Wireshark-dev: Re: [Wireshark-dev] RSASSA-PSS (bug #6541)

From: Anders Broman <anders.broman@xxxxxxxxxxxx>
Date: Thu, 10 Nov 2011 13:57:47 +0100
Hi,
Some quick comments

>Should all of this go into asn1/pkcs1? I guess so as other definitions from
>RFC5912 are in the same file.

Yes probably, (haven't looked at the RFC:s)


>It looks like the default values are ignored. There's no errors from asn2wrs
>but the defaults never show up anywhere, e.g. when a field is absent. It this
>the expected behaviour or is something going wrong?

I would think this is to be expected or a current limitation. If defaults are used there is nothing in the packet
For Wireshark to show = no code generated. One coud argue that Wireshark should put in generated fields with the defaults
But that's currently not the case.

>I can't get the following definition to compile
>
>    sha1Identifier AlgorithmIdentifier ::= {
>       algorithmId id-sha1,
>       parameters NULL
>    }
>asn2wrs complains about the comma after id-sha1 (removing it doesn't help). I
>commented this out as it's used for defining a default value which in turn
>seems to be ignored.

I would guess that asn2wrs expects an Uppercase after algorithmId and can't do the translation of the symbol (id-sha1) to an OID
As the construct isn't needed I would say that commenting it out is the right thing to do.

Best regards
Anders



 

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Martin Kaiser
Sent: den 10 november 2011 13:32
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] RSASSA-PSS (bug #6541)

Dear all,

I'm trying to add support for RSASSA-PSS signatures in X.509 certificates. It's in a state where things are working for me, but I'm not sure that I understood the ASN.1 handling in wireshark well enough.

Could anybody who's familiar with ANS.1 dissection spare some minutes and look at #6541 in the bugtracker? I'd appreciate feedback about what's required to make this contribution ready for checkin.

The reason I'd like to have this included is that the certificates used by CI+ (about 100 mio are in use now) have PSS signatures. The DVB-CI dissector could then make use of the x509 dissection...

Thanks for your help,

   Martin
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe