[Nfd-dev] ndn-cxx raw signing and verification

Alex Afanasyev aa at cs.fiu.edu
Mon Dec 18 17:55:27 PST 2017 


> On Dec 18, 2017, at 5:27 PM, Junxiao Shi <shijunxiao at email.arizona.edu> wrote:
> 
> Dear folks
> 
> I'm trying to understand the inner workings of ndn-cxx's signature format, in order to use it on one of my toys.
> OS is Ubuntu 16.04. ndn-cxx repository is at commit 7f01247b5bc75d9416e22828b72976abd57f16a9.
> 
> I have the following code snippet:
> // g++ -std=c++11 -o x x.cpp $(pkg-config --cflags --libs libndn-cxx)
> 
> #include <iostream>
> #include <ndn-cxx/security/v2/key-chain.hpp>
> #include <ndn-cxx/security/verification-helpers.hpp>
> 
> int main() {
>   uint8_t input[12];
>   memcpy(input, "hello world.", sizeof(input));
> 
>   ndn::KeyChain keyChain;
>   auto sig = keyChain.sign(input, sizeof(input));
>   sig.encode();
> 
>   auto pubkey = keyChain.getPib().getDefaultIdentity().getDefaultKey().getPublicKey();
>   bool res = ndn::security::verifySignature(input, sizeof(input), sig.wire(), sig.size(), pubkey.data(), pubkey.size());

keyChain.sign() return SignatureValue TLV, so change the above to

bool res = ndn::security::verifySignature(input, sizeof(input),
                                          sig.value(), sig.value_size(),   // value bits are the actual signature
                                          pubkey.data(), pubkey.size());

--
Alex


>   std::cout << res;
> }
> This code snippet uses the default key to sign a message "hello world.", and then verify the signature using the same key.
> 
> I started with a clean $HOME/.ndn directory, and I have a single EC key as the default.
> $ ndnsec list -c
> * /ec
>   +->* /ec/KEY/%8E%24y%D3CX9%D1
>        +->* /ec/KEY/%8E%24y%D3CX9%D1/self/%FD%00%00%01%60d%EBV%BC
> 
> I expect the code snippet to print "1" indicating the signature is correct. However, it printed "0" indicating the signature is bad.
> I traced into ndn::security::verifySignature functions. The public key was successfully loaded from PKCS8 format, but the transforms concluded that the signature is wrong.
> I also independently verified that the signature bits are correct, using a different ECDSA implementation (namely, micro-ecc).
> 
> Can anyone help with this?
> 
> Yours, Junxiao
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev

______________
Alex Afanasyev
Assistant Professor, SCIS, Florida International University
11200 SW 8th Street, ECS Room 261B, Miami, FL 33199
phone: +1.305.348.4960 (office); email: aa at cs.fiu.edu
web: https://users.cs.fiu.edu/~afanasyev/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: Message signed with OpenPGP
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20171218/85c36d18/attachment.sig>

More information about the Nfd-dev mailing list