime(16) modules(0) v1AttrCert(15) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+-- EXPORTS All
+
+IMPORTS
+  -- Directory Authentication Framework (X.509)
+        AttCertValidityPeriod, Extensions, IssuerSerial
+           FROM AuthenticationFramework { joint-iso-itu-t ds(5)
+                module(1) authenticationFramework(7) 3 }
+
+        GeneralNames
+           FROM CertificateExtensions { joint-iso-ccitt ds(5)
+                module(1) certificateExtensions(26) 0 }
+
+        UniqueIdentifier
+           FROM SelectedAttributeTypes { joint-iso-itu-t ds(5) module(1)
+                selectedAttributeTypes(5) 3 };
+
+
+-- Definition extracted from X.509-1997 [X.509-97], but
+-- different type names are used to avoid collisions.
+
+AttributeCertificateV1 ::= SEQUENCE {
+  acInfo AttributeCertificateInfoV1,
+  signatureAlgorithm AlgorithmIdentifier,
+  signature BIT STRING }
+
+AttributeCertificateInfoV1 ::= SEQUENCE {
+  version AttCertVersionV1 DEFAULT v1,
+  subject CHOICE {
+    baseCertificateID [0] IssuerSerial,
+      -- associated with a Public Key Certificate
+    subjectName [1] GeneralNames },
+      -- associated with a name
+  issuer GeneralNames,
+  signature AlgorithmIdentifier,
+  serialNumber CertificateSerialNumber,
+  attCertValidityPeriod AttCertValidityPeriod,
+  attributes SEQUENCE OF Attribute,
+  issuerUniqueID UniqueIdentifier OPTIONAL,
+  extensions Extensions OPTIONAL }
+
+AttCertVersionV1 ::= INTEGER { v1(0) }
+
+END -- of AttributeCertificateVersion1
diff --git a/asn1/cms/CryptographicMessageSyntax.asn b/asn1/cms/CryptographicMessageSyntax.asn
index ad96da8ff7..1fefbd4ae3 100644
--- a/asn1/cms/CryptographicMessageSyntax.asn
+++ b/asn1/cms/CryptographicMessageSyntax.asn
@@ -1,5 +1,6 @@
--- Extracted from RFC2630
--- and massaged/modified so it passws through our asn2wrs compiler
+-- Extracted from RFC3369
+-- and massaged/modified so it passes through our asn2wrs compiler
+-- $Id$
 
 CryptographicMessageSyntax { iso(1) member-body(2) us(840) rsadsi(113549)
       pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) } DEFINITIONS IMPLICIT TAGS ::=
@@ -103,7 +104,9 @@ UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
 RecipientInfo ::= CHOICE {
   ktri KeyTransRecipientInfo,
   kari [1] KeyAgreeRecipientInfo,
-  kekri [2] KEKRecipientInfo }
+  kekri [2] KEKRecipientInfo,
+  pwri [3] PasswordRecipientInfo,
+  ori [4] OtherRecipientInfo }
 
 EncryptedKey ::= OCTET STRING
 
@@ -164,6 +167,17 @@ KEKIdentifier ::= SEQUENCE {
   date GeneralizedTime OPTIONAL,
   other OtherKeyAttribute OPTIONAL }
 
+PasswordRecipientInfo ::= SEQUENCE {
+  version CMSVersion,   -- always set to 0
+  keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
+                             OPTIONAL,
+  keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+  encryptedKey EncryptedKey }
+
+OtherRecipientInfo ::= SEQUENCE {
+  oriType OBJECT IDENTIFIER,
+  oriValue ANY DEFINED BY oriType }
+
 DigestedData ::= SEQUENCE {
   version CMSVersion,
   digestAlgorithm DigestAlgorithmIdentifier,
@@ -184,9 +198,9 @@ AuthenticatedData ::= SEQUENCE {
   macAlgorithm MessageAuthenticationCodeAlgorithm,
   digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
   encapContentInfo EncapsulatedContentInfo,
-  authenticatedAttributes [2] IMPLICIT AuthAttributes OPTIONAL,
+  authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
   mac MessageAuthenticationCode,
-  unauthenticatedAttributes [3] IMPLICIT UnauthAttributes OPTIONAL }
+  unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
 
 AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
 
@@ -204,12 +218,17 @@ ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
 
 MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
 
+KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier
+
 CertificateRevocationLists ::= SET OF CertificateList
 
 CertificateChoices ::= CHOICE {
   certificate Certificate,
-  extendedCertificate [0] IMPLICIT ExtendedCertificate,
-  attrCert [1] IMPLICIT AttributeCertificate }
+  extendedCertificate [0] IMPLICIT ExtendedCertificate,  -- Obsolete
+  v1AttrCert [1] IMPLICIT AttributeCertificateV1,        -- Obsolete
+  v2AttrCert [2] IMPLICIT AttributeCertificateV2 }
+
+AttributeCertificateV2 ::= AttributeCertificate
 
 CertificateSet ::= SET OF CertificateChoices
 
@@ -223,7 +242,7 @@ UserKeyingMaterial ::= OCTET STRING
 
 OtherKeyAttribute ::= SEQUENCE {
   keyAttrId OBJECT IDENTIFIER,
-  keyAttr ANY OPTIONAL
+  keyAttr ANY DEFINED BY keyAttrId OPTIONAL
 }
 
 -- CMS Attributes
diff --git a/asn1/cms/Makefile.common b/asn1/cms/Makefile.common
index 0091f73b83..a0537171b9 100644
--- a/asn1/cms/Makefile.common
+++ b/asn1/cms/Makefile.common
@@ -31,7 +31,7 @@ EXPORT_FILES = \
 
 EXT_ASN_FILE_LIST =
 
-ASN_FILE_LIST = CryptographicMessageSyntax.asn
+ASN_FILE_LIST = CryptographicMessageSyntax.asn AttributeCertificateVersion1.asn
 
 # The packet-$(PROTOCOL_NAME)-template.h and $(PROTOCOL_NAME).asn
 # files do not exist for all protocols: Please add/remove as required.
@@ -46,7 +46,7 @@ SRC_FILES = \
 	$(EXTRA_DIST) \
 	$(EXT_ASN_FILE_LIST)
 
-A2W_FLAGS= -b -e
+A2W_FLAGS= -b -e -C
 
 EXTRA_CNF= \
 	../x509af/x509af-exp.cnf \
diff --git a/asn1/cms/cms.cnf b/asn1/cms/cms.cnf
index c828889ae0..cc7f810092 100644
--- a/asn1/cms/cms.cnf
+++ b/asn1/cms/cms.cnf
@@ -4,7 +4,9 @@
 # $Id$
 
 #.IMPORT ../x509af/x509af-exp.cnf
+#.IMPORT ../x509ce/x509ce-exp.cnf
 #.IMPORT ../x509if/x509if-exp.cnf
+#.IMPORT ../x509sat/x509sat-exp.cnf
 
 #.OMIT_ASSIGNMENT
 KeyWrapAlgorithm
@@ -63,6 +65,12 @@ RC2WrapParameter	B "1.2.840.113549.1.9.16.3.7" "id-alg-cmsrc2-wrap"
 SignerInfo/signature	signatureValue
 RecipientEncryptedKey/rid	rekRid
 EncryptedContentInfo/contentType	encryptedContentType
+AttributeCertificateV1/signature	signatureValue_v1
+AttributeCertificateV1/signatureAlgorithm	signatureAlgorithm_v1
+AttributeCertificateInfoV1/attributes	attributes_v1
+AttributeCertificateInfoV1/issuer	issuer_v1
+AttributeCertificateInfoV1/signature	signature_v1
+AttributeCertificateInfoV1/version	version_v1
 
 #.FN_BODY ContentInfo
   top_tree = tree;
@@ -105,6 +113,12 @@ EncryptedContentInfo/contentType	encryptedContentType
   /* save the content for checking the message digest */	
   content_tvb = tvb_new_subset(tvb, content_offset, len, -1);
 
+#.FN_PARS OtherRecipientInfo/oriType
+  FN_VARIANT = _str  VAL_PTR = &object_identifier_id
+
+#.FN_BODY OtherRecipientInfo/oriValue
+  offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
+
 #.FN_PARS OtherKeyAttribute/keyAttrId
   FN_VARIANT = _str  HF_INDEX = hf_cms_ci_contentType  VAL_PTR = &object_identifier_id
 
diff --git a/asn1/cms/packet-cms-template.c b/asn1/cms/packet-cms-template.c
index 0f4f6237b3..c928e38166 100644
--- a/asn1/cms/packet-cms-template.c
+++ b/asn1/cms/packet-cms-template.c
@@ -38,7 +38,9 @@
 #include "packet-ber.h"
 #include "packet-cms.h"
 #include "packet-x509af.h"
+#include "packet-x509ce.h"
 #include "packet-x509if.h"
+#include "packet-x509sat.h"
 #include "packet-pkcs12.h"
 
 #include <epan/crypt/crypt-sha1.h>