Add support for SRVName SAN extension for TLS certificates

Closes #17256

epan/dissectors/asn1/pkixqualified/CMakeLists.txt

@@ -16,6 +16,8 @@ set( EXT_ASN_FILE_LIST
 
 set( ASN_FILE_LIST
 	PKIXqualified.asn
+	PKIXServiceNameSAN88.asn
+	PKIXServiceNameSAN93.asn
 )
 
 set( EXTRA_DIST

epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN88.asn

@@ -0,0 +1,32 @@
+-- Extracted from RFC 4985 Appendix A.1.  1988 ASN.1 Module
+--
+   PKIXServiceNameSAN88 {iso(1) identified-organization(3) dod(6)
+         internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+         id-mod-dns-srv-name-88(39) }
+
+   DEFINITIONS EXPLICIT TAGS ::=
+
+      BEGIN
+
+      -- EXPORTS ALL --
+
+      IMPORTS
+
+   -- UTF8String, / move hyphens before slash if UTF8String does not
+   -- resolve with your compiler
+
+        id-pkix
+              FROM PKIX1Explicit88 { iso(1) identified-organization(3)
+              dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+              id-mod(0) id-pkix1-explicit(18) } ;
+              -- from RFC3280 [N2]
+     -- Service Name Object Identifier and Syntax
+     -- id-pkix OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7}
+
+     id-on   OBJECT IDENTIFIER ::= { id-pkix 8 }
+
+     id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 }
+
+     SRVName ::= IA5String    (SIZE (1..MAX))
+
+   END

epan/dissectors/asn1/pkixqualified/PKIXServiceNameSAN93.asn

@@ -0,0 +1,39 @@
+-- Extracted from RFC 4985 Appendix A.2.  1993 ASN.1 Module
+--
+   PKIXServiceNameSAN93 {iso(1) identified-organization(3) dod(6)
+       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+       id-mod-dns-srv-name-93(40) }
+
+   DEFINITIONS EXPLICIT TAGS ::=
+
+   BEGIN
+
+   -- EXPORTS ALL --
+
+   IMPORTS
+
+      id-pkix
+            FROM PKIX1Explicit88 { iso(1) identified-organization(3)
+            dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+            id-mod(0) id-pkix1-explicit(18) } ;
+             -- from RFC 3280 [N2]
+
+
+   -- In the GeneralName definition using the 1993 ASN.1 syntax
+   -- includes:
+
+   OTHER-NAME ::= TYPE-IDENTIFIER
+
+
+   -- Service Name Object Identifier
+
+--   id-on   OBJECT IDENTIFIER ::= { id-pkix 8 }
+
+--   id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 }
+   -- Service Name
+
+   srvName OTHER-NAME ::= { SRVName IDENTIFIED BY { id-on-dnsSRV }}
+
+--   SRVName ::= IA5String (SIZE (1..MAX))
+
+   END

epan/dissectors/asn1/pkixqualified/pkixqualified.cnf

@@ -18,6 +18,7 @@ Directorystring         B "1.3.6.1.5.5.7.9.2" "id-pda-placeOfBirth"
 Printablestring         B "1.3.6.1.5.5.7.9.3" "id-pda-gender"
 Printablestring         B "1.3.6.1.5.5.7.9.4" "id-pda-countryOfCitizenship"
 Printablestring         B "1.3.6.1.5.5.7.9.5" "id-pda-countryOfResidence"
+SRVName                 B "1.3.6.1.5.5.7.8.7" "id-on-dnsSRV"
 
 #.NO_EMIT
 

epan/dissectors/packet-pkixqualified.c

@@ -1,7 +1,7 @@
 /* Do not modify this file. Changes will be overwritten.                      */
 /* Generated automatically by the ASN.1 to Wireshark dissector compiler       */
 /* packet-pkixqualified.c                                                     */
-/* asn2wrs.py -b -p pkixqualified -c ./pkixqualified.cnf -s ./packet-pkixqualified-template -D . -O ../.. PKIXqualified.asn */
+/* asn2wrs.py -b -p pkixqualified -c ./pkixqualified.cnf -s ./packet-pkixqualified-template -D . -O ../.. PKIXqualified.asn PKIXServiceNameSAN88.asn PKIXServiceNameSAN93.asn */
 
 /* Input file: packet-pkixqualified-template.c */
 
@@ -48,6 +48,7 @@ static int hf_pkixqualified_BiometricSyntax_PDU = -1;  /* BiometricSyntax */
 static int hf_pkixqualified_QCStatements_PDU = -1;  /* QCStatements */
 static int hf_pkixqualified_SemanticsInformation_PDU = -1;  /* SemanticsInformation */
 static int hf_pkixqualified_XmppAddr_PDU = -1;    /* XmppAddr */
+static int hf_pkixqualified_SRVName_PDU = -1;     /* SRVName */
 static int hf_pkixqualified_BiometricSyntax_item = -1;  /* BiometricData */
 static int hf_pkixqualified_typeOfBiometricData = -1;  /* TypeOfBiometricData */
 static int hf_pkixqualified_hashAlgorithm = -1;   /* AlgorithmIdentifier */
@@ -225,7 +226,7 @@ dissect_pkixqualified_T_statementId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_
 
 static int
 dissect_pkixqualified_T_statementInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 32 "./asn1/pkixqualified/pkixqualified.cnf"
+#line 33 "./asn1/pkixqualified/pkixqualified.cnf"
   offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
 
 
@@ -300,6 +301,17 @@ dissect_pkixqualified_XmppAddr(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
   return offset;
 }
 
+
+
+static int
+dissect_pkixqualified_SRVName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_IA5String,
+                                            actx, tree, tvb, offset, hf_index,
+                                            NULL);
+
+  return offset;
+}
+
 /*--- PDUs ---*/
 
 static int dissect_Generalizedtime_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
@@ -351,6 +363,13 @@ static int dissect_XmppAddr_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto
   offset = dissect_pkixqualified_XmppAddr(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkixqualified_XmppAddr_PDU);
   return offset;
 }
+static int dissect_SRVName_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
+  int offset = 0;
+  asn1_ctx_t asn1_ctx;
+  asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+  offset = dissect_pkixqualified_SRVName(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkixqualified_SRVName_PDU);
+  return offset;
+}
 
 
 /*--- End of included file: packet-pkixqualified-fn.c ---*/
@@ -393,6 +412,10 @@ void proto_register_pkixqualified(void) {
       { "XmppAddr", "pkixqualified.XmppAddr",
         FT_STRING, BASE_NONE, NULL, 0,
         NULL, HFILL }},
+    { &hf_pkixqualified_SRVName_PDU,
+      { "SRVName", "pkixqualified.SRVName",
+        FT_STRING, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
     { &hf_pkixqualified_BiometricSyntax_item,
       { "BiometricData", "pkixqualified.BiometricData_element",
         FT_NONE, BASE_NONE, NULL, 0,
@@ -492,6 +515,7 @@ void proto_reg_handoff_pkixqualified(void) {
   register_ber_oid_dissector("1.3.6.1.5.5.7.9.3", dissect_Printablestring_PDU, proto_pkixqualified, "id-pda-gender");
   register_ber_oid_dissector("1.3.6.1.5.5.7.9.4", dissect_Printablestring_PDU, proto_pkixqualified, "id-pda-countryOfCitizenship");
   register_ber_oid_dissector("1.3.6.1.5.5.7.9.5", dissect_Printablestring_PDU, proto_pkixqualified, "id-pda-countryOfResidence");
+  register_ber_oid_dissector("1.3.6.1.5.5.7.8.7", dissect_SRVName_PDU, proto_pkixqualified, "id-on-dnsSRV");
 
 
 /*--- End of included file: packet-pkixqualified-dis-tab.c ---*/

epan/dissectors/packet-pkixqualified.h

@@ -1,7 +1,7 @@
 /* Do not modify this file. Changes will be overwritten.                      */
 /* Generated automatically by the ASN.1 to Wireshark dissector compiler       */
 /* packet-pkixqualified.h                                                     */
-/* asn2wrs.py -b -p pkixqualified -c ./pkixqualified.cnf -s ./packet-pkixqualified-template -D . -O ../.. PKIXqualified.asn */
+/* asn2wrs.py -b -p pkixqualified -c ./pkixqualified.cnf -s ./packet-pkixqualified-template -D . -O ../.. PKIXqualified.asn PKIXServiceNameSAN88.asn PKIXServiceNameSAN93.asn */
 
 /* Input file: packet-pkixqualified-template.h */