Wireshark-dev: Re: [Wireshark-dev] asn2wrs documentation?

From: Kukosa Tomáš <Tomas.Kukosa@xxxxxxxxxxx>
Date: Tue, 15 Sep 2015 14:29:02 +0000
Hi Peter,

Unfortunately asn2wrs can not help with it.
Changing  TYPE_ATTR does not change called dissection function. It 
changes just field type.
The field ber.64bit_uint_as_bytes comes from function 
dissect_ber_integer64() of packet-ber.c.

Maybe the dissect_ber_integer64() should check whether the field has the 
FT_BYTES type and then it could use the original field instead of the 
ber.64bit_uint_as_bytes.

Another possibility would be to define own dissector function for the 
RSAPublicKey fields instead of calling default dissect_ber_integer(). 
E.g. something like this:

#.FN_BODY  RSAPublicKey/modulus
   gint8 ber_class;
   gboolean pc, ind;
   gint32 tag;
   guint32 len;

   offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, 
&ber_class, &pc, &tag);
   offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, &ind);
  /* integer octets are at the offset */
   offset += len;
#.END

There is not better asn2wrs document available. The best documentation 
are examples in the asn1 directory.

Best regards,
   Tomas


On 15.9.2015 13:46, Peter Wu wrote:
> Hi,
>
> I am working on improving dissection support of the subjectPublicKey
> field in X.509 Certificates[1]. Right now these opaque BIT STRING types
> are shown as a sequence of bytes, but I would like to dissect the other
> fields (like modulus and exponent for RSA and public key y for DSA).
> (This work is a prerequisite for a new method of specifying RSA private
> key files in the SSL preferences without having to list address+port.)
>
> These numbers (RSA modulus, DSA y, DSS-Params p, q, g) are larger than
> 64-bit and therefore are forced to be displayed as FT_BYTES. The problem
> that now occurs is that the original field is lost
> (ber.64bit_uint_as_bytes is used instead).
>
> To tackle that problem, I started using TYPE_ATTR, but since the fields
> are still dissected as ber_integer, it does not help. I think I can use
> "IMPORT_TAG", but it is not documented on the wiki[2].
>
> Those who are familiar with the asn2wrs script, is it possible to update
> the wiki? Are there other documentation resources available?