Wireshark-dev: Re: [Wireshark-dev] asn2wrs documentation?

From: Kukosa Tomáš <Tomas.Kukosa@xxxxxxxxxxx>
Date: Wed, 16 Sep 2015 10:37:31 +0000
Hi Peter,

 >> Another possibility would be to define own dissector function for the
>> RSAPublicKey fields instead of calling default dissect_ber_integer().
>> E.g. something like this:
>>
>> #.FN_BODY  RSAPublicKey/modulus
>>     gint8 ber_class;
>>     gboolean pc, ind;
>>     gint32 tag;
>>     guint32 len;
>>
>>     offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset,
>> &ber_class, &pc, &tag);
>>     offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, &ind);
>>    /* integer octets are at the offset */
>>     offset += len;
>> #.END
>
> Yes, this is something I will use, thanks! For integers I think that the
> "ind" part is not needed (can be NULL) as integers are not using the
> indefinite length encoding?

Yes, as the INTEGER can be neither composite not indefinite the 'pc' and 
'ind' variables are not necesary.

>
>> There is not better asn2wrs document available. The best documentation
>> are examples in the asn1 directory.
>
> Those examples unfortunately have no explanation either. For example,
> there is a FIELD_ATTR member that is used in some places, how does it
> differ from TYPE_ATTR? Any idea what the IMPORT_TAG is used for (it is
> only used in one place)?

The #.TYPE_ATTR changes attributes for the type, i.e. for all fields of 
that type and the #.FIELD_ATTR changes attributes just for one field.

The #.IMPORT_TAG directive is primarily used when some type exported 
from one ASN.1 module (protoA) is imported in another one (protoB).
Those directives are generated into protoA-exp.cnf and then included 
into protoB.cnf using the #.INCLUDE directive.
The #.IMPORT_TAG directive contains information about ASN.1 BER tag 
which is necessary to distinguish the exported type in the module 
importing it.


>
> Thanks,
> Peter
>
>> Best regards,
>>     Tomas
>>
>>
>> On 15.9.2015 13:46, Peter Wu wrote:
>>> Hi,
>>>
>>> I am working on improving dissection support of the subjectPublicKey
>>> field in X.509 Certificates[1]. Right now these opaque BIT STRING types
>>> are shown as a sequence of bytes, but I would like to dissect the other
>>> fields (like modulus and exponent for RSA and public key y for DSA).
>>> (This work is a prerequisite for a new method of specifying RSA private
>>> key files in the SSL preferences without having to list address+port.)
>>>
>>> These numbers (RSA modulus, DSA y, DSS-Params p, q, g) are larger than
>>> 64-bit and therefore are forced to be displayed as FT_BYTES. The problem
>>> that now occurs is that the original field is lost
>>> (ber.64bit_uint_as_bytes is used instead).
>>>
>>> To tackle that problem, I started using TYPE_ATTR, but since the fields
>>> are still dissected as ber_integer, it does not help. I think I can use
>>> "IMPORT_TAG", but it is not documented on the wiki[2].
>>>
>>> Those who are familiar with the asn2wrs script, is it possible to update
>>> the wiki? Are there other documentation resources available?
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>               mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>