dissect OCSP nonce extension

some minor reformatting of the ASN.1 imports svn path=/trunk/; revision=51987
author: Martin Kaiser <wireshark@kaiser.cx> 2013-09-12 21:29:50 +0000
committer: Martin Kaiser <wireshark@kaiser.cx> 2013-09-12 21:29:50 +0000
commit: fd50ee16e8b595c9bdc2cdc7e7236c75586d6a9a (patch)
tree: a6079a5f420c6186b9a32fa2f89c3d92623ea96f
parent: c7f22db4d2bddaba5ef9973c2dc0d7a5c23643b6 (diff)
download: wireshark-fd50ee16e8b595c9bdc2cdc7e7236c75586d6a9a.tar.gz
3 files changed, 51 insertions, 17 deletions
diff --git a/asn1/ocsp/OCSP.asn b/asn1/ocsp/OCSP.asn
index 7ce61f95ec..c2e17297f9 100644
--- a/asn1/ocsp/OCSP.asn
+++ b/asn1/ocsp/OCSP.asn
@@ -39,26 +39,31 @@ BEGIN
 
 IMPORTS
 
-      -- Directory Authentication Framework (X.509)
-             Certificate, AlgorithmIdentifier
-             FROM AuthenticationFramework { joint-iso-itu-t ds(5)
-                      module(1) authenticationFramework(7) 3 }
+  authenticationFramework
+  FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+      usefulDefinitions(0) 5}
 
-	     CRLReason
-	     FROM CertificateExtensions
+  EXTENSION
+  FROM AuthenticationFramework authenticationFramework
 
--- PKIX Certificate Extensions
-             AuthorityInfoAccessSyntax
-          FROM PKIX1Implicit88 {iso(1) identified-organization(3)
-                  dod(6) internet(1) security(5) mechanisms(5) pkix(7)
-                  id-mod(0) id-pkix1-implicit-88(2)}
+  -- Directory Authentication Framework (X.509)
+  Certificate, AlgorithmIdentifier
+  FROM AuthenticationFramework { joint-iso-itu-t ds(5)
+      module(1) authenticationFramework(7) 3 }
 
+  CRLReason
+  FROM CertificateExtensions
 
-          Name, GeneralName, CertificateSerialNumber, Extensions,
-           id-kp, id-ad-ocsp
-             FROM PKIX1Explicit88 {iso(1) identified-organization(3)
-                  dod(6) internet(1) security(5) mechanisms(5) pkix(7)
-                  id-mod(0) id-pkix1-explicit-88(1)};
+  -- PKIX Certificate Extensions
+  AuthorityInfoAccessSyntax
+  FROM PKIX1Implicit88 {iso(1) identified-organization(3)
+      dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+     id-mod(0) id-pkix1-implicit-88(2)}
+
+  Name, GeneralName, CertificateSerialNumber, Extensions, id-kp, id-ad-ocsp
+  FROM PKIX1Explicit88 {iso(1) identified-organization(3)
+      dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+      id-mod(0) id-pkix1-explicit-88(1)};
 
 OCSPRequest     ::=     SEQUENCE {
     tbsRequest                  TBSRequest,
@@ -156,6 +161,13 @@ CrlID ::= SEQUENCE {
       crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
       crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
 
+re-ocsp-nonce EXTENSION ::= {
+   SYNTAX        ReOcspNonce
+   IDENTIFIED BY id-pkix-ocsp-nonce
+}
+
+ReOcspNonce ::= OCTET STRING
+
 
 -- Object Identifiers
 
diff --git a/asn1/ocsp/ocsp.cnf b/asn1/ocsp/ocsp.cnf
index 3245d4be6b..2e8dbb8fd5 100644
--- a/asn1/ocsp/ocsp.cnf
+++ b/asn1/ocsp/ocsp.cnf
@@ -24,6 +24,7 @@ OCSPResponse
 
 #.REGISTER
 BasicOCSPResponse	B	"1.3.6.1.5.5.7.48.1.1"	"id-pkix-ocsp-basic"
+ReOcspNonce		B	"1.3.6.1.5.5.7.48.1.2"	"id-pkix-ocsp-nonce"
 CrlID				B	"1.3.6.1.5.5.7.48.1.3"	"id-pkix-ocsp-crl"
 AcceptableResponses	B	"1.3.6.1.5.5.7.48.1.4"	"id-pkix-ocsp-response"
 NULL				B	"1.3.6.1.5.5.7.48.1.5"	"id-pkix-ocsp-nocheck"
diff --git a/epan/dissectors/packet-ocsp.c b/epan/dissectors/packet-ocsp.c
index a576adaf1f..428e62d0aa 100644
--- a/epan/dissectors/packet-ocsp.c
+++ b/epan/dissectors/packet-ocsp.c
@@ -60,6 +60,7 @@ static int hf_ocsp_ArchiveCutoff_PDU = -1;        /* ArchiveCutoff */
 static int hf_ocsp_AcceptableResponses_PDU = -1;  /* AcceptableResponses */
 static int hf_ocsp_ServiceLocator_PDU = -1;       /* ServiceLocator */
 static int hf_ocsp_CrlID_PDU = -1;                /* CrlID */
+static int hf_ocsp_ReOcspNonce_PDU = -1;          /* ReOcspNonce */
 static int hf_ocsp_NULL_PDU = -1;                 /* NULL */
 static int hf_ocsp_tbsRequest = -1;               /* TBSRequest */
 static int hf_ocsp_optionalSignature = -1;        /* Signature */
@@ -319,7 +320,7 @@ dissect_ocsp_T_responseType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
 
 static int
 dissect_ocsp_T_response(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 43 "../../asn1/ocsp/ocsp.cnf"
+#line 44 "../../asn1/ocsp/ocsp.cnf"
   gint8 appclass;
   gboolean pc, ind;
   gint32 tag;
@@ -611,6 +612,16 @@ dissect_ocsp_CrlID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_,
   return offset;
 }
 
+
+
+static int
+dissect_ocsp_ReOcspNonce(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
+                                       NULL);
+
+  return offset;
+}
+
 /*--- PDUs ---*/
 
 static void dissect_BasicOCSPResponse_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
@@ -638,6 +649,11 @@ static void dissect_CrlID_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_t
   asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
   dissect_ocsp_CrlID(FALSE, tvb, 0, &asn1_ctx, tree, hf_ocsp_CrlID_PDU);
 }
+static void dissect_ReOcspNonce_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
+  asn1_ctx_t asn1_ctx;
+  asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+  dissect_ocsp_ReOcspNonce(FALSE, tvb, 0, &asn1_ctx, tree, hf_ocsp_ReOcspNonce_PDU);
+}
 static void dissect_NULL_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
   asn1_ctx_t asn1_ctx;
   asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
@@ -724,6 +740,10 @@ void proto_register_ocsp(void) {
       { "CrlID", "ocsp.CrlID_element",
         FT_NONE, BASE_NONE, NULL, 0,
         NULL, HFILL }},
+    { &hf_ocsp_ReOcspNonce_PDU,
+      { "ReOcspNonce", "ocsp.ReOcspNonce",
+        FT_BYTES, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
     { &hf_ocsp_NULL_PDU,
       { "NULL", "ocsp.NULL_element",
         FT_NONE, BASE_NONE, NULL, 0,
@@ -967,6 +987,7 @@ void proto_reg_handoff_ocsp(void) {
 /*--- Included file: packet-ocsp-dis-tab.c ---*/
 #line 1 "../../asn1/ocsp/packet-ocsp-dis-tab.c"
   register_ber_oid_dissector("1.3.6.1.5.5.7.48.1.1", dissect_BasicOCSPResponse_PDU, proto_ocsp, "id-pkix-ocsp-basic");
+  register_ber_oid_dissector("1.3.6.1.5.5.7.48.1.2", dissect_ReOcspNonce_PDU, proto_ocsp, "id-pkix-ocsp-nonce");
   register_ber_oid_dissector("1.3.6.1.5.5.7.48.1.3", dissect_CrlID_PDU, proto_ocsp, "id-pkix-ocsp-crl");
   register_ber_oid_dissector("1.3.6.1.5.5.7.48.1.4", dissect_AcceptableResponses_PDU, proto_ocsp, "id-pkix-ocsp-response");
   register_ber_oid_dissector("1.3.6.1.5.5.7.48.1.5", dissect_NULL_PDU, proto_ocsp, "id-pkix-ocsp-nocheck");
author	Martin Kaiser <wireshark@kaiser.cx>	2013-09-12 21:29:50 +0000
committer	Martin Kaiser <wireshark@kaiser.cx>	2013-09-12 21:29:50 +0000
commit	fd50ee16e8b595c9bdc2cdc7e7236c75586d6a9a (patch)
tree	a6079a5f420c6186b9a32fa2f89c3d92623ea96f
parent	c7f22db4d2bddaba5ef9973c2dc0d7a5c23643b6 (diff)
download	wireshark-fd50ee16e8b595c9bdc2cdc7e7236c75586d6a9a.tar.gz