Re: [openssl-users] Validation error on generated csr
Hi Erwann What you have to do it hash your data, prepare an X509_SIG object, set its algor to SHA1 (with NULL parameters), and fill the digest part with your hash result. Then transform it into DER, and sign it with CKM_RSA_PKCS mechanism. Thanks a lot for the explanation. However, I can't find any documentation about how to setup this X509_SIG object and then transfer it into DER. The structure seems to look as follows: typedef struct X509_sig_st { X509_ALGOR *algor; ASN1_OCTET_STRING *digest; } X509_SIG; EVP_DigestFinal(ctx,buf,buf_len); gives me a character buffer buf, containing the digest, but I seem to have to encode this to ASN1_OCTET_STRING. Can anybody quickly tell me the required functions or point me to an example of how to do this? Kind regards Tim On 03/15/2013 03:10 PM, Erwann Abalea wrote: Bonjour, Le 15/03/2013 14:07, Tim Tassonis a écrit : Hi I am trying to generate a csr in a c program by having the signing part done by pkcs11 calls, and while I get no errors, the resulting csr fails upon validation: $ openssl req -verify -in wltx.csr verify failure 2948:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:.\cry pto\asn1\asn1_lib.c:150: 2948:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:.\c rypto\asn1\tasn_dec.c:1306: 2948:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\ crypto\asn1\tasn_dec.c:381:Type=X509_SIG 2948:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:.\crypto\asn 1\a_verify.c:215: -BEGIN CERTIFICATE REQUEST- MIICvjCCAagCAQAwezELMAkGA1UEBhMCQ0gxEzARBgNVBAcTClJhcHBlcnN3aWwx [...] BBXO9brFuXld13VuE2xg+VnJ8vo3L7/SCC5ufEJaeSUOvQ== -END CERTIFICATE REQUEST- What is RSA signed is the direct SHA1 of the request, without the X509 encapsulation. Below is the function that generates the csr, it always succeds, but as mentioned, the csr is still invalid char *gen_csr(char *key_name, struct s_ekva **key_attrs) { [...] inl=ASN1_item_i2d((void *)req-req_info,buf_in,ASN1_ITEM_rptr(X509_REQ_INFO)); p = buf_in; outl=EVP_PKEY_size(pkey); buf_out = malloc(outl); sign_mechanism.mechanism = CKM_SHA1_RSA_PKCS; sign_mechanism.pParameter = NULL; sign_mechanism.ulParameterLen = 0; rv = p11-C_SignInit(session, sign_mechanism, prvkey); if (rv != CKR_OK) { return NULL; } rv = p11-C_Sign(session, p,inl, buf_out, outl); if (rv != CKR_OK) { return NULL; } You're feeding the PKCS#11 library with the request (the part to be signed), while specifying a CKM_SHA1_RSA_PKCS mechanism. The library doesn't know it's signing a CSR, and will SHA1 hash the data and RSA sign it. What you have to do it hash your data, prepare an X509_SIG object, set its algor to SHA1 (with NULL parameters), and fill the digest part with your hash result. Then transform it into DER, and sign it with CKM_RSA_PKCS mechanism. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Validation error on generated csr
On Mon, Mar 18, 2013, Tim Tassonis wrote: Hi Erwann What you have to do it hash your data, prepare an X509_SIG object, set its algor to SHA1 (with NULL parameters), and fill the digest part with your hash result. Then transform it into DER, and sign it with CKM_RSA_PKCS mechanism. Thanks a lot for the explanation. However, I can't find any documentation about how to setup this X509_SIG object and then transfer it into DER. The structure seems to look as follows: typedef struct X509_sig_st { X509_ALGOR *algor; ASN1_OCTET_STRING *digest; } X509_SIG; EVP_DigestFinal(ctx,buf,buf_len); gives me a character buffer buf, containing the digest, but I seem to have to encode this to ASN1_OCTET_STRING. Can anybody quickly tell me the required functions or point me to an example of how to do this? Well you can use the ASN1 code for this but for a single digest you can just manually prepend the necessary encoding. The fips code does this to avoid having to include the ASN1 module. The relavant data is in fips/rsa/fips_rsa_sign.c in any FIPS branch (and the master branch). For example for SHA1 it is: static const unsigned char sha1_bin[] = { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 }; Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Validation error on generated csr
Hi Stephen Thanks a lot, that did the trick, the verify now returns ok. Kind regards Tim On 03/18/2013 02:26 PM, Dr. Stephen Henson wrote: On Mon, Mar 18, 2013, Tim Tassonis wrote: Hi Erwann What you have to do it hash your data, prepare an X509_SIG object, set its algor to SHA1 (with NULL parameters), and fill the digest part with your hash result. Then transform it into DER, and sign it with CKM_RSA_PKCS mechanism. Thanks a lot for the explanation. However, I can't find any documentation about how to setup this X509_SIG object and then transfer it into DER. The structure seems to look as follows: typedef struct X509_sig_st { X509_ALGOR *algor; ASN1_OCTET_STRING *digest; } X509_SIG; EVP_DigestFinal(ctx,buf,buf_len); gives me a character buffer buf, containing the digest, but I seem to have to encode this to ASN1_OCTET_STRING. Can anybody quickly tell me the required functions or point me to an example of how to do this? Well you can use the ASN1 code for this but for a single digest you can just manually prepend the necessary encoding. The fips code does this to avoid having to include the ASN1 module. The relavant data is in fips/rsa/fips_rsa_sign.c in any FIPS branch (and the master branch). For example for SHA1 it is: static const unsigned char sha1_bin[] = { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 }; Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Validation error on generated csr
Bonjour, Le 15/03/2013 14:07, Tim Tassonis a écrit : Hi I am trying to generate a csr in a c program by having the signing part done by pkcs11 calls, and while I get no errors, the resulting csr fails upon validation: $ openssl req -verify -in wltx.csr verify failure 2948:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:.\cry pto\asn1\asn1_lib.c:150: 2948:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:.\c rypto\asn1\tasn_dec.c:1306: 2948:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\ crypto\asn1\tasn_dec.c:381:Type=X509_SIG 2948:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:.\crypto\asn 1\a_verify.c:215: -BEGIN CERTIFICATE REQUEST- MIICvjCCAagCAQAwezELMAkGA1UEBhMCQ0gxEzARBgNVBAcTClJhcHBlcnN3aWwx [...] BBXO9brFuXld13VuE2xg+VnJ8vo3L7/SCC5ufEJaeSUOvQ== -END CERTIFICATE REQUEST- What is RSA signed is the direct SHA1 of the request, without the X509 encapsulation. Below is the function that generates the csr, it always succeds, but as mentioned, the csr is still invalid char *gen_csr(char *key_name, struct s_ekva **key_attrs) { [...] inl=ASN1_item_i2d((void *)req-req_info,buf_in,ASN1_ITEM_rptr(X509_REQ_INFO)); p = buf_in; outl=EVP_PKEY_size(pkey); buf_out = malloc(outl); sign_mechanism.mechanism = CKM_SHA1_RSA_PKCS; sign_mechanism.pParameter = NULL; sign_mechanism.ulParameterLen = 0; rv = p11-C_SignInit(session, sign_mechanism, prvkey); if (rv != CKR_OK) { return NULL; } rv = p11-C_Sign(session, p,inl, buf_out, outl); if (rv != CKR_OK) { return NULL; } You're feeding the PKCS#11 library with the request (the part to be signed), while specifying a CKM_SHA1_RSA_PKCS mechanism. The library doesn't know it's signing a CSR, and will SHA1 hash the data and RSA sign it. What you have to do it hash your data, prepare an X509_SIG object, set its algor to SHA1 (with NULL parameters), and fill the digest part with your hash result. Then transform it into DER, and sign it with CKM_RSA_PKCS mechanism. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org