Gerald Combs wrote:
On Wed, 28 May 2003, Yaniv Kaul wrote:
I'm trying to add ASN.1 certificate parsing to Ethereal. I'll start with
SSL, then do something generic, which can be used by SSL, SSH, IKE and
possibly others I'm not aware of.
However, I'm having problem using asn1_id_decode(), as for ID=0 it only
moves asn1->offset 1 byte ahead, instead of 2 bytes. If I 'manually'
move it, everything's ok.
Here's what I'm trying to dissect, I'd appreciate if knowledgable people
could help me out here:
30 82 02 DF (Certificate SEQUENCE, length 0x02DF)
30 82 01 C7 (TBSCertificate SEQUENCE, length 0x1C7)
A0 03 (ID=0, length 3 - this is where I'm stuck)
02 01 02 (Integer, length =1, value =2 - which is the Version
number of the certificate - val=2 means X.590v3)
RFC 3280 says that a TBSCertificate is laid out as follows:
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version MUST be v3
}
Version ::= INTEGER { v1(0), v2(1), v3(2) }
I think the sequence "A0 03 02 01 02" is
A0 03 - EXPLICIT tag [0] (context | constructed | 0), length = 3
02 01 02 - Version INTEGER, length = 1, value = 2
The relevant piece of my code is:
ret = asn1_id_decode(&hnd, &cls, &con, &tag);
if(ret == ASN1_ERR_NOERROR) {
proto_tree_add_text(subtree, tvb, cert_len, 2, "ID %d",tag);
cert_len += 2;
hnd.offset++; /* My much needed hack! */
This is incorrect, you are showing the 2 that is the tag meaning
it is an integer i.s.o the 2 that is the value of the integer.
I suggest you make your code as follows:
ret = asn1_int32_decode(&hnd, &version, &len);
if(ret == ASN1_ERR_NOERROR) {
proto_tree_add_text(subtree, tvb, cert_len, len, "ID %d", version);
cert_len += len;
I don't think you, as a dissector writer, ever want to call asn1_id_decode,
asn1_header_decode is what you want, it gives you all info about the
current asn1 entity.
I believe the problem is in asn1.h, in line 191:
if (*tag == 0x1F) {
No, this is correct and is meant to handle tags with value greater than 30.
Any help will be greatly appreciated.
Relevant RFC is 3280, if anyone's interested.
Y.
--
Regards,
---------------------------------------------------------------- -o)
Matthijs Melchior Maarssen /\\
mmelchior@xxxxxxxxx Netherlands _\_v
---------------------------------------------------------------- ----
