Hello,
I am still developing an attribute certificates module for OpenSSL, I solved
the problem of the attribute "policyAuthority": everything solved using
GENERAL_NAME instead of GENERAL_NAMES.
Now I have a couple of questions concerning "clearance" attributes and
enumerated.
1.- The definition of this attribute is the one that follows:
Clearance ::= SEQUENCE {
policyId [0] OBJECT IDENTIFIER,
classList [1] ClassList DEFAULT {unclassified},
securityCategories
[2] SET OF SecurityCategory OPTIONAL
}
ClassList ::= BIT STRING {
unmarked (0),
unclassified (1),
restricted (2)
confidential (3),
secret (4),
topSecret (5)
}
SecurityCategory ::= SEQUENCE {
type [0] IMPLICIT OBJECT IDENTIFIER,
value [1] ANY DEFINED BY type
}
I have been having a look to OpenSSL code y I didn't found how to declare
the field ClassList (maybe I did not search in the correct places). How can
I limit the BIT STRING to 5 elements?
2.- What about ENUMERATED
anyCode ::
name ENUMERATED{
item1 (1),
item2 (2),
item3 (3),..
}
Thanks a lot
Daniel
--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749
Web: http://www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
Mail: [EMAIL PROTECTED]
[--Remove nospam to contact--]
> -----Mensaje original-----
> De: Daniel Díaz Sánchez [mailto:[EMAIL PROTECTED]
> Enviado el: jueves, 16 de marzo de 2006 17:41
> Para: 'openssl-users@openssl.org'
> Asunto: RE: Errors when coding X509 attributes - help needed
>
> Dr. Henson,
>
> I am using your ASN1 module, with some modifications to adapt it to the
> RFC3281. I have been busy, but now I have some time, let me try your
> recommendations in order to correct the ASN1 syntax of the attributes.
> I will provide feedback ASAP.
>
> Thank you for your help,
>
> --
> Daniel Diaz Sanchez
> Telecommunication Engineer
> Researcher / Teaching Assistant
>
>
> Dep. Ing. Telemática
> Universidad Carlos III de Madrid
> Av. Universidad, 30
> 28911 Leganés (Madrid/Spain)
> Tel: (+34) 91-624-8817, Fax: -8749
> Web: www.it.uc3m.es/dds
> web: http://www.it.uc3m.es/pervasive
> Mail: [EMAIL PROTECTED]
> [--Remove nospam to contact--]
>
> > There is an attribute certificate ASN1 module in my "play" area on
> > openssl.org.
> >
> > At least one problem is the policyAuthority syntax. The GENERAL_NAMES
> type
> > is
> > what is known as an item teplate and you can't apply modifiers to that
> so
> > the
> > ASN1_OPT line wont work.
> >
> > Instead you use the GENERAL_NAME type and delcare that as a SEQUENCE OF
> > IMPLICIT, OPT.
> >
> > Steve.
> > --
> > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> > OpenSSL project core developer and freelance consultant.
> > Funding needed! Details on homepage.
> > Homepage: http://www.drh-consultancy.demon.co.uk
>
>
> > -----Mensaje original-----
> > De: [EMAIL PROTECTED] [mailto:owner-openssl-
> > [EMAIL PROTECTED] En nombre de Dr. Stephen Henson
> > Enviado el: lunes, 20 de febrero de 2006 13:32
> > Para: openssl-users@openssl.org
> > Asunto: Re: Errors when coding X509 attributes - help needed
> >
> > On Mon, Feb 20, 2006, Daniel Daz Snchez wrote:
> >
> > > [Sorry for the prior empty mails I am experiencing some problems with
> > mail]
> > >
> > > Hello,
> > >
> > > Im implementing some X509 attributes for a Openssl based X509
> attribute
> > > certificates API (will be available when finished). I have some
> problems
> > > with one attribute, I don't know if I am implementing it correctly or
> > not so
> > > I need help. Let me present the problem: fist the definition (by the
> > IETF)
> > > of the attribute, then the implementation details (declaration and
> > > implementation) and the piece of code that does not work. Any help
> would
> > be
> > > indeed very much grateful.
> > >
> > > -Definition (IETF)
> > >
> > > IetfAttrSyntax ::= SEQUENCE {
> > > policyAuthority [0] GeneralNames OPTIONAL,
> > > values SEQUENCE OF CHOICE {
> > > octets OCTET STRING,
> > > oid OBJECT IDENTIFIER,
> > > string UTF8String
> > > }
> > > }
> > >
> > > -Declaration (.h)
> > >
> > > typedef struct IetfAttrSyntax_st {
> > > GENERAL_NAMES *policyAuthority;
> > > int type;
> > > union{
> > > ASN1_OCTET_STRING *octets;
> > > ASN1_OBJECT *oid;
> > > ASN1_UTF8STRING *string;
> > > }values;
> > > } IetfAttrSyntax;
> > >
> > > DECLARE_ASN1_ITEM(IetfAttrSyntax)
> > > DECLARE_ASN1_FUNCTIONS(IetfAttrSyntax)
> > >
> > > -Implementation (.c)
> > >
> > > ASN1_CHOICE(IetfAttrValues)= {
> > > ASN1_SIMPLE(IetfAttrSyntax ,values.octets , ASN1_OCTET_STRING ),
> > > ASN1_SIMPLE(IetfAttrSyntax ,values.oid , ASN1_OBJECT ),
> > > ASN1_SIMPLE(IetfAttrSyntax ,values.string , ASN1_UTF8STRING )
> > > }ASN1_CHOICE_END_selector(IetfAttrSyntax, IetfAttrValues, type);
> > >
> > > ASN1_SEQUENCE(IetfAttrSyntax) = {
> > > ASN1_OPT(IetfAttrSyntax, policyAuthority, GENERAL_NAMES, 0),
> > > ASN1_EX_COMBINE(0, 0, IetfAttrValues)
> > > }ASN1_SEQUENCE_END(IetfAttrSyntax);
> > >
> > > IMPLEMENT_ASN1_FUNCTIONS(IetfAttrSyntax)
> > > IMPLEMENT_ASN1_DUP_FUNCTION(IetfAttrSyntax)
> > >
> > >
> >
> > There is an attribute certificate ASN1 module in my "play" area on
> > openssl.org.
> >
> > At least one problem is the policyAuthority syntax. The GENERAL_NAMES
> type
> > is
> > what is known as an item teplate and you can't apply modifiers to that
> so
> > the
> > ASN1_OPT line wont work.
> >
> > Instead you use the GENERAL_NAME type and delcare that as a SEQUENCE OF
> > IMPLICIT, OPT.
> >
> > Steve.
> > --
> > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> > OpenSSL project core developer and freelance consultant.
> > Funding needed! Details on homepage.
> > Homepage: http://www.drh-consultancy.demon.co.uk
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List openssl-users@openssl.org
> > Automated List Manager [EMAIL PROTECTED]
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date:
> 14/03/2006
> >
>
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 14/03/2006
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
