Wireshark-dev: Re: [Wireshark-dev] asn2wrs documentation?
From: Kukosa Tomáš <Tomas.Kukosa@xxxxxxxxxxx>
Date: Wed, 16 Sep 2015 10:37:31 +0000
Hi Peter, >> Another possibility would be to define own dissector function for the >> RSAPublicKey fields instead of calling default dissect_ber_integer(). >> E.g. something like this: >> >> #.FN_BODY RSAPublicKey/modulus >> gint8 ber_class; >> gboolean pc, ind; >> gint32 tag; >> guint32 len; >> >> offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, >> &ber_class, &pc, &tag); >> offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, &ind); >> /* integer octets are at the offset */ >> offset += len; >> #.END > > Yes, this is something I will use, thanks! For integers I think that the > "ind" part is not needed (can be NULL) as integers are not using the > indefinite length encoding? Yes, as the INTEGER can be neither composite not indefinite the 'pc' and 'ind' variables are not necesary. > >> There is not better asn2wrs document available. The best documentation >> are examples in the asn1 directory. > > Those examples unfortunately have no explanation either. For example, > there is a FIELD_ATTR member that is used in some places, how does it > differ from TYPE_ATTR? Any idea what the IMPORT_TAG is used for (it is > only used in one place)? The #.TYPE_ATTR changes attributes for the type, i.e. for all fields of that type and the #.FIELD_ATTR changes attributes just for one field. The #.IMPORT_TAG directive is primarily used when some type exported from one ASN.1 module (protoA) is imported in another one (protoB). Those directives are generated into protoA-exp.cnf and then included into protoB.cnf using the #.INCLUDE directive. The #.IMPORT_TAG directive contains information about ASN.1 BER tag which is necessary to distinguish the exported type in the module importing it. > > Thanks, > Peter > >> Best regards, >> Tomas >> >> >> On 15.9.2015 13:46, Peter Wu wrote: >>> Hi, >>> >>> I am working on improving dissection support of the subjectPublicKey >>> field in X.509 Certificates[1]. Right now these opaque BIT STRING types >>> are shown as a sequence of bytes, but I would like to dissect the other >>> fields (like modulus and exponent for RSA and public key y for DSA). >>> (This work is a prerequisite for a new method of specifying RSA private >>> key files in the SSL preferences without having to list address+port.) >>> >>> These numbers (RSA modulus, DSA y, DSS-Params p, q, g) are larger than >>> 64-bit and therefore are forced to be displayed as FT_BYTES. The problem >>> that now occurs is that the original field is lost >>> (ber.64bit_uint_as_bytes is used instead). >>> >>> To tackle that problem, I started using TYPE_ATTR, but since the fields >>> are still dissected as ber_integer, it does not help. I think I can use >>> "IMPORT_TAG", but it is not documented on the wiki[2]. >>> >>> Those who are familiar with the asn2wrs script, is it possible to update >>> the wiki? Are there other documentation resources available? > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe >
- References:
- [Wireshark-dev] asn2wrs documentation?
- From: Peter Wu
- Re: [Wireshark-dev] asn2wrs documentation?
- From: Kukosa Tomáš
- Re: [Wireshark-dev] asn2wrs documentation?
- From: Peter Wu
- [Wireshark-dev] asn2wrs documentation?
- Prev by Date: Re: [Wireshark-dev] asn2wrs documentation?
- Next by Date: Re: [Wireshark-dev] Wireshark "Decode As"
- Previous by thread: Re: [Wireshark-dev] asn2wrs documentation?
- Next by thread: [Wireshark-dev] Storing information to show it in future packets
- Index(es):
- Get Wireshark
- Download
- Code of Conduct