Wireshark mailing list archives
Re: asn2wrs documentation?
From: Peter Wu <peter () lekensteyn nl>
Date: Wed, 16 Sep 2015 11:49:30 +0200
Hi Tomáš, On Tue, Sep 15, 2015 at 02:29:02PM +0000, Kukosa Tomáš wrote:
Unfortunately asn2wrs can not help with it. Changing TYPE_ATTR does not change called dissection function. It changes just field type. The field ber.64bit_uint_as_bytes comes from function dissect_ber_integer64() of packet-ber.c. Maybe the dissect_ber_integer64() should check whether the field has the FT_BYTES type and then it could use the original field instead of the ber.64bit_uint_as_bytes.
This is done now since yesterday (https://code.wireshark.org/review/10539), now it suffices to use this for INTEGER types: #.TYPE_ATTR RSAPublicKey/modulus TYPE = FT_BYTES DISPLAY = BASE_NONE
Another possibility would be to define own dissector function for the RSAPublicKey fields instead of calling default dissect_ber_integer(). E.g. something like this: #.FN_BODY RSAPublicKey/modulus gint8 ber_class; gboolean pc, ind; gint32 tag; guint32 len; offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &ber_class, &pc, &tag); offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, &ind); /* integer octets are at the offset */ offset += len; #.END
Yes, this is something I will use, thanks! For integers I think that the "ind" part is not needed (can be NULL) as integers are not using the indefinite length encoding?
There is not better asn2wrs document available. The best documentation are examples in the asn1 directory.
Those examples unfortunately have no explanation either. For example, there is a FIELD_ATTR member that is used in some places, how does it differ from TYPE_ATTR? Any idea what the IMPORT_TAG is used for (it is only used in one place)? Thanks, Peter
Best regards, Tomas On 15.9.2015 13:46, Peter Wu wrote:Hi, I am working on improving dissection support of the subjectPublicKey field in X.509 Certificates[1]. Right now these opaque BIT STRING types are shown as a sequence of bytes, but I would like to dissect the other fields (like modulus and exponent for RSA and public key y for DSA). (This work is a prerequisite for a new method of specifying RSA private key files in the SSL preferences without having to list address+port.) These numbers (RSA modulus, DSA y, DSS-Params p, q, g) are larger than 64-bit and therefore are forced to be displayed as FT_BYTES. The problem that now occurs is that the original field is lost (ber.64bit_uint_as_bytes is used instead). To tackle that problem, I started using TYPE_ATTR, but since the fields are still dissected as ber_integer, it does not help. I think I can use "IMPORT_TAG", but it is not documented on the wiki[2]. Those who are familiar with the asn2wrs script, is it possible to update the wiki? Are there other documentation resources available?
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- asn2wrs documentation? Peter Wu (Sep 15)
- Re: asn2wrs documentation? Kukosa Tomáš (Sep 15)
- Re: asn2wrs documentation? Peter Wu (Sep 16)
- Re: asn2wrs documentation? Kukosa Tomáš (Sep 16)
- Re: asn2wrs documentation? Peter Wu (Sep 16)
- Re: asn2wrs documentation? Kukosa Tomáš (Sep 15)