RE: Errors when coding X509 attributes - help needed

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

RE: Errors when coding X509 attributes - help needed

Daniel Diaz Sanchez-2
Hello,

I am still developing an attribute certificates module for OpenSSL, I solved
the problem of the attribute "policyAuthority": everything solved using
GENERAL_NAME instead of GENERAL_NAMES.

Now I have a couple of questions concerning "clearance" attributes and
enumerated.

1.- The definition of this attribute is the one that follows:

       Clearance  ::=  SEQUENCE {
             policyId  [0] OBJECT IDENTIFIER,
             classList [1] ClassList DEFAULT {unclassified},
             securityCategories
                      [2] SET OF SecurityCategory OPTIONAL
        }

        ClassList  ::=  BIT STRING {
             unmarked       (0),
             unclassified   (1),
             restricted     (2)
             confidential   (3),
             secret         (4),
             topSecret      (5)
        }

        SecurityCategory ::= SEQUENCE {
             type      [0]  IMPLICIT OBJECT IDENTIFIER,
             value     [1]  ANY DEFINED BY type
        }

I have been having a look to OpenSSL code y I didn't found how to declare
the field ClassList (maybe I did not search in the correct places). How can
I limit the BIT STRING to 5 elements?

2.- What about ENUMERATED
    anyCode ::
    name ENUMERATED{
        item1  (1),
        item2  (2),
        item3  (3),..
    }

Thanks a lot

Daniel

--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 

Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749
Web: http://www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
Mail: [hidden email]
[--Remove nospam to contact--]


> -----Mensaje original-----
> De: Daniel Díaz Sánchez [mailto:[hidden email]]
> Enviado el: jueves, 16 de marzo de 2006 17:41
> Para: '[hidden email]'
> Asunto: RE: Errors when coding X509 attributes - help needed
>
> Dr. Henson,
>
> I am using your ASN1 module, with some modifications to adapt it to the
> RFC3281. I have been busy, but now I have some time, let me try your
> recommendations in order to correct the ASN1 syntax of the attributes.
> I will provide feedback ASAP.
>
> Thank you for your help,
>
> --
> Daniel Diaz Sanchez
> Telecommunication Engineer
> Researcher / Teaching Assistant
>
>
> Dep. Ing. Telemática
> Universidad Carlos III de Madrid
> Av. Universidad, 30
> 28911 Leganés (Madrid/Spain)
> Tel: (+34) 91-624-8817, Fax: -8749
> Web: www.it.uc3m.es/dds
> web: http://www.it.uc3m.es/pervasive
> Mail: [hidden email]
> [--Remove nospam to contact--]
>
> > There is an attribute certificate ASN1 module in my "play" area on
> > openssl.org.
> >
> > At least one problem is the policyAuthority syntax. The GENERAL_NAMES
> type
> > is
> > what is known as an item teplate and you can't apply modifiers to that
> so
> > the
> > ASN1_OPT line wont work.
> >
> > Instead you use the GENERAL_NAME type and delcare that as a SEQUENCE OF
> > IMPLICIT, OPT.
> >
> > Steve.
> > --
> > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> > OpenSSL project core developer and freelance consultant.
> > Funding needed! Details on homepage.
> > Homepage: http://www.drh-consultancy.demon.co.uk
>
>
> > -----Mensaje original-----
> > De: [hidden email] [mailto:owner-openssl-
> > [hidden email]] En nombre de Dr. Stephen Henson
> > Enviado el: lunes, 20 de febrero de 2006 13:32
> > Para: [hidden email]
> > Asunto: Re: Errors when coding X509 attributes - help needed
> >
> > On Mon, Feb 20, 2006, Daniel Daz Snchez wrote:
> >
> > > [Sorry for the prior empty mails I am experiencing some problems with
> > mail]
> > >
> > > Hello,
> > >
> > > I’m implementing some X509 attributes for a Openssl based X509
> attribute
> > > certificates API (will be available when finished). I have some
> problems
> > > with one attribute, I don't know if I am implementing it correctly or
> > not so
> > > I need help. Let me present the problem: fist the definition (by the
> > IETF)
> > > of the attribute, then the implementation details (declaration and
> > > implementation) and the piece of code that does not work. Any help
> would
> > be
> > > indeed very much grateful.
> > >
> > > -Definition (IETF)
> > >
> > > IetfAttrSyntax ::= SEQUENCE {
> > >       policyAuthority [0] GeneralNames    OPTIONAL,
> > >       values          SEQUENCE OF CHOICE {
> > >           octets    OCTET STRING,
> > >           oid       OBJECT IDENTIFIER,
> > >           string    UTF8String
> > >      }
> > > }
> > >
> > > -Declaration (.h)
> > >
> > > typedef struct IetfAttrSyntax_st {
> > > GENERAL_NAMES *policyAuthority;
> > > int type;
> > > union{
> > > ASN1_OCTET_STRING *octets;
> > > ASN1_OBJECT *oid;
> > > ASN1_UTF8STRING *string;
> > > }values;
> > > } IetfAttrSyntax;
> > >
> > > DECLARE_ASN1_ITEM(IetfAttrSyntax)
> > > DECLARE_ASN1_FUNCTIONS(IetfAttrSyntax)
> > >
> > > -Implementation (.c)
> > >
> > > ASN1_CHOICE(IetfAttrValues)= {
> > > ASN1_SIMPLE(IetfAttrSyntax ,values.octets , ASN1_OCTET_STRING ),
> > > ASN1_SIMPLE(IetfAttrSyntax ,values.oid , ASN1_OBJECT ),
> > > ASN1_SIMPLE(IetfAttrSyntax ,values.string , ASN1_UTF8STRING )
> > > }ASN1_CHOICE_END_selector(IetfAttrSyntax, IetfAttrValues, type);
> > >
> > > ASN1_SEQUENCE(IetfAttrSyntax) = {
> > > ASN1_OPT(IetfAttrSyntax, policyAuthority, GENERAL_NAMES, 0),
> > > ASN1_EX_COMBINE(0, 0, IetfAttrValues)
> > > }ASN1_SEQUENCE_END(IetfAttrSyntax);
> > >
> > > IMPLEMENT_ASN1_FUNCTIONS(IetfAttrSyntax)
> > > IMPLEMENT_ASN1_DUP_FUNCTION(IetfAttrSyntax)
> > >
> > >
> >
> > There is an attribute certificate ASN1 module in my "play" area on
> > openssl.org.
> >
> > At least one problem is the policyAuthority syntax. The GENERAL_NAMES
> type
> > is
> > what is known as an item teplate and you can't apply modifiers to that
> so
> > the
> > ASN1_OPT line wont work.
> >
> > Instead you use the GENERAL_NAME type and delcare that as a SEQUENCE OF
> > IMPLICIT, OPT.
> >
> > Steve.
> > --
> > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> > OpenSSL project core developer and freelance consultant.
> > Funding needed! Details on homepage.
> > Homepage: http://www.drh-consultancy.demon.co.uk
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [hidden email]
> > Automated List Manager                           [hidden email]
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date:
> 14/03/2006
> >
>
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 14/03/2006
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]