cgi-se-trusted-services / c2c-common Goto Github PK

Hi,

when building the project, eclipse returns an error stating that the above source folder is missing. This might be a reason why the tests don't run properly on my computer returing a Class.

However, when deleting the source folder from the build path or the classpath file, other errors occur, e.g. in the class COERBitString.groovy. I couldn't solve that error or even figure it out. Maybe you can help me @pvendil

Cheers,

McLovin

Hi,pvendil @pvendil

Time64 should be in microseconds,but it is actually in milliseconds.

Time64::=Uint64

This data structure is a 64-bit integer giving an estimate of the number of (TAI) microseconds since 00:00:00 UTC,1 January,2004.

After date transform to TAI , it return the value as seconds inclusive.
So it should be multiplied 1000000 not 1000.

Second*1000=Millisecond
Second*1000000=Microsecond

public Time64(Date timeStamp) {
    super();
    Moment moment = TemporalType.JAVA_UTIL_DATE.translate(timeStamp);
    // transform return value as seconds inclusive
    BigDecimal bd = moment.transform(TimeScale.TAI);

    this.value = bd.subtract(new BigDecimal(SECONDSBETWEENTAIZEROAND2004)).multiply(new BigDecimal(1000)).toBigInteger();

     //  this.value = bd.subtract(new BigDecimal(SECONDSBETWEENTAIZEROAND2004)).multiply(new BigDecimal(1000000)).toBigInteger();
  }

    /**
     * <p>Represents this timestamp as decimal value in given time scale. </p>
     *
     * @param   scale       time scale reference
     * @return  decimal value in given time scale as seconds inclusive fraction
     * @throws  IllegalArgumentException if this instance is out of range
     *          for given time scale
     */
    /*[deutsch]
     * <p>Stellt diese Zeit als Dezimalwert in der angegebenen Zeitskala
     * dar. </p>
     *
     * @param   scale       time scale reference
     * @return  decimal value in given time scale as seconds inclusive fraction
     * @throws  IllegalArgumentException if this instance is out of range
     *          for given time scale
     */
    public BigDecimal transform(TimeScale scale) {

        BigDecimal elapsedTime =
            new BigDecimal(this.getElapsedTime(scale)).setScale(9);
        BigDecimal nanosecond = new BigDecimal(this.getNanosecond(scale));
        return elapsedTime.add(nanosecond.movePointLeft(9));

    }

@pvendil

I am looking for an implementation of IEEE 1609.2-2016. Your README states that this library supports 2015 version but IEEE 1609 was finalized on 3/1/2016. The previous US standard has been 2013. Does this mean that this product was developed based on preliminary specs? Would it work with the final version of the spec?

Thanks

Hello, I believe that following line:
https://github.com/pvendil/c2c-common/blob/987d78f451ebf5e81a6e807482967845d78cf9b8/src/main/java/org/certificateservices/custom/c2x/etsits103097/v131/generator/ETSIAuthorityCertGenerator.java#L307

should be correctly called like this:

PsidGroupPermissions pgp =  new PsidGroupPermissions(sp, null, null, new EndEntityType(true, false)); 

Calling it with values 1 and 0 which are default values for minChainDepth and chainDepthRange produces invalid COER structure according to ITU-T X.696:

31 Canonical Octet Encoding Rules
31.9 In the encoding of a sequence or set type, each component that is marked DEFAULT shall be encoded as absent if its value is identical to the default value.

Using nulls is suggested also by documentation:
https://github.com/pvendil/c2c-common/blob/987d78f451ebf5e81a6e807482967845d78cf9b8/src/main/java/org/certificateservices/custom/c2x/ieee1609dot2/datastructs/cert/PsidGroupPermissions.java#L76-L77

I don't have experience is this field, and I have some questions ,when COERBitString init during the testing process,look at the details as followings:
'org.certificateservices.custom.c2x.asn1.coer.COERBitStringSpec'
when "encoded" is "1001" value is 0x1001 how did you get length as "16"?
when "encoded" is "00" value is 0L how did you get length as "8"?
if i have a string "abc" ,how i can calculate length and value? look at my code follwing ,is there anything wrong with that, help me check please.

How do I convert the binary data of the certificate into the standard IEEE 1609.2 ASN.1 format and write it to the file

Hi @pvendil,
In the Etsi102941Demo, I believe this function has a typo:

https://github.com/pvendil/c2c-common/blob/987d78f451ebf5e81a6e807482967845d78cf9b8/src/test/java/org/certificateservices/custom/c2x/demo/EtsiTs102941Demo.java#L523-L541

Line:

https://github.com/pvendil/c2c-common/blob/987d78f451ebf5e81a6e807482967845d78cf9b8/src/test/java/org/certificateservices/custom/c2x/demo/EtsiTs102941Demo.java#L538

Should be:

hMac.doFinal(macData,0); 

As the content of the HMAC should be saved in the correct byte array.

Hello @pvendil,

I have been analising the code and noticed that in the COEDBollean encoded structure the true and false values does not match what is expected by the ITU-T X.696 standard described in IEEE's Std 1609.2-2016. That document states:

"The encoding of a Boolean value shall be a single octet. The octet value 0 denotes the Boolean value FALSE and a non-zero octet value denotes the Boolean value TRUE. NOTE - In CANONICAL-OER, only the octet value 'FF'H can be used to encode the value TRUE ... "

In your implementation's code the false value is FF'H and the true value is 00'H, shouldn't it be the opposite?
Am i misunderstanding something or is there a bug in your implementation?

Hi @pvendil,

I'm running into some errors while encoding and decoding EtsiTs102941Data from c2c-common (v2.0.0-Beta4) to Python.
While the other datastructures (such as EtsiTs103097Data, EtsiTs103097Data-Signed, InnerEcRequestSignedForPop, etc..) are interpreted correctly in both languages, the EtsiTs102941Data isn't.
I was wondering if the encoding procedure in your library has changed for that datastructure.

For example, this is a Base64 encoded EtsiTs102941Data generated with c2c-common:

AQGAA4EAQAOAgYUAGlNvbWVFbnJvbENyZWRDYW5vbmljYWxOYW1lAYCAgxxz8bh10xe90S+q3vtivF3+kz8ZZOhHM9RVZH2CG2H8AICDSs6ULGmmugAdkHesdicFqC6SYT3GHXAyuzPxCwfdhaF8gQdlbnJvbGwxHBBbGIYABYMBAYAC8CMBAYACAm+AAgEyQAICbwAB7wcbj3KQgoCAVFnWmgodt6dVR3y/nrDtX4VOERsiTo8UXIJB1eejlGITn2Tmzcg36CuNXt8tWhjrap5jQumvRSrdNzbz6lb4Bg==

And it is read in Java without problems with:

byte[] data102941bytes = Base64.getDecoder().decode(<that string>);
EtsiTs102941Data testdata = new EtsiTs102941Data(data102941bytes);

At the same time in Python the library asn1tools with the asn files compiled from the ETSI Gitlab fails to decode it:

asn1compiler = asn1tools.compile_files(<Etsi ASN specification>, codec='oer')
etsi102941data2 = asn1compiler.decode('EtsiTs102941Data', base64.b64decode(<that string>))

On the other hand, the following python code:

data102941_content = {"protocolVersion": 3, "content": ("unsecuredData", inner_ec_signed_for_pop_bytes)}
data102941 = {"version": 1, "content": ("enrolmentRequest", data102941_content)}
data102941_bytes = asn1compiler.encode('EtsiTs102941Data', data102941)

produces this Base64 encoded EtsiTs102941Data which is read correctly in Python and not in c2c-common:

AYADgIHiA4EAQAOAgYsAIGVucm9sbWVudENyZWRlbnRpYWxDYW5vbmljYWxOYW1lAYCAg+vP21dSRvv5RuyV+dAcRldmm8HNmTgXoZKAN+mADosYAICDyDour0L2Eg07m5npv9dox7wuSs/3S29xDL7M1Qb85/d8gQdlbnJvbGwxHBBbGIYABYMBAYAC8CMBAYACAm+AAgEyQAICbwAAMXRKblwsgoCAvrb1ky7z7923yEyPIJTwDmXLt16f6N49dBOxKy+WNsAiwUmyMBhkhj2WQ4lWYWrNKoEb/5/b7Np7dSN976R69A==

c2c-common fails with this error when reading this python generated string:

java.io.IOException: Error decoding COER enumeration, no matching enumeration value exists for ordinal: 108
	at org.certificateservices.custom.c2x.asn1.coer.COEREncodeHelper.readEnumeratonValueAsEnumeration(COEREncodeHelper.java:190)
	at org.certificateservices.custom.c2x.asn1.coer.COEREnumeration.decode(COEREnumeration.java:70)
	at org.certificateservices.custom.c2x.asn1.coer.COERSequence.decode(COERSequence.java:296)
	at org.certificateservices.custom.c2x.asn1.coer.COERChoice.decode(COERChoice.java:102)
	at org.certificateservices.custom.c2x.asn1.coer.COERSequence.decode(COERSequence.java:296)
	at org.certificateservices.custom.c2x.etsits102941.v131.datastructs.messagesca.EtsiTs102941Data.<init>(EtsiTs102941Data.java:62)
	at main.LoadERString.main(LoadERString.java:16)

Keeping in mind that the other datastructures are correctly interpreted between the two languages, you shed some light on this matter?

Hi,pvendil @pvendil

l found when the value is negative (e.g. -10000),it will be encode to 0000D8F0.
When decoding, it is calculated as 55536,-10000 need to be encoded to FFFFD8F0
When the value is negative,the buffer need to be filled with 0xff

private void serializeSigned(DataOutputStream out) throws IOException {
		byte[] val = value.toByteArray();

		int signOctet = 0;
		if(val[0] == 0x00 && val.length > 1){
			signOctet++;
		}
		
		if(isSignedAndBetween(NEGATIVE_TWO_PWR_63, TWO_PWR_63_MINUS_1)){
			byte[] buffer = new byte[getSignedBufferSize()];
                        // if value is negative buffer need to be filled with 0xff
			System.arraycopy(val, signOctet, buffer, buffer.length - (val.length -signOctet), val.length -signOctet);
			out.write(buffer);
		}else{
			COEREncodeHelper.writeLengthDeterminant(val.length-signOctet, out);
			out.write(val, signOctet, val.length -signOctet);
		}
	}

Hello, I suppose that the following line:

https://github.com/pvendil/c2c-common/blob/987d78f451ebf5e81a6e807482967845d78cf9b8/src/main/java/org/certificateservices/custom/c2x/ieee1609dot2/validator/CountryOnlyRegionValidator.java#L105

should be checked the other way around like this:

if(!certCountryIds.containsAll(checkedCountryIds))...

as the certCountryIds must contain all the checkedCountryIds.

I am trying to enrol a Java simulated RSU. However, when I receive the enrolment response, I have:

`it.pki.ITSException: Unable to decrypt the response received from 20200804
at it.cits.security.pki.RSU.initialEnrollment(RSU.java:252)
at it.cits.security.pki.TestObtainAT.test(TestObtainAT.java:75)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.platform.commons.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:628)
at org.junit.jupiter.engine.execution.ExecutableInvoker.invoke(ExecutableInvoker.java:117)

Caused by: org.certificateservices.custom.c2x.etsits102941.v131.DecryptionFailedException: Error, couldn't decrypt EnrolmentResponseMessage(: Invalid cipher text when performing symmetric decrypt: mac check in CCM failed
at org.certificateservices.custom.c2x.etsits102941.v131.generator.ETSITS102941MessagesCaGenerator.decryptAndVerifyEnrolmentResponseMessage(ETSITS102941MessagesCaGenerator.java:408)
at it.cits.security.pki.RSU.initialEnrollment(RSU.java:246)
... 54 more
Caused by: java.security.GeneralSecurityException: Invalid cipher text when performing symmetric decrypt: mac check in CCM failed
at org.certificateservices.custom.c2x.common.crypto.DefaultCryptoManager.symmetricDecryptIEEE1609_2_2017(DefaultCryptoManager.java:831)
at org.certificateservices.custom.c2x.ieee1609dot2.generator.SecuredDataGenerator.decryptDataWithSecretKey(SecuredDataGenerator.java:459)
at org.certificateservices.custom.c2x.ieee1609dot2.generator.SecuredDataGenerator.decryptData(SecuredDataGenerator.java:475)
at org.certificateservices.custom.c2x.etsits102941.v131.generator.ETSITS102941MessagesCaGenerator.decryptAndVerifyEnrolmentResponseMessage(ETSITS102941MessagesCaGenerator.java:406)
... 55 more
Caused by: org.bouncycastle.crypto.InvalidCipherTextException: mac check in CCM failed
at org.bouncycastle.crypto.modes.CCMBlockCipher.processPacket(CCMBlockCipher.java:343)
at org.bouncycastle.crypto.modes.CCMBlockCipher.doFinal(CCMBlockCipher.java:146)
at org.certificateservices.custom.c2x.common.crypto.DefaultCryptoManager.symmetricDecryptIEEE1609_2_2017(DefaultCryptoManager.java:829)
... 58 more

`

I have been told that a similar issue happened during the last year's ETSI plug test. Any hints?

Hi ,

I am trying to generate certificates using c2c-common-0.9.8. Maven and grails are also installed.
But when I try to run ITSDemo.java through eclipse, it is showing " Cannot find class 'junit.framework.TestCase' on project build path. " some Build Path Problem.
I am stuck at this point. Please help me to proceed further.
I set proxy in pom.xml of Maven and it is building successfully when " mvn install " is given.

I modified the ITSDemo.java file to write generated CA/Certs/Keys/Messages to a file.

The ITSDemo.java JUnit test passes - output looks good

I am trying to use the following site as referenced in the documentation to verify the output

https://werkzeug.dcaiti.tu-berlin.de/etsi/ts103097/

No matter what data I enter here from the output of the ITSDemo test will not validate. Is there any more information on how /what to take from the generated output so that it can be successfully validated.

best regards

Patrick