search

named-data-iot / ndn-lite

A lightweight NDN protocol stack with high-level application support including security bootstrapping, access control, trust management, etc.
https://ndn-lite.named-data.net
GNU Lesser General Public License v3.0
44 stars 16 forks source link

ndn_lite_default_ecdsa_sign wrong signature encoding #16

Closed yoursunny closed 5 years ago

yoursunny commented 5 years ago

As of a4dcb80458dff521ac8767b0e0067c1e14fab98, ndn_lite_default_ecdsa_sign invokes uECC_sign to create a signature and uses it directly as TLV-VALUE of SignatureValue.

In NDN Packet Format 0.3,

The value of SignatureValue of SignatureSha256WithEcdsa is a DER encoded DSA signature as defined in Section 2.2.3 in RFC 3279.

However, the signature created by uECC_sign is in raw format, not DER format.

To solve this issue, transform the raw format signature into DER format through an ASN.1 encoder. I recommend doing this transformation in backend, but the transformation functions should be made available to all backend implementations as other backends could need them as well.

peurpdapeurp commented 5 years ago

Thank you for pointing this out; the ecdsa signatures generated and verified by ndn-lite are now in DER format, with the transformation being done in backend (ndn-lite-default-ecc-impl.c).