Hi everyone,
I'm trying to write a CGI program to generate timestamps for the
Authenticode(TM) digital signature system.
I'm having trouble extracting the original ContentInfo from the timestamp
request (the ContentInfo is required to generate a valid reply). Since the
requests are Base64-encoded, I have set up a BIO that reads the request from
standard input and decodes it via the OpenSSL builtin Base64 filter; however,
it seems that the request is not parsed correctly.
Since I have adapted the ASN1 definitions from the osslsigncode project, is
it possible that the absence of the attributes member in the ASN1
definitions is causing the request not to be decoded correctly?
I attach a test program and a sample timestamp request for clarification.
Thanks for your help,
Alessandro Menti
- Test program -
#include stdio.h
#include stdlib.h
#include openssl/asn1.h
#include openssl/asn1t.h
#include openssl/bio.h
#include openssl/objects.h
#include openssl/pem.h
#include openssl/pkcs7.h
/*
The ASN.1 format of the timestamp request, according to MSDN (see
http://this), is:
TimeStampRequest ::= SEQUENCE {
countersignatureType OBJECT IDENTIFIER,
attributes Attributes OPTIONAL,
content ContentInfo
}
The countersignatureType is the OID 1.3.6.1.4.1.311.3.2.1; the
attributes are not interpreted and the content is a ContentInfo
as defined by PKCS#7.
The definitions below have been adapted from the osslsigncode project
(http://sf.net/projects/osslsigncode/).
*/
typedef struct {
ASN1_OBJECT *type;
ASN1_OCTET_STRING *data;
} TimeStampContentInfo;
typedef struct {
ASN1_OBJECT *countersignatureType;
TimeStampContentInfo *content;
} TimeStampRequest;
ASN1_SEQUENCE(TimeStampContentInfo) = {
ASN1_SIMPLE(TimeStampContentInfo, type, ASN1_OBJECT),
ASN1_EXP_OPT(TimeStampContentInfo, data, ASN1_OCTET_STRING, 0)
} ASN1_SEQUENCE_END(TimeStampContentInfo)
DECLARE_ASN1_FUNCTIONS(TimeStampRequest)
ASN1_SEQUENCE(TimeStampRequest) = {
ASN1_SIMPLE(TimeStampRequest, countersignatureType, ASN1_OBJECT),
ASN1_SIMPLE(TimeStampRequest, content, TimeStampContentInfo)
} ASN1_SEQUENCE_END(TimeStampRequest)
IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequest)
/* Function prototypes */
TimeStampRequest *d2i_TimeStampRequest_bio(BIO *bp, TimeStampRequest **tsr);
int main() {
PKCS7_SIGNER_INFO *respSigner;
BIO *dataFeedIn, *dataFilter;
TimeStampRequest *request;
OpenSSL_add_all_algorithms();
dataFilter=BIO_new(BIO_f_base64());
dataFeedIn=BIO_new_fp(stdin, BIO_NOCLOSE);
dataFeedIn=BIO_push(dataFilter, dataFeedIn);
request=d2i_TimeStampRequest_bio(dataFeedIn, NULL);
/* If decoding was successful, request should be a pointer to a valid
TimeStampRequest structure; otherwise, it should be NULL */
if (request==NULL)
printf(Error\n);
else
printf(Success\n);
return 0;
}
TimeStampRequest *d2i_TimeStampRequest_bio(BIO *bp, TimeStampRequest **tsr) {
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(TimeStampRequest), bp, tsr);
}
- Sample timestamp request -
MIICIwYKKwYBBAGCNwMCATCCAhMGCSqGSIb3DQEHAaCCAgQEggIANlq5EqVVVLmMCQ9na+KbNTYHaFZ/s/XGttBL+ZCBjA3LCH/fqRyTrlfiUj758X6usGzMU0xaCKNVezuj3OCrI19GeBHn4xpT9CQY+ZgWqNdXO04A0Vtu253tvXHnkfu2lmrnLKsQt9YcvyB1eEWiqW/eZECTlsl9cchKzC7z8fj1I2r8Zs3RgXfgFbV6d9iSCxcoGgHfoDKmiOaYIkDP6apc83yDNdfj486EQ2GrRIUPrlLnnctlMZ0OGCqAsIzt0E2Ye3TAy9Q0HsZNdDbYYcpCLiH1H2HJFq8U1oDJaS5+O60eaA3qsZ+phyBNTUT80Lpbs/kV3JvEl64+/9YHpRHvYlMc14dXo0qStmLko4iSxY2i5XB3ud9zlZPNy595+IglJ4fXs9i8Vqla0sdiAKmoZBQqBJOEeuP0M2A/OWpLuw/7EUliHeE0HLLYxG79CvPP1/4hhUlx7F3WlCjIwPG0Yfj3m75wdgWxPnehcrCKv+UzHiYlWcJnFy0wu7fLzXTQnUCdnO7wu56PRgCKPDwuDamtE5yTEeV68C6Q8GOmUOBrDdy3LTYB2LOzy1q4tfS2I0wUsYr0yX9tnSoUIEdoGHGWnULv10sFHWx5gefDJBjMZ552JuvuCZcG/JrHURaaaKc0ftvt8K6thXjNhOhUrARR2Bm6rqdCW/NoOyA=
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org