Skip to content

Add asn.1 definitions#127

Draft
nicorusti wants to merge 1 commit intomainfrom
asn-1
Draft

Add asn.1 definitions#127
nicorusti wants to merge 1 commit intomainfrom
asn-1

Conversation

@nicorusti
Copy link
Copy Markdown
Member

@nicorusti nicorusti commented Mar 19, 2026

Resolves #28

@nicorusti nicorusti changed the title draft asn.1 TRC definition Add asn.1 definitions Mar 19, 2026
nicorusti
nicorusti commented Mar 19, 2026
View reviewed changes
asn1/trc.asn1
Comment on lines +1 to +4
SCION-CP-PKI-TRC {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-scion-pki-trc(99)
}
Copy link
Copy Markdown
Member Author

@nicorusti nicorusti Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure about this section

@nicorusti
Copy link
Copy Markdown
Member Author

nicorusti commented Mar 19, 2026
edited
Loading

I tried to build an ASN.1 module for TRCs based on what is in docs and in the draft already, then use it to verify that the SSFN & SSUN TRCs can somehow be verified. I used code generated by the ASN.1 compiler asn1c. I think what is on docs is outdated and that there are some differences.

This is what I did:

  1. Compile the ASN.1 module (note that I also had to feed PKIX1Explicit88 containing ASN.1 modules from RFC 3280
asn1c -pdu=TRCPayload ../PKIX1Explicit88.asn1 ../trc.asn1
make -f Makefile.am.sample
  1. In the TRC, find the offset where CMS data is: Look at the output for an OCTET STRING that appears shortly after the pkcs7-data object identifier. It will have an offset number on the far left (for example, 60).
sed 's/BEGIN TRC/BEGIN CMS/g; s/END TRC/END CMS/g' ': sed 's/BEGIN TRC/BEGIN CMS/g; s/END TRC/END CMS/g' ISD76-495dd7abbc765925299032679fc61b79.bundle | openssl asn1parse -inform PEM -strparse 60 -out ssun_trc.der -noout
  1. Extract the payload using that offset
sed 's/BEGIN TRC/BEGIN CMS/g; s/END TRC/END CMS/g' SD76-495dd7abbc765925299032679fc61b79.bundle | openssl asn1parse -inform PEM -strparse 60 -out ssun_trc.der -noout
  1. Check if the compiled ASN.1 module can verify the TRC content. Here I get stuck, likely because the ASN.1 module does not match the TRC
./progname -d  -iber -otext ../ssun_trc.der
AD: Processing ../ssun_trc.der
AD: Decoding 8192 bytes
AD: decode(0) consumed 65+0b (8192), code 2
AD: Clean up partially decoded structure
AD: ofp 1, no=65, oo=0, dbl=0
../ssun_trc.der: Decode failed past byte 65: Input processing error

Looking at the TRC content, I see a few things that maybe don't match the ASN.1 module (see comments). I got as far as this, I need support from someone more familiar with this.

nicorusti
nicorusti commented Mar 19, 2026
View reviewed changes
asn1/trc.asn1
TRCPayload ::= SEQUENCE {
version TRCFormatVersion,
iD TRCID,
validity Validity,
Copy link
Copy Markdown
Member Author

@nicorusti nicorusti Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the version on docs.scion.org, Validity his is defined, while it can perhaps be imported.

nicorusti
nicorusti commented Mar 19, 2026
View reviewed changes
asn1/trc.asn1
ISD ::= INTEGER (1..65535)


ASN ::= INTEGER (1..281474976710655)
Copy link
Copy Markdown
Member Author

@nicorusti nicorusti Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AS numbers in TRCs seems using a PRINTABLESTRING while the ASN.1 module uses INTEGER (1..281474976710655)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ASN.1 Module for new types

1 participant

@nicorusti