I need an API to encode/decode an ASN.1 stream. I've read that OpenSSL supports this in C and I have access to it in my project, though I don't know how to actually use these functions. I effectively need to decode a struct, a SEQUENCE. Can anyone recommend how to do so?
It looks like openssl can be used to generate ASN.1 encodings of data through a cumbersome command line interface. It's not really an API that you could use - you'd be having to create one yourself that, underneath, made a lot of system calls like system("openssl asn1parse -genstr 'UTF8:Hello World'"). That sounds like a lot of work.
You're far better off using a proper ASN.1 toolset, take a look at the tools page on the ITU's website.
Related
I have an existing library in C, which I want to be able to allow remote access to (either from Linux or Windows).
I looked at the usual RPC suspects like Thrift and Protobuf, but neither of these deal cleanly with C-style function calls (things like pass-by-ref, char* instead of string, * instead of List<> etc).
In short, to use either of these it looks like I would need to write a complete IDL from scratch, and add a lot of boilerplate code to transfer C-style function calls into these environments.
Are there any RPC libraries around that
can deal directly with C header files (or have tools to auto
generate the initial IDL from C definitions)?
are cross-platform Linux/Windows compatible?
require the absolute minimum of boilerplate code?
support sockets
are relatively high performance (XML-RPC i'm looking at you)?
Well, there's protobuf-c, an implementation of protobuf in C.
And then there's the classical XDR, found on most/(all?) unix-like systems, versions exist for windows as well. See also the Linux xdr(3) man page which contains an overview of the API.
Note that both protobuf and XDR are serialization libraries, they don't provide RPC. The "companion RPC library" to XDR is called, well, RPC, but I don't think anyone writes new code with that, and AFAICS it's unix-specific (portmap doesn't run on windows, does it? And it's generally a bad idea anyway.). Then there's protobuf-c-rpc which is the C version of the protobuf RPC library; probably a better bet than classic RPC.
I'm working on SS7 project and reached a point where I need to create my tcap dissector/parser, So I was wondering to using wireshark dev files inside my source.
Is that possible? if yes? how can I do it? is there any tutorial available?
http://www.tcpdump.org/ has all needed information.
You'll need to use libpcap as described here: http://www.tcpdump.org/pcap3_man.html
I guess pcap_open_offline is a good start, you can then use the related functions to get the structured data contained in the dump file. Using the same library, you could also capturing directly from your application.
On a related note, wireshark and tshark allow to export a pcap file to xml, you could also use this format instead of the binary pcap if you'd like to.
Like most things to do with software it is possible. However a more valid question might be what use can you make of the Wireshark source code?
Some disadvantages of using Wireshark are:
it is a general purpose tool built for all protocols. All implemented protocol dissectors plug into its general framework. So if you want to reuse just a particular protocol you need some way of implementing or stubbing out the framework code.
it is designed only for dissecting and describing protocol components. It has no encoding functionality.
it is licensed using the copy left GPL license. This means that any software you build from Wireshark must also be licensed in this way.
Having said that it can be invaluable to just browse the source code to get a starting point. The main tcap dissecting source file is at epan/dissectors/packet-tcap.c. Wireshark uses a ASN.1 decompiler to parse the TCAP message. The definition file it uses can be found in asn1/tcap/tcap.asn.
I use openssl on the shell for encrypting data and would like to decrypt the data later at runtime in a ObjC/C/C++ program. As I could not get it working using the openssl library I call openssl from the program "on the console" and pipe the decrypted result back into a string, using popen() etc. This works perfectly but I wonder if this approach is as secure as using it "internally".
Thanks for comments or hints, as I haven't found anything useful on the web yet...
Matthias
You're potentially exposing yourself to a couple of more attack vectors, beyond that it's not that much less secure than linking against and using the OpenSSL library.
The program and it's arguments you're running from popen may expose additional info through argv, if you can specify the key material directly on the command-line and do so, this would be exposed through /proc/<pid>/cmdline (and ps/top/etc.). This is what I'd worry about the most if I were to decrypt via another process and pass it to another application through an pipe. As root they would also be able to read /proc/<pid>/environ if you pass key-material to the application through environment, although if they're root there's all sorts of other shenanigans they can do as well to get a hold of your stuff regardless of which method you use openssl (library/binary+pipe).
There's a few other things like replacing the openssl binary with something malicious, or injecting it earlier in PATH if you let popen/shell determine which openssl binary to use, although if they can do this chances are they also can get a hold of key-material and ciphertext through easier means (or they could replace or LD_PRELOAD a malicous openssl library, which neatly would defeat dynamically linking against openssl also). The same goes for snooping on the pipe, they'd have to run as root or your user.
In short, if you can popen without exposing anything sensitive through argv it's not that much less secure than using the OpenSSL library. Yes, there's a few more ways of getting a hold of your stuff, but it'd require them to run as a user which would be able to get a hold of your stuff anyway (although it'd possibly require a bit more effort).
I'm running Debian Linux, and for a Lua script I need to create a SHA256 checksum to authenticate requests to Amazon Web Services. They don't say for sure but it looks as if they may want a base64 encoding of the resulting SHA256 checksum.
I'd be happy if someone had done a Lua binding.
I'd be content if someone could help me figure out how to use the command-line /usr/bin/sha256sum for this purpose.
I'd settle for a pointer to C code and deal with the hassle of the binding and the base64 encoding myself.
I surely don't need to reimplement SHA256 for myself; if someone has an implementation in ANSI standard C that they like, please let me know. Or a better solution!
How about LuaCrypto, a front-end for OpenSSL:
http://luacrypto.luaforge.net/
It looks like mushclient has already written a Lua wrapper for a SHA-256 library.
A work-around might be the free signing service at http://apisigning.com/
I'm looking into a mechanism for serialize data to be passed over a socket or shared-memory in a language-independent mechanism. I'm reluctant to use XML since this data is going to be very structured, and encoding/decoding speed is vital. Having a good C API that's liberally licensed is important, but ideally there should be support for a ton of other languages. I've looked at google's protocol buffers and ASN.1. Am I on the right track? Is there something better? Should I just implement my own packed structure and not look for some standard?
Given your requirements, I would go with Google Protocol Buffers. It sounds like it's ideally suited to your application.
You could consider XDR. It has an RFC. I've used it and never had any performance problems with it. It was used in ONC RPC and has an and comes with a tool called rpcgen. It is also easy to create a generator yourself when you just want to serialize data (which is what I ended up doing for portability reasons, took me half a day).
There is an open source C implementation, but it can already be in a system library, so you wouldn't need the sources.
ASN.1 always seemed a bit baroque to me, but depending on your actual needs might be more appropriate, since there are some limitations to XDR.
Just wanted to throw in ASN.1 into this mix. ASN.1 is a format standard, but there's libraries for most languages, and the C interface via asn1c is much cleaner than the C interface for protocol buffers.
JSON is really my favorite for this kind of stuff. I have no prior experience with binary stuff in it though. Please post your results if you are planning on using JSON!
Thrift is a binary format created by Facebook. Here's a comparison with google protocol buffers.
Check out Hessian
There is also Binary XML but it seems not stabilized yet. The article I link to gives a bunch of links which might be of interest.
Another option is SNAC/TLV which is used by AOL in it's Oscar/AIM protocol.
Also check out Muscle. While it does quite a bit, it serializes to a binary format.
Few Thing's you need to Consider
1. Storage
2. Encoding Style (1 byte 2 byte)
3. TLV standards
ASN.1 Parser is the good for binary represenations the best part is ASN.1 is a well-established technology that is widely used both within ITU-T and outside of it. The notation is supported by a number of software vendors.