Your ASN.1 looks a lot like what I am sending in my own signing tools (developed independently from the sf project you mention).
I ran your example request through Peter Gutman's dumpasn1 with my old config file, and here is the output, which looks like the same requests I generate (no attributes, explicit [0] tag before the OCTET string): 0 547: SEQUENCE { 4 10: OBJECT IDENTIFIER : timestampRequest (1 3 6 1 4 1 311 3 2 1) 16 531: SEQUENCE { 20 9: OBJECT IDENTIFIER : data (1 2 840 113549 1 7 1) 31 516: [0] { 35 512: OCTET STRING : 36 5A B9 12 A5 55 54 B9 8C 09 0F 67 6B E2 9B 35 : 36 07 68 56 7F B3 F5 C6 B6 D0 4B F9 90 81 8C 0D : CB 08 7F DF A9 1C 93 AE 57 E2 52 3E F9 F1 7E AE : B0 6C CC 53 4C 5A 08 A3 55 7B 3B A3 DC E0 AB 23 : 5F 46 78 11 E7 E3 1A 53 F4 24 18 F9 98 16 A8 D7 : 57 3B 4E 00 D1 5B 6E DB 9D ED BD 71 E7 91 FB B6 : 96 6A E7 2C AB 10 B7 D6 1C BF 20 75 78 45 A2 A9 : 6F DE 64 40 93 96 C9 7D 71 C8 4A CC 2E F3 F1 F8 : [ Another 384 bytes skipped ] : } : } : } I suspect that your OpenSSL declarations are missing the explicit [0] tag. On 18-08-2010 11:23, Alessandro Menti wrote:
Hi everyone, I'm trying to write a CGI program to generate timestamps for the Authenticode(TM) digital signature system. I'm having trouble extracting the original ContentInfo from the timestamp request (the ContentInfo is required to generate a valid reply). Since the requests are Base64-encoded, I have set up a BIO that reads the request from standard input and decodes it via the OpenSSL builtin Base64 filter; however, it seems that the request is not parsed correctly. Since I have adapted the ASN1 definitions from the osslsigncode project, is it possible that the absence of the "attributes" member in the ASN1 definitions is causing the request not to be decoded correctly? I attach a test program and a sample timestamp request for clarification. Thanks for your help, Alessandro Menti ----- Test program ----- #include<stdio.h> #include<stdlib.h> #include<openssl/asn1.h> #include<openssl/asn1t.h> #include<openssl/bio.h> #include<openssl/objects.h> #include<openssl/pem.h> #include<openssl/pkcs7.h> /* The ASN.1 format of the timestamp request, according to MSDN (see http://this), is: TimeStampRequest ::= SEQUENCE { countersignatureType OBJECT IDENTIFIER, attributes Attributes OPTIONAL, content ContentInfo } The countersignatureType is the OID 1.3.6.1.4.1.311.3.2.1; the attributes are not interpreted and the content is a ContentInfo as defined by PKCS#7. The definitions below have been adapted from the osslsigncode project (http://sf.net/projects/osslsigncode/). */ typedef struct { ASN1_OBJECT *type; ASN1_OCTET_STRING *data; } TimeStampContentInfo; typedef struct { ASN1_OBJECT *countersignatureType; TimeStampContentInfo *content; } TimeStampRequest; ASN1_SEQUENCE(TimeStampContentInfo) = { ASN1_SIMPLE(TimeStampContentInfo, type, ASN1_OBJECT), ASN1_EXP_OPT(TimeStampContentInfo, data, ASN1_OCTET_STRING, 0) } ASN1_SEQUENCE_END(TimeStampContentInfo) DECLARE_ASN1_FUNCTIONS(TimeStampRequest) ASN1_SEQUENCE(TimeStampRequest) = { ASN1_SIMPLE(TimeStampRequest, countersignatureType, ASN1_OBJECT), ASN1_SIMPLE(TimeStampRequest, content, TimeStampContentInfo) } ASN1_SEQUENCE_END(TimeStampRequest) IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequest) /* Function prototypes */ TimeStampRequest *d2i_TimeStampRequest_bio(BIO *bp, TimeStampRequest **tsr); int main() { PKCS7_SIGNER_INFO *respSigner; BIO *dataFeedIn, *dataFilter; TimeStampRequest *request; OpenSSL_add_all_algorithms(); dataFilter=BIO_new(BIO_f_base64()); dataFeedIn=BIO_new_fp(stdin, BIO_NOCLOSE); dataFeedIn=BIO_push(dataFilter, dataFeedIn); request=d2i_TimeStampRequest_bio(dataFeedIn, NULL); /* If decoding was successful, request should be a pointer to a valid TimeStampRequest structure; otherwise, it should be NULL */ if (request==NULL) printf("Error\n"); else printf("Success\n"); return 0; } TimeStampRequest *d2i_TimeStampRequest_bio(BIO *bp, TimeStampRequest **tsr) { return ASN1_item_d2i_bio(ASN1_ITEM_rptr(TimeStampRequest), bp, tsr); } ----- Sample timestamp request ----- MIICIwYKKwYBBAGCNwMCATCCAhMGCSqGSIb3DQEHAaCCAgQEggIANlq5EqVVVLmMCQ9na+KbNTYHaFZ/s/XGttBL+ZCBjA3LCH/fqRyTrlfiUj758X6usGzMU0xaCKNVezuj3OCrI19GeBHn4xpT9CQY+ZgWqNdXO04A0Vtu253tvXHnkfu2lmrnLKsQt9YcvyB1eEWiqW/eZECTlsl9cchKzC7z8fj1I2r8Zs3RgXfgFbV6d9iSCxcoGgHfoDKmiOaYIkDP6apc83yDNdfj486EQ2GrRIUPrlLnnctlMZ0OGCqAsIzt0E2Ye3TAy9Q0HsZNdDbYYcpCLiH1H2HJFq8U1oDJaS5+O60eaA3qsZ+phyBNTUT80Lpbs/kV3JvEl64+/9YHpRHvYlMc14dXo0qStmLko4iSxY2i5XB3ud9zlZPNy595+IglJ4fXs9i8Vqla0sdiAKmoZBQqBJOEeuP0M2A/OWpLuw/7EUliHeE0HLLYxG79CvPP1/4hhUlx7F3WlCjIwPG0Yfj3m75wdgWxPnehcrCKv+UzHiYlWcJnFy0wu7fLzXTQnUCdnO7wu56PRgCKPDwuDamtE5yTEeV68C6Q8GOmUOBrDdy3LTYB2LOzy1q4tfS2I0wUsYr0yX9tnSoUIEdoGHGWnULv10sFHWx5gefDJBjMZ552JuvuCZcG/JrHURaaaKc0ftvt8K6thXjNhOhUrARR2Bm6rqdCW/NoOyA= ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org