ASN1_generate_nconf 3 2008-05-09 0.9.9-dev OpenSSL

NAME

ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions

LIBRARY

libcrypto, -lcrypto

SYNOPSIS


 #include 


 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);

DESCRIPTION

These functions generate the ASN1 encoding of a string in an AASSNN11__TTYYPPEE structure.

ssttrr contains the string to encode nnccoonnff or ccnnff contains the optional configuration information where additional strings will be read from. nnccoonnff will typically come from a config file wherease ccnnff is obtained from an XX550099VV33__CCTTXX structure which will typically be used by X509 v3 certificate extension functions. ccnnff or nnccoonnff can be set to NNUULLLL if no additional configuration will be used.

GENERATION STRING FORMAT

The actual data encoded is determined by the string ssttrr and the configuration information. The general format of the string is:
[[mmooddiiffiieerr,,]]ttyyppee[[::vvaalluuee]]

That is zero or more comma separated modifiers followed by a type followed by an optional colon and a value. The formats of ttyyppee, vvaalluuee and mmooddiiffiieerr are explained below.

SSUUPPPPOORRTTEEDD TTYYPPEESS

The supported types are listed below. Unless otherwise specified only the AASSCCIIII format is permissible.

BBOOOOLLEEAANN, BBOOOOLL This encodes a boolean type. The vvaalluuee string is mandatory and
should be TTRRUUEE or FFAALLSSEE. Additionally TTRRUUEE, ttrruuee, YY, yy, YYEESS, yyeess, FFAALLSSEE, ffaallssee, NN, nn, NNOO and nnoo are acceptable.
NNUULLLL Encode the NNUULLLL type, the vvaalluuee string must not be present.
IINNTTEEGGEERR, IINNTT Encodes an ASN1 IINNTTEEGGEERR type. The vvaalluuee string represents
the value of the integer, it can be preceeded by a minus sign and is normally interpreted as a decimal value unless the prefix 00xx is included.
EENNUUMMEERRAATTEEDD, EENNUUMM Encodes the ASN1 EENNUUMMEERRAATTEEDD type, it is otherwise identical to
IINNTTEEGGEERR.
OOBBJJEECCTT, OOIIDD Encodes an ASN1 OOBBJJEECCTT IIDDEENNTTIIFFIIEERR, the vvaalluuee string can be
a short name, a long name or numerical format.
UUTTCCTTIIMMEE, UUTTCC Encodes an ASN1 UUTTCCTTiimmee structure, the value should be in
the format YYYYMMMMDDDDHHHHMMMMSSSSZZ.
GGEENNEERRAALLIIZZEEDDTTIIMMEE, GGEENNTTIIMMEE Encodes an ASN1 GGeenneerraalliizzeeddTTiimmee structure, the value should be in
the format YYYYYYYYMMMMDDDDHHHHMMMMSSSSZZ.
OOCCTTEETTSSTTRRIINNGG, OOCCTT Encodes an ASN1 OOCCTTEETT SSTTRRIINNGG. vvaalluuee represents the contents
of this structure, the format strings AASSCCIIII and HHEEXX can be used to specify the format of vvaalluuee.
BBIITTSSTTRRIINNGG, BBIITTSSTTRR Encodes an ASN1 BBIITT SSTTRRIINNGG. vvaalluuee represents the contents
of this structure, the format strings AASSCCIIII, HHEEXX and BBIITTLLIISSTT can be used to specify the format of vvaalluuee.

If the format is anything other than BBIITTLLIISSTT the number of unused bits is set to zero.
UUNNIIVVEERRSSAALLSSTTRRIINNGG, UUNNIIVV, IIAA55, IIAA55SSTTRRIINNGG, UUTTFF88, UUTTFF88SSttrriinngg, BBMMPP, BBMMPPSSTTRRIINNGG, VVIISSIIBBLLEESSTTRRIINNGG, VVIISSIIBBLLEE, PPRRIINNTTAABBLLEESSTTRRIINNGG, PPRRIINNTTAABBLLEE, TT6611, TT6611SSTTRRIINNGG, TTEELLEETTEEXXSSTTRRIINNGG, GGeenneerraallSSttrriinngg, NNUUMMEERRIICCSSTTRRIINNGG, NNUUMMEERRIICC These encode the corresponding string types. vvaalluuee represents the
contents of this structure. The format can be AASSCCIIII or UUTTFF88.
SSEEQQUUEENNCCEE, SSEEQQ, SSEETT Formats the result as an ASN1 SSEEQQUUEENNCCEE or SSEETT type. vvaalluuee
should be a section name which will contain the contents. The field names in the section are ignored and the values are in the generated string format. If vvaalluuee is absent then an empty SEQUENCE will be encoded.

MMOODDIIFFIIEERRSS

Modifiers affect the following structure, they can be used to add EXPLICIT or IMPLICIT tagging, add wrappers or to change the string format of the final type and value. The supported formats are documented below.

EEXXPPLLIICCIITT, EEXXPP Add an explicit tag to the following structure. This string
should be followed by a colon and the tag value to use as a decimal value.

By following the number with UU, AA, PP or CC UNIVERSAL, APPLICATION, PRIVATE or CONTEXT SPECIFIC tagging can be used, the default is CONTEXT SPECIFIC.
IIMMPPLLIICCIITT, IIMMPP This is the same as EEXXPPLLIICCIITT except IMPLICIT tagging is used
instead.
OOCCTTWWRRAAPP, SSEEQQWWRRAAPP, SSEETTWWRRAAPP, BBIITTWWRRAAPP The following structure is surrounded by an OCTET STRING, a SEQUENCE,
a SET or a BIT STRING respectively. For a BIT STRING the number of unused bits is set to zero.
FFOORRMMAATT This specifies the format of the ultimate value. It should be followed
by a colon and one of the strings AASSCCIIII, UUTTFF88, HHEEXX or BBIITTLLIISSTT.

If no format specifier is included then AASSCCIIII is used. If UUTTFF88 is specified then the value string must be a valid UUTTFF88 string. For HHEEXX the output must be a set of hex digits. BBIITTLLIISSTT (which is only valid for a BIT STRING) is a comma separated list of the indices of the set bits, all other bits are zero.

EXAMPLES

A simple IA5String:


 IA5STRING:Hello World

An IA5String explicitly tagged:


 EXPLICIT:0,IA5STRING:Hello World

An IA5String explicitly tagged using APPLICATION tagging:


 EXPLICIT:0A,IA5STRING:Hello World

A BITSTRING with bits 1 and 5 set and all others zero:


 FORMAT=BITLIST,BITSTRING:1,5

A more complex example using a config file to produce a SEQUENCE consiting of a BOOL an OID and a UTF8String:


 asn1 = SEQUENCE:seq_section


 [seq_section]


 field1 = BOOLEAN:TRUE
 field2 = OID:commonName
 field3 = UTF8:Third field

This example produces an RSAPrivateKey structure, this is the key contained in the file client.pem in all OpenSSL distributions (note: the field names such as 'coeff' are ignored and are present just for clarity):


 asn1=SEQUENCE:private_key
 [private_key]
 version=INTEGER:0


 n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
 D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9


 e=INTEGER:0x010001


 d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\
 F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D


 p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\
 D4BD57


 q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\
 46EC4F


 exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\
 9C0A39B9


 exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\
 E7B2458F


 coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\
 628657053A

This example is the corresponding public key in a SubjectPublicKeyInfo structure:


 # Start with a SEQUENCE
 asn1=SEQUENCE:pubkeyinfo


 # pubkeyinfo contains an algorithm identifier and the public key wrapped
 # in a BIT STRING
 [pubkeyinfo]
 algorithm=SEQUENCE:rsa_alg
 pubkey=BITWRAP,SEQUENCE:rsapubkey





 # algorithm ID for RSA is just an OID and a NULL
 [rsa_alg]
 algorithm=OID:rsaEncryption
 parameter=NULL


 # Actual public key: modulus and exponent
 [rsapubkey]
 n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
 D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9


 e=INTEGER:0x010001

RETURN VALUES

_A_S_N_1___g_e_n_e_r_a_t_e___n_c_o_n_f_(_) and _A_S_N_1___g_e_n_e_r_a_t_e___v_3_(_) return the encoded data as an AASSNN11__TTYYPPEE structure or NNUULLLL if an error occurred.

The error codes that can be obtained by _E_R_R___g_e_t___e_r_r_o_r(3).

SEE ALSO

_E_R_R___g_e_t___e_r_r_o_r(3)

HISTORY

_A_S_N_1___g_e_n_e_r_a_t_e___n_c_o_n_f_(_) and _A_S_N_1___g_e_n_e_r_a_t_e___v_3_(_) were added to OpenSSL 0.9.8