attribute certificate in PKCS#7 (CMS)

Tue, 22 Nov 2005 02:42:29 -0800 

Hello,

I am trying to patch the PKCS#7 code to (partially) handle CMS ver 3.
What I need is to parse a CMS structure that has an attribute
certificate in the certificates field of SignedData.

The relevant defintions from RFC 2630 are:

SignedData ::= SEQUENCE {
        version CMSVersion,
        digestAlgorithms DigestAlgorithmIdentifiers,
        encapContentInfo EncapsulatedContentInfo,
        certificates [0] IMPLICIT CertificateSet OPTIONAL,
        crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
        signerInfos SignerInfos }

CertificateSet ::= SET OF CertificateChoices

CertificateChoices ::= CHOICE {
         certificate Certificate,                 -- See X.509
         extendedCertificate [0] IMPLICIT ExtendedCertificate,
                                                  -- Obsolete
         attrCert [1] IMPLICIT AttributeCertificate }
                                                  -- See X.509 and X9.57

Following those I have this in pkcs7.h: (X509AC is from
openssl-play/steve/x509ac)

typedef struct certificate_choices_st {
    int type;
    union {
        X509* certificate;
        X509AC* attrCert;
    } value;
} CERTIFICATE_CHOICES;

DECLARE_ASN1_FUNCTIONS(CERTIFICATE_CHOICES)

typedef struct pkcs7_signed_st
    {
    ASN1_INTEGER            *version;   /* version 1 */
    STACK_OF(X509_ALGOR)        *md_algs;   /* md used */
    STACK_OF(CERTIFICATE_CHOICES)           *cert;      /* [ 0 ] */
    STACK_OF(X509_CRL)      *crl;       /* [ 1 ] */
    STACK_OF(PKCS7_SIGNER_INFO) *signer_info;

    struct pkcs7_st         *contents;
    } PKCS7_SIGNED;

However, when I try to parse the CMS file d2i_PKSC7 fails. Here is the
error trace:

1396:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:.\crypto\asn1\tasn_dec.c:1282:
1396:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:.\crypto\asn1\tasn_dec.c:374:Type=X509
1396:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:.\crypto\asn1\tasn_dec.c:704:Field=cert, Type=PKCS7_SIGNED
1396:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:.\crypto\asn1\tasn_dec.c:743:
1396:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested
asn1 error:.\crypto\asn1\tasn_dec.c:572:Field=d.sign, Type=PKCS7

Any ideas as to what I am doing wrong?

TIA

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to