Closed husnaini798 closed 1 year ago
Hi @husnaini798,
Fast-DDS implements OMG DDS Security Standard Specification. The issue may has to do with some formatting or missing tags. Please, re-check it again with the proposed examples and templates found there.
According to our CONTRIBUTING.md guidelines, I am closing this issue due to inactivity. Please, feel free to reopen it if necessary.
Is there an already existing issue for this?
Expected behavior
Trying to check FastDDS and CycloneDDS , interoperability with security turned on.
Results should be :
Now, Cyclone subscriber and FastDDS publisher works fine. But if FastDDS is subscribing and Cyclone tries to publish, we see the following error:
Current behavior
/dev/cyclone-C-security-helloworld$ ./HelloworldPublisher === [Publisher] Waiting for a reader to be discovered ... 1674445166.046838 [0] fsm: Begin handshake reply failed: Failed to convert octet sequence to ASN1 integer: 140077165520640:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1149: 140077165520640:error:0D06C03A:asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../crypto/asn1/tasn_dec.c:713: (code: 200) 1674445167.047152 [0] fsm: Begin handshake reply failed: Failed to convert octet sequence to ASN1 integer: 140077165520640:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1149: 140077165520640:error:0D06C03A:asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../crypto/asn1/tasn_dec.c:713: (code: 200) 1674445168.052006 [0] fsm: Begin handshake reply failed: Failed to convert octet sequence to ASN1 integer: 140077165520640:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1149: 140077165520640:error:0D06C03A:asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../crypto/asn1/tasn_dec.c:713: (code: 200)
We've used the same maincacert.pem, maincakey.pem, governance.smime, permissions.smime, mainpubcert.pem, mainpubkey.pem, mainsubcert.pem and mainsubkey.pem, on both sides, but for some reason when Cyclone tries to publish to FastDDS, we get the error message above.
Steps to reproduce
Asked the same question on Cyclone DDS forum and the contributor replied : " That probably means that Fast-DDS isn't sending a key in ASN1 format. The spec only says public keys are to be encoded on the wire as "The CDR Big Endian Serialization of a Diffie-Hellman Public Key". That's completely undefined gobbledygook.
Cyclone follows Vortex OpenSplice in using an ASN.1 encoded public key, because that at least is standardised. I suspect Fast-DDS isn't doing that.
One reason for that suspicion is that at least at some point in the past some DDS implementations just used OpenSSL's BN_bn2bin (or similar, I am not 100% sure). That simply converts to an unspecified, internal to OpenSSL representation, but that's by definition completely unsuited to an on-the-wire representation of a multi-vendor, multi-crypto-implementation, multi-architecture middleware. It could be that FastDDS is one those and hasn't mended its ways. "
Could you please assist with this issue and let me know where the problem might be?
thanks
Fast DDS version/commit
version 2.8.1
Platform/Architecture
Ubuntu Focal 20.04 amd64
Transport layer
Default configuration, UDPv4 & SHM
Additional context
No response
XML configuration file
I also tried to regenerate the all the required certificates again and use the same certs on both sides (just changing the mainsubcert/key.pem and mainputcert/key.pem was changed in the code for the corresponding publisher or subscriber). The commands were
The permissions.xml used was
The governance.xml used was: