[Ndn-interest] [EXT] a question on validating pure sha256 in ndn-cxx validator

Sun Mar 7 18:55:43 PST 2021

Hi Justin

ValidatorConfig does not support validation SHA256 signatures. Moreover,
the sig-type field is ignored and has no effect.

Sometime ago, I tried to update that page to match the behavior of the
code, but the maintainer won't accept my patch because the page is
apparently a "specification" rather than code documentation.

Yours, Junxiao

On Sun, Mar 7, 2021 at 9:07 PM Justin Park = 세형 via Ndn-interest <
ndn-interest at lists.cs.ucla.edu> wrote:

> *External Email*
>
> Hi all,
>
>
> Last Friday, I was working with NDN-CXX (0.7.0) for
> rsa-sha256, ecdsa-sha256, and sha256 validation.
>
> The first two (rsa-sha256, ecdsa-256) had no trouble, but I had some
> issues with sha256.
>
> Of course, I followed the instruction below:
>
>
> https://named-data.net/doc/ndn-cxx/current/tutorials/security-validator-config.html
>
>
>   checker
>
>   {
>
>     type customized
>
>     sig-type sha256
>
>     key-locator
>
>     {
>
>       type name
>
>       name /localhost/identity/digest-sha256
>
>       relation equal
>
>     }
>
>   }
>
>
> However, when I tried something with sig-type sha256, I got “Internal
> implementation error.”
>
>
> %9Bhq%A82%5B%AF%22%A7G%5E%B7%16%7C%1F8%93%AC?Nonce=f0547aea from forwarder
>
>
> 1615167042.071117 DEBUG: [ndn.Face] <I /data/4?MustBeFresh&Nonce=8f696b08
>
>
> 1615167042.071596 DEBUG: [ndn.Face] >D /data/4
>
>
> 1615167042.071643 DEBUG: [ndn.Face]    satisfying
> /data/4?MustBeFresh&Nonce=8f696b08 from app
>
> 1615167042.071655 DEBUG: [ndn.security.Validator] > Start validating data
> /data/4
>
> 1615167042.071660 TRACE: [ndn.security.validator_config.Rule] Trying to
> match /data/4
>
> 1615167042.071675 TRACE: [ndn.security.validator_config.Rule] Trying to
> check /data/4 with keyLocator /localhost/id│
>
> entity/digest-sha256
>
>
> 1615167042.073762 DEBUG: [ndn.security.ValidationState] > Internal
> implementation error (Validator/policy did not invoke success or failure
> callback)
>
>
> To find the cause of errors, I followed the ndn-cxx source code from
> Validator::validate, to ValidationPolicyConfig::checkPolicy
>
> to getKeyLocatorName, to Checker::check, to extractIdentityFromKeyName.
>
> And I tentatively concluded that ndn-cxx doesn’t have the facility to
> validate pure “sha256” in the same manner as rsa-sha256 and ecdsa-sha256.
>
>
> I also checked out ndn-cxx have verifyDigest in verification-helper.cpp,
> but verfiyDigest is only referenced in unit test codes.
>
>
> My question is whether my speculation is rightand I also want to know the
> status and future plans regarding sha256 verification in Validator.
>
>
> Thank you,
>
>
> Justin
>
>
>
> ===================================
>
> const Name&
>
> SigningInfo::getDigestSha256Identity()
>
> {
>
>   static Name digestSha256Identity("/localhost/identity/digest-sha256");
>
>   return digestSha256Identity;
>
> }
>
>
> ===================================
>
> Name
>
> extractIdentityFromKeyName(const Name& keyName)
>
> {
>
>   if (!isValidKeyName(keyName)) {
>
>     NDN_THROW(std::invalid_argument("Key name `" + keyName.toUri() + "` "
>
>                                     "does not respect the naming
> conventions"));
>
>   }
>
>
>   return keyName.getPrefix(-Certificate::MIN_KEY_NAME_LENGTH); // trim
> everything after and including "KEY"
>
> }
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20210307/8619b821/attachment-0001.html>