[Ndn-interest] a question on validating pure sha256 in ndn-cxx validator

Justin Park = 세형 justin.labry at gmail.com
Mon Mar 8 00:59:05 PST 2021 

Thank you Junxiao for the crystal clear explanation.
Alex, I tried the latest version (master) of ndn-cxx and nfd, but the
result was exactly the same.
I'll try to look into the source code and see what I can do about the
sha256 patch.

Justin

On Mon, Mar 8, 2021 at 12:23 PM Alex Afanasyev <aa at cs.fiu.edu> wrote:

> Hi Justin,
>
> Thanks for debugging.  Using validator for sha256 (not really a valid
> signature) may not make too much sense, but we did some fixing in the
> checker that should get a bit farther (it was actually in the currently the
> last commit of the master branch).   You may want to re-check with the
> latest commit and see if it fixes your problem, if not, hope you can make
> and submit a patch.
>
> -
> Alex
>
> On Mar 7, 2021, at 9:06 PM, Justin Park = 세형 via Ndn-interest <
> ndn-interest at lists.cs.ucla.edu> wrote:
>
> Hi all,
>
> Last Friday, I was working with NDN-CXX (0.7.0) for
> rsa-sha256, ecdsa-sha256, and sha256 validation.
> The first two (rsa-sha256, ecdsa-256) had no trouble, but I had some
> issues with sha256.
> Of course, I followed the instruction below:
>
> https://named-data.net/doc/ndn-cxx/current/tutorials/security-validator-config.html
>
>   checker
>   {
>     type customized
>     sig-type sha256
>     key-locator
>     {
>       type name
>       name /localhost/identity/digest-sha256
>       relation equal
>     }
>   }
>
> However, when I tried something with sig-type sha256, I got “Internal
> implementation error.”
>
> %9Bhq%A82%5B%AF%22%A7G%5E%B7%16%7C%1F8%93%AC?Nonce=f0547aea from forwarder
>
> 1615167042.071117 DEBUG: [ndn.Face] <I /data/4?MustBeFresh&Nonce=8f696b08
>
> 1615167042.071596 DEBUG: [ndn.Face] >D /data/4
>
> 1615167042.071643 DEBUG: [ndn.Face]    satisfying
> /data/4?MustBeFresh&Nonce=8f696b08 from app
> 1615167042.071655 DEBUG: [ndn.security.Validator] > Start validating data
> /data/4
> 1615167042.071660 TRACE: [ndn.security.validator_config.Rule] Trying to
> match /data/4
> 1615167042.071675 TRACE: [ndn.security.validator_config.Rule] Trying to
> check /data/4 with keyLocator /localhost/id│
> entity/digest-sha256
>
> 1615167042.073762 DEBUG: [ndn.security.ValidationState] > Internal
> implementation error (Validator/policy did not invoke success or failure
> callback)
>
> To find the cause of errors, I followed the ndn-cxx source code from
> Validator::validate, to ValidationPolicyConfig::checkPolicy
> to getKeyLocatorName, to Checker::check, to extractIdentityFromKeyName.
> And I tentatively concluded that ndn-cxx doesn’t have the facility to
> validate pure “sha256” in the same manner as rsa-sha256 and ecdsa-sha256.
>
> I also checked out ndn-cxx have verifyDigest in verification-helper.cpp,
> but verfiyDigest is only referenced in unit test codes.
>
> My question is whether my speculation is rightand I also want to know the
> status and future plans regarding sha256 verification in Validator.
>
> Thank you,
>
> Justin
>
>
> ===================================
> const Name&
> SigningInfo::getDigestSha256Identity()
> {
>   static Name digestSha256Identity("/localhost/identity/digest-sha256");
>   return digestSha256Identity;
> }
>
> ===================================
> Name
> extractIdentityFromKeyName(const Name& keyName)
> {
>   if (!isValidKeyName(keyName)) {
>     NDN_THROW(std::invalid_argument("Key name `" + keyName.toUri() + "` "
>                                     "does not respect the naming
> conventions"));
>   }
>
>   return keyName.getPrefix(-Certificate::MIN_KEY_NAME_LENGTH); // trim
> everything after and including "KEY"
> }
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>
>
> ______________
> Alex Afanasyev
> Assistant Professor, SCIS, Florida International University
> 11200 SW 8th Street, PG6 Room 140D, Miami, FL 33199
> phone: +1.305.348.4960 (office); email: aa at cs.fiu.edu <aa at cs.fiu.edu>
> web: https://users.cs.fiu.edu/~afanasyev/
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20210308/2e4dad85/attachment-0001.html>

More information about the Ndn-interest mailing list