[openssl-users] SOLVED --- ASN.1: Parsing a 'context-specific' class (or app/private class)

Dr. Stephen Henson steve at openssl.org
Wed Sep 2 16:19:25 UTC 2015

On Wed, Sep 02, 2015, Massimiliano Pala wrote:

> Hi all,
> since someone asked, here's my solution (if someone knows of a
> better one, please let me know).
> The problem that I tried to solve is how to parse the
> CRYTPLIB-specific envelope for signatures. In particular, the
> example reported in my original e-mail was a DSA signature. The main
> issue here was how to parse a context-specific 0-tagged value inside
> the structure. Here's the parsing:
>         0:d=0  hl=2 l=  98 cons: SEQUENCE
>         2:d=1  hl=2 l=   1 prim:  INTEGER           :03
>         5:d=1  hl=2 l=  20 prim:  cont [ 0 ]
>        27:d=1  hl=2 l=   9 cons:  SEQUENCE
>        29:d=2  hl=2 l=   5 prim:   OBJECT            :sha1
>        36:d=2  hl=2 l=   0 prim:   NULL
>        38:d=1  hl=2 l=  11 cons:  SEQUENCE
>        40:d=2  hl=2 l=   7 prim:   OBJECT :dsaEncryption
>        49:d=2  hl=2 l=   0 prim:   NULL
>        51:d=1  hl=2 l=  47 prim:  OCTET STRING
> Since I could not find any ASN1 macro that would allow me to specify
> the field after the INTEGER (offset 5, class context-specific
> (0x80), no tag (0x0), and length 20), so I defined a new ASN1_ITEM
> type that uses the d2i_ASN1_bytes()/i2d_ASN1_bytes() for parsing or
> generating the value:
> Maybe a little hackerish solution... but this is the easiest I could
> think of. Does anybody have a better solution ?

Well at first sight that looks like an IMPLICIT tag which replaces the normal
tag with the context specific value. It is not possible to determine the
underlying type from the encoding itself as it has been replaced. So you need
the ASN.1 spec to see the appropriate type to use.

In that particular example it looks like an SHA1 hash (20 bytes long) so we
could use an implicitly tagged OCTET STRING like this:

	ASN1_IMP(struct_name, field_name, ASN1_OCTET_STRING, 0),

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list