Wireshark · Ethereal-dev: Re: [Ethereal-dev] Help decoding ASN.1 ID 0

Ethereal-dev: Re: [Ethereal-dev] Help decoding ASN.1 ID 0

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gerald Combs <gerald@xxxxxxxxxxxx>

Date: Wed, 28 May 2003 08:57:05 -0500 (CDT)

On Wed, 28 May 2003, Yaniv Kaul wrote:

> I'm trying to add ASN.1 certificate parsing to Ethereal. I'll start with 
> SSL, then do something generic, which can be used by SSL, SSH, IKE and 
> possibly others I'm not aware of.
> However, I'm having problem using asn1_id_decode(), as for ID=0 it only 
> moves asn1->offset 1 byte ahead, instead of 2 bytes. If I 'manually' 
> move it, everything's ok.
> Here's what I'm trying to dissect, I'd appreciate if knowledgable people 
> could help me out here:
> 30 82 02 DF  (Certificate SEQUENCE, length 0x02DF)
>     30 82 01 C7  (TBSCertificate SEQUENCE, length 0x1C7)
>         A0 03        (ID=0, length 3 - this is where I'm stuck)
>         02 01 02    (Integer, length =1, value =2 - which is the Version 
> number of the certificate - val=2 means X.590v3)


RFC 3280 says that a TBSCertificate is laid out as follows:

   TBSCertificate  ::=  SEQUENCE  {
        version         [0]  EXPLICIT Version DEFAULT v1,
        serialNumber         CertificateSerialNumber,
        signature            AlgorithmIdentifier,
        issuer               Name,
        validity             Validity,
        subject              Name,
        subjectPublicKeyInfo SubjectPublicKeyInfo,
        issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                             -- If present, version MUST be v2 or v3
        subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                             -- If present, version MUST be v2 or v3
        extensions      [3]  EXPLICIT Extensions OPTIONAL
                             -- If present, version MUST be v3
        }

   Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }


I think the sequence "A0 03 02 01 02" is

  A0 03 - EXPLICIT tag [0] (context | constructed | 0), length = 3
      02 01 02 - Version INTEGER, length = 1, value = 2


> The relevant piece of my code is:
> ret = asn1_id_decode(&hnd, &cls, &con, &tag);
> if(ret == ASN1_ERR_NOERROR) {
>     proto_tree_add_text(subtree, tvb, cert_len, 2, "ID %d",tag);
>     cert_len += 2;
>     hnd.offset++; /* My much needed hack! */
> 
> 
> I believe the problem is in asn1.h, in line 191:
> if (*tag == 0x1F) {
> 
> 
> Any help will be greatly appreciated.
> Relevant RFC is 3280, if anyone's interested.
> 
> Y.
> 
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>

Follow-Ups:
- Re: [Ethereal-dev] Help decoding ASN.1 ID 0
  - From: Matthijs Melchior

References:
- [Ethereal-dev] Help decoding ASN.1 ID 0
  - From: Yaniv Kaul

Prev by Date: [Ethereal-dev] Bug fix for ICMP v6 && IS-IS
Next by Date: Re: [Ethereal-dev] installing ethereal
Previous by thread: [Ethereal-dev] Help decoding ASN.1 ID 0
Next by thread: Re: [Ethereal-dev] Help decoding ASN.1 ID 0
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$