Trouble trying to create a custom ASN.1 object via Openssl Config file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Using Openssl version: OpenSSL 1.1.1f 31 Mar 2020

I am trying to encode an arbitrary ASN.1 SEQUENCE in an OpenSSL Config file and I want the result to look like an ECDSA subject key:

0042:    |  30 59               ; SEQUENCE (59 Bytes)
0044:    |  |  30 13                ; SEQUENCE (13 Bytes)
0046:    |  |  |  06 07             ; OBJECT_ID (7 Bytes)
0048:    |  |  |  |  2a 86 48 ce 3d 02 01
         |  |  |  |     ; 1.2.840.10045.2.1 ECC
004f:    |  |  |  06 08             ; OBJECT_ID (8 Bytes)
0051:    |  |  |     2a 86 48 ce 3d 03 01 07
         |  |  |        ; 1.2.840.10045.3.1.7 ECDSA_P256 (x962P256v1)
0059:    |  |  03 42                ; BIT_STRING (42 Bytes)
005b:    |  |     00
005c:    |  |     04 f4 df ac 6c 8d e5 b0  6c 55 29 13 1e fe 35 9a
006c:    |  |     c6 06 57 97 ca c5 6f 1b  9e 3b cd 46 f3 01 91 0e
007c:    |  |     2a 5b 93 fe 6b d3 04 06  44 6c 54 e7 f5 b5 f5 81
008c:    |  |     d4 a4 eb 12 9f e7 ae 27  f6 97 c8 f6 d3 e6 c8 9b
009c:    |  |     3a

Both the documentation: https://www.openssl.org/docs/man1.1.1/man3/ASN1_generate_nconf.html and a cursory inspection of the OpenSSL source code: https://github.com/openssl/openssl/blob/master/crypto/asn1/asn1_gen.c seem to agree that it should be possible to pass a hex string to BITSTR and/ot OCTETSTRING.
However, I've tried many combinations in the config file and either I get the ASCII interpretation of the data or an error parsing the config file.

I am trying to construct the sequence like this:
[ ECDSA_PublicKeyInfo ]
SubjectPublicKeyInfo=SEQUENCE:ecdsa256_alg
hex1=BITWRAP,BITSTR:0x04112233445566778899aabbccddeeff
hex2=INTEGER:0x04112233445566778899aabbccddeeff
hex3=BITWRAP,INTEGER:0x04112233445566778899aabbccddeeff
The INTEGER lines correct interpret the HEX, but the BITSTR line does not.  However, Integer inserts the integer marker bytes (02 10) into the data stream, which I don't want.
I have also tried: hex1=BITWRAP,BITSTR,HEX:0x04112233445566778899aabbccddeeff
This generates an error during parsing, and
hex1=BITWRAP,BITSTR:HEX:0x04112233445566778899aabbccddeeff

encodes "HEX" into the data stream.
How can I construct the sequence shown above with an OpenSSL Config file?  Is this just impossible?

Full example below.

Thanks,
Brad

Command lines:

openssl ecparam -name prime256v1 -genkey -out ecc256.pem
openssl req -new -key ecc256.pem -out ecc256_req.pem -config config.txt
config.txt:

[ req ]
distinguished_name = req_dn
req_extensions = req_ext
prompt = no
encrypt_key = no
digest = sha256
version=2

[ req_dn ]
C=US
ST=SomeState
CN=Something

[ req_ext ]
# SubjectDirectoryAttributes
2.5.29.9=ASN1:SEQUENCE:EccPublicKeyInfo

[EccPublicKeyInfo]
X=SEQUENCE:ECDSA_PublicKeyInfo

[ecdsa256_alg]
algorithm=OID:1.2.840.10045.2.1
parameter=OID:1.2.840.10045.3.1.7

[ ECDSA_PublicKeyInfo ]
SubjectPublicKeyInfo=SEQUENCE:ecdsa256_alg
hex1=BITWRAP,BITSTR:0x04112233445566778899aabbccddeeff
hex2=INTEGER:0x04112233445566778899aabbccddeeff
hex3=BITWRAP,INTEGER:0x04112233445566778899aabbccddeeff



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux