x509ce: dissect CI+ security level extension

author: Martin Kaiser <wireshark@kaiser.cx> 2023-09-10 17:00:53 +0000
committer: AndersBroman <a.broman58@gmail.com> 2023-09-10 17:00:53 +0000
commit: 9243189bd53a072c31dcaffd33d1f56c1c1d9e6e (patch)
tree: ec4eac76bf5709c2deddfcf8d13afa0b2d05bd06 /epan
parent: 023592c4024531452e40c2014be195f8081899cd (diff)
5 files changed, 43 insertions, 2 deletions
diff --git a/epan/dissectors/asn1/x509ce/CertificateExtensionsCiplus.asn b/epan/dissectors/asn1/x509ce/CertificateExtensionsCiplus.asn
index 00c024b5d6..9f824c8e82 100644
--- a/epan/dissectors/asn1/x509ce/CertificateExtensionsCiplus.asn
+++ b/epan/dissectors/asn1/x509ce/CertificateExtensionsCiplus.asn
@@ -38,9 +38,19 @@ cicamBrandId EXTENSION ::= {
 
 CicamBrandId ::= INTEGER(1..65535)
 
+
+securityLevel EXTENSION ::= {
+   SYNTAX    SecurityLevel
+   IDENTIFIED BY  id-pe-securityLevel
+}
+
+SecurityLevel ::= INTEGER (0..MAX)
+
+
 -- Object identifier assignments 
 id-pe-scramblerCapabilities OBJECT IDENTIFIER ::= { id-pkix id-pe(1) 25 }
 id-pe-ciplusInfo OBJECT IDENTIFIER ::= { id-pkix id-pe(1) 26 }
 id-pe-cicamBrandId OBJECT IDENTIFIER ::= { id-pkix id-pe(1) 27 }
+id-pe-securityLevel OBJECT IDENTIFIER ::= { id-pkix id-pe(1) 50 }
 
 END
diff --git a/epan/dissectors/asn1/x509ce/packet-x509ce-template.c b/epan/dissectors/asn1/x509ce/packet-x509ce-template.c
index 7c6e8cd1cc..e722e66b15 100644
--- a/epan/dissectors/asn1/x509ce/packet-x509ce-template.c
+++ b/epan/dissectors/asn1/x509ce/packet-x509ce-template.c
@@ -49,7 +49,7 @@ static int hf_x509ce_IPAddress_ipv6 = -1;
 void
 x509ce_enable_ciplus(void)
 {
-  dissector_handle_t dh25, dh26, dh27;
+  dissector_handle_t dh25, dh26, dh27, dh50;
 
   dh25 = create_dissector_handle(dissect_ScramblerCapabilities_PDU, proto_x509ce);
   dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.25", dh25);
@@ -57,6 +57,8 @@ x509ce_enable_ciplus(void)
   dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.26", dh26);
   dh27 = create_dissector_handle(dissect_CicamBrandId_PDU, proto_x509ce);
   dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.27", dh27);
+  dh50 = create_dissector_handle(dissect_SecurityLevel_PDU, proto_x509ce);
+  dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.50", dh50);
 }
 
 void
@@ -65,6 +67,7 @@ x509ce_disable_ciplus(void)
   dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.25");
   dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.26");
   dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.27");
+  dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.50");
 }
 
 
diff --git a/epan/dissectors/asn1/x509ce/x509ce.cnf b/epan/dissectors/asn1/x509ce/x509ce.cnf
index c92be35c57..242d136d2a 100644
--- a/epan/dissectors/asn1/x509ce/x509ce.cnf
+++ b/epan/dissectors/asn1/x509ce/x509ce.cnf
@@ -88,11 +88,13 @@ SubjectKeyIdentifier
 ScramblerCapabilities
 CiplusInfo
 CicamBrandId
+SecurityLevel
 
 #.PDU
 ScramblerCapabilities
 CiplusInfo
 CicamBrandId
+SecurityLevel
 
 
 #.REGISTER
diff --git a/epan/dissectors/packet-x509ce.c b/epan/dissectors/packet-x509ce.c
index 4c0d327212..cd53fc1f26 100644
--- a/epan/dissectors/packet-x509ce.c
+++ b/epan/dissectors/packet-x509ce.c
@@ -84,6 +84,7 @@ static int hf_x509ce_NFTypes_PDU = -1;            /* NFTypes */
 static int hf_x509ce_ScramblerCapabilities_PDU = -1;  /* ScramblerCapabilities */
 static int hf_x509ce_CiplusInfo_PDU = -1;         /* CiplusInfo */
 static int hf_x509ce_CicamBrandId_PDU = -1;       /* CicamBrandId */
+static int hf_x509ce_SecurityLevel_PDU = -1;      /* SecurityLevel */
 static int hf_x509ce_keyIdentifier = -1;          /* KeyIdentifier */
 static int hf_x509ce_authorityCertIssuer = -1;    /* GeneralNames */
 static int hf_x509ce_authorityCertSerialNumber = -1;  /* CertificateSerialNumber */
@@ -1717,6 +1718,16 @@ dissect_x509ce_CicamBrandId(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset
   return offset;
 }
 
+
+
+int
+dissect_x509ce_SecurityLevel(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_integer64(implicit_tag, actx, tree, tvb, offset, hf_index,
+                                                NULL);
+
+  return offset;
+}
+
 /*--- PDUs ---*/
 
 static int dissect_AuthorityKeyIdentifier_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
@@ -2020,6 +2031,13 @@ static int dissect_CicamBrandId_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, p
   offset = dissect_x509ce_CicamBrandId(FALSE, tvb, offset, &asn1_ctx, tree, hf_x509ce_CicamBrandId_PDU);
   return offset;
 }
+static int dissect_SecurityLevel_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
+  int offset = 0;
+  asn1_ctx_t asn1_ctx;
+  asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+  offset = dissect_x509ce_SecurityLevel(FALSE, tvb, offset, &asn1_ctx, tree, hf_x509ce_SecurityLevel_PDU);
+  return offset;
+}
 
 
 /* CI+ (www.ci-plus.com) defines some X.509 certificate extensions
@@ -2029,7 +2047,7 @@ static int dissect_CicamBrandId_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, p
 void
 x509ce_enable_ciplus(void)
 {
-  dissector_handle_t dh25, dh26, dh27;
+  dissector_handle_t dh25, dh26, dh27, dh50;
 
   dh25 = create_dissector_handle(dissect_ScramblerCapabilities_PDU, proto_x509ce);
   dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.25", dh25);
@@ -2037,6 +2055,8 @@ x509ce_enable_ciplus(void)
   dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.26", dh26);
   dh27 = create_dissector_handle(dissect_CicamBrandId_PDU, proto_x509ce);
   dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.27", dh27);
+  dh50 = create_dissector_handle(dissect_SecurityLevel_PDU, proto_x509ce);
+  dissector_change_string("ber.oid", "1.3.6.1.5.5.7.1.50", dh50);
 }
 
 void
@@ -2045,6 +2065,7 @@ x509ce_disable_ciplus(void)
   dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.25");
   dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.26");
   dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.27");
+  dissector_reset_string("ber.oid", "1.3.6.1.5.5.7.1.50");
 }
 
 
@@ -2260,6 +2281,10 @@ void proto_register_x509ce(void) {
       { "CicamBrandId", "x509ce.CicamBrandId",
         FT_UINT32, BASE_DEC, NULL, 0,
         NULL, HFILL }},
+    { &hf_x509ce_SecurityLevel_PDU,
+      { "SecurityLevel", "x509ce.SecurityLevel",
+        FT_UINT64, BASE_DEC, NULL, 0,
+        NULL, HFILL }},
     { &hf_x509ce_keyIdentifier,
       { "keyIdentifier", "x509ce.keyIdentifier",
         FT_BYTES, BASE_NONE, NULL, 0,
diff --git a/epan/dissectors/packet-x509ce.h b/epan/dissectors/packet-x509ce.h
index 0718bbdc35..7e7d67970e 100644
--- a/epan/dissectors/packet-x509ce.h
+++ b/epan/dissectors/packet-x509ce.h
@@ -78,6 +78,7 @@ int dissect_x509ce_PkiPathMatchSyntax(bool implicit_tag _U_, tvbuff_t *tvb _U_,
 int dissect_x509ce_ScramblerCapabilities(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
 int dissect_x509ce_CiplusInfo(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
 int dissect_x509ce_CicamBrandId(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+int dissect_x509ce_SecurityLevel(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
 
 void x509ce_enable_ciplus(void);
 void x509ce_disable_ciplus(void);
author	Martin Kaiser <wireshark@kaiser.cx>	2023-09-10 17:00:53 +0000
committer	AndersBroman <a.broman58@gmail.com>	2023-09-10 17:00:53 +0000
commit	9243189bd53a072c31dcaffd33d1f56c1c1d9e6e (patch)
tree	ec4eac76bf5709c2deddfcf8d13afa0b2d05bd06 /epan
parent	023592c4024531452e40c2014be195f8081899cd (diff)