ASN1 encoding decoding issue with ASN1::encode ASN1::decode commands

Hi,

I am trying to work with ASN1 decoding.

As documented in wiki of ASN1::encode and ASN1::decode commands, I wrote this irule:

when HTTP_REQUEST {

    set  tmp [ASN1::encode DER "aa" foo bar]
     Convert to hexadecimal for log purpose.
    binary scan $tmp H* tmp_hex 
    log local0. $tmp_hex

    ASN1::decode $tmp "aa" data1 data2
    log local0. "$data1 / $data2"
}

I also tried to add encoding type DER in ASN1::decode command :

ASN1::decode DER $tmp "aa" data1 data2

or

ASN1::decode $tmp DER "aa" data1 data2 

But I always had this message:

Jun 22 17:20:07 F5ve info tmm1[12273]: Rule /Common/kerberos_decode : 0403666f6f0403626172
Jun 22 17:20:07 F5ve err tmm1[12273]: 01220001:3: TCL error: /Common/kerberos_decode  - Invalid ASN1 Element (line 1)     invoked from within "ASN1::decode $tmp "aa" data1 data2"

So Encoding commands works as expected:

• 04 means octet string
• 03 means 3 characters (length of "foo")

• 666f6f is the hexadecimal of foo

• 04 means octet string

• 03 means 3 characters (length of "bar")
• 626172 is the hexadecimal of bar

but decoding commands fails and I don't understand why. it seems the command format is wrong, but I used the one described in wiki!

Is there someone who already use this command successfully?