ASN1 again ...

Wed, 03 Jul 2002 08:46:30 -0700 

The following implementation of the presented ASN1 definition has two gotchas 
which trouble me:

1) the 'DEFAULT 0' part for 'Minimum' of GENERAL_SUBTREE is not reflected,
    is there any way to do so?

2) the encoding of the NameConstraint is lacking the IMPLICIT tag
    for Permitted/ExcludedSubtrees. For Minimum and Maximum of GENERAL_SUBTREE
    it's added as expected. Any clues?


Consider the following ASN1 definition for a NameConstraints extension:

NameConstraints ::= SEQUENCE {
     permittedSubtrees   [0] IMPLICIT GeneralSubtrees OPTIONAL
     excludedSubtrees    [1] IMPLICIT GeneralSubtrees OPTIONAL
}

GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree

GeneralSubtree ::= SEQUENCE {
     base GeneralName
     minimum             [0] IMPLICIT BaseDistance DEFAULT 0
     maximum             [1] IMPLICIT BaseDistance OPTIONAL
}

BaseDistance ::= INTEGER (0..MAX)

Here is my first shot to implement a NameConstraints extension:

typedef struct general_subtree_st {
     GENERAL_NAME *Base;
     ASN1_INTEGER *Minimum;
     ASN1_INTEGER *Maximum;
} GENERAL_SUBTREE;

DECLARE_ASN1_FUNCTIONS(GENERAL_SUBTREE)

typedef STACK_OF(GENERAL_SUBTREE) GENERAL_SUBTREES;

DECLARE_ASN1_FUNCTIONS(GENERAL_SUBTREES)

typedef struct name_constraints_st {
     GENERAL_SUBTREES *PermittedSubtrees;
     GENERAL_SUBTREES *ExcludedSubtrees;
} NAME_CONSTRAINTS;

DECLARE_ASN1_FUNCTIONS(NAME_CONSTRAINTS)

ASN1_SEQUENCE(GENERAL_SUBTREE) = {
     ASN1_SIMPLE(GENERAL_SUBTREE, Base, GENERAL_NAME),
     ASN1_IMP_OPT(GENERAL_SUBTREE, Minimum, ASN1_INTEGER, 0),
     ASN1_IMP_OPT(GENERAL_SUBTREE, Maximum, ASN1_INTEGER, 1)
} ASN1_SEQUENCE_END(GENERAL_SUBTREE)

IMPLEMENT_ASN1_FUNCTIONS(GENERAL_SUBTREE)

ASN1_ITEM_TEMPLATE(GENERAL_SUBTREES) =
        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, general_subtree, 
GENERAL_SUBTREE)
ASN1_ITEM_TEMPLATE_END(GENERAL_SUBTREES)

IMPLEMENT_ASN1_FUNCTIONS(GENERAL_SUBTREES)

ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
     ASN1_IMP_OPT(NAME_CONSTRAINTS, PermittedSubtrees, GENERAL_SUBTREES, 0),
     ASN1_IMP_OPT(NAME_CONSTRAINTS, ExcludedSubtrees, GENERAL_SUBTREES, 1)
} ASN1_SEQUENCE_END(NAME_CONSTRAINTS)

IMPLEMENT_ASN1_FUNCTIONS(NAME_CONSTRAINTS)


Thanks,
   Michael


-- 
Fillmore Labs GmbH
Michael Voucko
Triforum C2
Frankfurter Str. 233
63263 Neu-Isenburg
Germany
Phone  +49 (0)6102 88478 76
Fax    +49 (0)6102 88478 70
mailto:[EMAIL PROTECTED]

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to