search

named-data / python-ndn

An NDN client library with AsyncIO support in Python 3
https://python-ndn.readthedocs.io/en/latest
Apache License 2.0
24 stars 17 forks source link

Incorrect ECDSA signature #3

Closed yoursunny closed 4 years ago

yoursunny commented 4 years ago

According to NDN Packet Format:

The value of SignatureValue of SignatureSha256WithEcdsa is a DER encoded ECDSA signature as defined in Section 2.2.3 in RFC 3279.

However, Sha256WithEcdsaSigner is generating raw signature that concatenates "r" and "s".

Snippet to reproduce:

from Cryptodome.PublicKey import ECC
from ndn.encoding import make_data, MetaInfo
from ndn.security import Sha256WithEcdsaSigner

key = ECC.generate(curve="P-256").export_key(format="DER")
signer = Sha256WithEcdsaSigner("/K/KEY/x", key)

pkt = make_data("/A", MetaInfo(), signer=signer)
print(pkt.hex())

Generated packet:

0660
  0703
    080141
  1403
    180100
  1612
    1b0102
    1c0d
      070b
        08014b
        08034b4559
        080178
  1740
    0411d1fb389287ec1f6a6c2cbfc8d183bf9921dbf2b30dbd423f1b2e6fac7ff92f63425baecd7dd96b459803a1861dab3156a4b74afc8156aac78a219f4de810

The signature cannot be decoded as ASN1 SEQUENCE.

zjkmxy commented 4 years ago

Thank you for this comment! I haven't tested ECDSA and HMAC Signer actually. RSA and DigestSHA256 should be correct.