I'm trying to parse the content of an ASN1_OCTET_STRING, which I know/expect
to be a DER encoded SEQUENCE, into an object. I need to do this because I'm
trying to verify an Authenticode signature. I need to generate a digest of
the contents of the signedData sans the type & length bytes. Now generating
the object via d2i_PKCS7 results in the
p7->d.sign->contents->d.other->value.octet_string containing the contents of
the ContentInfo.content [0] which is itself a SEQUENCE
(SpcIndirectDataContent). Unfortunately, Authenticode needs the digest of
the content of SpcIndirectDataContent. Therein lies the reason why I'm
trying to 'peel' off one layer to get at the data. I was initially hunting
for a generic SEQUENCE object that I could parse the data but I couldn't
find one.
I have attempted to create a SEQUENCE from the template but have yet to get
it to work. This is what I've tried:
///////HEADER FILE:
typedef struct authenticode_inner_content_st
{
ASN1_OCTET_STRING *pData;
} AUTHENTICODE_INNER_CONTENT;
DECLARE_ASN1_FUNCTIONS(AUTHENTICODE_INNER_CONTENT)
typedef struct authenticode_content_st
{
AUTHENTICODE_INNER_CONTENT *pInnerContent;
} AUTHENTICODE_CONTENT;
DECLARE_ASN1_FUNCTIONS(AUTHENTICODE_CONTENT)
///////CPP FILE:
ASN1_SEQUENCE(AUTHENTICODE_INNER_CONTENT) = {
ASN1_SIMPLE(AUTHENTICODE_INNER_CONTENT, pData, ASN1_OCTET_STRING)
}ASN1_SEQUENCE_END(AUTHENTICODE_INNER_CONTENT)
ASN1_SEQUENCE(AUTHENTICODE_CONTENT) = {
ASN1_SIMPLE(AUTHENTICODE_CONTENT, pInnerContent, AUTHENTICODE_INNER_CONTENT)
}ASN1_SEQUENCE_END(AUTHENTICODE_CONTENT)
IMPLEMENT_ASN1_FUNCTIONS(AUTHENTICODE_INNER_CONTENT)
IMPLEMENT_ASN1_FUNCTIONS(AUTHENTICODE_CONTENT)
...
ASN1_OCTET_STRING *content =
p7->d.sign->contents->d.other->value.octet_string;
AUTHENTICODE_CONTENT *pAuthContent = d2i_AUTHENTICODE_CONTENT(NULL, (const
unsigned char**)&content->data, content->length);
...
////////////////////////////////////////////
d2i_AUTHENTICODE_CONTENT(...) errors out.
-Clee
On Thu, Sep 22, 2011 at 10:07 AM, Dr. Stephen Henson <[email protected]>wrote:
> On Thu, Sep 22, 2011, Chang Lee wrote:
>
> > Thanks Dominik for the tip. Actually, I have been poring over the
> OpenSSL
> > code, though we're using the 0.9.8 branch, hoping to find a built-in
> > primitive SEQUENCE to use but to no avail. As you say, there are
> templates
> > for primitives and I looked at how the PKCS7 was composed from those
> > primitives but there are so many levels of indirection that it's time
> > consuming to follow. I guess using C to implement features that object
> > oriented languages such as C++ expose declaratively makes things more
> > complex. I'll keep looking...
> >
>
> Can you be a bit more specific about what you are trying to do? Do you want
> to
> parse a specific ASN1 structure or handle a general case?
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [email protected]
> Automated List Manager [email protected]
>
