[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DER encoding of SET OF



On Tue, 19 Mar 2002, Robert Colestock wrote:

> Manfred:
>
> You have been busy!
>
> Thank you for your thorough investigation.  I was not aware of the
> other packages using the older ASN.1 SET OF sorting rules.

There are no older ASN.1 (actually, DER) SET OF sorting rules. In case my
memory is failing me, I checked X.690:1997, X.690:1994 and X.509 (from
which the X.690 DER is taken) and they all say the same thing.

> Rich (here) inidicated that this SET OF sort rule was changed
> relatively recently; our SFL strictly uses the new rules, hence the
> broken verification.

There are no new rules.  I've been the editor for ASN.1 and its encoding
rules for a decade, until last year, and I am certain that we did not
change how SET OF is sorted for DER.

> After investigating our ASN.1 encoding of the signed attributes of this
> message, I believe the SFL encoding is correct.  The encoding difference
> is due to the ASN.1 DER encoding rule that states that the SEQUENCE OF
> must be numerically ordered.  The SFL ordering is correct, but in this
> case it may not be obvious why.  The DER rules indicate the the ordering
> must be made on the data, not the outer tag and length.

No, you misunderstand.  X.690 clause 11.6 states:

   "The encodings of the component values of a set-of value shall appear
   in ascending order, the encodings being compared as octet strings ..."

Note that it is speaks of the component values of the *set-of*.
The component values of the set-of are themselves all TLV pairs.

> Ignoring the tag and length, the 2nd and 3rd SEQUENCE items of the
> SignedAttrs are as follows (from original message not re-encoded
> results):
>
> ...
> 30 18 06 09 2A 86 48 86 F7 OD 01 09 03 31 0B 06 ...
> 30 1C 06 09 2A 86 48 86 F7 OD 01 09 05 31 0F 17 ...
> 30 23 06 09 2A 86 48 86 F7 OD 01 09 04 31 16 04 ...
> ...
>
> Our DER re-encoded results:
> ...
> 30 18 06 09 2A 86 48 86 F7 OD 01 09 03 31 0B 06 ...
> 30 23 06 09 2A 86 48 86 F7 OD 01 09 04 31 16 04 ...
> 30 1C 06 09 2A 86 48 86 F7 OD 01 09 05 31 0F 17 ...
>                                    ** <<< ORDERED VALUE >>>

The DER re-encoded results are incorrect.

-------------------------------------------------------------------------
Bancroft Scott                               Toll Free    :1-888-OSS-ASN1
OSS Nokalva                                  International:1-732-302-0750
baos@xxxxxxx                                 Tech Support :1-732-302-9669 x-1
1-732-302-9669 x-200                         Fax          :1-732-302-0023
http://www.oss.com