ASN1 <-> DER encoding with application tag

Max Larsson <max.larsson@xxxxxxxxxxxxxxxx> · Thu, 4 Nov 2021 13:58:03 +0000

Hi everyone,

I’m trying to decode and encode Der structure. In my case that are DER encoded GSSAPI structure.

My DER encoded data looks like this (stripped the pending bytes):

0x60
0x7e
0x06
0x06
0x2b
0x06
0x01
0x05
0x05
0x02
0xa0
0x74

My ANS1 definition in my source look like this:

typedef
struct ContextToken_st {
    ASN1_OBJECT *mech;
    ASN1_OCTET_STRING *innerContextToken;
} GSSAPI_CONTEXTTOKEN;

DECLARE_ASN1_FUNCTIONS( GSSAPI_CONTEXTTOKEN )

ASN1_SEQUENCE( GSSAPI_CONTEXTTOKEN ) = {
    ASN1_SIMPLE( GSSAPI_CONTEXTTOKEN, mech, ASN1_OBJECT ),
    ASN1_SIMPLE( GSSAPI_CONTEXTTOKEN, innerContextToken, ASN1_OCTET_STRING  )
} ASN1_SEQUENCE_END( GSSAPI_CONTEXTTOKEN )  

IMPLEMENT_ASN1_FUNCTIONS( GSSAPI_CONTEXTTOKEN )

Parsing the above DER data fails, so I decided to encode a own Der structure, to see where the difference is with my setup:

. . .

    negToken = GSSAPI_CONTEXTTOKEN_new();

if( negToken !=
NULL ) {
        negToken->mech = OBJ_txt2obj(
"1.3.6.1.5.5.2",0
 );
        negToken->innerContextToken = ASN1_OCTET_STRING_new();

const
unsigned
char mechToken[]
 = "\xa0\x74\x30
// … stripped for readability

const
size_t mechTokenSize =
sizeof( mechToken ) -
1;

        printf(
"Size of inner token: %zu\n",mechTokenSize );
        ASN1_OCTET_STRING_set( negToken->innerContextToken,mechToken,mechTokenSize );

        buffer =
NULL;

size_t bufferSize = i2d_GSSAPI_CONTEXTTOKEN( negToken,NULL
 );

        printf(
"Required buffer size for DER encoding of ASN1 structure: %zu\n",bufferSize );

unsigned
char *buffer = malloc( bufferSize );

unsigned
char *p = buffer;
        i2d_GSSAPI_CONTEXTTOKEN( negToken,&p );

    for(
int len =
0;len < bufferSize;len++ ) {

if( ( len %
8 ) ==
0 )
                printf(
"  " );

if( ( len %
16 ) ==
0 )
                printf(
"\n\t\t" );
            printf(
" 0x%02x",(short)buffer[
 len ] );
        }
        printf(
"\n" );

    . . .

The code above output the following DER encoded structure (the difference marled in bold):

0x30
0x81 0x80
 0x06
0x06
0x2b
0x06
0x01
0x05
0x05
0x02
0x04 0x76 0xa0
0x74

The google result, which I found seems to point into the direction to use application tags to encode.

But I haven’t found any example or how to how to achieve this with openssl, can anyone give me sone hints?

Best regards

Max Larsson

Mit freundlichen Grüßen

Best regards
Dipl.-Inform. Max Larsson

Geschäftsleitung

phone: +49(0)6151/62908-75

fax: 

email: 
max.larsson@xxxxxxxxxxxxxxxx

web: 
http://facilityboss.biz

Bad Nauheimer Str. 4

64289 Darmstadt

Germany
Sitz der Gesellschaft: Darmstadt

Registergericht: Amtsgericht Darmstadt, HRB 86193

Geschäftsführer: Dipl.-Inform Max Lars Robert Larsson

Diese E-Mail enthält unter Umständen vertrauliche und/oder rechtlich geschützte Informationen, die allein für den Adressaten bestimmt sind. Wenn Sie nicht der zutreffende Adressat sind oder diese E-Mail irrtümlich erhalten haben, ist jede Verwendung, Verbreitung,
 Kopie oder Bezugnahme auf den Inhalt dieser E-Mail verboten. Bitte informieren Sie uns über einen eventuellen Irrtum per Telefon, per Telefax oder E-Mail.

This e-mail may contain confidential and/or privileged information. If you are not the intended recipient, any disclosure, copying, distribution or reference on the contents of this e-mail is strictly prohibited. If you have received this e-mail in error please
 notify us by e-mail, facsimile or phone call.