Development

OpenSSL ํ•จ์ˆ˜์—์„œ ASN1_EMBED ์™€ ASN1_SIMPLE ์ฐจ์ด

JayKim๐Ÿ™‚ 2024. 1. 19. 18:34

OpenSSL ์—์„œ ASN.1 ์ธ์ฝ”๋” ๋””์ฝ”๋“œ ์ƒ์„ฑ์‹œ ๋จผ์ € ๊ตฌ์กฐ์ฒด๋ฅผ ์ •์˜ํ•˜๊ณ  ASN.1 ์ธ์ฝ”๋”ฉ ๋””์ฝ”๋”ฉ์„ ์‚ฌ์šฉํ•œ๋‹ค.
์ด๋•Œ ๊ตฌ์กฐ์ฒด ๋ณ€์ˆ˜์—์„œ ํฌ์ธํŠธ๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ASN1_SIMPLE ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ํฌ์ธํ„ฐ๊ฐ€ ์•„๋‹ˆ๋ฉด ASN1_EMBED ๋ฅผ ์‚ฌ์šฉ ํ•œ๋‹ค.

์•„๋ž˜ ์˜ˆ์ œ๋ฅผ ๋ฅผ ๋ณด์ž

/*
Signature ::= SEQUENCE {
    signatureAlgorithm AlgorithmIdentifier,
    signature BIT STRING,
    certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
*/

struct ocsp_signature_st {
    X509_ALGOR signatureAlgorithm;
    ASN1_BIT_STRING *signature;
    STACK_OF(X509) *certs;
}OCSP_SIGNATURE;

์ด๋ ‡๊ฒŒ ์ •์˜๋œ ๊ตฌ์กฐ์ฒด์—์„œ signatureAlgorithm ์€ ์ผ๋ฐ˜ ๊ตฌ์กฐ์ฒด ๋ณ€์ˆ˜์ด๊ณ  signature ๋Š” ํฌ์ธํ„ฐ ๋ณ€์ˆ˜ ์ด๋‹ค.
๊ทธ๋Ÿผ ASN.1 ์ธ์ฝ”๋”ฉ/๋””์ฝ”๋”ฉ ๊ตฌํ˜„์€ ์•„๋ž˜์™€ ๊ฐ™๋‹ค.

ASN1_SEQUENCE(OCSP_SIGNATURE) = {
    ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
    ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
    ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
} ASN1_SEQUENCE_END(OCSP_SIGNATURE)

์—ฌ๊ธฐ์„œ ๋ณด๋ฉด signatureAlgorithm ์€ ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR)
๊ทธ๋ฆฌ๊ณ  ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING) ๋Š” ์ด๋ ‡๊ฒŒ ์‚ฌ์šฉํ•œ๋‹ค.

OpenSSL ์€ ํŠน๋ณ„ํžˆ ASN.1 ์ปดํŒŒ์ผ์„ ์‚ฌ์šฉํ•˜์ง€๋Š” ์•Š๊ณ  ๋งคํฌ๋กœ๋ฅผ ์ด์šฉํ•ด ASN.1 ์ธ/๋””์ฝ”๋”๋ฅผ ์ง€์› ํ•œ๋‹ค.
๊ทธ์ค‘์— ๊ฐ€์žฅ ๊ธฐ๋ณธ์ธ ASN1_EMBED ์™€ ASN1_SIMPLE ์— ๋Œ€ํ•ด ์•Œ์•„ ๋ณด์•˜๋‹ค.