Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: asn2wrs documentation?

From: Kukosa Tomáš <Tomas.Kukosa () ixperta com>
Date: Wed, 16 Sep 2015 10:37:31 +0000
Hi Peter,


Another possibility would be to define own dissector function for the
RSAPublicKey fields instead of calling default dissect_ber_integer().
E.g. something like this:

#.FN_BODY  RSAPublicKey/modulus
    gint8 ber_class;
    gboolean pc, ind;
    gint32 tag;
    guint32 len;

    offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset,
&ber_class, &pc, &tag);
    offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, &ind);
   /* integer octets are at the offset */
    offset += len;
#.END


Yes, this is something I will use, thanks! For integers I think that the
"ind" part is not needed (can be NULL) as integers are not using the
indefinite length encoding?


Yes, as the INTEGER can be neither composite not indefinite the 'pc' and 
'ind' variables are not necesary.




There is not better asn2wrs document available. The best documentation
are examples in the asn1 directory.


Those examples unfortunately have no explanation either. For example,
there is a FIELD_ATTR member that is used in some places, how does it
differ from TYPE_ATTR? Any idea what the IMPORT_TAG is used for (it is
only used in one place)?


The #.TYPE_ATTR changes attributes for the type, i.e. for all fields of 
that type and the #.FIELD_ATTR changes attributes just for one field.

The #.IMPORT_TAG directive is primarily used when some type exported 
from one ASN.1 module (protoA) is imported in another one (protoB).
Those directives are generated into protoA-exp.cnf and then included 
into protoB.cnf using the #.INCLUDE directive.
The #.IMPORT_TAG directive contains information about ASN.1 BER tag 
which is necessary to distinguish the exported type in the module 
importing it.




Thanks,
Peter


Best regards,
    Tomas


On 15.9.2015 13:46, Peter Wu wrote:

Hi,

I am working on improving dissection support of the subjectPublicKey
field in X.509 Certificates[1]. Right now these opaque BIT STRING types
are shown as a sequence of bytes, but I would like to dissect the other
fields (like modulus and exponent for RSA and public key y for DSA).
(This work is a prerequisite for a new method of specifying RSA private
key files in the SSL preferences without having to list address+port.)

These numbers (RSA modulus, DSA y, DSS-Params p, q, g) are larger than
64-bit and therefore are forced to be displayed as FT_BYTES. The problem
that now occurs is that the original field is lost
(ber.64bit_uint_as_bytes is used instead).

To tackle that problem, I started using TYPE_ATTR, but since the fields
are still dissected as ber_integer, it does not help. I think I can use
"IMPORT_TAG", but it is not documented on the wiki[2].

Those who are familiar with the asn2wrs script, is it possible to update
the wiki? Are there other documentation resources available?

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: