Your ASN.1 looks a lot like what I am sending in my own signing
tools (developed independently from the sf project you mention).
I ran your example request through Peter Gutman's dumpasn1 with
my old config file, and here is the output, which looks like the
same requests I generate (no attributes, explicit [0] tag before
the OCTET string):
0 547: SEQUENCE {
4 10: OBJECT IDENTIFIER
: timestampRequest (1 3 6 1 4 1 311 3 2 1)
16 531: SEQUENCE {
20 9: OBJECT IDENTIFIER
: data (1 2 840 113549 1 7 1)
31 516: [0] {
35 512: OCTET STRING
: 36 5A B9 12 A5 55 54 B9 8C 09 0F 67 6B E2 9B 35
: 36 07 68 56 7F B3 F5 C6 B6 D0 4B F9 90 81 8C 0D
: CB 08 7F DF A9 1C 93 AE 57 E2 52 3E F9 F1 7E AE
: B0 6C CC 53 4C 5A 08 A3 55 7B 3B A3 DC E0 AB 23
: 5F 46 78 11 E7 E3 1A 53 F4 24 18 F9 98 16 A8 D7
: 57 3B 4E 00 D1 5B 6E DB 9D ED BD 71 E7 91 FB B6
: 96 6A E7 2C AB 10 B7 D6 1C BF 20 75 78 45 A2 A9
: 6F DE 64 40 93 96 C9 7D 71 C8 4A CC 2E F3 F1 F8
: [ Another 384 bytes skipped ]
: }
: }
: }
I suspect that your OpenSSL declarations are missing the explicit
[0] tag.
On 18-08-2010 11:23, Alessandro Menti wrote:
Hi everyone,
I'm trying to write a CGI program to generate timestamps for the
Authenticode(TM) digital signature system.
I'm having trouble extracting the original ContentInfo from the timestamp
request (the ContentInfo is required to generate a valid reply). Since the
requests are Base64-encoded, I have set up a BIO that reads the request from
standard input and decodes it via the OpenSSL builtin Base64 filter; however,
it seems that the request is not parsed correctly.
Since I have adapted the ASN1 definitions from the osslsigncode project, is
it possible that the absence of the "attributes" member in the ASN1
definitions is causing the request not to be decoded correctly?
I attach a test program and a sample timestamp request for clarification.
Thanks for your help,
Alessandro Menti
----- Test program -----
#include<stdio.h>
#include<stdlib.h>
#include<openssl/asn1.h>
#include<openssl/asn1t.h>
#include<openssl/bio.h>
#include<openssl/objects.h>
#include<openssl/pem.h>
#include<openssl/pkcs7.h>
/*
The ASN.1 format of the timestamp request, according to MSDN (see
http://this), is:
TimeStampRequest ::= SEQUENCE {
countersignatureType OBJECT IDENTIFIER,
attributes Attributes OPTIONAL,
content ContentInfo
}
The countersignatureType is the OID 1.3.6.1.4.1.311.3.2.1; the
attributes are not interpreted and the content is a ContentInfo
as defined by PKCS#7.
The definitions below have been adapted from the osslsigncode project
(http://sf.net/projects/osslsigncode/).
*/
typedef struct {
ASN1_OBJECT *type;
ASN1_OCTET_STRING *data;
} TimeStampContentInfo;
typedef struct {
ASN1_OBJECT *countersignatureType;
TimeStampContentInfo *content;
} TimeStampRequest;
ASN1_SEQUENCE(TimeStampContentInfo) = {
ASN1_SIMPLE(TimeStampContentInfo, type, ASN1_OBJECT),
ASN1_EXP_OPT(TimeStampContentInfo, data, ASN1_OCTET_STRING, 0)
} ASN1_SEQUENCE_END(TimeStampContentInfo)
DECLARE_ASN1_FUNCTIONS(TimeStampRequest)
ASN1_SEQUENCE(TimeStampRequest) = {
ASN1_SIMPLE(TimeStampRequest, countersignatureType, ASN1_OBJECT),
ASN1_SIMPLE(TimeStampRequest, content, TimeStampContentInfo)
} ASN1_SEQUENCE_END(TimeStampRequest)
IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequest)
/* Function prototypes */
TimeStampRequest *d2i_TimeStampRequest_bio(BIO *bp, TimeStampRequest **tsr);
int main() {
PKCS7_SIGNER_INFO *respSigner;
BIO *dataFeedIn, *dataFilter;
TimeStampRequest *request;
OpenSSL_add_all_algorithms();
dataFilter=BIO_new(BIO_f_base64());
dataFeedIn=BIO_new_fp(stdin, BIO_NOCLOSE);
dataFeedIn=BIO_push(dataFilter, dataFeedIn);
request=d2i_TimeStampRequest_bio(dataFeedIn, NULL);
/* If decoding was successful, request should be a pointer to a valid
TimeStampRequest structure; otherwise, it should be NULL */
if (request==NULL)
printf("Error\n");
else
printf("Success\n");
return 0;
}
TimeStampRequest *d2i_TimeStampRequest_bio(BIO *bp, TimeStampRequest **tsr) {
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(TimeStampRequest), bp, tsr);
}
----- Sample timestamp request -----
MIICIwYKKwYBBAGCNwMCATCCAhMGCSqGSIb3DQEHAaCCAgQEggIANlq5EqVVVLmMCQ9na+KbNTYHaFZ/s/XGttBL+ZCBjA3LCH/fqRyTrlfiUj758X6usGzMU0xaCKNVezuj3OCrI19GeBHn4xpT9CQY+ZgWqNdXO04A0Vtu253tvXHnkfu2lmrnLKsQt9YcvyB1eEWiqW/eZECTlsl9cchKzC7z8fj1I2r8Zs3RgXfgFbV6d9iSCxcoGgHfoDKmiOaYIkDP6apc83yDNdfj486EQ2GrRIUPrlLnnctlMZ0OGCqAsIzt0E2Ye3TAy9Q0HsZNdDbYYcpCLiH1H2HJFq8U1oDJaS5+O60eaA3qsZ+phyBNTUT80Lpbs/kV3JvEl64+/9YHpRHvYlMc14dXo0qStmLko4iSxY2i5XB3ud9zlZPNy595+IglJ4fXs9i8Vqla0sdiAKmoZBQqBJOEeuP0M2A/OWpLuw/7EUliHeE0HLLYxG79CvPP1/4hhUlx7F3WlCjIwPG0Yfj3m75wdgWxPnehcrCKv+UzHiYlWcJnFy0wu7fLzXTQnUCdnO7wu56PRgCKPDwuDamtE5yTEeV68C6Q8GOmUOBrDdy3LTYB2LOzy1q4tfS2I0wUsYr0yX9tnSoUIEdoGHGWnULv10sFHWx5gefDJBjMZ552JuvuCZcG/JrHURaaaKc0ftvt8K6thXjNhOhUrARR2Bm6rqdCW/NoOyA=
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
