Encoding and comparing certificates with NSS

2011-01-29 Thread Ambroz Bizjak 
Hello.
I have a problem with NSS. Here's what I'm trying to achieve:

I have systems A and B which have a connection established. Then
system C connects to system A through SSL, identifying itself with a
client certificate. System C is then also expeted to connect to system
B, and in doing so, it must identify with the same client certificate
as it did to A. So, I made A encode C's certificate to DER format and
send it to system B, before ordering C to connect to B. Once C
connects to B, B byte-compares the peer provided ant the server
provided certificates to make sure they match.

Here's how I encoded the certificate (on system A once handshake is
done, and on B inside the SSL_AuthCertificateHook callback):

CERTCertificate *cert = SSL_PeerCertificate(client->ssl_prfd);
...
PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
...
SECItem der;
der.len = 0;
der.data = NULL;
SEC_ASN1EncodeItem(arena, &der, cert,
SEC_ASN1_GET(CERT_CertificateTemplate)
...

It worked, the two DER encoded certificates matched on system B.
However, now I decided that B needs to know the common name of C
before C actually connects to B, for logging purposes. It could
determine that by parsing the DER cerificate provided by system A. I
tried several functions which appear to be for parsing a certificate
into a CERTCertificate object (CERT_DecodeCertFromPackage,
CERT_NewTempCertificate, CERT_DecodeDERCertificate). However it always
failed. CERT_DecodeCertFromPackage fails with error
SEC_ERROR_LIBRARY_FAILURE, which was translated from
NSS_ERROR_NOT_FOUND.

I tried parsing the DER certificate (as encoded by SEC_ASN1EncodeItem)
with openssl, and it too has problems:
$ openssl x509 -inform der -in cert.der
unable to load certificate
139697169598120:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
139697169598120:error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:
381:Type=X509_CINF
139697169598120:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:
751:Field=cert_info, Type=X509
$ openssl asn1parse -in cert.der -inform DER
0:d=0  hl=4 l= 311 cons: SEQUENCE
4:d=1  hl=2 l=   3 cons: cont [ 0 ]
6:d=2  hl=2 l=   1 prim: INTEGER   :02
9:d=1  hl=2 l=   5 prim: INTEGER   :913ED80F
   16:d=1  hl=2 l=  13 cons: SEQUENCE
   18:d=2  hl=2 l=   9 prim: OBJECT:sha1WithRSAEncryption
   29:d=2  hl=2 l=   0 prim: NULL
   31:d=1  hl=2 l=  19 cons: SEQUENCE
   33:d=2  hl=2 l=  17 cons: SET
   35:d=3  hl=2 l=  15 cons: SEQUENCE
   37:d=4  hl=2 l=   3 prim: OBJECT:commonName
   42:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :ca-local
   52:d=1  hl=2 l=  30 cons: SEQUENCE
   54:d=2  hl=2 l=  13 prim: UTCTIME   :100626225323Z
   69:d=2  hl=2 l=  13 prim: UTCTIME   :110626225323Z
   84:d=1  hl=2 l=  21 cons: SEQUENCE
   86:d=2  hl=2 l=  19 cons: SET
   88:d=3  hl=2 l=  17 cons: SEQUENCE
   90:d=4  hl=2 l=   3 prim: OBJECT:commonName
   95:d=4  hl=2 l=  10 prim: PRINTABLESTRING   :peer-plata
  107:d=1  hl=3 l= 159 cons: SEQUENCE
  110:d=2  hl=2 l=  13 cons: SEQUENCE
  112:d=3  hl=2 l=   9 prim: OBJECT:rsaEncryption
  123:d=3  hl=2 l=   0 prim: NULL
  125:d=2  hl=3 l= 141 prim: BIT STRING
  269:d=1  hl=2 l=  44 cons: cont [ 3 ]
  271:d=2  hl=2 l=  42 cons: SEQUENCE
  273:d=3  hl=2 l=   9 cons: SEQUENCE
  275:d=4  hl=2 l=   3 prim: OBJECT:X509v3 Basic
Constraints
  280:d=4  hl=2 l=   2 prim: OCTET STRING  [HEX DUMP]:3000
  284:d=3  hl=2 l=  29 cons: SEQUENCE
  286:d=4  hl=2 l=   3 prim: OBJECT:X509v3 Extended Key
Usage
  291:d=4  hl=2 l=  22 prim: OCTET STRING  [HEX DUMP]:
301406082B0601050507030106082B06010505070302

So, why is the certificate being encoded incorrectly? Also, is this a
portable way of comparing cetificates (e.g. can I be sure that another
SSL library will produce the same data)? I read that the DER format is
specifically designed so that there is only one way to encode a given
input. Is there some function that provides me with the raw
certificate as provided by the peer (rather than NSS deconding it and
my program encoding it back)? Or, should I be comparing only specific
parts of the certificate (common name, public key)?
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

S/MIME encrypted e-mails

2011-01-29 Thread Matej Kurpel 

Hello,

as far as I know, Thunderbird sends encrypted e-mails as an attachment 
named "smime.p7m".
Can anybody let me briefly know what this file contains? I know this 
from previous e-mail conversation from this mailing list:


"The sender generates an ephemeral 3-DES key one for each receiver, then 
encrypts (wraps) each key using that receivers' RSA public key. In order 
to read a message, you have to decrypt (unwrap) the 3-DES key that was 
encrypted using your RSA public key. Then, you have to decrypt the 
messsage using the 3-DES key you just unwrapped."


Does that mean the p7m file contains multiple copies of the same 
message, each copy encrypted using a different key?
Also, it looks like it contains some certificates. Unfortunately, the 
software I am using (ASN.1 Editor) doesn't read the p7m file despite the 
fact that it looks as a DER-encoded file at a first glance (even after 
removing the zero-byte padding).

Anyone can shed some light on the contents of "smime.p7m" ?
Thanks in advance,

M. Kurpel

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto