ASN1 <-> DER encoding with application tag
Max Larsson
max.larsson at facilityboss.biz
Thu Nov 4 13:58:03 UTC 2021
Hi everyone,
I’m trying to decode and encode Der structure. In my case that are DER encoded GSSAPI structure.
My DER encoded data looks like this (stripped the pending bytes):
0x60 0x7e 0x06 0x06 0x2b 0x06 0x01 0x05 0x05 0x02 0xa0 0x74
My ANS1 definition in my source look like this:
typedef struct ContextToken_st {
ASN1_OBJECT *mech;
ASN1_OCTET_STRING *innerContextToken;
} GSSAPI_CONTEXTTOKEN;
DECLARE_ASN1_FUNCTIONS( GSSAPI_CONTEXTTOKEN )
ASN1_SEQUENCE( GSSAPI_CONTEXTTOKEN ) = {
ASN1_SIMPLE( GSSAPI_CONTEXTTOKEN, mech, ASN1_OBJECT ),
ASN1_SIMPLE( GSSAPI_CONTEXTTOKEN, innerContextToken, ASN1_OCTET_STRING )
} ASN1_SEQUENCE_END( GSSAPI_CONTEXTTOKEN )
IMPLEMENT_ASN1_FUNCTIONS( GSSAPI_CONTEXTTOKEN )
Parsing the above DER data fails, so I decided to encode a own Der structure, to see where the difference is with my setup:
. . .
negToken = GSSAPI_CONTEXTTOKEN_new();
if( negToken != NULL ) {
negToken->mech = OBJ_txt2obj( "1.3.6.1.5.5.2",0 );
negToken->innerContextToken = ASN1_OCTET_STRING_new();
const unsigned char mechToken[] = "\xa0\x74\x30 // … stripped for readability
const size_t mechTokenSize = sizeof( mechToken ) - 1;
printf( "Size of inner token: %zu\n",mechTokenSize );
ASN1_OCTET_STRING_set( negToken->innerContextToken,mechToken,mechTokenSize );
buffer = NULL;
size_t bufferSize = i2d_GSSAPI_CONTEXTTOKEN( negToken,NULL );
printf( "Required buffer size for DER encoding of ASN1 structure: %zu\n",bufferSize );
unsigned char *buffer = malloc( bufferSize );
unsigned char *p = buffer;
i2d_GSSAPI_CONTEXTTOKEN( negToken,&p );
for( int len = 0;len < bufferSize;len++ ) {
if( ( len % 8 ) == 0 )
printf( " " );
if( ( len % 16 ) == 0 )
printf( "\n\t\t" );
printf( " 0x%02x",(short)buffer[ len ] );
}
printf( "\n" );
. . .
The code above output the following DER encoded structure (the difference marled in bold):
0x30 0x81 0x80 0x06 0x06 0x2b 0x06 0x01 0x05 0x05 0x02 0x04 0x76 0xa0 0x74
The google result, which I found seems to point into the direction to use application tags to encode.
But I haven’t found any example or how to how to achieve this with openssl, can anyone give me sone hints?
Best regards
Max Larsson
Mit freundlichen Grüßen
Best regards
Dipl.-Inform. Max Larsson
Geschäftsleitung
________________________________
phone: +49(0)6151/62908-75
fax:
email: max.larsson at facilityboss.biz<mailto:max.larsson at facilityboss.biz>
web: http://facilityboss.biz
[facilityboss]<http://facilityboss.biz>
Bad Nauheimer Str. 4
64289 Darmstadt
Germany
Sitz der Gesellschaft: Darmstadt
Registergericht: Amtsgericht Darmstadt, HRB 86193
Geschäftsführer: Dipl.-Inform Max Lars Robert Larsson
________________________________
Diese E-Mail enthält unter Umständen vertrauliche und/oder rechtlich geschützte Informationen, die allein für den Adressaten bestimmt sind. Wenn Sie nicht der zutreffende Adressat sind oder diese E-Mail irrtümlich erhalten haben, ist jede Verwendung, Verbreitung, Kopie oder Bezugnahme auf den Inhalt dieser E-Mail verboten. Bitte informieren Sie uns über einen eventuellen Irrtum per Telefon, per Telefax oder E-Mail.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient, any disclosure, copying, distribution or reference on the contents of this e-mail is strictly prohibited. If you have received this e-mail in error please notify us by e-mail, facsimile or phone call.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211104/b96fd5f0/attachment-0001.html>
More information about the openssl-users
mailing list