The data is not correct if it supposed to match RFC 2743. The first byte is [APPLICATION 0]. That seems fine.
The second byte provides a length for the full SEQUENCE. It says there are 126 bytes, but you do not have that many. Russ > On Nov 4, 2021, at 10:18 AM, Max Larsson <max.lars...@facilityboss.biz> wrote: > > Hi Russ, > > do you mean that the DER data > > 0x60 0x7e 0x06 0x06 0x2b 0x06 0x01 0x05 0x05 0x02 0xa0 0x74 > > is wrong? > > If so, that DER data have I captured with wireshark from an smb2 session > setup request. > and that’s even I try to decode with help of openssl. If the case is that > that data is wrongly, > is there a way to get decode with openssl anyway? > > Max > > From: Russ Housley <hous...@vigilsec.com <mailto:hous...@vigilsec.com>> > Date: Thursday, 4. November 2021 at 15:08 > To: Max Larsson <max.lars...@facilityboss.biz > <mailto:max.lars...@facilityboss.biz>> > Cc: openssl-users@openssl.org <mailto:openssl-users@openssl.org> > <openssl-users@openssl.org <mailto:openssl-users@openssl.org>> > Subject: Re: ASN1 <-> DER encoding with application tag > > RFC 2743 shows this structure: > MechType ::= OBJECT IDENTIFIER > -- data structure definitions > -- callers must be able to distinguish among > -- InitialContextToken, SubsequentContextToken, > -- PerMsgToken, and SealedMessage data elements > -- based on the usage in which they occur > > InitialContextToken ::= > -- option indication (delegation, etc.) indicated within > -- mechanism-specific token > [APPLICATION 0] IMPLICIT SEQUENCE { > thisMech MechType, > innerContextToken ANY DEFINED BY thisMech > -- contents mechanism-specific > -- ASN.1 structure not required > } > The encoded data that you provided dies begin with the [APPLICATION 0] tag, > then it if followed by by the { 1 3 6 1 5 5 2 } object identifier. > > Russ > > > On Nov 4, 2021, at 9:58 AM, Max Larsson <max.lars...@facilityboss.biz > <mailto:max.lars...@facilityboss.biz>> wrote: > > Hi everyone, > > I’m trying to decode and encode Der structure. In my case that are DER > encoded GSSAPI structure. > > My DER encoded data looks like this (stripped the pending bytes): > > 0x60 0x7e 0x06 0x06 0x2b 0x06 0x01 0x05 0x05 0x02 0xa0 0x74 > > My ANS1 definition in my source look like this: > > typedef struct ContextToken_st { > ASN1_OBJECT *mech; > ASN1_OCTET_STRING *innerContextToken; > } GSSAPI_CONTEXTTOKEN; > > DECLARE_ASN1_FUNCTIONS( GSSAPI_CONTEXTTOKEN ) > > ASN1_SEQUENCE( GSSAPI_CONTEXTTOKEN ) = { > ASN1_SIMPLE( GSSAPI_CONTEXTTOKEN, mech, ASN1_OBJECT ), > ASN1_SIMPLE( GSSAPI_CONTEXTTOKEN, innerContextToken, ASN1_OCTET_STRING ) > } ASN1_SEQUENCE_END( GSSAPI_CONTEXTTOKEN ) > > IMPLEMENT_ASN1_FUNCTIONS( GSSAPI_CONTEXTTOKEN ) > > Parsing the above DER data fails, so I decided to encode a own Der structure, > to see where the difference is with my setup: > > . . . > negToken = GSSAPI_CONTEXTTOKEN_new(); > if( negToken != NULL ) { > negToken->mech = OBJ_txt2obj( "1.3.6.1.5.5.2",0 ); > negToken->innerContextToken = ASN1_OCTET_STRING_new(); > > const unsigned char mechToken[] = "\xa0\x74\x30 // … stripped for > readability > > const size_t mechTokenSize = sizeof( mechToken ) - 1; > printf( "Size of inner token: %zu\n",mechTokenSize ); > ASN1_OCTET_STRING_set( > negToken->innerContextToken,mechToken,mechTokenSize ); > > buffer = NULL; > size_t bufferSize = i2d_GSSAPI_CONTEXTTOKEN( negToken,NULL ); > > printf( "Required buffer size for DER encoding of ASN1 structure: > %zu\n",bufferSize ); > > unsigned char *buffer = malloc( bufferSize ); > unsigned char *p = buffer; > i2d_GSSAPI_CONTEXTTOKEN( negToken,&p ); > > for( int len = 0;len < bufferSize;len++ ) { > if( ( len % 8 ) == 0 ) > printf( " " ); > if( ( len % 16 ) == 0 ) > printf( "\n\t\t" ); > printf( " 0x%02x",(short)buffer[ len ] ); > } > printf( "\n" ); > . . . > > The code above output the following DER encoded structure (the difference > marled in bold): > > 0x30 0x81 0x80 0x06 0x06 0x2b 0x06 0x01 0x05 0x05 0x02 0x04 0x76 0xa0 0x74 > > The google result, which I found seems to point into the direction to use > application tags to encode. > > But I haven’t found any example or how to how to achieve this with openssl, > can anyone give me sone hints? > > > Best regards > > Max Larsson > Mit freundlichen Grüßen > Best regards > Dipl.-Inform. Max Larsson > Geschäftsleitung > phone: +49(0)6151/62908-75 > fax: > email: max.lars...@facilityboss.biz <mailto:max.lars...@facilityboss.biz> > web: http://facilityboss.biz <http://facilityboss.biz/> > <http://facilityboss.biz/> > Bad Nauheimer Str. 4 > 64289 Darmstadt > Germany > Sitz der Gesellschaft: Darmstadt > Registergericht: Amtsgericht Darmstadt, HRB 86193 > Geschäftsführer: Dipl.-Inform Max Lars Robert Larsson > > Diese E-Mail enthält unter Umständen vertrauliche und/oder rechtlich > geschützte Informationen, die allein für den Adressaten bestimmt sind. Wenn > Sie nicht der zutreffende Adressat sind oder diese E-Mail irrtümlich erhalten > haben, ist jede Verwendung, Verbreitung, Kopie oder Bezugnahme auf den Inhalt > dieser E-Mail verboten. Bitte informieren Sie uns über einen eventuellen > Irrtum per Telefon, per Telefax oder E-Mail. > > This e-mail may contain confidential and/or privileged information. If you > are not the intended recipient, any disclosure, copying, distribution or > reference on the contents of this e-mail is strictly prohibited. If you have > received this e-mail in error please notify us by e-mail, facsimile or phone > call.