[EXTERNAL] Re: IMPLEMENT_ASN1_FUNCTIONS tutorial or help
Sands, Daniel
dnsands at sandia.gov
Wed Aug 18 01:47:59 UTC 2021
> My latest attempt to code the below DER is this. It compiles, but the d2i
> segfaults on apparently the second element.
>
> Anything obviously wrong?
>
> typedef struct {
> ASN1_INTEGER *version;
> ASN1_INTEGER *serialNumber;
> X509_ALGOR *signature;
> X509_PUBKEY *key;
> } TPM_ADDTOCERT;
>
> ASN1_SEQUENCE(TPM_ADDTOCERT) = {
> ASN1_EXP_OPT(TPM_ADDTOCERT, version, ASN1_INTEGER, 0),
> ASN1_EMBED(TPM_ADDTOCERT, serialNumber, ASN1_INTEGER),
> ASN1_EMBED(TPM_ADDTOCERT, signature, X509_ALGOR),
> ASN1_SIMPLE(TPM_ADDTOCERT, key, X509_PUBKEY), }
> ASN1_SEQUENCE_END(TPM_ADDTOCERT)
>
> DECLARE_ASN1_FUNCTIONS(TPM_ADDTOCERT)
> IMPLEMENT_ASN1_FUNCTIONS(TPM_ADDTOCERT)
>
> const unsigned char *tmpptr = out.addedToCertificate.t.buffer;
> TPM_ADDTOCERT *addToCert = d2i_TPM_ADDTOCERT(NULL,
> &tmpptr, out.addedToCertificate.t.size);
The dump you show below is:
Attributes (set, tagged with a 0, optional)
Version
privateKeyAlgorithm
privateKey
This is a PKCS#8 packet for a key. The encapsulated data is the RSA public key in PKCS1 format. I know OpenSSL has built-in PKCS#8 capability, though I do note that the optional attribute set is out of sequence.
Either way, you could look at the PKCS8 source code and simply move the attribute to the beginning and otherwise duplicate the ASN1 parts and structure there, even if OpenSSL fails to parse this not-quite-spec packet.
References:
https://datatracker.ietf.org/doc/html/rfc8017#page-54 (PKCS#1)
https://datatracker.ietf.org/doc/html/rfc5208#page-5 (PKCS#8)
>
> On 8/16/2021 4:56 PM, Ken Goldman wrote:
> >
> > The dump looks like this:
> >
> > 0 337: SEQUENCE {
> > 4 3: . [0] {
> > 6 1: . . INTEGER 2
> > : . . }
> > 9 21: . INTEGER 00 87 12 50 78 0A C9 8B 60 DD AC FA 75 18 05 EC DC
> > 30 51 53 23
> > 32 13: . SEQUENCE {
> > 34 9: . . OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840
> > 113549 1 1 11)
> > : . . . (PKCS #1)
> > 45 0: . . NULL
> > : . . }
> > 47 290: . SEQUENCE {
> > 51 13: . . SEQUENCE {
> > 53 9: . . . OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
> > : . . . . (PKCS #1)
> > 64 0: . . . NULL
> > : . . . }
> > 66 271: . . BIT STRING, encapsulates {
> > 71 266: . . . SEQUENCE {
> > 75 257: . . . . INTEGER
> > : . . . . . 00 B0 83 4A E9 41 78 E0 6A C3 0F D6 E4 B9 7D 96
> > : . . . . . 70 74 05 00 C9 E2 2C 6C 4C 6E 16 02 40 5C 35 29
> > : . . . . . F6 EF 9F 55 3A BD 4B 74 1D 6A 21 38 20 69 C8 88
> > : . . . . . A3 6B 56 62 2A 91 02 41 58 92 97 87 19 1C AD 19
> > : . . . . . 53 56 FB 7E 9D 86 B8 4E 8D 82 6A 87 A7 93 55 8F
> > : . . . . . AB E8 89 D7 63 0B C9 02 99 D8 37 F8 FB 6B 32 98
> > : . . . . . 6A 05 3F 9E 22 B6 D3 6F BB BE 2D AC 6C 74 17 5D
> > : . . . . . 15 EE 84 E5 A4 8F 9C C3 83 CD 83 81 63 EC B5 85
> > : . . . . . 6B 1A B8 57 80 2C ED E3 A7 F2 8C F7 3F 13 D9 27
> > : . . . . . 2E 64 37 49 E6 47 8E 0A 11 64 46 72 DD F9 EB 4F
> > : . . . . . B8 13 58 0B 47 F7 72 AB 29 D6 A5 05 44 30 E7 8D
> > : . . . . . FE 86 8A E8 5F 10 91 13 04 57 47 96 A7 97 28 3C
> > : . . . . . 39 BD 23 3F C6 41 5E 45 3F A5 41 F5 BF 7D C2 7C
> > : . . . . . CC F9 97 20 3F 20 82 AF 64 8C BC 0D 99 F4 BA 10
> > : . . . . . 53 58 C5 EC 86 DE 26 ED D9 D6 F2 60 49 C9 E7 9B
> > : . . . . . 6A 64 D2 BC C5 0E B0 1D EB 45 43 89 A6 4E 64 B4
> > : . . . . . A1
> > 336 3: . . . . INTEGER 65537
> > : . . . . }
> > : . . . }
> > : . . }
> > : . }
> >
> >
> >
>
More information about the openssl-users
mailing list