Hi Peter, Unfortunately asn2wrs can not help with it. Changing TYPE_ATTR does not change called dissection function. It changes just field type. The field ber.64bit_uint_as_bytes comes from function dissect_ber_integer64() of packet-ber.c.
Maybe the dissect_ber_integer64() should check whether the field has the FT_BYTES type and then it could use the original field instead of the ber.64bit_uint_as_bytes. Another possibility would be to define own dissector function for the RSAPublicKey fields instead of calling default dissect_ber_integer(). E.g. something like this: #.FN_BODY RSAPublicKey/modulus gint8 ber_class; gboolean pc, ind; gint32 tag; guint32 len; offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &ber_class, &pc, &tag); offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, &ind); /* integer octets are at the offset */ offset += len; #.END There is not better asn2wrs document available. The best documentation are examples in the asn1 directory. Best regards, Tomas On 15.9.2015 13:46, Peter Wu wrote: > Hi, > > I am working on improving dissection support of the subjectPublicKey > field in X.509 Certificates[1]. Right now these opaque BIT STRING types > are shown as a sequence of bytes, but I would like to dissect the other > fields (like modulus and exponent for RSA and public key y for DSA). > (This work is a prerequisite for a new method of specifying RSA private > key files in the SSL preferences without having to list address+port.) > > These numbers (RSA modulus, DSA y, DSS-Params p, q, g) are larger than > 64-bit and therefore are forced to be displayed as FT_BYTES. The problem > that now occurs is that the original field is lost > (ber.64bit_uint_as_bytes is used instead). > > To tackle that problem, I started using TYPE_ATTR, but since the fields > are still dissected as ber_integer, it does not help. I think I can use > "IMPORT_TAG", but it is not documented on the wiki[2]. > > Those who are familiar with the asn2wrs script, is it possible to update > the wiki? Are there other documentation resources available? ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
