[Nfd-dev] [EXT]Re: Try NDNCERT (based on Interest-Data exchange) and get an NDN certificate today

Junxiao Shi shijunxiao at email.arizona.edu
Thu Feb 18 05:22:28 PST 2021 

Hi Zhiyi

I'm finally able to obtain a certificate from your CA.
However, there are still a few remaining issues.

Missing prefix registration of issued certificate
Currently, it's impossible to retrieve an issued certificate unless the
requester is directly connected to the CA host.
To solve this issue, the CA needs to perform a prefix registration for each
certificate, and use Origin=0x41 in the registration. This would cause
local NLSR to initiate a routing announcement on each certificate name, so
that the certificate is reachable from anywhere on the network.
This prefix registration should be deleted when the certificate falls out
of CA's issued certificate cache, which also withdraws the routing
announcement.

decryptionIv check
The IV check code is now:
https://github.com/Zhiyi-Zhang/ndncert/blob/de58e605fe26391833c883f1927f7f4cdc226e5b/src/detail/crypto-helpers.cpp#L404-L415
  if (decryptionIv.empty()) {
    decryptionIv = currentIv;
  }
  else {
    if (loadBigU32(currentIv, 8) < loadBigU32(decryptionIv, 8)) {
      NDN_THROW(std::runtime_error("Error when decrypting the AES Encrypted
Block: "
                                   "The observed IV is incorrectly
formed."));
    }
    else {
      decryptionIv = currentIv;
    }
  }

The counter check is correct, but it still fails to fulfill these two
requirements in the protocol:

   - The random value portion chosen by the requester must be different
   from the random value portion chosen by the CA.
   - The random value portion in every message from the requester must be
   the same.


Crypto timing vulnerability
There is timing vulnerability in ECDHState::deriveSecret, hkdf,
aesGcm128Decrypt functions.
https://github.com/Zhiyi-Zhang/ndncert/blob/de58e605fe26391833c883f1927f7f4cdc226e5b/src/detail/crypto-helpers.cpp
These functions should not check return values or throw errors in the
middle, but can only do one check at the end.

Yours, Junxiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20210218/798896f3/attachment.html>

More information about the Nfd-dev mailing list