[kmf-discuss] OIDs and Extensions

Massimiliano Pala pala at cs.dartmouth.edu
Tue May 22 12:50:42 PDT 2007 

Wyllys Ingersoll wrote:
[...]
> This is a pretty good idea - mask the internals of how
> we do the ASN.1 while providing a clean interface for adding new
> extensions.  As long as the extensions can be easily
> encoded and don't require multiple tags/values, it should be fine.
> A more complex structure would not fit so easily into this model,
> though.

I think this model would fit many, if not all, known extensions so far. Can
you make an example of multiple tags/values which would not fit this API ?
I was thinking that by decoupling the extension "creation" and the value
adding, by simple calling multiple times the addValue function the extenstion
can support multiple values. For example:

     /* generate new extension */
     rv = KMF_NewExtension( &ext, "subjectAltName" );

     /* add a new vale and update the Data/Length by adding to the current
        DER encoded value the new value */
     rv = KMF_ExtensionAddValue( &ext, "ASN1:UTF8String", "me at me", 5 );
     rv = KMF_ExtensionAddValue( &ext, "IP", "192.168.1.1", 11);
     rv = KMF_ExtensionAddValue( &ext, "DNS", "me.me.me", 8);

Basically the KMF_ExtensionAddValue would:

    1. generate a new value by using the OID and the provided value
    2. concatenate the DER encoded value to the ext's DER Data field
    3. update the Length value in the Ext's structure

Would this work ? To simplify the KMF_ExtensionAddValue() we could use KMF_OID
instead of char * for the type:

     KMF_ExtensionAddValue( &ext, KMF_ENC_UTF8_STRING, "me at me", 5);
     KMF_ExtensionAddValue( &ext, KMF_ENC_GEN_NAMES_IP, "192.168.1.1", 11);
     KMF_ExtensionAddValue( &ext, KMF_ENC_GEN_NAMES_DNS, "me.me.me", 8);


Later,
Max

-- 

Best Regards,

	Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]            pala at cs.dartmouth.edu
                                                   project.manager at openca.org

Dartmouth Computer Science Dept               Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063                        Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3088 bytes
Desc: S/MIME Cryptographic Signature
Url : http://oss-beta1.opensolaris.org/pipermail/kmf-discuss/attachments/20070522/63336631/attachment.bin

More information about the kmf-discuss mailing list