RE: [EXTERNAL] Re: IMPLEMENT_ASN1_FUNCTIONS tutorial or help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> My latest attempt to code the below DER is this.  It compiles, but the d2i
> segfaults on apparently the second element.
> 
> Anything obviously wrong?
> 
> typedef struct  {
>      ASN1_INTEGER *version;
>      ASN1_INTEGER *serialNumber;
>      X509_ALGOR *signature;
>      X509_PUBKEY *key;
> } TPM_ADDTOCERT;
> 
> ASN1_SEQUENCE(TPM_ADDTOCERT) = {
>      ASN1_EXP_OPT(TPM_ADDTOCERT, version, ASN1_INTEGER, 0),
>      ASN1_EMBED(TPM_ADDTOCERT, serialNumber, ASN1_INTEGER),
>      ASN1_EMBED(TPM_ADDTOCERT, signature, X509_ALGOR),
>      ASN1_SIMPLE(TPM_ADDTOCERT, key, X509_PUBKEY), }
> ASN1_SEQUENCE_END(TPM_ADDTOCERT)
> 
> DECLARE_ASN1_FUNCTIONS(TPM_ADDTOCERT)
> IMPLEMENT_ASN1_FUNCTIONS(TPM_ADDTOCERT)
> 
> 	const unsigned char *tmpptr = out.addedToCertificate.t.buffer;
> 	TPM_ADDTOCERT *addToCert = d2i_TPM_ADDTOCERT(NULL,
> 				      &tmpptr, out.addedToCertificate.t.size);

The dump you show below is:
Attributes (set, tagged with a 0, optional)
Version
privateKeyAlgorithm
privateKey

This is a PKCS#8 packet for a key.  The encapsulated data is the RSA public key in PKCS1 format.  I know OpenSSL has built-in PKCS#8 capability, though I do note that the optional attribute set is out of sequence.

Either way, you could look at the PKCS8 source code and simply move the attribute to the beginning and otherwise duplicate the ASN1 parts and structure there, even if OpenSSL fails to parse this not-quite-spec packet.

References:
https://datatracker.ietf.org/doc/html/rfc8017#page-54 (PKCS#1)
https://datatracker.ietf.org/doc/html/rfc5208#page-5 (PKCS#8)

> 
> On 8/16/2021 4:56 PM, Ken Goldman wrote:
> >
> > The dump looks like this:
> >
> >   0 337: SEQUENCE {
> >    4   3: . [0] {
> >    6   1: . . INTEGER 2
> >         : . . }
> >    9  21: . INTEGER 00 87 12 50 78 0A C9 8B 60 DD AC FA 75 18 05 EC DC
> > 30 51 53 23
> >   32  13: . SEQUENCE {
> >   34   9: . . OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840
> > 113549 1 1 11)
> >         : . . . (PKCS #1)
> >   45   0: . . NULL
> >         : . . }
> >   47 290: . SEQUENCE {
> >   51  13: . . SEQUENCE {
> >   53   9: . . . OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
> >         : . . . . (PKCS #1)
> >   64   0: . . . NULL
> >         : . . . }
> >   66 271: . . BIT STRING, encapsulates {
> >   71 266: . . . SEQUENCE {
> >   75 257: . . . . INTEGER
> >         : . . . . . 00 B0 83 4A E9 41 78 E0 6A C3 0F D6 E4 B9 7D 96
> >         : . . . . . 70 74 05 00 C9 E2 2C 6C 4C 6E 16 02 40 5C 35 29
> >         : . . . . . F6 EF 9F 55 3A BD 4B 74 1D 6A 21 38 20 69 C8 88
> >         : . . . . . A3 6B 56 62 2A 91 02 41 58 92 97 87 19 1C AD 19
> >         : . . . . . 53 56 FB 7E 9D 86 B8 4E 8D 82 6A 87 A7 93 55 8F
> >         : . . . . . AB E8 89 D7 63 0B C9 02 99 D8 37 F8 FB 6B 32 98
> >         : . . . . . 6A 05 3F 9E 22 B6 D3 6F BB BE 2D AC 6C 74 17 5D
> >         : . . . . . 15 EE 84 E5 A4 8F 9C C3 83 CD 83 81 63 EC B5 85
> >         : . . . . . 6B 1A B8 57 80 2C ED E3 A7 F2 8C F7 3F 13 D9 27
> >         : . . . . . 2E 64 37 49 E6 47 8E 0A 11 64 46 72 DD F9 EB 4F
> >         : . . . . . B8 13 58 0B 47 F7 72 AB 29 D6 A5 05 44 30 E7 8D
> >         : . . . . . FE 86 8A E8 5F 10 91 13 04 57 47 96 A7 97 28 3C
> >         : . . . . . 39 BD 23 3F C6 41 5E 45 3F A5 41 F5 BF 7D C2 7C
> >         : . . . . . CC F9 97 20 3F 20 82 AF 64 8C BC 0D 99 F4 BA 10
> >         : . . . . . 53 58 C5 EC 86 DE 26 ED D9 D6 F2 60 49 C9 E7 9B
> >         : . . . . . 6A 64 D2 BC C5 0E B0 1D EB 45 43 89 A6 4E 64 B4
> >         : . . . . . A1
> > 336   3: . . . . INTEGER 65537
> >         : . . . . }
> >         : . . . }
> >         : . . }
> >         : . }
> >
> >
> >
> 





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux