[Ndn-interest] a question on validating pure sha256 in ndn-cxx validator
Alex Afanasyev
aa at cs.fiu.edu
Sun Mar 7 19:23:00 PST 2021
Hi Justin,
Thanks for debugging. Using validator for sha256 (not really a valid signature) may not make too much sense, but we did some fixing in the checker that should get a bit farther (it was actually in the currently the last commit of the master branch). You may want to re-check with the latest commit and see if it fixes your problem, if not, hope you can make and submit a patch.
-
Alex
> On Mar 7, 2021, at 9:06 PM, Justin Park = 세형 via Ndn-interest <ndn-interest at lists.cs.ucla.edu> wrote:
>
> Hi all,
>
> Last Friday, I was working with NDN-CXX (0.7.0) for rsa-sha256, ecdsa-sha256, and sha256 validation.
> The first two (rsa-sha256, ecdsa-256) had no trouble, but I had some issues with sha256.
> Of course, I followed the instruction below:
> https://named-data.net/doc/ndn-cxx/current/tutorials/security-validator-config.html <https://named-data.net/doc/ndn-cxx/current/tutorials/security-validator-config.html>
>
> checker
> {
> type customized
> sig-type sha256
> key-locator
> {
> type name
> name /localhost/identity/digest-sha256
> relation equal
> }
> }
>
> However, when I tried something with sig-type sha256, I got “Internal implementation error.”
>
> %9Bhq%A82%5B%AF%22%A7G%5E%B7%16%7C%1F8%93%AC?Nonce=f0547aea from forwarder
> 1615167042.071117 DEBUG: [ndn.Face] <I /data/4?MustBeFresh&Nonce=8f696b08
> 1615167042.071596 DEBUG: [ndn.Face] >D /data/4
> 1615167042.071643 DEBUG: [ndn.Face] satisfying /data/4?MustBeFresh&Nonce=8f696b08 from app
> 1615167042.071655 DEBUG: [ndn.security.Validator] > Start validating data /data/4
> 1615167042.071660 TRACE: [ndn.security.validator_config.Rule] Trying to match /data/4
> 1615167042.071675 TRACE: [ndn.security.validator_config.Rule] Trying to check /data/4 with keyLocator /localhost/id│
> entity/digest-sha256
> 1615167042.073762 DEBUG: [ndn.security.ValidationState] > Internal implementation error (Validator/policy did not invoke success or failure callback)
>
> To find the cause of errors, I followed the ndn-cxx source code from Validator::validate, to ValidationPolicyConfig::checkPolicy
> to getKeyLocatorName, to Checker::check, to extractIdentityFromKeyName.
> And I tentatively concluded that ndn-cxx doesn’t have the facility to validate pure “sha256” in the same manner as rsa-sha256 and ecdsa-sha256.
>
> I also checked out ndn-cxx have verifyDigest in verification-helper.cpp, but verfiyDigest is only referenced in unit test codes.
>
> My question is whether my speculation is rightand I also want to know the status and future plans regarding sha256 verification in Validator.
>
> Thank you,
>
> Justin
>
>
> ===================================
> const Name&
> SigningInfo::getDigestSha256Identity()
> {
> static Name digestSha256Identity("/localhost/identity/digest-sha256");
> return digestSha256Identity;
> }
>
> ===================================
> Name
> extractIdentityFromKeyName(const Name& keyName)
> {
> if (!isValidKeyName(keyName)) {
> NDN_THROW(std::invalid_argument("Key name `" + keyName.toUri() + "` "
> "does not respect the naming conventions"));
> }
>
> return keyName.getPrefix(-Certificate::MIN_KEY_NAME_LENGTH); // trim everything after and including "KEY"
> }
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
______________
Alex Afanasyev
Assistant Professor, SCIS, Florida International University
11200 SW 8th Street, PG6 Room 140D, Miami, FL 33199
phone: +1.305.348.4960 (office); email: aa at cs.fiu.edu
web: https://users.cs.fiu.edu/~afanasyev/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20210307/6a11452e/attachment.html>
More information about the Ndn-interest
mailing list