Support for P1 Strong Authentication

svn path=/trunk/; revision=17727

3 files changed, 78 insertions, 34 deletions

diff --git a/asn1/x411/packet-x411-template.c b/asn1/x411/packet-x411-template.c
index afa1266aa4..5713d7e5dc 100644
--- a/asn1/x411/packet-x411-template.c
+++ b/asn1/x411/packet-x411-template.c
@@ -63,6 +63,7 @@ static const char *content_type_id; /* content type identifier */
 #define MAX_ORA_STR_LEN     256
 static char *oraddress = NULL;
 static gboolean doing_address=FALSE;
+static gboolean doing_mtaname=FALSE;
 static proto_item *address_item;
 
 static proto_tree *top_tree=NULL;
diff --git a/asn1/x411/x411.asn b/asn1/x411/x411.asn
index b4c642d48c..017d65364f 100644
--- a/asn1/x411/x411.asn
+++ b/asn1/x411/x411.asn
@@ -764,7 +764,7 @@ ResponderCredentials ::= Credentials
 
 Credentials ::= CHOICE {
   simple     Password,
---  strong     [0]  StrongCredentials,
+  strong     [0]  StrongCredentials,
 --  ...,
   protected  [1]  ProtectedPassword
 }
@@ -774,12 +774,12 @@ Password ::= CHOICE {
   octet-string  OCTET STRING --(SIZE (0..ub-password-length))
 }
 
---StrongCredentials ::= SET {
---  bind-token               [0]  Token OPTIONAL,
---  certificate              [1]  Certificates OPTIONAL,
+StrongCredentials ::= SET {
+  bind-token               [0]  Token OPTIONAL,
+  certificate              [1]  Certificates OPTIONAL,
 --  ...,
---  certificate-selector     [2]  CertificateAssertion OPTIONAL
---}
+  certificate-selector     [2]  CertificateAssertion OPTIONAL
+}
 
 ProtectedPassword ::= SET {
   signature
@@ -2810,13 +2810,15 @@ TeletexNonBasicParameters ::= SET {
 
 -- as defined in CCITT Recommendation T.62
 --	Token
---Token ::= SEQUENCE {
---  token-type-identifier  [0]  TOKEN.&id({TokensTable}),
---  token
---    [1]  TOKEN.&Type({TokensTable}{@token-type-identifier})
---}
+Token ::= SEQUENCE {
+  token-type-identifier  [0]  -- TOKEN.&id({TokensTable})-- TokenTypeIdentifier,
+  token
+    [1]  --TOKEN.&Type({TokensTable}{@token-type-identifier})-- TokenTypeData
+}
 
 --TOKEN ::= TYPE-IDENTIFIER
+TokenTypeIdentifier ::= OBJECT IDENTIFIER
+TokenTypeData ::= ANY
 
 --TokensTable TOKEN ::= {asymmetric-token, ...}
 
@@ -2825,22 +2827,29 @@ TeletexNonBasicParameters ::= SET {
 --  IDENTIFIED BY  id-tok-asymmetricToken
 --}
 
---AsymmetricToken ::=
+AsymmetricTokenData ::=
 --  SIGNED
---    {SEQUENCE {signature-algorithm-identifier   AlgorithmIdentifier,
---               name
---                 CHOICE {recipient-name  RecipientName,
---                         mta
---                           [3]  SEQUENCE {global-domain-identifier
---                                            GlobalDomainIdentifier OPTIONAL,
---                                          mta-name                  MTAName
---                         }},
---               time                             Time,
---               signed-data                      [0]  TokenData OPTIONAL,
---               encryption-algorithm-identifier
---                 [1]  AlgorithmIdentifier OPTIONAL,
---               encrypted-data
---                 [2]  ENCRYPTED{TokenData} OPTIONAL}}
+--    {--SEQUENCE {signature-algorithm-identifier   AlgorithmIdentifier,
+               name
+                 CHOICE {recipient-name  MTSRecipientName,
+                         mta  [3]  MTANameAndOptionalGDI },
+               time                             Time,
+               signed-data                      [0]  TokenData OPTIONAL,
+               encryption-algorithm-identifier
+                 [1]  AlgorithmIdentifier OPTIONAL,
+               encrypted-data
+                 [2] -- ENCRYPTED{TokenData}-- BIT STRING OPTIONAL} --}
+
+MTANameAndOptionalGDI ::= SEQUENCE {
+     global-domain-identifier       GlobalDomainIdentifier OPTIONAL,
+     mta-name                  MTAName
+}
+
+AsymmetricToken ::= SEQUENCE {
+  asymmetric-token-data		AsymmetricTokenData,
+  algorithm-identifier		AlgorithmIdentifier,
+  encrypted			BIT STRING
+}
 
 --TokenData ::= SEQUENCE {
 --  type   [0]  TOKEN-DATA.&id({TokenDataTable}),
@@ -2861,9 +2870,12 @@ TeletexNonBasicParameters ::= SET {
 --                                       IDENTIFIED BY  1
 --}
 
---BindTokenSignedData ::= RandomNumber
+-- This is the only Token Data we know
+TokenData ::= BindTokenSignedData
+
+BindTokenSignedData ::= RandomNumber
 
---RandomNumber ::= BIT STRING
+RandomNumber ::= BIT STRING
 
 --message-token-signed-data TOKEN-DATA ::= {
 --  MessageTokenSignedData
diff --git a/asn1/x411/x411.cnf b/asn1/x411/x411.cnf
index 2f6367bfe0..19b37cde39 100644
--- a/asn1/x411/x411.cnf
+++ b/asn1/x411/x411.cnf
@@ -124,11 +124,13 @@ ReportDeliveryEnvelope/per-recipient-fields/_item	per-recipient-report-delivery-
 
 MessageTransferEnvelope/per-recipient-fields/_item	per-recipient-message-fields-item
 
-
-
 MessageTransferEnvelope/per-recipient-fields		per-recipient-message-fields
 ReportTransferContent/per-recipient-fields		per-recipient-report-fields
 
+AsymmetricTokenData/name/mta				token-mta
+AsymmetricTokenData/name/recipient-name			token-recipient-name
+
+
 #.PDU
 MTABindArgument
 MTABindResult
@@ -199,6 +201,9 @@ UniversalOrganizationalUnitNames B "x411.extension-attribute.27" "universal-orga
 
 ReportDeliveryArgument	B	"2.6.1.4.14"	"id-et-report"
 
+AsymmetricToken		B	"2.6.3.6.0"	"id-tok-asymmetricToken"
+MTANameAndOptionalGDI	B	"2.6.5.6.0"	"id-on-mtaName"
+
 # X402 - see master list in acp133.cnf
 
 ContentLength B "2.6.5.2.0" "id-at-mhs-maximum-content-length"
@@ -217,8 +222,6 @@ ExtendedEncodedInformationType B "2.6.5.2.18" "id-at-mhs-unacceptable-eits"
 ORName B "2.16.840.1.101.2.1.5.47" "id-at-aLExemptedAddressProcessor"
 ORAddress B "2.16.840.1.101.2.2.1.134.1" "id-at-collective-mhs-or-addresses"
 
-
-
 #.FN_BODY AdditionalInformation
 /*XXX not implemented yet */
 
@@ -557,6 +560,15 @@ ORAddress B "2.16.840.1.101.2.2.1.134.1" "id-at-collective-mhs-or-addresses"
 
 	doing_address = FALSE;
 
+#.FN_BODY MTANameAndOptionalGDI
+
+	doing_address = TRUE;
+
+	%(DEFAULT_BODY)s
+
+	doing_address = FALSE;
+	proto_item_append_text(tree, ")");
+
 #.FN_BODY BuiltInStandardAttributes
 
 	address_item = tree;	
@@ -579,7 +591,6 @@ ORAddress B "2.16.840.1.101.2.2.1.134.1" "id-at-collective-mhs-or-addresses"
 
 	doing_address = FALSE;
 
-
 #.FN_BODY DomainSuppliedInformation
 
 	doing_address = FALSE;
@@ -606,7 +617,7 @@ ORAddress B "2.16.840.1.101.2.2.1.134.1" "id-at-collective-mhs-or-addresses"
 
 	%(DEFAULT_BODY)s
 
-	if(arrival)
+	if(arrival && doing_address)
 		proto_item_append_text(address_item, " %%s", tvb_format_text(arrival, 0, tvb_length(arrival)));
 
 #.FN_PARS RoutingAction
@@ -628,5 +639,25 @@ ORAddress B "2.16.840.1.101.2.2.1.134.1" "id-at-collective-mhs-or-addresses"
   if((error != -1) && check_col(pinfo->cinfo, COL_INFO))
     col_append_fstr(pinfo->cinfo, COL_INFO, " (%%s)", val_to_str(error, x411_MTABindError_vals, "error(%%d)"));
 
+#.FN_PARS TokenTypeIdentifier
+	FN_VARIANT = _str  VAL_PTR = &object_identifier_id
+
+#.FN_BODY TokenTypeData
+	
+	if(object_identifier_id) 
+   	   call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree);
+
+#.FN_PARS Credentials
+	VAL_PTR = &credentials
+
+#.FN_BODY Credentials
+  guint32 credentials;
+
+  %(DEFAULT_BODY)s
+
+  if (check_col(pinfo->cinfo, COL_INFO)) {
+	if(credentials == -1) credentials = 0;
+	col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(credentials, x411_Credentials_vals, "Credentials(%%d)"));
+  }
 
 #.END