Limitation of ASN.1 encoding and decoding for tagged objects of the private class.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Limitation of ASN.1 encoding and decoding for tagged objects of the private class.

Matt S
Using bc-java, the following test demonstrates how the Bouncycastle API does not support the private class of tags.

    public void readPrivateTaggedObject() throws IOException {
        int privateClass = 0x80;
        int tagNo = 0x40;
        byte[] rawPrivateClassTaggedObject = {
                (byte) ((privateClass | tagNo) & 0xff), // C0
                0x1, // length
                0x1  // value
        }; // { 0xC0, 1, 1 }

        ASN1InputStream asn1InputStream = new ASN1InputStream(rawPrivateClassTaggedObject);
        ASN1Primitive bouncycastleModel = asn1InputStream.readObject();
        byte[] bouncycastleModelEncoded = bouncycastleModel.getEncoded(); // { 0x40, 1, 1 }

        Assert.assertArrayEquals(rawPrivateClassTaggedObject, bouncycastleModelEncoded); // fails

A TLV defined as:
    example [PRIVATE 0] OCTET STRING

And a value of '01' should be DER encoded as:


Bouncycastle decodes this private tagged object as DERApplicationSpecific, ignoring the fact that bit 7 is also set:


Class            Bit 8 Bit 7
Universal        0     0
Application      0     1
Context-specific 1     0
Private          1     1

Creating a TLV with the private class using the BC API is also not possible as far as I can see.

Is this shortcoming considered a bug or is there reason not to support private class ASN.1 tags?
Is this an appropriate use of the API?
Is it worth rebuilding the signed JAR in order to "fix" the ASN1ApplicationSpecific class and also to support tagged objects with a private class tag? Would such a patch/pull-request be considered for acceptance?

Best Regards,
Matt Smiglarski