[Ndn-interest] [EXT] a question on validating pure sha256 in ndn-cxx validator
Junxiao Shi
shijunxiao at email.arizona.edu
Sun Mar 7 18:55:43 PST 2021
Hi Justin
ValidatorConfig does not support validation SHA256 signatures. Moreover,
the sig-type field is ignored and has no effect.
Sometime ago, I tried to update that page to match the behavior of the
code, but the maintainer won't accept my patch because the page is
apparently a "specification" rather than code documentation.
Yours, Junxiao
On Sun, Mar 7, 2021 at 9:07 PM Justin Park = 세형 via Ndn-interest <
ndn-interest at lists.cs.ucla.edu> wrote:
> *External Email*
>
> Hi all,
>
>
> Last Friday, I was working with NDN-CXX (0.7.0) for
> rsa-sha256, ecdsa-sha256, and sha256 validation.
>
> The first two (rsa-sha256, ecdsa-256) had no trouble, but I had some
> issues with sha256.
>
> Of course, I followed the instruction below:
>
>
> https://named-data.net/doc/ndn-cxx/current/tutorials/security-validator-config.html
>
>
> checker
>
> {
>
> type customized
>
> sig-type sha256
>
> key-locator
>
> {
>
> type name
>
> name /localhost/identity/digest-sha256
>
> relation equal
>
> }
>
> }
>
>
> However, when I tried something with sig-type sha256, I got “Internal
> implementation error.”
>
>
> %9Bhq%A82%5B%AF%22%A7G%5E%B7%16%7C%1F8%93%AC?Nonce=f0547aea from forwarder
>
>
> 1615167042.071117 DEBUG: [ndn.Face] <I /data/4?MustBeFresh&Nonce=8f696b08
>
>
> 1615167042.071596 DEBUG: [ndn.Face] >D /data/4
>
>
> 1615167042.071643 DEBUG: [ndn.Face] satisfying
> /data/4?MustBeFresh&Nonce=8f696b08 from app
>
> 1615167042.071655 DEBUG: [ndn.security.Validator] > Start validating data
> /data/4
>
> 1615167042.071660 TRACE: [ndn.security.validator_config.Rule] Trying to
> match /data/4
>
> 1615167042.071675 TRACE: [ndn.security.validator_config.Rule] Trying to
> check /data/4 with keyLocator /localhost/id│
>
> entity/digest-sha256
>
>
> 1615167042.073762 DEBUG: [ndn.security.ValidationState] > Internal
> implementation error (Validator/policy did not invoke success or failure
> callback)
>
>
> To find the cause of errors, I followed the ndn-cxx source code from
> Validator::validate, to ValidationPolicyConfig::checkPolicy
>
> to getKeyLocatorName, to Checker::check, to extractIdentityFromKeyName.
>
> And I tentatively concluded that ndn-cxx doesn’t have the facility to
> validate pure “sha256” in the same manner as rsa-sha256 and ecdsa-sha256.
>
>
> I also checked out ndn-cxx have verifyDigest in verification-helper.cpp,
> but verfiyDigest is only referenced in unit test codes.
>
>
> My question is whether my speculation is rightand I also want to know the
> status and future plans regarding sha256 verification in Validator.
>
>
> Thank you,
>
>
> Justin
>
>
>
> ===================================
>
> const Name&
>
> SigningInfo::getDigestSha256Identity()
>
> {
>
> static Name digestSha256Identity("/localhost/identity/digest-sha256");
>
> return digestSha256Identity;
>
> }
>
>
> ===================================
>
> Name
>
> extractIdentityFromKeyName(const Name& keyName)
>
> {
>
> if (!isValidKeyName(keyName)) {
>
> NDN_THROW(std::invalid_argument("Key name `" + keyName.toUri() + "` "
>
> "does not respect the naming
> conventions"));
>
> }
>
>
> return keyName.getPrefix(-Certificate::MIN_KEY_NAME_LENGTH); // trim
> everything after and including "KEY"
>
> }
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20210307/8619b821/attachment-0001.html>
More information about the Ndn-interest
mailing list