cgi-se-trusted-services / c2c-common Goto Github PK
View Code? Open in Web Editor NEWHome Page: http://pvendil.github.io/c2c-common/
License: GNU Affero General Public License v3.0
Home Page: http://pvendil.github.io/c2c-common/
License: GNU Affero General Public License v3.0
Hi,
when building the project, eclipse returns an error stating that the above source folder is missing. This might be a reason why the tests don't run properly on my computer returing a Class.
However, when deleting the source folder from the build path or the classpath file, other errors occur, e.g. in the class COERBitString.groovy. I couldn't solve that error or even figure it out. Maybe you can help me @pvendil
Cheers,
McLovin
Hi,pvendil @pvendil
Time64 should be in microseconds,but it is actually in milliseconds.
Time64::=Uint64
This data structure is a 64-bit integer giving an estimate of the number of (TAI) microseconds since 00:00:00 UTC,1 January,2004.
After date transform to TAI , it return the value as seconds inclusive.
So it should be multiplied 1000000 not 1000.
Second*1000=Millisecond
Second*1000000=Microsecond
public Time64(Date timeStamp) {
super();
Moment moment = TemporalType.JAVA_UTIL_DATE.translate(timeStamp);
// transform return value as seconds inclusive
BigDecimal bd = moment.transform(TimeScale.TAI);
this.value = bd.subtract(new BigDecimal(SECONDSBETWEENTAIZEROAND2004)).multiply(new BigDecimal(1000)).toBigInteger();
// this.value = bd.subtract(new BigDecimal(SECONDSBETWEENTAIZEROAND2004)).multiply(new BigDecimal(1000000)).toBigInteger();
}
/**
* <p>Represents this timestamp as decimal value in given time scale. </p>
*
* @param scale time scale reference
* @return decimal value in given time scale as seconds inclusive fraction
* @throws IllegalArgumentException if this instance is out of range
* for given time scale
*/
/*[deutsch]
* <p>Stellt diese Zeit als Dezimalwert in der angegebenen Zeitskala
* dar. </p>
*
* @param scale time scale reference
* @return decimal value in given time scale as seconds inclusive fraction
* @throws IllegalArgumentException if this instance is out of range
* for given time scale
*/
public BigDecimal transform(TimeScale scale) {
BigDecimal elapsedTime =
new BigDecimal(this.getElapsedTime(scale)).setScale(9);
BigDecimal nanosecond = new BigDecimal(this.getNanosecond(scale));
return elapsedTime.add(nanosecond.movePointLeft(9));
}
I am looking for an implementation of IEEE 1609.2-2016. Your README states that this library supports 2015 version but IEEE 1609 was finalized on 3/1/2016. The previous US standard has been 2013. Does this mean that this product was developed based on preliminary specs? Would it work with the final version of the spec?
Thanks
Hello, I believe that following line:
https://github.com/pvendil/c2c-common/blob/987d78f451ebf5e81a6e807482967845d78cf9b8/src/main/java/org/certificateservices/custom/c2x/etsits103097/v131/generator/ETSIAuthorityCertGenerator.java#L307
should be correctly called like this:
PsidGroupPermissions pgp = new PsidGroupPermissions(sp, null, null, new EndEntityType(true, false));
Calling it with values 1
and 0
which are default values for minChainDepth
and chainDepthRange
produces invalid COER structure according to ITU-T X.696:
31 Canonical Octet Encoding Rules
31.9 In the encoding of a sequence or set type, each component that is marked DEFAULT shall be encoded as absent if its value is identical to the default value.
Using nulls is suggested also by documentation:
https://github.com/pvendil/c2c-common/blob/987d78f451ebf5e81a6e807482967845d78cf9b8/src/main/java/org/certificateservices/custom/c2x/ieee1609dot2/datastructs/cert/PsidGroupPermissions.java#L76-L77
I don't have experience is this field, and I have some questions ,when COERBitString init during the testing process,look at the details as followings:
'org.certificateservices.custom.c2x.asn1.coer.COERBitStringSpec'
when "encoded" is "1001" value is 0x1001 how did you get length as "16"?
when "encoded" is "00" value is 0L how did you get length as "8"?
if i have a string "abc" ,how i can calculate length and value? look at my code follwing ,is there anything wrong with that, help me check please.
How do I convert the binary data of the certificate into the standard IEEE 1609.2 ASN.1 format and write it to the file
Hi @pvendil,
In the Etsi102941Demo, I believe this function has a typo:
Line:
Should be:
hMac.doFinal(macData,0);
As the content of the HMAC should be saved in the correct byte array.
Hello @pvendil,
I have been analising the code and noticed that in the COEDBollean encoded structure the true and false values does not match what is expected by the ITU-T X.696 standard described in IEEE's Std 1609.2-2016. That document states:
"The encoding of a Boolean value shall be a single octet. The octet value 0 denotes the Boolean value FALSE and a non-zero octet value denotes the Boolean value TRUE. NOTE - In CANONICAL-OER, only the octet value 'FF'H can be used to encode the value TRUE ... "
In your implementation's code the false value is FF'H and the true value is 00'H, shouldn't it be the opposite?
Am i misunderstanding something or is there a bug in your implementation?
Hi @pvendil,
I'm running into some errors while encoding and decoding EtsiTs102941Data from c2c-common (v2.0.0-Beta4) to Python.
While the other datastructures (such as EtsiTs103097Data, EtsiTs103097Data-Signed, InnerEcRequestSignedForPop, etc..) are interpreted correctly in both languages, the EtsiTs102941Data isn't.
I was wondering if the encoding procedure in your library has changed for that datastructure.
For example, this is a Base64 encoded EtsiTs102941Data generated with c2c-common:
AQGAA4EAQAOAgYUAGlNvbWVFbnJvbENyZWRDYW5vbmljYWxOYW1lAYCAgxxz8bh10xe90S+q3vtivF3+kz8ZZOhHM9RVZH2CG2H8AICDSs6ULGmmugAdkHesdicFqC6SYT3GHXAyuzPxCwfdhaF8gQdlbnJvbGwxHBBbGIYABYMBAYAC8CMBAYACAm+AAgEyQAICbwAB7wcbj3KQgoCAVFnWmgodt6dVR3y/nrDtX4VOERsiTo8UXIJB1eejlGITn2Tmzcg36CuNXt8tWhjrap5jQumvRSrdNzbz6lb4Bg==
And it is read in Java without problems with:
byte[] data102941bytes = Base64.getDecoder().decode(<that string>);
EtsiTs102941Data testdata = new EtsiTs102941Data(data102941bytes);
At the same time in Python the library asn1tools
with the asn files compiled from the ETSI Gitlab fails to decode it:
asn1compiler = asn1tools.compile_files(<Etsi ASN specification>, codec='oer')
etsi102941data2 = asn1compiler.decode('EtsiTs102941Data', base64.b64decode(<that string>))
On the other hand, the following python code:
data102941_content = {"protocolVersion": 3, "content": ("unsecuredData", inner_ec_signed_for_pop_bytes)}
data102941 = {"version": 1, "content": ("enrolmentRequest", data102941_content)}
data102941_bytes = asn1compiler.encode('EtsiTs102941Data', data102941)
produces this Base64 encoded EtsiTs102941Data which is read correctly in Python and not in c2c-common:
AYADgIHiA4EAQAOAgYsAIGVucm9sbWVudENyZWRlbnRpYWxDYW5vbmljYWxOYW1lAYCAg+vP21dSRvv5RuyV+dAcRldmm8HNmTgXoZKAN+mADosYAICDyDour0L2Eg07m5npv9dox7wuSs/3S29xDL7M1Qb85/d8gQdlbnJvbGwxHBBbGIYABYMBAYAC8CMBAYACAm+AAgEyQAICbwAAMXRKblwsgoCAvrb1ky7z7923yEyPIJTwDmXLt16f6N49dBOxKy+WNsAiwUmyMBhkhj2WQ4lWYWrNKoEb/5/b7Np7dSN976R69A==
c2c-common fails with this error when reading this python generated string:
java.io.IOException: Error decoding COER enumeration, no matching enumeration value exists for ordinal: 108
at org.certificateservices.custom.c2x.asn1.coer.COEREncodeHelper.readEnumeratonValueAsEnumeration(COEREncodeHelper.java:190)
at org.certificateservices.custom.c2x.asn1.coer.COEREnumeration.decode(COEREnumeration.java:70)
at org.certificateservices.custom.c2x.asn1.coer.COERSequence.decode(COERSequence.java:296)
at org.certificateservices.custom.c2x.asn1.coer.COERChoice.decode(COERChoice.java:102)
at org.certificateservices.custom.c2x.asn1.coer.COERSequence.decode(COERSequence.java:296)
at org.certificateservices.custom.c2x.etsits102941.v131.datastructs.messagesca.EtsiTs102941Data.<init>(EtsiTs102941Data.java:62)
at main.LoadERString.main(LoadERString.java:16)
Keeping in mind that the other datastructures are correctly interpreted between the two languages, you shed some light on this matter?
Hi,pvendil @pvendil
l found when the value is negative (e.g. -10000),it will be encode to 0000D8F0.
When decoding, it is calculated as 55536,-10000 need to be encoded to FFFFD8F0
When the value is negative,the buffer need to be filled with 0xff
private void serializeSigned(DataOutputStream out) throws IOException {
byte[] val = value.toByteArray();
int signOctet = 0;
if(val[0] == 0x00 && val.length > 1){
signOctet++;
}
if(isSignedAndBetween(NEGATIVE_TWO_PWR_63, TWO_PWR_63_MINUS_1)){
byte[] buffer = new byte[getSignedBufferSize()];
// if value is negative buffer need to be filled with 0xff
System.arraycopy(val, signOctet, buffer, buffer.length - (val.length -signOctet), val.length -signOctet);
out.write(buffer);
}else{
COEREncodeHelper.writeLengthDeterminant(val.length-signOctet, out);
out.write(val, signOctet, val.length -signOctet);
}
}
Hello, I suppose that the following line:
should be checked the other way around like this:
if(!certCountryIds.containsAll(checkedCountryIds))...
as the certCountryIds must contain all the checkedCountryIds.
I am trying to enrol a Java simulated RSU. However, when I receive the enrolment response, I have:
`it.pki.ITSException: Unable to decrypt the response received from 20200804
at it.cits.security.pki.RSU.initialEnrollment(RSU.java:252)
at it.cits.security.pki.TestObtainAT.test(TestObtainAT.java:75)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.platform.commons.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:628)
at org.junit.jupiter.engine.execution.ExecutableInvoker.invoke(ExecutableInvoker.java:117)
Caused by: org.certificateservices.custom.c2x.etsits102941.v131.DecryptionFailedException: Error, couldn't decrypt EnrolmentResponseMessage(: Invalid cipher text when performing symmetric decrypt: mac check in CCM failed
at org.certificateservices.custom.c2x.etsits102941.v131.generator.ETSITS102941MessagesCaGenerator.decryptAndVerifyEnrolmentResponseMessage(ETSITS102941MessagesCaGenerator.java:408)
at it.cits.security.pki.RSU.initialEnrollment(RSU.java:246)
... 54 more
Caused by: java.security.GeneralSecurityException: Invalid cipher text when performing symmetric decrypt: mac check in CCM failed
at org.certificateservices.custom.c2x.common.crypto.DefaultCryptoManager.symmetricDecryptIEEE1609_2_2017(DefaultCryptoManager.java:831)
at org.certificateservices.custom.c2x.ieee1609dot2.generator.SecuredDataGenerator.decryptDataWithSecretKey(SecuredDataGenerator.java:459)
at org.certificateservices.custom.c2x.ieee1609dot2.generator.SecuredDataGenerator.decryptData(SecuredDataGenerator.java:475)
at org.certificateservices.custom.c2x.etsits102941.v131.generator.ETSITS102941MessagesCaGenerator.decryptAndVerifyEnrolmentResponseMessage(ETSITS102941MessagesCaGenerator.java:406)
... 55 more
Caused by: org.bouncycastle.crypto.InvalidCipherTextException: mac check in CCM failed
at org.bouncycastle.crypto.modes.CCMBlockCipher.processPacket(CCMBlockCipher.java:343)
at org.bouncycastle.crypto.modes.CCMBlockCipher.doFinal(CCMBlockCipher.java:146)
at org.certificateservices.custom.c2x.common.crypto.DefaultCryptoManager.symmetricDecryptIEEE1609_2_2017(DefaultCryptoManager.java:829)
... 58 more
`
I have been told that a similar issue happened during the last year's ETSI plug test. Any hints?
Hi ,
I am trying to generate certificates using c2c-common-0.9.8. Maven and grails are also installed.
But when I try to run ITSDemo.java through eclipse, it is showing " Cannot find class 'junit.framework.TestCase' on project build path. " some Build Path Problem.
I am stuck at this point. Please help me to proceed further.
I set proxy in pom.xml of Maven and it is building successfully when " mvn install " is given.
I modified the ITSDemo.java file to write generated CA/Certs/Keys/Messages to a file.
The ITSDemo.java JUnit test passes - output looks good
I am trying to use the following site as referenced in the documentation to verify the output
https://werkzeug.dcaiti.tu-berlin.de/etsi/ts103097/
No matter what data I enter here from the output of the ITSDemo test will not validate. Is there any more information on how /what to take from the generated output so that it can be successfully validated.
best regards
Patrick
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.