Trouble trying to create a custom ASN.1 object via Openssl Config file

BitBlitz at mailboxdrop.com BitBlitz at mailboxdrop.com
Wed May 5 21:28:09 UTC 2021 

Using Openssl version: OpenSSL 1.1.1f 31 Mar 2020

I am trying to encode an arbitrary ASN.1 SEQUENCE in an OpenSSL Config file and I want the result to look like an ECDSA subject key: 

0042:    |  30 59               ; SEQUENCE (59 Bytes)0044:    |  |  30 13                ; SEQUENCE (13 Bytes)0046:    |  |  |  06 07             ; OBJECT_ID (7 Bytes)0048:    |  |  |  |  2a 86 48 ce 3d 02 01         |  |  |  |     ; 1.2.840.10045.2.1 ECC004f:    |  |  |  06 08             ; OBJECT_ID (8 Bytes)0051:    |  |  |     2a 86 48 ce 3d 03 01 07         |  |  |        ; 1.2.840.10045.3.1.7 ECDSA_P256 (x962P256v1)0059:    |  |  03 42                ; BIT_STRING (42 Bytes)005b:    |  |     00005c:    |  |     04 f4 df ac 6c 8d e5 b0  6c 55 29 13 1e fe 35 9a006c:    |  |     c6 06 57 97 ca c5 6f 1b  9e 3b cd 46 f3 01 91 0e007c:    |  |     2a 5b 93 fe 6b d3 04 06  44 6c 54 e7 f5 b5 f5 81008c:    |  |     d4 a4 eb 12 9f e7 ae 27  f6 97 c8 f6 d3 e6 c8 9b009c:    |  |     3a
Both the documentation: https://www.openssl.org/docs/man1.1.1/man3/ASN1_generate_nconf.html and a cursory inspection of the OpenSSL source code: https://github.com/openssl/openssl/blob/master/crypto/asn1/asn1_gen.c seem to agree that it should be possible to pass a hex string to BITSTR and/ot OCTETSTRING.
However, I've tried many combinations in the config file and either I get the ASCII interpretation of the data or an error parsing the config file.

I am trying to construct the sequence like this:[ ECDSA_PublicKeyInfo ]
SubjectPublicKeyInfo=SEQUENCE:ecdsa256_alg
hex1=BITWRAP,BITSTR:0x04112233445566778899aabbccddeeff
hex2=INTEGER:0x04112233445566778899aabbccddeeff
hex3=BITWRAP,INTEGER:0x04112233445566778899aabbccddeeffThe INTEGER lines correct interpret the HEX, but the BITSTR line does not.  However, Integer inserts the integer marker bytes (02 10) into the data stream, which I don't want.
I have also tried: hex1=BITWRAP,BITSTR,HEX:0x04112233445566778899aabbccddeeff
This generates an error during parsing, and
hex1=BITWRAP,BITSTR:HEX:0x04112233445566778899aabbccddeeff

encodes "HEX" into the data stream.How can I construct the sequence shown above with an OpenSSL Config file?  Is this just impossible?

Full example below.

Thanks,
Brad

Command lines:

openssl ecparam -name prime256v1 -genkey -out ecc256.pem 
openssl req -new -key ecc256.pem -out ecc256_req.pem -config config.txtconfig.txt:

[ req ]
distinguished_name = req_dn
req_extensions = req_ext
prompt = no
encrypt_key = no
digest = sha256
version=2

[ req_dn ]
C=US
ST=SomeState
CN=Something

[ req_ext ]
# SubjectDirectoryAttributes
2.5.29.9=ASN1:SEQUENCE:EccPublicKeyInfo

[EccPublicKeyInfo]
X=SEQUENCE:ECDSA_PublicKeyInfo

[ecdsa256_alg]
algorithm=OID:1.2.840.10045.2.1
parameter=OID:1.2.840.10045.3.1.7

[ ECDSA_PublicKeyInfo ]
SubjectPublicKeyInfo=SEQUENCE:ecdsa256_alg
hex1=BITWRAP,BITSTR:0x04112233445566778899aabbccddeeff
hex2=INTEGER:0x04112233445566778899aabbccddeeff
hex3=BITWRAP,INTEGER:0x04112233445566778899aabbccddeeff


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210505/7b2131f8/attachment.html>

More information about the openssl-users mailing list