[Ndn-interest] a question on validating pure sha256 in ndn-cxx validator

Justin Park = 세형 justin.labry at gmail.com
Sun Mar 7 18:06:39 PST 2021 

Hi all,


Last Friday, I was working with NDN-CXX (0.7.0) for
rsa-sha256, ecdsa-sha256, and sha256 validation.

The first two (rsa-sha256, ecdsa-256) had no trouble, but I had some issues
with sha256.

Of course, I followed the instruction below:

https://named-data.net/doc/ndn-cxx/current/tutorials/security-validator-config.html


  checker

  {

    type customized

    sig-type sha256

    key-locator

    {

      type name

      name /localhost/identity/digest-sha256

      relation equal

    }

  }


However, when I tried something with sig-type sha256, I got “Internal
implementation error.”


%9Bhq%A82%5B%AF%22%A7G%5E%B7%16%7C%1F8%93%AC?Nonce=f0547aea from forwarder


1615167042.071117 DEBUG: [ndn.Face] <I /data/4?MustBeFresh&Nonce=8f696b08


1615167042.071596 DEBUG: [ndn.Face] >D /data/4


1615167042.071643 DEBUG: [ndn.Face]    satisfying
/data/4?MustBeFresh&Nonce=8f696b08 from app

1615167042.071655 DEBUG: [ndn.security.Validator] > Start validating data
/data/4

1615167042.071660 TRACE: [ndn.security.validator_config.Rule] Trying to
match /data/4

1615167042.071675 TRACE: [ndn.security.validator_config.Rule] Trying to
check /data/4 with keyLocator /localhost/id│

entity/digest-sha256


1615167042.073762 DEBUG: [ndn.security.ValidationState] > Internal
implementation error (Validator/policy did not invoke success or failure
callback)


To find the cause of errors, I followed the ndn-cxx source code from
Validator::validate, to ValidationPolicyConfig::checkPolicy

to getKeyLocatorName, to Checker::check, to extractIdentityFromKeyName.

And I tentatively concluded that ndn-cxx doesn’t have the facility to
validate pure “sha256” in the same manner as rsa-sha256 and ecdsa-sha256.


I also checked out ndn-cxx have verifyDigest in verification-helper.cpp,
but verfiyDigest is only referenced in unit test codes.


My question is whether my speculation is rightand I also want to know the
status and future plans regarding sha256 verification in Validator.


Thank you,


Justin



===================================

const Name&

SigningInfo::getDigestSha256Identity()

{

  static Name digestSha256Identity("/localhost/identity/digest-sha256");

  return digestSha256Identity;

}


===================================

Name

extractIdentityFromKeyName(const Name& keyName)

{

  if (!isValidKeyName(keyName)) {

    NDN_THROW(std::invalid_argument("Key name `" + keyName.toUri() + "` "

                                    "does not respect the naming
conventions"));

  }


  return keyName.getPrefix(-Certificate::MIN_KEY_NAME_LENGTH); // trim
everything after and including "KEY"

}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20210308/7d5ebf0e/attachment.html>

More information about the Ndn-interest mailing list