[Ndn-interest] a question on validating pure sha256 in ndn-cxx validator
Justin Park = 세형
justin.labry at gmail.com
Sun Mar 7 18:06:39 PST 2021
Hi all,
Last Friday, I was working with NDN-CXX (0.7.0) for
rsa-sha256, ecdsa-sha256, and sha256 validation.
The first two (rsa-sha256, ecdsa-256) had no trouble, but I had some issues
with sha256.
Of course, I followed the instruction below:
https://named-data.net/doc/ndn-cxx/current/tutorials/security-validator-config.html
checker
{
type customized
sig-type sha256
key-locator
{
type name
name /localhost/identity/digest-sha256
relation equal
}
}
However, when I tried something with sig-type sha256, I got “Internal
implementation error.”
%9Bhq%A82%5B%AF%22%A7G%5E%B7%16%7C%1F8%93%AC?Nonce=f0547aea from forwarder
1615167042.071117 DEBUG: [ndn.Face] <I /data/4?MustBeFresh&Nonce=8f696b08
1615167042.071596 DEBUG: [ndn.Face] >D /data/4
1615167042.071643 DEBUG: [ndn.Face] satisfying
/data/4?MustBeFresh&Nonce=8f696b08 from app
1615167042.071655 DEBUG: [ndn.security.Validator] > Start validating data
/data/4
1615167042.071660 TRACE: [ndn.security.validator_config.Rule] Trying to
match /data/4
1615167042.071675 TRACE: [ndn.security.validator_config.Rule] Trying to
check /data/4 with keyLocator /localhost/id│
entity/digest-sha256
1615167042.073762 DEBUG: [ndn.security.ValidationState] > Internal
implementation error (Validator/policy did not invoke success or failure
callback)
To find the cause of errors, I followed the ndn-cxx source code from
Validator::validate, to ValidationPolicyConfig::checkPolicy
to getKeyLocatorName, to Checker::check, to extractIdentityFromKeyName.
And I tentatively concluded that ndn-cxx doesn’t have the facility to
validate pure “sha256” in the same manner as rsa-sha256 and ecdsa-sha256.
I also checked out ndn-cxx have verifyDigest in verification-helper.cpp,
but verfiyDigest is only referenced in unit test codes.
My question is whether my speculation is rightand I also want to know the
status and future plans regarding sha256 verification in Validator.
Thank you,
Justin
===================================
const Name&
SigningInfo::getDigestSha256Identity()
{
static Name digestSha256Identity("/localhost/identity/digest-sha256");
return digestSha256Identity;
}
===================================
Name
extractIdentityFromKeyName(const Name& keyName)
{
if (!isValidKeyName(keyName)) {
NDN_THROW(std::invalid_argument("Key name `" + keyName.toUri() + "` "
"does not respect the naming
conventions"));
}
return keyName.getPrefix(-Certificate::MIN_KEY_NAME_LENGTH); // trim
everything after and including "KEY"
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20210308/7d5ebf0e/attachment.html>
More information about the Ndn-interest
mailing list