Hello, I am still developing an attribute certificates module for OpenSSL, I solved the problem of the attribute "policyAuthority": everything solved using GENERAL_NAME instead of GENERAL_NAMES.
Now I have a couple of questions concerning "clearance" attributes and enumerated. 1.- The definition of this attribute is the one that follows: Clearance ::= SEQUENCE { policyId [0] OBJECT IDENTIFIER, classList [1] ClassList DEFAULT {unclassified}, securityCategories [2] SET OF SecurityCategory OPTIONAL } ClassList ::= BIT STRING { unmarked (0), unclassified (1), restricted (2) confidential (3), secret (4), topSecret (5) } SecurityCategory ::= SEQUENCE { type [0] IMPLICIT OBJECT IDENTIFIER, value [1] ANY DEFINED BY type } I have been having a look to OpenSSL code y I didn't found how to declare the field ClassList (maybe I did not search in the correct places). How can I limit the BIT STRING to 5 elements? 2.- What about ENUMERATED anyCode :: name ENUMERATED{ item1 (1), item2 (2), item3 (3),.. } Thanks a lot Daniel -- Daniel Diaz Sanchez Telecommunication Engineer Researcher / Teaching Assistant Dep. Ing. Telemática Universidad Carlos III de Madrid Av. Universidad, 30 28911 Leganés (Madrid/Spain) Tel: (+34) 91-624-8817, Fax: -8749 Web: http://www.it.uc3m.es/dds web: http://www.it.uc3m.es/pervasive Mail: [EMAIL PROTECTED] [--Remove nospam to contact--] > -----Mensaje original----- > De: Daniel Díaz Sánchez [mailto:[EMAIL PROTECTED] > Enviado el: jueves, 16 de marzo de 2006 17:41 > Para: 'openssl-users@openssl.org' > Asunto: RE: Errors when coding X509 attributes - help needed > > Dr. Henson, > > I am using your ASN1 module, with some modifications to adapt it to the > RFC3281. I have been busy, but now I have some time, let me try your > recommendations in order to correct the ASN1 syntax of the attributes. > I will provide feedback ASAP. > > Thank you for your help, > > -- > Daniel Diaz Sanchez > Telecommunication Engineer > Researcher / Teaching Assistant > > > Dep. Ing. Telemática > Universidad Carlos III de Madrid > Av. Universidad, 30 > 28911 Leganés (Madrid/Spain) > Tel: (+34) 91-624-8817, Fax: -8749 > Web: www.it.uc3m.es/dds > web: http://www.it.uc3m.es/pervasive > Mail: [EMAIL PROTECTED] > [--Remove nospam to contact--] > > > There is an attribute certificate ASN1 module in my "play" area on > > openssl.org. > > > > At least one problem is the policyAuthority syntax. The GENERAL_NAMES > type > > is > > what is known as an item teplate and you can't apply modifiers to that > so > > the > > ASN1_OPT line wont work. > > > > Instead you use the GENERAL_NAME type and delcare that as a SEQUENCE OF > > IMPLICIT, OPT. > > > > Steve. > > -- > > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > > OpenSSL project core developer and freelance consultant. > > Funding needed! Details on homepage. > > Homepage: http://www.drh-consultancy.demon.co.uk > > > > -----Mensaje original----- > > De: [EMAIL PROTECTED] [mailto:owner-openssl- > > [EMAIL PROTECTED] En nombre de Dr. Stephen Henson > > Enviado el: lunes, 20 de febrero de 2006 13:32 > > Para: openssl-users@openssl.org > > Asunto: Re: Errors when coding X509 attributes - help needed > > > > On Mon, Feb 20, 2006, Daniel Daz Snchez wrote: > > > > > [Sorry for the prior empty mails I am experiencing some problems with > > mail] > > > > > > Hello, > > > > > > Im implementing some X509 attributes for a Openssl based X509 > attribute > > > certificates API (will be available when finished). I have some > problems > > > with one attribute, I don't know if I am implementing it correctly or > > not so > > > I need help. Let me present the problem: fist the definition (by the > > IETF) > > > of the attribute, then the implementation details (declaration and > > > implementation) and the piece of code that does not work. Any help > would > > be > > > indeed very much grateful. > > > > > > -Definition (IETF) > > > > > > IetfAttrSyntax ::= SEQUENCE { > > > policyAuthority [0] GeneralNames OPTIONAL, > > > values SEQUENCE OF CHOICE { > > > octets OCTET STRING, > > > oid OBJECT IDENTIFIER, > > > string UTF8String > > > } > > > } > > > > > > -Declaration (.h) > > > > > > typedef struct IetfAttrSyntax_st { > > > GENERAL_NAMES *policyAuthority; > > > int type; > > > union{ > > > ASN1_OCTET_STRING *octets; > > > ASN1_OBJECT *oid; > > > ASN1_UTF8STRING *string; > > > }values; > > > } IetfAttrSyntax; > > > > > > DECLARE_ASN1_ITEM(IetfAttrSyntax) > > > DECLARE_ASN1_FUNCTIONS(IetfAttrSyntax) > > > > > > -Implementation (.c) > > > > > > ASN1_CHOICE(IetfAttrValues)= { > > > ASN1_SIMPLE(IetfAttrSyntax ,values.octets , ASN1_OCTET_STRING ), > > > ASN1_SIMPLE(IetfAttrSyntax ,values.oid , ASN1_OBJECT ), > > > ASN1_SIMPLE(IetfAttrSyntax ,values.string , ASN1_UTF8STRING ) > > > }ASN1_CHOICE_END_selector(IetfAttrSyntax, IetfAttrValues, type); > > > > > > ASN1_SEQUENCE(IetfAttrSyntax) = { > > > ASN1_OPT(IetfAttrSyntax, policyAuthority, GENERAL_NAMES, 0), > > > ASN1_EX_COMBINE(0, 0, IetfAttrValues) > > > }ASN1_SEQUENCE_END(IetfAttrSyntax); > > > > > > IMPLEMENT_ASN1_FUNCTIONS(IetfAttrSyntax) > > > IMPLEMENT_ASN1_DUP_FUNCTION(IetfAttrSyntax) > > > > > > > > > > There is an attribute certificate ASN1 module in my "play" area on > > openssl.org. > > > > At least one problem is the policyAuthority syntax. The GENERAL_NAMES > type > > is > > what is known as an item teplate and you can't apply modifiers to that > so > > the > > ASN1_OPT line wont work. > > > > Instead you use the GENERAL_NAME type and delcare that as a SEQUENCE OF > > IMPLICIT, OPT. > > > > Steve. > > -- > > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > > OpenSSL project core developer and freelance consultant. > > Funding needed! Details on homepage. > > Homepage: http://www.drh-consultancy.demon.co.uk > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager [EMAIL PROTECTED] > > > > -- > > No virus found in this incoming message. > > Checked by AVG Free Edition. > > Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: > 14/03/2006 > > > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 14/03/2006 > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]